xmrig | 72d81d8d01d0cd457c50edb7a7d7af33757906db43466cb2a7fbf07d63534eaa

Analysis

max time kernel
120s
max time network
67s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/08/2024, 20:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0432713da125ee5c1daec3e993045780N.exe
Size

1.5MB
MD5

0432713da125ee5c1daec3e993045780
SHA1

9b0525ea9886ea46c866abe814596712bc38e2ca
SHA256

72d81d8d01d0cd457c50edb7a7d7af33757906db43466cb2a7fbf07d63534eaa
SHA512

c4efa6fe96a839242d400e77809910f2ac204d6476f7b83b81fd170ea77c0bd12d00775c99f40a6cfc44a1ff5be71d28acaa3dbb6276e1899260c483328240af
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82S0:NABp

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 25 IoCs

miner

resource	yara_rule
behavioral2/memory/3092-445-0x00007FF769F70000-0x00007FF76A362000-memory.dmp	xmrig
behavioral2/memory/4688-526-0x00007FF72E640000-0x00007FF72EA32000-memory.dmp	xmrig
behavioral2/memory/4336-530-0x00007FF6DA520000-0x00007FF6DA912000-memory.dmp	xmrig
behavioral2/memory/2312-529-0x00007FF734400000-0x00007FF7347F2000-memory.dmp	xmrig
behavioral2/memory/1032-528-0x00007FF6A5100000-0x00007FF6A54F2000-memory.dmp	xmrig
behavioral2/memory/952-527-0x00007FF71ADD0000-0x00007FF71B1C2000-memory.dmp	xmrig
behavioral2/memory/2372-525-0x00007FF69D960000-0x00007FF69DD52000-memory.dmp	xmrig
behavioral2/memory/1892-508-0x00007FF6CC730000-0x00007FF6CCB22000-memory.dmp	xmrig
behavioral2/memory/1660-369-0x00007FF61F8D0000-0x00007FF61FCC2000-memory.dmp	xmrig
behavioral2/memory/1972-368-0x00007FF6673D0000-0x00007FF6677C2000-memory.dmp	xmrig
behavioral2/memory/2916-347-0x00007FF722050000-0x00007FF722442000-memory.dmp	xmrig
behavioral2/memory/1180-346-0x00007FF676480000-0x00007FF676872000-memory.dmp	xmrig
behavioral2/memory/2568-306-0x00007FF6FC240000-0x00007FF6FC632000-memory.dmp	xmrig
behavioral2/memory/4480-243-0x00007FF68F2A0000-0x00007FF68F692000-memory.dmp	xmrig
behavioral2/memory/4904-241-0x00007FF7EB770000-0x00007FF7EBB62000-memory.dmp	xmrig
behavioral2/memory/2348-226-0x00007FF6C6810000-0x00007FF6C6C02000-memory.dmp	xmrig
behavioral2/memory/3176-221-0x00007FF6A7740000-0x00007FF6A7B32000-memory.dmp	xmrig
behavioral2/memory/3592-4128-0x00007FF6316E0000-0x00007FF631AD2000-memory.dmp	xmrig
behavioral2/memory/2592-4120-0x00007FF7C6850000-0x00007FF7C6C42000-memory.dmp	xmrig
behavioral2/memory/1104-4397-0x00007FF73BF50000-0x00007FF73C342000-memory.dmp	xmrig
behavioral2/memory/1508-4398-0x00007FF6A9FD0000-0x00007FF6AA3C2000-memory.dmp	xmrig
behavioral2/memory/2616-4118-0x00007FF6A1D90000-0x00007FF6A2182000-memory.dmp	xmrig
behavioral2/memory/2084-3873-0x00007FF78F770000-0x00007FF78FB62000-memory.dmp	xmrig
behavioral2/memory/4932-3880-0x00007FF72A4F0000-0x00007FF72A8E2000-memory.dmp	xmrig
behavioral2/memory/3060-3872-0x00007FF7F5420000-0x00007FF7F5812000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
3	216	powershell.exe
5	216	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
216	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
3060	LhImQEY.exe
2372	CKGykbV.exe
1508	lMCCUjb.exe
4688	RafxmXR.exe
1104	AqOvlrI.exe
2592	PgCRleH.exe
952	BqDnoRO.exe
4932	SKaXdZg.exe
1032	zyMRjQZ.exe
3592	DZvBlDz.exe
2312	sNGGwQP.exe
2616	rjtYRYb.exe
3176	hOMlfzX.exe
2348	mZccCtF.exe
4904	rpDjtTT.exe
4336	DRgbwHD.exe
4480	xxZkzMN.exe
2568	AbWOEOI.exe
1180	XFZGQqT.exe
2916	BQNZzHU.exe
1972	WAGkXmI.exe
1660	HrDbrOL.exe
3092	DAOTSAL.exe
1892	RIFBpBs.exe
3324	GSglXXA.exe
2496	vxdmbmQ.exe
2576	drYsiKU.exe
1600	pOFhaWW.exe
1184	jCFodCW.exe
2552	WXVWSkl.exe
1684	cwkgcmt.exe
2000	VhsHDXC.exe
908	cPTZZbs.exe
5096	eWrNvCV.exe
2684	QyBvNwX.exe
1448	dpFunYf.exe
536	JggSrxc.exe
632	fKlXPHW.exe
5088	cIHUAvy.exe
1896	ZYeCPBB.exe
4108	EVFzspU.exe
4840	fkjOrdH.exe
2712	aoHHTPJ.exe
4584	jbzVjbs.exe
3268	ckwJuBE.exe
4256	IuMkdcV.exe
4140	bqUJMkC.exe
3056	KzKCdad.exe
2240	MSjMnaR.exe
1296	vSmbHxC.exe
712	TZIOoUJ.exe
2316	pZNqSsZ.exe
3032	QPSVcRd.exe
1708	gseGHGt.exe
1464	UYqDhjH.exe
5140	TRtqscH.exe
5156	PQzoGgm.exe
5172	lYLiILc.exe
5188	RxYqmOf.exe
5204	wnVRqhA.exe
5228	kKEfHSp.exe
5260	fRKfSLH.exe
5276	bUvXFYN.exe
5296	nIRuoPe.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2084-0-0x00007FF78F770000-0x00007FF78FB62000-memory.dmp	upx
behavioral2/files/0x0007000000023624-15.dat	upx
behavioral2/files/0x0007000000023626-30.dat	upx
behavioral2/files/0x000700000002363b-165.dat	upx
behavioral2/memory/3092-445-0x00007FF769F70000-0x00007FF76A362000-memory.dmp	upx
behavioral2/memory/4688-526-0x00007FF72E640000-0x00007FF72EA32000-memory.dmp	upx
behavioral2/memory/4336-530-0x00007FF6DA520000-0x00007FF6DA912000-memory.dmp	upx
behavioral2/memory/2312-529-0x00007FF734400000-0x00007FF7347F2000-memory.dmp	upx
behavioral2/memory/1032-528-0x00007FF6A5100000-0x00007FF6A54F2000-memory.dmp	upx
behavioral2/memory/952-527-0x00007FF71ADD0000-0x00007FF71B1C2000-memory.dmp	upx
behavioral2/memory/2372-525-0x00007FF69D960000-0x00007FF69DD52000-memory.dmp	upx
behavioral2/memory/1892-508-0x00007FF6CC730000-0x00007FF6CCB22000-memory.dmp	upx
behavioral2/memory/1660-369-0x00007FF61F8D0000-0x00007FF61FCC2000-memory.dmp	upx
behavioral2/memory/1972-368-0x00007FF6673D0000-0x00007FF6677C2000-memory.dmp	upx
behavioral2/memory/2916-347-0x00007FF722050000-0x00007FF722442000-memory.dmp	upx
behavioral2/memory/1180-346-0x00007FF676480000-0x00007FF676872000-memory.dmp	upx
behavioral2/memory/2568-306-0x00007FF6FC240000-0x00007FF6FC632000-memory.dmp	upx
behavioral2/memory/4480-243-0x00007FF68F2A0000-0x00007FF68F692000-memory.dmp	upx
behavioral2/memory/4904-241-0x00007FF7EB770000-0x00007FF7EBB62000-memory.dmp	upx
behavioral2/memory/2348-226-0x00007FF6C6810000-0x00007FF6C6C02000-memory.dmp	upx
behavioral2/memory/3176-221-0x00007FF6A7740000-0x00007FF6A7B32000-memory.dmp	upx
behavioral2/files/0x0007000000023648-203.dat	upx
behavioral2/files/0x0007000000023647-202.dat	upx
behavioral2/files/0x0007000000023637-199.dat	upx
behavioral2/files/0x0007000000023636-197.dat	upx
behavioral2/files/0x0007000000023646-196.dat	upx
behavioral2/files/0x0007000000023645-195.dat	upx
behavioral2/files/0x0007000000023644-194.dat	upx
behavioral2/files/0x0007000000023643-193.dat	upx
behavioral2/files/0x0007000000023634-178.dat	upx
behavioral2/files/0x000700000002362d-175.dat	upx
behavioral2/files/0x0007000000023642-171.dat	upx
behavioral2/files/0x0007000000023633-162.dat	upx
behavioral2/files/0x0007000000023632-161.dat	upx
behavioral2/files/0x0007000000023631-157.dat	upx
behavioral2/files/0x0007000000023630-155.dat	upx
behavioral2/files/0x0007000000023641-154.dat	upx
behavioral2/files/0x0007000000023640-153.dat	upx
behavioral2/files/0x000700000002363f-152.dat	upx
behavioral2/files/0x000700000002363e-151.dat	upx
behavioral2/files/0x000700000002362b-144.dat	upx
behavioral2/files/0x000700000002362f-139.dat	upx
behavioral2/files/0x000700000002363d-138.dat	upx
behavioral2/files/0x0007000000023635-187.dat	upx
behavioral2/memory/2616-123-0x00007FF6A1D90000-0x00007FF6A2182000-memory.dmp	upx
behavioral2/files/0x000700000002362c-119.dat	upx
behavioral2/files/0x000700000002363a-114.dat	upx
behavioral2/files/0x0007000000023639-112.dat	upx
behavioral2/files/0x000700000002362e-126.dat	upx
behavioral2/files/0x000700000002363c-125.dat	upx
behavioral2/files/0x0007000000023629-95.dat	upx
behavioral2/memory/3592-89-0x00007FF6316E0000-0x00007FF631AD2000-memory.dmp	upx
behavioral2/memory/4932-86-0x00007FF72A4F0000-0x00007FF72A8E2000-memory.dmp	upx
behavioral2/files/0x0007000000023638-109.dat	upx
behavioral2/files/0x0007000000023628-76.dat	upx
behavioral2/files/0x000700000002362a-104.dat	upx
behavioral2/files/0x0007000000023627-69.dat	upx
behavioral2/files/0x0007000000023625-47.dat	upx
behavioral2/memory/2592-54-0x00007FF7C6850000-0x00007FF7C6C42000-memory.dmp	upx
behavioral2/memory/1104-37-0x00007FF73BF50000-0x00007FF73C342000-memory.dmp	upx
behavioral2/files/0x0007000000023623-39.dat	upx
behavioral2/files/0x000900000002361c-25.dat	upx
behavioral2/files/0x0008000000023622-20.dat	upx
behavioral2/memory/1508-19-0x00007FF6A9FD0000-0x00007FF6AA3C2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\gPXJhZT.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\jrhgcDj.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\wUeHbCN.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\bNJmclY.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\giLeqQJ.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\emBYrQU.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\lvjfkMZ.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\GkJAjzl.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\iemwhyK.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\bYEyGhl.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\iDtuSfg.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\adqjYCO.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\zPBkulS.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\sgQRSBL.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\ucihBNL.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\NOyMlhH.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\LPngpWb.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\pyRQwVH.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\CvjcJRF.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\gdaeEOJ.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\hFmuXJJ.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\PhUWADf.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\NYDxigb.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\mycJTYF.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\wIcWxOT.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\fVyFcBJ.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\zOQssqE.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\FJVnFYU.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\ZUsdcLo.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\qfawJOr.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\AVUwtAc.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\KUfyqwI.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\MROpFHe.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\MCGWvBd.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\AeegRga.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\JfPjNgP.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\rhhlbXf.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\kEeTDmu.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\yssAutB.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\jOkvXkb.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\PoOWtVe.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\EXPmgGB.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\mvqQkeW.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\GFdkwoI.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\qGhijxU.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\ToGibtC.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\BKHFZwS.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\slFchEE.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\OpIQWGM.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\mGHaoli.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\UYcuGqi.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\lvWAaPD.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\oXjctET.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\uKakiAk.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\pmWDFhw.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\goLqMFr.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\FircZlB.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\hmXKDVr.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\SSVZnEH.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\HOHNOQM.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\fCmsacw.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\oohNtYE.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\ZuwjSgd.exe	0432713da125ee5c1daec3e993045780N.exe
File created	C:\Windows\System\wajLzIC.exe	0432713da125ee5c1daec3e993045780N.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
216	powershell.exe
216	powershell.exe
216	powershell.exe
216	powershell.exe

Suspicious behavior: LoadsDriver 64 IoCs

pid	Process
12948	Process not Found
11840	Process not Found
10132	Process not Found
2032	Process not Found
3516	Process not Found
12904	Process not Found
12464	Process not Found
12064	Process not Found
12812	Process not Found
11632	Process not Found
13144	Process not Found
12624	Process not Found
12800	Process not Found
756	Process not Found
2580	Process not Found
2952	Process not Found
4808	Process not Found
3648	Process not Found
2372	Process not Found
2348	Process not Found
1684	Process not Found
2684	Process not Found
4108	Process not Found
5088	Process not Found
2712	Process not Found
2240	Process not Found
3600	Process not Found
4428	Process not Found
5208	Process not Found
5552	Process not Found
5524	Process not Found
5660	Process not Found
5924	Process not Found
5948	Process not Found
6028	Process not Found
6104	Process not Found
6208	Process not Found
6420	Process not Found
6568	Process not Found
6668	Process not Found
7008	Process not Found
6520	Process not Found
5496	Process not Found
6084	Process not Found
7316	Process not Found
8072	Process not Found
8668	Process not Found
8432	Process not Found
8604	Process not Found
8836	Process not Found
9020	Process not Found
9172	Process not Found
9044	Process not Found
9068	Process not Found
9108	Process not Found
13648	Process not Found
1192	Process not Found
6684	Process not Found
6680	Process not Found
9076	Process not Found
6264	Process not Found
4736	Process not Found
880	Process not Found
6748	Process not Found

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2084	0432713da125ee5c1daec3e993045780N.exe
Token: SeLockMemoryPrivilege	2084	0432713da125ee5c1daec3e993045780N.exe
Token: SeDebugPrivilege	216	powershell.exe
Token: SeCreateGlobalPrivilege	14004	dwm.exe
Token: SeChangeNotifyPrivilege	14004	dwm.exe
Token: 33	14004	dwm.exe
Token: SeIncBasePriorityPrivilege	14004	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 216	2084	0432713da125ee5c1daec3e993045780N.exe	91
PID 2084 wrote to memory of 216	2084	0432713da125ee5c1daec3e993045780N.exe	91
PID 2084 wrote to memory of 3060	2084	0432713da125ee5c1daec3e993045780N.exe	92
PID 2084 wrote to memory of 3060	2084	0432713da125ee5c1daec3e993045780N.exe	92
PID 2084 wrote to memory of 2372	2084	0432713da125ee5c1daec3e993045780N.exe	93
PID 2084 wrote to memory of 2372	2084	0432713da125ee5c1daec3e993045780N.exe	93
PID 2084 wrote to memory of 1104	2084	0432713da125ee5c1daec3e993045780N.exe	94
PID 2084 wrote to memory of 1104	2084	0432713da125ee5c1daec3e993045780N.exe	94
PID 2084 wrote to memory of 1508	2084	0432713da125ee5c1daec3e993045780N.exe	95
PID 2084 wrote to memory of 1508	2084	0432713da125ee5c1daec3e993045780N.exe	95
PID 2084 wrote to memory of 4688	2084	0432713da125ee5c1daec3e993045780N.exe	96
PID 2084 wrote to memory of 4688	2084	0432713da125ee5c1daec3e993045780N.exe	96
PID 2084 wrote to memory of 2592	2084	0432713da125ee5c1daec3e993045780N.exe	97
PID 2084 wrote to memory of 2592	2084	0432713da125ee5c1daec3e993045780N.exe	97
PID 2084 wrote to memory of 952	2084	0432713da125ee5c1daec3e993045780N.exe	98
PID 2084 wrote to memory of 952	2084	0432713da125ee5c1daec3e993045780N.exe	98
PID 2084 wrote to memory of 4932	2084	0432713da125ee5c1daec3e993045780N.exe	99
PID 2084 wrote to memory of 4932	2084	0432713da125ee5c1daec3e993045780N.exe	99
PID 2084 wrote to memory of 1032	2084	0432713da125ee5c1daec3e993045780N.exe	100
PID 2084 wrote to memory of 1032	2084	0432713da125ee5c1daec3e993045780N.exe	100
PID 2084 wrote to memory of 3592	2084	0432713da125ee5c1daec3e993045780N.exe	101
PID 2084 wrote to memory of 3592	2084	0432713da125ee5c1daec3e993045780N.exe	101
PID 2084 wrote to memory of 4904	2084	0432713da125ee5c1daec3e993045780N.exe	102
PID 2084 wrote to memory of 4904	2084	0432713da125ee5c1daec3e993045780N.exe	102
PID 2084 wrote to memory of 2312	2084	0432713da125ee5c1daec3e993045780N.exe	103
PID 2084 wrote to memory of 2312	2084	0432713da125ee5c1daec3e993045780N.exe	103
PID 2084 wrote to memory of 2616	2084	0432713da125ee5c1daec3e993045780N.exe	104
PID 2084 wrote to memory of 2616	2084	0432713da125ee5c1daec3e993045780N.exe	104
PID 2084 wrote to memory of 3176	2084	0432713da125ee5c1daec3e993045780N.exe	105
PID 2084 wrote to memory of 3176	2084	0432713da125ee5c1daec3e993045780N.exe	105
PID 2084 wrote to memory of 2348	2084	0432713da125ee5c1daec3e993045780N.exe	106
PID 2084 wrote to memory of 2348	2084	0432713da125ee5c1daec3e993045780N.exe	106
PID 2084 wrote to memory of 4336	2084	0432713da125ee5c1daec3e993045780N.exe	107
PID 2084 wrote to memory of 4336	2084	0432713da125ee5c1daec3e993045780N.exe	107
PID 2084 wrote to memory of 4480	2084	0432713da125ee5c1daec3e993045780N.exe	108
PID 2084 wrote to memory of 4480	2084	0432713da125ee5c1daec3e993045780N.exe	108
PID 2084 wrote to memory of 2568	2084	0432713da125ee5c1daec3e993045780N.exe	109
PID 2084 wrote to memory of 2568	2084	0432713da125ee5c1daec3e993045780N.exe	109
PID 2084 wrote to memory of 1180	2084	0432713da125ee5c1daec3e993045780N.exe	110
PID 2084 wrote to memory of 1180	2084	0432713da125ee5c1daec3e993045780N.exe	110
PID 2084 wrote to memory of 2916	2084	0432713da125ee5c1daec3e993045780N.exe	111
PID 2084 wrote to memory of 2916	2084	0432713da125ee5c1daec3e993045780N.exe	111
PID 2084 wrote to memory of 1972	2084	0432713da125ee5c1daec3e993045780N.exe	112
PID 2084 wrote to memory of 1972	2084	0432713da125ee5c1daec3e993045780N.exe	112
PID 2084 wrote to memory of 1660	2084	0432713da125ee5c1daec3e993045780N.exe	113
PID 2084 wrote to memory of 1660	2084	0432713da125ee5c1daec3e993045780N.exe	113
PID 2084 wrote to memory of 3092	2084	0432713da125ee5c1daec3e993045780N.exe	114
PID 2084 wrote to memory of 3092	2084	0432713da125ee5c1daec3e993045780N.exe	114
PID 2084 wrote to memory of 1892	2084	0432713da125ee5c1daec3e993045780N.exe	115
PID 2084 wrote to memory of 1892	2084	0432713da125ee5c1daec3e993045780N.exe	115
PID 2084 wrote to memory of 3324	2084	0432713da125ee5c1daec3e993045780N.exe	116
PID 2084 wrote to memory of 3324	2084	0432713da125ee5c1daec3e993045780N.exe	116
PID 2084 wrote to memory of 2496	2084	0432713da125ee5c1daec3e993045780N.exe	117
PID 2084 wrote to memory of 2496	2084	0432713da125ee5c1daec3e993045780N.exe	117
PID 2084 wrote to memory of 2576	2084	0432713da125ee5c1daec3e993045780N.exe	118
PID 2084 wrote to memory of 2576	2084	0432713da125ee5c1daec3e993045780N.exe	118
PID 2084 wrote to memory of 1600	2084	0432713da125ee5c1daec3e993045780N.exe	119
PID 2084 wrote to memory of 1600	2084	0432713da125ee5c1daec3e993045780N.exe	119
PID 2084 wrote to memory of 1184	2084	0432713da125ee5c1daec3e993045780N.exe	120
PID 2084 wrote to memory of 1184	2084	0432713da125ee5c1daec3e993045780N.exe	120
PID 2084 wrote to memory of 2552	2084	0432713da125ee5c1daec3e993045780N.exe	121
PID 2084 wrote to memory of 2552	2084	0432713da125ee5c1daec3e993045780N.exe	121
PID 2084 wrote to memory of 1684	2084	0432713da125ee5c1daec3e993045780N.exe	122
PID 2084 wrote to memory of 1684	2084	0432713da125ee5c1daec3e993045780N.exe	122

C:\Users\Admin\AppData\Local\Temp\0432713da125ee5c1daec3e993045780N.exe
"C:\Users\Admin\AppData\Local\Temp\0432713da125ee5c1daec3e993045780N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:216
- C:\Windows\System\LhImQEY.exe
  C:\Windows\System\LhImQEY.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\CKGykbV.exe
  C:\Windows\System\CKGykbV.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\AqOvlrI.exe
  C:\Windows\System\AqOvlrI.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\lMCCUjb.exe
  C:\Windows\System\lMCCUjb.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\RafxmXR.exe
  C:\Windows\System\RafxmXR.exe
  2⤵
  - Executes dropped EXE
  PID:4688
- C:\Windows\System\PgCRleH.exe
  C:\Windows\System\PgCRleH.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\BqDnoRO.exe
  C:\Windows\System\BqDnoRO.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\SKaXdZg.exe
  C:\Windows\System\SKaXdZg.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System\zyMRjQZ.exe
  C:\Windows\System\zyMRjQZ.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\DZvBlDz.exe
  C:\Windows\System\DZvBlDz.exe
  2⤵
  - Executes dropped EXE
  PID:3592
- C:\Windows\System\rpDjtTT.exe
  C:\Windows\System\rpDjtTT.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\sNGGwQP.exe
  C:\Windows\System\sNGGwQP.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\rjtYRYb.exe
  C:\Windows\System\rjtYRYb.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\hOMlfzX.exe
  C:\Windows\System\hOMlfzX.exe
  2⤵
  - Executes dropped EXE
  PID:3176
- C:\Windows\System\mZccCtF.exe
  C:\Windows\System\mZccCtF.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\DRgbwHD.exe
  C:\Windows\System\DRgbwHD.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\xxZkzMN.exe
  C:\Windows\System\xxZkzMN.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\AbWOEOI.exe
  C:\Windows\System\AbWOEOI.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\XFZGQqT.exe
  C:\Windows\System\XFZGQqT.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\BQNZzHU.exe
  C:\Windows\System\BQNZzHU.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\WAGkXmI.exe
  C:\Windows\System\WAGkXmI.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\HrDbrOL.exe
  C:\Windows\System\HrDbrOL.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\DAOTSAL.exe
  C:\Windows\System\DAOTSAL.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System\RIFBpBs.exe
  C:\Windows\System\RIFBpBs.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\GSglXXA.exe
  C:\Windows\System\GSglXXA.exe
  2⤵
  - Executes dropped EXE
  PID:3324
- C:\Windows\System\vxdmbmQ.exe
  C:\Windows\System\vxdmbmQ.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\drYsiKU.exe
  C:\Windows\System\drYsiKU.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\pOFhaWW.exe
  C:\Windows\System\pOFhaWW.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\jCFodCW.exe
  C:\Windows\System\jCFodCW.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\WXVWSkl.exe
  C:\Windows\System\WXVWSkl.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\cwkgcmt.exe
  C:\Windows\System\cwkgcmt.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\VhsHDXC.exe
  C:\Windows\System\VhsHDXC.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\cPTZZbs.exe
  C:\Windows\System\cPTZZbs.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\eWrNvCV.exe
  C:\Windows\System\eWrNvCV.exe
  2⤵
  - Executes dropped EXE
  PID:5096
- C:\Windows\System\QyBvNwX.exe
  C:\Windows\System\QyBvNwX.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\dpFunYf.exe
  C:\Windows\System\dpFunYf.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\JggSrxc.exe
  C:\Windows\System\JggSrxc.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\fKlXPHW.exe
  C:\Windows\System\fKlXPHW.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\cIHUAvy.exe
  C:\Windows\System\cIHUAvy.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\ZYeCPBB.exe
  C:\Windows\System\ZYeCPBB.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\EVFzspU.exe
  C:\Windows\System\EVFzspU.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System\fkjOrdH.exe
  C:\Windows\System\fkjOrdH.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\aoHHTPJ.exe
  C:\Windows\System\aoHHTPJ.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\jbzVjbs.exe
  C:\Windows\System\jbzVjbs.exe
  2⤵
  - Executes dropped EXE
  PID:4584
- C:\Windows\System\ckwJuBE.exe
  C:\Windows\System\ckwJuBE.exe
  2⤵
  - Executes dropped EXE
  PID:3268
- C:\Windows\System\IuMkdcV.exe
  C:\Windows\System\IuMkdcV.exe
  2⤵
  - Executes dropped EXE
  PID:4256
- C:\Windows\System\bqUJMkC.exe
  C:\Windows\System\bqUJMkC.exe
  2⤵
  - Executes dropped EXE
  PID:4140
- C:\Windows\System\KzKCdad.exe
  C:\Windows\System\KzKCdad.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\MSjMnaR.exe
  C:\Windows\System\MSjMnaR.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\vSmbHxC.exe
  C:\Windows\System\vSmbHxC.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\TZIOoUJ.exe
  C:\Windows\System\TZIOoUJ.exe
  2⤵
  - Executes dropped EXE
  PID:712
- C:\Windows\System\pZNqSsZ.exe
  C:\Windows\System\pZNqSsZ.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\QPSVcRd.exe
  C:\Windows\System\QPSVcRd.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\gseGHGt.exe
  C:\Windows\System\gseGHGt.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\UYqDhjH.exe
  C:\Windows\System\UYqDhjH.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\TRtqscH.exe
  C:\Windows\System\TRtqscH.exe
  2⤵
  - Executes dropped EXE
  PID:5140
- C:\Windows\System\PQzoGgm.exe
  C:\Windows\System\PQzoGgm.exe
  2⤵
  - Executes dropped EXE
  PID:5156
- C:\Windows\System\lYLiILc.exe
  C:\Windows\System\lYLiILc.exe
  2⤵
  - Executes dropped EXE
  PID:5172
- C:\Windows\System\RxYqmOf.exe
  C:\Windows\System\RxYqmOf.exe
  2⤵
  - Executes dropped EXE
  PID:5188
- C:\Windows\System\wnVRqhA.exe
  C:\Windows\System\wnVRqhA.exe
  2⤵
  - Executes dropped EXE
  PID:5204
- C:\Windows\System\kKEfHSp.exe
  C:\Windows\System\kKEfHSp.exe
  2⤵
  - Executes dropped EXE
  PID:5228
- C:\Windows\System\fRKfSLH.exe
  C:\Windows\System\fRKfSLH.exe
  2⤵
  - Executes dropped EXE
  PID:5260
- C:\Windows\System\bUvXFYN.exe
  C:\Windows\System\bUvXFYN.exe
  2⤵
  - Executes dropped EXE
  PID:5276
- C:\Windows\System\nIRuoPe.exe
  C:\Windows\System\nIRuoPe.exe
  2⤵
  - Executes dropped EXE
  PID:5296
- C:\Windows\System\qHyudQn.exe
  C:\Windows\System\qHyudQn.exe
  2⤵
  PID:5316
- C:\Windows\System\NZgigtn.exe
  C:\Windows\System\NZgigtn.exe
  2⤵
  PID:5380
- C:\Windows\System\fIDGNdb.exe
  C:\Windows\System\fIDGNdb.exe
  2⤵
  PID:5424
- C:\Windows\System\CNRbWJe.exe
  C:\Windows\System\CNRbWJe.exe
  2⤵
  PID:5448
- C:\Windows\System\XFLXQRT.exe
  C:\Windows\System\XFLXQRT.exe
  2⤵
  PID:5464
- C:\Windows\System\HzsHjPV.exe
  C:\Windows\System\HzsHjPV.exe
  2⤵
  PID:5488
- C:\Windows\System\qrWWvDw.exe
  C:\Windows\System\qrWWvDw.exe
  2⤵
  PID:5504
- C:\Windows\System\IXsIFyx.exe
  C:\Windows\System\IXsIFyx.exe
  2⤵
  PID:5524
- C:\Windows\System\aHnfKrs.exe
  C:\Windows\System\aHnfKrs.exe
  2⤵
  PID:5552
- C:\Windows\System\IXARUrl.exe
  C:\Windows\System\IXARUrl.exe
  2⤵
  PID:5584
- C:\Windows\System\nggMcNE.exe
  C:\Windows\System\nggMcNE.exe
  2⤵
  PID:5616
- C:\Windows\System\pOduzpu.exe
  C:\Windows\System\pOduzpu.exe
  2⤵
  PID:5640
- C:\Windows\System\YhjLVOn.exe
  C:\Windows\System\YhjLVOn.exe
  2⤵
  PID:5660
- C:\Windows\System\YSqgydX.exe
  C:\Windows\System\YSqgydX.exe
  2⤵
  PID:5696
- C:\Windows\System\KjTfocV.exe
  C:\Windows\System\KjTfocV.exe
  2⤵
  PID:5720
- C:\Windows\System\REBAMGG.exe
  C:\Windows\System\REBAMGG.exe
  2⤵
  PID:5736
- C:\Windows\System\STRbfFh.exe
  C:\Windows\System\STRbfFh.exe
  2⤵
  PID:5752
- C:\Windows\System\DOMNOFR.exe
  C:\Windows\System\DOMNOFR.exe
  2⤵
  PID:5768
- C:\Windows\System\QKlaUCq.exe
  C:\Windows\System\QKlaUCq.exe
  2⤵
  PID:5784
- C:\Windows\System\WDoKSmi.exe
  C:\Windows\System\WDoKSmi.exe
  2⤵
  PID:5800
- C:\Windows\System\LCqgfkJ.exe
  C:\Windows\System\LCqgfkJ.exe
  2⤵
  PID:5824
- C:\Windows\System\sVTYYis.exe
  C:\Windows\System\sVTYYis.exe
  2⤵
  PID:5844
- C:\Windows\System\naAOhTP.exe
  C:\Windows\System\naAOhTP.exe
  2⤵
  PID:5888
- C:\Windows\System\QNAtIyN.exe
  C:\Windows\System\QNAtIyN.exe
  2⤵
  PID:5908
- C:\Windows\System\EnuvPbV.exe
  C:\Windows\System\EnuvPbV.exe
  2⤵
  PID:5924
- C:\Windows\System\VskfyEZ.exe
  C:\Windows\System\VskfyEZ.exe
  2⤵
  PID:5948
- C:\Windows\System\uGJAEqh.exe
  C:\Windows\System\uGJAEqh.exe
  2⤵
  PID:5976
- C:\Windows\System\pkOdGMG.exe
  C:\Windows\System\pkOdGMG.exe
  2⤵
  PID:6000
- C:\Windows\System\xUsKkAx.exe
  C:\Windows\System\xUsKkAx.exe
  2⤵
  PID:6028
- C:\Windows\System\vgSZFgD.exe
  C:\Windows\System\vgSZFgD.exe
  2⤵
  PID:6044
- C:\Windows\System\SysCOpt.exe
  C:\Windows\System\SysCOpt.exe
  2⤵
  PID:6060
- C:\Windows\System\moMGVBG.exe
  C:\Windows\System\moMGVBG.exe
  2⤵
  PID:6088
- C:\Windows\System\MCrRQdy.exe
  C:\Windows\System\MCrRQdy.exe
  2⤵
  PID:6104
- C:\Windows\System\PngFyvP.exe
  C:\Windows\System\PngFyvP.exe
  2⤵
  PID:1220
- C:\Windows\System\ZGgDARl.exe
  C:\Windows\System\ZGgDARl.exe
  2⤵
  PID:2808
- C:\Windows\System\AXxKzYx.exe
  C:\Windows\System\AXxKzYx.exe
  2⤵
  PID:888
- C:\Windows\System\enZOzQA.exe
  C:\Windows\System\enZOzQA.exe
  2⤵
  PID:4496
- C:\Windows\System\rKtsaJi.exe
  C:\Windows\System\rKtsaJi.exe
  2⤵
  PID:928
- C:\Windows\System\IMqszVA.exe
  C:\Windows\System\IMqszVA.exe
  2⤵
  PID:2152
- C:\Windows\System\BHMjbgu.exe
  C:\Windows\System\BHMjbgu.exe
  2⤵
  PID:1664
- C:\Windows\System\GkDWzol.exe
  C:\Windows\System\GkDWzol.exe
  2⤵
  PID:4720
- C:\Windows\System\RGmgfSO.exe
  C:\Windows\System\RGmgfSO.exe
  2⤵
  PID:1520
- C:\Windows\System\GGsqWmc.exe
  C:\Windows\System\GGsqWmc.exe
  2⤵
  PID:5460
- C:\Windows\System\fDOrptL.exe
  C:\Windows\System\fDOrptL.exe
  2⤵
  PID:2664
- C:\Windows\System\QUpgeig.exe
  C:\Windows\System\QUpgeig.exe
  2⤵
  PID:1500
- C:\Windows\System\qaVQbum.exe
  C:\Windows\System\qaVQbum.exe
  2⤵
  PID:1088
- C:\Windows\System\sRokBUI.exe
  C:\Windows\System\sRokBUI.exe
  2⤵
  PID:5164
- C:\Windows\System\cavNvWN.exe
  C:\Windows\System\cavNvWN.exe
  2⤵
  PID:6192
- C:\Windows\System\CcZqNAT.exe
  C:\Windows\System\CcZqNAT.exe
  2⤵
  PID:6208
- C:\Windows\System\hnHaRGT.exe
  C:\Windows\System\hnHaRGT.exe
  2⤵
  PID:6232
- C:\Windows\System\mjGKAns.exe
  C:\Windows\System\mjGKAns.exe
  2⤵
  PID:6248
- C:\Windows\System\GlxmDlB.exe
  C:\Windows\System\GlxmDlB.exe
  2⤵
  PID:6272
- C:\Windows\System\ZESvdjr.exe
  C:\Windows\System\ZESvdjr.exe
  2⤵
  PID:6288
- C:\Windows\System\HznWTIR.exe
  C:\Windows\System\HznWTIR.exe
  2⤵
  PID:6312
- C:\Windows\System\zhUIlSv.exe
  C:\Windows\System\zhUIlSv.exe
  2⤵
  PID:6356
- C:\Windows\System\LsOaSUg.exe
  C:\Windows\System\LsOaSUg.exe
  2⤵
  PID:6380
- C:\Windows\System\AUELaYP.exe
  C:\Windows\System\AUELaYP.exe
  2⤵
  PID:6396
- C:\Windows\System\DnLpEeP.exe
  C:\Windows\System\DnLpEeP.exe
  2⤵
  PID:6420
- C:\Windows\System\WoTRduy.exe
  C:\Windows\System\WoTRduy.exe
  2⤵
  PID:6444
- C:\Windows\System\TAePZMs.exe
  C:\Windows\System\TAePZMs.exe
  2⤵
  PID:6460
- C:\Windows\System\TaZxxXY.exe
  C:\Windows\System\TaZxxXY.exe
  2⤵
  PID:6484
- C:\Windows\System\LginuqZ.exe
  C:\Windows\System\LginuqZ.exe
  2⤵
  PID:6500
- C:\Windows\System\uWpAudQ.exe
  C:\Windows\System\uWpAudQ.exe
  2⤵
  PID:6524
- C:\Windows\System\IqVvzGY.exe
  C:\Windows\System\IqVvzGY.exe
  2⤵
  PID:6540
- C:\Windows\System\HncpVAA.exe
  C:\Windows\System\HncpVAA.exe
  2⤵
  PID:6568
- C:\Windows\System\ZUnXCMl.exe
  C:\Windows\System\ZUnXCMl.exe
  2⤵
  PID:6584
- C:\Windows\System\yWtpsVV.exe
  C:\Windows\System\yWtpsVV.exe
  2⤵
  PID:6608
- C:\Windows\System\qkfmLOe.exe
  C:\Windows\System\qkfmLOe.exe
  2⤵
  PID:6624
- C:\Windows\System\QrhWlhN.exe
  C:\Windows\System\QrhWlhN.exe
  2⤵
  PID:6648
- C:\Windows\System\UQGUxXr.exe
  C:\Windows\System\UQGUxXr.exe
  2⤵
  PID:6664
- C:\Windows\System\WXVkaZb.exe
  C:\Windows\System\WXVkaZb.exe
  2⤵
  PID:6688
- C:\Windows\System\TUsWckP.exe
  C:\Windows\System\TUsWckP.exe
  2⤵
  PID:6704
- C:\Windows\System\sFdwMlB.exe
  C:\Windows\System\sFdwMlB.exe
  2⤵
  PID:6728
- C:\Windows\System\pNDCxah.exe
  C:\Windows\System\pNDCxah.exe
  2⤵
  PID:6760
- C:\Windows\System\XeeNRZd.exe
  C:\Windows\System\XeeNRZd.exe
  2⤵
  PID:6872
- C:\Windows\System\hRDdiCC.exe
  C:\Windows\System\hRDdiCC.exe
  2⤵
  PID:6920
- C:\Windows\System\mGHaoli.exe
  C:\Windows\System\mGHaoli.exe
  2⤵
  PID:6940
- C:\Windows\System\CovCkfJ.exe
  C:\Windows\System\CovCkfJ.exe
  2⤵
  PID:6964
- C:\Windows\System\UfYtzGq.exe
  C:\Windows\System\UfYtzGq.exe
  2⤵
  PID:6980
- C:\Windows\System\ngOuLWL.exe
  C:\Windows\System\ngOuLWL.exe
  2⤵
  PID:7004
- C:\Windows\System\sCUwIwe.exe
  C:\Windows\System\sCUwIwe.exe
  2⤵
  PID:7020
- C:\Windows\System\btbkfwp.exe
  C:\Windows\System\btbkfwp.exe
  2⤵
  PID:7044
- C:\Windows\System\pqFiDoh.exe
  C:\Windows\System\pqFiDoh.exe
  2⤵
  PID:7072
- C:\Windows\System\FrNGWJB.exe
  C:\Windows\System\FrNGWJB.exe
  2⤵
  PID:7096
- C:\Windows\System\vDflmzQ.exe
  C:\Windows\System\vDflmzQ.exe
  2⤵
  PID:7116
- C:\Windows\System\bFfjmjX.exe
  C:\Windows\System\bFfjmjX.exe
  2⤵
  PID:7136
- C:\Windows\System\NOyMlhH.exe
  C:\Windows\System\NOyMlhH.exe
  2⤵
  PID:7156
- C:\Windows\System\ymwuBFE.exe
  C:\Windows\System\ymwuBFE.exe
  2⤵
  PID:5500
- C:\Windows\System\YiufPzP.exe
  C:\Windows\System\YiufPzP.exe
  2⤵
  PID:5536
- C:\Windows\System\jjwYGzN.exe
  C:\Windows\System\jjwYGzN.exe
  2⤵
  PID:5572
- C:\Windows\System\XikaFDl.exe
  C:\Windows\System\XikaFDl.exe
  2⤵
  PID:5628
- C:\Windows\System\TbzLtbz.exe
  C:\Windows\System\TbzLtbz.exe
  2⤵
  PID:5656
- C:\Windows\System\zNcwRQD.exe
  C:\Windows\System\zNcwRQD.exe
  2⤵
  PID:5692
- C:\Windows\System\DmSOpfK.exe
  C:\Windows\System\DmSOpfK.exe
  2⤵
  PID:5732
- C:\Windows\System\OpLvlrS.exe
  C:\Windows\System\OpLvlrS.exe
  2⤵
  PID:5764
- C:\Windows\System\jmsVOVi.exe
  C:\Windows\System\jmsVOVi.exe
  2⤵
  PID:5796
- C:\Windows\System\SHimarq.exe
  C:\Windows\System\SHimarq.exe
  2⤵
  PID:5820
- C:\Windows\System\lMByTJc.exe
  C:\Windows\System\lMByTJc.exe
  2⤵
  PID:5856
- C:\Windows\System\WaxShsr.exe
  C:\Windows\System\WaxShsr.exe
  2⤵
  PID:5900
- C:\Windows\System\YPNEKyM.exe
  C:\Windows\System\YPNEKyM.exe
  2⤵
  PID:5940
- C:\Windows\System\YhrbRBz.exe
  C:\Windows\System\YhrbRBz.exe
  2⤵
  PID:5992
- C:\Windows\System\CAcMCgg.exe
  C:\Windows\System\CAcMCgg.exe
  2⤵
  PID:6068
- C:\Windows\System\DewIyns.exe
  C:\Windows\System\DewIyns.exe
  2⤵
  PID:6116
- C:\Windows\System\SmuNsln.exe
  C:\Windows\System\SmuNsln.exe
  2⤵
  PID:4916
- C:\Windows\System\DpVEubC.exe
  C:\Windows\System\DpVEubC.exe
  2⤵
  PID:6388
- C:\Windows\System\yHFHVmo.exe
  C:\Windows\System\yHFHVmo.exe
  2⤵
  PID:1160
- C:\Windows\System\aIytoWy.exe
  C:\Windows\System\aIytoWy.exe
  2⤵
  PID:4072
- C:\Windows\System\axMjgGD.exe
  C:\Windows\System\axMjgGD.exe
  2⤵
  PID:5020
- C:\Windows\System\fDcTfov.exe
  C:\Windows\System\fDcTfov.exe
  2⤵
  PID:4924
- C:\Windows\System\CHaTeEc.exe
  C:\Windows\System\CHaTeEc.exe
  2⤵
  PID:3376
- C:\Windows\System\ravVqtQ.exe
  C:\Windows\System\ravVqtQ.exe
  2⤵
  PID:6532
- C:\Windows\System\axVZbXw.exe
  C:\Windows\System\axVZbXw.exe
  2⤵
  PID:6640
- C:\Windows\System\ZgCegSH.exe
  C:\Windows\System\ZgCegSH.exe
  2⤵
  PID:5372
- C:\Windows\System\aPNuMEP.exe
  C:\Windows\System\aPNuMEP.exe
  2⤵
  PID:6148
- C:\Windows\System\NNxfuvu.exe
  C:\Windows\System\NNxfuvu.exe
  2⤵
  PID:6180
- C:\Windows\System\WawmlyW.exe
  C:\Windows\System\WawmlyW.exe
  2⤵
  PID:6216
- C:\Windows\System\pSzCdPs.exe
  C:\Windows\System\pSzCdPs.exe
  2⤵
  PID:6244
- C:\Windows\System\HQAQvWT.exe
  C:\Windows\System\HQAQvWT.exe
  2⤵
  PID:6280
- C:\Windows\System\FHSnddz.exe
  C:\Windows\System\FHSnddz.exe
  2⤵
  PID:6308
- C:\Windows\System\ordnOlv.exe
  C:\Windows\System\ordnOlv.exe
  2⤵
  PID:6348
- C:\Windows\System\btEYSje.exe
  C:\Windows\System\btEYSje.exe
  2⤵
  PID:6404
- C:\Windows\System\KxfsSvN.exe
  C:\Windows\System\KxfsSvN.exe
  2⤵
  PID:6456
- C:\Windows\System\LfiNXMw.exe
  C:\Windows\System\LfiNXMw.exe
  2⤵
  PID:6508
- C:\Windows\System\oezihJy.exe
  C:\Windows\System\oezihJy.exe
  2⤵
  PID:6452
- C:\Windows\System\LhscBNJ.exe
  C:\Windows\System\LhscBNJ.exe
  2⤵
  PID:6548
- C:\Windows\System\OGeqpBd.exe
  C:\Windows\System\OGeqpBd.exe
  2⤵
  PID:6632
- C:\Windows\System\bOWgXJA.exe
  C:\Windows\System\bOWgXJA.exe
  2⤵
  PID:6736
- C:\Windows\System\ZQKRNTB.exe
  C:\Windows\System\ZQKRNTB.exe
  2⤵
  PID:5496
- C:\Windows\System\SEsCmEW.exe
  C:\Windows\System\SEsCmEW.exe
  2⤵
  PID:5684
- C:\Windows\System\sWfIiFd.exe
  C:\Windows\System\sWfIiFd.exe
  2⤵
  PID:5708
- C:\Windows\System\tcRJsaK.exe
  C:\Windows\System\tcRJsaK.exe
  2⤵
  PID:5876
- C:\Windows\System\HFwAduc.exe
  C:\Windows\System\HFwAduc.exe
  2⤵
  PID:5932
- C:\Windows\System\eZPBgWF.exe
  C:\Windows\System\eZPBgWF.exe
  2⤵
  PID:6040
- C:\Windows\System\ImXnDDj.exe
  C:\Windows\System\ImXnDDj.exe
  2⤵
  PID:6052
- C:\Windows\System\IjHcdeH.exe
  C:\Windows\System\IjHcdeH.exe
  2⤵
  PID:7172
- C:\Windows\System\ehpoAcj.exe
  C:\Windows\System\ehpoAcj.exe
  2⤵
  PID:7192
- C:\Windows\System\PFifHUj.exe
  C:\Windows\System\PFifHUj.exe
  2⤵
  PID:7208
- C:\Windows\System\rCbYgmh.exe
  C:\Windows\System\rCbYgmh.exe
  2⤵
  PID:7224
- C:\Windows\System\nglPwGl.exe
  C:\Windows\System\nglPwGl.exe
  2⤵
  PID:7248
- C:\Windows\System\muoOtnv.exe
  C:\Windows\System\muoOtnv.exe
  2⤵
  PID:7264
- C:\Windows\System\UPoeAWd.exe
  C:\Windows\System\UPoeAWd.exe
  2⤵
  PID:7288
- C:\Windows\System\BILeTJn.exe
  C:\Windows\System\BILeTJn.exe
  2⤵
  PID:7312
- C:\Windows\System\pQJVSkU.exe
  C:\Windows\System\pQJVSkU.exe
  2⤵
  PID:7332
- C:\Windows\System\VjEENoo.exe
  C:\Windows\System\VjEENoo.exe
  2⤵
  PID:7352
- C:\Windows\System\dHqkdYJ.exe
  C:\Windows\System\dHqkdYJ.exe
  2⤵
  PID:7752
- C:\Windows\System\nfMNZWs.exe
  C:\Windows\System\nfMNZWs.exe
  2⤵
  PID:7768
- C:\Windows\System\qtDbccT.exe
  C:\Windows\System\qtDbccT.exe
  2⤵
  PID:7788
- C:\Windows\System\epmptkx.exe
  C:\Windows\System\epmptkx.exe
  2⤵
  PID:7804
- C:\Windows\System\vYAOqXS.exe
  C:\Windows\System\vYAOqXS.exe
  2⤵
  PID:7824
- C:\Windows\System\lPdJIuH.exe
  C:\Windows\System\lPdJIuH.exe
  2⤵
  PID:7840
- C:\Windows\System\yTrotcY.exe
  C:\Windows\System\yTrotcY.exe
  2⤵
  PID:7856
- C:\Windows\System\VrRrcpP.exe
  C:\Windows\System\VrRrcpP.exe
  2⤵
  PID:7872
- C:\Windows\System\WKCayae.exe
  C:\Windows\System\WKCayae.exe
  2⤵
  PID:7888
- C:\Windows\System\epRNhZJ.exe
  C:\Windows\System\epRNhZJ.exe
  2⤵
  PID:7908
- C:\Windows\System\oUVwnyt.exe
  C:\Windows\System\oUVwnyt.exe
  2⤵
  PID:7980
- C:\Windows\System\fRoAxkO.exe
  C:\Windows\System\fRoAxkO.exe
  2⤵
  PID:8044
- C:\Windows\System\cylfEVg.exe
  C:\Windows\System\cylfEVg.exe
  2⤵
  PID:8068
- C:\Windows\System\ZOZqMFi.exe
  C:\Windows\System\ZOZqMFi.exe
  2⤵
  PID:8084
- C:\Windows\System\gdaeEOJ.exe
  C:\Windows\System\gdaeEOJ.exe
  2⤵
  PID:8108
- C:\Windows\System\UMuigvs.exe
  C:\Windows\System\UMuigvs.exe
  2⤵
  PID:8124
- C:\Windows\System\mlUvWsW.exe
  C:\Windows\System\mlUvWsW.exe
  2⤵
  PID:8144
- C:\Windows\System\TIojHlg.exe
  C:\Windows\System\TIojHlg.exe
  2⤵
  PID:8164
- C:\Windows\System\XZbLNXb.exe
  C:\Windows\System\XZbLNXb.exe
  2⤵
  PID:8180
- C:\Windows\System\jlkGqto.exe
  C:\Windows\System\jlkGqto.exe
  2⤵
  PID:6832
- C:\Windows\System\BrWINfR.exe
  C:\Windows\System\BrWINfR.exe
  2⤵
  PID:6988
- C:\Windows\System\HzenulO.exe
  C:\Windows\System\HzenulO.exe
  2⤵
  PID:6100
- C:\Windows\System\IWyhZYZ.exe
  C:\Windows\System\IWyhZYZ.exe
  2⤵
  PID:8200
- C:\Windows\System\vJGkcwy.exe
  C:\Windows\System\vJGkcwy.exe
  2⤵
  PID:8216
- C:\Windows\System\ZcxEMFk.exe
  C:\Windows\System\ZcxEMFk.exe
  2⤵
  PID:8428
- C:\Windows\System\kAGvJaN.exe
  C:\Windows\System\kAGvJaN.exe
  2⤵
  PID:8444
- C:\Windows\System\aSypApQ.exe
  C:\Windows\System\aSypApQ.exe
  2⤵
  PID:8584
- C:\Windows\System\uEAyPiB.exe
  C:\Windows\System\uEAyPiB.exe
  2⤵
  PID:8600
- C:\Windows\System\vKTMLTU.exe
  C:\Windows\System\vKTMLTU.exe
  2⤵
  PID:8624
- C:\Windows\System\ttaIEGb.exe
  C:\Windows\System\ttaIEGb.exe
  2⤵
  PID:8640
- C:\Windows\System\JYJVDJt.exe
  C:\Windows\System\JYJVDJt.exe
  2⤵
  PID:8664
- C:\Windows\System\wIcWxOT.exe
  C:\Windows\System\wIcWxOT.exe
  2⤵
  PID:8688
- C:\Windows\System\vGVdjrM.exe
  C:\Windows\System\vGVdjrM.exe
  2⤵
  PID:8704
- C:\Windows\System\AwEzSAa.exe
  C:\Windows\System\AwEzSAa.exe
  2⤵
  PID:8728
- C:\Windows\System\MWqkaGT.exe
  C:\Windows\System\MWqkaGT.exe
  2⤵
  PID:8756
- C:\Windows\System\plPkXHZ.exe
  C:\Windows\System\plPkXHZ.exe
  2⤵
  PID:8772
- C:\Windows\System\CqWWiAY.exe
  C:\Windows\System\CqWWiAY.exe
  2⤵
  PID:8792
- C:\Windows\System\lyddXsF.exe
  C:\Windows\System\lyddXsF.exe
  2⤵
  PID:8812
- C:\Windows\System\MnqYZfi.exe
  C:\Windows\System\MnqYZfi.exe
  2⤵
  PID:8832
- C:\Windows\System\xilBcoO.exe
  C:\Windows\System\xilBcoO.exe
  2⤵
  PID:8856
- C:\Windows\System\JcUNdaF.exe
  C:\Windows\System\JcUNdaF.exe
  2⤵
  PID:8876
- C:\Windows\System\gLBchZu.exe
  C:\Windows\System\gLBchZu.exe
  2⤵
  PID:8892
- C:\Windows\System\pqfpCAR.exe
  C:\Windows\System\pqfpCAR.exe
  2⤵
  PID:8912
- C:\Windows\System\TqGBRTl.exe
  C:\Windows\System\TqGBRTl.exe
  2⤵
  PID:8932
- C:\Windows\System\HEUbPhG.exe
  C:\Windows\System\HEUbPhG.exe
  2⤵
  PID:8952
- C:\Windows\System\jxpPpDF.exe
  C:\Windows\System\jxpPpDF.exe
  2⤵
  PID:8976
- C:\Windows\System\ureOotl.exe
  C:\Windows\System\ureOotl.exe
  2⤵
  PID:8992
- C:\Windows\System\qmgkcRR.exe
  C:\Windows\System\qmgkcRR.exe
  2⤵
  PID:9016
- C:\Windows\System\zzcCIjN.exe
  C:\Windows\System\zzcCIjN.exe
  2⤵
  PID:9040
- C:\Windows\System\swwhwkx.exe
  C:\Windows\System\swwhwkx.exe
  2⤵
  PID:9064
- C:\Windows\System\kRlGzxS.exe
  C:\Windows\System\kRlGzxS.exe
  2⤵
  PID:9080
- C:\Windows\System\HTcxOyf.exe
  C:\Windows\System\HTcxOyf.exe
  2⤵
  PID:9104
- C:\Windows\System\jjfoOVZ.exe
  C:\Windows\System\jjfoOVZ.exe
  2⤵
  PID:9120
- C:\Windows\System\umDdQOM.exe
  C:\Windows\System\umDdQOM.exe
  2⤵
  PID:9144
- C:\Windows\System\UyovAkI.exe
  C:\Windows\System\UyovAkI.exe
  2⤵
  PID:9168
- C:\Windows\System\FGwbTJO.exe
  C:\Windows\System\FGwbTJO.exe
  2⤵
  PID:9196
- C:\Windows\System\xuuxqda.exe
  C:\Windows\System\xuuxqda.exe
  2⤵
  PID:9212
- C:\Windows\System\kHcOVbw.exe
  C:\Windows\System\kHcOVbw.exe
  2⤵
  PID:4996
- C:\Windows\System\beRVRCH.exe
  C:\Windows\System\beRVRCH.exe
  2⤵
  PID:3360
- C:\Windows\System\yElCAgB.exe
  C:\Windows\System\yElCAgB.exe
  2⤵
  PID:5288
- C:\Windows\System\uoCDHQa.exe
  C:\Windows\System\uoCDHQa.exe
  2⤵
  PID:6680
- C:\Windows\System\iVDFmiH.exe
  C:\Windows\System\iVDFmiH.exe
  2⤵
  PID:6324
- C:\Windows\System\vDNhpmb.exe
  C:\Windows\System\vDNhpmb.exe
  2⤵
  PID:8456
- C:\Windows\System\TREnkAM.exe
  C:\Windows\System\TREnkAM.exe
  2⤵
  PID:9012
- C:\Windows\System\jlDKfvk.exe
  C:\Windows\System\jlDKfvk.exe
  2⤵
  PID:9048
- C:\Windows\System\HVNJepv.exe
  C:\Windows\System\HVNJepv.exe
  2⤵
  PID:9076
- C:\Windows\System\noqtvhM.exe
  C:\Windows\System\noqtvhM.exe
  2⤵
  PID:9116
- C:\Windows\System\CJauRmS.exe
  C:\Windows\System\CJauRmS.exe
  2⤵
  PID:9152
- C:\Windows\System\YUDUtOk.exe
  C:\Windows\System\YUDUtOk.exe
  2⤵
  PID:9192
- C:\Windows\System\YSfZCqd.exe
  C:\Windows\System\YSfZCqd.exe
  2⤵
  PID:5308
- C:\Windows\System\IWfDaGv.exe
  C:\Windows\System\IWfDaGv.exe
  2⤵
  PID:2124
- C:\Windows\System\MDgdVbd.exe
  C:\Windows\System\MDgdVbd.exe
  2⤵
  PID:6228
- C:\Windows\System\ewlQSJf.exe
  C:\Windows\System\ewlQSJf.exe
  2⤵
  PID:6432
- C:\Windows\System\NuMEeYX.exe
  C:\Windows\System\NuMEeYX.exe
  2⤵
  PID:3716
- C:\Windows\System\VfmOQzD.exe
  C:\Windows\System\VfmOQzD.exe
  2⤵
  PID:7836
- C:\Windows\System\BrrgpiV.exe
  C:\Windows\System\BrrgpiV.exe
  2⤵
  PID:8360
- C:\Windows\System\uvHDNbc.exe
  C:\Windows\System\uvHDNbc.exe
  2⤵
  PID:8400
- C:\Windows\System\BEoAkzH.exe
  C:\Windows\System\BEoAkzH.exe
  2⤵
  PID:8424
- C:\Windows\System\cQbcfPQ.exe
  C:\Windows\System\cQbcfPQ.exe
  2⤵
  PID:8516
- C:\Windows\System\umlzZqS.exe
  C:\Windows\System\umlzZqS.exe
  2⤵
  PID:2260
- C:\Windows\System\QpNOxlM.exe
  C:\Windows\System\QpNOxlM.exe
  2⤵
  PID:8616
- C:\Windows\System\oAUOkOM.exe
  C:\Windows\System\oAUOkOM.exe
  2⤵
  PID:8656
- C:\Windows\System\sczIyZP.exe
  C:\Windows\System\sczIyZP.exe
  2⤵
  PID:8676
- C:\Windows\System\EIlFGTN.exe
  C:\Windows\System\EIlFGTN.exe
  2⤵
  PID:8724
- C:\Windows\System\rYWKPey.exe
  C:\Windows\System\rYWKPey.exe
  2⤵
  PID:8768
- C:\Windows\System\WLQYWTa.exe
  C:\Windows\System\WLQYWTa.exe
  2⤵
  PID:8800
- C:\Windows\System\nrTaYZb.exe
  C:\Windows\System\nrTaYZb.exe
  2⤵
  PID:8828
- C:\Windows\System\kTjHZgR.exe
  C:\Windows\System\kTjHZgR.exe
  2⤵
  PID:8864
- C:\Windows\System\Gglwjyo.exe
  C:\Windows\System\Gglwjyo.exe
  2⤵
  PID:8888
- C:\Windows\System\NlPIAZl.exe
  C:\Windows\System\NlPIAZl.exe
  2⤵
  PID:2928
- C:\Windows\System\GDqmaxg.exe
  C:\Windows\System\GDqmaxg.exe
  2⤵
  PID:3992
- C:\Windows\System\NVQAmns.exe
  C:\Windows\System\NVQAmns.exe
  2⤵
  PID:2252
- C:\Windows\System\rVIgogx.exe
  C:\Windows\System\rVIgogx.exe
  2⤵
  PID:4348
- C:\Windows\System\dBdprPM.exe
  C:\Windows\System\dBdprPM.exe
  2⤵
  PID:4716
- C:\Windows\System\cDfkgMS.exe
  C:\Windows\System\cDfkgMS.exe
  2⤵
  PID:3364
- C:\Windows\System\rPUzdDU.exe
  C:\Windows\System\rPUzdDU.exe
  2⤵
  PID:3528
- C:\Windows\System\LFsDDIW.exe
  C:\Windows\System\LFsDDIW.exe
  2⤵
  PID:3380
- C:\Windows\System\KPsMuqU.exe
  C:\Windows\System\KPsMuqU.exe
  2⤵
  PID:4224
- C:\Windows\System\XLTWEmU.exe
  C:\Windows\System\XLTWEmU.exe
  2⤵
  PID:4832
- C:\Windows\System\tOFMAeY.exe
  C:\Windows\System\tOFMAeY.exe
  2⤵
  PID:1944
- C:\Windows\System\DXxKWQv.exe
  C:\Windows\System\DXxKWQv.exe
  2⤵
  PID:1884
- C:\Windows\System\aOgtTdp.exe
  C:\Windows\System\aOgtTdp.exe
  2⤵
  PID:5436
- C:\Windows\System\iFhIOhN.exe
  C:\Windows\System\iFhIOhN.exe
  2⤵
  PID:4312
- C:\Windows\System\SAKswZr.exe
  C:\Windows\System\SAKswZr.exe
  2⤵
  PID:5916
- C:\Windows\System\YtSbtte.exe
  C:\Windows\System\YtSbtte.exe
  2⤵
  PID:1388
- C:\Windows\System\zwIsPBe.exe
  C:\Windows\System\zwIsPBe.exe
  2⤵
  PID:9000
- C:\Windows\System\GIJKseF.exe
  C:\Windows\System\GIJKseF.exe
  2⤵
  PID:9032
- C:\Windows\System\ZUVKBYF.exe
  C:\Windows\System\ZUVKBYF.exe
  2⤵
  PID:9176
- C:\Windows\System\LbEXXDh.exe
  C:\Windows\System\LbEXXDh.exe
  2⤵
  PID:6296
- C:\Windows\System\aFyTxdD.exe
  C:\Windows\System\aFyTxdD.exe
  2⤵
  PID:3888
- C:\Windows\System\bKJfdsv.exe
  C:\Windows\System\bKJfdsv.exe
  2⤵
  PID:4476
- C:\Windows\System\vnUXehM.exe
  C:\Windows\System\vnUXehM.exe
  2⤵
  PID:8532
- C:\Windows\System\KceABSu.exe
  C:\Windows\System\KceABSu.exe
  2⤵
  PID:7852
- C:\Windows\System\UWnwZQw.exe
  C:\Windows\System\UWnwZQw.exe
  2⤵
  PID:8784
- C:\Windows\System\PmnjElC.exe
  C:\Windows\System\PmnjElC.exe
  2⤵
  PID:7548
- C:\Windows\System\hrMwAav.exe
  C:\Windows\System\hrMwAav.exe
  2⤵
  PID:8872
- C:\Windows\System\hgHpJWc.exe
  C:\Windows\System\hgHpJWc.exe
  2⤵
  PID:4804
- C:\Windows\System\mPaJDyi.exe
  C:\Windows\System\mPaJDyi.exe
  2⤵
  PID:8648
- C:\Windows\System\SSVZnEH.exe
  C:\Windows\System\SSVZnEH.exe
  2⤵
  PID:8764
- C:\Windows\System\EKvzgUs.exe
  C:\Windows\System\EKvzgUs.exe
  2⤵
  PID:9224
- C:\Windows\System\pZOVdnu.exe
  C:\Windows\System\pZOVdnu.exe
  2⤵
  PID:9244
- C:\Windows\System\abbgpOy.exe
  C:\Windows\System\abbgpOy.exe
  2⤵
  PID:9264
- C:\Windows\System\cbyAIrl.exe
  C:\Windows\System\cbyAIrl.exe
  2⤵
  PID:9280
- C:\Windows\System\EYkRbUF.exe
  C:\Windows\System\EYkRbUF.exe
  2⤵
  PID:9308
- C:\Windows\System\cRRwogS.exe
  C:\Windows\System\cRRwogS.exe
  2⤵
  PID:9324
- C:\Windows\System\WsmDVrM.exe
  C:\Windows\System\WsmDVrM.exe
  2⤵
  PID:9348
- C:\Windows\System\kowygXL.exe
  C:\Windows\System\kowygXL.exe
  2⤵
  PID:9368
- C:\Windows\System\WAhexOj.exe
  C:\Windows\System\WAhexOj.exe
  2⤵
  PID:9388
- C:\Windows\System\sdQrIlM.exe
  C:\Windows\System\sdQrIlM.exe
  2⤵
  PID:9408
- C:\Windows\System\zXIzNhk.exe
  C:\Windows\System\zXIzNhk.exe
  2⤵
  PID:9432
- C:\Windows\System\gPqokQk.exe
  C:\Windows\System\gPqokQk.exe
  2⤵
  PID:9456
- C:\Windows\System\bnOmtAU.exe
  C:\Windows\System\bnOmtAU.exe
  2⤵
  PID:9472
- C:\Windows\System\xtHruCw.exe
  C:\Windows\System\xtHruCw.exe
  2⤵
  PID:9492
- C:\Windows\System\yDYRMdv.exe
  C:\Windows\System\yDYRMdv.exe
  2⤵
  PID:9508
- C:\Windows\System\lvWAaPD.exe
  C:\Windows\System\lvWAaPD.exe
  2⤵
  PID:9532
- C:\Windows\System\LPngpWb.exe
  C:\Windows\System\LPngpWb.exe
  2⤵
  PID:9548
- C:\Windows\System\hnHgyfw.exe
  C:\Windows\System\hnHgyfw.exe
  2⤵
  PID:9568
- C:\Windows\System\jgXqRoV.exe
  C:\Windows\System\jgXqRoV.exe
  2⤵
  PID:9588
- C:\Windows\System\LNkurRR.exe
  C:\Windows\System\LNkurRR.exe
  2⤵
  PID:9608
- C:\Windows\System\OMlLGXC.exe
  C:\Windows\System\OMlLGXC.exe
  2⤵
  PID:9628
- C:\Windows\System\oXjctET.exe
  C:\Windows\System\oXjctET.exe
  2⤵
  PID:9644
- C:\Windows\System\DPJeENF.exe
  C:\Windows\System\DPJeENF.exe
  2⤵
  PID:9668
- C:\Windows\System\OIYAGIF.exe
  C:\Windows\System\OIYAGIF.exe
  2⤵
  PID:9684
- C:\Windows\System\jrhgcDj.exe
  C:\Windows\System\jrhgcDj.exe
  2⤵
  PID:9712
- C:\Windows\System\pyRQwVH.exe
  C:\Windows\System\pyRQwVH.exe
  2⤵
  PID:9732
- C:\Windows\System\yvhMzVm.exe
  C:\Windows\System\yvhMzVm.exe
  2⤵
  PID:9748
- C:\Windows\System\lvvVqYG.exe
  C:\Windows\System\lvvVqYG.exe
  2⤵
  PID:9768
- C:\Windows\System\DpKkKNA.exe
  C:\Windows\System\DpKkKNA.exe
  2⤵
  PID:9796
- C:\Windows\System\xtfRjQe.exe
  C:\Windows\System\xtfRjQe.exe
  2⤵
  PID:9812
- C:\Windows\System\PGowWMK.exe
  C:\Windows\System\PGowWMK.exe
  2⤵
  PID:9832
- C:\Windows\System\UmCNMte.exe
  C:\Windows\System\UmCNMte.exe
  2⤵
  PID:9852
- C:\Windows\System\JtpfRCv.exe
  C:\Windows\System\JtpfRCv.exe
  2⤵
  PID:9876
- C:\Windows\System\NaMZWAM.exe
  C:\Windows\System\NaMZWAM.exe
  2⤵
  PID:9892
- C:\Windows\System\nRmRUJF.exe
  C:\Windows\System\nRmRUJF.exe
  2⤵
  PID:9916
- C:\Windows\System\PoosrXc.exe
  C:\Windows\System\PoosrXc.exe
  2⤵
  PID:9936
- C:\Windows\System\qEIcprQ.exe
  C:\Windows\System\qEIcprQ.exe
  2⤵
  PID:9956
- C:\Windows\System\bnpyczd.exe
  C:\Windows\System\bnpyczd.exe
  2⤵
  PID:9976
- C:\Windows\System\wDYEiXN.exe
  C:\Windows\System\wDYEiXN.exe
  2⤵
  PID:9996
- C:\Windows\System\ORfRNTp.exe
  C:\Windows\System\ORfRNTp.exe
  2⤵
  PID:10016
- C:\Windows\System\BNFZQNR.exe
  C:\Windows\System\BNFZQNR.exe
  2⤵
  PID:10036
- C:\Windows\System\MuWHecB.exe
  C:\Windows\System\MuWHecB.exe
  2⤵
  PID:10060
- C:\Windows\System\sfBqMKN.exe
  C:\Windows\System\sfBqMKN.exe
  2⤵
  PID:10076
- C:\Windows\System\qcmVojw.exe
  C:\Windows\System\qcmVojw.exe
  2⤵
  PID:10096
- C:\Windows\System\zYxDWqt.exe
  C:\Windows\System\zYxDWqt.exe
  2⤵
  PID:10116
- C:\Windows\System\XnNnAwt.exe
  C:\Windows\System\XnNnAwt.exe
  2⤵
  PID:10136
- C:\Windows\System\QEKkzmS.exe
  C:\Windows\System\QEKkzmS.exe
  2⤵
  PID:10152
- C:\Windows\System\qgYHyix.exe
  C:\Windows\System\qgYHyix.exe
  2⤵
  PID:10176
- C:\Windows\System\oCIfTjk.exe
  C:\Windows\System\oCIfTjk.exe
  2⤵
  PID:10196
- C:\Windows\System\NDMFtDE.exe
  C:\Windows\System\NDMFtDE.exe
  2⤵
  PID:10212
- C:\Windows\System\mVkqnit.exe
  C:\Windows\System\mVkqnit.exe
  2⤵
  PID:10236
- C:\Windows\System\UKEkghk.exe
  C:\Windows\System\UKEkghk.exe
  2⤵
  PID:4324
- C:\Windows\System\AvviaNS.exe
  C:\Windows\System\AvviaNS.exe
  2⤵
  PID:8700
- C:\Windows\System\LZCUOqg.exe
  C:\Windows\System\LZCUOqg.exe
  2⤵
  PID:4768
- C:\Windows\System\XfPVVni.exe
  C:\Windows\System\XfPVVni.exe
  2⤵
  PID:4636
- C:\Windows\System\aHvXmDK.exe
  C:\Windows\System\aHvXmDK.exe
  2⤵
  PID:2816
- C:\Windows\System\dowDCbb.exe
  C:\Windows\System\dowDCbb.exe
  2⤵
  PID:2792
- C:\Windows\System\MiIFiQL.exe
  C:\Windows\System\MiIFiQL.exe
  2⤵
  PID:4168
- C:\Windows\System\kEeTDmu.exe
  C:\Windows\System\kEeTDmu.exe
  2⤵
  PID:9320
- C:\Windows\System\aXKNeno.exe
  C:\Windows\System\aXKNeno.exe
  2⤵
  PID:4728
- C:\Windows\System\VRuSWmI.exe
  C:\Windows\System\VRuSWmI.exe
  2⤵
  PID:8924
- C:\Windows\System\vtJCeoa.exe
  C:\Windows\System\vtJCeoa.exe
  2⤵
  PID:9480
- C:\Windows\System\omoohoB.exe
  C:\Windows\System\omoohoB.exe
  2⤵
  PID:9528
- C:\Windows\System\KwoBqhC.exe
  C:\Windows\System\KwoBqhC.exe
  2⤵
  PID:3620
- C:\Windows\System\kVzTfhO.exe
  C:\Windows\System\kVzTfhO.exe
  2⤵
  PID:3976
- C:\Windows\System\neIEsIT.exe
  C:\Windows\System\neIEsIT.exe
  2⤵
  PID:4332
- C:\Windows\System\ILuMSrn.exe
  C:\Windows\System\ILuMSrn.exe
  2⤵
  PID:4340
- C:\Windows\System\MrcAuBi.exe
  C:\Windows\System\MrcAuBi.exe
  2⤵
  PID:9620
- C:\Windows\System\waXDaDZ.exe
  C:\Windows\System\waXDaDZ.exe
  2⤵
  PID:10248
- C:\Windows\System\aJpOfSC.exe
  C:\Windows\System\aJpOfSC.exe
  2⤵
  PID:10268
- C:\Windows\System\zxPzEge.exe
  C:\Windows\System\zxPzEge.exe
  2⤵
  PID:10284
- C:\Windows\System\nSeHzAZ.exe
  C:\Windows\System\nSeHzAZ.exe
  2⤵
  PID:10312
- C:\Windows\System\QqKaxZx.exe
  C:\Windows\System\QqKaxZx.exe
  2⤵
  PID:10328
- C:\Windows\System\PTLnNgq.exe
  C:\Windows\System\PTLnNgq.exe
  2⤵
  PID:10348
- C:\Windows\System\PgQZuEl.exe
  C:\Windows\System\PgQZuEl.exe
  2⤵
  PID:10372
- C:\Windows\System\dqfjwcP.exe
  C:\Windows\System\dqfjwcP.exe
  2⤵
  PID:10388
- C:\Windows\System\CSsoxtT.exe
  C:\Windows\System\CSsoxtT.exe
  2⤵
  PID:10408
- C:\Windows\System\WwEuNTI.exe
  C:\Windows\System\WwEuNTI.exe
  2⤵
  PID:10428
- C:\Windows\System\BpDmzgX.exe
  C:\Windows\System\BpDmzgX.exe
  2⤵
  PID:10448
- C:\Windows\System\kVEYaRA.exe
  C:\Windows\System\kVEYaRA.exe
  2⤵
  PID:10468
- C:\Windows\System\zzAfKfb.exe
  C:\Windows\System\zzAfKfb.exe
  2⤵
  PID:10488
- C:\Windows\System\JBVvbhu.exe
  C:\Windows\System\JBVvbhu.exe
  2⤵
  PID:10512
- C:\Windows\System\GxoGeKm.exe
  C:\Windows\System\GxoGeKm.exe
  2⤵
  PID:10528
- C:\Windows\System\oOcloZe.exe
  C:\Windows\System\oOcloZe.exe
  2⤵
  PID:10548
- C:\Windows\System\sKbUabf.exe
  C:\Windows\System\sKbUabf.exe
  2⤵
  PID:10564
- C:\Windows\System\jXXhCmd.exe
  C:\Windows\System\jXXhCmd.exe
  2⤵
  PID:10580
- C:\Windows\System\boCFUul.exe
  C:\Windows\System\boCFUul.exe
  2⤵
  PID:10600
- C:\Windows\System\upEIhxP.exe
  C:\Windows\System\upEIhxP.exe
  2⤵
  PID:10624
- C:\Windows\System\hQmaJKj.exe
  C:\Windows\System\hQmaJKj.exe
  2⤵
  PID:10640
- C:\Windows\System\flkEPyK.exe
  C:\Windows\System\flkEPyK.exe
  2⤵
  PID:10664
- C:\Windows\System\lTbXFen.exe
  C:\Windows\System\lTbXFen.exe
  2⤵
  PID:10684
- C:\Windows\System\OmsLclw.exe
  C:\Windows\System\OmsLclw.exe
  2⤵
  PID:10716
- C:\Windows\System\gzjBuib.exe
  C:\Windows\System\gzjBuib.exe
  2⤵
  PID:10744
- C:\Windows\System\XyhQaLa.exe
  C:\Windows\System\XyhQaLa.exe
  2⤵
  PID:10760
- C:\Windows\System\GNomvII.exe
  C:\Windows\System\GNomvII.exe
  2⤵
  PID:10780
- C:\Windows\System\ILVnXmK.exe
  C:\Windows\System\ILVnXmK.exe
  2⤵
  PID:10796
- C:\Windows\System\LjwzrZI.exe
  C:\Windows\System\LjwzrZI.exe
  2⤵
  PID:10820
- C:\Windows\System\GhKCyMe.exe
  C:\Windows\System\GhKCyMe.exe
  2⤵
  PID:10836
- C:\Windows\System\VluaDCX.exe
  C:\Windows\System\VluaDCX.exe
  2⤵
  PID:10860
- C:\Windows\System\gNXOFqC.exe
  C:\Windows\System\gNXOFqC.exe
  2⤵
  PID:10884
- C:\Windows\System\tRuaFmV.exe
  C:\Windows\System\tRuaFmV.exe
  2⤵
  PID:10900
- C:\Windows\System\IhkQWUp.exe
  C:\Windows\System\IhkQWUp.exe
  2⤵
  PID:10920
- C:\Windows\System\sWFNxQE.exe
  C:\Windows\System\sWFNxQE.exe
  2⤵
  PID:10944
- C:\Windows\System\iwjJmSh.exe
  C:\Windows\System\iwjJmSh.exe
  2⤵
  PID:10960
- C:\Windows\System\wGIXUpB.exe
  C:\Windows\System\wGIXUpB.exe
  2⤵
  PID:10980
- C:\Windows\System\wIDmVYh.exe
  C:\Windows\System\wIDmVYh.exe
  2⤵
  PID:11000
- C:\Windows\System\qSgkEDF.exe
  C:\Windows\System\qSgkEDF.exe
  2⤵
  PID:11020
- C:\Windows\System\lcaEXTS.exe
  C:\Windows\System\lcaEXTS.exe
  2⤵
  PID:11044
- C:\Windows\System\kIxtRpz.exe
  C:\Windows\System\kIxtRpz.exe
  2⤵
  PID:11064
- C:\Windows\System\EmjsorW.exe
  C:\Windows\System\EmjsorW.exe
  2⤵
  PID:11084
- C:\Windows\System\tjYVXqY.exe
  C:\Windows\System\tjYVXqY.exe
  2⤵
  PID:11100
- C:\Windows\System\cpCgXjm.exe
  C:\Windows\System\cpCgXjm.exe
  2⤵
  PID:11124
- C:\Windows\System\pTfOXLs.exe
  C:\Windows\System\pTfOXLs.exe
  2⤵
  PID:11152
- C:\Windows\System\pbxlyhH.exe
  C:\Windows\System\pbxlyhH.exe
  2⤵
  PID:11168
- C:\Windows\System\pmWDFhw.exe
  C:\Windows\System\pmWDFhw.exe
  2⤵
  PID:11188
- C:\Windows\System\JvMKOxH.exe
  C:\Windows\System\JvMKOxH.exe
  2⤵
  PID:11204
- C:\Windows\System\yssAutB.exe
  C:\Windows\System\yssAutB.exe
  2⤵
  PID:11228
- C:\Windows\System\frNhGHO.exe
  C:\Windows\System\frNhGHO.exe
  2⤵
  PID:11248
- C:\Windows\System\uHcOBUu.exe
  C:\Windows\System\uHcOBUu.exe
  2⤵
  PID:5248
- C:\Windows\System\PdRWfua.exe
  C:\Windows\System\PdRWfua.exe
  2⤵
  PID:9272
- C:\Windows\System\bNGnYSs.exe
  C:\Windows\System\bNGnYSs.exe
  2⤵
  PID:9808
- C:\Windows\System\vKFRIuB.exe
  C:\Windows\System\vKFRIuB.exe
  2⤵
  PID:9824
- C:\Windows\System\goLqMFr.exe
  C:\Windows\System\goLqMFr.exe
  2⤵
  PID:9376
- C:\Windows\System\GvaoPfa.exe
  C:\Windows\System\GvaoPfa.exe
  2⤵
  PID:8968
- C:\Windows\System\zoYusVK.exe
  C:\Windows\System\zoYusVK.exe
  2⤵
  PID:9964
- C:\Windows\System\RdkMWED.exe
  C:\Windows\System\RdkMWED.exe
  2⤵
  PID:9468
- C:\Windows\System\wfJWjXO.exe
  C:\Windows\System\wfJWjXO.exe
  2⤵
  PID:10104
- C:\Windows\System\pPfEWIT.exe
  C:\Windows\System\pPfEWIT.exe
  2⤵
  PID:1312
- C:\Windows\System\vFdgkzP.exe
  C:\Windows\System\vFdgkzP.exe
  2⤵
  PID:5284
- C:\Windows\System\ToGibtC.exe
  C:\Windows\System\ToGibtC.exe
  2⤵
  PID:5388
- C:\Windows\System\SnzwuOr.exe
  C:\Windows\System\SnzwuOr.exe
  2⤵
  PID:9584
- C:\Windows\System\tIkQtNn.exe
  C:\Windows\System\tIkQtNn.exe
  2⤵
  PID:8672
- C:\Windows\System\GZZfNTn.exe
  C:\Windows\System\GZZfNTn.exe
  2⤵
  PID:3256
- C:\Windows\System\EBiswZF.exe
  C:\Windows\System\EBiswZF.exe
  2⤵
  PID:9692
- C:\Windows\System\nzkujgt.exe
  C:\Windows\System\nzkujgt.exe
  2⤵
  PID:10280
- C:\Windows\System\gOLGqJn.exe
  C:\Windows\System\gOLGqJn.exe
  2⤵
  PID:9740
- C:\Windows\System\TnBjeWH.exe
  C:\Windows\System\TnBjeWH.exe
  2⤵
  PID:10440
- C:\Windows\System\YqGNzyJ.exe
  C:\Windows\System\YqGNzyJ.exe
  2⤵
  PID:9860
- C:\Windows\System\HpZAhTh.exe
  C:\Windows\System\HpZAhTh.exe
  2⤵
  PID:10504
- C:\Windows\System\DgVKBWd.exe
  C:\Windows\System\DgVKBWd.exe
  2⤵
  PID:9900
- C:\Windows\System\UiFyhyo.exe
  C:\Windows\System\UiFyhyo.exe
  2⤵
  PID:11272
- C:\Windows\System\rMiqirr.exe
  C:\Windows\System\rMiqirr.exe
  2⤵
  PID:11292
- C:\Windows\System\XSrXJqr.exe
  C:\Windows\System\XSrXJqr.exe
  2⤵
  PID:11316
- C:\Windows\System\lFhTLxO.exe
  C:\Windows\System\lFhTLxO.exe
  2⤵
  PID:11336
- C:\Windows\System\ymSrSGK.exe
  C:\Windows\System\ymSrSGK.exe
  2⤵
  PID:11356
- C:\Windows\System\oTdMDji.exe
  C:\Windows\System\oTdMDji.exe
  2⤵
  PID:11376
- C:\Windows\System\ZBymZWq.exe
  C:\Windows\System\ZBymZWq.exe
  2⤵
  PID:11396
- C:\Windows\System\mUBqzaW.exe
  C:\Windows\System\mUBqzaW.exe
  2⤵
  PID:11416
- C:\Windows\System\FpHDKnW.exe
  C:\Windows\System\FpHDKnW.exe
  2⤵
  PID:11436
- C:\Windows\System\ZDtiqqr.exe
  C:\Windows\System\ZDtiqqr.exe
  2⤵
  PID:11460
- C:\Windows\System\NDNQsPJ.exe
  C:\Windows\System\NDNQsPJ.exe
  2⤵
  PID:11484
- C:\Windows\System\FoHBEmF.exe
  C:\Windows\System\FoHBEmF.exe
  2⤵
  PID:11500
- C:\Windows\System\OckxwWm.exe
  C:\Windows\System\OckxwWm.exe
  2⤵
  PID:11520
- C:\Windows\System\QmzPXNL.exe
  C:\Windows\System\QmzPXNL.exe
  2⤵
  PID:11540
- C:\Windows\System\fleHdAQ.exe
  C:\Windows\System\fleHdAQ.exe
  2⤵
  PID:11560
- C:\Windows\System\MEfaoQJ.exe
  C:\Windows\System\MEfaoQJ.exe
  2⤵
  PID:11580
- C:\Windows\System\HkyhGzk.exe
  C:\Windows\System\HkyhGzk.exe
  2⤵
  PID:11600
- C:\Windows\System\VaJgyLN.exe
  C:\Windows\System\VaJgyLN.exe
  2⤵
  PID:11620
- C:\Windows\System\vfzXbcv.exe
  C:\Windows\System\vfzXbcv.exe
  2⤵
  PID:11640
- C:\Windows\System\hBzDTpf.exe
  C:\Windows\System\hBzDTpf.exe
  2⤵
  PID:11656
- C:\Windows\System\oEAooGt.exe
  C:\Windows\System\oEAooGt.exe
  2⤵
  PID:11672
- C:\Windows\System\BPzFJhx.exe
  C:\Windows\System\BPzFJhx.exe
  2⤵
  PID:11692
- C:\Windows\System\vgfIIZZ.exe
  C:\Windows\System\vgfIIZZ.exe
  2⤵
  PID:11708
- C:\Windows\System\ghzcaPc.exe
  C:\Windows\System\ghzcaPc.exe
  2⤵
  PID:11728
- C:\Windows\System\SLLoQtn.exe
  C:\Windows\System\SLLoQtn.exe
  2⤵
  PID:11764
- C:\Windows\System\sDgzTCn.exe
  C:\Windows\System\sDgzTCn.exe
  2⤵
  PID:11780
- C:\Windows\System\DPBlgco.exe
  C:\Windows\System\DPBlgco.exe
  2⤵
  PID:11796
- C:\Windows\System\EcKrnZi.exe
  C:\Windows\System\EcKrnZi.exe
  2⤵
  PID:11824
- C:\Windows\System\KIbGnuQ.exe
  C:\Windows\System\KIbGnuQ.exe
  2⤵
  PID:11844
- C:\Windows\System\zkkcNwW.exe
  C:\Windows\System\zkkcNwW.exe
  2⤵
  PID:11864
- C:\Windows\System\xtHvmqR.exe
  C:\Windows\System\xtHvmqR.exe
  2⤵
  PID:11888
- C:\Windows\System\tcSMrwg.exe
  C:\Windows\System\tcSMrwg.exe
  2⤵
  PID:11908
- C:\Windows\System\PVcqLgy.exe
  C:\Windows\System\PVcqLgy.exe
  2⤵
  PID:11932
- C:\Windows\System\pdejWTq.exe
  C:\Windows\System\pdejWTq.exe
  2⤵
  PID:11952
- C:\Windows\System\gYAIAaz.exe
  C:\Windows\System\gYAIAaz.exe
  2⤵
  PID:11972
- C:\Windows\System\MnnoLMl.exe
  C:\Windows\System\MnnoLMl.exe
  2⤵
  PID:11992
- C:\Windows\System\WgMLqsv.exe
  C:\Windows\System\WgMLqsv.exe
  2⤵
  PID:12016
- C:\Windows\System\mNdQmSr.exe
  C:\Windows\System\mNdQmSr.exe
  2⤵
  PID:12036
- C:\Windows\System\cmQCWyt.exe
  C:\Windows\System\cmQCWyt.exe
  2⤵
  PID:12056
- C:\Windows\System\PsNZaEI.exe
  C:\Windows\System\PsNZaEI.exe
  2⤵
  PID:12072
- C:\Windows\System\xuIZrBQ.exe
  C:\Windows\System\xuIZrBQ.exe
  2⤵
  PID:12092
- C:\Windows\System\IISnZWX.exe
  C:\Windows\System\IISnZWX.exe
  2⤵
  PID:12112
- C:\Windows\System\wUnCtpf.exe
  C:\Windows\System\wUnCtpf.exe
  2⤵
  PID:12132
- C:\Windows\System\fplnAxE.exe
  C:\Windows\System\fplnAxE.exe
  2⤵
  PID:12148
- C:\Windows\System\wZFYMrt.exe
  C:\Windows\System\wZFYMrt.exe
  2⤵
  PID:12168
- C:\Windows\System\RkNfxoF.exe
  C:\Windows\System\RkNfxoF.exe
  2⤵
  PID:12188
- C:\Windows\System\AlpbjKX.exe
  C:\Windows\System\AlpbjKX.exe
  2⤵
  PID:12212
- C:\Windows\System\lbDPOAK.exe
  C:\Windows\System\lbDPOAK.exe
  2⤵
  PID:12232
- C:\Windows\System\zpFBjkd.exe
  C:\Windows\System\zpFBjkd.exe
  2⤵
  PID:12252
- C:\Windows\System\ntgWwdP.exe
  C:\Windows\System\ntgWwdP.exe
  2⤵
  PID:12268
- C:\Windows\System\LtRGiJD.exe
  C:\Windows\System\LtRGiJD.exe
  2⤵
  PID:10592
- C:\Windows\System\JMkyScl.exe
  C:\Windows\System\JMkyScl.exe
  2⤵
  PID:10676
- C:\Windows\System\ecctfHH.exe
  C:\Windows\System\ecctfHH.exe
  2⤵
  PID:9992
- C:\Windows\System\VMiiDBx.exe
  C:\Windows\System\VMiiDBx.exe
  2⤵
  PID:3844
- C:\Windows\System\EGQwEGa.exe
  C:\Windows\System\EGQwEGa.exe
  2⤵
  PID:10048
- C:\Windows\System\yAotrfy.exe
  C:\Windows\System\yAotrfy.exe
  2⤵
  PID:10112
- C:\Windows\System\CyKZtKx.exe
  C:\Windows\System\CyKZtKx.exe
  2⤵
  PID:10144
- C:\Windows\System\HkpsXaP.exe
  C:\Windows\System\HkpsXaP.exe
  2⤵
  PID:10908
- C:\Windows\System\ZroPife.exe
  C:\Windows\System\ZroPife.exe
  2⤵
  PID:8884
- C:\Windows\System\bHPIlNP.exe
  C:\Windows\System\bHPIlNP.exe
  2⤵
  PID:3264
- C:\Windows\System\SgNwygn.exe
  C:\Windows\System\SgNwygn.exe
  2⤵
  PID:9544
- C:\Windows\System\HbUyIDR.exe
  C:\Windows\System\HbUyIDR.exe
  2⤵
  PID:9340
- C:\Windows\System\PdjLrZM.exe
  C:\Windows\System\PdjLrZM.exe
  2⤵
  PID:11148
- C:\Windows\System\Ihlrhaj.exe
  C:\Windows\System\Ihlrhaj.exe
  2⤵
  PID:2448
- C:\Windows\System\MROpFHe.exe
  C:\Windows\System\MROpFHe.exe
  2⤵
  PID:9828
- C:\Windows\System\EXmaZDB.exe
  C:\Windows\System\EXmaZDB.exe
  2⤵
  PID:9384
- C:\Windows\System\rHdKbQN.exe
  C:\Windows\System\rHdKbQN.exe
  2⤵
  PID:1800
- C:\Windows\System\wGqEUil.exe
  C:\Windows\System\wGqEUil.exe
  2⤵
  PID:9256
- C:\Windows\System\ShdsgaZ.exe
  C:\Windows\System\ShdsgaZ.exe
  2⤵
  PID:10336
- C:\Windows\System\locAXIT.exe
  C:\Windows\System\locAXIT.exe
  2⤵
  PID:9760
- C:\Windows\System\QVtHbwF.exe
  C:\Windows\System\QVtHbwF.exe
  2⤵
  PID:4452
- C:\Windows\System\QRGrMel.exe
  C:\Windows\System\QRGrMel.exe
  2⤵
  PID:9680
- C:\Windows\System\ETbKbjq.exe
  C:\Windows\System\ETbKbjq.exe
  2⤵
  PID:12304
- C:\Windows\System\bCMkrvP.exe
  C:\Windows\System\bCMkrvP.exe
  2⤵
  PID:12328
- C:\Windows\System\izwZdIf.exe
  C:\Windows\System\izwZdIf.exe
  2⤵
  PID:12352
- C:\Windows\System\dpJSwGF.exe
  C:\Windows\System\dpJSwGF.exe
  2⤵
  PID:12368
- C:\Windows\System\AUfRJDk.exe
  C:\Windows\System\AUfRJDk.exe
  2⤵
  PID:12388
- C:\Windows\System\DMwZHhq.exe
  C:\Windows\System\DMwZHhq.exe
  2⤵
  PID:12404
- C:\Windows\System\tYuALIg.exe
  C:\Windows\System\tYuALIg.exe
  2⤵
  PID:12432
- C:\Windows\System\ehfCKEB.exe
  C:\Windows\System\ehfCKEB.exe
  2⤵
  PID:12452
- C:\Windows\System\QlYnmzu.exe
  C:\Windows\System\QlYnmzu.exe
  2⤵
  PID:12476
- C:\Windows\System\fSWxtWG.exe
  C:\Windows\System\fSWxtWG.exe
  2⤵
  PID:12496
- C:\Windows\System\ruFbwwr.exe
  C:\Windows\System\ruFbwwr.exe
  2⤵
  PID:12512
- C:\Windows\System\NhpKGlx.exe
  C:\Windows\System\NhpKGlx.exe
  2⤵
  PID:12536
- C:\Windows\System\ecRyOdQ.exe
  C:\Windows\System\ecRyOdQ.exe
  2⤵
  PID:12560
- C:\Windows\System\uRrrMtZ.exe
  C:\Windows\System\uRrrMtZ.exe
  2⤵
  PID:12576
- C:\Windows\System\dfxnfim.exe
  C:\Windows\System\dfxnfim.exe
  2⤵
  PID:12596
- C:\Windows\System\BloswdZ.exe
  C:\Windows\System\BloswdZ.exe
  2⤵
  PID:12616
- C:\Windows\System\NmckwkS.exe
  C:\Windows\System\NmckwkS.exe
  2⤵
  PID:12632
- C:\Windows\System\YIxqFpM.exe
  C:\Windows\System\YIxqFpM.exe
  2⤵
  PID:12656
- C:\Windows\System\wixMsjk.exe
  C:\Windows\System\wixMsjk.exe
  2⤵
  PID:12680
- C:\Windows\System\YnbIlLp.exe
  C:\Windows\System\YnbIlLp.exe
  2⤵
  PID:12696
- C:\Windows\System\FRchIGm.exe
  C:\Windows\System\FRchIGm.exe
  2⤵
  PID:12720
- C:\Windows\System\jOvUFHk.exe
  C:\Windows\System\jOvUFHk.exe
  2⤵
  PID:12736
- C:\Windows\System\bvEPTub.exe
  C:\Windows\System\bvEPTub.exe
  2⤵
  PID:12756
- C:\Windows\System\VccBmCB.exe
  C:\Windows\System\VccBmCB.exe
  2⤵
  PID:12784
- C:\Windows\System\zsKJdDq.exe
  C:\Windows\System\zsKJdDq.exe
  2⤵
  PID:12804
- C:\Windows\System\XAGlTki.exe
  C:\Windows\System\XAGlTki.exe
  2⤵
  PID:12820
- C:\Windows\System\tPoDMyM.exe
  C:\Windows\System\tPoDMyM.exe
  2⤵
  PID:12840
- C:\Windows\System\SkPzwIZ.exe
  C:\Windows\System\SkPzwIZ.exe
  2⤵
  PID:12856
- C:\Windows\System\QJJHfvl.exe
  C:\Windows\System\QJJHfvl.exe
  2⤵
  PID:12876
- C:\Windows\System\uMklHrN.exe
  C:\Windows\System\uMklHrN.exe
  2⤵
  PID:12896
- C:\Windows\System\jSDFkcq.exe
  C:\Windows\System\jSDFkcq.exe
  2⤵
  PID:12916
- C:\Windows\System\NtkQsgl.exe
  C:\Windows\System\NtkQsgl.exe
  2⤵
  PID:12932
- C:\Windows\System\jGnJzZZ.exe
  C:\Windows\System\jGnJzZZ.exe
  2⤵
  PID:12956
- C:\Windows\System\INzGOSf.exe
  C:\Windows\System\INzGOSf.exe
  2⤵
  PID:12972
- C:\Windows\System\bwRketV.exe
  C:\Windows\System\bwRketV.exe
  2⤵
  PID:12992
- C:\Windows\System\oflumHm.exe
  C:\Windows\System\oflumHm.exe
  2⤵
  PID:13016
- C:\Windows\System\WdFaXWx.exe
  C:\Windows\System\WdFaXWx.exe
  2⤵
  PID:13036
- C:\Windows\System\BvIkjBK.exe
  C:\Windows\System\BvIkjBK.exe
  2⤵
  PID:13056
- C:\Windows\System\RZzrcVq.exe
  C:\Windows\System\RZzrcVq.exe
  2⤵
  PID:13080
- C:\Windows\System\luNXMTm.exe
  C:\Windows\System\luNXMTm.exe
  2⤵
  PID:13100
- C:\Windows\System\hMkLBGy.exe
  C:\Windows\System\hMkLBGy.exe
  2⤵
  PID:13120
- C:\Windows\System\dRPOCBe.exe
  C:\Windows\System\dRPOCBe.exe
  2⤵
  PID:8508
- C:\Windows\System\XiyHnpR.exe
  C:\Windows\System\XiyHnpR.exe
  2⤵
  PID:10300
- C:\Windows\System\pPQqcuA.exe
  C:\Windows\System\pPQqcuA.exe
  2⤵
  PID:10576
- C:\Windows\System\glcMWtz.exe
  C:\Windows\System\glcMWtz.exe
  2⤵
  PID:9448
- C:\Windows\System\jfcVzZX.exe
  C:\Windows\System\jfcVzZX.exe
  2⤵
  PID:6376
- C:\Windows\System\tcPRztf.exe
  C:\Windows\System\tcPRztf.exe
  2⤵
  PID:972
- C:\Windows\System\vYXYgjT.exe
  C:\Windows\System\vYXYgjT.exe
  2⤵
  PID:4700
- C:\Windows\System\nUSlHAN.exe
  C:\Windows\System\nUSlHAN.exe
  2⤵
  PID:10404
- C:\Windows\System\dHNrLnw.exe
  C:\Windows\System\dHNrLnw.exe
  2⤵
  PID:12340
- C:\Windows\System\bKsACGW.exe
  C:\Windows\System\bKsACGW.exe
  2⤵
  PID:13160
- C:\Windows\System\leeHxsS.exe
  C:\Windows\System\leeHxsS.exe
  2⤵
  PID:11572
- C:\Windows\System\LAUebBz.exe
  C:\Windows\System\LAUebBz.exe
  2⤵
  PID:12612
- C:\Windows\System\VkEKuFn.exe
  C:\Windows\System\VkEKuFn.exe
  2⤵
  PID:12652
- C:\Windows\System\dTjjpKA.exe
  C:\Windows\System\dTjjpKA.exe
  2⤵
  PID:12140
- C:\Windows\System\pXaUQFz.exe
  C:\Windows\System\pXaUQFz.exe
  2⤵
  PID:12780
- C:\Windows\System\IsWWdfl.exe
  C:\Windows\System\IsWWdfl.exe
  2⤵
  PID:12868
- C:\Windows\System\ZAtACmC.exe
  C:\Windows\System\ZAtACmC.exe
  2⤵
  PID:13028
- C:\Windows\System\iDacWIq.exe
  C:\Windows\System\iDacWIq.exe
  2⤵
  PID:13252
- C:\Windows\System\NOhMjoG.exe
  C:\Windows\System\NOhMjoG.exe
  2⤵
  PID:9700
- C:\Windows\System\UCDGAIA.exe
  C:\Windows\System\UCDGAIA.exe
  2⤵
  PID:13012
- C:\Windows\System\lvvHTfz.exe
  C:\Windows\System\lvvHTfz.exe
  2⤵
  PID:10856
- C:\Windows\System\AlyKuDc.exe
  C:\Windows\System\AlyKuDc.exe
  2⤵
  PID:11648
- C:\Windows\System\HfDJJvP.exe
  C:\Windows\System\HfDJJvP.exe
  2⤵
  PID:8016
- C:\Windows\System\vzPhsNM.exe
  C:\Windows\System\vzPhsNM.exe
  2⤵
  PID:10560
- C:\Windows\System\vkTUfIF.exe
  C:\Windows\System\vkTUfIF.exe
  2⤵
  PID:10636
- C:\Windows\System\CmBAgkP.exe
  C:\Windows\System\CmBAgkP.exe
  2⤵
  PID:11108
- C:\Windows\System\eSiTqRx.exe
  C:\Windows\System\eSiTqRx.exe
  2⤵
  PID:9560
- C:\Windows\System\SabJiDj.exe
  C:\Windows\System\SabJiDj.exe
  2⤵
  PID:10788
- C:\Windows\System\HCUUQwA.exe
  C:\Windows\System\HCUUQwA.exe
  2⤵
  PID:9184
- C:\Windows\System\UjMMMyl.exe
  C:\Windows\System\UjMMMyl.exe
  2⤵
  PID:9984
- C:\Windows\System\EnAVSJf.exe
  C:\Windows\System\EnAVSJf.exe
  2⤵
  PID:4952
- C:\Windows\System\sjiozeR.exe
  C:\Windows\System\sjiozeR.exe
  2⤵
  PID:13068
- C:\Windows\System\BiSgpFV.exe
  C:\Windows\System\BiSgpFV.exe
  2⤵
  PID:12468
- C:\Windows\System\VUtkKnY.exe
  C:\Windows\System\VUtkKnY.exe
  2⤵
  PID:13052
- C:\Windows\System\yNSECnw.exe
  C:\Windows\System\yNSECnw.exe
  2⤵
  PID:11608
- C:\Windows\System\xiPmHjv.exe
  C:\Windows\System\xiPmHjv.exe
  2⤵
  PID:11408
- C:\Windows\System\cZAksdv.exe
  C:\Windows\System\cZAksdv.exe
  2⤵
  PID:13308
- C:\Windows\System\gWzZqYY.exe
  C:\Windows\System\gWzZqYY.exe
  2⤵
  PID:10480
- C:\Windows\System\svWvQhB.exe
  C:\Windows\System\svWvQhB.exe
  2⤵
  PID:11980
- C:\Windows\System\OpIQWGM.exe
  C:\Windows\System\OpIQWGM.exe
  2⤵
  PID:11448
- C:\Windows\System\wTturbC.exe
  C:\Windows\System\wTturbC.exe
  2⤵
  PID:11260
- C:\Windows\System\YExIKzI.exe
  C:\Windows\System\YExIKzI.exe
  2⤵
  PID:1952
- C:\Windows\System\lxKnGOJ.exe
  C:\Windows\System\lxKnGOJ.exe
  2⤵
  PID:13164
- C:\Windows\System\LKxCHJA.exe
  C:\Windows\System\LKxCHJA.exe
  2⤵
  PID:12832
- C:\Windows\System\vSGguXd.exe
  C:\Windows\System\vSGguXd.exe
  2⤵
  PID:11536
- C:\Windows\System\vMfYBHu.exe
  C:\Windows\System\vMfYBHu.exe
  2⤵
  PID:11344
- C:\Windows\System\zhEVVKT.exe
  C:\Windows\System\zhEVVKT.exe
  2⤵
  PID:12708
- C:\Windows\System\ZbcEtfM.exe
  C:\Windows\System\ZbcEtfM.exe
  2⤵
  PID:12280
- C:\Windows\System\ISEKyiz.exe
  C:\Windows\System\ISEKyiz.exe
  2⤵
  PID:12748
- C:\Windows\System\chnqGFc.exe
  C:\Windows\System\chnqGFc.exe
  2⤵
  PID:12048
- C:\Windows\System\qAzldmh.exe
  C:\Windows\System\qAzldmh.exe
  2⤵
  PID:13152
- C:\Windows\System\cOfYdIH.exe
  C:\Windows\System\cOfYdIH.exe
  2⤵
  PID:11556
- C:\Windows\System\HIDuLZe.exe
  C:\Windows\System\HIDuLZe.exe
  2⤵
  PID:12952
- C:\Windows\System\IIWhbjj.exe
  C:\Windows\System\IIWhbjj.exe
  2⤵
  PID:10396
- C:\Windows\System\hqRjlxc.exe
  C:\Windows\System\hqRjlxc.exe
  2⤵
  PID:9924
- C:\Windows\System\XJTSWaw.exe
  C:\Windows\System\XJTSWaw.exe
  2⤵
  PID:10228
- C:\Windows\System\UVsnYyp.exe
  C:\Windows\System\UVsnYyp.exe
  2⤵
  PID:13024
- C:\Windows\System\SUfQWgS.exe
  C:\Windows\System\SUfQWgS.exe
  2⤵
  PID:13180
- C:\Windows\System\LGLCdMW.exe
  C:\Windows\System\LGLCdMW.exe
  2⤵
  PID:5812
- C:\Windows\System\esshQPs.exe
  C:\Windows\System\esshQPs.exe
  2⤵
  PID:12228
- C:\Windows\System\ZfCfZSs.exe
  C:\Windows\System\ZfCfZSs.exe
  2⤵
  PID:12888
- C:\Windows\System\ULysCuj.exe
  C:\Windows\System\ULysCuj.exe
  2⤵
  PID:9792
- C:\Windows\System\RoVqnsc.exe
  C:\Windows\System\RoVqnsc.exe
  2⤵
  PID:12448
- C:\Windows\System\emzFvcl.exe
  C:\Windows\System\emzFvcl.exe
  2⤵
  PID:10620
- C:\Windows\System\rFThgLy.exe
  C:\Windows\System\rFThgLy.exe
  2⤵
  PID:9848
- C:\Windows\System\uJMZCxN.exe
  C:\Windows\System\uJMZCxN.exe
  2⤵
  PID:4512
- C:\Windows\System\zHVKhBn.exe
  C:\Windows\System\zHVKhBn.exe
  2⤵
  PID:9912
- C:\Windows\System\LSwXmFN.exe
  C:\Windows\System\LSwXmFN.exe
  2⤵
  PID:12556
- C:\Windows\System\iemwhyK.exe
  C:\Windows\System\iemwhyK.exe
  2⤵
  PID:11372
- C:\Windows\System\mWTIDDq.exe
  C:\Windows\System\mWTIDDq.exe
  2⤵
  PID:11196
- C:\Windows\System\GuyAKzJ.exe
  C:\Windows\System\GuyAKzJ.exe
  2⤵
  PID:1060
- C:\Windows\System\eOspLzn.exe
  C:\Windows\System\eOspLzn.exe
  2⤵
  PID:12160
- C:\Windows\System\wJhdhMk.exe
  C:\Windows\System\wJhdhMk.exe
  2⤵
  PID:12360
- C:\Windows\System\cTCztUw.exe
  C:\Windows\System\cTCztUw.exe
  2⤵
  PID:13388
- C:\Windows\System\kRgaJOB.exe
  C:\Windows\System\kRgaJOB.exe
  2⤵
  PID:13412
- C:\Windows\System\idAHbSS.exe
  C:\Windows\System\idAHbSS.exe
  2⤵
  PID:13564
- C:\Windows\System\yWxBaVl.exe
  C:\Windows\System\yWxBaVl.exe
  2⤵
  PID:13668
- C:\Windows\System\xPGkZol.exe
  C:\Windows\System\xPGkZol.exe
  2⤵
  PID:13684
- C:\Windows\System\TWscJTi.exe
  C:\Windows\System\TWscJTi.exe
  2⤵
  PID:14012
- C:\Windows\System\AgsSIXa.exe
  C:\Windows\System\AgsSIXa.exe
  2⤵
  PID:14092
- C:\Windows\System\NIUABQZ.exe
  C:\Windows\System\NIUABQZ.exe
  2⤵
  PID:14112
- C:\Windows\System\SBvEupC.exe
  C:\Windows\System\SBvEupC.exe
  2⤵
  PID:14160
- C:\Windows\System\zMSWnyI.exe
  C:\Windows\System\zMSWnyI.exe
  2⤵
  PID:14176
- C:\Windows\System\PXfQTEW.exe
  C:\Windows\System\PXfQTEW.exe
  2⤵
  PID:14192
- C:\Windows\System\uQepqre.exe
  C:\Windows\System\uQepqre.exe
  2⤵
  PID:14224
- C:\Windows\System\qtbKBSH.exe
  C:\Windows\System\qtbKBSH.exe
  2⤵
  PID:14240
- C:\Windows\System\gUQwRlH.exe
  C:\Windows\System\gUQwRlH.exe
  2⤵
  PID:13440
- C:\Windows\System\ZNKkFtc.exe
  C:\Windows\System\ZNKkFtc.exe
  2⤵
  PID:13624
- C:\Windows\System\LjhwoUc.exe
  C:\Windows\System\LjhwoUc.exe
  2⤵
  PID:13596
- C:\Windows\System\OfRkDGy.exe
  C:\Windows\System\OfRkDGy.exe
  2⤵
  PID:14008
- C:\Windows\System\BbJkyRf.exe
  C:\Windows\System\BbJkyRf.exe
  2⤵
  PID:14024
- C:\Windows\System\qYHmfKb.exe
  C:\Windows\System\qYHmfKb.exe
  2⤵
  PID:14036
- C:\Windows\System\rKTdTpK.exe
  C:\Windows\System\rKTdTpK.exe
  2⤵
  PID:14052
- C:\Windows\System\YeAMqhV.exe
  C:\Windows\System\YeAMqhV.exe
  2⤵
  PID:6336
- C:\Windows\System\oohNtYE.exe
  C:\Windows\System\oohNtYE.exe
  2⤵
  PID:14068
- C:\Windows\System\TQmflca.exe
  C:\Windows\System\TQmflca.exe
  2⤵
  PID:11112
- C:\Windows\System\fjQqaOm.exe
  C:\Windows\System\fjQqaOm.exe
  2⤵
  PID:13364
- C:\Windows\System\dPcvzZS.exe
  C:\Windows\System\dPcvzZS.exe
  2⤵
  PID:13332
- C:\Windows\System\WGOoqdc.exe
  C:\Windows\System\WGOoqdc.exe
  2⤵
  PID:2104
- C:\Windows\System\efylWbR.exe
  C:\Windows\System\efylWbR.exe
  2⤵
  PID:556
- C:\Windows\System\VjStYeq.exe
  C:\Windows\System\VjStYeq.exe
  2⤵
  PID:13892
- C:\Windows\System\kPWHKTZ.exe
  C:\Windows\System\kPWHKTZ.exe
  2⤵
  PID:13924
- C:\Windows\System\frhAWit.exe
  C:\Windows\System\frhAWit.exe
  2⤵
  PID:13944
- C:\Windows\System\nksadmi.exe
  C:\Windows\System\nksadmi.exe
  2⤵
  PID:13968
- C:\Windows\System\lscJFzv.exe
  C:\Windows\System\lscJFzv.exe
  2⤵
  PID:8288
- C:\Windows\System\HRSVari.exe
  C:\Windows\System\HRSVari.exe
  2⤵
  PID:14032
- C:\Windows\System\oLnxSAv.exe
  C:\Windows\System\oLnxSAv.exe
  2⤵
  PID:8332
- C:\Windows\System\IPFWZme.exe
  C:\Windows\System\IPFWZme.exe
  2⤵
  PID:4532
- C:\Windows\System\ZDBWUeE.exe
  C:\Windows\System\ZDBWUeE.exe
  2⤵
  PID:14332
- C:\Windows\System\qmOoyGT.exe
  C:\Windows\System\qmOoyGT.exe
  2⤵
  PID:14312
- C:\Windows\System\IlsDrXB.exe
  C:\Windows\System\IlsDrXB.exe
  2⤵
  PID:864
- C:\Windows\System\uzhySYw.exe
  C:\Windows\System\uzhySYw.exe
  2⤵
  PID:12828
- C:\Windows\System\frYxMCz.exe
  C:\Windows\System\frYxMCz.exe
  2⤵
  PID:2752
- C:\Windows\System\ZUNaWXi.exe
  C:\Windows\System\ZUNaWXi.exe
  2⤵
  PID:13572
- C:\Windows\System\MRQMGtT.exe
  C:\Windows\System\MRQMGtT.exe
  2⤵
  PID:12712
- C:\Windows\System\LSdpaua.exe
  C:\Windows\System\LSdpaua.exe
  2⤵
  PID:13640
- C:\Windows\System\weGflyL.exe
  C:\Windows\System\weGflyL.exe
  2⤵
  PID:13708
- C:\Windows\System\HQRMqBe.exe
  C:\Windows\System\HQRMqBe.exe
  2⤵
  PID:13756
- C:\Windows\System\PopLAqe.exe
  C:\Windows\System\PopLAqe.exe
  2⤵
  PID:4220
- C:\Windows\System\XxoPqXx.exe
  C:\Windows\System\XxoPqXx.exe
  2⤵
  PID:4148
- C:\Windows\System\oStGrJj.exe
  C:\Windows\System\oStGrJj.exe
  2⤵
  PID:13812
- C:\Windows\System\sLVtplM.exe
  C:\Windows\System\sLVtplM.exe
  2⤵
  PID:5116
- C:\Windows\System\KlxRbee.exe
  C:\Windows\System\KlxRbee.exe
  2⤵
  PID:560
- C:\Windows\System\PFiZwGJ.exe
  C:\Windows\System\PFiZwGJ.exe
  2⤵
  PID:1168
- C:\Windows\System\jZoPsCB.exe
  C:\Windows\System\jZoPsCB.exe
  2⤵
  PID:1232
- C:\Windows\System\AquMtLG.exe
  C:\Windows\System\AquMtLG.exe
  2⤵
  PID:14020
- C:\Windows\System\XlPcqwT.exe
  C:\Windows\System\XlPcqwT.exe
  2⤵
  PID:7988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1296,i,1602949858158667699,12464335823361976127,262144 --variations-seed-version --mojo-platform-channel-handle=4360 /prefetch:8
1⤵
PID:7056

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14004

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
1⤵
PID:9804

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
PID:11312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_jog42str.xlz.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AbWOEOI.exe

Filesize
1.5MB

MD5
5cb4cdcbbe9440347cd397df08a70305

SHA1
ce2824a09f8e324247a2badfc8c20725282f8794

SHA256
92c28e123a4c26934ffb0329cac50393175507c2bb34060bff52a48dec428467

SHA512
b585c01da0c275c2cd5104e7144876ae36f5857b8fb8250e54735db7cc0101957b69c4eefb258f2eeaa9bff27fafe9ae70da9e40be99b5f135c3066ac4cc8ee2

Download Submit
C:\Windows\System\AqOvlrI.exe

Filesize
1.5MB

MD5
8089d151e91516d750891b5bd6bc1840

SHA1
d95c1dfb36a18a16d60c1cdc5a3bba15fc8a941b

SHA256
27ac13cccabd03361570c7decec5a96f905d1e5c63198879631b17a09976d066

SHA512
118646f73d6191a6b49f9565a943c3997286993a93ba6d7f98313c57cbb8114a2476b60fc5aaf10330d7882860e98df9b711f8d12db083af5ced11a462624e8d

Download Submit
C:\Windows\System\BQNZzHU.exe

Filesize
1.5MB

MD5
f2ee31cfe5f81d58acfa89db68475525

SHA1
911c6632658c3300a94a71d46deb3db4f5cfaa13

SHA256
49b7505528ab107ba119c439ebdcbbe31b13ce9fbc33b1b2ea84cf7ddec55bde

SHA512
4a965f0c3895ba02934fa10a8408e8f2e86d1847c2a2ce3c6fa0371557d8dcaff095cab0969f860fc20aedccc10162c34c9d17e72578051b93bdf99dfa7ca31d

Download Submit
C:\Windows\System\BqDnoRO.exe

Filesize
1.5MB

MD5
c4008f91e014e73998b21085bc248a33

SHA1
52603ed8b686207fe0101a2d2e16a6cf37d488bd

SHA256
9532dbd699437451cf3604c025ee8dc4ad33a6f48b74b6740ff0cef69a5702aa

SHA512
31dedb6091ba9157ec74237564ece5529373204494056d5af2dc50f31e234fc3e6f4f115c50ac02f19aaef8f9c25beba8e561548f8f310eeadcafb0c6fa84e56

Download Submit
C:\Windows\System\CKGykbV.exe

Filesize
1.5MB

MD5
56098729c522a1a1cff07494bd32b65b

SHA1
ece9fbac837d98f0ea8c89ab3d56509d4819a044

SHA256
b065fc5ed1fc2132d7679fd7f27d40d4ee82c4f8b21b649b45b2f1f8c8c8a8fb

SHA512
66c4f8fd1a4bb83714034dbc3921badfeca9eda614f3f7eb47ae306236e1525699968e844d7581c8c43d5497f6c5a9e513eda60e5379816a46a20e86e741fe0f

Download Submit
C:\Windows\System\DAOTSAL.exe

Filesize
1.5MB

MD5
b7178c61d64c056d4b3fe159d945c1dd

SHA1
6055437f970cc195855909d21cab997439c0fa0b

SHA256
a51ecb5dbca09853e760202d072dcab50117180593a3ea7ee937af5fd82308f3

SHA512
36c4f2680d6f0787836c5da23afe207a54733cc68b7c0d34e99a69b3f70e8c06995441f9e8c4234c3e3f003a40b0a5e7406d857f986914e71d1b5c36a19dd0c5

Download Submit
C:\Windows\System\DRgbwHD.exe

Filesize
1.5MB

MD5
ac2e4ccf8b565e7cb39baf0ff652f28d

SHA1
5aced8100eb898b6b08251e405e41180eabda28d

SHA256
f48863b24493faeb71d31ab891d453891ef7cac0d96ca7501611cb320db4416a

SHA512
033664c4f6b6420385333c025241bf5b4549adc7b02a1874dbde324b3a370966d47eff2db32a016b99169139899934f6136aa20d55ccd56e0dfce067e9a4c7f4

Download Submit
C:\Windows\System\DZvBlDz.exe

Filesize
1.5MB

MD5
532f05b6438404f2028c15756842f39a

SHA1
de6e2a76026829c62891ff5f3e8979567ec83a07

SHA256
f39fddccde7d9d6cab8bf6a8274f99d2a7f9110f11b714272357a559028e6d3a

SHA512
febd8937dde478c2e0485ba35e2ea607728282a73cd769e755b3ff91c7360a32a9a5ae5c0e446d36785ec9ef6d51f91214bf84837223834eb57e7d8fd7074d63

Download Submit
C:\Windows\System\GSglXXA.exe

Filesize
1.5MB

MD5
091123fda8978b8811df124a9c9af7e0

SHA1
0b357e4d957596f8915721e35874c12fcc454f4f

SHA256
b40fc8fd6249ef36d5abdc466c0d61e758684d86f5759cfcb11cc382b33ad0f7

SHA512
8017fb640d66e9ede45a5ef65bcfbf4c3bcdc81cb498f2aaeff8a5c74f86eeb12b02994b014b1ce6201ab945ed187d49152cf0a88d7fd8d9b154814802673d18

Download Submit
C:\Windows\System\HrDbrOL.exe

Filesize
1.5MB

MD5
bc286b68429b1b76908f7b2fbb3316a7

SHA1
70fd031f47a7c3aa8594f5ad33123548de518217

SHA256
8ebd537c2e274c06a056aba485ee45aab57e3b9cc57103d4e8262d6bbc3204cf

SHA512
cad2e09288eee0f8056c0a409f539cdbeb59f7898129c8ad541660f6836f0c664a1b16a4ebe1dee3fc7e9362290bf8de93c034298d7def7a6a6a6ebc0f58a824

Download Submit
C:\Windows\System\JggSrxc.exe

Filesize
1.5MB

MD5
be6d0f8ad4feaea5b9794eb02040fc9a

SHA1
407882e2b3b784e48cff3bb5a41a2c34621724c9

SHA256
43f5a992f1401af012d193a8e3b3f8403451edc2e02c560eb74b2557f4aa4626

SHA512
5b3e2c37d5946e6864a0d756c1de81394cc3f95a4a14da4b43605c09568e067ef4359976d36a25d265fd408d3e3950da7b88e0896339c12bac8d702cc2ef4040

Download Submit
C:\Windows\System\LhImQEY.exe

Filesize
1.5MB

MD5
a0b3bc227cdb2d3778f1d5e197dbc8d6

SHA1
dc176dd7c10572493fb9955d863f5cfc0a87f35c

SHA256
06da54f952dca91d179f75d564977764dc9eb7a3d7ae582375bd75bf9c0cf6db

SHA512
b3360e035f98a09ee5d5bec0fe462900a69af0e82ab215dd6e47e630a1fbc688060f507a700071c6264a1ee79b01acdab4cb39218bc6c4d4b290b51fc34f5d19

Download Submit
C:\Windows\System\PgCRleH.exe

Filesize
1.5MB

MD5
dd9759d642aba6d3768e015e4306a0b8

SHA1
68d61bad675e90f45e891363679b40212758209c

SHA256
8482e969d6999ce49989891880f6f1c236ae6286521ea490a9043936f8fd75da

SHA512
7e3dda160224c00a986c0537d545c7ccf9fff863e2ce0e827e6497ec63772903cd25f5fd9f3b859188f4b1900c194a48fa46c70b4cfe7792c70cee8d451ccede

Download Submit
C:\Windows\System\QyBvNwX.exe

Filesize
1.5MB

MD5
f6e57c11cd1b554e0ca404436c02bc5b

SHA1
a3eac17e2d071b89e8b849dd185a8e9915b1b269

SHA256
17007bdde439dd43dc0b5c7178316da194379a748428d29e158a2e7b779877bb

SHA512
c99a34368f0ee7b20cc70b517ac7eb4173439efc7a1ad79e4cd8251799683cfd818cf342731d56b2282f01a2c8f210a7e36a3a81941089090a39628c415879a7

Download Submit
C:\Windows\System\RIFBpBs.exe

Filesize
1.5MB

MD5
de240503e149af5b08d412fcccb92055

SHA1
c3405827acc0c4b5ee208c27dfbe924836206a31

SHA256
be7d16bab3c5a92ef963196ee94df4c4a0162aeafef36e3b2da91a866d21cfb1

SHA512
3d3bcc8c8bd9d1595681b75fea9bfa69969da0a21d2187ec4ee6f109e50ec795adb8953613ed7e7c288f0c65c5d103a01e8e0a6ed26bf267cf31bbd99ec92061

Download Submit
C:\Windows\System\RafxmXR.exe

Filesize
1.5MB

MD5
a2eb3d6659dd3f91b87fd3c5cbd072e2

SHA1
8b70bfff9241bd7d0f3b0d510052b1b20fd90416

SHA256
820bfed072a53cb653d08078060cee90d0c1181492a13bd86cb3ec26716c83b8

SHA512
ad470508a4ef0788aa7ae716a6656434c5f0b2f90f1b160480e4d3297994e4a618b3511379b9fed88998a9bcbfe14ade4c83b4410b71c0e39b14669f6b764d97

Download Submit
C:\Windows\System\RnUNrlx.exe

Filesize
8B

MD5
1c1d213a0f9006cd4105572b38138d9c

SHA1
65ddccaa41e004abd8a9082c59e35efed9d1e8af

SHA256
dd8fc69ab24fd79a5fe2ecc64e5474e9cd7f4e29c5acad9954e08b97e7833c36

SHA512
2e3db820f88602bc23aaa0eba156b0189153d4d3522cbbd6c33302afae14588b5af81e30aff3268522274f38a346cf13305148498891fdf1c00d6364d646d51f

Download Submit
C:\Windows\System\SKaXdZg.exe

Filesize
1.5MB

MD5
c0f488ab8b8b266af09607f92ae487f5

SHA1
3ad8154863d486fc43e153666eef970938d8ff7b

SHA256
e361d437a9605570f203a5e02a9a6f6de4f16d8ac4b8feb96aea507103847905

SHA512
95ed553e31bd75ed3c4057c6dbcd5791d2260686cda1f124005fbc9a5281932cdac8b4f7ef36b832d1c698ded50d02a71d3860507d15822ca1d88af702406a2f

Download Submit
C:\Windows\System\VhsHDXC.exe

Filesize
1.5MB

MD5
b06cd30e98d14184fd327e0008f691f3

SHA1
fa1fd68982994d1e8b36dc25d8848413d4f5b8ee

SHA256
682a8f952ceadc1bcedc6cb8915469028d510e2dff9fe3e3f3db54d2c5b335bb

SHA512
0547ed305205fddb04adfbee95c69bb228f8efa5103fcdeb5123fe55f3762266c6f55dfaff74894777559fb5ed35b0e294dc0aa91c6c2f72d964c8a33cd6697a

Download Submit
C:\Windows\System\WAGkXmI.exe

Filesize
1.5MB

MD5
0dcef17c51cca09c86dce99d9bb5476a

SHA1
928745c28ce106bbbdf8486aadc595b8446941ac

SHA256
e09b44777fd5dd60942b1d605c065daedfcc1d4927c90a61b8f1c2f8b00e2a7d

SHA512
5c5675506613ac62da60b860a14c4aedc41b27507f3c98dbbb9cefc064aa35a5d165633154b7263dff9e1e69a7a1619fcd10f87a6af2f7963087f149ded486c7

Download Submit
C:\Windows\System\WXVWSkl.exe

Filesize
1.5MB

MD5
162aff71a63644c5602356a2be2a5a9d

SHA1
2d2c56a39ce4f393984ce8046c50927ad23c8ec7

SHA256
2ebff869ad4fe53e41ea7f5a629654b2612f14d304e5bfdd529814a9a2f02dce

SHA512
33fe02d024d1cace29803c8098d61ba83a83c4f56f0c34d1e496f39bcf0537fa4c418c992f1af9b97b9bfbc5eab62331d53e37cde5d56556824999c117c5e41b

Download Submit
C:\Windows\System\XFZGQqT.exe

Filesize
1.5MB

MD5
5aacd483fbcbd4b4e1f5a1997443c6e6

SHA1
a9917217e5b8b09db031087243d6b7952a434456

SHA256
9aa0db1fa28efa3118ba0582063b2fcd3e5d3f0e8e2efa1718b411d1f731b49e

SHA512
ab5f6b9c1537ea50b5d8676b9b056606ea40ec32c98e0493d26b002276002db9977b0a425416f79f20d6a125d6181f2003882496808a3560b44055f41607ccc8

Download Submit
C:\Windows\System\ZYeCPBB.exe

Filesize
1.5MB

MD5
1a2648a807aa4ffbd4b42871152a4287

SHA1
7884fdb37f5d833aa91312fc40e8814dea4a7cfe

SHA256
ed662568bcbb7c564b02cafde8434e2024859a5bf38f46c75c6812b68cd90940

SHA512
016737420d0da1caf4297d8f409217714d3dd1b0854a37976a4c519f94d8b52e24751c4f224997a8017366341da8950a6e15365de8767e68793739566b586b12

Download Submit
C:\Windows\System\cIHUAvy.exe

Filesize
1.5MB

MD5
1e8d844e0db2ea9ffca5aa62ef0fa2cb

SHA1
be2e2711d9e5143620df53605c87c484780617fe

SHA256
d136df4585fbdf9948fe7da6cae470f2a4086b39ddc126f43478ed206bc10146

SHA512
4cce2bf192a88b0e0dec25e3818e7a12a76f513047808d485a62af8ba5c0853dfb436b6f2874ca1736473a7b0113b8aa3d22dacbdf836cc1e0763fdf457ab84e

Download Submit
C:\Windows\System\cPTZZbs.exe

Filesize
1.5MB

MD5
1e07c817338fa4ec615974983684e1d2

SHA1
ab0bd93ccb5a0e39212efc1f99aee6fd4dd06ae8

SHA256
7228def0602412ce108bd0a44901aab3ddc92aaa6bcda981772b38a7d357d015

SHA512
223888fde08f157460b38f54d99d8cd4e5daf16f5e9952a47ce03183e32b3170d4236c5ea31e7a35cbd6da3932fe5b20a193d649dad4d0c529152c620e56b084

Download Submit
C:\Windows\System\cwkgcmt.exe

Filesize
1.5MB

MD5
f6eaf285f10101f48391e33d9016c7cf

SHA1
40d483de8f15a6de2e7ec7f7792426537fb9d387

SHA256
7c8096cb4926fb292e207ec095bb3688129cdc2c540a1b399593a9b2fa40ed50

SHA512
8a788a67063aa36eb3407476edf664a1bb0a7b1435e977f4c30b88eb51fa1c7142404249c1134268fefc86584c2a9f1ed08ab197ae09e47e5343cdb77d61a906

Download Submit
C:\Windows\System\dpFunYf.exe

Filesize
1.5MB

MD5
a04a14b1f854cf0279ec8e8b9cd0234b

SHA1
dd43d9ae1c42574916bd5fc9873ffcf431664480

SHA256
ca67fa627a4c209c214e977a6d10e1ccb5d6b392e518982c68fc732e16b643ae

SHA512
12f2bdee9140b48b5fb88030672df0e420680ceeedc065f1ee322fcad055aa9bf385775d656684edae8ec49516bd97bf475a17d641f9159d1a74f457f81d7242

Download Submit
C:\Windows\System\drYsiKU.exe

Filesize
1.5MB

MD5
73c783950a3a5a8681185864f17cd320

SHA1
7d6e447d94e056e983f678752b3355dc932c764f

SHA256
0b34ddbe31e5c6c282aadad0eeb446be3e423baf92543df1eff1df76d2599d9b

SHA512
d0bb52584ff1e2739e616c00672837a6cee5e99f45fc0c3b878c980df217fb4e6b5bd3a5254aae0f84d7920ce89fa16dcba0724b1d55a07a4eaff220034142c5

Download Submit
C:\Windows\System\eWrNvCV.exe

Filesize
1.5MB

MD5
c5f7b1f0cdffddf8097308a3350e4fbc

SHA1
f8d05633f11a21059040ef28c74dc0c9f0f28785

SHA256
ba448fbe1b4af6ccec940872dd8e82f5becb680ffbc236397a9aefa4b0b64c4d

SHA512
ae44de8ae6d535892e30e6b3e2c36893d0e97849b17910393c1a548264695162745f8c1426b13671dac50ce318dd7d8c9389f680251db4d95f98c3bba8d2abf2

Download Submit
C:\Windows\System\fKlXPHW.exe

Filesize
1.5MB

MD5
add5683f1a857c6255cd6615b28bb147

SHA1
8001e65bc8ebcd415eaebe111c320d49015b2770

SHA256
451eb87e49bbf19c8d2ca3d5b6d7054a9ba167ecf5ffc607b30ff76efaf113a4

SHA512
343ee6c92c9cc9e47c832a0efe765daaa214664089732c0801adb2c020d667821efb21faed2390a023520e167a825c4cf8758b6e4a943c0941084f75615d0698

Download Submit
C:\Windows\System\hOMlfzX.exe

Filesize
1.5MB

MD5
c93d2345ae121edf302a72f20670499f

SHA1
e7ccd0796e90063ff26c4a6c9dc7044a55f230b4

SHA256
59764711b1cf3fada15eb208ce7fd4d2865f86d6bc09b7943fc4b50de6020aa1

SHA512
41e32384d372e8bd224b67567a6af3ada4ad9433ec3ff8009bc9b77c4621da4e0118805994c6a9e28b294d370229c579f391cef200ec7233f1a09b1c5b64e936

Download Submit
C:\Windows\System\jCFodCW.exe

Filesize
1.5MB

MD5
da704b0917247e4df7556877f837018e

SHA1
e6d8eafa605271182460d212523aa7dc25ab4855

SHA256
a800e611ea109872b20921628ead87e906701c4ff071a929a868267deb04b2e5

SHA512
27e769be5ae84243482a4f9e923fce4c1939638b147da37b167264c8752d858304a2ad0d0da119890583419109bfff6f97e1d429d09886e36556d01692d89b22

Download Submit
C:\Windows\System\lMCCUjb.exe

Filesize
1.5MB

MD5
c149049d0d03076093f345a634dd281b

SHA1
6d91d3f5fee1200d9e7c3999a64f3d9ef112a1c3

SHA256
db7d60e33e01012a52f2fec912c02971171e020444729ece697ca3caaece992f

SHA512
7c3a5cd0db4dd3975cba3e006375f3caaba7b540df82865d34b58fb81c60b0d58b3275ac790bfa9e1da4bc9904a6dd3b1f2b14ae4c229c675aa2d68963765403

Download Submit
C:\Windows\System\mZccCtF.exe

Filesize
1.5MB

MD5
b0c1469ac6dbbd21678fc97e47d8ff15

SHA1
64b961abf3d09a101e2e3eb0b8b4aeadaa391393

SHA256
da9ce426e1525f5e75f8848d6b1fe603bae871d6f8eb1f29768deb4779a9b469

SHA512
ef8ea5bdf0a2fb749c8c281ca938e68d8b34d2407310cbc29b278f2d4d726a9fcb972e956de4f28b51042df6421c3992d3ec19911cec2ae722519321a834e7b1

Download Submit
C:\Windows\System\pOFhaWW.exe

Filesize
1.5MB

MD5
70ec22ba6aef00f6886bad911480cdef

SHA1
e486a73ddc241c9106b583a53ea60850a3c8fb71

SHA256
67eb35eff1de9737221cc7a1a8bedd618a187fb25fb9f2c590b4fbd861071bdd

SHA512
c26c21f25d997dcea134383a9e069e2788a68dab717ed0fd25fc71fe32dd4361b974c5572160bb1561ead60d28783e9995a9bc653a74d97eaf1094758cefa128

Download Submit
C:\Windows\System\rjtYRYb.exe

Filesize
1.5MB

MD5
63d794abc966b26d91a2c6b7bd886caa

SHA1
89fb542dd7245370c7d0658e0bf6562e6b2abf4b

SHA256
8862d89eac1e1c997930eae4bca31014198b41085234c8a15987edb91ab6c48e

SHA512
3fea753399fabfb3cde66c8a289c6c556e728942de9430e2ee85ccc86cbe331627a4dbf557308529bdaba0b7ed0552016d0bf81bb71d4e5e1ec2e04225c08a71

Download Submit
C:\Windows\System\rpDjtTT.exe

Filesize
1.5MB

MD5
89d6580bcf2b8f210909e0e67bda4b01

SHA1
e4918cbf52ee68d66d402ac241d0914f676be40f

SHA256
2b49df276205f7a5209cbbff4c2019d27d7b0822cd0b549e1dc3e881d0ebbdfa

SHA512
e7691c12aa81e22a51083ef471b7da368de82bbc0dbd66772fa325e53352030a59d428174554147e5064734dccc2477e275db679b6bb0af6521cbd2dde621a1e

Download Submit
C:\Windows\System\sNGGwQP.exe

Filesize
1.5MB

MD5
d3c3b8c68b9640196aec0b4f584178ac

SHA1
cb4e726cb3d6da661cd3a735adfc23b09e6e3fc5

SHA256
329bca9b5e39513d5939842537409e74f9d0a49287777b18cd94fb75584390c0

SHA512
9b31c6ed1a5f84dbb4be6f2469a30188887868fea54b50d2cb69734e9ed322c9f80515a5c5720bd925173da3b2fa0224e199d2ee07dcaf611c33ad98e96e5737

Download Submit
C:\Windows\System\vxdmbmQ.exe

Filesize
1.5MB

MD5
b6e2413fa6a18d1375ad52a5f02e862b

SHA1
c0b504e523eaf7a6d1454b39962afe23894403e6

SHA256
8ec79bc17f97dec1bf377f1c58b68aad71aef756c92dfb6f778525c7b5705c2b

SHA512
2080b425632c869c9d7e52aa1448c21363c478cdb116281754588b8ce516245ee0af719cdf08211665f1169d273e5e69db80e0630f12e2154d70838d1c0cc46f

Download Submit
C:\Windows\System\xxZkzMN.exe

Filesize
1.5MB

MD5
1a0da83fcacb6aa68d10e81716f4893d

SHA1
45b13293b0554a316e64beadc4567c40931e01ec

SHA256
c8cbf74625be57662e1a86cdc7000e8f7aeb1802b5f959c862bf53c2f1de42cc

SHA512
4e1635f3ffe37a0f6818e60d7165ae24af5976c78975e42eb91d4014b11818c5b50a97b821d1abe2ca52447c84552df348a55bb3648410b8b32a774c8a5d6bfa

Download Submit
C:\Windows\System\zyMRjQZ.exe

Filesize
1.5MB

MD5
c0446fcc00ec003cdcb43339552cbe1b

SHA1
5e175e9e8387e05b6f14f87a83996c18642f3dfb

SHA256
4d209a1b2b75d39a55ed6b5ca4602050afc9aeada69821e1d8280c0682ec2725

SHA512
e6a7e388d68c89ff40191959c8b0e5206e54a38e6ff4ad52716cb4f802f129caa6a938d44551213a0d20260e71dbce7672e9757e9a86ff0c3194220493fe8d61

Download Submit
memory/216-850-0x000001DC6CB70000-0x000001DC6CB92000-memory.dmp

Filesize
136KB

Download
memory/216-913-0x000001DC6D6C0000-0x000001DC6DE66000-memory.dmp

Filesize
7.6MB

Download
memory/952-527-0x00007FF71ADD0000-0x00007FF71B1C2000-memory.dmp

Filesize
3.9MB

Download
memory/1032-528-0x00007FF6A5100000-0x00007FF6A54F2000-memory.dmp

Filesize
3.9MB

Download
memory/1104-4397-0x00007FF73BF50000-0x00007FF73C342000-memory.dmp

Filesize
3.9MB

Download
memory/1104-37-0x00007FF73BF50000-0x00007FF73C342000-memory.dmp

Filesize
3.9MB

Download
memory/1180-346-0x00007FF676480000-0x00007FF676872000-memory.dmp

Filesize
3.9MB

Download
memory/1508-4398-0x00007FF6A9FD0000-0x00007FF6AA3C2000-memory.dmp

Filesize
3.9MB

Download
memory/1508-19-0x00007FF6A9FD0000-0x00007FF6AA3C2000-memory.dmp

Filesize
3.9MB

Download
memory/1660-369-0x00007FF61F8D0000-0x00007FF61FCC2000-memory.dmp

Filesize
3.9MB

Download
memory/1892-508-0x00007FF6CC730000-0x00007FF6CCB22000-memory.dmp

Filesize
3.9MB

Download
memory/1972-368-0x00007FF6673D0000-0x00007FF6677C2000-memory.dmp

Filesize
3.9MB

Download
memory/2084-3873-0x00007FF78F770000-0x00007FF78FB62000-memory.dmp

Filesize
3.9MB

Download
memory/2084-1-0x000001F832D10000-0x000001F832D20000-memory.dmp

Filesize
64KB

Download
memory/2084-0-0x00007FF78F770000-0x00007FF78FB62000-memory.dmp

Filesize
3.9MB

Download
memory/2312-529-0x00007FF734400000-0x00007FF7347F2000-memory.dmp

Filesize
3.9MB

Download
memory/2348-226-0x00007FF6C6810000-0x00007FF6C6C02000-memory.dmp

Filesize
3.9MB

Download
memory/2372-525-0x00007FF69D960000-0x00007FF69DD52000-memory.dmp

Filesize
3.9MB

Download
memory/2568-306-0x00007FF6FC240000-0x00007FF6FC632000-memory.dmp

Filesize
3.9MB

Download
memory/2592-4120-0x00007FF7C6850000-0x00007FF7C6C42000-memory.dmp

Filesize
3.9MB

Download
memory/2592-54-0x00007FF7C6850000-0x00007FF7C6C42000-memory.dmp

Filesize
3.9MB

Download
memory/2616-123-0x00007FF6A1D90000-0x00007FF6A2182000-memory.dmp

Filesize
3.9MB

Download
memory/2616-4118-0x00007FF6A1D90000-0x00007FF6A2182000-memory.dmp

Filesize
3.9MB

Download
memory/2916-347-0x00007FF722050000-0x00007FF722442000-memory.dmp

Filesize
3.9MB

Download
memory/3060-3872-0x00007FF7F5420000-0x00007FF7F5812000-memory.dmp

Filesize
3.9MB

Download
memory/3060-13-0x00007FF7F5420000-0x00007FF7F5812000-memory.dmp

Filesize
3.9MB

Download
memory/3092-445-0x00007FF769F70000-0x00007FF76A362000-memory.dmp

Filesize
3.9MB

Download
memory/3176-221-0x00007FF6A7740000-0x00007FF6A7B32000-memory.dmp

Filesize
3.9MB

Download
memory/3592-4128-0x00007FF6316E0000-0x00007FF631AD2000-memory.dmp

Filesize
3.9MB

Download
memory/3592-89-0x00007FF6316E0000-0x00007FF631AD2000-memory.dmp

Filesize
3.9MB

Download
memory/4336-530-0x00007FF6DA520000-0x00007FF6DA912000-memory.dmp

Filesize
3.9MB

Download
memory/4480-243-0x00007FF68F2A0000-0x00007FF68F692000-memory.dmp

Filesize
3.9MB

Download
memory/4688-526-0x00007FF72E640000-0x00007FF72EA32000-memory.dmp

Filesize
3.9MB

Download
memory/4904-241-0x00007FF7EB770000-0x00007FF7EBB62000-memory.dmp

Filesize
3.9MB

Download
memory/4932-86-0x00007FF72A4F0000-0x00007FF72A8E2000-memory.dmp

Filesize
3.9MB

Download
memory/4932-3880-0x00007FF72A4F0000-0x00007FF72A8E2000-memory.dmp

Filesize
3.9MB

Download