xmrig | 04c9134c1c93106ba9ed13d7d6168931ae7677179e16c243d0260ea90f4307a8

Analysis

max time kernel
120s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-08-2024 20:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0356665a5586b5e7594d13e48a1f2450N.exe
Size

1.9MB
MD5

0356665a5586b5e7594d13e48a1f2450
SHA1

e2b6b3822aa7d367030bb105eff68c2ea784a572
SHA256

04c9134c1c93106ba9ed13d7d6168931ae7677179e16c243d0260ea90f4307a8
SHA512

d511f0d829351082caf9a1cbfd54280cac2f703967f07cb87bfdc9c6347da6191fb1fd812da04482c0cb7ef0de08e811d3a639814e0bd1a10c4abc3fdf36b797
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82SFADO:NAB2

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 36 IoCs

miner

resource	yara_rule
behavioral2/memory/1140-411-0x00007FF7B08C0000-0x00007FF7B0CB2000-memory.dmp	xmrig
behavioral2/memory/4388-334-0x00007FF7A0150000-0x00007FF7A0542000-memory.dmp	xmrig
behavioral2/memory/2840-254-0x00007FF6C6F30000-0x00007FF6C7322000-memory.dmp	xmrig
behavioral2/memory/2788-246-0x00007FF6B0E90000-0x00007FF6B1282000-memory.dmp	xmrig
behavioral2/memory/1508-210-0x00007FF67A8B0000-0x00007FF67ACA2000-memory.dmp	xmrig
behavioral2/memory/4496-169-0x00007FF6E1B50000-0x00007FF6E1F42000-memory.dmp	xmrig
behavioral2/memory/3536-614-0x00007FF7BBE10000-0x00007FF7BC202000-memory.dmp	xmrig
behavioral2/memory/220-972-0x00007FF7A1310000-0x00007FF7A1702000-memory.dmp	xmrig
behavioral2/memory/2332-971-0x00007FF616BE0000-0x00007FF616FD2000-memory.dmp	xmrig
behavioral2/memory/4192-613-0x00007FF667F00000-0x00007FF6682F2000-memory.dmp	xmrig
behavioral2/memory/2144-612-0x00007FF7244C0000-0x00007FF7248B2000-memory.dmp	xmrig
behavioral2/memory/2480-611-0x00007FF6AFA30000-0x00007FF6AFE22000-memory.dmp	xmrig
behavioral2/memory/3104-610-0x00007FF6E8BA0000-0x00007FF6E8F92000-memory.dmp	xmrig
behavioral2/memory/4184-609-0x00007FF7C2920000-0x00007FF7C2D12000-memory.dmp	xmrig
behavioral2/memory/2396-608-0x00007FF65E780000-0x00007FF65EB72000-memory.dmp	xmrig
behavioral2/memory/4160-607-0x00007FF7FE430000-0x00007FF7FE822000-memory.dmp	xmrig
behavioral2/memory/2608-606-0x00007FF7E31B0000-0x00007FF7E35A2000-memory.dmp	xmrig
behavioral2/memory/1200-605-0x00007FF6590D0000-0x00007FF6594C2000-memory.dmp	xmrig
behavioral2/memory/3612-604-0x00007FF7CF170000-0x00007FF7CF562000-memory.dmp	xmrig
behavioral2/memory/732-603-0x00007FF6B1690000-0x00007FF6B1A82000-memory.dmp	xmrig
behavioral2/memory/2776-588-0x00007FF60C9E0000-0x00007FF60CDD2000-memory.dmp	xmrig
behavioral2/memory/1972-474-0x00007FF786D90000-0x00007FF787182000-memory.dmp	xmrig
behavioral2/memory/3092-470-0x00007FF72D570000-0x00007FF72D962000-memory.dmp	xmrig
behavioral2/memory/2332-5772-0x00007FF616BE0000-0x00007FF616FD2000-memory.dmp	xmrig
behavioral2/memory/732-5784-0x00007FF6B1690000-0x00007FF6B1A82000-memory.dmp	xmrig
behavioral2/memory/2788-5888-0x00007FF6B0E90000-0x00007FF6B1282000-memory.dmp	xmrig
behavioral2/memory/4184-5815-0x00007FF7C2920000-0x00007FF7C2D12000-memory.dmp	xmrig
behavioral2/memory/3092-5814-0x00007FF72D570000-0x00007FF72D962000-memory.dmp	xmrig
behavioral2/memory/4192-6136-0x00007FF667F00000-0x00007FF6682F2000-memory.dmp	xmrig
behavioral2/memory/2480-6321-0x00007FF6AFA30000-0x00007FF6AFE22000-memory.dmp	xmrig
behavioral2/memory/2608-6313-0x00007FF7E31B0000-0x00007FF7E35A2000-memory.dmp	xmrig
behavioral2/memory/1972-6311-0x00007FF786D90000-0x00007FF787182000-memory.dmp	xmrig
behavioral2/memory/220-6134-0x00007FF7A1310000-0x00007FF7A1702000-memory.dmp	xmrig
behavioral2/memory/4160-6315-0x00007FF7FE430000-0x00007FF7FE822000-memory.dmp	xmrig
behavioral2/memory/2864-5952-0x00007FF7B3A60000-0x00007FF7B3E52000-memory.dmp	xmrig
behavioral2/memory/2776-5938-0x00007FF60C9E0000-0x00007FF60CDD2000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3972	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
3808	xjmZkXJ.exe
3536	zwTDVHZ.exe
2332	kdfKDft.exe
4496	OVtQCLR.exe
1508	aJNEHvA.exe
2788	vymqOVg.exe
2840	bzxYSVF.exe
4388	VINnuBN.exe
1140	jfbhqwx.exe
3092	gvgtVbZ.exe
1972	Phrxbsi.exe
1200	xrYXzZI.exe
2776	agqdjmV.exe
732	HbynCLR.exe
3612	cNdFOWS.exe
2608	lpmVVVV.exe
4160	DeBopfL.exe
2396	XLFjABM.exe
4184	hrLznLv.exe
220	iPcuuZi.exe
3104	sexGeUd.exe
2480	RMzGrQU.exe
2144	zIQIVEO.exe
4192	ZRocXLv.exe
1432	GfnMvCI.exe
1296	aaHsUEL.exe
4252	cJyElLI.exe
3764	VKqnOib.exe
3592	gSaKgXE.exe
2988	kEcEVvW.exe
1560	jDfSSdu.exe
1336	uiroFDW.exe
4992	WsERtZW.exe
5112	XCrQZNy.exe
3632	VsPCvEv.exe
3868	ojdClzp.exe
3740	iTHsXMP.exe
548	iiPEJcW.exe
736	XFkwOue.exe
4956	yPHzYdp.exe
3320	nZYeKJZ.exe
452	FzXJKqc.exe
2544	AvMpJYa.exe
828	tWtsOoQ.exe
5052	lECNJDg.exe
2188	qdWOviS.exe
976	hvnyajk.exe
884	ButmOjg.exe
944	HzNwwHg.exe
1212	gzWUhFL.exe
3704	FyLEPWH.exe
1960	BbyykUz.exe
1652	oWQUFwb.exe
2024	DtzRTFk.exe
3060	TVklZhu.exe
5016	jkwIdSm.exe
3388	UQJWVNN.exe
3492	XSzzLLV.exe
1632	GXOOaFW.exe
2216	rXprPUK.exe
2828	JKbvPid.exe
4228	mRKdPVb.exe
4616	PEWvvkM.exe
4872	sqOnnzq.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2864-0-0x00007FF7B3A60000-0x00007FF7B3E52000-memory.dmp	upx
behavioral2/memory/3808-17-0x00007FF64F5C0000-0x00007FF64F9B2000-memory.dmp	upx
behavioral2/files/0x00070000000234e3-80.dat	upx
behavioral2/files/0x0007000000023509-188.dat	upx
behavioral2/memory/1140-411-0x00007FF7B08C0000-0x00007FF7B0CB2000-memory.dmp	upx
behavioral2/memory/4388-334-0x00007FF7A0150000-0x00007FF7A0542000-memory.dmp	upx
behavioral2/memory/2840-254-0x00007FF6C6F30000-0x00007FF6C7322000-memory.dmp	upx
behavioral2/memory/2788-246-0x00007FF6B0E90000-0x00007FF6B1282000-memory.dmp	upx
behavioral2/memory/1508-210-0x00007FF67A8B0000-0x00007FF67ACA2000-memory.dmp	upx
behavioral2/files/0x000700000002350c-193.dat	upx
behavioral2/files/0x000700000002350b-192.dat	upx
behavioral2/files/0x00070000000234f1-190.dat	upx
behavioral2/files/0x000700000002350a-189.dat	upx
behavioral2/files/0x0007000000023508-187.dat	upx
behavioral2/files/0x0007000000023507-186.dat	upx
behavioral2/files/0x00070000000234f8-183.dat	upx
behavioral2/files/0x0007000000023506-182.dat	upx
behavioral2/files/0x0007000000023505-180.dat	upx
behavioral2/files/0x0007000000023504-177.dat	upx
behavioral2/files/0x00070000000234f7-173.dat	upx
behavioral2/files/0x0007000000023502-172.dat	upx
behavioral2/memory/4496-169-0x00007FF6E1B50000-0x00007FF6E1F42000-memory.dmp	upx
behavioral2/files/0x0007000000023501-162.dat	upx
behavioral2/files/0x00070000000234ff-160.dat	upx
behavioral2/files/0x0007000000023500-158.dat	upx
behavioral2/files/0x00070000000234fe-156.dat	upx
behavioral2/files/0x00070000000234f4-153.dat	upx
behavioral2/files/0x00070000000234fd-152.dat	upx
behavioral2/files/0x00070000000234fc-150.dat	upx
behavioral2/files/0x00070000000234f2-147.dat	upx
behavioral2/files/0x00070000000234fb-146.dat	upx
behavioral2/files/0x00070000000234fa-143.dat	upx
behavioral2/files/0x00070000000234f9-142.dat	upx
behavioral2/files/0x000700000002350d-194.dat	upx
behavioral2/files/0x00070000000234f0-135.dat	upx
behavioral2/files/0x00070000000234e7-119.dat	upx
behavioral2/files/0x0007000000023503-175.dat	upx
behavioral2/files/0x00070000000234f6-114.dat	upx
behavioral2/files/0x00070000000234f5-111.dat	upx
behavioral2/files/0x00070000000234eb-103.dat	upx
behavioral2/files/0x00070000000234f3-96.dat	upx
behavioral2/files/0x00070000000234ef-81.dat	upx
behavioral2/files/0x00070000000234ec-79.dat	upx
behavioral2/files/0x00070000000234e8-76.dat	upx
behavioral2/files/0x00070000000234ee-68.dat	upx
behavioral2/memory/3536-614-0x00007FF7BBE10000-0x00007FF7BC202000-memory.dmp	upx
behavioral2/memory/220-972-0x00007FF7A1310000-0x00007FF7A1702000-memory.dmp	upx
behavioral2/memory/2332-971-0x00007FF616BE0000-0x00007FF616FD2000-memory.dmp	upx
behavioral2/memory/4192-613-0x00007FF667F00000-0x00007FF6682F2000-memory.dmp	upx
behavioral2/memory/2144-612-0x00007FF7244C0000-0x00007FF7248B2000-memory.dmp	upx
behavioral2/memory/2480-611-0x00007FF6AFA30000-0x00007FF6AFE22000-memory.dmp	upx
behavioral2/memory/3104-610-0x00007FF6E8BA0000-0x00007FF6E8F92000-memory.dmp	upx
behavioral2/memory/4184-609-0x00007FF7C2920000-0x00007FF7C2D12000-memory.dmp	upx
behavioral2/memory/2396-608-0x00007FF65E780000-0x00007FF65EB72000-memory.dmp	upx
behavioral2/memory/4160-607-0x00007FF7FE430000-0x00007FF7FE822000-memory.dmp	upx
behavioral2/memory/2608-606-0x00007FF7E31B0000-0x00007FF7E35A2000-memory.dmp	upx
behavioral2/memory/1200-605-0x00007FF6590D0000-0x00007FF6594C2000-memory.dmp	upx
behavioral2/memory/3612-604-0x00007FF7CF170000-0x00007FF7CF562000-memory.dmp	upx
behavioral2/memory/732-603-0x00007FF6B1690000-0x00007FF6B1A82000-memory.dmp	upx
behavioral2/memory/2776-588-0x00007FF60C9E0000-0x00007FF60CDD2000-memory.dmp	upx
behavioral2/memory/1972-474-0x00007FF786D90000-0x00007FF787182000-memory.dmp	upx
behavioral2/memory/3092-470-0x00007FF72D570000-0x00007FF72D962000-memory.dmp	upx
behavioral2/files/0x00070000000234ed-65.dat	upx
behavioral2/files/0x00070000000234e5-88.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\zsQzIBt.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\YjPGBQN.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\olabBtG.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\NJKwfFT.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\xqdbvUr.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\WDmDetp.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\uhtDCIu.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\zWAVouB.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\tgStXLw.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\VAtbcvG.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\sRpRMzV.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\iAUWzdG.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\OtmNxmw.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\vplCphD.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\eKcueHN.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\ilLUdCB.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\SBDGRGz.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\OqppVXq.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\qpLCzMb.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\DLmohbb.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\fsMgvQG.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\iQyoCHA.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\OZNWaPR.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\IRMBFjI.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\YWBlDul.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\ueqcazR.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\xlCctaU.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\ZqOBLgR.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\SOefacJ.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\iQrWXWT.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\WQdwFoa.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\xZbhcBL.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\oRKkHDb.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\wGOZDNZ.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\edeGhyF.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\hpVIawC.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\yuouKQD.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\SFysSaT.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\PorBYbP.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\tJGWGEt.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\AcJsQtv.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\LAheamA.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\Zehkdxh.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\rxVYXKj.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\olwVGsP.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\eefrRRD.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\prUbbnh.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\CjXAsVk.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\fSiWlkD.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\lnQuBEt.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\UJBnuxZ.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\sMthifs.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\EgbTGVV.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\qAWfktp.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\tqEkuel.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\ohopvRY.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\OesGWdQ.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\tXEskMP.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\QQfBFHn.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\kikJheR.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\tEJgErP.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\pyDubWG.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\EJfaJOy.exe	0356665a5586b5e7594d13e48a1f2450N.exe
File created	C:\Windows\System\DezdvnM.exe	0356665a5586b5e7594d13e48a1f2450N.exe

Modifies data under HKEY_USERS 11 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
3972	powershell.exe
3972	powershell.exe
3972	powershell.exe

Suspicious behavior: LoadsDriver 64 IoCs

pid	Process
1804	Process not Found
5104	Process not Found
3972	Process not Found
4652	Process not Found
208	Process not Found
13440	Process not Found
2420	Process not Found
4144	Process not Found
13456	Process not Found
5220	Process not Found
5288	Process not Found
2016	Process not Found
5440	Process not Found
5376	Process not Found
13480	Process not Found
368	Process not Found
13496	Process not Found
3996	Process not Found
3336	Process not Found
400	Process not Found
13512	Process not Found
5984	Process not Found
5988	Process not Found
13532	Process not Found
5392	Process not Found
13548	Process not Found
5748	Process not Found
5424	Process not Found
13564	Process not Found
6060	Process not Found
6380	Process not Found
13588	Process not Found
1828	Process not Found
6832	Process not Found
7156	Process not Found
6232	Process not Found
7160	Process not Found
6236	Process not Found
60	Process not Found
6664	Process not Found
4452	Process not Found
1168	Process not Found
4864	Process not Found
13608	Process not Found
1136	Process not Found
6744	Process not Found
6768	Process not Found
5292	Process not Found
5040	Process not Found
4224	Process not Found
7032	Process not Found
13620	Process not Found
5156	Process not Found
540	Process not Found
6112	Process not Found
6488	Process not Found
6552	Process not Found
7208	Process not Found
7248	Process not Found
6848	Process not Found
8416	Process not Found
3864	Process not Found
7392	Process not Found
2364	Process not Found

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	3972	powershell.exe
Token: SeLockMemoryPrivilege	2864	0356665a5586b5e7594d13e48a1f2450N.exe
Token: SeLockMemoryPrivilege	2864	0356665a5586b5e7594d13e48a1f2450N.exe
Token: SeCreateGlobalPrivilege	12488	dwm.exe
Token: SeChangeNotifyPrivilege	12488	dwm.exe
Token: 33	12488	dwm.exe
Token: SeIncBasePriorityPrivilege	12488	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2864 wrote to memory of 3972	2864	0356665a5586b5e7594d13e48a1f2450N.exe	84
PID 2864 wrote to memory of 3972	2864	0356665a5586b5e7594d13e48a1f2450N.exe	84
PID 2864 wrote to memory of 3808	2864	0356665a5586b5e7594d13e48a1f2450N.exe	85
PID 2864 wrote to memory of 3808	2864	0356665a5586b5e7594d13e48a1f2450N.exe	85
PID 2864 wrote to memory of 3536	2864	0356665a5586b5e7594d13e48a1f2450N.exe	86
PID 2864 wrote to memory of 3536	2864	0356665a5586b5e7594d13e48a1f2450N.exe	86
PID 2864 wrote to memory of 4388	2864	0356665a5586b5e7594d13e48a1f2450N.exe	87
PID 2864 wrote to memory of 4388	2864	0356665a5586b5e7594d13e48a1f2450N.exe	87
PID 2864 wrote to memory of 2332	2864	0356665a5586b5e7594d13e48a1f2450N.exe	88
PID 2864 wrote to memory of 2332	2864	0356665a5586b5e7594d13e48a1f2450N.exe	88
PID 2864 wrote to memory of 4496	2864	0356665a5586b5e7594d13e48a1f2450N.exe	89
PID 2864 wrote to memory of 4496	2864	0356665a5586b5e7594d13e48a1f2450N.exe	89
PID 2864 wrote to memory of 1508	2864	0356665a5586b5e7594d13e48a1f2450N.exe	90
PID 2864 wrote to memory of 1508	2864	0356665a5586b5e7594d13e48a1f2450N.exe	90
PID 2864 wrote to memory of 1972	2864	0356665a5586b5e7594d13e48a1f2450N.exe	91
PID 2864 wrote to memory of 1972	2864	0356665a5586b5e7594d13e48a1f2450N.exe	91
PID 2864 wrote to memory of 2788	2864	0356665a5586b5e7594d13e48a1f2450N.exe	92
PID 2864 wrote to memory of 2788	2864	0356665a5586b5e7594d13e48a1f2450N.exe	92
PID 2864 wrote to memory of 2840	2864	0356665a5586b5e7594d13e48a1f2450N.exe	93
PID 2864 wrote to memory of 2840	2864	0356665a5586b5e7594d13e48a1f2450N.exe	93
PID 2864 wrote to memory of 1140	2864	0356665a5586b5e7594d13e48a1f2450N.exe	94
PID 2864 wrote to memory of 1140	2864	0356665a5586b5e7594d13e48a1f2450N.exe	94
PID 2864 wrote to memory of 3092	2864	0356665a5586b5e7594d13e48a1f2450N.exe	95
PID 2864 wrote to memory of 3092	2864	0356665a5586b5e7594d13e48a1f2450N.exe	95
PID 2864 wrote to memory of 1200	2864	0356665a5586b5e7594d13e48a1f2450N.exe	96
PID 2864 wrote to memory of 1200	2864	0356665a5586b5e7594d13e48a1f2450N.exe	96
PID 2864 wrote to memory of 2776	2864	0356665a5586b5e7594d13e48a1f2450N.exe	97
PID 2864 wrote to memory of 2776	2864	0356665a5586b5e7594d13e48a1f2450N.exe	97
PID 2864 wrote to memory of 732	2864	0356665a5586b5e7594d13e48a1f2450N.exe	98
PID 2864 wrote to memory of 732	2864	0356665a5586b5e7594d13e48a1f2450N.exe	98
PID 2864 wrote to memory of 3612	2864	0356665a5586b5e7594d13e48a1f2450N.exe	99
PID 2864 wrote to memory of 3612	2864	0356665a5586b5e7594d13e48a1f2450N.exe	99
PID 2864 wrote to memory of 2608	2864	0356665a5586b5e7594d13e48a1f2450N.exe	100
PID 2864 wrote to memory of 2608	2864	0356665a5586b5e7594d13e48a1f2450N.exe	100
PID 2864 wrote to memory of 4160	2864	0356665a5586b5e7594d13e48a1f2450N.exe	101
PID 2864 wrote to memory of 4160	2864	0356665a5586b5e7594d13e48a1f2450N.exe	101
PID 2864 wrote to memory of 2396	2864	0356665a5586b5e7594d13e48a1f2450N.exe	102
PID 2864 wrote to memory of 2396	2864	0356665a5586b5e7594d13e48a1f2450N.exe	102
PID 2864 wrote to memory of 4184	2864	0356665a5586b5e7594d13e48a1f2450N.exe	103
PID 2864 wrote to memory of 4184	2864	0356665a5586b5e7594d13e48a1f2450N.exe	103
PID 2864 wrote to memory of 3764	2864	0356665a5586b5e7594d13e48a1f2450N.exe	104
PID 2864 wrote to memory of 3764	2864	0356665a5586b5e7594d13e48a1f2450N.exe	104
PID 2864 wrote to memory of 220	2864	0356665a5586b5e7594d13e48a1f2450N.exe	105
PID 2864 wrote to memory of 220	2864	0356665a5586b5e7594d13e48a1f2450N.exe	105
PID 2864 wrote to memory of 3104	2864	0356665a5586b5e7594d13e48a1f2450N.exe	106
PID 2864 wrote to memory of 3104	2864	0356665a5586b5e7594d13e48a1f2450N.exe	106
PID 2864 wrote to memory of 2480	2864	0356665a5586b5e7594d13e48a1f2450N.exe	107
PID 2864 wrote to memory of 2480	2864	0356665a5586b5e7594d13e48a1f2450N.exe	107
PID 2864 wrote to memory of 548	2864	0356665a5586b5e7594d13e48a1f2450N.exe	108
PID 2864 wrote to memory of 548	2864	0356665a5586b5e7594d13e48a1f2450N.exe	108
PID 2864 wrote to memory of 2144	2864	0356665a5586b5e7594d13e48a1f2450N.exe	109
PID 2864 wrote to memory of 2144	2864	0356665a5586b5e7594d13e48a1f2450N.exe	109
PID 2864 wrote to memory of 4192	2864	0356665a5586b5e7594d13e48a1f2450N.exe	110
PID 2864 wrote to memory of 4192	2864	0356665a5586b5e7594d13e48a1f2450N.exe	110
PID 2864 wrote to memory of 1432	2864	0356665a5586b5e7594d13e48a1f2450N.exe	111
PID 2864 wrote to memory of 1432	2864	0356665a5586b5e7594d13e48a1f2450N.exe	111
PID 2864 wrote to memory of 1296	2864	0356665a5586b5e7594d13e48a1f2450N.exe	112
PID 2864 wrote to memory of 1296	2864	0356665a5586b5e7594d13e48a1f2450N.exe	112
PID 2864 wrote to memory of 4252	2864	0356665a5586b5e7594d13e48a1f2450N.exe	113
PID 2864 wrote to memory of 4252	2864	0356665a5586b5e7594d13e48a1f2450N.exe	113
PID 2864 wrote to memory of 3592	2864	0356665a5586b5e7594d13e48a1f2450N.exe	114
PID 2864 wrote to memory of 3592	2864	0356665a5586b5e7594d13e48a1f2450N.exe	114
PID 2864 wrote to memory of 2988	2864	0356665a5586b5e7594d13e48a1f2450N.exe	115
PID 2864 wrote to memory of 2988	2864	0356665a5586b5e7594d13e48a1f2450N.exe	115

C:\Users\Admin\AppData\Local\Temp\0356665a5586b5e7594d13e48a1f2450N.exe
"C:\Users\Admin\AppData\Local\Temp\0356665a5586b5e7594d13e48a1f2450N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2864
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3972
- C:\Windows\System\xjmZkXJ.exe
  C:\Windows\System\xjmZkXJ.exe
  2⤵
  - Executes dropped EXE
  PID:3808
- C:\Windows\System\zwTDVHZ.exe
  C:\Windows\System\zwTDVHZ.exe
  2⤵
  - Executes dropped EXE
  PID:3536
- C:\Windows\System\VINnuBN.exe
  C:\Windows\System\VINnuBN.exe
  2⤵
  - Executes dropped EXE
  PID:4388
- C:\Windows\System\kdfKDft.exe
  C:\Windows\System\kdfKDft.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\OVtQCLR.exe
  C:\Windows\System\OVtQCLR.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\aJNEHvA.exe
  C:\Windows\System\aJNEHvA.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\Phrxbsi.exe
  C:\Windows\System\Phrxbsi.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\vymqOVg.exe
  C:\Windows\System\vymqOVg.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\bzxYSVF.exe
  C:\Windows\System\bzxYSVF.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\jfbhqwx.exe
  C:\Windows\System\jfbhqwx.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\gvgtVbZ.exe
  C:\Windows\System\gvgtVbZ.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System\xrYXzZI.exe
  C:\Windows\System\xrYXzZI.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\agqdjmV.exe
  C:\Windows\System\agqdjmV.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\HbynCLR.exe
  C:\Windows\System\HbynCLR.exe
  2⤵
  - Executes dropped EXE
  PID:732
- C:\Windows\System\cNdFOWS.exe
  C:\Windows\System\cNdFOWS.exe
  2⤵
  - Executes dropped EXE
  PID:3612
- C:\Windows\System\lpmVVVV.exe
  C:\Windows\System\lpmVVVV.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\DeBopfL.exe
  C:\Windows\System\DeBopfL.exe
  2⤵
  - Executes dropped EXE
  PID:4160
- C:\Windows\System\XLFjABM.exe
  C:\Windows\System\XLFjABM.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\hrLznLv.exe
  C:\Windows\System\hrLznLv.exe
  2⤵
  - Executes dropped EXE
  PID:4184
- C:\Windows\System\VKqnOib.exe
  C:\Windows\System\VKqnOib.exe
  2⤵
  - Executes dropped EXE
  PID:3764
- C:\Windows\System\iPcuuZi.exe
  C:\Windows\System\iPcuuZi.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\sexGeUd.exe
  C:\Windows\System\sexGeUd.exe
  2⤵
  - Executes dropped EXE
  PID:3104
- C:\Windows\System\RMzGrQU.exe
  C:\Windows\System\RMzGrQU.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\iiPEJcW.exe
  C:\Windows\System\iiPEJcW.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\zIQIVEO.exe
  C:\Windows\System\zIQIVEO.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\ZRocXLv.exe
  C:\Windows\System\ZRocXLv.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\GfnMvCI.exe
  C:\Windows\System\GfnMvCI.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\aaHsUEL.exe
  C:\Windows\System\aaHsUEL.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\cJyElLI.exe
  C:\Windows\System\cJyElLI.exe
  2⤵
  - Executes dropped EXE
  PID:4252
- C:\Windows\System\gSaKgXE.exe
  C:\Windows\System\gSaKgXE.exe
  2⤵
  - Executes dropped EXE
  PID:3592
- C:\Windows\System\kEcEVvW.exe
  C:\Windows\System\kEcEVvW.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\jDfSSdu.exe
  C:\Windows\System\jDfSSdu.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\uiroFDW.exe
  C:\Windows\System\uiroFDW.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\WsERtZW.exe
  C:\Windows\System\WsERtZW.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System\XCrQZNy.exe
  C:\Windows\System\XCrQZNy.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\VsPCvEv.exe
  C:\Windows\System\VsPCvEv.exe
  2⤵
  - Executes dropped EXE
  PID:3632
- C:\Windows\System\ojdClzp.exe
  C:\Windows\System\ojdClzp.exe
  2⤵
  - Executes dropped EXE
  PID:3868
- C:\Windows\System\iTHsXMP.exe
  C:\Windows\System\iTHsXMP.exe
  2⤵
  - Executes dropped EXE
  PID:3740
- C:\Windows\System\XFkwOue.exe
  C:\Windows\System\XFkwOue.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\yPHzYdp.exe
  C:\Windows\System\yPHzYdp.exe
  2⤵
  - Executes dropped EXE
  PID:4956
- C:\Windows\System\nZYeKJZ.exe
  C:\Windows\System\nZYeKJZ.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System\FzXJKqc.exe
  C:\Windows\System\FzXJKqc.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\AvMpJYa.exe
  C:\Windows\System\AvMpJYa.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\tWtsOoQ.exe
  C:\Windows\System\tWtsOoQ.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\lECNJDg.exe
  C:\Windows\System\lECNJDg.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\qdWOviS.exe
  C:\Windows\System\qdWOviS.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\hvnyajk.exe
  C:\Windows\System\hvnyajk.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\ButmOjg.exe
  C:\Windows\System\ButmOjg.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\HzNwwHg.exe
  C:\Windows\System\HzNwwHg.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\gzWUhFL.exe
  C:\Windows\System\gzWUhFL.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\FyLEPWH.exe
  C:\Windows\System\FyLEPWH.exe
  2⤵
  - Executes dropped EXE
  PID:3704
- C:\Windows\System\BbyykUz.exe
  C:\Windows\System\BbyykUz.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\oWQUFwb.exe
  C:\Windows\System\oWQUFwb.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\DtzRTFk.exe
  C:\Windows\System\DtzRTFk.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\TVklZhu.exe
  C:\Windows\System\TVklZhu.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\jkwIdSm.exe
  C:\Windows\System\jkwIdSm.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\UQJWVNN.exe
  C:\Windows\System\UQJWVNN.exe
  2⤵
  - Executes dropped EXE
  PID:3388
- C:\Windows\System\XSzzLLV.exe
  C:\Windows\System\XSzzLLV.exe
  2⤵
  - Executes dropped EXE
  PID:3492
- C:\Windows\System\GXOOaFW.exe
  C:\Windows\System\GXOOaFW.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\rXprPUK.exe
  C:\Windows\System\rXprPUK.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\JKbvPid.exe
  C:\Windows\System\JKbvPid.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\mRKdPVb.exe
  C:\Windows\System\mRKdPVb.exe
  2⤵
  - Executes dropped EXE
  PID:4228
- C:\Windows\System\PEWvvkM.exe
  C:\Windows\System\PEWvvkM.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\sqOnnzq.exe
  C:\Windows\System\sqOnnzq.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System\RywIGAZ.exe
  C:\Windows\System\RywIGAZ.exe
  2⤵
  PID:2424
- C:\Windows\System\iwzRstv.exe
  C:\Windows\System\iwzRstv.exe
  2⤵
  PID:3360
- C:\Windows\System\HonrKOY.exe
  C:\Windows\System\HonrKOY.exe
  2⤵
  PID:3828
- C:\Windows\System\baGvKSj.exe
  C:\Windows\System\baGvKSj.exe
  2⤵
  PID:2548
- C:\Windows\System\tNxlAuM.exe
  C:\Windows\System\tNxlAuM.exe
  2⤵
  PID:2848
- C:\Windows\System\sdOnRTI.exe
  C:\Windows\System\sdOnRTI.exe
  2⤵
  PID:4960
- C:\Windows\System\XhhuotA.exe
  C:\Windows\System\XhhuotA.exe
  2⤵
  PID:4828
- C:\Windows\System\YkXhAoN.exe
  C:\Windows\System\YkXhAoN.exe
  2⤵
  PID:4732
- C:\Windows\System\ysQwWQw.exe
  C:\Windows\System\ysQwWQw.exe
  2⤵
  PID:2468
- C:\Windows\System\ogrAimw.exe
  C:\Windows\System\ogrAimw.exe
  2⤵
  PID:3896
- C:\Windows\System\DPhlWxT.exe
  C:\Windows\System\DPhlWxT.exe
  2⤵
  PID:2744
- C:\Windows\System\usoUMLN.exe
  C:\Windows\System\usoUMLN.exe
  2⤵
  PID:940
- C:\Windows\System\pWcoKVX.exe
  C:\Windows\System\pWcoKVX.exe
  2⤵
  PID:2380
- C:\Windows\System\nFzHdfL.exe
  C:\Windows\System\nFzHdfL.exe
  2⤵
  PID:4396
- C:\Windows\System\NfHqkCJ.exe
  C:\Windows\System\NfHqkCJ.exe
  2⤵
  PID:3432
- C:\Windows\System\KpzCyTd.exe
  C:\Windows\System\KpzCyTd.exe
  2⤵
  PID:2860
- C:\Windows\System\eqvAIGS.exe
  C:\Windows\System\eqvAIGS.exe
  2⤵
  PID:4260
- C:\Windows\System\nRcECpI.exe
  C:\Windows\System\nRcECpI.exe
  2⤵
  PID:900
- C:\Windows\System\mDWgJIJ.exe
  C:\Windows\System\mDWgJIJ.exe
  2⤵
  PID:1760
- C:\Windows\System\oijJwoO.exe
  C:\Windows\System\oijJwoO.exe
  2⤵
  PID:1424
- C:\Windows\System\QbXdvWe.exe
  C:\Windows\System\QbXdvWe.exe
  2⤵
  PID:3440
- C:\Windows\System\ZjyjJVc.exe
  C:\Windows\System\ZjyjJVc.exe
  2⤵
  PID:1528
- C:\Windows\System\UHqSDoy.exe
  C:\Windows\System\UHqSDoy.exe
  2⤵
  PID:4560
- C:\Windows\System\EGHOTSq.exe
  C:\Windows\System\EGHOTSq.exe
  2⤵
  PID:4528
- C:\Windows\System\dUJMrdd.exe
  C:\Windows\System\dUJMrdd.exe
  2⤵
  PID:2800
- C:\Windows\System\oGLEHcf.exe
  C:\Windows\System\oGLEHcf.exe
  2⤵
  PID:3256
- C:\Windows\System\TOEXVrt.exe
  C:\Windows\System\TOEXVrt.exe
  2⤵
  PID:4120
- C:\Windows\System\iSJcHpc.exe
  C:\Windows\System\iSJcHpc.exe
  2⤵
  PID:4488
- C:\Windows\System\TBYaGsY.exe
  C:\Windows\System\TBYaGsY.exe
  2⤵
  PID:5124
- C:\Windows\System\oSxhVuS.exe
  C:\Windows\System\oSxhVuS.exe
  2⤵
  PID:5140
- C:\Windows\System\MnProVM.exe
  C:\Windows\System\MnProVM.exe
  2⤵
  PID:5168
- C:\Windows\System\UPShpJW.exe
  C:\Windows\System\UPShpJW.exe
  2⤵
  PID:5208
- C:\Windows\System\NVUZmyX.exe
  C:\Windows\System\NVUZmyX.exe
  2⤵
  PID:5232
- C:\Windows\System\tVUHMFB.exe
  C:\Windows\System\tVUHMFB.exe
  2⤵
  PID:5248
- C:\Windows\System\sstYGEq.exe
  C:\Windows\System\sstYGEq.exe
  2⤵
  PID:5272
- C:\Windows\System\bkhOOdp.exe
  C:\Windows\System\bkhOOdp.exe
  2⤵
  PID:5300
- C:\Windows\System\AuLdieP.exe
  C:\Windows\System\AuLdieP.exe
  2⤵
  PID:5320
- C:\Windows\System\LrrmAZb.exe
  C:\Windows\System\LrrmAZb.exe
  2⤵
  PID:5336
- C:\Windows\System\cNbdSfq.exe
  C:\Windows\System\cNbdSfq.exe
  2⤵
  PID:5360
- C:\Windows\System\jPcWbDM.exe
  C:\Windows\System\jPcWbDM.exe
  2⤵
  PID:5384
- C:\Windows\System\GhlTTgL.exe
  C:\Windows\System\GhlTTgL.exe
  2⤵
  PID:5412
- C:\Windows\System\wkBXEIB.exe
  C:\Windows\System\wkBXEIB.exe
  2⤵
  PID:5428
- C:\Windows\System\RyTeFrY.exe
  C:\Windows\System\RyTeFrY.exe
  2⤵
  PID:5460
- C:\Windows\System\vlGZsNz.exe
  C:\Windows\System\vlGZsNz.exe
  2⤵
  PID:5492
- C:\Windows\System\YkEBYNT.exe
  C:\Windows\System\YkEBYNT.exe
  2⤵
  PID:5508
- C:\Windows\System\CSNLUCn.exe
  C:\Windows\System\CSNLUCn.exe
  2⤵
  PID:5532
- C:\Windows\System\BNIxAlv.exe
  C:\Windows\System\BNIxAlv.exe
  2⤵
  PID:5548
- C:\Windows\System\HlEBdeP.exe
  C:\Windows\System\HlEBdeP.exe
  2⤵
  PID:5572
- C:\Windows\System\MXmQyLY.exe
  C:\Windows\System\MXmQyLY.exe
  2⤵
  PID:5596
- C:\Windows\System\cKFQXIH.exe
  C:\Windows\System\cKFQXIH.exe
  2⤵
  PID:5620
- C:\Windows\System\JzWEOZm.exe
  C:\Windows\System\JzWEOZm.exe
  2⤵
  PID:5636
- C:\Windows\System\vnqLiUq.exe
  C:\Windows\System\vnqLiUq.exe
  2⤵
  PID:5684
- C:\Windows\System\UKZhYRK.exe
  C:\Windows\System\UKZhYRK.exe
  2⤵
  PID:5700
- C:\Windows\System\SaDRFAH.exe
  C:\Windows\System\SaDRFAH.exe
  2⤵
  PID:5728
- C:\Windows\System\UutCWYJ.exe
  C:\Windows\System\UutCWYJ.exe
  2⤵
  PID:5752
- C:\Windows\System\FtsObum.exe
  C:\Windows\System\FtsObum.exe
  2⤵
  PID:5776
- C:\Windows\System\CGTawuG.exe
  C:\Windows\System\CGTawuG.exe
  2⤵
  PID:5792
- C:\Windows\System\IJEBpgB.exe
  C:\Windows\System\IJEBpgB.exe
  2⤵
  PID:5808
- C:\Windows\System\RddzKHu.exe
  C:\Windows\System\RddzKHu.exe
  2⤵
  PID:5832
- C:\Windows\System\kFEsUYN.exe
  C:\Windows\System\kFEsUYN.exe
  2⤵
  PID:5856
- C:\Windows\System\snAJqWh.exe
  C:\Windows\System\snAJqWh.exe
  2⤵
  PID:5872
- C:\Windows\System\abCRZrf.exe
  C:\Windows\System\abCRZrf.exe
  2⤵
  PID:5892
- C:\Windows\System\OPfNBEe.exe
  C:\Windows\System\OPfNBEe.exe
  2⤵
  PID:5912
- C:\Windows\System\edzzpbq.exe
  C:\Windows\System\edzzpbq.exe
  2⤵
  PID:5936
- C:\Windows\System\KZvjDUW.exe
  C:\Windows\System\KZvjDUW.exe
  2⤵
  PID:5956
- C:\Windows\System\gmDGTbT.exe
  C:\Windows\System\gmDGTbT.exe
  2⤵
  PID:5976
- C:\Windows\System\scJvMDE.exe
  C:\Windows\System\scJvMDE.exe
  2⤵
  PID:6000
- C:\Windows\System\YjPGBQN.exe
  C:\Windows\System\YjPGBQN.exe
  2⤵
  PID:6024
- C:\Windows\System\GTiJUuh.exe
  C:\Windows\System\GTiJUuh.exe
  2⤵
  PID:6040
- C:\Windows\System\rZAYSNY.exe
  C:\Windows\System\rZAYSNY.exe
  2⤵
  PID:6076
- C:\Windows\System\VHltlcF.exe
  C:\Windows\System\VHltlcF.exe
  2⤵
  PID:6104
- C:\Windows\System\AlsIDcF.exe
  C:\Windows\System\AlsIDcF.exe
  2⤵
  PID:6128
- C:\Windows\System\SvKONRU.exe
  C:\Windows\System\SvKONRU.exe
  2⤵
  PID:832
- C:\Windows\System\JkGIHII.exe
  C:\Windows\System\JkGIHII.exe
  2⤵
  PID:3816
- C:\Windows\System\uFystMg.exe
  C:\Windows\System\uFystMg.exe
  2⤵
  PID:1768
- C:\Windows\System\pSHnYsG.exe
  C:\Windows\System\pSHnYsG.exe
  2⤵
  PID:4532
- C:\Windows\System\XuHHdNf.exe
  C:\Windows\System\XuHHdNf.exe
  2⤵
  PID:3328
- C:\Windows\System\Mfntzqa.exe
  C:\Windows\System\Mfntzqa.exe
  2⤵
  PID:2108
- C:\Windows\System\oWXspCc.exe
  C:\Windows\System\oWXspCc.exe
  2⤵
  PID:4588
- C:\Windows\System\iDxnInH.exe
  C:\Windows\System\iDxnInH.exe
  2⤵
  PID:4776
- C:\Windows\System\RaLTund.exe
  C:\Windows\System\RaLTund.exe
  2⤵
  PID:3616
- C:\Windows\System\ilLUdCB.exe
  C:\Windows\System\ilLUdCB.exe
  2⤵
  PID:5268
- C:\Windows\System\qSSxMZN.exe
  C:\Windows\System\qSSxMZN.exe
  2⤵
  PID:2412
- C:\Windows\System\RKLwWOy.exe
  C:\Windows\System\RKLwWOy.exe
  2⤵
  PID:2064
- C:\Windows\System\RWufZPL.exe
  C:\Windows\System\RWufZPL.exe
  2⤵
  PID:916
- C:\Windows\System\aQeWrNP.exe
  C:\Windows\System\aQeWrNP.exe
  2⤵
  PID:5648
- C:\Windows\System\FvckKSY.exe
  C:\Windows\System\FvckKSY.exe
  2⤵
  PID:4308
- C:\Windows\System\RxjYFcb.exe
  C:\Windows\System\RxjYFcb.exe
  2⤵
  PID:5176
- C:\Windows\System\wYApEKk.exe
  C:\Windows\System\wYApEKk.exe
  2⤵
  PID:5244
- C:\Windows\System\XMaDRRW.exe
  C:\Windows\System\XMaDRRW.exe
  2⤵
  PID:6152
- C:\Windows\System\ozJmDVh.exe
  C:\Windows\System\ozJmDVh.exe
  2⤵
  PID:6176
- C:\Windows\System\QiBWtll.exe
  C:\Windows\System\QiBWtll.exe
  2⤵
  PID:6196
- C:\Windows\System\CTVotTu.exe
  C:\Windows\System\CTVotTu.exe
  2⤵
  PID:6220
- C:\Windows\System\ojaWJsJ.exe
  C:\Windows\System\ojaWJsJ.exe
  2⤵
  PID:6252
- C:\Windows\System\ZXXweGy.exe
  C:\Windows\System\ZXXweGy.exe
  2⤵
  PID:6276
- C:\Windows\System\beiflph.exe
  C:\Windows\System\beiflph.exe
  2⤵
  PID:6292
- C:\Windows\System\BEyXbLj.exe
  C:\Windows\System\BEyXbLj.exe
  2⤵
  PID:6316
- C:\Windows\System\vFosxiu.exe
  C:\Windows\System\vFosxiu.exe
  2⤵
  PID:6336
- C:\Windows\System\REXPAYX.exe
  C:\Windows\System\REXPAYX.exe
  2⤵
  PID:6356
- C:\Windows\System\eBxkIov.exe
  C:\Windows\System\eBxkIov.exe
  2⤵
  PID:6384
- C:\Windows\System\PAOXYib.exe
  C:\Windows\System\PAOXYib.exe
  2⤵
  PID:6400
- C:\Windows\System\hDFOBpj.exe
  C:\Windows\System\hDFOBpj.exe
  2⤵
  PID:6436
- C:\Windows\System\CMAhwFq.exe
  C:\Windows\System\CMAhwFq.exe
  2⤵
  PID:6452
- C:\Windows\System\PdpJrVl.exe
  C:\Windows\System\PdpJrVl.exe
  2⤵
  PID:6476
- C:\Windows\System\XlHKQdk.exe
  C:\Windows\System\XlHKQdk.exe
  2⤵
  PID:6492
- C:\Windows\System\SLCkUCo.exe
  C:\Windows\System\SLCkUCo.exe
  2⤵
  PID:6516
- C:\Windows\System\uoyHmSo.exe
  C:\Windows\System\uoyHmSo.exe
  2⤵
  PID:6532
- C:\Windows\System\yheoquy.exe
  C:\Windows\System\yheoquy.exe
  2⤵
  PID:6576
- C:\Windows\System\ZiTbsbU.exe
  C:\Windows\System\ZiTbsbU.exe
  2⤵
  PID:6596
- C:\Windows\System\MCOaAYX.exe
  C:\Windows\System\MCOaAYX.exe
  2⤵
  PID:6612
- C:\Windows\System\KozrQdy.exe
  C:\Windows\System\KozrQdy.exe
  2⤵
  PID:6632
- C:\Windows\System\FqQvCJA.exe
  C:\Windows\System\FqQvCJA.exe
  2⤵
  PID:6652
- C:\Windows\System\qfttvCf.exe
  C:\Windows\System\qfttvCf.exe
  2⤵
  PID:6704
- C:\Windows\System\bLJwrrZ.exe
  C:\Windows\System\bLJwrrZ.exe
  2⤵
  PID:6720
- C:\Windows\System\oMyZtdD.exe
  C:\Windows\System\oMyZtdD.exe
  2⤵
  PID:6748
- C:\Windows\System\STZtvnR.exe
  C:\Windows\System\STZtvnR.exe
  2⤵
  PID:6772
- C:\Windows\System\mheBQmK.exe
  C:\Windows\System\mheBQmK.exe
  2⤵
  PID:6792
- C:\Windows\System\GcujKlP.exe
  C:\Windows\System\GcujKlP.exe
  2⤵
  PID:6816
- C:\Windows\System\dMUlmeh.exe
  C:\Windows\System\dMUlmeh.exe
  2⤵
  PID:6836
- C:\Windows\System\VhsPKmh.exe
  C:\Windows\System\VhsPKmh.exe
  2⤵
  PID:6860
- C:\Windows\System\WxsEyxk.exe
  C:\Windows\System\WxsEyxk.exe
  2⤵
  PID:6880
- C:\Windows\System\wzOWluL.exe
  C:\Windows\System\wzOWluL.exe
  2⤵
  PID:6900
- C:\Windows\System\fetYYtk.exe
  C:\Windows\System\fetYYtk.exe
  2⤵
  PID:6920
- C:\Windows\System\DHxrjnU.exe
  C:\Windows\System\DHxrjnU.exe
  2⤵
  PID:6940
- C:\Windows\System\uWmDFnA.exe
  C:\Windows\System\uWmDFnA.exe
  2⤵
  PID:6964
- C:\Windows\System\GGVHrsU.exe
  C:\Windows\System\GGVHrsU.exe
  2⤵
  PID:6984
- C:\Windows\System\xsDAeKA.exe
  C:\Windows\System\xsDAeKA.exe
  2⤵
  PID:7000
- C:\Windows\System\XfJTXPP.exe
  C:\Windows\System\XfJTXPP.exe
  2⤵
  PID:7016
- C:\Windows\System\lodpHDe.exe
  C:\Windows\System\lodpHDe.exe
  2⤵
  PID:7036
- C:\Windows\System\ODUzouF.exe
  C:\Windows\System\ODUzouF.exe
  2⤵
  PID:7052
- C:\Windows\System\RmAmbRz.exe
  C:\Windows\System\RmAmbRz.exe
  2⤵
  PID:7076
- C:\Windows\System\RsWzvwn.exe
  C:\Windows\System\RsWzvwn.exe
  2⤵
  PID:7096
- C:\Windows\System\WAPpNfA.exe
  C:\Windows\System\WAPpNfA.exe
  2⤵
  PID:7116
- C:\Windows\System\TyVGPCE.exe
  C:\Windows\System\TyVGPCE.exe
  2⤵
  PID:7132
- C:\Windows\System\ExHViGb.exe
  C:\Windows\System\ExHViGb.exe
  2⤵
  PID:7164
- C:\Windows\System\nYtivJz.exe
  C:\Windows\System\nYtivJz.exe
  2⤵
  PID:1940
- C:\Windows\System\vhJNXqc.exe
  C:\Windows\System\vhJNXqc.exe
  2⤵
  PID:6120
- C:\Windows\System\kLZLNfa.exe
  C:\Windows\System\kLZLNfa.exe
  2⤵
  PID:6136
- C:\Windows\System\omAjZPj.exe
  C:\Windows\System\omAjZPj.exe
  2⤵
  PID:3076
- C:\Windows\System\oMzTPjT.exe
  C:\Windows\System\oMzTPjT.exe
  2⤵
  PID:5928
- C:\Windows\System\oGhCOCN.exe
  C:\Windows\System\oGhCOCN.exe
  2⤵
  PID:5352
- C:\Windows\System\CjdwpIM.exe
  C:\Windows\System\CjdwpIM.exe
  2⤵
  PID:5316
- C:\Windows\System\ottwhHz.exe
  C:\Windows\System\ottwhHz.exe
  2⤵
  PID:6056
- C:\Windows\System\xbfPXez.exe
  C:\Windows\System\xbfPXez.exe
  2⤵
  PID:4492
- C:\Windows\System\uSJqKMx.exe
  C:\Windows\System\uSJqKMx.exe
  2⤵
  PID:5520
- C:\Windows\System\FouAxvw.exe
  C:\Windows\System\FouAxvw.exe
  2⤵
  PID:6368
- C:\Windows\System\FIphQXX.exe
  C:\Windows\System\FIphQXX.exe
  2⤵
  PID:4440
- C:\Windows\System\uiQByeN.exe
  C:\Windows\System\uiQByeN.exe
  2⤵
  PID:4244
- C:\Windows\System\tgRVbUv.exe
  C:\Windows\System\tgRVbUv.exe
  2⤵
  PID:4360
- C:\Windows\System\BanPoMv.exe
  C:\Windows\System\BanPoMv.exe
  2⤵
  PID:6092
- C:\Windows\System\PrgIIvG.exe
  C:\Windows\System\PrgIIvG.exe
  2⤵
  PID:6032
- C:\Windows\System\tGThNCb.exe
  C:\Windows\System\tGThNCb.exe
  2⤵
  PID:5948
- C:\Windows\System\dBtwMkE.exe
  C:\Windows\System\dBtwMkE.exe
  2⤵
  PID:5880
- C:\Windows\System\ACaObzv.exe
  C:\Windows\System\ACaObzv.exe
  2⤵
  PID:5820
- C:\Windows\System\jebhXrm.exe
  C:\Windows\System\jebhXrm.exe
  2⤵
  PID:5788
- C:\Windows\System\bWXSaDi.exe
  C:\Windows\System\bWXSaDi.exe
  2⤵
  PID:5740
- C:\Windows\System\koHphqR.exe
  C:\Windows\System\koHphqR.exe
  2⤵
  PID:5708
- C:\Windows\System\RsuBIEc.exe
  C:\Windows\System\RsuBIEc.exe
  2⤵
  PID:5628
- C:\Windows\System\foamDKN.exe
  C:\Windows\System\foamDKN.exe
  2⤵
  PID:5560
- C:\Windows\System\eTiZXyd.exe
  C:\Windows\System\eTiZXyd.exe
  2⤵
  PID:5580
- C:\Windows\System\aArMiTD.exe
  C:\Windows\System\aArMiTD.exe
  2⤵
  PID:4312
- C:\Windows\System\gTFgCoN.exe
  C:\Windows\System\gTFgCoN.exe
  2⤵
  PID:6160
- C:\Windows\System\IkyCoIn.exe
  C:\Windows\System\IkyCoIn.exe
  2⤵
  PID:6244
- C:\Windows\System\OTDPBNC.exe
  C:\Windows\System\OTDPBNC.exe
  2⤵
  PID:6284
- C:\Windows\System\dxVtbnh.exe
  C:\Windows\System\dxVtbnh.exe
  2⤵
  PID:6324
- C:\Windows\System\HBtnwLs.exe
  C:\Windows\System\HBtnwLs.exe
  2⤵
  PID:6500
- C:\Windows\System\qNcCCbi.exe
  C:\Windows\System\qNcCCbi.exe
  2⤵
  PID:6660
- C:\Windows\System\SiizMgk.exe
  C:\Windows\System\SiizMgk.exe
  2⤵
  PID:6804
- C:\Windows\System\tzcuIom.exe
  C:\Windows\System\tzcuIom.exe
  2⤵
  PID:6948
- C:\Windows\System\TxwxhGu.exe
  C:\Windows\System\TxwxhGu.exe
  2⤵
  PID:5524
- C:\Windows\System\hUuwMJF.exe
  C:\Windows\System\hUuwMJF.exe
  2⤵
  PID:6416
- C:\Windows\System\rijRXEF.exe
  C:\Windows\System\rijRXEF.exe
  2⤵
  PID:6504
- C:\Windows\System\eyySJaH.exe
  C:\Windows\System\eyySJaH.exe
  2⤵
  PID:6628
- C:\Windows\System\nwNqSpU.exe
  C:\Windows\System\nwNqSpU.exe
  2⤵
  PID:7176
- C:\Windows\System\gIYKgAJ.exe
  C:\Windows\System\gIYKgAJ.exe
  2⤵
  PID:7196
- C:\Windows\System\tGgBguP.exe
  C:\Windows\System\tGgBguP.exe
  2⤵
  PID:7220
- C:\Windows\System\NYfgvce.exe
  C:\Windows\System\NYfgvce.exe
  2⤵
  PID:7240
- C:\Windows\System\AbYEfGa.exe
  C:\Windows\System\AbYEfGa.exe
  2⤵
  PID:7260
- C:\Windows\System\zLVNWtC.exe
  C:\Windows\System\zLVNWtC.exe
  2⤵
  PID:7284
- C:\Windows\System\ScxRPIB.exe
  C:\Windows\System\ScxRPIB.exe
  2⤵
  PID:7304
- C:\Windows\System\wmHIegd.exe
  C:\Windows\System\wmHIegd.exe
  2⤵
  PID:7320
- C:\Windows\System\nuOTHJi.exe
  C:\Windows\System\nuOTHJi.exe
  2⤵
  PID:7340
- C:\Windows\System\AbEFaCl.exe
  C:\Windows\System\AbEFaCl.exe
  2⤵
  PID:7360
- C:\Windows\System\BgMcirV.exe
  C:\Windows\System\BgMcirV.exe
  2⤵
  PID:7376
- C:\Windows\System\vgycQju.exe
  C:\Windows\System\vgycQju.exe
  2⤵
  PID:7400
- C:\Windows\System\fwjjChv.exe
  C:\Windows\System\fwjjChv.exe
  2⤵
  PID:7420
- C:\Windows\System\EZYxiHl.exe
  C:\Windows\System\EZYxiHl.exe
  2⤵
  PID:7440
- C:\Windows\System\meYLqhn.exe
  C:\Windows\System\meYLqhn.exe
  2⤵
  PID:7460
- C:\Windows\System\otsgNMZ.exe
  C:\Windows\System\otsgNMZ.exe
  2⤵
  PID:7476
- C:\Windows\System\MyJPjPk.exe
  C:\Windows\System\MyJPjPk.exe
  2⤵
  PID:7492
- C:\Windows\System\GtFinqn.exe
  C:\Windows\System\GtFinqn.exe
  2⤵
  PID:7516
- C:\Windows\System\YTnDMZD.exe
  C:\Windows\System\YTnDMZD.exe
  2⤵
  PID:7532
- C:\Windows\System\kYxsiEv.exe
  C:\Windows\System\kYxsiEv.exe
  2⤵
  PID:7552
- C:\Windows\System\SnAAWeF.exe
  C:\Windows\System\SnAAWeF.exe
  2⤵
  PID:7568
- C:\Windows\System\smqlPkA.exe
  C:\Windows\System\smqlPkA.exe
  2⤵
  PID:7596
- C:\Windows\System\buLJnHe.exe
  C:\Windows\System\buLJnHe.exe
  2⤵
  PID:7612
- C:\Windows\System\OgQxPQa.exe
  C:\Windows\System\OgQxPQa.exe
  2⤵
  PID:7636
- C:\Windows\System\dHhqiOV.exe
  C:\Windows\System\dHhqiOV.exe
  2⤵
  PID:7656
- C:\Windows\System\ccDfBDK.exe
  C:\Windows\System\ccDfBDK.exe
  2⤵
  PID:7676
- C:\Windows\System\WWeMhqf.exe
  C:\Windows\System\WWeMhqf.exe
  2⤵
  PID:7692
- C:\Windows\System\tdLqZJT.exe
  C:\Windows\System\tdLqZJT.exe
  2⤵
  PID:7716
- C:\Windows\System\zshCkPr.exe
  C:\Windows\System\zshCkPr.exe
  2⤵
  PID:7732
- C:\Windows\System\heBChTf.exe
  C:\Windows\System\heBChTf.exe
  2⤵
  PID:7748
- C:\Windows\System\BLyYCpU.exe
  C:\Windows\System\BLyYCpU.exe
  2⤵
  PID:7768
- C:\Windows\System\AjksTnV.exe
  C:\Windows\System\AjksTnV.exe
  2⤵
  PID:7788
- C:\Windows\System\xiZetsf.exe
  C:\Windows\System\xiZetsf.exe
  2⤵
  PID:7812
- C:\Windows\System\cBRehwL.exe
  C:\Windows\System\cBRehwL.exe
  2⤵
  PID:7836
- C:\Windows\System\fqNjwvh.exe
  C:\Windows\System\fqNjwvh.exe
  2⤵
  PID:7852
- C:\Windows\System\PUFUqjA.exe
  C:\Windows\System\PUFUqjA.exe
  2⤵
  PID:7880
- C:\Windows\System\CRibqdO.exe
  C:\Windows\System\CRibqdO.exe
  2⤵
  PID:7896
- C:\Windows\System\vcZAZyU.exe
  C:\Windows\System\vcZAZyU.exe
  2⤵
  PID:7920
- C:\Windows\System\hMUUixM.exe
  C:\Windows\System\hMUUixM.exe
  2⤵
  PID:7940
- C:\Windows\System\UxwLYGB.exe
  C:\Windows\System\UxwLYGB.exe
  2⤵
  PID:7960
- C:\Windows\System\stjCkti.exe
  C:\Windows\System\stjCkti.exe
  2⤵
  PID:7980
- C:\Windows\System\HYhNJCE.exe
  C:\Windows\System\HYhNJCE.exe
  2⤵
  PID:7996
- C:\Windows\System\dezWNaM.exe
  C:\Windows\System\dezWNaM.exe
  2⤵
  PID:8012
- C:\Windows\System\WnRoTaQ.exe
  C:\Windows\System\WnRoTaQ.exe
  2⤵
  PID:8028
- C:\Windows\System\pSJdbCS.exe
  C:\Windows\System\pSJdbCS.exe
  2⤵
  PID:8044
- C:\Windows\System\uxMIpKd.exe
  C:\Windows\System\uxMIpKd.exe
  2⤵
  PID:8060
- C:\Windows\System\bfzLGEv.exe
  C:\Windows\System\bfzLGEv.exe
  2⤵
  PID:8124
- C:\Windows\System\NoFbupX.exe
  C:\Windows\System\NoFbupX.exe
  2⤵
  PID:8148
- C:\Windows\System\ImQeuzW.exe
  C:\Windows\System\ImQeuzW.exe
  2⤵
  PID:8164
- C:\Windows\System\qpvynIv.exe
  C:\Windows\System\qpvynIv.exe
  2⤵
  PID:8188
- C:\Windows\System\gjaHuog.exe
  C:\Windows\System\gjaHuog.exe
  2⤵
  PID:6856
- C:\Windows\System\MZWutmI.exe
  C:\Windows\System\MZWutmI.exe
  2⤵
  PID:6912
- C:\Windows\System\YAhdsCe.exe
  C:\Windows\System\YAhdsCe.exe
  2⤵
  PID:6992
- C:\Windows\System\LOVtEhB.exe
  C:\Windows\System\LOVtEhB.exe
  2⤵
  PID:3468
- C:\Windows\System\HOLIVSs.exe
  C:\Windows\System\HOLIVSs.exe
  2⤵
  PID:5904
- C:\Windows\System\iAUWzdG.exe
  C:\Windows\System\iAUWzdG.exe
  2⤵
  PID:4456
- C:\Windows\System\Hizebgs.exe
  C:\Windows\System\Hizebgs.exe
  2⤵
  PID:5632
- C:\Windows\System\OCZQnbG.exe
  C:\Windows\System\OCZQnbG.exe
  2⤵
  PID:8196
- C:\Windows\System\ApTxKrF.exe
  C:\Windows\System\ApTxKrF.exe
  2⤵
  PID:8224
- C:\Windows\System\cpfsamk.exe
  C:\Windows\System\cpfsamk.exe
  2⤵
  PID:8252
- C:\Windows\System\cWZGLSO.exe
  C:\Windows\System\cWZGLSO.exe
  2⤵
  PID:8272
- C:\Windows\System\PTFgABp.exe
  C:\Windows\System\PTFgABp.exe
  2⤵
  PID:8296
- C:\Windows\System\kjrsDyY.exe
  C:\Windows\System\kjrsDyY.exe
  2⤵
  PID:8316
- C:\Windows\System\elYAUmM.exe
  C:\Windows\System\elYAUmM.exe
  2⤵
  PID:8336
- C:\Windows\System\myKkkhN.exe
  C:\Windows\System\myKkkhN.exe
  2⤵
  PID:8368
- C:\Windows\System\osMarSd.exe
  C:\Windows\System\osMarSd.exe
  2⤵
  PID:8392
- C:\Windows\System\xwUrrmU.exe
  C:\Windows\System\xwUrrmU.exe
  2⤵
  PID:8408
- C:\Windows\System\xuOoXgu.exe
  C:\Windows\System\xuOoXgu.exe
  2⤵
  PID:8428
- C:\Windows\System\BCXbJTt.exe
  C:\Windows\System\BCXbJTt.exe
  2⤵
  PID:8448
- C:\Windows\System\hoBIoKI.exe
  C:\Windows\System\hoBIoKI.exe
  2⤵
  PID:8472
- C:\Windows\System\vOYSGEE.exe
  C:\Windows\System\vOYSGEE.exe
  2⤵
  PID:8496
- C:\Windows\System\xSMcdXi.exe
  C:\Windows\System\xSMcdXi.exe
  2⤵
  PID:8516
- C:\Windows\System\FtxEiEa.exe
  C:\Windows\System\FtxEiEa.exe
  2⤵
  PID:8536
- C:\Windows\System\EOPvote.exe
  C:\Windows\System\EOPvote.exe
  2⤵
  PID:8556
- C:\Windows\System\ohopvRY.exe
  C:\Windows\System\ohopvRY.exe
  2⤵
  PID:8580
- C:\Windows\System\WESxAQj.exe
  C:\Windows\System\WESxAQj.exe
  2⤵
  PID:8600
- C:\Windows\System\drZrUAZ.exe
  C:\Windows\System\drZrUAZ.exe
  2⤵
  PID:8616
- C:\Windows\System\JyzpOrT.exe
  C:\Windows\System\JyzpOrT.exe
  2⤵
  PID:8644
- C:\Windows\System\DFGdkhe.exe
  C:\Windows\System\DFGdkhe.exe
  2⤵
  PID:8672
- C:\Windows\System\slyNPKg.exe
  C:\Windows\System\slyNPKg.exe
  2⤵
  PID:8692
- C:\Windows\System\DiMofOx.exe
  C:\Windows\System\DiMofOx.exe
  2⤵
  PID:8712
- C:\Windows\System\zqtRPql.exe
  C:\Windows\System\zqtRPql.exe
  2⤵
  PID:8736
- C:\Windows\System\TOxPZfI.exe
  C:\Windows\System\TOxPZfI.exe
  2⤵
  PID:8756
- C:\Windows\System\tJuRokb.exe
  C:\Windows\System\tJuRokb.exe
  2⤵
  PID:8772
- C:\Windows\System\KRQsdbT.exe
  C:\Windows\System\KRQsdbT.exe
  2⤵
  PID:8788
- C:\Windows\System\iWJnIfn.exe
  C:\Windows\System\iWJnIfn.exe
  2⤵
  PID:8804
- C:\Windows\System\fZipbRs.exe
  C:\Windows\System\fZipbRs.exe
  2⤵
  PID:8820
- C:\Windows\System\JLVQFRN.exe
  C:\Windows\System\JLVQFRN.exe
  2⤵
  PID:8836
- C:\Windows\System\nlqIQMS.exe
  C:\Windows\System\nlqIQMS.exe
  2⤵
  PID:8864
- C:\Windows\System\JPJSvfc.exe
  C:\Windows\System\JPJSvfc.exe
  2⤵
  PID:8888
- C:\Windows\System\nXEGbza.exe
  C:\Windows\System\nXEGbza.exe
  2⤵
  PID:8908
- C:\Windows\System\ZFXZZaP.exe
  C:\Windows\System\ZFXZZaP.exe
  2⤵
  PID:8932
- C:\Windows\System\JsNwUne.exe
  C:\Windows\System\JsNwUne.exe
  2⤵
  PID:8952
- C:\Windows\System\hsCIXUq.exe
  C:\Windows\System\hsCIXUq.exe
  2⤵
  PID:8976
- C:\Windows\System\jnCkzGh.exe
  C:\Windows\System\jnCkzGh.exe
  2⤵
  PID:8996
- C:\Windows\System\zADeKxY.exe
  C:\Windows\System\zADeKxY.exe
  2⤵
  PID:9016
- C:\Windows\System\SLgohDG.exe
  C:\Windows\System\SLgohDG.exe
  2⤵
  PID:9040
- C:\Windows\System\uuzBfja.exe
  C:\Windows\System\uuzBfja.exe
  2⤵
  PID:9068
- C:\Windows\System\QMnetEZ.exe
  C:\Windows\System\QMnetEZ.exe
  2⤵
  PID:9088
- C:\Windows\System\GmwbhMs.exe
  C:\Windows\System\GmwbhMs.exe
  2⤵
  PID:9108
- C:\Windows\System\DxJKsAm.exe
  C:\Windows\System\DxJKsAm.exe
  2⤵
  PID:9132
- C:\Windows\System\EzdQLNW.exe
  C:\Windows\System\EzdQLNW.exe
  2⤵
  PID:9156
- C:\Windows\System\NSBIMeo.exe
  C:\Windows\System\NSBIMeo.exe
  2⤵
  PID:9172
- C:\Windows\System\fwrAlxV.exe
  C:\Windows\System\fwrAlxV.exe
  2⤵
  PID:9196
- C:\Windows\System\RMFWPtW.exe
  C:\Windows\System\RMFWPtW.exe
  2⤵
  PID:6588
- C:\Windows\System\LplUhAu.exe
  C:\Windows\System\LplUhAu.exe
  2⤵
  PID:6604
- C:\Windows\System\rEjWbeQ.exe
  C:\Windows\System\rEjWbeQ.exe
  2⤵
  PID:6872
- C:\Windows\System\dRWKFGg.exe
  C:\Windows\System\dRWKFGg.exe
  2⤵
  PID:4484
- C:\Windows\System\MAtTfeE.exe
  C:\Windows\System\MAtTfeE.exe
  2⤵
  PID:7332
- C:\Windows\System\UeeqLGb.exe
  C:\Windows\System\UeeqLGb.exe
  2⤵
  PID:7372
- C:\Windows\System\NNViKnN.exe
  C:\Windows\System\NNViKnN.exe
  2⤵
  PID:7408
- C:\Windows\System\dqXfIBj.exe
  C:\Windows\System\dqXfIBj.exe
  2⤵
  PID:7500
- C:\Windows\System\jtbwLkh.exe
  C:\Windows\System\jtbwLkh.exe
  2⤵
  PID:7560
- C:\Windows\System\SrukiAq.exe
  C:\Windows\System\SrukiAq.exe
  2⤵
  PID:7648
- C:\Windows\System\xlCctaU.exe
  C:\Windows\System\xlCctaU.exe
  2⤵
  PID:7688
- C:\Windows\System\DezdvnM.exe
  C:\Windows\System\DezdvnM.exe
  2⤵
  PID:7824
- C:\Windows\System\QYuxMMl.exe
  C:\Windows\System\QYuxMMl.exe
  2⤵
  PID:7972
- C:\Windows\System\leLbKSl.exe
  C:\Windows\System\leLbKSl.exe
  2⤵
  PID:1536
- C:\Windows\System\NtpTZJr.exe
  C:\Windows\System\NtpTZJr.exe
  2⤵
  PID:6972
- C:\Windows\System\atXvxTE.exe
  C:\Windows\System\atXvxTE.exe
  2⤵
  PID:5884
- C:\Windows\System\AxIfdwV.exe
  C:\Windows\System\AxIfdwV.exe
  2⤵
  PID:5692
- C:\Windows\System\MosEzuD.exe
  C:\Windows\System\MosEzuD.exe
  2⤵
  PID:5456
- C:\Windows\System\pPcPdHM.exe
  C:\Windows\System\pPcPdHM.exe
  2⤵
  PID:9224
- C:\Windows\System\gHYUkzC.exe
  C:\Windows\System\gHYUkzC.exe
  2⤵
  PID:9252
- C:\Windows\System\vBXKmCf.exe
  C:\Windows\System\vBXKmCf.exe
  2⤵
  PID:9272
- C:\Windows\System\pxNcguP.exe
  C:\Windows\System\pxNcguP.exe
  2⤵
  PID:9300
- C:\Windows\System\jxRsyCo.exe
  C:\Windows\System\jxRsyCo.exe
  2⤵
  PID:9316
- C:\Windows\System\oLbirWQ.exe
  C:\Windows\System\oLbirWQ.exe
  2⤵
  PID:9340
- C:\Windows\System\bxqrdre.exe
  C:\Windows\System\bxqrdre.exe
  2⤵
  PID:9356
- C:\Windows\System\UNxMtSY.exe
  C:\Windows\System\UNxMtSY.exe
  2⤵
  PID:9376
- C:\Windows\System\sqMkXwI.exe
  C:\Windows\System\sqMkXwI.exe
  2⤵
  PID:9396
- C:\Windows\System\rgTqZPW.exe
  C:\Windows\System\rgTqZPW.exe
  2⤵
  PID:9424
- C:\Windows\System\ZnnOAcN.exe
  C:\Windows\System\ZnnOAcN.exe
  2⤵
  PID:9440
- C:\Windows\System\VRAvbov.exe
  C:\Windows\System\VRAvbov.exe
  2⤵
  PID:9468
- C:\Windows\System\mYBiwrA.exe
  C:\Windows\System\mYBiwrA.exe
  2⤵
  PID:9488
- C:\Windows\System\BchDkOZ.exe
  C:\Windows\System\BchDkOZ.exe
  2⤵
  PID:9508
- C:\Windows\System\olabBtG.exe
  C:\Windows\System\olabBtG.exe
  2⤵
  PID:9532
- C:\Windows\System\gOgjeyW.exe
  C:\Windows\System\gOgjeyW.exe
  2⤵
  PID:9552
- C:\Windows\System\eoYyefR.exe
  C:\Windows\System\eoYyefR.exe
  2⤵
  PID:9576
- C:\Windows\System\Jxpwskd.exe
  C:\Windows\System\Jxpwskd.exe
  2⤵
  PID:9596
- C:\Windows\System\eVPvwIS.exe
  C:\Windows\System\eVPvwIS.exe
  2⤵
  PID:9620
- C:\Windows\System\ofjxfDQ.exe
  C:\Windows\System\ofjxfDQ.exe
  2⤵
  PID:9640
- C:\Windows\System\dKZEFve.exe
  C:\Windows\System\dKZEFve.exe
  2⤵
  PID:9656
- C:\Windows\System\QloixIh.exe
  C:\Windows\System\QloixIh.exe
  2⤵
  PID:9672
- C:\Windows\System\Inxnmfu.exe
  C:\Windows\System\Inxnmfu.exe
  2⤵
  PID:9700
- C:\Windows\System\qUPhWow.exe
  C:\Windows\System\qUPhWow.exe
  2⤵
  PID:9720
- C:\Windows\System\ucjOjBc.exe
  C:\Windows\System\ucjOjBc.exe
  2⤵
  PID:9740
- C:\Windows\System\CHuLpfM.exe
  C:\Windows\System\CHuLpfM.exe
  2⤵
  PID:9764
- C:\Windows\System\BuJkhsb.exe
  C:\Windows\System\BuJkhsb.exe
  2⤵
  PID:9788
- C:\Windows\System\kAQpqbA.exe
  C:\Windows\System\kAQpqbA.exe
  2⤵
  PID:9808
- C:\Windows\System\YwQOGBT.exe
  C:\Windows\System\YwQOGBT.exe
  2⤵
  PID:9828
- C:\Windows\System\OQmLWoX.exe
  C:\Windows\System\OQmLWoX.exe
  2⤵
  PID:9848
- C:\Windows\System\HstfWRC.exe
  C:\Windows\System\HstfWRC.exe
  2⤵
  PID:9868
- C:\Windows\System\rjefdlG.exe
  C:\Windows\System\rjefdlG.exe
  2⤵
  PID:9892
- C:\Windows\System\YeFrjiK.exe
  C:\Windows\System\YeFrjiK.exe
  2⤵
  PID:9912
- C:\Windows\System\hahhEKr.exe
  C:\Windows\System\hahhEKr.exe
  2⤵
  PID:9928
- C:\Windows\System\yfgyawL.exe
  C:\Windows\System\yfgyawL.exe
  2⤵
  PID:9948
- C:\Windows\System\YhsuKpz.exe
  C:\Windows\System\YhsuKpz.exe
  2⤵
  PID:9972
- C:\Windows\System\OrttQZT.exe
  C:\Windows\System\OrttQZT.exe
  2⤵
  PID:9988
- C:\Windows\System\yPSjicw.exe
  C:\Windows\System\yPSjicw.exe
  2⤵
  PID:10016
- C:\Windows\System\fUwwfsB.exe
  C:\Windows\System\fUwwfsB.exe
  2⤵
  PID:10040
- C:\Windows\System\lDUalEu.exe
  C:\Windows\System\lDUalEu.exe
  2⤵
  PID:10056
- C:\Windows\System\AtVZMKw.exe
  C:\Windows\System\AtVZMKw.exe
  2⤵
  PID:10080
- C:\Windows\System\WJYsnBs.exe
  C:\Windows\System\WJYsnBs.exe
  2⤵
  PID:10104
- C:\Windows\System\ukRRobg.exe
  C:\Windows\System\ukRRobg.exe
  2⤵
  PID:10124
- C:\Windows\System\spoTDFb.exe
  C:\Windows\System\spoTDFb.exe
  2⤵
  PID:10152
- C:\Windows\System\eopSaag.exe
  C:\Windows\System\eopSaag.exe
  2⤵
  PID:10172
- C:\Windows\System\oCmEjZf.exe
  C:\Windows\System\oCmEjZf.exe
  2⤵
  PID:10196
- C:\Windows\System\fohoRYG.exe
  C:\Windows\System\fohoRYG.exe
  2⤵
  PID:10220
- C:\Windows\System\YvnEcNp.exe
  C:\Windows\System\YvnEcNp.exe
  2⤵
  PID:6376
- C:\Windows\System\FZoTSiC.exe
  C:\Windows\System\FZoTSiC.exe
  2⤵
  PID:8260
- C:\Windows\System\NomOSdk.exe
  C:\Windows\System\NomOSdk.exe
  2⤵
  PID:8288
- C:\Windows\System\flpFRar.exe
  C:\Windows\System\flpFRar.exe
  2⤵
  PID:5480
- C:\Windows\System\lRnXeiO.exe
  C:\Windows\System\lRnXeiO.exe
  2⤵
  PID:6472
- C:\Windows\System\PDxKgNC.exe
  C:\Windows\System\PDxKgNC.exe
  2⤵
  PID:6760
- C:\Windows\System\MvBEfmR.exe
  C:\Windows\System\MvBEfmR.exe
  2⤵
  PID:7280
- C:\Windows\System\cwdDgoY.exe
  C:\Windows\System\cwdDgoY.exe
  2⤵
  PID:8588
- C:\Windows\System\nyjQNAU.exe
  C:\Windows\System\nyjQNAU.exe
  2⤵
  PID:8660
- C:\Windows\System\pXOBStr.exe
  C:\Windows\System\pXOBStr.exe
  2⤵
  PID:8708
- C:\Windows\System\bUirzTt.exe
  C:\Windows\System\bUirzTt.exe
  2⤵
  PID:8732
- C:\Windows\System\SuCUNcm.exe
  C:\Windows\System\SuCUNcm.exe
  2⤵
  PID:7548
- C:\Windows\System\GpCtdoD.exe
  C:\Windows\System\GpCtdoD.exe
  2⤵
  PID:8900
- C:\Windows\System\sglnwyZ.exe
  C:\Windows\System\sglnwyZ.exe
  2⤵
  PID:8920
- C:\Windows\System\paSAcJN.exe
  C:\Windows\System\paSAcJN.exe
  2⤵
  PID:9004
- C:\Windows\System\LcyZmiW.exe
  C:\Windows\System\LcyZmiW.exe
  2⤵
  PID:9104
- C:\Windows\System\muaOGzr.exe
  C:\Windows\System\muaOGzr.exe
  2⤵
  PID:7992
- C:\Windows\System\VkGIhAW.exe
  C:\Windows\System\VkGIhAW.exe
  2⤵
  PID:216
- C:\Windows\System\xKrhlvQ.exe
  C:\Windows\System\xKrhlvQ.exe
  2⤵
  PID:5452
- C:\Windows\System\irdaKDn.exe
  C:\Windows\System\irdaKDn.exe
  2⤵
  PID:2272
- C:\Windows\System\WtUwWQb.exe
  C:\Windows\System\WtUwWQb.exe
  2⤵
  PID:6096
- C:\Windows\System\KAEyRBn.exe
  C:\Windows\System\KAEyRBn.exe
  2⤵
  PID:5760
- C:\Windows\System\eYmvzLh.exe
  C:\Windows\System\eYmvzLh.exe
  2⤵
  PID:7668
- C:\Windows\System\BkjQiUz.exe
  C:\Windows\System\BkjQiUz.exe
  2⤵
  PID:6084
- C:\Windows\System\mbBMGtc.exe
  C:\Windows\System\mbBMGtc.exe
  2⤵
  PID:6008
- C:\Windows\System\eFEBsqR.exe
  C:\Windows\System\eFEBsqR.exe
  2⤵
  PID:9268
- C:\Windows\System\NXPCLNS.exe
  C:\Windows\System\NXPCLNS.exe
  2⤵
  PID:9312
- C:\Windows\System\JPeoUZQ.exe
  C:\Windows\System\JPeoUZQ.exe
  2⤵
  PID:8348
- C:\Windows\System\FTcyXSl.exe
  C:\Windows\System\FTcyXSl.exe
  2⤵
  PID:9364
- C:\Windows\System\ZLUCeQs.exe
  C:\Windows\System\ZLUCeQs.exe
  2⤵
  PID:10260
- C:\Windows\System\AZOVBSG.exe
  C:\Windows\System\AZOVBSG.exe
  2⤵
  PID:10288
- C:\Windows\System\NNNwfxS.exe
  C:\Windows\System\NNNwfxS.exe
  2⤵
  PID:10304
- C:\Windows\System\rmXYvCK.exe
  C:\Windows\System\rmXYvCK.exe
  2⤵
  PID:10332
- C:\Windows\System\XzhWhmU.exe
  C:\Windows\System\XzhWhmU.exe
  2⤵
  PID:10352
- C:\Windows\System\xmlBPqD.exe
  C:\Windows\System\xmlBPqD.exe
  2⤵
  PID:10372
- C:\Windows\System\iZJjcEg.exe
  C:\Windows\System\iZJjcEg.exe
  2⤵
  PID:10396
- C:\Windows\System\mCuhJDW.exe
  C:\Windows\System\mCuhJDW.exe
  2⤵
  PID:10416
- C:\Windows\System\MWWORZp.exe
  C:\Windows\System\MWWORZp.exe
  2⤵
  PID:10436
- C:\Windows\System\LzWqFDE.exe
  C:\Windows\System\LzWqFDE.exe
  2⤵
  PID:10460
- C:\Windows\System\Rkwwcmb.exe
  C:\Windows\System\Rkwwcmb.exe
  2⤵
  PID:10476
- C:\Windows\System\eLPfjEv.exe
  C:\Windows\System\eLPfjEv.exe
  2⤵
  PID:10508
- C:\Windows\System\XZeMDEq.exe
  C:\Windows\System\XZeMDEq.exe
  2⤵
  PID:10528
- C:\Windows\System\ZlpDewt.exe
  C:\Windows\System\ZlpDewt.exe
  2⤵
  PID:10560
- C:\Windows\System\DymDiBa.exe
  C:\Windows\System\DymDiBa.exe
  2⤵
  PID:10576
- C:\Windows\System\EITXhnz.exe
  C:\Windows\System\EITXhnz.exe
  2⤵
  PID:10596
- C:\Windows\System\SsHRtMG.exe
  C:\Windows\System\SsHRtMG.exe
  2⤵
  PID:10616
- C:\Windows\System\bUIxjLu.exe
  C:\Windows\System\bUIxjLu.exe
  2⤵
  PID:10640
- C:\Windows\System\snPomkL.exe
  C:\Windows\System\snPomkL.exe
  2⤵
  PID:10660
- C:\Windows\System\GocOhZB.exe
  C:\Windows\System\GocOhZB.exe
  2⤵
  PID:10684
- C:\Windows\System\IAHcwxw.exe
  C:\Windows\System\IAHcwxw.exe
  2⤵
  PID:10704
- C:\Windows\System\PHpDzxv.exe
  C:\Windows\System\PHpDzxv.exe
  2⤵
  PID:10728
- C:\Windows\System\OAUYBlG.exe
  C:\Windows\System\OAUYBlG.exe
  2⤵
  PID:10756
- C:\Windows\System\ClizDTX.exe
  C:\Windows\System\ClizDTX.exe
  2⤵
  PID:10776
- C:\Windows\System\qcybsnk.exe
  C:\Windows\System\qcybsnk.exe
  2⤵
  PID:10804
- C:\Windows\System\fRthnjv.exe
  C:\Windows\System\fRthnjv.exe
  2⤵
  PID:10824
- C:\Windows\System\uZHGxwg.exe
  C:\Windows\System\uZHGxwg.exe
  2⤵
  PID:10844
- C:\Windows\System\mdfVmJu.exe
  C:\Windows\System\mdfVmJu.exe
  2⤵
  PID:10868
- C:\Windows\System\cgXzzcA.exe
  C:\Windows\System\cgXzzcA.exe
  2⤵
  PID:10888
- C:\Windows\System\rwjuEEf.exe
  C:\Windows\System\rwjuEEf.exe
  2⤵
  PID:11360
- C:\Windows\System\BFUzIjL.exe
  C:\Windows\System\BFUzIjL.exe
  2⤵
  PID:11376
- C:\Windows\System\kVMVDOp.exe
  C:\Windows\System\kVMVDOp.exe
  2⤵
  PID:11392
- C:\Windows\System\AnruLUH.exe
  C:\Windows\System\AnruLUH.exe
  2⤵
  PID:11408
- C:\Windows\System\ZWhxLxr.exe
  C:\Windows\System\ZWhxLxr.exe
  2⤵
  PID:11428
- C:\Windows\System\mIHrHZJ.exe
  C:\Windows\System\mIHrHZJ.exe
  2⤵
  PID:11448
- C:\Windows\System\XqTeCAD.exe
  C:\Windows\System\XqTeCAD.exe
  2⤵
  PID:11464
- C:\Windows\System\RJUOqLu.exe
  C:\Windows\System\RJUOqLu.exe
  2⤵
  PID:11480
- C:\Windows\System\CckfWzw.exe
  C:\Windows\System\CckfWzw.exe
  2⤵
  PID:11500
- C:\Windows\System\pJtKwCA.exe
  C:\Windows\System\pJtKwCA.exe
  2⤵
  PID:11516
- C:\Windows\System\hgRRzzQ.exe
  C:\Windows\System\hgRRzzQ.exe
  2⤵
  PID:11536
- C:\Windows\System\euEEmKY.exe
  C:\Windows\System\euEEmKY.exe
  2⤵
  PID:11592
- C:\Windows\System\rWzEQUd.exe
  C:\Windows\System\rWzEQUd.exe
  2⤵
  PID:11620
- C:\Windows\System\qAptTDw.exe
  C:\Windows\System\qAptTDw.exe
  2⤵
  PID:11636
- C:\Windows\System\CtetyGH.exe
  C:\Windows\System\CtetyGH.exe
  2⤵
  PID:11656
- C:\Windows\System\IquRkEU.exe
  C:\Windows\System\IquRkEU.exe
  2⤵
  PID:11684
- C:\Windows\System\IuTtDiC.exe
  C:\Windows\System\IuTtDiC.exe
  2⤵
  PID:11708
- C:\Windows\System\DfbEqUm.exe
  C:\Windows\System\DfbEqUm.exe
  2⤵
  PID:11728
- C:\Windows\System\GTxjBvP.exe
  C:\Windows\System\GTxjBvP.exe
  2⤵
  PID:11752
- C:\Windows\System\IRMBFjI.exe
  C:\Windows\System\IRMBFjI.exe
  2⤵
  PID:11772
- C:\Windows\System\ARCwTcf.exe
  C:\Windows\System\ARCwTcf.exe
  2⤵
  PID:11792
- C:\Windows\System\uDnReXL.exe
  C:\Windows\System\uDnReXL.exe
  2⤵
  PID:11816
- C:\Windows\System\CNaqQPM.exe
  C:\Windows\System\CNaqQPM.exe
  2⤵
  PID:11844
- C:\Windows\System\EbjczVF.exe
  C:\Windows\System\EbjczVF.exe
  2⤵
  PID:11868
- C:\Windows\System\LekslRS.exe
  C:\Windows\System\LekslRS.exe
  2⤵
  PID:11908
- C:\Windows\System\XDfBzdB.exe
  C:\Windows\System\XDfBzdB.exe
  2⤵
  PID:11928
- C:\Windows\System\uMYLhyu.exe
  C:\Windows\System\uMYLhyu.exe
  2⤵
  PID:11964
- C:\Windows\System\LrXBqCj.exe
  C:\Windows\System\LrXBqCj.exe
  2⤵
  PID:11992
- C:\Windows\System\QbWkdxV.exe
  C:\Windows\System\QbWkdxV.exe
  2⤵
  PID:12016
- C:\Windows\System\RkHrNrY.exe
  C:\Windows\System\RkHrNrY.exe
  2⤵
  PID:12044
- C:\Windows\System\hBCpXbo.exe
  C:\Windows\System\hBCpXbo.exe
  2⤵
  PID:12092
- C:\Windows\System\jAlhSgR.exe
  C:\Windows\System\jAlhSgR.exe
  2⤵
  PID:12112
- C:\Windows\System\tnRbQxd.exe
  C:\Windows\System\tnRbQxd.exe
  2⤵
  PID:12140
- C:\Windows\System\DaSuVvh.exe
  C:\Windows\System\DaSuVvh.exe
  2⤵
  PID:12160
- C:\Windows\System\sBYlEdl.exe
  C:\Windows\System\sBYlEdl.exe
  2⤵
  PID:12188
- C:\Windows\System\umNJeMX.exe
  C:\Windows\System\umNJeMX.exe
  2⤵
  PID:12232
- C:\Windows\System\jBEPziy.exe
  C:\Windows\System\jBEPziy.exe
  2⤵
  PID:12252
- C:\Windows\System\mOeqMnF.exe
  C:\Windows\System\mOeqMnF.exe
  2⤵
  PID:12276
- C:\Windows\System\GPsbvlf.exe
  C:\Windows\System\GPsbvlf.exe
  2⤵
  PID:7316
- C:\Windows\System\rwWRWut.exe
  C:\Windows\System\rwWRWut.exe
  2⤵
  PID:6916
- C:\Windows\System\bIwfxXi.exe
  C:\Windows\System\bIwfxXi.exe
  2⤵
  PID:3408
- C:\Windows\System\aZjGRZh.exe
  C:\Windows\System\aZjGRZh.exe
  2⤵
  PID:5852
- C:\Windows\System\wbigYlH.exe
  C:\Windows\System\wbigYlH.exe
  2⤵
  PID:9288
- C:\Windows\System\YECoAdF.exe
  C:\Windows\System\YECoAdF.exe
  2⤵
  PID:9500
- C:\Windows\System\lIoaKDJ.exe
  C:\Windows\System\lIoaKDJ.exe
  2⤵
  PID:9652
- C:\Windows\System\nuRyxMF.exe
  C:\Windows\System\nuRyxMF.exe
  2⤵
  PID:9884
- C:\Windows\System\XTdTxLd.exe
  C:\Windows\System\XTdTxLd.exe
  2⤵
  PID:9920
- C:\Windows\System\QocbXYe.exe
  C:\Windows\System\QocbXYe.exe
  2⤵
  PID:10012
- C:\Windows\System\lolJxAC.exe
  C:\Windows\System\lolJxAC.exe
  2⤵
  PID:10076
- C:\Windows\System\QgmOtMa.exe
  C:\Windows\System\QgmOtMa.exe
  2⤵
  PID:10160
- C:\Windows\System\UzSgGQM.exe
  C:\Windows\System\UzSgGQM.exe
  2⤵
  PID:10212
- C:\Windows\System\YZxKiel.exe
  C:\Windows\System\YZxKiel.exe
  2⤵
  PID:8268
- C:\Windows\System\LeRfFyQ.exe
  C:\Windows\System\LeRfFyQ.exe
  2⤵
  PID:6712
- C:\Windows\System\hXKzKPg.exe
  C:\Windows\System\hXKzKPg.exe
  2⤵
  PID:8492
- C:\Windows\System\TtxqBxr.exe
  C:\Windows\System\TtxqBxr.exe
  2⤵
  PID:7452
- C:\Windows\System\DtwkCcp.exe
  C:\Windows\System\DtwkCcp.exe
  2⤵
  PID:9820
- C:\Windows\System\KmcXJuE.exe
  C:\Windows\System\KmcXJuE.exe
  2⤵
  PID:8160
- C:\Windows\System\VQhJcDb.exe
  C:\Windows\System\VQhJcDb.exe
  2⤵
  PID:6812
- C:\Windows\System\sPrsolQ.exe
  C:\Windows\System\sPrsolQ.exe
  2⤵
  PID:12292
- C:\Windows\System\kxpHfUO.exe
  C:\Windows\System\kxpHfUO.exe
  2⤵
  PID:12316
- C:\Windows\System\cpwhNLg.exe
  C:\Windows\System\cpwhNLg.exe
  2⤵
  PID:12332
- C:\Windows\System\KYHmGLn.exe
  C:\Windows\System\KYHmGLn.exe
  2⤵
  PID:12348
- C:\Windows\System\fknZdrG.exe
  C:\Windows\System\fknZdrG.exe
  2⤵
  PID:12364
- C:\Windows\System\SZBKobz.exe
  C:\Windows\System\SZBKobz.exe
  2⤵
  PID:12384
- C:\Windows\System\lUEmlxb.exe
  C:\Windows\System\lUEmlxb.exe
  2⤵
  PID:12400
- C:\Windows\System\HFIBuHi.exe
  C:\Windows\System\HFIBuHi.exe
  2⤵
  PID:12420
- C:\Windows\System\mIIQtLO.exe
  C:\Windows\System\mIIQtLO.exe
  2⤵
  PID:12440
- C:\Windows\System\LzTTbSz.exe
  C:\Windows\System\LzTTbSz.exe
  2⤵
  PID:12496
- C:\Windows\System\dhFhjOZ.exe
  C:\Windows\System\dhFhjOZ.exe
  2⤵
  PID:12564
- C:\Windows\System\GVroDda.exe
  C:\Windows\System\GVroDda.exe
  2⤵
  PID:12584
- C:\Windows\System\jGqyoWW.exe
  C:\Windows\System\jGqyoWW.exe
  2⤵
  PID:12608
- C:\Windows\System\xfViEFA.exe
  C:\Windows\System\xfViEFA.exe
  2⤵
  PID:12624
- C:\Windows\System\okjmqPA.exe
  C:\Windows\System\okjmqPA.exe
  2⤵
  PID:12640
- C:\Windows\System\qopnksA.exe
  C:\Windows\System\qopnksA.exe
  2⤵
  PID:12660
- C:\Windows\System\YZfyAsE.exe
  C:\Windows\System\YZfyAsE.exe
  2⤵
  PID:12684
- C:\Windows\System\fCcDjRt.exe
  C:\Windows\System\fCcDjRt.exe
  2⤵
  PID:12712
- C:\Windows\System\gAtLVOs.exe
  C:\Windows\System\gAtLVOs.exe
  2⤵
  PID:12732
- C:\Windows\System\tgArmhn.exe
  C:\Windows\System\tgArmhn.exe
  2⤵
  PID:12752
- C:\Windows\System\pYzXvqe.exe
  C:\Windows\System\pYzXvqe.exe
  2⤵
  PID:12780
- C:\Windows\System\jNXtbgk.exe
  C:\Windows\System\jNXtbgk.exe
  2⤵
  PID:12796
- C:\Windows\System\DxGKvXr.exe
  C:\Windows\System\DxGKvXr.exe
  2⤵
  PID:12820
- C:\Windows\System\geAOZwD.exe
  C:\Windows\System\geAOZwD.exe
  2⤵
  PID:12848
- C:\Windows\System\OQYgGDO.exe
  C:\Windows\System\OQYgGDO.exe
  2⤵
  PID:12868
- C:\Windows\System\yKxpeFD.exe
  C:\Windows\System\yKxpeFD.exe
  2⤵
  PID:12900
- C:\Windows\System\aLpQgMA.exe
  C:\Windows\System\aLpQgMA.exe
  2⤵
  PID:12924
- C:\Windows\System\GwJamzQ.exe
  C:\Windows\System\GwJamzQ.exe
  2⤵
  PID:12940
- C:\Windows\System\PQPrdCU.exe
  C:\Windows\System\PQPrdCU.exe
  2⤵
  PID:12960
- C:\Windows\System\bxVNdXP.exe
  C:\Windows\System\bxVNdXP.exe
  2⤵
  PID:12976
- C:\Windows\System\WKQodmc.exe
  C:\Windows\System\WKQodmc.exe
  2⤵
  PID:13004
- C:\Windows\System\MahotMt.exe
  C:\Windows\System\MahotMt.exe
  2⤵
  PID:13024
- C:\Windows\System\FiYKRUu.exe
  C:\Windows\System\FiYKRUu.exe
  2⤵
  PID:13044
- C:\Windows\System\JvrWWeO.exe
  C:\Windows\System\JvrWWeO.exe
  2⤵
  PID:13064
- C:\Windows\System\IBtFUzf.exe
  C:\Windows\System\IBtFUzf.exe
  2⤵
  PID:13092
- C:\Windows\System\pRsHsZe.exe
  C:\Windows\System\pRsHsZe.exe
  2⤵
  PID:13116
- C:\Windows\System\oYKwqjk.exe
  C:\Windows\System\oYKwqjk.exe
  2⤵
  PID:13140
- C:\Windows\System\HZlBKcC.exe
  C:\Windows\System\HZlBKcC.exe
  2⤵
  PID:13156
- C:\Windows\System\mvVKnIy.exe
  C:\Windows\System\mvVKnIy.exe
  2⤵
  PID:13176
- C:\Windows\System\MrCgHiQ.exe
  C:\Windows\System\MrCgHiQ.exe
  2⤵
  PID:13192
- C:\Windows\System\aZdfjkC.exe
  C:\Windows\System\aZdfjkC.exe
  2⤵
  PID:13220
- C:\Windows\System\ACMRKyv.exe
  C:\Windows\System\ACMRKyv.exe
  2⤵
  PID:13240
- C:\Windows\System\ULRtGvT.exe
  C:\Windows\System\ULRtGvT.exe
  2⤵
  PID:13268
- C:\Windows\System\ZXddUNC.exe
  C:\Windows\System\ZXddUNC.exe
  2⤵
  PID:13288
- C:\Windows\System\eBsvqiY.exe
  C:\Windows\System\eBsvqiY.exe
  2⤵
  PID:2780
- C:\Windows\System\OHiUYek.exe
  C:\Windows\System\OHiUYek.exe
  2⤵
  PID:9204
- C:\Windows\System\ZDFHGSk.exe
  C:\Windows\System\ZDFHGSk.exe
  2⤵
  PID:7620
- C:\Windows\System\socbpgG.exe
  C:\Windows\System\socbpgG.exe
  2⤵
  PID:10272
- C:\Windows\System\eDecOHr.exe
  C:\Windows\System\eDecOHr.exe
  2⤵
  PID:11800
- C:\Windows\System\RgPnMKt.exe
  C:\Windows\System\RgPnMKt.exe
  2⤵
  PID:13148
- C:\Windows\System\OHSSLmH.exe
  C:\Windows\System\OHSSLmH.exe
  2⤵
  PID:10772
- C:\Windows\System\rBCRbEZ.exe
  C:\Windows\System\rBCRbEZ.exe
  2⤵
  PID:13216
- C:\Windows\System\DNDuCus.exe
  C:\Windows\System\DNDuCus.exe
  2⤵
  PID:13260
- C:\Windows\System\BqLFnfH.exe
  C:\Windows\System\BqLFnfH.exe
  2⤵
  PID:12068
- C:\Windows\System\bummzzO.exe
  C:\Windows\System\bummzzO.exe
  2⤵
  PID:4048
- C:\Windows\System\FDqoAwK.exe
  C:\Windows\System\FDqoAwK.exe
  2⤵
  PID:7064
- C:\Windows\System\aJdEyld.exe
  C:\Windows\System\aJdEyld.exe
  2⤵
  PID:4508
- C:\Windows\System\qODCbCT.exe
  C:\Windows\System\qODCbCT.exe
  2⤵
  PID:11460
- C:\Windows\System\SzQCnEK.exe
  C:\Windows\System\SzQCnEK.exe
  2⤵
  PID:12672
- C:\Windows\System\YTnXCnB.exe
  C:\Windows\System\YTnXCnB.exe
  2⤵
  PID:11568
- C:\Windows\System\bEAUcik.exe
  C:\Windows\System\bEAUcik.exe
  2⤵
  PID:11652
- C:\Windows\System\ypoHzjV.exe
  C:\Windows\System\ypoHzjV.exe
  2⤵
  PID:11824
- C:\Windows\System\aRBtNal.exe
  C:\Windows\System\aRBtNal.exe
  2⤵
  PID:1968
- C:\Windows\System\izkDgui.exe
  C:\Windows\System\izkDgui.exe
  2⤵
  PID:12916
- C:\Windows\System\GKKeSEW.exe
  C:\Windows\System\GKKeSEW.exe
  2⤵
  PID:12836
- C:\Windows\System\FObSOWz.exe
  C:\Windows\System\FObSOWz.exe
  2⤵
  PID:13012
- C:\Windows\System\WNOsAfl.exe
  C:\Windows\System\WNOsAfl.exe
  2⤵
  PID:13200
- C:\Windows\System\kihcpyd.exe
  C:\Windows\System\kihcpyd.exe
  2⤵
  PID:4640
- C:\Windows\System\bkMDlSy.exe
  C:\Windows\System\bkMDlSy.exe
  2⤵
  PID:8440
- C:\Windows\System\sxMItgA.exe
  C:\Windows\System\sxMItgA.exe
  2⤵
  PID:8924
- C:\Windows\System\ZAkmKUx.exe
  C:\Windows\System\ZAkmKUx.exe
  2⤵
  PID:4200
- C:\Windows\System\jusThGr.exe
  C:\Windows\System\jusThGr.exe
  2⤵
  PID:7912
- C:\Windows\System\HSlytSx.exe
  C:\Windows\System\HSlytSx.exe
  2⤵
  PID:10360
- C:\Windows\System\SktjcgZ.exe
  C:\Windows\System\SktjcgZ.exe
  2⤵
  PID:8832
- C:\Windows\System\OcnsTDs.exe
  C:\Windows\System\OcnsTDs.exe
  2⤵
  PID:11512
- C:\Windows\System\yuouKQD.exe
  C:\Windows\System\yuouKQD.exe
  2⤵
  PID:12248
- C:\Windows\System\LAzBeoL.exe
  C:\Windows\System\LAzBeoL.exe
  2⤵
  PID:5404
- C:\Windows\System\hwaEfxp.exe
  C:\Windows\System\hwaEfxp.exe
  2⤵
  PID:12760
- C:\Windows\System\kYVzdXo.exe
  C:\Windows\System\kYVzdXo.exe
  2⤵
  PID:13100
- C:\Windows\System\MpEepKg.exe
  C:\Windows\System\MpEepKg.exe
  2⤵
  PID:7644
- C:\Windows\System\kWdLzqD.exe
  C:\Windows\System\kWdLzqD.exe
  2⤵
  PID:11748
- C:\Windows\System\tmlVQfK.exe
  C:\Windows\System\tmlVQfK.exe
  2⤵
  PID:10524
- C:\Windows\System\axzptmo.exe
  C:\Windows\System\axzptmo.exe
  2⤵
  PID:11860
- C:\Windows\System\AlHKUyJ.exe
  C:\Windows\System\AlHKUyJ.exe
  2⤵
  PID:11488
- C:\Windows\System\nIodqvK.exe
  C:\Windows\System\nIodqvK.exe
  2⤵
  PID:11700
- C:\Windows\System\oxDjXBC.exe
  C:\Windows\System\oxDjXBC.exe
  2⤵
  PID:11144
- C:\Windows\System\DlnkGHg.exe
  C:\Windows\System\DlnkGHg.exe
  2⤵
  PID:12324
- C:\Windows\System\nsNkLzp.exe
  C:\Windows\System\nsNkLzp.exe
  2⤵
  PID:10036
- C:\Windows\System\uwXldPJ.exe
  C:\Windows\System\uwXldPJ.exe
  2⤵
  PID:9388
- C:\Windows\System\vHYdceW.exe
  C:\Windows\System\vHYdceW.exe
  2⤵
  PID:10120
- C:\Windows\System\qEnJphv.exe
  C:\Windows\System\qEnJphv.exe
  2⤵
  PID:8608
- C:\Windows\System\qhnnlzN.exe
  C:\Windows\System\qhnnlzN.exe
  2⤵
  PID:5116
- C:\Windows\System\lNrznYH.exe
  C:\Windows\System\lNrznYH.exe
  2⤵
  PID:11736
- C:\Windows\System\rdUdTcE.exe
  C:\Windows\System\rdUdTcE.exe
  2⤵
  PID:3568
- C:\Windows\System\NyLUKjk.exe
  C:\Windows\System\NyLUKjk.exe
  2⤵
  PID:6036
- C:\Windows\System\fEYklXs.exe
  C:\Windows\System\fEYklXs.exe
  2⤵
  PID:776
- C:\Windows\System\AhSeyYf.exe
  C:\Windows\System\AhSeyYf.exe
  2⤵
  PID:7740
- C:\Windows\System\MTScQRx.exe
  C:\Windows\System\MTScQRx.exe
  2⤵
  PID:13056
- C:\Windows\System\XtOrnuJ.exe
  C:\Windows\System\XtOrnuJ.exe
  2⤵
  PID:1152
- C:\Windows\System\AkHngce.exe
  C:\Windows\System\AkHngce.exe
  2⤵
  PID:4656
- C:\Windows\System\FriyelN.exe
  C:\Windows\System\FriyelN.exe
  2⤵
  PID:6828
- C:\Windows\System\wiqbBNJ.exe
  C:\Windows\System\wiqbBNJ.exe
  2⤵
  PID:9956
- C:\Windows\System\aFXvxup.exe
  C:\Windows\System\aFXvxup.exe
  2⤵
  PID:11312
- C:\Windows\System\RHvDSlo.exe
  C:\Windows\System\RHvDSlo.exe
  2⤵
  PID:11048
- C:\Windows\System\dPnPjkZ.exe
  C:\Windows\System\dPnPjkZ.exe
  2⤵
  PID:12860
- C:\Windows\System\VKCitOh.exe
  C:\Windows\System\VKCitOh.exe
  2⤵
  PID:10492
- C:\Windows\System\xuvFpkX.exe
  C:\Windows\System\xuvFpkX.exe
  2⤵
  PID:12004
- C:\Windows\System\HAejuaZ.exe
  C:\Windows\System\HAejuaZ.exe
  2⤵
  PID:9448
- C:\Windows\System\IacXoiy.exe
  C:\Windows\System\IacXoiy.exe
  2⤵
  PID:6564
- C:\Windows\System\mGEIngv.exe
  C:\Windows\System\mGEIngv.exe
  2⤵
  PID:12156
- C:\Windows\System\VGaNQhL.exe
  C:\Windows\System\VGaNQhL.exe
  2⤵
  PID:9712
- C:\Windows\System\mRrziJq.exe
  C:\Windows\System\mRrziJq.exe
  2⤵
  PID:9164
- C:\Windows\System\QhnJXJg.exe
  C:\Windows\System\QhnJXJg.exe
  2⤵
  PID:1260
- C:\Windows\System\NhQdrRa.exe
  C:\Windows\System\NhQdrRa.exe
  2⤵
  PID:11720
- C:\Windows\System\jDKYxxn.exe
  C:\Windows\System\jDKYxxn.exe
  2⤵
  PID:12888
- C:\Windows\System\WbrwWrx.exe
  C:\Windows\System\WbrwWrx.exe
  2⤵
  PID:10672
- C:\Windows\System\lnQuBEt.exe
  C:\Windows\System\lnQuBEt.exe
  2⤵
  PID:4444
- C:\Windows\System\fNWaWJa.exe
  C:\Windows\System\fNWaWJa.exe
  2⤵
  PID:3952
- C:\Windows\System\QGTNmuD.exe
  C:\Windows\System\QGTNmuD.exe
  2⤵
  PID:1992
- C:\Windows\System\hzRbbcp.exe
  C:\Windows\System\hzRbbcp.exe
  2⤵
  PID:5240
- C:\Windows\System\IfSZXRg.exe
  C:\Windows\System\IfSZXRg.exe
  2⤵
  PID:4704
- C:\Windows\System\KSgbyoD.exe
  C:\Windows\System\KSgbyoD.exe
  2⤵
  PID:10696
- C:\Windows\System\MiTDMwQ.exe
  C:\Windows\System\MiTDMwQ.exe
  2⤵
  PID:12512
- C:\Windows\System\tvTSLXb.exe
  C:\Windows\System\tvTSLXb.exe
  2⤵
  PID:8968
- C:\Windows\System\UJoxUVH.exe
  C:\Windows\System\UJoxUVH.exe
  2⤵
  PID:4764
- C:\Windows\System\YEVoNzb.exe
  C:\Windows\System\YEVoNzb.exe
  2⤵
  PID:3160
- C:\Windows\System\AAOvHZH.exe
  C:\Windows\System\AAOvHZH.exe
  2⤵
  PID:4552
- C:\Windows\System\twsQDXb.exe
  C:\Windows\System\twsQDXb.exe
  2⤵
  PID:8724
- C:\Windows\System\JfZGEfi.exe
  C:\Windows\System\JfZGEfi.exe
  2⤵
  PID:11528
- C:\Windows\System\pmYnIkV.exe
  C:\Windows\System\pmYnIkV.exe
  2⤵
  PID:12592
- C:\Windows\System\CLsjAQh.exe
  C:\Windows\System\CLsjAQh.exe
  2⤵
  PID:12908
- C:\Windows\System\TpMFWgA.exe
  C:\Windows\System\TpMFWgA.exe
  2⤵
  PID:10324
- C:\Windows\System\NdNwHCF.exe
  C:\Windows\System\NdNwHCF.exe
  2⤵
  PID:5136
- C:\Windows\System\pfOrGzj.exe
  C:\Windows\System\pfOrGzj.exe
  2⤵
  PID:3112
- C:\Windows\System\ceCoVjr.exe
  C:\Windows\System\ceCoVjr.exe
  2⤵
  PID:3144
- C:\Windows\System\zirdVYQ.exe
  C:\Windows\System\zirdVYQ.exe
  2⤵
  PID:3604
- C:\Windows\System\bpwEEpn.exe
  C:\Windows\System\bpwEEpn.exe
  2⤵
  PID:8424
- C:\Windows\System\vwuGQmd.exe
  C:\Windows\System\vwuGQmd.exe
  2⤵
  PID:12504
- C:\Windows\System\UhZfugt.exe
  C:\Windows\System\UhZfugt.exe
  2⤵
  PID:9860
- C:\Windows\System\QJOJqjk.exe
  C:\Windows\System\QJOJqjk.exe
  2⤵
  PID:552
- C:\Windows\System\fUAwuaY.exe
  C:\Windows\System\fUAwuaY.exe
  2⤵
  PID:8896
- C:\Windows\System\EvohfqY.exe
  C:\Windows\System\EvohfqY.exe
  2⤵
  PID:12700
- C:\Windows\System\CspuXWE.exe
  C:\Windows\System\CspuXWE.exe
  2⤵
  PID:4900
- C:\Windows\System\pcJdsPp.exe
  C:\Windows\System\pcJdsPp.exe
  2⤵
  PID:4412
- C:\Windows\System\nwfQoVn.exe
  C:\Windows\System\nwfQoVn.exe
  2⤵
  PID:12080
- C:\Windows\System\YZCZGvk.exe
  C:\Windows\System\YZCZGvk.exe
  2⤵
  PID:10840
- C:\Windows\System\iEyUhLt.exe
  C:\Windows\System\iEyUhLt.exe
  2⤵
  PID:12356
- C:\Windows\System\VXzttVJ.exe
  C:\Windows\System\VXzttVJ.exe
  2⤵
  PID:1448
- C:\Windows\System\lapoqHW.exe
  C:\Windows\System\lapoqHW.exe
  2⤵
  PID:1248
- C:\Windows\System\nVsENQK.exe
  C:\Windows\System\nVsENQK.exe
  2⤵
  PID:2104
- C:\Windows\System\vuoDqkF.exe
  C:\Windows\System\vuoDqkF.exe
  2⤵
  PID:1668
- C:\Windows\System\aWIAEka.exe
  C:\Windows\System\aWIAEka.exe
  2⤵
  PID:8068
- C:\Windows\System\iYDoGeG.exe
  C:\Windows\System\iYDoGeG.exe
  2⤵
  PID:840
- C:\Windows\System\ScgYbJX.exe
  C:\Windows\System\ScgYbJX.exe
  2⤵
  PID:2648
- C:\Windows\System\nEGlXvC.exe
  C:\Windows\System\nEGlXvC.exe
  2⤵
  PID:3232
- C:\Windows\System\QIQohPX.exe
  C:\Windows\System\QIQohPX.exe
  2⤵
  PID:5096
- C:\Windows\System\KGqSDYw.exe
  C:\Windows\System\KGqSDYw.exe
  2⤵
  PID:3968
- C:\Windows\System\qfLCvTJ.exe
  C:\Windows\System\qfLCvTJ.exe
  2⤵
  PID:3648
- C:\Windows\System\GZdVTFX.exe
  C:\Windows\System\GZdVTFX.exe
  2⤵
  PID:852
- C:\Windows\System\ceemjYK.exe
  C:\Windows\System\ceemjYK.exe
  2⤵
  PID:4348
- C:\Windows\System\ZSgnaOG.exe
  C:\Windows\System\ZSgnaOG.exe
  2⤵
  PID:560
- C:\Windows\System\ryIBrtd.exe
  C:\Windows\System\ryIBrtd.exe
  2⤵
  PID:3848
- C:\Windows\System\WTjSXXm.exe
  C:\Windows\System\WTjSXXm.exe
  2⤵
  PID:4156
- C:\Windows\System\wwagZlz.exe
  C:\Windows\System\wwagZlz.exe
  2⤵
  PID:10468
- C:\Windows\System\jHcClJA.exe
  C:\Windows\System\jHcClJA.exe
  2⤵
  PID:11808
- C:\Windows\System\oamzeFO.exe
  C:\Windows\System\oamzeFO.exe
  2⤵
  PID:4112
- C:\Windows\System\UTGgJJq.exe
  C:\Windows\System\UTGgJJq.exe
  2⤵
  PID:456
- C:\Windows\System\UhIFuLn.exe
  C:\Windows\System\UhIFuLn.exe
  2⤵
  PID:4044
- C:\Windows\System\ASKfxqL.exe
  C:\Windows\System\ASKfxqL.exe
  2⤵
  PID:12952
- C:\Windows\System\Lxcfubx.exe
  C:\Windows\System\Lxcfubx.exe
  2⤵
  PID:2164
- C:\Windows\System\tjZqxUI.exe
  C:\Windows\System\tjZqxUI.exe
  2⤵
  PID:564
- C:\Windows\System\jhbcKFr.exe
  C:\Windows\System\jhbcKFr.exe
  2⤵
  PID:4240
- C:\Windows\System\NhMAFXp.exe
  C:\Windows\System\NhMAFXp.exe
  2⤵
  PID:6164
- C:\Windows\System\NarRFgE.exe
  C:\Windows\System\NarRFgE.exe
  2⤵
  PID:4996
- C:\Windows\System\AFmUcFu.exe
  C:\Windows\System\AFmUcFu.exe
  2⤵
  PID:4472
- C:\Windows\System\grAsziF.exe
  C:\Windows\System\grAsziF.exe
  2⤵
  PID:7140
- C:\Windows\System\ZrJSdmK.exe
  C:\Windows\System\ZrJSdmK.exe
  2⤵
  PID:4076
- C:\Windows\System\QPcBIsE.exe
  C:\Windows\System\QPcBIsE.exe
  2⤵
  PID:5020
- C:\Windows\System\tTPmoPG.exe
  C:\Windows\System\tTPmoPG.exe
  2⤵
  PID:2180
- C:\Windows\System\pLDviiw.exe
  C:\Windows\System\pLDviiw.exe
  2⤵
  PID:4248
- C:\Windows\System\gIZbKUa.exe
  C:\Windows\System\gIZbKUa.exe
  2⤵
  PID:3276
- C:\Windows\System\eznvQUh.exe
  C:\Windows\System\eznvQUh.exe
  2⤵
  PID:3700
- C:\Windows\System\GlpjidU.exe
  C:\Windows\System\GlpjidU.exe
  2⤵
  PID:784
- C:\Windows\System\AwTBdBe.exe
  C:\Windows\System\AwTBdBe.exe
  2⤵
  PID:3856
- C:\Windows\System\CjiQzAm.exe
  C:\Windows\System\CjiQzAm.exe
  2⤵
  PID:4548
- C:\Windows\System\vhkGHOJ.exe
  C:\Windows\System\vhkGHOJ.exe
  2⤵
  PID:1620
- C:\Windows\System\ZzjKSdq.exe
  C:\Windows\System\ZzjKSdq.exe
  2⤵
  PID:4164
- C:\Windows\System\UVRTCxC.exe
  C:\Windows\System\UVRTCxC.exe
  2⤵
  PID:3860
- C:\Windows\System\PPJTnoy.exe
  C:\Windows\System\PPJTnoy.exe
  2⤵
  PID:2084
- C:\Windows\System\nzQreCc.exe
  C:\Windows\System\nzQreCc.exe
  2⤵
  PID:1580
- C:\Windows\System\sPCTFqu.exe
  C:\Windows\System\sPCTFqu.exe
  2⤵
  PID:3036
- C:\Windows\System\dYnkqaO.exe
  C:\Windows\System\dYnkqaO.exe
  2⤵
  PID:4868
- C:\Windows\System\PFGnicB.exe
  C:\Windows\System\PFGnicB.exe
  2⤵
  PID:2884
- C:\Windows\System\QnfIAej.exe
  C:\Windows\System\QnfIAej.exe
  2⤵
  PID:1872
- C:\Windows\System\apriGdd.exe
  C:\Windows\System\apriGdd.exe
  2⤵
  PID:4028
- C:\Windows\System\zCLTiZJ.exe
  C:\Windows\System\zCLTiZJ.exe
  2⤵
  PID:13332

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 548 -p 12092 -ip 12092
1⤵
PID:6828

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:12488

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:3700

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:10052

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
1⤵
PID:12480

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
PID:2452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_fzxkhrlg.trm.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AvMpJYa.exe

Filesize
1.9MB

MD5
96d17be110a027bd83a36411093d629a

SHA1
78e188c0114e1122d20d443b1eb7572229308eb2

SHA256
0c6c3346ee4ca161a558cf5862651342dcd757178c793c7508051f78dbd92f7d

SHA512
a04e01af091805e462ea89aecf82d97cb1fe200b11e6275f6f82fdc68cb350472162c11f1822779537c471253c127587ae66e6b3a4570c31c52afb28dfd309e1

Download Submit
C:\Windows\System\CHDdBDB.exe

Filesize
8B

MD5
f12ac5989378bbf739c22dfa390b131d

SHA1
141d177c540cd8eb837bc2c97680ac3e9a7d27d6

SHA256
6e11dac3c776fb6a097c1a301a512cd71436e255b4a0051e41a7dc082294f4ff

SHA512
7ef52131ab9eb96ac3b625dcd6ef10c67b63a80807fdfa100d51afeceb5abc16f3868858624090c2082887f65697c3f88bc6c86660d9a8d3ac08714bc1886785

Download Submit
C:\Windows\System\DeBopfL.exe

Filesize
1.9MB

MD5
ee2ccee799a57f9731a6f07b8553b3eb

SHA1
d27d8deaef0b5e545d7cf5071d634ab61fb631e9

SHA256
82e2690c122cd7c909f912cb00a9cad7c2af09ac49de754d70a5e3156ad688a3

SHA512
a4605b3ba12e1e130f23aca20933784e123106cadb099652f0a5b601974efc0601324456ab80b02480b49f885be51f11df6c22ca519a6ff61db0d1aa30afa4ac

Download Submit
C:\Windows\System\FzXJKqc.exe

Filesize
1.9MB

MD5
1911a0206f0d1f60ab640c8230e8ace3

SHA1
61871948939ac9d9fb026630486c2ec622ad3d52

SHA256
a50680ef58b35bbedb4a1a46dfb3dee0bba4a013d297620c48129de6b23773b0

SHA512
ab20330e19ef4a4e49b42cfa0559194e08eeb8e6517718712dd6c27625e3507fc2ee1a6b79fd0f718c09576d2a69187a931776bc50e5b54b9fb710ad70bb8f21

Download Submit
C:\Windows\System\GfnMvCI.exe

Filesize
1.9MB

MD5
b12bd9fc06a851006bc012f5540fd2ae

SHA1
70e98528b257ce787b501c9474fa30cf1c29222b

SHA256
416701d74eeb732604e1d1fff9485ba05324f0e495e66ba78a486b3d7ae728da

SHA512
03c59cecfd7a9522a309098145111676f70abd5b81669536e7bdf1fcc93491a45c2b93e3846b1d957e953c3145e581066aea8c2c3a7d662d871510a719424f21

Download Submit
C:\Windows\System\HbynCLR.exe

Filesize
1.9MB

MD5
1b1a32b0929b3cce286e25716fd5b3c0

SHA1
aa4e23683afd304381e908654b7f0fafbc6c41b6

SHA256
14119800e9a30fe6039af03081592a585fbdf641db397119a514d49f06eddfe1

SHA512
1e709aa27cd1d9c060b3501712e911ed344f25c0fea64e49267b66513cc2dad8bdce067b33a6b08e262ba5751dae9426ec481e6bb13032bc0abb7a0cff9e8163

Download Submit
C:\Windows\System\OVtQCLR.exe

Filesize
1.9MB

MD5
47befd9449fdd3656feddc0a8098ad74

SHA1
55016d31784e6c5a8728ea456a72f707b5e830ab

SHA256
a9e948b6729efa5e3bd801cf4b6028b1c6237aa0e11cd8db4855716e728380ab

SHA512
34841988bb810d683a4fa6fe9af88ef99f064530a1d3a1b8d049cdd7f00123a34bc08acbb7a49bb3dc4c526a1648840c6b50ec6bce45f0aa48abc900e6a0538e

Download Submit
C:\Windows\System\Phrxbsi.exe

Filesize
1.9MB

MD5
5d2a7e1d6d2e2348cc9f941eedb2fa94

SHA1
0a28ba89baadb499023e72ee31d8162056667021

SHA256
1998712268dc7cc88e4f6361085866b7a83a64ce6a3823e8a6af5c9b2cd4c363

SHA512
a5146c657449c956c40243509e637d888cf1208ef00db99821062f88ef255bce7155c943c256da7c86e4b253f418976de97838d19e90c5d79eaea5227e153bdd

Download Submit
C:\Windows\System\RMzGrQU.exe

Filesize
1.9MB

MD5
5d93810b0562917168614d5a9b174645

SHA1
ab2a69540133fa181ec2de47c8a08e1be6743c0e

SHA256
d9cc0b99112a3dd78cb32c99a29ce4cbcc040eec691679243471d42ea0a7cbb4

SHA512
5d5b82384ff26a5e154073e5fd755b037c2d215c964aba41d7adcb59890ab79e5d8b64bc294d325b70d65063952843c30d0808dee02037c44c39175eb07eebd2

Download Submit
C:\Windows\System\VINnuBN.exe

Filesize
1.9MB

MD5
8718ed55ab84576c9a634f8955e0ed5c

SHA1
2e97bfd38dde2f8566ac1d7672a593c83ee42467

SHA256
b9b0b6adee0e989a9b6b82c0a58eae65c29f5ee3b8c66896e7bd8c954af1a2d5

SHA512
a6cfa4005d46a9aaa5cc3e46d6d883b6358a14c0ec4d4ed32c77c5f4bc104dbaa18598a86bc9b0fda1cbe94415482453aaf5641b0f133af024eb3224a5683627

Download Submit
C:\Windows\System\VKqnOib.exe

Filesize
1.9MB

MD5
2b9c60a3fd0050653b77e5339489abbd

SHA1
8405ef4a0148d105f3460b9f9981eca324e91418

SHA256
6598b3da255985894f5095931dfd1d4be22efaf4b05ca24c7cdc829720ae8a94

SHA512
6a5522defc4dd8196c16a9302542b361f39541ba9f5a8b81cd83f5f0b3ba516310f292e1911ce0fffb94f74fa64bee65c3b64a0128d8c02bc0d4971e82ba5281

Download Submit
C:\Windows\System\VsPCvEv.exe

Filesize
1.9MB

MD5
acf8fbcde6b9d6866953876f3496bf1e

SHA1
0436b613d7b1d7f02798abda05c888922e39f9f2

SHA256
52ad37aa0c3d844467db007078b517d1f2a608b5f352ecf291b5b6e571b17ec6

SHA512
98aebaefa795ee1706e4e9d561105d98781a4cb089bec311b707b66c018ac614a80990b6a414cc9e88c17a4bc52482ccbe38d164d47e8841b924153673682aed

Download Submit
C:\Windows\System\WsERtZW.exe

Filesize
1.9MB

MD5
67ebfaf76ee67736e25261dc43be369d

SHA1
2e8bc4e3efc6b52c7f55b46b263b35216a01a32b

SHA256
826798343606fdc7458e6be3be0d897bc9f37fa6e5f758e3ccfa7c8821bcd81b

SHA512
ab84b8925e287624dda8d03adda1c84d416a77ebaae0c32b94f902f5456141c174246f03bed71a876b7f7a5449bc002d258fb90b8ced0adc55b222515189f1a7

Download Submit
C:\Windows\System\XCrQZNy.exe

Filesize
1.9MB

MD5
db231c80ce7ae66db11ac5ed9eff90ce

SHA1
4ea04cbb3068933c80cb5cb8f6cd9c73f8dfb25e

SHA256
46cda2cff03b062c0dc5ce5d31508cd44a7415a567919be7cd66781bed9e8c63

SHA512
75d5c1b21ba9d9c41b2e9b5fd7f295ca16af7dadaf5d56e5f4710423e1b2d735963c56bb5588ce71b9739734fb422c477fab8d4b22bb896e16c930f5279f3c1c

Download Submit
C:\Windows\System\XFkwOue.exe

Filesize
1.9MB

MD5
24793725c362c7248516f2e2b111d0f6

SHA1
667c6bde07d6247d4afec2f9ce819cf69c5f0661

SHA256
82b8ce080c772f5c91d62156ee532b8913cfa7229f8ee7774733cb53fd5f8d06

SHA512
3bff084f776997fcf697ae8b59ef291cb12f4c8a813325c049691682353611ae05fb1c38dbe348f83951215ac3aa3f979037e1c79b981b3120b40978380105a6

Download Submit
C:\Windows\System\XLFjABM.exe

Filesize
1.9MB

MD5
6cc12f0e4e7588b0164fa4baa9a69d8e

SHA1
afb8f48f77b4de3d68bf079c47eaf67f6b7c0642

SHA256
7d1586b9ce1184dd150cc73b65116150b1e7206c8a1334481821c77672c02a2b

SHA512
7f64914d89a8bdae7fe42767d90164dbfc9eab118ad1cc95936a3a98a39bc56b143bc66bbea3969cde89cf3ce9e6e1890a451bc8bcd25891fdb5bd639286fff3

Download Submit
C:\Windows\System\ZRocXLv.exe

Filesize
1.9MB

MD5
40584502a832239c03c7c94ed417a8ad

SHA1
eb3579fad7a70fce47977e5d82e47cc1e4dabfd0

SHA256
94dc3f8fd3e145fa950291d23b578697f2c6d10216095aa5ccfee7f83fb08240

SHA512
b399f371d7df7ae0a60dc26620d6634cbc971303c9effc10347c60a160166075438cc27adfae3f3d5cd88a893c96d33219307f4b26ecd7fb732cbe59db3108c6

Download Submit
C:\Windows\System\aJNEHvA.exe

Filesize
1.9MB

MD5
81fe36a4384d989524732ea3704618a1

SHA1
fa217ad4471dcc1418497cd2122ab81796c28ffc

SHA256
52d244e65954e7252c5822f311583771c445e98759b2dec61667d4decb8c51fd

SHA512
a8b2d8991653746f573853ffab4da45b8ddf214b1bacb5ada2c463fae79a3cafe9be247c42ce485672104dbf36e89cc75e49d9d6d78e580aa85c7d5776a58404

Download Submit
C:\Windows\System\aaHsUEL.exe

Filesize
1.9MB

MD5
bf8246c192e0c0a1a3735f5571770e30

SHA1
477af01a2de1660ef04a8af67907af3d24745834

SHA256
0c67f37a98b9ff37ad131ca076c52fc12f79828684892e8a1401b7f08e5024aa

SHA512
cd5f38fbc908164581e0eafc193fcddb1d66871f1abc61db746a630d385379a003afbb426a30b73afca96d9d3a86978832f1be7e473856ff0e957b26ab8e029b

Download Submit
C:\Windows\System\agqdjmV.exe

Filesize
1.9MB

MD5
5ba4996e1ca311c38de78d892e5e90df

SHA1
33ea3d5815adc2019fd25adcf8ad07edaad03c03

SHA256
a6eadb3663eb45ea4a8326e6b684d50cd465578f64f1b5146928a7f4b837144a

SHA512
239151df5a5de5276ccda088eee0bffe388446d1695762cd17b0f1e8d469cff9ab645d4d6dc9bc14b350cf01899073bcd2533471e1282a44ea9cbee5b95ae302

Download Submit
C:\Windows\System\bzxYSVF.exe

Filesize
1.9MB

MD5
6dbdd8398b37ea71d2659138e913c4a8

SHA1
6e8e9e4b057f03c5edcbc971bc3a6218f669c332

SHA256
037e328f3eab6bc2612e2f7760f3fd938ad069d0820ee0597752fc6efb70ce62

SHA512
2f6afc133052387f672f5fea3190e0c0d1b0cbe1568792eea1be9df597d0a22e52fb47b022f1669fe7be375975699591d77a7a8d5cfe313844931729bb0819c5

Download Submit
C:\Windows\System\cJyElLI.exe

Filesize
1.9MB

MD5
268b300bb3829cd11cab1532c799bbbe

SHA1
fae3a6ae8acbaecc9f297fc95522a6d7cd7d1299

SHA256
1336f47acc289e66dc79c470502828750a9972d96e000fd3154146f18039a32a

SHA512
7a35233adc44c2208788f81adb13d27213024c5b5deaa08251e3cb1455ef280dbecef24d4cdf789dacdcd76c5223ae1ebfdf30054d82959dae1e9ce06de0344b

Download Submit
C:\Windows\System\cNdFOWS.exe

Filesize
1.9MB

MD5
37cd0f76d10674686558fa847387751d

SHA1
2cdb83b8c119d3b6ce71070627cc6939dc3c17bb

SHA256
66d9fdbe2d6f3ec4ff582d8e6114fc07a7739fc78e6a33c0f2a76601f2521905

SHA512
77bbd4b98530854aafd29f677ea19939d17de91e2ae5716a2c6f689ad83d39ab7fd25125c50813f983caa7c7e9b04101afc5d422932413e9e994a0d92b8ab280

Download Submit
C:\Windows\System\gSaKgXE.exe

Filesize
1.9MB

MD5
7a26d55707312b08d7316b27468ec2d6

SHA1
0088e97d2dd508e4fabf82cab3c7987baf82b693

SHA256
ebcd111fac656bf91e3c50765e2f5f2ca428060c5df331a4d781ea4e956991e3

SHA512
59e62bc18e08ad2202dce5dc8e935c262f815f9e5d36cafd8b2b1b8a1d3857140e30f7d9096e318bcec67af3a325cfe232820eb5e10487713ec4410cf13b8ff2

Download Submit
C:\Windows\System\gvgtVbZ.exe

Filesize
1.9MB

MD5
63b1217d024d362cb05dad65fa19d171

SHA1
f5bcd5c0f70b840e285f16e6c0e96917ea279f1a

SHA256
35a473b217c4324a412722b2743cff791a45ddbfcb8dc229d9f638d316467c38

SHA512
2ab2ab8dc3c27d81f1114521095d2ee55ba810be2436ab578dbb44e545c71c499559eb8dd1174da30b5a0384ae6b21a95960d619e8b5ebd77a55e0a5d47cd34b

Download Submit
C:\Windows\System\hrLznLv.exe

Filesize
1.9MB

MD5
f0d3da1400ae131fda5b0b2688df5563

SHA1
7d085e2b79d20653cb25051c0131cb50ca6f7284

SHA256
34711cf165cd3a3d7e6f8286e1746815968593078eb464dedf8fb624fc967205

SHA512
2dbd954f618a1dc2b2ee30544bdbed2b670003d7243d19e7173584b795b33e572503ad98840f6b124ebe0d67736ea90836a1bf2d26d19b41970e17241d1e2e1b

Download Submit
C:\Windows\System\iPcuuZi.exe

Filesize
1.9MB

MD5
d087fc8b9e80b65567993bef8ce211d7

SHA1
df2b9492b2c588c75c13b60d7fcaff747c87724f

SHA256
d088e49cafa0d9b3970a256aa36ab06da048754a892983758ef3a6d9cc6fb975

SHA512
fdba05cc38d454c044b1088e4fcb3a273b012856729605ec7eb32ba6838645ce5b944b09ce8dfd90200363ffdd4a23eded4f131d06900828ccf868da62da22ce

Download Submit
C:\Windows\System\iTHsXMP.exe

Filesize
1.9MB

MD5
9df20e5a462f90c51c9021a41cacc777

SHA1
17065ac162c66c5119414452f8031180978e0da9

SHA256
8a3764f17138202652eb82ea00bee359d89f728b0966da47d5de9f9518316c26

SHA512
c128c72bc2bf78d779e945e67b880c7d6b87b534f604d7e4f70d14fcf725c733dd92619f69375e4f53b6d32cba60ebba909713213ad014ef3d3d4c2af5e7446e

Download Submit
C:\Windows\System\iiPEJcW.exe

Filesize
1.9MB

MD5
fe25a7789099d97acbe4d1726539cfa6

SHA1
899ec1b843f19970870f0e94d2a3c3dd226d47a5

SHA256
6724cf7168ced6709e0286317391d4768e3a6776499876d0e4d14ced971f9e98

SHA512
34fd8e41b7fd6bc902e0536d223638970079d60167c101eeb696928dbf66430a7a05e8675f583ac09c5a6a66fd6d9a08967ab213ca193411d9e88028f659acc6

Download Submit
C:\Windows\System\jDfSSdu.exe

Filesize
1.9MB

MD5
01863dbe91fc42b398109d75899ef986

SHA1
91bde0b8d6260b8e87d82cca6e73d77a810455ef

SHA256
1aef36ab4b1a7016e7c304bff424ce3722213a973a2ecbd2f458293ffe471099

SHA512
91e2f02a8667c762730ec00c86f09192e5396a1650d2f0f2e5d003985c0ab0831079197c49370df6d1b2efb7d162f687e982d834b47e53ed93e654600cfb7feb

Download Submit
C:\Windows\System\jfbhqwx.exe

Filesize
1.9MB

MD5
2f6c358d550227bea3fe168a79437789

SHA1
b0fa2c4f60a1fdfd743fcaefc3472efb76f17fbb

SHA256
13e1e9205b2f974f3901980b914306fee6d9433031fd05cca76616df340f6a20

SHA512
8f8df57d5c9ba2dcfc9f19acd59d42468c2b2106b9d6fbae9875a1baeaa05072ecb3480b5aaf57a99066393af23dffbb2a2a71b1b65ca575db4a4813e9117057

Download Submit
C:\Windows\System\kEcEVvW.exe

Filesize
1.9MB

MD5
45e9512c9824da1b9710c68c1e431d64

SHA1
d3ff07b6ec06aa4b53b482cc67ae1d7beba39495

SHA256
cf715369fe54a1917569723fed248422782d12af0d4c272ea3b31cdc9e35a58b

SHA512
37f2c6465c930c72cf0314fbd24468e0ae2af3e86e37f5efe5c1ec6001df33404ecd77808bd7dce785e177ee5eb49b211ce75d1a325410d5a257c1958333846d

Download Submit
C:\Windows\System\kdfKDft.exe

Filesize
1.9MB

MD5
79f9d0572bb4c85dc14577697d5f8ce4

SHA1
4da447e2b296f002ec621483c7698f053238f371

SHA256
3edd57215615c629ace1ca38d5c302a30d54aa2d37950320195b23d49fc77020

SHA512
9115d6f527c3b7cfd2c1766aded33b94f15efd330c274be2f7a871a808ef234e6f2642207c2aa0c66223265d920149e33c8b0a96b31fa14c2a2e8b296638239d

Download Submit
C:\Windows\System\lECNJDg.exe

Filesize
1.9MB

MD5
2fbcd2f9045a7b9783669bb077646169

SHA1
652483dc96fddf248a2b4a32918429ad76bb3af4

SHA256
7d87e557d7ca8e65f26cde17d64d0e26f6f0bc6880d3775d95a9e2a7e3d41b8d

SHA512
9131bb3fa4b60b59950e0d5f84b81beb2d64c05852e7e555dcbef9d52e7a86a4677f4ed9354c345d774c1942eaacd56d6b8ce5f58548c418f687c0f5e977357a

Download Submit
C:\Windows\System\lpmVVVV.exe

Filesize
1.9MB

MD5
91ee82cee6f76ca28338663744aec4a7

SHA1
73c8175acff4e49fef7e975411666ad6a5207394

SHA256
6b514ee22d2c80fc25a834ec9a466f3d18c1afb257a124a996fe609b79d6d879

SHA512
a939cddf85dc7d988cd9ed9cbdd54bac3c1e429de0f3188f27660fcec5ccde3dbd529a64ba094e614358342c4a0c17eb211d3a31c78a1da2441c3027c84eb8af

Download Submit
C:\Windows\System\nZYeKJZ.exe

Filesize
1.9MB

MD5
8d4fbdef242faed6ca5c296c826b67e8

SHA1
835c3234d02d5800c8fb03626ff12ee7fa761907

SHA256
c60f7fe52d490da6ebc978cb48cbbbd61b42d4034875b6422f1dd0b603b3562e

SHA512
51d322f9bddfff317b13be5bd9fd390eb4e21b358c88cdbd37fe76db21468058e6375be6b44277057474c5c5800e1841f519e01939a2cbd80fea2af50df6a69a

Download Submit
C:\Windows\System\ojdClzp.exe

Filesize
1.9MB

MD5
b802da86bac329415da4b039463a5614

SHA1
425a13c78bdd6eee2a2c0982538244ce98cdd006

SHA256
21909e2df999d43896910184726bba78f4a1b85fe27b0dae6938aec58e8afb29

SHA512
0508d3644ee64057a059761dda3fa18e9c7a87cc77ccf61e12ade36ec99d987fe59755ad80150453f5e394ba016da091faa4ef13068dbf2c9442fee05d714d46

Download Submit
C:\Windows\System\sexGeUd.exe

Filesize
1.9MB

MD5
95f6d2fd8bfda7ac8843e8496f87e048

SHA1
7b37e73a0040762ca1cf91c888b183f9632b6ebc

SHA256
3746a8ab508e654ee56b4014831e3995afec44c6d9bf31ec74f0cf3ec9249a49

SHA512
304d62ff64b8fde124872544ceda6fe1e8b42dd7621c1882240b779e81f2dfa43fafee4f8e9ced98bd1d19565108da83d81358472a4836672050740e2391a4ac

Download Submit
C:\Windows\System\tWtsOoQ.exe

Filesize
1.9MB

MD5
7913b54056710ef3301623f33db45cd2

SHA1
8e363e0970bea542b5639e924c32f6167674733d

SHA256
20135a0461f10b96b53e5bb777c29115eb7041c26e5a028e7f04456428fde14e

SHA512
d5825c5836db671f264b5d5da76a626108cea4e0969cd3eac1ad4b7e4b242e3417b7ab671eb1e1be9aa1080bd1797bddbdfee0e73b63aa1693847c670135ec5e

Download Submit
C:\Windows\System\uiroFDW.exe

Filesize
1.9MB

MD5
edd683aea931115e5e807aff72f7cd13

SHA1
9bdaa392016cd09e6a7e4ed9a0661ba7fb512630

SHA256
5dd2e0a331d3515870492f7c4f58ba2107e8f00d3772e1f7778199e430f198fa

SHA512
5b5dae5d77262c00d4c147458919bafa3a5cc10e9d0a1c0ed70eff318cdd437de805f57477b5811a9fdcdfa7b04d43890e1636408489453bbec7c9a639cb1dbb

Download Submit
C:\Windows\System\vymqOVg.exe

Filesize
1.9MB

MD5
743e2473291c747360c8cc75f40c4173

SHA1
bf7fae267ddf208111c46a009c5d41ffb0abaa01

SHA256
e603ded0afcd42ae85040231341aaf907a4c03145726e851e0a92b848d144600

SHA512
7cc00763d43266c878c72444b9817af27b9f63668e132fa002a6e2064a5a1cad39b5548ad94c79210a691294b093b4a29863963abced9461754053944b7dad73

Download Submit
C:\Windows\System\xjmZkXJ.exe

Filesize
1.9MB

MD5
ae4338923bbd6e444c07b1ff29792a4e

SHA1
340bf1d88805b529d843f35fdd64e1c95cfa03c6

SHA256
8f62c80e9a8e6273961e016bbd0a11eb401d8cd96f568583a62350ac7d42bf03

SHA512
88435695c7766e30945c0c6bcc7701abdddeca5e4eeecc7cf4f28798a0613e025f325ddfe40d5616197dfb43bd51822200bab3a2328da631ce3ac31e1009d181

Download Submit
C:\Windows\System\xrYXzZI.exe

Filesize
1.9MB

MD5
f851dc18ac26b902ec1f40a8b7d88f36

SHA1
2aef37bd707856b778aeb0ff13c7f82f0f546c22

SHA256
965e670b513dc5f7c92f1476d3bc0e27743cad89651e98b54f093b6015858b25

SHA512
8e8060f6482432462987c39054a3a2f6f7bf37b33355483241b032e20e4ad3d3ac008c468c53489ed7f2ba2461192dab475d18b6a4711b269c316b3a695ca1ac

Download Submit
C:\Windows\System\yPHzYdp.exe

Filesize
1.9MB

MD5
af6922c70625abe0369b56024ea04958

SHA1
014e6dd1f0ccb1ff0af84913d1c920620ae9194a

SHA256
8c66161cce06c2006aa60989232616fa91d4c45bb5847b09346713ca65e0aec2

SHA512
e1cfb1dc17a17bcb5ba6f91d79535671dccd31324428a301133c977c81b0f947a0ba2aa4bdd209985f85e4758d7b7004396c8cee8899485b62039bd3b4343584

Download Submit
C:\Windows\System\zIQIVEO.exe

Filesize
1.9MB

MD5
dd39308d9088760c80fd31bf1c737c57

SHA1
58b83a1a8517a4a181333c704bea84b0e43bcea4

SHA256
d4f19201b51e3c99dc54db990d6c3262b8655f591ff6747f3a5b45f2fe27fb06

SHA512
b48d71b2060ab7534332c7c260f5c6729066e7294a62b242c9db407c9369ebaad5f6cb1b6d73f69fdfc557c25c0cb8cf7c3001d7f1737071c032a62bb41cc373

Download Submit
C:\Windows\System\zwTDVHZ.exe

Filesize
1.9MB

MD5
b1fe2fed31c44e4552c66e75395f2d95

SHA1
90db24f4f8fb748809a7230253959973d69a101d

SHA256
ea8a93636903043e3d01d1c004b475af7d898162ff156ce2a3c6a05d08d3b44d

SHA512
a312c6507e16e53f39fc9f088cb0003a1b960e8978640528cd15ee8972bb0adaa3461fe356af99dda594310529087128b7dff3469de354028eb433d1c9008552

Download Submit
memory/220-972-0x00007FF7A1310000-0x00007FF7A1702000-memory.dmp

Filesize
3.9MB

Download
memory/220-6134-0x00007FF7A1310000-0x00007FF7A1702000-memory.dmp

Filesize
3.9MB

Download
memory/732-5784-0x00007FF6B1690000-0x00007FF6B1A82000-memory.dmp

Filesize
3.9MB

Download
memory/732-603-0x00007FF6B1690000-0x00007FF6B1A82000-memory.dmp

Filesize
3.9MB

Download
memory/1140-411-0x00007FF7B08C0000-0x00007FF7B0CB2000-memory.dmp

Filesize
3.9MB

Download
memory/1200-605-0x00007FF6590D0000-0x00007FF6594C2000-memory.dmp

Filesize
3.9MB

Download
memory/1508-210-0x00007FF67A8B0000-0x00007FF67ACA2000-memory.dmp

Filesize
3.9MB

Download
memory/1972-474-0x00007FF786D90000-0x00007FF787182000-memory.dmp

Filesize
3.9MB

Download
memory/1972-6311-0x00007FF786D90000-0x00007FF787182000-memory.dmp

Filesize
3.9MB

Download
memory/2144-612-0x00007FF7244C0000-0x00007FF7248B2000-memory.dmp

Filesize
3.9MB

Download
memory/2332-971-0x00007FF616BE0000-0x00007FF616FD2000-memory.dmp

Filesize
3.9MB

Download
memory/2332-5772-0x00007FF616BE0000-0x00007FF616FD2000-memory.dmp

Filesize
3.9MB

Download
memory/2396-608-0x00007FF65E780000-0x00007FF65EB72000-memory.dmp

Filesize
3.9MB

Download
memory/2480-611-0x00007FF6AFA30000-0x00007FF6AFE22000-memory.dmp

Filesize
3.9MB

Download
memory/2480-6321-0x00007FF6AFA30000-0x00007FF6AFE22000-memory.dmp

Filesize
3.9MB

Download
memory/2608-6313-0x00007FF7E31B0000-0x00007FF7E35A2000-memory.dmp

Filesize
3.9MB

Download
memory/2608-606-0x00007FF7E31B0000-0x00007FF7E35A2000-memory.dmp

Filesize
3.9MB

Download
memory/2776-588-0x00007FF60C9E0000-0x00007FF60CDD2000-memory.dmp

Filesize
3.9MB

Download
memory/2776-5938-0x00007FF60C9E0000-0x00007FF60CDD2000-memory.dmp

Filesize
3.9MB

Download
memory/2788-5888-0x00007FF6B0E90000-0x00007FF6B1282000-memory.dmp

Filesize
3.9MB

Download
memory/2788-246-0x00007FF6B0E90000-0x00007FF6B1282000-memory.dmp

Filesize
3.9MB

Download
memory/2840-254-0x00007FF6C6F30000-0x00007FF6C7322000-memory.dmp

Filesize
3.9MB

Download
memory/2864-1-0x000002293BE30000-0x000002293BE40000-memory.dmp

Filesize
64KB

Download
memory/2864-5952-0x00007FF7B3A60000-0x00007FF7B3E52000-memory.dmp

Filesize
3.9MB

Download
memory/2864-0-0x00007FF7B3A60000-0x00007FF7B3E52000-memory.dmp

Filesize
3.9MB

Download
memory/3092-470-0x00007FF72D570000-0x00007FF72D962000-memory.dmp

Filesize
3.9MB

Download
memory/3092-5814-0x00007FF72D570000-0x00007FF72D962000-memory.dmp

Filesize
3.9MB

Download
memory/3104-610-0x00007FF6E8BA0000-0x00007FF6E8F92000-memory.dmp

Filesize
3.9MB

Download
memory/3536-614-0x00007FF7BBE10000-0x00007FF7BC202000-memory.dmp

Filesize
3.9MB

Download
memory/3612-604-0x00007FF7CF170000-0x00007FF7CF562000-memory.dmp

Filesize
3.9MB

Download
memory/3808-17-0x00007FF64F5C0000-0x00007FF64F9B2000-memory.dmp

Filesize
3.9MB

Download
memory/3972-101-0x00007FFB88240000-0x00007FFB88D01000-memory.dmp

Filesize
10.8MB

Download
memory/3972-20-0x00007FFB88243000-0x00007FFB88245000-memory.dmp

Filesize
8KB

Download
memory/3972-813-0x00007FFB88240000-0x00007FFB88D01000-memory.dmp

Filesize
10.8MB

Download
memory/3972-305-0x0000028CB8A60000-0x0000028CB8A82000-memory.dmp

Filesize
136KB

Download
memory/4160-607-0x00007FF7FE430000-0x00007FF7FE822000-memory.dmp

Filesize
3.9MB

Download
memory/4160-6315-0x00007FF7FE430000-0x00007FF7FE822000-memory.dmp

Filesize
3.9MB

Download
memory/4184-5815-0x00007FF7C2920000-0x00007FF7C2D12000-memory.dmp

Filesize
3.9MB

Download
memory/4184-609-0x00007FF7C2920000-0x00007FF7C2D12000-memory.dmp

Filesize
3.9MB

Download
memory/4192-6136-0x00007FF667F00000-0x00007FF6682F2000-memory.dmp

Filesize
3.9MB

Download
memory/4192-613-0x00007FF667F00000-0x00007FF6682F2000-memory.dmp

Filesize
3.9MB

Download
memory/4388-334-0x00007FF7A0150000-0x00007FF7A0542000-memory.dmp

Filesize
3.9MB

Download
memory/4496-169-0x00007FF6E1B50000-0x00007FF6E1F42000-memory.dmp

Filesize
3.9MB

Download