xmrig | 7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265

Analysis

max time kernel
111s
max time network
146s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 23:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
Size

3.3MB
MD5

0501700f16c599d003119e17ebfc2d79
SHA1

6b281ada8aa0bff3005554064b371c085c9dd24c
SHA256

7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265
SHA512

e04fb34e2bd09382614addb172c9aeeac391a0792bcf6b15220034fa98c9c1380bb12d0dc796ac2754a391bee559e0d7c3da8484323ad023afa5f5509632e240
SSDEEP

98304:S1ONtyBeSFkXV1etEKLlWUTOfeiRA2R76zHrW4:SbBeSFkc

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 53 IoCs

resource	yara_rule
behavioral1/memory/3024-5-0x000000013F7F0000-0x000000013FBE6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0007000000014b27-19.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x000c0000000144e4-18.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0007000000014baa-16.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x000a000000014e51-32.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x003400000001471d-6.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x000a000000014bea-21.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000015d28-53.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000015d4a-57.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000015d56-61.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000015d6f-73.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000016117-109.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000016a9a-137.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x00060000000164b2-128.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x000600000001661c-126.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000016843-132.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x00060000000161e7-113.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000015fe9-105.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000016572-124.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000015eaf-97.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x000600000001630b-117.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000015f6d-101.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000015e3a-93.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000015d9b-89.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000015d8f-85.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000015d87-81.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000015d79-77.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2576-285-0x000000013F040000-0x000000013F436000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/3024-3627-0x000000013F7F0000-0x000000013FBE6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2560-410-0x000000013FE30000-0x0000000140226000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2672-301-0x000000013F0A0000-0x000000013F496000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2452-400-0x000000013FC10000-0x0000000140006000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2776-283-0x000000013F590000-0x000000013F986000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2664-282-0x000000013F900000-0x000000013FCF6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2548-280-0x000000013FAF0000-0x000000013FEE6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2584-279-0x000000013FE80000-0x0000000140276000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/3068-275-0x000000013FFA0000-0x0000000140396000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2588-272-0x000000013FA10000-0x000000013FE06000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2004-244-0x000000013F1A0000-0x000000013F596000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2308-232-0x000000013FBF0000-0x000000013FFE6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000015d67-69.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000015d5e-65.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000015d07-49.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000015ceb-45.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0007000000015ce1-42.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0007000000014b63-12.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2584-4559-0x000000013FE80000-0x0000000140276000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2308-4562-0x000000013FBF0000-0x000000013FFE6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2672-6276-0x000000013F0A0000-0x000000013F496000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2576-6278-0x000000013F040000-0x000000013F436000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2452-6277-0x000000013FC10000-0x0000000140006000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2776-6328-0x000000013F590000-0x000000013F986000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2560-6291-0x000000013FE30000-0x0000000140226000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 53 IoCs

resource	yara_rule
behavioral1/memory/3024-5-0x000000013F7F0000-0x000000013FBE6000-memory.dmp	UPX
behavioral1/files/0x0007000000014b27-19.dat	UPX
behavioral1/files/0x000c0000000144e4-18.dat	UPX
behavioral1/files/0x0007000000014baa-16.dat	UPX
behavioral1/files/0x000a000000014e51-32.dat	UPX
behavioral1/files/0x003400000001471d-6.dat	UPX
behavioral1/files/0x000a000000014bea-21.dat	UPX
behavioral1/files/0x0006000000015d28-53.dat	UPX
behavioral1/files/0x0006000000015d4a-57.dat	UPX
behavioral1/files/0x0006000000015d56-61.dat	UPX
behavioral1/files/0x0006000000015d6f-73.dat	UPX
behavioral1/files/0x0006000000016117-109.dat	UPX
behavioral1/files/0x0006000000016a9a-137.dat	UPX
behavioral1/files/0x00060000000164b2-128.dat	UPX
behavioral1/files/0x000600000001661c-126.dat	UPX
behavioral1/files/0x0006000000016843-132.dat	UPX
behavioral1/files/0x00060000000161e7-113.dat	UPX
behavioral1/files/0x0006000000015fe9-105.dat	UPX
behavioral1/files/0x0006000000016572-124.dat	UPX
behavioral1/files/0x0006000000015eaf-97.dat	UPX
behavioral1/files/0x000600000001630b-117.dat	UPX
behavioral1/files/0x0006000000015f6d-101.dat	UPX
behavioral1/files/0x0006000000015e3a-93.dat	UPX
behavioral1/files/0x0006000000015d9b-89.dat	UPX
behavioral1/files/0x0006000000015d8f-85.dat	UPX
behavioral1/files/0x0006000000015d87-81.dat	UPX
behavioral1/files/0x0006000000015d79-77.dat	UPX
behavioral1/memory/2576-285-0x000000013F040000-0x000000013F436000-memory.dmp	UPX
behavioral1/memory/3024-3627-0x000000013F7F0000-0x000000013FBE6000-memory.dmp	UPX
behavioral1/memory/2560-410-0x000000013FE30000-0x0000000140226000-memory.dmp	UPX
behavioral1/memory/2672-301-0x000000013F0A0000-0x000000013F496000-memory.dmp	UPX
behavioral1/memory/2452-400-0x000000013FC10000-0x0000000140006000-memory.dmp	UPX
behavioral1/memory/2776-283-0x000000013F590000-0x000000013F986000-memory.dmp	UPX
behavioral1/memory/2664-282-0x000000013F900000-0x000000013FCF6000-memory.dmp	UPX
behavioral1/memory/2548-280-0x000000013FAF0000-0x000000013FEE6000-memory.dmp	UPX
behavioral1/memory/2584-279-0x000000013FE80000-0x0000000140276000-memory.dmp	UPX
behavioral1/memory/3068-275-0x000000013FFA0000-0x0000000140396000-memory.dmp	UPX
behavioral1/memory/2588-272-0x000000013FA10000-0x000000013FE06000-memory.dmp	UPX
behavioral1/memory/2004-244-0x000000013F1A0000-0x000000013F596000-memory.dmp	UPX
behavioral1/memory/2308-232-0x000000013FBF0000-0x000000013FFE6000-memory.dmp	UPX
behavioral1/files/0x0006000000015d67-69.dat	UPX
behavioral1/files/0x0006000000015d5e-65.dat	UPX
behavioral1/files/0x0006000000015d07-49.dat	UPX
behavioral1/files/0x0006000000015ceb-45.dat	UPX
behavioral1/files/0x0007000000015ce1-42.dat	UPX
behavioral1/files/0x0007000000014b63-12.dat	UPX
behavioral1/memory/2584-4559-0x000000013FE80000-0x0000000140276000-memory.dmp	UPX
behavioral1/memory/2308-4562-0x000000013FBF0000-0x000000013FFE6000-memory.dmp	UPX
behavioral1/memory/2672-6276-0x000000013F0A0000-0x000000013F496000-memory.dmp	UPX
behavioral1/memory/2576-6278-0x000000013F040000-0x000000013F436000-memory.dmp	UPX
behavioral1/memory/2452-6277-0x000000013FC10000-0x0000000140006000-memory.dmp	UPX
behavioral1/memory/2776-6328-0x000000013F590000-0x000000013F986000-memory.dmp	UPX
behavioral1/memory/2560-6291-0x000000013FE30000-0x0000000140226000-memory.dmp	UPX

XMRig Miner payload 54 IoCs

miner

resource	yara_rule
behavioral1/memory/3024-5-0x000000013F7F0000-0x000000013FBE6000-memory.dmp	xmrig
behavioral1/files/0x0007000000014b27-19.dat	xmrig
behavioral1/files/0x000c0000000144e4-18.dat	xmrig
behavioral1/files/0x0007000000014baa-16.dat	xmrig
behavioral1/files/0x000a000000014e51-32.dat	xmrig
behavioral1/files/0x003400000001471d-6.dat	xmrig
behavioral1/files/0x000a000000014bea-21.dat	xmrig
behavioral1/files/0x0006000000015d28-53.dat	xmrig
behavioral1/files/0x0006000000015d4a-57.dat	xmrig
behavioral1/files/0x0006000000015d56-61.dat	xmrig
behavioral1/files/0x0006000000015d6f-73.dat	xmrig
behavioral1/files/0x0006000000016117-109.dat	xmrig
behavioral1/files/0x0006000000016a9a-137.dat	xmrig
behavioral1/files/0x00060000000164b2-128.dat	xmrig
behavioral1/files/0x000600000001661c-126.dat	xmrig
behavioral1/files/0x0006000000016843-132.dat	xmrig
behavioral1/files/0x00060000000161e7-113.dat	xmrig
behavioral1/files/0x0006000000015fe9-105.dat	xmrig
behavioral1/files/0x0006000000016572-124.dat	xmrig
behavioral1/files/0x0006000000015eaf-97.dat	xmrig
behavioral1/files/0x000600000001630b-117.dat	xmrig
behavioral1/files/0x0006000000015f6d-101.dat	xmrig
behavioral1/files/0x0006000000015e3a-93.dat	xmrig
behavioral1/files/0x0006000000015d9b-89.dat	xmrig
behavioral1/files/0x0006000000015d8f-85.dat	xmrig
behavioral1/files/0x0006000000015d87-81.dat	xmrig
behavioral1/files/0x0006000000015d79-77.dat	xmrig
behavioral1/memory/2576-285-0x000000013F040000-0x000000013F436000-memory.dmp	xmrig
behavioral1/memory/3024-3627-0x000000013F7F0000-0x000000013FBE6000-memory.dmp	xmrig
behavioral1/memory/2560-410-0x000000013FE30000-0x0000000140226000-memory.dmp	xmrig
behavioral1/memory/2672-301-0x000000013F0A0000-0x000000013F496000-memory.dmp	xmrig
behavioral1/memory/2452-400-0x000000013FC10000-0x0000000140006000-memory.dmp	xmrig
behavioral1/memory/2776-283-0x000000013F590000-0x000000013F986000-memory.dmp	xmrig
behavioral1/memory/2664-282-0x000000013F900000-0x000000013FCF6000-memory.dmp	xmrig
behavioral1/memory/3024-281-0x00000000032C0000-0x00000000036B6000-memory.dmp	xmrig
behavioral1/memory/2548-280-0x000000013FAF0000-0x000000013FEE6000-memory.dmp	xmrig
behavioral1/memory/2584-279-0x000000013FE80000-0x0000000140276000-memory.dmp	xmrig
behavioral1/memory/3068-275-0x000000013FFA0000-0x0000000140396000-memory.dmp	xmrig
behavioral1/memory/2588-272-0x000000013FA10000-0x000000013FE06000-memory.dmp	xmrig
behavioral1/memory/2004-244-0x000000013F1A0000-0x000000013F596000-memory.dmp	xmrig
behavioral1/memory/2308-232-0x000000013FBF0000-0x000000013FFE6000-memory.dmp	xmrig
behavioral1/files/0x0006000000015d67-69.dat	xmrig
behavioral1/files/0x0006000000015d5e-65.dat	xmrig
behavioral1/files/0x0006000000015d07-49.dat	xmrig
behavioral1/files/0x0006000000015ceb-45.dat	xmrig
behavioral1/files/0x0007000000015ce1-42.dat	xmrig
behavioral1/files/0x0007000000014b63-12.dat	xmrig
behavioral1/memory/2584-4559-0x000000013FE80000-0x0000000140276000-memory.dmp	xmrig
behavioral1/memory/2308-4562-0x000000013FBF0000-0x000000013FFE6000-memory.dmp	xmrig
behavioral1/memory/2672-6276-0x000000013F0A0000-0x000000013F496000-memory.dmp	xmrig
behavioral1/memory/2576-6278-0x000000013F040000-0x000000013F436000-memory.dmp	xmrig
behavioral1/memory/2452-6277-0x000000013FC10000-0x0000000140006000-memory.dmp	xmrig
behavioral1/memory/2776-6328-0x000000013F590000-0x000000013F986000-memory.dmp	xmrig
behavioral1/memory/2560-6291-0x000000013FE30000-0x0000000140226000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
1280	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2308	ULCKvuI.exe
2004	sifwYzP.exe
2588	zDOAnUc.exe
3068	VNmmgTL.exe
2584	QORrKox.exe
2548	sILxeog.exe
2664	nIHJBNy.exe
2776	YJCxWgM.exe
2576	tomcxDR.exe
2672	zSwBstk.exe
2452	zTCbsVe.exe
2560	GMXfkCb.exe
3036	IgixSgL.exe
1048	kGUusvH.exe
1508	LlzXTHE.exe
2928	eOBJFBy.exe
2980	awXhTgr.exe
2976	lwSkLdP.exe
1928	cgXIRiE.exe
1908	VknENSE.exe
2424	dTDxQev.exe
1556	KjOKcmi.exe
2788	TYJAMhP.exe
628	KEYKurD.exe
2676	uOEypPD.exe
324	miSKzjl.exe
1312	XIeycAo.exe
1240	zaYUnUx.exe
1316	NGWicwA.exe
1276	OerOVzs.exe
2248	MqvcoOi.exe
336	ANXRozz.exe
2620	gznGBoX.exe
2872	WBjIsSc.exe
1820	hCHKaHW.exe
2092	JToFpal.exe
2216	bHwSnaI.exe
576	ZPElTcH.exe
2864	xaWCsQB.exe
640	fcNeABv.exe
588	LFVHKLT.exe
812	zvILomC.exe
1796	bGklSop.exe
292	qeMtDDW.exe
1804	pEYMCph.exe
636	kzddAOP.exe
884	sLdqEPE.exe
1080	hKXupmm.exe
2144	vUrOeVq.exe
2152	aauDOtU.exe
784	XjDVLUU.exe
1536	cpTmqgS.exe
300	toYngnE.exe
1544	xuFznAD.exe
944	lzmOvab.exe
1864	lmHUIhP.exe
2208	AzUCVJG.exe
2564	khdVNox.exe
2472	FuHmcup.exe
2444	fdIpTTP.exe
308	kAwWRWz.exe
2624	HrWDAAq.exe
1604	pZyMmHc.exe
2568	EleGTVc.exe

Loads dropped DLL 64 IoCs

pid	Process
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe

UPX packed file 53 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3024-5-0x000000013F7F0000-0x000000013FBE6000-memory.dmp	upx
behavioral1/files/0x0007000000014b27-19.dat	upx
behavioral1/files/0x000c0000000144e4-18.dat	upx
behavioral1/files/0x0007000000014baa-16.dat	upx
behavioral1/files/0x000a000000014e51-32.dat	upx
behavioral1/files/0x003400000001471d-6.dat	upx
behavioral1/files/0x000a000000014bea-21.dat	upx
behavioral1/files/0x0006000000015d28-53.dat	upx
behavioral1/files/0x0006000000015d4a-57.dat	upx
behavioral1/files/0x0006000000015d56-61.dat	upx
behavioral1/files/0x0006000000015d6f-73.dat	upx
behavioral1/files/0x0006000000016117-109.dat	upx
behavioral1/files/0x0006000000016a9a-137.dat	upx
behavioral1/files/0x00060000000164b2-128.dat	upx
behavioral1/files/0x000600000001661c-126.dat	upx
behavioral1/files/0x0006000000016843-132.dat	upx
behavioral1/files/0x00060000000161e7-113.dat	upx
behavioral1/files/0x0006000000015fe9-105.dat	upx
behavioral1/files/0x0006000000016572-124.dat	upx
behavioral1/files/0x0006000000015eaf-97.dat	upx
behavioral1/files/0x000600000001630b-117.dat	upx
behavioral1/files/0x0006000000015f6d-101.dat	upx
behavioral1/files/0x0006000000015e3a-93.dat	upx
behavioral1/files/0x0006000000015d9b-89.dat	upx
behavioral1/files/0x0006000000015d8f-85.dat	upx
behavioral1/files/0x0006000000015d87-81.dat	upx
behavioral1/files/0x0006000000015d79-77.dat	upx
behavioral1/memory/2576-285-0x000000013F040000-0x000000013F436000-memory.dmp	upx
behavioral1/memory/3024-3627-0x000000013F7F0000-0x000000013FBE6000-memory.dmp	upx
behavioral1/memory/2560-410-0x000000013FE30000-0x0000000140226000-memory.dmp	upx
behavioral1/memory/2672-301-0x000000013F0A0000-0x000000013F496000-memory.dmp	upx
behavioral1/memory/2452-400-0x000000013FC10000-0x0000000140006000-memory.dmp	upx
behavioral1/memory/2776-283-0x000000013F590000-0x000000013F986000-memory.dmp	upx
behavioral1/memory/2664-282-0x000000013F900000-0x000000013FCF6000-memory.dmp	upx
behavioral1/memory/2548-280-0x000000013FAF0000-0x000000013FEE6000-memory.dmp	upx
behavioral1/memory/2584-279-0x000000013FE80000-0x0000000140276000-memory.dmp	upx
behavioral1/memory/3068-275-0x000000013FFA0000-0x0000000140396000-memory.dmp	upx
behavioral1/memory/2588-272-0x000000013FA10000-0x000000013FE06000-memory.dmp	upx
behavioral1/memory/2004-244-0x000000013F1A0000-0x000000013F596000-memory.dmp	upx
behavioral1/memory/2308-232-0x000000013FBF0000-0x000000013FFE6000-memory.dmp	upx
behavioral1/files/0x0006000000015d67-69.dat	upx
behavioral1/files/0x0006000000015d5e-65.dat	upx
behavioral1/files/0x0006000000015d07-49.dat	upx
behavioral1/files/0x0006000000015ceb-45.dat	upx
behavioral1/files/0x0007000000015ce1-42.dat	upx
behavioral1/files/0x0007000000014b63-12.dat	upx
behavioral1/memory/2584-4559-0x000000013FE80000-0x0000000140276000-memory.dmp	upx
behavioral1/memory/2308-4562-0x000000013FBF0000-0x000000013FFE6000-memory.dmp	upx
behavioral1/memory/2672-6276-0x000000013F0A0000-0x000000013F496000-memory.dmp	upx
behavioral1/memory/2576-6278-0x000000013F040000-0x000000013F436000-memory.dmp	upx
behavioral1/memory/2452-6277-0x000000013FC10000-0x0000000140006000-memory.dmp	upx
behavioral1/memory/2776-6328-0x000000013F590000-0x000000013F986000-memory.dmp	upx
behavioral1/memory/2560-6291-0x000000013FE30000-0x0000000140226000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\RyFYjNs.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\VJPXAyz.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\GIjMics.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\OqWqvpw.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\GLbDRXD.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\cgCtCPk.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\tAeftqr.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\vuPCWTf.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\RgXpnyc.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\iJEOGtm.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\ndvsccT.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\GYiDGPg.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\FgIWNnf.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\fktyayD.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\OsVPZci.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\GZtVDcQ.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\lflYJHD.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\DlpfShf.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\AFohLpu.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\PHFXIPQ.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\NCWrUbO.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\bDNVdHF.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\dgMLiCL.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\OgSySJj.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\WXWCuFq.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\cQORkrI.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\TzMxsiJ.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\GvoCsWV.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\sfFQwTc.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\EbOEJIZ.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\cleUmVY.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\gESwcNL.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\UuGJyUV.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\yJmWAIM.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\HFqUFSK.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\ZckLLLr.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\RpOYvCQ.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\lltCdlW.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\WzjTRwc.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\wlycQBT.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\YMIKhnB.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\ksRsWid.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\YlzMwQa.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\ObJpmZW.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\hYFSrqN.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\VXduQSb.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\kqmGBhQ.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\KJKWGLr.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\DtJfXsC.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\OdrLALn.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\lDkvrzu.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\LLlXFMF.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\eEOMmmM.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\eIHXWMh.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\rWXYEuz.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\nVumWkk.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\jagEZga.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\qyWhjya.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\KdLdETB.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\UqxyGGi.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\ivFQrDZ.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\BkJcMTI.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\AgYwhLi.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
File created	C:\Windows\System\BrcZQbs.exe	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1280	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
Token: SeDebugPrivilege	1280	powershell.exe
Token: SeLockMemoryPrivilege	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 1280	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	29
PID 3024 wrote to memory of 1280	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	29
PID 3024 wrote to memory of 1280	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	29
PID 3024 wrote to memory of 2308	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	30
PID 3024 wrote to memory of 2308	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	30
PID 3024 wrote to memory of 2308	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	30
PID 3024 wrote to memory of 3068	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	31
PID 3024 wrote to memory of 3068	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	31
PID 3024 wrote to memory of 3068	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	31
PID 3024 wrote to memory of 2004	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	32
PID 3024 wrote to memory of 2004	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	32
PID 3024 wrote to memory of 2004	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	32
PID 3024 wrote to memory of 2548	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	33
PID 3024 wrote to memory of 2548	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	33
PID 3024 wrote to memory of 2548	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	33
PID 3024 wrote to memory of 2588	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	34
PID 3024 wrote to memory of 2588	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	34
PID 3024 wrote to memory of 2588	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	34
PID 3024 wrote to memory of 2664	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	35
PID 3024 wrote to memory of 2664	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	35
PID 3024 wrote to memory of 2664	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	35
PID 3024 wrote to memory of 2584	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	36
PID 3024 wrote to memory of 2584	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	36
PID 3024 wrote to memory of 2584	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	36
PID 3024 wrote to memory of 2776	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	37
PID 3024 wrote to memory of 2776	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	37
PID 3024 wrote to memory of 2776	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	37
PID 3024 wrote to memory of 2576	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	38
PID 3024 wrote to memory of 2576	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	38
PID 3024 wrote to memory of 2576	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	38
PID 3024 wrote to memory of 2672	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	39
PID 3024 wrote to memory of 2672	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	39
PID 3024 wrote to memory of 2672	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	39
PID 3024 wrote to memory of 2452	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	40
PID 3024 wrote to memory of 2452	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	40
PID 3024 wrote to memory of 2452	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	40
PID 3024 wrote to memory of 2560	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	41
PID 3024 wrote to memory of 2560	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	41
PID 3024 wrote to memory of 2560	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	41
PID 3024 wrote to memory of 3036	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	42
PID 3024 wrote to memory of 3036	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	42
PID 3024 wrote to memory of 3036	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	42
PID 3024 wrote to memory of 1048	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	43
PID 3024 wrote to memory of 1048	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	43
PID 3024 wrote to memory of 1048	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	43
PID 3024 wrote to memory of 1508	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	44
PID 3024 wrote to memory of 1508	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	44
PID 3024 wrote to memory of 1508	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	44
PID 3024 wrote to memory of 2928	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	45
PID 3024 wrote to memory of 2928	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	45
PID 3024 wrote to memory of 2928	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	45
PID 3024 wrote to memory of 2980	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	46
PID 3024 wrote to memory of 2980	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	46
PID 3024 wrote to memory of 2980	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	46
PID 3024 wrote to memory of 2976	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	47
PID 3024 wrote to memory of 2976	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	47
PID 3024 wrote to memory of 2976	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	47
PID 3024 wrote to memory of 1928	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	48
PID 3024 wrote to memory of 1928	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	48
PID 3024 wrote to memory of 1928	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	48
PID 3024 wrote to memory of 1908	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	49
PID 3024 wrote to memory of 1908	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	49
PID 3024 wrote to memory of 1908	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	49
PID 3024 wrote to memory of 2424	3024	7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe	50

C:\Users\Admin\AppData\Local\Temp\7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe
"C:\Users\Admin\AppData\Local\Temp\7caee50fed6d4f9890385e62b46fda46d6ecd312c4759af4f3c0919370cdc265.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1280
- C:\Windows\System\ULCKvuI.exe
  C:\Windows\System\ULCKvuI.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\VNmmgTL.exe
  C:\Windows\System\VNmmgTL.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\sifwYzP.exe
  C:\Windows\System\sifwYzP.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\sILxeog.exe
  C:\Windows\System\sILxeog.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\zDOAnUc.exe
  C:\Windows\System\zDOAnUc.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\nIHJBNy.exe
  C:\Windows\System\nIHJBNy.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\QORrKox.exe
  C:\Windows\System\QORrKox.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\YJCxWgM.exe
  C:\Windows\System\YJCxWgM.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\tomcxDR.exe
  C:\Windows\System\tomcxDR.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\zSwBstk.exe
  C:\Windows\System\zSwBstk.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\zTCbsVe.exe
  C:\Windows\System\zTCbsVe.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\GMXfkCb.exe
  C:\Windows\System\GMXfkCb.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\IgixSgL.exe
  C:\Windows\System\IgixSgL.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\kGUusvH.exe
  C:\Windows\System\kGUusvH.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\LlzXTHE.exe
  C:\Windows\System\LlzXTHE.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\eOBJFBy.exe
  C:\Windows\System\eOBJFBy.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\awXhTgr.exe
  C:\Windows\System\awXhTgr.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\lwSkLdP.exe
  C:\Windows\System\lwSkLdP.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\cgXIRiE.exe
  C:\Windows\System\cgXIRiE.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\VknENSE.exe
  C:\Windows\System\VknENSE.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\dTDxQev.exe
  C:\Windows\System\dTDxQev.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\KjOKcmi.exe
  C:\Windows\System\KjOKcmi.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\TYJAMhP.exe
  C:\Windows\System\TYJAMhP.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\KEYKurD.exe
  C:\Windows\System\KEYKurD.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\uOEypPD.exe
  C:\Windows\System\uOEypPD.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\miSKzjl.exe
  C:\Windows\System\miSKzjl.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\XIeycAo.exe
  C:\Windows\System\XIeycAo.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\NGWicwA.exe
  C:\Windows\System\NGWicwA.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\zaYUnUx.exe
  C:\Windows\System\zaYUnUx.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\MqvcoOi.exe
  C:\Windows\System\MqvcoOi.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\OerOVzs.exe
  C:\Windows\System\OerOVzs.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\ANXRozz.exe
  C:\Windows\System\ANXRozz.exe
  2⤵
  - Executes dropped EXE
  PID:336
- C:\Windows\System\gznGBoX.exe
  C:\Windows\System\gznGBoX.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\WBjIsSc.exe
  C:\Windows\System\WBjIsSc.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\hCHKaHW.exe
  C:\Windows\System\hCHKaHW.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\JToFpal.exe
  C:\Windows\System\JToFpal.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\bHwSnaI.exe
  C:\Windows\System\bHwSnaI.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\ZPElTcH.exe
  C:\Windows\System\ZPElTcH.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\xaWCsQB.exe
  C:\Windows\System\xaWCsQB.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\fcNeABv.exe
  C:\Windows\System\fcNeABv.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\LFVHKLT.exe
  C:\Windows\System\LFVHKLT.exe
  2⤵
  - Executes dropped EXE
  PID:588
- C:\Windows\System\zvILomC.exe
  C:\Windows\System\zvILomC.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\bGklSop.exe
  C:\Windows\System\bGklSop.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\qeMtDDW.exe
  C:\Windows\System\qeMtDDW.exe
  2⤵
  - Executes dropped EXE
  PID:292
- C:\Windows\System\pEYMCph.exe
  C:\Windows\System\pEYMCph.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\kzddAOP.exe
  C:\Windows\System\kzddAOP.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\sLdqEPE.exe
  C:\Windows\System\sLdqEPE.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\hKXupmm.exe
  C:\Windows\System\hKXupmm.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\vUrOeVq.exe
  C:\Windows\System\vUrOeVq.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\aauDOtU.exe
  C:\Windows\System\aauDOtU.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\XjDVLUU.exe
  C:\Windows\System\XjDVLUU.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\cpTmqgS.exe
  C:\Windows\System\cpTmqgS.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\toYngnE.exe
  C:\Windows\System\toYngnE.exe
  2⤵
  - Executes dropped EXE
  PID:300
- C:\Windows\System\xuFznAD.exe
  C:\Windows\System\xuFznAD.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\lzmOvab.exe
  C:\Windows\System\lzmOvab.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\lmHUIhP.exe
  C:\Windows\System\lmHUIhP.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\kAwWRWz.exe
  C:\Windows\System\kAwWRWz.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\AzUCVJG.exe
  C:\Windows\System\AzUCVJG.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\HrWDAAq.exe
  C:\Windows\System\HrWDAAq.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\khdVNox.exe
  C:\Windows\System\khdVNox.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\pZyMmHc.exe
  C:\Windows\System\pZyMmHc.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\FuHmcup.exe
  C:\Windows\System\FuHmcup.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\EleGTVc.exe
  C:\Windows\System\EleGTVc.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\fdIpTTP.exe
  C:\Windows\System\fdIpTTP.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\zCbySZv.exe
  C:\Windows\System\zCbySZv.exe
  2⤵
  PID:2464
- C:\Windows\System\tbQOsVP.exe
  C:\Windows\System\tbQOsVP.exe
  2⤵
  PID:2448
- C:\Windows\System\llvdvTr.exe
  C:\Windows\System\llvdvTr.exe
  2⤵
  PID:2948
- C:\Windows\System\BgPgnmv.exe
  C:\Windows\System\BgPgnmv.exe
  2⤵
  PID:2912
- C:\Windows\System\fpVIvit.exe
  C:\Windows\System\fpVIvit.exe
  2⤵
  PID:2800
- C:\Windows\System\NbxIoCE.exe
  C:\Windows\System\NbxIoCE.exe
  2⤵
  PID:2112
- C:\Windows\System\YLscKSL.exe
  C:\Windows\System\YLscKSL.exe
  2⤵
  PID:1776
- C:\Windows\System\WwXghzm.exe
  C:\Windows\System\WwXghzm.exe
  2⤵
  PID:1008
- C:\Windows\System\ixEdyDy.exe
  C:\Windows\System\ixEdyDy.exe
  2⤵
  PID:3040
- C:\Windows\System\BMMCkeb.exe
  C:\Windows\System\BMMCkeb.exe
  2⤵
  PID:2020
- C:\Windows\System\xHMDQJR.exe
  C:\Windows\System\xHMDQJR.exe
  2⤵
  PID:740
- C:\Windows\System\QcbVSxk.exe
  C:\Windows\System\QcbVSxk.exe
  2⤵
  PID:2396
- C:\Windows\System\cKfKBNC.exe
  C:\Windows\System\cKfKBNC.exe
  2⤵
  PID:2368
- C:\Windows\System\zjuBHET.exe
  C:\Windows\System\zjuBHET.exe
  2⤵
  PID:1532
- C:\Windows\System\TGimSjH.exe
  C:\Windows\System\TGimSjH.exe
  2⤵
  PID:1288
- C:\Windows\System\PJyoKKh.exe
  C:\Windows\System\PJyoKKh.exe
  2⤵
  PID:1304
- C:\Windows\System\ldGFGSv.exe
  C:\Windows\System\ldGFGSv.exe
  2⤵
  PID:2644
- C:\Windows\System\XttEYvS.exe
  C:\Windows\System\XttEYvS.exe
  2⤵
  PID:2552
- C:\Windows\System\Cgqwzwt.exe
  C:\Windows\System\Cgqwzwt.exe
  2⤵
  PID:2432
- C:\Windows\System\IJnKvBK.exe
  C:\Windows\System\IJnKvBK.exe
  2⤵
  PID:2964
- C:\Windows\System\LAGpccf.exe
  C:\Windows\System\LAGpccf.exe
  2⤵
  PID:1712
- C:\Windows\System\VhjNVfJ.exe
  C:\Windows\System\VhjNVfJ.exe
  2⤵
  PID:2868
- C:\Windows\System\LJApszM.exe
  C:\Windows\System\LJApszM.exe
  2⤵
  PID:2316
- C:\Windows\System\LTSqyWF.exe
  C:\Windows\System\LTSqyWF.exe
  2⤵
  PID:1868
- C:\Windows\System\MLFwGLS.exe
  C:\Windows\System\MLFwGLS.exe
  2⤵
  PID:2268
- C:\Windows\System\XaRZilp.exe
  C:\Windows\System\XaRZilp.exe
  2⤵
  PID:2852
- C:\Windows\System\xluMttc.exe
  C:\Windows\System\xluMttc.exe
  2⤵
  PID:2508
- C:\Windows\System\QquJNAH.exe
  C:\Windows\System\QquJNAH.exe
  2⤵
  PID:1648
- C:\Windows\System\aYJnHyL.exe
  C:\Windows\System\aYJnHyL.exe
  2⤵
  PID:2972
- C:\Windows\System\oeowOcv.exe
  C:\Windows\System\oeowOcv.exe
  2⤵
  PID:1448
- C:\Windows\System\FeYRrbQ.exe
  C:\Windows\System\FeYRrbQ.exe
  2⤵
  PID:764
- C:\Windows\System\iXUUlIV.exe
  C:\Windows\System\iXUUlIV.exe
  2⤵
  PID:612
- C:\Windows\System\VyjOxUm.exe
  C:\Windows\System\VyjOxUm.exe
  2⤵
  PID:1088
- C:\Windows\System\GUxoAbN.exe
  C:\Windows\System\GUxoAbN.exe
  2⤵
  PID:2084
- C:\Windows\System\OmfouCz.exe
  C:\Windows\System\OmfouCz.exe
  2⤵
  PID:1440
- C:\Windows\System\oHbjisI.exe
  C:\Windows\System\oHbjisI.exe
  2⤵
  PID:1664
- C:\Windows\System\IYNAChQ.exe
  C:\Windows\System\IYNAChQ.exe
  2⤵
  PID:2288
- C:\Windows\System\lKhWmrd.exe
  C:\Windows\System\lKhWmrd.exe
  2⤵
  PID:356
- C:\Windows\System\FlHrCdt.exe
  C:\Windows\System\FlHrCdt.exe
  2⤵
  PID:2916
- C:\Windows\System\hByUdmO.exe
  C:\Windows\System\hByUdmO.exe
  2⤵
  PID:1624
- C:\Windows\System\cFwhdea.exe
  C:\Windows\System\cFwhdea.exe
  2⤵
  PID:2440
- C:\Windows\System\hFCemfk.exe
  C:\Windows\System\hFCemfk.exe
  2⤵
  PID:2760
- C:\Windows\System\TekccJn.exe
  C:\Windows\System\TekccJn.exe
  2⤵
  PID:2724
- C:\Windows\System\ksRsWid.exe
  C:\Windows\System\ksRsWid.exe
  2⤵
  PID:488
- C:\Windows\System\dYFhFdi.exe
  C:\Windows\System\dYFhFdi.exe
  2⤵
  PID:1984
- C:\Windows\System\TqZpYTo.exe
  C:\Windows\System\TqZpYTo.exe
  2⤵
  PID:1620
- C:\Windows\System\qguPLoE.exe
  C:\Windows\System\qguPLoE.exe
  2⤵
  PID:2656
- C:\Windows\System\rdCnpno.exe
  C:\Windows\System\rdCnpno.exe
  2⤵
  PID:2680
- C:\Windows\System\cONiJxS.exe
  C:\Windows\System\cONiJxS.exe
  2⤵
  PID:3044
- C:\Windows\System\EZBMUih.exe
  C:\Windows\System\EZBMUih.exe
  2⤵
  PID:1932
- C:\Windows\System\dVPempz.exe
  C:\Windows\System\dVPempz.exe
  2⤵
  PID:2000
- C:\Windows\System\duyTQEx.exe
  C:\Windows\System\duyTQEx.exe
  2⤵
  PID:1708
- C:\Windows\System\tfZZXtS.exe
  C:\Windows\System\tfZZXtS.exe
  2⤵
  PID:1720
- C:\Windows\System\KIlFMvm.exe
  C:\Windows\System\KIlFMvm.exe
  2⤵
  PID:2616
- C:\Windows\System\qyONYou.exe
  C:\Windows\System\qyONYou.exe
  2⤵
  PID:2204
- C:\Windows\System\iSdnxuS.exe
  C:\Windows\System\iSdnxuS.exe
  2⤵
  PID:2532
- C:\Windows\System\PYqlzaA.exe
  C:\Windows\System\PYqlzaA.exe
  2⤵
  PID:2512
- C:\Windows\System\jGQrivm.exe
  C:\Windows\System\jGQrivm.exe
  2⤵
  PID:2416
- C:\Windows\System\qUUHoil.exe
  C:\Windows\System\qUUHoil.exe
  2⤵
  PID:1592
- C:\Windows\System\UnxVAIy.exe
  C:\Windows\System\UnxVAIy.exe
  2⤵
  PID:1616
- C:\Windows\System\TJbXLXg.exe
  C:\Windows\System\TJbXLXg.exe
  2⤵
  PID:1032
- C:\Windows\System\ScSQsIY.exe
  C:\Windows\System\ScSQsIY.exe
  2⤵
  PID:1668
- C:\Windows\System\qxewlvo.exe
  C:\Windows\System\qxewlvo.exe
  2⤵
  PID:900
- C:\Windows\System\XujaHnk.exe
  C:\Windows\System\XujaHnk.exe
  2⤵
  PID:752
- C:\Windows\System\DJdMhPu.exe
  C:\Windows\System\DJdMhPu.exe
  2⤵
  PID:1588
- C:\Windows\System\gvaqdci.exe
  C:\Windows\System\gvaqdci.exe
  2⤵
  PID:1676
- C:\Windows\System\ZuETwYp.exe
  C:\Windows\System\ZuETwYp.exe
  2⤵
  PID:1504
- C:\Windows\System\CMENjyC.exe
  C:\Windows\System\CMENjyC.exe
  2⤵
  PID:2380
- C:\Windows\System\bFtUUdF.exe
  C:\Windows\System\bFtUUdF.exe
  2⤵
  PID:1652
- C:\Windows\System\lHKkRDi.exe
  C:\Windows\System\lHKkRDi.exe
  2⤵
  PID:2720
- C:\Windows\System\sAqtuiu.exe
  C:\Windows\System\sAqtuiu.exe
  2⤵
  PID:2636
- C:\Windows\System\bOYuurj.exe
  C:\Windows\System\bOYuurj.exe
  2⤵
  PID:1912
- C:\Windows\System\zvYYKdk.exe
  C:\Windows\System\zvYYKdk.exe
  2⤵
  PID:3032
- C:\Windows\System\ZGUXhIN.exe
  C:\Windows\System\ZGUXhIN.exe
  2⤵
  PID:1612
- C:\Windows\System\GXSrALC.exe
  C:\Windows\System\GXSrALC.exe
  2⤵
  PID:1160
- C:\Windows\System\PFZYLcZ.exe
  C:\Windows\System\PFZYLcZ.exe
  2⤵
  PID:2596
- C:\Windows\System\fADIBsk.exe
  C:\Windows\System\fADIBsk.exe
  2⤵
  PID:1596
- C:\Windows\System\zkqBlwm.exe
  C:\Windows\System\zkqBlwm.exe
  2⤵
  PID:1808
- C:\Windows\System\PbOiMmG.exe
  C:\Windows\System\PbOiMmG.exe
  2⤵
  PID:2492
- C:\Windows\System\XUqvFor.exe
  C:\Windows\System\XUqvFor.exe
  2⤵
  PID:1904
- C:\Windows\System\lQokrIf.exe
  C:\Windows\System\lQokrIf.exe
  2⤵
  PID:2544
- C:\Windows\System\xhAVKLo.exe
  C:\Windows\System\xhAVKLo.exe
  2⤵
  PID:304
- C:\Windows\System\nXBZzLN.exe
  C:\Windows\System\nXBZzLN.exe
  2⤵
  PID:3088
- C:\Windows\System\HLJZELN.exe
  C:\Windows\System\HLJZELN.exe
  2⤵
  PID:3108
- C:\Windows\System\RzuRCex.exe
  C:\Windows\System\RzuRCex.exe
  2⤵
  PID:3128
- C:\Windows\System\QEiayfA.exe
  C:\Windows\System\QEiayfA.exe
  2⤵
  PID:3144
- C:\Windows\System\NixQzwZ.exe
  C:\Windows\System\NixQzwZ.exe
  2⤵
  PID:3160
- C:\Windows\System\bFQdYaV.exe
  C:\Windows\System\bFQdYaV.exe
  2⤵
  PID:3176
- C:\Windows\System\jNksJWh.exe
  C:\Windows\System\jNksJWh.exe
  2⤵
  PID:3192
- C:\Windows\System\vXnsNwj.exe
  C:\Windows\System\vXnsNwj.exe
  2⤵
  PID:3208
- C:\Windows\System\yyCWIba.exe
  C:\Windows\System\yyCWIba.exe
  2⤵
  PID:3224
- C:\Windows\System\wTjCqbi.exe
  C:\Windows\System\wTjCqbi.exe
  2⤵
  PID:3240
- C:\Windows\System\wiztUFI.exe
  C:\Windows\System\wiztUFI.exe
  2⤵
  PID:3260
- C:\Windows\System\WosGYRY.exe
  C:\Windows\System\WosGYRY.exe
  2⤵
  PID:3288
- C:\Windows\System\eGLicqM.exe
  C:\Windows\System\eGLicqM.exe
  2⤵
  PID:3304
- C:\Windows\System\IAljoVd.exe
  C:\Windows\System\IAljoVd.exe
  2⤵
  PID:3332
- C:\Windows\System\QmVSDHp.exe
  C:\Windows\System\QmVSDHp.exe
  2⤵
  PID:3348
- C:\Windows\System\QejnlUh.exe
  C:\Windows\System\QejnlUh.exe
  2⤵
  PID:3372
- C:\Windows\System\yRABzBu.exe
  C:\Windows\System\yRABzBu.exe
  2⤵
  PID:3424
- C:\Windows\System\wsPraac.exe
  C:\Windows\System\wsPraac.exe
  2⤵
  PID:3440
- C:\Windows\System\loLWyUT.exe
  C:\Windows\System\loLWyUT.exe
  2⤵
  PID:3464
- C:\Windows\System\TCICbhz.exe
  C:\Windows\System\TCICbhz.exe
  2⤵
  PID:3488
- C:\Windows\System\SsOOmpq.exe
  C:\Windows\System\SsOOmpq.exe
  2⤵
  PID:3520
- C:\Windows\System\xoUaasQ.exe
  C:\Windows\System\xoUaasQ.exe
  2⤵
  PID:3540
- C:\Windows\System\XQFACIe.exe
  C:\Windows\System\XQFACIe.exe
  2⤵
  PID:3560
- C:\Windows\System\HCEBeZB.exe
  C:\Windows\System\HCEBeZB.exe
  2⤵
  PID:3576
- C:\Windows\System\ZxAJDij.exe
  C:\Windows\System\ZxAJDij.exe
  2⤵
  PID:3596
- C:\Windows\System\wjYcFDM.exe
  C:\Windows\System\wjYcFDM.exe
  2⤵
  PID:3616
- C:\Windows\System\YWpDiis.exe
  C:\Windows\System\YWpDiis.exe
  2⤵
  PID:3632
- C:\Windows\System\EhOuMyV.exe
  C:\Windows\System\EhOuMyV.exe
  2⤵
  PID:3648
- C:\Windows\System\tCmrZZf.exe
  C:\Windows\System\tCmrZZf.exe
  2⤵
  PID:3668
- C:\Windows\System\hyEkCex.exe
  C:\Windows\System\hyEkCex.exe
  2⤵
  PID:3688
- C:\Windows\System\rBWTygS.exe
  C:\Windows\System\rBWTygS.exe
  2⤵
  PID:3708
- C:\Windows\System\CXMArwo.exe
  C:\Windows\System\CXMArwo.exe
  2⤵
  PID:3724
- C:\Windows\System\tZSyGOs.exe
  C:\Windows\System\tZSyGOs.exe
  2⤵
  PID:3744
- C:\Windows\System\vYnxpfv.exe
  C:\Windows\System\vYnxpfv.exe
  2⤵
  PID:3760
- C:\Windows\System\bSDGTgH.exe
  C:\Windows\System\bSDGTgH.exe
  2⤵
  PID:3780
- C:\Windows\System\UHjtosB.exe
  C:\Windows\System\UHjtosB.exe
  2⤵
  PID:3796
- C:\Windows\System\UZcRdYV.exe
  C:\Windows\System\UZcRdYV.exe
  2⤵
  PID:3812
- C:\Windows\System\dNPScVH.exe
  C:\Windows\System\dNPScVH.exe
  2⤵
  PID:3828
- C:\Windows\System\OIXeFUa.exe
  C:\Windows\System\OIXeFUa.exe
  2⤵
  PID:3848
- C:\Windows\System\oLtgoLX.exe
  C:\Windows\System\oLtgoLX.exe
  2⤵
  PID:3868
- C:\Windows\System\cPWSdxi.exe
  C:\Windows\System\cPWSdxi.exe
  2⤵
  PID:3888
- C:\Windows\System\BKcHPqf.exe
  C:\Windows\System\BKcHPqf.exe
  2⤵
  PID:3908
- C:\Windows\System\lPtFscS.exe
  C:\Windows\System\lPtFscS.exe
  2⤵
  PID:3924
- C:\Windows\System\IsjyMEo.exe
  C:\Windows\System\IsjyMEo.exe
  2⤵
  PID:3944
- C:\Windows\System\NWRkBrA.exe
  C:\Windows\System\NWRkBrA.exe
  2⤵
  PID:3964
- C:\Windows\System\uDibkpf.exe
  C:\Windows\System\uDibkpf.exe
  2⤵
  PID:3984
- C:\Windows\System\AlSALzt.exe
  C:\Windows\System\AlSALzt.exe
  2⤵
  PID:4004
- C:\Windows\System\mLcBDwO.exe
  C:\Windows\System\mLcBDwO.exe
  2⤵
  PID:4020
- C:\Windows\System\VGgoyxV.exe
  C:\Windows\System\VGgoyxV.exe
  2⤵
  PID:4040
- C:\Windows\System\pCoATse.exe
  C:\Windows\System\pCoATse.exe
  2⤵
  PID:4056
- C:\Windows\System\dosLzJC.exe
  C:\Windows\System\dosLzJC.exe
  2⤵
  PID:4076
- C:\Windows\System\JUkbqGE.exe
  C:\Windows\System\JUkbqGE.exe
  2⤵
  PID:1740
- C:\Windows\System\CByNIiK.exe
  C:\Windows\System\CByNIiK.exe
  2⤵
  PID:1972
- C:\Windows\System\XLRcUHV.exe
  C:\Windows\System\XLRcUHV.exe
  2⤵
  PID:1548
- C:\Windows\System\epCNluF.exe
  C:\Windows\System\epCNluF.exe
  2⤵
  PID:2064
- C:\Windows\System\URRnQHF.exe
  C:\Windows\System\URRnQHF.exe
  2⤵
  PID:2752
- C:\Windows\System\WxFzyMZ.exe
  C:\Windows\System\WxFzyMZ.exe
  2⤵
  PID:2392
- C:\Windows\System\fyheHEO.exe
  C:\Windows\System\fyheHEO.exe
  2⤵
  PID:3000
- C:\Windows\System\tsHVvvX.exe
  C:\Windows\System\tsHVvvX.exe
  2⤵
  PID:2592
- C:\Windows\System\xdRfObC.exe
  C:\Windows\System\xdRfObC.exe
  2⤵
  PID:696
- C:\Windows\System\slJZGky.exe
  C:\Windows\System\slJZGky.exe
  2⤵
  PID:1568
- C:\Windows\System\JtbSMzy.exe
  C:\Windows\System\JtbSMzy.exe
  2⤵
  PID:3116
- C:\Windows\System\WfLrQwf.exe
  C:\Windows\System\WfLrQwf.exe
  2⤵
  PID:1252
- C:\Windows\System\yAHZRaE.exe
  C:\Windows\System\yAHZRaE.exe
  2⤵
  PID:3256
- C:\Windows\System\Dplsgbn.exe
  C:\Windows\System\Dplsgbn.exe
  2⤵
  PID:3344
- C:\Windows\System\AeZaBPX.exe
  C:\Windows\System\AeZaBPX.exe
  2⤵
  PID:3396
- C:\Windows\System\JIlcUVl.exe
  C:\Windows\System\JIlcUVl.exe
  2⤵
  PID:3416
- C:\Windows\System\ZLnRluI.exe
  C:\Windows\System\ZLnRluI.exe
  2⤵
  PID:3500
- C:\Windows\System\cEhthkq.exe
  C:\Windows\System\cEhthkq.exe
  2⤵
  PID:3548
- C:\Windows\System\iZiErqP.exe
  C:\Windows\System\iZiErqP.exe
  2⤵
  PID:3624
- C:\Windows\System\XPaCkst.exe
  C:\Windows\System\XPaCkst.exe
  2⤵
  PID:3496
- C:\Windows\System\GsBWikg.exe
  C:\Windows\System\GsBWikg.exe
  2⤵
  PID:3556
- C:\Windows\System\OcTsQCm.exe
  C:\Windows\System\OcTsQCm.exe
  2⤵
  PID:3804
- C:\Windows\System\OEnBiUh.exe
  C:\Windows\System\OEnBiUh.exe
  2⤵
  PID:3876
- C:\Windows\System\RpQTXgb.exe
  C:\Windows\System\RpQTXgb.exe
  2⤵
  PID:3916
- C:\Windows\System\gKWxYsq.exe
  C:\Windows\System\gKWxYsq.exe
  2⤵
  PID:3960
- C:\Windows\System\APoBRfI.exe
  C:\Windows\System\APoBRfI.exe
  2⤵
  PID:3992
- C:\Windows\System\hjKZwDH.exe
  C:\Windows\System\hjKZwDH.exe
  2⤵
  PID:4028
- C:\Windows\System\zaFVhxI.exe
  C:\Windows\System\zaFVhxI.exe
  2⤵
  PID:4068
- C:\Windows\System\qWJOYyy.exe
  C:\Windows\System\qWJOYyy.exe
  2⤵
  PID:1656
- C:\Windows\System\RiEKVgr.exe
  C:\Windows\System\RiEKVgr.exe
  2⤵
  PID:3096
- C:\Windows\System\pySMquH.exe
  C:\Windows\System\pySMquH.exe
  2⤵
  PID:3172
- C:\Windows\System\FiNDDAj.exe
  C:\Windows\System\FiNDDAj.exe
  2⤵
  PID:2528
- C:\Windows\System\avSjTdF.exe
  C:\Windows\System\avSjTdF.exe
  2⤵
  PID:1608
- C:\Windows\System\oYiKCQw.exe
  C:\Windows\System\oYiKCQw.exe
  2⤵
  PID:3156
- C:\Windows\System\BDlIYTv.exe
  C:\Windows\System\BDlIYTv.exe
  2⤵
  PID:3404
- C:\Windows\System\ytEuDMB.exe
  C:\Windows\System\ytEuDMB.exe
  2⤵
  PID:3664
- C:\Windows\System\EVTDnsg.exe
  C:\Windows\System\EVTDnsg.exe
  2⤵
  PID:3592
- C:\Windows\System\nXgTPkt.exe
  C:\Windows\System\nXgTPkt.exe
  2⤵
  PID:4036
- C:\Windows\System\wSOifnn.exe
  C:\Windows\System\wSOifnn.exe
  2⤵
  PID:3100
- C:\Windows\System\hIqLQzJ.exe
  C:\Windows\System\hIqLQzJ.exe
  2⤵
  PID:3152
- C:\Windows\System\eRmFGUr.exe
  C:\Windows\System\eRmFGUr.exe
  2⤵
  PID:3268
- C:\Windows\System\RgoMDoa.exe
  C:\Windows\System\RgoMDoa.exe
  2⤵
  PID:3284
- C:\Windows\System\laDdYAr.exe
  C:\Windows\System\laDdYAr.exe
  2⤵
  PID:3328
- C:\Windows\System\zUMVqdy.exe
  C:\Windows\System\zUMVqdy.exe
  2⤵
  PID:3684
- C:\Windows\System\KLHkGux.exe
  C:\Windows\System\KLHkGux.exe
  2⤵
  PID:3776
- C:\Windows\System\RcONAkq.exe
  C:\Windows\System\RcONAkq.exe
  2⤵
  PID:3124
- C:\Windows\System\nPetVZN.exe
  C:\Windows\System\nPetVZN.exe
  2⤵
  PID:4112
- C:\Windows\System\NrxfgPb.exe
  C:\Windows\System\NrxfgPb.exe
  2⤵
  PID:4136
- C:\Windows\System\TvTuzQs.exe
  C:\Windows\System\TvTuzQs.exe
  2⤵
  PID:4152
- C:\Windows\System\QBwKtvs.exe
  C:\Windows\System\QBwKtvs.exe
  2⤵
  PID:4172
- C:\Windows\System\QfqFvXK.exe
  C:\Windows\System\QfqFvXK.exe
  2⤵
  PID:4188
- C:\Windows\System\jMBhZBT.exe
  C:\Windows\System\jMBhZBT.exe
  2⤵
  PID:4204
- C:\Windows\System\FydYXjm.exe
  C:\Windows\System\FydYXjm.exe
  2⤵
  PID:4220
- C:\Windows\System\udBeIkx.exe
  C:\Windows\System\udBeIkx.exe
  2⤵
  PID:4236
- C:\Windows\System\HKAiUqI.exe
  C:\Windows\System\HKAiUqI.exe
  2⤵
  PID:4252
- C:\Windows\System\REerbZm.exe
  C:\Windows\System\REerbZm.exe
  2⤵
  PID:4268
- C:\Windows\System\bUufOOr.exe
  C:\Windows\System\bUufOOr.exe
  2⤵
  PID:4284
- C:\Windows\System\CPtNZmV.exe
  C:\Windows\System\CPtNZmV.exe
  2⤵
  PID:4300
- C:\Windows\System\YaFTrvJ.exe
  C:\Windows\System\YaFTrvJ.exe
  2⤵
  PID:4316
- C:\Windows\System\SBuhgec.exe
  C:\Windows\System\SBuhgec.exe
  2⤵
  PID:4332
- C:\Windows\System\jIGAWMo.exe
  C:\Windows\System\jIGAWMo.exe
  2⤵
  PID:4352
- C:\Windows\System\vBBQNbM.exe
  C:\Windows\System\vBBQNbM.exe
  2⤵
  PID:4368
- C:\Windows\System\FQGUmOF.exe
  C:\Windows\System\FQGUmOF.exe
  2⤵
  PID:4384
- C:\Windows\System\DGoqqRq.exe
  C:\Windows\System\DGoqqRq.exe
  2⤵
  PID:4400
- C:\Windows\System\nNRzuor.exe
  C:\Windows\System\nNRzuor.exe
  2⤵
  PID:4416
- C:\Windows\System\BAYKWzB.exe
  C:\Windows\System\BAYKWzB.exe
  2⤵
  PID:4432
- C:\Windows\System\PnyqXQi.exe
  C:\Windows\System\PnyqXQi.exe
  2⤵
  PID:4448
- C:\Windows\System\OEWffqL.exe
  C:\Windows\System\OEWffqL.exe
  2⤵
  PID:4464
- C:\Windows\System\GoFfzKn.exe
  C:\Windows\System\GoFfzKn.exe
  2⤵
  PID:4480
- C:\Windows\System\JevewLT.exe
  C:\Windows\System\JevewLT.exe
  2⤵
  PID:4496
- C:\Windows\System\osTcHUg.exe
  C:\Windows\System\osTcHUg.exe
  2⤵
  PID:4512
- C:\Windows\System\TaoSFul.exe
  C:\Windows\System\TaoSFul.exe
  2⤵
  PID:4528
- C:\Windows\System\zQxzyst.exe
  C:\Windows\System\zQxzyst.exe
  2⤵
  PID:4544
- C:\Windows\System\TESpTMh.exe
  C:\Windows\System\TESpTMh.exe
  2⤵
  PID:4560
- C:\Windows\System\XURAVWU.exe
  C:\Windows\System\XURAVWU.exe
  2⤵
  PID:4576
- C:\Windows\System\paVxovb.exe
  C:\Windows\System\paVxovb.exe
  2⤵
  PID:4592
- C:\Windows\System\umOpKTO.exe
  C:\Windows\System\umOpKTO.exe
  2⤵
  PID:4608
- C:\Windows\System\DBNkyrj.exe
  C:\Windows\System\DBNkyrj.exe
  2⤵
  PID:4624
- C:\Windows\System\DRfJUGO.exe
  C:\Windows\System\DRfJUGO.exe
  2⤵
  PID:4640
- C:\Windows\System\EVJPgwH.exe
  C:\Windows\System\EVJPgwH.exe
  2⤵
  PID:4656
- C:\Windows\System\vjuFUDH.exe
  C:\Windows\System\vjuFUDH.exe
  2⤵
  PID:4672
- C:\Windows\System\AmKYjHb.exe
  C:\Windows\System\AmKYjHb.exe
  2⤵
  PID:4688
- C:\Windows\System\EIBGnvc.exe
  C:\Windows\System\EIBGnvc.exe
  2⤵
  PID:4704
- C:\Windows\System\ACumCAQ.exe
  C:\Windows\System\ACumCAQ.exe
  2⤵
  PID:4720
- C:\Windows\System\QbssUkO.exe
  C:\Windows\System\QbssUkO.exe
  2⤵
  PID:4736
- C:\Windows\System\lCvtFKv.exe
  C:\Windows\System\lCvtFKv.exe
  2⤵
  PID:4752
- C:\Windows\System\EeNFpsE.exe
  C:\Windows\System\EeNFpsE.exe
  2⤵
  PID:4768
- C:\Windows\System\lfitqYF.exe
  C:\Windows\System\lfitqYF.exe
  2⤵
  PID:4784
- C:\Windows\System\owePEGY.exe
  C:\Windows\System\owePEGY.exe
  2⤵
  PID:4800
- C:\Windows\System\HZLZsnt.exe
  C:\Windows\System\HZLZsnt.exe
  2⤵
  PID:4816
- C:\Windows\System\YpDMxJQ.exe
  C:\Windows\System\YpDMxJQ.exe
  2⤵
  PID:4832
- C:\Windows\System\kGjAOCI.exe
  C:\Windows\System\kGjAOCI.exe
  2⤵
  PID:4848
- C:\Windows\System\XRblUxB.exe
  C:\Windows\System\XRblUxB.exe
  2⤵
  PID:4868
- C:\Windows\System\zydGgdL.exe
  C:\Windows\System\zydGgdL.exe
  2⤵
  PID:4884
- C:\Windows\System\MwzQAMv.exe
  C:\Windows\System\MwzQAMv.exe
  2⤵
  PID:4904
- C:\Windows\System\ZzjQhdi.exe
  C:\Windows\System\ZzjQhdi.exe
  2⤵
  PID:4920
- C:\Windows\System\iAdGvYg.exe
  C:\Windows\System\iAdGvYg.exe
  2⤵
  PID:4936
- C:\Windows\System\PspsqBx.exe
  C:\Windows\System\PspsqBx.exe
  2⤵
  PID:4952
- C:\Windows\System\EPelHaV.exe
  C:\Windows\System\EPelHaV.exe
  2⤵
  PID:4968
- C:\Windows\System\mOGsbvx.exe
  C:\Windows\System\mOGsbvx.exe
  2⤵
  PID:4992
- C:\Windows\System\geNdVIF.exe
  C:\Windows\System\geNdVIF.exe
  2⤵
  PID:5012
- C:\Windows\System\EPBctjq.exe
  C:\Windows\System\EPBctjq.exe
  2⤵
  PID:5040
- C:\Windows\System\SilhwiT.exe
  C:\Windows\System\SilhwiT.exe
  2⤵
  PID:5060
- C:\Windows\System\eQmsCBL.exe
  C:\Windows\System\eQmsCBL.exe
  2⤵
  PID:5080
- C:\Windows\System\xKzaAsJ.exe
  C:\Windows\System\xKzaAsJ.exe
  2⤵
  PID:5104
- C:\Windows\System\KHcTbNO.exe
  C:\Windows\System\KHcTbNO.exe
  2⤵
  PID:3472
- C:\Windows\System\dxbZPQg.exe
  C:\Windows\System\dxbZPQg.exe
  2⤵
  PID:3528
- C:\Windows\System\ggRCmxq.exe
  C:\Windows\System\ggRCmxq.exe
  2⤵
  PID:3788
- C:\Windows\System\yRjLLFI.exe
  C:\Windows\System\yRjLLFI.exe
  2⤵
  PID:3856
- C:\Windows\System\cSiVTLT.exe
  C:\Windows\System\cSiVTLT.exe
  2⤵
  PID:3900
- C:\Windows\System\MWgewNg.exe
  C:\Windows\System\MWgewNg.exe
  2⤵
  PID:3940
- C:\Windows\System\SOzICuM.exe
  C:\Windows\System\SOzICuM.exe
  2⤵
  PID:4012
- C:\Windows\System\AIFRpjE.exe
  C:\Windows\System\AIFRpjE.exe
  2⤵
  PID:4084
- C:\Windows\System\saDJspv.exe
  C:\Windows\System\saDJspv.exe
  2⤵
  PID:1688
- C:\Windows\System\yQUvAfE.exe
  C:\Windows\System\yQUvAfE.exe
  2⤵
  PID:2792
- C:\Windows\System\AhOJVFl.exe
  C:\Windows\System\AhOJVFl.exe
  2⤵
  PID:1888
- C:\Windows\System\hlOkLoc.exe
  C:\Windows\System\hlOkLoc.exe
  2⤵
  PID:3252
- C:\Windows\System\eebVbgK.exe
  C:\Windows\System\eebVbgK.exe
  2⤵
  PID:3448
- C:\Windows\System\yubnZua.exe
  C:\Windows\System\yubnZua.exe
  2⤵
  PID:3588
- C:\Windows\System\tAkcYLY.exe
  C:\Windows\System\tAkcYLY.exe
  2⤵
  PID:3656
- C:\Windows\System\XVHJvgn.exe
  C:\Windows\System\XVHJvgn.exe
  2⤵
  PID:3956
- C:\Windows\System\DpzZkXp.exe
  C:\Windows\System\DpzZkXp.exe
  2⤵
  PID:2008
- C:\Windows\System\NbITWWw.exe
  C:\Windows\System\NbITWWw.exe
  2⤵
  PID:3168
- C:\Windows\System\hGPoJcc.exe
  C:\Windows\System\hGPoJcc.exe
  2⤵
  PID:3412
- C:\Windows\System\INMOWZp.exe
  C:\Windows\System\INMOWZp.exe
  2⤵
  PID:3104
- C:\Windows\System\dCdYtOw.exe
  C:\Windows\System\dCdYtOw.exe
  2⤵
  PID:4488
- C:\Windows\System\iqiCQSJ.exe
  C:\Windows\System\iqiCQSJ.exe
  2⤵
  PID:4552
- C:\Windows\System\jiARbuE.exe
  C:\Windows\System\jiARbuE.exe
  2⤵
  PID:4616
- C:\Windows\System\FGbYdkt.exe
  C:\Windows\System\FGbYdkt.exe
  2⤵
  PID:4680
- C:\Windows\System\VqkMSYk.exe
  C:\Windows\System\VqkMSYk.exe
  2⤵
  PID:4744
- C:\Windows\System\VhATHdp.exe
  C:\Windows\System\VhATHdp.exe
  2⤵
  PID:3320
- C:\Windows\System\DbYnxUQ.exe
  C:\Windows\System\DbYnxUQ.exe
  2⤵
  PID:3752
- C:\Windows\System\oxOjEeD.exe
  C:\Windows\System\oxOjEeD.exe
  2⤵
  PID:4132
- C:\Windows\System\wdeZUCC.exe
  C:\Windows\System\wdeZUCC.exe
  2⤵
  PID:4180
- C:\Windows\System\DezxVaN.exe
  C:\Windows\System\DezxVaN.exe
  2⤵
  PID:4276
- C:\Windows\System\XoBKsHZ.exe
  C:\Windows\System\XoBKsHZ.exe
  2⤵
  PID:4312
- C:\Windows\System\PHgNNUp.exe
  C:\Windows\System\PHgNNUp.exe
  2⤵
  PID:4540
- C:\Windows\System\PDlSbXl.exe
  C:\Windows\System\PDlSbXl.exe
  2⤵
  PID:4604
- C:\Windows\System\NWqGvic.exe
  C:\Windows\System\NWqGvic.exe
  2⤵
  PID:4696
- C:\Windows\System\setEzQo.exe
  C:\Windows\System\setEzQo.exe
  2⤵
  PID:4732
- C:\Windows\System\FeNsXAq.exe
  C:\Windows\System\FeNsXAq.exe
  2⤵
  PID:4796
- C:\Windows\System\lAQfxIJ.exe
  C:\Windows\System\lAQfxIJ.exe
  2⤵
  PID:4776
- C:\Windows\System\WkUhHIo.exe
  C:\Windows\System\WkUhHIo.exe
  2⤵
  PID:4840
- C:\Windows\System\LXJStZk.exe
  C:\Windows\System\LXJStZk.exe
  2⤵
  PID:4892
- C:\Windows\System\mcDbyPv.exe
  C:\Windows\System\mcDbyPv.exe
  2⤵
  PID:4896
- C:\Windows\System\BZmwTAB.exe
  C:\Windows\System\BZmwTAB.exe
  2⤵
  PID:4916
- C:\Windows\System\JqjoNBe.exe
  C:\Windows\System\JqjoNBe.exe
  2⤵
  PID:4948
- C:\Windows\System\XKXHoPg.exe
  C:\Windows\System\XKXHoPg.exe
  2⤵
  PID:5008
- C:\Windows\System\OgSySJj.exe
  C:\Windows\System\OgSySJj.exe
  2⤵
  PID:4984
- C:\Windows\System\rOwKneg.exe
  C:\Windows\System\rOwKneg.exe
  2⤵
  PID:5088
- C:\Windows\System\kFFSkXM.exe
  C:\Windows\System\kFFSkXM.exe
  2⤵
  PID:5024
- C:\Windows\System\sQAeHMY.exe
  C:\Windows\System\sQAeHMY.exe
  2⤵
  PID:5068
- C:\Windows\System\FbUhLLq.exe
  C:\Windows\System\FbUhLLq.exe
  2⤵
  PID:3484
- C:\Windows\System\DPtbjei.exe
  C:\Windows\System\DPtbjei.exe
  2⤵
  PID:5116
- C:\Windows\System\jKwFbce.exe
  C:\Windows\System\jKwFbce.exe
  2⤵
  PID:3356
- C:\Windows\System\xYAyJNb.exe
  C:\Windows\System\xYAyJNb.exe
  2⤵
  PID:4120
- C:\Windows\System\DPyTAAf.exe
  C:\Windows\System\DPyTAAf.exe
  2⤵
  PID:4200
- C:\Windows\System\BxqmtuA.exe
  C:\Windows\System\BxqmtuA.exe
  2⤵
  PID:3644
- C:\Windows\System\nbWgFaj.exe
  C:\Windows\System\nbWgFaj.exe
  2⤵
  PID:4328
- C:\Windows\System\fHhkoCb.exe
  C:\Windows\System\fHhkoCb.exe
  2⤵
  PID:3904
- C:\Windows\System\bGPSZar.exe
  C:\Windows\System\bGPSZar.exe
  2⤵
  PID:2156
- C:\Windows\System\gOOnsMW.exe
  C:\Windows\System\gOOnsMW.exe
  2⤵
  PID:3460
- C:\Windows\System\GvoCsWV.exe
  C:\Windows\System\GvoCsWV.exe
  2⤵
  PID:3756
- C:\Windows\System\kkRRKdZ.exe
  C:\Windows\System\kkRRKdZ.exe
  2⤵
  PID:3368
- C:\Windows\System\XOQWYkc.exe
  C:\Windows\System\XOQWYkc.exe
  2⤵
  PID:3864
- C:\Windows\System\oVNxDed.exe
  C:\Windows\System\oVNxDed.exe
  2⤵
  PID:3736
- C:\Windows\System\JjWygzK.exe
  C:\Windows\System\JjWygzK.exe
  2⤵
  PID:4092
- C:\Windows\System\GGbYigg.exe
  C:\Windows\System\GGbYigg.exe
  2⤵
  PID:3516
- C:\Windows\System\lvDgxkr.exe
  C:\Windows\System\lvDgxkr.exe
  2⤵
  PID:4324
- C:\Windows\System\dXqDquC.exe
  C:\Windows\System\dXqDquC.exe
  2⤵
  PID:3880
- C:\Windows\System\TPewQMv.exe
  C:\Windows\System\TPewQMv.exe
  2⤵
  PID:3296
- C:\Windows\System\qVYIckD.exe
  C:\Windows\System\qVYIckD.exe
  2⤵
  PID:2496
- C:\Windows\System\VjKfVgB.exe
  C:\Windows\System\VjKfVgB.exe
  2⤵
  PID:4588
- C:\Windows\System\SuNfear.exe
  C:\Windows\System\SuNfear.exe
  2⤵
  PID:1760
- C:\Windows\System\pebFKAj.exe
  C:\Windows\System\pebFKAj.exe
  2⤵
  PID:3884
- C:\Windows\System\mQZhtTD.exe
  C:\Windows\System\mQZhtTD.exe
  2⤵
  PID:4104
- C:\Windows\System\tZBaWwb.exe
  C:\Windows\System\tZBaWwb.exe
  2⤵
  PID:4344
- C:\Windows\System\qLDqyyr.exe
  C:\Windows\System\qLDqyyr.exe
  2⤵
  PID:4380
- C:\Windows\System\SHTRanz.exe
  C:\Windows\System\SHTRanz.exe
  2⤵
  PID:4440
- C:\Windows\System\PPFfbXH.exe
  C:\Windows\System\PPFfbXH.exe
  2⤵
  PID:3720
- C:\Windows\System\fWOjNhE.exe
  C:\Windows\System\fWOjNhE.exe
  2⤵
  PID:4572
- C:\Windows\System\qBSTMUR.exe
  C:\Windows\System\qBSTMUR.exe
  2⤵
  PID:4828
- C:\Windows\System\CPoGlcv.exe
  C:\Windows\System\CPoGlcv.exe
  2⤵
  PID:4864
- C:\Windows\System\buqphmw.exe
  C:\Windows\System\buqphmw.exe
  2⤵
  PID:4508
- C:\Windows\System\lKiEMEf.exe
  C:\Windows\System\lKiEMEf.exe
  2⤵
  PID:4792
- C:\Windows\System\mostnvy.exe
  C:\Windows\System\mostnvy.exe
  2⤵
  PID:4880
- C:\Windows\System\aTUPzdt.exe
  C:\Windows\System\aTUPzdt.exe
  2⤵
  PID:5056
- C:\Windows\System\FIycMgj.exe
  C:\Windows\System\FIycMgj.exe
  2⤵
  PID:3480
- C:\Windows\System\bUjgbDk.exe
  C:\Windows\System\bUjgbDk.exe
  2⤵
  PID:4164
- C:\Windows\System\uaSgylj.exe
  C:\Windows\System\uaSgylj.exe
  2⤵
  PID:5020
- C:\Windows\System\QpQmJkN.exe
  C:\Windows\System\QpQmJkN.exe
  2⤵
  PID:3572
- C:\Windows\System\nRQrEgf.exe
  C:\Windows\System\nRQrEgf.exe
  2⤵
  PID:4228
- C:\Windows\System\VcwLHzY.exe
  C:\Windows\System\VcwLHzY.exe
  2⤵
  PID:4396
- C:\Windows\System\iKugOPg.exe
  C:\Windows\System\iKugOPg.exe
  2⤵
  PID:3640
- C:\Windows\System\XZRUInS.exe
  C:\Windows\System\XZRUInS.exe
  2⤵
  PID:4360
- C:\Windows\System\ZLYsZJG.exe
  C:\Windows\System\ZLYsZJG.exe
  2⤵
  PID:1728
- C:\Windows\System\QEbGZaR.exe
  C:\Windows\System\QEbGZaR.exe
  2⤵
  PID:3584
- C:\Windows\System\lrAPJJs.exe
  C:\Windows\System\lrAPJJs.exe
  2⤵
  PID:4376
- C:\Windows\System\yhOjzqv.exe
  C:\Windows\System\yhOjzqv.exe
  2⤵
  PID:4212
- C:\Windows\System\HAKOZIz.exe
  C:\Windows\System\HAKOZIz.exe
  2⤵
  PID:4476
- C:\Windows\System\nepYnzJ.exe
  C:\Windows\System\nepYnzJ.exe
  2⤵
  PID:4280
- C:\Windows\System\cemFutE.exe
  C:\Windows\System\cemFutE.exe
  2⤵
  PID:4728
- C:\Windows\System\RrDUiTe.exe
  C:\Windows\System\RrDUiTe.exe
  2⤵
  PID:4764
- C:\Windows\System\xjDtVQQ.exe
  C:\Windows\System\xjDtVQQ.exe
  2⤵
  PID:5048
- C:\Windows\System\EstzmSY.exe
  C:\Windows\System\EstzmSY.exe
  2⤵
  PID:3568
- C:\Windows\System\fhwCWJJ.exe
  C:\Windows\System\fhwCWJJ.exe
  2⤵
  PID:3436
- C:\Windows\System\OdefhsP.exe
  C:\Windows\System\OdefhsP.exe
  2⤵
  PID:580
- C:\Windows\System\lppYrJG.exe
  C:\Windows\System\lppYrJG.exe
  2⤵
  PID:4460
- C:\Windows\System\eGHSDmW.exe
  C:\Windows\System\eGHSDmW.exe
  2⤵
  PID:4584
- C:\Windows\System\oZHxrHK.exe
  C:\Windows\System\oZHxrHK.exe
  2⤵
  PID:4052
- C:\Windows\System\NyaCbvf.exe
  C:\Windows\System\NyaCbvf.exe
  2⤵
  PID:3360
- C:\Windows\System\CCPGMBY.exe
  C:\Windows\System\CCPGMBY.exe
  2⤵
  PID:3896
- C:\Windows\System\qttTuLW.exe
  C:\Windows\System\qttTuLW.exe
  2⤵
  PID:4856
- C:\Windows\System\kYNKyzO.exe
  C:\Windows\System\kYNKyzO.exe
  2⤵
  PID:5072
- C:\Windows\System\FszetYY.exe
  C:\Windows\System\FszetYY.exe
  2⤵
  PID:3704
- C:\Windows\System\ucyDhhF.exe
  C:\Windows\System\ucyDhhF.exe
  2⤵
  PID:5000
- C:\Windows\System\PvtmNqz.exe
  C:\Windows\System\PvtmNqz.exe
  2⤵
  PID:3140
- C:\Windows\System\YOdDMfa.exe
  C:\Windows\System\YOdDMfa.exe
  2⤵
  PID:3844
- C:\Windows\System\JqmzWYi.exe
  C:\Windows\System\JqmzWYi.exe
  2⤵
  PID:4308
- C:\Windows\System\AGqpkWf.exe
  C:\Windows\System\AGqpkWf.exe
  2⤵
  PID:3740
- C:\Windows\System\GTIJykL.exe
  C:\Windows\System\GTIJykL.exe
  2⤵
  PID:5132
- C:\Windows\System\ZiHeTzk.exe
  C:\Windows\System\ZiHeTzk.exe
  2⤵
  PID:5148
- C:\Windows\System\wWjDOpT.exe
  C:\Windows\System\wWjDOpT.exe
  2⤵
  PID:5164
- C:\Windows\System\YlzMwQa.exe
  C:\Windows\System\YlzMwQa.exe
  2⤵
  PID:5180
- C:\Windows\System\eRbcbKt.exe
  C:\Windows\System\eRbcbKt.exe
  2⤵
  PID:5196
- C:\Windows\System\uzZAhno.exe
  C:\Windows\System\uzZAhno.exe
  2⤵
  PID:5212
- C:\Windows\System\LNBXOWv.exe
  C:\Windows\System\LNBXOWv.exe
  2⤵
  PID:5228
- C:\Windows\System\HWijAtd.exe
  C:\Windows\System\HWijAtd.exe
  2⤵
  PID:5244
- C:\Windows\System\RVjbkZi.exe
  C:\Windows\System\RVjbkZi.exe
  2⤵
  PID:5260
- C:\Windows\System\bmelzqR.exe
  C:\Windows\System\bmelzqR.exe
  2⤵
  PID:5276
- C:\Windows\System\BwitDfa.exe
  C:\Windows\System\BwitDfa.exe
  2⤵
  PID:5292
- C:\Windows\System\dvgMkzz.exe
  C:\Windows\System\dvgMkzz.exe
  2⤵
  PID:5308
- C:\Windows\System\mpdElyl.exe
  C:\Windows\System\mpdElyl.exe
  2⤵
  PID:5324
- C:\Windows\System\QHmdJxh.exe
  C:\Windows\System\QHmdJxh.exe
  2⤵
  PID:5340
- C:\Windows\System\JvpstZU.exe
  C:\Windows\System\JvpstZU.exe
  2⤵
  PID:5356
- C:\Windows\System\tepvitI.exe
  C:\Windows\System\tepvitI.exe
  2⤵
  PID:5372
- C:\Windows\System\iPWdVUY.exe
  C:\Windows\System\iPWdVUY.exe
  2⤵
  PID:5388
- C:\Windows\System\ApJafNU.exe
  C:\Windows\System\ApJafNU.exe
  2⤵
  PID:5404
- C:\Windows\System\InRiTlC.exe
  C:\Windows\System\InRiTlC.exe
  2⤵
  PID:5420
- C:\Windows\System\eFPtqIZ.exe
  C:\Windows\System\eFPtqIZ.exe
  2⤵
  PID:5436
- C:\Windows\System\omLcnQr.exe
  C:\Windows\System\omLcnQr.exe
  2⤵
  PID:5452
- C:\Windows\System\FhKpHpK.exe
  C:\Windows\System\FhKpHpK.exe
  2⤵
  PID:5468
- C:\Windows\System\yEVDtvJ.exe
  C:\Windows\System\yEVDtvJ.exe
  2⤵
  PID:5488
- C:\Windows\System\fmKrpcV.exe
  C:\Windows\System\fmKrpcV.exe
  2⤵
  PID:5504
- C:\Windows\System\xhTGzXt.exe
  C:\Windows\System\xhTGzXt.exe
  2⤵
  PID:5520
- C:\Windows\System\FHQyClu.exe
  C:\Windows\System\FHQyClu.exe
  2⤵
  PID:5536
- C:\Windows\System\HAvWoMZ.exe
  C:\Windows\System\HAvWoMZ.exe
  2⤵
  PID:5552
- C:\Windows\System\hPgOrdb.exe
  C:\Windows\System\hPgOrdb.exe
  2⤵
  PID:5568
- C:\Windows\System\TckmoKb.exe
  C:\Windows\System\TckmoKb.exe
  2⤵
  PID:5584
- C:\Windows\System\ezrQkNT.exe
  C:\Windows\System\ezrQkNT.exe
  2⤵
  PID:5600
- C:\Windows\System\aqfCVNV.exe
  C:\Windows\System\aqfCVNV.exe
  2⤵
  PID:5616
- C:\Windows\System\juEajLz.exe
  C:\Windows\System\juEajLz.exe
  2⤵
  PID:5632
- C:\Windows\System\OduepZl.exe
  C:\Windows\System\OduepZl.exe
  2⤵
  PID:5648
- C:\Windows\System\ScXgExM.exe
  C:\Windows\System\ScXgExM.exe
  2⤵
  PID:5664
- C:\Windows\System\PpIjdFU.exe
  C:\Windows\System\PpIjdFU.exe
  2⤵
  PID:5680
- C:\Windows\System\aewVjyq.exe
  C:\Windows\System\aewVjyq.exe
  2⤵
  PID:5696
- C:\Windows\System\qXDQVQb.exe
  C:\Windows\System\qXDQVQb.exe
  2⤵
  PID:5712
- C:\Windows\System\AmKOpEr.exe
  C:\Windows\System\AmKOpEr.exe
  2⤵
  PID:5740
- C:\Windows\System\oQPAeeF.exe
  C:\Windows\System\oQPAeeF.exe
  2⤵
  PID:5756
- C:\Windows\System\xsrnBIE.exe
  C:\Windows\System\xsrnBIE.exe
  2⤵
  PID:5772
- C:\Windows\System\QWQJkDa.exe
  C:\Windows\System\QWQJkDa.exe
  2⤵
  PID:5788
- C:\Windows\System\uQvebFM.exe
  C:\Windows\System\uQvebFM.exe
  2⤵
  PID:5804
- C:\Windows\System\PZTuoSs.exe
  C:\Windows\System\PZTuoSs.exe
  2⤵
  PID:5820
- C:\Windows\System\heDmudn.exe
  C:\Windows\System\heDmudn.exe
  2⤵
  PID:5836
- C:\Windows\System\RmAklER.exe
  C:\Windows\System\RmAklER.exe
  2⤵
  PID:5852
- C:\Windows\System\arNKwNo.exe
  C:\Windows\System\arNKwNo.exe
  2⤵
  PID:5868
- C:\Windows\System\MSdxKsS.exe
  C:\Windows\System\MSdxKsS.exe
  2⤵
  PID:5884
- C:\Windows\System\GxTHrLV.exe
  C:\Windows\System\GxTHrLV.exe
  2⤵
  PID:5900
- C:\Windows\System\hCAWpYZ.exe
  C:\Windows\System\hCAWpYZ.exe
  2⤵
  PID:5916
- C:\Windows\System\oRcYDPn.exe
  C:\Windows\System\oRcYDPn.exe
  2⤵
  PID:5932
- C:\Windows\System\gmDHqXe.exe
  C:\Windows\System\gmDHqXe.exe
  2⤵
  PID:5948
- C:\Windows\System\VFGmirv.exe
  C:\Windows\System\VFGmirv.exe
  2⤵
  PID:5964
- C:\Windows\System\bQsrPLW.exe
  C:\Windows\System\bQsrPLW.exe
  2⤵
  PID:5980
- C:\Windows\System\LFfMyuU.exe
  C:\Windows\System\LFfMyuU.exe
  2⤵
  PID:5996
- C:\Windows\System\NNpffOl.exe
  C:\Windows\System\NNpffOl.exe
  2⤵
  PID:6012
- C:\Windows\System\XLdaThg.exe
  C:\Windows\System\XLdaThg.exe
  2⤵
  PID:6028
- C:\Windows\System\aLYYkBP.exe
  C:\Windows\System\aLYYkBP.exe
  2⤵
  PID:6044
- C:\Windows\System\ZBlWnsa.exe
  C:\Windows\System\ZBlWnsa.exe
  2⤵
  PID:6060
- C:\Windows\System\fkjniMj.exe
  C:\Windows\System\fkjniMj.exe
  2⤵
  PID:6076
- C:\Windows\System\IWEHoDZ.exe
  C:\Windows\System\IWEHoDZ.exe
  2⤵
  PID:6092
- C:\Windows\System\iHboDkS.exe
  C:\Windows\System\iHboDkS.exe
  2⤵
  PID:6108
- C:\Windows\System\KeaUBHT.exe
  C:\Windows\System\KeaUBHT.exe
  2⤵
  PID:6124
- C:\Windows\System\zUDADIN.exe
  C:\Windows\System\zUDADIN.exe
  2⤵
  PID:6140
- C:\Windows\System\otruWCz.exe
  C:\Windows\System\otruWCz.exe
  2⤵
  PID:5580
- C:\Windows\System\EGzzldd.exe
  C:\Windows\System\EGzzldd.exe
  2⤵
  PID:5672
- C:\Windows\System\lasNFiC.exe
  C:\Windows\System\lasNFiC.exe
  2⤵
  PID:5768
- C:\Windows\System\WKaHZAi.exe
  C:\Windows\System\WKaHZAi.exe
  2⤵
  PID:5800
- C:\Windows\System\ltlMtWT.exe
  C:\Windows\System\ltlMtWT.exe
  2⤵
  PID:5896
- C:\Windows\System\FEhrIlQ.exe
  C:\Windows\System\FEhrIlQ.exe
  2⤵
  PID:6020
- C:\Windows\System\EqbrqUe.exe
  C:\Windows\System\EqbrqUe.exe
  2⤵
  PID:5928
- C:\Windows\System\EpjTUfD.exe
  C:\Windows\System\EpjTUfD.exe
  2⤵
  PID:5844
- C:\Windows\System\bFGTdkt.exe
  C:\Windows\System\bFGTdkt.exe
  2⤵
  PID:5940
- C:\Windows\System\ebqYyiV.exe
  C:\Windows\System\ebqYyiV.exe
  2⤵
  PID:6008
- C:\Windows\System\VKjFrvs.exe
  C:\Windows\System\VKjFrvs.exe
  2⤵
  PID:6100
- C:\Windows\System\WWAeZSy.exe
  C:\Windows\System\WWAeZSy.exe
  2⤵
  PID:6088
- C:\Windows\System\XjZnmXY.exe
  C:\Windows\System\XjZnmXY.exe
  2⤵
  PID:5252
- C:\Windows\System\QvxFkaz.exe
  C:\Windows\System\QvxFkaz.exe
  2⤵
  PID:5284
- C:\Windows\System\BfslGil.exe
  C:\Windows\System\BfslGil.exe
  2⤵
  PID:3824
- C:\Windows\System\atBPAWM.exe
  C:\Windows\System\atBPAWM.exe
  2⤵
  PID:5036
- C:\Windows\System\loElntg.exe
  C:\Windows\System\loElntg.exe
  2⤵
  PID:5364
- C:\Windows\System\zlZkFJu.exe
  C:\Windows\System\zlZkFJu.exe
  2⤵
  PID:5348
- C:\Windows\System\wuNIVCP.exe
  C:\Windows\System\wuNIVCP.exe
  2⤵
  PID:5304
- C:\Windows\System\YENAQex.exe
  C:\Windows\System\YENAQex.exe
  2⤵
  PID:5368
- C:\Windows\System\okdYfFE.exe
  C:\Windows\System\okdYfFE.exe
  2⤵
  PID:5460
- C:\Windows\System\vFYYfjX.exe
  C:\Windows\System\vFYYfjX.exe
  2⤵
  PID:5516
- C:\Windows\System\FobpnOu.exe
  C:\Windows\System\FobpnOu.exe
  2⤵
  PID:5500
- C:\Windows\System\hUsMhFA.exe
  C:\Windows\System\hUsMhFA.exe
  2⤵
  PID:5624
- C:\Windows\System\ohJQejz.exe
  C:\Windows\System\ohJQejz.exe
  2⤵
  PID:5548
- C:\Windows\System\bDYETJN.exe
  C:\Windows\System\bDYETJN.exe
  2⤵
  PID:3056
- C:\Windows\System\TInLNre.exe
  C:\Windows\System\TInLNre.exe
  2⤵
  PID:272
- C:\Windows\System\iGlIiYb.exe
  C:\Windows\System\iGlIiYb.exe
  2⤵
  PID:5640
- C:\Windows\System\OqWqvpw.exe
  C:\Windows\System\OqWqvpw.exe
  2⤵
  PID:5704
- C:\Windows\System\bfDpaHL.exe
  C:\Windows\System\bfDpaHL.exe
  2⤵
  PID:5708
- C:\Windows\System\uPAskHs.exe
  C:\Windows\System\uPAskHs.exe
  2⤵
  PID:5892
- C:\Windows\System\wzTlkiD.exe
  C:\Windows\System\wzTlkiD.exe
  2⤵
  PID:6052
- C:\Windows\System\VFjeklz.exe
  C:\Windows\System\VFjeklz.exe
  2⤵
  PID:5876
- C:\Windows\System\EOMXZIA.exe
  C:\Windows\System\EOMXZIA.exe
  2⤵
  PID:6040
- C:\Windows\System\xatbPtT.exe
  C:\Windows\System\xatbPtT.exe
  2⤵
  PID:5160
- C:\Windows\System\IaiGwFh.exe
  C:\Windows\System\IaiGwFh.exe
  2⤵
  PID:5208
- C:\Windows\System\pGZOHhW.exe
  C:\Windows\System\pGZOHhW.exe
  2⤵
  PID:5220
- C:\Windows\System\UbAadRK.exe
  C:\Windows\System\UbAadRK.exe
  2⤵
  PID:3232
- C:\Windows\System\zrIejxj.exe
  C:\Windows\System\zrIejxj.exe
  2⤵
  PID:5992
- C:\Windows\System\cuZIxGe.exe
  C:\Windows\System\cuZIxGe.exe
  2⤵
  PID:5464
- C:\Windows\System\pFHbASO.exe
  C:\Windows\System\pFHbASO.exe
  2⤵
  PID:5656
- C:\Windows\System\rTNIMJg.exe
  C:\Windows\System\rTNIMJg.exe
  2⤵
  PID:2716
- C:\Windows\System\NfqDnWG.exe
  C:\Windows\System\NfqDnWG.exe
  2⤵
  PID:5780
- C:\Windows\System\NRBHQMi.exe
  C:\Windows\System\NRBHQMi.exe
  2⤵
  PID:5812
- C:\Windows\System\THwRFrJ.exe
  C:\Windows\System\THwRFrJ.exe
  2⤵
  PID:6136
- C:\Windows\System\UPRnpEV.exe
  C:\Windows\System\UPRnpEV.exe
  2⤵
  PID:4632
- C:\Windows\System\lsaNNsg.exe
  C:\Windows\System\lsaNNsg.exe
  2⤵
  PID:3432
- C:\Windows\System\XouGXNA.exe
  C:\Windows\System\XouGXNA.exe
  2⤵
  PID:5444
- C:\Windows\System\dzNzjYK.exe
  C:\Windows\System\dzNzjYK.exe
  2⤵
  PID:5512
- C:\Windows\System\COEQCzD.exe
  C:\Windows\System\COEQCzD.exe
  2⤵
  PID:5612
- C:\Windows\System\UQhmiSg.exe
  C:\Windows\System\UQhmiSg.exe
  2⤵
  PID:5864
- C:\Windows\System\GzGcWBZ.exe
  C:\Windows\System\GzGcWBZ.exe
  2⤵
  PID:6072
- C:\Windows\System\RIuzeIZ.exe
  C:\Windows\System\RIuzeIZ.exe
  2⤵
  PID:1084
- C:\Windows\System\pGsuCnq.exe
  C:\Windows\System\pGsuCnq.exe
  2⤵
  PID:5192
- C:\Windows\System\HiZJPCN.exe
  C:\Windows\System\HiZJPCN.exe
  2⤵
  PID:5172
- C:\Windows\System\QjDwbiy.exe
  C:\Windows\System\QjDwbiy.exe
  2⤵
  PID:5484
- C:\Windows\System\ogREewY.exe
  C:\Windows\System\ogREewY.exe
  2⤵
  PID:2932
- C:\Windows\System\MxLciUS.exe
  C:\Windows\System\MxLciUS.exe
  2⤵
  PID:2904
- C:\Windows\System\kJyiUSx.exe
  C:\Windows\System\kJyiUSx.exe
  2⤵
  PID:5100
- C:\Windows\System\CodVVjX.exe
  C:\Windows\System\CodVVjX.exe
  2⤵
  PID:5528
- C:\Windows\System\QLiHYxn.exe
  C:\Windows\System\QLiHYxn.exe
  2⤵
  PID:4048
- C:\Windows\System\qsQInco.exe
  C:\Windows\System\qsQInco.exe
  2⤵
  PID:4964
- C:\Windows\System\WOKjxdc.exe
  C:\Windows\System\WOKjxdc.exe
  2⤵
  PID:4244
- C:\Windows\System\jYNhAtW.exe
  C:\Windows\System\jYNhAtW.exe
  2⤵
  PID:6148
- C:\Windows\System\JgRcAtT.exe
  C:\Windows\System\JgRcAtT.exe
  2⤵
  PID:6168
- C:\Windows\System\ZgCshih.exe
  C:\Windows\System\ZgCshih.exe
  2⤵
  PID:6184
- C:\Windows\System\LMBIFMG.exe
  C:\Windows\System\LMBIFMG.exe
  2⤵
  PID:6200
- C:\Windows\System\JrnQglD.exe
  C:\Windows\System\JrnQglD.exe
  2⤵
  PID:6220
- C:\Windows\System\ltbYYdC.exe
  C:\Windows\System\ltbYYdC.exe
  2⤵
  PID:6236
- C:\Windows\System\KYFFUrn.exe
  C:\Windows\System\KYFFUrn.exe
  2⤵
  PID:6256
- C:\Windows\System\Itazdnz.exe
  C:\Windows\System\Itazdnz.exe
  2⤵
  PID:6272
- C:\Windows\System\fcBnQtC.exe
  C:\Windows\System\fcBnQtC.exe
  2⤵
  PID:6292
- C:\Windows\System\QpIwZhJ.exe
  C:\Windows\System\QpIwZhJ.exe
  2⤵
  PID:6352
- C:\Windows\System\njZowMz.exe
  C:\Windows\System\njZowMz.exe
  2⤵
  PID:6384
- C:\Windows\System\mVUppEN.exe
  C:\Windows\System\mVUppEN.exe
  2⤵
  PID:6400
- C:\Windows\System\lRbwHjR.exe
  C:\Windows\System\lRbwHjR.exe
  2⤵
  PID:6420
- C:\Windows\System\FamqBHU.exe
  C:\Windows\System\FamqBHU.exe
  2⤵
  PID:6436
- C:\Windows\System\MeDIWFR.exe
  C:\Windows\System\MeDIWFR.exe
  2⤵
  PID:6452
- C:\Windows\System\iJwezel.exe
  C:\Windows\System\iJwezel.exe
  2⤵
  PID:6468
- C:\Windows\System\mDQNwAV.exe
  C:\Windows\System\mDQNwAV.exe
  2⤵
  PID:6488
- C:\Windows\System\iWBXDbx.exe
  C:\Windows\System\iWBXDbx.exe
  2⤵
  PID:6508
- C:\Windows\System\nCBmyCF.exe
  C:\Windows\System\nCBmyCF.exe
  2⤵
  PID:6528
- C:\Windows\System\PbCCdTV.exe
  C:\Windows\System\PbCCdTV.exe
  2⤵
  PID:6544
- C:\Windows\System\WKGAzIk.exe
  C:\Windows\System\WKGAzIk.exe
  2⤵
  PID:6580
- C:\Windows\System\BKkDqYC.exe
  C:\Windows\System\BKkDqYC.exe
  2⤵
  PID:6596
- C:\Windows\System\kEnGVgn.exe
  C:\Windows\System\kEnGVgn.exe
  2⤵
  PID:6616
- C:\Windows\System\qDCSbKW.exe
  C:\Windows\System\qDCSbKW.exe
  2⤵
  PID:6632
- C:\Windows\System\krThODG.exe
  C:\Windows\System\krThODG.exe
  2⤵
  PID:6652
- C:\Windows\System\vRefiFZ.exe
  C:\Windows\System\vRefiFZ.exe
  2⤵
  PID:6676
- C:\Windows\System\HMxPIkL.exe
  C:\Windows\System\HMxPIkL.exe
  2⤵
  PID:6692
- C:\Windows\System\wPOZNFb.exe
  C:\Windows\System\wPOZNFb.exe
  2⤵
  PID:6712
- C:\Windows\System\KBYfDWx.exe
  C:\Windows\System\KBYfDWx.exe
  2⤵
  PID:6736
- C:\Windows\System\WQwKHmu.exe
  C:\Windows\System\WQwKHmu.exe
  2⤵
  PID:6756
- C:\Windows\System\AGhJwjP.exe
  C:\Windows\System\AGhJwjP.exe
  2⤵
  PID:6772
- C:\Windows\System\IHTtgKZ.exe
  C:\Windows\System\IHTtgKZ.exe
  2⤵
  PID:6796
- C:\Windows\System\ifCXgPD.exe
  C:\Windows\System\ifCXgPD.exe
  2⤵
  PID:6824
- C:\Windows\System\VJpftNr.exe
  C:\Windows\System\VJpftNr.exe
  2⤵
  PID:6848
- C:\Windows\System\hgPQmPt.exe
  C:\Windows\System\hgPQmPt.exe
  2⤵
  PID:6864
- C:\Windows\System\DJORwXY.exe
  C:\Windows\System\DJORwXY.exe
  2⤵
  PID:6884
- C:\Windows\System\xTCSSEJ.exe
  C:\Windows\System\xTCSSEJ.exe
  2⤵
  PID:6904
- C:\Windows\System\qBloYcM.exe
  C:\Windows\System\qBloYcM.exe
  2⤵
  PID:6928
- C:\Windows\System\LTvuBbt.exe
  C:\Windows\System\LTvuBbt.exe
  2⤵
  PID:6948
- C:\Windows\System\foBHQzj.exe
  C:\Windows\System\foBHQzj.exe
  2⤵
  PID:6964
- C:\Windows\System\HHvwmaO.exe
  C:\Windows\System\HHvwmaO.exe
  2⤵
  PID:6984
- C:\Windows\System\OXKyCbt.exe
  C:\Windows\System\OXKyCbt.exe
  2⤵
  PID:7004
- C:\Windows\System\JbOqRnx.exe
  C:\Windows\System\JbOqRnx.exe
  2⤵
  PID:7028
- C:\Windows\System\wRJBzIm.exe
  C:\Windows\System\wRJBzIm.exe
  2⤵
  PID:7044
- C:\Windows\System\XWqarEY.exe
  C:\Windows\System\XWqarEY.exe
  2⤵
  PID:7064
- C:\Windows\System\ULNAlaR.exe
  C:\Windows\System\ULNAlaR.exe
  2⤵
  PID:7080
- C:\Windows\System\wVULlya.exe
  C:\Windows\System\wVULlya.exe
  2⤵
  PID:7100
- C:\Windows\System\ZKydNFc.exe
  C:\Windows\System\ZKydNFc.exe
  2⤵
  PID:7120
- C:\Windows\System\YxMyqIN.exe
  C:\Windows\System\YxMyqIN.exe
  2⤵
  PID:7136
- C:\Windows\System\dehtHQX.exe
  C:\Windows\System\dehtHQX.exe
  2⤵
  PID:7152
- C:\Windows\System\tkYWszU.exe
  C:\Windows\System\tkYWszU.exe
  2⤵
  PID:6156
- C:\Windows\System\PKlYSVe.exe
  C:\Windows\System\PKlYSVe.exe
  2⤵
  PID:6320
- C:\Windows\System\iFPaNdh.exe
  C:\Windows\System\iFPaNdh.exe
  2⤵
  PID:6344
- C:\Windows\System\kteEfvK.exe
  C:\Windows\System\kteEfvK.exe
  2⤵
  PID:6432
- C:\Windows\System\VBhPsum.exe
  C:\Windows\System\VBhPsum.exe
  2⤵
  PID:6500
- C:\Windows\System\RvtIkiv.exe
  C:\Windows\System\RvtIkiv.exe
  2⤵
  PID:6624
- C:\Windows\System\JfaplaR.exe
  C:\Windows\System\JfaplaR.exe
  2⤵
  PID:6664
- C:\Windows\System\bqYYgFQ.exe
  C:\Windows\System\bqYYgFQ.exe
  2⤵
  PID:6744
- C:\Windows\System\ClisNLP.exe
  C:\Windows\System\ClisNLP.exe
  2⤵
  PID:6788
- C:\Windows\System\PsnVrpN.exe
  C:\Windows\System\PsnVrpN.exe
  2⤵
  PID:6840
- C:\Windows\System\GdFKssL.exe
  C:\Windows\System\GdFKssL.exe
  2⤵
  PID:6252
- C:\Windows\System\siMrBQC.exe
  C:\Windows\System\siMrBQC.exe
  2⤵
  PID:6916
- C:\Windows\System\bWiFiju.exe
  C:\Windows\System\bWiFiju.exe
  2⤵
  PID:6280
- C:\Windows\System\CbYbUeB.exe
  C:\Windows\System\CbYbUeB.exe
  2⤵
  PID:5320
- C:\Windows\System\qPvFLXt.exe
  C:\Windows\System\qPvFLXt.exe
  2⤵
  PID:5692
- C:\Windows\System\HMuoUrT.exe
  C:\Windows\System\HMuoUrT.exe
  2⤵
  PID:6960
- C:\Windows\System\OwxRiUD.exe
  C:\Windows\System\OwxRiUD.exe
  2⤵
  PID:6476
- C:\Windows\System\FFemOUY.exe
  C:\Windows\System\FFemOUY.exe
  2⤵
  PID:6560
- C:\Windows\System\loDvStv.exe
  C:\Windows\System\loDvStv.exe
  2⤵
  PID:6576
- C:\Windows\System\EXOyfdX.exe
  C:\Windows\System\EXOyfdX.exe
  2⤵
  PID:6640
- C:\Windows\System\LQLzPra.exe
  C:\Windows\System\LQLzPra.exe
  2⤵
  PID:6720
- C:\Windows\System\BoYdQVF.exe
  C:\Windows\System\BoYdQVF.exe
  2⤵
  PID:6768
- C:\Windows\System\CeTHJvi.exe
  C:\Windows\System\CeTHJvi.exe
  2⤵
  PID:6896
- C:\Windows\System\iBfnxhJ.exe
  C:\Windows\System\iBfnxhJ.exe
  2⤵
  PID:6936
- C:\Windows\System\CawEwny.exe
  C:\Windows\System\CawEwny.exe
  2⤵
  PID:5860
- C:\Windows\System\biRkUek.exe
  C:\Windows\System\biRkUek.exe
  2⤵
  PID:5380
- C:\Windows\System\UEdvLbR.exe
  C:\Windows\System\UEdvLbR.exe
  2⤵
  PID:5532
- C:\Windows\System\dHbhmQl.exe
  C:\Windows\System\dHbhmQl.exe
  2⤵
  PID:6180
- C:\Windows\System\MezBTXb.exe
  C:\Windows\System\MezBTXb.exe
  2⤵
  PID:6164
- C:\Windows\System\VTXVvpS.exe
  C:\Windows\System\VTXVvpS.exe
  2⤵
  PID:6268
- C:\Windows\System\FHMXhLY.exe
  C:\Windows\System\FHMXhLY.exe
  2⤵
  PID:2780
- C:\Windows\System\tFNQyJi.exe
  C:\Windows\System\tFNQyJi.exe
  2⤵
  PID:5784
- C:\Windows\System\HKpntQz.exe
  C:\Windows\System\HKpntQz.exe
  2⤵
  PID:6372
- C:\Windows\System\iROnxQc.exe
  C:\Windows\System\iROnxQc.exe
  2⤵
  PID:6976
- C:\Windows\System\kRuayWb.exe
  C:\Windows\System\kRuayWb.exe
  2⤵
  PID:7012
- C:\Windows\System\qfaCCri.exe
  C:\Windows\System\qfaCCri.exe
  2⤵
  PID:6708
- C:\Windows\System\GrfJzAH.exe
  C:\Windows\System\GrfJzAH.exe
  2⤵
  PID:6880
- C:\Windows\System\MLXWddW.exe
  C:\Windows\System\MLXWddW.exe
  2⤵
  PID:3060
- C:\Windows\System\JdiBkNW.exe
  C:\Windows\System\JdiBkNW.exe
  2⤵
  PID:6116
- C:\Windows\System\uFWnyKn.exe
  C:\Windows\System\uFWnyKn.exe
  2⤵
  PID:7020
- C:\Windows\System\WkqZiks.exe
  C:\Windows\System\WkqZiks.exe
  2⤵
  PID:7060
- C:\Windows\System\YhhqGgT.exe
  C:\Windows\System\YhhqGgT.exe
  2⤵
  PID:7128
- C:\Windows\System\aMxIMaf.exe
  C:\Windows\System\aMxIMaf.exe
  2⤵
  PID:6332
- C:\Windows\System\uRqKNfj.exe
  C:\Windows\System\uRqKNfj.exe
  2⤵
  PID:6520
- C:\Windows\System\xqJHZxU.exe
  C:\Windows\System\xqJHZxU.exe
  2⤵
  PID:6612
- C:\Windows\System\AFohLpu.exe
  C:\Windows\System\AFohLpu.exe
  2⤵
  PID:6732
- C:\Windows\System\nOmxtFp.exe
  C:\Windows\System\nOmxtFp.exe
  2⤵
  PID:6672
- C:\Windows\System\NxBWNzP.exe
  C:\Windows\System\NxBWNzP.exe
  2⤵
  PID:6836
- C:\Windows\System\FiKhDzw.exe
  C:\Windows\System\FiKhDzw.exe
  2⤵
  PID:6552
- C:\Windows\System\JgPspUL.exe
  C:\Windows\System\JgPspUL.exe
  2⤵
  PID:5140
- C:\Windows\System\EARUgRl.exe
  C:\Windows\System\EARUgRl.exe
  2⤵
  PID:6448
- C:\Windows\System\WeWsCIA.exe
  C:\Windows\System\WeWsCIA.exe
  2⤵
  PID:6684
- C:\Windows\System\jMpMfNQ.exe
  C:\Windows\System\jMpMfNQ.exe
  2⤵
  PID:6856
- C:\Windows\System\BqvCVJv.exe
  C:\Windows\System\BqvCVJv.exe
  2⤵
  PID:6820
- C:\Windows\System\VuBzfmT.exe
  C:\Windows\System\VuBzfmT.exe
  2⤵
  PID:5300
- C:\Windows\System\ZSPdXnv.exe
  C:\Windows\System\ZSPdXnv.exe
  2⤵
  PID:5596
- C:\Windows\System\KFnIPef.exe
  C:\Windows\System\KFnIPef.exe
  2⤵
  PID:7072
- C:\Windows\System\aFYeQWg.exe
  C:\Windows\System\aFYeQWg.exe
  2⤵
  PID:6304
- C:\Windows\System\rvZHxrK.exe
  C:\Windows\System\rvZHxrK.exe
  2⤵
  PID:6316
- C:\Windows\System\ERKGehH.exe
  C:\Windows\System\ERKGehH.exe
  2⤵
  PID:6416
- C:\Windows\System\FvlswHS.exe
  C:\Windows\System\FvlswHS.exe
  2⤵
  PID:6208
- C:\Windows\System\HogyhVl.exe
  C:\Windows\System\HogyhVl.exe
  2⤵
  PID:6496
- C:\Windows\System\REKWlHv.exe
  C:\Windows\System\REKWlHv.exe
  2⤵
  PID:7092
- C:\Windows\System\mNswZGk.exe
  C:\Windows\System\mNswZGk.exe
  2⤵
  PID:6516
- C:\Windows\System\IJgnbfn.exe
  C:\Windows\System\IJgnbfn.exe
  2⤵
  PID:6780
- C:\Windows\System\VKtJqtz.exe
  C:\Windows\System\VKtJqtz.exe
  2⤵
  PID:6216
- C:\Windows\System\fQuPvLk.exe
  C:\Windows\System\fQuPvLk.exe
  2⤵
  PID:7000
- C:\Windows\System\jhzZamt.exe
  C:\Windows\System\jhzZamt.exe
  2⤵
  PID:6004
- C:\Windows\System\JtZhmXK.exe
  C:\Windows\System\JtZhmXK.exe
  2⤵
  PID:6408
- C:\Windows\System\YBncZwh.exe
  C:\Windows\System\YBncZwh.exe
  2⤵
  PID:6340
- C:\Windows\System\mpSNEHi.exe
  C:\Windows\System\mpSNEHi.exe
  2⤵
  PID:6784
- C:\Windows\System\jRkRMtV.exe
  C:\Windows\System\jRkRMtV.exe
  2⤵
  PID:5432
- C:\Windows\System\fwyUKPG.exe
  C:\Windows\System\fwyUKPG.exe
  2⤵
  PID:6588
- C:\Windows\System\dFBYrYI.exe
  C:\Windows\System\dFBYrYI.exe
  2⤵
  PID:6832
- C:\Windows\System\jzkUaQL.exe
  C:\Windows\System\jzkUaQL.exe
  2⤵
  PID:6592
- C:\Windows\System\zoaHDbU.exe
  C:\Windows\System\zoaHDbU.exe
  2⤵
  PID:7184
- C:\Windows\System\KcrcBZt.exe
  C:\Windows\System\KcrcBZt.exe
  2⤵
  PID:7204
- C:\Windows\System\sEspvOD.exe
  C:\Windows\System\sEspvOD.exe
  2⤵
  PID:7232
- C:\Windows\System\BhARzlS.exe
  C:\Windows\System\BhARzlS.exe
  2⤵
  PID:7248
- C:\Windows\System\PcZqvnj.exe
  C:\Windows\System\PcZqvnj.exe
  2⤵
  PID:7264
- C:\Windows\System\tHwtNin.exe
  C:\Windows\System\tHwtNin.exe
  2⤵
  PID:7284
- C:\Windows\System\ylcNwkw.exe
  C:\Windows\System\ylcNwkw.exe
  2⤵
  PID:7304
- C:\Windows\System\qywQTbb.exe
  C:\Windows\System\qywQTbb.exe
  2⤵
  PID:7324
- C:\Windows\System\uvJBsZv.exe
  C:\Windows\System\uvJBsZv.exe
  2⤵
  PID:7344
- C:\Windows\System\udUUZax.exe
  C:\Windows\System\udUUZax.exe
  2⤵
  PID:7364
- C:\Windows\System\TNHBCqz.exe
  C:\Windows\System\TNHBCqz.exe
  2⤵
  PID:7384
- C:\Windows\System\HbtCoOh.exe
  C:\Windows\System\HbtCoOh.exe
  2⤵
  PID:7400
- C:\Windows\System\VipQTgC.exe
  C:\Windows\System\VipQTgC.exe
  2⤵
  PID:7420
- C:\Windows\System\hDjQUKY.exe
  C:\Windows\System\hDjQUKY.exe
  2⤵
  PID:7436
- C:\Windows\System\zmGbcgN.exe
  C:\Windows\System\zmGbcgN.exe
  2⤵
  PID:7456
- C:\Windows\System\RwtZbpe.exe
  C:\Windows\System\RwtZbpe.exe
  2⤵
  PID:7472
- C:\Windows\System\tPtDLeY.exe
  C:\Windows\System\tPtDLeY.exe
  2⤵
  PID:7492
- C:\Windows\System\CmSIrPK.exe
  C:\Windows\System\CmSIrPK.exe
  2⤵
  PID:7512
- C:\Windows\System\tBwNqqa.exe
  C:\Windows\System\tBwNqqa.exe
  2⤵
  PID:7532
- C:\Windows\System\QJsZnOG.exe
  C:\Windows\System\QJsZnOG.exe
  2⤵
  PID:7576
- C:\Windows\System\YBGykUg.exe
  C:\Windows\System\YBGykUg.exe
  2⤵
  PID:7596
- C:\Windows\System\hVtVAnz.exe
  C:\Windows\System\hVtVAnz.exe
  2⤵
  PID:7628
- C:\Windows\System\QLXguHa.exe
  C:\Windows\System\QLXguHa.exe
  2⤵
  PID:7648
- C:\Windows\System\jsUxomP.exe
  C:\Windows\System\jsUxomP.exe
  2⤵
  PID:7668
- C:\Windows\System\qWNpTSw.exe
  C:\Windows\System\qWNpTSw.exe
  2⤵
  PID:7688
- C:\Windows\System\hQiSUWn.exe
  C:\Windows\System\hQiSUWn.exe
  2⤵
  PID:7708
- C:\Windows\System\ALibLjC.exe
  C:\Windows\System\ALibLjC.exe
  2⤵
  PID:7724
- C:\Windows\System\dFVhEUk.exe
  C:\Windows\System\dFVhEUk.exe
  2⤵
  PID:7748
- C:\Windows\System\HKDFMqW.exe
  C:\Windows\System\HKDFMqW.exe
  2⤵
  PID:7764
- C:\Windows\System\diwuNAC.exe
  C:\Windows\System\diwuNAC.exe
  2⤵
  PID:7780
- C:\Windows\System\wpdvIYs.exe
  C:\Windows\System\wpdvIYs.exe
  2⤵
  PID:7804
- C:\Windows\System\cwtnzNN.exe
  C:\Windows\System\cwtnzNN.exe
  2⤵
  PID:7820
- C:\Windows\System\YootUxK.exe
  C:\Windows\System\YootUxK.exe
  2⤵
  PID:7840
- C:\Windows\System\sHHfVes.exe
  C:\Windows\System\sHHfVes.exe
  2⤵
  PID:7868
- C:\Windows\System\wezKxOv.exe
  C:\Windows\System\wezKxOv.exe
  2⤵
  PID:7884
- C:\Windows\System\DXyzMTB.exe
  C:\Windows\System\DXyzMTB.exe
  2⤵
  PID:7900
- C:\Windows\System\feLGElb.exe
  C:\Windows\System\feLGElb.exe
  2⤵
  PID:7916
- C:\Windows\System\wCxJWQN.exe
  C:\Windows\System\wCxJWQN.exe
  2⤵
  PID:7932
- C:\Windows\System\lZlVAbo.exe
  C:\Windows\System\lZlVAbo.exe
  2⤵
  PID:7952
- C:\Windows\System\PTdIsIB.exe
  C:\Windows\System\PTdIsIB.exe
  2⤵
  PID:7992
- C:\Windows\System\OymRlRL.exe
  C:\Windows\System\OymRlRL.exe
  2⤵
  PID:8008
- C:\Windows\System\hVkjptr.exe
  C:\Windows\System\hVkjptr.exe
  2⤵
  PID:8024
- C:\Windows\System\sxsewZz.exe
  C:\Windows\System\sxsewZz.exe
  2⤵
  PID:8040
- C:\Windows\System\WcjCeoT.exe
  C:\Windows\System\WcjCeoT.exe
  2⤵
  PID:8056
- C:\Windows\System\htKvLNV.exe
  C:\Windows\System\htKvLNV.exe
  2⤵
  PID:8072
- C:\Windows\System\jdUprGg.exe
  C:\Windows\System\jdUprGg.exe
  2⤵
  PID:8112
- C:\Windows\System\jEnyjVw.exe
  C:\Windows\System\jEnyjVw.exe
  2⤵
  PID:8136
- C:\Windows\System\tpOtutA.exe
  C:\Windows\System\tpOtutA.exe
  2⤵
  PID:8152
- C:\Windows\System\vGosQdk.exe
  C:\Windows\System\vGosQdk.exe
  2⤵
  PID:8168
- C:\Windows\System\bhdrCfr.exe
  C:\Windows\System\bhdrCfr.exe
  2⤵
  PID:8184
- C:\Windows\System\VHrqLYN.exe
  C:\Windows\System\VHrqLYN.exe
  2⤵
  PID:5416
- C:\Windows\System\VioRWSM.exe
  C:\Windows\System\VioRWSM.exe
  2⤵
  PID:6244
- C:\Windows\System\olYNvnt.exe
  C:\Windows\System\olYNvnt.exe
  2⤵
  PID:7052
- C:\Windows\System\WtcEogf.exe
  C:\Windows\System\WtcEogf.exe
  2⤵
  PID:6944
- C:\Windows\System\CgWCAiW.exe
  C:\Windows\System\CgWCAiW.exe
  2⤵
  PID:6328
- C:\Windows\System\pQHRARH.exe
  C:\Windows\System\pQHRARH.exe
  2⤵
  PID:7228
- C:\Windows\System\IsUxNqy.exe
  C:\Windows\System\IsUxNqy.exe
  2⤵
  PID:6428
- C:\Windows\System\nOjkyiH.exe
  C:\Windows\System\nOjkyiH.exe
  2⤵
  PID:7256
- C:\Windows\System\wgzOUJI.exe
  C:\Windows\System\wgzOUJI.exe
  2⤵
  PID:6816
- C:\Windows\System\WXNtIwZ.exe
  C:\Windows\System\WXNtIwZ.exe
  2⤵
  PID:7148
- C:\Windows\System\wgngEEt.exe
  C:\Windows\System\wgngEEt.exe
  2⤵
  PID:1988
- C:\Windows\System\jhVLjwz.exe
  C:\Windows\System\jhVLjwz.exe
  2⤵
  PID:6364
- C:\Windows\System\almnbEZ.exe
  C:\Windows\System\almnbEZ.exe
  2⤵
  PID:7300
- C:\Windows\System\NVRjnCf.exe
  C:\Windows\System\NVRjnCf.exe
  2⤵
  PID:7192
- C:\Windows\System\BNJWXDg.exe
  C:\Windows\System\BNJWXDg.exe
  2⤵
  PID:7276
- C:\Windows\System\RfKdnFD.exe
  C:\Windows\System\RfKdnFD.exe
  2⤵
  PID:7480
- C:\Windows\System\bqrhgYE.exe
  C:\Windows\System\bqrhgYE.exe
  2⤵
  PID:7528
- C:\Windows\System\iSmAUoF.exe
  C:\Windows\System\iSmAUoF.exe
  2⤵
  PID:7392
- C:\Windows\System\DlaNeSP.exe
  C:\Windows\System\DlaNeSP.exe
  2⤵
  PID:7540
- C:\Windows\System\AIbBwVq.exe
  C:\Windows\System\AIbBwVq.exe
  2⤵
  PID:7548
- C:\Windows\System\Kreawpq.exe
  C:\Windows\System\Kreawpq.exe
  2⤵
  PID:7640
- C:\Windows\System\chkPvUI.exe
  C:\Windows\System\chkPvUI.exe
  2⤵
  PID:7620
- C:\Windows\System\PrnniyI.exe
  C:\Windows\System\PrnniyI.exe
  2⤵
  PID:7680
- C:\Windows\System\KvSirTJ.exe
  C:\Windows\System\KvSirTJ.exe
  2⤵
  PID:7560
- C:\Windows\System\mmRynSZ.exe
  C:\Windows\System\mmRynSZ.exe
  2⤵
  PID:7604
- C:\Windows\System\AiTgnuZ.exe
  C:\Windows\System\AiTgnuZ.exe
  2⤵
  PID:7684
- C:\Windows\System\lrFmxNW.exe
  C:\Windows\System\lrFmxNW.exe
  2⤵
  PID:7700
- C:\Windows\System\bzfvmis.exe
  C:\Windows\System\bzfvmis.exe
  2⤵
  PID:7736
- C:\Windows\System\dgAllrB.exe
  C:\Windows\System\dgAllrB.exe
  2⤵
  PID:7796
- C:\Windows\System\uEgnyKW.exe
  C:\Windows\System\uEgnyKW.exe
  2⤵
  PID:7828
- C:\Windows\System\wZupKMi.exe
  C:\Windows\System\wZupKMi.exe
  2⤵
  PID:1792
- C:\Windows\System\Bjqsfms.exe
  C:\Windows\System\Bjqsfms.exe
  2⤵
  PID:7848
- C:\Windows\System\GNWLoGi.exe
  C:\Windows\System\GNWLoGi.exe
  2⤵
  PID:7880
- C:\Windows\System\ZKUzOOu.exe
  C:\Windows\System\ZKUzOOu.exe
  2⤵
  PID:7860
- C:\Windows\System\hJGaCHB.exe
  C:\Windows\System\hJGaCHB.exe
  2⤵
  PID:7896
- C:\Windows\System\aGFeliJ.exe
  C:\Windows\System\aGFeliJ.exe
  2⤵
  PID:7964
- C:\Windows\System\trXNxCu.exe
  C:\Windows\System\trXNxCu.exe
  2⤵
  PID:7984
- C:\Windows\System\wYFixgu.exe
  C:\Windows\System\wYFixgu.exe
  2⤵
  PID:7988
- C:\Windows\System\ZYgPNys.exe
  C:\Windows\System\ZYgPNys.exe
  2⤵
  PID:8032
- C:\Windows\System\mYTAQzQ.exe
  C:\Windows\System\mYTAQzQ.exe
  2⤵
  PID:8092
- C:\Windows\System\AgrdMTi.exe
  C:\Windows\System\AgrdMTi.exe
  2⤵
  PID:8000
- C:\Windows\System\pMkRgkl.exe
  C:\Windows\System\pMkRgkl.exe
  2⤵
  PID:8124
- C:\Windows\System\UsjhGvQ.exe
  C:\Windows\System\UsjhGvQ.exe
  2⤵
  PID:8144
- C:\Windows\System\SKBPdBa.exe
  C:\Windows\System\SKBPdBa.exe
  2⤵
  PID:7240
- C:\Windows\System\mkkjwcU.exe
  C:\Windows\System\mkkjwcU.exe
  2⤵
  PID:7224
- C:\Windows\System\XljbOrX.exe
  C:\Windows\System\XljbOrX.exe
  2⤵
  PID:6668
- C:\Windows\System\qqDEwnT.exe
  C:\Windows\System\qqDEwnT.exe
  2⤵
  PID:7216
- C:\Windows\System\hYLZFOF.exe
  C:\Windows\System\hYLZFOF.exe
  2⤵
  PID:6232
- C:\Windows\System\RdgYZGh.exe
  C:\Windows\System\RdgYZGh.exe
  2⤵
  PID:7320
- C:\Windows\System\ijiQnyH.exe
  C:\Windows\System\ijiQnyH.exe
  2⤵
  PID:7412
- C:\Windows\System\uTrsORH.exe
  C:\Windows\System\uTrsORH.exe
  2⤵
  PID:7408
- C:\Windows\System\SpYpWBF.exe
  C:\Windows\System\SpYpWBF.exe
  2⤵
  PID:8100
- C:\Windows\System\pImrAGX.exe
  C:\Windows\System\pImrAGX.exe
  2⤵
  PID:1564
- C:\Windows\System\cxYNsTi.exe
  C:\Windows\System\cxYNsTi.exe
  2⤵
  PID:7568
- C:\Windows\System\sVHFmOH.exe
  C:\Windows\System\sVHFmOH.exe
  2⤵
  PID:7788
- C:\Windows\System\jPGIuUy.exe
  C:\Windows\System\jPGIuUy.exe
  2⤵
  PID:7776
- C:\Windows\System\HMDUTUn.exe
  C:\Windows\System\HMDUTUn.exe
  2⤵
  PID:7864
- C:\Windows\System\ecldCKs.exe
  C:\Windows\System\ecldCKs.exe
  2⤵
  PID:8016
- C:\Windows\System\SlvWils.exe
  C:\Windows\System\SlvWils.exe
  2⤵
  PID:8160
- C:\Windows\System\SlaWPqn.exe
  C:\Windows\System\SlaWPqn.exe
  2⤵
  PID:7792
- C:\Windows\System\smPDvor.exe
  C:\Windows\System\smPDvor.exe
  2⤵
  PID:8108
- C:\Windows\System\HcigOtb.exe
  C:\Windows\System\HcigOtb.exe
  2⤵
  PID:7556
- C:\Windows\System\OexKIqf.exe
  C:\Windows\System\OexKIqf.exe
  2⤵
  PID:7912
- C:\Windows\System\zJioHxf.exe
  C:\Windows\System\zJioHxf.exe
  2⤵
  PID:1452
- C:\Windows\System\deNnRhy.exe
  C:\Windows\System\deNnRhy.exe
  2⤵
  PID:7336
- C:\Windows\System\cyqVEbv.exe
  C:\Windows\System\cyqVEbv.exe
  2⤵
  PID:6812
- C:\Windows\System\rqToMLL.exe
  C:\Windows\System\rqToMLL.exe
  2⤵
  PID:7112
- C:\Windows\System\PHRxNJC.exe
  C:\Windows\System\PHRxNJC.exe
  2⤵
  PID:7244
- C:\Windows\System\TWTeEzz.exe
  C:\Windows\System\TWTeEzz.exe
  2⤵
  PID:6348
- C:\Windows\System\IwuZtxL.exe
  C:\Windows\System\IwuZtxL.exe
  2⤵
  PID:7376
- C:\Windows\System\sFNVSeB.exe
  C:\Windows\System\sFNVSeB.exe
  2⤵
  PID:7340
- C:\Windows\System\CPTiKNz.exe
  C:\Windows\System\CPTiKNz.exe
  2⤵
  PID:7428
- C:\Windows\System\BcSdSAq.exe
  C:\Windows\System\BcSdSAq.exe
  2⤵
  PID:7716
- C:\Windows\System\xLoQNjK.exe
  C:\Windows\System\xLoQNjK.exe
  2⤵
  PID:8052
- C:\Windows\System\esvowBq.exe
  C:\Windows\System\esvowBq.exe
  2⤵
  PID:7588
- C:\Windows\System\mxhCKlj.exe
  C:\Windows\System\mxhCKlj.exe
  2⤵
  PID:880
- C:\Windows\System\CPXdBgs.exe
  C:\Windows\System\CPXdBgs.exe
  2⤵
  PID:7592
- C:\Windows\System\VUDkjbg.exe
  C:\Windows\System\VUDkjbg.exe
  2⤵
  PID:7544
- C:\Windows\System\msXcnUf.exe
  C:\Windows\System\msXcnUf.exe
  2⤵
  PID:5288
- C:\Windows\System\OODncoG.exe
  C:\Windows\System\OODncoG.exe
  2⤵
  PID:7164
- C:\Windows\System\fZbmBxG.exe
  C:\Windows\System\fZbmBxG.exe
  2⤵
  PID:7180
- C:\Windows\System\npNXGnu.exe
  C:\Windows\System\npNXGnu.exe
  2⤵
  PID:6660
- C:\Windows\System\NbxOMnf.exe
  C:\Windows\System\NbxOMnf.exe
  2⤵
  PID:7200
- C:\Windows\System\mQeFxVu.exe
  C:\Windows\System\mQeFxVu.exe
  2⤵
  PID:7444
- C:\Windows\System\JwHggOn.exe
  C:\Windows\System\JwHggOn.exe
  2⤵
  PID:7016
- C:\Windows\System\sQmPbYo.exe
  C:\Windows\System\sQmPbYo.exe
  2⤵
  PID:7500
- C:\Windows\System\bxORVsM.exe
  C:\Windows\System\bxORVsM.exe
  2⤵
  PID:7816
- C:\Windows\System\nxXJrDY.exe
  C:\Windows\System\nxXJrDY.exe
  2⤵
  PID:7552
- C:\Windows\System\fXlILAQ.exe
  C:\Windows\System\fXlILAQ.exe
  2⤵
  PID:7980
- C:\Windows\System\EDuTvmw.exe
  C:\Windows\System\EDuTvmw.exe
  2⤵
  PID:8104
- C:\Windows\System\PRsGidL.exe
  C:\Windows\System\PRsGidL.exe
  2⤵
  PID:7524
- C:\Windows\System\gmGylqG.exe
  C:\Windows\System\gmGylqG.exe
  2⤵
  PID:7944
- C:\Windows\System\HZRrfHa.exe
  C:\Windows\System\HZRrfHa.exe
  2⤵
  PID:8216
- C:\Windows\System\hdMwIeC.exe
  C:\Windows\System\hdMwIeC.exe
  2⤵
  PID:8232
- C:\Windows\System\VKQXmTq.exe
  C:\Windows\System\VKQXmTq.exe
  2⤵
  PID:8248
- C:\Windows\System\hVhdCMf.exe
  C:\Windows\System\hVhdCMf.exe
  2⤵
  PID:8268
- C:\Windows\System\VAHvaFr.exe
  C:\Windows\System\VAHvaFr.exe
  2⤵
  PID:8284
- C:\Windows\System\aKoAqTz.exe
  C:\Windows\System\aKoAqTz.exe
  2⤵
  PID:8300
- C:\Windows\System\LmXLuom.exe
  C:\Windows\System\LmXLuom.exe
  2⤵
  PID:8320
- C:\Windows\System\DOaOHSZ.exe
  C:\Windows\System\DOaOHSZ.exe
  2⤵
  PID:8340
- C:\Windows\System\UdIRRpE.exe
  C:\Windows\System\UdIRRpE.exe
  2⤵
  PID:8356
- C:\Windows\System\iYTRlWS.exe
  C:\Windows\System\iYTRlWS.exe
  2⤵
  PID:8376
- C:\Windows\System\nJbtovG.exe
  C:\Windows\System\nJbtovG.exe
  2⤵
  PID:8404
- C:\Windows\System\nOykYPI.exe
  C:\Windows\System\nOykYPI.exe
  2⤵
  PID:8420
- C:\Windows\System\iWrZAiK.exe
  C:\Windows\System\iWrZAiK.exe
  2⤵
  PID:8440
- C:\Windows\System\sFMEmgf.exe
  C:\Windows\System\sFMEmgf.exe
  2⤵
  PID:8460
- C:\Windows\System\XmBWKQX.exe
  C:\Windows\System\XmBWKQX.exe
  2⤵
  PID:8476
- C:\Windows\System\vWvgCzx.exe
  C:\Windows\System\vWvgCzx.exe
  2⤵
  PID:8492
- C:\Windows\System\oyEropa.exe
  C:\Windows\System\oyEropa.exe
  2⤵
  PID:8512
- C:\Windows\System\jKDJXzp.exe
  C:\Windows\System\jKDJXzp.exe
  2⤵
  PID:8528
- C:\Windows\System\OrSalCj.exe
  C:\Windows\System\OrSalCj.exe
  2⤵
  PID:8548
- C:\Windows\System\aWhUTgO.exe
  C:\Windows\System\aWhUTgO.exe
  2⤵
  PID:8564
- C:\Windows\System\UQEEOUy.exe
  C:\Windows\System\UQEEOUy.exe
  2⤵
  PID:8584
- C:\Windows\System\xJeJEif.exe
  C:\Windows\System\xJeJEif.exe
  2⤵
  PID:8604
- C:\Windows\System\mNVQnks.exe
  C:\Windows\System\mNVQnks.exe
  2⤵
  PID:8628
- C:\Windows\System\HWsUove.exe
  C:\Windows\System\HWsUove.exe
  2⤵
  PID:8644
- C:\Windows\System\gaoQppJ.exe
  C:\Windows\System\gaoQppJ.exe
  2⤵
  PID:8660
- C:\Windows\System\eRpcfIL.exe
  C:\Windows\System\eRpcfIL.exe
  2⤵
  PID:8676
- C:\Windows\System\qKwkfgW.exe
  C:\Windows\System\qKwkfgW.exe
  2⤵
  PID:8692
- C:\Windows\System\PetqGty.exe
  C:\Windows\System\PetqGty.exe
  2⤵
  PID:8708
- C:\Windows\System\QUkDYlH.exe
  C:\Windows\System\QUkDYlH.exe
  2⤵
  PID:8728
- C:\Windows\System\yLIzrkQ.exe
  C:\Windows\System\yLIzrkQ.exe
  2⤵
  PID:8744
- C:\Windows\System\cNnPpZD.exe
  C:\Windows\System\cNnPpZD.exe
  2⤵
  PID:8760
- C:\Windows\System\wzbbJzo.exe
  C:\Windows\System\wzbbJzo.exe
  2⤵
  PID:8776
- C:\Windows\System\fuuuccL.exe
  C:\Windows\System\fuuuccL.exe
  2⤵
  PID:8792
- C:\Windows\System\yMrCmsl.exe
  C:\Windows\System\yMrCmsl.exe
  2⤵
  PID:8808
- C:\Windows\System\PEXfUnf.exe
  C:\Windows\System\PEXfUnf.exe
  2⤵
  PID:8828
- C:\Windows\System\zJmbfKQ.exe
  C:\Windows\System\zJmbfKQ.exe
  2⤵
  PID:8844
- C:\Windows\System\ObJpmZW.exe
  C:\Windows\System\ObJpmZW.exe
  2⤵
  PID:8868
- C:\Windows\System\qFYEvLA.exe
  C:\Windows\System\qFYEvLA.exe
  2⤵
  PID:8884
- C:\Windows\System\gPIQINI.exe
  C:\Windows\System\gPIQINI.exe
  2⤵
  PID:8900
- C:\Windows\System\vtBhHgY.exe
  C:\Windows\System\vtBhHgY.exe
  2⤵
  PID:8924
- C:\Windows\System\GlPaAhC.exe
  C:\Windows\System\GlPaAhC.exe
  2⤵
  PID:8992
- C:\Windows\System\NgMyhPL.exe
  C:\Windows\System\NgMyhPL.exe
  2⤵
  PID:9044
- C:\Windows\System\cNWdQQv.exe
  C:\Windows\System\cNWdQQv.exe
  2⤵
  PID:9080
- C:\Windows\System\FVZwhqg.exe
  C:\Windows\System\FVZwhqg.exe
  2⤵
  PID:9100
- C:\Windows\System\LMWKgWw.exe
  C:\Windows\System\LMWKgWw.exe
  2⤵
  PID:9116
- C:\Windows\System\YusLXZi.exe
  C:\Windows\System\YusLXZi.exe
  2⤵
  PID:9132
- C:\Windows\System\uxmyuhv.exe
  C:\Windows\System\uxmyuhv.exe
  2⤵
  PID:9148
- C:\Windows\System\RwspmzF.exe
  C:\Windows\System\RwspmzF.exe
  2⤵
  PID:9164
- C:\Windows\System\hYpGViB.exe
  C:\Windows\System\hYpGViB.exe
  2⤵
  PID:9180
- C:\Windows\System\SvovaLw.exe
  C:\Windows\System\SvovaLw.exe
  2⤵
  PID:9196
- C:\Windows\System\Ouerdej.exe
  C:\Windows\System\Ouerdej.exe
  2⤵
  PID:9212
- C:\Windows\System\ISHncSJ.exe
  C:\Windows\System\ISHncSJ.exe
  2⤵
  PID:7176
- C:\Windows\System\MQapAFT.exe
  C:\Windows\System\MQapAFT.exe
  2⤵
  PID:8208
- C:\Windows\System\bfLyxba.exe
  C:\Windows\System\bfLyxba.exe
  2⤵
  PID:8276
- C:\Windows\System\zCXNtvg.exe
  C:\Windows\System\zCXNtvg.exe
  2⤵
  PID:8316
- C:\Windows\System\TbWQfdB.exe
  C:\Windows\System\TbWQfdB.exe
  2⤵
  PID:8388
- C:\Windows\System\UYtNaYq.exe
  C:\Windows\System\UYtNaYq.exe
  2⤵
  PID:8428
- C:\Windows\System\IsucNCR.exe
  C:\Windows\System\IsucNCR.exe
  2⤵
  PID:8472
- C:\Windows\System\OdxDVSm.exe
  C:\Windows\System\OdxDVSm.exe
  2⤵
  PID:8508
- C:\Windows\System\SEBLrGU.exe
  C:\Windows\System\SEBLrGU.exe
  2⤵
  PID:8544
- C:\Windows\System\UBbhbsK.exe
  C:\Windows\System\UBbhbsK.exe
  2⤵
  PID:6972
- C:\Windows\System\HcoJZbJ.exe
  C:\Windows\System\HcoJZbJ.exe
  2⤵
  PID:8612
- C:\Windows\System\xoEcKko.exe
  C:\Windows\System\xoEcKko.exe
  2⤵
  PID:8656
- C:\Windows\System\kvCIhDG.exe
  C:\Windows\System\kvCIhDG.exe
  2⤵
  PID:8816
- C:\Windows\System\MhPBPPm.exe
  C:\Windows\System\MhPBPPm.exe
  2⤵
  PID:8756
- C:\Windows\System\pLeutMj.exe
  C:\Windows\System\pLeutMj.exe
  2⤵
  PID:8716
- C:\Windows\System\ytGoTCY.exe
  C:\Windows\System\ytGoTCY.exe
  2⤵
  PID:8852
- C:\Windows\System\KveQjAC.exe
  C:\Windows\System\KveQjAC.exe
  2⤵
  PID:8336
- C:\Windows\System\cpKNiKw.exe
  C:\Windows\System\cpKNiKw.exe
  2⤵
  PID:8524
- C:\Windows\System\ZExEYMj.exe
  C:\Windows\System\ZExEYMj.exe
  2⤵
  PID:8592
- C:\Windows\System\KYzqKHc.exe
  C:\Windows\System\KYzqKHc.exe
  2⤵
  PID:8164
- C:\Windows\System\XQKeSqn.exe
  C:\Windows\System\XQKeSqn.exe
  2⤵
  PID:8228
- C:\Windows\System\AqxRRJg.exe
  C:\Windows\System\AqxRRJg.exe
  2⤵
  PID:8372
- C:\Windows\System\FJslIey.exe
  C:\Windows\System\FJslIey.exe
  2⤵
  PID:8448
- C:\Windows\System\EwSOpsn.exe
  C:\Windows\System\EwSOpsn.exe
  2⤵
  PID:8488
- C:\Windows\System\pMcSWVh.exe
  C:\Windows\System\pMcSWVh.exe
  2⤵
  PID:8952
- C:\Windows\System\ZckLLLr.exe
  C:\Windows\System\ZckLLLr.exe
  2⤵
  PID:8968
- C:\Windows\System\SVDTZJr.exe
  C:\Windows\System\SVDTZJr.exe
  2⤵
  PID:8988
- C:\Windows\System\vtExifS.exe
  C:\Windows\System\vtExifS.exe
  2⤵
  PID:9012
- C:\Windows\System\LExIFNi.exe
  C:\Windows\System\LExIFNi.exe
  2⤵
  PID:9028
- C:\Windows\System\NCHjuaS.exe
  C:\Windows\System\NCHjuaS.exe
  2⤵
  PID:9068
- C:\Windows\System\koJhYSk.exe
  C:\Windows\System\koJhYSk.exe
  2⤵
  PID:9096
- C:\Windows\System\Sudpzms.exe
  C:\Windows\System\Sudpzms.exe
  2⤵
  PID:9088
- C:\Windows\System\sodwdtT.exe
  C:\Windows\System\sodwdtT.exe
  2⤵
  PID:8244
- C:\Windows\System\DvlqNpo.exe
  C:\Windows\System\DvlqNpo.exe
  2⤵
  PID:9172
- C:\Windows\System\SGrGNCS.exe
  C:\Windows\System\SGrGNCS.exe
  2⤵
  PID:9176
- C:\Windows\System\IYGlIJE.exe
  C:\Windows\System\IYGlIJE.exe
  2⤵
  PID:8312
- C:\Windows\System\gaXbaem.exe
  C:\Windows\System\gaXbaem.exe
  2⤵
  PID:8384
- C:\Windows\System\BfqJPeB.exe
  C:\Windows\System\BfqJPeB.exe
  2⤵
  PID:8616
- C:\Windows\System\BxEcVvD.exe
  C:\Windows\System\BxEcVvD.exe
  2⤵
  PID:8292
- C:\Windows\System\TaxkOTv.exe
  C:\Windows\System\TaxkOTv.exe
  2⤵
  PID:8468
- C:\Windows\System\UZTqlRq.exe
  C:\Windows\System\UZTqlRq.exe
  2⤵
  PID:8724
- C:\Windows\System\KQDhZpo.exe
  C:\Windows\System\KQDhZpo.exe
  2⤵
  PID:8864
- C:\Windows\System\oxadJju.exe
  C:\Windows\System\oxadJju.exe
  2⤵
  PID:6324
- C:\Windows\System\jqctGyZ.exe
  C:\Windows\System\jqctGyZ.exe
  2⤵
  PID:8332
- C:\Windows\System\arNPPEM.exe
  C:\Windows\System\arNPPEM.exe
  2⤵
  PID:5752
- C:\Windows\System\ydWCJFC.exe
  C:\Windows\System\ydWCJFC.exe
  2⤵
  PID:8596
- C:\Windows\System\bMixseE.exe
  C:\Windows\System\bMixseE.exe
  2⤵
  PID:8668
- C:\Windows\System\EVFIWtK.exe
  C:\Windows\System\EVFIWtK.exe
  2⤵
  PID:8768
- C:\Windows\System\FtIbGpF.exe
  C:\Windows\System\FtIbGpF.exe
  2⤵
  PID:8840
- C:\Windows\System\MvrJaob.exe
  C:\Windows\System\MvrJaob.exe
  2⤵
  PID:8892
- C:\Windows\System\fzOyfxv.exe
  C:\Windows\System\fzOyfxv.exe
  2⤵
  PID:8916
- C:\Windows\System\FpbejiG.exe
  C:\Windows\System\FpbejiG.exe
  2⤵
  PID:8944
- C:\Windows\System\qcJlfuj.exe
  C:\Windows\System\qcJlfuj.exe
  2⤵
  PID:8976
- C:\Windows\System\NIYClLP.exe
  C:\Windows\System\NIYClLP.exe
  2⤵
  PID:9052
- C:\Windows\System\yCrdXFK.exe
  C:\Windows\System\yCrdXFK.exe
  2⤵
  PID:9076
- C:\Windows\System\ujLEnlO.exe
  C:\Windows\System\ujLEnlO.exe
  2⤵
  PID:9092
- C:\Windows\System\rjqlrJM.exe
  C:\Windows\System\rjqlrJM.exe
  2⤵
  PID:9124
- C:\Windows\System\WExpILj.exe
  C:\Windows\System\WExpILj.exe
  2⤵
  PID:6368
- C:\Windows\System\RvruLFf.exe
  C:\Windows\System\RvruLFf.exe
  2⤵
  PID:8504
- C:\Windows\System\qWTOfrw.exe
  C:\Windows\System\qWTOfrw.exe
  2⤵
  PID:8328
- C:\Windows\System\iZYjTuw.exe
  C:\Windows\System\iZYjTuw.exe
  2⤵
  PID:8484
- C:\Windows\System\HsDQZzU.exe
  C:\Windows\System\HsDQZzU.exe
  2⤵
  PID:8740
- C:\Windows\System\HfTzJJZ.exe
  C:\Windows\System\HfTzJJZ.exe
  2⤵
  PID:8940
- C:\Windows\System\WnxcQsl.exe
  C:\Windows\System\WnxcQsl.exe
  2⤵
  PID:9112
- C:\Windows\System\nToQLew.exe
  C:\Windows\System\nToQLew.exe
  2⤵
  PID:8456
- C:\Windows\System\CEKibTp.exe
  C:\Windows\System\CEKibTp.exe
  2⤵
  PID:8240
- C:\Windows\System\yvRJlQj.exe
  C:\Windows\System\yvRJlQj.exe
  2⤵
  PID:8260
- C:\Windows\System\PhyxtmN.exe
  C:\Windows\System\PhyxtmN.exe
  2⤵
  PID:7468
- C:\Windows\System\DEhjmCa.exe
  C:\Windows\System\DEhjmCa.exe
  2⤵
  PID:8908
- C:\Windows\System\puzJMTK.exe
  C:\Windows\System\puzJMTK.exe
  2⤵
  PID:8368
- C:\Windows\System\GkcYLvi.exe
  C:\Windows\System\GkcYLvi.exe
  2⤵
  PID:7876
- C:\Windows\System\ZckQmNi.exe
  C:\Windows\System\ZckQmNi.exe
  2⤵
  PID:8400
- C:\Windows\System\JwSyOjA.exe
  C:\Windows\System\JwSyOjA.exe
  2⤵
  PID:8700
- C:\Windows\System\DMTjtoZ.exe
  C:\Windows\System\DMTjtoZ.exe
  2⤵
  PID:8912
- C:\Windows\System\ZTDGEBg.exe
  C:\Windows\System\ZTDGEBg.exe
  2⤵
  PID:8896
- C:\Windows\System\xrqjdVo.exe
  C:\Windows\System\xrqjdVo.exe
  2⤵
  PID:9000
- C:\Windows\System\XjOWDJh.exe
  C:\Windows\System\XjOWDJh.exe
  2⤵
  PID:9108
- C:\Windows\System\YnsaTwA.exe
  C:\Windows\System\YnsaTwA.exe
  2⤵
  PID:8412
- C:\Windows\System\ehzGNpP.exe
  C:\Windows\System\ehzGNpP.exe
  2⤵
  PID:8800
- C:\Windows\System\OokltPQ.exe
  C:\Windows\System\OokltPQ.exe
  2⤵
  PID:9160
- C:\Windows\System\gmgFcDl.exe
  C:\Windows\System\gmgFcDl.exe
  2⤵
  PID:9008
- C:\Windows\System\kWUcmac.exe
  C:\Windows\System\kWUcmac.exe
  2⤵
  PID:8084
- C:\Windows\System\kJRVyiR.exe
  C:\Windows\System\kJRVyiR.exe
  2⤵
  PID:8636
- C:\Windows\System\qOxbUGN.exe
  C:\Windows\System\qOxbUGN.exe
  2⤵
  PID:8956
- C:\Windows\System\WdHKGLj.exe
  C:\Windows\System\WdHKGLj.exe
  2⤵
  PID:8120
- C:\Windows\System\qyWhjya.exe
  C:\Windows\System\qyWhjya.exe
  2⤵
  PID:9236
- C:\Windows\System\BreGikN.exe
  C:\Windows\System\BreGikN.exe
  2⤵
  PID:9252
- C:\Windows\System\MytPCaF.exe
  C:\Windows\System\MytPCaF.exe
  2⤵
  PID:9268
- C:\Windows\System\tHLZcSm.exe
  C:\Windows\System\tHLZcSm.exe
  2⤵
  PID:9288
- C:\Windows\System\YrwLdvD.exe
  C:\Windows\System\YrwLdvD.exe
  2⤵
  PID:9304
- C:\Windows\System\PEHxNPm.exe
  C:\Windows\System\PEHxNPm.exe
  2⤵
  PID:9320
- C:\Windows\System\McaRpJB.exe
  C:\Windows\System\McaRpJB.exe
  2⤵
  PID:9340
- C:\Windows\System\OMqAowN.exe
  C:\Windows\System\OMqAowN.exe
  2⤵
  PID:9356
- C:\Windows\System\YVreFZN.exe
  C:\Windows\System\YVreFZN.exe
  2⤵
  PID:9376
- C:\Windows\System\byNKMIP.exe
  C:\Windows\System\byNKMIP.exe
  2⤵
  PID:9392
- C:\Windows\System\NIvSPeL.exe
  C:\Windows\System\NIvSPeL.exe
  2⤵
  PID:9412
- C:\Windows\System\srzmFYg.exe
  C:\Windows\System\srzmFYg.exe
  2⤵
  PID:9432
- C:\Windows\System\YoBNvce.exe
  C:\Windows\System\YoBNvce.exe
  2⤵
  PID:9452
- C:\Windows\System\fajOYrq.exe
  C:\Windows\System\fajOYrq.exe
  2⤵
  PID:9472
- C:\Windows\System\ObIUDNd.exe
  C:\Windows\System\ObIUDNd.exe
  2⤵
  PID:9488
- C:\Windows\System\HdPiFRI.exe
  C:\Windows\System\HdPiFRI.exe
  2⤵
  PID:9508
- C:\Windows\System\urIZevi.exe
  C:\Windows\System\urIZevi.exe
  2⤵
  PID:9528
- C:\Windows\System\SypeGpM.exe
  C:\Windows\System\SypeGpM.exe
  2⤵
  PID:9548
- C:\Windows\System\rcSbyeu.exe
  C:\Windows\System\rcSbyeu.exe
  2⤵
  PID:9564
- C:\Windows\System\hlLQcMZ.exe
  C:\Windows\System\hlLQcMZ.exe
  2⤵
  PID:9580
- C:\Windows\System\pNMcpIo.exe
  C:\Windows\System\pNMcpIo.exe
  2⤵
  PID:9600
- C:\Windows\System\aZJagfC.exe
  C:\Windows\System\aZJagfC.exe
  2⤵
  PID:9616
- C:\Windows\System\LAfhjzc.exe
  C:\Windows\System\LAfhjzc.exe
  2⤵
  PID:9636
- C:\Windows\System\zWDLDyh.exe
  C:\Windows\System\zWDLDyh.exe
  2⤵
  PID:9652
- C:\Windows\System\PniFJGz.exe
  C:\Windows\System\PniFJGz.exe
  2⤵
  PID:9672
- C:\Windows\System\wEMNyiy.exe
  C:\Windows\System\wEMNyiy.exe
  2⤵
  PID:9692
- C:\Windows\System\flPNwzr.exe
  C:\Windows\System\flPNwzr.exe
  2⤵
  PID:9708
- C:\Windows\System\YisYJQa.exe
  C:\Windows\System\YisYJQa.exe
  2⤵
  PID:9728
- C:\Windows\System\vJznJJY.exe
  C:\Windows\System\vJznJJY.exe
  2⤵
  PID:9744
- C:\Windows\System\sfFQwTc.exe
  C:\Windows\System\sfFQwTc.exe
  2⤵
  PID:9760
- C:\Windows\System\kbgBBiD.exe
  C:\Windows\System\kbgBBiD.exe
  2⤵
  PID:9780
- C:\Windows\System\xOyRACk.exe
  C:\Windows\System\xOyRACk.exe
  2⤵
  PID:9800
- C:\Windows\System\flxBkaK.exe
  C:\Windows\System\flxBkaK.exe
  2⤵
  PID:9872
- C:\Windows\System\MUZFRIu.exe
  C:\Windows\System\MUZFRIu.exe
  2⤵
  PID:9888
- C:\Windows\System\EIYPnAk.exe
  C:\Windows\System\EIYPnAk.exe
  2⤵
  PID:9904
- C:\Windows\System\BGIHYkR.exe
  C:\Windows\System\BGIHYkR.exe
  2⤵
  PID:9924
- C:\Windows\System\nNxFImF.exe
  C:\Windows\System\nNxFImF.exe
  2⤵
  PID:9940
- C:\Windows\System\ejbUXUf.exe
  C:\Windows\System\ejbUXUf.exe
  2⤵
  PID:9956
- C:\Windows\System\YcCHDBV.exe
  C:\Windows\System\YcCHDBV.exe
  2⤵
  PID:9972
- C:\Windows\System\CFQZtVu.exe
  C:\Windows\System\CFQZtVu.exe
  2⤵
  PID:9988
- C:\Windows\System\weoBGCR.exe
  C:\Windows\System\weoBGCR.exe
  2⤵
  PID:10012
- C:\Windows\System\CMNteGG.exe
  C:\Windows\System\CMNteGG.exe
  2⤵
  PID:10032
- C:\Windows\System\siQiECq.exe
  C:\Windows\System\siQiECq.exe
  2⤵
  PID:10056
- C:\Windows\System\fwPfBZz.exe
  C:\Windows\System\fwPfBZz.exe
  2⤵
  PID:10072
- C:\Windows\System\xlFcNQT.exe
  C:\Windows\System\xlFcNQT.exe
  2⤵
  PID:10088
- C:\Windows\System\sOYXmNn.exe
  C:\Windows\System\sOYXmNn.exe
  2⤵
  PID:10104
- C:\Windows\System\YIsbEXh.exe
  C:\Windows\System\YIsbEXh.exe
  2⤵
  PID:10124
- C:\Windows\System\uYJNeYN.exe
  C:\Windows\System\uYJNeYN.exe
  2⤵
  PID:10140
- C:\Windows\System\iDtGcOp.exe
  C:\Windows\System\iDtGcOp.exe
  2⤵
  PID:10208
- C:\Windows\System\JaUBfOL.exe
  C:\Windows\System\JaUBfOL.exe
  2⤵
  PID:10224
- C:\Windows\System\iqYAUMs.exe
  C:\Windows\System\iqYAUMs.exe
  2⤵
  PID:9020
- C:\Windows\System\pUdSLHn.exe
  C:\Windows\System\pUdSLHn.exe
  2⤵
  PID:9264
- C:\Windows\System\yUNXyqj.exe
  C:\Windows\System\yUNXyqj.exe
  2⤵
  PID:9332
- C:\Windows\System\nEyonbR.exe
  C:\Windows\System\nEyonbR.exe
  2⤵
  PID:9404
- C:\Windows\System\yLrDXhJ.exe
  C:\Windows\System\yLrDXhJ.exe
  2⤵
  PID:9484
- C:\Windows\System\FSJYJbV.exe
  C:\Windows\System\FSJYJbV.exe
  2⤵
  PID:9556
- C:\Windows\System\rkyPVSn.exe
  C:\Windows\System\rkyPVSn.exe
  2⤵
  PID:9632
- C:\Windows\System\wgqfoRs.exe
  C:\Windows\System\wgqfoRs.exe
  2⤵
  PID:9624
- C:\Windows\System\agexgfe.exe
  C:\Windows\System\agexgfe.exe
  2⤵
  PID:8576
- C:\Windows\System\QCBwwQQ.exe
  C:\Windows\System\QCBwwQQ.exe
  2⤵
  PID:9740
- C:\Windows\System\SUXcItd.exe
  C:\Windows\System\SUXcItd.exe
  2⤵
  PID:9808
- C:\Windows\System\GZdpWwe.exe
  C:\Windows\System\GZdpWwe.exe
  2⤵
  PID:9384
- C:\Windows\System\vlthGXT.exe
  C:\Windows\System\vlthGXT.exe
  2⤵
  PID:9312
- C:\Windows\System\oRTuXNu.exe
  C:\Windows\System\oRTuXNu.exe
  2⤵
  PID:9424
- C:\Windows\System\bNvkWfL.exe
  C:\Windows\System\bNvkWfL.exe
  2⤵
  PID:9468
- C:\Windows\System\iZnWsJt.exe
  C:\Windows\System\iZnWsJt.exe
  2⤵
  PID:9576
- C:\Windows\System\LWAgdhe.exe
  C:\Windows\System\LWAgdhe.exe
  2⤵
  PID:9680
- C:\Windows\System\GKtuACj.exe
  C:\Windows\System\GKtuACj.exe
  2⤵
  PID:9752
- C:\Windows\System\NLCEShI.exe
  C:\Windows\System\NLCEShI.exe
  2⤵
  PID:9824
- C:\Windows\System\rdbviBP.exe
  C:\Windows\System\rdbviBP.exe
  2⤵
  PID:9840
- C:\Windows\System\usjknuk.exe
  C:\Windows\System\usjknuk.exe
  2⤵
  PID:9868
- C:\Windows\System\ILcsVEx.exe
  C:\Windows\System\ILcsVEx.exe
  2⤵
  PID:9932
- C:\Windows\System\fKTBxzF.exe
  C:\Windows\System\fKTBxzF.exe
  2⤵
  PID:9864
- C:\Windows\System\GpXtjMh.exe
  C:\Windows\System\GpXtjMh.exe
  2⤵
  PID:10040
- C:\Windows\System\zhTgTXN.exe
  C:\Windows\System\zhTgTXN.exe
  2⤵
  PID:10052
- C:\Windows\System\wTQypTR.exe
  C:\Windows\System\wTQypTR.exe
  2⤵
  PID:10120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ANXRozz.exe

Filesize
3.4MB

MD5
214123c2e4fff0d3cdacf9244021bd6d

SHA1
be8cedbca4cc6537e4842a41376a746e6ac5be0a

SHA256
21c73c46bb93e90deab84c6e631a93e857c9b92eb7bef99fcd0f62df364efc66

SHA512
a54303a7e946c05b880635fda158bd8b399726dfb57b1f7dd8305bdc7b36d9ed801da66e908189863ca8e0b972d5309c1291d57744b2cd35b83415875cf1b41b

Download Submit
C:\Windows\system\GMXfkCb.exe

Filesize
3.4MB

MD5
8b6f7b8495f7cb44580ac189dbee414b

SHA1
513dae64de5246d13d3c046b4da2538512bb644d

SHA256
f1b7899f0bf63e3dd291976582a2eeb381cd86988ec4dd5b1ae2b49f89540705

SHA512
106fd2cd5c5f83201e4d02e2a9cd05f3e14d68e46b953cd0377ff1a1aab61d34018c52bddc326653c1fb9db962b963c733bd49b874554349df29e0104bddcf0f

Download Submit
C:\Windows\system\IgixSgL.exe

Filesize
3.4MB

MD5
7df1865b14b52d594b6340feeb5c148d

SHA1
3acaf2162626a2b435f4b91236035511c5d71b62

SHA256
2c7dc12f0a605ebc333a1d3790f2f5a7d3d43a2ec54e02f2b2b2c1e7cf1512f6

SHA512
f42aaf98a65080aab8b6f5852c9986f519c51293cb11bf92d9ce9c5f6aff71b9ea7e080c57235f5236f03a63a725f3160020a2ad2bf43e5c3d39af24fb48a59c

Download Submit
C:\Windows\system\KEYKurD.exe

Filesize
3.4MB

MD5
601f5ef48df5628993758bb65b21c1e4

SHA1
af0da7e08fe982ae8c2e8d94b0a59442ac600333

SHA256
0aeaf3a70ddeb62a136e5b5cef8f22ea22b2105b24154722ea3cadccf08da62f

SHA512
d2eeaec6adac7781f7b9670a632d73bbee2c7d0f021005cfb6963e473f287e19d0b5270e3930fb836e61977221348e650050a401d65346cfb673c456e1738a70

Download Submit
C:\Windows\system\KjOKcmi.exe

Filesize
3.4MB

MD5
378967713f35b59a656aa4eb389b7b91

SHA1
477a19faf0a0dfdab01068749800f88719430e0b

SHA256
bf711b46f579befa16fc3c718a939b888934234bc6a0d599ca4993000459e764

SHA512
b1bed6de6bf7bc590f265cf634694c4f4624d1459e67df8276d7ef18159c7870b93d982bb643a9ed828614ca989d3d886d1a9f0173c2d755b06ac0c942b3d3f4

Download Submit
C:\Windows\system\LlzXTHE.exe

Filesize
3.4MB

MD5
7e4212df0051ab5654e665d3144e3c1a

SHA1
0c442a2dc465748206d40f9e46d8a0455140c8c7

SHA256
9a994d8df30ae740b05f5b959c71d501d1168642bfc2c9cb5db0f045868ef1f0

SHA512
a27864502d269f24bd064fe82f3933361f861ab266df288bce31802bda2e5d4fe2f1240a23db5403cd9d8ab044b6ac7bea1afecfce640bb9e212c54cc0edfda2

Download Submit
C:\Windows\system\NGWicwA.exe

Filesize
3.4MB

MD5
a4adbbe84724ddfa607b331c5251725d

SHA1
b3296444b5fd961f2a186e12dab4ea8f343963ff

SHA256
15b7274790a6f38e8318d24130ad20c8819f20ca1538861036c73646345aa9cd

SHA512
61b040d44b94ac71d883959a71c5d51ad4596390a91d072dbc625bf1a147758ff803c1604cac9a77b8161009b2647931adff421fe21ab33a8d2684b43619c78a

Download Submit
C:\Windows\system\OerOVzs.exe

Filesize
3.4MB

MD5
75d5db56f308f56a0343c07055f855fc

SHA1
dec0c867d7e329057364ae78c52ef06dd7a511e2

SHA256
6f244c2f306669985ef73071d02ee69de3a5cbd491d951e957b0735e8fd3af94

SHA512
954157c1e5169fb82208d1787c770a3c0c8d6479087569ae3bedd88c0d64e7410d53ec9d94a600dec20e8bbb18e201a7fb25bb1185490fb1cfc62903b9ef2dbe

Download Submit
C:\Windows\system\QORrKox.exe

Filesize
3.4MB

MD5
aa1ad5da924e937c6fe6ed5b864d3257

SHA1
63cf03aacf89d298b4c541264e43ed4bd27bb9bd

SHA256
78550b4a8b4743aab8e7d4ee88a27438b95cf7dc96196d47ca6cf2d88c9eb3a4

SHA512
15278d8b4cff7da3e13f9536abc53f69ff7fb100d1114c93cda5e2a0ebecfe74cd5e4d15e7376b92fb44399d7950a9a9be953380e66975df69b7b5a582379b9c

Download Submit
C:\Windows\system\TYJAMhP.exe

Filesize
3.4MB

MD5
aed073945c48b5633de486e069ac1b38

SHA1
a690768a6aa7b9bd4ef5db178a2d8313d59fe67d

SHA256
b3be1c3d7b55ecf7eaa0e83b8c61cb3cb345a87aecf509818202c8554a60cccd

SHA512
a14fc1e297057462238b988163526a68fa085d25b9cd57d35d50db1cdf9cd50be2aba830d40e89ee4f79a450d12b859cd0c3865b5d75b816335f3299a81ea9e7

Download Submit
C:\Windows\system\ULCKvuI.exe

Filesize
3.3MB

MD5
ec57f68aa2c02832a8f11314371a110c

SHA1
79d9ab5770f0bc7064c711561a97d638f04ab4cc

SHA256
eba8707fa1b814d0727e1e6df3ac24c458dbea89963d629affa9192f372e3c9f

SHA512
a628771f9db965e42c3e5f31741fb00b0bab3bb5bcff39cd9320db914504a172bf9586a9aeba01c89dadd7841ce5aff28ee7ff7fca5ba256861a588912f0a047

Download Submit
C:\Windows\system\VknENSE.exe

Filesize
3.4MB

MD5
e4fd00a35625b78e7f96bddce360c45b

SHA1
a019cd65a02f93d837903e13f6f70998a2e2b9ab

SHA256
64b31b71899c2118f362e2e801607ca839a58ad4ef6000b917db470aba7637a3

SHA512
9f8e3d9df90926ce4362887336a59f814658b976564b4d688a5c6588f8395ca8fa131e233a7b4bed96cdc7636e037749822e7f48de40ddca155f19e2a496d9e4

Download Submit
C:\Windows\system\XIeycAo.exe

Filesize
3.4MB

MD5
f121c12bc93fd529259ad7240cdfdc7c

SHA1
dac9c0ad38417dfc934248d94adfbe3de48fa677

SHA256
9dd856c5920bd15dcc77dd00252afea73c117dc7e0b12543727d1326b72f04c8

SHA512
8c4637961fa6823005238fdd06c819c7316ee31b269c9b103c08cc03b46b659203d98847ed33ff24716545961a54345860ae9aa48f7655c7ecea9b24d090236c

Download Submit
C:\Windows\system\YJCxWgM.exe

Filesize
3.4MB

MD5
5954dd3d2530437ee8ac75860e128b9e

SHA1
9e13c22fa89665b82f2965ae480c36f8959caa2d

SHA256
bf6d0e67f6547e6ef9695330bba4ff5be5317d231a9eabdfb79e8f54795d93e6

SHA512
e322d1e7356d88cf2fec5186cc05be377bd46803465de5ce5ca45fc7d736d3f5459c2227affdcf7dd076dc80608e63e3275714020991d6cc10ec70dc8bb577d6

Download Submit
C:\Windows\system\awXhTgr.exe

Filesize
3.4MB

MD5
b7b77e29019d494c942bcac6d008825c

SHA1
b19e33347cfdca8401ce581e6ca8986087670140

SHA256
ffdc66622caa64e907a8ac0397c97394510d00a7eac1a2ebef4441837029aa8b

SHA512
d488a03347d3bff55ef29da9ad58b7c0f05d1c05f67c60b4c3b00edce3ace632a99356a5e1809ba54e8f2702e4f6adad0a4941e55b8a30fa4ed4713881b0ac4a

Download Submit
C:\Windows\system\cgXIRiE.exe

Filesize
3.4MB

MD5
16c96d7746a9f92cc128982615f84502

SHA1
f9cc343243466fbc187cd23dd59fc85314d0d467

SHA256
fa181a3a582fb988d8f198c30682fd0685f89f0d4f6a79a7be5f44f40e81e82a

SHA512
0f7f81f927fe106b8cd4310619d201f6edc9dcb539a829e06f93936addc917fd4cbf7ea828f46e0820d8953cf8ac405c7bd6dda7df4943e5555f6099a7ebec7b

Download Submit
C:\Windows\system\dTDxQev.exe

Filesize
3.4MB

MD5
11a4ad500c772e1a3030b8697449ef12

SHA1
e11541e7070e342a33c250740280d52b322efbfc

SHA256
d2bb8c3ea68f59b5c4a37a8b89a6ebc6ac6cd15f63bba505a849e7c716e676d4

SHA512
cdd3926a80078e15c09ed5736ba8f7813f0db2936fce844b508f4e1b2b58fbc8c630933edfc1a6da1389b217fa71a077096848d99179b3ab6a0030dbd306a7fc

Download Submit
C:\Windows\system\eOBJFBy.exe

Filesize
3.4MB

MD5
5cb8c4909ba85de673d1258ae8b91362

SHA1
9acf2f57a96ae599c75d7f5103929444236c8fb7

SHA256
871db73783feaf06a2cdb10afea914fe21d1cfeee6d0ef814a59a8d2a31f5f15

SHA512
9e41bcdfb08146c906ca60e8c2cfdf69d3dc80854d7aa4cc6a15abcf4646dae8b70910f29621e54f7267af6ae9b159d480cfd167326d5435c1608e230e9745dc

Download Submit
C:\Windows\system\kGUusvH.exe

Filesize
3.4MB

MD5
253d18097e4ba269e663df62e42c10aa

SHA1
6ae46b7173fadf18219d6848d1a9b0cc3af4cac8

SHA256
a800fcc8f74cf1d062f227847404c59a95c8fb761c16951975a242b27571ea17

SHA512
0443a198fb7f899cd5de5ab8a5dd952cd75ee855cc232ef198bb2029fd9964fdd4a40ec589bebf90e48af0cd64d3cc9befd04658325cb9cbf40cca68ce239db3

Download Submit
C:\Windows\system\lwSkLdP.exe

Filesize
3.4MB

MD5
9a4c454417afa20fa9123b76a1d8d973

SHA1
cc361ba07272f54dae090cb91ee4cb69d003eaa5

SHA256
4303928af65db713da8b02f063690d3d5aeef0746a12a0889190404f150694e1

SHA512
095cc4e79acc1182943da2dfe50affe1c1da1ddb4211c1f0ccfc162811c173ea8b414610d57d42db71dc14b0a5a025eb1b145c8b75a1a2a7b67cc605e0bcc267

Download Submit
C:\Windows\system\miSKzjl.exe

Filesize
3.4MB

MD5
1cf462a9b2144bb1b4f1b37949e8c953

SHA1
33adb4ff705010577304c8d0f46fa48a2da62f6d

SHA256
26fcbb4447d2dd28026e16cf802e22f89db3eb23fe06f74e2e3f65adf4053a40

SHA512
fcde2c737551b397730093da5b26253560aab315304b8a3e20241372751c96760f64d884a7c002e6ba9bd9606e0417d24dc6c331a06008290f550b3bdbf60ea6

Download Submit
C:\Windows\system\sdlmdjs.exe

Filesize
8B

MD5
9962fa9c120fa4be5b0a3f7a74dbcadf

SHA1
b6f88aa1c093b2340de068ac2ff30cce108e3fc6

SHA256
945d12760562a76bb5610a082b9c7801a49c6c9de534141d0c528ee6828f8992

SHA512
b2eeefcd3c65dccb02eb4079fd8fe88b36ae6927cd8ddb4de7afd16b396b895522c8feb1cc1373ad7adcb7732e1d37129de60c1aaea95865a3c1e13ac02b6cac

Download Submit
C:\Windows\system\sifwYzP.exe

Filesize
3.3MB

MD5
a76baf392e39c7e2926c3f39b193a869

SHA1
ba3c33904206b4a1052fdae79f37b90cfa14c5c8

SHA256
492633bd5da108dd92efa90843ed5eb12163324269d4fb14b3d976f9b5718837

SHA512
b53af54cc0ba9d3d2db5c5dbdf98499cf0485f1d5c5f00d4050c2d9fd02999527eeb30ba55ca30ee40b828f54a668d0f0368fb3f2a662cde44ebb5fd5ed98610

Download Submit
C:\Windows\system\tomcxDR.exe

Filesize
3.4MB

MD5
5d5d4d1482f8a500ac078d0543575a86

SHA1
8a7b3372cfe07999a9f17d7efb15c0133584e6d7

SHA256
58fc37946dac3116790652eb08321b11f9fd9a790a110a69f657747282dc6f4e

SHA512
4ef726eb658efdc483f624ddd12d3086321e04878e20131b5faeab4f64b6192f6566e2a2ce8342d03bb933103a839ab9c75968ba0befcd9e975d30654797aaf1

Download Submit
C:\Windows\system\uOEypPD.exe

Filesize
3.4MB

MD5
7040865f95a6456d20be3bd06a5811ad

SHA1
bd78eec52b8324ec2d3b26e0f04fd3bf4698760f

SHA256
9997afcb51af243d94027c04c446f6d16afb8a3359ea0d5628fe62af42154836

SHA512
3ed36276648337edb306cd48e0a40dfdd45c33f4cc315db4b98c8e8f2661d08f88a835e1c1da92434be75ac2ae70073696f3698b4fad15a4b283bb82ba28e022

Download Submit
C:\Windows\system\zDOAnUc.exe

Filesize
3.3MB

MD5
96704524ec39b1d1fad453f90cc7b62a

SHA1
5577fa87b61e461d3ddda1a41b599f2b40277656

SHA256
c668f79ba115812768a095b1d0200c37a747f359b39753c4308e3bac864eb728

SHA512
d94ca767510e8b56fb7139a12ccd6bab0d8b29b671bcf2767f65fae10c332bc45efad713ba53b6e4b6e3f1c994f2f90797e6d5f3cb14fa48585f581a4b1b3e5e

Download Submit
C:\Windows\system\zSwBstk.exe

Filesize
3.4MB

MD5
077572ae61782ba1beca901f06423417

SHA1
ff709e5a8057b515219ced1fe811582f4aba1924

SHA256
3916e63785ba3bf69d2c83402214387b5327f70eee5a245b74e2b28e5181758a

SHA512
bc4c885836b35c5811ee5ffb6f101e98fc1d612d374303da61fb002087a2dc820e4175a73ba0a38d3bb3d3697772d1823f42601d13686ad39dc498d21ac1500b

Download Submit
C:\Windows\system\zTCbsVe.exe

Filesize
3.4MB

MD5
86e0477fc7519ac2ac7ba86881cac256

SHA1
35f3054c592f6ce7bd84c3e990d7e7828f66e3dd

SHA256
46c520152cfe541e395fc60103670a6a62aa51a607fc241be5431b23d62babf9

SHA512
c1247b8e4f99cea478fa10468f6c7a11f5a4297199e331765b8438e6354c778d2a8b84fa66312138019cb2a2ad361e8b8ce6ebd1305d044e2f36a64b1f6f46f7

Download Submit
C:\Windows\system\zaYUnUx.exe

Filesize
3.4MB

MD5
05e4cf4d8f0e2770589647fd07d32b7d

SHA1
e49d0d043118aaad2398d73128cace8c272d3d8d

SHA256
5a45961631e515060d65d7e7d93ac72771a4315a16b084cfee773c26e9aac3f3

SHA512
52ba6cabd694aef12710d4c5a20c71f88236f36caf3647bb3d3cef697c8f134d6e9b89bc7d36f9a0399c6217132f26618e8ac05b1fe0059d577ff2a677966d0d

Download Submit
\Windows\system\MqvcoOi.exe

Filesize
3.4MB

MD5
91cbadd58417dadacac6d63f43b87f13

SHA1
643452477dee463311b6f2d3b986c7c5bc8245c6

SHA256
9832a52ba69eef2da20c8367a003b35eb8b736c40b608dd2590a7a6c20a75dce

SHA512
af29ff888614fe228ff3493e5dd5123311262d07e2833ef860c878b821fb9f3ac09ebbb5cd4d30f85cb9049c7e1cbc6e4ce3e845615b7c266c1121217ca2b3bb

Download Submit
\Windows\system\VNmmgTL.exe

Filesize
3.3MB

MD5
222c399757a04093c9ec53e939612307

SHA1
7b1ae8bf752789df73d0edda1dd5fc641218c908

SHA256
7587a6580edfd238f4783b69001bab7790a374ea075ca456ef5cc4a91314fc0f

SHA512
6793e9213a64af6ca6d10e4393aaa680273aab72f246d816af54fb04bd3983614e9ecfc12b982c724c817a54dcd3a5f297ca3a321628c3bdc84df88ebebce334

Download Submit
\Windows\system\nIHJBNy.exe

Filesize
3.4MB

MD5
1140360a78fce5cbcb10ac93f6a268c4

SHA1
60976e1541eb68adf48743458972854b517f4c34

SHA256
e17ef4c23a162fb450a52ae8d6d1f683da01bf8345158de3f9e14173a1a36446

SHA512
81634ebeb8c3ac047d4038adbb848deff82de40a7503ac7369ea4528b123bd37c434109f505c14f5500c2910ab56e895943f82833a5d6334a01283d91c750ca2

Download Submit
\Windows\system\sILxeog.exe

Filesize
3.3MB

MD5
6cf98a7032f388314004aa0579bd4261

SHA1
ca77190bb7e74a2749bbefcfec29f2f3308058fb

SHA256
9eb9687c41d44c8c49047e3591df5938e75e9e645d01d70cf4060757b3248375

SHA512
c4b847f21d5eef717fb9a891ec95759d0030f1d73a1f8a7cad3a6d905deafab2bd18d027136643099cb52fd2627ba620e46e35062479cb2da50b25ad690af766

Download Submit
memory/1280-277-0x000000001B710000-0x000000001B9F2000-memory.dmp

Filesize
2.9MB

Download
memory/1280-278-0x00000000027E0000-0x00000000027E8000-memory.dmp

Filesize
32KB

Download
memory/2004-244-0x000000013F1A0000-0x000000013F596000-memory.dmp

Filesize
4.0MB

Download
memory/2308-232-0x000000013FBF0000-0x000000013FFE6000-memory.dmp

Filesize
4.0MB

Download
memory/2308-4562-0x000000013FBF0000-0x000000013FFE6000-memory.dmp

Filesize
4.0MB

Download
memory/2452-400-0x000000013FC10000-0x0000000140006000-memory.dmp

Filesize
4.0MB

Download
memory/2452-6277-0x000000013FC10000-0x0000000140006000-memory.dmp

Filesize
4.0MB

Download
memory/2548-280-0x000000013FAF0000-0x000000013FEE6000-memory.dmp

Filesize
4.0MB

Download
memory/2560-6291-0x000000013FE30000-0x0000000140226000-memory.dmp

Filesize
4.0MB

Download
memory/2560-410-0x000000013FE30000-0x0000000140226000-memory.dmp

Filesize
4.0MB

Download
memory/2576-285-0x000000013F040000-0x000000013F436000-memory.dmp

Filesize
4.0MB

Download
memory/2576-6278-0x000000013F040000-0x000000013F436000-memory.dmp

Filesize
4.0MB

Download
memory/2584-279-0x000000013FE80000-0x0000000140276000-memory.dmp

Filesize
4.0MB

Download
memory/2584-4559-0x000000013FE80000-0x0000000140276000-memory.dmp

Filesize
4.0MB

Download
memory/2588-272-0x000000013FA10000-0x000000013FE06000-memory.dmp

Filesize
4.0MB

Download
memory/2664-282-0x000000013F900000-0x000000013FCF6000-memory.dmp

Filesize
4.0MB

Download
memory/2672-6276-0x000000013F0A0000-0x000000013F496000-memory.dmp

Filesize
4.0MB

Download
memory/2672-301-0x000000013F0A0000-0x000000013F496000-memory.dmp

Filesize
4.0MB

Download
memory/2776-283-0x000000013F590000-0x000000013F986000-memory.dmp

Filesize
4.0MB

Download
memory/2776-6328-0x000000013F590000-0x000000013F986000-memory.dmp

Filesize
4.0MB

Download
memory/3024-5-0x000000013F7F0000-0x000000013FBE6000-memory.dmp

Filesize
4.0MB

Download
memory/3024-276-0x000000013FE80000-0x0000000140276000-memory.dmp

Filesize
4.0MB

Download
memory/3024-4179-0x000000013FBF0000-0x000000013FFE6000-memory.dmp

Filesize
4.0MB

Download
memory/3024-188-0x00000000032C0000-0x00000000036B6000-memory.dmp

Filesize
4.0MB

Download
memory/3024-187-0x00000000032C0000-0x00000000036B6000-memory.dmp

Filesize
4.0MB

Download
memory/3024-415-0x000000013F1A0000-0x000000013F596000-memory.dmp

Filesize
4.0MB

Download
memory/3024-411-0x000000013FBF0000-0x000000013FFE6000-memory.dmp

Filesize
4.0MB

Download
memory/3024-401-0x000000013FE30000-0x0000000140226000-memory.dmp

Filesize
4.0MB

Download
memory/3024-284-0x000000013F040000-0x000000013F436000-memory.dmp

Filesize
4.0MB

Download
memory/3024-4185-0x000000013F1A0000-0x000000013F596000-memory.dmp

Filesize
4.0MB

Download
memory/3024-20-0x000000013FFA0000-0x0000000140396000-memory.dmp

Filesize
4.0MB

Download
memory/3024-256-0x00000000032C0000-0x00000000036B6000-memory.dmp

Filesize
4.0MB

Download
memory/3024-0-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/3024-3627-0x000000013F7F0000-0x000000013FBE6000-memory.dmp

Filesize
4.0MB

Download
memory/3024-3817-0x000000013FC10000-0x0000000140006000-memory.dmp

Filesize
4.0MB

Download
memory/3024-3827-0x000000013FE30000-0x0000000140226000-memory.dmp

Filesize
4.0MB

Download
memory/3024-281-0x00000000032C0000-0x00000000036B6000-memory.dmp

Filesize
4.0MB

Download
memory/3024-294-0x000000013F0A0000-0x000000013F496000-memory.dmp

Filesize
4.0MB

Download
memory/3024-334-0x000000013FC10000-0x0000000140006000-memory.dmp

Filesize
4.0MB

Download
memory/3068-275-0x000000013FFA0000-0x0000000140396000-memory.dmp

Filesize
4.0MB

Download