xmrig | 2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42

Analysis

max time kernel
150s
max time network
145s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 20:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
Size

1.9MB
MD5

141f24f61df57578ee91b53b44737a93
SHA1

3be2316b1f3765ff92c164e109635d825c02a40b
SHA256

2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42
SHA512

421c4be917909ad696d53e9a7d833a4aa78a7d71c3d8d2db88788e88475c92afa56f7d9bb7c57030b07afcb2e80b311ecb607aae5b4960c7f22abffe025a8e32
SSDEEP

49152:T1G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrSax91MkibTIDiH3gPeMr:T1ONtyBeSFkXV1etEKLlWUTOfeiRA2R4

Score

10^/10

xmrig execution miner

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 63 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1656-0-0x000000013FC20000-0x000000014000D000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
\Windows\system\gwHeFyd.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2496-7-0x000000013FAC0000-0x000000013FEAD000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2640-22-0x000000013FEF0000-0x00000001402DD000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2504-24-0x000000013F6F0000-0x000000013FADD000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\system\pCvTrcd.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\system\IjflaXW.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2592-33-0x000000013FD30000-0x000000014011D000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\system\fRpypOQ.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2488-41-0x000000013FA10000-0x000000013FDFD000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\system\baCvdlB.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\system\KiGNKgN.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
\Windows\system\AphALtL.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\system\CsMPRtB.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
\Windows\system\dziBdLn.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
\Windows\system\nUTfpYu.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\system\BxvhGxl.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\system\CLsryvw.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
\Windows\system\NdaSvCj.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1888-177-0x000000013F8B0000-0x000000013FC9D000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
\Windows\system\CLkbdgW.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2940-204-0x000000013FC00000-0x000000013FFED000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2268-200-0x000000013F4F0000-0x000000013F8DD000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\system\UjdKDEX.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
\Windows\system\ISURTWV.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/3008-188-0x000000013F060000-0x000000013F44D000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\system\zxDjmbt.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1072-173-0x000000013FEB0000-0x000000014029D000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2812-168-0x000000013FF70000-0x000000014035D000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\system\BWWJJzY.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2264-127-0x000000013F340000-0x000000013F72D000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\system\wUSejPh.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/812-160-0x000000013F380000-0x000000013F76D000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\system\YgjdUHr.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2448-152-0x000000013F7B0000-0x000000013FB9D000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\system\VmKvmwj.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1132-143-0x000000013F630000-0x000000013FA1D000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1152-132-0x000000013F070000-0x000000013F45D000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\system\urMxFoY.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1556-120-0x000000013FE50000-0x000000014023D000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\system\AgcqWBk.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1720-114-0x000000013FC90000-0x000000014007D000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\system\otbmIFj.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\system\tRiutQA.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1036-103-0x000000013FB80000-0x000000013FF6D000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\system\rhiGuBf.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1604-95-0x000000013F120000-0x000000013F50D000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2128-91-0x000000013FA70000-0x000000013FE5D000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\system\ZkNNyXt.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2588-82-0x000000013FE20000-0x000000014020D000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\system\jlGjeWy.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1356-76-0x000000013F700000-0x000000013FAED000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\system\pbqundW.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1324-70-0x000000013FC30000-0x000000014001D000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2324-64-0x000000013F5E0000-0x000000013F9CD000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\system\OlUDYlo.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2888-58-0x000000013F2B0000-0x000000013F69D000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2472-53-0x000000013F1F0000-0x000000013F5DD000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2348-47-0x000000013FB40000-0x000000013FF2D000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\system\RYxiawx.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2468-35-0x000000013FD60000-0x000000014014D000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\system\GMtxShe.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
C:\Windows\system\idzbbdM.exe	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

XMRig Miner payload 63 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/1656-0-0x000000013FC20000-0x000000014000D000-memory.dmp	xmrig
\Windows\system\gwHeFyd.exe	xmrig
behavioral1/memory/2496-7-0x000000013FAC0000-0x000000013FEAD000-memory.dmp	xmrig
behavioral1/memory/2640-22-0x000000013FEF0000-0x00000001402DD000-memory.dmp	xmrig
behavioral1/memory/2504-24-0x000000013F6F0000-0x000000013FADD000-memory.dmp	xmrig
C:\Windows\system\pCvTrcd.exe	xmrig
C:\Windows\system\IjflaXW.exe	xmrig
behavioral1/memory/2592-33-0x000000013FD30000-0x000000014011D000-memory.dmp	xmrig
C:\Windows\system\fRpypOQ.exe	xmrig
behavioral1/memory/2488-41-0x000000013FA10000-0x000000013FDFD000-memory.dmp	xmrig
C:\Windows\system\baCvdlB.exe	xmrig
C:\Windows\system\KiGNKgN.exe	xmrig
\Windows\system\AphALtL.exe	xmrig
C:\Windows\system\CsMPRtB.exe	xmrig
\Windows\system\dziBdLn.exe	xmrig
\Windows\system\nUTfpYu.exe	xmrig
C:\Windows\system\BxvhGxl.exe	xmrig
C:\Windows\system\CLsryvw.exe	xmrig
\Windows\system\NdaSvCj.exe	xmrig
behavioral1/memory/1888-177-0x000000013F8B0000-0x000000013FC9D000-memory.dmp	xmrig
\Windows\system\CLkbdgW.exe	xmrig
behavioral1/memory/2940-204-0x000000013FC00000-0x000000013FFED000-memory.dmp	xmrig
behavioral1/memory/2268-200-0x000000013F4F0000-0x000000013F8DD000-memory.dmp	xmrig
C:\Windows\system\UjdKDEX.exe	xmrig
\Windows\system\ISURTWV.exe	xmrig
behavioral1/memory/3008-188-0x000000013F060000-0x000000013F44D000-memory.dmp	xmrig
C:\Windows\system\zxDjmbt.exe	xmrig
behavioral1/memory/1072-173-0x000000013FEB0000-0x000000014029D000-memory.dmp	xmrig
behavioral1/memory/2812-168-0x000000013FF70000-0x000000014035D000-memory.dmp	xmrig
C:\Windows\system\BWWJJzY.exe	xmrig
behavioral1/memory/2264-127-0x000000013F340000-0x000000013F72D000-memory.dmp	xmrig
C:\Windows\system\wUSejPh.exe	xmrig
behavioral1/memory/812-160-0x000000013F380000-0x000000013F76D000-memory.dmp	xmrig
C:\Windows\system\YgjdUHr.exe	xmrig
behavioral1/memory/2448-152-0x000000013F7B0000-0x000000013FB9D000-memory.dmp	xmrig
C:\Windows\system\VmKvmwj.exe	xmrig
behavioral1/memory/1132-143-0x000000013F630000-0x000000013FA1D000-memory.dmp	xmrig
behavioral1/memory/1152-132-0x000000013F070000-0x000000013F45D000-memory.dmp	xmrig
C:\Windows\system\urMxFoY.exe	xmrig
behavioral1/memory/1556-120-0x000000013FE50000-0x000000014023D000-memory.dmp	xmrig
C:\Windows\system\AgcqWBk.exe	xmrig
behavioral1/memory/1720-114-0x000000013FC90000-0x000000014007D000-memory.dmp	xmrig
C:\Windows\system\otbmIFj.exe	xmrig
C:\Windows\system\tRiutQA.exe	xmrig
behavioral1/memory/1036-103-0x000000013FB80000-0x000000013FF6D000-memory.dmp	xmrig
C:\Windows\system\rhiGuBf.exe	xmrig
behavioral1/memory/1604-95-0x000000013F120000-0x000000013F50D000-memory.dmp	xmrig
behavioral1/memory/2128-91-0x000000013FA70000-0x000000013FE5D000-memory.dmp	xmrig
C:\Windows\system\ZkNNyXt.exe	xmrig
behavioral1/memory/2588-82-0x000000013FE20000-0x000000014020D000-memory.dmp	xmrig
C:\Windows\system\jlGjeWy.exe	xmrig
behavioral1/memory/1356-76-0x000000013F700000-0x000000013FAED000-memory.dmp	xmrig
C:\Windows\system\pbqundW.exe	xmrig
behavioral1/memory/1324-70-0x000000013FC30000-0x000000014001D000-memory.dmp	xmrig
behavioral1/memory/2324-64-0x000000013F5E0000-0x000000013F9CD000-memory.dmp	xmrig
C:\Windows\system\OlUDYlo.exe	xmrig
behavioral1/memory/2888-58-0x000000013F2B0000-0x000000013F69D000-memory.dmp	xmrig
behavioral1/memory/2472-53-0x000000013F1F0000-0x000000013F5DD000-memory.dmp	xmrig
behavioral1/memory/2348-47-0x000000013FB40000-0x000000013FF2D000-memory.dmp	xmrig
C:\Windows\system\RYxiawx.exe	xmrig
behavioral1/memory/2468-35-0x000000013FD60000-0x000000014014D000-memory.dmp	xmrig
C:\Windows\system\GMtxShe.exe	xmrig
C:\Windows\system\idzbbdM.exe	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Powershell Invoke Web Request.
execution

PowerShell
T1059.001

Processes:

powershell.exe

pid process

2536 powershell.exe

pid	process
2536	powershell.exe

Executes dropped EXE 64 IoCs

Processes:

gwHeFyd.exeidzbbdM.exeGMtxShe.exepCvTrcd.exeIjflaXW.exefRpypOQ.exeRYxiawx.exebaCvdlB.exeKiGNKgN.exeOlUDYlo.exeAphALtL.exepbqundW.exejlGjeWy.exeCsMPRtB.exeZkNNyXt.exerhiGuBf.exetRiutQA.exeotbmIFj.exeAgcqWBk.exewUSejPh.exeurMxFoY.exedziBdLn.exeVmKvmwj.exeYgjdUHr.exenUTfpYu.exeBWWJJzY.exeCLkbdgW.exeBxvhGxl.exezxDjmbt.exeCLsryvw.exeUjdKDEX.exeISURTWV.exeNdaSvCj.exelZfVSfG.exejJCZUpX.exeFTDVnzo.exeaGAsToZ.exeHMpcPTq.exevNhoFrs.exelSIhrtn.execicxLWa.exeJxzKqQG.exelANxpUf.exebLmiULf.exepXrIlrK.exesNpfrHK.exeaQMbPIa.exeKcLStxp.exeKBMtfBL.exeXZYBPdE.exeFZTIsLc.exeKZPKEva.exeMjhvAcC.exesYbwrQZ.exeUYDKZUU.exekPTleWa.exeGsIwvSA.exeOJJtmyk.exeITGLEYM.exeAdjHuhR.exefbIPUif.exePDFfaWM.exeBiiQsQP.execJIgxVH.exe

pid	process
2496	gwHeFyd.exe
2504	idzbbdM.exe
2640	GMtxShe.exe
2468	pCvTrcd.exe
2592	IjflaXW.exe
2488	fRpypOQ.exe
2348	RYxiawx.exe
2472	baCvdlB.exe
2888	KiGNKgN.exe
2324	OlUDYlo.exe
1324	AphALtL.exe
1356	pbqundW.exe
2588	jlGjeWy.exe
2128	CsMPRtB.exe
1604	ZkNNyXt.exe
1036	rhiGuBf.exe
2312	tRiutQA.exe
1720	otbmIFj.exe
1556	AgcqWBk.exe
2264	wUSejPh.exe
1152	urMxFoY.exe
1132	dziBdLn.exe
2448	VmKvmwj.exe
812	YgjdUHr.exe
2812	nUTfpYu.exe
1072	BWWJJzY.exe
1888	CLkbdgW.exe
1408	BxvhGxl.exe
3008	zxDjmbt.exe
1736	CLsryvw.exe
2268	UjdKDEX.exe
2940	ISURTWV.exe
1884	NdaSvCj.exe
2892	lZfVSfG.exe
1956	jJCZUpX.exe
688	FTDVnzo.exe
1544	aGAsToZ.exe
2928	HMpcPTq.exe
684	vNhoFrs.exe
1264	lSIhrtn.exe
2120	cicxLWa.exe
2172	JxzKqQG.exe
400	lANxpUf.exe
2744	bLmiULf.exe
2920	pXrIlrK.exe
3048	sNpfrHK.exe
832	aQMbPIa.exe
892	KcLStxp.exe
2240	KBMtfBL.exe
1040	XZYBPdE.exe
2848	FZTIsLc.exe
1500	KZPKEva.exe
1960	MjhvAcC.exe
2724	sYbwrQZ.exe
2572	UYDKZUU.exe
2548	kPTleWa.exe
2704	GsIwvSA.exe
2524	OJJtmyk.exe
2260	ITGLEYM.exe
2428	AdjHuhR.exe
2192	fbIPUif.exe
548	PDFfaWM.exe
1228	BiiQsQP.exe
1364	cJIgxVH.exe

Loads dropped DLL 64 IoCs

Processes:

2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe

pid	process
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe

Drops file in Windows directory 64 IoCs

Processes:

2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe

description	ioc	process
File created	C:\Windows\System\CyKbDEq.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\BcAJEOi.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\jMrWdGX.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\mREAtcC.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\bGpGRNT.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\hlFVARy.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\pMvpAyo.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\dihwszJ.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\UNqsYgl.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\GNmjKFT.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\mFOgVpN.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\slJTHcH.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\gDWiMrW.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\qtmyJat.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\HSGyqGB.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\xIeMDqa.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\LZLXOVm.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\GwqAinJ.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\QYtBEJc.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\Hotqsgy.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\GywZjhi.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\NLXNbbO.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\FCClgRX.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\rCrRpIs.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\EYoayaV.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\oALwHQF.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\mtMvMMO.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\QRXNLkx.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\VUYlooZ.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\CtnIBqS.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\iAqZUNm.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\PtdSPEI.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\jwHSQtc.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\USKLGKq.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\kqigTAC.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\ToysEQB.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\NwbaqEn.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\gqYZcQj.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\esfLkLe.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\oleoYiS.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\hzUwFua.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\aVQBdzj.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\MAoUTaD.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\AsqVsbo.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\xjKHSOH.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\bbbIoKr.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\HRwnaVX.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\xtdanIU.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\JSiiaDm.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\tsLXLCt.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\CIdrbOG.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\tRVVjTo.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\dSphJQg.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\RBfdDin.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\zAfzZBy.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\vBKmsSC.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\zYtyXGy.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\qyCBzuT.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\FsHEbGp.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\UelecxE.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\cZWWmSO.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\fzDKmxR.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\LoDSYXi.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
File created	C:\Windows\System\yDzyAMV.exe	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

powershell.exe

pid process

2536 powershell.exe

pid	process
2536	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exepowershell.exe

description	pid	process
Token: SeLockMemoryPrivilege	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
Token: SeLockMemoryPrivilege	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
Token: SeDebugPrivilege	2536	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe

description	pid	process	target process
PID 1656 wrote to memory of 2536	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	powershell.exe
PID 1656 wrote to memory of 2536	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	powershell.exe
PID 1656 wrote to memory of 2536	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	powershell.exe
PID 1656 wrote to memory of 2496	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	gwHeFyd.exe
PID 1656 wrote to memory of 2496	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	gwHeFyd.exe
PID 1656 wrote to memory of 2496	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	gwHeFyd.exe
PID 1656 wrote to memory of 2504	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	idzbbdM.exe
PID 1656 wrote to memory of 2504	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	idzbbdM.exe
PID 1656 wrote to memory of 2504	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	idzbbdM.exe
PID 1656 wrote to memory of 2640	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	GMtxShe.exe
PID 1656 wrote to memory of 2640	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	GMtxShe.exe
PID 1656 wrote to memory of 2640	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	GMtxShe.exe
PID 1656 wrote to memory of 2468	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	pCvTrcd.exe
PID 1656 wrote to memory of 2468	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	pCvTrcd.exe
PID 1656 wrote to memory of 2468	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	pCvTrcd.exe
PID 1656 wrote to memory of 2592	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	IjflaXW.exe
PID 1656 wrote to memory of 2592	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	IjflaXW.exe
PID 1656 wrote to memory of 2592	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	IjflaXW.exe
PID 1656 wrote to memory of 2488	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	fRpypOQ.exe
PID 1656 wrote to memory of 2488	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	fRpypOQ.exe
PID 1656 wrote to memory of 2488	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	fRpypOQ.exe
PID 1656 wrote to memory of 2348	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	RYxiawx.exe
PID 1656 wrote to memory of 2348	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	RYxiawx.exe
PID 1656 wrote to memory of 2348	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	RYxiawx.exe
PID 1656 wrote to memory of 2472	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	baCvdlB.exe
PID 1656 wrote to memory of 2472	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	baCvdlB.exe
PID 1656 wrote to memory of 2472	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	baCvdlB.exe
PID 1656 wrote to memory of 2888	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	KiGNKgN.exe
PID 1656 wrote to memory of 2888	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	KiGNKgN.exe
PID 1656 wrote to memory of 2888	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	KiGNKgN.exe
PID 1656 wrote to memory of 2324	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	OlUDYlo.exe
PID 1656 wrote to memory of 2324	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	OlUDYlo.exe
PID 1656 wrote to memory of 2324	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	OlUDYlo.exe
PID 1656 wrote to memory of 1324	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	AphALtL.exe
PID 1656 wrote to memory of 1324	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	AphALtL.exe
PID 1656 wrote to memory of 1324	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	AphALtL.exe
PID 1656 wrote to memory of 1356	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	pbqundW.exe
PID 1656 wrote to memory of 1356	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	pbqundW.exe
PID 1656 wrote to memory of 1356	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	pbqundW.exe
PID 1656 wrote to memory of 2588	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	jlGjeWy.exe
PID 1656 wrote to memory of 2588	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	jlGjeWy.exe
PID 1656 wrote to memory of 2588	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	jlGjeWy.exe
PID 1656 wrote to memory of 2128	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	CsMPRtB.exe
PID 1656 wrote to memory of 2128	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	CsMPRtB.exe
PID 1656 wrote to memory of 2128	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	CsMPRtB.exe
PID 1656 wrote to memory of 1604	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	ZkNNyXt.exe
PID 1656 wrote to memory of 1604	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	ZkNNyXt.exe
PID 1656 wrote to memory of 1604	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	ZkNNyXt.exe
PID 1656 wrote to memory of 1036	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	rhiGuBf.exe
PID 1656 wrote to memory of 1036	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	rhiGuBf.exe
PID 1656 wrote to memory of 1036	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	rhiGuBf.exe
PID 1656 wrote to memory of 2312	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	tRiutQA.exe
PID 1656 wrote to memory of 2312	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	tRiutQA.exe
PID 1656 wrote to memory of 2312	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	tRiutQA.exe
PID 1656 wrote to memory of 1720	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	otbmIFj.exe
PID 1656 wrote to memory of 1720	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	otbmIFj.exe
PID 1656 wrote to memory of 1720	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	otbmIFj.exe
PID 1656 wrote to memory of 1556	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	AgcqWBk.exe
PID 1656 wrote to memory of 1556	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	AgcqWBk.exe
PID 1656 wrote to memory of 1556	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	AgcqWBk.exe
PID 1656 wrote to memory of 2264	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	wUSejPh.exe
PID 1656 wrote to memory of 2264	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	wUSejPh.exe
PID 1656 wrote to memory of 2264	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	wUSejPh.exe
PID 1656 wrote to memory of 1152	1656	2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe	urMxFoY.exe

C:\Users\Admin\AppData\Local\Temp\2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe
"C:\Users\Admin\AppData\Local\Temp\2e9f3813bb4ad5a29067000e2d0935ea1f284f60ccbe74cb858f8bd2b242ab42.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1656
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2536
- C:\Windows\System\gwHeFyd.exe
  C:\Windows\System\gwHeFyd.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\idzbbdM.exe
  C:\Windows\System\idzbbdM.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\GMtxShe.exe
  C:\Windows\System\GMtxShe.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\pCvTrcd.exe
  C:\Windows\System\pCvTrcd.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\IjflaXW.exe
  C:\Windows\System\IjflaXW.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\fRpypOQ.exe
  C:\Windows\System\fRpypOQ.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\RYxiawx.exe
  C:\Windows\System\RYxiawx.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\baCvdlB.exe
  C:\Windows\System\baCvdlB.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\KiGNKgN.exe
  C:\Windows\System\KiGNKgN.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\OlUDYlo.exe
  C:\Windows\System\OlUDYlo.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\AphALtL.exe
  C:\Windows\System\AphALtL.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\pbqundW.exe
  C:\Windows\System\pbqundW.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\jlGjeWy.exe
  C:\Windows\System\jlGjeWy.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\CsMPRtB.exe
  C:\Windows\System\CsMPRtB.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\ZkNNyXt.exe
  C:\Windows\System\ZkNNyXt.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\rhiGuBf.exe
  C:\Windows\System\rhiGuBf.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\tRiutQA.exe
  C:\Windows\System\tRiutQA.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\otbmIFj.exe
  C:\Windows\System\otbmIFj.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\AgcqWBk.exe
  C:\Windows\System\AgcqWBk.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\wUSejPh.exe
  C:\Windows\System\wUSejPh.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\urMxFoY.exe
  C:\Windows\System\urMxFoY.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\nUTfpYu.exe
  C:\Windows\System\nUTfpYu.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\dziBdLn.exe
  C:\Windows\System\dziBdLn.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\CLkbdgW.exe
  C:\Windows\System\CLkbdgW.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\VmKvmwj.exe
  C:\Windows\System\VmKvmwj.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\BxvhGxl.exe
  C:\Windows\System\BxvhGxl.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\YgjdUHr.exe
  C:\Windows\System\YgjdUHr.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\CLsryvw.exe
  C:\Windows\System\CLsryvw.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\BWWJJzY.exe
  C:\Windows\System\BWWJJzY.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\ISURTWV.exe
  C:\Windows\System\ISURTWV.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\zxDjmbt.exe
  C:\Windows\System\zxDjmbt.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\NdaSvCj.exe
  C:\Windows\System\NdaSvCj.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\UjdKDEX.exe
  C:\Windows\System\UjdKDEX.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\lZfVSfG.exe
  C:\Windows\System\lZfVSfG.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\jJCZUpX.exe
  C:\Windows\System\jJCZUpX.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\FTDVnzo.exe
  C:\Windows\System\FTDVnzo.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\aGAsToZ.exe
  C:\Windows\System\aGAsToZ.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\HMpcPTq.exe
  C:\Windows\System\HMpcPTq.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\vNhoFrs.exe
  C:\Windows\System\vNhoFrs.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\lSIhrtn.exe
  C:\Windows\System\lSIhrtn.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\cicxLWa.exe
  C:\Windows\System\cicxLWa.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\JxzKqQG.exe
  C:\Windows\System\JxzKqQG.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\lANxpUf.exe
  C:\Windows\System\lANxpUf.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\bLmiULf.exe
  C:\Windows\System\bLmiULf.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\pXrIlrK.exe
  C:\Windows\System\pXrIlrK.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\sNpfrHK.exe
  C:\Windows\System\sNpfrHK.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\aQMbPIa.exe
  C:\Windows\System\aQMbPIa.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\KcLStxp.exe
  C:\Windows\System\KcLStxp.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\KBMtfBL.exe
  C:\Windows\System\KBMtfBL.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\XZYBPdE.exe
  C:\Windows\System\XZYBPdE.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\FZTIsLc.exe
  C:\Windows\System\FZTIsLc.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\KZPKEva.exe
  C:\Windows\System\KZPKEva.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\MjhvAcC.exe
  C:\Windows\System\MjhvAcC.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\sYbwrQZ.exe
  C:\Windows\System\sYbwrQZ.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\UYDKZUU.exe
  C:\Windows\System\UYDKZUU.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\kPTleWa.exe
  C:\Windows\System\kPTleWa.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\GsIwvSA.exe
  C:\Windows\System\GsIwvSA.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\OJJtmyk.exe
  C:\Windows\System\OJJtmyk.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\ITGLEYM.exe
  C:\Windows\System\ITGLEYM.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\AdjHuhR.exe
  C:\Windows\System\AdjHuhR.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\fbIPUif.exe
  C:\Windows\System\fbIPUif.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\PDFfaWM.exe
  C:\Windows\System\PDFfaWM.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\BiiQsQP.exe
  C:\Windows\System\BiiQsQP.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\cJIgxVH.exe
  C:\Windows\System\cJIgxVH.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\PtoeGuM.exe
  C:\Windows\System\PtoeGuM.exe
  2⤵
  PID:1568
- C:\Windows\System\UFSEkhm.exe
  C:\Windows\System\UFSEkhm.exe
  2⤵
  PID:2052
- C:\Windows\System\sGDfqFv.exe
  C:\Windows\System\sGDfqFv.exe
  2⤵
  PID:2648
- C:\Windows\System\jJIFBfj.exe
  C:\Windows\System\jJIFBfj.exe
  2⤵
  PID:808
- C:\Windows\System\xhzlzhJ.exe
  C:\Windows\System\xhzlzhJ.exe
  2⤵
  PID:912
- C:\Windows\System\yuGKqQU.exe
  C:\Windows\System\yuGKqQU.exe
  2⤵
  PID:2752
- C:\Windows\System\mRJKNNt.exe
  C:\Windows\System\mRJKNNt.exe
  2⤵
  PID:2084
- C:\Windows\System\elDmubh.exe
  C:\Windows\System\elDmubh.exe
  2⤵
  PID:2064
- C:\Windows\System\rKNEIYs.exe
  C:\Windows\System\rKNEIYs.exe
  2⤵
  PID:876
- C:\Windows\System\NTGlmVj.exe
  C:\Windows\System\NTGlmVj.exe
  2⤵
  PID:1524
- C:\Windows\System\qyPjSTQ.exe
  C:\Windows\System\qyPjSTQ.exe
  2⤵
  PID:2696
- C:\Windows\System\sTCVGEn.exe
  C:\Windows\System\sTCVGEn.exe
  2⤵
  PID:2376
- C:\Windows\System\AUovxAV.exe
  C:\Windows\System\AUovxAV.exe
  2⤵
  PID:2144
- C:\Windows\System\RnbhSDA.exe
  C:\Windows\System\RnbhSDA.exe
  2⤵
  PID:2340
- C:\Windows\System\tGLDMTM.exe
  C:\Windows\System\tGLDMTM.exe
  2⤵
  PID:2660
- C:\Windows\System\DMUZpqO.exe
  C:\Windows\System\DMUZpqO.exe
  2⤵
  PID:2124
- C:\Windows\System\kfhrwUP.exe
  C:\Windows\System\kfhrwUP.exe
  2⤵
  PID:2272
- C:\Windows\System\MziHHTI.exe
  C:\Windows\System\MziHHTI.exe
  2⤵
  PID:1968
- C:\Windows\System\yZkwgwV.exe
  C:\Windows\System\yZkwgwV.exe
  2⤵
  PID:1828
- C:\Windows\System\YyHEpBx.exe
  C:\Windows\System\YyHEpBx.exe
  2⤵
  PID:1772
- C:\Windows\System\ZsTrVWW.exe
  C:\Windows\System\ZsTrVWW.exe
  2⤵
  PID:1676
- C:\Windows\System\damUNCa.exe
  C:\Windows\System\damUNCa.exe
  2⤵
  PID:2216
- C:\Windows\System\WSexnri.exe
  C:\Windows\System\WSexnri.exe
  2⤵
  PID:2040
- C:\Windows\System\fPVAjoJ.exe
  C:\Windows\System\fPVAjoJ.exe
  2⤵
  PID:1064
- C:\Windows\System\ywVprzA.exe
  C:\Windows\System\ywVprzA.exe
  2⤵
  PID:2392
- C:\Windows\System\fVjuJDg.exe
  C:\Windows\System\fVjuJDg.exe
  2⤵
  PID:2668
- C:\Windows\System\KLGnRCo.exe
  C:\Windows\System\KLGnRCo.exe
  2⤵
  PID:1292
- C:\Windows\System\KNHVAMf.exe
  C:\Windows\System\KNHVAMf.exe
  2⤵
  PID:3040
- C:\Windows\System\UvkMBbq.exe
  C:\Windows\System\UvkMBbq.exe
  2⤵
  PID:2532
- C:\Windows\System\kruyUKp.exe
  C:\Windows\System\kruyUKp.exe
  2⤵
  PID:2276
- C:\Windows\System\DsPPqtx.exe
  C:\Windows\System\DsPPqtx.exe
  2⤵
  PID:408
- C:\Windows\System\vQMiGcU.exe
  C:\Windows\System\vQMiGcU.exe
  2⤵
  PID:2380
- C:\Windows\System\tjsTeDB.exe
  C:\Windows\System\tjsTeDB.exe
  2⤵
  PID:896
- C:\Windows\System\ttEWHUs.exe
  C:\Windows\System\ttEWHUs.exe
  2⤵
  PID:1932
- C:\Windows\System\jUXmjyc.exe
  C:\Windows\System\jUXmjyc.exe
  2⤵
  PID:1572
- C:\Windows\System\ciGdIvA.exe
  C:\Windows\System\ciGdIvA.exe
  2⤵
  PID:2916
- C:\Windows\System\ZagJdRS.exe
  C:\Windows\System\ZagJdRS.exe
  2⤵
  PID:1940
- C:\Windows\System\MkshbQt.exe
  C:\Windows\System\MkshbQt.exe
  2⤵
  PID:1948
- C:\Windows\System\vgiwFmW.exe
  C:\Windows\System\vgiwFmW.exe
  2⤵
  PID:2740
- C:\Windows\System\mJwPXFT.exe
  C:\Windows\System\mJwPXFT.exe
  2⤵
  PID:760
- C:\Windows\System\RDktesq.exe
  C:\Windows\System\RDktesq.exe
  2⤵
  PID:1612
- C:\Windows\System\sNDpWkz.exe
  C:\Windows\System\sNDpWkz.exe
  2⤵
  PID:352
- C:\Windows\System\boXhmpK.exe
  C:\Windows\System\boXhmpK.exe
  2⤵
  PID:1980
- C:\Windows\System\ehxsrTF.exe
  C:\Windows\System\ehxsrTF.exe
  2⤵
  PID:2444
- C:\Windows\System\YasTIWp.exe
  C:\Windows\System\YasTIWp.exe
  2⤵
  PID:1776
- C:\Windows\System\XBnxRTK.exe
  C:\Windows\System\XBnxRTK.exe
  2⤵
  PID:2020
- C:\Windows\System\QOsjkRc.exe
  C:\Windows\System\QOsjkRc.exe
  2⤵
  PID:2680
- C:\Windows\System\PRyONyi.exe
  C:\Windows\System\PRyONyi.exe
  2⤵
  PID:1472
- C:\Windows\System\PaVoVqF.exe
  C:\Windows\System\PaVoVqF.exe
  2⤵
  PID:2456
- C:\Windows\System\JPCEtIR.exe
  C:\Windows\System\JPCEtIR.exe
  2⤵
  PID:2796
- C:\Windows\System\yPGFScG.exe
  C:\Windows\System\yPGFScG.exe
  2⤵
  PID:1184
- C:\Windows\System\buOJJON.exe
  C:\Windows\System\buOJJON.exe
  2⤵
  PID:884
- C:\Windows\System\gXZNKGF.exe
  C:\Windows\System\gXZNKGF.exe
  2⤵
  PID:764
- C:\Windows\System\YNUHaTw.exe
  C:\Windows\System\YNUHaTw.exe
  2⤵
  PID:2076
- C:\Windows\System\hBvVcuo.exe
  C:\Windows\System\hBvVcuo.exe
  2⤵
  PID:2072
- C:\Windows\System\LXLCcjm.exe
  C:\Windows\System\LXLCcjm.exe
  2⤵
  PID:2368
- C:\Windows\System\jHLGwzW.exe
  C:\Windows\System\jHLGwzW.exe
  2⤵
  PID:1708
- C:\Windows\System\YPrYzIZ.exe
  C:\Windows\System\YPrYzIZ.exe
  2⤵
  PID:1716
- C:\Windows\System\JJGieLH.exe
  C:\Windows\System\JJGieLH.exe
  2⤵
  PID:768
- C:\Windows\System\cMJNMgF.exe
  C:\Windows\System\cMJNMgF.exe
  2⤵
  PID:1320
- C:\Windows\System\IwyNHvJ.exe
  C:\Windows\System\IwyNHvJ.exe
  2⤵
  PID:2832
- C:\Windows\System\ThCYLUN.exe
  C:\Windows\System\ThCYLUN.exe
  2⤵
  PID:2908
- C:\Windows\System\PpUCeCa.exe
  C:\Windows\System\PpUCeCa.exe
  2⤵
  PID:2824
- C:\Windows\System\uXfdZnW.exe
  C:\Windows\System\uXfdZnW.exe
  2⤵
  PID:3028
- C:\Windows\System\WNBNwRV.exe
  C:\Windows\System\WNBNwRV.exe
  2⤵
  PID:988
- C:\Windows\System\faSQlsI.exe
  C:\Windows\System\faSQlsI.exe
  2⤵
  PID:1564
- C:\Windows\System\ytyOdgD.exe
  C:\Windows\System\ytyOdgD.exe
  2⤵
  PID:1580
- C:\Windows\System\gDWiMrW.exe
  C:\Windows\System\gDWiMrW.exe
  2⤵
  PID:836
- C:\Windows\System\sjcKCFw.exe
  C:\Windows\System\sjcKCFw.exe
  2⤵
  PID:1688
- C:\Windows\System\wSmNNNG.exe
  C:\Windows\System\wSmNNNG.exe
  2⤵
  PID:1144
- C:\Windows\System\tBGaRTl.exe
  C:\Windows\System\tBGaRTl.exe
  2⤵
  PID:2624
- C:\Windows\System\Bsifegh.exe
  C:\Windows\System\Bsifegh.exe
  2⤵
  PID:2328
- C:\Windows\System\vVVXHCR.exe
  C:\Windows\System\vVVXHCR.exe
  2⤵
  PID:2204
- C:\Windows\System\tBPAusn.exe
  C:\Windows\System\tBPAusn.exe
  2⤵
  PID:556
- C:\Windows\System\FIikEGp.exe
  C:\Windows\System\FIikEGp.exe
  2⤵
  PID:348
- C:\Windows\System\mFtUtyh.exe
  C:\Windows\System\mFtUtyh.exe
  2⤵
  PID:952
- C:\Windows\System\uNUVTNM.exe
  C:\Windows\System\uNUVTNM.exe
  2⤵
  PID:1424
- C:\Windows\System\csSnFll.exe
  C:\Windows\System\csSnFll.exe
  2⤵
  PID:2140
- C:\Windows\System\MfQhrQx.exe
  C:\Windows\System\MfQhrQx.exe
  2⤵
  PID:2036
- C:\Windows\System\BMImqne.exe
  C:\Windows\System\BMImqne.exe
  2⤵
  PID:1668
- C:\Windows\System\ibEFtJd.exe
  C:\Windows\System\ibEFtJd.exe
  2⤵
  PID:2044
- C:\Windows\System\ilHxwYN.exe
  C:\Windows\System\ilHxwYN.exe
  2⤵
  PID:2556
- C:\Windows\System\VjeUinK.exe
  C:\Windows\System\VjeUinK.exe
  2⤵
  PID:356
- C:\Windows\System\jvAFBNz.exe
  C:\Windows\System\jvAFBNz.exe
  2⤵
  PID:2516
- C:\Windows\System\pTsyYQr.exe
  C:\Windows\System\pTsyYQr.exe
  2⤵
  PID:2584
- C:\Windows\System\nmBRmxQ.exe
  C:\Windows\System\nmBRmxQ.exe
  2⤵
  PID:2008
- C:\Windows\System\bQicPbS.exe
  C:\Windows\System\bQicPbS.exe
  2⤵
  PID:1936
- C:\Windows\System\BjVYQrU.exe
  C:\Windows\System\BjVYQrU.exe
  2⤵
  PID:1740
- C:\Windows\System\DUYvqeC.exe
  C:\Windows\System\DUYvqeC.exe
  2⤵
  PID:1748
- C:\Windows\System\KFdhQZA.exe
  C:\Windows\System\KFdhQZA.exe
  2⤵
  PID:1724
- C:\Windows\System\wzGLVxW.exe
  C:\Windows\System\wzGLVxW.exe
  2⤵
  PID:1464
- C:\Windows\System\ppFjPxv.exe
  C:\Windows\System\ppFjPxv.exe
  2⤵
  PID:2500
- C:\Windows\System\QYtBEJc.exe
  C:\Windows\System\QYtBEJc.exe
  2⤵
  PID:2296
- C:\Windows\System\QiDGyub.exe
  C:\Windows\System\QiDGyub.exe
  2⤵
  PID:2612
- C:\Windows\System\ylqyQLT.exe
  C:\Windows\System\ylqyQLT.exe
  2⤵
  PID:2284
- C:\Windows\System\OwwEnll.exe
  C:\Windows\System\OwwEnll.exe
  2⤵
  PID:2936
- C:\Windows\System\FfPsrnN.exe
  C:\Windows\System\FfPsrnN.exe
  2⤵
  PID:2232
- C:\Windows\System\qvoUvpu.exe
  C:\Windows\System\qvoUvpu.exe
  2⤵
  PID:2792
- C:\Windows\System\gXWMJuI.exe
  C:\Windows\System\gXWMJuI.exe
  2⤵
  PID:2016
- C:\Windows\System\XMqoODX.exe
  C:\Windows\System\XMqoODX.exe
  2⤵
  PID:1416
- C:\Windows\System\EHLYOhP.exe
  C:\Windows\System\EHLYOhP.exe
  2⤵
  PID:2528
- C:\Windows\System\zDeKgHC.exe
  C:\Windows\System\zDeKgHC.exe
  2⤵
  PID:312
- C:\Windows\System\KVvQeme.exe
  C:\Windows\System\KVvQeme.exe
  2⤵
  PID:2712
- C:\Windows\System\MUivLHI.exe
  C:\Windows\System\MUivLHI.exe
  2⤵
  PID:1908
- C:\Windows\System\csMEegV.exe
  C:\Windows\System\csMEegV.exe
  2⤵
  PID:680
- C:\Windows\System\EWEJsqJ.exe
  C:\Windows\System\EWEJsqJ.exe
  2⤵
  PID:2552
- C:\Windows\System\agDDuUh.exe
  C:\Windows\System\agDDuUh.exe
  2⤵
  PID:1248
- C:\Windows\System\MVhDrtR.exe
  C:\Windows\System\MVhDrtR.exe
  2⤵
  PID:3080
- C:\Windows\System\ZLrMBIc.exe
  C:\Windows\System\ZLrMBIc.exe
  2⤵
  PID:3096
- C:\Windows\System\doKioQo.exe
  C:\Windows\System\doKioQo.exe
  2⤵
  PID:3180
- C:\Windows\System\huAyiKg.exe
  C:\Windows\System\huAyiKg.exe
  2⤵
  PID:3196
- C:\Windows\System\qEvLdVA.exe
  C:\Windows\System\qEvLdVA.exe
  2⤵
  PID:3212
- C:\Windows\System\mqigQrO.exe
  C:\Windows\System\mqigQrO.exe
  2⤵
  PID:3240
- C:\Windows\System\RxaRemG.exe
  C:\Windows\System\RxaRemG.exe
  2⤵
  PID:3256
- C:\Windows\System\DOojTYP.exe
  C:\Windows\System\DOojTYP.exe
  2⤵
  PID:3272
- C:\Windows\System\sGmYDpq.exe
  C:\Windows\System\sGmYDpq.exe
  2⤵
  PID:3288
- C:\Windows\System\AwHVfXY.exe
  C:\Windows\System\AwHVfXY.exe
  2⤵
  PID:3304
- C:\Windows\System\bllChGK.exe
  C:\Windows\System\bllChGK.exe
  2⤵
  PID:3320
- C:\Windows\System\IfPUQkh.exe
  C:\Windows\System\IfPUQkh.exe
  2⤵
  PID:3336
- C:\Windows\System\wnKcwPF.exe
  C:\Windows\System\wnKcwPF.exe
  2⤵
  PID:3352
- C:\Windows\System\wphIbBt.exe
  C:\Windows\System\wphIbBt.exe
  2⤵
  PID:3372
- C:\Windows\System\QeaXPhr.exe
  C:\Windows\System\QeaXPhr.exe
  2⤵
  PID:3388
- C:\Windows\System\QXQjUFj.exe
  C:\Windows\System\QXQjUFj.exe
  2⤵
  PID:3416
- C:\Windows\System\WOMGnje.exe
  C:\Windows\System\WOMGnje.exe
  2⤵
  PID:3432
- C:\Windows\System\DqOoGGz.exe
  C:\Windows\System\DqOoGGz.exe
  2⤵
  PID:3448
- C:\Windows\System\qiQMpPU.exe
  C:\Windows\System\qiQMpPU.exe
  2⤵
  PID:3464
- C:\Windows\System\DSOkSdf.exe
  C:\Windows\System\DSOkSdf.exe
  2⤵
  PID:3488
- C:\Windows\System\epAkwHy.exe
  C:\Windows\System\epAkwHy.exe
  2⤵
  PID:3512
- C:\Windows\System\voOMMyg.exe
  C:\Windows\System\voOMMyg.exe
  2⤵
  PID:3540
- C:\Windows\System\HzVppay.exe
  C:\Windows\System\HzVppay.exe
  2⤵
  PID:3560
- C:\Windows\System\qxQPSNj.exe
  C:\Windows\System\qxQPSNj.exe
  2⤵
  PID:3584
- C:\Windows\System\VETfJMn.exe
  C:\Windows\System\VETfJMn.exe
  2⤵
  PID:3600
- C:\Windows\System\IWESBoY.exe
  C:\Windows\System\IWESBoY.exe
  2⤵
  PID:3616
- C:\Windows\System\NkzjQkS.exe
  C:\Windows\System\NkzjQkS.exe
  2⤵
  PID:3640
- C:\Windows\System\sXvmvFO.exe
  C:\Windows\System\sXvmvFO.exe
  2⤵
  PID:3656
- C:\Windows\System\OvrmNUa.exe
  C:\Windows\System\OvrmNUa.exe
  2⤵
  PID:3680
- C:\Windows\System\OzJqDDt.exe
  C:\Windows\System\OzJqDDt.exe
  2⤵
  PID:3696
- C:\Windows\System\ykmNLBm.exe
  C:\Windows\System\ykmNLBm.exe
  2⤵
  PID:3712
- C:\Windows\System\dCzCGxS.exe
  C:\Windows\System\dCzCGxS.exe
  2⤵
  PID:3728
- C:\Windows\System\DnhuiCW.exe
  C:\Windows\System\DnhuiCW.exe
  2⤵
  PID:3744
- C:\Windows\System\ptGNwoP.exe
  C:\Windows\System\ptGNwoP.exe
  2⤵
  PID:3760
- C:\Windows\System\GRUYoQM.exe
  C:\Windows\System\GRUYoQM.exe
  2⤵
  PID:3784
- C:\Windows\System\SnayHWE.exe
  C:\Windows\System\SnayHWE.exe
  2⤵
  PID:3800
- C:\Windows\System\cEPITRt.exe
  C:\Windows\System\cEPITRt.exe
  2⤵
  PID:3820
- C:\Windows\System\DGoamrt.exe
  C:\Windows\System\DGoamrt.exe
  2⤵
  PID:3840
- C:\Windows\System\UYqYtHW.exe
  C:\Windows\System\UYqYtHW.exe
  2⤵
  PID:3856
- C:\Windows\System\tafmmYg.exe
  C:\Windows\System\tafmmYg.exe
  2⤵
  PID:3888
- C:\Windows\System\ViyKxsH.exe
  C:\Windows\System\ViyKxsH.exe
  2⤵
  PID:3904
- C:\Windows\System\Cannubw.exe
  C:\Windows\System\Cannubw.exe
  2⤵
  PID:3920
- C:\Windows\System\IdEOMlV.exe
  C:\Windows\System\IdEOMlV.exe
  2⤵
  PID:3940
- C:\Windows\System\mkimbDJ.exe
  C:\Windows\System\mkimbDJ.exe
  2⤵
  PID:3960
- C:\Windows\System\kwGxYwo.exe
  C:\Windows\System\kwGxYwo.exe
  2⤵
  PID:3976
- C:\Windows\System\mUbJZuX.exe
  C:\Windows\System\mUbJZuX.exe
  2⤵
  PID:3144
- C:\Windows\System\GyhyOxD.exe
  C:\Windows\System\GyhyOxD.exe
  2⤵
  PID:3164
- C:\Windows\System\bkBlQev.exe
  C:\Windows\System\bkBlQev.exe
  2⤵
  PID:1552
- C:\Windows\System\rMYsuXF.exe
  C:\Windows\System\rMYsuXF.exe
  2⤵
  PID:3280
- C:\Windows\System\uyMfWim.exe
  C:\Windows\System\uyMfWim.exe
  2⤵
  PID:3284
- C:\Windows\System\OkFWFfw.exe
  C:\Windows\System\OkFWFfw.exe
  2⤵
  PID:3704
- C:\Windows\System\cZWWmSO.exe
  C:\Windows\System\cZWWmSO.exe
  2⤵
  PID:3740
- C:\Windows\System\qtikcIL.exe
  C:\Windows\System\qtikcIL.exe
  2⤵
  PID:3428
- C:\Windows\System\gYeJRMD.exe
  C:\Windows\System\gYeJRMD.exe
  2⤵
  PID:3268
- C:\Windows\System\BISInIw.exe
  C:\Windows\System\BISInIw.exe
  2⤵
  PID:3332
- C:\Windows\System\ePGkjlB.exe
  C:\Windows\System\ePGkjlB.exe
  2⤵
  PID:3636
- C:\Windows\System\RcNvFoL.exe
  C:\Windows\System\RcNvFoL.exe
  2⤵
  PID:3708
- C:\Windows\System\EMMYKXZ.exe
  C:\Windows\System\EMMYKXZ.exe
  2⤵
  PID:3552
- C:\Windows\System\WYxuedt.exe
  C:\Windows\System\WYxuedt.exe
  2⤵
  PID:3628
- C:\Windows\System\AZMcEPM.exe
  C:\Windows\System\AZMcEPM.exe
  2⤵
  PID:3672
- C:\Windows\System\jcOhusc.exe
  C:\Windows\System\jcOhusc.exe
  2⤵
  PID:3480
- C:\Windows\System\XGQeTcl.exe
  C:\Windows\System\XGQeTcl.exe
  2⤵
  PID:3536
- C:\Windows\System\dTIrGyC.exe
  C:\Windows\System\dTIrGyC.exe
  2⤵
  PID:2464
- C:\Windows\System\XIeqlpw.exe
  C:\Windows\System\XIeqlpw.exe
  2⤵
  PID:3228
- C:\Windows\System\FjZZhin.exe
  C:\Windows\System\FjZZhin.exe
  2⤵
  PID:3364
- C:\Windows\System\jklnukY.exe
  C:\Windows\System\jklnukY.exe
  2⤵
  PID:3412
- C:\Windows\System\yuRcgdQ.exe
  C:\Windows\System\yuRcgdQ.exe
  2⤵
  PID:2540
- C:\Windows\System\RFvNcgC.exe
  C:\Windows\System\RFvNcgC.exe
  2⤵
  PID:3676
- C:\Windows\System\JyjarbN.exe
  C:\Windows\System\JyjarbN.exe
  2⤵
  PID:3828
- C:\Windows\System\dsMyUlB.exe
  C:\Windows\System\dsMyUlB.exe
  2⤵
  PID:3156
- C:\Windows\System\KssnerP.exe
  C:\Windows\System\KssnerP.exe
  2⤵
  PID:3188
- C:\Windows\System\FVzzrKl.exe
  C:\Windows\System\FVzzrKl.exe
  2⤵
  PID:3220
- C:\Windows\System\ftVfSCF.exe
  C:\Windows\System\ftVfSCF.exe
  2⤵
  PID:3300
- C:\Windows\System\WRsvCiI.exe
  C:\Windows\System\WRsvCiI.exe
  2⤵
  PID:4004
- C:\Windows\System\GveQeyB.exe
  C:\Windows\System\GveQeyB.exe
  2⤵
  PID:4020
- C:\Windows\System\fhTOFDZ.exe
  C:\Windows\System\fhTOFDZ.exe
  2⤵
  PID:4048
- C:\Windows\System\BIikUmh.exe
  C:\Windows\System\BIikUmh.exe
  2⤵
  PID:4056
- C:\Windows\System\XRARfLX.exe
  C:\Windows\System\XRARfLX.exe
  2⤵
  PID:4080
- C:\Windows\System\odLNjAc.exe
  C:\Windows\System\odLNjAc.exe
  2⤵
  PID:1608
- C:\Windows\System\wWkSohe.exe
  C:\Windows\System\wWkSohe.exe
  2⤵
  PID:3608
- C:\Windows\System\AuDzovB.exe
  C:\Windows\System\AuDzovB.exe
  2⤵
  PID:3688
- C:\Windows\System\PAIBbIV.exe
  C:\Windows\System\PAIBbIV.exe
  2⤵
  PID:3724
- C:\Windows\System\oleoYiS.exe
  C:\Windows\System\oleoYiS.exe
  2⤵
  PID:3792
- C:\Windows\System\PtbNHcV.exe
  C:\Windows\System\PtbNHcV.exe
  2⤵
  PID:3596
- C:\Windows\System\jAfoiBB.exe
  C:\Windows\System\jAfoiBB.exe
  2⤵
  PID:3112
- C:\Windows\System\LVUrkjq.exe
  C:\Windows\System\LVUrkjq.exe
  2⤵
  PID:3872
- C:\Windows\System\ECCQULw.exe
  C:\Windows\System\ECCQULw.exe
  2⤵
  PID:3864
- C:\Windows\System\TxcujFI.exe
  C:\Windows\System\TxcujFI.exe
  2⤵
  PID:3780
- C:\Windows\System\wTJcitT.exe
  C:\Windows\System\wTJcitT.exe
  2⤵
  PID:4100
- C:\Windows\System\NlmTGqr.exe
  C:\Windows\System\NlmTGqr.exe
  2⤵
  PID:4116
- C:\Windows\System\CtVmJnI.exe
  C:\Windows\System\CtVmJnI.exe
  2⤵
  PID:4136
- C:\Windows\System\KBwdNcN.exe
  C:\Windows\System\KBwdNcN.exe
  2⤵
  PID:4156
- C:\Windows\System\gzCiAGi.exe
  C:\Windows\System\gzCiAGi.exe
  2⤵
  PID:4180
- C:\Windows\System\kTFcAiK.exe
  C:\Windows\System\kTFcAiK.exe
  2⤵
  PID:4196
- C:\Windows\System\wTncOdu.exe
  C:\Windows\System\wTncOdu.exe
  2⤵
  PID:4212
- C:\Windows\System\yBriaOX.exe
  C:\Windows\System\yBriaOX.exe
  2⤵
  PID:4228
- C:\Windows\System\QeVkouR.exe
  C:\Windows\System\QeVkouR.exe
  2⤵
  PID:4248
- C:\Windows\System\yXPigmy.exe
  C:\Windows\System\yXPigmy.exe
  2⤵
  PID:4268
- C:\Windows\System\HMPRpDV.exe
  C:\Windows\System\HMPRpDV.exe
  2⤵
  PID:4284
- C:\Windows\System\spoHlFi.exe
  C:\Windows\System\spoHlFi.exe
  2⤵
  PID:4300
- C:\Windows\System\MxbMvTc.exe
  C:\Windows\System\MxbMvTc.exe
  2⤵
  PID:4316
- C:\Windows\System\kMLqxNL.exe
  C:\Windows\System\kMLqxNL.exe
  2⤵
  PID:4340
- C:\Windows\System\bXsFxdo.exe
  C:\Windows\System\bXsFxdo.exe
  2⤵
  PID:4356
- C:\Windows\System\iFlMaDi.exe
  C:\Windows\System\iFlMaDi.exe
  2⤵
  PID:4372
- C:\Windows\System\SITjnVx.exe
  C:\Windows\System\SITjnVx.exe
  2⤵
  PID:4388
- C:\Windows\System\UGtVEqS.exe
  C:\Windows\System\UGtVEqS.exe
  2⤵
  PID:4404
- C:\Windows\System\waXKbFL.exe
  C:\Windows\System\waXKbFL.exe
  2⤵
  PID:4420
- C:\Windows\System\JXyYttK.exe
  C:\Windows\System\JXyYttK.exe
  2⤵
  PID:4444
- C:\Windows\System\ERWQDIH.exe
  C:\Windows\System\ERWQDIH.exe
  2⤵
  PID:4464
- C:\Windows\System\hluWCnu.exe
  C:\Windows\System\hluWCnu.exe
  2⤵
  PID:4484
- C:\Windows\System\vwQcbTz.exe
  C:\Windows\System\vwQcbTz.exe
  2⤵
  PID:4504
- C:\Windows\System\LhWxySQ.exe
  C:\Windows\System\LhWxySQ.exe
  2⤵
  PID:4520
- C:\Windows\System\gdTtUtu.exe
  C:\Windows\System\gdTtUtu.exe
  2⤵
  PID:4540
- C:\Windows\System\QoxTflR.exe
  C:\Windows\System\QoxTflR.exe
  2⤵
  PID:4560
- C:\Windows\System\UpDKcZH.exe
  C:\Windows\System\UpDKcZH.exe
  2⤵
  PID:4576
- C:\Windows\System\pYGpOqE.exe
  C:\Windows\System\pYGpOqE.exe
  2⤵
  PID:4592
- C:\Windows\System\EqSVMKM.exe
  C:\Windows\System\EqSVMKM.exe
  2⤵
  PID:4608
- C:\Windows\System\GNCGweg.exe
  C:\Windows\System\GNCGweg.exe
  2⤵
  PID:4624
- C:\Windows\System\AfSKZuy.exe
  C:\Windows\System\AfSKZuy.exe
  2⤵
  PID:4648
- C:\Windows\System\JTtBzWV.exe
  C:\Windows\System\JTtBzWV.exe
  2⤵
  PID:4664
- C:\Windows\System\mqFaROu.exe
  C:\Windows\System\mqFaROu.exe
  2⤵
  PID:4680
- C:\Windows\System\aWHWpgX.exe
  C:\Windows\System\aWHWpgX.exe
  2⤵
  PID:4696
- C:\Windows\System\kZVyFRy.exe
  C:\Windows\System\kZVyFRy.exe
  2⤵
  PID:4712
- C:\Windows\System\JLtrrgc.exe
  C:\Windows\System\JLtrrgc.exe
  2⤵
  PID:4732
- C:\Windows\System\wtIcsYd.exe
  C:\Windows\System\wtIcsYd.exe
  2⤵
  PID:4752
- C:\Windows\System\MUAgwxP.exe
  C:\Windows\System\MUAgwxP.exe
  2⤵
  PID:4944
- C:\Windows\System\UByXOak.exe
  C:\Windows\System\UByXOak.exe
  2⤵
  PID:4960
- C:\Windows\System\FmCHDiU.exe
  C:\Windows\System\FmCHDiU.exe
  2⤵
  PID:4976
- C:\Windows\System\hwFzvpT.exe
  C:\Windows\System\hwFzvpT.exe
  2⤵
  PID:4992
- C:\Windows\System\GisTKrn.exe
  C:\Windows\System\GisTKrn.exe
  2⤵
  PID:5008
- C:\Windows\System\DGYshHu.exe
  C:\Windows\System\DGYshHu.exe
  2⤵
  PID:5024
- C:\Windows\System\UfjgwTj.exe
  C:\Windows\System\UfjgwTj.exe
  2⤵
  PID:5040
- C:\Windows\System\ahknpou.exe
  C:\Windows\System\ahknpou.exe
  2⤵
  PID:5056
- C:\Windows\System\zBVNeLu.exe
  C:\Windows\System\zBVNeLu.exe
  2⤵
  PID:5072
- C:\Windows\System\YwNHNak.exe
  C:\Windows\System\YwNHNak.exe
  2⤵
  PID:5088
- C:\Windows\System\hkptKbv.exe
  C:\Windows\System\hkptKbv.exe
  2⤵
  PID:5104
- C:\Windows\System\mOtFvaC.exe
  C:\Windows\System\mOtFvaC.exe
  2⤵
  PID:3172
- C:\Windows\System\JHuOpzz.exe
  C:\Windows\System\JHuOpzz.exe
  2⤵
  PID:3812
- C:\Windows\System\XArqvXf.exe
  C:\Windows\System\XArqvXf.exe
  2⤵
  PID:3648
- C:\Windows\System\aVbwbrP.exe
  C:\Windows\System\aVbwbrP.exe
  2⤵
  PID:3548
- C:\Windows\System\EyddzXA.exe
  C:\Windows\System\EyddzXA.exe
  2⤵
  PID:3928
- C:\Windows\System\JwASNGH.exe
  C:\Windows\System\JwASNGH.exe
  2⤵
  PID:3444
- C:\Windows\System\WVfAJKS.exe
  C:\Windows\System\WVfAJKS.exe
  2⤵
  PID:4164
- C:\Windows\System\Fhyyggx.exe
  C:\Windows\System\Fhyyggx.exe
  2⤵
  PID:3496
- C:\Windows\System\FdKgWUv.exe
  C:\Windows\System\FdKgWUv.exe
  2⤵
  PID:4348
- C:\Windows\System\pPcgMBM.exe
  C:\Windows\System\pPcgMBM.exe
  2⤵
  PID:3424
- C:\Windows\System\RrgINqe.exe
  C:\Windows\System\RrgINqe.exe
  2⤵
  PID:3236
- C:\Windows\System\ujpeWEK.exe
  C:\Windows\System\ujpeWEK.exe
  2⤵
  PID:3368
- C:\Windows\System\tjAKUXM.exe
  C:\Windows\System\tjAKUXM.exe
  2⤵
  PID:4532
- C:\Windows\System\zgFVuRR.exe
  C:\Windows\System\zgFVuRR.exe
  2⤵
  PID:4600
- C:\Windows\System\mcNBayX.exe
  C:\Windows\System\mcNBayX.exe
  2⤵
  PID:3948
- C:\Windows\System\lSGCLwd.exe
  C:\Windows\System\lSGCLwd.exe
  2⤵
  PID:3992
- C:\Windows\System\bpSoMrk.exe
  C:\Windows\System\bpSoMrk.exe
  2⤵
  PID:4060
- C:\Windows\System\PqiRbKr.exe
  C:\Windows\System\PqiRbKr.exe
  2⤵
  PID:4204
- C:\Windows\System\hUunzrA.exe
  C:\Windows\System\hUunzrA.exe
  2⤵
  PID:4280
- C:\Windows\System\vApAREW.exe
  C:\Windows\System\vApAREW.exe
  2⤵
  PID:3752
- C:\Windows\System\Hkzcpzz.exe
  C:\Windows\System\Hkzcpzz.exe
  2⤵
  PID:3104
- C:\Windows\System\tuZmnJR.exe
  C:\Windows\System\tuZmnJR.exe
  2⤵
  PID:4528
- C:\Windows\System\ToysEQB.exe
  C:\Windows\System\ToysEQB.exe
  2⤵
  PID:4124
- C:\Windows\System\gRYcmtl.exe
  C:\Windows\System\gRYcmtl.exe
  2⤵
  PID:4740
- C:\Windows\System\ENRpbDT.exe
  C:\Windows\System\ENRpbDT.exe
  2⤵
  PID:4168
- C:\Windows\System\jtthDiq.exe
  C:\Windows\System\jtthDiq.exe
  2⤵
  PID:4012
- C:\Windows\System\rNSWPHw.exe
  C:\Windows\System\rNSWPHw.exe
  2⤵
  PID:4384
- C:\Windows\System\MmqsTgt.exe
  C:\Windows\System\MmqsTgt.exe
  2⤵
  PID:4632
- C:\Windows\System\qnKlrHs.exe
  C:\Windows\System\qnKlrHs.exe
  2⤵
  PID:4256
- C:\Windows\System\HgCiNcL.exe
  C:\Windows\System\HgCiNcL.exe
  2⤵
  PID:4148
- C:\Windows\System\UnzQUKR.exe
  C:\Windows\System\UnzQUKR.exe
  2⤵
  PID:4328
- C:\Windows\System\EZGZFWL.exe
  C:\Windows\System\EZGZFWL.exe
  2⤵
  PID:4688
- C:\Windows\System\DxNbWOZ.exe
  C:\Windows\System\DxNbWOZ.exe
  2⤵
  PID:4556
- C:\Windows\System\oGENQKI.exe
  C:\Windows\System\oGENQKI.exe
  2⤵
  PID:4720
- C:\Windows\System\jDmaDKo.exe
  C:\Windows\System\jDmaDKo.exe
  2⤵
  PID:4816
- C:\Windows\System\CoqaAaZ.exe
  C:\Windows\System\CoqaAaZ.exe
  2⤵
  PID:1684
- C:\Windows\System\lLQkqnL.exe
  C:\Windows\System\lLQkqnL.exe
  2⤵
  PID:3900
- C:\Windows\System\bmNLIor.exe
  C:\Windows\System\bmNLIor.exe
  2⤵
  PID:3576
- C:\Windows\System\qucIvFm.exe
  C:\Windows\System\qucIvFm.exe
  2⤵
  PID:4308
- C:\Windows\System\hHuSrAe.exe
  C:\Windows\System\hHuSrAe.exe
  2⤵
  PID:4492
- C:\Windows\System\tpKBGkB.exe
  C:\Windows\System\tpKBGkB.exe
  2⤵
  PID:3664
- C:\Windows\System\EUQQDrL.exe
  C:\Windows\System\EUQQDrL.exe
  2⤵
  PID:3528
- C:\Windows\System\NIduWHj.exe
  C:\Windows\System\NIduWHj.exe
  2⤵
  PID:3836
- C:\Windows\System\tWOnjuk.exe
  C:\Windows\System\tWOnjuk.exe
  2⤵
  PID:4036
- C:\Windows\System\SkwwDbC.exe
  C:\Windows\System\SkwwDbC.exe
  2⤵
  PID:3580
- C:\Windows\System\Hotqsgy.exe
  C:\Windows\System\Hotqsgy.exe
  2⤵
  PID:4908
- C:\Windows\System\BaEJzKZ.exe
  C:\Windows\System\BaEJzKZ.exe
  2⤵
  PID:4144
- C:\Windows\System\GAXgjmG.exe
  C:\Windows\System\GAXgjmG.exe
  2⤵
  PID:4368
- C:\Windows\System\SXRQawz.exe
  C:\Windows\System\SXRQawz.exe
  2⤵
  PID:4472
- C:\Windows\System\xcElncQ.exe
  C:\Windows\System\xcElncQ.exe
  2⤵
  PID:4692
- C:\Windows\System\NvQaGRp.exe
  C:\Windows\System\NvQaGRp.exe
  2⤵
  PID:4844
- C:\Windows\System\VaEllei.exe
  C:\Windows\System\VaEllei.exe
  2⤵
  PID:4860
- C:\Windows\System\BEkyAOQ.exe
  C:\Windows\System\BEkyAOQ.exe
  2⤵
  PID:3344
- C:\Windows\System\srCYGTO.exe
  C:\Windows\System\srCYGTO.exe
  2⤵
  PID:4884
- C:\Windows\System\YYlRANf.exe
  C:\Windows\System\YYlRANf.exe
  2⤵
  PID:4900
- C:\Windows\System\QElUWkR.exe
  C:\Windows\System\QElUWkR.exe
  2⤵
  PID:4924
- C:\Windows\System\KISRJdq.exe
  C:\Windows\System\KISRJdq.exe
  2⤵
  PID:4940
- C:\Windows\System\SdfpvRa.exe
  C:\Windows\System\SdfpvRa.exe
  2⤵
  PID:4824
- C:\Windows\System\GHfXNGd.exe
  C:\Windows\System\GHfXNGd.exe
  2⤵
  PID:4852
- C:\Windows\System\gxQJJHE.exe
  C:\Windows\System\gxQJJHE.exe
  2⤵
  PID:5096
- C:\Windows\System\kBHjwut.exe
  C:\Windows\System\kBHjwut.exe
  2⤵
  PID:3204
- C:\Windows\System\vcfBsIO.exe
  C:\Windows\System\vcfBsIO.exe
  2⤵
  PID:4832
- C:\Windows\System\GAoEJLc.exe
  C:\Windows\System\GAoEJLc.exe
  2⤵
  PID:4380
- C:\Windows\System\kydYAoN.exe
  C:\Windows\System\kydYAoN.exe
  2⤵
  PID:4324
- C:\Windows\System\puTbMTj.exe
  C:\Windows\System\puTbMTj.exe
  2⤵
  PID:4952
- C:\Windows\System\cnBMugX.exe
  C:\Windows\System\cnBMugX.exe
  2⤵
  PID:4836
- C:\Windows\System\LAbejvf.exe
  C:\Windows\System\LAbejvf.exe
  2⤵
  PID:5116
- C:\Windows\System\AsqVsbo.exe
  C:\Windows\System\AsqVsbo.exe
  2⤵
  PID:4872
- C:\Windows\System\XezPLNt.exe
  C:\Windows\System\XezPLNt.exe
  2⤵
  PID:4108
- C:\Windows\System\BqkEHjA.exe
  C:\Windows\System\BqkEHjA.exe
  2⤵
  PID:1928
- C:\Windows\System\zJeQjyt.exe
  C:\Windows\System\zJeQjyt.exe
  2⤵
  PID:4672
- C:\Windows\System\lXdcAxf.exe
  C:\Windows\System\lXdcAxf.exe
  2⤵
  PID:4496
- C:\Windows\System\jGqoYgK.exe
  C:\Windows\System\jGqoYgK.exe
  2⤵
  PID:4440
- C:\Windows\System\OYmvPPM.exe
  C:\Windows\System\OYmvPPM.exe
  2⤵
  PID:4812
- C:\Windows\System\bQLSpIN.exe
  C:\Windows\System\bQLSpIN.exe
  2⤵
  PID:3460
- C:\Windows\System\MLHyIXQ.exe
  C:\Windows\System\MLHyIXQ.exe
  2⤵
  PID:3984
- C:\Windows\System\iDPvAXj.exe
  C:\Windows\System\iDPvAXj.exe
  2⤵
  PID:3968
- C:\Windows\System\GsSzbLB.exe
  C:\Windows\System\GsSzbLB.exe
  2⤵
  PID:2780
- C:\Windows\System\QXPkCZu.exe
  C:\Windows\System\QXPkCZu.exe
  2⤵
  PID:3148
- C:\Windows\System\oNEcYiI.exe
  C:\Windows\System\oNEcYiI.exe
  2⤵
  PID:4428
- C:\Windows\System\ieIxzlD.exe
  C:\Windows\System\ieIxzlD.exe
  2⤵
  PID:4804
- C:\Windows\System\nunlanu.exe
  C:\Windows\System\nunlanu.exe
  2⤵
  PID:4312
- C:\Windows\System\rrrXBYO.exe
  C:\Windows\System\rrrXBYO.exe
  2⤵
  PID:3896
- C:\Windows\System\jRqcWLw.exe
  C:\Windows\System\jRqcWLw.exe
  2⤵
  PID:3956
- C:\Windows\System\VXVAKYn.exe
  C:\Windows\System\VXVAKYn.exe
  2⤵
  PID:3848
- C:\Windows\System\fcXGtVt.exe
  C:\Windows\System\fcXGtVt.exe
  2⤵
  PID:4264
- C:\Windows\System\DREHxon.exe
  C:\Windows\System\DREHxon.exe
  2⤵
  PID:3868
- C:\Windows\System\aiJHvEW.exe
  C:\Windows\System\aiJHvEW.exe
  2⤵
  PID:4864
- C:\Windows\System\CDCCOZJ.exe
  C:\Windows\System\CDCCOZJ.exe
  2⤵
  PID:4708
- C:\Windows\System\KZNGWgt.exe
  C:\Windows\System\KZNGWgt.exe
  2⤵
  PID:3132
- C:\Windows\System\wxcAfDr.exe
  C:\Windows\System\wxcAfDr.exe
  2⤵
  PID:4892
- C:\Windows\System\kFXIxJH.exe
  C:\Windows\System\kFXIxJH.exe
  2⤵
  PID:3520
- C:\Windows\System\lvqWeDl.exe
  C:\Windows\System\lvqWeDl.exe
  2⤵
  PID:2420
- C:\Windows\System\ZYJBqtH.exe
  C:\Windows\System\ZYJBqtH.exe
  2⤵
  PID:3264
- C:\Windows\System\bCVXvTp.exe
  C:\Windows\System\bCVXvTp.exe
  2⤵
  PID:4880
- C:\Windows\System\uUTHGwP.exe
  C:\Windows\System\uUTHGwP.exe
  2⤵
  PID:4800
- C:\Windows\System\AHeHsSp.exe
  C:\Windows\System\AHeHsSp.exe
  2⤵
  PID:4972
- C:\Windows\System\SdGJUYz.exe
  C:\Windows\System\SdGJUYz.exe
  2⤵
  PID:4956
- C:\Windows\System\bgqIMVu.exe
  C:\Windows\System\bgqIMVu.exe
  2⤵
  PID:4296
- C:\Windows\System\nhneXcT.exe
  C:\Windows\System\nhneXcT.exe
  2⤵
  PID:3572
- C:\Windows\System\dlxHjma.exe
  C:\Windows\System\dlxHjma.exe
  2⤵
  PID:5020
- C:\Windows\System\NJLZqtG.exe
  C:\Windows\System\NJLZqtG.exe
  2⤵
  PID:4868
- C:\Windows\System\gRfYgZT.exe
  C:\Windows\System\gRfYgZT.exe
  2⤵
  PID:3128
- C:\Windows\System\UsFBtjK.exe
  C:\Windows\System\UsFBtjK.exe
  2⤵
  PID:3404
- C:\Windows\System\tDtfKkS.exe
  C:\Windows\System\tDtfKkS.exe
  2⤵
  PID:4932
- C:\Windows\System\dGXhEWK.exe
  C:\Windows\System\dGXhEWK.exe
  2⤵
  PID:3440
- C:\Windows\System\tCqJdrG.exe
  C:\Windows\System\tCqJdrG.exe
  2⤵
  PID:3852
- C:\Windows\System\uGBwZur.exe
  C:\Windows\System\uGBwZur.exe
  2⤵
  PID:3076
- C:\Windows\System\ntNySSz.exe
  C:\Windows\System\ntNySSz.exe
  2⤵
  PID:2280
- C:\Windows\System\jiIGIBL.exe
  C:\Windows\System\jiIGIBL.exe
  2⤵
  PID:4412
- C:\Windows\System\faKphRv.exe
  C:\Windows\System\faKphRv.exe
  2⤵
  PID:4772
- C:\Windows\System\lPVhAHl.exe
  C:\Windows\System\lPVhAHl.exe
  2⤵
  PID:3092
- C:\Windows\System\wAvKdGi.exe
  C:\Windows\System\wAvKdGi.exe
  2⤵
  PID:4916
- C:\Windows\System\RBfdDin.exe
  C:\Windows\System\RBfdDin.exe
  2⤵
  PID:4780
- C:\Windows\System\hEbQAtk.exe
  C:\Windows\System\hEbQAtk.exe
  2⤵
  PID:4112
- C:\Windows\System\kPqjtTb.exe
  C:\Windows\System\kPqjtTb.exe
  2⤵
  PID:4220
- C:\Windows\System\tnJoMgr.exe
  C:\Windows\System\tnJoMgr.exe
  2⤵
  PID:5084
- C:\Windows\System\wmAHpYv.exe
  C:\Windows\System\wmAHpYv.exe
  2⤵
  PID:4728
- C:\Windows\System\giyZQuH.exe
  C:\Windows\System\giyZQuH.exe
  2⤵
  PID:4584
- C:\Windows\System\ODxpXQJ.exe
  C:\Windows\System\ODxpXQJ.exe
  2⤵
  PID:3140
- C:\Windows\System\jTxlrlu.exe
  C:\Windows\System\jTxlrlu.exe
  2⤵
  PID:4088
- C:\Windows\System\diGprsB.exe
  C:\Windows\System\diGprsB.exe
  2⤵
  PID:5152
- C:\Windows\System\fyDxkSS.exe
  C:\Windows\System\fyDxkSS.exe
  2⤵
  PID:5172
- C:\Windows\System\nGaJdtq.exe
  C:\Windows\System\nGaJdtq.exe
  2⤵
  PID:5192
- C:\Windows\System\ErMUMyK.exe
  C:\Windows\System\ErMUMyK.exe
  2⤵
  PID:5208
- C:\Windows\System\HZAIalY.exe
  C:\Windows\System\HZAIalY.exe
  2⤵
  PID:5224
- C:\Windows\System\sJWRqti.exe
  C:\Windows\System\sJWRqti.exe
  2⤵
  PID:5240
- C:\Windows\System\hclpKWb.exe
  C:\Windows\System\hclpKWb.exe
  2⤵
  PID:5256
- C:\Windows\System\epVVFyn.exe
  C:\Windows\System\epVVFyn.exe
  2⤵
  PID:5272
- C:\Windows\System\MluFuCh.exe
  C:\Windows\System\MluFuCh.exe
  2⤵
  PID:5288
- C:\Windows\System\DFjLDIJ.exe
  C:\Windows\System\DFjLDIJ.exe
  2⤵
  PID:5304
- C:\Windows\System\hvJlFKY.exe
  C:\Windows\System\hvJlFKY.exe
  2⤵
  PID:5320
- C:\Windows\System\sSafyhZ.exe
  C:\Windows\System\sSafyhZ.exe
  2⤵
  PID:5340
- C:\Windows\System\VzobceG.exe
  C:\Windows\System\VzobceG.exe
  2⤵
  PID:5356
- C:\Windows\System\HOATdWR.exe
  C:\Windows\System\HOATdWR.exe
  2⤵
  PID:5376
- C:\Windows\System\cXUYUPp.exe
  C:\Windows\System\cXUYUPp.exe
  2⤵
  PID:5400
- C:\Windows\System\XKeWCWN.exe
  C:\Windows\System\XKeWCWN.exe
  2⤵
  PID:5424
- C:\Windows\System\VzYyRwr.exe
  C:\Windows\System\VzYyRwr.exe
  2⤵
  PID:5440
- C:\Windows\System\MwSWRVf.exe
  C:\Windows\System\MwSWRVf.exe
  2⤵
  PID:5456
- C:\Windows\System\AIhnsxk.exe
  C:\Windows\System\AIhnsxk.exe
  2⤵
  PID:5472
- C:\Windows\System\UEcZgaT.exe
  C:\Windows\System\UEcZgaT.exe
  2⤵
  PID:5488
- C:\Windows\System\OcOeokc.exe
  C:\Windows\System\OcOeokc.exe
  2⤵
  PID:5504
- C:\Windows\System\IdNzoVH.exe
  C:\Windows\System\IdNzoVH.exe
  2⤵
  PID:5520
- C:\Windows\System\JlOElJK.exe
  C:\Windows\System\JlOElJK.exe
  2⤵
  PID:5536
- C:\Windows\System\LgEbiHX.exe
  C:\Windows\System\LgEbiHX.exe
  2⤵
  PID:5580
- C:\Windows\System\tvdqiYv.exe
  C:\Windows\System\tvdqiYv.exe
  2⤵
  PID:5600
- C:\Windows\System\ugcdDxQ.exe
  C:\Windows\System\ugcdDxQ.exe
  2⤵
  PID:5616
- C:\Windows\System\YPEdmdB.exe
  C:\Windows\System\YPEdmdB.exe
  2⤵
  PID:5640
- C:\Windows\System\VfKBrdz.exe
  C:\Windows\System\VfKBrdz.exe
  2⤵
  PID:5656
- C:\Windows\System\AOeCWlB.exe
  C:\Windows\System\AOeCWlB.exe
  2⤵
  PID:5680
- C:\Windows\System\UymIDdE.exe
  C:\Windows\System\UymIDdE.exe
  2⤵
  PID:5704
- C:\Windows\System\wapfwOT.exe
  C:\Windows\System\wapfwOT.exe
  2⤵
  PID:5720
- C:\Windows\System\KLhYbTJ.exe
  C:\Windows\System\KLhYbTJ.exe
  2⤵
  PID:5736
- C:\Windows\System\EYoayaV.exe
  C:\Windows\System\EYoayaV.exe
  2⤵
  PID:5752
- C:\Windows\System\LrOssHi.exe
  C:\Windows\System\LrOssHi.exe
  2⤵
  PID:5768
- C:\Windows\System\QAWFafL.exe
  C:\Windows\System\QAWFafL.exe
  2⤵
  PID:5784
- C:\Windows\System\nZhacjJ.exe
  C:\Windows\System\nZhacjJ.exe
  2⤵
  PID:5808
- C:\Windows\System\oZhLLns.exe
  C:\Windows\System\oZhLLns.exe
  2⤵
  PID:5824
- C:\Windows\System\gvhLkOn.exe
  C:\Windows\System\gvhLkOn.exe
  2⤵
  PID:5848
- C:\Windows\System\NqVWTiz.exe
  C:\Windows\System\NqVWTiz.exe
  2⤵
  PID:5864
- C:\Windows\System\mAGqjwD.exe
  C:\Windows\System\mAGqjwD.exe
  2⤵
  PID:5880
- C:\Windows\System\zLNYLyo.exe
  C:\Windows\System\zLNYLyo.exe
  2⤵
  PID:5896
- C:\Windows\System\fDbJRUx.exe
  C:\Windows\System\fDbJRUx.exe
  2⤵
  PID:5920
- C:\Windows\System\HlZeMMz.exe
  C:\Windows\System\HlZeMMz.exe
  2⤵
  PID:5936
- C:\Windows\System\ZfQcHAb.exe
  C:\Windows\System\ZfQcHAb.exe
  2⤵
  PID:5952
- C:\Windows\System\ydoAUzu.exe
  C:\Windows\System\ydoAUzu.exe
  2⤵
  PID:5968
- C:\Windows\System\cMWZUUl.exe
  C:\Windows\System\cMWZUUl.exe
  2⤵
  PID:5984
- C:\Windows\System\DatplwA.exe
  C:\Windows\System\DatplwA.exe
  2⤵
  PID:6000
- C:\Windows\System\bEocgjI.exe
  C:\Windows\System\bEocgjI.exe
  2⤵
  PID:6024
- C:\Windows\System\kGFXTFr.exe
  C:\Windows\System\kGFXTFr.exe
  2⤵
  PID:6040
- C:\Windows\System\bxeXQwu.exe
  C:\Windows\System\bxeXQwu.exe
  2⤵
  PID:6056
- C:\Windows\System\bpTumod.exe
  C:\Windows\System\bpTumod.exe
  2⤵
  PID:6080
- C:\Windows\System\bmNRwFW.exe
  C:\Windows\System\bmNRwFW.exe
  2⤵
  PID:6096
- C:\Windows\System\qKScYXO.exe
  C:\Windows\System\qKScYXO.exe
  2⤵
  PID:6112
- C:\Windows\System\eAbvnuA.exe
  C:\Windows\System\eAbvnuA.exe
  2⤵
  PID:6128
- C:\Windows\System\oStDDLq.exe
  C:\Windows\System\oStDDLq.exe
  2⤵
  PID:1488
- C:\Windows\System\xTgBVjk.exe
  C:\Windows\System\xTgBVjk.exe
  2⤵
  PID:5216
- C:\Windows\System\IhvESvm.exe
  C:\Windows\System\IhvESvm.exe
  2⤵
  PID:5296
- C:\Windows\System\IqhmTsC.exe
  C:\Windows\System\IqhmTsC.exe
  2⤵
  PID:5232
- C:\Windows\System\vKHPQCI.exe
  C:\Windows\System\vKHPQCI.exe
  2⤵
  PID:5312
- C:\Windows\System\UYxVJSj.exe
  C:\Windows\System\UYxVJSj.exe
  2⤵
  PID:5388
- C:\Windows\System\muBobfx.exe
  C:\Windows\System\muBobfx.exe
  2⤵
  PID:5496
- C:\Windows\System\JJxnsnL.exe
  C:\Windows\System\JJxnsnL.exe
  2⤵
  PID:5468
- C:\Windows\System\sstKlsE.exe
  C:\Windows\System\sstKlsE.exe
  2⤵
  PID:5420
- C:\Windows\System\xOXKMES.exe
  C:\Windows\System\xOXKMES.exe
  2⤵
  PID:5480
- C:\Windows\System\zaZkbsJ.exe
  C:\Windows\System\zaZkbsJ.exe
  2⤵
  PID:5408
- C:\Windows\System\DjILXXt.exe
  C:\Windows\System\DjILXXt.exe
  2⤵
  PID:5528
- C:\Windows\System\fvWnUmL.exe
  C:\Windows\System\fvWnUmL.exe
  2⤵
  PID:5596
- C:\Windows\System\DoSewvt.exe
  C:\Windows\System\DoSewvt.exe
  2⤵
  PID:5664
- C:\Windows\System\cbHxmEh.exe
  C:\Windows\System\cbHxmEh.exe
  2⤵
  PID:5564
- C:\Windows\System\DnGEnGk.exe
  C:\Windows\System\DnGEnGk.exe
  2⤵
  PID:5568
- C:\Windows\System\tlhjiMG.exe
  C:\Windows\System\tlhjiMG.exe
  2⤵
  PID:5668
- C:\Windows\System\YhqdpAv.exe
  C:\Windows\System\YhqdpAv.exe
  2⤵
  PID:5748
- C:\Windows\System\HqgqfQR.exe
  C:\Windows\System\HqgqfQR.exe
  2⤵
  PID:5804
- C:\Windows\System\LpMwVtR.exe
  C:\Windows\System\LpMwVtR.exe
  2⤵
  PID:5860
- C:\Windows\System\HmWktPI.exe
  C:\Windows\System\HmWktPI.exe
  2⤵
  PID:5700
- C:\Windows\System\cBaHHuo.exe
  C:\Windows\System\cBaHHuo.exe
  2⤵
  PID:5892
- C:\Windows\System\fhaKgUo.exe
  C:\Windows\System\fhaKgUo.exe
  2⤵
  PID:5960
- C:\Windows\System\nrpwGhJ.exe
  C:\Windows\System\nrpwGhJ.exe
  2⤵
  PID:5876
- C:\Windows\System\ypXzdBl.exe
  C:\Windows\System\ypXzdBl.exe
  2⤵
  PID:5992
- C:\Windows\System\vXgugPA.exe
  C:\Windows\System\vXgugPA.exe
  2⤵
  PID:6016
- C:\Windows\System\YsuVByK.exe
  C:\Windows\System\YsuVByK.exe
  2⤵
  PID:5908
- C:\Windows\System\JOwKfTW.exe
  C:\Windows\System\JOwKfTW.exe
  2⤵
  PID:6076
- C:\Windows\System\GhwKvrL.exe
  C:\Windows\System\GhwKvrL.exe
  2⤵
  PID:2868
- C:\Windows\System\ZvGyZFM.exe
  C:\Windows\System\ZvGyZFM.exe
  2⤵
  PID:5112
- C:\Windows\System\kxvwbaO.exe
  C:\Windows\System\kxvwbaO.exe
  2⤵
  PID:6092
- C:\Windows\System\hktUyzw.exe
  C:\Windows\System\hktUyzw.exe
  2⤵
  PID:5128
- C:\Windows\System\dSoLTdC.exe
  C:\Windows\System\dSoLTdC.exe
  2⤵
  PID:5856
- C:\Windows\System\smXLsPz.exe
  C:\Windows\System\smXLsPz.exe
  2⤵
  PID:5796
- C:\Windows\System\Oearrqp.exe
  C:\Windows\System\Oearrqp.exe
  2⤵
  PID:5996
- C:\Windows\System\AXeXOHg.exe
  C:\Windows\System\AXeXOHg.exe
  2⤵
  PID:2632
- C:\Windows\System\uKXkRCO.exe
  C:\Windows\System\uKXkRCO.exe
  2⤵
  PID:5648
- C:\Windows\System\XuWuNBh.exe
  C:\Windows\System\XuWuNBh.exe
  2⤵
  PID:5236
- C:\Windows\System\bQETmvF.exe
  C:\Windows\System\bQETmvF.exe
  2⤵
  PID:6048
- C:\Windows\System\mQaKAwe.exe
  C:\Windows\System\mQaKAwe.exe
  2⤵
  PID:5676
- C:\Windows\System\RQiMexr.exe
  C:\Windows\System\RQiMexr.exe
  2⤵
  PID:5636
- C:\Windows\System\nSJkUHt.exe
  C:\Windows\System\nSJkUHt.exe
  2⤵
  PID:6032
- C:\Windows\System\FpUhzMK.exe
  C:\Windows\System\FpUhzMK.exe
  2⤵
  PID:5820
- C:\Windows\System\VgkYZwo.exe
  C:\Windows\System\VgkYZwo.exe
  2⤵
  PID:5672
- C:\Windows\System\gzHbLiz.exe
  C:\Windows\System\gzHbLiz.exe
  2⤵
  PID:5132
- C:\Windows\System\MtpBwkz.exe
  C:\Windows\System\MtpBwkz.exe
  2⤵
  PID:6120
- C:\Windows\System\AfDrzcO.exe
  C:\Windows\System\AfDrzcO.exe
  2⤵
  PID:6012
- C:\Windows\System\hRExokp.exe
  C:\Windows\System\hRExokp.exe
  2⤵
  PID:5248
- C:\Windows\System\KiHGBNq.exe
  C:\Windows\System\KiHGBNq.exe
  2⤵
  PID:5144
- C:\Windows\System\grzbsBG.exe
  C:\Windows\System\grzbsBG.exe
  2⤵
  PID:5068
- C:\Windows\System\fnxfKtz.exe
  C:\Windows\System\fnxfKtz.exe
  2⤵
  PID:5328
- C:\Windows\System\mcXmLce.exe
  C:\Windows\System\mcXmLce.exe
  2⤵
  PID:5372
- C:\Windows\System\zMBLnfP.exe
  C:\Windows\System\zMBLnfP.exe
  2⤵
  PID:5692
- C:\Windows\System\QvUnwHr.exe
  C:\Windows\System\QvUnwHr.exe
  2⤵
  PID:5548
- C:\Windows\System\QJPxqYe.exe
  C:\Windows\System\QJPxqYe.exe
  2⤵
  PID:5560
- C:\Windows\System\JsAfeTn.exe
  C:\Windows\System\JsAfeTn.exe
  2⤵
  PID:5352
- C:\Windows\System\FGgoXwm.exe
  C:\Windows\System\FGgoXwm.exe
  2⤵
  PID:5976
- C:\Windows\System\OBWaGxX.exe
  C:\Windows\System\OBWaGxX.exe
  2⤵
  PID:5628
- C:\Windows\System\qRIaQVG.exe
  C:\Windows\System\qRIaQVG.exe
  2⤵
  PID:5412
- C:\Windows\System\liPNoGF.exe
  C:\Windows\System\liPNoGF.exe
  2⤵
  PID:5464
- C:\Windows\System\RxIOylz.exe
  C:\Windows\System\RxIOylz.exe
  2⤵
  PID:5836
- C:\Windows\System\JVkMUpr.exe
  C:\Windows\System\JVkMUpr.exe
  2⤵
  PID:5944
- C:\Windows\System\afDYXLR.exe
  C:\Windows\System\afDYXLR.exe
  2⤵
  PID:4260
- C:\Windows\System\ebXHcid.exe
  C:\Windows\System\ebXHcid.exe
  2⤵
  PID:5364
- C:\Windows\System\tTBQEXl.exe
  C:\Windows\System\tTBQEXl.exe
  2⤵
  PID:5264
- C:\Windows\System\LsLxRWO.exe
  C:\Windows\System\LsLxRWO.exe
  2⤵
  PID:5200
- C:\Windows\System\ebmriJU.exe
  C:\Windows\System\ebmriJU.exe
  2⤵
  PID:5696
- C:\Windows\System\SjCwGQj.exe
  C:\Windows\System\SjCwGQj.exe
  2⤵
  PID:5160
- C:\Windows\System\QxhBPcF.exe
  C:\Windows\System\QxhBPcF.exe
  2⤵
  PID:5384
- C:\Windows\System\acaxLCy.exe
  C:\Windows\System\acaxLCy.exe
  2⤵
  PID:4748
- C:\Windows\System\luXWFZf.exe
  C:\Windows\System\luXWFZf.exe
  2⤵
  PID:5168
- C:\Windows\System\XJGCyxj.exe
  C:\Windows\System\XJGCyxj.exe
  2⤵
  PID:6072
- C:\Windows\System\BzaeQBM.exe
  C:\Windows\System\BzaeQBM.exe
  2⤵
  PID:5544
- C:\Windows\System\BrfoUGq.exe
  C:\Windows\System\BrfoUGq.exe
  2⤵
  PID:6156
- C:\Windows\System\cxBUBkg.exe
  C:\Windows\System\cxBUBkg.exe
  2⤵
  PID:6180
- C:\Windows\System\vLQAXcJ.exe
  C:\Windows\System\vLQAXcJ.exe
  2⤵
  PID:6196
- C:\Windows\System\gREuClt.exe
  C:\Windows\System\gREuClt.exe
  2⤵
  PID:6212
- C:\Windows\System\loQzqkb.exe
  C:\Windows\System\loQzqkb.exe
  2⤵
  PID:6228
- C:\Windows\System\bdkkyCb.exe
  C:\Windows\System\bdkkyCb.exe
  2⤵
  PID:6244
- C:\Windows\System\rFUciVf.exe
  C:\Windows\System\rFUciVf.exe
  2⤵
  PID:6260
- C:\Windows\System\klVbvAk.exe
  C:\Windows\System\klVbvAk.exe
  2⤵
  PID:6280
- C:\Windows\System\nGVLxkL.exe
  C:\Windows\System\nGVLxkL.exe
  2⤵
  PID:6296
- C:\Windows\System\BNBeRzD.exe
  C:\Windows\System\BNBeRzD.exe
  2⤵
  PID:6312
- C:\Windows\System\dgNFsvY.exe
  C:\Windows\System\dgNFsvY.exe
  2⤵
  PID:6404
- C:\Windows\System\KvtghrM.exe
  C:\Windows\System\KvtghrM.exe
  2⤵
  PID:6420
- C:\Windows\System\rXZzJnM.exe
  C:\Windows\System\rXZzJnM.exe
  2⤵
  PID:6436
- C:\Windows\System\BICszUi.exe
  C:\Windows\System\BICszUi.exe
  2⤵
  PID:6452
- C:\Windows\System\AZzbPKR.exe
  C:\Windows\System\AZzbPKR.exe
  2⤵
  PID:6468
- C:\Windows\System\sDrHThL.exe
  C:\Windows\System\sDrHThL.exe
  2⤵
  PID:6484
- C:\Windows\System\dZlrBGf.exe
  C:\Windows\System\dZlrBGf.exe
  2⤵
  PID:6500
- C:\Windows\System\eRRHKUe.exe
  C:\Windows\System\eRRHKUe.exe
  2⤵
  PID:6516
- C:\Windows\System\MiOBWZL.exe
  C:\Windows\System\MiOBWZL.exe
  2⤵
  PID:6532
- C:\Windows\System\YraCJef.exe
  C:\Windows\System\YraCJef.exe
  2⤵
  PID:6556
- C:\Windows\System\xlYHzBc.exe
  C:\Windows\System\xlYHzBc.exe
  2⤵
  PID:6580
- C:\Windows\System\aCqTSUJ.exe
  C:\Windows\System\aCqTSUJ.exe
  2⤵
  PID:6596
- C:\Windows\System\UrAXyAR.exe
  C:\Windows\System\UrAXyAR.exe
  2⤵
  PID:6616
- C:\Windows\System\UDbyKlk.exe
  C:\Windows\System\UDbyKlk.exe
  2⤵
  PID:6784
- C:\Windows\System\HVnwdOX.exe
  C:\Windows\System\HVnwdOX.exe
  2⤵
  PID:6824
- C:\Windows\System\CIwTmUm.exe
  C:\Windows\System\CIwTmUm.exe
  2⤵
  PID:6844
- C:\Windows\System\eSTgqFZ.exe
  C:\Windows\System\eSTgqFZ.exe
  2⤵
  PID:6864
- C:\Windows\System\eRRZnJL.exe
  C:\Windows\System\eRRZnJL.exe
  2⤵
  PID:7040
- C:\Windows\System\RPHTgjp.exe
  C:\Windows\System\RPHTgjp.exe
  2⤵
  PID:7056
- C:\Windows\System\OCLiYkR.exe
  C:\Windows\System\OCLiYkR.exe
  2⤵
  PID:7072
- C:\Windows\System\wywToCE.exe
  C:\Windows\System\wywToCE.exe
  2⤵
  PID:7088
- C:\Windows\System\mNecVsY.exe
  C:\Windows\System\mNecVsY.exe
  2⤵
  PID:7104
- C:\Windows\System\lfMGIeJ.exe
  C:\Windows\System\lfMGIeJ.exe
  2⤵
  PID:7124
- C:\Windows\System\CtnIBqS.exe
  C:\Windows\System\CtnIBqS.exe
  2⤵
  PID:7152
- C:\Windows\System\OsfXgqU.exe
  C:\Windows\System\OsfXgqU.exe
  2⤵
  PID:5184
- C:\Windows\System\CUWvzFT.exe
  C:\Windows\System\CUWvzFT.exe
  2⤵
  PID:6208
- C:\Windows\System\QEVHIVQ.exe
  C:\Windows\System\QEVHIVQ.exe
  2⤵
  PID:5588
- C:\Windows\System\lVfkDLs.exe
  C:\Windows\System\lVfkDLs.exe
  2⤵
  PID:6192
- C:\Windows\System\ArWMjtE.exe
  C:\Windows\System\ArWMjtE.exe
  2⤵
  PID:6292
- C:\Windows\System\zmGAoNL.exe
  C:\Windows\System\zmGAoNL.exe
  2⤵
  PID:6336
- C:\Windows\System\IRLRxUc.exe
  C:\Windows\System\IRLRxUc.exe
  2⤵
  PID:6508
- C:\Windows\System\nRRxzgA.exe
  C:\Windows\System\nRRxzgA.exe
  2⤵
  PID:6552
- C:\Windows\System\IQEyHAO.exe
  C:\Windows\System\IQEyHAO.exe
  2⤵
  PID:6348
- C:\Windows\System\xFouyEb.exe
  C:\Windows\System\xFouyEb.exe
  2⤵
  PID:6396
- C:\Windows\System\LubnWPM.exe
  C:\Windows\System\LubnWPM.exe
  2⤵
  PID:6332
- C:\Windows\System\mSAnWYu.exe
  C:\Windows\System\mSAnWYu.exe
  2⤵
  PID:6524
- C:\Windows\System\TkfyEjF.exe
  C:\Windows\System\TkfyEjF.exe
  2⤵
  PID:6632
- C:\Windows\System\KkAjiep.exe
  C:\Windows\System\KkAjiep.exe
  2⤵
  PID:6604
- C:\Windows\System\zShWzRS.exe
  C:\Windows\System\zShWzRS.exe
  2⤵
  PID:6636
- C:\Windows\System\bLeQhqI.exe
  C:\Windows\System\bLeQhqI.exe
  2⤵
  PID:6564
- C:\Windows\System\GijipVt.exe
  C:\Windows\System\GijipVt.exe
  2⤵
  PID:6660
- C:\Windows\System\QJqHyEt.exe
  C:\Windows\System\QJqHyEt.exe
  2⤵
  PID:6684
- C:\Windows\System\Hicbgai.exe
  C:\Windows\System\Hicbgai.exe
  2⤵
  PID:6704
- C:\Windows\System\clxiROE.exe
  C:\Windows\System\clxiROE.exe
  2⤵
  PID:6720
- C:\Windows\System\PvVcMAP.exe
  C:\Windows\System\PvVcMAP.exe
  2⤵
  PID:6732
- C:\Windows\System\GHFAxoz.exe
  C:\Windows\System\GHFAxoz.exe
  2⤵
  PID:6760
- C:\Windows\System\CxFDcRQ.exe
  C:\Windows\System\CxFDcRQ.exe
  2⤵
  PID:996
- C:\Windows\System\oNSljnE.exe
  C:\Windows\System\oNSljnE.exe
  2⤵
  PID:6780
- C:\Windows\System\nvYBzxa.exe
  C:\Windows\System\nvYBzxa.exe
  2⤵
  PID:6812
- C:\Windows\System\CEqYglC.exe
  C:\Windows\System\CEqYglC.exe
  2⤵
  PID:6776
- C:\Windows\System\kruWnpT.exe
  C:\Windows\System\kruWnpT.exe
  2⤵
  PID:6880
- C:\Windows\System\CnUFppG.exe
  C:\Windows\System\CnUFppG.exe
  2⤵
  PID:6940
- C:\Windows\System\iCFvQLH.exe
  C:\Windows\System\iCFvQLH.exe
  2⤵
  PID:6956
- C:\Windows\System\YOuKkjj.exe
  C:\Windows\System\YOuKkjj.exe
  2⤵
  PID:6980
- C:\Windows\System\dftxEaS.exe
  C:\Windows\System\dftxEaS.exe
  2⤵
  PID:1660
- C:\Windows\System\AuoqMNB.exe
  C:\Windows\System\AuoqMNB.exe
  2⤵
  PID:7016
- C:\Windows\System\NmFNdmM.exe
  C:\Windows\System\NmFNdmM.exe
  2⤵
  PID:7064
- C:\Windows\System\bfQbcLn.exe
  C:\Windows\System\bfQbcLn.exe
  2⤵
  PID:7080
- C:\Windows\System\PCWTBVG.exe
  C:\Windows\System\PCWTBVG.exe
  2⤵
  PID:6168
- C:\Windows\System\aEzYZTF.exe
  C:\Windows\System\aEzYZTF.exe
  2⤵
  PID:6176
- C:\Windows\System\QoEKxnV.exe
  C:\Windows\System\QoEKxnV.exe
  2⤵
  PID:6464
- C:\Windows\System\rstsREv.exe
  C:\Windows\System\rstsREv.exe
  2⤵
  PID:6360
- C:\Windows\System\MXiCfDL.exe
  C:\Windows\System\MXiCfDL.exe
  2⤵
  PID:6372
- C:\Windows\System\GbnjcTL.exe
  C:\Windows\System\GbnjcTL.exe
  2⤵
  PID:6680
- C:\Windows\System\LRBpsOg.exe
  C:\Windows\System\LRBpsOg.exe
  2⤵
  PID:6432
- C:\Windows\System\qfGOLVh.exe
  C:\Windows\System\qfGOLVh.exe
  2⤵
  PID:6288
- C:\Windows\System\dzpuMRT.exe
  C:\Windows\System\dzpuMRT.exe
  2⤵
  PID:6716
- C:\Windows\System\IXcThPg.exe
  C:\Windows\System\IXcThPg.exe
  2⤵
  PID:6896
- C:\Windows\System\vQYfiON.exe
  C:\Windows\System\vQYfiON.exe
  2⤵
  PID:6384
- C:\Windows\System\MLqVLQn.exe
  C:\Windows\System\MLqVLQn.exe
  2⤵
  PID:6644
- C:\Windows\System\wHHtWsi.exe
  C:\Windows\System\wHHtWsi.exe
  2⤵
  PID:7032
- C:\Windows\System\iMfpMzU.exe
  C:\Windows\System\iMfpMzU.exe
  2⤵
  PID:6804
- C:\Windows\System\KmpIyIP.exe
  C:\Windows\System\KmpIyIP.exe
  2⤵
  PID:5512
- C:\Windows\System\kiidqtU.exe
  C:\Windows\System\kiidqtU.exe
  2⤵
  PID:6460
- C:\Windows\System\gaqXniH.exe
  C:\Windows\System\gaqXniH.exe
  2⤵
  PID:6592
- C:\Windows\System\GAsLkkI.exe
  C:\Windows\System\GAsLkkI.exe
  2⤵
  PID:6876
- C:\Windows\System\bjdvWQW.exe
  C:\Windows\System\bjdvWQW.exe
  2⤵
  PID:6992
- C:\Windows\System\SyJMeWN.exe
  C:\Windows\System\SyJMeWN.exe
  2⤵
  PID:6952
- C:\Windows\System\yomvGbj.exe
  C:\Windows\System\yomvGbj.exe
  2⤵
  PID:7112
- C:\Windows\System\VpaLpnp.exe
  C:\Windows\System\VpaLpnp.exe
  2⤵
  PID:7096
- C:\Windows\System\GvhKgsq.exe
  C:\Windows\System\GvhKgsq.exe
  2⤵
  PID:6272
- C:\Windows\System\KFVfgnV.exe
  C:\Windows\System\KFVfgnV.exe
  2⤵
  PID:6240
- C:\Windows\System\iXEHUBf.exe
  C:\Windows\System\iXEHUBf.exe
  2⤵
  PID:5280
- C:\Windows\System\HWhDGgN.exe
  C:\Windows\System\HWhDGgN.exe
  2⤵
  PID:6148
- C:\Windows\System\ElAwXnK.exe
  C:\Windows\System\ElAwXnK.exe
  2⤵
  PID:6412
- C:\Windows\System\xFnHGEg.exe
  C:\Windows\System\xFnHGEg.exe
  2⤵
  PID:6548
- C:\Windows\System\UEaFLPB.exe
  C:\Windows\System\UEaFLPB.exe
  2⤵
  PID:6648
- C:\Windows\System\NAzHpdY.exe
  C:\Windows\System\NAzHpdY.exe
  2⤵
  PID:6652
- C:\Windows\System\uptmVkq.exe
  C:\Windows\System\uptmVkq.exe
  2⤵
  PID:6888
- C:\Windows\System\VgzBRGr.exe
  C:\Windows\System\VgzBRGr.exe
  2⤵
  PID:1640
- C:\Windows\System\jWNyVDT.exe
  C:\Windows\System\jWNyVDT.exe
  2⤵
  PID:6856
- C:\Windows\System\zUlHNBG.exe
  C:\Windows\System\zUlHNBG.exe
  2⤵
  PID:6744
- C:\Windows\System\gipoJIe.exe
  C:\Windows\System\gipoJIe.exe
  2⤵
  PID:6480
- C:\Windows\System\TLgnAtW.exe
  C:\Windows\System\TLgnAtW.exe
  2⤵
  PID:6976
- C:\Windows\System\ldGNuuK.exe
  C:\Windows\System\ldGNuuK.exe
  2⤵
  PID:6968
- C:\Windows\System\SmNfJcg.exe
  C:\Windows\System\SmNfJcg.exe
  2⤵
  PID:6700
- C:\Windows\System\GDNKvVL.exe
  C:\Windows\System\GDNKvVL.exe
  2⤵
  PID:6948
- C:\Windows\System\AuMnQLo.exe
  C:\Windows\System\AuMnQLo.exe
  2⤵
  PID:5148
- C:\Windows\System\QzPitfA.exe
  C:\Windows\System\QzPitfA.exe
  2⤵
  PID:6544
- C:\Windows\System\PTfTmGr.exe
  C:\Windows\System\PTfTmGr.exe
  2⤵
  PID:7180
- C:\Windows\System\qpZTFrH.exe
  C:\Windows\System\qpZTFrH.exe
  2⤵
  PID:7196
- C:\Windows\System\WGjmOQO.exe
  C:\Windows\System\WGjmOQO.exe
  2⤵
  PID:7212
- C:\Windows\System\cRjIGVR.exe
  C:\Windows\System\cRjIGVR.exe
  2⤵
  PID:7228
- C:\Windows\System\XPFlIcv.exe
  C:\Windows\System\XPFlIcv.exe
  2⤵
  PID:7244
- C:\Windows\System\CtMDjUE.exe
  C:\Windows\System\CtMDjUE.exe
  2⤵
  PID:7260
- C:\Windows\System\wKjCkCz.exe
  C:\Windows\System\wKjCkCz.exe
  2⤵
  PID:7276
- C:\Windows\System\suIFmvX.exe
  C:\Windows\System\suIFmvX.exe
  2⤵
  PID:7292
- C:\Windows\System\ujCOWnz.exe
  C:\Windows\System\ujCOWnz.exe
  2⤵
  PID:7308
- C:\Windows\System\RzAHrJw.exe
  C:\Windows\System\RzAHrJw.exe
  2⤵
  PID:7324
- C:\Windows\System\FtOdgVK.exe
  C:\Windows\System\FtOdgVK.exe
  2⤵
  PID:7340
- C:\Windows\System\bOxXuxD.exe
  C:\Windows\System\bOxXuxD.exe
  2⤵
  PID:7356
- C:\Windows\System\AUKuBPC.exe
  C:\Windows\System\AUKuBPC.exe
  2⤵
  PID:7372
- C:\Windows\System\TxWSZKP.exe
  C:\Windows\System\TxWSZKP.exe
  2⤵
  PID:7388
- C:\Windows\System\BBplNUb.exe
  C:\Windows\System\BBplNUb.exe
  2⤵
  PID:7404
- C:\Windows\System\UEXiAOT.exe
  C:\Windows\System\UEXiAOT.exe
  2⤵
  PID:7420
- C:\Windows\System\nhbXAoI.exe
  C:\Windows\System\nhbXAoI.exe
  2⤵
  PID:7436
- C:\Windows\System\nfyOBbv.exe
  C:\Windows\System\nfyOBbv.exe
  2⤵
  PID:7452
- C:\Windows\System\DHvJRNI.exe
  C:\Windows\System\DHvJRNI.exe
  2⤵
  PID:7468
- C:\Windows\System\HRlXiJu.exe
  C:\Windows\System\HRlXiJu.exe
  2⤵
  PID:7484
- C:\Windows\System\DKsdwfQ.exe
  C:\Windows\System\DKsdwfQ.exe
  2⤵
  PID:7500
- C:\Windows\System\PPleoQC.exe
  C:\Windows\System\PPleoQC.exe
  2⤵
  PID:7516
- C:\Windows\System\mqbNMHG.exe
  C:\Windows\System\mqbNMHG.exe
  2⤵
  PID:7532
- C:\Windows\System\TzMXJAA.exe
  C:\Windows\System\TzMXJAA.exe
  2⤵
  PID:7548
- C:\Windows\System\LToWzib.exe
  C:\Windows\System\LToWzib.exe
  2⤵
  PID:7564
- C:\Windows\System\CzjGDYj.exe
  C:\Windows\System\CzjGDYj.exe
  2⤵
  PID:7584
- C:\Windows\System\UNqsYgl.exe
  C:\Windows\System\UNqsYgl.exe
  2⤵
  PID:7600
- C:\Windows\System\dUVvxoA.exe
  C:\Windows\System\dUVvxoA.exe
  2⤵
  PID:7616
- C:\Windows\System\yjNqRby.exe
  C:\Windows\System\yjNqRby.exe
  2⤵
  PID:7632
- C:\Windows\System\cJONhZz.exe
  C:\Windows\System\cJONhZz.exe
  2⤵
  PID:7648
- C:\Windows\System\TpRtNiV.exe
  C:\Windows\System\TpRtNiV.exe
  2⤵
  PID:7676
- C:\Windows\System\COxlYQT.exe
  C:\Windows\System\COxlYQT.exe
  2⤵
  PID:7692
- C:\Windows\System\lmMAyNy.exe
  C:\Windows\System\lmMAyNy.exe
  2⤵
  PID:7708
- C:\Windows\System\TnjdNJR.exe
  C:\Windows\System\TnjdNJR.exe
  2⤵
  PID:7724
- C:\Windows\System\UVagnZS.exe
  C:\Windows\System\UVagnZS.exe
  2⤵
  PID:7740
- C:\Windows\System\AhUGRIR.exe
  C:\Windows\System\AhUGRIR.exe
  2⤵
  PID:7756
- C:\Windows\System\ipiGQPs.exe
  C:\Windows\System\ipiGQPs.exe
  2⤵
  PID:7772
- C:\Windows\System\oATqrkl.exe
  C:\Windows\System\oATqrkl.exe
  2⤵
  PID:7788
- C:\Windows\System\tBUMCqc.exe
  C:\Windows\System\tBUMCqc.exe
  2⤵
  PID:7804
- C:\Windows\System\aKIfbsn.exe
  C:\Windows\System\aKIfbsn.exe
  2⤵
  PID:7820
- C:\Windows\System\rjYttPn.exe
  C:\Windows\System\rjYttPn.exe
  2⤵
  PID:7836
- C:\Windows\System\QMQtQLw.exe
  C:\Windows\System\QMQtQLw.exe
  2⤵
  PID:7852
- C:\Windows\System\XULKHEL.exe
  C:\Windows\System\XULKHEL.exe
  2⤵
  PID:7868
- C:\Windows\System\fUCblTr.exe
  C:\Windows\System\fUCblTr.exe
  2⤵
  PID:7884
- C:\Windows\System\DUgrKTu.exe
  C:\Windows\System\DUgrKTu.exe
  2⤵
  PID:7900
- C:\Windows\System\GqHuOPo.exe
  C:\Windows\System\GqHuOPo.exe
  2⤵
  PID:7916
- C:\Windows\System\EefbswK.exe
  C:\Windows\System\EefbswK.exe
  2⤵
  PID:7932
- C:\Windows\System\mxpfdYP.exe
  C:\Windows\System\mxpfdYP.exe
  2⤵
  PID:7948
- C:\Windows\System\liFxPve.exe
  C:\Windows\System\liFxPve.exe
  2⤵
  PID:7968
- C:\Windows\System\pIvAFnl.exe
  C:\Windows\System\pIvAFnl.exe
  2⤵
  PID:7984
- C:\Windows\System\jfbTMZi.exe
  C:\Windows\System\jfbTMZi.exe
  2⤵
  PID:8176
- C:\Windows\System\YSRiVzB.exe
  C:\Windows\System\YSRiVzB.exe
  2⤵
  PID:6448
- C:\Windows\System\QVjldtw.exe
  C:\Windows\System\QVjldtw.exe
  2⤵
  PID:6696
- C:\Windows\System\xCwwqrW.exe
  C:\Windows\System\xCwwqrW.exe
  2⤵
  PID:7172
- C:\Windows\System\ZybEvKz.exe
  C:\Windows\System\ZybEvKz.exe
  2⤵
  PID:7204
- C:\Windows\System\RqJEImP.exe
  C:\Windows\System\RqJEImP.exe
  2⤵
  PID:7020
- C:\Windows\System\eAJAPpQ.exe
  C:\Windows\System\eAJAPpQ.exe
  2⤵
  PID:6936
- C:\Windows\System\wCiLnaV.exe
  C:\Windows\System\wCiLnaV.exe
  2⤵
  PID:6400
- C:\Windows\System\OkupGWO.exe
  C:\Windows\System\OkupGWO.exe
  2⤵
  PID:5592
- C:\Windows\System\XlaXBvM.exe
  C:\Windows\System\XlaXBvM.exe
  2⤵
  PID:7220
- C:\Windows\System\sihYApp.exe
  C:\Windows\System\sihYApp.exe
  2⤵
  PID:7252
- C:\Windows\System\OsaOlfr.exe
  C:\Windows\System\OsaOlfr.exe
  2⤵
  PID:6964
- C:\Windows\System\YwapdOg.exe
  C:\Windows\System\YwapdOg.exe
  2⤵
  PID:6920
- C:\Windows\System\JUnQSsi.exe
  C:\Windows\System\JUnQSsi.exe
  2⤵
  PID:7300
- C:\Windows\System\QxoxBHz.exe
  C:\Windows\System\QxoxBHz.exe
  2⤵
  PID:7364
- C:\Windows\System\GTtqNxG.exe
  C:\Windows\System\GTtqNxG.exe
  2⤵
  PID:7428
- C:\Windows\System\JGzUOnK.exe
  C:\Windows\System\JGzUOnK.exe
  2⤵
  PID:7288
- C:\Windows\System\jIvrFec.exe
  C:\Windows\System\jIvrFec.exe
  2⤵
  PID:7492
- C:\Windows\System\zuIPMuM.exe
  C:\Windows\System\zuIPMuM.exe
  2⤵
  PID:7416
- C:\Windows\System\xmYTToh.exe
  C:\Windows\System\xmYTToh.exe
  2⤵
  PID:7480
- C:\Windows\System\lbeTyeh.exe
  C:\Windows\System\lbeTyeh.exe
  2⤵
  PID:7528
- C:\Windows\System\UNRXJtS.exe
  C:\Windows\System\UNRXJtS.exe
  2⤵
  PID:7596
- C:\Windows\System\ySpnnXa.exe
  C:\Windows\System\ySpnnXa.exe
  2⤵
  PID:7608
- C:\Windows\System\sYSUuFG.exe
  C:\Windows\System\sYSUuFG.exe
  2⤵
  PID:7512
- C:\Windows\System\weWJAvX.exe
  C:\Windows\System\weWJAvX.exe
  2⤵
  PID:7572
- C:\Windows\System\QJGEHld.exe
  C:\Windows\System\QJGEHld.exe
  2⤵
  PID:7716
- C:\Windows\System\ULyIIve.exe
  C:\Windows\System\ULyIIve.exe
  2⤵
  PID:7672
- C:\Windows\System\amUeEfv.exe
  C:\Windows\System\amUeEfv.exe
  2⤵
  PID:7736
- C:\Windows\System\pRmItKx.exe
  C:\Windows\System\pRmItKx.exe
  2⤵
  PID:7800
- C:\Windows\System\EUENuDY.exe
  C:\Windows\System\EUENuDY.exe
  2⤵
  PID:7864
- C:\Windows\System\hjHObye.exe
  C:\Windows\System\hjHObye.exe
  2⤵
  PID:7876
- C:\Windows\System\kUWSRWL.exe
  C:\Windows\System\kUWSRWL.exe
  2⤵
  PID:8104
- C:\Windows\System\hiQkrkb.exe
  C:\Windows\System\hiQkrkb.exe
  2⤵
  PID:8128
- C:\Windows\System\yTYSwue.exe
  C:\Windows\System\yTYSwue.exe
  2⤵
  PID:8148
- C:\Windows\System\NZMzhlN.exe
  C:\Windows\System\NZMzhlN.exe
  2⤵
  PID:8164
- C:\Windows\System\EnieLnp.exe
  C:\Windows\System\EnieLnp.exe
  2⤵
  PID:8184
- C:\Windows\System\bqTpjio.exe
  C:\Windows\System\bqTpjio.exe
  2⤵
  PID:8188
- C:\Windows\System\femnOyk.exe
  C:\Windows\System\femnOyk.exe
  2⤵
  PID:6972
- C:\Windows\System\tDAZtEl.exe
  C:\Windows\System\tDAZtEl.exe
  2⤵
  PID:7100
- C:\Windows\System\yjXHIbe.exe
  C:\Windows\System\yjXHIbe.exe
  2⤵
  PID:5180
- C:\Windows\System\FAKocZJ.exe
  C:\Windows\System\FAKocZJ.exe
  2⤵
  PID:7236
- C:\Windows\System\cHbFuwI.exe
  C:\Windows\System\cHbFuwI.exe
  2⤵
  PID:6256
- C:\Windows\System\eDLOmYG.exe
  C:\Windows\System\eDLOmYG.exe
  2⤵
  PID:6188
- C:\Windows\System\kfvEPVU.exe
  C:\Windows\System\kfvEPVU.exe
  2⤵
  PID:7384
- C:\Windows\System\uzjyxOS.exe
  C:\Windows\System\uzjyxOS.exe
  2⤵
  PID:6392
- C:\Windows\System\ioNkJbW.exe
  C:\Windows\System\ioNkJbW.exe
  2⤵
  PID:7464
- C:\Windows\System\fzDKmxR.exe
  C:\Windows\System\fzDKmxR.exe
  2⤵
  PID:7508
- C:\Windows\System\APElPKN.exe
  C:\Windows\System\APElPKN.exe
  2⤵
  PID:7348
- C:\Windows\System\iWmuMGG.exe
  C:\Windows\System\iWmuMGG.exe
  2⤵
  PID:7640
- C:\Windows\System\BYnYwXg.exe
  C:\Windows\System\BYnYwXg.exe
  2⤵
  PID:7272
- C:\Windows\System\pmFfsvH.exe
  C:\Windows\System\pmFfsvH.exe
  2⤵
  PID:7188
- C:\Windows\System\oUiwxAM.exe
  C:\Windows\System\oUiwxAM.exe
  2⤵
  PID:7644
- C:\Windows\System\qpsGRGA.exe
  C:\Windows\System\qpsGRGA.exe
  2⤵
  PID:7848
- C:\Windows\System\AcerEmN.exe
  C:\Windows\System\AcerEmN.exe
  2⤵
  PID:7928
- C:\Windows\System\FCyZVcj.exe
  C:\Windows\System\FCyZVcj.exe
  2⤵
  PID:7892
- C:\Windows\System\ilRhubx.exe
  C:\Windows\System\ilRhubx.exe
  2⤵
  PID:7944
- C:\Windows\System\UUKkiib.exe
  C:\Windows\System\UUKkiib.exe
  2⤵
  PID:7980
- C:\Windows\System\hIhpkCE.exe
  C:\Windows\System\hIhpkCE.exe
  2⤵
  PID:8012
- C:\Windows\System\IqmaIXR.exe
  C:\Windows\System\IqmaIXR.exe
  2⤵
  PID:7996
- C:\Windows\System\lkRzZXs.exe
  C:\Windows\System\lkRzZXs.exe
  2⤵
  PID:8028
- C:\Windows\System\XvPsfLA.exe
  C:\Windows\System\XvPsfLA.exe
  2⤵
  PID:8124
- C:\Windows\System\lDeSIPl.exe
  C:\Windows\System\lDeSIPl.exe
  2⤵
  PID:7240
- C:\Windows\System\garhMnm.exe
  C:\Windows\System\garhMnm.exe
  2⤵
  PID:7956
- C:\Windows\System\ooTdnlz.exe
  C:\Windows\System\ooTdnlz.exe
  2⤵
  PID:7992
- C:\Windows\System\ZsEeyum.exe
  C:\Windows\System\ZsEeyum.exe
  2⤵
  PID:8016
- C:\Windows\System\NIiMrmh.exe
  C:\Windows\System\NIiMrmh.exe
  2⤵
  PID:8040
- C:\Windows\System\CFSjrCW.exe
  C:\Windows\System\CFSjrCW.exe
  2⤵
  PID:7208
- C:\Windows\System\IBzaYSh.exe
  C:\Windows\System\IBzaYSh.exe
  2⤵
  PID:6768
- C:\Windows\System\GQchoII.exe
  C:\Windows\System\GQchoII.exe
  2⤵
  PID:8060
- C:\Windows\System\iAqZUNm.exe
  C:\Windows\System\iAqZUNm.exe
  2⤵
  PID:6728
- C:\Windows\System\TcMewof.exe
  C:\Windows\System\TcMewof.exe
  2⤵
  PID:7628
- C:\Windows\System\TCyvDzf.exe
  C:\Windows\System\TCyvDzf.exe
  2⤵
  PID:8116
- C:\Windows\System\QHFSJLm.exe
  C:\Windows\System\QHFSJLm.exe
  2⤵
  PID:6276
- C:\Windows\System\XeMKzCj.exe
  C:\Windows\System\XeMKzCj.exe
  2⤵
  PID:8068
- C:\Windows\System\RdpSACF.exe
  C:\Windows\System\RdpSACF.exe
  2⤵
  PID:8096
- C:\Windows\System\qUPBstF.exe
  C:\Windows\System\qUPBstF.exe
  2⤵
  PID:6152
- C:\Windows\System\lurFdTB.exe
  C:\Windows\System\lurFdTB.exe
  2⤵
  PID:7796
- C:\Windows\System\pqPjoOp.exe
  C:\Windows\System\pqPjoOp.exe
  2⤵
  PID:7832
- C:\Windows\System\WMQETLI.exe
  C:\Windows\System\WMQETLI.exe
  2⤵
  PID:8080
- C:\Windows\System\oFnmdCk.exe
  C:\Windows\System\oFnmdCk.exe
  2⤵
  PID:6304
- C:\Windows\System\UQXiZyP.exe
  C:\Windows\System\UQXiZyP.exe
  2⤵
  PID:8072
- C:\Windows\System\qjcozvs.exe
  C:\Windows\System\qjcozvs.exe
  2⤵
  PID:7688
- C:\Windows\System\icKbVgE.exe
  C:\Windows\System\icKbVgE.exe
  2⤵
  PID:7396
- C:\Windows\System\DKRjEJA.exe
  C:\Windows\System\DKRjEJA.exe
  2⤵
  PID:7860
- C:\Windows\System\IqrdHxI.exe
  C:\Windows\System\IqrdHxI.exe
  2⤵
  PID:8136
- C:\Windows\System\DmNMlbQ.exe
  C:\Windows\System\DmNMlbQ.exe
  2⤵
  PID:7448
- C:\Windows\System\aWGpail.exe
  C:\Windows\System\aWGpail.exe
  2⤵
  PID:8200
- C:\Windows\System\UmiHnjL.exe
  C:\Windows\System\UmiHnjL.exe
  2⤵
  PID:8216
- C:\Windows\System\CyXIlOD.exe
  C:\Windows\System\CyXIlOD.exe
  2⤵
  PID:8232
- C:\Windows\System\bHuqzjg.exe
  C:\Windows\System\bHuqzjg.exe
  2⤵
  PID:8248
- C:\Windows\System\zAChRTs.exe
  C:\Windows\System\zAChRTs.exe
  2⤵
  PID:8264
- C:\Windows\System\hNanESM.exe
  C:\Windows\System\hNanESM.exe
  2⤵
  PID:8280
- C:\Windows\System\PvxoEfL.exe
  C:\Windows\System\PvxoEfL.exe
  2⤵
  PID:8296
- C:\Windows\System\mGhAYlz.exe
  C:\Windows\System\mGhAYlz.exe
  2⤵
  PID:8312
- C:\Windows\System\lWmKxOJ.exe
  C:\Windows\System\lWmKxOJ.exe
  2⤵
  PID:8344
- C:\Windows\System\LjzoQXY.exe
  C:\Windows\System\LjzoQXY.exe
  2⤵
  PID:8360
- C:\Windows\System\OchjSnM.exe
  C:\Windows\System\OchjSnM.exe
  2⤵
  PID:8376
- C:\Windows\System\mSEcFKS.exe
  C:\Windows\System\mSEcFKS.exe
  2⤵
  PID:8400
- C:\Windows\System\vGXpDEc.exe
  C:\Windows\System\vGXpDEc.exe
  2⤵
  PID:8416
- C:\Windows\System\MdvWADW.exe
  C:\Windows\System\MdvWADW.exe
  2⤵
  PID:8432
- C:\Windows\System\sOejyQq.exe
  C:\Windows\System\sOejyQq.exe
  2⤵
  PID:8448
- C:\Windows\System\mIImRSi.exe
  C:\Windows\System\mIImRSi.exe
  2⤵
  PID:8464
- C:\Windows\System\MIJalEo.exe
  C:\Windows\System\MIJalEo.exe
  2⤵
  PID:8480
- C:\Windows\System\awqSgpN.exe
  C:\Windows\System\awqSgpN.exe
  2⤵
  PID:8504
- C:\Windows\System\RCTnhXv.exe
  C:\Windows\System\RCTnhXv.exe
  2⤵
  PID:8520
- C:\Windows\System\kuyeWrx.exe
  C:\Windows\System\kuyeWrx.exe
  2⤵
  PID:8544
- C:\Windows\System\McthpWF.exe
  C:\Windows\System\McthpWF.exe
  2⤵
  PID:8564
- C:\Windows\System\rlVTbGv.exe
  C:\Windows\System\rlVTbGv.exe
  2⤵
  PID:8580
- C:\Windows\System\xdPVpQK.exe
  C:\Windows\System\xdPVpQK.exe
  2⤵
  PID:8612
- C:\Windows\System\WMhmnPn.exe
  C:\Windows\System\WMhmnPn.exe
  2⤵
  PID:8628
- C:\Windows\System\NwbaqEn.exe
  C:\Windows\System\NwbaqEn.exe
  2⤵
  PID:8644
- C:\Windows\System\iDfGTKu.exe
  C:\Windows\System\iDfGTKu.exe
  2⤵
  PID:8660
- C:\Windows\System\kSODLTZ.exe
  C:\Windows\System\kSODLTZ.exe
  2⤵
  PID:8676
- C:\Windows\System\zYMwVRj.exe
  C:\Windows\System\zYMwVRj.exe
  2⤵
  PID:8692
- C:\Windows\System\EgwcyUw.exe
  C:\Windows\System\EgwcyUw.exe
  2⤵
  PID:8708
- C:\Windows\System\EzJOkFC.exe
  C:\Windows\System\EzJOkFC.exe
  2⤵
  PID:8724
- C:\Windows\System\ZRuhXUZ.exe
  C:\Windows\System\ZRuhXUZ.exe
  2⤵
  PID:8740
- C:\Windows\System\gFxenoG.exe
  C:\Windows\System\gFxenoG.exe
  2⤵
  PID:8768
- C:\Windows\System\IaWzMUS.exe
  C:\Windows\System\IaWzMUS.exe
  2⤵
  PID:8784
- C:\Windows\System\srQOnXr.exe
  C:\Windows\System\srQOnXr.exe
  2⤵
  PID:8808
- C:\Windows\System\jLNFtJm.exe
  C:\Windows\System\jLNFtJm.exe
  2⤵
  PID:8828
- C:\Windows\System\IOKAFPx.exe
  C:\Windows\System\IOKAFPx.exe
  2⤵
  PID:8844
- C:\Windows\System\AikdnHS.exe
  C:\Windows\System\AikdnHS.exe
  2⤵
  PID:8860
- C:\Windows\System\yxDnywC.exe
  C:\Windows\System\yxDnywC.exe
  2⤵
  PID:8884
- C:\Windows\System\OxNTOlB.exe
  C:\Windows\System\OxNTOlB.exe
  2⤵
  PID:8900
- C:\Windows\System\vWrdHja.exe
  C:\Windows\System\vWrdHja.exe
  2⤵
  PID:8916
- C:\Windows\System\cvbuHfL.exe
  C:\Windows\System\cvbuHfL.exe
  2⤵
  PID:8932
- C:\Windows\System\TtaTvtO.exe
  C:\Windows\System\TtaTvtO.exe
  2⤵
  PID:8956
- C:\Windows\System\trZseYo.exe
  C:\Windows\System\trZseYo.exe
  2⤵
  PID:8972
- C:\Windows\System\szmYHPS.exe
  C:\Windows\System\szmYHPS.exe
  2⤵
  PID:8988
- C:\Windows\System\vAeRiPG.exe
  C:\Windows\System\vAeRiPG.exe
  2⤵
  PID:9004
- C:\Windows\System\FjqoQqt.exe
  C:\Windows\System\FjqoQqt.exe
  2⤵
  PID:9020
- C:\Windows\System\pqQbcVg.exe
  C:\Windows\System\pqQbcVg.exe
  2⤵
  PID:9044
- C:\Windows\System\TmyWxpj.exe
  C:\Windows\System\TmyWxpj.exe
  2⤵
  PID:9060
- C:\Windows\System\UtcyYKF.exe
  C:\Windows\System\UtcyYKF.exe
  2⤵
  PID:9076
- C:\Windows\System\GfvQDSm.exe
  C:\Windows\System\GfvQDSm.exe
  2⤵
  PID:9092
- C:\Windows\System\GsQjVln.exe
  C:\Windows\System\GsQjVln.exe
  2⤵
  PID:9108
- C:\Windows\System\bHtfBYS.exe
  C:\Windows\System\bHtfBYS.exe
  2⤵
  PID:9132
- C:\Windows\System\hqdGtoO.exe
  C:\Windows\System\hqdGtoO.exe
  2⤵
  PID:9148
- C:\Windows\System\sOEIUoJ.exe
  C:\Windows\System\sOEIUoJ.exe
  2⤵
  PID:9164
- C:\Windows\System\blyWNae.exe
  C:\Windows\System\blyWNae.exe
  2⤵
  PID:9180
- C:\Windows\System\kcjBuUz.exe
  C:\Windows\System\kcjBuUz.exe
  2⤵
  PID:9204
- C:\Windows\System\pvhhsBc.exe
  C:\Windows\System\pvhhsBc.exe
  2⤵
  PID:7668
- C:\Windows\System\yDHsTFT.exe
  C:\Windows\System\yDHsTFT.exe
  2⤵
  PID:8228
- C:\Windows\System\pFLfkKn.exe
  C:\Windows\System\pFLfkKn.exe
  2⤵
  PID:8288
- C:\Windows\System\jvkmtmL.exe
  C:\Windows\System\jvkmtmL.exe
  2⤵
  PID:8324
- C:\Windows\System\PEpkrfC.exe
  C:\Windows\System\PEpkrfC.exe
  2⤵
  PID:8044
- C:\Windows\System\gwWmJqt.exe
  C:\Windows\System\gwWmJqt.exe
  2⤵
  PID:7940
- C:\Windows\System\nArFzny.exe
  C:\Windows\System\nArFzny.exe
  2⤵
  PID:8208
- C:\Windows\System\RyVBaif.exe
  C:\Windows\System\RyVBaif.exe
  2⤵
  PID:8088
- C:\Windows\System\cexBJTB.exe
  C:\Windows\System\cexBJTB.exe
  2⤵
  PID:6752
- C:\Windows\System\mIFzfsp.exe
  C:\Windows\System\mIFzfsp.exe
  2⤵
  PID:8052
- C:\Windows\System\LgEjLph.exe
  C:\Windows\System\LgEjLph.exe
  2⤵
  PID:8336
- C:\Windows\System\iHYXmPz.exe
  C:\Windows\System\iHYXmPz.exe
  2⤵
  PID:7144
- C:\Windows\System\ZADaCwg.exe
  C:\Windows\System\ZADaCwg.exe
  2⤵
  PID:8368
- C:\Windows\System\yXQSlhL.exe
  C:\Windows\System\yXQSlhL.exe
  2⤵
  PID:8412
- C:\Windows\System\BNOVOGs.exe
  C:\Windows\System\BNOVOGs.exe
  2⤵
  PID:8556
- C:\Windows\System\crvPVXR.exe
  C:\Windows\System\crvPVXR.exe
  2⤵
  PID:8384
- C:\Windows\System\amDYixk.exe
  C:\Windows\System\amDYixk.exe
  2⤵
  PID:8396
- C:\Windows\System\LiPnGzI.exe
  C:\Windows\System\LiPnGzI.exe
  2⤵
  PID:8596
- C:\Windows\System\qRKBDPz.exe
  C:\Windows\System\qRKBDPz.exe
  2⤵
  PID:8668
- C:\Windows\System\LNfahZb.exe
  C:\Windows\System\LNfahZb.exe
  2⤵
  PID:8496
- C:\Windows\System\XWXKLTV.exe
  C:\Windows\System\XWXKLTV.exe
  2⤵
  PID:8428
- C:\Windows\System\fnclurq.exe
  C:\Windows\System\fnclurq.exe
  2⤵
  PID:8736
- C:\Windows\System\zzDugsh.exe
  C:\Windows\System\zzDugsh.exe
  2⤵
  PID:8572
- C:\Windows\System\ERjdQOG.exe
  C:\Windows\System\ERjdQOG.exe
  2⤵
  PID:8824
- C:\Windows\System\AhtFMrK.exe
  C:\Windows\System\AhtFMrK.exe
  2⤵
  PID:8624
- C:\Windows\System\MpzWEGY.exe
  C:\Windows\System\MpzWEGY.exe
  2⤵
  PID:8856
- C:\Windows\System\vnsSrOI.exe
  C:\Windows\System\vnsSrOI.exe
  2⤵
  PID:8716
- C:\Windows\System\ZdIDJQy.exe
  C:\Windows\System\ZdIDJQy.exe
  2⤵
  PID:8964
- C:\Windows\System\utUbREC.exe
  C:\Windows\System\utUbREC.exe
  2⤵
  PID:8752
- C:\Windows\System\dgeePXA.exe
  C:\Windows\System\dgeePXA.exe
  2⤵
  PID:9040
- C:\Windows\System\mZARsFP.exe
  C:\Windows\System\mZARsFP.exe
  2⤵
  PID:8760
- C:\Windows\System\cTFjaTK.exe
  C:\Windows\System\cTFjaTK.exe
  2⤵
  PID:8984
- C:\Windows\System\VRqoBKq.exe
  C:\Windows\System\VRqoBKq.exe
  2⤵
  PID:8792
- C:\Windows\System\dloprBq.exe
  C:\Windows\System\dloprBq.exe
  2⤵
  PID:8912
- C:\Windows\System\dlqpXll.exe
  C:\Windows\System\dlqpXll.exe
  2⤵
  PID:9016
- C:\Windows\System\qRrJqxL.exe
  C:\Windows\System\qRrJqxL.exe
  2⤵
  PID:9088
- C:\Windows\System\ZSLUkCX.exe
  C:\Windows\System\ZSLUkCX.exe
  2⤵
  PID:9104
- C:\Windows\System\fNAwwna.exe
  C:\Windows\System\fNAwwna.exe
  2⤵
  PID:9172
- C:\Windows\System\mWKFVNt.exe
  C:\Windows\System\mWKFVNt.exe
  2⤵
  PID:8256
- C:\Windows\System\EcrdHgk.exe
  C:\Windows\System\EcrdHgk.exe
  2⤵
  PID:7524
- C:\Windows\System\xmUSiTG.exe
  C:\Windows\System\xmUSiTG.exe
  2⤵
  PID:8244
- C:\Windows\System\IpVxLRR.exe
  C:\Windows\System\IpVxLRR.exe
  2⤵
  PID:9160
- C:\Windows\System\uMgeGFH.exe
  C:\Windows\System\uMgeGFH.exe
  2⤵
  PID:8352
- C:\Windows\System\ZbZyyzV.exe
  C:\Windows\System\ZbZyyzV.exe
  2⤵
  PID:8620
- C:\Windows\System\UZCzrdu.exe
  C:\Windows\System\UZCzrdu.exe
  2⤵
  PID:9072
- C:\Windows\System\zsOOsFX.exe
  C:\Windows\System\zsOOsFX.exe
  2⤵
  PID:8688
- C:\Windows\System\jXdXUmD.exe
  C:\Windows\System\jXdXUmD.exe
  2⤵
  PID:8940
- C:\Windows\System\JxsgEcY.exe
  C:\Windows\System\JxsgEcY.exe
  2⤵
  PID:8952
- C:\Windows\System\dRZlJJM.exe
  C:\Windows\System\dRZlJJM.exe
  2⤵
  PID:8748
- C:\Windows\System\vWrITxs.exe
  C:\Windows\System\vWrITxs.exe
  2⤵
  PID:8304
- C:\Windows\System\FWWaHyx.exe
  C:\Windows\System\FWWaHyx.exe
  2⤵
  PID:9144
- C:\Windows\System\jbfeOLe.exe
  C:\Windows\System\jbfeOLe.exe
  2⤵
  PID:9116
- C:\Windows\System\jxjyOYJ.exe
  C:\Windows\System\jxjyOYJ.exe
  2⤵
  PID:9128
- C:\Windows\System\GAFtcvs.exe
  C:\Windows\System\GAFtcvs.exe
  2⤵
  PID:9192
- C:\Windows\System\AJCDINd.exe
  C:\Windows\System\AJCDINd.exe
  2⤵
  PID:8224
- C:\Windows\System\qyjjrhm.exe
  C:\Windows\System\qyjjrhm.exe
  2⤵
  PID:8212
- C:\Windows\System\fXzXXGg.exe
  C:\Windows\System\fXzXXGg.exe
  2⤵
  PID:5888
- C:\Windows\System\aZDTKUZ.exe
  C:\Windows\System\aZDTKUZ.exe
  2⤵
  PID:8388
- C:\Windows\System\yYTMlYy.exe
  C:\Windows\System\yYTMlYy.exe
  2⤵
  PID:8636
- C:\Windows\System\xFLuVVh.exe
  C:\Windows\System\xFLuVVh.exe
  2⤵
  PID:8392
- C:\Windows\System\YlBHvLq.exe
  C:\Windows\System\YlBHvLq.exe
  2⤵
  PID:8532
- C:\Windows\System\iLFSVfr.exe
  C:\Windows\System\iLFSVfr.exe
  2⤵
  PID:8488
- C:\Windows\System\jsyZHon.exe
  C:\Windows\System\jsyZHon.exe
  2⤵
  PID:8536
- C:\Windows\System\WEISiuk.exe
  C:\Windows\System\WEISiuk.exe
  2⤵
  PID:8836
- C:\Windows\System\qTBTgyl.exe
  C:\Windows\System\qTBTgyl.exe
  2⤵
  PID:8948
- C:\Windows\System\ybaYRzV.exe
  C:\Windows\System\ybaYRzV.exe
  2⤵
  PID:9200
- C:\Windows\System\aBbAEOt.exe
  C:\Windows\System\aBbAEOt.exe
  2⤵
  PID:8764
- C:\Windows\System\NoHPZrb.exe
  C:\Windows\System\NoHPZrb.exe
  2⤵
  PID:8472
- C:\Windows\System\Mnlsyni.exe
  C:\Windows\System\Mnlsyni.exe
  2⤵
  PID:8064
- C:\Windows\System\ZuXKkQg.exe
  C:\Windows\System\ZuXKkQg.exe
  2⤵
  PID:8700
- C:\Windows\System\ckkmerx.exe
  C:\Windows\System\ckkmerx.exe
  2⤵
  PID:8552
- C:\Windows\System\qtmyJat.exe
  C:\Windows\System\qtmyJat.exe
  2⤵
  PID:8084
- C:\Windows\System\nCybvvM.exe
  C:\Windows\System\nCybvvM.exe
  2⤵
  PID:8684
- C:\Windows\System\IGpIPLr.exe
  C:\Windows\System\IGpIPLr.exe
  2⤵
  PID:9124
- C:\Windows\System\XRtaGFZ.exe
  C:\Windows\System\XRtaGFZ.exe
  2⤵
  PID:9156
- C:\Windows\System\bfxlNOd.exe
  C:\Windows\System\bfxlNOd.exe
  2⤵
  PID:9032
- C:\Windows\System\CCzuJaq.exe
  C:\Windows\System\CCzuJaq.exe
  2⤵
  PID:8704
- C:\Windows\System\vIXyLQd.exe
  C:\Windows\System\vIXyLQd.exe
  2⤵
  PID:9224
- C:\Windows\System\RAWtnka.exe
  C:\Windows\System\RAWtnka.exe
  2⤵
  PID:9256
- C:\Windows\System\hrcaWWQ.exe
  C:\Windows\System\hrcaWWQ.exe
  2⤵
  PID:9292
- C:\Windows\System\fOLkmvL.exe
  C:\Windows\System\fOLkmvL.exe
  2⤵
  PID:9308
- C:\Windows\System\sdhQHWp.exe
  C:\Windows\System\sdhQHWp.exe
  2⤵
  PID:9324
- C:\Windows\System\KZbfEAx.exe
  C:\Windows\System\KZbfEAx.exe
  2⤵
  PID:9340
- C:\Windows\System\pRHnYKD.exe
  C:\Windows\System\pRHnYKD.exe
  2⤵
  PID:9356
- C:\Windows\System\zwUHzDh.exe
  C:\Windows\System\zwUHzDh.exe
  2⤵
  PID:9372
- C:\Windows\System\BOJYmQn.exe
  C:\Windows\System\BOJYmQn.exe
  2⤵
  PID:9388
- C:\Windows\System\nVCLVvI.exe
  C:\Windows\System\nVCLVvI.exe
  2⤵
  PID:9404
- C:\Windows\System\FIugxbw.exe
  C:\Windows\System\FIugxbw.exe
  2⤵
  PID:9420
- C:\Windows\System\trTxrRt.exe
  C:\Windows\System\trTxrRt.exe
  2⤵
  PID:9440
- C:\Windows\System\TfpAiBG.exe
  C:\Windows\System\TfpAiBG.exe
  2⤵
  PID:9456
- C:\Windows\System\xXxpLRm.exe
  C:\Windows\System\xXxpLRm.exe
  2⤵
  PID:9496
- C:\Windows\System\zKnPzQr.exe
  C:\Windows\System\zKnPzQr.exe
  2⤵
  PID:9512
- C:\Windows\System\PwmdpvF.exe
  C:\Windows\System\PwmdpvF.exe
  2⤵
  PID:9528
- C:\Windows\System\zPTQFJL.exe
  C:\Windows\System\zPTQFJL.exe
  2⤵
  PID:9544
- C:\Windows\System\ckkjOgU.exe
  C:\Windows\System\ckkjOgU.exe
  2⤵
  PID:9560
- C:\Windows\System\ucWFjlj.exe
  C:\Windows\System\ucWFjlj.exe
  2⤵
  PID:9576
- C:\Windows\System\PkDTyiB.exe
  C:\Windows\System\PkDTyiB.exe
  2⤵
  PID:9592
- C:\Windows\System\RCzamab.exe
  C:\Windows\System\RCzamab.exe
  2⤵
  PID:9608
- C:\Windows\System\uCyZIUo.exe
  C:\Windows\System\uCyZIUo.exe
  2⤵
  PID:9628
- C:\Windows\System\Tacsmkv.exe
  C:\Windows\System\Tacsmkv.exe
  2⤵
  PID:9644
- C:\Windows\System\ZKeAgoH.exe
  C:\Windows\System\ZKeAgoH.exe
  2⤵
  PID:9660
- C:\Windows\System\FWfRipk.exe
  C:\Windows\System\FWfRipk.exe
  2⤵
  PID:9680
- C:\Windows\System\zEgwxNO.exe
  C:\Windows\System\zEgwxNO.exe
  2⤵
  PID:9696
- C:\Windows\System\XuqQUoZ.exe
  C:\Windows\System\XuqQUoZ.exe
  2⤵
  PID:9720
- C:\Windows\System\ePUKMMB.exe
  C:\Windows\System\ePUKMMB.exe
  2⤵
  PID:9736
- C:\Windows\System\yswFjur.exe
  C:\Windows\System\yswFjur.exe
  2⤵
  PID:9752
- C:\Windows\System\MhPHrRO.exe
  C:\Windows\System\MhPHrRO.exe
  2⤵
  PID:9768
- C:\Windows\System\SmecKpu.exe
  C:\Windows\System\SmecKpu.exe
  2⤵
  PID:9792
- C:\Windows\System\ivFxMjT.exe
  C:\Windows\System\ivFxMjT.exe
  2⤵
  PID:9808
- C:\Windows\System\Yiklfny.exe
  C:\Windows\System\Yiklfny.exe
  2⤵
  PID:9824
- C:\Windows\System\SKsGsxJ.exe
  C:\Windows\System\SKsGsxJ.exe
  2⤵
  PID:9840
- C:\Windows\System\huWOixF.exe
  C:\Windows\System\huWOixF.exe
  2⤵
  PID:9864
- C:\Windows\System\QbluDWt.exe
  C:\Windows\System\QbluDWt.exe
  2⤵
  PID:9888
- C:\Windows\System\lotheqv.exe
  C:\Windows\System\lotheqv.exe
  2⤵
  PID:9912
- C:\Windows\System\MCsEuhz.exe
  C:\Windows\System\MCsEuhz.exe
  2⤵
  PID:9928
- C:\Windows\System\UjDxhCT.exe
  C:\Windows\System\UjDxhCT.exe
  2⤵
  PID:9944
- C:\Windows\System\WcnXTrp.exe
  C:\Windows\System\WcnXTrp.exe
  2⤵
  PID:9960
- C:\Windows\System\WDMyCso.exe
  C:\Windows\System\WDMyCso.exe
  2⤵
  PID:9976
- C:\Windows\System\NRqBezF.exe
  C:\Windows\System\NRqBezF.exe
  2⤵
  PID:10000
- C:\Windows\System\FcfUueY.exe
  C:\Windows\System\FcfUueY.exe
  2⤵
  PID:10020
- C:\Windows\System\zpsqFZC.exe
  C:\Windows\System\zpsqFZC.exe
  2⤵
  PID:10044
- C:\Windows\System\LXVUYUQ.exe
  C:\Windows\System\LXVUYUQ.exe
  2⤵
  PID:10060
- C:\Windows\System\SLCVvbf.exe
  C:\Windows\System\SLCVvbf.exe
  2⤵
  PID:10076
- C:\Windows\System\vEkmxwU.exe
  C:\Windows\System\vEkmxwU.exe
  2⤵
  PID:10096
- C:\Windows\System\PcyrnSE.exe
  C:\Windows\System\PcyrnSE.exe
  2⤵
  PID:10124
- C:\Windows\System\HTPsfXr.exe
  C:\Windows\System\HTPsfXr.exe
  2⤵
  PID:10164
- C:\Windows\System\PJZGcps.exe
  C:\Windows\System\PJZGcps.exe
  2⤵
  PID:10180
- C:\Windows\System\LPIXbGy.exe
  C:\Windows\System\LPIXbGy.exe
  2⤵
  PID:10196
- C:\Windows\System\TYzbLWq.exe
  C:\Windows\System\TYzbLWq.exe
  2⤵
  PID:10228
- C:\Windows\System\DTuxlTo.exe
  C:\Windows\System\DTuxlTo.exe
  2⤵
  PID:7224
- C:\Windows\System\xLLliUJ.exe
  C:\Windows\System\xLLliUJ.exe
  2⤵
  PID:9232
- C:\Windows\System\EenYEEP.exe
  C:\Windows\System\EenYEEP.exe
  2⤵
  PID:9244
- C:\Windows\System\MUUMeYI.exe
  C:\Windows\System\MUUMeYI.exe
  2⤵
  PID:9332
- C:\Windows\System\odRowWd.exe
  C:\Windows\System\odRowWd.exe
  2⤵
  PID:9584
- C:\Windows\System\egrtMeU.exe
  C:\Windows\System\egrtMeU.exe
  2⤵
  PID:9624
- C:\Windows\System\jqTSkGx.exe
  C:\Windows\System\jqTSkGx.exe
  2⤵
  PID:9692
- C:\Windows\System\vcKfwGc.exe
  C:\Windows\System\vcKfwGc.exe
  2⤵
  PID:9452
- C:\Windows\System\UuDHuOp.exe
  C:\Windows\System\UuDHuOp.exe
  2⤵
  PID:9764
- C:\Windows\System\TIOUeVL.exe
  C:\Windows\System\TIOUeVL.exe
  2⤵
  PID:9540
- C:\Windows\System\JwLtSsc.exe
  C:\Windows\System\JwLtSsc.exe
  2⤵
  PID:9600
- C:\Windows\System\qLEikAP.exe
  C:\Windows\System\qLEikAP.exe
  2⤵
  PID:9676
- C:\Windows\System\OjJFORp.exe
  C:\Windows\System\OjJFORp.exe
  2⤵
  PID:9876
- C:\Windows\System\ePLuoxE.exe
  C:\Windows\System\ePLuoxE.exe
  2⤵
  PID:9924
- C:\Windows\System\ddBwIxK.exe
  C:\Windows\System\ddBwIxK.exe
  2⤵
  PID:9776
- C:\Windows\System\aWAyZvO.exe
  C:\Windows\System\aWAyZvO.exe
  2⤵
  PID:10028
- C:\Windows\System\qZNjgrq.exe
  C:\Windows\System\qZNjgrq.exe
  2⤵
  PID:9852
- C:\Windows\System\ofopXJg.exe
  C:\Windows\System\ofopXJg.exe
  2⤵
  PID:9784
- C:\Windows\System\wZWBmaY.exe
  C:\Windows\System\wZWBmaY.exe
  2⤵
  PID:9848
- C:\Windows\System\mREAtcC.exe
  C:\Windows\System\mREAtcC.exe
  2⤵
  PID:9908
- C:\Windows\System\TtqrKOL.exe
  C:\Windows\System\TtqrKOL.exe
  2⤵
  PID:10104
- C:\Windows\System\wLnNdtO.exe
  C:\Windows\System\wLnNdtO.exe
  2⤵
  PID:10120
- C:\Windows\System\pCgausI.exe
  C:\Windows\System\pCgausI.exe
  2⤵
  PID:10052
- C:\Windows\System\XGGLNdw.exe
  C:\Windows\System\XGGLNdw.exe
  2⤵
  PID:10092
- C:\Windows\System\TWWYwLy.exe
  C:\Windows\System\TWWYwLy.exe
  2⤵
  PID:10144
- C:\Windows\System\rxmLLQC.exe
  C:\Windows\System\rxmLLQC.exe
  2⤵
  PID:8320
- C:\Windows\System\aXBwIeA.exe
  C:\Windows\System\aXBwIeA.exe
  2⤵
  PID:10216
- C:\Windows\System\HNJDHvi.exe
  C:\Windows\System\HNJDHvi.exe
  2⤵
  PID:8048
- C:\Windows\System\PkdurzE.exe
  C:\Windows\System\PkdurzE.exe
  2⤵
  PID:10192
- C:\Windows\System\LZuSrPZ.exe
  C:\Windows\System\LZuSrPZ.exe
  2⤵
  PID:9300
- C:\Windows\System\TEeuwqn.exe
  C:\Windows\System\TEeuwqn.exe
  2⤵
  PID:9288
- C:\Windows\System\ZXBAHdk.exe
  C:\Windows\System\ZXBAHdk.exe
  2⤵
  PID:8924
- C:\Windows\System\GxdEBSM.exe
  C:\Windows\System\GxdEBSM.exe
  2⤵
  PID:9432
- C:\Windows\System\VqOCOYp.exe
  C:\Windows\System\VqOCOYp.exe
  2⤵
  PID:9352
- C:\Windows\System\MHDcJSW.exe
  C:\Windows\System\MHDcJSW.exe
  2⤵
  PID:6712
- C:\Windows\System\JVKjtvv.exe
  C:\Windows\System\JVKjtvv.exe
  2⤵
  PID:8024
- C:\Windows\System\yZrpIrp.exe
  C:\Windows\System\yZrpIrp.exe
  2⤵
  PID:7192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AgcqWBk.exe

Filesize
1.9MB

MD5
134e071efb22140f0ca5325f2a53b551

SHA1
ef37b30d5577149096735320e1db6646e0b519aa

SHA256
7b8d58f3789a865c77a4a0be91df690f15c74d915cc9951edb161b2a60894981

SHA512
d56e5fcc9deb4adc5043d353fd540758d29fabcad785061a84ca5260f5145dc4fe297e079fd8b9936037d2940690bd8e3813f7f2b9ac05d9266fadd0f78e0f06

Download Submit
C:\Windows\system\BWWJJzY.exe

Filesize
1.9MB

MD5
56b1a9491cdf42d569ef45dae30fc1d0

SHA1
1a6cd94e75df88e5042d653c5414d628ec549a34

SHA256
d59723c2fe92ff664fe8e94189ebebd295aadd8e2faa02627385a2883a3144a7

SHA512
f24b6b3e2a8b0851556df0f7ee20700f48bebbd9a77b6c1248a9ea31c032f1d4ecafd7aac5f960a50863141dd94e156677a397efba4aa00a56b28094692e24ff

Download Submit
C:\Windows\system\BxvhGxl.exe

Filesize
1.9MB

MD5
74a539d94dca0a69a85cb40c904674ac

SHA1
1e71882c78efbd005a6a8f45bcf0431257312f4b

SHA256
ff030404eefabc3fe50cbeeb43a90a1bbe2b4560d89aa8c9f22f4600291cdd6a

SHA512
25a99e96a1d239d81937690d275415b4043011fbe7cd972a5d897ff998221c8d917f3eae8ca35291f3c83469aefe7729fda77c74e216c304f56e12721f43f72b

Download Submit
C:\Windows\system\CLsryvw.exe

Filesize
1.9MB

MD5
6bc3cd2377de93d018405fe507ea3110

SHA1
f00c4662f6ce8196f3445eb09f17021c8e4ca1de

SHA256
64e986d35cc93a12e2fcce6c8726222a3194deca75da8c71f8eef15f3cb5e075

SHA512
0ec5c2b1208de27247d5d11d3fcc6ee7cb1b324dcdc3167b675e1ec6e6670456d9d2f98a68c1febdede619665799500ea671f556a031dd0d9313f18786d96638

Download Submit
C:\Windows\system\CsMPRtB.exe

Filesize
1.9MB

MD5
c45eb1f6f2207f747a162360479304f2

SHA1
2e1519dbf9246aba09faa4ac6f73518534cf84b2

SHA256
33bfede6a2b3459d955b78be260f99b9ddf86f9bdd7ad5329b5c04f9c083fc1b

SHA512
6d86f1560bf6656764cbe4194496d264ee0bf5457eb6daf1d5ff5bf8d33c45f443e4f8b6f9a163a4a145137cae5aa02f3d4337baf6e93dc200d803dd353fbabd

Download Submit
C:\Windows\system\GMtxShe.exe

Filesize
1.9MB

MD5
73ad9bc45324b2677cb025e2bc0d19da

SHA1
eeb4f5bcedcbd56086dc8fa58c7a2f9e70a1009a

SHA256
d22255a2316a3a62436ebb44d09de837e2c31142b9ce36a0dd8d6dce1d901358

SHA512
bcff2140922f42e26b2a3a5105d52d7aa338d1af7b561f62472cec3cfed18358092a3932e3627345f98406b9ca04db4e608cc48a13284216936a559f4df8341f

Download Submit
C:\Windows\system\IjflaXW.exe

Filesize
1.9MB

MD5
d4c5b69d31a72ba9bc1adddfe9008d8b

SHA1
1c409d5aa5d8a9adbd01e416682afdecf89f7394

SHA256
66162ff07d9ba9324c09ad78a1d07ff7fe3804f59dc3d97ab60e99f9f1a197ce

SHA512
c4e215cedc1c4b5cb096761b449e0afbd67b396da4b0353018db9dba70bb464b3c18df890462243dddecb3880478634560143cd472251cd5b01ace49e5805742

Download Submit
C:\Windows\system\KiGNKgN.exe

Filesize
1.9MB

MD5
969e58d7e05d6ae7901f70627536279c

SHA1
c512cac3a0f2628772bb06ca7f68a059684ed6b9

SHA256
6176f3c46fe7d69f79185f52d233222dc49d2195082688184d8d11b2cc205cd8

SHA512
490c51375c814b589be75d7a8e88903b470eae6b3774b68595ce311da456d72ca6fc8f3fed3943709a6119835529927d19d00fb4d4b6d5b175b5319ec7b4fd49

Download Submit
C:\Windows\system\OlUDYlo.exe

Filesize
1.9MB

MD5
8a083144310052c98583e7c14c516891

SHA1
9790b277f2593826920b195ebccb6fad0d0d5ad1

SHA256
65d71071e2d790a01188df7c0107ea2f8a9e6f6a109768cdecbbe7d9c4629544

SHA512
520ca127909c519542e16f51859c31bc318e3391bf0d4df435e8b00fb51b61427794bcb22c1da58e2de10ccd9b29815cd6d8c832e72af579944bbca48fba10c0

Download Submit
C:\Windows\system\RYxiawx.exe

Filesize
1.9MB

MD5
28beabaf2e518262be964414f7df608a

SHA1
2037a376c12020b0cde3506a624a46b4317f29ed

SHA256
64ffb8dfa3e22b3105a9450d639a4771eaabb45425c38a8e7056300911e6f7a5

SHA512
4ec885a473f54772328ab72c45bdad5194bc2a4cd69f80f5bc17798bc7fb1e6f0799e58d0b9c453640cc50b270122c6a945f6add7db05198cf51b60a73b454b6

Download Submit
C:\Windows\system\UjdKDEX.exe

Filesize
1.9MB

MD5
91b3db25ce87c648279623fbc12d19e2

SHA1
7d470570b580fea2c4cb9598eb7e635ff67da9cd

SHA256
60cfe6af0ad8f3da91510709dc7d5a2abc613cb0d5083965b69c8826e066b448

SHA512
92d42bc7241e7f26f670e51fb06cb3f158e4f4a9d476c6abed0ebc5ca06363b7f691cdcd72e9c8b63100a6b3cb7a63464da459a8215b3c32f19ab7ca8581a3b2

Download Submit
C:\Windows\system\VmKvmwj.exe

Filesize
1.9MB

MD5
cb1b7821c7ec2fd5b5b227f4589d0535

SHA1
11d639d2fb815cacbc9271cd23e9e6461bc5ec89

SHA256
57e3bcea595626e7e1fa87ff238fbbb5c3df720ae51ed22a0427da4c6de676c9

SHA512
2f89268318e92334a02f29561c6ec028340d955ac7d785839eb0bc49dc4962bf12351bc5aa513030919534e83d91aa1679f0d2aca52fb8e3476e4779efc4c726

Download Submit
C:\Windows\system\YgjdUHr.exe

Filesize
1.9MB

MD5
bb9d382cdaabc9614299330f63bfe6e3

SHA1
81375970ee689f01aa070435a91c790aa772c9a7

SHA256
c82093e2f588b82ed04193db5a54d4859ddf2af5fd7a44d63ff70cc403487116

SHA512
dcb8eb5f67878e3842707bc8603d331fe5b8fcf0216ad9a8ad986b7d5ec5c67b1730afa4303408fd17985ac8df52b2cf7b6ed3d13716f28c99d9d56483039ca3

Download Submit
C:\Windows\system\ZkNNyXt.exe

Filesize
1.9MB

MD5
e3c172045c3886d3072a0d20cf35b3ef

SHA1
809a2811e24dd45a6db0ea5eb080846909613c6c

SHA256
45d7fa3ab748e24d7290502cc328abec7fe3d08dae4718e674cca390acd31e9f

SHA512
f84642fd5a030097dde2a9b015b3f8e6587d1392d022700637b92ea3215dc00531a27faaf5197d48298c9604afb4cf363a0e9b6195545884e51dad923583dede

Download Submit
C:\Windows\system\baCvdlB.exe

Filesize
1.9MB

MD5
f56e2e934ab7ba0c6ed6e51cd5a8e61b

SHA1
ede1072b7e520bb9d3d5841734e0728590732e9c

SHA256
f21aae8d36080687e71c1c9c8ee9ee9d52f1baa5703a8cd915a16da3a1374929

SHA512
a063ac397262e850023d60aad73ad9e8c23584a9e12344265ad83d60498ee97c57e7427b34e2e3c9144f7b2760296ac746c255601357f6913cca7007c1bfc26c

Download Submit
C:\Windows\system\fRpypOQ.exe

Filesize
1.9MB

MD5
7542062780cf38fb71b4bf0443568351

SHA1
d3a0a76aeca9d146de58a095664c3fc0ac952c97

SHA256
177368a8742d04804f6d40dabc026e3e34b8912f3d107caed36a35381a59736d

SHA512
c377167c30932827e17762ffa1905888dbe3171c32c4581f1791f94bae7bd342333a43aea0e9ca15983be9936420eeca5bb7acb86af73bba18e842340f57366b

Download Submit
C:\Windows\system\idzbbdM.exe

Filesize
1.9MB

MD5
1546433cebdea0feb8a63e39be597562

SHA1
895e5ef552e7d96425cfc61fb68d2b00d7a1eedd

SHA256
ff755a89b6833dbf9f1d4c43046e80a85db600653dd4914fc486f2e8043e3470

SHA512
61a8380a69af34d1a15ed9d0c4b9f564bd3d746979aa9b10b3d945437370cca080093ebf86551ed5c038e099be8d71c3ac956b2564c5f5e259ad95e0c5c58501

Download Submit
C:\Windows\system\jlGjeWy.exe

Filesize
1.9MB

MD5
09d0213c949f4f68764536390194d739

SHA1
4a35997d6869042f642ff8aa03126026d8f2b8ee

SHA256
2ee2f1279c97b155ea22d98e2823cd8a96a2951ad6a0def8b472d38cb7d67f9c

SHA512
9be465b1a3fa28fe742c818bb8e78ec3f6f962f1b391d48b0869419918bdf3e28daafdb0c2e0b6112a7353d1ab5660be604a3c5083d1cd7b1f101b7e5a5f84ec

Download Submit
C:\Windows\system\otbmIFj.exe

Filesize
1.9MB

MD5
197d0f9a636dcbde2b81467635df519c

SHA1
495b1bdf96271985d44b85593876359bde820b4a

SHA256
099ff933031bd72e4c0719a21e2e83a2071061db5fdc7276e826e79a3c6bdb9c

SHA512
9cbf0aa39994232e92f8e9e05b15d24ab87216116b25dfe16870e84b83bf488f40179f86f52a040b78848e1bdfa5b1d808a99d4cda2d213b39f08410df650830

Download Submit
C:\Windows\system\pCvTrcd.exe

Filesize
1.9MB

MD5
88d819d26eeb8bcf753ca9df691718a4

SHA1
0ec54629c9f62bce318d07a6a9bbf63d4909f3a5

SHA256
3f040581c4fc6c4b1370a830b0ffc141d668b81004abf732199ceb7d4f6f0520

SHA512
36f801144aa68662a2a2696cf609c51d855a1b232705fb876b70e312c42f73dfd2040a115d68183f0c778b48c7b797e6254bcd2b8b50f17fdb40cb9d09986802

Download Submit
C:\Windows\system\pbqundW.exe

Filesize
1.9MB

MD5
4da4bd5faf4954ba6098be7df12d399f

SHA1
070990ac91d959bca120ebf9009b5931b8ab5f79

SHA256
388e0327967c0a30bd7837f0d3357ef41c70b504ef509c8c8bde9ee17f0f69fa

SHA512
9895b6b051719605afe9ef97cc503bc5607b0ce565ed45f494182b4f794879e8c8db0e7f1eaf2b59ad1f084e5d1580e4b226cefe95bafc6964faa1ea05b491ea

Download Submit
C:\Windows\system\rhiGuBf.exe

Filesize
1.9MB

MD5
a57eb288b069cbe31a4143dbd1446f72

SHA1
ca757586320745b5756077c005d09cbc9f79bdec

SHA256
9e5aa90754a1767d099c68e437cf1966b43cc54b4932436b40492f684754a217

SHA512
d6929bc98399a7fdd30385e51c941ac67ed117266cf70e3a6a5c921bb4af53f47976360cab72da7dab5cfbeb063667183d535816478358bad4ba36e2d183c7fb

Download Submit
C:\Windows\system\tRiutQA.exe

Filesize
1.9MB

MD5
d377813176db67b4cef7412423d4e790

SHA1
40a68813d9ff4200319a0fc9207f2b4710f7863a

SHA256
e1e34c4311dc2147c5de7719a008b974e2aec31cea681565708a4afd143cd8b6

SHA512
7334f75bff84fe856cdb6c62cd40fb7850e9793b1b3e4251f383e0a6cce8f157af68a8d8ca6d3a421b19c527b8b979057ee7cd7c55526896f217ab848c561674

Download Submit
C:\Windows\system\urMxFoY.exe

Filesize
1.9MB

MD5
03e94cc1c1dcc3e0e63fd742ba00586e

SHA1
fc203e262bf81dc3462d6f339ea9966090694002

SHA256
cf3e8a615084349ce508ebf8c97283e8e56d8aa9ce7975034e1c79de8be2988f

SHA512
9a5c9c4377638ba8cdbd7c40ee4afe51214b61b76d75bd5a2a530f2739ab7684c5860d5aabfc3da30a48b4a612b1a8a7d8fc3f03d5432651b29f5a2fd237b5a1

Download Submit
C:\Windows\system\wUSejPh.exe

Filesize
1.9MB

MD5
adbaf409b8aec6d6b272328686026940

SHA1
332359ef676c046b17bd241d55dbe0a66c1e9c12

SHA256
2c9bfc1fc6c5420dc585faec750e3520f06b0143da50c56620a6cf66496367ef

SHA512
3526bb01c72b48fc353511ef250608379c91ec9406723dd3d0270ab6bb2a9eb8feb7b57d95f4011fbd4cf0e6c22073ed135139a97e568d77baaf07bbba1a3e1b

Download Submit
C:\Windows\system\zxDjmbt.exe

Filesize
1.9MB

MD5
73cca7b336876693e54c093c5db5bc0f

SHA1
7f44b91f8041a2aec9f5212d415057c7ca5f6a96

SHA256
49f3f76f33bd9cae9ac81619e0b653bc0c673039ac79664bfda8ac081abf9327

SHA512
8d54f9a909d4527b6d08cb343a9c58a290ce2808ced9e1a8658d54856ec68a29cc291f7fcb0f5b9de9df687566f45c83ccda01b38240a0206852e2e0e25c4d05

Download Submit
\Windows\system\AphALtL.exe

Filesize
1.9MB

MD5
beec18362e7bb9fad6a9abf8a4860f88

SHA1
892a59d09f190ec76d57675b0f5405253dd61cd6

SHA256
e30e83d2e2a44dc58cf6067ef5ddaf5c7e7d729525b2f31f3201a60a83de43c1

SHA512
b107868699ed07a198863d481096da727e42a305b6213d4255713b055de7c0f3c67d0249fb798e4e1bce9762b964b0cd0afde41de92fdeea70a357d54d871a59

Download Submit
\Windows\system\CLkbdgW.exe

Filesize
1.9MB

MD5
06f1aa1b8c140f23a600037ec59d35e3

SHA1
be18c8dcdb1dd62010b2a2233320f2709aa59094

SHA256
6748c6c065a3a0543bdc98b552d45910cc3b4a48a116a1a297a66f0fa11d447d

SHA512
98086f9436637db7f98b5645b19469440eada1929c90a52e92394fc71a49609d078bd0503f7df92bec3fea3124d0047f302ee527121269e098e0df977ad1ae5e

Download Submit
\Windows\system\ISURTWV.exe

Filesize
1.9MB

MD5
7366c3586989ea15a3eb32e58562f2d2

SHA1
5edcac0f70632aee5e4da6c9f42af70cd377a97d

SHA256
630eb8e2dc9fb87c3039c5f7d8a2ca6bd136c8f7d77f5c4c54968fec2d8c4465

SHA512
c0799b122f20014e9616a2aec2719128c95255d829766c3e6142512f234ee175442212734cffb364c3a65e6b1083ab8c242daf103bdddab5f8dff5386c51c6d2

Download Submit
\Windows\system\NdaSvCj.exe

Filesize
1.9MB

MD5
fdd5ae126652077a316f449a8cf1a8bf

SHA1
e824e25fc0b1c1a8f5e1adb4a6d58b4307f73e60

SHA256
a1aeeefe404ebc5ca2c5019c980799f2a8afaa91b133af38768cc7bdbc4b4fef

SHA512
93b4b753c736045ee23b821d7f3fe1c1f6a5ab5f8eda2f42d896941e6efc7ef80bebbff83031820b9c7893f5d379e1fda58ecfcf7dd137935f5b7caf855ef1a7

Download Submit
\Windows\system\dziBdLn.exe

Filesize
1.9MB

MD5
25cd04a41829cd6ba7438f8c4446db95

SHA1
162e420c4aaa68977aa9b76009a752504f4d3f09

SHA256
32a9d8784b6cbf7240016c58184ca1847499a722e689e96d30018acfe9423cac

SHA512
a4f6e12ae13bdd7b7cc99a1d3e0c473417f1d74ea2935d5da3da21502de0e221bfc76331bda1806a2e4a79bc48f9874185788a5a0157bcb91cba156437d5b7dc

Download Submit
\Windows\system\gwHeFyd.exe

Filesize
1.9MB

MD5
c5f2666f9b0f7665bd45fd7919ab75a2

SHA1
f38d4e06c5094ac88ad01871b4d9f406d8868877

SHA256
710eb42c40c594dc63d77946fa806bb2c254014028777d320c75bb7398f777fe

SHA512
8cc751d79126577bdf39f7d06ffbe14be7ef6f1d3a95cdeacd16624273acd48cdf349b6f06229f067bb80f33afc4031ed7b070e14abb7f84ae27d9217c4f4a48

Download Submit
\Windows\system\nUTfpYu.exe

Filesize
1.9MB

MD5
c8c4486ac4a737e5804acce8be2fd561

SHA1
e3786642ac2c825f3773d843e9b68ae402b6cf92

SHA256
4eb35a26ac4f98f5dcd4df4604f8102e2cea9e49f36a78c96d2745cb8ba71f6b

SHA512
4a174b7a85ddfe937235a453cbcbe8706931c9fa292dc8012f4d7f7ecc2dcb3d822a0b4a78c02c10a76cce59f5854a439c4ed3851a7331a14ee83df3cfd2d5ee

Download Submit
memory/812-160-0x000000013F380000-0x000000013F76D000-memory.dmp

Filesize
3.9MB

Download
memory/1036-103-0x000000013FB80000-0x000000013FF6D000-memory.dmp

Filesize
3.9MB

Download
memory/1072-173-0x000000013FEB0000-0x000000014029D000-memory.dmp

Filesize
3.9MB

Download
memory/1132-143-0x000000013F630000-0x000000013FA1D000-memory.dmp

Filesize
3.9MB

Download
memory/1152-132-0x000000013F070000-0x000000013F45D000-memory.dmp

Filesize
3.9MB

Download
memory/1324-70-0x000000013FC30000-0x000000014001D000-memory.dmp

Filesize
3.9MB

Download
memory/1356-76-0x000000013F700000-0x000000013FAED000-memory.dmp

Filesize
3.9MB

Download
memory/1556-120-0x000000013FE50000-0x000000014023D000-memory.dmp

Filesize
3.9MB

Download
memory/1604-95-0x000000013F120000-0x000000013F50D000-memory.dmp

Filesize
3.9MB

Download
memory/1656-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/1656-0-0x000000013FC20000-0x000000014000D000-memory.dmp

Filesize
3.9MB

Download
memory/1720-114-0x000000013FC90000-0x000000014007D000-memory.dmp

Filesize
3.9MB

Download
memory/1888-177-0x000000013F8B0000-0x000000013FC9D000-memory.dmp

Filesize
3.9MB

Download
memory/2128-91-0x000000013FA70000-0x000000013FE5D000-memory.dmp

Filesize
3.9MB

Download
memory/2264-127-0x000000013F340000-0x000000013F72D000-memory.dmp

Filesize
3.9MB

Download
memory/2268-200-0x000000013F4F0000-0x000000013F8DD000-memory.dmp

Filesize
3.9MB

Download
memory/2324-64-0x000000013F5E0000-0x000000013F9CD000-memory.dmp

Filesize
3.9MB

Download
memory/2348-47-0x000000013FB40000-0x000000013FF2D000-memory.dmp

Filesize
3.9MB

Download
memory/2448-152-0x000000013F7B0000-0x000000013FB9D000-memory.dmp

Filesize
3.9MB

Download
memory/2468-35-0x000000013FD60000-0x000000014014D000-memory.dmp

Filesize
3.9MB

Download
memory/2472-53-0x000000013F1F0000-0x000000013F5DD000-memory.dmp

Filesize
3.9MB

Download
memory/2488-41-0x000000013FA10000-0x000000013FDFD000-memory.dmp

Filesize
3.9MB

Download
memory/2496-7-0x000000013FAC0000-0x000000013FEAD000-memory.dmp

Filesize
3.9MB

Download
memory/2504-24-0x000000013F6F0000-0x000000013FADD000-memory.dmp

Filesize
3.9MB

Download
memory/2536-86-0x0000000001E00000-0x0000000001E08000-memory.dmp

Filesize
32KB

Download
memory/2536-84-0x000000001B550000-0x000000001B832000-memory.dmp

Filesize
2.9MB

Download
memory/2536-163-0x00000000029C4000-0x00000000029C7000-memory.dmp

Filesize
12KB

Download
memory/2536-181-0x000007FEF5B60000-0x000007FEF64FD000-memory.dmp

Filesize
9.6MB

Download
memory/2536-16-0x000007FEF5E1E000-0x000007FEF5E1F000-memory.dmp

Filesize
4KB

Download
memory/2536-9559-0x000007FEF5B60000-0x000007FEF64FD000-memory.dmp

Filesize
9.6MB

Download
memory/2588-82-0x000000013FE20000-0x000000014020D000-memory.dmp

Filesize
3.9MB

Download
memory/2592-33-0x000000013FD30000-0x000000014011D000-memory.dmp

Filesize
3.9MB

Download
memory/2640-22-0x000000013FEF0000-0x00000001402DD000-memory.dmp

Filesize
3.9MB

Download
memory/2812-168-0x000000013FF70000-0x000000014035D000-memory.dmp

Filesize
3.9MB

Download
memory/2888-58-0x000000013F2B0000-0x000000013F69D000-memory.dmp

Filesize
3.9MB

Download
memory/2940-204-0x000000013FC00000-0x000000013FFED000-memory.dmp

Filesize
3.9MB

Download
memory/3008-188-0x000000013F060000-0x000000013F44D000-memory.dmp

Filesize
3.9MB

Download