xmrig | eea39b3a7c16f091abc2d5cd627ae66d3f67278b941741fb39e94905ea1ed9ce

Analysis

max time kernel
91s
max time network
92s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10-09-2024 00:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
Size

1.9MB
MD5

dab976ab2fe481f6ad2b8588e2bdf4b0
SHA1

cea1f9a618457236831cd24b27d67629d2666110
SHA256

eea39b3a7c16f091abc2d5cd627ae66d3f67278b941741fb39e94905ea1ed9ce
SHA512

e8ec1986c9e70785b7ed3ef02278b5e448b38eef453716a31fa332de21651cff7f404cf15ae147e00c69ccea8c6ee5b34070c739767a60dc407ae473f62ffc3a
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82S5k7l:NABP

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 49 IoCs

miner

resource	yara_rule
behavioral2/memory/2188-234-0x00007FF6A3840000-0x00007FF6A3C32000-memory.dmp	xmrig
behavioral2/memory/4060-253-0x00007FF78ABF0000-0x00007FF78AFE2000-memory.dmp	xmrig
behavioral2/memory/4896-430-0x00007FF6376F0000-0x00007FF637AE2000-memory.dmp	xmrig
behavioral2/memory/5020-427-0x00007FF6B1A40000-0x00007FF6B1E32000-memory.dmp	xmrig
behavioral2/memory/684-1005-0x00007FF694660000-0x00007FF694A52000-memory.dmp	xmrig
behavioral2/memory/2688-1075-0x00007FF679750000-0x00007FF679B42000-memory.dmp	xmrig
behavioral2/memory/4420-2475-0x00007FF633C40000-0x00007FF634032000-memory.dmp	xmrig
behavioral2/memory/4900-2598-0x00007FF7913D0000-0x00007FF7917C2000-memory.dmp	xmrig
behavioral2/memory/3828-2603-0x00007FF777A40000-0x00007FF777E32000-memory.dmp	xmrig
behavioral2/memory/3668-1086-0x00007FF649790000-0x00007FF649B82000-memory.dmp	xmrig
behavioral2/memory/4520-1085-0x00007FF625E50000-0x00007FF626242000-memory.dmp	xmrig
behavioral2/memory/4544-1084-0x00007FF6CA5F0000-0x00007FF6CA9E2000-memory.dmp	xmrig
behavioral2/memory/2252-1002-0x00007FF645E50000-0x00007FF646242000-memory.dmp	xmrig
behavioral2/memory/3940-913-0x00007FF795630000-0x00007FF795A22000-memory.dmp	xmrig
behavioral2/memory/2372-912-0x00007FF6FF610000-0x00007FF6FFA02000-memory.dmp	xmrig
behavioral2/memory/912-883-0x00007FF7A7CB0000-0x00007FF7A80A2000-memory.dmp	xmrig
behavioral2/memory/408-876-0x00007FF742450000-0x00007FF742842000-memory.dmp	xmrig
behavioral2/memory/3840-706-0x00007FF642020000-0x00007FF642412000-memory.dmp	xmrig
behavioral2/memory/5024-664-0x00007FF64A900000-0x00007FF64ACF2000-memory.dmp	xmrig
behavioral2/memory/3652-597-0x00007FF7F3A90000-0x00007FF7F3E82000-memory.dmp	xmrig
behavioral2/memory/4892-368-0x00007FF7D8530000-0x00007FF7D8922000-memory.dmp	xmrig
behavioral2/memory/2164-329-0x00007FF7F6600000-0x00007FF7F69F2000-memory.dmp	xmrig
behavioral2/memory/2204-295-0x00007FF70F170000-0x00007FF70F562000-memory.dmp	xmrig
behavioral2/memory/428-294-0x00007FF6D28F0000-0x00007FF6D2CE2000-memory.dmp	xmrig
behavioral2/memory/3232-2676-0x00007FF63BDF0000-0x00007FF63C1E2000-memory.dmp	xmrig
behavioral2/memory/4900-3902-0x00007FF7913D0000-0x00007FF7917C2000-memory.dmp	xmrig
behavioral2/memory/4520-3926-0x00007FF625E50000-0x00007FF626242000-memory.dmp	xmrig
behavioral2/memory/428-3929-0x00007FF6D28F0000-0x00007FF6D2CE2000-memory.dmp	xmrig
behavioral2/memory/2188-3931-0x00007FF6A3840000-0x00007FF6A3C32000-memory.dmp	xmrig
behavioral2/memory/3828-3927-0x00007FF777A40000-0x00007FF777E32000-memory.dmp	xmrig
behavioral2/memory/5020-3949-0x00007FF6B1A40000-0x00007FF6B1E32000-memory.dmp	xmrig
behavioral2/memory/3232-3945-0x00007FF63BDF0000-0x00007FF63C1E2000-memory.dmp	xmrig
behavioral2/memory/4896-3943-0x00007FF6376F0000-0x00007FF637AE2000-memory.dmp	xmrig
behavioral2/memory/3668-3939-0x00007FF649790000-0x00007FF649B82000-memory.dmp	xmrig
behavioral2/memory/912-3941-0x00007FF7A7CB0000-0x00007FF7A80A2000-memory.dmp	xmrig
behavioral2/memory/2372-3937-0x00007FF6FF610000-0x00007FF6FFA02000-memory.dmp	xmrig
behavioral2/memory/3940-3935-0x00007FF795630000-0x00007FF795A22000-memory.dmp	xmrig
behavioral2/memory/2688-3956-0x00007FF679750000-0x00007FF679B42000-memory.dmp	xmrig
behavioral2/memory/684-3960-0x00007FF694660000-0x00007FF694A52000-memory.dmp	xmrig
behavioral2/memory/3840-3959-0x00007FF642020000-0x00007FF642412000-memory.dmp	xmrig
behavioral2/memory/3652-3955-0x00007FF7F3A90000-0x00007FF7F3E82000-memory.dmp	xmrig
behavioral2/memory/5024-3953-0x00007FF64A900000-0x00007FF64ACF2000-memory.dmp	xmrig
behavioral2/memory/408-3951-0x00007FF742450000-0x00007FF742842000-memory.dmp	xmrig
behavioral2/memory/4060-3962-0x00007FF78ABF0000-0x00007FF78AFE2000-memory.dmp	xmrig
behavioral2/memory/2204-3947-0x00007FF70F170000-0x00007FF70F562000-memory.dmp	xmrig
behavioral2/memory/2164-3969-0x00007FF7F6600000-0x00007FF7F69F2000-memory.dmp	xmrig
behavioral2/memory/2252-4045-0x00007FF645E50000-0x00007FF646242000-memory.dmp	xmrig
behavioral2/memory/4892-4049-0x00007FF7D8530000-0x00007FF7D8922000-memory.dmp	xmrig
behavioral2/memory/4544-4043-0x00007FF6CA5F0000-0x00007FF6CA9E2000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
2872	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4900	SHpqqiZ.exe
3232	CAfcgMl.exe
3828	wMnhEDB.exe
4520	gjmZZbI.exe
2188	sNonqBX.exe
4060	ajcOTuT.exe
428	sfzanIB.exe
2204	cVBvskx.exe
2164	XycSaXa.exe
3668	sYVHXki.exe
4892	fUKWoaK.exe
5020	jxCdAZV.exe
4896	wxbxylB.exe
3652	ncysXQG.exe
5024	Mxobdji.exe
3840	SoibNda.exe
408	RBumAoa.exe
912	GGuAJAs.exe
2372	ZtAilWX.exe
3940	TWOGZRo.exe
2252	AMwgWLr.exe
684	FXTiErr.exe
2688	FkOcMSj.exe
4544	cHWaYia.exe
4728	fiueHuJ.exe
4160	hTSepqB.exe
972	COlgpAk.exe
3772	cAdmXeg.exe
4980	fSixJXw.exe
2260	qWthhTq.exe
3308	lgVhZEV.exe
3824	rWojhnU.exe
1936	fZJSdkQ.exe
740	rpWSplz.exe
5084	nSyaEKZ.exe
432	nBZJRQA.exe
2264	okozgez.exe
4676	NFOOiRx.exe
4908	YUjuEzL.exe
3924	UGkDMYd.exe
3488	niySVKb.exe
1728	yaMNUsF.exe
5044	canWKCQ.exe
1272	ktbbfif.exe
4872	wHzSJnC.exe
1276	cJDFgdK.exe
1780	FjTGWjQ.exe
1052	QbopyNO.exe
2884	SBGkLUc.exe
1136	eNptazz.exe
224	JezSUSn.exe
532	PNqOHDb.exe
1964	dKKjMNb.exe
64	MEpiFtl.exe
804	HSfSnre.exe
2876	dXMXDxd.exe
4444	ouczcPp.exe
4768	GNFtflg.exe
2288	ZxWAruK.exe
2976	pTpBOhj.exe
4620	IKYekGA.exe
4884	itetGra.exe
2824	rJMSxje.exe
2792	JGuDxhu.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4420-0-0x00007FF633C40000-0x00007FF634032000-memory.dmp	upx
behavioral2/files/0x00070000000234c6-7.dat	upx
behavioral2/files/0x00070000000234c5-11.dat	upx
behavioral2/memory/4900-8-0x00007FF7913D0000-0x00007FF7917C2000-memory.dmp	upx
behavioral2/files/0x00080000000234c1-5.dat	upx
behavioral2/files/0x00070000000234c8-29.dat	upx
behavioral2/files/0x00070000000234cb-38.dat	upx
behavioral2/files/0x00070000000234de-140.dat	upx
behavioral2/files/0x00070000000234e6-178.dat	upx
behavioral2/memory/2188-234-0x00007FF6A3840000-0x00007FF6A3C32000-memory.dmp	upx
behavioral2/memory/4060-253-0x00007FF78ABF0000-0x00007FF78AFE2000-memory.dmp	upx
behavioral2/memory/4896-430-0x00007FF6376F0000-0x00007FF637AE2000-memory.dmp	upx
behavioral2/memory/5020-427-0x00007FF6B1A40000-0x00007FF6B1E32000-memory.dmp	upx
behavioral2/memory/684-1005-0x00007FF694660000-0x00007FF694A52000-memory.dmp	upx
behavioral2/memory/2688-1075-0x00007FF679750000-0x00007FF679B42000-memory.dmp	upx
behavioral2/memory/4420-2475-0x00007FF633C40000-0x00007FF634032000-memory.dmp	upx
behavioral2/memory/4900-2598-0x00007FF7913D0000-0x00007FF7917C2000-memory.dmp	upx
behavioral2/memory/3828-2603-0x00007FF777A40000-0x00007FF777E32000-memory.dmp	upx
behavioral2/memory/3668-1086-0x00007FF649790000-0x00007FF649B82000-memory.dmp	upx
behavioral2/memory/4520-1085-0x00007FF625E50000-0x00007FF626242000-memory.dmp	upx
behavioral2/memory/4544-1084-0x00007FF6CA5F0000-0x00007FF6CA9E2000-memory.dmp	upx
behavioral2/memory/2252-1002-0x00007FF645E50000-0x00007FF646242000-memory.dmp	upx
behavioral2/memory/3940-913-0x00007FF795630000-0x00007FF795A22000-memory.dmp	upx
behavioral2/memory/2372-912-0x00007FF6FF610000-0x00007FF6FFA02000-memory.dmp	upx
behavioral2/memory/912-883-0x00007FF7A7CB0000-0x00007FF7A80A2000-memory.dmp	upx
behavioral2/memory/408-876-0x00007FF742450000-0x00007FF742842000-memory.dmp	upx
behavioral2/memory/3840-706-0x00007FF642020000-0x00007FF642412000-memory.dmp	upx
behavioral2/memory/5024-664-0x00007FF64A900000-0x00007FF64ACF2000-memory.dmp	upx
behavioral2/memory/3652-597-0x00007FF7F3A90000-0x00007FF7F3E82000-memory.dmp	upx
behavioral2/memory/4892-368-0x00007FF7D8530000-0x00007FF7D8922000-memory.dmp	upx
behavioral2/memory/2164-329-0x00007FF7F6600000-0x00007FF7F69F2000-memory.dmp	upx
behavioral2/memory/2204-295-0x00007FF70F170000-0x00007FF70F562000-memory.dmp	upx
behavioral2/memory/428-294-0x00007FF6D28F0000-0x00007FF6D2CE2000-memory.dmp	upx
behavioral2/files/0x00070000000234e9-190.dat	upx
behavioral2/files/0x00070000000234e0-187.dat	upx
behavioral2/files/0x00070000000234e8-181.dat	upx
behavioral2/files/0x00070000000234e7-180.dat	upx
behavioral2/files/0x00070000000234e5-171.dat	upx
behavioral2/files/0x00070000000234e4-170.dat	upx
behavioral2/files/0x00070000000234e3-165.dat	upx
behavioral2/files/0x00070000000234e2-163.dat	upx
behavioral2/files/0x00070000000234da-161.dat	upx
behavioral2/files/0x00070000000234e1-159.dat	upx
behavioral2/files/0x00070000000234d9-157.dat	upx
behavioral2/files/0x00080000000234c2-156.dat	upx
behavioral2/files/0x00070000000234ce-153.dat	upx
behavioral2/files/0x00070000000234df-148.dat	upx
behavioral2/files/0x00070000000234d1-146.dat	upx
behavioral2/files/0x00070000000234cf-184.dat	upx
behavioral2/files/0x00070000000234d0-137.dat	upx
behavioral2/files/0x00070000000234cc-136.dat	upx
behavioral2/files/0x00070000000234dd-127.dat	upx
behavioral2/files/0x00070000000234dc-125.dat	upx
behavioral2/files/0x00070000000234d7-108.dat	upx
behavioral2/files/0x00070000000234d6-107.dat	upx
behavioral2/files/0x00070000000234d2-105.dat	upx
behavioral2/files/0x00070000000234cd-98.dat	upx
behavioral2/files/0x00070000000234d5-88.dat	upx
behavioral2/files/0x00070000000234db-124.dat	upx
behavioral2/files/0x00070000000234d4-81.dat	upx
behavioral2/files/0x00070000000234d3-74.dat	upx
behavioral2/files/0x00070000000234ca-72.dat	upx
behavioral2/files/0x00070000000234d8-114.dat	upx
behavioral2/files/0x00070000000234c7-57.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\JYPfIym.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\eryuMsE.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\utXODbb.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\MFoLJua.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\gspxAXv.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\GRApXCF.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\wSFczCl.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\BKCAEGb.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\DmqhGDx.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\Ukzpsui.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\xlhGDKT.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\drqLgmz.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\ajfOQUd.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\oRqxsMe.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\rEOkfOD.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\eznpyRE.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\BHusvme.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\lvyRquK.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\gEvWRhy.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\SOpqBYA.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\MZhsqrs.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\ZupXDCc.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\RwcaYew.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\aTJMjyd.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\vTkhjbR.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\XHuXRvL.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\CHuZTNY.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\dBGFBVH.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\LxYEMvr.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\KKeHnEN.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\dRIAdjw.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\kjqoUlG.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\LRrjjHp.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\jNgNetw.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\AZYSZdc.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\DpEOTKE.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\UvzXznk.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\mDZMVpi.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\kCWnubN.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\GoCXssp.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\sgwiSbs.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\hKCaEyr.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\bXfgiBd.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\QdiyVua.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\ZLDQsYH.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\BMOUjeG.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\EFvZlDn.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\BMMOrIz.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\aOYdZxS.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\XmDRTKr.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\OvtIons.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\aZUjNit.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\pJPhhrd.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\YbySpOn.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\wBkesnJ.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\yhtLcIR.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\xOySDgE.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\VFpIVsf.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\PwCooor.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\jygYsxo.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\RQMSLFO.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\yetFwnZ.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\HfRvLcv.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
File created	C:\Windows\System\dqWIrGw.exe	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2872	powershell.exe
2872	powershell.exe
2872	powershell.exe
2872	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
Token: SeLockMemoryPrivilege	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
Token: SeDebugPrivilege	2872	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4420 wrote to memory of 2872	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	85
PID 4420 wrote to memory of 2872	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	85
PID 4420 wrote to memory of 4900	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	87
PID 4420 wrote to memory of 4900	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	87
PID 4420 wrote to memory of 3232	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	88
PID 4420 wrote to memory of 3232	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	88
PID 4420 wrote to memory of 3828	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	89
PID 4420 wrote to memory of 3828	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	89
PID 4420 wrote to memory of 428	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	90
PID 4420 wrote to memory of 428	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	90
PID 4420 wrote to memory of 4520	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	91
PID 4420 wrote to memory of 4520	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	91
PID 4420 wrote to memory of 2188	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	92
PID 4420 wrote to memory of 2188	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	92
PID 4420 wrote to memory of 4060	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	93
PID 4420 wrote to memory of 4060	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	93
PID 4420 wrote to memory of 2204	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	94
PID 4420 wrote to memory of 2204	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	94
PID 4420 wrote to memory of 2164	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	95
PID 4420 wrote to memory of 2164	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	95
PID 4420 wrote to memory of 3668	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	96
PID 4420 wrote to memory of 3668	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	96
PID 4420 wrote to memory of 3840	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	97
PID 4420 wrote to memory of 3840	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	97
PID 4420 wrote to memory of 4892	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	98
PID 4420 wrote to memory of 4892	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	98
PID 4420 wrote to memory of 5020	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	99
PID 4420 wrote to memory of 5020	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	99
PID 4420 wrote to memory of 4896	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	100
PID 4420 wrote to memory of 4896	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	100
PID 4420 wrote to memory of 3652	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	101
PID 4420 wrote to memory of 3652	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	101
PID 4420 wrote to memory of 5024	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	102
PID 4420 wrote to memory of 5024	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	102
PID 4420 wrote to memory of 408	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	103
PID 4420 wrote to memory of 408	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	103
PID 4420 wrote to memory of 912	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	104
PID 4420 wrote to memory of 912	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	104
PID 4420 wrote to memory of 2372	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	105
PID 4420 wrote to memory of 2372	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	105
PID 4420 wrote to memory of 3940	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	106
PID 4420 wrote to memory of 3940	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	106
PID 4420 wrote to memory of 2252	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	107
PID 4420 wrote to memory of 2252	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	107
PID 4420 wrote to memory of 2260	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	108
PID 4420 wrote to memory of 2260	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	108
PID 4420 wrote to memory of 684	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	109
PID 4420 wrote to memory of 684	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	109
PID 4420 wrote to memory of 2688	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	110
PID 4420 wrote to memory of 2688	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	110
PID 4420 wrote to memory of 4544	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	111
PID 4420 wrote to memory of 4544	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	111
PID 4420 wrote to memory of 4728	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	112
PID 4420 wrote to memory of 4728	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	112
PID 4420 wrote to memory of 4160	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	113
PID 4420 wrote to memory of 4160	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	113
PID 4420 wrote to memory of 972	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	114
PID 4420 wrote to memory of 972	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	114
PID 4420 wrote to memory of 3772	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	115
PID 4420 wrote to memory of 3772	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	115
PID 4420 wrote to memory of 4980	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	116
PID 4420 wrote to memory of 4980	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	116
PID 4420 wrote to memory of 3308	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	117
PID 4420 wrote to memory of 3308	4420	dab976ab2fe481f6ad2b8588e2bdf4b0N.exe	117

C:\Users\Admin\AppData\Local\Temp\dab976ab2fe481f6ad2b8588e2bdf4b0N.exe
"C:\Users\Admin\AppData\Local\Temp\dab976ab2fe481f6ad2b8588e2bdf4b0N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4420
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2872
- C:\Windows\System\SHpqqiZ.exe
  C:\Windows\System\SHpqqiZ.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\CAfcgMl.exe
  C:\Windows\System\CAfcgMl.exe
  2⤵
  - Executes dropped EXE
  PID:3232
- C:\Windows\System\wMnhEDB.exe
  C:\Windows\System\wMnhEDB.exe
  2⤵
  - Executes dropped EXE
  PID:3828
- C:\Windows\System\sfzanIB.exe
  C:\Windows\System\sfzanIB.exe
  2⤵
  - Executes dropped EXE
  PID:428
- C:\Windows\System\gjmZZbI.exe
  C:\Windows\System\gjmZZbI.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\sNonqBX.exe
  C:\Windows\System\sNonqBX.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\ajcOTuT.exe
  C:\Windows\System\ajcOTuT.exe
  2⤵
  - Executes dropped EXE
  PID:4060
- C:\Windows\System\cVBvskx.exe
  C:\Windows\System\cVBvskx.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\XycSaXa.exe
  C:\Windows\System\XycSaXa.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\sYVHXki.exe
  C:\Windows\System\sYVHXki.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System\SoibNda.exe
  C:\Windows\System\SoibNda.exe
  2⤵
  - Executes dropped EXE
  PID:3840
- C:\Windows\System\fUKWoaK.exe
  C:\Windows\System\fUKWoaK.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\jxCdAZV.exe
  C:\Windows\System\jxCdAZV.exe
  2⤵
  - Executes dropped EXE
  PID:5020
- C:\Windows\System\wxbxylB.exe
  C:\Windows\System\wxbxylB.exe
  2⤵
  - Executes dropped EXE
  PID:4896
- C:\Windows\System\ncysXQG.exe
  C:\Windows\System\ncysXQG.exe
  2⤵
  - Executes dropped EXE
  PID:3652
- C:\Windows\System\Mxobdji.exe
  C:\Windows\System\Mxobdji.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\RBumAoa.exe
  C:\Windows\System\RBumAoa.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\GGuAJAs.exe
  C:\Windows\System\GGuAJAs.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\ZtAilWX.exe
  C:\Windows\System\ZtAilWX.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\TWOGZRo.exe
  C:\Windows\System\TWOGZRo.exe
  2⤵
  - Executes dropped EXE
  PID:3940
- C:\Windows\System\AMwgWLr.exe
  C:\Windows\System\AMwgWLr.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\qWthhTq.exe
  C:\Windows\System\qWthhTq.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\FXTiErr.exe
  C:\Windows\System\FXTiErr.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\FkOcMSj.exe
  C:\Windows\System\FkOcMSj.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\cHWaYia.exe
  C:\Windows\System\cHWaYia.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\fiueHuJ.exe
  C:\Windows\System\fiueHuJ.exe
  2⤵
  - Executes dropped EXE
  PID:4728
- C:\Windows\System\hTSepqB.exe
  C:\Windows\System\hTSepqB.exe
  2⤵
  - Executes dropped EXE
  PID:4160
- C:\Windows\System\COlgpAk.exe
  C:\Windows\System\COlgpAk.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\cAdmXeg.exe
  C:\Windows\System\cAdmXeg.exe
  2⤵
  - Executes dropped EXE
  PID:3772
- C:\Windows\System\fSixJXw.exe
  C:\Windows\System\fSixJXw.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\lgVhZEV.exe
  C:\Windows\System\lgVhZEV.exe
  2⤵
  - Executes dropped EXE
  PID:3308
- C:\Windows\System\rWojhnU.exe
  C:\Windows\System\rWojhnU.exe
  2⤵
  - Executes dropped EXE
  PID:3824
- C:\Windows\System\fZJSdkQ.exe
  C:\Windows\System\fZJSdkQ.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\rpWSplz.exe
  C:\Windows\System\rpWSplz.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\nSyaEKZ.exe
  C:\Windows\System\nSyaEKZ.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\nBZJRQA.exe
  C:\Windows\System\nBZJRQA.exe
  2⤵
  - Executes dropped EXE
  PID:432
- C:\Windows\System\okozgez.exe
  C:\Windows\System\okozgez.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\NFOOiRx.exe
  C:\Windows\System\NFOOiRx.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System\YUjuEzL.exe
  C:\Windows\System\YUjuEzL.exe
  2⤵
  - Executes dropped EXE
  PID:4908
- C:\Windows\System\UGkDMYd.exe
  C:\Windows\System\UGkDMYd.exe
  2⤵
  - Executes dropped EXE
  PID:3924
- C:\Windows\System\eNptazz.exe
  C:\Windows\System\eNptazz.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\niySVKb.exe
  C:\Windows\System\niySVKb.exe
  2⤵
  - Executes dropped EXE
  PID:3488
- C:\Windows\System\yaMNUsF.exe
  C:\Windows\System\yaMNUsF.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\canWKCQ.exe
  C:\Windows\System\canWKCQ.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\ktbbfif.exe
  C:\Windows\System\ktbbfif.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\wHzSJnC.exe
  C:\Windows\System\wHzSJnC.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Windows\System\cJDFgdK.exe
  C:\Windows\System\cJDFgdK.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\FjTGWjQ.exe
  C:\Windows\System\FjTGWjQ.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\QbopyNO.exe
  C:\Windows\System\QbopyNO.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\SBGkLUc.exe
  C:\Windows\System\SBGkLUc.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\JezSUSn.exe
  C:\Windows\System\JezSUSn.exe
  2⤵
  - Executes dropped EXE
  PID:224
- C:\Windows\System\PNqOHDb.exe
  C:\Windows\System\PNqOHDb.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\dKKjMNb.exe
  C:\Windows\System\dKKjMNb.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\MEpiFtl.exe
  C:\Windows\System\MEpiFtl.exe
  2⤵
  - Executes dropped EXE
  PID:64
- C:\Windows\System\HSfSnre.exe
  C:\Windows\System\HSfSnre.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\dXMXDxd.exe
  C:\Windows\System\dXMXDxd.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\ouczcPp.exe
  C:\Windows\System\ouczcPp.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\GNFtflg.exe
  C:\Windows\System\GNFtflg.exe
  2⤵
  - Executes dropped EXE
  PID:4768
- C:\Windows\System\ZxWAruK.exe
  C:\Windows\System\ZxWAruK.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\pTpBOhj.exe
  C:\Windows\System\pTpBOhj.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\IKYekGA.exe
  C:\Windows\System\IKYekGA.exe
  2⤵
  - Executes dropped EXE
  PID:4620
- C:\Windows\System\itetGra.exe
  C:\Windows\System\itetGra.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\rJMSxje.exe
  C:\Windows\System\rJMSxje.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\JGuDxhu.exe
  C:\Windows\System\JGuDxhu.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\cpBhvPs.exe
  C:\Windows\System\cpBhvPs.exe
  2⤵
  PID:1288
- C:\Windows\System\YDuBiFi.exe
  C:\Windows\System\YDuBiFi.exe
  2⤵
  PID:4464
- C:\Windows\System\jsLThtf.exe
  C:\Windows\System\jsLThtf.exe
  2⤵
  PID:4984
- C:\Windows\System\ldPsGth.exe
  C:\Windows\System\ldPsGth.exe
  2⤵
  PID:3516
- C:\Windows\System\vVWkLsT.exe
  C:\Windows\System\vVWkLsT.exe
  2⤵
  PID:2952
- C:\Windows\System\WdlTCNz.exe
  C:\Windows\System\WdlTCNz.exe
  2⤵
  PID:1312
- C:\Windows\System\BLugvMC.exe
  C:\Windows\System\BLugvMC.exe
  2⤵
  PID:1444
- C:\Windows\System\CSPeDlA.exe
  C:\Windows\System\CSPeDlA.exe
  2⤵
  PID:452
- C:\Windows\System\MXeQIJu.exe
  C:\Windows\System\MXeQIJu.exe
  2⤵
  PID:5036
- C:\Windows\System\yrkLIAF.exe
  C:\Windows\System\yrkLIAF.exe
  2⤵
  PID:3312
- C:\Windows\System\cwlXOlk.exe
  C:\Windows\System\cwlXOlk.exe
  2⤵
  PID:4452
- C:\Windows\System\rykHzzF.exe
  C:\Windows\System\rykHzzF.exe
  2⤵
  PID:4624
- C:\Windows\System\gWgGDin.exe
  C:\Windows\System\gWgGDin.exe
  2⤵
  PID:2788
- C:\Windows\System\HAVzBCx.exe
  C:\Windows\System\HAVzBCx.exe
  2⤵
  PID:1000
- C:\Windows\System\qyzEORE.exe
  C:\Windows\System\qyzEORE.exe
  2⤵
  PID:5128
- C:\Windows\System\bssHzHp.exe
  C:\Windows\System\bssHzHp.exe
  2⤵
  PID:5144
- C:\Windows\System\zSUdCAW.exe
  C:\Windows\System\zSUdCAW.exe
  2⤵
  PID:5180
- C:\Windows\System\EPaTYaL.exe
  C:\Windows\System\EPaTYaL.exe
  2⤵
  PID:5212
- C:\Windows\System\eVsZVUm.exe
  C:\Windows\System\eVsZVUm.exe
  2⤵
  PID:5308
- C:\Windows\System\JlkujRk.exe
  C:\Windows\System\JlkujRk.exe
  2⤵
  PID:5328
- C:\Windows\System\fPGwkrU.exe
  C:\Windows\System\fPGwkrU.exe
  2⤵
  PID:5344
- C:\Windows\System\rObkWdH.exe
  C:\Windows\System\rObkWdH.exe
  2⤵
  PID:5368
- C:\Windows\System\VMoVCRA.exe
  C:\Windows\System\VMoVCRA.exe
  2⤵
  PID:5388
- C:\Windows\System\MHuCVAk.exe
  C:\Windows\System\MHuCVAk.exe
  2⤵
  PID:5408
- C:\Windows\System\uWCyHjU.exe
  C:\Windows\System\uWCyHjU.exe
  2⤵
  PID:5424
- C:\Windows\System\fEdJPrH.exe
  C:\Windows\System\fEdJPrH.exe
  2⤵
  PID:5448
- C:\Windows\System\civJFzm.exe
  C:\Windows\System\civJFzm.exe
  2⤵
  PID:5464
- C:\Windows\System\scCBQQB.exe
  C:\Windows\System\scCBQQB.exe
  2⤵
  PID:5544
- C:\Windows\System\yTVtvQs.exe
  C:\Windows\System\yTVtvQs.exe
  2⤵
  PID:5568
- C:\Windows\System\ntGnmKz.exe
  C:\Windows\System\ntGnmKz.exe
  2⤵
  PID:5592
- C:\Windows\System\xRwJhgQ.exe
  C:\Windows\System\xRwJhgQ.exe
  2⤵
  PID:5612
- C:\Windows\System\mmVwUbd.exe
  C:\Windows\System\mmVwUbd.exe
  2⤵
  PID:5636
- C:\Windows\System\oEqjJPo.exe
  C:\Windows\System\oEqjJPo.exe
  2⤵
  PID:5656
- C:\Windows\System\smSynZX.exe
  C:\Windows\System\smSynZX.exe
  2⤵
  PID:5676
- C:\Windows\System\OnMOJom.exe
  C:\Windows\System\OnMOJom.exe
  2⤵
  PID:5696
- C:\Windows\System\uctFkju.exe
  C:\Windows\System\uctFkju.exe
  2⤵
  PID:5720
- C:\Windows\System\lmwudUX.exe
  C:\Windows\System\lmwudUX.exe
  2⤵
  PID:5736
- C:\Windows\System\ZKUiNHe.exe
  C:\Windows\System\ZKUiNHe.exe
  2⤵
  PID:5760
- C:\Windows\System\XnczCuN.exe
  C:\Windows\System\XnczCuN.exe
  2⤵
  PID:5780
- C:\Windows\System\GpBUkQu.exe
  C:\Windows\System\GpBUkQu.exe
  2⤵
  PID:5796
- C:\Windows\System\XpxciWT.exe
  C:\Windows\System\XpxciWT.exe
  2⤵
  PID:5812
- C:\Windows\System\XaxbBqH.exe
  C:\Windows\System\XaxbBqH.exe
  2⤵
  PID:5832
- C:\Windows\System\sSeawtH.exe
  C:\Windows\System\sSeawtH.exe
  2⤵
  PID:5848
- C:\Windows\System\xuIyGDy.exe
  C:\Windows\System\xuIyGDy.exe
  2⤵
  PID:5904
- C:\Windows\System\wcnhOSA.exe
  C:\Windows\System\wcnhOSA.exe
  2⤵
  PID:5928
- C:\Windows\System\TgUoOrO.exe
  C:\Windows\System\TgUoOrO.exe
  2⤵
  PID:5944
- C:\Windows\System\GQiLXcW.exe
  C:\Windows\System\GQiLXcW.exe
  2⤵
  PID:5968
- C:\Windows\System\hjjaitp.exe
  C:\Windows\System\hjjaitp.exe
  2⤵
  PID:5988
- C:\Windows\System\ACKazeA.exe
  C:\Windows\System\ACKazeA.exe
  2⤵
  PID:6012
- C:\Windows\System\UEkaHdO.exe
  C:\Windows\System\UEkaHdO.exe
  2⤵
  PID:6036
- C:\Windows\System\mjsjAOp.exe
  C:\Windows\System\mjsjAOp.exe
  2⤵
  PID:6052
- C:\Windows\System\QqBDRiI.exe
  C:\Windows\System\QqBDRiI.exe
  2⤵
  PID:6080
- C:\Windows\System\uFfYdus.exe
  C:\Windows\System\uFfYdus.exe
  2⤵
  PID:6100
- C:\Windows\System\DJUXkRU.exe
  C:\Windows\System\DJUXkRU.exe
  2⤵
  PID:6120
- C:\Windows\System\LWmoKdj.exe
  C:\Windows\System\LWmoKdj.exe
  2⤵
  PID:6140
- C:\Windows\System\vIObjOY.exe
  C:\Windows\System\vIObjOY.exe
  2⤵
  PID:2228
- C:\Windows\System\WjjyxUs.exe
  C:\Windows\System\WjjyxUs.exe
  2⤵
  PID:4032
- C:\Windows\System\zXAFNzb.exe
  C:\Windows\System\zXAFNzb.exe
  2⤵
  PID:3868
- C:\Windows\System\lwrooph.exe
  C:\Windows\System\lwrooph.exe
  2⤵
  PID:4484
- C:\Windows\System\XUIaPBV.exe
  C:\Windows\System\XUIaPBV.exe
  2⤵
  PID:4300
- C:\Windows\System\RMGLkLP.exe
  C:\Windows\System\RMGLkLP.exe
  2⤵
  PID:5124
- C:\Windows\System\XLePduV.exe
  C:\Windows\System\XLePduV.exe
  2⤵
  PID:1280
- C:\Windows\System\ZTQTFNI.exe
  C:\Windows\System\ZTQTFNI.exe
  2⤵
  PID:2572
- C:\Windows\System\RmjpOnw.exe
  C:\Windows\System\RmjpOnw.exe
  2⤵
  PID:736
- C:\Windows\System\HZjHblN.exe
  C:\Windows\System\HZjHblN.exe
  2⤵
  PID:4140
- C:\Windows\System\cBDHopR.exe
  C:\Windows\System\cBDHopR.exe
  2⤵
  PID:2496
- C:\Windows\System\wcSyeuf.exe
  C:\Windows\System\wcSyeuf.exe
  2⤵
  PID:1960
- C:\Windows\System\aWLFoCw.exe
  C:\Windows\System\aWLFoCw.exe
  2⤵
  PID:4876
- C:\Windows\System\ajaoSbU.exe
  C:\Windows\System\ajaoSbU.exe
  2⤵
  PID:5584
- C:\Windows\System\fDAdAKO.exe
  C:\Windows\System\fDAdAKO.exe
  2⤵
  PID:5608
- C:\Windows\System\MBKtnfM.exe
  C:\Windows\System\MBKtnfM.exe
  2⤵
  PID:632
- C:\Windows\System\XzWeTgv.exe
  C:\Windows\System\XzWeTgv.exe
  2⤵
  PID:4988
- C:\Windows\System\ajOaUEe.exe
  C:\Windows\System\ajOaUEe.exe
  2⤵
  PID:5704
- C:\Windows\System\UmoIyli.exe
  C:\Windows\System\UmoIyli.exe
  2⤵
  PID:5152
- C:\Windows\System\scnFgfj.exe
  C:\Windows\System\scnFgfj.exe
  2⤵
  PID:5188
- C:\Windows\System\FdHwXIP.exe
  C:\Windows\System\FdHwXIP.exe
  2⤵
  PID:5244
- C:\Windows\System\AsXDBmC.exe
  C:\Windows\System\AsXDBmC.exe
  2⤵
  PID:5268
- C:\Windows\System\bIYYwqd.exe
  C:\Windows\System\bIYYwqd.exe
  2⤵
  PID:5580
- C:\Windows\System\qWLONje.exe
  C:\Windows\System\qWLONje.exe
  2⤵
  PID:5356
- C:\Windows\System\gXkkKer.exe
  C:\Windows\System\gXkkKer.exe
  2⤵
  PID:5376
- C:\Windows\System\KufragG.exe
  C:\Windows\System\KufragG.exe
  2⤵
  PID:6108
- C:\Windows\System\NLWIDKN.exe
  C:\Windows\System\NLWIDKN.exe
  2⤵
  PID:836
- C:\Windows\System\TBPsNfb.exe
  C:\Windows\System\TBPsNfb.exe
  2⤵
  PID:5756
- C:\Windows\System\FLBlAuj.exe
  C:\Windows\System\FLBlAuj.exe
  2⤵
  PID:4732
- C:\Windows\System\tevNEur.exe
  C:\Windows\System\tevNEur.exe
  2⤵
  PID:1092
- C:\Windows\System\FIcDZck.exe
  C:\Windows\System\FIcDZck.exe
  2⤵
  PID:5600
- C:\Windows\System\tLGvnHN.exe
  C:\Windows\System\tLGvnHN.exe
  2⤵
  PID:5540
- C:\Windows\System\myPVKUy.exe
  C:\Windows\System\myPVKUy.exe
  2⤵
  PID:5716
- C:\Windows\System\xWIYGBL.exe
  C:\Windows\System\xWIYGBL.exe
  2⤵
  PID:4352
- C:\Windows\System\WDXJnmv.exe
  C:\Windows\System\WDXJnmv.exe
  2⤵
  PID:5792
- C:\Windows\System\OBpmlTZ.exe
  C:\Windows\System\OBpmlTZ.exe
  2⤵
  PID:5824
- C:\Windows\System\fEYCTEq.exe
  C:\Windows\System\fEYCTEq.exe
  2⤵
  PID:3208
- C:\Windows\System\CnKYDIu.exe
  C:\Windows\System\CnKYDIu.exe
  2⤵
  PID:5892
- C:\Windows\System\suQxemm.exe
  C:\Windows\System\suQxemm.exe
  2⤵
  PID:1540
- C:\Windows\System\hExXUzo.exe
  C:\Windows\System\hExXUzo.exe
  2⤵
  PID:5672
- C:\Windows\System\HHFmvVA.exe
  C:\Windows\System\HHFmvVA.exe
  2⤵
  PID:1140
- C:\Windows\System\VJlrMrI.exe
  C:\Windows\System\VJlrMrI.exe
  2⤵
  PID:5220
- C:\Windows\System\AiyLecQ.exe
  C:\Windows\System\AiyLecQ.exe
  2⤵
  PID:5288
- C:\Windows\System\DtNgbgN.exe
  C:\Windows\System\DtNgbgN.exe
  2⤵
  PID:6048
- C:\Windows\System\hNKHdSz.exe
  C:\Windows\System\hNKHdSz.exe
  2⤵
  PID:6204
- C:\Windows\System\NQYeuxV.exe
  C:\Windows\System\NQYeuxV.exe
  2⤵
  PID:6224
- C:\Windows\System\lycyXij.exe
  C:\Windows\System\lycyXij.exe
  2⤵
  PID:6240
- C:\Windows\System\LUrEiFW.exe
  C:\Windows\System\LUrEiFW.exe
  2⤵
  PID:6264
- C:\Windows\System\uwRjECk.exe
  C:\Windows\System\uwRjECk.exe
  2⤵
  PID:6288
- C:\Windows\System\VEcRgMG.exe
  C:\Windows\System\VEcRgMG.exe
  2⤵
  PID:6308
- C:\Windows\System\lFAcpNY.exe
  C:\Windows\System\lFAcpNY.exe
  2⤵
  PID:6332
- C:\Windows\System\uOAwgoM.exe
  C:\Windows\System\uOAwgoM.exe
  2⤵
  PID:6356
- C:\Windows\System\PFiWMos.exe
  C:\Windows\System\PFiWMos.exe
  2⤵
  PID:6376
- C:\Windows\System\HQzlxRO.exe
  C:\Windows\System\HQzlxRO.exe
  2⤵
  PID:6404
- C:\Windows\System\HQGluci.exe
  C:\Windows\System\HQGluci.exe
  2⤵
  PID:6424
- C:\Windows\System\UVeXAop.exe
  C:\Windows\System\UVeXAop.exe
  2⤵
  PID:6452
- C:\Windows\System\AyyQTkT.exe
  C:\Windows\System\AyyQTkT.exe
  2⤵
  PID:6472
- C:\Windows\System\uiLavAa.exe
  C:\Windows\System\uiLavAa.exe
  2⤵
  PID:6492
- C:\Windows\System\MOSJvUy.exe
  C:\Windows\System\MOSJvUy.exe
  2⤵
  PID:6520
- C:\Windows\System\RxdRRBU.exe
  C:\Windows\System\RxdRRBU.exe
  2⤵
  PID:6552
- C:\Windows\System\KBeMZVF.exe
  C:\Windows\System\KBeMZVF.exe
  2⤵
  PID:6584
- C:\Windows\System\dhkxTuk.exe
  C:\Windows\System\dhkxTuk.exe
  2⤵
  PID:6608
- C:\Windows\System\YjeHHmX.exe
  C:\Windows\System\YjeHHmX.exe
  2⤵
  PID:6624
- C:\Windows\System\oTveEfE.exe
  C:\Windows\System\oTveEfE.exe
  2⤵
  PID:6648
- C:\Windows\System\AuIoBpB.exe
  C:\Windows\System\AuIoBpB.exe
  2⤵
  PID:6668
- C:\Windows\System\hWwENSe.exe
  C:\Windows\System\hWwENSe.exe
  2⤵
  PID:6684
- C:\Windows\System\YGeGUjY.exe
  C:\Windows\System\YGeGUjY.exe
  2⤵
  PID:6700
- C:\Windows\System\MsoaryE.exe
  C:\Windows\System\MsoaryE.exe
  2⤵
  PID:6716
- C:\Windows\System\arxDPti.exe
  C:\Windows\System\arxDPti.exe
  2⤵
  PID:6740
- C:\Windows\System\dVwVkPE.exe
  C:\Windows\System\dVwVkPE.exe
  2⤵
  PID:6760
- C:\Windows\System\UzWdyeL.exe
  C:\Windows\System\UzWdyeL.exe
  2⤵
  PID:6780
- C:\Windows\System\YASPXnR.exe
  C:\Windows\System\YASPXnR.exe
  2⤵
  PID:6800
- C:\Windows\System\jjHffqU.exe
  C:\Windows\System\jjHffqU.exe
  2⤵
  PID:6960
- C:\Windows\System\KLHxxir.exe
  C:\Windows\System\KLHxxir.exe
  2⤵
  PID:6976
- C:\Windows\System\jABXULp.exe
  C:\Windows\System\jABXULp.exe
  2⤵
  PID:6996
- C:\Windows\System\cIgKYNl.exe
  C:\Windows\System\cIgKYNl.exe
  2⤵
  PID:7012
- C:\Windows\System\kMWRZTa.exe
  C:\Windows\System\kMWRZTa.exe
  2⤵
  PID:7032
- C:\Windows\System\uRaxKpb.exe
  C:\Windows\System\uRaxKpb.exe
  2⤵
  PID:7056
- C:\Windows\System\yjRPdnd.exe
  C:\Windows\System\yjRPdnd.exe
  2⤵
  PID:7072
- C:\Windows\System\QZbRgCN.exe
  C:\Windows\System\QZbRgCN.exe
  2⤵
  PID:7092
- C:\Windows\System\WAAkExx.exe
  C:\Windows\System\WAAkExx.exe
  2⤵
  PID:7112
- C:\Windows\System\oFTPAWx.exe
  C:\Windows\System\oFTPAWx.exe
  2⤵
  PID:7132
- C:\Windows\System\wKjjRdt.exe
  C:\Windows\System\wKjjRdt.exe
  2⤵
  PID:7152
- C:\Windows\System\XARrLot.exe
  C:\Windows\System\XARrLot.exe
  2⤵
  PID:5156
- C:\Windows\System\fyRbXhx.exe
  C:\Windows\System\fyRbXhx.exe
  2⤵
  PID:5692
- C:\Windows\System\aVpFFwL.exe
  C:\Windows\System\aVpFFwL.exe
  2⤵
  PID:6176
- C:\Windows\System\PvpRhLw.exe
  C:\Windows\System\PvpRhLw.exe
  2⤵
  PID:7176
- C:\Windows\System\jUQYFhP.exe
  C:\Windows\System\jUQYFhP.exe
  2⤵
  PID:7200
- C:\Windows\System\kPbOyjR.exe
  C:\Windows\System\kPbOyjR.exe
  2⤵
  PID:7232
- C:\Windows\System\KIIZBnt.exe
  C:\Windows\System\KIIZBnt.exe
  2⤵
  PID:7268
- C:\Windows\System\VMVVIor.exe
  C:\Windows\System\VMVVIor.exe
  2⤵
  PID:7296
- C:\Windows\System\idRZywt.exe
  C:\Windows\System\idRZywt.exe
  2⤵
  PID:7320
- C:\Windows\System\wLenQPR.exe
  C:\Windows\System\wLenQPR.exe
  2⤵
  PID:7336
- C:\Windows\System\JhvPknv.exe
  C:\Windows\System\JhvPknv.exe
  2⤵
  PID:7360
- C:\Windows\System\MYCIWDB.exe
  C:\Windows\System\MYCIWDB.exe
  2⤵
  PID:7380
- C:\Windows\System\TUSIixh.exe
  C:\Windows\System\TUSIixh.exe
  2⤵
  PID:7400
- C:\Windows\System\iajlQtu.exe
  C:\Windows\System\iajlQtu.exe
  2⤵
  PID:7420
- C:\Windows\System\MAXybaZ.exe
  C:\Windows\System\MAXybaZ.exe
  2⤵
  PID:7436
- C:\Windows\System\gdRXcvR.exe
  C:\Windows\System\gdRXcvR.exe
  2⤵
  PID:7484
- C:\Windows\System\jkCcidW.exe
  C:\Windows\System\jkCcidW.exe
  2⤵
  PID:7500
- C:\Windows\System\iisPkIr.exe
  C:\Windows\System\iisPkIr.exe
  2⤵
  PID:7516
- C:\Windows\System\ZOqFgLh.exe
  C:\Windows\System\ZOqFgLh.exe
  2⤵
  PID:7536
- C:\Windows\System\qikOxyZ.exe
  C:\Windows\System\qikOxyZ.exe
  2⤵
  PID:7556
- C:\Windows\System\yibVyLD.exe
  C:\Windows\System\yibVyLD.exe
  2⤵
  PID:7580
- C:\Windows\System\bDhFztE.exe
  C:\Windows\System\bDhFztE.exe
  2⤵
  PID:7604
- C:\Windows\System\PIZKGrX.exe
  C:\Windows\System\PIZKGrX.exe
  2⤵
  PID:7620
- C:\Windows\System\mTBNqxD.exe
  C:\Windows\System\mTBNqxD.exe
  2⤵
  PID:7636
- C:\Windows\System\uvpvpuO.exe
  C:\Windows\System\uvpvpuO.exe
  2⤵
  PID:7660
- C:\Windows\System\hROZZZj.exe
  C:\Windows\System\hROZZZj.exe
  2⤵
  PID:7684
- C:\Windows\System\XjIwdPJ.exe
  C:\Windows\System\XjIwdPJ.exe
  2⤵
  PID:7704
- C:\Windows\System\CHuZTNY.exe
  C:\Windows\System\CHuZTNY.exe
  2⤵
  PID:7724
- C:\Windows\System\DonwdMc.exe
  C:\Windows\System\DonwdMc.exe
  2⤵
  PID:7740
- C:\Windows\System\tbdoFGF.exe
  C:\Windows\System\tbdoFGF.exe
  2⤵
  PID:7760
- C:\Windows\System\fJECIHB.exe
  C:\Windows\System\fJECIHB.exe
  2⤵
  PID:7776
- C:\Windows\System\nMfjOmD.exe
  C:\Windows\System\nMfjOmD.exe
  2⤵
  PID:7796
- C:\Windows\System\KzGfBCu.exe
  C:\Windows\System\KzGfBCu.exe
  2⤵
  PID:7816
- C:\Windows\System\VZHlEBe.exe
  C:\Windows\System\VZHlEBe.exe
  2⤵
  PID:7836
- C:\Windows\System\pLbKhme.exe
  C:\Windows\System\pLbKhme.exe
  2⤵
  PID:7856
- C:\Windows\System\fOycMsR.exe
  C:\Windows\System\fOycMsR.exe
  2⤵
  PID:7880
- C:\Windows\System\jXgukss.exe
  C:\Windows\System\jXgukss.exe
  2⤵
  PID:7896
- C:\Windows\System\JtJuxSq.exe
  C:\Windows\System\JtJuxSq.exe
  2⤵
  PID:7912
- C:\Windows\System\PZwAVWr.exe
  C:\Windows\System\PZwAVWr.exe
  2⤵
  PID:7928
- C:\Windows\System\XBfdbew.exe
  C:\Windows\System\XBfdbew.exe
  2⤵
  PID:7952
- C:\Windows\System\nfBYWFB.exe
  C:\Windows\System\nfBYWFB.exe
  2⤵
  PID:7976
- C:\Windows\System\MWNjIMN.exe
  C:\Windows\System\MWNjIMN.exe
  2⤵
  PID:8000
- C:\Windows\System\HwJYNYo.exe
  C:\Windows\System\HwJYNYo.exe
  2⤵
  PID:8020
- C:\Windows\System\BMtWXnm.exe
  C:\Windows\System\BMtWXnm.exe
  2⤵
  PID:8040
- C:\Windows\System\OfWuNBw.exe
  C:\Windows\System\OfWuNBw.exe
  2⤵
  PID:8064
- C:\Windows\System\jvGKrqI.exe
  C:\Windows\System\jvGKrqI.exe
  2⤵
  PID:8080
- C:\Windows\System\BwuqvDM.exe
  C:\Windows\System\BwuqvDM.exe
  2⤵
  PID:8104
- C:\Windows\System\vMsgnhm.exe
  C:\Windows\System\vMsgnhm.exe
  2⤵
  PID:8132
- C:\Windows\System\eLNImNu.exe
  C:\Windows\System\eLNImNu.exe
  2⤵
  PID:8148
- C:\Windows\System\OEgqCVn.exe
  C:\Windows\System\OEgqCVn.exe
  2⤵
  PID:8168
- C:\Windows\System\jPGoFYS.exe
  C:\Windows\System\jPGoFYS.exe
  2⤵
  PID:6232
- C:\Windows\System\tKZdqSa.exe
  C:\Windows\System\tKZdqSa.exe
  2⤵
  PID:6540
- C:\Windows\System\PqBWcFW.exe
  C:\Windows\System\PqBWcFW.exe
  2⤵
  PID:6692
- C:\Windows\System\knHjBHh.exe
  C:\Windows\System\knHjBHh.exe
  2⤵
  PID:6748
- C:\Windows\System\qIkhGAg.exe
  C:\Windows\System\qIkhGAg.exe
  2⤵
  PID:6324
- C:\Windows\System\NjGTQnv.exe
  C:\Windows\System\NjGTQnv.exe
  2⤵
  PID:6724
- C:\Windows\System\bIPwWOU.exe
  C:\Windows\System\bIPwWOU.exe
  2⤵
  PID:7408
- C:\Windows\System\ukiQJoN.exe
  C:\Windows\System\ukiQJoN.exe
  2⤵
  PID:7452
- C:\Windows\System\eUOTeAb.exe
  C:\Windows\System\eUOTeAb.exe
  2⤵
  PID:5604
- C:\Windows\System\FenjQUL.exe
  C:\Windows\System\FenjQUL.exe
  2⤵
  PID:5512
- C:\Windows\System\JsGwdRG.exe
  C:\Windows\System\JsGwdRG.exe
  2⤵
  PID:5820
- C:\Windows\System\hGpPVNw.exe
  C:\Windows\System\hGpPVNw.exe
  2⤵
  PID:6064
- C:\Windows\System\XpSYeZz.exe
  C:\Windows\System\XpSYeZz.exe
  2⤵
  PID:5160
- C:\Windows\System\WpuyQbN.exe
  C:\Windows\System\WpuyQbN.exe
  2⤵
  PID:5352
- C:\Windows\System\IRvviST.exe
  C:\Windows\System\IRvviST.exe
  2⤵
  PID:6160
- C:\Windows\System\dCABZiD.exe
  C:\Windows\System\dCABZiD.exe
  2⤵
  PID:6192
- C:\Windows\System\DLfwNIC.exe
  C:\Windows\System\DLfwNIC.exe
  2⤵
  PID:6256
- C:\Windows\System\YwAkEof.exe
  C:\Windows\System\YwAkEof.exe
  2⤵
  PID:6300
- C:\Windows\System\VAOhNOU.exe
  C:\Windows\System\VAOhNOU.exe
  2⤵
  PID:6364
- C:\Windows\System\HeilWWG.exe
  C:\Windows\System\HeilWWG.exe
  2⤵
  PID:6412
- C:\Windows\System\ywvZTPk.exe
  C:\Windows\System\ywvZTPk.exe
  2⤵
  PID:6464
- C:\Windows\System\zFYElNY.exe
  C:\Windows\System\zFYElNY.exe
  2⤵
  PID:6500
- C:\Windows\System\XRMOgMR.exe
  C:\Windows\System\XRMOgMR.exe
  2⤵
  PID:8204
- C:\Windows\System\BpKseMc.exe
  C:\Windows\System\BpKseMc.exe
  2⤵
  PID:8224
- C:\Windows\System\oFMzoOA.exe
  C:\Windows\System\oFMzoOA.exe
  2⤵
  PID:8248
- C:\Windows\System\LpiMSWh.exe
  C:\Windows\System\LpiMSWh.exe
  2⤵
  PID:8276
- C:\Windows\System\ovnocbF.exe
  C:\Windows\System\ovnocbF.exe
  2⤵
  PID:8300
- C:\Windows\System\gtWablX.exe
  C:\Windows\System\gtWablX.exe
  2⤵
  PID:8320
- C:\Windows\System\QUJvGQq.exe
  C:\Windows\System\QUJvGQq.exe
  2⤵
  PID:8344
- C:\Windows\System\UonStuI.exe
  C:\Windows\System\UonStuI.exe
  2⤵
  PID:8360
- C:\Windows\System\GEmrPhY.exe
  C:\Windows\System\GEmrPhY.exe
  2⤵
  PID:8384
- C:\Windows\System\WqdCUsM.exe
  C:\Windows\System\WqdCUsM.exe
  2⤵
  PID:8408
- C:\Windows\System\DKJCRbK.exe
  C:\Windows\System\DKJCRbK.exe
  2⤵
  PID:8428
- C:\Windows\System\QvVGaWL.exe
  C:\Windows\System\QvVGaWL.exe
  2⤵
  PID:8456
- C:\Windows\System\IRfOiTS.exe
  C:\Windows\System\IRfOiTS.exe
  2⤵
  PID:8472
- C:\Windows\System\lkFqXMC.exe
  C:\Windows\System\lkFqXMC.exe
  2⤵
  PID:8496
- C:\Windows\System\FufQGPZ.exe
  C:\Windows\System\FufQGPZ.exe
  2⤵
  PID:8520
- C:\Windows\System\TQogyEE.exe
  C:\Windows\System\TQogyEE.exe
  2⤵
  PID:8540
- C:\Windows\System\kNlmAKg.exe
  C:\Windows\System\kNlmAKg.exe
  2⤵
  PID:8564
- C:\Windows\System\iOKqMIf.exe
  C:\Windows\System\iOKqMIf.exe
  2⤵
  PID:8584
- C:\Windows\System\XlDarMq.exe
  C:\Windows\System\XlDarMq.exe
  2⤵
  PID:8600
- C:\Windows\System\nfBgGAs.exe
  C:\Windows\System\nfBgGAs.exe
  2⤵
  PID:8616
- C:\Windows\System\cVVXrnx.exe
  C:\Windows\System\cVVXrnx.exe
  2⤵
  PID:8632
- C:\Windows\System\ergdrtq.exe
  C:\Windows\System\ergdrtq.exe
  2⤵
  PID:8656
- C:\Windows\System\zYplUBb.exe
  C:\Windows\System\zYplUBb.exe
  2⤵
  PID:8676
- C:\Windows\System\DUurYBE.exe
  C:\Windows\System\DUurYBE.exe
  2⤵
  PID:8696
- C:\Windows\System\hnEfrKt.exe
  C:\Windows\System\hnEfrKt.exe
  2⤵
  PID:8716
- C:\Windows\System\MMYfUnL.exe
  C:\Windows\System\MMYfUnL.exe
  2⤵
  PID:8732
- C:\Windows\System\dbXwCNM.exe
  C:\Windows\System\dbXwCNM.exe
  2⤵
  PID:8756
- C:\Windows\System\VybHptY.exe
  C:\Windows\System\VybHptY.exe
  2⤵
  PID:8780
- C:\Windows\System\bhrhLwP.exe
  C:\Windows\System\bhrhLwP.exe
  2⤵
  PID:8800
- C:\Windows\System\dlcmQKw.exe
  C:\Windows\System\dlcmQKw.exe
  2⤵
  PID:8820
- C:\Windows\System\WyEOiUX.exe
  C:\Windows\System\WyEOiUX.exe
  2⤵
  PID:9124
- C:\Windows\System\cYYKJNz.exe
  C:\Windows\System\cYYKJNz.exe
  2⤵
  PID:7252
- C:\Windows\System\oBZgkIg.exe
  C:\Windows\System\oBZgkIg.exe
  2⤵
  PID:5912
- C:\Windows\System\vZRaNzN.exe
  C:\Windows\System\vZRaNzN.exe
  2⤵
  PID:6532
- C:\Windows\System\DzRUcYj.exe
  C:\Windows\System\DzRUcYj.exe
  2⤵
  PID:8340
- C:\Windows\System\yPhILAY.exe
  C:\Windows\System\yPhILAY.exe
  2⤵
  PID:7712
- C:\Windows\System\oNKKJfM.exe
  C:\Windows\System\oNKKJfM.exe
  2⤵
  PID:8452
- C:\Windows\System\RcrSKZg.exe
  C:\Windows\System\RcrSKZg.exe
  2⤵
  PID:7448
- C:\Windows\System\hTOmUdF.exe
  C:\Windows\System\hTOmUdF.exe
  2⤵
  PID:7828
- C:\Windows\System\cPBzqKf.exe
  C:\Windows\System\cPBzqKf.exe
  2⤵
  PID:8844
- C:\Windows\System\OmJAyql.exe
  C:\Windows\System\OmJAyql.exe
  2⤵
  PID:7464
- C:\Windows\System\KzIFvhb.exe
  C:\Windows\System\KzIFvhb.exe
  2⤵
  PID:7592
- C:\Windows\System\UcDQjQW.exe
  C:\Windows\System\UcDQjQW.exe
  2⤵
  PID:7768
- C:\Windows\System\MCABhmH.exe
  C:\Windows\System\MCABhmH.exe
  2⤵
  PID:7892
- C:\Windows\System\frSoQHn.exe
  C:\Windows\System\frSoQHn.exe
  2⤵
  PID:7924
- C:\Windows\System\owGEYnv.exe
  C:\Windows\System\owGEYnv.exe
  2⤵
  PID:7984
- C:\Windows\System\TyTNOCo.exe
  C:\Windows\System\TyTNOCo.exe
  2⤵
  PID:8060
- C:\Windows\System\pCudwxf.exe
  C:\Windows\System\pCudwxf.exe
  2⤵
  PID:8100
- C:\Windows\System\lAZqCJt.exe
  C:\Windows\System\lAZqCJt.exe
  2⤵
  PID:8488
- C:\Windows\System\RnQPbhj.exe
  C:\Windows\System\RnQPbhj.exe
  2⤵
  PID:6480
- C:\Windows\System\sqdyHyJ.exe
  C:\Windows\System\sqdyHyJ.exe
  2⤵
  PID:5264
- C:\Windows\System\kWjvihB.exe
  C:\Windows\System\kWjvihB.exe
  2⤵
  PID:5480
- C:\Windows\System\iEnnARz.exe
  C:\Windows\System\iEnnARz.exe
  2⤵
  PID:6708
- C:\Windows\System\JrCiXXR.exe
  C:\Windows\System\JrCiXXR.exe
  2⤵
  PID:8264
- C:\Windows\System\aDCDiMm.exe
  C:\Windows\System\aDCDiMm.exe
  2⤵
  PID:9228
- C:\Windows\System\gZYTEDe.exe
  C:\Windows\System\gZYTEDe.exe
  2⤵
  PID:9252
- C:\Windows\System\IhcweTY.exe
  C:\Windows\System\IhcweTY.exe
  2⤵
  PID:9272
- C:\Windows\System\lbknOks.exe
  C:\Windows\System\lbknOks.exe
  2⤵
  PID:9292
- C:\Windows\System\rQgpGSL.exe
  C:\Windows\System\rQgpGSL.exe
  2⤵
  PID:9312
- C:\Windows\System\xXsWida.exe
  C:\Windows\System\xXsWida.exe
  2⤵
  PID:9332
- C:\Windows\System\DaGVHcx.exe
  C:\Windows\System\DaGVHcx.exe
  2⤵
  PID:9352
- C:\Windows\System\ImMFrLU.exe
  C:\Windows\System\ImMFrLU.exe
  2⤵
  PID:9384
- C:\Windows\System\TuvQnTS.exe
  C:\Windows\System\TuvQnTS.exe
  2⤵
  PID:9404
- C:\Windows\System\AuKAfvu.exe
  C:\Windows\System\AuKAfvu.exe
  2⤵
  PID:9424
- C:\Windows\System\fNiNWOa.exe
  C:\Windows\System\fNiNWOa.exe
  2⤵
  PID:9448
- C:\Windows\System\GFjsmlS.exe
  C:\Windows\System\GFjsmlS.exe
  2⤵
  PID:9464
- C:\Windows\System\qsMzVrs.exe
  C:\Windows\System\qsMzVrs.exe
  2⤵
  PID:9488
- C:\Windows\System\rmbMVBN.exe
  C:\Windows\System\rmbMVBN.exe
  2⤵
  PID:9512
- C:\Windows\System\jkyLVRt.exe
  C:\Windows\System\jkyLVRt.exe
  2⤵
  PID:9536
- C:\Windows\System\qMVcGQH.exe
  C:\Windows\System\qMVcGQH.exe
  2⤵
  PID:9552
- C:\Windows\System\RHvfdqc.exe
  C:\Windows\System\RHvfdqc.exe
  2⤵
  PID:9580
- C:\Windows\System\zykyfEh.exe
  C:\Windows\System\zykyfEh.exe
  2⤵
  PID:9604
- C:\Windows\System\HzaTaAQ.exe
  C:\Windows\System\HzaTaAQ.exe
  2⤵
  PID:9656
- C:\Windows\System\mAEIGBc.exe
  C:\Windows\System\mAEIGBc.exe
  2⤵
  PID:9672
- C:\Windows\System\nKRdruN.exe
  C:\Windows\System\nKRdruN.exe
  2⤵
  PID:9840
- C:\Windows\System\GTYSapM.exe
  C:\Windows\System\GTYSapM.exe
  2⤵
  PID:9856
- C:\Windows\System\SHxmdLo.exe
  C:\Windows\System\SHxmdLo.exe
  2⤵
  PID:9988
- C:\Windows\System\GQsLcRd.exe
  C:\Windows\System\GQsLcRd.exe
  2⤵
  PID:10004
- C:\Windows\System\UxXNNPE.exe
  C:\Windows\System\UxXNNPE.exe
  2⤵
  PID:10172
- C:\Windows\System\LBiEXNj.exe
  C:\Windows\System\LBiEXNj.exe
  2⤵
  PID:10192
- C:\Windows\System\VghXjwM.exe
  C:\Windows\System\VghXjwM.exe
  2⤵
  PID:10212
- C:\Windows\System\vGNGxbv.exe
  C:\Windows\System\vGNGxbv.exe
  2⤵
  PID:10228
- C:\Windows\System\PUuWmGU.exe
  C:\Windows\System\PUuWmGU.exe
  2⤵
  PID:6680
- C:\Windows\System\hUyVTLE.exe
  C:\Windows\System\hUyVTLE.exe
  2⤵
  PID:6604
- C:\Windows\System\GNclgaV.exe
  C:\Windows\System\GNclgaV.exe
  2⤵
  PID:6736
- C:\Windows\System\iinDBeO.exe
  C:\Windows\System\iinDBeO.exe
  2⤵
  PID:5808
- C:\Windows\System\edsIyIm.exe
  C:\Windows\System\edsIyIm.exe
  2⤵
  PID:6116
- C:\Windows\System\JoIIWGD.exe
  C:\Windows\System\JoIIWGD.exe
  2⤵
  PID:6236
- C:\Windows\System\KnBxlPf.exe
  C:\Windows\System\KnBxlPf.exe
  2⤵
  PID:8308
- C:\Windows\System\ckYkGgs.exe
  C:\Windows\System\ckYkGgs.exe
  2⤵
  PID:8516
- C:\Windows\System\MziLXuj.exe
  C:\Windows\System\MziLXuj.exe
  2⤵
  PID:8576
- C:\Windows\System\uMXxYSK.exe
  C:\Windows\System\uMXxYSK.exe
  2⤵
  PID:8628
- C:\Windows\System\Ecsrhkp.exe
  C:\Windows\System\Ecsrhkp.exe
  2⤵
  PID:8692
- C:\Windows\System\YhWDXxT.exe
  C:\Windows\System\YhWDXxT.exe
  2⤵
  PID:8792
- C:\Windows\System\dlVrxGE.exe
  C:\Windows\System\dlVrxGE.exe
  2⤵
  PID:8184
- C:\Windows\System\ZvIdbvg.exe
  C:\Windows\System\ZvIdbvg.exe
  2⤵
  PID:8868
- C:\Windows\System\IMNlLhQ.exe
  C:\Windows\System\IMNlLhQ.exe
  2⤵
  PID:8900
- C:\Windows\System\ymrQpON.exe
  C:\Windows\System\ymrQpON.exe
  2⤵
  PID:8956
- C:\Windows\System\abxBoGL.exe
  C:\Windows\System\abxBoGL.exe
  2⤵
  PID:9544
- C:\Windows\System\QUrNJqK.exe
  C:\Windows\System\QUrNJqK.exe
  2⤵
  PID:9416
- C:\Windows\System\OiMVDRA.exe
  C:\Windows\System\OiMVDRA.exe
  2⤵
  PID:9320
- C:\Windows\System\eaQvhOO.exe
  C:\Windows\System\eaQvhOO.exe
  2⤵
  PID:9240
- C:\Windows\System\WxYuwPK.exe
  C:\Windows\System\WxYuwPK.exe
  2⤵
  PID:5196
- C:\Windows\System\huicDEk.exe
  C:\Windows\System\huicDEk.exe
  2⤵
  PID:9008
- C:\Windows\System\dWVQyGd.exe
  C:\Windows\System\dWVQyGd.exe
  2⤵
  PID:9056
- C:\Windows\System\jYyDeSL.exe
  C:\Windows\System\jYyDeSL.exe
  2⤵
  PID:6432
- C:\Windows\System\XWZaNxE.exe
  C:\Windows\System\XWZaNxE.exe
  2⤵
  PID:8704
- C:\Windows\System\jRComqN.exe
  C:\Windows\System\jRComqN.exe
  2⤵
  PID:8504
- C:\Windows\System\EWIeyFz.exe
  C:\Windows\System\EWIeyFz.exe
  2⤵
  PID:5280
- C:\Windows\System\GNeqnhc.exe
  C:\Windows\System\GNeqnhc.exe
  2⤵
  PID:7172
- C:\Windows\System\AbcEYgI.exe
  C:\Windows\System\AbcEYgI.exe
  2⤵
  PID:7224
- C:\Windows\System\MdXMRNU.exe
  C:\Windows\System\MdXMRNU.exe
  2⤵
  PID:6484
- C:\Windows\System\pYPaxvg.exe
  C:\Windows\System\pYPaxvg.exe
  2⤵
  PID:8368
- C:\Windows\System\NEfcUWU.exe
  C:\Windows\System\NEfcUWU.exe
  2⤵
  PID:8480
- C:\Windows\System\oRkehdQ.exe
  C:\Windows\System\oRkehdQ.exe
  2⤵
  PID:8164
- C:\Windows\System\FBQenXv.exe
  C:\Windows\System\FBQenXv.exe
  2⤵
  PID:7528
- C:\Windows\System\kTZRicb.exe
  C:\Windows\System\kTZRicb.exe
  2⤵
  PID:7908
- C:\Windows\System\ZtXLamn.exe
  C:\Windows\System\ZtXLamn.exe
  2⤵
  PID:8644
- C:\Windows\System\XjMtxeU.exe
  C:\Windows\System\XjMtxeU.exe
  2⤵
  PID:9236
- C:\Windows\System\ApesVpl.exe
  C:\Windows\System\ApesVpl.exe
  2⤵
  PID:9348
- C:\Windows\System\zuFmPuq.exe
  C:\Windows\System\zuFmPuq.exe
  2⤵
  PID:9412
- C:\Windows\System\JHbgNph.exe
  C:\Windows\System\JHbgNph.exe
  2⤵
  PID:9484
- C:\Windows\System\paFTXyc.exe
  C:\Windows\System\paFTXyc.exe
  2⤵
  PID:9548
- C:\Windows\System\oEiIHCl.exe
  C:\Windows\System\oEiIHCl.exe
  2⤵
  PID:9668
- C:\Windows\System\SqUdIfp.exe
  C:\Windows\System\SqUdIfp.exe
  2⤵
  PID:9832
- C:\Windows\System\oiSrUWc.exe
  C:\Windows\System\oiSrUWc.exe
  2⤵
  PID:9868
- C:\Windows\System\ASpzuLY.exe
  C:\Windows\System\ASpzuLY.exe
  2⤵
  PID:4000
- C:\Windows\System\vPIlZcx.exe
  C:\Windows\System\vPIlZcx.exe
  2⤵
  PID:1952
- C:\Windows\System\iFbVhhh.exe
  C:\Windows\System\iFbVhhh.exe
  2⤵
  PID:10056
- C:\Windows\System\IfeYezT.exe
  C:\Windows\System\IfeYezT.exe
  2⤵
  PID:8664
- C:\Windows\System\OsnxniV.exe
  C:\Windows\System\OsnxniV.exe
  2⤵
  PID:8216
- C:\Windows\System\fwqHihp.exe
  C:\Windows\System\fwqHihp.exe
  2⤵
  PID:9568
- C:\Windows\System\SbPmBEk.exe
  C:\Windows\System\SbPmBEk.exe
  2⤵
  PID:9028
- C:\Windows\System\WggDZcb.exe
  C:\Windows\System\WggDZcb.exe
  2⤵
  PID:10248
- C:\Windows\System\eIUDRIA.exe
  C:\Windows\System\eIUDRIA.exe
  2⤵
  PID:10276
- C:\Windows\System\ZVtOqIM.exe
  C:\Windows\System\ZVtOqIM.exe
  2⤵
  PID:10292
- C:\Windows\System\snegQYd.exe
  C:\Windows\System\snegQYd.exe
  2⤵
  PID:10316
- C:\Windows\System\vYVyfpc.exe
  C:\Windows\System\vYVyfpc.exe
  2⤵
  PID:10340
- C:\Windows\System\WavZyui.exe
  C:\Windows\System\WavZyui.exe
  2⤵
  PID:10364
- C:\Windows\System\hcAEQWW.exe
  C:\Windows\System\hcAEQWW.exe
  2⤵
  PID:10388
- C:\Windows\System\ZzIpanK.exe
  C:\Windows\System\ZzIpanK.exe
  2⤵
  PID:10412
- C:\Windows\System\ZxvqBPq.exe
  C:\Windows\System\ZxvqBPq.exe
  2⤵
  PID:10432
- C:\Windows\System\IDNNWji.exe
  C:\Windows\System\IDNNWji.exe
  2⤵
  PID:10460
- C:\Windows\System\VuExYYf.exe
  C:\Windows\System\VuExYYf.exe
  2⤵
  PID:10504
- C:\Windows\System\QyFWTZh.exe
  C:\Windows\System\QyFWTZh.exe
  2⤵
  PID:10520
- C:\Windows\System\NMJxKLz.exe
  C:\Windows\System\NMJxKLz.exe
  2⤵
  PID:10536
- C:\Windows\System\tGZPuXh.exe
  C:\Windows\System\tGZPuXh.exe
  2⤵
  PID:10552
- C:\Windows\System\UIsmvnf.exe
  C:\Windows\System\UIsmvnf.exe
  2⤵
  PID:10568
- C:\Windows\System\knFerOt.exe
  C:\Windows\System\knFerOt.exe
  2⤵
  PID:10584
- C:\Windows\System\VWyvkEX.exe
  C:\Windows\System\VWyvkEX.exe
  2⤵
  PID:10600
- C:\Windows\System\zsFOmzb.exe
  C:\Windows\System\zsFOmzb.exe
  2⤵
  PID:10616
- C:\Windows\System\rwGLktj.exe
  C:\Windows\System\rwGLktj.exe
  2⤵
  PID:10632
- C:\Windows\System\ewpHoTi.exe
  C:\Windows\System\ewpHoTi.exe
  2⤵
  PID:10648
- C:\Windows\System\kvhZnGh.exe
  C:\Windows\System\kvhZnGh.exe
  2⤵
  PID:10664
- C:\Windows\System\OTtHQJI.exe
  C:\Windows\System\OTtHQJI.exe
  2⤵
  PID:10680
- C:\Windows\System\VQHePPN.exe
  C:\Windows\System\VQHePPN.exe
  2⤵
  PID:10696
- C:\Windows\System\txWHRof.exe
  C:\Windows\System\txWHRof.exe
  2⤵
  PID:10712
- C:\Windows\System\BhARvxb.exe
  C:\Windows\System\BhARvxb.exe
  2⤵
  PID:10728
- C:\Windows\System\RDMXEsw.exe
  C:\Windows\System\RDMXEsw.exe
  2⤵
  PID:10744
- C:\Windows\System\XycxNWu.exe
  C:\Windows\System\XycxNWu.exe
  2⤵
  PID:10760
- C:\Windows\System\SSsMugC.exe
  C:\Windows\System\SSsMugC.exe
  2⤵
  PID:10776
- C:\Windows\System\iZrlwqI.exe
  C:\Windows\System\iZrlwqI.exe
  2⤵
  PID:10792
- C:\Windows\System\ATozsid.exe
  C:\Windows\System\ATozsid.exe
  2⤵
  PID:10812
- C:\Windows\System\HYrBejP.exe
  C:\Windows\System\HYrBejP.exe
  2⤵
  PID:10836
- C:\Windows\System\ukAnvgv.exe
  C:\Windows\System\ukAnvgv.exe
  2⤵
  PID:10856
- C:\Windows\System\dnBpeBq.exe
  C:\Windows\System\dnBpeBq.exe
  2⤵
  PID:10880
- C:\Windows\System\MAvlCNX.exe
  C:\Windows\System\MAvlCNX.exe
  2⤵
  PID:10900
- C:\Windows\System\vFbVwNs.exe
  C:\Windows\System\vFbVwNs.exe
  2⤵
  PID:10920
- C:\Windows\System\rllGLTc.exe
  C:\Windows\System\rllGLTc.exe
  2⤵
  PID:10940
- C:\Windows\System\oUZcFje.exe
  C:\Windows\System\oUZcFje.exe
  2⤵
  PID:10960
- C:\Windows\System\CIhskpb.exe
  C:\Windows\System\CIhskpb.exe
  2⤵
  PID:10984
- C:\Windows\System\uuVGaue.exe
  C:\Windows\System\uuVGaue.exe
  2⤵
  PID:11016
- C:\Windows\System\JSsmXnP.exe
  C:\Windows\System\JSsmXnP.exe
  2⤵
  PID:11048
- C:\Windows\System\nykpPpa.exe
  C:\Windows\System\nykpPpa.exe
  2⤵
  PID:11108
- C:\Windows\System\uKiGAnc.exe
  C:\Windows\System\uKiGAnc.exe
  2⤵
  PID:11168
- C:\Windows\System\xAWYvrv.exe
  C:\Windows\System\xAWYvrv.exe
  2⤵
  PID:11204
- C:\Windows\System\INkHWOc.exe
  C:\Windows\System\INkHWOc.exe
  2⤵
  PID:11244
- C:\Windows\System\ZHABvUe.exe
  C:\Windows\System\ZHABvUe.exe
  2⤵
  PID:8532
- C:\Windows\System\QouIffZ.exe
  C:\Windows\System\QouIffZ.exe
  2⤵
  PID:7192
- C:\Windows\System\KpoQzco.exe
  C:\Windows\System\KpoQzco.exe
  2⤵
  PID:9596
- C:\Windows\System\qYpRion.exe
  C:\Windows\System\qYpRion.exe
  2⤵
  PID:8724
- C:\Windows\System\nOkyNMH.exe
  C:\Windows\System\nOkyNMH.exe
  2⤵
  PID:9400
- C:\Windows\System\jhkbPdV.exe
  C:\Windows\System\jhkbPdV.exe
  2⤵
  PID:9620
- C:\Windows\System\yFzbONG.exe
  C:\Windows\System\yFzbONG.exe
  2⤵
  PID:9848
- C:\Windows\System\YiqVUba.exe
  C:\Windows\System\YiqVUba.exe
  2⤵
  PID:11296
- C:\Windows\System\dRLoDrd.exe
  C:\Windows\System\dRLoDrd.exe
  2⤵
  PID:11324
- C:\Windows\System\mkJeywU.exe
  C:\Windows\System\mkJeywU.exe
  2⤵
  PID:11344
- C:\Windows\System\aTupvfr.exe
  C:\Windows\System\aTupvfr.exe
  2⤵
  PID:11368
- C:\Windows\System\lwnfHxQ.exe
  C:\Windows\System\lwnfHxQ.exe
  2⤵
  PID:11392
- C:\Windows\System\rWopyod.exe
  C:\Windows\System\rWopyod.exe
  2⤵
  PID:11424
- C:\Windows\System\ysthnru.exe
  C:\Windows\System\ysthnru.exe
  2⤵
  PID:11448
- C:\Windows\System\dAarMCn.exe
  C:\Windows\System\dAarMCn.exe
  2⤵
  PID:11468
- C:\Windows\System\HWUatnS.exe
  C:\Windows\System\HWUatnS.exe
  2⤵
  PID:11488
- C:\Windows\System\iYqCQAg.exe
  C:\Windows\System\iYqCQAg.exe
  2⤵
  PID:11512
- C:\Windows\System\FbzURHz.exe
  C:\Windows\System\FbzURHz.exe
  2⤵
  PID:11536
- C:\Windows\System\ksagGsw.exe
  C:\Windows\System\ksagGsw.exe
  2⤵
  PID:11556
- C:\Windows\System\SMljvqT.exe
  C:\Windows\System\SMljvqT.exe
  2⤵
  PID:11580
- C:\Windows\System\UcyjCam.exe
  C:\Windows\System\UcyjCam.exe
  2⤵
  PID:11600
- C:\Windows\System\IzGltOJ.exe
  C:\Windows\System\IzGltOJ.exe
  2⤵
  PID:11624
- C:\Windows\System\hINBBdI.exe
  C:\Windows\System\hINBBdI.exe
  2⤵
  PID:11652
- C:\Windows\System\XGFzQCF.exe
  C:\Windows\System\XGFzQCF.exe
  2⤵
  PID:11668
- C:\Windows\System\VjvWHWj.exe
  C:\Windows\System\VjvWHWj.exe
  2⤵
  PID:11692
- C:\Windows\System\raWCZJk.exe
  C:\Windows\System\raWCZJk.exe
  2⤵
  PID:11716
- C:\Windows\System\ZEuZCWW.exe
  C:\Windows\System\ZEuZCWW.exe
  2⤵
  PID:11740
- C:\Windows\System\UZsnmUY.exe
  C:\Windows\System\UZsnmUY.exe
  2⤵
  PID:11764
- C:\Windows\System\keexwsd.exe
  C:\Windows\System\keexwsd.exe
  2⤵
  PID:11784
- C:\Windows\System\IzINmLg.exe
  C:\Windows\System\IzINmLg.exe
  2⤵
  PID:11808
- C:\Windows\System\GvCwGZI.exe
  C:\Windows\System\GvCwGZI.exe
  2⤵
  PID:11832
- C:\Windows\System\KMUVQTQ.exe
  C:\Windows\System\KMUVQTQ.exe
  2⤵
  PID:11856
- C:\Windows\System\cQHsAKe.exe
  C:\Windows\System\cQHsAKe.exe
  2⤵
  PID:11876
- C:\Windows\System\hdzJLyb.exe
  C:\Windows\System\hdzJLyb.exe
  2⤵
  PID:11892
- C:\Windows\System\nKkdeSS.exe
  C:\Windows\System\nKkdeSS.exe
  2⤵
  PID:11908
- C:\Windows\System\fvkKYhx.exe
  C:\Windows\System\fvkKYhx.exe
  2⤵
  PID:11924
- C:\Windows\System\KKUgEda.exe
  C:\Windows\System\KKUgEda.exe
  2⤵
  PID:11940
- C:\Windows\System\IpoTluV.exe
  C:\Windows\System\IpoTluV.exe
  2⤵
  PID:11956
- C:\Windows\System\KsvCUWQ.exe
  C:\Windows\System\KsvCUWQ.exe
  2⤵
  PID:11972
- C:\Windows\System\RheHblG.exe
  C:\Windows\System\RheHblG.exe
  2⤵
  PID:11988
- C:\Windows\System\VgUcKwN.exe
  C:\Windows\System\VgUcKwN.exe
  2⤵
  PID:12004
- C:\Windows\System\ifDJDbC.exe
  C:\Windows\System\ifDJDbC.exe
  2⤵
  PID:12020
- C:\Windows\System\AaqzPFW.exe
  C:\Windows\System\AaqzPFW.exe
  2⤵
  PID:12040
- C:\Windows\System\ecLTMYF.exe
  C:\Windows\System\ecLTMYF.exe
  2⤵
  PID:12064
- C:\Windows\System\hlVInfl.exe
  C:\Windows\System\hlVInfl.exe
  2⤵
  PID:12084
- C:\Windows\System\xWULUKX.exe
  C:\Windows\System\xWULUKX.exe
  2⤵
  PID:12100
- C:\Windows\System\ddblxEG.exe
  C:\Windows\System\ddblxEG.exe
  2⤵
  PID:12116
- C:\Windows\System\GIzjiZR.exe
  C:\Windows\System\GIzjiZR.exe
  2⤵
  PID:12132
- C:\Windows\System\jjgRFtv.exe
  C:\Windows\System\jjgRFtv.exe
  2⤵
  PID:12152
- C:\Windows\System\ImLeEZY.exe
  C:\Windows\System\ImLeEZY.exe
  2⤵
  PID:12172
- C:\Windows\System\WxUJBkk.exe
  C:\Windows\System\WxUJBkk.exe
  2⤵
  PID:12188
- C:\Windows\System\GIZoHKZ.exe
  C:\Windows\System\GIZoHKZ.exe
  2⤵
  PID:12204
- C:\Windows\System\bJVzunj.exe
  C:\Windows\System\bJVzunj.exe
  2⤵
  PID:12224
- C:\Windows\System\uWoDXfn.exe
  C:\Windows\System\uWoDXfn.exe
  2⤵
  PID:12240
- C:\Windows\System\ZgPcdUt.exe
  C:\Windows\System\ZgPcdUt.exe
  2⤵
  PID:12256
- C:\Windows\System\rVYZtqo.exe
  C:\Windows\System\rVYZtqo.exe
  2⤵
  PID:12280
- C:\Windows\System\aRCUBDK.exe
  C:\Windows\System\aRCUBDK.exe
  2⤵
  PID:9108
- C:\Windows\System\yGBsYTI.exe
  C:\Windows\System\yGBsYTI.exe
  2⤵
  PID:10308
- C:\Windows\System\yMqjoiD.exe
  C:\Windows\System\yMqjoiD.exe
  2⤵
  PID:10360
- C:\Windows\System\zxxqaNS.exe
  C:\Windows\System\zxxqaNS.exe
  2⤵
  PID:10400
- C:\Windows\System\bjfujvl.exe
  C:\Windows\System\bjfujvl.exe
  2⤵
  PID:10100
- C:\Windows\System\pyuTEpM.exe
  C:\Windows\System\pyuTEpM.exe
  2⤵
  PID:10128
- C:\Windows\System\lXSldnb.exe
  C:\Windows\System\lXSldnb.exe
  2⤵
  PID:10156
- C:\Windows\System\RBRUzIq.exe
  C:\Windows\System\RBRUzIq.exe
  2⤵
  PID:10200
- C:\Windows\System\aISBthv.exe
  C:\Windows\System\aISBthv.exe
  2⤵
  PID:10220
- C:\Windows\System\dScKObs.exe
  C:\Windows\System\dScKObs.exe
  2⤵
  PID:6560
- C:\Windows\System\XggpRRx.exe
  C:\Windows\System\XggpRRx.exe
  2⤵
  PID:7352
- C:\Windows\System\SzXFdHD.exe
  C:\Windows\System\SzXFdHD.exe
  2⤵
  PID:5520
- C:\Windows\System\rgUppsk.exe
  C:\Windows\System\rgUppsk.exe
  2⤵
  PID:5688
- C:\Windows\System\ZdxYYgi.exe
  C:\Windows\System\ZdxYYgi.exe
  2⤵
  PID:8284
- C:\Windows\System\vllHrbB.exe
  C:\Windows\System\vllHrbB.exe
  2⤵
  PID:8560
- C:\Windows\System\ArSdmyD.exe
  C:\Windows\System\ArSdmyD.exe
  2⤵
  PID:10752
- C:\Windows\System\iZQqfBl.exe
  C:\Windows\System\iZQqfBl.exe
  2⤵
  PID:8672
- C:\Windows\System\VSmxsVJ.exe
  C:\Windows\System\VSmxsVJ.exe
  2⤵
  PID:10788
- C:\Windows\System\mtzMNgw.exe
  C:\Windows\System\mtzMNgw.exe
  2⤵
  PID:10824
- C:\Windows\System\ldYwRjY.exe
  C:\Windows\System\ldYwRjY.exe
  2⤵
  PID:10852
- C:\Windows\System\cqJVVPo.exe
  C:\Windows\System\cqJVVPo.exe
  2⤵
  PID:7652
- C:\Windows\System\RVKxbAk.exe
  C:\Windows\System\RVKxbAk.exe
  2⤵
  PID:9368
- C:\Windows\System\yKwjDHa.exe
  C:\Windows\System\yKwjDHa.exe
  2⤵
  PID:7372
- C:\Windows\System\PKtAJHk.exe
  C:\Windows\System\PKtAJHk.exe
  2⤵
  PID:10992
- C:\Windows\System\ZyUQxmZ.exe
  C:\Windows\System\ZyUQxmZ.exe
  2⤵
  PID:11024
- C:\Windows\System\DTSXMDb.exe
  C:\Windows\System\DTSXMDb.exe
  2⤵
  PID:11144
- C:\Windows\System\qaRRdwP.exe
  C:\Windows\System\qaRRdwP.exe
  2⤵
  PID:11228
- C:\Windows\System\qMVojBS.exe
  C:\Windows\System\qMVojBS.exe
  2⤵
  PID:1096
- C:\Windows\System\VAERvHG.exe
  C:\Windows\System\VAERvHG.exe
  2⤵
  PID:9828
- C:\Windows\System\qwmeXQJ.exe
  C:\Windows\System\qwmeXQJ.exe
  2⤵
  PID:10000
- C:\Windows\System\UEpMJxe.exe
  C:\Windows\System\UEpMJxe.exe
  2⤵
  PID:10424
- C:\Windows\System\smIacTB.exe
  C:\Windows\System\smIacTB.exe
  2⤵
  PID:11684
- C:\Windows\System\HTbGJLi.exe
  C:\Windows\System\HTbGJLi.exe
  2⤵
  PID:11736
- C:\Windows\System\HygERCH.exe
  C:\Windows\System\HygERCH.exe
  2⤵
  PID:12304
- C:\Windows\System\COiataH.exe
  C:\Windows\System\COiataH.exe
  2⤵
  PID:12324
- C:\Windows\System\sRbUhsV.exe
  C:\Windows\System\sRbUhsV.exe
  2⤵
  PID:12344
- C:\Windows\System\EvQqmrO.exe
  C:\Windows\System\EvQqmrO.exe
  2⤵
  PID:12364
- C:\Windows\System\BFsrVYR.exe
  C:\Windows\System\BFsrVYR.exe
  2⤵
  PID:12392
- C:\Windows\System\tVXvRVI.exe
  C:\Windows\System\tVXvRVI.exe
  2⤵
  PID:12428
- C:\Windows\System\LLmtBEx.exe
  C:\Windows\System\LLmtBEx.exe
  2⤵
  PID:12444
- C:\Windows\System\DGqJVys.exe
  C:\Windows\System\DGqJVys.exe
  2⤵
  PID:12512
- C:\Windows\System\YYBEEPS.exe
  C:\Windows\System\YYBEEPS.exe
  2⤵
  PID:12536
- C:\Windows\System\PeJkjyp.exe
  C:\Windows\System\PeJkjyp.exe
  2⤵
  PID:12552
- C:\Windows\System\mhpmBZF.exe
  C:\Windows\System\mhpmBZF.exe
  2⤵
  PID:12588
- C:\Windows\System\WRSZwsu.exe
  C:\Windows\System\WRSZwsu.exe
  2⤵
  PID:12632
- C:\Windows\System\OZQEjlu.exe
  C:\Windows\System\OZQEjlu.exe
  2⤵
  PID:12648
- C:\Windows\System\lcwqklT.exe
  C:\Windows\System\lcwqklT.exe
  2⤵
  PID:12664
- C:\Windows\System\qWmMwxQ.exe
  C:\Windows\System\qWmMwxQ.exe
  2⤵
  PID:12684
- C:\Windows\System\azIncCZ.exe
  C:\Windows\System\azIncCZ.exe
  2⤵
  PID:12704
- C:\Windows\System\JHVLWeK.exe
  C:\Windows\System\JHVLWeK.exe
  2⤵
  PID:12728
- C:\Windows\System\szuqDag.exe
  C:\Windows\System\szuqDag.exe
  2⤵
  PID:12748
- C:\Windows\System\ReIGdZa.exe
  C:\Windows\System\ReIGdZa.exe
  2⤵
  PID:12776
- C:\Windows\System\EVXkIAV.exe
  C:\Windows\System\EVXkIAV.exe
  2⤵
  PID:12800
- C:\Windows\System\icyBQdb.exe
  C:\Windows\System\icyBQdb.exe
  2⤵
  PID:12820
- C:\Windows\System\dVzrEcU.exe
  C:\Windows\System\dVzrEcU.exe
  2⤵
  PID:12852
- C:\Windows\System\afuYOEy.exe
  C:\Windows\System\afuYOEy.exe
  2⤵
  PID:12872
- C:\Windows\System\AeLQNBS.exe
  C:\Windows\System\AeLQNBS.exe
  2⤵
  PID:12892
- C:\Windows\System\PSGPCJd.exe
  C:\Windows\System\PSGPCJd.exe
  2⤵
  PID:12912
- C:\Windows\System\icPvXCh.exe
  C:\Windows\System\icPvXCh.exe
  2⤵
  PID:12932
- C:\Windows\System\mDjocVg.exe
  C:\Windows\System\mDjocVg.exe
  2⤵
  PID:12968
- C:\Windows\System\UPtsYGa.exe
  C:\Windows\System\UPtsYGa.exe
  2⤵
  PID:13004
- C:\Windows\System\dUCvunj.exe
  C:\Windows\System\dUCvunj.exe
  2⤵
  PID:11872
- C:\Windows\System\eZtSCZq.exe
  C:\Windows\System\eZtSCZq.exe
  2⤵
  PID:7148
- C:\Windows\System\YXTagWh.exe
  C:\Windows\System\YXTagWh.exe
  2⤵
  PID:3736
- C:\Windows\System\gSpAntE.exe
  C:\Windows\System\gSpAntE.exe
  2⤵
  PID:12112
- C:\Windows\System\cFOcIxZ.exe
  C:\Windows\System\cFOcIxZ.exe
  2⤵
  PID:10244
- C:\Windows\System\svKsacd.exe
  C:\Windows\System\svKsacd.exe
  2⤵
  PID:11116
- C:\Windows\System\erSjsKu.exe
  C:\Windows\System\erSjsKu.exe
  2⤵
  PID:11124
- C:\Windows\System\DHQcDcw.exe
  C:\Windows\System\DHQcDcw.exe
  2⤵
  PID:11196
- C:\Windows\System\gcqelZH.exe
  C:\Windows\System\gcqelZH.exe
  2⤵
  PID:8420
- C:\Windows\System\baBursP.exe
  C:\Windows\System\baBursP.exe
  2⤵
  PID:10052
- C:\Windows\System\CWzmuQZ.exe
  C:\Windows\System\CWzmuQZ.exe
  2⤵
  PID:8768
- C:\Windows\System\FkcnyqD.exe
  C:\Windows\System\FkcnyqD.exe
  2⤵
  PID:8884
- C:\Windows\System\IYtZpDO.exe
  C:\Windows\System\IYtZpDO.exe
  2⤵
  PID:10440
- C:\Windows\System\GsEwmQV.exe
  C:\Windows\System\GsEwmQV.exe
  2⤵
  PID:11620
- C:\Windows\System\hqTpwgu.exe
  C:\Windows\System\hqTpwgu.exe
  2⤵
  PID:13168
- C:\Windows\System\oursCqA.exe
  C:\Windows\System\oursCqA.exe
  2⤵
  PID:3580
- C:\Windows\System\lpXLRbD.exe
  C:\Windows\System\lpXLRbD.exe
  2⤵
  PID:10548
- C:\Windows\System\lXVXQdd.exe
  C:\Windows\System\lXVXQdd.exe
  2⤵
  PID:10580
- C:\Windows\System\sWuBmRd.exe
  C:\Windows\System\sWuBmRd.exe
  2⤵
  PID:10628
- C:\Windows\System\VEdMkvv.exe
  C:\Windows\System\VEdMkvv.exe
  2⤵
  PID:10672
- C:\Windows\System\vUWYDeg.exe
  C:\Windows\System\vUWYDeg.exe
  2⤵
  PID:10704
- C:\Windows\System\gaVpFkq.exe
  C:\Windows\System\gaVpFkq.exe
  2⤵
  PID:12532
- C:\Windows\System\EgolShE.exe
  C:\Windows\System\EgolShE.exe
  2⤵
  PID:12672
- C:\Windows\System\hdfbnbK.exe
  C:\Windows\System\hdfbnbK.exe
  2⤵
  PID:10912
- C:\Windows\System\bnveGAf.exe
  C:\Windows\System\bnveGAf.exe
  2⤵
  PID:10972
- C:\Windows\System\EEJeQZP.exe
  C:\Windows\System\EEJeQZP.exe
  2⤵
  PID:11056
- C:\Windows\System\dWjVQAw.exe
  C:\Windows\System\dWjVQAw.exe
  2⤵
  PID:11080
- C:\Windows\System\ZudnOjj.exe
  C:\Windows\System\ZudnOjj.exe
  2⤵
  PID:7316
- C:\Windows\System\NRZDlxY.exe
  C:\Windows\System\NRZDlxY.exe
  2⤵
  PID:8752
- C:\Windows\System\TdqEmWl.exe
  C:\Windows\System\TdqEmWl.exe
  2⤵
  PID:8508
- C:\Windows\System\PqGCjRE.exe
  C:\Windows\System\PqGCjRE.exe
  2⤵
  PID:2720
- C:\Windows\System\RzxOedQ.exe
  C:\Windows\System\RzxOedQ.exe
  2⤵
  PID:11136
- C:\Windows\System\MQAYbTB.exe
  C:\Windows\System\MQAYbTB.exe
  2⤵
  PID:12236
- C:\Windows\System\ebkpbzI.exe
  C:\Windows\System\ebkpbzI.exe
  2⤵
  PID:12276
- C:\Windows\System\QKSHUtG.exe
  C:\Windows\System\QKSHUtG.exe
  2⤵
  PID:10300
- C:\Windows\System\flpfXNl.exe
  C:\Windows\System\flpfXNl.exe
  2⤵
  PID:10380
- C:\Windows\System\SCjSbal.exe
  C:\Windows\System\SCjSbal.exe
  2⤵
  PID:5952
- C:\Windows\System\YUGkGJP.exe
  C:\Windows\System\YUGkGJP.exe
  2⤵
  PID:10740
- C:\Windows\System\juPqtXS.exe
  C:\Windows\System\juPqtXS.exe
  2⤵
  PID:10444
- C:\Windows\System\asOMivx.exe
  C:\Windows\System\asOMivx.exe
  2⤵
  PID:12320
- C:\Windows\System\goLFPvl.exe
  C:\Windows\System\goLFPvl.exe
  2⤵
  PID:12400
- C:\Windows\System\Xwktfkk.exe
  C:\Windows\System\Xwktfkk.exe
  2⤵
  PID:13200
- C:\Windows\System\yyIhIhl.exe
  C:\Windows\System\yyIhIhl.exe
  2⤵
  PID:13220
- C:\Windows\System\AGUxqMD.exe
  C:\Windows\System\AGUxqMD.exe
  2⤵
  PID:13248
- C:\Windows\System\gveZXok.exe
  C:\Windows\System\gveZXok.exe
  2⤵
  PID:13268
- C:\Windows\System\emmMOtq.exe
  C:\Windows\System\emmMOtq.exe
  2⤵
  PID:13048
- C:\Windows\System\aANcZMY.exe
  C:\Windows\System\aANcZMY.exe
  2⤵
  PID:12476
- C:\Windows\System\RtuChJS.exe
  C:\Windows\System\RtuChJS.exe
  2⤵
  PID:12660
- C:\Windows\System\MoAqSHj.exe
  C:\Windows\System\MoAqSHj.exe
  2⤵
  PID:12744
- C:\Windows\System\kasuQjp.exe
  C:\Windows\System\kasuQjp.exe
  2⤵
  PID:12816
- C:\Windows\System\WsNNprl.exe
  C:\Windows\System\WsNNprl.exe
  2⤵
  PID:12908
- C:\Windows\System\MCSLFdi.exe
  C:\Windows\System\MCSLFdi.exe
  2⤵
  PID:12996
- C:\Windows\System\YMoRxiG.exe
  C:\Windows\System\YMoRxiG.exe
  2⤵
  PID:13124
- C:\Windows\System\DiHdcMg.exe
  C:\Windows\System\DiHdcMg.exe
  2⤵
  PID:13064
- C:\Windows\System\CQlRMGz.exe
  C:\Windows\System\CQlRMGz.exe
  2⤵
  PID:13028
- C:\Windows\System\JgnwDXT.exe
  C:\Windows\System\JgnwDXT.exe
  2⤵
  PID:12940
- C:\Windows\System\FgfWPJK.exe
  C:\Windows\System\FgfWPJK.exe
  2⤵
  PID:12828
- C:\Windows\System\lrqqcSl.exe
  C:\Windows\System\lrqqcSl.exe
  2⤵
  PID:12676
- C:\Windows\System\gBLXipg.exe
  C:\Windows\System\gBLXipg.exe
  2⤵
  PID:12520
- C:\Windows\System\SGTNgXf.exe
  C:\Windows\System\SGTNgXf.exe
  2⤵
  PID:13100
- C:\Windows\System\wbzIuVe.exe
  C:\Windows\System\wbzIuVe.exe
  2⤵
  PID:11068
- C:\Windows\System\accTyYI.exe
  C:\Windows\System\accTyYI.exe
  2⤵
  PID:11200
- C:\Windows\System\VkAZZOZ.exe
  C:\Windows\System\VkAZZOZ.exe
  2⤵
  PID:7080
- C:\Windows\System\bljPBSB.exe
  C:\Windows\System\bljPBSB.exe
  2⤵
  PID:12128
- C:\Windows\System\ikoRAOu.exe
  C:\Windows\System\ikoRAOu.exe
  2⤵
  PID:13016
- C:\Windows\System\QTFBuLY.exe
  C:\Windows\System\QTFBuLY.exe
  2⤵
  PID:12436
- C:\Windows\System\zhOjbmb.exe
  C:\Windows\System\zhOjbmb.exe
  2⤵
  PID:12184
- C:\Windows\System\yCScLoQ.exe
  C:\Windows\System\yCScLoQ.exe
  2⤵
  PID:2524
- C:\Windows\System\icXVbWT.exe
  C:\Windows\System\icXVbWT.exe
  2⤵
  PID:12608
- C:\Windows\System\IKIbNFp.exe
  C:\Windows\System\IKIbNFp.exe
  2⤵
  PID:12988
- C:\Windows\System\wepTMOB.exe
  C:\Windows\System\wepTMOB.exe
  2⤵
  PID:13076
- C:\Windows\System\rhRzbKI.exe
  C:\Windows\System\rhRzbKI.exe
  2⤵
  PID:12764
- C:\Windows\System\gYzfyuW.exe
  C:\Windows\System\gYzfyuW.exe
  2⤵
  PID:12600
- C:\Windows\System\eyFDzTE.exe
  C:\Windows\System\eyFDzTE.exe
  2⤵
  PID:11648
- C:\Windows\System\OfNHZED.exe
  C:\Windows\System\OfNHZED.exe
  2⤵
  PID:1372
- C:\Windows\System\LOKhrkS.exe
  C:\Windows\System\LOKhrkS.exe
  2⤵
  PID:12164
- C:\Windows\System\IzFdMJm.exe
  C:\Windows\System\IzFdMJm.exe
  2⤵
  PID:10724
- C:\Windows\System\BtplbCN.exe
  C:\Windows\System\BtplbCN.exe
  2⤵
  PID:10348
- C:\Windows\System\QVkeQsC.exe
  C:\Windows\System\QVkeQsC.exe
  2⤵
  PID:13236
- C:\Windows\System\xGaZBFO.exe
  C:\Windows\System\xGaZBFO.exe
  2⤵
  PID:12700
- C:\Windows\System\SXcfbLM.exe
  C:\Windows\System\SXcfbLM.exe
  2⤵
  PID:12388
- C:\Windows\System\yEiqxvv.exe
  C:\Windows\System\yEiqxvv.exe
  2⤵
  PID:7048
- C:\Windows\System\kfFUnQa.exe
  C:\Windows\System\kfFUnQa.exe
  2⤵
  PID:11164
- C:\Windows\System\CEezpAW.exe
  C:\Windows\System\CEezpAW.exe
  2⤵
  PID:13020
- C:\Windows\System\DZuqeyo.exe
  C:\Windows\System\DZuqeyo.exe
  2⤵
  PID:10736
- C:\Windows\System\uZHytkX.exe
  C:\Windows\System\uZHytkX.exe
  2⤵
  PID:10048
- C:\Windows\System\hvexPMp.exe
  C:\Windows\System\hvexPMp.exe
  2⤵
  PID:11676
- C:\Windows\System\XDjgtXy.exe
  C:\Windows\System\XDjgtXy.exe
  2⤵
  PID:10892
- C:\Windows\System\fvbMKUJ.exe
  C:\Windows\System\fvbMKUJ.exe
  2⤵
  PID:3576
- C:\Windows\System\bOSpiiU.exe
  C:\Windows\System\bOSpiiU.exe
  2⤵
  PID:13104
- C:\Windows\System\YVQWceh.exe
  C:\Windows\System\YVQWceh.exe
  2⤵
  PID:4712
- C:\Windows\System\cnTYcph.exe
  C:\Windows\System\cnTYcph.exe
  2⤵
  PID:13364
- C:\Windows\System\tfGhpfz.exe
  C:\Windows\System\tfGhpfz.exe
  2⤵
  PID:13384
- C:\Windows\System\QQKWiry.exe
  C:\Windows\System\QQKWiry.exe
  2⤵
  PID:13408
- C:\Windows\System\qogxfKS.exe
  C:\Windows\System\qogxfKS.exe
  2⤵
  PID:13440
- C:\Windows\System\kJbLLQa.exe
  C:\Windows\System\kJbLLQa.exe
  2⤵
  PID:13484
- C:\Windows\System\CmpsKok.exe
  C:\Windows\System\CmpsKok.exe
  2⤵
  PID:13504
- C:\Windows\System\TsbVzZI.exe
  C:\Windows\System\TsbVzZI.exe
  2⤵
  PID:13536
- C:\Windows\System\mUststG.exe
  C:\Windows\System\mUststG.exe
  2⤵
  PID:13576
- C:\Windows\System\TMRnwLp.exe
  C:\Windows\System\TMRnwLp.exe
  2⤵
  PID:13844
- C:\Windows\System\LsgeYTP.exe
  C:\Windows\System\LsgeYTP.exe
  2⤵
  PID:13860
- C:\Windows\System\BdWpkcN.exe
  C:\Windows\System\BdWpkcN.exe
  2⤵
  PID:13884
- C:\Windows\System\apQxcbL.exe
  C:\Windows\System\apQxcbL.exe
  2⤵
  PID:13916
- C:\Windows\System\makOLkV.exe
  C:\Windows\System\makOLkV.exe
  2⤵
  PID:13948
- C:\Windows\System\HcQfUyV.exe
  C:\Windows\System\HcQfUyV.exe
  2⤵
  PID:14056
- C:\Windows\System\QRfUvxF.exe
  C:\Windows\System\QRfUvxF.exe
  2⤵
  PID:14072
- C:\Windows\System\yxoqotU.exe
  C:\Windows\System\yxoqotU.exe
  2⤵
  PID:14116
- C:\Windows\System\vGJfEpW.exe
  C:\Windows\System\vGJfEpW.exe
  2⤵
  PID:14140
- C:\Windows\System\ivKXQeP.exe
  C:\Windows\System\ivKXQeP.exe
  2⤵
  PID:14160
- C:\Windows\System\vJyAbuJ.exe
  C:\Windows\System\vJyAbuJ.exe
  2⤵
  PID:14208
- C:\Windows\System\zslOBtQ.exe
  C:\Windows\System\zslOBtQ.exe
  2⤵
  PID:14224
- C:\Windows\System\sHlMhaC.exe
  C:\Windows\System\sHlMhaC.exe
  2⤵
  PID:14248
- C:\Windows\System\kNUFSic.exe
  C:\Windows\System\kNUFSic.exe
  2⤵
  PID:14264
- C:\Windows\System\ZTkehjv.exe
  C:\Windows\System\ZTkehjv.exe
  2⤵
  PID:11120
- C:\Windows\System\CHSIvol.exe
  C:\Windows\System\CHSIvol.exe
  2⤵
  PID:13176
- C:\Windows\System\rwBDWTn.exe
  C:\Windows\System\rwBDWTn.exe
  2⤵
  PID:1796
- C:\Windows\System\IMtISia.exe
  C:\Windows\System\IMtISia.exe
  2⤵
  PID:13496
- C:\Windows\System\AhguiLx.exe
  C:\Windows\System\AhguiLx.exe
  2⤵
  PID:13560
- C:\Windows\System\AqvCqbn.exe
  C:\Windows\System\AqvCqbn.exe
  2⤵
  PID:13732
- C:\Windows\System\FSfegTx.exe
  C:\Windows\System\FSfegTx.exe
  2⤵
  PID:8740
- C:\Windows\System\YlPAHDU.exe
  C:\Windows\System\YlPAHDU.exe
  2⤵
  PID:13000
- C:\Windows\System\QgXVKPK.exe
  C:\Windows\System\QgXVKPK.exe
  2⤵
  PID:13708
- C:\Windows\System\NactMyX.exe
  C:\Windows\System\NactMyX.exe
  2⤵
  PID:14176
- C:\Windows\System\gDlPZLG.exe
  C:\Windows\System\gDlPZLG.exe
  2⤵
  PID:13808
- C:\Windows\System\kgcotLY.exe
  C:\Windows\System\kgcotLY.exe
  2⤵
  PID:11520
- C:\Windows\System\MnNHEko.exe
  C:\Windows\System\MnNHEko.exe
  2⤵
  PID:14028
- C:\Windows\System\cOwYcds.exe
  C:\Windows\System\cOwYcds.exe
  2⤵
  PID:14052
- C:\Windows\System\jlMoicz.exe
  C:\Windows\System\jlMoicz.exe
  2⤵
  PID:10496
- C:\Windows\System\AgCcwSZ.exe
  C:\Windows\System\AgCcwSZ.exe
  2⤵
  PID:13400
- C:\Windows\System\mtZOuqo.exe
  C:\Windows\System\mtZOuqo.exe
  2⤵
  PID:14180
- C:\Windows\System\YJQpRmA.exe
  C:\Windows\System\YJQpRmA.exe
  2⤵
  PID:12616
- C:\Windows\System\aGXoEMn.exe
  C:\Windows\System\aGXoEMn.exe
  2⤵
  PID:13468
- C:\Windows\System\zWIdSyc.exe
  C:\Windows\System\zWIdSyc.exe
  2⤵
  PID:2080
- C:\Windows\System\xOKiWss.exe
  C:\Windows\System\xOKiWss.exe
  2⤵
  PID:12596
- C:\Windows\System\GjHDAfL.exe
  C:\Windows\System\GjHDAfL.exe
  2⤵
  PID:14016
- C:\Windows\System\fKNgAsC.exe
  C:\Windows\System\fKNgAsC.exe
  2⤵
  PID:12860
- C:\Windows\System\hOhFgRv.exe
  C:\Windows\System\hOhFgRv.exe
  2⤵
  PID:13740
- C:\Windows\System\JZbOIIV.exe
  C:\Windows\System\JZbOIIV.exe
  2⤵
  PID:8764
- C:\Windows\System\PdAjUGn.exe
  C:\Windows\System\PdAjUGn.exe
  2⤵
  PID:12992
- C:\Windows\System\JBkhGQy.exe
  C:\Windows\System\JBkhGQy.exe
  2⤵
  PID:13900
- C:\Windows\System\BHODLXL.exe
  C:\Windows\System\BHODLXL.exe
  2⤵
  PID:1316
- C:\Windows\System\ubzJrAC.exe
  C:\Windows\System\ubzJrAC.exe
  2⤵
  PID:14288
- C:\Windows\System\PPfBQln.exe
  C:\Windows\System\PPfBQln.exe
  2⤵
  PID:10396
- C:\Windows\System\DxoDiND.exe
  C:\Windows\System\DxoDiND.exe
  2⤵
  PID:13880
- C:\Windows\System\nKkRAkk.exe
  C:\Windows\System\nKkRAkk.exe
  2⤵
  PID:9976
- C:\Windows\System\QGlefAo.exe
  C:\Windows\System\QGlefAo.exe
  2⤵
  PID:14196
- C:\Windows\System\wOvfFKV.exe
  C:\Windows\System\wOvfFKV.exe
  2⤵
  PID:10688
- C:\Windows\System\SnSAfEg.exe
  C:\Windows\System\SnSAfEg.exe
  2⤵
  PID:9284
- C:\Windows\System\HVVOvGR.exe
  C:\Windows\System\HVVOvGR.exe
  2⤵
  PID:14320
- C:\Windows\System\gxMESWx.exe
  C:\Windows\System\gxMESWx.exe
  2⤵
  PID:13712
- C:\Windows\System\PcrUonC.exe
  C:\Windows\System\PcrUonC.exe
  2⤵
  PID:13828
- C:\Windows\System\tpNMJMy.exe
  C:\Windows\System\tpNMJMy.exe
  2⤵
  PID:12584
- C:\Windows\System\FcNealx.exe
  C:\Windows\System\FcNealx.exe
  2⤵
  PID:13804
- C:\Windows\System\HoaYQuP.exe
  C:\Windows\System\HoaYQuP.exe
  2⤵
  PID:9924
- C:\Windows\System\MmFEnhG.exe
  C:\Windows\System\MmFEnhG.exe
  2⤵
  PID:5504
- C:\Windows\System\wpgzPkH.exe
  C:\Windows\System\wpgzPkH.exe
  2⤵
  PID:10072
- C:\Windows\System\vaQCjiO.exe
  C:\Windows\System\vaQCjiO.exe
  2⤵
  PID:14132
- C:\Windows\System\WUpiNtX.exe
  C:\Windows\System\WUpiNtX.exe
  2⤵
  PID:13420
- C:\Windows\System\LQPxKsD.exe
  C:\Windows\System\LQPxKsD.exe
  2⤵
  PID:1500
- C:\Windows\System\HxxCkjT.exe
  C:\Windows\System\HxxCkjT.exe
  2⤵
  PID:13724
- C:\Windows\System\tuQDuZj.exe
  C:\Windows\System\tuQDuZj.exe
  2⤵
  PID:14184
- C:\Windows\System\IIKsJUf.exe
  C:\Windows\System\IIKsJUf.exe
  2⤵
  PID:13372
- C:\Windows\System\RhlbzkU.exe
  C:\Windows\System\RhlbzkU.exe
  2⤵
  PID:13348
- C:\Windows\System\dUkxteT.exe
  C:\Windows\System\dUkxteT.exe
  2⤵
  PID:2268
- C:\Windows\System\vjdGWkl.exe
  C:\Windows\System\vjdGWkl.exe
  2⤵
  PID:12720
- C:\Windows\System\mUHwLKY.exe
  C:\Windows\System\mUHwLKY.exe
  2⤵
  PID:13672
- C:\Windows\System\OnymteM.exe
  C:\Windows\System\OnymteM.exe
  2⤵
  PID:13964
- C:\Windows\System\uuMNXor.exe
  C:\Windows\System\uuMNXor.exe
  2⤵
  PID:13868
- C:\Windows\System\lgWovrY.exe
  C:\Windows\System\lgWovrY.exe
  2⤵
  PID:13640
- C:\Windows\System\oMwLoKL.exe
  C:\Windows\System\oMwLoKL.exe
  2⤵
  PID:14192
- C:\Windows\System\IDltYpw.exe
  C:\Windows\System\IDltYpw.exe
  2⤵
  PID:9040
- C:\Windows\System\dpCZqxw.exe
  C:\Windows\System\dpCZqxw.exe
  2⤵
  PID:14112
- C:\Windows\System\prTubky.exe
  C:\Windows\System\prTubky.exe
  2⤵
  PID:3444
- C:\Windows\System\ugxLepf.exe
  C:\Windows\System\ugxLepf.exe
  2⤵
  PID:13876
- C:\Windows\System\vvsCfuX.exe
  C:\Windows\System\vvsCfuX.exe
  2⤵
  PID:12572
- C:\Windows\System\phdzPLk.exe
  C:\Windows\System\phdzPLk.exe
  2⤵
  PID:13940
- C:\Windows\System\aoTuovj.exe
  C:\Windows\System\aoTuovj.exe
  2⤵
  PID:12624
- C:\Windows\System\uWyWEos.exe
  C:\Windows\System\uWyWEos.exe
  2⤵
  PID:4964
- C:\Windows\System\CQNnYuE.exe
  C:\Windows\System\CQNnYuE.exe
  2⤵
  PID:13784
- C:\Windows\System\AQKeKvm.exe
  C:\Windows\System\AQKeKvm.exe
  2⤵
  PID:2848
- C:\Windows\System\uYmgvXq.exe
  C:\Windows\System\uYmgvXq.exe
  2⤵
  PID:14260
- C:\Windows\System\FyUAnIR.exe
  C:\Windows\System\FyUAnIR.exe
  2⤵
  PID:13652
- C:\Windows\System\iQFLFYb.exe
  C:\Windows\System\iQFLFYb.exe
  2⤵
  PID:11256
- C:\Windows\System\KffskaA.exe
  C:\Windows\System\KffskaA.exe
  2⤵
  PID:12140
- C:\Windows\System\UivdwqO.exe
  C:\Windows\System\UivdwqO.exe
  2⤵
  PID:14360
- C:\Windows\System\FOviBju.exe
  C:\Windows\System\FOviBju.exe
  2⤵
  PID:14380
- C:\Windows\System\MbmJVeN.exe
  C:\Windows\System\MbmJVeN.exe
  2⤵
  PID:14404
- C:\Windows\System\fcwGwQY.exe
  C:\Windows\System\fcwGwQY.exe
  2⤵
  PID:14428
- C:\Windows\System\CVakPGh.exe
  C:\Windows\System\CVakPGh.exe
  2⤵
  PID:14568
- C:\Windows\System\NJfuKgL.exe
  C:\Windows\System\NJfuKgL.exe
  2⤵
  PID:14672
- C:\Windows\System\kMxsTds.exe
  C:\Windows\System\kMxsTds.exe
  2⤵
  PID:14780
- C:\Windows\System\bSdVRID.exe
  C:\Windows\System\bSdVRID.exe
  2⤵
  PID:14884
- C:\Windows\System\iVzKQta.exe
  C:\Windows\System\iVzKQta.exe
  2⤵
  PID:14900
- C:\Windows\System\kHjzyyZ.exe
  C:\Windows\System\kHjzyyZ.exe
  2⤵
  PID:14924

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 532 -p 12872 -ip 12872
1⤵
PID:13740

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 536 -p 9108 -ip 9108
1⤵
PID:13808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_j1gnolii.1lu.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AMwgWLr.exe

Filesize
1.9MB

MD5
42ddd581acfbf822d3c63a0d694ff90d

SHA1
da9533874ef56af9097640bf39bf0e9239f02357

SHA256
0b47f64d763a7b4d4776362b2f4a7e237b8422c727ce9f4ae41a279b91efb54f

SHA512
f6d9d01216409704ba4e57339f62633aa459df9494412eed4200ff87af7c465b4551757076292442738f703e306666154090f9c85a3074cf2195006a4a1f6f8d

Download Submit
C:\Windows\System\CAfcgMl.exe

Filesize
1.9MB

MD5
1732eba0261612d34a24572fe1a2efd8

SHA1
7812109cae2ca122f826bee0949ecdc2a9c2e01b

SHA256
8b6c836382ab735d005d0ac07bec7c2cebc9761c145729db88ca378822b8c91d

SHA512
fc03ba020333ebc3ba23a6e839502de91c2e1946e96fb250502a1f75872a2a14c57e2af639fb7743cd9a688fb7e64e6ee1a348c5ce4132943cd905af6f7dca5f

Download Submit
C:\Windows\System\COlgpAk.exe

Filesize
1.9MB

MD5
ee5be6f1753c4760f6ebf9512ede7cbe

SHA1
89063a48e5354a07ab7b7ee4fc1c6d350142fe64

SHA256
c1f7a3a1e933df899f8c5e492d17f72e378ad036e01e33df8814adeb2853a027

SHA512
e131183b4dc4c56d8d73c991f60724b8226e3c8d7cef5046438c609df2ae303a6a4889be59f61ce6a732b2e777f0e7d2c3af02b21064b2e41324d59971a59700

Download Submit
C:\Windows\System\FXTiErr.exe

Filesize
1.9MB

MD5
05dcf179adb31d8bcf7ace46c212e78a

SHA1
e548f5a03256ddf6f48f09335692adfbc02f3bee

SHA256
27e5807be8c57501ac53d130a5b91ba734b5500233dad4ca62674f774d2cead1

SHA512
17dab87224648dcbcdbb4ba08e00b0e813afc91688822f647e6630d5958735c68a7c2ad42fb7167f25a8d1863a04c52caa354fcea68970583b849fad55934070

Download Submit
C:\Windows\System\FkOcMSj.exe

Filesize
1.9MB

MD5
ccf84e77d09b773c2d3b6becff2c16d3

SHA1
954d926c7e95f19e60486d0d3714bd939ddfa239

SHA256
17f818a87a0ea7290b2c59b3bd4ca3d9fcf4e22b9292d3a6d367142f6b589341

SHA512
c3167f5df7cc65e74067cb2663ce0cd352d98fd9815bee0ca552db010a94c79a5d872744f8c86373ebe6e090600cc77671fa8638297bf0f2a0785b9501da405a

Download Submit
C:\Windows\System\GGuAJAs.exe

Filesize
1.9MB

MD5
b291ab420754f42d8836b88818e5e2c3

SHA1
0c0c889600c33db7c1430257ce1f33dcbe2166f3

SHA256
636ec147065781b046a9020cc4cbb3e6fef25fbbfd31ca33ae14cd22c003abfd

SHA512
51f8380cb6ebb217be7f9a23b479053d0fa731d798617a1b55171e37cc614537caefa0678bbcde60517cbea4585dca05b2e89e1bdf173bc22a8f2a0cb8440ea8

Download Submit
C:\Windows\System\Mxobdji.exe

Filesize
1.9MB

MD5
37dcdde462edb5e5e5637735653ae80d

SHA1
3cc6c393d5bd8940bd287c7ced6e77bd3b482fb1

SHA256
0e7b6631416d11603257bf85efeb5fcd0e81f9904afb521cde1e9f9c5238b2ad

SHA512
af475d6282c69ca2e8bc92a53a31cfc7d54804124f1585d451b9baa81c4d5be3d79c50cea51fb7ea38011fd08824a634bab9b8dac141a216e7c2e8bd379eed4d

Download Submit
C:\Windows\System\NFOOiRx.exe

Filesize
1.9MB

MD5
173c07f7dd89146a3ce96579b5b1a171

SHA1
f68669745533fb63cea5d762a1950756110c1f73

SHA256
ea156848cce5a422b3de43b22525b982295c5b47a3bb1b87aa21d862eee9c288

SHA512
f8c7dbb9e480704c160abec033c43adf4ad366cf3221a05cbbd16530c8617efb69c47276e1a88ec6a4dc114bf755fe4a0958e97692bbaf09c1d1216e947a9703

Download Submit
C:\Windows\System\RBumAoa.exe

Filesize
1.9MB

MD5
4df2873f252e11e132971e3b92a3a215

SHA1
b3f6da6ba6b83ddae4671573e6aeeb35374eada8

SHA256
40303f23170faff4562b4fcd3b4a4d4acf48724cde7dc4b551ddbd51260c94f3

SHA512
0c0bae51e99da7bcf39edce875b53a9b6295f8bcb30688e7e4eb4bb8d681919036dd4ba9a33c461000a97617d3201883ee59d4e4b21f12a2cedf2e185af96cdf

Download Submit
C:\Windows\System\SHpqqiZ.exe

Filesize
1.9MB

MD5
5e35216717f8f2af1dc651bc4e33f3fe

SHA1
54f102b86f28b379ae5b65a80c8af46b5d877d26

SHA256
ed3173baf8520d12e44af15fc72b2de00abf5ee8d3a13e3dc3f66ce1bafcbc7d

SHA512
354ccfb2f2f3d91529019aeb804cedc823e9d21ecd53e0e0bd0098ec99d52fb208934106b077f8ec2dcdbee04659ea0e59cf4fbd3c5a5289d8554c1e1640af27

Download Submit
C:\Windows\System\SoibNda.exe

Filesize
1.9MB

MD5
0a14f174d7495afd79e5bc32b9713e9d

SHA1
e60fea7bd9d1824825aed995b689906f2c647ef7

SHA256
e95374d8a9847ea6d429187d27f45a409695ea431416b7b80d51f0fc42897aa2

SHA512
232e86bb1d96cfbb27a657bd036952c15d6fd950989418780132ae54c130361da8b469a6aa59ef69f296462388cd3f6da9bc281499cbc93653f8ca4c69d6ae63

Download Submit
C:\Windows\System\TWOGZRo.exe

Filesize
1.9MB

MD5
8a91a5c907a6dffa389d506102682643

SHA1
2de915ce535afc54e276a0ae3d17f036d4943df4

SHA256
228b0ce542ad15762c1c7928f948955667d4c8908686a607d761df617f6db869

SHA512
1d5416808d56a64e3b0b63667bf483f98d47224299acf2faf2f0699581e95fc8fe58fb988b840a23d7252ba8b6f50a679ffbc31f93cee9f3fc8ac9cbaaf69ed3

Download Submit
C:\Windows\System\XycSaXa.exe

Filesize
1.9MB

MD5
3851ec2fc5a23b5582a95d148c86c080

SHA1
c628ba42b2a8db6675f805e38e8de8edd2fb4f7c

SHA256
2952f8f6103f2825c11c77349795b4f71e2c66656d35cb9a2b5adcd435b377c3

SHA512
52854477d2591aa6e83ea24ed39905c1d1daf4244df1c0c3e2c218765a53e30985f2dcfe543b9848c5888f56e8790b988ef9176d0558c9653fdd097626a3976c

Download Submit
C:\Windows\System\YUjuEzL.exe

Filesize
1.9MB

MD5
994fcaad7683e99f6beae02891e15165

SHA1
f37ffb581409accb7894d5cc77a8824bf1d19e44

SHA256
fec8bc2efd954ba065124e78dd1fbe31298b42316d448029f345205ae2845df9

SHA512
e7a08ab3c4d1271460f70521ff51beb6597259c1f9e0b7d71eb0d165555b7d2ba200e91ed3598a194a9a123daa5098229f850268e6747967f1b196e999f93f02

Download Submit
C:\Windows\System\ZtAilWX.exe

Filesize
1.9MB

MD5
fe929f1c5974f1f6050b2b6617473e98

SHA1
0146f9d9646c191f3bfa9afbd682be59d798daa5

SHA256
d59ee21b204b72da9e1c8d06e50cd76d4fd0754dddf563a8f7f3b9d5cd411e6a

SHA512
9221f6895b53eb10b9c632394502c350ace656f53e29ce6d41ab84533157de0c543ef52bfbc8ea30a49f713e8d23a9817986a4ddb59741e3c6ebcbe8139a2cb7

Download Submit
C:\Windows\System\ajcOTuT.exe

Filesize
1.9MB

MD5
e540b2840fe77a7cc7ca4d0dc505ba40

SHA1
6c3971a397aa0e73845deaa668a6def12d199fad

SHA256
71f4fb9405e57e95bfe66c57fa141e7fe3d6bf78db931033bc21018ce16c8f36

SHA512
8a171ecdd9fa9d679128cbba3bf3ca8f8b46d8ca0bb9acd1165cecec129e6fae4cc4a8f06605cdf8488af3b70bb59d306180d07909255a60eed62a9f9098c2e0

Download Submit
C:\Windows\System\cAdmXeg.exe

Filesize
1.9MB

MD5
8b93374f3928ec436352ad205efeaa18

SHA1
1666859cbd92db5d9e855c7a35e795b95c64abcf

SHA256
c2d525b504f8109cdff2139c690a2ecc915d0a1ae59f0c40729b4346e99f289c

SHA512
02fedcc48c54e753403d44f45beb9d6eddf1b2e0185bf66f38e7f3ab485fa04fb0c79a2d4a16aac29757ba9a7d3329be2f4b2605e7723a2204574a088e3ceff9

Download Submit
C:\Windows\System\cHWaYia.exe

Filesize
1.9MB

MD5
bee808f48ea32d518f94aa8ede75213e

SHA1
2a75be818b0572fbbae8ee8aa665621cee48856b

SHA256
390e474675ce6db8350098bceb068bc14e5a37a9e6723306812e6f56f16300e7

SHA512
cec925eec654c6d36118f031c34773e9707ee78ac0ff91baac155e6ac37bf0d2fa76105efea17c9c9054ea6861844474cb1e75bc74b5c1de6a34b4681fa25eb0

Download Submit
C:\Windows\System\cVBvskx.exe

Filesize
1.9MB

MD5
e231822d1bf9ead743fb5c22b3a42941

SHA1
96e412e76073ab839ada081805d8d9bf6276dd87

SHA256
da826389f87366fa7bf031fd3c111ef65588756e81dd9b06db2d44e1b5088c20

SHA512
d8735835bda9ac7d25987e9751b27af9f3c75460f7a07f9079c30185efad63c575fc95f9ced5c29051ece499c9928d3a562f5d2b4d837b4e09e98773be8aaeda

Download Submit
C:\Windows\System\fSixJXw.exe

Filesize
1.9MB

MD5
46c2c0fe8b734df674166545c27264ef

SHA1
82fd06005c392f6123ea26aac084227931c3c611

SHA256
cc922370a38836af8cedda2134cfa84331713687f4d284da0b79f9184071839b

SHA512
11433dcb375d86787990635af4e27a158f8b981e2ed84e3846eb550864c7ee63bd92cb67627f5ca90bd4bd0d6105e921cc664b6b55db4c01b5b2f0ffc945ca17

Download Submit
C:\Windows\System\fUKWoaK.exe

Filesize
1.9MB

MD5
15d4e0d340be41b9e0753b164ba92ac5

SHA1
bdbc9906d67afe18f3a8f4470d84e5ee81345ab7

SHA256
de0c0ba525bee04473bbc8faedbf950a52f5ca11d0b0570de870679bddcd9cd2

SHA512
a97d47fd193530432308477e82431b0f5b84486fac79847b9fb976d241abe615d675f4545d95d59976b44a537f5ee464a5fd04aafbceabeb34c6551c85a59fc9

Download Submit
C:\Windows\System\fZJSdkQ.exe

Filesize
1.9MB

MD5
40558bbb3025bfabacb50db5a5ea0e7c

SHA1
1945720e866df1416cf12b27410a52de752cdfd6

SHA256
6a9e42a7ff412ec35bde670e5d0c2d3c0d3dad5fcd40cb0d8d3cf403b022a8ac

SHA512
16d350ebbb03075dda3191bf55b290f1e777e5cd5b7022b43b65d41d5a176276d691c79816f6f026d8be4057c6c56cfe4b4779d02829933ffa104703aac0be7e

Download Submit
C:\Windows\System\fiueHuJ.exe

Filesize
1.9MB

MD5
e15cc3d7ed3f2914ce3e24c48425eaa1

SHA1
988bd3dcb72dd69586ae075ede11367bf3a7715b

SHA256
e009883b156f54f23f3f874f47c0bf49fa69c80b97fd91f5ef399f126ae92498

SHA512
48442e4f88320eb61b32ab76e7a7da37ee55603f25f5f0632ef55fcc93b8c06a85469e87af14d0507c5f31485915c554fcbed0bc96d2149818e547e063b5655b

Download Submit
C:\Windows\System\gjmZZbI.exe

Filesize
1.9MB

MD5
b5c5b9e081417ec1eab2bdfa9f2d2108

SHA1
c819cbf0eee400b208fdca30e5ab307cee3f9caa

SHA256
25250897717709d239e31e2d5e75ee1ce6e8f919ae622af48f38cf62f26ea2d9

SHA512
72a4914c14803ffb12f190421b2ed1d331a58a7651552b5e3d409ac69d567d5366c08fb35cebc72bc7ef0b75701f556f62ee878967e118b6c7cff27934d79e28

Download Submit
C:\Windows\System\hTSepqB.exe

Filesize
1.9MB

MD5
3113af3a82ac7f91a4b5727bef17ee72

SHA1
41a15f9c4ef4b5d9c50ff930bcfb3c91c79dcd4f

SHA256
ce4b0e440e09c2e0cfb7cf5b2cfc2c48f536bef9c2a9424284c02bf48d74c875

SHA512
e442fe5fa714d97715c72b63432e8e673ade72c1d223df78729c755161e4903d810f68b2d6ec422945cb76bc8ed8ae95537f597d18fb8b997d2db43e37443403

Download Submit
C:\Windows\System\jxCdAZV.exe

Filesize
1.9MB

MD5
f91f2cc08aef736f9480bd6053f0a684

SHA1
42024b8fa7633429a0d157ee7081b65816d5847d

SHA256
48bace65eb87e96e0cf4a284f2667c10c24ba680f501d88a03c293a618a0d5bb

SHA512
5ef1f47f10b3716b1d9e8386b00241448e2162694abe5ed2120e1379b65de7ff104a29e5148fd17bac69a8fdd43ea319bcb7841fbb7ce3e6e66a885777d917ef

Download Submit
C:\Windows\System\lgVhZEV.exe

Filesize
1.9MB

MD5
35ef37b04e5ea8aef4c3cb3ad2429e46

SHA1
0bc86be97eb502bf793a50b42ba4f0dad891c5f0

SHA256
fdcfa0b822561e6752ab86ad1d07209486982c9194691beed496cf42a844faf6

SHA512
6f6f56b39aaf6ef200d7dff1d4e6e8dff1b638d8d9416cac3aaf25a875a22605ad016858bca461f24f08fbc1bfcd93f3a3abc5d8af0714c51e097961b3882dda

Download Submit
C:\Windows\System\nBZJRQA.exe

Filesize
1.9MB

MD5
4277bdf597de99df7f39d32bdf0d6918

SHA1
4a441faf2b2c39da6cb19816c2a12e4842830dfe

SHA256
fba7c97fd609ec36d65dd59d876c244f92cd798e3cd205a2217cd7c9580a4636

SHA512
99d125a03cc166ccda0e6c9cddce7dde84e3680b6f6b21d71991ac7430f051d734704f103c038274ed91baaf0f8500ff56416b48a5bda184748fbb7b75f7a98e

Download Submit
C:\Windows\System\nSyaEKZ.exe

Filesize
1.9MB

MD5
05322ed71e2ab62372e763e51316932d

SHA1
b154d36f7c39cf50b2921dbbf88bc7df07a8c512

SHA256
452efb8ce93f6ee63860a68f04e7ad51a66d235e932ac40e250c9ad674345286

SHA512
a52710ec4d4f10c2ccc0049ca4da6fd61de181b01e457c8a5b9568951db3fce2c0c90320bae7542cd1e9457d91e93e048b0485c45f69397e2e7665ff587c4ade

Download Submit
C:\Windows\System\ncysXQG.exe

Filesize
1.9MB

MD5
e54f7ae96eff8fb658be61553229fb1c

SHA1
c3255cf8f9dca48e6e98d24e93b1d2321d845330

SHA256
ad3d9d7381d0d55220f76c3151a302466853a77bc091bc5a60dce2dae2cc4999

SHA512
9c6d5bbc19adeeb5da338570e284a18ec4099070fcc43ee6a39be3c6831c7036b6b827d25265f43c7c18786e23459a5ce21406cf393c9d8df617d33138fa8d21

Download Submit
C:\Windows\System\okozgez.exe

Filesize
1.9MB

MD5
ba8ce19a9dad1312bc6df21ee32b187d

SHA1
021b93206920383159f3780a28def3ecd93a6655

SHA256
09e3c8a81eda9b0d63c423213a108a77751d2c7b4e3cdbed594de699ce2f0cae

SHA512
36885faeff4b9c69d84be4b77fbbefbb2d518e8b0e04509b9eeb9423f5462af1ca333cefaab8d4c4588e1cdf897458f9197b8e0f0181e491157fc5bb8d795c1b

Download Submit
C:\Windows\System\qWthhTq.exe

Filesize
1.9MB

MD5
74e6e68a97fce066377399beb4bd51f9

SHA1
25db806ea79ab6784c01d07164289dc254902e9e

SHA256
c1e371a6f68326428f53d99b19660cc2390b1617bfcd916124fca13c780f7b0a

SHA512
80553673a664f5d4b94907d5eab12cd428ba95669521a7e2d4da701c5187879a45f62f79b38a3dd96f85512ddd53546c826ddc0bba810c21f1c3d5c982dcc4dc

Download Submit
C:\Windows\System\rWojhnU.exe

Filesize
1.9MB

MD5
b171cc4101624036d3eca99729e1e9c9

SHA1
e76d9e93f1dceb1e2de31c631de594b967fd7fdf

SHA256
3293c893144a5ee69669575304fa1337dc0879f7be49a8f32d82b62aa8f97a04

SHA512
2f14ee9fa45f2718d5b1da855449416d36ddc44065383e060399faa7e3d93fc359f5f56a752d01f4a6d121abd52da6020d321b205c0f36186a6957bfb4791049

Download Submit
C:\Windows\System\rpWSplz.exe

Filesize
1.9MB

MD5
22dfc88bc5316de642dc8d58257124e3

SHA1
d5fb759f323ca8c30df743f9f9aa9ff3ba7d6dd7

SHA256
fbf45f74ff6df2da3031f9ddcc3f64f88963b38dd761f495bfc540ff9ba80c99

SHA512
21fa88f0f93540d995f63cd68f715da3455188e8ea48f168b7abfec5c581150a49d523f593cd58e08a489cbf9328dcc0a85dcdcf052d63262516cec10e6180b4

Download Submit
C:\Windows\System\sNonqBX.exe

Filesize
1.9MB

MD5
eb646e4cdf309df062fa231a68ae7b66

SHA1
f32aed07447bee3e1f1fb99a1d4b5ab161368591

SHA256
8c293a7f0e04897ae314fec0982f36019014c12a2a11960fa2e012857a184bfe

SHA512
bb96b26cb2f49af07a59334cf1a86bf096987667a16c8dd2d22eb8ca6135317c0d60504c1820c617c472d78e2ec631d1da06796d372236adb8a9dacc40ffba04

Download Submit
C:\Windows\System\sYVHXki.exe

Filesize
1.9MB

MD5
6b762f65ecce8edd9714f2f261d6a65e

SHA1
01abbf57bd4299ede764b28539588e753221b9e1

SHA256
bd5ac352627c72771c986f2f9df798b4f61cf78c893f05d0ef6bee9d2dd2c921

SHA512
feb31beaa6d7c09c07ad2a4fec814b44a33a988d1b5bcb19bacf92934c80bbdfea7e61c8e9eadfbc900c4a8400e49a219c7b686e3baaf403dba5a87f4b27a558

Download Submit
C:\Windows\System\sfzanIB.exe

Filesize
1.9MB

MD5
c9590a0392dcba2d76a82c6c5bd3b9ba

SHA1
77bc0044ed5fcec49a33cec5d2c3bd321655debd

SHA256
d7851688a6370071bf8dd36e605906e143ee164ca50aa584ae08dd0264ce29aa

SHA512
5408cb57986f0e16dcb67f2a73d361825a1eadcc3ef160d3082fa67c6e46f2afbc37915629b4a26ce1b2dcb98ad7f895199030f36cd3ce105f8c83b798ed67f4

Download Submit
C:\Windows\System\wMnhEDB.exe

Filesize
1.9MB

MD5
c875f1890ee5f76380473d940add14be

SHA1
8a6ba6a0ed26f1b4fb0c53662c654a2a749f2874

SHA256
ad22a6108df8bba4d74d602e544f12c49c10e560dc23539071ef957acc315d2d

SHA512
f92a5663efd70e97d6dc378d24045a4ecbdb2a6e79ad0c254f98cde3d76b37991b1002b349282d472c6ab4c8048efb50db982def9a12e88443fd628c75ce5bbd

Download Submit
C:\Windows\System\wxbxylB.exe

Filesize
1.9MB

MD5
233ccf2ef6a965c78c7d14142f984191

SHA1
f031fc63c49397da8b8e10aa154799e2c94de8a3

SHA256
a0b6cce6897b8054e81df698a7ecd18a79ade81f65622a58f23fedd3478f2fe5

SHA512
6e6e96c9e2e83fe622bc802af9e632525b6dd375e3f6368a5536cd006de28eaaaa5fdbf37666b1d61a1b3049570e535b4a2fc79df910c6685982109a8e3d5bc1

Download Submit
memory/408-876-0x00007FF742450000-0x00007FF742842000-memory.dmp

Filesize
3.9MB

Download
memory/408-3951-0x00007FF742450000-0x00007FF742842000-memory.dmp

Filesize
3.9MB

Download
memory/428-3929-0x00007FF6D28F0000-0x00007FF6D2CE2000-memory.dmp

Filesize
3.9MB

Download
memory/428-294-0x00007FF6D28F0000-0x00007FF6D2CE2000-memory.dmp

Filesize
3.9MB

Download
memory/684-1005-0x00007FF694660000-0x00007FF694A52000-memory.dmp

Filesize
3.9MB

Download
memory/684-3960-0x00007FF694660000-0x00007FF694A52000-memory.dmp

Filesize
3.9MB

Download
memory/912-3941-0x00007FF7A7CB0000-0x00007FF7A80A2000-memory.dmp

Filesize
3.9MB

Download
memory/912-883-0x00007FF7A7CB0000-0x00007FF7A80A2000-memory.dmp

Filesize
3.9MB

Download
memory/2164-3969-0x00007FF7F6600000-0x00007FF7F69F2000-memory.dmp

Filesize
3.9MB

Download
memory/2164-329-0x00007FF7F6600000-0x00007FF7F69F2000-memory.dmp

Filesize
3.9MB

Download
memory/2188-234-0x00007FF6A3840000-0x00007FF6A3C32000-memory.dmp

Filesize
3.9MB

Download
memory/2188-3931-0x00007FF6A3840000-0x00007FF6A3C32000-memory.dmp

Filesize
3.9MB

Download
memory/2204-3947-0x00007FF70F170000-0x00007FF70F562000-memory.dmp

Filesize
3.9MB

Download
memory/2204-295-0x00007FF70F170000-0x00007FF70F562000-memory.dmp

Filesize
3.9MB

Download
memory/2252-4045-0x00007FF645E50000-0x00007FF646242000-memory.dmp

Filesize
3.9MB

Download
memory/2252-1002-0x00007FF645E50000-0x00007FF646242000-memory.dmp

Filesize
3.9MB

Download
memory/2372-912-0x00007FF6FF610000-0x00007FF6FFA02000-memory.dmp

Filesize
3.9MB

Download
memory/2372-3937-0x00007FF6FF610000-0x00007FF6FFA02000-memory.dmp

Filesize
3.9MB

Download
memory/2688-3956-0x00007FF679750000-0x00007FF679B42000-memory.dmp

Filesize
3.9MB

Download
memory/2688-1075-0x00007FF679750000-0x00007FF679B42000-memory.dmp

Filesize
3.9MB

Download
memory/2872-44-0x00007FFB9A0A3000-0x00007FFB9A0A5000-memory.dmp

Filesize
8KB

Download
memory/2872-376-0x000001FE9AEA0000-0x000001FE9AEC2000-memory.dmp

Filesize
136KB

Download
memory/2872-95-0x00007FFB9A0A0000-0x00007FFB9AB61000-memory.dmp

Filesize
10.8MB

Download
memory/2872-206-0x00007FFB9A0A0000-0x00007FFB9AB61000-memory.dmp

Filesize
10.8MB

Download
memory/3232-2676-0x00007FF63BDF0000-0x00007FF63C1E2000-memory.dmp

Filesize
3.9MB

Download
memory/3232-3945-0x00007FF63BDF0000-0x00007FF63C1E2000-memory.dmp

Filesize
3.9MB

Download
memory/3232-20-0x00007FF63BDF0000-0x00007FF63C1E2000-memory.dmp

Filesize
3.9MB

Download
memory/3652-597-0x00007FF7F3A90000-0x00007FF7F3E82000-memory.dmp

Filesize
3.9MB

Download
memory/3652-3955-0x00007FF7F3A90000-0x00007FF7F3E82000-memory.dmp

Filesize
3.9MB

Download
memory/3668-3939-0x00007FF649790000-0x00007FF649B82000-memory.dmp

Filesize
3.9MB

Download
memory/3668-1086-0x00007FF649790000-0x00007FF649B82000-memory.dmp

Filesize
3.9MB

Download
memory/3828-2603-0x00007FF777A40000-0x00007FF777E32000-memory.dmp

Filesize
3.9MB

Download
memory/3828-3927-0x00007FF777A40000-0x00007FF777E32000-memory.dmp

Filesize
3.9MB

Download
memory/3828-43-0x00007FF777A40000-0x00007FF777E32000-memory.dmp

Filesize
3.9MB

Download
memory/3840-706-0x00007FF642020000-0x00007FF642412000-memory.dmp

Filesize
3.9MB

Download
memory/3840-3959-0x00007FF642020000-0x00007FF642412000-memory.dmp

Filesize
3.9MB

Download
memory/3940-3935-0x00007FF795630000-0x00007FF795A22000-memory.dmp

Filesize
3.9MB

Download
memory/3940-913-0x00007FF795630000-0x00007FF795A22000-memory.dmp

Filesize
3.9MB

Download
memory/4060-3962-0x00007FF78ABF0000-0x00007FF78AFE2000-memory.dmp

Filesize
3.9MB

Download
memory/4060-253-0x00007FF78ABF0000-0x00007FF78AFE2000-memory.dmp

Filesize
3.9MB

Download
memory/4420-0-0x00007FF633C40000-0x00007FF634032000-memory.dmp

Filesize
3.9MB

Download
memory/4420-1-0x000002390DB70000-0x000002390DB80000-memory.dmp

Filesize
64KB

Download
memory/4420-2475-0x00007FF633C40000-0x00007FF634032000-memory.dmp

Filesize
3.9MB

Download
memory/4520-1085-0x00007FF625E50000-0x00007FF626242000-memory.dmp

Filesize
3.9MB

Download
memory/4520-3926-0x00007FF625E50000-0x00007FF626242000-memory.dmp

Filesize
3.9MB

Download
memory/4544-1084-0x00007FF6CA5F0000-0x00007FF6CA9E2000-memory.dmp

Filesize
3.9MB

Download
memory/4544-4043-0x00007FF6CA5F0000-0x00007FF6CA9E2000-memory.dmp

Filesize
3.9MB

Download
memory/4892-368-0x00007FF7D8530000-0x00007FF7D8922000-memory.dmp

Filesize
3.9MB

Download
memory/4892-4049-0x00007FF7D8530000-0x00007FF7D8922000-memory.dmp

Filesize
3.9MB

Download
memory/4896-3943-0x00007FF6376F0000-0x00007FF637AE2000-memory.dmp

Filesize
3.9MB

Download
memory/4896-430-0x00007FF6376F0000-0x00007FF637AE2000-memory.dmp

Filesize
3.9MB

Download
memory/4900-3902-0x00007FF7913D0000-0x00007FF7917C2000-memory.dmp

Filesize
3.9MB

Download
memory/4900-8-0x00007FF7913D0000-0x00007FF7917C2000-memory.dmp

Filesize
3.9MB

Download
memory/4900-2598-0x00007FF7913D0000-0x00007FF7917C2000-memory.dmp

Filesize
3.9MB

Download
memory/5020-427-0x00007FF6B1A40000-0x00007FF6B1E32000-memory.dmp

Filesize
3.9MB

Download
memory/5020-3949-0x00007FF6B1A40000-0x00007FF6B1E32000-memory.dmp

Filesize
3.9MB

Download
memory/5024-3953-0x00007FF64A900000-0x00007FF64ACF2000-memory.dmp

Filesize
3.9MB

Download
memory/5024-664-0x00007FF64A900000-0x00007FF64ACF2000-memory.dmp

Filesize
3.9MB

Download