xmrig | 8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709

Analysis

max time kernel
18s
max time network
142s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/03/2024, 21:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
Size

3.8MB
MD5

a0f691e9f2ddb3f993d8b6ca9e6f0fc9
SHA1

60553f5fd659f9471d5df8b3e45b83f3b8683767
SHA256

8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709
SHA512

3cc7d738ac4391abd4ba7c1d57200d8693a2cd0394e9a1af0865a45b5ccc2fe0cdfa00d8ce1fd198eb9695d9be0941fcf2e2565cf9629c506018076093191937
SSDEEP

98304:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrWg:SbBeSFkM

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 64 IoCs

resource	yara_rule
behavioral1/memory/1712-0-0x000000013F460000-0x000000013F856000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x000a000000012255-6.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000015023-57.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x00060000000155e3-73.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000015642-77.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000015bb9-89.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000015bb9-87.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000015c7c-101.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000015642-75.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000015136-61.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000015023-55.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000014e5a-53.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x000900000001444f-47.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x001400000000549e-44.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0008000000014319-41.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2772-40-0x000000013F560000-0x000000013F956000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0033000000013f21-22.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0007000000014216-14.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x000c0000000136fc-8.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000015cb9-151.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2704-150-0x000000013F150000-0x000000013F546000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000015cb9-141.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000015ca5-140.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000015cad-135.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000015c9c-133.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000015cad-130.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000015c9c-124.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000015c6d-95.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000015cdb-158.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2636-163-0x000000013F690000-0x000000013FA86000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000015cca-156.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2736-164-0x000000013F4E0000-0x000000013F8D6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2608-177-0x000000013F900000-0x000000013FCF6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000015d06-181.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000015cf7-178.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2516-312-0x000000013F7F0000-0x000000013FBE6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2316-340-0x000000013F880000-0x000000013FC76000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2524-393-0x000000013F240000-0x000000013F636000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2244-418-0x000000013F670000-0x000000013FA66000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2184-567-0x000000013F620000-0x000000013FA16000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/3064-783-0x000000013F970000-0x000000013FD66000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/3064-1098-0x000000013F970000-0x000000013FD66000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2244-1096-0x000000013F670000-0x000000013FA66000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2516-1089-0x000000013F7F0000-0x000000013FBE6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2704-1088-0x000000013F150000-0x000000013F546000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2608-1087-0x000000013F900000-0x000000013FCF6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2772-1086-0x000000013F560000-0x000000013F956000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2736-1160-0x000000013F4E0000-0x000000013F8D6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2636-1159-0x000000013F690000-0x000000013FA86000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2900-1167-0x000000013FEE0000-0x00000001402D6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1508-1166-0x000000013FD90000-0x0000000140186000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2028-1165-0x000000013FD90000-0x0000000140186000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2880-1164-0x000000013F200000-0x000000013F5F6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2316-1163-0x000000013F880000-0x000000013FC76000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2524-1162-0x000000013F240000-0x000000013F636000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2184-1161-0x000000013F620000-0x000000013FA16000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2196-1311-0x000000013F420000-0x000000013F816000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2796-1241-0x000000013F930000-0x000000013FD26000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/612-1240-0x000000013FB50000-0x000000013FF46000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2852-1239-0x000000013FBC0000-0x000000013FFB6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2820-1238-0x000000013FDD0000-0x00000001401C6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1000-1237-0x000000013FA10000-0x000000013FE06000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1920-1236-0x000000013F1F0000-0x000000013F5E6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2444-1235-0x000000013F050000-0x000000013F446000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral1/memory/1712-0-0x000000013F460000-0x000000013F856000-memory.dmp	UPX
behavioral1/files/0x000a000000012255-6.dat	UPX
behavioral1/files/0x0006000000015023-57.dat	UPX
behavioral1/files/0x00060000000155e3-73.dat	UPX
behavioral1/files/0x0006000000015642-77.dat	UPX
behavioral1/files/0x0006000000015bb9-89.dat	UPX
behavioral1/files/0x0006000000015bb9-87.dat	UPX
behavioral1/files/0x0006000000015c7c-101.dat	UPX
behavioral1/files/0x0006000000015642-75.dat	UPX
behavioral1/files/0x0006000000015136-61.dat	UPX
behavioral1/files/0x0006000000015023-55.dat	UPX
behavioral1/files/0x0006000000014e5a-53.dat	UPX
behavioral1/files/0x000900000001444f-47.dat	UPX
behavioral1/files/0x001400000000549e-44.dat	UPX
behavioral1/files/0x0008000000014319-41.dat	UPX
behavioral1/memory/2772-40-0x000000013F560000-0x000000013F956000-memory.dmp	UPX
behavioral1/files/0x0033000000013f21-22.dat	UPX
behavioral1/files/0x0007000000014216-14.dat	UPX
behavioral1/files/0x000c0000000136fc-8.dat	UPX
behavioral1/files/0x0006000000015cb9-151.dat	UPX
behavioral1/memory/2704-150-0x000000013F150000-0x000000013F546000-memory.dmp	UPX
behavioral1/files/0x0006000000015cb9-141.dat	UPX
behavioral1/files/0x0006000000015ca5-140.dat	UPX
behavioral1/files/0x0006000000015cad-135.dat	UPX
behavioral1/files/0x0006000000015c9c-133.dat	UPX
behavioral1/files/0x0006000000015cad-130.dat	UPX
behavioral1/files/0x0006000000015c9c-124.dat	UPX
behavioral1/files/0x0006000000015c6d-95.dat	UPX
behavioral1/files/0x0006000000015cdb-158.dat	UPX
behavioral1/memory/2636-163-0x000000013F690000-0x000000013FA86000-memory.dmp	UPX
behavioral1/files/0x0006000000015cca-156.dat	UPX
behavioral1/memory/2736-164-0x000000013F4E0000-0x000000013F8D6000-memory.dmp	UPX
behavioral1/memory/2608-177-0x000000013F900000-0x000000013FCF6000-memory.dmp	UPX
behavioral1/files/0x0006000000015d06-181.dat	UPX
behavioral1/files/0x0006000000015cf7-178.dat	UPX
behavioral1/memory/2516-312-0x000000013F7F0000-0x000000013FBE6000-memory.dmp	UPX
behavioral1/memory/2316-340-0x000000013F880000-0x000000013FC76000-memory.dmp	UPX
behavioral1/memory/2524-393-0x000000013F240000-0x000000013F636000-memory.dmp	UPX
behavioral1/memory/2244-418-0x000000013F670000-0x000000013FA66000-memory.dmp	UPX
behavioral1/memory/2184-567-0x000000013F620000-0x000000013FA16000-memory.dmp	UPX
behavioral1/memory/3064-783-0x000000013F970000-0x000000013FD66000-memory.dmp	UPX
behavioral1/memory/3064-1098-0x000000013F970000-0x000000013FD66000-memory.dmp	UPX
behavioral1/memory/2244-1096-0x000000013F670000-0x000000013FA66000-memory.dmp	UPX
behavioral1/memory/2516-1089-0x000000013F7F0000-0x000000013FBE6000-memory.dmp	UPX
behavioral1/memory/2704-1088-0x000000013F150000-0x000000013F546000-memory.dmp	UPX
behavioral1/memory/2608-1087-0x000000013F900000-0x000000013FCF6000-memory.dmp	UPX
behavioral1/memory/2772-1086-0x000000013F560000-0x000000013F956000-memory.dmp	UPX
behavioral1/memory/2736-1160-0x000000013F4E0000-0x000000013F8D6000-memory.dmp	UPX
behavioral1/memory/2636-1159-0x000000013F690000-0x000000013FA86000-memory.dmp	UPX
behavioral1/memory/2900-1167-0x000000013FEE0000-0x00000001402D6000-memory.dmp	UPX
behavioral1/memory/1508-1166-0x000000013FD90000-0x0000000140186000-memory.dmp	UPX
behavioral1/memory/2028-1165-0x000000013FD90000-0x0000000140186000-memory.dmp	UPX
behavioral1/memory/2880-1164-0x000000013F200000-0x000000013F5F6000-memory.dmp	UPX
behavioral1/memory/2316-1163-0x000000013F880000-0x000000013FC76000-memory.dmp	UPX
behavioral1/memory/2524-1162-0x000000013F240000-0x000000013F636000-memory.dmp	UPX
behavioral1/memory/2184-1161-0x000000013F620000-0x000000013FA16000-memory.dmp	UPX
behavioral1/memory/2196-1311-0x000000013F420000-0x000000013F816000-memory.dmp	UPX
behavioral1/memory/2796-1241-0x000000013F930000-0x000000013FD26000-memory.dmp	UPX
behavioral1/memory/612-1240-0x000000013FB50000-0x000000013FF46000-memory.dmp	UPX
behavioral1/memory/2852-1239-0x000000013FBC0000-0x000000013FFB6000-memory.dmp	UPX
behavioral1/memory/2820-1238-0x000000013FDD0000-0x00000001401C6000-memory.dmp	UPX
behavioral1/memory/1000-1237-0x000000013FA10000-0x000000013FE06000-memory.dmp	UPX
behavioral1/memory/1920-1236-0x000000013F1F0000-0x000000013F5E6000-memory.dmp	UPX
behavioral1/memory/2444-1235-0x000000013F050000-0x000000013F446000-memory.dmp	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1712-0-0x000000013F460000-0x000000013F856000-memory.dmp	xmrig
behavioral1/files/0x000a000000012255-6.dat	xmrig
behavioral1/files/0x0006000000015023-57.dat	xmrig
behavioral1/files/0x00060000000155e3-73.dat	xmrig
behavioral1/files/0x0006000000015642-77.dat	xmrig
behavioral1/files/0x0006000000015bb9-89.dat	xmrig
behavioral1/files/0x0006000000015bb9-87.dat	xmrig
behavioral1/files/0x0006000000015c7c-101.dat	xmrig
behavioral1/files/0x0006000000015642-75.dat	xmrig
behavioral1/files/0x0006000000015136-61.dat	xmrig
behavioral1/files/0x0006000000015023-55.dat	xmrig
behavioral1/files/0x0006000000014e5a-53.dat	xmrig
behavioral1/files/0x000900000001444f-47.dat	xmrig
behavioral1/files/0x001400000000549e-44.dat	xmrig
behavioral1/files/0x0008000000014319-41.dat	xmrig
behavioral1/memory/2772-40-0x000000013F560000-0x000000013F956000-memory.dmp	xmrig
behavioral1/files/0x0033000000013f21-22.dat	xmrig
behavioral1/files/0x0007000000014216-14.dat	xmrig
behavioral1/files/0x000c0000000136fc-8.dat	xmrig
behavioral1/files/0x0006000000015cb9-151.dat	xmrig
behavioral1/memory/2704-150-0x000000013F150000-0x000000013F546000-memory.dmp	xmrig
behavioral1/files/0x0006000000015cb9-141.dat	xmrig
behavioral1/files/0x0006000000015ca5-140.dat	xmrig
behavioral1/files/0x0006000000015cad-135.dat	xmrig
behavioral1/files/0x0006000000015c9c-133.dat	xmrig
behavioral1/files/0x0006000000015cad-130.dat	xmrig
behavioral1/files/0x0006000000015c9c-124.dat	xmrig
behavioral1/files/0x0006000000015c6d-95.dat	xmrig
behavioral1/files/0x0006000000015cdb-158.dat	xmrig
behavioral1/memory/2636-163-0x000000013F690000-0x000000013FA86000-memory.dmp	xmrig
behavioral1/files/0x0006000000015cca-156.dat	xmrig
behavioral1/memory/2736-164-0x000000013F4E0000-0x000000013F8D6000-memory.dmp	xmrig
behavioral1/memory/2608-177-0x000000013F900000-0x000000013FCF6000-memory.dmp	xmrig
behavioral1/files/0x0006000000015d06-181.dat	xmrig
behavioral1/files/0x0006000000015cf7-178.dat	xmrig
behavioral1/memory/2516-312-0x000000013F7F0000-0x000000013FBE6000-memory.dmp	xmrig
behavioral1/memory/2316-340-0x000000013F880000-0x000000013FC76000-memory.dmp	xmrig
behavioral1/memory/2524-393-0x000000013F240000-0x000000013F636000-memory.dmp	xmrig
behavioral1/memory/2244-418-0x000000013F670000-0x000000013FA66000-memory.dmp	xmrig
behavioral1/memory/2184-567-0x000000013F620000-0x000000013FA16000-memory.dmp	xmrig
behavioral1/memory/1712-851-0x000000013F930000-0x000000013FD26000-memory.dmp	xmrig
behavioral1/memory/3064-783-0x000000013F970000-0x000000013FD66000-memory.dmp	xmrig
behavioral1/memory/3064-1098-0x000000013F970000-0x000000013FD66000-memory.dmp	xmrig
behavioral1/memory/2244-1096-0x000000013F670000-0x000000013FA66000-memory.dmp	xmrig
behavioral1/memory/2516-1089-0x000000013F7F0000-0x000000013FBE6000-memory.dmp	xmrig
behavioral1/memory/2704-1088-0x000000013F150000-0x000000013F546000-memory.dmp	xmrig
behavioral1/memory/2608-1087-0x000000013F900000-0x000000013FCF6000-memory.dmp	xmrig
behavioral1/memory/2772-1086-0x000000013F560000-0x000000013F956000-memory.dmp	xmrig
behavioral1/memory/2736-1160-0x000000013F4E0000-0x000000013F8D6000-memory.dmp	xmrig
behavioral1/memory/2636-1159-0x000000013F690000-0x000000013FA86000-memory.dmp	xmrig
behavioral1/memory/2900-1167-0x000000013FEE0000-0x00000001402D6000-memory.dmp	xmrig
behavioral1/memory/1508-1166-0x000000013FD90000-0x0000000140186000-memory.dmp	xmrig
behavioral1/memory/2028-1165-0x000000013FD90000-0x0000000140186000-memory.dmp	xmrig
behavioral1/memory/2880-1164-0x000000013F200000-0x000000013F5F6000-memory.dmp	xmrig
behavioral1/memory/2316-1163-0x000000013F880000-0x000000013FC76000-memory.dmp	xmrig
behavioral1/memory/2524-1162-0x000000013F240000-0x000000013F636000-memory.dmp	xmrig
behavioral1/memory/2184-1161-0x000000013F620000-0x000000013FA16000-memory.dmp	xmrig
behavioral1/memory/2196-1311-0x000000013F420000-0x000000013F816000-memory.dmp	xmrig
behavioral1/memory/2796-1241-0x000000013F930000-0x000000013FD26000-memory.dmp	xmrig
behavioral1/memory/612-1240-0x000000013FB50000-0x000000013FF46000-memory.dmp	xmrig
behavioral1/memory/2852-1239-0x000000013FBC0000-0x000000013FFB6000-memory.dmp	xmrig
behavioral1/memory/2820-1238-0x000000013FDD0000-0x00000001401C6000-memory.dmp	xmrig
behavioral1/memory/1000-1237-0x000000013FA10000-0x000000013FE06000-memory.dmp	xmrig
behavioral1/memory/1920-1236-0x000000013F1F0000-0x000000013F5E6000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2772	xhcGLYV.exe
2704	yZHxZzW.exe
2636	ciymSFf.exe
2736	pwCjnll.exe
2608	pbQMvBQ.exe
2516	RSFyRcO.exe
2316	koWUBCU.exe
2524	fNHZYfw.exe
2244	msTMxkP.exe
2184	eQbDFQP.exe
3064	EbIYdVa.exe
2796	SMGEobp.exe
2820	nELpJde.exe
2880	YQAJude.exe
2852	gHEwDmP.exe
2900	IXuvMBM.exe
2560	EaJAsJe.exe
2028	ZcrEAgb.exe
2444	VUJzNqO.exe
1508	oipflpo.exe
1000	LDDklgh.exe
2196	FvGRaIC.exe
2144	kxNKAGY.exe
1920	ZrSAoko.exe
2588	IfFgygL.exe
336	STVQohZ.exe
2352	vFwXQXe.exe
612	vIWjSkN.exe
1688	ardZTfQ.exe
1352	eedikGZ.exe
1088	cahpaJb.exe
500	HHBHqSY.exe
1800	UCTIatv.exe
936	oASFVab.exe
2476	DJWGkpU.exe
920	aUBhRmg.exe
2448	HOBpuwq.exe
2344	kaQgqXz.exe
2256	ePsZVIQ.exe
1092	aDcOKen.exe
2304	YxRTdOX.exe
1812	AmlGcJB.exe
956	GYNIYsO.exe
896	iwIveiw.exe
2064	qiXGGnD.exe
1260	FmsGkId.exe
1304	oIVHuJR.exe
1184	sXgAbCY.exe
1580	DXwlqME.exe
1940	NPNMkPK.exe
2988	TqHUuYd.exe
2968	QDBHTsO.exe
1512	ErdMdYU.exe
2404	COndIzH.exe
2096	zRSHAwq.exe
2776	HHUSDMa.exe
1852	bMLtacT.exe
2892	uOQZylk.exe
1616	NBjTzhT.exe
2740	CxCGBes.exe
2252	xUFRZxM.exe
2964	jQcatTF.exe
2116	NwaGNaS.exe
2400	oFcZKJk.exe

Loads dropped DLL 64 IoCs

pid	Process
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1712-0-0x000000013F460000-0x000000013F856000-memory.dmp	upx
behavioral1/files/0x000a000000012255-6.dat	upx
behavioral1/files/0x0006000000015023-57.dat	upx
behavioral1/files/0x00060000000155e3-73.dat	upx
behavioral1/files/0x0006000000015642-77.dat	upx
behavioral1/files/0x0006000000015bb9-89.dat	upx
behavioral1/files/0x0006000000015bb9-87.dat	upx
behavioral1/files/0x0006000000015c7c-101.dat	upx
behavioral1/files/0x0006000000015642-75.dat	upx
behavioral1/files/0x0006000000015136-61.dat	upx
behavioral1/files/0x0006000000015023-55.dat	upx
behavioral1/files/0x0006000000014e5a-53.dat	upx
behavioral1/files/0x000900000001444f-47.dat	upx
behavioral1/files/0x001400000000549e-44.dat	upx
behavioral1/files/0x0008000000014319-41.dat	upx
behavioral1/memory/2772-40-0x000000013F560000-0x000000013F956000-memory.dmp	upx
behavioral1/files/0x0033000000013f21-22.dat	upx
behavioral1/files/0x0007000000014216-14.dat	upx
behavioral1/files/0x000c0000000136fc-8.dat	upx
behavioral1/files/0x0006000000015cb9-151.dat	upx
behavioral1/memory/2704-150-0x000000013F150000-0x000000013F546000-memory.dmp	upx
behavioral1/files/0x0006000000015cb9-141.dat	upx
behavioral1/files/0x0006000000015ca5-140.dat	upx
behavioral1/files/0x0006000000015cad-135.dat	upx
behavioral1/files/0x0006000000015c9c-133.dat	upx
behavioral1/files/0x0006000000015cad-130.dat	upx
behavioral1/files/0x0006000000015c9c-124.dat	upx
behavioral1/files/0x0006000000015c6d-95.dat	upx
behavioral1/files/0x0006000000015cdb-158.dat	upx
behavioral1/memory/2636-163-0x000000013F690000-0x000000013FA86000-memory.dmp	upx
behavioral1/files/0x0006000000015cca-156.dat	upx
behavioral1/memory/2736-164-0x000000013F4E0000-0x000000013F8D6000-memory.dmp	upx
behavioral1/memory/2608-177-0x000000013F900000-0x000000013FCF6000-memory.dmp	upx
behavioral1/files/0x0006000000015d06-181.dat	upx
behavioral1/files/0x0006000000015cf7-178.dat	upx
behavioral1/memory/2516-312-0x000000013F7F0000-0x000000013FBE6000-memory.dmp	upx
behavioral1/memory/2316-340-0x000000013F880000-0x000000013FC76000-memory.dmp	upx
behavioral1/memory/2524-393-0x000000013F240000-0x000000013F636000-memory.dmp	upx
behavioral1/memory/2244-418-0x000000013F670000-0x000000013FA66000-memory.dmp	upx
behavioral1/memory/2184-567-0x000000013F620000-0x000000013FA16000-memory.dmp	upx
behavioral1/memory/3064-783-0x000000013F970000-0x000000013FD66000-memory.dmp	upx
behavioral1/memory/3064-1098-0x000000013F970000-0x000000013FD66000-memory.dmp	upx
behavioral1/memory/2244-1096-0x000000013F670000-0x000000013FA66000-memory.dmp	upx
behavioral1/memory/2516-1089-0x000000013F7F0000-0x000000013FBE6000-memory.dmp	upx
behavioral1/memory/2704-1088-0x000000013F150000-0x000000013F546000-memory.dmp	upx
behavioral1/memory/2608-1087-0x000000013F900000-0x000000013FCF6000-memory.dmp	upx
behavioral1/memory/2772-1086-0x000000013F560000-0x000000013F956000-memory.dmp	upx
behavioral1/memory/2736-1160-0x000000013F4E0000-0x000000013F8D6000-memory.dmp	upx
behavioral1/memory/2636-1159-0x000000013F690000-0x000000013FA86000-memory.dmp	upx
behavioral1/memory/2900-1167-0x000000013FEE0000-0x00000001402D6000-memory.dmp	upx
behavioral1/memory/1508-1166-0x000000013FD90000-0x0000000140186000-memory.dmp	upx
behavioral1/memory/2028-1165-0x000000013FD90000-0x0000000140186000-memory.dmp	upx
behavioral1/memory/2880-1164-0x000000013F200000-0x000000013F5F6000-memory.dmp	upx
behavioral1/memory/2316-1163-0x000000013F880000-0x000000013FC76000-memory.dmp	upx
behavioral1/memory/2524-1162-0x000000013F240000-0x000000013F636000-memory.dmp	upx
behavioral1/memory/2184-1161-0x000000013F620000-0x000000013FA16000-memory.dmp	upx
behavioral1/memory/2196-1311-0x000000013F420000-0x000000013F816000-memory.dmp	upx
behavioral1/memory/2796-1241-0x000000013F930000-0x000000013FD26000-memory.dmp	upx
behavioral1/memory/612-1240-0x000000013FB50000-0x000000013FF46000-memory.dmp	upx
behavioral1/memory/2852-1239-0x000000013FBC0000-0x000000013FFB6000-memory.dmp	upx
behavioral1/memory/2820-1238-0x000000013FDD0000-0x00000001401C6000-memory.dmp	upx
behavioral1/memory/1000-1237-0x000000013FA10000-0x000000013FE06000-memory.dmp	upx
behavioral1/memory/1920-1236-0x000000013F1F0000-0x000000013F5E6000-memory.dmp	upx
behavioral1/memory/2444-1235-0x000000013F050000-0x000000013F446000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\vIWjSkN.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\DJWGkpU.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\QDBHTsO.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\VUxUJAL.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\eOBwUYp.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\EaJAsJe.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\UCTIatv.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\LbcCeIE.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\smVySYd.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\BoYYMCo.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\cUHlUOa.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\sMwMofb.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\swPHsvL.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\ardZTfQ.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\uOQZylk.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\xUFRZxM.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\eHPdDBQ.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\qMtoJXZ.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\cZRgamS.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\fNHZYfw.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\AdBokkx.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\ChncXnj.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\sHMDCuL.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\VWnhAlc.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\IXuvMBM.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\YxRTdOX.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\aDcOKen.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\DXwlqME.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\qZqIkFq.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\tWQqyUd.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\tJDRFpS.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\eSKtzWS.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\nrSoxha.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\NwaGNaS.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\HJbEMDi.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\cOhrSYF.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\iwIveiw.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\COndIzH.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\oFcZKJk.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\yokFfbw.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\lkOfHcQ.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\voegHRD.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\CjKvbJL.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\oCLPpet.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\STVQohZ.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\AmlGcJB.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\oIVHuJR.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\NPNMkPK.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\kaQgqXz.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\fOkzGxs.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\hkpHkzd.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\jhmWJRa.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\kvMdRqM.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\ztLjZbj.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\fzDOvvZ.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\eQbDFQP.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\CxCGBes.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\CdfQNlB.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\bgRITFW.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\ibhLldD.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\HktiPpr.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\LDDklgh.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\KMrOofp.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
File created	C:\Windows\System\YHbrMYZ.exe	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2572	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
Token: SeLockMemoryPrivilege	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
Token: SeDebugPrivilege	2572	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 2572	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	29
PID 1712 wrote to memory of 2572	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	29
PID 1712 wrote to memory of 2572	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	29
PID 1712 wrote to memory of 2772	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	30
PID 1712 wrote to memory of 2772	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	30
PID 1712 wrote to memory of 2772	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	30
PID 1712 wrote to memory of 2636	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	31
PID 1712 wrote to memory of 2636	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	31
PID 1712 wrote to memory of 2636	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	31
PID 1712 wrote to memory of 2704	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	32
PID 1712 wrote to memory of 2704	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	32
PID 1712 wrote to memory of 2704	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	32
PID 1712 wrote to memory of 2736	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	33
PID 1712 wrote to memory of 2736	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	33
PID 1712 wrote to memory of 2736	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	33
PID 1712 wrote to memory of 2608	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	34
PID 1712 wrote to memory of 2608	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	34
PID 1712 wrote to memory of 2608	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	34
PID 1712 wrote to memory of 2316	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	35
PID 1712 wrote to memory of 2316	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	35
PID 1712 wrote to memory of 2316	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	35
PID 1712 wrote to memory of 2516	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	36
PID 1712 wrote to memory of 2516	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	36
PID 1712 wrote to memory of 2516	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	36
PID 1712 wrote to memory of 2524	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	37
PID 1712 wrote to memory of 2524	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	37
PID 1712 wrote to memory of 2524	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	37
PID 1712 wrote to memory of 2244	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	38
PID 1712 wrote to memory of 2244	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	38
PID 1712 wrote to memory of 2244	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	38
PID 1712 wrote to memory of 2184	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	39
PID 1712 wrote to memory of 2184	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	39
PID 1712 wrote to memory of 2184	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	39
PID 1712 wrote to memory of 3064	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	40
PID 1712 wrote to memory of 3064	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	40
PID 1712 wrote to memory of 3064	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	40
PID 1712 wrote to memory of 2796	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	41
PID 1712 wrote to memory of 2796	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	41
PID 1712 wrote to memory of 2796	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	41
PID 1712 wrote to memory of 2820	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	42
PID 1712 wrote to memory of 2820	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	42
PID 1712 wrote to memory of 2820	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	42
PID 1712 wrote to memory of 2880	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	43
PID 1712 wrote to memory of 2880	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	43
PID 1712 wrote to memory of 2880	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	43
PID 1712 wrote to memory of 2852	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	44
PID 1712 wrote to memory of 2852	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	44
PID 1712 wrote to memory of 2852	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	44
PID 1712 wrote to memory of 2900	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	45
PID 1712 wrote to memory of 2900	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	45
PID 1712 wrote to memory of 2900	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	45
PID 1712 wrote to memory of 2560	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	46
PID 1712 wrote to memory of 2560	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	46
PID 1712 wrote to memory of 2560	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	46
PID 1712 wrote to memory of 2028	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	47
PID 1712 wrote to memory of 2028	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	47
PID 1712 wrote to memory of 2028	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	47
PID 1712 wrote to memory of 2444	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	48
PID 1712 wrote to memory of 2444	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	48
PID 1712 wrote to memory of 2444	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	48
PID 1712 wrote to memory of 1508	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	49
PID 1712 wrote to memory of 1508	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	49
PID 1712 wrote to memory of 1508	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	49
PID 1712 wrote to memory of 1000	1712	8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe	50

C:\Users\Admin\AppData\Local\Temp\8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe
"C:\Users\Admin\AppData\Local\Temp\8108aeefd23c67207604bdb2704103ccb4025ce37d38110eae582aaf78347709.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2572
- C:\Windows\System\xhcGLYV.exe
  C:\Windows\System\xhcGLYV.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\ciymSFf.exe
  C:\Windows\System\ciymSFf.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\yZHxZzW.exe
  C:\Windows\System\yZHxZzW.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\pwCjnll.exe
  C:\Windows\System\pwCjnll.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\pbQMvBQ.exe
  C:\Windows\System\pbQMvBQ.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\koWUBCU.exe
  C:\Windows\System\koWUBCU.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\RSFyRcO.exe
  C:\Windows\System\RSFyRcO.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\fNHZYfw.exe
  C:\Windows\System\fNHZYfw.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\msTMxkP.exe
  C:\Windows\System\msTMxkP.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\eQbDFQP.exe
  C:\Windows\System\eQbDFQP.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\EbIYdVa.exe
  C:\Windows\System\EbIYdVa.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\SMGEobp.exe
  C:\Windows\System\SMGEobp.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\nELpJde.exe
  C:\Windows\System\nELpJde.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\YQAJude.exe
  C:\Windows\System\YQAJude.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\gHEwDmP.exe
  C:\Windows\System\gHEwDmP.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\IXuvMBM.exe
  C:\Windows\System\IXuvMBM.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\EaJAsJe.exe
  C:\Windows\System\EaJAsJe.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\ZcrEAgb.exe
  C:\Windows\System\ZcrEAgb.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\VUJzNqO.exe
  C:\Windows\System\VUJzNqO.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\oipflpo.exe
  C:\Windows\System\oipflpo.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\LDDklgh.exe
  C:\Windows\System\LDDklgh.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\FvGRaIC.exe
  C:\Windows\System\FvGRaIC.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\kxNKAGY.exe
  C:\Windows\System\kxNKAGY.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\IfFgygL.exe
  C:\Windows\System\IfFgygL.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\ZrSAoko.exe
  C:\Windows\System\ZrSAoko.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\vFwXQXe.exe
  C:\Windows\System\vFwXQXe.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\STVQohZ.exe
  C:\Windows\System\STVQohZ.exe
  2⤵
  - Executes dropped EXE
  PID:336
- C:\Windows\System\vIWjSkN.exe
  C:\Windows\System\vIWjSkN.exe
  2⤵
  - Executes dropped EXE
  PID:612
- C:\Windows\System\ardZTfQ.exe
  C:\Windows\System\ardZTfQ.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\eedikGZ.exe
  C:\Windows\System\eedikGZ.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\cahpaJb.exe
  C:\Windows\System\cahpaJb.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\YxRTdOX.exe
  C:\Windows\System\YxRTdOX.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\HHBHqSY.exe
  C:\Windows\System\HHBHqSY.exe
  2⤵
  - Executes dropped EXE
  PID:500
- C:\Windows\System\AmlGcJB.exe
  C:\Windows\System\AmlGcJB.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\UCTIatv.exe
  C:\Windows\System\UCTIatv.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\GYNIYsO.exe
  C:\Windows\System\GYNIYsO.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\oASFVab.exe
  C:\Windows\System\oASFVab.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\FmsGkId.exe
  C:\Windows\System\FmsGkId.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\DJWGkpU.exe
  C:\Windows\System\DJWGkpU.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\oIVHuJR.exe
  C:\Windows\System\oIVHuJR.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\aUBhRmg.exe
  C:\Windows\System\aUBhRmg.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\sXgAbCY.exe
  C:\Windows\System\sXgAbCY.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\HOBpuwq.exe
  C:\Windows\System\HOBpuwq.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\NPNMkPK.exe
  C:\Windows\System\NPNMkPK.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\kaQgqXz.exe
  C:\Windows\System\kaQgqXz.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\TqHUuYd.exe
  C:\Windows\System\TqHUuYd.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\ePsZVIQ.exe
  C:\Windows\System\ePsZVIQ.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\QDBHTsO.exe
  C:\Windows\System\QDBHTsO.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\aDcOKen.exe
  C:\Windows\System\aDcOKen.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\ErdMdYU.exe
  C:\Windows\System\ErdMdYU.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\iwIveiw.exe
  C:\Windows\System\iwIveiw.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\COndIzH.exe
  C:\Windows\System\COndIzH.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\qiXGGnD.exe
  C:\Windows\System\qiXGGnD.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\zRSHAwq.exe
  C:\Windows\System\zRSHAwq.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\DXwlqME.exe
  C:\Windows\System\DXwlqME.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\wvpOfmY.exe
  C:\Windows\System\wvpOfmY.exe
  2⤵
  PID:2728
- C:\Windows\System\HHUSDMa.exe
  C:\Windows\System\HHUSDMa.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\eSKtzWS.exe
  C:\Windows\System\eSKtzWS.exe
  2⤵
  PID:3016
- C:\Windows\System\bMLtacT.exe
  C:\Windows\System\bMLtacT.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\hzeIAqM.exe
  C:\Windows\System\hzeIAqM.exe
  2⤵
  PID:2844
- C:\Windows\System\uOQZylk.exe
  C:\Windows\System\uOQZylk.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\qZqIkFq.exe
  C:\Windows\System\qZqIkFq.exe
  2⤵
  PID:2208
- C:\Windows\System\NBjTzhT.exe
  C:\Windows\System\NBjTzhT.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\XJTBGOQ.exe
  C:\Windows\System\XJTBGOQ.exe
  2⤵
  PID:2992
- C:\Windows\System\CxCGBes.exe
  C:\Windows\System\CxCGBes.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\nrSoxha.exe
  C:\Windows\System\nrSoxha.exe
  2⤵
  PID:2724
- C:\Windows\System\xUFRZxM.exe
  C:\Windows\System\xUFRZxM.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\LbcCeIE.exe
  C:\Windows\System\LbcCeIE.exe
  2⤵
  PID:1704
- C:\Windows\System\jQcatTF.exe
  C:\Windows\System\jQcatTF.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\gIuSWPA.exe
  C:\Windows\System\gIuSWPA.exe
  2⤵
  PID:2780
- C:\Windows\System\NwaGNaS.exe
  C:\Windows\System\NwaGNaS.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\CdfQNlB.exe
  C:\Windows\System\CdfQNlB.exe
  2⤵
  PID:2652
- C:\Windows\System\oFcZKJk.exe
  C:\Windows\System\oFcZKJk.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\BoYYMCo.exe
  C:\Windows\System\BoYYMCo.exe
  2⤵
  PID:872
- C:\Windows\System\KMrOofp.exe
  C:\Windows\System\KMrOofp.exe
  2⤵
  PID:2508
- C:\Windows\System\dOvMPbF.exe
  C:\Windows\System\dOvMPbF.exe
  2⤵
  PID:2836
- C:\Windows\System\AIHIRGJ.exe
  C:\Windows\System\AIHIRGJ.exe
  2⤵
  PID:2868
- C:\Windows\System\IAGqbxL.exe
  C:\Windows\System\IAGqbxL.exe
  2⤵
  PID:1124
- C:\Windows\System\jhmWJRa.exe
  C:\Windows\System\jhmWJRa.exe
  2⤵
  PID:1916
- C:\Windows\System\tWQqyUd.exe
  C:\Windows\System\tWQqyUd.exe
  2⤵
  PID:2856
- C:\Windows\System\fOkzGxs.exe
  C:\Windows\System\fOkzGxs.exe
  2⤵
  PID:1648
- C:\Windows\System\xPCsnDP.exe
  C:\Windows\System\xPCsnDP.exe
  2⤵
  PID:656
- C:\Windows\System\mLgMrxz.exe
  C:\Windows\System\mLgMrxz.exe
  2⤵
  PID:1644
- C:\Windows\System\KliyYgH.exe
  C:\Windows\System\KliyYgH.exe
  2⤵
  PID:2040
- C:\Windows\System\VUxUJAL.exe
  C:\Windows\System\VUxUJAL.exe
  2⤵
  PID:1336
- C:\Windows\System\cUHlUOa.exe
  C:\Windows\System\cUHlUOa.exe
  2⤵
  PID:1748
- C:\Windows\System\DeAKiTb.exe
  C:\Windows\System\DeAKiTb.exe
  2⤵
  PID:2260
- C:\Windows\System\ctnKOYC.exe
  C:\Windows\System\ctnKOYC.exe
  2⤵
  PID:900
- C:\Windows\System\eOBwUYp.exe
  C:\Windows\System\eOBwUYp.exe
  2⤵
  PID:2584
- C:\Windows\System\bgRITFW.exe
  C:\Windows\System\bgRITFW.exe
  2⤵
  PID:2700
- C:\Windows\System\OyfNshD.exe
  C:\Windows\System\OyfNshD.exe
  2⤵
  PID:2012
- C:\Windows\System\doSfPeF.exe
  C:\Windows\System\doSfPeF.exe
  2⤵
  PID:820
- C:\Windows\System\IloXFKP.exe
  C:\Windows\System\IloXFKP.exe
  2⤵
  PID:2708
- C:\Windows\System\KIGimMZ.exe
  C:\Windows\System\KIGimMZ.exe
  2⤵
  PID:2568
- C:\Windows\System\NNEaJOV.exe
  C:\Windows\System\NNEaJOV.exe
  2⤵
  PID:2812
- C:\Windows\System\dJRAtKY.exe
  C:\Windows\System\dJRAtKY.exe
  2⤵
  PID:2240
- C:\Windows\System\CjKvbJL.exe
  C:\Windows\System\CjKvbJL.exe
  2⤵
  PID:2000
- C:\Windows\System\ahFrkzc.exe
  C:\Windows\System\ahFrkzc.exe
  2⤵
  PID:2016
- C:\Windows\System\VnZkCSB.exe
  C:\Windows\System\VnZkCSB.exe
  2⤵
  PID:1384
- C:\Windows\System\eHPdDBQ.exe
  C:\Windows\System\eHPdDBQ.exe
  2⤵
  PID:2072
- C:\Windows\System\EfoxdVb.exe
  C:\Windows\System\EfoxdVb.exe
  2⤵
  PID:1552
- C:\Windows\System\oCLPpet.exe
  C:\Windows\System\oCLPpet.exe
  2⤵
  PID:1312
- C:\Windows\System\fWknuGG.exe
  C:\Windows\System\fWknuGG.exe
  2⤵
  PID:572
- C:\Windows\System\TJIyYxT.exe
  C:\Windows\System\TJIyYxT.exe
  2⤵
  PID:2376
- C:\Windows\System\VwwPgmD.exe
  C:\Windows\System\VwwPgmD.exe
  2⤵
  PID:2228
- C:\Windows\System\YHbrMYZ.exe
  C:\Windows\System\YHbrMYZ.exe
  2⤵
  PID:1784
- C:\Windows\System\TtWQgaA.exe
  C:\Windows\System\TtWQgaA.exe
  2⤵
  PID:844
- C:\Windows\System\kvMdRqM.exe
  C:\Windows\System\kvMdRqM.exe
  2⤵
  PID:1620
- C:\Windows\System\sHMDCuL.exe
  C:\Windows\System\sHMDCuL.exe
  2⤵
  PID:2464
- C:\Windows\System\wILWsPQ.exe
  C:\Windows\System\wILWsPQ.exe
  2⤵
  PID:1136
- C:\Windows\System\sBOyblb.exe
  C:\Windows\System\sBOyblb.exe
  2⤵
  PID:1256
- C:\Windows\System\Omdssfu.exe
  C:\Windows\System\Omdssfu.exe
  2⤵
  PID:2212
- C:\Windows\System\gwVMoqy.exe
  C:\Windows\System\gwVMoqy.exe
  2⤵
  PID:2896
- C:\Windows\System\HbMgolB.exe
  C:\Windows\System\HbMgolB.exe
  2⤵
  PID:1804
- C:\Windows\System\HJbEMDi.exe
  C:\Windows\System\HJbEMDi.exe
  2⤵
  PID:616
- C:\Windows\System\ztLjZbj.exe
  C:\Windows\System\ztLjZbj.exe
  2⤵
  PID:700
- C:\Windows\System\FzHtAbM.exe
  C:\Windows\System\FzHtAbM.exe
  2⤵
  PID:2136
- C:\Windows\System\smVySYd.exe
  C:\Windows\System\smVySYd.exe
  2⤵
  PID:2696
- C:\Windows\System\KGwRSXG.exe
  C:\Windows\System\KGwRSXG.exe
  2⤵
  PID:2792
- C:\Windows\System\caHkEMg.exe
  C:\Windows\System\caHkEMg.exe
  2⤵
  PID:1036
- C:\Windows\System\hkpHkzd.exe
  C:\Windows\System\hkpHkzd.exe
  2⤵
  PID:1844
- C:\Windows\System\AdBokkx.exe
  C:\Windows\System\AdBokkx.exe
  2⤵
  PID:2832
- C:\Windows\System\VWnhAlc.exe
  C:\Windows\System\VWnhAlc.exe
  2⤵
  PID:2020
- C:\Windows\System\nCGcDAx.exe
  C:\Windows\System\nCGcDAx.exe
  2⤵
  PID:2268
- C:\Windows\System\XiLiJOl.exe
  C:\Windows\System\XiLiJOl.exe
  2⤵
  PID:996
- C:\Windows\System\iykdkTh.exe
  C:\Windows\System\iykdkTh.exe
  2⤵
  PID:2084
- C:\Windows\System\lltiajJ.exe
  C:\Windows\System\lltiajJ.exe
  2⤵
  PID:2120
- C:\Windows\System\qMtoJXZ.exe
  C:\Windows\System\qMtoJXZ.exe
  2⤵
  PID:2672
- C:\Windows\System\chaZtyg.exe
  C:\Windows\System\chaZtyg.exe
  2⤵
  PID:2312
- C:\Windows\System\JrGZpan.exe
  C:\Windows\System\JrGZpan.exe
  2⤵
  PID:2564
- C:\Windows\System\aGXdOUP.exe
  C:\Windows\System\aGXdOUP.exe
  2⤵
  PID:2472
- C:\Windows\System\TvVeRqH.exe
  C:\Windows\System\TvVeRqH.exe
  2⤵
  PID:1708
- C:\Windows\System\sWoMHSd.exe
  C:\Windows\System\sWoMHSd.exe
  2⤵
  PID:2612
- C:\Windows\System\yokFfbw.exe
  C:\Windows\System\yokFfbw.exe
  2⤵
  PID:2984
- C:\Windows\System\mThkhCO.exe
  C:\Windows\System\mThkhCO.exe
  2⤵
  PID:1640
- C:\Windows\System\lkOfHcQ.exe
  C:\Windows\System\lkOfHcQ.exe
  2⤵
  PID:3164
- C:\Windows\System\rLEnTVp.exe
  C:\Windows\System\rLEnTVp.exe
  2⤵
  PID:3180
- C:\Windows\System\HktiPpr.exe
  C:\Windows\System\HktiPpr.exe
  2⤵
  PID:3196
- C:\Windows\System\XXCoYFn.exe
  C:\Windows\System\XXCoYFn.exe
  2⤵
  PID:3212
- C:\Windows\System\MEPOZlQ.exe
  C:\Windows\System\MEPOZlQ.exe
  2⤵
  PID:3228
- C:\Windows\System\Ubfbtzp.exe
  C:\Windows\System\Ubfbtzp.exe
  2⤵
  PID:3244
- C:\Windows\System\ChncXnj.exe
  C:\Windows\System\ChncXnj.exe
  2⤵
  PID:3260
- C:\Windows\System\fzDOvvZ.exe
  C:\Windows\System\fzDOvvZ.exe
  2⤵
  PID:3276
- C:\Windows\System\pfqVxVt.exe
  C:\Windows\System\pfqVxVt.exe
  2⤵
  PID:3292
- C:\Windows\System\sMwMofb.exe
  C:\Windows\System\sMwMofb.exe
  2⤵
  PID:3308
- C:\Windows\System\cZRgamS.exe
  C:\Windows\System\cZRgamS.exe
  2⤵
  PID:3324
- C:\Windows\System\GNDJpEO.exe
  C:\Windows\System\GNDJpEO.exe
  2⤵
  PID:3340
- C:\Windows\System\ibhLldD.exe
  C:\Windows\System\ibhLldD.exe
  2⤵
  PID:3356
- C:\Windows\System\eTLEuIL.exe
  C:\Windows\System\eTLEuIL.exe
  2⤵
  PID:3372
- C:\Windows\System\cOhrSYF.exe
  C:\Windows\System\cOhrSYF.exe
  2⤵
  PID:3388
- C:\Windows\System\EbAHfFv.exe
  C:\Windows\System\EbAHfFv.exe
  2⤵
  PID:3404
- C:\Windows\System\TNmssJS.exe
  C:\Windows\System\TNmssJS.exe
  2⤵
  PID:3420
- C:\Windows\System\kyjqLme.exe
  C:\Windows\System\kyjqLme.exe
  2⤵
  PID:3436
- C:\Windows\System\ryPlLfQ.exe
  C:\Windows\System\ryPlLfQ.exe
  2⤵
  PID:3452
- C:\Windows\System\swPHsvL.exe
  C:\Windows\System\swPHsvL.exe
  2⤵
  PID:3468
- C:\Windows\System\EJzAzMk.exe
  C:\Windows\System\EJzAzMk.exe
  2⤵
  PID:3484
- C:\Windows\System\tJDRFpS.exe
  C:\Windows\System\tJDRFpS.exe
  2⤵
  PID:3500
- C:\Windows\System\GHIQUpS.exe
  C:\Windows\System\GHIQUpS.exe
  2⤵
  PID:3516
- C:\Windows\System\voegHRD.exe
  C:\Windows\System\voegHRD.exe
  2⤵
  PID:3636
- C:\Windows\System\RvyBasY.exe
  C:\Windows\System\RvyBasY.exe
  2⤵
  PID:3652
- C:\Windows\System\fzhADLj.exe
  C:\Windows\System\fzhADLj.exe
  2⤵
  PID:3668
- C:\Windows\System\cKVUAqe.exe
  C:\Windows\System\cKVUAqe.exe
  2⤵
  PID:3684
- C:\Windows\System\qCLQwnm.exe
  C:\Windows\System\qCLQwnm.exe
  2⤵
  PID:3700
- C:\Windows\System\YfmcOLX.exe
  C:\Windows\System\YfmcOLX.exe
  2⤵
  PID:3716
- C:\Windows\System\TZihGEG.exe
  C:\Windows\System\TZihGEG.exe
  2⤵
  PID:3732
- C:\Windows\System\tbgFJnq.exe
  C:\Windows\System\tbgFJnq.exe
  2⤵
  PID:3748
- C:\Windows\System\ZsgCTdD.exe
  C:\Windows\System\ZsgCTdD.exe
  2⤵
  PID:3764
- C:\Windows\System\MVUtTik.exe
  C:\Windows\System\MVUtTik.exe
  2⤵
  PID:3780
- C:\Windows\System\Uztyfha.exe
  C:\Windows\System\Uztyfha.exe
  2⤵
  PID:3796
- C:\Windows\System\kqSbefT.exe
  C:\Windows\System\kqSbefT.exe
  2⤵
  PID:3812
- C:\Windows\System\JkbACwV.exe
  C:\Windows\System\JkbACwV.exe
  2⤵
  PID:3836
- C:\Windows\System\RIxgYId.exe
  C:\Windows\System\RIxgYId.exe
  2⤵
  PID:3852
- C:\Windows\System\oIkxnZU.exe
  C:\Windows\System\oIkxnZU.exe
  2⤵
  PID:3868
- C:\Windows\System\OzBVuJe.exe
  C:\Windows\System\OzBVuJe.exe
  2⤵
  PID:3884
- C:\Windows\System\qISUoMy.exe
  C:\Windows\System\qISUoMy.exe
  2⤵
  PID:3900
- C:\Windows\System\AvytSQN.exe
  C:\Windows\System\AvytSQN.exe
  2⤵
  PID:3916
- C:\Windows\System\zuZYNWI.exe
  C:\Windows\System\zuZYNWI.exe
  2⤵
  PID:3932
- C:\Windows\System\GtLMwCh.exe
  C:\Windows\System\GtLMwCh.exe
  2⤵
  PID:3948
- C:\Windows\System\vEPRHkq.exe
  C:\Windows\System\vEPRHkq.exe
  2⤵
  PID:3964
- C:\Windows\System\JkljaSn.exe
  C:\Windows\System\JkljaSn.exe
  2⤵
  PID:3980
- C:\Windows\System\EpzerHz.exe
  C:\Windows\System\EpzerHz.exe
  2⤵
  PID:3996
- C:\Windows\System\PczvrKx.exe
  C:\Windows\System\PczvrKx.exe
  2⤵
  PID:4012
- C:\Windows\System\zJZrppM.exe
  C:\Windows\System\zJZrppM.exe
  2⤵
  PID:4028
- C:\Windows\System\OcWOGXK.exe
  C:\Windows\System\OcWOGXK.exe
  2⤵
  PID:2592
- C:\Windows\System\IWoeIRM.exe
  C:\Windows\System\IWoeIRM.exe
  2⤵
  PID:1316
- C:\Windows\System\lixPXyC.exe
  C:\Windows\System\lixPXyC.exe
  2⤵
  PID:1168
- C:\Windows\System\hktgnPX.exe
  C:\Windows\System\hktgnPX.exe
  2⤵
  PID:960
- C:\Windows\System\TxJKkRL.exe
  C:\Windows\System\TxJKkRL.exe
  2⤵
  PID:3092
- C:\Windows\System\QneAxYk.exe
  C:\Windows\System\QneAxYk.exe
  2⤵
  PID:1860
- C:\Windows\System\jzjQzDD.exe
  C:\Windows\System\jzjQzDD.exe
  2⤵
  PID:1216
- C:\Windows\System\iZOvsML.exe
  C:\Windows\System\iZOvsML.exe
  2⤵
  PID:2172
- C:\Windows\System\LCDHFUY.exe
  C:\Windows\System\LCDHFUY.exe
  2⤵
  PID:328
- C:\Windows\System\viMVlRA.exe
  C:\Windows\System\viMVlRA.exe
  2⤵
  PID:2928
- C:\Windows\System\amTOKsu.exe
  C:\Windows\System\amTOKsu.exe
  2⤵
  PID:1104
- C:\Windows\System\HXJJkQB.exe
  C:\Windows\System\HXJJkQB.exe
  2⤵
  PID:3252
- C:\Windows\System\XEnkmum.exe
  C:\Windows\System\XEnkmum.exe
  2⤵
  PID:3380
- C:\Windows\System\wgNivSS.exe
  C:\Windows\System\wgNivSS.exe
  2⤵
  PID:2908
- C:\Windows\System\VSAmHhN.exe
  C:\Windows\System\VSAmHhN.exe
  2⤵
  PID:1576
- C:\Windows\System\sbSDLda.exe
  C:\Windows\System\sbSDLda.exe
  2⤵
  PID:3320
- C:\Windows\System\GVmSbcG.exe
  C:\Windows\System\GVmSbcG.exe
  2⤵
  PID:3148
- C:\Windows\System\fFWULfG.exe
  C:\Windows\System\fFWULfG.exe
  2⤵
  PID:3416
- C:\Windows\System\hGrOwYR.exe
  C:\Windows\System\hGrOwYR.exe
  2⤵
  PID:3480
- C:\Windows\System\DhBxpQS.exe
  C:\Windows\System\DhBxpQS.exe
  2⤵
  PID:3236
- C:\Windows\System\VjVpbLw.exe
  C:\Windows\System\VjVpbLw.exe
  2⤵
  PID:3332
- C:\Windows\System\fFvVipc.exe
  C:\Windows\System\fFvVipc.exe
  2⤵
  PID:3460
- C:\Windows\System\pzWxSwY.exe
  C:\Windows\System\pzWxSwY.exe
  2⤵
  PID:2912
- C:\Windows\System\ICTzowc.exe
  C:\Windows\System\ICTzowc.exe
  2⤵
  PID:3740
- C:\Windows\System\cEIfOpe.exe
  C:\Windows\System\cEIfOpe.exe
  2⤵
  PID:3544
- C:\Windows\System\RGPXYTy.exe
  C:\Windows\System\RGPXYTy.exe
  2⤵
  PID:3880
- C:\Windows\System\KJpQbKK.exe
  C:\Windows\System\KJpQbKK.exe
  2⤵
  PID:3744
- C:\Windows\System\RBCVVMP.exe
  C:\Windows\System\RBCVVMP.exe
  2⤵
  PID:3560
- C:\Windows\System\rXaZGtT.exe
  C:\Windows\System\rXaZGtT.exe
  2⤵
  PID:3912
- C:\Windows\System\jhOAAll.exe
  C:\Windows\System\jhOAAll.exe
  2⤵
  PID:4008
- C:\Windows\System\lASDqYJ.exe
  C:\Windows\System\lASDqYJ.exe
  2⤵
  PID:3552
- C:\Windows\System\ZFPuTnf.exe
  C:\Windows\System\ZFPuTnf.exe
  2⤵
  PID:3568
- C:\Windows\System\BgUWGTe.exe
  C:\Windows\System\BgUWGTe.exe
  2⤵
  PID:4060
- C:\Windows\System\ISjGQbr.exe
  C:\Windows\System\ISjGQbr.exe
  2⤵
  PID:4076
- C:\Windows\System\SbwOsto.exe
  C:\Windows\System\SbwOsto.exe
  2⤵
  PID:3696
- C:\Windows\System\KBWURNF.exe
  C:\Windows\System\KBWURNF.exe
  2⤵
  PID:3760
- C:\Windows\System\cmzLuQU.exe
  C:\Windows\System\cmzLuQU.exe
  2⤵
  PID:3824
- C:\Windows\System\ssGiWZm.exe
  C:\Windows\System\ssGiWZm.exe
  2⤵
  PID:3832
- C:\Windows\System\YLFwUde.exe
  C:\Windows\System\YLFwUde.exe
  2⤵
  PID:3960
- C:\Windows\System\mVhMlru.exe
  C:\Windows\System\mVhMlru.exe
  2⤵
  PID:4024
- C:\Windows\System\IoGZdNG.exe
  C:\Windows\System\IoGZdNG.exe
  2⤵
  PID:3316
- C:\Windows\System\xYCTzrD.exe
  C:\Windows\System\xYCTzrD.exe
  2⤵
  PID:3300
- C:\Windows\System\gWqJmay.exe
  C:\Windows\System\gWqJmay.exe
  2⤵
  PID:2684
- C:\Windows\System\nQyjfZV.exe
  C:\Windows\System\nQyjfZV.exe
  2⤵
  PID:2292
- C:\Windows\System\rsYlvxy.exe
  C:\Windows\System\rsYlvxy.exe
  2⤵
  PID:3160
- C:\Windows\System\Nugglcj.exe
  C:\Windows\System\Nugglcj.exe
  2⤵
  PID:3304
- C:\Windows\System\KcLdMDa.exe
  C:\Windows\System\KcLdMDa.exe
  2⤵
  PID:3580
- C:\Windows\System\QOKCLgN.exe
  C:\Windows\System\QOKCLgN.exe
  2⤵
  PID:3272
- C:\Windows\System\lwwzLYi.exe
  C:\Windows\System\lwwzLYi.exe
  2⤵
  PID:3368
- C:\Windows\System\pwgnIHB.exe
  C:\Windows\System\pwgnIHB.exe
  2⤵
  PID:772
- C:\Windows\System\OLqNCPw.exe
  C:\Windows\System\OLqNCPw.exe
  2⤵
  PID:2960
- C:\Windows\System\XBdjusj.exe
  C:\Windows\System\XBdjusj.exe
  2⤵
  PID:4036
- C:\Windows\System\CGUYfVD.exe
  C:\Windows\System\CGUYfVD.exe
  2⤵
  PID:3692
- C:\Windows\System\WCIPtuU.exe
  C:\Windows\System\WCIPtuU.exe
  2⤵
  PID:3084
- C:\Windows\System\JLVKyNN.exe
  C:\Windows\System\JLVKyNN.exe
  2⤵
  PID:1716
- C:\Windows\System\ODUxFqC.exe
  C:\Windows\System\ODUxFqC.exe
  2⤵
  PID:1568
- C:\Windows\System\oCuRlBh.exe
  C:\Windows\System\oCuRlBh.exe
  2⤵
  PID:3540
- C:\Windows\System\HsaBNTD.exe
  C:\Windows\System\HsaBNTD.exe
  2⤵
  PID:3944
- C:\Windows\System\fvifZkm.exe
  C:\Windows\System\fvifZkm.exe
  2⤵
  PID:4068
- C:\Windows\System\uGCxPOs.exe
  C:\Windows\System\uGCxPOs.exe
  2⤵
  PID:3892
- C:\Windows\System\QcVAmTL.exe
  C:\Windows\System\QcVAmTL.exe
  2⤵
  PID:3448
- C:\Windows\System\KnnYocN.exe
  C:\Windows\System\KnnYocN.exe
  2⤵
  PID:3476
- C:\Windows\System\mHOWjUs.exe
  C:\Windows\System\mHOWjUs.exe
  2⤵
  PID:2132
- C:\Windows\System\dGhvHSa.exe
  C:\Windows\System\dGhvHSa.exe
  2⤵
  PID:4104
- C:\Windows\System\sAtrdri.exe
  C:\Windows\System\sAtrdri.exe
  2⤵
  PID:4120
- C:\Windows\System\ElAWcdn.exe
  C:\Windows\System\ElAWcdn.exe
  2⤵
  PID:4136
- C:\Windows\System\CKNyWxt.exe
  C:\Windows\System\CKNyWxt.exe
  2⤵
  PID:4152
- C:\Windows\System\VHSjrBp.exe
  C:\Windows\System\VHSjrBp.exe
  2⤵
  PID:4168
- C:\Windows\System\XkhiVos.exe
  C:\Windows\System\XkhiVos.exe
  2⤵
  PID:4184
- C:\Windows\System\zUplWKe.exe
  C:\Windows\System\zUplWKe.exe
  2⤵
  PID:4200
- C:\Windows\System\utRkZqS.exe
  C:\Windows\System\utRkZqS.exe
  2⤵
  PID:4216
- C:\Windows\System\otNlpDi.exe
  C:\Windows\System\otNlpDi.exe
  2⤵
  PID:4232
- C:\Windows\System\PuGVqzx.exe
  C:\Windows\System\PuGVqzx.exe
  2⤵
  PID:4348
- C:\Windows\System\IzIDsGU.exe
  C:\Windows\System\IzIDsGU.exe
  2⤵
  PID:4364
- C:\Windows\System\qXzyRqD.exe
  C:\Windows\System\qXzyRqD.exe
  2⤵
  PID:4380
- C:\Windows\System\aqEYUoV.exe
  C:\Windows\System\aqEYUoV.exe
  2⤵
  PID:4396
- C:\Windows\System\tQkjfFx.exe
  C:\Windows\System\tQkjfFx.exe
  2⤵
  PID:4412
- C:\Windows\System\gYpXMWu.exe
  C:\Windows\System\gYpXMWu.exe
  2⤵
  PID:4428
- C:\Windows\System\dfqZqSt.exe
  C:\Windows\System\dfqZqSt.exe
  2⤵
  PID:4444
- C:\Windows\System\wMlIVSm.exe
  C:\Windows\System\wMlIVSm.exe
  2⤵
  PID:4460
- C:\Windows\System\LlxQDTJ.exe
  C:\Windows\System\LlxQDTJ.exe
  2⤵
  PID:4476
- C:\Windows\System\JYrJaFH.exe
  C:\Windows\System\JYrJaFH.exe
  2⤵
  PID:4492
- C:\Windows\System\VaQXqkc.exe
  C:\Windows\System\VaQXqkc.exe
  2⤵
  PID:4508
- C:\Windows\System\ipZlIUc.exe
  C:\Windows\System\ipZlIUc.exe
  2⤵
  PID:4524
- C:\Windows\System\nbmqjbP.exe
  C:\Windows\System\nbmqjbP.exe
  2⤵
  PID:4540
- C:\Windows\System\xxLbBzZ.exe
  C:\Windows\System\xxLbBzZ.exe
  2⤵
  PID:4560
- C:\Windows\System\cJgWUsp.exe
  C:\Windows\System\cJgWUsp.exe
  2⤵
  PID:4576
- C:\Windows\System\HeAqEnz.exe
  C:\Windows\System\HeAqEnz.exe
  2⤵
  PID:4592
- C:\Windows\System\WHXpvOu.exe
  C:\Windows\System\WHXpvOu.exe
  2⤵
  PID:4608
- C:\Windows\System\EIMLoKJ.exe
  C:\Windows\System\EIMLoKJ.exe
  2⤵
  PID:4624
- C:\Windows\System\iQofAyN.exe
  C:\Windows\System\iQofAyN.exe
  2⤵
  PID:4640
- C:\Windows\System\cwylVcT.exe
  C:\Windows\System\cwylVcT.exe
  2⤵
  PID:4656
- C:\Windows\System\UTZhdUj.exe
  C:\Windows\System\UTZhdUj.exe
  2⤵
  PID:4676
- C:\Windows\System\qSQHPCq.exe
  C:\Windows\System\qSQHPCq.exe
  2⤵
  PID:4692
- C:\Windows\System\zTAQeaM.exe
  C:\Windows\System\zTAQeaM.exe
  2⤵
  PID:4708
- C:\Windows\System\MEQirXT.exe
  C:\Windows\System\MEQirXT.exe
  2⤵
  PID:4724
- C:\Windows\System\HerLSJL.exe
  C:\Windows\System\HerLSJL.exe
  2⤵
  PID:4740
- C:\Windows\System\knALFXA.exe
  C:\Windows\System\knALFXA.exe
  2⤵
  PID:4756
- C:\Windows\System\AaenSMe.exe
  C:\Windows\System\AaenSMe.exe
  2⤵
  PID:4892
- C:\Windows\System\oAREwUp.exe
  C:\Windows\System\oAREwUp.exe
  2⤵
  PID:4908
- C:\Windows\System\dkcDpOc.exe
  C:\Windows\System\dkcDpOc.exe
  2⤵
  PID:4924
- C:\Windows\System\fqRbfKI.exe
  C:\Windows\System\fqRbfKI.exe
  2⤵
  PID:4940
- C:\Windows\System\PrMFMbr.exe
  C:\Windows\System\PrMFMbr.exe
  2⤵
  PID:4956
- C:\Windows\System\fCvdtkg.exe
  C:\Windows\System\fCvdtkg.exe
  2⤵
  PID:4972
- C:\Windows\System\KIfxVcP.exe
  C:\Windows\System\KIfxVcP.exe
  2⤵
  PID:4988
- C:\Windows\System\UGtIpGD.exe
  C:\Windows\System\UGtIpGD.exe
  2⤵
  PID:5004
- C:\Windows\System\cACppLJ.exe
  C:\Windows\System\cACppLJ.exe
  2⤵
  PID:5020
- C:\Windows\System\uFUufMJ.exe
  C:\Windows\System\uFUufMJ.exe
  2⤵
  PID:5036
- C:\Windows\System\LRwDbxd.exe
  C:\Windows\System\LRwDbxd.exe
  2⤵
  PID:5052
- C:\Windows\System\qFrbkYl.exe
  C:\Windows\System\qFrbkYl.exe
  2⤵
  PID:5068
- C:\Windows\System\cOEzPhL.exe
  C:\Windows\System\cOEzPhL.exe
  2⤵
  PID:5084
- C:\Windows\System\IZWbqwE.exe
  C:\Windows\System\IZWbqwE.exe
  2⤵
  PID:5100
- C:\Windows\System\uhXOcub.exe
  C:\Windows\System\uhXOcub.exe
  2⤵
  PID:3076
- C:\Windows\System\TRCGFMY.exe
  C:\Windows\System\TRCGFMY.exe
  2⤵
  PID:3348
- C:\Windows\System\oHeMyvj.exe
  C:\Windows\System\oHeMyvj.exe
  2⤵
  PID:4056
- C:\Windows\System\cliRLIs.exe
  C:\Windows\System\cliRLIs.exe
  2⤵
  PID:3828
- C:\Windows\System\oQhmucR.exe
  C:\Windows\System\oQhmucR.exe
  2⤵
  PID:4148
- C:\Windows\System\EURFkKK.exe
  C:\Windows\System\EURFkKK.exe
  2⤵
  PID:4212
- C:\Windows\System\KYnxWQk.exe
  C:\Windows\System\KYnxWQk.exe
  2⤵
  PID:4256
- C:\Windows\System\XDRusOR.exe
  C:\Windows\System\XDRusOR.exe
  2⤵
  PID:4272
- C:\Windows\System\ARTtNSM.exe
  C:\Windows\System\ARTtNSM.exe
  2⤵
  PID:4288
- C:\Windows\System\YLaUdAG.exe
  C:\Windows\System\YLaUdAG.exe
  2⤵
  PID:3648
- C:\Windows\System\gPafcTC.exe
  C:\Windows\System\gPafcTC.exe
  2⤵
  PID:4084
- C:\Windows\System\YuepMhU.exe
  C:\Windows\System\YuepMhU.exe
  2⤵
  PID:1868
- C:\Windows\System\UgDeKLX.exe
  C:\Windows\System\UgDeKLX.exe
  2⤵
  PID:4196
- C:\Windows\System\rbYtBSE.exe
  C:\Windows\System\rbYtBSE.exe
  2⤵
  PID:3208
- C:\Windows\System\fywCSsg.exe
  C:\Windows\System\fywCSsg.exe
  2⤵
  PID:4376
- C:\Windows\System\hXTYEyk.exe
  C:\Windows\System\hXTYEyk.exe
  2⤵
  PID:4472
- C:\Windows\System\RvskSLY.exe
  C:\Windows\System\RvskSLY.exe
  2⤵
  PID:4536
- C:\Windows\System\xUzsKQP.exe
  C:\Windows\System\xUzsKQP.exe
  2⤵
  PID:4604
- C:\Windows\System\ZNMEnIy.exe
  C:\Windows\System\ZNMEnIy.exe
  2⤵
  PID:4668
- C:\Windows\System\fmzFkks.exe
  C:\Windows\System\fmzFkks.exe
  2⤵
  PID:4732
- C:\Windows\System\tMUDhay.exe
  C:\Windows\System\tMUDhay.exe
  2⤵
  PID:4468
- C:\Windows\System\FjdZBFV.exe
  C:\Windows\System\FjdZBFV.exe
  2⤵
  PID:4788
- C:\Windows\System\dUBSqUx.exe
  C:\Windows\System\dUBSqUx.exe
  2⤵
  PID:4804
- C:\Windows\System\fiNOJlA.exe
  C:\Windows\System\fiNOJlA.exe
  2⤵
  PID:4296
- C:\Windows\System\XtcLwlo.exe
  C:\Windows\System\XtcLwlo.exe
  2⤵
  PID:4192
- C:\Windows\System\NReXCrM.exe
  C:\Windows\System\NReXCrM.exe
  2⤵
  PID:4392
- C:\Windows\System\WmHacxe.exe
  C:\Windows\System\WmHacxe.exe
  2⤵
  PID:4456
- C:\Windows\System\JcuqYBX.exe
  C:\Windows\System\JcuqYBX.exe
  2⤵
  PID:4548
- C:\Windows\System\jGbVjeg.exe
  C:\Windows\System\jGbVjeg.exe
  2⤵
  PID:4616
- C:\Windows\System\jWagNfk.exe
  C:\Windows\System\jWagNfk.exe
  2⤵
  PID:4652
- C:\Windows\System\KWuOUWi.exe
  C:\Windows\System\KWuOUWi.exe
  2⤵
  PID:4720
- C:\Windows\System\oBuXuCC.exe
  C:\Windows\System\oBuXuCC.exe
  2⤵
  PID:4916
- C:\Windows\System\KIZWBQb.exe
  C:\Windows\System\KIZWBQb.exe
  2⤵
  PID:4980
- C:\Windows\System\LHlNlkE.exe
  C:\Windows\System\LHlNlkE.exe
  2⤵
  PID:5044
- C:\Windows\System\EiKTBxG.exe
  C:\Windows\System\EiKTBxG.exe
  2⤵
  PID:5108
- C:\Windows\System\NoUqPsU.exe
  C:\Windows\System\NoUqPsU.exe
  2⤵
  PID:4116
- C:\Windows\System\GTodjpH.exe
  C:\Windows\System\GTodjpH.exe
  2⤵
  PID:4252
- C:\Windows\System\qoEBhXU.exe
  C:\Windows\System\qoEBhXU.exe
  2⤵
  PID:3660
- C:\Windows\System\pTXeRqe.exe
  C:\Windows\System\pTXeRqe.exe
  2⤵
  PID:3908
- C:\Windows\System\KfLiWcD.exe
  C:\Windows\System\KfLiWcD.exe
  2⤵
  PID:3188
- C:\Windows\System\vgVbxME.exe
  C:\Windows\System\vgVbxME.exe
  2⤵
  PID:3680
- C:\Windows\System\QEGtLEM.exe
  C:\Windows\System\QEGtLEM.exe
  2⤵
  PID:4372
- C:\Windows\System\TRIyrHi.exe
  C:\Windows\System\TRIyrHi.exe
  2⤵
  PID:4664
- C:\Windows\System\WSGMjVM.exe
  C:\Windows\System\WSGMjVM.exe
  2⤵
  PID:4800
- C:\Windows\System\DcCvcNb.exe
  C:\Windows\System\DcCvcNb.exe
  2⤵
  PID:4452
- C:\Windows\System\oRDJPMM.exe
  C:\Windows\System\oRDJPMM.exe
  2⤵
  PID:4948
- C:\Windows\System\CLNbBMM.exe
  C:\Windows\System\CLNbBMM.exe
  2⤵
  PID:4144
- C:\Windows\System\kXakVms.exe
  C:\Windows\System\kXakVms.exe
  2⤵
  PID:3288
- C:\Windows\System\nmWsjHa.exe
  C:\Windows\System\nmWsjHa.exe
  2⤵
  PID:4832
- C:\Windows\System\SUoSZVq.exe
  C:\Windows\System\SUoSZVq.exe
  2⤵
  PID:4904
- C:\Windows\System\NAIzJIC.exe
  C:\Windows\System\NAIzJIC.exe
  2⤵
  PID:4164
- C:\Windows\System\UtYxozU.exe
  C:\Windows\System\UtYxozU.exe
  2⤵
  PID:4440
- C:\Windows\System\vSIpyXo.exe
  C:\Windows\System\vSIpyXo.exe
  2⤵
  PID:4780
- C:\Windows\System\lGEwevY.exe
  C:\Windows\System\lGEwevY.exe
  2⤵
  PID:4360
- C:\Windows\System\QMUAPIc.exe
  C:\Windows\System\QMUAPIc.exe
  2⤵
  PID:4556
- C:\Windows\System\RrzkdvW.exe
  C:\Windows\System\RrzkdvW.exe
  2⤵
  PID:5012
- C:\Windows\System\DGPFFrZ.exe
  C:\Windows\System\DGPFFrZ.exe
  2⤵
  PID:740
- C:\Windows\System\YwrmDEP.exe
  C:\Windows\System\YwrmDEP.exe
  2⤵
  PID:2596
- C:\Windows\System\HxnRBgZ.exe
  C:\Windows\System\HxnRBgZ.exe
  2⤵
  PID:5136
- C:\Windows\System\sgjgknc.exe
  C:\Windows\System\sgjgknc.exe
  2⤵
  PID:5152
- C:\Windows\System\UzxXzgU.exe
  C:\Windows\System\UzxXzgU.exe
  2⤵
  PID:5312
- C:\Windows\System\CXduciq.exe
  C:\Windows\System\CXduciq.exe
  2⤵
  PID:5328
- C:\Windows\System\AxICQes.exe
  C:\Windows\System\AxICQes.exe
  2⤵
  PID:5344
- C:\Windows\System\dIVHQAO.exe
  C:\Windows\System\dIVHQAO.exe
  2⤵
  PID:5360
- C:\Windows\System\ddjvitq.exe
  C:\Windows\System\ddjvitq.exe
  2⤵
  PID:5376
- C:\Windows\System\GfBulTf.exe
  C:\Windows\System\GfBulTf.exe
  2⤵
  PID:5392
- C:\Windows\System\VCGaHAf.exe
  C:\Windows\System\VCGaHAf.exe
  2⤵
  PID:5408
- C:\Windows\System\MnzLZQD.exe
  C:\Windows\System\MnzLZQD.exe
  2⤵
  PID:5424
- C:\Windows\System\sutVzmv.exe
  C:\Windows\System\sutVzmv.exe
  2⤵
  PID:5440
- C:\Windows\System\FoJSssS.exe
  C:\Windows\System\FoJSssS.exe
  2⤵
  PID:5456
- C:\Windows\System\bZrJIKT.exe
  C:\Windows\System\bZrJIKT.exe
  2⤵
  PID:5472
- C:\Windows\System\BMDOvxB.exe
  C:\Windows\System\BMDOvxB.exe
  2⤵
  PID:5488
- C:\Windows\System\rGLMSRJ.exe
  C:\Windows\System\rGLMSRJ.exe
  2⤵
  PID:5508
- C:\Windows\System\aqEVPLu.exe
  C:\Windows\System\aqEVPLu.exe
  2⤵
  PID:5524
- C:\Windows\System\jtRVPGs.exe
  C:\Windows\System\jtRVPGs.exe
  2⤵
  PID:5540
- C:\Windows\System\RdxAngL.exe
  C:\Windows\System\RdxAngL.exe
  2⤵
  PID:5556
- C:\Windows\System\iBbjMVP.exe
  C:\Windows\System\iBbjMVP.exe
  2⤵
  PID:5572
- C:\Windows\System\HZclowN.exe
  C:\Windows\System\HZclowN.exe
  2⤵
  PID:5588
- C:\Windows\System\VWwwBSo.exe
  C:\Windows\System\VWwwBSo.exe
  2⤵
  PID:5604
- C:\Windows\System\FQPvcEy.exe
  C:\Windows\System\FQPvcEy.exe
  2⤵
  PID:5620
- C:\Windows\System\NtXxrBo.exe
  C:\Windows\System\NtXxrBo.exe
  2⤵
  PID:5636
- C:\Windows\System\zgUswSe.exe
  C:\Windows\System\zgUswSe.exe
  2⤵
  PID:5652
- C:\Windows\System\AmIuVkC.exe
  C:\Windows\System\AmIuVkC.exe
  2⤵
  PID:5808
- C:\Windows\System\tXVXKop.exe
  C:\Windows\System\tXVXKop.exe
  2⤵
  PID:5824
- C:\Windows\System\IhtWAeE.exe
  C:\Windows\System\IhtWAeE.exe
  2⤵
  PID:5840
- C:\Windows\System\LJEKcla.exe
  C:\Windows\System\LJEKcla.exe
  2⤵
  PID:5856
- C:\Windows\System\SLTObws.exe
  C:\Windows\System\SLTObws.exe
  2⤵
  PID:5872
- C:\Windows\System\XoYLtSD.exe
  C:\Windows\System\XoYLtSD.exe
  2⤵
  PID:5888
- C:\Windows\System\VvLYMVZ.exe
  C:\Windows\System\VvLYMVZ.exe
  2⤵
  PID:5904
- C:\Windows\System\MAPwQRg.exe
  C:\Windows\System\MAPwQRg.exe
  2⤵
  PID:5920
- C:\Windows\System\QNceZMM.exe
  C:\Windows\System\QNceZMM.exe
  2⤵
  PID:5936
- C:\Windows\System\XxtNqWv.exe
  C:\Windows\System\XxtNqWv.exe
  2⤵
  PID:5952
- C:\Windows\System\rcAnWib.exe
  C:\Windows\System\rcAnWib.exe
  2⤵
  PID:5968
- C:\Windows\System\YEegYcA.exe
  C:\Windows\System\YEegYcA.exe
  2⤵
  PID:5984
- C:\Windows\System\UFlklEX.exe
  C:\Windows\System\UFlklEX.exe
  2⤵
  PID:6000
- C:\Windows\System\auuripu.exe
  C:\Windows\System\auuripu.exe
  2⤵
  PID:6016
- C:\Windows\System\lRBUwFf.exe
  C:\Windows\System\lRBUwFf.exe
  2⤵
  PID:6032
- C:\Windows\System\zXSKeTy.exe
  C:\Windows\System\zXSKeTy.exe
  2⤵
  PID:6048
- C:\Windows\System\jIMrRSy.exe
  C:\Windows\System\jIMrRSy.exe
  2⤵
  PID:6064
- C:\Windows\System\KecqUFW.exe
  C:\Windows\System\KecqUFW.exe
  2⤵
  PID:6080
- C:\Windows\System\ChIpiKj.exe
  C:\Windows\System\ChIpiKj.exe
  2⤵
  PID:6096
- C:\Windows\System\TFoiiKl.exe
  C:\Windows\System\TFoiiKl.exe
  2⤵
  PID:6112
- C:\Windows\System\HXYDxDP.exe
  C:\Windows\System\HXYDxDP.exe
  2⤵
  PID:6128
- C:\Windows\System\CMIwxVS.exe
  C:\Windows\System\CMIwxVS.exe
  2⤵
  PID:4340
- C:\Windows\System\bhkExPA.exe
  C:\Windows\System\bhkExPA.exe
  2⤵
  PID:4436
- C:\Windows\System\MbzxBtz.exe
  C:\Windows\System\MbzxBtz.exe
  2⤵
  PID:2180
- C:\Windows\System\iBLwrwl.exe
  C:\Windows\System\iBLwrwl.exe
  2⤵
  PID:4520
- C:\Windows\System\eSZoCbI.exe
  C:\Windows\System\eSZoCbI.exe
  2⤵
  PID:3676
- C:\Windows\System\DZGeixT.exe
  C:\Windows\System\DZGeixT.exe
  2⤵
  PID:4772
- C:\Windows\System\GLNwgvF.exe
  C:\Windows\System\GLNwgvF.exe
  2⤵
  PID:3848
- C:\Windows\System\PfooTbg.exe
  C:\Windows\System\PfooTbg.exe
  2⤵
  PID:3512
- C:\Windows\System\czXEXXc.exe
  C:\Windows\System\czXEXXc.exe
  2⤵
  PID:4752
- C:\Windows\System\vRxMBbb.exe
  C:\Windows\System\vRxMBbb.exe
  2⤵
  PID:3604
- C:\Windows\System\lbqidST.exe
  C:\Windows\System\lbqidST.exe
  2⤵
  PID:5148
- C:\Windows\System\awWmREd.exe
  C:\Windows\System\awWmREd.exe
  2⤵
  PID:5480
- C:\Windows\System\XOMBUPc.exe
  C:\Windows\System\XOMBUPc.exe
  2⤵
  PID:5320
- C:\Windows\System\Tlutnvs.exe
  C:\Windows\System\Tlutnvs.exe
  2⤵
  PID:5352
- C:\Windows\System\bxwsnBT.exe
  C:\Windows\System\bxwsnBT.exe
  2⤵
  PID:5420
- C:\Windows\System\BBHppjV.exe
  C:\Windows\System\BBHppjV.exe
  2⤵
  PID:5516
- C:\Windows\System\TNVssFJ.exe
  C:\Windows\System\TNVssFJ.exe
  2⤵
  PID:5616
- C:\Windows\System\DXkMnLN.exe
  C:\Windows\System\DXkMnLN.exe
  2⤵
  PID:4768
- C:\Windows\System\RbCSAsX.exe
  C:\Windows\System\RbCSAsX.exe
  2⤵
  PID:5340
- C:\Windows\System\FZXMHVH.exe
  C:\Windows\System\FZXMHVH.exe
  2⤵
  PID:5404
- C:\Windows\System\GyGKKXF.exe
  C:\Windows\System\GyGKKXF.exe
  2⤵
  PID:5504
- C:\Windows\System\XudZaZc.exe
  C:\Windows\System\XudZaZc.exe
  2⤵
  PID:5980
- C:\Windows\System\tsIEaLB.exe
  C:\Windows\System\tsIEaLB.exe
  2⤵
  PID:6076
- C:\Windows\System\hUVXFuc.exe
  C:\Windows\System\hUVXFuc.exe
  2⤵
  PID:5080
- C:\Windows\System\ToVYmus.exe
  C:\Windows\System\ToVYmus.exe
  2⤵
  PID:4900
- C:\Windows\System\rTzhxlX.exe
  C:\Windows\System\rTzhxlX.exe
  2⤵
  PID:4488
- C:\Windows\System\KpzIYYr.exe
  C:\Windows\System\KpzIYYr.exe
  2⤵
  PID:3536
- C:\Windows\System\pTCDmie.exe
  C:\Windows\System\pTCDmie.exe
  2⤵
  PID:5252
- C:\Windows\System\bsRZkpE.exe
  C:\Windows\System\bsRZkpE.exe
  2⤵
  PID:5276
- C:\Windows\System\JKyCvWF.exe
  C:\Windows\System\JKyCvWF.exe
  2⤵
  PID:5760
- C:\Windows\System\NbdHKek.exe
  C:\Windows\System\NbdHKek.exe
  2⤵
  PID:5780
- C:\Windows\System\aWifOiO.exe
  C:\Windows\System\aWifOiO.exe
  2⤵
  PID:5792
- C:\Windows\System\AdQLMjQ.exe
  C:\Windows\System\AdQLMjQ.exe
  2⤵
  PID:5684
- C:\Windows\System\RJkrIPY.exe
  C:\Windows\System\RJkrIPY.exe
  2⤵
  PID:5696
- C:\Windows\System\aioXpVh.exe
  C:\Windows\System\aioXpVh.exe
  2⤵
  PID:5864
- C:\Windows\System\eLtEwSg.exe
  C:\Windows\System\eLtEwSg.exe
  2⤵
  PID:5928
- C:\Windows\System\pGtzqgz.exe
  C:\Windows\System\pGtzqgz.exe
  2⤵
  PID:5992
- C:\Windows\System\gnONOaj.exe
  C:\Windows\System\gnONOaj.exe
  2⤵
  PID:6056
- C:\Windows\System\SPBtwjd.exe
  C:\Windows\System\SPBtwjd.exe
  2⤵
  PID:4532
- C:\Windows\System\siqnWXU.exe
  C:\Windows\System\siqnWXU.exe
  2⤵
  PID:3576
- C:\Windows\System\mOlPzUl.exe
  C:\Windows\System\mOlPzUl.exe
  2⤵
  PID:1016
- C:\Windows\System\URWZSin.exe
  C:\Windows\System\URWZSin.exe
  2⤵
  PID:2848
- C:\Windows\System\OALRoSh.exe
  C:\Windows\System\OALRoSh.exe
  2⤵
  PID:5648
- C:\Windows\System\CeEsENT.exe
  C:\Windows\System\CeEsENT.exe
  2⤵
  PID:5584
- C:\Windows\System\CmGtWkV.exe
  C:\Windows\System\CmGtWkV.exe
  2⤵
  PID:5468
- C:\Windows\System\sXwyqGG.exe
  C:\Windows\System\sXwyqGG.exe
  2⤵
  PID:5784
- C:\Windows\System\gxgOFVi.exe
  C:\Windows\System\gxgOFVi.exe
  2⤵
  PID:2972
- C:\Windows\System\YPTnOSX.exe
  C:\Windows\System\YPTnOSX.exe
  2⤵
  PID:5112
- C:\Windows\System\FjFvrZF.exe
  C:\Windows\System\FjFvrZF.exe
  2⤵
  PID:5436
- C:\Windows\System\HHilkRZ.exe
  C:\Windows\System\HHilkRZ.exe
  2⤵
  PID:5836
- C:\Windows\System\fvFqMDc.exe
  C:\Windows\System\fvFqMDc.exe
  2⤵
  PID:6088
- C:\Windows\System\WVxxXMT.exe
  C:\Windows\System\WVxxXMT.exe
  2⤵
  PID:5612
- C:\Windows\System\QssiRol.exe
  C:\Windows\System\QssiRol.exe
  2⤵
  PID:5220
- C:\Windows\System\MzzcRFK.exe
  C:\Windows\System\MzzcRFK.exe
  2⤵
  PID:5204
- C:\Windows\System\ZIPNtLC.exe
  C:\Windows\System\ZIPNtLC.exe
  2⤵
  PID:6124
- C:\Windows\System\rQxsZxs.exe
  C:\Windows\System\rQxsZxs.exe
  2⤵
  PID:4964
- C:\Windows\System\kpnhJKz.exe
  C:\Windows\System\kpnhJKz.exe
  2⤵
  PID:4884
- C:\Windows\System\rlpdknV.exe
  C:\Windows\System\rlpdknV.exe
  2⤵
  PID:5912
- C:\Windows\System\TsclPAr.exe
  C:\Windows\System\TsclPAr.exe
  2⤵
  PID:5292
- C:\Windows\System\xIKCeUY.exe
  C:\Windows\System\xIKCeUY.exe
  2⤵
  PID:5916
- C:\Windows\System\PmbNFaa.exe
  C:\Windows\System\PmbNFaa.exe
  2⤵
  PID:5632
- C:\Windows\System\DaHjPif.exe
  C:\Windows\System\DaHjPif.exe
  2⤵
  PID:4704
- C:\Windows\System\qldLInE.exe
  C:\Windows\System\qldLInE.exe
  2⤵
  PID:5280
- C:\Windows\System\GjQWYmY.exe
  C:\Windows\System\GjQWYmY.exe
  2⤵
  PID:5688
- C:\Windows\System\sJcEiYC.exe
  C:\Windows\System\sJcEiYC.exe
  2⤵
  PID:564
- C:\Windows\System\Lofpieq.exe
  C:\Windows\System\Lofpieq.exe
  2⤵
  PID:5416
- C:\Windows\System\OIDSWAK.exe
  C:\Windows\System\OIDSWAK.exe
  2⤵
  PID:6148
- C:\Windows\System\AzPzomK.exe
  C:\Windows\System\AzPzomK.exe
  2⤵
  PID:6164
- C:\Windows\System\iRJGGVp.exe
  C:\Windows\System\iRJGGVp.exe
  2⤵
  PID:6180
- C:\Windows\System\xLzjLLg.exe
  C:\Windows\System\xLzjLLg.exe
  2⤵
  PID:6332
- C:\Windows\System\WgQOrej.exe
  C:\Windows\System\WgQOrej.exe
  2⤵
  PID:6348
- C:\Windows\System\AohSwuw.exe
  C:\Windows\System\AohSwuw.exe
  2⤵
  PID:6364
- C:\Windows\System\ybKtQbs.exe
  C:\Windows\System\ybKtQbs.exe
  2⤵
  PID:6380
- C:\Windows\System\pmQocPb.exe
  C:\Windows\System\pmQocPb.exe
  2⤵
  PID:6396
- C:\Windows\System\ZFCADGF.exe
  C:\Windows\System\ZFCADGF.exe
  2⤵
  PID:6412
- C:\Windows\System\xLMmDJR.exe
  C:\Windows\System\xLMmDJR.exe
  2⤵
  PID:6428
- C:\Windows\System\WRAAmAP.exe
  C:\Windows\System\WRAAmAP.exe
  2⤵
  PID:6444
- C:\Windows\System\vVmOeCM.exe
  C:\Windows\System\vVmOeCM.exe
  2⤵
  PID:6460
- C:\Windows\System\nznEcgE.exe
  C:\Windows\System\nznEcgE.exe
  2⤵
  PID:6476
- C:\Windows\System\DzpXulL.exe
  C:\Windows\System\DzpXulL.exe
  2⤵
  PID:6492
- C:\Windows\System\bIFiyOY.exe
  C:\Windows\System\bIFiyOY.exe
  2⤵
  PID:6508
- C:\Windows\System\arNjGDA.exe
  C:\Windows\System\arNjGDA.exe
  2⤵
  PID:6524
- C:\Windows\System\brwscmI.exe
  C:\Windows\System\brwscmI.exe
  2⤵
  PID:6540
- C:\Windows\System\SHcfdIU.exe
  C:\Windows\System\SHcfdIU.exe
  2⤵
  PID:6556
- C:\Windows\System\LToQyDF.exe
  C:\Windows\System\LToQyDF.exe
  2⤵
  PID:6572
- C:\Windows\System\GdPQYlH.exe
  C:\Windows\System\GdPQYlH.exe
  2⤵
  PID:6588
- C:\Windows\System\ADPGdCX.exe
  C:\Windows\System\ADPGdCX.exe
  2⤵
  PID:6604
- C:\Windows\System\XkNClQt.exe
  C:\Windows\System\XkNClQt.exe
  2⤵
  PID:6620
- C:\Windows\System\mdYOqub.exe
  C:\Windows\System\mdYOqub.exe
  2⤵
  PID:6636
- C:\Windows\System\NtnOOxS.exe
  C:\Windows\System\NtnOOxS.exe
  2⤵
  PID:6652
- C:\Windows\System\vEabqhf.exe
  C:\Windows\System\vEabqhf.exe
  2⤵
  PID:6668
- C:\Windows\System\hXekeML.exe
  C:\Windows\System\hXekeML.exe
  2⤵
  PID:6712
- C:\Windows\System\qsXvonz.exe
  C:\Windows\System\qsXvonz.exe
  2⤵
  PID:6728
- C:\Windows\System\DyaNTmP.exe
  C:\Windows\System\DyaNTmP.exe
  2⤵
  PID:6744
- C:\Windows\System\EsCcIlY.exe
  C:\Windows\System\EsCcIlY.exe
  2⤵
  PID:6760
- C:\Windows\System\WFvfHEp.exe
  C:\Windows\System\WFvfHEp.exe
  2⤵
  PID:6776
- C:\Windows\System\kzmNhnI.exe
  C:\Windows\System\kzmNhnI.exe
  2⤵
  PID:6792
- C:\Windows\System\asZKvvx.exe
  C:\Windows\System\asZKvvx.exe
  2⤵
  PID:6808
- C:\Windows\System\ibKHJxY.exe
  C:\Windows\System\ibKHJxY.exe
  2⤵
  PID:6824
- C:\Windows\System\YbhBNiW.exe
  C:\Windows\System\YbhBNiW.exe
  2⤵
  PID:6840
- C:\Windows\System\BmRCHJG.exe
  C:\Windows\System\BmRCHJG.exe
  2⤵
  PID:6856
- C:\Windows\System\cxitiqY.exe
  C:\Windows\System\cxitiqY.exe
  2⤵
  PID:6872
- C:\Windows\System\YuuRJvP.exe
  C:\Windows\System\YuuRJvP.exe
  2⤵
  PID:6888
- C:\Windows\System\kfSEzvo.exe
  C:\Windows\System\kfSEzvo.exe
  2⤵
  PID:6904
- C:\Windows\System\pRZdiEz.exe
  C:\Windows\System\pRZdiEz.exe
  2⤵
  PID:6920
- C:\Windows\System\qAdJdIM.exe
  C:\Windows\System\qAdJdIM.exe
  2⤵
  PID:6936
- C:\Windows\System\vRsgMJx.exe
  C:\Windows\System\vRsgMJx.exe
  2⤵
  PID:6952
- C:\Windows\System\Plsdken.exe
  C:\Windows\System\Plsdken.exe
  2⤵
  PID:6968
- C:\Windows\System\SpcmGhv.exe
  C:\Windows\System\SpcmGhv.exe
  2⤵
  PID:6984
- C:\Windows\System\RRBQvXQ.exe
  C:\Windows\System\RRBQvXQ.exe
  2⤵
  PID:7000
- C:\Windows\System\cQLZbiI.exe
  C:\Windows\System\cQLZbiI.exe
  2⤵
  PID:7016
- C:\Windows\System\XzFaxcb.exe
  C:\Windows\System\XzFaxcb.exe
  2⤵
  PID:7032
- C:\Windows\System\PWxstrA.exe
  C:\Windows\System\PWxstrA.exe
  2⤵
  PID:7064
- C:\Windows\System\EGNSOlH.exe
  C:\Windows\System\EGNSOlH.exe
  2⤵
  PID:7080
- C:\Windows\System\MHqPjbx.exe
  C:\Windows\System\MHqPjbx.exe
  2⤵
  PID:7096
- C:\Windows\System\StGsqRV.exe
  C:\Windows\System\StGsqRV.exe
  2⤵
  PID:7112
- C:\Windows\System\JejMRHx.exe
  C:\Windows\System\JejMRHx.exe
  2⤵
  PID:7128
- C:\Windows\System\aPMeaGG.exe
  C:\Windows\System\aPMeaGG.exe
  2⤵
  PID:7144
- C:\Windows\System\hOUcmlu.exe
  C:\Windows\System\hOUcmlu.exe
  2⤵
  PID:7160
- C:\Windows\System\DNkBIMB.exe
  C:\Windows\System\DNkBIMB.exe
  2⤵
  PID:5880
- C:\Windows\System\EczYLqb.exe
  C:\Windows\System\EczYLqb.exe
  2⤵
  PID:2396
- C:\Windows\System\sjKWlSh.exe
  C:\Windows\System\sjKWlSh.exe
  2⤵
  PID:1488
- C:\Windows\System\hlVJqrl.exe
  C:\Windows\System\hlVJqrl.exe
  2⤵
  PID:880
- C:\Windows\System\pHYJBuQ.exe
  C:\Windows\System\pHYJBuQ.exe
  2⤵
  PID:1368
- C:\Windows\System\jFfRMYw.exe
  C:\Windows\System\jFfRMYw.exe
  2⤵
  PID:1500
- C:\Windows\System\WIjXINs.exe
  C:\Windows\System\WIjXINs.exe
  2⤵
  PID:3040
- C:\Windows\System\BoNDPEp.exe
  C:\Windows\System\BoNDPEp.exe
  2⤵
  PID:1964
- C:\Windows\System\zXWSnwJ.exe
  C:\Windows\System\zXWSnwJ.exe
  2⤵
  PID:676
- C:\Windows\System\TfWKeJq.exe
  C:\Windows\System\TfWKeJq.exe
  2⤵
  PID:2044
- C:\Windows\System\uduegKK.exe
  C:\Windows\System\uduegKK.exe
  2⤵
  PID:2788
- C:\Windows\System\idsUaVW.exe
  C:\Windows\System\idsUaVW.exe
  2⤵
  PID:5816
- C:\Windows\System\FVXIPJZ.exe
  C:\Windows\System\FVXIPJZ.exe
  2⤵
  PID:6012
- C:\Windows\System\JvNpDgl.exe
  C:\Windows\System\JvNpDgl.exe
  2⤵
  PID:2336
- C:\Windows\System\vKXVboU.exe
  C:\Windows\System\vKXVboU.exe
  2⤵
  PID:840
- C:\Windows\System\GvrQuag.exe
  C:\Windows\System\GvrQuag.exe
  2⤵
  PID:5672
- C:\Windows\System\bRJKsDM.exe
  C:\Windows\System\bRJKsDM.exe
  2⤵
  PID:5200
- C:\Windows\System\ecEAMqN.exe
  C:\Windows\System\ecEAMqN.exe
  2⤵
  PID:4968
- C:\Windows\System\PWPIlPN.exe
  C:\Windows\System\PWPIlPN.exe
  2⤵
  PID:5500
- C:\Windows\System\ytBYYcG.exe
  C:\Windows\System\ytBYYcG.exe
  2⤵
  PID:5228
- C:\Windows\System\EhyFyXM.exe
  C:\Windows\System\EhyFyXM.exe
  2⤵
  PID:5712
- C:\Windows\System\HCPTyJo.exe
  C:\Windows\System\HCPTyJo.exe
  2⤵
  PID:6340
- C:\Windows\System\RigNZLc.exe
  C:\Windows\System\RigNZLc.exe
  2⤵
  PID:6404
- C:\Windows\System\qHjLCjO.exe
  C:\Windows\System\qHjLCjO.exe
  2⤵
  PID:6468
- C:\Windows\System\DOoGnaU.exe
  C:\Windows\System\DOoGnaU.exe
  2⤵
  PID:6532
- C:\Windows\System\AAruvdn.exe
  C:\Windows\System\AAruvdn.exe
  2⤵
  PID:6596
- C:\Windows\System\NRWRHMF.exe
  C:\Windows\System\NRWRHMF.exe
  2⤵
  PID:6660
- C:\Windows\System\fLYLDkQ.exe
  C:\Windows\System\fLYLDkQ.exe
  2⤵
  PID:6260
- C:\Windows\System\mYJypLv.exe
  C:\Windows\System\mYJypLv.exe
  2⤵
  PID:6304
- C:\Windows\System\SmoOCcu.exe
  C:\Windows\System\SmoOCcu.exe
  2⤵
  PID:6316
- C:\Windows\System\LQQhEQG.exe
  C:\Windows\System\LQQhEQG.exe
  2⤵
  PID:6324
- C:\Windows\System\BNOQwBG.exe
  C:\Windows\System\BNOQwBG.exe
  2⤵
  PID:6724
- C:\Windows\System\ONXKkdn.exe
  C:\Windows\System\ONXKkdn.exe
  2⤵
  PID:6788
- C:\Windows\System\PGhfaGB.exe
  C:\Windows\System\PGhfaGB.exe
  2⤵
  PID:6848
- C:\Windows\System\NQMGrxn.exe
  C:\Windows\System\NQMGrxn.exe
  2⤵
  PID:6912
- C:\Windows\System\FXsBfTW.exe
  C:\Windows\System\FXsBfTW.exe
  2⤵
  PID:6976
- C:\Windows\System\PdGFfbX.exe
  C:\Windows\System\PdGFfbX.exe
  2⤵
  PID:6284
- C:\Windows\System\rGIQihR.exe
  C:\Windows\System\rGIQihR.exe
  2⤵
  PID:6832
- C:\Windows\System\iOMJtbZ.exe
  C:\Windows\System\iOMJtbZ.exe
  2⤵
  PID:6960
- C:\Windows\System\CkHEYgK.exe
  C:\Windows\System\CkHEYgK.exe
  2⤵
  PID:7088
- C:\Windows\System\CHRsXGd.exe
  C:\Windows\System\CHRsXGd.exe
  2⤵
  PID:7152
- C:\Windows\System\tCzNlWk.exe
  C:\Windows\System\tCzNlWk.exe
  2⤵
  PID:1276
- C:\Windows\System\GYyQYHY.exe
  C:\Windows\System\GYyQYHY.exe
  2⤵
  PID:3052
- C:\Windows\System\EBfRRIU.exe
  C:\Windows\System\EBfRRIU.exe
  2⤵
  PID:5384
- C:\Windows\System\tJpHEPi.exe
  C:\Windows\System\tJpHEPi.exe
  2⤵
  PID:6708
- C:\Windows\System\TVhwYan.exe
  C:\Windows\System\TVhwYan.exe
  2⤵
  PID:6740
- C:\Windows\System\ZEReiYM.exe
  C:\Windows\System\ZEReiYM.exe
  2⤵
  PID:6804
- C:\Windows\System\NdHdfXT.exe
  C:\Windows\System\NdHdfXT.exe
  2⤵
  PID:6932
- C:\Windows\System\Fdlfuyo.exe
  C:\Windows\System\Fdlfuyo.exe
  2⤵
  PID:7108
- C:\Windows\System\FMjZTaq.exe
  C:\Windows\System\FMjZTaq.exe
  2⤵
  PID:5848
- C:\Windows\System\AFolSLK.exe
  C:\Windows\System\AFolSLK.exe
  2⤵
  PID:2300
- C:\Windows\System\ozQdDjB.exe
  C:\Windows\System\ozQdDjB.exe
  2⤵
  PID:1820
- C:\Windows\System\zmJClwF.exe
  C:\Windows\System\zmJClwF.exe
  2⤵
  PID:6136
- C:\Windows\System\ldinIvr.exe
  C:\Windows\System\ldinIvr.exe
  2⤵
  PID:6568
- C:\Windows\System\rYUYoYz.exe
  C:\Windows\System\rYUYoYz.exe
  2⤵
  PID:6328
- C:\Windows\System\PhzgeIY.exe
  C:\Windows\System\PhzgeIY.exe
  2⤵
  PID:7104
- C:\Windows\System\zohjPEm.exe
  C:\Windows\System\zohjPEm.exe
  2⤵
  PID:4600
- C:\Windows\System\fCGuBob.exe
  C:\Windows\System\fCGuBob.exe
  2⤵
  PID:5820
- C:\Windows\System\AfUqZri.exe
  C:\Windows\System\AfUqZri.exe
  2⤵
  PID:4292
- C:\Windows\System\aMpdqBZ.exe
  C:\Windows\System\aMpdqBZ.exe
  2⤵
  PID:6232
- C:\Windows\System\GfHmaCJ.exe
  C:\Windows\System\GfHmaCJ.exe
  2⤵
  PID:6500
- C:\Windows\System\oyyViPf.exe
  C:\Windows\System\oyyViPf.exe
  2⤵
  PID:5832
- C:\Windows\System\dfPNHWp.exe
  C:\Windows\System\dfPNHWp.exe
  2⤵
  PID:1760
- C:\Windows\System\MHpEoxZ.exe
  C:\Windows\System\MHpEoxZ.exe
  2⤵
  PID:6552
- C:\Windows\System\tylsDyq.exe
  C:\Windows\System\tylsDyq.exe
  2⤵
  PID:6488
- C:\Windows\System\RndZANI.exe
  C:\Windows\System\RndZANI.exe
  2⤵
  PID:6424
- C:\Windows\System\cQOPXpY.exe
  C:\Windows\System\cQOPXpY.exe
  2⤵
  PID:6360
- C:\Windows\System\cHgThlL.exe
  C:\Windows\System\cHgThlL.exe
  2⤵
  PID:6584
- C:\Windows\System\NFWYUBi.exe
  C:\Windows\System\NFWYUBi.exe
  2⤵
  PID:6648
- C:\Windows\System\muXbEvJ.exe
  C:\Windows\System\muXbEvJ.exe
  2⤵
  PID:6240
- C:\Windows\System\hnKQpKo.exe
  C:\Windows\System\hnKQpKo.exe
  2⤵
  PID:6820
- C:\Windows\System\nhOvzGY.exe
  C:\Windows\System\nhOvzGY.exe
  2⤵
  PID:1628
- C:\Windows\System\shCwoRv.exe
  C:\Windows\System\shCwoRv.exe
  2⤵
  PID:2192
- C:\Windows\System\LuOlddO.exe
  C:\Windows\System\LuOlddO.exe
  2⤵
  PID:6680
- C:\Windows\System\zddaPSA.exe
  C:\Windows\System\zddaPSA.exe
  2⤵
  PID:5756
- C:\Windows\System\yrXpKCF.exe
  C:\Windows\System\yrXpKCF.exe
  2⤵
  PID:5196
- C:\Windows\System\ScDiuRq.exe
  C:\Windows\System\ScDiuRq.exe
  2⤵
  PID:6784
- C:\Windows\System\DHFPmDb.exe
  C:\Windows\System\DHFPmDb.exe
  2⤵
  PID:7012
- C:\Windows\System\uJRVmkp.exe
  C:\Windows\System\uJRVmkp.exe
  2⤵
  PID:7124
- C:\Windows\System\pZulDOT.exe
  C:\Windows\System\pZulDOT.exe
  2⤵
  PID:1392
- C:\Windows\System\DrSPDnA.exe
  C:\Windows\System\DrSPDnA.exe
  2⤵
  PID:7028
- C:\Windows\System\qOnMvLm.exe
  C:\Windows\System\qOnMvLm.exe
  2⤵
  PID:2916
- C:\Windows\System\sxjjKhh.exe
  C:\Windows\System\sxjjKhh.exe
  2⤵
  PID:6440
- C:\Windows\System\klBZdFM.exe
  C:\Windows\System\klBZdFM.exe
  2⤵
  PID:5644
- C:\Windows\System\daULBld.exe
  C:\Windows\System\daULBld.exe
  2⤵
  PID:6628
- C:\Windows\System\QWfiunv.exe
  C:\Windows\System\QWfiunv.exe
  2⤵
  PID:6456
- C:\Windows\System\grNeXuo.exe
  C:\Windows\System\grNeXuo.exe
  2⤵
  PID:6236
- C:\Windows\System\ZmfienD.exe
  C:\Windows\System\ZmfienD.exe
  2⤵
  PID:6948
- C:\Windows\System\EhJUytp.exe
  C:\Windows\System\EhJUytp.exe
  2⤵
  PID:5168
- C:\Windows\System\KQIQrrm.exe
  C:\Windows\System\KQIQrrm.exe
  2⤵
  PID:5944
- C:\Windows\System\embnEVf.exe
  C:\Windows\System\embnEVf.exe
  2⤵
  PID:5752
- C:\Windows\System\LEuUREd.exe
  C:\Windows\System\LEuUREd.exe
  2⤵
  PID:5536
- C:\Windows\System\OTqcRyz.exe
  C:\Windows\System\OTqcRyz.exe
  2⤵
  PID:6320
- C:\Windows\System\lknzgiZ.exe
  C:\Windows\System\lknzgiZ.exe
  2⤵
  PID:6392
- C:\Windows\System\ABSTZRK.exe
  C:\Windows\System\ABSTZRK.exe
  2⤵
  PID:6172
- C:\Windows\System\iphVRZz.exe
  C:\Windows\System\iphVRZz.exe
  2⤵
  PID:5716
- C:\Windows\System\eqXYeMY.exe
  C:\Windows\System\eqXYeMY.exe
  2⤵
  PID:6516
- C:\Windows\System\wMjdBMc.exe
  C:\Windows\System\wMjdBMc.exe
  2⤵
  PID:5704
- C:\Windows\System\dXYzSnH.exe
  C:\Windows\System\dXYzSnH.exe
  2⤵
  PID:2600
- C:\Windows\System\hkQzzlK.exe
  C:\Windows\System\hkQzzlK.exe
  2⤵
  PID:7120
- C:\Windows\System\UeSeFmg.exe
  C:\Windows\System\UeSeFmg.exe
  2⤵
  PID:5728
- C:\Windows\System\EDmYIQg.exe
  C:\Windows\System\EDmYIQg.exe
  2⤵
  PID:2356
- C:\Windows\System\Okbbrsw.exe
  C:\Windows\System\Okbbrsw.exe
  2⤵
  PID:5852
- C:\Windows\System\LKMgNUr.exe
  C:\Windows\System\LKMgNUr.exe
  2⤵
  PID:7172
- C:\Windows\System\gLOXqyk.exe
  C:\Windows\System\gLOXqyk.exe
  2⤵
  PID:7188
- C:\Windows\System\fhSnIzY.exe
  C:\Windows\System\fhSnIzY.exe
  2⤵
  PID:7204
- C:\Windows\System\tILilkW.exe
  C:\Windows\System\tILilkW.exe
  2⤵
  PID:7224
- C:\Windows\System\bbxUUCf.exe
  C:\Windows\System\bbxUUCf.exe
  2⤵
  PID:7240
- C:\Windows\System\tepAslt.exe
  C:\Windows\System\tepAslt.exe
  2⤵
  PID:7256
- C:\Windows\System\ZjOqPki.exe
  C:\Windows\System\ZjOqPki.exe
  2⤵
  PID:7272
- C:\Windows\System\bMSdRdd.exe
  C:\Windows\System\bMSdRdd.exe
  2⤵
  PID:7288
- C:\Windows\System\eKYQWch.exe
  C:\Windows\System\eKYQWch.exe
  2⤵
  PID:7304
- C:\Windows\System\gzVTJvg.exe
  C:\Windows\System\gzVTJvg.exe
  2⤵
  PID:7320
- C:\Windows\System\hJfqsqt.exe
  C:\Windows\System\hJfqsqt.exe
  2⤵
  PID:7396
- C:\Windows\System\IFkcEHL.exe
  C:\Windows\System\IFkcEHL.exe
  2⤵
  PID:7412
- C:\Windows\System\bqhTlXR.exe
  C:\Windows\System\bqhTlXR.exe
  2⤵
  PID:7428
- C:\Windows\System\WxpKbuo.exe
  C:\Windows\System\WxpKbuo.exe
  2⤵
  PID:7444
- C:\Windows\System\ApwAvZB.exe
  C:\Windows\System\ApwAvZB.exe
  2⤵
  PID:7460
- C:\Windows\System\ffShDXh.exe
  C:\Windows\System\ffShDXh.exe
  2⤵
  PID:7476
- C:\Windows\System\ZSbbiWe.exe
  C:\Windows\System\ZSbbiWe.exe
  2⤵
  PID:7492
- C:\Windows\System\VuspwTq.exe
  C:\Windows\System\VuspwTq.exe
  2⤵
  PID:7508
- C:\Windows\System\bOBXdHy.exe
  C:\Windows\System\bOBXdHy.exe
  2⤵
  PID:7524
- C:\Windows\System\vDHOFoI.exe
  C:\Windows\System\vDHOFoI.exe
  2⤵
  PID:7540
- C:\Windows\System\ptiUIDq.exe
  C:\Windows\System\ptiUIDq.exe
  2⤵
  PID:7556
- C:\Windows\System\pokIrYP.exe
  C:\Windows\System\pokIrYP.exe
  2⤵
  PID:7572
- C:\Windows\System\GdRCUjk.exe
  C:\Windows\System\GdRCUjk.exe
  2⤵
  PID:7588
- C:\Windows\System\dThDSlN.exe
  C:\Windows\System\dThDSlN.exe
  2⤵
  PID:7604
- C:\Windows\System\TjGrAxV.exe
  C:\Windows\System\TjGrAxV.exe
  2⤵
  PID:7620
- C:\Windows\System\UXkZULI.exe
  C:\Windows\System\UXkZULI.exe
  2⤵
  PID:7636
- C:\Windows\System\XHlAFmt.exe
  C:\Windows\System\XHlAFmt.exe
  2⤵
  PID:7652
- C:\Windows\System\LoGLOMM.exe
  C:\Windows\System\LoGLOMM.exe
  2⤵
  PID:7668
- C:\Windows\System\kFxyfqt.exe
  C:\Windows\System\kFxyfqt.exe
  2⤵
  PID:7684
- C:\Windows\System\UBNulhr.exe
  C:\Windows\System\UBNulhr.exe
  2⤵
  PID:7700
- C:\Windows\System\kjvuJCP.exe
  C:\Windows\System\kjvuJCP.exe
  2⤵
  PID:7716
- C:\Windows\System\aLLzkZs.exe
  C:\Windows\System\aLLzkZs.exe
  2⤵
  PID:7732
- C:\Windows\System\kVrnxoq.exe
  C:\Windows\System\kVrnxoq.exe
  2⤵
  PID:7792
- C:\Windows\System\DeUUlsJ.exe
  C:\Windows\System\DeUUlsJ.exe
  2⤵
  PID:7808
- C:\Windows\System\EuENMEm.exe
  C:\Windows\System\EuENMEm.exe
  2⤵
  PID:7828
- C:\Windows\System\oMoOnnZ.exe
  C:\Windows\System\oMoOnnZ.exe
  2⤵
  PID:7844
- C:\Windows\System\XJVfUdp.exe
  C:\Windows\System\XJVfUdp.exe
  2⤵
  PID:7860
- C:\Windows\System\SXbTipK.exe
  C:\Windows\System\SXbTipK.exe
  2⤵
  PID:7876
- C:\Windows\System\FhewlAr.exe
  C:\Windows\System\FhewlAr.exe
  2⤵
  PID:7892
- C:\Windows\System\zFNblWp.exe
  C:\Windows\System\zFNblWp.exe
  2⤵
  PID:7908
- C:\Windows\System\LZxaZoE.exe
  C:\Windows\System\LZxaZoE.exe
  2⤵
  PID:7924
- C:\Windows\System\cWeORBE.exe
  C:\Windows\System\cWeORBE.exe
  2⤵
  PID:7940
- C:\Windows\System\TIgCZzT.exe
  C:\Windows\System\TIgCZzT.exe
  2⤵
  PID:7956
- C:\Windows\System\QamipmG.exe
  C:\Windows\System\QamipmG.exe
  2⤵
  PID:7972
- C:\Windows\System\bNowoNO.exe
  C:\Windows\System\bNowoNO.exe
  2⤵
  PID:7988
- C:\Windows\System\idjWqso.exe
  C:\Windows\System\idjWqso.exe
  2⤵
  PID:8004
- C:\Windows\System\URTAPxY.exe
  C:\Windows\System\URTAPxY.exe
  2⤵
  PID:8020
- C:\Windows\System\ogTMQNd.exe
  C:\Windows\System\ogTMQNd.exe
  2⤵
  PID:8036
- C:\Windows\System\GoHMLEa.exe
  C:\Windows\System\GoHMLEa.exe
  2⤵
  PID:8052
- C:\Windows\System\SppDgvb.exe
  C:\Windows\System\SppDgvb.exe
  2⤵
  PID:8068
- C:\Windows\System\GEOLTDZ.exe
  C:\Windows\System\GEOLTDZ.exe
  2⤵
  PID:8084
- C:\Windows\System\DtURusg.exe
  C:\Windows\System\DtURusg.exe
  2⤵
  PID:8100
- C:\Windows\System\RmmiOWp.exe
  C:\Windows\System\RmmiOWp.exe
  2⤵
  PID:8116
- C:\Windows\System\kFEuHiy.exe
  C:\Windows\System\kFEuHiy.exe
  2⤵
  PID:8144
- C:\Windows\System\HAenqsL.exe
  C:\Windows\System\HAenqsL.exe
  2⤵
  PID:8160
- C:\Windows\System\HmXzklG.exe
  C:\Windows\System\HmXzklG.exe
  2⤵
  PID:8176
- C:\Windows\System\SQwabNb.exe
  C:\Windows\System\SQwabNb.exe
  2⤵
  PID:6268
- C:\Windows\System\Xwhvrul.exe
  C:\Windows\System\Xwhvrul.exe
  2⤵
  PID:5732
- C:\Windows\System\vKYgTQv.exe
  C:\Windows\System\vKYgTQv.exe
  2⤵
  PID:6884
- C:\Windows\System\QAdumRE.exe
  C:\Windows\System\QAdumRE.exe
  2⤵
  PID:7040
- C:\Windows\System\tkywzxO.exe
  C:\Windows\System\tkywzxO.exe
  2⤵
  PID:4820
- C:\Windows\System\xifqoSX.exe
  C:\Windows\System\xifqoSX.exe
  2⤵
  PID:6616
- C:\Windows\System\nCoxcoK.exe
  C:\Windows\System\nCoxcoK.exe
  2⤵
  PID:7236
- C:\Windows\System\vJtuobW.exe
  C:\Windows\System\vJtuobW.exe
  2⤵
  PID:7300
- C:\Windows\System\wwVQvJt.exe
  C:\Windows\System\wwVQvJt.exe
  2⤵
  PID:7332
- C:\Windows\System\TjNXdog.exe
  C:\Windows\System\TjNXdog.exe
  2⤵
  PID:6644
- C:\Windows\System\fBDHKMU.exe
  C:\Windows\System\fBDHKMU.exe
  2⤵
  PID:836
- C:\Windows\System\MKRAURZ.exe
  C:\Windows\System\MKRAURZ.exe
  2⤵
  PID:7184
- C:\Windows\System\ndqNCab.exe
  C:\Windows\System\ndqNCab.exe
  2⤵
  PID:7280
- C:\Windows\System\oSdtdzR.exe
  C:\Windows\System\oSdtdzR.exe
  2⤵
  PID:864
- C:\Windows\System\aLePzqP.exe
  C:\Windows\System\aLePzqP.exe
  2⤵
  PID:7344
- C:\Windows\System\egthPRe.exe
  C:\Windows\System\egthPRe.exe
  2⤵
  PID:7360
- C:\Windows\System\ByNzWxd.exe
  C:\Windows\System\ByNzWxd.exe
  2⤵
  PID:7452
- C:\Windows\System\PmUpPyh.exe
  C:\Windows\System\PmUpPyh.exe
  2⤵
  PID:7388
- C:\Windows\System\nlGBbxE.exe
  C:\Windows\System\nlGBbxE.exe
  2⤵
  PID:7488
- C:\Windows\System\YkPHfby.exe
  C:\Windows\System\YkPHfby.exe
  2⤵
  PID:7552
- C:\Windows\System\DpdaimF.exe
  C:\Windows\System\DpdaimF.exe
  2⤵
  PID:7616
- C:\Windows\System\ZIRebea.exe
  C:\Windows\System\ZIRebea.exe
  2⤵
  PID:848
- C:\Windows\System\dPGQzMp.exe
  C:\Windows\System\dPGQzMp.exe
  2⤵
  PID:7712
- C:\Windows\System\brpoaAI.exe
  C:\Windows\System\brpoaAI.exe
  2⤵
  PID:2500
- C:\Windows\System\OcnuTxq.exe
  C:\Windows\System\OcnuTxq.exe
  2⤵
  PID:7248
- C:\Windows\System\XgUdMsZ.exe
  C:\Windows\System\XgUdMsZ.exe
  2⤵
  PID:7472
- C:\Windows\System\VjnsQUZ.exe
  C:\Windows\System\VjnsQUZ.exe
  2⤵
  PID:7536
- C:\Windows\System\lCepSXc.exe
  C:\Windows\System\lCepSXc.exe
  2⤵
  PID:7600
- C:\Windows\System\aThxtDf.exe
  C:\Windows\System\aThxtDf.exe
  2⤵
  PID:7728
- C:\Windows\System\PbpqRiL.exe
  C:\Windows\System\PbpqRiL.exe
  2⤵
  PID:7756
- C:\Windows\System\oDBezva.exe
  C:\Windows\System\oDBezva.exe
  2⤵
  PID:7820
- C:\Windows\System\HVYGBOt.exe
  C:\Windows\System\HVYGBOt.exe
  2⤵
  PID:7784
- C:\Windows\System\cZHpwBY.exe
  C:\Windows\System\cZHpwBY.exe
  2⤵
  PID:7884
- C:\Windows\System\zxBLVqJ.exe
  C:\Windows\System\zxBLVqJ.exe
  2⤵
  PID:7948
- C:\Windows\System\DALkQem.exe
  C:\Windows\System\DALkQem.exe
  2⤵
  PID:8048
- C:\Windows\System\KurOKFr.exe
  C:\Windows\System\KurOKFr.exe
  2⤵
  PID:7404
- C:\Windows\System\thojMeX.exe
  C:\Windows\System\thojMeX.exe
  2⤵
  PID:7696
- C:\Windows\System\yoLMTVt.exe
  C:\Windows\System\yoLMTVt.exe
  2⤵
  PID:7840
- C:\Windows\System\VRPQvik.exe
  C:\Windows\System\VRPQvik.exe
  2⤵
  PID:7904
- C:\Windows\System\EXyXyYZ.exe
  C:\Windows\System\EXyXyYZ.exe
  2⤵
  PID:8000
- C:\Windows\System\YLQKDvN.exe
  C:\Windows\System\YLQKDvN.exe
  2⤵
  PID:8064
- C:\Windows\System\KBYxpuS.exe
  C:\Windows\System\KBYxpuS.exe
  2⤵
  PID:8156
- C:\Windows\System\SaoHaOu.exe
  C:\Windows\System\SaoHaOu.exe
  2⤵
  PID:6688
- C:\Windows\System\ElkdYNH.exe
  C:\Windows\System\ElkdYNH.exe
  2⤵
  PID:7232
- C:\Windows\System\eoIGeyh.exe
  C:\Windows\System\eoIGeyh.exe
  2⤵
  PID:6992
- C:\Windows\System\MMHHMBv.exe
  C:\Windows\System\MMHHMBv.exe
  2⤵
  PID:7340
- C:\Windows\System\pvGyiYd.exe
  C:\Windows\System\pvGyiYd.exe
  2⤵
  PID:7964
- C:\Windows\System\xZvXOPC.exe
  C:\Windows\System\xZvXOPC.exe
  2⤵
  PID:8168
- C:\Windows\System\kEhyEJD.exe
  C:\Windows\System\kEhyEJD.exe
  2⤵
  PID:1344
- C:\Windows\System\iRHPbOl.exe
  C:\Windows\System\iRHPbOl.exe
  2⤵
  PID:7268
- C:\Windows\System\iXAuflw.exe
  C:\Windows\System\iXAuflw.exe
  2⤵
  PID:3400
- C:\Windows\System\HmyBcRT.exe
  C:\Windows\System\HmyBcRT.exe
  2⤵
  PID:4936
- C:\Windows\System\znUJPTI.exe
  C:\Windows\System\znUJPTI.exe
  2⤵
  PID:7584
- C:\Windows\System\yGtvwrp.exe
  C:\Windows\System\yGtvwrp.exe
  2⤵
  PID:6216
- C:\Windows\System\bPbyqUP.exe
  C:\Windows\System\bPbyqUP.exe
  2⤵
  PID:7632
- C:\Windows\System\pLcfgKV.exe
  C:\Windows\System\pLcfgKV.exe
  2⤵
  PID:7852
- C:\Windows\System\DATjYhj.exe
  C:\Windows\System\DATjYhj.exe
  2⤵
  PID:7384
- C:\Windows\System\tiubyYB.exe
  C:\Windows\System\tiubyYB.exe
  2⤵
  PID:7548
- C:\Windows\System\KejvNig.exe
  C:\Windows\System\KejvNig.exe
  2⤵
  PID:6580
- C:\Windows\System\rHSSWiw.exe
  C:\Windows\System\rHSSWiw.exe
  2⤵
  PID:3620
- C:\Windows\System\YYECLvC.exe
  C:\Windows\System\YYECLvC.exe
  2⤵
  PID:7740
- C:\Windows\System\aeJYSDn.exe
  C:\Windows\System\aeJYSDn.exe
  2⤵
  PID:1332
- C:\Windows\System\sPlbefj.exe
  C:\Windows\System\sPlbefj.exe
  2⤵
  PID:7872
- C:\Windows\System\vTZBaAW.exe
  C:\Windows\System\vTZBaAW.exe
  2⤵
  PID:1984
- C:\Windows\System\JGsyTeY.exe
  C:\Windows\System\JGsyTeY.exe
  2⤵
  PID:5900
- C:\Windows\System\xvxovbX.exe
  C:\Windows\System\xvxovbX.exe
  2⤵
  PID:5724
- C:\Windows\System\LhUZUvu.exe
  C:\Windows\System\LhUZUvu.exe
  2⤵
  PID:5736
- C:\Windows\System\ufFWTwM.exe
  C:\Windows\System\ufFWTwM.exe
  2⤵
  PID:7804
- C:\Windows\System\jmqONka.exe
  C:\Windows\System\jmqONka.exe
  2⤵
  PID:8096
- C:\Windows\System\ZQPysPp.exe
  C:\Windows\System\ZQPysPp.exe
  2⤵
  PID:2576
- C:\Windows\System\OIfAksa.exe
  C:\Windows\System\OIfAksa.exe
  2⤵
  PID:7504
- C:\Windows\System\VoaoYIh.exe
  C:\Windows\System\VoaoYIh.exe
  2⤵
  PID:7676
- C:\Windows\System\DvunWiq.exe
  C:\Windows\System\DvunWiq.exe
  2⤵
  PID:7660
- C:\Windows\System\YsLpuaU.exe
  C:\Windows\System\YsLpuaU.exe
  2⤵
  PID:5976
- C:\Windows\System\cpKozGo.exe
  C:\Windows\System\cpKozGo.exe
  2⤵
  PID:868
- C:\Windows\System\uPKNEDD.exe
  C:\Windows\System\uPKNEDD.exe
  2⤵
  PID:7044
- C:\Windows\System\kZkvrZL.exe
  C:\Windows\System\kZkvrZL.exe
  2⤵
  PID:3132
- C:\Windows\System\HsSBPGM.exe
  C:\Windows\System\HsSBPGM.exe
  2⤵
  PID:7984
- C:\Windows\System\ylqEoxK.exe
  C:\Windows\System\ylqEoxK.exe
  2⤵
  PID:7800
- C:\Windows\System\WxqnoHr.exe
  C:\Windows\System\WxqnoHr.exe
  2⤵
  PID:7392
- C:\Windows\System\AMLpkbP.exe
  C:\Windows\System\AMLpkbP.exe
  2⤵
  PID:8200
- C:\Windows\System\IWwEcJp.exe
  C:\Windows\System\IWwEcJp.exe
  2⤵
  PID:8216
- C:\Windows\System\SWXWCvn.exe
  C:\Windows\System\SWXWCvn.exe
  2⤵
  PID:8232
- C:\Windows\System\aNTtcYz.exe
  C:\Windows\System\aNTtcYz.exe
  2⤵
  PID:8248
- C:\Windows\System\kEqADPh.exe
  C:\Windows\System\kEqADPh.exe
  2⤵
  PID:8264
- C:\Windows\System\iRuiHNf.exe
  C:\Windows\System\iRuiHNf.exe
  2⤵
  PID:8280
- C:\Windows\System\SoQIUzn.exe
  C:\Windows\System\SoQIUzn.exe
  2⤵
  PID:8296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\EbIYdVa.exe

Filesize
512KB

MD5
11919e0af7b24147ac37cca00c131c08

SHA1
51eab11b595b560c0f72211a12292f040f64ae1d

SHA256
a7af9d97db88616ccc62ccadac85874aeaa7586513a10601cac25ae399e8a745

SHA512
9fcff0829323b730f336c14aebee40a0d3e43ec1ddd2fea6e8f617259cec15b88841574db7ae5b34cf89ecab7ba6878fef9c1fabc26d29234ea49badc2dd064b

Download Submit
C:\Windows\system\IfFgygL.exe

Filesize
3.8MB

MD5
f9d9d0aba6fe107d4868297054b254bd

SHA1
0fd9d3bf774da3879c9aff09ed679bc795eefee2

SHA256
7492da8079bd41b4efca9f5469c7b7d47407e6b27dc83cdd028a106e5b3e61bf

SHA512
76630071fe6e889cb473d239c337da4303e871aecc7032e11f069878733e4877177ff2ce81ba9975fd729ff6fb77dab05bf7927b3341153f5f2b0547a543fb32

Download Submit
C:\Windows\system\LDDklgh.exe

Filesize
192KB

MD5
e9e05f80b348f45549f92f6aeb1357ca

SHA1
49f6b502307ded78ce6cb78d7b1536cb40385ca7

SHA256
0375c4658e807090410d86e5599498f69cf1398651a798e68eea3ce2308420c5

SHA512
f5cf53e6e2f8ffd4d46b55b6f3e47c7fc0755f48b3a67c57c30412fe2803ee8d9847c5c20c74acfb4f08a93095d77e3b7e85b11a434aa08b3ec2766889b69b01

Download Submit
C:\Windows\system\RSFyRcO.exe

Filesize
1.2MB

MD5
7f8e0a6822531fc1039d8a6bce159083

SHA1
47f95f1a7a9eaabad4c50ffd816906e278c8681b

SHA256
7a9b71aff99bdc53b469fe135d78fffcb8e850e481cd5dafb394f3135a4b110a

SHA512
3e01ce51d419b5de20cca0c3752b0e65c3202aa31ad07946000247de428decb271df4d7e3c87c55d789b045bebf11c9d1f77094a55f7186c779e72c45cd12ea4

Download Submit
C:\Windows\system\YQAJude.exe

Filesize
64KB

MD5
f61c033bf90b57d89bbda83991a10cb8

SHA1
4dd1989432a3c70ae1d2a687aed6495d1257fd5f

SHA256
dbf10af3247ddefb7b9c32009a80a6bf7d4375b499071bdb078f40bd53daed8d

SHA512
4fba3cdd8da9ea55317fed64c7e23f6810baf3b5e602836f81078cdb4f71e6da87d5b82e0047f440ddc702d4fe26c4c03bc618ca357176222ea8c6ddc485e7d7

Download Submit
C:\Windows\system\ZcrEAgb.exe

Filesize
768KB

MD5
24b5ffd69d65081193a8f8fa73d97195

SHA1
4e155916ef60ed418f41d249ef4ca5b195f02402

SHA256
389a7db4cc214526722b42ecffbfe21be97f2178948eec077a021957394bed8f

SHA512
379d675f754c0ff5956fa27b9075c21f9ed0963b76e879c2505da01990629e0faf233169ec132f371fac19ded78db45f4753872a606fc0d8722c7587d760104b

Download Submit
C:\Windows\system\ZrSAoko.exe

Filesize
3.8MB

MD5
084c5465c6d2c8af730cd808694efb58

SHA1
a6c5f67ae47cf9e430ca6f0c18f88a39b04e25c9

SHA256
933303c598957e447089a750f8e7ae94d427422eacab0a917c1db922ce7607e0

SHA512
2967b081802d3db419da6fde2c750b4885d0c43ac92d04774a545ac23aeac544f49a89440f87c6cd2de3d69923e2a194850285cc94537acdfc199e9d839b348b

Download Submit
C:\Windows\system\eQbDFQP.exe

Filesize
128KB

MD5
c1720bf6b92ec132d7564eac731fc38f

SHA1
70cb8ffa2b3c3f8755068ca52ef45bc05053e04c

SHA256
309ed1ac33cfbd551bec7fd27b31f8fba68ad8bf7555488bc49b3b419365ad4e

SHA512
bded35dca34da2db81635bd0b1bc8528f941dd3d298b7d8e44ed0acabcd10f167e10f2462737f28b287efd04cf55f2df73664e00f0d667cdbfbf8904a731f97f

Download Submit
C:\Windows\system\gHEwDmP.exe

Filesize
384KB

MD5
3617ca4042b558878e6aec0ab1121e45

SHA1
556bd00d65e0724ccfb0b5b164e6b6094cb0a037

SHA256
b5fbd3e039af04ef2a128934f3312857ec84fa8ee07234f6790380843f0cdd89

SHA512
8a00429dd03c87089cf50d906b3b3766a59e05e9bd6cdaa654f4a387c72716cba077789b499845877f436eeec232278651ba0509649ab9baa4b21b49836c11de

Download Submit
C:\Windows\system\koWUBCU.exe

Filesize
896KB

MD5
328cedac3d4fa50a020ae3cc13684ea7

SHA1
2270f836bd39dff81f4b6cfcaa234953519197af

SHA256
96c679cdf10b716f496e3c52b725f4e02b598099773e9877da2613e717421940

SHA512
e622df9f9e5b54dbeff5be2a65ae7d560cbeb28f2dc8170e0aa1c26437540a51fdff48e63a54fb68ebbc0fa88e8139b7c27a9fd2c7fe867f65309fcf28119bf5

Download Submit
C:\Windows\system\kxNKAGY.exe

Filesize
3.8MB

MD5
358fb4d0bc853ec2e42766b1d7e0f966

SHA1
aee199bf98b4838e14d6c05197b820ca4b1877a3

SHA256
93446293cd9c2c116059318f5a01d31fd9c2abd0a3c8ac9834fcb2146517e1b7

SHA512
c8e101259a8feb32d48f788405fdfbbb054c1a456004f7144babab348a5b801b6d01149fe6041a819a1c867fd9f5971b7cab1db99b362410a70403ec318effd1

Download Submit
C:\Windows\system\msTMxkP.exe

Filesize
576KB

MD5
b2ba68a73db4d16d334d6063c3c1d96c

SHA1
40f751860d05a0720c6e70284af3a93985258e50

SHA256
154585394c1b63e96c6563a77bfab71be9302b3e98e91b11756552572770acf3

SHA512
27211f7987b788915c444d43a7d7201a76dbcab87665ec02c047f243e47e5e13cac553b7cd6c3e269268e1ca81c5671fc9c68729c3f3573279c86374123724d7

Download Submit
C:\Windows\system\pwCjnll.exe

Filesize
1.4MB

MD5
a6fca15c6f1b82902fa40217551a5dce

SHA1
cdbac7c814c5f3e71e2a153b641e40ce0589d501

SHA256
3ba6d22fa35dab250eefff04c343188557e3ed286fb6145ed4c2ea6f1a6e8775

SHA512
f28ec9135e630578e081aa0ac646039b1e580e8f68a413da70116b3f6a995b67d0d7dcc852a928bc57ac964e5b406c473a2e1622f62eb2e6e1afba8aeddee041

Download Submit
C:\Windows\system\vFwXQXe.exe

Filesize
1024KB

MD5
ccd7e31144c9a6c08a27e3bedd8595da

SHA1
7552e10ef0c413d55dd4eb57ab8f205b233df64e

SHA256
255ed5e02f8a0c643044a2516cf5a6f7f24e4307347872f0b33f6db87e9350a6

SHA512
c8fdef843fe6cf141f6e4a77f992721adc0be2aef770fad32a257fa90c32a312d6a7ae40aaaae8be5de0cfadb869a45cd1688821f5fabf67cadbfdb854c24ff3

Download Submit
C:\Windows\system\vIWjSkN.exe

Filesize
832KB

MD5
1750a025724849321bdd8be071f18bd8

SHA1
c09cdec7be3dfd09b56d45fd1e21b72d777ab2e1

SHA256
4a764f27bcd06afeb03015fef8349c7d0837753c27d79d2fa25c8ef64b2a1d4a

SHA512
7c695a6f1d05d5b14d2ee9bdafacb5d07029aea94f1396ef87da23aed7bbab78b9a2b7c05a07e3d6f496158d828482af7004b9d63581313659920e36dbcb054c

Download Submit
C:\Windows\system\xhcGLYV.exe

Filesize
1.7MB

MD5
66a081e0f135e381465890b44b4b272f

SHA1
f2ad0faa8e736aaf9fd73fb96d7a1c38b1e84da3

SHA256
6e82f0891ed3c78cfc713a2f5b01d87bedf8771230b760d90a9f5806a8392ec8

SHA512
63b4a33d737f4431a70ca2f2c7af835c9e1ea1bbf3bb3ae1686d43aba7508241cd04d4db619def8df5b9dd4f33d0dd4f7c905c5a904c8473f9d9da558c3a50be

Download Submit
C:\Windows\system\yZHxZzW.exe

Filesize
1.5MB

MD5
ce7069685850a0ff9a6ed404fb6546f3

SHA1
fd92b42a34b882910139a5a48d9fbf260d4207aa

SHA256
dbcd846f674679f4baea2ed5b6ef9501763545b12c4658984e9ecac30c093cff

SHA512
e6da9299ed2532a8259e68b2872dcc5f698e73aa1175626c805585ea3eaf879d67f909c82fdd01bf5916d8d8c8595add5b778fa3638f94f91f8eee63812de5db

Download Submit
\Windows\system\YxRTdOX.exe

Filesize
1.3MB

MD5
4850be711c75174e63bdb3986b7959bb

SHA1
566464510eb673fe29e1a634c5c384360a969523

SHA256
840d0f2d9883b20f7033b06e489e66217c93ceda37d80d06089dfd25864306de

SHA512
49c9722f509d1d20b930138cef86e4d4ca53200e6b9d506f84183cc88c61d603fc0f5e5aebcd5dba1b5bdbad31a02aaef4547e7b25d6caf8156da44723fe2261

Download Submit
\Windows\system\ZcrEAgb.exe

Filesize
1.1MB

MD5
0a323fa3eff823937fb239bff97f8086

SHA1
058088a28c3a2e5335928c4e7a4f25c8b6b8dd42

SHA256
9a7c837285b800a6910ed199e51f31de7a8baa8f1a6a4c5c6f31e3a56fda4ace

SHA512
66337544354be3bfef95541f7b11587f752b983efa4f6387e56ce2f9a67e99929119765c099468b624953a7a62401f09adff46f91edf457e3c3d5b2a1da23cc6

Download Submit
\Windows\system\ZrSAoko.exe

Filesize
3.5MB

MD5
bafcafc187d9226e8f010e6cf579a6f6

SHA1
f40c4bbf75111b289d28acd3e049ac43184b82bd

SHA256
f9799ac20480007e411b268658a0208e13f114a6d6bf0ab3891b398aae2e2d9f

SHA512
36c5d2b393734ac6973d730f7921a3cfc709da9f30c1385de5a98969db1c39ad393e9d669ba251a35a946216bffd4da9dc1246d3d35dd958a9fc4c60797a6d4f

Download Submit
\Windows\system\ardZTfQ.exe

Filesize
640KB

MD5
6d9429b0307d66cf90b064f73dcdd350

SHA1
44ffef129256c4aa16b4af8b6b1fe34d0f41dac6

SHA256
89a784f616f319b904ad4b47ca7bfc15d81f2a5367718c1437108612b0b739b9

SHA512
5dd97cf26246521d6726a92bc079fcd6300c98957680d316d31109f9c106c1202e909b1daa0a799ac707b3737599a39ef49024796d5edbfe543a8db6fdc8f393

Download Submit
\Windows\system\ciymSFf.exe

Filesize
1.4MB

MD5
0905409290a4c59bb6d86754ebacbce0

SHA1
b6b072b79585364139c2a6009d361728b2106404

SHA256
51c4f3c659fcb3ece8797231dd589890651b9d3e984f871e39661554fdeb3301

SHA512
6fcb1b1fae83b6d1d2f296c123b4125583c9653e8ade46946607d493ade0c797ca40d667beb33da1467106ec26e3f1ab7a5128975142ef1cbadfaf4e3126b2d3

Download Submit
\Windows\system\eQbDFQP.exe

Filesize
704KB

MD5
5a859925859f724ae2b914bf73771a10

SHA1
3df34971be00c0068091dce2a8ea5796aa651c6e

SHA256
1b3eed38414adafdc420537e2d5f9bc88aa15318f9c670cb8e0551824c8cca10

SHA512
3f5d88a5b779da3350575bc72ae2f6dd7fb4666d1d0a92c7d8595a771881cc3dcef58c5dfdbcb193c58bc45a13d9e7090800030875cce71a7c5332d4c3a6b7ff

Download Submit
\Windows\system\fNHZYfw.exe

Filesize
1.9MB

MD5
381370c424c61ef49cea8ec9c4edbd99

SHA1
c69a81b501d09e89111bb81b35a3f2c5947bc20c

SHA256
84aaf7025436c5d4d214fdee66a7ab83f76f105d58ed06614f4611268f110ac4

SHA512
7264952e2188c1a7c81ec078ac2a4c4dc122b666631fa6da7af7e36385ed712f3da08e86a12cd0db8b0bcb6622d268566468d964bd3ea5d08c50d44fef607a31

Download Submit
\Windows\system\gHEwDmP.exe

Filesize
448KB

MD5
e1b0e4f1e9d27696701c4b8e6c1fb92b

SHA1
250208f24df0f6e2fcc93e3aa36248290d5d3931

SHA256
eb3827c3694890dc070aaa28840c68cfcfc203a791b424202cd641eb85c99a00

SHA512
2b738d074a6a5aecc2b0f251addf87d8ecf7d947a5d74da76a342d8cf7552a86ebc16e178b4dc3f81b74b6184ec7c8274716ff5f4a3bfd524669584da29cce48

Download Submit
\Windows\system\kxNKAGY.exe

Filesize
3.6MB

MD5
9a92636ccd8df9083589ac1616d3a515

SHA1
f69c71b711619f68f41a0d1a6e09024a68e43e97

SHA256
51c8e019bf0a9e6de56b2b6f3ec91ead00ab16ee56c8edc74672507fd2a27661

SHA512
8118734291eac27ecf5ab9bc479a87aefdf43bbb05cfc063eb8f8c1e9d30a536db4e473bfb708c7e653b02d54245fec85e7003f2f4bfd8b027a26bccbea28dec

Download Submit
\Windows\system\oipflpo.exe

Filesize
1.0MB

MD5
7f991ced5d464db9152d1e2ae04f6f16

SHA1
1322252a300252ff20d3400f1b596f2d801bc9f3

SHA256
dacb22084e1a0e3c3616b0ec306d1c35f334b96905f0cc618668b1a8d100cec0

SHA512
1f83556028c7221a9f74fc63e33d0124e735d955a8a1d6f98f0c34d5dd702d70e0c81e726d8ec8dc178d9691befb05e6a36846f667c5f52aaebd9433a00c3d42

Download Submit
\Windows\system\vFwXQXe.exe

Filesize
2.6MB

MD5
a264bba87824218498cb2c0134347820

SHA1
b2e8ef0e47dd652bf91ec349d78c69666404ba6b

SHA256
ffff0450077b1b5088675d6934ad63121ff1262a19fe55bd5b13f9b2befe4b3c

SHA512
f96a088ced28b0f9181a808332a629ce0b3de424d4ce18d00040e178e435f620ed3fc556227e498e7756ce8149f96ee97501701d5969cc6c35a12187e0e7921a

Download Submit
memory/336-1371-0x000000013FC30000-0x0000000140026000-memory.dmp

Filesize
4.0MB

Download
memory/612-1240-0x000000013FB50000-0x000000013FF46000-memory.dmp

Filesize
4.0MB

Download
memory/920-1655-0x000000013FD00000-0x00000001400F6000-memory.dmp

Filesize
4.0MB

Download
memory/936-1656-0x000000013F680000-0x000000013FA76000-memory.dmp

Filesize
4.0MB

Download
memory/1000-1237-0x000000013FA10000-0x000000013FE06000-memory.dmp

Filesize
4.0MB

Download
memory/1088-1575-0x000000013FA50000-0x000000013FE46000-memory.dmp

Filesize
4.0MB

Download
memory/1508-1166-0x000000013FD90000-0x0000000140186000-memory.dmp

Filesize
4.0MB

Download
memory/1688-1443-0x000000013FEC0000-0x00000001402B6000-memory.dmp

Filesize
4.0MB

Download
memory/1708-1516-0x000000013FCA0000-0x0000000140096000-memory.dmp

Filesize
4.0MB

Download
memory/1712-851-0x000000013F930000-0x000000013FD26000-memory.dmp

Filesize
4.0MB

Download
memory/1712-477-0x0000000003610000-0x0000000003A06000-memory.dmp

Filesize
4.0MB

Download
memory/1712-7-0x0000000002CB0000-0x00000000030A6000-memory.dmp

Filesize
4.0MB

Download
memory/1712-45-0x0000000002DD0000-0x00000000031C6000-memory.dmp

Filesize
4.0MB

Download
memory/1712-168-0x000000013F880000-0x000000013FC76000-memory.dmp

Filesize
4.0MB

Download
memory/1712-171-0x0000000003070000-0x0000000003466000-memory.dmp

Filesize
4.0MB

Download
memory/1712-631-0x000000013F970000-0x000000013FD66000-memory.dmp

Filesize
4.0MB

Download
memory/1712-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1712-0-0x000000013F460000-0x000000013F856000-memory.dmp

Filesize
4.0MB

Download
memory/1712-417-0x0000000003610000-0x0000000003A06000-memory.dmp

Filesize
4.0MB

Download
memory/1712-43-0x0000000002DD0000-0x00000000031C6000-memory.dmp

Filesize
4.0MB

Download
memory/1800-1617-0x000000013F090000-0x000000013F486000-memory.dmp

Filesize
4.0MB

Download
memory/1920-1236-0x000000013F1F0000-0x000000013F5E6000-memory.dmp

Filesize
4.0MB

Download
memory/2028-1165-0x000000013FD90000-0x0000000140186000-memory.dmp

Filesize
4.0MB

Download
memory/2144-1234-0x000000013F660000-0x000000013FA56000-memory.dmp

Filesize
4.0MB

Download
memory/2184-567-0x000000013F620000-0x000000013FA16000-memory.dmp

Filesize
4.0MB

Download
memory/2184-1161-0x000000013F620000-0x000000013FA16000-memory.dmp

Filesize
4.0MB

Download
memory/2196-1311-0x000000013F420000-0x000000013F816000-memory.dmp

Filesize
4.0MB

Download
memory/2244-418-0x000000013F670000-0x000000013FA66000-memory.dmp

Filesize
4.0MB

Download
memory/2244-1096-0x000000013F670000-0x000000013FA66000-memory.dmp

Filesize
4.0MB

Download
memory/2316-340-0x000000013F880000-0x000000013FC76000-memory.dmp

Filesize
4.0MB

Download
memory/2316-1163-0x000000013F880000-0x000000013FC76000-memory.dmp

Filesize
4.0MB

Download
memory/2444-1235-0x000000013F050000-0x000000013F446000-memory.dmp

Filesize
4.0MB

Download
memory/2476-1654-0x000000013F8A0000-0x000000013FC96000-memory.dmp

Filesize
4.0MB

Download
memory/2516-1089-0x000000013F7F0000-0x000000013FBE6000-memory.dmp

Filesize
4.0MB

Download
memory/2516-312-0x000000013F7F0000-0x000000013FBE6000-memory.dmp

Filesize
4.0MB

Download
memory/2524-393-0x000000013F240000-0x000000013F636000-memory.dmp

Filesize
4.0MB

Download
memory/2524-1162-0x000000013F240000-0x000000013F636000-memory.dmp

Filesize
4.0MB

Download
memory/2560-1233-0x000000013FCC0000-0x00000001400B6000-memory.dmp

Filesize
4.0MB

Download
memory/2564-1517-0x000000013F470000-0x000000013F866000-memory.dmp

Filesize
4.0MB

Download
memory/2572-24-0x000000001B690000-0x000000001B972000-memory.dmp

Filesize
2.9MB

Download
memory/2572-139-0x0000000002D30000-0x0000000002DB0000-memory.dmp

Filesize
512KB

Download
memory/2572-138-0x000007FEF5910000-0x000007FEF62AD000-memory.dmp

Filesize
9.6MB

Download
memory/2572-46-0x0000000001D30000-0x0000000001D38000-memory.dmp

Filesize
32KB

Download
memory/2572-137-0x0000000002D30000-0x0000000002DB0000-memory.dmp

Filesize
512KB

Download
memory/2572-107-0x000007FEF5910000-0x000007FEF62AD000-memory.dmp

Filesize
9.6MB

Download
memory/2608-1087-0x000000013F900000-0x000000013FCF6000-memory.dmp

Filesize
4.0MB

Download
memory/2608-177-0x000000013F900000-0x000000013FCF6000-memory.dmp

Filesize
4.0MB

Download
memory/2636-1159-0x000000013F690000-0x000000013FA86000-memory.dmp

Filesize
4.0MB

Download
memory/2636-163-0x000000013F690000-0x000000013FA86000-memory.dmp

Filesize
4.0MB

Download
memory/2704-1088-0x000000013F150000-0x000000013F546000-memory.dmp

Filesize
4.0MB

Download
memory/2704-150-0x000000013F150000-0x000000013F546000-memory.dmp

Filesize
4.0MB

Download
memory/2736-164-0x000000013F4E0000-0x000000013F8D6000-memory.dmp

Filesize
4.0MB

Download
memory/2736-1160-0x000000013F4E0000-0x000000013F8D6000-memory.dmp

Filesize
4.0MB

Download
memory/2772-40-0x000000013F560000-0x000000013F956000-memory.dmp

Filesize
4.0MB

Download
memory/2772-1086-0x000000013F560000-0x000000013F956000-memory.dmp

Filesize
4.0MB

Download
memory/2792-1361-0x000000013FFC0000-0x00000001403B6000-memory.dmp

Filesize
4.0MB

Download
memory/2796-1241-0x000000013F930000-0x000000013FD26000-memory.dmp

Filesize
4.0MB

Download
memory/2820-1238-0x000000013FDD0000-0x00000001401C6000-memory.dmp

Filesize
4.0MB

Download
memory/2852-1239-0x000000013FBC0000-0x000000013FFB6000-memory.dmp

Filesize
4.0MB

Download
memory/2880-1164-0x000000013F200000-0x000000013F5F6000-memory.dmp

Filesize
4.0MB

Download
memory/2900-1167-0x000000013FEE0000-0x00000001402D6000-memory.dmp

Filesize
4.0MB

Download
memory/2984-1518-0x000000013FA10000-0x000000013FE06000-memory.dmp

Filesize
4.0MB

Download
memory/3064-783-0x000000013F970000-0x000000013FD66000-memory.dmp

Filesize
4.0MB

Download
memory/3064-1098-0x000000013F970000-0x000000013FD66000-memory.dmp

Filesize
4.0MB

Download
memory/4136-1503-0x000000013F540000-0x000000013F936000-memory.dmp

Filesize
4.0MB

Download