xmrig | fe7fc90db06f0308f972295ce985454787d60ceaa82f96507b8f7639a5283ed1

Analysis

max time kernel
150s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06-08-2024 02:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0bad912cf5c952ec5b768c9c06905920.exe
Size

1.1MB
MD5

0bad912cf5c952ec5b768c9c06905920
SHA1

1339b7a4d32e576be3ecaa66afb0518dfb1aa014
SHA256

fe7fc90db06f0308f972295ce985454787d60ceaa82f96507b8f7639a5283ed1
SHA512

c54bad4eaeea17ea13146f75b0d2f5737c8e9d309398902c2f7d9b018208d29f3e375bec78cd87873d1483932780cd5432541d8f26e2efa6e4c5998cb7d8a6de
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkibTJH+2Q/ynKeWYyq55wpGI9AZODg:Lz071uv4BPMkibTIA5ybH9w

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 25 IoCs

miner

resource	yara_rule
behavioral2/memory/4268-208-0x00007FF705320000-0x00007FF705712000-memory.dmp	xmrig
behavioral2/memory/3796-252-0x00007FF765900000-0x00007FF765CF2000-memory.dmp	xmrig
behavioral2/memory/4988-258-0x00007FF687950000-0x00007FF687D42000-memory.dmp	xmrig
behavioral2/memory/5044-263-0x00007FF667840000-0x00007FF667C32000-memory.dmp	xmrig
behavioral2/memory/2684-269-0x00007FF701790000-0x00007FF701B82000-memory.dmp	xmrig
behavioral2/memory/8-268-0x00007FF669010000-0x00007FF669402000-memory.dmp	xmrig
behavioral2/memory/2136-266-0x00007FF703CF0000-0x00007FF7040E2000-memory.dmp	xmrig
behavioral2/memory/3240-265-0x00007FF79F580000-0x00007FF79F972000-memory.dmp	xmrig
behavioral2/memory/2308-264-0x00007FF7C8AA0000-0x00007FF7C8E92000-memory.dmp	xmrig
behavioral2/memory/4968-262-0x00007FF6AFD60000-0x00007FF6B0152000-memory.dmp	xmrig
behavioral2/memory/4536-261-0x00007FF7B9700000-0x00007FF7B9AF2000-memory.dmp	xmrig
behavioral2/memory/1480-260-0x00007FF7BC3C0000-0x00007FF7BC7B2000-memory.dmp	xmrig
behavioral2/memory/2728-259-0x00007FF7C4B70000-0x00007FF7C4F62000-memory.dmp	xmrig
behavioral2/memory/2412-257-0x00007FF6DD6C0000-0x00007FF6DDAB2000-memory.dmp	xmrig
behavioral2/memory/3180-256-0x00007FF706770000-0x00007FF706B62000-memory.dmp	xmrig
behavioral2/memory/184-255-0x00007FF62D140000-0x00007FF62D532000-memory.dmp	xmrig
behavioral2/memory/3652-254-0x00007FF6876F0000-0x00007FF687AE2000-memory.dmp	xmrig
behavioral2/memory/2560-253-0x00007FF77AB20000-0x00007FF77AF12000-memory.dmp	xmrig
behavioral2/memory/5064-251-0x00007FF66D6D0000-0x00007FF66DAC2000-memory.dmp	xmrig
behavioral2/memory/3272-241-0x00007FF705C40000-0x00007FF706032000-memory.dmp	xmrig
behavioral2/memory/4984-206-0x00007FF691620000-0x00007FF691A12000-memory.dmp	xmrig
behavioral2/memory/4912-170-0x00007FF638390000-0x00007FF638782000-memory.dmp	xmrig
behavioral2/memory/964-109-0x00007FF6B9120000-0x00007FF6B9512000-memory.dmp	xmrig
behavioral2/memory/2296-4506-0x00007FF6D00E0000-0x00007FF6D04D2000-memory.dmp	xmrig
behavioral2/memory/3536-4507-0x00007FF72BB60000-0x00007FF72BF52000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3440	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2296	vMuqQpj.exe
8	KxuMrRV.exe
964	hbYzYCu.exe
4912	eofoqrm.exe
4984	ysnfTJg.exe
4268	WaLDhFF.exe
3272	RLEGznk.exe
5064	yBYMpCg.exe
3796	nvtcjVR.exe
2560	xodtBoL.exe
3652	EJtxCbF.exe
184	syFMoFP.exe
3180	QadKOao.exe
2412	TVVRXxn.exe
4988	xzNuFjs.exe
2684	ceLgdVJ.exe
2728	MHPmanK.exe
1480	DouufQC.exe
4536	JZVTMBy.exe
4968	oiLbxiQ.exe
5044	ZQoRYJT.exe
2308	pJDArcX.exe
3240	hTimvdy.exe
2136	EePRdPP.exe
3524	ywMmiti.exe
4348	BZPPWgA.exe
2520	iAbRUHp.exe
400	FTnTmGu.exe
3124	jcwpCtb.exe
1148	enDiiEI.exe
932	iqQSfdv.exe
2164	kfkgDnA.exe
4164	HojmeDv.exe
1300	JZyLLnR.exe
2796	QQZECyb.exe
1184	OAUsZMO.exe
4916	BMuTJIK.exe
4172	Kkzaycp.exe
3604	WiEUgyS.exe
4052	utTLiTU.exe
1700	tIpDCYY.exe
1920	TWTlOXC.exe
4136	YykOegg.exe
2944	aIpUujY.exe
1036	RHOjprl.exe
5088	vaUrEmz.exe
4768	UoISNLO.exe
5052	xjWWLwy.exe
744	mcRMPHo.exe
732	qmkPLVJ.exe
4920	GyNhlgb.exe
2720	fHwGpDH.exe
1256	iuYQnyK.exe
4400	GNIaBQN.exe
4384	GLZrwFC.exe
1704	QaSrcbr.exe
3924	OhEkSha.exe
4528	QKhXmxF.exe
4524	dDUdJRk.exe
3632	ZWlYYfd.exe
3584	jSbjtDB.exe
2484	THcxutK.exe
1372	cIGaEQQ.exe
4552	tKzxpwb.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3536-0-0x00007FF72BB60000-0x00007FF72BF52000-memory.dmp	upx
behavioral2/files/0x00090000000234a5-5.dat	upx
behavioral2/files/0x0008000000023508-22.dat	upx
behavioral2/files/0x000700000002351b-116.dat	upx
behavioral2/files/0x0007000000023527-160.dat	upx
behavioral2/files/0x0007000000023525-188.dat	upx
behavioral2/memory/4268-208-0x00007FF705320000-0x00007FF705712000-memory.dmp	upx
behavioral2/memory/3796-252-0x00007FF765900000-0x00007FF765CF2000-memory.dmp	upx
behavioral2/memory/4988-258-0x00007FF687950000-0x00007FF687D42000-memory.dmp	upx
behavioral2/memory/5044-263-0x00007FF667840000-0x00007FF667C32000-memory.dmp	upx
behavioral2/memory/2684-269-0x00007FF701790000-0x00007FF701B82000-memory.dmp	upx
behavioral2/memory/8-268-0x00007FF669010000-0x00007FF669402000-memory.dmp	upx
behavioral2/memory/2136-266-0x00007FF703CF0000-0x00007FF7040E2000-memory.dmp	upx
behavioral2/memory/3240-265-0x00007FF79F580000-0x00007FF79F972000-memory.dmp	upx
behavioral2/memory/2308-264-0x00007FF7C8AA0000-0x00007FF7C8E92000-memory.dmp	upx
behavioral2/memory/4968-262-0x00007FF6AFD60000-0x00007FF6B0152000-memory.dmp	upx
behavioral2/memory/4536-261-0x00007FF7B9700000-0x00007FF7B9AF2000-memory.dmp	upx
behavioral2/memory/1480-260-0x00007FF7BC3C0000-0x00007FF7BC7B2000-memory.dmp	upx
behavioral2/memory/2728-259-0x00007FF7C4B70000-0x00007FF7C4F62000-memory.dmp	upx
behavioral2/memory/2412-257-0x00007FF6DD6C0000-0x00007FF6DDAB2000-memory.dmp	upx
behavioral2/memory/3180-256-0x00007FF706770000-0x00007FF706B62000-memory.dmp	upx
behavioral2/memory/184-255-0x00007FF62D140000-0x00007FF62D532000-memory.dmp	upx
behavioral2/memory/3652-254-0x00007FF6876F0000-0x00007FF687AE2000-memory.dmp	upx
behavioral2/memory/2560-253-0x00007FF77AB20000-0x00007FF77AF12000-memory.dmp	upx
behavioral2/memory/5064-251-0x00007FF66D6D0000-0x00007FF66DAC2000-memory.dmp	upx
behavioral2/memory/3272-241-0x00007FF705C40000-0x00007FF706032000-memory.dmp	upx
behavioral2/memory/4984-206-0x00007FF691620000-0x00007FF691A12000-memory.dmp	upx
behavioral2/files/0x0007000000023532-185.dat	upx
behavioral2/files/0x0007000000023531-184.dat	upx
behavioral2/files/0x0007000000023522-183.dat	upx
behavioral2/files/0x0007000000023530-182.dat	upx
behavioral2/files/0x0007000000023521-181.dat	upx
behavioral2/files/0x000700000002352e-180.dat	upx
behavioral2/files/0x0007000000023517-178.dat	upx
behavioral2/files/0x000700000002352c-177.dat	upx
behavioral2/files/0x0007000000023516-175.dat	upx
behavioral2/files/0x000700000002352b-174.dat	upx
behavioral2/files/0x000700000002351e-172.dat	upx
behavioral2/memory/4912-170-0x00007FF638390000-0x00007FF638782000-memory.dmp	upx
behavioral2/files/0x000700000002351c-169.dat	upx
behavioral2/files/0x0007000000023526-159.dat	upx
behavioral2/files/0x0007000000023524-151.dat	upx
behavioral2/files/0x0007000000023523-150.dat	upx
behavioral2/files/0x0007000000023520-134.dat	upx
behavioral2/files/0x0007000000023513-132.dat	upx
behavioral2/files/0x000700000002351f-129.dat	upx
behavioral2/files/0x000700000002352a-173.dat	upx
behavioral2/files/0x000700000002351d-123.dat	upx
behavioral2/files/0x000700000002351a-114.dat	upx
behavioral2/files/0x0007000000023512-111.dat	upx
behavioral2/memory/964-109-0x00007FF6B9120000-0x00007FF6B9512000-memory.dmp	upx
behavioral2/files/0x0007000000023519-104.dat	upx
behavioral2/files/0x0007000000023518-103.dat	upx
behavioral2/files/0x0007000000023511-140.dat	upx
behavioral2/files/0x0007000000023514-94.dat	upx
behavioral2/files/0x000700000002350d-69.dat	upx
behavioral2/files/0x0007000000023515-64.dat	upx
behavioral2/files/0x000700000002350f-82.dat	upx
behavioral2/files/0x000700000002350e-78.dat	upx
behavioral2/files/0x000700000002350c-72.dat	upx
behavioral2/files/0x0007000000023510-51.dat	upx
behavioral2/files/0x000700000002350b-57.dat	upx
behavioral2/files/0x000700000002350a-31.dat	upx
behavioral2/files/0x0007000000023509-27.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\OhEkSha.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\DzIKWdQ.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\GGMrBVd.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\fQKuVMD.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\FzqLkjx.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\qXkDlbW.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\iIvQpqZ.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\uQPOQjo.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\OYQrNqk.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\QfasOIY.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\bXpYtCt.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\GbJafJd.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\OxuMTms.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\NJaFhOz.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\sMdGqBS.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\TtsjrjS.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\ZdvRIeH.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\dsKDuTO.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\zlAHenb.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\ONeraIM.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\VFEHCut.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\Ftuioua.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\ZNimcUb.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\MQBLoht.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\fSuGILj.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\QdKynpa.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\nDCYZoR.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\hNWFwrH.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\MwQNXWA.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\YIpshoT.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\lPQeVJQ.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\kaCDKQg.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\VNokBFK.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\KPgDEjG.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\qJWbWeJ.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\uRccYkX.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\ejluUJJ.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\DdnGGcd.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\ysBVTAH.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\oGAKhfO.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\HSIsuQI.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\GNIaBQN.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\tKzxpwb.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\vlDjQJP.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\fcJpScz.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\EKKmSQr.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\LAOZLQo.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\DITplcF.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\wKrSqVN.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\qecdehH.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\siRCFoa.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\AHCvzow.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\XQOUjRJ.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\yeoWadY.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\QANzhwU.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\YRCCvca.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\NciVqiN.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\nYvYwJV.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\zKZemPD.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\BZqWwKc.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\eLzDtqR.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\VawzvAf.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\gDjgjVw.exe	0bad912cf5c952ec5b768c9c06905920.exe
File created	C:\Windows\System\hivEPRg.exe	0bad912cf5c952ec5b768c9c06905920.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
3440	powershell.exe
3440	powershell.exe
3440	powershell.exe

Suspicious behavior: LoadsDriver 64 IoCs

pid	Process
8828	Process not Found
11328	Process not Found
11444	Process not Found
9504	Process not Found
10336	Process not Found
12592	Process not Found
7116	Process not Found
12212	Process not Found
12968	Process not Found
11492	Process not Found
10724	Process not Found
6964	Process not Found
10556	Process not Found
11608	Process not Found
13016	Process not Found
8684	Process not Found
4588	Process not Found
12740	Process not Found
10580	Process not Found
10952	Process not Found
10560	Process not Found
13164	Process not Found
6288	Process not Found
9632	Process not Found
10120	Process not Found
10640	Process not Found
12584	Process not Found
13292	Process not Found
11768	Process not Found
12356	Process not Found
12764	Process not Found
12388	Process not Found
12716	Process not Found
12440	Process not Found
7728	Process not Found
13288	Process not Found
10480	Process not Found
12272	Process not Found
2216	Process not Found
12656	Process not Found
13324	Process not Found
13364	Process not Found
13384	Process not Found
13540	Process not Found
14148	Process not Found
13464	Process not Found
13420	Process not Found
556	Process not Found
14068	Process not Found
14112	Process not Found
1204	Process not Found
384	Process not Found
14300	Process not Found
14172	Process not Found
14284	Process not Found
14244	Process not Found
2992	Process not Found
812	Process not Found
5096	Process not Found
14224	Process not Found
612	Process not Found
2660	Process not Found
768	Process not Found
3200	Process not Found

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3536	0bad912cf5c952ec5b768c9c06905920.exe
Token: SeLockMemoryPrivilege	3536	0bad912cf5c952ec5b768c9c06905920.exe
Token: SeDebugPrivilege	3440	powershell.exe
Token: SeCreateGlobalPrivilege	14120	dwm.exe
Token: SeChangeNotifyPrivilege	14120	dwm.exe
Token: 33	14120	dwm.exe
Token: SeIncBasePriorityPrivilege	14120	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3536 wrote to memory of 3440	3536	0bad912cf5c952ec5b768c9c06905920.exe	84
PID 3536 wrote to memory of 3440	3536	0bad912cf5c952ec5b768c9c06905920.exe	84
PID 3536 wrote to memory of 2296	3536	0bad912cf5c952ec5b768c9c06905920.exe	85
PID 3536 wrote to memory of 2296	3536	0bad912cf5c952ec5b768c9c06905920.exe	85
PID 3536 wrote to memory of 8	3536	0bad912cf5c952ec5b768c9c06905920.exe	86
PID 3536 wrote to memory of 8	3536	0bad912cf5c952ec5b768c9c06905920.exe	86
PID 3536 wrote to memory of 964	3536	0bad912cf5c952ec5b768c9c06905920.exe	87
PID 3536 wrote to memory of 964	3536	0bad912cf5c952ec5b768c9c06905920.exe	87
PID 3536 wrote to memory of 4912	3536	0bad912cf5c952ec5b768c9c06905920.exe	88
PID 3536 wrote to memory of 4912	3536	0bad912cf5c952ec5b768c9c06905920.exe	88
PID 3536 wrote to memory of 4984	3536	0bad912cf5c952ec5b768c9c06905920.exe	89
PID 3536 wrote to memory of 4984	3536	0bad912cf5c952ec5b768c9c06905920.exe	89
PID 3536 wrote to memory of 4268	3536	0bad912cf5c952ec5b768c9c06905920.exe	90
PID 3536 wrote to memory of 4268	3536	0bad912cf5c952ec5b768c9c06905920.exe	90
PID 3536 wrote to memory of 3272	3536	0bad912cf5c952ec5b768c9c06905920.exe	91
PID 3536 wrote to memory of 3272	3536	0bad912cf5c952ec5b768c9c06905920.exe	91
PID 3536 wrote to memory of 5064	3536	0bad912cf5c952ec5b768c9c06905920.exe	92
PID 3536 wrote to memory of 5064	3536	0bad912cf5c952ec5b768c9c06905920.exe	92
PID 3536 wrote to memory of 3796	3536	0bad912cf5c952ec5b768c9c06905920.exe	93
PID 3536 wrote to memory of 3796	3536	0bad912cf5c952ec5b768c9c06905920.exe	93
PID 3536 wrote to memory of 2560	3536	0bad912cf5c952ec5b768c9c06905920.exe	94
PID 3536 wrote to memory of 2560	3536	0bad912cf5c952ec5b768c9c06905920.exe	94
PID 3536 wrote to memory of 3652	3536	0bad912cf5c952ec5b768c9c06905920.exe	95
PID 3536 wrote to memory of 3652	3536	0bad912cf5c952ec5b768c9c06905920.exe	95
PID 3536 wrote to memory of 184	3536	0bad912cf5c952ec5b768c9c06905920.exe	96
PID 3536 wrote to memory of 184	3536	0bad912cf5c952ec5b768c9c06905920.exe	96
PID 3536 wrote to memory of 3180	3536	0bad912cf5c952ec5b768c9c06905920.exe	97
PID 3536 wrote to memory of 3180	3536	0bad912cf5c952ec5b768c9c06905920.exe	97
PID 3536 wrote to memory of 2412	3536	0bad912cf5c952ec5b768c9c06905920.exe	98
PID 3536 wrote to memory of 2412	3536	0bad912cf5c952ec5b768c9c06905920.exe	98
PID 3536 wrote to memory of 4988	3536	0bad912cf5c952ec5b768c9c06905920.exe	99
PID 3536 wrote to memory of 4988	3536	0bad912cf5c952ec5b768c9c06905920.exe	99
PID 3536 wrote to memory of 2684	3536	0bad912cf5c952ec5b768c9c06905920.exe	100
PID 3536 wrote to memory of 2684	3536	0bad912cf5c952ec5b768c9c06905920.exe	100
PID 3536 wrote to memory of 2728	3536	0bad912cf5c952ec5b768c9c06905920.exe	101
PID 3536 wrote to memory of 2728	3536	0bad912cf5c952ec5b768c9c06905920.exe	101
PID 3536 wrote to memory of 1480	3536	0bad912cf5c952ec5b768c9c06905920.exe	102
PID 3536 wrote to memory of 1480	3536	0bad912cf5c952ec5b768c9c06905920.exe	102
PID 3536 wrote to memory of 4536	3536	0bad912cf5c952ec5b768c9c06905920.exe	103
PID 3536 wrote to memory of 4536	3536	0bad912cf5c952ec5b768c9c06905920.exe	103
PID 3536 wrote to memory of 4968	3536	0bad912cf5c952ec5b768c9c06905920.exe	104
PID 3536 wrote to memory of 4968	3536	0bad912cf5c952ec5b768c9c06905920.exe	104
PID 3536 wrote to memory of 5044	3536	0bad912cf5c952ec5b768c9c06905920.exe	105
PID 3536 wrote to memory of 5044	3536	0bad912cf5c952ec5b768c9c06905920.exe	105
PID 3536 wrote to memory of 2308	3536	0bad912cf5c952ec5b768c9c06905920.exe	106
PID 3536 wrote to memory of 2308	3536	0bad912cf5c952ec5b768c9c06905920.exe	106
PID 3536 wrote to memory of 3240	3536	0bad912cf5c952ec5b768c9c06905920.exe	107
PID 3536 wrote to memory of 3240	3536	0bad912cf5c952ec5b768c9c06905920.exe	107
PID 3536 wrote to memory of 2164	3536	0bad912cf5c952ec5b768c9c06905920.exe	108
PID 3536 wrote to memory of 2164	3536	0bad912cf5c952ec5b768c9c06905920.exe	108
PID 3536 wrote to memory of 2136	3536	0bad912cf5c952ec5b768c9c06905920.exe	109
PID 3536 wrote to memory of 2136	3536	0bad912cf5c952ec5b768c9c06905920.exe	109
PID 3536 wrote to memory of 3524	3536	0bad912cf5c952ec5b768c9c06905920.exe	110
PID 3536 wrote to memory of 3524	3536	0bad912cf5c952ec5b768c9c06905920.exe	110
PID 3536 wrote to memory of 4348	3536	0bad912cf5c952ec5b768c9c06905920.exe	111
PID 3536 wrote to memory of 4348	3536	0bad912cf5c952ec5b768c9c06905920.exe	111
PID 3536 wrote to memory of 2520	3536	0bad912cf5c952ec5b768c9c06905920.exe	112
PID 3536 wrote to memory of 2520	3536	0bad912cf5c952ec5b768c9c06905920.exe	112
PID 3536 wrote to memory of 400	3536	0bad912cf5c952ec5b768c9c06905920.exe	113
PID 3536 wrote to memory of 400	3536	0bad912cf5c952ec5b768c9c06905920.exe	113
PID 3536 wrote to memory of 3124	3536	0bad912cf5c952ec5b768c9c06905920.exe	114
PID 3536 wrote to memory of 3124	3536	0bad912cf5c952ec5b768c9c06905920.exe	114
PID 3536 wrote to memory of 4052	3536	0bad912cf5c952ec5b768c9c06905920.exe	115
PID 3536 wrote to memory of 4052	3536	0bad912cf5c952ec5b768c9c06905920.exe	115

C:\Users\Admin\AppData\Local\Temp\0bad912cf5c952ec5b768c9c06905920.exe
"C:\Users\Admin\AppData\Local\Temp\0bad912cf5c952ec5b768c9c06905920.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3536
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3440
- C:\Windows\System\vMuqQpj.exe
  C:\Windows\System\vMuqQpj.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\KxuMrRV.exe
  C:\Windows\System\KxuMrRV.exe
  2⤵
  - Executes dropped EXE
  PID:8
- C:\Windows\System\hbYzYCu.exe
  C:\Windows\System\hbYzYCu.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\eofoqrm.exe
  C:\Windows\System\eofoqrm.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\ysnfTJg.exe
  C:\Windows\System\ysnfTJg.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\WaLDhFF.exe
  C:\Windows\System\WaLDhFF.exe
  2⤵
  - Executes dropped EXE
  PID:4268
- C:\Windows\System\RLEGznk.exe
  C:\Windows\System\RLEGznk.exe
  2⤵
  - Executes dropped EXE
  PID:3272
- C:\Windows\System\yBYMpCg.exe
  C:\Windows\System\yBYMpCg.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\nvtcjVR.exe
  C:\Windows\System\nvtcjVR.exe
  2⤵
  - Executes dropped EXE
  PID:3796
- C:\Windows\System\xodtBoL.exe
  C:\Windows\System\xodtBoL.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\EJtxCbF.exe
  C:\Windows\System\EJtxCbF.exe
  2⤵
  - Executes dropped EXE
  PID:3652
- C:\Windows\System\syFMoFP.exe
  C:\Windows\System\syFMoFP.exe
  2⤵
  - Executes dropped EXE
  PID:184
- C:\Windows\System\QadKOao.exe
  C:\Windows\System\QadKOao.exe
  2⤵
  - Executes dropped EXE
  PID:3180
- C:\Windows\System\TVVRXxn.exe
  C:\Windows\System\TVVRXxn.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\xzNuFjs.exe
  C:\Windows\System\xzNuFjs.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\ceLgdVJ.exe
  C:\Windows\System\ceLgdVJ.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\MHPmanK.exe
  C:\Windows\System\MHPmanK.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\DouufQC.exe
  C:\Windows\System\DouufQC.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\JZVTMBy.exe
  C:\Windows\System\JZVTMBy.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\oiLbxiQ.exe
  C:\Windows\System\oiLbxiQ.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\ZQoRYJT.exe
  C:\Windows\System\ZQoRYJT.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\pJDArcX.exe
  C:\Windows\System\pJDArcX.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\hTimvdy.exe
  C:\Windows\System\hTimvdy.exe
  2⤵
  - Executes dropped EXE
  PID:3240
- C:\Windows\System\kfkgDnA.exe
  C:\Windows\System\kfkgDnA.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\EePRdPP.exe
  C:\Windows\System\EePRdPP.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\ywMmiti.exe
  C:\Windows\System\ywMmiti.exe
  2⤵
  - Executes dropped EXE
  PID:3524
- C:\Windows\System\BZPPWgA.exe
  C:\Windows\System\BZPPWgA.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\iAbRUHp.exe
  C:\Windows\System\iAbRUHp.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\FTnTmGu.exe
  C:\Windows\System\FTnTmGu.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\jcwpCtb.exe
  C:\Windows\System\jcwpCtb.exe
  2⤵
  - Executes dropped EXE
  PID:3124
- C:\Windows\System\utTLiTU.exe
  C:\Windows\System\utTLiTU.exe
  2⤵
  - Executes dropped EXE
  PID:4052
- C:\Windows\System\enDiiEI.exe
  C:\Windows\System\enDiiEI.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\iqQSfdv.exe
  C:\Windows\System\iqQSfdv.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\TWTlOXC.exe
  C:\Windows\System\TWTlOXC.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\YykOegg.exe
  C:\Windows\System\YykOegg.exe
  2⤵
  - Executes dropped EXE
  PID:4136
- C:\Windows\System\HojmeDv.exe
  C:\Windows\System\HojmeDv.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System\JZyLLnR.exe
  C:\Windows\System\JZyLLnR.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\QQZECyb.exe
  C:\Windows\System\QQZECyb.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\aIpUujY.exe
  C:\Windows\System\aIpUujY.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\OAUsZMO.exe
  C:\Windows\System\OAUsZMO.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\RHOjprl.exe
  C:\Windows\System\RHOjprl.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\BMuTJIK.exe
  C:\Windows\System\BMuTJIK.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\Kkzaycp.exe
  C:\Windows\System\Kkzaycp.exe
  2⤵
  - Executes dropped EXE
  PID:4172
- C:\Windows\System\WiEUgyS.exe
  C:\Windows\System\WiEUgyS.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System\tIpDCYY.exe
  C:\Windows\System\tIpDCYY.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\vaUrEmz.exe
  C:\Windows\System\vaUrEmz.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\UoISNLO.exe
  C:\Windows\System\UoISNLO.exe
  2⤵
  - Executes dropped EXE
  PID:4768
- C:\Windows\System\xjWWLwy.exe
  C:\Windows\System\xjWWLwy.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\mcRMPHo.exe
  C:\Windows\System\mcRMPHo.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\qmkPLVJ.exe
  C:\Windows\System\qmkPLVJ.exe
  2⤵
  - Executes dropped EXE
  PID:732
- C:\Windows\System\jSbjtDB.exe
  C:\Windows\System\jSbjtDB.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\GyNhlgb.exe
  C:\Windows\System\GyNhlgb.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\fHwGpDH.exe
  C:\Windows\System\fHwGpDH.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\iuYQnyK.exe
  C:\Windows\System\iuYQnyK.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\GNIaBQN.exe
  C:\Windows\System\GNIaBQN.exe
  2⤵
  - Executes dropped EXE
  PID:4400
- C:\Windows\System\GLZrwFC.exe
  C:\Windows\System\GLZrwFC.exe
  2⤵
  - Executes dropped EXE
  PID:4384
- C:\Windows\System\QaSrcbr.exe
  C:\Windows\System\QaSrcbr.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\OhEkSha.exe
  C:\Windows\System\OhEkSha.exe
  2⤵
  - Executes dropped EXE
  PID:3924
- C:\Windows\System\QKhXmxF.exe
  C:\Windows\System\QKhXmxF.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\dDUdJRk.exe
  C:\Windows\System\dDUdJRk.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\ZWlYYfd.exe
  C:\Windows\System\ZWlYYfd.exe
  2⤵
  - Executes dropped EXE
  PID:3632
- C:\Windows\System\THcxutK.exe
  C:\Windows\System\THcxutK.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\cIGaEQQ.exe
  C:\Windows\System\cIGaEQQ.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\tKzxpwb.exe
  C:\Windows\System\tKzxpwb.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\cDbUTqI.exe
  C:\Windows\System\cDbUTqI.exe
  2⤵
  PID:3092
- C:\Windows\System\JNNGNZh.exe
  C:\Windows\System\JNNGNZh.exe
  2⤵
  PID:2376
- C:\Windows\System\vbEGVdC.exe
  C:\Windows\System\vbEGVdC.exe
  2⤵
  PID:3932
- C:\Windows\System\QCJykuv.exe
  C:\Windows\System\QCJykuv.exe
  2⤵
  PID:3788
- C:\Windows\System\RPBSDik.exe
  C:\Windows\System\RPBSDik.exe
  2⤵
  PID:2240
- C:\Windows\System\pUnVmpM.exe
  C:\Windows\System\pUnVmpM.exe
  2⤵
  PID:4484
- C:\Windows\System\euPBadc.exe
  C:\Windows\System\euPBadc.exe
  2⤵
  PID:396
- C:\Windows\System\awxOukN.exe
  C:\Windows\System\awxOukN.exe
  2⤵
  PID:2200
- C:\Windows\System\AbxZRNW.exe
  C:\Windows\System\AbxZRNW.exe
  2⤵
  PID:5016
- C:\Windows\System\DzIKWdQ.exe
  C:\Windows\System\DzIKWdQ.exe
  2⤵
  PID:3880
- C:\Windows\System\pNsVBcz.exe
  C:\Windows\System\pNsVBcz.exe
  2⤵
  PID:4596
- C:\Windows\System\ifuWNhk.exe
  C:\Windows\System\ifuWNhk.exe
  2⤵
  PID:2696
- C:\Windows\System\JtlkfNc.exe
  C:\Windows\System\JtlkfNc.exe
  2⤵
  PID:800
- C:\Windows\System\cLfNzjN.exe
  C:\Windows\System\cLfNzjN.exe
  2⤵
  PID:2816
- C:\Windows\System\YMSmlJW.exe
  C:\Windows\System\YMSmlJW.exe
  2⤵
  PID:2392
- C:\Windows\System\tgeRinm.exe
  C:\Windows\System\tgeRinm.exe
  2⤵
  PID:1644
- C:\Windows\System\NWPAAsE.exe
  C:\Windows\System\NWPAAsE.exe
  2⤵
  PID:4900
- C:\Windows\System\hYpdycd.exe
  C:\Windows\System\hYpdycd.exe
  2⤵
  PID:3644
- C:\Windows\System\sPUJBSo.exe
  C:\Windows\System\sPUJBSo.exe
  2⤵
  PID:4448
- C:\Windows\System\ZaCrgDo.exe
  C:\Windows\System\ZaCrgDo.exe
  2⤵
  PID:3228
- C:\Windows\System\HWJMwdG.exe
  C:\Windows\System\HWJMwdG.exe
  2⤵
  PID:3388
- C:\Windows\System\cTpCvMf.exe
  C:\Windows\System\cTpCvMf.exe
  2⤵
  PID:2680
- C:\Windows\System\AWBquDk.exe
  C:\Windows\System\AWBquDk.exe
  2⤵
  PID:5000
- C:\Windows\System\XKOTxJG.exe
  C:\Windows\System\XKOTxJG.exe
  2⤵
  PID:2708
- C:\Windows\System\mSTnzYX.exe
  C:\Windows\System\mSTnzYX.exe
  2⤵
  PID:4228
- C:\Windows\System\YfUIVPw.exe
  C:\Windows\System\YfUIVPw.exe
  2⤵
  PID:1368
- C:\Windows\System\tOoZHqq.exe
  C:\Windows\System\tOoZHqq.exe
  2⤵
  PID:3824
- C:\Windows\System\hlPJVTc.exe
  C:\Windows\System\hlPJVTc.exe
  2⤵
  PID:508
- C:\Windows\System\tWQDpxR.exe
  C:\Windows\System\tWQDpxR.exe
  2⤵
  PID:1144
- C:\Windows\System\BGFnGHj.exe
  C:\Windows\System\BGFnGHj.exe
  2⤵
  PID:4780
- C:\Windows\System\dlmftgD.exe
  C:\Windows\System\dlmftgD.exe
  2⤵
  PID:2004
- C:\Windows\System\tPCfgRL.exe
  C:\Windows\System\tPCfgRL.exe
  2⤵
  PID:4408
- C:\Windows\System\dyxCZrI.exe
  C:\Windows\System\dyxCZrI.exe
  2⤵
  PID:1848
- C:\Windows\System\RcurAtG.exe
  C:\Windows\System\RcurAtG.exe
  2⤵
  PID:5136
- C:\Windows\System\pgXCgti.exe
  C:\Windows\System\pgXCgti.exe
  2⤵
  PID:5156
- C:\Windows\System\IXxCkMs.exe
  C:\Windows\System\IXxCkMs.exe
  2⤵
  PID:5176
- C:\Windows\System\CUikSkE.exe
  C:\Windows\System\CUikSkE.exe
  2⤵
  PID:5204
- C:\Windows\System\NvUlcnC.exe
  C:\Windows\System\NvUlcnC.exe
  2⤵
  PID:5220
- C:\Windows\System\ApSkPoD.exe
  C:\Windows\System\ApSkPoD.exe
  2⤵
  PID:5240
- C:\Windows\System\ehxqiBF.exe
  C:\Windows\System\ehxqiBF.exe
  2⤵
  PID:5260
- C:\Windows\System\TWPoFqE.exe
  C:\Windows\System\TWPoFqE.exe
  2⤵
  PID:5276
- C:\Windows\System\UyXykhK.exe
  C:\Windows\System\UyXykhK.exe
  2⤵
  PID:5300
- C:\Windows\System\tQUQsNm.exe
  C:\Windows\System\tQUQsNm.exe
  2⤵
  PID:5320
- C:\Windows\System\QhOrjJF.exe
  C:\Windows\System\QhOrjJF.exe
  2⤵
  PID:5352
- C:\Windows\System\OwZJgRx.exe
  C:\Windows\System\OwZJgRx.exe
  2⤵
  PID:5372
- C:\Windows\System\NizLprL.exe
  C:\Windows\System\NizLprL.exe
  2⤵
  PID:5388
- C:\Windows\System\NNMYJvx.exe
  C:\Windows\System\NNMYJvx.exe
  2⤵
  PID:5404
- C:\Windows\System\EMLJnKZ.exe
  C:\Windows\System\EMLJnKZ.exe
  2⤵
  PID:5428
- C:\Windows\System\SsghYWu.exe
  C:\Windows\System\SsghYWu.exe
  2⤵
  PID:5448
- C:\Windows\System\fPElboC.exe
  C:\Windows\System\fPElboC.exe
  2⤵
  PID:5464
- C:\Windows\System\dBWKyaA.exe
  C:\Windows\System\dBWKyaA.exe
  2⤵
  PID:5496
- C:\Windows\System\xTPsPbP.exe
  C:\Windows\System\xTPsPbP.exe
  2⤵
  PID:5512
- C:\Windows\System\etEWMIo.exe
  C:\Windows\System\etEWMIo.exe
  2⤵
  PID:5532
- C:\Windows\System\jMNNHbS.exe
  C:\Windows\System\jMNNHbS.exe
  2⤵
  PID:5556
- C:\Windows\System\pmcLyWB.exe
  C:\Windows\System\pmcLyWB.exe
  2⤵
  PID:5572
- C:\Windows\System\VAfCjNs.exe
  C:\Windows\System\VAfCjNs.exe
  2⤵
  PID:5588
- C:\Windows\System\Lkgqnit.exe
  C:\Windows\System\Lkgqnit.exe
  2⤵
  PID:5608
- C:\Windows\System\mznsXjv.exe
  C:\Windows\System\mznsXjv.exe
  2⤵
  PID:5628
- C:\Windows\System\KicsOXq.exe
  C:\Windows\System\KicsOXq.exe
  2⤵
  PID:5644
- C:\Windows\System\oCpJfph.exe
  C:\Windows\System\oCpJfph.exe
  2⤵
  PID:5668
- C:\Windows\System\cOmbUIq.exe
  C:\Windows\System\cOmbUIq.exe
  2⤵
  PID:5684
- C:\Windows\System\aDDHHLg.exe
  C:\Windows\System\aDDHHLg.exe
  2⤵
  PID:5700
- C:\Windows\System\yooNXbH.exe
  C:\Windows\System\yooNXbH.exe
  2⤵
  PID:5716
- C:\Windows\System\GGMrBVd.exe
  C:\Windows\System\GGMrBVd.exe
  2⤵
  PID:5736
- C:\Windows\System\iIvQpqZ.exe
  C:\Windows\System\iIvQpqZ.exe
  2⤵
  PID:5756
- C:\Windows\System\fwPcYpH.exe
  C:\Windows\System\fwPcYpH.exe
  2⤵
  PID:5772
- C:\Windows\System\daDWbQU.exe
  C:\Windows\System\daDWbQU.exe
  2⤵
  PID:5792
- C:\Windows\System\LmWOZYt.exe
  C:\Windows\System\LmWOZYt.exe
  2⤵
  PID:5812
- C:\Windows\System\UqSQxcG.exe
  C:\Windows\System\UqSQxcG.exe
  2⤵
  PID:5828
- C:\Windows\System\EnpUngL.exe
  C:\Windows\System\EnpUngL.exe
  2⤵
  PID:5848
- C:\Windows\System\plFuEtk.exe
  C:\Windows\System\plFuEtk.exe
  2⤵
  PID:5864
- C:\Windows\System\qSWsdbd.exe
  C:\Windows\System\qSWsdbd.exe
  2⤵
  PID:5880
- C:\Windows\System\SgMcrjA.exe
  C:\Windows\System\SgMcrjA.exe
  2⤵
  PID:5900
- C:\Windows\System\QBLzHeM.exe
  C:\Windows\System\QBLzHeM.exe
  2⤵
  PID:5916
- C:\Windows\System\xwMddlG.exe
  C:\Windows\System\xwMddlG.exe
  2⤵
  PID:5936
- C:\Windows\System\tkqONbl.exe
  C:\Windows\System\tkqONbl.exe
  2⤵
  PID:5952
- C:\Windows\System\BzJauAq.exe
  C:\Windows\System\BzJauAq.exe
  2⤵
  PID:5976
- C:\Windows\System\rxfaWDH.exe
  C:\Windows\System\rxfaWDH.exe
  2⤵
  PID:5992
- C:\Windows\System\YGxYMld.exe
  C:\Windows\System\YGxYMld.exe
  2⤵
  PID:6016
- C:\Windows\System\lMhuIuA.exe
  C:\Windows\System\lMhuIuA.exe
  2⤵
  PID:6032
- C:\Windows\System\PBRMtIC.exe
  C:\Windows\System\PBRMtIC.exe
  2⤵
  PID:6052
- C:\Windows\System\WnFouxD.exe
  C:\Windows\System\WnFouxD.exe
  2⤵
  PID:6068
- C:\Windows\System\GIHEWkw.exe
  C:\Windows\System\GIHEWkw.exe
  2⤵
  PID:6096
- C:\Windows\System\uDclWfZ.exe
  C:\Windows\System\uDclWfZ.exe
  2⤵
  PID:6116
- C:\Windows\System\fbfymDP.exe
  C:\Windows\System\fbfymDP.exe
  2⤵
  PID:6132
- C:\Windows\System\zVmCrTv.exe
  C:\Windows\System\zVmCrTv.exe
  2⤵
  PID:4272
- C:\Windows\System\jumAgQj.exe
  C:\Windows\System\jumAgQj.exe
  2⤵
  PID:1716
- C:\Windows\System\mwUNZYd.exe
  C:\Windows\System\mwUNZYd.exe
  2⤵
  PID:4796
- C:\Windows\System\xfJLYva.exe
  C:\Windows\System\xfJLYva.exe
  2⤵
  PID:5216
- C:\Windows\System\FRlbwNE.exe
  C:\Windows\System\FRlbwNE.exe
  2⤵
  PID:212
- C:\Windows\System\xWqfSdO.exe
  C:\Windows\System\xWqfSdO.exe
  2⤵
  PID:3724
- C:\Windows\System\AjKisqY.exe
  C:\Windows\System\AjKisqY.exe
  2⤵
  PID:1056
- C:\Windows\System\UvhaFJz.exe
  C:\Windows\System\UvhaFJz.exe
  2⤵
  PID:4340
- C:\Windows\System\VNFmhcL.exe
  C:\Windows\System\VNFmhcL.exe
  2⤵
  PID:3128
- C:\Windows\System\WeEaHxD.exe
  C:\Windows\System\WeEaHxD.exe
  2⤵
  PID:2080
- C:\Windows\System\DuxDKrF.exe
  C:\Windows\System\DuxDKrF.exe
  2⤵
  PID:5396
- C:\Windows\System\GbHYTAN.exe
  C:\Windows\System\GbHYTAN.exe
  2⤵
  PID:5184
- C:\Windows\System\DkNocoh.exe
  C:\Windows\System\DkNocoh.exe
  2⤵
  PID:5212
- C:\Windows\System\WALtPuZ.exe
  C:\Windows\System\WALtPuZ.exe
  2⤵
  PID:5528
- C:\Windows\System\yfsQNva.exe
  C:\Windows\System\yfsQNva.exe
  2⤵
  PID:5256
- C:\Windows\System\qVBMCXt.exe
  C:\Windows\System\qVBMCXt.exe
  2⤵
  PID:5596
- C:\Windows\System\TSRfojF.exe
  C:\Windows\System\TSRfojF.exe
  2⤵
  PID:5620
- C:\Windows\System\XLtCfHt.exe
  C:\Windows\System\XLtCfHt.exe
  2⤵
  PID:5708
- C:\Windows\System\GgyvFCB.exe
  C:\Windows\System\GgyvFCB.exe
  2⤵
  PID:6152
- C:\Windows\System\xNDzYAY.exe
  C:\Windows\System\xNDzYAY.exe
  2⤵
  PID:6176
- C:\Windows\System\nTQAoPZ.exe
  C:\Windows\System\nTQAoPZ.exe
  2⤵
  PID:6192
- C:\Windows\System\CaaemLs.exe
  C:\Windows\System\CaaemLs.exe
  2⤵
  PID:6220
- C:\Windows\System\jQSksGs.exe
  C:\Windows\System\jQSksGs.exe
  2⤵
  PID:6236
- C:\Windows\System\OzpPHuV.exe
  C:\Windows\System\OzpPHuV.exe
  2⤵
  PID:6256
- C:\Windows\System\snouyno.exe
  C:\Windows\System\snouyno.exe
  2⤵
  PID:6276
- C:\Windows\System\AzCVQpD.exe
  C:\Windows\System\AzCVQpD.exe
  2⤵
  PID:6292
- C:\Windows\System\yPkrLyb.exe
  C:\Windows\System\yPkrLyb.exe
  2⤵
  PID:6312
- C:\Windows\System\SDuspGE.exe
  C:\Windows\System\SDuspGE.exe
  2⤵
  PID:6332
- C:\Windows\System\IfgQwrA.exe
  C:\Windows\System\IfgQwrA.exe
  2⤵
  PID:6356
- C:\Windows\System\bXpYtCt.exe
  C:\Windows\System\bXpYtCt.exe
  2⤵
  PID:6376
- C:\Windows\System\lcYoFTY.exe
  C:\Windows\System\lcYoFTY.exe
  2⤵
  PID:6392
- C:\Windows\System\UxvyhVk.exe
  C:\Windows\System\UxvyhVk.exe
  2⤵
  PID:6416
- C:\Windows\System\VLJEqry.exe
  C:\Windows\System\VLJEqry.exe
  2⤵
  PID:6440
- C:\Windows\System\GMzChiF.exe
  C:\Windows\System\GMzChiF.exe
  2⤵
  PID:6456
- C:\Windows\System\wPVNfeA.exe
  C:\Windows\System\wPVNfeA.exe
  2⤵
  PID:6476
- C:\Windows\System\WfHzSVa.exe
  C:\Windows\System\WfHzSVa.exe
  2⤵
  PID:6492
- C:\Windows\System\YBGNdWK.exe
  C:\Windows\System\YBGNdWK.exe
  2⤵
  PID:6516
- C:\Windows\System\bNkbvnJ.exe
  C:\Windows\System\bNkbvnJ.exe
  2⤵
  PID:6532
- C:\Windows\System\ZqFUAbP.exe
  C:\Windows\System\ZqFUAbP.exe
  2⤵
  PID:6548
- C:\Windows\System\TEHeMSR.exe
  C:\Windows\System\TEHeMSR.exe
  2⤵
  PID:6572
- C:\Windows\System\GUMTLXi.exe
  C:\Windows\System\GUMTLXi.exe
  2⤵
  PID:6588
- C:\Windows\System\BeBCgFH.exe
  C:\Windows\System\BeBCgFH.exe
  2⤵
  PID:6612
- C:\Windows\System\GIhCqAS.exe
  C:\Windows\System\GIhCqAS.exe
  2⤵
  PID:6636
- C:\Windows\System\VNVVbJK.exe
  C:\Windows\System\VNVVbJK.exe
  2⤵
  PID:6656
- C:\Windows\System\teKJEGz.exe
  C:\Windows\System\teKJEGz.exe
  2⤵
  PID:6676
- C:\Windows\System\lcbpLIF.exe
  C:\Windows\System\lcbpLIF.exe
  2⤵
  PID:6692
- C:\Windows\System\cGlPyVr.exe
  C:\Windows\System\cGlPyVr.exe
  2⤵
  PID:6720
- C:\Windows\System\aTrGvrW.exe
  C:\Windows\System\aTrGvrW.exe
  2⤵
  PID:6736
- C:\Windows\System\xnRpviO.exe
  C:\Windows\System\xnRpviO.exe
  2⤵
  PID:6752
- C:\Windows\System\YKVgyrl.exe
  C:\Windows\System\YKVgyrl.exe
  2⤵
  PID:6772
- C:\Windows\System\BzQNgCT.exe
  C:\Windows\System\BzQNgCT.exe
  2⤵
  PID:6792
- C:\Windows\System\dJBkzkl.exe
  C:\Windows\System\dJBkzkl.exe
  2⤵
  PID:6812
- C:\Windows\System\RVWfdMN.exe
  C:\Windows\System\RVWfdMN.exe
  2⤵
  PID:6828
- C:\Windows\System\AWjlPAk.exe
  C:\Windows\System\AWjlPAk.exe
  2⤵
  PID:6844
- C:\Windows\System\EiLsIMr.exe
  C:\Windows\System\EiLsIMr.exe
  2⤵
  PID:6872
- C:\Windows\System\NHtQREe.exe
  C:\Windows\System\NHtQREe.exe
  2⤵
  PID:6888
- C:\Windows\System\OglFAyB.exe
  C:\Windows\System\OglFAyB.exe
  2⤵
  PID:6912
- C:\Windows\System\ppaDnpQ.exe
  C:\Windows\System\ppaDnpQ.exe
  2⤵
  PID:6932
- C:\Windows\System\VDoGcxx.exe
  C:\Windows\System\VDoGcxx.exe
  2⤵
  PID:6952
- C:\Windows\System\DNCNxOU.exe
  C:\Windows\System\DNCNxOU.exe
  2⤵
  PID:6968
- C:\Windows\System\SExCUey.exe
  C:\Windows\System\SExCUey.exe
  2⤵
  PID:6984
- C:\Windows\System\XLhWBSa.exe
  C:\Windows\System\XLhWBSa.exe
  2⤵
  PID:7008
- C:\Windows\System\lETJzFJ.exe
  C:\Windows\System\lETJzFJ.exe
  2⤵
  PID:5460
- C:\Windows\System\njUIJwZ.exe
  C:\Windows\System\njUIJwZ.exe
  2⤵
  PID:6004
- C:\Windows\System\MYUPxAL.exe
  C:\Windows\System\MYUPxAL.exe
  2⤵
  PID:6028
- C:\Windows\System\Eymspfx.exe
  C:\Windows\System\Eymspfx.exe
  2⤵
  PID:5284
- C:\Windows\System\LEbAmIO.exe
  C:\Windows\System\LEbAmIO.exe
  2⤵
  PID:4632
- C:\Windows\System\eUxdYVB.exe
  C:\Windows\System\eUxdYVB.exe
  2⤵
  PID:5248
- C:\Windows\System\ZOSZtlO.exe
  C:\Windows\System\ZOSZtlO.exe
  2⤵
  PID:4544
- C:\Windows\System\EEvxBUU.exe
  C:\Windows\System\EEvxBUU.exe
  2⤵
  PID:5168
- C:\Windows\System\aRjVfTj.exe
  C:\Windows\System\aRjVfTj.exe
  2⤵
  PID:5664
- C:\Windows\System\WLvEpNX.exe
  C:\Windows\System\WLvEpNX.exe
  2⤵
  PID:3184
- C:\Windows\System\OknafEg.exe
  C:\Windows\System\OknafEg.exe
  2⤵
  PID:5752
- C:\Windows\System\vgTBkYT.exe
  C:\Windows\System\vgTBkYT.exe
  2⤵
  PID:6168
- C:\Windows\System\Zbkvmqg.exe
  C:\Windows\System\Zbkvmqg.exe
  2⤵
  PID:6252
- C:\Windows\System\gkkIMkS.exe
  C:\Windows\System\gkkIMkS.exe
  2⤵
  PID:5824
- C:\Windows\System\EHkdMAL.exe
  C:\Windows\System\EHkdMAL.exe
  2⤵
  PID:6368
- C:\Windows\System\CHPAvVn.exe
  C:\Windows\System\CHPAvVn.exe
  2⤵
  PID:5944
- C:\Windows\System\xkmkxJL.exe
  C:\Windows\System\xkmkxJL.exe
  2⤵
  PID:5444
- C:\Windows\System\mqxkUyF.exe
  C:\Windows\System\mqxkUyF.exe
  2⤵
  PID:6060
- C:\Windows\System\WusHoGw.exe
  C:\Windows\System\WusHoGw.exe
  2⤵
  PID:6128
- C:\Windows\System\nJuJZJz.exe
  C:\Windows\System\nJuJZJz.exe
  2⤵
  PID:4116
- C:\Windows\System\QGTYlDQ.exe
  C:\Windows\System\QGTYlDQ.exe
  2⤵
  PID:216
- C:\Windows\System\FshwCcv.exe
  C:\Windows\System\FshwCcv.exe
  2⤵
  PID:5660
- C:\Windows\System\JztWZVx.exe
  C:\Windows\System\JztWZVx.exe
  2⤵
  PID:6188
- C:\Windows\System\izsHOud.exe
  C:\Windows\System\izsHOud.exe
  2⤵
  PID:6228
- C:\Windows\System\UpIqUPI.exe
  C:\Windows\System\UpIqUPI.exe
  2⤵
  PID:6340
- C:\Windows\System\ddiUDBG.exe
  C:\Windows\System\ddiUDBG.exe
  2⤵
  PID:6364
- C:\Windows\System\YEcGFVw.exe
  C:\Windows\System\YEcGFVw.exe
  2⤵
  PID:7176
- C:\Windows\System\oKCLxhK.exe
  C:\Windows\System\oKCLxhK.exe
  2⤵
  PID:7204
- C:\Windows\System\XRJRldP.exe
  C:\Windows\System\XRJRldP.exe
  2⤵
  PID:7244
- C:\Windows\System\YsFAtqG.exe
  C:\Windows\System\YsFAtqG.exe
  2⤵
  PID:7264
- C:\Windows\System\MtkCeit.exe
  C:\Windows\System\MtkCeit.exe
  2⤵
  PID:7280
- C:\Windows\System\kksJcyk.exe
  C:\Windows\System\kksJcyk.exe
  2⤵
  PID:7300
- C:\Windows\System\OFijxzN.exe
  C:\Windows\System\OFijxzN.exe
  2⤵
  PID:7320
- C:\Windows\System\NcDeuoi.exe
  C:\Windows\System\NcDeuoi.exe
  2⤵
  PID:7336
- C:\Windows\System\USrIxNi.exe
  C:\Windows\System\USrIxNi.exe
  2⤵
  PID:7360
- C:\Windows\System\THIDwUW.exe
  C:\Windows\System\THIDwUW.exe
  2⤵
  PID:7376
- C:\Windows\System\pRsPIoD.exe
  C:\Windows\System\pRsPIoD.exe
  2⤵
  PID:7404
- C:\Windows\System\XLYpYiP.exe
  C:\Windows\System\XLYpYiP.exe
  2⤵
  PID:7420
- C:\Windows\System\mdiFgRP.exe
  C:\Windows\System\mdiFgRP.exe
  2⤵
  PID:7436
- C:\Windows\System\DXMTZiC.exe
  C:\Windows\System\DXMTZiC.exe
  2⤵
  PID:7460
- C:\Windows\System\PvDHong.exe
  C:\Windows\System\PvDHong.exe
  2⤵
  PID:7488
- C:\Windows\System\BlwkBZi.exe
  C:\Windows\System\BlwkBZi.exe
  2⤵
  PID:7520
- C:\Windows\System\gCSEXiQ.exe
  C:\Windows\System\gCSEXiQ.exe
  2⤵
  PID:7536
- C:\Windows\System\BMUoNpn.exe
  C:\Windows\System\BMUoNpn.exe
  2⤵
  PID:7560
- C:\Windows\System\lRTXEjA.exe
  C:\Windows\System\lRTXEjA.exe
  2⤵
  PID:7584
- C:\Windows\System\OeJnHmn.exe
  C:\Windows\System\OeJnHmn.exe
  2⤵
  PID:7612
- C:\Windows\System\ZiFZFsF.exe
  C:\Windows\System\ZiFZFsF.exe
  2⤵
  PID:7628
- C:\Windows\System\UcjDUxE.exe
  C:\Windows\System\UcjDUxE.exe
  2⤵
  PID:7660
- C:\Windows\System\hzCllcQ.exe
  C:\Windows\System\hzCllcQ.exe
  2⤵
  PID:7680
- C:\Windows\System\PelUbzd.exe
  C:\Windows\System\PelUbzd.exe
  2⤵
  PID:7696
- C:\Windows\System\WIYgOud.exe
  C:\Windows\System\WIYgOud.exe
  2⤵
  PID:7716
- C:\Windows\System\FSsAiVh.exe
  C:\Windows\System\FSsAiVh.exe
  2⤵
  PID:7740
- C:\Windows\System\vupqVCT.exe
  C:\Windows\System\vupqVCT.exe
  2⤵
  PID:7756
- C:\Windows\System\VTAhjEC.exe
  C:\Windows\System\VTAhjEC.exe
  2⤵
  PID:7780
- C:\Windows\System\MkRrhfd.exe
  C:\Windows\System\MkRrhfd.exe
  2⤵
  PID:7796
- C:\Windows\System\SWfFhnY.exe
  C:\Windows\System\SWfFhnY.exe
  2⤵
  PID:7816
- C:\Windows\System\VZufuzo.exe
  C:\Windows\System\VZufuzo.exe
  2⤵
  PID:7832
- C:\Windows\System\zJOpWlN.exe
  C:\Windows\System\zJOpWlN.exe
  2⤵
  PID:7852
- C:\Windows\System\vIBKVsU.exe
  C:\Windows\System\vIBKVsU.exe
  2⤵
  PID:7872
- C:\Windows\System\wcBAwfy.exe
  C:\Windows\System\wcBAwfy.exe
  2⤵
  PID:7888
- C:\Windows\System\IkbBQqI.exe
  C:\Windows\System\IkbBQqI.exe
  2⤵
  PID:7912
- C:\Windows\System\DCwwEPa.exe
  C:\Windows\System\DCwwEPa.exe
  2⤵
  PID:7932
- C:\Windows\System\tExjKkE.exe
  C:\Windows\System\tExjKkE.exe
  2⤵
  PID:7948
- C:\Windows\System\IJUjNYm.exe
  C:\Windows\System\IJUjNYm.exe
  2⤵
  PID:7968
- C:\Windows\System\ZykyDuO.exe
  C:\Windows\System\ZykyDuO.exe
  2⤵
  PID:7984
- C:\Windows\System\CRSVxLa.exe
  C:\Windows\System\CRSVxLa.exe
  2⤵
  PID:8012
- C:\Windows\System\ygFPjUv.exe
  C:\Windows\System\ygFPjUv.exe
  2⤵
  PID:8028
- C:\Windows\System\GbAeBts.exe
  C:\Windows\System\GbAeBts.exe
  2⤵
  PID:8048
- C:\Windows\System\cTdmwYK.exe
  C:\Windows\System\cTdmwYK.exe
  2⤵
  PID:8084
- C:\Windows\System\zqssIBw.exe
  C:\Windows\System\zqssIBw.exe
  2⤵
  PID:8104
- C:\Windows\System\oOwjbIG.exe
  C:\Windows\System\oOwjbIG.exe
  2⤵
  PID:8124
- C:\Windows\System\qpdKCME.exe
  C:\Windows\System\qpdKCME.exe
  2⤵
  PID:8144
- C:\Windows\System\goOuJvn.exe
  C:\Windows\System\goOuJvn.exe
  2⤵
  PID:8164
- C:\Windows\System\zpMDXuR.exe
  C:\Windows\System\zpMDXuR.exe
  2⤵
  PID:8184
- C:\Windows\System\MsOcYSE.exe
  C:\Windows\System\MsOcYSE.exe
  2⤵
  PID:6048
- C:\Windows\System\GetbUpL.exe
  C:\Windows\System\GetbUpL.exe
  2⤵
  PID:3100
- C:\Windows\System\pLsXWuF.exe
  C:\Windows\System\pLsXWuF.exe
  2⤵
  PID:2312
- C:\Windows\System\LuPCgzT.exe
  C:\Windows\System\LuPCgzT.exe
  2⤵
  PID:4564
- C:\Windows\System\IcDOKEa.exe
  C:\Windows\System\IcDOKEa.exe
  2⤵
  PID:2320
- C:\Windows\System\RsXmsED.exe
  C:\Windows\System\RsXmsED.exe
  2⤵
  PID:5564
- C:\Windows\System\BhOmYGZ.exe
  C:\Windows\System\BhOmYGZ.exe
  2⤵
  PID:5724
- C:\Windows\System\QJUvqNi.exe
  C:\Windows\System\QJUvqNi.exe
  2⤵
  PID:6232
- C:\Windows\System\qzBVOUv.exe
  C:\Windows\System\qzBVOUv.exe
  2⤵
  PID:6408
- C:\Windows\System\gVpmraa.exe
  C:\Windows\System\gVpmraa.exe
  2⤵
  PID:6208
- C:\Windows\System\mjNFKlN.exe
  C:\Windows\System\mjNFKlN.exe
  2⤵
  PID:7184
- C:\Windows\System\SYBnbLG.exe
  C:\Windows\System\SYBnbLG.exe
  2⤵
  PID:8212
- C:\Windows\System\uBewfIQ.exe
  C:\Windows\System\uBewfIQ.exe
  2⤵
  PID:8228
- C:\Windows\System\mGxZQFU.exe
  C:\Windows\System\mGxZQFU.exe
  2⤵
  PID:8252
- C:\Windows\System\FipGMJf.exe
  C:\Windows\System\FipGMJf.exe
  2⤵
  PID:8268
- C:\Windows\System\fpiSEom.exe
  C:\Windows\System\fpiSEom.exe
  2⤵
  PID:8288
- C:\Windows\System\tCNnMys.exe
  C:\Windows\System\tCNnMys.exe
  2⤵
  PID:8308
- C:\Windows\System\JKgrvJV.exe
  C:\Windows\System\JKgrvJV.exe
  2⤵
  PID:8324
- C:\Windows\System\PayDESx.exe
  C:\Windows\System\PayDESx.exe
  2⤵
  PID:8348
- C:\Windows\System\MFbufos.exe
  C:\Windows\System\MFbufos.exe
  2⤵
  PID:8364
- C:\Windows\System\yrIjBTT.exe
  C:\Windows\System\yrIjBTT.exe
  2⤵
  PID:8388
- C:\Windows\System\vbPfFoB.exe
  C:\Windows\System\vbPfFoB.exe
  2⤵
  PID:8404
- C:\Windows\System\BgfXNtZ.exe
  C:\Windows\System\BgfXNtZ.exe
  2⤵
  PID:8424
- C:\Windows\System\BGCFlyG.exe
  C:\Windows\System\BGCFlyG.exe
  2⤵
  PID:8440
- C:\Windows\System\ROreWiG.exe
  C:\Windows\System\ROreWiG.exe
  2⤵
  PID:8460
- C:\Windows\System\BmyRWeq.exe
  C:\Windows\System\BmyRWeq.exe
  2⤵
  PID:8480
- C:\Windows\System\VdSYHGr.exe
  C:\Windows\System\VdSYHGr.exe
  2⤵
  PID:8496
- C:\Windows\System\BHcVVqV.exe
  C:\Windows\System\BHcVVqV.exe
  2⤵
  PID:8516
- C:\Windows\System\XYhcRVD.exe
  C:\Windows\System\XYhcRVD.exe
  2⤵
  PID:8532
- C:\Windows\System\znPOVTG.exe
  C:\Windows\System\znPOVTG.exe
  2⤵
  PID:8556
- C:\Windows\System\xgLpYTe.exe
  C:\Windows\System\xgLpYTe.exe
  2⤵
  PID:8572
- C:\Windows\System\yVWmcwR.exe
  C:\Windows\System\yVWmcwR.exe
  2⤵
  PID:8596
- C:\Windows\System\GIXvNIj.exe
  C:\Windows\System\GIXvNIj.exe
  2⤵
  PID:8612
- C:\Windows\System\imwlNkH.exe
  C:\Windows\System\imwlNkH.exe
  2⤵
  PID:8640
- C:\Windows\System\HsshUqc.exe
  C:\Windows\System\HsshUqc.exe
  2⤵
  PID:8656
- C:\Windows\System\LsfkXic.exe
  C:\Windows\System\LsfkXic.exe
  2⤵
  PID:8676
- C:\Windows\System\xZwSDjJ.exe
  C:\Windows\System\xZwSDjJ.exe
  2⤵
  PID:8692
- C:\Windows\System\jHbttKU.exe
  C:\Windows\System\jHbttKU.exe
  2⤵
  PID:8716
- C:\Windows\System\QNJqMaG.exe
  C:\Windows\System\QNJqMaG.exe
  2⤵
  PID:8736
- C:\Windows\System\jxDRUed.exe
  C:\Windows\System\jxDRUed.exe
  2⤵
  PID:8756
- C:\Windows\System\xxEssow.exe
  C:\Windows\System\xxEssow.exe
  2⤵
  PID:8776
- C:\Windows\System\Ocwiady.exe
  C:\Windows\System\Ocwiady.exe
  2⤵
  PID:8796
- C:\Windows\System\gMjfOSV.exe
  C:\Windows\System\gMjfOSV.exe
  2⤵
  PID:8816
- C:\Windows\System\DhpsmeU.exe
  C:\Windows\System\DhpsmeU.exe
  2⤵
  PID:8832
- C:\Windows\System\vFceiun.exe
  C:\Windows\System\vFceiun.exe
  2⤵
  PID:8856
- C:\Windows\System\DJrjZuR.exe
  C:\Windows\System\DJrjZuR.exe
  2⤵
  PID:8872
- C:\Windows\System\PAMwTBu.exe
  C:\Windows\System\PAMwTBu.exe
  2⤵
  PID:8900
- C:\Windows\System\BTGevqJ.exe
  C:\Windows\System\BTGevqJ.exe
  2⤵
  PID:8936
- C:\Windows\System\kUPgGEW.exe
  C:\Windows\System\kUPgGEW.exe
  2⤵
  PID:8956
- C:\Windows\System\nMnzpHN.exe
  C:\Windows\System\nMnzpHN.exe
  2⤵
  PID:8972
- C:\Windows\System\NciVqiN.exe
  C:\Windows\System\NciVqiN.exe
  2⤵
  PID:8988
- C:\Windows\System\RXRdrWU.exe
  C:\Windows\System\RXRdrWU.exe
  2⤵
  PID:9008
- C:\Windows\System\zCJxqCg.exe
  C:\Windows\System\zCJxqCg.exe
  2⤵
  PID:9028
- C:\Windows\System\XmYMGUR.exe
  C:\Windows\System\XmYMGUR.exe
  2⤵
  PID:9048
- C:\Windows\System\uFYBPVT.exe
  C:\Windows\System\uFYBPVT.exe
  2⤵
  PID:9064
- C:\Windows\System\AmkGCyq.exe
  C:\Windows\System\AmkGCyq.exe
  2⤵
  PID:9088
- C:\Windows\System\RAAjsOP.exe
  C:\Windows\System\RAAjsOP.exe
  2⤵
  PID:9104
- C:\Windows\System\pRbFpea.exe
  C:\Windows\System\pRbFpea.exe
  2⤵
  PID:9132
- C:\Windows\System\kJsnysD.exe
  C:\Windows\System\kJsnysD.exe
  2⤵
  PID:9148
- C:\Windows\System\ulMkiQg.exe
  C:\Windows\System\ulMkiQg.exe
  2⤵
  PID:9168
- C:\Windows\System\LsJRmlF.exe
  C:\Windows\System\LsJRmlF.exe
  2⤵
  PID:9188
- C:\Windows\System\vlDjQJP.exe
  C:\Windows\System\vlDjQJP.exe
  2⤵
  PID:9208
- C:\Windows\System\LDjQiOi.exe
  C:\Windows\System\LDjQiOi.exe
  2⤵
  PID:6468
- C:\Windows\System\kiiUSfp.exe
  C:\Windows\System\kiiUSfp.exe
  2⤵
  PID:6508
- C:\Windows\System\jhAYsLl.exe
  C:\Windows\System\jhAYsLl.exe
  2⤵
  PID:6568
- C:\Windows\System\eJJqMFD.exe
  C:\Windows\System\eJJqMFD.exe
  2⤵
  PID:6540
- C:\Windows\System\ZeXWIBd.exe
  C:\Windows\System\ZeXWIBd.exe
  2⤵
  PID:6632
- C:\Windows\System\npsxLER.exe
  C:\Windows\System\npsxLER.exe
  2⤵
  PID:7372
- C:\Windows\System\fQKuVMD.exe
  C:\Windows\System\fQKuVMD.exe
  2⤵
  PID:6684
- C:\Windows\System\vkPInfx.exe
  C:\Windows\System\vkPInfx.exe
  2⤵
  PID:9228
- C:\Windows\System\OjwRSVL.exe
  C:\Windows\System\OjwRSVL.exe
  2⤵
  PID:9248
- C:\Windows\System\aqMKxyi.exe
  C:\Windows\System\aqMKxyi.exe
  2⤵
  PID:9268
- C:\Windows\System\EtIYEkK.exe
  C:\Windows\System\EtIYEkK.exe
  2⤵
  PID:9296
- C:\Windows\System\nYvYwJV.exe
  C:\Windows\System\nYvYwJV.exe
  2⤵
  PID:9316
- C:\Windows\System\iarCZcw.exe
  C:\Windows\System\iarCZcw.exe
  2⤵
  PID:9336
- C:\Windows\System\wpzjnxK.exe
  C:\Windows\System\wpzjnxK.exe
  2⤵
  PID:9352
- C:\Windows\System\DdnGGcd.exe
  C:\Windows\System\DdnGGcd.exe
  2⤵
  PID:9376
- C:\Windows\System\FJHVKBp.exe
  C:\Windows\System\FJHVKBp.exe
  2⤵
  PID:9396
- C:\Windows\System\UXLEPCn.exe
  C:\Windows\System\UXLEPCn.exe
  2⤵
  PID:9416
- C:\Windows\System\pjHmjfj.exe
  C:\Windows\System\pjHmjfj.exe
  2⤵
  PID:9432
- C:\Windows\System\QxQqiaZ.exe
  C:\Windows\System\QxQqiaZ.exe
  2⤵
  PID:9456
- C:\Windows\System\XutYTqQ.exe
  C:\Windows\System\XutYTqQ.exe
  2⤵
  PID:9472
- C:\Windows\System\CCEAwHN.exe
  C:\Windows\System\CCEAwHN.exe
  2⤵
  PID:9496
- C:\Windows\System\QSiOJJm.exe
  C:\Windows\System\QSiOJJm.exe
  2⤵
  PID:9516
- C:\Windows\System\EiAoRzw.exe
  C:\Windows\System\EiAoRzw.exe
  2⤵
  PID:9540
- C:\Windows\System\OdOMOFl.exe
  C:\Windows\System\OdOMOFl.exe
  2⤵
  PID:9560
- C:\Windows\System\YDlMcWW.exe
  C:\Windows\System\YDlMcWW.exe
  2⤵
  PID:9584
- C:\Windows\System\xmuIAmc.exe
  C:\Windows\System\xmuIAmc.exe
  2⤵
  PID:9604
- C:\Windows\System\TalODGn.exe
  C:\Windows\System\TalODGn.exe
  2⤵
  PID:9620
- C:\Windows\System\BWfNumz.exe
  C:\Windows\System\BWfNumz.exe
  2⤵
  PID:9648
- C:\Windows\System\hsNeiFu.exe
  C:\Windows\System\hsNeiFu.exe
  2⤵
  PID:9664
- C:\Windows\System\RIuuZcm.exe
  C:\Windows\System\RIuuZcm.exe
  2⤵
  PID:9688
- C:\Windows\System\XdYUDiY.exe
  C:\Windows\System\XdYUDiY.exe
  2⤵
  PID:9704
- C:\Windows\System\RurNNsj.exe
  C:\Windows\System\RurNNsj.exe
  2⤵
  PID:9724
- C:\Windows\System\FOZEOJk.exe
  C:\Windows\System\FOZEOJk.exe
  2⤵
  PID:9860
- C:\Windows\System\GDfsPge.exe
  C:\Windows\System\GDfsPge.exe
  2⤵
  PID:10132
- C:\Windows\System\GreInQR.exe
  C:\Windows\System\GreInQR.exe
  2⤵
  PID:10152
- C:\Windows\System\JirekNL.exe
  C:\Windows\System\JirekNL.exe
  2⤵
  PID:10180
- C:\Windows\System\waxWADH.exe
  C:\Windows\System\waxWADH.exe
  2⤵
  PID:10204
- C:\Windows\System\WvrKlkt.exe
  C:\Windows\System\WvrKlkt.exe
  2⤵
  PID:10224
- C:\Windows\System\vaLmDyE.exe
  C:\Windows\System\vaLmDyE.exe
  2⤵
  PID:7556
- C:\Windows\System\twLfcgX.exe
  C:\Windows\System\twLfcgX.exe
  2⤵
  PID:6764
- C:\Windows\System\YPGAxvE.exe
  C:\Windows\System\YPGAxvE.exe
  2⤵
  PID:6804
- C:\Windows\System\yNRaKTU.exe
  C:\Windows\System\yNRaKTU.exe
  2⤵
  PID:7704
- C:\Windows\System\JmvaaKY.exe
  C:\Windows\System\JmvaaKY.exe
  2⤵
  PID:7752
- C:\Windows\System\FSCJgnT.exe
  C:\Windows\System\FSCJgnT.exe
  2⤵
  PID:7812
- C:\Windows\System\ptJrNrt.exe
  C:\Windows\System\ptJrNrt.exe
  2⤵
  PID:7896
- C:\Windows\System\FwQZbXt.exe
  C:\Windows\System\FwQZbXt.exe
  2⤵
  PID:7956
- C:\Windows\System\FdcuQCL.exe
  C:\Windows\System\FdcuQCL.exe
  2⤵
  PID:5456
- C:\Windows\System\zCreWCl.exe
  C:\Windows\System\zCreWCl.exe
  2⤵
  PID:7048
- C:\Windows\System\DIkCLCn.exe
  C:\Windows\System\DIkCLCn.exe
  2⤵
  PID:5860
- C:\Windows\System\KzvOqso.exe
  C:\Windows\System\KzvOqso.exe
  2⤵
  PID:7112
- C:\Windows\System\zxUUVPF.exe
  C:\Windows\System\zxUUVPF.exe
  2⤵
  PID:7144
- C:\Windows\System\UAWzhaM.exe
  C:\Windows\System\UAWzhaM.exe
  2⤵
  PID:3432
- C:\Windows\System\SbWAwAd.exe
  C:\Windows\System\SbWAwAd.exe
  2⤵
  PID:5332
- C:\Windows\System\wJnnUMr.exe
  C:\Windows\System\wJnnUMr.exe
  2⤵
  PID:7624
- C:\Windows\System\pHdpvmG.exe
  C:\Windows\System\pHdpvmG.exe
  2⤵
  PID:5148
- C:\Windows\System\NVnVAEN.exe
  C:\Windows\System\NVnVAEN.exe
  2⤵
  PID:9720
- C:\Windows\System\AYGthYk.exe
  C:\Windows\System\AYGthYk.exe
  2⤵
  PID:5268
- C:\Windows\System\xVuzkij.exe
  C:\Windows\System\xVuzkij.exe
  2⤵
  PID:5288
- C:\Windows\System\hVRahvc.exe
  C:\Windows\System\hVRahvc.exe
  2⤵
  PID:5424
- C:\Windows\System\NLxhHZl.exe
  C:\Windows\System\NLxhHZl.exe
  2⤵
  PID:5748
- C:\Windows\System\jxrIzKD.exe
  C:\Windows\System\jxrIzKD.exe
  2⤵
  PID:5820
- C:\Windows\System\awzPQGs.exe
  C:\Windows\System\awzPQGs.exe
  2⤵
  PID:6424
- C:\Windows\System\csKuWyl.exe
  C:\Windows\System\csKuWyl.exe
  2⤵
  PID:6124
- C:\Windows\System\LbhXHqj.exe
  C:\Windows\System\LbhXHqj.exe
  2⤵
  PID:6940
- C:\Windows\System\cDOwOfi.exe
  C:\Windows\System\cDOwOfi.exe
  2⤵
  PID:7212
- C:\Windows\System\DJHeelP.exe
  C:\Windows\System\DJHeelP.exe
  2⤵
  PID:7272
- C:\Windows\System\zywVzPh.exe
  C:\Windows\System\zywVzPh.exe
  2⤵
  PID:7352
- C:\Windows\System\zYPuasv.exe
  C:\Windows\System\zYPuasv.exe
  2⤵
  PID:7532
- C:\Windows\System\YLPpjir.exe
  C:\Windows\System\YLPpjir.exe
  2⤵
  PID:7620
- C:\Windows\System\csYeGri.exe
  C:\Windows\System\csYeGri.exe
  2⤵
  PID:7776
- C:\Windows\System\xbdKVuL.exe
  C:\Windows\System\xbdKVuL.exe
  2⤵
  PID:7828
- C:\Windows\System\oTcOCbp.exe
  C:\Windows\System\oTcOCbp.exe
  2⤵
  PID:7940
- C:\Windows\System\QZharDd.exe
  C:\Windows\System\QZharDd.exe
  2⤵
  PID:9640
- C:\Windows\System\bqYRyrs.exe
  C:\Windows\System\bqYRyrs.exe
  2⤵
  PID:9712
- C:\Windows\System\CaqFdCp.exe
  C:\Windows\System\CaqFdCp.exe
  2⤵
  PID:9736
- C:\Windows\System\OZukFjE.exe
  C:\Windows\System\OZukFjE.exe
  2⤵
  PID:8096
- C:\Windows\System\KodiMwa.exe
  C:\Windows\System\KodiMwa.exe
  2⤵
  PID:8132
- C:\Windows\System\LGToqVq.exe
  C:\Windows\System\LGToqVq.exe
  2⤵
  PID:8180
- C:\Windows\System\KBBjXcs.exe
  C:\Windows\System\KBBjXcs.exe
  2⤵
  PID:8912
- C:\Windows\System\bKtGlKM.exe
  C:\Windows\System\bKtGlKM.exe
  2⤵
  PID:8880
- C:\Windows\System\guETBuf.exe
  C:\Windows\System\guETBuf.exe
  2⤵
  PID:8808
- C:\Windows\System\dRrjSsz.exe
  C:\Windows\System\dRrjSsz.exe
  2⤵
  PID:8752
- C:\Windows\System\XsSrPce.exe
  C:\Windows\System\XsSrPce.exe
  2⤵
  PID:8708
- C:\Windows\System\iyTguzX.exe
  C:\Windows\System\iyTguzX.exe
  2⤵
  PID:8672
- C:\Windows\System\BcZAGJb.exe
  C:\Windows\System\BcZAGJb.exe
  2⤵
  PID:8624
- C:\Windows\System\FQYrSMR.exe
  C:\Windows\System\FQYrSMR.exe
  2⤵
  PID:8592
- C:\Windows\System\JZsxzJT.exe
  C:\Windows\System\JZsxzJT.exe
  2⤵
  PID:8548
- C:\Windows\System\UFNkFIu.exe
  C:\Windows\System\UFNkFIu.exe
  2⤵
  PID:8512
- C:\Windows\System\tWmnCGf.exe
  C:\Windows\System\tWmnCGf.exe
  2⤵
  PID:8472
- C:\Windows\System\TJWbRGV.exe
  C:\Windows\System\TJWbRGV.exe
  2⤵
  PID:8432
- C:\Windows\System\NUdHKRH.exe
  C:\Windows\System\NUdHKRH.exe
  2⤵
  PID:8384
- C:\Windows\System\lLuWmAk.exe
  C:\Windows\System\lLuWmAk.exe
  2⤵
  PID:8356
- C:\Windows\System\bNIbTNn.exe
  C:\Windows\System\bNIbTNn.exe
  2⤵
  PID:8304
- C:\Windows\System\paxJUlQ.exe
  C:\Windows\System\paxJUlQ.exe
  2⤵
  PID:8276
- C:\Windows\System\eFUPVvA.exe
  C:\Windows\System\eFUPVvA.exe
  2⤵
  PID:8236
- C:\Windows\System\LrnnTpb.exe
  C:\Windows\System\LrnnTpb.exe
  2⤵
  PID:8204
- C:\Windows\System\uoGMYxN.exe
  C:\Windows\System\uoGMYxN.exe
  2⤵
  PID:6324
- C:\Windows\System\ZUJZMAh.exe
  C:\Windows\System\ZUJZMAh.exe
  2⤵
  PID:6852
- C:\Windows\System\CmbGIzI.exe
  C:\Windows\System\CmbGIzI.exe
  2⤵
  PID:6996
- C:\Windows\System\khwSOWv.exe
  C:\Windows\System\khwSOWv.exe
  2⤵
  PID:6860
- C:\Windows\System\sHjySUY.exe
  C:\Windows\System\sHjySUY.exe
  2⤵
  PID:8944
- C:\Windows\System\dCZZXhz.exe
  C:\Windows\System\dCZZXhz.exe
  2⤵
  PID:9000
- C:\Windows\System\xuDJEhE.exe
  C:\Windows\System\xuDJEhE.exe
  2⤵
  PID:9060
- C:\Windows\System\pcEtAex.exe
  C:\Windows\System\pcEtAex.exe
  2⤵
  PID:9112
- C:\Windows\System\tphPKya.exe
  C:\Windows\System\tphPKya.exe
  2⤵
  PID:9156
- C:\Windows\System\EhfmpUx.exe
  C:\Windows\System\EhfmpUx.exe
  2⤵
  PID:9196
- C:\Windows\System\OxXeyen.exe
  C:\Windows\System\OxXeyen.exe
  2⤵
  PID:6500
- C:\Windows\System\pxjuqsU.exe
  C:\Windows\System\pxjuqsU.exe
  2⤵
  PID:6544
- C:\Windows\System\wcuLVxP.exe
  C:\Windows\System\wcuLVxP.exe
  2⤵
  PID:6688
- C:\Windows\System\lYtMgLn.exe
  C:\Windows\System\lYtMgLn.exe
  2⤵
  PID:9236
- C:\Windows\System\OITFjyJ.exe
  C:\Windows\System\OITFjyJ.exe
  2⤵
  PID:9280
- C:\Windows\System\HqTgUXP.exe
  C:\Windows\System\HqTgUXP.exe
  2⤵
  PID:9332
- C:\Windows\System\PlJWTBF.exe
  C:\Windows\System\PlJWTBF.exe
  2⤵
  PID:9372
- C:\Windows\System\WJgruKF.exe
  C:\Windows\System\WJgruKF.exe
  2⤵
  PID:9440
- C:\Windows\System\jTHuUdj.exe
  C:\Windows\System\jTHuUdj.exe
  2⤵
  PID:9468
- C:\Windows\System\aVMtDUc.exe
  C:\Windows\System\aVMtDUc.exe
  2⤵
  PID:9512
- C:\Windows\System\mMmSsia.exe
  C:\Windows\System\mMmSsia.exe
  2⤵
  PID:9556
- C:\Windows\System\UMEnJtF.exe
  C:\Windows\System\UMEnJtF.exe
  2⤵
  PID:10004
- C:\Windows\System\JjFSVRO.exe
  C:\Windows\System\JjFSVRO.exe
  2⤵
  PID:10024
- C:\Windows\System\nuOxUEI.exe
  C:\Windows\System\nuOxUEI.exe
  2⤵
  PID:9656
- C:\Windows\System\DkOvnUd.exe
  C:\Windows\System\DkOvnUd.exe
  2⤵
  PID:10248
- C:\Windows\System\xkskwOm.exe
  C:\Windows\System\xkskwOm.exe
  2⤵
  PID:10268
- C:\Windows\System\biAmYfs.exe
  C:\Windows\System\biAmYfs.exe
  2⤵
  PID:10284
- C:\Windows\System\qSBAZPE.exe
  C:\Windows\System\qSBAZPE.exe
  2⤵
  PID:10308
- C:\Windows\System\JchJMTx.exe
  C:\Windows\System\JchJMTx.exe
  2⤵
  PID:10324
- C:\Windows\System\Dosqper.exe
  C:\Windows\System\Dosqper.exe
  2⤵
  PID:10348
- C:\Windows\System\NcknwrU.exe
  C:\Windows\System\NcknwrU.exe
  2⤵
  PID:10364
- C:\Windows\System\WgTjbMq.exe
  C:\Windows\System\WgTjbMq.exe
  2⤵
  PID:10384
- C:\Windows\System\FgnlVre.exe
  C:\Windows\System\FgnlVre.exe
  2⤵
  PID:10408
- C:\Windows\System\eIdDIUs.exe
  C:\Windows\System\eIdDIUs.exe
  2⤵
  PID:10424
- C:\Windows\System\IQXcWxW.exe
  C:\Windows\System\IQXcWxW.exe
  2⤵
  PID:10448
- C:\Windows\System\ZdvRIeH.exe
  C:\Windows\System\ZdvRIeH.exe
  2⤵
  PID:10464
- C:\Windows\System\tjWDHTn.exe
  C:\Windows\System\tjWDHTn.exe
  2⤵
  PID:10488
- C:\Windows\System\OLtsreM.exe
  C:\Windows\System\OLtsreM.exe
  2⤵
  PID:10508
- C:\Windows\System\zFoBGME.exe
  C:\Windows\System\zFoBGME.exe
  2⤵
  PID:10524
- C:\Windows\System\pMkjzwn.exe
  C:\Windows\System\pMkjzwn.exe
  2⤵
  PID:10548
- C:\Windows\System\wozozTX.exe
  C:\Windows\System\wozozTX.exe
  2⤵
  PID:10564
- C:\Windows\System\rNgTXMH.exe
  C:\Windows\System\rNgTXMH.exe
  2⤵
  PID:10588
- C:\Windows\System\SJKDVcp.exe
  C:\Windows\System\SJKDVcp.exe
  2⤵
  PID:10604
- C:\Windows\System\qCQmcnf.exe
  C:\Windows\System\qCQmcnf.exe
  2⤵
  PID:10628
- C:\Windows\System\ZZaxhQV.exe
  C:\Windows\System\ZZaxhQV.exe
  2⤵
  PID:10644
- C:\Windows\System\PhqEdQW.exe
  C:\Windows\System\PhqEdQW.exe
  2⤵
  PID:10664
- C:\Windows\System\UrvDQlp.exe
  C:\Windows\System\UrvDQlp.exe
  2⤵
  PID:10692
- C:\Windows\System\QVMyCXp.exe
  C:\Windows\System\QVMyCXp.exe
  2⤵
  PID:10708
- C:\Windows\System\BFvEKBT.exe
  C:\Windows\System\BFvEKBT.exe
  2⤵
  PID:10732
- C:\Windows\System\lggDHUp.exe
  C:\Windows\System\lggDHUp.exe
  2⤵
  PID:10756
- C:\Windows\System\HgiiDty.exe
  C:\Windows\System\HgiiDty.exe
  2⤵
  PID:10780
- C:\Windows\System\rUcQRGK.exe
  C:\Windows\System\rUcQRGK.exe
  2⤵
  PID:10796
- C:\Windows\System\fADloDw.exe
  C:\Windows\System\fADloDw.exe
  2⤵
  PID:10816
- C:\Windows\System\sHQpzuf.exe
  C:\Windows\System\sHQpzuf.exe
  2⤵
  PID:10836
- C:\Windows\System\BaQdpTk.exe
  C:\Windows\System\BaQdpTk.exe
  2⤵
  PID:10856
- C:\Windows\System\xwBsFeK.exe
  C:\Windows\System\xwBsFeK.exe
  2⤵
  PID:10880
- C:\Windows\System\PSpozEp.exe
  C:\Windows\System\PSpozEp.exe
  2⤵
  PID:10896
- C:\Windows\System\FmKNHDr.exe
  C:\Windows\System\FmKNHDr.exe
  2⤵
  PID:10920
- C:\Windows\System\pxjytuQ.exe
  C:\Windows\System\pxjytuQ.exe
  2⤵
  PID:10940
- C:\Windows\System\jAnpKxF.exe
  C:\Windows\System\jAnpKxF.exe
  2⤵
  PID:10960
- C:\Windows\System\xevjNJx.exe
  C:\Windows\System\xevjNJx.exe
  2⤵
  PID:10980
- C:\Windows\System\WczyGou.exe
  C:\Windows\System\WczyGou.exe
  2⤵
  PID:10996
- C:\Windows\System\ZgTBlBF.exe
  C:\Windows\System\ZgTBlBF.exe
  2⤵
  PID:11016
- C:\Windows\System\okwJpwU.exe
  C:\Windows\System\okwJpwU.exe
  2⤵
  PID:11036
- C:\Windows\System\gTUbFgr.exe
  C:\Windows\System\gTUbFgr.exe
  2⤵
  PID:11064
- C:\Windows\System\zMzWeZX.exe
  C:\Windows\System\zMzWeZX.exe
  2⤵
  PID:11080
- C:\Windows\System\QiyiQxb.exe
  C:\Windows\System\QiyiQxb.exe
  2⤵
  PID:11096
- C:\Windows\System\dGXfHIL.exe
  C:\Windows\System\dGXfHIL.exe
  2⤵
  PID:11112
- C:\Windows\System\YOlDkRL.exe
  C:\Windows\System\YOlDkRL.exe
  2⤵
  PID:11128
- C:\Windows\System\aSWCotl.exe
  C:\Windows\System\aSWCotl.exe
  2⤵
  PID:11144
- C:\Windows\System\iZmlxGz.exe
  C:\Windows\System\iZmlxGz.exe
  2⤵
  PID:11160
- C:\Windows\System\lPQeVJQ.exe
  C:\Windows\System\lPQeVJQ.exe
  2⤵
  PID:11180
- C:\Windows\System\zFHwyTg.exe
  C:\Windows\System\zFHwyTg.exe
  2⤵
  PID:11196
- C:\Windows\System\uTJKlys.exe
  C:\Windows\System\uTJKlys.exe
  2⤵
  PID:11216
- C:\Windows\System\AAafCQT.exe
  C:\Windows\System\AAafCQT.exe
  2⤵
  PID:11236
- C:\Windows\System\SwpNfIJ.exe
  C:\Windows\System\SwpNfIJ.exe
  2⤵
  PID:11256
- C:\Windows\System\zKZemPD.exe
  C:\Windows\System\zKZemPD.exe
  2⤵
  PID:10164
- C:\Windows\System\BEdsUBJ.exe
  C:\Windows\System\BEdsUBJ.exe
  2⤵
  PID:7552
- C:\Windows\System\ypPnDHh.exe
  C:\Windows\System\ypPnDHh.exe
  2⤵
  PID:8024
- C:\Windows\System\VtTmnNM.exe
  C:\Windows\System\VtTmnNM.exe
  2⤵
  PID:11276
- C:\Windows\System\ACtwxnj.exe
  C:\Windows\System\ACtwxnj.exe
  2⤵
  PID:11296
- C:\Windows\System\xCtmryM.exe
  C:\Windows\System\xCtmryM.exe
  2⤵
  PID:11316
- C:\Windows\System\sxzFGJC.exe
  C:\Windows\System\sxzFGJC.exe
  2⤵
  PID:11336
- C:\Windows\System\xXTJSkz.exe
  C:\Windows\System\xXTJSkz.exe
  2⤵
  PID:11352
- C:\Windows\System\uMRAZBN.exe
  C:\Windows\System\uMRAZBN.exe
  2⤵
  PID:11372
- C:\Windows\System\xnThcok.exe
  C:\Windows\System\xnThcok.exe
  2⤵
  PID:11392
- C:\Windows\System\BZqWwKc.exe
  C:\Windows\System\BZqWwKc.exe
  2⤵
  PID:11420
- C:\Windows\System\YPuRkeY.exe
  C:\Windows\System\YPuRkeY.exe
  2⤵
  PID:11436
- C:\Windows\System\XNonfwC.exe
  C:\Windows\System\XNonfwC.exe
  2⤵
  PID:11460
- C:\Windows\System\AECAoDk.exe
  C:\Windows\System\AECAoDk.exe
  2⤵
  PID:11476
- C:\Windows\System\JUtwmNt.exe
  C:\Windows\System\JUtwmNt.exe
  2⤵
  PID:11496
- C:\Windows\System\VdQwRvf.exe
  C:\Windows\System\VdQwRvf.exe
  2⤵
  PID:11520
- C:\Windows\System\TShRySt.exe
  C:\Windows\System\TShRySt.exe
  2⤵
  PID:11536
- C:\Windows\System\hJrMwRn.exe
  C:\Windows\System\hJrMwRn.exe
  2⤵
  PID:11556
- C:\Windows\System\dWqfKOE.exe
  C:\Windows\System\dWqfKOE.exe
  2⤵
  PID:11576
- C:\Windows\System\QbxPNnO.exe
  C:\Windows\System\QbxPNnO.exe
  2⤵
  PID:11592
- C:\Windows\System\sRvcztK.exe
  C:\Windows\System\sRvcztK.exe
  2⤵
  PID:11616
- C:\Windows\System\QdPEyje.exe
  C:\Windows\System\QdPEyje.exe
  2⤵
  PID:11632
- C:\Windows\System\amHtziP.exe
  C:\Windows\System\amHtziP.exe
  2⤵
  PID:11652
- C:\Windows\System\kthpVCb.exe
  C:\Windows\System\kthpVCb.exe
  2⤵
  PID:11668
- C:\Windows\System\qCixkRB.exe
  C:\Windows\System\qCixkRB.exe
  2⤵
  PID:11692
- C:\Windows\System\hIAwfWJ.exe
  C:\Windows\System\hIAwfWJ.exe
  2⤵
  PID:11708
- C:\Windows\System\XNMkBSw.exe
  C:\Windows\System\XNMkBSw.exe
  2⤵
  PID:11736
- C:\Windows\System\kkwEoJP.exe
  C:\Windows\System\kkwEoJP.exe
  2⤵
  PID:11752
- C:\Windows\System\lAgcLym.exe
  C:\Windows\System\lAgcLym.exe
  2⤵
  PID:11772
- C:\Windows\System\yHElyet.exe
  C:\Windows\System\yHElyet.exe
  2⤵
  PID:11796
- C:\Windows\System\OUgPosp.exe
  C:\Windows\System\OUgPosp.exe
  2⤵
  PID:11812
- C:\Windows\System\YDguiXy.exe
  C:\Windows\System\YDguiXy.exe
  2⤵
  PID:11836
- C:\Windows\System\fcJpScz.exe
  C:\Windows\System\fcJpScz.exe
  2⤵
  PID:11852
- C:\Windows\System\cTaVDqW.exe
  C:\Windows\System\cTaVDqW.exe
  2⤵
  PID:11872
- C:\Windows\System\GLgUfuY.exe
  C:\Windows\System\GLgUfuY.exe
  2⤵
  PID:11892
- C:\Windows\System\QfONbRU.exe
  C:\Windows\System\QfONbRU.exe
  2⤵
  PID:11908
- C:\Windows\System\zkYqGKT.exe
  C:\Windows\System\zkYqGKT.exe
  2⤵
  PID:11928
- C:\Windows\System\bHpeMKF.exe
  C:\Windows\System\bHpeMKF.exe
  2⤵
  PID:11944
- C:\Windows\System\JJXibAL.exe
  C:\Windows\System\JJXibAL.exe
  2⤵
  PID:12004
- C:\Windows\System\wimuyIu.exe
  C:\Windows\System\wimuyIu.exe
  2⤵
  PID:12020
- C:\Windows\System\vzZBgim.exe
  C:\Windows\System\vzZBgim.exe
  2⤵
  PID:12036
- C:\Windows\System\oPqyazy.exe
  C:\Windows\System\oPqyazy.exe
  2⤵
  PID:12056
- C:\Windows\System\tRFFtaM.exe
  C:\Windows\System\tRFFtaM.exe
  2⤵
  PID:12072
- C:\Windows\System\KCokmGk.exe
  C:\Windows\System\KCokmGk.exe
  2⤵
  PID:12100
- C:\Windows\System\qfOePMK.exe
  C:\Windows\System\qfOePMK.exe
  2⤵
  PID:12116
- C:\Windows\System\iqfviMk.exe
  C:\Windows\System\iqfviMk.exe
  2⤵
  PID:12144
- C:\Windows\System\KcvLLZg.exe
  C:\Windows\System\KcvLLZg.exe
  2⤵
  PID:12164
- C:\Windows\System\CqrGUVu.exe
  C:\Windows\System\CqrGUVu.exe
  2⤵
  PID:12180
- C:\Windows\System\SoiDoSO.exe
  C:\Windows\System\SoiDoSO.exe
  2⤵
  PID:12200
- C:\Windows\System\VPHwUjI.exe
  C:\Windows\System\VPHwUjI.exe
  2⤵
  PID:12220
- C:\Windows\System\WRPHScJ.exe
  C:\Windows\System\WRPHScJ.exe
  2⤵
  PID:12240
- C:\Windows\System\UGsGpnA.exe
  C:\Windows\System\UGsGpnA.exe
  2⤵
  PID:12260
- C:\Windows\System\YfkCxOe.exe
  C:\Windows\System\YfkCxOe.exe
  2⤵
  PID:12276
- C:\Windows\System\ZCVvhHC.exe
  C:\Windows\System\ZCVvhHC.exe
  2⤵
  PID:6080
- C:\Windows\System\HzYDLRK.exe
  C:\Windows\System\HzYDLRK.exe
  2⤵
  PID:1828
- C:\Windows\System\bnlqYeT.exe
  C:\Windows\System\bnlqYeT.exe
  2⤵
  PID:8824
- C:\Windows\System\Ckvfsjw.exe
  C:\Windows\System\Ckvfsjw.exe
  2⤵
  PID:8504
- C:\Windows\System\ofctkvG.exe
  C:\Windows\System\ofctkvG.exe
  2⤵
  PID:8400
- C:\Windows\System\VTRfaAM.exe
  C:\Windows\System\VTRfaAM.exe
  2⤵
  PID:11332
- C:\Windows\System\XRlnClx.exe
  C:\Windows\System\XRlnClx.exe
  2⤵
  PID:11384
- C:\Windows\System\xLAfQbB.exe
  C:\Windows\System\xLAfQbB.exe
  2⤵
  PID:11572
- C:\Windows\System\yUAcdbt.exe
  C:\Windows\System\yUAcdbt.exe
  2⤵
  PID:7960
- C:\Windows\System\Tcnonqd.exe
  C:\Windows\System\Tcnonqd.exe
  2⤵
  PID:12188
- C:\Windows\System\zQRyitQ.exe
  C:\Windows\System\zQRyitQ.exe
  2⤵
  PID:12044
- C:\Windows\System\mhuzLlV.exe
  C:\Windows\System\mhuzLlV.exe
  2⤵
  PID:11728
- C:\Windows\System\TlLHlbb.exe
  C:\Windows\System\TlLHlbb.exe
  2⤵
  PID:6700
- C:\Windows\System\ZZiAzKg.exe
  C:\Windows\System\ZZiAzKg.exe
  2⤵
  PID:9304
- C:\Windows\System\cVHHRQW.exe
  C:\Windows\System\cVHHRQW.exe
  2⤵
  PID:10316
- C:\Windows\System\FgSIbQC.exe
  C:\Windows\System\FgSIbQC.exe
  2⤵
  PID:10396
- C:\Windows\System\PoCrtuf.exe
  C:\Windows\System\PoCrtuf.exe
  2⤵
  PID:10472
- C:\Windows\System\LecqjYq.exe
  C:\Windows\System\LecqjYq.exe
  2⤵
  PID:10596
- C:\Windows\System\sgnBTVm.exe
  C:\Windows\System\sgnBTVm.exe
  2⤵
  PID:10828
- C:\Windows\System\MxqzgFv.exe
  C:\Windows\System\MxqzgFv.exe
  2⤵
  PID:10972
- C:\Windows\System\eaZwilb.exe
  C:\Windows\System\eaZwilb.exe
  2⤵
  PID:13000
- C:\Windows\System\ffpliMF.exe
  C:\Windows\System\ffpliMF.exe
  2⤵
  PID:11400
- C:\Windows\System\ymSRVfr.exe
  C:\Windows\System\ymSRVfr.exe
  2⤵
  PID:12872
- C:\Windows\System\mlGgWkF.exe
  C:\Windows\System\mlGgWkF.exe
  2⤵
  PID:12776
- C:\Windows\System\bsecFOL.exe
  C:\Windows\System\bsecFOL.exe
  2⤵
  PID:12632
- C:\Windows\System\zeaqyec.exe
  C:\Windows\System\zeaqyec.exe
  2⤵
  PID:8964
- C:\Windows\System\guPDLpU.exe
  C:\Windows\System\guPDLpU.exe
  2⤵
  PID:10108
- C:\Windows\System\miyrgWY.exe
  C:\Windows\System\miyrgWY.exe
  2⤵
  PID:10652
- C:\Windows\System\eoPqXYN.exe
  C:\Windows\System\eoPqXYN.exe
  2⤵
  PID:7172
- C:\Windows\System\lUtNfxs.exe
  C:\Windows\System\lUtNfxs.exe
  2⤵
  PID:6556
- C:\Windows\System\hphdIjV.exe
  C:\Windows\System\hphdIjV.exe
  2⤵
  PID:7156
- C:\Windows\System\ZumUslO.exe
  C:\Windows\System\ZumUslO.exe
  2⤵
  PID:4972
- C:\Windows\System\CttEOJK.exe
  C:\Windows\System\CttEOJK.exe
  2⤵
  PID:9504
- C:\Windows\System\JXgcGxd.exe
  C:\Windows\System\JXgcGxd.exe
  2⤵
  PID:5360
- C:\Windows\System\XUjzYmz.exe
  C:\Windows\System\XUjzYmz.exe
  2⤵
  PID:5336
- C:\Windows\System\rfjLyIT.exe
  C:\Windows\System\rfjLyIT.exe
  2⤵
  PID:10752
- C:\Windows\System\SlWqUPK.exe
  C:\Windows\System\SlWqUPK.exe
  2⤵
  PID:10212
- C:\Windows\System\HDkfkDW.exe
  C:\Windows\System\HDkfkDW.exe
  2⤵
  PID:10792
- C:\Windows\System\TUuGcLn.exe
  C:\Windows\System\TUuGcLn.exe
  2⤵
  PID:13256
- C:\Windows\System\xehhNjw.exe
  C:\Windows\System\xehhNjw.exe
  2⤵
  PID:10016
- C:\Windows\System\wpwojfo.exe
  C:\Windows\System\wpwojfo.exe
  2⤵
  PID:6836
- C:\Windows\System\EkrMsbf.exe
  C:\Windows\System\EkrMsbf.exe
  2⤵
  PID:12488
- C:\Windows\System\VLMgrdC.exe
  C:\Windows\System\VLMgrdC.exe
  2⤵
  PID:5544
- C:\Windows\System\ZRPoEnt.exe
  C:\Windows\System\ZRPoEnt.exe
  2⤵
  PID:7044
- C:\Windows\System\TpDUmeR.exe
  C:\Windows\System\TpDUmeR.exe
  2⤵
  PID:6784
- C:\Windows\System\fTEGxJN.exe
  C:\Windows\System\fTEGxJN.exe
  2⤵
  PID:5692
- C:\Windows\System\LHgecFy.exe
  C:\Windows\System\LHgecFy.exe
  2⤵
  PID:11940
- C:\Windows\System\iDLnONM.exe
  C:\Windows\System\iDLnONM.exe
  2⤵
  PID:11492
- C:\Windows\System\eeyeVPf.exe
  C:\Windows\System\eeyeVPf.exe
  2⤵
  PID:11788
- C:\Windows\System\nIkSdVF.exe
  C:\Windows\System\nIkSdVF.exe
  2⤵
  PID:12968
- C:\Windows\System\qiaBBRq.exe
  C:\Windows\System\qiaBBRq.exe
  2⤵
  PID:12032
- C:\Windows\System\TwbgEAU.exe
  C:\Windows\System\TwbgEAU.exe
  2⤵
  PID:6880
- C:\Windows\System\QemOXvo.exe
  C:\Windows\System\QemOXvo.exe
  2⤵
  PID:12464
- C:\Windows\System\CuEbylt.exe
  C:\Windows\System\CuEbylt.exe
  2⤵
  PID:10584
- C:\Windows\System\CuXpaiz.exe
  C:\Windows\System\CuXpaiz.exe
  2⤵
  PID:10936
- C:\Windows\System\JiWbwvr.exe
  C:\Windows\System\JiWbwvr.exe
  2⤵
  PID:7908
- C:\Windows\System\eCZHeKv.exe
  C:\Windows\System\eCZHeKv.exe
  2⤵
  PID:11924
- C:\Windows\System\QZncktQ.exe
  C:\Windows\System\QZncktQ.exe
  2⤵
  PID:12952
- C:\Windows\System\kqZPOfs.exe
  C:\Windows\System\kqZPOfs.exe
  2⤵
  PID:13092
- C:\Windows\System\bHbVGNz.exe
  C:\Windows\System\bHbVGNz.exe
  2⤵
  PID:7860
- C:\Windows\System\ydufojz.exe
  C:\Windows\System\ydufojz.exe
  2⤵
  PID:12128
- C:\Windows\System\YaMCKFa.exe
  C:\Windows\System\YaMCKFa.exe
  2⤵
  PID:8684
- C:\Windows\System\uiBegqU.exe
  C:\Windows\System\uiBegqU.exe
  2⤵
  PID:12196
- C:\Windows\System\gsBqdtq.exe
  C:\Windows\System\gsBqdtq.exe
  2⤵
  PID:12348
- C:\Windows\System\htkBRea.exe
  C:\Windows\System\htkBRea.exe
  2⤵
  PID:6452
- C:\Windows\System\gDSmsoG.exe
  C:\Windows\System\gDSmsoG.exe
  2⤵
  PID:4480
- C:\Windows\System\iGNxEOy.exe
  C:\Windows\System\iGNxEOy.exe
  2⤵
  PID:13032
- C:\Windows\System\sAIKeQE.exe
  C:\Windows\System\sAIKeQE.exe
  2⤵
  PID:12796
- C:\Windows\System\dCsxrxX.exe
  C:\Windows\System\dCsxrxX.exe
  2⤵
  PID:10256
- C:\Windows\System\mpkzInx.exe
  C:\Windows\System\mpkzInx.exe
  2⤵
  PID:12580
- C:\Windows\System\FwQqrKj.exe
  C:\Windows\System\FwQqrKj.exe
  2⤵
  PID:5680
- C:\Windows\System\OYlNJmq.exe
  C:\Windows\System\OYlNJmq.exe
  2⤵
  PID:6840
- C:\Windows\System\HSzquPF.exe
  C:\Windows\System\HSzquPF.exe
  2⤵
  PID:10520
- C:\Windows\System\nortuFp.exe
  C:\Windows\System\nortuFp.exe
  2⤵
  PID:11228
- C:\Windows\System\ducgAEx.exe
  C:\Windows\System\ducgAEx.exe
  2⤵
  PID:13176
- C:\Windows\System\jBJeyCx.exe
  C:\Windows\System\jBJeyCx.exe
  2⤵
  PID:10952
- C:\Windows\System\piUBmOS.exe
  C:\Windows\System\piUBmOS.exe
  2⤵
  PID:6288
- C:\Windows\System\KrkZaje.exe
  C:\Windows\System\KrkZaje.exe
  2⤵
  PID:13100
- C:\Windows\System\ALoHsTS.exe
  C:\Windows\System\ALoHsTS.exe
  2⤵
  PID:11640
- C:\Windows\System\RjRbENN.exe
  C:\Windows\System\RjRbENN.exe
  2⤵
  PID:8040
- C:\Windows\System\sBEUbxr.exe
  C:\Windows\System\sBEUbxr.exe
  2⤵
  PID:3776
- C:\Windows\System\GhqksNe.exe
  C:\Windows\System\GhqksNe.exe
  2⤵
  PID:12080
- C:\Windows\System\cXojAxg.exe
  C:\Windows\System\cXojAxg.exe
  2⤵
  PID:13156
- C:\Windows\System\FPEMGWk.exe
  C:\Windows\System\FPEMGWk.exe
  2⤵
  PID:12084
- C:\Windows\System\UywWgIM.exe
  C:\Windows\System\UywWgIM.exe
  2⤵
  PID:12708
- C:\Windows\System\oJcLKyg.exe
  C:\Windows\System\oJcLKyg.exe
  2⤵
  PID:10068
- C:\Windows\System\hDOzYpz.exe
  C:\Windows\System\hDOzYpz.exe
  2⤵
  PID:11664
- C:\Windows\System\RLtYDHD.exe
  C:\Windows\System\RLtYDHD.exe
  2⤵
  PID:10500
- C:\Windows\System\SWAbLRq.exe
  C:\Windows\System\SWAbLRq.exe
  2⤵
  PID:9452
- C:\Windows\System\kCLfgzP.exe
  C:\Windows\System\kCLfgzP.exe
  2⤵
  PID:10676
- C:\Windows\System\Lrksicl.exe
  C:\Windows\System\Lrksicl.exe
  2⤵
  PID:10868
- C:\Windows\System\zRrUPsJ.exe
  C:\Windows\System\zRrUPsJ.exe
  2⤵
  PID:1472
- C:\Windows\System\nxkTTuH.exe
  C:\Windows\System\nxkTTuH.exe
  2⤵
  PID:11864
- C:\Windows\System\QDYAAPl.exe
  C:\Windows\System\QDYAAPl.exe
  2⤵
  PID:11292
- C:\Windows\System\qLBSCkV.exe
  C:\Windows\System\qLBSCkV.exe
  2⤵
  PID:13104
- C:\Windows\System\CijvIAn.exe
  C:\Windows\System\CijvIAn.exe
  2⤵
  PID:10440
- C:\Windows\System\LiVQrdu.exe
  C:\Windows\System\LiVQrdu.exe
  2⤵
  PID:7312
- C:\Windows\System\qKtRdeJ.exe
  C:\Windows\System\qKtRdeJ.exe
  2⤵
  PID:8812
- C:\Windows\System\uLVRLrz.exe
  C:\Windows\System\uLVRLrz.exe
  2⤵
  PID:12388
- C:\Windows\System\pvuuyqk.exe
  C:\Windows\System\pvuuyqk.exe
  2⤵
  PID:12316
- C:\Windows\System\IgYmRPS.exe
  C:\Windows\System\IgYmRPS.exe
  2⤵
  PID:3224
- C:\Windows\System\MamCfIM.exe
  C:\Windows\System\MamCfIM.exe
  2⤵
  PID:11124
- C:\Windows\System\KgrBRmD.exe
  C:\Windows\System\KgrBRmD.exe
  2⤵
  PID:804
- C:\Windows\System\dAaIIMJ.exe
  C:\Windows\System\dAaIIMJ.exe
  2⤵
  PID:3744
- C:\Windows\System\JwLBqHm.exe
  C:\Windows\System\JwLBqHm.exe
  2⤵
  PID:12380
- C:\Windows\System\wosAwFA.exe
  C:\Windows\System\wosAwFA.exe
  2⤵
  PID:9716
- C:\Windows\System\JNOqWtb.exe
  C:\Windows\System\JNOqWtb.exe
  2⤵
  PID:11848
- C:\Windows\System\ufxsdmv.exe
  C:\Windows\System\ufxsdmv.exe
  2⤵
  PID:412
- C:\Windows\System\nQYeybf.exe
  C:\Windows\System\nQYeybf.exe
  2⤵
  PID:1636
- C:\Windows\System\qlCOiVN.exe
  C:\Windows\System\qlCOiVN.exe
  2⤵
  PID:9360
- C:\Windows\System\kGvRbxR.exe
  C:\Windows\System\kGvRbxR.exe
  2⤵
  PID:12760
- C:\Windows\System\BUtmQyH.exe
  C:\Windows\System\BUtmQyH.exe
  2⤵
  PID:12324
- C:\Windows\System\XXIPFDA.exe
  C:\Windows\System\XXIPFDA.exe
  2⤵
  PID:12028
- C:\Windows\System\pfSFfNw.exe
  C:\Windows\System\pfSFfNw.exe
  2⤵
  PID:12936
- C:\Windows\System\LZxVWcO.exe
  C:\Windows\System\LZxVWcO.exe
  2⤵
  PID:12752
- C:\Windows\System\UhsFkcS.exe
  C:\Windows\System\UhsFkcS.exe
  2⤵
  PID:8888
- C:\Windows\System\VUeuKqf.exe
  C:\Windows\System\VUeuKqf.exe
  2⤵
  PID:12724
- C:\Windows\System\ApWgzqE.exe
  C:\Windows\System\ApWgzqE.exe
  2⤵
  PID:7728
- C:\Windows\System\XQplRKS.exe
  C:\Windows\System\XQplRKS.exe
  2⤵
  PID:12296
- C:\Windows\System\mkjRtXY.exe
  C:\Windows\System\mkjRtXY.exe
  2⤵
  PID:11092
- C:\Windows\System\uwozIsc.exe
  C:\Windows\System\uwozIsc.exe
  2⤵
  PID:7808
- C:\Windows\System\XSErfnQ.exe
  C:\Windows\System\XSErfnQ.exe
  2⤵
  PID:11784
- C:\Windows\System\zFOSOuL.exe
  C:\Windows\System\zFOSOuL.exe
  2⤵
  PID:8044
- C:\Windows\System\KCekdlz.exe
  C:\Windows\System\KCekdlz.exe
  2⤵
  PID:10480
- C:\Windows\System\eTsFfly.exe
  C:\Windows\System\eTsFfly.exe
  2⤵
  PID:12272
- C:\Windows\System\eouQwAr.exe
  C:\Windows\System\eouQwAr.exe
  2⤵
  PID:8848
- C:\Windows\System\LCjBsYG.exe
  C:\Windows\System\LCjBsYG.exe
  2⤵
  PID:12304
- C:\Windows\System\ueolgCW.exe
  C:\Windows\System\ueolgCW.exe
  2⤵
  PID:5020
- C:\Windows\System\xPNMnui.exe
  C:\Windows\System\xPNMnui.exe
  2⤵
  PID:13124
- C:\Windows\System\NTBApAB.exe
  C:\Windows\System\NTBApAB.exe
  2⤵
  PID:11900
- C:\Windows\System\XaTqqhs.exe
  C:\Windows\System\XaTqqhs.exe
  2⤵
  PID:12636
- C:\Windows\System\ddogudk.exe
  C:\Windows\System\ddogudk.exe
  2⤵
  PID:3296
- C:\Windows\System\kRuWuTW.exe
  C:\Windows\System\kRuWuTW.exe
  2⤵
  PID:9176
- C:\Windows\System\CeQVUJM.exe
  C:\Windows\System\CeQVUJM.exe
  2⤵
  PID:1608
- C:\Windows\System\qIgupHO.exe
  C:\Windows\System\qIgupHO.exe
  2⤵
  PID:2012
- C:\Windows\System\wnpfTtJ.exe
  C:\Windows\System\wnpfTtJ.exe
  2⤵
  PID:12748
- C:\Windows\System\WKnZfVU.exe
  C:\Windows\System\WKnZfVU.exe
  2⤵
  PID:3896
- C:\Windows\System\bvbIQSl.exe
  C:\Windows\System\bvbIQSl.exe
  2⤵
  PID:1620
- C:\Windows\System\ydmkEKX.exe
  C:\Windows\System\ydmkEKX.exe
  2⤵
  PID:12656
- C:\Windows\System\hEFVJZu.exe
  C:\Windows\System\hEFVJZu.exe
  2⤵
  PID:8784
- C:\Windows\System\lEXMYvl.exe
  C:\Windows\System\lEXMYvl.exe
  2⤵
  PID:13324
- C:\Windows\System\HZaVOzq.exe
  C:\Windows\System\HZaVOzq.exe
  2⤵
  PID:13344
- C:\Windows\System\qUQFZgk.exe
  C:\Windows\System\qUQFZgk.exe
  2⤵
  PID:13364
- C:\Windows\System\lJFLgkL.exe
  C:\Windows\System\lJFLgkL.exe
  2⤵
  PID:13384
- C:\Windows\System\UKulQzs.exe
  C:\Windows\System\UKulQzs.exe
  2⤵
  PID:13540
- C:\Windows\System\VhQaGOt.exe
  C:\Windows\System\VhQaGOt.exe
  2⤵
  PID:13600
- C:\Windows\System\wTDxYDr.exe
  C:\Windows\System\wTDxYDr.exe
  2⤵
  PID:13916
- C:\Windows\System\OvYGsSy.exe
  C:\Windows\System\OvYGsSy.exe
  2⤵
  PID:14132
- C:\Windows\System\ZphCqKx.exe
  C:\Windows\System\ZphCqKx.exe
  2⤵
  PID:14148
- C:\Windows\System\XMzDvhA.exe
  C:\Windows\System\XMzDvhA.exe
  2⤵
  PID:14176
- C:\Windows\System\VdxEzyW.exe
  C:\Windows\System\VdxEzyW.exe
  2⤵
  PID:14196
- C:\Windows\System\oGAKhfO.exe
  C:\Windows\System\oGAKhfO.exe
  2⤵
  PID:14212
- C:\Windows\System\BacFMQj.exe
  C:\Windows\System\BacFMQj.exe
  2⤵
  PID:14264
- C:\Windows\System\CYjhuwy.exe
  C:\Windows\System\CYjhuwy.exe
  2⤵
  PID:13464
- C:\Windows\System\aRaKLBU.exe
  C:\Windows\System\aRaKLBU.exe
  2⤵
  PID:13404
- C:\Windows\System\GKjWfEu.exe
  C:\Windows\System\GKjWfEu.exe
  2⤵
  PID:14068
- C:\Windows\System\bHwUDFK.exe
  C:\Windows\System\bHwUDFK.exe
  2⤵
  PID:556
- C:\Windows\System\DsltqHz.exe
  C:\Windows\System\DsltqHz.exe
  2⤵
  PID:14108
- C:\Windows\System\dywunQg.exe
  C:\Windows\System\dywunQg.exe
  2⤵
  PID:1204
- C:\Windows\System\hExBHuE.exe
  C:\Windows\System\hExBHuE.exe
  2⤵
  PID:1292
- C:\Windows\System\NswMSCX.exe
  C:\Windows\System\NswMSCX.exe
  2⤵
  PID:1864
- C:\Windows\System\aEylWfh.exe
  C:\Windows\System\aEylWfh.exe
  2⤵
  PID:14164
- C:\Windows\System\SawTJti.exe
  C:\Windows\System\SawTJti.exe
  2⤵
  PID:14244
- C:\Windows\System\EwoKAYw.exe
  C:\Windows\System\EwoKAYw.exe
  2⤵
  PID:14284
- C:\Windows\System\yuzofcq.exe
  C:\Windows\System\yuzofcq.exe
  2⤵
  PID:14332
- C:\Windows\System\vaofuXJ.exe
  C:\Windows\System\vaofuXJ.exe
  2⤵
  PID:4656
- C:\Windows\System\snzWQOs.exe
  C:\Windows\System\snzWQOs.exe
  2⤵
  PID:9696
- C:\Windows\System\THhFlxj.exe
  C:\Windows\System\THhFlxj.exe
  2⤵
  PID:2208
- C:\Windows\System\YVRRDqG.exe
  C:\Windows\System\YVRRDqG.exe
  2⤵
  PID:824
- C:\Windows\System\GFFQVcj.exe
  C:\Windows\System\GFFQVcj.exe
  2⤵
  PID:2660
- C:\Windows\System\pnpRZXK.exe
  C:\Windows\System\pnpRZXK.exe
  2⤵
  PID:2556
- C:\Windows\System\nTldYRy.exe
  C:\Windows\System\nTldYRy.exe
  2⤵
  PID:4276
- C:\Windows\System\yOrNBXu.exe
  C:\Windows\System\yOrNBXu.exe
  2⤵
  PID:13472
- C:\Windows\System\DnDCpSR.exe
  C:\Windows\System\DnDCpSR.exe
  2⤵
  PID:13548
- C:\Windows\System\PIGOMvH.exe
  C:\Windows\System\PIGOMvH.exe
  2⤵
  PID:13560
- C:\Windows\System\axNvnZQ.exe
  C:\Windows\System\axNvnZQ.exe
  2⤵
  PID:4048
- C:\Windows\System\FCEZbGt.exe
  C:\Windows\System\FCEZbGt.exe
  2⤵
  PID:13636
- C:\Windows\System\IEcvfpP.exe
  C:\Windows\System\IEcvfpP.exe
  2⤵
  PID:13660
- C:\Windows\System\emsbFvL.exe
  C:\Windows\System\emsbFvL.exe
  2⤵
  PID:13708
- C:\Windows\System\AEZKuRv.exe
  C:\Windows\System\AEZKuRv.exe
  2⤵
  PID:13740
- C:\Windows\System\JJvCuiY.exe
  C:\Windows\System\JJvCuiY.exe
  2⤵
  PID:13796
- C:\Windows\System\MgiGWaO.exe
  C:\Windows\System\MgiGWaO.exe
  2⤵
  PID:13876
- C:\Windows\System\vPkFrBz.exe
  C:\Windows\System\vPkFrBz.exe
  2⤵
  PID:13896
- C:\Windows\System\VNPsJaF.exe
  C:\Windows\System\VNPsJaF.exe
  2⤵
  PID:13696
- C:\Windows\System\aSCFkvx.exe
  C:\Windows\System\aSCFkvx.exe
  2⤵
  PID:13824
- C:\Windows\System\WCGlcuD.exe
  C:\Windows\System\WCGlcuD.exe
  2⤵
  PID:13912

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:14120

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:13448

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
1⤵
PID:12224

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
PID:12260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_qt43ay4o.3s0.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BMuTJIK.exe

Filesize
1.1MB

MD5
75740e6ea62c8910758b35885884c96e

SHA1
9c945eb859910ec6e622059b36a67672aff11898

SHA256
957e12ce692c739dcca7dc1124743ba0f31b405164397d512d3ec8e223209454

SHA512
70c942c363e32ba090cf8c9afa8a8dedb17c29c5094f82832309c67b088f96c73d8f952ad85482645fbd5a58d1d4e412f93932005a44e68b4a9a306f0f160546

Download Submit
C:\Windows\System\BZPPWgA.exe

Filesize
1.1MB

MD5
ee42409b1a1bb7bdc8f0cc4c565b40cc

SHA1
98928a05e09ab11619352f690098c92e48336088

SHA256
180868baed9cf54150ce299e5225fd54923d1cb888b36acfb6d44773f5d56952

SHA512
a03335260736fd5f892a29fe1f54d0e10e9fd9bcc595c20e94ba7e65250c5fb7a52b78648f92d26ff5741e8a0b3d6e29c47c020da499e88df4cb951a8995871b

Download Submit
C:\Windows\System\DouufQC.exe

Filesize
1.1MB

MD5
840d3980320eb30004db91337d204b7d

SHA1
e9cb3bd38869c07078ced7b58a4d3ed2571f19b5

SHA256
f65540bbec7f900bcd045cd84c55e470a4e6e1834a4fa4a328410b00385bc67c

SHA512
86eebf54cf2e6cf998cb417c6b771a0ee2da0587aaaa063d8f6004f786004377c6e5b96801d78fdc6eb1507eb963efe110c81f26f2145f9e57708dded43c071c

Download Submit
C:\Windows\System\EJtxCbF.exe

Filesize
1.1MB

MD5
d496ab200ded8662d5a5d8df1a23f272

SHA1
3012bf508f2cc8fd02f6fbe76a78eabba2e026b3

SHA256
f55f808664f1a77f9d39201b052e07da64fdf058b5b51201618e7ac4ccaa49b5

SHA512
a8abc7893dc624e33ddf1e45e60c6f40e38019861733915795db0abd2d6e9be678c527bcf72f03fdeadb27c2fcb1160f211aa3744ab81563290b5634536e8bfe

Download Submit
C:\Windows\System\EcCxwkq.exe

Filesize
8B

MD5
8a9416a5ba3f4513ce86ee25fcd9ed2c

SHA1
a36f3dd1333c8cfee404b646d4c6809d7e653313

SHA256
fb7dd3a16f87fe8b7e98987069f2b605508df1550402bd2a9bfdec4856b1a59a

SHA512
c747d417c3e282ae9ec82b691c8fea9cb7d0729d1dda54d2144fa9c71dd39f2ab11cee5a6768a89cb91fd4a7ae6e579302cb4e4de8d6384014994320074580a4

Download Submit
C:\Windows\System\EePRdPP.exe

Filesize
1.1MB

MD5
4c29ddaa908f18dbbec3867c6eafc696

SHA1
4cc63cde7cead95b951d14f6bc791197b4f8b67c

SHA256
af98c38a7f60e11fd078eeab29cd6fa02c4e0f7efc0271050eaa6e1acd514001

SHA512
cd74a2aef78d9b69b4ac7ff7b5ba410b2c28c323833b2e146e09e6c979f61175049776c0dd0328a5e2eb1b0571e3b6e59cdac033c14f6a2c8af9281ef4f6dfd3

Download Submit
C:\Windows\System\FTnTmGu.exe

Filesize
1.1MB

MD5
ef195501d0e96522e0be1b3c0ffb3ae1

SHA1
5fdbfc6d46ceadb97abe09254c966a6fd93d7970

SHA256
6c51a15ab2628263887843552a28070f21cbf12944b2571f9fc818adb5bf0e45

SHA512
35b542f3a0e9c1eb3913a553466cadf37df88f9b3d37a79d76a54ce9042675153499b33898f072dceb8ea34d4dd65f3687884c29d8215740a90e0d0de91564bd

Download Submit
C:\Windows\System\HojmeDv.exe

Filesize
1.1MB

MD5
973cb5cc920a18eeda955acd749cae7a

SHA1
d0707610ba95521e97dc7c595167ea99c5274705

SHA256
a3d00e59dfeb07b25bc25addfab17d7f5dce926e647648619368b1d9e099782e

SHA512
fd3a0723a424e2f9cd17936ff5753f9ed59ad342c57c8b473b996a948524832902921a0fbbefa1f06ca6b429eecdc91b3f20e83766bdd7083186542d7dd39f62

Download Submit
C:\Windows\System\JZVTMBy.exe

Filesize
1.1MB

MD5
c6e52f49ea033d63dccae88494a85ed2

SHA1
694510a76644a4a4a15aeb4312585b2ca8c27f9a

SHA256
1643b2de646b204aabdd4ee884a69bbcb4963dc5782e35b307ba1342ef5b288e

SHA512
12a9f7db3215b956ecea5fc6a4a252b0da55c18c6ef5b38cfd855008cb12e49fb56032c78b33bff939c4743e205b33e58473ab21786d844504d427fccff14990

Download Submit
C:\Windows\System\JZyLLnR.exe

Filesize
1.1MB

MD5
3ef3623a9f14c146d5cc7fca454f9354

SHA1
c1ecf5d25854d5cca286e80316f9873392c7f491

SHA256
bcc1f34ecdba1c339cfdf49afaac716bacf7db490cddeaed38713a01e15ac590

SHA512
461d9bdc14425aeaf24f2f0fff79e90270b720981b98e36ea5e1c72a28349777c8e1c6c4b87c3c1f7044b3901a22b67a44b6237a5a520144070e55425c2010d5

Download Submit
C:\Windows\System\Kkzaycp.exe

Filesize
1.1MB

MD5
b5d001da8e5cef9f5079da4683739c62

SHA1
e707bef721ef894dcf6c14fbe354dfa2aec50f28

SHA256
c11de356e0f4285df40d7510ced14287301722a064510ce97c4a2aa029932470

SHA512
ad5e81068c524995eaca7124bf55022b7e2f460a9b28ca3a79ff6f5e267d720832dadd11218595ce9894f333ff0fb76985138a324fc71411c32618fbfb49e93c

Download Submit
C:\Windows\System\KxuMrRV.exe

Filesize
1.1MB

MD5
cae8671baae1e4c8ad2fdd7948e91680

SHA1
4ec3a7773c1a782f9e176c85499aef20f955fd25

SHA256
42edc644881498d3b187b2996e7bf96de00defc99a587aa1d7ba40eddb5a55d6

SHA512
d53dc92be37ea60bdb0670d88ee66423caba097e75992ffb1f4f71afed2947dc286abadd795c9efa2161a5533fccab51a7ebfc7a7df5edda95b867a7a4a216ab

Download Submit
C:\Windows\System\MHPmanK.exe

Filesize
1.1MB

MD5
3f212cd60977e9fa9c5bc9c8a5af3702

SHA1
ecc6666eb4635a3c352c0dbf600be9c4d75a11b7

SHA256
10c65e08f4191fa0de4aa966dbb7b2b13d0644c2942a7163bfab5e9966425e4b

SHA512
180e4367ef751ebf0648504026f22532bb4ee3938e52e09055062e48ccd4e57e0d0ef9fc68b301444107d73f2e0f6a61a9fa4b5075d1411440e98e9f29172efc

Download Submit
C:\Windows\System\OAUsZMO.exe

Filesize
1.1MB

MD5
e52b7cc1982960341e4e40719904e684

SHA1
9f5276d5dea76c983c5d6e4ef1b85b7f91cf1557

SHA256
eca574930ae363acb944e13af72c5d4dd89988b675cd4178d018581fd04a82f3

SHA512
c393a66141ab4524f11b59f624af7105d3556fb8b77c8b298861cb2556e01977dc51f34bb0428ec69b1ef45ed9175cf5ac5296a7f36b52325eae4f2154a8a67b

Download Submit
C:\Windows\System\QQZECyb.exe

Filesize
1.1MB

MD5
96a330dd45ee35f7ab3692d4dee22ed1

SHA1
8c4c24131640092ebb9701f86f67ee12941fc9f8

SHA256
828d8ee4c4849758c8b51c8cb480121ff7b5d2a9a48a2924aedc6c19f6ab07a5

SHA512
bfdbf704adf46cb61c06e9e7a2d83c9b5cdbedb3308b01759d9e48db968501f217a16b80c91824960dce6e66a9eede754daa59dceaf4156d9e5848bf10509983

Download Submit
C:\Windows\System\QadKOao.exe

Filesize
1.1MB

MD5
9ee3f56745825433e8fe7c9bd18651cf

SHA1
0d6540d483bf2bf25ad4d8c8631d40ace67bf844

SHA256
974aa24b58e13b64a1161c79e568d6af6a3e4a5bbeaa20ed3fedcc1cd5fc79cd

SHA512
23c1630fd227d8ce7e878327a51b29d4a96e6e16bf7d51d0dd4496007ac36f59834f7f8a985aa9a2241a0d329d0eab95e11b1f652215b7abbee1b1451f92f0cb

Download Submit
C:\Windows\System\RLEGznk.exe

Filesize
1.1MB

MD5
033ca3877b0a7bb2cae26fded0de79b8

SHA1
8197d989ebfb8573198ae0ba2c94292d60d4e740

SHA256
4d7c82187b8fac618e0e251ea8157b7418fcefd6a6e3e673a06163c72e6e12c6

SHA512
752453d4354ba2b0b0d26348b77f806d56166b498fd42e74bb0135dbe074413b094f27a4a877e0a42fb40e2413cc5c658133c950fd8a00c6bc310387bb9f3647

Download Submit
C:\Windows\System\TVVRXxn.exe

Filesize
1.1MB

MD5
297d6124d6a0d5bae511cc74f6eb2022

SHA1
cb0cb71a29635ff3e5b03f2a93c2afe5b1a8df3d

SHA256
2e4e71974e068926ac21b9ba5a287c2d652669660fe61182582b8b3378a26ac1

SHA512
98bdea20a33905b3d3871fd4821e40fe514b385be7f40a47984c7f241713e58b2e5a69098192001606e39a1d8c992ee2afe60654a2ec356fda252adf574d76d8

Download Submit
C:\Windows\System\WaLDhFF.exe

Filesize
1.1MB

MD5
65e11c92acbae94dec5afab431066ee8

SHA1
3d1a228307c45968623f5b402f19fe330e636124

SHA256
cfacf37029d41ed031be2ffd3ee76a075913221f4123d4e587c3846061df94ff

SHA512
57f83d8a5fbdb5c2a84009b1fab639af2ef75fc6f7ab1ab3d27bea1a57854b14155d83f2387ad37f0c5af5a3150532468259371ada0f895ef378659f4d30e7c7

Download Submit
C:\Windows\System\WiEUgyS.exe

Filesize
1.1MB

MD5
66bedba8573e26a95c06cfa086b58a08

SHA1
6cacb79f5139443815197116df938f60f41546c2

SHA256
ee2d212078eff182ce44879ba57bddfeb66258b78997ff4af3f55eecadf2c75e

SHA512
50214f22acf834aa35e18e23c2251666e1626907d3033f2e038983025db83759313063c8680c3faff1a63f6d5bad7d74cf8baaf73b85f8f243882d7e98cb6c27

Download Submit
C:\Windows\System\ZQoRYJT.exe

Filesize
1.1MB

MD5
1f6d3232f192ad698244b4f7daf8ed08

SHA1
bfde2f550f82da400d0fd36c7ccfd61dd6d8408a

SHA256
ab307e4dd664d078242483c5e73184c716402a38032e1f26791640389bfc50e2

SHA512
cd3d78258076654c5ddcc7fc598bb862e06c064ea5f4be7efa407c59dbfc4e95c053299d4f61c35420680a5cbe07024b070da197a7cea3cbf5b411f4fcfb6dd0

Download Submit
C:\Windows\System\ceLgdVJ.exe

Filesize
1.1MB

MD5
be0d4867fcf6b37f71958a2d8825d7c7

SHA1
75c519f3ac34ee1736eb8e31c62a636e287da54f

SHA256
e36c448144e172418ddbcbf61e9d2e87ea1ead409339e1ef65200836ad71c90e

SHA512
eb63e37c22f8971105b50cc6bcceb033a44ac25f317a80e5ae8a3ceb5d955258e0b750882001086b9231f80e271fdeda40e863cb62ad73fe03cf81e56d8739db

Download Submit
C:\Windows\System\enDiiEI.exe

Filesize
1.1MB

MD5
3e910bcc4e1fca0e346b8a2ba725dd28

SHA1
3158a0047877937f09eecca38462da2c0f851a59

SHA256
d471c2e8df9ae9ed972981af7f4826a573805c56bd80c26e0cc9be40afb5f80b

SHA512
2af32309e9dd778325432b6fb8997ce539885a493c1eec27125a84146873d57e7692ee89fa5a04e4a71d37d063dca10c8cbdae2ef8a0c02098e0710590121552

Download Submit
C:\Windows\System\eofoqrm.exe

Filesize
1.1MB

MD5
5cc4edeecdcf79ef5030a9487cddedd9

SHA1
426de2973c63fb0b85825471c286bd1614ff8ed5

SHA256
2fb224f24716d5cf7c0f0e8aaac9b9be7812c826560f9e8f62a08b55559acfd0

SHA512
c85737d5435c36f2320d22e8ed18cbd9c4b41868ee848f9af7fe59df294702a9e3cbe47cc8af8b61c3f446ce63a44bb28275b406dfb01f93a16f5940d70d60c6

Download Submit
C:\Windows\System\hTimvdy.exe

Filesize
1.1MB

MD5
e43c8730a27fb5fe1882f2dbeddf3740

SHA1
64c06dbf260ae1e782d2702caa6a4d768686a611

SHA256
da2ecde3f4a874d06275b5585bb230cc4d0fc8b815c691277e0f6144ca3a228f

SHA512
3d6ec975d5361b16353c21d3bc46c53966e45a1a372a3284eda9ffb0d856b1b1b38a9bf96a8e836cd094604b3f7f6cbadf6b1370fb0f2280613e10775fdfd59a

Download Submit
C:\Windows\System\hbYzYCu.exe

Filesize
1.1MB

MD5
0c0c5f101c0b97e9ce7b585d186693e8

SHA1
63dac4106877701128c109cd163dfc1858b441cc

SHA256
6071aa7a0cc5dc8e4bfed8d388d0cc1cf844c7c494e4fc66d1ae207aa6804941

SHA512
f475bf4ee8a8578c0ea7fdd1146ff263061dfb90bd7497a118f3586e38971f8882179ede2250538c6f7a0d222615b313b0fe5afa4682dc24caa3c559c46314a4

Download Submit
C:\Windows\System\iAbRUHp.exe

Filesize
1.1MB

MD5
0fb60d2071a7cc3448f11e17552b8d8f

SHA1
0ec9d667845989b79298905cf27e701d9dd18f9d

SHA256
a34508921b0ec4b7efc97812bc9f885282f49a930a220765c5e0fcf59e9a6bbd

SHA512
486e3cd94690fa59becaaa5e3eb70af1182340d7a797d852b77eeaa63c17664b272fdca389c380b9f3f4c55221fa743756f279e16f7b5eb20b90a50c67d1e1a2

Download Submit
C:\Windows\System\iqQSfdv.exe

Filesize
1.1MB

MD5
572fecd9dbe4881a74a6cfb62fcf2055

SHA1
177002e9d73f840a9b12c38bd6d21d88ab16d314

SHA256
3a0fe5efbee3c5a18d454a389f58ab490fb5d57c9fec08390fb31f261a292314

SHA512
e86adc499b5077e39af01f057084a5a8237122e229b730687149de60b224bf3dccdb9344751aceea5f1a92e1b07efc69fd8077f3669a09011a3d95d8becb34e0

Download Submit
C:\Windows\System\jcwpCtb.exe

Filesize
1.1MB

MD5
0b6aa833be58616740d511bdad635eba

SHA1
41d6b945945cecd37cfada14df78c6d21c05e520

SHA256
6479cd5f667d6912fc1629bf068854cbb884231d38f440d50c9350f023bc0502

SHA512
a02fb68f841b732304997c2744488840b9519875896445aa712d70ce112a6da118aceab727811fa03d3e766e32ddb633659f983b3f851a07c0b68742608dfcd4

Download Submit
C:\Windows\System\kfkgDnA.exe

Filesize
1.1MB

MD5
c00e2621740ef884de93a6dc8ddc5351

SHA1
d003c05d6e16b9ee02c776fcf3a3f0627650245e

SHA256
9f4342f928ea7bca7e8728d04805831170032d8279d5b44fe47756f257e0debb

SHA512
efeab3a611dd18cc8ec541905ef5e50c91d8aa4590574f3f9a28958867a29aecf05fd012729a70787177106fb2592af83d0a5d30c585ae506df2c817fbf3c527

Download Submit
C:\Windows\System\nvtcjVR.exe

Filesize
1.1MB

MD5
346833564aba1b9ce30cbd357d805025

SHA1
e5e4e4554cebc2a3a2b5cdb24122990b1fdf2caa

SHA256
ee44c7fa29bf45f7569a4fbeda57cad3025e5bceba89a1b2d6f8fdd5a37a8a78

SHA512
8e5632bc9c08d9cd78857275aa2a310a09a0517c424a60c22a6749f7c6f2c680d83a90c36b0564e24c9276422a51b8ea819674833f5a4f14eada4acbc547ef7d

Download Submit
C:\Windows\System\oiLbxiQ.exe

Filesize
1.1MB

MD5
7b0557b23811e989699054fab043970e

SHA1
f2fe1fbeb038637045da228a6dadafa89bf5bdbb

SHA256
f8d6c3f8f524613f0a020db8b3272e6783eb5952252cfd397a289af835bc35bc

SHA512
46f212a11bd561123fb66b26bd7e41a6d47f07e8e0f8c510d3adc8ea90fb451e3974b10f0bf76a50bd958e2d1fe5b575c969b6fad81b94ce341d1070eb22e736

Download Submit
C:\Windows\System\pJDArcX.exe

Filesize
1.1MB

MD5
5c9705ed051e81beace71d26a0584bd2

SHA1
70c8278ddfe9e14bb82730451840b196fa06110c

SHA256
21630fa63ccd0a70e8d70475f3457a8fc8ec2a77ea10e06ad7eeab5c6093be79

SHA512
5bbc85affa7c8bbab8933e785e83b226a48a7de8bdffbfb7363ff55157c44054895428382f4b48ce9b30ba46af226571567ad82d1e38d172eac21afb460a14d4

Download Submit
C:\Windows\System\syFMoFP.exe

Filesize
1.1MB

MD5
5374d7bf1bf9750c23322b8d4f7e205e

SHA1
5c6cf724c4f3142e64e7c1ef2f7fbce474ba50bf

SHA256
ce0d858804ca9febb35f1c9141400bd156bf9e82ec2f193e1c81ca89f211b376

SHA512
2e53c95872977441708d5598623604872053bde230c364c5e7eb8aa2661b69e424e6f3092c0c5b31ca5f7a8fb20c96c4c4ab5c711056518503b1cd4228ba4ee3

Download Submit
C:\Windows\System\utTLiTU.exe

Filesize
1.1MB

MD5
7a0b238834619acd18b2773e76d3614d

SHA1
5e2a8500688ce1e00d472ec435f9a1707e01bd28

SHA256
6bf5252de2d30530465d787bb4ad84cb9f38be0e83d1bc6bb1ec6fb9b35719bb

SHA512
8615135b468c09909ba2fe3f1c45463f2467058ac4459fe1853c43575aecbce58ffe743ed86ca4834475e91a376a34eaa113f40d56d063e7a251c6a5d1ddaddb

Download Submit
C:\Windows\System\vMuqQpj.exe

Filesize
1.1MB

MD5
b85a5eea2db6767f896967510261355a

SHA1
a4ea6ed211848a7307878334ad11a309de31956d

SHA256
f113681c4dfb2f0882b54db86e2dacde38a2e4ea1a5280507d9fe1305819626b

SHA512
95242a9c5aba3fd56db713ac2e214307d74a3b3b66e9c6a076840ace6cc650625b6abd417ad45be6a95ba77c369748e2bacf992627af84e55bca9bd5bfec6401

Download Submit
C:\Windows\System\xodtBoL.exe

Filesize
1.1MB

MD5
fbc5d01f90ecd6286d21abec614e7930

SHA1
74ff620a951faa46688f5a661d23e825e707d013

SHA256
e20ff051d158a96fa8c58c56ed9283b8d7f1419377f08444831472f13eebd991

SHA512
5dedbaf3331cfc454156761eae327c01925941c0e4239d15120b6934abb3370b50ea950c3ef7fc3a170af4e30e83ca510c510873a5c7b36a173c051dc3d837e4

Download Submit
C:\Windows\System\xzNuFjs.exe

Filesize
1.1MB

MD5
f29a2a7091cef7ff5bcfeca4a0088566

SHA1
611c806b07fb497a929e541818db7c73b1dd3ad7

SHA256
a740e8cb72ebea4924fe21fac3f5c77fb4ea51ed81aa5467e753ff6c59f2e4eb

SHA512
cf20b8e070dbb9f98d1f523288da5ba5ff0e12ca05d17290312b1ef82c8fe93d1319fca685af854a96fe87c7f4e20cef39d43de3f7cdb2afb4e2791a68fb54a5

Download Submit
C:\Windows\System\yBYMpCg.exe

Filesize
1.1MB

MD5
84eef0d960a7af2c1eb5715730ffccea

SHA1
ab3a84a6d3c2ca6835deddd24738723cb64c8e20

SHA256
59ddbfc2795d7dc4a127eec9f8991f6f6d10e15c11104d8184f08b333d3cbe27

SHA512
2a722f683ee9fad0c4e51c9bfe1321fec647892b7ff93a78a66989c101d59b8e2cf7586bdd2ef244c7005f50b0308348c694ab00329339755d7ed369c2742ef2

Download Submit
C:\Windows\System\ysnfTJg.exe

Filesize
1.1MB

MD5
345d2d0c077806b5aecae5a0e593826c

SHA1
78b6363614e4cd018881a832719545f81271e3c8

SHA256
ff9e79a23c9ca7df3bf5134294aac097235c9c25b89db9c3bd8cb7e3128222c5

SHA512
9be57275668d79d5a5f1f3e3b12a5f730245a7113c35d425ca1fd484abf2be4acf988876228213b1e61672092eb58063abf03cf872fbc8222aa02ae8fb9d06cc

Download Submit
C:\Windows\System\ywMmiti.exe

Filesize
1.1MB

MD5
1808ddbf8c8ab5401d796c5cb395ab32

SHA1
4332bf462d4d4ca960c8114eb23d4a055ce6c277

SHA256
97b6bd229886906e6f891e738871eaa3ebc7a8d5ef41cb9779bf7f602438f497

SHA512
252073971f1d6586a90ab5847a34e3b8e6ff70b0444dcf0ea43dc5e9c20cba48b8d9fac112b3638f198a742922eda1486d135d64580eed936aa67700df2e6edf

Download Submit
memory/8-268-0x00007FF669010000-0x00007FF669402000-memory.dmp

Filesize
3.9MB

Download
memory/184-255-0x00007FF62D140000-0x00007FF62D532000-memory.dmp

Filesize
3.9MB

Download
memory/964-109-0x00007FF6B9120000-0x00007FF6B9512000-memory.dmp

Filesize
3.9MB

Download
memory/1480-260-0x00007FF7BC3C0000-0x00007FF7BC7B2000-memory.dmp

Filesize
3.9MB

Download
memory/2136-266-0x00007FF703CF0000-0x00007FF7040E2000-memory.dmp

Filesize
3.9MB

Download
memory/2296-4506-0x00007FF6D00E0000-0x00007FF6D04D2000-memory.dmp

Filesize
3.9MB

Download
memory/2296-12-0x00007FF6D00E0000-0x00007FF6D04D2000-memory.dmp

Filesize
3.9MB

Download
memory/2308-264-0x00007FF7C8AA0000-0x00007FF7C8E92000-memory.dmp

Filesize
3.9MB

Download
memory/2412-257-0x00007FF6DD6C0000-0x00007FF6DDAB2000-memory.dmp

Filesize
3.9MB

Download
memory/2560-253-0x00007FF77AB20000-0x00007FF77AF12000-memory.dmp

Filesize
3.9MB

Download
memory/2684-269-0x00007FF701790000-0x00007FF701B82000-memory.dmp

Filesize
3.9MB

Download
memory/2728-259-0x00007FF7C4B70000-0x00007FF7C4F62000-memory.dmp

Filesize
3.9MB

Download
memory/3180-256-0x00007FF706770000-0x00007FF706B62000-memory.dmp

Filesize
3.9MB

Download
memory/3240-265-0x00007FF79F580000-0x00007FF79F972000-memory.dmp

Filesize
3.9MB

Download
memory/3272-241-0x00007FF705C40000-0x00007FF706032000-memory.dmp

Filesize
3.9MB

Download
memory/3440-200-0x00000265FECB0000-0x00000265FECD2000-memory.dmp

Filesize
136KB

Download
memory/3440-2871-0x00007FFD2AFF0000-0x00007FFD2BAB1000-memory.dmp

Filesize
10.8MB

Download
memory/3440-267-0x00007FFD2AFF0000-0x00007FFD2BAB1000-memory.dmp

Filesize
10.8MB

Download
memory/3440-56-0x00007FFD2AFF0000-0x00007FFD2BAB1000-memory.dmp

Filesize
10.8MB

Download
memory/3440-13-0x00007FFD2AFF3000-0x00007FFD2AFF5000-memory.dmp

Filesize
8KB

Download
memory/3536-0-0x00007FF72BB60000-0x00007FF72BF52000-memory.dmp

Filesize
3.9MB

Download
memory/3536-4507-0x00007FF72BB60000-0x00007FF72BF52000-memory.dmp

Filesize
3.9MB

Download
memory/3536-1-0x0000020508E20000-0x0000020508E30000-memory.dmp

Filesize
64KB

Download
memory/3652-254-0x00007FF6876F0000-0x00007FF687AE2000-memory.dmp

Filesize
3.9MB

Download
memory/3796-252-0x00007FF765900000-0x00007FF765CF2000-memory.dmp

Filesize
3.9MB

Download
memory/4268-208-0x00007FF705320000-0x00007FF705712000-memory.dmp

Filesize
3.9MB

Download
memory/4536-261-0x00007FF7B9700000-0x00007FF7B9AF2000-memory.dmp

Filesize
3.9MB

Download
memory/4912-170-0x00007FF638390000-0x00007FF638782000-memory.dmp

Filesize
3.9MB

Download
memory/4968-262-0x00007FF6AFD60000-0x00007FF6B0152000-memory.dmp

Filesize
3.9MB

Download
memory/4984-206-0x00007FF691620000-0x00007FF691A12000-memory.dmp

Filesize
3.9MB

Download
memory/4988-258-0x00007FF687950000-0x00007FF687D42000-memory.dmp

Filesize
3.9MB

Download
memory/5044-263-0x00007FF667840000-0x00007FF667C32000-memory.dmp

Filesize
3.9MB

Download
memory/5064-251-0x00007FF66D6D0000-0x00007FF66DAC2000-memory.dmp

Filesize
3.9MB

Download