xmrig | 907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab

Analysis

max time kernel
150s
max time network
148s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
10-06-2024 14:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
Size

1.6MB
MD5

72b75b43506e9cd665e4939b42c22a42
SHA1

10c0ac496629baefc911623bcfe3091e5c8d28ea
SHA256

907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab
SHA512

e42761f1e036c04222c2c2fac20d31fde3d4c4d0fdc3b843e93c1a25e1630614c1cb2427a5d89ac3cf727a8ca42ae7a33ff8744252466d9d75c086ebe78dd552
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjFkTVnfuDPFFWqreoY58SiAO+9rUGD4:Lz071uv4BPMkHC0IEFToChvLq

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 20 IoCs

resource	yara_rule
behavioral1/memory/2720-94-0x000000013F920000-0x000000013FD12000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2560-173-0x000000013FAE0000-0x000000013FED2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2676-112-0x000000013F880000-0x000000013FC72000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2580-135-0x000000013F130000-0x000000013F522000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2788-127-0x000000013FF10000-0x0000000140302000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2916-109-0x000000013F5B0000-0x000000013F9A2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2672-101-0x000000013F360000-0x000000013F752000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2668-99-0x000000013F3A0000-0x000000013F792000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2524-120-0x000000013F500000-0x000000013F8F2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1268-17-0x000000013FDF0000-0x00000001401E2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1268-5569-0x000000013FDF0000-0x00000001401E2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2524-5575-0x000000013F500000-0x000000013F8F2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2676-6087-0x000000013F880000-0x000000013FC72000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2720-6106-0x000000013F920000-0x000000013FD12000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2672-6254-0x000000013F360000-0x000000013F752000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2916-6694-0x000000013F5B0000-0x000000013F9A2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2580-6702-0x000000013F130000-0x000000013F522000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2376-7054-0x000000013F910000-0x000000013FD02000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2788-7092-0x000000013FF10000-0x0000000140302000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2668-6707-0x000000013F3A0000-0x000000013F792000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 60 IoCs

resource	yara_rule
behavioral1/memory/1648-0-0x000000013F5E0000-0x000000013F9D2000-memory.dmp	UPX
behavioral1/files/0x000c00000001227e-3.dat	UPX
behavioral1/files/0x0038000000014f41-8.dat	UPX
behavioral1/memory/2376-19-0x000000013F910000-0x000000013FD02000-memory.dmp	UPX
behavioral1/files/0x000800000001552d-11.dat	UPX
behavioral1/files/0x0008000000015682-34.dat	UPX
behavioral1/files/0x0008000000015c93-46.dat	UPX
behavioral1/files/0x0007000000015c6f-36.dat	UPX
behavioral1/files/0x0007000000004e76-30.dat	UPX
behavioral1/files/0x0006000000015f05-64.dat	UPX
behavioral1/files/0x0006000000015ff4-71.dat	UPX
behavioral1/files/0x0006000000016255-78.dat	UPX
behavioral1/files/0x00060000000164a9-85.dat	UPX
behavioral1/files/0x0006000000016310-80.dat	UPX
behavioral1/files/0x0006000000016103-73.dat	UPX
behavioral1/files/0x00060000000165a8-87.dat	UPX
behavioral1/files/0x000600000001663f-113.dat	UPX
behavioral1/memory/2720-94-0x000000013F920000-0x000000013FD12000-memory.dmp	UPX
behavioral1/memory/2560-173-0x000000013FAE0000-0x000000013FED2000-memory.dmp	UPX
behavioral1/files/0x0006000000016dda-186.dat	UPX
behavioral1/files/0x0006000000016d69-180.dat	UPX
behavioral1/files/0x0006000000016d61-171.dat	UPX
behavioral1/files/0x0006000000016d34-166.dat	UPX
behavioral1/files/0x0006000000016dde-189.dat	UPX
behavioral1/memory/2676-112-0x000000013F880000-0x000000013FC72000-memory.dmp	UPX
behavioral1/files/0x0006000000016ce7-145.dat	UPX
behavioral1/files/0x0006000000016c7a-139.dat	UPX
behavioral1/memory/2580-135-0x000000013F130000-0x000000013F522000-memory.dmp	UPX
behavioral1/files/0x0006000000016d71-183.dat	UPX
behavioral1/files/0x0006000000016d45-178.dat	UPX
behavioral1/files/0x0006000000016d65-175.dat	UPX
behavioral1/files/0x0006000000016d4e-168.dat	UPX
behavioral1/files/0x0006000000016d1b-163.dat	UPX
behavioral1/files/0x0006000000016cc3-162.dat	UPX
behavioral1/files/0x0006000000016c71-161.dat	UPX
behavioral1/files/0x0006000000016d3d-158.dat	UPX
behavioral1/files/0x0006000000016d2c-151.dat	UPX
behavioral1/files/0x0006000000016abb-134.dat	UPX
behavioral1/files/0x0006000000016c56-131.dat	UPX
behavioral1/memory/2788-127-0x000000013FF10000-0x0000000140302000-memory.dmp	UPX
behavioral1/files/0x000600000001686d-124.dat	UPX
behavioral1/memory/2916-109-0x000000013F5B0000-0x000000013F9A2000-memory.dmp	UPX
behavioral1/files/0x0006000000015f71-103.dat	UPX
behavioral1/memory/2672-101-0x000000013F360000-0x000000013F752000-memory.dmp	UPX
behavioral1/memory/2668-99-0x000000013F3A0000-0x000000013F792000-memory.dmp	UPX
behavioral1/memory/2524-120-0x000000013F500000-0x000000013F8F2000-memory.dmp	UPX
behavioral1/files/0x0007000000015d77-47.dat	UPX
behavioral1/files/0x0006000000015e5b-61.dat	UPX
behavioral1/files/0x0006000000015d7f-53.dat	UPX
behavioral1/memory/1268-17-0x000000013FDF0000-0x00000001401E2000-memory.dmp	UPX
behavioral1/memory/1268-5569-0x000000013FDF0000-0x00000001401E2000-memory.dmp	UPX
behavioral1/memory/2524-5575-0x000000013F500000-0x000000013F8F2000-memory.dmp	UPX
behavioral1/memory/2676-6087-0x000000013F880000-0x000000013FC72000-memory.dmp	UPX
behavioral1/memory/2720-6106-0x000000013F920000-0x000000013FD12000-memory.dmp	UPX
behavioral1/memory/2672-6254-0x000000013F360000-0x000000013F752000-memory.dmp	UPX
behavioral1/memory/2916-6694-0x000000013F5B0000-0x000000013F9A2000-memory.dmp	UPX
behavioral1/memory/2580-6702-0x000000013F130000-0x000000013F522000-memory.dmp	UPX
behavioral1/memory/2376-7054-0x000000013F910000-0x000000013FD02000-memory.dmp	UPX
behavioral1/memory/2788-7092-0x000000013FF10000-0x0000000140302000-memory.dmp	UPX
behavioral1/memory/2668-6707-0x000000013F3A0000-0x000000013F792000-memory.dmp	UPX

XMRig Miner payload 20 IoCs

miner

resource	yara_rule
behavioral1/memory/2720-94-0x000000013F920000-0x000000013FD12000-memory.dmp	xmrig
behavioral1/memory/2560-173-0x000000013FAE0000-0x000000013FED2000-memory.dmp	xmrig
behavioral1/memory/2676-112-0x000000013F880000-0x000000013FC72000-memory.dmp	xmrig
behavioral1/memory/2580-135-0x000000013F130000-0x000000013F522000-memory.dmp	xmrig
behavioral1/memory/2788-127-0x000000013FF10000-0x0000000140302000-memory.dmp	xmrig
behavioral1/memory/2916-109-0x000000013F5B0000-0x000000013F9A2000-memory.dmp	xmrig
behavioral1/memory/2672-101-0x000000013F360000-0x000000013F752000-memory.dmp	xmrig
behavioral1/memory/2668-99-0x000000013F3A0000-0x000000013F792000-memory.dmp	xmrig
behavioral1/memory/2524-120-0x000000013F500000-0x000000013F8F2000-memory.dmp	xmrig
behavioral1/memory/1268-17-0x000000013FDF0000-0x00000001401E2000-memory.dmp	xmrig
behavioral1/memory/1268-5569-0x000000013FDF0000-0x00000001401E2000-memory.dmp	xmrig
behavioral1/memory/2524-5575-0x000000013F500000-0x000000013F8F2000-memory.dmp	xmrig
behavioral1/memory/2676-6087-0x000000013F880000-0x000000013FC72000-memory.dmp	xmrig
behavioral1/memory/2720-6106-0x000000013F920000-0x000000013FD12000-memory.dmp	xmrig
behavioral1/memory/2672-6254-0x000000013F360000-0x000000013F752000-memory.dmp	xmrig
behavioral1/memory/2916-6694-0x000000013F5B0000-0x000000013F9A2000-memory.dmp	xmrig
behavioral1/memory/2580-6702-0x000000013F130000-0x000000013F522000-memory.dmp	xmrig
behavioral1/memory/2376-7054-0x000000013F910000-0x000000013FD02000-memory.dmp	xmrig
behavioral1/memory/2788-7092-0x000000013FF10000-0x0000000140302000-memory.dmp	xmrig
behavioral1/memory/2668-6707-0x000000013F3A0000-0x000000013F792000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
2468	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
1268	KPubuRn.exe
2376	zFonqvm.exe
2720	QYJPBdF.exe
2668	OcCgxVk.exe
2672	rJiPgCE.exe
2916	MzBcbCX.exe
2676	cDKrEGt.exe
2524	qYNjsmT.exe
2788	nUIJQAQ.exe
2580	WystYgP.exe
2560	IIwOOuL.exe
2780	VOyGOnq.exe
2928	VrSvzGb.exe
1400	ZXsktgP.exe
1664	REfRmSP.exe
2964	ZmwEegI.exe
2976	GFBADzj.exe
2740	wZQKxTA.exe
2576	FlANooY.exe
1824	YuwzRkM.exe
1704	EOkYLYH.exe
1532	klzrEEh.exe
1912	eCWcjCT.exe
764	HOkGixs.exe
1744	ZszeHQN.exe
1544	jstBsyC.exe
1392	CdoVKuT.exe
2348	qwACjfR.exe
1984	bamjuGp.exe
1868	UbGKLaR.exe
2236	XKFiCCt.exe
1944	rGoFXcZ.exe
2012	AKmCHnk.exe
2860	juJfInT.exe
1728	LsRigOT.exe
1756	asETovJ.exe
1760	qsvgMhv.exe
2900	TYaNeeP.exe
3016	TqDwilI.exe
2996	CpRkehY.exe
1100	PHusUEq.exe
1360	qaaMGRh.exe
308	YAvjfoM.exe
328	KHvErsz.exe
1548	eYZrlkV.exe
1948	DEmkwhu.exe
1372	iLJFWND.exe
2356	QcuMTOr.exe
1956	vyWedbb.exe
1552	qrDzSww.exe
2520	iTdjNlt.exe
868	znxybOU.exe
2160	dmpxyPd.exe
2484	vjSsjOt.exe
1680	NiSdoae.exe
2180	HmIAdZI.exe
2016	ixbWKLj.exe
948	ExmHVvS.exe
2192	vjdAlvd.exe
2712	CperUZL.exe
2240	FFCtvvD.exe
2864	mkPsrNc.exe
1256	MUihTwz.exe
2868	KIKcMkb.exe

Loads dropped DLL 64 IoCs

pid	Process
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe

UPX packed file 60 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1648-0-0x000000013F5E0000-0x000000013F9D2000-memory.dmp	upx
behavioral1/files/0x000c00000001227e-3.dat	upx
behavioral1/files/0x0038000000014f41-8.dat	upx
behavioral1/memory/2376-19-0x000000013F910000-0x000000013FD02000-memory.dmp	upx
behavioral1/files/0x000800000001552d-11.dat	upx
behavioral1/files/0x0008000000015682-34.dat	upx
behavioral1/files/0x0008000000015c93-46.dat	upx
behavioral1/files/0x0007000000015c6f-36.dat	upx
behavioral1/files/0x0007000000004e76-30.dat	upx
behavioral1/files/0x0006000000015f05-64.dat	upx
behavioral1/files/0x0006000000015ff4-71.dat	upx
behavioral1/files/0x0006000000016255-78.dat	upx
behavioral1/files/0x00060000000164a9-85.dat	upx
behavioral1/files/0x0006000000016310-80.dat	upx
behavioral1/files/0x0006000000016103-73.dat	upx
behavioral1/files/0x00060000000165a8-87.dat	upx
behavioral1/files/0x000600000001663f-113.dat	upx
behavioral1/memory/2720-94-0x000000013F920000-0x000000013FD12000-memory.dmp	upx
behavioral1/memory/2560-173-0x000000013FAE0000-0x000000013FED2000-memory.dmp	upx
behavioral1/files/0x0006000000016dda-186.dat	upx
behavioral1/files/0x0006000000016d69-180.dat	upx
behavioral1/files/0x0006000000016d61-171.dat	upx
behavioral1/files/0x0006000000016d34-166.dat	upx
behavioral1/files/0x0006000000016dde-189.dat	upx
behavioral1/memory/2676-112-0x000000013F880000-0x000000013FC72000-memory.dmp	upx
behavioral1/files/0x0006000000016ce7-145.dat	upx
behavioral1/files/0x0006000000016c7a-139.dat	upx
behavioral1/memory/2580-135-0x000000013F130000-0x000000013F522000-memory.dmp	upx
behavioral1/files/0x0006000000016d71-183.dat	upx
behavioral1/files/0x0006000000016d45-178.dat	upx
behavioral1/files/0x0006000000016d65-175.dat	upx
behavioral1/files/0x0006000000016d4e-168.dat	upx
behavioral1/files/0x0006000000016d1b-163.dat	upx
behavioral1/files/0x0006000000016cc3-162.dat	upx
behavioral1/files/0x0006000000016c71-161.dat	upx
behavioral1/files/0x0006000000016d3d-158.dat	upx
behavioral1/files/0x0006000000016d2c-151.dat	upx
behavioral1/files/0x0006000000016abb-134.dat	upx
behavioral1/files/0x0006000000016c56-131.dat	upx
behavioral1/memory/2788-127-0x000000013FF10000-0x0000000140302000-memory.dmp	upx
behavioral1/files/0x000600000001686d-124.dat	upx
behavioral1/memory/2916-109-0x000000013F5B0000-0x000000013F9A2000-memory.dmp	upx
behavioral1/files/0x0006000000015f71-103.dat	upx
behavioral1/memory/2672-101-0x000000013F360000-0x000000013F752000-memory.dmp	upx
behavioral1/memory/2668-99-0x000000013F3A0000-0x000000013F792000-memory.dmp	upx
behavioral1/memory/2524-120-0x000000013F500000-0x000000013F8F2000-memory.dmp	upx
behavioral1/files/0x0007000000015d77-47.dat	upx
behavioral1/files/0x0006000000015e5b-61.dat	upx
behavioral1/files/0x0006000000015d7f-53.dat	upx
behavioral1/memory/1268-17-0x000000013FDF0000-0x00000001401E2000-memory.dmp	upx
behavioral1/memory/1268-5569-0x000000013FDF0000-0x00000001401E2000-memory.dmp	upx
behavioral1/memory/2524-5575-0x000000013F500000-0x000000013F8F2000-memory.dmp	upx
behavioral1/memory/2676-6087-0x000000013F880000-0x000000013FC72000-memory.dmp	upx
behavioral1/memory/2720-6106-0x000000013F920000-0x000000013FD12000-memory.dmp	upx
behavioral1/memory/2672-6254-0x000000013F360000-0x000000013F752000-memory.dmp	upx
behavioral1/memory/2916-6694-0x000000013F5B0000-0x000000013F9A2000-memory.dmp	upx
behavioral1/memory/2580-6702-0x000000013F130000-0x000000013F522000-memory.dmp	upx
behavioral1/memory/2376-7054-0x000000013F910000-0x000000013FD02000-memory.dmp	upx
behavioral1/memory/2788-7092-0x000000013FF10000-0x0000000140302000-memory.dmp	upx
behavioral1/memory/2668-6707-0x000000013F3A0000-0x000000013F792000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\kCtEmlS.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\KtvtmdG.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\efZTLiI.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\BCYxIMY.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\EHMspZt.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\qKuKVEG.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\jRqYZUE.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\nudQYXg.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\CHWdbef.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\UMIApUS.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\yhTTQQg.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\mDucKFn.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\QtrRhiU.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\CRTmygF.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\JzMKJcB.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\sDgloqk.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\lNnNhyD.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\YqjQLPz.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\xrPGuZh.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\ogUBVgE.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\qoqaLtU.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\pxSYQwV.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\pBonTCD.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\ljwnRpe.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\gAKpHIl.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\bfxkDLg.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\GGMuOba.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\pLHWCBB.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\EuvzDBO.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\HTzcfbP.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\IutFnhV.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\aRvfgif.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\qfmtgMu.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\Lvhmxda.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\pyvpNCD.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\wOEVNhY.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\IVavTIs.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\qZhqwiG.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\lhrPdBe.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\pDFkRYm.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\QRLnZxE.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\tqEvFMR.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\hVTCgbh.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\vUBkgZP.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\dwvUZTU.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\wIghsaL.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\hvrvJsg.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\afDoZzb.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\xGKLCZe.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\ygHEabe.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\izANUbK.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\JMuCoOl.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\fagcckp.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\MiAjoIN.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\GxMzjvD.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\XxKuIJC.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\egKvzhM.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\WSekBRF.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\hsEFeaw.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\bBzokiu.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\DQTRONz.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\duCdPtl.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\sSgIqNp.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
File created	C:\Windows\System\axOIleF.exe	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2468	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
Token: SeDebugPrivilege	2468	powershell.exe
Token: SeLockMemoryPrivilege	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1648 wrote to memory of 2468	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	29
PID 1648 wrote to memory of 2468	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	29
PID 1648 wrote to memory of 2468	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	29
PID 1648 wrote to memory of 1268	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	30
PID 1648 wrote to memory of 1268	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	30
PID 1648 wrote to memory of 1268	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	30
PID 1648 wrote to memory of 2376	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	31
PID 1648 wrote to memory of 2376	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	31
PID 1648 wrote to memory of 2376	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	31
PID 1648 wrote to memory of 2720	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	32
PID 1648 wrote to memory of 2720	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	32
PID 1648 wrote to memory of 2720	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	32
PID 1648 wrote to memory of 2668	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	33
PID 1648 wrote to memory of 2668	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	33
PID 1648 wrote to memory of 2668	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	33
PID 1648 wrote to memory of 2672	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	34
PID 1648 wrote to memory of 2672	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	34
PID 1648 wrote to memory of 2672	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	34
PID 1648 wrote to memory of 2916	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	35
PID 1648 wrote to memory of 2916	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	35
PID 1648 wrote to memory of 2916	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	35
PID 1648 wrote to memory of 2676	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	36
PID 1648 wrote to memory of 2676	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	36
PID 1648 wrote to memory of 2676	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	36
PID 1648 wrote to memory of 2788	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	37
PID 1648 wrote to memory of 2788	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	37
PID 1648 wrote to memory of 2788	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	37
PID 1648 wrote to memory of 2524	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	38
PID 1648 wrote to memory of 2524	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	38
PID 1648 wrote to memory of 2524	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	38
PID 1648 wrote to memory of 2580	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	39
PID 1648 wrote to memory of 2580	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	39
PID 1648 wrote to memory of 2580	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	39
PID 1648 wrote to memory of 2560	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	40
PID 1648 wrote to memory of 2560	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	40
PID 1648 wrote to memory of 2560	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	40
PID 1648 wrote to memory of 1664	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	41
PID 1648 wrote to memory of 1664	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	41
PID 1648 wrote to memory of 1664	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	41
PID 1648 wrote to memory of 2780	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	42
PID 1648 wrote to memory of 2780	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	42
PID 1648 wrote to memory of 2780	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	42
PID 1648 wrote to memory of 2964	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	43
PID 1648 wrote to memory of 2964	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	43
PID 1648 wrote to memory of 2964	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	43
PID 1648 wrote to memory of 2928	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	44
PID 1648 wrote to memory of 2928	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	44
PID 1648 wrote to memory of 2928	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	44
PID 1648 wrote to memory of 2976	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	45
PID 1648 wrote to memory of 2976	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	45
PID 1648 wrote to memory of 2976	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	45
PID 1648 wrote to memory of 1400	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	46
PID 1648 wrote to memory of 1400	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	46
PID 1648 wrote to memory of 1400	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	46
PID 1648 wrote to memory of 2740	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	47
PID 1648 wrote to memory of 2740	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	47
PID 1648 wrote to memory of 2740	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	47
PID 1648 wrote to memory of 2576	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	48
PID 1648 wrote to memory of 2576	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	48
PID 1648 wrote to memory of 2576	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	48
PID 1648 wrote to memory of 2860	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	49
PID 1648 wrote to memory of 2860	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	49
PID 1648 wrote to memory of 2860	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	49
PID 1648 wrote to memory of 1824	1648	907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe	50

C:\Users\Admin\AppData\Local\Temp\907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe
"C:\Users\Admin\AppData\Local\Temp\907f885bdb9c0a3dfbdba89f7428d319ef6c0cbc741eeec226c9aafd4afe7cab.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1648
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2468
- C:\Windows\System\KPubuRn.exe
  C:\Windows\System\KPubuRn.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\zFonqvm.exe
  C:\Windows\System\zFonqvm.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\QYJPBdF.exe
  C:\Windows\System\QYJPBdF.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\OcCgxVk.exe
  C:\Windows\System\OcCgxVk.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\rJiPgCE.exe
  C:\Windows\System\rJiPgCE.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\MzBcbCX.exe
  C:\Windows\System\MzBcbCX.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\cDKrEGt.exe
  C:\Windows\System\cDKrEGt.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\nUIJQAQ.exe
  C:\Windows\System\nUIJQAQ.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\qYNjsmT.exe
  C:\Windows\System\qYNjsmT.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\WystYgP.exe
  C:\Windows\System\WystYgP.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\IIwOOuL.exe
  C:\Windows\System\IIwOOuL.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\REfRmSP.exe
  C:\Windows\System\REfRmSP.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\VOyGOnq.exe
  C:\Windows\System\VOyGOnq.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\ZmwEegI.exe
  C:\Windows\System\ZmwEegI.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\VrSvzGb.exe
  C:\Windows\System\VrSvzGb.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\GFBADzj.exe
  C:\Windows\System\GFBADzj.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\ZXsktgP.exe
  C:\Windows\System\ZXsktgP.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\wZQKxTA.exe
  C:\Windows\System\wZQKxTA.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\FlANooY.exe
  C:\Windows\System\FlANooY.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\juJfInT.exe
  C:\Windows\System\juJfInT.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\YuwzRkM.exe
  C:\Windows\System\YuwzRkM.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\asETovJ.exe
  C:\Windows\System\asETovJ.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\EOkYLYH.exe
  C:\Windows\System\EOkYLYH.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\qsvgMhv.exe
  C:\Windows\System\qsvgMhv.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\klzrEEh.exe
  C:\Windows\System\klzrEEh.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\TYaNeeP.exe
  C:\Windows\System\TYaNeeP.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\eCWcjCT.exe
  C:\Windows\System\eCWcjCT.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\TqDwilI.exe
  C:\Windows\System\TqDwilI.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\HOkGixs.exe
  C:\Windows\System\HOkGixs.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\PHusUEq.exe
  C:\Windows\System\PHusUEq.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\ZszeHQN.exe
  C:\Windows\System\ZszeHQN.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\qaaMGRh.exe
  C:\Windows\System\qaaMGRh.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\jstBsyC.exe
  C:\Windows\System\jstBsyC.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\YAvjfoM.exe
  C:\Windows\System\YAvjfoM.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\CdoVKuT.exe
  C:\Windows\System\CdoVKuT.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\KHvErsz.exe
  C:\Windows\System\KHvErsz.exe
  2⤵
  - Executes dropped EXE
  PID:328
- C:\Windows\System\qwACjfR.exe
  C:\Windows\System\qwACjfR.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\eYZrlkV.exe
  C:\Windows\System\eYZrlkV.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\bamjuGp.exe
  C:\Windows\System\bamjuGp.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\iLJFWND.exe
  C:\Windows\System\iLJFWND.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\UbGKLaR.exe
  C:\Windows\System\UbGKLaR.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\QcuMTOr.exe
  C:\Windows\System\QcuMTOr.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\XKFiCCt.exe
  C:\Windows\System\XKFiCCt.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\vyWedbb.exe
  C:\Windows\System\vyWedbb.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\rGoFXcZ.exe
  C:\Windows\System\rGoFXcZ.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\znxybOU.exe
  C:\Windows\System\znxybOU.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\AKmCHnk.exe
  C:\Windows\System\AKmCHnk.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\HmIAdZI.exe
  C:\Windows\System\HmIAdZI.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\LsRigOT.exe
  C:\Windows\System\LsRigOT.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\ixbWKLj.exe
  C:\Windows\System\ixbWKLj.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\CpRkehY.exe
  C:\Windows\System\CpRkehY.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\CperUZL.exe
  C:\Windows\System\CperUZL.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\DEmkwhu.exe
  C:\Windows\System\DEmkwhu.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\FFCtvvD.exe
  C:\Windows\System\FFCtvvD.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\qrDzSww.exe
  C:\Windows\System\qrDzSww.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\mkPsrNc.exe
  C:\Windows\System\mkPsrNc.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\iTdjNlt.exe
  C:\Windows\System\iTdjNlt.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\MUihTwz.exe
  C:\Windows\System\MUihTwz.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\dmpxyPd.exe
  C:\Windows\System\dmpxyPd.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\KIKcMkb.exe
  C:\Windows\System\KIKcMkb.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\vjSsjOt.exe
  C:\Windows\System\vjSsjOt.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\rKLHzOD.exe
  C:\Windows\System\rKLHzOD.exe
  2⤵
  PID:744
- C:\Windows\System\NiSdoae.exe
  C:\Windows\System\NiSdoae.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\vltiAkS.exe
  C:\Windows\System\vltiAkS.exe
  2⤵
  PID:2728
- C:\Windows\System\ExmHVvS.exe
  C:\Windows\System\ExmHVvS.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\gPfclkm.exe
  C:\Windows\System\gPfclkm.exe
  2⤵
  PID:1936
- C:\Windows\System\vjdAlvd.exe
  C:\Windows\System\vjdAlvd.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\XFPoHwT.exe
  C:\Windows\System\XFPoHwT.exe
  2⤵
  PID:1748
- C:\Windows\System\aFKNXPU.exe
  C:\Windows\System\aFKNXPU.exe
  2⤵
  PID:2640
- C:\Windows\System\wNfCFxs.exe
  C:\Windows\System\wNfCFxs.exe
  2⤵
  PID:2544
- C:\Windows\System\KDffOxR.exe
  C:\Windows\System\KDffOxR.exe
  2⤵
  PID:2644
- C:\Windows\System\OMUpUYA.exe
  C:\Windows\System\OMUpUYA.exe
  2⤵
  PID:1632
- C:\Windows\System\ajybFPu.exe
  C:\Windows\System\ajybFPu.exe
  2⤵
  PID:2920
- C:\Windows\System\FbGmUiv.exe
  C:\Windows\System\FbGmUiv.exe
  2⤵
  PID:2596
- C:\Windows\System\RPenjSq.exe
  C:\Windows\System\RPenjSq.exe
  2⤵
  PID:2736
- C:\Windows\System\kHJJZeA.exe
  C:\Windows\System\kHJJZeA.exe
  2⤵
  PID:2932
- C:\Windows\System\EaEYhNA.exe
  C:\Windows\System\EaEYhNA.exe
  2⤵
  PID:988
- C:\Windows\System\KYmNQpO.exe
  C:\Windows\System\KYmNQpO.exe
  2⤵
  PID:1976
- C:\Windows\System\YSTcnxU.exe
  C:\Windows\System\YSTcnxU.exe
  2⤵
  PID:3000
- C:\Windows\System\YzKXOUl.exe
  C:\Windows\System\YzKXOUl.exe
  2⤵
  PID:2144
- C:\Windows\System\ARvSEaJ.exe
  C:\Windows\System\ARvSEaJ.exe
  2⤵
  PID:2404
- C:\Windows\System\dPFpGOx.exe
  C:\Windows\System\dPFpGOx.exe
  2⤵
  PID:1732
- C:\Windows\System\HnglgQC.exe
  C:\Windows\System\HnglgQC.exe
  2⤵
  PID:2480
- C:\Windows\System\shoSQNC.exe
  C:\Windows\System\shoSQNC.exe
  2⤵
  PID:292
- C:\Windows\System\uSGGKow.exe
  C:\Windows\System\uSGGKow.exe
  2⤵
  PID:596
- C:\Windows\System\HGlSmgA.exe
  C:\Windows\System\HGlSmgA.exe
  2⤵
  PID:1932
- C:\Windows\System\lrVbRsb.exe
  C:\Windows\System\lrVbRsb.exe
  2⤵
  PID:1564
- C:\Windows\System\FYlKDGc.exe
  C:\Windows\System\FYlKDGc.exe
  2⤵
  PID:2072
- C:\Windows\System\CkIOpWa.exe
  C:\Windows\System\CkIOpWa.exe
  2⤵
  PID:2572
- C:\Windows\System\HjOdRaJ.exe
  C:\Windows\System\HjOdRaJ.exe
  2⤵
  PID:2756
- C:\Windows\System\cfCYHVL.exe
  C:\Windows\System\cfCYHVL.exe
  2⤵
  PID:1584
- C:\Windows\System\Zyxamvc.exe
  C:\Windows\System\Zyxamvc.exe
  2⤵
  PID:2056
- C:\Windows\System\zKEJTwT.exe
  C:\Windows\System\zKEJTwT.exe
  2⤵
  PID:1560
- C:\Windows\System\PKZegzs.exe
  C:\Windows\System\PKZegzs.exe
  2⤵
  PID:2360
- C:\Windows\System\FHfFHAk.exe
  C:\Windows\System\FHfFHAk.exe
  2⤵
  PID:2300
- C:\Windows\System\TzgTeiS.exe
  C:\Windows\System\TzgTeiS.exe
  2⤵
  PID:708
- C:\Windows\System\lYRqtvY.exe
  C:\Windows\System\lYRqtvY.exe
  2⤵
  PID:2992
- C:\Windows\System\vxjzRRA.exe
  C:\Windows\System\vxjzRRA.exe
  2⤵
  PID:2440
- C:\Windows\System\PUGzNMW.exe
  C:\Windows\System\PUGzNMW.exe
  2⤵
  PID:1272
- C:\Windows\System\EnVorDL.exe
  C:\Windows\System\EnVorDL.exe
  2⤵
  PID:2512
- C:\Windows\System\lBYTrdC.exe
  C:\Windows\System\lBYTrdC.exe
  2⤵
  PID:2808
- C:\Windows\System\KJLRwqA.exe
  C:\Windows\System\KJLRwqA.exe
  2⤵
  PID:2264
- C:\Windows\System\YOWyTeC.exe
  C:\Windows\System\YOWyTeC.exe
  2⤵
  PID:1284
- C:\Windows\System\bOzftNa.exe
  C:\Windows\System\bOzftNa.exe
  2⤵
  PID:2008
- C:\Windows\System\qWulbcY.exe
  C:\Windows\System\qWulbcY.exe
  2⤵
  PID:908
- C:\Windows\System\WOAdXTt.exe
  C:\Windows\System\WOAdXTt.exe
  2⤵
  PID:888
- C:\Windows\System\cfvHrhB.exe
  C:\Windows\System\cfvHrhB.exe
  2⤵
  PID:3020
- C:\Windows\System\xGOsfgA.exe
  C:\Windows\System\xGOsfgA.exe
  2⤵
  PID:964
- C:\Windows\System\gFEwkun.exe
  C:\Windows\System\gFEwkun.exe
  2⤵
  PID:492
- C:\Windows\System\LtutFJv.exe
  C:\Windows\System\LtutFJv.exe
  2⤵
  PID:3040
- C:\Windows\System\DfsQhGk.exe
  C:\Windows\System\DfsQhGk.exe
  2⤵
  PID:2584
- C:\Windows\System\FBhjBMK.exe
  C:\Windows\System\FBhjBMK.exe
  2⤵
  PID:3084
- C:\Windows\System\jIhFBwf.exe
  C:\Windows\System\jIhFBwf.exe
  2⤵
  PID:3100
- C:\Windows\System\IDafpCw.exe
  C:\Windows\System\IDafpCw.exe
  2⤵
  PID:3116
- C:\Windows\System\xqKGCmt.exe
  C:\Windows\System\xqKGCmt.exe
  2⤵
  PID:3132
- C:\Windows\System\oXKbFuf.exe
  C:\Windows\System\oXKbFuf.exe
  2⤵
  PID:3148
- C:\Windows\System\dBbOeEu.exe
  C:\Windows\System\dBbOeEu.exe
  2⤵
  PID:3164
- C:\Windows\System\XJAhWmI.exe
  C:\Windows\System\XJAhWmI.exe
  2⤵
  PID:3180
- C:\Windows\System\BUnMMlY.exe
  C:\Windows\System\BUnMMlY.exe
  2⤵
  PID:3196
- C:\Windows\System\nUkElzr.exe
  C:\Windows\System\nUkElzr.exe
  2⤵
  PID:3212
- C:\Windows\System\eXZAuhr.exe
  C:\Windows\System\eXZAuhr.exe
  2⤵
  PID:3228
- C:\Windows\System\PAXVPba.exe
  C:\Windows\System\PAXVPba.exe
  2⤵
  PID:3244
- C:\Windows\System\Plmpvwe.exe
  C:\Windows\System\Plmpvwe.exe
  2⤵
  PID:3260
- C:\Windows\System\yEEtsqP.exe
  C:\Windows\System\yEEtsqP.exe
  2⤵
  PID:3276
- C:\Windows\System\oPMKfdj.exe
  C:\Windows\System\oPMKfdj.exe
  2⤵
  PID:3292
- C:\Windows\System\ppwRuLB.exe
  C:\Windows\System\ppwRuLB.exe
  2⤵
  PID:3308
- C:\Windows\System\WLrteyk.exe
  C:\Windows\System\WLrteyk.exe
  2⤵
  PID:3324
- C:\Windows\System\YULNsbg.exe
  C:\Windows\System\YULNsbg.exe
  2⤵
  PID:3340
- C:\Windows\System\ePnVXLO.exe
  C:\Windows\System\ePnVXLO.exe
  2⤵
  PID:3356
- C:\Windows\System\ljRuBmt.exe
  C:\Windows\System\ljRuBmt.exe
  2⤵
  PID:3372
- C:\Windows\System\CcgfiNy.exe
  C:\Windows\System\CcgfiNy.exe
  2⤵
  PID:3388
- C:\Windows\System\ObtodWh.exe
  C:\Windows\System\ObtodWh.exe
  2⤵
  PID:3404
- C:\Windows\System\lkKGQLD.exe
  C:\Windows\System\lkKGQLD.exe
  2⤵
  PID:3420
- C:\Windows\System\RsSFmTR.exe
  C:\Windows\System\RsSFmTR.exe
  2⤵
  PID:3436
- C:\Windows\System\poCAmGu.exe
  C:\Windows\System\poCAmGu.exe
  2⤵
  PID:3452
- C:\Windows\System\hKBoqhx.exe
  C:\Windows\System\hKBoqhx.exe
  2⤵
  PID:3468
- C:\Windows\System\zWlZdqg.exe
  C:\Windows\System\zWlZdqg.exe
  2⤵
  PID:3484
- C:\Windows\System\XSDLExO.exe
  C:\Windows\System\XSDLExO.exe
  2⤵
  PID:3500
- C:\Windows\System\NqgEwPP.exe
  C:\Windows\System\NqgEwPP.exe
  2⤵
  PID:3516
- C:\Windows\System\hHhnXUk.exe
  C:\Windows\System\hHhnXUk.exe
  2⤵
  PID:3532
- C:\Windows\System\fwtyREJ.exe
  C:\Windows\System\fwtyREJ.exe
  2⤵
  PID:3548
- C:\Windows\System\RDiymyx.exe
  C:\Windows\System\RDiymyx.exe
  2⤵
  PID:3564
- C:\Windows\System\MRlnbIi.exe
  C:\Windows\System\MRlnbIi.exe
  2⤵
  PID:3580
- C:\Windows\System\iwnRihM.exe
  C:\Windows\System\iwnRihM.exe
  2⤵
  PID:3596
- C:\Windows\System\UEISezD.exe
  C:\Windows\System\UEISezD.exe
  2⤵
  PID:3612
- C:\Windows\System\pECwUYs.exe
  C:\Windows\System\pECwUYs.exe
  2⤵
  PID:3628
- C:\Windows\System\wfvhuum.exe
  C:\Windows\System\wfvhuum.exe
  2⤵
  PID:3644
- C:\Windows\System\GRwKLdw.exe
  C:\Windows\System\GRwKLdw.exe
  2⤵
  PID:3660
- C:\Windows\System\oMjgctm.exe
  C:\Windows\System\oMjgctm.exe
  2⤵
  PID:3676
- C:\Windows\System\pBIzTqH.exe
  C:\Windows\System\pBIzTqH.exe
  2⤵
  PID:3692
- C:\Windows\System\GZpCeLu.exe
  C:\Windows\System\GZpCeLu.exe
  2⤵
  PID:3708
- C:\Windows\System\HPYnLrm.exe
  C:\Windows\System\HPYnLrm.exe
  2⤵
  PID:3724
- C:\Windows\System\mBoWqns.exe
  C:\Windows\System\mBoWqns.exe
  2⤵
  PID:3740
- C:\Windows\System\CgbNNXd.exe
  C:\Windows\System\CgbNNXd.exe
  2⤵
  PID:3756
- C:\Windows\System\xDTccAm.exe
  C:\Windows\System\xDTccAm.exe
  2⤵
  PID:3772
- C:\Windows\System\YvOKZew.exe
  C:\Windows\System\YvOKZew.exe
  2⤵
  PID:3788
- C:\Windows\System\JxrdJAh.exe
  C:\Windows\System\JxrdJAh.exe
  2⤵
  PID:3804
- C:\Windows\System\HyBDeRO.exe
  C:\Windows\System\HyBDeRO.exe
  2⤵
  PID:3820
- C:\Windows\System\GepdfnM.exe
  C:\Windows\System\GepdfnM.exe
  2⤵
  PID:3836
- C:\Windows\System\DceTbUB.exe
  C:\Windows\System\DceTbUB.exe
  2⤵
  PID:3852
- C:\Windows\System\AhsZtPC.exe
  C:\Windows\System\AhsZtPC.exe
  2⤵
  PID:3868
- C:\Windows\System\lRAWDrm.exe
  C:\Windows\System\lRAWDrm.exe
  2⤵
  PID:3884
- C:\Windows\System\AdcUpiG.exe
  C:\Windows\System\AdcUpiG.exe
  2⤵
  PID:3900
- C:\Windows\System\AqBNFMc.exe
  C:\Windows\System\AqBNFMc.exe
  2⤵
  PID:3916
- C:\Windows\System\jVgQwcO.exe
  C:\Windows\System\jVgQwcO.exe
  2⤵
  PID:3932
- C:\Windows\System\sCbSjIX.exe
  C:\Windows\System\sCbSjIX.exe
  2⤵
  PID:3948
- C:\Windows\System\uXgCHta.exe
  C:\Windows\System\uXgCHta.exe
  2⤵
  PID:3964
- C:\Windows\System\LvGgSOT.exe
  C:\Windows\System\LvGgSOT.exe
  2⤵
  PID:3980
- C:\Windows\System\euIuuhj.exe
  C:\Windows\System\euIuuhj.exe
  2⤵
  PID:3996
- C:\Windows\System\UfpmkgQ.exe
  C:\Windows\System\UfpmkgQ.exe
  2⤵
  PID:4012
- C:\Windows\System\fblQWlf.exe
  C:\Windows\System\fblQWlf.exe
  2⤵
  PID:4028
- C:\Windows\System\YOhNRTB.exe
  C:\Windows\System\YOhNRTB.exe
  2⤵
  PID:4044
- C:\Windows\System\hLwAPBL.exe
  C:\Windows\System\hLwAPBL.exe
  2⤵
  PID:4060
- C:\Windows\System\wMlairp.exe
  C:\Windows\System\wMlairp.exe
  2⤵
  PID:4076
- C:\Windows\System\npXEPXD.exe
  C:\Windows\System\npXEPXD.exe
  2⤵
  PID:4092
- C:\Windows\System\mvKFNTr.exe
  C:\Windows\System\mvKFNTr.exe
  2⤵
  PID:2124
- C:\Windows\System\LlnNkUn.exe
  C:\Windows\System\LlnNkUn.exe
  2⤵
  PID:1396
- C:\Windows\System\GTNEGhq.exe
  C:\Windows\System\GTNEGhq.exe
  2⤵
  PID:2732
- C:\Windows\System\vqITCYM.exe
  C:\Windows\System\vqITCYM.exe
  2⤵
  PID:740
- C:\Windows\System\OBHgWSo.exe
  C:\Windows\System\OBHgWSo.exe
  2⤵
  PID:2784
- C:\Windows\System\CstUMTu.exe
  C:\Windows\System\CstUMTu.exe
  2⤵
  PID:1512
- C:\Windows\System\eqEzwMZ.exe
  C:\Windows\System\eqEzwMZ.exe
  2⤵
  PID:2600
- C:\Windows\System\NyGypqz.exe
  C:\Windows\System\NyGypqz.exe
  2⤵
  PID:2680
- C:\Windows\System\mOZnzJt.exe
  C:\Windows\System\mOZnzJt.exe
  2⤵
  PID:2320
- C:\Windows\System\oUsnzHx.exe
  C:\Windows\System\oUsnzHx.exe
  2⤵
  PID:1924
- C:\Windows\System\iiLpPWX.exe
  C:\Windows\System\iiLpPWX.exe
  2⤵
  PID:2128
- C:\Windows\System\TuDFUWm.exe
  C:\Windows\System\TuDFUWm.exe
  2⤵
  PID:3080
- C:\Windows\System\vGTkvvf.exe
  C:\Windows\System\vGTkvvf.exe
  2⤵
  PID:3096
- C:\Windows\System\QBKrHpo.exe
  C:\Windows\System\QBKrHpo.exe
  2⤵
  PID:3144
- C:\Windows\System\VlUcEaD.exe
  C:\Windows\System\VlUcEaD.exe
  2⤵
  PID:3160
- C:\Windows\System\LZauzwR.exe
  C:\Windows\System\LZauzwR.exe
  2⤵
  PID:768
- C:\Windows\System\ASJweTY.exe
  C:\Windows\System\ASJweTY.exe
  2⤵
  PID:3220
- C:\Windows\System\eGXFlGK.exe
  C:\Windows\System\eGXFlGK.exe
  2⤵
  PID:3268
- C:\Windows\System\EaAWCUy.exe
  C:\Windows\System\EaAWCUy.exe
  2⤵
  PID:3284
- C:\Windows\System\cFgftYC.exe
  C:\Windows\System\cFgftYC.exe
  2⤵
  PID:3332
- C:\Windows\System\eNODpqY.exe
  C:\Windows\System\eNODpqY.exe
  2⤵
  PID:3348
- C:\Windows\System\DxbTNwP.exe
  C:\Windows\System\DxbTNwP.exe
  2⤵
  PID:3396
- C:\Windows\System\zLvKqYq.exe
  C:\Windows\System\zLvKqYq.exe
  2⤵
  PID:3428
- C:\Windows\System\SVjryGv.exe
  C:\Windows\System\SVjryGv.exe
  2⤵
  PID:3444
- C:\Windows\System\GvCHpue.exe
  C:\Windows\System\GvCHpue.exe
  2⤵
  PID:3476
- C:\Windows\System\yiWALQH.exe
  C:\Windows\System\yiWALQH.exe
  2⤵
  PID:3508
- C:\Windows\System\UYhTCwb.exe
  C:\Windows\System\UYhTCwb.exe
  2⤵
  PID:3540
- C:\Windows\System\YyGorFO.exe
  C:\Windows\System\YyGorFO.exe
  2⤵
  PID:3572
- C:\Windows\System\SfPWpJx.exe
  C:\Windows\System\SfPWpJx.exe
  2⤵
  PID:3604
- C:\Windows\System\xtPbGzN.exe
  C:\Windows\System\xtPbGzN.exe
  2⤵
  PID:3636
- C:\Windows\System\kaAiTcA.exe
  C:\Windows\System\kaAiTcA.exe
  2⤵
  PID:3656
- C:\Windows\System\dxavPlf.exe
  C:\Windows\System\dxavPlf.exe
  2⤵
  PID:2896
- C:\Windows\System\qAcXfvG.exe
  C:\Windows\System\qAcXfvG.exe
  2⤵
  PID:3716
- C:\Windows\System\xfLjfLJ.exe
  C:\Windows\System\xfLjfLJ.exe
  2⤵
  PID:3748
- C:\Windows\System\EIDDoIC.exe
  C:\Windows\System\EIDDoIC.exe
  2⤵
  PID:3768
- C:\Windows\System\zWjIRIg.exe
  C:\Windows\System\zWjIRIg.exe
  2⤵
  PID:3800
- C:\Windows\System\tNLkOkD.exe
  C:\Windows\System\tNLkOkD.exe
  2⤵
  PID:3832
- C:\Windows\System\wBdCDuS.exe
  C:\Windows\System\wBdCDuS.exe
  2⤵
  PID:3876
- C:\Windows\System\Bxhhzgu.exe
  C:\Windows\System\Bxhhzgu.exe
  2⤵
  PID:3892
- C:\Windows\System\RHOgPxO.exe
  C:\Windows\System\RHOgPxO.exe
  2⤵
  PID:2256
- C:\Windows\System\YpXYgWn.exe
  C:\Windows\System\YpXYgWn.exe
  2⤵
  PID:3912
- C:\Windows\System\WWuzhCy.exe
  C:\Windows\System\WWuzhCy.exe
  2⤵
  PID:2804
- C:\Windows\System\oLIgWFA.exe
  C:\Windows\System\oLIgWFA.exe
  2⤵
  PID:3972
- C:\Windows\System\FNckXIf.exe
  C:\Windows\System\FNckXIf.exe
  2⤵
  PID:4004
- C:\Windows\System\ctQIodE.exe
  C:\Windows\System\ctQIodE.exe
  2⤵
  PID:4024
- C:\Windows\System\jrbEJYU.exe
  C:\Windows\System\jrbEJYU.exe
  2⤵
  PID:4068
- C:\Windows\System\tygJUqT.exe
  C:\Windows\System\tygJUqT.exe
  2⤵
  PID:4088
- C:\Windows\System\omZXOJr.exe
  C:\Windows\System\omZXOJr.exe
  2⤵
  PID:736
- C:\Windows\System\PjIKGKy.exe
  C:\Windows\System\PjIKGKy.exe
  2⤵
  PID:2848
- C:\Windows\System\FOMyPRo.exe
  C:\Windows\System\FOMyPRo.exe
  2⤵
  PID:1276
- C:\Windows\System\ufNYfiW.exe
  C:\Windows\System\ufNYfiW.exe
  2⤵
  PID:2228
- C:\Windows\System\sQJKmBJ.exe
  C:\Windows\System\sQJKmBJ.exe
  2⤵
  PID:1200
- C:\Windows\System\wPfIvrJ.exe
  C:\Windows\System\wPfIvrJ.exe
  2⤵
  PID:3108
- C:\Windows\System\coVxbcn.exe
  C:\Windows\System\coVxbcn.exe
  2⤵
  PID:2764
- C:\Windows\System\aweUNEG.exe
  C:\Windows\System\aweUNEG.exe
  2⤵
  PID:3188
- C:\Windows\System\hdosWan.exe
  C:\Windows\System\hdosWan.exe
  2⤵
  PID:3236
- C:\Windows\System\isllPUy.exe
  C:\Windows\System\isllPUy.exe
  2⤵
  PID:3252
- C:\Windows\System\PaQEZMV.exe
  C:\Windows\System\PaQEZMV.exe
  2⤵
  PID:3304
- C:\Windows\System\saTKHmu.exe
  C:\Windows\System\saTKHmu.exe
  2⤵
  PID:3368
- C:\Windows\System\SVPUdNX.exe
  C:\Windows\System\SVPUdNX.exe
  2⤵
  PID:3496
- C:\Windows\System\QnHDCRa.exe
  C:\Windows\System\QnHDCRa.exe
  2⤵
  PID:3560
- C:\Windows\System\IjUTilt.exe
  C:\Windows\System\IjUTilt.exe
  2⤵
  PID:3012
- C:\Windows\System\SIiUXbE.exe
  C:\Windows\System\SIiUXbE.exe
  2⤵
  PID:3704
- C:\Windows\System\EXBhXon.exe
  C:\Windows\System\EXBhXon.exe
  2⤵
  PID:2120
- C:\Windows\System\mgQHHUB.exe
  C:\Windows\System\mgQHHUB.exe
  2⤵
  PID:3828
- C:\Windows\System\JuTXjTr.exe
  C:\Windows\System\JuTXjTr.exe
  2⤵
  PID:3848
- C:\Windows\System\bWMhwtr.exe
  C:\Windows\System\bWMhwtr.exe
  2⤵
  PID:2636
- C:\Windows\System\tQyMPCx.exe
  C:\Windows\System\tQyMPCx.exe
  2⤵
  PID:1096
- C:\Windows\System\qzbSqEl.exe
  C:\Windows\System\qzbSqEl.exe
  2⤵
  PID:3956
- C:\Windows\System\mPmyUCL.exe
  C:\Windows\System\mPmyUCL.exe
  2⤵
  PID:3976
- C:\Windows\System\uEmCyhW.exe
  C:\Windows\System\uEmCyhW.exe
  2⤵
  PID:812
- C:\Windows\System\uNjjZED.exe
  C:\Windows\System\uNjjZED.exe
  2⤵
  PID:2476
- C:\Windows\System\FfWRPXk.exe
  C:\Windows\System\FfWRPXk.exe
  2⤵
  PID:1524
- C:\Windows\System\zZlvCEv.exe
  C:\Windows\System\zZlvCEv.exe
  2⤵
  PID:2844
- C:\Windows\System\fnggRqn.exe
  C:\Windows\System\fnggRqn.exe
  2⤵
  PID:1964
- C:\Windows\System\fGEkzIM.exe
  C:\Windows\System\fGEkzIM.exe
  2⤵
  PID:3128
- C:\Windows\System\ukVpVvn.exe
  C:\Windows\System\ukVpVvn.exe
  2⤵
  PID:3204
- C:\Windows\System\nyfYNxG.exe
  C:\Windows\System\nyfYNxG.exe
  2⤵
  PID:3364
- C:\Windows\System\lWNtSkY.exe
  C:\Windows\System\lWNtSkY.exe
  2⤵
  PID:2372
- C:\Windows\System\CbPQIBH.exe
  C:\Windows\System\CbPQIBH.exe
  2⤵
  PID:2324
- C:\Windows\System\HPHfxsa.exe
  C:\Windows\System\HPHfxsa.exe
  2⤵
  PID:1736
- C:\Windows\System\vasaFbW.exe
  C:\Windows\System\vasaFbW.exe
  2⤵
  PID:2252
- C:\Windows\System\nAvHYvJ.exe
  C:\Windows\System\nAvHYvJ.exe
  2⤵
  PID:3432
- C:\Windows\System\qnoqkrQ.exe
  C:\Windows\System\qnoqkrQ.exe
  2⤵
  PID:3684
- C:\Windows\System\LcWLkRz.exe
  C:\Windows\System\LcWLkRz.exe
  2⤵
  PID:3640
- C:\Windows\System\wVznICm.exe
  C:\Windows\System\wVznICm.exe
  2⤵
  PID:3732
- C:\Windows\System\afHZuoH.exe
  C:\Windows\System\afHZuoH.exe
  2⤵
  PID:2800
- C:\Windows\System\nXfMIkY.exe
  C:\Windows\System\nXfMIkY.exe
  2⤵
  PID:3796
- C:\Windows\System\PSXBlIk.exe
  C:\Windows\System\PSXBlIk.exe
  2⤵
  PID:3880
- C:\Windows\System\pmVNpty.exe
  C:\Windows\System\pmVNpty.exe
  2⤵
  PID:4008
- C:\Windows\System\oNTbGNm.exe
  C:\Windows\System\oNTbGNm.exe
  2⤵
  PID:1340
- C:\Windows\System\OOsYzkz.exe
  C:\Windows\System\OOsYzkz.exe
  2⤵
  PID:2248
- C:\Windows\System\ZELraoa.exe
  C:\Windows\System\ZELraoa.exe
  2⤵
  PID:1516
- C:\Windows\System\mBNsAfy.exe
  C:\Windows\System\mBNsAfy.exe
  2⤵
  PID:2888
- C:\Windows\System\peIzXGr.exe
  C:\Windows\System\peIzXGr.exe
  2⤵
  PID:1332
- C:\Windows\System\nedNZcx.exe
  C:\Windows\System\nedNZcx.exe
  2⤵
  PID:324
- C:\Windows\System\SGFJNWp.exe
  C:\Windows\System\SGFJNWp.exe
  2⤵
  PID:3608
- C:\Windows\System\rfYCLxz.exe
  C:\Windows\System\rfYCLxz.exe
  2⤵
  PID:1708
- C:\Windows\System\XastYsF.exe
  C:\Windows\System\XastYsF.exe
  2⤵
  PID:1588
- C:\Windows\System\icfjNjg.exe
  C:\Windows\System\icfjNjg.exe
  2⤵
  PID:2924
- C:\Windows\System\RmnfrGu.exe
  C:\Windows\System\RmnfrGu.exe
  2⤵
  PID:816
- C:\Windows\System\IVavTIs.exe
  C:\Windows\System\IVavTIs.exe
  2⤵
  PID:2536
- C:\Windows\System\RhIVCIW.exe
  C:\Windows\System\RhIVCIW.exe
  2⤵
  PID:4104
- C:\Windows\System\xGKLCZe.exe
  C:\Windows\System\xGKLCZe.exe
  2⤵
  PID:4120
- C:\Windows\System\ppGwWBd.exe
  C:\Windows\System\ppGwWBd.exe
  2⤵
  PID:4136
- C:\Windows\System\cnBfUhw.exe
  C:\Windows\System\cnBfUhw.exe
  2⤵
  PID:4152
- C:\Windows\System\Nmwnsjg.exe
  C:\Windows\System\Nmwnsjg.exe
  2⤵
  PID:4168
- C:\Windows\System\UvSfOVO.exe
  C:\Windows\System\UvSfOVO.exe
  2⤵
  PID:4184
- C:\Windows\System\JblnxKA.exe
  C:\Windows\System\JblnxKA.exe
  2⤵
  PID:4200
- C:\Windows\System\kDTfZZW.exe
  C:\Windows\System\kDTfZZW.exe
  2⤵
  PID:4216
- C:\Windows\System\EHMspZt.exe
  C:\Windows\System\EHMspZt.exe
  2⤵
  PID:4232
- C:\Windows\System\wDYmAxD.exe
  C:\Windows\System\wDYmAxD.exe
  2⤵
  PID:4248
- C:\Windows\System\JhjANZx.exe
  C:\Windows\System\JhjANZx.exe
  2⤵
  PID:4264
- C:\Windows\System\iQHwJuO.exe
  C:\Windows\System\iQHwJuO.exe
  2⤵
  PID:4280
- C:\Windows\System\qoqaLtU.exe
  C:\Windows\System\qoqaLtU.exe
  2⤵
  PID:4296
- C:\Windows\System\eCrCohW.exe
  C:\Windows\System\eCrCohW.exe
  2⤵
  PID:4312
- C:\Windows\System\VMfFQCl.exe
  C:\Windows\System\VMfFQCl.exe
  2⤵
  PID:4328
- C:\Windows\System\VJOOmQf.exe
  C:\Windows\System\VJOOmQf.exe
  2⤵
  PID:4344
- C:\Windows\System\ieDLVzh.exe
  C:\Windows\System\ieDLVzh.exe
  2⤵
  PID:4360
- C:\Windows\System\FTnLAqw.exe
  C:\Windows\System\FTnLAqw.exe
  2⤵
  PID:4376
- C:\Windows\System\cigZpuL.exe
  C:\Windows\System\cigZpuL.exe
  2⤵
  PID:4392
- C:\Windows\System\VPqDiOU.exe
  C:\Windows\System\VPqDiOU.exe
  2⤵
  PID:4408
- C:\Windows\System\gMNiOwe.exe
  C:\Windows\System\gMNiOwe.exe
  2⤵
  PID:4424
- C:\Windows\System\AOJUONK.exe
  C:\Windows\System\AOJUONK.exe
  2⤵
  PID:4440
- C:\Windows\System\BQGTfin.exe
  C:\Windows\System\BQGTfin.exe
  2⤵
  PID:4456
- C:\Windows\System\XqMdDxG.exe
  C:\Windows\System\XqMdDxG.exe
  2⤵
  PID:4472
- C:\Windows\System\BsVEGCb.exe
  C:\Windows\System\BsVEGCb.exe
  2⤵
  PID:4488
- C:\Windows\System\bSVIbfL.exe
  C:\Windows\System\bSVIbfL.exe
  2⤵
  PID:4504
- C:\Windows\System\WgtNGVi.exe
  C:\Windows\System\WgtNGVi.exe
  2⤵
  PID:4520
- C:\Windows\System\UUefwUP.exe
  C:\Windows\System\UUefwUP.exe
  2⤵
  PID:4536
- C:\Windows\System\LADdTdl.exe
  C:\Windows\System\LADdTdl.exe
  2⤵
  PID:4552
- C:\Windows\System\NNwlOBN.exe
  C:\Windows\System\NNwlOBN.exe
  2⤵
  PID:4568
- C:\Windows\System\fyASVhi.exe
  C:\Windows\System\fyASVhi.exe
  2⤵
  PID:4584
- C:\Windows\System\xPsvwvG.exe
  C:\Windows\System\xPsvwvG.exe
  2⤵
  PID:4600
- C:\Windows\System\bzyzLlg.exe
  C:\Windows\System\bzyzLlg.exe
  2⤵
  PID:4616
- C:\Windows\System\hMBcMGf.exe
  C:\Windows\System\hMBcMGf.exe
  2⤵
  PID:4632
- C:\Windows\System\Xqroraa.exe
  C:\Windows\System\Xqroraa.exe
  2⤵
  PID:4648
- C:\Windows\System\sbcZAEh.exe
  C:\Windows\System\sbcZAEh.exe
  2⤵
  PID:4664
- C:\Windows\System\ADlTwHR.exe
  C:\Windows\System\ADlTwHR.exe
  2⤵
  PID:4680
- C:\Windows\System\FMlPjnQ.exe
  C:\Windows\System\FMlPjnQ.exe
  2⤵
  PID:4696
- C:\Windows\System\emtXWiP.exe
  C:\Windows\System\emtXWiP.exe
  2⤵
  PID:4712
- C:\Windows\System\pGuEQfP.exe
  C:\Windows\System\pGuEQfP.exe
  2⤵
  PID:4728
- C:\Windows\System\mbZTuxL.exe
  C:\Windows\System\mbZTuxL.exe
  2⤵
  PID:4744
- C:\Windows\System\CuLxzdN.exe
  C:\Windows\System\CuLxzdN.exe
  2⤵
  PID:4760
- C:\Windows\System\tiaGJpC.exe
  C:\Windows\System\tiaGJpC.exe
  2⤵
  PID:4776
- C:\Windows\System\xSQJkEb.exe
  C:\Windows\System\xSQJkEb.exe
  2⤵
  PID:4792
- C:\Windows\System\RMyjESq.exe
  C:\Windows\System\RMyjESq.exe
  2⤵
  PID:4808
- C:\Windows\System\GVMUhUE.exe
  C:\Windows\System\GVMUhUE.exe
  2⤵
  PID:4824
- C:\Windows\System\dPPEnyh.exe
  C:\Windows\System\dPPEnyh.exe
  2⤵
  PID:4840
- C:\Windows\System\EkIEoxH.exe
  C:\Windows\System\EkIEoxH.exe
  2⤵
  PID:4856
- C:\Windows\System\CQVpoOs.exe
  C:\Windows\System\CQVpoOs.exe
  2⤵
  PID:4872
- C:\Windows\System\ixUSWBl.exe
  C:\Windows\System\ixUSWBl.exe
  2⤵
  PID:4888
- C:\Windows\System\zEEfaWk.exe
  C:\Windows\System\zEEfaWk.exe
  2⤵
  PID:4904
- C:\Windows\System\JTOnrMJ.exe
  C:\Windows\System\JTOnrMJ.exe
  2⤵
  PID:4920
- C:\Windows\System\YEhPitr.exe
  C:\Windows\System\YEhPitr.exe
  2⤵
  PID:4936
- C:\Windows\System\skqcxrH.exe
  C:\Windows\System\skqcxrH.exe
  2⤵
  PID:4952
- C:\Windows\System\pWOqlKv.exe
  C:\Windows\System\pWOqlKv.exe
  2⤵
  PID:4968
- C:\Windows\System\qnbQonp.exe
  C:\Windows\System\qnbQonp.exe
  2⤵
  PID:4984
- C:\Windows\System\SquCyOS.exe
  C:\Windows\System\SquCyOS.exe
  2⤵
  PID:5000
- C:\Windows\System\WLulmCf.exe
  C:\Windows\System\WLulmCf.exe
  2⤵
  PID:5016
- C:\Windows\System\xezKlxj.exe
  C:\Windows\System\xezKlxj.exe
  2⤵
  PID:5032
- C:\Windows\System\LvMaiyW.exe
  C:\Windows\System\LvMaiyW.exe
  2⤵
  PID:5048
- C:\Windows\System\EPFjOMX.exe
  C:\Windows\System\EPFjOMX.exe
  2⤵
  PID:5064
- C:\Windows\System\NwrSuyv.exe
  C:\Windows\System\NwrSuyv.exe
  2⤵
  PID:5080
- C:\Windows\System\WsGUjmE.exe
  C:\Windows\System\WsGUjmE.exe
  2⤵
  PID:5096
- C:\Windows\System\qnQUsDg.exe
  C:\Windows\System\qnQUsDg.exe
  2⤵
  PID:5112
- C:\Windows\System\LilToTp.exe
  C:\Windows\System\LilToTp.exe
  2⤵
  PID:3448
- C:\Windows\System\Suojhge.exe
  C:\Windows\System\Suojhge.exe
  2⤵
  PID:3380
- C:\Windows\System\IcxMGIW.exe
  C:\Windows\System\IcxMGIW.exe
  2⤵
  PID:3592
- C:\Windows\System\nVrrOxu.exe
  C:\Windows\System\nVrrOxu.exe
  2⤵
  PID:4100
- C:\Windows\System\puFyUWX.exe
  C:\Windows\System\puFyUWX.exe
  2⤵
  PID:4164
- C:\Windows\System\WazBSmL.exe
  C:\Windows\System\WazBSmL.exe
  2⤵
  PID:4116
- C:\Windows\System\HKQwWaQ.exe
  C:\Windows\System\HKQwWaQ.exe
  2⤵
  PID:4180
- C:\Windows\System\kmfNDrK.exe
  C:\Windows\System\kmfNDrK.exe
  2⤵
  PID:4192
- C:\Windows\System\cdDBRns.exe
  C:\Windows\System\cdDBRns.exe
  2⤵
  PID:4228
- C:\Windows\System\AEkfRMr.exe
  C:\Windows\System\AEkfRMr.exe
  2⤵
  PID:4292
- C:\Windows\System\HBdviky.exe
  C:\Windows\System\HBdviky.exe
  2⤵
  PID:4276
- C:\Windows\System\NPEwaxc.exe
  C:\Windows\System\NPEwaxc.exe
  2⤵
  PID:4340
- C:\Windows\System\yzsUhkM.exe
  C:\Windows\System\yzsUhkM.exe
  2⤵
  PID:4352
- C:\Windows\System\sTVDXSR.exe
  C:\Windows\System\sTVDXSR.exe
  2⤵
  PID:4404
- C:\Windows\System\sKVgdLW.exe
  C:\Windows\System\sKVgdLW.exe
  2⤵
  PID:4468
- C:\Windows\System\MNzmrZN.exe
  C:\Windows\System\MNzmrZN.exe
  2⤵
  PID:4448
- C:\Windows\System\vttwOoY.exe
  C:\Windows\System\vttwOoY.exe
  2⤵
  PID:4516
- C:\Windows\System\elDYeQR.exe
  C:\Windows\System\elDYeQR.exe
  2⤵
  PID:4544
- C:\Windows\System\qMjVBFG.exe
  C:\Windows\System\qMjVBFG.exe
  2⤵
  PID:2836
- C:\Windows\System\UgCAPjY.exe
  C:\Windows\System\UgCAPjY.exe
  2⤵
  PID:4612
- C:\Windows\System\jRPWTYt.exe
  C:\Windows\System\jRPWTYt.exe
  2⤵
  PID:4704
- C:\Windows\System\RdnwwXW.exe
  C:\Windows\System\RdnwwXW.exe
  2⤵
  PID:4528
- C:\Windows\System\gSLoGic.exe
  C:\Windows\System\gSLoGic.exe
  2⤵
  PID:4768
- C:\Windows\System\gPMnhVg.exe
  C:\Windows\System\gPMnhVg.exe
  2⤵
  PID:4660
- C:\Windows\System\FoyqlTm.exe
  C:\Windows\System\FoyqlTm.exe
  2⤵
  PID:4596
- C:\Windows\System\ztHoioG.exe
  C:\Windows\System\ztHoioG.exe
  2⤵
  PID:4756
- C:\Windows\System\YmCSuqd.exe
  C:\Windows\System\YmCSuqd.exe
  2⤵
  PID:4800
- C:\Windows\System\ALugpgr.exe
  C:\Windows\System\ALugpgr.exe
  2⤵
  PID:2704
- C:\Windows\System\OIaRrOC.exe
  C:\Windows\System\OIaRrOC.exe
  2⤵
  PID:5012
- C:\Windows\System\ZkeFdFG.exe
  C:\Windows\System\ZkeFdFG.exe
  2⤵
  PID:4816
- C:\Windows\System\VKMYDRW.exe
  C:\Windows\System\VKMYDRW.exe
  2⤵
  PID:4868
- C:\Windows\System\fLeguUj.exe
  C:\Windows\System\fLeguUj.exe
  2⤵
  PID:4932
- C:\Windows\System\pOQqzrl.exe
  C:\Windows\System\pOQqzrl.exe
  2⤵
  PID:1492
- C:\Windows\System\EgSYyqn.exe
  C:\Windows\System\EgSYyqn.exe
  2⤵
  PID:4996
- C:\Windows\System\AxsFxeC.exe
  C:\Windows\System\AxsFxeC.exe
  2⤵
  PID:5028
- C:\Windows\System\ROwFOuT.exe
  C:\Windows\System\ROwFOuT.exe
  2⤵
  PID:1776
- C:\Windows\System\gZCtgUs.exe
  C:\Windows\System\gZCtgUs.exe
  2⤵
  PID:5072
- C:\Windows\System\XhadQyG.exe
  C:\Windows\System\XhadQyG.exe
  2⤵
  PID:3576
- C:\Windows\System\ihXDarT.exe
  C:\Windows\System\ihXDarT.exe
  2⤵
  PID:2168
- C:\Windows\System\TIMQphi.exe
  C:\Windows\System\TIMQphi.exe
  2⤵
  PID:4196
- C:\Windows\System\RJjjdIR.exe
  C:\Windows\System\RJjjdIR.exe
  2⤵
  PID:4132
- C:\Windows\System\biMrOPT.exe
  C:\Windows\System\biMrOPT.exe
  2⤵
  PID:4324
- C:\Windows\System\jDwIXPd.exe
  C:\Windows\System\jDwIXPd.exe
  2⤵
  PID:4148
- C:\Windows\System\NbmSfGX.exe
  C:\Windows\System\NbmSfGX.exe
  2⤵
  PID:4388
- C:\Windows\System\OGObIzx.exe
  C:\Windows\System\OGObIzx.exe
  2⤵
  PID:4416
- C:\Windows\System\xBImzoi.exe
  C:\Windows\System\xBImzoi.exe
  2⤵
  PID:4608
- C:\Windows\System\IjyDheY.exe
  C:\Windows\System\IjyDheY.exe
  2⤵
  PID:4692
- C:\Windows\System\XNlzhAO.exe
  C:\Windows\System\XNlzhAO.exe
  2⤵
  PID:4772
- C:\Windows\System\AVRPqKm.exe
  C:\Windows\System\AVRPqKm.exe
  2⤵
  PID:4884
- C:\Windows\System\WoEafdS.exe
  C:\Windows\System\WoEafdS.exe
  2⤵
  PID:4960
- C:\Windows\System\elhpcVy.exe
  C:\Windows\System\elhpcVy.exe
  2⤵
  PID:5088
- C:\Windows\System\DlmHHGQ.exe
  C:\Windows\System\DlmHHGQ.exe
  2⤵
  PID:5108
- C:\Windows\System\SSnazPb.exe
  C:\Windows\System\SSnazPb.exe
  2⤵
  PID:4676
- C:\Windows\System\MVcQnGV.exe
  C:\Windows\System\MVcQnGV.exe
  2⤵
  PID:4628
- C:\Windows\System\eNaCIDY.exe
  C:\Windows\System\eNaCIDY.exe
  2⤵
  PID:4208
- C:\Windows\System\ZDdUocb.exe
  C:\Windows\System\ZDdUocb.exe
  2⤵
  PID:4336
- C:\Windows\System\ZHiSwVV.exe
  C:\Windows\System\ZHiSwVV.exe
  2⤵
  PID:4864
- C:\Windows\System\aFVaXrJ.exe
  C:\Windows\System\aFVaXrJ.exe
  2⤵
  PID:5024
- C:\Windows\System\byMTxhn.exe
  C:\Windows\System\byMTxhn.exe
  2⤵
  PID:4740
- C:\Windows\System\nktUVpQ.exe
  C:\Windows\System\nktUVpQ.exe
  2⤵
  PID:3412
- C:\Windows\System\paGtYlP.exe
  C:\Windows\System\paGtYlP.exe
  2⤵
  PID:556
- C:\Windows\System\qPTMQGY.exe
  C:\Windows\System\qPTMQGY.exe
  2⤵
  PID:676
- C:\Windows\System\xqHfvpz.exe
  C:\Windows\System\xqHfvpz.exe
  2⤵
  PID:4900
- C:\Windows\System\kMOVzqn.exe
  C:\Windows\System\kMOVzqn.exe
  2⤵
  PID:4532
- C:\Windows\System\xzEOWwg.exe
  C:\Windows\System\xzEOWwg.exe
  2⤵
  PID:5008
- C:\Windows\System\gewOehH.exe
  C:\Windows\System\gewOehH.exe
  2⤵
  PID:4560
- C:\Windows\System\XhEwiol.exe
  C:\Windows\System\XhEwiol.exe
  2⤵
  PID:2880
- C:\Windows\System\HsjOLNg.exe
  C:\Windows\System\HsjOLNg.exe
  2⤵
  PID:5132
- C:\Windows\System\UaSIheM.exe
  C:\Windows\System\UaSIheM.exe
  2⤵
  PID:5148
- C:\Windows\System\cpsMEka.exe
  C:\Windows\System\cpsMEka.exe
  2⤵
  PID:5164
- C:\Windows\System\vBdzlYA.exe
  C:\Windows\System\vBdzlYA.exe
  2⤵
  PID:5180
- C:\Windows\System\DPXHmNQ.exe
  C:\Windows\System\DPXHmNQ.exe
  2⤵
  PID:5196
- C:\Windows\System\hrsYsTu.exe
  C:\Windows\System\hrsYsTu.exe
  2⤵
  PID:5212
- C:\Windows\System\aqXCmNP.exe
  C:\Windows\System\aqXCmNP.exe
  2⤵
  PID:5228
- C:\Windows\System\AcYhMci.exe
  C:\Windows\System\AcYhMci.exe
  2⤵
  PID:5244
- C:\Windows\System\NCblGHL.exe
  C:\Windows\System\NCblGHL.exe
  2⤵
  PID:5260
- C:\Windows\System\YFZaoFK.exe
  C:\Windows\System\YFZaoFK.exe
  2⤵
  PID:5276
- C:\Windows\System\JTXncji.exe
  C:\Windows\System\JTXncji.exe
  2⤵
  PID:5292
- C:\Windows\System\gIaoUOH.exe
  C:\Windows\System\gIaoUOH.exe
  2⤵
  PID:5308
- C:\Windows\System\bssxomJ.exe
  C:\Windows\System\bssxomJ.exe
  2⤵
  PID:5324
- C:\Windows\System\ZEiPRkk.exe
  C:\Windows\System\ZEiPRkk.exe
  2⤵
  PID:5340
- C:\Windows\System\VhKfGRD.exe
  C:\Windows\System\VhKfGRD.exe
  2⤵
  PID:5356
- C:\Windows\System\iMedmoY.exe
  C:\Windows\System\iMedmoY.exe
  2⤵
  PID:5372
- C:\Windows\System\UWJPnWz.exe
  C:\Windows\System\UWJPnWz.exe
  2⤵
  PID:5388
- C:\Windows\System\tspdVbJ.exe
  C:\Windows\System\tspdVbJ.exe
  2⤵
  PID:5404
- C:\Windows\System\ZzSrWJN.exe
  C:\Windows\System\ZzSrWJN.exe
  2⤵
  PID:5420
- C:\Windows\System\HNjnIEt.exe
  C:\Windows\System\HNjnIEt.exe
  2⤵
  PID:5436
- C:\Windows\System\ZLsxQvh.exe
  C:\Windows\System\ZLsxQvh.exe
  2⤵
  PID:5452
- C:\Windows\System\feGpjPO.exe
  C:\Windows\System\feGpjPO.exe
  2⤵
  PID:5468
- C:\Windows\System\TirCIUe.exe
  C:\Windows\System\TirCIUe.exe
  2⤵
  PID:5484
- C:\Windows\System\mKAbfMW.exe
  C:\Windows\System\mKAbfMW.exe
  2⤵
  PID:5500
- C:\Windows\System\tyVjhjY.exe
  C:\Windows\System\tyVjhjY.exe
  2⤵
  PID:5516
- C:\Windows\System\syWwVTJ.exe
  C:\Windows\System\syWwVTJ.exe
  2⤵
  PID:5532
- C:\Windows\System\oPIxeBC.exe
  C:\Windows\System\oPIxeBC.exe
  2⤵
  PID:5548
- C:\Windows\System\QLCUoPA.exe
  C:\Windows\System\QLCUoPA.exe
  2⤵
  PID:5564
- C:\Windows\System\lZYotKH.exe
  C:\Windows\System\lZYotKH.exe
  2⤵
  PID:5580
- C:\Windows\System\gpNKtrH.exe
  C:\Windows\System\gpNKtrH.exe
  2⤵
  PID:5596
- C:\Windows\System\dUKxLNU.exe
  C:\Windows\System\dUKxLNU.exe
  2⤵
  PID:5612
- C:\Windows\System\VJhLsXQ.exe
  C:\Windows\System\VJhLsXQ.exe
  2⤵
  PID:5628
- C:\Windows\System\DNEKWnV.exe
  C:\Windows\System\DNEKWnV.exe
  2⤵
  PID:5644
- C:\Windows\System\Dqfftuu.exe
  C:\Windows\System\Dqfftuu.exe
  2⤵
  PID:5660
- C:\Windows\System\UtsoyWa.exe
  C:\Windows\System\UtsoyWa.exe
  2⤵
  PID:5676
- C:\Windows\System\cxTktnv.exe
  C:\Windows\System\cxTktnv.exe
  2⤵
  PID:5692
- C:\Windows\System\zQWMmDf.exe
  C:\Windows\System\zQWMmDf.exe
  2⤵
  PID:5708
- C:\Windows\System\wzbdMZr.exe
  C:\Windows\System\wzbdMZr.exe
  2⤵
  PID:5724
- C:\Windows\System\VaQmkgV.exe
  C:\Windows\System\VaQmkgV.exe
  2⤵
  PID:5740
- C:\Windows\System\DwbJxNB.exe
  C:\Windows\System\DwbJxNB.exe
  2⤵
  PID:5756
- C:\Windows\System\BIqYNEY.exe
  C:\Windows\System\BIqYNEY.exe
  2⤵
  PID:5772
- C:\Windows\System\WYJSejj.exe
  C:\Windows\System\WYJSejj.exe
  2⤵
  PID:5788
- C:\Windows\System\UYIQyuG.exe
  C:\Windows\System\UYIQyuG.exe
  2⤵
  PID:5804
- C:\Windows\System\MUAESpn.exe
  C:\Windows\System\MUAESpn.exe
  2⤵
  PID:5820
- C:\Windows\System\RRmTMkf.exe
  C:\Windows\System\RRmTMkf.exe
  2⤵
  PID:5852
- C:\Windows\System\WvLjeWv.exe
  C:\Windows\System\WvLjeWv.exe
  2⤵
  PID:5868
- C:\Windows\System\DAtTrQH.exe
  C:\Windows\System\DAtTrQH.exe
  2⤵
  PID:5884
- C:\Windows\System\Ecrzzlv.exe
  C:\Windows\System\Ecrzzlv.exe
  2⤵
  PID:5900
- C:\Windows\System\yLUtqCz.exe
  C:\Windows\System\yLUtqCz.exe
  2⤵
  PID:5916
- C:\Windows\System\YOJxORg.exe
  C:\Windows\System\YOJxORg.exe
  2⤵
  PID:5932
- C:\Windows\System\cMTzuKU.exe
  C:\Windows\System\cMTzuKU.exe
  2⤵
  PID:5948
- C:\Windows\System\YHhQaXW.exe
  C:\Windows\System\YHhQaXW.exe
  2⤵
  PID:5968
- C:\Windows\System\QHAMaeG.exe
  C:\Windows\System\QHAMaeG.exe
  2⤵
  PID:5984
- C:\Windows\System\tptANSU.exe
  C:\Windows\System\tptANSU.exe
  2⤵
  PID:6000
- C:\Windows\System\bnWFHXb.exe
  C:\Windows\System\bnWFHXb.exe
  2⤵
  PID:6016
- C:\Windows\System\gAOIvtd.exe
  C:\Windows\System\gAOIvtd.exe
  2⤵
  PID:6032
- C:\Windows\System\hmNciHX.exe
  C:\Windows\System\hmNciHX.exe
  2⤵
  PID:6048
- C:\Windows\System\VkcWgzY.exe
  C:\Windows\System\VkcWgzY.exe
  2⤵
  PID:6064
- C:\Windows\System\GgQBrae.exe
  C:\Windows\System\GgQBrae.exe
  2⤵
  PID:6080
- C:\Windows\System\wZuXOrr.exe
  C:\Windows\System\wZuXOrr.exe
  2⤵
  PID:6096
- C:\Windows\System\BzkdyWA.exe
  C:\Windows\System\BzkdyWA.exe
  2⤵
  PID:6112
- C:\Windows\System\hJunygM.exe
  C:\Windows\System\hJunygM.exe
  2⤵
  PID:6128
- C:\Windows\System\nTyiXZn.exe
  C:\Windows\System\nTyiXZn.exe
  2⤵
  PID:4052
- C:\Windows\System\NFUrktq.exe
  C:\Windows\System\NFUrktq.exe
  2⤵
  PID:4436
- C:\Windows\System\octqzvy.exe
  C:\Windows\System\octqzvy.exe
  2⤵
  PID:5124
- C:\Windows\System\rQkKKun.exe
  C:\Windows\System\rQkKKun.exe
  2⤵
  PID:5160
- C:\Windows\System\EGyyLyb.exe
  C:\Windows\System\EGyyLyb.exe
  2⤵
  PID:4288
- C:\Windows\System\vxAXodE.exe
  C:\Windows\System\vxAXodE.exe
  2⤵
  PID:4836
- C:\Windows\System\hHkAOXw.exe
  C:\Windows\System\hHkAOXw.exe
  2⤵
  PID:5140
- C:\Windows\System\nuLhaWc.exe
  C:\Windows\System\nuLhaWc.exe
  2⤵
  PID:5252
- C:\Windows\System\YZfepZP.exe
  C:\Windows\System\YZfepZP.exe
  2⤵
  PID:5172
- C:\Windows\System\kmKmblj.exe
  C:\Windows\System\kmKmblj.exe
  2⤵
  PID:5236
- C:\Windows\System\BusIuwp.exe
  C:\Windows\System\BusIuwp.exe
  2⤵
  PID:5348
- C:\Windows\System\mqaLxyT.exe
  C:\Windows\System\mqaLxyT.exe
  2⤵
  PID:5268
- C:\Windows\System\ppiuuhK.exe
  C:\Windows\System\ppiuuhK.exe
  2⤵
  PID:5332
- C:\Windows\System\FHwleEN.exe
  C:\Windows\System\FHwleEN.exe
  2⤵
  PID:5396
- C:\Windows\System\FBJkjZz.exe
  C:\Windows\System\FBJkjZz.exe
  2⤵
  PID:5460
- C:\Windows\System\ooFLfLU.exe
  C:\Windows\System\ooFLfLU.exe
  2⤵
  PID:5588
- C:\Windows\System\opGXypA.exe
  C:\Windows\System\opGXypA.exe
  2⤵
  PID:5560
- C:\Windows\System\WPmQgkE.exe
  C:\Windows\System\WPmQgkE.exe
  2⤵
  PID:5448
- C:\Windows\System\ddGAVTy.exe
  C:\Windows\System\ddGAVTy.exe
  2⤵
  PID:5512
- C:\Windows\System\HJbUEon.exe
  C:\Windows\System\HJbUEon.exe
  2⤵
  PID:5576
- C:\Windows\System\dUcuiXK.exe
  C:\Windows\System\dUcuiXK.exe
  2⤵
  PID:5620
- C:\Windows\System\IIoUWsT.exe
  C:\Windows\System\IIoUWsT.exe
  2⤵
  PID:5636
- C:\Windows\System\BScDUlj.exe
  C:\Windows\System\BScDUlj.exe
  2⤵
  PID:5700
- C:\Windows\System\VUzyoSR.exe
  C:\Windows\System\VUzyoSR.exe
  2⤵
  PID:5764
- C:\Windows\System\duZGiPD.exe
  C:\Windows\System\duZGiPD.exe
  2⤵
  PID:5828
- C:\Windows\System\fiKXpHx.exe
  C:\Windows\System\fiKXpHx.exe
  2⤵
  PID:5688
- C:\Windows\System\jOJrYgs.exe
  C:\Windows\System\jOJrYgs.exe
  2⤵
  PID:5748
- C:\Windows\System\qwRzDFO.exe
  C:\Windows\System\qwRzDFO.exe
  2⤵
  PID:5876
- C:\Windows\System\dvilMSY.exe
  C:\Windows\System\dvilMSY.exe
  2⤵
  PID:5908
- C:\Windows\System\okWdMYt.exe
  C:\Windows\System\okWdMYt.exe
  2⤵
  PID:5976
- C:\Windows\System\JimcdEF.exe
  C:\Windows\System\JimcdEF.exe
  2⤵
  PID:5924
- C:\Windows\System\xSvjkOo.exe
  C:\Windows\System\xSvjkOo.exe
  2⤵
  PID:6040
- C:\Windows\System\HZPUzuU.exe
  C:\Windows\System\HZPUzuU.exe
  2⤵
  PID:5992
- C:\Windows\System\MRTEcgg.exe
  C:\Windows\System\MRTEcgg.exe
  2⤵
  PID:6108
- C:\Windows\System\nJdhWSH.exe
  C:\Windows\System\nJdhWSH.exe
  2⤵
  PID:5960
- C:\Windows\System\BZMhsRe.exe
  C:\Windows\System\BZMhsRe.exe
  2⤵
  PID:6028
- C:\Windows\System\MHudVXU.exe
  C:\Windows\System\MHudVXU.exe
  2⤵
  PID:6092
- C:\Windows\System\XqhbfRo.exe
  C:\Windows\System\XqhbfRo.exe
  2⤵
  PID:5128
- C:\Windows\System\XgkvQea.exe
  C:\Windows\System\XgkvQea.exe
  2⤵
  PID:5104
- C:\Windows\System\RjNgamG.exe
  C:\Windows\System\RjNgamG.exe
  2⤵
  PID:5204
- C:\Windows\System\wnmfxXr.exe
  C:\Windows\System\wnmfxXr.exe
  2⤵
  PID:4848
- C:\Windows\System\SPKrlUY.exe
  C:\Windows\System\SPKrlUY.exe
  2⤵
  PID:5320
- C:\Windows\System\iegweTc.exe
  C:\Windows\System\iegweTc.exe
  2⤵
  PID:5428
- C:\Windows\System\tItJVFa.exe
  C:\Windows\System\tItJVFa.exe
  2⤵
  PID:5380
- C:\Windows\System\SNAmaEd.exe
  C:\Windows\System\SNAmaEd.exe
  2⤵
  PID:5492
- C:\Windows\System\BJIzWbD.exe
  C:\Windows\System\BJIzWbD.exe
  2⤵
  PID:5480
- C:\Windows\System\qznSLsO.exe
  C:\Windows\System\qznSLsO.exe
  2⤵
  PID:5544
- C:\Windows\System\CdHYSsx.exe
  C:\Windows\System\CdHYSsx.exe
  2⤵
  PID:5652
- C:\Windows\System\NQlGell.exe
  C:\Windows\System\NQlGell.exe
  2⤵
  PID:5812
- C:\Windows\System\xrIkTFe.exe
  C:\Windows\System\xrIkTFe.exe
  2⤵
  PID:304
- C:\Windows\System\qqvQVRn.exe
  C:\Windows\System\qqvQVRn.exe
  2⤵
  PID:2748
- C:\Windows\System\ZpbAtzY.exe
  C:\Windows\System\ZpbAtzY.exe
  2⤵
  PID:5784
- C:\Windows\System\XuBVbbe.exe
  C:\Windows\System\XuBVbbe.exe
  2⤵
  PID:5896
- C:\Windows\System\nLFXYND.exe
  C:\Windows\System\nLFXYND.exe
  2⤵
  PID:1940
- C:\Windows\System\VBODgkE.exe
  C:\Windows\System\VBODgkE.exe
  2⤵
  PID:6060
- C:\Windows\System\KLlwmSU.exe
  C:\Windows\System\KLlwmSU.exe
  2⤵
  PID:6136
- C:\Windows\System\KOpeZBd.exe
  C:\Windows\System\KOpeZBd.exe
  2⤵
  PID:4640
- C:\Windows\System\BIIQOWp.exe
  C:\Windows\System\BIIQOWp.exe
  2⤵
  PID:6024
- C:\Windows\System\EwWtnIh.exe
  C:\Windows\System\EwWtnIh.exe
  2⤵
  PID:5368
- C:\Windows\System\otNXZyR.exe
  C:\Windows\System\otNXZyR.exe
  2⤵
  PID:5288
- C:\Windows\System\aYMrAEL.exe
  C:\Windows\System\aYMrAEL.exe
  2⤵
  PID:5316
- C:\Windows\System\tkDNbjm.exe
  C:\Windows\System\tkDNbjm.exe
  2⤵
  PID:5736
- C:\Windows\System\NFuFzDO.exe
  C:\Windows\System\NFuFzDO.exe
  2⤵
  PID:5716
- C:\Windows\System\iEpeWrk.exe
  C:\Windows\System\iEpeWrk.exe
  2⤵
  PID:372
- C:\Windows\System\wEHDbcD.exe
  C:\Windows\System\wEHDbcD.exe
  2⤵
  PID:5944
- C:\Windows\System\GIzyWXh.exe
  C:\Windows\System\GIzyWXh.exe
  2⤵
  PID:6076
- C:\Windows\System\mUqEigl.exe
  C:\Windows\System\mUqEigl.exe
  2⤵
  PID:1072
- C:\Windows\System\splAhfk.exe
  C:\Windows\System\splAhfk.exe
  2⤵
  PID:5364
- C:\Windows\System\IVXPCpG.exe
  C:\Windows\System\IVXPCpG.exe
  2⤵
  PID:5672
- C:\Windows\System\RaxVidN.exe
  C:\Windows\System\RaxVidN.exe
  2⤵
  PID:5572
- C:\Windows\System\SiUlDrK.exe
  C:\Windows\System\SiUlDrK.exe
  2⤵
  PID:6088
- C:\Windows\System\DtAHvUD.exe
  C:\Windows\System\DtAHvUD.exe
  2⤵
  PID:6072
- C:\Windows\System\AwKwgUn.exe
  C:\Windows\System\AwKwgUn.exe
  2⤵
  PID:5304
- C:\Windows\System\DCxLriL.exe
  C:\Windows\System\DCxLriL.exe
  2⤵
  PID:5732
- C:\Windows\System\cODxIro.exe
  C:\Windows\System\cODxIro.exe
  2⤵
  PID:5940
- C:\Windows\System\jpIoGwt.exe
  C:\Windows\System\jpIoGwt.exe
  2⤵
  PID:1700
- C:\Windows\System\tNQCQXn.exe
  C:\Windows\System\tNQCQXn.exe
  2⤵
  PID:6156
- C:\Windows\System\LDthwpG.exe
  C:\Windows\System\LDthwpG.exe
  2⤵
  PID:6172
- C:\Windows\System\GdWjTHA.exe
  C:\Windows\System\GdWjTHA.exe
  2⤵
  PID:6188
- C:\Windows\System\EFGBEkj.exe
  C:\Windows\System\EFGBEkj.exe
  2⤵
  PID:6204
- C:\Windows\System\pJVBcbC.exe
  C:\Windows\System\pJVBcbC.exe
  2⤵
  PID:6220
- C:\Windows\System\pshbnsN.exe
  C:\Windows\System\pshbnsN.exe
  2⤵
  PID:6236
- C:\Windows\System\wAsGUAS.exe
  C:\Windows\System\wAsGUAS.exe
  2⤵
  PID:6252
- C:\Windows\System\fGFqgVI.exe
  C:\Windows\System\fGFqgVI.exe
  2⤵
  PID:6268
- C:\Windows\System\PfrQYKF.exe
  C:\Windows\System\PfrQYKF.exe
  2⤵
  PID:6284
- C:\Windows\System\CEYmXck.exe
  C:\Windows\System\CEYmXck.exe
  2⤵
  PID:6300
- C:\Windows\System\sbZISTk.exe
  C:\Windows\System\sbZISTk.exe
  2⤵
  PID:6316
- C:\Windows\System\hqfcMHd.exe
  C:\Windows\System\hqfcMHd.exe
  2⤵
  PID:6332
- C:\Windows\System\UoiLKEb.exe
  C:\Windows\System\UoiLKEb.exe
  2⤵
  PID:6348
- C:\Windows\System\DLPzhnK.exe
  C:\Windows\System\DLPzhnK.exe
  2⤵
  PID:6364
- C:\Windows\System\GbASqcl.exe
  C:\Windows\System\GbASqcl.exe
  2⤵
  PID:6380
- C:\Windows\System\Swdmbsp.exe
  C:\Windows\System\Swdmbsp.exe
  2⤵
  PID:6396
- C:\Windows\System\fDVgrjY.exe
  C:\Windows\System\fDVgrjY.exe
  2⤵
  PID:6412
- C:\Windows\System\VyxIHvq.exe
  C:\Windows\System\VyxIHvq.exe
  2⤵
  PID:6428
- C:\Windows\System\dhgMejh.exe
  C:\Windows\System\dhgMejh.exe
  2⤵
  PID:6444
- C:\Windows\System\OHAHFki.exe
  C:\Windows\System\OHAHFki.exe
  2⤵
  PID:6460
- C:\Windows\System\SDGsfyN.exe
  C:\Windows\System\SDGsfyN.exe
  2⤵
  PID:6476
- C:\Windows\System\zTltqqq.exe
  C:\Windows\System\zTltqqq.exe
  2⤵
  PID:6492
- C:\Windows\System\cJMStUe.exe
  C:\Windows\System\cJMStUe.exe
  2⤵
  PID:6508
- C:\Windows\System\mzuOvcs.exe
  C:\Windows\System\mzuOvcs.exe
  2⤵
  PID:6524
- C:\Windows\System\bsLfKgd.exe
  C:\Windows\System\bsLfKgd.exe
  2⤵
  PID:6540
- C:\Windows\System\fbtMpaA.exe
  C:\Windows\System\fbtMpaA.exe
  2⤵
  PID:6556
- C:\Windows\System\yCjCoOY.exe
  C:\Windows\System\yCjCoOY.exe
  2⤵
  PID:6572
- C:\Windows\System\vaJBjdM.exe
  C:\Windows\System\vaJBjdM.exe
  2⤵
  PID:6588
- C:\Windows\System\QoamRBB.exe
  C:\Windows\System\QoamRBB.exe
  2⤵
  PID:6604
- C:\Windows\System\pQIAZTl.exe
  C:\Windows\System\pQIAZTl.exe
  2⤵
  PID:6620
- C:\Windows\System\FdVOCCR.exe
  C:\Windows\System\FdVOCCR.exe
  2⤵
  PID:6636
- C:\Windows\System\viYTozo.exe
  C:\Windows\System\viYTozo.exe
  2⤵
  PID:6652
- C:\Windows\System\rxNPfCh.exe
  C:\Windows\System\rxNPfCh.exe
  2⤵
  PID:6668
- C:\Windows\System\gjpPlri.exe
  C:\Windows\System\gjpPlri.exe
  2⤵
  PID:6684
- C:\Windows\System\fcsVXto.exe
  C:\Windows\System\fcsVXto.exe
  2⤵
  PID:6700
- C:\Windows\System\HMJLhIn.exe
  C:\Windows\System\HMJLhIn.exe
  2⤵
  PID:6716
- C:\Windows\System\gRXHgIm.exe
  C:\Windows\System\gRXHgIm.exe
  2⤵
  PID:6732
- C:\Windows\System\Rfmglqu.exe
  C:\Windows\System\Rfmglqu.exe
  2⤵
  PID:6748
- C:\Windows\System\TWRVqXm.exe
  C:\Windows\System\TWRVqXm.exe
  2⤵
  PID:6764
- C:\Windows\System\hzKWezh.exe
  C:\Windows\System\hzKWezh.exe
  2⤵
  PID:6780
- C:\Windows\System\ZLgscNC.exe
  C:\Windows\System\ZLgscNC.exe
  2⤵
  PID:6796
- C:\Windows\System\YzgIMZZ.exe
  C:\Windows\System\YzgIMZZ.exe
  2⤵
  PID:6812
- C:\Windows\System\CSVyIPM.exe
  C:\Windows\System\CSVyIPM.exe
  2⤵
  PID:6828
- C:\Windows\System\waUBuVj.exe
  C:\Windows\System\waUBuVj.exe
  2⤵
  PID:6844
- C:\Windows\System\hCnMzqv.exe
  C:\Windows\System\hCnMzqv.exe
  2⤵
  PID:6860
- C:\Windows\System\wHpEagU.exe
  C:\Windows\System\wHpEagU.exe
  2⤵
  PID:6876
- C:\Windows\System\wrGIPPU.exe
  C:\Windows\System\wrGIPPU.exe
  2⤵
  PID:6892
- C:\Windows\System\SUrvbBX.exe
  C:\Windows\System\SUrvbBX.exe
  2⤵
  PID:6908
- C:\Windows\System\QLAAttm.exe
  C:\Windows\System\QLAAttm.exe
  2⤵
  PID:6928
- C:\Windows\System\LwnsIpp.exe
  C:\Windows\System\LwnsIpp.exe
  2⤵
  PID:6944
- C:\Windows\System\JKtBhYL.exe
  C:\Windows\System\JKtBhYL.exe
  2⤵
  PID:6960
- C:\Windows\System\kfvKNIw.exe
  C:\Windows\System\kfvKNIw.exe
  2⤵
  PID:6976
- C:\Windows\System\luhmytE.exe
  C:\Windows\System\luhmytE.exe
  2⤵
  PID:6992
- C:\Windows\System\alnxKNH.exe
  C:\Windows\System\alnxKNH.exe
  2⤵
  PID:7008
- C:\Windows\System\FoYnVbT.exe
  C:\Windows\System\FoYnVbT.exe
  2⤵
  PID:7024
- C:\Windows\System\JMCNJQn.exe
  C:\Windows\System\JMCNJQn.exe
  2⤵
  PID:7040
- C:\Windows\System\DMxMzdY.exe
  C:\Windows\System\DMxMzdY.exe
  2⤵
  PID:7056
- C:\Windows\System\XvhAXri.exe
  C:\Windows\System\XvhAXri.exe
  2⤵
  PID:7072
- C:\Windows\System\bzBitzP.exe
  C:\Windows\System\bzBitzP.exe
  2⤵
  PID:7088
- C:\Windows\System\rlXOIYB.exe
  C:\Windows\System\rlXOIYB.exe
  2⤵
  PID:7104
- C:\Windows\System\FEfwOOA.exe
  C:\Windows\System\FEfwOOA.exe
  2⤵
  PID:7120
- C:\Windows\System\lZkUUUF.exe
  C:\Windows\System\lZkUUUF.exe
  2⤵
  PID:7136
- C:\Windows\System\rPVjiNL.exe
  C:\Windows\System\rPVjiNL.exe
  2⤵
  PID:7152
- C:\Windows\System\GficMmm.exe
  C:\Windows\System\GficMmm.exe
  2⤵
  PID:2612
- C:\Windows\System\bxvZYan.exe
  C:\Windows\System\bxvZYan.exe
  2⤵
  PID:6184
- C:\Windows\System\CrMOlcr.exe
  C:\Windows\System\CrMOlcr.exe
  2⤵
  PID:6244
- C:\Windows\System\OHPeQnK.exe
  C:\Windows\System\OHPeQnK.exe
  2⤵
  PID:6280
- C:\Windows\System\OXaRdIP.exe
  C:\Windows\System\OXaRdIP.exe
  2⤵
  PID:6168
- C:\Windows\System\HuqtGob.exe
  C:\Windows\System\HuqtGob.exe
  2⤵
  PID:6228
- C:\Windows\System\XIdRLql.exe
  C:\Windows\System\XIdRLql.exe
  2⤵
  PID:6312
- C:\Windows\System\PEJilnh.exe
  C:\Windows\System\PEJilnh.exe
  2⤵
  PID:6328
- C:\Windows\System\HVUcKuL.exe
  C:\Windows\System\HVUcKuL.exe
  2⤵
  PID:6356
- C:\Windows\System\JJmneqO.exe
  C:\Windows\System\JJmneqO.exe
  2⤵
  PID:6408
- C:\Windows\System\dFmqnGS.exe
  C:\Windows\System\dFmqnGS.exe
  2⤵
  PID:6468
- C:\Windows\System\arFgsrv.exe
  C:\Windows\System\arFgsrv.exe
  2⤵
  PID:6500
- C:\Windows\System\hmlIfvo.exe
  C:\Windows\System\hmlIfvo.exe
  2⤵
  PID:6516
- C:\Windows\System\JKEKZYD.exe
  C:\Windows\System\JKEKZYD.exe
  2⤵
  PID:6484
- C:\Windows\System\uIRXBHu.exe
  C:\Windows\System\uIRXBHu.exe
  2⤵
  PID:6568
- C:\Windows\System\fEpBwHO.exe
  C:\Windows\System\fEpBwHO.exe
  2⤵
  PID:6600
- C:\Windows\System\qydorkS.exe
  C:\Windows\System\qydorkS.exe
  2⤵
  PID:6616
- C:\Windows\System\LJrjLOe.exe
  C:\Windows\System\LJrjLOe.exe
  2⤵
  PID:6632
- C:\Windows\System\rglsuJL.exe
  C:\Windows\System\rglsuJL.exe
  2⤵
  PID:6696
- C:\Windows\System\QnLwRqK.exe
  C:\Windows\System\QnLwRqK.exe
  2⤵
  PID:6756
- C:\Windows\System\hgPwZRA.exe
  C:\Windows\System\hgPwZRA.exe
  2⤵
  PID:6788
- C:\Windows\System\elEeZhh.exe
  C:\Windows\System\elEeZhh.exe
  2⤵
  PID:6852
- C:\Windows\System\EjaZQgD.exe
  C:\Windows\System\EjaZQgD.exe
  2⤵
  PID:6744
- C:\Windows\System\NeNEbZh.exe
  C:\Windows\System\NeNEbZh.exe
  2⤵
  PID:6884
- C:\Windows\System\qoXnsTR.exe
  C:\Windows\System\qoXnsTR.exe
  2⤵
  PID:6804
- C:\Windows\System\KoZcrGU.exe
  C:\Windows\System\KoZcrGU.exe
  2⤵
  PID:6920
- C:\Windows\System\NsoCChJ.exe
  C:\Windows\System\NsoCChJ.exe
  2⤵
  PID:6936
- C:\Windows\System\sapppOT.exe
  C:\Windows\System\sapppOT.exe
  2⤵
  PID:6968
- C:\Windows\System\uDXLPeT.exe
  C:\Windows\System\uDXLPeT.exe
  2⤵
  PID:7004
- C:\Windows\System\mDkuJiT.exe
  C:\Windows\System\mDkuJiT.exe
  2⤵
  PID:7036
- C:\Windows\System\TsTUPko.exe
  C:\Windows\System\TsTUPko.exe
  2⤵
  PID:7064
- C:\Windows\System\NYvxFzi.exe
  C:\Windows\System\NYvxFzi.exe
  2⤵
  PID:7100
- C:\Windows\System\VQgytxg.exe
  C:\Windows\System\VQgytxg.exe
  2⤵
  PID:7116
- C:\Windows\System\iMlfGCc.exe
  C:\Windows\System\iMlfGCc.exe
  2⤵
  PID:6212
- C:\Windows\System\oOdpXdh.exe
  C:\Windows\System\oOdpXdh.exe
  2⤵
  PID:6216
- C:\Windows\System\mcynRDv.exe
  C:\Windows\System\mcynRDv.exe
  2⤵
  PID:6308
- C:\Windows\System\tUZYrrh.exe
  C:\Windows\System\tUZYrrh.exe
  2⤵
  PID:6324
- C:\Windows\System\EenOSrY.exe
  C:\Windows\System\EenOSrY.exe
  2⤵
  PID:6376
- C:\Windows\System\dCwdwDp.exe
  C:\Windows\System\dCwdwDp.exe
  2⤵
  PID:6440
- C:\Windows\System\lCJoHfK.exe
  C:\Windows\System\lCJoHfK.exe
  2⤵
  PID:6488
- C:\Windows\System\EfcIcrN.exe
  C:\Windows\System\EfcIcrN.exe
  2⤵
  PID:6596
- C:\Windows\System\emTpfrQ.exe
  C:\Windows\System\emTpfrQ.exe
  2⤵
  PID:6584
- C:\Windows\System\tYZTTJT.exe
  C:\Windows\System\tYZTTJT.exe
  2⤵
  PID:6664
- C:\Windows\System\KFjgJGu.exe
  C:\Windows\System\KFjgJGu.exe
  2⤵
  PID:6820
- C:\Windows\System\chtEMGb.exe
  C:\Windows\System\chtEMGb.exe
  2⤵
  PID:6740
- C:\Windows\System\KaecMhe.exe
  C:\Windows\System\KaecMhe.exe
  2⤵
  PID:6984
- C:\Windows\System\ztHsPGA.exe
  C:\Windows\System\ztHsPGA.exe
  2⤵
  PID:7016
- C:\Windows\System\dyUFlJD.exe
  C:\Windows\System\dyUFlJD.exe
  2⤵
  PID:7080
- C:\Windows\System\XipXPFf.exe
  C:\Windows\System\XipXPFf.exe
  2⤵
  PID:6180
- C:\Windows\System\acRQocj.exe
  C:\Windows\System\acRQocj.exe
  2⤵
  PID:6200
- C:\Windows\System\WxIiYrl.exe
  C:\Windows\System\WxIiYrl.exe
  2⤵
  PID:6164
- C:\Windows\System\DdvILOe.exe
  C:\Windows\System\DdvILOe.exe
  2⤵
  PID:3700
- C:\Windows\System\gnzEakE.exe
  C:\Windows\System\gnzEakE.exe
  2⤵
  PID:6552
- C:\Windows\System\wBiXslZ.exe
  C:\Windows\System\wBiXslZ.exe
  2⤵
  PID:6916
- C:\Windows\System\hhLjbnK.exe
  C:\Windows\System\hhLjbnK.exe
  2⤵
  PID:7052
- C:\Windows\System\RWgEGNO.exe
  C:\Windows\System\RWgEGNO.exe
  2⤵
  PID:6404
- C:\Windows\System\JGoGGaw.exe
  C:\Windows\System\JGoGGaw.exe
  2⤵
  PID:6628
- C:\Windows\System\ZYbBFRA.exe
  C:\Windows\System\ZYbBFRA.exe
  2⤵
  PID:6708
- C:\Windows\System\zJCOnEa.exe
  C:\Windows\System\zJCOnEa.exe
  2⤵
  PID:7000
- C:\Windows\System\WHJXgEB.exe
  C:\Windows\System\WHJXgEB.exe
  2⤵
  PID:6296
- C:\Windows\System\tOBUPbY.exe
  C:\Windows\System\tOBUPbY.exe
  2⤵
  PID:7160
- C:\Windows\System\nYuhumk.exe
  C:\Windows\System\nYuhumk.exe
  2⤵
  PID:6772
- C:\Windows\System\SeHciet.exe
  C:\Windows\System\SeHciet.exe
  2⤵
  PID:6872
- C:\Windows\System\jZkrWJW.exe
  C:\Windows\System\jZkrWJW.exe
  2⤵
  PID:7176
- C:\Windows\System\xYAAolV.exe
  C:\Windows\System\xYAAolV.exe
  2⤵
  PID:7196
- C:\Windows\System\tfRXpSo.exe
  C:\Windows\System\tfRXpSo.exe
  2⤵
  PID:7212
- C:\Windows\System\aktcdOp.exe
  C:\Windows\System\aktcdOp.exe
  2⤵
  PID:7228
- C:\Windows\System\dYFUSbn.exe
  C:\Windows\System\dYFUSbn.exe
  2⤵
  PID:7244
- C:\Windows\System\MhvWFiH.exe
  C:\Windows\System\MhvWFiH.exe
  2⤵
  PID:7264
- C:\Windows\System\pwZSLEd.exe
  C:\Windows\System\pwZSLEd.exe
  2⤵
  PID:7280
- C:\Windows\System\nWdDorX.exe
  C:\Windows\System\nWdDorX.exe
  2⤵
  PID:7296
- C:\Windows\System\UkoTZIh.exe
  C:\Windows\System\UkoTZIh.exe
  2⤵
  PID:7312
- C:\Windows\System\xGnawAE.exe
  C:\Windows\System\xGnawAE.exe
  2⤵
  PID:7328
- C:\Windows\System\VZhMZjR.exe
  C:\Windows\System\VZhMZjR.exe
  2⤵
  PID:7344
- C:\Windows\System\pqKPOeU.exe
  C:\Windows\System\pqKPOeU.exe
  2⤵
  PID:7360
- C:\Windows\System\gCWJkaE.exe
  C:\Windows\System\gCWJkaE.exe
  2⤵
  PID:7376
- C:\Windows\System\PVxelyU.exe
  C:\Windows\System\PVxelyU.exe
  2⤵
  PID:7392
- C:\Windows\System\iYFPMvY.exe
  C:\Windows\System\iYFPMvY.exe
  2⤵
  PID:7408
- C:\Windows\System\wDHezfn.exe
  C:\Windows\System\wDHezfn.exe
  2⤵
  PID:7424
- C:\Windows\System\QGsnQcT.exe
  C:\Windows\System\QGsnQcT.exe
  2⤵
  PID:7440
- C:\Windows\System\JzMKJcB.exe
  C:\Windows\System\JzMKJcB.exe
  2⤵
  PID:7456
- C:\Windows\System\mlKpYca.exe
  C:\Windows\System\mlKpYca.exe
  2⤵
  PID:7472
- C:\Windows\System\TnsWsGN.exe
  C:\Windows\System\TnsWsGN.exe
  2⤵
  PID:7488
- C:\Windows\System\GsNrEeP.exe
  C:\Windows\System\GsNrEeP.exe
  2⤵
  PID:7504
- C:\Windows\System\BKoHBsu.exe
  C:\Windows\System\BKoHBsu.exe
  2⤵
  PID:7520
- C:\Windows\System\PITaniq.exe
  C:\Windows\System\PITaniq.exe
  2⤵
  PID:7536
- C:\Windows\System\dCQBADB.exe
  C:\Windows\System\dCQBADB.exe
  2⤵
  PID:7552
- C:\Windows\System\gYRUcMP.exe
  C:\Windows\System\gYRUcMP.exe
  2⤵
  PID:7568
- C:\Windows\System\FHJwhUb.exe
  C:\Windows\System\FHJwhUb.exe
  2⤵
  PID:7584
- C:\Windows\System\jGvAqpc.exe
  C:\Windows\System\jGvAqpc.exe
  2⤵
  PID:7600
- C:\Windows\System\HDwGNom.exe
  C:\Windows\System\HDwGNom.exe
  2⤵
  PID:7616
- C:\Windows\System\ZiAfPXR.exe
  C:\Windows\System\ZiAfPXR.exe
  2⤵
  PID:7632
- C:\Windows\System\OYILmTK.exe
  C:\Windows\System\OYILmTK.exe
  2⤵
  PID:7648
- C:\Windows\System\YpoUjdS.exe
  C:\Windows\System\YpoUjdS.exe
  2⤵
  PID:7668
- C:\Windows\System\IzPUWYJ.exe
  C:\Windows\System\IzPUWYJ.exe
  2⤵
  PID:7684
- C:\Windows\System\uccivPH.exe
  C:\Windows\System\uccivPH.exe
  2⤵
  PID:7704
- C:\Windows\System\tcUzoQp.exe
  C:\Windows\System\tcUzoQp.exe
  2⤵
  PID:7720
- C:\Windows\System\aBOcpGU.exe
  C:\Windows\System\aBOcpGU.exe
  2⤵
  PID:7736
- C:\Windows\System\URbwJXB.exe
  C:\Windows\System\URbwJXB.exe
  2⤵
  PID:7752
- C:\Windows\System\hCHZklB.exe
  C:\Windows\System\hCHZklB.exe
  2⤵
  PID:7768
- C:\Windows\System\YkoOdVP.exe
  C:\Windows\System\YkoOdVP.exe
  2⤵
  PID:7784
- C:\Windows\System\mUNmODC.exe
  C:\Windows\System\mUNmODC.exe
  2⤵
  PID:7800
- C:\Windows\System\zAxxrSC.exe
  C:\Windows\System\zAxxrSC.exe
  2⤵
  PID:7816
- C:\Windows\System\QLXoPmW.exe
  C:\Windows\System\QLXoPmW.exe
  2⤵
  PID:7832
- C:\Windows\System\qWnaHTj.exe
  C:\Windows\System\qWnaHTj.exe
  2⤵
  PID:7848
- C:\Windows\System\ucODrOF.exe
  C:\Windows\System\ucODrOF.exe
  2⤵
  PID:7864
- C:\Windows\System\kqwLqWZ.exe
  C:\Windows\System\kqwLqWZ.exe
  2⤵
  PID:7880
- C:\Windows\System\pbGCrue.exe
  C:\Windows\System\pbGCrue.exe
  2⤵
  PID:7896
- C:\Windows\System\wCElySH.exe
  C:\Windows\System\wCElySH.exe
  2⤵
  PID:7912
- C:\Windows\System\wTYxRno.exe
  C:\Windows\System\wTYxRno.exe
  2⤵
  PID:7928
- C:\Windows\System\wqiXpdX.exe
  C:\Windows\System\wqiXpdX.exe
  2⤵
  PID:7944
- C:\Windows\System\LjYvDZy.exe
  C:\Windows\System\LjYvDZy.exe
  2⤵
  PID:7964
- C:\Windows\System\nvPvrxJ.exe
  C:\Windows\System\nvPvrxJ.exe
  2⤵
  PID:7980
- C:\Windows\System\LcKBkrv.exe
  C:\Windows\System\LcKBkrv.exe
  2⤵
  PID:7996
- C:\Windows\System\yGEoDrU.exe
  C:\Windows\System\yGEoDrU.exe
  2⤵
  PID:8016
- C:\Windows\System\dHezDQr.exe
  C:\Windows\System\dHezDQr.exe
  2⤵
  PID:8032
- C:\Windows\System\AHtUPuc.exe
  C:\Windows\System\AHtUPuc.exe
  2⤵
  PID:8048
- C:\Windows\System\ooBdOct.exe
  C:\Windows\System\ooBdOct.exe
  2⤵
  PID:8068
- C:\Windows\System\soDdNjo.exe
  C:\Windows\System\soDdNjo.exe
  2⤵
  PID:8088
- C:\Windows\System\TIPbzdh.exe
  C:\Windows\System\TIPbzdh.exe
  2⤵
  PID:8112
- C:\Windows\System\YfeWZpk.exe
  C:\Windows\System\YfeWZpk.exe
  2⤵
  PID:8128
- C:\Windows\System\KodilSh.exe
  C:\Windows\System\KodilSh.exe
  2⤵
  PID:8144
- C:\Windows\System\MwWELQb.exe
  C:\Windows\System\MwWELQb.exe
  2⤵
  PID:8160
- C:\Windows\System\pCiboRO.exe
  C:\Windows\System\pCiboRO.exe
  2⤵
  PID:8176
- C:\Windows\System\DIkPShf.exe
  C:\Windows\System\DIkPShf.exe
  2⤵
  PID:6456
- C:\Windows\System\OCEgSYV.exe
  C:\Windows\System\OCEgSYV.exe
  2⤵
  PID:7204
- C:\Windows\System\HGyoemT.exe
  C:\Windows\System\HGyoemT.exe
  2⤵
  PID:6956
- C:\Windows\System\ILmpCER.exe
  C:\Windows\System\ILmpCER.exe
  2⤵
  PID:7260
- C:\Windows\System\ovJctQG.exe
  C:\Windows\System\ovJctQG.exe
  2⤵
  PID:7236
- C:\Windows\System\ZTAFjmA.exe
  C:\Windows\System\ZTAFjmA.exe
  2⤵
  PID:7304
- C:\Windows\System\ThUIgTm.exe
  C:\Windows\System\ThUIgTm.exe
  2⤵
  PID:7340
- C:\Windows\System\DIamiLZ.exe
  C:\Windows\System\DIamiLZ.exe
  2⤵
  PID:7404
- C:\Windows\System\onnhnDj.exe
  C:\Windows\System\onnhnDj.exe
  2⤵
  PID:7432
- C:\Windows\System\GLrBLCH.exe
  C:\Windows\System\GLrBLCH.exe
  2⤵
  PID:7356
- C:\Windows\System\QAtxiWH.exe
  C:\Windows\System\QAtxiWH.exe
  2⤵
  PID:7468
- C:\Windows\System\CxNmYQt.exe
  C:\Windows\System\CxNmYQt.exe
  2⤵
  PID:7480
- C:\Windows\System\LnZTovL.exe
  C:\Windows\System\LnZTovL.exe
  2⤵
  PID:7516
- C:\Windows\System\xEcyeUK.exe
  C:\Windows\System\xEcyeUK.exe
  2⤵
  PID:7564
- C:\Windows\System\qEsPUdW.exe
  C:\Windows\System\qEsPUdW.exe
  2⤵
  PID:7548
- C:\Windows\System\UHPNEPz.exe
  C:\Windows\System\UHPNEPz.exe
  2⤵
  PID:7640
- C:\Windows\System\mWzNvLs.exe
  C:\Windows\System\mWzNvLs.exe
  2⤵
  PID:7664
- C:\Windows\System\oEMtegc.exe
  C:\Windows\System\oEMtegc.exe
  2⤵
  PID:7700
- C:\Windows\System\pNWZFlL.exe
  C:\Windows\System\pNWZFlL.exe
  2⤵
  PID:7760
- C:\Windows\System\jwNGEMo.exe
  C:\Windows\System\jwNGEMo.exe
  2⤵
  PID:7748
- C:\Windows\System\rjAzMAj.exe
  C:\Windows\System\rjAzMAj.exe
  2⤵
  PID:7824
- C:\Windows\System\IklrDIV.exe
  C:\Windows\System\IklrDIV.exe
  2⤵
  PID:6924
- C:\Windows\System\zXAJMtP.exe
  C:\Windows\System\zXAJMtP.exe
  2⤵
  PID:7892
- C:\Windows\System\HjkZpXR.exe
  C:\Windows\System\HjkZpXR.exe
  2⤵
  PID:7956
- C:\Windows\System\RBXHPeY.exe
  C:\Windows\System\RBXHPeY.exe
  2⤵
  PID:8028
- C:\Windows\System\hARbwuT.exe
  C:\Windows\System\hARbwuT.exe
  2⤵
  PID:8044
- C:\Windows\System\tgiBMjW.exe
  C:\Windows\System\tgiBMjW.exe
  2⤵
  PID:7940
- C:\Windows\System\JCXhcuK.exe
  C:\Windows\System\JCXhcuK.exe
  2⤵
  PID:8008
- C:\Windows\System\spncAxz.exe
  C:\Windows\System\spncAxz.exe
  2⤵
  PID:7872
- C:\Windows\System\cbBFOwL.exe
  C:\Windows\System\cbBFOwL.exe
  2⤵
  PID:8080
- C:\Windows\System\KifYEtT.exe
  C:\Windows\System\KifYEtT.exe
  2⤵
  PID:8104
- C:\Windows\System\dYXxilp.exe
  C:\Windows\System\dYXxilp.exe
  2⤵
  PID:8168
- C:\Windows\System\cpCRAth.exe
  C:\Windows\System\cpCRAth.exe
  2⤵
  PID:7188
- C:\Windows\System\AluUwnZ.exe
  C:\Windows\System\AluUwnZ.exe
  2⤵
  PID:7276
- C:\Windows\System\AIiYmWQ.exe
  C:\Windows\System\AIiYmWQ.exe
  2⤵
  PID:7388
- C:\Windows\System\vpPwgaQ.exe
  C:\Windows\System\vpPwgaQ.exe
  2⤵
  PID:7560
- C:\Windows\System\haABDcd.exe
  C:\Windows\System\haABDcd.exe
  2⤵
  PID:7656
- C:\Windows\System\gtbcyaH.exe
  C:\Windows\System\gtbcyaH.exe
  2⤵
  PID:7596
- C:\Windows\System\OtsFxDt.exe
  C:\Windows\System\OtsFxDt.exe
  2⤵
  PID:8188
- C:\Windows\System\DbtWYEo.exe
  C:\Windows\System\DbtWYEo.exe
  2⤵
  PID:7308
- C:\Windows\System\sRgBFCh.exe
  C:\Windows\System\sRgBFCh.exe
  2⤵
  PID:7716
- C:\Windows\System\MHWDWno.exe
  C:\Windows\System\MHWDWno.exe
  2⤵
  PID:6276
- C:\Windows\System\NNXsUQO.exe
  C:\Windows\System\NNXsUQO.exe
  2⤵
  PID:7416
- C:\Windows\System\ocDaCsC.exe
  C:\Windows\System\ocDaCsC.exe
  2⤵
  PID:7828
- C:\Windows\System\voybHsn.exe
  C:\Windows\System\voybHsn.exe
  2⤵
  PID:8060
- C:\Windows\System\yQJIYVb.exe
  C:\Windows\System\yQJIYVb.exe
  2⤵
  PID:8152
- C:\Windows\System\ogFVvLj.exe
  C:\Windows\System\ogFVvLj.exe
  2⤵
  PID:8136
- C:\Windows\System\TTdcnXI.exe
  C:\Windows\System\TTdcnXI.exe
  2⤵
  PID:7452
- C:\Windows\System\qChbblj.exe
  C:\Windows\System\qChbblj.exe
  2⤵
  PID:7220
- C:\Windows\System\vZYgYcP.exe
  C:\Windows\System\vZYgYcP.exe
  2⤵
  PID:7612
- C:\Windows\System\NxEJMlv.exe
  C:\Windows\System\NxEJMlv.exe
  2⤵
  PID:7780
- C:\Windows\System\yTrLpQR.exe
  C:\Windows\System\yTrLpQR.exe
  2⤵
  PID:7400
- C:\Windows\System\DaxehaC.exe
  C:\Windows\System\DaxehaC.exe
  2⤵
  PID:7936
- C:\Windows\System\HPbcdLs.exe
  C:\Windows\System\HPbcdLs.exe
  2⤵
  PID:7812
- C:\Windows\System\jkddyRc.exe
  C:\Windows\System\jkddyRc.exe
  2⤵
  PID:7256
- C:\Windows\System\hIkNBjH.exe
  C:\Windows\System\hIkNBjH.exe
  2⤵
  PID:8040
- C:\Windows\System\hIhFYTM.exe
  C:\Windows\System\hIhFYTM.exe
  2⤵
  PID:8120
- C:\Windows\System\Mohdmle.exe
  C:\Windows\System\Mohdmle.exe
  2⤵
  PID:7952
- C:\Windows\System\tdjOQLA.exe
  C:\Windows\System\tdjOQLA.exe
  2⤵
  PID:7592
- C:\Windows\System\ZmEDHto.exe
  C:\Windows\System\ZmEDHto.exe
  2⤵
  PID:7744
- C:\Windows\System\maXCQYF.exe
  C:\Windows\System\maXCQYF.exe
  2⤵
  PID:7324
- C:\Windows\System\qKfeZMh.exe
  C:\Windows\System\qKfeZMh.exe
  2⤵
  PID:7888
- C:\Windows\System\efPxdiw.exe
  C:\Windows\System\efPxdiw.exe
  2⤵
  PID:8224
- C:\Windows\System\KfXqWbt.exe
  C:\Windows\System\KfXqWbt.exe
  2⤵
  PID:8240
- C:\Windows\System\HtCPARC.exe
  C:\Windows\System\HtCPARC.exe
  2⤵
  PID:8256
- C:\Windows\System\mrzxFhN.exe
  C:\Windows\System\mrzxFhN.exe
  2⤵
  PID:8272
- C:\Windows\System\XNlgyNr.exe
  C:\Windows\System\XNlgyNr.exe
  2⤵
  PID:8288
- C:\Windows\System\fqSoVWo.exe
  C:\Windows\System\fqSoVWo.exe
  2⤵
  PID:8304
- C:\Windows\System\JtAXWkx.exe
  C:\Windows\System\JtAXWkx.exe
  2⤵
  PID:8320
- C:\Windows\System\NOPbKDq.exe
  C:\Windows\System\NOPbKDq.exe
  2⤵
  PID:8336
- C:\Windows\System\GjZSCuo.exe
  C:\Windows\System\GjZSCuo.exe
  2⤵
  PID:8352
- C:\Windows\System\oKEbelO.exe
  C:\Windows\System\oKEbelO.exe
  2⤵
  PID:8368
- C:\Windows\System\cboylzY.exe
  C:\Windows\System\cboylzY.exe
  2⤵
  PID:8384
- C:\Windows\System\zOuFmDx.exe
  C:\Windows\System\zOuFmDx.exe
  2⤵
  PID:8400
- C:\Windows\System\HUNCupR.exe
  C:\Windows\System\HUNCupR.exe
  2⤵
  PID:8416
- C:\Windows\System\QTlXXbh.exe
  C:\Windows\System\QTlXXbh.exe
  2⤵
  PID:8444
- C:\Windows\System\omEQYTA.exe
  C:\Windows\System\omEQYTA.exe
  2⤵
  PID:8460
- C:\Windows\System\EuvzDBO.exe
  C:\Windows\System\EuvzDBO.exe
  2⤵
  PID:8476
- C:\Windows\System\FeAntHM.exe
  C:\Windows\System\FeAntHM.exe
  2⤵
  PID:8492
- C:\Windows\System\sbUISEV.exe
  C:\Windows\System\sbUISEV.exe
  2⤵
  PID:8508
- C:\Windows\System\mvLqvzQ.exe
  C:\Windows\System\mvLqvzQ.exe
  2⤵
  PID:8524
- C:\Windows\System\wrVtPwl.exe
  C:\Windows\System\wrVtPwl.exe
  2⤵
  PID:8540
- C:\Windows\System\tNccNSI.exe
  C:\Windows\System\tNccNSI.exe
  2⤵
  PID:8556
- C:\Windows\System\vzsmWqB.exe
  C:\Windows\System\vzsmWqB.exe
  2⤵
  PID:8572
- C:\Windows\System\MacMUKz.exe
  C:\Windows\System\MacMUKz.exe
  2⤵
  PID:8588
- C:\Windows\System\COMlikt.exe
  C:\Windows\System\COMlikt.exe
  2⤵
  PID:8604
- C:\Windows\System\BrPjQTR.exe
  C:\Windows\System\BrPjQTR.exe
  2⤵
  PID:8620
- C:\Windows\System\ftHDnNZ.exe
  C:\Windows\System\ftHDnNZ.exe
  2⤵
  PID:8636
- C:\Windows\System\TtwtFKH.exe
  C:\Windows\System\TtwtFKH.exe
  2⤵
  PID:8652
- C:\Windows\System\lgZWkEA.exe
  C:\Windows\System\lgZWkEA.exe
  2⤵
  PID:8668
- C:\Windows\System\cFEIaDh.exe
  C:\Windows\System\cFEIaDh.exe
  2⤵
  PID:8684
- C:\Windows\System\OBzYTaB.exe
  C:\Windows\System\OBzYTaB.exe
  2⤵
  PID:8700
- C:\Windows\System\yJYQkOu.exe
  C:\Windows\System\yJYQkOu.exe
  2⤵
  PID:8720
- C:\Windows\System\HerEXMs.exe
  C:\Windows\System\HerEXMs.exe
  2⤵
  PID:8736
- C:\Windows\System\DZEHqcE.exe
  C:\Windows\System\DZEHqcE.exe
  2⤵
  PID:8752
- C:\Windows\System\RsWKija.exe
  C:\Windows\System\RsWKija.exe
  2⤵
  PID:8772
- C:\Windows\System\GMzNFjA.exe
  C:\Windows\System\GMzNFjA.exe
  2⤵
  PID:8792
- C:\Windows\System\VtGtpIP.exe
  C:\Windows\System\VtGtpIP.exe
  2⤵
  PID:8808
- C:\Windows\System\jNxMTIl.exe
  C:\Windows\System\jNxMTIl.exe
  2⤵
  PID:8832
- C:\Windows\System\riTMdfJ.exe
  C:\Windows\System\riTMdfJ.exe
  2⤵
  PID:8848
- C:\Windows\System\kTYqXZI.exe
  C:\Windows\System\kTYqXZI.exe
  2⤵
  PID:8864
- C:\Windows\System\lcMzQHs.exe
  C:\Windows\System\lcMzQHs.exe
  2⤵
  PID:8880
- C:\Windows\System\tReUtBt.exe
  C:\Windows\System\tReUtBt.exe
  2⤵
  PID:8896
- C:\Windows\System\MrDoZEu.exe
  C:\Windows\System\MrDoZEu.exe
  2⤵
  PID:8912
- C:\Windows\System\lbrbcFP.exe
  C:\Windows\System\lbrbcFP.exe
  2⤵
  PID:8928
- C:\Windows\System\YqoSFxe.exe
  C:\Windows\System\YqoSFxe.exe
  2⤵
  PID:8944
- C:\Windows\System\OUijyMD.exe
  C:\Windows\System\OUijyMD.exe
  2⤵
  PID:8964
- C:\Windows\System\mqulIoC.exe
  C:\Windows\System\mqulIoC.exe
  2⤵
  PID:8980
- C:\Windows\System\sMxEAaZ.exe
  C:\Windows\System\sMxEAaZ.exe
  2⤵
  PID:8996
- C:\Windows\System\szkdGFT.exe
  C:\Windows\System\szkdGFT.exe
  2⤵
  PID:9012
- C:\Windows\System\hypBgmV.exe
  C:\Windows\System\hypBgmV.exe
  2⤵
  PID:9028
- C:\Windows\System\sqktvVJ.exe
  C:\Windows\System\sqktvVJ.exe
  2⤵
  PID:9044
- C:\Windows\System\kgMjzWz.exe
  C:\Windows\System\kgMjzWz.exe
  2⤵
  PID:9064
- C:\Windows\System\zLKdivG.exe
  C:\Windows\System\zLKdivG.exe
  2⤵
  PID:9080
- C:\Windows\System\lKukxxC.exe
  C:\Windows\System\lKukxxC.exe
  2⤵
  PID:9096
- C:\Windows\System\uBHIdGR.exe
  C:\Windows\System\uBHIdGR.exe
  2⤵
  PID:9112
- C:\Windows\System\hTbJTcB.exe
  C:\Windows\System\hTbJTcB.exe
  2⤵
  PID:9128
- C:\Windows\System\KAwsHHI.exe
  C:\Windows\System\KAwsHHI.exe
  2⤵
  PID:9144
- C:\Windows\System\lzFLHKY.exe
  C:\Windows\System\lzFLHKY.exe
  2⤵
  PID:9184
- C:\Windows\System\pPrLbHg.exe
  C:\Windows\System\pPrLbHg.exe
  2⤵
  PID:8296
- C:\Windows\System\geMTzXY.exe
  C:\Windows\System\geMTzXY.exe
  2⤵
  PID:8360
- C:\Windows\System\CQALWFQ.exe
  C:\Windows\System\CQALWFQ.exe
  2⤵
  PID:7676
- C:\Windows\System\CYPrlrp.exe
  C:\Windows\System\CYPrlrp.exe
  2⤵
  PID:8076
- C:\Windows\System\Ribxuif.exe
  C:\Windows\System\Ribxuif.exe
  2⤵
  PID:8312
- C:\Windows\System\jsVSNAN.exe
  C:\Windows\System\jsVSNAN.exe
  2⤵
  PID:8452
- C:\Windows\System\JDphaCj.exe
  C:\Windows\System\JDphaCj.exe
  2⤵
  PID:8584
- C:\Windows\System\tXXrHLN.exe
  C:\Windows\System\tXXrHLN.exe
  2⤵
  PID:8520
- C:\Windows\System\vTsmVxK.exe
  C:\Windows\System\vTsmVxK.exe
  2⤵
  PID:8816
- C:\Windows\System\owaxAcF.exe
  C:\Windows\System\owaxAcF.exe
  2⤵
  PID:8924
- C:\Windows\System\UicbMFO.exe
  C:\Windows\System\UicbMFO.exe
  2⤵
  PID:9024
- C:\Windows\System\VLxfomh.exe
  C:\Windows\System\VLxfomh.exe
  2⤵
  PID:9120
- C:\Windows\System\ftspXXk.exe
  C:\Windows\System\ftspXXk.exe
  2⤵
  PID:9160
- C:\Windows\System\dVayVBe.exe
  C:\Windows\System\dVayVBe.exe
  2⤵
  PID:9172
- C:\Windows\System\kQaUrEG.exe
  C:\Windows\System\kQaUrEG.exe
  2⤵
  PID:7712
- C:\Windows\System\RWhCzQK.exe
  C:\Windows\System\RWhCzQK.exe
  2⤵
  PID:9196
- C:\Windows\System\hHiAYqx.exe
  C:\Windows\System\hHiAYqx.exe
  2⤵
  PID:8264
- C:\Windows\System\OakMiWk.exe
  C:\Windows\System\OakMiWk.exe
  2⤵
  PID:8392
- C:\Windows\System\RlsjFen.exe
  C:\Windows\System\RlsjFen.exe
  2⤵
  PID:8432
- C:\Windows\System\pqZDqBO.exe
  C:\Windows\System\pqZDqBO.exe
  2⤵
  PID:8732
- C:\Windows\System\wpmlBhJ.exe
  C:\Windows\System\wpmlBhJ.exe
  2⤵
  PID:8344
- C:\Windows\System\IbXteTT.exe
  C:\Windows\System\IbXteTT.exe
  2⤵
  PID:8748
- C:\Windows\System\SXKrWUL.exe
  C:\Windows\System\SXKrWUL.exe
  2⤵
  PID:8680
- C:\Windows\System\URLuxkq.exe
  C:\Windows\System\URLuxkq.exe
  2⤵
  PID:8992
- C:\Windows\System\SGlzlSg.exe
  C:\Windows\System\SGlzlSg.exe
  2⤵
  PID:9180
- C:\Windows\System\wFxVrBA.exe
  C:\Windows\System\wFxVrBA.exe
  2⤵
  PID:9072
- C:\Windows\System\EMETPvm.exe
  C:\Windows\System\EMETPvm.exe
  2⤵
  PID:8728
- C:\Windows\System\pkueuRE.exe
  C:\Windows\System\pkueuRE.exe
  2⤵
  PID:9208
- C:\Windows\System\gjWIAbf.exe
  C:\Windows\System\gjWIAbf.exe
  2⤵
  PID:9156
- C:\Windows\System\UXlppMM.exe
  C:\Windows\System\UXlppMM.exe
  2⤵
  PID:8872
- C:\Windows\System\jfnqjYk.exe
  C:\Windows\System\jfnqjYk.exe
  2⤵
  PID:8456
- C:\Windows\System\YgMprTP.exe
  C:\Windows\System\YgMprTP.exe
  2⤵
  PID:8764
- C:\Windows\System\jOCdtjL.exe
  C:\Windows\System\jOCdtjL.exe
  2⤵
  PID:9040
- C:\Windows\System\btrUiBF.exe
  C:\Windows\System\btrUiBF.exe
  2⤵
  PID:8892
- C:\Windows\System\lJTqDqN.exe
  C:\Windows\System\lJTqDqN.exe
  2⤵
  PID:8252
- C:\Windows\System\uMavtcK.exe
  C:\Windows\System\uMavtcK.exe
  2⤵
  PID:8024
- C:\Windows\System\YEotKVE.exe
  C:\Windows\System\YEotKVE.exe
  2⤵
  PID:7992
- C:\Windows\System\OlqrBhj.exe
  C:\Windows\System\OlqrBhj.exe
  2⤵
  PID:8920
- C:\Windows\System\qMawFND.exe
  C:\Windows\System\qMawFND.exe
  2⤵
  PID:8196
- C:\Windows\System\ZteoDmV.exe
  C:\Windows\System\ZteoDmV.exe
  2⤵
  PID:8248
- C:\Windows\System\PfFEjCy.exe
  C:\Windows\System\PfFEjCy.exe
  2⤵
  PID:9056
- C:\Windows\System\ObiyynH.exe
  C:\Windows\System\ObiyynH.exe
  2⤵
  PID:8988
- C:\Windows\System\LFNANnG.exe
  C:\Windows\System\LFNANnG.exe
  2⤵
  PID:8744
- C:\Windows\System\dXhPdHY.exe
  C:\Windows\System\dXhPdHY.exe
  2⤵
  PID:9060
- C:\Windows\System\vgymUeP.exe
  C:\Windows\System\vgymUeP.exe
  2⤵
  PID:8500
- C:\Windows\System\dHwChWc.exe
  C:\Windows\System\dHwChWc.exe
  2⤵
  PID:8424
- C:\Windows\System\uFhSvxD.exe
  C:\Windows\System\uFhSvxD.exe
  2⤵
  PID:8412
- C:\Windows\System\hKewsep.exe
  C:\Windows\System\hKewsep.exe
  2⤵
  PID:9108
- C:\Windows\System\YtBgLku.exe
  C:\Windows\System\YtBgLku.exe
  2⤵
  PID:8876
- C:\Windows\System\EVoqHey.exe
  C:\Windows\System\EVoqHey.exe
  2⤵
  PID:8284
- C:\Windows\System\liFrDSU.exe
  C:\Windows\System\liFrDSU.exe
  2⤵
  PID:9136
- C:\Windows\System\SqAeKce.exe
  C:\Windows\System\SqAeKce.exe
  2⤵
  PID:7500
- C:\Windows\System\IpiyxGC.exe
  C:\Windows\System\IpiyxGC.exe
  2⤵
  PID:8220
- C:\Windows\System\XHgwHVh.exe
  C:\Windows\System\XHgwHVh.exe
  2⤵
  PID:8804
- C:\Windows\System\mhwhOuW.exe
  C:\Windows\System\mhwhOuW.exe
  2⤵
  PID:8840
- C:\Windows\System\HGOaUUD.exe
  C:\Windows\System\HGOaUUD.exe
  2⤵
  PID:8828
- C:\Windows\System\gMLOpvH.exe
  C:\Windows\System\gMLOpvH.exe
  2⤵
  PID:8440
- C:\Windows\System\wGWYPpP.exe
  C:\Windows\System\wGWYPpP.exe
  2⤵
  PID:8676
- C:\Windows\System\IWinwNp.exe
  C:\Windows\System\IWinwNp.exe
  2⤵
  PID:8484
- C:\Windows\System\ALVCian.exe
  C:\Windows\System\ALVCian.exe
  2⤵
  PID:9140
- C:\Windows\System\wjNHcuk.exe
  C:\Windows\System\wjNHcuk.exe
  2⤵
  PID:9152
- C:\Windows\System\bQNkPKt.exe
  C:\Windows\System\bQNkPKt.exe
  2⤵
  PID:9092
- C:\Windows\System\sXFDyEJ.exe
  C:\Windows\System\sXFDyEJ.exe
  2⤵
  PID:8784
- C:\Windows\System\FynSges.exe
  C:\Windows\System\FynSges.exe
  2⤵
  PID:8616
- C:\Windows\System\cVaVijf.exe
  C:\Windows\System\cVaVijf.exe
  2⤵
  PID:8216
- C:\Windows\System\oYgEJlx.exe
  C:\Windows\System\oYgEJlx.exe
  2⤵
  PID:8940
- C:\Windows\System\qlxOYDx.exe
  C:\Windows\System\qlxOYDx.exe
  2⤵
  PID:2568
- C:\Windows\System\pLPcucJ.exe
  C:\Windows\System\pLPcucJ.exe
  2⤵
  PID:8960
- C:\Windows\System\CVEoMPG.exe
  C:\Windows\System\CVEoMPG.exe
  2⤵
  PID:8328
- C:\Windows\System\DQTRONz.exe
  C:\Windows\System\DQTRONz.exe
  2⤵
  PID:9220
- C:\Windows\System\bGwJNNw.exe
  C:\Windows\System\bGwJNNw.exe
  2⤵
  PID:9236
- C:\Windows\System\akdqMmH.exe
  C:\Windows\System\akdqMmH.exe
  2⤵
  PID:9252
- C:\Windows\System\LtBEgsh.exe
  C:\Windows\System\LtBEgsh.exe
  2⤵
  PID:9268
- C:\Windows\System\WbTFJZA.exe
  C:\Windows\System\WbTFJZA.exe
  2⤵
  PID:9284
- C:\Windows\System\eNEWxkj.exe
  C:\Windows\System\eNEWxkj.exe
  2⤵
  PID:9300
- C:\Windows\System\HTkujnC.exe
  C:\Windows\System\HTkujnC.exe
  2⤵
  PID:9316
- C:\Windows\System\fuorMan.exe
  C:\Windows\System\fuorMan.exe
  2⤵
  PID:9332
- C:\Windows\System\JQgwhWJ.exe
  C:\Windows\System\JQgwhWJ.exe
  2⤵
  PID:9352
- C:\Windows\System\WRxhMWw.exe
  C:\Windows\System\WRxhMWw.exe
  2⤵
  PID:9368
- C:\Windows\System\ShuvHYE.exe
  C:\Windows\System\ShuvHYE.exe
  2⤵
  PID:9384
- C:\Windows\System\RmYtKBe.exe
  C:\Windows\System\RmYtKBe.exe
  2⤵
  PID:9400
- C:\Windows\System\FPCQbbt.exe
  C:\Windows\System\FPCQbbt.exe
  2⤵
  PID:9416
- C:\Windows\System\AybzKkJ.exe
  C:\Windows\System\AybzKkJ.exe
  2⤵
  PID:9432
- C:\Windows\System\nfRAANg.exe
  C:\Windows\System\nfRAANg.exe
  2⤵
  PID:9448
- C:\Windows\System\GkWBRdp.exe
  C:\Windows\System\GkWBRdp.exe
  2⤵
  PID:9464
- C:\Windows\System\jPqRpvI.exe
  C:\Windows\System\jPqRpvI.exe
  2⤵
  PID:9480
- C:\Windows\System\zSqnSvT.exe
  C:\Windows\System\zSqnSvT.exe
  2⤵
  PID:9496
- C:\Windows\System\JFnOFvM.exe
  C:\Windows\System\JFnOFvM.exe
  2⤵
  PID:9512
- C:\Windows\System\oviyJMO.exe
  C:\Windows\System\oviyJMO.exe
  2⤵
  PID:9528
- C:\Windows\System\qzSRmuB.exe
  C:\Windows\System\qzSRmuB.exe
  2⤵
  PID:9544
- C:\Windows\System\WphWqcn.exe
  C:\Windows\System\WphWqcn.exe
  2⤵
  PID:9560
- C:\Windows\System\fClwUAC.exe
  C:\Windows\System\fClwUAC.exe
  2⤵
  PID:9576
- C:\Windows\System\uLhYtvs.exe
  C:\Windows\System\uLhYtvs.exe
  2⤵
  PID:9592
- C:\Windows\System\jDNWYuE.exe
  C:\Windows\System\jDNWYuE.exe
  2⤵
  PID:9608
- C:\Windows\System\SKunliU.exe
  C:\Windows\System\SKunliU.exe
  2⤵
  PID:9624
- C:\Windows\System\AdPKBXJ.exe
  C:\Windows\System\AdPKBXJ.exe
  2⤵
  PID:9640
- C:\Windows\System\xxBDltE.exe
  C:\Windows\System\xxBDltE.exe
  2⤵
  PID:9656
- C:\Windows\System\nZtaaPc.exe
  C:\Windows\System\nZtaaPc.exe
  2⤵
  PID:9672
- C:\Windows\System\LCzIhZe.exe
  C:\Windows\System\LCzIhZe.exe
  2⤵
  PID:9688
- C:\Windows\System\PSZlhpR.exe
  C:\Windows\System\PSZlhpR.exe
  2⤵
  PID:9704
- C:\Windows\System\sBpDzXw.exe
  C:\Windows\System\sBpDzXw.exe
  2⤵
  PID:9720
- C:\Windows\System\KaVikEy.exe
  C:\Windows\System\KaVikEy.exe
  2⤵
  PID:9740
- C:\Windows\System\chwvcyU.exe
  C:\Windows\System\chwvcyU.exe
  2⤵
  PID:9756
- C:\Windows\System\gWHKkrC.exe
  C:\Windows\System\gWHKkrC.exe
  2⤵
  PID:9772
- C:\Windows\System\VlYEtJY.exe
  C:\Windows\System\VlYEtJY.exe
  2⤵
  PID:9788
- C:\Windows\System\KarsRCG.exe
  C:\Windows\System\KarsRCG.exe
  2⤵
  PID:9804
- C:\Windows\System\ODOhoBF.exe
  C:\Windows\System\ODOhoBF.exe
  2⤵
  PID:9820
- C:\Windows\System\XNkCZuy.exe
  C:\Windows\System\XNkCZuy.exe
  2⤵
  PID:9836
- C:\Windows\System\gujprVg.exe
  C:\Windows\System\gujprVg.exe
  2⤵
  PID:9856
- C:\Windows\System\nZlLDTC.exe
  C:\Windows\System\nZlLDTC.exe
  2⤵
  PID:9872
- C:\Windows\System\VQelLUh.exe
  C:\Windows\System\VQelLUh.exe
  2⤵
  PID:9888
- C:\Windows\System\nsZmxyB.exe
  C:\Windows\System\nsZmxyB.exe
  2⤵
  PID:9904
- C:\Windows\System\zWTFSRY.exe
  C:\Windows\System\zWTFSRY.exe
  2⤵
  PID:9920
- C:\Windows\System\DEbadXs.exe
  C:\Windows\System\DEbadXs.exe
  2⤵
  PID:9936
- C:\Windows\System\vTzWclu.exe
  C:\Windows\System\vTzWclu.exe
  2⤵
  PID:9952
- C:\Windows\System\NCGcWMI.exe
  C:\Windows\System\NCGcWMI.exe
  2⤵
  PID:9968
- C:\Windows\System\UQxZuce.exe
  C:\Windows\System\UQxZuce.exe
  2⤵
  PID:9984
- C:\Windows\System\GgjwmwI.exe
  C:\Windows\System\GgjwmwI.exe
  2⤵
  PID:10000
- C:\Windows\System\OJDVyfv.exe
  C:\Windows\System\OJDVyfv.exe
  2⤵
  PID:10016
- C:\Windows\System\aCuVPQp.exe
  C:\Windows\System\aCuVPQp.exe
  2⤵
  PID:10032
- C:\Windows\System\HdiHnZQ.exe
  C:\Windows\System\HdiHnZQ.exe
  2⤵
  PID:10048
- C:\Windows\System\pRZLNEo.exe
  C:\Windows\System\pRZLNEo.exe
  2⤵
  PID:10064
- C:\Windows\System\fBcvtBo.exe
  C:\Windows\System\fBcvtBo.exe
  2⤵
  PID:10080
- C:\Windows\System\CynfNsi.exe
  C:\Windows\System\CynfNsi.exe
  2⤵
  PID:10096
- C:\Windows\System\yROgPlI.exe
  C:\Windows\System\yROgPlI.exe
  2⤵
  PID:10112
- C:\Windows\System\QTsSsFM.exe
  C:\Windows\System\QTsSsFM.exe
  2⤵
  PID:10132
- C:\Windows\System\iWOOmCJ.exe
  C:\Windows\System\iWOOmCJ.exe
  2⤵
  PID:10148
- C:\Windows\System\ZOTILFc.exe
  C:\Windows\System\ZOTILFc.exe
  2⤵
  PID:10164
- C:\Windows\System\KOFrDcp.exe
  C:\Windows\System\KOFrDcp.exe
  2⤵
  PID:10180
- C:\Windows\System\gHKmzme.exe
  C:\Windows\System\gHKmzme.exe
  2⤵
  PID:10196
- C:\Windows\System\OrlniIq.exe
  C:\Windows\System\OrlniIq.exe
  2⤵
  PID:10212
- C:\Windows\System\AUXYlWf.exe
  C:\Windows\System\AUXYlWf.exe
  2⤵
  PID:10228
- C:\Windows\System\gOHttux.exe
  C:\Windows\System\gOHttux.exe
  2⤵
  PID:8824
- C:\Windows\System\nnGohSH.exe
  C:\Windows\System\nnGohSH.exe
  2⤵
  PID:9244
- C:\Windows\System\BkerdQa.exe
  C:\Windows\System\BkerdQa.exe
  2⤵
  PID:9212
- C:\Windows\System\zhFrzEE.exe
  C:\Windows\System\zhFrzEE.exe
  2⤵
  PID:9228
- C:\Windows\System\LmznpYm.exe
  C:\Windows\System\LmznpYm.exe
  2⤵
  PID:9360
- C:\Windows\System\dHvXcpc.exe
  C:\Windows\System\dHvXcpc.exe
  2⤵
  PID:9424
- C:\Windows\System\awOQppM.exe
  C:\Windows\System\awOQppM.exe
  2⤵
  PID:9488
- C:\Windows\System\gdcxPEE.exe
  C:\Windows\System\gdcxPEE.exe
  2⤵
  PID:9556
- C:\Windows\System\pSWrNfP.exe
  C:\Windows\System\pSWrNfP.exe
  2⤵
  PID:9408
- C:\Windows\System\PibGaYD.exe
  C:\Windows\System\PibGaYD.exe
  2⤵
  PID:9276
- C:\Windows\System\fIVqbtF.exe
  C:\Windows\System\fIVqbtF.exe
  2⤵
  PID:9376
- C:\Windows\System\glmhTQW.exe
  C:\Windows\System\glmhTQW.exe
  2⤵
  PID:9504
- C:\Windows\System\XYCFygJ.exe
  C:\Windows\System\XYCFygJ.exe
  2⤵
  PID:9508
- C:\Windows\System\ZYmJuqh.exe
  C:\Windows\System\ZYmJuqh.exe
  2⤵
  PID:9572
- C:\Windows\System\dWtoftX.exe
  C:\Windows\System\dWtoftX.exe
  2⤵
  PID:9664
- C:\Windows\System\TfOQbCR.exe
  C:\Windows\System\TfOQbCR.exe
  2⤵
  PID:9652
- C:\Windows\System\oUnLJEN.exe
  C:\Windows\System\oUnLJEN.exe
  2⤵
  PID:9712
- C:\Windows\System\RSlplJk.exe
  C:\Windows\System\RSlplJk.exe
  2⤵
  PID:9752
- C:\Windows\System\HbFrvSB.exe
  C:\Windows\System\HbFrvSB.exe
  2⤵
  PID:9780
- C:\Windows\System\fhmjLou.exe
  C:\Windows\System\fhmjLou.exe
  2⤵
  PID:9796
- C:\Windows\System\tOgxijh.exe
  C:\Windows\System\tOgxijh.exe
  2⤵
  PID:9848
- C:\Windows\System\OaYfoSR.exe
  C:\Windows\System\OaYfoSR.exe
  2⤵
  PID:9828
- C:\Windows\System\VjYbcYQ.exe
  C:\Windows\System\VjYbcYQ.exe
  2⤵
  PID:9868
- C:\Windows\System\RqUtEgS.exe
  C:\Windows\System\RqUtEgS.exe
  2⤵
  PID:9960
- C:\Windows\System\ZgzypxG.exe
  C:\Windows\System\ZgzypxG.exe
  2⤵
  PID:9996
- C:\Windows\System\tZianZW.exe
  C:\Windows\System\tZianZW.exe
  2⤵
  PID:10088
- C:\Windows\System\hodnfcT.exe
  C:\Windows\System\hodnfcT.exe
  2⤵
  PID:9980
- C:\Windows\System\RXsUKMX.exe
  C:\Windows\System\RXsUKMX.exe
  2⤵
  PID:10060
- C:\Windows\System\fjUgCQT.exe
  C:\Windows\System\fjUgCQT.exe
  2⤵
  PID:10160
- C:\Windows\System\ofwghHO.exe
  C:\Windows\System\ofwghHO.exe
  2⤵
  PID:10192
- C:\Windows\System\SMhwTcI.exe
  C:\Windows\System\SMhwTcI.exe
  2⤵
  PID:10224
- C:\Windows\System\oGfkmnO.exe
  C:\Windows\System\oGfkmnO.exe
  2⤵
  PID:8856
- C:\Windows\System\gNjzgbj.exe
  C:\Windows\System\gNjzgbj.exe
  2⤵
  PID:10140
- C:\Windows\System\prfFnbH.exe
  C:\Windows\System\prfFnbH.exe
  2⤵
  PID:7976
- C:\Windows\System\NEvaIXM.exe
  C:\Windows\System\NEvaIXM.exe
  2⤵
  PID:9296
- C:\Windows\System\wMjqHaE.exe
  C:\Windows\System\wMjqHaE.exe
  2⤵
  PID:9552
- C:\Windows\System\BdktRdZ.exe
  C:\Windows\System\BdktRdZ.exe
  2⤵
  PID:9264
- C:\Windows\System\waShobe.exe
  C:\Windows\System\waShobe.exe
  2⤵
  PID:9492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\EOkYLYH.exe

Filesize
1.6MB

MD5
b590e609a5e4f2159683f249c7c7ff7b

SHA1
84fa78c31a7d8ad67fca042fcd67eb8c541a70d3

SHA256
ba60271339ba3aab6e0d61b0261d5d56eca719b0e8c73bdc38d5bf4dff17e77d

SHA512
45e591e94a9e515a874184a1387a6351a263ba8ae63214fcfa7ff37045442dad02069f3b3bcb2112b9a50a36e330c3997aae3f200df497291d0168fc2a5b6639

Download Submit
C:\Windows\system\HOkGixs.exe

Filesize
1.6MB

MD5
ebc8bee05867a56ebdad2ddf0e3513de

SHA1
c55501336e86b2d34c8645b12c0b6a929d0a4536

SHA256
30fa0a74079dc4c27a9c2b59309c577aede969098310ed3a620cce08bf2ec4b3

SHA512
4711218625a61afd547038577aa325777333559506da75b6639957dfa486ddcd1451b4698c712c3b9ce420c1211b58ead877c6e2d29095afda77ca620c280715

Download Submit
C:\Windows\system\IIwOOuL.exe

Filesize
1.6MB

MD5
9180865464abb9d8a88718344d8e6010

SHA1
54f667437e47b8aac16309d5ea5bcf952f86b289

SHA256
e6a1d21c142225913a6c6a9d688693c63486a194f7f92abdde71ebba9313d85e

SHA512
8a8d76dc65e12724f350570cf95a463e4649576181537dcb790375cd9eef627ef243e8a10c3531a131fa307fa2e65e8af2617757e9ff7a4e4dd8d2ca54fc52f1

Download Submit
C:\Windows\system\OcCgxVk.exe

Filesize
1.6MB

MD5
f007f78fed242a2e10993e22284a437b

SHA1
fb26271b19c1edc15b2b5b8867211aab02459705

SHA256
47c79491951fb08e6615ca3acbf985a916d76f6a88ba336708a90bc348869cda

SHA512
f56d424d6ca0c32c81866a362a7f7ad5fadd2a3bf48e6a972cb71d9bca5412acfeb5acfad8898cc53f33e1bfe4bfe2f832256bca65dc0e3fdb9b37fd097d64a9

Download Submit
C:\Windows\system\QYJPBdF.exe

Filesize
1.6MB

MD5
544f4c31418ce0f287b6798b078d846c

SHA1
63e1254268db1de0e33393d6ee73e217d3cda3c6

SHA256
eddcce4d188b950136db00b52a71b78858a0aed8ffab3aee9ee2d85540fad47f

SHA512
97638511d0a313f4615c76fd3e615cbdc18e2c0affbbf3cc8eda2f0d1a023ccb8dea910cee69a99e958e4bf74a293dcba513d374aa5ee74355114f730fcc2051

Download Submit
C:\Windows\system\REfRmSP.exe

Filesize
1.6MB

MD5
c24f9ebeaf8e9bcdb7ace18fa43d29db

SHA1
dc6514c09ac86a5808187224b1701540fc613a03

SHA256
5e86e7c3ed29a6af706c2b2fd5a1eb14bf8b8defe16d27ebe5b8392b9cd8485c

SHA512
d6b58f7c50e80097605ce9fc9736d34fdd9d1abacdd769ed4b47478271e9e9e9d4d2e5d1acbfd1c2b3f411b878c528d69268a9e7a6e3e5e8c9fb621e6d4af985

Download Submit
C:\Windows\system\VOyGOnq.exe

Filesize
1.6MB

MD5
f2a37d4ed056ba79f1ca37eb8a2ab4ca

SHA1
03b80e1e672011a8a9c4eaf24b4be696f309b0b9

SHA256
18aee117705acc64d48c4bcd276d8bd34538c9ca5b17ee1fd7d070a85c311fd5

SHA512
926bc5ea77de4a5c782d81d7c6e00d8d1aa36034f9258a1a91dfa735e3dee72654e3925521b32ef1d91cf22ba485cb8dca430315c8bd38110ab1cecd51ea44f0

Download Submit
C:\Windows\system\VrSvzGb.exe

Filesize
1.6MB

MD5
8331ab8148141aff93cc077c8df6693f

SHA1
89bf62b814cb398b38d4cf3c552499d83a00aa21

SHA256
64ed78f563660b97d064532c32be315c837e12ff8d5944ff2f10b269f695a229

SHA512
f5596e50c1a36bdb76751309fa1900c6f3bb00c88d6026905b4cd9088d47718fa2190baa06da49cea648d93382c06eb03dba8ae47cfe61330226206fcf9be5ba

Download Submit
C:\Windows\system\WystYgP.exe

Filesize
1.6MB

MD5
0db00c7781a0d1417d4d673cf6b8449e

SHA1
05d071a15d6822fbb151f2c2aaacd808fca8b11f

SHA256
ae3dbd067fa007869485332d0c31d7a1ebcbb257fe157595facec561c230ce61

SHA512
bc0305b449e2237346f3624952b7aad03f9b644f68cac3de6c2c7f72cb9864e5eb104b9ebaf99ac44808b27a936352d738e09f9ed8e4678ea2737a2f19d62106

Download Submit
C:\Windows\system\XxGmOaw.exe

Filesize
8B

MD5
68703642e5faeaf00b4b9f791a04a7f5

SHA1
2e8f5d51bda54b6b227caed2cb4535020c7a482c

SHA256
76bc446e18daed4e6417440c778e757728762c893f014de08ffa5f0fe98668bd

SHA512
0c1919485a30576b5fdf963204dc04b356f524c23dfb4ffaecdbb8a8ea4a0993cf3ac05bee011edf07b5b637ac7455499983eac22f5cdd87cd869e7a046115a5

Download Submit
C:\Windows\system\YuwzRkM.exe

Filesize
1.6MB

MD5
6f69932f3c235f7f611a233ad9fd0a61

SHA1
1922d4dd4530d5ca70c9f0df4e2ef6d1ab3796c7

SHA256
0e28c0021e9dbdb0e9348142d4b7f038677d1661b68e3e9badd2a4ba00f1afbf

SHA512
b21f3f58b6bc6b81e074709e4e20634f80b99e53053c24d514f69eacf63d3a0769c1e0b50453f084fa94058bfcd6f95ea0be595f92d09c1516460710854fb318

Download Submit
C:\Windows\system\ZXsktgP.exe

Filesize
1.6MB

MD5
45dfdf57a77584d8bce9f441d4a0ccf4

SHA1
f78032f283f409c54f0a48e409b5cdd610af2deb

SHA256
2a3c357d50469d701654edbaa8fc6c9c89a55c04499b69669955c9d31b86f1a6

SHA512
59a09a1faa299ed87d66ffd004b539d7242016918ed7fb88d0a9785e37fbdd08bb07eb8de7045ba9b61f23353099a83b7c9697bbd48b375d27972e7fd7faa2bc

Download Submit
C:\Windows\system\ZszeHQN.exe

Filesize
1.6MB

MD5
0f85897903e4bdfba375d6ffff82cf45

SHA1
1a85b55c378566f6d2b33fafd59c8cbce01c7c2d

SHA256
7fa46528aca6c249c9b08dd71a9666e5d7e4ab06ec13e64afd40ac0eb520d256

SHA512
0c1a08fc7caf8f3e09c982dfed1bc54c6fd5292d73058cc741e7678c82c5298a2b819f55b151db6c2c937789a739c0eef68d9447747f5dba1df3fcfc5749977a

Download Submit
C:\Windows\system\cDKrEGt.exe

Filesize
1.6MB

MD5
20553ae6339d4deba89fc2fb876cf5f6

SHA1
98d0469e488805836e1b662b96a3fca55504ee9d

SHA256
2d119dce26478f7f61da1f37c381662c8c9e7710136372edcf14ffbab28982bf

SHA512
58afd404ba89c48d61a54f57b8bff56952d377dc8f1054da8f6e03eb10b8fb337647b1bd77fe93bbc2e92857e810f12cbbdbe6a02f0df70f9510e28c435ddc81

Download Submit
C:\Windows\system\eCWcjCT.exe

Filesize
1.6MB

MD5
a6c33450b7fd8de33bb15e92a6ec4dcf

SHA1
9fabe132bf5ae6e518f936f2b783da62ecdad92d

SHA256
8c8352fa8c01c4c2e27d7cc12e8f964a07e0367ba9c8012e2736867d492e6637

SHA512
5b78c615f29cf06c61bb221393347127dce9917516f1e48602fef890a32e42fbb129474732b91a84e23d89fcdfb9021819e882a02226a2fda2b164b9928fa93e

Download Submit
C:\Windows\system\klzrEEh.exe

Filesize
1.6MB

MD5
fab2d4be19a1b773dddc225520db40ad

SHA1
011ddad2e27c0f10bcb2194854c5aa6f8752484f

SHA256
f511f51ef25e1b0dc95fbb3da340ef1511ec97ede940eb1b0a087ddab07574c3

SHA512
944aec6759744141eed91f2968d68cecd833e098b38e78d00246102018d4135617033d811fd5b34fb3beb37a6c0fb2e2cd3c81a483e92e4141bd049e0d03f945

Download Submit
C:\Windows\system\qYNjsmT.exe

Filesize
1.6MB

MD5
a5b23bdea85cac16093c16511d657be2

SHA1
d558b54e840423dfda80a772d4f256da01a8905b

SHA256
7047bcbd1e11b0b35484ffc1135bcea5ce5afb17ab038b9ca54a1828e05e2f62

SHA512
90568d93ae631e1ea37bc4607820bce3b573915a47f85f1c9e40772823d63e22b8289b67e3a5d0de27c5c8dad1d87aa939beb6a7fc55e8d8f5d6db5283e0e389

Download Submit
C:\Windows\system\rJiPgCE.exe

Filesize
1.6MB

MD5
67e0d8e15153208ec66aa230410435f7

SHA1
1e8548c11ae9b75df1bad09bcf6e1734a6481e58

SHA256
3d86942509ac09a4b7203e2e4d524bf5c464475208837e947ad94e49d1dc5a4a

SHA512
923a9cc2c13bd97ba5822e9112c6e2099ec951317de106e05fb50d3f85978a25e82e7108ad4c65450619a6251171de5c7504ac1588c787696f56ca413f59abf6

Download Submit
\Windows\system\CdoVKuT.exe

Filesize
1.6MB

MD5
3e3b8a0f67a8ead83570f8451a2622fa

SHA1
3c15c3329277f2cb9d632a76991e8db4017adf67

SHA256
dd4f5137d947b1ae67e18911973c0803b8e2c16762f9c6d926bd0fddefe90ca2

SHA512
93d647423fef5de4def85ce00993f813b254b9e9296e65cd3eb42096ead52e499a9b46e0f1af6507132834b23fd3e95bd6849bd3241cf4bc8225f3708a1be224

Download Submit
\Windows\system\FlANooY.exe

Filesize
1.6MB

MD5
2b122b6ec4b7fdf007600724b79b827d

SHA1
0aef5cc48c02ded758f4dac6d8feaa83443c5015

SHA256
dc86af71ab1d00f1737cfa6e3f5f467bf8edc4eb16826445ac7b904513bcd5b1

SHA512
cfa86bda146ca9f549cde942d7117beb772ae413532f661f289626c286c576c2c07e0827aeae036f6051eeb3136758b0b2bd51e90c569ed6a016b12c54eb1a25

Download Submit
\Windows\system\GFBADzj.exe

Filesize
1.6MB

MD5
bc0f0df4daf6fe61995b24d646c8b651

SHA1
f5cbc8aa8c30a0d0c1d679fd121063f695e12f87

SHA256
e57f7f44969cf1d4b427f6be055100674fde99fa665579e1142cd201951eab04

SHA512
140c1d6a8f6d9ef6a0ee37a66f1209fcef0f17332d427bc3a77a4e583c1dc9dee498351d2bf752ccf6e3593d45028100b9cd0e684b4de7ab6cc94e4653875616

Download Submit
\Windows\system\KHvErsz.exe

Filesize
1.6MB

MD5
d72f20f6ce14a504952de7a1252d7ef3

SHA1
291ae518c4b2b9e47c49de5d00ca05f85fccf155

SHA256
ac5bad7427c683fdc601da53c92d3999c9047c25d390a7845314c83aafad4457

SHA512
37c1a5bdec410233aae971ebbf4a7760eeafc807346249a5d41bd72492a0e94ac70e84a47796c9ebb364e050e5000fc40ae848e1c26b395d02af88de6652b156

Download Submit
\Windows\system\KPubuRn.exe

Filesize
1.6MB

MD5
3c526770d3ad3b2a11b265d43388fc52

SHA1
9164bcaa6143909b9f0987150ca86a428f988375

SHA256
760b9ab8057df34d773d750e6f2a320b6473412d63a8ae4ed679514cc358c678

SHA512
a328fe09f529a3352adac1651d44cba37d5fc70e8872c126847905a39431ab976acc0cb5b57d96142dc95e2bce09cf572c6d96be44a1781254b02376de53bde7

Download Submit
\Windows\system\MzBcbCX.exe

Filesize
1.6MB

MD5
105e54d5206da1a76a0a9300751c411a

SHA1
25735a839e04e4e2c8b6b0069967f17c208e30ee

SHA256
8992b52def30ef2afbb02552f37b27068030f8856f36167f1c4af4eb46db7241

SHA512
a3646eeb635a3e768f03e128a89c165009c9b3e18282c3c76992b10401125f779fc3a9ab3bf7243dacf57dd1519263108b715d0488dc2ad7dd6b1ce528d89068

Download Submit
\Windows\system\PHusUEq.exe

Filesize
1.6MB

MD5
fc4f5f12bfeffbd0d5873acd64baef13

SHA1
096e3ec5d22823cbf2fc8887aa760141c1af3adc

SHA256
e3afb2cffb77fbdbd03fc5ae0cc8543d44acbb2f68d8559a122f5fef9c03640c

SHA512
1e3be8402273a778f3432db42d21635498c7c9b7261cbff1b52856cebd9e5d46fb9340b4a487b85dfd383dfc1b08264c259dca1cca84948e2db8064e12c3c847

Download Submit
\Windows\system\TYaNeeP.exe

Filesize
1.6MB

MD5
4419b623a39af01e9b903bc1700070e0

SHA1
77acfb1c03e8bea3909356651d84ffabb1392484

SHA256
754343005882a66f7b8857380e953316be2b2fa83cc229cd8a1066a2ed4a382d

SHA512
1caf81905c2aa8c2d8ee622da40dedf147f3f9191938fd9390fd540c57257f9049bc06c68480a9513549b4cd29f978cc74c954a5041f9a32cc3a52e29a9818ca

Download Submit
\Windows\system\TqDwilI.exe

Filesize
1.6MB

MD5
f1edc0dc4994694175decec246d80613

SHA1
bc5c38ff392f31c87f4873a0d998b2713e48e300

SHA256
85388d8fcfa63320adfa23f659d1b36f03eedac080c090f06fe0f6db9a98fecc

SHA512
be701ef319880380606c13acefdf3cee604ea068e5b1f0c2a979174ed219af4e85ddc65e4deb3ec6712b28942401b262adde86f2ae7d312671b5fb375dd2ae7f

Download Submit
\Windows\system\YAvjfoM.exe

Filesize
1.6MB

MD5
506cae9e8aa3418fc8a2d283f5f9f714

SHA1
21d181967615194860f1a0133dd453b64a2a2193

SHA256
d4bd1b6ab5fbe9b6101026b4bb11c4008daf3ad325920a76161fa53cece62740

SHA512
fa3fdbaf2e441b61b066d9f32125f0e6edebdaf67e5dacf1276c95f7aafcc0f3b9556edd8b914c331292879810dd33be6617cd785b16500165ccb18345502f82

Download Submit
\Windows\system\ZmwEegI.exe

Filesize
1.6MB

MD5
a4a092155ea9c0d5f20e603d2c5f3733

SHA1
0fdfc4c2165ca0c5486202836667b8223012c1e2

SHA256
73b5a36426b6a68870bc8af1d002cb3b810980352ba7beb570ef8fe5125957fb

SHA512
c46924735108d051236135b4cf219682c97708612a6678b42f37e74666f315940e269458ab053ae56fc7e8013024a63c4f932e5635d892edca9f7f8f4c6d8845

Download Submit
\Windows\system\asETovJ.exe

Filesize
1.6MB

MD5
6c0e7e1b5d13f8c516dc956f1144223c

SHA1
72ed1b2e8f618eff0f90fcfa7095bad498429ce7

SHA256
c478d19a6c005c5ee9cc28d6657d2d40aeda1c36c682e308d5cfc7585efd0085

SHA512
6b8f155db42e372b1b0de22045c3b874f399077d48474eebce7ee5f188abf2996bf96bed9a4d7291233bb8ec4bbdfd7edc9b20ef765fd130fcdf48f3f989bfbc

Download Submit
\Windows\system\eYZrlkV.exe

Filesize
1.6MB

MD5
851ec32cf62dd4f78db94c174ed87d46

SHA1
a312f41c1c6c64b18c23f165087e415cc2602f6d

SHA256
f9541ec2f4521086dc7a3414278fd2f88f21e21560bf9f45dd8458fec9aaf891

SHA512
0136920ec776a3d82adfe8e6f8d71c11dfb40cdc9b42e6b00b24dd35237d6872975b71a96fd58b30645def89d18a2668db703a42f0183b9f998bdc6aaa6a0888

Download Submit
\Windows\system\jstBsyC.exe

Filesize
1.6MB

MD5
902fb67727dfead798a8eb3f557c7268

SHA1
09bb609f2c7a8600b91f380ff63d0e3c767cbc83

SHA256
508770dc3227330eeea550562e788d0b25f1f9634db184f611b4b85c5962f267

SHA512
3136808d7e20d8bcfdef31106976ff22a949eace755e608012816944a8eaf40f0ba305ae6694b7aad44e94eeb87d8fb505f2d20bc8151fb84166cfd957563cc6

Download Submit
\Windows\system\juJfInT.exe

Filesize
1.6MB

MD5
ae87d2cad8badfc3e4e8a319c2f274e3

SHA1
77129fa7a3f3fc3d691e2278c4f4e5e05cd796e9

SHA256
297e8af113d3e5a127346fd1d59f2fb398eb4d70562f4200cb8303bb55fdb5a8

SHA512
540aa5d2bad46c3c7ecddb6b59daece32a6b81068617d00ee866e76d5c9eae1f16b984648c52ee18fab23d835254462871a663f07cee652f3766df48292ae1e4

Download Submit
\Windows\system\nUIJQAQ.exe

Filesize
1.6MB

MD5
4eb071c5b1c9f0a3de52103f8fec5f49

SHA1
2e6b053718e414fd5d6accf02c404ff8d63663d8

SHA256
1c3c453af36bc9465209936bb79e4c01a6e9e54c8978bbc9cb5cdb08f8315bd1

SHA512
c50cc0e484ea67dc2dd28f165323f1bcf4e52d952469b6ff100067115c3a2464e2d966cd5926137871fda09374fb5e5ed0aee99e3c205dd338b2a59699f85cb3

Download Submit
\Windows\system\qaaMGRh.exe

Filesize
1.6MB

MD5
871f3b1b57cf077508f3dc17d58eb73b

SHA1
03c8df454a53249411b4b3515971de0361a4714b

SHA256
d93d88e961176e933f0bbc64c6b2bccfffaf70d75bc4cd85602469e6868f9377

SHA512
b634e432b68143bfd04e93138bfb67b7347c25693c8a4978e64ad4d2c5c19274847bb28189b98f84d906229fe7ef7da5e03eea3936452f674c1823e63cb8d2e6

Download Submit
\Windows\system\qsvgMhv.exe

Filesize
1.6MB

MD5
8ef62345954483af547c881fc4a3deb4

SHA1
3f2e2b520073291e7ca33444bb3cf12b16986cbc

SHA256
80bd2d07c5077f83329c96073b2d7c01095ea238c19427a8f5ebe3810164a4ef

SHA512
beb96c28ed03154b7cd61c0921185454d70f88cb105dae18db73841af03b4e428f0c978e989ed3d48ee08b944aa7684c10bfbce562990eecd0d1a26e58ee11d9

Download Submit
\Windows\system\qwACjfR.exe

Filesize
1.6MB

MD5
835670d562eb0b0e83e4727f5379f32b

SHA1
26f82d0dfe1063db59aa72b01995b44c3000a909

SHA256
286aec41c332c78c747f1c21b8a81ff8b71e2372aabff1c1ccea14dd68f17bbf

SHA512
bd8733b5bcce820cbe82213a8526d7e4fbe61e97e89301df0979e3ffdadf14a1ca0e90c2c79bb586a1314a03e5f80c0c991d6dd7e140a3364ded0fe7ec31f7ad

Download Submit
\Windows\system\wZQKxTA.exe

Filesize
1.6MB

MD5
bb6e5b2adad9bea22f9fa236b088d17b

SHA1
e3efac2fb277e4ead3596722e31c154b6c2b3d20

SHA256
2d144e015aab9d6d418370e1b48803a22e6e19c9839ac913adb95645de10022c

SHA512
f538131fe786a311a954c0b33f27592d3c6286020f1b2f94a8a6548aa631f003006cb7453698379bbdb88393791cab40b6c9bc0c24123ad1f13a0068cec77e07

Download Submit
\Windows\system\zFonqvm.exe

Filesize
1.6MB

MD5
d75f283d5a536cb1060609804a873629

SHA1
1b04716b1bca733ebaa6b6ee2e885e8f7a629977

SHA256
5b97b89164cbdcd67896e52af903ad1596193a1550d67e9540ac570147889887

SHA512
421d621c6fb558bf496a646fd6565a469637f5101dccf3d728268509fc123fed93065edca85d0f82cf412edd82f590312f5ae928b0aac951f3166798f959c0f3

Download Submit
memory/1268-5569-0x000000013FDF0000-0x00000001401E2000-memory.dmp

Filesize
3.9MB

Download
memory/1268-17-0x000000013FDF0000-0x00000001401E2000-memory.dmp

Filesize
3.9MB

Download
memory/1648-98-0x00000000030F0000-0x00000000034E2000-memory.dmp

Filesize
3.9MB

Download
memory/1648-9-0x000000013FDF0000-0x00000001401E2000-memory.dmp

Filesize
3.9MB

Download
memory/1648-216-0x000000013FAA0000-0x000000013FE92000-memory.dmp

Filesize
3.9MB

Download
memory/1648-118-0x00000000030F0000-0x00000000034E2000-memory.dmp

Filesize
3.9MB

Download
memory/1648-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1648-0-0x000000013F5E0000-0x000000013F9D2000-memory.dmp

Filesize
3.9MB

Download
memory/1648-122-0x000000013F130000-0x000000013F522000-memory.dmp

Filesize
3.9MB

Download
memory/1648-100-0x00000000030F0000-0x00000000034E2000-memory.dmp

Filesize
3.9MB

Download
memory/1648-111-0x00000000030F0000-0x00000000034E2000-memory.dmp

Filesize
3.9MB

Download
memory/1648-219-0x00000000030F0000-0x00000000034E2000-memory.dmp

Filesize
3.9MB

Download
memory/1648-217-0x00000000030F0000-0x00000000034E2000-memory.dmp

Filesize
3.9MB

Download
memory/1648-102-0x00000000030F0000-0x00000000034E2000-memory.dmp

Filesize
3.9MB

Download
memory/1648-116-0x000000013FF10000-0x0000000140302000-memory.dmp

Filesize
3.9MB

Download
memory/2376-19-0x000000013F910000-0x000000013FD02000-memory.dmp

Filesize
3.9MB

Download
memory/2376-7054-0x000000013F910000-0x000000013FD02000-memory.dmp

Filesize
3.9MB

Download
memory/2468-250-0x000007FEF5920000-0x000007FEF62BD000-memory.dmp

Filesize
9.6MB

Download
memory/2468-42-0x00000000027A0000-0x00000000027A8000-memory.dmp

Filesize
32KB

Download
memory/2468-90-0x000007FEF5920000-0x000007FEF62BD000-memory.dmp

Filesize
9.6MB

Download
memory/2468-18-0x00000000027E0000-0x0000000002860000-memory.dmp

Filesize
512KB

Download
memory/2468-218-0x000007FEF5920000-0x000007FEF62BD000-memory.dmp

Filesize
9.6MB

Download
memory/2468-20-0x000007FEF5BDE000-0x000007FEF5BDF000-memory.dmp

Filesize
4KB

Download
memory/2468-106-0x000007FEF5920000-0x000007FEF62BD000-memory.dmp

Filesize
9.6MB

Download
memory/2468-35-0x000000001B5F0000-0x000000001B8D2000-memory.dmp

Filesize
2.9MB

Download
memory/2524-120-0x000000013F500000-0x000000013F8F2000-memory.dmp

Filesize
3.9MB

Download
memory/2524-5575-0x000000013F500000-0x000000013F8F2000-memory.dmp

Filesize
3.9MB

Download
memory/2560-173-0x000000013FAE0000-0x000000013FED2000-memory.dmp

Filesize
3.9MB

Download
memory/2580-135-0x000000013F130000-0x000000013F522000-memory.dmp

Filesize
3.9MB

Download
memory/2580-6702-0x000000013F130000-0x000000013F522000-memory.dmp

Filesize
3.9MB

Download
memory/2668-99-0x000000013F3A0000-0x000000013F792000-memory.dmp

Filesize
3.9MB

Download
memory/2668-6707-0x000000013F3A0000-0x000000013F792000-memory.dmp

Filesize
3.9MB

Download
memory/2672-6254-0x000000013F360000-0x000000013F752000-memory.dmp

Filesize
3.9MB

Download
memory/2672-101-0x000000013F360000-0x000000013F752000-memory.dmp

Filesize
3.9MB

Download
memory/2676-112-0x000000013F880000-0x000000013FC72000-memory.dmp

Filesize
3.9MB

Download
memory/2676-6087-0x000000013F880000-0x000000013FC72000-memory.dmp

Filesize
3.9MB

Download
memory/2720-94-0x000000013F920000-0x000000013FD12000-memory.dmp

Filesize
3.9MB

Download
memory/2720-6106-0x000000013F920000-0x000000013FD12000-memory.dmp

Filesize
3.9MB

Download
memory/2788-7092-0x000000013FF10000-0x0000000140302000-memory.dmp

Filesize
3.9MB

Download
memory/2788-127-0x000000013FF10000-0x0000000140302000-memory.dmp

Filesize
3.9MB

Download
memory/2916-109-0x000000013F5B0000-0x000000013F9A2000-memory.dmp

Filesize
3.9MB

Download
memory/2916-6694-0x000000013F5B0000-0x000000013F9A2000-memory.dmp

Filesize
3.9MB

Download