xmrig | 67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81

Analysis

max time kernel
150s
max time network
142s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 23:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
Size

1.8MB
MD5

2693d94a8b9aa4f917b3800cc29af9e3
SHA1

355f043aa93f19f8fd94c70a204ebff850f239ba
SHA256

67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81
SHA512

93e179b7902e4c77d17b27502ba3854e376ba104eea917fa0e4ca1e21c40c44d4a12a5df9d7496e762f19303fe562454e9e511ade647c66e747086a8e49debd9
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjpbc8nJwbomvu2Nrlum7+a7EtLgCPimz5:Lz071uv4BPMkHC0IBcAUNRSa7kj5zua

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 22 IoCs

resource	yara_rule
behavioral1/memory/2564-13-0x000000013F030000-0x000000013F422000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2732-59-0x000000013F180000-0x000000013F572000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2460-62-0x000000013F1F0000-0x000000013F5E2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2412-102-0x000000013F520000-0x000000013F912000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2304-98-0x000000013FC80000-0x0000000140072000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1352-97-0x000000013F410000-0x000000013F802000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2864-94-0x000000013F5B0000-0x000000013F9A2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/3048-92-0x000000013F7E0000-0x000000013FBD2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2496-90-0x000000013F290000-0x000000013F682000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2424-88-0x000000013F160000-0x000000013F552000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2588-73-0x000000013F4A0000-0x000000013F892000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2452-70-0x000000013F450000-0x000000013F842000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/3056-2641-0x000000013F550000-0x000000013F942000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2564-4533-0x000000013F030000-0x000000013F422000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2588-4534-0x000000013F4A0000-0x000000013F892000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2424-4586-0x000000013F160000-0x000000013F552000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/3048-4571-0x000000013F7E0000-0x000000013FBD2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1352-4805-0x000000013F410000-0x000000013F802000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2732-4808-0x000000013F180000-0x000000013F572000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2412-4659-0x000000013F520000-0x000000013F912000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2460-4647-0x000000013F1F0000-0x000000013F5E2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2496-4646-0x000000013F290000-0x000000013F682000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 59 IoCs

resource	yara_rule
behavioral1/memory/3056-0-0x000000013F550000-0x000000013F942000-memory.dmp	UPX
behavioral1/files/0x000c000000013417-3.dat	UPX
behavioral1/files/0x0036000000013a53-16.dat	UPX
behavioral1/memory/2564-13-0x000000013F030000-0x000000013F422000-memory.dmp	UPX
behavioral1/files/0x0016000000005586-23.dat	UPX
behavioral1/files/0x000800000001418c-28.dat	UPX
behavioral1/files/0x0007000000014251-32.dat	UPX
behavioral1/files/0x000b00000001431b-35.dat	UPX
behavioral1/files/0x000800000001432f-41.dat	UPX
behavioral1/files/0x0006000000014a60-53.dat	UPX
behavioral1/memory/2732-59-0x000000013F180000-0x000000013F572000-memory.dmp	UPX
behavioral1/memory/2460-62-0x000000013F1F0000-0x000000013F5E2000-memory.dmp	UPX
behavioral1/files/0x00070000000143fb-51.dat	UPX
behavioral1/files/0x0006000000014b1c-63.dat	UPX
behavioral1/files/0x0006000000014c2d-81.dat	UPX
behavioral1/files/0x0006000000014f57-83.dat	UPX
behavioral1/files/0x0006000000015cd2-169.dat	UPX
behavioral1/files/0x0006000000015cc5-165.dat	UPX
behavioral1/files/0x0006000000015662-160.dat	UPX
behavioral1/files/0x00060000000153ee-134.dat	UPX
behavioral1/files/0x0006000000015d59-200.dat	UPX
behavioral1/files/0x0006000000015d0a-189.dat	UPX
behavioral1/files/0x0006000000015d21-187.dat	UPX
behavioral1/files/0x0006000000015cf8-181.dat	UPX
behavioral1/files/0x0006000000015ce3-172.dat	UPX
behavioral1/files/0x0006000000015cb1-168.dat	UPX
behavioral1/files/0x0006000000015ca8-156.dat	UPX
behavioral1/files/0x0006000000015b50-149.dat	UPX
behavioral1/files/0x0006000000015b85-146.dat	UPX
behavioral1/files/0x00060000000158d9-141.dat	UPX
behavioral1/files/0x0006000000015ae3-139.dat	UPX
behavioral1/files/0x00060000000150d9-122.dat	UPX
behavioral1/files/0x0006000000015083-116.dat	UPX
behavioral1/files/0x0006000000015d39-196.dat	UPX
behavioral1/files/0x0006000000015cee-178.dat	UPX
behavioral1/files/0x0006000000015c9a-153.dat	UPX
behavioral1/files/0x000600000001565a-127.dat	UPX
behavioral1/files/0x0036000000013a88-110.dat	UPX
behavioral1/files/0x000600000001507a-107.dat	UPX
behavioral1/memory/2412-102-0x000000013F520000-0x000000013F912000-memory.dmp	UPX
behavioral1/memory/2304-98-0x000000013FC80000-0x0000000140072000-memory.dmp	UPX
behavioral1/memory/1352-97-0x000000013F410000-0x000000013F802000-memory.dmp	UPX
behavioral1/memory/2864-94-0x000000013F5B0000-0x000000013F9A2000-memory.dmp	UPX
behavioral1/memory/3048-92-0x000000013F7E0000-0x000000013FBD2000-memory.dmp	UPX
behavioral1/memory/2496-90-0x000000013F290000-0x000000013F682000-memory.dmp	UPX
behavioral1/memory/2424-88-0x000000013F160000-0x000000013F552000-memory.dmp	UPX
behavioral1/files/0x0006000000014bd7-75.dat	UPX
behavioral1/memory/2588-73-0x000000013F4A0000-0x000000013F892000-memory.dmp	UPX
behavioral1/memory/2452-70-0x000000013F450000-0x000000013F842000-memory.dmp	UPX
behavioral1/memory/3056-2641-0x000000013F550000-0x000000013F942000-memory.dmp	UPX
behavioral1/memory/2564-4533-0x000000013F030000-0x000000013F422000-memory.dmp	UPX
behavioral1/memory/2588-4534-0x000000013F4A0000-0x000000013F892000-memory.dmp	UPX
behavioral1/memory/2424-4586-0x000000013F160000-0x000000013F552000-memory.dmp	UPX
behavioral1/memory/3048-4571-0x000000013F7E0000-0x000000013FBD2000-memory.dmp	UPX
behavioral1/memory/1352-4805-0x000000013F410000-0x000000013F802000-memory.dmp	UPX
behavioral1/memory/2732-4808-0x000000013F180000-0x000000013F572000-memory.dmp	UPX
behavioral1/memory/2412-4659-0x000000013F520000-0x000000013F912000-memory.dmp	UPX
behavioral1/memory/2460-4647-0x000000013F1F0000-0x000000013F5E2000-memory.dmp	UPX
behavioral1/memory/2496-4646-0x000000013F290000-0x000000013F682000-memory.dmp	UPX

XMRig Miner payload 23 IoCs

miner

resource	yara_rule
behavioral1/memory/2564-13-0x000000013F030000-0x000000013F422000-memory.dmp	xmrig
behavioral1/memory/2732-59-0x000000013F180000-0x000000013F572000-memory.dmp	xmrig
behavioral1/memory/2460-62-0x000000013F1F0000-0x000000013F5E2000-memory.dmp	xmrig
behavioral1/memory/2412-102-0x000000013F520000-0x000000013F912000-memory.dmp	xmrig
behavioral1/memory/2304-98-0x000000013FC80000-0x0000000140072000-memory.dmp	xmrig
behavioral1/memory/1352-97-0x000000013F410000-0x000000013F802000-memory.dmp	xmrig
behavioral1/memory/2864-94-0x000000013F5B0000-0x000000013F9A2000-memory.dmp	xmrig
behavioral1/memory/3048-92-0x000000013F7E0000-0x000000013FBD2000-memory.dmp	xmrig
behavioral1/memory/2496-90-0x000000013F290000-0x000000013F682000-memory.dmp	xmrig
behavioral1/memory/2424-88-0x000000013F160000-0x000000013F552000-memory.dmp	xmrig
behavioral1/memory/2588-73-0x000000013F4A0000-0x000000013F892000-memory.dmp	xmrig
behavioral1/memory/2452-70-0x000000013F450000-0x000000013F842000-memory.dmp	xmrig
behavioral1/memory/3056-67-0x0000000003590000-0x0000000003982000-memory.dmp	xmrig
behavioral1/memory/3056-2641-0x000000013F550000-0x000000013F942000-memory.dmp	xmrig
behavioral1/memory/2564-4533-0x000000013F030000-0x000000013F422000-memory.dmp	xmrig
behavioral1/memory/2588-4534-0x000000013F4A0000-0x000000013F892000-memory.dmp	xmrig
behavioral1/memory/2424-4586-0x000000013F160000-0x000000013F552000-memory.dmp	xmrig
behavioral1/memory/3048-4571-0x000000013F7E0000-0x000000013FBD2000-memory.dmp	xmrig
behavioral1/memory/1352-4805-0x000000013F410000-0x000000013F802000-memory.dmp	xmrig
behavioral1/memory/2732-4808-0x000000013F180000-0x000000013F572000-memory.dmp	xmrig
behavioral1/memory/2412-4659-0x000000013F520000-0x000000013F912000-memory.dmp	xmrig
behavioral1/memory/2460-4647-0x000000013F1F0000-0x000000013F5E2000-memory.dmp	xmrig
behavioral1/memory/2496-4646-0x000000013F290000-0x000000013F682000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
2636	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2564	mjxrvVE.exe
2732	BQVLHzK.exe
2460	qvGxwog.exe
2452	pCQQiOn.exe
2588	XJrUWda.exe
2424	OzDrIwk.exe
2496	vKgjnIA.exe
3048	JRLKLAE.exe
2864	RyfCQZR.exe
1352	PmXOaoS.exe
2412	KTAGCBd.exe
2304	OlvYjFu.exe
1956	qhcLaiI.exe
1676	KcwdzwK.exe
1568	qPdoDEX.exe
988	arWsVdn.exe
1968	DhyVUFr.exe
620	oveyrtU.exe
2992	HomQLSH.exe
2404	uAJkKOp.exe
1060	QgZXjDe.exe
992	vQXIFwp.exe
2192	trMYrHW.exe
1428	FTqTbzP.exe
1144	WZnjNuu.exe
2232	wlatmtq.exe
2796	CTGLEcy.exe
1460	KSGkHFg.exe
2848	OWrAxce.exe
2980	HUXyDhu.exe
676	dXxqBKO.exe
852	eStvDgc.exe
616	OUJtzBW.exe
1744	ZOwwAVj.exe
912	fOFeXmm.exe
2948	VjVILiQ.exe
1184	WEaJtEb.exe
3000	tWgJtcY.exe
1532	CflIVho.exe
1264	UpekfHc.exe
1132	NnidRzW.exe
1360	tFDOToy.exe
1188	rrSiHEH.exe
1656	BfNLXwp.exe
2508	RFzznhF.exe
1316	Ptwtwat.exe
356	LeNEYaJ.exe
1736	sCbFWkZ.exe
2372	BIlEvoK.exe
1524	ozRnwnd.exe
2648	kYAhWLB.exe
1632	JmWTSTS.exe
2696	oVfMlap.exe
2772	mwlzjIH.exe
2436	aHVEWlQ.exe
2936	UcRjTVN.exe
1844	bpByWpv.exe
2680	lYAYvuF.exe
2972	IrLALzk.exe
1708	YMCXNUp.exe
1508	jtvzGVX.exe
1888	aBrnnOb.exe
1240	SokJVXK.exe
2512	GBjNJtJ.exe

Loads dropped DLL 64 IoCs

pid	Process
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe

UPX packed file 59 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3056-0-0x000000013F550000-0x000000013F942000-memory.dmp	upx
behavioral1/files/0x000c000000013417-3.dat	upx
behavioral1/files/0x0036000000013a53-16.dat	upx
behavioral1/memory/2564-13-0x000000013F030000-0x000000013F422000-memory.dmp	upx
behavioral1/files/0x0016000000005586-23.dat	upx
behavioral1/files/0x000800000001418c-28.dat	upx
behavioral1/files/0x0007000000014251-32.dat	upx
behavioral1/files/0x000b00000001431b-35.dat	upx
behavioral1/files/0x000800000001432f-41.dat	upx
behavioral1/files/0x0006000000014a60-53.dat	upx
behavioral1/memory/2732-59-0x000000013F180000-0x000000013F572000-memory.dmp	upx
behavioral1/memory/2460-62-0x000000013F1F0000-0x000000013F5E2000-memory.dmp	upx
behavioral1/files/0x00070000000143fb-51.dat	upx
behavioral1/files/0x0006000000014b1c-63.dat	upx
behavioral1/files/0x0006000000014c2d-81.dat	upx
behavioral1/files/0x0006000000014f57-83.dat	upx
behavioral1/files/0x0006000000015cd2-169.dat	upx
behavioral1/files/0x0006000000015cc5-165.dat	upx
behavioral1/files/0x0006000000015662-160.dat	upx
behavioral1/files/0x00060000000153ee-134.dat	upx
behavioral1/files/0x0006000000015d59-200.dat	upx
behavioral1/files/0x0006000000015d0a-189.dat	upx
behavioral1/files/0x0006000000015d21-187.dat	upx
behavioral1/files/0x0006000000015cf8-181.dat	upx
behavioral1/files/0x0006000000015ce3-172.dat	upx
behavioral1/files/0x0006000000015cb1-168.dat	upx
behavioral1/files/0x0006000000015ca8-156.dat	upx
behavioral1/files/0x0006000000015b50-149.dat	upx
behavioral1/files/0x0006000000015b85-146.dat	upx
behavioral1/files/0x00060000000158d9-141.dat	upx
behavioral1/files/0x0006000000015ae3-139.dat	upx
behavioral1/files/0x00060000000150d9-122.dat	upx
behavioral1/files/0x0006000000015083-116.dat	upx
behavioral1/files/0x0006000000015d39-196.dat	upx
behavioral1/files/0x0006000000015cee-178.dat	upx
behavioral1/files/0x0006000000015c9a-153.dat	upx
behavioral1/files/0x000600000001565a-127.dat	upx
behavioral1/files/0x0036000000013a88-110.dat	upx
behavioral1/files/0x000600000001507a-107.dat	upx
behavioral1/memory/2412-102-0x000000013F520000-0x000000013F912000-memory.dmp	upx
behavioral1/memory/2304-98-0x000000013FC80000-0x0000000140072000-memory.dmp	upx
behavioral1/memory/1352-97-0x000000013F410000-0x000000013F802000-memory.dmp	upx
behavioral1/memory/2864-94-0x000000013F5B0000-0x000000013F9A2000-memory.dmp	upx
behavioral1/memory/3048-92-0x000000013F7E0000-0x000000013FBD2000-memory.dmp	upx
behavioral1/memory/2496-90-0x000000013F290000-0x000000013F682000-memory.dmp	upx
behavioral1/memory/2424-88-0x000000013F160000-0x000000013F552000-memory.dmp	upx
behavioral1/files/0x0006000000014bd7-75.dat	upx
behavioral1/memory/2588-73-0x000000013F4A0000-0x000000013F892000-memory.dmp	upx
behavioral1/memory/2452-70-0x000000013F450000-0x000000013F842000-memory.dmp	upx
behavioral1/memory/3056-2641-0x000000013F550000-0x000000013F942000-memory.dmp	upx
behavioral1/memory/2564-4533-0x000000013F030000-0x000000013F422000-memory.dmp	upx
behavioral1/memory/2588-4534-0x000000013F4A0000-0x000000013F892000-memory.dmp	upx
behavioral1/memory/2424-4586-0x000000013F160000-0x000000013F552000-memory.dmp	upx
behavioral1/memory/3048-4571-0x000000013F7E0000-0x000000013FBD2000-memory.dmp	upx
behavioral1/memory/1352-4805-0x000000013F410000-0x000000013F802000-memory.dmp	upx
behavioral1/memory/2732-4808-0x000000013F180000-0x000000013F572000-memory.dmp	upx
behavioral1/memory/2412-4659-0x000000013F520000-0x000000013F912000-memory.dmp	upx
behavioral1/memory/2460-4647-0x000000013F1F0000-0x000000013F5E2000-memory.dmp	upx
behavioral1/memory/2496-4646-0x000000013F290000-0x000000013F682000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\aMrbvFO.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\UhCBsRi.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\yjIcqVO.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\KHQCZaS.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\PPwGtvK.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\JPJVFhO.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\nmTgLCl.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\EZUPXiY.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\UOvvuAb.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\QmbslvU.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\DLbCatR.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\GeIqcYy.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\dBnKIvD.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\URDjpxn.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\DpLSPyU.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\DOjFQlI.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\pZecwVY.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\zNxhscP.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\KGppuWk.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\AqQoqeQ.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\vepsSfm.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\wibfPzo.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\ReKalBk.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\ytwyRLr.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\SoiFPTq.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\zRTkzDI.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\KPPcpJJ.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\hbcjVGv.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\PKxbcel.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\JpAXWWO.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\gMHDHaF.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\CUESDLk.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\nJCfsFf.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\OKEooOr.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\fPNSSDf.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\bfzMgFZ.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\bNteCsz.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\lSSnGBA.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\qNSzKEV.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\PqWYhfn.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\kKCOrEc.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\CqOeEyi.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\mfrGaNJ.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\RlEepCk.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\AUmiqRP.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\AqtLeDV.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\qCEIuOE.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\mdLPXrG.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\YILuEPy.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\owiFPmw.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\udWRTQw.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\Rsalkvb.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\vKvNlYP.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\ZTipBmV.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\JPZPhua.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\xFEpYBM.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\BUvIirA.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\dEjOonR.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\ZydzjCA.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\URYtTMn.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\ttuLLBi.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\QwLMtST.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\MhXNewU.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
File created	C:\Windows\System\BQJSsMX.exe	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2636	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
Token: SeLockMemoryPrivilege	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
Token: SeDebugPrivilege	2636	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 2636	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	29
PID 3056 wrote to memory of 2636	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	29
PID 3056 wrote to memory of 2636	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	29
PID 3056 wrote to memory of 2564	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	30
PID 3056 wrote to memory of 2564	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	30
PID 3056 wrote to memory of 2564	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	30
PID 3056 wrote to memory of 2732	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	31
PID 3056 wrote to memory of 2732	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	31
PID 3056 wrote to memory of 2732	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	31
PID 3056 wrote to memory of 2460	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	32
PID 3056 wrote to memory of 2460	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	32
PID 3056 wrote to memory of 2460	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	32
PID 3056 wrote to memory of 2452	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	33
PID 3056 wrote to memory of 2452	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	33
PID 3056 wrote to memory of 2452	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	33
PID 3056 wrote to memory of 2588	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	34
PID 3056 wrote to memory of 2588	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	34
PID 3056 wrote to memory of 2588	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	34
PID 3056 wrote to memory of 2424	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	35
PID 3056 wrote to memory of 2424	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	35
PID 3056 wrote to memory of 2424	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	35
PID 3056 wrote to memory of 2496	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	36
PID 3056 wrote to memory of 2496	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	36
PID 3056 wrote to memory of 2496	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	36
PID 3056 wrote to memory of 3048	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	37
PID 3056 wrote to memory of 3048	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	37
PID 3056 wrote to memory of 3048	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	37
PID 3056 wrote to memory of 2864	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	38
PID 3056 wrote to memory of 2864	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	38
PID 3056 wrote to memory of 2864	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	38
PID 3056 wrote to memory of 1352	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	39
PID 3056 wrote to memory of 1352	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	39
PID 3056 wrote to memory of 1352	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	39
PID 3056 wrote to memory of 2412	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	40
PID 3056 wrote to memory of 2412	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	40
PID 3056 wrote to memory of 2412	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	40
PID 3056 wrote to memory of 2304	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	41
PID 3056 wrote to memory of 2304	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	41
PID 3056 wrote to memory of 2304	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	41
PID 3056 wrote to memory of 1956	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	42
PID 3056 wrote to memory of 1956	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	42
PID 3056 wrote to memory of 1956	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	42
PID 3056 wrote to memory of 1676	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	43
PID 3056 wrote to memory of 1676	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	43
PID 3056 wrote to memory of 1676	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	43
PID 3056 wrote to memory of 1568	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	44
PID 3056 wrote to memory of 1568	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	44
PID 3056 wrote to memory of 1568	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	44
PID 3056 wrote to memory of 988	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	45
PID 3056 wrote to memory of 988	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	45
PID 3056 wrote to memory of 988	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	45
PID 3056 wrote to memory of 1968	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	46
PID 3056 wrote to memory of 1968	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	46
PID 3056 wrote to memory of 1968	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	46
PID 3056 wrote to memory of 2992	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	47
PID 3056 wrote to memory of 2992	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	47
PID 3056 wrote to memory of 2992	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	47
PID 3056 wrote to memory of 620	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	48
PID 3056 wrote to memory of 620	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	48
PID 3056 wrote to memory of 620	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	48
PID 3056 wrote to memory of 2192	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	49
PID 3056 wrote to memory of 2192	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	49
PID 3056 wrote to memory of 2192	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	49
PID 3056 wrote to memory of 2404	3056	67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe	50

C:\Users\Admin\AppData\Local\Temp\67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe
"C:\Users\Admin\AppData\Local\Temp\67f1b1b206553935bb1ada1c6d2313c7966d92fbc0980146d697f5f9fa79bd81.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2636
- C:\Windows\System\mjxrvVE.exe
  C:\Windows\System\mjxrvVE.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\BQVLHzK.exe
  C:\Windows\System\BQVLHzK.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\qvGxwog.exe
  C:\Windows\System\qvGxwog.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\pCQQiOn.exe
  C:\Windows\System\pCQQiOn.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\XJrUWda.exe
  C:\Windows\System\XJrUWda.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\OzDrIwk.exe
  C:\Windows\System\OzDrIwk.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\vKgjnIA.exe
  C:\Windows\System\vKgjnIA.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\JRLKLAE.exe
  C:\Windows\System\JRLKLAE.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\RyfCQZR.exe
  C:\Windows\System\RyfCQZR.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\PmXOaoS.exe
  C:\Windows\System\PmXOaoS.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\KTAGCBd.exe
  C:\Windows\System\KTAGCBd.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\OlvYjFu.exe
  C:\Windows\System\OlvYjFu.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\qhcLaiI.exe
  C:\Windows\System\qhcLaiI.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\KcwdzwK.exe
  C:\Windows\System\KcwdzwK.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\qPdoDEX.exe
  C:\Windows\System\qPdoDEX.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\arWsVdn.exe
  C:\Windows\System\arWsVdn.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\DhyVUFr.exe
  C:\Windows\System\DhyVUFr.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\HomQLSH.exe
  C:\Windows\System\HomQLSH.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\oveyrtU.exe
  C:\Windows\System\oveyrtU.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\trMYrHW.exe
  C:\Windows\System\trMYrHW.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\uAJkKOp.exe
  C:\Windows\System\uAJkKOp.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\OWrAxce.exe
  C:\Windows\System\OWrAxce.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\QgZXjDe.exe
  C:\Windows\System\QgZXjDe.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\dXxqBKO.exe
  C:\Windows\System\dXxqBKO.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\vQXIFwp.exe
  C:\Windows\System\vQXIFwp.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\OUJtzBW.exe
  C:\Windows\System\OUJtzBW.exe
  2⤵
  - Executes dropped EXE
  PID:616
- C:\Windows\System\FTqTbzP.exe
  C:\Windows\System\FTqTbzP.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\ZOwwAVj.exe
  C:\Windows\System\ZOwwAVj.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\WZnjNuu.exe
  C:\Windows\System\WZnjNuu.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\fOFeXmm.exe
  C:\Windows\System\fOFeXmm.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\wlatmtq.exe
  C:\Windows\System\wlatmtq.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\WEaJtEb.exe
  C:\Windows\System\WEaJtEb.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\CTGLEcy.exe
  C:\Windows\System\CTGLEcy.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\tWgJtcY.exe
  C:\Windows\System\tWgJtcY.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\KSGkHFg.exe
  C:\Windows\System\KSGkHFg.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\CflIVho.exe
  C:\Windows\System\CflIVho.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\HUXyDhu.exe
  C:\Windows\System\HUXyDhu.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\UpekfHc.exe
  C:\Windows\System\UpekfHc.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\eStvDgc.exe
  C:\Windows\System\eStvDgc.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\NnidRzW.exe
  C:\Windows\System\NnidRzW.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\VjVILiQ.exe
  C:\Windows\System\VjVILiQ.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\tFDOToy.exe
  C:\Windows\System\tFDOToy.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\rrSiHEH.exe
  C:\Windows\System\rrSiHEH.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\BfNLXwp.exe
  C:\Windows\System\BfNLXwp.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\RFzznhF.exe
  C:\Windows\System\RFzznhF.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\Ptwtwat.exe
  C:\Windows\System\Ptwtwat.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\LeNEYaJ.exe
  C:\Windows\System\LeNEYaJ.exe
  2⤵
  - Executes dropped EXE
  PID:356
- C:\Windows\System\sCbFWkZ.exe
  C:\Windows\System\sCbFWkZ.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\BIlEvoK.exe
  C:\Windows\System\BIlEvoK.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\JmWTSTS.exe
  C:\Windows\System\JmWTSTS.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\ozRnwnd.exe
  C:\Windows\System\ozRnwnd.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\oVfMlap.exe
  C:\Windows\System\oVfMlap.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\kYAhWLB.exe
  C:\Windows\System\kYAhWLB.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\mwlzjIH.exe
  C:\Windows\System\mwlzjIH.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\aHVEWlQ.exe
  C:\Windows\System\aHVEWlQ.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\UcRjTVN.exe
  C:\Windows\System\UcRjTVN.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\bpByWpv.exe
  C:\Windows\System\bpByWpv.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\lYAYvuF.exe
  C:\Windows\System\lYAYvuF.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\IrLALzk.exe
  C:\Windows\System\IrLALzk.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\YMCXNUp.exe
  C:\Windows\System\YMCXNUp.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\jtvzGVX.exe
  C:\Windows\System\jtvzGVX.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\aBrnnOb.exe
  C:\Windows\System\aBrnnOb.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\SokJVXK.exe
  C:\Windows\System\SokJVXK.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\GBjNJtJ.exe
  C:\Windows\System\GBjNJtJ.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\DDnzPEc.exe
  C:\Windows\System\DDnzPEc.exe
  2⤵
  PID:540
- C:\Windows\System\XlyeRKo.exe
  C:\Windows\System\XlyeRKo.exe
  2⤵
  PID:564
- C:\Windows\System\QdSXAaF.exe
  C:\Windows\System\QdSXAaF.exe
  2⤵
  PID:844
- C:\Windows\System\OQNjPnF.exe
  C:\Windows\System\OQNjPnF.exe
  2⤵
  PID:964
- C:\Windows\System\gvfazdG.exe
  C:\Windows\System\gvfazdG.exe
  2⤵
  PID:2256
- C:\Windows\System\mnSflji.exe
  C:\Windows\System\mnSflji.exe
  2⤵
  PID:932
- C:\Windows\System\ptWNtTC.exe
  C:\Windows\System\ptWNtTC.exe
  2⤵
  PID:1012
- C:\Windows\System\ivVXvVg.exe
  C:\Windows\System\ivVXvVg.exe
  2⤵
  PID:2080
- C:\Windows\System\GhAPasq.exe
  C:\Windows\System\GhAPasq.exe
  2⤵
  PID:2244
- C:\Windows\System\qWekbjJ.exe
  C:\Windows\System\qWekbjJ.exe
  2⤵
  PID:448
- C:\Windows\System\GueUQki.exe
  C:\Windows\System\GueUQki.exe
  2⤵
  PID:2640
- C:\Windows\System\joSIVfN.exe
  C:\Windows\System\joSIVfN.exe
  2⤵
  PID:1912
- C:\Windows\System\TGhqcar.exe
  C:\Windows\System\TGhqcar.exe
  2⤵
  PID:1608
- C:\Windows\System\qCBNYSk.exe
  C:\Windows\System\qCBNYSk.exe
  2⤵
  PID:1884
- C:\Windows\System\LPwaYfo.exe
  C:\Windows\System\LPwaYfo.exe
  2⤵
  PID:572
- C:\Windows\System\GLEcdGB.exe
  C:\Windows\System\GLEcdGB.exe
  2⤵
  PID:1984
- C:\Windows\System\FmpFrWO.exe
  C:\Windows\System\FmpFrWO.exe
  2⤵
  PID:2836
- C:\Windows\System\UWTorHk.exe
  C:\Windows\System\UWTorHk.exe
  2⤵
  PID:2284
- C:\Windows\System\tuxmPcJ.exe
  C:\Windows\System\tuxmPcJ.exe
  2⤵
  PID:1496
- C:\Windows\System\VQIJJLZ.exe
  C:\Windows\System\VQIJJLZ.exe
  2⤵
  PID:2608
- C:\Windows\System\FRbOozb.exe
  C:\Windows\System\FRbOozb.exe
  2⤵
  PID:1700
- C:\Windows\System\AHsYhxg.exe
  C:\Windows\System\AHsYhxg.exe
  2⤵
  PID:2456
- C:\Windows\System\RemKlIt.exe
  C:\Windows\System\RemKlIt.exe
  2⤵
  PID:2700
- C:\Windows\System\aeMorph.exe
  C:\Windows\System\aeMorph.exe
  2⤵
  PID:2324
- C:\Windows\System\OtqqLJD.exe
  C:\Windows\System\OtqqLJD.exe
  2⤵
  PID:2444
- C:\Windows\System\hLlBXGp.exe
  C:\Windows\System\hLlBXGp.exe
  2⤵
  PID:1740
- C:\Windows\System\FJMqpdo.exe
  C:\Windows\System\FJMqpdo.exe
  2⤵
  PID:1872
- C:\Windows\System\LuRCWxe.exe
  C:\Windows\System\LuRCWxe.exe
  2⤵
  PID:2604
- C:\Windows\System\xkXyVos.exe
  C:\Windows\System\xkXyVos.exe
  2⤵
  PID:2728
- C:\Windows\System\ViMGRmR.exe
  C:\Windows\System\ViMGRmR.exe
  2⤵
  PID:2196
- C:\Windows\System\NnDjrCE.exe
  C:\Windows\System\NnDjrCE.exe
  2⤵
  PID:1780
- C:\Windows\System\BxvACqr.exe
  C:\Windows\System\BxvACqr.exe
  2⤵
  PID:1592
- C:\Windows\System\cLsycsD.exe
  C:\Windows\System\cLsycsD.exe
  2⤵
  PID:1580
- C:\Windows\System\bQyblJx.exe
  C:\Windows\System\bQyblJx.exe
  2⤵
  PID:2572
- C:\Windows\System\dtcdVJv.exe
  C:\Windows\System\dtcdVJv.exe
  2⤵
  PID:2584
- C:\Windows\System\vFSVHyo.exe
  C:\Windows\System\vFSVHyo.exe
  2⤵
  PID:752
- C:\Windows\System\apKqvRS.exe
  C:\Windows\System\apKqvRS.exe
  2⤵
  PID:1584
- C:\Windows\System\ZlmqFzv.exe
  C:\Windows\System\ZlmqFzv.exe
  2⤵
  PID:112
- C:\Windows\System\vPXeIdK.exe
  C:\Windows\System\vPXeIdK.exe
  2⤵
  PID:960
- C:\Windows\System\AdiqQel.exe
  C:\Windows\System\AdiqQel.exe
  2⤵
  PID:1772
- C:\Windows\System\sDUWLvU.exe
  C:\Windows\System\sDUWLvU.exe
  2⤵
  PID:1908
- C:\Windows\System\LBJGMzO.exe
  C:\Windows\System\LBJGMzO.exe
  2⤵
  PID:2296
- C:\Windows\System\adLJdUp.exe
  C:\Windows\System\adLJdUp.exe
  2⤵
  PID:2592
- C:\Windows\System\MgDMMAr.exe
  C:\Windows\System\MgDMMAr.exe
  2⤵
  PID:1948
- C:\Windows\System\iblMDfr.exe
  C:\Windows\System\iblMDfr.exe
  2⤵
  PID:2060
- C:\Windows\System\BRLNQDv.exe
  C:\Windows\System\BRLNQDv.exe
  2⤵
  PID:2240
- C:\Windows\System\IiRYiXw.exe
  C:\Windows\System\IiRYiXw.exe
  2⤵
  PID:1424
- C:\Windows\System\MuRWuRY.exe
  C:\Windows\System\MuRWuRY.exe
  2⤵
  PID:2124
- C:\Windows\System\vBpPoFj.exe
  C:\Windows\System\vBpPoFj.exe
  2⤵
  PID:2524
- C:\Windows\System\oxoPcmp.exe
  C:\Windows\System\oxoPcmp.exe
  2⤵
  PID:2536
- C:\Windows\System\FmViuvd.exe
  C:\Windows\System\FmViuvd.exe
  2⤵
  PID:2440
- C:\Windows\System\IaMDMmO.exe
  C:\Windows\System\IaMDMmO.exe
  2⤵
  PID:2624
- C:\Windows\System\iFqEoMj.exe
  C:\Windows\System\iFqEoMj.exe
  2⤵
  PID:2040
- C:\Windows\System\AtGBcFF.exe
  C:\Windows\System\AtGBcFF.exe
  2⤵
  PID:1856
- C:\Windows\System\JeFILVu.exe
  C:\Windows\System\JeFILVu.exe
  2⤵
  PID:1028
- C:\Windows\System\CAJgrGy.exe
  C:\Windows\System\CAJgrGy.exe
  2⤵
  PID:324
- C:\Windows\System\tTaovNY.exe
  C:\Windows\System\tTaovNY.exe
  2⤵
  PID:2724
- C:\Windows\System\AtLBbDZ.exe
  C:\Windows\System\AtLBbDZ.exe
  2⤵
  PID:2120
- C:\Windows\System\nsxFoax.exe
  C:\Windows\System\nsxFoax.exe
  2⤵
  PID:1916
- C:\Windows\System\kqypWLo.exe
  C:\Windows\System\kqypWLo.exe
  2⤵
  PID:2664
- C:\Windows\System\YNMmgBc.exe
  C:\Windows\System\YNMmgBc.exe
  2⤵
  PID:3084
- C:\Windows\System\ajUAQhN.exe
  C:\Windows\System\ajUAQhN.exe
  2⤵
  PID:3100
- C:\Windows\System\ABtQPhs.exe
  C:\Windows\System\ABtQPhs.exe
  2⤵
  PID:3116
- C:\Windows\System\AtsqzCd.exe
  C:\Windows\System\AtsqzCd.exe
  2⤵
  PID:3132
- C:\Windows\System\IqqgRIi.exe
  C:\Windows\System\IqqgRIi.exe
  2⤵
  PID:3148
- C:\Windows\System\OUaYTRI.exe
  C:\Windows\System\OUaYTRI.exe
  2⤵
  PID:3164
- C:\Windows\System\BmpnkkL.exe
  C:\Windows\System\BmpnkkL.exe
  2⤵
  PID:3180
- C:\Windows\System\DeYSlBh.exe
  C:\Windows\System\DeYSlBh.exe
  2⤵
  PID:3200
- C:\Windows\System\quzDIJb.exe
  C:\Windows\System\quzDIJb.exe
  2⤵
  PID:3224
- C:\Windows\System\zXeDssW.exe
  C:\Windows\System\zXeDssW.exe
  2⤵
  PID:3240
- C:\Windows\System\oouQsXf.exe
  C:\Windows\System\oouQsXf.exe
  2⤵
  PID:3256
- C:\Windows\System\SSrqHed.exe
  C:\Windows\System\SSrqHed.exe
  2⤵
  PID:3272
- C:\Windows\System\AnNNpYG.exe
  C:\Windows\System\AnNNpYG.exe
  2⤵
  PID:3288
- C:\Windows\System\jsztwVp.exe
  C:\Windows\System\jsztwVp.exe
  2⤵
  PID:3304
- C:\Windows\System\zMGpOwE.exe
  C:\Windows\System\zMGpOwE.exe
  2⤵
  PID:3320
- C:\Windows\System\oTSusuD.exe
  C:\Windows\System\oTSusuD.exe
  2⤵
  PID:3336
- C:\Windows\System\BFQyHGs.exe
  C:\Windows\System\BFQyHGs.exe
  2⤵
  PID:3352
- C:\Windows\System\agfxPpi.exe
  C:\Windows\System\agfxPpi.exe
  2⤵
  PID:3368
- C:\Windows\System\PTAbDth.exe
  C:\Windows\System\PTAbDth.exe
  2⤵
  PID:3512
- C:\Windows\System\daFKlOd.exe
  C:\Windows\System\daFKlOd.exe
  2⤵
  PID:3528
- C:\Windows\System\HaaaRMN.exe
  C:\Windows\System\HaaaRMN.exe
  2⤵
  PID:3548
- C:\Windows\System\fOzDnkF.exe
  C:\Windows\System\fOzDnkF.exe
  2⤵
  PID:3564
- C:\Windows\System\fVSNjaM.exe
  C:\Windows\System\fVSNjaM.exe
  2⤵
  PID:3584
- C:\Windows\System\lVOmBYo.exe
  C:\Windows\System\lVOmBYo.exe
  2⤵
  PID:3600
- C:\Windows\System\CNhXWYt.exe
  C:\Windows\System\CNhXWYt.exe
  2⤵
  PID:3616
- C:\Windows\System\VMqQLUg.exe
  C:\Windows\System\VMqQLUg.exe
  2⤵
  PID:3632
- C:\Windows\System\BGxOdGy.exe
  C:\Windows\System\BGxOdGy.exe
  2⤵
  PID:3648
- C:\Windows\System\tiVURwU.exe
  C:\Windows\System\tiVURwU.exe
  2⤵
  PID:3664
- C:\Windows\System\udWRTQw.exe
  C:\Windows\System\udWRTQw.exe
  2⤵
  PID:3720
- C:\Windows\System\HzbgvcA.exe
  C:\Windows\System\HzbgvcA.exe
  2⤵
  PID:3768
- C:\Windows\System\YxyVCgV.exe
  C:\Windows\System\YxyVCgV.exe
  2⤵
  PID:3792
- C:\Windows\System\DDEQWGl.exe
  C:\Windows\System\DDEQWGl.exe
  2⤵
  PID:3808
- C:\Windows\System\DQGHSOX.exe
  C:\Windows\System\DQGHSOX.exe
  2⤵
  PID:3828
- C:\Windows\System\LWsMxAr.exe
  C:\Windows\System\LWsMxAr.exe
  2⤵
  PID:3848
- C:\Windows\System\fAQxpFY.exe
  C:\Windows\System\fAQxpFY.exe
  2⤵
  PID:3868
- C:\Windows\System\OQXWQyQ.exe
  C:\Windows\System\OQXWQyQ.exe
  2⤵
  PID:3888
- C:\Windows\System\xFEpYBM.exe
  C:\Windows\System\xFEpYBM.exe
  2⤵
  PID:3908
- C:\Windows\System\sToAyef.exe
  C:\Windows\System\sToAyef.exe
  2⤵
  PID:3932
- C:\Windows\System\LfRRXtz.exe
  C:\Windows\System\LfRRXtz.exe
  2⤵
  PID:3952
- C:\Windows\System\Qblqapi.exe
  C:\Windows\System\Qblqapi.exe
  2⤵
  PID:3968
- C:\Windows\System\zzBgcxQ.exe
  C:\Windows\System\zzBgcxQ.exe
  2⤵
  PID:3988
- C:\Windows\System\FBTkpNZ.exe
  C:\Windows\System\FBTkpNZ.exe
  2⤵
  PID:4012
- C:\Windows\System\zUdJSYO.exe
  C:\Windows\System\zUdJSYO.exe
  2⤵
  PID:4028
- C:\Windows\System\Qhplykk.exe
  C:\Windows\System\Qhplykk.exe
  2⤵
  PID:4048
- C:\Windows\System\gMsouSM.exe
  C:\Windows\System\gMsouSM.exe
  2⤵
  PID:4068
- C:\Windows\System\fpqEeZj.exe
  C:\Windows\System\fpqEeZj.exe
  2⤵
  PID:4088
- C:\Windows\System\bBDDwHg.exe
  C:\Windows\System\bBDDwHg.exe
  2⤵
  PID:2840
- C:\Windows\System\jsFyyal.exe
  C:\Windows\System\jsFyyal.exe
  2⤵
  PID:3040
- C:\Windows\System\iviErRO.exe
  C:\Windows\System\iviErRO.exe
  2⤵
  PID:1200
- C:\Windows\System\PVXFutY.exe
  C:\Windows\System\PVXFutY.exe
  2⤵
  PID:2464
- C:\Windows\System\BmGkONG.exe
  C:\Windows\System\BmGkONG.exe
  2⤵
  PID:1604
- C:\Windows\System\pbdazEE.exe
  C:\Windows\System\pbdazEE.exe
  2⤵
  PID:1904
- C:\Windows\System\RkCyKcn.exe
  C:\Windows\System\RkCyKcn.exe
  2⤵
  PID:3160
- C:\Windows\System\AauQuMp.exe
  C:\Windows\System\AauQuMp.exe
  2⤵
  PID:2148
- C:\Windows\System\xPwdUzu.exe
  C:\Windows\System\xPwdUzu.exe
  2⤵
  PID:2672
- C:\Windows\System\Eqqzxlu.exe
  C:\Windows\System\Eqqzxlu.exe
  2⤵
  PID:3108
- C:\Windows\System\mLIbGNm.exe
  C:\Windows\System\mLIbGNm.exe
  2⤵
  PID:3252
- C:\Windows\System\htQYbEX.exe
  C:\Windows\System\htQYbEX.exe
  2⤵
  PID:3280
- C:\Windows\System\DwClmSv.exe
  C:\Windows\System\DwClmSv.exe
  2⤵
  PID:3264
- C:\Windows\System\WdgIkvU.exe
  C:\Windows\System\WdgIkvU.exe
  2⤵
  PID:3328
- C:\Windows\System\GNNESCd.exe
  C:\Windows\System\GNNESCd.exe
  2⤵
  PID:3520
- C:\Windows\System\ohpVzkl.exe
  C:\Windows\System\ohpVzkl.exe
  2⤵
  PID:3660
- C:\Windows\System\YHqlOcw.exe
  C:\Windows\System\YHqlOcw.exe
  2⤵
  PID:3628
- C:\Windows\System\aoXcFzy.exe
  C:\Windows\System\aoXcFzy.exe
  2⤵
  PID:1576
- C:\Windows\System\HGhWatJ.exe
  C:\Windows\System\HGhWatJ.exe
  2⤵
  PID:2004
- C:\Windows\System\GEXhXGL.exe
  C:\Windows\System\GEXhXGL.exe
  2⤵
  PID:3112
- C:\Windows\System\iivdmNu.exe
  C:\Windows\System\iivdmNu.exe
  2⤵
  PID:3176
- C:\Windows\System\MSvNUzP.exe
  C:\Windows\System\MSvNUzP.exe
  2⤵
  PID:3436
- C:\Windows\System\FxzJRPc.exe
  C:\Windows\System\FxzJRPc.exe
  2⤵
  PID:3452
- C:\Windows\System\UYZMxbg.exe
  C:\Windows\System\UYZMxbg.exe
  2⤵
  PID:3472
- C:\Windows\System\IkYSwyi.exe
  C:\Windows\System\IkYSwyi.exe
  2⤵
  PID:3488
- C:\Windows\System\tAfpGRl.exe
  C:\Windows\System\tAfpGRl.exe
  2⤵
  PID:1472
- C:\Windows\System\TTVDhIR.exe
  C:\Windows\System\TTVDhIR.exe
  2⤵
  PID:3400
- C:\Windows\System\AKoAJue.exe
  C:\Windows\System\AKoAJue.exe
  2⤵
  PID:2384
- C:\Windows\System\enHMekz.exe
  C:\Windows\System\enHMekz.exe
  2⤵
  PID:2336
- C:\Windows\System\PvoxECb.exe
  C:\Windows\System\PvoxECb.exe
  2⤵
  PID:3312
- C:\Windows\System\lhMzXOO.exe
  C:\Windows\System\lhMzXOO.exe
  2⤵
  PID:3744
- C:\Windows\System\rUYIZTr.exe
  C:\Windows\System\rUYIZTr.exe
  2⤵
  PID:3572
- C:\Windows\System\vrCYdTo.exe
  C:\Windows\System\vrCYdTo.exe
  2⤵
  PID:3612
- C:\Windows\System\hFjcCDQ.exe
  C:\Windows\System\hFjcCDQ.exe
  2⤵
  PID:3676
- C:\Windows\System\mmeCBWO.exe
  C:\Windows\System\mmeCBWO.exe
  2⤵
  PID:3700
- C:\Windows\System\yCqphiO.exe
  C:\Windows\System\yCqphiO.exe
  2⤵
  PID:3716
- C:\Windows\System\wLiaxUt.exe
  C:\Windows\System\wLiaxUt.exe
  2⤵
  PID:2800
- C:\Windows\System\RNxLeFm.exe
  C:\Windows\System\RNxLeFm.exe
  2⤵
  PID:2780
- C:\Windows\System\lhUsYbO.exe
  C:\Windows\System\lhUsYbO.exe
  2⤵
  PID:2300
- C:\Windows\System\tYugUIE.exe
  C:\Windows\System\tYugUIE.exe
  2⤵
  PID:3800
- C:\Windows\System\zrSqnMz.exe
  C:\Windows\System\zrSqnMz.exe
  2⤵
  PID:3824
- C:\Windows\System\hlogvgi.exe
  C:\Windows\System\hlogvgi.exe
  2⤵
  PID:3840
- C:\Windows\System\ViqrEEN.exe
  C:\Windows\System\ViqrEEN.exe
  2⤵
  PID:2288
- C:\Windows\System\fcFNoEw.exe
  C:\Windows\System\fcFNoEw.exe
  2⤵
  PID:3880
- C:\Windows\System\GHMnjiL.exe
  C:\Windows\System\GHMnjiL.exe
  2⤵
  PID:3904
- C:\Windows\System\atWzrmh.exe
  C:\Windows\System\atWzrmh.exe
  2⤵
  PID:3940
- C:\Windows\System\ZpjwpcY.exe
  C:\Windows\System\ZpjwpcY.exe
  2⤵
  PID:2788
- C:\Windows\System\rpQVbNl.exe
  C:\Windows\System\rpQVbNl.exe
  2⤵
  PID:3964
- C:\Windows\System\UiyiwCY.exe
  C:\Windows\System\UiyiwCY.exe
  2⤵
  PID:1836
- C:\Windows\System\iXvrQyD.exe
  C:\Windows\System\iXvrQyD.exe
  2⤵
  PID:4000
- C:\Windows\System\QXMDOnD.exe
  C:\Windows\System\QXMDOnD.exe
  2⤵
  PID:4024
- C:\Windows\System\FaNdLDQ.exe
  C:\Windows\System\FaNdLDQ.exe
  2⤵
  PID:280
- C:\Windows\System\VcrjmJv.exe
  C:\Windows\System\VcrjmJv.exe
  2⤵
  PID:4076
- C:\Windows\System\VIiHxvq.exe
  C:\Windows\System\VIiHxvq.exe
  2⤵
  PID:4084
- C:\Windows\System\CAhhhcf.exe
  C:\Windows\System\CAhhhcf.exe
  2⤵
  PID:332
- C:\Windows\System\rYlgySS.exe
  C:\Windows\System\rYlgySS.exe
  2⤵
  PID:1612
- C:\Windows\System\jJJDeVZ.exe
  C:\Windows\System\jJJDeVZ.exe
  2⤵
  PID:2480
- C:\Windows\System\dQRAEuH.exe
  C:\Windows\System\dQRAEuH.exe
  2⤵
  PID:2628
- C:\Windows\System\vKvNlYP.exe
  C:\Windows\System\vKvNlYP.exe
  2⤵
  PID:3096
- C:\Windows\System\CsZDbIm.exe
  C:\Windows\System\CsZDbIm.exe
  2⤵
  PID:2644
- C:\Windows\System\sMZlHou.exe
  C:\Windows\System\sMZlHou.exe
  2⤵
  PID:1932
- C:\Windows\System\vPIjYLt.exe
  C:\Windows\System\vPIjYLt.exe
  2⤵
  PID:3172
- C:\Windows\System\bzVKfTr.exe
  C:\Windows\System\bzVKfTr.exe
  2⤵
  PID:3232
- C:\Windows\System\KsaVHfR.exe
  C:\Windows\System\KsaVHfR.exe
  2⤵
  PID:3468
- C:\Windows\System\CHnYGmU.exe
  C:\Windows\System\CHnYGmU.exe
  2⤵
  PID:3580
- C:\Windows\System\OYFAfyd.exe
  C:\Windows\System\OYFAfyd.exe
  2⤵
  PID:3728
- C:\Windows\System\IBynsvW.exe
  C:\Windows\System\IBynsvW.exe
  2⤵
  PID:1564
- C:\Windows\System\ZoduXZo.exe
  C:\Windows\System\ZoduXZo.exe
  2⤵
  PID:3864
- C:\Windows\System\WiYJgFI.exe
  C:\Windows\System\WiYJgFI.exe
  2⤵
  PID:3980
- C:\Windows\System\FVhcPkR.exe
  C:\Windows\System\FVhcPkR.exe
  2⤵
  PID:4040
- C:\Windows\System\QsYKLFe.exe
  C:\Windows\System\QsYKLFe.exe
  2⤵
  PID:2976
- C:\Windows\System\GgCtlyH.exe
  C:\Windows\System\GgCtlyH.exe
  2⤵
  PID:1792
- C:\Windows\System\eZpxuvD.exe
  C:\Windows\System\eZpxuvD.exe
  2⤵
  PID:3188
- C:\Windows\System\lCNHEZy.exe
  C:\Windows\System\lCNHEZy.exe
  2⤵
  PID:3916
- C:\Windows\System\gvUnoBC.exe
  C:\Windows\System\gvUnoBC.exe
  2⤵
  PID:3076
- C:\Windows\System\Tpjbxxc.exe
  C:\Windows\System\Tpjbxxc.exe
  2⤵
  PID:2044
- C:\Windows\System\eyfyjUb.exe
  C:\Windows\System\eyfyjUb.exe
  2⤵
  PID:3644
- C:\Windows\System\QobiULr.exe
  C:\Windows\System\QobiULr.exe
  2⤵
  PID:2340
- C:\Windows\System\QjkXPRk.exe
  C:\Windows\System\QjkXPRk.exe
  2⤵
  PID:3844
- C:\Windows\System\DFKrMhO.exe
  C:\Windows\System\DFKrMhO.exe
  2⤵
  PID:3924
- C:\Windows\System\vPWbzWr.exe
  C:\Windows\System\vPWbzWr.exe
  2⤵
  PID:3996
- C:\Windows\System\naBzChv.exe
  C:\Windows\System\naBzChv.exe
  2⤵
  PID:4044
- C:\Windows\System\YxJKJoz.exe
  C:\Windows\System\YxJKJoz.exe
  2⤵
  PID:1540
- C:\Windows\System\OiDbkoX.exe
  C:\Windows\System\OiDbkoX.exe
  2⤵
  PID:3296
- C:\Windows\System\Avbxkyf.exe
  C:\Windows\System\Avbxkyf.exe
  2⤵
  PID:3332
- C:\Windows\System\vpyPqDF.exe
  C:\Windows\System\vpyPqDF.exe
  2⤵
  PID:3316
- C:\Windows\System\Profjvd.exe
  C:\Windows\System\Profjvd.exe
  2⤵
  PID:2668
- C:\Windows\System\oqXzkNW.exe
  C:\Windows\System\oqXzkNW.exe
  2⤵
  PID:2916
- C:\Windows\System\dTmTUAy.exe
  C:\Windows\System\dTmTUAy.exe
  2⤵
  PID:796
- C:\Windows\System\mhbWsHY.exe
  C:\Windows\System\mhbWsHY.exe
  2⤵
  PID:3080
- C:\Windows\System\VlumOrc.exe
  C:\Windows\System\VlumOrc.exe
  2⤵
  PID:2792
- C:\Windows\System\JtKSkjZ.exe
  C:\Windows\System\JtKSkjZ.exe
  2⤵
  PID:3508
- C:\Windows\System\NppQOXO.exe
  C:\Windows\System\NppQOXO.exe
  2⤵
  PID:1936
- C:\Windows\System\PxgqkqT.exe
  C:\Windows\System\PxgqkqT.exe
  2⤵
  PID:3760
- C:\Windows\System\rrYCONw.exe
  C:\Windows\System\rrYCONw.exe
  2⤵
  PID:2160
- C:\Windows\System\otQOeVp.exe
  C:\Windows\System\otQOeVp.exe
  2⤵
  PID:3896
- C:\Windows\System\dfpmThA.exe
  C:\Windows\System\dfpmThA.exe
  2⤵
  PID:3672
- C:\Windows\System\fTGGJBI.exe
  C:\Windows\System\fTGGJBI.exe
  2⤵
  PID:3944
- C:\Windows\System\oQUsHxw.exe
  C:\Windows\System\oQUsHxw.exe
  2⤵
  PID:3060
- C:\Windows\System\OfGfsZG.exe
  C:\Windows\System\OfGfsZG.exe
  2⤵
  PID:2688
- C:\Windows\System\ZyIREMn.exe
  C:\Windows\System\ZyIREMn.exe
  2⤵
  PID:2872
- C:\Windows\System\QXlirAT.exe
  C:\Windows\System\QXlirAT.exe
  2⤵
  PID:3816
- C:\Windows\System\AUmiqRP.exe
  C:\Windows\System\AUmiqRP.exe
  2⤵
  PID:2308
- C:\Windows\System\IXMPocQ.exe
  C:\Windows\System\IXMPocQ.exe
  2⤵
  PID:2032
- C:\Windows\System\KCeWcxD.exe
  C:\Windows\System\KCeWcxD.exe
  2⤵
  PID:3540
- C:\Windows\System\alwGzVL.exe
  C:\Windows\System\alwGzVL.exe
  2⤵
  PID:3544
- C:\Windows\System\CZapKcV.exe
  C:\Windows\System\CZapKcV.exe
  2⤵
  PID:4008
- C:\Windows\System\VAlLWxG.exe
  C:\Windows\System\VAlLWxG.exe
  2⤵
  PID:1408
- C:\Windows\System\HfUgTwv.exe
  C:\Windows\System\HfUgTwv.exe
  2⤵
  PID:3416
- C:\Windows\System\VpedyAS.exe
  C:\Windows\System\VpedyAS.exe
  2⤵
  PID:1876
- C:\Windows\System\pINAuyL.exe
  C:\Windows\System\pINAuyL.exe
  2⤵
  PID:3960
- C:\Windows\System\FJtoUhT.exe
  C:\Windows\System\FJtoUhT.exe
  2⤵
  PID:2332
- C:\Windows\System\vNadBbc.exe
  C:\Windows\System\vNadBbc.exe
  2⤵
  PID:2028
- C:\Windows\System\JHgPkys.exe
  C:\Windows\System\JHgPkys.exe
  2⤵
  PID:1636
- C:\Windows\System\CWSWuMk.exe
  C:\Windows\System\CWSWuMk.exe
  2⤵
  PID:3424
- C:\Windows\System\jRogXkV.exe
  C:\Windows\System\jRogXkV.exe
  2⤵
  PID:3776
- C:\Windows\System\zNXDVXO.exe
  C:\Windows\System\zNXDVXO.exe
  2⤵
  PID:3344
- C:\Windows\System\qWkSnnV.exe
  C:\Windows\System\qWkSnnV.exe
  2⤵
  PID:1892
- C:\Windows\System\zmTVsVR.exe
  C:\Windows\System\zmTVsVR.exe
  2⤵
  PID:4100
- C:\Windows\System\wTAazdT.exe
  C:\Windows\System\wTAazdT.exe
  2⤵
  PID:4116
- C:\Windows\System\pylzcgc.exe
  C:\Windows\System\pylzcgc.exe
  2⤵
  PID:4132
- C:\Windows\System\DpCTfcI.exe
  C:\Windows\System\DpCTfcI.exe
  2⤵
  PID:4148
- C:\Windows\System\NXDZDXO.exe
  C:\Windows\System\NXDZDXO.exe
  2⤵
  PID:4164
- C:\Windows\System\XDcrHhX.exe
  C:\Windows\System\XDcrHhX.exe
  2⤵
  PID:4180
- C:\Windows\System\ZgtiiqE.exe
  C:\Windows\System\ZgtiiqE.exe
  2⤵
  PID:4196
- C:\Windows\System\gOOXbUP.exe
  C:\Windows\System\gOOXbUP.exe
  2⤵
  PID:4212
- C:\Windows\System\bXsSxVt.exe
  C:\Windows\System\bXsSxVt.exe
  2⤵
  PID:4228
- C:\Windows\System\egKwgAo.exe
  C:\Windows\System\egKwgAo.exe
  2⤵
  PID:4244
- C:\Windows\System\HOhbdtV.exe
  C:\Windows\System\HOhbdtV.exe
  2⤵
  PID:4260
- C:\Windows\System\WAuraDd.exe
  C:\Windows\System\WAuraDd.exe
  2⤵
  PID:4276
- C:\Windows\System\bstMIAI.exe
  C:\Windows\System\bstMIAI.exe
  2⤵
  PID:4292
- C:\Windows\System\TrMsWGj.exe
  C:\Windows\System\TrMsWGj.exe
  2⤵
  PID:4308
- C:\Windows\System\jdzGsyU.exe
  C:\Windows\System\jdzGsyU.exe
  2⤵
  PID:4328
- C:\Windows\System\yqAtYvk.exe
  C:\Windows\System\yqAtYvk.exe
  2⤵
  PID:4344
- C:\Windows\System\WPTjmzQ.exe
  C:\Windows\System\WPTjmzQ.exe
  2⤵
  PID:4360
- C:\Windows\System\PYiIXEh.exe
  C:\Windows\System\PYiIXEh.exe
  2⤵
  PID:4380
- C:\Windows\System\ahThBSC.exe
  C:\Windows\System\ahThBSC.exe
  2⤵
  PID:4396
- C:\Windows\System\FyxXSjg.exe
  C:\Windows\System\FyxXSjg.exe
  2⤵
  PID:4412
- C:\Windows\System\AMkbyZj.exe
  C:\Windows\System\AMkbyZj.exe
  2⤵
  PID:4428
- C:\Windows\System\FlULxAN.exe
  C:\Windows\System\FlULxAN.exe
  2⤵
  PID:4444
- C:\Windows\System\FQqTjNr.exe
  C:\Windows\System\FQqTjNr.exe
  2⤵
  PID:4460
- C:\Windows\System\QZQPNqr.exe
  C:\Windows\System\QZQPNqr.exe
  2⤵
  PID:4476
- C:\Windows\System\hEZcWqz.exe
  C:\Windows\System\hEZcWqz.exe
  2⤵
  PID:4492
- C:\Windows\System\gQyEQZJ.exe
  C:\Windows\System\gQyEQZJ.exe
  2⤵
  PID:4616
- C:\Windows\System\BVxMtbr.exe
  C:\Windows\System\BVxMtbr.exe
  2⤵
  PID:4632
- C:\Windows\System\AwsTJBI.exe
  C:\Windows\System\AwsTJBI.exe
  2⤵
  PID:4648
- C:\Windows\System\oSjIznb.exe
  C:\Windows\System\oSjIznb.exe
  2⤵
  PID:4668
- C:\Windows\System\yuwuzUL.exe
  C:\Windows\System\yuwuzUL.exe
  2⤵
  PID:4688
- C:\Windows\System\aXzbQdn.exe
  C:\Windows\System\aXzbQdn.exe
  2⤵
  PID:4712
- C:\Windows\System\LqjcwjN.exe
  C:\Windows\System\LqjcwjN.exe
  2⤵
  PID:4736
- C:\Windows\System\sFvOTcp.exe
  C:\Windows\System\sFvOTcp.exe
  2⤵
  PID:4756
- C:\Windows\System\ClQxTbp.exe
  C:\Windows\System\ClQxTbp.exe
  2⤵
  PID:4772
- C:\Windows\System\URDjpxn.exe
  C:\Windows\System\URDjpxn.exe
  2⤵
  PID:4816
- C:\Windows\System\MdhHpOK.exe
  C:\Windows\System\MdhHpOK.exe
  2⤵
  PID:4832
- C:\Windows\System\yxPznex.exe
  C:\Windows\System\yxPznex.exe
  2⤵
  PID:4852
- C:\Windows\System\OQScZQH.exe
  C:\Windows\System\OQScZQH.exe
  2⤵
  PID:4876
- C:\Windows\System\QXxZcAs.exe
  C:\Windows\System\QXxZcAs.exe
  2⤵
  PID:4908
- C:\Windows\System\xpchtij.exe
  C:\Windows\System\xpchtij.exe
  2⤵
  PID:4932
- C:\Windows\System\YwRpMqq.exe
  C:\Windows\System\YwRpMqq.exe
  2⤵
  PID:4948
- C:\Windows\System\EEDnEeF.exe
  C:\Windows\System\EEDnEeF.exe
  2⤵
  PID:4964
- C:\Windows\System\xdLDGIi.exe
  C:\Windows\System\xdLDGIi.exe
  2⤵
  PID:5012
- C:\Windows\System\UUVSPhY.exe
  C:\Windows\System\UUVSPhY.exe
  2⤵
  PID:5028
- C:\Windows\System\ZgMYWUo.exe
  C:\Windows\System\ZgMYWUo.exe
  2⤵
  PID:5044
- C:\Windows\System\KoztChs.exe
  C:\Windows\System\KoztChs.exe
  2⤵
  PID:5060
- C:\Windows\System\vZIJZaV.exe
  C:\Windows\System\vZIJZaV.exe
  2⤵
  PID:5076
- C:\Windows\System\JWDVsTC.exe
  C:\Windows\System\JWDVsTC.exe
  2⤵
  PID:5092
- C:\Windows\System\KbWhiLL.exe
  C:\Windows\System\KbWhiLL.exe
  2⤵
  PID:5108
- C:\Windows\System\aoNVFzd.exe
  C:\Windows\System\aoNVFzd.exe
  2⤵
  PID:1432
- C:\Windows\System\GKkFkyd.exe
  C:\Windows\System\GKkFkyd.exe
  2⤵
  PID:4128
- C:\Windows\System\yxhRhPa.exe
  C:\Windows\System\yxhRhPa.exe
  2⤵
  PID:1784
- C:\Windows\System\JVWtkzv.exe
  C:\Windows\System\JVWtkzv.exe
  2⤵
  PID:4188
- C:\Windows\System\jQqNnMI.exe
  C:\Windows\System\jQqNnMI.exe
  2⤵
  PID:1992
- C:\Windows\System\ADSiuHO.exe
  C:\Windows\System\ADSiuHO.exe
  2⤵
  PID:1728
- C:\Windows\System\GaZJAiZ.exe
  C:\Windows\System\GaZJAiZ.exe
  2⤵
  PID:4176
- C:\Windows\System\dPUNMtF.exe
  C:\Windows\System\dPUNMtF.exe
  2⤵
  PID:4488
- C:\Windows\System\xepbkBS.exe
  C:\Windows\System\xepbkBS.exe
  2⤵
  PID:4440
- C:\Windows\System\jWhkXsh.exe
  C:\Windows\System\jWhkXsh.exe
  2⤵
  PID:4340
- C:\Windows\System\sexAWFg.exe
  C:\Windows\System\sexAWFg.exe
  2⤵
  PID:4452
- C:\Windows\System\qQuHHJW.exe
  C:\Windows\System\qQuHHJW.exe
  2⤵
  PID:4336
- C:\Windows\System\pDPvJrw.exe
  C:\Windows\System\pDPvJrw.exe
  2⤵
  PID:4484
- C:\Windows\System\tIPeivU.exe
  C:\Windows\System\tIPeivU.exe
  2⤵
  PID:4324
- C:\Windows\System\FtxkJPx.exe
  C:\Windows\System\FtxkJPx.exe
  2⤵
  PID:4208
- C:\Windows\System\VIaiZrP.exe
  C:\Windows\System\VIaiZrP.exe
  2⤵
  PID:4220
- C:\Windows\System\vDfzPNY.exe
  C:\Windows\System\vDfzPNY.exe
  2⤵
  PID:4236
- C:\Windows\System\tIjDPfM.exe
  C:\Windows\System\tIjDPfM.exe
  2⤵
  PID:4516
- C:\Windows\System\xaMOZYo.exe
  C:\Windows\System\xaMOZYo.exe
  2⤵
  PID:4528
- C:\Windows\System\RWDDQRk.exe
  C:\Windows\System\RWDDQRk.exe
  2⤵
  PID:4536
- C:\Windows\System\UZJblgq.exe
  C:\Windows\System\UZJblgq.exe
  2⤵
  PID:1944
- C:\Windows\System\qIDrzlO.exe
  C:\Windows\System\qIDrzlO.exe
  2⤵
  PID:4572
- C:\Windows\System\HjDuGuG.exe
  C:\Windows\System\HjDuGuG.exe
  2⤵
  PID:1940
- C:\Windows\System\XCPxKxm.exe
  C:\Windows\System\XCPxKxm.exe
  2⤵
  PID:4664
- C:\Windows\System\dZsumBw.exe
  C:\Windows\System\dZsumBw.exe
  2⤵
  PID:4696
- C:\Windows\System\mLTdEXf.exe
  C:\Windows\System\mLTdEXf.exe
  2⤵
  PID:4812
- C:\Windows\System\dDIqOWc.exe
  C:\Windows\System\dDIqOWc.exe
  2⤵
  PID:4840
- C:\Windows\System\JNTkNYG.exe
  C:\Windows\System\JNTkNYG.exe
  2⤵
  PID:4904
- C:\Windows\System\WFXyCZJ.exe
  C:\Windows\System\WFXyCZJ.exe
  2⤵
  PID:4860
- C:\Windows\System\AsXgTJI.exe
  C:\Windows\System\AsXgTJI.exe
  2⤵
  PID:4920
- C:\Windows\System\iTShpKj.exe
  C:\Windows\System\iTShpKj.exe
  2⤵
  PID:5024
- C:\Windows\System\NWgcXzi.exe
  C:\Windows\System\NWgcXzi.exe
  2⤵
  PID:4160
- C:\Windows\System\pOwpaRJ.exe
  C:\Windows\System\pOwpaRJ.exe
  2⤵
  PID:4036
- C:\Windows\System\XOPbzxj.exe
  C:\Windows\System\XOPbzxj.exe
  2⤵
  PID:4140
- C:\Windows\System\yBqBRWe.exe
  C:\Windows\System\yBqBRWe.exe
  2⤵
  PID:2656
- C:\Windows\System\OoPlVAp.exe
  C:\Windows\System\OoPlVAp.exe
  2⤵
  PID:4420
- C:\Windows\System\rsmYmws.exe
  C:\Windows\System\rsmYmws.exe
  2⤵
  PID:4468
- C:\Windows\System\wmiSsnu.exe
  C:\Windows\System\wmiSsnu.exe
  2⤵
  PID:1960
- C:\Windows\System\LrNTlGk.exe
  C:\Windows\System\LrNTlGk.exe
  2⤵
  PID:4548
- C:\Windows\System\PRnFIUh.exe
  C:\Windows\System\PRnFIUh.exe
  2⤵
  PID:4356
- C:\Windows\System\TIJEgpY.exe
  C:\Windows\System\TIJEgpY.exe
  2⤵
  PID:4576
- C:\Windows\System\BwwUXkp.exe
  C:\Windows\System\BwwUXkp.exe
  2⤵
  PID:4580
- C:\Windows\System\KBIgryE.exe
  C:\Windows\System\KBIgryE.exe
  2⤵
  PID:1748
- C:\Windows\System\ZcFAKeE.exe
  C:\Windows\System\ZcFAKeE.exe
  2⤵
  PID:4604
- C:\Windows\System\vLKOplC.exe
  C:\Windows\System\vLKOplC.exe
  2⤵
  PID:4680
- C:\Windows\System\pSQtONX.exe
  C:\Windows\System\pSQtONX.exe
  2⤵
  PID:4684
- C:\Windows\System\FgcXyju.exe
  C:\Windows\System\FgcXyju.exe
  2⤵
  PID:4732
- C:\Windows\System\aTmtSPA.exe
  C:\Windows\System\aTmtSPA.exe
  2⤵
  PID:4780
- C:\Windows\System\GOVBBwB.exe
  C:\Windows\System\GOVBBwB.exe
  2⤵
  PID:4700
- C:\Windows\System\hXeWdSB.exe
  C:\Windows\System\hXeWdSB.exe
  2⤵
  PID:5020
- C:\Windows\System\yyXosXg.exe
  C:\Windows\System\yyXosXg.exe
  2⤵
  PID:4984
- C:\Windows\System\BLOzhgK.exe
  C:\Windows\System\BLOzhgK.exe
  2⤵
  PID:4900
- C:\Windows\System\PKHqYks.exe
  C:\Windows\System\PKHqYks.exe
  2⤵
  PID:5116
- C:\Windows\System\TMhvUSe.exe
  C:\Windows\System\TMhvUSe.exe
  2⤵
  PID:4980
- C:\Windows\System\tXmMVRB.exe
  C:\Windows\System\tXmMVRB.exe
  2⤵
  PID:5072
- C:\Windows\System\CMLeAtX.exe
  C:\Windows\System\CMLeAtX.exe
  2⤵
  PID:5008
- C:\Windows\System\lsRixfS.exe
  C:\Windows\System\lsRixfS.exe
  2⤵
  PID:5040
- C:\Windows\System\cpkGxKh.exe
  C:\Windows\System\cpkGxKh.exe
  2⤵
  PID:848
- C:\Windows\System\tpKpHXK.exe
  C:\Windows\System\tpKpHXK.exe
  2⤵
  PID:4192
- C:\Windows\System\YugMZmB.exe
  C:\Windows\System\YugMZmB.exe
  2⤵
  PID:4788
- C:\Windows\System\WAhTKby.exe
  C:\Windows\System\WAhTKby.exe
  2⤵
  PID:4608
- C:\Windows\System\AQdNxOe.exe
  C:\Windows\System\AQdNxOe.exe
  2⤵
  PID:4520
- C:\Windows\System\AuxFtKW.exe
  C:\Windows\System\AuxFtKW.exe
  2⤵
  PID:4656
- C:\Windows\System\BKXVEAG.exe
  C:\Windows\System\BKXVEAG.exe
  2⤵
  PID:4268
- C:\Windows\System\ZCdiSmk.exe
  C:\Windows\System\ZCdiSmk.exe
  2⤵
  PID:4792
- C:\Windows\System\lNWqdLk.exe
  C:\Windows\System\lNWqdLk.exe
  2⤵
  PID:4796
- C:\Windows\System\LgzRCra.exe
  C:\Windows\System\LgzRCra.exe
  2⤵
  PID:4888
- C:\Windows\System\bzINnLC.exe
  C:\Windows\System\bzINnLC.exe
  2⤵
  PID:4956
- C:\Windows\System\RTskGll.exe
  C:\Windows\System\RTskGll.exe
  2⤵
  PID:4916
- C:\Windows\System\duYlOQc.exe
  C:\Windows\System\duYlOQc.exe
  2⤵
  PID:4808
- C:\Windows\System\KdHgzLl.exe
  C:\Windows\System\KdHgzLl.exe
  2⤵
  PID:5036
- C:\Windows\System\BWgGVyL.exe
  C:\Windows\System\BWgGVyL.exe
  2⤵
  PID:4500
- C:\Windows\System\LdoUJJm.exe
  C:\Windows\System\LdoUJJm.exe
  2⤵
  PID:352
- C:\Windows\System\agTklVf.exe
  C:\Windows\System\agTklVf.exe
  2⤵
  PID:4720
- C:\Windows\System\cZUNzZn.exe
  C:\Windows\System\cZUNzZn.exe
  2⤵
  PID:4252
- C:\Windows\System\lLxbMSx.exe
  C:\Windows\System\lLxbMSx.exe
  2⤵
  PID:3212
- C:\Windows\System\jKEfpDW.exe
  C:\Windows\System\jKEfpDW.exe
  2⤵
  PID:4108
- C:\Windows\System\IUJXtcM.exe
  C:\Windows\System\IUJXtcM.exe
  2⤵
  PID:3124
- C:\Windows\System\TmFkTeu.exe
  C:\Windows\System\TmFkTeu.exe
  2⤵
  PID:4288
- C:\Windows\System\PlfMBng.exe
  C:\Windows\System\PlfMBng.exe
  2⤵
  PID:2024
- C:\Windows\System\sJZfEgX.exe
  C:\Windows\System\sJZfEgX.exe
  2⤵
  PID:4896
- C:\Windows\System\bnZJRth.exe
  C:\Windows\System\bnZJRth.exe
  2⤵
  PID:4996
- C:\Windows\System\OSPWtmn.exe
  C:\Windows\System\OSPWtmn.exe
  2⤵
  PID:5136
- C:\Windows\System\jvrkpvi.exe
  C:\Windows\System\jvrkpvi.exe
  2⤵
  PID:5152
- C:\Windows\System\xbmweIN.exe
  C:\Windows\System\xbmweIN.exe
  2⤵
  PID:5168
- C:\Windows\System\fPaVuTf.exe
  C:\Windows\System\fPaVuTf.exe
  2⤵
  PID:5184
- C:\Windows\System\ABnjgfP.exe
  C:\Windows\System\ABnjgfP.exe
  2⤵
  PID:5200
- C:\Windows\System\DoweZSH.exe
  C:\Windows\System\DoweZSH.exe
  2⤵
  PID:5216
- C:\Windows\System\ZZKbDuG.exe
  C:\Windows\System\ZZKbDuG.exe
  2⤵
  PID:5236
- C:\Windows\System\bCnVaQL.exe
  C:\Windows\System\bCnVaQL.exe
  2⤵
  PID:5252
- C:\Windows\System\FyHbtDK.exe
  C:\Windows\System\FyHbtDK.exe
  2⤵
  PID:5268
- C:\Windows\System\JbkDtpe.exe
  C:\Windows\System\JbkDtpe.exe
  2⤵
  PID:5312
- C:\Windows\System\AcUZdSe.exe
  C:\Windows\System\AcUZdSe.exe
  2⤵
  PID:5328
- C:\Windows\System\KSwXfWe.exe
  C:\Windows\System\KSwXfWe.exe
  2⤵
  PID:5344
- C:\Windows\System\sHjveEw.exe
  C:\Windows\System\sHjveEw.exe
  2⤵
  PID:5360
- C:\Windows\System\LABWywe.exe
  C:\Windows\System\LABWywe.exe
  2⤵
  PID:5380
- C:\Windows\System\OdKtFWS.exe
  C:\Windows\System\OdKtFWS.exe
  2⤵
  PID:5396
- C:\Windows\System\jlijSLw.exe
  C:\Windows\System\jlijSLw.exe
  2⤵
  PID:5420
- C:\Windows\System\LEhLfrG.exe
  C:\Windows\System\LEhLfrG.exe
  2⤵
  PID:5488
- C:\Windows\System\jplKfXB.exe
  C:\Windows\System\jplKfXB.exe
  2⤵
  PID:5508
- C:\Windows\System\dXYxOly.exe
  C:\Windows\System\dXYxOly.exe
  2⤵
  PID:5524
- C:\Windows\System\vjwtgyv.exe
  C:\Windows\System\vjwtgyv.exe
  2⤵
  PID:5540
- C:\Windows\System\Xfhxipb.exe
  C:\Windows\System\Xfhxipb.exe
  2⤵
  PID:5556
- C:\Windows\System\BqqaHTO.exe
  C:\Windows\System\BqqaHTO.exe
  2⤵
  PID:5572
- C:\Windows\System\liQmBBp.exe
  C:\Windows\System\liQmBBp.exe
  2⤵
  PID:5588
- C:\Windows\System\fhFaNBv.exe
  C:\Windows\System\fhFaNBv.exe
  2⤵
  PID:5608
- C:\Windows\System\jZRlCVu.exe
  C:\Windows\System\jZRlCVu.exe
  2⤵
  PID:5624
- C:\Windows\System\hoGklAC.exe
  C:\Windows\System\hoGklAC.exe
  2⤵
  PID:5640
- C:\Windows\System\zbRmElE.exe
  C:\Windows\System\zbRmElE.exe
  2⤵
  PID:5656
- C:\Windows\System\bWfkqjB.exe
  C:\Windows\System\bWfkqjB.exe
  2⤵
  PID:5672
- C:\Windows\System\SoEVIaU.exe
  C:\Windows\System\SoEVIaU.exe
  2⤵
  PID:5688
- C:\Windows\System\EsbNegy.exe
  C:\Windows\System\EsbNegy.exe
  2⤵
  PID:5704
- C:\Windows\System\UZUsUdi.exe
  C:\Windows\System\UZUsUdi.exe
  2⤵
  PID:5720
- C:\Windows\System\kAmXCaR.exe
  C:\Windows\System\kAmXCaR.exe
  2⤵
  PID:5736
- C:\Windows\System\XSLSlNk.exe
  C:\Windows\System\XSLSlNk.exe
  2⤵
  PID:5756
- C:\Windows\System\WGBVGqh.exe
  C:\Windows\System\WGBVGqh.exe
  2⤵
  PID:5772
- C:\Windows\System\gExuqhM.exe
  C:\Windows\System\gExuqhM.exe
  2⤵
  PID:5788
- C:\Windows\System\ulmRCiO.exe
  C:\Windows\System\ulmRCiO.exe
  2⤵
  PID:5804
- C:\Windows\System\biEBmok.exe
  C:\Windows\System\biEBmok.exe
  2⤵
  PID:5820
- C:\Windows\System\sZCiKlC.exe
  C:\Windows\System\sZCiKlC.exe
  2⤵
  PID:5836
- C:\Windows\System\ZiecTDk.exe
  C:\Windows\System\ZiecTDk.exe
  2⤵
  PID:5856
- C:\Windows\System\oyIwsrd.exe
  C:\Windows\System\oyIwsrd.exe
  2⤵
  PID:5872
- C:\Windows\System\zVfydCE.exe
  C:\Windows\System\zVfydCE.exe
  2⤵
  PID:5888
- C:\Windows\System\lZvyfoX.exe
  C:\Windows\System\lZvyfoX.exe
  2⤵
  PID:5904
- C:\Windows\System\LQpiQLn.exe
  C:\Windows\System\LQpiQLn.exe
  2⤵
  PID:5920
- C:\Windows\System\ZyuOvIH.exe
  C:\Windows\System\ZyuOvIH.exe
  2⤵
  PID:5940
- C:\Windows\System\RtJlGEX.exe
  C:\Windows\System\RtJlGEX.exe
  2⤵
  PID:5964
- C:\Windows\System\kYZNUuo.exe
  C:\Windows\System\kYZNUuo.exe
  2⤵
  PID:5980
- C:\Windows\System\DSYCXxj.exe
  C:\Windows\System\DSYCXxj.exe
  2⤵
  PID:5996
- C:\Windows\System\SkLOCjX.exe
  C:\Windows\System\SkLOCjX.exe
  2⤵
  PID:6012
- C:\Windows\System\YveFENE.exe
  C:\Windows\System\YveFENE.exe
  2⤵
  PID:6028
- C:\Windows\System\HjxDFxu.exe
  C:\Windows\System\HjxDFxu.exe
  2⤵
  PID:6044
- C:\Windows\System\cVvDjAR.exe
  C:\Windows\System\cVvDjAR.exe
  2⤵
  PID:6060
- C:\Windows\System\ahoUdaO.exe
  C:\Windows\System\ahoUdaO.exe
  2⤵
  PID:6080
- C:\Windows\System\raRuKcS.exe
  C:\Windows\System\raRuKcS.exe
  2⤵
  PID:4424
- C:\Windows\System\pYmwjJY.exe
  C:\Windows\System\pYmwjJY.exe
  2⤵
  PID:5100
- C:\Windows\System\sWuzxEA.exe
  C:\Windows\System\sWuzxEA.exe
  2⤵
  PID:5124
- C:\Windows\System\HcMkrim.exe
  C:\Windows\System\HcMkrim.exe
  2⤵
  PID:5192
- C:\Windows\System\YLEyBjR.exe
  C:\Windows\System\YLEyBjR.exe
  2⤵
  PID:5280
- C:\Windows\System\xvkOwiB.exe
  C:\Windows\System\xvkOwiB.exe
  2⤵
  PID:5292
- C:\Windows\System\qrqvgBM.exe
  C:\Windows\System\qrqvgBM.exe
  2⤵
  PID:5264
- C:\Windows\System\GztkyLg.exe
  C:\Windows\System\GztkyLg.exe
  2⤵
  PID:5340
- C:\Windows\System\atVDhRx.exe
  C:\Windows\System\atVDhRx.exe
  2⤵
  PID:5404
- C:\Windows\System\FCkOyJj.exe
  C:\Windows\System\FCkOyJj.exe
  2⤵
  PID:5416
- C:\Windows\System\HNuJxam.exe
  C:\Windows\System\HNuJxam.exe
  2⤵
  PID:5444
- C:\Windows\System\slRFUDn.exe
  C:\Windows\System\slRFUDn.exe
  2⤵
  PID:5468
- C:\Windows\System\wRYWPhA.exe
  C:\Windows\System\wRYWPhA.exe
  2⤵
  PID:5440
- C:\Windows\System\HRtgrpx.exe
  C:\Windows\System\HRtgrpx.exe
  2⤵
  PID:5532
- C:\Windows\System\PthOUuf.exe
  C:\Windows\System\PthOUuf.exe
  2⤵
  PID:5564
- C:\Windows\System\UaGvLtL.exe
  C:\Windows\System\UaGvLtL.exe
  2⤵
  PID:5604
- C:\Windows\System\PKGYvMY.exe
  C:\Windows\System\PKGYvMY.exe
  2⤵
  PID:5516
- C:\Windows\System\nCCnndO.exe
  C:\Windows\System\nCCnndO.exe
  2⤵
  PID:5832
- C:\Windows\System\EiGupmA.exe
  C:\Windows\System\EiGupmA.exe
  2⤵
  PID:5932
- C:\Windows\System\aCLwSGL.exe
  C:\Windows\System\aCLwSGL.exe
  2⤵
  PID:5548
- C:\Windows\System\sMTvvRL.exe
  C:\Windows\System\sMTvvRL.exe
  2⤵
  PID:5976
- C:\Windows\System\oXUoSda.exe
  C:\Windows\System\oXUoSda.exe
  2⤵
  PID:5616
- C:\Windows\System\DayEGNr.exe
  C:\Windows\System\DayEGNr.exe
  2⤵
  PID:5684
- C:\Windows\System\TQHiuUY.exe
  C:\Windows\System\TQHiuUY.exe
  2⤵
  PID:5748
- C:\Windows\System\YEDQzqZ.exe
  C:\Windows\System\YEDQzqZ.exe
  2⤵
  PID:5812
- C:\Windows\System\eKYwzbi.exe
  C:\Windows\System\eKYwzbi.exe
  2⤵
  PID:5852
- C:\Windows\System\pGPIEzY.exe
  C:\Windows\System\pGPIEzY.exe
  2⤵
  PID:5956
- C:\Windows\System\tSompJe.exe
  C:\Windows\System\tSompJe.exe
  2⤵
  PID:6068
- C:\Windows\System\UvBBeyi.exe
  C:\Windows\System\UvBBeyi.exe
  2⤵
  PID:6076
- C:\Windows\System\eXKpqit.exe
  C:\Windows\System\eXKpqit.exe
  2⤵
  PID:5988
- C:\Windows\System\EOkPcxU.exe
  C:\Windows\System\EOkPcxU.exe
  2⤵
  PID:6092
- C:\Windows\System\WQaQCnM.exe
  C:\Windows\System\WQaQCnM.exe
  2⤵
  PID:6108
- C:\Windows\System\SlcqLbP.exe
  C:\Windows\System\SlcqLbP.exe
  2⤵
  PID:6124
- C:\Windows\System\rGihRhr.exe
  C:\Windows\System\rGihRhr.exe
  2⤵
  PID:4708
- C:\Windows\System\gVJLqcX.exe
  C:\Windows\System\gVJLqcX.exe
  2⤵
  PID:3624
- C:\Windows\System\ncqzPRj.exe
  C:\Windows\System\ncqzPRj.exe
  2⤵
  PID:5212
- C:\Windows\System\hyEjkak.exe
  C:\Windows\System\hyEjkak.exe
  2⤵
  PID:5208
- C:\Windows\System\atLZPWU.exe
  C:\Windows\System\atLZPWU.exe
  2⤵
  PID:5052
- C:\Windows\System\cDpqqhi.exe
  C:\Windows\System\cDpqqhi.exe
  2⤵
  PID:5160
- C:\Windows\System\aBvfEfL.exe
  C:\Windows\System\aBvfEfL.exe
  2⤵
  PID:5164
- C:\Windows\System\kFfZmpf.exe
  C:\Windows\System\kFfZmpf.exe
  2⤵
  PID:5260
- C:\Windows\System\iZhutSP.exe
  C:\Windows\System\iZhutSP.exe
  2⤵
  PID:5300
- C:\Windows\System\ddjaztw.exe
  C:\Windows\System\ddjaztw.exe
  2⤵
  PID:5600
- C:\Windows\System\SmMHPKO.exe
  C:\Windows\System\SmMHPKO.exe
  2⤵
  PID:5500
- C:\Windows\System\JhQZIdI.exe
  C:\Windows\System\JhQZIdI.exe
  2⤵
  PID:5436
- C:\Windows\System\lnPuYgx.exe
  C:\Windows\System\lnPuYgx.exe
  2⤵
  PID:5668
- C:\Windows\System\ZRgilsU.exe
  C:\Windows\System\ZRgilsU.exe
  2⤵
  PID:5536
- C:\Windows\System\NGNnWgm.exe
  C:\Windows\System\NGNnWgm.exe
  2⤵
  PID:5800
- C:\Windows\System\LjQEbyo.exe
  C:\Windows\System\LjQEbyo.exe
  2⤵
  PID:5664
- C:\Windows\System\bdKISfJ.exe
  C:\Windows\System\bdKISfJ.exe
  2⤵
  PID:5936
- C:\Windows\System\HuaBdbL.exe
  C:\Windows\System\HuaBdbL.exe
  2⤵
  PID:5716
- C:\Windows\System\CuQYnMO.exe
  C:\Windows\System\CuQYnMO.exe
  2⤵
  PID:5900
- C:\Windows\System\FSOTBfY.exe
  C:\Windows\System\FSOTBfY.exe
  2⤵
  PID:6136
- C:\Windows\System\EmVCOOX.exe
  C:\Windows\System\EmVCOOX.exe
  2⤵
  PID:6024
- C:\Windows\System\XsNmAgX.exe
  C:\Windows\System\XsNmAgX.exe
  2⤵
  PID:5952
- C:\Windows\System\PAlzCvu.exe
  C:\Windows\System\PAlzCvu.exe
  2⤵
  PID:5148
- C:\Windows\System\MFFjriy.exe
  C:\Windows\System\MFFjriy.exe
  2⤵
  PID:5880
- C:\Windows\System\nWVVSeh.exe
  C:\Windows\System\nWVVSeh.exe
  2⤵
  PID:5648
- C:\Windows\System\PALEIrA.exe
  C:\Windows\System\PALEIrA.exe
  2⤵
  PID:5784
- C:\Windows\System\laTRvzk.exe
  C:\Windows\System\laTRvzk.exe
  2⤵
  PID:6056
- C:\Windows\System\thKSZst.exe
  C:\Windows\System\thKSZst.exe
  2⤵
  PID:4368
- C:\Windows\System\MwGTggn.exe
  C:\Windows\System\MwGTggn.exe
  2⤵
  PID:4596
- C:\Windows\System\GEEDOsQ.exe
  C:\Windows\System\GEEDOsQ.exe
  2⤵
  PID:4944
- C:\Windows\System\vbNMOGm.exe
  C:\Windows\System\vbNMOGm.exe
  2⤵
  PID:5504
- C:\Windows\System\fgVCZoM.exe
  C:\Windows\System\fgVCZoM.exe
  2⤵
  PID:5456
- C:\Windows\System\xCFnQFX.exe
  C:\Windows\System\xCFnQFX.exe
  2⤵
  PID:5520
- C:\Windows\System\eMXqKba.exe
  C:\Windows\System\eMXqKba.exe
  2⤵
  PID:5728
- C:\Windows\System\iZQCpyi.exe
  C:\Windows\System\iZQCpyi.exe
  2⤵
  PID:4472
- C:\Windows\System\PVhUmmP.exe
  C:\Windows\System\PVhUmmP.exe
  2⤵
  PID:5244
- C:\Windows\System\gRCXZpL.exe
  C:\Windows\System\gRCXZpL.exe
  2⤵
  PID:5228
- C:\Windows\System\RtYshRx.exe
  C:\Windows\System\RtYshRx.exe
  2⤵
  PID:5248
- C:\Windows\System\ZutKpXX.exe
  C:\Windows\System\ZutKpXX.exe
  2⤵
  PID:6148
- C:\Windows\System\ANTNzEl.exe
  C:\Windows\System\ANTNzEl.exe
  2⤵
  PID:6164
- C:\Windows\System\LbLdKgS.exe
  C:\Windows\System\LbLdKgS.exe
  2⤵
  PID:6184
- C:\Windows\System\pemeOdT.exe
  C:\Windows\System\pemeOdT.exe
  2⤵
  PID:6200
- C:\Windows\System\CIlQfty.exe
  C:\Windows\System\CIlQfty.exe
  2⤵
  PID:6216
- C:\Windows\System\iJpnYKS.exe
  C:\Windows\System\iJpnYKS.exe
  2⤵
  PID:6232
- C:\Windows\System\VEaeliN.exe
  C:\Windows\System\VEaeliN.exe
  2⤵
  PID:6340
- C:\Windows\System\oekkNGI.exe
  C:\Windows\System\oekkNGI.exe
  2⤵
  PID:6356
- C:\Windows\System\mEHaiyu.exe
  C:\Windows\System\mEHaiyu.exe
  2⤵
  PID:6376
- C:\Windows\System\kXESKIW.exe
  C:\Windows\System\kXESKIW.exe
  2⤵
  PID:6396
- C:\Windows\System\PQhZGuN.exe
  C:\Windows\System\PQhZGuN.exe
  2⤵
  PID:6412
- C:\Windows\System\JsyMPSk.exe
  C:\Windows\System\JsyMPSk.exe
  2⤵
  PID:6428
- C:\Windows\System\kIiyhLJ.exe
  C:\Windows\System\kIiyhLJ.exe
  2⤵
  PID:6444
- C:\Windows\System\MiEJGRH.exe
  C:\Windows\System\MiEJGRH.exe
  2⤵
  PID:6460
- C:\Windows\System\sFMAHkk.exe
  C:\Windows\System\sFMAHkk.exe
  2⤵
  PID:6476
- C:\Windows\System\JnxsWhG.exe
  C:\Windows\System\JnxsWhG.exe
  2⤵
  PID:6496
- C:\Windows\System\NWCefot.exe
  C:\Windows\System\NWCefot.exe
  2⤵
  PID:6512
- C:\Windows\System\nzjrBjk.exe
  C:\Windows\System\nzjrBjk.exe
  2⤵
  PID:6528
- C:\Windows\System\hLYQibk.exe
  C:\Windows\System\hLYQibk.exe
  2⤵
  PID:6544
- C:\Windows\System\CoHGfbD.exe
  C:\Windows\System\CoHGfbD.exe
  2⤵
  PID:6560
- C:\Windows\System\tsiIoby.exe
  C:\Windows\System\tsiIoby.exe
  2⤵
  PID:6576
- C:\Windows\System\xNdpcqB.exe
  C:\Windows\System\xNdpcqB.exe
  2⤵
  PID:6592
- C:\Windows\System\ujGPEMz.exe
  C:\Windows\System\ujGPEMz.exe
  2⤵
  PID:6608
- C:\Windows\System\qMFBFOp.exe
  C:\Windows\System\qMFBFOp.exe
  2⤵
  PID:6624
- C:\Windows\System\yEpMGCs.exe
  C:\Windows\System\yEpMGCs.exe
  2⤵
  PID:6640
- C:\Windows\System\DMyxUyv.exe
  C:\Windows\System\DMyxUyv.exe
  2⤵
  PID:6656
- C:\Windows\System\CGXoFMK.exe
  C:\Windows\System\CGXoFMK.exe
  2⤵
  PID:6672
- C:\Windows\System\qGuXfja.exe
  C:\Windows\System\qGuXfja.exe
  2⤵
  PID:6688
- C:\Windows\System\pcVuBNw.exe
  C:\Windows\System\pcVuBNw.exe
  2⤵
  PID:6704
- C:\Windows\System\fuIiUwV.exe
  C:\Windows\System\fuIiUwV.exe
  2⤵
  PID:6724
- C:\Windows\System\qImOCUN.exe
  C:\Windows\System\qImOCUN.exe
  2⤵
  PID:6740
- C:\Windows\System\MuPsVIa.exe
  C:\Windows\System\MuPsVIa.exe
  2⤵
  PID:6756
- C:\Windows\System\InfrNoX.exe
  C:\Windows\System\InfrNoX.exe
  2⤵
  PID:6776
- C:\Windows\System\hwZAZXP.exe
  C:\Windows\System\hwZAZXP.exe
  2⤵
  PID:6792
- C:\Windows\System\EtArmWo.exe
  C:\Windows\System\EtArmWo.exe
  2⤵
  PID:6808
- C:\Windows\System\XTVOWNP.exe
  C:\Windows\System\XTVOWNP.exe
  2⤵
  PID:6828
- C:\Windows\System\NeNSsVP.exe
  C:\Windows\System\NeNSsVP.exe
  2⤵
  PID:6844
- C:\Windows\System\MQawmDa.exe
  C:\Windows\System\MQawmDa.exe
  2⤵
  PID:6860
- C:\Windows\System\XREtCRy.exe
  C:\Windows\System\XREtCRy.exe
  2⤵
  PID:6876
- C:\Windows\System\nSByHkq.exe
  C:\Windows\System\nSByHkq.exe
  2⤵
  PID:6892
- C:\Windows\System\VapbUvd.exe
  C:\Windows\System\VapbUvd.exe
  2⤵
  PID:6908
- C:\Windows\System\NeIishl.exe
  C:\Windows\System\NeIishl.exe
  2⤵
  PID:6924
- C:\Windows\System\RxQGpuo.exe
  C:\Windows\System\RxQGpuo.exe
  2⤵
  PID:6940
- C:\Windows\System\nACYXfr.exe
  C:\Windows\System\nACYXfr.exe
  2⤵
  PID:6956
- C:\Windows\System\vmqzWZA.exe
  C:\Windows\System\vmqzWZA.exe
  2⤵
  PID:6972
- C:\Windows\System\rKCFMiw.exe
  C:\Windows\System\rKCFMiw.exe
  2⤵
  PID:6988
- C:\Windows\System\mYSxpPz.exe
  C:\Windows\System\mYSxpPz.exe
  2⤵
  PID:7004
- C:\Windows\System\APLGubO.exe
  C:\Windows\System\APLGubO.exe
  2⤵
  PID:7020
- C:\Windows\System\NhSGoHA.exe
  C:\Windows\System\NhSGoHA.exe
  2⤵
  PID:7036
- C:\Windows\System\xSUcwHN.exe
  C:\Windows\System\xSUcwHN.exe
  2⤵
  PID:7052
- C:\Windows\System\qLdHyDR.exe
  C:\Windows\System\qLdHyDR.exe
  2⤵
  PID:7072
- C:\Windows\System\BDkZtNV.exe
  C:\Windows\System\BDkZtNV.exe
  2⤵
  PID:7088
- C:\Windows\System\GtWCsya.exe
  C:\Windows\System\GtWCsya.exe
  2⤵
  PID:7104
- C:\Windows\System\SLHkQZR.exe
  C:\Windows\System\SLHkQZR.exe
  2⤵
  PID:6112
- C:\Windows\System\ojmrnmV.exe
  C:\Windows\System\ojmrnmV.exe
  2⤵
  PID:5700
- C:\Windows\System\IORwHmG.exe
  C:\Windows\System\IORwHmG.exe
  2⤵
  PID:5276
- C:\Windows\System\ppjVZcW.exe
  C:\Windows\System\ppjVZcW.exe
  2⤵
  PID:6420
- C:\Windows\System\dclJkUU.exe
  C:\Windows\System\dclJkUU.exe
  2⤵
  PID:6492
- C:\Windows\System\ZkYqPPq.exe
  C:\Windows\System\ZkYqPPq.exe
  2⤵
  PID:6336
- C:\Windows\System\rIferKi.exe
  C:\Windows\System\rIferKi.exe
  2⤵
  PID:6404
- C:\Windows\System\ncfrLJo.exe
  C:\Windows\System\ncfrLJo.exe
  2⤵
  PID:6504
- C:\Windows\System\jnDvRHr.exe
  C:\Windows\System\jnDvRHr.exe
  2⤵
  PID:6540
- C:\Windows\System\RtzTKRy.exe
  C:\Windows\System\RtzTKRy.exe
  2⤵
  PID:6572
- C:\Windows\System\nOMhnOh.exe
  C:\Windows\System\nOMhnOh.exe
  2⤵
  PID:6632
- C:\Windows\System\IsmADpO.exe
  C:\Windows\System\IsmADpO.exe
  2⤵
  PID:6668
- C:\Windows\System\YTpOOON.exe
  C:\Windows\System\YTpOOON.exe
  2⤵
  PID:6764
- C:\Windows\System\FLCBwls.exe
  C:\Windows\System\FLCBwls.exe
  2⤵
  PID:6588
- C:\Windows\System\wcCJQOF.exe
  C:\Windows\System\wcCJQOF.exe
  2⤵
  PID:6964
- C:\Windows\System\zUYWefS.exe
  C:\Windows\System\zUYWefS.exe
  2⤵
  PID:6652
- C:\Windows\System\REcReIu.exe
  C:\Windows\System\REcReIu.exe
  2⤵
  PID:6752
- C:\Windows\System\mmXPXTj.exe
  C:\Windows\System\mmXPXTj.exe
  2⤵
  PID:6948
- C:\Windows\System\aTNnwnk.exe
  C:\Windows\System\aTNnwnk.exe
  2⤵
  PID:6980
- C:\Windows\System\DuFOsId.exe
  C:\Windows\System\DuFOsId.exe
  2⤵
  PID:6856
- C:\Windows\System\zPpMmse.exe
  C:\Windows\System\zPpMmse.exe
  2⤵
  PID:7000
- C:\Windows\System\omVLDsW.exe
  C:\Windows\System\omVLDsW.exe
  2⤵
  PID:7064
- C:\Windows\System\UsVJpmZ.exe
  C:\Windows\System\UsVJpmZ.exe
  2⤵
  PID:7012
- C:\Windows\System\IcMvYDz.exe
  C:\Windows\System\IcMvYDz.exe
  2⤵
  PID:7080
- C:\Windows\System\osTLjCL.exe
  C:\Windows\System\osTLjCL.exe
  2⤵
  PID:7120
- C:\Windows\System\KsvqMvj.exe
  C:\Windows\System\KsvqMvj.exe
  2⤵
  PID:7132
- C:\Windows\System\oMKJbml.exe
  C:\Windows\System\oMKJbml.exe
  2⤵
  PID:7148
- C:\Windows\System\mfrGaNJ.exe
  C:\Windows\System\mfrGaNJ.exe
  2⤵
  PID:7164
- C:\Windows\System\fvVtasY.exe
  C:\Windows\System\fvVtasY.exe
  2⤵
  PID:6100
- C:\Windows\System\QJVDbyq.exe
  C:\Windows\System\QJVDbyq.exe
  2⤵
  PID:5296
- C:\Windows\System\dBaSOLD.exe
  C:\Windows\System\dBaSOLD.exe
  2⤵
  PID:6208
- C:\Windows\System\HYTdvEu.exe
  C:\Windows\System\HYTdvEu.exe
  2⤵
  PID:5680
- C:\Windows\System\ervogof.exe
  C:\Windows\System\ervogof.exe
  2⤵
  PID:6120
- C:\Windows\System\ddFzbGu.exe
  C:\Windows\System\ddFzbGu.exe
  2⤵
  PID:5308
- C:\Windows\System\hGTgjEV.exe
  C:\Windows\System\hGTgjEV.exe
  2⤵
  PID:6224
- C:\Windows\System\Rsalkvb.exe
  C:\Windows\System\Rsalkvb.exe
  2⤵
  PID:6248
- C:\Windows\System\mJznlsN.exe
  C:\Windows\System\mJznlsN.exe
  2⤵
  PID:2008
- C:\Windows\System\YRtDDpc.exe
  C:\Windows\System\YRtDDpc.exe
  2⤵
  PID:6268
- C:\Windows\System\JFCVQJu.exe
  C:\Windows\System\JFCVQJu.exe
  2⤵
  PID:6280
- C:\Windows\System\pCIIUYm.exe
  C:\Windows\System\pCIIUYm.exe
  2⤵
  PID:6296
- C:\Windows\System\lpwdGwF.exe
  C:\Windows\System\lpwdGwF.exe
  2⤵
  PID:6312
- C:\Windows\System\UFAFWte.exe
  C:\Windows\System\UFAFWte.exe
  2⤵
  PID:6456
- C:\Windows\System\JhtRDMt.exe
  C:\Windows\System\JhtRDMt.exe
  2⤵
  PID:6392
- C:\Windows\System\LNtkDbD.exe
  C:\Windows\System\LNtkDbD.exe
  2⤵
  PID:6440
- C:\Windows\System\oteiXBY.exe
  C:\Windows\System\oteiXBY.exe
  2⤵
  PID:6568
- C:\Windows\System\OVkthYj.exe
  C:\Windows\System\OVkthYj.exe
  2⤵
  PID:6488
- C:\Windows\System\kSegSdQ.exe
  C:\Windows\System\kSegSdQ.exe
  2⤵
  PID:6536
- C:\Windows\System\fzSPNFi.exe
  C:\Windows\System\fzSPNFi.exe
  2⤵
  PID:6732
- C:\Windows\System\unBwdiQ.exe
  C:\Windows\System\unBwdiQ.exe
  2⤵
  PID:6804
- C:\Windows\System\GlIwoKM.exe
  C:\Windows\System\GlIwoKM.exe
  2⤵
  PID:6700
- C:\Windows\System\ELmXLmM.exe
  C:\Windows\System\ELmXLmM.exe
  2⤵
  PID:6616
- C:\Windows\System\oGFXZEP.exe
  C:\Windows\System\oGFXZEP.exe
  2⤵
  PID:6920
- C:\Windows\System\SSTvGCH.exe
  C:\Windows\System\SSTvGCH.exe
  2⤵
  PID:6852
- C:\Windows\System\nIXxdfB.exe
  C:\Windows\System\nIXxdfB.exe
  2⤵
  PID:7140
- C:\Windows\System\tDgStTd.exe
  C:\Windows\System\tDgStTd.exe
  2⤵
  PID:5636
- C:\Windows\System\uBYZWxL.exe
  C:\Windows\System\uBYZWxL.exe
  2⤵
  PID:6192
- C:\Windows\System\NFLPYOj.exe
  C:\Windows\System\NFLPYOj.exe
  2⤵
  PID:6816
- C:\Windows\System\RgejIsQ.exe
  C:\Windows\System\RgejIsQ.exe
  2⤵
  PID:7144
- C:\Windows\System\NqOkbzE.exe
  C:\Windows\System\NqOkbzE.exe
  2⤵
  PID:6196
- C:\Windows\System\SyLEMSO.exe
  C:\Windows\System\SyLEMSO.exe
  2⤵
  PID:5472
- C:\Windows\System\FdKLCwK.exe
  C:\Windows\System\FdKLCwK.exe
  2⤵
  PID:5356
- C:\Windows\System\NESNliI.exe
  C:\Windows\System\NESNliI.exe
  2⤵
  PID:7060
- C:\Windows\System\NUFYWrI.exe
  C:\Windows\System\NUFYWrI.exe
  2⤵
  PID:6900
- C:\Windows\System\JWIOlxC.exe
  C:\Windows\System\JWIOlxC.exe
  2⤵
  PID:6680
- C:\Windows\System\oxKCpMF.exe
  C:\Windows\System\oxKCpMF.exe
  2⤵
  PID:6320
- C:\Windows\System\iQxdKYl.exe
  C:\Windows\System\iQxdKYl.exe
  2⤵
  PID:6160
- C:\Windows\System\HncRnxc.exe
  C:\Windows\System\HncRnxc.exe
  2⤵
  PID:6276
- C:\Windows\System\yTiGSjE.exe
  C:\Windows\System\yTiGSjE.exe
  2⤵
  PID:6368
- C:\Windows\System\puoGUYI.exe
  C:\Windows\System\puoGUYI.exe
  2⤵
  PID:7160
- C:\Windows\System\iZhyUGI.exe
  C:\Windows\System\iZhyUGI.exe
  2⤵
  PID:1492
- C:\Windows\System\NFWKEce.exe
  C:\Windows\System\NFWKEce.exe
  2⤵
  PID:2476
- C:\Windows\System\WJFOSly.exe
  C:\Windows\System\WJFOSly.exe
  2⤵
  PID:6524
- C:\Windows\System\PoLrqWX.exe
  C:\Windows\System\PoLrqWX.exe
  2⤵
  PID:6720
- C:\Windows\System\ILPBAkh.exe
  C:\Windows\System\ILPBAkh.exe
  2⤵
  PID:6472
- C:\Windows\System\entkwtM.exe
  C:\Windows\System\entkwtM.exe
  2⤵
  PID:6436
- C:\Windows\System\uShjipn.exe
  C:\Windows\System\uShjipn.exe
  2⤵
  PID:6364
- C:\Windows\System\KHKZQUv.exe
  C:\Windows\System\KHKZQUv.exe
  2⤵
  PID:7192
- C:\Windows\System\rfzBAvt.exe
  C:\Windows\System\rfzBAvt.exe
  2⤵
  PID:7208
- C:\Windows\System\SJgLtYc.exe
  C:\Windows\System\SJgLtYc.exe
  2⤵
  PID:7224
- C:\Windows\System\qWqnFYw.exe
  C:\Windows\System\qWqnFYw.exe
  2⤵
  PID:7240
- C:\Windows\System\LKHrKYV.exe
  C:\Windows\System\LKHrKYV.exe
  2⤵
  PID:7256
- C:\Windows\System\oFbXBoW.exe
  C:\Windows\System\oFbXBoW.exe
  2⤵
  PID:7272
- C:\Windows\System\fzLHNqr.exe
  C:\Windows\System\fzLHNqr.exe
  2⤵
  PID:7288
- C:\Windows\System\dMJCwzm.exe
  C:\Windows\System\dMJCwzm.exe
  2⤵
  PID:7304
- C:\Windows\System\NwaAtgj.exe
  C:\Windows\System\NwaAtgj.exe
  2⤵
  PID:7320
- C:\Windows\System\QrKmfcf.exe
  C:\Windows\System\QrKmfcf.exe
  2⤵
  PID:7336
- C:\Windows\System\SSjYHhT.exe
  C:\Windows\System\SSjYHhT.exe
  2⤵
  PID:7352
- C:\Windows\System\hxRWTvz.exe
  C:\Windows\System\hxRWTvz.exe
  2⤵
  PID:7368
- C:\Windows\System\cJHyDJp.exe
  C:\Windows\System\cJHyDJp.exe
  2⤵
  PID:7384
- C:\Windows\System\nttziuL.exe
  C:\Windows\System\nttziuL.exe
  2⤵
  PID:7400
- C:\Windows\System\DlLamtv.exe
  C:\Windows\System\DlLamtv.exe
  2⤵
  PID:7416
- C:\Windows\System\AENYvEU.exe
  C:\Windows\System\AENYvEU.exe
  2⤵
  PID:7432
- C:\Windows\System\GNrSQxh.exe
  C:\Windows\System\GNrSQxh.exe
  2⤵
  PID:7448
- C:\Windows\System\gBjMfaj.exe
  C:\Windows\System\gBjMfaj.exe
  2⤵
  PID:7464
- C:\Windows\System\qCEIuOE.exe
  C:\Windows\System\qCEIuOE.exe
  2⤵
  PID:7480
- C:\Windows\System\QuSEGpQ.exe
  C:\Windows\System\QuSEGpQ.exe
  2⤵
  PID:7496
- C:\Windows\System\HtSNCno.exe
  C:\Windows\System\HtSNCno.exe
  2⤵
  PID:7512
- C:\Windows\System\aosuKjm.exe
  C:\Windows\System\aosuKjm.exe
  2⤵
  PID:7528
- C:\Windows\System\XTrIXgs.exe
  C:\Windows\System\XTrIXgs.exe
  2⤵
  PID:7544
- C:\Windows\System\NonHkdK.exe
  C:\Windows\System\NonHkdK.exe
  2⤵
  PID:7560
- C:\Windows\System\TbzAvFo.exe
  C:\Windows\System\TbzAvFo.exe
  2⤵
  PID:7576
- C:\Windows\System\Wchfnri.exe
  C:\Windows\System\Wchfnri.exe
  2⤵
  PID:7592
- C:\Windows\System\TBZWJTn.exe
  C:\Windows\System\TBZWJTn.exe
  2⤵
  PID:7608
- C:\Windows\System\bxSBOXJ.exe
  C:\Windows\System\bxSBOXJ.exe
  2⤵
  PID:7624
- C:\Windows\System\fpShChN.exe
  C:\Windows\System\fpShChN.exe
  2⤵
  PID:7640
- C:\Windows\System\MnGXtZs.exe
  C:\Windows\System\MnGXtZs.exe
  2⤵
  PID:7656
- C:\Windows\System\iwlYrRI.exe
  C:\Windows\System\iwlYrRI.exe
  2⤵
  PID:7672
- C:\Windows\System\CHsdYIG.exe
  C:\Windows\System\CHsdYIG.exe
  2⤵
  PID:7692
- C:\Windows\System\VsHSWLe.exe
  C:\Windows\System\VsHSWLe.exe
  2⤵
  PID:7708
- C:\Windows\System\wJSsyPK.exe
  C:\Windows\System\wJSsyPK.exe
  2⤵
  PID:7728
- C:\Windows\System\LLWCZkZ.exe
  C:\Windows\System\LLWCZkZ.exe
  2⤵
  PID:7744
- C:\Windows\System\TuNKave.exe
  C:\Windows\System\TuNKave.exe
  2⤵
  PID:7760
- C:\Windows\System\oRSBKTp.exe
  C:\Windows\System\oRSBKTp.exe
  2⤵
  PID:7780
- C:\Windows\System\AvTUWGX.exe
  C:\Windows\System\AvTUWGX.exe
  2⤵
  PID:7920
- C:\Windows\System\mHlRhKw.exe
  C:\Windows\System\mHlRhKw.exe
  2⤵
  PID:7952
- C:\Windows\System\wtPjgqI.exe
  C:\Windows\System\wtPjgqI.exe
  2⤵
  PID:7972
- C:\Windows\System\oQRSbIK.exe
  C:\Windows\System\oQRSbIK.exe
  2⤵
  PID:7988
- C:\Windows\System\aXKEAWd.exe
  C:\Windows\System\aXKEAWd.exe
  2⤵
  PID:8008
- C:\Windows\System\qTyWTGv.exe
  C:\Windows\System\qTyWTGv.exe
  2⤵
  PID:8024
- C:\Windows\System\fMUBdlE.exe
  C:\Windows\System\fMUBdlE.exe
  2⤵
  PID:8040
- C:\Windows\System\zYZGrYF.exe
  C:\Windows\System\zYZGrYF.exe
  2⤵
  PID:8108
- C:\Windows\System\XyKYchX.exe
  C:\Windows\System\XyKYchX.exe
  2⤵
  PID:8124
- C:\Windows\System\GgahFZm.exe
  C:\Windows\System\GgahFZm.exe
  2⤵
  PID:8140
- C:\Windows\System\cDNInqf.exe
  C:\Windows\System\cDNInqf.exe
  2⤵
  PID:8156
- C:\Windows\System\mmnRMtn.exe
  C:\Windows\System\mmnRMtn.exe
  2⤵
  PID:8172
- C:\Windows\System\sNRvWHX.exe
  C:\Windows\System\sNRvWHX.exe
  2⤵
  PID:6824
- C:\Windows\System\YvxWsUQ.exe
  C:\Windows\System\YvxWsUQ.exe
  2⤵
  PID:6244
- C:\Windows\System\jEmEagO.exe
  C:\Windows\System\jEmEagO.exe
  2⤵
  PID:7176
- C:\Windows\System\liRRksQ.exe
  C:\Windows\System\liRRksQ.exe
  2⤵
  PID:6836
- C:\Windows\System\iaTxpNd.exe
  C:\Windows\System\iaTxpNd.exe
  2⤵
  PID:6932
- C:\Windows\System\mtIvEqE.exe
  C:\Windows\System\mtIvEqE.exe
  2⤵
  PID:6584
- C:\Windows\System\UJeklQq.exe
  C:\Windows\System\UJeklQq.exe
  2⤵
  PID:2348
- C:\Windows\System\DBlWLLm.exe
  C:\Windows\System\DBlWLLm.exe
  2⤵
  PID:7204
- C:\Windows\System\yuDCnDp.exe
  C:\Windows\System\yuDCnDp.exe
  2⤵
  PID:7116
- C:\Windows\System\ugdwaqY.exe
  C:\Windows\System\ugdwaqY.exe
  2⤵
  PID:6996
- C:\Windows\System\AzfAUMe.exe
  C:\Windows\System\AzfAUMe.exe
  2⤵
  PID:7364
- C:\Windows\System\XFLHVqC.exe
  C:\Windows\System\XFLHVqC.exe
  2⤵
  PID:7396
- C:\Windows\System\ViSSJaO.exe
  C:\Windows\System\ViSSJaO.exe
  2⤵
  PID:7348
- C:\Windows\System\xzourdm.exe
  C:\Windows\System\xzourdm.exe
  2⤵
  PID:7376
- C:\Windows\System\NIArYav.exe
  C:\Windows\System\NIArYav.exe
  2⤵
  PID:7504
- C:\Windows\System\SYuizae.exe
  C:\Windows\System\SYuizae.exe
  2⤵
  PID:7572
- C:\Windows\System\dTxGSnS.exe
  C:\Windows\System\dTxGSnS.exe
  2⤵
  PID:7604
- C:\Windows\System\qjGEOZk.exe
  C:\Windows\System\qjGEOZk.exe
  2⤵
  PID:7668
- C:\Windows\System\HWLecgS.exe
  C:\Windows\System\HWLecgS.exe
  2⤵
  PID:7768
- C:\Windows\System\BckiVqE.exe
  C:\Windows\System\BckiVqE.exe
  2⤵
  PID:7248
- C:\Windows\System\ZZFRPgx.exe
  C:\Windows\System\ZZFRPgx.exe
  2⤵
  PID:7408
- C:\Windows\System\xTKvQeV.exe
  C:\Windows\System\xTKvQeV.exe
  2⤵
  PID:7804
- C:\Windows\System\WphvVJP.exe
  C:\Windows\System\WphvVJP.exe
  2⤵
  PID:7752
- C:\Windows\System\UWtjUbh.exe
  C:\Windows\System\UWtjUbh.exe
  2⤵
  PID:7684
- C:\Windows\System\JMkGANj.exe
  C:\Windows\System\JMkGANj.exe
  2⤵
  PID:7844
- C:\Windows\System\VqNtRoO.exe
  C:\Windows\System\VqNtRoO.exe
  2⤵
  PID:7680
- C:\Windows\System\tEtfTnk.exe
  C:\Windows\System\tEtfTnk.exe
  2⤵
  PID:7856
- C:\Windows\System\wmPpUiH.exe
  C:\Windows\System\wmPpUiH.exe
  2⤵
  PID:7968
- C:\Windows\System\pzJTbpc.exe
  C:\Windows\System\pzJTbpc.exe
  2⤵
  PID:7900
- C:\Windows\System\ipScMyk.exe
  C:\Windows\System\ipScMyk.exe
  2⤵
  PID:7916
- C:\Windows\System\uoMJSRa.exe
  C:\Windows\System\uoMJSRa.exe
  2⤵
  PID:8020
- C:\Windows\System\mtsxxKI.exe
  C:\Windows\System\mtsxxKI.exe
  2⤵
  PID:7948
- C:\Windows\System\PiiMpDL.exe
  C:\Windows\System\PiiMpDL.exe
  2⤵
  PID:8072
- C:\Windows\System\OKGuxBb.exe
  C:\Windows\System\OKGuxBb.exe
  2⤵
  PID:8092
- C:\Windows\System\elpCxar.exe
  C:\Windows\System\elpCxar.exe
  2⤵
  PID:8120
- C:\Windows\System\ByueaMo.exe
  C:\Windows\System\ByueaMo.exe
  2⤵
  PID:8188
- C:\Windows\System\atRglJf.exe
  C:\Windows\System\atRglJf.exe
  2⤵
  PID:6904
- C:\Windows\System\ugDwOGG.exe
  C:\Windows\System\ugDwOGG.exe
  2⤵
  PID:7264
- C:\Windows\System\IbKNWwL.exe
  C:\Windows\System\IbKNWwL.exe
  2⤵
  PID:7312
- C:\Windows\System\qnmsYWI.exe
  C:\Windows\System\qnmsYWI.exe
  2⤵
  PID:7704
- C:\Windows\System\RvNgJnj.exe
  C:\Windows\System\RvNgJnj.exe
  2⤵
  PID:7220
- C:\Windows\System\nnfpKlh.exe
  C:\Windows\System\nnfpKlh.exe
  2⤵
  PID:8132
- C:\Windows\System\kbjEdOp.exe
  C:\Windows\System\kbjEdOp.exe
  2⤵
  PID:6252
- C:\Windows\System\dHBVsEX.exe
  C:\Windows\System\dHBVsEX.exe
  2⤵
  PID:8168
- C:\Windows\System\WTTPAuw.exe
  C:\Windows\System\WTTPAuw.exe
  2⤵
  PID:6716
- C:\Windows\System\jiGXZJK.exe
  C:\Windows\System\jiGXZJK.exe
  2⤵
  PID:6284
- C:\Windows\System\FBJHHGs.exe
  C:\Windows\System\FBJHHGs.exe
  2⤵
  PID:7536
- C:\Windows\System\kUitkQK.exe
  C:\Windows\System\kUitkQK.exe
  2⤵
  PID:7552
- C:\Windows\System\SosftYg.exe
  C:\Windows\System\SosftYg.exe
  2⤵
  PID:7488
- C:\Windows\System\oWVadjI.exe
  C:\Windows\System\oWVadjI.exe
  2⤵
  PID:7724
- C:\Windows\System\ZHYhUSL.exe
  C:\Windows\System\ZHYhUSL.exe
  2⤵
  PID:7840
- C:\Windows\System\DLbCatR.exe
  C:\Windows\System\DLbCatR.exe
  2⤵
  PID:7852
- C:\Windows\System\HbBQwOc.exe
  C:\Windows\System\HbBQwOc.exe
  2⤵
  PID:7876
- C:\Windows\System\snAEJHU.exe
  C:\Windows\System\snAEJHU.exe
  2⤵
  PID:7820
- C:\Windows\System\wUDZELY.exe
  C:\Windows\System\wUDZELY.exe
  2⤵
  PID:7896
- C:\Windows\System\NnKEkBa.exe
  C:\Windows\System\NnKEkBa.exe
  2⤵
  PID:7868
- C:\Windows\System\INvUBmZ.exe
  C:\Windows\System\INvUBmZ.exe
  2⤵
  PID:7772
- C:\Windows\System\kdPZdoz.exe
  C:\Windows\System\kdPZdoz.exe
  2⤵
  PID:7908
- C:\Windows\System\SOQAtJp.exe
  C:\Windows\System\SOQAtJp.exe
  2⤵
  PID:8064
- C:\Windows\System\hntKnvO.exe
  C:\Windows\System\hntKnvO.exe
  2⤵
  PID:6664
- C:\Windows\System\vRkLfFP.exe
  C:\Windows\System\vRkLfFP.exe
  2⤵
  PID:8116
- C:\Windows\System\fnXbOZG.exe
  C:\Windows\System\fnXbOZG.exe
  2⤵
  PID:4144
- C:\Windows\System\GAdoLja.exe
  C:\Windows\System\GAdoLja.exe
  2⤵
  PID:6264
- C:\Windows\System\SkEmhVS.exe
  C:\Windows\System\SkEmhVS.exe
  2⤵
  PID:8080
- C:\Windows\System\UlNfUdQ.exe
  C:\Windows\System\UlNfUdQ.exe
  2⤵
  PID:7912
- C:\Windows\System\EHIXdNh.exe
  C:\Windows\System\EHIXdNh.exe
  2⤵
  PID:7236
- C:\Windows\System\qQydryP.exe
  C:\Windows\System\qQydryP.exe
  2⤵
  PID:8052
- C:\Windows\System\nvmENKF.exe
  C:\Windows\System\nvmENKF.exe
  2⤵
  PID:7444
- C:\Windows\System\dWsgcuT.exe
  C:\Windows\System\dWsgcuT.exe
  2⤵
  PID:7928
- C:\Windows\System\RBxSUZI.exe
  C:\Windows\System\RBxSUZI.exe
  2⤵
  PID:7888
- C:\Windows\System\aGQuaaX.exe
  C:\Windows\System\aGQuaaX.exe
  2⤵
  PID:7216
- C:\Windows\System\PqaBfKs.exe
  C:\Windows\System\PqaBfKs.exe
  2⤵
  PID:7584
- C:\Windows\System\bmacAyu.exe
  C:\Windows\System\bmacAyu.exe
  2⤵
  PID:8036
- C:\Windows\System\JhGxngT.exe
  C:\Windows\System\JhGxngT.exe
  2⤵
  PID:7828
- C:\Windows\System\DzkpLSX.exe
  C:\Windows\System\DzkpLSX.exe
  2⤵
  PID:7816
- C:\Windows\System\Uuhwiow.exe
  C:\Windows\System\Uuhwiow.exe
  2⤵
  PID:6916
- C:\Windows\System\sbgGCkM.exe
  C:\Windows\System\sbgGCkM.exe
  2⤵
  PID:8088
- C:\Windows\System\cTzqsDP.exe
  C:\Windows\System\cTzqsDP.exe
  2⤵
  PID:7568
- C:\Windows\System\YVpzYRb.exe
  C:\Windows\System\YVpzYRb.exe
  2⤵
  PID:7944
- C:\Windows\System\ULNGazW.exe
  C:\Windows\System\ULNGazW.exe
  2⤵
  PID:8148
- C:\Windows\System\MeUnjBZ.exe
  C:\Windows\System\MeUnjBZ.exe
  2⤵
  PID:6172
- C:\Windows\System\kuzzASh.exe
  C:\Windows\System\kuzzASh.exe
  2⤵
  PID:7648
- C:\Windows\System\ewjwoAu.exe
  C:\Windows\System\ewjwoAu.exe
  2⤵
  PID:8180
- C:\Windows\System\ouiOWdt.exe
  C:\Windows\System\ouiOWdt.exe
  2⤵
  PID:8104
- C:\Windows\System\MrvWpkq.exe
  C:\Windows\System\MrvWpkq.exe
  2⤵
  PID:8000
- C:\Windows\System\XnvwlEi.exe
  C:\Windows\System\XnvwlEi.exe
  2⤵
  PID:7588
- C:\Windows\System\gWXNVYL.exe
  C:\Windows\System\gWXNVYL.exe
  2⤵
  PID:8196
- C:\Windows\System\SrsMUio.exe
  C:\Windows\System\SrsMUio.exe
  2⤵
  PID:8216
- C:\Windows\System\JMHustG.exe
  C:\Windows\System\JMHustG.exe
  2⤵
  PID:8232
- C:\Windows\System\zfpmzWy.exe
  C:\Windows\System\zfpmzWy.exe
  2⤵
  PID:8248
- C:\Windows\System\TcBAvbS.exe
  C:\Windows\System\TcBAvbS.exe
  2⤵
  PID:8268
- C:\Windows\System\tHZdsoz.exe
  C:\Windows\System\tHZdsoz.exe
  2⤵
  PID:8284
- C:\Windows\System\yASacLz.exe
  C:\Windows\System\yASacLz.exe
  2⤵
  PID:8300
- C:\Windows\System\NpBPnRs.exe
  C:\Windows\System\NpBPnRs.exe
  2⤵
  PID:8320
- C:\Windows\System\IpYIwcX.exe
  C:\Windows\System\IpYIwcX.exe
  2⤵
  PID:8336
- C:\Windows\System\VubbHyj.exe
  C:\Windows\System\VubbHyj.exe
  2⤵
  PID:8352
- C:\Windows\System\CqOeEyi.exe
  C:\Windows\System\CqOeEyi.exe
  2⤵
  PID:8372
- C:\Windows\System\rbSaBMm.exe
  C:\Windows\System\rbSaBMm.exe
  2⤵
  PID:8392
- C:\Windows\System\bqnexGP.exe
  C:\Windows\System\bqnexGP.exe
  2⤵
  PID:8408
- C:\Windows\System\KGsQofk.exe
  C:\Windows\System\KGsQofk.exe
  2⤵
  PID:8424
- C:\Windows\System\zYqxlth.exe
  C:\Windows\System\zYqxlth.exe
  2⤵
  PID:8440
- C:\Windows\System\xBBtDaX.exe
  C:\Windows\System\xBBtDaX.exe
  2⤵
  PID:8464
- C:\Windows\System\EqWXmSX.exe
  C:\Windows\System\EqWXmSX.exe
  2⤵
  PID:8480
- C:\Windows\System\fppxqbm.exe
  C:\Windows\System\fppxqbm.exe
  2⤵
  PID:8496
- C:\Windows\System\IpPhlQm.exe
  C:\Windows\System\IpPhlQm.exe
  2⤵
  PID:8512
- C:\Windows\System\BiALMKZ.exe
  C:\Windows\System\BiALMKZ.exe
  2⤵
  PID:8528
- C:\Windows\System\OBDGDcP.exe
  C:\Windows\System\OBDGDcP.exe
  2⤵
  PID:8544
- C:\Windows\System\vutekRZ.exe
  C:\Windows\System\vutekRZ.exe
  2⤵
  PID:8560
- C:\Windows\System\rZjmAWU.exe
  C:\Windows\System\rZjmAWU.exe
  2⤵
  PID:8576
- C:\Windows\System\RAcHBBX.exe
  C:\Windows\System\RAcHBBX.exe
  2⤵
  PID:8592
- C:\Windows\System\ECuiYVx.exe
  C:\Windows\System\ECuiYVx.exe
  2⤵
  PID:8608
- C:\Windows\System\iBNuDhn.exe
  C:\Windows\System\iBNuDhn.exe
  2⤵
  PID:8624
- C:\Windows\System\xvkWnXx.exe
  C:\Windows\System\xvkWnXx.exe
  2⤵
  PID:8640
- C:\Windows\System\LbjQExQ.exe
  C:\Windows\System\LbjQExQ.exe
  2⤵
  PID:8660
- C:\Windows\System\thaKZwO.exe
  C:\Windows\System\thaKZwO.exe
  2⤵
  PID:8676
- C:\Windows\System\RVmgkFs.exe
  C:\Windows\System\RVmgkFs.exe
  2⤵
  PID:8748
- C:\Windows\System\pQjamaR.exe
  C:\Windows\System\pQjamaR.exe
  2⤵
  PID:8764
- C:\Windows\System\GHJDXab.exe
  C:\Windows\System\GHJDXab.exe
  2⤵
  PID:8780
- C:\Windows\System\UfTPPgT.exe
  C:\Windows\System\UfTPPgT.exe
  2⤵
  PID:8796
- C:\Windows\System\QoTVutg.exe
  C:\Windows\System\QoTVutg.exe
  2⤵
  PID:8824
- C:\Windows\System\HgRoXkD.exe
  C:\Windows\System\HgRoXkD.exe
  2⤵
  PID:8844
- C:\Windows\System\JpDjESf.exe
  C:\Windows\System\JpDjESf.exe
  2⤵
  PID:8860
- C:\Windows\System\TJzixoI.exe
  C:\Windows\System\TJzixoI.exe
  2⤵
  PID:8876
- C:\Windows\System\bNteCsz.exe
  C:\Windows\System\bNteCsz.exe
  2⤵
  PID:8896
- C:\Windows\System\oGuoLBU.exe
  C:\Windows\System\oGuoLBU.exe
  2⤵
  PID:8912
- C:\Windows\System\MEhOtWm.exe
  C:\Windows\System\MEhOtWm.exe
  2⤵
  PID:8928
- C:\Windows\System\hUptVGt.exe
  C:\Windows\System\hUptVGt.exe
  2⤵
  PID:8952
- C:\Windows\System\kgLZDBy.exe
  C:\Windows\System\kgLZDBy.exe
  2⤵
  PID:8972
- C:\Windows\System\PZaLJpp.exe
  C:\Windows\System\PZaLJpp.exe
  2⤵
  PID:8988
- C:\Windows\System\jtKmjFb.exe
  C:\Windows\System\jtKmjFb.exe
  2⤵
  PID:9004
- C:\Windows\System\YCippUe.exe
  C:\Windows\System\YCippUe.exe
  2⤵
  PID:9124
- C:\Windows\System\YIUYgii.exe
  C:\Windows\System\YIUYgii.exe
  2⤵
  PID:9144
- C:\Windows\System\ZbIurXe.exe
  C:\Windows\System\ZbIurXe.exe
  2⤵
  PID:9160
- C:\Windows\System\UWHxOpD.exe
  C:\Windows\System\UWHxOpD.exe
  2⤵
  PID:9176
- C:\Windows\System\IaitSvj.exe
  C:\Windows\System\IaitSvj.exe
  2⤵
  PID:9192
- C:\Windows\System\ywGKulU.exe
  C:\Windows\System\ywGKulU.exe
  2⤵
  PID:9208
- C:\Windows\System\cOPRcSl.exe
  C:\Windows\System\cOPRcSl.exe
  2⤵
  PID:7808
- C:\Windows\System\CjTEYlv.exe
  C:\Windows\System\CjTEYlv.exe
  2⤵
  PID:7048
- C:\Windows\System\txDUiEh.exe
  C:\Windows\System\txDUiEh.exe
  2⤵
  PID:8228
- C:\Windows\System\caHFaPl.exe
  C:\Windows\System\caHFaPl.exe
  2⤵
  PID:8296
- C:\Windows\System\itqIwaL.exe
  C:\Windows\System\itqIwaL.exe
  2⤵
  PID:8364
- C:\Windows\System\AXkmwLE.exe
  C:\Windows\System\AXkmwLE.exe
  2⤵
  PID:8432
- C:\Windows\System\QWLQeSK.exe
  C:\Windows\System\QWLQeSK.exe
  2⤵
  PID:8504
- C:\Windows\System\JLfVVUL.exe
  C:\Windows\System\JLfVVUL.exe
  2⤵
  PID:8536
- C:\Windows\System\iloFNQM.exe
  C:\Windows\System\iloFNQM.exe
  2⤵
  PID:8600
- C:\Windows\System\AXmtGGI.exe
  C:\Windows\System\AXmtGGI.exe
  2⤵
  PID:8452
- C:\Windows\System\bvnwXgb.exe
  C:\Windows\System\bvnwXgb.exe
  2⤵
  PID:7892
- C:\Windows\System\jAhytKG.exe
  C:\Windows\System\jAhytKG.exe
  2⤵
  PID:8212
- C:\Windows\System\onAxTUA.exe
  C:\Windows\System\onAxTUA.exe
  2⤵
  PID:8280
- C:\Windows\System\deAhoYL.exe
  C:\Windows\System\deAhoYL.exe
  2⤵
  PID:8492
- C:\Windows\System\yjajvUF.exe
  C:\Windows\System\yjajvUF.exe
  2⤵
  PID:8556
- C:\Windows\System\WEGgXsQ.exe
  C:\Windows\System\WEGgXsQ.exe
  2⤵
  PID:7864
- C:\Windows\System\OUMDOVs.exe
  C:\Windows\System\OUMDOVs.exe
  2⤵
  PID:8652
- C:\Windows\System\CBchuAP.exe
  C:\Windows\System\CBchuAP.exe
  2⤵
  PID:8688
- C:\Windows\System\YmfSWSO.exe
  C:\Windows\System\YmfSWSO.exe
  2⤵
  PID:8704
- C:\Windows\System\NvYdyMX.exe
  C:\Windows\System\NvYdyMX.exe
  2⤵
  PID:7460
- C:\Windows\System\dxNHeEm.exe
  C:\Windows\System\dxNHeEm.exe
  2⤵
  PID:8728
- C:\Windows\System\xRaGNFX.exe
  C:\Windows\System\xRaGNFX.exe
  2⤵
  PID:8756
- C:\Windows\System\fUhjfYs.exe
  C:\Windows\System\fUhjfYs.exe
  2⤵
  PID:8804
- C:\Windows\System\OpirNxc.exe
  C:\Windows\System\OpirNxc.exe
  2⤵
  PID:8836
- C:\Windows\System\ayfYWvx.exe
  C:\Windows\System\ayfYWvx.exe
  2⤵
  PID:8904
- C:\Windows\System\vBqsEuD.exe
  C:\Windows\System\vBqsEuD.exe
  2⤵
  PID:8948
- C:\Windows\System\hQJdUCo.exe
  C:\Windows\System\hQJdUCo.exe
  2⤵
  PID:9012
- C:\Windows\System\YnKetDm.exe
  C:\Windows\System\YnKetDm.exe
  2⤵
  PID:9028
- C:\Windows\System\eAWkwyo.exe
  C:\Windows\System\eAWkwyo.exe
  2⤵
  PID:9044
- C:\Windows\System\stLrFzn.exe
  C:\Windows\System\stLrFzn.exe
  2⤵
  PID:8944
- C:\Windows\System\sYrvltD.exe
  C:\Windows\System\sYrvltD.exe
  2⤵
  PID:9072
- C:\Windows\System\fcPGIrs.exe
  C:\Windows\System\fcPGIrs.exe
  2⤵
  PID:9088
- C:\Windows\System\zPGjEMt.exe
  C:\Windows\System\zPGjEMt.exe
  2⤵
  PID:9092
- C:\Windows\System\BnsktPV.exe
  C:\Windows\System\BnsktPV.exe
  2⤵
  PID:8856
- C:\Windows\System\XmPnGCV.exe
  C:\Windows\System\XmPnGCV.exe
  2⤵
  PID:8920
- C:\Windows\System\iwTojrR.exe
  C:\Windows\System\iwTojrR.exe
  2⤵
  PID:8996
- C:\Windows\System\RUVUzRa.exe
  C:\Windows\System\RUVUzRa.exe
  2⤵
  PID:9116
- C:\Windows\System\CVLXkYT.exe
  C:\Windows\System\CVLXkYT.exe
  2⤵
  PID:9156
- C:\Windows\System\TSchDDl.exe
  C:\Windows\System\TSchDDl.exe
  2⤵
  PID:8136
- C:\Windows\System\VMHjqWQ.exe
  C:\Windows\System\VMHjqWQ.exe
  2⤵
  PID:8360
- C:\Windows\System\HqJrOLB.exe
  C:\Windows\System\HqJrOLB.exe
  2⤵
  PID:8572
- C:\Windows\System\cRhSMMR.exe
  C:\Windows\System\cRhSMMR.exe
  2⤵
  PID:9136
- C:\Windows\System\DpPFLyp.exe
  C:\Windows\System\DpPFLyp.exe
  2⤵
  PID:9200
- C:\Windows\System\QGlDYjO.exe
  C:\Windows\System\QGlDYjO.exe
  2⤵
  PID:8264
- C:\Windows\System\liXTYNQ.exe
  C:\Windows\System\liXTYNQ.exe
  2⤵
  PID:7156
- C:\Windows\System\guTPsad.exe
  C:\Windows\System\guTPsad.exe
  2⤵
  PID:7884
- C:\Windows\System\syUlQIq.exe
  C:\Windows\System\syUlQIq.exe
  2⤵
  PID:8316
- C:\Windows\System\pfyIcmH.exe
  C:\Windows\System\pfyIcmH.exe
  2⤵
  PID:8388
- C:\Windows\System\WVYZwQN.exe
  C:\Windows\System\WVYZwQN.exe
  2⤵
  PID:8604
- C:\Windows\System\XbOXyoh.exe
  C:\Windows\System\XbOXyoh.exe
  2⤵
  PID:8692
- C:\Windows\System\uytucfY.exe
  C:\Windows\System\uytucfY.exe
  2⤵
  PID:8552
- C:\Windows\System\WbLbTXy.exe
  C:\Windows\System\WbLbTXy.exe
  2⤵
  PID:8648
- C:\Windows\System\YhOkCZa.exe
  C:\Windows\System\YhOkCZa.exe
  2⤵
  PID:9036
- C:\Windows\System\ySMOpZw.exe
  C:\Windows\System\ySMOpZw.exe
  2⤵
  PID:8940
- C:\Windows\System\frHeSrb.exe
  C:\Windows\System\frHeSrb.exe
  2⤵
  PID:8668
- C:\Windows\System\EeuLpor.exe
  C:\Windows\System\EeuLpor.exe
  2⤵
  PID:8712
- C:\Windows\System\TIszgDl.exe
  C:\Windows\System\TIszgDl.exe
  2⤵
  PID:9064
- C:\Windows\System\XQfMNya.exe
  C:\Windows\System\XQfMNya.exe
  2⤵
  PID:9080
- C:\Windows\System\gxUrfuG.exe
  C:\Windows\System\gxUrfuG.exe
  2⤵
  PID:8892
- C:\Windows\System\ycXpCry.exe
  C:\Windows\System\ycXpCry.exe
  2⤵
  PID:9112
- C:\Windows\System\LejyLfl.exe
  C:\Windows\System\LejyLfl.exe
  2⤵
  PID:8960
- C:\Windows\System\vaWNCnE.exe
  C:\Windows\System\vaWNCnE.exe
  2⤵
  PID:8476
- C:\Windows\System\WPOxvwz.exe
  C:\Windows\System\WPOxvwz.exe
  2⤵
  PID:8312
- C:\Windows\System\qISKKDN.exe
  C:\Windows\System\qISKKDN.exe
  2⤵
  PID:8400
- C:\Windows\System\pykcpcA.exe
  C:\Windows\System\pykcpcA.exe
  2⤵
  PID:8276
- C:\Windows\System\dLvCyOw.exe
  C:\Windows\System\dLvCyOw.exe
  2⤵
  PID:8720
- C:\Windows\System\pcqOhmQ.exe
  C:\Windows\System\pcqOhmQ.exe
  2⤵
  PID:8636
- C:\Windows\System\lmPDXQd.exe
  C:\Windows\System\lmPDXQd.exe
  2⤵
  PID:9068
- C:\Windows\System\FpulqnQ.exe
  C:\Windows\System\FpulqnQ.exe
  2⤵
  PID:8632
- C:\Windows\System\vWBLtAH.exe
  C:\Windows\System\vWBLtAH.exe
  2⤵
  PID:9052
- C:\Windows\System\fSiRyQI.exe
  C:\Windows\System\fSiRyQI.exe
  2⤵
  PID:8380
- C:\Windows\System\bpcHMAa.exe
  C:\Windows\System\bpcHMAa.exe
  2⤵
  PID:8736
- C:\Windows\System\hnlMpJR.exe
  C:\Windows\System\hnlMpJR.exe
  2⤵
  PID:8732
- C:\Windows\System\eKhizGL.exe
  C:\Windows\System\eKhizGL.exe
  2⤵
  PID:8260
- C:\Windows\System\intHTEN.exe
  C:\Windows\System\intHTEN.exe
  2⤵
  PID:8968
- C:\Windows\System\BdxrGAS.exe
  C:\Windows\System\BdxrGAS.exe
  2⤵
  PID:8448
- C:\Windows\System\DFEzOLg.exe
  C:\Windows\System\DFEzOLg.exe
  2⤵
  PID:8332
- C:\Windows\System\HhjneVL.exe
  C:\Windows\System\HhjneVL.exe
  2⤵
  PID:8384
- C:\Windows\System\IvatnCD.exe
  C:\Windows\System\IvatnCD.exe
  2⤵
  PID:8348
- C:\Windows\System\MkzWbGx.exe
  C:\Windows\System\MkzWbGx.exe
  2⤵
  PID:9364
- C:\Windows\System\zYuoacK.exe
  C:\Windows\System\zYuoacK.exe
  2⤵
  PID:9380
- C:\Windows\System\oKHeNqi.exe
  C:\Windows\System\oKHeNqi.exe
  2⤵
  PID:9396
- C:\Windows\System\eFVwSlO.exe
  C:\Windows\System\eFVwSlO.exe
  2⤵
  PID:9412
- C:\Windows\System\mXcOKFG.exe
  C:\Windows\System\mXcOKFG.exe
  2⤵
  PID:9428
- C:\Windows\System\uFvWsyr.exe
  C:\Windows\System\uFvWsyr.exe
  2⤵
  PID:9444
- C:\Windows\System\gUkuVnt.exe
  C:\Windows\System\gUkuVnt.exe
  2⤵
  PID:9464
- C:\Windows\System\lkvWVtU.exe
  C:\Windows\System\lkvWVtU.exe
  2⤵
  PID:9480
- C:\Windows\System\phZLLhV.exe
  C:\Windows\System\phZLLhV.exe
  2⤵
  PID:9496
- C:\Windows\System\CpWXKxi.exe
  C:\Windows\System\CpWXKxi.exe
  2⤵
  PID:9512
- C:\Windows\System\JqlFogR.exe
  C:\Windows\System\JqlFogR.exe
  2⤵
  PID:9528
- C:\Windows\System\eglzgtu.exe
  C:\Windows\System\eglzgtu.exe
  2⤵
  PID:9548
- C:\Windows\System\iXZBvhU.exe
  C:\Windows\System\iXZBvhU.exe
  2⤵
  PID:9564
- C:\Windows\System\QWNpkSl.exe
  C:\Windows\System\QWNpkSl.exe
  2⤵
  PID:9580
- C:\Windows\System\DRLdyBn.exe
  C:\Windows\System\DRLdyBn.exe
  2⤵
  PID:9596
- C:\Windows\System\xeFrxpa.exe
  C:\Windows\System\xeFrxpa.exe
  2⤵
  PID:9612
- C:\Windows\System\IBnpdrT.exe
  C:\Windows\System\IBnpdrT.exe
  2⤵
  PID:9628
- C:\Windows\System\iUyKYIE.exe
  C:\Windows\System\iUyKYIE.exe
  2⤵
  PID:9704
- C:\Windows\System\DibnvUH.exe
  C:\Windows\System\DibnvUH.exe
  2⤵
  PID:9720
- C:\Windows\System\qYJGRoB.exe
  C:\Windows\System\qYJGRoB.exe
  2⤵
  PID:9736
- C:\Windows\System\NuxOvnZ.exe
  C:\Windows\System\NuxOvnZ.exe
  2⤵
  PID:9752
- C:\Windows\System\adkUzgd.exe
  C:\Windows\System\adkUzgd.exe
  2⤵
  PID:9768
- C:\Windows\System\zujEcIC.exe
  C:\Windows\System\zujEcIC.exe
  2⤵
  PID:9784
- C:\Windows\System\nPklwmR.exe
  C:\Windows\System\nPklwmR.exe
  2⤵
  PID:9800
- C:\Windows\System\bJEpFmL.exe
  C:\Windows\System\bJEpFmL.exe
  2⤵
  PID:9824
- C:\Windows\System\CEuAcRk.exe
  C:\Windows\System\CEuAcRk.exe
  2⤵
  PID:9840
- C:\Windows\System\nUlOoxz.exe
  C:\Windows\System\nUlOoxz.exe
  2⤵
  PID:9856
- C:\Windows\System\wafAEbO.exe
  C:\Windows\System\wafAEbO.exe
  2⤵
  PID:9872
- C:\Windows\System\Primmqk.exe
  C:\Windows\System\Primmqk.exe
  2⤵
  PID:9892
- C:\Windows\System\ryfSfYI.exe
  C:\Windows\System\ryfSfYI.exe
  2⤵
  PID:9908
- C:\Windows\System\GZujegb.exe
  C:\Windows\System\GZujegb.exe
  2⤵
  PID:9924
- C:\Windows\System\kwDoYlj.exe
  C:\Windows\System\kwDoYlj.exe
  2⤵
  PID:9940
- C:\Windows\System\EDheOmO.exe
  C:\Windows\System\EDheOmO.exe
  2⤵
  PID:9960
- C:\Windows\System\VXonPhC.exe
  C:\Windows\System\VXonPhC.exe
  2⤵
  PID:9976
- C:\Windows\System\EWAyhWI.exe
  C:\Windows\System\EWAyhWI.exe
  2⤵
  PID:9992
- C:\Windows\System\nUihMGp.exe
  C:\Windows\System\nUihMGp.exe
  2⤵
  PID:10008
- C:\Windows\System\BJxAqbQ.exe
  C:\Windows\System\BJxAqbQ.exe
  2⤵
  PID:10028
- C:\Windows\System\KZKniIB.exe
  C:\Windows\System\KZKniIB.exe
  2⤵
  PID:10044
- C:\Windows\System\LXtGIyO.exe
  C:\Windows\System\LXtGIyO.exe
  2⤵
  PID:10060
- C:\Windows\System\BymkdyU.exe
  C:\Windows\System\BymkdyU.exe
  2⤵
  PID:10080
- C:\Windows\System\iRrnrDZ.exe
  C:\Windows\System\iRrnrDZ.exe
  2⤵
  PID:10096
- C:\Windows\System\XbLgFOw.exe
  C:\Windows\System\XbLgFOw.exe
  2⤵
  PID:10112
- C:\Windows\System\WxXVrBn.exe
  C:\Windows\System\WxXVrBn.exe
  2⤵
  PID:10128
- C:\Windows\System\dymIwLG.exe
  C:\Windows\System\dymIwLG.exe
  2⤵
  PID:10144
- C:\Windows\System\kQXSZmm.exe
  C:\Windows\System\kQXSZmm.exe
  2⤵
  PID:10160
- C:\Windows\System\wjuxKLy.exe
  C:\Windows\System\wjuxKLy.exe
  2⤵
  PID:10180
- C:\Windows\System\OGaOout.exe
  C:\Windows\System\OGaOout.exe
  2⤵
  PID:10196
- C:\Windows\System\ofuFXwx.exe
  C:\Windows\System\ofuFXwx.exe
  2⤵
  PID:10212
- C:\Windows\System\JykUmJj.exe
  C:\Windows\System\JykUmJj.exe
  2⤵
  PID:10228
- C:\Windows\System\apvrRAt.exe
  C:\Windows\System\apvrRAt.exe
  2⤵
  PID:9172
- C:\Windows\System\PQCbgSq.exe
  C:\Windows\System\PQCbgSq.exe
  2⤵
  PID:9220
- C:\Windows\System\iFcmgcg.exe
  C:\Windows\System\iFcmgcg.exe
  2⤵
  PID:9232
- C:\Windows\System\BCgizfg.exe
  C:\Windows\System\BCgizfg.exe
  2⤵
  PID:9248
- C:\Windows\System\bzydkgt.exe
  C:\Windows\System\bzydkgt.exe
  2⤵
  PID:9264
- C:\Windows\System\bVgEVre.exe
  C:\Windows\System\bVgEVre.exe
  2⤵
  PID:9280
- C:\Windows\System\eTWngAN.exe
  C:\Windows\System\eTWngAN.exe
  2⤵
  PID:9296
- C:\Windows\System\IlVnnIt.exe
  C:\Windows\System\IlVnnIt.exe
  2⤵
  PID:9312
- C:\Windows\System\kpULYsm.exe
  C:\Windows\System\kpULYsm.exe
  2⤵
  PID:9328
- C:\Windows\System\vfsFBGE.exe
  C:\Windows\System\vfsFBGE.exe
  2⤵
  PID:9340
- C:\Windows\System\zRTkzDI.exe
  C:\Windows\System\zRTkzDI.exe
  2⤵
  PID:9360
- C:\Windows\System\QGnEJNl.exe
  C:\Windows\System\QGnEJNl.exe
  2⤵
  PID:9572
- C:\Windows\System\tUgcsSY.exe
  C:\Windows\System\tUgcsSY.exe
  2⤵
  PID:9520
- C:\Windows\System\FMSeJgl.exe
  C:\Windows\System\FMSeJgl.exe
  2⤵
  PID:9604
- C:\Windows\System\HrPttuJ.exe
  C:\Windows\System\HrPttuJ.exe
  2⤵
  PID:9592
- C:\Windows\System\UlrMvoX.exe
  C:\Windows\System\UlrMvoX.exe
  2⤵
  PID:9644
- C:\Windows\System\wnZqkwW.exe
  C:\Windows\System\wnZqkwW.exe
  2⤵
  PID:9652
- C:\Windows\System\wLVvvnh.exe
  C:\Windows\System\wLVvvnh.exe
  2⤵
  PID:9680
- C:\Windows\System\qfCYuXf.exe
  C:\Windows\System\qfCYuXf.exe
  2⤵
  PID:9696
- C:\Windows\System\SKKggso.exe
  C:\Windows\System\SKKggso.exe
  2⤵
  PID:9732
- C:\Windows\System\xGMoKDI.exe
  C:\Windows\System\xGMoKDI.exe
  2⤵
  PID:9760
- C:\Windows\System\AHnafOz.exe
  C:\Windows\System\AHnafOz.exe
  2⤵
  PID:9836
- C:\Windows\System\wjvfNtW.exe
  C:\Windows\System\wjvfNtW.exe
  2⤵
  PID:9904
- C:\Windows\System\OjqAeQQ.exe
  C:\Windows\System\OjqAeQQ.exe
  2⤵
  PID:10040
- C:\Windows\System\qMaCBdv.exe
  C:\Windows\System\qMaCBdv.exe
  2⤵
  PID:9972
- C:\Windows\System\gTzxcxw.exe
  C:\Windows\System\gTzxcxw.exe
  2⤵
  PID:10136
- C:\Windows\System\hCMLkAi.exe
  C:\Windows\System\hCMLkAi.exe
  2⤵
  PID:10176
- C:\Windows\System\USudYZs.exe
  C:\Windows\System\USudYZs.exe
  2⤵
  PID:10236
- C:\Windows\System\gVjCPFK.exe
  C:\Windows\System\gVjCPFK.exe
  2⤵
  PID:9324
- C:\Windows\System\nMQwBeV.exe
  C:\Windows\System\nMQwBeV.exe
  2⤵
  PID:9820
- C:\Windows\System\xsxTIYk.exe
  C:\Windows\System\xsxTIYk.exe
  2⤵
  PID:10224
- C:\Windows\System\koLTHXk.exe
  C:\Windows\System\koLTHXk.exe
  2⤵
  PID:9816
- C:\Windows\System\FxnxXfR.exe
  C:\Windows\System\FxnxXfR.exe
  2⤵
  PID:9948
- C:\Windows\System\MKqNcwm.exe
  C:\Windows\System\MKqNcwm.exe
  2⤵
  PID:10016
- C:\Windows\System\fXjAghy.exe
  C:\Windows\System\fXjAghy.exe
  2⤵
  PID:10056
- C:\Windows\System\nfpRSRw.exe
  C:\Windows\System\nfpRSRw.exe
  2⤵
  PID:9404
- C:\Windows\System\Mftrznh.exe
  C:\Windows\System\Mftrznh.exe
  2⤵
  PID:10220
- C:\Windows\System\NnYqfis.exe
  C:\Windows\System\NnYqfis.exe
  2⤵
  PID:9332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CTGLEcy.exe

Filesize
1.8MB

MD5
5017474fa4c150841ad4a78d3a7058f3

SHA1
8dd1135dfc63c2ab1d5935d0c809302032ff501e

SHA256
7b01d3606dde0cd155fb59ecc9a77b485453a18a6f72d479952477b154ab3c31

SHA512
433fabedd8d7ec0666770154007138e180ac7e4d9e86dd1df45b2e3c38cc53fd050500180dd98a5c0b54f29a79ade583847256f0746cc53568614f53cb55dd79

Download Submit
C:\Windows\system\DhyVUFr.exe

Filesize
1.8MB

MD5
b177841f4b48113746962cedab771364

SHA1
dd7093746643ca204594eaa95d07117185014536

SHA256
13d81ce52cf8a1fefbb83937f077f7b782ac7ace9a1bb42c7186cc84de482bbc

SHA512
5b3088ead8591060e2de12d9f3af0371577e236bb1cff8fb9c7ed7033e101a3a1132284de9eca905c7f1ceadaaf9275129812ee411a3b6574efb053dd591e00f

Download Submit
C:\Windows\system\FTqTbzP.exe

Filesize
1.8MB

MD5
5ed72aa1d9a2cda84f3de7be02f7b4ef

SHA1
cf163b9a7531b67917b327725afeec37f474e91d

SHA256
59f0ab06c17b69d3d0b80b5e5973d7d06b9dbeb927bfb8fbc5bf4154c4418e45

SHA512
b45ac961b1c8af96f311b65b38581c75c07f5b346ef7d7dcc0cf41a75e31f400a55e173a3f72d3b092cb51a1bf9a1e122f8607648272d84dd341b8c49a240fa5

Download Submit
C:\Windows\system\HomQLSH.exe

Filesize
1.8MB

MD5
42f7e69ccca0a1363479cc201fe1b8e2

SHA1
10fd7b3de6fd5377660f8e011bdd35f1b5ebf0e0

SHA256
e4272cf240fff973b3dec5af07f206528be5f55762e228d4d9ae01d0b8ec9d0b

SHA512
256ad3884b947a2941ae505489cc0ccf5d03fea57aa9535265b0318932a9f711171f53871c1b72b56cb1f9ebc264bfbfd354252f88ea502eb539f4758d4c7b75

Download Submit
C:\Windows\system\JRLKLAE.exe

Filesize
1.8MB

MD5
03f7abc02127bef3143039db7e3e1f15

SHA1
cb12340b25bec47637a8ca8122e5bc61b559d8db

SHA256
3a0768f8ca3ab606e0a1cd6ae5dff2a79b568d37677259c0599cdaa12ed765eb

SHA512
7397e1239916f2eafd7dde19a326c3ea6deea6cbc45aa3fb2bdda5f475ba02cd07cbf94175cd98a5c68aede45ce4c6981d656a3db173dd2b1b4b35c65a8e33d4

Download Submit
C:\Windows\system\KSGkHFg.exe

Filesize
1.8MB

MD5
8a8e849447d8cea94e99f0e18063e227

SHA1
e0479ed38f556e11adad4dc0e8efcea43e5e379b

SHA256
c01cca6d3f51b7c513f41dfda37e01ba399d16f8a4452ed68a3e853e47444b08

SHA512
eabaab972829a3005dd0225e7ee6fbe9e424d9f4a4d24efa207acb25458c95db303877addc4b715ff8def1e667b59b3e07526adf2c9f7ff7b4cc6063da94fd42

Download Submit
C:\Windows\system\KTAGCBd.exe

Filesize
1.8MB

MD5
82674879ce8fdf3c364caf081f8da75b

SHA1
818e51fc05a1419755fee3f11e310be2770281fe

SHA256
ee1669311fbbb7c675f5ea081c14245f89e87018192a897c363b1100633a66ba

SHA512
19ab871a4fc96f12569eb4596b88558063ea4b461034b46c4127a66b9d2322022018066c9075a33c46077f68361c0a7aea9cdda11a85f30be2aa6b09408c3856

Download Submit
C:\Windows\system\KcwdzwK.exe

Filesize
1.8MB

MD5
ebec25045d7297e8ce5de6f17cf236a0

SHA1
670e6f25c6d14f3a6f38ba27673e873ebff94d5e

SHA256
566133bcc4df4e17b7049cee4a84ed96fb4aeb2aacb3c175aa3dcfa635bdfc20

SHA512
8d5440f7c384edffa2afaa60b1b013263ee68fc0dc58cd5fbcdd2e9467bcee0dedae65dcf885e0744c9c389effda365fb8a947158c8afb0f4503c231043cceed

Download Submit
C:\Windows\system\OlvYjFu.exe

Filesize
1.8MB

MD5
2fe281a30801d4f1f74e5107fe426c1b

SHA1
4ed8c01fc6ae63666c46891f58b077d3f3090fc0

SHA256
cb064003bf23df3978a1723657d4f733059a5cd12cbaebc8b1b5b33018db130b

SHA512
b6c838ac29e886f7dd7f7c815f4860413ea23bae4bd2752edab4ea2857ebd75690736ca2df59e8a4b323d0ba8566675bb118646002e66f455c2a3ff59341d110

Download Submit
C:\Windows\system\QgZXjDe.exe

Filesize
1.8MB

MD5
29c8f9084369bb5d5f0106517b79c4b6

SHA1
6423b5ac464981d6c82ad9268a82b37b16ff2a55

SHA256
7c9a1a1a52bdfb202ae0595ab969eb1173c25a07c03bbd5d1cc1e35e61d2ca62

SHA512
4d447fdf01c743d24495c5ff753e94f5483ddb2455b0e9a36a6acfa3fb79634020d039cb6991aa03149555885c3f56efd9f20c3977d856931765ab635436ed94

Download Submit
C:\Windows\system\XJrUWda.exe

Filesize
1.8MB

MD5
0de0f8a88ebcd76dc91759e9ef2ef560

SHA1
aa54b63a64574bec7519948bb7b9c84326542fd4

SHA256
b12c4669a49d76dddf672350163567534baaaaf4258f99e55c8a9cc628792323

SHA512
2d44eb51e8d4fa84adad9c877a5a2119cd6877bd33243440f87e8d09449766fab98df1a4680d78f62a86a3d40f986637bee4d82b6ce7611b7d45fa5104948db6

Download Submit
C:\Windows\system\arWsVdn.exe

Filesize
1.8MB

MD5
4de3f99087b2b120b1af0fe5ffa5a409

SHA1
5a348f45e211ba65839961ead7d31e2ef279586c

SHA256
838f37621f84a51b6443056647f6f3772cfc77b33e2b2e413f3da374bd84ac4b

SHA512
dc992181b3c39dd62480b1eefb5dd67139a8d5cfcfecf39683364501c44da04992b5b203307c18fa773bdfea1f59715c262e5759940c86d0e6363754629033b0

Download Submit
C:\Windows\system\oveyrtU.exe

Filesize
1.8MB

MD5
7fb9e0b643a35201aee9e735b4d3f3c3

SHA1
1f6becfa0dd4980f16585943bd070d1ea6a11bcf

SHA256
c5e0809d4e10100ccdd0037df4ee07df2d7945429d1defe717cc1f10f63a2490

SHA512
3c8bdabfa1673e2acb1205edf5c11305f90776c9db176399d5503559c2693a0c04aab98c1dd87e95498bda9304f0605b39e9eb8a90657d52c2013683e90a9c58

Download Submit
C:\Windows\system\pCQQiOn.exe

Filesize
1.8MB

MD5
fe430b77f8055bb6dd0f02aee38dc7a5

SHA1
9edeeaef6fd033845a53441289ee1d78eaa81843

SHA256
0cac83ae479bc0878c71e34c9cf4648822e639f15bd19a393f0eb822a5bdb410

SHA512
24cde62e423091a028ddfee72139d977f8ccbecb6baaae0d78853c0322c0770c2e5103cf48addc3fc15eaab476cb73fc6e21298b96935916d9dfb8ac4847df65

Download Submit
C:\Windows\system\qPdoDEX.exe

Filesize
1.8MB

MD5
141a15ea48a9d1d5d37b6738786892b7

SHA1
28fad2e6bdb3047fa510367f5171d7909d04c002

SHA256
96a8b63227a163491a5e25dec53bb92b060e6abe40d5283b72e8c58a914d94f2

SHA512
16aafbd4de13e86f8b72edcc4ff4d1e7390069104822adc8a608af04d8d94f8d53a916f58cfc11971915c6d0f566a33abfd3858db7cd9c5142582907c85b2d3e

Download Submit
C:\Windows\system\qvGxwog.exe

Filesize
1.8MB

MD5
5d45559d0d10e9f549c0f42c3c77cb3e

SHA1
97096c10e563495b34c6c5c457e2867c924b0e8e

SHA256
0dae83a34916cd235e671956303b4b34b0aae822e0a96c947959f26fea8af307

SHA512
5a8549263302d1a679c13ff218a69b2eaa7801ba50a70df4f059d39d5e24ec3e89bab86fa814aad421c3d3c4be05da836636fdbf08c8bea1df7ade140afa6e2f

Download Submit
C:\Windows\system\trMYrHW.exe

Filesize
1.8MB

MD5
3ee2aa156381ec4b865339f59d578ddc

SHA1
328645c18cb36cb51799d0f8e44339958178ac24

SHA256
74ed9e3bbf66f4ead60be3a8acd64f3c2d9fb079acd5c0e4ede7a91897283fe5

SHA512
30b9d1fd272a0755147924941be66fcf4af54ed92419e2696faadfb57277d1f033312b0ed987bec5c93f10d9059d1e1eda7a48053c35d540d3793984b79b0c97

Download Submit
C:\Windows\system\uAJkKOp.exe

Filesize
1.8MB

MD5
606dfe9471ccc8bf6ed76bd85e7b219a

SHA1
bb4f137f08c2c8ac88f50ac8a902f09ccff4fc16

SHA256
16d14cbf9b7eb276f519c25269f14b60b5e21ee37dc1bf29937f775d4da56668

SHA512
c41463e9db5de2b27ec6bd93ed952895447645ae7dd9d0b061f0466e7bba0011ed75c711d17db3976d5cac2c2cdab8fc4e4d507fe4a149e72d46588fff5fd71d

Download Submit
C:\Windows\system\vQXIFwp.exe

Filesize
1.8MB

MD5
71501d90800cf662b1fc099a11ebf20a

SHA1
08cdcc557825c1edbd75901b4ebdfc389f9376e4

SHA256
ea978e07c9c7e9ccff34d0751885e4651f9dda655f600dcd2ca5f92ff13b67ac

SHA512
abbe96c496f8a2c62a3c0ff92c4d70efb711783d6ddb97b9cffdf58e58de9da8c73c599d732f382b400e6f492b043dc3842f47f00a9a679cc51ed11f85303a6a

Download Submit
C:\Windows\system\wlatmtq.exe

Filesize
1.8MB

MD5
5245969c87ef7ed5d4d64a64cd590045

SHA1
3175ba911a4a34a1b63ceafe76feedf6c44fc19f

SHA256
9e67683fd9a08c3561855ac6e619036a3aef13ec8a6e652bdc2791f149902e78

SHA512
e2f2dee8a26766735cd2fd06cb219ca08026285eb45df104e05cc7ded308ed2809b5dcf3d1a686cae86d3f9777888b8a39d8a1b2d61083d9cbc8b42b0532ad0e

Download Submit
\Windows\system\BQVLHzK.exe

Filesize
1.8MB

MD5
78458489a8dbf5541cc06bdd89586200

SHA1
311c41f77d0103d049fd09e605d353ce99775d37

SHA256
0a663e5b5258636d83e35c28d7bbdc3287578fd37d1989f3ba67218aa246636e

SHA512
9e38c81bc009f4c013f4792cf85ced90bf2cfbdd6f960c53cf916a469b472fd9e7d77039d591b263759edc2f693c21764edd6bea6a032aeb692a2bd7bde49ed2

Download Submit
\Windows\system\CflIVho.exe

Filesize
1.8MB

MD5
2f5b9de82f9fe594518150c50843d3ea

SHA1
c1debc26f335f0f872e7c01beee2f9f2569cbadd

SHA256
8cf3fe037e4659a71e5ba29b710c0022b069e1964364ce76860939812f8cf3b6

SHA512
7771e2b21cce59e3b594af788707208ac5f080b7885961de2384413a129b581d850f25b400056b4769eac777ab30182d7ddec635e92785bfc6100900e0d1e88f

Download Submit
\Windows\system\OUJtzBW.exe

Filesize
1.8MB

MD5
dc0ef6029d4c4d5942f1d47beb93db54

SHA1
4a4946dd683334a22b1cd59618855ac1ceada3c5

SHA256
6cc6288b6bfaad10d2b0300a676d36bc1cae374d12ce9310f239cdc942ae4d6a

SHA512
26e949761ecb9673a1d9bfbbeb2797e7b6301d4f0378f2a54054cbf07b5f6d2a4799e1191538d0ae52fb9bf0e1a29a6912fca42d7d2fef006011e3de7172a3a9

Download Submit
\Windows\system\OWrAxce.exe

Filesize
1.8MB

MD5
aacb7af15f5bc4a0691785d3ab0f4d8e

SHA1
ba0a366a4ed97b30cd36af43770ac8019ab8ec2a

SHA256
489e70b0a2e1cc2c360d70c2024a396fefe7736eac24b0eeee22457ba72f52a6

SHA512
051a1afa00a8161c083c5fc9063830141890ade3f6668d04e6d53e27c5659c320821b1322e64e0caebcf8afa254f36376d2a14b7b8b2a90166e4ea94dae986f1

Download Submit
\Windows\system\OzDrIwk.exe

Filesize
1.8MB

MD5
4fd5ac8380e65b497a3c1950e128c5ed

SHA1
cfa92037abd49e932d43069e7933614c3f82d76e

SHA256
0a9fc1d410cc45bc604f8eb4ac1e75be320deb263b553a1a0aa290dbf1e5a7bd

SHA512
8522214cb33e69c76c96ea5de19a761d27a88ead234b8180c82d38ef37b2551139548920fee4d0e5e62711944ccffad1d3c549443814f8e903b253612d527cce

Download Submit
\Windows\system\PmXOaoS.exe

Filesize
1.8MB

MD5
1b3e35fa63f2d554a834867375adccb2

SHA1
8c40caba97d248c619083176e6564760d2c7684e

SHA256
83822d6afc86f22150407b005fa4fe7bf249f0c3749752be4cd99f40fa0cdfce

SHA512
a5ed8773bf746646048ea838cff19b7f153d65984f7317724fbec754d91424e5ee3359b2d92ac4698ee71c9b1456b276a37137392f2b0c65d8ef8179f8e8d086

Download Submit
\Windows\system\RyfCQZR.exe

Filesize
1.8MB

MD5
bb028f2272a6a0af0fe5e49ad017f580

SHA1
0ed0562df528491acf8f3add0fd1e91ea4532971

SHA256
49872e8b1f2ecb2224e864e2854d9ae476fe9f2cf87ddc77c5890f068b527e9d

SHA512
46117f151534156430c262b26d2e966ed7b181890b599668fc3401e34926015580f3edf0015fd91d39e48a8843e93032bbc3f71115cdc0ac3f98c320dad858b9

Download Submit
\Windows\system\WEaJtEb.exe

Filesize
1.8MB

MD5
272ab585402695b07e12d69c6daae647

SHA1
a60ca65b652684407ceee24e1d099f5554cb8045

SHA256
bddfa1ea17fc7d0813cac40a2bce1c21a33113d830858702afebd18287109617

SHA512
7a39a8afe3b40d92d9f05d90df58135af73c0b8866f084cbd0d374ce4ca11070c661addaf9761d3c4550bcc2b0610d1e59126cc2f3cf467ff91719a5580cfebd

Download Submit
\Windows\system\WZnjNuu.exe

Filesize
1.8MB

MD5
9093c26fe683525c720490d554a79f27

SHA1
ab7d5ce82b87a929bbdcc3d7ea734ac8025258f5

SHA256
54a03230d80b9cb6d116f93a44c54054d2c1e208940291ba19610b8c469c1503

SHA512
38f218739d06f3951611ec72ce3b8dd734c74a852bd53476ca0138bcf3ba85faea8237a89c28a6b7e3fe27d74eb2219cf94a47cd61b940233edeaa01ecd75f24

Download Submit
\Windows\system\ZOwwAVj.exe

Filesize
1.8MB

MD5
bb6e9e798834d66bd4e1ff3204830510

SHA1
edf9a3c83484d91e65205e4b1210dc5af7cc4068

SHA256
a8972abc564d24a6f6e2304ccc276a3493a175b59b8e7faecb9d41f78de38f0a

SHA512
ef923381fb01b8a8f61a2d992107abcbc389fe5123f9f440ef648f1635276b504d88523da48cd45add15607d8c2ae12d25700378a28f54358b4460ac50245847

Download Submit
\Windows\system\dXxqBKO.exe

Filesize
1.8MB

MD5
108f55fb4b3e9a0120b093aaecc80410

SHA1
c1cc75f97d578571d0ba3dd8daeb5a63520e12ed

SHA256
6f6db339a71e481e5214c27785c36e0a8185da4dd86d52a4632ef55be7852bdd

SHA512
0d400fc2a1dbfc8cf780c512a9335178914ebf1fa1a5e4903b78a118bd04ef8a7dcf9e5a333d00f04fe591b2192376bbfdb3b9b27ce02c1581fe9ebf9d496434

Download Submit
\Windows\system\fOFeXmm.exe

Filesize
1.8MB

MD5
ce7ce59a20bb67a6bce1e54d553671be

SHA1
89f29d145636610b3fded2da391c1b1594785126

SHA256
b6727267537a13ff8cb817383482c75181bc32309f117df3ec9dc9c94600f1f3

SHA512
552a3d1fbf63ca89893e34633dfddcfc53a1ca42abe4d384e998306229fb740f02751b5398955870ed35d3d63eb70e6274e13ceee43c3d6aa64853c6708ebfd6

Download Submit
\Windows\system\mjxrvVE.exe

Filesize
1.8MB

MD5
9b5ca2609d1721765773674818fc132d

SHA1
a50573dd4f23b2c650f54e990fd9983c7cda0349

SHA256
81955cb6a9c06580be237e1fea5d4c30ee9c7be13f106bc58c84833d43744ddc

SHA512
8753f07e83ab2f8307fe71fe3622db235f9688d275923546daabf2dd0785a26e8c2803c6d40afbe9b4bce2ef63c009b8324b4e92f5161a334f0801dbf0bae320

Download Submit
\Windows\system\qhcLaiI.exe

Filesize
1.8MB

MD5
cc9bb836af5dce2f3fba7e69408f0772

SHA1
26baf65b089e186a4c8ca1e97af164e0684913f6

SHA256
ddf62aee0af7b91de4821ee7e9c8f84d8a89676ea5cc61e762db5ca74faa7510

SHA512
64ecb3d7ddac9537db6932fedd57ab007dec038e5ce40d0534b4f2ee4ce73549beb8f80d520e4752b62221bdc085ee4744710781b5d30aff32dd05d7404e3213

Download Submit
\Windows\system\tWgJtcY.exe

Filesize
1.8MB

MD5
c544dce5a78d593ceb5f25687554b643

SHA1
d4b761c3d2eb5dede777f345a00562651f9246dd

SHA256
e49e9933173bbf7248193c95f60fa20efc4f3d622eba2d1b421d967562a2fbf0

SHA512
4124c05ac8949fa2b5331116e64cec2dfda0d0acbf4d14a25f44be25484560d54052204d3e8e99059b3c4eb8b17fd094601c30e41b753702b52f8d30d1ed28de

Download Submit
\Windows\system\vKgjnIA.exe

Filesize
1.8MB

MD5
51c643ff480e462505ba4e06d634a90e

SHA1
68c45bc83ffed6032c91dbf9c3c016c67bd896fb

SHA256
c581a1c766d6a56e521ca73f89e17cb77d21c4999d97fb86709cdee574b6bf96

SHA512
bd8f73cf898563a0a86f8e7c463ed6e2a956b2e3545a5fc4bf5943428cd3b9559fd0abd6a914699d44edb3d31c9dd2dbb51fe29c58e902765f8ade7e99a585b8

Download Submit
memory/1352-4805-0x000000013F410000-0x000000013F802000-memory.dmp

Filesize
3.9MB

Download
memory/1352-97-0x000000013F410000-0x000000013F802000-memory.dmp

Filesize
3.9MB

Download
memory/2304-98-0x000000013FC80000-0x0000000140072000-memory.dmp

Filesize
3.9MB

Download
memory/2412-102-0x000000013F520000-0x000000013F912000-memory.dmp

Filesize
3.9MB

Download
memory/2412-4659-0x000000013F520000-0x000000013F912000-memory.dmp

Filesize
3.9MB

Download
memory/2424-88-0x000000013F160000-0x000000013F552000-memory.dmp

Filesize
3.9MB

Download
memory/2424-4586-0x000000013F160000-0x000000013F552000-memory.dmp

Filesize
3.9MB

Download
memory/2452-70-0x000000013F450000-0x000000013F842000-memory.dmp

Filesize
3.9MB

Download
memory/2460-4647-0x000000013F1F0000-0x000000013F5E2000-memory.dmp

Filesize
3.9MB

Download
memory/2460-62-0x000000013F1F0000-0x000000013F5E2000-memory.dmp

Filesize
3.9MB

Download
memory/2496-90-0x000000013F290000-0x000000013F682000-memory.dmp

Filesize
3.9MB

Download
memory/2496-4646-0x000000013F290000-0x000000013F682000-memory.dmp

Filesize
3.9MB

Download
memory/2564-4533-0x000000013F030000-0x000000013F422000-memory.dmp

Filesize
3.9MB

Download
memory/2564-13-0x000000013F030000-0x000000013F422000-memory.dmp

Filesize
3.9MB

Download
memory/2588-73-0x000000013F4A0000-0x000000013F892000-memory.dmp

Filesize
3.9MB

Download
memory/2588-4534-0x000000013F4A0000-0x000000013F892000-memory.dmp

Filesize
3.9MB

Download
memory/2636-57-0x000007FEF5F20000-0x000007FEF68BD000-memory.dmp

Filesize
9.6MB

Download
memory/2636-15-0x000007FEF61DE000-0x000007FEF61DF000-memory.dmp

Filesize
4KB

Download
memory/2636-14-0x0000000002BB0000-0x0000000002C30000-memory.dmp

Filesize
512KB

Download
memory/2636-37-0x00000000022C0000-0x00000000022C8000-memory.dmp

Filesize
32KB

Download
memory/2636-34-0x000000001B6F0000-0x000000001B9D2000-memory.dmp

Filesize
2.9MB

Download
memory/2636-47-0x000007FEF5F20000-0x000007FEF68BD000-memory.dmp

Filesize
9.6MB

Download
memory/2636-76-0x000007FEF5F20000-0x000007FEF68BD000-memory.dmp

Filesize
9.6MB

Download
memory/2636-86-0x000007FEF5F20000-0x000007FEF68BD000-memory.dmp

Filesize
9.6MB

Download
memory/2732-59-0x000000013F180000-0x000000013F572000-memory.dmp

Filesize
3.9MB

Download
memory/2732-4808-0x000000013F180000-0x000000013F572000-memory.dmp

Filesize
3.9MB

Download
memory/2864-94-0x000000013F5B0000-0x000000013F9A2000-memory.dmp

Filesize
3.9MB

Download
memory/3048-92-0x000000013F7E0000-0x000000013FBD2000-memory.dmp

Filesize
3.9MB

Download
memory/3048-4571-0x000000013F7E0000-0x000000013FBD2000-memory.dmp

Filesize
3.9MB

Download
memory/3056-100-0x0000000003590000-0x0000000003982000-memory.dmp

Filesize
3.9MB

Download
memory/3056-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/3056-78-0x0000000003590000-0x0000000003982000-memory.dmp

Filesize
3.9MB

Download
memory/3056-89-0x0000000003590000-0x0000000003982000-memory.dmp

Filesize
3.9MB

Download
memory/3056-67-0x0000000003590000-0x0000000003982000-memory.dmp

Filesize
3.9MB

Download
memory/3056-2641-0x000000013F550000-0x000000013F942000-memory.dmp

Filesize
3.9MB

Download
memory/3056-4393-0x0000000003590000-0x0000000003982000-memory.dmp

Filesize
3.9MB

Download
memory/3056-99-0x0000000003590000-0x0000000003982000-memory.dmp

Filesize
3.9MB

Download
memory/3056-103-0x000000013FC80000-0x0000000140072000-memory.dmp

Filesize
3.9MB

Download
memory/3056-12-0x000000013F030000-0x000000013F422000-memory.dmp

Filesize
3.9MB

Download
memory/3056-60-0x0000000003590000-0x0000000003982000-memory.dmp

Filesize
3.9MB

Download
memory/3056-0-0x000000013F550000-0x000000013F942000-memory.dmp

Filesize
3.9MB

Download
memory/3056-72-0x0000000003590000-0x0000000003982000-memory.dmp

Filesize
3.9MB

Download
memory/3056-101-0x0000000003590000-0x0000000003982000-memory.dmp

Filesize
3.9MB

Download
memory/3056-96-0x0000000003590000-0x0000000003982000-memory.dmp

Filesize
3.9MB

Download
memory/3056-93-0x0000000003590000-0x0000000003982000-memory.dmp

Filesize
3.9MB

Download
memory/3056-7360-0x0000000003590000-0x0000000003982000-memory.dmp

Filesize
3.9MB

Download
memory/3056-8213-0x0000000003590000-0x0000000003982000-memory.dmp

Filesize
3.9MB

Download
memory/3056-10362-0x0000000003590000-0x0000000003982000-memory.dmp

Filesize
3.9MB

Download
memory/3056-10555-0x0000000003590000-0x0000000003982000-memory.dmp

Filesize
3.9MB

Download
memory/3056-10697-0x0000000003590000-0x0000000003982000-memory.dmp

Filesize
3.9MB

Download