xmrig | 6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f

Analysis

max time kernel
148s
max time network
153s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
14/06/2024, 22:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
Size

1.8MB
MD5

be6749720185715b6cddd27857861d53
SHA1

558120db39fe500f28f2056713a7f49d0cbeb06c
SHA256

6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f
SHA512

8de575139228cbf21dfc8c5b0eee9f88037d6915c2429c834720a70155d44805f727a2db004f2e4f57f6be06b17410c604cb0bbcd3ba9e405ca294f4bb8b502a
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjuJoz5XdUK6S1uBkr5Gqlfz+y7p9DH2D3:Lz071uv4BPMkHC0I6Gz3N1pHP77K5t

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 21 IoCs

resource	yara_rule
behavioral1/memory/2672-8-0x000000013F8C0000-0x000000013FCB2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2672-91-0x000000013F8C0000-0x000000013FCB2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2712-312-0x000000013F6B0000-0x000000013FAA2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2716-426-0x000000013F760000-0x000000013FB52000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2508-60-0x000000013F3E0000-0x000000013F7D2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2056-86-0x000000013FE50000-0x0000000140242000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2716-24-0x000000013F760000-0x000000013FB52000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2968-563-0x000000013FD10000-0x0000000140102000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2644-562-0x000000013FD50000-0x0000000140142000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2272-560-0x000000013F860000-0x000000013FC52000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/584-581-0x000000013FAA0000-0x000000013FE92000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2508-580-0x000000013F3E0000-0x000000013F7D2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2716-3880-0x000000013F760000-0x000000013FB52000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2508-3872-0x000000013F3E0000-0x000000013F7D2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1512-3901-0x000000013FF80000-0x0000000140372000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2672-3898-0x000000013F8C0000-0x000000013FCB2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2968-3902-0x000000013FD10000-0x0000000140102000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2644-3903-0x000000013FD50000-0x0000000140142000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/584-3905-0x000000013FAA0000-0x000000013FE92000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2272-3951-0x000000013F860000-0x000000013FC52000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2712-3952-0x000000013F6B0000-0x000000013FAA2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 61 IoCs

resource	yara_rule
behavioral1/memory/2056-1-0x000000013FE50000-0x0000000140242000-memory.dmp	UPX
behavioral1/files/0x000b000000012281-3.dat	UPX
behavioral1/memory/2672-8-0x000000013F8C0000-0x000000013FCB2000-memory.dmp	UPX
behavioral1/files/0x0009000000015ca2-18.dat	UPX
behavioral1/files/0x0023000000015c68-10.dat	UPX
behavioral1/memory/2712-14-0x000000013F6B0000-0x000000013FAA2000-memory.dmp	UPX
behavioral1/files/0x0015000000015c79-42.dat	UPX
behavioral1/files/0x0006000000016c21-50.dat	UPX
behavioral1/files/0x0006000000016c76-61.dat	UPX
behavioral1/memory/2968-66-0x000000013FD10000-0x0000000140102000-memory.dmp	UPX
behavioral1/memory/584-67-0x000000013FAA0000-0x000000013FE92000-memory.dmp	UPX
behavioral1/files/0x0006000000016ce4-87.dat	UPX
behavioral1/memory/2672-91-0x000000013F8C0000-0x000000013FCB2000-memory.dmp	UPX
behavioral1/files/0x0006000000016d0a-105.dat	UPX
behavioral1/files/0x0006000000016d2b-114.dat	UPX
behavioral1/files/0x0006000000016d4c-123.dat	UPX
behavioral1/files/0x0006000000016d94-135.dat	UPX
behavioral1/files/0x0006000000016e6b-144.dat	UPX
behavioral1/files/0x0009000000016c07-132.dat	UPX
behavioral1/files/0x0006000000016cfe-157.dat	UPX
behavioral1/files/0x0006000000017578-177.dat	UPX
behavioral1/files/0x001500000001861a-183.dat	UPX
behavioral1/memory/2712-312-0x000000013F6B0000-0x000000013FAA2000-memory.dmp	UPX
behavioral1/files/0x0006000000017090-167.dat	UPX
behavioral1/files/0x0006000000016d98-165.dat	UPX
behavioral1/files/0x0006000000016d5b-163.dat	UPX
behavioral1/files/0x0006000000016d3c-161.dat	UPX
behavioral1/files/0x0006000000016d0f-159.dat	UPX
behavioral1/files/0x0006000000016cec-155.dat	UPX
behavioral1/files/0x0006000000016cdc-153.dat	UPX
behavioral1/files/0x0006000000016c9d-151.dat	UPX
behavioral1/files/0x0006000000016c2a-149.dat	UPX
behavioral1/memory/2716-426-0x000000013F760000-0x000000013FB52000-memory.dmp	UPX
behavioral1/files/0x00050000000186a7-188.dat	UPX
behavioral1/files/0x00060000000177fe-181.dat	UPX
behavioral1/files/0x00060000000170cf-172.dat	UPX
behavioral1/files/0x000b000000003d5f-121.dat	UPX
behavioral1/files/0x0006000000016ccb-82.dat	UPX
behavioral1/memory/2508-60-0x000000013F3E0000-0x000000013F7D2000-memory.dmp	UPX
behavioral1/memory/2644-49-0x000000013FD50000-0x0000000140142000-memory.dmp	UPX
behavioral1/memory/2272-32-0x000000013F860000-0x000000013FC52000-memory.dmp	UPX
behavioral1/files/0x0006000000016cf8-97.dat	UPX
behavioral1/memory/1512-90-0x000000013FF80000-0x0000000140372000-memory.dmp	UPX
behavioral1/memory/2056-86-0x000000013FE50000-0x0000000140242000-memory.dmp	UPX
behavioral1/files/0x0007000000015cd2-37.dat	UPX
behavioral1/files/0x0007000000015cb9-27.dat	UPX
behavioral1/memory/2716-24-0x000000013F760000-0x000000013FB52000-memory.dmp	UPX
behavioral1/memory/2968-563-0x000000013FD10000-0x0000000140102000-memory.dmp	UPX
behavioral1/memory/2644-562-0x000000013FD50000-0x0000000140142000-memory.dmp	UPX
behavioral1/memory/2272-560-0x000000013F860000-0x000000013FC52000-memory.dmp	UPX
behavioral1/memory/584-581-0x000000013FAA0000-0x000000013FE92000-memory.dmp	UPX
behavioral1/memory/2508-580-0x000000013F3E0000-0x000000013F7D2000-memory.dmp	UPX
behavioral1/memory/2716-3880-0x000000013F760000-0x000000013FB52000-memory.dmp	UPX
behavioral1/memory/2508-3872-0x000000013F3E0000-0x000000013F7D2000-memory.dmp	UPX
behavioral1/memory/1512-3901-0x000000013FF80000-0x0000000140372000-memory.dmp	UPX
behavioral1/memory/2672-3898-0x000000013F8C0000-0x000000013FCB2000-memory.dmp	UPX
behavioral1/memory/2968-3902-0x000000013FD10000-0x0000000140102000-memory.dmp	UPX
behavioral1/memory/2644-3903-0x000000013FD50000-0x0000000140142000-memory.dmp	UPX
behavioral1/memory/584-3905-0x000000013FAA0000-0x000000013FE92000-memory.dmp	UPX
behavioral1/memory/2272-3951-0x000000013F860000-0x000000013FC52000-memory.dmp	UPX
behavioral1/memory/2712-3952-0x000000013F6B0000-0x000000013FAA2000-memory.dmp	UPX

XMRig Miner payload 22 IoCs

miner

resource	yara_rule
behavioral1/memory/2672-8-0x000000013F8C0000-0x000000013FCB2000-memory.dmp	xmrig
behavioral1/memory/2672-91-0x000000013F8C0000-0x000000013FCB2000-memory.dmp	xmrig
behavioral1/memory/2712-312-0x000000013F6B0000-0x000000013FAA2000-memory.dmp	xmrig
behavioral1/memory/2716-426-0x000000013F760000-0x000000013FB52000-memory.dmp	xmrig
behavioral1/memory/2508-60-0x000000013F3E0000-0x000000013F7D2000-memory.dmp	xmrig
behavioral1/memory/2056-88-0x00000000033D0000-0x00000000037C2000-memory.dmp	xmrig
behavioral1/memory/2056-86-0x000000013FE50000-0x0000000140242000-memory.dmp	xmrig
behavioral1/memory/2716-24-0x000000013F760000-0x000000013FB52000-memory.dmp	xmrig
behavioral1/memory/2968-563-0x000000013FD10000-0x0000000140102000-memory.dmp	xmrig
behavioral1/memory/2644-562-0x000000013FD50000-0x0000000140142000-memory.dmp	xmrig
behavioral1/memory/2272-560-0x000000013F860000-0x000000013FC52000-memory.dmp	xmrig
behavioral1/memory/584-581-0x000000013FAA0000-0x000000013FE92000-memory.dmp	xmrig
behavioral1/memory/2508-580-0x000000013F3E0000-0x000000013F7D2000-memory.dmp	xmrig
behavioral1/memory/2716-3880-0x000000013F760000-0x000000013FB52000-memory.dmp	xmrig
behavioral1/memory/2508-3872-0x000000013F3E0000-0x000000013F7D2000-memory.dmp	xmrig
behavioral1/memory/1512-3901-0x000000013FF80000-0x0000000140372000-memory.dmp	xmrig
behavioral1/memory/2672-3898-0x000000013F8C0000-0x000000013FCB2000-memory.dmp	xmrig
behavioral1/memory/2968-3902-0x000000013FD10000-0x0000000140102000-memory.dmp	xmrig
behavioral1/memory/2644-3903-0x000000013FD50000-0x0000000140142000-memory.dmp	xmrig
behavioral1/memory/584-3905-0x000000013FAA0000-0x000000013FE92000-memory.dmp	xmrig
behavioral1/memory/2272-3951-0x000000013F860000-0x000000013FC52000-memory.dmp	xmrig
behavioral1/memory/2712-3952-0x000000013F6B0000-0x000000013FAA2000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
2556	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2672	fxpTEHV.exe
2712	uBYuveM.exe
2716	CfihqEh.exe
2272	zdUhKBa.exe
2644	hIJHuOv.exe
2508	ZMBEXzX.exe
2968	kmJDIoz.exe
584	yVvgOhL.exe
1512	vJkKClA.exe
2804	IDffwdn.exe
1536	DiEpMvR.exe
1136	wKffTAp.exe
2416	nRukMKY.exe
2476	EdwsHlp.exe
2708	qTttuYd.exe
2596	BSfttSA.exe
1156	dbGWJaY.exe
856	ShLzMsM.exe
944	NHlQotD.exe
896	cPQRVSY.exe
1496	XDYONWn.exe
2824	EPMRvJH.exe
1964	DopUmiz.exe
1548	bNXKFzj.exe
768	SYRPfDd.exe
2692	ISBjiDf.exe
624	zkzvhAj.exe
1096	EMhKGGm.exe
2140	krSGaCw.exe
2572	yrtapxS.exe
1924	YFffToW.exe
3012	esLfefc.exe
1604	xVJXgFc.exe
1084	ykyqEBk.exe
1792	xKQUfID.exe
1068	aIItnNE.exe
1564	biNlJse.exe
748	FQLMUIM.exe
1856	hZkoMVj.exe
1028	PqhZgtj.exe
1876	NyfmGRd.exe
1680	wbnKxlk.exe
284	riVSHfX.exe
2372	DGwmkLc.exe
2444	QlEFZLB.exe
1772	UbAlwlW.exe
1988	JiFyKJd.exe
2164	QMDtlxz.exe
2216	SVfMHJf.exe
2252	rGrHCNr.exe
900	ysZEJAv.exe
1464	uWWxUWU.exe
1628	GwbbDhe.exe
2580	sibgUqh.exe
2864	QytTecL.exe
2076	PakBTdO.exe
1524	ABvabkp.exe
3020	HLaYgOu.exe
2820	bzwLIDs.exe
3032	CJYauQH.exe
2624	PoCwpMl.exe
816	LugLGfX.exe
264	oohzQxY.exe
2392	dXjOlpS.exe

Loads dropped DLL 64 IoCs

pid	Process
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe

UPX packed file 61 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2056-1-0x000000013FE50000-0x0000000140242000-memory.dmp	upx
behavioral1/files/0x000b000000012281-3.dat	upx
behavioral1/memory/2672-8-0x000000013F8C0000-0x000000013FCB2000-memory.dmp	upx
behavioral1/files/0x0009000000015ca2-18.dat	upx
behavioral1/files/0x0023000000015c68-10.dat	upx
behavioral1/memory/2712-14-0x000000013F6B0000-0x000000013FAA2000-memory.dmp	upx
behavioral1/files/0x0015000000015c79-42.dat	upx
behavioral1/files/0x0006000000016c21-50.dat	upx
behavioral1/files/0x0006000000016c76-61.dat	upx
behavioral1/memory/2968-66-0x000000013FD10000-0x0000000140102000-memory.dmp	upx
behavioral1/memory/584-67-0x000000013FAA0000-0x000000013FE92000-memory.dmp	upx
behavioral1/files/0x0006000000016ce4-87.dat	upx
behavioral1/memory/2672-91-0x000000013F8C0000-0x000000013FCB2000-memory.dmp	upx
behavioral1/files/0x0006000000016d0a-105.dat	upx
behavioral1/files/0x0006000000016d2b-114.dat	upx
behavioral1/files/0x0006000000016d4c-123.dat	upx
behavioral1/files/0x0006000000016d94-135.dat	upx
behavioral1/files/0x0006000000016e6b-144.dat	upx
behavioral1/files/0x0009000000016c07-132.dat	upx
behavioral1/files/0x0006000000016cfe-157.dat	upx
behavioral1/files/0x0006000000017578-177.dat	upx
behavioral1/files/0x001500000001861a-183.dat	upx
behavioral1/memory/2712-312-0x000000013F6B0000-0x000000013FAA2000-memory.dmp	upx
behavioral1/files/0x0006000000017090-167.dat	upx
behavioral1/files/0x0006000000016d98-165.dat	upx
behavioral1/files/0x0006000000016d5b-163.dat	upx
behavioral1/files/0x0006000000016d3c-161.dat	upx
behavioral1/files/0x0006000000016d0f-159.dat	upx
behavioral1/files/0x0006000000016cec-155.dat	upx
behavioral1/files/0x0006000000016cdc-153.dat	upx
behavioral1/files/0x0006000000016c9d-151.dat	upx
behavioral1/files/0x0006000000016c2a-149.dat	upx
behavioral1/memory/2716-426-0x000000013F760000-0x000000013FB52000-memory.dmp	upx
behavioral1/files/0x00050000000186a7-188.dat	upx
behavioral1/files/0x00060000000177fe-181.dat	upx
behavioral1/files/0x00060000000170cf-172.dat	upx
behavioral1/files/0x000b000000003d5f-121.dat	upx
behavioral1/files/0x0006000000016ccb-82.dat	upx
behavioral1/memory/2508-60-0x000000013F3E0000-0x000000013F7D2000-memory.dmp	upx
behavioral1/memory/2644-49-0x000000013FD50000-0x0000000140142000-memory.dmp	upx
behavioral1/memory/2272-32-0x000000013F860000-0x000000013FC52000-memory.dmp	upx
behavioral1/files/0x0006000000016cf8-97.dat	upx
behavioral1/memory/1512-90-0x000000013FF80000-0x0000000140372000-memory.dmp	upx
behavioral1/memory/2056-86-0x000000013FE50000-0x0000000140242000-memory.dmp	upx
behavioral1/files/0x0007000000015cd2-37.dat	upx
behavioral1/files/0x0007000000015cb9-27.dat	upx
behavioral1/memory/2716-24-0x000000013F760000-0x000000013FB52000-memory.dmp	upx
behavioral1/memory/2968-563-0x000000013FD10000-0x0000000140102000-memory.dmp	upx
behavioral1/memory/2644-562-0x000000013FD50000-0x0000000140142000-memory.dmp	upx
behavioral1/memory/2272-560-0x000000013F860000-0x000000013FC52000-memory.dmp	upx
behavioral1/memory/584-581-0x000000013FAA0000-0x000000013FE92000-memory.dmp	upx
behavioral1/memory/2508-580-0x000000013F3E0000-0x000000013F7D2000-memory.dmp	upx
behavioral1/memory/2716-3880-0x000000013F760000-0x000000013FB52000-memory.dmp	upx
behavioral1/memory/2508-3872-0x000000013F3E0000-0x000000013F7D2000-memory.dmp	upx
behavioral1/memory/1512-3901-0x000000013FF80000-0x0000000140372000-memory.dmp	upx
behavioral1/memory/2672-3898-0x000000013F8C0000-0x000000013FCB2000-memory.dmp	upx
behavioral1/memory/2968-3902-0x000000013FD10000-0x0000000140102000-memory.dmp	upx
behavioral1/memory/2644-3903-0x000000013FD50000-0x0000000140142000-memory.dmp	upx
behavioral1/memory/584-3905-0x000000013FAA0000-0x000000013FE92000-memory.dmp	upx
behavioral1/memory/2272-3951-0x000000013F860000-0x000000013FC52000-memory.dmp	upx
behavioral1/memory/2712-3952-0x000000013F6B0000-0x000000013FAA2000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\sUVSblk.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\myPPdHd.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\pCEbGuV.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\XaszftE.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\fqEimVX.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\upcJKAU.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\ryLpBoJ.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\PrRSVjv.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\XBBeeeY.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\fxpTEHV.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\cwBOTGu.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\SgBXLIA.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\JTbiecW.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\XdewQzI.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\sXTERTg.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\MtUenmC.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\QuyKTut.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\sWJZAhA.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\smJhLcw.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\RzlZBYc.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\BjldLOX.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\jJrZQxo.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\CHoYhVD.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\WDgJiPG.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\JhawQQB.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\jcFlnHR.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\WgPcbAc.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\bjyrLZn.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\rSIDVOT.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\FtbRfHF.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\OjtdNBv.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\ZdrgQAI.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\CErceIU.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\eryOGvY.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\JqOAjNS.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\HcStZkF.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\ZcTJBBi.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\aUMHQVx.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\KdQoXiP.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\rZscUfT.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\taFrOLI.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\AkMPJwG.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\WGNordB.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\GaTsdoj.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\RCguUcO.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\JUZQwly.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\axuKmEQ.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\xIdBLZy.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\lkHBGLT.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\HHiWJas.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\MUhzPVY.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\JbxXxye.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\NCpZAXY.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\WElBafy.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\xgBrZkF.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\RjIrzVQ.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\shfWbqR.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\SmYVEvn.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\JmDkpLc.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\DGwmkLc.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\CfhFemg.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\xiQKrWF.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\rgisBAA.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
File created	C:\Windows\System\SppLHkn.exe	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2556	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
Token: SeLockMemoryPrivilege	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
Token: SeDebugPrivilege	2556	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2056 wrote to memory of 2556	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	29
PID 2056 wrote to memory of 2556	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	29
PID 2056 wrote to memory of 2556	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	29
PID 2056 wrote to memory of 2672	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	30
PID 2056 wrote to memory of 2672	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	30
PID 2056 wrote to memory of 2672	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	30
PID 2056 wrote to memory of 2712	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	31
PID 2056 wrote to memory of 2712	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	31
PID 2056 wrote to memory of 2712	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	31
PID 2056 wrote to memory of 2716	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	32
PID 2056 wrote to memory of 2716	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	32
PID 2056 wrote to memory of 2716	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	32
PID 2056 wrote to memory of 2272	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	33
PID 2056 wrote to memory of 2272	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	33
PID 2056 wrote to memory of 2272	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	33
PID 2056 wrote to memory of 2644	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	34
PID 2056 wrote to memory of 2644	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	34
PID 2056 wrote to memory of 2644	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	34
PID 2056 wrote to memory of 2476	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	35
PID 2056 wrote to memory of 2476	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	35
PID 2056 wrote to memory of 2476	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	35
PID 2056 wrote to memory of 2508	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	36
PID 2056 wrote to memory of 2508	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	36
PID 2056 wrote to memory of 2508	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	36
PID 2056 wrote to memory of 2596	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	37
PID 2056 wrote to memory of 2596	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	37
PID 2056 wrote to memory of 2596	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	37
PID 2056 wrote to memory of 2968	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	38
PID 2056 wrote to memory of 2968	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	38
PID 2056 wrote to memory of 2968	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	38
PID 2056 wrote to memory of 944	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	39
PID 2056 wrote to memory of 944	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	39
PID 2056 wrote to memory of 944	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	39
PID 2056 wrote to memory of 584	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	40
PID 2056 wrote to memory of 584	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	40
PID 2056 wrote to memory of 584	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	40
PID 2056 wrote to memory of 896	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	41
PID 2056 wrote to memory of 896	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	41
PID 2056 wrote to memory of 896	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	41
PID 2056 wrote to memory of 1512	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	42
PID 2056 wrote to memory of 1512	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	42
PID 2056 wrote to memory of 1512	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	42
PID 2056 wrote to memory of 1496	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	43
PID 2056 wrote to memory of 1496	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	43
PID 2056 wrote to memory of 1496	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	43
PID 2056 wrote to memory of 2804	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	44
PID 2056 wrote to memory of 2804	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	44
PID 2056 wrote to memory of 2804	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	44
PID 2056 wrote to memory of 2824	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	45
PID 2056 wrote to memory of 2824	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	45
PID 2056 wrote to memory of 2824	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	45
PID 2056 wrote to memory of 1536	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	46
PID 2056 wrote to memory of 1536	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	46
PID 2056 wrote to memory of 1536	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	46
PID 2056 wrote to memory of 1964	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	47
PID 2056 wrote to memory of 1964	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	47
PID 2056 wrote to memory of 1964	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	47
PID 2056 wrote to memory of 1136	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	48
PID 2056 wrote to memory of 1136	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	48
PID 2056 wrote to memory of 1136	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	48
PID 2056 wrote to memory of 1548	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	49
PID 2056 wrote to memory of 1548	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	49
PID 2056 wrote to memory of 1548	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	49
PID 2056 wrote to memory of 2416	2056	6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe	50

C:\Users\Admin\AppData\Local\Temp\6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe
"C:\Users\Admin\AppData\Local\Temp\6759c3d753d5f06f6150736c6311eb880b84ad072258fa15379ef3c833cbd57f.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2056
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2556
- C:\Windows\System\fxpTEHV.exe
  C:\Windows\System\fxpTEHV.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\uBYuveM.exe
  C:\Windows\System\uBYuveM.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\CfihqEh.exe
  C:\Windows\System\CfihqEh.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\zdUhKBa.exe
  C:\Windows\System\zdUhKBa.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\hIJHuOv.exe
  C:\Windows\System\hIJHuOv.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\EdwsHlp.exe
  C:\Windows\System\EdwsHlp.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\ZMBEXzX.exe
  C:\Windows\System\ZMBEXzX.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\BSfttSA.exe
  C:\Windows\System\BSfttSA.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\kmJDIoz.exe
  C:\Windows\System\kmJDIoz.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\NHlQotD.exe
  C:\Windows\System\NHlQotD.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\yVvgOhL.exe
  C:\Windows\System\yVvgOhL.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\cPQRVSY.exe
  C:\Windows\System\cPQRVSY.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\vJkKClA.exe
  C:\Windows\System\vJkKClA.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\XDYONWn.exe
  C:\Windows\System\XDYONWn.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\IDffwdn.exe
  C:\Windows\System\IDffwdn.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\EPMRvJH.exe
  C:\Windows\System\EPMRvJH.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\DiEpMvR.exe
  C:\Windows\System\DiEpMvR.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\DopUmiz.exe
  C:\Windows\System\DopUmiz.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\wKffTAp.exe
  C:\Windows\System\wKffTAp.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\bNXKFzj.exe
  C:\Windows\System\bNXKFzj.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\nRukMKY.exe
  C:\Windows\System\nRukMKY.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\SYRPfDd.exe
  C:\Windows\System\SYRPfDd.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\qTttuYd.exe
  C:\Windows\System\qTttuYd.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\ISBjiDf.exe
  C:\Windows\System\ISBjiDf.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\dbGWJaY.exe
  C:\Windows\System\dbGWJaY.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\zkzvhAj.exe
  C:\Windows\System\zkzvhAj.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\ShLzMsM.exe
  C:\Windows\System\ShLzMsM.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\EMhKGGm.exe
  C:\Windows\System\EMhKGGm.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\krSGaCw.exe
  C:\Windows\System\krSGaCw.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\yrtapxS.exe
  C:\Windows\System\yrtapxS.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\YFffToW.exe
  C:\Windows\System\YFffToW.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\xVJXgFc.exe
  C:\Windows\System\xVJXgFc.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\esLfefc.exe
  C:\Windows\System\esLfefc.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\aIItnNE.exe
  C:\Windows\System\aIItnNE.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\ykyqEBk.exe
  C:\Windows\System\ykyqEBk.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\hZkoMVj.exe
  C:\Windows\System\hZkoMVj.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\xKQUfID.exe
  C:\Windows\System\xKQUfID.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\PqhZgtj.exe
  C:\Windows\System\PqhZgtj.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\biNlJse.exe
  C:\Windows\System\biNlJse.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\NyfmGRd.exe
  C:\Windows\System\NyfmGRd.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\FQLMUIM.exe
  C:\Windows\System\FQLMUIM.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\wbnKxlk.exe
  C:\Windows\System\wbnKxlk.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\riVSHfX.exe
  C:\Windows\System\riVSHfX.exe
  2⤵
  - Executes dropped EXE
  PID:284
- C:\Windows\System\DGwmkLc.exe
  C:\Windows\System\DGwmkLc.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\QlEFZLB.exe
  C:\Windows\System\QlEFZLB.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\UbAlwlW.exe
  C:\Windows\System\UbAlwlW.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\JiFyKJd.exe
  C:\Windows\System\JiFyKJd.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\SVfMHJf.exe
  C:\Windows\System\SVfMHJf.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\QMDtlxz.exe
  C:\Windows\System\QMDtlxz.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\PakBTdO.exe
  C:\Windows\System\PakBTdO.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\rGrHCNr.exe
  C:\Windows\System\rGrHCNr.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\ABvabkp.exe
  C:\Windows\System\ABvabkp.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\ysZEJAv.exe
  C:\Windows\System\ysZEJAv.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\HLaYgOu.exe
  C:\Windows\System\HLaYgOu.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\uWWxUWU.exe
  C:\Windows\System\uWWxUWU.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\CJYauQH.exe
  C:\Windows\System\CJYauQH.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\GwbbDhe.exe
  C:\Windows\System\GwbbDhe.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\PoCwpMl.exe
  C:\Windows\System\PoCwpMl.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\sibgUqh.exe
  C:\Windows\System\sibgUqh.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\LugLGfX.exe
  C:\Windows\System\LugLGfX.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\QytTecL.exe
  C:\Windows\System\QytTecL.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\oohzQxY.exe
  C:\Windows\System\oohzQxY.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\bzwLIDs.exe
  C:\Windows\System\bzwLIDs.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\dXjOlpS.exe
  C:\Windows\System\dXjOlpS.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\qqilvZm.exe
  C:\Windows\System\qqilvZm.exe
  2⤵
  PID:2464
- C:\Windows\System\KqYdtAG.exe
  C:\Windows\System\KqYdtAG.exe
  2⤵
  PID:1768
- C:\Windows\System\EHKZoKE.exe
  C:\Windows\System\EHKZoKE.exe
  2⤵
  PID:2512
- C:\Windows\System\cUAoFBk.exe
  C:\Windows\System\cUAoFBk.exe
  2⤵
  PID:2172
- C:\Windows\System\Qbudhfw.exe
  C:\Windows\System\Qbudhfw.exe
  2⤵
  PID:960
- C:\Windows\System\SJKHdcp.exe
  C:\Windows\System\SJKHdcp.exe
  2⤵
  PID:2936
- C:\Windows\System\gxJilXQ.exe
  C:\Windows\System\gxJilXQ.exe
  2⤵
  PID:236
- C:\Windows\System\ebFjVoC.exe
  C:\Windows\System\ebFjVoC.exe
  2⤵
  PID:1160
- C:\Windows\System\wNfDRMs.exe
  C:\Windows\System\wNfDRMs.exe
  2⤵
  PID:672
- C:\Windows\System\bHtDFGI.exe
  C:\Windows\System\bHtDFGI.exe
  2⤵
  PID:1480
- C:\Windows\System\KaOqyLU.exe
  C:\Windows\System\KaOqyLU.exe
  2⤵
  PID:860
- C:\Windows\System\hKIQBim.exe
  C:\Windows\System\hKIQBim.exe
  2⤵
  PID:2244
- C:\Windows\System\HoLFutw.exe
  C:\Windows\System\HoLFutw.exe
  2⤵
  PID:3052
- C:\Windows\System\JDeSYTy.exe
  C:\Windows\System\JDeSYTy.exe
  2⤵
  PID:1824
- C:\Windows\System\NVORaiJ.exe
  C:\Windows\System\NVORaiJ.exe
  2⤵
  PID:1336
- C:\Windows\System\wyKWflK.exe
  C:\Windows\System\wyKWflK.exe
  2⤵
  PID:2668
- C:\Windows\System\crQZHUW.exe
  C:\Windows\System\crQZHUW.exe
  2⤵
  PID:1316
- C:\Windows\System\HCsDnAU.exe
  C:\Windows\System\HCsDnAU.exe
  2⤵
  PID:1224
- C:\Windows\System\AYRcBQN.exe
  C:\Windows\System\AYRcBQN.exe
  2⤵
  PID:948
- C:\Windows\System\Amqeyub.exe
  C:\Windows\System\Amqeyub.exe
  2⤵
  PID:1676
- C:\Windows\System\WYvsFGY.exe
  C:\Windows\System\WYvsFGY.exe
  2⤵
  PID:608
- C:\Windows\System\uPVwamZ.exe
  C:\Windows\System\uPVwamZ.exe
  2⤵
  PID:1812
- C:\Windows\System\LVAPStD.exe
  C:\Windows\System\LVAPStD.exe
  2⤵
  PID:2096
- C:\Windows\System\kXPDgVF.exe
  C:\Windows\System\kXPDgVF.exe
  2⤵
  PID:2060
- C:\Windows\System\jbrJvCa.exe
  C:\Windows\System\jbrJvCa.exe
  2⤵
  PID:1972
- C:\Windows\System\OdbuOiE.exe
  C:\Windows\System\OdbuOiE.exe
  2⤵
  PID:1932
- C:\Windows\System\HbYIjAl.exe
  C:\Windows\System\HbYIjAl.exe
  2⤵
  PID:2012
- C:\Windows\System\InIwnTM.exe
  C:\Windows\System\InIwnTM.exe
  2⤵
  PID:2124
- C:\Windows\System\YZqIRTC.exe
  C:\Windows\System\YZqIRTC.exe
  2⤵
  PID:2396
- C:\Windows\System\GMlSdDZ.exe
  C:\Windows\System\GMlSdDZ.exe
  2⤵
  PID:1188
- C:\Windows\System\nTjYFlF.exe
  C:\Windows\System\nTjYFlF.exe
  2⤵
  PID:2348
- C:\Windows\System\IrfuWop.exe
  C:\Windows\System\IrfuWop.exe
  2⤵
  PID:1712
- C:\Windows\System\GauoHKD.exe
  C:\Windows\System\GauoHKD.exe
  2⤵
  PID:1260
- C:\Windows\System\szSAlWd.exe
  C:\Windows\System\szSAlWd.exe
  2⤵
  PID:1592
- C:\Windows\System\KaMWZaX.exe
  C:\Windows\System\KaMWZaX.exe
  2⤵
  PID:520
- C:\Windows\System\fNRmdIk.exe
  C:\Windows\System\fNRmdIk.exe
  2⤵
  PID:2648
- C:\Windows\System\JqOAjNS.exe
  C:\Windows\System\JqOAjNS.exe
  2⤵
  PID:1456
- C:\Windows\System\CuRvRyp.exe
  C:\Windows\System\CuRvRyp.exe
  2⤵
  PID:1968
- C:\Windows\System\tyowrob.exe
  C:\Windows\System\tyowrob.exe
  2⤵
  PID:1992
- C:\Windows\System\TErjVdH.exe
  C:\Windows\System\TErjVdH.exe
  2⤵
  PID:3068
- C:\Windows\System\UGJVVgp.exe
  C:\Windows\System\UGJVVgp.exe
  2⤵
  PID:2836
- C:\Windows\System\xXbAIHj.exe
  C:\Windows\System\xXbAIHj.exe
  2⤵
  PID:2952
- C:\Windows\System\ajVKVun.exe
  C:\Windows\System\ajVKVun.exe
  2⤵
  PID:1264
- C:\Windows\System\DjbqwzG.exe
  C:\Windows\System\DjbqwzG.exe
  2⤵
  PID:1352
- C:\Windows\System\tOCQZbE.exe
  C:\Windows\System\tOCQZbE.exe
  2⤵
  PID:2544
- C:\Windows\System\kzuWvtZ.exe
  C:\Windows\System\kzuWvtZ.exe
  2⤵
  PID:2108
- C:\Windows\System\MQtHuzi.exe
  C:\Windows\System\MQtHuzi.exe
  2⤵
  PID:844
- C:\Windows\System\iLiztmA.exe
  C:\Windows\System\iLiztmA.exe
  2⤵
  PID:108
- C:\Windows\System\amTFyov.exe
  C:\Windows\System\amTFyov.exe
  2⤵
  PID:1396
- C:\Windows\System\lSCsXSC.exe
  C:\Windows\System\lSCsXSC.exe
  2⤵
  PID:820
- C:\Windows\System\qGctngG.exe
  C:\Windows\System\qGctngG.exe
  2⤵
  PID:2192
- C:\Windows\System\OCAVmwY.exe
  C:\Windows\System\OCAVmwY.exe
  2⤵
  PID:2564
- C:\Windows\System\VnuSTtQ.exe
  C:\Windows\System\VnuSTtQ.exe
  2⤵
  PID:1996
- C:\Windows\System\Iunpovw.exe
  C:\Windows\System\Iunpovw.exe
  2⤵
  PID:2664
- C:\Windows\System\anwIHHi.exe
  C:\Windows\System\anwIHHi.exe
  2⤵
  PID:2040
- C:\Windows\System\VXInEVE.exe
  C:\Windows\System\VXInEVE.exe
  2⤵
  PID:2488
- C:\Windows\System\TDPgJup.exe
  C:\Windows\System\TDPgJup.exe
  2⤵
  PID:2360
- C:\Windows\System\SJjSjbY.exe
  C:\Windows\System\SJjSjbY.exe
  2⤵
  PID:1560
- C:\Windows\System\NDAkliM.exe
  C:\Windows\System\NDAkliM.exe
  2⤵
  PID:1900
- C:\Windows\System\qgWbgce.exe
  C:\Windows\System\qgWbgce.exe
  2⤵
  PID:2788
- C:\Windows\System\qWEJoAF.exe
  C:\Windows\System\qWEJoAF.exe
  2⤵
  PID:2088
- C:\Windows\System\vIdMIKw.exe
  C:\Windows\System\vIdMIKw.exe
  2⤵
  PID:2616
- C:\Windows\System\rpTXYRd.exe
  C:\Windows\System\rpTXYRd.exe
  2⤵
  PID:1196
- C:\Windows\System\YYJEkdp.exe
  C:\Windows\System\YYJEkdp.exe
  2⤵
  PID:2160
- C:\Windows\System\fMLVSVM.exe
  C:\Windows\System\fMLVSVM.exe
  2⤵
  PID:1892
- C:\Windows\System\WXMFmHT.exe
  C:\Windows\System\WXMFmHT.exe
  2⤵
  PID:2728
- C:\Windows\System\mnyZTtL.exe
  C:\Windows\System\mnyZTtL.exe
  2⤵
  PID:1896
- C:\Windows\System\fAmRklH.exe
  C:\Windows\System\fAmRklH.exe
  2⤵
  PID:2212
- C:\Windows\System\MHZguil.exe
  C:\Windows\System\MHZguil.exe
  2⤵
  PID:2320
- C:\Windows\System\CFItXSJ.exe
  C:\Windows\System\CFItXSJ.exe
  2⤵
  PID:1340
- C:\Windows\System\FMMbfTZ.exe
  C:\Windows\System\FMMbfTZ.exe
  2⤵
  PID:840
- C:\Windows\System\OrHwnLw.exe
  C:\Windows\System\OrHwnLw.exe
  2⤵
  PID:2300
- C:\Windows\System\puARyHe.exe
  C:\Windows\System\puARyHe.exe
  2⤵
  PID:2876
- C:\Windows\System\UCtXhsM.exe
  C:\Windows\System\UCtXhsM.exe
  2⤵
  PID:848
- C:\Windows\System\paWYYXN.exe
  C:\Windows\System\paWYYXN.exe
  2⤵
  PID:2052
- C:\Windows\System\syLJlTE.exe
  C:\Windows\System\syLJlTE.exe
  2⤵
  PID:880
- C:\Windows\System\jrhIRDa.exe
  C:\Windows\System\jrhIRDa.exe
  2⤵
  PID:2588
- C:\Windows\System\FtbRfHF.exe
  C:\Windows\System\FtbRfHF.exe
  2⤵
  PID:1552
- C:\Windows\System\FYMicaQ.exe
  C:\Windows\System\FYMicaQ.exe
  2⤵
  PID:2400
- C:\Windows\System\MhSXqTZ.exe
  C:\Windows\System\MhSXqTZ.exe
  2⤵
  PID:1636
- C:\Windows\System\ftSYXRA.exe
  C:\Windows\System\ftSYXRA.exe
  2⤵
  PID:2792
- C:\Windows\System\ISVRuws.exe
  C:\Windows\System\ISVRuws.exe
  2⤵
  PID:1388
- C:\Windows\System\wOoldmk.exe
  C:\Windows\System\wOoldmk.exe
  2⤵
  PID:556
- C:\Windows\System\Kfgorkx.exe
  C:\Windows\System\Kfgorkx.exe
  2⤵
  PID:940
- C:\Windows\System\MGdAzYq.exe
  C:\Windows\System\MGdAzYq.exe
  2⤵
  PID:912
- C:\Windows\System\gTwVUQB.exe
  C:\Windows\System\gTwVUQB.exe
  2⤵
  PID:1544
- C:\Windows\System\zYWQdma.exe
  C:\Windows\System\zYWQdma.exe
  2⤵
  PID:1120
- C:\Windows\System\UjeEJsp.exe
  C:\Windows\System\UjeEJsp.exe
  2⤵
  PID:1580
- C:\Windows\System\vEXjNzm.exe
  C:\Windows\System\vEXjNzm.exe
  2⤵
  PID:2156
- C:\Windows\System\xiBypGY.exe
  C:\Windows\System\xiBypGY.exe
  2⤵
  PID:1376
- C:\Windows\System\DINjJBi.exe
  C:\Windows\System\DINjJBi.exe
  2⤵
  PID:2224
- C:\Windows\System\hgVEYpA.exe
  C:\Windows\System\hgVEYpA.exe
  2⤵
  PID:2760
- C:\Windows\System\ssLuyqr.exe
  C:\Windows\System\ssLuyqr.exe
  2⤵
  PID:3016
- C:\Windows\System\UCtEpYJ.exe
  C:\Windows\System\UCtEpYJ.exe
  2⤵
  PID:2356
- C:\Windows\System\wqHXHlt.exe
  C:\Windows\System\wqHXHlt.exe
  2⤵
  PID:2496
- C:\Windows\System\KkyaTVJ.exe
  C:\Windows\System\KkyaTVJ.exe
  2⤵
  PID:2520
- C:\Windows\System\BFVgQgw.exe
  C:\Windows\System\BFVgQgw.exe
  2⤵
  PID:2724
- C:\Windows\System\KamEpAu.exe
  C:\Windows\System\KamEpAu.exe
  2⤵
  PID:2608
- C:\Windows\System\Gbcurkp.exe
  C:\Windows\System\Gbcurkp.exe
  2⤵
  PID:1652
- C:\Windows\System\PGBjmSl.exe
  C:\Windows\System\PGBjmSl.exe
  2⤵
  PID:1724
- C:\Windows\System\ZROZyVd.exe
  C:\Windows\System\ZROZyVd.exe
  2⤵
  PID:2420
- C:\Windows\System\vjMcpKY.exe
  C:\Windows\System\vjMcpKY.exe
  2⤵
  PID:2568
- C:\Windows\System\VInOiLZ.exe
  C:\Windows\System\VInOiLZ.exe
  2⤵
  PID:2584
- C:\Windows\System\mLtVmrM.exe
  C:\Windows\System\mLtVmrM.exe
  2⤵
  PID:1108
- C:\Windows\System\xCNJSLM.exe
  C:\Windows\System\xCNJSLM.exe
  2⤵
  PID:2800
- C:\Windows\System\TKoSNuI.exe
  C:\Windows\System\TKoSNuI.exe
  2⤵
  PID:3000
- C:\Windows\System\CzxOUXp.exe
  C:\Windows\System\CzxOUXp.exe
  2⤵
  PID:576
- C:\Windows\System\JymAxsR.exe
  C:\Windows\System\JymAxsR.exe
  2⤵
  PID:3040
- C:\Windows\System\syWbPDC.exe
  C:\Windows\System\syWbPDC.exe
  2⤵
  PID:1588
- C:\Windows\System\DYGKqhl.exe
  C:\Windows\System\DYGKqhl.exe
  2⤵
  PID:2700
- C:\Windows\System\pNNTWSE.exe
  C:\Windows\System\pNNTWSE.exe
  2⤵
  PID:1440
- C:\Windows\System\OyLDdwE.exe
  C:\Windows\System\OyLDdwE.exe
  2⤵
  PID:2736
- C:\Windows\System\KAHboCs.exe
  C:\Windows\System\KAHboCs.exe
  2⤵
  PID:2452
- C:\Windows\System\TASDhwO.exe
  C:\Windows\System\TASDhwO.exe
  2⤵
  PID:2380
- C:\Windows\System\EKNamFB.exe
  C:\Windows\System\EKNamFB.exe
  2⤵
  PID:736
- C:\Windows\System\ttgrxIc.exe
  C:\Windows\System\ttgrxIc.exe
  2⤵
  PID:1176
- C:\Windows\System\AtxJnQs.exe
  C:\Windows\System\AtxJnQs.exe
  2⤵
  PID:1688
- C:\Windows\System\DHoopPc.exe
  C:\Windows\System\DHoopPc.exe
  2⤵
  PID:2796
- C:\Windows\System\dhmurUN.exe
  C:\Windows\System\dhmurUN.exe
  2⤵
  PID:1180
- C:\Windows\System\XdewQzI.exe
  C:\Windows\System\XdewQzI.exe
  2⤵
  PID:3076
- C:\Windows\System\THjnfyR.exe
  C:\Windows\System\THjnfyR.exe
  2⤵
  PID:3092
- C:\Windows\System\JhawQQB.exe
  C:\Windows\System\JhawQQB.exe
  2⤵
  PID:3112
- C:\Windows\System\lkesIBq.exe
  C:\Windows\System\lkesIBq.exe
  2⤵
  PID:3128
- C:\Windows\System\yXnhFVL.exe
  C:\Windows\System\yXnhFVL.exe
  2⤵
  PID:3144
- C:\Windows\System\YWcscZF.exe
  C:\Windows\System\YWcscZF.exe
  2⤵
  PID:3160
- C:\Windows\System\wOhoMLB.exe
  C:\Windows\System\wOhoMLB.exe
  2⤵
  PID:3176
- C:\Windows\System\JVcCAIn.exe
  C:\Windows\System\JVcCAIn.exe
  2⤵
  PID:3196
- C:\Windows\System\LmNmJjf.exe
  C:\Windows\System\LmNmJjf.exe
  2⤵
  PID:3212
- C:\Windows\System\nBTldav.exe
  C:\Windows\System\nBTldav.exe
  2⤵
  PID:3300
- C:\Windows\System\Cwqppob.exe
  C:\Windows\System\Cwqppob.exe
  2⤵
  PID:3320
- C:\Windows\System\ZnguVGo.exe
  C:\Windows\System\ZnguVGo.exe
  2⤵
  PID:3336
- C:\Windows\System\cKEKPtb.exe
  C:\Windows\System\cKEKPtb.exe
  2⤵
  PID:3352
- C:\Windows\System\YlJvyGR.exe
  C:\Windows\System\YlJvyGR.exe
  2⤵
  PID:3368
- C:\Windows\System\BYItqgW.exe
  C:\Windows\System\BYItqgW.exe
  2⤵
  PID:3384
- C:\Windows\System\QlOaqWg.exe
  C:\Windows\System\QlOaqWg.exe
  2⤵
  PID:3400
- C:\Windows\System\rHnnowN.exe
  C:\Windows\System\rHnnowN.exe
  2⤵
  PID:3416
- C:\Windows\System\VJtbHaC.exe
  C:\Windows\System\VJtbHaC.exe
  2⤵
  PID:3432
- C:\Windows\System\LSjwbxX.exe
  C:\Windows\System\LSjwbxX.exe
  2⤵
  PID:3448
- C:\Windows\System\tubiIpl.exe
  C:\Windows\System\tubiIpl.exe
  2⤵
  PID:3464
- C:\Windows\System\NoIQqGw.exe
  C:\Windows\System\NoIQqGw.exe
  2⤵
  PID:3480
- C:\Windows\System\fFfMGLU.exe
  C:\Windows\System\fFfMGLU.exe
  2⤵
  PID:3496
- C:\Windows\System\bBXWanN.exe
  C:\Windows\System\bBXWanN.exe
  2⤵
  PID:3512
- C:\Windows\System\juZBOeh.exe
  C:\Windows\System\juZBOeh.exe
  2⤵
  PID:3528
- C:\Windows\System\XXfeWKm.exe
  C:\Windows\System\XXfeWKm.exe
  2⤵
  PID:3600
- C:\Windows\System\oEIOilg.exe
  C:\Windows\System\oEIOilg.exe
  2⤵
  PID:3632
- C:\Windows\System\obzJEiH.exe
  C:\Windows\System\obzJEiH.exe
  2⤵
  PID:3648
- C:\Windows\System\RvIvrJK.exe
  C:\Windows\System\RvIvrJK.exe
  2⤵
  PID:3664
- C:\Windows\System\vPWlwBb.exe
  C:\Windows\System\vPWlwBb.exe
  2⤵
  PID:3684
- C:\Windows\System\TQkhMMw.exe
  C:\Windows\System\TQkhMMw.exe
  2⤵
  PID:3700
- C:\Windows\System\slKQHWz.exe
  C:\Windows\System\slKQHWz.exe
  2⤵
  PID:3716
- C:\Windows\System\dWDbciF.exe
  C:\Windows\System\dWDbciF.exe
  2⤵
  PID:3732
- C:\Windows\System\tjducqt.exe
  C:\Windows\System\tjducqt.exe
  2⤵
  PID:3748
- C:\Windows\System\mHHELnK.exe
  C:\Windows\System\mHHELnK.exe
  2⤵
  PID:3764
- C:\Windows\System\YakzXQr.exe
  C:\Windows\System\YakzXQr.exe
  2⤵
  PID:3784
- C:\Windows\System\wMURtQa.exe
  C:\Windows\System\wMURtQa.exe
  2⤵
  PID:3800
- C:\Windows\System\teioaZJ.exe
  C:\Windows\System\teioaZJ.exe
  2⤵
  PID:3816
- C:\Windows\System\EWKNieg.exe
  C:\Windows\System\EWKNieg.exe
  2⤵
  PID:3832
- C:\Windows\System\AnAJGwH.exe
  C:\Windows\System\AnAJGwH.exe
  2⤵
  PID:3852
- C:\Windows\System\HGCZtlh.exe
  C:\Windows\System\HGCZtlh.exe
  2⤵
  PID:3868
- C:\Windows\System\hVfOFch.exe
  C:\Windows\System\hVfOFch.exe
  2⤵
  PID:3884
- C:\Windows\System\BOmfmmi.exe
  C:\Windows\System\BOmfmmi.exe
  2⤵
  PID:3900
- C:\Windows\System\VQWsXIq.exe
  C:\Windows\System\VQWsXIq.exe
  2⤵
  PID:3916
- C:\Windows\System\GlYAwsS.exe
  C:\Windows\System\GlYAwsS.exe
  2⤵
  PID:4000
- C:\Windows\System\xIYiULg.exe
  C:\Windows\System\xIYiULg.exe
  2⤵
  PID:4016
- C:\Windows\System\doaueWG.exe
  C:\Windows\System\doaueWG.exe
  2⤵
  PID:4032
- C:\Windows\System\nuZIiSI.exe
  C:\Windows\System\nuZIiSI.exe
  2⤵
  PID:4048
- C:\Windows\System\nztHcGs.exe
  C:\Windows\System\nztHcGs.exe
  2⤵
  PID:4064
- C:\Windows\System\sgvEdPx.exe
  C:\Windows\System\sgvEdPx.exe
  2⤵
  PID:4080
- C:\Windows\System\kjFzkKM.exe
  C:\Windows\System\kjFzkKM.exe
  2⤵
  PID:2120
- C:\Windows\System\ihGxfPF.exe
  C:\Windows\System\ihGxfPF.exe
  2⤵
  PID:1984
- C:\Windows\System\ievXdRH.exe
  C:\Windows\System\ievXdRH.exe
  2⤵
  PID:1504
- C:\Windows\System\RDDlVXR.exe
  C:\Windows\System\RDDlVXR.exe
  2⤵
  PID:3124
- C:\Windows\System\OmnPnCH.exe
  C:\Windows\System\OmnPnCH.exe
  2⤵
  PID:3224
- C:\Windows\System\cKCxahO.exe
  C:\Windows\System\cKCxahO.exe
  2⤵
  PID:1664
- C:\Windows\System\wzXejcn.exe
  C:\Windows\System\wzXejcn.exe
  2⤵
  PID:3244
- C:\Windows\System\BsEUysP.exe
  C:\Windows\System\BsEUysP.exe
  2⤵
  PID:3260
- C:\Windows\System\ApTglUm.exe
  C:\Windows\System\ApTglUm.exe
  2⤵
  PID:3268
- C:\Windows\System\CmKvuFM.exe
  C:\Windows\System\CmKvuFM.exe
  2⤵
  PID:3284
- C:\Windows\System\aFItYHX.exe
  C:\Windows\System\aFItYHX.exe
  2⤵
  PID:2764
- C:\Windows\System\rNTndwJ.exe
  C:\Windows\System\rNTndwJ.exe
  2⤵
  PID:2532
- C:\Windows\System\bWgpxYz.exe
  C:\Windows\System\bWgpxYz.exe
  2⤵
  PID:2364
- C:\Windows\System\bmMTpTY.exe
  C:\Windows\System\bmMTpTY.exe
  2⤵
  PID:3136
- C:\Windows\System\ONuOiIy.exe
  C:\Windows\System\ONuOiIy.exe
  2⤵
  PID:3204
- C:\Windows\System\yXoWJbP.exe
  C:\Windows\System\yXoWJbP.exe
  2⤵
  PID:3332
- C:\Windows\System\ANSelei.exe
  C:\Windows\System\ANSelei.exe
  2⤵
  PID:3424
- C:\Windows\System\oNdXyyS.exe
  C:\Windows\System\oNdXyyS.exe
  2⤵
  PID:3548
- C:\Windows\System\CpdmpUg.exe
  C:\Windows\System\CpdmpUg.exe
  2⤵
  PID:3564
- C:\Windows\System\ZETpLek.exe
  C:\Windows\System\ZETpLek.exe
  2⤵
  PID:3576
- C:\Windows\System\yKNrvQJ.exe
  C:\Windows\System\yKNrvQJ.exe
  2⤵
  PID:3588
- C:\Windows\System\AlrXtAr.exe
  C:\Windows\System\AlrXtAr.exe
  2⤵
  PID:3612
- C:\Windows\System\OWQjhVr.exe
  C:\Windows\System\OWQjhVr.exe
  2⤵
  PID:3660
- C:\Windows\System\WySQljL.exe
  C:\Windows\System\WySQljL.exe
  2⤵
  PID:3756
- C:\Windows\System\MeuOxKg.exe
  C:\Windows\System\MeuOxKg.exe
  2⤵
  PID:3936
- C:\Windows\System\XINOyvK.exe
  C:\Windows\System\XINOyvK.exe
  2⤵
  PID:3948
- C:\Windows\System\vqbYxNx.exe
  C:\Windows\System\vqbYxNx.exe
  2⤵
  PID:3708
- C:\Windows\System\zlpYHYV.exe
  C:\Windows\System\zlpYHYV.exe
  2⤵
  PID:3740
- C:\Windows\System\osGWrAY.exe
  C:\Windows\System\osGWrAY.exe
  2⤵
  PID:3780
- C:\Windows\System\Bsockqt.exe
  C:\Windows\System\Bsockqt.exe
  2⤵
  PID:3844
- C:\Windows\System\aPgowRX.exe
  C:\Windows\System\aPgowRX.exe
  2⤵
  PID:3908
- C:\Windows\System\TDUyyXd.exe
  C:\Windows\System\TDUyyXd.exe
  2⤵
  PID:3984
- C:\Windows\System\HRYCENi.exe
  C:\Windows\System\HRYCENi.exe
  2⤵
  PID:3992
- C:\Windows\System\tNCNDGq.exe
  C:\Windows\System\tNCNDGq.exe
  2⤵
  PID:4028
- C:\Windows\System\oReunoR.exe
  C:\Windows\System\oReunoR.exe
  2⤵
  PID:4088
- C:\Windows\System\xQWPCuR.exe
  C:\Windows\System\xQWPCuR.exe
  2⤵
  PID:3188
- C:\Windows\System\HaaNRAM.exe
  C:\Windows\System\HaaNRAM.exe
  2⤵
  PID:2752
- C:\Windows\System\rXqyteb.exe
  C:\Windows\System\rXqyteb.exe
  2⤵
  PID:3396
- C:\Windows\System\DEZLIKC.exe
  C:\Windows\System\DEZLIKC.exe
  2⤵
  PID:4012
- C:\Windows\System\TRWhFXr.exe
  C:\Windows\System\TRWhFXr.exe
  2⤵
  PID:560
- C:\Windows\System\vKYWBVZ.exe
  C:\Windows\System\vKYWBVZ.exe
  2⤵
  PID:2112
- C:\Windows\System\QLjRjJN.exe
  C:\Windows\System\QLjRjJN.exe
  2⤵
  PID:3280
- C:\Windows\System\FoxOwSL.exe
  C:\Windows\System\FoxOwSL.exe
  2⤵
  PID:1980
- C:\Windows\System\qbvgGDz.exe
  C:\Windows\System\qbvgGDz.exe
  2⤵
  PID:3460
- C:\Windows\System\qREfgRZ.exe
  C:\Windows\System\qREfgRZ.exe
  2⤵
  PID:3492
- C:\Windows\System\iAARhYe.exe
  C:\Windows\System\iAARhYe.exe
  2⤵
  PID:3456
- C:\Windows\System\psPgUeC.exe
  C:\Windows\System\psPgUeC.exe
  2⤵
  PID:3408
- C:\Windows\System\GaTsdoj.exe
  C:\Windows\System\GaTsdoj.exe
  2⤵
  PID:3504
- C:\Windows\System\KclctuA.exe
  C:\Windows\System\KclctuA.exe
  2⤵
  PID:3536
- C:\Windows\System\HeYJeft.exe
  C:\Windows\System\HeYJeft.exe
  2⤵
  PID:3560
- C:\Windows\System\olrtjlF.exe
  C:\Windows\System\olrtjlF.exe
  2⤵
  PID:3656
- C:\Windows\System\DOqCQmv.exe
  C:\Windows\System\DOqCQmv.exe
  2⤵
  PID:3896
- C:\Windows\System\lnhlsTn.exe
  C:\Windows\System\lnhlsTn.exe
  2⤵
  PID:3796
- C:\Windows\System\XMeBCFy.exe
  C:\Windows\System\XMeBCFy.exe
  2⤵
  PID:3932
- C:\Windows\System\hknWXhH.exe
  C:\Windows\System\hknWXhH.exe
  2⤵
  PID:3772
- C:\Windows\System\siEwtQX.exe
  C:\Windows\System\siEwtQX.exe
  2⤵
  PID:4128
- C:\Windows\System\UZXgDwN.exe
  C:\Windows\System\UZXgDwN.exe
  2⤵
  PID:4144
- C:\Windows\System\fqnSeFx.exe
  C:\Windows\System\fqnSeFx.exe
  2⤵
  PID:4164
- C:\Windows\System\LuqyXhy.exe
  C:\Windows\System\LuqyXhy.exe
  2⤵
  PID:4180
- C:\Windows\System\WNLERsg.exe
  C:\Windows\System\WNLERsg.exe
  2⤵
  PID:4200
- C:\Windows\System\dmvAdYP.exe
  C:\Windows\System\dmvAdYP.exe
  2⤵
  PID:4216
- C:\Windows\System\ATLyWdR.exe
  C:\Windows\System\ATLyWdR.exe
  2⤵
  PID:4232
- C:\Windows\System\oEGuHxZ.exe
  C:\Windows\System\oEGuHxZ.exe
  2⤵
  PID:4248
- C:\Windows\System\vyqcScE.exe
  C:\Windows\System\vyqcScE.exe
  2⤵
  PID:4264
- C:\Windows\System\hnBwJoV.exe
  C:\Windows\System\hnBwJoV.exe
  2⤵
  PID:4280
- C:\Windows\System\sMBQoWp.exe
  C:\Windows\System\sMBQoWp.exe
  2⤵
  PID:4296
- C:\Windows\System\JdqVdFL.exe
  C:\Windows\System\JdqVdFL.exe
  2⤵
  PID:4312
- C:\Windows\System\TxgxqHP.exe
  C:\Windows\System\TxgxqHP.exe
  2⤵
  PID:4328
- C:\Windows\System\MyRMdSE.exe
  C:\Windows\System\MyRMdSE.exe
  2⤵
  PID:4344
- C:\Windows\System\POcStYY.exe
  C:\Windows\System\POcStYY.exe
  2⤵
  PID:4372
- C:\Windows\System\kCdIztX.exe
  C:\Windows\System\kCdIztX.exe
  2⤵
  PID:4388
- C:\Windows\System\JBnluSl.exe
  C:\Windows\System\JBnluSl.exe
  2⤵
  PID:4404
- C:\Windows\System\gnlgfOx.exe
  C:\Windows\System\gnlgfOx.exe
  2⤵
  PID:4420
- C:\Windows\System\wsIzAvy.exe
  C:\Windows\System\wsIzAvy.exe
  2⤵
  PID:4436
- C:\Windows\System\FcQMrzc.exe
  C:\Windows\System\FcQMrzc.exe
  2⤵
  PID:4456
- C:\Windows\System\bHlxQjT.exe
  C:\Windows\System\bHlxQjT.exe
  2⤵
  PID:4472
- C:\Windows\System\uARhNWd.exe
  C:\Windows\System\uARhNWd.exe
  2⤵
  PID:4488
- C:\Windows\System\rOHkiKN.exe
  C:\Windows\System\rOHkiKN.exe
  2⤵
  PID:4504
- C:\Windows\System\FfGdmjb.exe
  C:\Windows\System\FfGdmjb.exe
  2⤵
  PID:4520
- C:\Windows\System\pQMotZJ.exe
  C:\Windows\System\pQMotZJ.exe
  2⤵
  PID:4540
- C:\Windows\System\sYQSsNg.exe
  C:\Windows\System\sYQSsNg.exe
  2⤵
  PID:4568
- C:\Windows\System\wlSDPKe.exe
  C:\Windows\System\wlSDPKe.exe
  2⤵
  PID:4588
- C:\Windows\System\fhiLgWw.exe
  C:\Windows\System\fhiLgWw.exe
  2⤵
  PID:4604
- C:\Windows\System\mXTNhGz.exe
  C:\Windows\System\mXTNhGz.exe
  2⤵
  PID:4620
- C:\Windows\System\cmrHcMA.exe
  C:\Windows\System\cmrHcMA.exe
  2⤵
  PID:4636
- C:\Windows\System\CxgQNon.exe
  C:\Windows\System\CxgQNon.exe
  2⤵
  PID:4652
- C:\Windows\System\QJgbNvX.exe
  C:\Windows\System\QJgbNvX.exe
  2⤵
  PID:4668
- C:\Windows\System\NzUsSsv.exe
  C:\Windows\System\NzUsSsv.exe
  2⤵
  PID:4736
- C:\Windows\System\kqcOBxt.exe
  C:\Windows\System\kqcOBxt.exe
  2⤵
  PID:4784
- C:\Windows\System\rABrJHV.exe
  C:\Windows\System\rABrJHV.exe
  2⤵
  PID:4800
- C:\Windows\System\eFnyTpU.exe
  C:\Windows\System\eFnyTpU.exe
  2⤵
  PID:4820
- C:\Windows\System\RORqaTP.exe
  C:\Windows\System\RORqaTP.exe
  2⤵
  PID:4844
- C:\Windows\System\EKwfTnv.exe
  C:\Windows\System\EKwfTnv.exe
  2⤵
  PID:4908
- C:\Windows\System\stGOnTd.exe
  C:\Windows\System\stGOnTd.exe
  2⤵
  PID:4924
- C:\Windows\System\NXMlHvw.exe
  C:\Windows\System\NXMlHvw.exe
  2⤵
  PID:4944
- C:\Windows\System\YSeOWXI.exe
  C:\Windows\System\YSeOWXI.exe
  2⤵
  PID:4960
- C:\Windows\System\YzPRWXX.exe
  C:\Windows\System\YzPRWXX.exe
  2⤵
  PID:4976
- C:\Windows\System\vfinJOD.exe
  C:\Windows\System\vfinJOD.exe
  2⤵
  PID:4992
- C:\Windows\System\ksRKvUn.exe
  C:\Windows\System\ksRKvUn.exe
  2⤵
  PID:5008
- C:\Windows\System\aRCTfpb.exe
  C:\Windows\System\aRCTfpb.exe
  2⤵
  PID:5024
- C:\Windows\System\wYvaePU.exe
  C:\Windows\System\wYvaePU.exe
  2⤵
  PID:5040
- C:\Windows\System\NSsBRJd.exe
  C:\Windows\System\NSsBRJd.exe
  2⤵
  PID:5060
- C:\Windows\System\dlkcDhp.exe
  C:\Windows\System\dlkcDhp.exe
  2⤵
  PID:5080
- C:\Windows\System\ruVkuGS.exe
  C:\Windows\System\ruVkuGS.exe
  2⤵
  PID:5096
- C:\Windows\System\MVwFFIj.exe
  C:\Windows\System\MVwFFIj.exe
  2⤵
  PID:5112
- C:\Windows\System\NDvlVWW.exe
  C:\Windows\System\NDvlVWW.exe
  2⤵
  PID:3860
- C:\Windows\System\SlQVuJo.exe
  C:\Windows\System\SlQVuJo.exe
  2⤵
  PID:2828
- C:\Windows\System\baXSPsY.exe
  C:\Windows\System\baXSPsY.exe
  2⤵
  PID:3380
- C:\Windows\System\xGOGNkd.exe
  C:\Windows\System\xGOGNkd.exe
  2⤵
  PID:3540
- C:\Windows\System\OhkGUBK.exe
  C:\Windows\System\OhkGUBK.exe
  2⤵
  PID:3944
- C:\Windows\System\DZPNcFZ.exe
  C:\Windows\System\DZPNcFZ.exe
  2⤵
  PID:3088
- C:\Windows\System\XdZvQZN.exe
  C:\Windows\System\XdZvQZN.exe
  2⤵
  PID:3472
- C:\Windows\System\pqmGgaT.exe
  C:\Windows\System\pqmGgaT.exe
  2⤵
  PID:3568
- C:\Windows\System\uxZKEPT.exe
  C:\Windows\System\uxZKEPT.exe
  2⤵
  PID:3980
- C:\Windows\System\JxIFbPb.exe
  C:\Windows\System\JxIFbPb.exe
  2⤵
  PID:1660
- C:\Windows\System\TMZepyT.exe
  C:\Windows\System\TMZepyT.exe
  2⤵
  PID:3680
- C:\Windows\System\NtmpfDO.exe
  C:\Windows\System\NtmpfDO.exe
  2⤵
  PID:3392
- C:\Windows\System\UkvvyNy.exe
  C:\Windows\System\UkvvyNy.exe
  2⤵
  PID:4060
- C:\Windows\System\gwJKeEK.exe
  C:\Windows\System\gwJKeEK.exe
  2⤵
  PID:3236
- C:\Windows\System\DWHJouE.exe
  C:\Windows\System\DWHJouE.exe
  2⤵
  PID:4100
- C:\Windows\System\NpKvZON.exe
  C:\Windows\System\NpKvZON.exe
  2⤵
  PID:4136
- C:\Windows\System\OAqHZJr.exe
  C:\Windows\System\OAqHZJr.exe
  2⤵
  PID:4172
- C:\Windows\System\AywMhQt.exe
  C:\Windows\System\AywMhQt.exe
  2⤵
  PID:4244
- C:\Windows\System\YLoxLNd.exe
  C:\Windows\System\YLoxLNd.exe
  2⤵
  PID:4308
- C:\Windows\System\BIWyNRD.exe
  C:\Windows\System\BIWyNRD.exe
  2⤵
  PID:4196
- C:\Windows\System\AaXHrQT.exe
  C:\Windows\System\AaXHrQT.exe
  2⤵
  PID:4228
- C:\Windows\System\SDyoFYy.exe
  C:\Windows\System\SDyoFYy.exe
  2⤵
  PID:4324
- C:\Windows\System\GPjImjn.exe
  C:\Windows\System\GPjImjn.exe
  2⤵
  PID:4384
- C:\Windows\System\AnHMqWr.exe
  C:\Windows\System\AnHMqWr.exe
  2⤵
  PID:4400
- C:\Windows\System\qSCkoeE.exe
  C:\Windows\System\qSCkoeE.exe
  2⤵
  PID:4412
- C:\Windows\System\hQOreaT.exe
  C:\Windows\System\hQOreaT.exe
  2⤵
  PID:4452
- C:\Windows\System\URvjTCJ.exe
  C:\Windows\System\URvjTCJ.exe
  2⤵
  PID:4516
- C:\Windows\System\TtchVwD.exe
  C:\Windows\System\TtchVwD.exe
  2⤵
  PID:4560
- C:\Windows\System\IommlWD.exe
  C:\Windows\System\IommlWD.exe
  2⤵
  PID:4500
- C:\Windows\System\QAukjaA.exe
  C:\Windows\System\QAukjaA.exe
  2⤵
  PID:4632
- C:\Windows\System\FKXXMyS.exe
  C:\Windows\System\FKXXMyS.exe
  2⤵
  PID:4660
- C:\Windows\System\KjeWBUe.exe
  C:\Windows\System\KjeWBUe.exe
  2⤵
  PID:4688
- C:\Windows\System\nyPEdyL.exe
  C:\Windows\System\nyPEdyL.exe
  2⤵
  PID:4692
- C:\Windows\System\XzRvNwk.exe
  C:\Windows\System\XzRvNwk.exe
  2⤵
  PID:4708
- C:\Windows\System\xuzDQdy.exe
  C:\Windows\System\xuzDQdy.exe
  2⤵
  PID:4728
- C:\Windows\System\dcvmzWf.exe
  C:\Windows\System\dcvmzWf.exe
  2⤵
  PID:4104
- C:\Windows\System\MUhzPVY.exe
  C:\Windows\System\MUhzPVY.exe
  2⤵
  PID:4776
- C:\Windows\System\KqdfBza.exe
  C:\Windows\System\KqdfBza.exe
  2⤵
  PID:4808
- C:\Windows\System\TBBXrUH.exe
  C:\Windows\System\TBBXrUH.exe
  2⤵
  PID:4852
- C:\Windows\System\ipFCCYD.exe
  C:\Windows\System\ipFCCYD.exe
  2⤵
  PID:4872
- C:\Windows\System\zojLRvN.exe
  C:\Windows\System\zojLRvN.exe
  2⤵
  PID:4952
- C:\Windows\System\EADqxQw.exe
  C:\Windows\System\EADqxQw.exe
  2⤵
  PID:4892
- C:\Windows\System\RHRHqSP.exe
  C:\Windows\System\RHRHqSP.exe
  2⤵
  PID:4936
- C:\Windows\System\fBafGST.exe
  C:\Windows\System\fBafGST.exe
  2⤵
  PID:4896
- C:\Windows\System\hYhvaDv.exe
  C:\Windows\System\hYhvaDv.exe
  2⤵
  PID:4932
- C:\Windows\System\xGKqhMh.exe
  C:\Windows\System\xGKqhMh.exe
  2⤵
  PID:4972
- C:\Windows\System\AzrIKzO.exe
  C:\Windows\System\AzrIKzO.exe
  2⤵
  PID:5004
- C:\Windows\System\qnhtsBE.exe
  C:\Windows\System\qnhtsBE.exe
  2⤵
  PID:4956
- C:\Windows\System\wDGaGta.exe
  C:\Windows\System\wDGaGta.exe
  2⤵
  PID:5048
- C:\Windows\System\ArxQjLD.exe
  C:\Windows\System\ArxQjLD.exe
  2⤵
  PID:3696
- C:\Windows\System\sxsWaCn.exe
  C:\Windows\System\sxsWaCn.exe
  2⤵
  PID:3524
- C:\Windows\System\soXzNII.exe
  C:\Windows\System\soXzNII.exe
  2⤵
  PID:5032
- C:\Windows\System\AJcGige.exe
  C:\Windows\System\AJcGige.exe
  2⤵
  PID:3956
- C:\Windows\System\HhoYqmm.exe
  C:\Windows\System\HhoYqmm.exe
  2⤵
  PID:3308
- C:\Windows\System\hNhmlVW.exe
  C:\Windows\System\hNhmlVW.exe
  2⤵
  PID:4124
- C:\Windows\System\uzZCTFG.exe
  C:\Windows\System\uzZCTFG.exe
  2⤵
  PID:3344
- C:\Windows\System\uZndpaA.exe
  C:\Windows\System\uZndpaA.exe
  2⤵
  PID:4340
- C:\Windows\System\grWuyno.exe
  C:\Windows\System\grWuyno.exe
  2⤵
  PID:4364
- C:\Windows\System\CHdfwkW.exe
  C:\Windows\System\CHdfwkW.exe
  2⤵
  PID:1404
- C:\Windows\System\spkHSML.exe
  C:\Windows\System\spkHSML.exe
  2⤵
  PID:3824
- C:\Windows\System\FSqWIwN.exe
  C:\Windows\System\FSqWIwN.exe
  2⤵
  PID:4432
- C:\Windows\System\RDTvZol.exe
  C:\Windows\System\RDTvZol.exe
  2⤵
  PID:4256
- C:\Windows\System\YrlMFKl.exe
  C:\Windows\System\YrlMFKl.exe
  2⤵
  PID:4484
- C:\Windows\System\PJzvJYG.exe
  C:\Windows\System\PJzvJYG.exe
  2⤵
  PID:3952
- C:\Windows\System\SOczMwn.exe
  C:\Windows\System\SOczMwn.exe
  2⤵
  PID:4580
- C:\Windows\System\ChHJzBL.exe
  C:\Windows\System\ChHJzBL.exe
  2⤵
  PID:4684
- C:\Windows\System\emNvZQq.exe
  C:\Windows\System\emNvZQq.exe
  2⤵
  PID:4700
- C:\Windows\System\hvspYkI.exe
  C:\Windows\System\hvspYkI.exe
  2⤵
  PID:4616
- C:\Windows\System\UYcADmr.exe
  C:\Windows\System\UYcADmr.exe
  2⤵
  PID:4816
- C:\Windows\System\zXBfjcs.exe
  C:\Windows\System\zXBfjcs.exe
  2⤵
  PID:4984
- C:\Windows\System\zscSJji.exe
  C:\Windows\System\zscSJji.exe
  2⤵
  PID:3728
- C:\Windows\System\emveuln.exe
  C:\Windows\System\emveuln.exe
  2⤵
  PID:4832
- C:\Windows\System\OwQBLin.exe
  C:\Windows\System\OwQBLin.exe
  2⤵
  PID:3880
- C:\Windows\System\GEyepvc.exe
  C:\Windows\System\GEyepvc.exe
  2⤵
  PID:4888
- C:\Windows\System\djXVzST.exe
  C:\Windows\System\djXVzST.exe
  2⤵
  PID:3924
- C:\Windows\System\quUuFwT.exe
  C:\Windows\System\quUuFwT.exe
  2⤵
  PID:3968
- C:\Windows\System\SdLETkT.exe
  C:\Windows\System\SdLETkT.exe
  2⤵
  PID:4240
- C:\Windows\System\ySFPgiG.exe
  C:\Windows\System\ySFPgiG.exe
  2⤵
  PID:4860
- C:\Windows\System\iSSbISd.exe
  C:\Windows\System\iSSbISd.exe
  2⤵
  PID:5036
- C:\Windows\System\bPdtTfu.exe
  C:\Windows\System\bPdtTfu.exe
  2⤵
  PID:4356
- C:\Windows\System\hNKyFxc.exe
  C:\Windows\System\hNKyFxc.exe
  2⤵
  PID:4304
- C:\Windows\System\MLMXwdj.exe
  C:\Windows\System\MLMXwdj.exe
  2⤵
  PID:4720
- C:\Windows\System\xiNMUFU.exe
  C:\Windows\System\xiNMUFU.exe
  2⤵
  PID:4152
- C:\Windows\System\ZOSKsmq.exe
  C:\Windows\System\ZOSKsmq.exe
  2⤵
  PID:4828
- C:\Windows\System\GqCDAnb.exe
  C:\Windows\System\GqCDAnb.exe
  2⤵
  PID:4704
- C:\Windows\System\PMKBkyo.exe
  C:\Windows\System\PMKBkyo.exe
  2⤵
  PID:4612
- C:\Windows\System\RrIccMR.exe
  C:\Windows\System\RrIccMR.exe
  2⤵
  PID:4072
- C:\Windows\System\RCguUcO.exe
  C:\Windows\System\RCguUcO.exe
  2⤵
  PID:3240
- C:\Windows\System\FgnRtkL.exe
  C:\Windows\System\FgnRtkL.exe
  2⤵
  PID:5052
- C:\Windows\System\hnnOKFy.exe
  C:\Windows\System\hnnOKFy.exe
  2⤵
  PID:5104
- C:\Windows\System\vPKcUUB.exe
  C:\Windows\System\vPKcUUB.exe
  2⤵
  PID:2888
- C:\Windows\System\docvAzh.exe
  C:\Windows\System\docvAzh.exe
  2⤵
  PID:3556
- C:\Windows\System\EQHZsBH.exe
  C:\Windows\System\EQHZsBH.exe
  2⤵
  PID:4464
- C:\Windows\System\VCOWEfP.exe
  C:\Windows\System\VCOWEfP.exe
  2⤵
  PID:4584
- C:\Windows\System\mXgpZXP.exe
  C:\Windows\System\mXgpZXP.exe
  2⤵
  PID:4428
- C:\Windows\System\PkbDeYT.exe
  C:\Windows\System\PkbDeYT.exe
  2⤵
  PID:5124
- C:\Windows\System\iLLqITe.exe
  C:\Windows\System\iLLqITe.exe
  2⤵
  PID:5140
- C:\Windows\System\KhDnVgP.exe
  C:\Windows\System\KhDnVgP.exe
  2⤵
  PID:5156
- C:\Windows\System\tLXPrAj.exe
  C:\Windows\System\tLXPrAj.exe
  2⤵
  PID:5172
- C:\Windows\System\QdWHQjY.exe
  C:\Windows\System\QdWHQjY.exe
  2⤵
  PID:5192
- C:\Windows\System\nUapYoL.exe
  C:\Windows\System\nUapYoL.exe
  2⤵
  PID:5208
- C:\Windows\System\xnbHNym.exe
  C:\Windows\System\xnbHNym.exe
  2⤵
  PID:5224
- C:\Windows\System\eGzPDhj.exe
  C:\Windows\System\eGzPDhj.exe
  2⤵
  PID:5240
- C:\Windows\System\xoVIRbs.exe
  C:\Windows\System\xoVIRbs.exe
  2⤵
  PID:5256
- C:\Windows\System\LHGMiiX.exe
  C:\Windows\System\LHGMiiX.exe
  2⤵
  PID:5272
- C:\Windows\System\ZoNFUVr.exe
  C:\Windows\System\ZoNFUVr.exe
  2⤵
  PID:5288
- C:\Windows\System\qlnPYxU.exe
  C:\Windows\System\qlnPYxU.exe
  2⤵
  PID:5304
- C:\Windows\System\BrvlDSY.exe
  C:\Windows\System\BrvlDSY.exe
  2⤵
  PID:5320
- C:\Windows\System\jcFlnHR.exe
  C:\Windows\System\jcFlnHR.exe
  2⤵
  PID:5336
- C:\Windows\System\rcYbKsH.exe
  C:\Windows\System\rcYbKsH.exe
  2⤵
  PID:5352
- C:\Windows\System\jjYIXjM.exe
  C:\Windows\System\jjYIXjM.exe
  2⤵
  PID:5368
- C:\Windows\System\CCpzIYo.exe
  C:\Windows\System\CCpzIYo.exe
  2⤵
  PID:5384
- C:\Windows\System\BCwUZdP.exe
  C:\Windows\System\BCwUZdP.exe
  2⤵
  PID:5400
- C:\Windows\System\DJnAKmV.exe
  C:\Windows\System\DJnAKmV.exe
  2⤵
  PID:5416
- C:\Windows\System\iijMywk.exe
  C:\Windows\System\iijMywk.exe
  2⤵
  PID:5432
- C:\Windows\System\dBPxBPs.exe
  C:\Windows\System\dBPxBPs.exe
  2⤵
  PID:5448
- C:\Windows\System\vBFRxdf.exe
  C:\Windows\System\vBFRxdf.exe
  2⤵
  PID:5468
- C:\Windows\System\jIHGJrl.exe
  C:\Windows\System\jIHGJrl.exe
  2⤵
  PID:5484
- C:\Windows\System\WPxLmoT.exe
  C:\Windows\System\WPxLmoT.exe
  2⤵
  PID:5504
- C:\Windows\System\WsutFXS.exe
  C:\Windows\System\WsutFXS.exe
  2⤵
  PID:5520
- C:\Windows\System\onFAfVI.exe
  C:\Windows\System\onFAfVI.exe
  2⤵
  PID:5540
- C:\Windows\System\YNkfrrV.exe
  C:\Windows\System\YNkfrrV.exe
  2⤵
  PID:5556
- C:\Windows\System\rYvJBay.exe
  C:\Windows\System\rYvJBay.exe
  2⤵
  PID:5572
- C:\Windows\System\dZXyLOB.exe
  C:\Windows\System\dZXyLOB.exe
  2⤵
  PID:5588
- C:\Windows\System\EVSyEuu.exe
  C:\Windows\System\EVSyEuu.exe
  2⤵
  PID:5604
- C:\Windows\System\fOctwuy.exe
  C:\Windows\System\fOctwuy.exe
  2⤵
  PID:5620
- C:\Windows\System\MkrxaYT.exe
  C:\Windows\System\MkrxaYT.exe
  2⤵
  PID:5636
- C:\Windows\System\JbxXxye.exe
  C:\Windows\System\JbxXxye.exe
  2⤵
  PID:5652
- C:\Windows\System\qRblqYu.exe
  C:\Windows\System\qRblqYu.exe
  2⤵
  PID:5668
- C:\Windows\System\LVUCSbS.exe
  C:\Windows\System\LVUCSbS.exe
  2⤵
  PID:5684
- C:\Windows\System\HYgmzgl.exe
  C:\Windows\System\HYgmzgl.exe
  2⤵
  PID:5700
- C:\Windows\System\MDwYOKm.exe
  C:\Windows\System\MDwYOKm.exe
  2⤵
  PID:5724
- C:\Windows\System\tkaSmaZ.exe
  C:\Windows\System\tkaSmaZ.exe
  2⤵
  PID:5740
- C:\Windows\System\leHJLTM.exe
  C:\Windows\System\leHJLTM.exe
  2⤵
  PID:5756
- C:\Windows\System\gSFuMju.exe
  C:\Windows\System\gSFuMju.exe
  2⤵
  PID:5772
- C:\Windows\System\NYnyVbE.exe
  C:\Windows\System\NYnyVbE.exe
  2⤵
  PID:5792
- C:\Windows\System\ZXHspqf.exe
  C:\Windows\System\ZXHspqf.exe
  2⤵
  PID:5808
- C:\Windows\System\frlbKAA.exe
  C:\Windows\System\frlbKAA.exe
  2⤵
  PID:5824
- C:\Windows\System\hDQrpNw.exe
  C:\Windows\System\hDQrpNw.exe
  2⤵
  PID:5840
- C:\Windows\System\WefPFew.exe
  C:\Windows\System\WefPFew.exe
  2⤵
  PID:5860
- C:\Windows\System\jIeUEnl.exe
  C:\Windows\System\jIeUEnl.exe
  2⤵
  PID:5876
- C:\Windows\System\iBQEDtc.exe
  C:\Windows\System\iBQEDtc.exe
  2⤵
  PID:5896
- C:\Windows\System\WJPajfR.exe
  C:\Windows\System\WJPajfR.exe
  2⤵
  PID:5912
- C:\Windows\System\UHniBnd.exe
  C:\Windows\System\UHniBnd.exe
  2⤵
  PID:5936
- C:\Windows\System\oWvFHgk.exe
  C:\Windows\System\oWvFHgk.exe
  2⤵
  PID:5952
- C:\Windows\System\BaBThzV.exe
  C:\Windows\System\BaBThzV.exe
  2⤵
  PID:5968
- C:\Windows\System\QDteaSX.exe
  C:\Windows\System\QDteaSX.exe
  2⤵
  PID:5984
- C:\Windows\System\SnnedWE.exe
  C:\Windows\System\SnnedWE.exe
  2⤵
  PID:6004
- C:\Windows\System\OjtdNBv.exe
  C:\Windows\System\OjtdNBv.exe
  2⤵
  PID:6020
- C:\Windows\System\OCAMTnQ.exe
  C:\Windows\System\OCAMTnQ.exe
  2⤵
  PID:6036
- C:\Windows\System\wgDdvue.exe
  C:\Windows\System\wgDdvue.exe
  2⤵
  PID:6052
- C:\Windows\System\NuJveaa.exe
  C:\Windows\System\NuJveaa.exe
  2⤵
  PID:6068
- C:\Windows\System\zOqPkPY.exe
  C:\Windows\System\zOqPkPY.exe
  2⤵
  PID:6084
- C:\Windows\System\pFayMKo.exe
  C:\Windows\System\pFayMKo.exe
  2⤵
  PID:6100
- C:\Windows\System\byEnxHi.exe
  C:\Windows\System\byEnxHi.exe
  2⤵
  PID:6116
- C:\Windows\System\AiVyckX.exe
  C:\Windows\System\AiVyckX.exe
  2⤵
  PID:6132
- C:\Windows\System\hpfCcDM.exe
  C:\Windows\System\hpfCcDM.exe
  2⤵
  PID:4760
- C:\Windows\System\gPhkVzO.exe
  C:\Windows\System\gPhkVzO.exe
  2⤵
  PID:3172
- C:\Windows\System\OUScvNK.exe
  C:\Windows\System\OUScvNK.exe
  2⤵
  PID:3840
- C:\Windows\System\tTDTYRG.exe
  C:\Windows\System\tTDTYRG.exe
  2⤵
  PID:5164
- C:\Windows\System\wEogFOy.exe
  C:\Windows\System\wEogFOy.exe
  2⤵
  PID:5236
- C:\Windows\System\BqCEPQZ.exe
  C:\Windows\System\BqCEPQZ.exe
  2⤵
  PID:5296
- C:\Windows\System\IVPhzmR.exe
  C:\Windows\System\IVPhzmR.exe
  2⤵
  PID:4836
- C:\Windows\System\YZepKiP.exe
  C:\Windows\System\YZepKiP.exe
  2⤵
  PID:5220
- C:\Windows\System\htyCles.exe
  C:\Windows\System\htyCles.exe
  2⤵
  PID:5284
- C:\Windows\System\rFgCBQT.exe
  C:\Windows\System\rFgCBQT.exe
  2⤵
  PID:4552
- C:\Windows\System\WSSsuEP.exe
  C:\Windows\System\WSSsuEP.exe
  2⤵
  PID:5412
- C:\Windows\System\DBYMXhh.exe
  C:\Windows\System\DBYMXhh.exe
  2⤵
  PID:3476
- C:\Windows\System\WFyyxLY.exe
  C:\Windows\System\WFyyxLY.exe
  2⤵
  PID:5408
- C:\Windows\System\WbFVmnF.exe
  C:\Windows\System\WbFVmnF.exe
  2⤵
  PID:5396
- C:\Windows\System\adMamBC.exe
  C:\Windows\System\adMamBC.exe
  2⤵
  PID:5392
- C:\Windows\System\MiUmuvo.exe
  C:\Windows\System\MiUmuvo.exe
  2⤵
  PID:5460
- C:\Windows\System\bRcWjCf.exe
  C:\Windows\System\bRcWjCf.exe
  2⤵
  PID:5500
- C:\Windows\System\cYFffUf.exe
  C:\Windows\System\cYFffUf.exe
  2⤵
  PID:5580
- C:\Windows\System\eSVSvhq.exe
  C:\Windows\System\eSVSvhq.exe
  2⤵
  PID:5536
- C:\Windows\System\waJjcOB.exe
  C:\Windows\System\waJjcOB.exe
  2⤵
  PID:5612
- C:\Windows\System\WVMUfWD.exe
  C:\Windows\System\WVMUfWD.exe
  2⤵
  PID:5676
- C:\Windows\System\CDOgaMq.exe
  C:\Windows\System\CDOgaMq.exe
  2⤵
  PID:5716
- C:\Windows\System\mwEVimR.exe
  C:\Windows\System\mwEVimR.exe
  2⤵
  PID:5632
- C:\Windows\System\puBrTzM.exe
  C:\Windows\System\puBrTzM.exe
  2⤵
  PID:5748
- C:\Windows\System\IwlaMRr.exe
  C:\Windows\System\IwlaMRr.exe
  2⤵
  PID:5784
- C:\Windows\System\RRtaEZJ.exe
  C:\Windows\System\RRtaEZJ.exe
  2⤵
  PID:5764
- C:\Windows\System\LZislZE.exe
  C:\Windows\System\LZislZE.exe
  2⤵
  PID:5848
- C:\Windows\System\ZLaPrMz.exe
  C:\Windows\System\ZLaPrMz.exe
  2⤵
  PID:5920
- C:\Windows\System\LscEgNv.exe
  C:\Windows\System\LscEgNv.exe
  2⤵
  PID:5800
- C:\Windows\System\JvaZOcJ.exe
  C:\Windows\System\JvaZOcJ.exe
  2⤵
  PID:6128
- C:\Windows\System\rCBCStn.exe
  C:\Windows\System\rCBCStn.exe
  2⤵
  PID:5380
- C:\Windows\System\SCntbhn.exe
  C:\Windows\System\SCntbhn.exe
  2⤵
  PID:5092
- C:\Windows\System\MFqRAYM.exe
  C:\Windows\System\MFqRAYM.exe
  2⤵
  PID:5428
- C:\Windows\System\sUVSblk.exe
  C:\Windows\System\sUVSblk.exe
  2⤵
  PID:5584
- C:\Windows\System\AweSObc.exe
  C:\Windows\System\AweSObc.exe
  2⤵
  PID:5568
- C:\Windows\System\wbPOlpz.exe
  C:\Windows\System\wbPOlpz.exe
  2⤵
  PID:5680
- C:\Windows\System\bIevuel.exe
  C:\Windows\System\bIevuel.exe
  2⤵
  PID:5720
- C:\Windows\System\IhCbHns.exe
  C:\Windows\System\IhCbHns.exe
  2⤵
  PID:4276
- C:\Windows\System\mjlgZAt.exe
  C:\Windows\System\mjlgZAt.exe
  2⤵
  PID:5832
- C:\Windows\System\QXxlZKs.exe
  C:\Windows\System\QXxlZKs.exe
  2⤵
  PID:5868
- C:\Windows\System\XeEKBSF.exe
  C:\Windows\System\XeEKBSF.exe
  2⤵
  PID:5712
- C:\Windows\System\qYctnlu.exe
  C:\Windows\System\qYctnlu.exe
  2⤵
  PID:5820
- C:\Windows\System\KkOPVsV.exe
  C:\Windows\System\KkOPVsV.exe
  2⤵
  PID:6060
- C:\Windows\System\ujinQBq.exe
  C:\Windows\System\ujinQBq.exe
  2⤵
  PID:6044
- C:\Windows\System\BZAoljy.exe
  C:\Windows\System\BZAoljy.exe
  2⤵
  PID:6140
- C:\Windows\System\NCpZAXY.exe
  C:\Windows\System\NCpZAXY.exe
  2⤵
  PID:6064
- C:\Windows\System\UOVgwYn.exe
  C:\Windows\System\UOVgwYn.exe
  2⤵
  PID:5136
- C:\Windows\System\DSzBfOk.exe
  C:\Windows\System\DSzBfOk.exe
  2⤵
  PID:4772
- C:\Windows\System\SYlmhWc.exe
  C:\Windows\System\SYlmhWc.exe
  2⤵
  PID:5316
- C:\Windows\System\YueLmza.exe
  C:\Windows\System\YueLmza.exe
  2⤵
  PID:6124
- C:\Windows\System\VRxScKo.exe
  C:\Windows\System\VRxScKo.exe
  2⤵
  PID:6092
- C:\Windows\System\YsIWLcg.exe
  C:\Windows\System\YsIWLcg.exe
  2⤵
  PID:5980
- C:\Windows\System\bPQNMgz.exe
  C:\Windows\System\bPQNMgz.exe
  2⤵
  PID:5496
- C:\Windows\System\myPPdHd.exe
  C:\Windows\System\myPPdHd.exe
  2⤵
  PID:5360
- C:\Windows\System\FGcmYFr.exe
  C:\Windows\System\FGcmYFr.exe
  2⤵
  PID:5528
- C:\Windows\System\GYhGwnx.exe
  C:\Windows\System\GYhGwnx.exe
  2⤵
  PID:3976
- C:\Windows\System\oLSeirV.exe
  C:\Windows\System\oLSeirV.exe
  2⤵
  PID:5628
- C:\Windows\System\rRyqOAh.exe
  C:\Windows\System\rRyqOAh.exe
  2⤵
  PID:5856
- C:\Windows\System\zfvflqC.exe
  C:\Windows\System\zfvflqC.exe
  2⤵
  PID:5768
- C:\Windows\System\XbEfkfH.exe
  C:\Windows\System\XbEfkfH.exe
  2⤵
  PID:5964
- C:\Windows\System\WHmhaYB.exe
  C:\Windows\System\WHmhaYB.exe
  2⤵
  PID:6080
- C:\Windows\System\aqlOsJG.exe
  C:\Windows\System\aqlOsJG.exe
  2⤵
  PID:5016
- C:\Windows\System\aDqNuEg.exe
  C:\Windows\System\aDqNuEg.exe
  2⤵
  PID:5348
- C:\Windows\System\fYIxPmQ.exe
  C:\Windows\System\fYIxPmQ.exe
  2⤵
  PID:5376
- C:\Windows\System\dcnSUtL.exe
  C:\Windows\System\dcnSUtL.exe
  2⤵
  PID:5992
- C:\Windows\System\mhnbWTn.exe
  C:\Windows\System\mhnbWTn.exe
  2⤵
  PID:5736
- C:\Windows\System\bcpUrit.exe
  C:\Windows\System\bcpUrit.exe
  2⤵
  PID:5908
- C:\Windows\System\ufxpGZe.exe
  C:\Windows\System\ufxpGZe.exe
  2⤵
  PID:5216
- C:\Windows\System\bMCroXM.exe
  C:\Windows\System\bMCroXM.exe
  2⤵
  PID:6076
- C:\Windows\System\IomWLbG.exe
  C:\Windows\System\IomWLbG.exe
  2⤵
  PID:6016
- C:\Windows\System\kqSqnvX.exe
  C:\Windows\System\kqSqnvX.exe
  2⤵
  PID:5892
- C:\Windows\System\PtzcjLK.exe
  C:\Windows\System\PtzcjLK.exe
  2⤵
  PID:5996
- C:\Windows\System\YjVWOYO.exe
  C:\Windows\System\YjVWOYO.exe
  2⤵
  PID:6160
- C:\Windows\System\WdVnxyt.exe
  C:\Windows\System\WdVnxyt.exe
  2⤵
  PID:6176
- C:\Windows\System\VSilyAu.exe
  C:\Windows\System\VSilyAu.exe
  2⤵
  PID:6192
- C:\Windows\System\UzjfGns.exe
  C:\Windows\System\UzjfGns.exe
  2⤵
  PID:6208
- C:\Windows\System\yDbcaqI.exe
  C:\Windows\System\yDbcaqI.exe
  2⤵
  PID:6224
- C:\Windows\System\bFytRTC.exe
  C:\Windows\System\bFytRTC.exe
  2⤵
  PID:6240
- C:\Windows\System\PGLclHt.exe
  C:\Windows\System\PGLclHt.exe
  2⤵
  PID:6256
- C:\Windows\System\zQrVcSk.exe
  C:\Windows\System\zQrVcSk.exe
  2⤵
  PID:6272
- C:\Windows\System\hsqKUkr.exe
  C:\Windows\System\hsqKUkr.exe
  2⤵
  PID:6288
- C:\Windows\System\jtFBAsM.exe
  C:\Windows\System\jtFBAsM.exe
  2⤵
  PID:6304
- C:\Windows\System\GBILRNK.exe
  C:\Windows\System\GBILRNK.exe
  2⤵
  PID:6320
- C:\Windows\System\QcwaUQL.exe
  C:\Windows\System\QcwaUQL.exe
  2⤵
  PID:6336
- C:\Windows\System\LTsQCpC.exe
  C:\Windows\System\LTsQCpC.exe
  2⤵
  PID:6352
- C:\Windows\System\BAPIlui.exe
  C:\Windows\System\BAPIlui.exe
  2⤵
  PID:6368
- C:\Windows\System\AfhpGTp.exe
  C:\Windows\System\AfhpGTp.exe
  2⤵
  PID:6384
- C:\Windows\System\mXvmTpf.exe
  C:\Windows\System\mXvmTpf.exe
  2⤵
  PID:6400
- C:\Windows\System\fswvTYj.exe
  C:\Windows\System\fswvTYj.exe
  2⤵
  PID:6416
- C:\Windows\System\FPidTKf.exe
  C:\Windows\System\FPidTKf.exe
  2⤵
  PID:6432
- C:\Windows\System\MPVWOEb.exe
  C:\Windows\System\MPVWOEb.exe
  2⤵
  PID:6452
- C:\Windows\System\mDJwcxV.exe
  C:\Windows\System\mDJwcxV.exe
  2⤵
  PID:6472
- C:\Windows\System\yZYoqPt.exe
  C:\Windows\System\yZYoqPt.exe
  2⤵
  PID:6508
- C:\Windows\System\xoSszYA.exe
  C:\Windows\System\xoSszYA.exe
  2⤵
  PID:6524
- C:\Windows\System\lhidAOW.exe
  C:\Windows\System\lhidAOW.exe
  2⤵
  PID:6540
- C:\Windows\System\rZscUfT.exe
  C:\Windows\System\rZscUfT.exe
  2⤵
  PID:6556
- C:\Windows\System\TmZOMNL.exe
  C:\Windows\System\TmZOMNL.exe
  2⤵
  PID:6572
- C:\Windows\System\Sbplquz.exe
  C:\Windows\System\Sbplquz.exe
  2⤵
  PID:6588
- C:\Windows\System\hkGgjoM.exe
  C:\Windows\System\hkGgjoM.exe
  2⤵
  PID:6604
- C:\Windows\System\aozndTp.exe
  C:\Windows\System\aozndTp.exe
  2⤵
  PID:6620
- C:\Windows\System\ICXScdy.exe
  C:\Windows\System\ICXScdy.exe
  2⤵
  PID:6636
- C:\Windows\System\pARZqAd.exe
  C:\Windows\System\pARZqAd.exe
  2⤵
  PID:6652
- C:\Windows\System\MEJwXbb.exe
  C:\Windows\System\MEJwXbb.exe
  2⤵
  PID:6668
- C:\Windows\System\niryHYE.exe
  C:\Windows\System\niryHYE.exe
  2⤵
  PID:6684
- C:\Windows\System\gJdloCV.exe
  C:\Windows\System\gJdloCV.exe
  2⤵
  PID:6704
- C:\Windows\System\segkIfo.exe
  C:\Windows\System\segkIfo.exe
  2⤵
  PID:6720
- C:\Windows\System\TqhIZgw.exe
  C:\Windows\System\TqhIZgw.exe
  2⤵
  PID:6736
- C:\Windows\System\JAsQrjd.exe
  C:\Windows\System\JAsQrjd.exe
  2⤵
  PID:6752
- C:\Windows\System\BjldLOX.exe
  C:\Windows\System\BjldLOX.exe
  2⤵
  PID:6768
- C:\Windows\System\OoPUlMb.exe
  C:\Windows\System\OoPUlMb.exe
  2⤵
  PID:6784
- C:\Windows\System\ISAzGzL.exe
  C:\Windows\System\ISAzGzL.exe
  2⤵
  PID:6800
- C:\Windows\System\oOwYDUT.exe
  C:\Windows\System\oOwYDUT.exe
  2⤵
  PID:6816
- C:\Windows\System\oauzikQ.exe
  C:\Windows\System\oauzikQ.exe
  2⤵
  PID:6832
- C:\Windows\System\kAIltJV.exe
  C:\Windows\System\kAIltJV.exe
  2⤵
  PID:6848
- C:\Windows\System\VHsSDzZ.exe
  C:\Windows\System\VHsSDzZ.exe
  2⤵
  PID:6864
- C:\Windows\System\VbkwxUB.exe
  C:\Windows\System\VbkwxUB.exe
  2⤵
  PID:6880
- C:\Windows\System\uzUNGpq.exe
  C:\Windows\System\uzUNGpq.exe
  2⤵
  PID:6896
- C:\Windows\System\jBOcuZx.exe
  C:\Windows\System\jBOcuZx.exe
  2⤵
  PID:6912
- C:\Windows\System\gnSOWUR.exe
  C:\Windows\System\gnSOWUR.exe
  2⤵
  PID:6928
- C:\Windows\System\DAobKCp.exe
  C:\Windows\System\DAobKCp.exe
  2⤵
  PID:6944
- C:\Windows\System\IgPpIJo.exe
  C:\Windows\System\IgPpIJo.exe
  2⤵
  PID:6960
- C:\Windows\System\OXuuhtn.exe
  C:\Windows\System\OXuuhtn.exe
  2⤵
  PID:6976
- C:\Windows\System\uXAeFnt.exe
  C:\Windows\System\uXAeFnt.exe
  2⤵
  PID:6992
- C:\Windows\System\KnfJNrS.exe
  C:\Windows\System\KnfJNrS.exe
  2⤵
  PID:7008
- C:\Windows\System\BQfHpXE.exe
  C:\Windows\System\BQfHpXE.exe
  2⤵
  PID:7024
- C:\Windows\System\OQWXqBS.exe
  C:\Windows\System\OQWXqBS.exe
  2⤵
  PID:7040
- C:\Windows\System\PhyKPyX.exe
  C:\Windows\System\PhyKPyX.exe
  2⤵
  PID:7056
- C:\Windows\System\SGTVgDM.exe
  C:\Windows\System\SGTVgDM.exe
  2⤵
  PID:7072
- C:\Windows\System\uItUcOb.exe
  C:\Windows\System\uItUcOb.exe
  2⤵
  PID:7092
- C:\Windows\System\FJtqHfp.exe
  C:\Windows\System\FJtqHfp.exe
  2⤵
  PID:7108
- C:\Windows\System\LYmcWHr.exe
  C:\Windows\System\LYmcWHr.exe
  2⤵
  PID:7124
- C:\Windows\System\ZmfGVJK.exe
  C:\Windows\System\ZmfGVJK.exe
  2⤵
  PID:7140
- C:\Windows\System\jQqeNtJ.exe
  C:\Windows\System\jQqeNtJ.exe
  2⤵
  PID:7156
- C:\Windows\System\vJgoFvP.exe
  C:\Windows\System\vJgoFvP.exe
  2⤵
  PID:6156
- C:\Windows\System\mYnOvwP.exe
  C:\Windows\System\mYnOvwP.exe
  2⤵
  PID:4744
- C:\Windows\System\zwKnOVs.exe
  C:\Windows\System\zwKnOVs.exe
  2⤵
  PID:6220
- C:\Windows\System\GAkEndl.exe
  C:\Windows\System\GAkEndl.exe
  2⤵
  PID:6284
- C:\Windows\System\sbwrWsY.exe
  C:\Windows\System\sbwrWsY.exe
  2⤵
  PID:6348
- C:\Windows\System\UJbuBKo.exe
  C:\Windows\System\UJbuBKo.exe
  2⤵
  PID:6376
- C:\Windows\System\uCUVFJA.exe
  C:\Windows\System\uCUVFJA.exe
  2⤵
  PID:6332
- C:\Windows\System\WJCbhmg.exe
  C:\Windows\System\WJCbhmg.exe
  2⤵
  PID:6204
- C:\Windows\System\BrQiDIC.exe
  C:\Windows\System\BrQiDIC.exe
  2⤵
  PID:6360
- C:\Windows\System\TNmojuZ.exe
  C:\Windows\System\TNmojuZ.exe
  2⤵
  PID:6396
- C:\Windows\System\uBPYbPL.exe
  C:\Windows\System\uBPYbPL.exe
  2⤵
  PID:6468
- C:\Windows\System\SFDUBKU.exe
  C:\Windows\System\SFDUBKU.exe
  2⤵
  PID:6440
- C:\Windows\System\MZwHlUe.exe
  C:\Windows\System\MZwHlUe.exe
  2⤵
  PID:6496
- C:\Windows\System\WoTCRiq.exe
  C:\Windows\System\WoTCRiq.exe
  2⤵
  PID:6516
- C:\Windows\System\mgRPBaO.exe
  C:\Windows\System\mgRPBaO.exe
  2⤵
  PID:5280
- C:\Windows\System\gxSAwdY.exe
  C:\Windows\System\gxSAwdY.exe
  2⤵
  PID:6600
- C:\Windows\System\hFhGtXO.exe
  C:\Windows\System\hFhGtXO.exe
  2⤵
  PID:6616
- C:\Windows\System\QBYAOIx.exe
  C:\Windows\System\QBYAOIx.exe
  2⤵
  PID:6664
- C:\Windows\System\aTThVRs.exe
  C:\Windows\System\aTThVRs.exe
  2⤵
  PID:6696
- C:\Windows\System\hqupDAg.exe
  C:\Windows\System\hqupDAg.exe
  2⤵
  PID:6732
- C:\Windows\System\LnijGfR.exe
  C:\Windows\System\LnijGfR.exe
  2⤵
  PID:6776
- C:\Windows\System\eIYVZUS.exe
  C:\Windows\System\eIYVZUS.exe
  2⤵
  PID:6796
- C:\Windows\System\EFXsmqs.exe
  C:\Windows\System\EFXsmqs.exe
  2⤵
  PID:6828
- C:\Windows\System\FGihPSu.exe
  C:\Windows\System\FGihPSu.exe
  2⤵
  PID:6844
- C:\Windows\System\pZEjaQK.exe
  C:\Windows\System\pZEjaQK.exe
  2⤵
  PID:6908
- C:\Windows\System\dqmDlAd.exe
  C:\Windows\System\dqmDlAd.exe
  2⤵
  PID:6972
- C:\Windows\System\IFuUAqi.exe
  C:\Windows\System\IFuUAqi.exe
  2⤵
  PID:7036
- C:\Windows\System\AFHuQab.exe
  C:\Windows\System\AFHuQab.exe
  2⤵
  PID:7104
- C:\Windows\System\LTXXNQn.exe
  C:\Windows\System\LTXXNQn.exe
  2⤵
  PID:6924
- C:\Windows\System\xvGDvDs.exe
  C:\Windows\System\xvGDvDs.exe
  2⤵
  PID:6988
- C:\Windows\System\yXCvhch.exe
  C:\Windows\System\yXCvhch.exe
  2⤵
  PID:7048
- C:\Windows\System\KohmZiz.exe
  C:\Windows\System\KohmZiz.exe
  2⤵
  PID:7116
- C:\Windows\System\abJnXTx.exe
  C:\Windows\System\abJnXTx.exe
  2⤵
  PID:7152
- C:\Windows\System\kvFDpKB.exe
  C:\Windows\System\kvFDpKB.exe
  2⤵
  PID:6316
- C:\Windows\System\zSmjvek.exe
  C:\Windows\System\zSmjvek.exe
  2⤵
  PID:6280
- C:\Windows\System\veRiUVz.exe
  C:\Windows\System\veRiUVz.exe
  2⤵
  PID:6168
- C:\Windows\System\BbDloJw.exe
  C:\Windows\System\BbDloJw.exe
  2⤵
  PID:6464
- C:\Windows\System\kvtKSgt.exe
  C:\Windows\System\kvtKSgt.exe
  2⤵
  PID:6552
- C:\Windows\System\WCdbqQh.exe
  C:\Windows\System\WCdbqQh.exe
  2⤵
  PID:6364
- C:\Windows\System\VlUGHLo.exe
  C:\Windows\System\VlUGHLo.exe
  2⤵
  PID:6536
- C:\Windows\System\wuRPECQ.exe
  C:\Windows\System\wuRPECQ.exe
  2⤵
  PID:6172
- C:\Windows\System\fLXZoZk.exe
  C:\Windows\System\fLXZoZk.exe
  2⤵
  PID:6660
- C:\Windows\System\BZLMafe.exe
  C:\Windows\System\BZLMafe.exe
  2⤵
  PID:6760
- C:\Windows\System\jGPuHOK.exe
  C:\Windows\System\jGPuHOK.exe
  2⤵
  PID:6968
- C:\Windows\System\KAdqEWG.exe
  C:\Windows\System\KAdqEWG.exe
  2⤵
  PID:6956
- C:\Windows\System\IqtTAVf.exe
  C:\Windows\System\IqtTAVf.exe
  2⤵
  PID:4468
- C:\Windows\System\sPXNzrb.exe
  C:\Windows\System\sPXNzrb.exe
  2⤵
  PID:6548
- C:\Windows\System\RjwiDRo.exe
  C:\Windows\System\RjwiDRo.exe
  2⤵
  PID:6840
- C:\Windows\System\tofGKMk.exe
  C:\Windows\System\tofGKMk.exe
  2⤵
  PID:7172
- C:\Windows\System\xVvjgzs.exe
  C:\Windows\System\xVvjgzs.exe
  2⤵
  PID:7188
- C:\Windows\System\wIkldmN.exe
  C:\Windows\System\wIkldmN.exe
  2⤵
  PID:7204
- C:\Windows\System\ayfrteE.exe
  C:\Windows\System\ayfrteE.exe
  2⤵
  PID:7220
- C:\Windows\System\vJGdxKy.exe
  C:\Windows\System\vJGdxKy.exe
  2⤵
  PID:7240
- C:\Windows\System\eCmRPaP.exe
  C:\Windows\System\eCmRPaP.exe
  2⤵
  PID:7328
- C:\Windows\System\wrdeYYm.exe
  C:\Windows\System\wrdeYYm.exe
  2⤵
  PID:7344
- C:\Windows\System\QoteHzH.exe
  C:\Windows\System\QoteHzH.exe
  2⤵
  PID:7360
- C:\Windows\System\zVQMvqe.exe
  C:\Windows\System\zVQMvqe.exe
  2⤵
  PID:7376
- C:\Windows\System\PRJVlbj.exe
  C:\Windows\System\PRJVlbj.exe
  2⤵
  PID:7392
- C:\Windows\System\VHoWOUn.exe
  C:\Windows\System\VHoWOUn.exe
  2⤵
  PID:7408
- C:\Windows\System\WqKGUHf.exe
  C:\Windows\System\WqKGUHf.exe
  2⤵
  PID:7424
- C:\Windows\System\zSxXMCg.exe
  C:\Windows\System\zSxXMCg.exe
  2⤵
  PID:7440
- C:\Windows\System\IPHpyXc.exe
  C:\Windows\System\IPHpyXc.exe
  2⤵
  PID:7456
- C:\Windows\System\OVodftZ.exe
  C:\Windows\System\OVodftZ.exe
  2⤵
  PID:7472
- C:\Windows\System\eUmCUAp.exe
  C:\Windows\System\eUmCUAp.exe
  2⤵
  PID:7488
- C:\Windows\System\XGmjJwP.exe
  C:\Windows\System\XGmjJwP.exe
  2⤵
  PID:7504
- C:\Windows\System\nPxpABM.exe
  C:\Windows\System\nPxpABM.exe
  2⤵
  PID:7520
- C:\Windows\System\jbhTqJK.exe
  C:\Windows\System\jbhTqJK.exe
  2⤵
  PID:7536
- C:\Windows\System\GypcJKd.exe
  C:\Windows\System\GypcJKd.exe
  2⤵
  PID:7552
- C:\Windows\System\HaTWiJE.exe
  C:\Windows\System\HaTWiJE.exe
  2⤵
  PID:7568
- C:\Windows\System\gMiptWd.exe
  C:\Windows\System\gMiptWd.exe
  2⤵
  PID:7588
- C:\Windows\System\igVmoOJ.exe
  C:\Windows\System\igVmoOJ.exe
  2⤵
  PID:7624
- C:\Windows\System\mTNumLO.exe
  C:\Windows\System\mTNumLO.exe
  2⤵
  PID:7652
- C:\Windows\System\exPnnkl.exe
  C:\Windows\System\exPnnkl.exe
  2⤵
  PID:7680
- C:\Windows\System\oZFDOgK.exe
  C:\Windows\System\oZFDOgK.exe
  2⤵
  PID:7696
- C:\Windows\System\tyocghM.exe
  C:\Windows\System\tyocghM.exe
  2⤵
  PID:7712
- C:\Windows\System\soLBPIq.exe
  C:\Windows\System\soLBPIq.exe
  2⤵
  PID:7728
- C:\Windows\System\oNSuqPp.exe
  C:\Windows\System\oNSuqPp.exe
  2⤵
  PID:7752
- C:\Windows\System\BikVjRc.exe
  C:\Windows\System\BikVjRc.exe
  2⤵
  PID:7768
- C:\Windows\System\vtyThHz.exe
  C:\Windows\System\vtyThHz.exe
  2⤵
  PID:7788
- C:\Windows\System\JbhmYfh.exe
  C:\Windows\System\JbhmYfh.exe
  2⤵
  PID:7804
- C:\Windows\System\kmcYIhg.exe
  C:\Windows\System\kmcYIhg.exe
  2⤵
  PID:7820
- C:\Windows\System\GXPxKpO.exe
  C:\Windows\System\GXPxKpO.exe
  2⤵
  PID:7836
- C:\Windows\System\zjUVeKJ.exe
  C:\Windows\System\zjUVeKJ.exe
  2⤵
  PID:7856
- C:\Windows\System\spoPuXK.exe
  C:\Windows\System\spoPuXK.exe
  2⤵
  PID:7872
- C:\Windows\System\XtKoZfR.exe
  C:\Windows\System\XtKoZfR.exe
  2⤵
  PID:7888
- C:\Windows\System\HZJZiGM.exe
  C:\Windows\System\HZJZiGM.exe
  2⤵
  PID:7904
- C:\Windows\System\VptedCk.exe
  C:\Windows\System\VptedCk.exe
  2⤵
  PID:7920
- C:\Windows\System\QqNbiTL.exe
  C:\Windows\System\QqNbiTL.exe
  2⤵
  PID:7936
- C:\Windows\System\ueKzQTP.exe
  C:\Windows\System\ueKzQTP.exe
  2⤵
  PID:7952
- C:\Windows\System\nhdUOoa.exe
  C:\Windows\System\nhdUOoa.exe
  2⤵
  PID:7968
- C:\Windows\System\RMFBSOZ.exe
  C:\Windows\System\RMFBSOZ.exe
  2⤵
  PID:7984
- C:\Windows\System\iCIopbs.exe
  C:\Windows\System\iCIopbs.exe
  2⤵
  PID:8000
- C:\Windows\System\SZJfQBt.exe
  C:\Windows\System\SZJfQBt.exe
  2⤵
  PID:8020
- C:\Windows\System\SGhuxLu.exe
  C:\Windows\System\SGhuxLu.exe
  2⤵
  PID:8036
- C:\Windows\System\goRKmWh.exe
  C:\Windows\System\goRKmWh.exe
  2⤵
  PID:8052
- C:\Windows\System\TJoSrAP.exe
  C:\Windows\System\TJoSrAP.exe
  2⤵
  PID:8068
- C:\Windows\System\cteuPrY.exe
  C:\Windows\System\cteuPrY.exe
  2⤵
  PID:8084
- C:\Windows\System\pXvBHtp.exe
  C:\Windows\System\pXvBHtp.exe
  2⤵
  PID:8100
- C:\Windows\System\nMWFRzq.exe
  C:\Windows\System\nMWFRzq.exe
  2⤵
  PID:8120
- C:\Windows\System\cdYCPwZ.exe
  C:\Windows\System\cdYCPwZ.exe
  2⤵
  PID:8140
- C:\Windows\System\IZthUGp.exe
  C:\Windows\System\IZthUGp.exe
  2⤵
  PID:8156
- C:\Windows\System\esChaKq.exe
  C:\Windows\System\esChaKq.exe
  2⤵
  PID:8180
- C:\Windows\System\SKVJRZD.exe
  C:\Windows\System\SKVJRZD.exe
  2⤵
  PID:7080
- C:\Windows\System\NCgnqCB.exe
  C:\Windows\System\NCgnqCB.exe
  2⤵
  PID:6584
- C:\Windows\System\BQpHguN.exe
  C:\Windows\System\BQpHguN.exe
  2⤵
  PID:7032
- C:\Windows\System\vfUpLvu.exe
  C:\Windows\System\vfUpLvu.exe
  2⤵
  PID:6692
- C:\Windows\System\WIuImVj.exe
  C:\Windows\System\WIuImVj.exe
  2⤵
  PID:6904
- C:\Windows\System\MzzkYAU.exe
  C:\Windows\System\MzzkYAU.exe
  2⤵
  PID:6888
- C:\Windows\System\CpERbvg.exe
  C:\Windows\System\CpERbvg.exe
  2⤵
  PID:7020
- C:\Windows\System\AgCgrwD.exe
  C:\Windows\System\AgCgrwD.exe
  2⤵
  PID:6252
- C:\Windows\System\SBKwCyS.exe
  C:\Windows\System\SBKwCyS.exe
  2⤵
  PID:6412
- C:\Windows\System\wKhrWuc.exe
  C:\Windows\System\wKhrWuc.exe
  2⤵
  PID:6984
- C:\Windows\System\CCEAgdK.exe
  C:\Windows\System\CCEAgdK.exe
  2⤵
  PID:6940
- C:\Windows\System\UpAAfSI.exe
  C:\Windows\System\UpAAfSI.exe
  2⤵
  PID:7232
- C:\Windows\System\xsKzHor.exe
  C:\Windows\System\xsKzHor.exe
  2⤵
  PID:7264
- C:\Windows\System\XmyUKnV.exe
  C:\Windows\System\XmyUKnV.exe
  2⤵
  PID:7280
- C:\Windows\System\HOVzgym.exe
  C:\Windows\System\HOVzgym.exe
  2⤵
  PID:7296
- C:\Windows\System\FhNVQPY.exe
  C:\Windows\System\FhNVQPY.exe
  2⤵
  PID:7252
- C:\Windows\System\gCahawG.exe
  C:\Windows\System\gCahawG.exe
  2⤵
  PID:7336
- C:\Windows\System\HIUWHRR.exe
  C:\Windows\System\HIUWHRR.exe
  2⤵
  PID:7404
- C:\Windows\System\LReeheE.exe
  C:\Windows\System\LReeheE.exe
  2⤵
  PID:7496
- C:\Windows\System\IrEbeEc.exe
  C:\Windows\System\IrEbeEc.exe
  2⤵
  PID:7564
- C:\Windows\System\EMGXbIl.exe
  C:\Windows\System\EMGXbIl.exe
  2⤵
  PID:7452
- C:\Windows\System\AyHBdzd.exe
  C:\Windows\System\AyHBdzd.exe
  2⤵
  PID:7352
- C:\Windows\System\jFtHRNE.exe
  C:\Windows\System\jFtHRNE.exe
  2⤵
  PID:7416
- C:\Windows\System\pSSHJsU.exe
  C:\Windows\System\pSSHJsU.exe
  2⤵
  PID:7576
- C:\Windows\System\pncbNcc.exe
  C:\Windows\System\pncbNcc.exe
  2⤵
  PID:7600
- C:\Windows\System\dvcDZeR.exe
  C:\Windows\System\dvcDZeR.exe
  2⤵
  PID:7612
- C:\Windows\System\iOKakHN.exe
  C:\Windows\System\iOKakHN.exe
  2⤵
  PID:7636
- C:\Windows\System\GQteoKS.exe
  C:\Windows\System\GQteoKS.exe
  2⤵
  PID:7760
- C:\Windows\System\Dyejeum.exe
  C:\Windows\System\Dyejeum.exe
  2⤵
  PID:7720
- C:\Windows\System\wxqIvLr.exe
  C:\Windows\System\wxqIvLr.exe
  2⤵
  PID:7832
- C:\Windows\System\ZfBvrWe.exe
  C:\Windows\System\ZfBvrWe.exe
  2⤵
  PID:7900
- C:\Windows\System\njRPETV.exe
  C:\Windows\System\njRPETV.exe
  2⤵
  PID:7964
- C:\Windows\System\dappQHn.exe
  C:\Windows\System\dappQHn.exe
  2⤵
  PID:7660
- C:\Windows\System\OwZCmPA.exe
  C:\Windows\System\OwZCmPA.exe
  2⤵
  PID:7668
- C:\Windows\System\wnHuJsU.exe
  C:\Windows\System\wnHuJsU.exe
  2⤵
  PID:7736
- C:\Windows\System\wPGNgxR.exe
  C:\Windows\System\wPGNgxR.exe
  2⤵
  PID:7776
- C:\Windows\System\MfCAgxh.exe
  C:\Windows\System\MfCAgxh.exe
  2⤵
  PID:7816
- C:\Windows\System\wcCskSV.exe
  C:\Windows\System\wcCskSV.exe
  2⤵
  PID:7880
- C:\Windows\System\tofRDGC.exe
  C:\Windows\System\tofRDGC.exe
  2⤵
  PID:7976
- C:\Windows\System\JMStUCq.exe
  C:\Windows\System\JMStUCq.exe
  2⤵
  PID:8048
- C:\Windows\System\tkqSVEE.exe
  C:\Windows\System\tkqSVEE.exe
  2⤵
  PID:8092
- C:\Windows\System\Colzarp.exe
  C:\Windows\System\Colzarp.exe
  2⤵
  PID:8108
- C:\Windows\System\DKoSVIq.exe
  C:\Windows\System\DKoSVIq.exe
  2⤵
  PID:8152
- C:\Windows\System\yYhcKis.exe
  C:\Windows\System\yYhcKis.exe
  2⤵
  PID:7184
- C:\Windows\System\QbuywRS.exe
  C:\Windows\System\QbuywRS.exe
  2⤵
  PID:8132
- C:\Windows\System\OaYLCRi.exe
  C:\Windows\System\OaYLCRi.exe
  2⤵
  PID:6860
- C:\Windows\System\xAIvRzl.exe
  C:\Windows\System\xAIvRzl.exe
  2⤵
  PID:8168
- C:\Windows\System\tSbBVJh.exe
  C:\Windows\System\tSbBVJh.exe
  2⤵
  PID:6612
- C:\Windows\System\IWhjHhB.exe
  C:\Windows\System\IWhjHhB.exe
  2⤵
  PID:6428
- C:\Windows\System\XugpfKm.exe
  C:\Windows\System\XugpfKm.exe
  2⤵
  PID:7304
- C:\Windows\System\jaZXjLT.exe
  C:\Windows\System\jaZXjLT.exe
  2⤵
  PID:6264
- C:\Windows\System\omnfsRM.exe
  C:\Windows\System\omnfsRM.exe
  2⤵
  PID:7288
- C:\Windows\System\iDZfGpX.exe
  C:\Windows\System\iDZfGpX.exe
  2⤵
  PID:7464
- C:\Windows\System\jBEBhLb.exe
  C:\Windows\System\jBEBhLb.exe
  2⤵
  PID:7384
- C:\Windows\System\ulLiTlz.exe
  C:\Windows\System\ulLiTlz.exe
  2⤵
  PID:7560
- C:\Windows\System\blsuYlI.exe
  C:\Windows\System\blsuYlI.exe
  2⤵
  PID:7276
- C:\Windows\System\carTivP.exe
  C:\Windows\System\carTivP.exe
  2⤵
  PID:7480
- C:\Windows\System\xmkDfly.exe
  C:\Windows\System\xmkDfly.exe
  2⤵
  PID:7800
- C:\Windows\System\tDMGQJb.exe
  C:\Windows\System\tDMGQJb.exe
  2⤵
  PID:7864
- C:\Windows\System\hlVOyPt.exe
  C:\Windows\System\hlVOyPt.exe
  2⤵
  PID:7676
- C:\Windows\System\zDXIpRk.exe
  C:\Windows\System\zDXIpRk.exe
  2⤵
  PID:7912
- C:\Windows\System\buzRbHx.exe
  C:\Windows\System\buzRbHx.exe
  2⤵
  PID:7084
- C:\Windows\System\BlawBHH.exe
  C:\Windows\System\BlawBHH.exe
  2⤵
  PID:8064
- C:\Windows\System\cgIoUyu.exe
  C:\Windows\System\cgIoUyu.exe
  2⤵
  PID:8028
- C:\Windows\System\DkghMaF.exe
  C:\Windows\System\DkghMaF.exe
  2⤵
  PID:7960
- C:\Windows\System\FLxWSSo.exe
  C:\Windows\System\FLxWSSo.exe
  2⤵
  PID:5264
- C:\Windows\System\XddrnrN.exe
  C:\Windows\System\XddrnrN.exe
  2⤵
  PID:6824
- C:\Windows\System\WAJMiUl.exe
  C:\Windows\System\WAJMiUl.exe
  2⤵
  PID:7248
- C:\Windows\System\fnXoZDs.exe
  C:\Windows\System\fnXoZDs.exe
  2⤵
  PID:8164
- C:\Windows\System\kqKBeVQ.exe
  C:\Windows\System\kqKBeVQ.exe
  2⤵
  PID:7708
- C:\Windows\System\ldvSWPj.exe
  C:\Windows\System\ldvSWPj.exe
  2⤵
  PID:8044
- C:\Windows\System\kSEetay.exe
  C:\Windows\System\kSEetay.exe
  2⤵
  PID:6876
- C:\Windows\System\BpricNq.exe
  C:\Windows\System\BpricNq.exe
  2⤵
  PID:7136
- C:\Windows\System\glPSLYs.exe
  C:\Windows\System\glPSLYs.exe
  2⤵
  PID:6748
- C:\Windows\System\IwPLIbT.exe
  C:\Windows\System\IwPLIbT.exe
  2⤵
  PID:7228
- C:\Windows\System\dGDjVYl.exe
  C:\Windows\System\dGDjVYl.exe
  2⤵
  PID:7436
- C:\Windows\System\mngCiMl.exe
  C:\Windows\System\mngCiMl.exe
  2⤵
  PID:7620
- C:\Windows\System\RsMfEvn.exe
  C:\Windows\System\RsMfEvn.exe
  2⤵
  PID:8204
- C:\Windows\System\kUjnoez.exe
  C:\Windows\System\kUjnoez.exe
  2⤵
  PID:8220
- C:\Windows\System\xnilSxR.exe
  C:\Windows\System\xnilSxR.exe
  2⤵
  PID:8236
- C:\Windows\System\aWaTMTA.exe
  C:\Windows\System\aWaTMTA.exe
  2⤵
  PID:8252
- C:\Windows\System\aAFPNYC.exe
  C:\Windows\System\aAFPNYC.exe
  2⤵
  PID:8268
- C:\Windows\System\YpeVmve.exe
  C:\Windows\System\YpeVmve.exe
  2⤵
  PID:8284
- C:\Windows\System\zSxIoQG.exe
  C:\Windows\System\zSxIoQG.exe
  2⤵
  PID:8300
- C:\Windows\System\DkYJjta.exe
  C:\Windows\System\DkYJjta.exe
  2⤵
  PID:8316
- C:\Windows\System\sXTERTg.exe
  C:\Windows\System\sXTERTg.exe
  2⤵
  PID:8332
- C:\Windows\System\JuTZuXR.exe
  C:\Windows\System\JuTZuXR.exe
  2⤵
  PID:8348
- C:\Windows\System\WkKxmzT.exe
  C:\Windows\System\WkKxmzT.exe
  2⤵
  PID:8364
- C:\Windows\System\qKMQcXs.exe
  C:\Windows\System\qKMQcXs.exe
  2⤵
  PID:8380
- C:\Windows\System\pqqYBBc.exe
  C:\Windows\System\pqqYBBc.exe
  2⤵
  PID:8396
- C:\Windows\System\qGzqwkX.exe
  C:\Windows\System\qGzqwkX.exe
  2⤵
  PID:8412
- C:\Windows\System\zLoJgOm.exe
  C:\Windows\System\zLoJgOm.exe
  2⤵
  PID:8428
- C:\Windows\System\HsIoTdx.exe
  C:\Windows\System\HsIoTdx.exe
  2⤵
  PID:8444
- C:\Windows\System\AyKqUXx.exe
  C:\Windows\System\AyKqUXx.exe
  2⤵
  PID:8460
- C:\Windows\System\duRPDbw.exe
  C:\Windows\System\duRPDbw.exe
  2⤵
  PID:8476
- C:\Windows\System\vhqnBdg.exe
  C:\Windows\System\vhqnBdg.exe
  2⤵
  PID:8492
- C:\Windows\System\KvIHLDa.exe
  C:\Windows\System\KvIHLDa.exe
  2⤵
  PID:8508
- C:\Windows\System\nYHTXrB.exe
  C:\Windows\System\nYHTXrB.exe
  2⤵
  PID:8524
- C:\Windows\System\SQoAxvd.exe
  C:\Windows\System\SQoAxvd.exe
  2⤵
  PID:8540
- C:\Windows\System\mjqxDnB.exe
  C:\Windows\System\mjqxDnB.exe
  2⤵
  PID:8560
- C:\Windows\System\gkhFWDK.exe
  C:\Windows\System\gkhFWDK.exe
  2⤵
  PID:8576
- C:\Windows\System\nFFCWDa.exe
  C:\Windows\System\nFFCWDa.exe
  2⤵
  PID:8592
- C:\Windows\System\BUUGgkL.exe
  C:\Windows\System\BUUGgkL.exe
  2⤵
  PID:8608
- C:\Windows\System\dZpxuID.exe
  C:\Windows\System\dZpxuID.exe
  2⤵
  PID:8624
- C:\Windows\System\SsVHOVT.exe
  C:\Windows\System\SsVHOVT.exe
  2⤵
  PID:8640
- C:\Windows\System\khWKCxZ.exe
  C:\Windows\System\khWKCxZ.exe
  2⤵
  PID:8656
- C:\Windows\System\nBRJMSW.exe
  C:\Windows\System\nBRJMSW.exe
  2⤵
  PID:8672
- C:\Windows\System\RiurjKk.exe
  C:\Windows\System\RiurjKk.exe
  2⤵
  PID:8692
- C:\Windows\System\JqBfNVB.exe
  C:\Windows\System\JqBfNVB.exe
  2⤵
  PID:8708
- C:\Windows\System\lZgZSEz.exe
  C:\Windows\System\lZgZSEz.exe
  2⤵
  PID:8724
- C:\Windows\System\OByctab.exe
  C:\Windows\System\OByctab.exe
  2⤵
  PID:8740
- C:\Windows\System\TCqZLTF.exe
  C:\Windows\System\TCqZLTF.exe
  2⤵
  PID:8756
- C:\Windows\System\utZeJZw.exe
  C:\Windows\System\utZeJZw.exe
  2⤵
  PID:8772
- C:\Windows\System\yelAqOh.exe
  C:\Windows\System\yelAqOh.exe
  2⤵
  PID:8788
- C:\Windows\System\vaywlpm.exe
  C:\Windows\System\vaywlpm.exe
  2⤵
  PID:8804
- C:\Windows\System\GEgRKBL.exe
  C:\Windows\System\GEgRKBL.exe
  2⤵
  PID:8820
- C:\Windows\System\jJrZQxo.exe
  C:\Windows\System\jJrZQxo.exe
  2⤵
  PID:8836
- C:\Windows\System\TtDZtDy.exe
  C:\Windows\System\TtDZtDy.exe
  2⤵
  PID:8852
- C:\Windows\System\WWTUSan.exe
  C:\Windows\System\WWTUSan.exe
  2⤵
  PID:8868
- C:\Windows\System\ckgDSZY.exe
  C:\Windows\System\ckgDSZY.exe
  2⤵
  PID:8884
- C:\Windows\System\mqoTLjW.exe
  C:\Windows\System\mqoTLjW.exe
  2⤵
  PID:8900
- C:\Windows\System\GHyVeWR.exe
  C:\Windows\System\GHyVeWR.exe
  2⤵
  PID:8916
- C:\Windows\System\HJDyUxA.exe
  C:\Windows\System\HJDyUxA.exe
  2⤵
  PID:8932
- C:\Windows\System\fpmNcxD.exe
  C:\Windows\System\fpmNcxD.exe
  2⤵
  PID:8948
- C:\Windows\System\fZdAjht.exe
  C:\Windows\System\fZdAjht.exe
  2⤵
  PID:8972
- C:\Windows\System\IIACfJy.exe
  C:\Windows\System\IIACfJy.exe
  2⤵
  PID:8988
- C:\Windows\System\wGvVKDa.exe
  C:\Windows\System\wGvVKDa.exe
  2⤵
  PID:9008
- C:\Windows\System\ZdrgQAI.exe
  C:\Windows\System\ZdrgQAI.exe
  2⤵
  PID:9024
- C:\Windows\System\zzrwAap.exe
  C:\Windows\System\zzrwAap.exe
  2⤵
  PID:9040
- C:\Windows\System\yLnFBUu.exe
  C:\Windows\System\yLnFBUu.exe
  2⤵
  PID:9056
- C:\Windows\System\xOPthuY.exe
  C:\Windows\System\xOPthuY.exe
  2⤵
  PID:9072
- C:\Windows\System\DKRdUZN.exe
  C:\Windows\System\DKRdUZN.exe
  2⤵
  PID:9088
- C:\Windows\System\tRgumjX.exe
  C:\Windows\System\tRgumjX.exe
  2⤵
  PID:9104
- C:\Windows\System\GGIwfuJ.exe
  C:\Windows\System\GGIwfuJ.exe
  2⤵
  PID:9120
- C:\Windows\System\JBpfmQv.exe
  C:\Windows\System\JBpfmQv.exe
  2⤵
  PID:9136
- C:\Windows\System\MvoNMhR.exe
  C:\Windows\System\MvoNMhR.exe
  2⤵
  PID:9152
- C:\Windows\System\zKkmvcj.exe
  C:\Windows\System\zKkmvcj.exe
  2⤵
  PID:9168
- C:\Windows\System\vgTMuIH.exe
  C:\Windows\System\vgTMuIH.exe
  2⤵
  PID:9184
- C:\Windows\System\tGqemHj.exe
  C:\Windows\System\tGqemHj.exe
  2⤵
  PID:9200
- C:\Windows\System\hBegQWr.exe
  C:\Windows\System\hBegQWr.exe
  2⤵
  PID:7528
- C:\Windows\System\LmIyMpG.exe
  C:\Windows\System\LmIyMpG.exe
  2⤵
  PID:6808
- C:\Windows\System\WElBafy.exe
  C:\Windows\System\WElBafy.exe
  2⤵
  PID:8228
- C:\Windows\System\gwYuPlG.exe
  C:\Windows\System\gwYuPlG.exe
  2⤵
  PID:8260
- C:\Windows\System\tdvWjZk.exe
  C:\Windows\System\tdvWjZk.exe
  2⤵
  PID:8356
- C:\Windows\System\XIywnCv.exe
  C:\Windows\System\XIywnCv.exe
  2⤵
  PID:8424
- C:\Windows\System\CDuYVhC.exe
  C:\Windows\System\CDuYVhC.exe
  2⤵
  PID:7604
- C:\Windows\System\pdHIQZz.exe
  C:\Windows\System\pdHIQZz.exe
  2⤵
  PID:7724
- C:\Windows\System\hbGjOAa.exe
  C:\Windows\System\hbGjOAa.exe
  2⤵
  PID:7744
- C:\Windows\System\TJYjocj.exe
  C:\Windows\System\TJYjocj.exe
  2⤵
  PID:7272
- C:\Windows\System\uOKhOro.exe
  C:\Windows\System\uOKhOro.exe
  2⤵
  PID:6488
- C:\Windows\System\lAxuYlr.exe
  C:\Windows\System\lAxuYlr.exe
  2⤵
  PID:7312
- C:\Windows\System\TPrAhnl.exe
  C:\Windows\System\TPrAhnl.exe
  2⤵
  PID:6492
- C:\Windows\System\dfmnbJF.exe
  C:\Windows\System\dfmnbJF.exe
  2⤵
  PID:8532
- C:\Windows\System\kFeGedN.exe
  C:\Windows\System\kFeGedN.exe
  2⤵
  PID:8600
- C:\Windows\System\FJxjvjI.exe
  C:\Windows\System\FJxjvjI.exe
  2⤵
  PID:8552
- C:\Windows\System\WnCQtJO.exe
  C:\Windows\System\WnCQtJO.exe
  2⤵
  PID:8648
- C:\Windows\System\fGXCySM.exe
  C:\Windows\System\fGXCySM.exe
  2⤵
  PID:8620
- C:\Windows\System\eVhayvV.exe
  C:\Windows\System\eVhayvV.exe
  2⤵
  PID:8688
- C:\Windows\System\XeVaQng.exe
  C:\Windows\System\XeVaQng.exe
  2⤵
  PID:8784
- C:\Windows\System\PfMjwSC.exe
  C:\Windows\System\PfMjwSC.exe
  2⤵
  PID:8520
- C:\Windows\System\UlWfavi.exe
  C:\Windows\System\UlWfavi.exe
  2⤵
  PID:8848
- C:\Windows\System\HkGMDmx.exe
  C:\Windows\System\HkGMDmx.exe
  2⤵
  PID:9020
- C:\Windows\System\ohSUPPC.exe
  C:\Windows\System\ohSUPPC.exe
  2⤵
  PID:9144
- C:\Windows\System\mQmoeMF.exe
  C:\Windows\System\mQmoeMF.exe
  2⤵
  PID:8200
- C:\Windows\System\zYJWhqd.exe
  C:\Windows\System\zYJWhqd.exe
  2⤵
  PID:8296
- C:\Windows\System\sdDLPvH.exe
  C:\Windows\System\sdDLPvH.exe
  2⤵
  PID:7916
- C:\Windows\System\OZUFCmO.exe
  C:\Windows\System\OZUFCmO.exe
  2⤵
  PID:6268
- C:\Windows\System\FexOTEj.exe
  C:\Windows\System\FexOTEj.exe
  2⤵
  PID:8664
- C:\Windows\System\paXPDlG.exe
  C:\Windows\System\paXPDlG.exe
  2⤵
  PID:8892
- C:\Windows\System\epUdkEr.exe
  C:\Windows\System\epUdkEr.exe
  2⤵
  PID:8968
- C:\Windows\System\TVfFela.exe
  C:\Windows\System\TVfFela.exe
  2⤵
  PID:8212
- C:\Windows\System\VSWYYxV.exe
  C:\Windows\System\VSWYYxV.exe
  2⤵
  PID:8276
- C:\Windows\System\HYNBQrr.exe
  C:\Windows\System\HYNBQrr.exe
  2⤵
  PID:8344
- C:\Windows\System\bVDiNmZ.exe
  C:\Windows\System\bVDiNmZ.exe
  2⤵
  PID:8440
- C:\Windows\System\JYzwUaK.exe
  C:\Windows\System\JYzwUaK.exe
  2⤵
  PID:8484
- C:\Windows\System\MWOnKlw.exe
  C:\Windows\System\MWOnKlw.exe
  2⤵
  PID:8548
- C:\Windows\System\tmIosYH.exe
  C:\Windows\System\tmIosYH.exe
  2⤵
  PID:8720
- C:\Windows\System\aVjTXQG.exe
  C:\Windows\System\aVjTXQG.exe
  2⤵
  PID:8880
- C:\Windows\System\AmHpoMN.exe
  C:\Windows\System\AmHpoMN.exe
  2⤵
  PID:8980
- C:\Windows\System\zoQOYZH.exe
  C:\Windows\System\zoQOYZH.exe
  2⤵
  PID:9180
- C:\Windows\System\NvxYJGo.exe
  C:\Windows\System\NvxYJGo.exe
  2⤵
  PID:8172
- C:\Windows\System\wWOTuLH.exe
  C:\Windows\System\wWOTuLH.exe
  2⤵
  PID:7368
- C:\Windows\System\jmiwuWY.exe
  C:\Windows\System\jmiwuWY.exe
  2⤵
  PID:8860
- C:\Windows\System\himoOWI.exe
  C:\Windows\System\himoOWI.exe
  2⤵
  PID:9224
- C:\Windows\System\qMAmwHK.exe
  C:\Windows\System\qMAmwHK.exe
  2⤵
  PID:9240
- C:\Windows\System\ErQTzGK.exe
  C:\Windows\System\ErQTzGK.exe
  2⤵
  PID:9256
- C:\Windows\System\pCEbGuV.exe
  C:\Windows\System\pCEbGuV.exe
  2⤵
  PID:9272
- C:\Windows\System\HGaSjbO.exe
  C:\Windows\System\HGaSjbO.exe
  2⤵
  PID:9288
- C:\Windows\System\vrRQLTd.exe
  C:\Windows\System\vrRQLTd.exe
  2⤵
  PID:9308
- C:\Windows\System\LrBqPnY.exe
  C:\Windows\System\LrBqPnY.exe
  2⤵
  PID:9324
- C:\Windows\System\dxOFqzG.exe
  C:\Windows\System\dxOFqzG.exe
  2⤵
  PID:9340
- C:\Windows\System\jcfUmTa.exe
  C:\Windows\System\jcfUmTa.exe
  2⤵
  PID:9356
- C:\Windows\System\xggCPui.exe
  C:\Windows\System\xggCPui.exe
  2⤵
  PID:9372
- C:\Windows\System\yfjEufw.exe
  C:\Windows\System\yfjEufw.exe
  2⤵
  PID:9388
- C:\Windows\System\Pjqqkjm.exe
  C:\Windows\System\Pjqqkjm.exe
  2⤵
  PID:9404
- C:\Windows\System\GKkeTee.exe
  C:\Windows\System\GKkeTee.exe
  2⤵
  PID:9420
- C:\Windows\System\SPXftZa.exe
  C:\Windows\System\SPXftZa.exe
  2⤵
  PID:9436
- C:\Windows\System\ZAJuFrX.exe
  C:\Windows\System\ZAJuFrX.exe
  2⤵
  PID:9452
- C:\Windows\System\cUraVfs.exe
  C:\Windows\System\cUraVfs.exe
  2⤵
  PID:9476
- C:\Windows\System\wshsGJW.exe
  C:\Windows\System\wshsGJW.exe
  2⤵
  PID:9492
- C:\Windows\System\bpTiWuN.exe
  C:\Windows\System\bpTiWuN.exe
  2⤵
  PID:9508
- C:\Windows\System\HCMovGl.exe
  C:\Windows\System\HCMovGl.exe
  2⤵
  PID:9524
- C:\Windows\System\fDriOtb.exe
  C:\Windows\System\fDriOtb.exe
  2⤵
  PID:9540
- C:\Windows\System\DRsxury.exe
  C:\Windows\System\DRsxury.exe
  2⤵
  PID:9556
- C:\Windows\System\sNICIgB.exe
  C:\Windows\System\sNICIgB.exe
  2⤵
  PID:9572
- C:\Windows\System\ZdlZYvi.exe
  C:\Windows\System\ZdlZYvi.exe
  2⤵
  PID:9588
- C:\Windows\System\ldhjjwx.exe
  C:\Windows\System\ldhjjwx.exe
  2⤵
  PID:9604
- C:\Windows\System\hTiMZTT.exe
  C:\Windows\System\hTiMZTT.exe
  2⤵
  PID:9620
- C:\Windows\System\JDwLllr.exe
  C:\Windows\System\JDwLllr.exe
  2⤵
  PID:9636
- C:\Windows\System\hORGzAR.exe
  C:\Windows\System\hORGzAR.exe
  2⤵
  PID:9656
- C:\Windows\System\uRSQtxD.exe
  C:\Windows\System\uRSQtxD.exe
  2⤵
  PID:9676
- C:\Windows\System\kKepYgm.exe
  C:\Windows\System\kKepYgm.exe
  2⤵
  PID:9692
- C:\Windows\System\aUCWPoO.exe
  C:\Windows\System\aUCWPoO.exe
  2⤵
  PID:9708
- C:\Windows\System\rWLAOfK.exe
  C:\Windows\System\rWLAOfK.exe
  2⤵
  PID:9728
- C:\Windows\System\foGqpPS.exe
  C:\Windows\System\foGqpPS.exe
  2⤵
  PID:9744
- C:\Windows\System\owpXOdO.exe
  C:\Windows\System\owpXOdO.exe
  2⤵
  PID:9760
- C:\Windows\System\SBMpKnY.exe
  C:\Windows\System\SBMpKnY.exe
  2⤵
  PID:9780
- C:\Windows\System\sbTVuTK.exe
  C:\Windows\System\sbTVuTK.exe
  2⤵
  PID:9796
- C:\Windows\System\dosQUDl.exe
  C:\Windows\System\dosQUDl.exe
  2⤵
  PID:9812
- C:\Windows\System\HFEUmNg.exe
  C:\Windows\System\HFEUmNg.exe
  2⤵
  PID:9828
- C:\Windows\System\sPXYvsu.exe
  C:\Windows\System\sPXYvsu.exe
  2⤵
  PID:9844
- C:\Windows\System\eqjJAHV.exe
  C:\Windows\System\eqjJAHV.exe
  2⤵
  PID:9868
- C:\Windows\System\QQgTBfV.exe
  C:\Windows\System\QQgTBfV.exe
  2⤵
  PID:9884
- C:\Windows\System\rgisBAA.exe
  C:\Windows\System\rgisBAA.exe
  2⤵
  PID:9920
- C:\Windows\System\pVDqGXk.exe
  C:\Windows\System\pVDqGXk.exe
  2⤵
  PID:9936
- C:\Windows\System\LUemtmw.exe
  C:\Windows\System\LUemtmw.exe
  2⤵
  PID:9952
- C:\Windows\System\GZGkvMO.exe
  C:\Windows\System\GZGkvMO.exe
  2⤵
  PID:9968
- C:\Windows\System\ErdGJYf.exe
  C:\Windows\System\ErdGJYf.exe
  2⤵
  PID:9984
- C:\Windows\System\jPDdvyD.exe
  C:\Windows\System\jPDdvyD.exe
  2⤵
  PID:10004
- C:\Windows\System\PdvutwW.exe
  C:\Windows\System\PdvutwW.exe
  2⤵
  PID:10020
- C:\Windows\System\CZKcool.exe
  C:\Windows\System\CZKcool.exe
  2⤵
  PID:10036
- C:\Windows\System\KPrkxpi.exe
  C:\Windows\System\KPrkxpi.exe
  2⤵
  PID:10052
- C:\Windows\System\mKRaUlz.exe
  C:\Windows\System\mKRaUlz.exe
  2⤵
  PID:10068
- C:\Windows\System\MtDtMEl.exe
  C:\Windows\System\MtDtMEl.exe
  2⤵
  PID:10084
- C:\Windows\System\GMaZZNN.exe
  C:\Windows\System\GMaZZNN.exe
  2⤵
  PID:10100
- C:\Windows\System\ULaDYgO.exe
  C:\Windows\System\ULaDYgO.exe
  2⤵
  PID:10116
- C:\Windows\System\kvOglLR.exe
  C:\Windows\System\kvOglLR.exe
  2⤵
  PID:10132
- C:\Windows\System\PrRSVjv.exe
  C:\Windows\System\PrRSVjv.exe
  2⤵
  PID:10152
- C:\Windows\System\pUTvwUq.exe
  C:\Windows\System\pUTvwUq.exe
  2⤵
  PID:10168
- C:\Windows\System\HFbBcyu.exe
  C:\Windows\System\HFbBcyu.exe
  2⤵
  PID:10184
- C:\Windows\System\SYmJaCY.exe
  C:\Windows\System\SYmJaCY.exe
  2⤵
  PID:10200
- C:\Windows\System\FYSzygz.exe
  C:\Windows\System\FYSzygz.exe
  2⤵
  PID:10220
- C:\Windows\System\iVigOhy.exe
  C:\Windows\System\iVigOhy.exe
  2⤵
  PID:8800
- C:\Windows\System\WlsNqsA.exe
  C:\Windows\System\WlsNqsA.exe
  2⤵
  PID:8588
- C:\Windows\System\KpRrTlz.exe
  C:\Windows\System\KpRrTlz.exe
  2⤵
  PID:9068
- C:\Windows\System\zeXMHyV.exe
  C:\Windows\System\zeXMHyV.exe
  2⤵
  PID:9164
- C:\Windows\System\GGVnKda.exe
  C:\Windows\System\GGVnKda.exe
  2⤵
  PID:8196
- C:\Windows\System\DDIyhNf.exe
  C:\Windows\System\DDIyhNf.exe
  2⤵
  PID:8420
- C:\Windows\System\pjnXFDP.exe
  C:\Windows\System\pjnXFDP.exe
  2⤵
  PID:8080
- C:\Windows\System\qvEKRPi.exe
  C:\Windows\System\qvEKRPi.exe
  2⤵
  PID:8584
- C:\Windows\System\ufOlVNM.exe
  C:\Windows\System\ufOlVNM.exe
  2⤵
  PID:9268
- C:\Windows\System\hllqewO.exe
  C:\Windows\System\hllqewO.exe
  2⤵
  PID:7796
- C:\Windows\System\kUtAaGR.exe
  C:\Windows\System\kUtAaGR.exe
  2⤵
  PID:9296
- C:\Windows\System\YdwkfMc.exe
  C:\Windows\System\YdwkfMc.exe
  2⤵
  PID:8248
- C:\Windows\System\AiJcvfH.exe
  C:\Windows\System\AiJcvfH.exe
  2⤵
  PID:8568
- C:\Windows\System\tspmSwz.exe
  C:\Windows\System\tspmSwz.exe
  2⤵
  PID:8668
- C:\Windows\System\BHZeXWk.exe
  C:\Windows\System\BHZeXWk.exe
  2⤵
  PID:8796
- C:\Windows\System\vDblgoQ.exe
  C:\Windows\System\vDblgoQ.exe
  2⤵
  PID:8924
- C:\Windows\System\lDCJlBk.exe
  C:\Windows\System\lDCJlBk.exe
  2⤵
  PID:9100
- C:\Windows\System\EUjoOiZ.exe
  C:\Windows\System\EUjoOiZ.exe
  2⤵
  PID:9304
- C:\Windows\System\ERzSWRo.exe
  C:\Windows\System\ERzSWRo.exe
  2⤵
  PID:9336
- C:\Windows\System\bsdjzPW.exe
  C:\Windows\System\bsdjzPW.exe
  2⤵
  PID:9080
- C:\Windows\System\dojnJXC.exe
  C:\Windows\System\dojnJXC.exe
  2⤵
  PID:9220
- C:\Windows\System\pIHISAP.exe
  C:\Windows\System\pIHISAP.exe
  2⤵
  PID:9284
- C:\Windows\System\VFSYRvA.exe
  C:\Windows\System\VFSYRvA.exe
  2⤵
  PID:9352
- C:\Windows\System\PoyAbyz.exe
  C:\Windows\System\PoyAbyz.exe
  2⤵
  PID:9412
- C:\Windows\System\xgBrZkF.exe
  C:\Windows\System\xgBrZkF.exe
  2⤵
  PID:9428
- C:\Windows\System\aItIdcO.exe
  C:\Windows\System\aItIdcO.exe
  2⤵
  PID:9400
- C:\Windows\System\yfiXKsM.exe
  C:\Windows\System\yfiXKsM.exe
  2⤵
  PID:9464
- C:\Windows\System\CfhFemg.exe
  C:\Windows\System\CfhFemg.exe
  2⤵
  PID:9500
- C:\Windows\System\hUIszXK.exe
  C:\Windows\System\hUIszXK.exe
  2⤵
  PID:9580
- C:\Windows\System\VEeCCSl.exe
  C:\Windows\System\VEeCCSl.exe
  2⤵
  PID:9648
- C:\Windows\System\NwJRobZ.exe
  C:\Windows\System\NwJRobZ.exe
  2⤵
  PID:9568
- C:\Windows\System\NNEUcAo.exe
  C:\Windows\System\NNEUcAo.exe
  2⤵
  PID:9652
- C:\Windows\System\PcpZQbS.exe
  C:\Windows\System\PcpZQbS.exe
  2⤵
  PID:9632
- C:\Windows\System\uuZJSrY.exe
  C:\Windows\System\uuZJSrY.exe
  2⤵
  PID:9664
- C:\Windows\System\KwYWVCl.exe
  C:\Windows\System\KwYWVCl.exe
  2⤵
  PID:9704
- C:\Windows\System\ZRNWbmI.exe
  C:\Windows\System\ZRNWbmI.exe
  2⤵
  PID:9776
- C:\Windows\System\HRWQjwX.exe
  C:\Windows\System\HRWQjwX.exe
  2⤵
  PID:9792
- C:\Windows\System\hSErCFz.exe
  C:\Windows\System\hSErCFz.exe
  2⤵
  PID:9840
- C:\Windows\System\OFQRZsg.exe
  C:\Windows\System\OFQRZsg.exe
  2⤵
  PID:9880
- C:\Windows\System\IFFsQjG.exe
  C:\Windows\System\IFFsQjG.exe
  2⤵
  PID:9964
- C:\Windows\System\RPIiPxY.exe
  C:\Windows\System\RPIiPxY.exe
  2⤵
  PID:9996
- C:\Windows\System\KFpwTYi.exe
  C:\Windows\System\KFpwTYi.exe
  2⤵
  PID:10032
- C:\Windows\System\Mwgnzsy.exe
  C:\Windows\System\Mwgnzsy.exe
  2⤵
  PID:9944
- C:\Windows\System\RUYjOaT.exe
  C:\Windows\System\RUYjOaT.exe
  2⤵
  PID:10012
- C:\Windows\System\GHrjKTj.exe
  C:\Windows\System\GHrjKTj.exe
  2⤵
  PID:9892
- C:\Windows\System\PGrdNnl.exe
  C:\Windows\System\PGrdNnl.exe
  2⤵
  PID:10108
- C:\Windows\System\QybLuOS.exe
  C:\Windows\System\QybLuOS.exe
  2⤵
  PID:9976
- C:\Windows\System\ggTMpEC.exe
  C:\Windows\System\ggTMpEC.exe
  2⤵
  PID:10096
- C:\Windows\System\wdORqnx.exe
  C:\Windows\System\wdORqnx.exe
  2⤵
  PID:10164
- C:\Windows\System\RUqaUIK.exe
  C:\Windows\System\RUqaUIK.exe
  2⤵
  PID:10148
- C:\Windows\System\qLNzLJM.exe
  C:\Windows\System\qLNzLJM.exe
  2⤵
  PID:10212
- C:\Windows\System\EwXUXUt.exe
  C:\Windows\System\EwXUXUt.exe
  2⤵
  PID:9160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BSfttSA.exe

Filesize
1.8MB

MD5
88bb52238da96ecb7ae29d12cc2741c5

SHA1
94b39e97da03f4e404b2e6fe1cb7f439ab5c7f84

SHA256
3522f1bf9ccb9cd6bd3cb358d14300ab61e12de45ff9234a9585fa56eebda3fb

SHA512
37192148f9968c824542a561ddd6c0f3ef5c1482d8dd84a40847b842d91909509b5e87b53ad04a3780b7acf662f3b27e6e54fab615c41b062def37f94f80e951

Download Submit
C:\Windows\system\CfihqEh.exe

Filesize
1.8MB

MD5
f0ecbce5e1ea7735eb5f3932a06854c7

SHA1
f5545a73d11971c1932490e57489869009b7ea9f

SHA256
d4180c55398ec76c01b3091886104513062dfeef93cca2206904f215819e6971

SHA512
f94e89283dc763fe837d2c9437f4863534e79ff88958d8331fdba653ea9d302683b44eeb1c3784e52be2fce1568b4d6993d97d84bf8a17045fb486eef46a0d00

Download Submit
C:\Windows\system\DiEpMvR.exe

Filesize
1.8MB

MD5
4b6a85b8df2ec51e267cd39ed2cd6a10

SHA1
1ee2d6b7335145adca544f963dec3b45302d5b9e

SHA256
88a892a85f36e0eff09269ec06e52c86a57d5d1c1a76426fffb8b617858b960e

SHA512
b3e400cb8cb7c9a05c28c3fae170ffc0d9a8412f96df80ed22c5d70bc3d5c1b4ed1389dabd018f0cddf8a42fdf9a311400b5221bec98ec59167bbc75bd925c81

Download Submit
C:\Windows\system\DopUmiz.exe

Filesize
1.8MB

MD5
bdc22149bf79a7e56e4cfa0ca9fa4ded

SHA1
0d6bebad3f96cabba0c64c235bd314be3c001cbd

SHA256
fa14f3bee1d3ef9835470b3c4db8dd71d9cf2e83ae3e0a49d79f93b8a328e733

SHA512
600a3eee21bf03811f12d2099a44e1d09a6e00d4cce21d98c122b46a5337001fd5ad7a377c57a66a920c468583b15272d21ad402988a46c3cfac0f2465f50437

Download Submit
C:\Windows\system\EMhKGGm.exe

Filesize
1.8MB

MD5
3ee4514f945af94cc1fe9fd818255112

SHA1
0fadd0fd38f043f59026594d04d41672d717576f

SHA256
518872e55665c57f8348d152b805080a3e8aaf859714c2b8e4e05d8cfd4c8f81

SHA512
622e72268ce4a28884b96495916b7b138fd20ded187aafa67c94777f250459c9d165e227b20763d0b6f5d40ab8c39bbd3ae1b59867dd49dfd3a9113388c99467

Download Submit
C:\Windows\system\EPMRvJH.exe

Filesize
1.8MB

MD5
c3c407e699c9ad217f6e07d523f76cca

SHA1
7ecdd46f8bffb9a81c48926a1e43c5470c685f23

SHA256
c40b81310459e277b6d67d5c217434124e283fe9f06f873451d0ea9178502021

SHA512
9a301fc20feb4dab9b488e6360fcbfaebb17a01e5d013550674542f904667982ecfd5ecccaf8233629e8ff19953a5bbcdca9e1b93eb5b7761cd0f39e3186e0c5

Download Submit
C:\Windows\system\EdwsHlp.exe

Filesize
1.8MB

MD5
0f70c2fc619c8e2d212fa8fd46603793

SHA1
98406d5db805d362bc7138ee00b2b7563fc2eb33

SHA256
abcb8c367512e9a7ef75d383745ed32348b2cc6f1d35e201346fb4c38a42bf70

SHA512
ec4547a5c9a5089d63153d0e50599ae1e31a9d146966cc5de5fadf891cf393f70955e09f7131f1ebacd70e6817c9fbe3b42b7ac9f26a3d6d47cac739da7f623e

Download Submit
C:\Windows\system\IDffwdn.exe

Filesize
1.8MB

MD5
cdd58c6c76d2e32e7287226ddd0fc3e3

SHA1
79a31aacbfd98b45aa7815ed35c0196b15deb588

SHA256
9e622cb772aa45a8a166134b10e390e712c6e43b26d729c5c852043b10cb74e5

SHA512
513e4e2b3864c4f96855bdab9ce4152a0651bf74569b6bcfbef89f8efb5de333beb9df1256bb383bb65a6966ce22670a69528c60b1d35c193d1fd8c8e9142ce5

Download Submit
C:\Windows\system\ISBjiDf.exe

Filesize
1.8MB

MD5
c63681266c47e91148a2eee1aade311d

SHA1
e48af13911d0b3889d47486e9fca36654ae8bd57

SHA256
3a4768f446469628082a627fd90b50a3d452587e0d9fa5ca71871d40a5c01f44

SHA512
ad4465c3679e0a3c30df1d8a411baff27eddb4cc1068048908ee7729ecdeb8b075b74092d80b95735f4f88b38a72fd12e07cf802a7d9c2977ab0811b52ac2452

Download Submit
C:\Windows\system\NHlQotD.exe

Filesize
1.8MB

MD5
4b7025ec524711691a31785a25a4225e

SHA1
fe603e096564090c69d04eda34a224101835d29c

SHA256
6913db1e337215b451cf21e46175632649f181a083b3ad1f07f75d8795b6dc46

SHA512
346669e2c5bede546325433ba8f2006bbefc3a1b8077929172cac1ad0f7da8f62d7bb0a7f9f1ea14360e9a95c9ec8909602b731edfb07f4b68f5e22e3efcbb4a

Download Submit
C:\Windows\system\SYRPfDd.exe

Filesize
1.8MB

MD5
0d06dd623c25670b859d2f6a381cdaf1

SHA1
1ea63173842dfb3aac1e6ad63a353d83eeb9e502

SHA256
4b543f2aa9f731b9f7c384e3cbeef308eb440eb3ddb0070faf0a4142ec46e30a

SHA512
5a56a8cf9c4889d0cb75483948d83d583b426928cdf461bdd58cc7d875d5a9682b1fbff2406422032c142fe0bbf330b1f9782973db6ea6c9b574703fbdc841c6

Download Submit
C:\Windows\system\ShLzMsM.exe

Filesize
1.8MB

MD5
e80a70b3f9531f505f6a81cead9a42f3

SHA1
19443015e8ce9063c72a25c591b51f21a35864c1

SHA256
3ce4b9ee6eb29a36ab532939b1bc1af1afbeb10e9310ab723bbac35e30bc96f4

SHA512
4713ee68a461d2f7a5e5febd560c8df348b7c210c770ad95bdd794170e708c0773666228b52d6f25eaae4fdc1feeefd7e5867d4385bcb12da3b261408bb5b3dc

Download Submit
C:\Windows\system\XDYONWn.exe

Filesize
1.8MB

MD5
881e4b2b25e092548d922d366d6496d1

SHA1
6b8676d31a8560414435b0cc8fb2a7163b067801

SHA256
ba43c9c14793a03b02da9929937871716888f02c8013d9f1b12a3eceab909ee3

SHA512
2323045b32046cd2d49bacb131a9a62b3f4232246a6c5408d6777b083045c01cd67798d5f490d84c02a2cf9a68305f922b9c466de7d2b7775352bdc29af24370

Download Submit
C:\Windows\system\YFffToW.exe

Filesize
1.8MB

MD5
cda604b065629ad57aefd6b46b16b7d7

SHA1
2200bd08e4438dbb950b9d8972bcea78a6b05ffc

SHA256
2b84e050ab4651f1fa69ab45dfcbdcd20b13efb6657dac3f18fe03f6c75b19ce

SHA512
4da6c5daa24ecd32ddb98d49a6d773f09f82c2ad9b402fc7a12add367f5a5ed28cf5691b026bb45ef28b3cc5eac57594a40f7fd93c7781884b6f62eb2e39e1e3

Download Submit
C:\Windows\system\bNXKFzj.exe

Filesize
1.8MB

MD5
a080fca6397200f50aa005dc04f78ebe

SHA1
b916f8d925a98963b8339ccec96e1bdefb16295c

SHA256
f30837c2c6b9c67fbb441893784b484e026b8c6eb17ffcecbb7a6841fc6d416a

SHA512
9bd4daaddb4b21ebb1dcd845c5899fd12189fa3c3c7b20a262fb2de78621f39e299b1af52167ae3387af13f7afa1467d02c5abcbab6e224036cc7684d222408c

Download Submit
C:\Windows\system\cPQRVSY.exe

Filesize
1.8MB

MD5
9b5098bf4ed916c2f7fc1390c13ccb26

SHA1
701b8d40f198116fbc77fd02767de93f06fdb020

SHA256
643f3db37dbbddd95868a35c255270a8cc6996dc5906ba28072db2e05daa9b1f

SHA512
7b8c7903392109069a5e75cba93f39084c230d8cbbd079f69b1888edf941fb4c46cf0b26437820058a1709dcfcc858a1d91370b9bfd35d0f62724f6de2e4512b

Download Submit
C:\Windows\system\dbGWJaY.exe

Filesize
1.8MB

MD5
ba16a13d0afdf0bb886da07ad478f796

SHA1
b1a1bf23cc66a13fe150398aa3147a711584c8b9

SHA256
ede9ec29496e378a7d90fa4618fd03de7ceecfa6bf4b6a08381e07f16c172564

SHA512
aa0f018151ec713da5b61299e56d4c9d9a259078c504c2bb7d73114c26db2e778594cda6717b75154d02f592f6e3301db29aaffa660666536d3d1c8475ced140

Download Submit
C:\Windows\system\hIJHuOv.exe

Filesize
1.8MB

MD5
ab87d0a026c2430c6e7be21dc22422f7

SHA1
0be7b747e6c26d0b8d08fe1f73cc2936e63e5003

SHA256
55c4aed688a47bbfa84d1b46863a3ceffa1634321a5d6b8e2c0b6be328bcdda9

SHA512
3e31163e45bd8937ad501d1f03d79c322964e2e75221c69a3285fbb556a009eccd5bc780b927aded71839c565722735b558830aee6d6080964ae1d2e47d79701

Download Submit
C:\Windows\system\krSGaCw.exe

Filesize
1.8MB

MD5
14b68781d39279a2c3d43c1b056e16b1

SHA1
06356102600ab865c2c104dc40586372bf4da86a

SHA256
b946fef9da54e32f143262070e93185496ef0e5895f0a869c787b75537f32cb1

SHA512
c91957c0865b77ba7aa6ad766633853560ed8b87498d12270e32a85dac18955697c655b634f702a23129b40091c18fea43dd17453f2f88cccba20a1cd1918a1c

Download Submit
C:\Windows\system\nRukMKY.exe

Filesize
1.8MB

MD5
4d99a72034695e0f59dff8235dfe43ec

SHA1
ec068fb013112b459af67c85e48a958812eb2e41

SHA256
e591d5a9b46dd8ebc1e9b553559663985609b36b4e078d1cdcff8118ed7b9cbe

SHA512
5cc598238777a36ccfaee809df990e2b27532a50b2851a3f8df342a2d0915e4aa0ef57e0a606b9eec01d85db740c13a842f2acfb4e0005047c76d9603dbd6a9f

Download Submit
C:\Windows\system\vJkKClA.exe

Filesize
1.8MB

MD5
6d71f3b55240f4cb183b1af5abe981bf

SHA1
1845cb70d83f7a8f65f44b30d3c9fa35b533b178

SHA256
a375c671b8ff069c1b43a52dd99179aafa212866405da22a9ee28739a5e0deea

SHA512
fa053438b2c90df91421d3bd223be137ef4a708f88117538e1b2d8b3d285055b0126196573745c831d1af69f6f4127dfa892441b07b8d35088c3e23d22e42a2d

Download Submit
C:\Windows\system\wKffTAp.exe

Filesize
1.8MB

MD5
f7d4ed09b7cab138e0ef4d05850d4e39

SHA1
6f19ebb3e11a716df78e313481fb1cfc330f8239

SHA256
a5d474d97a08ff588f5d4573c197576e65d276eb85b72c67566544e42ecaebd1

SHA512
d821c8a4e6c8cc2c95e5a2185026f5850f30d398234d72a9012b1a3b91ccbaed28584aa8f1c1d131e1629798f32a03c93e8d494f645afa112200d574f59d1c5e

Download Submit
C:\Windows\system\yrtapxS.exe

Filesize
1.8MB

MD5
4899d49572d1b18235e8a142935046b6

SHA1
1186a40d698d7fbac1d55ffc11a38d8ba943b73c

SHA256
b1c238bc0a72acfeb17ce6f52ca4f733528f806268708e9fe9bfb03dd98c4927

SHA512
a991ce543bbaf76ebfbd39e7c9893705326cc54af55b49621223aa87916878c9f52a4971a588bf5b8f4da9c3560fd51d0ff4fcd96bb2f55c121a00ac0173db2a

Download Submit
C:\Windows\system\zdUhKBa.exe

Filesize
1.8MB

MD5
990e83142feb02e55815efb597552b66

SHA1
70cfe5a669e714350c65923f1087075ba37475e8

SHA256
e41dd8de1f4c7b273d8991bc507a1073b45497c6ce2a4c1a620076b48bbd1e37

SHA512
8047ea017051a8b8cfc40f86fbda95fe96f0dda9f64d9d0ee223aa9b3db937c371bd73d85b1e3aadbab436030185d4309a621779cddd9aa2c0be92858bb22d90

Download Submit
C:\Windows\system\zkzvhAj.exe

Filesize
1.8MB

MD5
c402bd15a7e123d33cd4b6780153e80c

SHA1
40faac1bd7483583abfe22784d74e25d09f22ae8

SHA256
31de549ee31656688c2726d9d06614d054ca288098d9658d58cb04e2e24684c0

SHA512
b728cb23164ab8221aa76764c9f2ed6f9bd096382938cb441fa6d886551fb9bfca5ca877d73775eb210881266a1dcf614784aedefe669b1e431a2ccdf279d4d3

Download Submit
\Windows\system\ZMBEXzX.exe

Filesize
1.8MB

MD5
be316ca97946a881ab9c3648affbdbae

SHA1
b0b44343148c564b485e7d17121b7a7f6eba8eba

SHA256
a147f5465f26d9bbac4d7427c963ba1e54018e36e5155a2e584f5bb81c6b9a8c

SHA512
ac8f6c7bfb7e4871297ef6822d14c2d181b159b45aae5add5c39faabaf360892ff3b15c782e8f72d1aaf98bccdc0d95850577025b638ecbd7882b9991195372b

Download Submit
\Windows\system\esLfefc.exe

Filesize
1.8MB

MD5
e10b4743569716d3950f22cb58eb37ca

SHA1
dfb753ef1af58f77ebe5f4b47e0efa189c5d3b47

SHA256
f8e42e3fa95e4db826710da00381c533eb90a9c9b5d1345a3baf1669b3b1f9eb

SHA512
4c51be4ad465281d426bc865b62a2e8af5bb9fd26b4f32fb78300c2f45ede9b3cf29e146f0ae0755cf37b3666bde719f654597251f4d452fdf2a423f2fefdfc5

Download Submit
\Windows\system\fxpTEHV.exe

Filesize
1.8MB

MD5
b8e2f320f795286aeb0da95b024cb4ce

SHA1
48a69f2e8fd0fae4c364a128eb82fc6dd2bdfb53

SHA256
994d73d68b104563de4beb2425b4a5312cf634d4edfd99e1e062577449a50129

SHA512
50fa28bf85e31001c7732971ef3679193c671811c7b7926c712525de223745517b4b7b426abd2212e77efb2da5088dc3041540460794992d9975418accf60fd3

Download Submit
\Windows\system\kmJDIoz.exe

Filesize
1.8MB

MD5
f65c99831b9c58f7decde0699e828b57

SHA1
b405685266fb2d0cd161739e3b5d5ab0761eec69

SHA256
4adee49ef6b90b1adc935aeca9bf175f61ddeaab4cf7de61e412f6819c816aac

SHA512
cc8d067e611b62ace71fdffcfb55f6bd585afba57edd9911d9e2ff71f63f22720374d55625fc1641d1d9527ec6736607ec524b9ecbb45e5eea6c7c7acb51c861

Download Submit
\Windows\system\qTttuYd.exe

Filesize
1.8MB

MD5
560adb7e1d989590771478086a1b9839

SHA1
999f31251c8ae2839127707a00177d60d1bd88bd

SHA256
fdfc1535e78551df4d24795c194e11141631ba44a19741b51d5c02312351f678

SHA512
b1b4fb1462aff933537c245f8e05478c0a2aea15510df8d9ebd1b817c0037e786f76c8de0f4ea5d84ee346ec201259e90ddbc2eb18fd0e6cff6cf339392b909a

Download Submit
\Windows\system\uBYuveM.exe

Filesize
1.8MB

MD5
ea20f30359c5fe9edbad17442271d812

SHA1
afa40a7ab9791409de9ce8a4161171239c1bf5d5

SHA256
000eef49d2da7fda433c2f61b82d21f9ea24e5b808f8fe81bf9a63c4417de7d6

SHA512
f93272b31021fb56edbd0ba5e6fdf3018d043951596a3ae422b54bc5fe2db2ed3abf4dd9a45fec155da0d80a4c3a16b56c1fb7a602eb84b29951511ddb74c9a4

Download Submit
\Windows\system\xVJXgFc.exe

Filesize
1.8MB

MD5
1f19d13a9954a035339959ab62e018f8

SHA1
9d18cae1eb52e23e5f824b810c9dd697c46f3224

SHA256
15bfd30ac55cc1f31b3ed74029360591e58e9490dbcb8d60ff4823ce45cc54ac

SHA512
4cbcd8f17a657e24de34b15a0bb5c852bfe832052c726efde2b41256e08a93745d175a5cd0001431ec64f3a0d00886f093102dc82fd70d6fd4e33c1efec64ae4

Download Submit
\Windows\system\yVvgOhL.exe

Filesize
1.8MB

MD5
4ba8736b855454e4597f434b5465b05b

SHA1
799bccb95d7f7a64890d9cfa6365fc9bff846d8a

SHA256
a2ca2959992cb584ad040b461690e204d921b1ccb25ab6b97cf67689ab511443

SHA512
34402c66025239619019c53a11d09c24f7e7634c2ef44e35812f386ac4c682e041d49063a6cbfcb6e6bb52c9a9e9a4f1e29d24fefad4bb83425e1f5b7cfd8e02

Download Submit
memory/584-3905-0x000000013FAA0000-0x000000013FE92000-memory.dmp

Filesize
3.9MB

Download
memory/584-67-0x000000013FAA0000-0x000000013FE92000-memory.dmp

Filesize
3.9MB

Download
memory/584-581-0x000000013FAA0000-0x000000013FE92000-memory.dmp

Filesize
3.9MB

Download
memory/1512-3901-0x000000013FF80000-0x0000000140372000-memory.dmp

Filesize
3.9MB

Download
memory/1512-90-0x000000013FF80000-0x0000000140372000-memory.dmp

Filesize
3.9MB

Download
memory/2056-582-0x00000000033D0000-0x00000000037C2000-memory.dmp

Filesize
3.9MB

Download
memory/2056-69-0x000000013F3E0000-0x000000013F7D2000-memory.dmp

Filesize
3.9MB

Download
memory/2056-561-0x00000000033D0000-0x00000000037C2000-memory.dmp

Filesize
3.9MB

Download
memory/2056-70-0x000000013F340000-0x000000013F732000-memory.dmp

Filesize
3.9MB

Download
memory/2056-23-0x000000013F760000-0x000000013FB52000-memory.dmp

Filesize
3.9MB

Download
memory/2056-78-0x000000013F670000-0x000000013FA62000-memory.dmp

Filesize
3.9MB

Download
memory/2056-25-0x000000013F860000-0x000000013FC52000-memory.dmp

Filesize
3.9MB

Download
memory/2056-7-0x000000013F8C0000-0x000000013FCB2000-memory.dmp

Filesize
3.9MB

Download
memory/2056-72-0x00000000033D0000-0x00000000037C2000-memory.dmp

Filesize
3.9MB

Download
memory/2056-65-0x00000000033D0000-0x00000000037C2000-memory.dmp

Filesize
3.9MB

Download
memory/2056-58-0x000000013F390000-0x000000013F782000-memory.dmp

Filesize
3.9MB

Download
memory/2056-1-0x000000013FE50000-0x0000000140242000-memory.dmp

Filesize
3.9MB

Download
memory/2056-41-0x00000000033D0000-0x00000000037C2000-memory.dmp

Filesize
3.9MB

Download
memory/2056-89-0x000000013F7F0000-0x000000013FBE2000-memory.dmp

Filesize
3.9MB

Download
memory/2056-4270-0x00000000033D0000-0x00000000037C2000-memory.dmp

Filesize
3.9MB

Download
memory/2056-0-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2056-88-0x00000000033D0000-0x00000000037C2000-memory.dmp

Filesize
3.9MB

Download
memory/2056-86-0x000000013FE50000-0x0000000140242000-memory.dmp

Filesize
3.9MB

Download
memory/2272-32-0x000000013F860000-0x000000013FC52000-memory.dmp

Filesize
3.9MB

Download
memory/2272-3951-0x000000013F860000-0x000000013FC52000-memory.dmp

Filesize
3.9MB

Download
memory/2272-560-0x000000013F860000-0x000000013FC52000-memory.dmp

Filesize
3.9MB

Download
memory/2508-580-0x000000013F3E0000-0x000000013F7D2000-memory.dmp

Filesize
3.9MB

Download
memory/2508-60-0x000000013F3E0000-0x000000013F7D2000-memory.dmp

Filesize
3.9MB

Download
memory/2508-3872-0x000000013F3E0000-0x000000013F7D2000-memory.dmp

Filesize
3.9MB

Download
memory/2556-301-0x000000001B260000-0x000000001B542000-memory.dmp

Filesize
2.9MB

Download
memory/2556-305-0x0000000002570000-0x0000000002578000-memory.dmp

Filesize
32KB

Download
memory/2644-3903-0x000000013FD50000-0x0000000140142000-memory.dmp

Filesize
3.9MB

Download
memory/2644-49-0x000000013FD50000-0x0000000140142000-memory.dmp

Filesize
3.9MB

Download
memory/2644-562-0x000000013FD50000-0x0000000140142000-memory.dmp

Filesize
3.9MB

Download
memory/2672-3898-0x000000013F8C0000-0x000000013FCB2000-memory.dmp

Filesize
3.9MB

Download
memory/2672-8-0x000000013F8C0000-0x000000013FCB2000-memory.dmp

Filesize
3.9MB

Download
memory/2672-91-0x000000013F8C0000-0x000000013FCB2000-memory.dmp

Filesize
3.9MB

Download
memory/2712-312-0x000000013F6B0000-0x000000013FAA2000-memory.dmp

Filesize
3.9MB

Download
memory/2712-14-0x000000013F6B0000-0x000000013FAA2000-memory.dmp

Filesize
3.9MB

Download
memory/2712-3952-0x000000013F6B0000-0x000000013FAA2000-memory.dmp

Filesize
3.9MB

Download
memory/2716-3880-0x000000013F760000-0x000000013FB52000-memory.dmp

Filesize
3.9MB

Download
memory/2716-426-0x000000013F760000-0x000000013FB52000-memory.dmp

Filesize
3.9MB

Download
memory/2716-24-0x000000013F760000-0x000000013FB52000-memory.dmp

Filesize
3.9MB

Download
memory/2968-66-0x000000013FD10000-0x0000000140102000-memory.dmp

Filesize
3.9MB

Download
memory/2968-563-0x000000013FD10000-0x0000000140102000-memory.dmp

Filesize
3.9MB

Download
memory/2968-3902-0x000000013FD10000-0x0000000140102000-memory.dmp

Filesize
3.9MB

Download