xmrig | 2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232db

Analysis

max time kernel
87s
max time network
88s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29-09-2024 22:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
Size

1.7MB
MD5

e627690283792ce662de9b72182161f0
SHA1

b14224ac44cd02ed409c632f97a8b0c84185f4d0
SHA256

2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232db
SHA512

355a367502a488db559fd7c61f2a98f03c27b52017a699056e61fec9f7e71b38c7f6536c1fdd706362120a46d54eb4204eca988ed06d87d4bbb38f1301dfd5ee
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1V1:NABa

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 46 IoCs

miner

resource	yara_rule
behavioral2/memory/1992-40-0x00007FF6E4100000-0x00007FF6E44F2000-memory.dmp	xmrig
behavioral2/memory/2976-67-0x00007FF7C0FC0000-0x00007FF7C13B2000-memory.dmp	xmrig
behavioral2/memory/3684-140-0x00007FF61C760000-0x00007FF61CB52000-memory.dmp	xmrig
behavioral2/memory/4012-157-0x00007FF6FE360000-0x00007FF6FE752000-memory.dmp	xmrig
behavioral2/memory/4888-161-0x00007FF715520000-0x00007FF715912000-memory.dmp	xmrig
behavioral2/memory/728-331-0x00007FF6244B0000-0x00007FF6248A2000-memory.dmp	xmrig
behavioral2/memory/2444-359-0x00007FF77C8D0000-0x00007FF77CCC2000-memory.dmp	xmrig
behavioral2/memory/4876-665-0x00007FF75EC10000-0x00007FF75F002000-memory.dmp	xmrig
behavioral2/memory/964-864-0x00007FF72CAA0000-0x00007FF72CE92000-memory.dmp	xmrig
behavioral2/memory/1028-620-0x00007FF6348E0000-0x00007FF634CD2000-memory.dmp	xmrig
behavioral2/memory/1336-552-0x00007FF6034B0000-0x00007FF6038A2000-memory.dmp	xmrig
behavioral2/memory/452-431-0x00007FF69A950000-0x00007FF69AD42000-memory.dmp	xmrig
behavioral2/memory/1452-360-0x00007FF7F4B90000-0x00007FF7F4F82000-memory.dmp	xmrig
behavioral2/memory/2152-247-0x00007FF706650000-0x00007FF706A42000-memory.dmp	xmrig
behavioral2/memory/2800-162-0x00007FF790B30000-0x00007FF790F22000-memory.dmp	xmrig
behavioral2/memory/4864-160-0x00007FF646360000-0x00007FF646752000-memory.dmp	xmrig
behavioral2/memory/4764-159-0x00007FF706760000-0x00007FF706B52000-memory.dmp	xmrig
behavioral2/memory/4612-158-0x00007FF6372F0000-0x00007FF6376E2000-memory.dmp	xmrig
behavioral2/memory/2976-2624-0x00007FF7C0FC0000-0x00007FF7C13B2000-memory.dmp	xmrig
behavioral2/memory/2552-2627-0x00007FF667BC0000-0x00007FF667FB2000-memory.dmp	xmrig
behavioral2/memory/4348-2739-0x00007FF730980000-0x00007FF730D72000-memory.dmp	xmrig
behavioral2/memory/3592-2745-0x00007FF69C090000-0x00007FF69C482000-memory.dmp	xmrig
behavioral2/memory/1992-4289-0x00007FF6E4100000-0x00007FF6E44F2000-memory.dmp	xmrig
behavioral2/memory/4604-4291-0x00007FF6C07C0000-0x00007FF6C0BB2000-memory.dmp	xmrig
behavioral2/memory/3684-4293-0x00007FF61C760000-0x00007FF61CB52000-memory.dmp	xmrig
behavioral2/memory/1336-4295-0x00007FF6034B0000-0x00007FF6038A2000-memory.dmp	xmrig
behavioral2/memory/2552-4303-0x00007FF667BC0000-0x00007FF667FB2000-memory.dmp	xmrig
behavioral2/memory/3312-4305-0x00007FF62AE30000-0x00007FF62B222000-memory.dmp	xmrig
behavioral2/memory/1028-4307-0x00007FF6348E0000-0x00007FF634CD2000-memory.dmp	xmrig
behavioral2/memory/4764-4309-0x00007FF706760000-0x00007FF706B52000-memory.dmp	xmrig
behavioral2/memory/4888-4313-0x00007FF715520000-0x00007FF715912000-memory.dmp	xmrig
behavioral2/memory/2800-4315-0x00007FF790B30000-0x00007FF790F22000-memory.dmp	xmrig
behavioral2/memory/4864-4311-0x00007FF646360000-0x00007FF646752000-memory.dmp	xmrig
behavioral2/memory/2976-4302-0x00007FF7C0FC0000-0x00007FF7C13B2000-memory.dmp	xmrig
behavioral2/memory/4012-4299-0x00007FF6FE360000-0x00007FF6FE752000-memory.dmp	xmrig
behavioral2/memory/4612-4298-0x00007FF6372F0000-0x00007FF6376E2000-memory.dmp	xmrig
behavioral2/memory/4876-4330-0x00007FF75EC10000-0x00007FF75F002000-memory.dmp	xmrig
behavioral2/memory/2152-4334-0x00007FF706650000-0x00007FF706A42000-memory.dmp	xmrig
behavioral2/memory/4772-4364-0x00007FF69C120000-0x00007FF69C512000-memory.dmp	xmrig
behavioral2/memory/1452-4354-0x00007FF7F4B90000-0x00007FF7F4F82000-memory.dmp	xmrig
behavioral2/memory/964-4353-0x00007FF72CAA0000-0x00007FF72CE92000-memory.dmp	xmrig
behavioral2/memory/4348-4388-0x00007FF730980000-0x00007FF730D72000-memory.dmp	xmrig
behavioral2/memory/3592-4391-0x00007FF69C090000-0x00007FF69C482000-memory.dmp	xmrig
behavioral2/memory/728-4385-0x00007FF6244B0000-0x00007FF6248A2000-memory.dmp	xmrig
behavioral2/memory/2444-4379-0x00007FF77C8D0000-0x00007FF77CCC2000-memory.dmp	xmrig
behavioral2/memory/452-4378-0x00007FF69A950000-0x00007FF69AD42000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
2752	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
4604	YDwkYna.exe
1992	GNmNayO.exe
2976	XiGQtlX.exe
3312	OFUKlVX.exe
1336	DEMlpdf.exe
2552	gRAbHLO.exe
3684	KSjkWvH.exe
4012	EgdRKwG.exe
4612	micmrEu.exe
1028	rddfSMr.exe
4764	UIohLVo.exe
4864	teVhuCs.exe
4888	wWyAQjz.exe
2800	cPtXAnq.exe
4348	cZYPniE.exe
3592	vVWJCSh.exe
4876	GOrnEMr.exe
2152	HGpYQAC.exe
4772	XJiFasN.exe
728	TpaDDlp.exe
964	xXvzbdp.exe
2444	RvqgICR.exe
1452	HKjrRLG.exe
452	mOMGvuE.exe
4020	PcGIxQs.exe
3136	DsCsNAO.exe
1080	AmgNyFR.exe
3112	LcFiinH.exe
3916	UPBMYYE.exe
2692	CiAuHAj.exe
672	sLuJNgr.exe
4068	pHZuWCz.exe
4076	AHzMkEP.exe
1036	pmEQWvV.exe
1648	VQgRIlH.exe
376	slpPIql.exe
2272	uSFaIcA.exe
4892	duXjaxZ.exe
4552	SZphPuh.exe
3996	ucAlyOA.exe
3208	DJNZAcQ.exe
4964	LjuQCJm.exe
1784	MlUxKXA.exe
5008	ifcSySU.exe
1812	xWEepVb.exe
2744	ommMIFg.exe
3224	PwRAuoS.exe
2764	XKLkZhK.exe
1512	nZKAcCD.exe
3872	mTNKYpx.exe
1448	dUmTEYn.exe
4340	ORJtkuo.exe
4628	EspSodz.exe
3780	qTMPWED.exe
1472	jdCUsCG.exe
4920	zLpgUVB.exe
3272	ZIQNpLl.exe
1624	BddzFSW.exe
4320	irXNBSD.exe
3728	xUfXgnF.exe
1356	HUuykCX.exe
4676	SVgsdEn.exe
3628	KlbCZCE.exe
3696	pIjqXYt.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4668-0-0x00007FF6BB9E0000-0x00007FF6BBDD2000-memory.dmp	upx
behavioral2/files/0x0007000000023487-6.dat	upx
behavioral2/files/0x000700000002348c-31.dat	upx
behavioral2/files/0x000700000002348a-29.dat	upx
behavioral2/files/0x0007000000023486-16.dat	upx
behavioral2/files/0x0007000000023489-27.dat	upx
behavioral2/files/0x0007000000023488-13.dat	upx
behavioral2/memory/4604-20-0x00007FF6C07C0000-0x00007FF6C0BB2000-memory.dmp	upx
behavioral2/files/0x0008000000023482-11.dat	upx
behavioral2/files/0x000700000002348b-30.dat	upx
behavioral2/files/0x0007000000023494-66.dat	upx
behavioral2/memory/1992-40-0x00007FF6E4100000-0x00007FF6E44F2000-memory.dmp	upx
behavioral2/files/0x000700000002348d-32.dat	upx
behavioral2/memory/3312-70-0x00007FF62AE30000-0x00007FF62B222000-memory.dmp	upx
behavioral2/memory/2976-67-0x00007FF7C0FC0000-0x00007FF7C13B2000-memory.dmp	upx
behavioral2/files/0x0007000000023493-65.dat	upx
behavioral2/files/0x0007000000023492-62.dat	upx
behavioral2/files/0x0007000000023491-60.dat	upx
behavioral2/files/0x0007000000023490-58.dat	upx
behavioral2/files/0x000700000002348f-57.dat	upx
behavioral2/files/0x000700000002348e-56.dat	upx
behavioral2/memory/2552-99-0x00007FF667BC0000-0x00007FF667FB2000-memory.dmp	upx
behavioral2/memory/3684-140-0x00007FF61C760000-0x00007FF61CB52000-memory.dmp	upx
behavioral2/memory/4012-157-0x00007FF6FE360000-0x00007FF6FE752000-memory.dmp	upx
behavioral2/memory/4888-161-0x00007FF715520000-0x00007FF715912000-memory.dmp	upx
behavioral2/memory/728-331-0x00007FF6244B0000-0x00007FF6248A2000-memory.dmp	upx
behavioral2/memory/2444-359-0x00007FF77C8D0000-0x00007FF77CCC2000-memory.dmp	upx
behavioral2/memory/4876-665-0x00007FF75EC10000-0x00007FF75F002000-memory.dmp	upx
behavioral2/memory/964-864-0x00007FF72CAA0000-0x00007FF72CE92000-memory.dmp	upx
behavioral2/memory/1028-620-0x00007FF6348E0000-0x00007FF634CD2000-memory.dmp	upx
behavioral2/memory/1336-552-0x00007FF6034B0000-0x00007FF6038A2000-memory.dmp	upx
behavioral2/memory/452-431-0x00007FF69A950000-0x00007FF69AD42000-memory.dmp	upx
behavioral2/memory/1452-360-0x00007FF7F4B90000-0x00007FF7F4F82000-memory.dmp	upx
behavioral2/memory/2152-247-0x00007FF706650000-0x00007FF706A42000-memory.dmp	upx
behavioral2/memory/4772-275-0x00007FF69C120000-0x00007FF69C512000-memory.dmp	upx
behavioral2/files/0x000700000002349c-218.dat	upx
behavioral2/files/0x000700000002349a-212.dat	upx
behavioral2/files/0x000700000002349b-208.dat	upx
behavioral2/files/0x0007000000023499-205.dat	upx
behavioral2/files/0x00070000000234ac-204.dat	upx
behavioral2/files/0x00070000000234ab-203.dat	upx
behavioral2/files/0x00070000000234aa-202.dat	upx
behavioral2/files/0x00070000000234a9-198.dat	upx
behavioral2/files/0x0007000000023498-195.dat	upx
behavioral2/files/0x0007000000023497-193.dat	upx
behavioral2/files/0x00070000000234a8-190.dat	upx
behavioral2/files/0x000700000002349e-189.dat	upx
behavioral2/memory/3592-178-0x00007FF69C090000-0x00007FF69C482000-memory.dmp	upx
behavioral2/memory/4348-163-0x00007FF730980000-0x00007FF730D72000-memory.dmp	upx
behavioral2/memory/2800-162-0x00007FF790B30000-0x00007FF790F22000-memory.dmp	upx
behavioral2/memory/4864-160-0x00007FF646360000-0x00007FF646752000-memory.dmp	upx
behavioral2/memory/4764-159-0x00007FF706760000-0x00007FF706B52000-memory.dmp	upx
behavioral2/memory/4612-158-0x00007FF6372F0000-0x00007FF6376E2000-memory.dmp	upx
behavioral2/files/0x0007000000023496-155.dat	upx
behavioral2/files/0x00070000000234a7-154.dat	upx
behavioral2/files/0x00070000000234a6-153.dat	upx
behavioral2/files/0x00070000000234a5-152.dat	upx
behavioral2/files/0x00070000000234a4-151.dat	upx
behavioral2/files/0x00070000000234a3-150.dat	upx
behavioral2/files/0x00070000000234a2-149.dat	upx
behavioral2/files/0x00070000000234a1-148.dat	upx
behavioral2/files/0x0007000000023495-144.dat	upx
behavioral2/files/0x00070000000234a0-138.dat	upx
behavioral2/files/0x000700000002349f-135.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\vljVzxD.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\pJvOQcC.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\muJyLPz.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\rTjVWOz.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\gkvudkR.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\wCVJgBF.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\yWgDvGq.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\wHynoCG.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\GzFZjvT.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\uXkBxce.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\OcJrDab.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\RTDjxbu.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\OaRKkLZ.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\kzZrmPZ.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\yptJgnD.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\UfGUyMu.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\YBnrimi.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\tVpElKL.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\AMOUkeb.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\ICZnPSl.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\gFlXoBX.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\otPfKbx.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\phaNEnh.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\VspkNdW.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\LUoBolm.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\tASsdvX.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\zcxbLNW.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\FdiveYE.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\xoSGwSv.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\KishbiS.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\XoyQTyX.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\WeYUNKE.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\QZXdwiC.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\UWDLXCv.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\RoQBQXK.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\KVHKuuA.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\mZrMvyR.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\mRheSTN.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\OVPuVif.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\gyJADqJ.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\uXeDPHk.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\zqDlfPb.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\dvUqADA.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\VGIOdGe.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\SYEusgx.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\KakACCb.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\fMGgSix.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\taRaozt.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\SwMmkmt.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\caVwToA.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\FOIlvhd.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\rMSCnsa.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\xSLjVnT.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\sXdJafV.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\zbvsQod.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\SawvnUE.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\QfSMkHy.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\ebVBuMm.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\NEsyAzy.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\NUkrLJK.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\xZvkPrt.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\njNMZEc.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\LFvdIjy.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
File created	C:\Windows\System\deGAOgO.exe	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2752	powershell.exe
2752	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
Token: SeLockMemoryPrivilege	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
Token: SeDebugPrivilege	2752	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4668 wrote to memory of 2752	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	84
PID 4668 wrote to memory of 2752	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	84
PID 4668 wrote to memory of 4604	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	85
PID 4668 wrote to memory of 4604	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	85
PID 4668 wrote to memory of 2976	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	86
PID 4668 wrote to memory of 2976	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	86
PID 4668 wrote to memory of 3312	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	87
PID 4668 wrote to memory of 3312	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	87
PID 4668 wrote to memory of 1992	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	88
PID 4668 wrote to memory of 1992	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	88
PID 4668 wrote to memory of 1336	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	89
PID 4668 wrote to memory of 1336	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	89
PID 4668 wrote to memory of 2552	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	90
PID 4668 wrote to memory of 2552	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	90
PID 4668 wrote to memory of 3684	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	91
PID 4668 wrote to memory of 3684	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	91
PID 4668 wrote to memory of 4012	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	92
PID 4668 wrote to memory of 4012	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	92
PID 4668 wrote to memory of 4612	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	93
PID 4668 wrote to memory of 4612	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	93
PID 4668 wrote to memory of 1028	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	94
PID 4668 wrote to memory of 1028	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	94
PID 4668 wrote to memory of 4764	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	95
PID 4668 wrote to memory of 4764	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	95
PID 4668 wrote to memory of 4864	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	96
PID 4668 wrote to memory of 4864	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	96
PID 4668 wrote to memory of 4888	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	97
PID 4668 wrote to memory of 4888	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	97
PID 4668 wrote to memory of 2800	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	98
PID 4668 wrote to memory of 2800	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	98
PID 4668 wrote to memory of 4348	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	99
PID 4668 wrote to memory of 4348	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	99
PID 4668 wrote to memory of 3592	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	100
PID 4668 wrote to memory of 3592	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	100
PID 4668 wrote to memory of 4876	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	101
PID 4668 wrote to memory of 4876	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	101
PID 4668 wrote to memory of 2152	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	102
PID 4668 wrote to memory of 2152	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	102
PID 4668 wrote to memory of 4772	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	103
PID 4668 wrote to memory of 4772	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	103
PID 4668 wrote to memory of 728	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	104
PID 4668 wrote to memory of 728	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	104
PID 4668 wrote to memory of 964	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	105
PID 4668 wrote to memory of 964	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	105
PID 4668 wrote to memory of 2444	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	106
PID 4668 wrote to memory of 2444	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	106
PID 4668 wrote to memory of 1452	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	107
PID 4668 wrote to memory of 1452	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	107
PID 4668 wrote to memory of 452	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	108
PID 4668 wrote to memory of 452	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	108
PID 4668 wrote to memory of 4020	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	109
PID 4668 wrote to memory of 4020	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	109
PID 4668 wrote to memory of 1648	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	110
PID 4668 wrote to memory of 1648	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	110
PID 4668 wrote to memory of 3136	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	111
PID 4668 wrote to memory of 3136	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	111
PID 4668 wrote to memory of 1080	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	112
PID 4668 wrote to memory of 1080	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	112
PID 4668 wrote to memory of 3112	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	113
PID 4668 wrote to memory of 3112	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	113
PID 4668 wrote to memory of 3916	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	114
PID 4668 wrote to memory of 3916	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	114
PID 4668 wrote to memory of 2692	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	115
PID 4668 wrote to memory of 2692	4668	2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe	115

C:\Users\Admin\AppData\Local\Temp\2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe
"C:\Users\Admin\AppData\Local\Temp\2b3d4af9c813b8d82a01aa884835ee797a552af4fc1ba41536c98e9a73e232dbN.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4668
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2752
- C:\Windows\System\YDwkYna.exe
  C:\Windows\System\YDwkYna.exe
  2⤵
  - Executes dropped EXE
  PID:4604
- C:\Windows\System\XiGQtlX.exe
  C:\Windows\System\XiGQtlX.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\OFUKlVX.exe
  C:\Windows\System\OFUKlVX.exe
  2⤵
  - Executes dropped EXE
  PID:3312
- C:\Windows\System\GNmNayO.exe
  C:\Windows\System\GNmNayO.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\DEMlpdf.exe
  C:\Windows\System\DEMlpdf.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\gRAbHLO.exe
  C:\Windows\System\gRAbHLO.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\KSjkWvH.exe
  C:\Windows\System\KSjkWvH.exe
  2⤵
  - Executes dropped EXE
  PID:3684
- C:\Windows\System\EgdRKwG.exe
  C:\Windows\System\EgdRKwG.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\micmrEu.exe
  C:\Windows\System\micmrEu.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System\rddfSMr.exe
  C:\Windows\System\rddfSMr.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\UIohLVo.exe
  C:\Windows\System\UIohLVo.exe
  2⤵
  - Executes dropped EXE
  PID:4764
- C:\Windows\System\teVhuCs.exe
  C:\Windows\System\teVhuCs.exe
  2⤵
  - Executes dropped EXE
  PID:4864
- C:\Windows\System\wWyAQjz.exe
  C:\Windows\System\wWyAQjz.exe
  2⤵
  - Executes dropped EXE
  PID:4888
- C:\Windows\System\cPtXAnq.exe
  C:\Windows\System\cPtXAnq.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\cZYPniE.exe
  C:\Windows\System\cZYPniE.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\vVWJCSh.exe
  C:\Windows\System\vVWJCSh.exe
  2⤵
  - Executes dropped EXE
  PID:3592
- C:\Windows\System\GOrnEMr.exe
  C:\Windows\System\GOrnEMr.exe
  2⤵
  - Executes dropped EXE
  PID:4876
- C:\Windows\System\HGpYQAC.exe
  C:\Windows\System\HGpYQAC.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\XJiFasN.exe
  C:\Windows\System\XJiFasN.exe
  2⤵
  - Executes dropped EXE
  PID:4772
- C:\Windows\System\TpaDDlp.exe
  C:\Windows\System\TpaDDlp.exe
  2⤵
  - Executes dropped EXE
  PID:728
- C:\Windows\System\xXvzbdp.exe
  C:\Windows\System\xXvzbdp.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\RvqgICR.exe
  C:\Windows\System\RvqgICR.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\HKjrRLG.exe
  C:\Windows\System\HKjrRLG.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\mOMGvuE.exe
  C:\Windows\System\mOMGvuE.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\PcGIxQs.exe
  C:\Windows\System\PcGIxQs.exe
  2⤵
  - Executes dropped EXE
  PID:4020
- C:\Windows\System\VQgRIlH.exe
  C:\Windows\System\VQgRIlH.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\DsCsNAO.exe
  C:\Windows\System\DsCsNAO.exe
  2⤵
  - Executes dropped EXE
  PID:3136
- C:\Windows\System\AmgNyFR.exe
  C:\Windows\System\AmgNyFR.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\LcFiinH.exe
  C:\Windows\System\LcFiinH.exe
  2⤵
  - Executes dropped EXE
  PID:3112
- C:\Windows\System\UPBMYYE.exe
  C:\Windows\System\UPBMYYE.exe
  2⤵
  - Executes dropped EXE
  PID:3916
- C:\Windows\System\CiAuHAj.exe
  C:\Windows\System\CiAuHAj.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\sLuJNgr.exe
  C:\Windows\System\sLuJNgr.exe
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Windows\System\pHZuWCz.exe
  C:\Windows\System\pHZuWCz.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\AHzMkEP.exe
  C:\Windows\System\AHzMkEP.exe
  2⤵
  - Executes dropped EXE
  PID:4076
- C:\Windows\System\pmEQWvV.exe
  C:\Windows\System\pmEQWvV.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\slpPIql.exe
  C:\Windows\System\slpPIql.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\uSFaIcA.exe
  C:\Windows\System\uSFaIcA.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\duXjaxZ.exe
  C:\Windows\System\duXjaxZ.exe
  2⤵
  - Executes dropped EXE
  PID:4892
- C:\Windows\System\SZphPuh.exe
  C:\Windows\System\SZphPuh.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\ucAlyOA.exe
  C:\Windows\System\ucAlyOA.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System\DJNZAcQ.exe
  C:\Windows\System\DJNZAcQ.exe
  2⤵
  - Executes dropped EXE
  PID:3208
- C:\Windows\System\LjuQCJm.exe
  C:\Windows\System\LjuQCJm.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\MlUxKXA.exe
  C:\Windows\System\MlUxKXA.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\ifcSySU.exe
  C:\Windows\System\ifcSySU.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\xWEepVb.exe
  C:\Windows\System\xWEepVb.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\ommMIFg.exe
  C:\Windows\System\ommMIFg.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\PwRAuoS.exe
  C:\Windows\System\PwRAuoS.exe
  2⤵
  - Executes dropped EXE
  PID:3224
- C:\Windows\System\XKLkZhK.exe
  C:\Windows\System\XKLkZhK.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\nZKAcCD.exe
  C:\Windows\System\nZKAcCD.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\mTNKYpx.exe
  C:\Windows\System\mTNKYpx.exe
  2⤵
  - Executes dropped EXE
  PID:3872
- C:\Windows\System\dUmTEYn.exe
  C:\Windows\System\dUmTEYn.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\ORJtkuo.exe
  C:\Windows\System\ORJtkuo.exe
  2⤵
  - Executes dropped EXE
  PID:4340
- C:\Windows\System\EspSodz.exe
  C:\Windows\System\EspSodz.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System\qTMPWED.exe
  C:\Windows\System\qTMPWED.exe
  2⤵
  - Executes dropped EXE
  PID:3780
- C:\Windows\System\jdCUsCG.exe
  C:\Windows\System\jdCUsCG.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\zLpgUVB.exe
  C:\Windows\System\zLpgUVB.exe
  2⤵
  - Executes dropped EXE
  PID:4920
- C:\Windows\System\ZIQNpLl.exe
  C:\Windows\System\ZIQNpLl.exe
  2⤵
  - Executes dropped EXE
  PID:3272
- C:\Windows\System\BddzFSW.exe
  C:\Windows\System\BddzFSW.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\irXNBSD.exe
  C:\Windows\System\irXNBSD.exe
  2⤵
  - Executes dropped EXE
  PID:4320
- C:\Windows\System\xUfXgnF.exe
  C:\Windows\System\xUfXgnF.exe
  2⤵
  - Executes dropped EXE
  PID:3728
- C:\Windows\System\HUuykCX.exe
  C:\Windows\System\HUuykCX.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\SVgsdEn.exe
  C:\Windows\System\SVgsdEn.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System\KlbCZCE.exe
  C:\Windows\System\KlbCZCE.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\pIjqXYt.exe
  C:\Windows\System\pIjqXYt.exe
  2⤵
  - Executes dropped EXE
  PID:3696
- C:\Windows\System\fqdjZKb.exe
  C:\Windows\System\fqdjZKb.exe
  2⤵
  PID:4044
- C:\Windows\System\LqnmKHC.exe
  C:\Windows\System\LqnmKHC.exe
  2⤵
  PID:5112
- C:\Windows\System\hJDZRxK.exe
  C:\Windows\System\hJDZRxK.exe
  2⤵
  PID:3672
- C:\Windows\System\QwTAYTI.exe
  C:\Windows\System\QwTAYTI.exe
  2⤵
  PID:4992
- C:\Windows\System\OAkpESs.exe
  C:\Windows\System\OAkpESs.exe
  2⤵
  PID:3128
- C:\Windows\System\oFBOvhX.exe
  C:\Windows\System\oFBOvhX.exe
  2⤵
  PID:556
- C:\Windows\System\LnxYypb.exe
  C:\Windows\System\LnxYypb.exe
  2⤵
  PID:2928
- C:\Windows\System\MoIFuuX.exe
  C:\Windows\System\MoIFuuX.exe
  2⤵
  PID:2440
- C:\Windows\System\fbjxcCX.exe
  C:\Windows\System\fbjxcCX.exe
  2⤵
  PID:4684
- C:\Windows\System\rAEsBqR.exe
  C:\Windows\System\rAEsBqR.exe
  2⤵
  PID:2844
- C:\Windows\System\pODnjhb.exe
  C:\Windows\System\pODnjhb.exe
  2⤵
  PID:4560
- C:\Windows\System\baqIiOf.exe
  C:\Windows\System\baqIiOf.exe
  2⤵
  PID:936
- C:\Windows\System\ArNKKmD.exe
  C:\Windows\System\ArNKKmD.exe
  2⤵
  PID:2360
- C:\Windows\System\lskVYSB.exe
  C:\Windows\System\lskVYSB.exe
  2⤵
  PID:2156
- C:\Windows\System\qpSiCBV.exe
  C:\Windows\System\qpSiCBV.exe
  2⤵
  PID:2960
- C:\Windows\System\HGrWtiY.exe
  C:\Windows\System\HGrWtiY.exe
  2⤵
  PID:2868
- C:\Windows\System\omrnIZZ.exe
  C:\Windows\System\omrnIZZ.exe
  2⤵
  PID:3652
- C:\Windows\System\StqEwLe.exe
  C:\Windows\System\StqEwLe.exe
  2⤵
  PID:2184
- C:\Windows\System\zqDlfPb.exe
  C:\Windows\System\zqDlfPb.exe
  2⤵
  PID:3000
- C:\Windows\System\pOFdabp.exe
  C:\Windows\System\pOFdabp.exe
  2⤵
  PID:5084
- C:\Windows\System\KYjIMqJ.exe
  C:\Windows\System\KYjIMqJ.exe
  2⤵
  PID:4800
- C:\Windows\System\rLfPYGy.exe
  C:\Windows\System\rLfPYGy.exe
  2⤵
  PID:4148
- C:\Windows\System\hANBSor.exe
  C:\Windows\System\hANBSor.exe
  2⤵
  PID:1304
- C:\Windows\System\JISVctN.exe
  C:\Windows\System\JISVctN.exe
  2⤵
  PID:4584
- C:\Windows\System\bCmIquy.exe
  C:\Windows\System\bCmIquy.exe
  2⤵
  PID:3048
- C:\Windows\System\ZHFmAqf.exe
  C:\Windows\System\ZHFmAqf.exe
  2⤵
  PID:5128
- C:\Windows\System\QOTheCU.exe
  C:\Windows\System\QOTheCU.exe
  2⤵
  PID:5152
- C:\Windows\System\BTOJKoZ.exe
  C:\Windows\System\BTOJKoZ.exe
  2⤵
  PID:5172
- C:\Windows\System\uEtSrrQ.exe
  C:\Windows\System\uEtSrrQ.exe
  2⤵
  PID:5188
- C:\Windows\System\dhFHIPM.exe
  C:\Windows\System\dhFHIPM.exe
  2⤵
  PID:5212
- C:\Windows\System\XOBZNGo.exe
  C:\Windows\System\XOBZNGo.exe
  2⤵
  PID:5228
- C:\Windows\System\ShSgSjS.exe
  C:\Windows\System\ShSgSjS.exe
  2⤵
  PID:5252
- C:\Windows\System\rsHEOgf.exe
  C:\Windows\System\rsHEOgf.exe
  2⤵
  PID:5272
- C:\Windows\System\sPiGiCd.exe
  C:\Windows\System\sPiGiCd.exe
  2⤵
  PID:5296
- C:\Windows\System\UBGTQzD.exe
  C:\Windows\System\UBGTQzD.exe
  2⤵
  PID:5316
- C:\Windows\System\hiYpiKK.exe
  C:\Windows\System\hiYpiKK.exe
  2⤵
  PID:5340
- C:\Windows\System\fGaUmHT.exe
  C:\Windows\System\fGaUmHT.exe
  2⤵
  PID:5364
- C:\Windows\System\EMawziN.exe
  C:\Windows\System\EMawziN.exe
  2⤵
  PID:5384
- C:\Windows\System\FeCKqhS.exe
  C:\Windows\System\FeCKqhS.exe
  2⤵
  PID:5408
- C:\Windows\System\efNhkgs.exe
  C:\Windows\System\efNhkgs.exe
  2⤵
  PID:5432
- C:\Windows\System\heIdvnt.exe
  C:\Windows\System\heIdvnt.exe
  2⤵
  PID:5452
- C:\Windows\System\KnfOEVK.exe
  C:\Windows\System\KnfOEVK.exe
  2⤵
  PID:5468
- C:\Windows\System\rwotuxV.exe
  C:\Windows\System\rwotuxV.exe
  2⤵
  PID:5484
- C:\Windows\System\MnOZkKg.exe
  C:\Windows\System\MnOZkKg.exe
  2⤵
  PID:5508
- C:\Windows\System\liWPAIr.exe
  C:\Windows\System\liWPAIr.exe
  2⤵
  PID:5564
- C:\Windows\System\qmVaWaM.exe
  C:\Windows\System\qmVaWaM.exe
  2⤵
  PID:5636
- C:\Windows\System\ADctKmR.exe
  C:\Windows\System\ADctKmR.exe
  2⤵
  PID:5656
- C:\Windows\System\OboyXHj.exe
  C:\Windows\System\OboyXHj.exe
  2⤵
  PID:5724
- C:\Windows\System\QXlyUTA.exe
  C:\Windows\System\QXlyUTA.exe
  2⤵
  PID:5748
- C:\Windows\System\BFFmxsQ.exe
  C:\Windows\System\BFFmxsQ.exe
  2⤵
  PID:5764
- C:\Windows\System\tviXXgR.exe
  C:\Windows\System\tviXXgR.exe
  2⤵
  PID:5792
- C:\Windows\System\UEKWsTb.exe
  C:\Windows\System\UEKWsTb.exe
  2⤵
  PID:5808
- C:\Windows\System\fmdtYgB.exe
  C:\Windows\System\fmdtYgB.exe
  2⤵
  PID:5828
- C:\Windows\System\EtjBOPX.exe
  C:\Windows\System\EtjBOPX.exe
  2⤵
  PID:5852
- C:\Windows\System\NegeXdw.exe
  C:\Windows\System\NegeXdw.exe
  2⤵
  PID:5868
- C:\Windows\System\mwbrqYq.exe
  C:\Windows\System\mwbrqYq.exe
  2⤵
  PID:5892
- C:\Windows\System\juraIZU.exe
  C:\Windows\System\juraIZU.exe
  2⤵
  PID:5916
- C:\Windows\System\HVzhExE.exe
  C:\Windows\System\HVzhExE.exe
  2⤵
  PID:5932
- C:\Windows\System\xqcwFuW.exe
  C:\Windows\System\xqcwFuW.exe
  2⤵
  PID:5960
- C:\Windows\System\rhhETEN.exe
  C:\Windows\System\rhhETEN.exe
  2⤵
  PID:5980
- C:\Windows\System\uTdOXTw.exe
  C:\Windows\System\uTdOXTw.exe
  2⤵
  PID:6000
- C:\Windows\System\MvIkwMU.exe
  C:\Windows\System\MvIkwMU.exe
  2⤵
  PID:6016
- C:\Windows\System\NPfzDvE.exe
  C:\Windows\System\NPfzDvE.exe
  2⤵
  PID:6036
- C:\Windows\System\dLYCPWG.exe
  C:\Windows\System\dLYCPWG.exe
  2⤵
  PID:6052
- C:\Windows\System\BSxkCHP.exe
  C:\Windows\System\BSxkCHP.exe
  2⤵
  PID:6068
- C:\Windows\System\jdJvhpV.exe
  C:\Windows\System\jdJvhpV.exe
  2⤵
  PID:6084
- C:\Windows\System\ZfUcoRU.exe
  C:\Windows\System\ZfUcoRU.exe
  2⤵
  PID:6100
- C:\Windows\System\kHcBLWv.exe
  C:\Windows\System\kHcBLWv.exe
  2⤵
  PID:6116
- C:\Windows\System\WFCYxns.exe
  C:\Windows\System\WFCYxns.exe
  2⤵
  PID:6132
- C:\Windows\System\atOGlYS.exe
  C:\Windows\System\atOGlYS.exe
  2⤵
  PID:1108
- C:\Windows\System\XfmSEBk.exe
  C:\Windows\System\XfmSEBk.exe
  2⤵
  PID:3064
- C:\Windows\System\oVYZGIr.exe
  C:\Windows\System\oVYZGIr.exe
  2⤵
  PID:2020
- C:\Windows\System\XUGBFSt.exe
  C:\Windows\System\XUGBFSt.exe
  2⤵
  PID:3712
- C:\Windows\System\UlBXDxn.exe
  C:\Windows\System\UlBXDxn.exe
  2⤵
  PID:1760
- C:\Windows\System\ynIUyES.exe
  C:\Windows\System\ynIUyES.exe
  2⤵
  PID:4212
- C:\Windows\System\yCrVHEj.exe
  C:\Windows\System\yCrVHEj.exe
  2⤵
  PID:3536
- C:\Windows\System\tyHeGeT.exe
  C:\Windows\System\tyHeGeT.exe
  2⤵
  PID:4940
- C:\Windows\System\VZPAcky.exe
  C:\Windows\System\VZPAcky.exe
  2⤵
  PID:2496
- C:\Windows\System\yZcZFmn.exe
  C:\Windows\System\yZcZFmn.exe
  2⤵
  PID:4116
- C:\Windows\System\nwaqGFn.exe
  C:\Windows\System\nwaqGFn.exe
  2⤵
  PID:836
- C:\Windows\System\UVLvAFt.exe
  C:\Windows\System\UVLvAFt.exe
  2⤵
  PID:1560
- C:\Windows\System\xNNkLLF.exe
  C:\Windows\System\xNNkLLF.exe
  2⤵
  PID:4536
- C:\Windows\System\IAulYeg.exe
  C:\Windows\System\IAulYeg.exe
  2⤵
  PID:4896
- C:\Windows\System\mvzwmXv.exe
  C:\Windows\System\mvzwmXv.exe
  2⤵
  PID:1492
- C:\Windows\System\gTURMnR.exe
  C:\Windows\System\gTURMnR.exe
  2⤵
  PID:232
- C:\Windows\System\sHcDooB.exe
  C:\Windows\System\sHcDooB.exe
  2⤵
  PID:5392
- C:\Windows\System\gZjsYUm.exe
  C:\Windows\System\gZjsYUm.exe
  2⤵
  PID:372
- C:\Windows\System\RNfDfQC.exe
  C:\Windows\System\RNfDfQC.exe
  2⤵
  PID:5736
- C:\Windows\System\rdaKgxB.exe
  C:\Windows\System\rdaKgxB.exe
  2⤵
  PID:6168
- C:\Windows\System\ioMRqmX.exe
  C:\Windows\System\ioMRqmX.exe
  2⤵
  PID:6188
- C:\Windows\System\OOyudMZ.exe
  C:\Windows\System\OOyudMZ.exe
  2⤵
  PID:6208
- C:\Windows\System\YokHjmy.exe
  C:\Windows\System\YokHjmy.exe
  2⤵
  PID:6228
- C:\Windows\System\WZHCnMp.exe
  C:\Windows\System\WZHCnMp.exe
  2⤵
  PID:6260
- C:\Windows\System\wbFfhwe.exe
  C:\Windows\System\wbFfhwe.exe
  2⤵
  PID:6288
- C:\Windows\System\lTzBwur.exe
  C:\Windows\System\lTzBwur.exe
  2⤵
  PID:6308
- C:\Windows\System\ZJUSmrR.exe
  C:\Windows\System\ZJUSmrR.exe
  2⤵
  PID:6324
- C:\Windows\System\smBHIgx.exe
  C:\Windows\System\smBHIgx.exe
  2⤵
  PID:6348
- C:\Windows\System\RovOmpE.exe
  C:\Windows\System\RovOmpE.exe
  2⤵
  PID:6364
- C:\Windows\System\YOOeQfh.exe
  C:\Windows\System\YOOeQfh.exe
  2⤵
  PID:6384
- C:\Windows\System\ZnChukw.exe
  C:\Windows\System\ZnChukw.exe
  2⤵
  PID:6412
- C:\Windows\System\dtgcSGV.exe
  C:\Windows\System\dtgcSGV.exe
  2⤵
  PID:6428
- C:\Windows\System\iOprFpG.exe
  C:\Windows\System\iOprFpG.exe
  2⤵
  PID:6448
- C:\Windows\System\iyTsyqV.exe
  C:\Windows\System\iyTsyqV.exe
  2⤵
  PID:6468
- C:\Windows\System\PkUgUOr.exe
  C:\Windows\System\PkUgUOr.exe
  2⤵
  PID:6492
- C:\Windows\System\ezPavMh.exe
  C:\Windows\System\ezPavMh.exe
  2⤵
  PID:6512
- C:\Windows\System\ZSxkZOl.exe
  C:\Windows\System\ZSxkZOl.exe
  2⤵
  PID:6528
- C:\Windows\System\OuCsUPS.exe
  C:\Windows\System\OuCsUPS.exe
  2⤵
  PID:6552
- C:\Windows\System\RzDKLJx.exe
  C:\Windows\System\RzDKLJx.exe
  2⤵
  PID:6576
- C:\Windows\System\qMyHSIX.exe
  C:\Windows\System\qMyHSIX.exe
  2⤵
  PID:6592
- C:\Windows\System\LbAulQt.exe
  C:\Windows\System\LbAulQt.exe
  2⤵
  PID:6616
- C:\Windows\System\jVYHayD.exe
  C:\Windows\System\jVYHayD.exe
  2⤵
  PID:6632
- C:\Windows\System\gvggkhX.exe
  C:\Windows\System\gvggkhX.exe
  2⤵
  PID:6656
- C:\Windows\System\AAquoaz.exe
  C:\Windows\System\AAquoaz.exe
  2⤵
  PID:6680
- C:\Windows\System\JtOJNbg.exe
  C:\Windows\System\JtOJNbg.exe
  2⤵
  PID:6696
- C:\Windows\System\GBYyFvN.exe
  C:\Windows\System\GBYyFvN.exe
  2⤵
  PID:6720
- C:\Windows\System\YfKrcuE.exe
  C:\Windows\System\YfKrcuE.exe
  2⤵
  PID:6736
- C:\Windows\System\LazcobX.exe
  C:\Windows\System\LazcobX.exe
  2⤵
  PID:6752
- C:\Windows\System\MvirHAd.exe
  C:\Windows\System\MvirHAd.exe
  2⤵
  PID:6776
- C:\Windows\System\uomWLic.exe
  C:\Windows\System\uomWLic.exe
  2⤵
  PID:6796
- C:\Windows\System\qDCxiHq.exe
  C:\Windows\System\qDCxiHq.exe
  2⤵
  PID:6812
- C:\Windows\System\EdvwsCR.exe
  C:\Windows\System\EdvwsCR.exe
  2⤵
  PID:6844
- C:\Windows\System\aHPmiPB.exe
  C:\Windows\System\aHPmiPB.exe
  2⤵
  PID:6860
- C:\Windows\System\JvITgSA.exe
  C:\Windows\System\JvITgSA.exe
  2⤵
  PID:6880
- C:\Windows\System\QCTmWuj.exe
  C:\Windows\System\QCTmWuj.exe
  2⤵
  PID:6900
- C:\Windows\System\CcudcfI.exe
  C:\Windows\System\CcudcfI.exe
  2⤵
  PID:6920
- C:\Windows\System\FVwlPKX.exe
  C:\Windows\System\FVwlPKX.exe
  2⤵
  PID:6936
- C:\Windows\System\vtiuyua.exe
  C:\Windows\System\vtiuyua.exe
  2⤵
  PID:6960
- C:\Windows\System\ewbGPja.exe
  C:\Windows\System\ewbGPja.exe
  2⤵
  PID:6980
- C:\Windows\System\ddVxcWU.exe
  C:\Windows\System\ddVxcWU.exe
  2⤵
  PID:7004
- C:\Windows\System\kVFzWQb.exe
  C:\Windows\System\kVFzWQb.exe
  2⤵
  PID:7028
- C:\Windows\System\ZvGBiRS.exe
  C:\Windows\System\ZvGBiRS.exe
  2⤵
  PID:7060
- C:\Windows\System\DOMvegU.exe
  C:\Windows\System\DOMvegU.exe
  2⤵
  PID:7080
- C:\Windows\System\uJletYU.exe
  C:\Windows\System\uJletYU.exe
  2⤵
  PID:7104
- C:\Windows\System\wdnHPam.exe
  C:\Windows\System\wdnHPam.exe
  2⤵
  PID:7128
- C:\Windows\System\SMqdOMA.exe
  C:\Windows\System\SMqdOMA.exe
  2⤵
  PID:7148
- C:\Windows\System\mBpHvii.exe
  C:\Windows\System\mBpHvii.exe
  2⤵
  PID:5848
- C:\Windows\System\RyobrMx.exe
  C:\Windows\System\RyobrMx.exe
  2⤵
  PID:5888
- C:\Windows\System\BxAznoF.exe
  C:\Windows\System\BxAznoF.exe
  2⤵
  PID:6032
- C:\Windows\System\odXMQUx.exe
  C:\Windows\System\odXMQUx.exe
  2⤵
  PID:1332
- C:\Windows\System\deEiEAl.exe
  C:\Windows\System\deEiEAl.exe
  2⤵
  PID:4596
- C:\Windows\System\OjduZVD.exe
  C:\Windows\System\OjduZVD.exe
  2⤵
  PID:32
- C:\Windows\System\nOdomTE.exe
  C:\Windows\System\nOdomTE.exe
  2⤵
  PID:5180
- C:\Windows\System\UWtCKqk.exe
  C:\Windows\System\UWtCKqk.exe
  2⤵
  PID:5208
- C:\Windows\System\AcmJypB.exe
  C:\Windows\System\AcmJypB.exe
  2⤵
  PID:5264
- C:\Windows\System\zpmtdWO.exe
  C:\Windows\System\zpmtdWO.exe
  2⤵
  PID:5308
- C:\Windows\System\xJFHweY.exe
  C:\Windows\System\xJFHweY.exe
  2⤵
  PID:5352
- C:\Windows\System\hJrLnxx.exe
  C:\Windows\System\hJrLnxx.exe
  2⤵
  PID:4776
- C:\Windows\System\SAmcSFL.exe
  C:\Windows\System\SAmcSFL.exe
  2⤵
  PID:5444
- C:\Windows\System\OAnhnER.exe
  C:\Windows\System\OAnhnER.exe
  2⤵
  PID:5500
- C:\Windows\System\UARZtkW.exe
  C:\Windows\System\UARZtkW.exe
  2⤵
  PID:5560
- C:\Windows\System\ynowySv.exe
  C:\Windows\System\ynowySv.exe
  2⤵
  PID:5572
- C:\Windows\System\NrFQoby.exe
  C:\Windows\System\NrFQoby.exe
  2⤵
  PID:3736
- C:\Windows\System\FjhtmTT.exe
  C:\Windows\System\FjhtmTT.exe
  2⤵
  PID:6420
- C:\Windows\System\MLUUDXy.exe
  C:\Windows\System\MLUUDXy.exe
  2⤵
  PID:6460
- C:\Windows\System\AEOynGl.exe
  C:\Windows\System\AEOynGl.exe
  2⤵
  PID:6648
- C:\Windows\System\adiKUxp.exe
  C:\Windows\System\adiKUxp.exe
  2⤵
  PID:7172
- C:\Windows\System\yhmNyVO.exe
  C:\Windows\System\yhmNyVO.exe
  2⤵
  PID:7188
- C:\Windows\System\uZtdWkC.exe
  C:\Windows\System\uZtdWkC.exe
  2⤵
  PID:7208
- C:\Windows\System\nDAibsk.exe
  C:\Windows\System\nDAibsk.exe
  2⤵
  PID:7256
- C:\Windows\System\gHYbxrX.exe
  C:\Windows\System\gHYbxrX.exe
  2⤵
  PID:7272
- C:\Windows\System\EQLbumt.exe
  C:\Windows\System\EQLbumt.exe
  2⤵
  PID:7288
- C:\Windows\System\qAOBhHW.exe
  C:\Windows\System\qAOBhHW.exe
  2⤵
  PID:7312
- C:\Windows\System\shjfOXD.exe
  C:\Windows\System\shjfOXD.exe
  2⤵
  PID:7328
- C:\Windows\System\rsBtpRg.exe
  C:\Windows\System\rsBtpRg.exe
  2⤵
  PID:7352
- C:\Windows\System\cqwMdpe.exe
  C:\Windows\System\cqwMdpe.exe
  2⤵
  PID:7376
- C:\Windows\System\jksfrJN.exe
  C:\Windows\System\jksfrJN.exe
  2⤵
  PID:7404
- C:\Windows\System\ebnwDiN.exe
  C:\Windows\System\ebnwDiN.exe
  2⤵
  PID:7420
- C:\Windows\System\MLEansr.exe
  C:\Windows\System\MLEansr.exe
  2⤵
  PID:7464
- C:\Windows\System\mhNgjrp.exe
  C:\Windows\System\mhNgjrp.exe
  2⤵
  PID:7528
- C:\Windows\System\MeQkcuB.exe
  C:\Windows\System\MeQkcuB.exe
  2⤵
  PID:7548
- C:\Windows\System\jiKZxlC.exe
  C:\Windows\System\jiKZxlC.exe
  2⤵
  PID:7568
- C:\Windows\System\NfvkiGX.exe
  C:\Windows\System\NfvkiGX.exe
  2⤵
  PID:7584
- C:\Windows\System\TMEzSva.exe
  C:\Windows\System\TMEzSva.exe
  2⤵
  PID:7608
- C:\Windows\System\isKWhhA.exe
  C:\Windows\System\isKWhhA.exe
  2⤵
  PID:7632
- C:\Windows\System\Jnfqmhy.exe
  C:\Windows\System\Jnfqmhy.exe
  2⤵
  PID:7648
- C:\Windows\System\MABtvqP.exe
  C:\Windows\System\MABtvqP.exe
  2⤵
  PID:7672
- C:\Windows\System\aCUKFuH.exe
  C:\Windows\System\aCUKFuH.exe
  2⤵
  PID:7688
- C:\Windows\System\JrtwUzz.exe
  C:\Windows\System\JrtwUzz.exe
  2⤵
  PID:7712
- C:\Windows\System\sMjwROy.exe
  C:\Windows\System\sMjwROy.exe
  2⤵
  PID:7736
- C:\Windows\System\XSKiVvK.exe
  C:\Windows\System\XSKiVvK.exe
  2⤵
  PID:7752
- C:\Windows\System\EdfBdCc.exe
  C:\Windows\System\EdfBdCc.exe
  2⤵
  PID:7776
- C:\Windows\System\flBDIgE.exe
  C:\Windows\System\flBDIgE.exe
  2⤵
  PID:7800
- C:\Windows\System\qmreMFm.exe
  C:\Windows\System\qmreMFm.exe
  2⤵
  PID:7876
- C:\Windows\System\zlDitmm.exe
  C:\Windows\System\zlDitmm.exe
  2⤵
  PID:7896
- C:\Windows\System\ffuYhZn.exe
  C:\Windows\System\ffuYhZn.exe
  2⤵
  PID:7920
- C:\Windows\System\GHYXWKq.exe
  C:\Windows\System\GHYXWKq.exe
  2⤵
  PID:7936
- C:\Windows\System\KXVNyWL.exe
  C:\Windows\System\KXVNyWL.exe
  2⤵
  PID:7960
- C:\Windows\System\DgVVBzH.exe
  C:\Windows\System\DgVVBzH.exe
  2⤵
  PID:7976
- C:\Windows\System\WaUsYkt.exe
  C:\Windows\System\WaUsYkt.exe
  2⤵
  PID:7992
- C:\Windows\System\IrTDDuj.exe
  C:\Windows\System\IrTDDuj.exe
  2⤵
  PID:8016
- C:\Windows\System\ootJGvh.exe
  C:\Windows\System\ootJGvh.exe
  2⤵
  PID:8036
- C:\Windows\System\rDnAxxa.exe
  C:\Windows\System\rDnAxxa.exe
  2⤵
  PID:8056
- C:\Windows\System\IxgEiIK.exe
  C:\Windows\System\IxgEiIK.exe
  2⤵
  PID:8080
- C:\Windows\System\awOqTeh.exe
  C:\Windows\System\awOqTeh.exe
  2⤵
  PID:8100
- C:\Windows\System\xdqaOlQ.exe
  C:\Windows\System\xdqaOlQ.exe
  2⤵
  PID:8120
- C:\Windows\System\gpcOmfj.exe
  C:\Windows\System\gpcOmfj.exe
  2⤵
  PID:8148
- C:\Windows\System\nPyDvJA.exe
  C:\Windows\System\nPyDvJA.exe
  2⤵
  PID:8164
- C:\Windows\System\rKcuBGM.exe
  C:\Windows\System\rKcuBGM.exe
  2⤵
  PID:8188
- C:\Windows\System\XYGFQEd.exe
  C:\Windows\System\XYGFQEd.exe
  2⤵
  PID:5704
- C:\Windows\System\rDZlwkF.exe
  C:\Windows\System\rDZlwkF.exe
  2⤵
  PID:5788
- C:\Windows\System\WryZKka.exe
  C:\Windows\System\WryZKka.exe
  2⤵
  PID:5824
- C:\Windows\System\fnttqmW.exe
  C:\Windows\System\fnttqmW.exe
  2⤵
  PID:5912
- C:\Windows\System\DaLEYoL.exe
  C:\Windows\System\DaLEYoL.exe
  2⤵
  PID:5976
- C:\Windows\System\mGUNmmc.exe
  C:\Windows\System\mGUNmmc.exe
  2⤵
  PID:6012
- C:\Windows\System\TqCtHZe.exe
  C:\Windows\System\TqCtHZe.exe
  2⤵
  PID:6520
- C:\Windows\System\AzzBjNI.exe
  C:\Windows\System\AzzBjNI.exe
  2⤵
  PID:6064
- C:\Windows\System\OOWgXvu.exe
  C:\Windows\System\OOWgXvu.exe
  2⤵
  PID:6112
- C:\Windows\System\izsXUJr.exe
  C:\Windows\System\izsXUJr.exe
  2⤵
  PID:1088
- C:\Windows\System\ZBSoKal.exe
  C:\Windows\System\ZBSoKal.exe
  2⤵
  PID:2028
- C:\Windows\System\KuXIIOX.exe
  C:\Windows\System\KuXIIOX.exe
  2⤵
  PID:7224
- C:\Windows\System\rAxhVlJ.exe
  C:\Windows\System\rAxhVlJ.exe
  2⤵
  PID:3268
- C:\Windows\System\whUarZg.exe
  C:\Windows\System\whUarZg.exe
  2⤵
  PID:2112
- C:\Windows\System\VfzAkRc.exe
  C:\Windows\System\VfzAkRc.exe
  2⤵
  PID:1076
- C:\Windows\System\CwFjfzg.exe
  C:\Windows\System\CwFjfzg.exe
  2⤵
  PID:6160
- C:\Windows\System\PhFBdSx.exe
  C:\Windows\System\PhFBdSx.exe
  2⤵
  PID:6224
- C:\Windows\System\ekhRgqe.exe
  C:\Windows\System\ekhRgqe.exe
  2⤵
  PID:6252
- C:\Windows\System\CdottLq.exe
  C:\Windows\System\CdottLq.exe
  2⤵
  PID:6356
- C:\Windows\System\qESKCkV.exe
  C:\Windows\System\qESKCkV.exe
  2⤵
  PID:6380
- C:\Windows\System\HkwycUB.exe
  C:\Windows\System\HkwycUB.exe
  2⤵
  PID:6500
- C:\Windows\System\HjXtiLq.exe
  C:\Windows\System\HjXtiLq.exe
  2⤵
  PID:6560
- C:\Windows\System\nbfyjNu.exe
  C:\Windows\System\nbfyjNu.exe
  2⤵
  PID:8196
- C:\Windows\System\CPoLMNz.exe
  C:\Windows\System\CPoLMNz.exe
  2⤵
  PID:8220
- C:\Windows\System\XgxAjwC.exe
  C:\Windows\System\XgxAjwC.exe
  2⤵
  PID:8236
- C:\Windows\System\UzhLSXU.exe
  C:\Windows\System\UzhLSXU.exe
  2⤵
  PID:8260
- C:\Windows\System\aJAIRHX.exe
  C:\Windows\System\aJAIRHX.exe
  2⤵
  PID:8284
- C:\Windows\System\AGCQjyI.exe
  C:\Windows\System\AGCQjyI.exe
  2⤵
  PID:8300
- C:\Windows\System\VPVLQcA.exe
  C:\Windows\System\VPVLQcA.exe
  2⤵
  PID:8324
- C:\Windows\System\jtDrlHC.exe
  C:\Windows\System\jtDrlHC.exe
  2⤵
  PID:8348
- C:\Windows\System\vlGnXwE.exe
  C:\Windows\System\vlGnXwE.exe
  2⤵
  PID:8364
- C:\Windows\System\eOKwykK.exe
  C:\Windows\System\eOKwykK.exe
  2⤵
  PID:8384
- C:\Windows\System\FwngQnv.exe
  C:\Windows\System\FwngQnv.exe
  2⤵
  PID:8404
- C:\Windows\System\bkuTBqG.exe
  C:\Windows\System\bkuTBqG.exe
  2⤵
  PID:8424
- C:\Windows\System\ESTnwkk.exe
  C:\Windows\System\ESTnwkk.exe
  2⤵
  PID:8448
- C:\Windows\System\VNtUrDE.exe
  C:\Windows\System\VNtUrDE.exe
  2⤵
  PID:8464
- C:\Windows\System\YLrLQHy.exe
  C:\Windows\System\YLrLQHy.exe
  2⤵
  PID:8488
- C:\Windows\System\nQjTTRf.exe
  C:\Windows\System\nQjTTRf.exe
  2⤵
  PID:8512
- C:\Windows\System\VOPJxLp.exe
  C:\Windows\System\VOPJxLp.exe
  2⤵
  PID:8536
- C:\Windows\System\gCkMREF.exe
  C:\Windows\System\gCkMREF.exe
  2⤵
  PID:8560
- C:\Windows\System\yOKDQZj.exe
  C:\Windows\System\yOKDQZj.exe
  2⤵
  PID:8576
- C:\Windows\System\gAnsxUr.exe
  C:\Windows\System\gAnsxUr.exe
  2⤵
  PID:8592
- C:\Windows\System\bUhwfxB.exe
  C:\Windows\System\bUhwfxB.exe
  2⤵
  PID:8612
- C:\Windows\System\vQadRDh.exe
  C:\Windows\System\vQadRDh.exe
  2⤵
  PID:8632
- C:\Windows\System\WmQVhhK.exe
  C:\Windows\System\WmQVhhK.exe
  2⤵
  PID:8648
- C:\Windows\System\AtKiKia.exe
  C:\Windows\System\AtKiKia.exe
  2⤵
  PID:8668
- C:\Windows\System\dVUiaRG.exe
  C:\Windows\System\dVUiaRG.exe
  2⤵
  PID:8684
- C:\Windows\System\FMvdmtW.exe
  C:\Windows\System\FMvdmtW.exe
  2⤵
  PID:8704
- C:\Windows\System\IIAMJiF.exe
  C:\Windows\System\IIAMJiF.exe
  2⤵
  PID:8720
- C:\Windows\System\ccyeGNO.exe
  C:\Windows\System\ccyeGNO.exe
  2⤵
  PID:8744
- C:\Windows\System\xGxQGmH.exe
  C:\Windows\System\xGxQGmH.exe
  2⤵
  PID:8764
- C:\Windows\System\LGOqVtv.exe
  C:\Windows\System\LGOqVtv.exe
  2⤵
  PID:8784
- C:\Windows\System\rIPWqip.exe
  C:\Windows\System\rIPWqip.exe
  2⤵
  PID:8808
- C:\Windows\System\BpeWuFN.exe
  C:\Windows\System\BpeWuFN.exe
  2⤵
  PID:8832
- C:\Windows\System\ILgtuFR.exe
  C:\Windows\System\ILgtuFR.exe
  2⤵
  PID:8852
- C:\Windows\System\ypySzpJ.exe
  C:\Windows\System\ypySzpJ.exe
  2⤵
  PID:8872
- C:\Windows\System\vXoSbmG.exe
  C:\Windows\System\vXoSbmG.exe
  2⤵
  PID:8896
- C:\Windows\System\NYFmBnK.exe
  C:\Windows\System\NYFmBnK.exe
  2⤵
  PID:8920
- C:\Windows\System\mxrkdji.exe
  C:\Windows\System\mxrkdji.exe
  2⤵
  PID:8944
- C:\Windows\System\QNVIaBm.exe
  C:\Windows\System\QNVIaBm.exe
  2⤵
  PID:8960
- C:\Windows\System\XuoOoud.exe
  C:\Windows\System\XuoOoud.exe
  2⤵
  PID:8988
- C:\Windows\System\owwfPBk.exe
  C:\Windows\System\owwfPBk.exe
  2⤵
  PID:9004
- C:\Windows\System\hTJoJGv.exe
  C:\Windows\System\hTJoJGv.exe
  2⤵
  PID:9024
- C:\Windows\System\SWQJEsf.exe
  C:\Windows\System\SWQJEsf.exe
  2⤵
  PID:9048
- C:\Windows\System\vVGyoHr.exe
  C:\Windows\System\vVGyoHr.exe
  2⤵
  PID:9068
- C:\Windows\System\CIWerCg.exe
  C:\Windows\System\CIWerCg.exe
  2⤵
  PID:9088
- C:\Windows\System\uVUldjh.exe
  C:\Windows\System\uVUldjh.exe
  2⤵
  PID:9112
- C:\Windows\System\KGbWDhW.exe
  C:\Windows\System\KGbWDhW.exe
  2⤵
  PID:9204
- C:\Windows\System\SZtiahl.exe
  C:\Windows\System\SZtiahl.exe
  2⤵
  PID:6612
- C:\Windows\System\mPAAEaN.exe
  C:\Windows\System\mPAAEaN.exe
  2⤵
  PID:6700
- C:\Windows\System\OMQvDll.exe
  C:\Windows\System\OMQvDll.exe
  2⤵
  PID:7432
- C:\Windows\System\PABLWdS.exe
  C:\Windows\System\PABLWdS.exe
  2⤵
  PID:6808
- C:\Windows\System\iHWLMjB.exe
  C:\Windows\System\iHWLMjB.exe
  2⤵
  PID:6868
- C:\Windows\System\kwfJSBI.exe
  C:\Windows\System\kwfJSBI.exe
  2⤵
  PID:6912
- C:\Windows\System\xckoZwe.exe
  C:\Windows\System\xckoZwe.exe
  2⤵
  PID:6956
- C:\Windows\System\bJHNrhl.exe
  C:\Windows\System\bJHNrhl.exe
  2⤵
  PID:7048
- C:\Windows\System\xYhBxAN.exe
  C:\Windows\System\xYhBxAN.exe
  2⤵
  PID:7096
- C:\Windows\System\FSFcdDz.exe
  C:\Windows\System\FSFcdDz.exe
  2⤵
  PID:7140
- C:\Windows\System\tlVfUCj.exe
  C:\Windows\System\tlVfUCj.exe
  2⤵
  PID:5864
- C:\Windows\System\LJlzFDM.exe
  C:\Windows\System\LJlzFDM.exe
  2⤵
  PID:7724
- C:\Windows\System\zjSLMgh.exe
  C:\Windows\System\zjSLMgh.exe
  2⤵
  PID:7788
- C:\Windows\System\AHyZftm.exe
  C:\Windows\System\AHyZftm.exe
  2⤵
  PID:7892
- C:\Windows\System\JkvaRtO.exe
  C:\Windows\System\JkvaRtO.exe
  2⤵
  PID:7984
- C:\Windows\System\sARvxtY.exe
  C:\Windows\System\sARvxtY.exe
  2⤵
  PID:8044
- C:\Windows\System\WiDsXCF.exe
  C:\Windows\System\WiDsXCF.exe
  2⤵
  PID:8132
- C:\Windows\System\GcoyUKE.exe
  C:\Windows\System\GcoyUKE.exe
  2⤵
  PID:8184
- C:\Windows\System\sjZnTGF.exe
  C:\Windows\System\sjZnTGF.exe
  2⤵
  PID:5744
- C:\Windows\System\ZNaXPdC.exe
  C:\Windows\System\ZNaXPdC.exe
  2⤵
  PID:1060
- C:\Windows\System\ZwZrQGG.exe
  C:\Windows\System\ZwZrQGG.exe
  2⤵
  PID:9220
- C:\Windows\System\YtYOWHS.exe
  C:\Windows\System\YtYOWHS.exe
  2⤵
  PID:9244
- C:\Windows\System\PnUjgle.exe
  C:\Windows\System\PnUjgle.exe
  2⤵
  PID:9260
- C:\Windows\System\jFIKTAl.exe
  C:\Windows\System\jFIKTAl.exe
  2⤵
  PID:9284
- C:\Windows\System\HGSvYQF.exe
  C:\Windows\System\HGSvYQF.exe
  2⤵
  PID:9304
- C:\Windows\System\zSUyOAx.exe
  C:\Windows\System\zSUyOAx.exe
  2⤵
  PID:9324
- C:\Windows\System\nSeRorx.exe
  C:\Windows\System\nSeRorx.exe
  2⤵
  PID:9348
- C:\Windows\System\fJwyJpQ.exe
  C:\Windows\System\fJwyJpQ.exe
  2⤵
  PID:9368
- C:\Windows\System\mpDCdzq.exe
  C:\Windows\System\mpDCdzq.exe
  2⤵
  PID:9392
- C:\Windows\System\NbiwiwI.exe
  C:\Windows\System\NbiwiwI.exe
  2⤵
  PID:9412
- C:\Windows\System\xEkDqUg.exe
  C:\Windows\System\xEkDqUg.exe
  2⤵
  PID:9436
- C:\Windows\System\yGcrHcO.exe
  C:\Windows\System\yGcrHcO.exe
  2⤵
  PID:9456
- C:\Windows\System\dfqDOdu.exe
  C:\Windows\System\dfqDOdu.exe
  2⤵
  PID:9476
- C:\Windows\System\MUHITTV.exe
  C:\Windows\System\MUHITTV.exe
  2⤵
  PID:9504
- C:\Windows\System\sHoPXXM.exe
  C:\Windows\System\sHoPXXM.exe
  2⤵
  PID:9520
- C:\Windows\System\hPmXORn.exe
  C:\Windows\System\hPmXORn.exe
  2⤵
  PID:9544
- C:\Windows\System\lhQIpYh.exe
  C:\Windows\System\lhQIpYh.exe
  2⤵
  PID:9568
- C:\Windows\System\cGfbWCW.exe
  C:\Windows\System\cGfbWCW.exe
  2⤵
  PID:9588
- C:\Windows\System\aORKWGk.exe
  C:\Windows\System\aORKWGk.exe
  2⤵
  PID:9604
- C:\Windows\System\ASlOpaD.exe
  C:\Windows\System\ASlOpaD.exe
  2⤵
  PID:9620
- C:\Windows\System\FiXBytu.exe
  C:\Windows\System\FiXBytu.exe
  2⤵
  PID:9640
- C:\Windows\System\AYynQzc.exe
  C:\Windows\System\AYynQzc.exe
  2⤵
  PID:9664
- C:\Windows\System\vITyVAm.exe
  C:\Windows\System\vITyVAm.exe
  2⤵
  PID:9684
- C:\Windows\System\tOBTVxU.exe
  C:\Windows\System\tOBTVxU.exe
  2⤵
  PID:9708
- C:\Windows\System\lGcbiBO.exe
  C:\Windows\System\lGcbiBO.exe
  2⤵
  PID:9732
- C:\Windows\System\KqSdGlW.exe
  C:\Windows\System\KqSdGlW.exe
  2⤵
  PID:9756
- C:\Windows\System\FVvOkFA.exe
  C:\Windows\System\FVvOkFA.exe
  2⤵
  PID:9776
- C:\Windows\System\AKeRCss.exe
  C:\Windows\System\AKeRCss.exe
  2⤵
  PID:9792
- C:\Windows\System\gPrhFbi.exe
  C:\Windows\System\gPrhFbi.exe
  2⤵
  PID:9816
- C:\Windows\System\aPWnzec.exe
  C:\Windows\System\aPWnzec.exe
  2⤵
  PID:9836
- C:\Windows\System\pWlJEWA.exe
  C:\Windows\System\pWlJEWA.exe
  2⤵
  PID:9868
- C:\Windows\System\OPIKYdl.exe
  C:\Windows\System\OPIKYdl.exe
  2⤵
  PID:9892
- C:\Windows\System\pFCooDV.exe
  C:\Windows\System\pFCooDV.exe
  2⤵
  PID:9908
- C:\Windows\System\gfVrcpx.exe
  C:\Windows\System\gfVrcpx.exe
  2⤵
  PID:9932
- C:\Windows\System\itRVlhM.exe
  C:\Windows\System\itRVlhM.exe
  2⤵
  PID:9956
- C:\Windows\System\bsGhfIv.exe
  C:\Windows\System\bsGhfIv.exe
  2⤵
  PID:9976
- C:\Windows\System\xgbRKSC.exe
  C:\Windows\System\xgbRKSC.exe
  2⤵
  PID:10000
- C:\Windows\System\rbTQAxW.exe
  C:\Windows\System\rbTQAxW.exe
  2⤵
  PID:10016
- C:\Windows\System\vBBzord.exe
  C:\Windows\System\vBBzord.exe
  2⤵
  PID:10040
- C:\Windows\System\rLPSssJ.exe
  C:\Windows\System\rLPSssJ.exe
  2⤵
  PID:10088
- C:\Windows\System\GaOgMsb.exe
  C:\Windows\System\GaOgMsb.exe
  2⤵
  PID:10104
- C:\Windows\System\BOAutIi.exe
  C:\Windows\System\BOAutIi.exe
  2⤵
  PID:10124
- C:\Windows\System\AzFWBzO.exe
  C:\Windows\System\AzFWBzO.exe
  2⤵
  PID:10144
- C:\Windows\System\JMKvDUX.exe
  C:\Windows\System\JMKvDUX.exe
  2⤵
  PID:10168
- C:\Windows\System\aeVUwpm.exe
  C:\Windows\System\aeVUwpm.exe
  2⤵
  PID:10192
- C:\Windows\System\oMkFrAf.exe
  C:\Windows\System\oMkFrAf.exe
  2⤵
  PID:10216
- C:\Windows\System\JYoJuJb.exe
  C:\Windows\System\JYoJuJb.exe
  2⤵
  PID:10232
- C:\Windows\System\VCyfJfF.exe
  C:\Windows\System\VCyfJfF.exe
  2⤵
  PID:6092
- C:\Windows\System\UAHnHVK.exe
  C:\Windows\System\UAHnHVK.exe
  2⤵
  PID:4276
- C:\Windows\System\jDEpVxh.exe
  C:\Windows\System\jDEpVxh.exe
  2⤵
  PID:216
- C:\Windows\System\wEbebsQ.exe
  C:\Windows\System\wEbebsQ.exe
  2⤵
  PID:6148
- C:\Windows\System\hHoGklL.exe
  C:\Windows\System\hHoGklL.exe
  2⤵
  PID:5304
- C:\Windows\System\ELjdYoB.exe
  C:\Windows\System\ELjdYoB.exe
  2⤵
  PID:6484
- C:\Windows\System\ETnoojj.exe
  C:\Windows\System\ETnoojj.exe
  2⤵
  PID:8204
- C:\Windows\System\hNRsKXu.exe
  C:\Windows\System\hNRsKXu.exe
  2⤵
  PID:8256
- C:\Windows\System\bhBgwqu.exe
  C:\Windows\System\bhBgwqu.exe
  2⤵
  PID:8308
- C:\Windows\System\hhCbUhP.exe
  C:\Windows\System\hhCbUhP.exe
  2⤵
  PID:8372
- C:\Windows\System\CPZXslB.exe
  C:\Windows\System\CPZXslB.exe
  2⤵
  PID:8508
- C:\Windows\System\jndIVpU.exe
  C:\Windows\System\jndIVpU.exe
  2⤵
  PID:5520
- C:\Windows\System\chagtqK.exe
  C:\Windows\System\chagtqK.exe
  2⤵
  PID:8756
- C:\Windows\System\SngKVcA.exe
  C:\Windows\System\SngKVcA.exe
  2⤵
  PID:5648
- C:\Windows\System\UycdkMw.exe
  C:\Windows\System\UycdkMw.exe
  2⤵
  PID:8828
- C:\Windows\System\HhqXtfd.exe
  C:\Windows\System\HhqXtfd.exe
  2⤵
  PID:8848
- C:\Windows\System\TgIEWKP.exe
  C:\Windows\System\TgIEWKP.exe
  2⤵
  PID:8864
- C:\Windows\System\aBJTuGg.exe
  C:\Windows\System\aBJTuGg.exe
  2⤵
  PID:8996
- C:\Windows\System\VyYIkjv.exe
  C:\Windows\System\VyYIkjv.exe
  2⤵
  PID:9108
- C:\Windows\System\CRRSciO.exe
  C:\Windows\System\CRRSciO.exe
  2⤵
  PID:7280
- C:\Windows\System\SngbeLa.exe
  C:\Windows\System\SngbeLa.exe
  2⤵
  PID:7320
- C:\Windows\System\VEMJGte.exe
  C:\Windows\System\VEMJGte.exe
  2⤵
  PID:7360
- C:\Windows\System\xgpekre.exe
  C:\Windows\System\xgpekre.exe
  2⤵
  PID:7708
- C:\Windows\System\kZHyTqF.exe
  C:\Windows\System\kZHyTqF.exe
  2⤵
  PID:7772
- C:\Windows\System\vEVJFwI.exe
  C:\Windows\System\vEVJFwI.exe
  2⤵
  PID:6852
- C:\Windows\System\GWuBntb.exe
  C:\Windows\System\GWuBntb.exe
  2⤵
  PID:10244
- C:\Windows\System\JozDZTu.exe
  C:\Windows\System\JozDZTu.exe
  2⤵
  PID:10260
- C:\Windows\System\FaBVEJh.exe
  C:\Windows\System\FaBVEJh.exe
  2⤵
  PID:10276
- C:\Windows\System\TtZBvlY.exe
  C:\Windows\System\TtZBvlY.exe
  2⤵
  PID:10296
- C:\Windows\System\XNOqfsh.exe
  C:\Windows\System\XNOqfsh.exe
  2⤵
  PID:10312
- C:\Windows\System\ExuxpSw.exe
  C:\Windows\System\ExuxpSw.exe
  2⤵
  PID:10332
- C:\Windows\System\POrMjDK.exe
  C:\Windows\System\POrMjDK.exe
  2⤵
  PID:10348
- C:\Windows\System\Ikbvzwz.exe
  C:\Windows\System\Ikbvzwz.exe
  2⤵
  PID:10368
- C:\Windows\System\foCDgFR.exe
  C:\Windows\System\foCDgFR.exe
  2⤵
  PID:10388
- C:\Windows\System\JSxKRJh.exe
  C:\Windows\System\JSxKRJh.exe
  2⤵
  PID:10412
- C:\Windows\System\FkZulaZ.exe
  C:\Windows\System\FkZulaZ.exe
  2⤵
  PID:10432
- C:\Windows\System\DLQdYeB.exe
  C:\Windows\System\DLQdYeB.exe
  2⤵
  PID:10472
- C:\Windows\System\woTpapa.exe
  C:\Windows\System\woTpapa.exe
  2⤵
  PID:10500
- C:\Windows\System\fUFuXHL.exe
  C:\Windows\System\fUFuXHL.exe
  2⤵
  PID:10548
- C:\Windows\System\yIHFjLr.exe
  C:\Windows\System\yIHFjLr.exe
  2⤵
  PID:10564
- C:\Windows\System\kduOMax.exe
  C:\Windows\System\kduOMax.exe
  2⤵
  PID:10580
- C:\Windows\System\YUwTlXk.exe
  C:\Windows\System\YUwTlXk.exe
  2⤵
  PID:10600
- C:\Windows\System\cmTnRgF.exe
  C:\Windows\System\cmTnRgF.exe
  2⤵
  PID:10624
- C:\Windows\System\VTdEKSv.exe
  C:\Windows\System\VTdEKSv.exe
  2⤵
  PID:10644
- C:\Windows\System\ltIPCzw.exe
  C:\Windows\System\ltIPCzw.exe
  2⤵
  PID:10660
- C:\Windows\System\zdNMKfH.exe
  C:\Windows\System\zdNMKfH.exe
  2⤵
  PID:10684
- C:\Windows\System\JVfGoZN.exe
  C:\Windows\System\JVfGoZN.exe
  2⤵
  PID:10708
- C:\Windows\System\wPQNfrH.exe
  C:\Windows\System\wPQNfrH.exe
  2⤵
  PID:10728
- C:\Windows\System\hOOzpIS.exe
  C:\Windows\System\hOOzpIS.exe
  2⤵
  PID:10748
- C:\Windows\System\KcEreHx.exe
  C:\Windows\System\KcEreHx.exe
  2⤵
  PID:10768
- C:\Windows\System\vRaPKYQ.exe
  C:\Windows\System\vRaPKYQ.exe
  2⤵
  PID:10788
- C:\Windows\System\pJHTtcY.exe
  C:\Windows\System\pJHTtcY.exe
  2⤵
  PID:10808
- C:\Windows\System\DhpyHPc.exe
  C:\Windows\System\DhpyHPc.exe
  2⤵
  PID:10828
- C:\Windows\System\sRULqPe.exe
  C:\Windows\System\sRULqPe.exe
  2⤵
  PID:10848
- C:\Windows\System\wbynGbN.exe
  C:\Windows\System\wbynGbN.exe
  2⤵
  PID:10872
- C:\Windows\System\xBrWPVA.exe
  C:\Windows\System\xBrWPVA.exe
  2⤵
  PID:10896
- C:\Windows\System\ukPHJGT.exe
  C:\Windows\System\ukPHJGT.exe
  2⤵
  PID:10912
- C:\Windows\System\voBHwTh.exe
  C:\Windows\System\voBHwTh.exe
  2⤵
  PID:10936
- C:\Windows\System\JegtZTo.exe
  C:\Windows\System\JegtZTo.exe
  2⤵
  PID:10956
- C:\Windows\System\BpWweGM.exe
  C:\Windows\System\BpWweGM.exe
  2⤵
  PID:10972
- C:\Windows\System\hcUSScP.exe
  C:\Windows\System\hcUSScP.exe
  2⤵
  PID:11000
- C:\Windows\System\upehYer.exe
  C:\Windows\System\upehYer.exe
  2⤵
  PID:11024
- C:\Windows\System\tUfTftP.exe
  C:\Windows\System\tUfTftP.exe
  2⤵
  PID:11040
- C:\Windows\System\wtpBThl.exe
  C:\Windows\System\wtpBThl.exe
  2⤵
  PID:11056
- C:\Windows\System\aTPDxUm.exe
  C:\Windows\System\aTPDxUm.exe
  2⤵
  PID:11072
- C:\Windows\System\VtWIKZx.exe
  C:\Windows\System\VtWIKZx.exe
  2⤵
  PID:11092
- C:\Windows\System\bnylgNC.exe
  C:\Windows\System\bnylgNC.exe
  2⤵
  PID:11116
- C:\Windows\System\FxFQzeU.exe
  C:\Windows\System\FxFQzeU.exe
  2⤵
  PID:11136
- C:\Windows\System\oGTFUhB.exe
  C:\Windows\System\oGTFUhB.exe
  2⤵
  PID:11156
- C:\Windows\System\gAWMmMo.exe
  C:\Windows\System\gAWMmMo.exe
  2⤵
  PID:11172
- C:\Windows\System\OxUhXaR.exe
  C:\Windows\System\OxUhXaR.exe
  2⤵
  PID:11196
- C:\Windows\System\SeawLpg.exe
  C:\Windows\System\SeawLpg.exe
  2⤵
  PID:11216
- C:\Windows\System\JaMiUXl.exe
  C:\Windows\System\JaMiUXl.exe
  2⤵
  PID:11236
- C:\Windows\System\arOfBLS.exe
  C:\Windows\System\arOfBLS.exe
  2⤵
  PID:11256
- C:\Windows\System\JSBRwAw.exe
  C:\Windows\System\JSBRwAw.exe
  2⤵
  PID:8028
- C:\Windows\System\HuLzBbs.exe
  C:\Windows\System\HuLzBbs.exe
  2⤵
  PID:7120
- C:\Windows\System\sNxLtbA.exe
  C:\Windows\System\sNxLtbA.exe
  2⤵
  PID:5820
- C:\Windows\System\LdzKajz.exe
  C:\Windows\System\LdzKajz.exe
  2⤵
  PID:5952
- C:\Windows\System\RwNcMAK.exe
  C:\Windows\System\RwNcMAK.exe
  2⤵
  PID:7012
- C:\Windows\System\FxLyetQ.exe
  C:\Windows\System\FxLyetQ.exe
  2⤵
  PID:2436
- C:\Windows\System\omydWuB.exe
  C:\Windows\System\omydWuB.exe
  2⤵
  PID:9256
- C:\Windows\System\COVZItX.exe
  C:\Windows\System\COVZItX.exe
  2⤵
  PID:7400
- C:\Windows\System\jEymdDr.exe
  C:\Windows\System\jEymdDr.exe
  2⤵
  PID:9300
- C:\Windows\System\lAdbAko.exe
  C:\Windows\System\lAdbAko.exe
  2⤵
  PID:9360
- C:\Windows\System\hPJrAia.exe
  C:\Windows\System\hPJrAia.exe
  2⤵
  PID:9384
- C:\Windows\System\EbnzwFC.exe
  C:\Windows\System\EbnzwFC.exe
  2⤵
  PID:6180
- C:\Windows\System\GJyrKAQ.exe
  C:\Windows\System\GJyrKAQ.exe
  2⤵
  PID:6376
- C:\Windows\System\NmWfYCV.exe
  C:\Windows\System\NmWfYCV.exe
  2⤵
  PID:9600
- C:\Windows\System\WvnZOay.exe
  C:\Windows\System\WvnZOay.exe
  2⤵
  PID:6584
- C:\Windows\System\oTpdeBK.exe
  C:\Windows\System\oTpdeBK.exe
  2⤵
  PID:9676
- C:\Windows\System\BcqKmVs.exe
  C:\Windows\System\BcqKmVs.exe
  2⤵
  PID:9700
- C:\Windows\System\XUaPjtc.exe
  C:\Windows\System\XUaPjtc.exe
  2⤵
  PID:8336
- C:\Windows\System\huXapPm.exe
  C:\Windows\System\huXapPm.exe
  2⤵
  PID:8480
- C:\Windows\System\OFEAuOY.exe
  C:\Windows\System\OFEAuOY.exe
  2⤵
  PID:10032
- C:\Windows\System\eOZTXMx.exe
  C:\Windows\System\eOZTXMx.exe
  2⤵
  PID:9000
- C:\Windows\System\XGLseHU.exe
  C:\Windows\System\XGLseHU.exe
  2⤵
  PID:9060
- C:\Windows\System\WeYUNKE.exe
  C:\Windows\System\WeYUNKE.exe
  2⤵
  PID:7516
- C:\Windows\System\sHQzDom.exe
  C:\Windows\System\sHQzDom.exe
  2⤵
  PID:7556
- C:\Windows\System\vogPazo.exe
  C:\Windows\System\vogPazo.exe
  2⤵
  PID:7592
- C:\Windows\System\ReZrFLM.exe
  C:\Windows\System\ReZrFLM.exe
  2⤵
  PID:7620
- C:\Windows\System\edWEtKj.exe
  C:\Windows\System\edWEtKj.exe
  2⤵
  PID:7656
- C:\Windows\System\AstLxkp.exe
  C:\Windows\System\AstLxkp.exe
  2⤵
  PID:11280
- C:\Windows\System\cXHZeoQ.exe
  C:\Windows\System\cXHZeoQ.exe
  2⤵
  PID:11296
- C:\Windows\System\lLiPnzL.exe
  C:\Windows\System\lLiPnzL.exe
  2⤵
  PID:11316
- C:\Windows\System\WcLzwKn.exe
  C:\Windows\System\WcLzwKn.exe
  2⤵
  PID:11332
- C:\Windows\System\CiQAYKk.exe
  C:\Windows\System\CiQAYKk.exe
  2⤵
  PID:11352
- C:\Windows\System\DEzVCIv.exe
  C:\Windows\System\DEzVCIv.exe
  2⤵
  PID:11380
- C:\Windows\System\fuiUZRQ.exe
  C:\Windows\System\fuiUZRQ.exe
  2⤵
  PID:11400
- C:\Windows\System\flcolWD.exe
  C:\Windows\System\flcolWD.exe
  2⤵
  PID:11420
- C:\Windows\System\OxtvCsA.exe
  C:\Windows\System\OxtvCsA.exe
  2⤵
  PID:11440
- C:\Windows\System\HbCaeSj.exe
  C:\Windows\System\HbCaeSj.exe
  2⤵
  PID:11460
- C:\Windows\System\vXQYKgq.exe
  C:\Windows\System\vXQYKgq.exe
  2⤵
  PID:11484
- C:\Windows\System\jhYOERN.exe
  C:\Windows\System\jhYOERN.exe
  2⤵
  PID:11500
- C:\Windows\System\FLdTMkf.exe
  C:\Windows\System\FLdTMkf.exe
  2⤵
  PID:11524
- C:\Windows\System\bglSmyW.exe
  C:\Windows\System\bglSmyW.exe
  2⤵
  PID:11548
- C:\Windows\System\GdZCWel.exe
  C:\Windows\System\GdZCWel.exe
  2⤵
  PID:11568
- C:\Windows\System\rslRmmd.exe
  C:\Windows\System\rslRmmd.exe
  2⤵
  PID:11588
- C:\Windows\System\jbGdQAq.exe
  C:\Windows\System\jbGdQAq.exe
  2⤵
  PID:11616
- C:\Windows\System\svRmQHr.exe
  C:\Windows\System\svRmQHr.exe
  2⤵
  PID:11636
- C:\Windows\System\VrDUwuO.exe
  C:\Windows\System\VrDUwuO.exe
  2⤵
  PID:11656
- C:\Windows\System\MkhaGvM.exe
  C:\Windows\System\MkhaGvM.exe
  2⤵
  PID:11672
- C:\Windows\System\LVbgBwA.exe
  C:\Windows\System\LVbgBwA.exe
  2⤵
  PID:11696
- C:\Windows\System\FNebsaK.exe
  C:\Windows\System\FNebsaK.exe
  2⤵
  PID:11716
- C:\Windows\System\IrKHLvw.exe
  C:\Windows\System\IrKHLvw.exe
  2⤵
  PID:11732
- C:\Windows\System\pHPxQDG.exe
  C:\Windows\System\pHPxQDG.exe
  2⤵
  PID:11756
- C:\Windows\System\fydteOQ.exe
  C:\Windows\System\fydteOQ.exe
  2⤵
  PID:11772
- C:\Windows\System\AJyiPnl.exe
  C:\Windows\System\AJyiPnl.exe
  2⤵
  PID:11792
- C:\Windows\System\NtcYLmP.exe
  C:\Windows\System\NtcYLmP.exe
  2⤵
  PID:11816
- C:\Windows\System\lBsppWE.exe
  C:\Windows\System\lBsppWE.exe
  2⤵
  PID:11840
- C:\Windows\System\FaGqxHR.exe
  C:\Windows\System\FaGqxHR.exe
  2⤵
  PID:11864
- C:\Windows\System\TXHMtOW.exe
  C:\Windows\System\TXHMtOW.exe
  2⤵
  PID:11880
- C:\Windows\System\xZvkPrt.exe
  C:\Windows\System\xZvkPrt.exe
  2⤵
  PID:11904
- C:\Windows\System\fADbKtm.exe
  C:\Windows\System\fADbKtm.exe
  2⤵
  PID:11928
- C:\Windows\System\JMLqifT.exe
  C:\Windows\System\JMLqifT.exe
  2⤵
  PID:11948
- C:\Windows\System\bjYvuCN.exe
  C:\Windows\System\bjYvuCN.exe
  2⤵
  PID:11972
- C:\Windows\System\gSBAfqq.exe
  C:\Windows\System\gSBAfqq.exe
  2⤵
  PID:11992
- C:\Windows\System\KHDhkeu.exe
  C:\Windows\System\KHDhkeu.exe
  2⤵
  PID:12016
- C:\Windows\System\Vpepugz.exe
  C:\Windows\System\Vpepugz.exe
  2⤵
  PID:12040
- C:\Windows\System\UIYqPgj.exe
  C:\Windows\System\UIYqPgj.exe
  2⤵
  PID:12064
- C:\Windows\System\aZQTXTJ.exe
  C:\Windows\System\aZQTXTJ.exe
  2⤵
  PID:12084
- C:\Windows\System\EyxlnRp.exe
  C:\Windows\System\EyxlnRp.exe
  2⤵
  PID:12108
- C:\Windows\System\gKnKxZq.exe
  C:\Windows\System\gKnKxZq.exe
  2⤵
  PID:12132
- C:\Windows\System\oBcUcaF.exe
  C:\Windows\System\oBcUcaF.exe
  2⤵
  PID:12152
- C:\Windows\System\tknJyCK.exe
  C:\Windows\System\tknJyCK.exe
  2⤵
  PID:12176
- C:\Windows\System\ahAsrkA.exe
  C:\Windows\System\ahAsrkA.exe
  2⤵
  PID:12208
- C:\Windows\System\dvcIOZj.exe
  C:\Windows\System\dvcIOZj.exe
  2⤵
  PID:12228
- C:\Windows\System\dFWWhoc.exe
  C:\Windows\System\dFWWhoc.exe
  2⤵
  PID:12244
- C:\Windows\System\ZuwYmtA.exe
  C:\Windows\System\ZuwYmtA.exe
  2⤵
  PID:12260
- C:\Windows\System\qysCsBz.exe
  C:\Windows\System\qysCsBz.exe
  2⤵
  PID:12284
- C:\Windows\System\EhkwnmW.exe
  C:\Windows\System\EhkwnmW.exe
  2⤵
  PID:7268
- C:\Windows\System\RLPtxHg.exe
  C:\Windows\System\RLPtxHg.exe
  2⤵
  PID:1856
- C:\Windows\System\yVKulRd.exe
  C:\Windows\System\yVKulRd.exe
  2⤵
  PID:2168
- C:\Windows\System\QxbyHdp.exe
  C:\Windows\System\QxbyHdp.exe
  2⤵
  PID:7856
- C:\Windows\System\BcsGyfa.exe
  C:\Windows\System\BcsGyfa.exe
  2⤵
  PID:6832
- C:\Windows\System\NuDoKEm.exe
  C:\Windows\System\NuDoKEm.exe
  2⤵
  PID:7928
- C:\Windows\System\sOaHrvZ.exe
  C:\Windows\System\sOaHrvZ.exe
  2⤵
  PID:6932
- C:\Windows\System\gRHKuMf.exe
  C:\Windows\System\gRHKuMf.exe
  2⤵
  PID:7136
- C:\Windows\System\ZcEuQpf.exe
  C:\Windows\System\ZcEuQpf.exe
  2⤵
  PID:10356
- C:\Windows\System\nHAbJXQ.exe
  C:\Windows\System\nHAbJXQ.exe
  2⤵
  PID:6296
- C:\Windows\System\stJPnQF.exe
  C:\Windows\System\stJPnQF.exe
  2⤵
  PID:8172
- C:\Windows\System\fgYaQNE.exe
  C:\Windows\System\fgYaQNE.exe
  2⤵
  PID:9272
- C:\Windows\System\XWBgDFC.exe
  C:\Windows\System\XWBgDFC.exe
  2⤵
  PID:12304
- C:\Windows\System\qohjvtq.exe
  C:\Windows\System\qohjvtq.exe
  2⤵
  PID:12324
- C:\Windows\System\hhFlhSs.exe
  C:\Windows\System\hhFlhSs.exe
  2⤵
  PID:12344
- C:\Windows\System\hOJyVaY.exe
  C:\Windows\System\hOJyVaY.exe
  2⤵
  PID:12372
- C:\Windows\System\FfhxPUn.exe
  C:\Windows\System\FfhxPUn.exe
  2⤵
  PID:12388
- C:\Windows\System\oDaSKsT.exe
  C:\Windows\System\oDaSKsT.exe
  2⤵
  PID:12412
- C:\Windows\System\FMVUiWn.exe
  C:\Windows\System\FMVUiWn.exe
  2⤵
  PID:12436
- C:\Windows\System\arMBwgm.exe
  C:\Windows\System\arMBwgm.exe
  2⤵
  PID:12452
- C:\Windows\System\zYArPgW.exe
  C:\Windows\System\zYArPgW.exe
  2⤵
  PID:12480
- C:\Windows\System\fwkxaUO.exe
  C:\Windows\System\fwkxaUO.exe
  2⤵
  PID:12500
- C:\Windows\System\fdoxJyu.exe
  C:\Windows\System\fdoxJyu.exe
  2⤵
  PID:12520
- C:\Windows\System\OItkWOX.exe
  C:\Windows\System\OItkWOX.exe
  2⤵
  PID:12540
- C:\Windows\System\tmekVYc.exe
  C:\Windows\System\tmekVYc.exe
  2⤵
  PID:12568
- C:\Windows\System\joSPxFr.exe
  C:\Windows\System\joSPxFr.exe
  2⤵
  PID:12736
- C:\Windows\System\LIrxbyA.exe
  C:\Windows\System\LIrxbyA.exe
  2⤵
  PID:12752
- C:\Windows\System\nLdBXoK.exe
  C:\Windows\System\nLdBXoK.exe
  2⤵
  PID:12768
- C:\Windows\System\XiWUHgj.exe
  C:\Windows\System\XiWUHgj.exe
  2⤵
  PID:12784
- C:\Windows\System\MKpkhkw.exe
  C:\Windows\System\MKpkhkw.exe
  2⤵
  PID:12836
- C:\Windows\System\GSyewyH.exe
  C:\Windows\System\GSyewyH.exe
  2⤵
  PID:12856
- C:\Windows\System\fJqMAVJ.exe
  C:\Windows\System\fJqMAVJ.exe
  2⤵
  PID:12876
- C:\Windows\System\jECRVVm.exe
  C:\Windows\System\jECRVVm.exe
  2⤵
  PID:12900
- C:\Windows\System\rGfXoZW.exe
  C:\Windows\System\rGfXoZW.exe
  2⤵
  PID:12924
- C:\Windows\System\pgoxjMP.exe
  C:\Windows\System\pgoxjMP.exe
  2⤵
  PID:12944
- C:\Windows\System\tBIqTxC.exe
  C:\Windows\System\tBIqTxC.exe
  2⤵
  PID:12964
- C:\Windows\System\BuyuffJ.exe
  C:\Windows\System\BuyuffJ.exe
  2⤵
  PID:12988
- C:\Windows\System\yGtgKsD.exe
  C:\Windows\System\yGtgKsD.exe
  2⤵
  PID:13012
- C:\Windows\System\yJabVaG.exe
  C:\Windows\System\yJabVaG.exe
  2⤵
  PID:13032
- C:\Windows\System\WDDDIOJ.exe
  C:\Windows\System\WDDDIOJ.exe
  2⤵
  PID:13052
- C:\Windows\System\BmpooHE.exe
  C:\Windows\System\BmpooHE.exe
  2⤵
  PID:13076
- C:\Windows\System\iKcSsAp.exe
  C:\Windows\System\iKcSsAp.exe
  2⤵
  PID:13096
- C:\Windows\System\OuBCFIq.exe
  C:\Windows\System\OuBCFIq.exe
  2⤵
  PID:12080
- C:\Windows\System\nJePxeS.exe
  C:\Windows\System\nJePxeS.exe
  2⤵
  PID:5908
- C:\Windows\System\TDRGkqc.exe
  C:\Windows\System\TDRGkqc.exe
  2⤵
  PID:11392
- C:\Windows\System\xKUhjDF.exe
  C:\Windows\System\xKUhjDF.exe
  2⤵
  PID:11560
- C:\Windows\System\xQXbhZN.exe
  C:\Windows\System\xQXbhZN.exe
  2⤵
  PID:11428
- C:\Windows\System\UgwvLCr.exe
  C:\Windows\System\UgwvLCr.exe
  2⤵
  PID:10452
- C:\Windows\System\TQpEwCu.exe
  C:\Windows\System\TQpEwCu.exe
  2⤵
  PID:12008
- C:\Windows\System\rtyaKZE.exe
  C:\Windows\System\rtyaKZE.exe
  2⤵
  PID:11912
- C:\Windows\System\jWKqxTO.exe
  C:\Windows\System\jWKqxTO.exe
  2⤵
  PID:11872
- C:\Windows\System\GepOAes.exe
  C:\Windows\System\GepOAes.exe
  2⤵
  PID:11712
- C:\Windows\System\ZhnRpEO.exe
  C:\Windows\System\ZhnRpEO.exe
  2⤵
  PID:11856
- C:\Windows\System\oDAgBOR.exe
  C:\Windows\System\oDAgBOR.exe
  2⤵
  PID:9212
- C:\Windows\System\iNnsCDf.exe
  C:\Windows\System\iNnsCDf.exe
  2⤵
  PID:10536
- C:\Windows\System\WlfRxBm.exe
  C:\Windows\System\WlfRxBm.exe
  2⤵
  PID:12472
- C:\Windows\System\DewSmrL.exe
  C:\Windows\System\DewSmrL.exe
  2⤵
  PID:12724
- C:\Windows\System\ujhaJCR.exe
  C:\Windows\System\ujhaJCR.exe
  2⤵
  PID:12256
- C:\Windows\System\ijEMIgA.exe
  C:\Windows\System\ijEMIgA.exe
  2⤵
  PID:7748
- C:\Windows\System\OitSvTU.exe
  C:\Windows\System\OitSvTU.exe
  2⤵
  PID:12872
- C:\Windows\System\pIJWWEZ.exe
  C:\Windows\System\pIJWWEZ.exe
  2⤵
  PID:2832
- C:\Windows\System\VhopwZT.exe
  C:\Windows\System\VhopwZT.exe
  2⤵
  PID:13040
- C:\Windows\System\CiYyeUl.exe
  C:\Windows\System\CiYyeUl.exe
  2⤵
  PID:7124
- C:\Windows\System\cBQamKb.exe
  C:\Windows\System\cBQamKb.exe
  2⤵
  PID:8444
- C:\Windows\System\xHRZuCI.exe
  C:\Windows\System\xHRZuCI.exe
  2⤵
  PID:3476
- C:\Windows\System\fvRjSbr.exe
  C:\Windows\System\fvRjSbr.exe
  2⤵
  PID:10024
- C:\Windows\System\vnipKxb.exe
  C:\Windows\System\vnipKxb.exe
  2⤵
  PID:10636
- C:\Windows\System\zcSHbUG.exe
  C:\Windows\System\zcSHbUG.exe
  2⤵
  PID:7768
- C:\Windows\System\IFmtDLg.exe
  C:\Windows\System\IFmtDLg.exe
  2⤵
  PID:2792
- C:\Windows\System\ldAZfmb.exe
  C:\Windows\System\ldAZfmb.exe
  2⤵
  PID:11108
- C:\Windows\System\dpDeFuV.exe
  C:\Windows\System\dpDeFuV.exe
  2⤵
  PID:11824
- C:\Windows\System\vmcKaXI.exe
  C:\Windows\System\vmcKaXI.exe
  2⤵
  PID:12620
- C:\Windows\System\JCAjQQB.exe
  C:\Windows\System\JCAjQQB.exe
  2⤵
  PID:12340
- C:\Windows\System\XbxqcFo.exe
  C:\Windows\System\XbxqcFo.exe
  2⤵
  PID:9616
- C:\Windows\System\srkWvte.exe
  C:\Windows\System\srkWvte.exe
  2⤵
  PID:6436
- C:\Windows\System\rtNDCsm.exe
  C:\Windows\System\rtNDCsm.exe
  2⤵
  PID:2140
- C:\Windows\System\BwPOXUv.exe
  C:\Windows\System\BwPOXUv.exe
  2⤵
  PID:11432
- C:\Windows\System\uXkBxce.exe
  C:\Windows\System\uXkBxce.exe
  2⤵
  PID:6536
- C:\Windows\System\WyqvVxu.exe
  C:\Windows\System\WyqvVxu.exe
  2⤵
  PID:11612
- C:\Windows\System\hxneQHA.exe
  C:\Windows\System\hxneQHA.exe
  2⤵
  PID:11644
- C:\Windows\System\EkOqznV.exe
  C:\Windows\System\EkOqznV.exe
  2⤵
  PID:9340
- C:\Windows\System\ErsPTWl.exe
  C:\Windows\System\ErsPTWl.exe
  2⤵
  PID:3040
- C:\Windows\System\odpxZXV.exe
  C:\Windows\System\odpxZXV.exe
  2⤵
  PID:11788
- C:\Windows\System\keqrmmJ.exe
  C:\Windows\System\keqrmmJ.exe
  2⤵
  PID:6600
- C:\Windows\System\ryrqGbR.exe
  C:\Windows\System\ryrqGbR.exe
  2⤵
  PID:12744
- C:\Windows\System\AtCBdVu.exe
  C:\Windows\System\AtCBdVu.exe
  2⤵
  PID:10164
- C:\Windows\System\yzFseFI.exe
  C:\Windows\System\yzFseFI.exe
  2⤵
  PID:8280
- C:\Windows\System\uMMGLRK.exe
  C:\Windows\System\uMMGLRK.exe
  2⤵
  PID:9404
- C:\Windows\System\jhfWoTo.exe
  C:\Windows\System\jhfWoTo.exe
  2⤵
  PID:1464
- C:\Windows\System\NLlnoLg.exe
  C:\Windows\System\NLlnoLg.exe
  2⤵
  PID:10764
- C:\Windows\System\qOIeDPi.exe
  C:\Windows\System\qOIeDPi.exe
  2⤵
  PID:4952
- C:\Windows\System\zjMtxqR.exe
  C:\Windows\System\zjMtxqR.exe
  2⤵
  PID:4360
- C:\Windows\System\NvlUlkv.exe
  C:\Windows\System\NvlUlkv.exe
  2⤵
  PID:5060
- C:\Windows\System\CfXnaHJ.exe
  C:\Windows\System\CfXnaHJ.exe
  2⤵
  PID:4472
- C:\Windows\System\glCbcUY.exe
  C:\Windows\System\glCbcUY.exe
  2⤵
  PID:5032
- C:\Windows\System\asUUhGi.exe
  C:\Windows\System\asUUhGi.exe
  2⤵
  PID:5480
- C:\Windows\System\gRoiwgd.exe
  C:\Windows\System\gRoiwgd.exe
  2⤵
  PID:736
- C:\Windows\System\VAezTHd.exe
  C:\Windows\System\VAezTHd.exe
  2⤵
  PID:12460
- C:\Windows\System\zcrevwO.exe
  C:\Windows\System\zcrevwO.exe
  2⤵
  PID:1924
- C:\Windows\System\fwWOXJr.exe
  C:\Windows\System\fwWOXJr.exe
  2⤵
  PID:2640
- C:\Windows\System\eaBrHBT.exe
  C:\Windows\System\eaBrHBT.exe
  2⤵
  PID:11544
- C:\Windows\System\DjCfhEV.exe
  C:\Windows\System\DjCfhEV.exe
  2⤵
  PID:11628
- C:\Windows\System\yJDSWVH.exe
  C:\Windows\System\yJDSWVH.exe
  2⤵
  PID:3096
- C:\Windows\System\KQjEpxZ.exe
  C:\Windows\System\KQjEpxZ.exe
  2⤵
  PID:11496
- C:\Windows\System\ZlouCDX.exe
  C:\Windows\System\ZlouCDX.exe
  2⤵
  PID:8840
- C:\Windows\System\XMxhUCv.exe
  C:\Windows\System\XMxhUCv.exe
  2⤵
  PID:13296
- C:\Windows\System\PBJpNwz.exe
  C:\Windows\System\PBJpNwz.exe
  2⤵
  PID:3588
- C:\Windows\System\vkzdEdk.exe
  C:\Windows\System\vkzdEdk.exe
  2⤵
  PID:2300
- C:\Windows\System\KcnZYsa.exe
  C:\Windows\System\KcnZYsa.exe
  2⤵
  PID:2500
- C:\Windows\System\WlSRbrY.exe
  C:\Windows\System\WlSRbrY.exe
  2⤵
  PID:2820
- C:\Windows\System\iaPtwWX.exe
  C:\Windows\System\iaPtwWX.exe
  2⤵
  PID:12444
- C:\Windows\System\HPusCfo.exe
  C:\Windows\System\HPusCfo.exe
  2⤵
  PID:3168
- C:\Windows\System\rrqaoMY.exe
  C:\Windows\System\rrqaoMY.exe
  2⤵
  PID:9852
- C:\Windows\System\boCpKqu.exe
  C:\Windows\System\boCpKqu.exe
  2⤵
  PID:2584
- C:\Windows\System\hukJLep.exe
  C:\Windows\System\hukJLep.exe
  2⤵
  PID:4908
- C:\Windows\System\sOPIIqY.exe
  C:\Windows\System\sOPIIqY.exe
  2⤵
  PID:11520
- C:\Windows\System\WVpwhOL.exe
  C:\Windows\System\WVpwhOL.exe
  2⤵
  PID:7444
- C:\Windows\System\GVMvqDV.exe
  C:\Windows\System\GVMvqDV.exe
  2⤵
  PID:1940
- C:\Windows\System\XYzpSBQ.exe
  C:\Windows\System\XYzpSBQ.exe
  2⤵
  PID:9692
- C:\Windows\System\bTbIRDO.exe
  C:\Windows\System\bTbIRDO.exe
  2⤵
  PID:5956
- C:\Windows\System\KEnlJBb.exe
  C:\Windows\System\KEnlJBb.exe
  2⤵
  PID:11416
- C:\Windows\System\RPUQFjm.exe
  C:\Windows\System\RPUQFjm.exe
  2⤵
  PID:6276
- C:\Windows\System\fDildbO.exe
  C:\Windows\System\fDildbO.exe
  2⤵
  PID:744
- C:\Windows\System\LuhNXCD.exe
  C:\Windows\System\LuhNXCD.exe
  2⤵
  PID:680
- C:\Windows\System\DSdeBXy.exe
  C:\Windows\System\DSdeBXy.exe
  2⤵
  PID:6256
- C:\Windows\System\DrWyiyp.exe
  C:\Windows\System\DrWyiyp.exe
  2⤵
  PID:4308
- C:\Windows\System\VrcrXwZ.exe
  C:\Windows\System\VrcrXwZ.exe
  2⤵
  PID:3392
- C:\Windows\System\mYnYFNf.exe
  C:\Windows\System\mYnYFNf.exe
  2⤵
  PID:10456
- C:\Windows\System\phaNEnh.exe
  C:\Windows\System\phaNEnh.exe
  2⤵
  PID:13512
- C:\Windows\System\zisTpeB.exe
  C:\Windows\System\zisTpeB.exe
  2⤵
  PID:13620
- C:\Windows\System\JvjBAJu.exe
  C:\Windows\System\JvjBAJu.exe
  2⤵
  PID:13636
- C:\Windows\System\MAEkhhq.exe
  C:\Windows\System\MAEkhhq.exe
  2⤵
  PID:13652
- C:\Windows\System\YXasmvF.exe
  C:\Windows\System\YXasmvF.exe
  2⤵
  PID:13668
- C:\Windows\System\aNKZJBV.exe
  C:\Windows\System\aNKZJBV.exe
  2⤵
  PID:13684
- C:\Windows\System\AcCcumd.exe
  C:\Windows\System\AcCcumd.exe
  2⤵
  PID:13704
- C:\Windows\System\zYsjpWw.exe
  C:\Windows\System\zYsjpWw.exe
  2⤵
  PID:13728
- C:\Windows\System\fEgilaf.exe
  C:\Windows\System\fEgilaf.exe
  2⤵
  PID:13752
- C:\Windows\System\BllnmAI.exe
  C:\Windows\System\BllnmAI.exe
  2⤵
  PID:13772
- C:\Windows\System\WUDArUi.exe
  C:\Windows\System\WUDArUi.exe
  2⤵
  PID:13792
- C:\Windows\System\oVTPvlo.exe
  C:\Windows\System\oVTPvlo.exe
  2⤵
  PID:13808
- C:\Windows\System\JtEFKpC.exe
  C:\Windows\System\JtEFKpC.exe
  2⤵
  PID:13836
- C:\Windows\System\rIKgIoC.exe
  C:\Windows\System\rIKgIoC.exe
  2⤵
  PID:13860
- C:\Windows\System\xXoyBiu.exe
  C:\Windows\System\xXoyBiu.exe
  2⤵
  PID:13900
- C:\Windows\System\qffmVjr.exe
  C:\Windows\System\qffmVjr.exe
  2⤵
  PID:13916
- C:\Windows\System\dnDUApt.exe
  C:\Windows\System\dnDUApt.exe
  2⤵
  PID:13936
- C:\Windows\System\dWoqzYT.exe
  C:\Windows\System\dWoqzYT.exe
  2⤵
  PID:13956
- C:\Windows\System\SwMmkmt.exe
  C:\Windows\System\SwMmkmt.exe
  2⤵
  PID:14028
- C:\Windows\System\fqADRsv.exe
  C:\Windows\System\fqADRsv.exe
  2⤵
  PID:14056
- C:\Windows\System\PaOQLpd.exe
  C:\Windows\System\PaOQLpd.exe
  2⤵
  PID:14076
- C:\Windows\System\lrayPQY.exe
  C:\Windows\System\lrayPQY.exe
  2⤵
  PID:14280
- C:\Windows\System\ITaLYgQ.exe
  C:\Windows\System\ITaLYgQ.exe
  2⤵
  PID:14296
- C:\Windows\System\oMfCBzi.exe
  C:\Windows\System\oMfCBzi.exe
  2⤵
  PID:14312
- C:\Windows\System\GWAwewf.exe
  C:\Windows\System\GWAwewf.exe
  2⤵
  PID:14332
- C:\Windows\System\RgkkHpT.exe
  C:\Windows\System\RgkkHpT.exe
  2⤵
  PID:13328
- C:\Windows\System\syaWNXV.exe
  C:\Windows\System\syaWNXV.exe
  2⤵
  PID:13440
- C:\Windows\System\ASpaPdP.exe
  C:\Windows\System\ASpaPdP.exe
  2⤵
  PID:13456
- C:\Windows\System\UTWLXaA.exe
  C:\Windows\System\UTWLXaA.exe
  2⤵
  PID:13472
- C:\Windows\System\bjmrArl.exe
  C:\Windows\System\bjmrArl.exe
  2⤵
  PID:13488
- C:\Windows\System\Iqluebp.exe
  C:\Windows\System\Iqluebp.exe
  2⤵
  PID:13976
- C:\Windows\System\sSMnWzR.exe
  C:\Windows\System\sSMnWzR.exe
  2⤵
  PID:13908
- C:\Windows\System\BcbeJnp.exe
  C:\Windows\System\BcbeJnp.exe
  2⤵
  PID:14008
- C:\Windows\System\CuqTfHz.exe
  C:\Windows\System\CuqTfHz.exe
  2⤵
  PID:13948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_k3sryi1s.ai1.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AHzMkEP.exe

Filesize
1.7MB

MD5
18ca3ad888ceffcb9e442144c27c7a64

SHA1
6f218389ec6e25befc12afabe6750866ef99da4c

SHA256
fe5536aba95e5d0eb164cdd23a7455b5b2b47bbcc9c6d80f7fcaa18695710a15

SHA512
e8408ad5a051857a0d7dc7bb5dc8c7f77333a025d886cf2e10e5a4b07cca4c77b1be99264daba22274c596cdfa290380cdf90b59a4ebde5d1f44fe7232b95e44

Download Submit
C:\Windows\System\AmgNyFR.exe

Filesize
1.7MB

MD5
3cc0f63d6fde27e4170c23d2901b5a6d

SHA1
0f597000095102571314154ffd593a03b34f5c42

SHA256
f381549b8ac1286e22011f3f3ef3e87a1c1861a807dcb68ac81e8841ef89fc52

SHA512
ca18e7a4cf04bd7ce80cce444322369693b2c7e06703fbe3034aa66110283577592673c9329a9e2a547d7ccad05da4fe30dbffe58e68ad84309b216418ea944f

Download Submit
C:\Windows\System\CiAuHAj.exe

Filesize
1.7MB

MD5
ca26ef08576904ba18305f987f798dcd

SHA1
542578f3d733e09e7825c455cf136129b5bd26a0

SHA256
128b7284afa7c27957d90fc048e1a1485d5881786410ebbbbd6a04a05b015a20

SHA512
3f97f275021e87779fe0da08ffa55704e452dab174cb10ddf360ea84a86198ed6bc9ebd5d4434a792085e57783ab07411b8aab8efc5f42c95a8f49664ccc04d2

Download Submit
C:\Windows\System\DEMlpdf.exe

Filesize
1.7MB

MD5
3b33e61f5465c168a72631a33758014b

SHA1
b46557784059e8d5c4b879e57d9382d9449c929a

SHA256
7599b68fc06fbc630684680764aa82d393a4786e65d1a75e4621f2e2a37d50fc

SHA512
16b898e62a5c7a516acf7c8fbd3088058f2d734ba339ec6c0401192b2ab9374b4ca59cbd9084a67770907f6d864d7391512d02433b91ac6c7ec6078b6302e1e5

Download Submit
C:\Windows\System\DsCsNAO.exe

Filesize
1.7MB

MD5
f301e33d426f1919bc6053f6c150d9c0

SHA1
f38f4fd5323ef6ec3b81f8fe09cf8601e3673386

SHA256
f55c87a786287f95cde5c1e419d7f4d07a22d49830e57eb9695bf6f558f4f07f

SHA512
bdbe58c79b9a837766445c1c3fc9683a433807c3a46bc78c674a67c8d3e933eaa1bebef2336f8c368860856ce25cb44e458fb6eeffae4ffe2762af109bf030aa

Download Submit
C:\Windows\System\EgdRKwG.exe

Filesize
1.7MB

MD5
0ff4abbe0ba43d363a82fd8ade68d7f6

SHA1
955699aa706682a1e0b553947b06a7cbaedb13e3

SHA256
fc8a47b2b874c059499f4a8c56cfb984c86ce1c58dc00ef54bb9d4480285cc8c

SHA512
8d4b6a3d29494c4d3abd5477bd1b6ba72bbfb6299f7bee68b48f0f05eeafee9c64b75d4b3db6c00450e2ea513cf889c4fb3ded0e73075879a358ca3bd98092d5

Download Submit
C:\Windows\System\GNmNayO.exe

Filesize
1.7MB

MD5
a4e6c7bb28bdf2dc5c4fd726071b9a33

SHA1
f8ff2eb2a3cc10a92d9b8609019652494b7432da

SHA256
d018ca713d733a0422ce8ac1bdba184f0f956e12f9f359a2fea773a824516478

SHA512
ae6a67fd15c8425961288ad6078c07e3cc42d4aaf05af6a88ce671757752cef555b5ac34df055a08ac0770e9755b8653238879f8dd099cde6c6477217fd25f66

Download Submit
C:\Windows\System\GOrnEMr.exe

Filesize
1.7MB

MD5
2df1448f93b89324a55fb2d915c67bce

SHA1
6a90b201ad06b4d0fe519439b6c969e1de1d15a9

SHA256
e325a46daa65340d14947d8a738b4ea71f31525b7dd89e9b2aedd132e60a33ed

SHA512
d0e8d36822bb33d4fcb93ead713f03dfa08ce4169533ad2e35f01b86b42e0c2fe6317a0444615ea3f587657f5c4f71bdb776c6f28a10f7f7c28c048f033abd09

Download Submit
C:\Windows\System\HGpYQAC.exe

Filesize
1.7MB

MD5
baf3042405eada0f231b6b67a7f17f3a

SHA1
b80e037a6c7fd1dc95a4756518503c2c9b613712

SHA256
301f08dce31b64583286da25f13775da7ce6ce79411944e85ae34ff6ab9f16fb

SHA512
8c92529310db3d06b05ac30ba1e5a6fe00e79ac957d10c2b369f4055c63b59b9b144be7e49a32ae8ba0ca91c3bbd391e0fa76bb4ba167eedbb0d27ec10a6f203

Download Submit
C:\Windows\System\HKjrRLG.exe

Filesize
1.7MB

MD5
191157ad013191948722882b7e3830ec

SHA1
fcfbf0c9279a5f48d952f2fcac291e90be4cef30

SHA256
8449a0f59b0c8ad3d083fd87a31deb81cfd5128a6452f15ba2582cc762271766

SHA512
3a02a639b63506c23c69bbe9fb336e8cb2edab3fb2709ed22e659f1cc63a72f9ac341148286855d817ab13cb30d36e05fe35896ec929b3e9fcbaa9a7aad31cb1

Download Submit
C:\Windows\System\KSjkWvH.exe

Filesize
1.7MB

MD5
8559f70f3e904cfcb94e62546fc5262d

SHA1
2148eb0bc201611a00b6a11c8c4af17877ca86a6

SHA256
0b6294212781af5698c91e9a8700b66207800bc8e0adba6510be60ae1ada0ca0

SHA512
53c9955f3af2d9e53dcd6f98c93ee3b8f9ff1fdc014fd57db3c426e75486d5a77a17b48d1a315dcf97de3114fef2d9bdf6a4ee8819c583ba38c4ce4eba751ff3

Download Submit
C:\Windows\System\LcFiinH.exe

Filesize
1.7MB

MD5
9f5cd81be257f581f873663bf6a2de0c

SHA1
85633ab3334e41afc256b37d75bf16b97ce4a2f1

SHA256
01f0952e580910864505df7b0259b3b95155445f2708f3e439abf50939bf666f

SHA512
7589c89d62bab3e95051cb901d36de57abfd1a2a8405e61e3d52de03c2cc32aa2a6a9c82afd76af4b4c8ba895a588b2d12a2b55d2eaad7b176b2983eaba84936

Download Submit
C:\Windows\System\OFUKlVX.exe

Filesize
1.7MB

MD5
240c92f9441e2cfb53c30f6f3d2971ac

SHA1
b24d79f8798fa2676c9fc11e19d9c8633eec5f46

SHA256
c6692a57239faa4fef809248b1c2a409f68a6f0c0da7f6698731bdb527de354c

SHA512
8e74f14ff42713de3ce1e3e9f2b2e83a2cb9ef075f7d41d51243a5da367892d11a4b12e6d13c48706aab6bc8cd4a4bd0c2a61f48620da3997445400fca6a2ad8

Download Submit
C:\Windows\System\PcGIxQs.exe

Filesize
1.7MB

MD5
e5bba2442649af6ac045e2febe58ea7b

SHA1
2456fd4612fb491c2c8bb0c374be910318b943f6

SHA256
716a18088dea4bee7a0d75cbefae8f925ec58d0a89d3eee8af5d53193b171bee

SHA512
5aefcee3bc34932168cf1439b12fafc7f2f1b980c003fa5adf06ca24942588c752daaaf2a13a9b8a513f3f4c452a872fc27c32e5d55fd4a5cf47e41f42efb3f6

Download Submit
C:\Windows\System\RvqgICR.exe

Filesize
1.7MB

MD5
0ea689894bd20c41bc8ddd02f5e6ae09

SHA1
56a7ad5235366deced6f171ae903ea3d510a09b3

SHA256
a171ac3eeda924aa2d512e7bf58e19cc1e4404eb61f3c807100952a55f5f2436

SHA512
130b877f8bdb47dded3d5c4297e43c408b881d420e6cf1e0651160290c750b9db426a716b5bb50d02b0cc87c44e4b8ebc14f31d0d5c58c8ee6afc0c6b1e311ac

Download Submit
C:\Windows\System\SZphPuh.exe

Filesize
1.7MB

MD5
e209bb60f2ba4bb750458cbfcf4bb76c

SHA1
11a953478cd6fd0320040ae11d5b75ab1662a1c6

SHA256
05ad6d3d16db7296039f6bbfd958da35a311f87ff50e7711a7363b1deca53f93

SHA512
4c358e023f23b1d111c1dc7dc83057f5fb01a604c0eafbeb841e0cfef9b9532c855162d2237a8a59a692bfff7bbc5c2df018a43d5a66bc75ce0df7f30f02c805

Download Submit
C:\Windows\System\TpaDDlp.exe

Filesize
1.7MB

MD5
9781b5c7555d19625321ae98071b4e16

SHA1
f5609119b9808c74ee7b73ed7a9e4fb486771198

SHA256
9b30f904ea5e366f2ccb191e42fb4aa2cf2b86132cd1283677d217bddf9d0bd9

SHA512
503169e9392d51f353232989789f4062188daef8d67e82a389507bc7b84926750caf1dbef0e3ea0e5e6f6b3afeef9c6082d723e994ef832ed6b60eb09bb5b24e

Download Submit
C:\Windows\System\UIohLVo.exe

Filesize
1.7MB

MD5
d8f8ce375a12d3f7f8d3112f7baeb786

SHA1
d9722fb2e62acc50d102f6e84c800bfd8ced4475

SHA256
143dc4dc148d7ff84604476235e14966a04ae53a64e9cecc82a29270ddb03d65

SHA512
c591ec2ebf5fc9ce1407f6985e1e0182838161608409c3f70a45b74fa884e4bbd1cc337dac92655a5831b8e2159f7304a1fa2523d81e6b19eb730801421cb47b

Download Submit
C:\Windows\System\UPBMYYE.exe

Filesize
1.7MB

MD5
4bbd00412947d5a3e8c488e11f7ac146

SHA1
8894b710be0f385fe71911061807889970eb615c

SHA256
e1ae7d0c275f1271cc25de58d8d55016c8db5d38ac2ee6c503203362b4833969

SHA512
2a1fab5fe7e073502fbc324066678793a044440aaa684686b9871223cd9b07e7e6a230480def9ca9d50d2b642afcd4cd8036d9eecffaf123616befbab32563ad

Download Submit
C:\Windows\System\VQgRIlH.exe

Filesize
1.7MB

MD5
602ae105a2611583b0d4705c0208fe51

SHA1
f493b2118e028c9fe68710fa7b4683bee090d9d1

SHA256
26e6d95ff3341958b23770de64d82fcbc63d680966068d9c122a557f902532aa

SHA512
0a954727325cb3dfa5d2c5e0b5b2faebeefeb9e08b70d60c63d6833045e72210308c99dfb59f02d1285bb0ea4e7a7a7974a5731b22cb8e3f0a055bdaa3f06204

Download Submit
C:\Windows\System\XJiFasN.exe

Filesize
1.7MB

MD5
73568b3010cd69d8798a51c0d4be5595

SHA1
12aa2d05e726875dcaa772fd97051c33539cdbec

SHA256
35bf40fa9053bf69950e14c69d97639d3c9bf3a33d6c3ebd6eeefcd67c4642b0

SHA512
9850dc72947d4086e6bbd05dc0d78335779f4371ee430aaaec93565bb0d1a7b45dbd995a8a87124726ac2b0a7ed58dfe60fd31f81a011a81c49d2a725261b434

Download Submit
C:\Windows\System\XiGQtlX.exe

Filesize
1.7MB

MD5
be122489dae711d31766befd942e94cc

SHA1
fefd778d37bd731e4a74991deeb6fabd7ed0ebd9

SHA256
74df2115e6331c6054c0e0609318e47ca6c59eba78f65b8ff07a139f84e98b02

SHA512
15b1385dc5b89b72fccda9ead9475daabdd9df1e793d0a839408067988cebdb3be75545b7b29016cb07fdb5d774db3cf6800aac7fd675abf8b11976a4a231a1f

Download Submit
C:\Windows\System\YDwkYna.exe

Filesize
1.7MB

MD5
8005fb2002f0f9533f78bd0c5ecb584d

SHA1
a096bc53e3640ddc95533922068cbcb72099aef3

SHA256
5f303cc6b9ac80678a5e517d8ed92ede371bc79684c57a23d026b599cdb98764

SHA512
113e89b3a33a3efb284d5cb6a46f6e7adfdf65c79e01f66ba68a938c1de92a35ca27a3e0ed5ce93ff6d262a33da352149a1d8386d50872a66bf57c7ce2a32b3d

Download Submit
C:\Windows\System\cPtXAnq.exe

Filesize
1.7MB

MD5
d14a5bc40c19bbe609ff73a2ba5a4025

SHA1
310dbe4a5f3c6f46a19b441e822a3dd9bf6bfc2b

SHA256
c687d770cb7d840d63e7bdc65ae457e3322962e276e5d635a412ee7927c4f713

SHA512
e5f0c83511ce7bfba04c3fa9afe2bf389d4f5596e8bb7ddf6b5e76c22b1c75f89fcccb1521946feb8d1210949de86cee85d34bae153c41ef8dec1d6f8b6b1082

Download Submit
C:\Windows\System\cZYPniE.exe

Filesize
1.7MB

MD5
d2057197a1fa6f7e90d5dabd5826eab7

SHA1
9f6f55eb4dcd9449e6cc67a10c274b78e52c524c

SHA256
bfade2665264ce8d186486a4489f994f5bd9da86da98d3aacda8ea581ea46dda

SHA512
9035f03ca65c512ba2dfb71af655944fd7a828978a5dacde7474420d372be2010ab245d2997df3a9b948b40a6155821204d65c5e4fd6f5d7ce524626f506d8f5

Download Submit
C:\Windows\System\duXjaxZ.exe

Filesize
1.7MB

MD5
567d995c3bd672583446a6b991f6c153

SHA1
1e0dbe3db616fac5bbc46d84c8da60b434b1c529

SHA256
309b1578759c47471fda6cf8a75fccd02a40780a86c0a658aaf4f9d3bb3f181e

SHA512
af9af41de5a628840e162b800f4012402ee5ae1250dabc75691b9466ff2e8c2e9e94623bd0c2432a9010110b4c9417ed6c47c6b6520dad3224298c63eaf15250

Download Submit
C:\Windows\System\gRAbHLO.exe

Filesize
1.7MB

MD5
0ff5c1f8feb683efcd303e63f90e18b1

SHA1
6dbed65ff4b7d93fd38d203796e75d41eec57398

SHA256
f32ab8b9d2dc1b580e41fd86447379860246a9b80ca58e16db6994e1efc28d34

SHA512
6dfde83d49b7fc49674f58c3c8ae0d0f65723d3ef3fcef814b4f7604585e320279481c477ab52684a2590a562c5c70050f675ba6667b5b71786c031adeb9fe0e

Download Submit
C:\Windows\System\iZGbanA.exe

Filesize
8B

MD5
44bf49d36035eb00f5300ac1a1afc446

SHA1
efe4f6ff307f9caed7f6949e1a19ce6bff5ede19

SHA256
d6adb65d904d88ebbf5f73cace13dbd8ceb7d6b2b977c021ad3b0a4aa99b648f

SHA512
8e76802b3f04a2be9fcb0a504a2aab7f3a79e962c545a85c01bc2528c719fc825f28229de452d4507e45ed92f726c1862885d6f18fa5e01cbf2b77dcdf5d1348

Download Submit
C:\Windows\System\mOMGvuE.exe

Filesize
1.7MB

MD5
f353c732a30b927d1f4311b20634c87b

SHA1
f304555071248d32992a1790cafd65edb9d2b331

SHA256
9f8b6202b7b85fc5d717a81484c5c0c90567c613c086ce25d3a6372486db986a

SHA512
06cf984e1d312fbac4c521a13336b89e5eb3603d21283c407d5a7eba5662da7d40e6d98cdc1ec5e40408721940142e668a19e9b7e89001124fe5307fb83bdff9

Download Submit
C:\Windows\System\micmrEu.exe

Filesize
1.7MB

MD5
55036993d990af7697fb13ff34fd91ae

SHA1
72a1803202c01c9269a61786efa96b17dc28e328

SHA256
b24eb6bafe7ac6619451820b54dc2cfe1f3640cfa5a5dbbec33f78ff0a4a02c0

SHA512
510add450e020f2bdbc4ed0873ea564cce2059194a06e73cea88fd74664db7fe6f2cff861e5b4132f38fa89603657ae008e871177868b590efd8f984870cac5d

Download Submit
C:\Windows\System\pHZuWCz.exe

Filesize
1.7MB

MD5
92e16a41eb7c39a37ec66636119f5e44

SHA1
a9181be4c327f83469d053d191de42c34a011e21

SHA256
01e67d0350a753ebb81af6d4785d799c3e0429c8ca788ca3e1996d183ef2f580

SHA512
31fd40120cdc3655b5e2794734563848d8314647d9a775078c011613a846083a993af19626592722d65b71a6a1bae864e6d5a7c92af991116377ffe202f872db

Download Submit
C:\Windows\System\pmEQWvV.exe

Filesize
1.7MB

MD5
ec4d33ac97c37e114b0c4a2963e7570f

SHA1
f1fa8830e352221e57890d2e80ca367b661fa3fe

SHA256
663036c7f30365e032738c17ad94a5e9b5b99130391c0ea765a5fe46add5eefc

SHA512
be600aefd5f1e67fa337f87082fbb5402ea4a7751b788bb9dfe5ac3eb970f4176899fe66fc60f723add86a30cb1865b3d01e429be2ab429b46fd554bf277da0d

Download Submit
C:\Windows\System\rddfSMr.exe

Filesize
1.7MB

MD5
0d7cc3b3b117aaaeae455a1d419cf290

SHA1
ced7c2eb990b8514a1f6475a8aac9d7e2a68d687

SHA256
c3e20ddbf55312199225949b18ec2d2fd9bbb18e3b210c6f9cb57c08a6363e1d

SHA512
50f04c72d115f1513113a2f591c21100d1e89db9ce14ac4a78e093d971d88c76e81eb90db305fd659c797968bf45e3b7b0630b9835c70f0384c7d8aa9657b4c5

Download Submit
C:\Windows\System\sLuJNgr.exe

Filesize
1.7MB

MD5
cb5984b8077dbbb2915b0052d8ebb2e4

SHA1
1f9a8eafe35e5a57537360cf52a22abe24a9f87b

SHA256
2a588ecacb1267135da3475968d13b603edeba2926056e4fd7d949471226ca34

SHA512
e9b29c23282752a7cbdbd9c3f54ae43544c4f648b00c7d8934315d32c1a80a33a99184e0a39822dadf7309a0f8e1a4294d311068ede09c80c561be34e3cf5b3a

Download Submit
C:\Windows\System\slpPIql.exe

Filesize
1.7MB

MD5
3762dddb82f84f852bd6a3d2e28cbd7d

SHA1
c8c81be40320a92bdc085267a340448cfddec726

SHA256
c0d1ab144ced09ce792e8b45219c3025298483172389d49ea74e47f2ecf3f819

SHA512
d76eae45a926885ba840be0b48d5a10ece5bfb8087a1cb3441c72dfe990fd9384f9fba225ece69361467417f34d96da740a64a95aafdf312becb3d67d803ba46

Download Submit
C:\Windows\System\teVhuCs.exe

Filesize
1.7MB

MD5
8fe65a1676d1e8b406d4127029640e8b

SHA1
e8a838c21933fc1d7ec2f03e34f04d1f74b4496d

SHA256
59e6a537af09142cb4a3541cfc6f8fc13f0974d4386b19e03ba6b3257ae68b4c

SHA512
73d0bdd697a2af9247aca377604164a9f838123292dfa7e7ba214165caafccc5649f4931737cdfe2110f7f615b1d37ca93d2e6f250946e95c793014f719e38f6

Download Submit
C:\Windows\System\uSFaIcA.exe

Filesize
1.7MB

MD5
f3be885a2d8fa52a89906010ef012f0f

SHA1
95596002c986f98e9223ed42cf94e19cb0f57d24

SHA256
09542cbc64085798da731b377c98b02fe8dd85bf232e0112a749bde17d23ab30

SHA512
326b31bc369f2bd98c89c3700b0819f512f8856b776d68b0bcc2e0654d17b25488bb5fbe995521ce8402dd7f47576344e004615c7bcac4a032d1d0883d4ed203

Download Submit
C:\Windows\System\ucAlyOA.exe

Filesize
1.7MB

MD5
2b3abff09fd39ac5b2661a29b25ea880

SHA1
60cd390f25f2c8ce7a205fd219fba6c58335635f

SHA256
a676186d82aeddc770d87745c850e5b11246e28ba1a90e1fb439e9bddd996bdf

SHA512
8322edb8b6ab5507ec6f884a2e9e50354d6844a8dd4e3edda6f929a8da5681b8628605408c587acf228c67cdf6c6a4822f6dcae488bbaec0d67b99386491a809

Download Submit
C:\Windows\System\vVWJCSh.exe

Filesize
1.7MB

MD5
c5695b5092774b4ca08030206bcc5795

SHA1
d3b376298491d6cfbf966ed6e3aa55b09da0c305

SHA256
e8d8831fe938b7dce8115bcd60f5ba7b436566eaf4bc3363452f8e4b6eb43206

SHA512
9e6071db7711809a2c3634950c05d12d9107eca2ffe7e998de293292e978ec900e26345c26f85827707141dee0bd1161445ba7dcfd101bfa935b0a1544fcdba3

Download Submit
C:\Windows\System\wWyAQjz.exe

Filesize
1.7MB

MD5
2308321bb5780ce1068516170f6cc427

SHA1
701b7db83cd9ba97c0c2e581b5dd5216a744db26

SHA256
d640985ae50cd0b95062db5f4055cfce6e95c998539cc02b45ee7faefdd328d0

SHA512
515779b64e2351fb072e716accd0e3b275540225a8f18b0a1b8d9643109ed41b9399f9dc83002cd8975855a8c7e1cb3de75a2b97d5eddd4b0ed20931221eac1b

Download Submit
C:\Windows\System\xXvzbdp.exe

Filesize
1.7MB

MD5
c3e27c67504825c8e391f5f4957be59f

SHA1
d4216416c38242eac734e1a83a66815427af2570

SHA256
f3992a02fdce80eb6b859c0c1e17f7f1038f8395d76fc5b4ec966a4d4d6a93e3

SHA512
3589dcdc64de35e015dae1af64e477214e3ebf32fa31ee2837892b44bbaa6c8e6f663c824c03469d33eda5875cca6eeb8f7540fc33dcfcb2b73d900e9f30401a

Download Submit
memory/452-431-0x00007FF69A950000-0x00007FF69AD42000-memory.dmp

Filesize
3.9MB

Download
memory/452-4378-0x00007FF69A950000-0x00007FF69AD42000-memory.dmp

Filesize
3.9MB

Download
memory/728-331-0x00007FF6244B0000-0x00007FF6248A2000-memory.dmp

Filesize
3.9MB

Download
memory/728-4385-0x00007FF6244B0000-0x00007FF6248A2000-memory.dmp

Filesize
3.9MB

Download
memory/964-864-0x00007FF72CAA0000-0x00007FF72CE92000-memory.dmp

Filesize
3.9MB

Download
memory/964-4353-0x00007FF72CAA0000-0x00007FF72CE92000-memory.dmp

Filesize
3.9MB

Download
memory/1028-620-0x00007FF6348E0000-0x00007FF634CD2000-memory.dmp

Filesize
3.9MB

Download
memory/1028-4307-0x00007FF6348E0000-0x00007FF634CD2000-memory.dmp

Filesize
3.9MB

Download
memory/1336-4295-0x00007FF6034B0000-0x00007FF6038A2000-memory.dmp

Filesize
3.9MB

Download
memory/1336-552-0x00007FF6034B0000-0x00007FF6038A2000-memory.dmp

Filesize
3.9MB

Download
memory/1452-360-0x00007FF7F4B90000-0x00007FF7F4F82000-memory.dmp

Filesize
3.9MB

Download
memory/1452-4354-0x00007FF7F4B90000-0x00007FF7F4F82000-memory.dmp

Filesize
3.9MB

Download
memory/1992-40-0x00007FF6E4100000-0x00007FF6E44F2000-memory.dmp

Filesize
3.9MB

Download
memory/1992-4289-0x00007FF6E4100000-0x00007FF6E44F2000-memory.dmp

Filesize
3.9MB

Download
memory/2152-247-0x00007FF706650000-0x00007FF706A42000-memory.dmp

Filesize
3.9MB

Download
memory/2152-4334-0x00007FF706650000-0x00007FF706A42000-memory.dmp

Filesize
3.9MB

Download
memory/2444-359-0x00007FF77C8D0000-0x00007FF77CCC2000-memory.dmp

Filesize
3.9MB

Download
memory/2444-4379-0x00007FF77C8D0000-0x00007FF77CCC2000-memory.dmp

Filesize
3.9MB

Download
memory/2552-2627-0x00007FF667BC0000-0x00007FF667FB2000-memory.dmp

Filesize
3.9MB

Download
memory/2552-4303-0x00007FF667BC0000-0x00007FF667FB2000-memory.dmp

Filesize
3.9MB

Download
memory/2552-99-0x00007FF667BC0000-0x00007FF667FB2000-memory.dmp

Filesize
3.9MB

Download
memory/2800-162-0x00007FF790B30000-0x00007FF790F22000-memory.dmp

Filesize
3.9MB

Download
memory/2800-4315-0x00007FF790B30000-0x00007FF790F22000-memory.dmp

Filesize
3.9MB

Download
memory/2976-4302-0x00007FF7C0FC0000-0x00007FF7C13B2000-memory.dmp

Filesize
3.9MB

Download
memory/2976-67-0x00007FF7C0FC0000-0x00007FF7C13B2000-memory.dmp

Filesize
3.9MB

Download
memory/2976-2624-0x00007FF7C0FC0000-0x00007FF7C13B2000-memory.dmp

Filesize
3.9MB

Download
memory/3312-70-0x00007FF62AE30000-0x00007FF62B222000-memory.dmp

Filesize
3.9MB

Download
memory/3312-4305-0x00007FF62AE30000-0x00007FF62B222000-memory.dmp

Filesize
3.9MB

Download
memory/3592-2745-0x00007FF69C090000-0x00007FF69C482000-memory.dmp

Filesize
3.9MB

Download
memory/3592-178-0x00007FF69C090000-0x00007FF69C482000-memory.dmp

Filesize
3.9MB

Download
memory/3592-4391-0x00007FF69C090000-0x00007FF69C482000-memory.dmp

Filesize
3.9MB

Download
memory/3684-140-0x00007FF61C760000-0x00007FF61CB52000-memory.dmp

Filesize
3.9MB

Download
memory/3684-4293-0x00007FF61C760000-0x00007FF61CB52000-memory.dmp

Filesize
3.9MB

Download
memory/4012-4299-0x00007FF6FE360000-0x00007FF6FE752000-memory.dmp

Filesize
3.9MB

Download
memory/4012-157-0x00007FF6FE360000-0x00007FF6FE752000-memory.dmp

Filesize
3.9MB

Download
memory/4348-4388-0x00007FF730980000-0x00007FF730D72000-memory.dmp

Filesize
3.9MB

Download
memory/4348-163-0x00007FF730980000-0x00007FF730D72000-memory.dmp

Filesize
3.9MB

Download
memory/4348-2739-0x00007FF730980000-0x00007FF730D72000-memory.dmp

Filesize
3.9MB

Download
memory/4604-4291-0x00007FF6C07C0000-0x00007FF6C0BB2000-memory.dmp

Filesize
3.9MB

Download
memory/4604-20-0x00007FF6C07C0000-0x00007FF6C0BB2000-memory.dmp

Filesize
3.9MB

Download
memory/4612-158-0x00007FF6372F0000-0x00007FF6376E2000-memory.dmp

Filesize
3.9MB

Download
memory/4612-4298-0x00007FF6372F0000-0x00007FF6376E2000-memory.dmp

Filesize
3.9MB

Download
memory/4668-0-0x00007FF6BB9E0000-0x00007FF6BBDD2000-memory.dmp

Filesize
3.9MB

Download
memory/4668-1-0x000001C038B80000-0x000001C038B90000-memory.dmp

Filesize
64KB

Download
memory/4764-4309-0x00007FF706760000-0x00007FF706B52000-memory.dmp

Filesize
3.9MB

Download
memory/4764-159-0x00007FF706760000-0x00007FF706B52000-memory.dmp

Filesize
3.9MB

Download
memory/4772-275-0x00007FF69C120000-0x00007FF69C512000-memory.dmp

Filesize
3.9MB

Download
memory/4772-4364-0x00007FF69C120000-0x00007FF69C512000-memory.dmp

Filesize
3.9MB

Download
memory/4864-160-0x00007FF646360000-0x00007FF646752000-memory.dmp

Filesize
3.9MB

Download
memory/4864-4311-0x00007FF646360000-0x00007FF646752000-memory.dmp

Filesize
3.9MB

Download
memory/4876-665-0x00007FF75EC10000-0x00007FF75F002000-memory.dmp

Filesize
3.9MB

Download
memory/4876-4330-0x00007FF75EC10000-0x00007FF75F002000-memory.dmp

Filesize
3.9MB

Download
memory/4888-161-0x00007FF715520000-0x00007FF715912000-memory.dmp

Filesize
3.9MB

Download
memory/4888-4313-0x00007FF715520000-0x00007FF715912000-memory.dmp

Filesize
3.9MB

Download