xmrig | 753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2024, 01:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
Size

2.8MB
MD5

8319e57956ad7ece48b48d188f06c143
SHA1

1844392979d7e5bc564c00b1beea832a4b75bb74
SHA256

753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875
SHA512

8eb3f100aa6098a699d1b76940b085970855f2738a5b764c30bfb619749ac50d84c19e6a26ced0b24d36d79e9853a2fbadabdbb11d436f587bc76d7ec04bc4f1
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1Vr5s1PTleLWrJ5I/pK:NABf

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral2/memory/4584-12-0x00007FF676770000-0x00007FF676B62000-memory.dmp	xmrig
behavioral2/memory/472-232-0x00007FF665C50000-0x00007FF666042000-memory.dmp	xmrig
behavioral2/memory/3068-238-0x00007FF718620000-0x00007FF718A12000-memory.dmp	xmrig
behavioral2/memory/2160-276-0x00007FF7F2D90000-0x00007FF7F3182000-memory.dmp	xmrig
behavioral2/memory/2980-284-0x00007FF649230000-0x00007FF649622000-memory.dmp	xmrig
behavioral2/memory/1464-285-0x00007FF63C990000-0x00007FF63CD82000-memory.dmp	xmrig
behavioral2/memory/2964-283-0x00007FF694D00000-0x00007FF6950F2000-memory.dmp	xmrig
behavioral2/memory/4368-282-0x00007FF78FDC0000-0x00007FF7901B2000-memory.dmp	xmrig
behavioral2/memory/3880-281-0x00007FF731620000-0x00007FF731A12000-memory.dmp	xmrig
behavioral2/memory/208-279-0x00007FF67D280000-0x00007FF67D672000-memory.dmp	xmrig
behavioral2/memory/3424-275-0x00007FF668F30000-0x00007FF669322000-memory.dmp	xmrig
behavioral2/memory/3984-273-0x00007FF695470000-0x00007FF695862000-memory.dmp	xmrig
behavioral2/memory/3940-272-0x00007FF742480000-0x00007FF742872000-memory.dmp	xmrig
behavioral2/memory/948-271-0x00007FF7A0A90000-0x00007FF7A0E82000-memory.dmp	xmrig
behavioral2/memory/1596-264-0x00007FF7A1E70000-0x00007FF7A2262000-memory.dmp	xmrig
behavioral2/memory/3228-231-0x00007FF64A5E0000-0x00007FF64A9D2000-memory.dmp	xmrig
behavioral2/memory/4576-237-0x00007FF768110000-0x00007FF768502000-memory.dmp	xmrig
behavioral2/memory/556-218-0x00007FF65E680000-0x00007FF65EA72000-memory.dmp	xmrig
behavioral2/memory/3512-187-0x00007FF62F030000-0x00007FF62F422000-memory.dmp	xmrig
behavioral2/memory/2440-159-0x00007FF6512F0000-0x00007FF6516E2000-memory.dmp	xmrig
behavioral2/memory/1276-158-0x00007FF7B8C40000-0x00007FF7B9032000-memory.dmp	xmrig
behavioral2/memory/4396-90-0x00007FF648A70000-0x00007FF648E62000-memory.dmp	xmrig
behavioral2/memory/3016-89-0x00007FF6D53E0000-0x00007FF6D57D2000-memory.dmp	xmrig
behavioral2/memory/3788-73-0x00007FF77E000000-0x00007FF77E3F2000-memory.dmp	xmrig
behavioral2/memory/4584-3076-0x00007FF676770000-0x00007FF676B62000-memory.dmp	xmrig
behavioral2/memory/3788-3090-0x00007FF77E000000-0x00007FF77E3F2000-memory.dmp	xmrig
behavioral2/memory/3880-3103-0x00007FF731620000-0x00007FF731A12000-memory.dmp	xmrig
behavioral2/memory/1276-3138-0x00007FF7B8C40000-0x00007FF7B9032000-memory.dmp	xmrig
behavioral2/memory/556-3128-0x00007FF65E680000-0x00007FF65EA72000-memory.dmp	xmrig
behavioral2/memory/4396-3120-0x00007FF648A70000-0x00007FF648E62000-memory.dmp	xmrig
behavioral2/memory/3016-3107-0x00007FF6D53E0000-0x00007FF6D57D2000-memory.dmp	xmrig
behavioral2/memory/472-3149-0x00007FF665C50000-0x00007FF666042000-memory.dmp	xmrig
behavioral2/memory/3512-3147-0x00007FF62F030000-0x00007FF62F422000-memory.dmp	xmrig
behavioral2/memory/3984-3202-0x00007FF695470000-0x00007FF695862000-memory.dmp	xmrig
behavioral2/memory/3940-3197-0x00007FF742480000-0x00007FF742872000-memory.dmp	xmrig
behavioral2/memory/2980-3190-0x00007FF649230000-0x00007FF649622000-memory.dmp	xmrig
behavioral2/memory/1596-3180-0x00007FF7A1E70000-0x00007FF7A2262000-memory.dmp	xmrig
behavioral2/memory/3424-3214-0x00007FF668F30000-0x00007FF669322000-memory.dmp	xmrig
behavioral2/memory/2160-3211-0x00007FF7F2D90000-0x00007FF7F3182000-memory.dmp	xmrig
behavioral2/memory/948-3210-0x00007FF7A0A90000-0x00007FF7A0E82000-memory.dmp	xmrig
behavioral2/memory/1464-3219-0x00007FF63C990000-0x00007FF63CD82000-memory.dmp	xmrig
behavioral2/memory/3228-3171-0x00007FF64A5E0000-0x00007FF64A9D2000-memory.dmp	xmrig
behavioral2/memory/2440-3167-0x00007FF6512F0000-0x00007FF6516E2000-memory.dmp	xmrig
behavioral2/memory/4576-3166-0x00007FF768110000-0x00007FF768502000-memory.dmp	xmrig
behavioral2/memory/2964-3170-0x00007FF694D00000-0x00007FF6950F2000-memory.dmp	xmrig
behavioral2/memory/3068-3159-0x00007FF718620000-0x00007FF718A12000-memory.dmp	xmrig
behavioral2/memory/208-3230-0x00007FF67D280000-0x00007FF67D672000-memory.dmp	xmrig
behavioral2/memory/1308-4046-0x00007FF77BEE0000-0x00007FF77C2D2000-memory.dmp	xmrig

Blocklisted process makes network request 7 IoCs

flow	pid	Process
3	3012	powershell.exe
5	3012	powershell.exe
7	3012	powershell.exe
8	3012	powershell.exe
10	3012	powershell.exe
11	3012	powershell.exe
13	3012	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3012	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4584	lGPGumH.exe
3880	EeGMvve.exe
3788	PpUfETw.exe
3016	ITcDATq.exe
4396	uggPnOf.exe
1276	FRFTDUM.exe
2440	SqTeLeR.exe
3512	sAfNBYh.exe
556	wecQyEN.exe
3228	Ivkloov.exe
472	PAyJPIL.exe
4576	CHlTFOi.exe
4368	BRPMjbF.exe
2964	eSnMlkA.exe
3068	smJnHIP.exe
1596	hVPGKEK.exe
948	XlfCBCk.exe
3940	iIskiIe.exe
3984	eDlGrks.exe
2980	ZQeGDKK.exe
1464	NLMaOEi.exe
3424	kkLMuVx.exe
2160	RbIttFM.exe
208	zajwsbP.exe
4540	cFAiZyX.exe
2492	KJnJiEm.exe
3280	roKLPLN.exe
3484	AitUDwz.exe
3520	MyGrwDF.exe
2000	fOcCbLQ.exe
984	ewbKQUh.exe
2124	LVztLcB.exe
1600	QZsqdYU.exe
3360	FFGEYyV.exe
220	qKKjRUR.exe
1444	VVKAXkD.exe
2116	RfXLKFR.exe
1656	gDaaLsC.exe
3716	mNEPIBI.exe
3008	UqolGPt.exe
5116	wAMvFRZ.exe
1572	PAvPElH.exe
2696	yyKPPlt.exe
3144	IfRpOcK.exe
4180	TVydSoI.exe
5084	Kcsnhkw.exe
4384	VxYJpbO.exe
2640	uWZlLLK.exe
4536	oVDoliW.exe
4404	IRZkWfg.exe
1160	EsKSjsS.exe
2952	pboiXwQ.exe
388	HAWqeaR.exe
784	xyOVCmV.exe
1056	qtMSpkh.exe
3396	lkCfQqk.exe
3924	jRHVYgB.exe
4836	cDJOvNI.exe
112	SINthws.exe
2712	sdwyZGr.exe
4636	dbFWsRf.exe
1908	GAKmfgd.exe
4084	OMGTRIo.exe
3648	bgNwPfv.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1308-0-0x00007FF77BEE0000-0x00007FF77C2D2000-memory.dmp	upx
behavioral2/files/0x00070000000234cb-8.dat	upx
behavioral2/memory/4584-12-0x00007FF676770000-0x00007FF676B62000-memory.dmp	upx
behavioral2/files/0x00070000000234cc-35.dat	upx
behavioral2/files/0x00070000000234d1-52.dat	upx
behavioral2/files/0x00070000000234d2-83.dat	upx
behavioral2/files/0x00070000000234d3-85.dat	upx
behavioral2/files/0x00070000000234d5-104.dat	upx
behavioral2/files/0x00070000000234e0-138.dat	upx
behavioral2/files/0x00070000000234df-168.dat	upx
behavioral2/files/0x00070000000234f2-193.dat	upx
behavioral2/memory/472-232-0x00007FF665C50000-0x00007FF666042000-memory.dmp	upx
behavioral2/memory/3068-238-0x00007FF718620000-0x00007FF718A12000-memory.dmp	upx
behavioral2/memory/2160-276-0x00007FF7F2D90000-0x00007FF7F3182000-memory.dmp	upx
behavioral2/memory/2980-284-0x00007FF649230000-0x00007FF649622000-memory.dmp	upx
behavioral2/memory/1464-285-0x00007FF63C990000-0x00007FF63CD82000-memory.dmp	upx
behavioral2/memory/2964-283-0x00007FF694D00000-0x00007FF6950F2000-memory.dmp	upx
behavioral2/memory/4368-282-0x00007FF78FDC0000-0x00007FF7901B2000-memory.dmp	upx
behavioral2/memory/3880-281-0x00007FF731620000-0x00007FF731A12000-memory.dmp	upx
behavioral2/memory/208-279-0x00007FF67D280000-0x00007FF67D672000-memory.dmp	upx
behavioral2/memory/3424-275-0x00007FF668F30000-0x00007FF669322000-memory.dmp	upx
behavioral2/memory/3984-273-0x00007FF695470000-0x00007FF695862000-memory.dmp	upx
behavioral2/memory/3940-272-0x00007FF742480000-0x00007FF742872000-memory.dmp	upx
behavioral2/memory/948-271-0x00007FF7A0A90000-0x00007FF7A0E82000-memory.dmp	upx
behavioral2/memory/1596-264-0x00007FF7A1E70000-0x00007FF7A2262000-memory.dmp	upx
behavioral2/memory/3228-231-0x00007FF64A5E0000-0x00007FF64A9D2000-memory.dmp	upx
behavioral2/memory/4576-237-0x00007FF768110000-0x00007FF768502000-memory.dmp	upx
behavioral2/memory/556-218-0x00007FF65E680000-0x00007FF65EA72000-memory.dmp	upx
behavioral2/files/0x00070000000234f1-192.dat	upx
behavioral2/files/0x00070000000234f0-191.dat	upx
behavioral2/files/0x00070000000234e5-189.dat	upx
behavioral2/files/0x00070000000234ef-188.dat	upx
behavioral2/memory/3512-187-0x00007FF62F030000-0x00007FF62F422000-memory.dmp	upx
behavioral2/files/0x00080000000234c8-185.dat	upx
behavioral2/files/0x00070000000234ee-184.dat	upx
behavioral2/files/0x00070000000234ed-183.dat	upx
behavioral2/files/0x00070000000234ec-182.dat	upx
behavioral2/files/0x00070000000234e1-177.dat	upx
behavioral2/files/0x00070000000234ea-176.dat	upx
behavioral2/files/0x00070000000234e6-167.dat	upx
behavioral2/files/0x00070000000234de-160.dat	upx
behavioral2/memory/2440-159-0x00007FF6512F0000-0x00007FF6516E2000-memory.dmp	upx
behavioral2/memory/1276-158-0x00007FF7B8C40000-0x00007FF7B9032000-memory.dmp	upx
behavioral2/files/0x00070000000234e4-157.dat	upx
behavioral2/files/0x00070000000234e3-151.dat	upx
behavioral2/files/0x00070000000234e2-147.dat	upx
behavioral2/files/0x00070000000234db-141.dat	upx
behavioral2/files/0x00070000000234da-139.dat	upx
behavioral2/files/0x00070000000234dd-137.dat	upx
behavioral2/files/0x00070000000234d9-105.dat	upx
behavioral2/files/0x00070000000234dc-126.dat	upx
behavioral2/files/0x00070000000234d8-122.dat	upx
behavioral2/files/0x00070000000234d6-93.dat	upx
behavioral2/memory/4396-90-0x00007FF648A70000-0x00007FF648E62000-memory.dmp	upx
behavioral2/memory/3016-89-0x00007FF6D53E0000-0x00007FF6D57D2000-memory.dmp	upx
behavioral2/files/0x00070000000234d7-98.dat	upx
behavioral2/files/0x00070000000234d4-77.dat	upx
behavioral2/memory/3788-73-0x00007FF77E000000-0x00007FF77E3F2000-memory.dmp	upx
behavioral2/files/0x00070000000234cf-64.dat	upx
behavioral2/files/0x00070000000234ce-59.dat	upx
behavioral2/files/0x00070000000234d0-56.dat	upx
behavioral2/files/0x00070000000234cd-41.dat	upx
behavioral2/files/0x00080000000234ca-27.dat	upx
behavioral2/files/0x00080000000234c7-6.dat	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\msQHMeL.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\QPjpYcl.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\zmIvxrH.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\BRTIHDv.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\xyOVCmV.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\RJhBxUi.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\ZYvbSRI.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\GpbYAtO.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\VNfAbny.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\TXhkgfD.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\tXcCXFX.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\NJaPAtE.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\YWeIvmp.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\LZkkkBw.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\SIoxQEY.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\LiEYvXI.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\APGZkae.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\sKxFcZl.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\mZUoKiG.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\bQQnUvz.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\qasDViQ.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\boXWLWx.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\AMjvxDD.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\GmaLcrU.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\LvuWIZf.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\hAUGhOX.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\tGCSbdA.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\WYaQUMA.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\DUkCTcl.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\yqudNIt.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\brARqwL.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\FFGEYyV.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\RGYxqmG.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\uYGAalQ.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\mcuFSST.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\fkAFDEI.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\HJVeafd.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\IWwhPWi.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\jNBKjtM.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\QpSZzFp.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\EtNFQoQ.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\AaaeRVk.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\GlgtwnV.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\NaAVURj.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\bTCZYQj.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\WVhAOdt.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\FdXpRjP.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\vmFtgme.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\wDksics.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\OEpErQk.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\oiRBvUV.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\KJktCVi.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\etlMoUe.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\tcAPmKx.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\EbVJBVc.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\zMYExvg.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\XduVBFD.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\DAtiVBf.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\wWCGUOp.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\rUDvMoD.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\WQzQnNt.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\ghaEmKm.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\lDvefCi.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
File created	C:\Windows\System\bexDalM.exe	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 36 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
3012	powershell.exe
3012	powershell.exe
3012	powershell.exe

Suspicious behavior: LoadsDriver 64 IoCs

pid	Process
4428	Process not Found
14044	Process not Found
4276	Process not Found
4204	Process not Found
3816	Process not Found
3556	Process not Found
5196	Process not Found
4984	Process not Found
2988	Process not Found
1428	Process not Found
5572	Process not Found
3444	Process not Found
5804	Process not Found
5252	Process not Found
5476	Process not Found
5216	Process not Found
14124	Process not Found
4260	Process not Found
5480	Process not Found
6644	Process not Found
5864	Process not Found
5324	Process not Found
980	Process not Found
5908	Process not Found
2732	Process not Found
4100	Process not Found
4164	Process not Found
4256	Process not Found
13756	Process not Found
4556	Process not Found
1984	Process not Found
5452	Process not Found
5432	Process not Found
3188	Process not Found
13224	Process not Found
1044	Process not Found
3980	Process not Found
6012	Process not Found
3192	Process not Found
5124	Process not Found
3088	Process not Found
6452	Process not Found
1988	Process not Found
8124	Process not Found
6648	Process not Found
436	Process not Found
8416	Process not Found
2084	Process not Found
5548	Process not Found
5448	Process not Found
5792	Process not Found
5228	Process not Found
6120	Process not Found
9136	Process not Found
10684	Process not Found
9672	Process not Found
4324	Process not Found
9688	Process not Found
9696	Process not Found
10456	Process not Found
10836	Process not Found
14116	Process not Found
10004	Process not Found
10008	Process not Found

Suspicious use of AdjustPrivilegeToken 11 IoCs

description	pid	Process
Token: SeDebugPrivilege	3012	powershell.exe
Token: SeLockMemoryPrivilege	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
Token: SeLockMemoryPrivilege	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
Token: SeCreateGlobalPrivilege	1280	dwm.exe
Token: SeChangeNotifyPrivilege	1280	dwm.exe
Token: 33	1280	dwm.exe
Token: SeIncBasePriorityPrivilege	1280	dwm.exe
Token: SeCreateGlobalPrivilege	13088	dwm.exe
Token: SeChangeNotifyPrivilege	13088	dwm.exe
Token: 33	13088	dwm.exe
Token: SeIncBasePriorityPrivilege	13088	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1308 wrote to memory of 3012	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	84
PID 1308 wrote to memory of 3012	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	84
PID 1308 wrote to memory of 4584	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	85
PID 1308 wrote to memory of 4584	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	85
PID 1308 wrote to memory of 3880	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	86
PID 1308 wrote to memory of 3880	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	86
PID 1308 wrote to memory of 3788	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	87
PID 1308 wrote to memory of 3788	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	87
PID 1308 wrote to memory of 3016	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	88
PID 1308 wrote to memory of 3016	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	88
PID 1308 wrote to memory of 4396	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	89
PID 1308 wrote to memory of 4396	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	89
PID 1308 wrote to memory of 1276	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	90
PID 1308 wrote to memory of 1276	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	90
PID 1308 wrote to memory of 2440	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	91
PID 1308 wrote to memory of 2440	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	91
PID 1308 wrote to memory of 3512	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	92
PID 1308 wrote to memory of 3512	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	92
PID 1308 wrote to memory of 556	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	93
PID 1308 wrote to memory of 556	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	93
PID 1308 wrote to memory of 3228	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	94
PID 1308 wrote to memory of 3228	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	94
PID 1308 wrote to memory of 4576	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	95
PID 1308 wrote to memory of 4576	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	95
PID 1308 wrote to memory of 472	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	96
PID 1308 wrote to memory of 472	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	96
PID 1308 wrote to memory of 4368	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	97
PID 1308 wrote to memory of 4368	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	97
PID 1308 wrote to memory of 2964	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	98
PID 1308 wrote to memory of 2964	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	98
PID 1308 wrote to memory of 3068	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	99
PID 1308 wrote to memory of 3068	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	99
PID 1308 wrote to memory of 1596	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	100
PID 1308 wrote to memory of 1596	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	100
PID 1308 wrote to memory of 948	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	101
PID 1308 wrote to memory of 948	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	101
PID 1308 wrote to memory of 3940	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	102
PID 1308 wrote to memory of 3940	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	102
PID 1308 wrote to memory of 3984	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	103
PID 1308 wrote to memory of 3984	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	103
PID 1308 wrote to memory of 2980	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	104
PID 1308 wrote to memory of 2980	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	104
PID 1308 wrote to memory of 208	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	105
PID 1308 wrote to memory of 208	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	105
PID 1308 wrote to memory of 1464	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	106
PID 1308 wrote to memory of 1464	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	106
PID 1308 wrote to memory of 3424	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	107
PID 1308 wrote to memory of 3424	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	107
PID 1308 wrote to memory of 2160	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	108
PID 1308 wrote to memory of 2160	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	108
PID 1308 wrote to memory of 4540	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	109
PID 1308 wrote to memory of 4540	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	109
PID 1308 wrote to memory of 2492	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	110
PID 1308 wrote to memory of 2492	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	110
PID 1308 wrote to memory of 3280	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	111
PID 1308 wrote to memory of 3280	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	111
PID 1308 wrote to memory of 3484	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	112
PID 1308 wrote to memory of 3484	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	112
PID 1308 wrote to memory of 3520	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	113
PID 1308 wrote to memory of 3520	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	113
PID 1308 wrote to memory of 2000	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	114
PID 1308 wrote to memory of 2000	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	114
PID 1308 wrote to memory of 984	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	115
PID 1308 wrote to memory of 984	1308	753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe	115

C:\Users\Admin\AppData\Local\Temp\753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe
"C:\Users\Admin\AppData\Local\Temp\753e86effef5e3004c28b02849111e4fc12ef10618ca7b53c82e98e35b629875.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1308
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3012
- C:\Windows\System\lGPGumH.exe
  C:\Windows\System\lGPGumH.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\EeGMvve.exe
  C:\Windows\System\EeGMvve.exe
  2⤵
  - Executes dropped EXE
  PID:3880
- C:\Windows\System\PpUfETw.exe
  C:\Windows\System\PpUfETw.exe
  2⤵
  - Executes dropped EXE
  PID:3788
- C:\Windows\System\ITcDATq.exe
  C:\Windows\System\ITcDATq.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\uggPnOf.exe
  C:\Windows\System\uggPnOf.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\FRFTDUM.exe
  C:\Windows\System\FRFTDUM.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\SqTeLeR.exe
  C:\Windows\System\SqTeLeR.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\sAfNBYh.exe
  C:\Windows\System\sAfNBYh.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\wecQyEN.exe
  C:\Windows\System\wecQyEN.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\Ivkloov.exe
  C:\Windows\System\Ivkloov.exe
  2⤵
  - Executes dropped EXE
  PID:3228
- C:\Windows\System\CHlTFOi.exe
  C:\Windows\System\CHlTFOi.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\PAyJPIL.exe
  C:\Windows\System\PAyJPIL.exe
  2⤵
  - Executes dropped EXE
  PID:472
- C:\Windows\System\BRPMjbF.exe
  C:\Windows\System\BRPMjbF.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\eSnMlkA.exe
  C:\Windows\System\eSnMlkA.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\smJnHIP.exe
  C:\Windows\System\smJnHIP.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\hVPGKEK.exe
  C:\Windows\System\hVPGKEK.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\XlfCBCk.exe
  C:\Windows\System\XlfCBCk.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\iIskiIe.exe
  C:\Windows\System\iIskiIe.exe
  2⤵
  - Executes dropped EXE
  PID:3940
- C:\Windows\System\eDlGrks.exe
  C:\Windows\System\eDlGrks.exe
  2⤵
  - Executes dropped EXE
  PID:3984
- C:\Windows\System\ZQeGDKK.exe
  C:\Windows\System\ZQeGDKK.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\zajwsbP.exe
  C:\Windows\System\zajwsbP.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System\NLMaOEi.exe
  C:\Windows\System\NLMaOEi.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\kkLMuVx.exe
  C:\Windows\System\kkLMuVx.exe
  2⤵
  - Executes dropped EXE
  PID:3424
- C:\Windows\System\RbIttFM.exe
  C:\Windows\System\RbIttFM.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\cFAiZyX.exe
  C:\Windows\System\cFAiZyX.exe
  2⤵
  - Executes dropped EXE
  PID:4540
- C:\Windows\System\KJnJiEm.exe
  C:\Windows\System\KJnJiEm.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\roKLPLN.exe
  C:\Windows\System\roKLPLN.exe
  2⤵
  - Executes dropped EXE
  PID:3280
- C:\Windows\System\AitUDwz.exe
  C:\Windows\System\AitUDwz.exe
  2⤵
  - Executes dropped EXE
  PID:3484
- C:\Windows\System\MyGrwDF.exe
  C:\Windows\System\MyGrwDF.exe
  2⤵
  - Executes dropped EXE
  PID:3520
- C:\Windows\System\fOcCbLQ.exe
  C:\Windows\System\fOcCbLQ.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\ewbKQUh.exe
  C:\Windows\System\ewbKQUh.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\wAMvFRZ.exe
  C:\Windows\System\wAMvFRZ.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\LVztLcB.exe
  C:\Windows\System\LVztLcB.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\IfRpOcK.exe
  C:\Windows\System\IfRpOcK.exe
  2⤵
  - Executes dropped EXE
  PID:3144
- C:\Windows\System\QZsqdYU.exe
  C:\Windows\System\QZsqdYU.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\FFGEYyV.exe
  C:\Windows\System\FFGEYyV.exe
  2⤵
  - Executes dropped EXE
  PID:3360
- C:\Windows\System\qKKjRUR.exe
  C:\Windows\System\qKKjRUR.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\VVKAXkD.exe
  C:\Windows\System\VVKAXkD.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\RfXLKFR.exe
  C:\Windows\System\RfXLKFR.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\gDaaLsC.exe
  C:\Windows\System\gDaaLsC.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\mNEPIBI.exe
  C:\Windows\System\mNEPIBI.exe
  2⤵
  - Executes dropped EXE
  PID:3716
- C:\Windows\System\UqolGPt.exe
  C:\Windows\System\UqolGPt.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\PAvPElH.exe
  C:\Windows\System\PAvPElH.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\yyKPPlt.exe
  C:\Windows\System\yyKPPlt.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\TVydSoI.exe
  C:\Windows\System\TVydSoI.exe
  2⤵
  - Executes dropped EXE
  PID:4180
- C:\Windows\System\Kcsnhkw.exe
  C:\Windows\System\Kcsnhkw.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\VxYJpbO.exe
  C:\Windows\System\VxYJpbO.exe
  2⤵
  - Executes dropped EXE
  PID:4384
- C:\Windows\System\uWZlLLK.exe
  C:\Windows\System\uWZlLLK.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\oVDoliW.exe
  C:\Windows\System\oVDoliW.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\xyOVCmV.exe
  C:\Windows\System\xyOVCmV.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\IRZkWfg.exe
  C:\Windows\System\IRZkWfg.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\EsKSjsS.exe
  C:\Windows\System\EsKSjsS.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\pboiXwQ.exe
  C:\Windows\System\pboiXwQ.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\HAWqeaR.exe
  C:\Windows\System\HAWqeaR.exe
  2⤵
  - Executes dropped EXE
  PID:388
- C:\Windows\System\qtMSpkh.exe
  C:\Windows\System\qtMSpkh.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\lkCfQqk.exe
  C:\Windows\System\lkCfQqk.exe
  2⤵
  - Executes dropped EXE
  PID:3396
- C:\Windows\System\jRHVYgB.exe
  C:\Windows\System\jRHVYgB.exe
  2⤵
  - Executes dropped EXE
  PID:3924
- C:\Windows\System\cDJOvNI.exe
  C:\Windows\System\cDJOvNI.exe
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Windows\System\SINthws.exe
  C:\Windows\System\SINthws.exe
  2⤵
  - Executes dropped EXE
  PID:112
- C:\Windows\System\sdwyZGr.exe
  C:\Windows\System\sdwyZGr.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\dbFWsRf.exe
  C:\Windows\System\dbFWsRf.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System\GAKmfgd.exe
  C:\Windows\System\GAKmfgd.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\OMGTRIo.exe
  C:\Windows\System\OMGTRIo.exe
  2⤵
  - Executes dropped EXE
  PID:4084
- C:\Windows\System\bgNwPfv.exe
  C:\Windows\System\bgNwPfv.exe
  2⤵
  - Executes dropped EXE
  PID:3648
- C:\Windows\System\LvQnQOf.exe
  C:\Windows\System\LvQnQOf.exe
  2⤵
  PID:3152
- C:\Windows\System\gQfQDFB.exe
  C:\Windows\System\gQfQDFB.exe
  2⤵
  PID:4588
- C:\Windows\System\hczBcdq.exe
  C:\Windows\System\hczBcdq.exe
  2⤵
  PID:3728
- C:\Windows\System\byDXkZR.exe
  C:\Windows\System\byDXkZR.exe
  2⤵
  PID:1976
- C:\Windows\System\IXIdxxx.exe
  C:\Windows\System\IXIdxxx.exe
  2⤵
  PID:1496
- C:\Windows\System\DxGwTlm.exe
  C:\Windows\System\DxGwTlm.exe
  2⤵
  PID:3884
- C:\Windows\System\xSUNUWP.exe
  C:\Windows\System\xSUNUWP.exe
  2⤵
  PID:3708
- C:\Windows\System\mcuFSST.exe
  C:\Windows\System\mcuFSST.exe
  2⤵
  PID:4348
- C:\Windows\System\boXWLWx.exe
  C:\Windows\System\boXWLWx.exe
  2⤵
  PID:2496
- C:\Windows\System\qixYnfC.exe
  C:\Windows\System\qixYnfC.exe
  2⤵
  PID:3664
- C:\Windows\System\zVoGwXn.exe
  C:\Windows\System\zVoGwXn.exe
  2⤵
  PID:3720
- C:\Windows\System\pVGvRgi.exe
  C:\Windows\System\pVGvRgi.exe
  2⤵
  PID:4272
- C:\Windows\System\VBylQVp.exe
  C:\Windows\System\VBylQVp.exe
  2⤵
  PID:1328
- C:\Windows\System\IWsZSCx.exe
  C:\Windows\System\IWsZSCx.exe
  2⤵
  PID:456
- C:\Windows\System\WtCwMvv.exe
  C:\Windows\System\WtCwMvv.exe
  2⤵
  PID:4460
- C:\Windows\System\LJRUQbK.exe
  C:\Windows\System\LJRUQbK.exe
  2⤵
  PID:3916
- C:\Windows\System\kObGEbd.exe
  C:\Windows\System\kObGEbd.exe
  2⤵
  PID:2900
- C:\Windows\System\PTeouPw.exe
  C:\Windows\System\PTeouPw.exe
  2⤵
  PID:3696
- C:\Windows\System\LxDTRhU.exe
  C:\Windows\System\LxDTRhU.exe
  2⤵
  PID:3440
- C:\Windows\System\jFqjCbJ.exe
  C:\Windows\System\jFqjCbJ.exe
  2⤵
  PID:5036
- C:\Windows\System\NdnBxrA.exe
  C:\Windows\System\NdnBxrA.exe
  2⤵
  PID:5020
- C:\Windows\System\VrsLruu.exe
  C:\Windows\System\VrsLruu.exe
  2⤵
  PID:3304
- C:\Windows\System\zOEPtfl.exe
  C:\Windows\System\zOEPtfl.exe
  2⤵
  PID:4008
- C:\Windows\System\wIwZiUm.exe
  C:\Windows\System\wIwZiUm.exe
  2⤵
  PID:4892
- C:\Windows\System\HczMXBp.exe
  C:\Windows\System\HczMXBp.exe
  2⤵
  PID:1768
- C:\Windows\System\CjyRKZp.exe
  C:\Windows\System\CjyRKZp.exe
  2⤵
  PID:4660
- C:\Windows\System\RMObGmX.exe
  C:\Windows\System\RMObGmX.exe
  2⤵
  PID:1748
- C:\Windows\System\CkFPDqh.exe
  C:\Windows\System\CkFPDqh.exe
  2⤵
  PID:4568
- C:\Windows\System\APGZkae.exe
  C:\Windows\System\APGZkae.exe
  2⤵
  PID:4624
- C:\Windows\System\hLlkqXo.exe
  C:\Windows\System\hLlkqXo.exe
  2⤵
  PID:2676
- C:\Windows\System\zzKajEf.exe
  C:\Windows\System\zzKajEf.exe
  2⤵
  PID:1208
- C:\Windows\System\iIBwagH.exe
  C:\Windows\System\iIBwagH.exe
  2⤵
  PID:4432
- C:\Windows\System\UxUIhkt.exe
  C:\Windows\System\UxUIhkt.exe
  2⤵
  PID:3172
- C:\Windows\System\XpGjbCL.exe
  C:\Windows\System\XpGjbCL.exe
  2⤵
  PID:5128
- C:\Windows\System\WEDDCeE.exe
  C:\Windows\System\WEDDCeE.exe
  2⤵
  PID:5152
- C:\Windows\System\mrlVYvJ.exe
  C:\Windows\System\mrlVYvJ.exe
  2⤵
  PID:5176
- C:\Windows\System\umlSyWP.exe
  C:\Windows\System\umlSyWP.exe
  2⤵
  PID:5200
- C:\Windows\System\uUDrTeG.exe
  C:\Windows\System\uUDrTeG.exe
  2⤵
  PID:5220
- C:\Windows\System\WXqBVKl.exe
  C:\Windows\System\WXqBVKl.exe
  2⤵
  PID:5240
- C:\Windows\System\qPWsVHq.exe
  C:\Windows\System\qPWsVHq.exe
  2⤵
  PID:5264
- C:\Windows\System\SoQcqcD.exe
  C:\Windows\System\SoQcqcD.exe
  2⤵
  PID:5288
- C:\Windows\System\QPYIctm.exe
  C:\Windows\System\QPYIctm.exe
  2⤵
  PID:5312
- C:\Windows\System\pQojesJ.exe
  C:\Windows\System\pQojesJ.exe
  2⤵
  PID:5340
- C:\Windows\System\SEfIHDz.exe
  C:\Windows\System\SEfIHDz.exe
  2⤵
  PID:5364
- C:\Windows\System\etGBkam.exe
  C:\Windows\System\etGBkam.exe
  2⤵
  PID:5388
- C:\Windows\System\xYTnUkU.exe
  C:\Windows\System\xYTnUkU.exe
  2⤵
  PID:5412
- C:\Windows\System\nOcYKNr.exe
  C:\Windows\System\nOcYKNr.exe
  2⤵
  PID:5436
- C:\Windows\System\lxhPNRh.exe
  C:\Windows\System\lxhPNRh.exe
  2⤵
  PID:5460
- C:\Windows\System\rdzxxvn.exe
  C:\Windows\System\rdzxxvn.exe
  2⤵
  PID:5492
- C:\Windows\System\SVcwuSF.exe
  C:\Windows\System\SVcwuSF.exe
  2⤵
  PID:5516
- C:\Windows\System\FbrrZip.exe
  C:\Windows\System\FbrrZip.exe
  2⤵
  PID:5536
- C:\Windows\System\WQlZPQe.exe
  C:\Windows\System\WQlZPQe.exe
  2⤵
  PID:5560
- C:\Windows\System\aYbgLXl.exe
  C:\Windows\System\aYbgLXl.exe
  2⤵
  PID:5588
- C:\Windows\System\zLOwTBx.exe
  C:\Windows\System\zLOwTBx.exe
  2⤵
  PID:5612
- C:\Windows\System\LrvgaTT.exe
  C:\Windows\System\LrvgaTT.exe
  2⤵
  PID:5636
- C:\Windows\System\gIDByKv.exe
  C:\Windows\System\gIDByKv.exe
  2⤵
  PID:5660
- C:\Windows\System\TZTyVVa.exe
  C:\Windows\System\TZTyVVa.exe
  2⤵
  PID:5684
- C:\Windows\System\qSHizFL.exe
  C:\Windows\System\qSHizFL.exe
  2⤵
  PID:5712
- C:\Windows\System\qWtyseG.exe
  C:\Windows\System\qWtyseG.exe
  2⤵
  PID:5736
- C:\Windows\System\HUhMfav.exe
  C:\Windows\System\HUhMfav.exe
  2⤵
  PID:5764
- C:\Windows\System\dpCpxZt.exe
  C:\Windows\System\dpCpxZt.exe
  2⤵
  PID:5780
- C:\Windows\System\QBtDYxv.exe
  C:\Windows\System\QBtDYxv.exe
  2⤵
  PID:5808
- C:\Windows\System\eGctUnG.exe
  C:\Windows\System\eGctUnG.exe
  2⤵
  PID:5832
- C:\Windows\System\vzBKXtJ.exe
  C:\Windows\System\vzBKXtJ.exe
  2⤵
  PID:5852
- C:\Windows\System\TStPGCI.exe
  C:\Windows\System\TStPGCI.exe
  2⤵
  PID:5884
- C:\Windows\System\zutJRwT.exe
  C:\Windows\System\zutJRwT.exe
  2⤵
  PID:5920
- C:\Windows\System\ILbZjMY.exe
  C:\Windows\System\ILbZjMY.exe
  2⤵
  PID:5940
- C:\Windows\System\vmFtgme.exe
  C:\Windows\System\vmFtgme.exe
  2⤵
  PID:5964
- C:\Windows\System\PNxUVGX.exe
  C:\Windows\System\PNxUVGX.exe
  2⤵
  PID:5988
- C:\Windows\System\PGrELfW.exe
  C:\Windows\System\PGrELfW.exe
  2⤵
  PID:6016
- C:\Windows\System\jXFSZta.exe
  C:\Windows\System\jXFSZta.exe
  2⤵
  PID:6036
- C:\Windows\System\koLFliR.exe
  C:\Windows\System\koLFliR.exe
  2⤵
  PID:6064
- C:\Windows\System\cchyvfu.exe
  C:\Windows\System\cchyvfu.exe
  2⤵
  PID:6092
- C:\Windows\System\sBzTlMv.exe
  C:\Windows\System\sBzTlMv.exe
  2⤵
  PID:6112
- C:\Windows\System\TGHCyZM.exe
  C:\Windows\System\TGHCyZM.exe
  2⤵
  PID:6132
- C:\Windows\System\mIpjrEK.exe
  C:\Windows\System\mIpjrEK.exe
  2⤵
  PID:1228
- C:\Windows\System\sZWvKzF.exe
  C:\Windows\System\sZWvKzF.exe
  2⤵
  PID:2540
- C:\Windows\System\NftsDTk.exe
  C:\Windows\System\NftsDTk.exe
  2⤵
  PID:2644
- C:\Windows\System\jllgCRZ.exe
  C:\Windows\System\jllgCRZ.exe
  2⤵
  PID:1684
- C:\Windows\System\pijPlLw.exe
  C:\Windows\System\pijPlLw.exe
  2⤵
  PID:5212
- C:\Windows\System\ydfZDsH.exe
  C:\Windows\System\ydfZDsH.exe
  2⤵
  PID:5284
- C:\Windows\System\wyBUPzq.exe
  C:\Windows\System\wyBUPzq.exe
  2⤵
  PID:5404
- C:\Windows\System\BvSlRcb.exe
  C:\Windows\System\BvSlRcb.exe
  2⤵
  PID:5304
- C:\Windows\System\wsxHRvt.exe
  C:\Windows\System\wsxHRvt.exe
  2⤵
  PID:5604
- C:\Windows\System\YLZnIYB.exe
  C:\Windows\System\YLZnIYB.exe
  2⤵
  PID:5488
- C:\Windows\System\kQwaING.exe
  C:\Windows\System\kQwaING.exe
  2⤵
  PID:5424
- C:\Windows\System\pIlhUsr.exe
  C:\Windows\System\pIlhUsr.exe
  2⤵
  PID:5628
- C:\Windows\System\XduVBFD.exe
  C:\Windows\System\XduVBFD.exe
  2⤵
  PID:5896
- C:\Windows\System\nBZRuYJ.exe
  C:\Windows\System\nBZRuYJ.exe
  2⤵
  PID:5552
- C:\Windows\System\yAiNUIv.exe
  C:\Windows\System\yAiNUIv.exe
  2⤵
  PID:5980
- C:\Windows\System\IQkMgLl.exe
  C:\Windows\System\IQkMgLl.exe
  2⤵
  PID:5844
- C:\Windows\System\DNYcLjf.exe
  C:\Windows\System\DNYcLjf.exe
  2⤵
  PID:5760
- C:\Windows\System\tcAPmKx.exe
  C:\Windows\System\tcAPmKx.exe
  2⤵
  PID:5936
- C:\Windows\System\FxWIxDN.exe
  C:\Windows\System\FxWIxDN.exe
  2⤵
  PID:5140
- C:\Windows\System\zcRSlDh.exe
  C:\Windows\System\zcRSlDh.exe
  2⤵
  PID:6004
- C:\Windows\System\YdAKlNZ.exe
  C:\Windows\System\YdAKlNZ.exe
  2⤵
  PID:6080
- C:\Windows\System\PaFIIMP.exe
  C:\Windows\System\PaFIIMP.exe
  2⤵
  PID:6060
- C:\Windows\System\XrIOGGC.exe
  C:\Windows\System\XrIOGGC.exe
  2⤵
  PID:5960
- C:\Windows\System\FrTFOfP.exe
  C:\Windows\System\FrTFOfP.exe
  2⤵
  PID:5484
- C:\Windows\System\BenQxYD.exe
  C:\Windows\System\BenQxYD.exe
  2⤵
  PID:6148
- C:\Windows\System\DTdNSRJ.exe
  C:\Windows\System\DTdNSRJ.exe
  2⤵
  PID:6176
- C:\Windows\System\xnIcHPC.exe
  C:\Windows\System\xnIcHPC.exe
  2⤵
  PID:6204
- C:\Windows\System\JpwRgvm.exe
  C:\Windows\System\JpwRgvm.exe
  2⤵
  PID:6228
- C:\Windows\System\MSzmOPh.exe
  C:\Windows\System\MSzmOPh.exe
  2⤵
  PID:6248
- C:\Windows\System\cQobhPr.exe
  C:\Windows\System\cQobhPr.exe
  2⤵
  PID:6276
- C:\Windows\System\pIkjdgX.exe
  C:\Windows\System\pIkjdgX.exe
  2⤵
  PID:6308
- C:\Windows\System\YnCfnel.exe
  C:\Windows\System\YnCfnel.exe
  2⤵
  PID:6324
- C:\Windows\System\YboYTsC.exe
  C:\Windows\System\YboYTsC.exe
  2⤵
  PID:6356
- C:\Windows\System\SFqNPCn.exe
  C:\Windows\System\SFqNPCn.exe
  2⤵
  PID:6384
- C:\Windows\System\PCOOAQR.exe
  C:\Windows\System\PCOOAQR.exe
  2⤵
  PID:6416
- C:\Windows\System\TtnpXft.exe
  C:\Windows\System\TtnpXft.exe
  2⤵
  PID:6444
- C:\Windows\System\prGCcgH.exe
  C:\Windows\System\prGCcgH.exe
  2⤵
  PID:6476
- C:\Windows\System\VPHWgnu.exe
  C:\Windows\System\VPHWgnu.exe
  2⤵
  PID:6496
- C:\Windows\System\vcDfRrA.exe
  C:\Windows\System\vcDfRrA.exe
  2⤵
  PID:6520
- C:\Windows\System\rpiLRVu.exe
  C:\Windows\System\rpiLRVu.exe
  2⤵
  PID:6544
- C:\Windows\System\mlEWyrK.exe
  C:\Windows\System\mlEWyrK.exe
  2⤵
  PID:6564
- C:\Windows\System\fEbutDB.exe
  C:\Windows\System\fEbutDB.exe
  2⤵
  PID:6584
- C:\Windows\System\hfVNsne.exe
  C:\Windows\System\hfVNsne.exe
  2⤵
  PID:6608
- C:\Windows\System\paNBHaL.exe
  C:\Windows\System\paNBHaL.exe
  2⤵
  PID:6636
- C:\Windows\System\npCACkW.exe
  C:\Windows\System\npCACkW.exe
  2⤵
  PID:6660
- C:\Windows\System\wvrSFOA.exe
  C:\Windows\System\wvrSFOA.exe
  2⤵
  PID:6680
- C:\Windows\System\ltiPAjN.exe
  C:\Windows\System\ltiPAjN.exe
  2⤵
  PID:6704
- C:\Windows\System\GnBTkGf.exe
  C:\Windows\System\GnBTkGf.exe
  2⤵
  PID:6736
- C:\Windows\System\VBZENJl.exe
  C:\Windows\System\VBZENJl.exe
  2⤵
  PID:6760
- C:\Windows\System\yJgGEKa.exe
  C:\Windows\System\yJgGEKa.exe
  2⤵
  PID:6784
- C:\Windows\System\xITCxjj.exe
  C:\Windows\System\xITCxjj.exe
  2⤵
  PID:6812
- C:\Windows\System\tRaJuqV.exe
  C:\Windows\System\tRaJuqV.exe
  2⤵
  PID:6836
- C:\Windows\System\zxKctge.exe
  C:\Windows\System\zxKctge.exe
  2⤵
  PID:6864
- C:\Windows\System\RGSNpRa.exe
  C:\Windows\System\RGSNpRa.exe
  2⤵
  PID:6896
- C:\Windows\System\HcYuVZY.exe
  C:\Windows\System\HcYuVZY.exe
  2⤵
  PID:6916
- C:\Windows\System\GuoVjyl.exe
  C:\Windows\System\GuoVjyl.exe
  2⤵
  PID:6944
- C:\Windows\System\GRTapSc.exe
  C:\Windows\System\GRTapSc.exe
  2⤵
  PID:6964
- C:\Windows\System\KHXDMsI.exe
  C:\Windows\System\KHXDMsI.exe
  2⤵
  PID:6980
- C:\Windows\System\RwGjTsK.exe
  C:\Windows\System\RwGjTsK.exe
  2⤵
  PID:7004
- C:\Windows\System\feAyaES.exe
  C:\Windows\System\feAyaES.exe
  2⤵
  PID:7032
- C:\Windows\System\OTdlXDR.exe
  C:\Windows\System\OTdlXDR.exe
  2⤵
  PID:7060
- C:\Windows\System\jNmgcUw.exe
  C:\Windows\System\jNmgcUw.exe
  2⤵
  PID:7084
- C:\Windows\System\eMHbdaA.exe
  C:\Windows\System\eMHbdaA.exe
  2⤵
  PID:7108
- C:\Windows\System\jgISlOY.exe
  C:\Windows\System\jgISlOY.exe
  2⤵
  PID:7132
- C:\Windows\System\BhPWRTw.exe
  C:\Windows\System\BhPWRTw.exe
  2⤵
  PID:7160
- C:\Windows\System\IBfWnso.exe
  C:\Windows\System\IBfWnso.exe
  2⤵
  PID:5512
- C:\Windows\System\LxtqRBI.exe
  C:\Windows\System\LxtqRBI.exe
  2⤵
  PID:5428
- C:\Windows\System\azYSnfv.exe
  C:\Windows\System\azYSnfv.exe
  2⤵
  PID:5748
- C:\Windows\System\DuOKXxq.exe
  C:\Windows\System\DuOKXxq.exe
  2⤵
  PID:6124
- C:\Windows\System\jWOfDof.exe
  C:\Windows\System\jWOfDof.exe
  2⤵
  PID:5336
- C:\Windows\System\JshSreb.exe
  C:\Windows\System\JshSreb.exe
  2⤵
  PID:6424
- C:\Windows\System\bEmfHhi.exe
  C:\Windows\System\bEmfHhi.exe
  2⤵
  PID:5544
- C:\Windows\System\jszaxSi.exe
  C:\Windows\System\jszaxSi.exe
  2⤵
  PID:5860
- C:\Windows\System\TBHhNvg.exe
  C:\Windows\System\TBHhNvg.exe
  2⤵
  PID:6316
- C:\Windows\System\tvCFpTc.exe
  C:\Windows\System\tvCFpTc.exe
  2⤵
  PID:244
- C:\Windows\System\AtwprZZ.exe
  C:\Windows\System\AtwprZZ.exe
  2⤵
  PID:6372
- C:\Windows\System\qRxmCzU.exe
  C:\Windows\System\qRxmCzU.exe
  2⤵
  PID:6412
- C:\Windows\System\GMuMMXF.exe
  C:\Windows\System\GMuMMXF.exe
  2⤵
  PID:6700
- C:\Windows\System\WdULRZQ.exe
  C:\Windows\System\WdULRZQ.exe
  2⤵
  PID:6244
- C:\Windows\System\injuQCR.exe
  C:\Windows\System\injuQCR.exe
  2⤵
  PID:6296
- C:\Windows\System\dDlkDIz.exe
  C:\Windows\System\dDlkDIz.exe
  2⤵
  PID:6320
- C:\Windows\System\pdCSLEo.exe
  C:\Windows\System\pdCSLEo.exe
  2⤵
  PID:6856
- C:\Windows\System\ytRuhar.exe
  C:\Windows\System\ytRuhar.exe
  2⤵
  PID:6908
- C:\Windows\System\MqWEfKl.exe
  C:\Windows\System\MqWEfKl.exe
  2⤵
  PID:6368
- C:\Windows\System\BUwYibN.exe
  C:\Windows\System\BUwYibN.exe
  2⤵
  PID:6996
- C:\Windows\System\gRsciTh.exe
  C:\Windows\System\gRsciTh.exe
  2⤵
  PID:7116
- C:\Windows\System\rcnNvAV.exe
  C:\Windows\System\rcnNvAV.exe
  2⤵
  PID:6768
- C:\Windows\System\kxIDDFJ.exe
  C:\Windows\System\kxIDDFJ.exe
  2⤵
  PID:5300
- C:\Windows\System\bbYXpgJ.exe
  C:\Windows\System\bbYXpgJ.exe
  2⤵
  PID:7188
- C:\Windows\System\IqyIcLl.exe
  C:\Windows\System\IqyIcLl.exe
  2⤵
  PID:7208
- C:\Windows\System\HlnQIkD.exe
  C:\Windows\System\HlnQIkD.exe
  2⤵
  PID:7232
- C:\Windows\System\ORpEbIJ.exe
  C:\Windows\System\ORpEbIJ.exe
  2⤵
  PID:7256
- C:\Windows\System\exVZQFj.exe
  C:\Windows\System\exVZQFj.exe
  2⤵
  PID:7284
- C:\Windows\System\ZavNXtD.exe
  C:\Windows\System\ZavNXtD.exe
  2⤵
  PID:7312
- C:\Windows\System\NJaPAtE.exe
  C:\Windows\System\NJaPAtE.exe
  2⤵
  PID:7328
- C:\Windows\System\ubtcBBo.exe
  C:\Windows\System\ubtcBBo.exe
  2⤵
  PID:7348
- C:\Windows\System\cRrOvZC.exe
  C:\Windows\System\cRrOvZC.exe
  2⤵
  PID:7372
- C:\Windows\System\ytUWJHI.exe
  C:\Windows\System\ytUWJHI.exe
  2⤵
  PID:7396
- C:\Windows\System\iBLPffo.exe
  C:\Windows\System\iBLPffo.exe
  2⤵
  PID:7420
- C:\Windows\System\lStJNBY.exe
  C:\Windows\System\lStJNBY.exe
  2⤵
  PID:7440
- C:\Windows\System\dlAFKso.exe
  C:\Windows\System\dlAFKso.exe
  2⤵
  PID:7464
- C:\Windows\System\FGtdXXq.exe
  C:\Windows\System\FGtdXXq.exe
  2⤵
  PID:7488
- C:\Windows\System\YCoumKG.exe
  C:\Windows\System\YCoumKG.exe
  2⤵
  PID:7512
- C:\Windows\System\hODYIjG.exe
  C:\Windows\System\hODYIjG.exe
  2⤵
  PID:7532
- C:\Windows\System\IFCGRro.exe
  C:\Windows\System\IFCGRro.exe
  2⤵
  PID:7560
- C:\Windows\System\EbVJBVc.exe
  C:\Windows\System\EbVJBVc.exe
  2⤵
  PID:7584
- C:\Windows\System\VJHxhok.exe
  C:\Windows\System\VJHxhok.exe
  2⤵
  PID:7604
- C:\Windows\System\VTOhYQE.exe
  C:\Windows\System\VTOhYQE.exe
  2⤵
  PID:7632
- C:\Windows\System\ShFzcrQ.exe
  C:\Windows\System\ShFzcrQ.exe
  2⤵
  PID:7652
- C:\Windows\System\sumtmKr.exe
  C:\Windows\System\sumtmKr.exe
  2⤵
  PID:7672
- C:\Windows\System\XbqsrGe.exe
  C:\Windows\System\XbqsrGe.exe
  2⤵
  PID:7708
- C:\Windows\System\rQrdzLL.exe
  C:\Windows\System\rQrdzLL.exe
  2⤵
  PID:7732
- C:\Windows\System\EINLjob.exe
  C:\Windows\System\EINLjob.exe
  2⤵
  PID:7752
- C:\Windows\System\DCbzhRa.exe
  C:\Windows\System\DCbzhRa.exe
  2⤵
  PID:7776
- C:\Windows\System\sZksnIb.exe
  C:\Windows\System\sZksnIb.exe
  2⤵
  PID:7808
- C:\Windows\System\xKntpRl.exe
  C:\Windows\System\xKntpRl.exe
  2⤵
  PID:7828
- C:\Windows\System\LztuBZO.exe
  C:\Windows\System\LztuBZO.exe
  2⤵
  PID:7856
- C:\Windows\System\BANtbot.exe
  C:\Windows\System\BANtbot.exe
  2⤵
  PID:7880
- C:\Windows\System\HtPHHLk.exe
  C:\Windows\System\HtPHHLk.exe
  2⤵
  PID:7908
- C:\Windows\System\BsdZulE.exe
  C:\Windows\System\BsdZulE.exe
  2⤵
  PID:7932
- C:\Windows\System\CcraVGC.exe
  C:\Windows\System\CcraVGC.exe
  2⤵
  PID:7956
- C:\Windows\System\ppLfRNk.exe
  C:\Windows\System\ppLfRNk.exe
  2⤵
  PID:7984
- C:\Windows\System\WZNQAIA.exe
  C:\Windows\System\WZNQAIA.exe
  2⤵
  PID:8012
- C:\Windows\System\ZXzcrSj.exe
  C:\Windows\System\ZXzcrSj.exe
  2⤵
  PID:8036
- C:\Windows\System\subHTNt.exe
  C:\Windows\System\subHTNt.exe
  2⤵
  PID:8060
- C:\Windows\System\EXKlIwI.exe
  C:\Windows\System\EXKlIwI.exe
  2⤵
  PID:8084
- C:\Windows\System\pWLILCH.exe
  C:\Windows\System\pWLILCH.exe
  2⤵
  PID:8112
- C:\Windows\System\kcSfnva.exe
  C:\Windows\System\kcSfnva.exe
  2⤵
  PID:8132
- C:\Windows\System\SXoUHOv.exe
  C:\Windows\System\SXoUHOv.exe
  2⤵
  PID:8156
- C:\Windows\System\fMqdCOC.exe
  C:\Windows\System\fMqdCOC.exe
  2⤵
  PID:8184
- C:\Windows\System\XFkfyVN.exe
  C:\Windows\System\XFkfyVN.exe
  2⤵
  PID:5656
- C:\Windows\System\DvOfJtv.exe
  C:\Windows\System\DvOfJtv.exe
  2⤵
  PID:6504
- C:\Windows\System\ldjJYpH.exe
  C:\Windows\System\ldjJYpH.exe
  2⤵
  PID:6580
- C:\Windows\System\OwIvKQn.exe
  C:\Windows\System\OwIvKQn.exe
  2⤵
  PID:5928
- C:\Windows\System\eaqkJdn.exe
  C:\Windows\System\eaqkJdn.exe
  2⤵
  PID:7000
- C:\Windows\System\MxbaTTj.exe
  C:\Windows\System\MxbaTTj.exe
  2⤵
  PID:6688
- C:\Windows\System\gKoDYVE.exe
  C:\Windows\System\gKoDYVE.exe
  2⤵
  PID:7144
- C:\Windows\System\mLrsNwT.exe
  C:\Windows\System\mLrsNwT.exe
  2⤵
  PID:5168
- C:\Windows\System\cUgVrQn.exe
  C:\Windows\System\cUgVrQn.exe
  2⤵
  PID:6724
- C:\Windows\System\FHSEyZA.exe
  C:\Windows\System\FHSEyZA.exe
  2⤵
  PID:6240
- C:\Windows\System\yJNnxjT.exe
  C:\Windows\System\yJNnxjT.exe
  2⤵
  PID:7268
- C:\Windows\System\nMOCDpr.exe
  C:\Windows\System\nMOCDpr.exe
  2⤵
  PID:6104
- C:\Windows\System\zxToDDx.exe
  C:\Windows\System\zxToDDx.exe
  2⤵
  PID:7388
- C:\Windows\System\NGHcKCJ.exe
  C:\Windows\System\NGHcKCJ.exe
  2⤵
  PID:7480
- C:\Windows\System\KuyWMlI.exe
  C:\Windows\System\KuyWMlI.exe
  2⤵
  PID:6268
- C:\Windows\System\ahKVVUC.exe
  C:\Windows\System\ahKVVUC.exe
  2⤵
  PID:7816
- C:\Windows\System\mTwoEwX.exe
  C:\Windows\System\mTwoEwX.exe
  2⤵
  PID:6468
- C:\Windows\System\oSjAmsu.exe
  C:\Windows\System\oSjAmsu.exe
  2⤵
  PID:7904
- C:\Windows\System\vUtOZTs.exe
  C:\Windows\System\vUtOZTs.exe
  2⤵
  PID:7928
- C:\Windows\System\zuzmcCJ.exe
  C:\Windows\System\zuzmcCJ.exe
  2⤵
  PID:7392
- C:\Windows\System\EtglCDa.exe
  C:\Windows\System\EtglCDa.exe
  2⤵
  PID:7500
- C:\Windows\System\CDDifxq.exe
  C:\Windows\System\CDDifxq.exe
  2⤵
  PID:7580
- C:\Windows\System\HhYgVoU.exe
  C:\Windows\System\HhYgVoU.exe
  2⤵
  PID:7692
- C:\Windows\System\JWYcYeg.exe
  C:\Windows\System\JWYcYeg.exe
  2⤵
  PID:6540
- C:\Windows\System\uotSAYF.exe
  C:\Windows\System\uotSAYF.exe
  2⤵
  PID:7760
- C:\Windows\System\FTWyDAp.exe
  C:\Windows\System\FTWyDAp.exe
  2⤵
  PID:1232
- C:\Windows\System\wEAhZQs.exe
  C:\Windows\System\wEAhZQs.exe
  2⤵
  PID:8216
- C:\Windows\System\ftJCKIp.exe
  C:\Windows\System\ftJCKIp.exe
  2⤵
  PID:8240
- C:\Windows\System\hlVkRcT.exe
  C:\Windows\System\hlVkRcT.exe
  2⤵
  PID:8264
- C:\Windows\System\JRKhqFD.exe
  C:\Windows\System\JRKhqFD.exe
  2⤵
  PID:8284
- C:\Windows\System\KjGrfez.exe
  C:\Windows\System\KjGrfez.exe
  2⤵
  PID:8308
- C:\Windows\System\BgTsxKn.exe
  C:\Windows\System\BgTsxKn.exe
  2⤵
  PID:8328
- C:\Windows\System\XSgXDpr.exe
  C:\Windows\System\XSgXDpr.exe
  2⤵
  PID:8352
- C:\Windows\System\htrjzTQ.exe
  C:\Windows\System\htrjzTQ.exe
  2⤵
  PID:8384
- C:\Windows\System\ZmXZGXx.exe
  C:\Windows\System\ZmXZGXx.exe
  2⤵
  PID:8408
- C:\Windows\System\uzfLXvS.exe
  C:\Windows\System\uzfLXvS.exe
  2⤵
  PID:8432
- C:\Windows\System\pkGuhLA.exe
  C:\Windows\System\pkGuhLA.exe
  2⤵
  PID:8456
- C:\Windows\System\eLhtlWp.exe
  C:\Windows\System\eLhtlWp.exe
  2⤵
  PID:8480
- C:\Windows\System\gaTNRyj.exe
  C:\Windows\System\gaTNRyj.exe
  2⤵
  PID:8504
- C:\Windows\System\pnjkAMu.exe
  C:\Windows\System\pnjkAMu.exe
  2⤵
  PID:8524
- C:\Windows\System\XwgnOSw.exe
  C:\Windows\System\XwgnOSw.exe
  2⤵
  PID:8548
- C:\Windows\System\ImCPynC.exe
  C:\Windows\System\ImCPynC.exe
  2⤵
  PID:8572
- C:\Windows\System\JEyPgoF.exe
  C:\Windows\System\JEyPgoF.exe
  2⤵
  PID:8596
- C:\Windows\System\iHzuLOP.exe
  C:\Windows\System\iHzuLOP.exe
  2⤵
  PID:8620
- C:\Windows\System\VJbaxTO.exe
  C:\Windows\System\VJbaxTO.exe
  2⤵
  PID:8648
- C:\Windows\System\XZtrpjX.exe
  C:\Windows\System\XZtrpjX.exe
  2⤵
  PID:8676
- C:\Windows\System\ysjZtXv.exe
  C:\Windows\System\ysjZtXv.exe
  2⤵
  PID:8712
- C:\Windows\System\MqLttZa.exe
  C:\Windows\System\MqLttZa.exe
  2⤵
  PID:8744
- C:\Windows\System\tbRVxQx.exe
  C:\Windows\System\tbRVxQx.exe
  2⤵
  PID:8764
- C:\Windows\System\MRMbEsH.exe
  C:\Windows\System\MRMbEsH.exe
  2⤵
  PID:8788
- C:\Windows\System\DcctTUJ.exe
  C:\Windows\System\DcctTUJ.exe
  2⤵
  PID:8812
- C:\Windows\System\XzzRifp.exe
  C:\Windows\System\XzzRifp.exe
  2⤵
  PID:8840
- C:\Windows\System\kycuADr.exe
  C:\Windows\System\kycuADr.exe
  2⤵
  PID:8860
- C:\Windows\System\EuJnWdr.exe
  C:\Windows\System\EuJnWdr.exe
  2⤵
  PID:8884
- C:\Windows\System\BFTYSCy.exe
  C:\Windows\System\BFTYSCy.exe
  2⤵
  PID:8904
- C:\Windows\System\cCcgYqr.exe
  C:\Windows\System\cCcgYqr.exe
  2⤵
  PID:8940
- C:\Windows\System\saXTgxu.exe
  C:\Windows\System\saXTgxu.exe
  2⤵
  PID:8964
- C:\Windows\System\RJhBxUi.exe
  C:\Windows\System\RJhBxUi.exe
  2⤵
  PID:8980
- C:\Windows\System\aYbcYNY.exe
  C:\Windows\System\aYbcYNY.exe
  2⤵
  PID:8996
- C:\Windows\System\IQilFEo.exe
  C:\Windows\System\IQilFEo.exe
  2⤵
  PID:9024
- C:\Windows\System\TkIlLkm.exe
  C:\Windows\System\TkIlLkm.exe
  2⤵
  PID:9048
- C:\Windows\System\oFZBirU.exe
  C:\Windows\System\oFZBirU.exe
  2⤵
  PID:9072
- C:\Windows\System\iOdESFD.exe
  C:\Windows\System\iOdESFD.exe
  2⤵
  PID:9100
- C:\Windows\System\bLRJXmj.exe
  C:\Windows\System\bLRJXmj.exe
  2⤵
  PID:9128
- C:\Windows\System\GzCicmb.exe
  C:\Windows\System\GzCicmb.exe
  2⤵
  PID:9152
- C:\Windows\System\usXfOGH.exe
  C:\Windows\System\usXfOGH.exe
  2⤵
  PID:9180
- C:\Windows\System\zNhlbWP.exe
  C:\Windows\System\zNhlbWP.exe
  2⤵
  PID:9208
- C:\Windows\System\jcNqWsQ.exe
  C:\Windows\System\jcNqWsQ.exe
  2⤵
  PID:5772
- C:\Windows\System\jcwmJPe.exe
  C:\Windows\System\jcwmJPe.exe
  2⤵
  PID:8076
- C:\Windows\System\aKhlpzw.exe
  C:\Windows\System\aKhlpzw.exe
  2⤵
  PID:5028
- C:\Windows\System\MiJvwAT.exe
  C:\Windows\System\MiJvwAT.exe
  2⤵
  PID:6600
- C:\Windows\System\Rwkkmul.exe
  C:\Windows\System\Rwkkmul.exe
  2⤵
  PID:7024
- C:\Windows\System\NaAVURj.exe
  C:\Windows\System\NaAVURj.exe
  2⤵
  PID:7504
- C:\Windows\System\xywuilV.exe
  C:\Windows\System\xywuilV.exe
  2⤵
  PID:7612
- C:\Windows\System\poORSlu.exe
  C:\Windows\System\poORSlu.exe
  2⤵
  PID:5776
- C:\Windows\System\KBNrqHO.exe
  C:\Windows\System\KBNrqHO.exe
  2⤵
  PID:7744
- C:\Windows\System\HNuDAzp.exe
  C:\Windows\System\HNuDAzp.exe
  2⤵
  PID:6776
- C:\Windows\System\fQVfmYQ.exe
  C:\Windows\System\fQVfmYQ.exe
  2⤵
  PID:8276
- C:\Windows\System\RPTDMCm.exe
  C:\Windows\System\RPTDMCm.exe
  2⤵
  PID:8376
- C:\Windows\System\zVXJZpr.exe
  C:\Windows\System\zVXJZpr.exe
  2⤵
  PID:8424
- C:\Windows\System\ASSwEbn.exe
  C:\Windows\System\ASSwEbn.exe
  2⤵
  PID:8008
- C:\Windows\System\JMKDtfU.exe
  C:\Windows\System\JMKDtfU.exe
  2⤵
  PID:7800
- C:\Windows\System\KLPKiJn.exe
  C:\Windows\System\KLPKiJn.exe
  2⤵
  PID:7924
- C:\Windows\System\ZIpGncV.exe
  C:\Windows\System\ZIpGncV.exe
  2⤵
  PID:8852
- C:\Windows\System\EiZuswb.exe
  C:\Windows\System\EiZuswb.exe
  2⤵
  PID:5800
- C:\Windows\System\ZdDmIWj.exe
  C:\Windows\System\ZdDmIWj.exe
  2⤵
  PID:8932
- C:\Windows\System\dBkbGcV.exe
  C:\Windows\System\dBkbGcV.exe
  2⤵
  PID:8280
- C:\Windows\System\SdzNmGT.exe
  C:\Windows\System\SdzNmGT.exe
  2⤵
  PID:8404
- C:\Windows\System\cwXbIBk.exe
  C:\Windows\System\cwXbIBk.exe
  2⤵
  PID:9240
- C:\Windows\System\WeVOicG.exe
  C:\Windows\System\WeVOicG.exe
  2⤵
  PID:9260
- C:\Windows\System\bDVVUhI.exe
  C:\Windows\System\bDVVUhI.exe
  2⤵
  PID:9280
- C:\Windows\System\fzKxNRQ.exe
  C:\Windows\System\fzKxNRQ.exe
  2⤵
  PID:9312
- C:\Windows\System\CNtuIoB.exe
  C:\Windows\System\CNtuIoB.exe
  2⤵
  PID:9332
- C:\Windows\System\bMvTRMQ.exe
  C:\Windows\System\bMvTRMQ.exe
  2⤵
  PID:9364
- C:\Windows\System\KUgPnyl.exe
  C:\Windows\System\KUgPnyl.exe
  2⤵
  PID:9384
- C:\Windows\System\lDvefCi.exe
  C:\Windows\System\lDvefCi.exe
  2⤵
  PID:9404
- C:\Windows\System\LhfVzHI.exe
  C:\Windows\System\LhfVzHI.exe
  2⤵
  PID:9432
- C:\Windows\System\bczAUol.exe
  C:\Windows\System\bczAUol.exe
  2⤵
  PID:9452
- C:\Windows\System\BPUynTc.exe
  C:\Windows\System\BPUynTc.exe
  2⤵
  PID:9472
- C:\Windows\System\OKcjOzU.exe
  C:\Windows\System\OKcjOzU.exe
  2⤵
  PID:9496
- C:\Windows\System\bexDalM.exe
  C:\Windows\System\bexDalM.exe
  2⤵
  PID:9520
- C:\Windows\System\EfMnFPD.exe
  C:\Windows\System\EfMnFPD.exe
  2⤵
  PID:9548
- C:\Windows\System\zEriUMq.exe
  C:\Windows\System\zEriUMq.exe
  2⤵
  PID:9572
- C:\Windows\System\GyyMoVL.exe
  C:\Windows\System\GyyMoVL.exe
  2⤵
  PID:9596
- C:\Windows\System\PeoLcLY.exe
  C:\Windows\System\PeoLcLY.exe
  2⤵
  PID:9612
- C:\Windows\System\pvZoXcZ.exe
  C:\Windows\System\pvZoXcZ.exe
  2⤵
  PID:9628
- C:\Windows\System\tYfHzGV.exe
  C:\Windows\System\tYfHzGV.exe
  2⤵
  PID:9752
- C:\Windows\System\iWUaEOU.exe
  C:\Windows\System\iWUaEOU.exe
  2⤵
  PID:9784
- C:\Windows\System\QPhpEqV.exe
  C:\Windows\System\QPhpEqV.exe
  2⤵
  PID:9804
- C:\Windows\System\sNBSorh.exe
  C:\Windows\System\sNBSorh.exe
  2⤵
  PID:9832
- C:\Windows\System\meFRYVz.exe
  C:\Windows\System\meFRYVz.exe
  2⤵
  PID:9852
- C:\Windows\System\gONPiXA.exe
  C:\Windows\System\gONPiXA.exe
  2⤵
  PID:9872
- C:\Windows\System\wDksics.exe
  C:\Windows\System\wDksics.exe
  2⤵
  PID:9896
- C:\Windows\System\QmfjOeZ.exe
  C:\Windows\System\QmfjOeZ.exe
  2⤵
  PID:9920
- C:\Windows\System\rtJZDAH.exe
  C:\Windows\System\rtJZDAH.exe
  2⤵
  PID:9944
- C:\Windows\System\cwhnwuS.exe
  C:\Windows\System\cwhnwuS.exe
  2⤵
  PID:9968
- C:\Windows\System\oGvZfBC.exe
  C:\Windows\System\oGvZfBC.exe
  2⤵
  PID:9996
- C:\Windows\System\jbhBFLp.exe
  C:\Windows\System\jbhBFLp.exe
  2⤵
  PID:10020
- C:\Windows\System\OYihaaH.exe
  C:\Windows\System\OYihaaH.exe
  2⤵
  PID:10040
- C:\Windows\System\TDZtNeB.exe
  C:\Windows\System\TDZtNeB.exe
  2⤵
  PID:10072
- C:\Windows\System\Risatsu.exe
  C:\Windows\System\Risatsu.exe
  2⤵
  PID:10092
- C:\Windows\System\bZWVGKB.exe
  C:\Windows\System\bZWVGKB.exe
  2⤵
  PID:10116
- C:\Windows\System\hfIvorV.exe
  C:\Windows\System\hfIvorV.exe
  2⤵
  PID:10144
- C:\Windows\System\dydsGYm.exe
  C:\Windows\System\dydsGYm.exe
  2⤵
  PID:10176
- C:\Windows\System\mmXPVXM.exe
  C:\Windows\System\mmXPVXM.exe
  2⤵
  PID:10200
- C:\Windows\System\RptjwIq.exe
  C:\Windows\System\RptjwIq.exe
  2⤵
  PID:10216
- C:\Windows\System\PsYbUrI.exe
  C:\Windows\System\PsYbUrI.exe
  2⤵
  PID:9116
- C:\Windows\System\LiStuPY.exe
  C:\Windows\System\LiStuPY.exe
  2⤵
  PID:8492
- C:\Windows\System\LvLESqG.exe
  C:\Windows\System\LvLESqG.exe
  2⤵
  PID:8140
- C:\Windows\System\DnXhITx.exe
  C:\Windows\System\DnXhITx.exe
  2⤵
  PID:7364
- C:\Windows\System\FLMiUBG.exe
  C:\Windows\System\FLMiUBG.exe
  2⤵
  PID:7668
- C:\Windows\System\CVKMNHH.exe
  C:\Windows\System\CVKMNHH.exe
  2⤵
  PID:8796
- C:\Windows\System\gxYVHyY.exe
  C:\Windows\System\gxYVHyY.exe
  2⤵
  PID:4948
- C:\Windows\System\oOddxpo.exe
  C:\Windows\System\oOddxpo.exe
  2⤵
  PID:8776
- C:\Windows\System\lbdyfWg.exe
  C:\Windows\System\lbdyfWg.exe
  2⤵
  PID:9012
- C:\Windows\System\ghaEmKm.exe
  C:\Windows\System\ghaEmKm.exe
  2⤵
  PID:9060
- C:\Windows\System\EKULSCU.exe
  C:\Windows\System\EKULSCU.exe
  2⤵
  PID:8360
- C:\Windows\System\DAtiVBf.exe
  C:\Windows\System\DAtiVBf.exe
  2⤵
  PID:8452
- C:\Windows\System\oHBUKgz.exe
  C:\Windows\System\oHBUKgz.exe
  2⤵
  PID:8520
- C:\Windows\System\LpEGVwi.exe
  C:\Windows\System\LpEGVwi.exe
  2⤵
  PID:8556
- C:\Windows\System\oYrhOdb.exe
  C:\Windows\System\oYrhOdb.exe
  2⤵
  PID:9324
- C:\Windows\System\ueHGVAu.exe
  C:\Windows\System\ueHGVAu.exe
  2⤵
  PID:9396
- C:\Windows\System\OiiLMKS.exe
  C:\Windows\System\OiiLMKS.exe
  2⤵
  PID:9424
- C:\Windows\System\oEBKYIP.exe
  C:\Windows\System\oEBKYIP.exe
  2⤵
  PID:8164
- C:\Windows\System\JDjugNp.exe
  C:\Windows\System\JDjugNp.exe
  2⤵
  PID:8232
- C:\Windows\System\FjhNQET.exe
  C:\Windows\System\FjhNQET.exe
  2⤵
  PID:9604
- C:\Windows\System\MKOqCIR.exe
  C:\Windows\System\MKOqCIR.exe
  2⤵
  PID:9692
- C:\Windows\System\cMeOafP.exe
  C:\Windows\System\cMeOafP.exe
  2⤵
  PID:8876
- C:\Windows\System\wKsrczX.exe
  C:\Windows\System\wKsrczX.exe
  2⤵
  PID:9144
- C:\Windows\System\YWbOsxC.exe
  C:\Windows\System\YWbOsxC.exe
  2⤵
  PID:9812
- C:\Windows\System\MreaXLm.exe
  C:\Windows\System\MreaXLm.exe
  2⤵
  PID:10256
- C:\Windows\System\jYLLGJp.exe
  C:\Windows\System\jYLLGJp.exe
  2⤵
  PID:10284
- C:\Windows\System\XDTfBkt.exe
  C:\Windows\System\XDTfBkt.exe
  2⤵
  PID:10308
- C:\Windows\System\ViTluLs.exe
  C:\Windows\System\ViTluLs.exe
  2⤵
  PID:10336
- C:\Windows\System\lhmyFYM.exe
  C:\Windows\System\lhmyFYM.exe
  2⤵
  PID:10356
- C:\Windows\System\qNGvETZ.exe
  C:\Windows\System\qNGvETZ.exe
  2⤵
  PID:10384
- C:\Windows\System\zACcdSf.exe
  C:\Windows\System\zACcdSf.exe
  2⤵
  PID:10404
- C:\Windows\System\yqudNIt.exe
  C:\Windows\System\yqudNIt.exe
  2⤵
  PID:10424
- C:\Windows\System\tGJhUSF.exe
  C:\Windows\System\tGJhUSF.exe
  2⤵
  PID:10444
- C:\Windows\System\JVFMztU.exe
  C:\Windows\System\JVFMztU.exe
  2⤵
  PID:10468
- C:\Windows\System\FJqrylG.exe
  C:\Windows\System\FJqrylG.exe
  2⤵
  PID:10492
- C:\Windows\System\rmLvSFz.exe
  C:\Windows\System\rmLvSFz.exe
  2⤵
  PID:10520
- C:\Windows\System\RghPDpH.exe
  C:\Windows\System\RghPDpH.exe
  2⤵
  PID:10548
- C:\Windows\System\gODeyKQ.exe
  C:\Windows\System\gODeyKQ.exe
  2⤵
  PID:10568
- C:\Windows\System\IzRJZZA.exe
  C:\Windows\System\IzRJZZA.exe
  2⤵
  PID:10584
- C:\Windows\System\jTwVyxJ.exe
  C:\Windows\System\jTwVyxJ.exe
  2⤵
  PID:10604
- C:\Windows\System\rsCyYen.exe
  C:\Windows\System\rsCyYen.exe
  2⤵
  PID:10632
- C:\Windows\System\ncbhjQA.exe
  C:\Windows\System\ncbhjQA.exe
  2⤵
  PID:10656
- C:\Windows\System\dYkzJPm.exe
  C:\Windows\System\dYkzJPm.exe
  2⤵
  PID:10672
- C:\Windows\System\HRHgtaN.exe
  C:\Windows\System\HRHgtaN.exe
  2⤵
  PID:10700
- C:\Windows\System\smyIPSg.exe
  C:\Windows\System\smyIPSg.exe
  2⤵
  PID:10720
- C:\Windows\System\wSkkVBH.exe
  C:\Windows\System\wSkkVBH.exe
  2⤵
  PID:10740
- C:\Windows\System\XkkUSbH.exe
  C:\Windows\System\XkkUSbH.exe
  2⤵
  PID:10772
- C:\Windows\System\ZVqypmK.exe
  C:\Windows\System\ZVqypmK.exe
  2⤵
  PID:10800
- C:\Windows\System\QSGcWfR.exe
  C:\Windows\System\QSGcWfR.exe
  2⤵
  PID:10820
- C:\Windows\System\apnKyPa.exe
  C:\Windows\System\apnKyPa.exe
  2⤵
  PID:10868
- C:\Windows\System\SRDqYgY.exe
  C:\Windows\System\SRDqYgY.exe
  2⤵
  PID:10888
- C:\Windows\System\DMtiZLp.exe
  C:\Windows\System\DMtiZLp.exe
  2⤵
  PID:10908
- C:\Windows\System\riPFGnE.exe
  C:\Windows\System\riPFGnE.exe
  2⤵
  PID:10932
- C:\Windows\System\indDbwg.exe
  C:\Windows\System\indDbwg.exe
  2⤵
  PID:10956
- C:\Windows\System\dOWkrsj.exe
  C:\Windows\System\dOWkrsj.exe
  2⤵
  PID:10980
- C:\Windows\System\ikqryvq.exe
  C:\Windows\System\ikqryvq.exe
  2⤵
  PID:11000
- C:\Windows\System\ZFENndy.exe
  C:\Windows\System\ZFENndy.exe
  2⤵
  PID:11020
- C:\Windows\System\ffMLYHu.exe
  C:\Windows\System\ffMLYHu.exe
  2⤵
  PID:11044
- C:\Windows\System\wbYnRAz.exe
  C:\Windows\System\wbYnRAz.exe
  2⤵
  PID:11068
- C:\Windows\System\rCOfgPd.exe
  C:\Windows\System\rCOfgPd.exe
  2⤵
  PID:11088
- C:\Windows\System\PYiCqvq.exe
  C:\Windows\System\PYiCqvq.exe
  2⤵
  PID:11104
- C:\Windows\System\VZmRTjN.exe
  C:\Windows\System\VZmRTjN.exe
  2⤵
  PID:11120
- C:\Windows\System\cHvBxIp.exe
  C:\Windows\System\cHvBxIp.exe
  2⤵
  PID:11136
- C:\Windows\System\SZSigri.exe
  C:\Windows\System\SZSigri.exe
  2⤵
  PID:11160
- C:\Windows\System\nfbBnNy.exe
  C:\Windows\System\nfbBnNy.exe
  2⤵
  PID:11188
- C:\Windows\System\jwAXXCz.exe
  C:\Windows\System\jwAXXCz.exe
  2⤵
  PID:11216
- C:\Windows\System\pgrlkiD.exe
  C:\Windows\System\pgrlkiD.exe
  2⤵
  PID:11236
- C:\Windows\System\vrSqmQE.exe
  C:\Windows\System\vrSqmQE.exe
  2⤵
  PID:9844
- C:\Windows\System\PGEEbdc.exe
  C:\Windows\System\PGEEbdc.exe
  2⤵
  PID:9928
- C:\Windows\System\HgpYRSm.exe
  C:\Windows\System\HgpYRSm.exe
  2⤵
  PID:9344
- C:\Windows\System\uiMBbnN.exe
  C:\Windows\System\uiMBbnN.exe
  2⤵
  PID:10016
- C:\Windows\System\zedKEcX.exe
  C:\Windows\System\zedKEcX.exe
  2⤵
  PID:10036
- C:\Windows\System\NKnnDUB.exe
  C:\Windows\System\NKnnDUB.exe
  2⤵
  PID:7696
- C:\Windows\System\DFFxLzu.exe
  C:\Windows\System\DFFxLzu.exe
  2⤵
  PID:6616
- C:\Windows\System\agDDnbu.exe
  C:\Windows\System\agDDnbu.exe
  2⤵
  PID:3116
- C:\Windows\System\nutBtwR.exe
  C:\Windows\System\nutBtwR.exe
  2⤵
  PID:7080
- C:\Windows\System\UugTLds.exe
  C:\Windows\System\UugTLds.exe
  2⤵
  PID:8656
- C:\Windows\System\aOBwQtv.exe
  C:\Windows\System\aOBwQtv.exe
  2⤵
  PID:8052
- C:\Windows\System\RkFBDsp.exe
  C:\Windows\System\RkFBDsp.exe
  2⤵
  PID:8400
- C:\Windows\System\lMWKVVn.exe
  C:\Windows\System\lMWKVVn.exe
  2⤵
  PID:8820
- C:\Windows\System\NWIZhhC.exe
  C:\Windows\System\NWIZhhC.exe
  2⤵
  PID:10300
- C:\Windows\System\VwQLJEK.exe
  C:\Windows\System\VwQLJEK.exe
  2⤵
  PID:10412
- C:\Windows\System\XOPzwGz.exe
  C:\Windows\System\XOPzwGz.exe
  2⤵
  PID:10084
- C:\Windows\System\ngTSfOj.exe
  C:\Windows\System\ngTSfOj.exe
  2⤵
  PID:10112
- C:\Windows\System\OMqrvZe.exe
  C:\Windows\System\OMqrvZe.exe
  2⤵
  PID:10140
- C:\Windows\System\OBCrNwu.exe
  C:\Windows\System\OBCrNwu.exe
  2⤵
  PID:10564
- C:\Windows\System\BCMZBbS.exe
  C:\Windows\System\BCMZBbS.exe
  2⤵
  PID:10708
- C:\Windows\System\Evdjuqt.exe
  C:\Windows\System\Evdjuqt.exe
  2⤵
  PID:7472
- C:\Windows\System\fSgzUSF.exe
  C:\Windows\System\fSgzUSF.exe
  2⤵
  PID:8900
- C:\Windows\System\FGhJEBu.exe
  C:\Windows\System\FGhJEBu.exe
  2⤵
  PID:10904
- C:\Windows\System\NLDNaom.exe
  C:\Windows\System\NLDNaom.exe
  2⤵
  PID:6656
- C:\Windows\System\eJtXGqH.exe
  C:\Windows\System\eJtXGqH.exe
  2⤵
  PID:8580
- C:\Windows\System\ImpPEMu.exe
  C:\Windows\System\ImpPEMu.exe
  2⤵
  PID:10992
- C:\Windows\System\veGfDEO.exe
  C:\Windows\System\veGfDEO.exe
  2⤵
  PID:9760
- C:\Windows\System\XXgDoOk.exe
  C:\Windows\System\XXgDoOk.exe
  2⤵
  PID:11128
- C:\Windows\System\ZfaMENN.exe
  C:\Windows\System\ZfaMENN.exe
  2⤵
  PID:9840
- C:\Windows\System\pexKZSi.exe
  C:\Windows\System\pexKZSi.exe
  2⤵
  PID:10244
- C:\Windows\System\NzvIxod.exe
  C:\Windows\System\NzvIxod.exe
  2⤵
  PID:11268
- C:\Windows\System\NfIKmHx.exe
  C:\Windows\System\NfIKmHx.exe
  2⤵
  PID:11300
- C:\Windows\System\mFqhUBv.exe
  C:\Windows\System\mFqhUBv.exe
  2⤵
  PID:11320
- C:\Windows\System\ecAJJAs.exe
  C:\Windows\System\ecAJJAs.exe
  2⤵
  PID:11340
- C:\Windows\System\VQyjeZg.exe
  C:\Windows\System\VQyjeZg.exe
  2⤵
  PID:11360
- C:\Windows\System\yQuLanr.exe
  C:\Windows\System\yQuLanr.exe
  2⤵
  PID:11376
- C:\Windows\System\Zbhkudl.exe
  C:\Windows\System\Zbhkudl.exe
  2⤵
  PID:11392
- C:\Windows\System\uuIZMIF.exe
  C:\Windows\System\uuIZMIF.exe
  2⤵
  PID:11408
- C:\Windows\System\xjhOcMo.exe
  C:\Windows\System\xjhOcMo.exe
  2⤵
  PID:11424
- C:\Windows\System\WZucfUl.exe
  C:\Windows\System\WZucfUl.exe
  2⤵
  PID:11440
- C:\Windows\System\YklWjDj.exe
  C:\Windows\System\YklWjDj.exe
  2⤵
  PID:11468
- C:\Windows\System\wtSiWAa.exe
  C:\Windows\System\wtSiWAa.exe
  2⤵
  PID:11492
- C:\Windows\System\oojhOEK.exe
  C:\Windows\System\oojhOEK.exe
  2⤵
  PID:11520
- C:\Windows\System\WVhAOdt.exe
  C:\Windows\System\WVhAOdt.exe
  2⤵
  PID:11540
- C:\Windows\System\ygkiBuf.exe
  C:\Windows\System\ygkiBuf.exe
  2⤵
  PID:11560
- C:\Windows\System\MLuKVBY.exe
  C:\Windows\System\MLuKVBY.exe
  2⤵
  PID:11584
- C:\Windows\System\boPRkkD.exe
  C:\Windows\System\boPRkkD.exe
  2⤵
  PID:11608
- C:\Windows\System\pEoqmYJ.exe
  C:\Windows\System\pEoqmYJ.exe
  2⤵
  PID:11628
- C:\Windows\System\sHDAscR.exe
  C:\Windows\System\sHDAscR.exe
  2⤵
  PID:11660
- C:\Windows\System\wWRSauN.exe
  C:\Windows\System\wWRSauN.exe
  2⤵
  PID:11680
- C:\Windows\System\fnVKCdc.exe
  C:\Windows\System\fnVKCdc.exe
  2⤵
  PID:11704
- C:\Windows\System\pGOhOVc.exe
  C:\Windows\System\pGOhOVc.exe
  2⤵
  PID:11728
- C:\Windows\System\BhVmNsz.exe
  C:\Windows\System\BhVmNsz.exe
  2⤵
  PID:11752
- C:\Windows\System\mTBPUMx.exe
  C:\Windows\System\mTBPUMx.exe
  2⤵
  PID:11836
- C:\Windows\System\aokdVyP.exe
  C:\Windows\System\aokdVyP.exe
  2⤵
  PID:11856
- C:\Windows\System\VmEOOfh.exe
  C:\Windows\System\VmEOOfh.exe
  2⤵
  PID:11880
- C:\Windows\System\eNtQSMb.exe
  C:\Windows\System\eNtQSMb.exe
  2⤵
  PID:11908
- C:\Windows\System\GCJaGkz.exe
  C:\Windows\System\GCJaGkz.exe
  2⤵
  PID:11932
- C:\Windows\System\TijBYWx.exe
  C:\Windows\System\TijBYWx.exe
  2⤵
  PID:11956
- C:\Windows\System\zwXsfaq.exe
  C:\Windows\System\zwXsfaq.exe
  2⤵
  PID:11976
- C:\Windows\System\HMBlqrN.exe
  C:\Windows\System\HMBlqrN.exe
  2⤵
  PID:12004
- C:\Windows\System\UjVRlGx.exe
  C:\Windows\System\UjVRlGx.exe
  2⤵
  PID:12028
- C:\Windows\System\oazMejC.exe
  C:\Windows\System\oazMejC.exe
  2⤵
  PID:12048
- C:\Windows\System\SGPgqFw.exe
  C:\Windows\System\SGPgqFw.exe
  2⤵
  PID:12072
- C:\Windows\System\EtNFQoQ.exe
  C:\Windows\System\EtNFQoQ.exe
  2⤵
  PID:12096
- C:\Windows\System\isFWMId.exe
  C:\Windows\System\isFWMId.exe
  2⤵
  PID:12120
- C:\Windows\System\yFwTJBb.exe
  C:\Windows\System\yFwTJBb.exe
  2⤵
  PID:12140
- C:\Windows\System\EvKtmVJ.exe
  C:\Windows\System\EvKtmVJ.exe
  2⤵
  PID:12164
- C:\Windows\System\JOvfgFN.exe
  C:\Windows\System\JOvfgFN.exe
  2⤵
  PID:12188
- C:\Windows\System\mftHfqM.exe
  C:\Windows\System\mftHfqM.exe
  2⤵
  PID:12208
- C:\Windows\System\zFOPLWp.exe
  C:\Windows\System\zFOPLWp.exe
  2⤵
  PID:12228
- C:\Windows\System\hbhaxDK.exe
  C:\Windows\System\hbhaxDK.exe
  2⤵
  PID:12252
- C:\Windows\System\JHwXRHR.exe
  C:\Windows\System\JHwXRHR.exe
  2⤵
  PID:12272
- C:\Windows\System\wogzvkE.exe
  C:\Windows\System\wogzvkE.exe
  2⤵
  PID:11244
- C:\Windows\System\jEmkPCh.exe
  C:\Windows\System\jEmkPCh.exe
  2⤵
  PID:9940
- C:\Windows\System\VeYhOdu.exe
  C:\Windows\System\VeYhOdu.exe
  2⤵
  PID:10400
- C:\Windows\System\AZXXQcP.exe
  C:\Windows\System\AZXXQcP.exe
  2⤵
  PID:10436
- C:\Windows\System\GYCeOFs.exe
  C:\Windows\System\GYCeOFs.exe
  2⤵
  PID:9620
- C:\Windows\System\WuMFXSU.exe
  C:\Windows\System\WuMFXSU.exe
  2⤵
  PID:9232
- C:\Windows\System\Huezwsz.exe
  C:\Windows\System\Huezwsz.exe
  2⤵
  PID:10232
- C:\Windows\System\jyYBiTU.exe
  C:\Windows\System\jyYBiTU.exe
  2⤵
  PID:8588
- C:\Windows\System\FGswzPe.exe
  C:\Windows\System\FGswzPe.exe
  2⤵
  PID:10100
- C:\Windows\System\iUSIMCG.exe
  C:\Windows\System\iUSIMCG.exe
  2⤵
  PID:8780
- C:\Windows\System\ZatfBhk.exe
  C:\Windows\System\ZatfBhk.exe
  2⤵
  PID:10792
- C:\Windows\System\brARqwL.exe
  C:\Windows\System\brARqwL.exe
  2⤵
  PID:8304
- C:\Windows\System\vTMKBll.exe
  C:\Windows\System\vTMKBll.exe
  2⤵
  PID:9252
- C:\Windows\System\GkXAouu.exe
  C:\Windows\System\GkXAouu.exe
  2⤵
  PID:8976
- C:\Windows\System\dEaODXF.exe
  C:\Windows\System\dEaODXF.exe
  2⤵
  PID:9588
- C:\Windows\System\WpOjppf.exe
  C:\Windows\System\WpOjppf.exe
  2⤵
  PID:12300
- C:\Windows\System\uvxaxGY.exe
  C:\Windows\System\uvxaxGY.exe
  2⤵
  PID:12324
- C:\Windows\System\tQICTtN.exe
  C:\Windows\System\tQICTtN.exe
  2⤵
  PID:12348
- C:\Windows\System\oSMyqrf.exe
  C:\Windows\System\oSMyqrf.exe
  2⤵
  PID:12364
- C:\Windows\System\kETEFAk.exe
  C:\Windows\System\kETEFAk.exe
  2⤵
  PID:12384
- C:\Windows\System\sbRKdNo.exe
  C:\Windows\System\sbRKdNo.exe
  2⤵
  PID:12404
- C:\Windows\System\GFOUSul.exe
  C:\Windows\System\GFOUSul.exe
  2⤵
  PID:12424
- C:\Windows\System\nCdlSQZ.exe
  C:\Windows\System\nCdlSQZ.exe
  2⤵
  PID:12448
- C:\Windows\System\eiEqPFk.exe
  C:\Windows\System\eiEqPFk.exe
  2⤵
  PID:12476
- C:\Windows\System\WMHruNx.exe
  C:\Windows\System\WMHruNx.exe
  2⤵
  PID:12500
- C:\Windows\System\jXIjGzl.exe
  C:\Windows\System\jXIjGzl.exe
  2⤵
  PID:12524
- C:\Windows\System\LUYhiyh.exe
  C:\Windows\System\LUYhiyh.exe
  2⤵
  PID:12552
- C:\Windows\System\rTToPjt.exe
  C:\Windows\System\rTToPjt.exe
  2⤵
  PID:12576
- C:\Windows\System\mxqegqp.exe
  C:\Windows\System\mxqegqp.exe
  2⤵
  PID:12592
- C:\Windows\System\mZUoKiG.exe
  C:\Windows\System\mZUoKiG.exe
  2⤵
  PID:12620
- C:\Windows\System\kiUxRvd.exe
  C:\Windows\System\kiUxRvd.exe
  2⤵
  PID:12644
- C:\Windows\System\bSZftrR.exe
  C:\Windows\System\bSZftrR.exe
  2⤵
  PID:12668
- C:\Windows\System\EfbIXfs.exe
  C:\Windows\System\EfbIXfs.exe
  2⤵
  PID:12700
- C:\Windows\System\GbbeEmu.exe
  C:\Windows\System\GbbeEmu.exe
  2⤵
  PID:11576
- C:\Windows\System\anthQBg.exe
  C:\Windows\System\anthQBg.exe
  2⤵
  PID:11784
- C:\Windows\System\eFKtmBr.exe
  C:\Windows\System\eFKtmBr.exe
  2⤵
  PID:10652
- C:\Windows\System\QLLTlRM.exe
  C:\Windows\System\QLLTlRM.exe
  2⤵
  PID:10848
- C:\Windows\System\yHiCNHm.exe
  C:\Windows\System\yHiCNHm.exe
  2⤵
  PID:12268
- C:\Windows\System\SnSVWDL.exe
  C:\Windows\System\SnSVWDL.exe
  2⤵
  PID:10880
- C:\Windows\System\ypVlSIg.exe
  C:\Windows\System\ypVlSIg.exe
  2⤵
  PID:9444
- C:\Windows\System\NUfvLjO.exe
  C:\Windows\System\NUfvLjO.exe
  2⤵
  PID:9200
- C:\Windows\System\ZjeMfmM.exe
  C:\Windows\System\ZjeMfmM.exe
  2⤵
  PID:10556
- C:\Windows\System\Rkziqnt.exe
  C:\Windows\System\Rkziqnt.exe
  2⤵
  PID:8324
- C:\Windows\System\YLLgrrZ.exe
  C:\Windows\System\YLLgrrZ.exe
  2⤵
  PID:12292
- C:\Windows\System\wLXYKjE.exe
  C:\Windows\System\wLXYKjE.exe
  2⤵
  PID:9276
- C:\Windows\System\rBGalTs.exe
  C:\Windows\System\rBGalTs.exe
  2⤵
  PID:11476
- C:\Windows\System\WcYEkAT.exe
  C:\Windows\System\WcYEkAT.exe
  2⤵
  PID:9348
- C:\Windows\System\VPQInBz.exe
  C:\Windows\System\VPQInBz.exe
  2⤵
  PID:12936
- C:\Windows\System\dOEzJGw.exe
  C:\Windows\System\dOEzJGw.exe
  2⤵
  PID:9904
- C:\Windows\System\CsnzoKL.exe
  C:\Windows\System\CsnzoKL.exe
  2⤵
  PID:12956
- C:\Windows\System\gIsgrYF.exe
  C:\Windows\System\gIsgrYF.exe
  2⤵
  PID:12988
- C:\Windows\System\kaQIWNG.exe
  C:\Windows\System\kaQIWNG.exe
  2⤵
  PID:10972
- C:\Windows\System\JBwYVpx.exe
  C:\Windows\System\JBwYVpx.exe
  2⤵
  PID:8828
- C:\Windows\System\OmdiQyL.exe
  C:\Windows\System\OmdiQyL.exe
  2⤵
  PID:13060
- C:\Windows\System\HDuLUDG.exe
  C:\Windows\System\HDuLUDG.exe
  2⤵
  PID:13084
- C:\Windows\System\MmCJFCi.exe
  C:\Windows\System\MmCJFCi.exe
  2⤵
  PID:13092
- C:\Windows\System\aXyRpXY.exe
  C:\Windows\System\aXyRpXY.exe
  2⤵
  PID:13132
- C:\Windows\System\ijNzyzP.exe
  C:\Windows\System\ijNzyzP.exe
  2⤵
  PID:12828
- C:\Windows\System\nCXjZuy.exe
  C:\Windows\System\nCXjZuy.exe
  2⤵
  PID:12900
- C:\Windows\System\AfWVzVQ.exe
  C:\Windows\System\AfWVzVQ.exe
  2⤵
  PID:11568
- C:\Windows\System\FJcjuaJ.exe
  C:\Windows\System\FJcjuaJ.exe
  2⤵
  PID:11672
- C:\Windows\System\vnQKnBM.exe
  C:\Windows\System\vnQKnBM.exe
  2⤵
  PID:11384
- C:\Windows\System\jCTuSuR.exe
  C:\Windows\System\jCTuSuR.exe
  2⤵
  PID:12560
- C:\Windows\System\OEpErQk.exe
  C:\Windows\System\OEpErQk.exe
  2⤵
  PID:11968
- C:\Windows\System\BOiafFA.exe
  C:\Windows\System\BOiafFA.exe
  2⤵
  PID:9888
- C:\Windows\System\iDbGWie.exe
  C:\Windows\System\iDbGWie.exe
  2⤵
  PID:12756
- C:\Windows\System\sKxFcZl.exe
  C:\Windows\System\sKxFcZl.exe
  2⤵
  PID:11368
- C:\Windows\System\jHLTcMQ.exe
  C:\Windows\System\jHLTcMQ.exe
  2⤵
  PID:11952
- C:\Windows\System\xLJSuqG.exe
  C:\Windows\System\xLJSuqG.exe
  2⤵
  PID:12220
- C:\Windows\System\QUKGDJf.exe
  C:\Windows\System\QUKGDJf.exe
  2⤵
  PID:13000
- C:\Windows\System\AfctAsN.exe
  C:\Windows\System\AfctAsN.exe
  2⤵
  PID:3624
- C:\Windows\System\wJwyWgy.exe
  C:\Windows\System\wJwyWgy.exe
  2⤵
  PID:13096
- C:\Windows\System\ZefYWGZ.exe
  C:\Windows\System\ZefYWGZ.exe
  2⤵
  PID:12196
- C:\Windows\System\oiRBvUV.exe
  C:\Windows\System\oiRBvUV.exe
  2⤵
  PID:11460
- C:\Windows\System\VYZBCfz.exe
  C:\Windows\System\VYZBCfz.exe
  2⤵
  PID:10648
- C:\Windows\System\cXmLgyS.exe
  C:\Windows\System\cXmLgyS.exe
  2⤵
  PID:7280
- C:\Windows\System\etjjcwp.exe
  C:\Windows\System\etjjcwp.exe
  2⤵
  PID:11308
- C:\Windows\System\ewBvAhg.exe
  C:\Windows\System\ewBvAhg.exe
  2⤵
  PID:13148
- C:\Windows\System\GjyDBFI.exe
  C:\Windows\System\GjyDBFI.exe
  2⤵
  PID:9556
- C:\Windows\System\qJoyHRH.exe
  C:\Windows\System\qJoyHRH.exe
  2⤵
  PID:13232
- C:\Windows\System\JeCaxhZ.exe
  C:\Windows\System\JeCaxhZ.exe
  2⤵
  PID:12984
- C:\Windows\System\dmhiODP.exe
  C:\Windows\System\dmhiODP.exe
  2⤵
  PID:8448
- C:\Windows\System\LwCTHOK.exe
  C:\Windows\System\LwCTHOK.exe
  2⤵
  PID:12732
- C:\Windows\System\awENEdn.exe
  C:\Windows\System\awENEdn.exe
  2⤵
  PID:4580
- C:\Windows\System\vSFZQRT.exe
  C:\Windows\System\vSFZQRT.exe
  2⤵
  PID:8700
- C:\Windows\System\JKsdCve.exe
  C:\Windows\System\JKsdCve.exe
  2⤵
  PID:12812
- C:\Windows\System\aBxEcRY.exe
  C:\Windows\System\aBxEcRY.exe
  2⤵
  PID:11336
- C:\Windows\System\eTXIkMT.exe
  C:\Windows\System\eTXIkMT.exe
  2⤵
  PID:9044
- C:\Windows\System\gwhxubS.exe
  C:\Windows\System\gwhxubS.exe
  2⤵
  PID:1352
- C:\Windows\System\adnpZgW.exe
  C:\Windows\System\adnpZgW.exe
  2⤵
  PID:1720
- C:\Windows\System\eEaXWuW.exe
  C:\Windows\System\eEaXWuW.exe
  2⤵
  PID:9288
- C:\Windows\System\FsqVeQB.exe
  C:\Windows\System\FsqVeQB.exe
  2⤵
  PID:11896
- C:\Windows\System\MdAUxyM.exe
  C:\Windows\System\MdAUxyM.exe
  2⤵
  PID:13188
- C:\Windows\System\dxjZKmM.exe
  C:\Windows\System\dxjZKmM.exe
  2⤵
  PID:12600
- C:\Windows\System\LvRVVHV.exe
  C:\Windows\System\LvRVVHV.exe
  2⤵
  PID:4448
- C:\Windows\System\YxveNQZ.exe
  C:\Windows\System\YxveNQZ.exe
  2⤵
  PID:5108
- C:\Windows\System\IyFgmVK.exe
  C:\Windows\System\IyFgmVK.exe
  2⤵
  PID:12432
- C:\Windows\System\udSPvhh.exe
  C:\Windows\System\udSPvhh.exe
  2⤵
  PID:13200
- C:\Windows\System\dgDyZcn.exe
  C:\Windows\System\dgDyZcn.exe
  2⤵
  PID:11432
- C:\Windows\System\HDhSeTi.exe
  C:\Windows\System\HDhSeTi.exe
  2⤵
  PID:12224
- C:\Windows\System\manQEcy.exe
  C:\Windows\System\manQEcy.exe
  2⤵
  PID:2520
- C:\Windows\System\SMNprwn.exe
  C:\Windows\System\SMNprwn.exe
  2⤵
  PID:13180
- C:\Windows\System\zQRvCRu.exe
  C:\Windows\System\zQRvCRu.exe
  2⤵
  PID:3320
- C:\Windows\System\hUrqYSK.exe
  C:\Windows\System\hUrqYSK.exe
  2⤵
  PID:3864
- C:\Windows\System\iXtvlRm.exe
  C:\Windows\System\iXtvlRm.exe
  2⤵
  PID:4380
- C:\Windows\System\wwoXonE.exe
  C:\Windows\System\wwoXonE.exe
  2⤵
  PID:116
- C:\Windows\System\qSJjJBH.exe
  C:\Windows\System\qSJjJBH.exe
  2⤵
  PID:5068
- C:\Windows\System\ifcqrpA.exe
  C:\Windows\System\ifcqrpA.exe
  2⤵
  PID:12356
- C:\Windows\System\ZqwiZKY.exe
  C:\Windows\System\ZqwiZKY.exe
  2⤵
  PID:12568
- C:\Windows\System\tYPhHhK.exe
  C:\Windows\System\tYPhHhK.exe
  2⤵
  PID:9988
- C:\Windows\System\jNCfWBC.exe
  C:\Windows\System\jNCfWBC.exe
  2⤵
  PID:13216
- C:\Windows\System\DZEwYdX.exe
  C:\Windows\System\DZEwYdX.exe
  2⤵
  PID:3460
- C:\Windows\System\meyTDvs.exe
  C:\Windows\System\meyTDvs.exe
  2⤵
  PID:3740
- C:\Windows\System\SeauALk.exe
  C:\Windows\System\SeauALk.exe
  2⤵
  PID:3604
- C:\Windows\System\WCMNmSv.exe
  C:\Windows\System\WCMNmSv.exe
  2⤵
  PID:4236
- C:\Windows\System\UuSYGFL.exe
  C:\Windows\System\UuSYGFL.exe
  2⤵
  PID:3560
- C:\Windows\System\QunMofU.exe
  C:\Windows\System\QunMofU.exe
  2⤵
  PID:4284
- C:\Windows\System\ovPiDRc.exe
  C:\Windows\System\ovPiDRc.exe
  2⤵
  PID:2636
- C:\Windows\System\ofSVnvK.exe
  C:\Windows\System\ofSVnvK.exe
  2⤵
  PID:3820
- C:\Windows\System\VWdumjE.exe
  C:\Windows\System\VWdumjE.exe
  2⤵
  PID:12344
- C:\Windows\System\OpQMPcU.exe
  C:\Windows\System\OpQMPcU.exe
  2⤵
  PID:1268
- C:\Windows\System\eHtSOIg.exe
  C:\Windows\System\eHtSOIg.exe
  2⤵
  PID:1692
- C:\Windows\System\EGdhmIv.exe
  C:\Windows\System\EGdhmIv.exe
  2⤵
  PID:12836
- C:\Windows\System\HODWyrj.exe
  C:\Windows\System\HODWyrj.exe
  2⤵
  PID:9568
- C:\Windows\System\QUqpeqb.exe
  C:\Windows\System\QUqpeqb.exe
  2⤵
  PID:9660
- C:\Windows\System\XRurVht.exe
  C:\Windows\System\XRurVht.exe
  2⤵
  PID:12440
- C:\Windows\System\XUjUkNK.exe
  C:\Windows\System\XUjUkNK.exe
  2⤵
  PID:860
- C:\Windows\System\SrSpbdU.exe
  C:\Windows\System\SrSpbdU.exe
  2⤵
  PID:9892
- C:\Windows\System\nbdxzse.exe
  C:\Windows\System\nbdxzse.exe
  2⤵
  PID:12204
- C:\Windows\System\MEIkZiA.exe
  C:\Windows\System\MEIkZiA.exe
  2⤵
  PID:812
- C:\Windows\System\ESUBRfQ.exe
  C:\Windows\System\ESUBRfQ.exe
  2⤵
  PID:2764
- C:\Windows\System\makPkkg.exe
  C:\Windows\System\makPkkg.exe
  2⤵
  PID:3828
- C:\Windows\System\BAkYPmC.exe
  C:\Windows\System\BAkYPmC.exe
  2⤵
  PID:216
- C:\Windows\System\FPvTnRk.exe
  C:\Windows\System\FPvTnRk.exe
  2⤵
  PID:3344
- C:\Windows\System\AjOIzYv.exe
  C:\Windows\System\AjOIzYv.exe
  2⤵
  PID:2484
- C:\Windows\System\ASmTeRh.exe
  C:\Windows\System\ASmTeRh.exe
  2⤵
  PID:3944
- C:\Windows\System\VAbpGSQ.exe
  C:\Windows\System\VAbpGSQ.exe
  2⤵
  PID:3956
- C:\Windows\System\UGHrwiQ.exe
  C:\Windows\System\UGHrwiQ.exe
  2⤵
  PID:10392
- C:\Windows\System\aSWarss.exe
  C:\Windows\System\aSWarss.exe
  2⤵
  PID:4320
- C:\Windows\System\WDejcQn.exe
  C:\Windows\System\WDejcQn.exe
  2⤵
  PID:2632
- C:\Windows\System\cFSefWZ.exe
  C:\Windows\System\cFSefWZ.exe
  2⤵
  PID:9248
- C:\Windows\System\LaOqSJZ.exe
  C:\Windows\System\LaOqSJZ.exe
  2⤵
  PID:11532
- C:\Windows\System\BYuDipx.exe
  C:\Windows\System\BYuDipx.exe
  2⤵
  PID:2096
- C:\Windows\System\LiEYvXI.exe
  C:\Windows\System\LiEYvXI.exe
  2⤵
  PID:3608
- C:\Windows\System\PJjVNne.exe
  C:\Windows\System\PJjVNne.exe
  2⤵
  PID:11624
- C:\Windows\System\VcsjMaK.exe
  C:\Windows\System\VcsjMaK.exe
  2⤵
  PID:3456
- C:\Windows\System\hxTCKoR.exe
  C:\Windows\System\hxTCKoR.exe
  2⤵
  PID:13268
- C:\Windows\System\mMfXFEm.exe
  C:\Windows\System\mMfXFEm.exe
  2⤵
  PID:3176
- C:\Windows\System\ponbhSO.exe
  C:\Windows\System\ponbhSO.exe
  2⤵
  PID:2512
- C:\Windows\System\MLltryi.exe
  C:\Windows\System\MLltryi.exe
  2⤵
  PID:11988
- C:\Windows\System\FhnZBzO.exe
  C:\Windows\System\FhnZBzO.exe
  2⤵
  PID:13004
- C:\Windows\System\zTvjjYw.exe
  C:\Windows\System\zTvjjYw.exe
  2⤵
  PID:4604
- C:\Windows\System\IXuBeQs.exe
  C:\Windows\System\IXuBeQs.exe
  2⤵
  PID:11636
- C:\Windows\System\MOEfpRh.exe
  C:\Windows\System\MOEfpRh.exe
  2⤵
  PID:13212
- C:\Windows\System\DUkCTcl.exe
  C:\Windows\System\DUkCTcl.exe
  2⤵
  PID:2548
- C:\Windows\System\gDVTzTO.exe
  C:\Windows\System\gDVTzTO.exe
  2⤵
  PID:11676
- C:\Windows\System\mQTTdIU.exe
  C:\Windows\System\mQTTdIU.exe
  2⤵
  PID:864
- C:\Windows\System\gFdsrPw.exe
  C:\Windows\System\gFdsrPw.exe
  2⤵
  PID:10940
- C:\Windows\System\uFzAoWY.exe
  C:\Windows\System\uFzAoWY.exe
  2⤵
  PID:4828
- C:\Windows\System\KPNLHNV.exe
  C:\Windows\System\KPNLHNV.exe
  2⤵
  PID:1752
- C:\Windows\System\aONTnbS.exe
  C:\Windows\System\aONTnbS.exe
  2⤵
  PID:8592
- C:\Windows\System\tdmKaGF.exe
  C:\Windows\System\tdmKaGF.exe
  2⤵
  PID:2068
- C:\Windows\System\ySnhdVK.exe
  C:\Windows\System\ySnhdVK.exe
  2⤵
  PID:4152
- C:\Windows\System\jxgbxJl.exe
  C:\Windows\System\jxgbxJl.exe
  2⤵
  PID:13172
- C:\Windows\System\lORAsQu.exe
  C:\Windows\System\lORAsQu.exe
  2⤵
  PID:2912
- C:\Windows\System\DwilOPA.exe
  C:\Windows\System\DwilOPA.exe
  2⤵
  PID:2296
- C:\Windows\System\MxiCGMJ.exe
  C:\Windows\System\MxiCGMJ.exe
  2⤵
  PID:3448
- C:\Windows\System\ffeGgJG.exe
  C:\Windows\System\ffeGgJG.exe
  2⤵
  PID:2756
- C:\Windows\System\LajbqgB.exe
  C:\Windows\System\LajbqgB.exe
  2⤵
  PID:4352
- C:\Windows\System\pDWakQP.exe
  C:\Windows\System\pDWakQP.exe
  2⤵
  PID:4024
- C:\Windows\System\eKsaYGP.exe
  C:\Windows\System\eKsaYGP.exe
  2⤵
  PID:11796
- C:\Windows\System\IRBaTIg.exe
  C:\Windows\System\IRBaTIg.exe
  2⤵
  PID:3504
- C:\Windows\System\sBznNXJ.exe
  C:\Windows\System\sBznNXJ.exe
  2⤵
  PID:1384
- C:\Windows\System\tciNujH.exe
  C:\Windows\System\tciNujH.exe
  2⤵
  PID:11832
- C:\Windows\System\RBkvnut.exe
  C:\Windows\System\RBkvnut.exe
  2⤵
  PID:2880
- C:\Windows\System\yQsbPEw.exe
  C:\Windows\System\yQsbPEw.exe
  2⤵
  PID:13276
- C:\Windows\System\tTBjIcT.exe
  C:\Windows\System\tTBjIcT.exe
  2⤵
  PID:4532
- C:\Windows\System\LTouznx.exe
  C:\Windows\System\LTouznx.exe
  2⤵
  PID:1520
- C:\Windows\System\ycwjFNY.exe
  C:\Windows\System\ycwjFNY.exe
  2⤵
  PID:2280
- C:\Windows\System\NcZhJlo.exe
  C:\Windows\System\NcZhJlo.exe
  2⤵
  PID:2420
- C:\Windows\System\CEZmmyi.exe
  C:\Windows\System\CEZmmyi.exe
  2⤵
  PID:4452
- C:\Windows\System\YgZEMQa.exe
  C:\Windows\System\YgZEMQa.exe
  2⤵
  PID:444
- C:\Windows\System\DiDpDFm.exe
  C:\Windows\System\DiDpDFm.exe
  2⤵
  PID:4300
- C:\Windows\System\JFwpsDb.exe
  C:\Windows\System\JFwpsDb.exe
  2⤵
  PID:13088
- C:\Windows\System\dZMyUlJ.exe
  C:\Windows\System\dZMyUlJ.exe
  2⤵
  PID:4508
- C:\Windows\System\AqxUkor.exe
  C:\Windows\System\AqxUkor.exe
  2⤵
  PID:2108
- C:\Windows\System\ffoKqVI.exe
  C:\Windows\System\ffoKqVI.exe
  2⤵
  PID:13124
- C:\Windows\System\JlQTqGd.exe
  C:\Windows\System\JlQTqGd.exe
  2⤵
  PID:452
- C:\Windows\System\fbcfZEJ.exe
  C:\Windows\System\fbcfZEJ.exe
  2⤵
  PID:6224
- C:\Windows\System\Jomqlaq.exe
  C:\Windows\System\Jomqlaq.exe
  2⤵
  PID:1648
- C:\Windows\System\skJgEIe.exe
  C:\Windows\System\skJgEIe.exe
  2⤵
  PID:380
- C:\Windows\System\nuxneAf.exe
  C:\Windows\System\nuxneAf.exe
  2⤵
  PID:1148
- C:\Windows\System\eGJltKT.exe
  C:\Windows\System\eGJltKT.exe
  2⤵
  PID:3524
- C:\Windows\System\MYVaCaV.exe
  C:\Windows\System\MYVaCaV.exe
  2⤵
  PID:3104
- C:\Windows\System\nuPTkCr.exe
  C:\Windows\System\nuPTkCr.exe
  2⤵
  PID:2360
- C:\Windows\System\cljKLJG.exe
  C:\Windows\System\cljKLJG.exe
  2⤵
  PID:4288
- C:\Windows\System\OZAxoiV.exe
  C:\Windows\System\OZAxoiV.exe
  2⤵
  PID:1876
- C:\Windows\System\ZaAOdgf.exe
  C:\Windows\System\ZaAOdgf.exe
  2⤵
  PID:11260
- C:\Windows\System\oCTBiGg.exe
  C:\Windows\System\oCTBiGg.exe
  2⤵
  PID:2392
- C:\Windows\System\SQCCPiL.exe
  C:\Windows\System\SQCCPiL.exe
  2⤵
  PID:2872
- C:\Windows\System\BcGEqAO.exe
  C:\Windows\System\BcGEqAO.exe
  2⤵
  PID:1936
- C:\Windows\System\FexeHed.exe
  C:\Windows\System\FexeHed.exe
  2⤵
  PID:3812
- C:\Windows\System\xOKgdsC.exe
  C:\Windows\System\xOKgdsC.exe
  2⤵
  PID:2100
- C:\Windows\System\wmajMSl.exe
  C:\Windows\System\wmajMSl.exe
  2⤵
  PID:4016
- C:\Windows\System\mpaoioz.exe
  C:\Windows\System\mpaoioz.exe
  2⤵
  PID:4648
- C:\Windows\System\VaxgaoO.exe
  C:\Windows\System\VaxgaoO.exe
  2⤵
  PID:4668
- C:\Windows\System\uCIprBO.exe
  C:\Windows\System\uCIprBO.exe
  2⤵
  PID:680
- C:\Windows\System\oDTjTuD.exe
  C:\Windows\System\oDTjTuD.exe
  2⤵
  PID:1652
- C:\Windows\System\aoOnTvb.exe
  C:\Windows\System\aoOnTvb.exe
  2⤵
  PID:5076
- C:\Windows\System\xCbZWeX.exe
  C:\Windows\System\xCbZWeX.exe
  2⤵
  PID:4792
- C:\Windows\System\oRlfGSE.exe
  C:\Windows\System\oRlfGSE.exe
  2⤵
  PID:4968
- C:\Windows\System\LOUoQXX.exe
  C:\Windows\System\LOUoQXX.exe
  2⤵
  PID:1396
- C:\Windows\System\kRgnZpv.exe
  C:\Windows\System\kRgnZpv.exe
  2⤵
  PID:4816
- C:\Windows\System\ibuTwOD.exe
  C:\Windows\System\ibuTwOD.exe
  2⤵
  PID:13336
- C:\Windows\System\DzccbrR.exe
  C:\Windows\System\DzccbrR.exe
  2⤵
  PID:13360
- C:\Windows\System\ZfiyEdZ.exe
  C:\Windows\System\ZfiyEdZ.exe
  2⤵
  PID:13380
- C:\Windows\System\vOnSFnx.exe
  C:\Windows\System\vOnSFnx.exe
  2⤵
  PID:13404
- C:\Windows\System\JxWHxOq.exe
  C:\Windows\System\JxWHxOq.exe
  2⤵
  PID:13436
- C:\Windows\System\uxoXjzA.exe
  C:\Windows\System\uxoXjzA.exe
  2⤵
  PID:13456
- C:\Windows\System\jZLPldq.exe
  C:\Windows\System\jZLPldq.exe
  2⤵
  PID:13476
- C:\Windows\System\BtFbSxn.exe
  C:\Windows\System\BtFbSxn.exe
  2⤵
  PID:13492
- C:\Windows\System\cHyqeTu.exe
  C:\Windows\System\cHyqeTu.exe
  2⤵
  PID:13520
- C:\Windows\System\eZasYeb.exe
  C:\Windows\System\eZasYeb.exe
  2⤵
  PID:13544
- C:\Windows\System\hxmaPAa.exe
  C:\Windows\System\hxmaPAa.exe
  2⤵
  PID:13568
- C:\Windows\System\TAVKIow.exe
  C:\Windows\System\TAVKIow.exe
  2⤵
  PID:13596
- C:\Windows\System\uAuOhhb.exe
  C:\Windows\System\uAuOhhb.exe
  2⤵
  PID:13612
- C:\Windows\System\WUiaawb.exe
  C:\Windows\System\WUiaawb.exe
  2⤵
  PID:13632
- C:\Windows\System\JxBQmML.exe
  C:\Windows\System\JxBQmML.exe
  2⤵
  PID:13648
- C:\Windows\System\dOtaxQz.exe
  C:\Windows\System\dOtaxQz.exe
  2⤵
  PID:13676
- C:\Windows\System\DglBWAa.exe
  C:\Windows\System\DglBWAa.exe
  2⤵
  PID:13708
- C:\Windows\System\pyqFnwv.exe
  C:\Windows\System\pyqFnwv.exe
  2⤵
  PID:13748
- C:\Windows\System\GfSLzFY.exe
  C:\Windows\System\GfSLzFY.exe
  2⤵
  PID:13776
- C:\Windows\System\mGEMCSu.exe
  C:\Windows\System\mGEMCSu.exe
  2⤵
  PID:13796
- C:\Windows\System\pHWRLcm.exe
  C:\Windows\System\pHWRLcm.exe
  2⤵
  PID:13824
- C:\Windows\System\kzDNPHJ.exe
  C:\Windows\System\kzDNPHJ.exe
  2⤵
  PID:13844
- C:\Windows\System\nPhplJY.exe
  C:\Windows\System\nPhplJY.exe
  2⤵
  PID:13876
- C:\Windows\System\nLDDBFD.exe
  C:\Windows\System\nLDDBFD.exe
  2⤵
  PID:13892
- C:\Windows\System\RqtKNKZ.exe
  C:\Windows\System\RqtKNKZ.exe
  2⤵
  PID:13932
- C:\Windows\System\lDMksDc.exe
  C:\Windows\System\lDMksDc.exe
  2⤵
  PID:13948
- C:\Windows\System\idcLnlh.exe
  C:\Windows\System\idcLnlh.exe
  2⤵
  PID:13964
- C:\Windows\System\CBJstQV.exe
  C:\Windows\System\CBJstQV.exe
  2⤵
  PID:13980
- C:\Windows\System\PnTuqSS.exe
  C:\Windows\System\PnTuqSS.exe
  2⤵
  PID:13996
- C:\Windows\System\fHvrTzE.exe
  C:\Windows\System\fHvrTzE.exe
  2⤵
  PID:14036
- C:\Windows\System\CCVPVWY.exe
  C:\Windows\System\CCVPVWY.exe
  2⤵
  PID:14060
- C:\Windows\System\whLvGZJ.exe
  C:\Windows\System\whLvGZJ.exe
  2⤵
  PID:14080
- C:\Windows\System\FVMjBtJ.exe
  C:\Windows\System\FVMjBtJ.exe
  2⤵
  PID:14220
- C:\Windows\System\VyYyaLt.exe
  C:\Windows\System\VyYyaLt.exe
  2⤵
  PID:14248
- C:\Windows\System\POmyfPZ.exe
  C:\Windows\System\POmyfPZ.exe
  2⤵
  PID:14276
- C:\Windows\System\wpHQAVl.exe
  C:\Windows\System\wpHQAVl.exe
  2⤵
  PID:14296
- C:\Windows\System\IMQjYNC.exe
  C:\Windows\System\IMQjYNC.exe
  2⤵
  PID:14316
- C:\Windows\System\zGyZLGe.exe
  C:\Windows\System\zGyZLGe.exe
  2⤵
  PID:14332
- C:\Windows\System\fiiOnov.exe
  C:\Windows\System\fiiOnov.exe
  2⤵
  PID:4592
- C:\Windows\System\QVxRgsQ.exe
  C:\Windows\System\QVxRgsQ.exe
  2⤵
  PID:1408
- C:\Windows\System\uEPoeGh.exe
  C:\Windows\System\uEPoeGh.exe
  2⤵
  PID:2448
- C:\Windows\System\TzeFHcL.exe
  C:\Windows\System\TzeFHcL.exe
  2⤵
  PID:1548
- C:\Windows\System\tnvONXe.exe
  C:\Windows\System\tnvONXe.exe
  2⤵
  PID:64
- C:\Windows\System\IuOTwOu.exe
  C:\Windows\System\IuOTwOu.exe
  2⤵
  PID:3920
- C:\Windows\System\yElILAg.exe
  C:\Windows\System\yElILAg.exe
  2⤵
  PID:4988
- C:\Windows\System\RezPYNF.exe
  C:\Windows\System\RezPYNF.exe
  2⤵
  PID:4128
- C:\Windows\System\ixKoBZX.exe
  C:\Windows\System\ixKoBZX.exe
  2⤵
  PID:2088
- C:\Windows\System\QZmbFTc.exe
  C:\Windows\System\QZmbFTc.exe
  2⤵
  PID:12728
- C:\Windows\System\BOVuCfl.exe
  C:\Windows\System\BOVuCfl.exe
  2⤵
  PID:4672
- C:\Windows\System\yMautcq.exe
  C:\Windows\System\yMautcq.exe
  2⤵
  PID:13400
- C:\Windows\System\CxJNAZJ.exe
  C:\Windows\System\CxJNAZJ.exe
  2⤵
  PID:13452
- C:\Windows\System\kZpyvID.exe
  C:\Windows\System\kZpyvID.exe
  2⤵
  PID:13488
- C:\Windows\System\wxRwKaf.exe
  C:\Windows\System\wxRwKaf.exe
  2⤵
  PID:13536
- C:\Windows\System\zYzpeSE.exe
  C:\Windows\System\zYzpeSE.exe
  2⤵
  PID:3064
- C:\Windows\System\RbLsRuF.exe
  C:\Windows\System\RbLsRuF.exe
  2⤵
  PID:232
- C:\Windows\System\SRVmsUx.exe
  C:\Windows\System\SRVmsUx.exe
  2⤵
  PID:13584
- C:\Windows\System\eragFHJ.exe
  C:\Windows\System\eragFHJ.exe
  2⤵
  PID:3368
- C:\Windows\System\CoICkXP.exe
  C:\Windows\System\CoICkXP.exe
  2⤵
  PID:13316
- C:\Windows\System\TQZrXby.exe
  C:\Windows\System\TQZrXby.exe
  2⤵
  PID:13644
- C:\Windows\System\IxavzbG.exe
  C:\Windows\System\IxavzbG.exe
  2⤵
  PID:13388
- C:\Windows\System\KbKXHcZ.exe
  C:\Windows\System\KbKXHcZ.exe
  2⤵
  PID:13428
- C:\Windows\System\WmAKekd.exe
  C:\Windows\System\WmAKekd.exe
  2⤵
  PID:13624
- C:\Windows\System\DNKnltv.exe
  C:\Windows\System\DNKnltv.exe
  2⤵
  PID:13512
- C:\Windows\System\dyfQFxI.exe
  C:\Windows\System\dyfQFxI.exe
  2⤵
  PID:13532
- C:\Windows\System\jNrnmAx.exe
  C:\Windows\System\jNrnmAx.exe
  2⤵
  PID:13912
- C:\Windows\System\uxYvbro.exe
  C:\Windows\System\uxYvbro.exe
  2⤵
  PID:5024
- C:\Windows\System\QyAVEoP.exe
  C:\Windows\System\QyAVEoP.exe
  2⤵
  PID:14092
- C:\Windows\System\iCkRlBQ.exe
  C:\Windows\System\iCkRlBQ.exe
  2⤵
  PID:13696
- C:\Windows\System\lvmapbU.exe
  C:\Windows\System\lvmapbU.exe
  2⤵
  PID:13760
- C:\Windows\System\RQqjxue.exe
  C:\Windows\System\RQqjxue.exe
  2⤵
  PID:13816
- C:\Windows\System\DsNtVGI.exe
  C:\Windows\System\DsNtVGI.exe
  2⤵
  PID:13864
- C:\Windows\System\jEoEera.exe
  C:\Windows\System\jEoEera.exe
  2⤵
  PID:13908
- C:\Windows\System\XiXjuGP.exe
  C:\Windows\System\XiXjuGP.exe
  2⤵
  PID:13940
- C:\Windows\System\gzJhbby.exe
  C:\Windows\System\gzJhbby.exe
  2⤵
  PID:14088
- C:\Windows\System\KStodxE.exe
  C:\Windows\System\KStodxE.exe
  2⤵
  PID:2240
- C:\Windows\System\DfWPqoJ.exe
  C:\Windows\System\DfWPqoJ.exe
  2⤵
  PID:13872
- C:\Windows\System\kVNZkhy.exe
  C:\Windows\System\kVNZkhy.exe
  2⤵
  PID:224
- C:\Windows\System\boaKmrW.exe
  C:\Windows\System\boaKmrW.exe
  2⤵
  PID:14112
- C:\Windows\System\albTEaL.exe
  C:\Windows\System\albTEaL.exe
  2⤵
  PID:14128
- C:\Windows\System\uJowWVU.exe
  C:\Windows\System\uJowWVU.exe
  2⤵
  PID:14308
- C:\Windows\System\jNBKjtM.exe
  C:\Windows\System\jNBKjtM.exe
  2⤵
  PID:14328
- C:\Windows\System\bNtcctR.exe
  C:\Windows\System\bNtcctR.exe
  2⤵
  PID:10612
- C:\Windows\System\ipkNBGH.exe
  C:\Windows\System\ipkNBGH.exe
  2⤵
  PID:5032
- C:\Windows\System\Cbmycwa.exe
  C:\Windows\System\Cbmycwa.exe
  2⤵
  PID:14216
- C:\Windows\System\DeIIlcW.exe
  C:\Windows\System\DeIIlcW.exe
  2⤵
  PID:13352
- C:\Windows\System\yhazUEi.exe
  C:\Windows\System\yhazUEi.exe
  2⤵
  PID:1060
- C:\Windows\System\CKDmxVe.exe
  C:\Windows\System\CKDmxVe.exe
  2⤵
  PID:14188
- C:\Windows\System\IgpsyjW.exe
  C:\Windows\System\IgpsyjW.exe
  2⤵
  PID:12320
- C:\Windows\System\sBSGKQK.exe
  C:\Windows\System\sBSGKQK.exe
  2⤵
  PID:13672
- C:\Windows\System\vYOyBpc.exe
  C:\Windows\System\vYOyBpc.exe
  2⤵
  PID:3532
- C:\Windows\System\YtrOqOD.exe
  C:\Windows\System\YtrOqOD.exe
  2⤵
  PID:13832
- C:\Windows\System\WQNAULp.exe
  C:\Windows\System\WQNAULp.exe
  2⤵
  PID:1304
- C:\Windows\System\tOEikrQ.exe
  C:\Windows\System\tOEikrQ.exe
  2⤵
  PID:2684
- C:\Windows\System\TGmhXUz.exe
  C:\Windows\System\TGmhXUz.exe
  2⤵
  PID:13468
- C:\Windows\System\emNYnBv.exe
  C:\Windows\System\emNYnBv.exe
  2⤵
  PID:2660
- C:\Windows\System\cSUreSo.exe
  C:\Windows\System\cSUreSo.exe
  2⤵
  PID:2744
- C:\Windows\System\OfUwAdf.exe
  C:\Windows\System\OfUwAdf.exe
  2⤵
  PID:11996
- C:\Windows\System\RNzzEfU.exe
  C:\Windows\System\RNzzEfU.exe
  2⤵
  PID:13768
- C:\Windows\System\HTLPpZj.exe
  C:\Windows\System\HTLPpZj.exe
  2⤵
  PID:13788
- C:\Windows\System\yljoxBM.exe
  C:\Windows\System\yljoxBM.exe
  2⤵
  PID:13528
- C:\Windows\System\XOKHPES.exe
  C:\Windows\System\XOKHPES.exe
  2⤵
  PID:13856
- C:\Windows\System\dZeONig.exe
  C:\Windows\System\dZeONig.exe
  2⤵
  PID:14032
- C:\Windows\System\gTwsVkC.exe
  C:\Windows\System\gTwsVkC.exe
  2⤵
  PID:13516
- C:\Windows\System\iGwHqwE.exe
  C:\Windows\System\iGwHqwE.exe
  2⤵
  PID:13728
- C:\Windows\System\TutwJsU.exe
  C:\Windows\System\TutwJsU.exe
  2⤵
  PID:14024
- C:\Windows\System\QpSZzFp.exe
  C:\Windows\System\QpSZzFp.exe
  2⤵
  PID:10924
- C:\Windows\System\tgoJMMS.exe
  C:\Windows\System\tgoJMMS.exe
  2⤵
  PID:14172
- C:\Windows\System\iAvzWyA.exe
  C:\Windows\System\iAvzWyA.exe
  2⤵
  PID:13716
- C:\Windows\System\ZvfOgia.exe
  C:\Windows\System\ZvfOgia.exe
  2⤵
  PID:2524
- C:\Windows\System\jknaCOa.exe
  C:\Windows\System\jknaCOa.exe
  2⤵
  PID:13784
- C:\Windows\System\vZHcgtr.exe
  C:\Windows\System\vZHcgtr.exe
  2⤵
  PID:13812
- C:\Windows\System\sQycusX.exe
  C:\Windows\System\sQycusX.exe
  2⤵
  PID:13344
- C:\Windows\System\FQLhohq.exe
  C:\Windows\System\FQLhohq.exe
  2⤵
  PID:13668
- C:\Windows\System\JtArIMw.exe
  C:\Windows\System\JtArIMw.exe
  2⤵
  PID:14120
- C:\Windows\System\LBrNocF.exe
  C:\Windows\System\LBrNocF.exe
  2⤵
  PID:11328
- C:\Windows\System\HjFxqny.exe
  C:\Windows\System\HjFxqny.exe
  2⤵
  PID:14292
- C:\Windows\System\JkxbELx.exe
  C:\Windows\System\JkxbELx.exe
  2⤵
  PID:4312

C:\Windows\system32\WerFaultSecure.exe
"C:\Windows\system32\WerFaultSecure.exe" -protectedcrash -p 2880 -i 2880 -h 636 -j 604 -s 576 -d 12016
1⤵
PID:11624

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1280

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:13088

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
PID:13916

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
1⤵
PID:4248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_fywxpptw.2te.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AitUDwz.exe

Filesize
2.8MB

MD5
9d117c41621fd513a16b888562f1685a

SHA1
16c685b7846309cc8686615408917471f1463281

SHA256
01a867d6bc83fece401bf1a8900365ef79dbaf32fe1d10640dae911ba78512a3

SHA512
8b01ea036105809b3638901a342b828b11a25af6eab2b7c681a212018a5615639f508db1498c5a44936432cf086b226db9b646885a519d02110bcaabbd235594

Download Submit
C:\Windows\System\BRPMjbF.exe

Filesize
2.8MB

MD5
e2da84a19b53460ba57a74db5bdd1d36

SHA1
2a3396f222d4f8218f89e6177d00dcdc490e4279

SHA256
2779757cf2c961f0e514b20cbd73ed4be7a76a258bc4cc9989759fdc0bebf237

SHA512
d1892847544d800d31a7bc458d9d18ad2b96a0c774bdc69b6d3be074311f9920401101e9fcad2fcef0c6c97d3be6288561a415868d9975b81edd18a81a21c95d

Download Submit
C:\Windows\System\CHlTFOi.exe

Filesize
2.8MB

MD5
dc28da6d6f62a2499f02e5358292b390

SHA1
7a566a34cfe03a62e2badaaff4c5c9639de66c92

SHA256
8c14d070943b3bd4144daba9630f477a341557e5e5563cd0940b18217e46b22c

SHA512
def5f3bdcbe7c0cc9c1e17b8e26b4a91e025b5ce2248f91fdc9f22e2e78e612729f23946f8d00e90ea37b098555fb9e0849112dfe2534f7ace2db57ad4f4343f

Download Submit
C:\Windows\System\EeGMvve.exe

Filesize
2.8MB

MD5
58539152e1168a4369d7859fda728b21

SHA1
98ab2188e64b53d33774fad077fdc0cc3d1ad3a2

SHA256
22f037753b4ca8d09d4d9a82ebecb39145f8a7de90ce2594f70c5247f044a8df

SHA512
516dd3b91730d17bb2e797c15fbe8d82c31f5c81690587c7ab4bf6e87ebf173ff95a76edb344090c4fd684877862d170aff157988b605281ddbd2744495ea44c

Download Submit
C:\Windows\System\FFGEYyV.exe

Filesize
2.8MB

MD5
6c73a5752a84ed368c2e2b2defe5981b

SHA1
4b4df316b067d67e77e0ca9975b1b34339bcc174

SHA256
c442f9d9ef4f9c3bece265b27a068afd0892dddc55a167e477e489b50b886e84

SHA512
9307f90dd48f513611052cf144b2d473a181100291bc686e42978816cfbe2bee639f107e3204aaacbf196a89a7add551fb9efe56bacb7260b5fa3750bf3dae03

Download Submit
C:\Windows\System\FRFTDUM.exe

Filesize
2.8MB

MD5
e4c5beef1242d7ecc3e102f5ca93193b

SHA1
5ab996a2387f1084bc059fd237c976d8b42d57ca

SHA256
8d3fa12cd0f51488f3b1b8c3a4cd7ca0d770dd6c69a12a78afdb82d964003441

SHA512
f8c19fcff9746200000a4dfcbd3836c1f04b742a759364d247dc85ab052f298714c099c952da35e91b78a5e3fb35ef4c01e807ee31adab88c9eb8a04e663b417

Download Submit
C:\Windows\System\HTUVBye.exe

Filesize
8B

MD5
ff6298f2ed265907e277b27a693ca8ae

SHA1
69c78c3bf350271a416ffabd14102beee08375cf

SHA256
da35480f26ae25ca5c667d9e9cb7b08d20d39f459eb13999e70a076fa09dfc82

SHA512
5eb6af8dcf0fa63504b5eaeb7e885aeced78d28167e9de1d7ae88eddf60d5e386ab8f2709a80ac5a045d8ee5a84584333f3147daf17b7fff021d9d0e7a587db2

Download Submit
C:\Windows\System\ITcDATq.exe

Filesize
2.8MB

MD5
d32a172cfa6838fd0bb772ee59117cf0

SHA1
56e8647b1376464c1583e736e090375b52b59bab

SHA256
b3eff1a8a2fe107690d324936bc5a239cb7fc08636279c0a3b2886c30c46520d

SHA512
cddd9061ba6f148464f3da8858c2ae4639930a9bf519590a37385193af73e6aec2bf47cf49ecfa76664fe954490b578d88c8bf70b2bff13a8c339b6ef85c49fb

Download Submit
C:\Windows\System\Ivkloov.exe

Filesize
2.8MB

MD5
613f51b02edfa63c32d2fb03eb1c6b9e

SHA1
220bf48981f8819525f45c279969270d99d5c79b

SHA256
e7ed632ae25187af2e1a3d2f74506f20408e642cdd455c64dd5a262c33b4281c

SHA512
e017efba2083b0a38d5bc33413b3da8ad324680d39d434fbed64bd6a82c98d2c0fdbf390ca3f669b4c417b37feaaa67c924ca99f2ae0d7facf7047745b8962cf

Download Submit
C:\Windows\System\KJnJiEm.exe

Filesize
2.8MB

MD5
5aa5da4bcfbf2441e04dc23027cae9f3

SHA1
15f64bce2727183cabb559971a249da446e944af

SHA256
0151c00c69d09434a7da96f1d138d9fdbf8e9f991056b7007275b7d2e2f274ce

SHA512
89da2ef4bd3ff54f8c9e802716927577d23da0f149d0090d73b135f87020c7d2ca5e6de1eaed87a6536cd8a7415df42b14fe091533a4c72fbebb5299f4ca3fbc

Download Submit
C:\Windows\System\LVztLcB.exe

Filesize
2.8MB

MD5
fada545eba2ca58553f53a3e2458d88b

SHA1
f7f0eb1d4f2db5223074ca30dd37d381b9ff0c9a

SHA256
f76af0d9f8db054ad2f2abaaf963d926a5bf89afe9e6e3e275cb9f2c51be9ceb

SHA512
934a96af34d53d8d337c50102c72de768f0bc62d4c3541ee9edd866a9830be2a9a37a5bb4aba0c24fabc14c530b20625c21444768e3583a1aa47297c1b620775

Download Submit
C:\Windows\System\MyGrwDF.exe

Filesize
2.8MB

MD5
40ea725b37e0b7d3418248b52170d9a9

SHA1
ec945fbac4f6c43e33bbc7c48dcd2aa2440e1462

SHA256
a68761e7ae9456cef67ae6f7b1a3f767ada4b1ab2a37eda2c7a2588ce89427e0

SHA512
695e3c92b108cdd155d1f8ab403987bec0b341c7307fdc7343a3c02420e165d06c00b6750dfd2e1d2f111d500ad7863fc30745f92ca93bd0bac3024c0f2711ab

Download Submit
C:\Windows\System\NLMaOEi.exe

Filesize
2.8MB

MD5
830ec036b9eeadb227a3e81cacda8fcb

SHA1
4a85b0029c910f9f9122f33db9ecf8cb48c31a4a

SHA256
2d02909c30e8defebca4043e69c609e16a7edbe82fe27e0dcb905c209b6fedaf

SHA512
d53baebc1dda46a0471dbe5404f2f4be669bc59174445e39f271b651cf585c9c482bff7e4a8285b40913a62cf8712a59576663585f750b44063da19f7670e192

Download Submit
C:\Windows\System\PAyJPIL.exe

Filesize
2.8MB

MD5
665723db12077a90a6dccf0f1c120389

SHA1
58069a8616e933b4c52b99db2412ba43740a444c

SHA256
cb5956ac0230125b245dae1c7ba40c37bcdcc47d416626af6477945dd5c64e9d

SHA512
e17445e04f98c39d20426f7bcc9b8b4a9b5b7fd7c201d669429be59e5fe688030f1046542f048e6cbf29f8989bcbee562558f7c8a7dcc21d257bcb38ab09c904

Download Submit
C:\Windows\System\PpUfETw.exe

Filesize
2.8MB

MD5
d8ffac1c5a560b38eff3a44af4fba1da

SHA1
c163c944031ae4ac1510ea47ccb3624d28be921a

SHA256
0edfb734c0ac02714bc21187815bef459005bc7ba97a2cc7a905ca4245850bc4

SHA512
f81838a9b83444e4b9afd6c88ec65f8c3937f5f651ad8bf870b847b8f7b69ca96a37a8b9d58cc538de50e3ed09241177301fd94ca3bfe149f264380da6b67f9b

Download Submit
C:\Windows\System\QZsqdYU.exe

Filesize
2.8MB

MD5
5dfab9e1b5d9b53fbaa10654d8925a81

SHA1
04da6a62184e5f6095e1ca3dae674b4a7f478425

SHA256
478e96048bb873a5443d2aa7fe3f90741ea7e6aa6f9f9edd3a325dd5dd9b3534

SHA512
01447e4d6dce1b87df8d22c18386eb095ee6526e79623efc285ea2a59cfdd620ab626aba299955a4a9cee00e441bd9373e45568f66802a1faf581a4e474b7608

Download Submit
C:\Windows\System\RbIttFM.exe

Filesize
2.8MB

MD5
aa2c0388db4631c329d9211c61a19b23

SHA1
f14ce7a8b45fedb0730f3358237bb89a9d1670ef

SHA256
a71f93270d3740abc6b8e3d540ca28e12c185ab6dddbb76080406bdce39b9ff4

SHA512
a36366f9c985257c156322bd641afa50abe7761cffbaf42024e80f4eb864b4886dfd21d3c08996296e48f4daee330967dafe90d3dfb0628dcde03f7476f0adf3

Download Submit
C:\Windows\System\RfXLKFR.exe

Filesize
2.8MB

MD5
bac05bbbbc5af0d53f24c69f44c9aeba

SHA1
e0a2a7cb20f61da96e7915011dd1951b072d97e6

SHA256
4d72b9538ddb9b3f83eecb9d1b7d52da5533177adad09ab44d265ce477871496

SHA512
63092e9c31e0f6e1015bd5dce85bde390c678410273da674e35926a2969574e2c7e581cb7a6a6d3df094c50f52e20b755b03dc9106c960789d2944bc24cbbc80

Download Submit
C:\Windows\System\SqTeLeR.exe

Filesize
2.8MB

MD5
2be3a2462f17bb11a0473288511c23f6

SHA1
bd216c3e75aec4132d116cd062667a01355122f1

SHA256
c36f49cb19ce8ede088ea699afca5bfb4fbf797c1f4ef3069350ba0075c5f686

SHA512
40cbba71fc612b5e9f5b60789463f9d8cffae7034d518c4ac6f22ef951d18e2f2121212db2396922a33886d9535eeb3517102a339d6d75e7d47590af14951613

Download Submit
C:\Windows\System\VVKAXkD.exe

Filesize
2.8MB

MD5
49ff932d7bf9ead28763e8338d895dd9

SHA1
b5a33a7b65f82466f50616752fc59ff2a6aae6e8

SHA256
7f60d9334f89ed2fc5f72fd58513b114c8f61db8d5dbe5d6f34ff9b90a08fc37

SHA512
65efe049d2ced27164b07f34933161295fd9b8eb75cc9fe57985657063e9439cfaac1c4d18c309affb4ca8ae535d930a12f8fce5001360e0f8da32abd5ef08ac

Download Submit
C:\Windows\System\XlfCBCk.exe

Filesize
2.8MB

MD5
07c1a5685139709170624b88f21573f6

SHA1
c56802603a0b4e484073c360a43b77e509ee7184

SHA256
eb0909fbb7484e27ca1f3cd2eab22f1205efca67827a0397e4d37218bb4cf3a2

SHA512
faddae3267d30e42fbb228a02ac3b44907a6a6864594e1d9466f863d3871213bde341b6fa6e2b9d2ce9856f2cbe7baa29562052ce7a7c322c2febb70c1e5e3bb

Download Submit
C:\Windows\System\ZQeGDKK.exe

Filesize
2.8MB

MD5
61981b7a9092da704f5da6de07c10d16

SHA1
08619f208dce987457e282c7f94c7d7b2ed6dd9c

SHA256
5a536331b4e2cec4d71b10d3ef8e16395ea3d501eff03ff4c739297eb3b4d03b

SHA512
b6518a1cc95e3ef9054fa6d4b8558a7b73e0d97c40349659d483463b2882da46b230b2024ccad4d8274811d3477a97601d3f31b0d20f0e5de49ed5a5d7faa793

Download Submit
C:\Windows\System\cFAiZyX.exe

Filesize
2.8MB

MD5
072613bbc76059e02cb0c4cc53dea63e

SHA1
cda7bcec2155124fb52221c916f3b6a142a4b8c0

SHA256
590a4ba6264f4b4e7510c9cde01afe300171a7a51f3bb17915b2f10e6c92df5a

SHA512
53475c36bc9ed50b6ab136caa438fee1ad5b0d5ab9983af2e16e5a5910dc3bbd8fed48f83a1eae76ee8cb0c667abf1ce1b25a2ef6d351160b06ecdb08f07cbee

Download Submit
C:\Windows\System\eDlGrks.exe

Filesize
2.8MB

MD5
56ea5ced1983559b915151ae3934f011

SHA1
9ac5df75711ef2b5e803c2bce3201d3a3bd3a2cc

SHA256
edc6bb89cfae92ebd4da133138038841ee5962fa85164241637da4be38768199

SHA512
a059d357f4e2bcb2676ce9e155dd89a308232866a925e86653511d01e86bef2fb5b2f9d59ab426028300cd53aa4441b446c9f1dae7c30b56a58fca72cb989b4b

Download Submit
C:\Windows\System\eSnMlkA.exe

Filesize
2.8MB

MD5
579628740eb8252b76ccc67e8d549ea2

SHA1
b061fe0660d95a16329e9cec46e5ceb069c0edda

SHA256
d7b966b60c59f7425a4864ce058bc3ea43c1dcc9224da3e56d186556da36134a

SHA512
fbb2337a15f5d344605b08ec1556722116b9b332056071146f2c2397c5fbe7912167d28efa839cca74c6d884d7c79c6bbceee360ccb5d305e8c0a8c0c679ae2d

Download Submit
C:\Windows\System\ewbKQUh.exe

Filesize
2.8MB

MD5
ede09a92440618783b4bd00dcf577bbb

SHA1
6eedd72f76d3637dbf1db8670580399062054ccb

SHA256
dc918ff3f325a2beca7067b730bfd2a902563dce81c3b26aefe7b10c7d93fb9a

SHA512
903d83ad3c435596666eb9341f77b577030149b960a3d667679a74d0bc589e22bc2253858f08c25e4b6601b57c99dfa1a945fa1a0a32f6083e17ffb46056cbdf

Download Submit
C:\Windows\System\fOcCbLQ.exe

Filesize
2.8MB

MD5
2b80f58228bb9877463d4fceefad06db

SHA1
de81eac2577bd69aada84591e3fe861373fecb9d

SHA256
3fd45ab81ec16f15321dec83571e848ad435e1ef19f212e0f2855d846a3d3c95

SHA512
c45f511ef1ba3e5b764b769fbe41c6f5868812f6469e357e775eb0969bdeaf6edb03b98a78fcf0e952f065bdfbd48b8cbd75fdf268273e3e4c8a94d6728d8ca5

Download Submit
C:\Windows\System\gDaaLsC.exe

Filesize
2.8MB

MD5
08becbb689dc6206948e86f1e0964900

SHA1
23370f1685861f306514b0a1be05bca7baf638dd

SHA256
59b8ee0cb5135a2dba3d7cf15b275e12563bbcaf2ba4918a07a749562e44bdf6

SHA512
09b93ab5627bf80496a77da1947937731d3480e3995c6708c4599ce7978bc07a09411f12592ca23bf69211561f92b61507a5f253f8f427e24b36598b7a34e861

Download Submit
C:\Windows\System\hVPGKEK.exe

Filesize
2.8MB

MD5
87fcbe14c0dde99bc7ea8ae1c545c329

SHA1
9139063ab0129f83d7be1d9a39264d54127728de

SHA256
8f882241fa5b4ec3b9436303dda5285d43a473e6e67482e92748c22449389bad

SHA512
bad90429d8eb2b7818e832947d22cac8eaf43466a97915a23a753f02cfd9228c1d41a4e9fff25cd0b8edc55720b31a923ac805776e411b03fa06b07e028b80e0

Download Submit
C:\Windows\System\iIskiIe.exe

Filesize
2.8MB

MD5
8bfbb1f61565ee7a6696d0877daa1da7

SHA1
b75a4a52e322a527f82f6d135cde95f7e2521087

SHA256
62226ad1514c310c763fe0a8c18c72927e1bd35ae02541e67d3b3ac5c152de47

SHA512
ae4c69a70d74a0f02463d392f1c0a18382203d6dd0ce924143baee13f0db471848853f3ce7a661d3e6d8765f919ff46669bcf789d134ac325850c2cc424a9d0b

Download Submit
C:\Windows\System\kkLMuVx.exe

Filesize
2.8MB

MD5
f882e8225afe6103caaec3350ca74b6c

SHA1
75301f7db82cbabc18e745742bce142ebc7f762e

SHA256
7dd55eccf41e09f97418025722f3e5010b6866ce8caefe992d221a027ae1febf

SHA512
9fb03c636ee1e10fb7e4027edbb04a4ce6db792eea279dbee903f68dbeb1efacf917289239c519eb949c2b8fd3efe335260a5fbe17b1a12762e5eb64504a22ee

Download Submit
C:\Windows\System\lGPGumH.exe

Filesize
2.8MB

MD5
ba9eb36f7b2e6d9570763618ba7e1e4b

SHA1
2dd017ffb58b2978fb79de2d27404e9bb2cb9a88

SHA256
d322d3c06401536bb65b2486050b8bdbea7d7a9043b59df3ea5b5b2e3800cf29

SHA512
e4dcc9800015631716f57ec60fec6dd7415b9d034a4328f7116d9e198107e96777771790fe36ae1d905398c67d2c46b0087961a056c420945c01cb5cfcc54760

Download Submit
C:\Windows\System\mNEPIBI.exe

Filesize
2.8MB

MD5
b4b78440cd4dae1c674a4cc2d80d8fcd

SHA1
92e541c6b5d6d09d6ecf71ab5525dc31983c474c

SHA256
b8a017daad7db31f171a614c93959f5dbf0d399e686c18206034c21be4d767de

SHA512
1b6898047bf9a4424fca33761300dc3a6aa48988741a6626a2f6c47d6281f65d455b1c0efc33ea35fbf9312b39c6436b74abea9651d579561190f1b0e8b8f4b8

Download Submit
C:\Windows\System\qKKjRUR.exe

Filesize
2.8MB

MD5
2eae4d820326998237bb677dc57c0776

SHA1
d4677da11b36d39d5d97661b908ffcf2aa50e872

SHA256
e283e8d783a035421ee2a7d15eb52f3874f8af41966e309926b7c596e8635c01

SHA512
0ab475c618a310c1bc2da518a75523e45e6cc261f5c07b123b79aa193f6a7da28d1c2ed31eea25562c47b87476222605e5acb7a6dd80e21245dcf85edafde273

Download Submit
C:\Windows\System\roKLPLN.exe

Filesize
2.8MB

MD5
a28ba1c211469845365c42f4e8d82128

SHA1
01ad9a13bd602f2733762e66c0ca490823046ff3

SHA256
639ed15727fe95a2ef371636206ed04ee2796f71733181ab10c47b33062c921f

SHA512
69a8a3f5171ef60f6aa3ff1d2926de07ea23422978210e60fdb14782f969b7cab997f0ba9be0f0d61c3e7e340c1d1044dcea7c57356269877a38890ace7eb90f

Download Submit
C:\Windows\System\sAfNBYh.exe

Filesize
2.8MB

MD5
8fe493da20726f7ef3e2c649404ccf22

SHA1
8499ef0270505c96d192723b63a84bbc9446d796

SHA256
582a8ce2a712b31fb0567edb684b8b5e75f6b3595b938f6630d57b2a3ff3ed89

SHA512
e3185dbd86c905c6fe94b3e0dac3326f26d51d47a6c151880255329fd92b3f7159013d81b3a9c8be78cf48636cf330ce06eba37075ad70c373c0adf1cefc2274

Download Submit
C:\Windows\System\smJnHIP.exe

Filesize
2.8MB

MD5
b9c0f5c132fd4a4ce1ae90ce85f00390

SHA1
2757ae83313b4cf054822caff024c705f8914861

SHA256
8fa4d11dc80256f4b61f52fd4c13e999bab2682f4f1cd09ce1f772c48626933a

SHA512
5bd5869b875dfde2801757d169095f16a56ccedecedad5b006ee6acc858625b3c1cf173d4352a0025de306ed09d830c9de17d8b4148467aa4b48eeda658e83d0

Download Submit
C:\Windows\System\uggPnOf.exe

Filesize
2.8MB

MD5
5ff530589180450c9d6ced07be64658e

SHA1
ba33653998e0f1dbafbe9694e5ba9520fd687bc0

SHA256
0eac0d7b6edf86e25bfa721f49c1b74f2ba1aba7d84fef1049d15fa4fae8c1e3

SHA512
b06aa7fe378644417618d7278dde0edc37aa51d2788d52cc8c71aa05d6de7728151700d0b27681233e1faa1cefbef67fbb04917a2ebef40eb9537ea51dc1fe74

Download Submit
C:\Windows\System\wecQyEN.exe

Filesize
2.8MB

MD5
b6818de5c3b8ec4fb3abbfd4399c3d12

SHA1
6c73488ba02e3ba40f6f8b37d19143125a1c992c

SHA256
c81d63263ee00184e8d632220aeb71ea82a2d44f9e35ebaceb8e250c699f2f22

SHA512
f6aecb5ee961bc5402b81ad762dba057a86b64e3389966bba31d6c90db01b2a3127b6f922f24f22d2b6a1c57d3ef8a3f51e62ecdfefedef394febb6b68b68bfa

Download Submit
C:\Windows\System\zajwsbP.exe

Filesize
2.8MB

MD5
2a77afe93b4cfbee014c9b12a6b2de5d

SHA1
e930e4abcd7ae18f16a8280eb171e5886ee97456

SHA256
c99dc21e8a9e90d06834f624306d2248a27d4d56e8a16c8b1cccfa08bb514621

SHA512
1e268b454313b7cf17da60c23d45d282f87335331183247856893a662950d6daee1f5065880bb250e99a5cd075ff77b8eef507cd15b599c854af3727c375216d

Download Submit
memory/208-3230-0x00007FF67D280000-0x00007FF67D672000-memory.dmp

Filesize
3.9MB

Download
memory/208-279-0x00007FF67D280000-0x00007FF67D672000-memory.dmp

Filesize
3.9MB

Download
memory/472-3149-0x00007FF665C50000-0x00007FF666042000-memory.dmp

Filesize
3.9MB

Download
memory/472-232-0x00007FF665C50000-0x00007FF666042000-memory.dmp

Filesize
3.9MB

Download
memory/556-218-0x00007FF65E680000-0x00007FF65EA72000-memory.dmp

Filesize
3.9MB

Download
memory/556-3128-0x00007FF65E680000-0x00007FF65EA72000-memory.dmp

Filesize
3.9MB

Download
memory/948-3210-0x00007FF7A0A90000-0x00007FF7A0E82000-memory.dmp

Filesize
3.9MB

Download
memory/948-271-0x00007FF7A0A90000-0x00007FF7A0E82000-memory.dmp

Filesize
3.9MB

Download
memory/1276-158-0x00007FF7B8C40000-0x00007FF7B9032000-memory.dmp

Filesize
3.9MB

Download
memory/1276-3138-0x00007FF7B8C40000-0x00007FF7B9032000-memory.dmp

Filesize
3.9MB

Download
memory/1308-0-0x00007FF77BEE0000-0x00007FF77C2D2000-memory.dmp

Filesize
3.9MB

Download
memory/1308-4046-0x00007FF77BEE0000-0x00007FF77C2D2000-memory.dmp

Filesize
3.9MB

Download
memory/1308-1-0x0000022DBBA70000-0x0000022DBBA80000-memory.dmp

Filesize
64KB

Download
memory/1464-3219-0x00007FF63C990000-0x00007FF63CD82000-memory.dmp

Filesize
3.9MB

Download
memory/1464-285-0x00007FF63C990000-0x00007FF63CD82000-memory.dmp

Filesize
3.9MB

Download
memory/1596-264-0x00007FF7A1E70000-0x00007FF7A2262000-memory.dmp

Filesize
3.9MB

Download
memory/1596-3180-0x00007FF7A1E70000-0x00007FF7A2262000-memory.dmp

Filesize
3.9MB

Download
memory/2160-3211-0x00007FF7F2D90000-0x00007FF7F3182000-memory.dmp

Filesize
3.9MB

Download
memory/2160-276-0x00007FF7F2D90000-0x00007FF7F3182000-memory.dmp

Filesize
3.9MB

Download
memory/2440-159-0x00007FF6512F0000-0x00007FF6516E2000-memory.dmp

Filesize
3.9MB

Download
memory/2440-3167-0x00007FF6512F0000-0x00007FF6516E2000-memory.dmp

Filesize
3.9MB

Download
memory/2964-283-0x00007FF694D00000-0x00007FF6950F2000-memory.dmp

Filesize
3.9MB

Download
memory/2964-3170-0x00007FF694D00000-0x00007FF6950F2000-memory.dmp

Filesize
3.9MB

Download
memory/2980-3190-0x00007FF649230000-0x00007FF649622000-memory.dmp

Filesize
3.9MB

Download
memory/2980-284-0x00007FF649230000-0x00007FF649622000-memory.dmp

Filesize
3.9MB

Download
memory/3012-280-0x00007FFBB00E0000-0x00007FFBB0BA1000-memory.dmp

Filesize
10.8MB

Download
memory/3012-133-0x0000029B77DD0000-0x0000029B77DF2000-memory.dmp

Filesize
136KB

Download
memory/3012-293-0x0000029B78A20000-0x0000029B791C6000-memory.dmp

Filesize
7.6MB

Download
memory/3012-13-0x00007FFBB00E3000-0x00007FFBB00E5000-memory.dmp

Filesize
8KB

Download
memory/3012-4280-0x00007FFBB00E0000-0x00007FFBB0BA1000-memory.dmp

Filesize
10.8MB

Download
memory/3012-55-0x00007FFBB00E0000-0x00007FFBB0BA1000-memory.dmp

Filesize
10.8MB

Download
memory/3016-89-0x00007FF6D53E0000-0x00007FF6D57D2000-memory.dmp

Filesize
3.9MB

Download
memory/3016-3107-0x00007FF6D53E0000-0x00007FF6D57D2000-memory.dmp

Filesize
3.9MB

Download
memory/3068-3159-0x00007FF718620000-0x00007FF718A12000-memory.dmp

Filesize
3.9MB

Download
memory/3068-238-0x00007FF718620000-0x00007FF718A12000-memory.dmp

Filesize
3.9MB

Download
memory/3228-3171-0x00007FF64A5E0000-0x00007FF64A9D2000-memory.dmp

Filesize
3.9MB

Download
memory/3228-231-0x00007FF64A5E0000-0x00007FF64A9D2000-memory.dmp

Filesize
3.9MB

Download
memory/3424-3214-0x00007FF668F30000-0x00007FF669322000-memory.dmp

Filesize
3.9MB

Download
memory/3424-275-0x00007FF668F30000-0x00007FF669322000-memory.dmp

Filesize
3.9MB

Download
memory/3512-3147-0x00007FF62F030000-0x00007FF62F422000-memory.dmp

Filesize
3.9MB

Download
memory/3512-187-0x00007FF62F030000-0x00007FF62F422000-memory.dmp

Filesize
3.9MB

Download
memory/3788-3090-0x00007FF77E000000-0x00007FF77E3F2000-memory.dmp

Filesize
3.9MB

Download
memory/3788-73-0x00007FF77E000000-0x00007FF77E3F2000-memory.dmp

Filesize
3.9MB

Download
memory/3880-3103-0x00007FF731620000-0x00007FF731A12000-memory.dmp

Filesize
3.9MB

Download
memory/3880-281-0x00007FF731620000-0x00007FF731A12000-memory.dmp

Filesize
3.9MB

Download
memory/3940-272-0x00007FF742480000-0x00007FF742872000-memory.dmp

Filesize
3.9MB

Download
memory/3940-3197-0x00007FF742480000-0x00007FF742872000-memory.dmp

Filesize
3.9MB

Download
memory/3984-273-0x00007FF695470000-0x00007FF695862000-memory.dmp

Filesize
3.9MB

Download
memory/3984-3202-0x00007FF695470000-0x00007FF695862000-memory.dmp

Filesize
3.9MB

Download
memory/4368-282-0x00007FF78FDC0000-0x00007FF7901B2000-memory.dmp

Filesize
3.9MB

Download
memory/4396-3120-0x00007FF648A70000-0x00007FF648E62000-memory.dmp

Filesize
3.9MB

Download
memory/4396-90-0x00007FF648A70000-0x00007FF648E62000-memory.dmp

Filesize
3.9MB

Download
memory/4576-237-0x00007FF768110000-0x00007FF768502000-memory.dmp

Filesize
3.9MB

Download
memory/4576-3166-0x00007FF768110000-0x00007FF768502000-memory.dmp

Filesize
3.9MB

Download
memory/4584-3076-0x00007FF676770000-0x00007FF676B62000-memory.dmp

Filesize
3.9MB

Download
memory/4584-12-0x00007FF676770000-0x00007FF676B62000-memory.dmp

Filesize
3.9MB

Download