xmrig | 42a37d2af7a425dfb74466a4eecf775eb9a50b62ea4fd9d49fdf596dce126f02

Analysis

max time kernel
120s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2024, 05:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c9cde38e24d9107e769ae658c08deaf0N.exe
Size

2.0MB
MD5

c9cde38e24d9107e769ae658c08deaf0
SHA1

257a20c3240ad2e6026c360786573a2883ab511f
SHA256

42a37d2af7a425dfb74466a4eecf775eb9a50b62ea4fd9d49fdf596dce126f02
SHA512

47a5f5db089cb6cbef38ca8bd948b7d75a708482622a4fafb7c5dcc93bde076cf644b604ee85d7a18c04b57b88e4d23e4ac021d4ced1f9082ebc7ee3ad99d62b
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkyW1HU/ek5Q1szp5NnNvZWNChZ7fI+7RrTFl6hvVjL:Lz071uv4BPMkyW10/w16BvZX71Fq8+V

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 25 IoCs

miner

resource	yara_rule
behavioral2/memory/3640-193-0x00007FF675640000-0x00007FF675A32000-memory.dmp	xmrig
behavioral2/memory/3088-195-0x00007FF7900A0000-0x00007FF790492000-memory.dmp	xmrig
behavioral2/memory/2912-241-0x00007FF6C8EB0000-0x00007FF6C92A2000-memory.dmp	xmrig
behavioral2/memory/212-266-0x00007FF73E2F0000-0x00007FF73E6E2000-memory.dmp	xmrig
behavioral2/memory/2292-276-0x00007FF79C8D0000-0x00007FF79CCC2000-memory.dmp	xmrig
behavioral2/memory/4924-287-0x00007FF6224D0000-0x00007FF6228C2000-memory.dmp	xmrig
behavioral2/memory/3820-293-0x00007FF6F4B10000-0x00007FF6F4F02000-memory.dmp	xmrig
behavioral2/memory/2140-292-0x00007FF6CB1C0000-0x00007FF6CB5B2000-memory.dmp	xmrig
behavioral2/memory/3512-291-0x00007FF73DD90000-0x00007FF73E182000-memory.dmp	xmrig
behavioral2/memory/3288-290-0x00007FF603030000-0x00007FF603422000-memory.dmp	xmrig
behavioral2/memory/2184-289-0x00007FF6B2380000-0x00007FF6B2772000-memory.dmp	xmrig
behavioral2/memory/1460-288-0x00007FF6E5B10000-0x00007FF6E5F02000-memory.dmp	xmrig
behavioral2/memory/2584-286-0x00007FF72FA10000-0x00007FF72FE02000-memory.dmp	xmrig
behavioral2/memory/5028-285-0x00007FF71F770000-0x00007FF71FB62000-memory.dmp	xmrig
behavioral2/memory/3572-284-0x00007FF624450000-0x00007FF624842000-memory.dmp	xmrig
behavioral2/memory/320-283-0x00007FF7C4E70000-0x00007FF7C5262000-memory.dmp	xmrig
behavioral2/memory/1072-282-0x00007FF6C9560000-0x00007FF6C9952000-memory.dmp	xmrig
behavioral2/memory/3268-281-0x00007FF654D60000-0x00007FF655152000-memory.dmp	xmrig
behavioral2/memory/5080-275-0x00007FF6AF5C0000-0x00007FF6AF9B2000-memory.dmp	xmrig
behavioral2/memory/316-238-0x00007FF6D4D70000-0x00007FF6D5162000-memory.dmp	xmrig
behavioral2/memory/928-231-0x00007FF6B4370000-0x00007FF6B4762000-memory.dmp	xmrig
behavioral2/memory/3984-182-0x00007FF6FA490000-0x00007FF6FA882000-memory.dmp	xmrig
behavioral2/memory/4680-2051-0x00007FF792970000-0x00007FF792D62000-memory.dmp	xmrig
behavioral2/memory/1528-2053-0x00007FF798380000-0x00007FF798772000-memory.dmp	xmrig
behavioral2/memory/884-2048-0x00007FF7BC260000-0x00007FF7BC652000-memory.dmp	xmrig

Blocklisted process makes network request 13 IoCs

flow	pid	Process
9	4164	powershell.exe
11	4164	powershell.exe
16	4164	powershell.exe
17	4164	powershell.exe
20	4164	powershell.exe
22	4164	powershell.exe
23	4164	powershell.exe
25	4164	powershell.exe
26	4164	powershell.exe
27	4164	powershell.exe
28	4164	powershell.exe
29	4164	powershell.exe
30	4164	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
4164	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4680	TlPeuko.exe
3288	nDdAkyw.exe
1528	rFTvELF.exe
3512	koqVuAd.exe
2140	HdtBNzD.exe
3984	eEFHGIK.exe
3640	DQWsAbs.exe
3088	OxpvBEO.exe
928	ptQCCXj.exe
316	XxFrQKN.exe
2912	twdTEJc.exe
212	sGJxEWH.exe
5080	NGtxWop.exe
2292	HWXQwJj.exe
3268	wBkyAfy.exe
1072	oneNlGW.exe
320	vnwDxYR.exe
3572	RgagOqz.exe
5028	ZuFHAlb.exe
3820	DFnJlFq.exe
2584	BPJrUZw.exe
4924	wHtJFrb.exe
1460	RiXYiPZ.exe
2184	wZSLWeF.exe
460	ybVkWMW.exe
1924	WmqvtBp.exe
1708	GXbUtji.exe
2424	axyyCQm.exe
3224	jEItGFt.exe
4640	DMDxxLv.exe
2884	GvZVOjR.exe
740	QxacDgq.exe
2836	jcFMOiL.exe
2956	KRiisWw.exe
2632	gawxDbx.exe
4840	xoHHQvg.exe
5036	donOzXN.exe
2928	LRsKPmT.exe
3948	ORcOQlG.exe
4068	UwIgcyd.exe
2136	MTAvrEG.exe
4168	VrCrKPy.exe
2720	CnsaeCX.exe
4456	JzkWBAC.exe
4440	NbqWFxE.exe
2704	UcpvyfS.exe
1204	qYXSaQu.exe
628	mdTsGAe.exe
1588	wLMWYSC.exe
1016	LAmFzPx.exe
1872	DdkqFUb.exe
1952	GiqzsWl.exe
400	MIEqGwI.exe
3736	PQYrwhp.exe
4252	zvcUPkR.exe
5012	SglHCOs.exe
1652	jqRmiox.exe
2952	CfBVpuc.exe
4988	bqpNzbY.exe
4200	EjxXGpK.exe
232	rPTFjRA.exe
1032	YpFYoVB.exe
2036	FINngli.exe
3408	pEeBMpt.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/884-0-0x00007FF7BC260000-0x00007FF7BC652000-memory.dmp	upx
behavioral2/files/0x00070000000234a7-7.dat	upx
behavioral2/files/0x00080000000234a2-5.dat	upx
behavioral2/memory/1528-29-0x00007FF798380000-0x00007FF798772000-memory.dmp	upx
behavioral2/files/0x00070000000234ae-45.dat	upx
behavioral2/files/0x00070000000234a9-47.dat	upx
behavioral2/files/0x00070000000234b6-82.dat	upx
behavioral2/files/0x00070000000234bb-100.dat	upx
behavioral2/files/0x00070000000234b8-128.dat	upx
behavioral2/files/0x00070000000234c1-177.dat	upx
behavioral2/memory/3640-193-0x00007FF675640000-0x00007FF675A32000-memory.dmp	upx
behavioral2/memory/3088-195-0x00007FF7900A0000-0x00007FF790492000-memory.dmp	upx
behavioral2/memory/2912-241-0x00007FF6C8EB0000-0x00007FF6C92A2000-memory.dmp	upx
behavioral2/memory/212-266-0x00007FF73E2F0000-0x00007FF73E6E2000-memory.dmp	upx
behavioral2/memory/2292-276-0x00007FF79C8D0000-0x00007FF79CCC2000-memory.dmp	upx
behavioral2/memory/4924-287-0x00007FF6224D0000-0x00007FF6228C2000-memory.dmp	upx
behavioral2/memory/3820-293-0x00007FF6F4B10000-0x00007FF6F4F02000-memory.dmp	upx
behavioral2/memory/2140-292-0x00007FF6CB1C0000-0x00007FF6CB5B2000-memory.dmp	upx
behavioral2/memory/3512-291-0x00007FF73DD90000-0x00007FF73E182000-memory.dmp	upx
behavioral2/memory/3288-290-0x00007FF603030000-0x00007FF603422000-memory.dmp	upx
behavioral2/memory/2184-289-0x00007FF6B2380000-0x00007FF6B2772000-memory.dmp	upx
behavioral2/memory/1460-288-0x00007FF6E5B10000-0x00007FF6E5F02000-memory.dmp	upx
behavioral2/memory/2584-286-0x00007FF72FA10000-0x00007FF72FE02000-memory.dmp	upx
behavioral2/memory/5028-285-0x00007FF71F770000-0x00007FF71FB62000-memory.dmp	upx
behavioral2/memory/3572-284-0x00007FF624450000-0x00007FF624842000-memory.dmp	upx
behavioral2/memory/320-283-0x00007FF7C4E70000-0x00007FF7C5262000-memory.dmp	upx
behavioral2/memory/1072-282-0x00007FF6C9560000-0x00007FF6C9952000-memory.dmp	upx
behavioral2/memory/3268-281-0x00007FF654D60000-0x00007FF655152000-memory.dmp	upx
behavioral2/memory/5080-275-0x00007FF6AF5C0000-0x00007FF6AF9B2000-memory.dmp	upx
behavioral2/memory/316-238-0x00007FF6D4D70000-0x00007FF6D5162000-memory.dmp	upx
behavioral2/memory/928-231-0x00007FF6B4370000-0x00007FF6B4762000-memory.dmp	upx
behavioral2/memory/3984-182-0x00007FF6FA490000-0x00007FF6FA882000-memory.dmp	upx
behavioral2/files/0x00070000000234c0-174.dat	upx
behavioral2/files/0x00070000000234c6-171.dat	upx
behavioral2/files/0x00070000000234bf-166.dat	upx
behavioral2/files/0x00070000000234be-163.dat	upx
behavioral2/files/0x00070000000234bd-161.dat	upx
behavioral2/files/0x00070000000234c5-159.dat	upx
behavioral2/files/0x00070000000234ba-157.dat	upx
behavioral2/files/0x00070000000234b9-155.dat	upx
behavioral2/files/0x00070000000234c4-154.dat	upx
behavioral2/files/0x00070000000234c3-153.dat	upx
behavioral2/files/0x00080000000234a3-152.dat	upx
behavioral2/files/0x00070000000234c2-150.dat	upx
behavioral2/files/0x00070000000234bc-130.dat	upx
behavioral2/files/0x00070000000234b5-126.dat	upx
behavioral2/files/0x00070000000234b7-116.dat	upx
behavioral2/files/0x00070000000234b3-112.dat	upx
behavioral2/files/0x00070000000234b0-104.dat	upx
behavioral2/files/0x00070000000234b2-102.dat	upx
behavioral2/memory/4680-2051-0x00007FF792970000-0x00007FF792D62000-memory.dmp	upx
behavioral2/memory/1528-2053-0x00007FF798380000-0x00007FF798772000-memory.dmp	upx
behavioral2/memory/884-2048-0x00007FF7BC260000-0x00007FF7BC652000-memory.dmp	upx
behavioral2/files/0x00070000000234b1-97.dat	upx
behavioral2/files/0x00070000000234af-96.dat	upx
behavioral2/files/0x00070000000234b4-91.dat	upx
behavioral2/files/0x00070000000234ad-73.dat	upx
behavioral2/files/0x00070000000234ab-61.dat	upx
behavioral2/files/0x00070000000234aa-58.dat	upx
behavioral2/files/0x00070000000234a8-49.dat	upx
behavioral2/files/0x00070000000234ac-53.dat	upx
behavioral2/files/0x00070000000234a6-34.dat	upx
behavioral2/memory/4680-14-0x00007FF792970000-0x00007FF792D62000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	raw.githubusercontent.com
9	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\JEKEeCr.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\RbtYpbO.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\qYhhWSR.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\meSxZyQ.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\rAlzRDP.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\KSxsCeM.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\prmmVRv.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\fTPRLvI.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\Nbzftjk.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\DLmMngX.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\EuNLSsV.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\XQAzRLB.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\ujDoLrJ.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\hZSMHWD.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\LJrbEjW.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\DdbGOZb.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\yrlfpAP.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\HcHMZMh.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\saugmgK.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\HBMMPdR.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\soYCebk.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\aQryVuj.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\qleJWPZ.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\tMHauFf.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\RBPHRXk.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\XLaTnwH.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\YwuOkGT.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\ynSCnBI.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\zDKOrHC.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\xuvapNv.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\KYycKfM.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\vnwDxYR.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\StmtAQs.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\VOCihlk.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\mpiCeaw.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\kWsVsZa.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\RcfXEXr.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\Fnagkkz.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\JkkvwGQ.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\nsqPvAb.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\ewVluEt.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\SDOxXty.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\ZOmRYwx.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\tmZjsFo.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\lZuiVBI.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\mbwRtFr.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\OiMKnaw.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\aoVpFvp.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\MdTFKpg.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\OircUaX.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\rUDnGgo.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\hSKmyYs.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\rbBLXKi.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\NGtxWop.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\sNnUGXA.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\vWXZibT.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\GkMUDKL.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\bHBDuNY.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\nPRYxkT.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\ORcOQlG.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\XlPkHcr.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\YOVosRv.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\bdZqgDx.exe	c9cde38e24d9107e769ae658c08deaf0N.exe
File created	C:\Windows\System\HvWuKyr.exe	c9cde38e24d9107e769ae658c08deaf0N.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
4164	powershell.exe
4164	powershell.exe
4164	powershell.exe

Suspicious behavior: LoadsDriver 64 IoCs

pid	Process
9832	Process not Found
996	Process not Found
64	Process not Found
13328	Process not Found
3764	Process not Found
3124	Process not Found
3896	Process not Found
3768	Process not Found
3944	Process not Found
3796	Process not Found
3708	Process not Found
15164	Process not Found
14988	Process not Found
2068	Process not Found
776	Process not Found
1848	Process not Found
408	Process not Found
1900	Process not Found
13432	Process not Found
4408	Process not Found
1860	Process not Found
2284	Process not Found
1912	Process not Found
3264	Process not Found
4300	Process not Found
1908	Process not Found
4460	Process not Found
1776	Process not Found
2604	Process not Found
2144	Process not Found
1600	Process not Found
4416	Process not Found
3828	Process not Found
4520	Process not Found
3356	Process not Found
4004	Process not Found
3600	Process not Found
4636	Process not Found
3788	Process not Found
852	Process not Found
2132	Process not Found
6116	Process not Found
5068	Process not Found
5516	Process not Found
5904	Process not Found
1936	Process not Found
5624	Process not Found
6224	Process not Found
5316	Process not Found
6308	Process not Found
6488	Process not Found
5380	Process not Found
5628	Process not Found
1312	Process not Found
6024	Process not Found
7128	Process not Found
7724	Process not Found
6132	Process not Found
7184	Process not Found
8124	Process not Found
6152	Process not Found
6588	Process not Found
5988	Process not Found
6272	Process not Found

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	4164	powershell.exe
Token: SeLockMemoryPrivilege	884	c9cde38e24d9107e769ae658c08deaf0N.exe
Token: SeLockMemoryPrivilege	884	c9cde38e24d9107e769ae658c08deaf0N.exe
Token: SeCreateGlobalPrivilege	14908	dwm.exe
Token: SeChangeNotifyPrivilege	14908	dwm.exe
Token: 33	14908	dwm.exe
Token: SeIncBasePriorityPrivilege	14908	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 884 wrote to memory of 4164	884	c9cde38e24d9107e769ae658c08deaf0N.exe	85
PID 884 wrote to memory of 4164	884	c9cde38e24d9107e769ae658c08deaf0N.exe	85
PID 884 wrote to memory of 4680	884	c9cde38e24d9107e769ae658c08deaf0N.exe	86
PID 884 wrote to memory of 4680	884	c9cde38e24d9107e769ae658c08deaf0N.exe	86
PID 884 wrote to memory of 1528	884	c9cde38e24d9107e769ae658c08deaf0N.exe	87
PID 884 wrote to memory of 1528	884	c9cde38e24d9107e769ae658c08deaf0N.exe	87
PID 884 wrote to memory of 3288	884	c9cde38e24d9107e769ae658c08deaf0N.exe	88
PID 884 wrote to memory of 3288	884	c9cde38e24d9107e769ae658c08deaf0N.exe	88
PID 884 wrote to memory of 3640	884	c9cde38e24d9107e769ae658c08deaf0N.exe	89
PID 884 wrote to memory of 3640	884	c9cde38e24d9107e769ae658c08deaf0N.exe	89
PID 884 wrote to memory of 3512	884	c9cde38e24d9107e769ae658c08deaf0N.exe	90
PID 884 wrote to memory of 3512	884	c9cde38e24d9107e769ae658c08deaf0N.exe	90
PID 884 wrote to memory of 2140	884	c9cde38e24d9107e769ae658c08deaf0N.exe	91
PID 884 wrote to memory of 2140	884	c9cde38e24d9107e769ae658c08deaf0N.exe	91
PID 884 wrote to memory of 3984	884	c9cde38e24d9107e769ae658c08deaf0N.exe	92
PID 884 wrote to memory of 3984	884	c9cde38e24d9107e769ae658c08deaf0N.exe	92
PID 884 wrote to memory of 3088	884	c9cde38e24d9107e769ae658c08deaf0N.exe	93
PID 884 wrote to memory of 3088	884	c9cde38e24d9107e769ae658c08deaf0N.exe	93
PID 884 wrote to memory of 928	884	c9cde38e24d9107e769ae658c08deaf0N.exe	94
PID 884 wrote to memory of 928	884	c9cde38e24d9107e769ae658c08deaf0N.exe	94
PID 884 wrote to memory of 316	884	c9cde38e24d9107e769ae658c08deaf0N.exe	95
PID 884 wrote to memory of 316	884	c9cde38e24d9107e769ae658c08deaf0N.exe	95
PID 884 wrote to memory of 2912	884	c9cde38e24d9107e769ae658c08deaf0N.exe	96
PID 884 wrote to memory of 2912	884	c9cde38e24d9107e769ae658c08deaf0N.exe	96
PID 884 wrote to memory of 212	884	c9cde38e24d9107e769ae658c08deaf0N.exe	97
PID 884 wrote to memory of 212	884	c9cde38e24d9107e769ae658c08deaf0N.exe	97
PID 884 wrote to memory of 5080	884	c9cde38e24d9107e769ae658c08deaf0N.exe	98
PID 884 wrote to memory of 5080	884	c9cde38e24d9107e769ae658c08deaf0N.exe	98
PID 884 wrote to memory of 2292	884	c9cde38e24d9107e769ae658c08deaf0N.exe	99
PID 884 wrote to memory of 2292	884	c9cde38e24d9107e769ae658c08deaf0N.exe	99
PID 884 wrote to memory of 3268	884	c9cde38e24d9107e769ae658c08deaf0N.exe	100
PID 884 wrote to memory of 3268	884	c9cde38e24d9107e769ae658c08deaf0N.exe	100
PID 884 wrote to memory of 1072	884	c9cde38e24d9107e769ae658c08deaf0N.exe	101
PID 884 wrote to memory of 1072	884	c9cde38e24d9107e769ae658c08deaf0N.exe	101
PID 884 wrote to memory of 320	884	c9cde38e24d9107e769ae658c08deaf0N.exe	102
PID 884 wrote to memory of 320	884	c9cde38e24d9107e769ae658c08deaf0N.exe	102
PID 884 wrote to memory of 3572	884	c9cde38e24d9107e769ae658c08deaf0N.exe	103
PID 884 wrote to memory of 3572	884	c9cde38e24d9107e769ae658c08deaf0N.exe	103
PID 884 wrote to memory of 5028	884	c9cde38e24d9107e769ae658c08deaf0N.exe	104
PID 884 wrote to memory of 5028	884	c9cde38e24d9107e769ae658c08deaf0N.exe	104
PID 884 wrote to memory of 3820	884	c9cde38e24d9107e769ae658c08deaf0N.exe	105
PID 884 wrote to memory of 3820	884	c9cde38e24d9107e769ae658c08deaf0N.exe	105
PID 884 wrote to memory of 2584	884	c9cde38e24d9107e769ae658c08deaf0N.exe	106
PID 884 wrote to memory of 2584	884	c9cde38e24d9107e769ae658c08deaf0N.exe	106
PID 884 wrote to memory of 4924	884	c9cde38e24d9107e769ae658c08deaf0N.exe	107
PID 884 wrote to memory of 4924	884	c9cde38e24d9107e769ae658c08deaf0N.exe	107
PID 884 wrote to memory of 1460	884	c9cde38e24d9107e769ae658c08deaf0N.exe	108
PID 884 wrote to memory of 1460	884	c9cde38e24d9107e769ae658c08deaf0N.exe	108
PID 884 wrote to memory of 3224	884	c9cde38e24d9107e769ae658c08deaf0N.exe	109
PID 884 wrote to memory of 3224	884	c9cde38e24d9107e769ae658c08deaf0N.exe	109
PID 884 wrote to memory of 2184	884	c9cde38e24d9107e769ae658c08deaf0N.exe	110
PID 884 wrote to memory of 2184	884	c9cde38e24d9107e769ae658c08deaf0N.exe	110
PID 884 wrote to memory of 460	884	c9cde38e24d9107e769ae658c08deaf0N.exe	111
PID 884 wrote to memory of 460	884	c9cde38e24d9107e769ae658c08deaf0N.exe	111
PID 884 wrote to memory of 1924	884	c9cde38e24d9107e769ae658c08deaf0N.exe	112
PID 884 wrote to memory of 1924	884	c9cde38e24d9107e769ae658c08deaf0N.exe	112
PID 884 wrote to memory of 1708	884	c9cde38e24d9107e769ae658c08deaf0N.exe	113
PID 884 wrote to memory of 1708	884	c9cde38e24d9107e769ae658c08deaf0N.exe	113
PID 884 wrote to memory of 2424	884	c9cde38e24d9107e769ae658c08deaf0N.exe	114
PID 884 wrote to memory of 2424	884	c9cde38e24d9107e769ae658c08deaf0N.exe	114
PID 884 wrote to memory of 4640	884	c9cde38e24d9107e769ae658c08deaf0N.exe	115
PID 884 wrote to memory of 4640	884	c9cde38e24d9107e769ae658c08deaf0N.exe	115
PID 884 wrote to memory of 2884	884	c9cde38e24d9107e769ae658c08deaf0N.exe	116
PID 884 wrote to memory of 2884	884	c9cde38e24d9107e769ae658c08deaf0N.exe	116

C:\Users\Admin\AppData\Local\Temp\c9cde38e24d9107e769ae658c08deaf0N.exe
"C:\Users\Admin\AppData\Local\Temp\c9cde38e24d9107e769ae658c08deaf0N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:884
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4164
- C:\Windows\System\TlPeuko.exe
  C:\Windows\System\TlPeuko.exe
  2⤵
  - Executes dropped EXE
  PID:4680
- C:\Windows\System\rFTvELF.exe
  C:\Windows\System\rFTvELF.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\nDdAkyw.exe
  C:\Windows\System\nDdAkyw.exe
  2⤵
  - Executes dropped EXE
  PID:3288
- C:\Windows\System\DQWsAbs.exe
  C:\Windows\System\DQWsAbs.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System\koqVuAd.exe
  C:\Windows\System\koqVuAd.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\HdtBNzD.exe
  C:\Windows\System\HdtBNzD.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\eEFHGIK.exe
  C:\Windows\System\eEFHGIK.exe
  2⤵
  - Executes dropped EXE
  PID:3984
- C:\Windows\System\OxpvBEO.exe
  C:\Windows\System\OxpvBEO.exe
  2⤵
  - Executes dropped EXE
  PID:3088
- C:\Windows\System\ptQCCXj.exe
  C:\Windows\System\ptQCCXj.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\XxFrQKN.exe
  C:\Windows\System\XxFrQKN.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\twdTEJc.exe
  C:\Windows\System\twdTEJc.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\sGJxEWH.exe
  C:\Windows\System\sGJxEWH.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\NGtxWop.exe
  C:\Windows\System\NGtxWop.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\HWXQwJj.exe
  C:\Windows\System\HWXQwJj.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\wBkyAfy.exe
  C:\Windows\System\wBkyAfy.exe
  2⤵
  - Executes dropped EXE
  PID:3268
- C:\Windows\System\oneNlGW.exe
  C:\Windows\System\oneNlGW.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\vnwDxYR.exe
  C:\Windows\System\vnwDxYR.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\RgagOqz.exe
  C:\Windows\System\RgagOqz.exe
  2⤵
  - Executes dropped EXE
  PID:3572
- C:\Windows\System\ZuFHAlb.exe
  C:\Windows\System\ZuFHAlb.exe
  2⤵
  - Executes dropped EXE
  PID:5028
- C:\Windows\System\DFnJlFq.exe
  C:\Windows\System\DFnJlFq.exe
  2⤵
  - Executes dropped EXE
  PID:3820
- C:\Windows\System\BPJrUZw.exe
  C:\Windows\System\BPJrUZw.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\wHtJFrb.exe
  C:\Windows\System\wHtJFrb.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System\RiXYiPZ.exe
  C:\Windows\System\RiXYiPZ.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\jEItGFt.exe
  C:\Windows\System\jEItGFt.exe
  2⤵
  - Executes dropped EXE
  PID:3224
- C:\Windows\System\wZSLWeF.exe
  C:\Windows\System\wZSLWeF.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\ybVkWMW.exe
  C:\Windows\System\ybVkWMW.exe
  2⤵
  - Executes dropped EXE
  PID:460
- C:\Windows\System\WmqvtBp.exe
  C:\Windows\System\WmqvtBp.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\GXbUtji.exe
  C:\Windows\System\GXbUtji.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\axyyCQm.exe
  C:\Windows\System\axyyCQm.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\DMDxxLv.exe
  C:\Windows\System\DMDxxLv.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\GvZVOjR.exe
  C:\Windows\System\GvZVOjR.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\QxacDgq.exe
  C:\Windows\System\QxacDgq.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\jcFMOiL.exe
  C:\Windows\System\jcFMOiL.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\KRiisWw.exe
  C:\Windows\System\KRiisWw.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\gawxDbx.exe
  C:\Windows\System\gawxDbx.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\xoHHQvg.exe
  C:\Windows\System\xoHHQvg.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\donOzXN.exe
  C:\Windows\System\donOzXN.exe
  2⤵
  - Executes dropped EXE
  PID:5036
- C:\Windows\System\LRsKPmT.exe
  C:\Windows\System\LRsKPmT.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\ORcOQlG.exe
  C:\Windows\System\ORcOQlG.exe
  2⤵
  - Executes dropped EXE
  PID:3948
- C:\Windows\System\UwIgcyd.exe
  C:\Windows\System\UwIgcyd.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\MTAvrEG.exe
  C:\Windows\System\MTAvrEG.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\PQYrwhp.exe
  C:\Windows\System\PQYrwhp.exe
  2⤵
  - Executes dropped EXE
  PID:3736
- C:\Windows\System\zvcUPkR.exe
  C:\Windows\System\zvcUPkR.exe
  2⤵
  - Executes dropped EXE
  PID:4252
- C:\Windows\System\VrCrKPy.exe
  C:\Windows\System\VrCrKPy.exe
  2⤵
  - Executes dropped EXE
  PID:4168
- C:\Windows\System\CnsaeCX.exe
  C:\Windows\System\CnsaeCX.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\JzkWBAC.exe
  C:\Windows\System\JzkWBAC.exe
  2⤵
  - Executes dropped EXE
  PID:4456
- C:\Windows\System\NbqWFxE.exe
  C:\Windows\System\NbqWFxE.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\UcpvyfS.exe
  C:\Windows\System\UcpvyfS.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\qYXSaQu.exe
  C:\Windows\System\qYXSaQu.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\mdTsGAe.exe
  C:\Windows\System\mdTsGAe.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\wLMWYSC.exe
  C:\Windows\System\wLMWYSC.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\LAmFzPx.exe
  C:\Windows\System\LAmFzPx.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\DdkqFUb.exe
  C:\Windows\System\DdkqFUb.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\GiqzsWl.exe
  C:\Windows\System\GiqzsWl.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\MIEqGwI.exe
  C:\Windows\System\MIEqGwI.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\SglHCOs.exe
  C:\Windows\System\SglHCOs.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\jqRmiox.exe
  C:\Windows\System\jqRmiox.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\CfBVpuc.exe
  C:\Windows\System\CfBVpuc.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\bqpNzbY.exe
  C:\Windows\System\bqpNzbY.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\EjxXGpK.exe
  C:\Windows\System\EjxXGpK.exe
  2⤵
  - Executes dropped EXE
  PID:4200
- C:\Windows\System\rPTFjRA.exe
  C:\Windows\System\rPTFjRA.exe
  2⤵
  - Executes dropped EXE
  PID:232
- C:\Windows\System\YpFYoVB.exe
  C:\Windows\System\YpFYoVB.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\FINngli.exe
  C:\Windows\System\FINngli.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\pEeBMpt.exe
  C:\Windows\System\pEeBMpt.exe
  2⤵
  - Executes dropped EXE
  PID:3408
- C:\Windows\System\oobMyPr.exe
  C:\Windows\System\oobMyPr.exe
  2⤵
  PID:2480
- C:\Windows\System\BjHpdzI.exe
  C:\Windows\System\BjHpdzI.exe
  2⤵
  PID:4616
- C:\Windows\System\MXdCPeT.exe
  C:\Windows\System\MXdCPeT.exe
  2⤵
  PID:1548
- C:\Windows\System\bqowLKZ.exe
  C:\Windows\System\bqowLKZ.exe
  2⤵
  PID:4112
- C:\Windows\System\FGJZZss.exe
  C:\Windows\System\FGJZZss.exe
  2⤵
  PID:4268
- C:\Windows\System\fijHXvM.exe
  C:\Windows\System\fijHXvM.exe
  2⤵
  PID:3868
- C:\Windows\System\jaEWlMT.exe
  C:\Windows\System\jaEWlMT.exe
  2⤵
  PID:208
- C:\Windows\System\bgLLkhq.exe
  C:\Windows\System\bgLLkhq.exe
  2⤵
  PID:3812
- C:\Windows\System\tsERUtb.exe
  C:\Windows\System\tsERUtb.exe
  2⤵
  PID:4036
- C:\Windows\System\HaeCnfq.exe
  C:\Windows\System\HaeCnfq.exe
  2⤵
  PID:3928
- C:\Windows\System\nsmLQoF.exe
  C:\Windows\System\nsmLQoF.exe
  2⤵
  PID:4100
- C:\Windows\System\uBSTJpB.exe
  C:\Windows\System\uBSTJpB.exe
  2⤵
  PID:696
- C:\Windows\System\mecXxeN.exe
  C:\Windows\System\mecXxeN.exe
  2⤵
  PID:4176
- C:\Windows\System\RXldyCA.exe
  C:\Windows\System\RXldyCA.exe
  2⤵
  PID:1580
- C:\Windows\System\xRqPIXK.exe
  C:\Windows\System\xRqPIXK.exe
  2⤵
  PID:4884
- C:\Windows\System\sorZjXG.exe
  C:\Windows\System\sorZjXG.exe
  2⤵
  PID:1956
- C:\Windows\System\iMIJBnn.exe
  C:\Windows\System\iMIJBnn.exe
  2⤵
  PID:4144
- C:\Windows\System\UyYaCiD.exe
  C:\Windows\System\UyYaCiD.exe
  2⤵
  PID:4488
- C:\Windows\System\oXePILO.exe
  C:\Windows\System\oXePILO.exe
  2⤵
  PID:2708
- C:\Windows\System\zIfCzJQ.exe
  C:\Windows\System\zIfCzJQ.exe
  2⤵
  PID:3876
- C:\Windows\System\tGKGxkP.exe
  C:\Windows\System\tGKGxkP.exe
  2⤵
  PID:5128
- C:\Windows\System\OYfyYBf.exe
  C:\Windows\System\OYfyYBf.exe
  2⤵
  PID:5148
- C:\Windows\System\ckgXvAZ.exe
  C:\Windows\System\ckgXvAZ.exe
  2⤵
  PID:5164
- C:\Windows\System\AmMVfGT.exe
  C:\Windows\System\AmMVfGT.exe
  2⤵
  PID:5188
- C:\Windows\System\qTTuQAN.exe
  C:\Windows\System\qTTuQAN.exe
  2⤵
  PID:5216
- C:\Windows\System\UoqAxih.exe
  C:\Windows\System\UoqAxih.exe
  2⤵
  PID:5236
- C:\Windows\System\RGiMooY.exe
  C:\Windows\System\RGiMooY.exe
  2⤵
  PID:5260
- C:\Windows\System\rmSnjOY.exe
  C:\Windows\System\rmSnjOY.exe
  2⤵
  PID:5284
- C:\Windows\System\TdXlPhf.exe
  C:\Windows\System\TdXlPhf.exe
  2⤵
  PID:5312
- C:\Windows\System\UotsucI.exe
  C:\Windows\System\UotsucI.exe
  2⤵
  PID:5336
- C:\Windows\System\EGvLqKf.exe
  C:\Windows\System\EGvLqKf.exe
  2⤵
  PID:5352
- C:\Windows\System\QAogHwX.exe
  C:\Windows\System\QAogHwX.exe
  2⤵
  PID:5376
- C:\Windows\System\mCUbASt.exe
  C:\Windows\System\mCUbASt.exe
  2⤵
  PID:5400
- C:\Windows\System\rAlzRDP.exe
  C:\Windows\System\rAlzRDP.exe
  2⤵
  PID:5424
- C:\Windows\System\LOIaelh.exe
  C:\Windows\System\LOIaelh.exe
  2⤵
  PID:5444
- C:\Windows\System\Savlqbk.exe
  C:\Windows\System\Savlqbk.exe
  2⤵
  PID:5464
- C:\Windows\System\KEQToTz.exe
  C:\Windows\System\KEQToTz.exe
  2⤵
  PID:5484
- C:\Windows\System\YuJCbSD.exe
  C:\Windows\System\YuJCbSD.exe
  2⤵
  PID:5504
- C:\Windows\System\uoLtozI.exe
  C:\Windows\System\uoLtozI.exe
  2⤵
  PID:5528
- C:\Windows\System\fQNnbIO.exe
  C:\Windows\System\fQNnbIO.exe
  2⤵
  PID:5552
- C:\Windows\System\EHdCxkr.exe
  C:\Windows\System\EHdCxkr.exe
  2⤵
  PID:5572
- C:\Windows\System\ETmSMNw.exe
  C:\Windows\System\ETmSMNw.exe
  2⤵
  PID:5596
- C:\Windows\System\dmBJdNA.exe
  C:\Windows\System\dmBJdNA.exe
  2⤵
  PID:5612
- C:\Windows\System\SsDxLtp.exe
  C:\Windows\System\SsDxLtp.exe
  2⤵
  PID:5636
- C:\Windows\System\hEmTBoM.exe
  C:\Windows\System\hEmTBoM.exe
  2⤵
  PID:5656
- C:\Windows\System\qdxMoPU.exe
  C:\Windows\System\qdxMoPU.exe
  2⤵
  PID:5676
- C:\Windows\System\IuyajSf.exe
  C:\Windows\System\IuyajSf.exe
  2⤵
  PID:5700
- C:\Windows\System\pPHoubg.exe
  C:\Windows\System\pPHoubg.exe
  2⤵
  PID:5732
- C:\Windows\System\SUepZCn.exe
  C:\Windows\System\SUepZCn.exe
  2⤵
  PID:5748
- C:\Windows\System\nPNyetR.exe
  C:\Windows\System\nPNyetR.exe
  2⤵
  PID:5772
- C:\Windows\System\ioTFcBI.exe
  C:\Windows\System\ioTFcBI.exe
  2⤵
  PID:5792
- C:\Windows\System\RSMtvcK.exe
  C:\Windows\System\RSMtvcK.exe
  2⤵
  PID:5812
- C:\Windows\System\rzeDsLR.exe
  C:\Windows\System\rzeDsLR.exe
  2⤵
  PID:5844
- C:\Windows\System\lZuiVBI.exe
  C:\Windows\System\lZuiVBI.exe
  2⤵
  PID:5876
- C:\Windows\System\KiwJcap.exe
  C:\Windows\System\KiwJcap.exe
  2⤵
  PID:5892
- C:\Windows\System\ZXoXfMy.exe
  C:\Windows\System\ZXoXfMy.exe
  2⤵
  PID:5924
- C:\Windows\System\RBCpdQV.exe
  C:\Windows\System\RBCpdQV.exe
  2⤵
  PID:5948
- C:\Windows\System\kyTexXe.exe
  C:\Windows\System\kyTexXe.exe
  2⤵
  PID:5972
- C:\Windows\System\LNSPwhV.exe
  C:\Windows\System\LNSPwhV.exe
  2⤵
  PID:6004
- C:\Windows\System\csPCVaw.exe
  C:\Windows\System\csPCVaw.exe
  2⤵
  PID:6020
- C:\Windows\System\rPPKgHx.exe
  C:\Windows\System\rPPKgHx.exe
  2⤵
  PID:6044
- C:\Windows\System\YbXmxMr.exe
  C:\Windows\System\YbXmxMr.exe
  2⤵
  PID:6080
- C:\Windows\System\hpQGqxj.exe
  C:\Windows\System\hpQGqxj.exe
  2⤵
  PID:6108
- C:\Windows\System\dJdKFQo.exe
  C:\Windows\System\dJdKFQo.exe
  2⤵
  PID:6128
- C:\Windows\System\AivpaXg.exe
  C:\Windows\System\AivpaXg.exe
  2⤵
  PID:1616
- C:\Windows\System\AbFUqiC.exe
  C:\Windows\System\AbFUqiC.exe
  2⤵
  PID:3048
- C:\Windows\System\SDEJSZr.exe
  C:\Windows\System\SDEJSZr.exe
  2⤵
  PID:5176
- C:\Windows\System\ifmcTCV.exe
  C:\Windows\System\ifmcTCV.exe
  2⤵
  PID:2540
- C:\Windows\System\mAnfIPQ.exe
  C:\Windows\System\mAnfIPQ.exe
  2⤵
  PID:3032
- C:\Windows\System\CLmsiHf.exe
  C:\Windows\System\CLmsiHf.exe
  2⤵
  PID:1184
- C:\Windows\System\CSgpCQC.exe
  C:\Windows\System\CSgpCQC.exe
  2⤵
  PID:636
- C:\Windows\System\lgnJmoL.exe
  C:\Windows\System\lgnJmoL.exe
  2⤵
  PID:1128
- C:\Windows\System\Qllmezl.exe
  C:\Windows\System\Qllmezl.exe
  2⤵
  PID:2208
- C:\Windows\System\gLVzFGP.exe
  C:\Windows\System\gLVzFGP.exe
  2⤵
  PID:5228
- C:\Windows\System\iQlJbBW.exe
  C:\Windows\System\iQlJbBW.exe
  2⤵
  PID:5268
- C:\Windows\System\nvftjll.exe
  C:\Windows\System\nvftjll.exe
  2⤵
  PID:5808
- C:\Windows\System\PfNunmi.exe
  C:\Windows\System\PfNunmi.exe
  2⤵
  PID:5408
- C:\Windows\System\uSyeecP.exe
  C:\Windows\System\uSyeecP.exe
  2⤵
  PID:5452
- C:\Windows\System\JHHZkgE.exe
  C:\Windows\System\JHHZkgE.exe
  2⤵
  PID:5496
- C:\Windows\System\qVpIbOT.exe
  C:\Windows\System\qVpIbOT.exe
  2⤵
  PID:5860
- C:\Windows\System\RIdCmiS.exe
  C:\Windows\System\RIdCmiS.exe
  2⤵
  PID:5984
- C:\Windows\System\gwJCCdm.exe
  C:\Windows\System\gwJCCdm.exe
  2⤵
  PID:5368
- C:\Windows\System\MpVEDEE.exe
  C:\Windows\System\MpVEDEE.exe
  2⤵
  PID:5780
- C:\Windows\System\JNLYBrs.exe
  C:\Windows\System\JNLYBrs.exe
  2⤵
  PID:5888
- C:\Windows\System\lDNYNxj.exe
  C:\Windows\System\lDNYNxj.exe
  2⤵
  PID:5592
- C:\Windows\System\bfmYHZo.exe
  C:\Windows\System\bfmYHZo.exe
  2⤵
  PID:5604
- C:\Windows\System\yrlfpAP.exe
  C:\Windows\System\yrlfpAP.exe
  2⤵
  PID:5644
- C:\Windows\System\iGioQFh.exe
  C:\Windows\System\iGioQFh.exe
  2⤵
  PID:6148
- C:\Windows\System\koEFtai.exe
  C:\Windows\System\koEFtai.exe
  2⤵
  PID:6172
- C:\Windows\System\qBkKnCF.exe
  C:\Windows\System\qBkKnCF.exe
  2⤵
  PID:6196
- C:\Windows\System\urRTDiH.exe
  C:\Windows\System\urRTDiH.exe
  2⤵
  PID:6216
- C:\Windows\System\zkESeqr.exe
  C:\Windows\System\zkESeqr.exe
  2⤵
  PID:6236
- C:\Windows\System\BlnEMdR.exe
  C:\Windows\System\BlnEMdR.exe
  2⤵
  PID:6252
- C:\Windows\System\PTouLSb.exe
  C:\Windows\System\PTouLSb.exe
  2⤵
  PID:6268
- C:\Windows\System\KSxsCeM.exe
  C:\Windows\System\KSxsCeM.exe
  2⤵
  PID:6284
- C:\Windows\System\EMMixiY.exe
  C:\Windows\System\EMMixiY.exe
  2⤵
  PID:6300
- C:\Windows\System\UziuIqZ.exe
  C:\Windows\System\UziuIqZ.exe
  2⤵
  PID:6328
- C:\Windows\System\FXuphEC.exe
  C:\Windows\System\FXuphEC.exe
  2⤵
  PID:6344
- C:\Windows\System\YjZwktc.exe
  C:\Windows\System\YjZwktc.exe
  2⤵
  PID:6364
- C:\Windows\System\vKvCdnT.exe
  C:\Windows\System\vKvCdnT.exe
  2⤵
  PID:6380
- C:\Windows\System\AxmSkxM.exe
  C:\Windows\System\AxmSkxM.exe
  2⤵
  PID:6424
- C:\Windows\System\JdSZBiV.exe
  C:\Windows\System\JdSZBiV.exe
  2⤵
  PID:6456
- C:\Windows\System\ZpfHKqE.exe
  C:\Windows\System\ZpfHKqE.exe
  2⤵
  PID:6480
- C:\Windows\System\kIYgUVz.exe
  C:\Windows\System\kIYgUVz.exe
  2⤵
  PID:6508
- C:\Windows\System\OCBzopu.exe
  C:\Windows\System\OCBzopu.exe
  2⤵
  PID:6532
- C:\Windows\System\Fnagkkz.exe
  C:\Windows\System\Fnagkkz.exe
  2⤵
  PID:6556
- C:\Windows\System\NoBUSyP.exe
  C:\Windows\System\NoBUSyP.exe
  2⤵
  PID:6572
- C:\Windows\System\zjxzRbC.exe
  C:\Windows\System\zjxzRbC.exe
  2⤵
  PID:6600
- C:\Windows\System\tpGBHyU.exe
  C:\Windows\System\tpGBHyU.exe
  2⤵
  PID:6628
- C:\Windows\System\jCfJJXo.exe
  C:\Windows\System\jCfJJXo.exe
  2⤵
  PID:6644
- C:\Windows\System\RXWRKLU.exe
  C:\Windows\System\RXWRKLU.exe
  2⤵
  PID:6660
- C:\Windows\System\Pfivwmb.exe
  C:\Windows\System\Pfivwmb.exe
  2⤵
  PID:6684
- C:\Windows\System\KkswxqF.exe
  C:\Windows\System\KkswxqF.exe
  2⤵
  PID:6700
- C:\Windows\System\BucANlB.exe
  C:\Windows\System\BucANlB.exe
  2⤵
  PID:6728
- C:\Windows\System\UylJbrj.exe
  C:\Windows\System\UylJbrj.exe
  2⤵
  PID:6756
- C:\Windows\System\RXiQdZd.exe
  C:\Windows\System\RXiQdZd.exe
  2⤵
  PID:6772
- C:\Windows\System\UayBKgC.exe
  C:\Windows\System\UayBKgC.exe
  2⤵
  PID:6792
- C:\Windows\System\XYTuzoF.exe
  C:\Windows\System\XYTuzoF.exe
  2⤵
  PID:6816
- C:\Windows\System\crRJqZU.exe
  C:\Windows\System\crRJqZU.exe
  2⤵
  PID:6836
- C:\Windows\System\auuIHQY.exe
  C:\Windows\System\auuIHQY.exe
  2⤵
  PID:6856
- C:\Windows\System\nQojyBQ.exe
  C:\Windows\System\nQojyBQ.exe
  2⤵
  PID:6884
- C:\Windows\System\fSqhpGj.exe
  C:\Windows\System\fSqhpGj.exe
  2⤵
  PID:6908
- C:\Windows\System\MsmXFGm.exe
  C:\Windows\System\MsmXFGm.exe
  2⤵
  PID:6932
- C:\Windows\System\vjtZYlU.exe
  C:\Windows\System\vjtZYlU.exe
  2⤵
  PID:6952
- C:\Windows\System\EMuQBIL.exe
  C:\Windows\System\EMuQBIL.exe
  2⤵
  PID:6980
- C:\Windows\System\DLmMngX.exe
  C:\Windows\System\DLmMngX.exe
  2⤵
  PID:6996
- C:\Windows\System\QNoNSum.exe
  C:\Windows\System\QNoNSum.exe
  2⤵
  PID:7012
- C:\Windows\System\abyAdBb.exe
  C:\Windows\System\abyAdBb.exe
  2⤵
  PID:5788
- C:\Windows\System\MCIqwfP.exe
  C:\Windows\System\MCIqwfP.exe
  2⤵
  PID:5944
- C:\Windows\System\dSFiOkV.exe
  C:\Windows\System\dSFiOkV.exe
  2⤵
  PID:5196
- C:\Windows\System\JtgyTvW.exe
  C:\Windows\System\JtgyTvW.exe
  2⤵
  PID:6028
- C:\Windows\System\AaszFrC.exe
  C:\Windows\System\AaszFrC.exe
  2⤵
  PID:6056
- C:\Windows\System\AnzbpZA.exe
  C:\Windows\System\AnzbpZA.exe
  2⤵
  PID:4196
- C:\Windows\System\BeJRLQJ.exe
  C:\Windows\System\BeJRLQJ.exe
  2⤵
  PID:6096
- C:\Windows\System\FxxbMVf.exe
  C:\Windows\System\FxxbMVf.exe
  2⤵
  PID:6292
- C:\Windows\System\EYxgPmA.exe
  C:\Windows\System\EYxgPmA.exe
  2⤵
  PID:5384
- C:\Windows\System\yNBQCCZ.exe
  C:\Windows\System\yNBQCCZ.exe
  2⤵
  PID:6360
- C:\Windows\System\bJaxCAs.exe
  C:\Windows\System\bJaxCAs.exe
  2⤵
  PID:6396
- C:\Windows\System\bGCNFwz.exe
  C:\Windows\System\bGCNFwz.exe
  2⤵
  PID:6440
- C:\Windows\System\vAcqWmf.exe
  C:\Windows\System\vAcqWmf.exe
  2⤵
  PID:6844
- C:\Windows\System\yNcPoYv.exe
  C:\Windows\System\yNcPoYv.exe
  2⤵
  PID:6140
- C:\Windows\System\WYkfceM.exe
  C:\Windows\System\WYkfceM.exe
  2⤵
  PID:4356
- C:\Windows\System\IMZeGKk.exe
  C:\Windows\System\IMZeGKk.exe
  2⤵
  PID:6924
- C:\Windows\System\UEWEnxs.exe
  C:\Windows\System\UEWEnxs.exe
  2⤵
  PID:6156
- C:\Windows\System\uvRzsJc.exe
  C:\Windows\System\uvRzsJc.exe
  2⤵
  PID:7004
- C:\Windows\System\onwgxyG.exe
  C:\Windows\System\onwgxyG.exe
  2⤵
  PID:5172
- C:\Windows\System\KUSsmXT.exe
  C:\Windows\System\KUSsmXT.exe
  2⤵
  PID:6296
- C:\Windows\System\zQXBpEK.exe
  C:\Windows\System\zQXBpEK.exe
  2⤵
  PID:6408
- C:\Windows\System\fYOLdxP.exe
  C:\Windows\System\fYOLdxP.exe
  2⤵
  PID:7072
- C:\Windows\System\zMFNwEA.exe
  C:\Windows\System\zMFNwEA.exe
  2⤵
  PID:6472
- C:\Windows\System\cqyWUiI.exe
  C:\Windows\System\cqyWUiI.exe
  2⤵
  PID:5472
- C:\Windows\System\ZNHwMfn.exe
  C:\Windows\System\ZNHwMfn.exe
  2⤵
  PID:5536
- C:\Windows\System\ZslgSdq.exe
  C:\Windows\System\ZslgSdq.exe
  2⤵
  PID:6668
- C:\Windows\System\SAlCEoc.exe
  C:\Windows\System\SAlCEoc.exe
  2⤵
  PID:6720
- C:\Windows\System\PcBMpye.exe
  C:\Windows\System\PcBMpye.exe
  2⤵
  PID:6768
- C:\Windows\System\ygCAjnQ.exe
  C:\Windows\System\ygCAjnQ.exe
  2⤵
  PID:5884
- C:\Windows\System\EOEmgnu.exe
  C:\Windows\System\EOEmgnu.exe
  2⤵
  PID:368
- C:\Windows\System\qtKvFIk.exe
  C:\Windows\System\qtKvFIk.exe
  2⤵
  PID:7192
- C:\Windows\System\LSLBEDi.exe
  C:\Windows\System\LSLBEDi.exe
  2⤵
  PID:7208
- C:\Windows\System\SUyNGTd.exe
  C:\Windows\System\SUyNGTd.exe
  2⤵
  PID:7232
- C:\Windows\System\tqZhQrn.exe
  C:\Windows\System\tqZhQrn.exe
  2⤵
  PID:7260
- C:\Windows\System\cPtVhyJ.exe
  C:\Windows\System\cPtVhyJ.exe
  2⤵
  PID:7280
- C:\Windows\System\uhpQxQU.exe
  C:\Windows\System\uhpQxQU.exe
  2⤵
  PID:7308
- C:\Windows\System\CYjrBEX.exe
  C:\Windows\System\CYjrBEX.exe
  2⤵
  PID:7336
- C:\Windows\System\zybObam.exe
  C:\Windows\System\zybObam.exe
  2⤵
  PID:7360
- C:\Windows\System\FwjcMzy.exe
  C:\Windows\System\FwjcMzy.exe
  2⤵
  PID:7384
- C:\Windows\System\fVoRECK.exe
  C:\Windows\System\fVoRECK.exe
  2⤵
  PID:7400
- C:\Windows\System\VlxWxMU.exe
  C:\Windows\System\VlxWxMU.exe
  2⤵
  PID:7432
- C:\Windows\System\cHhRxGH.exe
  C:\Windows\System\cHhRxGH.exe
  2⤵
  PID:7452
- C:\Windows\System\VfMLfBO.exe
  C:\Windows\System\VfMLfBO.exe
  2⤵
  PID:7476
- C:\Windows\System\qoDohhr.exe
  C:\Windows\System\qoDohhr.exe
  2⤵
  PID:7508
- C:\Windows\System\XtOkhKx.exe
  C:\Windows\System\XtOkhKx.exe
  2⤵
  PID:7532
- C:\Windows\System\fLItQOV.exe
  C:\Windows\System\fLItQOV.exe
  2⤵
  PID:7552
- C:\Windows\System\SFpFbsr.exe
  C:\Windows\System\SFpFbsr.exe
  2⤵
  PID:7576
- C:\Windows\System\WwuHXJD.exe
  C:\Windows\System\WwuHXJD.exe
  2⤵
  PID:7592
- C:\Windows\System\OQQYVva.exe
  C:\Windows\System\OQQYVva.exe
  2⤵
  PID:7620
- C:\Windows\System\NOzyZBu.exe
  C:\Windows\System\NOzyZBu.exe
  2⤵
  PID:7636
- C:\Windows\System\Vdepkwh.exe
  C:\Windows\System\Vdepkwh.exe
  2⤵
  PID:7668
- C:\Windows\System\opZsxAR.exe
  C:\Windows\System\opZsxAR.exe
  2⤵
  PID:7684
- C:\Windows\System\QGpbrMu.exe
  C:\Windows\System\QGpbrMu.exe
  2⤵
  PID:7708
- C:\Windows\System\jVgNnrU.exe
  C:\Windows\System\jVgNnrU.exe
  2⤵
  PID:7728
- C:\Windows\System\RsUwyZX.exe
  C:\Windows\System\RsUwyZX.exe
  2⤵
  PID:7748
- C:\Windows\System\tXTcWZa.exe
  C:\Windows\System\tXTcWZa.exe
  2⤵
  PID:7768
- C:\Windows\System\gOJjPrG.exe
  C:\Windows\System\gOJjPrG.exe
  2⤵
  PID:7792
- C:\Windows\System\PNFuUWM.exe
  C:\Windows\System\PNFuUWM.exe
  2⤵
  PID:7816
- C:\Windows\System\viohfoE.exe
  C:\Windows\System\viohfoE.exe
  2⤵
  PID:7836
- C:\Windows\System\jvcFRGc.exe
  C:\Windows\System\jvcFRGc.exe
  2⤵
  PID:7852
- C:\Windows\System\KMDrZMv.exe
  C:\Windows\System\KMDrZMv.exe
  2⤵
  PID:7880
- C:\Windows\System\dFPZEIo.exe
  C:\Windows\System\dFPZEIo.exe
  2⤵
  PID:7912
- C:\Windows\System\VONtmVJ.exe
  C:\Windows\System\VONtmVJ.exe
  2⤵
  PID:7932
- C:\Windows\System\HkscyPs.exe
  C:\Windows\System\HkscyPs.exe
  2⤵
  PID:7956
- C:\Windows\System\gylMEKC.exe
  C:\Windows\System\gylMEKC.exe
  2⤵
  PID:7976
- C:\Windows\System\eYNSIsx.exe
  C:\Windows\System\eYNSIsx.exe
  2⤵
  PID:8016
- C:\Windows\System\XHrkxMh.exe
  C:\Windows\System\XHrkxMh.exe
  2⤵
  PID:8032
- C:\Windows\System\RPvdInG.exe
  C:\Windows\System\RPvdInG.exe
  2⤵
  PID:8060
- C:\Windows\System\xMiOkYi.exe
  C:\Windows\System\xMiOkYi.exe
  2⤵
  PID:8080
- C:\Windows\System\MGAouNc.exe
  C:\Windows\System\MGAouNc.exe
  2⤵
  PID:8100
- C:\Windows\System\aDLGANk.exe
  C:\Windows\System\aDLGANk.exe
  2⤵
  PID:8132
- C:\Windows\System\SShNurp.exe
  C:\Windows\System\SShNurp.exe
  2⤵
  PID:8160
- C:\Windows\System\MpllDLm.exe
  C:\Windows\System\MpllDLm.exe
  2⤵
  PID:8176
- C:\Windows\System\UUxdHJH.exe
  C:\Windows\System\UUxdHJH.exe
  2⤵
  PID:6168
- C:\Windows\System\SAltSZG.exe
  C:\Windows\System\SAltSZG.exe
  2⤵
  PID:6188
- C:\Windows\System\ErRaivl.exe
  C:\Windows\System\ErRaivl.exe
  2⤵
  PID:4824
- C:\Windows\System\STKjmzD.exe
  C:\Windows\System\STKjmzD.exe
  2⤵
  PID:7048
- C:\Windows\System\GjSmtWz.exe
  C:\Windows\System\GjSmtWz.exe
  2⤵
  PID:6052
- C:\Windows\System\lZlMicw.exe
  C:\Windows\System\lZlMicw.exe
  2⤵
  PID:6372
- C:\Windows\System\DnHiJAK.exe
  C:\Windows\System\DnHiJAK.exe
  2⤵
  PID:6468
- C:\Windows\System\fnQduqp.exe
  C:\Windows\System\fnQduqp.exe
  2⤵
  PID:6544
- C:\Windows\System\aoazsyY.exe
  C:\Windows\System\aoazsyY.exe
  2⤵
  PID:6568
- C:\Windows\System\SbITOCf.exe
  C:\Windows\System\SbITOCf.exe
  2⤵
  PID:6692
- C:\Windows\System\UTFVTZy.exe
  C:\Windows\System\UTFVTZy.exe
  2⤵
  PID:6392
- C:\Windows\System\kXLOCbm.exe
  C:\Windows\System\kXLOCbm.exe
  2⤵
  PID:6824
- C:\Windows\System\euBTHon.exe
  C:\Windows\System\euBTHon.exe
  2⤵
  PID:7160
- C:\Windows\System\CYMRRtm.exe
  C:\Windows\System\CYMRRtm.exe
  2⤵
  PID:6808
- C:\Windows\System\YDPZcIi.exe
  C:\Windows\System\YDPZcIi.exe
  2⤵
  PID:7204
- C:\Windows\System\GZeRPrZ.exe
  C:\Windows\System\GZeRPrZ.exe
  2⤵
  PID:7288
- C:\Windows\System\NSPGEFg.exe
  C:\Windows\System\NSPGEFg.exe
  2⤵
  PID:4132
- C:\Windows\System\riYbsmT.exe
  C:\Windows\System\riYbsmT.exe
  2⤵
  PID:7380
- C:\Windows\System\iqsTfBa.exe
  C:\Windows\System\iqsTfBa.exe
  2⤵
  PID:7440
- C:\Windows\System\gnJisgk.exe
  C:\Windows\System\gnJisgk.exe
  2⤵
  PID:7468
- C:\Windows\System\wMMVsgI.exe
  C:\Windows\System\wMMVsgI.exe
  2⤵
  PID:6212
- C:\Windows\System\UlRhJze.exe
  C:\Windows\System\UlRhJze.exe
  2⤵
  PID:5684
- C:\Windows\System\LsBOHwH.exe
  C:\Windows\System\LsBOHwH.exe
  2⤵
  PID:6940
- C:\Windows\System\lxSubqG.exe
  C:\Windows\System\lxSubqG.exe
  2⤵
  PID:8216
- C:\Windows\System\NowPuYA.exe
  C:\Windows\System\NowPuYA.exe
  2⤵
  PID:8240
- C:\Windows\System\UQqTAkA.exe
  C:\Windows\System\UQqTAkA.exe
  2⤵
  PID:8260
- C:\Windows\System\kfvRhJs.exe
  C:\Windows\System\kfvRhJs.exe
  2⤵
  PID:8288
- C:\Windows\System\FdkMSuu.exe
  C:\Windows\System\FdkMSuu.exe
  2⤵
  PID:8308
- C:\Windows\System\vsikqOY.exe
  C:\Windows\System\vsikqOY.exe
  2⤵
  PID:8328
- C:\Windows\System\YsgvEVY.exe
  C:\Windows\System\YsgvEVY.exe
  2⤵
  PID:8348
- C:\Windows\System\pEkzzem.exe
  C:\Windows\System\pEkzzem.exe
  2⤵
  PID:8368
- C:\Windows\System\gmIOtOt.exe
  C:\Windows\System\gmIOtOt.exe
  2⤵
  PID:8388
- C:\Windows\System\VbueenS.exe
  C:\Windows\System\VbueenS.exe
  2⤵
  PID:8412
- C:\Windows\System\ZYkbQZu.exe
  C:\Windows\System\ZYkbQZu.exe
  2⤵
  PID:8440
- C:\Windows\System\UEUukqS.exe
  C:\Windows\System\UEUukqS.exe
  2⤵
  PID:8472
- C:\Windows\System\uqIdKxy.exe
  C:\Windows\System\uqIdKxy.exe
  2⤵
  PID:8496
- C:\Windows\System\daJmkEe.exe
  C:\Windows\System\daJmkEe.exe
  2⤵
  PID:8516
- C:\Windows\System\prmmVRv.exe
  C:\Windows\System\prmmVRv.exe
  2⤵
  PID:8540
- C:\Windows\System\qOWKIPY.exe
  C:\Windows\System\qOWKIPY.exe
  2⤵
  PID:8560
- C:\Windows\System\KRTnyXB.exe
  C:\Windows\System\KRTnyXB.exe
  2⤵
  PID:8580
- C:\Windows\System\fKGNfSp.exe
  C:\Windows\System\fKGNfSp.exe
  2⤵
  PID:8608
- C:\Windows\System\hNGHxdq.exe
  C:\Windows\System\hNGHxdq.exe
  2⤵
  PID:8632
- C:\Windows\System\xVUHmfE.exe
  C:\Windows\System\xVUHmfE.exe
  2⤵
  PID:8652
- C:\Windows\System\jcTqbeV.exe
  C:\Windows\System\jcTqbeV.exe
  2⤵
  PID:8676
- C:\Windows\System\mtJCbZS.exe
  C:\Windows\System\mtJCbZS.exe
  2⤵
  PID:8696
- C:\Windows\System\aMNruJM.exe
  C:\Windows\System\aMNruJM.exe
  2⤵
  PID:8712
- C:\Windows\System\thoWGJZ.exe
  C:\Windows\System\thoWGJZ.exe
  2⤵
  PID:8732
- C:\Windows\System\rXrTVZk.exe
  C:\Windows\System\rXrTVZk.exe
  2⤵
  PID:8752
- C:\Windows\System\vQXovsf.exe
  C:\Windows\System\vQXovsf.exe
  2⤵
  PID:8780
- C:\Windows\System\ZkMvhhC.exe
  C:\Windows\System\ZkMvhhC.exe
  2⤵
  PID:8800
- C:\Windows\System\ODLMzwh.exe
  C:\Windows\System\ODLMzwh.exe
  2⤵
  PID:8820
- C:\Windows\System\wZiBPTE.exe
  C:\Windows\System\wZiBPTE.exe
  2⤵
  PID:8844
- C:\Windows\System\MXRTbya.exe
  C:\Windows\System\MXRTbya.exe
  2⤵
  PID:8864
- C:\Windows\System\OkjWOad.exe
  C:\Windows\System\OkjWOad.exe
  2⤵
  PID:8888
- C:\Windows\System\VKYqUkT.exe
  C:\Windows\System\VKYqUkT.exe
  2⤵
  PID:8912
- C:\Windows\System\sNDavMZ.exe
  C:\Windows\System\sNDavMZ.exe
  2⤵
  PID:8932
- C:\Windows\System\wddmoeU.exe
  C:\Windows\System\wddmoeU.exe
  2⤵
  PID:8952
- C:\Windows\System\JAvZEfE.exe
  C:\Windows\System\JAvZEfE.exe
  2⤵
  PID:8976
- C:\Windows\System\TFMRIOi.exe
  C:\Windows\System\TFMRIOi.exe
  2⤵
  PID:8996
- C:\Windows\System\WUUZQuc.exe
  C:\Windows\System\WUUZQuc.exe
  2⤵
  PID:9020
- C:\Windows\System\RDAnKsA.exe
  C:\Windows\System\RDAnKsA.exe
  2⤵
  PID:9048
- C:\Windows\System\qfzuHXq.exe
  C:\Windows\System\qfzuHXq.exe
  2⤵
  PID:9064
- C:\Windows\System\ruVXiqb.exe
  C:\Windows\System\ruVXiqb.exe
  2⤵
  PID:9092
- C:\Windows\System\VDXMmLX.exe
  C:\Windows\System\VDXMmLX.exe
  2⤵
  PID:9112
- C:\Windows\System\EpCeGdo.exe
  C:\Windows\System\EpCeGdo.exe
  2⤵
  PID:9144
- C:\Windows\System\TfCeZQz.exe
  C:\Windows\System\TfCeZQz.exe
  2⤵
  PID:9160
- C:\Windows\System\vqDEToj.exe
  C:\Windows\System\vqDEToj.exe
  2⤵
  PID:9184
- C:\Windows\System\VJHgQoB.exe
  C:\Windows\System\VJHgQoB.exe
  2⤵
  PID:9208
- C:\Windows\System\vndGYWc.exe
  C:\Windows\System\vndGYWc.exe
  2⤵
  PID:7716
- C:\Windows\System\HcHMZMh.exe
  C:\Windows\System\HcHMZMh.exe
  2⤵
  PID:6448
- C:\Windows\System\IJpyhrG.exe
  C:\Windows\System\IJpyhrG.exe
  2⤵
  PID:7940
- C:\Windows\System\MexEMpm.exe
  C:\Windows\System\MexEMpm.exe
  2⤵
  PID:8028
- C:\Windows\System\uwzzADa.exe
  C:\Windows\System\uwzzADa.exe
  2⤵
  PID:8120
- C:\Windows\System\dXrcbwb.exe
  C:\Windows\System\dXrcbwb.exe
  2⤵
  PID:8188
- C:\Windows\System\wfSDgBt.exe
  C:\Windows\System\wfSDgBt.exe
  2⤵
  PID:3084
- C:\Windows\System\osEPcyw.exe
  C:\Windows\System\osEPcyw.exe
  2⤵
  PID:7472
- C:\Windows\System\aQryVuj.exe
  C:\Windows\System\aQryVuj.exe
  2⤵
  PID:5208
- C:\Windows\System\wHPtwWi.exe
  C:\Windows\System\wHPtwWi.exe
  2⤵
  PID:2096
- C:\Windows\System\Ibtzxab.exe
  C:\Windows\System\Ibtzxab.exe
  2⤵
  PID:7564
- C:\Windows\System\DSSgRyX.exe
  C:\Windows\System\DSSgRyX.exe
  2⤵
  PID:6708
- C:\Windows\System\MLkrTpw.exe
  C:\Windows\System\MLkrTpw.exe
  2⤵
  PID:3212
- C:\Windows\System\hWByLWH.exe
  C:\Windows\System\hWByLWH.exe
  2⤵
  PID:7648
- C:\Windows\System\GIhjXje.exe
  C:\Windows\System\GIhjXje.exe
  2⤵
  PID:6868
- C:\Windows\System\hRHguiC.exe
  C:\Windows\System\hRHguiC.exe
  2⤵
  PID:7680
- C:\Windows\System\CSOaiEy.exe
  C:\Windows\System\CSOaiEy.exe
  2⤵
  PID:7420
- C:\Windows\System\xgkuKSU.exe
  C:\Windows\System\xgkuKSU.exe
  2⤵
  PID:8200
- C:\Windows\System\fNvyoGl.exe
  C:\Windows\System\fNvyoGl.exe
  2⤵
  PID:7788
- C:\Windows\System\dXIFnIj.exe
  C:\Windows\System\dXIFnIj.exe
  2⤵
  PID:7804
- C:\Windows\System\IUiFRWe.exe
  C:\Windows\System\IUiFRWe.exe
  2⤵
  PID:8376
- C:\Windows\System\GiSGpQX.exe
  C:\Windows\System\GiSGpQX.exe
  2⤵
  PID:8380
- C:\Windows\System\UKWgFKE.exe
  C:\Windows\System\UKWgFKE.exe
  2⤵
  PID:7908
- C:\Windows\System\DJQUAMD.exe
  C:\Windows\System\DJQUAMD.exe
  2⤵
  PID:7948
- C:\Windows\System\JGPgrAq.exe
  C:\Windows\System\JGPgrAq.exe
  2⤵
  PID:5372
- C:\Windows\System\aoVpFvp.exe
  C:\Windows\System\aoVpFvp.exe
  2⤵
  PID:8072
- C:\Windows\System\ZZwYwPQ.exe
  C:\Windows\System\ZZwYwPQ.exe
  2⤵
  PID:8512
- C:\Windows\System\wwyPwzb.exe
  C:\Windows\System\wwyPwzb.exe
  2⤵
  PID:8552
- C:\Windows\System\NCiKBOw.exe
  C:\Windows\System\NCiKBOw.exe
  2⤵
  PID:8616
- C:\Windows\System\qCHBxst.exe
  C:\Windows\System\qCHBxst.exe
  2⤵
  PID:8660
- C:\Windows\System\kFytmDW.exe
  C:\Windows\System\kFytmDW.exe
  2⤵
  PID:8692
- C:\Windows\System\IhdNYZB.exe
  C:\Windows\System\IhdNYZB.exe
  2⤵
  PID:6204
- C:\Windows\System\JtjGTtL.exe
  C:\Windows\System\JtjGTtL.exe
  2⤵
  PID:8728
- C:\Windows\System\ioUBxGe.exe
  C:\Windows\System\ioUBxGe.exe
  2⤵
  PID:8792
- C:\Windows\System\JEKEeCr.exe
  C:\Windows\System\JEKEeCr.exe
  2⤵
  PID:9232
- C:\Windows\System\zXRSlic.exe
  C:\Windows\System\zXRSlic.exe
  2⤵
  PID:9256
- C:\Windows\System\sBxCeHO.exe
  C:\Windows\System\sBxCeHO.exe
  2⤵
  PID:9276
- C:\Windows\System\DtMaCsW.exe
  C:\Windows\System\DtMaCsW.exe
  2⤵
  PID:9300
- C:\Windows\System\zxcpSNz.exe
  C:\Windows\System\zxcpSNz.exe
  2⤵
  PID:9324
- C:\Windows\System\ZglALWz.exe
  C:\Windows\System\ZglALWz.exe
  2⤵
  PID:9340
- C:\Windows\System\viLdyCQ.exe
  C:\Windows\System\viLdyCQ.exe
  2⤵
  PID:9368
- C:\Windows\System\leCtfLA.exe
  C:\Windows\System\leCtfLA.exe
  2⤵
  PID:9388
- C:\Windows\System\MCNIICr.exe
  C:\Windows\System\MCNIICr.exe
  2⤵
  PID:9412
- C:\Windows\System\DwHFraH.exe
  C:\Windows\System\DwHFraH.exe
  2⤵
  PID:9432
- C:\Windows\System\iDEVnnk.exe
  C:\Windows\System\iDEVnnk.exe
  2⤵
  PID:9456
- C:\Windows\System\jtaTycT.exe
  C:\Windows\System\jtaTycT.exe
  2⤵
  PID:9484
- C:\Windows\System\fYdNlNv.exe
  C:\Windows\System\fYdNlNv.exe
  2⤵
  PID:9504
- C:\Windows\System\hMlveEv.exe
  C:\Windows\System\hMlveEv.exe
  2⤵
  PID:9524
- C:\Windows\System\oluWdPM.exe
  C:\Windows\System\oluWdPM.exe
  2⤵
  PID:9548
- C:\Windows\System\XUGbjYb.exe
  C:\Windows\System\XUGbjYb.exe
  2⤵
  PID:9568
- C:\Windows\System\lmwIfWZ.exe
  C:\Windows\System\lmwIfWZ.exe
  2⤵
  PID:9592
- C:\Windows\System\ICmZkKI.exe
  C:\Windows\System\ICmZkKI.exe
  2⤵
  PID:9612
- C:\Windows\System\xhOqtgW.exe
  C:\Windows\System\xhOqtgW.exe
  2⤵
  PID:9636
- C:\Windows\System\JlyrVov.exe
  C:\Windows\System\JlyrVov.exe
  2⤵
  PID:9660
- C:\Windows\System\ZpbXDEe.exe
  C:\Windows\System\ZpbXDEe.exe
  2⤵
  PID:9684
- C:\Windows\System\hfnbFEf.exe
  C:\Windows\System\hfnbFEf.exe
  2⤵
  PID:9708
- C:\Windows\System\fbynddc.exe
  C:\Windows\System\fbynddc.exe
  2⤵
  PID:9736
- C:\Windows\System\WKWKGWB.exe
  C:\Windows\System\WKWKGWB.exe
  2⤵
  PID:9752
- C:\Windows\System\rRaMMZO.exe
  C:\Windows\System\rRaMMZO.exe
  2⤵
  PID:9772
- C:\Windows\System\fxwwlRU.exe
  C:\Windows\System\fxwwlRU.exe
  2⤵
  PID:9792
- C:\Windows\System\fBviJqi.exe
  C:\Windows\System\fBviJqi.exe
  2⤵
  PID:9820
- C:\Windows\System\BHqtImJ.exe
  C:\Windows\System\BHqtImJ.exe
  2⤵
  PID:9840
- C:\Windows\System\TZOovDk.exe
  C:\Windows\System\TZOovDk.exe
  2⤵
  PID:9864
- C:\Windows\System\nOpJyLu.exe
  C:\Windows\System\nOpJyLu.exe
  2⤵
  PID:9892
- C:\Windows\System\OaHsXsl.exe
  C:\Windows\System\OaHsXsl.exe
  2⤵
  PID:9912
- C:\Windows\System\EuNLSsV.exe
  C:\Windows\System\EuNLSsV.exe
  2⤵
  PID:9928
- C:\Windows\System\VacGKaU.exe
  C:\Windows\System\VacGKaU.exe
  2⤵
  PID:9944
- C:\Windows\System\iigVJDD.exe
  C:\Windows\System\iigVJDD.exe
  2⤵
  PID:9960
- C:\Windows\System\tGYvaci.exe
  C:\Windows\System\tGYvaci.exe
  2⤵
  PID:9992
- C:\Windows\System\yQYGsZD.exe
  C:\Windows\System\yQYGsZD.exe
  2⤵
  PID:10016
- C:\Windows\System\YDeMoEc.exe
  C:\Windows\System\YDeMoEc.exe
  2⤵
  PID:10036
- C:\Windows\System\wcYjEeJ.exe
  C:\Windows\System\wcYjEeJ.exe
  2⤵
  PID:10056
- C:\Windows\System\HvWuKyr.exe
  C:\Windows\System\HvWuKyr.exe
  2⤵
  PID:10076
- C:\Windows\System\StmtAQs.exe
  C:\Windows\System\StmtAQs.exe
  2⤵
  PID:10100
- C:\Windows\System\vpSREiG.exe
  C:\Windows\System\vpSREiG.exe
  2⤵
  PID:10128
- C:\Windows\System\SwNlHAe.exe
  C:\Windows\System\SwNlHAe.exe
  2⤵
  PID:10152
- C:\Windows\System\DzilMCa.exe
  C:\Windows\System\DzilMCa.exe
  2⤵
  PID:10176
- C:\Windows\System\sywClwi.exe
  C:\Windows\System\sywClwi.exe
  2⤵
  PID:10196
- C:\Windows\System\DkkcmDy.exe
  C:\Windows\System\DkkcmDy.exe
  2⤵
  PID:10212
- C:\Windows\System\GJClesq.exe
  C:\Windows\System\GJClesq.exe
  2⤵
  PID:10232
- C:\Windows\System\YFGMzGI.exe
  C:\Windows\System\YFGMzGI.exe
  2⤵
  PID:6552
- C:\Windows\System\VtnSTWv.exe
  C:\Windows\System\VtnSTWv.exe
  2⤵
  PID:6564
- C:\Windows\System\ZshhFZu.exe
  C:\Windows\System\ZshhFZu.exe
  2⤵
  PID:6904
- C:\Windows\System\KFJxKNQ.exe
  C:\Windows\System\KFJxKNQ.exe
  2⤵
  PID:6988
- C:\Windows\System\TMtaVdj.exe
  C:\Windows\System\TMtaVdj.exe
  2⤵
  PID:9104
- C:\Windows\System\kEbvSDX.exe
  C:\Windows\System\kEbvSDX.exe
  2⤵
  PID:9152
- C:\Windows\System\xlItbIA.exe
  C:\Windows\System\xlItbIA.exe
  2⤵
  PID:7808
- C:\Windows\System\EzsUsPm.exe
  C:\Windows\System\EzsUsPm.exe
  2⤵
  PID:7744
- C:\Windows\System\LWGBssZ.exe
  C:\Windows\System\LWGBssZ.exe
  2⤵
  PID:8172
- C:\Windows\System\LyyvrWQ.exe
  C:\Windows\System\LyyvrWQ.exe
  2⤵
  PID:3260
- C:\Windows\System\thVtagE.exe
  C:\Windows\System\thVtagE.exe
  2⤵
  PID:7588
- C:\Windows\System\tzJaavU.exe
  C:\Windows\System\tzJaavU.exe
  2⤵
  PID:7632
- C:\Windows\System\YTHKNZX.exe
  C:\Windows\System\YTHKNZX.exe
  2⤵
  PID:6848
- C:\Windows\System\scTxFJp.exe
  C:\Windows\System\scTxFJp.exe
  2⤵
  PID:8468
- C:\Windows\System\YKyOglu.exe
  C:\Windows\System\YKyOglu.exe
  2⤵
  PID:7700
- C:\Windows\System\NbnuaiH.exe
  C:\Windows\System\NbnuaiH.exe
  2⤵
  PID:8592
- C:\Windows\System\uNkeZhg.exe
  C:\Windows\System\uNkeZhg.exe
  2⤵
  PID:1404
- C:\Windows\System\bjmFiwz.exe
  C:\Windows\System\bjmFiwz.exe
  2⤵
  PID:8548
- C:\Windows\System\LQKtWSw.exe
  C:\Windows\System\LQKtWSw.exe
  2⤵
  PID:8708
- C:\Windows\System\xRZkAkL.exe
  C:\Windows\System\xRZkAkL.exe
  2⤵
  PID:8840
- C:\Windows\System\ofgQfpt.exe
  C:\Windows\System\ofgQfpt.exe
  2⤵
  PID:10248
- C:\Windows\System\aTYQxfW.exe
  C:\Windows\System\aTYQxfW.exe
  2⤵
  PID:10268
- C:\Windows\System\jFHkZJu.exe
  C:\Windows\System\jFHkZJu.exe
  2⤵
  PID:10292
- C:\Windows\System\qPoKlKK.exe
  C:\Windows\System\qPoKlKK.exe
  2⤵
  PID:10312
- C:\Windows\System\cjEuYtr.exe
  C:\Windows\System\cjEuYtr.exe
  2⤵
  PID:10332
- C:\Windows\System\oHjfehJ.exe
  C:\Windows\System\oHjfehJ.exe
  2⤵
  PID:10356
- C:\Windows\System\zCDCDYb.exe
  C:\Windows\System\zCDCDYb.exe
  2⤵
  PID:10380
- C:\Windows\System\IahQoJt.exe
  C:\Windows\System\IahQoJt.exe
  2⤵
  PID:10400
- C:\Windows\System\HAOGsKn.exe
  C:\Windows\System\HAOGsKn.exe
  2⤵
  PID:10424
- C:\Windows\System\jsSslWF.exe
  C:\Windows\System\jsSslWF.exe
  2⤵
  PID:10444
- C:\Windows\System\IeFAaMp.exe
  C:\Windows\System\IeFAaMp.exe
  2⤵
  PID:10468
- C:\Windows\System\dBTICEI.exe
  C:\Windows\System\dBTICEI.exe
  2⤵
  PID:10488
- C:\Windows\System\pMpfemS.exe
  C:\Windows\System\pMpfemS.exe
  2⤵
  PID:10508
- C:\Windows\System\eLRneCb.exe
  C:\Windows\System\eLRneCb.exe
  2⤵
  PID:10532
- C:\Windows\System\RNpGWBh.exe
  C:\Windows\System\RNpGWBh.exe
  2⤵
  PID:10556
- C:\Windows\System\KqcmkGT.exe
  C:\Windows\System\KqcmkGT.exe
  2⤵
  PID:10572
- C:\Windows\System\REPhwrl.exe
  C:\Windows\System\REPhwrl.exe
  2⤵
  PID:10608
- C:\Windows\System\ugLLpYX.exe
  C:\Windows\System\ugLLpYX.exe
  2⤵
  PID:10624
- C:\Windows\System\RgUixwm.exe
  C:\Windows\System\RgUixwm.exe
  2⤵
  PID:10648
- C:\Windows\System\kxZNLwt.exe
  C:\Windows\System\kxZNLwt.exe
  2⤵
  PID:10676
- C:\Windows\System\ixexfVw.exe
  C:\Windows\System\ixexfVw.exe
  2⤵
  PID:10696
- C:\Windows\System\dfFOzJX.exe
  C:\Windows\System\dfFOzJX.exe
  2⤵
  PID:10716
- C:\Windows\System\OSiwyNr.exe
  C:\Windows\System\OSiwyNr.exe
  2⤵
  PID:10740
- C:\Windows\System\ncSaaBi.exe
  C:\Windows\System\ncSaaBi.exe
  2⤵
  PID:10764
- C:\Windows\System\KMwSNHf.exe
  C:\Windows\System\KMwSNHf.exe
  2⤵
  PID:10784
- C:\Windows\System\IUEeOLC.exe
  C:\Windows\System\IUEeOLC.exe
  2⤵
  PID:10808
- C:\Windows\System\MscGtta.exe
  C:\Windows\System\MscGtta.exe
  2⤵
  PID:10824
- C:\Windows\System\TVfxFKM.exe
  C:\Windows\System\TVfxFKM.exe
  2⤵
  PID:10840
- C:\Windows\System\BGqwFJS.exe
  C:\Windows\System\BGqwFJS.exe
  2⤵
  PID:10856
- C:\Windows\System\kaDjrkP.exe
  C:\Windows\System\kaDjrkP.exe
  2⤵
  PID:10876
- C:\Windows\System\kKiucSY.exe
  C:\Windows\System\kKiucSY.exe
  2⤵
  PID:10900
- C:\Windows\System\hfhMdQt.exe
  C:\Windows\System\hfhMdQt.exe
  2⤵
  PID:10920
- C:\Windows\System\GYtehWk.exe
  C:\Windows\System\GYtehWk.exe
  2⤵
  PID:10940
- C:\Windows\System\btnCXts.exe
  C:\Windows\System\btnCXts.exe
  2⤵
  PID:10968
- C:\Windows\System\egLCDCv.exe
  C:\Windows\System\egLCDCv.exe
  2⤵
  PID:10992
- C:\Windows\System\OipGoyf.exe
  C:\Windows\System\OipGoyf.exe
  2⤵
  PID:11012
- C:\Windows\System\CvsLWVT.exe
  C:\Windows\System\CvsLWVT.exe
  2⤵
  PID:11036
- C:\Windows\System\eJqJJOx.exe
  C:\Windows\System\eJqJJOx.exe
  2⤵
  PID:11060
- C:\Windows\System\kacfrFv.exe
  C:\Windows\System\kacfrFv.exe
  2⤵
  PID:11080
- C:\Windows\System\aaCPTIQ.exe
  C:\Windows\System\aaCPTIQ.exe
  2⤵
  PID:11104
- C:\Windows\System\gJwWiPu.exe
  C:\Windows\System\gJwWiPu.exe
  2⤵
  PID:11124
- C:\Windows\System\YbJEXqe.exe
  C:\Windows\System\YbJEXqe.exe
  2⤵
  PID:11148
- C:\Windows\System\efZgNuO.exe
  C:\Windows\System\efZgNuO.exe
  2⤵
  PID:11168
- C:\Windows\System\dYFCbcE.exe
  C:\Windows\System\dYFCbcE.exe
  2⤵
  PID:11184
- C:\Windows\System\UQMoIPy.exe
  C:\Windows\System\UQMoIPy.exe
  2⤵
  PID:11212
- C:\Windows\System\olGHmzw.exe
  C:\Windows\System\olGHmzw.exe
  2⤵
  PID:11236
- C:\Windows\System\uCjVXEB.exe
  C:\Windows\System\uCjVXEB.exe
  2⤵
  PID:11256
- C:\Windows\System\sEHnQlN.exe
  C:\Windows\System\sEHnQlN.exe
  2⤵
  PID:8880
- C:\Windows\System\glMDuQh.exe
  C:\Windows\System\glMDuQh.exe
  2⤵
  PID:9320
- C:\Windows\System\UWPlKcq.exe
  C:\Windows\System\UWPlKcq.exe
  2⤵
  PID:8924
- C:\Windows\System\XaQLtyM.exe
  C:\Windows\System\XaQLtyM.exe
  2⤵
  PID:9004
- C:\Windows\System\IYVQtKH.exe
  C:\Windows\System\IYVQtKH.exe
  2⤵
  PID:9440
- C:\Windows\System\XlPkHcr.exe
  C:\Windows\System\XlPkHcr.exe
  2⤵
  PID:9540
- C:\Windows\System\DrfYWaM.exe
  C:\Windows\System\DrfYWaM.exe
  2⤵
  PID:9632
- C:\Windows\System\PwdWgOf.exe
  C:\Windows\System\PwdWgOf.exe
  2⤵
  PID:7144
- C:\Windows\System\DazbnEe.exe
  C:\Windows\System\DazbnEe.exe
  2⤵
  PID:9748
- C:\Windows\System\OzMGGcR.exe
  C:\Windows\System\OzMGGcR.exe
  2⤵
  PID:9768
- C:\Windows\System\IjGPJph.exe
  C:\Windows\System\IjGPJph.exe
  2⤵
  PID:9884
- C:\Windows\System\uQJFILu.exe
  C:\Windows\System\uQJFILu.exe
  2⤵
  PID:11272
- C:\Windows\System\BUVBbDS.exe
  C:\Windows\System\BUVBbDS.exe
  2⤵
  PID:11296
- C:\Windows\System\EauNqoZ.exe
  C:\Windows\System\EauNqoZ.exe
  2⤵
  PID:11320
- C:\Windows\System\jFQoxTO.exe
  C:\Windows\System\jFQoxTO.exe
  2⤵
  PID:11336
- C:\Windows\System\cvTDbao.exe
  C:\Windows\System\cvTDbao.exe
  2⤵
  PID:11364
- C:\Windows\System\tcHzqgD.exe
  C:\Windows\System\tcHzqgD.exe
  2⤵
  PID:11384
- C:\Windows\System\zULxYzC.exe
  C:\Windows\System\zULxYzC.exe
  2⤵
  PID:11408
- C:\Windows\System\CQyqgkr.exe
  C:\Windows\System\CQyqgkr.exe
  2⤵
  PID:11428
- C:\Windows\System\PnLVUcy.exe
  C:\Windows\System\PnLVUcy.exe
  2⤵
  PID:11456
- C:\Windows\System\NpSIAqo.exe
  C:\Windows\System\NpSIAqo.exe
  2⤵
  PID:11476
- C:\Windows\System\bZDEqnN.exe
  C:\Windows\System\bZDEqnN.exe
  2⤵
  PID:11496
- C:\Windows\System\CuBANQE.exe
  C:\Windows\System\CuBANQE.exe
  2⤵
  PID:11520
- C:\Windows\System\sMFwbmp.exe
  C:\Windows\System\sMFwbmp.exe
  2⤵
  PID:11552
- C:\Windows\System\fsRaMaU.exe
  C:\Windows\System\fsRaMaU.exe
  2⤵
  PID:11576
- C:\Windows\System\IzQfOdx.exe
  C:\Windows\System\IzQfOdx.exe
  2⤵
  PID:11600
- C:\Windows\System\gfkXYjz.exe
  C:\Windows\System\gfkXYjz.exe
  2⤵
  PID:11620
- C:\Windows\System\XUbUmfD.exe
  C:\Windows\System\XUbUmfD.exe
  2⤵
  PID:11644
- C:\Windows\System\EhucMOT.exe
  C:\Windows\System\EhucMOT.exe
  2⤵
  PID:11668
- C:\Windows\System\AMfqagU.exe
  C:\Windows\System\AMfqagU.exe
  2⤵
  PID:11688
- C:\Windows\System\FwtPdZG.exe
  C:\Windows\System\FwtPdZG.exe
  2⤵
  PID:11708
- C:\Windows\System\YyxfrZv.exe
  C:\Windows\System\YyxfrZv.exe
  2⤵
  PID:11732
- C:\Windows\System\orLNgxz.exe
  C:\Windows\System\orLNgxz.exe
  2⤵
  PID:11752
- C:\Windows\System\gFZcbrD.exe
  C:\Windows\System\gFZcbrD.exe
  2⤵
  PID:11776
- C:\Windows\System\RbtYpbO.exe
  C:\Windows\System\RbtYpbO.exe
  2⤵
  PID:11796
- C:\Windows\System\tpTrWfG.exe
  C:\Windows\System\tpTrWfG.exe
  2⤵
  PID:11824
- C:\Windows\System\RxAuSjO.exe
  C:\Windows\System\RxAuSjO.exe
  2⤵
  PID:11844
- C:\Windows\System\SvtdIQR.exe
  C:\Windows\System\SvtdIQR.exe
  2⤵
  PID:11864
- C:\Windows\System\mbwRtFr.exe
  C:\Windows\System\mbwRtFr.exe
  2⤵
  PID:11884
- C:\Windows\System\EmvNthL.exe
  C:\Windows\System\EmvNthL.exe
  2⤵
  PID:11912
- C:\Windows\System\sIDSLII.exe
  C:\Windows\System\sIDSLII.exe
  2⤵
  PID:11936
- C:\Windows\System\wRdePpO.exe
  C:\Windows\System\wRdePpO.exe
  2⤵
  PID:11964
- C:\Windows\System\ARfAeaE.exe
  C:\Windows\System\ARfAeaE.exe
  2⤵
  PID:11980
- C:\Windows\System\KNbuneU.exe
  C:\Windows\System\KNbuneU.exe
  2⤵
  PID:11996
- C:\Windows\System\rbxEWVZ.exe
  C:\Windows\System\rbxEWVZ.exe
  2⤵
  PID:12012
- C:\Windows\System\qnEhydn.exe
  C:\Windows\System\qnEhydn.exe
  2⤵
  PID:12028
- C:\Windows\System\IRhButv.exe
  C:\Windows\System\IRhButv.exe
  2⤵
  PID:12056
- C:\Windows\System\vYItrDv.exe
  C:\Windows\System\vYItrDv.exe
  2⤵
  PID:12084
- C:\Windows\System\NVAopfC.exe
  C:\Windows\System\NVAopfC.exe
  2⤵
  PID:12100
- C:\Windows\System\DfWNFdY.exe
  C:\Windows\System\DfWNFdY.exe
  2⤵
  PID:12124
- C:\Windows\System\OndsFfY.exe
  C:\Windows\System\OndsFfY.exe
  2⤵
  PID:12144
- C:\Windows\System\JyLVNvS.exe
  C:\Windows\System\JyLVNvS.exe
  2⤵
  PID:12164
- C:\Windows\System\cjZCGTI.exe
  C:\Windows\System\cjZCGTI.exe
  2⤵
  PID:12188
- C:\Windows\System\ZncCFig.exe
  C:\Windows\System\ZncCFig.exe
  2⤵
  PID:12208
- C:\Windows\System\OTNYvlf.exe
  C:\Windows\System\OTNYvlf.exe
  2⤵
  PID:12232
- C:\Windows\System\RiCcIyC.exe
  C:\Windows\System\RiCcIyC.exe
  2⤵
  PID:12252
- C:\Windows\System\TxpLbnr.exe
  C:\Windows\System\TxpLbnr.exe
  2⤵
  PID:12272
- C:\Windows\System\VOCihlk.exe
  C:\Windows\System\VOCihlk.exe
  2⤵
  PID:10052
- C:\Windows\System\JQwQTqa.exe
  C:\Windows\System\JQwQTqa.exe
  2⤵
  PID:5804
- C:\Windows\System\xswFqrW.exe
  C:\Windows\System\xswFqrW.exe
  2⤵
  PID:10224
- C:\Windows\System\EhEDBXA.exe
  C:\Windows\System\EhEDBXA.exe
  2⤵
  PID:9132
- C:\Windows\System\lEVOUaw.exe
  C:\Windows\System\lEVOUaw.exe
  2⤵
  PID:6520
- C:\Windows\System\eYBmyAE.exe
  C:\Windows\System\eYBmyAE.exe
  2⤵
  PID:8052
- C:\Windows\System\fzWInIS.exe
  C:\Windows\System\fzWInIS.exe
  2⤵
  PID:7888
- C:\Windows\System\jUsSRzX.exe
  C:\Windows\System\jUsSRzX.exe
  2⤵
  PID:6124
- C:\Windows\System\NSEIwAS.exe
  C:\Windows\System\NSEIwAS.exe
  2⤵
  PID:8796
- C:\Windows\System\hJhamUG.exe
  C:\Windows\System\hJhamUG.exe
  2⤵
  PID:6784
- C:\Windows\System\jqXTGyR.exe
  C:\Windows\System\jqXTGyR.exe
  2⤵
  PID:8168
- C:\Windows\System\sMqrmWe.exe
  C:\Windows\System\sMqrmWe.exe
  2⤵
  PID:10256
- C:\Windows\System\zeKdiqF.exe
  C:\Windows\System\zeKdiqF.exe
  2⤵
  PID:10328
- C:\Windows\System\LKBlTCX.exe
  C:\Windows\System\LKBlTCX.exe
  2⤵
  PID:9308
- C:\Windows\System\lhyuMlf.exe
  C:\Windows\System\lhyuMlf.exe
  2⤵
  PID:9376
- C:\Windows\System\eSmGDBs.exe
  C:\Windows\System\eSmGDBs.exe
  2⤵
  PID:10456
- C:\Windows\System\vpZWgFt.exe
  C:\Windows\System\vpZWgFt.exe
  2⤵
  PID:10528
- C:\Windows\System\YTjqjXl.exe
  C:\Windows\System\YTjqjXl.exe
  2⤵
  PID:9448
- C:\Windows\System\wbSNHfm.exe
  C:\Windows\System\wbSNHfm.exe
  2⤵
  PID:9472
- C:\Windows\System\BHHVMZM.exe
  C:\Windows\System\BHHVMZM.exe
  2⤵
  PID:10688
- C:\Windows\System\nXjRLBq.exe
  C:\Windows\System\nXjRLBq.exe
  2⤵
  PID:9516
- C:\Windows\System\eJLzMHb.exe
  C:\Windows\System\eJLzMHb.exe
  2⤵
  PID:10776
- C:\Windows\System\pkPUZHV.exe
  C:\Windows\System\pkPUZHV.exe
  2⤵
  PID:10852
- C:\Windows\System\VcIEHSC.exe
  C:\Windows\System\VcIEHSC.exe
  2⤵
  PID:10908
- C:\Windows\System\qzuiTSt.exe
  C:\Windows\System\qzuiTSt.exe
  2⤵
  PID:9676
- C:\Windows\System\HbfXanQ.exe
  C:\Windows\System\HbfXanQ.exe
  2⤵
  PID:12300
- C:\Windows\System\FVuTROZ.exe
  C:\Windows\System\FVuTROZ.exe
  2⤵
  PID:12324
- C:\Windows\System\xxFVkUH.exe
  C:\Windows\System\xxFVkUH.exe
  2⤵
  PID:12348
- C:\Windows\System\fgPsvAs.exe
  C:\Windows\System\fgPsvAs.exe
  2⤵
  PID:12368
- C:\Windows\System\UompmzW.exe
  C:\Windows\System\UompmzW.exe
  2⤵
  PID:12388
- C:\Windows\System\ZtKxJpV.exe
  C:\Windows\System\ZtKxJpV.exe
  2⤵
  PID:12416
- C:\Windows\System\Crnszer.exe
  C:\Windows\System\Crnszer.exe
  2⤵
  PID:12440
- C:\Windows\System\JRqvhOA.exe
  C:\Windows\System\JRqvhOA.exe
  2⤵
  PID:12464
- C:\Windows\System\efNbPCp.exe
  C:\Windows\System\efNbPCp.exe
  2⤵
  PID:12496
- C:\Windows\System\XnAGZrp.exe
  C:\Windows\System\XnAGZrp.exe
  2⤵
  PID:12512
- C:\Windows\System\GcxFaQA.exe
  C:\Windows\System\GcxFaQA.exe
  2⤵
  PID:12532
- C:\Windows\System\jgyndRn.exe
  C:\Windows\System\jgyndRn.exe
  2⤵
  PID:12552
- C:\Windows\System\fFMfCFa.exe
  C:\Windows\System\fFMfCFa.exe
  2⤵
  PID:12572
- C:\Windows\System\GyukeJD.exe
  C:\Windows\System\GyukeJD.exe
  2⤵
  PID:12592
- C:\Windows\System\MVNZvaG.exe
  C:\Windows\System\MVNZvaG.exe
  2⤵
  PID:12616
- C:\Windows\System\SNWrATb.exe
  C:\Windows\System\SNWrATb.exe
  2⤵
  PID:12632
- C:\Windows\System\smGfIoa.exe
  C:\Windows\System\smGfIoa.exe
  2⤵
  PID:12660
- C:\Windows\System\TOQuDcb.exe
  C:\Windows\System\TOQuDcb.exe
  2⤵
  PID:12680
- C:\Windows\System\KYnbKQQ.exe
  C:\Windows\System\KYnbKQQ.exe
  2⤵
  PID:12700
- C:\Windows\System\PmJSVJt.exe
  C:\Windows\System\PmJSVJt.exe
  2⤵
  PID:12724
- C:\Windows\System\jeMgUBB.exe
  C:\Windows\System\jeMgUBB.exe
  2⤵
  PID:12748
- C:\Windows\System\yBgJWuE.exe
  C:\Windows\System\yBgJWuE.exe
  2⤵
  PID:12772
- C:\Windows\System\hgGvTai.exe
  C:\Windows\System\hgGvTai.exe
  2⤵
  PID:12788
- C:\Windows\System\txuFtfW.exe
  C:\Windows\System\txuFtfW.exe
  2⤵
  PID:12808
- C:\Windows\System\mDtlAzy.exe
  C:\Windows\System\mDtlAzy.exe
  2⤵
  PID:10408
- C:\Windows\System\MfuwRMy.exe
  C:\Windows\System\MfuwRMy.exe
  2⤵
  PID:9556
- C:\Windows\System\DtrSmrm.exe
  C:\Windows\System\DtrSmrm.exe
  2⤵
  PID:10932
- C:\Windows\System\cyNxomA.exe
  C:\Windows\System\cyNxomA.exe
  2⤵
  PID:12292
- C:\Windows\System\CTNpYLg.exe
  C:\Windows\System\CTNpYLg.exe
  2⤵
  PID:12340
- C:\Windows\System\yrSGCAj.exe
  C:\Windows\System\yrSGCAj.exe
  2⤵
  PID:12404
- C:\Windows\System\gNGKDaj.exe
  C:\Windows\System\gNGKDaj.exe
  2⤵
  PID:11140
- C:\Windows\System\HqWljIg.exe
  C:\Windows\System\HqWljIg.exe
  2⤵
  PID:9804
- C:\Windows\System\kfEkasT.exe
  C:\Windows\System\kfEkasT.exe
  2⤵
  PID:9904
- C:\Windows\System\mMRBjyf.exe
  C:\Windows\System\mMRBjyf.exe
  2⤵
  PID:6264
- C:\Windows\System\qyieVRv.exe
  C:\Windows\System\qyieVRv.exe
  2⤵
  PID:9924
- C:\Windows\System\ZoqiTdt.exe
  C:\Windows\System\ZoqiTdt.exe
  2⤵
  PID:10084
- C:\Windows\System\hvGfSrV.exe
  C:\Windows\System\hvGfSrV.exe
  2⤵
  PID:11444
- C:\Windows\System\rtWdgHR.exe
  C:\Windows\System\rtWdgHR.exe
  2⤵
  PID:11512
- C:\Windows\System\yeMVVss.exe
  C:\Windows\System\yeMVVss.exe
  2⤵
  PID:11584
- C:\Windows\System\vVECJcy.exe
  C:\Windows\System\vVECJcy.exe
  2⤵
  PID:6068
- C:\Windows\System\qhlpPWM.exe
  C:\Windows\System\qhlpPWM.exe
  2⤵
  PID:11784
- C:\Windows\System\FRprnHH.exe
  C:\Windows\System\FRprnHH.exe
  2⤵
  PID:12204
- C:\Windows\System\YNHoTRh.exe
  C:\Windows\System\YNHoTRh.exe
  2⤵
  PID:7368
- C:\Windows\System\JJERSDy.exe
  C:\Windows\System\JJERSDy.exe
  2⤵
  PID:10588
- C:\Windows\System\ihMEifS.exe
  C:\Windows\System\ihMEifS.exe
  2⤵
  PID:10544
- C:\Windows\System\eBaBlcD.exe
  C:\Windows\System\eBaBlcD.exe
  2⤵
  PID:10836
- C:\Windows\System\bznRBWX.exe
  C:\Windows\System\bznRBWX.exe
  2⤵
  PID:10848
- C:\Windows\System\hQpXZdP.exe
  C:\Windows\System\hQpXZdP.exe
  2⤵
  PID:11044
- C:\Windows\System\qYhhWSR.exe
  C:\Windows\System\qYhhWSR.exe
  2⤵
  PID:11116
- C:\Windows\System\nLpjEHk.exe
  C:\Windows\System\nLpjEHk.exe
  2⤵
  PID:12560
- C:\Windows\System\NjNRTJH.exe
  C:\Windows\System\NjNRTJH.exe
  2⤵
  PID:12628
- C:\Windows\System\mkFWzlz.exe
  C:\Windows\System\mkFWzlz.exe
  2⤵
  PID:12676
- C:\Windows\System\TBEIjHp.exe
  C:\Windows\System\TBEIjHp.exe
  2⤵
  PID:12784
- C:\Windows\System\fAZfrHz.exe
  C:\Windows\System\fAZfrHz.exe
  2⤵
  PID:12832
- C:\Windows\System\CponMnW.exe
  C:\Windows\System\CponMnW.exe
  2⤵
  PID:12856
- C:\Windows\System\QQRoTPc.exe
  C:\Windows\System\QQRoTPc.exe
  2⤵
  PID:12912
- C:\Windows\System\OiMKnaw.exe
  C:\Windows\System\OiMKnaw.exe
  2⤵
  PID:13040
- C:\Windows\System\yxFYqWy.exe
  C:\Windows\System\yxFYqWy.exe
  2⤵
  PID:13132
- C:\Windows\System\GdSzhfy.exe
  C:\Windows\System\GdSzhfy.exe
  2⤵
  PID:7844
- C:\Windows\System\uXiHxDU.exe
  C:\Windows\System\uXiHxDU.exe
  2⤵
  PID:13292
- C:\Windows\System\jJAkgJP.exe
  C:\Windows\System\jJAkgJP.exe
  2⤵
  PID:9788
- C:\Windows\System\CyvyJMz.exe
  C:\Windows\System\CyvyJMz.exe
  2⤵
  PID:9520
- C:\Windows\System\XqQSIHI.exe
  C:\Windows\System\XqQSIHI.exe
  2⤵
  PID:9848
- C:\Windows\System\OxEhrOA.exe
  C:\Windows\System\OxEhrOA.exe
  2⤵
  PID:11268
- C:\Windows\System\Gjjekjr.exe
  C:\Windows\System\Gjjekjr.exe
  2⤵
  PID:6672
- C:\Windows\System\tMAjZqe.exe
  C:\Windows\System\tMAjZqe.exe
  2⤵
  PID:5200
- C:\Windows\System\MGRbyeW.exe
  C:\Windows\System\MGRbyeW.exe
  2⤵
  PID:2944
- C:\Windows\System\ZvkmbXA.exe
  C:\Windows\System\ZvkmbXA.exe
  2⤵
  PID:8268
- C:\Windows\System\SwjxiYr.exe
  C:\Windows\System\SwjxiYr.exe
  2⤵
  PID:8088
- C:\Windows\System\QqDTpid.exe
  C:\Windows\System\QqDTpid.exe
  2⤵
  PID:10736
- C:\Windows\System\iXaLhQP.exe
  C:\Windows\System\iXaLhQP.exe
  2⤵
  PID:1864
- C:\Windows\System\vAoOXOG.exe
  C:\Windows\System\vAoOXOG.exe
  2⤵
  PID:11096
- C:\Windows\System\bppQhjB.exe
  C:\Windows\System\bppQhjB.exe
  2⤵
  PID:11068
- C:\Windows\System\gqbgXBL.exe
  C:\Windows\System\gqbgXBL.exe
  2⤵
  PID:9384
- C:\Windows\System\tGoooqP.exe
  C:\Windows\System\tGoooqP.exe
  2⤵
  PID:12736
- C:\Windows\System\qEfHYir.exe
  C:\Windows\System\qEfHYir.exe
  2⤵
  PID:12796
- C:\Windows\System\LxwRBnz.exe
  C:\Windows\System\LxwRBnz.exe
  2⤵
  PID:8740
- C:\Windows\System\QKRSKMw.exe
  C:\Windows\System\QKRSKMw.exe
  2⤵
  PID:9292
- C:\Windows\System\CkLOWFg.exe
  C:\Windows\System\CkLOWFg.exe
  2⤵
  PID:4492
- C:\Windows\System\NhepgVE.exe
  C:\Windows\System\NhepgVE.exe
  2⤵
  PID:4264
- C:\Windows\System\opFqIkr.exe
  C:\Windows\System\opFqIkr.exe
  2⤵
  PID:11056
- C:\Windows\System\MnyUcCG.exe
  C:\Windows\System\MnyUcCG.exe
  2⤵
  PID:8968
- C:\Windows\System\rWcDjvj.exe
  C:\Windows\System\rWcDjvj.exe
  2⤵
  PID:12116
- C:\Windows\System\iPnquOH.exe
  C:\Windows\System\iPnquOH.exe
  2⤵
  PID:10396
- C:\Windows\System\YwuOkGT.exe
  C:\Windows\System\YwuOkGT.exe
  2⤵
  PID:8000
- C:\Windows\System\nWtGcHv.exe
  C:\Windows\System\nWtGcHv.exe
  2⤵
  PID:12424
- C:\Windows\System\KfCDcVD.exe
  C:\Windows\System\KfCDcVD.exe
  2⤵
  PID:11092
- C:\Windows\System\ehlSJlE.exe
  C:\Windows\System\ehlSJlE.exe
  2⤵
  PID:11988
- C:\Windows\System\wmuQvSr.exe
  C:\Windows\System\wmuQvSr.exe
  2⤵
  PID:13308
- C:\Windows\System\slGQUzq.exe
  C:\Windows\System\slGQUzq.exe
  2⤵
  PID:12244
- C:\Windows\System\JkCpDwL.exe
  C:\Windows\System\JkCpDwL.exe
  2⤵
  PID:6316
- C:\Windows\System\CumVpQA.exe
  C:\Windows\System\CumVpQA.exe
  2⤵
  PID:12360
- C:\Windows\System\jFfGeNS.exe
  C:\Windows\System\jFfGeNS.exe
  2⤵
  PID:9980
- C:\Windows\System\aldcYyA.exe
  C:\Windows\System\aldcYyA.exe
  2⤵
  PID:7320
- C:\Windows\System\nxWKGqx.exe
  C:\Windows\System\nxWKGqx.exe
  2⤵
  PID:10164
- C:\Windows\System\wDqyFDY.exe
  C:\Windows\System\wDqyFDY.exe
  2⤵
  PID:5524
- C:\Windows\System\GrzUNgY.exe
  C:\Windows\System\GrzUNgY.exe
  2⤵
  PID:8008
- C:\Windows\System\IbGcTPI.exe
  C:\Windows\System\IbGcTPI.exe
  2⤵
  PID:10372
- C:\Windows\System\tyybhgD.exe
  C:\Windows\System\tyybhgD.exe
  2⤵
  PID:10916
- C:\Windows\System\NOjMWaA.exe
  C:\Windows\System\NOjMWaA.exe
  2⤵
  PID:11860
- C:\Windows\System\wYkdHPN.exe
  C:\Windows\System\wYkdHPN.exe
  2⤵
  PID:12764
- C:\Windows\System\mQMRUZX.exe
  C:\Windows\System\mQMRUZX.exe
  2⤵
  PID:13320
- C:\Windows\System\OrBjSXp.exe
  C:\Windows\System\OrBjSXp.exe
  2⤵
  PID:13340
- C:\Windows\System\tUEvKqF.exe
  C:\Windows\System\tUEvKqF.exe
  2⤵
  PID:13360
- C:\Windows\System\CfrXHse.exe
  C:\Windows\System\CfrXHse.exe
  2⤵
  PID:13392
- C:\Windows\System\XEgkJEK.exe
  C:\Windows\System\XEgkJEK.exe
  2⤵
  PID:13412
- C:\Windows\System\ERbjGnK.exe
  C:\Windows\System\ERbjGnK.exe
  2⤵
  PID:13440
- C:\Windows\System\AWGbrhN.exe
  C:\Windows\System\AWGbrhN.exe
  2⤵
  PID:13460
- C:\Windows\System\WgWLmeL.exe
  C:\Windows\System\WgWLmeL.exe
  2⤵
  PID:13484
- C:\Windows\System\WYDaMkT.exe
  C:\Windows\System\WYDaMkT.exe
  2⤵
  PID:13508
- C:\Windows\System\cnXQEHH.exe
  C:\Windows\System\cnXQEHH.exe
  2⤵
  PID:13616
- C:\Windows\System\xuvapNv.exe
  C:\Windows\System\xuvapNv.exe
  2⤵
  PID:13632
- C:\Windows\System\axlFXzE.exe
  C:\Windows\System\axlFXzE.exe
  2⤵
  PID:13656
- C:\Windows\System\lGGiWNr.exe
  C:\Windows\System\lGGiWNr.exe
  2⤵
  PID:13676
- C:\Windows\System\rBQFPfM.exe
  C:\Windows\System\rBQFPfM.exe
  2⤵
  PID:13728
- C:\Windows\System\cGKzqvL.exe
  C:\Windows\System\cGKzqvL.exe
  2⤵
  PID:13944
- C:\Windows\System\sNRGzhF.exe
  C:\Windows\System\sNRGzhF.exe
  2⤵
  PID:13960
- C:\Windows\System\OPkRllV.exe
  C:\Windows\System\OPkRllV.exe
  2⤵
  PID:13976
- C:\Windows\System\YONOSmx.exe
  C:\Windows\System\YONOSmx.exe
  2⤵
  PID:13992
- C:\Windows\System\vWXZibT.exe
  C:\Windows\System\vWXZibT.exe
  2⤵
  PID:14024
- C:\Windows\System\EmHxibc.exe
  C:\Windows\System\EmHxibc.exe
  2⤵
  PID:14044
- C:\Windows\System\gFdDeZp.exe
  C:\Windows\System\gFdDeZp.exe
  2⤵
  PID:14068
- C:\Windows\System\jfuWQSa.exe
  C:\Windows\System\jfuWQSa.exe
  2⤵
  PID:14084
- C:\Windows\System\IyjYJLh.exe
  C:\Windows\System\IyjYJLh.exe
  2⤵
  PID:14108
- C:\Windows\System\EISCfxX.exe
  C:\Windows\System\EISCfxX.exe
  2⤵
  PID:14128
- C:\Windows\System\aEoYzbC.exe
  C:\Windows\System\aEoYzbC.exe
  2⤵
  PID:14148
- C:\Windows\System\whEFpDh.exe
  C:\Windows\System\whEFpDh.exe
  2⤵
  PID:14164
- C:\Windows\System\PEqbGaF.exe
  C:\Windows\System\PEqbGaF.exe
  2⤵
  PID:14188
- C:\Windows\System\LGXqzVd.exe
  C:\Windows\System\LGXqzVd.exe
  2⤵
  PID:14212
- C:\Windows\System\lnqxGMG.exe
  C:\Windows\System\lnqxGMG.exe
  2⤵
  PID:13456
- C:\Windows\System\yqbWWCe.exe
  C:\Windows\System\yqbWWCe.exe
  2⤵
  PID:13544
- C:\Windows\System\yvhwHeY.exe
  C:\Windows\System\yvhwHeY.exe
  2⤵
  PID:13880
- C:\Windows\System\JkkvwGQ.exe
  C:\Windows\System\JkkvwGQ.exe
  2⤵
  PID:14200
- C:\Windows\System\NAqlohn.exe
  C:\Windows\System\NAqlohn.exe
  2⤵
  PID:14304
- C:\Windows\System\BsnHtCF.exe
  C:\Windows\System\BsnHtCF.exe
  2⤵
  PID:13828
- C:\Windows\System\nsqPvAb.exe
  C:\Windows\System\nsqPvAb.exe
  2⤵
  PID:14080
- C:\Windows\System\uYpAWJO.exe
  C:\Windows\System\uYpAWJO.exe
  2⤵
  PID:14172
- C:\Windows\System\kYDFzTy.exe
  C:\Windows\System\kYDFzTy.exe
  2⤵
  PID:10872
- C:\Windows\System\Jslaeji.exe
  C:\Windows\System\Jslaeji.exe
  2⤵
  PID:11976
- C:\Windows\System\qflAQXG.exe
  C:\Windows\System\qflAQXG.exe
  2⤵
  PID:9764
- C:\Windows\System\eWNrCwb.exe
  C:\Windows\System\eWNrCwb.exe
  2⤵
  PID:13900
- C:\Windows\System\atjrZmj.exe
  C:\Windows\System\atjrZmj.exe
  2⤵
  PID:13336
- C:\Windows\System\osqCbCG.exe
  C:\Windows\System\osqCbCG.exe
  2⤵
  PID:13072
- C:\Windows\System\tRjXKMu.exe
  C:\Windows\System\tRjXKMu.exe
  2⤵
  PID:9800
- C:\Windows\System\FSNfObC.exe
  C:\Windows\System\FSNfObC.exe
  2⤵
  PID:12920
- C:\Windows\System\kesevSz.exe
  C:\Windows\System\kesevSz.exe
  2⤵
  PID:14056
- C:\Windows\System\DsWpEPL.exe
  C:\Windows\System\DsWpEPL.exe
  2⤵
  PID:8232
- C:\Windows\System\OEBpVWa.exe
  C:\Windows\System\OEBpVWa.exe
  2⤵
  PID:10780
- C:\Windows\System\RzJZjju.exe
  C:\Windows\System\RzJZjju.exe
  2⤵
  PID:14156
- C:\Windows\System\kGXOobV.exe
  C:\Windows\System\kGXOobV.exe
  2⤵
  PID:13504
- C:\Windows\System\znmUagu.exe
  C:\Windows\System\znmUagu.exe
  2⤵
  PID:13968
- C:\Windows\System\UTQuWst.exe
  C:\Windows\System\UTQuWst.exe
  2⤵
  PID:13756
- C:\Windows\System\MgCvXoG.exe
  C:\Windows\System\MgCvXoG.exe
  2⤵
  PID:12316
- C:\Windows\System\DWCYYVo.exe
  C:\Windows\System\DWCYYVo.exe
  2⤵
  PID:14116
- C:\Windows\System\qGblNHX.exe
  C:\Windows\System\qGblNHX.exe
  2⤵
  PID:14248
- C:\Windows\System\LFFYbhf.exe
  C:\Windows\System\LFFYbhf.exe
  2⤵
  PID:14136
- C:\Windows\System\bdhPfPX.exe
  C:\Windows\System\bdhPfPX.exe
  2⤵
  PID:13640
- C:\Windows\System\gZsGbRD.exe
  C:\Windows\System\gZsGbRD.exe
  2⤵
  PID:10108
- C:\Windows\System\HnvzTJD.exe
  C:\Windows\System\HnvzTJD.exe
  2⤵
  PID:4436
- C:\Windows\System\hkoBtmW.exe
  C:\Windows\System\hkoBtmW.exe
  2⤵
  PID:11220
- C:\Windows\System\QCTXoLn.exe
  C:\Windows\System\QCTXoLn.exe
  2⤵
  PID:13628
- C:\Windows\System\niWnHCb.exe
  C:\Windows\System\niWnHCb.exe
  2⤵
  PID:13348
- C:\Windows\System\CPBrvDP.exe
  C:\Windows\System\CPBrvDP.exe
  2⤵
  PID:10304
- C:\Windows\System\CpfUtNz.exe
  C:\Windows\System\CpfUtNz.exe
  2⤵
  PID:9936
- C:\Windows\System\yFxtrBX.exe
  C:\Windows\System\yFxtrBX.exe
  2⤵
  PID:14252
- C:\Windows\System\jTvvyPn.exe
  C:\Windows\System\jTvvyPn.exe
  2⤵
  PID:14240
- C:\Windows\System\aNSTMTW.exe
  C:\Windows\System\aNSTMTW.exe
  2⤵
  PID:14308
- C:\Windows\System\wdySNkn.exe
  C:\Windows\System\wdySNkn.exe
  2⤵
  PID:12888
- C:\Windows\System\pVkhsyE.exe
  C:\Windows\System\pVkhsyE.exe
  2⤵
  PID:12844
- C:\Windows\System\NlIqtDD.exe
  C:\Windows\System\NlIqtDD.exe
  2⤵
  PID:6504
- C:\Windows\System\flrYUMj.exe
  C:\Windows\System\flrYUMj.exe
  2⤵
  PID:10068
- C:\Windows\System\jPikWvz.exe
  C:\Windows\System\jPikWvz.exe
  2⤵
  PID:13448
- C:\Windows\System\ByYnNVp.exe
  C:\Windows\System\ByYnNVp.exe
  2⤵
  PID:7560
- C:\Windows\System\kmWFKov.exe
  C:\Windows\System\kmWFKov.exe
  2⤵
  PID:2272
- C:\Windows\System\LiqcIyq.exe
  C:\Windows\System\LiqcIyq.exe
  2⤵
  PID:9536
- C:\Windows\System\bxhAMyy.exe
  C:\Windows\System\bxhAMyy.exe
  2⤵
  PID:3840
- C:\Windows\System\eCnkLum.exe
  C:\Windows\System\eCnkLum.exe
  2⤵
  PID:12932
- C:\Windows\System\ofQXhjs.exe
  C:\Windows\System\ofQXhjs.exe
  2⤵
  PID:13744
- C:\Windows\System\QvLBuZx.exe
  C:\Windows\System\QvLBuZx.exe
  2⤵
  PID:14012
- C:\Windows\System\XhWeCsS.exe
  C:\Windows\System\XhWeCsS.exe
  2⤵
  PID:13932
- C:\Windows\System\DDzlwPg.exe
  C:\Windows\System\DDzlwPg.exe
  2⤵
  PID:12608
- C:\Windows\System\FBOjNmb.exe
  C:\Windows\System\FBOjNmb.exe
  2⤵
  PID:6356
- C:\Windows\System\SDOxXty.exe
  C:\Windows\System\SDOxXty.exe
  2⤵
  PID:11944
- C:\Windows\System\mCluzlN.exe
  C:\Windows\System\mCluzlN.exe
  2⤵
  PID:12640
- C:\Windows\System\aEEnmvr.exe
  C:\Windows\System\aEEnmvr.exe
  2⤵
  PID:13560
- C:\Windows\System\kbYUozS.exe
  C:\Windows\System\kbYUozS.exe
  2⤵
  PID:13604
- C:\Windows\System\WIPFDvu.exe
  C:\Windows\System\WIPFDvu.exe
  2⤵
  PID:11684
- C:\Windows\System\HoDimPY.exe
  C:\Windows\System\HoDimPY.exe
  2⤵
  PID:14352
- C:\Windows\System\GpopjRa.exe
  C:\Windows\System\GpopjRa.exe
  2⤵
  PID:14376
- C:\Windows\System\KKjzRkp.exe
  C:\Windows\System\KKjzRkp.exe
  2⤵
  PID:14400
- C:\Windows\System\hBvqiJl.exe
  C:\Windows\System\hBvqiJl.exe
  2⤵
  PID:14424
- C:\Windows\System\cZXFnEx.exe
  C:\Windows\System\cZXFnEx.exe
  2⤵
  PID:14448
- C:\Windows\System\CEijCgR.exe
  C:\Windows\System\CEijCgR.exe
  2⤵
  PID:14468
- C:\Windows\System\ipSJksS.exe
  C:\Windows\System\ipSJksS.exe
  2⤵
  PID:14484
- C:\Windows\System\ScIUxKb.exe
  C:\Windows\System\ScIUxKb.exe
  2⤵
  PID:14752
- C:\Windows\System\earPISq.exe
  C:\Windows\System\earPISq.exe
  2⤵
  PID:14768
- C:\Windows\System\bdxXGgd.exe
  C:\Windows\System\bdxXGgd.exe
  2⤵
  PID:14792
- C:\Windows\System\WjIfwxe.exe
  C:\Windows\System\WjIfwxe.exe
  2⤵
  PID:14812
- C:\Windows\System\SjGLLzf.exe
  C:\Windows\System\SjGLLzf.exe
  2⤵
  PID:14964
- C:\Windows\System\BYsJKTF.exe
  C:\Windows\System\BYsJKTF.exe
  2⤵
  PID:15008
- C:\Windows\System\OInFmrm.exe
  C:\Windows\System\OInFmrm.exe
  2⤵
  PID:14496
- C:\Windows\System\gQwozkU.exe
  C:\Windows\System\gQwozkU.exe
  2⤵
  PID:14548
- C:\Windows\System\LNjmTgd.exe
  C:\Windows\System\LNjmTgd.exe
  2⤵
  PID:14076
- C:\Windows\System\DyZBrzW.exe
  C:\Windows\System\DyZBrzW.exe
  2⤵
  PID:13524
- C:\Windows\System\KaoliuL.exe
  C:\Windows\System\KaoliuL.exe
  2⤵
  PID:14344
- C:\Windows\System\bWcUWxV.exe
  C:\Windows\System\bWcUWxV.exe
  2⤵
  PID:14696
- C:\Windows\System\FCeSVeu.exe
  C:\Windows\System\FCeSVeu.exe
  2⤵
  PID:14740
- C:\Windows\System\tKVyMHC.exe
  C:\Windows\System\tKVyMHC.exe
  2⤵
  PID:14828
- C:\Windows\System\tQXYVMe.exe
  C:\Windows\System\tQXYVMe.exe
  2⤵
  PID:14860
- C:\Windows\System\NVhVEaT.exe
  C:\Windows\System\NVhVEaT.exe
  2⤵
  PID:14876
- C:\Windows\System\gJvEwUv.exe
  C:\Windows\System\gJvEwUv.exe
  2⤵
  PID:14928
- C:\Windows\System\dbdFMgf.exe
  C:\Windows\System\dbdFMgf.exe
  2⤵
  PID:14808
- C:\Windows\System\lanvtKN.exe
  C:\Windows\System\lanvtKN.exe
  2⤵
  PID:14744
- C:\Windows\System\hOIBDuZ.exe
  C:\Windows\System\hOIBDuZ.exe
  2⤵
  PID:14372
- C:\Windows\System\cnhVLzc.exe
  C:\Windows\System\cnhVLzc.exe
  2⤵
  PID:14724
- C:\Windows\System\ohpcYdj.exe
  C:\Windows\System\ohpcYdj.exe
  2⤵
  PID:12652
- C:\Windows\System\IrNJnFG.exe
  C:\Windows\System\IrNJnFG.exe
  2⤵
  PID:15052
- C:\Windows\System\fomgnDg.exe
  C:\Windows\System\fomgnDg.exe
  2⤵
  PID:14652

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:14908

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
1⤵
PID:13648

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:14944

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:1048

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:1296

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:4768

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:4400

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:14864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_lxpejrew.ipu.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BPJrUZw.exe

Filesize
2.0MB

MD5
d83fbd644dac2dab28a005bebd76963a

SHA1
8a9808bbbab9a740f50cfd0e91230a9f7a07c490

SHA256
6e3e67f33f72284874d935e5d3059548739650691a42889789f178b88a14a076

SHA512
71309f662bf38e449350f30cc500454202dc4d65779afb3de3c799d544eabe393d3e34f20c97c003cf08bda1cd7d7ae602937735ad298fb7fb34e5e2c04aabbb

Download Submit
C:\Windows\System\DFnJlFq.exe

Filesize
2.0MB

MD5
bf92db41116f2e84f6ba1cf4eee9c882

SHA1
bfd04cb45c503449ff2e7c6396b8f24272b2a2b6

SHA256
6c21e4994c4f3ab89877d255d5a79bd7b2bda529a9c486129ef07a95ccb35048

SHA512
db78f5cf63d5ff20604dc8201d6830f826c39dba995d7d01ac3eb8aea591d73c2acbf1f5ad0b9d2659b511b829296e82983a6d77515e5ca425e8364baa6d9024

Download Submit
C:\Windows\System\DMDxxLv.exe

Filesize
2.0MB

MD5
286bfe75c2b9c898841e31a3907dceda

SHA1
f48e347c9daee35a698f90014c9b986f73e638c9

SHA256
2d594c74c4309b01905f7faaa47e014ffe49e4eb8c35c00d78cd63a11fd21032

SHA512
87310c6d112335c82b1146faf12f35082eb0e15f47f025bda84bed4c8e24b948f43c11fba765d8073cde7d35932668f92bbae0245a55d5d42170e43305fab445

Download Submit
C:\Windows\System\DQWsAbs.exe

Filesize
2.0MB

MD5
50e24e39411eb5bd7c9f7bc2fc7845fd

SHA1
2f6b8ff759b19548024221ebdea6f76017a802c7

SHA256
1210910a6dbfa220266a45324fa683162fa7f80e9f11537061b455ba1dd5c29e

SHA512
bcb0302ecae9a444d4b20a396777b518d48737ee0368618f6667efd866a1b4069ce56d1d761dcddccd01b6e7ec564e58fde3f135475a84b045602f784131903f

Download Submit
C:\Windows\System\GXbUtji.exe

Filesize
2.0MB

MD5
528c6ed535807e4757b1935e7f1587df

SHA1
ab59cef923de91ac73c201b5937ba73d1806b714

SHA256
404bf4d6dc0dcb494a23d8c0e426eb54660e8ce7c2d2ecd951db45e3548c1cae

SHA512
8e180172cca40d11ced739464b4cecba295de5e2218f8db333b1eecd919503df801fc3f7823e37da3dc0b20ab041893813609c141d7533a303ea53d4ec5163bf

Download Submit
C:\Windows\System\GvZVOjR.exe

Filesize
2.0MB

MD5
3236c742f026ca68fd5d543f4766a26d

SHA1
84f3e4e053902bf4c534f3b3458e8111b9299dfb

SHA256
879e03c02a4cb75b16aebf623a1115e5c876fc528a3f8e82cab0455577be775c

SHA512
e5f432dd1020a613a9a7c6d852553650037ace122e863510f067f508abe2ad54d90e6b12ce1fca1a7433974f4931c98d3864e0c8d3899d4682b3b570756c63d6

Download Submit
C:\Windows\System\HWXQwJj.exe

Filesize
2.0MB

MD5
6ee9811975b0ccbdd903383fae3c2f9b

SHA1
cf59bfa93fe2722d9496ba7817254cc4f6e7f081

SHA256
5ee0b04d16ae2b814dbb5f0ead868839b3c24a9d04827237582051287cb66087

SHA512
bb6008fc07cd3b63c015189160e521e8278e3d27df8619298ee8c8218302285bc65204aac82f55d38db131f0b6954f77bdb920f447345a26cb88060990d1a2c1

Download Submit
C:\Windows\System\HdtBNzD.exe

Filesize
2.0MB

MD5
bf39b498ac660d9cce7a2a6fcc3336ca

SHA1
2946ae9d877f63aa239e2be3ac81535c2bc140b8

SHA256
baf3efc1d4d53fa0708dcb40676784db31901607ae8a1ec26e73fb7014bc136f

SHA512
9c650a9f0a0ce7e09ff0832b8db415d954bb11cd599cbcf49701ee00a56913d1f3d740d5c4837aa4605f1853c0d95b45ff0661a53774eba9d75c1d704e768f1a

Download Submit
C:\Windows\System\KRiisWw.exe

Filesize
2.0MB

MD5
47d700347d714bb9725dd8ec89779b42

SHA1
a2cfe9c9c9a53e3015e0b1f63dc36125086a14bb

SHA256
c8643923dfeb001c23259e591db90c8b55cc2d75e1a074eb2e48f410b496365f

SHA512
ad194897c7d1bf5b4c7f1baf8679bf2e73ac4afcdd9de30e52756555ce88f50972be8c9b86a284bc09d7bc5ebccfc72edc01643035ec94e043176a37fb7ac034

Download Submit
C:\Windows\System\NGtxWop.exe

Filesize
2.0MB

MD5
db22f8e4f89eab14471b0e0a793d51ba

SHA1
4f557b61cf82c635c227049e9088610834f02304

SHA256
a03a618f9c4876737c4b2307047131e0d0b493abff839974f17087168b11aedd

SHA512
499616bba83cdb2755d8c3e4b1f5f48a2bd4e1e8f9ab5284d1a61648dedfe8d059532ee37a8be38908e5a3cafe466033c8fe470a5f92d7bdc7eeafe5de398edb

Download Submit
C:\Windows\System\OxpvBEO.exe

Filesize
2.0MB

MD5
dee5bfbd39f529f10e3096d69fab40de

SHA1
4fb3cce89ad1da3206796c1d35e69fe1a2aa79de

SHA256
a5d633c79df89ef99385700f9622e1bcbe8964bbaaadceb2ee478b262f3b7106

SHA512
a2ca4d172c493da0a104bbeaffe781d07fcb6cc5f28f07f33ef2dc9f09d1e62415cf8e9892922c204f149ba8692d43f146e05d9d4a9e5021419475237ba1e111

Download Submit
C:\Windows\System\QxacDgq.exe

Filesize
2.0MB

MD5
5ccfc422bb610cc50cb0744856cf3fb0

SHA1
f2818f3344a4f04abc09c8de85b299e4b85b0ee9

SHA256
f00cd419002bead7c610b8a2c8224eb2f324bc2a96728df12e2380cc787c16b0

SHA512
cc4d5080398422bce6baea9f7c972d96fc3112b4c26ce2f776f549e54077fbf0ee93e789fd499d2b8b9c43f8193fa11a7d984c0d668d8f37a33641e27bcb54f4

Download Submit
C:\Windows\System\RgagOqz.exe

Filesize
2.0MB

MD5
bc185af38cf2b5408f627b496b5ae315

SHA1
5dc77f46f05822cd6419b6477811f8806225c32e

SHA256
7bb2dfc1a1c113c227ca0564a4f4d821b0da99fd6df8b811ab1652d7d1dbbc1e

SHA512
704a5f78a52af42da221a30219c2dd71df9c87fe649cf3e9f8ef88fe91b2cbed82ef6612995104d61cbe2b68074f276219d91015c309a8fb7fb378332ee16c11

Download Submit
C:\Windows\System\RiXYiPZ.exe

Filesize
2.0MB

MD5
aa05fbe8196e176895990228ee809722

SHA1
8933d41d360e4ff30fed464cd05c8ab6cfcbfa25

SHA256
7139fe59716426f2f0c2c4f029653851102924ea46ecacabb6aa6bf913742cf7

SHA512
7ee2cf61efc3669438b341f384919f30baa577c36579561470f8f1162c8f38993d8e6db45e7584dce235788aaad0d596f059dcf7346014ac9451e0cb65d5e5ba

Download Submit
C:\Windows\System\TlPeuko.exe

Filesize
2.0MB

MD5
5902b7cc0c81d63be1ef82f6f44cfa4b

SHA1
289870cedcbf2d8a4b912ec28e6bfb6fda82220f

SHA256
8e8beb228fde5a545024ca42b403edd899b7310059b33df5a803d68be69170d6

SHA512
ad1cbb50925f9bc9c6b82b41b70d538dfa798d77995cfbd21746d5e654d6d212815ca5094897e9f5907d3822ce03fd6595be9c04b8b40b8508f792cd71347daf

Download Submit
C:\Windows\System\WmqvtBp.exe

Filesize
2.0MB

MD5
15d68f888fd818139cf9a3932cb745d1

SHA1
e573e3f1ba125ba516bbde04fe51062259e9845a

SHA256
f33c3be0e0245f8fd896fcc59c271b0cab684ea51633c8853181f3249672276e

SHA512
7ab7d3dceba384e7dc5411310ad1baabf127116c8eef7d80500f0294a223dc7d5f00d30a7235b4bb891faefbc7c073ef2e646bcb808aff8c035dbf8024d43004

Download Submit
C:\Windows\System\XxFrQKN.exe

Filesize
2.0MB

MD5
4ecb9b05ea87473177bf5d97bfd9b2c4

SHA1
dd6bd868aa51450aa625534bdc6a02a892bbcea9

SHA256
10fc28a7144be2babb002e7a57e18ccc3954a373c64feca99a61324bf19096f8

SHA512
c916c93130cec0c72b32cd96e44e4953835033e8cb9cb2c89629a5c0209f140c63929c8f720c1f8b8199aa8e72e16dde2525b95d464062978103b4983791e169

Download Submit
C:\Windows\System\ZuFHAlb.exe

Filesize
2.0MB

MD5
671e142d856c43687b181d2604e0768a

SHA1
71dcb2aa6cd43ed0129f51bf98c2950643060362

SHA256
ee686f393e6557a06a5c752abb3ffbe81b09906e1e2dafc9e3d05f901484f7a7

SHA512
6ce26e911cbe0a939cf2c7c7e1dc13a0bdcfffe48298d9d761857f454959a9c05e663127f4d0de330d95ecccf94206c9d283cebbe80b987d5959ae1d91f85c30

Download Submit
C:\Windows\System\axyyCQm.exe

Filesize
2.0MB

MD5
3686401bec4b14f7ae131c63bcb9992b

SHA1
27b0c759fc0965185742d25ba34d001a34625dc2

SHA256
3abebc9446601f53331802e578687aab93fde920bc2ee070693767fae6a977c8

SHA512
e1d90df1a0a567f608e740f187113e1cc67e63b21258b1865b71f9af1e3ca7065cd39a2a7fa44d2003eb7c6233808cd4fffa8e1000c2cca5ce4105583e44c69c

Download Submit
C:\Windows\System\eEFHGIK.exe

Filesize
2.0MB

MD5
443576ef06b243be8cd3919a6bb715cc

SHA1
7d96b9bb667ca0482b77d8bfaf5f3bd28ebdfa1d

SHA256
df7edce41d3ba0cd9d873dbdfa52f681bae77a059aa7243ae323c6d3c873d5da

SHA512
563818d3c61c3414a4f4f7059a442ccbf2ccdfb506c7c92879269bff38fb47da569b568a61293bb3ed48d729b547e6be545d620f44fd6caa8bfd7ad5265c197d

Download Submit
C:\Windows\System\gawxDbx.exe

Filesize
2.0MB

MD5
fd90b71ea86518569d3c4840a6c2dda1

SHA1
74862f31cb8b8caee8d2cf46e311e1e5f6e630c5

SHA256
61be6b95b32f1e03eb372bfcb4af389b4c49b1394516e81edd18572dd06722ae

SHA512
782ff7be9ce2462723f4040ede1ccd29e8d5dedd47642d55c0e500158a6092980821c2f5784304f72453872fe653d56bf6f67a3d29a823ec776ae6ee264237a7

Download Submit
C:\Windows\System\jEItGFt.exe

Filesize
2.0MB

MD5
6228c22bc34465242d09e0b70e28ab0e

SHA1
cf2c707c21c5be58bf609f7f26a5043b87418ccc

SHA256
a89cfe774aab95cef58d8b21c12708c1a7a94ccc6978ca9f08d25026ca4fdeb4

SHA512
7eb281c63e972c8df6ec76eacb28d110b572072708565be1524ce1d3139d9fa99227c3771669502ee59f5c02c7bb8d3d21f10c644d61937c6db0110fa2ef61eb

Download Submit
C:\Windows\System\jcFMOiL.exe

Filesize
2.0MB

MD5
16d346ed281ce3d2a42c594369b19865

SHA1
349b9378bbba4db4b01cb7865e492dc3c02103fe

SHA256
e0186ccfad45a9767da6f596c59d0522a008b367cef5ad045bbaf59d84324d21

SHA512
fd44b7c8c33c3ae70985fa574c7e6ea37aef282a6f280e454652000f470d59b9efa7a4abb76102461f12e4f9c44bde4a40bedb8bd495dcc646d8e8f8b54a8c71

Download Submit
C:\Windows\System\koqVuAd.exe

Filesize
2.0MB

MD5
34e85d456a63a92641ee8932a37c15ab

SHA1
9c770e8be9a25e5c224a59a425e428e74142d3b2

SHA256
89098178c8e648e75e1abed01887c7a1c8cf7c2e0dcd7417441f62c33403af7f

SHA512
b5bee3b839ccf2d687f6dbdcce7623a795ea7ffa9508824b4a9e3a945fc412b499860bc6cc379a9e5efdc7a4fd1c2e1c648733fd4109a512fab7a455af3b68fe

Download Submit
C:\Windows\System\nDdAkyw.exe

Filesize
2.0MB

MD5
c48bf952bff7e83d8af8a61521dc6db4

SHA1
4f58e94e51fbca1fbe5df7ec7a27a526c4a0ea2f

SHA256
a4ec3137b91a816066affe4c648a96348b6451a6a8c2a3ee31f4d0b7ca92d617

SHA512
fd51554862fd7446c61f440288cdbdfd34243c630105262272a1f74a1c25f4ba3dd4b9ee97d54df302f468faf02d955fbac4255c46517ee74c1d4a41938c1158

Download Submit
C:\Windows\System\oneNlGW.exe

Filesize
2.0MB

MD5
a2f5e025a2adc928224b8431da0fcb38

SHA1
84b50b5e8930b9eeb75609a19ec461fb77ca3a44

SHA256
4790c4fdcbc595372b9880a775ae7a9224b819c0f78294f0247ef860cc151c69

SHA512
afe706bb6ce7f120ef24d5c2f5551f4bbcd28db3f0c055ee174d9bb864b11ae78f2bf3a11bbdd343a2f77e961cf904ded70fc9e4a6f4cca3ac1b7d4b4a03951c

Download Submit
C:\Windows\System\ptQCCXj.exe

Filesize
2.0MB

MD5
91e5fc4633582b456c32e0f41ba65055

SHA1
3ffe1a9d14bb010b5df0eaac80c3fac9a8765bef

SHA256
8881eeb6e135c10aa587663b312d3c0b26f628490cbe9b6b97d929c081a3f753

SHA512
e0f0d8ca15d494b2192e19099208bbcaa19d54e909f0d5bc329281d5978885c1132c66caf23297b4f31603fb60e9b5b3c3fdb30fc50603f86853638b1bbbe333

Download Submit
C:\Windows\System\rFTvELF.exe

Filesize
2.0MB

MD5
c0898e264c5097a94630e123a01b7807

SHA1
8f09d6f102a1de89c792c2308533067abaf0fd62

SHA256
dae79eec325a8677852c6c5781c5b5f44485bcd804f46c3755488ebd005c3491

SHA512
195b890a82fc47ab39116329240927e4ccef1b87f1766079ec5f346dcd0a5ceade6c5eda989c01bd72979eaa290b26a1c837812aa1bb86c26fc76a38d4292c7c

Download Submit
C:\Windows\System\rkpMnTG.exe

Filesize
8B

MD5
89b49edfc15b320118dccc63dce276c0

SHA1
d6a182f9e8a009d8ebfef26a1c685fcf2b4f152a

SHA256
b80b4d5110187afa9e6d1cf3e2b0f3429a153e9d0c88c32cabdb6359e19204f1

SHA512
7177d9a15db58801e4f8b1c7970b405645f764452ade86d38cac06f6967fac62b12ef486104093e1892a28c57d2dd25b2fe393363d54d8f0cf2bd6688982c9c6

Download Submit
C:\Windows\System\sGJxEWH.exe

Filesize
2.0MB

MD5
daf8447a76511c9949101d3620942154

SHA1
b563413f4619929a6cb957f21a4993c26b57e384

SHA256
eee045d23df1b21933a519d7ef944527c1126ab3e5ceb7e1d3a120971f22fcd6

SHA512
486c755adbd918a39cde92dfaae75fbe77a0fedb4b5810bdc9f1246f63a8158cef45ee6a5d725ff831253e5dc54cd67f43bc5cf6e127dffb1f7d2c119f1e7b07

Download Submit
C:\Windows\System\twdTEJc.exe

Filesize
2.0MB

MD5
f70f4241c0768b5e6303b6119662c022

SHA1
ea2f76085e6c3fc396cabc6c84a7991fd7b591d2

SHA256
e794900b0a01b979a09182d1c7122dd59a8ce187cc47896db9f7df3d45dd61a6

SHA512
c9f503887e318a0ec97e9aee0c71004be88ccad0b726387009b59f7f3e41847ffbe024f95d9c0eef4ac6138404be03a9308b6da37a50aac5e009426e6b4ac821

Download Submit
C:\Windows\System\vnwDxYR.exe

Filesize
2.0MB

MD5
f5430fcb43afd4eba3a61be5252ff389

SHA1
a98c92ee00ae6f0e854072a099d4086e3a20643e

SHA256
54542b14ed16c691d06a80ec4bcded567573b2a7b764f6b5cb4ee40848b82808

SHA512
3272d7c475d8910fc5001b423d1aeca0fb8435c27389ba10e466baa4dd11adee1e5afa27c0d973a594ae4907508653cf4ce7e4f371161bc5ef462e8e9d1527ad

Download Submit
C:\Windows\System\wBkyAfy.exe

Filesize
2.0MB

MD5
910603deed2ce215adc13a981024b462

SHA1
e1ec471b5b68f830e05a0aee8eb586126d717ae7

SHA256
52faec23bde3425112cbfaf75df4675356df3af04345a77568c88cabe5f75738

SHA512
56b64296d1f26406d12918d2e0323dc4185c797dd626b9eff6f5a69dce86e44fb0800d0f263a2cf81636a53f51998c6ad0bfdd004f777d7486c445332718ae28

Download Submit
C:\Windows\System\wHtJFrb.exe

Filesize
2.0MB

MD5
50c1c013ebf907df597154f81b2c2bd5

SHA1
e13177e49bc4be011543f27ca315672f38f78292

SHA256
08e431fffcaf19b1d76beec01b71708eaf883596925476701e839f82a65ccb07

SHA512
8062162572c8843f6b8ef2e3df2a146cd6068bd83c07dd8ed63eb2832bbfaac4b1b700e83010e03015e5bc18d116406ef58527f9e4dc06d0db4a80eda4ef3ffa

Download Submit
C:\Windows\System\wZSLWeF.exe

Filesize
2.0MB

MD5
d4e9a13997ed6cffec187be1e68d9134

SHA1
48962482c78a89d646a68414baa7ea54ce7840c3

SHA256
54d27113afa88a2c774110106413204f4908874badf0f733cfa7212fbb6a2b5d

SHA512
72d67082b5a09790521ba4fedcc7127a4a64f650f95bd78477354d887a775cc5a4d49f1b48883a2ee5eb5c2550cebd58d2235577ce89a6b007eb24e4d9bc3910

Download Submit
C:\Windows\System\ybVkWMW.exe

Filesize
2.0MB

MD5
bc41672e6926434a203d940d92e220a2

SHA1
2a176b52e467c6be0f9d095524b58c319e47b136

SHA256
5f56ab6ed896174a53f163528e2908012cdae11ad1dc5d5d220c0e92b0207291

SHA512
bab3b1bdb0de086ceccc1def14ff9f1525c166eeb3176bb77ba959463e904dfc11703d297a4d1329add0404188b3b573bcd6b5a98b2508ff996c51368400a7bc

Download Submit
memory/212-266-0x00007FF73E2F0000-0x00007FF73E6E2000-memory.dmp

Filesize
3.9MB

Download
memory/316-238-0x00007FF6D4D70000-0x00007FF6D5162000-memory.dmp

Filesize
3.9MB

Download
memory/320-283-0x00007FF7C4E70000-0x00007FF7C5262000-memory.dmp

Filesize
3.9MB

Download
memory/884-0-0x00007FF7BC260000-0x00007FF7BC652000-memory.dmp

Filesize
3.9MB

Download
memory/884-2048-0x00007FF7BC260000-0x00007FF7BC652000-memory.dmp

Filesize
3.9MB

Download
memory/884-1-0x0000022331100000-0x0000022331110000-memory.dmp

Filesize
64KB

Download
memory/928-231-0x00007FF6B4370000-0x00007FF6B4762000-memory.dmp

Filesize
3.9MB

Download
memory/1072-282-0x00007FF6C9560000-0x00007FF6C9952000-memory.dmp

Filesize
3.9MB

Download
memory/1460-288-0x00007FF6E5B10000-0x00007FF6E5F02000-memory.dmp

Filesize
3.9MB

Download
memory/1528-29-0x00007FF798380000-0x00007FF798772000-memory.dmp

Filesize
3.9MB

Download
memory/1528-2053-0x00007FF798380000-0x00007FF798772000-memory.dmp

Filesize
3.9MB

Download
memory/2140-292-0x00007FF6CB1C0000-0x00007FF6CB5B2000-memory.dmp

Filesize
3.9MB

Download
memory/2184-289-0x00007FF6B2380000-0x00007FF6B2772000-memory.dmp

Filesize
3.9MB

Download
memory/2292-276-0x00007FF79C8D0000-0x00007FF79CCC2000-memory.dmp

Filesize
3.9MB

Download
memory/2584-286-0x00007FF72FA10000-0x00007FF72FE02000-memory.dmp

Filesize
3.9MB

Download
memory/2912-241-0x00007FF6C8EB0000-0x00007FF6C92A2000-memory.dmp

Filesize
3.9MB

Download
memory/3088-195-0x00007FF7900A0000-0x00007FF790492000-memory.dmp

Filesize
3.9MB

Download
memory/3268-281-0x00007FF654D60000-0x00007FF655152000-memory.dmp

Filesize
3.9MB

Download
memory/3288-290-0x00007FF603030000-0x00007FF603422000-memory.dmp

Filesize
3.9MB

Download
memory/3512-291-0x00007FF73DD90000-0x00007FF73E182000-memory.dmp

Filesize
3.9MB

Download
memory/3572-284-0x00007FF624450000-0x00007FF624842000-memory.dmp

Filesize
3.9MB

Download
memory/3640-193-0x00007FF675640000-0x00007FF675A32000-memory.dmp

Filesize
3.9MB

Download
memory/3820-293-0x00007FF6F4B10000-0x00007FF6F4F02000-memory.dmp

Filesize
3.9MB

Download
memory/3984-182-0x00007FF6FA490000-0x00007FF6FA882000-memory.dmp

Filesize
3.9MB

Download
memory/4164-160-0x00007FF9B78D0000-0x00007FF9B8391000-memory.dmp

Filesize
10.8MB

Download
memory/4164-87-0x00007FF9B78D0000-0x00007FF9B8391000-memory.dmp

Filesize
10.8MB

Download
memory/4164-2337-0x00007FF9B78D3000-0x00007FF9B78D5000-memory.dmp

Filesize
8KB

Download
memory/4164-192-0x000001ECFB590000-0x000001ECFB5B2000-memory.dmp

Filesize
136KB

Download
memory/4164-15-0x00007FF9B78D3000-0x00007FF9B78D5000-memory.dmp

Filesize
8KB

Download
memory/4164-299-0x000001ECFC140000-0x000001ECFC8E6000-memory.dmp

Filesize
7.6MB

Download
memory/4164-3991-0x00007FF9B78D0000-0x00007FF9B8391000-memory.dmp

Filesize
10.8MB

Download
memory/4680-2051-0x00007FF792970000-0x00007FF792D62000-memory.dmp

Filesize
3.9MB

Download
memory/4680-14-0x00007FF792970000-0x00007FF792D62000-memory.dmp

Filesize
3.9MB

Download
memory/4924-287-0x00007FF6224D0000-0x00007FF6228C2000-memory.dmp

Filesize
3.9MB

Download
memory/5028-285-0x00007FF71F770000-0x00007FF71FB62000-memory.dmp

Filesize
3.9MB

Download
memory/5080-275-0x00007FF6AF5C0000-0x00007FF6AF9B2000-memory.dmp

Filesize
3.9MB

Download