xmrig | a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
15/06/2024, 00:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
Size

1.7MB
MD5

eea44ca42b0f600df8b9d2a15e58c897
SHA1

673efbf190676cc4a8ebbfda38c5b6e55e91696b
SHA256

a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4
SHA512

5958d7235a4462976844da8c0a7be4149ce3762d2b8267727dac399811c4ae560525cc60f45770aab83b6c23c94bb2d5d361d2a19760ccef79e3d2d12524ace0
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjuJoz5XdUK6S1uBkr5GqlfiQzf0Y098dK:Lz071uv4BPMkHC0I6Gz3N1pHVfyH15

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 22 IoCs

resource	yara_rule
behavioral1/memory/2692-22-0x000000013FB70000-0x000000013FF62000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2764-74-0x000000013F580000-0x000000013F972000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2800-38-0x000000013F9C0000-0x000000013FDB2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2344-29-0x000000013FDD0000-0x00000001401C2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2748-25-0x000000013F930000-0x000000013FD22000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2700-1222-0x000000013FAE0000-0x000000013FED2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2544-1445-0x000000013F260000-0x000000013F652000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/3024-2142-0x000000013F830000-0x000000013FC22000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1016-4140-0x000000013FCD0000-0x00000001400C2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2692-4167-0x000000013FB70000-0x000000013FF62000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2344-4166-0x000000013FDD0000-0x00000001401C2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2800-4175-0x000000013F9C0000-0x000000013FDB2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2724-4658-0x000000013FB00000-0x000000013FEF2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2796-4674-0x000000013F0C0000-0x000000013F4B2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2700-4677-0x000000013FAE0000-0x000000013FED2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1016-4682-0x000000013FCD0000-0x00000001400C2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/3024-4680-0x000000013F830000-0x000000013FC22000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2724-4687-0x000000013FB00000-0x000000013FEF2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2544-4686-0x000000013F260000-0x000000013F652000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2924-4684-0x000000013FF20000-0x0000000140312000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2796-4700-0x000000013F0C0000-0x000000013F4B2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1116-4710-0x000000013F6E0000-0x000000013FAD2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 63 IoCs

resource	yara_rule
behavioral1/memory/2764-1-0x000000013F580000-0x000000013F972000-memory.dmp	UPX
behavioral1/files/0x000c00000001224e-3.dat	UPX
behavioral1/files/0x0036000000015ac4-11.dat	UPX
behavioral1/files/0x0008000000015c71-15.dat	UPX
behavioral1/memory/2692-22-0x000000013FB70000-0x000000013FF62000-memory.dmp	UPX
behavioral1/memory/2700-40-0x000000013FAE0000-0x000000013FED2000-memory.dmp	UPX
behavioral1/files/0x00130000000054a8-50.dat	UPX
behavioral1/memory/3024-52-0x000000013F830000-0x000000013FC22000-memory.dmp	UPX
behavioral1/files/0x0006000000016c27-60.dat	UPX
behavioral1/memory/2724-63-0x000000013FB00000-0x000000013FEF2000-memory.dmp	UPX
behavioral1/memory/2796-69-0x000000013F0C0000-0x000000013F4B2000-memory.dmp	UPX
behavioral1/memory/2924-76-0x000000013FF20000-0x0000000140312000-memory.dmp	UPX
behavioral1/files/0x0006000000016cd1-88.dat	UPX
behavioral1/files/0x0006000000016d0e-112.dat	UPX
behavioral1/files/0x0006000000016d4a-136.dat	UPX
behavioral1/files/0x000600000001705e-148.dat	UPX
behavioral1/files/0x0006000000017362-160.dat	UPX
behavioral1/files/0x00060000000171b9-156.dat	UPX
behavioral1/files/0x000600000001708b-152.dat	UPX
behavioral1/files/0x0006000000016d52-144.dat	UPX
behavioral1/files/0x0006000000016d4e-140.dat	UPX
behavioral1/files/0x0006000000016d43-132.dat	UPX
behavioral1/files/0x0006000000016d2f-128.dat	UPX
behavioral1/files/0x0006000000016d27-124.dat	UPX
behavioral1/files/0x0006000000016d1f-120.dat	UPX
behavioral1/files/0x0006000000016d16-116.dat	UPX
behavioral1/files/0x0006000000016d05-108.dat	UPX
behavioral1/files/0x0006000000016cfd-104.dat	UPX
behavioral1/files/0x0006000000016cf1-100.dat	UPX
behavioral1/files/0x0006000000016ce9-97.dat	UPX
behavioral1/files/0x0006000000016cda-92.dat	UPX
behavioral1/files/0x0006000000016cbb-84.dat	UPX
behavioral1/memory/1116-81-0x000000013F6E0000-0x000000013FAD2000-memory.dmp	UPX
behavioral1/files/0x0006000000016c9c-79.dat	UPX
behavioral1/memory/2764-74-0x000000013F580000-0x000000013F972000-memory.dmp	UPX
behavioral1/files/0x0006000000016c30-72.dat	UPX
behavioral1/files/0x0006000000016c2c-66.dat	UPX
behavioral1/memory/1016-57-0x000000013FCD0000-0x00000001400C2000-memory.dmp	UPX
behavioral1/files/0x0007000000016a58-55.dat	UPX
behavioral1/memory/2544-46-0x000000013F260000-0x000000013F652000-memory.dmp	UPX
behavioral1/files/0x0007000000015caf-43.dat	UPX
behavioral1/files/0x0007000000015c98-19.dat	UPX
behavioral1/memory/2800-38-0x000000013F9C0000-0x000000013FDB2000-memory.dmp	UPX
behavioral1/files/0x0007000000015ca0-30.dat	UPX
behavioral1/memory/2344-29-0x000000013FDD0000-0x00000001401C2000-memory.dmp	UPX
behavioral1/memory/2748-25-0x000000013F930000-0x000000013FD22000-memory.dmp	UPX
behavioral1/memory/2700-1222-0x000000013FAE0000-0x000000013FED2000-memory.dmp	UPX
behavioral1/memory/2544-1445-0x000000013F260000-0x000000013F652000-memory.dmp	UPX
behavioral1/memory/3024-2142-0x000000013F830000-0x000000013FC22000-memory.dmp	UPX
behavioral1/memory/1016-4140-0x000000013FCD0000-0x00000001400C2000-memory.dmp	UPX
behavioral1/memory/2692-4167-0x000000013FB70000-0x000000013FF62000-memory.dmp	UPX
behavioral1/memory/2344-4166-0x000000013FDD0000-0x00000001401C2000-memory.dmp	UPX
behavioral1/memory/2800-4175-0x000000013F9C0000-0x000000013FDB2000-memory.dmp	UPX
behavioral1/memory/2724-4658-0x000000013FB00000-0x000000013FEF2000-memory.dmp	UPX
behavioral1/memory/2796-4674-0x000000013F0C0000-0x000000013F4B2000-memory.dmp	UPX
behavioral1/memory/2700-4677-0x000000013FAE0000-0x000000013FED2000-memory.dmp	UPX
behavioral1/memory/1016-4682-0x000000013FCD0000-0x00000001400C2000-memory.dmp	UPX
behavioral1/memory/3024-4680-0x000000013F830000-0x000000013FC22000-memory.dmp	UPX
behavioral1/memory/2724-4687-0x000000013FB00000-0x000000013FEF2000-memory.dmp	UPX
behavioral1/memory/2544-4686-0x000000013F260000-0x000000013F652000-memory.dmp	UPX
behavioral1/memory/2924-4684-0x000000013FF20000-0x0000000140312000-memory.dmp	UPX
behavioral1/memory/2796-4700-0x000000013F0C0000-0x000000013F4B2000-memory.dmp	UPX
behavioral1/memory/1116-4710-0x000000013F6E0000-0x000000013FAD2000-memory.dmp	UPX

XMRig Miner payload 23 IoCs

miner

resource	yara_rule
behavioral1/memory/2692-22-0x000000013FB70000-0x000000013FF62000-memory.dmp	xmrig
behavioral1/memory/2764-75-0x000000013FF20000-0x0000000140312000-memory.dmp	xmrig
behavioral1/memory/2764-74-0x000000013F580000-0x000000013F972000-memory.dmp	xmrig
behavioral1/memory/2800-38-0x000000013F9C0000-0x000000013FDB2000-memory.dmp	xmrig
behavioral1/memory/2344-29-0x000000013FDD0000-0x00000001401C2000-memory.dmp	xmrig
behavioral1/memory/2748-25-0x000000013F930000-0x000000013FD22000-memory.dmp	xmrig
behavioral1/memory/2700-1222-0x000000013FAE0000-0x000000013FED2000-memory.dmp	xmrig
behavioral1/memory/2544-1445-0x000000013F260000-0x000000013F652000-memory.dmp	xmrig
behavioral1/memory/3024-2142-0x000000013F830000-0x000000013FC22000-memory.dmp	xmrig
behavioral1/memory/1016-4140-0x000000013FCD0000-0x00000001400C2000-memory.dmp	xmrig
behavioral1/memory/2692-4167-0x000000013FB70000-0x000000013FF62000-memory.dmp	xmrig
behavioral1/memory/2344-4166-0x000000013FDD0000-0x00000001401C2000-memory.dmp	xmrig
behavioral1/memory/2800-4175-0x000000013F9C0000-0x000000013FDB2000-memory.dmp	xmrig
behavioral1/memory/2724-4658-0x000000013FB00000-0x000000013FEF2000-memory.dmp	xmrig
behavioral1/memory/2796-4674-0x000000013F0C0000-0x000000013F4B2000-memory.dmp	xmrig
behavioral1/memory/2700-4677-0x000000013FAE0000-0x000000013FED2000-memory.dmp	xmrig
behavioral1/memory/1016-4682-0x000000013FCD0000-0x00000001400C2000-memory.dmp	xmrig
behavioral1/memory/3024-4680-0x000000013F830000-0x000000013FC22000-memory.dmp	xmrig
behavioral1/memory/2724-4687-0x000000013FB00000-0x000000013FEF2000-memory.dmp	xmrig
behavioral1/memory/2544-4686-0x000000013F260000-0x000000013F652000-memory.dmp	xmrig
behavioral1/memory/2924-4684-0x000000013FF20000-0x0000000140312000-memory.dmp	xmrig
behavioral1/memory/2796-4700-0x000000013F0C0000-0x000000013F4B2000-memory.dmp	xmrig
behavioral1/memory/1116-4710-0x000000013F6E0000-0x000000013FAD2000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
2608	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2692	fLajzhE.exe
2748	GeoaHks.exe
2344	QYTyfIN.exe
2800	NYIemsW.exe
2700	RpIdNxA.exe
2544	RZsWUwJ.exe
3024	hCABZgm.exe
1016	XGMDHoR.exe
2724	rUWjexb.exe
2796	XkXgLrX.exe
2924	LDAuJUg.exe
1116	vurjyrs.exe
2972	BuOiyUK.exe
896	ppMPRtt.exe
1844	WhnSfZq.exe
1592	uihivLA.exe
892	aAtRwOb.exe
2536	hfusGon.exe
536	JgObmGM.exe
788	UJYPzFK.exe
796	oWdPCps.exe
660	lirKQfm.exe
1452	bUGKccE.exe
1112	ArPGFDJ.exe
2024	IRjaGgQ.exe
1644	SGjJFiZ.exe
2104	MQeGFXB.exe
1972	PWEiJgZ.exe
2056	hTrYDOT.exe
2656	BmAdWbf.exe
1988	WEazyEp.exe
1412	XfXBqUG.exe
2240	JyFWHxJ.exe
1780	tighTpe.exe
1140	yCwCHWC.exe
1588	XgoCTby.exe
2340	VOFuMdh.exe
2272	xBunlJt.exe
836	hXUwGXD.exe
784	ELOkyqT.exe
2312	vAgLXgp.exe
2260	lKTunLQ.exe
1948	IuICJEq.exe
1308	MtZIjyh.exe
1608	LEIFrRk.exe
544	UseeMGR.exe
1324	KupEfgy.exe
1584	jQvrExw.exe
2316	QphzQqI.exe
340	UrAqOpC.exe
1676	cwzoXOG.exe
2304	cQGbCJs.exe
2092	Ueobzbu.exe
2184	LQQymZF.exe
840	FaRvmBR.exe
1668	ZBLzAzH.exe
2880	OPhpyzY.exe
2368	ROMDKZt.exe
952	TYIZrKe.exe
2064	HoqiITI.exe
1684	GiwNHGV.exe
276	FSEmWjv.exe
1000	TnCEbXH.exe
2188	bUDCaau.exe

Loads dropped DLL 64 IoCs

pid	Process
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2764-1-0x000000013F580000-0x000000013F972000-memory.dmp	upx
behavioral1/files/0x000c00000001224e-3.dat	upx
behavioral1/files/0x0036000000015ac4-11.dat	upx
behavioral1/files/0x0008000000015c71-15.dat	upx
behavioral1/memory/2692-22-0x000000013FB70000-0x000000013FF62000-memory.dmp	upx
behavioral1/memory/2700-40-0x000000013FAE0000-0x000000013FED2000-memory.dmp	upx
behavioral1/files/0x00130000000054a8-50.dat	upx
behavioral1/memory/3024-52-0x000000013F830000-0x000000013FC22000-memory.dmp	upx
behavioral1/files/0x0006000000016c27-60.dat	upx
behavioral1/memory/2724-63-0x000000013FB00000-0x000000013FEF2000-memory.dmp	upx
behavioral1/memory/2796-69-0x000000013F0C0000-0x000000013F4B2000-memory.dmp	upx
behavioral1/memory/2924-76-0x000000013FF20000-0x0000000140312000-memory.dmp	upx
behavioral1/files/0x0006000000016cd1-88.dat	upx
behavioral1/files/0x0006000000016d0e-112.dat	upx
behavioral1/files/0x0006000000016d4a-136.dat	upx
behavioral1/files/0x000600000001705e-148.dat	upx
behavioral1/files/0x0006000000017362-160.dat	upx
behavioral1/files/0x00060000000171b9-156.dat	upx
behavioral1/files/0x000600000001708b-152.dat	upx
behavioral1/files/0x0006000000016d52-144.dat	upx
behavioral1/files/0x0006000000016d4e-140.dat	upx
behavioral1/files/0x0006000000016d43-132.dat	upx
behavioral1/files/0x0006000000016d2f-128.dat	upx
behavioral1/files/0x0006000000016d27-124.dat	upx
behavioral1/files/0x0006000000016d1f-120.dat	upx
behavioral1/files/0x0006000000016d16-116.dat	upx
behavioral1/files/0x0006000000016d05-108.dat	upx
behavioral1/files/0x0006000000016cfd-104.dat	upx
behavioral1/files/0x0006000000016cf1-100.dat	upx
behavioral1/files/0x0006000000016ce9-97.dat	upx
behavioral1/files/0x0006000000016cda-92.dat	upx
behavioral1/files/0x0006000000016cbb-84.dat	upx
behavioral1/memory/1116-81-0x000000013F6E0000-0x000000013FAD2000-memory.dmp	upx
behavioral1/files/0x0006000000016c9c-79.dat	upx
behavioral1/memory/2764-74-0x000000013F580000-0x000000013F972000-memory.dmp	upx
behavioral1/files/0x0006000000016c30-72.dat	upx
behavioral1/files/0x0006000000016c2c-66.dat	upx
behavioral1/memory/1016-57-0x000000013FCD0000-0x00000001400C2000-memory.dmp	upx
behavioral1/files/0x0007000000016a58-55.dat	upx
behavioral1/memory/2544-46-0x000000013F260000-0x000000013F652000-memory.dmp	upx
behavioral1/files/0x0007000000015caf-43.dat	upx
behavioral1/files/0x0007000000015c98-19.dat	upx
behavioral1/memory/2800-38-0x000000013F9C0000-0x000000013FDB2000-memory.dmp	upx
behavioral1/files/0x0007000000015ca0-30.dat	upx
behavioral1/memory/2344-29-0x000000013FDD0000-0x00000001401C2000-memory.dmp	upx
behavioral1/memory/2748-25-0x000000013F930000-0x000000013FD22000-memory.dmp	upx
behavioral1/memory/2700-1222-0x000000013FAE0000-0x000000013FED2000-memory.dmp	upx
behavioral1/memory/2544-1445-0x000000013F260000-0x000000013F652000-memory.dmp	upx
behavioral1/memory/3024-2142-0x000000013F830000-0x000000013FC22000-memory.dmp	upx
behavioral1/memory/1016-4140-0x000000013FCD0000-0x00000001400C2000-memory.dmp	upx
behavioral1/memory/2692-4167-0x000000013FB70000-0x000000013FF62000-memory.dmp	upx
behavioral1/memory/2344-4166-0x000000013FDD0000-0x00000001401C2000-memory.dmp	upx
behavioral1/memory/2800-4175-0x000000013F9C0000-0x000000013FDB2000-memory.dmp	upx
behavioral1/memory/2724-4658-0x000000013FB00000-0x000000013FEF2000-memory.dmp	upx
behavioral1/memory/2796-4674-0x000000013F0C0000-0x000000013F4B2000-memory.dmp	upx
behavioral1/memory/2700-4677-0x000000013FAE0000-0x000000013FED2000-memory.dmp	upx
behavioral1/memory/1016-4682-0x000000013FCD0000-0x00000001400C2000-memory.dmp	upx
behavioral1/memory/3024-4680-0x000000013F830000-0x000000013FC22000-memory.dmp	upx
behavioral1/memory/2724-4687-0x000000013FB00000-0x000000013FEF2000-memory.dmp	upx
behavioral1/memory/2544-4686-0x000000013F260000-0x000000013F652000-memory.dmp	upx
behavioral1/memory/2924-4684-0x000000013FF20000-0x0000000140312000-memory.dmp	upx
behavioral1/memory/2796-4700-0x000000013F0C0000-0x000000013F4B2000-memory.dmp	upx
behavioral1/memory/1116-4710-0x000000013F6E0000-0x000000013FAD2000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\EXusDGP.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\pRVuENv.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\PQVpUMx.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\AnpUoRv.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\vkFTWIn.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\vZjbbyC.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\TkDsiVA.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\oqBEhoJ.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\VbNchGd.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\YMigTdK.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\KVUKhJD.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\tQOJRNL.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\mvixcKi.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\XCfrSJC.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\fYfiCiW.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\ncaCsqJ.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\ssKOXNX.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\GqobTof.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\YIxtrNU.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\eofyvVr.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\ttMgnWd.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\gkmeLBL.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\DRzkthn.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\lFTplWg.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\RGfJgFD.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\rXrWJTv.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\lsNKYpP.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\MZEWutw.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\GlkICDb.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\aITyVlK.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\oWdPCps.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\ibGvwWz.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\lSoIUBv.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\awCZtOX.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\jdmfqcZ.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\fyRijCR.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\KTeJtgQ.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\xrJThYI.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\RJaHhdQ.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\fTSPuvu.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\vZcZNtg.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\KioQYNO.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\tXDTryL.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\RsGWfoJ.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\UPvOCJU.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\pBJfeLA.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\JkgdgEu.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\VGdKVZq.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\QPOmJSd.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\eOckJkA.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\gJOhUKS.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\YLEFVJc.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\OQTPceU.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\GjRQzxC.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\HMNoDQw.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\XuJhbPW.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\ZNJbcJe.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\TwcjEHb.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\vZtauqI.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\dOWYsRI.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\PVQPkOD.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\LHHpWng.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\CHpdFxW.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
File created	C:\Windows\System\LhBLGyV.exe	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2608	powershell.exe
2608	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
Token: SeLockMemoryPrivilege	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
Token: SeDebugPrivilege	2608	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2764 wrote to memory of 2608	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	29
PID 2764 wrote to memory of 2608	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	29
PID 2764 wrote to memory of 2608	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	29
PID 2764 wrote to memory of 2692	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	30
PID 2764 wrote to memory of 2692	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	30
PID 2764 wrote to memory of 2692	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	30
PID 2764 wrote to memory of 2748	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	31
PID 2764 wrote to memory of 2748	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	31
PID 2764 wrote to memory of 2748	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	31
PID 2764 wrote to memory of 2344	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	32
PID 2764 wrote to memory of 2344	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	32
PID 2764 wrote to memory of 2344	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	32
PID 2764 wrote to memory of 2700	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	33
PID 2764 wrote to memory of 2700	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	33
PID 2764 wrote to memory of 2700	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	33
PID 2764 wrote to memory of 2800	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	34
PID 2764 wrote to memory of 2800	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	34
PID 2764 wrote to memory of 2800	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	34
PID 2764 wrote to memory of 2544	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	35
PID 2764 wrote to memory of 2544	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	35
PID 2764 wrote to memory of 2544	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	35
PID 2764 wrote to memory of 3024	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	36
PID 2764 wrote to memory of 3024	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	36
PID 2764 wrote to memory of 3024	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	36
PID 2764 wrote to memory of 1016	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	37
PID 2764 wrote to memory of 1016	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	37
PID 2764 wrote to memory of 1016	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	37
PID 2764 wrote to memory of 2724	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	38
PID 2764 wrote to memory of 2724	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	38
PID 2764 wrote to memory of 2724	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	38
PID 2764 wrote to memory of 2796	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	39
PID 2764 wrote to memory of 2796	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	39
PID 2764 wrote to memory of 2796	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	39
PID 2764 wrote to memory of 2924	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	40
PID 2764 wrote to memory of 2924	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	40
PID 2764 wrote to memory of 2924	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	40
PID 2764 wrote to memory of 1116	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	41
PID 2764 wrote to memory of 1116	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	41
PID 2764 wrote to memory of 1116	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	41
PID 2764 wrote to memory of 2972	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	42
PID 2764 wrote to memory of 2972	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	42
PID 2764 wrote to memory of 2972	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	42
PID 2764 wrote to memory of 896	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	43
PID 2764 wrote to memory of 896	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	43
PID 2764 wrote to memory of 896	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	43
PID 2764 wrote to memory of 1844	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	44
PID 2764 wrote to memory of 1844	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	44
PID 2764 wrote to memory of 1844	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	44
PID 2764 wrote to memory of 1592	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	45
PID 2764 wrote to memory of 1592	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	45
PID 2764 wrote to memory of 1592	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	45
PID 2764 wrote to memory of 892	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	46
PID 2764 wrote to memory of 892	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	46
PID 2764 wrote to memory of 892	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	46
PID 2764 wrote to memory of 2536	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	47
PID 2764 wrote to memory of 2536	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	47
PID 2764 wrote to memory of 2536	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	47
PID 2764 wrote to memory of 536	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	48
PID 2764 wrote to memory of 536	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	48
PID 2764 wrote to memory of 536	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	48
PID 2764 wrote to memory of 788	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	49
PID 2764 wrote to memory of 788	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	49
PID 2764 wrote to memory of 788	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	49
PID 2764 wrote to memory of 796	2764	a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe	50

C:\Users\Admin\AppData\Local\Temp\a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe
"C:\Users\Admin\AppData\Local\Temp\a9aab81e926ca6922adadc232ff415c791f1f4b03f273446749e7e47db33a8e4.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2764
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2608
- C:\Windows\System\fLajzhE.exe
  C:\Windows\System\fLajzhE.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\GeoaHks.exe
  C:\Windows\System\GeoaHks.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\QYTyfIN.exe
  C:\Windows\System\QYTyfIN.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\RpIdNxA.exe
  C:\Windows\System\RpIdNxA.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\NYIemsW.exe
  C:\Windows\System\NYIemsW.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\RZsWUwJ.exe
  C:\Windows\System\RZsWUwJ.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\hCABZgm.exe
  C:\Windows\System\hCABZgm.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\XGMDHoR.exe
  C:\Windows\System\XGMDHoR.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\rUWjexb.exe
  C:\Windows\System\rUWjexb.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\XkXgLrX.exe
  C:\Windows\System\XkXgLrX.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\LDAuJUg.exe
  C:\Windows\System\LDAuJUg.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\vurjyrs.exe
  C:\Windows\System\vurjyrs.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\BuOiyUK.exe
  C:\Windows\System\BuOiyUK.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\ppMPRtt.exe
  C:\Windows\System\ppMPRtt.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\WhnSfZq.exe
  C:\Windows\System\WhnSfZq.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\uihivLA.exe
  C:\Windows\System\uihivLA.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\aAtRwOb.exe
  C:\Windows\System\aAtRwOb.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\hfusGon.exe
  C:\Windows\System\hfusGon.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\JgObmGM.exe
  C:\Windows\System\JgObmGM.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\UJYPzFK.exe
  C:\Windows\System\UJYPzFK.exe
  2⤵
  - Executes dropped EXE
  PID:788
- C:\Windows\System\oWdPCps.exe
  C:\Windows\System\oWdPCps.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\lirKQfm.exe
  C:\Windows\System\lirKQfm.exe
  2⤵
  - Executes dropped EXE
  PID:660
- C:\Windows\System\bUGKccE.exe
  C:\Windows\System\bUGKccE.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\ArPGFDJ.exe
  C:\Windows\System\ArPGFDJ.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\IRjaGgQ.exe
  C:\Windows\System\IRjaGgQ.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\SGjJFiZ.exe
  C:\Windows\System\SGjJFiZ.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\MQeGFXB.exe
  C:\Windows\System\MQeGFXB.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\PWEiJgZ.exe
  C:\Windows\System\PWEiJgZ.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\hTrYDOT.exe
  C:\Windows\System\hTrYDOT.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\BmAdWbf.exe
  C:\Windows\System\BmAdWbf.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\WEazyEp.exe
  C:\Windows\System\WEazyEp.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\XfXBqUG.exe
  C:\Windows\System\XfXBqUG.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\JyFWHxJ.exe
  C:\Windows\System\JyFWHxJ.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\tighTpe.exe
  C:\Windows\System\tighTpe.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\yCwCHWC.exe
  C:\Windows\System\yCwCHWC.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\XgoCTby.exe
  C:\Windows\System\XgoCTby.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\VOFuMdh.exe
  C:\Windows\System\VOFuMdh.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\xBunlJt.exe
  C:\Windows\System\xBunlJt.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\hXUwGXD.exe
  C:\Windows\System\hXUwGXD.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\ELOkyqT.exe
  C:\Windows\System\ELOkyqT.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\vAgLXgp.exe
  C:\Windows\System\vAgLXgp.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\lKTunLQ.exe
  C:\Windows\System\lKTunLQ.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\IuICJEq.exe
  C:\Windows\System\IuICJEq.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\MtZIjyh.exe
  C:\Windows\System\MtZIjyh.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\LEIFrRk.exe
  C:\Windows\System\LEIFrRk.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\UseeMGR.exe
  C:\Windows\System\UseeMGR.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\KupEfgy.exe
  C:\Windows\System\KupEfgy.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\jQvrExw.exe
  C:\Windows\System\jQvrExw.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\QphzQqI.exe
  C:\Windows\System\QphzQqI.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\UrAqOpC.exe
  C:\Windows\System\UrAqOpC.exe
  2⤵
  - Executes dropped EXE
  PID:340
- C:\Windows\System\cwzoXOG.exe
  C:\Windows\System\cwzoXOG.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\cQGbCJs.exe
  C:\Windows\System\cQGbCJs.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\Ueobzbu.exe
  C:\Windows\System\Ueobzbu.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\LQQymZF.exe
  C:\Windows\System\LQQymZF.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\FaRvmBR.exe
  C:\Windows\System\FaRvmBR.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\ZBLzAzH.exe
  C:\Windows\System\ZBLzAzH.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\OPhpyzY.exe
  C:\Windows\System\OPhpyzY.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\ROMDKZt.exe
  C:\Windows\System\ROMDKZt.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\TYIZrKe.exe
  C:\Windows\System\TYIZrKe.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\HoqiITI.exe
  C:\Windows\System\HoqiITI.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\GiwNHGV.exe
  C:\Windows\System\GiwNHGV.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\FSEmWjv.exe
  C:\Windows\System\FSEmWjv.exe
  2⤵
  - Executes dropped EXE
  PID:276
- C:\Windows\System\TnCEbXH.exe
  C:\Windows\System\TnCEbXH.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\bUDCaau.exe
  C:\Windows\System\bUDCaau.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\MFvfsPe.exe
  C:\Windows\System\MFvfsPe.exe
  2⤵
  PID:1516
- C:\Windows\System\eUGrPZu.exe
  C:\Windows\System\eUGrPZu.exe
  2⤵
  PID:1872
- C:\Windows\System\BjsOWRE.exe
  C:\Windows\System\BjsOWRE.exe
  2⤵
  PID:2560
- C:\Windows\System\jJIxqQn.exe
  C:\Windows\System\jJIxqQn.exe
  2⤵
  PID:1536
- C:\Windows\System\OoTvsnb.exe
  C:\Windows\System\OoTvsnb.exe
  2⤵
  PID:1640
- C:\Windows\System\gzdPwIB.exe
  C:\Windows\System\gzdPwIB.exe
  2⤵
  PID:880
- C:\Windows\System\zNvtKaH.exe
  C:\Windows\System\zNvtKaH.exe
  2⤵
  PID:2696
- C:\Windows\System\oMxqHLw.exe
  C:\Windows\System\oMxqHLw.exe
  2⤵
  PID:2624
- C:\Windows\System\WOEWCZc.exe
  C:\Windows\System\WOEWCZc.exe
  2⤵
  PID:2468
- C:\Windows\System\kEvoLWQ.exe
  C:\Windows\System\kEvoLWQ.exe
  2⤵
  PID:2492
- C:\Windows\System\EWyfPuk.exe
  C:\Windows\System\EWyfPuk.exe
  2⤵
  PID:2956
- C:\Windows\System\uQGqfxw.exe
  C:\Windows\System\uQGqfxw.exe
  2⤵
  PID:2788
- C:\Windows\System\ZZlentA.exe
  C:\Windows\System\ZZlentA.exe
  2⤵
  PID:2920
- C:\Windows\System\SyhZpWl.exe
  C:\Windows\System\SyhZpWl.exe
  2⤵
  PID:1612
- C:\Windows\System\zFVGXOb.exe
  C:\Windows\System\zFVGXOb.exe
  2⤵
  PID:1768
- C:\Windows\System\JtlYpur.exe
  C:\Windows\System\JtlYpur.exe
  2⤵
  PID:860
- C:\Windows\System\epwBiuy.exe
  C:\Windows\System\epwBiuy.exe
  2⤵
  PID:320
- C:\Windows\System\OkYhnpA.exe
  C:\Windows\System\OkYhnpA.exe
  2⤵
  PID:1424
- C:\Windows\System\iMtuEIj.exe
  C:\Windows\System\iMtuEIj.exe
  2⤵
  PID:2044
- C:\Windows\System\URHsMZz.exe
  C:\Windows\System\URHsMZz.exe
  2⤵
  PID:2256
- C:\Windows\System\aYIOUfX.exe
  C:\Windows\System\aYIOUfX.exe
  2⤵
  PID:2268
- C:\Windows\System\xCOPKOa.exe
  C:\Windows\System\xCOPKOa.exe
  2⤵
  PID:2204
- C:\Windows\System\VGdKVZq.exe
  C:\Windows\System\VGdKVZq.exe
  2⤵
  PID:1924
- C:\Windows\System\fYfiCiW.exe
  C:\Windows\System\fYfiCiW.exe
  2⤵
  PID:1820
- C:\Windows\System\bmiJFDp.exe
  C:\Windows\System\bmiJFDp.exe
  2⤵
  PID:1108
- C:\Windows\System\VmjGCsh.exe
  C:\Windows\System\VmjGCsh.exe
  2⤵
  PID:2664
- C:\Windows\System\YOBwVNJ.exe
  C:\Windows\System\YOBwVNJ.exe
  2⤵
  PID:2248
- C:\Windows\System\KXOGdqL.exe
  C:\Windows\System\KXOGdqL.exe
  2⤵
  PID:1180
- C:\Windows\System\qBOoEaz.exe
  C:\Windows\System\qBOoEaz.exe
  2⤵
  PID:1968
- C:\Windows\System\mKnYFIo.exe
  C:\Windows\System\mKnYFIo.exe
  2⤵
  PID:2160
- C:\Windows\System\azejxQp.exe
  C:\Windows\System\azejxQp.exe
  2⤵
  PID:2232
- C:\Windows\System\ndKJUpr.exe
  C:\Windows\System\ndKJUpr.exe
  2⤵
  PID:1300
- C:\Windows\System\SWyztGW.exe
  C:\Windows\System\SWyztGW.exe
  2⤵
  PID:916
- C:\Windows\System\LsfUqQr.exe
  C:\Windows\System\LsfUqQr.exe
  2⤵
  PID:820
- C:\Windows\System\FMHVwDH.exe
  C:\Windows\System\FMHVwDH.exe
  2⤵
  PID:756
- C:\Windows\System\tDMetdD.exe
  C:\Windows\System\tDMetdD.exe
  2⤵
  PID:1884
- C:\Windows\System\yrUmvDq.exe
  C:\Windows\System\yrUmvDq.exe
  2⤵
  PID:2400
- C:\Windows\System\eyVhzsH.exe
  C:\Windows\System\eyVhzsH.exe
  2⤵
  PID:2884
- C:\Windows\System\hXGzzlE.exe
  C:\Windows\System\hXGzzlE.exe
  2⤵
  PID:2396
- C:\Windows\System\ndFJSxg.exe
  C:\Windows\System\ndFJSxg.exe
  2⤵
  PID:2372
- C:\Windows\System\UXtIPtG.exe
  C:\Windows\System\UXtIPtG.exe
  2⤵
  PID:900
- C:\Windows\System\RkOdLDe.exe
  C:\Windows\System\RkOdLDe.exe
  2⤵
  PID:1876
- C:\Windows\System\tKuyElk.exe
  C:\Windows\System\tKuyElk.exe
  2⤵
  PID:1508
- C:\Windows\System\BLvGIJe.exe
  C:\Windows\System\BLvGIJe.exe
  2⤵
  PID:1544
- C:\Windows\System\MDuGiKC.exe
  C:\Windows\System\MDuGiKC.exe
  2⤵
  PID:2616
- C:\Windows\System\bemDUgS.exe
  C:\Windows\System\bemDUgS.exe
  2⤵
  PID:2008
- C:\Windows\System\LhwpRow.exe
  C:\Windows\System\LhwpRow.exe
  2⤵
  PID:2780
- C:\Windows\System\FFvJrWU.exe
  C:\Windows\System\FFvJrWU.exe
  2⤵
  PID:2904
- C:\Windows\System\JodDPyl.exe
  C:\Windows\System\JodDPyl.exe
  2⤵
  PID:376
- C:\Windows\System\rPQdlWF.exe
  C:\Windows\System\rPQdlWF.exe
  2⤵
  PID:332
- C:\Windows\System\rvIkfJr.exe
  C:\Windows\System\rvIkfJr.exe
  2⤵
  PID:2980
- C:\Windows\System\feCBpkT.exe
  C:\Windows\System\feCBpkT.exe
  2⤵
  PID:1580
- C:\Windows\System\BdPKRzp.exe
  C:\Windows\System\BdPKRzp.exe
  2⤵
  PID:2872
- C:\Windows\System\KvILyPr.exe
  C:\Windows\System\KvILyPr.exe
  2⤵
  PID:2348
- C:\Windows\System\FJuhKjb.exe
  C:\Windows\System\FJuhKjb.exe
  2⤵
  PID:444
- C:\Windows\System\lFmIgGX.exe
  C:\Windows\System\lFmIgGX.exe
  2⤵
  PID:2620
- C:\Windows\System\YFMWhIF.exe
  C:\Windows\System\YFMWhIF.exe
  2⤵
  PID:3080
- C:\Windows\System\kXsMoxu.exe
  C:\Windows\System\kXsMoxu.exe
  2⤵
  PID:3096
- C:\Windows\System\TzTnrYv.exe
  C:\Windows\System\TzTnrYv.exe
  2⤵
  PID:3112
- C:\Windows\System\gpTtPzp.exe
  C:\Windows\System\gpTtPzp.exe
  2⤵
  PID:3128
- C:\Windows\System\JvCruCl.exe
  C:\Windows\System\JvCruCl.exe
  2⤵
  PID:3144
- C:\Windows\System\sWyoYlg.exe
  C:\Windows\System\sWyoYlg.exe
  2⤵
  PID:3160
- C:\Windows\System\oFCYfra.exe
  C:\Windows\System\oFCYfra.exe
  2⤵
  PID:3176
- C:\Windows\System\aHiXMNI.exe
  C:\Windows\System\aHiXMNI.exe
  2⤵
  PID:3192
- C:\Windows\System\XBqdvbJ.exe
  C:\Windows\System\XBqdvbJ.exe
  2⤵
  PID:3208
- C:\Windows\System\ZFvcEYW.exe
  C:\Windows\System\ZFvcEYW.exe
  2⤵
  PID:3224
- C:\Windows\System\GscyeDE.exe
  C:\Windows\System\GscyeDE.exe
  2⤵
  PID:3240
- C:\Windows\System\WShiGFf.exe
  C:\Windows\System\WShiGFf.exe
  2⤵
  PID:3256
- C:\Windows\System\ujvLkYS.exe
  C:\Windows\System\ujvLkYS.exe
  2⤵
  PID:3272
- C:\Windows\System\hyZCcqh.exe
  C:\Windows\System\hyZCcqh.exe
  2⤵
  PID:3288
- C:\Windows\System\xUhOTuU.exe
  C:\Windows\System\xUhOTuU.exe
  2⤵
  PID:3304
- C:\Windows\System\AtqtxfU.exe
  C:\Windows\System\AtqtxfU.exe
  2⤵
  PID:3320
- C:\Windows\System\ixjyaIY.exe
  C:\Windows\System\ixjyaIY.exe
  2⤵
  PID:3336
- C:\Windows\System\neOnMsr.exe
  C:\Windows\System\neOnMsr.exe
  2⤵
  PID:3352
- C:\Windows\System\tGUrvCr.exe
  C:\Windows\System\tGUrvCr.exe
  2⤵
  PID:3368
- C:\Windows\System\qeYHQuJ.exe
  C:\Windows\System\qeYHQuJ.exe
  2⤵
  PID:3384
- C:\Windows\System\ceVqQOF.exe
  C:\Windows\System\ceVqQOF.exe
  2⤵
  PID:3400
- C:\Windows\System\XTotgOK.exe
  C:\Windows\System\XTotgOK.exe
  2⤵
  PID:3416
- C:\Windows\System\EXusDGP.exe
  C:\Windows\System\EXusDGP.exe
  2⤵
  PID:3432
- C:\Windows\System\DIZWhWU.exe
  C:\Windows\System\DIZWhWU.exe
  2⤵
  PID:3448
- C:\Windows\System\sqIKLxZ.exe
  C:\Windows\System\sqIKLxZ.exe
  2⤵
  PID:3464
- C:\Windows\System\rHtuIjK.exe
  C:\Windows\System\rHtuIjK.exe
  2⤵
  PID:3480
- C:\Windows\System\adccfCA.exe
  C:\Windows\System\adccfCA.exe
  2⤵
  PID:3496
- C:\Windows\System\AWIaEnN.exe
  C:\Windows\System\AWIaEnN.exe
  2⤵
  PID:3512
- C:\Windows\System\eFCySuv.exe
  C:\Windows\System\eFCySuv.exe
  2⤵
  PID:3528
- C:\Windows\System\BHgdoni.exe
  C:\Windows\System\BHgdoni.exe
  2⤵
  PID:3544
- C:\Windows\System\jpFoJck.exe
  C:\Windows\System\jpFoJck.exe
  2⤵
  PID:3560
- C:\Windows\System\JMMJIoB.exe
  C:\Windows\System\JMMJIoB.exe
  2⤵
  PID:3576
- C:\Windows\System\rEEhUGz.exe
  C:\Windows\System\rEEhUGz.exe
  2⤵
  PID:3592
- C:\Windows\System\LAzjQDQ.exe
  C:\Windows\System\LAzjQDQ.exe
  2⤵
  PID:3608
- C:\Windows\System\LiUZmtI.exe
  C:\Windows\System\LiUZmtI.exe
  2⤵
  PID:3624
- C:\Windows\System\aUCzIig.exe
  C:\Windows\System\aUCzIig.exe
  2⤵
  PID:3640
- C:\Windows\System\DByvCWy.exe
  C:\Windows\System\DByvCWy.exe
  2⤵
  PID:3656
- C:\Windows\System\XuJhbPW.exe
  C:\Windows\System\XuJhbPW.exe
  2⤵
  PID:3672
- C:\Windows\System\vXbMury.exe
  C:\Windows\System\vXbMury.exe
  2⤵
  PID:3688
- C:\Windows\System\SVNuGzN.exe
  C:\Windows\System\SVNuGzN.exe
  2⤵
  PID:3704
- C:\Windows\System\xsKxmuj.exe
  C:\Windows\System\xsKxmuj.exe
  2⤵
  PID:3720
- C:\Windows\System\rQDCBCO.exe
  C:\Windows\System\rQDCBCO.exe
  2⤵
  PID:3736
- C:\Windows\System\LxdXnNq.exe
  C:\Windows\System\LxdXnNq.exe
  2⤵
  PID:3752
- C:\Windows\System\dizUXCh.exe
  C:\Windows\System\dizUXCh.exe
  2⤵
  PID:3768
- C:\Windows\System\ZEbuPaq.exe
  C:\Windows\System\ZEbuPaq.exe
  2⤵
  PID:3784
- C:\Windows\System\DrqdVaJ.exe
  C:\Windows\System\DrqdVaJ.exe
  2⤵
  PID:3800
- C:\Windows\System\muHPHXZ.exe
  C:\Windows\System\muHPHXZ.exe
  2⤵
  PID:3816
- C:\Windows\System\MlHKCNA.exe
  C:\Windows\System\MlHKCNA.exe
  2⤵
  PID:3832
- C:\Windows\System\vizDLNn.exe
  C:\Windows\System\vizDLNn.exe
  2⤵
  PID:3848
- C:\Windows\System\QcaVNUy.exe
  C:\Windows\System\QcaVNUy.exe
  2⤵
  PID:3864
- C:\Windows\System\VIgGYLn.exe
  C:\Windows\System\VIgGYLn.exe
  2⤵
  PID:3880
- C:\Windows\System\YdQGPgf.exe
  C:\Windows\System\YdQGPgf.exe
  2⤵
  PID:3896
- C:\Windows\System\djngigl.exe
  C:\Windows\System\djngigl.exe
  2⤵
  PID:3912
- C:\Windows\System\DrQCHhG.exe
  C:\Windows\System\DrQCHhG.exe
  2⤵
  PID:3928
- C:\Windows\System\iAaLXkb.exe
  C:\Windows\System\iAaLXkb.exe
  2⤵
  PID:3944
- C:\Windows\System\DFDqfUC.exe
  C:\Windows\System\DFDqfUC.exe
  2⤵
  PID:3960
- C:\Windows\System\LsKFqQW.exe
  C:\Windows\System\LsKFqQW.exe
  2⤵
  PID:3976
- C:\Windows\System\eucMAsv.exe
  C:\Windows\System\eucMAsv.exe
  2⤵
  PID:3992
- C:\Windows\System\wkFYgEL.exe
  C:\Windows\System\wkFYgEL.exe
  2⤵
  PID:4008
- C:\Windows\System\cZIQexH.exe
  C:\Windows\System\cZIQexH.exe
  2⤵
  PID:4024
- C:\Windows\System\RrhtsUf.exe
  C:\Windows\System\RrhtsUf.exe
  2⤵
  PID:4040
- C:\Windows\System\XqOeBbJ.exe
  C:\Windows\System\XqOeBbJ.exe
  2⤵
  PID:4056
- C:\Windows\System\ewputoB.exe
  C:\Windows\System\ewputoB.exe
  2⤵
  PID:4072
- C:\Windows\System\lUVVEJB.exe
  C:\Windows\System\lUVVEJB.exe
  2⤵
  PID:4088
- C:\Windows\System\fYpSnEv.exe
  C:\Windows\System\fYpSnEv.exe
  2⤵
  PID:764
- C:\Windows\System\yfhsqiK.exe
  C:\Windows\System\yfhsqiK.exe
  2⤵
  PID:280
- C:\Windows\System\moiMhdv.exe
  C:\Windows\System\moiMhdv.exe
  2⤵
  PID:704
- C:\Windows\System\rKClSwP.exe
  C:\Windows\System\rKClSwP.exe
  2⤵
  PID:2148
- C:\Windows\System\AHfcnXz.exe
  C:\Windows\System\AHfcnXz.exe
  2⤵
  PID:992
- C:\Windows\System\obHHilO.exe
  C:\Windows\System\obHHilO.exe
  2⤵
  PID:1440
- C:\Windows\System\tuVeKEF.exe
  C:\Windows\System\tuVeKEF.exe
  2⤵
  PID:2688
- C:\Windows\System\pslTvtb.exe
  C:\Windows\System\pslTvtb.exe
  2⤵
  PID:2476
- C:\Windows\System\yIjYpHs.exe
  C:\Windows\System\yIjYpHs.exe
  2⤵
  PID:2352
- C:\Windows\System\TcRAunQ.exe
  C:\Windows\System\TcRAunQ.exe
  2⤵
  PID:1328
- C:\Windows\System\ZcFGkJS.exe
  C:\Windows\System\ZcFGkJS.exe
  2⤵
  PID:3044
- C:\Windows\System\CHpdFxW.exe
  C:\Windows\System\CHpdFxW.exe
  2⤵
  PID:1408
- C:\Windows\System\cVKzAVX.exe
  C:\Windows\System\cVKzAVX.exe
  2⤵
  PID:1836
- C:\Windows\System\vprOyIU.exe
  C:\Windows\System\vprOyIU.exe
  2⤵
  PID:1992
- C:\Windows\System\EtZhrgh.exe
  C:\Windows\System\EtZhrgh.exe
  2⤵
  PID:3120
- C:\Windows\System\rYykAPn.exe
  C:\Windows\System\rYykAPn.exe
  2⤵
  PID:3136
- C:\Windows\System\DtVsFFx.exe
  C:\Windows\System\DtVsFFx.exe
  2⤵
  PID:3184
- C:\Windows\System\modGuIc.exe
  C:\Windows\System\modGuIc.exe
  2⤵
  PID:3200
- C:\Windows\System\xqqrEZk.exe
  C:\Windows\System\xqqrEZk.exe
  2⤵
  PID:3248
- C:\Windows\System\XUvGviS.exe
  C:\Windows\System\XUvGviS.exe
  2⤵
  PID:3264
- C:\Windows\System\iipJLsv.exe
  C:\Windows\System\iipJLsv.exe
  2⤵
  PID:3296
- C:\Windows\System\tBJjbIH.exe
  C:\Windows\System\tBJjbIH.exe
  2⤵
  PID:3328
- C:\Windows\System\ndYXJxU.exe
  C:\Windows\System\ndYXJxU.exe
  2⤵
  PID:3376
- C:\Windows\System\ZhBXVWv.exe
  C:\Windows\System\ZhBXVWv.exe
  2⤵
  PID:3392
- C:\Windows\System\zoTtELg.exe
  C:\Windows\System\zoTtELg.exe
  2⤵
  PID:3424
- C:\Windows\System\jBbuGBr.exe
  C:\Windows\System\jBbuGBr.exe
  2⤵
  PID:3456
- C:\Windows\System\tSDxGBz.exe
  C:\Windows\System\tSDxGBz.exe
  2⤵
  PID:3504
- C:\Windows\System\dsvfrfK.exe
  C:\Windows\System\dsvfrfK.exe
  2⤵
  PID:3520
- C:\Windows\System\OcpdCxO.exe
  C:\Windows\System\OcpdCxO.exe
  2⤵
  PID:3552
- C:\Windows\System\ukbUsjG.exe
  C:\Windows\System\ukbUsjG.exe
  2⤵
  PID:3584
- C:\Windows\System\vZjbbyC.exe
  C:\Windows\System\vZjbbyC.exe
  2⤵
  PID:3616
- C:\Windows\System\aexowEG.exe
  C:\Windows\System\aexowEG.exe
  2⤵
  PID:3648
- C:\Windows\System\oPwoizN.exe
  C:\Windows\System\oPwoizN.exe
  2⤵
  PID:3680
- C:\Windows\System\RdQDzrU.exe
  C:\Windows\System\RdQDzrU.exe
  2⤵
  PID:3712
- C:\Windows\System\axEqYdk.exe
  C:\Windows\System\axEqYdk.exe
  2⤵
  PID:3744
- C:\Windows\System\HiYzSVm.exe
  C:\Windows\System\HiYzSVm.exe
  2⤵
  PID:3776
- C:\Windows\System\vkiqpkM.exe
  C:\Windows\System\vkiqpkM.exe
  2⤵
  PID:3808
- C:\Windows\System\OslLwFL.exe
  C:\Windows\System\OslLwFL.exe
  2⤵
  PID:3856
- C:\Windows\System\ZnHqaAj.exe
  C:\Windows\System\ZnHqaAj.exe
  2⤵
  PID:3872
- C:\Windows\System\woYiidO.exe
  C:\Windows\System\woYiidO.exe
  2⤵
  PID:3904
- C:\Windows\System\umppONE.exe
  C:\Windows\System\umppONE.exe
  2⤵
  PID:3936
- C:\Windows\System\rOuhuKM.exe
  C:\Windows\System\rOuhuKM.exe
  2⤵
  PID:3968
- C:\Windows\System\gocszTo.exe
  C:\Windows\System\gocszTo.exe
  2⤵
  PID:2648
- C:\Windows\System\FdbkEZD.exe
  C:\Windows\System\FdbkEZD.exe
  2⤵
  PID:4020
- C:\Windows\System\kDDuQZh.exe
  C:\Windows\System\kDDuQZh.exe
  2⤵
  PID:4052
- C:\Windows\System\GcAmxHH.exe
  C:\Windows\System\GcAmxHH.exe
  2⤵
  PID:4084
- C:\Windows\System\kbSEnGy.exe
  C:\Windows\System\kbSEnGy.exe
  2⤵
  PID:808
- C:\Windows\System\VMubYid.exe
  C:\Windows\System\VMubYid.exe
  2⤵
  PID:1964
- C:\Windows\System\SSooCnT.exe
  C:\Windows\System\SSooCnT.exe
  2⤵
  PID:2808
- C:\Windows\System\KyRozWU.exe
  C:\Windows\System\KyRozWU.exe
  2⤵
  PID:1860
- C:\Windows\System\wVaGylq.exe
  C:\Windows\System\wVaGylq.exe
  2⤵
  PID:1560
- C:\Windows\System\TkDsiVA.exe
  C:\Windows\System\TkDsiVA.exe
  2⤵
  PID:1212
- C:\Windows\System\MDFRviz.exe
  C:\Windows\System\MDFRviz.exe
  2⤵
  PID:2252
- C:\Windows\System\cOozRJf.exe
  C:\Windows\System\cOozRJf.exe
  2⤵
  PID:3124
- C:\Windows\System\FZhbPtu.exe
  C:\Windows\System\FZhbPtu.exe
  2⤵
  PID:3172
- C:\Windows\System\kQDnMTe.exe
  C:\Windows\System\kQDnMTe.exe
  2⤵
  PID:3220
- C:\Windows\System\TAepoeP.exe
  C:\Windows\System\TAepoeP.exe
  2⤵
  PID:3268
- C:\Windows\System\rXrWJTv.exe
  C:\Windows\System\rXrWJTv.exe
  2⤵
  PID:3348
- C:\Windows\System\BEGPyDR.exe
  C:\Windows\System\BEGPyDR.exe
  2⤵
  PID:3396
- C:\Windows\System\atNFTBf.exe
  C:\Windows\System\atNFTBf.exe
  2⤵
  PID:3444
- C:\Windows\System\MYQIEaP.exe
  C:\Windows\System\MYQIEaP.exe
  2⤵
  PID:3492
- C:\Windows\System\BKubzHH.exe
  C:\Windows\System\BKubzHH.exe
  2⤵
  PID:3524
- C:\Windows\System\YrnUgvr.exe
  C:\Windows\System\YrnUgvr.exe
  2⤵
  PID:3636
- C:\Windows\System\TxAFmhx.exe
  C:\Windows\System\TxAFmhx.exe
  2⤵
  PID:3668
- C:\Windows\System\WbQnJWZ.exe
  C:\Windows\System\WbQnJWZ.exe
  2⤵
  PID:3732
- C:\Windows\System\nZVMyQg.exe
  C:\Windows\System\nZVMyQg.exe
  2⤵
  PID:3796
- C:\Windows\System\wtNwIos.exe
  C:\Windows\System\wtNwIos.exe
  2⤵
  PID:3892
- C:\Windows\System\XwnLspt.exe
  C:\Windows\System\XwnLspt.exe
  2⤵
  PID:3940
- C:\Windows\System\xFBZxgn.exe
  C:\Windows\System\xFBZxgn.exe
  2⤵
  PID:3972
- C:\Windows\System\lEqArpT.exe
  C:\Windows\System\lEqArpT.exe
  2⤵
  PID:4080
- C:\Windows\System\ktWZwFw.exe
  C:\Windows\System\ktWZwFw.exe
  2⤵
  PID:1976
- C:\Windows\System\fsRuXWl.exe
  C:\Windows\System\fsRuXWl.exe
  2⤵
  PID:2712
- C:\Windows\System\nxutbAv.exe
  C:\Windows\System\nxutbAv.exe
  2⤵
  PID:2504
- C:\Windows\System\sWzcZTc.exe
  C:\Windows\System\sWzcZTc.exe
  2⤵
  PID:920
- C:\Windows\System\QOKlCvf.exe
  C:\Windows\System\QOKlCvf.exe
  2⤵
  PID:3092
- C:\Windows\System\HtSVHPO.exe
  C:\Windows\System\HtSVHPO.exe
  2⤵
  PID:4108
- C:\Windows\System\LVujSjS.exe
  C:\Windows\System\LVujSjS.exe
  2⤵
  PID:4124
- C:\Windows\System\HFLAYDw.exe
  C:\Windows\System\HFLAYDw.exe
  2⤵
  PID:4140
- C:\Windows\System\VhzBKhq.exe
  C:\Windows\System\VhzBKhq.exe
  2⤵
  PID:4156
- C:\Windows\System\CnvbVoH.exe
  C:\Windows\System\CnvbVoH.exe
  2⤵
  PID:4172
- C:\Windows\System\ZNJbcJe.exe
  C:\Windows\System\ZNJbcJe.exe
  2⤵
  PID:4188
- C:\Windows\System\ocVhRYX.exe
  C:\Windows\System\ocVhRYX.exe
  2⤵
  PID:4204
- C:\Windows\System\oEMWqiX.exe
  C:\Windows\System\oEMWqiX.exe
  2⤵
  PID:4220
- C:\Windows\System\dwZvVMz.exe
  C:\Windows\System\dwZvVMz.exe
  2⤵
  PID:4236
- C:\Windows\System\TlRQDDg.exe
  C:\Windows\System\TlRQDDg.exe
  2⤵
  PID:4252
- C:\Windows\System\lsNKYpP.exe
  C:\Windows\System\lsNKYpP.exe
  2⤵
  PID:4268
- C:\Windows\System\vwlIPOR.exe
  C:\Windows\System\vwlIPOR.exe
  2⤵
  PID:4284
- C:\Windows\System\ZBVnXTw.exe
  C:\Windows\System\ZBVnXTw.exe
  2⤵
  PID:4300
- C:\Windows\System\vrDxTwj.exe
  C:\Windows\System\vrDxTwj.exe
  2⤵
  PID:4316
- C:\Windows\System\SFxeeIq.exe
  C:\Windows\System\SFxeeIq.exe
  2⤵
  PID:4336
- C:\Windows\System\IFOHXtk.exe
  C:\Windows\System\IFOHXtk.exe
  2⤵
  PID:4352
- C:\Windows\System\EmUARmY.exe
  C:\Windows\System\EmUARmY.exe
  2⤵
  PID:4368
- C:\Windows\System\BufLfti.exe
  C:\Windows\System\BufLfti.exe
  2⤵
  PID:4384
- C:\Windows\System\FOwKoGa.exe
  C:\Windows\System\FOwKoGa.exe
  2⤵
  PID:4400
- C:\Windows\System\UJgcZvU.exe
  C:\Windows\System\UJgcZvU.exe
  2⤵
  PID:4416
- C:\Windows\System\qDiOkkm.exe
  C:\Windows\System\qDiOkkm.exe
  2⤵
  PID:4432
- C:\Windows\System\CPrLzyn.exe
  C:\Windows\System\CPrLzyn.exe
  2⤵
  PID:4792
- C:\Windows\System\FJpyUvr.exe
  C:\Windows\System\FJpyUvr.exe
  2⤵
  PID:4844
- C:\Windows\System\TPPOEhn.exe
  C:\Windows\System\TPPOEhn.exe
  2⤵
  PID:3140
- C:\Windows\System\lkwjjvI.exe
  C:\Windows\System\lkwjjvI.exe
  2⤵
  PID:2144
- C:\Windows\System\CteVNxf.exe
  C:\Windows\System\CteVNxf.exe
  2⤵
  PID:4264
- C:\Windows\System\qhbCBRl.exe
  C:\Windows\System\qhbCBRl.exe
  2⤵
  PID:4148
- C:\Windows\System\dQNfaYs.exe
  C:\Windows\System\dQNfaYs.exe
  2⤵
  PID:4216
- C:\Windows\System\FprxLMd.exe
  C:\Windows\System\FprxLMd.exe
  2⤵
  PID:3068
- C:\Windows\System\DhZvdaV.exe
  C:\Windows\System\DhZvdaV.exe
  2⤵
  PID:4392
- C:\Windows\System\ibGvwWz.exe
  C:\Windows\System\ibGvwWz.exe
  2⤵
  PID:4312
- C:\Windows\System\QKUxdqj.exe
  C:\Windows\System\QKUxdqj.exe
  2⤵
  PID:4348
- C:\Windows\System\rGCVvnh.exe
  C:\Windows\System\rGCVvnh.exe
  2⤵
  PID:4412
- C:\Windows\System\JoDCqJR.exe
  C:\Windows\System\JoDCqJR.exe
  2⤵
  PID:4460
- C:\Windows\System\uGRUEaF.exe
  C:\Windows\System\uGRUEaF.exe
  2⤵
  PID:4476
- C:\Windows\System\fwDgeNP.exe
  C:\Windows\System\fwDgeNP.exe
  2⤵
  PID:4492
- C:\Windows\System\hdSTTfV.exe
  C:\Windows\System\hdSTTfV.exe
  2⤵
  PID:4508
- C:\Windows\System\TqXqnBY.exe
  C:\Windows\System\TqXqnBY.exe
  2⤵
  PID:4532
- C:\Windows\System\oMVaHFh.exe
  C:\Windows\System\oMVaHFh.exe
  2⤵
  PID:4544
- C:\Windows\System\LcdRkkC.exe
  C:\Windows\System\LcdRkkC.exe
  2⤵
  PID:4560
- C:\Windows\System\Aknnckl.exe
  C:\Windows\System\Aknnckl.exe
  2⤵
  PID:4576
- C:\Windows\System\rpTeOZD.exe
  C:\Windows\System\rpTeOZD.exe
  2⤵
  PID:4596
- C:\Windows\System\ONrZWPs.exe
  C:\Windows\System\ONrZWPs.exe
  2⤵
  PID:4616
- C:\Windows\System\SeXlKSB.exe
  C:\Windows\System\SeXlKSB.exe
  2⤵
  PID:4636
- C:\Windows\System\wxEXyOE.exe
  C:\Windows\System\wxEXyOE.exe
  2⤵
  PID:4652
- C:\Windows\System\HVvulRw.exe
  C:\Windows\System\HVvulRw.exe
  2⤵
  PID:4672
- C:\Windows\System\czzsXWQ.exe
  C:\Windows\System\czzsXWQ.exe
  2⤵
  PID:4692
- C:\Windows\System\BSbaSvW.exe
  C:\Windows\System\BSbaSvW.exe
  2⤵
  PID:4708
- C:\Windows\System\JezISjT.exe
  C:\Windows\System\JezISjT.exe
  2⤵
  PID:4736
- C:\Windows\System\fLPWiQA.exe
  C:\Windows\System\fLPWiQA.exe
  2⤵
  PID:4760
- C:\Windows\System\wGpJMgx.exe
  C:\Windows\System\wGpJMgx.exe
  2⤵
  PID:4780
- C:\Windows\System\rcygdiR.exe
  C:\Windows\System\rcygdiR.exe
  2⤵
  PID:2488
- C:\Windows\System\dGfyBBH.exe
  C:\Windows\System\dGfyBBH.exe
  2⤵
  PID:2556
- C:\Windows\System\nHZhpLb.exe
  C:\Windows\System\nHZhpLb.exe
  2⤵
  PID:2944
- C:\Windows\System\XeSfLLH.exe
  C:\Windows\System\XeSfLLH.exe
  2⤵
  PID:2964
- C:\Windows\System\xUBQcGw.exe
  C:\Windows\System\xUBQcGw.exe
  2⤵
  PID:1680
- C:\Windows\System\sLyvIMj.exe
  C:\Windows\System\sLyvIMj.exe
  2⤵
  PID:2856
- C:\Windows\System\yWvufGG.exe
  C:\Windows\System\yWvufGG.exe
  2⤵
  PID:584
- C:\Windows\System\ILnSiTB.exe
  C:\Windows\System\ILnSiTB.exe
  2⤵
  PID:1920
- C:\Windows\System\kwhWtwj.exe
  C:\Windows\System\kwhWtwj.exe
  2⤵
  PID:1472
- C:\Windows\System\wjEWVzt.exe
  C:\Windows\System\wjEWVzt.exe
  2⤵
  PID:1600
- C:\Windows\System\lSoIUBv.exe
  C:\Windows\System\lSoIUBv.exe
  2⤵
  PID:2448
- C:\Windows\System\EnZcmzD.exe
  C:\Windows\System\EnZcmzD.exe
  2⤵
  PID:4880
- C:\Windows\System\yfcUCjq.exe
  C:\Windows\System\yfcUCjq.exe
  2⤵
  PID:4900
- C:\Windows\System\RPabBVm.exe
  C:\Windows\System\RPabBVm.exe
  2⤵
  PID:4920
- C:\Windows\System\IcyyIZY.exe
  C:\Windows\System\IcyyIZY.exe
  2⤵
  PID:4940
- C:\Windows\System\XNhbdSV.exe
  C:\Windows\System\XNhbdSV.exe
  2⤵
  PID:4960
- C:\Windows\System\Lrvjxpj.exe
  C:\Windows\System\Lrvjxpj.exe
  2⤵
  PID:4976
- C:\Windows\System\HTpVySO.exe
  C:\Windows\System\HTpVySO.exe
  2⤵
  PID:4992
- C:\Windows\System\QKGIhXj.exe
  C:\Windows\System\QKGIhXj.exe
  2⤵
  PID:4568
- C:\Windows\System\lOVjpht.exe
  C:\Windows\System\lOVjpht.exe
  2⤵
  PID:4648
- C:\Windows\System\BdPWpPV.exe
  C:\Windows\System\BdPWpPV.exe
  2⤵
  PID:4716
- C:\Windows\System\YIxtrNU.exe
  C:\Windows\System\YIxtrNU.exe
  2⤵
  PID:4732
- C:\Windows\System\srhOEur.exe
  C:\Windows\System\srhOEur.exe
  2⤵
  PID:4996
- C:\Windows\System\KjODFoI.exe
  C:\Windows\System\KjODFoI.exe
  2⤵
  PID:5068
- C:\Windows\System\QPbuomG.exe
  C:\Windows\System\QPbuomG.exe
  2⤵
  PID:5104
- C:\Windows\System\VbGnVob.exe
  C:\Windows\System\VbGnVob.exe
  2⤵
  PID:4228
- C:\Windows\System\IeubNfm.exe
  C:\Windows\System\IeubNfm.exe
  2⤵
  PID:4364
- C:\Windows\System\sAzGKML.exe
  C:\Windows\System\sAzGKML.exe
  2⤵
  PID:4744
- C:\Windows\System\NLdTJhz.exe
  C:\Windows\System\NLdTJhz.exe
  2⤵
  PID:4980
- C:\Windows\System\LFAkeYW.exe
  C:\Windows\System\LFAkeYW.exe
  2⤵
  PID:5032
- C:\Windows\System\LPmFVep.exe
  C:\Windows\System\LPmFVep.exe
  2⤵
  PID:1568
- C:\Windows\System\YpAsHvq.exe
  C:\Windows\System\YpAsHvq.exe
  2⤵
  PID:4260
- C:\Windows\System\OZuyKXq.exe
  C:\Windows\System\OZuyKXq.exe
  2⤵
  PID:4164
- C:\Windows\System\VKzMqtj.exe
  C:\Windows\System\VKzMqtj.exe
  2⤵
  PID:5100
- C:\Windows\System\CfvpDwt.exe
  C:\Windows\System\CfvpDwt.exe
  2⤵
  PID:5072
- C:\Windows\System\BPlSJEA.exe
  C:\Windows\System\BPlSJEA.exe
  2⤵
  PID:4852
- C:\Windows\System\oTSmUPH.exe
  C:\Windows\System\oTSmUPH.exe
  2⤵
  PID:4836
- C:\Windows\System\lzSebQf.exe
  C:\Windows\System\lzSebQf.exe
  2⤵
  PID:4820
- C:\Windows\System\sZSLjgc.exe
  C:\Windows\System\sZSLjgc.exe
  2⤵
  PID:4748
- C:\Windows\System\DkjYwtT.exe
  C:\Windows\System\DkjYwtT.exe
  2⤵
  PID:4628
- C:\Windows\System\dVGdJGp.exe
  C:\Windows\System\dVGdJGp.exe
  2⤵
  PID:1444
- C:\Windows\System\eBDUFsy.exe
  C:\Windows\System\eBDUFsy.exe
  2⤵
  PID:2732
- C:\Windows\System\xkzTrOr.exe
  C:\Windows\System\xkzTrOr.exe
  2⤵
  PID:2276
- C:\Windows\System\sTecffI.exe
  C:\Windows\System\sTecffI.exe
  2⤵
  PID:2584
- C:\Windows\System\caHyfFl.exe
  C:\Windows\System\caHyfFl.exe
  2⤵
  PID:1556
- C:\Windows\System\KSDMiYX.exe
  C:\Windows\System\KSDMiYX.exe
  2⤵
  PID:3316
- C:\Windows\System\awCZtOX.exe
  C:\Windows\System\awCZtOX.exe
  2⤵
  PID:2588
- C:\Windows\System\bJYZXoH.exe
  C:\Windows\System\bJYZXoH.exe
  2⤵
  PID:3684
- C:\Windows\System\HaiwUux.exe
  C:\Windows\System\HaiwUux.exe
  2⤵
  PID:3988
- C:\Windows\System\ElxzHhH.exe
  C:\Windows\System\ElxzHhH.exe
  2⤵
  PID:2804
- C:\Windows\System\VcgqwwV.exe
  C:\Windows\System\VcgqwwV.exe
  2⤵
  PID:2124
- C:\Windows\System\YMwlwQT.exe
  C:\Windows\System\YMwlwQT.exe
  2⤵
  PID:2836
- C:\Windows\System\AKTwgPA.exe
  C:\Windows\System\AKTwgPA.exe
  2⤵
  PID:4120
- C:\Windows\System\KMiAZWO.exe
  C:\Windows\System\KMiAZWO.exe
  2⤵
  PID:4892
- C:\Windows\System\NeteiZQ.exe
  C:\Windows\System\NeteiZQ.exe
  2⤵
  PID:5020
- C:\Windows\System\lwjBCAd.exe
  C:\Windows\System\lwjBCAd.exe
  2⤵
  PID:4952
- C:\Windows\System\fvqYRtk.exe
  C:\Windows\System\fvqYRtk.exe
  2⤵
  PID:4688
- C:\Windows\System\YwgbZdp.exe
  C:\Windows\System\YwgbZdp.exe
  2⤵
  PID:5084
- C:\Windows\System\hyLtVUJ.exe
  C:\Windows\System\hyLtVUJ.exe
  2⤵
  PID:4168
- C:\Windows\System\jmTxfCU.exe
  C:\Windows\System\jmTxfCU.exe
  2⤵
  PID:5096
- C:\Windows\System\krktiMY.exe
  C:\Windows\System\krktiMY.exe
  2⤵
  PID:4488
- C:\Windows\System\lLjMRRX.exe
  C:\Windows\System\lLjMRRX.exe
  2⤵
  PID:4812
- C:\Windows\System\ApBwULQ.exe
  C:\Windows\System\ApBwULQ.exe
  2⤵
  PID:4944
- C:\Windows\System\AnpUoRv.exe
  C:\Windows\System\AnpUoRv.exe
  2⤵
  PID:3156
- C:\Windows\System\UFwJCeA.exe
  C:\Windows\System\UFwJCeA.exe
  2⤵
  PID:4832
- C:\Windows\System\KsaFqWE.exe
  C:\Windows\System\KsaFqWE.exe
  2⤵
  PID:5080
- C:\Windows\System\lLIuBup.exe
  C:\Windows\System\lLIuBup.exe
  2⤵
  PID:5064
- C:\Windows\System\fZLWFue.exe
  C:\Windows\System\fZLWFue.exe
  2⤵
  PID:4668
- C:\Windows\System\RSMwZmu.exe
  C:\Windows\System\RSMwZmu.exe
  2⤵
  PID:2992
- C:\Windows\System\emgAcuy.exe
  C:\Windows\System\emgAcuy.exe
  2⤵
  PID:1940
- C:\Windows\System\FhBOrtW.exe
  C:\Windows\System\FhBOrtW.exe
  2⤵
  PID:2580
- C:\Windows\System\jlqDZjb.exe
  C:\Windows\System\jlqDZjb.exe
  2⤵
  PID:2936
- C:\Windows\System\hgPBlyW.exe
  C:\Windows\System\hgPBlyW.exe
  2⤵
  PID:2968
- C:\Windows\System\scwhbdL.exe
  C:\Windows\System\scwhbdL.exe
  2⤵
  PID:1648
- C:\Windows\System\AcLEbsG.exe
  C:\Windows\System\AcLEbsG.exe
  2⤵
  PID:4280
- C:\Windows\System\YmTXHIn.exe
  C:\Windows\System\YmTXHIn.exe
  2⤵
  PID:2012
- C:\Windows\System\jvxrnqW.exe
  C:\Windows\System\jvxrnqW.exe
  2⤵
  PID:3364
- C:\Windows\System\hbsnZpC.exe
  C:\Windows\System\hbsnZpC.exe
  2⤵
  PID:3748
- C:\Windows\System\AKlFcAH.exe
  C:\Windows\System\AKlFcAH.exe
  2⤵
  PID:3572
- C:\Windows\System\oWRkNnJ.exe
  C:\Windows\System\oWRkNnJ.exe
  2⤵
  PID:3828
- C:\Windows\System\FNtTWrN.exe
  C:\Windows\System\FNtTWrN.exe
  2⤵
  PID:4104
- C:\Windows\System\obuKoEz.exe
  C:\Windows\System\obuKoEz.exe
  2⤵
  PID:4132
- C:\Windows\System\MjKPFAs.exe
  C:\Windows\System\MjKPFAs.exe
  2⤵
  PID:4876
- C:\Windows\System\RfotLKM.exe
  C:\Windows\System\RfotLKM.exe
  2⤵
  PID:4324
- C:\Windows\System\zkdgFxQ.exe
  C:\Windows\System\zkdgFxQ.exe
  2⤵
  PID:4380
- C:\Windows\System\wIHgcgp.exe
  C:\Windows\System\wIHgcgp.exe
  2⤵
  PID:4592
- C:\Windows\System\PXtAemM.exe
  C:\Windows\System\PXtAemM.exe
  2⤵
  PID:5012
- C:\Windows\System\QPOmJSd.exe
  C:\Windows\System\QPOmJSd.exe
  2⤵
  PID:4972
- C:\Windows\System\TjkXscn.exe
  C:\Windows\System\TjkXscn.exe
  2⤵
  PID:4536
- C:\Windows\System\oYKPhWx.exe
  C:\Windows\System\oYKPhWx.exe
  2⤵
  PID:4788
- C:\Windows\System\SqvHncx.exe
  C:\Windows\System\SqvHncx.exe
  2⤵
  PID:5008
- C:\Windows\System\RSNVUkm.exe
  C:\Windows\System\RSNVUkm.exe
  2⤵
  PID:4684
- C:\Windows\System\avcEAjc.exe
  C:\Windows\System\avcEAjc.exe
  2⤵
  PID:2976
- C:\Windows\System\IAlhfNU.exe
  C:\Windows\System\IAlhfNU.exe
  2⤵
  PID:1416
- C:\Windows\System\sOVzQLS.exe
  C:\Windows\System\sOVzQLS.exe
  2⤵
  PID:4200
- C:\Windows\System\BQdZBOO.exe
  C:\Windows\System\BQdZBOO.exe
  2⤵
  PID:1576
- C:\Windows\System\hynXfNZ.exe
  C:\Windows\System\hynXfNZ.exe
  2⤵
  PID:1628
- C:\Windows\System\cAVWBaq.exe
  C:\Windows\System\cAVWBaq.exe
  2⤵
  PID:5140
- C:\Windows\System\WvRwapX.exe
  C:\Windows\System\WvRwapX.exe
  2⤵
  PID:5156
- C:\Windows\System\oMudgVn.exe
  C:\Windows\System\oMudgVn.exe
  2⤵
  PID:5172
- C:\Windows\System\cSeGyZm.exe
  C:\Windows\System\cSeGyZm.exe
  2⤵
  PID:5188
- C:\Windows\System\OHrCzDZ.exe
  C:\Windows\System\OHrCzDZ.exe
  2⤵
  PID:5208
- C:\Windows\System\tAuFpPw.exe
  C:\Windows\System\tAuFpPw.exe
  2⤵
  PID:5228
- C:\Windows\System\VnNHzOR.exe
  C:\Windows\System\VnNHzOR.exe
  2⤵
  PID:5244
- C:\Windows\System\WHoMGPC.exe
  C:\Windows\System\WHoMGPC.exe
  2⤵
  PID:5260
- C:\Windows\System\iwqnMIB.exe
  C:\Windows\System\iwqnMIB.exe
  2⤵
  PID:5280
- C:\Windows\System\JcoQAwE.exe
  C:\Windows\System\JcoQAwE.exe
  2⤵
  PID:5424
- C:\Windows\System\xmCRLEQ.exe
  C:\Windows\System\xmCRLEQ.exe
  2⤵
  PID:5440
- C:\Windows\System\uJKuqCZ.exe
  C:\Windows\System\uJKuqCZ.exe
  2⤵
  PID:5456
- C:\Windows\System\SUukZnZ.exe
  C:\Windows\System\SUukZnZ.exe
  2⤵
  PID:5476
- C:\Windows\System\qXqzusE.exe
  C:\Windows\System\qXqzusE.exe
  2⤵
  PID:5492
- C:\Windows\System\xdKLFEF.exe
  C:\Windows\System\xdKLFEF.exe
  2⤵
  PID:5512
- C:\Windows\System\BkcjcRW.exe
  C:\Windows\System\BkcjcRW.exe
  2⤵
  PID:5528
- C:\Windows\System\TwcjEHb.exe
  C:\Windows\System\TwcjEHb.exe
  2⤵
  PID:5568
- C:\Windows\System\oVjvUXb.exe
  C:\Windows\System\oVjvUXb.exe
  2⤵
  PID:5584
- C:\Windows\System\AmASajY.exe
  C:\Windows\System\AmASajY.exe
  2⤵
  PID:5600
- C:\Windows\System\BbCzZTA.exe
  C:\Windows\System\BbCzZTA.exe
  2⤵
  PID:5616
- C:\Windows\System\IJDGKbn.exe
  C:\Windows\System\IJDGKbn.exe
  2⤵
  PID:5632
- C:\Windows\System\uxvumBk.exe
  C:\Windows\System\uxvumBk.exe
  2⤵
  PID:5648
- C:\Windows\System\GdqCFTW.exe
  C:\Windows\System\GdqCFTW.exe
  2⤵
  PID:5676
- C:\Windows\System\OlopWXr.exe
  C:\Windows\System\OlopWXr.exe
  2⤵
  PID:5692
- C:\Windows\System\mXdvtiv.exe
  C:\Windows\System\mXdvtiv.exe
  2⤵
  PID:5712
- C:\Windows\System\ohxVwxT.exe
  C:\Windows\System\ohxVwxT.exe
  2⤵
  PID:5732
- C:\Windows\System\qTUGPSz.exe
  C:\Windows\System\qTUGPSz.exe
  2⤵
  PID:5748
- C:\Windows\System\njuTcxY.exe
  C:\Windows\System\njuTcxY.exe
  2⤵
  PID:5764
- C:\Windows\System\bcCmvgX.exe
  C:\Windows\System\bcCmvgX.exe
  2⤵
  PID:5780
- C:\Windows\System\tucqQGm.exe
  C:\Windows\System\tucqQGm.exe
  2⤵
  PID:5796
- C:\Windows\System\elQSgoC.exe
  C:\Windows\System\elQSgoC.exe
  2⤵
  PID:5836
- C:\Windows\System\yaYUNqq.exe
  C:\Windows\System\yaYUNqq.exe
  2⤵
  PID:5856
- C:\Windows\System\iGaBbYq.exe
  C:\Windows\System\iGaBbYq.exe
  2⤵
  PID:5900
- C:\Windows\System\xcWEwUj.exe
  C:\Windows\System\xcWEwUj.exe
  2⤵
  PID:5916
- C:\Windows\System\ZUohNCq.exe
  C:\Windows\System\ZUohNCq.exe
  2⤵
  PID:5932
- C:\Windows\System\keUwvqi.exe
  C:\Windows\System\keUwvqi.exe
  2⤵
  PID:5948
- C:\Windows\System\BabbDKc.exe
  C:\Windows\System\BabbDKc.exe
  2⤵
  PID:5964
- C:\Windows\System\AzQyQQR.exe
  C:\Windows\System\AzQyQQR.exe
  2⤵
  PID:5984
- C:\Windows\System\Ulbwwml.exe
  C:\Windows\System\Ulbwwml.exe
  2⤵
  PID:6000
- C:\Windows\System\ncaCsqJ.exe
  C:\Windows\System\ncaCsqJ.exe
  2⤵
  PID:6016
- C:\Windows\System\LoXrTkf.exe
  C:\Windows\System\LoXrTkf.exe
  2⤵
  PID:6032
- C:\Windows\System\UWdaqix.exe
  C:\Windows\System\UWdaqix.exe
  2⤵
  PID:6048
- C:\Windows\System\uDJuimu.exe
  C:\Windows\System\uDJuimu.exe
  2⤵
  PID:6064
- C:\Windows\System\PFCpZPN.exe
  C:\Windows\System\PFCpZPN.exe
  2⤵
  PID:6084
- C:\Windows\System\ZmEAhPG.exe
  C:\Windows\System\ZmEAhPG.exe
  2⤵
  PID:6100
- C:\Windows\System\oqBEhoJ.exe
  C:\Windows\System\oqBEhoJ.exe
  2⤵
  PID:6116
- C:\Windows\System\vkDjlvB.exe
  C:\Windows\System\vkDjlvB.exe
  2⤵
  PID:6136
- C:\Windows\System\RcWIvIu.exe
  C:\Windows\System\RcWIvIu.exe
  2⤵
  PID:4888
- C:\Windows\System\AZvwUDy.exe
  C:\Windows\System\AZvwUDy.exe
  2⤵
  PID:2500
- C:\Windows\System\aewjZwx.exe
  C:\Windows\System\aewjZwx.exe
  2⤵
  PID:4472
- C:\Windows\System\MXMPVQq.exe
  C:\Windows\System\MXMPVQq.exe
  2⤵
  PID:2496
- C:\Windows\System\LiITDLd.exe
  C:\Windows\System\LiITDLd.exe
  2⤵
  PID:4500
- C:\Windows\System\ytbRLeT.exe
  C:\Windows\System\ytbRLeT.exe
  2⤵
  PID:5236
- C:\Windows\System\euBSaKz.exe
  C:\Windows\System\euBSaKz.exe
  2⤵
  PID:4484
- C:\Windows\System\DMYKwzO.exe
  C:\Windows\System\DMYKwzO.exe
  2⤵
  PID:4424
- C:\Windows\System\ujfcrRQ.exe
  C:\Windows\System\ujfcrRQ.exe
  2⤵
  PID:2940
- C:\Windows\System\WcHrSxE.exe
  C:\Windows\System\WcHrSxE.exe
  2⤵
  PID:5024
- C:\Windows\System\muWYspF.exe
  C:\Windows\System\muWYspF.exe
  2⤵
  PID:5136
- C:\Windows\System\mfTInNL.exe
  C:\Windows\System\mfTInNL.exe
  2⤵
  PID:5204
- C:\Windows\System\eOckJkA.exe
  C:\Windows\System\eOckJkA.exe
  2⤵
  PID:4968
- C:\Windows\System\GEBMmAe.exe
  C:\Windows\System\GEBMmAe.exe
  2⤵
  PID:5224
- C:\Windows\System\AEUxEBB.exe
  C:\Windows\System\AEUxEBB.exe
  2⤵
  PID:972
- C:\Windows\System\TYdzqhS.exe
  C:\Windows\System\TYdzqhS.exe
  2⤵
  PID:3876
- C:\Windows\System\VMaUeNL.exe
  C:\Windows\System\VMaUeNL.exe
  2⤵
  PID:5300
- C:\Windows\System\JhaHggc.exe
  C:\Windows\System\JhaHggc.exe
  2⤵
  PID:2568
- C:\Windows\System\QViJlgd.exe
  C:\Windows\System\QViJlgd.exe
  2⤵
  PID:5324
- C:\Windows\System\eYbTsLF.exe
  C:\Windows\System\eYbTsLF.exe
  2⤵
  PID:3556
- C:\Windows\System\LwmNMTb.exe
  C:\Windows\System\LwmNMTb.exe
  2⤵
  PID:5352
- C:\Windows\System\zTGHGwD.exe
  C:\Windows\System\zTGHGwD.exe
  2⤵
  PID:5344
- C:\Windows\System\CGiLlGt.exe
  C:\Windows\System\CGiLlGt.exe
  2⤵
  PID:5368
- C:\Windows\System\YnxvMHP.exe
  C:\Windows\System\YnxvMHP.exe
  2⤵
  PID:5392
- C:\Windows\System\laEZXDj.exe
  C:\Windows\System\laEZXDj.exe
  2⤵
  PID:5416
- C:\Windows\System\cpqlgBO.exe
  C:\Windows\System\cpqlgBO.exe
  2⤵
  PID:5468
- C:\Windows\System\BxSuBde.exe
  C:\Windows\System\BxSuBde.exe
  2⤵
  PID:5488
- C:\Windows\System\FnzqQei.exe
  C:\Windows\System\FnzqQei.exe
  2⤵
  PID:5508
- C:\Windows\System\MDyyHyv.exe
  C:\Windows\System\MDyyHyv.exe
  2⤵
  PID:5548
- C:\Windows\System\fKXmmJT.exe
  C:\Windows\System\fKXmmJT.exe
  2⤵
  PID:4956
- C:\Windows\System\ZhWyXtG.exe
  C:\Windows\System\ZhWyXtG.exe
  2⤵
  PID:5624
- C:\Windows\System\MdFCmPc.exe
  C:\Windows\System\MdFCmPc.exe
  2⤵
  PID:5656
- C:\Windows\System\jXrvpUI.exe
  C:\Windows\System\jXrvpUI.exe
  2⤵
  PID:5708
- C:\Windows\System\QpQWOXJ.exe
  C:\Windows\System\QpQWOXJ.exe
  2⤵
  PID:5684
- C:\Windows\System\okYqLcs.exe
  C:\Windows\System\okYqLcs.exe
  2⤵
  PID:5612
- C:\Windows\System\XrYEtrC.exe
  C:\Windows\System\XrYEtrC.exe
  2⤵
  PID:5776
- C:\Windows\System\gyoZXoD.exe
  C:\Windows\System\gyoZXoD.exe
  2⤵
  PID:5832
- C:\Windows\System\IymmBal.exe
  C:\Windows\System\IymmBal.exe
  2⤵
  PID:5864
- C:\Windows\System\SUaBAGH.exe
  C:\Windows\System\SUaBAGH.exe
  2⤵
  PID:5756
- C:\Windows\System\bOTVQyv.exe
  C:\Windows\System\bOTVQyv.exe
  2⤵
  PID:5848
- C:\Windows\System\SAsMXrz.exe
  C:\Windows\System\SAsMXrz.exe
  2⤵
  PID:5876
- C:\Windows\System\gsNPbfE.exe
  C:\Windows\System\gsNPbfE.exe
  2⤵
  PID:5888
- C:\Windows\System\QnqXCUs.exe
  C:\Windows\System\QnqXCUs.exe
  2⤵
  PID:6024
- C:\Windows\System\sOIbEbL.exe
  C:\Windows\System\sOIbEbL.exe
  2⤵
  PID:6096
- C:\Windows\System\cBnhrLL.exe
  C:\Windows\System\cBnhrLL.exe
  2⤵
  PID:4936
- C:\Windows\System\VzLtsDv.exe
  C:\Windows\System\VzLtsDv.exe
  2⤵
  PID:4856
- C:\Windows\System\xpjDxuH.exe
  C:\Windows\System\xpjDxuH.exe
  2⤵
  PID:5168
- C:\Windows\System\MzFtaFs.exe
  C:\Windows\System\MzFtaFs.exe
  2⤵
  PID:5940
- C:\Windows\System\IkqkQoZ.exe
  C:\Windows\System\IkqkQoZ.exe
  2⤵
  PID:6072
- C:\Windows\System\dalgVqj.exe
  C:\Windows\System\dalgVqj.exe
  2⤵
  PID:5972
- C:\Windows\System\diOzOFh.exe
  C:\Windows\System\diOzOFh.exe
  2⤵
  PID:5152
- C:\Windows\System\HkdDxaE.exe
  C:\Windows\System\HkdDxaE.exe
  2⤵
  PID:1492
- C:\Windows\System\LhUbWzE.exe
  C:\Windows\System\LhUbWzE.exe
  2⤵
  PID:3476
- C:\Windows\System\NzZHiVK.exe
  C:\Windows\System\NzZHiVK.exe
  2⤵
  PID:2564
- C:\Windows\System\eECxzAB.exe
  C:\Windows\System\eECxzAB.exe
  2⤵
  PID:6108
- C:\Windows\System\ilbcBgj.exe
  C:\Windows\System\ilbcBgj.exe
  2⤵
  PID:5184
- C:\Windows\System\WNXEnBw.exe
  C:\Windows\System\WNXEnBw.exe
  2⤵
  PID:5148
- C:\Windows\System\hbzaUHF.exe
  C:\Windows\System\hbzaUHF.exe
  2⤵
  PID:5056
- C:\Windows\System\BxMxoSN.exe
  C:\Windows\System\BxMxoSN.exe
  2⤵
  PID:3924
- C:\Windows\System\cIDBNoP.exe
  C:\Windows\System\cIDBNoP.exe
  2⤵
  PID:5296
- C:\Windows\System\qWwboAS.exe
  C:\Windows\System\qWwboAS.exe
  2⤵
  PID:2644
- C:\Windows\System\nHjDgEm.exe
  C:\Windows\System\nHjDgEm.exe
  2⤵
  PID:2864
- C:\Windows\System\CsuaTso.exe
  C:\Windows\System\CsuaTso.exe
  2⤵
  PID:5388
- C:\Windows\System\DLrIjxy.exe
  C:\Windows\System\DLrIjxy.exe
  2⤵
  PID:5464
- C:\Windows\System\GjojSEU.exe
  C:\Windows\System\GjojSEU.exe
  2⤵
  PID:5724
- C:\Windows\System\HitBVWn.exe
  C:\Windows\System\HitBVWn.exe
  2⤵
  PID:5672
- C:\Windows\System\BQxZASP.exe
  C:\Windows\System\BQxZASP.exe
  2⤵
  PID:5520
- C:\Windows\System\HWgUxCq.exe
  C:\Windows\System\HWgUxCq.exe
  2⤵
  PID:2016
- C:\Windows\System\eenJJCd.exe
  C:\Windows\System\eenJJCd.exe
  2⤵
  PID:5576
- C:\Windows\System\szpkWjQ.exe
  C:\Windows\System\szpkWjQ.exe
  2⤵
  PID:5700
- C:\Windows\System\oDFPGPw.exe
  C:\Windows\System\oDFPGPw.exe
  2⤵
  PID:5760
- C:\Windows\System\vFXwCvw.exe
  C:\Windows\System\vFXwCvw.exe
  2⤵
  PID:6056
- C:\Windows\System\Csgslte.exe
  C:\Windows\System\Csgslte.exe
  2⤵
  PID:5364
- C:\Windows\System\HGUiUsu.exe
  C:\Windows\System\HGUiUsu.exe
  2⤵
  PID:6124
- C:\Windows\System\CcjPEMJ.exe
  C:\Windows\System\CcjPEMJ.exe
  2⤵
  PID:4180
- C:\Windows\System\hmVGPCG.exe
  C:\Windows\System\hmVGPCG.exe
  2⤵
  PID:5912
- C:\Windows\System\NUgQGCp.exe
  C:\Windows\System\NUgQGCp.exe
  2⤵
  PID:4772
- C:\Windows\System\xADUtOl.exe
  C:\Windows\System\xADUtOl.exe
  2⤵
  PID:5976
- C:\Windows\System\bsnSVDC.exe
  C:\Windows\System\bsnSVDC.exe
  2⤵
  PID:4428
- C:\Windows\System\eJXzKCL.exe
  C:\Windows\System\eJXzKCL.exe
  2⤵
  PID:5328
- C:\Windows\System\XbXkkIG.exe
  C:\Windows\System\XbXkkIG.exe
  2⤵
  PID:5504
- C:\Windows\System\WIggVnU.exe
  C:\Windows\System\WIggVnU.exe
  2⤵
  PID:5924
- C:\Windows\System\nrRnOio.exe
  C:\Windows\System\nrRnOio.exe
  2⤵
  PID:5992
- C:\Windows\System\LyIBBGY.exe
  C:\Windows\System\LyIBBGY.exe
  2⤵
  PID:6044
- C:\Windows\System\dguocSW.exe
  C:\Windows\System\dguocSW.exe
  2⤵
  PID:5252
- C:\Windows\System\ucGTjZq.exe
  C:\Windows\System\ucGTjZq.exe
  2⤵
  PID:6028
- C:\Windows\System\tCHIuTF.exe
  C:\Windows\System\tCHIuTF.exe
  2⤵
  PID:5872
- C:\Windows\System\dHgKpme.exe
  C:\Windows\System\dHgKpme.exe
  2⤵
  PID:5544
- C:\Windows\System\FNfsTFB.exe
  C:\Windows\System\FNfsTFB.exe
  2⤵
  PID:5908
- C:\Windows\System\eJOkCWp.exe
  C:\Windows\System\eJOkCWp.exe
  2⤵
  PID:5400
- C:\Windows\System\jGDnRID.exe
  C:\Windows\System\jGDnRID.exe
  2⤵
  PID:5180
- C:\Windows\System\YfvGqQS.exe
  C:\Windows\System\YfvGqQS.exe
  2⤵
  PID:4212
- C:\Windows\System\xPluBcL.exe
  C:\Windows\System\xPluBcL.exe
  2⤵
  PID:6040
- C:\Windows\System\pZeSyxF.exe
  C:\Windows\System\pZeSyxF.exe
  2⤵
  PID:5884
- C:\Windows\System\bZrgOMj.exe
  C:\Windows\System\bZrgOMj.exe
  2⤵
  PID:4840
- C:\Windows\System\wtuDBlS.exe
  C:\Windows\System\wtuDBlS.exe
  2⤵
  PID:6152
- C:\Windows\System\fLdFwBG.exe
  C:\Windows\System\fLdFwBG.exe
  2⤵
  PID:6168
- C:\Windows\System\cZfstad.exe
  C:\Windows\System\cZfstad.exe
  2⤵
  PID:6184
- C:\Windows\System\dDTPGEV.exe
  C:\Windows\System\dDTPGEV.exe
  2⤵
  PID:6208
- C:\Windows\System\NrZdNMv.exe
  C:\Windows\System\NrZdNMv.exe
  2⤵
  PID:6224
- C:\Windows\System\PUPTuZM.exe
  C:\Windows\System\PUPTuZM.exe
  2⤵
  PID:6240
- C:\Windows\System\OEsQcMW.exe
  C:\Windows\System\OEsQcMW.exe
  2⤵
  PID:6256
- C:\Windows\System\usYgrnT.exe
  C:\Windows\System\usYgrnT.exe
  2⤵
  PID:6272
- C:\Windows\System\qjWeBSY.exe
  C:\Windows\System\qjWeBSY.exe
  2⤵
  PID:6292
- C:\Windows\System\PIiIDeS.exe
  C:\Windows\System\PIiIDeS.exe
  2⤵
  PID:6308
- C:\Windows\System\MvORKAT.exe
  C:\Windows\System\MvORKAT.exe
  2⤵
  PID:6324
- C:\Windows\System\JTcfcnq.exe
  C:\Windows\System\JTcfcnq.exe
  2⤵
  PID:6344
- C:\Windows\System\FlkLfxl.exe
  C:\Windows\System\FlkLfxl.exe
  2⤵
  PID:6364
- C:\Windows\System\BuhLfiP.exe
  C:\Windows\System\BuhLfiP.exe
  2⤵
  PID:6388
- C:\Windows\System\hBVPgwP.exe
  C:\Windows\System\hBVPgwP.exe
  2⤵
  PID:6404
- C:\Windows\System\QjHQXTd.exe
  C:\Windows\System\QjHQXTd.exe
  2⤵
  PID:6420
- C:\Windows\System\cCQRMez.exe
  C:\Windows\System\cCQRMez.exe
  2⤵
  PID:6440
- C:\Windows\System\gTmqmUg.exe
  C:\Windows\System\gTmqmUg.exe
  2⤵
  PID:6456
- C:\Windows\System\QAZGFdG.exe
  C:\Windows\System\QAZGFdG.exe
  2⤵
  PID:6472
- C:\Windows\System\eMHAHMo.exe
  C:\Windows\System\eMHAHMo.exe
  2⤵
  PID:6488
- C:\Windows\System\vQOpfTM.exe
  C:\Windows\System\vQOpfTM.exe
  2⤵
  PID:6504
- C:\Windows\System\FCgBeIc.exe
  C:\Windows\System\FCgBeIc.exe
  2⤵
  PID:6520
- C:\Windows\System\SwRxLnh.exe
  C:\Windows\System\SwRxLnh.exe
  2⤵
  PID:6540
- C:\Windows\System\zXcYaJA.exe
  C:\Windows\System\zXcYaJA.exe
  2⤵
  PID:6556
- C:\Windows\System\JSElBIu.exe
  C:\Windows\System\JSElBIu.exe
  2⤵
  PID:6572
- C:\Windows\System\inDnBng.exe
  C:\Windows\System\inDnBng.exe
  2⤵
  PID:6588
- C:\Windows\System\jczjaSN.exe
  C:\Windows\System\jczjaSN.exe
  2⤵
  PID:6604
- C:\Windows\System\DYWKWlx.exe
  C:\Windows\System\DYWKWlx.exe
  2⤵
  PID:6620
- C:\Windows\System\FvKnqry.exe
  C:\Windows\System\FvKnqry.exe
  2⤵
  PID:6636
- C:\Windows\System\IqSgsuO.exe
  C:\Windows\System\IqSgsuO.exe
  2⤵
  PID:6652
- C:\Windows\System\ekzXKwb.exe
  C:\Windows\System\ekzXKwb.exe
  2⤵
  PID:6668
- C:\Windows\System\UOGjudm.exe
  C:\Windows\System\UOGjudm.exe
  2⤵
  PID:6692
- C:\Windows\System\EeKiFiq.exe
  C:\Windows\System\EeKiFiq.exe
  2⤵
  PID:6712
- C:\Windows\System\hrNcFOl.exe
  C:\Windows\System\hrNcFOl.exe
  2⤵
  PID:6728
- C:\Windows\System\NhOVaeX.exe
  C:\Windows\System\NhOVaeX.exe
  2⤵
  PID:6744
- C:\Windows\System\IsvVKPc.exe
  C:\Windows\System\IsvVKPc.exe
  2⤵
  PID:6760
- C:\Windows\System\MPNxuyM.exe
  C:\Windows\System\MPNxuyM.exe
  2⤵
  PID:6776
- C:\Windows\System\YqCKtCP.exe
  C:\Windows\System\YqCKtCP.exe
  2⤵
  PID:6796
- C:\Windows\System\gJOhUKS.exe
  C:\Windows\System\gJOhUKS.exe
  2⤵
  PID:6812
- C:\Windows\System\cvGQEVn.exe
  C:\Windows\System\cvGQEVn.exe
  2⤵
  PID:6828
- C:\Windows\System\ozFfTxR.exe
  C:\Windows\System\ozFfTxR.exe
  2⤵
  PID:6844
- C:\Windows\System\IyLhPXL.exe
  C:\Windows\System\IyLhPXL.exe
  2⤵
  PID:6860
- C:\Windows\System\DjFJHMy.exe
  C:\Windows\System\DjFJHMy.exe
  2⤵
  PID:6876
- C:\Windows\System\oVTXPxo.exe
  C:\Windows\System\oVTXPxo.exe
  2⤵
  PID:6892
- C:\Windows\System\MTwtcYE.exe
  C:\Windows\System\MTwtcYE.exe
  2⤵
  PID:6908
- C:\Windows\System\zIHvlJR.exe
  C:\Windows\System\zIHvlJR.exe
  2⤵
  PID:6924
- C:\Windows\System\taPOCmz.exe
  C:\Windows\System\taPOCmz.exe
  2⤵
  PID:6940
- C:\Windows\System\KfGCESy.exe
  C:\Windows\System\KfGCESy.exe
  2⤵
  PID:6984
- C:\Windows\System\umvMZlM.exe
  C:\Windows\System\umvMZlM.exe
  2⤵
  PID:7000
- C:\Windows\System\NGaZqOp.exe
  C:\Windows\System\NGaZqOp.exe
  2⤵
  PID:7016
- C:\Windows\System\yKtEnim.exe
  C:\Windows\System\yKtEnim.exe
  2⤵
  PID:7036
- C:\Windows\System\zxOrHny.exe
  C:\Windows\System\zxOrHny.exe
  2⤵
  PID:7056
- C:\Windows\System\jDhzLex.exe
  C:\Windows\System\jDhzLex.exe
  2⤵
  PID:7072
- C:\Windows\System\mzWDFWc.exe
  C:\Windows\System\mzWDFWc.exe
  2⤵
  PID:7088
- C:\Windows\System\ySBLgEo.exe
  C:\Windows\System\ySBLgEo.exe
  2⤵
  PID:7104
- C:\Windows\System\scnBEvX.exe
  C:\Windows\System\scnBEvX.exe
  2⤵
  PID:7124
- C:\Windows\System\ussZBYo.exe
  C:\Windows\System\ussZBYo.exe
  2⤵
  PID:7140
- C:\Windows\System\eFEdnKu.exe
  C:\Windows\System\eFEdnKu.exe
  2⤵
  PID:7156
- C:\Windows\System\jzmxQsG.exe
  C:\Windows\System\jzmxQsG.exe
  2⤵
  PID:5128
- C:\Windows\System\egGhrvx.exe
  C:\Windows\System\egGhrvx.exe
  2⤵
  PID:5380
- C:\Windows\System\GlTqmjc.exe
  C:\Windows\System\GlTqmjc.exe
  2⤵
  PID:564
- C:\Windows\System\hmpVHaW.exe
  C:\Windows\System\hmpVHaW.exe
  2⤵
  PID:6180
- C:\Windows\System\pkULeoQ.exe
  C:\Windows\System\pkULeoQ.exe
  2⤵
  PID:3908
- C:\Windows\System\sgXxSza.exe
  C:\Windows\System\sgXxSza.exe
  2⤵
  PID:6284
- C:\Windows\System\BjimRVl.exe
  C:\Windows\System\BjimRVl.exe
  2⤵
  PID:5788
- C:\Windows\System\sXgsesX.exe
  C:\Windows\System\sXgsesX.exe
  2⤵
  PID:2464
- C:\Windows\System\okXLpPs.exe
  C:\Windows\System\okXLpPs.exe
  2⤵
  PID:4604
- C:\Windows\System\zTEazSH.exe
  C:\Windows\System\zTEazSH.exe
  2⤵
  PID:6164
- C:\Windows\System\WRhGySi.exe
  C:\Windows\System\WRhGySi.exe
  2⤵
  PID:6204
- C:\Windows\System\RwuQevO.exe
  C:\Windows\System\RwuQevO.exe
  2⤵
  PID:6356
- C:\Windows\System\UfPLFtI.exe
  C:\Windows\System\UfPLFtI.exe
  2⤵
  PID:6304
- C:\Windows\System\oorrcBt.exe
  C:\Windows\System\oorrcBt.exe
  2⤵
  PID:6432
- C:\Windows\System\xpvMuGa.exe
  C:\Windows\System\xpvMuGa.exe
  2⤵
  PID:6496
- C:\Windows\System\lsiOGAm.exe
  C:\Windows\System\lsiOGAm.exe
  2⤵
  PID:6340
- C:\Windows\System\sFjMFOM.exe
  C:\Windows\System\sFjMFOM.exe
  2⤵
  PID:6376
- C:\Windows\System\rfUcAYg.exe
  C:\Windows\System\rfUcAYg.exe
  2⤵
  PID:6448
- C:\Windows\System\FmxLrnO.exe
  C:\Windows\System\FmxLrnO.exe
  2⤵
  PID:6484
- C:\Windows\System\sGrkgNO.exe
  C:\Windows\System\sGrkgNO.exe
  2⤵
  PID:6548
- C:\Windows\System\ltihbAA.exe
  C:\Windows\System\ltihbAA.exe
  2⤵
  PID:6632
- C:\Windows\System\OLmhuRV.exe
  C:\Windows\System\OLmhuRV.exe
  2⤵
  PID:6664
- C:\Windows\System\cVRgZtV.exe
  C:\Windows\System\cVRgZtV.exe
  2⤵
  PID:6644
- C:\Windows\System\NPECjjS.exe
  C:\Windows\System\NPECjjS.exe
  2⤵
  PID:6772
- C:\Windows\System\BCxxRZX.exe
  C:\Windows\System\BCxxRZX.exe
  2⤵
  PID:6868
- C:\Windows\System\tXDTryL.exe
  C:\Windows\System\tXDTryL.exe
  2⤵
  PID:6904
- C:\Windows\System\fSDTFBH.exe
  C:\Windows\System\fSDTFBH.exe
  2⤵
  PID:6936
- C:\Windows\System\daoMgji.exe
  C:\Windows\System\daoMgji.exe
  2⤵
  PID:6720
- C:\Windows\System\deTdbLQ.exe
  C:\Windows\System\deTdbLQ.exe
  2⤵
  PID:6684
- C:\Windows\System\HhXPKOB.exe
  C:\Windows\System\HhXPKOB.exe
  2⤵
  PID:6996
- C:\Windows\System\VPobxzI.exe
  C:\Windows\System\VPobxzI.exe
  2⤵
  PID:6820
- C:\Windows\System\oNxMVTr.exe
  C:\Windows\System\oNxMVTr.exe
  2⤵
  PID:6884
- C:\Windows\System\vwnZJfI.exe
  C:\Windows\System\vwnZJfI.exe
  2⤵
  PID:7028
- C:\Windows\System\rlWVOOJ.exe
  C:\Windows\System\rlWVOOJ.exe
  2⤵
  PID:6960
- C:\Windows\System\ZdYhwyj.exe
  C:\Windows\System\ZdYhwyj.exe
  2⤵
  PID:6976
- C:\Windows\System\iAYtCcr.exe
  C:\Windows\System\iAYtCcr.exe
  2⤵
  PID:7100
- C:\Windows\System\aCJebeL.exe
  C:\Windows\System\aCJebeL.exe
  2⤵
  PID:7136
- C:\Windows\System\FOOBjnq.exe
  C:\Windows\System\FOOBjnq.exe
  2⤵
  PID:7012
- C:\Windows\System\GhnlhlT.exe
  C:\Windows\System\GhnlhlT.exe
  2⤵
  PID:7044
- C:\Windows\System\scsCfff.exe
  C:\Windows\System\scsCfff.exe
  2⤵
  PID:5448
- C:\Windows\System\SnIRtfk.exe
  C:\Windows\System\SnIRtfk.exe
  2⤵
  PID:7112
- C:\Windows\System\lcrKzTC.exe
  C:\Windows\System\lcrKzTC.exe
  2⤵
  PID:6196
- C:\Windows\System\tTlGMVE.exe
  C:\Windows\System\tTlGMVE.exe
  2⤵
  PID:6200
- C:\Windows\System\irhAWyv.exe
  C:\Windows\System\irhAWyv.exe
  2⤵
  PID:6248
- C:\Windows\System\FoIHSYU.exe
  C:\Windows\System\FoIHSYU.exe
  2⤵
  PID:6264
- C:\Windows\System\UevtDfB.exe
  C:\Windows\System\UevtDfB.exe
  2⤵
  PID:6396
- C:\Windows\System\CJyUbRu.exe
  C:\Windows\System\CJyUbRu.exe
  2⤵
  PID:6428
- C:\Windows\System\PNEUfsh.exe
  C:\Windows\System\PNEUfsh.exe
  2⤵
  PID:6380
- C:\Windows\System\rCmXIkE.exe
  C:\Windows\System\rCmXIkE.exe
  2⤵
  PID:6600
- C:\Windows\System\iQcilRY.exe
  C:\Windows\System\iQcilRY.exe
  2⤵
  PID:6808
- C:\Windows\System\mMviHjH.exe
  C:\Windows\System\mMviHjH.exe
  2⤵
  PID:6612
- C:\Windows\System\gTbOQNz.exe
  C:\Windows\System\gTbOQNz.exe
  2⤵
  PID:6792
- C:\Windows\System\GrENzNy.exe
  C:\Windows\System\GrENzNy.exe
  2⤵
  PID:6972
- C:\Windows\System\bNyDQmr.exe
  C:\Windows\System\bNyDQmr.exe
  2⤵
  PID:5272
- C:\Windows\System\zwRDIII.exe
  C:\Windows\System\zwRDIII.exe
  2⤵
  PID:6412
- C:\Windows\System\ZGgvCHo.exe
  C:\Windows\System\ZGgvCHo.exe
  2⤵
  PID:5808
- C:\Windows\System\VvXknqq.exe
  C:\Windows\System\VvXknqq.exe
  2⤵
  PID:4816
- C:\Windows\System\oIxVnCl.exe
  C:\Windows\System\oIxVnCl.exe
  2⤵
  PID:6648
- C:\Windows\System\DOXJumh.exe
  C:\Windows\System\DOXJumh.exe
  2⤵
  PID:6756
- C:\Windows\System\PUSlzyv.exe
  C:\Windows\System\PUSlzyv.exe
  2⤵
  PID:6856
- C:\Windows\System\DUuGclz.exe
  C:\Windows\System\DUuGclz.exe
  2⤵
  PID:7068
- C:\Windows\System\SKkKXhH.exe
  C:\Windows\System\SKkKXhH.exe
  2⤵
  PID:7008
- C:\Windows\System\lurTMYP.exe
  C:\Windows\System\lurTMYP.exe
  2⤵
  PID:6232
- C:\Windows\System\giGHlCc.exe
  C:\Windows\System\giGHlCc.exe
  2⤵
  PID:6176
- C:\Windows\System\rdGywDC.exe
  C:\Windows\System\rdGywDC.exe
  2⤵
  PID:6528
- C:\Windows\System\WeTMtcT.exe
  C:\Windows\System\WeTMtcT.exe
  2⤵
  PID:6704
- C:\Windows\System\AyEmunA.exe
  C:\Windows\System\AyEmunA.exe
  2⤵
  PID:6788
- C:\Windows\System\gExMfpK.exe
  C:\Windows\System\gExMfpK.exe
  2⤵
  PID:7084
- C:\Windows\System\VgLywyK.exe
  C:\Windows\System\VgLywyK.exe
  2⤵
  PID:7148
- C:\Windows\System\ZxDOCfL.exe
  C:\Windows\System\ZxDOCfL.exe
  2⤵
  PID:6580
- C:\Windows\System\sBAbTkI.exe
  C:\Windows\System\sBAbTkI.exe
  2⤵
  PID:6464
- C:\Windows\System\pYqhTeN.exe
  C:\Windows\System\pYqhTeN.exe
  2⤵
  PID:6468
- C:\Windows\System\PtLlnkQ.exe
  C:\Windows\System\PtLlnkQ.exe
  2⤵
  PID:6352
- C:\Windows\System\CTcOEPl.exe
  C:\Windows\System\CTcOEPl.exe
  2⤵
  PID:6736
- C:\Windows\System\uidGJQz.exe
  C:\Windows\System\uidGJQz.exe
  2⤵
  PID:7052
- C:\Windows\System\qPmxjeD.exe
  C:\Windows\System\qPmxjeD.exe
  2⤵
  PID:6992
- C:\Windows\System\XKRcaIa.exe
  C:\Windows\System\XKRcaIa.exe
  2⤵
  PID:6956
- C:\Windows\System\xJxmRUe.exe
  C:\Windows\System\xJxmRUe.exe
  2⤵
  PID:6480
- C:\Windows\System\WMiMCkn.exe
  C:\Windows\System\WMiMCkn.exe
  2⤵
  PID:6900
- C:\Windows\System\ktNZogF.exe
  C:\Windows\System\ktNZogF.exe
  2⤵
  PID:6148
- C:\Windows\System\fqkeexX.exe
  C:\Windows\System\fqkeexX.exe
  2⤵
  PID:7172
- C:\Windows\System\mwbbory.exe
  C:\Windows\System\mwbbory.exe
  2⤵
  PID:7188
- C:\Windows\System\xFhPgSE.exe
  C:\Windows\System\xFhPgSE.exe
  2⤵
  PID:7204
- C:\Windows\System\nMNZmRj.exe
  C:\Windows\System\nMNZmRj.exe
  2⤵
  PID:7220
- C:\Windows\System\vZtauqI.exe
  C:\Windows\System\vZtauqI.exe
  2⤵
  PID:7236
- C:\Windows\System\vuCVqDw.exe
  C:\Windows\System\vuCVqDw.exe
  2⤵
  PID:7292
- C:\Windows\System\WdwvhCc.exe
  C:\Windows\System\WdwvhCc.exe
  2⤵
  PID:7308
- C:\Windows\System\vHNMfVF.exe
  C:\Windows\System\vHNMfVF.exe
  2⤵
  PID:7324
- C:\Windows\System\quFbPdi.exe
  C:\Windows\System\quFbPdi.exe
  2⤵
  PID:7340
- C:\Windows\System\VuRjGnt.exe
  C:\Windows\System\VuRjGnt.exe
  2⤵
  PID:7356
- C:\Windows\System\ubFUprU.exe
  C:\Windows\System\ubFUprU.exe
  2⤵
  PID:7380
- C:\Windows\System\hFsqyNn.exe
  C:\Windows\System\hFsqyNn.exe
  2⤵
  PID:7396
- C:\Windows\System\RQHaDyv.exe
  C:\Windows\System\RQHaDyv.exe
  2⤵
  PID:7412
- C:\Windows\System\vyeNoAk.exe
  C:\Windows\System\vyeNoAk.exe
  2⤵
  PID:7432
- C:\Windows\System\atRUnhv.exe
  C:\Windows\System\atRUnhv.exe
  2⤵
  PID:7452
- C:\Windows\System\KwFrRmP.exe
  C:\Windows\System\KwFrRmP.exe
  2⤵
  PID:7468
- C:\Windows\System\nKXeJMk.exe
  C:\Windows\System\nKXeJMk.exe
  2⤵
  PID:7484
- C:\Windows\System\zFwxVmV.exe
  C:\Windows\System\zFwxVmV.exe
  2⤵
  PID:7500
- C:\Windows\System\IBHGLOu.exe
  C:\Windows\System\IBHGLOu.exe
  2⤵
  PID:7516
- C:\Windows\System\GhpmQfS.exe
  C:\Windows\System\GhpmQfS.exe
  2⤵
  PID:7536
- C:\Windows\System\bMitvfk.exe
  C:\Windows\System\bMitvfk.exe
  2⤵
  PID:7552
- C:\Windows\System\dlnuUZg.exe
  C:\Windows\System\dlnuUZg.exe
  2⤵
  PID:7568
- C:\Windows\System\ZBFuBgw.exe
  C:\Windows\System\ZBFuBgw.exe
  2⤵
  PID:7584
- C:\Windows\System\UFoqwHh.exe
  C:\Windows\System\UFoqwHh.exe
  2⤵
  PID:7600
- C:\Windows\System\KTeJtgQ.exe
  C:\Windows\System\KTeJtgQ.exe
  2⤵
  PID:7616
- C:\Windows\System\XoORXZk.exe
  C:\Windows\System\XoORXZk.exe
  2⤵
  PID:7632
- C:\Windows\System\IpNaray.exe
  C:\Windows\System\IpNaray.exe
  2⤵
  PID:7648
- C:\Windows\System\zksMjHQ.exe
  C:\Windows\System\zksMjHQ.exe
  2⤵
  PID:7664
- C:\Windows\System\PcZvSNy.exe
  C:\Windows\System\PcZvSNy.exe
  2⤵
  PID:7680
- C:\Windows\System\HPrRqmU.exe
  C:\Windows\System\HPrRqmU.exe
  2⤵
  PID:7696
- C:\Windows\System\Gpozzhw.exe
  C:\Windows\System\Gpozzhw.exe
  2⤵
  PID:7712
- C:\Windows\System\isoMvwX.exe
  C:\Windows\System\isoMvwX.exe
  2⤵
  PID:7728
- C:\Windows\System\hoHRJpc.exe
  C:\Windows\System\hoHRJpc.exe
  2⤵
  PID:7744
- C:\Windows\System\ujwhCUc.exe
  C:\Windows\System\ujwhCUc.exe
  2⤵
  PID:7760
- C:\Windows\System\mPJoSmt.exe
  C:\Windows\System\mPJoSmt.exe
  2⤵
  PID:7776
- C:\Windows\System\FoLcVFX.exe
  C:\Windows\System\FoLcVFX.exe
  2⤵
  PID:7792
- C:\Windows\System\ESxefPU.exe
  C:\Windows\System\ESxefPU.exe
  2⤵
  PID:7808
- C:\Windows\System\AVJPcGv.exe
  C:\Windows\System\AVJPcGv.exe
  2⤵
  PID:7824
- C:\Windows\System\umKEFlJ.exe
  C:\Windows\System\umKEFlJ.exe
  2⤵
  PID:7840
- C:\Windows\System\dSncCuX.exe
  C:\Windows\System\dSncCuX.exe
  2⤵
  PID:7856
- C:\Windows\System\PSBQPmc.exe
  C:\Windows\System\PSBQPmc.exe
  2⤵
  PID:7872
- C:\Windows\System\uAykmAI.exe
  C:\Windows\System\uAykmAI.exe
  2⤵
  PID:7888
- C:\Windows\System\dgAeKmT.exe
  C:\Windows\System\dgAeKmT.exe
  2⤵
  PID:7904
- C:\Windows\System\yNqzCTl.exe
  C:\Windows\System\yNqzCTl.exe
  2⤵
  PID:7920
- C:\Windows\System\tPNKDtK.exe
  C:\Windows\System\tPNKDtK.exe
  2⤵
  PID:7936
- C:\Windows\System\iixKvbt.exe
  C:\Windows\System\iixKvbt.exe
  2⤵
  PID:7952
- C:\Windows\System\kAMuejJ.exe
  C:\Windows\System\kAMuejJ.exe
  2⤵
  PID:7976
- C:\Windows\System\HPrimEO.exe
  C:\Windows\System\HPrimEO.exe
  2⤵
  PID:7996
- C:\Windows\System\jUibEWf.exe
  C:\Windows\System\jUibEWf.exe
  2⤵
  PID:8024
- C:\Windows\System\LKupujd.exe
  C:\Windows\System\LKupujd.exe
  2⤵
  PID:8040
- C:\Windows\System\xJhFUQq.exe
  C:\Windows\System\xJhFUQq.exe
  2⤵
  PID:8056
- C:\Windows\System\GsNyAkQ.exe
  C:\Windows\System\GsNyAkQ.exe
  2⤵
  PID:8072
- C:\Windows\System\LhBLGyV.exe
  C:\Windows\System\LhBLGyV.exe
  2⤵
  PID:8092
- C:\Windows\System\AJITMwW.exe
  C:\Windows\System\AJITMwW.exe
  2⤵
  PID:8108
- C:\Windows\System\sDwdwZv.exe
  C:\Windows\System\sDwdwZv.exe
  2⤵
  PID:8124
- C:\Windows\System\QeqgkjH.exe
  C:\Windows\System\QeqgkjH.exe
  2⤵
  PID:8140
- C:\Windows\System\RRXKZdH.exe
  C:\Windows\System\RRXKZdH.exe
  2⤵
  PID:8156
- C:\Windows\System\XcNbXqu.exe
  C:\Windows\System\XcNbXqu.exe
  2⤵
  PID:8172
- C:\Windows\System\VGqCEzX.exe
  C:\Windows\System\VGqCEzX.exe
  2⤵
  PID:8188
- C:\Windows\System\rJtqmtO.exe
  C:\Windows\System\rJtqmtO.exe
  2⤵
  PID:7196
- C:\Windows\System\MeAWGuM.exe
  C:\Windows\System\MeAWGuM.exe
  2⤵
  PID:7184
- C:\Windows\System\WqksLbY.exe
  C:\Windows\System\WqksLbY.exe
  2⤵
  PID:7244
- C:\Windows\System\ATLVlIt.exe
  C:\Windows\System\ATLVlIt.exe
  2⤵
  PID:7256
- C:\Windows\System\hKRLZXl.exe
  C:\Windows\System\hKRLZXl.exe
  2⤵
  PID:7272
- C:\Windows\System\dOWYsRI.exe
  C:\Windows\System\dOWYsRI.exe
  2⤵
  PID:7288
- C:\Windows\System\LdPAHNw.exe
  C:\Windows\System\LdPAHNw.exe
  2⤵
  PID:7252
- C:\Windows\System\nEiOWGt.exe
  C:\Windows\System\nEiOWGt.exe
  2⤵
  PID:7352
- C:\Windows\System\RFPdRli.exe
  C:\Windows\System\RFPdRli.exe
  2⤵
  PID:7392
- C:\Windows\System\GyuIjnB.exe
  C:\Windows\System\GyuIjnB.exe
  2⤵
  PID:7428
- C:\Windows\System\DINQXNs.exe
  C:\Windows\System\DINQXNs.exe
  2⤵
  PID:2520
- C:\Windows\System\JmepsqX.exe
  C:\Windows\System\JmepsqX.exe
  2⤵
  PID:7480
- C:\Windows\System\HDzDHOF.exe
  C:\Windows\System\HDzDHOF.exe
  2⤵
  PID:7544
- C:\Windows\System\hswkCuD.exe
  C:\Windows\System\hswkCuD.exe
  2⤵
  PID:7524
- C:\Windows\System\BCShZCg.exe
  C:\Windows\System\BCShZCg.exe
  2⤵
  PID:7560
- C:\Windows\System\gieNSmm.exe
  C:\Windows\System\gieNSmm.exe
  2⤵
  PID:7592
- C:\Windows\System\ADIraFt.exe
  C:\Windows\System\ADIraFt.exe
  2⤵
  PID:7864
- C:\Windows\System\VPpBVfW.exe
  C:\Windows\System\VPpBVfW.exe
  2⤵
  PID:7688
- C:\Windows\System\llNDLmJ.exe
  C:\Windows\System\llNDLmJ.exe
  2⤵
  PID:7752
- C:\Windows\System\kHFaxle.exe
  C:\Windows\System\kHFaxle.exe
  2⤵
  PID:7816
- C:\Windows\System\SbfkYwD.exe
  C:\Windows\System\SbfkYwD.exe
  2⤵
  PID:7880
- C:\Windows\System\SDnHaVr.exe
  C:\Windows\System\SDnHaVr.exe
  2⤵
  PID:7916
- C:\Windows\System\dzMvUNR.exe
  C:\Windows\System\dzMvUNR.exe
  2⤵
  PID:7944
- C:\Windows\System\iMevEjH.exe
  C:\Windows\System\iMevEjH.exe
  2⤵
  PID:7988
- C:\Windows\System\iIsqgjY.exe
  C:\Windows\System\iIsqgjY.exe
  2⤵
  PID:8064
- C:\Windows\System\tbNbSjB.exe
  C:\Windows\System\tbNbSjB.exe
  2⤵
  PID:8020
- C:\Windows\System\oGLzjUY.exe
  C:\Windows\System\oGLzjUY.exe
  2⤵
  PID:8100
- C:\Windows\System\NOaNUBJ.exe
  C:\Windows\System\NOaNUBJ.exe
  2⤵
  PID:8084
- C:\Windows\System\KfbrYlY.exe
  C:\Windows\System\KfbrYlY.exe
  2⤵
  PID:8152
- C:\Windows\System\iWwFbSS.exe
  C:\Windows\System\iWwFbSS.exe
  2⤵
  PID:8132
- C:\Windows\System\GeLZaCx.exe
  C:\Windows\System\GeLZaCx.exe
  2⤵
  PID:8168
- C:\Windows\System\LCOqXPq.exe
  C:\Windows\System\LCOqXPq.exe
  2⤵
  PID:7280
- C:\Windows\System\Hvvtukh.exe
  C:\Windows\System\Hvvtukh.exe
  2⤵
  PID:7476
- C:\Windows\System\eMXIRgc.exe
  C:\Windows\System\eMXIRgc.exe
  2⤵
  PID:7268
- C:\Windows\System\yHYFviq.exe
  C:\Windows\System\yHYFviq.exe
  2⤵
  PID:7388
- C:\Windows\System\Owcnpfe.exe
  C:\Windows\System\Owcnpfe.exe
  2⤵
  PID:8164
- C:\Windows\System\rHtKKOp.exe
  C:\Windows\System\rHtKKOp.exe
  2⤵
  PID:7532
- C:\Windows\System\XRgHwLy.exe
  C:\Windows\System\XRgHwLy.exe
  2⤵
  PID:7624
- C:\Windows\System\vupvSOc.exe
  C:\Windows\System\vupvSOc.exe
  2⤵
  PID:7704
- C:\Windows\System\OUsZnKF.exe
  C:\Windows\System\OUsZnKF.exe
  2⤵
  PID:7644
- C:\Windows\System\IdTLPuJ.exe
  C:\Windows\System\IdTLPuJ.exe
  2⤵
  PID:6680
- C:\Windows\System\cFvVGvj.exe
  C:\Windows\System\cFvVGvj.exe
  2⤵
  PID:7768
- C:\Windows\System\IwpKKjx.exe
  C:\Windows\System\IwpKKjx.exe
  2⤵
  PID:7832
- C:\Windows\System\BhIOecq.exe
  C:\Windows\System\BhIOecq.exe
  2⤵
  PID:8048
- C:\Windows\System\nDZJloe.exe
  C:\Windows\System\nDZJloe.exe
  2⤵
  PID:7788
- C:\Windows\System\EYfjIbI.exe
  C:\Windows\System\EYfjIbI.exe
  2⤵
  PID:7180
- C:\Windows\System\ypJBLlr.exe
  C:\Windows\System\ypJBLlr.exe
  2⤵
  PID:8080
- C:\Windows\System\vhWGUfr.exe
  C:\Windows\System\vhWGUfr.exe
  2⤵
  PID:7232
- C:\Windows\System\VXesOto.exe
  C:\Windows\System\VXesOto.exe
  2⤵
  PID:8200
- C:\Windows\System\NyLghQN.exe
  C:\Windows\System\NyLghQN.exe
  2⤵
  PID:8216
- C:\Windows\System\mUaKsCB.exe
  C:\Windows\System\mUaKsCB.exe
  2⤵
  PID:8332
- C:\Windows\System\JnHHkEY.exe
  C:\Windows\System\JnHHkEY.exe
  2⤵
  PID:8348
- C:\Windows\System\TZeEndM.exe
  C:\Windows\System\TZeEndM.exe
  2⤵
  PID:8364
- C:\Windows\System\tXGsWCn.exe
  C:\Windows\System\tXGsWCn.exe
  2⤵
  PID:8380
- C:\Windows\System\hRTwutb.exe
  C:\Windows\System\hRTwutb.exe
  2⤵
  PID:8404
- C:\Windows\System\YMigTdK.exe
  C:\Windows\System\YMigTdK.exe
  2⤵
  PID:8420
- C:\Windows\System\LfdkCcV.exe
  C:\Windows\System\LfdkCcV.exe
  2⤵
  PID:8436
- C:\Windows\System\mqBRDlA.exe
  C:\Windows\System\mqBRDlA.exe
  2⤵
  PID:8452
- C:\Windows\System\zcBAIJX.exe
  C:\Windows\System\zcBAIJX.exe
  2⤵
  PID:8468
- C:\Windows\System\MeRQVpO.exe
  C:\Windows\System\MeRQVpO.exe
  2⤵
  PID:8484
- C:\Windows\System\dgIwETy.exe
  C:\Windows\System\dgIwETy.exe
  2⤵
  PID:8504
- C:\Windows\System\unLAdQA.exe
  C:\Windows\System\unLAdQA.exe
  2⤵
  PID:8520
- C:\Windows\System\lOtemZE.exe
  C:\Windows\System\lOtemZE.exe
  2⤵
  PID:8540
- C:\Windows\System\rsuqRiQ.exe
  C:\Windows\System\rsuqRiQ.exe
  2⤵
  PID:8560
- C:\Windows\System\KVUKhJD.exe
  C:\Windows\System\KVUKhJD.exe
  2⤵
  PID:8576
- C:\Windows\System\RnWvdWS.exe
  C:\Windows\System\RnWvdWS.exe
  2⤵
  PID:8592
- C:\Windows\System\GZXdHzJ.exe
  C:\Windows\System\GZXdHzJ.exe
  2⤵
  PID:8608
- C:\Windows\System\EjbJHjD.exe
  C:\Windows\System\EjbJHjD.exe
  2⤵
  PID:8624
- C:\Windows\System\KAcJZtR.exe
  C:\Windows\System\KAcJZtR.exe
  2⤵
  PID:8640
- C:\Windows\System\eofyvVr.exe
  C:\Windows\System\eofyvVr.exe
  2⤵
  PID:8656
- C:\Windows\System\cXeyVGK.exe
  C:\Windows\System\cXeyVGK.exe
  2⤵
  PID:8672
- C:\Windows\System\lFTplWg.exe
  C:\Windows\System\lFTplWg.exe
  2⤵
  PID:8688
- C:\Windows\System\uohJCXb.exe
  C:\Windows\System\uohJCXb.exe
  2⤵
  PID:8704
- C:\Windows\System\WLSnMGO.exe
  C:\Windows\System\WLSnMGO.exe
  2⤵
  PID:8720
- C:\Windows\System\bcxUKAX.exe
  C:\Windows\System\bcxUKAX.exe
  2⤵
  PID:8740
- C:\Windows\System\lDpImpG.exe
  C:\Windows\System\lDpImpG.exe
  2⤵
  PID:8756
- C:\Windows\System\TZYLZtY.exe
  C:\Windows\System\TZYLZtY.exe
  2⤵
  PID:8772
- C:\Windows\System\gZBlyTS.exe
  C:\Windows\System\gZBlyTS.exe
  2⤵
  PID:8788
- C:\Windows\System\zfUhKET.exe
  C:\Windows\System\zfUhKET.exe
  2⤵
  PID:8804
- C:\Windows\System\NQgOkqP.exe
  C:\Windows\System\NQgOkqP.exe
  2⤵
  PID:8820
- C:\Windows\System\XXpdfYO.exe
  C:\Windows\System\XXpdfYO.exe
  2⤵
  PID:8840
- C:\Windows\System\fbdmvwV.exe
  C:\Windows\System\fbdmvwV.exe
  2⤵
  PID:8856
- C:\Windows\System\PHIJexp.exe
  C:\Windows\System\PHIJexp.exe
  2⤵
  PID:8872
- C:\Windows\System\EWvxWYQ.exe
  C:\Windows\System\EWvxWYQ.exe
  2⤵
  PID:8888
- C:\Windows\System\PwTqqoD.exe
  C:\Windows\System\PwTqqoD.exe
  2⤵
  PID:8904
- C:\Windows\System\orsXxAY.exe
  C:\Windows\System\orsXxAY.exe
  2⤵
  PID:8920
- C:\Windows\System\EVXfWXN.exe
  C:\Windows\System\EVXfWXN.exe
  2⤵
  PID:8936
- C:\Windows\System\DphItEz.exe
  C:\Windows\System\DphItEz.exe
  2⤵
  PID:8952
- C:\Windows\System\tLSGcvM.exe
  C:\Windows\System\tLSGcvM.exe
  2⤵
  PID:8972
- C:\Windows\System\EWBmtpm.exe
  C:\Windows\System\EWBmtpm.exe
  2⤵
  PID:8988
- C:\Windows\System\ymgnvHz.exe
  C:\Windows\System\ymgnvHz.exe
  2⤵
  PID:9004
- C:\Windows\System\ScBKSEK.exe
  C:\Windows\System\ScBKSEK.exe
  2⤵
  PID:9020
- C:\Windows\System\YBNGnVW.exe
  C:\Windows\System\YBNGnVW.exe
  2⤵
  PID:9036
- C:\Windows\System\AEeUttl.exe
  C:\Windows\System\AEeUttl.exe
  2⤵
  PID:9160
- C:\Windows\System\KMdnwmX.exe
  C:\Windows\System\KMdnwmX.exe
  2⤵
  PID:9176
- C:\Windows\System\hGfpkdt.exe
  C:\Windows\System\hGfpkdt.exe
  2⤵
  PID:9192
- C:\Windows\System\tJDBrGv.exe
  C:\Windows\System\tJDBrGv.exe
  2⤵
  PID:9208
- C:\Windows\System\qVoLMOi.exe
  C:\Windows\System\qVoLMOi.exe
  2⤵
  PID:2708
- C:\Windows\System\LFJBZyy.exe
  C:\Windows\System\LFJBZyy.exe
  2⤵
  PID:7960
- C:\Windows\System\sFzdrnE.exe
  C:\Windows\System\sFzdrnE.exe
  2⤵
  PID:7848
- C:\Windows\System\xsNVYXD.exe
  C:\Windows\System\xsNVYXD.exe
  2⤵
  PID:7772
- C:\Windows\System\HteIjGT.exe
  C:\Windows\System\HteIjGT.exe
  2⤵
  PID:7720
- C:\Windows\System\tSBqmeZ.exe
  C:\Windows\System\tSBqmeZ.exe
  2⤵
  PID:7316
- C:\Windows\System\uMjlEWr.exe
  C:\Windows\System\uMjlEWr.exe
  2⤵
  PID:8136
- C:\Windows\System\bXvgKHh.exe
  C:\Windows\System\bXvgKHh.exe
  2⤵
  PID:7736
- C:\Windows\System\cZPWISO.exe
  C:\Windows\System\cZPWISO.exe
  2⤵
  PID:7740
- C:\Windows\System\HCxZxNs.exe
  C:\Windows\System\HCxZxNs.exe
  2⤵
  PID:7984
- C:\Windows\System\SRxqOej.exe
  C:\Windows\System\SRxqOej.exe
  2⤵
  PID:8212
- C:\Windows\System\WZUVXol.exe
  C:\Windows\System\WZUVXol.exe
  2⤵
  PID:8244
- C:\Windows\System\JMlmPZW.exe
  C:\Windows\System\JMlmPZW.exe
  2⤵
  PID:8260
- C:\Windows\System\eqSTlUm.exe
  C:\Windows\System\eqSTlUm.exe
  2⤵
  PID:8268
- C:\Windows\System\gsErKBh.exe
  C:\Windows\System\gsErKBh.exe
  2⤵
  PID:8288
- C:\Windows\System\yFfVQrm.exe
  C:\Windows\System\yFfVQrm.exe
  2⤵
  PID:8276
- C:\Windows\System\dGGXPOg.exe
  C:\Windows\System\dGGXPOg.exe
  2⤵
  PID:8316
- C:\Windows\System\mVTpChc.exe
  C:\Windows\System\mVTpChc.exe
  2⤵
  PID:8388
- C:\Windows\System\PCsJgZH.exe
  C:\Windows\System\PCsJgZH.exe
  2⤵
  PID:8412
- C:\Windows\System\kXkXrFa.exe
  C:\Windows\System\kXkXrFa.exe
  2⤵
  PID:8444
- C:\Windows\System\KYXgJaF.exe
  C:\Windows\System\KYXgJaF.exe
  2⤵
  PID:8512
- C:\Windows\System\VGnoKqC.exe
  C:\Windows\System\VGnoKqC.exe
  2⤵
  PID:8496
- C:\Windows\System\TgLDrqJ.exe
  C:\Windows\System\TgLDrqJ.exe
  2⤵
  PID:8532
- C:\Windows\System\vsVCOps.exe
  C:\Windows\System\vsVCOps.exe
  2⤵
  PID:8556
- C:\Windows\System\RYbdzmH.exe
  C:\Windows\System\RYbdzmH.exe
  2⤵
  PID:8600
- C:\Windows\System\BZhkQin.exe
  C:\Windows\System\BZhkQin.exe
  2⤵
  PID:8648
- C:\Windows\System\OeKqoMh.exe
  C:\Windows\System\OeKqoMh.exe
  2⤵
  PID:8684
- C:\Windows\System\qvIeLFE.exe
  C:\Windows\System\qvIeLFE.exe
  2⤵
  PID:8752
- C:\Windows\System\KxnNWav.exe
  C:\Windows\System\KxnNWav.exe
  2⤵
  PID:8780
- C:\Windows\System\bwnXkNm.exe
  C:\Windows\System\bwnXkNm.exe
  2⤵
  PID:8736
- C:\Windows\System\ltjVDKo.exe
  C:\Windows\System\ltjVDKo.exe
  2⤵
  PID:8828
- C:\Windows\System\hMASmdL.exe
  C:\Windows\System\hMASmdL.exe
  2⤵
  PID:8832
- C:\Windows\System\EYCkfho.exe
  C:\Windows\System\EYCkfho.exe
  2⤵
  PID:8880
- C:\Windows\System\lHWDvDk.exe
  C:\Windows\System\lHWDvDk.exe
  2⤵
  PID:8868
- C:\Windows\System\AcUBsRl.exe
  C:\Windows\System\AcUBsRl.exe
  2⤵
  PID:8916
- C:\Windows\System\tyNatdF.exe
  C:\Windows\System\tyNatdF.exe
  2⤵
  PID:8984
- C:\Windows\System\WAIvkWp.exe
  C:\Windows\System\WAIvkWp.exe
  2⤵
  PID:9028
- C:\Windows\System\vdXqexU.exe
  C:\Windows\System\vdXqexU.exe
  2⤵
  PID:8964
- C:\Windows\System\dwMDBbx.exe
  C:\Windows\System\dwMDBbx.exe
  2⤵
  PID:9052
- C:\Windows\System\yyzZzIL.exe
  C:\Windows\System\yyzZzIL.exe
  2⤵
  PID:9064
- C:\Windows\System\fpflEFr.exe
  C:\Windows\System\fpflEFr.exe
  2⤵
  PID:9088
- C:\Windows\System\xrJThYI.exe
  C:\Windows\System\xrJThYI.exe
  2⤵
  PID:9100
- C:\Windows\System\qZTFwLO.exe
  C:\Windows\System\qZTFwLO.exe
  2⤵
  PID:9108
- C:\Windows\System\FbKGLmn.exe
  C:\Windows\System\FbKGLmn.exe
  2⤵
  PID:9132
- C:\Windows\System\GNBSHBc.exe
  C:\Windows\System\GNBSHBc.exe
  2⤵
  PID:9148
- C:\Windows\System\GwUGPVa.exe
  C:\Windows\System\GwUGPVa.exe
  2⤵
  PID:9200
- C:\Windows\System\GsmqHam.exe
  C:\Windows\System\GsmqHam.exe
  2⤵
  PID:8196
- C:\Windows\System\kRhltdp.exe
  C:\Windows\System\kRhltdp.exe
  2⤵
  PID:9156
- C:\Windows\System\KoYgkWc.exe
  C:\Windows\System\KoYgkWc.exe
  2⤵
  PID:8052
- C:\Windows\System\DzzCLhq.exe
  C:\Windows\System\DzzCLhq.exe
  2⤵
  PID:8396
- C:\Windows\System\YibaeCT.exe
  C:\Windows\System\YibaeCT.exe
  2⤵
  PID:7120
- C:\Windows\System\AkVusvz.exe
  C:\Windows\System\AkVusvz.exe
  2⤵
  PID:8284
- C:\Windows\System\BxUXACv.exe
  C:\Windows\System\BxUXACv.exe
  2⤵
  PID:7596
- C:\Windows\System\MYzcOvl.exe
  C:\Windows\System\MYzcOvl.exe
  2⤵
  PID:8148
- C:\Windows\System\IJgEwqU.exe
  C:\Windows\System\IJgEwqU.exe
  2⤵
  PID:7968
- C:\Windows\System\nDcVGYt.exe
  C:\Windows\System\nDcVGYt.exe
  2⤵
  PID:8340
- C:\Windows\System\lXUOWmP.exe
  C:\Windows\System\lXUOWmP.exe
  2⤵
  PID:2484
- C:\Windows\System\zURbDHP.exe
  C:\Windows\System\zURbDHP.exe
  2⤵
  PID:8360
- C:\Windows\System\ZCqYrCP.exe
  C:\Windows\System\ZCqYrCP.exe
  2⤵
  PID:8480
- C:\Windows\System\MIAzGhY.exe
  C:\Windows\System\MIAzGhY.exe
  2⤵
  PID:8568
- C:\Windows\System\yJhqggT.exe
  C:\Windows\System\yJhqggT.exe
  2⤵
  PID:7300
- C:\Windows\System\QaSfSUK.exe
  C:\Windows\System\QaSfSUK.exe
  2⤵
  PID:8668
- C:\Windows\System\esTcyLp.exe
  C:\Windows\System\esTcyLp.exe
  2⤵
  PID:8764
- C:\Windows\System\UlHBIVP.exe
  C:\Windows\System\UlHBIVP.exe
  2⤵
  PID:8528
- C:\Windows\System\EnLniug.exe
  C:\Windows\System\EnLniug.exe
  2⤵
  PID:8620
- C:\Windows\System\vCScpHg.exe
  C:\Windows\System\vCScpHg.exe
  2⤵
  PID:8700
- C:\Windows\System\XOjZYeK.exe
  C:\Windows\System\XOjZYeK.exe
  2⤵
  PID:8912
- C:\Windows\System\JtXWJmt.exe
  C:\Windows\System\JtXWJmt.exe
  2⤵
  PID:9044
- C:\Windows\System\LnzRIZt.exe
  C:\Windows\System\LnzRIZt.exe
  2⤵
  PID:8968
- C:\Windows\System\ovfWUVV.exe
  C:\Windows\System\ovfWUVV.exe
  2⤵
  PID:9080
- C:\Windows\System\YTuarUz.exe
  C:\Windows\System\YTuarUz.exe
  2⤵
  PID:9124
- C:\Windows\System\MZEWutw.exe
  C:\Windows\System\MZEWutw.exe
  2⤵
  PID:9188
- C:\Windows\System\uBCkyrd.exe
  C:\Windows\System\uBCkyrd.exe
  2⤵
  PID:7376
- C:\Windows\System\JaFcJvO.exe
  C:\Windows\System\JaFcJvO.exe
  2⤵
  PID:2844
- C:\Windows\System\vNzkJzV.exe
  C:\Windows\System\vNzkJzV.exe
  2⤵
  PID:9068
- C:\Windows\System\Ojyeojl.exe
  C:\Windows\System\Ojyeojl.exe
  2⤵
  PID:9120
- C:\Windows\System\kTMlzPz.exe
  C:\Windows\System\kTMlzPz.exe
  2⤵
  PID:8256
- C:\Windows\System\EjKHRWx.exe
  C:\Windows\System\EjKHRWx.exe
  2⤵
  PID:8236
- C:\Windows\System\nqxziId.exe
  C:\Windows\System\nqxziId.exe
  2⤵
  PID:8392
- C:\Windows\System\nFDaWKi.exe
  C:\Windows\System\nFDaWKi.exe
  2⤵
  PID:8796
- C:\Windows\System\LXXQXyA.exe
  C:\Windows\System\LXXQXyA.exe
  2⤵
  PID:8768
- C:\Windows\System\UNEgCBg.exe
  C:\Windows\System\UNEgCBg.exe
  2⤵
  PID:8996
- C:\Windows\System\GqvpETy.exe
  C:\Windows\System\GqvpETy.exe
  2⤵
  PID:8728
- C:\Windows\System\XKjbxXk.exe
  C:\Windows\System\XKjbxXk.exe
  2⤵
  PID:9076
- C:\Windows\System\nrTsBcN.exe
  C:\Windows\System\nrTsBcN.exe
  2⤵
  PID:9140
- C:\Windows\System\BnMOohE.exe
  C:\Windows\System\BnMOohE.exe
  2⤵
  PID:7640
- C:\Windows\System\hEkFcBt.exe
  C:\Windows\System\hEkFcBt.exe
  2⤵
  PID:7948
- C:\Windows\System\ncWoyet.exe
  C:\Windows\System\ncWoyet.exe
  2⤵
  PID:8836
- C:\Windows\System\OenKSPm.exe
  C:\Windows\System\OenKSPm.exe
  2⤵
  PID:9060
- C:\Windows\System\RJaHhdQ.exe
  C:\Windows\System\RJaHhdQ.exe
  2⤵
  PID:8376
- C:\Windows\System\pbQBvac.exe
  C:\Windows\System\pbQBvac.exe
  2⤵
  PID:8428
- C:\Windows\System\IqHekpG.exe
  C:\Windows\System\IqHekpG.exe
  2⤵
  PID:8928
- C:\Windows\System\NQPJISc.exe
  C:\Windows\System\NQPJISc.exe
  2⤵
  PID:9096
- C:\Windows\System\zTDuxRF.exe
  C:\Windows\System\zTDuxRF.exe
  2⤵
  PID:8296
- C:\Windows\System\aBogizt.exe
  C:\Windows\System\aBogizt.exe
  2⤵
  PID:8552
- C:\Windows\System\mKbOkqg.exe
  C:\Windows\System\mKbOkqg.exe
  2⤵
  PID:8116
- C:\Windows\System\EqEYIjK.exe
  C:\Windows\System\EqEYIjK.exe
  2⤵
  PID:7724
- C:\Windows\System\jnlwJFB.exe
  C:\Windows\System\jnlwJFB.exe
  2⤵
  PID:7304
- C:\Windows\System\pxkMtyH.exe
  C:\Windows\System\pxkMtyH.exe
  2⤵
  PID:7408
- C:\Windows\System\FWjwffe.exe
  C:\Windows\System\FWjwffe.exe
  2⤵
  PID:8636
- C:\Windows\System\iEeXtzk.exe
  C:\Windows\System\iEeXtzk.exe
  2⤵
  PID:9168
- C:\Windows\System\HwWHaDv.exe
  C:\Windows\System\HwWHaDv.exe
  2⤵
  PID:9220
- C:\Windows\System\FullOQQ.exe
  C:\Windows\System\FullOQQ.exe
  2⤵
  PID:9236
- C:\Windows\System\ZnFwmXg.exe
  C:\Windows\System\ZnFwmXg.exe
  2⤵
  PID:9252
- C:\Windows\System\VcXnDVU.exe
  C:\Windows\System\VcXnDVU.exe
  2⤵
  PID:9272
- C:\Windows\System\HYttSpn.exe
  C:\Windows\System\HYttSpn.exe
  2⤵
  PID:9288
- C:\Windows\System\tAurwrh.exe
  C:\Windows\System\tAurwrh.exe
  2⤵
  PID:9304
- C:\Windows\System\TNHGIDL.exe
  C:\Windows\System\TNHGIDL.exe
  2⤵
  PID:9320
- C:\Windows\System\DXZOqMz.exe
  C:\Windows\System\DXZOqMz.exe
  2⤵
  PID:9336
- C:\Windows\System\SKjFDkh.exe
  C:\Windows\System\SKjFDkh.exe
  2⤵
  PID:9352
- C:\Windows\System\tkDujvD.exe
  C:\Windows\System\tkDujvD.exe
  2⤵
  PID:9368
- C:\Windows\System\ATeOQCe.exe
  C:\Windows\System\ATeOQCe.exe
  2⤵
  PID:9384
- C:\Windows\System\bFUowcv.exe
  C:\Windows\System\bFUowcv.exe
  2⤵
  PID:9400
- C:\Windows\System\XWmvtJy.exe
  C:\Windows\System\XWmvtJy.exe
  2⤵
  PID:9416
- C:\Windows\System\ujexxib.exe
  C:\Windows\System\ujexxib.exe
  2⤵
  PID:9432
- C:\Windows\System\bWxnYkM.exe
  C:\Windows\System\bWxnYkM.exe
  2⤵
  PID:9448
- C:\Windows\System\tqxLRuE.exe
  C:\Windows\System\tqxLRuE.exe
  2⤵
  PID:9464
- C:\Windows\System\VzajCJm.exe
  C:\Windows\System\VzajCJm.exe
  2⤵
  PID:9480
- C:\Windows\System\XIXkvpk.exe
  C:\Windows\System\XIXkvpk.exe
  2⤵
  PID:9496
- C:\Windows\System\UvixlaN.exe
  C:\Windows\System\UvixlaN.exe
  2⤵
  PID:9512
- C:\Windows\System\ijNJfxM.exe
  C:\Windows\System\ijNJfxM.exe
  2⤵
  PID:9528
- C:\Windows\System\YGWadIe.exe
  C:\Windows\System\YGWadIe.exe
  2⤵
  PID:9544
- C:\Windows\System\oFuIDDR.exe
  C:\Windows\System\oFuIDDR.exe
  2⤵
  PID:9560
- C:\Windows\System\RAlyzHL.exe
  C:\Windows\System\RAlyzHL.exe
  2⤵
  PID:9576
- C:\Windows\System\rgzRtQf.exe
  C:\Windows\System\rgzRtQf.exe
  2⤵
  PID:9592
- C:\Windows\System\WZBkSho.exe
  C:\Windows\System\WZBkSho.exe
  2⤵
  PID:9608
- C:\Windows\System\XxMbiuo.exe
  C:\Windows\System\XxMbiuo.exe
  2⤵
  PID:9624
- C:\Windows\System\REWceUy.exe
  C:\Windows\System\REWceUy.exe
  2⤵
  PID:9640
- C:\Windows\System\uVYCDxb.exe
  C:\Windows\System\uVYCDxb.exe
  2⤵
  PID:9656
- C:\Windows\System\PeEGFAk.exe
  C:\Windows\System\PeEGFAk.exe
  2⤵
  PID:9672
- C:\Windows\System\PDGCPQE.exe
  C:\Windows\System\PDGCPQE.exe
  2⤵
  PID:9688
- C:\Windows\System\NCDFdcr.exe
  C:\Windows\System\NCDFdcr.exe
  2⤵
  PID:9708
- C:\Windows\System\enVuKAi.exe
  C:\Windows\System\enVuKAi.exe
  2⤵
  PID:9724
- C:\Windows\System\htvNGyS.exe
  C:\Windows\System\htvNGyS.exe
  2⤵
  PID:9740
- C:\Windows\System\BJZdbNJ.exe
  C:\Windows\System\BJZdbNJ.exe
  2⤵
  PID:9756
- C:\Windows\System\NxUrjYM.exe
  C:\Windows\System\NxUrjYM.exe
  2⤵
  PID:9772
- C:\Windows\System\BuqrybU.exe
  C:\Windows\System\BuqrybU.exe
  2⤵
  PID:9788
- C:\Windows\System\yJxjWOy.exe
  C:\Windows\System\yJxjWOy.exe
  2⤵
  PID:9804
- C:\Windows\System\OiIvnKa.exe
  C:\Windows\System\OiIvnKa.exe
  2⤵
  PID:9820
- C:\Windows\System\YmWxBZs.exe
  C:\Windows\System\YmWxBZs.exe
  2⤵
  PID:9836
- C:\Windows\System\fZSPASV.exe
  C:\Windows\System\fZSPASV.exe
  2⤵
  PID:9852
- C:\Windows\System\myzxoOY.exe
  C:\Windows\System\myzxoOY.exe
  2⤵
  PID:9868
- C:\Windows\System\amvWPLj.exe
  C:\Windows\System\amvWPLj.exe
  2⤵
  PID:9884
- C:\Windows\System\TLsCimg.exe
  C:\Windows\System\TLsCimg.exe
  2⤵
  PID:9900
- C:\Windows\System\eMfLHUj.exe
  C:\Windows\System\eMfLHUj.exe
  2⤵
  PID:9916
- C:\Windows\System\drRDyGL.exe
  C:\Windows\System\drRDyGL.exe
  2⤵
  PID:9932
- C:\Windows\System\vrcfeVl.exe
  C:\Windows\System\vrcfeVl.exe
  2⤵
  PID:9948
- C:\Windows\System\miopjfq.exe
  C:\Windows\System\miopjfq.exe
  2⤵
  PID:9964
- C:\Windows\System\HyMjTJj.exe
  C:\Windows\System\HyMjTJj.exe
  2⤵
  PID:9980
- C:\Windows\System\nUYaRbP.exe
  C:\Windows\System\nUYaRbP.exe
  2⤵
  PID:9996
- C:\Windows\System\yqFTWYo.exe
  C:\Windows\System\yqFTWYo.exe
  2⤵
  PID:10012
- C:\Windows\System\xDCJQoo.exe
  C:\Windows\System\xDCJQoo.exe
  2⤵
  PID:10028
- C:\Windows\System\pptFwpp.exe
  C:\Windows\System\pptFwpp.exe
  2⤵
  PID:10044
- C:\Windows\System\NzHbcMQ.exe
  C:\Windows\System\NzHbcMQ.exe
  2⤵
  PID:10060
- C:\Windows\System\FEMhVCQ.exe
  C:\Windows\System\FEMhVCQ.exe
  2⤵
  PID:10076
- C:\Windows\System\AaXnCZN.exe
  C:\Windows\System\AaXnCZN.exe
  2⤵
  PID:10092
- C:\Windows\System\cfYBLaP.exe
  C:\Windows\System\cfYBLaP.exe
  2⤵
  PID:10108
- C:\Windows\System\gCRixPH.exe
  C:\Windows\System\gCRixPH.exe
  2⤵
  PID:10124
- C:\Windows\System\RzpWust.exe
  C:\Windows\System\RzpWust.exe
  2⤵
  PID:10140
- C:\Windows\System\HSPRXIk.exe
  C:\Windows\System\HSPRXIk.exe
  2⤵
  PID:10156
- C:\Windows\System\RkUBVjN.exe
  C:\Windows\System\RkUBVjN.exe
  2⤵
  PID:10172
- C:\Windows\System\cLloYGA.exe
  C:\Windows\System\cLloYGA.exe
  2⤵
  PID:10188
- C:\Windows\System\ozSAoJB.exe
  C:\Windows\System\ozSAoJB.exe
  2⤵
  PID:10204
- C:\Windows\System\qWYDdVa.exe
  C:\Windows\System\qWYDdVa.exe
  2⤵
  PID:10220
- C:\Windows\System\sVgoMFu.exe
  C:\Windows\System\sVgoMFu.exe
  2⤵
  PID:10236
- C:\Windows\System\LAPGRMJ.exe
  C:\Windows\System\LAPGRMJ.exe
  2⤵
  PID:9172
- C:\Windows\System\sfmjxCy.exe
  C:\Windows\System\sfmjxCy.exe
  2⤵
  PID:8548
- C:\Windows\System\oKYbCqY.exe
  C:\Windows\System\oKYbCqY.exe
  2⤵
  PID:9296
- C:\Windows\System\RnowtRd.exe
  C:\Windows\System\RnowtRd.exe
  2⤵
  PID:9312
- C:\Windows\System\QIFQQus.exe
  C:\Windows\System\QIFQQus.exe
  2⤵
  PID:9348
- C:\Windows\System\kLEjAds.exe
  C:\Windows\System\kLEjAds.exe
  2⤵
  PID:9392
- C:\Windows\System\XcOXXCy.exe
  C:\Windows\System\XcOXXCy.exe
  2⤵
  PID:9428
- C:\Windows\System\jgqKVnN.exe
  C:\Windows\System\jgqKVnN.exe
  2⤵
  PID:9488
- C:\Windows\System\MlzyKNB.exe
  C:\Windows\System\MlzyKNB.exe
  2⤵
  PID:9520
- C:\Windows\System\IKpVUQX.exe
  C:\Windows\System\IKpVUQX.exe
  2⤵
  PID:9476
- C:\Windows\System\wWPqIEx.exe
  C:\Windows\System\wWPqIEx.exe
  2⤵
  PID:9504
- C:\Windows\System\smDFfkT.exe
  C:\Windows\System\smDFfkT.exe
  2⤵
  PID:9568
- C:\Windows\System\OkhHNKL.exe
  C:\Windows\System\OkhHNKL.exe
  2⤵
  PID:9620
- C:\Windows\System\hEmKbJu.exe
  C:\Windows\System\hEmKbJu.exe
  2⤵
  PID:9600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ArPGFDJ.exe

Filesize
1.7MB

MD5
07445dd38464d5c22a5d9ba91f5b279f

SHA1
532ba3850eac8f0d21e01b459f26bfb65e45ee3c

SHA256
4aca4238450af94b1db1178512ff630d7f58080c62524a44eb87e60468111221

SHA512
c4424cd9a165aaac347a1e05d22439f372b253b9d8d96683bb46c16f68f63fbc8c06eaba3dd11922fb81bf9192da2d56c8400949695d600d58f091692e99937d

Download Submit
C:\Windows\system\BmAdWbf.exe

Filesize
1.7MB

MD5
7c647fb5e5bfa6db40e64234af17376d

SHA1
f5b4f5dc500ff6472f599e17f450d9b2f886d6e9

SHA256
07dfccb084589612a162cd431ad9fd38bd457deb3a1a7df8048e9a638a44a513

SHA512
ae5a3205134cd2d909ed9909f726a52a85677b3a3a8ff474471a6f599b6e64fce3befa747adc52bc379633777d356d553f39bf493f06154d98c26bc2b6c39009

Download Submit
C:\Windows\system\BuOiyUK.exe

Filesize
1.7MB

MD5
8ed3d5aa56fdf9dcb03d8bb61c40e362

SHA1
cd73e8ce11358b4bf9aa462d6e69ceb0494ad8e6

SHA256
c564a2e85ebcc8247d2b57490c55041b8ddd609f10624ffb6e750c2145ae7d04

SHA512
7bae3aa5fb9ab125dfb177a417d8f409f5abac7d968010e3bcac03c1e3bf715c25e5164e79602e86d7d2f9a5215a0d395e5ed99070628460be14e07ab4e0dcf4

Download Submit
C:\Windows\system\GeoaHks.exe

Filesize
1.7MB

MD5
98110ad14e09da7d32b1779465d62722

SHA1
3dafcee034a1769562b588c09ecf5be71c7d4927

SHA256
8062802f2e90d684f1c341b8015552088a75b698a644ccfb42cb684efa1504a5

SHA512
a9297752ce1009d2e66ad90e44b8f408ca06a857a1359b238a101900e2503e07c0badd701cf2e02f0620173c30a82aa53500d9b8dfb2d1e93c25f6368f4acd97

Download Submit
C:\Windows\system\IRjaGgQ.exe

Filesize
1.7MB

MD5
4831ee0b8b6734b50be32ae31a8c7f4a

SHA1
8b26eeec3f6303a00f0582254db25ad094d98baf

SHA256
d8c14db1e8f00d9121f7433d172818738fa443347d28566e7386337682fff683

SHA512
b0aa9464779292766de3cf20bfcd5faf9833fc169aa5f72f675198bd565dc2c4e04ddcfe1a628f0dfa9b44c29be7961b71cbb3095b345f23137fa9b2afd2da31

Download Submit
C:\Windows\system\JgObmGM.exe

Filesize
1.7MB

MD5
9eb8092f71747ee7e21378fc1f5fb430

SHA1
ea42ba989a84687ac692e358d9e8bc58d4d88d75

SHA256
df447a129ed7ffac36e553ff81f5ee5c3284f0d45b1b59dac286d85093719211

SHA512
5ed2a663ad8c899def16004d81f3f242ad1e678e5a37a82ff937aefef52d261053e0f4afe68da2beb0dc21c70ed685bde3f65020cca97a37e4637b174ffebd59

Download Submit
C:\Windows\system\LDAuJUg.exe

Filesize
1.7MB

MD5
ffea56b7ab7ea143c3f7452d19cc1522

SHA1
73edb0bd9c3b768910fd4bac0d0921bf33c7dda4

SHA256
686389110d3be6262b2f21dcf0f7a61cd6077d373c68953f094c58672be22d90

SHA512
46c715257de62623f0bd61b7314bc6ad274bb84dfb23b7b5c01d8faa9b112e9cd8a5ae072a94d47b3a30c9dee8f355eab365c315bb586a7eaf63def221776e63

Download Submit
C:\Windows\system\MQeGFXB.exe

Filesize
1.7MB

MD5
8de315e6f294871cf07149b42fb193a4

SHA1
d54f6f1c6055641cd970541e5ca6a1b140239f4f

SHA256
40d16b7183c8da597589087bdf85473a2ec7dbdc6c22c6e419c082760748c06e

SHA512
072f97e2f6afd7ee2fffb30dc0d89824e37bcb1892f5e90bde1447935f2a73faab2435d4bcbad18fde8516dbf6ae6657547d2757e0f46bd77e632ec0aeda0933

Download Submit
C:\Windows\system\NYIemsW.exe

Filesize
1.7MB

MD5
36e703d1cadfbfb01e6f11c66d59dbcb

SHA1
9edfbc6fd70c8082b2db56d02a0ab0c680cf54ed

SHA256
f584f7a2ba888a05197982872f4b5deb97793dd734a7b368c59276e61fcfd0ea

SHA512
7402e49028b28107886f5b6362452926df7ce33e304f2e69cf0cf445a3b7f2452aa9afc8559334e09f182538243dff902805ce98afa35d7ada5b9afe5dcd79b8

Download Submit
C:\Windows\system\PWEiJgZ.exe

Filesize
1.7MB

MD5
c4df4ca8b6673b5d320295c744bbc393

SHA1
6faf84aa919cafb3276813e88245cca20f7951d2

SHA256
81ecaa9f94914d052874d599bb5e268ca522a0dc37e0b9d1a70013979707c3e1

SHA512
4cf72e295de2af648e3d7ea214cb85db5541d5dbeaa408ee5d83cf3f35baa271552343e7ea311dbe1fc0aa743dba04551978deb3202f6013088086612921ed9d

Download Submit
C:\Windows\system\QYTyfIN.exe

Filesize
1.7MB

MD5
f6b4802a78079d1357a811552dd46a65

SHA1
7aeec2771ddfb952c1e0d4bc5ab8d5c4df68fe62

SHA256
3b0441e092ce605b3ce7d4bd3c810fa6f7cf81a7a970fe1b84eaef17a58d1094

SHA512
da51236d8821cd24ffb44069908f044848a4ccb32a6dbe397bcb732f45c46e80346dbf23dcfb862edc3a0897fb8be25fbce68f0cc089a3a3647f067b70735bb7

Download Submit
C:\Windows\system\RZsWUwJ.exe

Filesize
1.7MB

MD5
53dcfa5e6b0a36a71bc779dfe9e94d70

SHA1
cf9240b996b937b8a82c9c230f1c3a4531f0de03

SHA256
670f5a8cb63e7ad5d90d9a90795459cf1e5ac27894ae05cb20f7408b4d55dfa6

SHA512
c47956ceb247d0d9de360a77b3b5a20aaa7149a0c610476ebed946d61587916d3a950b7af60c1b2d3c088ce91edc5c0e824dcb38c7b94b093a1463cd4e5531d4

Download Submit
C:\Windows\system\SGjJFiZ.exe

Filesize
1.7MB

MD5
a92fe128d4bd1252d0a26282cf6a378e

SHA1
efa2a59ce66b5c348672b7d408c0e38e01c7df7f

SHA256
7b69451a74f5b29ec8f0f1f4e8da3fdcf671165d9c2f9f7f072187449f4d906b

SHA512
c2f199266915ddee9acaf55b534b6fc47a640e33e2178a870705b22ea1550b4de16df9e7b6cb5fa9e710c526d33cc73401e1a455fcb1e98e4a2cf1c4c5fa6863

Download Submit
C:\Windows\system\UJYPzFK.exe

Filesize
1.7MB

MD5
42e1c2f283e9edc0899ed7234b1880f6

SHA1
139969633ee28c297f1da6e336b82d8d07bfc749

SHA256
2b84cb7fabf80848976be313d967e2e7ca3c7f88cfc5a13dc40aaa43f30a5529

SHA512
daf34eee1410a9bfa4c750fc4bd71092dd10fe67720d1ec1268f98a8230f1e07a642382b994de80e1c2d27764a21007b5d5813c1341550b0d5f29c88efe25ddd

Download Submit
C:\Windows\system\WEazyEp.exe

Filesize
1.7MB

MD5
22fc9f5958e3c936157d8d2b25f3216b

SHA1
87b6c77f0a74988b68ef422a30ddd72073e1574d

SHA256
88e2a1f419368000a3ed98c5df55ef5570d3a457dd5829600ad94657e09daff7

SHA512
dc07d86f810d586e5468ef3cff3a411fa46bc0b9b3e440f3fa4c7f080309561db55ab5c21d1f4e087be0852fb1a95486ee6ce9ce867eebaf9f2219e96ce49cca

Download Submit
C:\Windows\system\WhnSfZq.exe

Filesize
1.7MB

MD5
463136cdb6790cc624717f28c9d2876a

SHA1
abda77106b7e7cdd86f7bcd13bceeb4b7524da1e

SHA256
b42ca0c12efb886aa39957c0b7f66bec0fd912bf97249d4b508fe7b781da9c55

SHA512
d2a8eb0d8640672114238a7c9eaa17e6ff31b41659e87b9cd01c74e8acd52210dc1badcee331dc1bb7405b3c4826ac34015f09ce4325318d4d2d4dfeea27399f

Download Submit
C:\Windows\system\XGMDHoR.exe

Filesize
1.7MB

MD5
751f91d9d75dc739d498af149086dcae

SHA1
d1eaf91ef5df07821baeee755b0155c39dcd833f

SHA256
b99748229655715db7a593c0cf8074a494d7274cace3c19232388c9abcf3434e

SHA512
c99d861f52b1fa3ee0dddcdf469b4c3f1cb55bbc0c9092cd41be51ae6a03e9bef6a0114586ab849c2615099f523777e395e9cc0fc5ada0eade46521140d6396d

Download Submit
C:\Windows\system\XfXBqUG.exe

Filesize
1.7MB

MD5
77c12385636b0048ca028963cdea7df8

SHA1
35e2518403ea035b8fe81c4a6e8c1d6d770ca58e

SHA256
17876f905b18fc6590cd93ca792e14aac6bdafbb667d039519fa04f7a387c4e7

SHA512
65b4807b29dfa4144cc50a02ab70b6dd959dce9862501244e1c93380d31709e153e5599729df3e71e2339a843ed4f487230063834fe18b117ed37e59301533d2

Download Submit
C:\Windows\system\XkXgLrX.exe

Filesize
1.7MB

MD5
9ad84a2f9713528a69f58d1926a4b049

SHA1
4d68301abc881136bd36f7363de073a3b985159a

SHA256
57dda54eec8206b5baa716f8f8e5c38f6cc9b0ff1f3b093527188c8157ef3463

SHA512
9a3312276f31470919e60ba891ba03ae2e481b694488bb7d46f91bd6ad6aef40d761e620c68b28d318117d2983d3eafe6e562b9290a7e579b8e793b8bcdb2fc4

Download Submit
C:\Windows\system\aAtRwOb.exe

Filesize
1.7MB

MD5
e55de8d77c59f97b1880bbb961d0770e

SHA1
5abba7bd484be8bde0f050adeb2af6e4161f6818

SHA256
ee86f695cc1e56ecff7e117eee8f5aec7b60a4ac2cd0c46e46331862bbe3de09

SHA512
c88f0537ee92a1601caca577ae2243d631b9d4d890dcc6716a714db841a84d0dab85e456a52dc3f6434b3ac9398febfe69f308289999b2e6a1a27c202752a388

Download Submit
C:\Windows\system\bUGKccE.exe

Filesize
1.7MB

MD5
50b0868923262ae9633aab59486ea2f1

SHA1
8efe78210038d91e7b2f235dc4b211b6d1d637a0

SHA256
5c3ab35d0d7aa74d830bc3924699ca14f2d854c4cdb04d3094f5132b8c538993

SHA512
473fd16273f5207f1f18ee78b7ce629a28b01552281b2486f3cadcdd74d610bd93ca4a71e18442a71ce2319f5ac886b19ac2a424fa76db28e64e0ec85a53c78d

Download Submit
C:\Windows\system\hCABZgm.exe

Filesize
1.7MB

MD5
a40fba1c7dcb3ac734e38c3d98e25396

SHA1
5ca63e256953088d17895780e8d9bd071832efd8

SHA256
4efb22fd05bbecd2275da7dbf3b283996daa33646bb29bb0eb25f1947938c1af

SHA512
43443f7a05bdb4dcbc478792e57c999a3513e383878bb57e5006dbcbd5f3ef990525c2fe2295b8c5ab5657d3584170e62dd97d710d0aaa4f198e677dcd4adec1

Download Submit
C:\Windows\system\hTrYDOT.exe

Filesize
1.7MB

MD5
0b6128c2fb713038531a3743df518ebf

SHA1
f03a0a61ec295d638f7646bcf45f69765cbe804c

SHA256
4192c496ceef5f413e813be97a009d9e3c77debcc0674921b621952de756d623

SHA512
8f4e51d5ac5c306fd18643e8d32a022630aac3969bc39c9f565b4ebc1cf955cef935879d0caa6522ca0f89b0c109ddaae3b12cf6fcb3ce7b9879afc96e4d9c7b

Download Submit
C:\Windows\system\hfusGon.exe

Filesize
1.7MB

MD5
d8175a7b2f924e0c95ab50142c0942fd

SHA1
4d22d9e30f56b88b71c2cdade2554842126a2bde

SHA256
156b6e858ee757476b7d76024237633e8e4d24779442b3cde1e6cf548e546ab4

SHA512
43a01738cb5f5b86ea35645108ff52ae6ca804719c8f3bd80bbad4680c18f59207e215946f9827a2cb3371c09c9d5378628de9c15a4c45b3e8d7f6c8054f4543

Download Submit
C:\Windows\system\lirKQfm.exe

Filesize
1.7MB

MD5
5148735acf72ee6aa2dbc333c56eb8a3

SHA1
9805785336ed61d5e8fcba1a2007e79ce9a0e711

SHA256
3fccd2b057a224200798ae7568f3dbb6912770bb72922e8cb0948afb3a774969

SHA512
ea139e5f07939688470e624b849abef581f7b1f08e413f7b4939a7be83bdfc22304f0aec55b3df09ac41d58fcd629124baf04b33c0c587fcbcf7818d1089650a

Download Submit
C:\Windows\system\oWdPCps.exe

Filesize
1.7MB

MD5
f7c1b394e88920a70d81c3259f853949

SHA1
cab8295ee3462daf6c0069fc82b213e39a7941e4

SHA256
5d056d721c583be9fe6f89b6663677ac1750d424e0ae5508c06dc42ca625c9ef

SHA512
55b681ebdb2fd8bee3e20eaaef25b478b3a64af5aff4ee6739e048e64728bb3689d309675b9e5b084dda23af3cf8aae1661181c01fdd800e76eb87947a7c7867

Download Submit
C:\Windows\system\ppMPRtt.exe

Filesize
1.7MB

MD5
b5f755a16a16a7728b55548da370de9a

SHA1
b20b134b6eb3080f81d52caf93cb130a74a83b4f

SHA256
b03982b978337a9317d8f171324cf99352a1f5bb6da0cd786350f05c3daa30c2

SHA512
9e7e9d0c4e5f39cc8816e4a4a5f494acd2b59f2c020fe6c01d6925ef97ff32e5b6b3e4d94f3c0dabc25816f01508b960d1191b2acdbf16d48b9f801b1ae3ce85

Download Submit
C:\Windows\system\rUWjexb.exe

Filesize
1.7MB

MD5
c4c02f776223c5783c2d265f1935f4ab

SHA1
7b5379a1e4353c730cb5b97316b22cb950a9c16c

SHA256
cb17f452cafa1ceae24b78698b5a4113f3ae4f00c6099a2d12740dd853afb61a

SHA512
228023aea110302be6202753b1f4fb1e56ef6626c840b70b4600203efbf3fa2e4e5e5bd2af2ef4ecd473b8ee5e98042ba04f240c5794b94155c837eef8c9c8b2

Download Submit
C:\Windows\system\uihivLA.exe

Filesize
1.7MB

MD5
a37d50639d713e3677838b5e2ddd8791

SHA1
7244266b0b914649dff41948ee5aafca6be3a2a0

SHA256
dae24a0592fe0aa0fe7d48957d527750255645153ddc002759b40a8bde2de4f5

SHA512
d623f110d3529b3b0dcb39cd820a2deb5ecd6383554048ba20c2fefe421fdd8ce00e73092510eaca5a0c459929592f497f4abebefa1abcdd3b0d38f36e63558c

Download Submit
C:\Windows\system\vurjyrs.exe

Filesize
1.7MB

MD5
775b3cefaba0410fe37b501025a834e7

SHA1
c3f38d12ce70782fff926d8dc25adff62edeaff2

SHA256
6ad802ae7a394d2232cef346c3b833f28129628b7b68ceaffe5911b1f8c7ded4

SHA512
d2f53d7727362d836f0278c6c212361c58e4a82a68eaf54db3d69d4ff548422dfc94b7b7459e43db6d71139dc200abb8446dc6b6d37d887d27c88a2703aeb83c

Download Submit
\Windows\system\RpIdNxA.exe

Filesize
1.7MB

MD5
855ced8052d4b7d799b40b7c70022ec5

SHA1
47560bb38c842c64336b646f353dcb5c47b02680

SHA256
3fa815201c8994388dd2e335276874462481f9758a62f61357d8508400c1f3e9

SHA512
897b6d26515c874fd1ade91d12e68d0d2b3901fa55660acc44027105510cd035f51f93d6ce471a1d34ea46f91e0dfee2e73ba2b8a064f11f3149d9fb8aabe8dc

Download Submit
\Windows\system\fLajzhE.exe

Filesize
1.7MB

MD5
ddb1f7d482f6c4b731c8d400fbf8bc6e

SHA1
14aab715a8dc947977b1a509306244cdfdcabc9f

SHA256
73bdf76de63109163100127e46923928431f09c1771432110f14f9f67eff6679

SHA512
caef87d702c5928d9b0b2c1119941b321837715c6dd184f791062c7d013ff4ee54ef37fe9c3bcd86a9d9c981f122305007c05e021f30d8117f1a4d141da63bdd

Download Submit
memory/1016-4682-0x000000013FCD0000-0x00000001400C2000-memory.dmp

Filesize
3.9MB

Download
memory/1016-4140-0x000000013FCD0000-0x00000001400C2000-memory.dmp

Filesize
3.9MB

Download
memory/1016-57-0x000000013FCD0000-0x00000001400C2000-memory.dmp

Filesize
3.9MB

Download
memory/1116-81-0x000000013F6E0000-0x000000013FAD2000-memory.dmp

Filesize
3.9MB

Download
memory/1116-4710-0x000000013F6E0000-0x000000013FAD2000-memory.dmp

Filesize
3.9MB

Download
memory/2344-4166-0x000000013FDD0000-0x00000001401C2000-memory.dmp

Filesize
3.9MB

Download
memory/2344-29-0x000000013FDD0000-0x00000001401C2000-memory.dmp

Filesize
3.9MB

Download
memory/2544-1445-0x000000013F260000-0x000000013F652000-memory.dmp

Filesize
3.9MB

Download
memory/2544-4686-0x000000013F260000-0x000000013F652000-memory.dmp

Filesize
3.9MB

Download
memory/2544-46-0x000000013F260000-0x000000013F652000-memory.dmp

Filesize
3.9MB

Download
memory/2608-1044-0x000000001B6D0000-0x000000001B9B2000-memory.dmp

Filesize
2.9MB

Download
memory/2608-1363-0x0000000001E90000-0x0000000001E98000-memory.dmp

Filesize
32KB

Download
memory/2692-4167-0x000000013FB70000-0x000000013FF62000-memory.dmp

Filesize
3.9MB

Download
memory/2692-22-0x000000013FB70000-0x000000013FF62000-memory.dmp

Filesize
3.9MB

Download
memory/2700-1222-0x000000013FAE0000-0x000000013FED2000-memory.dmp

Filesize
3.9MB

Download
memory/2700-40-0x000000013FAE0000-0x000000013FED2000-memory.dmp

Filesize
3.9MB

Download
memory/2700-4677-0x000000013FAE0000-0x000000013FED2000-memory.dmp

Filesize
3.9MB

Download
memory/2724-4687-0x000000013FB00000-0x000000013FEF2000-memory.dmp

Filesize
3.9MB

Download
memory/2724-4658-0x000000013FB00000-0x000000013FEF2000-memory.dmp

Filesize
3.9MB

Download
memory/2724-63-0x000000013FB00000-0x000000013FEF2000-memory.dmp

Filesize
3.9MB

Download
memory/2748-25-0x000000013F930000-0x000000013FD22000-memory.dmp

Filesize
3.9MB

Download
memory/2764-28-0x000000013FDD0000-0x00000001401C2000-memory.dmp

Filesize
3.9MB

Download
memory/2764-37-0x000000013F9C0000-0x000000013FDB2000-memory.dmp

Filesize
3.9MB

Download
memory/2764-74-0x000000013F580000-0x000000013F972000-memory.dmp

Filesize
3.9MB

Download
memory/2764-18-0x000000013FB70000-0x000000013FF62000-memory.dmp

Filesize
3.9MB

Download
memory/2764-68-0x000000013F0C0000-0x000000013F4B2000-memory.dmp

Filesize
3.9MB

Download
memory/2764-1-0x000000013F580000-0x000000013F972000-memory.dmp

Filesize
3.9MB

Download
memory/2764-75-0x000000013FF20000-0x0000000140312000-memory.dmp

Filesize
3.9MB

Download
memory/2764-36-0x000000013FAE0000-0x000000013FED2000-memory.dmp

Filesize
3.9MB

Download
memory/2764-1444-0x0000000003810000-0x0000000003C02000-memory.dmp

Filesize
3.9MB

Download
memory/2764-0-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2764-2141-0x0000000003810000-0x0000000003C02000-memory.dmp

Filesize
3.9MB

Download
memory/2764-23-0x00000000030D0000-0x00000000034C2000-memory.dmp

Filesize
3.9MB

Download
memory/2764-62-0x000000013FB00000-0x000000013FEF2000-memory.dmp

Filesize
3.9MB

Download
memory/2764-45-0x0000000003810000-0x0000000003C02000-memory.dmp

Filesize
3.9MB

Download
memory/2764-51-0x0000000003810000-0x0000000003C02000-memory.dmp

Filesize
3.9MB

Download
memory/2796-69-0x000000013F0C0000-0x000000013F4B2000-memory.dmp

Filesize
3.9MB

Download
memory/2796-4674-0x000000013F0C0000-0x000000013F4B2000-memory.dmp

Filesize
3.9MB

Download
memory/2796-4700-0x000000013F0C0000-0x000000013F4B2000-memory.dmp

Filesize
3.9MB

Download
memory/2800-38-0x000000013F9C0000-0x000000013FDB2000-memory.dmp

Filesize
3.9MB

Download
memory/2800-4175-0x000000013F9C0000-0x000000013FDB2000-memory.dmp

Filesize
3.9MB

Download
memory/2924-4684-0x000000013FF20000-0x0000000140312000-memory.dmp

Filesize
3.9MB

Download
memory/2924-76-0x000000013FF20000-0x0000000140312000-memory.dmp

Filesize
3.9MB

Download
memory/3024-52-0x000000013F830000-0x000000013FC22000-memory.dmp

Filesize
3.9MB

Download
memory/3024-4680-0x000000013F830000-0x000000013FC22000-memory.dmp

Filesize
3.9MB

Download
memory/3024-2142-0x000000013F830000-0x000000013FC22000-memory.dmp

Filesize
3.9MB

Download