xmrig | 234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009f

Analysis

max time kernel
94s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 05:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
Size

1.9MB
MD5

784cb3eef93ab4a5e93492fb3c0d5980
SHA1

9a8ecdb2e4fb6b64b541e59f72c7ba2de450770c
SHA256

234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009f
SHA512

4029aa51f1b4b1425edcc260a20158d3ea86996604bfe25dfbaf525a5ee84285eabe531036c3ff78a62c89f7aa8d6b06ead9522431074714103200efb1c8b489
SSDEEP

49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pXx/4i:NABT

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 47 IoCs

miner

resource	yara_rule
behavioral2/memory/220-50-0x00007FF7FF450000-0x00007FF7FF842000-memory.dmp	xmrig
behavioral2/memory/3768-52-0x00007FF762FB0000-0x00007FF7633A2000-memory.dmp	xmrig
behavioral2/memory/3476-54-0x00007FF7EB5B0000-0x00007FF7EB9A2000-memory.dmp	xmrig
behavioral2/memory/5116-68-0x00007FF7CD240000-0x00007FF7CD632000-memory.dmp	xmrig
behavioral2/memory/444-183-0x00007FF6052E0000-0x00007FF6056D2000-memory.dmp	xmrig
behavioral2/memory/2252-188-0x00007FF690780000-0x00007FF690B72000-memory.dmp	xmrig
behavioral2/memory/1592-2197-0x00007FF6595A0000-0x00007FF659992000-memory.dmp	xmrig
behavioral2/memory/4788-2194-0x00007FF6D3A60000-0x00007FF6D3E52000-memory.dmp	xmrig
behavioral2/memory/1576-2127-0x00007FF635590000-0x00007FF635982000-memory.dmp	xmrig
behavioral2/memory/4840-1809-0x00007FF631110000-0x00007FF631502000-memory.dmp	xmrig
behavioral2/memory/1464-1806-0x00007FF6468C0000-0x00007FF646CB2000-memory.dmp	xmrig
behavioral2/memory/4952-607-0x00007FF6C3510000-0x00007FF6C3902000-memory.dmp	xmrig
behavioral2/memory/4568-604-0x00007FF7CDA90000-0x00007FF7CDE82000-memory.dmp	xmrig
behavioral2/memory/2240-194-0x00007FF6D9620000-0x00007FF6D9A12000-memory.dmp	xmrig
behavioral2/memory/4968-193-0x00007FF720140000-0x00007FF720532000-memory.dmp	xmrig
behavioral2/memory/3344-190-0x00007FF6E0D80000-0x00007FF6E1172000-memory.dmp	xmrig
behavioral2/memory/2980-189-0x00007FF6FDF20000-0x00007FF6FE312000-memory.dmp	xmrig
behavioral2/memory/3208-186-0x00007FF7D9D40000-0x00007FF7DA132000-memory.dmp	xmrig
behavioral2/memory/1888-155-0x00007FF797A00000-0x00007FF797DF2000-memory.dmp	xmrig
behavioral2/memory/4156-69-0x00007FF61EF10000-0x00007FF61F302000-memory.dmp	xmrig
behavioral2/memory/2896-59-0x00007FF615BB0000-0x00007FF615FA2000-memory.dmp	xmrig
behavioral2/memory/4628-57-0x00007FF6C0710000-0x00007FF6C0B02000-memory.dmp	xmrig
behavioral2/memory/3604-53-0x00007FF70A530000-0x00007FF70A922000-memory.dmp	xmrig
behavioral2/memory/220-3380-0x00007FF7FF450000-0x00007FF7FF842000-memory.dmp	xmrig
behavioral2/memory/3768-3397-0x00007FF762FB0000-0x00007FF7633A2000-memory.dmp	xmrig
behavioral2/memory/5116-3401-0x00007FF7CD240000-0x00007FF7CD632000-memory.dmp	xmrig
behavioral2/memory/4952-3400-0x00007FF6C3510000-0x00007FF6C3902000-memory.dmp	xmrig
behavioral2/memory/2896-3405-0x00007FF615BB0000-0x00007FF615FA2000-memory.dmp	xmrig
behavioral2/memory/4628-3407-0x00007FF6C0710000-0x00007FF6C0B02000-memory.dmp	xmrig
behavioral2/memory/3476-3404-0x00007FF7EB5B0000-0x00007FF7EB9A2000-memory.dmp	xmrig
behavioral2/memory/3604-3426-0x00007FF70A530000-0x00007FF70A922000-memory.dmp	xmrig
behavioral2/memory/1464-3409-0x00007FF6468C0000-0x00007FF646CB2000-memory.dmp	xmrig
behavioral2/memory/4156-3431-0x00007FF61EF10000-0x00007FF61F302000-memory.dmp	xmrig
behavioral2/memory/4840-3436-0x00007FF631110000-0x00007FF631502000-memory.dmp	xmrig
behavioral2/memory/3584-3438-0x00007FF6E2C00000-0x00007FF6E2FF2000-memory.dmp	xmrig
behavioral2/memory/3344-3443-0x00007FF6E0D80000-0x00007FF6E1172000-memory.dmp	xmrig
behavioral2/memory/1888-3445-0x00007FF797A00000-0x00007FF797DF2000-memory.dmp	xmrig
behavioral2/memory/4968-3442-0x00007FF720140000-0x00007FF720532000-memory.dmp	xmrig
behavioral2/memory/3212-3440-0x00007FF7A0520000-0x00007FF7A0912000-memory.dmp	xmrig
behavioral2/memory/2240-3434-0x00007FF6D9620000-0x00007FF6D9A12000-memory.dmp	xmrig
behavioral2/memory/2252-3455-0x00007FF690780000-0x00007FF690B72000-memory.dmp	xmrig
behavioral2/memory/3208-3464-0x00007FF7D9D40000-0x00007FF7DA132000-memory.dmp	xmrig
behavioral2/memory/1576-3465-0x00007FF635590000-0x00007FF635982000-memory.dmp	xmrig
behavioral2/memory/2980-3459-0x00007FF6FDF20000-0x00007FF6FE312000-memory.dmp	xmrig
behavioral2/memory/4788-3457-0x00007FF6D3A60000-0x00007FF6D3E52000-memory.dmp	xmrig
behavioral2/memory/1592-3453-0x00007FF6595A0000-0x00007FF659992000-memory.dmp	xmrig
behavioral2/memory/444-3447-0x00007FF6052E0000-0x00007FF6056D2000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
10	4308	powershell.exe
13	4308	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
4308	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4952	MRVMZlt.exe
220	OehowBP.exe
3768	SBOeICw.exe
5116	uYzZIGl.exe
3604	BDfbwlJ.exe
3476	CdgdMfu.exe
4628	uzUMBpT.exe
2896	fTXGlur.exe
4156	HLbPsCA.exe
1464	JsIkLvd.exe
4840	iWWkdsF.exe
4968	VrOeSdA.exe
1576	ZbaTWtF.exe
3212	hXdGAUG.exe
3584	gdgDMEB.exe
1888	HKKxEuZ.exe
2240	owzoMEU.exe
4788	sUVnJUT.exe
1592	MfAttnj.exe
444	egJdMtB.exe
3208	LyvOBkV.exe
2252	qeQieOx.exe
2980	ymbQAqh.exe
3344	mQMTErF.exe
3968	omROiJw.exe
368	VSoxzBq.exe
1724	kgbuUzV.exe
408	NLNqDzE.exe
4420	cluJOPa.exe
2616	dusnelh.exe
2868	TBIWkQb.exe
2308	xcnhUQm.exe
2884	jHJmkLo.exe
1028	TllPeXu.exe
3468	yNVKEFd.exe
4960	EsOLXQm.exe
2996	SJRKMLO.exe
3096	NgAJYQh.exe
3488	abWwSAv.exe
860	jbzeGiP.exe
4264	SUJVQBy.exe
2204	kInkOYn.exe
4312	dhBCUhp.exe
2200	OhhEUpn.exe
4652	txEJpaG.exe
4504	VMloXpc.exe
1124	espYCSM.exe
4288	sBfnnbO.exe
4740	ZlSUonQ.exe
632	nagWmyD.exe
4884	bvhXuBy.exe
2072	vocPDPF.exe
2692	yzRUWSN.exe
4964	zxasLyH.exe
3536	RclVuoW.exe
1332	CkZpzfX.exe
4720	NxPLGDd.exe
880	iKEoVYk.exe
2312	JSFydkW.exe
4692	dnnpsGG.exe
4448	ShhyvwP.exe
4920	fJUDuXF.exe
1780	esiIPEK.exe
2552	NuHMBTg.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4568-0-0x00007FF7CDA90000-0x00007FF7CDE82000-memory.dmp	upx
behavioral2/files/0x000900000002347b-5.dat	upx
behavioral2/files/0x00070000000234de-13.dat	upx
behavioral2/files/0x00070000000234e3-33.dat	upx
behavioral2/files/0x00070000000234e1-34.dat	upx
behavioral2/files/0x00070000000234df-39.dat	upx
behavioral2/memory/220-50-0x00007FF7FF450000-0x00007FF7FF842000-memory.dmp	upx
behavioral2/memory/3768-52-0x00007FF762FB0000-0x00007FF7633A2000-memory.dmp	upx
behavioral2/memory/3476-54-0x00007FF7EB5B0000-0x00007FF7EB9A2000-memory.dmp	upx
behavioral2/files/0x00070000000234e4-58.dat	upx
behavioral2/memory/5116-68-0x00007FF7CD240000-0x00007FF7CD632000-memory.dmp	upx
behavioral2/files/0x00070000000234e7-72.dat	upx
behavioral2/files/0x00070000000234e8-93.dat	upx
behavioral2/files/0x00070000000234ef-120.dat	upx
behavioral2/files/0x00070000000234e9-142.dat	upx
behavioral2/files/0x00070000000234f4-154.dat	upx
behavioral2/memory/1592-168-0x00007FF6595A0000-0x00007FF659992000-memory.dmp	upx
behavioral2/files/0x00070000000234f6-166.dat	upx
behavioral2/memory/444-183-0x00007FF6052E0000-0x00007FF6056D2000-memory.dmp	upx
behavioral2/memory/2252-188-0x00007FF690780000-0x00007FF690B72000-memory.dmp	upx
behavioral2/memory/1592-2197-0x00007FF6595A0000-0x00007FF659992000-memory.dmp	upx
behavioral2/memory/4788-2194-0x00007FF6D3A60000-0x00007FF6D3E52000-memory.dmp	upx
behavioral2/memory/1576-2127-0x00007FF635590000-0x00007FF635982000-memory.dmp	upx
behavioral2/memory/4840-1809-0x00007FF631110000-0x00007FF631502000-memory.dmp	upx
behavioral2/memory/1464-1806-0x00007FF6468C0000-0x00007FF646CB2000-memory.dmp	upx
behavioral2/memory/4952-607-0x00007FF6C3510000-0x00007FF6C3902000-memory.dmp	upx
behavioral2/memory/4568-604-0x00007FF7CDA90000-0x00007FF7CDE82000-memory.dmp	upx
behavioral2/files/0x00070000000234fa-198.dat	upx
behavioral2/memory/2240-194-0x00007FF6D9620000-0x00007FF6D9A12000-memory.dmp	upx
behavioral2/memory/4968-193-0x00007FF720140000-0x00007FF720532000-memory.dmp	upx
behavioral2/files/0x00070000000234f9-191.dat	upx
behavioral2/memory/3344-190-0x00007FF6E0D80000-0x00007FF6E1172000-memory.dmp	upx
behavioral2/memory/2980-189-0x00007FF6FDF20000-0x00007FF6FE312000-memory.dmp	upx
behavioral2/memory/3208-186-0x00007FF7D9D40000-0x00007FF7DA132000-memory.dmp	upx
behavioral2/files/0x00070000000234f2-181.dat	upx
behavioral2/files/0x00070000000234f8-179.dat	upx
behavioral2/files/0x00070000000234f7-177.dat	upx
behavioral2/files/0x00070000000234f5-164.dat	upx
behavioral2/memory/4788-161-0x00007FF6D3A60000-0x00007FF6D3E52000-memory.dmp	upx
behavioral2/files/0x00070000000234ee-160.dat	upx
behavioral2/files/0x00070000000234f1-159.dat	upx
behavioral2/files/0x00080000000234da-158.dat	upx
behavioral2/files/0x00070000000234ea-157.dat	upx
behavioral2/files/0x00070000000234f0-156.dat	upx
behavioral2/memory/1888-155-0x00007FF797A00000-0x00007FF797DF2000-memory.dmp	upx
behavioral2/files/0x00070000000234ed-150.dat	upx
behavioral2/memory/3584-149-0x00007FF6E2C00000-0x00007FF6E2FF2000-memory.dmp	upx
behavioral2/files/0x00070000000234eb-145.dat	upx
behavioral2/memory/3212-140-0x00007FF7A0520000-0x00007FF7A0912000-memory.dmp	upx
behavioral2/files/0x00080000000234e6-137.dat	upx
behavioral2/files/0x00070000000234f3-136.dat	upx
behavioral2/files/0x00070000000234ec-133.dat	upx
behavioral2/memory/1576-113-0x00007FF635590000-0x00007FF635982000-memory.dmp	upx
behavioral2/files/0x00080000000234e5-102.dat	upx
behavioral2/memory/4840-90-0x00007FF631110000-0x00007FF631502000-memory.dmp	upx
behavioral2/memory/1464-73-0x00007FF6468C0000-0x00007FF646CB2000-memory.dmp	upx
behavioral2/memory/4156-69-0x00007FF61EF10000-0x00007FF61F302000-memory.dmp	upx
behavioral2/memory/2896-59-0x00007FF615BB0000-0x00007FF615FA2000-memory.dmp	upx
behavioral2/memory/4628-57-0x00007FF6C0710000-0x00007FF6C0B02000-memory.dmp	upx
behavioral2/memory/3604-53-0x00007FF70A530000-0x00007FF70A922000-memory.dmp	upx
behavioral2/files/0x00070000000234e2-42.dat	upx
behavioral2/files/0x00070000000234e0-35.dat	upx
behavioral2/memory/4952-21-0x00007FF6C3510000-0x00007FF6C3902000-memory.dmp	upx
behavioral2/files/0x00070000000234dd-14.dat	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
9	raw.githubusercontent.com
10	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\RWPhNvz.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\HeaDzJx.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\nbnGzGi.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\YVDGExo.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\rUetwIR.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\TFJUNjW.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\tXPekXp.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\pKDqsNz.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\okykUdX.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\FxwPlCZ.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\zexSCYF.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\ewMKuht.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\XHtLXvu.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\ENFqFar.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\UZKucUs.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\TWlaVgl.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\HsCTUVh.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\OTDLuuL.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\INBlTjT.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\cJKOVqW.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\bEQCUJg.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\JFnrBHW.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\jpQDXCf.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\YDfxajn.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\oyvzlPf.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\MBtNPhb.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\HojGZon.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\XXPVsco.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\lImgkVA.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\ymPRCGz.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\UwHKfdW.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\vocPDPF.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\toVQDKk.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\lADesmi.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\kyckOFO.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\nJmyQeq.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\xHAmnsd.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\OCnkozV.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\DhazWcz.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\cgGIDoj.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\gmAdPYu.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\WwdAgxH.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\GYjGBXW.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\oBiDYtc.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\vLbTquV.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\zGswIbY.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\APCoASe.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\fwsNHGA.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\RfIYuKu.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\YkXujZI.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\LhWYafC.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\AuNSfjY.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\HUAZqeX.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\RrLgJfQ.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\mZkNYDZ.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\fwnAvAc.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\NJBrvIE.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\PhSIlsZ.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\dzMwRYc.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\fFzZOwY.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\XtNDuMA.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\YeZPqwS.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\COnFfcZ.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
File created	C:\Windows\System\NLNqDzE.exe	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4308	powershell.exe
4308	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4308	powershell.exe
Token: SeLockMemoryPrivilege	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
Token: SeLockMemoryPrivilege	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4568 wrote to memory of 4308	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	83
PID 4568 wrote to memory of 4308	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	83
PID 4568 wrote to memory of 4952	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	84
PID 4568 wrote to memory of 4952	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	84
PID 4568 wrote to memory of 220	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	85
PID 4568 wrote to memory of 220	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	85
PID 4568 wrote to memory of 3768	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	86
PID 4568 wrote to memory of 3768	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	86
PID 4568 wrote to memory of 3476	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	87
PID 4568 wrote to memory of 3476	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	87
PID 4568 wrote to memory of 5116	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	88
PID 4568 wrote to memory of 5116	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	88
PID 4568 wrote to memory of 2896	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	89
PID 4568 wrote to memory of 2896	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	89
PID 4568 wrote to memory of 3604	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	90
PID 4568 wrote to memory of 3604	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	90
PID 4568 wrote to memory of 4628	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	91
PID 4568 wrote to memory of 4628	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	91
PID 4568 wrote to memory of 4156	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	92
PID 4568 wrote to memory of 4156	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	92
PID 4568 wrote to memory of 1464	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	93
PID 4568 wrote to memory of 1464	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	93
PID 4568 wrote to memory of 4840	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	94
PID 4568 wrote to memory of 4840	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	94
PID 4568 wrote to memory of 4968	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	95
PID 4568 wrote to memory of 4968	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	95
PID 4568 wrote to memory of 1576	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	96
PID 4568 wrote to memory of 1576	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	96
PID 4568 wrote to memory of 3212	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	97
PID 4568 wrote to memory of 3212	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	97
PID 4568 wrote to memory of 3208	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	98
PID 4568 wrote to memory of 3208	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	98
PID 4568 wrote to memory of 3584	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	99
PID 4568 wrote to memory of 3584	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	99
PID 4568 wrote to memory of 1888	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	100
PID 4568 wrote to memory of 1888	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	100
PID 4568 wrote to memory of 2240	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	101
PID 4568 wrote to memory of 2240	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	101
PID 4568 wrote to memory of 4788	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	102
PID 4568 wrote to memory of 4788	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	102
PID 4568 wrote to memory of 1592	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	103
PID 4568 wrote to memory of 1592	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	103
PID 4568 wrote to memory of 444	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	104
PID 4568 wrote to memory of 444	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	104
PID 4568 wrote to memory of 2252	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	105
PID 4568 wrote to memory of 2252	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	105
PID 4568 wrote to memory of 2980	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	106
PID 4568 wrote to memory of 2980	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	106
PID 4568 wrote to memory of 4420	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	107
PID 4568 wrote to memory of 4420	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	107
PID 4568 wrote to memory of 3344	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	108
PID 4568 wrote to memory of 3344	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	108
PID 4568 wrote to memory of 2616	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	109
PID 4568 wrote to memory of 2616	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	109
PID 4568 wrote to memory of 3968	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	110
PID 4568 wrote to memory of 3968	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	110
PID 4568 wrote to memory of 368	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	111
PID 4568 wrote to memory of 368	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	111
PID 4568 wrote to memory of 1724	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	112
PID 4568 wrote to memory of 1724	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	112
PID 4568 wrote to memory of 408	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	113
PID 4568 wrote to memory of 408	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	113
PID 4568 wrote to memory of 2868	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	114
PID 4568 wrote to memory of 2868	4568	234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe	114

C:\Users\Admin\AppData\Local\Temp\234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe
"C:\Users\Admin\AppData\Local\Temp\234cd5cfa842fda19f6a70f516231f2eff7d04bb0e35e108b87f002cb770009fN.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4568
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4308
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "4308" "2900" "2836" "2904" "0" "0" "2908" "0" "0" "0" "0" "0"
    3⤵
    PID:11036
- C:\Windows\System\MRVMZlt.exe
  C:\Windows\System\MRVMZlt.exe
  2⤵
  - Executes dropped EXE
  PID:4952
- C:\Windows\System\OehowBP.exe
  C:\Windows\System\OehowBP.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\SBOeICw.exe
  C:\Windows\System\SBOeICw.exe
  2⤵
  - Executes dropped EXE
  PID:3768
- C:\Windows\System\CdgdMfu.exe
  C:\Windows\System\CdgdMfu.exe
  2⤵
  - Executes dropped EXE
  PID:3476
- C:\Windows\System\uYzZIGl.exe
  C:\Windows\System\uYzZIGl.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\fTXGlur.exe
  C:\Windows\System\fTXGlur.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\BDfbwlJ.exe
  C:\Windows\System\BDfbwlJ.exe
  2⤵
  - Executes dropped EXE
  PID:3604
- C:\Windows\System\uzUMBpT.exe
  C:\Windows\System\uzUMBpT.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System\HLbPsCA.exe
  C:\Windows\System\HLbPsCA.exe
  2⤵
  - Executes dropped EXE
  PID:4156
- C:\Windows\System\JsIkLvd.exe
  C:\Windows\System\JsIkLvd.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\iWWkdsF.exe
  C:\Windows\System\iWWkdsF.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\VrOeSdA.exe
  C:\Windows\System\VrOeSdA.exe
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\System\ZbaTWtF.exe
  C:\Windows\System\ZbaTWtF.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\hXdGAUG.exe
  C:\Windows\System\hXdGAUG.exe
  2⤵
  - Executes dropped EXE
  PID:3212
- C:\Windows\System\LyvOBkV.exe
  C:\Windows\System\LyvOBkV.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System\gdgDMEB.exe
  C:\Windows\System\gdgDMEB.exe
  2⤵
  - Executes dropped EXE
  PID:3584
- C:\Windows\System\HKKxEuZ.exe
  C:\Windows\System\HKKxEuZ.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\owzoMEU.exe
  C:\Windows\System\owzoMEU.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\sUVnJUT.exe
  C:\Windows\System\sUVnJUT.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\MfAttnj.exe
  C:\Windows\System\MfAttnj.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\egJdMtB.exe
  C:\Windows\System\egJdMtB.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\qeQieOx.exe
  C:\Windows\System\qeQieOx.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\ymbQAqh.exe
  C:\Windows\System\ymbQAqh.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\cluJOPa.exe
  C:\Windows\System\cluJOPa.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\mQMTErF.exe
  C:\Windows\System\mQMTErF.exe
  2⤵
  - Executes dropped EXE
  PID:3344
- C:\Windows\System\dusnelh.exe
  C:\Windows\System\dusnelh.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\omROiJw.exe
  C:\Windows\System\omROiJw.exe
  2⤵
  - Executes dropped EXE
  PID:3968
- C:\Windows\System\VSoxzBq.exe
  C:\Windows\System\VSoxzBq.exe
  2⤵
  - Executes dropped EXE
  PID:368
- C:\Windows\System\kgbuUzV.exe
  C:\Windows\System\kgbuUzV.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\NLNqDzE.exe
  C:\Windows\System\NLNqDzE.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\TBIWkQb.exe
  C:\Windows\System\TBIWkQb.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\xcnhUQm.exe
  C:\Windows\System\xcnhUQm.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\jHJmkLo.exe
  C:\Windows\System\jHJmkLo.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\TllPeXu.exe
  C:\Windows\System\TllPeXu.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\yNVKEFd.exe
  C:\Windows\System\yNVKEFd.exe
  2⤵
  - Executes dropped EXE
  PID:3468
- C:\Windows\System\EsOLXQm.exe
  C:\Windows\System\EsOLXQm.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\SJRKMLO.exe
  C:\Windows\System\SJRKMLO.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\NgAJYQh.exe
  C:\Windows\System\NgAJYQh.exe
  2⤵
  - Executes dropped EXE
  PID:3096
- C:\Windows\System\abWwSAv.exe
  C:\Windows\System\abWwSAv.exe
  2⤵
  - Executes dropped EXE
  PID:3488
- C:\Windows\System\jbzeGiP.exe
  C:\Windows\System\jbzeGiP.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\SUJVQBy.exe
  C:\Windows\System\SUJVQBy.exe
  2⤵
  - Executes dropped EXE
  PID:4264
- C:\Windows\System\kInkOYn.exe
  C:\Windows\System\kInkOYn.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\dhBCUhp.exe
  C:\Windows\System\dhBCUhp.exe
  2⤵
  - Executes dropped EXE
  PID:4312
- C:\Windows\System\OhhEUpn.exe
  C:\Windows\System\OhhEUpn.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\txEJpaG.exe
  C:\Windows\System\txEJpaG.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\VMloXpc.exe
  C:\Windows\System\VMloXpc.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\espYCSM.exe
  C:\Windows\System\espYCSM.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\sBfnnbO.exe
  C:\Windows\System\sBfnnbO.exe
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Windows\System\ZlSUonQ.exe
  C:\Windows\System\ZlSUonQ.exe
  2⤵
  - Executes dropped EXE
  PID:4740
- C:\Windows\System\nagWmyD.exe
  C:\Windows\System\nagWmyD.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\bvhXuBy.exe
  C:\Windows\System\bvhXuBy.exe
  2⤵
  - Executes dropped EXE
  PID:4884
- C:\Windows\System\vocPDPF.exe
  C:\Windows\System\vocPDPF.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\yzRUWSN.exe
  C:\Windows\System\yzRUWSN.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\zxasLyH.exe
  C:\Windows\System\zxasLyH.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\RclVuoW.exe
  C:\Windows\System\RclVuoW.exe
  2⤵
  - Executes dropped EXE
  PID:3536
- C:\Windows\System\CkZpzfX.exe
  C:\Windows\System\CkZpzfX.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\NxPLGDd.exe
  C:\Windows\System\NxPLGDd.exe
  2⤵
  - Executes dropped EXE
  PID:4720
- C:\Windows\System\iKEoVYk.exe
  C:\Windows\System\iKEoVYk.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\JSFydkW.exe
  C:\Windows\System\JSFydkW.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\dnnpsGG.exe
  C:\Windows\System\dnnpsGG.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System\ShhyvwP.exe
  C:\Windows\System\ShhyvwP.exe
  2⤵
  - Executes dropped EXE
  PID:4448
- C:\Windows\System\fJUDuXF.exe
  C:\Windows\System\fJUDuXF.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\esiIPEK.exe
  C:\Windows\System\esiIPEK.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\NuHMBTg.exe
  C:\Windows\System\NuHMBTg.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\OsTZjPh.exe
  C:\Windows\System\OsTZjPh.exe
  2⤵
  PID:1720
- C:\Windows\System\iuuIteC.exe
  C:\Windows\System\iuuIteC.exe
  2⤵
  PID:4548
- C:\Windows\System\jvDomNN.exe
  C:\Windows\System\jvDomNN.exe
  2⤵
  PID:2320
- C:\Windows\System\iLStXfs.exe
  C:\Windows\System\iLStXfs.exe
  2⤵
  PID:1360
- C:\Windows\System\yHRYJot.exe
  C:\Windows\System\yHRYJot.exe
  2⤵
  PID:1044
- C:\Windows\System\gBaTAfc.exe
  C:\Windows\System\gBaTAfc.exe
  2⤵
  PID:1528
- C:\Windows\System\juhcLQp.exe
  C:\Windows\System\juhcLQp.exe
  2⤵
  PID:3192
- C:\Windows\System\SAhkdtr.exe
  C:\Windows\System\SAhkdtr.exe
  2⤵
  PID:4056
- C:\Windows\System\CtJdJaH.exe
  C:\Windows\System\CtJdJaH.exe
  2⤵
  PID:4704
- C:\Windows\System\xSVIWDM.exe
  C:\Windows\System\xSVIWDM.exe
  2⤵
  PID:740
- C:\Windows\System\QZUdGxv.exe
  C:\Windows\System\QZUdGxv.exe
  2⤵
  PID:1476
- C:\Windows\System\FYkhSBw.exe
  C:\Windows\System\FYkhSBw.exe
  2⤵
  PID:3492
- C:\Windows\System\CqQEqkm.exe
  C:\Windows\System\CqQEqkm.exe
  2⤵
  PID:1076
- C:\Windows\System\ugvGHxe.exe
  C:\Windows\System\ugvGHxe.exe
  2⤵
  PID:1976
- C:\Windows\System\QbTxKvL.exe
  C:\Windows\System\QbTxKvL.exe
  2⤵
  PID:676
- C:\Windows\System\bQozNYB.exe
  C:\Windows\System\bQozNYB.exe
  2⤵
  PID:4024
- C:\Windows\System\qVfIzcj.exe
  C:\Windows\System\qVfIzcj.exe
  2⤵
  PID:5128
- C:\Windows\System\JXzEDXq.exe
  C:\Windows\System\JXzEDXq.exe
  2⤵
  PID:5148
- C:\Windows\System\xryvjjh.exe
  C:\Windows\System\xryvjjh.exe
  2⤵
  PID:5328
- C:\Windows\System\cTWbsnO.exe
  C:\Windows\System\cTWbsnO.exe
  2⤵
  PID:5348
- C:\Windows\System\XtNDuMA.exe
  C:\Windows\System\XtNDuMA.exe
  2⤵
  PID:5364
- C:\Windows\System\HdWcvho.exe
  C:\Windows\System\HdWcvho.exe
  2⤵
  PID:5392
- C:\Windows\System\OadvitV.exe
  C:\Windows\System\OadvitV.exe
  2⤵
  PID:5416
- C:\Windows\System\FgNfYUm.exe
  C:\Windows\System\FgNfYUm.exe
  2⤵
  PID:5432
- C:\Windows\System\TBiKUPh.exe
  C:\Windows\System\TBiKUPh.exe
  2⤵
  PID:5456
- C:\Windows\System\fXFvsrV.exe
  C:\Windows\System\fXFvsrV.exe
  2⤵
  PID:5612
- C:\Windows\System\AdbkecL.exe
  C:\Windows\System\AdbkecL.exe
  2⤵
  PID:5628
- C:\Windows\System\fISKCui.exe
  C:\Windows\System\fISKCui.exe
  2⤵
  PID:5644
- C:\Windows\System\KekmhsV.exe
  C:\Windows\System\KekmhsV.exe
  2⤵
  PID:5660
- C:\Windows\System\INzzojb.exe
  C:\Windows\System\INzzojb.exe
  2⤵
  PID:5676
- C:\Windows\System\JyXyjNs.exe
  C:\Windows\System\JyXyjNs.exe
  2⤵
  PID:5724
- C:\Windows\System\lhZnudA.exe
  C:\Windows\System\lhZnudA.exe
  2⤵
  PID:5740
- C:\Windows\System\KUHTHVz.exe
  C:\Windows\System\KUHTHVz.exe
  2⤵
  PID:5756
- C:\Windows\System\llKsVBV.exe
  C:\Windows\System\llKsVBV.exe
  2⤵
  PID:5772
- C:\Windows\System\NnuNsiz.exe
  C:\Windows\System\NnuNsiz.exe
  2⤵
  PID:5788
- C:\Windows\System\NduWrwM.exe
  C:\Windows\System\NduWrwM.exe
  2⤵
  PID:5804
- C:\Windows\System\OyVHtxl.exe
  C:\Windows\System\OyVHtxl.exe
  2⤵
  PID:5824
- C:\Windows\System\OtmxRQB.exe
  C:\Windows\System\OtmxRQB.exe
  2⤵
  PID:5844
- C:\Windows\System\mjxXoao.exe
  C:\Windows\System\mjxXoao.exe
  2⤵
  PID:5864
- C:\Windows\System\AASWEXU.exe
  C:\Windows\System\AASWEXU.exe
  2⤵
  PID:5880
- C:\Windows\System\rnAZVKr.exe
  C:\Windows\System\rnAZVKr.exe
  2⤵
  PID:5960
- C:\Windows\System\rLCiZvB.exe
  C:\Windows\System\rLCiZvB.exe
  2⤵
  PID:5984
- C:\Windows\System\bKRGhJb.exe
  C:\Windows\System\bKRGhJb.exe
  2⤵
  PID:6000
- C:\Windows\System\HjENLzh.exe
  C:\Windows\System\HjENLzh.exe
  2⤵
  PID:6028
- C:\Windows\System\nIquDWU.exe
  C:\Windows\System\nIquDWU.exe
  2⤵
  PID:6092
- C:\Windows\System\keIpAMm.exe
  C:\Windows\System\keIpAMm.exe
  2⤵
  PID:6112
- C:\Windows\System\MQMLcAq.exe
  C:\Windows\System\MQMLcAq.exe
  2⤵
  PID:4348
- C:\Windows\System\ieEOUvp.exe
  C:\Windows\System\ieEOUvp.exe
  2⤵
  PID:3456
- C:\Windows\System\wfKlNxG.exe
  C:\Windows\System\wfKlNxG.exe
  2⤵
  PID:4856
- C:\Windows\System\WZPePqq.exe
  C:\Windows\System\WZPePqq.exe
  2⤵
  PID:3568
- C:\Windows\System\liLXPAN.exe
  C:\Windows\System\liLXPAN.exe
  2⤵
  PID:2176
- C:\Windows\System\rzcxLQI.exe
  C:\Windows\System\rzcxLQI.exe
  2⤵
  PID:5448
- C:\Windows\System\bKfFAgy.exe
  C:\Windows\System\bKfFAgy.exe
  2⤵
  PID:5408
- C:\Windows\System\tujtydG.exe
  C:\Windows\System\tujtydG.exe
  2⤵
  PID:5380
- C:\Windows\System\YJwynGz.exe
  C:\Windows\System\YJwynGz.exe
  2⤵
  PID:5336
- C:\Windows\System\FfMkTuE.exe
  C:\Windows\System\FfMkTuE.exe
  2⤵
  PID:5488
- C:\Windows\System\FLlkalu.exe
  C:\Windows\System\FLlkalu.exe
  2⤵
  PID:5248
- C:\Windows\System\LmfvLhb.exe
  C:\Windows\System\LmfvLhb.exe
  2⤵
  PID:2088
- C:\Windows\System\tjNOJbM.exe
  C:\Windows\System\tjNOJbM.exe
  2⤵
  PID:5012
- C:\Windows\System\BuyHhFA.exe
  C:\Windows\System\BuyHhFA.exe
  2⤵
  PID:5620
- C:\Windows\System\VvrbLKI.exe
  C:\Windows\System\VvrbLKI.exe
  2⤵
  PID:5584
- C:\Windows\System\oQjKyhO.exe
  C:\Windows\System\oQjKyhO.exe
  2⤵
  PID:5608
- C:\Windows\System\FgULPFv.exe
  C:\Windows\System\FgULPFv.exe
  2⤵
  PID:5672
- C:\Windows\System\UpjNTHO.exe
  C:\Windows\System\UpjNTHO.exe
  2⤵
  PID:5696
- C:\Windows\System\ldLmoCE.exe
  C:\Windows\System\ldLmoCE.exe
  2⤵
  PID:5952
- C:\Windows\System\sTbSDRP.exe
  C:\Windows\System\sTbSDRP.exe
  2⤵
  PID:5796
- C:\Windows\System\fBHlobv.exe
  C:\Windows\System\fBHlobv.exe
  2⤵
  PID:5836
- C:\Windows\System\QaJEUDW.exe
  C:\Windows\System\QaJEUDW.exe
  2⤵
  PID:5888
- C:\Windows\System\dSaoGZi.exe
  C:\Windows\System\dSaoGZi.exe
  2⤵
  PID:5912
- C:\Windows\System\BpMrLbY.exe
  C:\Windows\System\BpMrLbY.exe
  2⤵
  PID:5968
- C:\Windows\System\pfxFVYo.exe
  C:\Windows\System\pfxFVYo.exe
  2⤵
  PID:6016
- C:\Windows\System\sEQwFwd.exe
  C:\Windows\System\sEQwFwd.exe
  2⤵
  PID:6084
- C:\Windows\System\uCFRCSq.exe
  C:\Windows\System\uCFRCSq.exe
  2⤵
  PID:6120
- C:\Windows\System\vrSolQt.exe
  C:\Windows\System\vrSolQt.exe
  2⤵
  PID:2424
- C:\Windows\System\pgeEIwI.exe
  C:\Windows\System\pgeEIwI.exe
  2⤵
  PID:3608
- C:\Windows\System\BzdYUGH.exe
  C:\Windows\System\BzdYUGH.exe
  2⤵
  PID:2040
- C:\Windows\System\JUOvlNs.exe
  C:\Windows\System\JUOvlNs.exe
  2⤵
  PID:2504
- C:\Windows\System\oTvJDiN.exe
  C:\Windows\System\oTvJDiN.exe
  2⤵
  PID:3644
- C:\Windows\System\eyxnFOx.exe
  C:\Windows\System\eyxnFOx.exe
  2⤵
  PID:1344
- C:\Windows\System\gzvcKjP.exe
  C:\Windows\System\gzvcKjP.exe
  2⤵
  PID:4796
- C:\Windows\System\VChtSlp.exe
  C:\Windows\System\VChtSlp.exe
  2⤵
  PID:2844
- C:\Windows\System\ZHvIaLm.exe
  C:\Windows\System\ZHvIaLm.exe
  2⤵
  PID:1620
- C:\Windows\System\EGPAWIV.exe
  C:\Windows\System\EGPAWIV.exe
  2⤵
  PID:2008
- C:\Windows\System\wtZRAwd.exe
  C:\Windows\System\wtZRAwd.exe
  2⤵
  PID:4272
- C:\Windows\System\LakhkBz.exe
  C:\Windows\System\LakhkBz.exe
  2⤵
  PID:5400
- C:\Windows\System\WNWYXtv.exe
  C:\Windows\System\WNWYXtv.exe
  2⤵
  PID:5300
- C:\Windows\System\TRRVaNc.exe
  C:\Windows\System\TRRVaNc.exe
  2⤵
  PID:5308
- C:\Windows\System\BIYbbFb.exe
  C:\Windows\System\BIYbbFb.exe
  2⤵
  PID:5532
- C:\Windows\System\JLtdjPg.exe
  C:\Windows\System\JLtdjPg.exe
  2⤵
  PID:5764
- C:\Windows\System\ohuMWfK.exe
  C:\Windows\System\ohuMWfK.exe
  2⤵
  PID:5832
- C:\Windows\System\TIVwLas.exe
  C:\Windows\System\TIVwLas.exe
  2⤵
  PID:6072
- C:\Windows\System\hpJGPjJ.exe
  C:\Windows\System\hpJGPjJ.exe
  2⤵
  PID:5892
- C:\Windows\System\TgRAPHT.exe
  C:\Windows\System\TgRAPHT.exe
  2⤵
  PID:5640
- C:\Windows\System\PGrYYEP.exe
  C:\Windows\System\PGrYYEP.exe
  2⤵
  PID:2264
- C:\Windows\System\QWnNffc.exe
  C:\Windows\System\QWnNffc.exe
  2⤵
  PID:4900
- C:\Windows\System\vmunBsJ.exe
  C:\Windows\System\vmunBsJ.exe
  2⤵
  PID:6108
- C:\Windows\System\sYZExgO.exe
  C:\Windows\System\sYZExgO.exe
  2⤵
  PID:6156
- C:\Windows\System\guyeNFG.exe
  C:\Windows\System\guyeNFG.exe
  2⤵
  PID:6172
- C:\Windows\System\ZdiWJMG.exe
  C:\Windows\System\ZdiWJMG.exe
  2⤵
  PID:6192
- C:\Windows\System\DHQxmMu.exe
  C:\Windows\System\DHQxmMu.exe
  2⤵
  PID:6216
- C:\Windows\System\xHAmnsd.exe
  C:\Windows\System\xHAmnsd.exe
  2⤵
  PID:6240
- C:\Windows\System\EBGcJUJ.exe
  C:\Windows\System\EBGcJUJ.exe
  2⤵
  PID:6256
- C:\Windows\System\XFaVJby.exe
  C:\Windows\System\XFaVJby.exe
  2⤵
  PID:6292
- C:\Windows\System\flSLyDW.exe
  C:\Windows\System\flSLyDW.exe
  2⤵
  PID:6312
- C:\Windows\System\KhRzMcI.exe
  C:\Windows\System\KhRzMcI.exe
  2⤵
  PID:6328
- C:\Windows\System\oLZqUDx.exe
  C:\Windows\System\oLZqUDx.exe
  2⤵
  PID:6352
- C:\Windows\System\ejwgrXi.exe
  C:\Windows\System\ejwgrXi.exe
  2⤵
  PID:6380
- C:\Windows\System\mHOJhej.exe
  C:\Windows\System\mHOJhej.exe
  2⤵
  PID:6404
- C:\Windows\System\YDotRFL.exe
  C:\Windows\System\YDotRFL.exe
  2⤵
  PID:6424
- C:\Windows\System\QiduQnP.exe
  C:\Windows\System\QiduQnP.exe
  2⤵
  PID:6448
- C:\Windows\System\OeFdpMU.exe
  C:\Windows\System\OeFdpMU.exe
  2⤵
  PID:6468
- C:\Windows\System\bgBGqgB.exe
  C:\Windows\System\bgBGqgB.exe
  2⤵
  PID:6488
- C:\Windows\System\QbneVOY.exe
  C:\Windows\System\QbneVOY.exe
  2⤵
  PID:6512
- C:\Windows\System\XAjvVff.exe
  C:\Windows\System\XAjvVff.exe
  2⤵
  PID:6536
- C:\Windows\System\ZZEFYKd.exe
  C:\Windows\System\ZZEFYKd.exe
  2⤵
  PID:6556
- C:\Windows\System\MUGuZRK.exe
  C:\Windows\System\MUGuZRK.exe
  2⤵
  PID:6584
- C:\Windows\System\GFUSHcg.exe
  C:\Windows\System\GFUSHcg.exe
  2⤵
  PID:6604
- C:\Windows\System\AiNFTtl.exe
  C:\Windows\System\AiNFTtl.exe
  2⤵
  PID:6620
- C:\Windows\System\HpIxmIY.exe
  C:\Windows\System\HpIxmIY.exe
  2⤵
  PID:6644
- C:\Windows\System\ijeQQfy.exe
  C:\Windows\System\ijeQQfy.exe
  2⤵
  PID:6668
- C:\Windows\System\NemoAKH.exe
  C:\Windows\System\NemoAKH.exe
  2⤵
  PID:6684
- C:\Windows\System\TNiOmVr.exe
  C:\Windows\System\TNiOmVr.exe
  2⤵
  PID:6716
- C:\Windows\System\bkIcWUs.exe
  C:\Windows\System\bkIcWUs.exe
  2⤵
  PID:6740
- C:\Windows\System\CQPByfZ.exe
  C:\Windows\System\CQPByfZ.exe
  2⤵
  PID:6764
- C:\Windows\System\sJjBHmu.exe
  C:\Windows\System\sJjBHmu.exe
  2⤵
  PID:6784
- C:\Windows\System\qGTkRcU.exe
  C:\Windows\System\qGTkRcU.exe
  2⤵
  PID:6800
- C:\Windows\System\orbmRwv.exe
  C:\Windows\System\orbmRwv.exe
  2⤵
  PID:6824
- C:\Windows\System\tlqPGdl.exe
  C:\Windows\System\tlqPGdl.exe
  2⤵
  PID:6844
- C:\Windows\System\UUhhTkO.exe
  C:\Windows\System\UUhhTkO.exe
  2⤵
  PID:6860
- C:\Windows\System\FbvUFGt.exe
  C:\Windows\System\FbvUFGt.exe
  2⤵
  PID:6880
- C:\Windows\System\FvWOTmX.exe
  C:\Windows\System\FvWOTmX.exe
  2⤵
  PID:6904
- C:\Windows\System\SQdZAbk.exe
  C:\Windows\System\SQdZAbk.exe
  2⤵
  PID:6924
- C:\Windows\System\zxTKsTp.exe
  C:\Windows\System\zxTKsTp.exe
  2⤵
  PID:6948
- C:\Windows\System\XXPVsco.exe
  C:\Windows\System\XXPVsco.exe
  2⤵
  PID:6964
- C:\Windows\System\gezoVAw.exe
  C:\Windows\System\gezoVAw.exe
  2⤵
  PID:6992
- C:\Windows\System\tZABiEM.exe
  C:\Windows\System\tZABiEM.exe
  2⤵
  PID:7012
- C:\Windows\System\SpvlUmd.exe
  C:\Windows\System\SpvlUmd.exe
  2⤵
  PID:7032
- C:\Windows\System\fBPSRQM.exe
  C:\Windows\System\fBPSRQM.exe
  2⤵
  PID:7056
- C:\Windows\System\gXTgmqG.exe
  C:\Windows\System\gXTgmqG.exe
  2⤵
  PID:7072
- C:\Windows\System\uhHBdbP.exe
  C:\Windows\System\uhHBdbP.exe
  2⤵
  PID:7100
- C:\Windows\System\nvMqmxI.exe
  C:\Windows\System\nvMqmxI.exe
  2⤵
  PID:7116
- C:\Windows\System\qFBnDPI.exe
  C:\Windows\System\qFBnDPI.exe
  2⤵
  PID:7140
- C:\Windows\System\VjlxnpW.exe
  C:\Windows\System\VjlxnpW.exe
  2⤵
  PID:7164
- C:\Windows\System\cvSDwbz.exe
  C:\Windows\System\cvSDwbz.exe
  2⤵
  PID:3252
- C:\Windows\System\KqRNSzf.exe
  C:\Windows\System\KqRNSzf.exe
  2⤵
  PID:2124
- C:\Windows\System\EaOCfyg.exe
  C:\Windows\System\EaOCfyg.exe
  2⤵
  PID:5860
- C:\Windows\System\hBErxbC.exe
  C:\Windows\System\hBErxbC.exe
  2⤵
  PID:5928
- C:\Windows\System\lxSuIhc.exe
  C:\Windows\System\lxSuIhc.exe
  2⤵
  PID:5692
- C:\Windows\System\GbTZfEx.exe
  C:\Windows\System\GbTZfEx.exe
  2⤵
  PID:2828
- C:\Windows\System\UsHUOsa.exe
  C:\Windows\System\UsHUOsa.exe
  2⤵
  PID:6300
- C:\Windows\System\ENeCxJb.exe
  C:\Windows\System\ENeCxJb.exe
  2⤵
  PID:5784
- C:\Windows\System\kMKwmXi.exe
  C:\Windows\System\kMKwmXi.exe
  2⤵
  PID:1712
- C:\Windows\System\onqWUHW.exe
  C:\Windows\System\onqWUHW.exe
  2⤵
  PID:6164
- C:\Windows\System\LezumRx.exe
  C:\Windows\System\LezumRx.exe
  2⤵
  PID:6500
- C:\Windows\System\lLzAESi.exe
  C:\Windows\System\lLzAESi.exe
  2⤵
  PID:6528
- C:\Windows\System\QMPBGjE.exe
  C:\Windows\System\QMPBGjE.exe
  2⤵
  PID:6236
- C:\Windows\System\TKGKaQC.exe
  C:\Windows\System\TKGKaQC.exe
  2⤵
  PID:6324
- C:\Windows\System\AgQQSBR.exe
  C:\Windows\System\AgQQSBR.exe
  2⤵
  PID:6628
- C:\Windows\System\APdbDec.exe
  C:\Windows\System\APdbDec.exe
  2⤵
  PID:6104
- C:\Windows\System\TAXUUVC.exe
  C:\Windows\System\TAXUUVC.exe
  2⤵
  PID:6184
- C:\Windows\System\siazaLI.exe
  C:\Windows\System\siazaLI.exe
  2⤵
  PID:6724
- C:\Windows\System\nqKRlHp.exe
  C:\Windows\System\nqKRlHp.exe
  2⤵
  PID:6832
- C:\Windows\System\hPpUqpf.exe
  C:\Windows\System\hPpUqpf.exe
  2⤵
  PID:6320
- C:\Windows\System\BcAOHMT.exe
  C:\Windows\System\BcAOHMT.exe
  2⤵
  PID:6920
- C:\Windows\System\uYnCZGj.exe
  C:\Windows\System\uYnCZGj.exe
  2⤵
  PID:6944
- C:\Windows\System\aqwHrtc.exe
  C:\Windows\System\aqwHrtc.exe
  2⤵
  PID:6596
- C:\Windows\System\BpUWlZO.exe
  C:\Windows\System\BpUWlZO.exe
  2⤵
  PID:7044
- C:\Windows\System\GtFFicT.exe
  C:\Windows\System\GtFFicT.exe
  2⤵
  PID:7088
- C:\Windows\System\YVjIOOh.exe
  C:\Windows\System\YVjIOOh.exe
  2⤵
  PID:224
- C:\Windows\System\MGfmZKu.exe
  C:\Windows\System\MGfmZKu.exe
  2⤵
  PID:7184
- C:\Windows\System\ZAEeyEz.exe
  C:\Windows\System\ZAEeyEz.exe
  2⤵
  PID:7208
- C:\Windows\System\FtEcVNI.exe
  C:\Windows\System\FtEcVNI.exe
  2⤵
  PID:7224
- C:\Windows\System\XGqhbxM.exe
  C:\Windows\System\XGqhbxM.exe
  2⤵
  PID:7252
- C:\Windows\System\EoMpraI.exe
  C:\Windows\System\EoMpraI.exe
  2⤵
  PID:7272
- C:\Windows\System\huEywvR.exe
  C:\Windows\System\huEywvR.exe
  2⤵
  PID:7296
- C:\Windows\System\mZyLZUY.exe
  C:\Windows\System\mZyLZUY.exe
  2⤵
  PID:7320
- C:\Windows\System\RmmuzwB.exe
  C:\Windows\System\RmmuzwB.exe
  2⤵
  PID:7336
- C:\Windows\System\PsWBMbN.exe
  C:\Windows\System\PsWBMbN.exe
  2⤵
  PID:7356
- C:\Windows\System\sFcwNyH.exe
  C:\Windows\System\sFcwNyH.exe
  2⤵
  PID:7380
- C:\Windows\System\dcGbCmJ.exe
  C:\Windows\System\dcGbCmJ.exe
  2⤵
  PID:7400
- C:\Windows\System\jgpwCGh.exe
  C:\Windows\System\jgpwCGh.exe
  2⤵
  PID:7424
- C:\Windows\System\LMBkzMX.exe
  C:\Windows\System\LMBkzMX.exe
  2⤵
  PID:7444
- C:\Windows\System\amagJaV.exe
  C:\Windows\System\amagJaV.exe
  2⤵
  PID:7468
- C:\Windows\System\GbECFnF.exe
  C:\Windows\System\GbECFnF.exe
  2⤵
  PID:7488
- C:\Windows\System\eUrzdMD.exe
  C:\Windows\System\eUrzdMD.exe
  2⤵
  PID:7508
- C:\Windows\System\GlEvFOl.exe
  C:\Windows\System\GlEvFOl.exe
  2⤵
  PID:7536
- C:\Windows\System\ZxEDoTd.exe
  C:\Windows\System\ZxEDoTd.exe
  2⤵
  PID:7552
- C:\Windows\System\PQROASq.exe
  C:\Windows\System\PQROASq.exe
  2⤵
  PID:7576
- C:\Windows\System\QXwMEMS.exe
  C:\Windows\System\QXwMEMS.exe
  2⤵
  PID:7596
- C:\Windows\System\AuNSfjY.exe
  C:\Windows\System\AuNSfjY.exe
  2⤵
  PID:7628
- C:\Windows\System\cDEYeKX.exe
  C:\Windows\System\cDEYeKX.exe
  2⤵
  PID:7676
- C:\Windows\System\VsNWiBy.exe
  C:\Windows\System\VsNWiBy.exe
  2⤵
  PID:7692
- C:\Windows\System\QBcspXM.exe
  C:\Windows\System\QBcspXM.exe
  2⤵
  PID:7712
- C:\Windows\System\pMbwPlp.exe
  C:\Windows\System\pMbwPlp.exe
  2⤵
  PID:7736
- C:\Windows\System\ZlywHYd.exe
  C:\Windows\System\ZlywHYd.exe
  2⤵
  PID:7756
- C:\Windows\System\gMbmaXV.exe
  C:\Windows\System\gMbmaXV.exe
  2⤵
  PID:7776
- C:\Windows\System\IwwEngG.exe
  C:\Windows\System\IwwEngG.exe
  2⤵
  PID:7804
- C:\Windows\System\xALTvsD.exe
  C:\Windows\System\xALTvsD.exe
  2⤵
  PID:7820
- C:\Windows\System\sPKTgAa.exe
  C:\Windows\System\sPKTgAa.exe
  2⤵
  PID:7840
- C:\Windows\System\pmzMYLS.exe
  C:\Windows\System\pmzMYLS.exe
  2⤵
  PID:7860
- C:\Windows\System\YyKoWOL.exe
  C:\Windows\System\YyKoWOL.exe
  2⤵
  PID:7880
- C:\Windows\System\HbfRCaI.exe
  C:\Windows\System\HbfRCaI.exe
  2⤵
  PID:7900
- C:\Windows\System\iaxyFeB.exe
  C:\Windows\System\iaxyFeB.exe
  2⤵
  PID:7920
- C:\Windows\System\bkiupIK.exe
  C:\Windows\System\bkiupIK.exe
  2⤵
  PID:7944
- C:\Windows\System\rqpmfOa.exe
  C:\Windows\System\rqpmfOa.exe
  2⤵
  PID:7968
- C:\Windows\System\IQlYxcP.exe
  C:\Windows\System\IQlYxcP.exe
  2⤵
  PID:8180
- C:\Windows\System\MCOSDIv.exe
  C:\Windows\System\MCOSDIv.exe
  2⤵
  PID:6752
- C:\Windows\System\HqtSruc.exe
  C:\Windows\System\HqtSruc.exe
  2⤵
  PID:5088
- C:\Windows\System\HnDhCFU.exe
  C:\Windows\System\HnDhCFU.exe
  2⤵
  PID:4708
- C:\Windows\System\ROVFQrH.exe
  C:\Windows\System\ROVFQrH.exe
  2⤵
  PID:6232
- C:\Windows\System\WooiYgl.exe
  C:\Windows\System\WooiYgl.exe
  2⤵
  PID:6152
- C:\Windows\System\vcxZiKe.exe
  C:\Windows\System\vcxZiKe.exe
  2⤵
  PID:6856
- C:\Windows\System\vwdGfhc.exe
  C:\Windows\System\vwdGfhc.exe
  2⤵
  PID:7112
- C:\Windows\System\oBqbTYE.exe
  C:\Windows\System\oBqbTYE.exe
  2⤵
  PID:7132
- C:\Windows\System\egUvaNi.exe
  C:\Windows\System\egUvaNi.exe
  2⤵
  PID:7176
- C:\Windows\System\NYsWybj.exe
  C:\Windows\System\NYsWybj.exe
  2⤵
  PID:3352
- C:\Windows\System\byZThft.exe
  C:\Windows\System\byZThft.exe
  2⤵
  PID:6812
- C:\Windows\System\RcXlZyK.exe
  C:\Windows\System\RcXlZyK.exe
  2⤵
  PID:7532
- C:\Windows\System\SWcxOFm.exe
  C:\Windows\System\SWcxOFm.exe
  2⤵
  PID:7672
- C:\Windows\System\bUCwMcf.exe
  C:\Windows\System\bUCwMcf.exe
  2⤵
  PID:6200
- C:\Windows\System\hQmaJjL.exe
  C:\Windows\System\hQmaJjL.exe
  2⤵
  PID:7872
- C:\Windows\System\AtvXfCU.exe
  C:\Windows\System\AtvXfCU.exe
  2⤵
  PID:7984
- C:\Windows\System\ADxpZQw.exe
  C:\Windows\System\ADxpZQw.exe
  2⤵
  PID:4468
- C:\Windows\System\TCvdgpy.exe
  C:\Windows\System\TCvdgpy.exe
  2⤵
  PID:7440
- C:\Windows\System\ILoFxae.exe
  C:\Windows\System\ILoFxae.exe
  2⤵
  PID:8204
- C:\Windows\System\MfyRzoG.exe
  C:\Windows\System\MfyRzoG.exe
  2⤵
  PID:8228
- C:\Windows\System\nawvsHx.exe
  C:\Windows\System\nawvsHx.exe
  2⤵
  PID:8256
- C:\Windows\System\QDRbbkE.exe
  C:\Windows\System\QDRbbkE.exe
  2⤵
  PID:8280
- C:\Windows\System\RCRwEdv.exe
  C:\Windows\System\RCRwEdv.exe
  2⤵
  PID:8300
- C:\Windows\System\ZxfIwuY.exe
  C:\Windows\System\ZxfIwuY.exe
  2⤵
  PID:8324
- C:\Windows\System\nHMGXXz.exe
  C:\Windows\System\nHMGXXz.exe
  2⤵
  PID:8340
- C:\Windows\System\quoIJcV.exe
  C:\Windows\System\quoIJcV.exe
  2⤵
  PID:8360
- C:\Windows\System\wczNrsJ.exe
  C:\Windows\System\wczNrsJ.exe
  2⤵
  PID:8376
- C:\Windows\System\zWJXeXJ.exe
  C:\Windows\System\zWJXeXJ.exe
  2⤵
  PID:8396
- C:\Windows\System\elWqJvJ.exe
  C:\Windows\System\elWqJvJ.exe
  2⤵
  PID:8416
- C:\Windows\System\BRlvEAY.exe
  C:\Windows\System\BRlvEAY.exe
  2⤵
  PID:8440
- C:\Windows\System\VpjiXQS.exe
  C:\Windows\System\VpjiXQS.exe
  2⤵
  PID:8460
- C:\Windows\System\hwgYpZc.exe
  C:\Windows\System\hwgYpZc.exe
  2⤵
  PID:8476
- C:\Windows\System\JIALauB.exe
  C:\Windows\System\JIALauB.exe
  2⤵
  PID:8496
- C:\Windows\System\kXnVkur.exe
  C:\Windows\System\kXnVkur.exe
  2⤵
  PID:8520
- C:\Windows\System\qjCCwGe.exe
  C:\Windows\System\qjCCwGe.exe
  2⤵
  PID:8544
- C:\Windows\System\GEJxXtB.exe
  C:\Windows\System\GEJxXtB.exe
  2⤵
  PID:8568
- C:\Windows\System\aEcsfhT.exe
  C:\Windows\System\aEcsfhT.exe
  2⤵
  PID:8592
- C:\Windows\System\HlPuZPv.exe
  C:\Windows\System\HlPuZPv.exe
  2⤵
  PID:8612
- C:\Windows\System\sbRsqWT.exe
  C:\Windows\System\sbRsqWT.exe
  2⤵
  PID:8644
- C:\Windows\System\XsPHGQJ.exe
  C:\Windows\System\XsPHGQJ.exe
  2⤵
  PID:8684
- C:\Windows\System\TWlaVgl.exe
  C:\Windows\System\TWlaVgl.exe
  2⤵
  PID:8712
- C:\Windows\System\tDukrIH.exe
  C:\Windows\System\tDukrIH.exe
  2⤵
  PID:8728
- C:\Windows\System\MjrSEHH.exe
  C:\Windows\System\MjrSEHH.exe
  2⤵
  PID:8752
- C:\Windows\System\zJyJRFI.exe
  C:\Windows\System\zJyJRFI.exe
  2⤵
  PID:8784
- C:\Windows\System\cWrHTAn.exe
  C:\Windows\System\cWrHTAn.exe
  2⤵
  PID:8804
- C:\Windows\System\FONKyhL.exe
  C:\Windows\System\FONKyhL.exe
  2⤵
  PID:8828
- C:\Windows\System\QVslxwk.exe
  C:\Windows\System\QVslxwk.exe
  2⤵
  PID:8852
- C:\Windows\System\EQdqXWR.exe
  C:\Windows\System\EQdqXWR.exe
  2⤵
  PID:8876
- C:\Windows\System\UqfRxAP.exe
  C:\Windows\System\UqfRxAP.exe
  2⤵
  PID:8896
- C:\Windows\System\wYzCCoY.exe
  C:\Windows\System\wYzCCoY.exe
  2⤵
  PID:8916
- C:\Windows\System\EEVmduy.exe
  C:\Windows\System\EEVmduy.exe
  2⤵
  PID:8948
- C:\Windows\System\XgDozDW.exe
  C:\Windows\System\XgDozDW.exe
  2⤵
  PID:8980
- C:\Windows\System\RwRTHEQ.exe
  C:\Windows\System\RwRTHEQ.exe
  2⤵
  PID:9012
- C:\Windows\System\HqPbXLe.exe
  C:\Windows\System\HqPbXLe.exe
  2⤵
  PID:9036
- C:\Windows\System\HQgwWCg.exe
  C:\Windows\System\HQgwWCg.exe
  2⤵
  PID:9060
- C:\Windows\System\AOdNqFK.exe
  C:\Windows\System\AOdNqFK.exe
  2⤵
  PID:9084
- C:\Windows\System\NWvEZMs.exe
  C:\Windows\System\NWvEZMs.exe
  2⤵
  PID:9104
- C:\Windows\System\bflIWIA.exe
  C:\Windows\System\bflIWIA.exe
  2⤵
  PID:9124
- C:\Windows\System\haTuKyF.exe
  C:\Windows\System\haTuKyF.exe
  2⤵
  PID:9148
- C:\Windows\System\lhPNDFW.exe
  C:\Windows\System\lhPNDFW.exe
  2⤵
  PID:9168
- C:\Windows\System\GBpkhzv.exe
  C:\Windows\System\GBpkhzv.exe
  2⤵
  PID:9188
- C:\Windows\System\VNwWXVw.exe
  C:\Windows\System\VNwWXVw.exe
  2⤵
  PID:9212
- C:\Windows\System\DmWAoal.exe
  C:\Windows\System\DmWAoal.exe
  2⤵
  PID:6252
- C:\Windows\System\EZOUqFJ.exe
  C:\Windows\System\EZOUqFJ.exe
  2⤵
  PID:7604
- C:\Windows\System\zTNFmAE.exe
  C:\Windows\System\zTNFmAE.exe
  2⤵
  PID:7784
- C:\Windows\System\geznrPL.exe
  C:\Windows\System\geznrPL.exe
  2⤵
  PID:6712
- C:\Windows\System\EnOkUXU.exe
  C:\Windows\System\EnOkUXU.exe
  2⤵
  PID:7928
- C:\Windows\System\ZBEFRen.exe
  C:\Windows\System\ZBEFRen.exe
  2⤵
  PID:7108
- C:\Windows\System\RowDNoa.exe
  C:\Windows\System\RowDNoa.exe
  2⤵
  PID:7852
- C:\Windows\System\WYJIvcY.exe
  C:\Windows\System\WYJIvcY.exe
  2⤵
  PID:7728
- C:\Windows\System\WWvcUNR.exe
  C:\Windows\System\WWvcUNR.exe
  2⤵
  PID:7544
- C:\Windows\System\kUzkjMi.exe
  C:\Windows\System\kUzkjMi.exe
  2⤵
  PID:5856
- C:\Windows\System\cwdyGZU.exe
  C:\Windows\System\cwdyGZU.exe
  2⤵
  PID:7264
- C:\Windows\System\VgltGFF.exe
  C:\Windows\System\VgltGFF.exe
  2⤵
  PID:6816
- C:\Windows\System\rbVDnHu.exe
  C:\Windows\System\rbVDnHu.exe
  2⤵
  PID:6360
- C:\Windows\System\xemaqkM.exe
  C:\Windows\System\xemaqkM.exe
  2⤵
  PID:6680
- C:\Windows\System\FygYthw.exe
  C:\Windows\System\FygYthw.exe
  2⤵
  PID:6656
- C:\Windows\System\kzDxhNS.exe
  C:\Windows\System\kzDxhNS.exe
  2⤵
  PID:7332
- C:\Windows\System\GiiHwcG.exe
  C:\Windows\System\GiiHwcG.exe
  2⤵
  PID:7420
- C:\Windows\System\SAbtXnW.exe
  C:\Windows\System\SAbtXnW.exe
  2⤵
  PID:8024
- C:\Windows\System\lVSBeaf.exe
  C:\Windows\System\lVSBeaf.exe
  2⤵
  PID:8244
- C:\Windows\System\gzkgFuT.exe
  C:\Windows\System\gzkgFuT.exe
  2⤵
  PID:8308
- C:\Windows\System\lxXfXlI.exe
  C:\Windows\System\lxXfXlI.exe
  2⤵
  PID:7636
- C:\Windows\System\TYyCYKs.exe
  C:\Windows\System\TYyCYKs.exe
  2⤵
  PID:8392
- C:\Windows\System\fcPnnAa.exe
  C:\Windows\System\fcPnnAa.exe
  2⤵
  PID:8436
- C:\Windows\System\DgTmJgh.exe
  C:\Windows\System\DgTmJgh.exe
  2⤵
  PID:9220
- C:\Windows\System\YXQOoDs.exe
  C:\Windows\System\YXQOoDs.exe
  2⤵
  PID:9236
- C:\Windows\System\cjgNQjv.exe
  C:\Windows\System\cjgNQjv.exe
  2⤵
  PID:9260
- C:\Windows\System\uPCJMdP.exe
  C:\Windows\System\uPCJMdP.exe
  2⤵
  PID:9280
- C:\Windows\System\eryEmGU.exe
  C:\Windows\System\eryEmGU.exe
  2⤵
  PID:9300
- C:\Windows\System\wwdZHbV.exe
  C:\Windows\System\wwdZHbV.exe
  2⤵
  PID:9324
- C:\Windows\System\UmvKbyC.exe
  C:\Windows\System\UmvKbyC.exe
  2⤵
  PID:9364
- C:\Windows\System\eaZPxYt.exe
  C:\Windows\System\eaZPxYt.exe
  2⤵
  PID:9412
- C:\Windows\System\JMjoCnd.exe
  C:\Windows\System\JMjoCnd.exe
  2⤵
  PID:9448
- C:\Windows\System\tcHQDRG.exe
  C:\Windows\System\tcHQDRG.exe
  2⤵
  PID:9488
- C:\Windows\System\bLKqhYo.exe
  C:\Windows\System\bLKqhYo.exe
  2⤵
  PID:9504
- C:\Windows\System\ZMVqitK.exe
  C:\Windows\System\ZMVqitK.exe
  2⤵
  PID:10104
- C:\Windows\System\hBHwkyV.exe
  C:\Windows\System\hBHwkyV.exe
  2⤵
  PID:10160
- C:\Windows\System\EdAYfcO.exe
  C:\Windows\System\EdAYfcO.exe
  2⤵
  PID:10180
- C:\Windows\System\DLXBDVm.exe
  C:\Windows\System\DLXBDVm.exe
  2⤵
  PID:10208
- C:\Windows\System\ewMKuht.exe
  C:\Windows\System\ewMKuht.exe
  2⤵
  PID:10224
- C:\Windows\System\CQGEXco.exe
  C:\Windows\System\CQGEXco.exe
  2⤵
  PID:7796
- C:\Windows\System\zvdUfAG.exe
  C:\Windows\System\zvdUfAG.exe
  2⤵
  PID:8668
- C:\Windows\System\cyaQHUf.exe
  C:\Windows\System\cyaQHUf.exe
  2⤵
  PID:4928
- C:\Windows\System\rQXfZuF.exe
  C:\Windows\System\rQXfZuF.exe
  2⤵
  PID:9052
- C:\Windows\System\KnrkOkq.exe
  C:\Windows\System\KnrkOkq.exe
  2⤵
  PID:7748
- C:\Windows\System\OZkDOdL.exe
  C:\Windows\System\OZkDOdL.exe
  2⤵
  PID:7504
- C:\Windows\System\btAAOjx.exe
  C:\Windows\System\btAAOjx.exe
  2⤵
  PID:8168
- C:\Windows\System\nYhkKHw.exe
  C:\Windows\System\nYhkKHw.exe
  2⤵
  PID:7652
- C:\Windows\System\vSGZqkz.exe
  C:\Windows\System\vSGZqkz.exe
  2⤵
  PID:8068
- C:\Windows\System\qToKvnM.exe
  C:\Windows\System\qToKvnM.exe
  2⤵
  PID:8468
- C:\Windows\System\HYmqSxl.exe
  C:\Windows\System\HYmqSxl.exe
  2⤵
  PID:8144
- C:\Windows\System\OPntXqS.exe
  C:\Windows\System\OPntXqS.exe
  2⤵
  PID:6796
- C:\Windows\System\dwZEfss.exe
  C:\Windows\System\dwZEfss.exe
  2⤵
  PID:7516
- C:\Windows\System\Zxvvplb.exe
  C:\Windows\System\Zxvvplb.exe
  2⤵
  PID:7568
- C:\Windows\System\sRaKfKx.exe
  C:\Windows\System\sRaKfKx.exe
  2⤵
  PID:7720
- C:\Windows\System\fGMkAtd.exe
  C:\Windows\System\fGMkAtd.exe
  2⤵
  PID:7348
- C:\Windows\System\biZGjzO.exe
  C:\Windows\System\biZGjzO.exe
  2⤵
  PID:6308
- C:\Windows\System\ofcFCTM.exe
  C:\Windows\System\ofcFCTM.exe
  2⤵
  PID:8332
- C:\Windows\System\UndJSOZ.exe
  C:\Windows\System\UndJSOZ.exe
  2⤵
  PID:8452
- C:\Windows\System\KbGRVUG.exe
  C:\Windows\System\KbGRVUG.exe
  2⤵
  PID:8504
- C:\Windows\System\cYHBVfZ.exe
  C:\Windows\System\cYHBVfZ.exe
  2⤵
  PID:9596
- C:\Windows\System\knhAZOb.exe
  C:\Windows\System\knhAZOb.exe
  2⤵
  PID:9676
- C:\Windows\System\VXOKJbV.exe
  C:\Windows\System\VXOKJbV.exe
  2⤵
  PID:8584
- C:\Windows\System\dJyTFzx.exe
  C:\Windows\System\dJyTFzx.exe
  2⤵
  PID:8704
- C:\Windows\System\IJTRcuO.exe
  C:\Windows\System\IJTRcuO.exe
  2⤵
  PID:8760
- C:\Windows\System\EpLDike.exe
  C:\Windows\System\EpLDike.exe
  2⤵
  PID:8796
- C:\Windows\System\UZswJej.exe
  C:\Windows\System\UZswJej.exe
  2⤵
  PID:8860
- C:\Windows\System\saFcUnI.exe
  C:\Windows\System\saFcUnI.exe
  2⤵
  PID:8892
- C:\Windows\System\gixZveL.exe
  C:\Windows\System\gixZveL.exe
  2⤵
  PID:8988
- C:\Windows\System\aVHeBht.exe
  C:\Windows\System\aVHeBht.exe
  2⤵
  PID:9396
- C:\Windows\System\gVWubru.exe
  C:\Windows\System\gVWubru.exe
  2⤵
  PID:9760
- C:\Windows\System\yAAFadU.exe
  C:\Windows\System\yAAFadU.exe
  2⤵
  PID:9092
- C:\Windows\System\ZTnuKhZ.exe
  C:\Windows\System\ZTnuKhZ.exe
  2⤵
  PID:9132
- C:\Windows\System\VrZztOv.exe
  C:\Windows\System\VrZztOv.exe
  2⤵
  PID:9136
- C:\Windows\System\VVJxmEY.exe
  C:\Windows\System\VVJxmEY.exe
  2⤵
  PID:2940
- C:\Windows\System\QnTVJxu.exe
  C:\Windows\System\QnTVJxu.exe
  2⤵
  PID:7768
- C:\Windows\System\bIXlrqx.exe
  C:\Windows\System\bIXlrqx.exe
  2⤵
  PID:7456
- C:\Windows\System\UmTuRMw.exe
  C:\Windows\System\UmTuRMw.exe
  2⤵
  PID:6960
- C:\Windows\System\YMOrfxY.exe
  C:\Windows\System\YMOrfxY.exe
  2⤵
  PID:7376
- C:\Windows\System\yNdgFLH.exe
  C:\Windows\System\yNdgFLH.exe
  2⤵
  PID:8388
- C:\Windows\System\gpZqxWA.exe
  C:\Windows\System\gpZqxWA.exe
  2⤵
  PID:9296
- C:\Windows\System\lMZFxEO.exe
  C:\Windows\System\lMZFxEO.exe
  2⤵
  PID:2376
- C:\Windows\System\oBFOlQI.exe
  C:\Windows\System\oBFOlQI.exe
  2⤵
  PID:4880
- C:\Windows\System\XdNlRVa.exe
  C:\Windows\System\XdNlRVa.exe
  2⤵
  PID:9984
- C:\Windows\System\ttXZuyS.exe
  C:\Windows\System\ttXZuyS.exe
  2⤵
  PID:9348
- C:\Windows\System\WhpAfsV.exe
  C:\Windows\System\WhpAfsV.exe
  2⤵
  PID:10080
- C:\Windows\System\JUxZbzc.exe
  C:\Windows\System\JUxZbzc.exe
  2⤵
  PID:7460
- C:\Windows\System\rfmgObP.exe
  C:\Windows\System\rfmgObP.exe
  2⤵
  PID:10144
- C:\Windows\System\DLXBqZt.exe
  C:\Windows\System\DLXBqZt.exe
  2⤵
  PID:10168
- C:\Windows\System\NRpxQfG.exe
  C:\Windows\System\NRpxQfG.exe
  2⤵
  PID:9584
- C:\Windows\System\AePpGAl.exe
  C:\Windows\System\AePpGAl.exe
  2⤵
  PID:7732
- C:\Windows\System\FmyQjUX.exe
  C:\Windows\System\FmyQjUX.exe
  2⤵
  PID:6916
- C:\Windows\System\IgEiPmS.exe
  C:\Windows\System\IgEiPmS.exe
  2⤵
  PID:8528
- C:\Windows\System\ZCMPNNs.exe
  C:\Windows\System\ZCMPNNs.exe
  2⤵
  PID:10248
- C:\Windows\System\MeEmJbQ.exe
  C:\Windows\System\MeEmJbQ.exe
  2⤵
  PID:10268
- C:\Windows\System\cUDFhDX.exe
  C:\Windows\System\cUDFhDX.exe
  2⤵
  PID:10292
- C:\Windows\System\Wknceat.exe
  C:\Windows\System\Wknceat.exe
  2⤵
  PID:10316
- C:\Windows\System\IkYwPQE.exe
  C:\Windows\System\IkYwPQE.exe
  2⤵
  PID:10340
- C:\Windows\System\RcpiYLo.exe
  C:\Windows\System\RcpiYLo.exe
  2⤵
  PID:10360
- C:\Windows\System\xylJRxm.exe
  C:\Windows\System\xylJRxm.exe
  2⤵
  PID:10384
- C:\Windows\System\czXJcAc.exe
  C:\Windows\System\czXJcAc.exe
  2⤵
  PID:10412
- C:\Windows\System\nWYFtOj.exe
  C:\Windows\System\nWYFtOj.exe
  2⤵
  PID:10452
- C:\Windows\System\XHtLXvu.exe
  C:\Windows\System\XHtLXvu.exe
  2⤵
  PID:10468
- C:\Windows\System\RrLgJfQ.exe
  C:\Windows\System\RrLgJfQ.exe
  2⤵
  PID:10496
- C:\Windows\System\hKPCQyt.exe
  C:\Windows\System\hKPCQyt.exe
  2⤵
  PID:10512
- C:\Windows\System\gDoOwpL.exe
  C:\Windows\System\gDoOwpL.exe
  2⤵
  PID:10536
- C:\Windows\System\NWzZLsx.exe
  C:\Windows\System\NWzZLsx.exe
  2⤵
  PID:10560
- C:\Windows\System\VoVLPUR.exe
  C:\Windows\System\VoVLPUR.exe
  2⤵
  PID:10592
- C:\Windows\System\xvIsttK.exe
  C:\Windows\System\xvIsttK.exe
  2⤵
  PID:10612
- C:\Windows\System\ZVGcHbK.exe
  C:\Windows\System\ZVGcHbK.exe
  2⤵
  PID:10632
- C:\Windows\System\xhpEnWw.exe
  C:\Windows\System\xhpEnWw.exe
  2⤵
  PID:10652
- C:\Windows\System\ohvqFFG.exe
  C:\Windows\System\ohvqFFG.exe
  2⤵
  PID:10668
- C:\Windows\System\rwCzRjT.exe
  C:\Windows\System\rwCzRjT.exe
  2⤵
  PID:10684
- C:\Windows\System\TlXFqDt.exe
  C:\Windows\System\TlXFqDt.exe
  2⤵
  PID:10720
- C:\Windows\System\YyVgzFM.exe
  C:\Windows\System\YyVgzFM.exe
  2⤵
  PID:10740
- C:\Windows\System\sepZkJN.exe
  C:\Windows\System\sepZkJN.exe
  2⤵
  PID:10764
- C:\Windows\System\BIjetLZ.exe
  C:\Windows\System\BIjetLZ.exe
  2⤵
  PID:10784
- C:\Windows\System\npzQOUE.exe
  C:\Windows\System\npzQOUE.exe
  2⤵
  PID:10804
- C:\Windows\System\LGFpHIF.exe
  C:\Windows\System\LGFpHIF.exe
  2⤵
  PID:10828
- C:\Windows\System\jlGaBJw.exe
  C:\Windows\System\jlGaBJw.exe
  2⤵
  PID:10844
- C:\Windows\System\ksEcaIO.exe
  C:\Windows\System\ksEcaIO.exe
  2⤵
  PID:10868
- C:\Windows\System\hbvnyeu.exe
  C:\Windows\System\hbvnyeu.exe
  2⤵
  PID:10884
- C:\Windows\System\EBeYann.exe
  C:\Windows\System\EBeYann.exe
  2⤵
  PID:10908
- C:\Windows\System\PDyFksY.exe
  C:\Windows\System\PDyFksY.exe
  2⤵
  PID:10936
- C:\Windows\System\bFhHEMz.exe
  C:\Windows\System\bFhHEMz.exe
  2⤵
  PID:10952
- C:\Windows\System\jaJkGnA.exe
  C:\Windows\System\jaJkGnA.exe
  2⤵
  PID:10976
- C:\Windows\System\sRlhHgu.exe
  C:\Windows\System\sRlhHgu.exe
  2⤵
  PID:11000
- C:\Windows\System\LUKweFu.exe
  C:\Windows\System\LUKweFu.exe
  2⤵
  PID:11024
- C:\Windows\System\jSbbLzM.exe
  C:\Windows\System\jSbbLzM.exe
  2⤵
  PID:11052
- C:\Windows\System\ZQjnRwA.exe
  C:\Windows\System\ZQjnRwA.exe
  2⤵
  PID:11072
- C:\Windows\System\IjhusPY.exe
  C:\Windows\System\IjhusPY.exe
  2⤵
  PID:11092
- C:\Windows\System\lkQeMrL.exe
  C:\Windows\System\lkQeMrL.exe
  2⤵
  PID:11120
- C:\Windows\System\OCnkozV.exe
  C:\Windows\System\OCnkozV.exe
  2⤵
  PID:11136
- C:\Windows\System\RFJjsfo.exe
  C:\Windows\System\RFJjsfo.exe
  2⤵
  PID:11156
- C:\Windows\System\pRUIWya.exe
  C:\Windows\System\pRUIWya.exe
  2⤵
  PID:11172
- C:\Windows\System\HnDoQxY.exe
  C:\Windows\System\HnDoQxY.exe
  2⤵
  PID:11188
- C:\Windows\System\InSbsOC.exe
  C:\Windows\System\InSbsOC.exe
  2⤵
  PID:11204
- C:\Windows\System\WdTIChX.exe
  C:\Windows\System\WdTIChX.exe
  2⤵
  PID:11224
- C:\Windows\System\SYJuPIB.exe
  C:\Windows\System\SYJuPIB.exe
  2⤵
  PID:11244
- C:\Windows\System\vMmjGOz.exe
  C:\Windows\System\vMmjGOz.exe
  2⤵
  PID:7288
- C:\Windows\System\EUfKpxi.exe
  C:\Windows\System\EUfKpxi.exe
  2⤵
  PID:9404
- C:\Windows\System\pziEZkt.exe
  C:\Windows\System\pziEZkt.exe
  2⤵
  PID:8472
- C:\Windows\System\GatWQjC.exe
  C:\Windows\System\GatWQjC.exe
  2⤵
  PID:8576
- C:\Windows\System\TcksVwg.exe
  C:\Windows\System\TcksVwg.exe
  2⤵
  PID:8884
- C:\Windows\System\aIdKnoO.exe
  C:\Windows\System\aIdKnoO.exe
  2⤵
  PID:9072
- C:\Windows\System\nfQIONs.exe
  C:\Windows\System\nfQIONs.exe
  2⤵
  PID:10020
- C:\Windows\System\rBpOROp.exe
  C:\Windows\System\rBpOROp.exe
  2⤵
  PID:6420
- C:\Windows\System\NzxEHPx.exe
  C:\Windows\System\NzxEHPx.exe
  2⤵
  PID:7592
- C:\Windows\System\grTGQfO.exe
  C:\Windows\System\grTGQfO.exe
  2⤵
  PID:10096
- C:\Windows\System\sQcHaHW.exe
  C:\Windows\System\sQcHaHW.exe
  2⤵
  PID:9252
- C:\Windows\System\iVPAppZ.exe
  C:\Windows\System\iVPAppZ.exe
  2⤵
  PID:10236
- C:\Windows\System\BqIemYj.exe
  C:\Windows\System\BqIemYj.exe
  2⤵
  PID:5992
- C:\Windows\System\MYNzSxR.exe
  C:\Windows\System\MYNzSxR.exe
  2⤵
  PID:8136
- C:\Windows\System\oOHeBVz.exe
  C:\Windows\System\oOHeBVz.exe
  2⤵
  PID:10324
- C:\Windows\System\UUfHnlD.exe
  C:\Windows\System\UUfHnlD.exe
  2⤵
  PID:11752
- C:\Windows\System\hSzhpGK.exe
  C:\Windows\System\hSzhpGK.exe
  2⤵
  PID:11784
- C:\Windows\System\BKacxkA.exe
  C:\Windows\System\BKacxkA.exe
  2⤵
  PID:11804
- C:\Windows\System\CjxpBsn.exe
  C:\Windows\System\CjxpBsn.exe
  2⤵
  PID:11836
- C:\Windows\System\OSFTUKw.exe
  C:\Windows\System\OSFTUKw.exe
  2⤵
  PID:11860
- C:\Windows\System\lGZQfQS.exe
  C:\Windows\System\lGZQfQS.exe
  2⤵
  PID:11888
- C:\Windows\System\EHMQtBF.exe
  C:\Windows\System\EHMQtBF.exe
  2⤵
  PID:11908
- C:\Windows\System\WTQcMxT.exe
  C:\Windows\System\WTQcMxT.exe
  2⤵
  PID:11940
- C:\Windows\System\QeXvdej.exe
  C:\Windows\System\QeXvdej.exe
  2⤵
  PID:11960
- C:\Windows\System\DHGWTMl.exe
  C:\Windows\System\DHGWTMl.exe
  2⤵
  PID:11988
- C:\Windows\System\WVKuNMN.exe
  C:\Windows\System\WVKuNMN.exe
  2⤵
  PID:12008
- C:\Windows\System\mRZmWAq.exe
  C:\Windows\System\mRZmWAq.exe
  2⤵
  PID:12040
- C:\Windows\System\qHaiQLX.exe
  C:\Windows\System\qHaiQLX.exe
  2⤵
  PID:12064
- C:\Windows\System\XLKENEl.exe
  C:\Windows\System\XLKENEl.exe
  2⤵
  PID:12092
- C:\Windows\System\ZWlbffa.exe
  C:\Windows\System\ZWlbffa.exe
  2⤵
  PID:12116
- C:\Windows\System\xWghmHW.exe
  C:\Windows\System\xWghmHW.exe
  2⤵
  PID:12152
- C:\Windows\System\OomYNgm.exe
  C:\Windows\System\OomYNgm.exe
  2⤵
  PID:12184
- C:\Windows\System\naqzAWg.exe
  C:\Windows\System\naqzAWg.exe
  2⤵
  PID:12208
- C:\Windows\System\cHZGlFJ.exe
  C:\Windows\System\cHZGlFJ.exe
  2⤵
  PID:12240
- C:\Windows\System\MHvAiWt.exe
  C:\Windows\System\MHvAiWt.exe
  2⤵
  PID:12268
- C:\Windows\System\zplFJgc.exe
  C:\Windows\System\zplFJgc.exe
  2⤵
  PID:9700
- C:\Windows\System\HbdSyYa.exe
  C:\Windows\System\HbdSyYa.exe
  2⤵
  PID:11168
- C:\Windows\System\CcyVWbn.exe
  C:\Windows\System\CcyVWbn.exe
  2⤵
  PID:11200
- C:\Windows\System\mIOklqj.exe
  C:\Windows\System\mIOklqj.exe
  2⤵
  PID:9048
- C:\Windows\System\JSCmTED.exe
  C:\Windows\System\JSCmTED.exe
  2⤵
  PID:8120
- C:\Windows\System\ejwfTQf.exe
  C:\Windows\System\ejwfTQf.exe
  2⤵
  PID:6636
- C:\Windows\System\TMwKDfh.exe
  C:\Windows\System\TMwKDfh.exe
  2⤵
  PID:7316
- C:\Windows\System\VyNLbYh.exe
  C:\Windows\System\VyNLbYh.exe
  2⤵
  PID:10552
- C:\Windows\System\ajjdZow.exe
  C:\Windows\System\ajjdZow.exe
  2⤵
  PID:10600
- C:\Windows\System\Pwcgrwo.exe
  C:\Windows\System\Pwcgrwo.exe
  2⤵
  PID:8940
- C:\Windows\System\lsgKiMe.exe
  C:\Windows\System\lsgKiMe.exe
  2⤵
  PID:9140
- C:\Windows\System\nXPqHnp.exe
  C:\Windows\System\nXPqHnp.exe
  2⤵
  PID:7792
- C:\Windows\System\tidvEQt.exe
  C:\Windows\System\tidvEQt.exe
  2⤵
  PID:9640
- C:\Windows\System\yQQcWdt.exe
  C:\Windows\System\yQQcWdt.exe
  2⤵
  PID:9932
- C:\Windows\System\dWfOMHK.exe
  C:\Windows\System\dWfOMHK.exe
  2⤵
  PID:7292
- C:\Windows\System\OIrwqzR.exe
  C:\Windows\System\OIrwqzR.exe
  2⤵
  PID:10216
- C:\Windows\System\GHwUfqx.exe
  C:\Windows\System\GHwUfqx.exe
  2⤵
  PID:7668
- C:\Windows\System\zIhxbto.exe
  C:\Windows\System\zIhxbto.exe
  2⤵
  PID:9724
- C:\Windows\System\jSJMFkC.exe
  C:\Windows\System\jSJMFkC.exe
  2⤵
  PID:9512
- C:\Windows\System\kIjcNOF.exe
  C:\Windows\System\kIjcNOF.exe
  2⤵
  PID:10476
- C:\Windows\System\NjfQIhh.exe
  C:\Windows\System\NjfQIhh.exe
  2⤵
  PID:10528
- C:\Windows\System\XcPYvWT.exe
  C:\Windows\System\XcPYvWT.exe
  2⤵
  PID:10664
- C:\Windows\System\jWsYJnh.exe
  C:\Windows\System\jWsYJnh.exe
  2⤵
  PID:10732
- C:\Windows\System\pPBbPhI.exe
  C:\Windows\System\pPBbPhI.exe
  2⤵
  PID:10776
- C:\Windows\System\pRZrVbk.exe
  C:\Windows\System\pRZrVbk.exe
  2⤵
  PID:10836
- C:\Windows\System\yTOMGeO.exe
  C:\Windows\System\yTOMGeO.exe
  2⤵
  PID:10880
- C:\Windows\System\oGgoZQD.exe
  C:\Windows\System\oGgoZQD.exe
  2⤵
  PID:11636
- C:\Windows\System\pHcpxXI.exe
  C:\Windows\System\pHcpxXI.exe
  2⤵
  PID:10960
- C:\Windows\System\IpSFnAW.exe
  C:\Windows\System\IpSFnAW.exe
  2⤵
  PID:10992
- C:\Windows\System\cTkbSmk.exe
  C:\Windows\System\cTkbSmk.exe
  2⤵
  PID:11304
- C:\Windows\System\EhopDOB.exe
  C:\Windows\System\EhopDOB.exe
  2⤵
  PID:11328
- C:\Windows\System\TOzurJu.exe
  C:\Windows\System\TOzurJu.exe
  2⤵
  PID:11108
- C:\Windows\System\PlnReUB.exe
  C:\Windows\System\PlnReUB.exe
  2⤵
  PID:11348
- C:\Windows\System\ywwmtuP.exe
  C:\Windows\System\ywwmtuP.exe
  2⤵
  PID:8412
- C:\Windows\System\wdSxPVf.exe
  C:\Windows\System\wdSxPVf.exe
  2⤵
  PID:9588
- C:\Windows\System\QNTJrpH.exe
  C:\Windows\System\QNTJrpH.exe
  2⤵
  PID:11792
- C:\Windows\System\yeKhBTm.exe
  C:\Windows\System\yeKhBTm.exe
  2⤵
  PID:11408
- C:\Windows\System\IroSICb.exe
  C:\Windows\System\IroSICb.exe
  2⤵
  PID:11856
- C:\Windows\System\SleIDnc.exe
  C:\Windows\System\SleIDnc.exe
  2⤵
  PID:11928
- C:\Windows\System\bUsWUOy.exe
  C:\Windows\System\bUsWUOy.exe
  2⤵
  PID:11980
- C:\Windows\System\iyiNZyE.exe
  C:\Windows\System\iyiNZyE.exe
  2⤵
  PID:12300
- C:\Windows\System\hxmNevT.exe
  C:\Windows\System\hxmNevT.exe
  2⤵
  PID:12316
- C:\Windows\System\WLBkESp.exe
  C:\Windows\System\WLBkESp.exe
  2⤵
  PID:12332
- C:\Windows\System\ioTcOJF.exe
  C:\Windows\System\ioTcOJF.exe
  2⤵
  PID:12352
- C:\Windows\System\uolZaKh.exe
  C:\Windows\System\uolZaKh.exe
  2⤵
  PID:12368
- C:\Windows\System\KFxauoh.exe
  C:\Windows\System\KFxauoh.exe
  2⤵
  PID:12384
- C:\Windows\System\szvMPpB.exe
  C:\Windows\System\szvMPpB.exe
  2⤵
  PID:12400
- C:\Windows\System\UiHeZWm.exe
  C:\Windows\System\UiHeZWm.exe
  2⤵
  PID:12420
- C:\Windows\System\XDyRTLm.exe
  C:\Windows\System\XDyRTLm.exe
  2⤵
  PID:12444
- C:\Windows\System\JfyoIzj.exe
  C:\Windows\System\JfyoIzj.exe
  2⤵
  PID:12468
- C:\Windows\System\eczHqAA.exe
  C:\Windows\System\eczHqAA.exe
  2⤵
  PID:12492
- C:\Windows\System\uPbKmMg.exe
  C:\Windows\System\uPbKmMg.exe
  2⤵
  PID:12512
- C:\Windows\System\ovNydaG.exe
  C:\Windows\System\ovNydaG.exe
  2⤵
  PID:12528
- C:\Windows\System\BuIDjQc.exe
  C:\Windows\System\BuIDjQc.exe
  2⤵
  PID:12548
- C:\Windows\System\uDhhjDz.exe
  C:\Windows\System\uDhhjDz.exe
  2⤵
  PID:12568
- C:\Windows\System\ezciKvK.exe
  C:\Windows\System\ezciKvK.exe
  2⤵
  PID:12596
- C:\Windows\System\PrcuCCl.exe
  C:\Windows\System\PrcuCCl.exe
  2⤵
  PID:12616
- C:\Windows\System\XnhsufP.exe
  C:\Windows\System\XnhsufP.exe
  2⤵
  PID:12636
- C:\Windows\System\eABPJpv.exe
  C:\Windows\System\eABPJpv.exe
  2⤵
  PID:12652
- C:\Windows\System\EizthAi.exe
  C:\Windows\System\EizthAi.exe
  2⤵
  PID:12668
- C:\Windows\System\hQuzXAC.exe
  C:\Windows\System\hQuzXAC.exe
  2⤵
  PID:12684
- C:\Windows\System\aqMFDlX.exe
  C:\Windows\System\aqMFDlX.exe
  2⤵
  PID:12708
- C:\Windows\System\VQRBunV.exe
  C:\Windows\System\VQRBunV.exe
  2⤵
  PID:12732
- C:\Windows\System\cXYioEv.exe
  C:\Windows\System\cXYioEv.exe
  2⤵
  PID:12760
- C:\Windows\System\ShWrMoS.exe
  C:\Windows\System\ShWrMoS.exe
  2⤵
  PID:12788
- C:\Windows\System\eJqiPKr.exe
  C:\Windows\System\eJqiPKr.exe
  2⤵
  PID:12816
- C:\Windows\System\XOJViKW.exe
  C:\Windows\System\XOJViKW.exe
  2⤵
  PID:12832
- C:\Windows\System\MLwFheU.exe
  C:\Windows\System\MLwFheU.exe
  2⤵
  PID:12856
- C:\Windows\System\vJELmjq.exe
  C:\Windows\System\vJELmjq.exe
  2⤵
  PID:12884
- C:\Windows\System\BOdkxit.exe
  C:\Windows\System\BOdkxit.exe
  2⤵
  PID:12904
- C:\Windows\System\wghraqN.exe
  C:\Windows\System\wghraqN.exe
  2⤵
  PID:12924
- C:\Windows\System\YaVVqvN.exe
  C:\Windows\System\YaVVqvN.exe
  2⤵
  PID:12944
- C:\Windows\System\OUSvnZI.exe
  C:\Windows\System\OUSvnZI.exe
  2⤵
  PID:12964
- C:\Windows\System\gDZIWIe.exe
  C:\Windows\System\gDZIWIe.exe
  2⤵
  PID:12992
- C:\Windows\System\eevKOZu.exe
  C:\Windows\System\eevKOZu.exe
  2⤵
  PID:13016
- C:\Windows\System\Bnpedni.exe
  C:\Windows\System\Bnpedni.exe
  2⤵
  PID:13036
- C:\Windows\System\edWUdyb.exe
  C:\Windows\System\edWUdyb.exe
  2⤵
  PID:13056
- C:\Windows\System\bKjAtMr.exe
  C:\Windows\System\bKjAtMr.exe
  2⤵
  PID:13228
- C:\Windows\System\zueqEve.exe
  C:\Windows\System\zueqEve.exe
  2⤵
  PID:12428
- C:\Windows\System\mAAmMUJ.exe
  C:\Windows\System\mAAmMUJ.exe
  2⤵
  PID:13168
- C:\Windows\System\vYdvzye.exe
  C:\Windows\System\vYdvzye.exe
  2⤵
  PID:10580
- C:\Windows\System\lImgkVA.exe
  C:\Windows\System\lImgkVA.exe
  2⤵
  PID:12308
- C:\Windows\System\dsRZmdP.exe
  C:\Windows\System\dsRZmdP.exe
  2⤵
  PID:9856
- C:\Windows\System\pNLSATf.exe
  C:\Windows\System\pNLSATf.exe
  2⤵
  PID:11568
- C:\Windows\System\jkMwFHm.exe
  C:\Windows\System\jkMwFHm.exe
  2⤵
  PID:9728
- C:\Windows\System\jsvhWej.exe
  C:\Windows\System\jsvhWej.exe
  2⤵
  PID:12808
- C:\Windows\System\xUdxKkI.exe
  C:\Windows\System\xUdxKkI.exe
  2⤵
  PID:13148
- C:\Windows\System\MglJKCk.exe
  C:\Windows\System\MglJKCk.exe
  2⤵
  PID:13152
- C:\Windows\System\KUFwGlz.exe
  C:\Windows\System\KUFwGlz.exe
  2⤵
  PID:12936
- C:\Windows\System\TGyokfu.exe
  C:\Windows\System\TGyokfu.exe
  2⤵
  PID:10488
- C:\Windows\System\ZWVuHyg.exe
  C:\Windows\System\ZWVuHyg.exe
  2⤵
  PID:11628
- C:\Windows\System\ZNtxEXY.exe
  C:\Windows\System\ZNtxEXY.exe
  2⤵
  PID:7936
- C:\Windows\System\KxZaGRa.exe
  C:\Windows\System\KxZaGRa.exe
  2⤵
  PID:4676
- C:\Windows\System\FvGLICE.exe
  C:\Windows\System\FvGLICE.exe
  2⤵
  PID:11284
- C:\Windows\System\BtMBSTf.exe
  C:\Windows\System\BtMBSTf.exe
  2⤵
  PID:12104
- C:\Windows\System\LWEoaFB.exe
  C:\Windows\System\LWEoaFB.exe
  2⤵
  PID:9500
- C:\Windows\System\ogzgvYI.exe
  C:\Windows\System\ogzgvYI.exe
  2⤵
  PID:12540
- C:\Windows\System\ZOaHNIE.exe
  C:\Windows\System\ZOaHNIE.exe
  2⤵
  PID:12960
- C:\Windows\System\lKLqYLa.exe
  C:\Windows\System\lKLqYLa.exe
  2⤵
  PID:12868
- C:\Windows\System\OTDLuuL.exe
  C:\Windows\System\OTDLuuL.exe
  2⤵
  PID:2224
- C:\Windows\System\asfKuPK.exe
  C:\Windows\System\asfKuPK.exe
  2⤵
  PID:11480
- C:\Windows\System\fMBWRIc.exe
  C:\Windows\System\fMBWRIc.exe
  2⤵
  PID:13104
- C:\Windows\System\LlBElts.exe
  C:\Windows\System\LlBElts.exe
  2⤵
  PID:11164
- C:\Windows\System\TQhTtmP.exe
  C:\Windows\System\TQhTtmP.exe
  2⤵
  PID:13032
- C:\Windows\System\uFIfaQO.exe
  C:\Windows\System\uFIfaQO.exe
  2⤵
  PID:11588
- C:\Windows\System\OWYRfSd.exe
  C:\Windows\System\OWYRfSd.exe
  2⤵
  PID:12692
- C:\Windows\System\hgIJAUw.exe
  C:\Windows\System\hgIJAUw.exe
  2⤵
  PID:12456
- C:\Windows\System\rRGwtkK.exe
  C:\Windows\System\rRGwtkK.exe
  2⤵
  PID:13024
- C:\Windows\System\DZBwqVA.exe
  C:\Windows\System\DZBwqVA.exe
  2⤵
  PID:12200
- C:\Windows\System\WlkDBpK.exe
  C:\Windows\System\WlkDBpK.exe
  2⤵
  PID:13224
- C:\Windows\System\sXgYOgC.exe
  C:\Windows\System\sXgYOgC.exe
  2⤵
  PID:12364
- C:\Windows\System\QzEYsAv.exe
  C:\Windows\System\QzEYsAv.exe
  2⤵
  PID:12344
- C:\Windows\System\VlemqvC.exe
  C:\Windows\System\VlemqvC.exe
  2⤵
  PID:13120
- C:\Windows\System\BQsmKeD.exe
  C:\Windows\System\BQsmKeD.exe
  2⤵
  PID:13212
- C:\Windows\System\uWKppqP.exe
  C:\Windows\System\uWKppqP.exe
  2⤵
  PID:12720
- C:\Windows\System\YfgGxLO.exe
  C:\Windows\System\YfgGxLO.exe
  2⤵
  PID:6544
- C:\Windows\System\PJCVyWu.exe
  C:\Windows\System\PJCVyWu.exe
  2⤵
  PID:12072
- C:\Windows\System\bCYEsbH.exe
  C:\Windows\System\bCYEsbH.exe
  2⤵
  PID:12172
- C:\Windows\System\nAQpcxE.exe
  C:\Windows\System\nAQpcxE.exe
  2⤵
  PID:12704
- C:\Windows\System\xOFrQQX.exe
  C:\Windows\System\xOFrQQX.exe
  2⤵
  PID:12036
- C:\Windows\System\zVXVyfT.exe
  C:\Windows\System\zVXVyfT.exe
  2⤵
  PID:11196
- C:\Windows\System\COwfihS.exe
  C:\Windows\System\COwfihS.exe
  2⤵
  PID:9556
- C:\Windows\System\pjgTFEf.exe
  C:\Windows\System\pjgTFEf.exe
  2⤵
  PID:12556
- C:\Windows\System\WxCsebG.exe
  C:\Windows\System\WxCsebG.exe
  2⤵
  PID:13236
- C:\Windows\System\TTbfatj.exe
  C:\Windows\System\TTbfatj.exe
  2⤵
  PID:12164
- C:\Windows\System\xlRLdVc.exe
  C:\Windows\System\xlRLdVc.exe
  2⤵
  PID:988
- C:\Windows\System\fRoPuju.exe
  C:\Windows\System\fRoPuju.exe
  2⤵
  PID:10852
- C:\Windows\System\MWFHfvg.exe
  C:\Windows\System\MWFHfvg.exe
  2⤵
  PID:12000
- C:\Windows\System\cXWZRhL.exe
  C:\Windows\System\cXWZRhL.exe
  2⤵
  PID:13252
- C:\Windows\System\vCrwRvg.exe
  C:\Windows\System\vCrwRvg.exe
  2⤵
  PID:11432
- C:\Windows\System\FKuBtLs.exe
  C:\Windows\System\FKuBtLs.exe
  2⤵
  PID:13320
- C:\Windows\System\yjamXcD.exe
  C:\Windows\System\yjamXcD.exe
  2⤵
  PID:13388
- C:\Windows\System\ZTNbpGx.exe
  C:\Windows\System\ZTNbpGx.exe
  2⤵
  PID:13456
- C:\Windows\System\TyztPDM.exe
  C:\Windows\System\TyztPDM.exe
  2⤵
  PID:13484
- C:\Windows\System\ookjIcj.exe
  C:\Windows\System\ookjIcj.exe
  2⤵
  PID:13556
- C:\Windows\System\MERvyQf.exe
  C:\Windows\System\MERvyQf.exe
  2⤵
  PID:13676
- C:\Windows\System\QAVmWRd.exe
  C:\Windows\System\QAVmWRd.exe
  2⤵
  PID:13700
- C:\Windows\System\iwxiHJa.exe
  C:\Windows\System\iwxiHJa.exe
  2⤵
  PID:13716
- C:\Windows\System\okykUdX.exe
  C:\Windows\System\okykUdX.exe
  2⤵
  PID:13732
- C:\Windows\System\teKMoUU.exe
  C:\Windows\System\teKMoUU.exe
  2⤵
  PID:13748
- C:\Windows\System\PhSIlsZ.exe
  C:\Windows\System\PhSIlsZ.exe
  2⤵
  PID:13768
- C:\Windows\System\XNhYZuN.exe
  C:\Windows\System\XNhYZuN.exe
  2⤵
  PID:13788
- C:\Windows\System\upMMncP.exe
  C:\Windows\System\upMMncP.exe
  2⤵
  PID:13804
- C:\Windows\System\fbGCwjS.exe
  C:\Windows\System\fbGCwjS.exe
  2⤵
  PID:13820
- C:\Windows\System\hMHzrIN.exe
  C:\Windows\System\hMHzrIN.exe
  2⤵
  PID:13840
- C:\Windows\System\ScIfVCe.exe
  C:\Windows\System\ScIfVCe.exe
  2⤵
  PID:13856
- C:\Windows\System\YequkBf.exe
  C:\Windows\System\YequkBf.exe
  2⤵
  PID:13876
- C:\Windows\System\MjMPWVi.exe
  C:\Windows\System\MjMPWVi.exe
  2⤵
  PID:13900
- C:\Windows\System\RWPhNvz.exe
  C:\Windows\System\RWPhNvz.exe
  2⤵
  PID:13924
- C:\Windows\System\hWkXCyA.exe
  C:\Windows\System\hWkXCyA.exe
  2⤵
  PID:13952
- C:\Windows\System\giKYVef.exe
  C:\Windows\System\giKYVef.exe
  2⤵
  PID:13972
- C:\Windows\System\GTrlGxf.exe
  C:\Windows\System\GTrlGxf.exe
  2⤵
  PID:13996
- C:\Windows\System\BewiIxd.exe
  C:\Windows\System\BewiIxd.exe
  2⤵
  PID:14044
- C:\Windows\System\vnjynVa.exe
  C:\Windows\System\vnjynVa.exe
  2⤵
  PID:14212
- C:\Windows\System\HeaDzJx.exe
  C:\Windows\System\HeaDzJx.exe
  2⤵
  PID:14236
- C:\Windows\System\lJZHSWS.exe
  C:\Windows\System\lJZHSWS.exe
  2⤵
  PID:14256
- C:\Windows\System\rmXIjCN.exe
  C:\Windows\System\rmXIjCN.exe
  2⤵
  PID:14276
- C:\Windows\System\btiZYmX.exe
  C:\Windows\System\btiZYmX.exe
  2⤵
  PID:12752
- C:\Windows\System\RGhgFBA.exe
  C:\Windows\System\RGhgFBA.exe
  2⤵
  PID:13836
- C:\Windows\System\rohZTpx.exe
  C:\Windows\System\rohZTpx.exe
  2⤵
  PID:13728
- C:\Windows\System\bpqGnWB.exe
  C:\Windows\System\bpqGnWB.exe
  2⤵
  PID:13784
- C:\Windows\System\ZdWCCzP.exe
  C:\Windows\System\ZdWCCzP.exe
  2⤵
  PID:13988
- C:\Windows\System\WbtEmWc.exe
  C:\Windows\System\WbtEmWc.exe
  2⤵
  PID:13868
- C:\Windows\System\eNAdfQJ.exe
  C:\Windows\System\eNAdfQJ.exe
  2⤵
  PID:13892
- C:\Windows\System\fiUzmcO.exe
  C:\Windows\System\fiUzmcO.exe
  2⤵
  PID:13920
- C:\Windows\System\xipdVrA.exe
  C:\Windows\System\xipdVrA.exe
  2⤵
  PID:14092
- C:\Windows\System\KncYlhK.exe
  C:\Windows\System\KncYlhK.exe
  2⤵
  PID:14072
- C:\Windows\System\LJCYsdY.exe
  C:\Windows\System\LJCYsdY.exe
  2⤵
  PID:14128
- C:\Windows\System\AFjBpFI.exe
  C:\Windows\System\AFjBpFI.exe
  2⤵
  PID:14140
- C:\Windows\System\sdjOdNd.exe
  C:\Windows\System\sdjOdNd.exe
  2⤵
  PID:14164
- C:\Windows\System\aenIGJE.exe
  C:\Windows\System\aenIGJE.exe
  2⤵
  PID:14024
- C:\Windows\System\UilAZfD.exe
  C:\Windows\System\UilAZfD.exe
  2⤵
  PID:14176
- C:\Windows\System\OfgGUAK.exe
  C:\Windows\System\OfgGUAK.exe
  2⤵
  PID:14196
- C:\Windows\System\vAysqNx.exe
  C:\Windows\System\vAysqNx.exe
  2⤵
  PID:14180
- C:\Windows\System\xASUgLm.exe
  C:\Windows\System\xASUgLm.exe
  2⤵
  PID:14244
- C:\Windows\System\qiYGKpB.exe
  C:\Windows\System\qiYGKpB.exe
  2⤵
  PID:14264
- C:\Windows\System\RiVehwL.exe
  C:\Windows\System\RiVehwL.exe
  2⤵
  PID:14292
- C:\Windows\System\eIthhFk.exe
  C:\Windows\System\eIthhFk.exe
  2⤵
  PID:14328
- C:\Windows\System\WnJJBoY.exe
  C:\Windows\System\WnJJBoY.exe
  2⤵
  PID:11088
- C:\Windows\System\hWKTPuG.exe
  C:\Windows\System\hWKTPuG.exe
  2⤵
  PID:11904
- C:\Windows\System\utNEqoh.exe
  C:\Windows\System\utNEqoh.exe
  2⤵
  PID:452
- C:\Windows\System\flZvGDl.exe
  C:\Windows\System\flZvGDl.exe
  2⤵
  PID:11812
- C:\Windows\System\XykaVJb.exe
  C:\Windows\System\XykaVJb.exe
  2⤵
  PID:8724
- C:\Windows\System\avuTYgu.exe
  C:\Windows\System\avuTYgu.exe
  2⤵
  PID:13256
- C:\Windows\System\OIVtFLj.exe
  C:\Windows\System\OIVtFLj.exe
  2⤵
  PID:13360
- C:\Windows\System\MdKTrKG.exe
  C:\Windows\System\MdKTrKG.exe
  2⤵
  PID:13372
- C:\Windows\System\XNvizcq.exe
  C:\Windows\System\XNvizcq.exe
  2⤵
  PID:11384
- C:\Windows\System\YUpwlHc.exe
  C:\Windows\System\YUpwlHc.exe
  2⤵
  PID:12340
- C:\Windows\System\BaCqOSf.exe
  C:\Windows\System\BaCqOSf.exe
  2⤵
  PID:13108
- C:\Windows\System\pcCKHkd.exe
  C:\Windows\System\pcCKHkd.exe
  2⤵
  PID:12408
- C:\Windows\System\MNoagvH.exe
  C:\Windows\System\MNoagvH.exe
  2⤵
  PID:13328
- C:\Windows\System\VMPNvyB.exe
  C:\Windows\System\VMPNvyB.exe
  2⤵
  PID:13348
- C:\Windows\System\vJTUyyj.exe
  C:\Windows\System\vJTUyyj.exe
  2⤵
  PID:13220
- C:\Windows\System\CCjgABo.exe
  C:\Windows\System\CCjgABo.exe
  2⤵
  PID:13412
- C:\Windows\System\DJWKnsO.exe
  C:\Windows\System\DJWKnsO.exe
  2⤵
  PID:13352
- C:\Windows\System\duImeFo.exe
  C:\Windows\System\duImeFo.exe
  2⤵
  PID:13444
- C:\Windows\System\LQIBnlK.exe
  C:\Windows\System\LQIBnlK.exe
  2⤵
  PID:13476
- C:\Windows\System\YpHAVKg.exe
  C:\Windows\System\YpHAVKg.exe
  2⤵
  PID:2116
- C:\Windows\System\naBaRYi.exe
  C:\Windows\System\naBaRYi.exe
  2⤵
  PID:13500
- C:\Windows\System\rcisCYn.exe
  C:\Windows\System\rcisCYn.exe
  2⤵
  PID:8100
- C:\Windows\System\uiagAiM.exe
  C:\Windows\System\uiagAiM.exe
  2⤵
  PID:13544
- C:\Windows\System\CebpjaH.exe
  C:\Windows\System\CebpjaH.exe
  2⤵
  PID:13408
- C:\Windows\System\WiWMWTi.exe
  C:\Windows\System\WiWMWTi.exe
  2⤵
  PID:13576
- C:\Windows\System\iMJNeCE.exe
  C:\Windows\System\iMJNeCE.exe
  2⤵
  PID:13368
- C:\Windows\System\sBilcce.exe
  C:\Windows\System\sBilcce.exe
  2⤵
  PID:13516
- C:\Windows\System\MzNslqb.exe
  C:\Windows\System\MzNslqb.exe
  2⤵
  PID:13604
- C:\Windows\System\nTcKrWS.exe
  C:\Windows\System\nTcKrWS.exe
  2⤵
  PID:13612
- C:\Windows\System\nCDBaYZ.exe
  C:\Windows\System\nCDBaYZ.exe
  2⤵
  PID:13620
- C:\Windows\System\vSDTeYG.exe
  C:\Windows\System\vSDTeYG.exe
  2⤵
  PID:13656
- C:\Windows\System\ookMyxp.exe
  C:\Windows\System\ookMyxp.exe
  2⤵
  PID:7500
- C:\Windows\System\iVPgfGX.exe
  C:\Windows\System\iVPgfGX.exe
  2⤵
  PID:2992
- C:\Windows\System\fwnAvAc.exe
  C:\Windows\System\fwnAvAc.exe
  2⤵
  PID:9964
- C:\Windows\System\vnRoKZX.exe
  C:\Windows\System\vnRoKZX.exe
  2⤵
  PID:12840
- C:\Windows\System\HIzUMfr.exe
  C:\Windows\System\HIzUMfr.exe
  2⤵
  PID:13740
- C:\Windows\System\YeZPqwS.exe
  C:\Windows\System\YeZPqwS.exe
  2⤵
  PID:9860
- C:\Windows\System\IKbRyfm.exe
  C:\Windows\System\IKbRyfm.exe
  2⤵
  PID:13688
- C:\Windows\System\BTxxTyk.exe
  C:\Windows\System\BTxxTyk.exe
  2⤵
  PID:2840
- C:\Windows\System\vtMEcHq.exe
  C:\Windows\System\vtMEcHq.exe
  2⤵
  PID:3144
- C:\Windows\System\sfLwvDk.exe
  C:\Windows\System\sfLwvDk.exe
  2⤵
  PID:3164
- C:\Windows\System\ymPRCGz.exe
  C:\Windows\System\ymPRCGz.exe
  2⤵
  PID:4424
- C:\Windows\System\KdqOnXr.exe
  C:\Windows\System\KdqOnXr.exe
  2⤵
  PID:1116
- C:\Windows\System\RKOLLtP.exe
  C:\Windows\System\RKOLLtP.exe
  2⤵
  PID:13800
- C:\Windows\System\qAAMOlE.exe
  C:\Windows\System\qAAMOlE.exe
  2⤵
  PID:13964
- C:\Windows\System\FaXxrcd.exe
  C:\Windows\System\FaXxrcd.exe
  2⤵
  PID:14060
- C:\Windows\System\DGLUsqw.exe
  C:\Windows\System\DGLUsqw.exe
  2⤵
  PID:13916
- C:\Windows\System\tNigIJG.exe
  C:\Windows\System\tNigIJG.exe
  2⤵
  PID:14120
- C:\Windows\System\evAYrnP.exe
  C:\Windows\System\evAYrnP.exe
  2⤵
  PID:14076
- C:\Windows\System\dzMwRYc.exe
  C:\Windows\System\dzMwRYc.exe
  2⤵
  PID:14228
- C:\Windows\System\hHNrYTW.exe
  C:\Windows\System\hHNrYTW.exe
  2⤵
  PID:14308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_jwx3ipga.xzn.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\BDfbwlJ.exe

Filesize
1.9MB

MD5
b39e264568789ad8fdb4bdf27757bcd1

SHA1
4ca7b21cf7714bdb034647da0d729bf4e8b0de0d

SHA256
e38fbb1d4d9b2f6ea01d72357190dfc7724239d752866f717cc3290b151f71a6

SHA512
e0c16041a07f021f542b8c04ef2a8cb620fef70481eee4ed6dc9a25a5cac8ef5ae8aa769a2321604c5dd92c83981fe9e53b5eee84e46732df7a50700cf4dd752

Download Submit
C:\Windows\System\CdgdMfu.exe

Filesize
1.9MB

MD5
6c2c7b2d964e4f1660b02151da6a7d4b

SHA1
ee692c62ab9a5298df3f86b96988cb8c88e8def9

SHA256
ced5022532a869e52f608c9a2ccb19797f6ebdf299f2a279ed77a98e7ab598c2

SHA512
20b5bd3693f7a3df4461b4fbec81e1051213bcd0168291b74ba73f7b5731141ef0e5065926a7624e1629ebb169a0a45c0030ce5faaa5c8d421b7ec04eed43faf

Download Submit
C:\Windows\System\HKKxEuZ.exe

Filesize
1.9MB

MD5
92d1189a3bb78a061db77f3dcb2010e0

SHA1
dca6ecdf035f50216a29d16bd2b5b5562a159262

SHA256
0990d1d3403c9abcbbfab6c3142d9a0ef21e036abf7d6751c20bb1900436d3cc

SHA512
587fefb2e14d9597f027712f30c206dd5d2a32a921188fcaadc986f3cb63ab528a8290a66ca6e1463d8535a17ccd6816c0657e6904418b208509ac06c40be862

Download Submit
C:\Windows\System\HLbPsCA.exe

Filesize
1.9MB

MD5
c97d7890acd7cf7ebe7057f1f397d4da

SHA1
a4430fbdbf304e1997b9f9c31aa04ac593504734

SHA256
632a8ab50d94b9fc61bbf3ca8747aba8da423b39919f0b2e122c219541c003e4

SHA512
53a0040d95d4ae4a177dc9e25c6f9e447def2d06b88f4c02057f14f949b88b1ace6fddfb4262538b94493293b586887bd696c1a544dbb9e7f17bec857129f33e

Download Submit
C:\Windows\System\JsIkLvd.exe

Filesize
1.9MB

MD5
7e79fb0e4cc8d23dbdfc141e3f198853

SHA1
6ab64073dee7d84b38a0727e718bff0e3f7eb45a

SHA256
144a0d7cf1aa1a96a4ae9b0321e4d00158b49d4977ebc8efc0eb79d6a319074e

SHA512
216c40727358bc75dd83dc4cbd302d6260cf84d1b60ba4cb271c7f014c089b0ff2aa40875caaf03332610c87a1dcd62f301361af6a554e6fad340411a62a5d90

Download Submit
C:\Windows\System\LyvOBkV.exe

Filesize
1.9MB

MD5
913cb326613c2833e853f8763c0f6f7c

SHA1
488c2304e42ac2863e7c958500af667c57353182

SHA256
dfd32fcd1dce552033fe5ef4b471c3eea802d4ebb4c4b2000be80a614bea6b21

SHA512
194c650c5183e0075aa39360b9499becd1a719814a0788b4969f323399fc3e474b5aaaddf99a4f65b2321631626c1b4569df232a367d424f9b56966d428ce2fe

Download Submit
C:\Windows\System\MRVMZlt.exe

Filesize
1.9MB

MD5
62f44cb11432a2eac24a219a036eb11d

SHA1
886d77f0dc532c8dfec3e1af8004fca9e3c987c9

SHA256
9d7ad393c7f43c55bc096f1f8a4c3608b2f35dfacf9b47934dd69f721e78847e

SHA512
09a09734eccc725f70e198ce751057c2e19550a5463f8ed411313e1572155e0ba69d35fc0912309d133a78258fb587233df0f4cd2b25158b7afa2860bb2c64ef

Download Submit
C:\Windows\System\MfAttnj.exe

Filesize
1.9MB

MD5
5bc57fe81d07ea802a8347dc130dbb4c

SHA1
6916badfd1bba991e73b1ac432524870bfa6f2a6

SHA256
2e136a27b475190de11cf1d5048e67faa8e1816be41e888e50d96c1dc9c2cad9

SHA512
a324ce68248bb9666e52b3e6795e4d80a4ad7d1727e182f8e8187d85b4ed33f6eb490288ec2ab5bd1bbe7d20e6030c0fecb961f4b1239205796bacdac25a7af0

Download Submit
C:\Windows\System\NLNqDzE.exe

Filesize
1.9MB

MD5
02ecb4dbc802a47985d9e45cb14588f7

SHA1
b6163d7df95a43d83046f5da7482f7d3d3a67778

SHA256
5b76e778246899291e24a8138615b64b9096b9da1d2365691dd9f216143d720a

SHA512
266014d72754495852a3a4d57a48403ac91e48574a1bbea1c07c7d681600f463e50365fb3060b152fb2e0c8145f00b621d45e59b56ed2f868427c96dda5413cd

Download Submit
C:\Windows\System\OehowBP.exe

Filesize
1.9MB

MD5
5749c399114064a53866555370120b08

SHA1
7c9e00c1f3f17c7339f3f80e3bf12fb5864b8a85

SHA256
a47ca023ec43c7580ddc6d9ae874202f26396385e4e5c123526690f00c61bfc3

SHA512
5f4c159b2938fba51f996c4154f0ddba6ff0945725bdcadb5185d6868cdd4141e496b1c573d271250afe06eb0d3f91118a32b1fc4c74b6e92bc54fba7b28c87f

Download Submit
C:\Windows\System\SBOeICw.exe

Filesize
1.9MB

MD5
7eba7d86e45d39b1579ae6f94967ab2d

SHA1
167e9d2e5217b4eadf2800e934f2f56cd5f7a603

SHA256
868cd8df2415b3d2926784dda0152304e0e6af1a0d0cfd4590d0542ff32190fb

SHA512
6cebc82a2c865a72d2ed8b420f3212503c611a3172da436dd17685ba17f16cc7b28e2e5e77421a5c0d8e059937f6426b31eee9e5ff867340fa916965d6ea0314

Download Submit
C:\Windows\System\TBIWkQb.exe

Filesize
1.9MB

MD5
b8a56c874c8d354d6e8caec26553a8d9

SHA1
01a3271999f5caf47cdd18ca25ae09c1b9dbd802

SHA256
131f012fd51dcb0e33c68ab6f09c39ef806b50cc510097c4c7d4a21d852817b8

SHA512
21faaba03616e369f5d6d193c30ee89d20bd8a9feba895ae6953d179eb66e260cf9a5df6db138e6359dcb530d692adc9e99d3105d71dd9b1a07d92e14c135f72

Download Submit
C:\Windows\System\VSoxzBq.exe

Filesize
1.9MB

MD5
423e37ee5d785fc7a5aefe943ccb6d1e

SHA1
325a6d4ec9004383c50fac9519da58ee4ddbad93

SHA256
6ce69a188b593e2376ca7080b99cec93b3815129582f4997366b7ec220061514

SHA512
071285b35f6a87f591a7f5627f2f2c721dfd62803a09975a67bef8440a4a6620b93e8fc7fd7c5ffa2a30410fc17b4801c7ae2a4ac76d33181c46346696d8c4c3

Download Submit
C:\Windows\System\VrOeSdA.exe

Filesize
1.9MB

MD5
a5eb2d34c0f78111ef7697e35d99594c

SHA1
be2527963623d4ed932965d175521fda2e0f2699

SHA256
d9e4e9736cf9f77dcbacc9a2b79519a48b879765046e5856d1a45948a8450731

SHA512
d88eaea750542fb67d96220687d5923120bcc56207a5442246e6537615b06a2ce76e304910b82a121b6f635b7ccda5de61545c6789d9d9f55a56e792d394edac

Download Submit
C:\Windows\System\ZbaTWtF.exe

Filesize
1.9MB

MD5
55a851584fc406398e6126a2b95a5743

SHA1
02ce6593cde15ac1e30b9a0e3497ff040496da77

SHA256
a9cd116705088da858d434e8aaacb7f1c931d5b4b73f274861f4c3e90a2591ae

SHA512
54cff32fac0d9c738f86cae29aa25260b34ca2114b2ef1b41025748795d54f6f222919aed6c5c75d866b23077ebe0e2b09de81a0cdf518dd9be80b3652b95b79

Download Submit
C:\Windows\System\cluJOPa.exe

Filesize
1.9MB

MD5
9f4f997f85038a28cc28fa034aecb27d

SHA1
88dc5406bdc99b13acdfb33416afa053c2684bc8

SHA256
2e4920a93837d5eaa5c511c689e71dc2662d56475aa870b7dac621e7a8e93f63

SHA512
0b2f7d83d406b995c11ef70326056365f9fccfb329ca5fc6d291e0420f6951ea658e17a422614be6f49c8550bff549bd8e9ea7dffd9fccec9a9acd3c080a384c

Download Submit
C:\Windows\System\dusnelh.exe

Filesize
1.9MB

MD5
a7310f38f419123d9baf3c9c578dc9f1

SHA1
4214917c493d3b801b3696fc313c96ceb0e6ee89

SHA256
b1db474109bbe32422cac6b74119b3b932810c3756378335a98712ba02ba5cec

SHA512
13e17072edb676487704382663a16bb45dafd852ec42e3226f675b5b07f75377d8459d429e395576415bdaf036ea21ec7a2c8503529c6e4e8b4af2cb181b8d57

Download Submit
C:\Windows\System\egJdMtB.exe

Filesize
1.9MB

MD5
f2efd44544f3d9926d8b5daa3878a675

SHA1
620e5e636bb8d357889b30d1d6fb76c18636fe78

SHA256
d3aa53d0ef44da70cd9cdbef9b13adfc8ee3db3ae1b9880a0f1c6311c25f4971

SHA512
4d6fef364a41a92e2359422543d8b938945a3bb83e2d67af183915bbf68b2959c6e3b3a0b84bc16f0d0dd27d197318c4d39555c4b1c57a931bf945cd2f70fa99

Download Submit
C:\Windows\System\fTXGlur.exe

Filesize
1.9MB

MD5
2e80f3f0d4a2a3a03c524aac538b3c73

SHA1
bd1fbba668c86232ea0ba734dbc6b3ab04a96ed3

SHA256
aecaacafb361273b32ca7a21fa77903c59736f185f098ce944044b9013f89d11

SHA512
0bbf375fcec2c9df94794693824430b821a356e83ca84747c345d959fa886326bf2cb804d07849b5849a793326e9bb3e9d76bdc31f883d97b83da80e0ce2b99f

Download Submit
C:\Windows\System\fwsywOL.exe

Filesize
8B

MD5
a8f2921c80c15a3d426e5fdff8a56196

SHA1
4dc21bf95e22427a9dafcd4930e81b62e77d5fda

SHA256
7e9bbeeba45dae16f8c444596ee4180d7313e899e46fa6263fde6904f32d92a1

SHA512
996666f646b1878ee129a778184f9520541ee458797b8bfaefed6e1f152a5436e0ff19d28744463b706ffe3e24e429f5af102aa1e7733dbeeb6210754c828802

Download Submit
C:\Windows\System\gdgDMEB.exe

Filesize
1.9MB

MD5
26c0b235a61e25352c604e04d1cbcf9e

SHA1
960b8d8a9dbeee6219a1f8b15866bb14b259713b

SHA256
beb73832c52abda451151c6fe1a4634cbe61bed41d30d96e2277db9ffb29a662

SHA512
a641a343380743b41e65aa6b720e79612c37f22abcaa69c040022ffa889ad6b85919f30ee8c47846ae454640a054de6aafbd6e376831deec3c7cc239f5c90ddd

Download Submit
C:\Windows\System\hXdGAUG.exe

Filesize
1.9MB

MD5
882a522d62bf73c2e607af5dbc99743e

SHA1
b23ffcd74747e98dbbb8fb61ba5feb21e91f3bbe

SHA256
a0097f5b9c58799553cee356faa70de7111974a5c18707be0f00352304c4e65b

SHA512
041157ef241fbf2f9f954dc4b2ab9f11a513d3c845fb33b2b4e83f586eeff3569f7ab2637c6ed68dd9f8a0688ebc05bd5a515007a2b907200586271ff5ee9348

Download Submit
C:\Windows\System\iWWkdsF.exe

Filesize
1.9MB

MD5
186e586e48a9d56491f268188f88777e

SHA1
ab845a72db5155b538db00546355bd02b7b21646

SHA256
a62b9728221380a800f30954bc02ad1c98673c0b6a15b180d5bdede8fe6c422b

SHA512
aaa535ba89c90f3079673dd7110a8dc73559b40b99a95aa840e1e499594ea85d8527982a4c6229715461d390d6ac7d6de5ab1b360c5400ab6925f1aee264fa76

Download Submit
C:\Windows\System\kgbuUzV.exe

Filesize
1.9MB

MD5
3359611c1a5ad712e5e7f661dca84659

SHA1
c0a7492f5f444f57ca19372e8dd1c0d707cb43da

SHA256
c47d29d5091ef96c385f684f5552c6cd0ed17db93265ad902fcefd46f00af834

SHA512
26356d7ec663914a25bd1292e73fe0beec6d45c35e2a3a2cd02ab9defa4faaff52090047f686fed5d30384d9d959893f9b17f08432e0905f42ac9568bdfa6eb3

Download Submit
C:\Windows\System\mQMTErF.exe

Filesize
1.9MB

MD5
10845bd2f0ca3aa99e850f9fbce3f39b

SHA1
373be6971a2e6f2c5b3cd711f8dc9dc8e2631f8c

SHA256
ce0c522a62b487b1a487cd7555479530815098ef6f8e079e8ff2d8d6ff38d4bb

SHA512
1823f771e4e28a407fd7d7221d4656583adadf24e4d0f3c4cfc1f472eacdf91a0248f80e5ad3de47997497b05dbab95031ca21129e7980bc439add36a408f8fd

Download Submit
C:\Windows\System\omROiJw.exe

Filesize
1.9MB

MD5
6888ebed37e6bd76693d0302bfcc912d

SHA1
24fe63ff0c60c0ed83086e64c8eb7dc22fd4d0ef

SHA256
6d2fcb9adb5d5c38332164ff14fe55cd4a10792a49daf6fddce11bad6ce80001

SHA512
6837338a90a31399e6b89dcbc304204c2a990a5b3eb131412b385e706c46e2623e2e0159c638988d89765f6b50c400a35afc223a6535505d9e1c57730edb16b4

Download Submit
C:\Windows\System\owzoMEU.exe

Filesize
1.9MB

MD5
0519066a29740db7a7d2196507b88350

SHA1
577d361dd24b1a4dd13f8c605d87c3018b09da00

SHA256
07e3e1e98607f571602617bbae33e0357bd9649dbe8103d27f29d6b7ab1d02cf

SHA512
79546b0b6304c91cccc3fb764f6f06d9dd7b9131d5071e9b0e7c1e5b45c85e9fccff9c446165437e3919ec751bd9b4fb32b00abccc3d5fb5a37bb469c90ea012

Download Submit
C:\Windows\System\qeQieOx.exe

Filesize
1.9MB

MD5
62c8b5a9b20a23b6dd426f712f392c13

SHA1
d408f21fe6706f59bcbd86e8258d0378f73f9820

SHA256
ac6825ba996dd044b31c383cbe041fd0d55cbdd9b402243f73350a362220983a

SHA512
1ba891d077e179d935f399f5243082ed33e6e3e154b9d34ef9642eaa1b99abcc29b1a0cccff7d73b11c540979ec2198543e854c1decc2b3f86c6d365fd50da93

Download Submit
C:\Windows\System\sUVnJUT.exe

Filesize
1.9MB

MD5
abce9996b089b0eaa4c6c2c21a0ceaf6

SHA1
973cdaacd6ec9a6833cd39d438844dae769e01d8

SHA256
dce0afa3d9d0fe69e1ddd0bdf3f51da10c4e34cfc0e68acf7065fe08856484e2

SHA512
d3086954dc465f7e59f24a1398fb9ea9a9fca8610bbc57a7e2e9c016bc18a21d7820b9005a121a7dda7ce1e449172be97abcaf5fd92a995093123273b79dd231

Download Submit
C:\Windows\System\uYzZIGl.exe

Filesize
1.9MB

MD5
13c0a6048ebd64a8dd4143fbe2e5c97d

SHA1
6852f1ae7dd89e91908585f263971eb485c3663c

SHA256
aa4366b61f44e8c90f785edc428390421d5114995db892bcbca0dbc0fa841108

SHA512
b98646b54bd8779b784023bd9edaabbfc04dea6a624c2227fddf87f63f9bf880840e345397559cd3cf97ab7614f9f2b1f385f7ef84dc26c4627399753cc5ab8e

Download Submit
C:\Windows\System\uzUMBpT.exe

Filesize
1.9MB

MD5
9bf70e69ce57ef05039edf47573d3e72

SHA1
9c68c606915b69fbf46a249afd1dd1615cdb114d

SHA256
c1b2794d7c266d5bbfb4c7c9e02a8ef1b9dd168047d568fc30bea92bd38e5df3

SHA512
5f73194807526f2f44d867fb9531395485c6d7761459419f04e0c3266f10bbbc1ba80762126cb55d19e7434795e996c0e4f969b17cfa320b78455782ea7b1599

Download Submit
C:\Windows\System\xcnhUQm.exe

Filesize
1.9MB

MD5
ceb0a5ae07ef5221d3ea789b8cc712b2

SHA1
bb4e78c158284e2c60439ee84122fb2264474578

SHA256
3f62a99be563cb41939df01fc390c68e4cac2515cdec3c9d7afbcb66fa749513

SHA512
b0454f53ada934bc92fd52825665ead914c27d649e05a70bae555aa89423b1b0c0c24c234a4c6c6c456328bd86aed853153fe0c0d603ca3317382beae5731e52

Download Submit
C:\Windows\System\ymbQAqh.exe

Filesize
1.9MB

MD5
f51e90ed3252ebd3f233fde6567b35a9

SHA1
03e7b3afdbb2c7049c94a72672f4f6c076e7241a

SHA256
5f72a07378dc3733c131cd43acd5a914b67bcec0cbdb7c53cde502add2991273

SHA512
6ff267758d2af5e88ea1a8e59e3265fe55c7da53a66ccc6c3337043af5e1579a1c03ad71da3fa25b73017e174f4698489d2f64dcbd22ba5bf6b3a60771d44e28

Download Submit
memory/220-50-0x00007FF7FF450000-0x00007FF7FF842000-memory.dmp

Filesize
3.9MB

Download
memory/220-3380-0x00007FF7FF450000-0x00007FF7FF842000-memory.dmp

Filesize
3.9MB

Download
memory/444-3447-0x00007FF6052E0000-0x00007FF6056D2000-memory.dmp

Filesize
3.9MB

Download
memory/444-183-0x00007FF6052E0000-0x00007FF6056D2000-memory.dmp

Filesize
3.9MB

Download
memory/1464-73-0x00007FF6468C0000-0x00007FF646CB2000-memory.dmp

Filesize
3.9MB

Download
memory/1464-1806-0x00007FF6468C0000-0x00007FF646CB2000-memory.dmp

Filesize
3.9MB

Download
memory/1464-3409-0x00007FF6468C0000-0x00007FF646CB2000-memory.dmp

Filesize
3.9MB

Download
memory/1576-113-0x00007FF635590000-0x00007FF635982000-memory.dmp

Filesize
3.9MB

Download
memory/1576-3465-0x00007FF635590000-0x00007FF635982000-memory.dmp

Filesize
3.9MB

Download
memory/1576-2127-0x00007FF635590000-0x00007FF635982000-memory.dmp

Filesize
3.9MB

Download
memory/1592-2197-0x00007FF6595A0000-0x00007FF659992000-memory.dmp

Filesize
3.9MB

Download
memory/1592-168-0x00007FF6595A0000-0x00007FF659992000-memory.dmp

Filesize
3.9MB

Download
memory/1592-3453-0x00007FF6595A0000-0x00007FF659992000-memory.dmp

Filesize
3.9MB

Download
memory/1888-3445-0x00007FF797A00000-0x00007FF797DF2000-memory.dmp

Filesize
3.9MB

Download
memory/1888-155-0x00007FF797A00000-0x00007FF797DF2000-memory.dmp

Filesize
3.9MB

Download
memory/2240-3434-0x00007FF6D9620000-0x00007FF6D9A12000-memory.dmp

Filesize
3.9MB

Download
memory/2240-194-0x00007FF6D9620000-0x00007FF6D9A12000-memory.dmp

Filesize
3.9MB

Download
memory/2252-188-0x00007FF690780000-0x00007FF690B72000-memory.dmp

Filesize
3.9MB

Download
memory/2252-3455-0x00007FF690780000-0x00007FF690B72000-memory.dmp

Filesize
3.9MB

Download
memory/2896-3405-0x00007FF615BB0000-0x00007FF615FA2000-memory.dmp

Filesize
3.9MB

Download
memory/2896-59-0x00007FF615BB0000-0x00007FF615FA2000-memory.dmp

Filesize
3.9MB

Download
memory/2980-189-0x00007FF6FDF20000-0x00007FF6FE312000-memory.dmp

Filesize
3.9MB

Download
memory/2980-3459-0x00007FF6FDF20000-0x00007FF6FE312000-memory.dmp

Filesize
3.9MB

Download
memory/3208-3464-0x00007FF7D9D40000-0x00007FF7DA132000-memory.dmp

Filesize
3.9MB

Download
memory/3208-186-0x00007FF7D9D40000-0x00007FF7DA132000-memory.dmp

Filesize
3.9MB

Download
memory/3212-140-0x00007FF7A0520000-0x00007FF7A0912000-memory.dmp

Filesize
3.9MB

Download
memory/3212-3440-0x00007FF7A0520000-0x00007FF7A0912000-memory.dmp

Filesize
3.9MB

Download
memory/3344-190-0x00007FF6E0D80000-0x00007FF6E1172000-memory.dmp

Filesize
3.9MB

Download
memory/3344-3443-0x00007FF6E0D80000-0x00007FF6E1172000-memory.dmp

Filesize
3.9MB

Download
memory/3476-3404-0x00007FF7EB5B0000-0x00007FF7EB9A2000-memory.dmp

Filesize
3.9MB

Download
memory/3476-54-0x00007FF7EB5B0000-0x00007FF7EB9A2000-memory.dmp

Filesize
3.9MB

Download
memory/3584-3438-0x00007FF6E2C00000-0x00007FF6E2FF2000-memory.dmp

Filesize
3.9MB

Download
memory/3584-149-0x00007FF6E2C00000-0x00007FF6E2FF2000-memory.dmp

Filesize
3.9MB

Download
memory/3604-3426-0x00007FF70A530000-0x00007FF70A922000-memory.dmp

Filesize
3.9MB

Download
memory/3604-53-0x00007FF70A530000-0x00007FF70A922000-memory.dmp

Filesize
3.9MB

Download
memory/3768-52-0x00007FF762FB0000-0x00007FF7633A2000-memory.dmp

Filesize
3.9MB

Download
memory/3768-3397-0x00007FF762FB0000-0x00007FF7633A2000-memory.dmp

Filesize
3.9MB

Download
memory/4156-69-0x00007FF61EF10000-0x00007FF61F302000-memory.dmp

Filesize
3.9MB

Download
memory/4156-3431-0x00007FF61EF10000-0x00007FF61F302000-memory.dmp

Filesize
3.9MB

Download
memory/4308-66-0x00007FFD04090000-0x00007FFD04B51000-memory.dmp

Filesize
10.8MB

Download
memory/4308-24-0x00007FFD04093000-0x00007FFD04095000-memory.dmp

Filesize
8KB

Download
memory/4308-1484-0x00007FFD04090000-0x00007FFD04B51000-memory.dmp

Filesize
10.8MB

Download
memory/4308-438-0x0000016FE00E0000-0x0000016FE0886000-memory.dmp

Filesize
7.6MB

Download
memory/4308-44-0x00007FFD04090000-0x00007FFD04B51000-memory.dmp

Filesize
10.8MB

Download
memory/4308-1160-0x00007FFD04093000-0x00007FFD04095000-memory.dmp

Filesize
8KB

Download
memory/4308-794-0x00007FFD04090000-0x00007FFD04B51000-memory.dmp

Filesize
10.8MB

Download
memory/4308-67-0x0000016FC65E0000-0x0000016FC6602000-memory.dmp

Filesize
136KB

Download
memory/4568-1-0x000001A8C7440000-0x000001A8C7450000-memory.dmp

Filesize
64KB

Download
memory/4568-0-0x00007FF7CDA90000-0x00007FF7CDE82000-memory.dmp

Filesize
3.9MB

Download
memory/4568-604-0x00007FF7CDA90000-0x00007FF7CDE82000-memory.dmp

Filesize
3.9MB

Download
memory/4628-3407-0x00007FF6C0710000-0x00007FF6C0B02000-memory.dmp

Filesize
3.9MB

Download
memory/4628-57-0x00007FF6C0710000-0x00007FF6C0B02000-memory.dmp

Filesize
3.9MB

Download
memory/4788-3457-0x00007FF6D3A60000-0x00007FF6D3E52000-memory.dmp

Filesize
3.9MB

Download
memory/4788-161-0x00007FF6D3A60000-0x00007FF6D3E52000-memory.dmp

Filesize
3.9MB

Download
memory/4788-2194-0x00007FF6D3A60000-0x00007FF6D3E52000-memory.dmp

Filesize
3.9MB

Download
memory/4840-90-0x00007FF631110000-0x00007FF631502000-memory.dmp

Filesize
3.9MB

Download
memory/4840-1809-0x00007FF631110000-0x00007FF631502000-memory.dmp

Filesize
3.9MB

Download
memory/4840-3436-0x00007FF631110000-0x00007FF631502000-memory.dmp

Filesize
3.9MB

Download
memory/4952-3400-0x00007FF6C3510000-0x00007FF6C3902000-memory.dmp

Filesize
3.9MB

Download
memory/4952-607-0x00007FF6C3510000-0x00007FF6C3902000-memory.dmp

Filesize
3.9MB

Download
memory/4952-21-0x00007FF6C3510000-0x00007FF6C3902000-memory.dmp

Filesize
3.9MB

Download
memory/4968-193-0x00007FF720140000-0x00007FF720532000-memory.dmp

Filesize
3.9MB

Download
memory/4968-3442-0x00007FF720140000-0x00007FF720532000-memory.dmp

Filesize
3.9MB

Download
memory/5116-3401-0x00007FF7CD240000-0x00007FF7CD632000-memory.dmp

Filesize
3.9MB

Download
memory/5116-68-0x00007FF7CD240000-0x00007FF7CD632000-memory.dmp

Filesize
3.9MB

Download