xmrig | 691b3530b3adf69f0c0049ad99482fe8db44d38058b5a7ccb4c0e82b58f9072e

Analysis

max time kernel
91s
max time network
92s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2024, 13:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

923a41b257e8d6520b02d4c266ae2630N.exe
Size

1.8MB
MD5

923a41b257e8d6520b02d4c266ae2630
SHA1

191c0709618e5f745217327bb7b2f500619cf6a8
SHA256

691b3530b3adf69f0c0049ad99482fe8db44d38058b5a7ccb4c0e82b58f9072e
SHA512

4b0239d06ec50df271542b4268792f3a243680ab1bac09404d6203ce4cdc1638964ed5af387bd8e9c03a8a089fcababb2a9734ae3df59cb2e510a2f92476da48
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1VqlC:NAB2

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 50 IoCs

miner

resource	yara_rule
behavioral2/memory/3240-63-0x00007FF6B59A0000-0x00007FF6B5D92000-memory.dmp	xmrig
behavioral2/memory/1292-267-0x00007FF7D2BC0000-0x00007FF7D2FB2000-memory.dmp	xmrig
behavioral2/memory/884-314-0x00007FF7934B0000-0x00007FF7938A2000-memory.dmp	xmrig
behavioral2/memory/1572-551-0x00007FF6A92E0000-0x00007FF6A96D2000-memory.dmp	xmrig
behavioral2/memory/3968-2433-0x00007FF6F2470000-0x00007FF6F2862000-memory.dmp	xmrig
behavioral2/memory/3920-2316-0x00007FF750080000-0x00007FF750472000-memory.dmp	xmrig
behavioral2/memory/3800-2208-0x00007FF743500000-0x00007FF7438F2000-memory.dmp	xmrig
behavioral2/memory/400-2089-0x00007FF638880000-0x00007FF638C72000-memory.dmp	xmrig
behavioral2/memory/2280-742-0x00007FF722D30000-0x00007FF723122000-memory.dmp	xmrig
behavioral2/memory/4636-741-0x00007FF73D060000-0x00007FF73D452000-memory.dmp	xmrig
behavioral2/memory/4968-625-0x00007FF7C05D0000-0x00007FF7C09C2000-memory.dmp	xmrig
behavioral2/memory/4224-548-0x00007FF768510000-0x00007FF768902000-memory.dmp	xmrig
behavioral2/memory/2220-480-0x00007FF60BEA0000-0x00007FF60C292000-memory.dmp	xmrig
behavioral2/memory/3188-478-0x00007FF7B9780000-0x00007FF7B9B72000-memory.dmp	xmrig
behavioral2/memory/1564-421-0x00007FF6ADC70000-0x00007FF6AE062000-memory.dmp	xmrig
behavioral2/memory/228-390-0x00007FF75CDE0000-0x00007FF75D1D2000-memory.dmp	xmrig
behavioral2/memory/1712-389-0x00007FF6D6D20000-0x00007FF6D7112000-memory.dmp	xmrig
behavioral2/memory/4716-244-0x00007FF6427E0000-0x00007FF642BD2000-memory.dmp	xmrig
behavioral2/memory/3508-188-0x00007FF63D400000-0x00007FF63D7F2000-memory.dmp	xmrig
behavioral2/memory/4248-148-0x00007FF6616D0000-0x00007FF661AC2000-memory.dmp	xmrig
behavioral2/memory/2084-122-0x00007FF786CF0000-0x00007FF7870E2000-memory.dmp	xmrig
behavioral2/memory/4428-96-0x00007FF6260B0000-0x00007FF6264A2000-memory.dmp	xmrig
behavioral2/memory/1120-2549-0x00007FF6676F0000-0x00007FF667AE2000-memory.dmp	xmrig
behavioral2/memory/4356-2545-0x00007FF71DAB0000-0x00007FF71DEA2000-memory.dmp	xmrig
behavioral2/memory/1380-2707-0x00007FF643E30000-0x00007FF644222000-memory.dmp	xmrig
behavioral2/memory/3508-2709-0x00007FF63D400000-0x00007FF63D7F2000-memory.dmp	xmrig
behavioral2/memory/3920-3558-0x00007FF750080000-0x00007FF750472000-memory.dmp	xmrig
behavioral2/memory/3800-3560-0x00007FF743500000-0x00007FF7438F2000-memory.dmp	xmrig
behavioral2/memory/3968-3562-0x00007FF6F2470000-0x00007FF6F2862000-memory.dmp	xmrig
behavioral2/memory/4428-3588-0x00007FF6260B0000-0x00007FF6264A2000-memory.dmp	xmrig
behavioral2/memory/3240-3577-0x00007FF6B59A0000-0x00007FF6B5D92000-memory.dmp	xmrig
behavioral2/memory/2084-3592-0x00007FF786CF0000-0x00007FF7870E2000-memory.dmp	xmrig
behavioral2/memory/4248-3594-0x00007FF6616D0000-0x00007FF661AC2000-memory.dmp	xmrig
behavioral2/memory/4356-3591-0x00007FF71DAB0000-0x00007FF71DEA2000-memory.dmp	xmrig
behavioral2/memory/1120-3596-0x00007FF6676F0000-0x00007FF667AE2000-memory.dmp	xmrig
behavioral2/memory/2280-3634-0x00007FF722D30000-0x00007FF723122000-memory.dmp	xmrig
behavioral2/memory/4636-3637-0x00007FF73D060000-0x00007FF73D452000-memory.dmp	xmrig
behavioral2/memory/4968-3636-0x00007FF7C05D0000-0x00007FF7C09C2000-memory.dmp	xmrig
behavioral2/memory/1712-3629-0x00007FF6D6D20000-0x00007FF6D7112000-memory.dmp	xmrig
behavioral2/memory/4716-3626-0x00007FF6427E0000-0x00007FF642BD2000-memory.dmp	xmrig
behavioral2/memory/3508-3625-0x00007FF63D400000-0x00007FF63D7F2000-memory.dmp	xmrig
behavioral2/memory/228-3623-0x00007FF75CDE0000-0x00007FF75D1D2000-memory.dmp	xmrig
behavioral2/memory/3188-3619-0x00007FF7B9780000-0x00007FF7B9B72000-memory.dmp	xmrig
behavioral2/memory/2220-3617-0x00007FF60BEA0000-0x00007FF60C292000-memory.dmp	xmrig
behavioral2/memory/1572-3614-0x00007FF6A92E0000-0x00007FF6A96D2000-memory.dmp	xmrig
behavioral2/memory/4224-3613-0x00007FF768510000-0x00007FF768902000-memory.dmp	xmrig
behavioral2/memory/1380-3607-0x00007FF643E30000-0x00007FF644222000-memory.dmp	xmrig
behavioral2/memory/1292-3632-0x00007FF7D2BC0000-0x00007FF7D2FB2000-memory.dmp	xmrig
behavioral2/memory/1564-3621-0x00007FF6ADC70000-0x00007FF6AE062000-memory.dmp	xmrig
behavioral2/memory/884-3610-0x00007FF7934B0000-0x00007FF7938A2000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
4076	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
3920	gciyXzH.exe
3800	lKhHLYo.exe
3968	PVAtJAY.exe
3240	vidTEVO.exe
4356	AguwdHX.exe
1120	KIRvQIR.exe
4968	ADODUSu.exe
4428	ieUkGAy.exe
2084	AGItPIB.exe
4248	hbJnFcf.exe
4636	xOpiIPU.exe
1380	jtSnSbG.exe
3508	AXIbZnD.exe
4716	CjvUNle.exe
1292	dfxNuKj.exe
2280	xXtppIj.exe
884	cJwjGLP.exe
1712	VSCenCk.exe
228	zLHUeAU.exe
1564	wqgprWk.exe
3188	yUmQlMC.exe
2220	XMFjDdv.exe
4224	GwoitDD.exe
1572	vPBzljm.exe
5056	VXfLuDO.exe
2908	sqthtTt.exe
4600	FtAWJwa.exe
1256	gjskuVr.exe
4548	bvUJuBN.exe
2720	NQUYMmM.exe
4768	kUGhXJh.exe
4424	BcdBiuG.exe
3492	HzGEoGC.exe
4384	rWOuguT.exe
4640	Yhsqzzp.exe
1500	evFRuVC.exe
2340	wxdjoBF.exe
1420	srNlKSl.exe
2536	LlKQyOk.exe
2616	xuwzmqk.exe
1280	zGnWCWg.exe
1584	apCwWMx.exe
2724	nbUnKTA.exe
3976	IeeehNl.exe
3592	ImOofwA.exe
2436	utzTADE.exe
1228	iFLeWjR.exe
440	SMacYPv.exe
2468	zMOtkdT.exe
3320	HMnmJId.exe
4244	ebbNKwU.exe
4280	dGkKDqi.exe
3540	yYccdAl.exe
4120	LbqkmUy.exe
1948	twRslUZ.exe
1644	HIEZLFi.exe
452	XkYNxYB.exe
2716	VIXFMeW.exe
208	qNTUGuE.exe
4336	iyzRtuG.exe
1652	dUYEGZk.exe
1780	ppyldOE.exe
3712	GpoquJv.exe
4984	pyqIMKG.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/400-0-0x00007FF638880000-0x00007FF638C72000-memory.dmp	upx
behavioral2/memory/3920-6-0x00007FF750080000-0x00007FF750472000-memory.dmp	upx
behavioral2/files/0x00070000000234c8-9.dat	upx
behavioral2/files/0x00070000000234cb-29.dat	upx
behavioral2/files/0x00070000000234ca-28.dat	upx
behavioral2/files/0x00070000000234c9-27.dat	upx
behavioral2/memory/4356-37-0x00007FF71DAB0000-0x00007FF71DEA2000-memory.dmp	upx
behavioral2/memory/3968-21-0x00007FF6F2470000-0x00007FF6F2862000-memory.dmp	upx
behavioral2/files/0x00070000000234c7-18.dat	upx
behavioral2/memory/3800-16-0x00007FF743500000-0x00007FF7438F2000-memory.dmp	upx
behavioral2/files/0x00080000000234c3-7.dat	upx
behavioral2/files/0x00070000000234cd-46.dat	upx
behavioral2/files/0x00070000000234ce-45.dat	upx
behavioral2/files/0x00070000000234cc-42.dat	upx
behavioral2/memory/3240-63-0x00007FF6B59A0000-0x00007FF6B5D92000-memory.dmp	upx
behavioral2/memory/1120-40-0x00007FF6676F0000-0x00007FF667AE2000-memory.dmp	upx
behavioral2/files/0x00070000000234d0-100.dat	upx
behavioral2/files/0x00070000000234e1-125.dat	upx
behavioral2/files/0x00070000000234d9-151.dat	upx
behavioral2/files/0x00070000000234d8-195.dat	upx
behavioral2/memory/1292-267-0x00007FF7D2BC0000-0x00007FF7D2FB2000-memory.dmp	upx
behavioral2/memory/884-314-0x00007FF7934B0000-0x00007FF7938A2000-memory.dmp	upx
behavioral2/memory/1572-551-0x00007FF6A92E0000-0x00007FF6A96D2000-memory.dmp	upx
behavioral2/memory/3968-2433-0x00007FF6F2470000-0x00007FF6F2862000-memory.dmp	upx
behavioral2/memory/3920-2316-0x00007FF750080000-0x00007FF750472000-memory.dmp	upx
behavioral2/memory/3800-2208-0x00007FF743500000-0x00007FF7438F2000-memory.dmp	upx
behavioral2/memory/400-2089-0x00007FF638880000-0x00007FF638C72000-memory.dmp	upx
behavioral2/memory/2280-742-0x00007FF722D30000-0x00007FF723122000-memory.dmp	upx
behavioral2/memory/4636-741-0x00007FF73D060000-0x00007FF73D452000-memory.dmp	upx
behavioral2/memory/4968-625-0x00007FF7C05D0000-0x00007FF7C09C2000-memory.dmp	upx
behavioral2/memory/4224-548-0x00007FF768510000-0x00007FF768902000-memory.dmp	upx
behavioral2/memory/2220-480-0x00007FF60BEA0000-0x00007FF60C292000-memory.dmp	upx
behavioral2/memory/3188-478-0x00007FF7B9780000-0x00007FF7B9B72000-memory.dmp	upx
behavioral2/memory/1564-421-0x00007FF6ADC70000-0x00007FF6AE062000-memory.dmp	upx
behavioral2/memory/228-390-0x00007FF75CDE0000-0x00007FF75D1D2000-memory.dmp	upx
behavioral2/memory/1712-389-0x00007FF6D6D20000-0x00007FF6D7112000-memory.dmp	upx
behavioral2/memory/4716-244-0x00007FF6427E0000-0x00007FF642BD2000-memory.dmp	upx
behavioral2/files/0x00070000000234e9-200.dat	upx
behavioral2/memory/3508-188-0x00007FF63D400000-0x00007FF63D7F2000-memory.dmp	upx
behavioral2/files/0x00070000000234e0-181.dat	upx
behavioral2/files/0x00070000000234d6-173.dat	upx
behavioral2/files/0x00070000000234d5-170.dat	upx
behavioral2/files/0x00070000000234de-168.dat	upx
behavioral2/files/0x00070000000234dd-166.dat	upx
behavioral2/files/0x00070000000234e8-165.dat	upx
behavioral2/files/0x00070000000234e7-163.dat	upx
behavioral2/files/0x00070000000234d1-162.dat	upx
behavioral2/files/0x00070000000234db-155.dat	upx
behavioral2/files/0x00070000000234e6-153.dat	upx
behavioral2/memory/1380-149-0x00007FF643E30000-0x00007FF644222000-memory.dmp	upx
behavioral2/memory/4248-148-0x00007FF6616D0000-0x00007FF661AC2000-memory.dmp	upx
behavioral2/files/0x00070000000234e5-147.dat	upx
behavioral2/files/0x00070000000234e4-146.dat	upx
behavioral2/files/0x00070000000234e3-145.dat	upx
behavioral2/files/0x00070000000234df-177.dat	upx
behavioral2/files/0x00070000000234d4-138.dat	upx
behavioral2/files/0x00070000000234d3-136.dat	upx
behavioral2/files/0x00070000000234dc-158.dat	upx
behavioral2/files/0x00070000000234d2-135.dat	upx
behavioral2/files/0x00070000000234da-132.dat	upx
behavioral2/memory/2084-122-0x00007FF786CF0000-0x00007FF7870E2000-memory.dmp	upx
behavioral2/files/0x00070000000234d7-120.dat	upx
behavioral2/files/0x00070000000234e2-144.dat	upx
behavioral2/memory/4428-96-0x00007FF6260B0000-0x00007FF6264A2000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\PvzLsvT.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\OjaKwRi.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\jyulkna.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\EODoSyx.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\YTtGjRV.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\xnwuXOa.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\njVWzbf.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\UpiSSJy.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\huoRBbR.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\zGaFDdu.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\nOZNFsk.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\EuhVBiZ.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\MXKxDlL.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\WxIOnwg.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\CXxkTlm.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\zpcQqWN.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\OmnSwai.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\BYgwxUu.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\RGrNCIO.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\zlQWHPM.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\lfZrXIq.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\wBWrzzA.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\QBHiWBF.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\SqDbByW.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\cRbfAjP.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\DpujZlX.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\WebGTOC.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\KlLKzgi.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\NCoNPGl.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\GLSbEPk.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\zJqgACF.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\PiGVjpW.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\rWikPKz.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\xdmxiaS.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\nLWiPjL.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\hZPhlZf.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\kGaIRwA.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\YrAUaVP.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\aZPZOxU.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\dhGDoCr.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\rRUVeaz.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\eQYlKmC.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\QLzSaVk.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\TglPAGG.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\iExanbY.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\DwVjcMR.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\afcWqFE.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\ygBXVYG.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\xcrrzsX.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\KPQAYpw.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\mKCnFBx.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\rRkffal.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\bHYCacL.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\fVTaYqD.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\hIrbfWJ.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\WtZJzMV.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\xrrJDgY.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\lRPFSFX.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\EdEZlAv.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\mXhMqbN.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\QqHsLkS.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\ELzZgwH.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\qjieIGR.exe	923a41b257e8d6520b02d4c266ae2630N.exe
File created	C:\Windows\System\YAkvORY.exe	923a41b257e8d6520b02d4c266ae2630N.exe

Modifies data under HKEY_USERS 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\Overrides	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\officeclicktorun\Overrides	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\all\Overrides	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\ExternalFeatureOverrides\officeclicktorun	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\FirstSession\officeclicktorun	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs	OfficeClickToRun.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4076	powershell.exe
4076	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4076	powershell.exe
Token: SeLockMemoryPrivilege	400	923a41b257e8d6520b02d4c266ae2630N.exe
Token: SeLockMemoryPrivilege	400	923a41b257e8d6520b02d4c266ae2630N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 400 wrote to memory of 4076	400	923a41b257e8d6520b02d4c266ae2630N.exe	85
PID 400 wrote to memory of 4076	400	923a41b257e8d6520b02d4c266ae2630N.exe	85
PID 400 wrote to memory of 3920	400	923a41b257e8d6520b02d4c266ae2630N.exe	86
PID 400 wrote to memory of 3920	400	923a41b257e8d6520b02d4c266ae2630N.exe	86
PID 400 wrote to memory of 3800	400	923a41b257e8d6520b02d4c266ae2630N.exe	87
PID 400 wrote to memory of 3800	400	923a41b257e8d6520b02d4c266ae2630N.exe	87
PID 400 wrote to memory of 3968	400	923a41b257e8d6520b02d4c266ae2630N.exe	88
PID 400 wrote to memory of 3968	400	923a41b257e8d6520b02d4c266ae2630N.exe	88
PID 400 wrote to memory of 3240	400	923a41b257e8d6520b02d4c266ae2630N.exe	89
PID 400 wrote to memory of 3240	400	923a41b257e8d6520b02d4c266ae2630N.exe	89
PID 400 wrote to memory of 4356	400	923a41b257e8d6520b02d4c266ae2630N.exe	90
PID 400 wrote to memory of 4356	400	923a41b257e8d6520b02d4c266ae2630N.exe	90
PID 400 wrote to memory of 1120	400	923a41b257e8d6520b02d4c266ae2630N.exe	91
PID 400 wrote to memory of 1120	400	923a41b257e8d6520b02d4c266ae2630N.exe	91
PID 400 wrote to memory of 4968	400	923a41b257e8d6520b02d4c266ae2630N.exe	92
PID 400 wrote to memory of 4968	400	923a41b257e8d6520b02d4c266ae2630N.exe	92
PID 400 wrote to memory of 4428	400	923a41b257e8d6520b02d4c266ae2630N.exe	93
PID 400 wrote to memory of 4428	400	923a41b257e8d6520b02d4c266ae2630N.exe	93
PID 400 wrote to memory of 2084	400	923a41b257e8d6520b02d4c266ae2630N.exe	94
PID 400 wrote to memory of 2084	400	923a41b257e8d6520b02d4c266ae2630N.exe	94
PID 400 wrote to memory of 4248	400	923a41b257e8d6520b02d4c266ae2630N.exe	95
PID 400 wrote to memory of 4248	400	923a41b257e8d6520b02d4c266ae2630N.exe	95
PID 400 wrote to memory of 4636	400	923a41b257e8d6520b02d4c266ae2630N.exe	96
PID 400 wrote to memory of 4636	400	923a41b257e8d6520b02d4c266ae2630N.exe	96
PID 400 wrote to memory of 1380	400	923a41b257e8d6520b02d4c266ae2630N.exe	97
PID 400 wrote to memory of 1380	400	923a41b257e8d6520b02d4c266ae2630N.exe	97
PID 400 wrote to memory of 3508	400	923a41b257e8d6520b02d4c266ae2630N.exe	98
PID 400 wrote to memory of 3508	400	923a41b257e8d6520b02d4c266ae2630N.exe	98
PID 400 wrote to memory of 4716	400	923a41b257e8d6520b02d4c266ae2630N.exe	99
PID 400 wrote to memory of 4716	400	923a41b257e8d6520b02d4c266ae2630N.exe	99
PID 400 wrote to memory of 1292	400	923a41b257e8d6520b02d4c266ae2630N.exe	100
PID 400 wrote to memory of 1292	400	923a41b257e8d6520b02d4c266ae2630N.exe	100
PID 400 wrote to memory of 1572	400	923a41b257e8d6520b02d4c266ae2630N.exe	101
PID 400 wrote to memory of 1572	400	923a41b257e8d6520b02d4c266ae2630N.exe	101
PID 400 wrote to memory of 5056	400	923a41b257e8d6520b02d4c266ae2630N.exe	102
PID 400 wrote to memory of 5056	400	923a41b257e8d6520b02d4c266ae2630N.exe	102
PID 400 wrote to memory of 2280	400	923a41b257e8d6520b02d4c266ae2630N.exe	103
PID 400 wrote to memory of 2280	400	923a41b257e8d6520b02d4c266ae2630N.exe	103
PID 400 wrote to memory of 884	400	923a41b257e8d6520b02d4c266ae2630N.exe	104
PID 400 wrote to memory of 884	400	923a41b257e8d6520b02d4c266ae2630N.exe	104
PID 400 wrote to memory of 228	400	923a41b257e8d6520b02d4c266ae2630N.exe	105
PID 400 wrote to memory of 228	400	923a41b257e8d6520b02d4c266ae2630N.exe	105
PID 400 wrote to memory of 1712	400	923a41b257e8d6520b02d4c266ae2630N.exe	106
PID 400 wrote to memory of 1712	400	923a41b257e8d6520b02d4c266ae2630N.exe	106
PID 400 wrote to memory of 1564	400	923a41b257e8d6520b02d4c266ae2630N.exe	107
PID 400 wrote to memory of 1564	400	923a41b257e8d6520b02d4c266ae2630N.exe	107
PID 400 wrote to memory of 3188	400	923a41b257e8d6520b02d4c266ae2630N.exe	108
PID 400 wrote to memory of 3188	400	923a41b257e8d6520b02d4c266ae2630N.exe	108
PID 400 wrote to memory of 2220	400	923a41b257e8d6520b02d4c266ae2630N.exe	109
PID 400 wrote to memory of 2220	400	923a41b257e8d6520b02d4c266ae2630N.exe	109
PID 400 wrote to memory of 4224	400	923a41b257e8d6520b02d4c266ae2630N.exe	110
PID 400 wrote to memory of 4224	400	923a41b257e8d6520b02d4c266ae2630N.exe	110
PID 400 wrote to memory of 2908	400	923a41b257e8d6520b02d4c266ae2630N.exe	111
PID 400 wrote to memory of 2908	400	923a41b257e8d6520b02d4c266ae2630N.exe	111
PID 400 wrote to memory of 4600	400	923a41b257e8d6520b02d4c266ae2630N.exe	112
PID 400 wrote to memory of 4600	400	923a41b257e8d6520b02d4c266ae2630N.exe	112
PID 400 wrote to memory of 1256	400	923a41b257e8d6520b02d4c266ae2630N.exe	113
PID 400 wrote to memory of 1256	400	923a41b257e8d6520b02d4c266ae2630N.exe	113
PID 400 wrote to memory of 4548	400	923a41b257e8d6520b02d4c266ae2630N.exe	114
PID 400 wrote to memory of 4548	400	923a41b257e8d6520b02d4c266ae2630N.exe	114
PID 400 wrote to memory of 2720	400	923a41b257e8d6520b02d4c266ae2630N.exe	115
PID 400 wrote to memory of 2720	400	923a41b257e8d6520b02d4c266ae2630N.exe	115
PID 400 wrote to memory of 4768	400	923a41b257e8d6520b02d4c266ae2630N.exe	116
PID 400 wrote to memory of 4768	400	923a41b257e8d6520b02d4c266ae2630N.exe	116

C:\Users\Admin\AppData\Local\Temp\923a41b257e8d6520b02d4c266ae2630N.exe
"C:\Users\Admin\AppData\Local\Temp\923a41b257e8d6520b02d4c266ae2630N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:400
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4076
- C:\Windows\System\gciyXzH.exe
  C:\Windows\System\gciyXzH.exe
  2⤵
  - Executes dropped EXE
  PID:3920
- C:\Windows\System\lKhHLYo.exe
  C:\Windows\System\lKhHLYo.exe
  2⤵
  - Executes dropped EXE
  PID:3800
- C:\Windows\System\PVAtJAY.exe
  C:\Windows\System\PVAtJAY.exe
  2⤵
  - Executes dropped EXE
  PID:3968
- C:\Windows\System\vidTEVO.exe
  C:\Windows\System\vidTEVO.exe
  2⤵
  - Executes dropped EXE
  PID:3240
- C:\Windows\System\AguwdHX.exe
  C:\Windows\System\AguwdHX.exe
  2⤵
  - Executes dropped EXE
  PID:4356
- C:\Windows\System\KIRvQIR.exe
  C:\Windows\System\KIRvQIR.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\ADODUSu.exe
  C:\Windows\System\ADODUSu.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\ieUkGAy.exe
  C:\Windows\System\ieUkGAy.exe
  2⤵
  - Executes dropped EXE
  PID:4428
- C:\Windows\System\AGItPIB.exe
  C:\Windows\System\AGItPIB.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\hbJnFcf.exe
  C:\Windows\System\hbJnFcf.exe
  2⤵
  - Executes dropped EXE
  PID:4248
- C:\Windows\System\xOpiIPU.exe
  C:\Windows\System\xOpiIPU.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System\jtSnSbG.exe
  C:\Windows\System\jtSnSbG.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\AXIbZnD.exe
  C:\Windows\System\AXIbZnD.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\CjvUNle.exe
  C:\Windows\System\CjvUNle.exe
  2⤵
  - Executes dropped EXE
  PID:4716
- C:\Windows\System\dfxNuKj.exe
  C:\Windows\System\dfxNuKj.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\vPBzljm.exe
  C:\Windows\System\vPBzljm.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\VXfLuDO.exe
  C:\Windows\System\VXfLuDO.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\xXtppIj.exe
  C:\Windows\System\xXtppIj.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\cJwjGLP.exe
  C:\Windows\System\cJwjGLP.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\zLHUeAU.exe
  C:\Windows\System\zLHUeAU.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System\VSCenCk.exe
  C:\Windows\System\VSCenCk.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\wqgprWk.exe
  C:\Windows\System\wqgprWk.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\yUmQlMC.exe
  C:\Windows\System\yUmQlMC.exe
  2⤵
  - Executes dropped EXE
  PID:3188
- C:\Windows\System\XMFjDdv.exe
  C:\Windows\System\XMFjDdv.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\GwoitDD.exe
  C:\Windows\System\GwoitDD.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\sqthtTt.exe
  C:\Windows\System\sqthtTt.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\FtAWJwa.exe
  C:\Windows\System\FtAWJwa.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\gjskuVr.exe
  C:\Windows\System\gjskuVr.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\bvUJuBN.exe
  C:\Windows\System\bvUJuBN.exe
  2⤵
  - Executes dropped EXE
  PID:4548
- C:\Windows\System\NQUYMmM.exe
  C:\Windows\System\NQUYMmM.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\kUGhXJh.exe
  C:\Windows\System\kUGhXJh.exe
  2⤵
  - Executes dropped EXE
  PID:4768
- C:\Windows\System\BcdBiuG.exe
  C:\Windows\System\BcdBiuG.exe
  2⤵
  - Executes dropped EXE
  PID:4424
- C:\Windows\System\HzGEoGC.exe
  C:\Windows\System\HzGEoGC.exe
  2⤵
  - Executes dropped EXE
  PID:3492
- C:\Windows\System\rWOuguT.exe
  C:\Windows\System\rWOuguT.exe
  2⤵
  - Executes dropped EXE
  PID:4384
- C:\Windows\System\Yhsqzzp.exe
  C:\Windows\System\Yhsqzzp.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\evFRuVC.exe
  C:\Windows\System\evFRuVC.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\iFLeWjR.exe
  C:\Windows\System\iFLeWjR.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\zMOtkdT.exe
  C:\Windows\System\zMOtkdT.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\wxdjoBF.exe
  C:\Windows\System\wxdjoBF.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\srNlKSl.exe
  C:\Windows\System\srNlKSl.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\LlKQyOk.exe
  C:\Windows\System\LlKQyOk.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\xuwzmqk.exe
  C:\Windows\System\xuwzmqk.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\twRslUZ.exe
  C:\Windows\System\twRslUZ.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\HIEZLFi.exe
  C:\Windows\System\HIEZLFi.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\zGnWCWg.exe
  C:\Windows\System\zGnWCWg.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\apCwWMx.exe
  C:\Windows\System\apCwWMx.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\nbUnKTA.exe
  C:\Windows\System\nbUnKTA.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\IeeehNl.exe
  C:\Windows\System\IeeehNl.exe
  2⤵
  - Executes dropped EXE
  PID:3976
- C:\Windows\System\ImOofwA.exe
  C:\Windows\System\ImOofwA.exe
  2⤵
  - Executes dropped EXE
  PID:3592
- C:\Windows\System\utzTADE.exe
  C:\Windows\System\utzTADE.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\SMacYPv.exe
  C:\Windows\System\SMacYPv.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\HMnmJId.exe
  C:\Windows\System\HMnmJId.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System\ebbNKwU.exe
  C:\Windows\System\ebbNKwU.exe
  2⤵
  - Executes dropped EXE
  PID:4244
- C:\Windows\System\dGkKDqi.exe
  C:\Windows\System\dGkKDqi.exe
  2⤵
  - Executes dropped EXE
  PID:4280
- C:\Windows\System\yYccdAl.exe
  C:\Windows\System\yYccdAl.exe
  2⤵
  - Executes dropped EXE
  PID:3540
- C:\Windows\System\LbqkmUy.exe
  C:\Windows\System\LbqkmUy.exe
  2⤵
  - Executes dropped EXE
  PID:4120
- C:\Windows\System\XkYNxYB.exe
  C:\Windows\System\XkYNxYB.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\VIXFMeW.exe
  C:\Windows\System\VIXFMeW.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\qNTUGuE.exe
  C:\Windows\System\qNTUGuE.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System\iyzRtuG.exe
  C:\Windows\System\iyzRtuG.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\dUYEGZk.exe
  C:\Windows\System\dUYEGZk.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\ppyldOE.exe
  C:\Windows\System\ppyldOE.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\GpoquJv.exe
  C:\Windows\System\GpoquJv.exe
  2⤵
  - Executes dropped EXE
  PID:3712
- C:\Windows\System\pyqIMKG.exe
  C:\Windows\System\pyqIMKG.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\zqddRKp.exe
  C:\Windows\System\zqddRKp.exe
  2⤵
  PID:1696
- C:\Windows\System\JHWomqr.exe
  C:\Windows\System\JHWomqr.exe
  2⤵
  PID:2332
- C:\Windows\System\dXfTfvn.exe
  C:\Windows\System\dXfTfvn.exe
  2⤵
  PID:1536
- C:\Windows\System\xlAVwso.exe
  C:\Windows\System\xlAVwso.exe
  2⤵
  PID:1000
- C:\Windows\System\WCgLElW.exe
  C:\Windows\System\WCgLElW.exe
  2⤵
  PID:1956
- C:\Windows\System\VpuyoJH.exe
  C:\Windows\System\VpuyoJH.exe
  2⤵
  PID:5080
- C:\Windows\System\jIyoLas.exe
  C:\Windows\System\jIyoLas.exe
  2⤵
  PID:1880
- C:\Windows\System\WnpHbJN.exe
  C:\Windows\System\WnpHbJN.exe
  2⤵
  PID:5172
- C:\Windows\System\wmJDdoO.exe
  C:\Windows\System\wmJDdoO.exe
  2⤵
  PID:5188
- C:\Windows\System\pYWrjMK.exe
  C:\Windows\System\pYWrjMK.exe
  2⤵
  PID:5204
- C:\Windows\System\cqaNFru.exe
  C:\Windows\System\cqaNFru.exe
  2⤵
  PID:5220
- C:\Windows\System\CXTFbQO.exe
  C:\Windows\System\CXTFbQO.exe
  2⤵
  PID:5240
- C:\Windows\System\huoRBbR.exe
  C:\Windows\System\huoRBbR.exe
  2⤵
  PID:5256
- C:\Windows\System\hplUYyz.exe
  C:\Windows\System\hplUYyz.exe
  2⤵
  PID:5276
- C:\Windows\System\nLoaUYp.exe
  C:\Windows\System\nLoaUYp.exe
  2⤵
  PID:5304
- C:\Windows\System\tcqtDfa.exe
  C:\Windows\System\tcqtDfa.exe
  2⤵
  PID:5328
- C:\Windows\System\ukiadCy.exe
  C:\Windows\System\ukiadCy.exe
  2⤵
  PID:5344
- C:\Windows\System\JbgrbZg.exe
  C:\Windows\System\JbgrbZg.exe
  2⤵
  PID:5364
- C:\Windows\System\KgLfpAh.exe
  C:\Windows\System\KgLfpAh.exe
  2⤵
  PID:5384
- C:\Windows\System\FaollRX.exe
  C:\Windows\System\FaollRX.exe
  2⤵
  PID:5404
- C:\Windows\System\fnyQYGE.exe
  C:\Windows\System\fnyQYGE.exe
  2⤵
  PID:5428
- C:\Windows\System\cRVHDfh.exe
  C:\Windows\System\cRVHDfh.exe
  2⤵
  PID:5448
- C:\Windows\System\oYupVYa.exe
  C:\Windows\System\oYupVYa.exe
  2⤵
  PID:5464
- C:\Windows\System\voADjuq.exe
  C:\Windows\System\voADjuq.exe
  2⤵
  PID:5484
- C:\Windows\System\gYhxUXo.exe
  C:\Windows\System\gYhxUXo.exe
  2⤵
  PID:5504
- C:\Windows\System\lfZrXIq.exe
  C:\Windows\System\lfZrXIq.exe
  2⤵
  PID:5576
- C:\Windows\System\cRZqGcH.exe
  C:\Windows\System\cRZqGcH.exe
  2⤵
  PID:5604
- C:\Windows\System\hpGTUmD.exe
  C:\Windows\System\hpGTUmD.exe
  2⤵
  PID:5620
- C:\Windows\System\RNXUCtc.exe
  C:\Windows\System\RNXUCtc.exe
  2⤵
  PID:5644
- C:\Windows\System\SiutNcU.exe
  C:\Windows\System\SiutNcU.exe
  2⤵
  PID:5660
- C:\Windows\System\MPFmQSO.exe
  C:\Windows\System\MPFmQSO.exe
  2⤵
  PID:5684
- C:\Windows\System\KWgmmgS.exe
  C:\Windows\System\KWgmmgS.exe
  2⤵
  PID:5712
- C:\Windows\System\XQKmtZf.exe
  C:\Windows\System\XQKmtZf.exe
  2⤵
  PID:5728
- C:\Windows\System\evHaCQf.exe
  C:\Windows\System\evHaCQf.exe
  2⤵
  PID:5748
- C:\Windows\System\OPajdTY.exe
  C:\Windows\System\OPajdTY.exe
  2⤵
  PID:5772
- C:\Windows\System\aZPZOxU.exe
  C:\Windows\System\aZPZOxU.exe
  2⤵
  PID:5788
- C:\Windows\System\xBSmzsT.exe
  C:\Windows\System\xBSmzsT.exe
  2⤵
  PID:5812
- C:\Windows\System\MYtCXjZ.exe
  C:\Windows\System\MYtCXjZ.exe
  2⤵
  PID:5836
- C:\Windows\System\XrIzFLT.exe
  C:\Windows\System\XrIzFLT.exe
  2⤵
  PID:5852
- C:\Windows\System\KUtfvlc.exe
  C:\Windows\System\KUtfvlc.exe
  2⤵
  PID:5876
- C:\Windows\System\OSTWIkS.exe
  C:\Windows\System\OSTWIkS.exe
  2⤵
  PID:5892
- C:\Windows\System\GVqguhq.exe
  C:\Windows\System\GVqguhq.exe
  2⤵
  PID:5916
- C:\Windows\System\wevcvTW.exe
  C:\Windows\System\wevcvTW.exe
  2⤵
  PID:5940
- C:\Windows\System\RnVDcwL.exe
  C:\Windows\System\RnVDcwL.exe
  2⤵
  PID:5956
- C:\Windows\System\nZKQiEz.exe
  C:\Windows\System\nZKQiEz.exe
  2⤵
  PID:5980
- C:\Windows\System\YUEECvX.exe
  C:\Windows\System\YUEECvX.exe
  2⤵
  PID:6008
- C:\Windows\System\ePhtWSK.exe
  C:\Windows\System\ePhtWSK.exe
  2⤵
  PID:6028
- C:\Windows\System\eBJBBMc.exe
  C:\Windows\System\eBJBBMc.exe
  2⤵
  PID:6052
- C:\Windows\System\TibBkXQ.exe
  C:\Windows\System\TibBkXQ.exe
  2⤵
  PID:6072
- C:\Windows\System\hpGwlBx.exe
  C:\Windows\System\hpGwlBx.exe
  2⤵
  PID:6092
- C:\Windows\System\OUwUiGt.exe
  C:\Windows\System\OUwUiGt.exe
  2⤵
  PID:6108
- C:\Windows\System\bzTwaFj.exe
  C:\Windows\System\bzTwaFj.exe
  2⤵
  PID:6128
- C:\Windows\System\ohgUogd.exe
  C:\Windows\System\ohgUogd.exe
  2⤵
  PID:3628
- C:\Windows\System\jFXmdTK.exe
  C:\Windows\System\jFXmdTK.exe
  2⤵
  PID:1784
- C:\Windows\System\AOdJafP.exe
  C:\Windows\System\AOdJafP.exe
  2⤵
  PID:976
- C:\Windows\System\Cncyqua.exe
  C:\Windows\System\Cncyqua.exe
  2⤵
  PID:4404
- C:\Windows\System\JFhEVfL.exe
  C:\Windows\System\JFhEVfL.exe
  2⤵
  PID:388
- C:\Windows\System\zokELeJ.exe
  C:\Windows\System\zokELeJ.exe
  2⤵
  PID:3516
- C:\Windows\System\zLlwpBD.exe
  C:\Windows\System\zLlwpBD.exe
  2⤵
  PID:1316
- C:\Windows\System\rWikPKz.exe
  C:\Windows\System\rWikPKz.exe
  2⤵
  PID:4484
- C:\Windows\System\liVqBvL.exe
  C:\Windows\System\liVqBvL.exe
  2⤵
  PID:2376
- C:\Windows\System\aolSKqJ.exe
  C:\Windows\System\aolSKqJ.exe
  2⤵
  PID:220
- C:\Windows\System\jXBICuO.exe
  C:\Windows\System\jXBICuO.exe
  2⤵
  PID:6100
- C:\Windows\System\mQKGRsZ.exe
  C:\Windows\System\mQKGRsZ.exe
  2⤵
  PID:5164
- C:\Windows\System\NffsJrl.exe
  C:\Windows\System\NffsJrl.exe
  2⤵
  PID:5196
- C:\Windows\System\TglPAGG.exe
  C:\Windows\System\TglPAGG.exe
  2⤵
  PID:5248
- C:\Windows\System\taYephK.exe
  C:\Windows\System\taYephK.exe
  2⤵
  PID:5292
- C:\Windows\System\LKkLqDd.exe
  C:\Windows\System\LKkLqDd.exe
  2⤵
  PID:5320
- C:\Windows\System\iRdAeVe.exe
  C:\Windows\System\iRdAeVe.exe
  2⤵
  PID:5376
- C:\Windows\System\LcPgxEQ.exe
  C:\Windows\System\LcPgxEQ.exe
  2⤵
  PID:5420
- C:\Windows\System\aTJYYOX.exe
  C:\Windows\System\aTJYYOX.exe
  2⤵
  PID:5460
- C:\Windows\System\QxUofxw.exe
  C:\Windows\System\QxUofxw.exe
  2⤵
  PID:6160
- C:\Windows\System\yBZNEUN.exe
  C:\Windows\System\yBZNEUN.exe
  2⤵
  PID:6176
- C:\Windows\System\SGQBMCG.exe
  C:\Windows\System\SGQBMCG.exe
  2⤵
  PID:6200
- C:\Windows\System\jCBdOkR.exe
  C:\Windows\System\jCBdOkR.exe
  2⤵
  PID:6224
- C:\Windows\System\zwMjctp.exe
  C:\Windows\System\zwMjctp.exe
  2⤵
  PID:6248
- C:\Windows\System\DquypbU.exe
  C:\Windows\System\DquypbU.exe
  2⤵
  PID:6268
- C:\Windows\System\yVDAUAp.exe
  C:\Windows\System\yVDAUAp.exe
  2⤵
  PID:6292
- C:\Windows\System\QKPKuzO.exe
  C:\Windows\System\QKPKuzO.exe
  2⤵
  PID:6316
- C:\Windows\System\wRqtIVL.exe
  C:\Windows\System\wRqtIVL.exe
  2⤵
  PID:6332
- C:\Windows\System\KLUJcdB.exe
  C:\Windows\System\KLUJcdB.exe
  2⤵
  PID:6352
- C:\Windows\System\PfuXXFU.exe
  C:\Windows\System\PfuXXFU.exe
  2⤵
  PID:6372
- C:\Windows\System\UXwxvYf.exe
  C:\Windows\System\UXwxvYf.exe
  2⤵
  PID:6400
- C:\Windows\System\zoKQdKH.exe
  C:\Windows\System\zoKQdKH.exe
  2⤵
  PID:6424
- C:\Windows\System\KPQAYpw.exe
  C:\Windows\System\KPQAYpw.exe
  2⤵
  PID:6520
- C:\Windows\System\MsOhFcs.exe
  C:\Windows\System\MsOhFcs.exe
  2⤵
  PID:6544
- C:\Windows\System\eKLiHxV.exe
  C:\Windows\System\eKLiHxV.exe
  2⤵
  PID:6564
- C:\Windows\System\xdmxiaS.exe
  C:\Windows\System\xdmxiaS.exe
  2⤵
  PID:6584
- C:\Windows\System\yqfAVIW.exe
  C:\Windows\System\yqfAVIW.exe
  2⤵
  PID:6608
- C:\Windows\System\kVLPgPQ.exe
  C:\Windows\System\kVLPgPQ.exe
  2⤵
  PID:6628
- C:\Windows\System\lhwPGOk.exe
  C:\Windows\System\lhwPGOk.exe
  2⤵
  PID:6648
- C:\Windows\System\KRZKyYx.exe
  C:\Windows\System\KRZKyYx.exe
  2⤵
  PID:6672
- C:\Windows\System\PULFUUE.exe
  C:\Windows\System\PULFUUE.exe
  2⤵
  PID:6696
- C:\Windows\System\iGBqyRq.exe
  C:\Windows\System\iGBqyRq.exe
  2⤵
  PID:6716
- C:\Windows\System\bZMGvoh.exe
  C:\Windows\System\bZMGvoh.exe
  2⤵
  PID:6736
- C:\Windows\System\sKFppBL.exe
  C:\Windows\System\sKFppBL.exe
  2⤵
  PID:6760
- C:\Windows\System\bAzaXui.exe
  C:\Windows\System\bAzaXui.exe
  2⤵
  PID:6776
- C:\Windows\System\akxMvee.exe
  C:\Windows\System\akxMvee.exe
  2⤵
  PID:6800
- C:\Windows\System\AGKteKj.exe
  C:\Windows\System\AGKteKj.exe
  2⤵
  PID:6828
- C:\Windows\System\RpJhutn.exe
  C:\Windows\System\RpJhutn.exe
  2⤵
  PID:6844
- C:\Windows\System\WewMLYR.exe
  C:\Windows\System\WewMLYR.exe
  2⤵
  PID:6868
- C:\Windows\System\rHsafOp.exe
  C:\Windows\System\rHsafOp.exe
  2⤵
  PID:6884
- C:\Windows\System\VHAGqOj.exe
  C:\Windows\System\VHAGqOj.exe
  2⤵
  PID:6908
- C:\Windows\System\KWTjfrf.exe
  C:\Windows\System\KWTjfrf.exe
  2⤵
  PID:6928
- C:\Windows\System\Qarfgbi.exe
  C:\Windows\System\Qarfgbi.exe
  2⤵
  PID:6948
- C:\Windows\System\zNlvwXP.exe
  C:\Windows\System\zNlvwXP.exe
  2⤵
  PID:6972
- C:\Windows\System\oQctdkL.exe
  C:\Windows\System\oQctdkL.exe
  2⤵
  PID:6988
- C:\Windows\System\yiuBmob.exe
  C:\Windows\System\yiuBmob.exe
  2⤵
  PID:7012
- C:\Windows\System\btovVsl.exe
  C:\Windows\System\btovVsl.exe
  2⤵
  PID:7044
- C:\Windows\System\WKCsynm.exe
  C:\Windows\System\WKCsynm.exe
  2⤵
  PID:7064
- C:\Windows\System\VhmsvFh.exe
  C:\Windows\System\VhmsvFh.exe
  2⤵
  PID:7140
- C:\Windows\System\JJBVDiz.exe
  C:\Windows\System\JJBVDiz.exe
  2⤵
  PID:7156
- C:\Windows\System\cAHueXN.exe
  C:\Windows\System\cAHueXN.exe
  2⤵
  PID:6044
- C:\Windows\System\dSHrVuh.exe
  C:\Windows\System\dSHrVuh.exe
  2⤵
  PID:1016
- C:\Windows\System\jMFcUOL.exe
  C:\Windows\System\jMFcUOL.exe
  2⤵
  PID:6104
- C:\Windows\System\RIbGtSj.exe
  C:\Windows\System\RIbGtSj.exe
  2⤵
  PID:2664
- C:\Windows\System\gJrJGSD.exe
  C:\Windows\System\gJrJGSD.exe
  2⤵
  PID:5596
- C:\Windows\System\sWSqJlx.exe
  C:\Windows\System\sWSqJlx.exe
  2⤵
  PID:5652
- C:\Windows\System\RyBuRSi.exe
  C:\Windows\System\RyBuRSi.exe
  2⤵
  PID:5680
- C:\Windows\System\WsROgsy.exe
  C:\Windows\System\WsROgsy.exe
  2⤵
  PID:5736
- C:\Windows\System\igqSTOG.exe
  C:\Windows\System\igqSTOG.exe
  2⤵
  PID:5780
- C:\Windows\System\mIHsJlV.exe
  C:\Windows\System\mIHsJlV.exe
  2⤵
  PID:5808
- C:\Windows\System\kWVjaDe.exe
  C:\Windows\System\kWVjaDe.exe
  2⤵
  PID:5860
- C:\Windows\System\fPYPqGK.exe
  C:\Windows\System\fPYPqGK.exe
  2⤵
  PID:5908
- C:\Windows\System\uNVZrfv.exe
  C:\Windows\System\uNVZrfv.exe
  2⤵
  PID:5936
- C:\Windows\System\qpcrIWk.exe
  C:\Windows\System\qpcrIWk.exe
  2⤵
  PID:5992
- C:\Windows\System\UUrnowk.exe
  C:\Windows\System\UUrnowk.exe
  2⤵
  PID:6244
- C:\Windows\System\FGkGxQk.exe
  C:\Windows\System\FGkGxQk.exe
  2⤵
  PID:6284
- C:\Windows\System\WKKPBDw.exe
  C:\Windows\System\WKKPBDw.exe
  2⤵
  PID:6088
- C:\Windows\System\lSvsJoW.exe
  C:\Windows\System\lSvsJoW.exe
  2⤵
  PID:6348
- C:\Windows\System\XlHgdaV.exe
  C:\Windows\System\XlHgdaV.exe
  2⤵
  PID:3152
- C:\Windows\System\TKIhJYb.exe
  C:\Windows\System\TKIhJYb.exe
  2⤵
  PID:6236
- C:\Windows\System\sQMKEUm.exe
  C:\Windows\System\sQMKEUm.exe
  2⤵
  PID:6668
- C:\Windows\System\oSBODXX.exe
  C:\Windows\System\oSBODXX.exe
  2⤵
  PID:6732
- C:\Windows\System\EQdDSTI.exe
  C:\Windows\System\EQdDSTI.exe
  2⤵
  PID:6364
- C:\Windows\System\KHpfDMv.exe
  C:\Windows\System\KHpfDMv.exe
  2⤵
  PID:6920
- C:\Windows\System\caZSNZK.exe
  C:\Windows\System\caZSNZK.exe
  2⤵
  PID:7004
- C:\Windows\System\hIxFIja.exe
  C:\Windows\System\hIxFIja.exe
  2⤵
  PID:6412
- C:\Windows\System\oPTrBtQ.exe
  C:\Windows\System\oPTrBtQ.exe
  2⤵
  PID:7172
- C:\Windows\System\IIKxuHW.exe
  C:\Windows\System\IIKxuHW.exe
  2⤵
  PID:7188
- C:\Windows\System\jyaUgpX.exe
  C:\Windows\System\jyaUgpX.exe
  2⤵
  PID:7204
- C:\Windows\System\XdljleK.exe
  C:\Windows\System\XdljleK.exe
  2⤵
  PID:7308
- C:\Windows\System\QwruyWE.exe
  C:\Windows\System\QwruyWE.exe
  2⤵
  PID:7324
- C:\Windows\System\TDHGtOf.exe
  C:\Windows\System\TDHGtOf.exe
  2⤵
  PID:7340
- C:\Windows\System\RJfIlVh.exe
  C:\Windows\System\RJfIlVh.exe
  2⤵
  PID:7372
- C:\Windows\System\BtaozUo.exe
  C:\Windows\System\BtaozUo.exe
  2⤵
  PID:7392
- C:\Windows\System\fMYtRGJ.exe
  C:\Windows\System\fMYtRGJ.exe
  2⤵
  PID:7412
- C:\Windows\System\bQsoLDm.exe
  C:\Windows\System\bQsoLDm.exe
  2⤵
  PID:7436
- C:\Windows\System\qdgCDXg.exe
  C:\Windows\System\qdgCDXg.exe
  2⤵
  PID:7456
- C:\Windows\System\LQrHPCR.exe
  C:\Windows\System\LQrHPCR.exe
  2⤵
  PID:7476
- C:\Windows\System\SIImLGC.exe
  C:\Windows\System\SIImLGC.exe
  2⤵
  PID:7496
- C:\Windows\System\fyJgMUy.exe
  C:\Windows\System\fyJgMUy.exe
  2⤵
  PID:7520
- C:\Windows\System\KTcuDND.exe
  C:\Windows\System\KTcuDND.exe
  2⤵
  PID:7544
- C:\Windows\System\LADsoNN.exe
  C:\Windows\System\LADsoNN.exe
  2⤵
  PID:7564
- C:\Windows\System\HulCVjV.exe
  C:\Windows\System\HulCVjV.exe
  2⤵
  PID:7580
- C:\Windows\System\VILUKma.exe
  C:\Windows\System\VILUKma.exe
  2⤵
  PID:7600
- C:\Windows\System\bHmnKGn.exe
  C:\Windows\System\bHmnKGn.exe
  2⤵
  PID:7620
- C:\Windows\System\qFYyYUr.exe
  C:\Windows\System\qFYyYUr.exe
  2⤵
  PID:7640
- C:\Windows\System\VpciTjG.exe
  C:\Windows\System\VpciTjG.exe
  2⤵
  PID:7664
- C:\Windows\System\DKgpjxY.exe
  C:\Windows\System\DKgpjxY.exe
  2⤵
  PID:7684
- C:\Windows\System\FXIrPjf.exe
  C:\Windows\System\FXIrPjf.exe
  2⤵
  PID:7700
- C:\Windows\System\PLeYEyJ.exe
  C:\Windows\System\PLeYEyJ.exe
  2⤵
  PID:7724
- C:\Windows\System\AyolOkH.exe
  C:\Windows\System\AyolOkH.exe
  2⤵
  PID:7752
- C:\Windows\System\jsvMUBB.exe
  C:\Windows\System\jsvMUBB.exe
  2⤵
  PID:7772
- C:\Windows\System\rDAzZCr.exe
  C:\Windows\System\rDAzZCr.exe
  2⤵
  PID:7796
- C:\Windows\System\SogxTBW.exe
  C:\Windows\System\SogxTBW.exe
  2⤵
  PID:7820
- C:\Windows\System\WKUiERq.exe
  C:\Windows\System\WKUiERq.exe
  2⤵
  PID:7844
- C:\Windows\System\zoHgGjq.exe
  C:\Windows\System\zoHgGjq.exe
  2⤵
  PID:7864
- C:\Windows\System\ldbRZHZ.exe
  C:\Windows\System\ldbRZHZ.exe
  2⤵
  PID:7884
- C:\Windows\System\GCjouEJ.exe
  C:\Windows\System\GCjouEJ.exe
  2⤵
  PID:7904
- C:\Windows\System\ZEWzOQY.exe
  C:\Windows\System\ZEWzOQY.exe
  2⤵
  PID:7924
- C:\Windows\System\iWzrJgx.exe
  C:\Windows\System\iWzrJgx.exe
  2⤵
  PID:7952
- C:\Windows\System\xdjIQQM.exe
  C:\Windows\System\xdjIQQM.exe
  2⤵
  PID:7976
- C:\Windows\System\mukvIkE.exe
  C:\Windows\System\mukvIkE.exe
  2⤵
  PID:7996
- C:\Windows\System\bHYCacL.exe
  C:\Windows\System\bHYCacL.exe
  2⤵
  PID:8016
- C:\Windows\System\etITRqt.exe
  C:\Windows\System\etITRqt.exe
  2⤵
  PID:8040
- C:\Windows\System\oikaerR.exe
  C:\Windows\System\oikaerR.exe
  2⤵
  PID:8056
- C:\Windows\System\vbKnQaC.exe
  C:\Windows\System\vbKnQaC.exe
  2⤵
  PID:8080
- C:\Windows\System\pILPRGd.exe
  C:\Windows\System\pILPRGd.exe
  2⤵
  PID:8096
- C:\Windows\System\XkjXBUB.exe
  C:\Windows\System\XkjXBUB.exe
  2⤵
  PID:8112
- C:\Windows\System\REkAeDp.exe
  C:\Windows\System\REkAeDp.exe
  2⤵
  PID:8132
- C:\Windows\System\VWpVeAd.exe
  C:\Windows\System\VWpVeAd.exe
  2⤵
  PID:8156
- C:\Windows\System\NwOWkZE.exe
  C:\Windows\System\NwOWkZE.exe
  2⤵
  PID:8172
- C:\Windows\System\AmrYSHS.exe
  C:\Windows\System\AmrYSHS.exe
  2⤵
  PID:6156
- C:\Windows\System\GLgsdxM.exe
  C:\Windows\System\GLgsdxM.exe
  2⤵
  PID:6192
- C:\Windows\System\TtQGPWt.exe
  C:\Windows\System\TtQGPWt.exe
  2⤵
  PID:5516
- C:\Windows\System\alvDXTR.exe
  C:\Windows\System\alvDXTR.exe
  2⤵
  PID:6644
- C:\Windows\System\ygemmCg.exe
  C:\Windows\System\ygemmCg.exe
  2⤵
  PID:5924
- C:\Windows\System\dtDakCa.exe
  C:\Windows\System\dtDakCa.exe
  2⤵
  PID:6036
- C:\Windows\System\hhTXnrO.exe
  C:\Windows\System\hhTXnrO.exe
  2⤵
  PID:6796
- C:\Windows\System\vgoNqvM.exe
  C:\Windows\System\vgoNqvM.exe
  2⤵
  PID:6312
- C:\Windows\System\MMoDpjf.exe
  C:\Windows\System\MMoDpjf.exe
  2⤵
  PID:6916
- C:\Windows\System\SMQdThQ.exe
  C:\Windows\System\SMQdThQ.exe
  2⤵
  PID:6984
- C:\Windows\System\tViDxep.exe
  C:\Windows\System\tViDxep.exe
  2⤵
  PID:7032
- C:\Windows\System\RpErJNA.exe
  C:\Windows\System\RpErJNA.exe
  2⤵
  PID:6420
- C:\Windows\System\PgceqRU.exe
  C:\Windows\System\PgceqRU.exe
  2⤵
  PID:6528
- C:\Windows\System\CEMeYKW.exe
  C:\Windows\System\CEMeYKW.exe
  2⤵
  PID:6576
- C:\Windows\System\tLaXjaM.exe
  C:\Windows\System\tLaXjaM.exe
  2⤵
  PID:7132
- C:\Windows\System\ANYSldQ.exe
  C:\Windows\System\ANYSldQ.exe
  2⤵
  PID:7164
- C:\Windows\System\iWgLaii.exe
  C:\Windows\System\iWgLaii.exe
  2⤵
  PID:7576
- C:\Windows\System\JCyTGbG.exe
  C:\Windows\System\JCyTGbG.exe
  2⤵
  PID:7732
- C:\Windows\System\kHjLvHZ.exe
  C:\Windows\System\kHjLvHZ.exe
  2⤵
  PID:7780
- C:\Windows\System\VFzaXcD.exe
  C:\Windows\System\VFzaXcD.exe
  2⤵
  PID:6684
- C:\Windows\System\IKDumSZ.exe
  C:\Windows\System\IKDumSZ.exe
  2⤵
  PID:8216
- C:\Windows\System\HTZDGRt.exe
  C:\Windows\System\HTZDGRt.exe
  2⤵
  PID:8240
- C:\Windows\System\nmHDvxJ.exe
  C:\Windows\System\nmHDvxJ.exe
  2⤵
  PID:8256
- C:\Windows\System\AkCynqh.exe
  C:\Windows\System\AkCynqh.exe
  2⤵
  PID:8280
- C:\Windows\System\QSjFoKY.exe
  C:\Windows\System\QSjFoKY.exe
  2⤵
  PID:8296
- C:\Windows\System\ziOKryk.exe
  C:\Windows\System\ziOKryk.exe
  2⤵
  PID:8324
- C:\Windows\System\NGpDSFd.exe
  C:\Windows\System\NGpDSFd.exe
  2⤵
  PID:8344
- C:\Windows\System\UZiOtSD.exe
  C:\Windows\System\UZiOtSD.exe
  2⤵
  PID:8368
- C:\Windows\System\KHaPBlv.exe
  C:\Windows\System\KHaPBlv.exe
  2⤵
  PID:8392
- C:\Windows\System\QHPqRHI.exe
  C:\Windows\System\QHPqRHI.exe
  2⤵
  PID:8416
- C:\Windows\System\JUEgPhA.exe
  C:\Windows\System\JUEgPhA.exe
  2⤵
  PID:8440
- C:\Windows\System\WvsebcF.exe
  C:\Windows\System\WvsebcF.exe
  2⤵
  PID:8456
- C:\Windows\System\fQjUmhT.exe
  C:\Windows\System\fQjUmhT.exe
  2⤵
  PID:8484
- C:\Windows\System\GTKcZfO.exe
  C:\Windows\System\GTKcZfO.exe
  2⤵
  PID:8504
- C:\Windows\System\IrprLZP.exe
  C:\Windows\System\IrprLZP.exe
  2⤵
  PID:8528
- C:\Windows\System\CkcPDHO.exe
  C:\Windows\System\CkcPDHO.exe
  2⤵
  PID:8552
- C:\Windows\System\AmdrHlY.exe
  C:\Windows\System\AmdrHlY.exe
  2⤵
  PID:8572
- C:\Windows\System\QDjzfWL.exe
  C:\Windows\System\QDjzfWL.exe
  2⤵
  PID:8600
- C:\Windows\System\RKrCIzx.exe
  C:\Windows\System\RKrCIzx.exe
  2⤵
  PID:8624
- C:\Windows\System\aQTCQqZ.exe
  C:\Windows\System\aQTCQqZ.exe
  2⤵
  PID:8640
- C:\Windows\System\cvJrgPB.exe
  C:\Windows\System\cvJrgPB.exe
  2⤵
  PID:8668
- C:\Windows\System\zYIjHle.exe
  C:\Windows\System\zYIjHle.exe
  2⤵
  PID:8688
- C:\Windows\System\lGlREIl.exe
  C:\Windows\System\lGlREIl.exe
  2⤵
  PID:8716
- C:\Windows\System\RilPmMy.exe
  C:\Windows\System\RilPmMy.exe
  2⤵
  PID:8812
- C:\Windows\System\IyFHbDc.exe
  C:\Windows\System\IyFHbDc.exe
  2⤵
  PID:8832
- C:\Windows\System\WKSMHrZ.exe
  C:\Windows\System\WKSMHrZ.exe
  2⤵
  PID:8860
- C:\Windows\System\YsTgZtq.exe
  C:\Windows\System\YsTgZtq.exe
  2⤵
  PID:8880
- C:\Windows\System\egbdQpi.exe
  C:\Windows\System\egbdQpi.exe
  2⤵
  PID:8896
- C:\Windows\System\ywtrtRh.exe
  C:\Windows\System\ywtrtRh.exe
  2⤵
  PID:8920
- C:\Windows\System\mqQVvbF.exe
  C:\Windows\System\mqQVvbF.exe
  2⤵
  PID:8940
- C:\Windows\System\nLWiPjL.exe
  C:\Windows\System\nLWiPjL.exe
  2⤵
  PID:8964
- C:\Windows\System\TgXTmWd.exe
  C:\Windows\System\TgXTmWd.exe
  2⤵
  PID:8988
- C:\Windows\System\dmNApxF.exe
  C:\Windows\System\dmNApxF.exe
  2⤵
  PID:9004
- C:\Windows\System\dOUuVRn.exe
  C:\Windows\System\dOUuVRn.exe
  2⤵
  PID:9032
- C:\Windows\System\FNKiHNo.exe
  C:\Windows\System\FNKiHNo.exe
  2⤵
  PID:9048
- C:\Windows\System\UaFkJxG.exe
  C:\Windows\System\UaFkJxG.exe
  2⤵
  PID:9068
- C:\Windows\System\PaMTixg.exe
  C:\Windows\System\PaMTixg.exe
  2⤵
  PID:9088
- C:\Windows\System\cNRqqIv.exe
  C:\Windows\System\cNRqqIv.exe
  2⤵
  PID:9112
- C:\Windows\System\NBfATsW.exe
  C:\Windows\System\NBfATsW.exe
  2⤵
  PID:9128
- C:\Windows\System\glYvtoQ.exe
  C:\Windows\System\glYvtoQ.exe
  2⤵
  PID:9156
- C:\Windows\System\EODoSyx.exe
  C:\Windows\System\EODoSyx.exe
  2⤵
  PID:9176
- C:\Windows\System\DxwkqSD.exe
  C:\Windows\System\DxwkqSD.exe
  2⤵
  PID:9196
- C:\Windows\System\MBVcMPj.exe
  C:\Windows\System\MBVcMPj.exe
  2⤵
  PID:5044
- C:\Windows\System\cRHWhtB.exe
  C:\Windows\System\cRHWhtB.exe
  2⤵
  PID:6068
- C:\Windows\System\ysIwPaj.exe
  C:\Windows\System\ysIwPaj.exe
  2⤵
  PID:624
- C:\Windows\System\BkFKUtg.exe
  C:\Windows\System\BkFKUtg.exe
  2⤵
  PID:8036
- C:\Windows\System\kGvyXuh.exe
  C:\Windows\System\kGvyXuh.exe
  2⤵
  PID:8076
- C:\Windows\System\CiIoHjA.exe
  C:\Windows\System\CiIoHjA.exe
  2⤵
  PID:8092
- C:\Windows\System\orZAEMo.exe
  C:\Windows\System\orZAEMo.exe
  2⤵
  PID:8124
- C:\Windows\System\cVXlVvi.exe
  C:\Windows\System\cVXlVvi.exe
  2⤵
  PID:8168
- C:\Windows\System\UQGrXYZ.exe
  C:\Windows\System\UQGrXYZ.exe
  2⤵
  PID:7112
- C:\Windows\System\aquiajL.exe
  C:\Windows\System\aquiajL.exe
  2⤵
  PID:6864
- C:\Windows\System\RnuKAsm.exe
  C:\Windows\System\RnuKAsm.exe
  2⤵
  PID:6968
- C:\Windows\System\dhDvGje.exe
  C:\Windows\System\dhDvGje.exe
  2⤵
  PID:7716
- C:\Windows\System\BYIXcWJ.exe
  C:\Windows\System\BYIXcWJ.exe
  2⤵
  PID:6572
- C:\Windows\System\EtXrMmc.exe
  C:\Windows\System\EtXrMmc.exe
  2⤵
  PID:5500
- C:\Windows\System\KRFrPOO.exe
  C:\Windows\System\KRFrPOO.exe
  2⤵
  PID:4008
- C:\Windows\System\xobsXeK.exe
  C:\Windows\System\xobsXeK.exe
  2⤵
  PID:5640
- C:\Windows\System\UvHknuv.exe
  C:\Windows\System\UvHknuv.exe
  2⤵
  PID:8196
- C:\Windows\System\soQxlbp.exe
  C:\Windows\System\soQxlbp.exe
  2⤵
  PID:5824
- C:\Windows\System\GVRVzux.exe
  C:\Windows\System\GVRVzux.exe
  2⤵
  PID:5900
- C:\Windows\System\NpOQhdv.exe
  C:\Windows\System\NpOQhdv.exe
  2⤵
  PID:7840
- C:\Windows\System\pWUapOt.exe
  C:\Windows\System\pWUapOt.exe
  2⤵
  PID:8380
- C:\Windows\System\oPErtaj.exe
  C:\Windows\System\oPErtaj.exe
  2⤵
  PID:7892
- C:\Windows\System\zyFvLSu.exe
  C:\Windows\System\zyFvLSu.exe
  2⤵
  PID:8436
- C:\Windows\System\dcZEbAo.exe
  C:\Windows\System\dcZEbAo.exe
  2⤵
  PID:7964
- C:\Windows\System\mrRlPMq.exe
  C:\Windows\System\mrRlPMq.exe
  2⤵
  PID:8608
- C:\Windows\System\uPmqVTj.exe
  C:\Windows\System\uPmqVTj.exe
  2⤵
  PID:8028
- C:\Windows\System\nJMdmMV.exe
  C:\Windows\System\nJMdmMV.exe
  2⤵
  PID:9236
- C:\Windows\System\sVtIevN.exe
  C:\Windows\System\sVtIevN.exe
  2⤵
  PID:9256
- C:\Windows\System\iFhrkIO.exe
  C:\Windows\System\iFhrkIO.exe
  2⤵
  PID:9280
- C:\Windows\System\ZWSlZOm.exe
  C:\Windows\System\ZWSlZOm.exe
  2⤵
  PID:9304
- C:\Windows\System\hBJBpEP.exe
  C:\Windows\System\hBJBpEP.exe
  2⤵
  PID:9328
- C:\Windows\System\PirnOug.exe
  C:\Windows\System\PirnOug.exe
  2⤵
  PID:9344
- C:\Windows\System\eWOFLwS.exe
  C:\Windows\System\eWOFLwS.exe
  2⤵
  PID:9360
- C:\Windows\System\sKBCYSq.exe
  C:\Windows\System\sKBCYSq.exe
  2⤵
  PID:9376
- C:\Windows\System\sfiTKJz.exe
  C:\Windows\System\sfiTKJz.exe
  2⤵
  PID:9392
- C:\Windows\System\hZPhlZf.exe
  C:\Windows\System\hZPhlZf.exe
  2⤵
  PID:9460
- C:\Windows\System\mKCnFBx.exe
  C:\Windows\System\mKCnFBx.exe
  2⤵
  PID:9484
- C:\Windows\System\CyOmFKz.exe
  C:\Windows\System\CyOmFKz.exe
  2⤵
  PID:9508
- C:\Windows\System\GikZtZd.exe
  C:\Windows\System\GikZtZd.exe
  2⤵
  PID:9532
- C:\Windows\System\unucyZv.exe
  C:\Windows\System\unucyZv.exe
  2⤵
  PID:9548
- C:\Windows\System\faXOUnO.exe
  C:\Windows\System\faXOUnO.exe
  2⤵
  PID:9572
- C:\Windows\System\WebGTOC.exe
  C:\Windows\System\WebGTOC.exe
  2⤵
  PID:9596
- C:\Windows\System\tQUHQkS.exe
  C:\Windows\System\tQUHQkS.exe
  2⤵
  PID:9612
- C:\Windows\System\gMlLgfs.exe
  C:\Windows\System\gMlLgfs.exe
  2⤵
  PID:9636
- C:\Windows\System\NRpoaKZ.exe
  C:\Windows\System\NRpoaKZ.exe
  2⤵
  PID:9660
- C:\Windows\System\vKfPEDp.exe
  C:\Windows\System\vKfPEDp.exe
  2⤵
  PID:9680
- C:\Windows\System\FDPVnUu.exe
  C:\Windows\System\FDPVnUu.exe
  2⤵
  PID:9700
- C:\Windows\System\iICaUeX.exe
  C:\Windows\System\iICaUeX.exe
  2⤵
  PID:9716
- C:\Windows\System\ZXzvMiA.exe
  C:\Windows\System\ZXzvMiA.exe
  2⤵
  PID:9740
- C:\Windows\System\GETLcaN.exe
  C:\Windows\System\GETLcaN.exe
  2⤵
  PID:9764
- C:\Windows\System\hPpgKPk.exe
  C:\Windows\System\hPpgKPk.exe
  2⤵
  PID:9788
- C:\Windows\System\leVeXro.exe
  C:\Windows\System\leVeXro.exe
  2⤵
  PID:9808
- C:\Windows\System\gNoivhJ.exe
  C:\Windows\System\gNoivhJ.exe
  2⤵
  PID:9840
- C:\Windows\System\PkmtBbL.exe
  C:\Windows\System\PkmtBbL.exe
  2⤵
  PID:9860
- C:\Windows\System\Iwyhqrc.exe
  C:\Windows\System\Iwyhqrc.exe
  2⤵
  PID:9884
- C:\Windows\System\ZMAGeGC.exe
  C:\Windows\System\ZMAGeGC.exe
  2⤵
  PID:9904
- C:\Windows\System\AjFZfbq.exe
  C:\Windows\System\AjFZfbq.exe
  2⤵
  PID:9936
- C:\Windows\System\oIDBmCs.exe
  C:\Windows\System\oIDBmCs.exe
  2⤵
  PID:9952
- C:\Windows\System\qsHQWHL.exe
  C:\Windows\System\qsHQWHL.exe
  2⤵
  PID:9984
- C:\Windows\System\eQGeYWf.exe
  C:\Windows\System\eQGeYWf.exe
  2⤵
  PID:10000
- C:\Windows\System\xceAMhP.exe
  C:\Windows\System\xceAMhP.exe
  2⤵
  PID:10020
- C:\Windows\System\kzHZhcy.exe
  C:\Windows\System\kzHZhcy.exe
  2⤵
  PID:10036
- C:\Windows\System\wfPAYqY.exe
  C:\Windows\System\wfPAYqY.exe
  2⤵
  PID:10056
- C:\Windows\System\maNWRES.exe
  C:\Windows\System\maNWRES.exe
  2⤵
  PID:10080
- C:\Windows\System\vSIDweg.exe
  C:\Windows\System\vSIDweg.exe
  2⤵
  PID:10100
- C:\Windows\System\GxsSnGz.exe
  C:\Windows\System\GxsSnGz.exe
  2⤵
  PID:10120
- C:\Windows\System\aXrFzXL.exe
  C:\Windows\System\aXrFzXL.exe
  2⤵
  PID:10148
- C:\Windows\System\QvXnhyW.exe
  C:\Windows\System\QvXnhyW.exe
  2⤵
  PID:10168
- C:\Windows\System\aYxDfVV.exe
  C:\Windows\System\aYxDfVV.exe
  2⤵
  PID:10188
- C:\Windows\System\WCSzSsw.exe
  C:\Windows\System\WCSzSsw.exe
  2⤵
  PID:10208
- C:\Windows\System\dkrRGxh.exe
  C:\Windows\System\dkrRGxh.exe
  2⤵
  PID:10228
- C:\Windows\System\RaJNQfi.exe
  C:\Windows\System\RaJNQfi.exe
  2⤵
  PID:1932
- C:\Windows\System\tdJeImv.exe
  C:\Windows\System\tdJeImv.exe
  2⤵
  PID:4528
- C:\Windows\System\QHrcLHn.exe
  C:\Windows\System\QHrcLHn.exe
  2⤵
  PID:7200
- C:\Windows\System\ffvvFIh.exe
  C:\Windows\System\ffvvFIh.exe
  2⤵
  PID:7336
- C:\Windows\System\goGheZL.exe
  C:\Windows\System\goGheZL.exe
  2⤵
  PID:7364
- C:\Windows\System\PYkpGMl.exe
  C:\Windows\System\PYkpGMl.exe
  2⤵
  PID:7384
- C:\Windows\System\daRtmPb.exe
  C:\Windows\System\daRtmPb.exe
  2⤵
  PID:7408
- C:\Windows\System\YRpDpNf.exe
  C:\Windows\System\YRpDpNf.exe
  2⤵
  PID:7488
- C:\Windows\System\aOsjilG.exe
  C:\Windows\System\aOsjilG.exe
  2⤵
  PID:7612
- C:\Windows\System\vMtxRTo.exe
  C:\Windows\System\vMtxRTo.exe
  2⤵
  PID:2320
- C:\Windows\System\zpcQqWN.exe
  C:\Windows\System\zpcQqWN.exe
  2⤵
  PID:6508
- C:\Windows\System\ApEdIJF.exe
  C:\Windows\System\ApEdIJF.exe
  2⤵
  PID:7748
- C:\Windows\System\kavwlAX.exe
  C:\Windows\System\kavwlAX.exe
  2⤵
  PID:7816
- C:\Windows\System\DPDqTnt.exe
  C:\Windows\System\DPDqTnt.exe
  2⤵
  PID:7832
- C:\Windows\System\MWwqGKW.exe
  C:\Windows\System\MWwqGKW.exe
  2⤵
  PID:7088
- C:\Windows\System\xmiYQGa.exe
  C:\Windows\System\xmiYQGa.exe
  2⤵
  PID:8340
- C:\Windows\System\gGUbXmv.exe
  C:\Windows\System\gGUbXmv.exe
  2⤵
  PID:7680
- C:\Windows\System\suUsDtt.exe
  C:\Windows\System\suUsDtt.exe
  2⤵
  PID:8476
- C:\Windows\System\QlKJkgk.exe
  C:\Windows\System\QlKJkgk.exe
  2⤵
  PID:10244
- C:\Windows\System\WNMnElD.exe
  C:\Windows\System\WNMnElD.exe
  2⤵
  PID:10268
- C:\Windows\System\QHEdHVA.exe
  C:\Windows\System\QHEdHVA.exe
  2⤵
  PID:10292
- C:\Windows\System\lYrJtSm.exe
  C:\Windows\System\lYrJtSm.exe
  2⤵
  PID:10312
- C:\Windows\System\EIIiQEw.exe
  C:\Windows\System\EIIiQEw.exe
  2⤵
  PID:10328
- C:\Windows\System\rJXkNrU.exe
  C:\Windows\System\rJXkNrU.exe
  2⤵
  PID:10352
- C:\Windows\System\GRSmiLU.exe
  C:\Windows\System\GRSmiLU.exe
  2⤵
  PID:10380
- C:\Windows\System\muYGBIS.exe
  C:\Windows\System\muYGBIS.exe
  2⤵
  PID:10400
- C:\Windows\System\mPGZfhi.exe
  C:\Windows\System\mPGZfhi.exe
  2⤵
  PID:10424
- C:\Windows\System\mKIDirb.exe
  C:\Windows\System\mKIDirb.exe
  2⤵
  PID:10448
- C:\Windows\System\CCVnPEq.exe
  C:\Windows\System\CCVnPEq.exe
  2⤵
  PID:10472
- C:\Windows\System\dXIhiGv.exe
  C:\Windows\System\dXIhiGv.exe
  2⤵
  PID:10500
- C:\Windows\System\bBRORfR.exe
  C:\Windows\System\bBRORfR.exe
  2⤵
  PID:10520
- C:\Windows\System\ylbGQxM.exe
  C:\Windows\System\ylbGQxM.exe
  2⤵
  PID:10540
- C:\Windows\System\xVnkRXP.exe
  C:\Windows\System\xVnkRXP.exe
  2⤵
  PID:10560
- C:\Windows\System\fJiBSzM.exe
  C:\Windows\System\fJiBSzM.exe
  2⤵
  PID:10592
- C:\Windows\System\WKHVKKB.exe
  C:\Windows\System\WKHVKKB.exe
  2⤵
  PID:10672
- C:\Windows\System\fixcbrD.exe
  C:\Windows\System\fixcbrD.exe
  2⤵
  PID:10692
- C:\Windows\System\gaqaviU.exe
  C:\Windows\System\gaqaviU.exe
  2⤵
  PID:10716
- C:\Windows\System\NxgFcmV.exe
  C:\Windows\System\NxgFcmV.exe
  2⤵
  PID:10740
- C:\Windows\System\mAcfKFV.exe
  C:\Windows\System\mAcfKFV.exe
  2⤵
  PID:10760
- C:\Windows\System\oKybDPG.exe
  C:\Windows\System\oKybDPG.exe
  2⤵
  PID:10784
- C:\Windows\System\nQcyMsB.exe
  C:\Windows\System\nQcyMsB.exe
  2⤵
  PID:10804
- C:\Windows\System\BsOuors.exe
  C:\Windows\System\BsOuors.exe
  2⤵
  PID:10828
- C:\Windows\System\ATDKaTi.exe
  C:\Windows\System\ATDKaTi.exe
  2⤵
  PID:10848
- C:\Windows\System\xYHGCTI.exe
  C:\Windows\System\xYHGCTI.exe
  2⤵
  PID:10872
- C:\Windows\System\ghZOTdw.exe
  C:\Windows\System\ghZOTdw.exe
  2⤵
  PID:10892
- C:\Windows\System\WHMnmZX.exe
  C:\Windows\System\WHMnmZX.exe
  2⤵
  PID:10912
- C:\Windows\System\XZnxPbM.exe
  C:\Windows\System\XZnxPbM.exe
  2⤵
  PID:10936
- C:\Windows\System\WkcBBRM.exe
  C:\Windows\System\WkcBBRM.exe
  2⤵
  PID:10964
- C:\Windows\System\yuhPehB.exe
  C:\Windows\System\yuhPehB.exe
  2⤵
  PID:10988
- C:\Windows\System\mXPnklW.exe
  C:\Windows\System\mXPnklW.exe
  2⤵
  PID:11008
- C:\Windows\System\vVdGnLM.exe
  C:\Windows\System\vVdGnLM.exe
  2⤵
  PID:11032
- C:\Windows\System\SCUnZLn.exe
  C:\Windows\System\SCUnZLn.exe
  2⤵
  PID:11056
- C:\Windows\System\MVDxLwR.exe
  C:\Windows\System\MVDxLwR.exe
  2⤵
  PID:11080
- C:\Windows\System\KvUtpck.exe
  C:\Windows\System\KvUtpck.exe
  2⤵
  PID:11108
- C:\Windows\System\NKkAnYV.exe
  C:\Windows\System\NKkAnYV.exe
  2⤵
  PID:11128
- C:\Windows\System\oHQgQFg.exe
  C:\Windows\System\oHQgQFg.exe
  2⤵
  PID:11152
- C:\Windows\System\bTNyHho.exe
  C:\Windows\System\bTNyHho.exe
  2⤵
  PID:11176
- C:\Windows\System\xKoRcjn.exe
  C:\Windows\System\xKoRcjn.exe
  2⤵
  PID:11200
- C:\Windows\System\UgtpavT.exe
  C:\Windows\System\UgtpavT.exe
  2⤵
  PID:11220
- C:\Windows\System\inDQDfT.exe
  C:\Windows\System\inDQDfT.exe
  2⤵
  PID:11244
- C:\Windows\System\VKdovEe.exe
  C:\Windows\System\VKdovEe.exe
  2⤵
  PID:5636
- C:\Windows\System\GzsSWqt.exe
  C:\Windows\System\GzsSWqt.exe
  2⤵
  PID:7984
- C:\Windows\System\MIvEURb.exe
  C:\Windows\System\MIvEURb.exe
  2⤵
  PID:8580
- C:\Windows\System\KhyjWMJ.exe
  C:\Windows\System\KhyjWMJ.exe
  2⤵
  PID:8648
- C:\Windows\System\GrVXDWG.exe
  C:\Windows\System\GrVXDWG.exe
  2⤵
  PID:8664
- C:\Windows\System\GxNdqNe.exe
  C:\Windows\System\GxNdqNe.exe
  2⤵
  PID:9316
- C:\Windows\System\ZTNUJjx.exe
  C:\Windows\System\ZTNUJjx.exe
  2⤵
  PID:5288
- C:\Windows\System\uXxRGrs.exe
  C:\Windows\System\uXxRGrs.exe
  2⤵
  PID:5456
- C:\Windows\System\BiNuLRe.exe
  C:\Windows\System\BiNuLRe.exe
  2⤵
  PID:6212
- C:\Windows\System\GZaQkZN.exe
  C:\Windows\System\GZaQkZN.exe
  2⤵
  PID:6712
- C:\Windows\System\SUoNvuH.exe
  C:\Windows\System\SUoNvuH.exe
  2⤵
  PID:6820
- C:\Windows\System\RodbpIi.exe
  C:\Windows\System\RodbpIi.exe
  2⤵
  PID:8804
- C:\Windows\System\TnAEgOn.exe
  C:\Windows\System\TnAEgOn.exe
  2⤵
  PID:9800
- C:\Windows\System\ElHlPUr.exe
  C:\Windows\System\ElHlPUr.exe
  2⤵
  PID:2112
- C:\Windows\System\VRtuExH.exe
  C:\Windows\System\VRtuExH.exe
  2⤵
  PID:8904
- C:\Windows\System\fGuCwGM.exe
  C:\Windows\System\fGuCwGM.exe
  2⤵
  PID:8936
- C:\Windows\System\eqosycI.exe
  C:\Windows\System\eqosycI.exe
  2⤵
  PID:7492
- C:\Windows\System\CvYZLrC.exe
  C:\Windows\System\CvYZLrC.exe
  2⤵
  PID:9080
- C:\Windows\System\tuDaWlJ.exe
  C:\Windows\System\tuDaWlJ.exe
  2⤵
  PID:10136
- C:\Windows\System\SYkknGn.exe
  C:\Windows\System\SYkknGn.exe
  2⤵
  PID:9172
- C:\Windows\System\oVNvqrS.exe
  C:\Windows\System\oVNvqrS.exe
  2⤵
  PID:8224
- C:\Windows\System\lYCuRpC.exe
  C:\Windows\System\lYCuRpC.exe
  2⤵
  PID:7872
- C:\Windows\System\VtFQkqD.exe
  C:\Windows\System\VtFQkqD.exe
  2⤵
  PID:6964
- C:\Windows\System\KKKDRgk.exe
  C:\Windows\System\KKKDRgk.exe
  2⤵
  PID:7316
- C:\Windows\System\vbTuQne.exe
  C:\Windows\System\vbTuQne.exe
  2⤵
  PID:7444
- C:\Windows\System\knEZFPP.exe
  C:\Windows\System\knEZFPP.exe
  2⤵
  PID:11292
- C:\Windows\System\InAoCkv.exe
  C:\Windows\System\InAoCkv.exe
  2⤵
  PID:11308
- C:\Windows\System\DACRTjj.exe
  C:\Windows\System\DACRTjj.exe
  2⤵
  PID:11332
- C:\Windows\System\HVmyCLl.exe
  C:\Windows\System\HVmyCLl.exe
  2⤵
  PID:11352
- C:\Windows\System\eSZSwpL.exe
  C:\Windows\System\eSZSwpL.exe
  2⤵
  PID:11376
- C:\Windows\System\XXoAmlX.exe
  C:\Windows\System\XXoAmlX.exe
  2⤵
  PID:11392
- C:\Windows\System\mWYsBIk.exe
  C:\Windows\System\mWYsBIk.exe
  2⤵
  PID:11416
- C:\Windows\System\HarfRgH.exe
  C:\Windows\System\HarfRgH.exe
  2⤵
  PID:11436
- C:\Windows\System\hktlSjS.exe
  C:\Windows\System\hktlSjS.exe
  2⤵
  PID:11456
- C:\Windows\System\BRjfduu.exe
  C:\Windows\System\BRjfduu.exe
  2⤵
  PID:11484
- C:\Windows\System\WXBLMil.exe
  C:\Windows\System\WXBLMil.exe
  2⤵
  PID:11500
- C:\Windows\System\VayUYbb.exe
  C:\Windows\System\VayUYbb.exe
  2⤵
  PID:11524
- C:\Windows\System\bWmkhId.exe
  C:\Windows\System\bWmkhId.exe
  2⤵
  PID:11548
- C:\Windows\System\stnPLrr.exe
  C:\Windows\System\stnPLrr.exe
  2⤵
  PID:11568
- C:\Windows\System\bdJLqFY.exe
  C:\Windows\System\bdJLqFY.exe
  2⤵
  PID:11584
- C:\Windows\System\XLcJeGp.exe
  C:\Windows\System\XLcJeGp.exe
  2⤵
  PID:11608
- C:\Windows\System\rSyndIl.exe
  C:\Windows\System\rSyndIl.exe
  2⤵
  PID:11632
- C:\Windows\System\SuuyrVt.exe
  C:\Windows\System\SuuyrVt.exe
  2⤵
  PID:11656
- C:\Windows\System\TDgpqGg.exe
  C:\Windows\System\TDgpqGg.exe
  2⤵
  PID:11684
- C:\Windows\System\dQYwYJc.exe
  C:\Windows\System\dQYwYJc.exe
  2⤵
  PID:11700
- C:\Windows\System\IsCoCwD.exe
  C:\Windows\System\IsCoCwD.exe
  2⤵
  PID:11720
- C:\Windows\System\WkQcRNp.exe
  C:\Windows\System\WkQcRNp.exe
  2⤵
  PID:11744
- C:\Windows\System\nRkWyyP.exe
  C:\Windows\System\nRkWyyP.exe
  2⤵
  PID:11764
- C:\Windows\System\auuhFub.exe
  C:\Windows\System\auuhFub.exe
  2⤵
  PID:11780
- C:\Windows\System\eDieYwl.exe
  C:\Windows\System\eDieYwl.exe
  2⤵
  PID:11804
- C:\Windows\System\ZfOqtlO.exe
  C:\Windows\System\ZfOqtlO.exe
  2⤵
  PID:11836
- C:\Windows\System\anilYQP.exe
  C:\Windows\System\anilYQP.exe
  2⤵
  PID:11852
- C:\Windows\System\BxpLFjY.exe
  C:\Windows\System\BxpLFjY.exe
  2⤵
  PID:11880
- C:\Windows\System\TqGkugF.exe
  C:\Windows\System\TqGkugF.exe
  2⤵
  PID:11900
- C:\Windows\System\RZvmiZa.exe
  C:\Windows\System\RZvmiZa.exe
  2⤵
  PID:11916
- C:\Windows\System\LhLLnBu.exe
  C:\Windows\System\LhLLnBu.exe
  2⤵
  PID:12000
- C:\Windows\System\phMIvPV.exe
  C:\Windows\System\phMIvPV.exe
  2⤵
  PID:12024
- C:\Windows\System\DLUbhPB.exe
  C:\Windows\System\DLUbhPB.exe
  2⤵
  PID:12044
- C:\Windows\System\QNTVJKw.exe
  C:\Windows\System\QNTVJKw.exe
  2⤵
  PID:12064
- C:\Windows\System\GZVYgSH.exe
  C:\Windows\System\GZVYgSH.exe
  2⤵
  PID:12092
- C:\Windows\System\AxrvgZS.exe
  C:\Windows\System\AxrvgZS.exe
  2⤵
  PID:12116
- C:\Windows\System\iNALaTA.exe
  C:\Windows\System\iNALaTA.exe
  2⤵
  PID:12136
- C:\Windows\System\AFCoWli.exe
  C:\Windows\System\AFCoWli.exe
  2⤵
  PID:12156
- C:\Windows\System\IviYtFI.exe
  C:\Windows\System\IviYtFI.exe
  2⤵
  PID:12184
- C:\Windows\System\yGPlFSw.exe
  C:\Windows\System\yGPlFSw.exe
  2⤵
  PID:12204
- C:\Windows\System\LeeDQNh.exe
  C:\Windows\System\LeeDQNh.exe
  2⤵
  PID:12224
- C:\Windows\System\LZpDFsD.exe
  C:\Windows\System\LZpDFsD.exe
  2⤵
  PID:12244
- C:\Windows\System\JzNrHHL.exe
  C:\Windows\System\JzNrHHL.exe
  2⤵
  PID:12264
- C:\Windows\System\VpvTsUD.exe
  C:\Windows\System\VpvTsUD.exe
  2⤵
  PID:8424
- C:\Windows\System\tohMWoI.exe
  C:\Windows\System\tohMWoI.exe
  2⤵
  PID:6596
- C:\Windows\System\xpXhUpW.exe
  C:\Windows\System\xpXhUpW.exe
  2⤵
  PID:7768
- C:\Windows\System\OkupGxn.exe
  C:\Windows\System\OkupGxn.exe
  2⤵
  PID:10264
- C:\Windows\System\uGBfJFy.exe
  C:\Windows\System\uGBfJFy.exe
  2⤵
  PID:5848
- C:\Windows\System\uWaZQpN.exe
  C:\Windows\System\uWaZQpN.exe
  2⤵
  PID:7896
- C:\Windows\System\pmquULj.exe
  C:\Windows\System\pmquULj.exe
  2⤵
  PID:8432
- C:\Windows\System\BcOzOzb.exe
  C:\Windows\System\BcOzOzb.exe
  2⤵
  PID:10408
- C:\Windows\System\meFyYSr.exe
  C:\Windows\System\meFyYSr.exe
  2⤵
  PID:9232
- C:\Windows\System\NkZhffQ.exe
  C:\Windows\System\NkZhffQ.exe
  2⤵
  PID:10444
- C:\Windows\System\fYprYyT.exe
  C:\Windows\System\fYprYyT.exe
  2⤵
  PID:3552
- C:\Windows\System\rztIQmk.exe
  C:\Windows\System\rztIQmk.exe
  2⤵
  PID:10548
- C:\Windows\System\rFBnIgw.exe
  C:\Windows\System\rFBnIgw.exe
  2⤵
  PID:8756
- C:\Windows\System\qVbtjBK.exe
  C:\Windows\System\qVbtjBK.exe
  2⤵
  PID:9712
- C:\Windows\System\rCngFDt.exe
  C:\Windows\System\rCngFDt.exe
  2⤵
  PID:10796
- C:\Windows\System\mQeATIb.exe
  C:\Windows\System\mQeATIb.exe
  2⤵
  PID:9804
- C:\Windows\System\lwfVpOW.exe
  C:\Windows\System\lwfVpOW.exe
  2⤵
  PID:8888
- C:\Windows\System\eYJrDre.exe
  C:\Windows\System\eYJrDre.exe
  2⤵
  PID:9912
- C:\Windows\System\FIVypRk.exe
  C:\Windows\System\FIVypRk.exe
  2⤵
  PID:4784
- C:\Windows\System\cXaYhKp.exe
  C:\Windows\System\cXaYhKp.exe
  2⤵
  PID:9024
- C:\Windows\System\mCyXqCZ.exe
  C:\Windows\System\mCyXqCZ.exe
  2⤵
  PID:9992
- C:\Windows\System\QMDbsXM.exe
  C:\Windows\System\QMDbsXM.exe
  2⤵
  PID:11192
- C:\Windows\System\ZPyEnwC.exe
  C:\Windows\System\ZPyEnwC.exe
  2⤵
  PID:9120
- C:\Windows\System\bScfmwd.exe
  C:\Windows\System\bScfmwd.exe
  2⤵
  PID:5360
- C:\Windows\System\lBNUIKZ.exe
  C:\Windows\System\lBNUIKZ.exe
  2⤵
  PID:5724
- C:\Windows\System\YfDSouP.exe
  C:\Windows\System\YfDSouP.exe
  2⤵
  PID:8828
- C:\Windows\System\PpJPTRf.exe
  C:\Windows\System\PpJPTRf.exe
  2⤵
  PID:12304
- C:\Windows\System\SeWDzwI.exe
  C:\Windows\System\SeWDzwI.exe
  2⤵
  PID:12328
- C:\Windows\System\MgpUEAu.exe
  C:\Windows\System\MgpUEAu.exe
  2⤵
  PID:12352
- C:\Windows\System\LpzGaac.exe
  C:\Windows\System\LpzGaac.exe
  2⤵
  PID:12368
- C:\Windows\System\BJKKMlw.exe
  C:\Windows\System\BJKKMlw.exe
  2⤵
  PID:12392
- C:\Windows\System\ujsgefg.exe
  C:\Windows\System\ujsgefg.exe
  2⤵
  PID:12420
- C:\Windows\System\zBYjRBw.exe
  C:\Windows\System\zBYjRBw.exe
  2⤵
  PID:12436
- C:\Windows\System\XypKlxg.exe
  C:\Windows\System\XypKlxg.exe
  2⤵
  PID:12460
- C:\Windows\System\euHSUlO.exe
  C:\Windows\System\euHSUlO.exe
  2⤵
  PID:12480
- C:\Windows\System\kQfonyl.exe
  C:\Windows\System\kQfonyl.exe
  2⤵
  PID:12500
- C:\Windows\System\xXJvrSN.exe
  C:\Windows\System\xXJvrSN.exe
  2⤵
  PID:12524
- C:\Windows\System\VARmhJN.exe
  C:\Windows\System\VARmhJN.exe
  2⤵
  PID:12552
- C:\Windows\System\jwjqfgB.exe
  C:\Windows\System\jwjqfgB.exe
  2⤵
  PID:12572
- C:\Windows\System\ATPHFmA.exe
  C:\Windows\System\ATPHFmA.exe
  2⤵
  PID:12592
- C:\Windows\System\JlOHuQq.exe
  C:\Windows\System\JlOHuQq.exe
  2⤵
  PID:12616
- C:\Windows\System\PeuRcPj.exe
  C:\Windows\System\PeuRcPj.exe
  2⤵
  PID:12632
- C:\Windows\System\rksphXi.exe
  C:\Windows\System\rksphXi.exe
  2⤵
  PID:12656
- C:\Windows\System\RSrgVjX.exe
  C:\Windows\System\RSrgVjX.exe
  2⤵
  PID:12672
- C:\Windows\System\HCgNHxk.exe
  C:\Windows\System\HCgNHxk.exe
  2⤵
  PID:12696
- C:\Windows\System\iynztCI.exe
  C:\Windows\System\iynztCI.exe
  2⤵
  PID:12720
- C:\Windows\System\vRkEZev.exe
  C:\Windows\System\vRkEZev.exe
  2⤵
  PID:12744
- C:\Windows\System\GdkFZYr.exe
  C:\Windows\System\GdkFZYr.exe
  2⤵
  PID:12768
- C:\Windows\System\dpvEfzH.exe
  C:\Windows\System\dpvEfzH.exe
  2⤵
  PID:12784
- C:\Windows\System\HEEWFYF.exe
  C:\Windows\System\HEEWFYF.exe
  2⤵
  PID:12808
- C:\Windows\System\LbprGMW.exe
  C:\Windows\System\LbprGMW.exe
  2⤵
  PID:12828
- C:\Windows\System\JcIthTd.exe
  C:\Windows\System\JcIthTd.exe
  2⤵
  PID:12848
- C:\Windows\System\VLBHMWg.exe
  C:\Windows\System\VLBHMWg.exe
  2⤵
  PID:12872
- C:\Windows\System\mAlHwDy.exe
  C:\Windows\System\mAlHwDy.exe
  2⤵
  PID:12892
- C:\Windows\System\jFUUFmP.exe
  C:\Windows\System\jFUUFmP.exe
  2⤵
  PID:12916
- C:\Windows\System\weRXljv.exe
  C:\Windows\System\weRXljv.exe
  2⤵
  PID:12936
- C:\Windows\System\vYnxYfV.exe
  C:\Windows\System\vYnxYfV.exe
  2⤵
  PID:12956
- C:\Windows\System\SOspoBq.exe
  C:\Windows\System\SOspoBq.exe
  2⤵
  PID:12984
- C:\Windows\System\Qooeooy.exe
  C:\Windows\System\Qooeooy.exe
  2⤵
  PID:13000
- C:\Windows\System\vfkyPSx.exe
  C:\Windows\System\vfkyPSx.exe
  2⤵
  PID:13024
- C:\Windows\System\xGVVlMF.exe
  C:\Windows\System\xGVVlMF.exe
  2⤵
  PID:13048
- C:\Windows\System\daCpRIC.exe
  C:\Windows\System\daCpRIC.exe
  2⤵
  PID:13072
- C:\Windows\System\rIirVRm.exe
  C:\Windows\System\rIirVRm.exe
  2⤵
  PID:13096
- C:\Windows\System\gpsUZfT.exe
  C:\Windows\System\gpsUZfT.exe
  2⤵
  PID:13120
- C:\Windows\System\NkkEJsf.exe
  C:\Windows\System\NkkEJsf.exe
  2⤵
  PID:13140
- C:\Windows\System\oVYWqoQ.exe
  C:\Windows\System\oVYWqoQ.exe
  2⤵
  PID:13192
- C:\Windows\System\NFGFfPD.exe
  C:\Windows\System\NFGFfPD.exe
  2⤵
  PID:11736
- C:\Windows\System\QobODfC.exe
  C:\Windows\System\QobODfC.exe
  2⤵
  PID:10008
- C:\Windows\System\OlozYFg.exe
  C:\Windows\System\OlozYFg.exe
  2⤵
  PID:4616
- C:\Windows\System\Barpgps.exe
  C:\Windows\System\Barpgps.exe
  2⤵
  PID:10116
- C:\Windows\System\HtpJwiB.exe
  C:\Windows\System\HtpJwiB.exe
  2⤵
  PID:5316
- C:\Windows\System\SrXdcEV.exe
  C:\Windows\System\SrXdcEV.exe
  2⤵
  PID:10980
- C:\Windows\System\IQuKEFi.exe
  C:\Windows\System\IQuKEFi.exe
  2⤵
  PID:11048
- C:\Windows\System\nFeeWNX.exe
  C:\Windows\System\nFeeWNX.exe
  2⤵
  PID:12040
- C:\Windows\System\DDPuAfd.exe
  C:\Windows\System\DDPuAfd.exe
  2⤵
  PID:12088
- C:\Windows\System\NeMQfPs.exe
  C:\Windows\System\NeMQfPs.exe
  2⤵
  PID:12148
- C:\Windows\System\aJjQrGn.exe
  C:\Windows\System\aJjQrGn.exe
  2⤵
  PID:12212
- C:\Windows\System\vSQsLzi.exe
  C:\Windows\System\vSQsLzi.exe
  2⤵
  PID:12252
- C:\Windows\System\YlrytZm.exe
  C:\Windows\System\YlrytZm.exe
  2⤵
  PID:8408
- C:\Windows\System\SLhribd.exe
  C:\Windows\System\SLhribd.exe
  2⤵
  PID:8520
- C:\Windows\System\KXttZZt.exe
  C:\Windows\System\KXttZZt.exe
  2⤵
  PID:8292
- C:\Windows\System\MdlFbKA.exe
  C:\Windows\System\MdlFbKA.exe
  2⤵
  PID:3276
- C:\Windows\System\EIfltQL.exe
  C:\Windows\System\EIfltQL.exe
  2⤵
  PID:9672
- C:\Windows\System\uOGQAhx.exe
  C:\Windows\System\uOGQAhx.exe
  2⤵
  PID:12336
- C:\Windows\System\FDEBWiI.exe
  C:\Windows\System\FDEBWiI.exe
  2⤵
  PID:13188
- C:\Windows\System\mHvLHzl.exe
  C:\Windows\System\mHvLHzl.exe
  2⤵
  PID:3980
- C:\Windows\System\GoDHfLI.exe
  C:\Windows\System\GoDHfLI.exe
  2⤵
  PID:11340
- C:\Windows\System\aBCrCEO.exe
  C:\Windows\System\aBCrCEO.exe
  2⤵
  PID:9400
- C:\Windows\System\CCTaQyt.exe
  C:\Windows\System\CCTaQyt.exe
  2⤵
  PID:12968
- C:\Windows\System\Iyvbeyp.exe
  C:\Windows\System\Iyvbeyp.exe
  2⤵
  PID:7900
- C:\Windows\System\RHyIokk.exe
  C:\Windows\System\RHyIokk.exe
  2⤵
  PID:10236
- C:\Windows\System\LfjTrJO.exe
  C:\Windows\System\LfjTrJO.exe
  2⤵
  PID:11620
- C:\Windows\System\rOEFGHy.exe
  C:\Windows\System\rOEFGHy.exe
  2⤵
  PID:9000
- C:\Windows\System\VXjKkCU.exe
  C:\Windows\System\VXjKkCU.exe
  2⤵
  PID:12404
- C:\Windows\System\ggVJFCC.exe
  C:\Windows\System\ggVJFCC.exe
  2⤵
  PID:12544
- C:\Windows\System\zeSxeRj.exe
  C:\Windows\System\zeSxeRj.exe
  2⤵
  PID:11888
- C:\Windows\System\NfyLLnj.exe
  C:\Windows\System\NfyLLnj.exe
  2⤵
  PID:9336
- C:\Windows\System\sNhZtxM.exe
  C:\Windows\System\sNhZtxM.exe
  2⤵
  PID:5756
- C:\Windows\System\niiLbpI.exe
  C:\Windows\System\niiLbpI.exe
  2⤵
  PID:11016
- C:\Windows\System\GZrtJug.exe
  C:\Windows\System\GZrtJug.exe
  2⤵
  PID:464
- C:\Windows\System\gFacLLH.exe
  C:\Windows\System\gFacLLH.exe
  2⤵
  PID:10904
- C:\Windows\System\JmpkfwT.exe
  C:\Windows\System\JmpkfwT.exe
  2⤵
  PID:11616
- C:\Windows\System\CNXkFYi.exe
  C:\Windows\System\CNXkFYi.exe
  2⤵
  PID:12300
- C:\Windows\System\ECeDdcP.exe
  C:\Windows\System\ECeDdcP.exe
  2⤵
  PID:10908
- C:\Windows\System\zdyuGfn.exe
  C:\Windows\System\zdyuGfn.exe
  2⤵
  PID:4400
- C:\Windows\System\EZiuVUi.exe
  C:\Windows\System\EZiuVUi.exe
  2⤵
  PID:11360
- C:\Windows\System\IdgZqMe.exe
  C:\Windows\System\IdgZqMe.exe
  2⤵
  PID:10220
- C:\Windows\System\jDAPavq.exe
  C:\Windows\System\jDAPavq.exe
  2⤵
  PID:10180
- C:\Windows\System\grmYODe.exe
  C:\Windows\System\grmYODe.exe
  2⤵
  PID:12164
- C:\Windows\System\qHyhzqx.exe
  C:\Windows\System\qHyhzqx.exe
  2⤵
  PID:12776
- C:\Windows\System\XoCXJSb.exe
  C:\Windows\System\XoCXJSb.exe
  2⤵
  PID:3536
- C:\Windows\System\wAwTqhg.exe
  C:\Windows\System\wAwTqhg.exe
  2⤵
  PID:11640
- C:\Windows\System\NeYtLkk.exe
  C:\Windows\System\NeYtLkk.exe
  2⤵
  PID:10440
- C:\Windows\System\vlfZSsV.exe
  C:\Windows\System\vlfZSsV.exe
  2⤵
  PID:860
- C:\Windows\System\SBvPRya.exe
  C:\Windows\System\SBvPRya.exe
  2⤵
  PID:10880
- C:\Windows\System\KlLKzgi.exe
  C:\Windows\System\KlLKzgi.exe
  2⤵
  PID:4508
- C:\Windows\System\XtCamFi.exe
  C:\Windows\System\XtCamFi.exe
  2⤵
  PID:12508
- C:\Windows\System\looQgKA.exe
  C:\Windows\System\looQgKA.exe
  2⤵
  PID:8592
- C:\Windows\System\vgkgIEH.exe
  C:\Windows\System\vgkgIEH.exe
  2⤵
  PID:1612
- C:\Windows\System\ElYzvTY.exe
  C:\Windows\System\ElYzvTY.exe
  2⤵
  PID:11092
- C:\Windows\System\kOGSEVg.exe
  C:\Windows\System\kOGSEVg.exe
  2⤵
  PID:6184
- C:\Windows\System\IijNIYo.exe
  C:\Windows\System\IijNIYo.exe
  2⤵
  PID:3220
- C:\Windows\System\MBXwuON.exe
  C:\Windows\System\MBXwuON.exe
  2⤵
  PID:12412
- C:\Windows\System\gSCddtL.exe
  C:\Windows\System\gSCddtL.exe
  2⤵
  PID:3176
- C:\Windows\System\VoNIPEY.exe
  C:\Windows\System\VoNIPEY.exe
  2⤵
  PID:4728
- C:\Windows\System\bFccaiO.exe
  C:\Windows\System\bFccaiO.exe
  2⤵
  PID:11652
- C:\Windows\System\glfzRCE.exe
  C:\Windows\System\glfzRCE.exe
  2⤵
  PID:12568
- C:\Windows\System\mOYWLLA.exe
  C:\Windows\System\mOYWLLA.exe
  2⤵
  PID:2840
- C:\Windows\System\CUDhSmi.exe
  C:\Windows\System\CUDhSmi.exe
  2⤵
  PID:8892
- C:\Windows\System\WGICoSi.exe
  C:\Windows\System\WGICoSi.exe
  2⤵
  PID:1216
- C:\Windows\System\JBiaHux.exe
  C:\Windows\System\JBiaHux.exe
  2⤵
  PID:8856
- C:\Windows\System\OAMebvZ.exe
  C:\Windows\System\OAMebvZ.exe
  2⤵
  PID:11752
- C:\Windows\System\PQvMILl.exe
  C:\Windows\System\PQvMILl.exe
  2⤵
  PID:12432
- C:\Windows\System\oxqbyCT.exe
  C:\Windows\System\oxqbyCT.exe
  2⤵
  PID:11140
- C:\Windows\System\QhuSymW.exe
  C:\Windows\System\QhuSymW.exe
  2⤵
  PID:740
- C:\Windows\System\UqBLhxh.exe
  C:\Windows\System\UqBLhxh.exe
  2⤵
  PID:376
- C:\Windows\System\MFtlskh.exe
  C:\Windows\System\MFtlskh.exe
  2⤵
  PID:13668
- C:\Windows\System\wgzowwY.exe
  C:\Windows\System\wgzowwY.exe
  2⤵
  PID:13696
- C:\Windows\System\EqHEycw.exe
  C:\Windows\System\EqHEycw.exe
  2⤵
  PID:13716
- C:\Windows\System\PNBccHH.exe
  C:\Windows\System\PNBccHH.exe
  2⤵
  PID:13740
- C:\Windows\System\JGZtTGV.exe
  C:\Windows\System\JGZtTGV.exe
  2⤵
  PID:13760
- C:\Windows\System\dyHjQdA.exe
  C:\Windows\System\dyHjQdA.exe
  2⤵
  PID:13780
- C:\Windows\System\fwMJadw.exe
  C:\Windows\System\fwMJadw.exe
  2⤵
  PID:13800
- C:\Windows\System\nClvOJq.exe
  C:\Windows\System\nClvOJq.exe
  2⤵
  PID:13816
- C:\Windows\System\PxHhzHs.exe
  C:\Windows\System\PxHhzHs.exe
  2⤵
  PID:13836
- C:\Windows\System\yHFopFO.exe
  C:\Windows\System\yHFopFO.exe
  2⤵
  PID:13856
- C:\Windows\System\AhraKqc.exe
  C:\Windows\System\AhraKqc.exe
  2⤵
  PID:13872
- C:\Windows\System\cfcPHFz.exe
  C:\Windows\System\cfcPHFz.exe
  2⤵
  PID:13892
- C:\Windows\System\BqtDUnf.exe
  C:\Windows\System\BqtDUnf.exe
  2⤵
  PID:13912
- C:\Windows\System\tDFPtIR.exe
  C:\Windows\System\tDFPtIR.exe
  2⤵
  PID:13928
- C:\Windows\System\xlEWZUB.exe
  C:\Windows\System\xlEWZUB.exe
  2⤵
  PID:13948
- C:\Windows\System\qWTQuXM.exe
  C:\Windows\System\qWTQuXM.exe
  2⤵
  PID:13964
- C:\Windows\System\lUXYmTO.exe
  C:\Windows\System\lUXYmTO.exe
  2⤵
  PID:13984
- C:\Windows\System\kWngsev.exe
  C:\Windows\System\kWngsev.exe
  2⤵
  PID:14000
- C:\Windows\System\VfYshkF.exe
  C:\Windows\System\VfYshkF.exe
  2⤵
  PID:14024
- C:\Windows\System\pMDstDa.exe
  C:\Windows\System\pMDstDa.exe
  2⤵
  PID:14056
- C:\Windows\System\ysrVDqJ.exe
  C:\Windows\System\ysrVDqJ.exe
  2⤵
  PID:14084
- C:\Windows\System\uxMjDli.exe
  C:\Windows\System\uxMjDli.exe
  2⤵
  PID:4256
- C:\Windows\System\jNqLUgZ.exe
  C:\Windows\System\jNqLUgZ.exe
  2⤵
  PID:11560
- C:\Windows\System\VGOHHxF.exe
  C:\Windows\System\VGOHHxF.exe
  2⤵
  PID:8400
- C:\Windows\System\OEELAfV.exe
  C:\Windows\System\OEELAfV.exe
  2⤵
  PID:13372
- C:\Windows\System\MNaUrtF.exe
  C:\Windows\System\MNaUrtF.exe
  2⤵
  PID:4668
- C:\Windows\System\wnAuQpB.exe
  C:\Windows\System\wnAuQpB.exe
  2⤵
  PID:9480
- C:\Windows\System\FWFGSHd.exe
  C:\Windows\System\FWFGSHd.exe
  2⤵
  PID:4448
- C:\Windows\System\KQksxyE.exe
  C:\Windows\System\KQksxyE.exe
  2⤵
  PID:9044
- C:\Windows\System\HeVsTTq.exe
  C:\Windows\System\HeVsTTq.exe
  2⤵
  PID:13352
- C:\Windows\System\kgVKpTD.exe
  C:\Windows\System\kgVKpTD.exe
  2⤵
  PID:13404
- C:\Windows\System\IgPXgzJ.exe
  C:\Windows\System\IgPXgzJ.exe
  2⤵
  PID:13432
- C:\Windows\System\sfEhbrT.exe
  C:\Windows\System\sfEhbrT.exe
  2⤵
  PID:4392
- C:\Windows\System\MrfVDFM.exe
  C:\Windows\System\MrfVDFM.exe
  2⤵
  PID:13612
- C:\Windows\System\MaoTmvT.exe
  C:\Windows\System\MaoTmvT.exe
  2⤵
  PID:13636
- C:\Windows\System\uXrnUkl.exe
  C:\Windows\System\uXrnUkl.exe
  2⤵
  PID:12624
- C:\Windows\System\gKebmoq.exe
  C:\Windows\System\gKebmoq.exe
  2⤵
  PID:13020
- C:\Windows\System\VYBivbP.exe
  C:\Windows\System\VYBivbP.exe
  2⤵
  PID:13608
- C:\Windows\System\oSHcLrW.exe
  C:\Windows\System\oSHcLrW.exe
  2⤵
  PID:13656
- C:\Windows\System\XpdgexK.exe
  C:\Windows\System\XpdgexK.exe
  2⤵
  PID:14032
- C:\Windows\System\VgpNFHy.exe
  C:\Windows\System\VgpNFHy.exe
  2⤵
  PID:13956
- C:\Windows\System\OtbMkun.exe
  C:\Windows\System\OtbMkun.exe
  2⤵
  PID:14008
- C:\Windows\System\WsBDice.exe
  C:\Windows\System\WsBDice.exe
  2⤵
  PID:14068
- C:\Windows\System\UYRsPzl.exe
  C:\Windows\System\UYRsPzl.exe
  2⤵
  PID:12316
- C:\Windows\System\RqksZxE.exe
  C:\Windows\System\RqksZxE.exe
  2⤵
  PID:7072
- C:\Windows\System\wOPswGs.exe
  C:\Windows\System\wOPswGs.exe
  2⤵
  PID:13360
- C:\Windows\System\fsbRicB.exe
  C:\Windows\System\fsbRicB.exe
  2⤵
  PID:12612
- C:\Windows\System\QFhdycu.exe
  C:\Windows\System\QFhdycu.exe
  2⤵
  PID:9564
- C:\Windows\System\PQrdXfq.exe
  C:\Windows\System\PQrdXfq.exe
  2⤵
  PID:13568
- C:\Windows\System\hhSHOEy.exe
  C:\Windows\System\hhSHOEy.exe
  2⤵
  PID:13772
- C:\Windows\System\HwFDDPV.exe
  C:\Windows\System\HwFDDPV.exe
  2⤵
  PID:10412
- C:\Windows\System\WtZJzMV.exe
  C:\Windows\System\WtZJzMV.exe
  2⤵
  PID:1980
- C:\Windows\System\RjolshH.exe
  C:\Windows\System\RjolshH.exe
  2⤵
  PID:3936
- C:\Windows\System\NuCrsgG.exe
  C:\Windows\System\NuCrsgG.exe
  2⤵
  PID:13524
- C:\Windows\System\ZcvXLny.exe
  C:\Windows\System\ZcvXLny.exe
  2⤵
  PID:13356
- C:\Windows\System\smMPbdS.exe
  C:\Windows\System\smMPbdS.exe
  2⤵
  PID:13628
- C:\Windows\System\Xyrwunq.exe
  C:\Windows\System\Xyrwunq.exe
  2⤵
  PID:11964
- C:\Windows\System\XYUAcwy.exe
  C:\Windows\System\XYUAcwy.exe
  2⤵
  PID:13572
- C:\Windows\System\RrhbsKj.exe
  C:\Windows\System\RrhbsKj.exe
  2⤵
  PID:13460
- C:\Windows\System\VBoBZVN.exe
  C:\Windows\System\VBoBZVN.exe
  2⤵
  PID:13688
- C:\Windows\System\kxjXMtx.exe
  C:\Windows\System\kxjXMtx.exe
  2⤵
  PID:13792
- C:\Windows\System\lzFJvUX.exe
  C:\Windows\System\lzFJvUX.exe
  2⤵
  PID:13812
- C:\Windows\System\tcDhKdn.exe
  C:\Windows\System\tcDhKdn.exe
  2⤵
  PID:13156
- C:\Windows\System\FIoydcp.exe
  C:\Windows\System\FIoydcp.exe
  2⤵
  PID:8780
- C:\Windows\System\aTNWzpG.exe
  C:\Windows\System\aTNWzpG.exe
  2⤵
  PID:3000
- C:\Windows\System\jPhObHN.exe
  C:\Windows\System\jPhObHN.exe
  2⤵
  PID:13724
- C:\Windows\System\wxtGRpe.exe
  C:\Windows\System\wxtGRpe.exe
  2⤵
  PID:14140
- C:\Windows\System\lcJrNSf.exe
  C:\Windows\System\lcJrNSf.exe
  2⤵
  PID:14096
- C:\Windows\System\SbZpOrO.exe
  C:\Windows\System\SbZpOrO.exe
  2⤵
  PID:13132
- C:\Windows\System\RAjtGMh.exe
  C:\Windows\System\RAjtGMh.exe
  2⤵
  PID:14144
- C:\Windows\System\gkThbqt.exe
  C:\Windows\System\gkThbqt.exe
  2⤵
  PID:14312
- C:\Windows\System\DAtmApE.exe
  C:\Windows\System\DAtmApE.exe
  2⤵
  PID:6852
- C:\Windows\System\euCaqkL.exe
  C:\Windows\System\euCaqkL.exe
  2⤵
  PID:2108
- C:\Windows\System\hAQEovI.exe
  C:\Windows\System\hAQEovI.exe
  2⤵
  PID:2104
- C:\Windows\System\faZSzjz.exe
  C:\Windows\System\faZSzjz.exe
  2⤵
  PID:8364
- C:\Windows\System\PrRxbqP.exe
  C:\Windows\System\PrRxbqP.exe
  2⤵
  PID:4232
- C:\Windows\System\FgCyvPv.exe
  C:\Windows\System\FgCyvPv.exe
  2⤵
  PID:13868
- C:\Windows\System\dOFDvYa.exe
  C:\Windows\System\dOFDvYa.exe
  2⤵
  PID:14320
- C:\Windows\System\OyBWIKs.exe
  C:\Windows\System\OyBWIKs.exe
  2⤵
  PID:11172

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 568 -p 10912 -ip 10912
1⤵
PID:740

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
- Modifies data under HKEY_USERS
PID:14208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ix1ytvll.no1.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\ADODUSu.exe

Filesize
1.8MB

MD5
e4374d33118d2942894de628224a5d9f

SHA1
20e316fb27e7249733135013c2d101484f579e3f

SHA256
fc237dc1d7909b0421b0dd3df1952df15c9fd0e77e11f6cd434c1b0015fe893a

SHA512
36177d1e46d467097367fe2d1dd4758cc4d735c92316600dcc5c7c31e4d4ea2e2f18674e096ce7a573004241a8401597b5324fafdd9d3ca7110b5fcaaea3c240

Download Submit
C:\Windows\System\AGItPIB.exe

Filesize
1.8MB

MD5
1c6631fdd8eda02b2758ffe80abcb6ed

SHA1
7ff016b8185f45ee7d308aae77b30fa91487674a

SHA256
a2db8b702bd5d781a8a487bbc19527906cc93c9c993c0522ad9e7f8f30545748

SHA512
3857771e5341d333c0cd03fc46d82253be1aae8bd2d4604ca4f21031f04a5e87d86e9b6d59dfc8a2612326b97f7f43ab5cb333789e55006606c1464415fa12a9

Download Submit
C:\Windows\System\AXIbZnD.exe

Filesize
1.8MB

MD5
0999b18ca7c50a58015c049e40c75ff2

SHA1
0acafeb9aaf31fb25b5a841a7907cd13853ba53c

SHA256
a6c329d58c4ca307ee42fc279b50fab6902a638eb185455a793ef49e014b7a84

SHA512
eaf6f56be69ed33138fe0579288c9f2b835f11f0249eda574446dcb50f1d10c76e3fb65483869b71f32e89db97d069909687aa6aab243ba58efe67785a609cac

Download Submit
C:\Windows\System\AguwdHX.exe

Filesize
1.8MB

MD5
eafcfc2363c8bb7511156ea3205f2049

SHA1
43fefbec07e8d685c513272eba630cada3890a78

SHA256
f0712e1262a55d033fff0d595063d30558b60799cff11ddc2190caaf70804fa5

SHA512
7174f6293d514ff29ead7e84b4d5dc69398467c81195dfd246eea7a5b1e959c5077f3aacfaa2bb6fb980d56a1f163c28b8c6410e378303dee40082e3cf931e1f

Download Submit
C:\Windows\System\BcdBiuG.exe

Filesize
1.8MB

MD5
4e9888350a4d13b89e45431d6269a835

SHA1
dcc205642e4f5193b45d3460f8fb25ac49a9a0c0

SHA256
9e07bc70220683c21c60ce06e4d777852203e0ba55d2431d6724a3428bd3223b

SHA512
964d74cc8cd6571f9310ec404f631092f76a79c8c85d4d3f767da7c19e66fb411e9e117c5b5092ca2c8fa734e6cf086adec29457e290a6c5066de5f753a5b173

Download Submit
C:\Windows\System\CjvUNle.exe

Filesize
1.8MB

MD5
97ef41bed9b41b3b9416fa58f137f98f

SHA1
fc2ff352fe5970ca4e14104df54d8f09d96cd0f6

SHA256
c09e163d3e77df7a4cbdaa9e69a840e79c3ac6a5c4a1b5ffcd0521be6b9b0ce5

SHA512
f2ecccb705fc1bd852be0e8480975179f4f1e82e2ccd03b680053c14624d48153f36f1c5a84300281a90dfe484313e09ed67bfc0f3a2b6ad4367d5e081e94863

Download Submit
C:\Windows\System\FtAWJwa.exe

Filesize
1.8MB

MD5
3b59c9f34b293b221cc3f10956cc9a71

SHA1
2571754a26b69300e8021cc94c12d9f22db0a8b3

SHA256
66bcc12e781a2351ae320f609f8c9c18766f65aeb9906a3cd9807461cfe8d676

SHA512
d4764d0b3316761f8d069682bcb645236d8a29f8d6480c29fdd56cedeefb119fad03cef492afd05e62da8561c3cc9b7623d88c1b19f7464de3aa1b50a2498270

Download Submit
C:\Windows\System\GwoitDD.exe

Filesize
1.8MB

MD5
dafeb0ff10b369f5fa72cead6bd13f2a

SHA1
c338ba2530253d4bce6a9d49c19ad0f15bd80607

SHA256
6459c1f4fc59f6277a84866e2a303b6795d3ea40681c1f2e921ea6cf1e388286

SHA512
32c92539e9b11677ba5f5963e3141b91490ca731a14578fb25363471407c01b3caddee6ea732cc3582e8d296d3fea875d731e433ce2ece7afdba3efb1f0146cf

Download Submit
C:\Windows\System\HzGEoGC.exe

Filesize
1.8MB

MD5
8cfa57d514c5ea6b6ba42e29cfbecbfd

SHA1
a8523a53d7dd237ffff2a7e67b6f8b4cdb096d00

SHA256
3902ed4e31375f51e724734bbcb6886ece0b8f3086a2dfa41dbe033b4d18d515

SHA512
d235fc5c75bc61b8a7053afb9d6419d6c5759104b8af792c3cfb2ef5c6cada2e757fcf78654978e9d619fea239c08fbc5c71e198fd510eca21564a494c41c38a

Download Submit
C:\Windows\System\KIRvQIR.exe

Filesize
1.8MB

MD5
c6a7109de1a7a2006653f523398afd58

SHA1
365d851a0e5bf5c6de4e9136ad18cfd151688649

SHA256
b471096b10c2abab080cb545f309f253aad1cb29747c6e2f46be8bc5601e9a29

SHA512
336a344bfbeba94dda2acc86792218fd588558b611e30b29677acd2db2b4a1bd1841694202efa3cffc4905a6c34a6e94aa973c6f8029b317a7205709232eca4a

Download Submit
C:\Windows\System\NQUYMmM.exe

Filesize
1.8MB

MD5
70ff3a262b36ea4d0170def85f91016d

SHA1
af2a0a5ea33aea6d9be0a414a7d22f55ffeeba30

SHA256
739ea4918c7afbc27c12cd36f9479635bd0bd3f4eb641be5a5dc854d04b9c865

SHA512
ee0384b673f2b5e3107e807c5ef0fc95d141cfd060931704973564ce8d2e730a5a5433b41b7fab24b678966390c750fd4a6e36228c470593931eb9fce106dc1f

Download Submit
C:\Windows\System\PVAtJAY.exe

Filesize
1.8MB

MD5
ee566a1c9b75db3a90a1b1794036757b

SHA1
4e95c81273f5aa8255a6468dc321cdf3cdfa47fe

SHA256
8da70cd8a73e09c687e5a7e90aec3b002073cc3e9683f9e8201ef7f92c428bcf

SHA512
da751ace47d0a41de2f618607a597542ac6e810bef9162c9062386ec4459a7942cd56fbfba83059542c98959e53b532d9e529764cf86b8e1fc1835337bebaef6

Download Submit
C:\Windows\System\VSCenCk.exe

Filesize
1.8MB

MD5
8d6dfc9e5f52dfaddac8b0bcbbc864c9

SHA1
eb0bbb825dfbb3463c45fc22cc54a3f9b26bb906

SHA256
c8d214d62e65a5f03efee73af3932fc9049255c3893606fc07941407f4bb8050

SHA512
7f9e0d11a932e83f6adc927a55287e32d49ba5724b3ceb80e620b1385639f1411203c78fdac79131d48f4331996fe234bf7fa6807fa5bdd0f456aeac65ac11c1

Download Submit
C:\Windows\System\VXfLuDO.exe

Filesize
1.8MB

MD5
eb9ed965f812d61f0b770d463ce7c7a2

SHA1
073dd011f0b60efd826d8b96c406333dccb6efa3

SHA256
5ec0f60b88366cfc3d929700601bddc9bc894a8af94b60345686bedbe6be9cb4

SHA512
d05dc37350c0bcc7af97d30b331dbdce4269a0a40bf1d46118ead9bfffebd8860fccebaef061a41ce3221cbc084d390f7602ca2000bd2393ff20d8bbd5c1c703

Download Submit
C:\Windows\System\XMFjDdv.exe

Filesize
1.8MB

MD5
75894417f5967f663a80a72fd53b3bd1

SHA1
b0667f6b65fa12c253674291f3d0d74c5aa3db5f

SHA256
b7896b55aab9a1e21b3b67ee64294934cbdfb80e0b17615fad3bea78da06b142

SHA512
07ba89dd29ea72c829925d016dd04549a3fabc8c10f1038376ec7b31efa589ae368b252f2eddc8a3fc39614756310e1dcf3a7f9b50d9a4870077eeff8c5241b5

Download Submit
C:\Windows\System\Yhsqzzp.exe

Filesize
1.8MB

MD5
d835676c7f66af012a8be17d0bbe5a0d

SHA1
f9eeae7e39f002fcf1a8bb9e13692bb1d6d7beaa

SHA256
6bc671b7832671648df632dd015096e872c483823df17c8832ca9264a57ad982

SHA512
ea4413fc635597d6464514949167e7bef17463de7dc10f2a5d8b35b0c2121c90678a292425dfaf0898cae1eec4a1164fa136b9334f82617789fff1922dd1346c

Download Submit
C:\Windows\System\bvUJuBN.exe

Filesize
1.8MB

MD5
a6861cb93b449ee3333562c3ecfe2139

SHA1
787ddccd6b2ef1159b6461aea913d554f6d3ae36

SHA256
4854d728caccd97d31bec7e0d4e5ccd214fc3dbc3a0aeecac31c3196b44cfb54

SHA512
bbe412c28fb96d6d5f73c7518ad8544e557a9c599e78e59606e64b61755cca88cde2cdf27a36eaad3defaf1da73936e339bea79d2cb3088246bde9fa6a440ebb

Download Submit
C:\Windows\System\cJwjGLP.exe

Filesize
1.8MB

MD5
c8bb79ed24dc5a35ebcd95279e0ec014

SHA1
65a212a854a9f38c84afa963579dba132bef4471

SHA256
07551432032cb716fbbd8f56a0529f982dd3716592d8faf2b363035aba3525f4

SHA512
f937b0703b9d3272e606603e6a005969d35daca5bf54a2c941b1134d741b919ff08c5d5484ce112c643109abd1654cf7c93789d379b9dd9cea4c057e8df6992f

Download Submit
C:\Windows\System\dfxNuKj.exe

Filesize
1.8MB

MD5
015c3e883630a55d50a78018c470c61f

SHA1
7a316265841794fc53a8e5df41c09d7e524296d8

SHA256
9b2836de1bd8c72fb741dd759a921cf75bd224cb95d8f17d8d6ed3b859013d89

SHA512
04a77d0c3654e341bbd720b6cdf61e422eac2e886a92db89a47e7f9950a65d4de8a15fac56b8434370647d46a1c5fc1b00a3bd1842cc724b46dcecea75cb772e

Download Submit
C:\Windows\System\evFRuVC.exe

Filesize
1.8MB

MD5
7954a61c88cf71461a1843a97a2c9d61

SHA1
d4a044b674a9b284cdc12b4e52192868895b4655

SHA256
cf7e2c4534f94033edee4f47d2ab49dd5172829edfcd3000c32362bf10d42500

SHA512
351d20f5122318057d2662091afdddc08d5f9fd0bd890c3223ecec9e170b4bf59fc70ce4c2e361c3089ca800163dc6d78f4f0b992472da1183c493077e30b0d7

Download Submit
C:\Windows\System\gciyXzH.exe

Filesize
1.8MB

MD5
85d511f82958fca10be6d33b19e61efb

SHA1
ecfd2132a9c7af7b21e87451cd6db9489f6e49b2

SHA256
3fc912f4a23b7fe0c064f5ed17ac682e3549edc878b79b02cbb02a5cc0c883d6

SHA512
76f2b4178a3ac8c2fed3500512b6eb40920b70d2abd3b2e71c01be1a2299217fa7c34161493dba4474f48c83a3c3ccf07ead16ea882dae64fdd01ebb18fb53c1

Download Submit
C:\Windows\System\gjskuVr.exe

Filesize
1.8MB

MD5
4c7ac252fb2a890c7d199f36df532359

SHA1
154c971bf631c5d01fe6ef60f4e4dfc1d33b5f62

SHA256
96896c72f682f855ed2187194f4a6a0157bb0eba4e3c33cce1ef4f3dcd1ceffe

SHA512
da69c23b7e3f08529a6c5a2d833b5b070a63a04e69ff65799c224cccb9053f81077e2f77e29ee4619eab60343fdc1a2b0a1cd038f4f681cfe7a84b9917226cfc

Download Submit
C:\Windows\System\hbJnFcf.exe

Filesize
1.8MB

MD5
1fcf05401081d90a1cb9f3416719375d

SHA1
6276967fc5fc6a4939265da1b99d48e6a152c4cc

SHA256
a96cfd3ee0f33b64118dc00fa0080fb03d9885a71864e994673b08c40ce5ffbf

SHA512
dadc439611441489e82776aee934385cc7f018e00b774a827a8c765c50df4982dcd2e5a0f24279d17db5734d1d340d958cf72aaa077361347883202d49b0c4e8

Download Submit
C:\Windows\System\ieUkGAy.exe

Filesize
1.8MB

MD5
e9f2083a401a564b8c061b559c8a0c12

SHA1
ce22bdc54a5eacbe4035c144a565c4eac47dcd0f

SHA256
70bf18bbf2e46c709ff6b2596542aaac113b37b48855f2ee2e81b783a83a783b

SHA512
00424bbea5081469e78f2f324bec834ec417c1733bf30a18c6f71ef495a8ae9c8f23ed6b2b8fc84fb657330b8658db445be60ea900ac404a8f279a20b6c4407a

Download Submit
C:\Windows\System\jtSnSbG.exe

Filesize
1.8MB

MD5
cd204dfcf7c4a81b248598400f25980f

SHA1
cb049c27cd70edf1875424ffa5b0116e0b6a7a92

SHA256
38f18686409a134b86f56af42faf72209829791561e82f9bbd71b54111dd3ea3

SHA512
f35aa1f3e548dae0386693a65b92dd823fa4cc701220dbd93b5e8b387230b5fd21927f19990c8cf6332b5a2c85f1f5177239a02a5e9f1be3eb60abd6a1e227d4

Download Submit
C:\Windows\System\kUGhXJh.exe

Filesize
1.8MB

MD5
c3c0d333a829cc819373b36101669f0d

SHA1
3a2efa49ec764f44e1d722a099e709a7dd490a74

SHA256
43ed524eda94e2240d2e50516dedfe2be887b755e107cf94123f82a1db939440

SHA512
74b28c7b78092c9e918c2122ef6cb1b8846059ebe318c401ec50d037879da0ffdc82ca5a753e3461a1abe2809724bd371562e38548b6ce70aecb72b134ff27bb

Download Submit
C:\Windows\System\lKhHLYo.exe

Filesize
1.8MB

MD5
bba2e8f0047c8b5ace4f3cd9a66bd190

SHA1
18d1c4744dbcf7a145cb064c3c909f8e4c5088cf

SHA256
fafb14d37f565f4a2b74db0ca435d278f840613d057f33b94dec901df3113634

SHA512
742e2af91a1a1b2b45d9c48142a7b611748d671daa6869d621ed37377b3e2b27f29cb856b0de7ddf6ce8c31a982fba7884fa36619b72d55a67306b41705056c9

Download Submit
C:\Windows\System\pPblZHp.exe

Filesize
8B

MD5
44bf49d36035eb00f5300ac1a1afc446

SHA1
efe4f6ff307f9caed7f6949e1a19ce6bff5ede19

SHA256
d6adb65d904d88ebbf5f73cace13dbd8ceb7d6b2b977c021ad3b0a4aa99b648f

SHA512
8e76802b3f04a2be9fcb0a504a2aab7f3a79e962c545a85c01bc2528c719fc825f28229de452d4507e45ed92f726c1862885d6f18fa5e01cbf2b77dcdf5d1348

Download Submit
C:\Windows\System\rWOuguT.exe

Filesize
1.8MB

MD5
8313b103dc6b4896028d8f430a0b315d

SHA1
6af10873ad9fb115ded57e52d0ef4beef3a7efc7

SHA256
a58235ee34c2f7ad805bd7ebac0c273e53948192f847c97cec04c6075e3524ea

SHA512
c1172c80e7124793f52a64ccf1b96866776b8d3be131e82f2a706707bb81f37f290f4213961dcee4f0dbe88517afcb527d984a4704d3a6dc29a923eec785034e

Download Submit
C:\Windows\System\sqthtTt.exe

Filesize
1.8MB

MD5
f67c8b239736f3e00047568d04d6652f

SHA1
db3b1533616ef6d5227751abf46eaf5a64b651bf

SHA256
166946a680d174f54c49f4bfbc170ec2b7cb504382aaa17b2f7eca046ee2ce2d

SHA512
1cba4e048ac69f4ebae81cb858cd7116ef7761d92cf100650f79e84fd0415c2ca8c0a10af1022bd2c20a10fe3c1620d4dab7c661ead62889cee616f3503671c3

Download Submit
C:\Windows\System\vPBzljm.exe

Filesize
1.8MB

MD5
dce362cc37d8dbde85561e4372426a66

SHA1
e19414174be9e4e8e285e947694045c538da15de

SHA256
21c60c3a33caefc4a7945072fa87faf6557e5847eedb7ccd7d5537c630860687

SHA512
a7d4754f26d4ff3115604c3cf59c966c13e65665c7877c774e8a788b310156aa1250a454dafa47e9e2264bb923eb72b84fd821ba7d5c8f12d40cdbd1f398135a

Download Submit
C:\Windows\System\vidTEVO.exe

Filesize
1.8MB

MD5
f2bc276dd89aee8928dd3b6af97bf11f

SHA1
2c3b5d59a983672f263bf7ba201cf32a34d9e3c4

SHA256
24c731edfd19b81558c708d9c38e0921e77cf4d9399f5fab6969e30e7474ada5

SHA512
a8569c7ea0cb05758a603e8ddba0ef506388c9add3a4337c0d47a50d5cbca174d4c71bd9487ae563997965c9b22b5ff99102422e34e326346718cfc66cc3446b

Download Submit
C:\Windows\System\wqgprWk.exe

Filesize
1.8MB

MD5
4ebcce7d7ba45e101493d6b887e0dd3d

SHA1
a30e0d7179e8c6c4ec82d2704a01a6a2cb079f8a

SHA256
52458ee65f28e274e6d71d6773ef558d3df8a11ca74ff03ccd055796ad1a3992

SHA512
fff11551c9ec73ba5c97a0a5f1ea672bd50045ef49f8ade94044b71cdacfe1908f373c6ea429f9095f4f7c77a4c471b1f96c925a7921f096e51681bd8acc5cd2

Download Submit
C:\Windows\System\xOpiIPU.exe

Filesize
1.8MB

MD5
6f4ebf6b46593335db34a649f2c374e1

SHA1
0a0d15e904f01bc9de11e65cb9077260e2699d60

SHA256
f6373e9b2aecf2340e834548d3636206e946f788a436fa6aae9b1ab9aee96965

SHA512
9d7d9b4a9fcdad7043f1b80273ee74dc1f2ffbde7cc3e3f13b4bf0cf6a9e2486f1c096a62bd9d9438ab5783c50bf98e3c6ad32c22d83ff01b4425021fdf448da

Download Submit
C:\Windows\System\xXtppIj.exe

Filesize
1.8MB

MD5
b125ffe5f4e34055cf4e53b0fc800125

SHA1
6d26a3a99bcfec900838b30e697f8fbd11b33eb9

SHA256
a304209c7189cdf99d5fd7d78b7c9daff266422233d4cf2483ff0e0ee4297725

SHA512
f087ecee5ba74b0c4a3d13582a0709c54ae6ac231106a6b993db83d6c866be445fabd699780e8110ddf7f07f82b26fc38e657e0a14095709b28cdb5906389d42

Download Submit
C:\Windows\System\yUmQlMC.exe

Filesize
1.8MB

MD5
15d9f75ac7b1b14b263b152206264712

SHA1
e43aa4ae6137f666fe39c2ef89cebf450f23ea99

SHA256
4c01144035b1ed6b333261188a693aec044cff900067c8271c2c2b5f7773a9c7

SHA512
7c69cdb85de1cb42cd9e50b1cbee4e2520b4979083761e5c6566fc2bcf4886d84ca40897c71832f3f8612ca5187869e292b7a02ad05b37a259739410f4d8677b

Download Submit
C:\Windows\System\zLHUeAU.exe

Filesize
1.8MB

MD5
f927eb64f8496681680cf570ef6251d3

SHA1
bcce41422331d8f502b8c3007c07b2b0873f76ac

SHA256
7e61383c78497449657d9e27d1ef3355924e764ea724871dd155f16c9269d0d2

SHA512
b27a56d7ec5b0d2b4b068652c96097de79fa678c3e0c1e4308bc42de1ec52e78f563bcb834f6d512fad42ca85718cfca4a4db2a021f746493a87a4c94541330c

Download Submit
memory/228-3623-0x00007FF75CDE0000-0x00007FF75D1D2000-memory.dmp

Filesize
3.9MB

Download
memory/228-390-0x00007FF75CDE0000-0x00007FF75D1D2000-memory.dmp

Filesize
3.9MB

Download
memory/400-2089-0x00007FF638880000-0x00007FF638C72000-memory.dmp

Filesize
3.9MB

Download
memory/400-1-0x0000027123430000-0x0000027123440000-memory.dmp

Filesize
64KB

Download
memory/400-0-0x00007FF638880000-0x00007FF638C72000-memory.dmp

Filesize
3.9MB

Download
memory/884-314-0x00007FF7934B0000-0x00007FF7938A2000-memory.dmp

Filesize
3.9MB

Download
memory/884-3610-0x00007FF7934B0000-0x00007FF7938A2000-memory.dmp

Filesize
3.9MB

Download
memory/1120-3596-0x00007FF6676F0000-0x00007FF667AE2000-memory.dmp

Filesize
3.9MB

Download
memory/1120-40-0x00007FF6676F0000-0x00007FF667AE2000-memory.dmp

Filesize
3.9MB

Download
memory/1120-2549-0x00007FF6676F0000-0x00007FF667AE2000-memory.dmp

Filesize
3.9MB

Download
memory/1292-267-0x00007FF7D2BC0000-0x00007FF7D2FB2000-memory.dmp

Filesize
3.9MB

Download
memory/1292-3632-0x00007FF7D2BC0000-0x00007FF7D2FB2000-memory.dmp

Filesize
3.9MB

Download
memory/1380-2707-0x00007FF643E30000-0x00007FF644222000-memory.dmp

Filesize
3.9MB

Download
memory/1380-149-0x00007FF643E30000-0x00007FF644222000-memory.dmp

Filesize
3.9MB

Download
memory/1380-3607-0x00007FF643E30000-0x00007FF644222000-memory.dmp

Filesize
3.9MB

Download
memory/1564-3621-0x00007FF6ADC70000-0x00007FF6AE062000-memory.dmp

Filesize
3.9MB

Download
memory/1564-421-0x00007FF6ADC70000-0x00007FF6AE062000-memory.dmp

Filesize
3.9MB

Download
memory/1572-551-0x00007FF6A92E0000-0x00007FF6A96D2000-memory.dmp

Filesize
3.9MB

Download
memory/1572-3614-0x00007FF6A92E0000-0x00007FF6A96D2000-memory.dmp

Filesize
3.9MB

Download
memory/1712-389-0x00007FF6D6D20000-0x00007FF6D7112000-memory.dmp

Filesize
3.9MB

Download
memory/1712-3629-0x00007FF6D6D20000-0x00007FF6D7112000-memory.dmp

Filesize
3.9MB

Download
memory/2084-3592-0x00007FF786CF0000-0x00007FF7870E2000-memory.dmp

Filesize
3.9MB

Download
memory/2084-122-0x00007FF786CF0000-0x00007FF7870E2000-memory.dmp

Filesize
3.9MB

Download
memory/2220-480-0x00007FF60BEA0000-0x00007FF60C292000-memory.dmp

Filesize
3.9MB

Download
memory/2220-3617-0x00007FF60BEA0000-0x00007FF60C292000-memory.dmp

Filesize
3.9MB

Download
memory/2280-742-0x00007FF722D30000-0x00007FF723122000-memory.dmp

Filesize
3.9MB

Download
memory/2280-3634-0x00007FF722D30000-0x00007FF723122000-memory.dmp

Filesize
3.9MB

Download
memory/3188-3619-0x00007FF7B9780000-0x00007FF7B9B72000-memory.dmp

Filesize
3.9MB

Download
memory/3188-478-0x00007FF7B9780000-0x00007FF7B9B72000-memory.dmp

Filesize
3.9MB

Download
memory/3240-63-0x00007FF6B59A0000-0x00007FF6B5D92000-memory.dmp

Filesize
3.9MB

Download
memory/3240-3577-0x00007FF6B59A0000-0x00007FF6B5D92000-memory.dmp

Filesize
3.9MB

Download
memory/3508-3625-0x00007FF63D400000-0x00007FF63D7F2000-memory.dmp

Filesize
3.9MB

Download
memory/3508-188-0x00007FF63D400000-0x00007FF63D7F2000-memory.dmp

Filesize
3.9MB

Download
memory/3508-2709-0x00007FF63D400000-0x00007FF63D7F2000-memory.dmp

Filesize
3.9MB

Download
memory/3800-2208-0x00007FF743500000-0x00007FF7438F2000-memory.dmp

Filesize
3.9MB

Download
memory/3800-16-0x00007FF743500000-0x00007FF7438F2000-memory.dmp

Filesize
3.9MB

Download
memory/3800-3560-0x00007FF743500000-0x00007FF7438F2000-memory.dmp

Filesize
3.9MB

Download
memory/3920-6-0x00007FF750080000-0x00007FF750472000-memory.dmp

Filesize
3.9MB

Download
memory/3920-2316-0x00007FF750080000-0x00007FF750472000-memory.dmp

Filesize
3.9MB

Download
memory/3920-3558-0x00007FF750080000-0x00007FF750472000-memory.dmp

Filesize
3.9MB

Download
memory/3968-3562-0x00007FF6F2470000-0x00007FF6F2862000-memory.dmp

Filesize
3.9MB

Download
memory/3968-2433-0x00007FF6F2470000-0x00007FF6F2862000-memory.dmp

Filesize
3.9MB

Download
memory/3968-21-0x00007FF6F2470000-0x00007FF6F2862000-memory.dmp

Filesize
3.9MB

Download
memory/4076-25-0x00007FFFE82A3000-0x00007FFFE82A5000-memory.dmp

Filesize
8KB

Download
memory/4076-23-0x000002746B240000-0x000002746B250000-memory.dmp

Filesize
64KB

Download
memory/4076-239-0x000002746B200000-0x000002746B222000-memory.dmp

Filesize
136KB

Download
memory/4076-24-0x000002746B240000-0x000002746B250000-memory.dmp

Filesize
64KB

Download
memory/4224-3613-0x00007FF768510000-0x00007FF768902000-memory.dmp

Filesize
3.9MB

Download
memory/4224-548-0x00007FF768510000-0x00007FF768902000-memory.dmp

Filesize
3.9MB

Download
memory/4248-3594-0x00007FF6616D0000-0x00007FF661AC2000-memory.dmp

Filesize
3.9MB

Download
memory/4248-148-0x00007FF6616D0000-0x00007FF661AC2000-memory.dmp

Filesize
3.9MB

Download
memory/4356-3591-0x00007FF71DAB0000-0x00007FF71DEA2000-memory.dmp

Filesize
3.9MB

Download
memory/4356-37-0x00007FF71DAB0000-0x00007FF71DEA2000-memory.dmp

Filesize
3.9MB

Download
memory/4356-2545-0x00007FF71DAB0000-0x00007FF71DEA2000-memory.dmp

Filesize
3.9MB

Download
memory/4428-96-0x00007FF6260B0000-0x00007FF6264A2000-memory.dmp

Filesize
3.9MB

Download
memory/4428-3588-0x00007FF6260B0000-0x00007FF6264A2000-memory.dmp

Filesize
3.9MB

Download
memory/4636-3637-0x00007FF73D060000-0x00007FF73D452000-memory.dmp

Filesize
3.9MB

Download
memory/4636-741-0x00007FF73D060000-0x00007FF73D452000-memory.dmp

Filesize
3.9MB

Download
memory/4716-3626-0x00007FF6427E0000-0x00007FF642BD2000-memory.dmp

Filesize
3.9MB

Download
memory/4716-244-0x00007FF6427E0000-0x00007FF642BD2000-memory.dmp

Filesize
3.9MB

Download
memory/4968-625-0x00007FF7C05D0000-0x00007FF7C09C2000-memory.dmp

Filesize
3.9MB

Download
memory/4968-3636-0x00007FF7C05D0000-0x00007FF7C09C2000-memory.dmp

Filesize
3.9MB

Download