xmrig | 7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811d

Analysis

max time kernel
91s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2024, 23:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
Size

1.7MB
MD5

722f79091b76c870529ba6c8be413850
SHA1

c5fae78f34784674cee7d34891cc7fee3cd93f85
SHA256

7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811d
SHA512

110e5e081e4c29f3c52ce8398fd86d4e34ef4db22b3faf0b3f08cca33e24142318423d19ad10abbb0babf74d20864830546d036877f9b69905c3938eef547793
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkFfkeMlN675EgEPgspmBeQxWCLU0SwV0LV+:Lz071uv4BPMkFfdg6NsIRSwVW+

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral2/memory/4216-249-0x00007FF6A35D0000-0x00007FF6A39C2000-memory.dmp	xmrig
behavioral2/memory/1224-235-0x00007FF699680000-0x00007FF699A72000-memory.dmp	xmrig
behavioral2/memory/4436-219-0x00007FF654950000-0x00007FF654D42000-memory.dmp	xmrig
behavioral2/memory/2344-178-0x00007FF728F30000-0x00007FF729322000-memory.dmp	xmrig
behavioral2/memory/2664-441-0x00007FF72F9E0000-0x00007FF72FDD2000-memory.dmp	xmrig
behavioral2/memory/3676-540-0x00007FF762E30000-0x00007FF763222000-memory.dmp	xmrig
behavioral2/memory/744-1112-0x00007FF73A290000-0x00007FF73A682000-memory.dmp	xmrig
behavioral2/memory/4568-1389-0x00007FF6647B0000-0x00007FF664BA2000-memory.dmp	xmrig
behavioral2/memory/2412-1538-0x00007FF789F90000-0x00007FF78A382000-memory.dmp	xmrig
behavioral2/memory/2476-1737-0x00007FF6DA060000-0x00007FF6DA452000-memory.dmp	xmrig
behavioral2/memory/4324-1736-0x00007FF728600000-0x00007FF7289F2000-memory.dmp	xmrig
behavioral2/memory/1360-1386-0x00007FF6DE400000-0x00007FF6DE7F2000-memory.dmp	xmrig
behavioral2/memory/1472-1382-0x00007FF607840000-0x00007FF607C32000-memory.dmp	xmrig
behavioral2/memory/4468-1110-0x00007FF703BD0000-0x00007FF703FC2000-memory.dmp	xmrig
behavioral2/memory/4832-1100-0x00007FF735CD0000-0x00007FF7360C2000-memory.dmp	xmrig
behavioral2/memory/4984-1041-0x00007FF645230000-0x00007FF645622000-memory.dmp	xmrig
behavioral2/memory/1420-1037-0x00007FF75DEA0000-0x00007FF75E292000-memory.dmp	xmrig
behavioral2/memory/1436-623-0x00007FF73F7C0000-0x00007FF73FBB2000-memory.dmp	xmrig
behavioral2/memory/3188-395-0x00007FF73E5F0000-0x00007FF73E9E2000-memory.dmp	xmrig
behavioral2/memory/2464-440-0x00007FF7B3A10000-0x00007FF7B3E02000-memory.dmp	xmrig
behavioral2/memory/5072-299-0x00007FF7C44E0000-0x00007FF7C48D2000-memory.dmp	xmrig
behavioral2/memory/3968-296-0x00007FF6E4930000-0x00007FF6E4D22000-memory.dmp	xmrig
behavioral2/memory/1268-124-0x00007FF7F4240000-0x00007FF7F4632000-memory.dmp	xmrig
behavioral2/memory/3564-2736-0x00007FF78E4A0000-0x00007FF78E892000-memory.dmp	xmrig
behavioral2/memory/3564-3882-0x00007FF78E4A0000-0x00007FF78E892000-memory.dmp	xmrig
behavioral2/memory/4324-3885-0x00007FF728600000-0x00007FF7289F2000-memory.dmp	xmrig
behavioral2/memory/2344-3886-0x00007FF728F30000-0x00007FF729322000-memory.dmp	xmrig
behavioral2/memory/3188-3894-0x00007FF73E5F0000-0x00007FF73E9E2000-memory.dmp	xmrig
behavioral2/memory/1224-3898-0x00007FF699680000-0x00007FF699A72000-memory.dmp	xmrig
behavioral2/memory/4216-3900-0x00007FF6A35D0000-0x00007FF6A39C2000-memory.dmp	xmrig
behavioral2/memory/5072-3897-0x00007FF7C44E0000-0x00007FF7C48D2000-memory.dmp	xmrig
behavioral2/memory/3968-3893-0x00007FF6E4930000-0x00007FF6E4D22000-memory.dmp	xmrig
behavioral2/memory/4436-3892-0x00007FF654950000-0x00007FF654D42000-memory.dmp	xmrig
behavioral2/memory/1268-3890-0x00007FF7F4240000-0x00007FF7F4632000-memory.dmp	xmrig
behavioral2/memory/2476-3924-0x00007FF6DA060000-0x00007FF6DA452000-memory.dmp	xmrig
behavioral2/memory/3676-3920-0x00007FF762E30000-0x00007FF763222000-memory.dmp	xmrig
behavioral2/memory/4984-3913-0x00007FF645230000-0x00007FF645622000-memory.dmp	xmrig
behavioral2/memory/1360-3930-0x00007FF6DE400000-0x00007FF6DE7F2000-memory.dmp	xmrig
behavioral2/memory/4468-3940-0x00007FF703BD0000-0x00007FF703FC2000-memory.dmp	xmrig
behavioral2/memory/1420-3936-0x00007FF75DEA0000-0x00007FF75E292000-memory.dmp	xmrig
behavioral2/memory/4568-3928-0x00007FF6647B0000-0x00007FF664BA2000-memory.dmp	xmrig
behavioral2/memory/744-3926-0x00007FF73A290000-0x00007FF73A682000-memory.dmp	xmrig
behavioral2/memory/2464-3922-0x00007FF7B3A10000-0x00007FF7B3E02000-memory.dmp	xmrig
behavioral2/memory/2664-3918-0x00007FF72F9E0000-0x00007FF72FDD2000-memory.dmp	xmrig
behavioral2/memory/1472-3916-0x00007FF607840000-0x00007FF607C32000-memory.dmp	xmrig
behavioral2/memory/1436-3937-0x00007FF73F7C0000-0x00007FF73FBB2000-memory.dmp	xmrig
behavioral2/memory/4832-4007-0x00007FF735CD0000-0x00007FF7360C2000-memory.dmp	xmrig
behavioral2/memory/2412-4011-0x00007FF789F90000-0x00007FF78A382000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
2736	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
3564	oDbTlRw.exe
4324	gieFvDZ.exe
1268	CEQqiTQ.exe
2344	OSgRjTB.exe
4436	BjroAEy.exe
1224	AQtazqP.exe
4216	JeRQEcF.exe
3968	PENugUB.exe
5072	wLgvaNB.exe
3188	gRFtiRN.exe
2464	vpIeazV.exe
2664	MIoOQbP.exe
3676	uxmdoMK.exe
1436	ftJolWS.exe
1420	BaRGpMc.exe
2476	lLHtlGj.exe
4984	ITjaxTG.exe
4832	WmbCAow.exe
4468	uIWeaWR.exe
744	AwqLOdD.exe
1472	szPQiAq.exe
1360	PQXuJPG.exe
4568	xXgpTKd.exe
2412	ojrhIXl.exe
1696	gkQQSag.exe
512	iHgaXYQ.exe
876	bcEJRla.exe
2168	tcsqlcg.exe
4156	LGgDJTp.exe
4556	UCTaSZi.exe
4828	pcYKiPJ.exe
3380	RwmVEwk.exe
1736	ySVUdmd.exe
4452	psWoMwh.exe
4756	TxowLuM.exe
4604	VRVhlhk.exe
4444	UDAOQPp.exe
3200	pvRFqeS.exe
5116	CyWWsgJ.exe
1720	jIQZFoF.exe
4372	pYQEHEA.exe
2372	dDgMsBo.exe
4380	uXIkXYq.exe
2976	zitUTBy.exe
2456	DYROgQy.exe
1984	MvbyjNX.exe
4148	ZBGQeGn.exe
2912	EtGRCJc.exe
5108	tjBbYkj.exe
2600	JSMbhgm.exe
5004	JWAmRNO.exe
3116	YFhdRqA.exe
2000	VSEKKhG.exe
412	kGUbNfp.exe
4256	joaYxqt.exe
3508	ZmWIgis.exe
4368	cYTjzIO.exe
4204	XpBamzJ.exe
4412	euGryLz.exe
3888	VWkqYus.exe
708	ioMDWdF.exe
2584	nCztpMV.exe
320	EIRLlcc.exe
1204	LzAGAYs.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/436-0-0x00007FF775260000-0x00007FF775652000-memory.dmp	upx
behavioral2/files/0x0007000000023449-24.dat	upx
behavioral2/files/0x000700000002344d-37.dat	upx
behavioral2/files/0x0007000000023448-42.dat	upx
behavioral2/files/0x0007000000023450-95.dat	upx
behavioral2/files/0x0007000000023458-94.dat	upx
behavioral2/files/0x0007000000023467-168.dat	upx
behavioral2/memory/4216-249-0x00007FF6A35D0000-0x00007FF6A39C2000-memory.dmp	upx
behavioral2/memory/1224-235-0x00007FF699680000-0x00007FF699A72000-memory.dmp	upx
behavioral2/memory/4436-219-0x00007FF654950000-0x00007FF654D42000-memory.dmp	upx
behavioral2/files/0x000700000002346c-206.dat	upx
behavioral2/files/0x000700000002346b-205.dat	upx
behavioral2/files/0x000700000002345c-196.dat	upx
behavioral2/files/0x0007000000023462-188.dat	upx
behavioral2/files/0x000700000002346a-185.dat	upx
behavioral2/memory/2344-178-0x00007FF728F30000-0x00007FF729322000-memory.dmp	upx
behavioral2/memory/2664-441-0x00007FF72F9E0000-0x00007FF72FDD2000-memory.dmp	upx
behavioral2/memory/3676-540-0x00007FF762E30000-0x00007FF763222000-memory.dmp	upx
behavioral2/memory/744-1112-0x00007FF73A290000-0x00007FF73A682000-memory.dmp	upx
behavioral2/memory/4568-1389-0x00007FF6647B0000-0x00007FF664BA2000-memory.dmp	upx
behavioral2/memory/2412-1538-0x00007FF789F90000-0x00007FF78A382000-memory.dmp	upx
behavioral2/memory/2476-1737-0x00007FF6DA060000-0x00007FF6DA452000-memory.dmp	upx
behavioral2/memory/4324-1736-0x00007FF728600000-0x00007FF7289F2000-memory.dmp	upx
behavioral2/memory/1360-1386-0x00007FF6DE400000-0x00007FF6DE7F2000-memory.dmp	upx
behavioral2/memory/1472-1382-0x00007FF607840000-0x00007FF607C32000-memory.dmp	upx
behavioral2/memory/4468-1110-0x00007FF703BD0000-0x00007FF703FC2000-memory.dmp	upx
behavioral2/memory/4832-1100-0x00007FF735CD0000-0x00007FF7360C2000-memory.dmp	upx
behavioral2/memory/4984-1041-0x00007FF645230000-0x00007FF645622000-memory.dmp	upx
behavioral2/memory/1420-1037-0x00007FF75DEA0000-0x00007FF75E292000-memory.dmp	upx
behavioral2/memory/1436-623-0x00007FF73F7C0000-0x00007FF73FBB2000-memory.dmp	upx
behavioral2/memory/3188-395-0x00007FF73E5F0000-0x00007FF73E9E2000-memory.dmp	upx
behavioral2/memory/2464-440-0x00007FF7B3A10000-0x00007FF7B3E02000-memory.dmp	upx
behavioral2/memory/5072-299-0x00007FF7C44E0000-0x00007FF7C48D2000-memory.dmp	upx
behavioral2/memory/3968-296-0x00007FF6E4930000-0x00007FF6E4D22000-memory.dmp	upx
behavioral2/files/0x0007000000023461-176.dat	upx
behavioral2/files/0x0007000000023460-175.dat	upx
behavioral2/files/0x0007000000023459-173.dat	upx
behavioral2/files/0x0007000000023469-172.dat	upx
behavioral2/files/0x000700000002345f-170.dat	upx
behavioral2/files/0x0007000000023468-169.dat	upx
behavioral2/files/0x0007000000023466-167.dat	upx
behavioral2/files/0x0007000000023464-148.dat	upx
behavioral2/files/0x0007000000023456-145.dat	upx
behavioral2/files/0x000700000002345b-192.dat	upx
behavioral2/files/0x000700000002345e-132.dat	upx
behavioral2/files/0x0007000000023465-166.dat	upx
behavioral2/memory/1268-124-0x00007FF7F4240000-0x00007FF7F4632000-memory.dmp	upx
behavioral2/files/0x000700000002345d-123.dat	upx
behavioral2/files/0x0007000000023463-142.dat	upx
behavioral2/files/0x0007000000023454-113.dat	upx
behavioral2/files/0x000700000002345a-108.dat	upx
behavioral2/files/0x0007000000023453-107.dat	upx
behavioral2/files/0x0007000000023452-101.dat	upx
behavioral2/files/0x0007000000023451-97.dat	upx
behavioral2/files/0x0007000000023457-93.dat	upx
behavioral2/files/0x0007000000023455-88.dat	upx
behavioral2/files/0x000700000002344c-74.dat	upx
behavioral2/files/0x000700000002344b-52.dat	upx
behavioral2/files/0x000700000002344e-44.dat	upx
behavioral2/files/0x000700000002344f-60.dat	upx
behavioral2/files/0x000700000002344a-29.dat	upx
behavioral2/files/0x0008000000023447-20.dat	upx
behavioral2/files/0x00090000000233e4-13.dat	upx
behavioral2/memory/3564-9-0x00007FF78E4A0000-0x00007FF78E892000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\VgqhvyS.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\TicKVsi.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\IpMVwst.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\FAqJFAh.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\dGzPxYe.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\AelCukx.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\TipvFHc.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\lGCdsfp.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\yRdekdh.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\CHGxppt.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\HCOHRbv.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\heLedEL.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\PqgpBjv.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\lAtWQWn.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\QzHVxDp.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\ysUPwSl.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\GdACCjW.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\dqtoQja.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\AmUZSye.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\zMyxxvk.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\zIWkYIZ.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\Cusctzf.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\dhuuAZM.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\KOejBHw.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\GsVePrO.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\nLFqodU.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\NugndwG.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\KYksLBW.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\cwCihVr.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\EJwQQkX.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\hRvdEfZ.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\urhpads.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\nKspqvC.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\VmUPPOi.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\OslAUSG.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\JKYQhVQ.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\ioMDWdF.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\vvZYWeH.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\oagArgE.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\LDgoTtZ.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\yjwMCmq.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\bJcUDdA.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\IlJbTrL.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\HoKEeVg.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\PTfViWp.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\WHVnbXp.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\GULFqTa.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\eZuqKmu.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\axFSwVv.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\VeuNmac.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\NwBNnhL.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\NazZkoo.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\fYcFKKf.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\UDWjzMi.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\TYRyotC.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\mIdtscr.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\UlKrbzJ.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\HlSkIZh.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\LzAGAYs.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\nYBZJcA.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\oNxMPfy.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\fwSgCyr.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\sSuwXom.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
File created	C:\Windows\System\vJiKjVE.exe	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2736	powershell.exe
2736	powershell.exe
2736	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
Token: SeDebugPrivilege	2736	powershell.exe
Token: SeLockMemoryPrivilege	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 436 wrote to memory of 2736	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	83
PID 436 wrote to memory of 2736	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	83
PID 436 wrote to memory of 3564	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	84
PID 436 wrote to memory of 3564	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	84
PID 436 wrote to memory of 4324	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	85
PID 436 wrote to memory of 4324	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	85
PID 436 wrote to memory of 1268	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	86
PID 436 wrote to memory of 1268	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	86
PID 436 wrote to memory of 2344	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	87
PID 436 wrote to memory of 2344	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	87
PID 436 wrote to memory of 4436	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	88
PID 436 wrote to memory of 4436	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	88
PID 436 wrote to memory of 1224	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	89
PID 436 wrote to memory of 1224	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	89
PID 436 wrote to memory of 4216	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	90
PID 436 wrote to memory of 4216	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	90
PID 436 wrote to memory of 3968	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	91
PID 436 wrote to memory of 3968	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	91
PID 436 wrote to memory of 5072	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	92
PID 436 wrote to memory of 5072	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	92
PID 436 wrote to memory of 3188	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	93
PID 436 wrote to memory of 3188	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	93
PID 436 wrote to memory of 2464	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	94
PID 436 wrote to memory of 2464	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	94
PID 436 wrote to memory of 2664	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	95
PID 436 wrote to memory of 2664	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	95
PID 436 wrote to memory of 3676	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	96
PID 436 wrote to memory of 3676	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	96
PID 436 wrote to memory of 1436	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	97
PID 436 wrote to memory of 1436	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	97
PID 436 wrote to memory of 1420	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	98
PID 436 wrote to memory of 1420	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	98
PID 436 wrote to memory of 2476	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	99
PID 436 wrote to memory of 2476	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	99
PID 436 wrote to memory of 4984	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	100
PID 436 wrote to memory of 4984	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	100
PID 436 wrote to memory of 4832	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	101
PID 436 wrote to memory of 4832	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	101
PID 436 wrote to memory of 4468	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	102
PID 436 wrote to memory of 4468	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	102
PID 436 wrote to memory of 744	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	103
PID 436 wrote to memory of 744	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	103
PID 436 wrote to memory of 1472	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	104
PID 436 wrote to memory of 1472	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	104
PID 436 wrote to memory of 1360	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	105
PID 436 wrote to memory of 1360	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	105
PID 436 wrote to memory of 4568	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	106
PID 436 wrote to memory of 4568	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	106
PID 436 wrote to memory of 2412	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	107
PID 436 wrote to memory of 2412	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	107
PID 436 wrote to memory of 1696	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	108
PID 436 wrote to memory of 1696	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	108
PID 436 wrote to memory of 512	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	109
PID 436 wrote to memory of 512	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	109
PID 436 wrote to memory of 4756	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	110
PID 436 wrote to memory of 4756	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	110
PID 436 wrote to memory of 876	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	111
PID 436 wrote to memory of 876	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	111
PID 436 wrote to memory of 4444	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	112
PID 436 wrote to memory of 4444	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	112
PID 436 wrote to memory of 2168	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	113
PID 436 wrote to memory of 2168	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	113
PID 436 wrote to memory of 4156	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	114
PID 436 wrote to memory of 4156	436	7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe	114

C:\Users\Admin\AppData\Local\Temp\7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe
"C:\Users\Admin\AppData\Local\Temp\7def3327f8dc101eb9bbd463be99e296a5ac7b166fcf4da3dec29b1205a0811dN.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:436
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2736
- C:\Windows\System\oDbTlRw.exe
  C:\Windows\System\oDbTlRw.exe
  2⤵
  - Executes dropped EXE
  PID:3564
- C:\Windows\System\gieFvDZ.exe
  C:\Windows\System\gieFvDZ.exe
  2⤵
  - Executes dropped EXE
  PID:4324
- C:\Windows\System\CEQqiTQ.exe
  C:\Windows\System\CEQqiTQ.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\OSgRjTB.exe
  C:\Windows\System\OSgRjTB.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\BjroAEy.exe
  C:\Windows\System\BjroAEy.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\AQtazqP.exe
  C:\Windows\System\AQtazqP.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\JeRQEcF.exe
  C:\Windows\System\JeRQEcF.exe
  2⤵
  - Executes dropped EXE
  PID:4216
- C:\Windows\System\PENugUB.exe
  C:\Windows\System\PENugUB.exe
  2⤵
  - Executes dropped EXE
  PID:3968
- C:\Windows\System\wLgvaNB.exe
  C:\Windows\System\wLgvaNB.exe
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Windows\System\gRFtiRN.exe
  C:\Windows\System\gRFtiRN.exe
  2⤵
  - Executes dropped EXE
  PID:3188
- C:\Windows\System\vpIeazV.exe
  C:\Windows\System\vpIeazV.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\MIoOQbP.exe
  C:\Windows\System\MIoOQbP.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\uxmdoMK.exe
  C:\Windows\System\uxmdoMK.exe
  2⤵
  - Executes dropped EXE
  PID:3676
- C:\Windows\System\ftJolWS.exe
  C:\Windows\System\ftJolWS.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\BaRGpMc.exe
  C:\Windows\System\BaRGpMc.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\lLHtlGj.exe
  C:\Windows\System\lLHtlGj.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\ITjaxTG.exe
  C:\Windows\System\ITjaxTG.exe
  2⤵
  - Executes dropped EXE
  PID:4984
- C:\Windows\System\WmbCAow.exe
  C:\Windows\System\WmbCAow.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\uIWeaWR.exe
  C:\Windows\System\uIWeaWR.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\AwqLOdD.exe
  C:\Windows\System\AwqLOdD.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\szPQiAq.exe
  C:\Windows\System\szPQiAq.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\PQXuJPG.exe
  C:\Windows\System\PQXuJPG.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\xXgpTKd.exe
  C:\Windows\System\xXgpTKd.exe
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System\ojrhIXl.exe
  C:\Windows\System\ojrhIXl.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\gkQQSag.exe
  C:\Windows\System\gkQQSag.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\iHgaXYQ.exe
  C:\Windows\System\iHgaXYQ.exe
  2⤵
  - Executes dropped EXE
  PID:512
- C:\Windows\System\TxowLuM.exe
  C:\Windows\System\TxowLuM.exe
  2⤵
  - Executes dropped EXE
  PID:4756
- C:\Windows\System\bcEJRla.exe
  C:\Windows\System\bcEJRla.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\UDAOQPp.exe
  C:\Windows\System\UDAOQPp.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\tcsqlcg.exe
  C:\Windows\System\tcsqlcg.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\LGgDJTp.exe
  C:\Windows\System\LGgDJTp.exe
  2⤵
  - Executes dropped EXE
  PID:4156
- C:\Windows\System\UCTaSZi.exe
  C:\Windows\System\UCTaSZi.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System\pcYKiPJ.exe
  C:\Windows\System\pcYKiPJ.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System\RwmVEwk.exe
  C:\Windows\System\RwmVEwk.exe
  2⤵
  - Executes dropped EXE
  PID:3380
- C:\Windows\System\ySVUdmd.exe
  C:\Windows\System\ySVUdmd.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\psWoMwh.exe
  C:\Windows\System\psWoMwh.exe
  2⤵
  - Executes dropped EXE
  PID:4452
- C:\Windows\System\VRVhlhk.exe
  C:\Windows\System\VRVhlhk.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\pvRFqeS.exe
  C:\Windows\System\pvRFqeS.exe
  2⤵
  - Executes dropped EXE
  PID:3200
- C:\Windows\System\CyWWsgJ.exe
  C:\Windows\System\CyWWsgJ.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\jIQZFoF.exe
  C:\Windows\System\jIQZFoF.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\pYQEHEA.exe
  C:\Windows\System\pYQEHEA.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System\dDgMsBo.exe
  C:\Windows\System\dDgMsBo.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\uXIkXYq.exe
  C:\Windows\System\uXIkXYq.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System\zitUTBy.exe
  C:\Windows\System\zitUTBy.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\DYROgQy.exe
  C:\Windows\System\DYROgQy.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\MvbyjNX.exe
  C:\Windows\System\MvbyjNX.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\ZBGQeGn.exe
  C:\Windows\System\ZBGQeGn.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System\EtGRCJc.exe
  C:\Windows\System\EtGRCJc.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\tjBbYkj.exe
  C:\Windows\System\tjBbYkj.exe
  2⤵
  - Executes dropped EXE
  PID:5108
- C:\Windows\System\JSMbhgm.exe
  C:\Windows\System\JSMbhgm.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\JWAmRNO.exe
  C:\Windows\System\JWAmRNO.exe
  2⤵
  - Executes dropped EXE
  PID:5004
- C:\Windows\System\YFhdRqA.exe
  C:\Windows\System\YFhdRqA.exe
  2⤵
  - Executes dropped EXE
  PID:3116
- C:\Windows\System\VSEKKhG.exe
  C:\Windows\System\VSEKKhG.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\kGUbNfp.exe
  C:\Windows\System\kGUbNfp.exe
  2⤵
  - Executes dropped EXE
  PID:412
- C:\Windows\System\joaYxqt.exe
  C:\Windows\System\joaYxqt.exe
  2⤵
  - Executes dropped EXE
  PID:4256
- C:\Windows\System\ZmWIgis.exe
  C:\Windows\System\ZmWIgis.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\cYTjzIO.exe
  C:\Windows\System\cYTjzIO.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\XpBamzJ.exe
  C:\Windows\System\XpBamzJ.exe
  2⤵
  - Executes dropped EXE
  PID:4204
- C:\Windows\System\euGryLz.exe
  C:\Windows\System\euGryLz.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\VWkqYus.exe
  C:\Windows\System\VWkqYus.exe
  2⤵
  - Executes dropped EXE
  PID:3888
- C:\Windows\System\ioMDWdF.exe
  C:\Windows\System\ioMDWdF.exe
  2⤵
  - Executes dropped EXE
  PID:708
- C:\Windows\System\nCztpMV.exe
  C:\Windows\System\nCztpMV.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\EIRLlcc.exe
  C:\Windows\System\EIRLlcc.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\wwtcpNS.exe
  C:\Windows\System\wwtcpNS.exe
  2⤵
  PID:1756
- C:\Windows\System\LzAGAYs.exe
  C:\Windows\System\LzAGAYs.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\uoUkBzD.exe
  C:\Windows\System\uoUkBzD.exe
  2⤵
  PID:4000
- C:\Windows\System\HyzceAl.exe
  C:\Windows\System\HyzceAl.exe
  2⤵
  PID:4264
- C:\Windows\System\SQXUNgG.exe
  C:\Windows\System\SQXUNgG.exe
  2⤵
  PID:1484
- C:\Windows\System\cJjNFEQ.exe
  C:\Windows\System\cJjNFEQ.exe
  2⤵
  PID:3904
- C:\Windows\System\nQHdNaS.exe
  C:\Windows\System\nQHdNaS.exe
  2⤵
  PID:4808
- C:\Windows\System\EcktYtt.exe
  C:\Windows\System\EcktYtt.exe
  2⤵
  PID:4848
- C:\Windows\System\lcmQThq.exe
  C:\Windows\System\lcmQThq.exe
  2⤵
  PID:1776
- C:\Windows\System\iFLyFvm.exe
  C:\Windows\System\iFLyFvm.exe
  2⤵
  PID:2276
- C:\Windows\System\zJwiSkz.exe
  C:\Windows\System\zJwiSkz.exe
  2⤵
  PID:2764
- C:\Windows\System\ZLrTDIp.exe
  C:\Windows\System\ZLrTDIp.exe
  2⤵
  PID:4524
- C:\Windows\System\yFfiVQo.exe
  C:\Windows\System\yFfiVQo.exe
  2⤵
  PID:1020
- C:\Windows\System\AFmdmPe.exe
  C:\Windows\System\AFmdmPe.exe
  2⤵
  PID:3908
- C:\Windows\System\oLwqujF.exe
  C:\Windows\System\oLwqujF.exe
  2⤵
  PID:4540
- C:\Windows\System\xcHuete.exe
  C:\Windows\System\xcHuete.exe
  2⤵
  PID:2852
- C:\Windows\System\kCmsjRV.exe
  C:\Windows\System\kCmsjRV.exe
  2⤵
  PID:5124
- C:\Windows\System\SWUEdFv.exe
  C:\Windows\System\SWUEdFv.exe
  2⤵
  PID:5140
- C:\Windows\System\CjzXaRy.exe
  C:\Windows\System\CjzXaRy.exe
  2⤵
  PID:5156
- C:\Windows\System\HcFMsxw.exe
  C:\Windows\System\HcFMsxw.exe
  2⤵
  PID:5172
- C:\Windows\System\hyVCXzY.exe
  C:\Windows\System\hyVCXzY.exe
  2⤵
  PID:5188
- C:\Windows\System\rDYXWGT.exe
  C:\Windows\System\rDYXWGT.exe
  2⤵
  PID:5212
- C:\Windows\System\hkZDMDf.exe
  C:\Windows\System\hkZDMDf.exe
  2⤵
  PID:5240
- C:\Windows\System\cQvCNuj.exe
  C:\Windows\System\cQvCNuj.exe
  2⤵
  PID:5260
- C:\Windows\System\PPWFHcz.exe
  C:\Windows\System\PPWFHcz.exe
  2⤵
  PID:5276
- C:\Windows\System\SKDLHPE.exe
  C:\Windows\System\SKDLHPE.exe
  2⤵
  PID:5300
- C:\Windows\System\zklbDUg.exe
  C:\Windows\System\zklbDUg.exe
  2⤵
  PID:5324
- C:\Windows\System\PvGNOMy.exe
  C:\Windows\System\PvGNOMy.exe
  2⤵
  PID:5340
- C:\Windows\System\OavdpCb.exe
  C:\Windows\System\OavdpCb.exe
  2⤵
  PID:5360
- C:\Windows\System\IGWIpRi.exe
  C:\Windows\System\IGWIpRi.exe
  2⤵
  PID:5384
- C:\Windows\System\COPvBGx.exe
  C:\Windows\System\COPvBGx.exe
  2⤵
  PID:5400
- C:\Windows\System\qjlEZXV.exe
  C:\Windows\System\qjlEZXV.exe
  2⤵
  PID:5424
- C:\Windows\System\sDjePLA.exe
  C:\Windows\System\sDjePLA.exe
  2⤵
  PID:5440
- C:\Windows\System\bTqParr.exe
  C:\Windows\System\bTqParr.exe
  2⤵
  PID:5464
- C:\Windows\System\IXaIwCp.exe
  C:\Windows\System\IXaIwCp.exe
  2⤵
  PID:5492
- C:\Windows\System\dcqZTZN.exe
  C:\Windows\System\dcqZTZN.exe
  2⤵
  PID:5524
- C:\Windows\System\liBxeGw.exe
  C:\Windows\System\liBxeGw.exe
  2⤵
  PID:5544
- C:\Windows\System\XdVLLUm.exe
  C:\Windows\System\XdVLLUm.exe
  2⤵
  PID:5560
- C:\Windows\System\cwzTtwm.exe
  C:\Windows\System\cwzTtwm.exe
  2⤵
  PID:5588
- C:\Windows\System\vSgsjXs.exe
  C:\Windows\System\vSgsjXs.exe
  2⤵
  PID:5604
- C:\Windows\System\ZJDaquY.exe
  C:\Windows\System\ZJDaquY.exe
  2⤵
  PID:5624
- C:\Windows\System\RINrJMI.exe
  C:\Windows\System\RINrJMI.exe
  2⤵
  PID:5648
- C:\Windows\System\HOSHrUf.exe
  C:\Windows\System\HOSHrUf.exe
  2⤵
  PID:5672
- C:\Windows\System\rAPDZCb.exe
  C:\Windows\System\rAPDZCb.exe
  2⤵
  PID:5700
- C:\Windows\System\fRLZfRe.exe
  C:\Windows\System\fRLZfRe.exe
  2⤵
  PID:5716
- C:\Windows\System\GVHxLZp.exe
  C:\Windows\System\GVHxLZp.exe
  2⤵
  PID:5736
- C:\Windows\System\fOokXFN.exe
  C:\Windows\System\fOokXFN.exe
  2⤵
  PID:5752
- C:\Windows\System\lfFGVUD.exe
  C:\Windows\System\lfFGVUD.exe
  2⤵
  PID:5776
- C:\Windows\System\SaFmocn.exe
  C:\Windows\System\SaFmocn.exe
  2⤵
  PID:5804
- C:\Windows\System\WtuzJzy.exe
  C:\Windows\System\WtuzJzy.exe
  2⤵
  PID:5820
- C:\Windows\System\ikhswmn.exe
  C:\Windows\System\ikhswmn.exe
  2⤵
  PID:5840
- C:\Windows\System\DCdbVev.exe
  C:\Windows\System\DCdbVev.exe
  2⤵
  PID:5856
- C:\Windows\System\RYxHvdK.exe
  C:\Windows\System\RYxHvdK.exe
  2⤵
  PID:5880
- C:\Windows\System\PUhSizM.exe
  C:\Windows\System\PUhSizM.exe
  2⤵
  PID:5896
- C:\Windows\System\yJqvKIL.exe
  C:\Windows\System\yJqvKIL.exe
  2⤵
  PID:5920
- C:\Windows\System\QIotmiD.exe
  C:\Windows\System\QIotmiD.exe
  2⤵
  PID:5944
- C:\Windows\System\JHqXxgM.exe
  C:\Windows\System\JHqXxgM.exe
  2⤵
  PID:5960
- C:\Windows\System\cccqYcp.exe
  C:\Windows\System\cccqYcp.exe
  2⤵
  PID:5976
- C:\Windows\System\ToygvLl.exe
  C:\Windows\System\ToygvLl.exe
  2⤵
  PID:5992
- C:\Windows\System\NXcpVVp.exe
  C:\Windows\System\NXcpVVp.exe
  2⤵
  PID:6032
- C:\Windows\System\OZyGLKD.exe
  C:\Windows\System\OZyGLKD.exe
  2⤵
  PID:6056
- C:\Windows\System\DFTtRGs.exe
  C:\Windows\System\DFTtRGs.exe
  2⤵
  PID:6076
- C:\Windows\System\CWkmoRp.exe
  C:\Windows\System\CWkmoRp.exe
  2⤵
  PID:6096
- C:\Windows\System\nhwbtly.exe
  C:\Windows\System\nhwbtly.exe
  2⤵
  PID:6120
- C:\Windows\System\cAlarjo.exe
  C:\Windows\System\cAlarjo.exe
  2⤵
  PID:6140
- C:\Windows\System\BKyyMcP.exe
  C:\Windows\System\BKyyMcP.exe
  2⤵
  PID:1416
- C:\Windows\System\jDFWnMu.exe
  C:\Windows\System\jDFWnMu.exe
  2⤵
  PID:1784
- C:\Windows\System\TZZYvNv.exe
  C:\Windows\System\TZZYvNv.exe
  2⤵
  PID:816
- C:\Windows\System\CxWQgqH.exe
  C:\Windows\System\CxWQgqH.exe
  2⤵
  PID:1156
- C:\Windows\System\yYnRKHf.exe
  C:\Windows\System\yYnRKHf.exe
  2⤵
  PID:1212
- C:\Windows\System\uVaZpQE.exe
  C:\Windows\System\uVaZpQE.exe
  2⤵
  PID:4300
- C:\Windows\System\PpwcZLk.exe
  C:\Windows\System\PpwcZLk.exe
  2⤵
  PID:4356
- C:\Windows\System\wPesmZY.exe
  C:\Windows\System\wPesmZY.exe
  2⤵
  PID:2940
- C:\Windows\System\PHqCjCJ.exe
  C:\Windows\System\PHqCjCJ.exe
  2⤵
  PID:3964
- C:\Windows\System\EjiyxDG.exe
  C:\Windows\System\EjiyxDG.exe
  2⤵
  PID:4172
- C:\Windows\System\peabhFf.exe
  C:\Windows\System\peabhFf.exe
  2⤵
  PID:3792
- C:\Windows\System\BKXENnh.exe
  C:\Windows\System\BKXENnh.exe
  2⤵
  PID:2916
- C:\Windows\System\trIznNw.exe
  C:\Windows\System\trIznNw.exe
  2⤵
  PID:624
- C:\Windows\System\SIrdlvK.exe
  C:\Windows\System\SIrdlvK.exe
  2⤵
  PID:1856
- C:\Windows\System\dVbuvLL.exe
  C:\Windows\System\dVbuvLL.exe
  2⤵
  PID:5472
- C:\Windows\System\OmRehoF.exe
  C:\Windows\System\OmRehoF.exe
  2⤵
  PID:456
- C:\Windows\System\zwRKIJA.exe
  C:\Windows\System\zwRKIJA.exe
  2⤵
  PID:5568
- C:\Windows\System\IiysQpe.exe
  C:\Windows\System\IiysQpe.exe
  2⤵
  PID:5640
- C:\Windows\System\ypHpPQs.exe
  C:\Windows\System\ypHpPQs.exe
  2⤵
  PID:5724
- C:\Windows\System\ixeayDY.exe
  C:\Windows\System\ixeayDY.exe
  2⤵
  PID:5784
- C:\Windows\System\VhsYOAl.exe
  C:\Windows\System\VhsYOAl.exe
  2⤵
  PID:5916
- C:\Windows\System\vPzxacu.exe
  C:\Windows\System\vPzxacu.exe
  2⤵
  PID:2812
- C:\Windows\System\TKgLlRM.exe
  C:\Windows\System\TKgLlRM.exe
  2⤵
  PID:5332
- C:\Windows\System\MRMAaoF.exe
  C:\Windows\System\MRMAaoF.exe
  2⤵
  PID:3356
- C:\Windows\System\DLfpjjC.exe
  C:\Windows\System\DLfpjjC.exe
  2⤵
  PID:5372
- C:\Windows\System\fqqaIXg.exe
  C:\Windows\System\fqqaIXg.exe
  2⤵
  PID:5408
- C:\Windows\System\ZTPwhuQ.exe
  C:\Windows\System\ZTPwhuQ.exe
  2⤵
  PID:5448
- C:\Windows\System\VbTiTBC.exe
  C:\Windows\System\VbTiTBC.exe
  2⤵
  PID:4712
- C:\Windows\System\JEGZXzr.exe
  C:\Windows\System\JEGZXzr.exe
  2⤵
  PID:640
- C:\Windows\System\srftPux.exe
  C:\Windows\System\srftPux.exe
  2⤵
  PID:5096
- C:\Windows\System\ugMvOBQ.exe
  C:\Windows\System\ugMvOBQ.exe
  2⤵
  PID:2508
- C:\Windows\System\aGWOYxG.exe
  C:\Windows\System\aGWOYxG.exe
  2⤵
  PID:5596
- C:\Windows\System\pzwKosb.exe
  C:\Windows\System\pzwKosb.exe
  2⤵
  PID:2984
- C:\Windows\System\WnZJkof.exe
  C:\Windows\System\WnZJkof.exe
  2⤵
  PID:6168
- C:\Windows\System\pBBkWsF.exe
  C:\Windows\System\pBBkWsF.exe
  2⤵
  PID:6188
- C:\Windows\System\tnBEDly.exe
  C:\Windows\System\tnBEDly.exe
  2⤵
  PID:6208
- C:\Windows\System\TbgMcHu.exe
  C:\Windows\System\TbgMcHu.exe
  2⤵
  PID:6228
- C:\Windows\System\bHbdKii.exe
  C:\Windows\System\bHbdKii.exe
  2⤵
  PID:6252
- C:\Windows\System\IdqPzcH.exe
  C:\Windows\System\IdqPzcH.exe
  2⤵
  PID:6268
- C:\Windows\System\upZandZ.exe
  C:\Windows\System\upZandZ.exe
  2⤵
  PID:6292
- C:\Windows\System\hoTDmSw.exe
  C:\Windows\System\hoTDmSw.exe
  2⤵
  PID:6308
- C:\Windows\System\HrjMfii.exe
  C:\Windows\System\HrjMfii.exe
  2⤵
  PID:6328
- C:\Windows\System\aqcnDWR.exe
  C:\Windows\System\aqcnDWR.exe
  2⤵
  PID:6348
- C:\Windows\System\MQxyuqu.exe
  C:\Windows\System\MQxyuqu.exe
  2⤵
  PID:6372
- C:\Windows\System\ADjbGZV.exe
  C:\Windows\System\ADjbGZV.exe
  2⤵
  PID:6392
- C:\Windows\System\DpKnRTy.exe
  C:\Windows\System\DpKnRTy.exe
  2⤵
  PID:6416
- C:\Windows\System\uQBZujq.exe
  C:\Windows\System\uQBZujq.exe
  2⤵
  PID:6432
- C:\Windows\System\vSbtSbD.exe
  C:\Windows\System\vSbtSbD.exe
  2⤵
  PID:6456
- C:\Windows\System\kLYYBkd.exe
  C:\Windows\System\kLYYBkd.exe
  2⤵
  PID:6484
- C:\Windows\System\pcWUMcJ.exe
  C:\Windows\System\pcWUMcJ.exe
  2⤵
  PID:6500
- C:\Windows\System\oYobyPO.exe
  C:\Windows\System\oYobyPO.exe
  2⤵
  PID:6520
- C:\Windows\System\yOOdTuk.exe
  C:\Windows\System\yOOdTuk.exe
  2⤵
  PID:6548
- C:\Windows\System\IIJdStH.exe
  C:\Windows\System\IIJdStH.exe
  2⤵
  PID:6564
- C:\Windows\System\UglnIio.exe
  C:\Windows\System\UglnIio.exe
  2⤵
  PID:6580
- C:\Windows\System\ZbvfCbU.exe
  C:\Windows\System\ZbvfCbU.exe
  2⤵
  PID:6600
- C:\Windows\System\MVuaLTl.exe
  C:\Windows\System\MVuaLTl.exe
  2⤵
  PID:6620
- C:\Windows\System\MPPVivX.exe
  C:\Windows\System\MPPVivX.exe
  2⤵
  PID:6640
- C:\Windows\System\mJapzue.exe
  C:\Windows\System\mJapzue.exe
  2⤵
  PID:6668
- C:\Windows\System\GOBSALk.exe
  C:\Windows\System\GOBSALk.exe
  2⤵
  PID:6684
- C:\Windows\System\DkMPBvu.exe
  C:\Windows\System\DkMPBvu.exe
  2⤵
  PID:6704
- C:\Windows\System\ivpJVSU.exe
  C:\Windows\System\ivpJVSU.exe
  2⤵
  PID:6732
- C:\Windows\System\CpvsxIR.exe
  C:\Windows\System\CpvsxIR.exe
  2⤵
  PID:6756
- C:\Windows\System\OVrwUon.exe
  C:\Windows\System\OVrwUon.exe
  2⤵
  PID:6784
- C:\Windows\System\FdUaohH.exe
  C:\Windows\System\FdUaohH.exe
  2⤵
  PID:6804
- C:\Windows\System\LZNCrqh.exe
  C:\Windows\System\LZNCrqh.exe
  2⤵
  PID:6820
- C:\Windows\System\uEtCRTG.exe
  C:\Windows\System\uEtCRTG.exe
  2⤵
  PID:6844
- C:\Windows\System\lKaKgyn.exe
  C:\Windows\System\lKaKgyn.exe
  2⤵
  PID:6876
- C:\Windows\System\qqOsCeK.exe
  C:\Windows\System\qqOsCeK.exe
  2⤵
  PID:6904
- C:\Windows\System\xUWYjST.exe
  C:\Windows\System\xUWYjST.exe
  2⤵
  PID:6924
- C:\Windows\System\WoXSnXZ.exe
  C:\Windows\System\WoXSnXZ.exe
  2⤵
  PID:6952
- C:\Windows\System\iCiPVuZ.exe
  C:\Windows\System\iCiPVuZ.exe
  2⤵
  PID:6972
- C:\Windows\System\yTmnxZL.exe
  C:\Windows\System\yTmnxZL.exe
  2⤵
  PID:6988
- C:\Windows\System\hALqOGY.exe
  C:\Windows\System\hALqOGY.exe
  2⤵
  PID:7012
- C:\Windows\System\sPHEVBD.exe
  C:\Windows\System\sPHEVBD.exe
  2⤵
  PID:7028
- C:\Windows\System\mrrlray.exe
  C:\Windows\System\mrrlray.exe
  2⤵
  PID:7048
- C:\Windows\System\YLgxHKM.exe
  C:\Windows\System\YLgxHKM.exe
  2⤵
  PID:7072
- C:\Windows\System\rGWwNvi.exe
  C:\Windows\System\rGWwNvi.exe
  2⤵
  PID:7088
- C:\Windows\System\XZogHEH.exe
  C:\Windows\System\XZogHEH.exe
  2⤵
  PID:7112
- C:\Windows\System\uvrHFXb.exe
  C:\Windows\System\uvrHFXb.exe
  2⤵
  PID:7128
- C:\Windows\System\ekeWnyB.exe
  C:\Windows\System\ekeWnyB.exe
  2⤵
  PID:7152
- C:\Windows\System\laQpcbw.exe
  C:\Windows\System\laQpcbw.exe
  2⤵
  PID:3264
- C:\Windows\System\EyovuMm.exe
  C:\Windows\System\EyovuMm.exe
  2⤵
  PID:3860
- C:\Windows\System\IHocyiK.exe
  C:\Windows\System\IHocyiK.exe
  2⤵
  PID:5892
- C:\Windows\System\rzLTfcX.exe
  C:\Windows\System\rzLTfcX.exe
  2⤵
  PID:2388
- C:\Windows\System\FcokqOB.exe
  C:\Windows\System\FcokqOB.exe
  2⤵
  PID:6012
- C:\Windows\System\GdHEVnh.exe
  C:\Windows\System\GdHEVnh.exe
  2⤵
  PID:2516
- C:\Windows\System\qfhJvRt.exe
  C:\Windows\System\qfhJvRt.exe
  2⤵
  PID:3760
- C:\Windows\System\sMFlWIZ.exe
  C:\Windows\System\sMFlWIZ.exe
  2⤵
  PID:4724
- C:\Windows\System\BIchBsA.exe
  C:\Windows\System\BIchBsA.exe
  2⤵
  PID:1944
- C:\Windows\System\diShZra.exe
  C:\Windows\System\diShZra.exe
  2⤵
  PID:5620
- C:\Windows\System\JwMSgMo.exe
  C:\Windows\System\JwMSgMo.exe
  2⤵
  PID:4144
- C:\Windows\System\YYBDMNs.exe
  C:\Windows\System\YYBDMNs.exe
  2⤵
  PID:3164
- C:\Windows\System\pXGZUVO.exe
  C:\Windows\System\pXGZUVO.exe
  2⤵
  PID:5668
- C:\Windows\System\NQggDvN.exe
  C:\Windows\System\NQggDvN.exe
  2⤵
  PID:6196
- C:\Windows\System\hMwmGQy.exe
  C:\Windows\System\hMwmGQy.exe
  2⤵
  PID:1592
- C:\Windows\System\TGVEGWW.exe
  C:\Windows\System\TGVEGWW.exe
  2⤵
  PID:5816
- C:\Windows\System\MOIALvf.exe
  C:\Windows\System\MOIALvf.exe
  2⤵
  PID:6204
- C:\Windows\System\KJTRstJ.exe
  C:\Windows\System\KJTRstJ.exe
  2⤵
  PID:6244
- C:\Windows\System\sLYmgyP.exe
  C:\Windows\System\sLYmgyP.exe
  2⤵
  PID:5952
- C:\Windows\System\ZYWuOCr.exe
  C:\Windows\System\ZYWuOCr.exe
  2⤵
  PID:5972
- C:\Windows\System\mbbcRSG.exe
  C:\Windows\System\mbbcRSG.exe
  2⤵
  PID:6004
- C:\Windows\System\ujUspPA.exe
  C:\Windows\System\ujUspPA.exe
  2⤵
  PID:6048
- C:\Windows\System\ZceayKM.exe
  C:\Windows\System\ZceayKM.exe
  2⤵
  PID:5912
- C:\Windows\System\xFqwRXf.exe
  C:\Windows\System\xFqwRXf.exe
  2⤵
  PID:6224
- C:\Windows\System\ArakYau.exe
  C:\Windows\System\ArakYau.exe
  2⤵
  PID:5632
- C:\Windows\System\upMsTAD.exe
  C:\Windows\System\upMsTAD.exe
  2⤵
  PID:6452
- C:\Windows\System\TGlLhDg.exe
  C:\Windows\System\TGlLhDg.exe
  2⤵
  PID:6512
- C:\Windows\System\RfBlHpq.exe
  C:\Windows\System\RfBlHpq.exe
  2⤵
  PID:6572
- C:\Windows\System\bsazulr.exe
  C:\Windows\System\bsazulr.exe
  2⤵
  PID:6608
- C:\Windows\System\eYlreDi.exe
  C:\Windows\System\eYlreDi.exe
  2⤵
  PID:6656
- C:\Windows\System\CFmwyEY.exe
  C:\Windows\System\CFmwyEY.exe
  2⤵
  PID:6696
- C:\Windows\System\mmYalJc.exe
  C:\Windows\System\mmYalJc.exe
  2⤵
  PID:6744
- C:\Windows\System\dpDlmWm.exe
  C:\Windows\System\dpDlmWm.exe
  2⤵
  PID:6792
- C:\Windows\System\Kllugtp.exe
  C:\Windows\System\Kllugtp.exe
  2⤵
  PID:6836
- C:\Windows\System\SPHdvjm.exe
  C:\Windows\System\SPHdvjm.exe
  2⤵
  PID:6912
- C:\Windows\System\QQloeUx.exe
  C:\Windows\System\QQloeUx.exe
  2⤵
  PID:6980
- C:\Windows\System\LykGaWX.exe
  C:\Windows\System\LykGaWX.exe
  2⤵
  PID:7024
- C:\Windows\System\TKVgRhp.exe
  C:\Windows\System\TKVgRhp.exe
  2⤵
  PID:7084
- C:\Windows\System\GqDxfOg.exe
  C:\Windows\System\GqDxfOg.exe
  2⤵
  PID:7144
- C:\Windows\System\wiRmUIL.exe
  C:\Windows\System\wiRmUIL.exe
  2⤵
  PID:5872
- C:\Windows\System\EiylrKA.exe
  C:\Windows\System\EiylrKA.exe
  2⤵
  PID:5132
- C:\Windows\System\zEttgVY.exe
  C:\Windows\System\zEttgVY.exe
  2⤵
  PID:7184
- C:\Windows\System\SyMdnUV.exe
  C:\Windows\System\SyMdnUV.exe
  2⤵
  PID:7208
- C:\Windows\System\MeYAIyM.exe
  C:\Windows\System\MeYAIyM.exe
  2⤵
  PID:7228
- C:\Windows\System\jbykoyK.exe
  C:\Windows\System\jbykoyK.exe
  2⤵
  PID:7248
- C:\Windows\System\NzaPQwI.exe
  C:\Windows\System\NzaPQwI.exe
  2⤵
  PID:7272
- C:\Windows\System\iZrJZsW.exe
  C:\Windows\System\iZrJZsW.exe
  2⤵
  PID:7300
- C:\Windows\System\gkKqyGQ.exe
  C:\Windows\System\gkKqyGQ.exe
  2⤵
  PID:7316
- C:\Windows\System\OslAUSG.exe
  C:\Windows\System\OslAUSG.exe
  2⤵
  PID:7340
- C:\Windows\System\nrdZXro.exe
  C:\Windows\System\nrdZXro.exe
  2⤵
  PID:7364
- C:\Windows\System\xFPUACH.exe
  C:\Windows\System\xFPUACH.exe
  2⤵
  PID:7384
- C:\Windows\System\arkmiwZ.exe
  C:\Windows\System\arkmiwZ.exe
  2⤵
  PID:7408
- C:\Windows\System\avrtFsE.exe
  C:\Windows\System\avrtFsE.exe
  2⤵
  PID:7428
- C:\Windows\System\xUADjIl.exe
  C:\Windows\System\xUADjIl.exe
  2⤵
  PID:7452
- C:\Windows\System\CHwarLq.exe
  C:\Windows\System\CHwarLq.exe
  2⤵
  PID:7476
- C:\Windows\System\OYdEVpw.exe
  C:\Windows\System\OYdEVpw.exe
  2⤵
  PID:7496
- C:\Windows\System\DpJPTsi.exe
  C:\Windows\System\DpJPTsi.exe
  2⤵
  PID:7516
- C:\Windows\System\hAfaFXs.exe
  C:\Windows\System\hAfaFXs.exe
  2⤵
  PID:7544
- C:\Windows\System\uScqtmp.exe
  C:\Windows\System\uScqtmp.exe
  2⤵
  PID:7572
- C:\Windows\System\PPTUrwT.exe
  C:\Windows\System\PPTUrwT.exe
  2⤵
  PID:7596
- C:\Windows\System\rgrgmNK.exe
  C:\Windows\System\rgrgmNK.exe
  2⤵
  PID:7616
- C:\Windows\System\NGeQHmz.exe
  C:\Windows\System\NGeQHmz.exe
  2⤵
  PID:7644
- C:\Windows\System\uEhAhdT.exe
  C:\Windows\System\uEhAhdT.exe
  2⤵
  PID:7660
- C:\Windows\System\gwzJCEL.exe
  C:\Windows\System\gwzJCEL.exe
  2⤵
  PID:7680
- C:\Windows\System\CIXECOn.exe
  C:\Windows\System\CIXECOn.exe
  2⤵
  PID:7704
- C:\Windows\System\vJtpssA.exe
  C:\Windows\System\vJtpssA.exe
  2⤵
  PID:7724
- C:\Windows\System\nbYWBYo.exe
  C:\Windows\System\nbYWBYo.exe
  2⤵
  PID:7748
- C:\Windows\System\coWcPwB.exe
  C:\Windows\System\coWcPwB.exe
  2⤵
  PID:7768
- C:\Windows\System\zEmHbjZ.exe
  C:\Windows\System\zEmHbjZ.exe
  2⤵
  PID:7800
- C:\Windows\System\cPMTHQL.exe
  C:\Windows\System\cPMTHQL.exe
  2⤵
  PID:7816
- C:\Windows\System\pboAEeQ.exe
  C:\Windows\System\pboAEeQ.exe
  2⤵
  PID:7840
- C:\Windows\System\JJKtdgV.exe
  C:\Windows\System\JJKtdgV.exe
  2⤵
  PID:7868
- C:\Windows\System\vRqttGM.exe
  C:\Windows\System\vRqttGM.exe
  2⤵
  PID:7896
- C:\Windows\System\VfhNGWY.exe
  C:\Windows\System\VfhNGWY.exe
  2⤵
  PID:7912
- C:\Windows\System\EbTWjVt.exe
  C:\Windows\System\EbTWjVt.exe
  2⤵
  PID:7948
- C:\Windows\System\nsjsify.exe
  C:\Windows\System\nsjsify.exe
  2⤵
  PID:7968
- C:\Windows\System\PnhnSPa.exe
  C:\Windows\System\PnhnSPa.exe
  2⤵
  PID:7992
- C:\Windows\System\LsajVWP.exe
  C:\Windows\System\LsajVWP.exe
  2⤵
  PID:8016
- C:\Windows\System\lAtBwOP.exe
  C:\Windows\System\lAtBwOP.exe
  2⤵
  PID:8036
- C:\Windows\System\ZgGMzvM.exe
  C:\Windows\System\ZgGMzvM.exe
  2⤵
  PID:8064
- C:\Windows\System\eQlktPS.exe
  C:\Windows\System\eQlktPS.exe
  2⤵
  PID:8080
- C:\Windows\System\scsXAbm.exe
  C:\Windows\System\scsXAbm.exe
  2⤵
  PID:8104
- C:\Windows\System\hGuPbUy.exe
  C:\Windows\System\hGuPbUy.exe
  2⤵
  PID:8128
- C:\Windows\System\lAYOfYn.exe
  C:\Windows\System\lAYOfYn.exe
  2⤵
  PID:8148
- C:\Windows\System\iYwKCwU.exe
  C:\Windows\System\iYwKCwU.exe
  2⤵
  PID:8176
- C:\Windows\System\aeyHCwC.exe
  C:\Windows\System\aeyHCwC.exe
  2⤵
  PID:8200
- C:\Windows\System\HvLCbWU.exe
  C:\Windows\System\HvLCbWU.exe
  2⤵
  PID:8216
- C:\Windows\System\CwKsuca.exe
  C:\Windows\System\CwKsuca.exe
  2⤵
  PID:8236
- C:\Windows\System\cGTpkPI.exe
  C:\Windows\System\cGTpkPI.exe
  2⤵
  PID:8256
- C:\Windows\System\qRzGrql.exe
  C:\Windows\System\qRzGrql.exe
  2⤵
  PID:8272
- C:\Windows\System\CfqVfbZ.exe
  C:\Windows\System\CfqVfbZ.exe
  2⤵
  PID:8292
- C:\Windows\System\ORmzeFE.exe
  C:\Windows\System\ORmzeFE.exe
  2⤵
  PID:8308
- C:\Windows\System\AelCukx.exe
  C:\Windows\System\AelCukx.exe
  2⤵
  PID:8328
- C:\Windows\System\uieDxdd.exe
  C:\Windows\System\uieDxdd.exe
  2⤵
  PID:8344
- C:\Windows\System\rmwwLax.exe
  C:\Windows\System\rmwwLax.exe
  2⤵
  PID:8368
- C:\Windows\System\jBwzDfT.exe
  C:\Windows\System\jBwzDfT.exe
  2⤵
  PID:8384
- C:\Windows\System\vTAWhuj.exe
  C:\Windows\System\vTAWhuj.exe
  2⤵
  PID:8404
- C:\Windows\System\ysUPwSl.exe
  C:\Windows\System\ysUPwSl.exe
  2⤵
  PID:8424
- C:\Windows\System\DAEDEaE.exe
  C:\Windows\System\DAEDEaE.exe
  2⤵
  PID:8440
- C:\Windows\System\JBQsyMh.exe
  C:\Windows\System\JBQsyMh.exe
  2⤵
  PID:8460
- C:\Windows\System\cyyfrcs.exe
  C:\Windows\System\cyyfrcs.exe
  2⤵
  PID:8480
- C:\Windows\System\JMSabDc.exe
  C:\Windows\System\JMSabDc.exe
  2⤵
  PID:8500
- C:\Windows\System\zQUIWer.exe
  C:\Windows\System\zQUIWer.exe
  2⤵
  PID:8516
- C:\Windows\System\HrDOJif.exe
  C:\Windows\System\HrDOJif.exe
  2⤵
  PID:8536
- C:\Windows\System\XhXqOUY.exe
  C:\Windows\System\XhXqOUY.exe
  2⤵
  PID:8556
- C:\Windows\System\mAILJEX.exe
  C:\Windows\System\mAILJEX.exe
  2⤵
  PID:8576
- C:\Windows\System\zMXjeZG.exe
  C:\Windows\System\zMXjeZG.exe
  2⤵
  PID:8596
- C:\Windows\System\pUGmmzN.exe
  C:\Windows\System\pUGmmzN.exe
  2⤵
  PID:8820
- C:\Windows\System\KkeGIdQ.exe
  C:\Windows\System\KkeGIdQ.exe
  2⤵
  PID:8840
- C:\Windows\System\RWvTtea.exe
  C:\Windows\System\RWvTtea.exe
  2⤵
  PID:8856
- C:\Windows\System\FJZHoqB.exe
  C:\Windows\System\FJZHoqB.exe
  2⤵
  PID:8876
- C:\Windows\System\KNLIvmm.exe
  C:\Windows\System\KNLIvmm.exe
  2⤵
  PID:8896
- C:\Windows\System\tqLtzXH.exe
  C:\Windows\System\tqLtzXH.exe
  2⤵
  PID:8916
- C:\Windows\System\GDLTpum.exe
  C:\Windows\System\GDLTpum.exe
  2⤵
  PID:8936
- C:\Windows\System\rlGHthB.exe
  C:\Windows\System\rlGHthB.exe
  2⤵
  PID:8952
- C:\Windows\System\nruPEDy.exe
  C:\Windows\System\nruPEDy.exe
  2⤵
  PID:8972
- C:\Windows\System\KuEgqqz.exe
  C:\Windows\System\KuEgqqz.exe
  2⤵
  PID:8992
- C:\Windows\System\FXHcZrM.exe
  C:\Windows\System\FXHcZrM.exe
  2⤵
  PID:9008
- C:\Windows\System\tfrKnKC.exe
  C:\Windows\System\tfrKnKC.exe
  2⤵
  PID:9028
- C:\Windows\System\cIqsYkp.exe
  C:\Windows\System\cIqsYkp.exe
  2⤵
  PID:9048
- C:\Windows\System\RpQpfIT.exe
  C:\Windows\System\RpQpfIT.exe
  2⤵
  PID:9068
- C:\Windows\System\pqiuBpz.exe
  C:\Windows\System\pqiuBpz.exe
  2⤵
  PID:9084
- C:\Windows\System\MeTBzSu.exe
  C:\Windows\System\MeTBzSu.exe
  2⤵
  PID:9100
- C:\Windows\System\OjSvRDp.exe
  C:\Windows\System\OjSvRDp.exe
  2⤵
  PID:9116
- C:\Windows\System\GKvCgqH.exe
  C:\Windows\System\GKvCgqH.exe
  2⤵
  PID:9136
- C:\Windows\System\aKdVUeW.exe
  C:\Windows\System\aKdVUeW.exe
  2⤵
  PID:9152
- C:\Windows\System\bMwSbcK.exe
  C:\Windows\System\bMwSbcK.exe
  2⤵
  PID:9172
- C:\Windows\System\UdnjJdy.exe
  C:\Windows\System\UdnjJdy.exe
  2⤵
  PID:9192
- C:\Windows\System\AxoQTGe.exe
  C:\Windows\System\AxoQTGe.exe
  2⤵
  PID:9212
- C:\Windows\System\sUSByqX.exe
  C:\Windows\System\sUSByqX.exe
  2⤵
  PID:6932
- C:\Windows\System\RtwXUOA.exe
  C:\Windows\System\RtwXUOA.exe
  2⤵
  PID:7136
- C:\Windows\System\yWGGIsf.exe
  C:\Windows\System\yWGGIsf.exe
  2⤵
  PID:6072
- C:\Windows\System\XewAToP.exe
  C:\Windows\System\XewAToP.exe
  2⤵
  PID:1064
- C:\Windows\System\yhJTnKQ.exe
  C:\Windows\System\yhJTnKQ.exe
  2⤵
  PID:9232
- C:\Windows\System\JMbDGaz.exe
  C:\Windows\System\JMbDGaz.exe
  2⤵
  PID:9260
- C:\Windows\System\ZMtoYvz.exe
  C:\Windows\System\ZMtoYvz.exe
  2⤵
  PID:9284
- C:\Windows\System\ZVdqzjM.exe
  C:\Windows\System\ZVdqzjM.exe
  2⤵
  PID:9320
- C:\Windows\System\PzDxOoQ.exe
  C:\Windows\System\PzDxOoQ.exe
  2⤵
  PID:9340
- C:\Windows\System\AYNWuaU.exe
  C:\Windows\System\AYNWuaU.exe
  2⤵
  PID:9364
- C:\Windows\System\uYnnjHy.exe
  C:\Windows\System\uYnnjHy.exe
  2⤵
  PID:9396
- C:\Windows\System\TBjgQMH.exe
  C:\Windows\System\TBjgQMH.exe
  2⤵
  PID:9436
- C:\Windows\System\JUdiZLR.exe
  C:\Windows\System\JUdiZLR.exe
  2⤵
  PID:9460
- C:\Windows\System\wwnBAwk.exe
  C:\Windows\System\wwnBAwk.exe
  2⤵
  PID:9488
- C:\Windows\System\mYDEtvm.exe
  C:\Windows\System\mYDEtvm.exe
  2⤵
  PID:9516
- C:\Windows\System\JGfIKCg.exe
  C:\Windows\System\JGfIKCg.exe
  2⤵
  PID:9544
- C:\Windows\System\UBcFUHT.exe
  C:\Windows\System\UBcFUHT.exe
  2⤵
  PID:9576
- C:\Windows\System\MLXWOVC.exe
  C:\Windows\System\MLXWOVC.exe
  2⤵
  PID:9612
- C:\Windows\System\iRbuSUS.exe
  C:\Windows\System\iRbuSUS.exe
  2⤵
  PID:9636
- C:\Windows\System\VWIrceT.exe
  C:\Windows\System\VWIrceT.exe
  2⤵
  PID:9660
- C:\Windows\System\NZRHVgf.exe
  C:\Windows\System\NZRHVgf.exe
  2⤵
  PID:9684
- C:\Windows\System\UxRTmMg.exe
  C:\Windows\System\UxRTmMg.exe
  2⤵
  PID:9700
- C:\Windows\System\xQdkTZa.exe
  C:\Windows\System\xQdkTZa.exe
  2⤵
  PID:9728
- C:\Windows\System\EoIvHFQ.exe
  C:\Windows\System\EoIvHFQ.exe
  2⤵
  PID:9744
- C:\Windows\System\JLSvroY.exe
  C:\Windows\System\JLSvroY.exe
  2⤵
  PID:9764
- C:\Windows\System\naZehnC.exe
  C:\Windows\System\naZehnC.exe
  2⤵
  PID:9784
- C:\Windows\System\bfkPjbh.exe
  C:\Windows\System\bfkPjbh.exe
  2⤵
  PID:9808
- C:\Windows\System\gNyYRfg.exe
  C:\Windows\System\gNyYRfg.exe
  2⤵
  PID:9824
- C:\Windows\System\mEPAuMM.exe
  C:\Windows\System\mEPAuMM.exe
  2⤵
  PID:9840
- C:\Windows\System\vyoACKp.exe
  C:\Windows\System\vyoACKp.exe
  2⤵
  PID:9856
- C:\Windows\System\uRcOuoG.exe
  C:\Windows\System\uRcOuoG.exe
  2⤵
  PID:9880
- C:\Windows\System\ZoNBbfj.exe
  C:\Windows\System\ZoNBbfj.exe
  2⤵
  PID:9900
- C:\Windows\System\gZivZTq.exe
  C:\Windows\System\gZivZTq.exe
  2⤵
  PID:9920
- C:\Windows\System\lCJKRGG.exe
  C:\Windows\System\lCJKRGG.exe
  2⤵
  PID:9936
- C:\Windows\System\TykQNpw.exe
  C:\Windows\System\TykQNpw.exe
  2⤵
  PID:9972
- C:\Windows\System\bLclDgy.exe
  C:\Windows\System\bLclDgy.exe
  2⤵
  PID:9988
- C:\Windows\System\kShYcyH.exe
  C:\Windows\System\kShYcyH.exe
  2⤵
  PID:10004
- C:\Windows\System\hqSkEsl.exe
  C:\Windows\System\hqSkEsl.exe
  2⤵
  PID:10020
- C:\Windows\System\zzwAHLP.exe
  C:\Windows\System\zzwAHLP.exe
  2⤵
  PID:10044
- C:\Windows\System\UvxLLLI.exe
  C:\Windows\System\UvxLLLI.exe
  2⤵
  PID:10064
- C:\Windows\System\TmRcKGz.exe
  C:\Windows\System\TmRcKGz.exe
  2⤵
  PID:10080
- C:\Windows\System\zrhXuGh.exe
  C:\Windows\System\zrhXuGh.exe
  2⤵
  PID:10104
- C:\Windows\System\CeoptyF.exe
  C:\Windows\System\CeoptyF.exe
  2⤵
  PID:10124
- C:\Windows\System\HryuUgo.exe
  C:\Windows\System\HryuUgo.exe
  2⤵
  PID:10140
- C:\Windows\System\dohzVBQ.exe
  C:\Windows\System\dohzVBQ.exe
  2⤵
  PID:10160
- C:\Windows\System\NgYVVhH.exe
  C:\Windows\System\NgYVVhH.exe
  2⤵
  PID:10176
- C:\Windows\System\awPcpyU.exe
  C:\Windows\System\awPcpyU.exe
  2⤵
  PID:10192
- C:\Windows\System\IAOogae.exe
  C:\Windows\System\IAOogae.exe
  2⤵
  PID:10212
- C:\Windows\System\jpRQroS.exe
  C:\Windows\System\jpRQroS.exe
  2⤵
  PID:10236
- C:\Windows\System\nvJOGFD.exe
  C:\Windows\System\nvJOGFD.exe
  2⤵
  PID:7108
- C:\Windows\System\DrWuIET.exe
  C:\Windows\System\DrWuIET.exe
  2⤵
  PID:7284
- C:\Windows\System\kgAvgka.exe
  C:\Windows\System\kgAvgka.exe
  2⤵
  PID:7332
- C:\Windows\System\cVafiTG.exe
  C:\Windows\System\cVafiTG.exe
  2⤵
  PID:7376
- C:\Windows\System\YjUHNjp.exe
  C:\Windows\System\YjUHNjp.exe
  2⤵
  PID:7416
- C:\Windows\System\FcDDErc.exe
  C:\Windows\System\FcDDErc.exe
  2⤵
  PID:7676
- C:\Windows\System\jJwnxiT.exe
  C:\Windows\System\jJwnxiT.exe
  2⤵
  PID:7848
- C:\Windows\System\yXYURWG.exe
  C:\Windows\System\yXYURWG.exe
  2⤵
  PID:7904
- C:\Windows\System\xgSDCxM.exe
  C:\Windows\System\xgSDCxM.exe
  2⤵
  PID:8376
- C:\Windows\System\OfHDVoO.exe
  C:\Windows\System\OfHDVoO.exe
  2⤵
  PID:8436
- C:\Windows\System\fPivOvd.exe
  C:\Windows\System\fPivOvd.exe
  2⤵
  PID:8472
- C:\Windows\System\ASpWckQ.exe
  C:\Windows\System\ASpWckQ.exe
  2⤵
  PID:8528
- C:\Windows\System\cIIFYNH.exe
  C:\Windows\System\cIIFYNH.exe
  2⤵
  PID:9296
- C:\Windows\System\eEKfHii.exe
  C:\Windows\System\eEKfHii.exe
  2⤵
  PID:7540
- C:\Windows\System\qieYiBn.exe
  C:\Windows\System\qieYiBn.exe
  2⤵
  PID:9480
- C:\Windows\System\eeFIolD.exe
  C:\Windows\System\eeFIolD.exe
  2⤵
  PID:7700
- C:\Windows\System\sgaKXbh.exe
  C:\Windows\System\sgaKXbh.exe
  2⤵
  PID:7744
- C:\Windows\System\XSDFIPn.exe
  C:\Windows\System\XSDFIPn.exe
  2⤵
  PID:7780
- C:\Windows\System\NOdEcFS.exe
  C:\Windows\System\NOdEcFS.exe
  2⤵
  PID:7808
- C:\Windows\System\RDwUAOo.exe
  C:\Windows\System\RDwUAOo.exe
  2⤵
  PID:7924
- C:\Windows\System\oLgPLml.exe
  C:\Windows\System\oLgPLml.exe
  2⤵
  PID:7976
- C:\Windows\System\aoQhAOi.exe
  C:\Windows\System\aoQhAOi.exe
  2⤵
  PID:8048
- C:\Windows\System\XiWbvkr.exe
  C:\Windows\System\XiWbvkr.exe
  2⤵
  PID:8096
- C:\Windows\System\LjcTAaJ.exe
  C:\Windows\System\LjcTAaJ.exe
  2⤵
  PID:8136
- C:\Windows\System\PizDhKf.exe
  C:\Windows\System\PizDhKf.exe
  2⤵
  PID:8168
- C:\Windows\System\JfoOVgC.exe
  C:\Windows\System\JfoOVgC.exe
  2⤵
  PID:8224
- C:\Windows\System\JdzQyRm.exe
  C:\Windows\System\JdzQyRm.exe
  2⤵
  PID:8248
- C:\Windows\System\HEmHPRe.exe
  C:\Windows\System\HEmHPRe.exe
  2⤵
  PID:8544
- C:\Windows\System\sHeuKFb.exe
  C:\Windows\System\sHeuKFb.exe
  2⤵
  PID:10252
- C:\Windows\System\BhvOjXx.exe
  C:\Windows\System\BhvOjXx.exe
  2⤵
  PID:10320
- C:\Windows\System\YELFsZd.exe
  C:\Windows\System\YELFsZd.exe
  2⤵
  PID:10340
- C:\Windows\System\yAnoVgt.exe
  C:\Windows\System\yAnoVgt.exe
  2⤵
  PID:10364
- C:\Windows\System\Cusctzf.exe
  C:\Windows\System\Cusctzf.exe
  2⤵
  PID:10388
- C:\Windows\System\HkrLfGd.exe
  C:\Windows\System\HkrLfGd.exe
  2⤵
  PID:10408
- C:\Windows\System\iHoXOjz.exe
  C:\Windows\System\iHoXOjz.exe
  2⤵
  PID:10428
- C:\Windows\System\pXaYDRj.exe
  C:\Windows\System\pXaYDRj.exe
  2⤵
  PID:10452
- C:\Windows\System\WPckPnb.exe
  C:\Windows\System\WPckPnb.exe
  2⤵
  PID:10476
- C:\Windows\System\mSweJKz.exe
  C:\Windows\System\mSweJKz.exe
  2⤵
  PID:10492
- C:\Windows\System\dSPCwZA.exe
  C:\Windows\System\dSPCwZA.exe
  2⤵
  PID:10516
- C:\Windows\System\KOoTHps.exe
  C:\Windows\System\KOoTHps.exe
  2⤵
  PID:10536
- C:\Windows\System\mLjxYCJ.exe
  C:\Windows\System\mLjxYCJ.exe
  2⤵
  PID:10556
- C:\Windows\System\JsLjSry.exe
  C:\Windows\System\JsLjSry.exe
  2⤵
  PID:10584
- C:\Windows\System\mLfkhuh.exe
  C:\Windows\System\mLfkhuh.exe
  2⤵
  PID:10604
- C:\Windows\System\OquihYx.exe
  C:\Windows\System\OquihYx.exe
  2⤵
  PID:10624
- C:\Windows\System\UykZkgc.exe
  C:\Windows\System\UykZkgc.exe
  2⤵
  PID:10644
- C:\Windows\System\nerHxlr.exe
  C:\Windows\System\nerHxlr.exe
  2⤵
  PID:10664
- C:\Windows\System\jUjfTDO.exe
  C:\Windows\System\jUjfTDO.exe
  2⤵
  PID:10688
- C:\Windows\System\zTrZlTt.exe
  C:\Windows\System\zTrZlTt.exe
  2⤵
  PID:10708
- C:\Windows\System\aGJNGFd.exe
  C:\Windows\System\aGJNGFd.exe
  2⤵
  PID:10728
- C:\Windows\System\cbiBucS.exe
  C:\Windows\System\cbiBucS.exe
  2⤵
  PID:10752
- C:\Windows\System\oZQGYpK.exe
  C:\Windows\System\oZQGYpK.exe
  2⤵
  PID:10776
- C:\Windows\System\XTgLrWZ.exe
  C:\Windows\System\XTgLrWZ.exe
  2⤵
  PID:10792
- C:\Windows\System\XYtIPgz.exe
  C:\Windows\System\XYtIPgz.exe
  2⤵
  PID:10816
- C:\Windows\System\KUVEoDJ.exe
  C:\Windows\System\KUVEoDJ.exe
  2⤵
  PID:10840
- C:\Windows\System\ENAEjjC.exe
  C:\Windows\System\ENAEjjC.exe
  2⤵
  PID:10856
- C:\Windows\System\GiqvrUp.exe
  C:\Windows\System\GiqvrUp.exe
  2⤵
  PID:10880
- C:\Windows\System\Bsiqtax.exe
  C:\Windows\System\Bsiqtax.exe
  2⤵
  PID:10908
- C:\Windows\System\TPfcbGw.exe
  C:\Windows\System\TPfcbGw.exe
  2⤵
  PID:10928
- C:\Windows\System\WQYRICR.exe
  C:\Windows\System\WQYRICR.exe
  2⤵
  PID:10948
- C:\Windows\System\RFsHSKU.exe
  C:\Windows\System\RFsHSKU.exe
  2⤵
  PID:10968
- C:\Windows\System\Njvkouc.exe
  C:\Windows\System\Njvkouc.exe
  2⤵
  PID:10992
- C:\Windows\System\XYbcrSo.exe
  C:\Windows\System\XYbcrSo.exe
  2⤵
  PID:11012
- C:\Windows\System\juGTkvV.exe
  C:\Windows\System\juGTkvV.exe
  2⤵
  PID:11032
- C:\Windows\System\KpmvCif.exe
  C:\Windows\System\KpmvCif.exe
  2⤵
  PID:11056
- C:\Windows\System\VfbXYLb.exe
  C:\Windows\System\VfbXYLb.exe
  2⤵
  PID:11080
- C:\Windows\System\oPLpjjT.exe
  C:\Windows\System\oPLpjjT.exe
  2⤵
  PID:11096
- C:\Windows\System\LvUcmVn.exe
  C:\Windows\System\LvUcmVn.exe
  2⤵
  PID:11120
- C:\Windows\System\MLHaslY.exe
  C:\Windows\System\MLHaslY.exe
  2⤵
  PID:11148
- C:\Windows\System\UvWJVpE.exe
  C:\Windows\System\UvWJVpE.exe
  2⤵
  PID:11164
- C:\Windows\System\fXXQPOE.exe
  C:\Windows\System\fXXQPOE.exe
  2⤵
  PID:11188
- C:\Windows\System\VBRmJJH.exe
  C:\Windows\System\VBRmJJH.exe
  2⤵
  PID:11204
- C:\Windows\System\GlWtZjT.exe
  C:\Windows\System\GlWtZjT.exe
  2⤵
  PID:11228
- C:\Windows\System\XnYIIUD.exe
  C:\Windows\System\XnYIIUD.exe
  2⤵
  PID:11260
- C:\Windows\System\lCpzfre.exe
  C:\Windows\System\lCpzfre.exe
  2⤵
  PID:3684
- C:\Windows\System\lVBzgHg.exe
  C:\Windows\System\lVBzgHg.exe
  2⤵
  PID:5616
- C:\Windows\System\etKQCgh.exe
  C:\Windows\System\etKQCgh.exe
  2⤵
  PID:4092
- C:\Windows\System\ZIxovLQ.exe
  C:\Windows\System\ZIxovLQ.exe
  2⤵
  PID:2232
- C:\Windows\System\ukVeKHX.exe
  C:\Windows\System\ukVeKHX.exe
  2⤵
  PID:5828
- C:\Windows\System\QGduHVn.exe
  C:\Windows\System\QGduHVn.exe
  2⤵
  PID:3772
- C:\Windows\System\zlYeznk.exe
  C:\Windows\System\zlYeznk.exe
  2⤵
  PID:6016
- C:\Windows\System\iBkcWYr.exe
  C:\Windows\System\iBkcWYr.exe
  2⤵
  PID:1664
- C:\Windows\System\JPBQOqH.exe
  C:\Windows\System\JPBQOqH.exe
  2⤵
  PID:6264
- C:\Windows\System\ZUZDBpa.exe
  C:\Windows\System\ZUZDBpa.exe
  2⤵
  PID:6340
- C:\Windows\System\QkRxxbM.exe
  C:\Windows\System\QkRxxbM.exe
  2⤵
  PID:6428
- C:\Windows\System\MnSwBda.exe
  C:\Windows\System\MnSwBda.exe
  2⤵
  PID:6556
- C:\Windows\System\KKWdcUC.exe
  C:\Windows\System\KKWdcUC.exe
  2⤵
  PID:6676
- C:\Windows\System\FxbxOkJ.exe
  C:\Windows\System\FxbxOkJ.exe
  2⤵
  PID:5520
- C:\Windows\System\FeMYNYX.exe
  C:\Windows\System\FeMYNYX.exe
  2⤵
  PID:6936
- C:\Windows\System\kyAIpWb.exe
  C:\Windows\System\kyAIpWb.exe
  2⤵
  PID:7068
- C:\Windows\System\VqitWvB.exe
  C:\Windows\System\VqitWvB.exe
  2⤵
  PID:4224
- C:\Windows\System\WPYeAZd.exe
  C:\Windows\System\WPYeAZd.exe
  2⤵
  PID:7176
- C:\Windows\System\RLTMgVK.exe
  C:\Windows\System\RLTMgVK.exe
  2⤵
  PID:7220
- C:\Windows\System\wRrceKy.exe
  C:\Windows\System\wRrceKy.exe
  2⤵
  PID:9360
- C:\Windows\System\eoiCdHq.exe
  C:\Windows\System\eoiCdHq.exe
  2⤵
  PID:7464
- C:\Windows\System\PNvKQfJ.exe
  C:\Windows\System\PNvKQfJ.exe
  2⤵
  PID:7504
- C:\Windows\System\TguvtUs.exe
  C:\Windows\System\TguvtUs.exe
  2⤵
  PID:7564
- C:\Windows\System\RmHkFTK.exe
  C:\Windows\System\RmHkFTK.exe
  2⤵
  PID:7608
- C:\Windows\System\DkokrRG.exe
  C:\Windows\System\DkokrRG.exe
  2⤵
  PID:8004
- C:\Windows\System\hVfVwkh.exe
  C:\Windows\System\hVfVwkh.exe
  2⤵
  PID:8032
- C:\Windows\System\hxXxKEC.exe
  C:\Windows\System\hxXxKEC.exe
  2⤵
  PID:9692
- C:\Windows\System\XwMSmcU.exe
  C:\Windows\System\XwMSmcU.exe
  2⤵
  PID:8264
- C:\Windows\System\CBuSvCG.exe
  C:\Windows\System\CBuSvCG.exe
  2⤵
  PID:8304
- C:\Windows\System\ZnPRHfb.exe
  C:\Windows\System\ZnPRHfb.exe
  2⤵
  PID:8340
- C:\Windows\System\szduLuq.exe
  C:\Windows\System\szduLuq.exe
  2⤵
  PID:9804
- C:\Windows\System\zRdDiRg.exe
  C:\Windows\System\zRdDiRg.exe
  2⤵
  PID:11268
- C:\Windows\System\CFfMwkp.exe
  C:\Windows\System\CFfMwkp.exe
  2⤵
  PID:11288
- C:\Windows\System\aiXHlQK.exe
  C:\Windows\System\aiXHlQK.exe
  2⤵
  PID:11308
- C:\Windows\System\CTiEWSu.exe
  C:\Windows\System\CTiEWSu.exe
  2⤵
  PID:11328
- C:\Windows\System\tSyeoTL.exe
  C:\Windows\System\tSyeoTL.exe
  2⤵
  PID:11348
- C:\Windows\System\PCUTklM.exe
  C:\Windows\System\PCUTklM.exe
  2⤵
  PID:11380
- C:\Windows\System\FBXrZbg.exe
  C:\Windows\System\FBXrZbg.exe
  2⤵
  PID:11400
- C:\Windows\System\NfDSeXJ.exe
  C:\Windows\System\NfDSeXJ.exe
  2⤵
  PID:11416
- C:\Windows\System\lAdOLQK.exe
  C:\Windows\System\lAdOLQK.exe
  2⤵
  PID:11432
- C:\Windows\System\KzoGxxf.exe
  C:\Windows\System\KzoGxxf.exe
  2⤵
  PID:11452
- C:\Windows\System\UaUSpNi.exe
  C:\Windows\System\UaUSpNi.exe
  2⤵
  PID:11476
- C:\Windows\System\tgJiEEV.exe
  C:\Windows\System\tgJiEEV.exe
  2⤵
  PID:11496
- C:\Windows\System\AVitdxD.exe
  C:\Windows\System\AVitdxD.exe
  2⤵
  PID:11516
- C:\Windows\System\fHIEaMT.exe
  C:\Windows\System\fHIEaMT.exe
  2⤵
  PID:11540
- C:\Windows\System\MycnMKA.exe
  C:\Windows\System\MycnMKA.exe
  2⤵
  PID:11568
- C:\Windows\System\IDylMOE.exe
  C:\Windows\System\IDylMOE.exe
  2⤵
  PID:11588
- C:\Windows\System\xnnctiW.exe
  C:\Windows\System\xnnctiW.exe
  2⤵
  PID:11612
- C:\Windows\System\xYoULDn.exe
  C:\Windows\System\xYoULDn.exe
  2⤵
  PID:11632
- C:\Windows\System\kOOqAdz.exe
  C:\Windows\System\kOOqAdz.exe
  2⤵
  PID:11652
- C:\Windows\System\lqARedo.exe
  C:\Windows\System\lqARedo.exe
  2⤵
  PID:11668
- C:\Windows\System\JKYQhVQ.exe
  C:\Windows\System\JKYQhVQ.exe
  2⤵
  PID:11692
- C:\Windows\System\HZVBdGx.exe
  C:\Windows\System\HZVBdGx.exe
  2⤵
  PID:11720
- C:\Windows\System\WjGrdpL.exe
  C:\Windows\System\WjGrdpL.exe
  2⤵
  PID:11744
- C:\Windows\System\QWiIYQl.exe
  C:\Windows\System\QWiIYQl.exe
  2⤵
  PID:11772
- C:\Windows\System\ygwzlKQ.exe
  C:\Windows\System\ygwzlKQ.exe
  2⤵
  PID:11792
- C:\Windows\System\xyZprbi.exe
  C:\Windows\System\xyZprbi.exe
  2⤵
  PID:11836
- C:\Windows\System\JouXLal.exe
  C:\Windows\System\JouXLal.exe
  2⤵
  PID:11864
- C:\Windows\System\oRRJBZN.exe
  C:\Windows\System\oRRJBZN.exe
  2⤵
  PID:11880
- C:\Windows\System\kScvDwF.exe
  C:\Windows\System\kScvDwF.exe
  2⤵
  PID:11896
- C:\Windows\System\ffTUDcx.exe
  C:\Windows\System\ffTUDcx.exe
  2⤵
  PID:11920
- C:\Windows\System\gxjqipx.exe
  C:\Windows\System\gxjqipx.exe
  2⤵
  PID:11944
- C:\Windows\System\IBGlVgJ.exe
  C:\Windows\System\IBGlVgJ.exe
  2⤵
  PID:11972
- C:\Windows\System\zFJTzrI.exe
  C:\Windows\System\zFJTzrI.exe
  2⤵
  PID:12144
- C:\Windows\System\JljQczl.exe
  C:\Windows\System\JljQczl.exe
  2⤵
  PID:12164
- C:\Windows\System\edGtunM.exe
  C:\Windows\System\edGtunM.exe
  2⤵
  PID:12180
- C:\Windows\System\hwQGONJ.exe
  C:\Windows\System\hwQGONJ.exe
  2⤵
  PID:12196
- C:\Windows\System\mcbQzQE.exe
  C:\Windows\System\mcbQzQE.exe
  2⤵
  PID:12212
- C:\Windows\System\BaKnBAW.exe
  C:\Windows\System\BaKnBAW.exe
  2⤵
  PID:12228
- C:\Windows\System\eDlIGyb.exe
  C:\Windows\System\eDlIGyb.exe
  2⤵
  PID:12252
- C:\Windows\System\aVyalJW.exe
  C:\Windows\System\aVyalJW.exe
  2⤵
  PID:12268
- C:\Windows\System\SEoohUO.exe
  C:\Windows\System\SEoohUO.exe
  2⤵
  PID:12284
- C:\Windows\System\nXQMOIS.exe
  C:\Windows\System\nXQMOIS.exe
  2⤵
  PID:8496
- C:\Windows\System\ofgYpBb.exe
  C:\Windows\System\ofgYpBb.exe
  2⤵
  PID:7764
- C:\Windows\System\XVKvDiW.exe
  C:\Windows\System\XVKvDiW.exe
  2⤵
  PID:7920
- C:\Windows\System\ICRdaBi.exe
  C:\Windows\System\ICRdaBi.exe
  2⤵
  PID:8196
- C:\Windows\System\AqbkHWz.exe
  C:\Windows\System\AqbkHWz.exe
  2⤵
  PID:12324
- C:\Windows\System\skKoGxP.exe
  C:\Windows\System\skKoGxP.exe
  2⤵
  PID:12340
- C:\Windows\System\CmrXiqC.exe
  C:\Windows\System\CmrXiqC.exe
  2⤵
  PID:12372
- C:\Windows\System\PAzPQmx.exe
  C:\Windows\System\PAzPQmx.exe
  2⤵
  PID:12388
- C:\Windows\System\EBxBtTv.exe
  C:\Windows\System\EBxBtTv.exe
  2⤵
  PID:12408
- C:\Windows\System\gOjnqVu.exe
  C:\Windows\System\gOjnqVu.exe
  2⤵
  PID:12424
- C:\Windows\System\TyCJLCJ.exe
  C:\Windows\System\TyCJLCJ.exe
  2⤵
  PID:12448
- C:\Windows\System\QUoioCQ.exe
  C:\Windows\System\QUoioCQ.exe
  2⤵
  PID:12468
- C:\Windows\System\hEkBPOP.exe
  C:\Windows\System\hEkBPOP.exe
  2⤵
  PID:12484
- C:\Windows\System\WqEorCt.exe
  C:\Windows\System\WqEorCt.exe
  2⤵
  PID:12508
- C:\Windows\System\RqzsyjR.exe
  C:\Windows\System\RqzsyjR.exe
  2⤵
  PID:12536
- C:\Windows\System\zkZrAMR.exe
  C:\Windows\System\zkZrAMR.exe
  2⤵
  PID:12552
- C:\Windows\System\AbzWgGT.exe
  C:\Windows\System\AbzWgGT.exe
  2⤵
  PID:12576
- C:\Windows\System\eUBaZFn.exe
  C:\Windows\System\eUBaZFn.exe
  2⤵
  PID:12596
- C:\Windows\System\JfyfocQ.exe
  C:\Windows\System\JfyfocQ.exe
  2⤵
  PID:12636
- C:\Windows\System\pJGMsOZ.exe
  C:\Windows\System\pJGMsOZ.exe
  2⤵
  PID:12652
- C:\Windows\System\fSOqQWx.exe
  C:\Windows\System\fSOqQWx.exe
  2⤵
  PID:12696
- C:\Windows\System\hRvdEfZ.exe
  C:\Windows\System\hRvdEfZ.exe
  2⤵
  PID:12728
- C:\Windows\System\RJFXIKQ.exe
  C:\Windows\System\RJFXIKQ.exe
  2⤵
  PID:12748
- C:\Windows\System\bVhstXB.exe
  C:\Windows\System\bVhstXB.exe
  2⤵
  PID:12772
- C:\Windows\System\MmtpHLQ.exe
  C:\Windows\System\MmtpHLQ.exe
  2⤵
  PID:12792
- C:\Windows\System\QaiAayF.exe
  C:\Windows\System\QaiAayF.exe
  2⤵
  PID:12808
- C:\Windows\System\ykSHNOG.exe
  C:\Windows\System\ykSHNOG.exe
  2⤵
  PID:12828
- C:\Windows\System\SFhJqMc.exe
  C:\Windows\System\SFhJqMc.exe
  2⤵
  PID:12848
- C:\Windows\System\cCpqfef.exe
  C:\Windows\System\cCpqfef.exe
  2⤵
  PID:12864
- C:\Windows\System\zgEPdON.exe
  C:\Windows\System\zgEPdON.exe
  2⤵
  PID:12884
- C:\Windows\System\BoPaWnm.exe
  C:\Windows\System\BoPaWnm.exe
  2⤵
  PID:12904
- C:\Windows\System\OErKtSQ.exe
  C:\Windows\System\OErKtSQ.exe
  2⤵
  PID:12924
- C:\Windows\System\cLkNuTE.exe
  C:\Windows\System\cLkNuTE.exe
  2⤵
  PID:12940
- C:\Windows\System\pMKhGco.exe
  C:\Windows\System\pMKhGco.exe
  2⤵
  PID:12956
- C:\Windows\System\zzFEthN.exe
  C:\Windows\System\zzFEthN.exe
  2⤵
  PID:12156
- C:\Windows\System\RFSVXWB.exe
  C:\Windows\System\RFSVXWB.exe
  2⤵
  PID:12204
- C:\Windows\System\pmwnsgE.exe
  C:\Windows\System\pmwnsgE.exe
  2⤵
  PID:12236
- C:\Windows\System\ZrxlWcw.exe
  C:\Windows\System\ZrxlWcw.exe
  2⤵
  PID:12264
- C:\Windows\System\iYhZXsJ.exe
  C:\Windows\System\iYhZXsJ.exe
  2⤵
  PID:7836
- C:\Windows\System\JVxioIQ.exe
  C:\Windows\System\JVxioIQ.exe
  2⤵
  PID:9560
- C:\Windows\System\tNqcbNN.exe
  C:\Windows\System\tNqcbNN.exe
  2⤵
  PID:8492
- C:\Windows\System\GimAhYg.exe
  C:\Windows\System\GimAhYg.exe
  2⤵
  PID:10332
- C:\Windows\System\OVkgDwD.exe
  C:\Windows\System\OVkgDwD.exe
  2⤵
  PID:12976
- C:\Windows\System\YErrzeN.exe
  C:\Windows\System\YErrzeN.exe
  2⤵
  PID:13064
- C:\Windows\System\TZBVwbr.exe
  C:\Windows\System\TZBVwbr.exe
  2⤵
  PID:13084
- C:\Windows\System\jfbrJdX.exe
  C:\Windows\System\jfbrJdX.exe
  2⤵
  PID:10072
- C:\Windows\System\PGjwXTf.exe
  C:\Windows\System\PGjwXTf.exe
  2⤵
  PID:11224
- C:\Windows\System\ogIaNkI.exe
  C:\Windows\System\ogIaNkI.exe
  2⤵
  PID:9800
- C:\Windows\System\AxZpqph.exe
  C:\Windows\System\AxZpqph.exe
  2⤵
  PID:9760
- C:\Windows\System\DIZPTad.exe
  C:\Windows\System\DIZPTad.exe
  2⤵
  PID:7280
- C:\Windows\System\pPcdzGf.exe
  C:\Windows\System\pPcdzGf.exe
  2⤵
  PID:11712
- C:\Windows\System\PQOSmFY.exe
  C:\Windows\System\PQOSmFY.exe
  2⤵
  PID:9944
- C:\Windows\System\xSQPreT.exe
  C:\Windows\System\xSQPreT.exe
  2⤵
  PID:2052
- C:\Windows\System\JCXBNvH.exe
  C:\Windows\System\JCXBNvH.exe
  2⤵
  PID:13068
- C:\Windows\System\nFXkSNQ.exe
  C:\Windows\System\nFXkSNQ.exe
  2⤵
  PID:13240
- C:\Windows\System\zFQvhvT.exe
  C:\Windows\System\zFQvhvT.exe
  2⤵
  PID:13248
- C:\Windows\System\GgbgVKR.exe
  C:\Windows\System\GgbgVKR.exe
  2⤵
  PID:13264
- C:\Windows\System\EPhMjyD.exe
  C:\Windows\System\EPhMjyD.exe
  2⤵
  PID:13292
- C:\Windows\System\JBSYcIB.exe
  C:\Windows\System\JBSYcIB.exe
  2⤵
  PID:2028
- C:\Windows\System\XvZKnDi.exe
  C:\Windows\System\XvZKnDi.exe
  2⤵
  PID:11024
- C:\Windows\System\gLDeUEj.exe
  C:\Windows\System\gLDeUEj.exe
  2⤵
  PID:11076
- C:\Windows\System\mpsgeuG.exe
  C:\Windows\System\mpsgeuG.exe
  2⤵
  PID:12900
- C:\Windows\System\zChAjqF.exe
  C:\Windows\System\zChAjqF.exe
  2⤵
  PID:12936
- C:\Windows\System\pRAdUso.exe
  C:\Windows\System\pRAdUso.exe
  2⤵
  PID:11220
- C:\Windows\System\VgqhvyS.exe
  C:\Windows\System\VgqhvyS.exe
  2⤵
  PID:11196
- C:\Windows\System\ZkFNdWX.exe
  C:\Windows\System\ZkFNdWX.exe
  2⤵
  PID:8488
- C:\Windows\System\GqhsugO.exe
  C:\Windows\System\GqhsugO.exe
  2⤵
  PID:9112
- C:\Windows\System\umeXoOy.exe
  C:\Windows\System\umeXoOy.exe
  2⤵
  PID:9060
- C:\Windows\System\nAaKNab.exe
  C:\Windows\System\nAaKNab.exe
  2⤵
  PID:12648
- C:\Windows\System\uSoHhCh.exe
  C:\Windows\System\uSoHhCh.exe
  2⤵
  PID:12420
- C:\Windows\System\aHaBZFA.exe
  C:\Windows\System\aHaBZFA.exe
  2⤵
  PID:10360
- C:\Windows\System\ulUckPv.exe
  C:\Windows\System\ulUckPv.exe
  2⤵
  PID:9720
- C:\Windows\System\lxvkTcX.exe
  C:\Windows\System\lxvkTcX.exe
  2⤵
  PID:6000
- C:\Windows\System\pjXGCSC.exe
  C:\Windows\System\pjXGCSC.exe
  2⤵
  PID:1036
- C:\Windows\System\gkdwRLN.exe
  C:\Windows\System\gkdwRLN.exe
  2⤵
  PID:7580
- C:\Windows\System\CxKXxrG.exe
  C:\Windows\System\CxKXxrG.exe
  2⤵
  PID:11564
- C:\Windows\System\OEOJqtb.exe
  C:\Windows\System\OEOJqtb.exe
  2⤵
  PID:5068
- C:\Windows\System\HYgRKBj.exe
  C:\Windows\System\HYgRKBj.exe
  2⤵
  PID:12064
- C:\Windows\System\JStNbGa.exe
  C:\Windows\System\JStNbGa.exe
  2⤵
  PID:12544
- C:\Windows\System\ehffgIs.exe
  C:\Windows\System\ehffgIs.exe
  2⤵
  PID:11424
- C:\Windows\System\rVaauLX.exe
  C:\Windows\System\rVaauLX.exe
  2⤵
  PID:11536
- C:\Windows\System\dYfMUzP.exe
  C:\Windows\System\dYfMUzP.exe
  2⤵
  PID:13276
- C:\Windows\System\DTxKLFy.exe
  C:\Windows\System\DTxKLFy.exe
  2⤵
  PID:12920
- C:\Windows\System\LGpiYig.exe
  C:\Windows\System\LGpiYig.exe
  2⤵
  PID:12856
- C:\Windows\System\ndaXEOU.exe
  C:\Windows\System\ndaXEOU.exe
  2⤵
  PID:752
- C:\Windows\System\WwxPrNN.exe
  C:\Windows\System\WwxPrNN.exe
  2⤵
  PID:4552
- C:\Windows\System\qLYFtyQ.exe
  C:\Windows\System\qLYFtyQ.exe
  2⤵
  PID:32
- C:\Windows\System\PdzIWah.exe
  C:\Windows\System\PdzIWah.exe
  2⤵
  PID:1496
- C:\Windows\System\WlPaaLo.exe
  C:\Windows\System\WlPaaLo.exe
  2⤵
  PID:13260
- C:\Windows\System\RbshIui.exe
  C:\Windows\System\RbshIui.exe
  2⤵
  PID:12684
- C:\Windows\System\GvZVMor.exe
  C:\Windows\System\GvZVMor.exe
  2⤵
  PID:12280
- C:\Windows\System\ZNlTvJo.exe
  C:\Windows\System\ZNlTvJo.exe
  2⤵
  PID:8288
- C:\Windows\System\OrSdWmS.exe
  C:\Windows\System\OrSdWmS.exe
  2⤵
  PID:3624
- C:\Windows\System\izzUjIL.exe
  C:\Windows\System\izzUjIL.exe
  2⤵
  PID:13308
- C:\Windows\System\zTMjIso.exe
  C:\Windows\System\zTMjIso.exe
  2⤵
  PID:3768
- C:\Windows\System\aoFDDpS.exe
  C:\Windows\System\aoFDDpS.exe
  2⤵
  PID:4676
- C:\Windows\System\huvdxlz.exe
  C:\Windows\System\huvdxlz.exe
  2⤵
  PID:6540
- C:\Windows\System\lLTPXgw.exe
  C:\Windows\System\lLTPXgw.exe
  2⤵
  PID:12912
- C:\Windows\System\vzVrvOF.exe
  C:\Windows\System\vzVrvOF.exe
  2⤵
  PID:10724
- C:\Windows\System\UbzvSMv.exe
  C:\Windows\System\UbzvSMv.exe
  2⤵
  PID:2092
- C:\Windows\System\TLYsauU.exe
  C:\Windows\System\TLYsauU.exe
  2⤵
  PID:4900
- C:\Windows\System\FZWkNsg.exe
  C:\Windows\System\FZWkNsg.exe
  2⤵
  PID:2200
- C:\Windows\System\nlDffNZ.exe
  C:\Windows\System\nlDffNZ.exe
  2⤵
  PID:9248
- C:\Windows\System\mPaGuJy.exe
  C:\Windows\System\mPaGuJy.exe
  2⤵
  PID:12312
- C:\Windows\System\fprfwSC.exe
  C:\Windows\System\fprfwSC.exe
  2⤵
  PID:7636
- C:\Windows\System\ybgScOR.exe
  C:\Windows\System\ybgScOR.exe
  2⤵
  PID:12820
- C:\Windows\System\JRMloph.exe
  C:\Windows\System\JRMloph.exe
  2⤵
  PID:6616
- C:\Windows\System\UeHKvLk.exe
  C:\Windows\System\UeHKvLk.exe
  2⤵
  PID:12336
- C:\Windows\System\otMNWJF.exe
  C:\Windows\System\otMNWJF.exe
  2⤵
  PID:12560
- C:\Windows\System\ORiirTO.exe
  C:\Windows\System\ORiirTO.exe
  2⤵
  PID:10512
- C:\Windows\System\TnUkLOy.exe
  C:\Windows\System\TnUkLOy.exe
  2⤵
  PID:10824
- C:\Windows\System\mFwVhWk.exe
  C:\Windows\System\mFwVhWk.exe
  2⤵
  PID:12568
- C:\Windows\System\keWPtSs.exe
  C:\Windows\System\keWPtSs.exe
  2⤵
  PID:10308
- C:\Windows\System\OLfAyTi.exe
  C:\Windows\System\OLfAyTi.exe
  2⤵
  PID:4788
- C:\Windows\System\aiepzXN.exe
  C:\Windows\System\aiepzXN.exe
  2⤵
  PID:3856
- C:\Windows\System\cQOqnzF.exe
  C:\Windows\System\cQOqnzF.exe
  2⤵
  PID:12004
- C:\Windows\System\khCPtqV.exe
  C:\Windows\System\khCPtqV.exe
  2⤵
  PID:4892
- C:\Windows\System\PspQstk.exe
  C:\Windows\System\PspQstk.exe
  2⤵
  PID:12872
- C:\Windows\System\skkUbRx.exe
  C:\Windows\System\skkUbRx.exe
  2⤵
  PID:9080
- C:\Windows\System\pQERgUv.exe
  C:\Windows\System\pQERgUv.exe
  2⤵
  PID:11116
- C:\Windows\System\ibVIzeF.exe
  C:\Windows\System\ibVIzeF.exe
  2⤵
  PID:3680
- C:\Windows\System\dcCAueo.exe
  C:\Windows\System\dcCAueo.exe
  2⤵
  PID:11912
- C:\Windows\System\yotPFEv.exe
  C:\Windows\System\yotPFEv.exe
  2⤵
  PID:10380
- C:\Windows\System\hXqSmoX.exe
  C:\Windows\System\hXqSmoX.exe
  2⤵
  PID:3420
- C:\Windows\System\PMXAyud.exe
  C:\Windows\System\PMXAyud.exe
  2⤵
  PID:10280
- C:\Windows\System\XRsNDaJ.exe
  C:\Windows\System\XRsNDaJ.exe
  2⤵
  PID:13244
- C:\Windows\System\TxCgoDJ.exe
  C:\Windows\System\TxCgoDJ.exe
  2⤵
  PID:9888
- C:\Windows\System\DzmzKmI.exe
  C:\Windows\System\DzmzKmI.exe
  2⤵
  PID:8608
- C:\Windows\System\WqZWVHk.exe
  C:\Windows\System\WqZWVHk.exe
  2⤵
  PID:4964
- C:\Windows\System\wSNcvjQ.exe
  C:\Windows\System\wSNcvjQ.exe
  2⤵
  PID:5220
- C:\Windows\System\CStjVvl.exe
  C:\Windows\System\CStjVvl.exe
  2⤵
  PID:3144
- C:\Windows\System\NWLXOgA.exe
  C:\Windows\System\NWLXOgA.exe
  2⤵
  PID:7424
- C:\Windows\System\CxKZlZf.exe
  C:\Windows\System\CxKZlZf.exe
  2⤵
  PID:6496
- C:\Windows\System\SDlLcNy.exe
  C:\Windows\System\SDlLcNy.exe
  2⤵
  PID:12416
- C:\Windows\System\UxBBtdm.exe
  C:\Windows\System\UxBBtdm.exe
  2⤵
  PID:3312
- C:\Windows\System\tkKLpKR.exe
  C:\Windows\System\tkKLpKR.exe
  2⤵
  PID:540
- C:\Windows\System\MydVGxp.exe
  C:\Windows\System\MydVGxp.exe
  2⤵
  PID:12916
- C:\Windows\System\sptrixt.exe
  C:\Windows\System\sptrixt.exe
  2⤵
  PID:1328
- C:\Windows\System\NMtkXMb.exe
  C:\Windows\System\NMtkXMb.exe
  2⤵
  PID:12380
- C:\Windows\System\KXEtdAv.exe
  C:\Windows\System\KXEtdAv.exe
  2⤵
  PID:13132
- C:\Windows\System\fwUZcFs.exe
  C:\Windows\System\fwUZcFs.exe
  2⤵
  PID:13444
- C:\Windows\System\FAqJFAh.exe
  C:\Windows\System\FAqJFAh.exe
  2⤵
  PID:13528
- C:\Windows\System\GjQpwLf.exe
  C:\Windows\System\GjQpwLf.exe
  2⤵
  PID:13552
- C:\Windows\System\vUewgnn.exe
  C:\Windows\System\vUewgnn.exe
  2⤵
  PID:13696
- C:\Windows\System\OMesBQi.exe
  C:\Windows\System\OMesBQi.exe
  2⤵
  PID:14100
- C:\Windows\System\ZBGzQJn.exe
  C:\Windows\System\ZBGzQJn.exe
  2⤵
  PID:13472
- C:\Windows\System\jinEBIM.exe
  C:\Windows\System\jinEBIM.exe
  2⤵
  PID:13460
- C:\Windows\System\kEpjRLC.exe
  C:\Windows\System\kEpjRLC.exe
  2⤵
  PID:13540
- C:\Windows\System\ziOAjBt.exe
  C:\Windows\System\ziOAjBt.exe
  2⤵
  PID:13576
- C:\Windows\System\RBLtgoO.exe
  C:\Windows\System\RBLtgoO.exe
  2⤵
  PID:13592
- C:\Windows\System\ZlTeqLs.exe
  C:\Windows\System\ZlTeqLs.exe
  2⤵
  PID:13600
- C:\Windows\System\iNUAvje.exe
  C:\Windows\System\iNUAvje.exe
  2⤵
  PID:12612
- C:\Windows\System\kjKZALy.exe
  C:\Windows\System\kjKZALy.exe
  2⤵
  PID:13656
- C:\Windows\System\AAdmFjG.exe
  C:\Windows\System\AAdmFjG.exe
  2⤵
  PID:13632
- C:\Windows\System\MMKBIwV.exe
  C:\Windows\System\MMKBIwV.exe
  2⤵
  PID:13684
- C:\Windows\System\NlrWXpU.exe
  C:\Windows\System\NlrWXpU.exe
  2⤵
  PID:13736
- C:\Windows\System\LBgjxqT.exe
  C:\Windows\System\LBgjxqT.exe
  2⤵
  PID:13756
- C:\Windows\System\mtDSrBk.exe
  C:\Windows\System\mtDSrBk.exe
  2⤵
  PID:13772
- C:\Windows\System\cdVAtQD.exe
  C:\Windows\System\cdVAtQD.exe
  2⤵
  PID:13792
- C:\Windows\System\YyaLfdu.exe
  C:\Windows\System\YyaLfdu.exe
  2⤵
  PID:13820
- C:\Windows\System\PlMStzF.exe
  C:\Windows\System\PlMStzF.exe
  2⤵
  PID:13844
- C:\Windows\System\qUcWnZA.exe
  C:\Windows\System\qUcWnZA.exe
  2⤵
  PID:13860
- C:\Windows\System\fhbjULK.exe
  C:\Windows\System\fhbjULK.exe
  2⤵
  PID:13876
- C:\Windows\System\lYxvDAE.exe
  C:\Windows\System\lYxvDAE.exe
  2⤵
  PID:13892
- C:\Windows\System\smzezvy.exe
  C:\Windows\System\smzezvy.exe
  2⤵
  PID:14028
- C:\Windows\System\tReNUUG.exe
  C:\Windows\System\tReNUUG.exe
  2⤵
  PID:13916
- C:\Windows\System\oGhDWwh.exe
  C:\Windows\System\oGhDWwh.exe
  2⤵
  PID:13940
- C:\Windows\System\VuBuwco.exe
  C:\Windows\System\VuBuwco.exe
  2⤵
  PID:13996
- C:\Windows\System\iiFKGJL.exe
  C:\Windows\System\iiFKGJL.exe
  2⤵
  PID:14012
- C:\Windows\System\HqCpjUK.exe
  C:\Windows\System\HqCpjUK.exe
  2⤵
  PID:13932
- C:\Windows\System\MxVmbdH.exe
  C:\Windows\System\MxVmbdH.exe
  2⤵
  PID:13960
- C:\Windows\System\RnlJvHL.exe
  C:\Windows\System\RnlJvHL.exe
  2⤵
  PID:13908
- C:\Windows\System\jNYlrUP.exe
  C:\Windows\System\jNYlrUP.exe
  2⤵
  PID:14036
- C:\Windows\System\nzvWjOo.exe
  C:\Windows\System\nzvWjOo.exe
  2⤵
  PID:14092
- C:\Windows\System\kmmvktE.exe
  C:\Windows\System\kmmvktE.exe
  2⤵
  PID:14320
- C:\Windows\System\oNxMPfy.exe
  C:\Windows\System\oNxMPfy.exe
  2⤵
  PID:11388
- C:\Windows\System\nLFqodU.exe
  C:\Windows\System\nLFqodU.exe
  2⤵
  PID:13452
- C:\Windows\System\AmavDAt.exe
  C:\Windows\System\AmavDAt.exe
  2⤵
  PID:13476
- C:\Windows\System\yKEdMIF.exe
  C:\Windows\System\yKEdMIF.exe
  2⤵
  PID:14292

C:\Windows\system32\WerFaultSecure.exe
"C:\Windows\system32\WerFaultSecure.exe" -protectedcrash -p 1328 -i 1328 -h 600 -j 604 -s 612 -d 11428
1⤵
PID:12152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ffhm500c.cqm.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AQtazqP.exe

Filesize
1.7MB

MD5
b5fa6b5557c2fd8e3552e05af3d0adb1

SHA1
fd507a70c0486d914bef8052700fe489a6aa50eb

SHA256
d0a00b7eebbadfede9b4e687a676e0563cb98799c74951706e65c337050e3681

SHA512
0e37d23cb028bad46a5e49462e2efd7758ec678c8727e10bb482fac30173ab55de42d07a9791f4580248e3dff3baab0e83a9ad326438caf508537195e3351a2c

Download Submit
C:\Windows\System\AwqLOdD.exe

Filesize
1.7MB

MD5
92c0df6268a33c019bc76a55f9337fb1

SHA1
8b21f84a77d510563f96ddebe375a92503aa7073

SHA256
225e51bf5e1634a89ab1c8cfe078b88cf910716adf71c862c8e7a166ddd96fb9

SHA512
af2b2af1bf9b21551e9826f5bff9ab8882256f1bbcfbe5035a1f51803c38f28c24781dcda584ac989a2a273d3a011b2625befdf22f3e2f457154d641750f084e

Download Submit
C:\Windows\System\BaRGpMc.exe

Filesize
1.7MB

MD5
5a3774c64952a71d763155f32db66a7a

SHA1
f181ad029bf68ef1fe525f448f8ffed3e1537d47

SHA256
b96ea16c118a41544f14fe45c2d2cd7a3b5bc8dca2f47d5840982d078a92dec3

SHA512
5d87a522a12dc601f4ea85466dfda4aee3fee0e89b305a9b1f5306297787176d861de39d749b521dded9166f7e72ec9da0ec636f8a0cb65cb2ff372dfe1c2664

Download Submit
C:\Windows\System\BjroAEy.exe

Filesize
1.7MB

MD5
2f6110390d034906751d39baf255b4a1

SHA1
4554811e8d4025a93d24ea5ca0415371949ff80f

SHA256
c6762ff558ee9dda5d4542ef7d1b8ed5c5cf61cb1eabbf1a9619c16a5855b81a

SHA512
65689d89464b06ec132fd327593f0ad0658d426df5a3a36e0fbca0a71356d2136d1dcae4de1de37bf683fea869ac109975e779eb824117b93318d3a31626af5c

Download Submit
C:\Windows\System\CEQqiTQ.exe

Filesize
1.7MB

MD5
2a793102b6a32be879e3730d6025182b

SHA1
a7be0eb20799b07d7c8dd21fb5834fb1462d9aac

SHA256
22d06eccf40934e037b44e5a1e7cb989779736c534d20efbf10ce0f4377208ab

SHA512
2f725646ed7ae9a87756dec232d6620918e0189ec17d2e080d791ce0543d26a1c642e3166824b2a17b9a8d1a9133e24cfb00020218b861478faa410a50b4f75f

Download Submit
C:\Windows\System\CyWWsgJ.exe

Filesize
1.7MB

MD5
2119ce24ed446f04c578b955164a2959

SHA1
ae7cbf0f2a8fe8cc2ae221dbfb77eb3c03b3343d

SHA256
76048786695b31826cef60bd68fcf6113e1f61bc1b13f65b2e21efee90cee2ec

SHA512
244e00631a2aa71b45aa6353ca0a1a9cfcdd1bfa1c98675386290f35f6e5e49a512a46aa14fb66690e5c3b841353476129189053333428b34861cf9123696515

Download Submit
C:\Windows\System\ITjaxTG.exe

Filesize
1.7MB

MD5
b387ee8c4be9a731b35651713f564b40

SHA1
d7cf00b71a338b4dd5a61355388dd4f34c63a4e2

SHA256
8502b04e491940828f2cc8f298cb40c4e1e1b4d06d0b918d4bf5c2f0ffde6732

SHA512
9a7995414b1e4c62fadddffdbf35c75327055d8590ef4882b33eeff5fa840fa5fe6294544291d70ef92b73c635f40f84c87064d012fc06ac7c3e5dbfc76cbbd9

Download Submit
C:\Windows\System\JeRQEcF.exe

Filesize
1.7MB

MD5
f593a898a46c7a48acac26c8942aae90

SHA1
a5d153a1796f74b5469735463806560ad42b4f8b

SHA256
0e0c7f91612909b3be07750aa158c0d132298b7c9dcf78f478557a8f8ee10865

SHA512
7c0fa7f87758fe88c799c492aea5d65112593fc34f965553e9dab8dfadff1ae695fa8e970cead754aa6ef842a0ba4029dc0bca96cf70118ae6d5d177217113f4

Download Submit
C:\Windows\System\KDYaGMq.exe

Filesize
8B

MD5
35b23d571bbad4492faca789c3ae9e51

SHA1
adce24f573b6f217562802fd70c52d63ff8f138a

SHA256
3a560e0248da85dda9072e5a99566240ff722f60e9e834efc9c2c23440409d68

SHA512
9c03280067c140373673e9c5ab78127be909959b13e02da8c3ebcce17541a63329fa3cb35a4d2a7b2bb1a50a364108f4e9b1ca429acacd7bf3a5a9d83fb6ba39

Download Submit
C:\Windows\System\LGgDJTp.exe

Filesize
1.7MB

MD5
3b56e8c877313f826fed44154f873040

SHA1
149473f684508957d31c888b1663ff5c74b956ac

SHA256
a24d80c001088be432a14023f8098e3cc19078308ad5d0fbc3ba2658815dde83

SHA512
063da21307f1fdc007f8f8d1121e12a36e7de456d72a599cf11d614a10f582a54d06b9eeee9b80e33a6bfce9e1d77b7e527f254227f34b6f86ca89f493590d4f

Download Submit
C:\Windows\System\MIoOQbP.exe

Filesize
1.7MB

MD5
227d61d7d965fd37dd5d23ce659300ca

SHA1
55846cb7b6dfebc2810381b491ace994886530fa

SHA256
6143db1f04d439be9497008bb4522bbb31656adbb422772f4307d963d9e2d89b

SHA512
6ed7675124ad30162fd81e704f333e7aa09afa446e1a8c3f719b216c6062565fb4f05925e96031045dd76d9c3b128fa16afc5aed214421bb9d543f30ec552e1a

Download Submit
C:\Windows\System\OSgRjTB.exe

Filesize
1.7MB

MD5
cfc8bfddc36eafe50d79f80fae1767a4

SHA1
9806957e7f41d0931b4f0cb50ab71490794cad4e

SHA256
1f0d53c5dc5eb3318782523a04e5b1f57aa7f66e1a3da9e80e3bcd3aff2d0973

SHA512
f568a2246a0407b408859733519e59b4fee3dd5dc9638f06558ed27acbadbcdd55f310e0096c62c4b7643568ab99470e1d8912b1a2309d31e0b1989d80bf160b

Download Submit
C:\Windows\System\PENugUB.exe

Filesize
1.7MB

MD5
a17110dfffe48e329d3cd67e83f21f31

SHA1
f2eb2039a9827132156c8889d02ffc2c2975aef1

SHA256
dbf4d04e1eebfd6701a67b08542086c4d0a4b84993ce85ec7ec86394a19cb914

SHA512
8bbc24d2506ae854abaf7e8fe09fb4f6c78147cc10fcc6e504b41da6764bd9d1ff569e87d4fbad21f4d3c0be89bffcfc80b1b53c0916d3a7508e34691787a602

Download Submit
C:\Windows\System\PQXuJPG.exe

Filesize
1.7MB

MD5
ec5cb02cc8d69945dc04a731b01e71c7

SHA1
dcdb6a5429b85fc02d536727b71fddda4ac53a44

SHA256
865630a8c56aa8354e4b439f97032b099fdf6b25c663aa46456ccde4be30597a

SHA512
b33f4fa4a0e6de5def2b714e6161e6d427c6115f46a3b04c7d57374ae38bb66df04253cc865adecb1e987cf1527713f753e0d04d0eaf0e6dd3f0d4dc075887aa

Download Submit
C:\Windows\System\RwmVEwk.exe

Filesize
1.7MB

MD5
5bec4a76f3e2a2decfcb6182a3d5d65a

SHA1
b42544649162bf1628706d715fc99c081f25c7a6

SHA256
5d3abbcbf9f8eb5146e68d802f8631645e41a59acb19d9bc7379014f1ae65101

SHA512
56106a348f2876744171de937b8163a21c42ebad0173b80998788cc74ac5330ba721cf4c614a622b2a95893f9f10933450a698e8b571df83032b6c495b167dbb

Download Submit
C:\Windows\System\TxowLuM.exe

Filesize
1.7MB

MD5
d4a9c905cdf0a999c13c2f41a552540c

SHA1
9ecbf288315e269a1505b59f9d58ed1a9004726b

SHA256
57c7b913514caee59c91a850d85af8a3fad77b0218570e3c2a0cd8e9299e7cbe

SHA512
9eaee612bd1aaa764d1bb86eafb859601a547f25592baf2cd1f66e22c66b5fffb0ad86e6f7606e94ecbabb6ce9b7148d73d2c4558cfc433ca3c8de0b76128cea

Download Submit
C:\Windows\System\UCTaSZi.exe

Filesize
1.7MB

MD5
a869498a0a02d9d1265f75c3c7b7ae72

SHA1
bc02bb5b6316265550e8e4dcdab4a340d36f0c60

SHA256
3caad70774643cda712f0a83d1419e87942f7c7ebe77315eb39c6bbb50a95e15

SHA512
06f4194c3a90495695ca932f4d0f1c143fa5c3d143df22eede91ee42850a5f2a4bd13fb29303b1e1f7efbdf70b8b5e13264da35092ec9c009304edd6b9325d01

Download Submit
C:\Windows\System\UDAOQPp.exe

Filesize
1.7MB

MD5
abf94222e25c09c01bddd89f49621618

SHA1
383bc66791c3b81c27f83deff2d08b0568b28999

SHA256
ffd5d3b5614053be39df8841329ad9b276b74f048ff1989a57183548a73f758b

SHA512
6c32a6a7d43d5866ac0bbde5fcb395d18c89257ef58b820f64cc121faff4230197b097c8ecae9df33b6ff337b45516501317a83abe1ec15a472ec76670084e39

Download Submit
C:\Windows\System\VRVhlhk.exe

Filesize
1.7MB

MD5
9541eba303a8e8084861b0b23f664129

SHA1
047d2cacc125288927a9b9fda81a9ce048679f91

SHA256
8efa242e96b67a2d56abea96980c03f0ad956b353e5b46391f8909765c379458

SHA512
26e5daaa51bec51841360ea3efdc38a522946c6134ba7b81c1fc5db2b696eb117ffe4299646ce602b760027ede76494062d3fc6aa616738113e08be78569c9d9

Download Submit
C:\Windows\System\WmbCAow.exe

Filesize
1.7MB

MD5
081e3ddda8bdf325a441471968a3bd4a

SHA1
1bf0aa9b7e9e151ea459619695a267e398618e42

SHA256
d35cf7d677ffd5dad084a6a7d93a9499150eb1d22cfd3f2116dd0dc066bb455f

SHA512
a548fc372b54c0069d56e29a696d978bd3c5f362009106a5e0c66c89e0e8e58f6e53e5dedc4a87739616030a451a9de63168c6fe319c41ce73a4d800d11894af

Download Submit
C:\Windows\System\bcEJRla.exe

Filesize
1.7MB

MD5
ccc22b619c0290b8297b09c00a31ebc3

SHA1
d4d991c7c1efd908c76c91343d0f688af4830cc3

SHA256
e733a58907d375f35edc85ee146f43e6ac75e6bc7f02504ffc388a6bb60e3f4e

SHA512
7351079ac25a3040c4ca50451050e72999695d2d39dfb1faf509183d8d6bdc74a664a76206c5c867b7677b0dda4a1821b9667772ea2ae95850dd5d7922e251be

Download Submit
C:\Windows\System\ftJolWS.exe

Filesize
1.7MB

MD5
8b999859660ae408dc8d50e902b84d1a

SHA1
448394b36099247413d938c09050d32e28f62083

SHA256
6fe60f8cbcc9af63931feb3ef9b14af4bf25de180c6ed5a27e53adfb1dcd71b8

SHA512
7ecce63179c6f5c49f3244e13f8bcb9ffe97731f1fff723144c926a6db7e639a189920ad2a0f95773dddc2625cc5ef1932c3dd9e16e223735fb591eec1b5fbc7

Download Submit
C:\Windows\System\gRFtiRN.exe

Filesize
1.7MB

MD5
e534286973c3598bbb510922bc7fa239

SHA1
5c76d5a51f377327d95e3dc5237c3f9376b540bb

SHA256
118683daa4d8b64b4558011ca9ee92f7b591904b8f932e1b2ecd309d1ff75e5c

SHA512
e0fa875fb7976e37083d7c8427261849f0b67d9df3493b3feb7f6fd2ec2f8ce3b09ef65df8671a3cab85d6d5a63e0a3bba2264c8799363b8011258d2a7a3c8c3

Download Submit
C:\Windows\System\gieFvDZ.exe

Filesize
1.7MB

MD5
cfcb49bd3111528c45cc846c7a3f08b8

SHA1
0a6962e45a0e05423bab0d3e6d483953156dc2f0

SHA256
c96b3f5c0eaa5e2397125387f48c80f1c62e232c9e8e7ceb94282759bc1711aa

SHA512
2b48753fd7690eef0348fc1a66cd970afaf174a43d5411f8ecb66e1fd9c44c3165b61299ec9956c5b5ef41e6308e05bb6d5fa6ac7f3f96d4c4d7ba4f915b7458

Download Submit
C:\Windows\System\gkQQSag.exe

Filesize
1.7MB

MD5
e71c88dc1951b317d11f78a793df6831

SHA1
dcf92c02bc755ddf429d9101a7142943ba414571

SHA256
af920c962b6420d78468a29c729e38f5610b7df580c9c1c291a0441eb3dcec9b

SHA512
88d1c9d1bec761180ab2e4f9c49b78112d7aff6f70f7b4d2fa2aa3053910b2b38b6c3301a728e57ebbb38d7529074a7e9e09eb43972b09b14d0c17807920d1f0

Download Submit
C:\Windows\System\iHgaXYQ.exe

Filesize
1.7MB

MD5
add466efd7baea0de2c42c1173ae1930

SHA1
e30efce79aa2712965daa7da96d830ee06c7d9e0

SHA256
2f1541ca97eb72066534d3327e27cedb641a8918a969ed19e2363af25fd38aff

SHA512
a84d78cbf081efa67d5b2a3fcbafd5aa7bd624f5d647bb85cd93297f7beb92ca3c1ac8aaabecdaa9f929a0263aa9c5f2f2d7835ca8cbdb83c809d1d314ac250e

Download Submit
C:\Windows\System\lLHtlGj.exe

Filesize
1.7MB

MD5
4c97c8f48e265d54108efb00267d8931

SHA1
84e5b0ef78f640e9c797830da44fdc752a2f751f

SHA256
b7d7af9127274be6a75c23fc0da4f6cc126aa3c22629642ef2fcad6eef05a216

SHA512
348b16116ff800ff6af7a08dfaae535ff6485847084ae7a5259cffb66e8da633b94492ad7e56b18cec0289cf01885ceb04d8d97807f8b59c68d95be43196e65e

Download Submit
C:\Windows\System\oDbTlRw.exe

Filesize
1.7MB

MD5
0887d37e9bede036d3bdeba267373998

SHA1
8d56bfe07f8e90b0d4e00e87ad9a40770793e883

SHA256
427c8118c289e025309296ff25868297d26cfe9732de12c30aad5aa5963e0a1c

SHA512
4970a6137e223be7a63b3add39be8db479c57a3349c90b3adefe256de20d046ef47d72ee7e236adf3af8359c5cb5953aa56e1b01031ea49afb7dda66b95f5088

Download Submit
C:\Windows\System\ojrhIXl.exe

Filesize
1.7MB

MD5
fab84508e947b8cb0c3e03efb1b373e1

SHA1
c042f6778c20989d4d8f9710b4dbe233fd8057af

SHA256
56ad4401d00f3adfc6115403c60ac6a875d69571f16a020b070ca18b4c2e2fff

SHA512
dee42e411e82882b74619805c28936adf84bb2496ec12928d64da44812b3abf1d1358f4b24696cd303cc3b0f32ae9f1e5945b5704e438e2b74ae457e6560ffe6

Download Submit
C:\Windows\System\pcYKiPJ.exe

Filesize
1.7MB

MD5
d9c8620c1b9ac9c4243f5717a10e198e

SHA1
15b26a9a4aa02b4462440e1446ea9a76b96bf038

SHA256
3342e4070a4bcb01e9fb7f0e1fb7bf11101ff926e9a598fc6c2cfad45ea1be7e

SHA512
59b45522885d4de7e986ffc83a00e6b333e708a7a3cb8450347c4ab5aa00a7cba562163a254d4083a13923d95f173435fcdd67071460e922626874c7993d53bf

Download Submit
C:\Windows\System\psWoMwh.exe

Filesize
1.7MB

MD5
84235411ae494f58fb6037a8f06d1868

SHA1
75c6462324a2d203b91d6a36fd751090ba64d92b

SHA256
304c7d9862902c38c2911d6c77fdc255e5cf043efc051ffcf6e6e4a06a1aa851

SHA512
71d6db4b56cdd6c97e51cd75f30986d6278bd88c7bc5e588c817a84d3d52935d06a055931988b3e3c208fe8fefd8dd7dcf060d92969a535e179379615807ae9d

Download Submit
C:\Windows\System\pvRFqeS.exe

Filesize
1.7MB

MD5
60817e2fe39f75546a815d854bab197e

SHA1
a0b767894a4c0a7711a00401ceedbef383f0cab7

SHA256
847efe6fdbf1a758e55c806b571715f7f35fcc5a61bb12cac1d5f6a6cf84cd8c

SHA512
68b87d7a59cb82d414519b677d002eb873f057e3c6880d534cea5ad39dcd0adb0622749be8e9705ec3946185b0cc9d603dd33979ab58e01fc0489b17f86ec64e

Download Submit
C:\Windows\System\szPQiAq.exe

Filesize
1.7MB

MD5
e6c95c7f08733f106b460a90f76c0a01

SHA1
3792869bc0e98c147fd33d3713aa95963301c035

SHA256
184032db70b72d35cf06ca78ae1c7e4c4afa0773306bdf306b68025a1a8f6291

SHA512
a7723fc95d2d638fcade5116c598ed4efb1f5e98aa1d889e739a6c280396d35f6df54c3335cfb93a0617499b4f991067a07aedeaad07f42967097a8b525cf191

Download Submit
C:\Windows\System\tcsqlcg.exe

Filesize
1.7MB

MD5
e137fa0270a1a05bbcfd3d1afffa252a

SHA1
04dab48d5afc11a963d3c7cbb7ae7a368c1b885e

SHA256
12c0635453ea2458821ea5ece2b99e1e14123fb9c1d91489f0dfc2a8d8ba085b

SHA512
f6c6f4d606a3f58314328e60d6a55c8d58fe2a0eed40cc757fa9a20dae1980d3ee6e283411b16a3ba86b1ab5bf50ea8a83f35742324f84c40d50092aa608306d

Download Submit
C:\Windows\System\uIWeaWR.exe

Filesize
1.7MB

MD5
dcc6514ce8528ae8735e03f5af70c211

SHA1
ae55cc1dc17dee143eec6799dec11406b6a5b34f

SHA256
69fdad23abc8e8c80e3ff2b08173888f2694eac517d6e56b4e15f22175e8f0c9

SHA512
1d54e5de9d9d3746478e507b18bf4f1b8d3478439276f97215043504c06be1443f94fc522de56ce5a4082eac2f1eaf9fb6147c10e5f7a4e5e4f1ea6c142445ac

Download Submit
C:\Windows\System\uxmdoMK.exe

Filesize
1.7MB

MD5
f99781aa849a4983b2596bb5e67edf84

SHA1
a9e90d6b7376421e722bd784ab5caaa47d75cc84

SHA256
41e85a24dd1efb8b2bd99b20f46511a4115b9218f6aabcee387c4f10b532ddd4

SHA512
3d8b272e1f8fa42f068f0d9ca60c205577ca53865f5725405de4d198cf67acbf703a1cd68986d57657454fa0433b737d13dd544551aab5d981c3c0f1cc74f898

Download Submit
C:\Windows\System\vpIeazV.exe

Filesize
1.7MB

MD5
2eed36393cfd434772026ed855d2587f

SHA1
a15427d06a1061a77fcf5945a09320faaa8414de

SHA256
b3f08b2903533eb5438da74d814e4842fd9450c467a5f52fd9e7507fc1e927e5

SHA512
ccc7cf2aefd81bb3f26e642dac3194310e8b11034b432c87f75287736a27beb8aa7fe019afb5555aa0308a750e8edd31efb8d03813a6ee1654698ecd9a962b39

Download Submit
C:\Windows\System\wLgvaNB.exe

Filesize
1.7MB

MD5
7fd02548ce4f8d47898fc2567e3c86df

SHA1
91bb5f4f40e584437e628ab3f50a49da954f1ee2

SHA256
a67dc89fd50f544b46b6e80c539cbe267fd591da0bbbf0cd0123fb5e9d0d12ab

SHA512
bf85300f2a97df3b8a8855a984fa47f17c64bbcdcf005d3626995ba805e43b6fac16a39715306dff3575bc6b67da18c57ce1afd5f197230daaa184d084e6822c

Download Submit
C:\Windows\System\xXgpTKd.exe

Filesize
1.7MB

MD5
7a96114bf9e07973252e31c8ee26512d

SHA1
0a89bd6387870ebb325395d94f41f9cd9708ca45

SHA256
27661e2f97abd2e84bc48c9fa135b053ab774cb4afe580c02cef069d6ff2220e

SHA512
d41b76b60ab7e0a22816ff1360e736a7dbb227d6a7406df8c3281222d49866bfb9aa361b0599739ce520e76f8481045cdc591490ec1ae6a582a98c56617d6b5c

Download Submit
C:\Windows\System\ySVUdmd.exe

Filesize
1.7MB

MD5
2fe98316fd71ef4593f1b70cde3c8fc8

SHA1
3062964d3774b9668670731c1168e56c3dbf5050

SHA256
07d11b29ddeeb04fd10724620c0d25db1697e2fe6dbf26a6da5810cc71b7a7ec

SHA512
265a13e7a6144d193db3c51748160a86150e4710ae399625807b17eb19fd789fe598e5c7d34bfe3ffb70d71d554b15364e6fea3b0c6d7741cc55faf2b38f78be

Download Submit
memory/436-1-0x000001A5FFED0000-0x000001A5FFEE0000-memory.dmp

Filesize
64KB

Download
memory/436-0-0x00007FF775260000-0x00007FF775652000-memory.dmp

Filesize
3.9MB

Download
memory/744-1112-0x00007FF73A290000-0x00007FF73A682000-memory.dmp

Filesize
3.9MB

Download
memory/744-3926-0x00007FF73A290000-0x00007FF73A682000-memory.dmp

Filesize
3.9MB

Download
memory/1224-235-0x00007FF699680000-0x00007FF699A72000-memory.dmp

Filesize
3.9MB

Download
memory/1224-3898-0x00007FF699680000-0x00007FF699A72000-memory.dmp

Filesize
3.9MB

Download
memory/1268-124-0x00007FF7F4240000-0x00007FF7F4632000-memory.dmp

Filesize
3.9MB

Download
memory/1268-3890-0x00007FF7F4240000-0x00007FF7F4632000-memory.dmp

Filesize
3.9MB

Download
memory/1360-3930-0x00007FF6DE400000-0x00007FF6DE7F2000-memory.dmp

Filesize
3.9MB

Download
memory/1360-1386-0x00007FF6DE400000-0x00007FF6DE7F2000-memory.dmp

Filesize
3.9MB

Download
memory/1420-1037-0x00007FF75DEA0000-0x00007FF75E292000-memory.dmp

Filesize
3.9MB

Download
memory/1420-3936-0x00007FF75DEA0000-0x00007FF75E292000-memory.dmp

Filesize
3.9MB

Download
memory/1436-623-0x00007FF73F7C0000-0x00007FF73FBB2000-memory.dmp

Filesize
3.9MB

Download
memory/1436-3937-0x00007FF73F7C0000-0x00007FF73FBB2000-memory.dmp

Filesize
3.9MB

Download
memory/1472-1382-0x00007FF607840000-0x00007FF607C32000-memory.dmp

Filesize
3.9MB

Download
memory/1472-3916-0x00007FF607840000-0x00007FF607C32000-memory.dmp

Filesize
3.9MB

Download
memory/2344-3886-0x00007FF728F30000-0x00007FF729322000-memory.dmp

Filesize
3.9MB

Download
memory/2344-178-0x00007FF728F30000-0x00007FF729322000-memory.dmp

Filesize
3.9MB

Download
memory/2412-4011-0x00007FF789F90000-0x00007FF78A382000-memory.dmp

Filesize
3.9MB

Download
memory/2412-1538-0x00007FF789F90000-0x00007FF78A382000-memory.dmp

Filesize
3.9MB

Download
memory/2464-440-0x00007FF7B3A10000-0x00007FF7B3E02000-memory.dmp

Filesize
3.9MB

Download
memory/2464-3922-0x00007FF7B3A10000-0x00007FF7B3E02000-memory.dmp

Filesize
3.9MB

Download
memory/2476-1737-0x00007FF6DA060000-0x00007FF6DA452000-memory.dmp

Filesize
3.9MB

Download
memory/2476-3924-0x00007FF6DA060000-0x00007FF6DA452000-memory.dmp

Filesize
3.9MB

Download
memory/2664-441-0x00007FF72F9E0000-0x00007FF72FDD2000-memory.dmp

Filesize
3.9MB

Download
memory/2664-3918-0x00007FF72F9E0000-0x00007FF72FDD2000-memory.dmp

Filesize
3.9MB

Download
memory/2736-5-0x00007FF9CBF63000-0x00007FF9CBF65000-memory.dmp

Filesize
8KB

Download
memory/2736-159-0x00000175FB4A0000-0x00000175FB4C2000-memory.dmp

Filesize
136KB

Download
memory/2736-1735-0x00007FF9CBF60000-0x00007FF9CCA21000-memory.dmp

Filesize
10.8MB

Download
memory/2736-84-0x00007FF9CBF60000-0x00007FF9CCA21000-memory.dmp

Filesize
10.8MB

Download
memory/3188-3894-0x00007FF73E5F0000-0x00007FF73E9E2000-memory.dmp

Filesize
3.9MB

Download
memory/3188-395-0x00007FF73E5F0000-0x00007FF73E9E2000-memory.dmp

Filesize
3.9MB

Download
memory/3564-3882-0x00007FF78E4A0000-0x00007FF78E892000-memory.dmp

Filesize
3.9MB

Download
memory/3564-9-0x00007FF78E4A0000-0x00007FF78E892000-memory.dmp

Filesize
3.9MB

Download
memory/3564-2736-0x00007FF78E4A0000-0x00007FF78E892000-memory.dmp

Filesize
3.9MB

Download
memory/3676-540-0x00007FF762E30000-0x00007FF763222000-memory.dmp

Filesize
3.9MB

Download
memory/3676-3920-0x00007FF762E30000-0x00007FF763222000-memory.dmp

Filesize
3.9MB

Download
memory/3968-296-0x00007FF6E4930000-0x00007FF6E4D22000-memory.dmp

Filesize
3.9MB

Download
memory/3968-3893-0x00007FF6E4930000-0x00007FF6E4D22000-memory.dmp

Filesize
3.9MB

Download
memory/4216-249-0x00007FF6A35D0000-0x00007FF6A39C2000-memory.dmp

Filesize
3.9MB

Download
memory/4216-3900-0x00007FF6A35D0000-0x00007FF6A39C2000-memory.dmp

Filesize
3.9MB

Download
memory/4324-3885-0x00007FF728600000-0x00007FF7289F2000-memory.dmp

Filesize
3.9MB

Download
memory/4324-1736-0x00007FF728600000-0x00007FF7289F2000-memory.dmp

Filesize
3.9MB

Download
memory/4436-3892-0x00007FF654950000-0x00007FF654D42000-memory.dmp

Filesize
3.9MB

Download
memory/4436-219-0x00007FF654950000-0x00007FF654D42000-memory.dmp

Filesize
3.9MB

Download
memory/4468-3940-0x00007FF703BD0000-0x00007FF703FC2000-memory.dmp

Filesize
3.9MB

Download
memory/4468-1110-0x00007FF703BD0000-0x00007FF703FC2000-memory.dmp

Filesize
3.9MB

Download
memory/4568-3928-0x00007FF6647B0000-0x00007FF664BA2000-memory.dmp

Filesize
3.9MB

Download
memory/4568-1389-0x00007FF6647B0000-0x00007FF664BA2000-memory.dmp

Filesize
3.9MB

Download
memory/4832-1100-0x00007FF735CD0000-0x00007FF7360C2000-memory.dmp

Filesize
3.9MB

Download
memory/4832-4007-0x00007FF735CD0000-0x00007FF7360C2000-memory.dmp

Filesize
3.9MB

Download
memory/4984-3913-0x00007FF645230000-0x00007FF645622000-memory.dmp

Filesize
3.9MB

Download
memory/4984-1041-0x00007FF645230000-0x00007FF645622000-memory.dmp

Filesize
3.9MB

Download
memory/5072-3897-0x00007FF7C44E0000-0x00007FF7C48D2000-memory.dmp

Filesize
3.9MB

Download
memory/5072-299-0x00007FF7C44E0000-0x00007FF7C48D2000-memory.dmp

Filesize
3.9MB

Download