xmrig | 86460637503de8a8e9bce05779c24dfebd069abe5bf3ae54f374c1fb37de3a95

Analysis

max time kernel
144s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/02/2024, 07:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

HEUR-Trojan.Win32.exe
Size

1.8MB
MD5

f9c69440c9da179fbdc774992e4d3c11
SHA1

19254469477cc40afbff32057e798ed91805464d
SHA256

86460637503de8a8e9bce05779c24dfebd069abe5bf3ae54f374c1fb37de3a95
SHA512

1c5e9b672e88184cdde134c5db69a2b8bddc9b0410a645e3191ef9e0653005a2c44a7327ee881f5b6418f6c77083a1b8f03bedabf95e9b4b79f67854cbc5365b
SSDEEP

49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pCkcBUF:NABF

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 56 IoCs

resource	yara_rule
behavioral2/memory/5096-162-0x00007FF7E3520000-0x00007FF7E3912000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4828-216-0x00007FF605BB0000-0x00007FF605FA2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1748-227-0x00007FF68E100000-0x00007FF68E4F2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1700-233-0x00007FF70CC50000-0x00007FF70D042000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4520-286-0x00007FF72BAF0000-0x00007FF72BEE2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3176-290-0x00007FF6E8FF0000-0x00007FF6E93E2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2584-300-0x00007FF6F6C00000-0x00007FF6F6FF2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/880-307-0x00007FF678540000-0x00007FF678932000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4592-312-0x00007FF79A750000-0x00007FF79AB42000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1936-318-0x00007FF76B7F0000-0x00007FF76BBE2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3992-321-0x00007FF668D70000-0x00007FF669162000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2388-327-0x00007FF6A76D0000-0x00007FF6A7AC2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1648-330-0x00007FF641740000-0x00007FF641B32000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/836-328-0x00007FF610750000-0x00007FF610B42000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4912-326-0x00007FF7E37D0000-0x00007FF7E3BC2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5184-325-0x00007FF72F750000-0x00007FF72FB42000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5164-324-0x00007FF7DBD00000-0x00007FF7DC0F2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5136-323-0x00007FF6BCA50000-0x00007FF6BCE42000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/440-322-0x00007FF649810000-0x00007FF649C02000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3116-320-0x00007FF787C50000-0x00007FF788042000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4128-319-0x00007FF7BA3A0000-0x00007FF7BA792000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5056-317-0x00007FF7C0930000-0x00007FF7C0D22000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3056-316-0x00007FF791B50000-0x00007FF791F42000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5052-315-0x00007FF6DBEC0000-0x00007FF6DC2B2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4864-314-0x00007FF63C640000-0x00007FF63CA32000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1416-313-0x00007FF792A30000-0x00007FF792E22000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4440-311-0x00007FF64D0F0000-0x00007FF64D4E2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4332-310-0x00007FF6C8C70000-0x00007FF6C9062000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1620-309-0x00007FF6EA250000-0x00007FF6EA642000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4652-308-0x00007FF7363C0000-0x00007FF7367B2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1692-306-0x00007FF6731B0000-0x00007FF6735A2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/696-305-0x00007FF7C0690000-0x00007FF7C0A82000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/380-304-0x00007FF665B10000-0x00007FF665F02000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/572-303-0x00007FF73BFF0000-0x00007FF73C3E2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4780-302-0x00007FF6A61D0000-0x00007FF6A65C2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2324-301-0x00007FF734F40000-0x00007FF735332000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4716-299-0x00007FF71D2E0000-0x00007FF71D6D2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1708-298-0x00007FF7A6990000-0x00007FF7A6D82000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2588-297-0x00007FF725190000-0x00007FF725582000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4264-296-0x00007FF7E28F0000-0x00007FF7E2CE2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1112-295-0x00007FF60C630000-0x00007FF60CA22000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4992-294-0x00007FF6FA360000-0x00007FF6FA752000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2264-280-0x00007FF7E1670000-0x00007FF7E1A62000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/452-232-0x00007FF6FF4A0000-0x00007FF6FF892000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3448-231-0x00007FF6F6FB0000-0x00007FF6F73A2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4824-230-0x00007FF77CE80000-0x00007FF77D272000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4232-229-0x00007FF6C0AB0000-0x00007FF6C0EA2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2308-228-0x00007FF715B50000-0x00007FF715F42000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4572-226-0x00007FF6A4620000-0x00007FF6A4A12000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1284-225-0x00007FF657740000-0x00007FF657B32000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3824-224-0x00007FF7364B0000-0x00007FF7368A2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3668-223-0x00007FF7490A0000-0x00007FF749492000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2900-130-0x00007FF674150000-0x00007FF674542000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2912-95-0x00007FF695E00000-0x00007FF6961F2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5080-87-0x00007FF7CF330000-0x00007FF7CF722000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2052-81-0x00007FF626140000-0x00007FF626532000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/760-0-0x00007FF7636D0000-0x00007FF763AC2000-memory.dmp	UPX
behavioral2/files/0x0008000000023238-7.dat	UPX
behavioral2/files/0x000700000002323c-25.dat	UPX
behavioral2/files/0x000700000002323f-43.dat	UPX
behavioral2/files/0x0007000000023243-55.dat	UPX
behavioral2/memory/3744-56-0x00007FF7DAC80000-0x00007FF7DB072000-memory.dmp	UPX
behavioral2/files/0x0007000000023245-83.dat	UPX
behavioral2/files/0x0007000000023246-90.dat	UPX
behavioral2/files/0x0007000000023249-107.dat	UPX
behavioral2/files/0x0007000000023251-127.dat	UPX
behavioral2/files/0x0007000000023256-150.dat	UPX
behavioral2/memory/5096-162-0x00007FF7E3520000-0x00007FF7E3912000-memory.dmp	UPX
behavioral2/files/0x000700000002325c-187.dat	UPX
behavioral2/memory/4828-216-0x00007FF605BB0000-0x00007FF605FA2000-memory.dmp	UPX
behavioral2/files/0x0007000000023259-184.dat	UPX
behavioral2/memory/1748-227-0x00007FF68E100000-0x00007FF68E4F2000-memory.dmp	UPX
behavioral2/memory/1700-233-0x00007FF70CC50000-0x00007FF70D042000-memory.dmp	UPX
behavioral2/memory/4520-286-0x00007FF72BAF0000-0x00007FF72BEE2000-memory.dmp	UPX
behavioral2/memory/3176-290-0x00007FF6E8FF0000-0x00007FF6E93E2000-memory.dmp	UPX
behavioral2/memory/2584-300-0x00007FF6F6C00000-0x00007FF6F6FF2000-memory.dmp	UPX
behavioral2/memory/880-307-0x00007FF678540000-0x00007FF678932000-memory.dmp	UPX
behavioral2/memory/4592-312-0x00007FF79A750000-0x00007FF79AB42000-memory.dmp	UPX
behavioral2/memory/1936-318-0x00007FF76B7F0000-0x00007FF76BBE2000-memory.dmp	UPX
behavioral2/memory/3992-321-0x00007FF668D70000-0x00007FF669162000-memory.dmp	UPX
behavioral2/memory/2388-327-0x00007FF6A76D0000-0x00007FF6A7AC2000-memory.dmp	UPX
behavioral2/memory/1648-330-0x00007FF641740000-0x00007FF641B32000-memory.dmp	UPX
behavioral2/memory/836-328-0x00007FF610750000-0x00007FF610B42000-memory.dmp	UPX
behavioral2/memory/4912-326-0x00007FF7E37D0000-0x00007FF7E3BC2000-memory.dmp	UPX
behavioral2/memory/5184-325-0x00007FF72F750000-0x00007FF72FB42000-memory.dmp	UPX
behavioral2/memory/5164-324-0x00007FF7DBD00000-0x00007FF7DC0F2000-memory.dmp	UPX
behavioral2/memory/5136-323-0x00007FF6BCA50000-0x00007FF6BCE42000-memory.dmp	UPX
behavioral2/memory/440-322-0x00007FF649810000-0x00007FF649C02000-memory.dmp	UPX
behavioral2/memory/3116-320-0x00007FF787C50000-0x00007FF788042000-memory.dmp	UPX
behavioral2/memory/4128-319-0x00007FF7BA3A0000-0x00007FF7BA792000-memory.dmp	UPX
behavioral2/memory/5056-317-0x00007FF7C0930000-0x00007FF7C0D22000-memory.dmp	UPX
behavioral2/memory/3056-316-0x00007FF791B50000-0x00007FF791F42000-memory.dmp	UPX
behavioral2/memory/5052-315-0x00007FF6DBEC0000-0x00007FF6DC2B2000-memory.dmp	UPX
behavioral2/memory/4864-314-0x00007FF63C640000-0x00007FF63CA32000-memory.dmp	UPX
behavioral2/memory/1416-313-0x00007FF792A30000-0x00007FF792E22000-memory.dmp	UPX
behavioral2/memory/4440-311-0x00007FF64D0F0000-0x00007FF64D4E2000-memory.dmp	UPX
behavioral2/memory/4332-310-0x00007FF6C8C70000-0x00007FF6C9062000-memory.dmp	UPX
behavioral2/memory/1620-309-0x00007FF6EA250000-0x00007FF6EA642000-memory.dmp	UPX
behavioral2/memory/4652-308-0x00007FF7363C0000-0x00007FF7367B2000-memory.dmp	UPX
behavioral2/memory/1692-306-0x00007FF6731B0000-0x00007FF6735A2000-memory.dmp	UPX
behavioral2/memory/696-305-0x00007FF7C0690000-0x00007FF7C0A82000-memory.dmp	UPX
behavioral2/memory/380-304-0x00007FF665B10000-0x00007FF665F02000-memory.dmp	UPX
behavioral2/memory/572-303-0x00007FF73BFF0000-0x00007FF73C3E2000-memory.dmp	UPX
behavioral2/memory/4780-302-0x00007FF6A61D0000-0x00007FF6A65C2000-memory.dmp	UPX
behavioral2/memory/2324-301-0x00007FF734F40000-0x00007FF735332000-memory.dmp	UPX
behavioral2/memory/4716-299-0x00007FF71D2E0000-0x00007FF71D6D2000-memory.dmp	UPX
behavioral2/memory/1708-298-0x00007FF7A6990000-0x00007FF7A6D82000-memory.dmp	UPX
behavioral2/memory/2588-297-0x00007FF725190000-0x00007FF725582000-memory.dmp	UPX
behavioral2/memory/4264-296-0x00007FF7E28F0000-0x00007FF7E2CE2000-memory.dmp	UPX
behavioral2/memory/1112-295-0x00007FF60C630000-0x00007FF60CA22000-memory.dmp	UPX
behavioral2/memory/4992-294-0x00007FF6FA360000-0x00007FF6FA752000-memory.dmp	UPX
behavioral2/memory/2264-280-0x00007FF7E1670000-0x00007FF7E1A62000-memory.dmp	UPX
behavioral2/memory/452-232-0x00007FF6FF4A0000-0x00007FF6FF892000-memory.dmp	UPX
behavioral2/memory/3448-231-0x00007FF6F6FB0000-0x00007FF6F73A2000-memory.dmp	UPX
behavioral2/memory/4824-230-0x00007FF77CE80000-0x00007FF77D272000-memory.dmp	UPX
behavioral2/memory/4232-229-0x00007FF6C0AB0000-0x00007FF6C0EA2000-memory.dmp	UPX
behavioral2/memory/2308-228-0x00007FF715B50000-0x00007FF715F42000-memory.dmp	UPX
behavioral2/memory/4572-226-0x00007FF6A4620000-0x00007FF6A4A12000-memory.dmp	UPX
behavioral2/memory/1284-225-0x00007FF657740000-0x00007FF657B32000-memory.dmp	UPX
behavioral2/memory/3824-224-0x00007FF7364B0000-0x00007FF7368A2000-memory.dmp	UPX

XMRig Miner payload 56 IoCs

miner

resource	yara_rule
behavioral2/memory/5096-162-0x00007FF7E3520000-0x00007FF7E3912000-memory.dmp	xmrig
behavioral2/memory/4828-216-0x00007FF605BB0000-0x00007FF605FA2000-memory.dmp	xmrig
behavioral2/memory/1748-227-0x00007FF68E100000-0x00007FF68E4F2000-memory.dmp	xmrig
behavioral2/memory/1700-233-0x00007FF70CC50000-0x00007FF70D042000-memory.dmp	xmrig
behavioral2/memory/4520-286-0x00007FF72BAF0000-0x00007FF72BEE2000-memory.dmp	xmrig
behavioral2/memory/3176-290-0x00007FF6E8FF0000-0x00007FF6E93E2000-memory.dmp	xmrig
behavioral2/memory/2584-300-0x00007FF6F6C00000-0x00007FF6F6FF2000-memory.dmp	xmrig
behavioral2/memory/880-307-0x00007FF678540000-0x00007FF678932000-memory.dmp	xmrig
behavioral2/memory/4592-312-0x00007FF79A750000-0x00007FF79AB42000-memory.dmp	xmrig
behavioral2/memory/1936-318-0x00007FF76B7F0000-0x00007FF76BBE2000-memory.dmp	xmrig
behavioral2/memory/3992-321-0x00007FF668D70000-0x00007FF669162000-memory.dmp	xmrig
behavioral2/memory/2388-327-0x00007FF6A76D0000-0x00007FF6A7AC2000-memory.dmp	xmrig
behavioral2/memory/1648-330-0x00007FF641740000-0x00007FF641B32000-memory.dmp	xmrig
behavioral2/memory/836-328-0x00007FF610750000-0x00007FF610B42000-memory.dmp	xmrig
behavioral2/memory/4912-326-0x00007FF7E37D0000-0x00007FF7E3BC2000-memory.dmp	xmrig
behavioral2/memory/5184-325-0x00007FF72F750000-0x00007FF72FB42000-memory.dmp	xmrig
behavioral2/memory/5164-324-0x00007FF7DBD00000-0x00007FF7DC0F2000-memory.dmp	xmrig
behavioral2/memory/5136-323-0x00007FF6BCA50000-0x00007FF6BCE42000-memory.dmp	xmrig
behavioral2/memory/440-322-0x00007FF649810000-0x00007FF649C02000-memory.dmp	xmrig
behavioral2/memory/3116-320-0x00007FF787C50000-0x00007FF788042000-memory.dmp	xmrig
behavioral2/memory/4128-319-0x00007FF7BA3A0000-0x00007FF7BA792000-memory.dmp	xmrig
behavioral2/memory/5056-317-0x00007FF7C0930000-0x00007FF7C0D22000-memory.dmp	xmrig
behavioral2/memory/3056-316-0x00007FF791B50000-0x00007FF791F42000-memory.dmp	xmrig
behavioral2/memory/5052-315-0x00007FF6DBEC0000-0x00007FF6DC2B2000-memory.dmp	xmrig
behavioral2/memory/4864-314-0x00007FF63C640000-0x00007FF63CA32000-memory.dmp	xmrig
behavioral2/memory/1416-313-0x00007FF792A30000-0x00007FF792E22000-memory.dmp	xmrig
behavioral2/memory/4440-311-0x00007FF64D0F0000-0x00007FF64D4E2000-memory.dmp	xmrig
behavioral2/memory/4332-310-0x00007FF6C8C70000-0x00007FF6C9062000-memory.dmp	xmrig
behavioral2/memory/1620-309-0x00007FF6EA250000-0x00007FF6EA642000-memory.dmp	xmrig
behavioral2/memory/4652-308-0x00007FF7363C0000-0x00007FF7367B2000-memory.dmp	xmrig
behavioral2/memory/1692-306-0x00007FF6731B0000-0x00007FF6735A2000-memory.dmp	xmrig
behavioral2/memory/696-305-0x00007FF7C0690000-0x00007FF7C0A82000-memory.dmp	xmrig
behavioral2/memory/380-304-0x00007FF665B10000-0x00007FF665F02000-memory.dmp	xmrig
behavioral2/memory/572-303-0x00007FF73BFF0000-0x00007FF73C3E2000-memory.dmp	xmrig
behavioral2/memory/4780-302-0x00007FF6A61D0000-0x00007FF6A65C2000-memory.dmp	xmrig
behavioral2/memory/2324-301-0x00007FF734F40000-0x00007FF735332000-memory.dmp	xmrig
behavioral2/memory/4716-299-0x00007FF71D2E0000-0x00007FF71D6D2000-memory.dmp	xmrig
behavioral2/memory/1708-298-0x00007FF7A6990000-0x00007FF7A6D82000-memory.dmp	xmrig
behavioral2/memory/2588-297-0x00007FF725190000-0x00007FF725582000-memory.dmp	xmrig
behavioral2/memory/4264-296-0x00007FF7E28F0000-0x00007FF7E2CE2000-memory.dmp	xmrig
behavioral2/memory/1112-295-0x00007FF60C630000-0x00007FF60CA22000-memory.dmp	xmrig
behavioral2/memory/4992-294-0x00007FF6FA360000-0x00007FF6FA752000-memory.dmp	xmrig
behavioral2/memory/2264-280-0x00007FF7E1670000-0x00007FF7E1A62000-memory.dmp	xmrig
behavioral2/memory/452-232-0x00007FF6FF4A0000-0x00007FF6FF892000-memory.dmp	xmrig
behavioral2/memory/3448-231-0x00007FF6F6FB0000-0x00007FF6F73A2000-memory.dmp	xmrig
behavioral2/memory/4824-230-0x00007FF77CE80000-0x00007FF77D272000-memory.dmp	xmrig
behavioral2/memory/4232-229-0x00007FF6C0AB0000-0x00007FF6C0EA2000-memory.dmp	xmrig
behavioral2/memory/2308-228-0x00007FF715B50000-0x00007FF715F42000-memory.dmp	xmrig
behavioral2/memory/4572-226-0x00007FF6A4620000-0x00007FF6A4A12000-memory.dmp	xmrig
behavioral2/memory/1284-225-0x00007FF657740000-0x00007FF657B32000-memory.dmp	xmrig
behavioral2/memory/3824-224-0x00007FF7364B0000-0x00007FF7368A2000-memory.dmp	xmrig
behavioral2/memory/3668-223-0x00007FF7490A0000-0x00007FF749492000-memory.dmp	xmrig
behavioral2/memory/2900-130-0x00007FF674150000-0x00007FF674542000-memory.dmp	xmrig
behavioral2/memory/2912-95-0x00007FF695E00000-0x00007FF6961F2000-memory.dmp	xmrig
behavioral2/memory/5080-87-0x00007FF7CF330000-0x00007FF7CF722000-memory.dmp	xmrig
behavioral2/memory/2052-81-0x00007FF626140000-0x00007FF626532000-memory.dmp	xmrig

Blocklisted process makes network request 7 IoCs

flow	pid	Process
8	736	powershell.exe
10	736	powershell.exe
12	736	powershell.exe
13	736	powershell.exe
15	736	powershell.exe
16	736	powershell.exe
18	736	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
3620	LwXajns.exe
3160	wYwQLBs.exe
4912	lSPYAZc.exe
3988	EpZuFvL.exe
2388	QSmMYbP.exe
3744	AhmFeYx.exe
2052	EmOQdeE.exe
5080	CZNMsdl.exe
2912	jriBKZp.exe
836	clGRmLS.exe
2900	uhprycI.exe
5096	TKzzHqb.exe
4828	NvWerZk.exe
3668	aUuhTyx.exe
3824	rSsxaIF.exe
1284	BEVaqrF.exe
4572	xOWKrIo.exe
1648	YfXFqtT.exe
1748	SWYuhFV.exe
3896	ZVRkdsO.exe
2308	TlDImxW.exe
4232	XxGsluI.exe
4824	UYfoTxH.exe
3448	tCTIcuQ.exe
452	vVSGtdw.exe
1700	oFdHcDK.exe
2264	iaXlwMd.exe
4520	sxXzDtm.exe
3176	qEzEwCg.exe
4992	itYvDym.exe
1112	cTkmrJN.exe
4264	JqgMgmG.exe
1116	CJednrj.exe
2588	nwsOafZ.exe
1708	jTuuVdy.exe
4716	bZAQUjX.exe
2584	CgzUnWf.exe
2324	pkzcDBA.exe
4780	PatfAVO.exe
2792	oizZNMr.exe
572	VELLMja.exe
380	mSBmhIT.exe
696	BTVyDYo.exe
1692	IrWqRQc.exe
880	MRzHXgX.exe
4652	OxaVfRv.exe
1620	kgcauRU.exe
4332	hFfjTtt.exe
4440	aJTjbzI.exe
4592	mapaqVp.exe
1416	Ynzreqp.exe
4864	xRBLCWJ.exe
5052	wFmQAmU.exe
3056	ICUZeXn.exe
5104	MRNzVYD.exe
5056	wcqGLrj.exe
1936	bjtxvdb.exe
4128	QuGueFo.exe
3116	NCYGoxx.exe
3992	lGDhgMj.exe
440	qwVIbOi.exe
5136	FOuLeCt.exe
5164	bHqEdIC.exe
5184	JkYSkUt.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/760-0-0x00007FF7636D0000-0x00007FF763AC2000-memory.dmp	upx
behavioral2/files/0x0008000000023238-7.dat	upx
behavioral2/files/0x000700000002323c-25.dat	upx
behavioral2/files/0x000700000002323f-43.dat	upx
behavioral2/files/0x0007000000023243-55.dat	upx
behavioral2/memory/3744-56-0x00007FF7DAC80000-0x00007FF7DB072000-memory.dmp	upx
behavioral2/files/0x0007000000023245-83.dat	upx
behavioral2/files/0x0007000000023246-90.dat	upx
behavioral2/files/0x0007000000023249-107.dat	upx
behavioral2/files/0x0007000000023251-127.dat	upx
behavioral2/files/0x0007000000023256-150.dat	upx
behavioral2/memory/5096-162-0x00007FF7E3520000-0x00007FF7E3912000-memory.dmp	upx
behavioral2/files/0x000700000002325c-187.dat	upx
behavioral2/memory/4828-216-0x00007FF605BB0000-0x00007FF605FA2000-memory.dmp	upx
behavioral2/files/0x0007000000023259-184.dat	upx
behavioral2/memory/1748-227-0x00007FF68E100000-0x00007FF68E4F2000-memory.dmp	upx
behavioral2/memory/1700-233-0x00007FF70CC50000-0x00007FF70D042000-memory.dmp	upx
behavioral2/memory/4520-286-0x00007FF72BAF0000-0x00007FF72BEE2000-memory.dmp	upx
behavioral2/memory/3176-290-0x00007FF6E8FF0000-0x00007FF6E93E2000-memory.dmp	upx
behavioral2/memory/2584-300-0x00007FF6F6C00000-0x00007FF6F6FF2000-memory.dmp	upx
behavioral2/memory/880-307-0x00007FF678540000-0x00007FF678932000-memory.dmp	upx
behavioral2/memory/4592-312-0x00007FF79A750000-0x00007FF79AB42000-memory.dmp	upx
behavioral2/memory/1936-318-0x00007FF76B7F0000-0x00007FF76BBE2000-memory.dmp	upx
behavioral2/memory/3992-321-0x00007FF668D70000-0x00007FF669162000-memory.dmp	upx
behavioral2/memory/2388-327-0x00007FF6A76D0000-0x00007FF6A7AC2000-memory.dmp	upx
behavioral2/memory/1648-330-0x00007FF641740000-0x00007FF641B32000-memory.dmp	upx
behavioral2/memory/836-328-0x00007FF610750000-0x00007FF610B42000-memory.dmp	upx
behavioral2/memory/4912-326-0x00007FF7E37D0000-0x00007FF7E3BC2000-memory.dmp	upx
behavioral2/memory/5184-325-0x00007FF72F750000-0x00007FF72FB42000-memory.dmp	upx
behavioral2/memory/5164-324-0x00007FF7DBD00000-0x00007FF7DC0F2000-memory.dmp	upx
behavioral2/memory/5136-323-0x00007FF6BCA50000-0x00007FF6BCE42000-memory.dmp	upx
behavioral2/memory/440-322-0x00007FF649810000-0x00007FF649C02000-memory.dmp	upx
behavioral2/memory/3116-320-0x00007FF787C50000-0x00007FF788042000-memory.dmp	upx
behavioral2/memory/4128-319-0x00007FF7BA3A0000-0x00007FF7BA792000-memory.dmp	upx
behavioral2/memory/5056-317-0x00007FF7C0930000-0x00007FF7C0D22000-memory.dmp	upx
behavioral2/memory/3056-316-0x00007FF791B50000-0x00007FF791F42000-memory.dmp	upx
behavioral2/memory/5052-315-0x00007FF6DBEC0000-0x00007FF6DC2B2000-memory.dmp	upx
behavioral2/memory/4864-314-0x00007FF63C640000-0x00007FF63CA32000-memory.dmp	upx
behavioral2/memory/1416-313-0x00007FF792A30000-0x00007FF792E22000-memory.dmp	upx
behavioral2/memory/4440-311-0x00007FF64D0F0000-0x00007FF64D4E2000-memory.dmp	upx
behavioral2/memory/4332-310-0x00007FF6C8C70000-0x00007FF6C9062000-memory.dmp	upx
behavioral2/memory/1620-309-0x00007FF6EA250000-0x00007FF6EA642000-memory.dmp	upx
behavioral2/memory/4652-308-0x00007FF7363C0000-0x00007FF7367B2000-memory.dmp	upx
behavioral2/memory/1692-306-0x00007FF6731B0000-0x00007FF6735A2000-memory.dmp	upx
behavioral2/memory/696-305-0x00007FF7C0690000-0x00007FF7C0A82000-memory.dmp	upx
behavioral2/memory/380-304-0x00007FF665B10000-0x00007FF665F02000-memory.dmp	upx
behavioral2/memory/572-303-0x00007FF73BFF0000-0x00007FF73C3E2000-memory.dmp	upx
behavioral2/memory/4780-302-0x00007FF6A61D0000-0x00007FF6A65C2000-memory.dmp	upx
behavioral2/memory/2324-301-0x00007FF734F40000-0x00007FF735332000-memory.dmp	upx
behavioral2/memory/4716-299-0x00007FF71D2E0000-0x00007FF71D6D2000-memory.dmp	upx
behavioral2/memory/1708-298-0x00007FF7A6990000-0x00007FF7A6D82000-memory.dmp	upx
behavioral2/memory/2588-297-0x00007FF725190000-0x00007FF725582000-memory.dmp	upx
behavioral2/memory/4264-296-0x00007FF7E28F0000-0x00007FF7E2CE2000-memory.dmp	upx
behavioral2/memory/1112-295-0x00007FF60C630000-0x00007FF60CA22000-memory.dmp	upx
behavioral2/memory/4992-294-0x00007FF6FA360000-0x00007FF6FA752000-memory.dmp	upx
behavioral2/memory/2264-280-0x00007FF7E1670000-0x00007FF7E1A62000-memory.dmp	upx
behavioral2/memory/452-232-0x00007FF6FF4A0000-0x00007FF6FF892000-memory.dmp	upx
behavioral2/memory/3448-231-0x00007FF6F6FB0000-0x00007FF6F73A2000-memory.dmp	upx
behavioral2/memory/4824-230-0x00007FF77CE80000-0x00007FF77D272000-memory.dmp	upx
behavioral2/memory/4232-229-0x00007FF6C0AB0000-0x00007FF6C0EA2000-memory.dmp	upx
behavioral2/memory/2308-228-0x00007FF715B50000-0x00007FF715F42000-memory.dmp	upx
behavioral2/memory/4572-226-0x00007FF6A4620000-0x00007FF6A4A12000-memory.dmp	upx
behavioral2/memory/1284-225-0x00007FF657740000-0x00007FF657B32000-memory.dmp	upx
behavioral2/memory/3824-224-0x00007FF7364B0000-0x00007FF7368A2000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	raw.githubusercontent.com
8	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\uZCNtJI.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\sOPJhdf.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\kodiXAf.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\VhEkRED.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\isrBPgi.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\oXrgmCM.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\bXnNJLn.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\OtAbLrP.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\erImsaI.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\ElNSpNl.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\tXfHAsq.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\GqSNBao.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\CSztFvb.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\QxNKhVo.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\REdwZaQ.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\feetcmn.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\cOXAJqM.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\OppOmqt.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\YToNrOg.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\WPqSPHN.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\VWtgxDy.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\EaTrrfp.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\kGeDYfL.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\GGtTFlT.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\KRXmofY.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\URYuZWZ.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\RoBnlXh.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\HnLOtyY.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\xGaSPDc.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\LVYWIsU.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\AbVgidE.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\sPMOsJJ.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\dmhmrmZ.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\JIvbXoO.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\VELLMja.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\KNdFfmI.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\cKkNTyC.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\HqmJjhV.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\IOVflJB.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\iiIkiPS.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\qWawSDg.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\mQaDynQ.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\tRxvayH.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\CkjdgKc.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\lULiOwq.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\sadNOrZ.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\hywXioB.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\OTyxSdh.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\cmSikup.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\gVoBdCN.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\nQmdzmz.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\tCTIcuQ.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\LnYbeaP.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\NWQMxXi.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\Bdzbzsd.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\RWAdkKs.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\KPfrHKy.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\rjvyAZX.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\yPExfhV.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\QVrfJSf.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\KhGOcws.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\MOZlqBG.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\MfGLryc.exe	HEUR-Trojan.Win32.exe
File created	C:\Windows\System\UUDffxZ.exe	HEUR-Trojan.Win32.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
736	powershell.exe
736	powershell.exe
736	powershell.exe
736	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	760	HEUR-Trojan.Win32.exe
Token: SeLockMemoryPrivilege	760	HEUR-Trojan.Win32.exe
Token: SeDebugPrivilege	736	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 760 wrote to memory of 736	760	HEUR-Trojan.Win32.exe	88
PID 760 wrote to memory of 736	760	HEUR-Trojan.Win32.exe	88
PID 760 wrote to memory of 3620	760	HEUR-Trojan.Win32.exe	89
PID 760 wrote to memory of 3620	760	HEUR-Trojan.Win32.exe	89
PID 760 wrote to memory of 3160	760	HEUR-Trojan.Win32.exe	90
PID 760 wrote to memory of 3160	760	HEUR-Trojan.Win32.exe	90
PID 760 wrote to memory of 4912	760	HEUR-Trojan.Win32.exe	91
PID 760 wrote to memory of 4912	760	HEUR-Trojan.Win32.exe	91
PID 760 wrote to memory of 2388	760	HEUR-Trojan.Win32.exe	92
PID 760 wrote to memory of 2388	760	HEUR-Trojan.Win32.exe	92
PID 760 wrote to memory of 3988	760	HEUR-Trojan.Win32.exe	153
PID 760 wrote to memory of 3988	760	HEUR-Trojan.Win32.exe	153
PID 760 wrote to memory of 3744	760	HEUR-Trojan.Win32.exe	93
PID 760 wrote to memory of 3744	760	HEUR-Trojan.Win32.exe	93
PID 760 wrote to memory of 2052	760	HEUR-Trojan.Win32.exe	152
PID 760 wrote to memory of 2052	760	HEUR-Trojan.Win32.exe	152
PID 760 wrote to memory of 5080	760	HEUR-Trojan.Win32.exe	94
PID 760 wrote to memory of 5080	760	HEUR-Trojan.Win32.exe	94
PID 760 wrote to memory of 2912	760	HEUR-Trojan.Win32.exe	151
PID 760 wrote to memory of 2912	760	HEUR-Trojan.Win32.exe	151
PID 760 wrote to memory of 836	760	HEUR-Trojan.Win32.exe	150
PID 760 wrote to memory of 836	760	HEUR-Trojan.Win32.exe	150
PID 760 wrote to memory of 2900	760	HEUR-Trojan.Win32.exe	149
PID 760 wrote to memory of 2900	760	HEUR-Trojan.Win32.exe	149
PID 760 wrote to memory of 5096	760	HEUR-Trojan.Win32.exe	148
PID 760 wrote to memory of 5096	760	HEUR-Trojan.Win32.exe	148
PID 760 wrote to memory of 4828	760	HEUR-Trojan.Win32.exe	147
PID 760 wrote to memory of 4828	760	HEUR-Trojan.Win32.exe	147
PID 760 wrote to memory of 3668	760	HEUR-Trojan.Win32.exe	146
PID 760 wrote to memory of 3668	760	HEUR-Trojan.Win32.exe	146
PID 760 wrote to memory of 3824	760	HEUR-Trojan.Win32.exe	145
PID 760 wrote to memory of 3824	760	HEUR-Trojan.Win32.exe	145
PID 760 wrote to memory of 1284	760	HEUR-Trojan.Win32.exe	144
PID 760 wrote to memory of 1284	760	HEUR-Trojan.Win32.exe	144
PID 760 wrote to memory of 4572	760	HEUR-Trojan.Win32.exe	143
PID 760 wrote to memory of 4572	760	HEUR-Trojan.Win32.exe	143
PID 760 wrote to memory of 1648	760	HEUR-Trojan.Win32.exe	142
PID 760 wrote to memory of 1648	760	HEUR-Trojan.Win32.exe	142
PID 760 wrote to memory of 1748	760	HEUR-Trojan.Win32.exe	141
PID 760 wrote to memory of 1748	760	HEUR-Trojan.Win32.exe	141
PID 760 wrote to memory of 452	760	HEUR-Trojan.Win32.exe	140
PID 760 wrote to memory of 452	760	HEUR-Trojan.Win32.exe	140
PID 760 wrote to memory of 3176	760	HEUR-Trojan.Win32.exe	139
PID 760 wrote to memory of 3176	760	HEUR-Trojan.Win32.exe	139
PID 760 wrote to memory of 3896	760	HEUR-Trojan.Win32.exe	95
PID 760 wrote to memory of 3896	760	HEUR-Trojan.Win32.exe	95
PID 760 wrote to memory of 2308	760	HEUR-Trojan.Win32.exe	138
PID 760 wrote to memory of 2308	760	HEUR-Trojan.Win32.exe	138
PID 760 wrote to memory of 4232	760	HEUR-Trojan.Win32.exe	137
PID 760 wrote to memory of 4232	760	HEUR-Trojan.Win32.exe	137
PID 760 wrote to memory of 4824	760	HEUR-Trojan.Win32.exe	136
PID 760 wrote to memory of 4824	760	HEUR-Trojan.Win32.exe	136
PID 760 wrote to memory of 3448	760	HEUR-Trojan.Win32.exe	135
PID 760 wrote to memory of 3448	760	HEUR-Trojan.Win32.exe	135
PID 760 wrote to memory of 1700	760	HEUR-Trojan.Win32.exe	134
PID 760 wrote to memory of 1700	760	HEUR-Trojan.Win32.exe	134
PID 760 wrote to memory of 2264	760	HEUR-Trojan.Win32.exe	133
PID 760 wrote to memory of 2264	760	HEUR-Trojan.Win32.exe	133
PID 760 wrote to memory of 4520	760	HEUR-Trojan.Win32.exe	132
PID 760 wrote to memory of 4520	760	HEUR-Trojan.Win32.exe	132
PID 760 wrote to memory of 4992	760	HEUR-Trojan.Win32.exe	131
PID 760 wrote to memory of 4992	760	HEUR-Trojan.Win32.exe	131
PID 760 wrote to memory of 1112	760	HEUR-Trojan.Win32.exe	130
PID 760 wrote to memory of 1112	760	HEUR-Trojan.Win32.exe	130

C:\Users\Admin\AppData\Local\Temp\HEUR-Trojan.Win32.exe
"C:\Users\Admin\AppData\Local\Temp\HEUR-Trojan.Win32.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:760
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:736
- C:\Windows\System\LwXajns.exe
  C:\Windows\System\LwXajns.exe
  2⤵
  - Executes dropped EXE
  PID:3620
- C:\Windows\System\wYwQLBs.exe
  C:\Windows\System\wYwQLBs.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\lSPYAZc.exe
  C:\Windows\System\lSPYAZc.exe
  2⤵
  - Executes dropped EXE
  PID:4912
- C:\Windows\System\QSmMYbP.exe
  C:\Windows\System\QSmMYbP.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\AhmFeYx.exe
  C:\Windows\System\AhmFeYx.exe
  2⤵
  - Executes dropped EXE
  PID:3744
- C:\Windows\System\CZNMsdl.exe
  C:\Windows\System\CZNMsdl.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\ZVRkdsO.exe
  C:\Windows\System\ZVRkdsO.exe
  2⤵
  - Executes dropped EXE
  PID:3896
- C:\Windows\System\mayIHBd.exe
  C:\Windows\System\mayIHBd.exe
  2⤵
  PID:5204
- C:\Windows\System\JkYSkUt.exe
  C:\Windows\System\JkYSkUt.exe
  2⤵
  - Executes dropped EXE
  PID:5184
- C:\Windows\System\bHqEdIC.exe
  C:\Windows\System\bHqEdIC.exe
  2⤵
  - Executes dropped EXE
  PID:5164
- C:\Windows\System\FOuLeCt.exe
  C:\Windows\System\FOuLeCt.exe
  2⤵
  - Executes dropped EXE
  PID:5136
- C:\Windows\System\qwVIbOi.exe
  C:\Windows\System\qwVIbOi.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\lGDhgMj.exe
  C:\Windows\System\lGDhgMj.exe
  2⤵
  - Executes dropped EXE
  PID:3992
- C:\Windows\System\NCYGoxx.exe
  C:\Windows\System\NCYGoxx.exe
  2⤵
  - Executes dropped EXE
  PID:3116
- C:\Windows\System\QuGueFo.exe
  C:\Windows\System\QuGueFo.exe
  2⤵
  - Executes dropped EXE
  PID:4128
- C:\Windows\System\bjtxvdb.exe
  C:\Windows\System\bjtxvdb.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\wcqGLrj.exe
  C:\Windows\System\wcqGLrj.exe
  2⤵
  - Executes dropped EXE
  PID:5056
- C:\Windows\System\MRNzVYD.exe
  C:\Windows\System\MRNzVYD.exe
  2⤵
  - Executes dropped EXE
  PID:5104
- C:\Windows\System\ICUZeXn.exe
  C:\Windows\System\ICUZeXn.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\wFmQAmU.exe
  C:\Windows\System\wFmQAmU.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\xRBLCWJ.exe
  C:\Windows\System\xRBLCWJ.exe
  2⤵
  - Executes dropped EXE
  PID:4864
- C:\Windows\System\Ynzreqp.exe
  C:\Windows\System\Ynzreqp.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\mapaqVp.exe
  C:\Windows\System\mapaqVp.exe
  2⤵
  - Executes dropped EXE
  PID:4592
- C:\Windows\System\aJTjbzI.exe
  C:\Windows\System\aJTjbzI.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\hFfjTtt.exe
  C:\Windows\System\hFfjTtt.exe
  2⤵
  - Executes dropped EXE
  PID:4332
- C:\Windows\System\kgcauRU.exe
  C:\Windows\System\kgcauRU.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\OxaVfRv.exe
  C:\Windows\System\OxaVfRv.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\MRzHXgX.exe
  C:\Windows\System\MRzHXgX.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\IrWqRQc.exe
  C:\Windows\System\IrWqRQc.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\BTVyDYo.exe
  C:\Windows\System\BTVyDYo.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\mSBmhIT.exe
  C:\Windows\System\mSBmhIT.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\VELLMja.exe
  C:\Windows\System\VELLMja.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\oizZNMr.exe
  C:\Windows\System\oizZNMr.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\PatfAVO.exe
  C:\Windows\System\PatfAVO.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System\pkzcDBA.exe
  C:\Windows\System\pkzcDBA.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\bZAQUjX.exe
  C:\Windows\System\bZAQUjX.exe
  2⤵
  - Executes dropped EXE
  PID:4716
- C:\Windows\System\jTuuVdy.exe
  C:\Windows\System\jTuuVdy.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\CgzUnWf.exe
  C:\Windows\System\CgzUnWf.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\nwsOafZ.exe
  C:\Windows\System\nwsOafZ.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\CJednrj.exe
  C:\Windows\System\CJednrj.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\JqgMgmG.exe
  C:\Windows\System\JqgMgmG.exe
  2⤵
  - Executes dropped EXE
  PID:4264
- C:\Windows\System\cTkmrJN.exe
  C:\Windows\System\cTkmrJN.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\itYvDym.exe
  C:\Windows\System\itYvDym.exe
  2⤵
  - Executes dropped EXE
  PID:4992
- C:\Windows\System\sxXzDtm.exe
  C:\Windows\System\sxXzDtm.exe
  2⤵
  - Executes dropped EXE
  PID:4520
- C:\Windows\System\iaXlwMd.exe
  C:\Windows\System\iaXlwMd.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\oFdHcDK.exe
  C:\Windows\System\oFdHcDK.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\tCTIcuQ.exe
  C:\Windows\System\tCTIcuQ.exe
  2⤵
  - Executes dropped EXE
  PID:3448
- C:\Windows\System\UYfoTxH.exe
  C:\Windows\System\UYfoTxH.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System\XxGsluI.exe
  C:\Windows\System\XxGsluI.exe
  2⤵
  - Executes dropped EXE
  PID:4232
- C:\Windows\System\TlDImxW.exe
  C:\Windows\System\TlDImxW.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\qEzEwCg.exe
  C:\Windows\System\qEzEwCg.exe
  2⤵
  - Executes dropped EXE
  PID:3176
- C:\Windows\System\vVSGtdw.exe
  C:\Windows\System\vVSGtdw.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\SWYuhFV.exe
  C:\Windows\System\SWYuhFV.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\YfXFqtT.exe
  C:\Windows\System\YfXFqtT.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\xOWKrIo.exe
  C:\Windows\System\xOWKrIo.exe
  2⤵
  - Executes dropped EXE
  PID:4572
- C:\Windows\System\BEVaqrF.exe
  C:\Windows\System\BEVaqrF.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\rSsxaIF.exe
  C:\Windows\System\rSsxaIF.exe
  2⤵
  - Executes dropped EXE
  PID:3824
- C:\Windows\System\aUuhTyx.exe
  C:\Windows\System\aUuhTyx.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System\NvWerZk.exe
  C:\Windows\System\NvWerZk.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System\TKzzHqb.exe
  C:\Windows\System\TKzzHqb.exe
  2⤵
  - Executes dropped EXE
  PID:5096
- C:\Windows\System\uhprycI.exe
  C:\Windows\System\uhprycI.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\clGRmLS.exe
  C:\Windows\System\clGRmLS.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\jriBKZp.exe
  C:\Windows\System\jriBKZp.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\EmOQdeE.exe
  C:\Windows\System\EmOQdeE.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\EpZuFvL.exe
  C:\Windows\System\EpZuFvL.exe
  2⤵
  - Executes dropped EXE
  PID:3988
- C:\Windows\System\sTblxNA.exe
  C:\Windows\System\sTblxNA.exe
  2⤵
  PID:3320
- C:\Windows\System\HdrgEEQ.exe
  C:\Windows\System\HdrgEEQ.exe
  2⤵
  PID:3308
- C:\Windows\System\BqNgQSU.exe
  C:\Windows\System\BqNgQSU.exe
  2⤵
  PID:2692
- C:\Windows\System\qfLLjyr.exe
  C:\Windows\System\qfLLjyr.exe
  2⤵
  PID:5680
- C:\Windows\System\FEsKXeS.exe
  C:\Windows\System\FEsKXeS.exe
  2⤵
  PID:5800
- C:\Windows\System\iqvJUNS.exe
  C:\Windows\System\iqvJUNS.exe
  2⤵
  PID:5952
- C:\Windows\System\gsCMKSC.exe
  C:\Windows\System\gsCMKSC.exe
  2⤵
  PID:3256
- C:\Windows\System\REqNkPm.exe
  C:\Windows\System\REqNkPm.exe
  2⤵
  PID:5332
- C:\Windows\System\ClSsOpZ.exe
  C:\Windows\System\ClSsOpZ.exe
  2⤵
  PID:5312
- C:\Windows\System\RHYtUCa.exe
  C:\Windows\System\RHYtUCa.exe
  2⤵
  PID:3660
- C:\Windows\System\OQUKkvH.exe
  C:\Windows\System\OQUKkvH.exe
  2⤵
  PID:5032
- C:\Windows\System\dsMIHvd.exe
  C:\Windows\System\dsMIHvd.exe
  2⤵
  PID:3856
- C:\Windows\System\erImsaI.exe
  C:\Windows\System\erImsaI.exe
  2⤵
  PID:3364
- C:\Windows\System\VDSgGPk.exe
  C:\Windows\System\VDSgGPk.exe
  2⤵
  PID:5540
- C:\Windows\System\fMzpALq.exe
  C:\Windows\System\fMzpALq.exe
  2⤵
  PID:5520
- C:\Windows\System\uZCNtJI.exe
  C:\Windows\System\uZCNtJI.exe
  2⤵
  PID:5508
- C:\Windows\System\pkYlTJJ.exe
  C:\Windows\System\pkYlTJJ.exe
  2⤵
  PID:5496
- C:\Windows\System\MbYXLvA.exe
  C:\Windows\System\MbYXLvA.exe
  2⤵
  PID:5460
- C:\Windows\System\WAnNnhx.exe
  C:\Windows\System\WAnNnhx.exe
  2⤵
  PID:5828
- C:\Windows\System\REdwZaQ.exe
  C:\Windows\System\REdwZaQ.exe
  2⤵
  PID:4044
- C:\Windows\System\rdvUFLL.exe
  C:\Windows\System\rdvUFLL.exe
  2⤵
  PID:5924
- C:\Windows\System\igwhwZF.exe
  C:\Windows\System\igwhwZF.exe
  2⤵
  PID:1324
- C:\Windows\System\jVXurBS.exe
  C:\Windows\System\jVXurBS.exe
  2⤵
  PID:612
- C:\Windows\System\DkaSglJ.exe
  C:\Windows\System\DkaSglJ.exe
  2⤵
  PID:5664
- C:\Windows\System\IvKMOHD.exe
  C:\Windows\System\IvKMOHD.exe
  2⤵
  PID:756
- C:\Windows\System\ZecJpfc.exe
  C:\Windows\System\ZecJpfc.exe
  2⤵
  PID:1144
- C:\Windows\System\alewUCt.exe
  C:\Windows\System\alewUCt.exe
  2⤵
  PID:548
- C:\Windows\System\xBkWoxe.exe
  C:\Windows\System\xBkWoxe.exe
  2⤵
  PID:1548
- C:\Windows\System\kmaxfZJ.exe
  C:\Windows\System\kmaxfZJ.exe
  2⤵
  PID:5452
- C:\Windows\System\zZAtRea.exe
  C:\Windows\System\zZAtRea.exe
  2⤵
  PID:2444
- C:\Windows\System\aHaqUhP.exe
  C:\Windows\System\aHaqUhP.exe
  2⤵
  PID:5444
- C:\Windows\System\RTNMbAm.exe
  C:\Windows\System\RTNMbAm.exe
  2⤵
  PID:5416
- C:\Windows\System\htRIIOz.exe
  C:\Windows\System\htRIIOz.exe
  2⤵
  PID:5388
- C:\Windows\System\MlVflDU.exe
  C:\Windows\System\MlVflDU.exe
  2⤵
  PID:3640
- C:\Windows\System\VYRcErj.exe
  C:\Windows\System\VYRcErj.exe
  2⤵
  PID:2064
- C:\Windows\System\MsNCAcm.exe
  C:\Windows\System\MsNCAcm.exe
  2⤵
  PID:4032
- C:\Windows\System\NIXToOL.exe
  C:\Windows\System\NIXToOL.exe
  2⤵
  PID:3420
- C:\Windows\System\vFFOIMV.exe
  C:\Windows\System\vFFOIMV.exe
  2⤵
  PID:2868
- C:\Windows\System\PIbsade.exe
  C:\Windows\System\PIbsade.exe
  2⤵
  PID:2904
- C:\Windows\System\eayAtsC.exe
  C:\Windows\System\eayAtsC.exe
  2⤵
  PID:3360
- C:\Windows\System\unemkpL.exe
  C:\Windows\System\unemkpL.exe
  2⤵
  PID:1792
- C:\Windows\System\Qfpjbho.exe
  C:\Windows\System\Qfpjbho.exe
  2⤵
  PID:6116
- C:\Windows\System\iXVsHHi.exe
  C:\Windows\System\iXVsHHi.exe
  2⤵
  PID:6096
- C:\Windows\System\RgaDwki.exe
  C:\Windows\System\RgaDwki.exe
  2⤵
  PID:6068
- C:\Windows\System\qJVeTHu.exe
  C:\Windows\System\qJVeTHu.exe
  2⤵
  PID:6052
- C:\Windows\System\xSkIhOJ.exe
  C:\Windows\System\xSkIhOJ.exe
  2⤵
  PID:6036
- C:\Windows\System\jqvpGlj.exe
  C:\Windows\System\jqvpGlj.exe
  2⤵
  PID:6012
- C:\Windows\System\ZcZwqDP.exe
  C:\Windows\System\ZcZwqDP.exe
  2⤵
  PID:5992
- C:\Windows\System\cXxgoeE.exe
  C:\Windows\System\cXxgoeE.exe
  2⤵
  PID:1556
- C:\Windows\System\OzXtGdv.exe
  C:\Windows\System\OzXtGdv.exe
  2⤵
  PID:5932
- C:\Windows\System\mgvtAfr.exe
  C:\Windows\System\mgvtAfr.exe
  2⤵
  PID:1808
- C:\Windows\System\ccbjPud.exe
  C:\Windows\System\ccbjPud.exe
  2⤵
  PID:5900
- C:\Windows\System\pUoiWND.exe
  C:\Windows\System\pUoiWND.exe
  2⤵
  PID:5884
- C:\Windows\System\uSnnINt.exe
  C:\Windows\System\uSnnINt.exe
  2⤵
  PID:5860
- C:\Windows\System\mVjdqnE.exe
  C:\Windows\System\mVjdqnE.exe
  2⤵
  PID:5836
- C:\Windows\System\rlEIfFh.exe
  C:\Windows\System\rlEIfFh.exe
  2⤵
  PID:5816
- C:\Windows\System\ivMkEMo.exe
  C:\Windows\System\ivMkEMo.exe
  2⤵
  PID:5780
- C:\Windows\System\SNaQxmN.exe
  C:\Windows\System\SNaQxmN.exe
  2⤵
  PID:5756
- C:\Windows\System\burAhoA.exe
  C:\Windows\System\burAhoA.exe
  2⤵
  PID:5728
- C:\Windows\System\bxxSbDr.exe
  C:\Windows\System\bxxSbDr.exe
  2⤵
  PID:5696
- C:\Windows\System\AOTZzLt.exe
  C:\Windows\System\AOTZzLt.exe
  2⤵
  PID:1856
- C:\Windows\System\RGpdpwg.exe
  C:\Windows\System\RGpdpwg.exe
  2⤵
  PID:3296
- C:\Windows\System\KYyEkLw.exe
  C:\Windows\System\KYyEkLw.exe
  2⤵
  PID:4908
- C:\Windows\System\cipqYII.exe
  C:\Windows\System\cipqYII.exe
  2⤵
  PID:2084
- C:\Windows\System\JaPpChY.exe
  C:\Windows\System\JaPpChY.exe
  2⤵
  PID:5648
- C:\Windows\System\tSSAkLD.exe
  C:\Windows\System\tSSAkLD.exe
  2⤵
  PID:2892
- C:\Windows\System\XNRpsZO.exe
  C:\Windows\System\XNRpsZO.exe
  2⤵
  PID:5796
- C:\Windows\System\dXflEey.exe
  C:\Windows\System\dXflEey.exe
  2⤵
  PID:5252
- C:\Windows\System\BUtyQfq.exe
  C:\Windows\System\BUtyQfq.exe
  2⤵
  PID:6296
- C:\Windows\System\EfHSCsw.exe
  C:\Windows\System\EfHSCsw.exe
  2⤵
  PID:6312
- C:\Windows\System\EylFfVU.exe
  C:\Windows\System\EylFfVU.exe
  2⤵
  PID:6652
- C:\Windows\System\BrYRATd.exe
  C:\Windows\System\BrYRATd.exe
  2⤵
  PID:6632
- C:\Windows\System\oOeOWlI.exe
  C:\Windows\System\oOeOWlI.exe
  2⤵
  PID:6612
- C:\Windows\System\RoBnlXh.exe
  C:\Windows\System\RoBnlXh.exe
  2⤵
  PID:6596
- C:\Windows\System\ZMRYMeS.exe
  C:\Windows\System\ZMRYMeS.exe
  2⤵
  PID:6552
- C:\Windows\System\kbnuHID.exe
  C:\Windows\System\kbnuHID.exe
  2⤵
  PID:6520
- C:\Windows\System\wkmqVdE.exe
  C:\Windows\System\wkmqVdE.exe
  2⤵
  PID:6852
- C:\Windows\System\UpeEHbn.exe
  C:\Windows\System\UpeEHbn.exe
  2⤵
  PID:6828
- C:\Windows\System\bXnNJLn.exe
  C:\Windows\System\bXnNJLn.exe
  2⤵
  PID:6804
- C:\Windows\System\afoxZfP.exe
  C:\Windows\System\afoxZfP.exe
  2⤵
  PID:6784
- C:\Windows\System\swHBcgo.exe
  C:\Windows\System\swHBcgo.exe
  2⤵
  PID:6764
- C:\Windows\System\MZWEBkm.exe
  C:\Windows\System\MZWEBkm.exe
  2⤵
  PID:5752
- C:\Windows\System\KFuSikN.exe
  C:\Windows\System\KFuSikN.exe
  2⤵
  PID:3336
- C:\Windows\System\XTddDnP.exe
  C:\Windows\System\XTddDnP.exe
  2⤵
  PID:7148
- C:\Windows\System\jqesYbA.exe
  C:\Windows\System\jqesYbA.exe
  2⤵
  PID:7128
- C:\Windows\System\dboyzjk.exe
  C:\Windows\System\dboyzjk.exe
  2⤵
  PID:7112
- C:\Windows\System\GMvOUHf.exe
  C:\Windows\System\GMvOUHf.exe
  2⤵
  PID:6272
- C:\Windows\System\SlecOvq.exe
  C:\Windows\System\SlecOvq.exe
  2⤵
  PID:7096
- C:\Windows\System\SnWvFcg.exe
  C:\Windows\System\SnWvFcg.exe
  2⤵
  PID:7416
- C:\Windows\System\lWiQbaW.exe
  C:\Windows\System\lWiQbaW.exe
  2⤵
  PID:7384
- C:\Windows\System\ZOGLXfU.exe
  C:\Windows\System\ZOGLXfU.exe
  2⤵
  PID:7368
- C:\Windows\System\QaoLzSg.exe
  C:\Windows\System\QaoLzSg.exe
  2⤵
  PID:7348
- C:\Windows\System\EuhSVxY.exe
  C:\Windows\System\EuhSVxY.exe
  2⤵
  PID:7332
- C:\Windows\System\MOZlqBG.exe
  C:\Windows\System\MOZlqBG.exe
  2⤵
  PID:7312
- C:\Windows\System\jqWDIlo.exe
  C:\Windows\System\jqWDIlo.exe
  2⤵
  PID:7296
- C:\Windows\System\sJRPYGd.exe
  C:\Windows\System\sJRPYGd.exe
  2⤵
  PID:7276
- C:\Windows\System\xCIpUyk.exe
  C:\Windows\System\xCIpUyk.exe
  2⤵
  PID:7256
- C:\Windows\System\isrBPgi.exe
  C:\Windows\System\isrBPgi.exe
  2⤵
  PID:7240
- C:\Windows\System\jyFDPQx.exe
  C:\Windows\System\jyFDPQx.exe
  2⤵
  PID:7216
- C:\Windows\System\MRsYnIJ.exe
  C:\Windows\System\MRsYnIJ.exe
  2⤵
  PID:7200
- C:\Windows\System\HyJPMSY.exe
  C:\Windows\System\HyJPMSY.exe
  2⤵
  PID:7180
- C:\Windows\System\nKXTipg.exe
  C:\Windows\System\nKXTipg.exe
  2⤵
  PID:6328
- C:\Windows\System\ZhCbIOs.exe
  C:\Windows\System\ZhCbIOs.exe
  2⤵
  PID:6308
- C:\Windows\System\iMIBaLm.exe
  C:\Windows\System\iMIBaLm.exe
  2⤵
  PID:6268
- C:\Windows\System\KRPXnAU.exe
  C:\Windows\System\KRPXnAU.exe
  2⤵
  PID:6572
- C:\Windows\System\OIwYRDk.exe
  C:\Windows\System\OIwYRDk.exe
  2⤵
  PID:6488
- C:\Windows\System\wuQzpkt.exe
  C:\Windows\System\wuQzpkt.exe
  2⤵
  PID:5852
- C:\Windows\System\SFZVKoZ.exe
  C:\Windows\System\SFZVKoZ.exe
  2⤵
  PID:5764
- C:\Windows\System\KbWNDDz.exe
  C:\Windows\System\KbWNDDz.exe
  2⤵
  PID:6324
- C:\Windows\System\obWqhrO.exe
  C:\Windows\System\obWqhrO.exe
  2⤵
  PID:6288
- C:\Windows\System\DQsUjdk.exe
  C:\Windows\System\DQsUjdk.exe
  2⤵
  PID:6200
- C:\Windows\System\fKwLjpR.exe
  C:\Windows\System\fKwLjpR.exe
  2⤵
  PID:6240
- C:\Windows\System\mvzhzOL.exe
  C:\Windows\System\mvzhzOL.exe
  2⤵
  PID:6492
- C:\Windows\System\czRrfNZ.exe
  C:\Windows\System\czRrfNZ.exe
  2⤵
  PID:4868
- C:\Windows\System\NGKtjhn.exe
  C:\Windows\System\NGKtjhn.exe
  2⤵
  PID:7080
- C:\Windows\System\dwlSgPF.exe
  C:\Windows\System\dwlSgPF.exe
  2⤵
  PID:7060
- C:\Windows\System\tLgPqMW.exe
  C:\Windows\System\tLgPqMW.exe
  2⤵
  PID:7040
- C:\Windows\System\ZEzOean.exe
  C:\Windows\System\ZEzOean.exe
  2⤵
  PID:7020
- C:\Windows\System\RYIkxlV.exe
  C:\Windows\System\RYIkxlV.exe
  2⤵
  PID:7000
- C:\Windows\System\dKmrIdy.exe
  C:\Windows\System\dKmrIdy.exe
  2⤵
  PID:6980
- C:\Windows\System\gpSvKTI.exe
  C:\Windows\System\gpSvKTI.exe
  2⤵
  PID:6960
- C:\Windows\System\sEtiMca.exe
  C:\Windows\System\sEtiMca.exe
  2⤵
  PID:6940
- C:\Windows\System\EOMqmQA.exe
  C:\Windows\System\EOMqmQA.exe
  2⤵
  PID:6920
- C:\Windows\System\teGJrga.exe
  C:\Windows\System\teGJrga.exe
  2⤵
  PID:6904
- C:\Windows\System\QIDJMcA.exe
  C:\Windows\System\QIDJMcA.exe
  2⤵
  PID:6876
- C:\Windows\System\bEPUSvq.exe
  C:\Windows\System\bEPUSvq.exe
  2⤵
  PID:6748
- C:\Windows\System\ONNutqi.exe
  C:\Windows\System\ONNutqi.exe
  2⤵
  PID:6500
- C:\Windows\System\haWcJaf.exe
  C:\Windows\System\haWcJaf.exe
  2⤵
  PID:6480
- C:\Windows\System\hYUtCID.exe
  C:\Windows\System\hYUtCID.exe
  2⤵
  PID:6464
- C:\Windows\System\IYlYXwF.exe
  C:\Windows\System\IYlYXwF.exe
  2⤵
  PID:6444
- C:\Windows\System\xSLayWA.exe
  C:\Windows\System\xSLayWA.exe
  2⤵
  PID:6428
- C:\Windows\System\QsZCDmz.exe
  C:\Windows\System\QsZCDmz.exe
  2⤵
  PID:6412
- C:\Windows\System\NVrDeOd.exe
  C:\Windows\System\NVrDeOd.exe
  2⤵
  PID:6392
- C:\Windows\System\pzKCbar.exe
  C:\Windows\System\pzKCbar.exe
  2⤵
  PID:6372
- C:\Windows\System\IOVflJB.exe
  C:\Windows\System\IOVflJB.exe
  2⤵
  PID:6352
- C:\Windows\System\SDjQzWk.exe
  C:\Windows\System\SDjQzWk.exe
  2⤵
  PID:6336
- C:\Windows\System\lcEKskf.exe
  C:\Windows\System\lcEKskf.exe
  2⤵
  PID:6276
- C:\Windows\System\EttEUQF.exe
  C:\Windows\System\EttEUQF.exe
  2⤵
  PID:6244
- C:\Windows\System\KOpxZgZ.exe
  C:\Windows\System\KOpxZgZ.exe
  2⤵
  PID:6224
- C:\Windows\System\MLjpvsD.exe
  C:\Windows\System\MLjpvsD.exe
  2⤵
  PID:6208
- C:\Windows\System\psVZhum.exe
  C:\Windows\System\psVZhum.exe
  2⤵
  PID:6192
- C:\Windows\System\gveTRfH.exe
  C:\Windows\System\gveTRfH.exe
  2⤵
  PID:6172
- C:\Windows\System\NipVDdL.exe
  C:\Windows\System\NipVDdL.exe
  2⤵
  PID:6152
- C:\Windows\System\vaRfqIF.exe
  C:\Windows\System\vaRfqIF.exe
  2⤵
  PID:3388
- C:\Windows\System\VFoHJvo.exe
  C:\Windows\System\VFoHJvo.exe
  2⤵
  PID:5584
- C:\Windows\System\jIxbJEp.exe
  C:\Windows\System\jIxbJEp.exe
  2⤵
  PID:3984
- C:\Windows\System\fLGgYPm.exe
  C:\Windows\System\fLGgYPm.exe
  2⤵
  PID:2180
- C:\Windows\System\xJcFRky.exe
  C:\Windows\System\xJcFRky.exe
  2⤵
  PID:1864
- C:\Windows\System\SbCRZYj.exe
  C:\Windows\System\SbCRZYj.exe
  2⤵
  PID:1488
- C:\Windows\System\xkwTtIJ.exe
  C:\Windows\System\xkwTtIJ.exe
  2⤵
  PID:2752
- C:\Windows\System\GOCSwwt.exe
  C:\Windows\System\GOCSwwt.exe
  2⤵
  PID:1344
- C:\Windows\System\skVqNeK.exe
  C:\Windows\System\skVqNeK.exe
  2⤵
  PID:5808
- C:\Windows\System\fEtrszb.exe
  C:\Windows\System\fEtrszb.exe
  2⤵
  PID:5984
- C:\Windows\System\zQoUPGc.exe
  C:\Windows\System\zQoUPGc.exe
  2⤵
  PID:3652
- C:\Windows\System\sadNOrZ.exe
  C:\Windows\System\sadNOrZ.exe
  2⤵
  PID:2648
- C:\Windows\System\bgrgLUp.exe
  C:\Windows\System\bgrgLUp.exe
  2⤵
  PID:4208
- C:\Windows\System\mLNoDsS.exe
  C:\Windows\System\mLNoDsS.exe
  2⤵
  PID:8056
- C:\Windows\System\TICHklH.exe
  C:\Windows\System\TICHklH.exe
  2⤵
  PID:3020
- C:\Windows\System\OtAbLrP.exe
  C:\Windows\System\OtAbLrP.exe
  2⤵
  PID:180
- C:\Windows\System\NxULIXt.exe
  C:\Windows\System\NxULIXt.exe
  2⤵
  PID:3392
- C:\Windows\System\CstUpPX.exe
  C:\Windows\System\CstUpPX.exe
  2⤵
  PID:4212
- C:\Windows\System\odllAVT.exe
  C:\Windows\System\odllAVT.exe
  2⤵
  PID:7072
- C:\Windows\System\AqszSaq.exe
  C:\Windows\System\AqszSaq.exe
  2⤵
  PID:6720
- C:\Windows\System\BsXiKLw.exe
  C:\Windows\System\BsXiKLw.exe
  2⤵
  PID:5300
- C:\Windows\System\xSBKYkL.exe
  C:\Windows\System\xSBKYkL.exe
  2⤵
  PID:6400
- C:\Windows\System\ShVFQDs.exe
  C:\Windows\System\ShVFQDs.exe
  2⤵
  PID:6236
- C:\Windows\System\nBsCgoT.exe
  C:\Windows\System\nBsCgoT.exe
  2⤵
  PID:5396
- C:\Windows\System\OSUJqTQ.exe
  C:\Windows\System\OSUJqTQ.exe
  2⤵
  PID:5296
- C:\Windows\System\ihPVnGS.exe
  C:\Windows\System\ihPVnGS.exe
  2⤵
  PID:6864
- C:\Windows\System\xOnqGHL.exe
  C:\Windows\System\xOnqGHL.exe
  2⤵
  PID:4500
- C:\Windows\System\qljSGCi.exe
  C:\Windows\System\qljSGCi.exe
  2⤵
  PID:6756
- C:\Windows\System\IOcpnYy.exe
  C:\Windows\System\IOcpnYy.exe
  2⤵
  PID:5220
- C:\Windows\System\RZJXYgn.exe
  C:\Windows\System\RZJXYgn.exe
  2⤵
  PID:1876
- C:\Windows\System\RIHSBOD.exe
  C:\Windows\System\RIHSBOD.exe
  2⤵
  PID:6976
- C:\Windows\System\VIeBdwU.exe
  C:\Windows\System\VIeBdwU.exe
  2⤵
  PID:5284
- C:\Windows\System\vWDUToK.exe
  C:\Windows\System\vWDUToK.exe
  2⤵
  PID:4312
- C:\Windows\System\QafABRl.exe
  C:\Windows\System\QafABRl.exe
  2⤵
  PID:3328
- C:\Windows\System\nGUhbzA.exe
  C:\Windows\System\nGUhbzA.exe
  2⤵
  PID:7264
- C:\Windows\System\IpsqSEH.exe
  C:\Windows\System\IpsqSEH.exe
  2⤵
  PID:7524
- C:\Windows\System\TVEGENW.exe
  C:\Windows\System\TVEGENW.exe
  2⤵
  PID:7188
- C:\Windows\System\xbprqOO.exe
  C:\Windows\System\xbprqOO.exe
  2⤵
  PID:7172
- C:\Windows\System\OwslQBn.exe
  C:\Windows\System\OwslQBn.exe
  2⤵
  PID:7740
- C:\Windows\System\JuPCjXq.exe
  C:\Windows\System\JuPCjXq.exe
  2⤵
  PID:6160
- C:\Windows\System\NqacJKc.exe
  C:\Windows\System\NqacJKc.exe
  2⤵
  PID:724
- C:\Windows\System\zUaWnkk.exe
  C:\Windows\System\zUaWnkk.exe
  2⤵
  PID:2724
- C:\Windows\System\YtcLXky.exe
  C:\Windows\System\YtcLXky.exe
  2⤵
  PID:1988
- C:\Windows\System\StsoDqw.exe
  C:\Windows\System\StsoDqw.exe
  2⤵
  PID:7360
- C:\Windows\System\RCVLQKz.exe
  C:\Windows\System\RCVLQKz.exe
  2⤵
  PID:5336
- C:\Windows\System\jkMhGEc.exe
  C:\Windows\System\jkMhGEc.exe
  2⤵
  PID:5328
- C:\Windows\System\fVUcqKx.exe
  C:\Windows\System\fVUcqKx.exe
  2⤵
  PID:6688
- C:\Windows\System\aUjrzkS.exe
  C:\Windows\System\aUjrzkS.exe
  2⤵
  PID:6800
- C:\Windows\System\ZbAMzJn.exe
  C:\Windows\System\ZbAMzJn.exe
  2⤵
  PID:6560
- C:\Windows\System\ZPGBtDX.exe
  C:\Windows\System\ZPGBtDX.exe
  2⤵
  PID:7552
- C:\Windows\System\iprdcoY.exe
  C:\Windows\System\iprdcoY.exe
  2⤵
  PID:1016
- C:\Windows\System\umPnWoW.exe
  C:\Windows\System\umPnWoW.exe
  2⤵
  PID:7500
- C:\Windows\System\mAeTGRK.exe
  C:\Windows\System\mAeTGRK.exe
  2⤵
  PID:4364
- C:\Windows\System\KNdFfmI.exe
  C:\Windows\System\KNdFfmI.exe
  2⤵
  PID:4960
- C:\Windows\System\GnuJrVk.exe
  C:\Windows\System\GnuJrVk.exe
  2⤵
  PID:5660
- C:\Windows\System\tqYdBTb.exe
  C:\Windows\System\tqYdBTb.exe
  2⤵
  PID:6044
- C:\Windows\System\FgBcCqO.exe
  C:\Windows\System\FgBcCqO.exe
  2⤵
  PID:5644
- C:\Windows\System\CIiVWyB.exe
  C:\Windows\System\CIiVWyB.exe
  2⤵
  PID:1264
- C:\Windows\System\GQWGKha.exe
  C:\Windows\System\GQWGKha.exe
  2⤵
  PID:7428
- C:\Windows\System\udbBotF.exe
  C:\Windows\System\udbBotF.exe
  2⤵
  PID:4108
- C:\Windows\System\DETWRua.exe
  C:\Windows\System\DETWRua.exe
  2⤵
  PID:7140
- C:\Windows\System\tIUCeaP.exe
  C:\Windows\System\tIUCeaP.exe
  2⤵
  PID:2356
- C:\Windows\System\HlTcOoL.exe
  C:\Windows\System\HlTcOoL.exe
  2⤵
  PID:5368
- C:\Windows\System\sPMOsJJ.exe
  C:\Windows\System\sPMOsJJ.exe
  2⤵
  PID:4380
- C:\Windows\System\XEoFBPK.exe
  C:\Windows\System\XEoFBPK.exe
  2⤵
  PID:1388
- C:\Windows\System\gGmajNj.exe
  C:\Windows\System\gGmajNj.exe
  2⤵
  PID:6896
- C:\Windows\System\RnzuuKR.exe
  C:\Windows\System\RnzuuKR.exe
  2⤵
  PID:7376
- C:\Windows\System\oyuObRM.exe
  C:\Windows\System\oyuObRM.exe
  2⤵
  PID:8080
- C:\Windows\System\oOkgREm.exe
  C:\Windows\System\oOkgREm.exe
  2⤵
  PID:3572
- C:\Windows\System\mhNFcTY.exe
  C:\Windows\System\mhNFcTY.exe
  2⤵
  PID:8180
- C:\Windows\System\FpjmZhz.exe
  C:\Windows\System\FpjmZhz.exe
  2⤵
  PID:3916
- C:\Windows\System\hjPNnGt.exe
  C:\Windows\System\hjPNnGt.exe
  2⤵
  PID:3484
- C:\Windows\System\MYhxDsi.exe
  C:\Windows\System\MYhxDsi.exe
  2⤵
  PID:7640
- C:\Windows\System\bLaosKJ.exe
  C:\Windows\System\bLaosKJ.exe
  2⤵
  PID:636
- C:\Windows\System\xnPXmsK.exe
  C:\Windows\System\xnPXmsK.exe
  2⤵
  PID:7620
- C:\Windows\System\ocrtZuo.exe
  C:\Windows\System\ocrtZuo.exe
  2⤵
  PID:3024
- C:\Windows\System\UwqEWdt.exe
  C:\Windows\System\UwqEWdt.exe
  2⤵
  PID:4580
- C:\Windows\System\zYWzpyZ.exe
  C:\Windows\System\zYWzpyZ.exe
  2⤵
  PID:1688
- C:\Windows\System\hQSNVqg.exe
  C:\Windows\System\hQSNVqg.exe
  2⤵
  PID:3888
- C:\Windows\System\IAWhIwe.exe
  C:\Windows\System\IAWhIwe.exe
  2⤵
  PID:5912
- C:\Windows\System\EQaVePx.exe
  C:\Windows\System\EQaVePx.exe
  2⤵
  PID:3784
- C:\Windows\System\XcSSNpX.exe
  C:\Windows\System\XcSSNpX.exe
  2⤵
  PID:712
- C:\Windows\System\tIXbiZg.exe
  C:\Windows\System\tIXbiZg.exe
  2⤵
  PID:4564
- C:\Windows\System\xvRuCZC.exe
  C:\Windows\System\xvRuCZC.exe
  2⤵
  PID:8124
- C:\Windows\System\ZgDXWpK.exe
  C:\Windows\System\ZgDXWpK.exe
  2⤵
  PID:7488
- C:\Windows\System\blXFxPB.exe
  C:\Windows\System\blXFxPB.exe
  2⤵
  PID:2304
- C:\Windows\System\NhIqFwh.exe
  C:\Windows\System\NhIqFwh.exe
  2⤵
  PID:6820
- C:\Windows\System\JXgFJUJ.exe
  C:\Windows\System\JXgFJUJ.exe
  2⤵
  PID:5192
- C:\Windows\System\rwAYMzr.exe
  C:\Windows\System\rwAYMzr.exe
  2⤵
  PID:5256
- C:\Windows\System\OQwpHqe.exe
  C:\Windows\System\OQwpHqe.exe
  2⤵
  PID:5248
- C:\Windows\System\mQaDynQ.exe
  C:\Windows\System\mQaDynQ.exe
  2⤵
  PID:8372
- C:\Windows\System\UjfVPAu.exe
  C:\Windows\System\UjfVPAu.exe
  2⤵
  PID:8804
- C:\Windows\System\KpbKOLN.exe
  C:\Windows\System\KpbKOLN.exe
  2⤵
  PID:2952
- C:\Windows\System\nAAjsas.exe
  C:\Windows\System\nAAjsas.exe
  2⤵
  PID:9040
- C:\Windows\System\SqmTIco.exe
  C:\Windows\System\SqmTIco.exe
  2⤵
  PID:10092
- C:\Windows\System\TxtqzpS.exe
  C:\Windows\System\TxtqzpS.exe
  2⤵
  PID:10072
- C:\Windows\System\FuPkBsP.exe
  C:\Windows\System\FuPkBsP.exe
  2⤵
  PID:10056
- C:\Windows\System\UfyiwWa.exe
  C:\Windows\System\UfyiwWa.exe
  2⤵
  PID:10036
- C:\Windows\System\hlrHpBh.exe
  C:\Windows\System\hlrHpBh.exe
  2⤵
  PID:8952
- C:\Windows\System\cyIGIGd.exe
  C:\Windows\System\cyIGIGd.exe
  2⤵
  PID:8884
- C:\Windows\System\sdUWfLF.exe
  C:\Windows\System\sdUWfLF.exe
  2⤵
  PID:10228
- C:\Windows\System\vikKlfh.exe
  C:\Windows\System\vikKlfh.exe
  2⤵
  PID:10208
- C:\Windows\System\JKKDkDU.exe
  C:\Windows\System\JKKDkDU.exe
  2⤵
  PID:10188
- C:\Windows\System\rhurCCi.exe
  C:\Windows\System\rhurCCi.exe
  2⤵
  PID:10168
- C:\Windows\System\zbBhpPN.exe
  C:\Windows\System\zbBhpPN.exe
  2⤵
  PID:10144
- C:\Windows\System\dmJRZFg.exe
  C:\Windows\System\dmJRZFg.exe
  2⤵
  PID:10128
- C:\Windows\System\eePIoWX.exe
  C:\Windows\System\eePIoWX.exe
  2⤵
  PID:10108
- C:\Windows\System\lTvkCNF.exe
  C:\Windows\System\lTvkCNF.exe
  2⤵
  PID:10012
- C:\Windows\System\oUmBPgT.exe
  C:\Windows\System\oUmBPgT.exe
  2⤵
  PID:9996
- C:\Windows\System\mJckrKC.exe
  C:\Windows\System\mJckrKC.exe
  2⤵
  PID:9976
- C:\Windows\System\YuNUfFC.exe
  C:\Windows\System\YuNUfFC.exe
  2⤵
  PID:9960
- C:\Windows\System\SkyfdSm.exe
  C:\Windows\System\SkyfdSm.exe
  2⤵
  PID:9936
- C:\Windows\System\FvoTazS.exe
  C:\Windows\System\FvoTazS.exe
  2⤵
  PID:9916
- C:\Windows\System\iVYGpDw.exe
  C:\Windows\System\iVYGpDw.exe
  2⤵
  PID:9896
- C:\Windows\System\AFsdCVt.exe
  C:\Windows\System\AFsdCVt.exe
  2⤵
  PID:9872
- C:\Windows\System\cpKLFgg.exe
  C:\Windows\System\cpKLFgg.exe
  2⤵
  PID:9852
- C:\Windows\System\VsjeOUk.exe
  C:\Windows\System\VsjeOUk.exe
  2⤵
  PID:9828
- C:\Windows\System\gogguDJ.exe
  C:\Windows\System\gogguDJ.exe
  2⤵
  PID:9808
- C:\Windows\System\QnZHjjN.exe
  C:\Windows\System\QnZHjjN.exe
  2⤵
  PID:9784
- C:\Windows\System\RKkLxVX.exe
  C:\Windows\System\RKkLxVX.exe
  2⤵
  PID:9764
- C:\Windows\System\VLnDDkw.exe
  C:\Windows\System\VLnDDkw.exe
  2⤵
  PID:9748
- C:\Windows\System\aOpUWyl.exe
  C:\Windows\System\aOpUWyl.exe
  2⤵
  PID:9728
- C:\Windows\System\WVygdcJ.exe
  C:\Windows\System\WVygdcJ.exe
  2⤵
  PID:9704
- C:\Windows\System\lKsdhXV.exe
  C:\Windows\System\lKsdhXV.exe
  2⤵
  PID:9688
- C:\Windows\System\vriiJKz.exe
  C:\Windows\System\vriiJKz.exe
  2⤵
  PID:9660
- C:\Windows\System\Kcvnhya.exe
  C:\Windows\System\Kcvnhya.exe
  2⤵
  PID:9640
- C:\Windows\System\QsDJMbs.exe
  C:\Windows\System\QsDJMbs.exe
  2⤵
  PID:9624
- C:\Windows\System\RsxFbfp.exe
  C:\Windows\System\RsxFbfp.exe
  2⤵
  PID:9604
- C:\Windows\System\LfIJbdQ.exe
  C:\Windows\System\LfIJbdQ.exe
  2⤵
  PID:9584
- C:\Windows\System\GxYwuoq.exe
  C:\Windows\System\GxYwuoq.exe
  2⤵
  PID:9564
- C:\Windows\System\yGzspMo.exe
  C:\Windows\System\yGzspMo.exe
  2⤵
  PID:9548
- C:\Windows\System\jOwrSSA.exe
  C:\Windows\System\jOwrSSA.exe
  2⤵
  PID:9528
- C:\Windows\System\GmXMZqx.exe
  C:\Windows\System\GmXMZqx.exe
  2⤵
  PID:9504
- C:\Windows\System\uaTwWYE.exe
  C:\Windows\System\uaTwWYE.exe
  2⤵
  PID:9484
- C:\Windows\System\PYVOhlh.exe
  C:\Windows\System\PYVOhlh.exe
  2⤵
  PID:9464
- C:\Windows\System\EgVvzpm.exe
  C:\Windows\System\EgVvzpm.exe
  2⤵
  PID:9436
- C:\Windows\System\QtMTIFM.exe
  C:\Windows\System\QtMTIFM.exe
  2⤵
  PID:9416
- C:\Windows\System\SZleIfo.exe
  C:\Windows\System\SZleIfo.exe
  2⤵
  PID:9388
- C:\Windows\System\TmFtLjE.exe
  C:\Windows\System\TmFtLjE.exe
  2⤵
  PID:9364
- C:\Windows\System\iHafFjG.exe
  C:\Windows\System\iHafFjG.exe
  2⤵
  PID:9340
- C:\Windows\System\VIorVfo.exe
  C:\Windows\System\VIorVfo.exe
  2⤵
  PID:9324
- C:\Windows\System\KTWInmH.exe
  C:\Windows\System\KTWInmH.exe
  2⤵
  PID:9304
- C:\Windows\System\MzfAjyP.exe
  C:\Windows\System\MzfAjyP.exe
  2⤵
  PID:9284
- C:\Windows\System\vPnjtVc.exe
  C:\Windows\System\vPnjtVc.exe
  2⤵
  PID:9264
- C:\Windows\System\VGRmgrZ.exe
  C:\Windows\System\VGRmgrZ.exe
  2⤵
  PID:9240
- C:\Windows\System\KCkcVbc.exe
  C:\Windows\System\KCkcVbc.exe
  2⤵
  PID:9220
- C:\Windows\System\hcFhUnc.exe
  C:\Windows\System\hcFhUnc.exe
  2⤵
  PID:8740
- C:\Windows\System\JvkhYot.exe
  C:\Windows\System\JvkhYot.exe
  2⤵
  PID:8680
- C:\Windows\System\yoBUmNj.exe
  C:\Windows\System\yoBUmNj.exe
  2⤵
  PID:8268
- C:\Windows\System\CGLbGva.exe
  C:\Windows\System\CGLbGva.exe
  2⤵
  PID:8556
- C:\Windows\System\iyaUNUB.exe
  C:\Windows\System\iyaUNUB.exe
  2⤵
  PID:8524
- C:\Windows\System\ZKbkYOZ.exe
  C:\Windows\System\ZKbkYOZ.exe
  2⤵
  PID:8012
- C:\Windows\System\ERvrAyg.exe
  C:\Windows\System\ERvrAyg.exe
  2⤵
  PID:4628
- C:\Windows\System\fMKuMuw.exe
  C:\Windows\System\fMKuMuw.exe
  2⤵
  PID:8252
- C:\Windows\System\AfTagSS.exe
  C:\Windows\System\AfTagSS.exe
  2⤵
  PID:8212
- C:\Windows\System\FyRgYmY.exe
  C:\Windows\System\FyRgYmY.exe
  2⤵
  PID:5292
- C:\Windows\System\hmlPWQP.exe
  C:\Windows\System\hmlPWQP.exe
  2⤵
  PID:2112
- C:\Windows\System\ilGsAor.exe
  C:\Windows\System\ilGsAor.exe
  2⤵
  PID:8084
- C:\Windows\System\fHZEzhf.exe
  C:\Windows\System\fHZEzhf.exe
  2⤵
  PID:9208
- C:\Windows\System\vACZbSc.exe
  C:\Windows\System\vACZbSc.exe
  2⤵
  PID:9188
- C:\Windows\System\vqJkGDT.exe
  C:\Windows\System\vqJkGDT.exe
  2⤵
  PID:9152
- C:\Windows\System\ehOToAc.exe
  C:\Windows\System\ehOToAc.exe
  2⤵
  PID:9128
- C:\Windows\System\hKBrbQv.exe
  C:\Windows\System\hKBrbQv.exe
  2⤵
  PID:9108
- C:\Windows\System\oEGjTrp.exe
  C:\Windows\System\oEGjTrp.exe
  2⤵
  PID:9092
- C:\Windows\System\HaWkDFp.exe
  C:\Windows\System\HaWkDFp.exe
  2⤵
  PID:9072
- C:\Windows\System\XjKkxQT.exe
  C:\Windows\System\XjKkxQT.exe
  2⤵
  PID:9052
- C:\Windows\System\NwnbQOI.exe
  C:\Windows\System\NwnbQOI.exe
  2⤵
  PID:9032
- C:\Windows\System\BwpHcXK.exe
  C:\Windows\System\BwpHcXK.exe
  2⤵
  PID:9012
- C:\Windows\System\BLOZOfi.exe
  C:\Windows\System\BLOZOfi.exe
  2⤵
  PID:8980
- C:\Windows\System\QqvUqTH.exe
  C:\Windows\System\QqvUqTH.exe
  2⤵
  PID:8960
- C:\Windows\System\JphktDf.exe
  C:\Windows\System\JphktDf.exe
  2⤵
  PID:8940
- C:\Windows\System\WBBIBOy.exe
  C:\Windows\System\WBBIBOy.exe
  2⤵
  PID:8920
- C:\Windows\System\rDqMVeW.exe
  C:\Windows\System\rDqMVeW.exe
  2⤵
  PID:8892
- C:\Windows\System\RXGwJdI.exe
  C:\Windows\System\RXGwJdI.exe
  2⤵
  PID:8876
- C:\Windows\System\wkJgUOG.exe
  C:\Windows\System\wkJgUOG.exe
  2⤵
  PID:8860
- C:\Windows\System\LyQgziL.exe
  C:\Windows\System\LyQgziL.exe
  2⤵
  PID:8844
- C:\Windows\System\UTGHMER.exe
  C:\Windows\System\UTGHMER.exe
  2⤵
  PID:8824
- C:\Windows\System\RDusdxD.exe
  C:\Windows\System\RDusdxD.exe
  2⤵
  PID:8788
- C:\Windows\System\XiJxvWc.exe
  C:\Windows\System\XiJxvWc.exe
  2⤵
  PID:8772
- C:\Windows\System\ExDjDFF.exe
  C:\Windows\System\ExDjDFF.exe
  2⤵
  PID:8748
- C:\Windows\System\IlvNKDW.exe
  C:\Windows\System\IlvNKDW.exe
  2⤵
  PID:8732
- C:\Windows\System\mCYyZtv.exe
  C:\Windows\System\mCYyZtv.exe
  2⤵
  PID:8712
- C:\Windows\System\LCIlBgD.exe
  C:\Windows\System\LCIlBgD.exe
  2⤵
  PID:8692
- C:\Windows\System\iUZtdQv.exe
  C:\Windows\System\iUZtdQv.exe
  2⤵
  PID:8672
- C:\Windows\System\eVqrNNg.exe
  C:\Windows\System\eVqrNNg.exe
  2⤵
  PID:8652
- C:\Windows\System\BqsDjMo.exe
  C:\Windows\System\BqsDjMo.exe
  2⤵
  PID:8632
- C:\Windows\System\qmoOwJE.exe
  C:\Windows\System\qmoOwJE.exe
  2⤵
  PID:8604
- C:\Windows\System\MfBHliL.exe
  C:\Windows\System\MfBHliL.exe
  2⤵
  PID:8588
- C:\Windows\System\DaoFIlN.exe
  C:\Windows\System\DaoFIlN.exe
  2⤵
  PID:8560
- C:\Windows\System\ZzDPGCN.exe
  C:\Windows\System\ZzDPGCN.exe
  2⤵
  PID:8532
- C:\Windows\System\DwHeKxX.exe
  C:\Windows\System\DwHeKxX.exe
  2⤵
  PID:8516
- C:\Windows\System\SkwlvzD.exe
  C:\Windows\System\SkwlvzD.exe
  2⤵
  PID:8492
- C:\Windows\System\FdAQxjj.exe
  C:\Windows\System\FdAQxjj.exe
  2⤵
  PID:8472
- C:\Windows\System\PLXLPHD.exe
  C:\Windows\System\PLXLPHD.exe
  2⤵
  PID:8448
- C:\Windows\System\zmHaktV.exe
  C:\Windows\System\zmHaktV.exe
  2⤵
  PID:8424
- C:\Windows\System\BFdZBiF.exe
  C:\Windows\System\BFdZBiF.exe
  2⤵
  PID:8404
- C:\Windows\System\ATAIyIc.exe
  C:\Windows\System\ATAIyIc.exe
  2⤵
  PID:8388
- C:\Windows\System\FaDGwWT.exe
  C:\Windows\System\FaDGwWT.exe
  2⤵
  PID:8348
- C:\Windows\System\EmxlyAi.exe
  C:\Windows\System\EmxlyAi.exe
  2⤵
  PID:8328
- C:\Windows\System\iwhPbiv.exe
  C:\Windows\System\iwhPbiv.exe
  2⤵
  PID:8312
- C:\Windows\System\bhONqsw.exe
  C:\Windows\System\bhONqsw.exe
  2⤵
  PID:8284
- C:\Windows\System\fWdHmql.exe
  C:\Windows\System\fWdHmql.exe
  2⤵
  PID:8260
- C:\Windows\System\WHYwlbH.exe
  C:\Windows\System\WHYwlbH.exe
  2⤵
  PID:8240
- C:\Windows\System\SanXdtY.exe
  C:\Windows\System\SanXdtY.exe
  2⤵
  PID:8220
- C:\Windows\System\CFgDyJh.exe
  C:\Windows\System\CFgDyJh.exe
  2⤵
  PID:8200
- C:\Windows\System\wEFtRzO.exe
  C:\Windows\System\wEFtRzO.exe
  2⤵
  PID:7824
- C:\Windows\System\bIdEysk.exe
  C:\Windows\System\bIdEysk.exe
  2⤵
  PID:7232
- C:\Windows\System\wnZUqMo.exe
  C:\Windows\System\wnZUqMo.exe
  2⤵
  PID:2516
- C:\Windows\System\VmwvBCf.exe
  C:\Windows\System\VmwvBCf.exe
  2⤵
  PID:3540
- C:\Windows\System\TdrNqBN.exe
  C:\Windows\System\TdrNqBN.exe
  2⤵
  PID:7472
- C:\Windows\System\XpVbgMY.exe
  C:\Windows\System\XpVbgMY.exe
  2⤵
  PID:7328
- C:\Windows\System\EVppYXj.exe
  C:\Windows\System\EVppYXj.exe
  2⤵
  PID:4292
- C:\Windows\System\oYYctgy.exe
  C:\Windows\System\oYYctgy.exe
  2⤵
  PID:7268
- C:\Windows\System\QxluvwL.exe
  C:\Windows\System\QxluvwL.exe
  2⤵
  PID:6676
- C:\Windows\System\IDugxnZ.exe
  C:\Windows\System\IDugxnZ.exe
  2⤵
  PID:6696
- C:\Windows\System\RYyYbKW.exe
  C:\Windows\System\RYyYbKW.exe
  2⤵
  PID:1340
- C:\Windows\System\peMzViV.exe
  C:\Windows\System\peMzViV.exe
  2⤵
  PID:9260
- C:\Windows\System\qqUzgRL.exe
  C:\Windows\System\qqUzgRL.exe
  2⤵
  PID:9316
- C:\Windows\System\HKTMgCU.exe
  C:\Windows\System\HKTMgCU.exe
  2⤵
  PID:9712
- C:\Windows\System\TdTINgt.exe
  C:\Windows\System\TdTINgt.exe
  2⤵
  PID:9616
- C:\Windows\System\MfoTEWc.exe
  C:\Windows\System\MfoTEWc.exe
  2⤵
  PID:8976
- C:\Windows\System\NUgPucP.exe
  C:\Windows\System\NUgPucP.exe
  2⤵
  PID:10216
- C:\Windows\System\kjQytLO.exe
  C:\Windows\System\kjQytLO.exe
  2⤵
  PID:9860
- C:\Windows\System\uKChFQT.exe
  C:\Windows\System\uKChFQT.exe
  2⤵
  PID:4040
- C:\Windows\System\nnJBsgX.exe
  C:\Windows\System\nnJBsgX.exe
  2⤵
  PID:8932
- C:\Windows\System\lsConMJ.exe
  C:\Windows\System\lsConMJ.exe
  2⤵
  PID:10328
- C:\Windows\System\JFTWDOG.exe
  C:\Windows\System\JFTWDOG.exe
  2⤵
  PID:10780
- C:\Windows\System\SZYWujJ.exe
  C:\Windows\System\SZYWujJ.exe
  2⤵
  PID:10760
- C:\Windows\System\DMVlqGn.exe
  C:\Windows\System\DMVlqGn.exe
  2⤵
  PID:10736
- C:\Windows\System\jZXQpGK.exe
  C:\Windows\System\jZXQpGK.exe
  2⤵
  PID:10716
- C:\Windows\System\yiOEBQo.exe
  C:\Windows\System\yiOEBQo.exe
  2⤵
  PID:10700
- C:\Windows\System\wjQsMUY.exe
  C:\Windows\System\wjQsMUY.exe
  2⤵
  PID:10680
- C:\Windows\System\jLuLywT.exe
  C:\Windows\System\jLuLywT.exe
  2⤵
  PID:10660
- C:\Windows\System\NvjPHdG.exe
  C:\Windows\System\NvjPHdG.exe
  2⤵
  PID:10636
- C:\Windows\System\VWtgxDy.exe
  C:\Windows\System\VWtgxDy.exe
  2⤵
  PID:10608
- C:\Windows\System\NxGKCPO.exe
  C:\Windows\System\NxGKCPO.exe
  2⤵
  PID:10592
- C:\Windows\System\PAXJqSA.exe
  C:\Windows\System\PAXJqSA.exe
  2⤵
  PID:10556
- C:\Windows\System\hywXioB.exe
  C:\Windows\System\hywXioB.exe
  2⤵
  PID:10540
- C:\Windows\System\oPsfEAM.exe
  C:\Windows\System\oPsfEAM.exe
  2⤵
  PID:10520
- C:\Windows\System\oayyjQw.exe
  C:\Windows\System\oayyjQw.exe
  2⤵
  PID:10304
- C:\Windows\System\Xueorfb.exe
  C:\Windows\System\Xueorfb.exe
  2⤵
  PID:10284
- C:\Windows\System\juSXHqi.exe
  C:\Windows\System\juSXHqi.exe
  2⤵
  PID:10264
- C:\Windows\System\ajCPimw.exe
  C:\Windows\System\ajCPimw.exe
  2⤵
  PID:10244
- C:\Windows\System\waFnkxy.exe
  C:\Windows\System\waFnkxy.exe
  2⤵
  PID:8972
- C:\Windows\System\btUlCtC.exe
  C:\Windows\System\btUlCtC.exe
  2⤵
  PID:7224
- C:\Windows\System\vRuufsj.exe
  C:\Windows\System\vRuufsj.exe
  2⤵
  PID:9632
- C:\Windows\System\lxDSdct.exe
  C:\Windows\System\lxDSdct.exe
  2⤵
  PID:10196
- C:\Windows\System\QJWMSTt.exe
  C:\Windows\System\QJWMSTt.exe
  2⤵
  PID:9596
- C:\Windows\System\zUcUeEs.exe
  C:\Windows\System\zUcUeEs.exe
  2⤵
  PID:9400
- C:\Windows\System\HMZPfBN.exe
  C:\Windows\System\HMZPfBN.exe
  2⤵
  PID:9700
- C:\Windows\System\DrRTNMr.exe
  C:\Windows\System\DrRTNMr.exe
  2⤵
  PID:10224
- C:\Windows\System\uyKAzEs.exe
  C:\Windows\System\uyKAzEs.exe
  2⤵
  PID:9480
- C:\Windows\System\ThIdYfN.exe
  C:\Windows\System\ThIdYfN.exe
  2⤵
  PID:9780
- C:\Windows\System\afxvpmR.exe
  C:\Windows\System\afxvpmR.exe
  2⤵
  PID:8852
- C:\Windows\System\BAzYxMZ.exe
  C:\Windows\System\BAzYxMZ.exe
  2⤵
  PID:9084
- C:\Windows\System\BbtTbXM.exe
  C:\Windows\System\BbtTbXM.exe
  2⤵
  PID:9228
- C:\Windows\System\dSIVIfD.exe
  C:\Windows\System\dSIVIfD.exe
  2⤵
  PID:9424
- C:\Windows\System\BFgtvkt.exe
  C:\Windows\System\BFgtvkt.exe
  2⤵
  PID:8928
- C:\Windows\System\ozTRmzY.exe
  C:\Windows\System\ozTRmzY.exe
  2⤵
  PID:7812
- C:\Windows\System\ZyftrdV.exe
  C:\Windows\System\ZyftrdV.exe
  2⤵
  PID:8576
- C:\Windows\System\ElNSpNl.exe
  C:\Windows\System\ElNSpNl.exe
  2⤵
  PID:10080
- C:\Windows\System\EcCPWWf.exe
  C:\Windows\System\EcCPWWf.exe
  2⤵
  PID:9576
- C:\Windows\System\SSkyZxi.exe
  C:\Windows\System\SSkyZxi.exe
  2⤵
  PID:9516
- C:\Windows\System\wVkEIKP.exe
  C:\Windows\System\wVkEIKP.exe
  2⤵
  PID:9044
- C:\Windows\System\wozPtgm.exe
  C:\Windows\System\wozPtgm.exe
  2⤵
  PID:9716
- C:\Windows\System\RFuqrbc.exe
  C:\Windows\System\RFuqrbc.exe
  2⤵
  PID:9816
- C:\Windows\System\agRMBcM.exe
  C:\Windows\System\agRMBcM.exe
  2⤵
  PID:10004
- C:\Windows\System\pFGwfhA.exe
  C:\Windows\System\pFGwfhA.exe
  2⤵
  PID:9492
- C:\Windows\System\VXJrRnC.exe
  C:\Windows\System\VXJrRnC.exe
  2⤵
  PID:9652
- C:\Windows\System\RwtsfCE.exe
  C:\Windows\System\RwtsfCE.exe
  2⤵
  PID:8816
- C:\Windows\System\llmIcOK.exe
  C:\Windows\System\llmIcOK.exe
  2⤵
  PID:9912
- C:\Windows\System\GGtTFlT.exe
  C:\Windows\System\GGtTFlT.exe
  2⤵
  PID:10352
- C:\Windows\System\oCwWRPM.exe
  C:\Windows\System\oCwWRPM.exe
  2⤵
  PID:10844
- C:\Windows\System\JUMhVvU.exe
  C:\Windows\System\JUMhVvU.exe
  2⤵
  PID:10516
- C:\Windows\System\WyvYARb.exe
  C:\Windows\System\WyvYARb.exe
  2⤵
  PID:10860
- C:\Windows\System\OlntlIC.exe
  C:\Windows\System\OlntlIC.exe
  2⤵
  PID:10668
- C:\Windows\System\ECMgxwM.exe
  C:\Windows\System\ECMgxwM.exe
  2⤵
  PID:10576
- C:\Windows\System\TJYjLtQ.exe
  C:\Windows\System\TJYjLtQ.exe
  2⤵
  PID:10928
- C:\Windows\System\wMSmNIf.exe
  C:\Windows\System\wMSmNIf.exe
  2⤵
  PID:10804
- C:\Windows\System\ROPglST.exe
  C:\Windows\System\ROPglST.exe
  2⤵
  PID:10936
- C:\Windows\System\eoETMTl.exe
  C:\Windows\System\eoETMTl.exe
  2⤵
  PID:10908
- C:\Windows\System\djntNiH.exe
  C:\Windows\System\djntNiH.exe
  2⤵
  PID:11008
- C:\Windows\System\ksHtYnC.exe
  C:\Windows\System\ksHtYnC.exe
  2⤵
  PID:10856
- C:\Windows\System\IzmUTla.exe
  C:\Windows\System\IzmUTla.exe
  2⤵
  PID:10708
- C:\Windows\System\CvPHauw.exe
  C:\Windows\System\CvPHauw.exe
  2⤵
  PID:9116
- C:\Windows\System\foXJplW.exe
  C:\Windows\System\foXJplW.exe
  2⤵
  PID:9236
- C:\Windows\System\FAKcvWQ.exe
  C:\Windows\System\FAKcvWQ.exe
  2⤵
  PID:11064
- C:\Windows\System\ytNrrEC.exe
  C:\Windows\System\ytNrrEC.exe
  2⤵
  PID:11152
- C:\Windows\System\WWmFmbc.exe
  C:\Windows\System\WWmFmbc.exe
  2⤵
  PID:11228
- C:\Windows\System\gNvmtRs.exe
  C:\Windows\System\gNvmtRs.exe
  2⤵
  PID:10256
- C:\Windows\System\MMWdtJB.exe
  C:\Windows\System\MMWdtJB.exe
  2⤵
  PID:10276
- C:\Windows\System\drgibwK.exe
  C:\Windows\System\drgibwK.exe
  2⤵
  PID:11244
- C:\Windows\System\xnajgqo.exe
  C:\Windows\System\xnajgqo.exe
  2⤵
  PID:11100
- C:\Windows\System\OVRnDPy.exe
  C:\Windows\System\OVRnDPy.exe
  2⤵
  PID:11128
- C:\Windows\System\YAczrvG.exe
  C:\Windows\System\YAczrvG.exe
  2⤵
  PID:11256
- C:\Windows\System\TPuCcse.exe
  C:\Windows\System\TPuCcse.exe
  2⤵
  PID:5948
- C:\Windows\System\CPjpsVE.exe
  C:\Windows\System\CPjpsVE.exe
  2⤵
  PID:10840
- C:\Windows\System\yazkaex.exe
  C:\Windows\System\yazkaex.exe
  2⤵
  PID:6076
- C:\Windows\System\FJRHXYI.exe
  C:\Windows\System\FJRHXYI.exe
  2⤵
  PID:8612
- C:\Windows\System\ZVrgWkf.exe
  C:\Windows\System\ZVrgWkf.exe
  2⤵
  PID:10964
- C:\Windows\System\BshUsIK.exe
  C:\Windows\System\BshUsIK.exe
  2⤵
  PID:9252
- C:\Windows\System\BgvFTZm.exe
  C:\Windows\System\BgvFTZm.exe
  2⤵
  PID:10464
- C:\Windows\System\gVoBdCN.exe
  C:\Windows\System\gVoBdCN.exe
  2⤵
  PID:5716
- C:\Windows\System\bPeAodJ.exe
  C:\Windows\System\bPeAodJ.exe
  2⤵
  PID:3648
- C:\Windows\System\TPJsIXT.exe
  C:\Windows\System\TPJsIXT.exe
  2⤵
  PID:6048
- C:\Windows\System\NBFHIRz.exe
  C:\Windows\System\NBFHIRz.exe
  2⤵
  PID:10568
- C:\Windows\System\HSEnntw.exe
  C:\Windows\System\HSEnntw.exe
  2⤵
  PID:5400
- C:\Windows\System\aeLTqEy.exe
  C:\Windows\System\aeLTqEy.exe
  2⤵
  PID:4736
- C:\Windows\System\bSKWUfx.exe
  C:\Windows\System\bSKWUfx.exe
  2⤵
  PID:3432
- C:\Windows\System\hPpaCnW.exe
  C:\Windows\System\hPpaCnW.exe
  2⤵
  PID:6016
- C:\Windows\System\JqoLvmP.exe
  C:\Windows\System\JqoLvmP.exe
  2⤵
  PID:10536
- C:\Windows\System\OkLyZKB.exe
  C:\Windows\System\OkLyZKB.exe
  2⤵
  PID:5776
- C:\Windows\System\RTlNYQM.exe
  C:\Windows\System\RTlNYQM.exe
  2⤵
  PID:9672
- C:\Windows\System\nsmkber.exe
  C:\Windows\System\nsmkber.exe
  2⤵
  PID:4300
- C:\Windows\System\QHofTMY.exe
  C:\Windows\System\QHofTMY.exe
  2⤵
  PID:5872
- C:\Windows\System\GKCOIIm.exe
  C:\Windows\System\GKCOIIm.exe
  2⤵
  PID:5868
- C:\Windows\System\lWsgBzg.exe
  C:\Windows\System\lWsgBzg.exe
  2⤵
  PID:5180
- C:\Windows\System\yyVfFiL.exe
  C:\Windows\System\yyVfFiL.exe
  2⤵
  PID:5152
- C:\Windows\System\QMqmvWD.exe
  C:\Windows\System\QMqmvWD.exe
  2⤵
  PID:4484
- C:\Windows\System\mkBWkjm.exe
  C:\Windows\System\mkBWkjm.exe
  2⤵
  PID:4800
- C:\Windows\System\xZgNsXf.exe
  C:\Windows\System\xZgNsXf.exe
  2⤵
  PID:2096
- C:\Windows\System\TcSHeYE.exe
  C:\Windows\System\TcSHeYE.exe
  2⤵
  PID:6024
- C:\Windows\System\oNfFWfP.exe
  C:\Windows\System\oNfFWfP.exe
  2⤵
  PID:8868
- C:\Windows\System\JsGVrJl.exe
  C:\Windows\System\JsGVrJl.exe
  2⤵
  PID:4696
- C:\Windows\System\ttLjJYA.exe
  C:\Windows\System\ttLjJYA.exe
  2⤵
  PID:11572
- C:\Windows\System\LQfDemk.exe
  C:\Windows\System\LQfDemk.exe
  2⤵
  PID:11924
- C:\Windows\System\fyKikix.exe
  C:\Windows\System\fyKikix.exe
  2⤵
  PID:11904
- C:\Windows\System\HhWPuUt.exe
  C:\Windows\System\HhWPuUt.exe
  2⤵
  PID:11880
- C:\Windows\System\JfAFHMN.exe
  C:\Windows\System\JfAFHMN.exe
  2⤵
  PID:11864
- C:\Windows\System\aUSgwBB.exe
  C:\Windows\System\aUSgwBB.exe
  2⤵
  PID:11844
- C:\Windows\System\cmSikup.exe
  C:\Windows\System\cmSikup.exe
  2⤵
  PID:5908
- C:\Windows\System\ROvuepX.exe
  C:\Windows\System\ROvuepX.exe
  2⤵
  PID:12012
- C:\Windows\System\BOspPLw.exe
  C:\Windows\System\BOspPLw.exe
  2⤵
  PID:11360
- C:\Windows\System\UJTCxCs.exe
  C:\Windows\System\UJTCxCs.exe
  2⤵
  PID:11688
- C:\Windows\System\mkXzGcf.exe
  C:\Windows\System\mkXzGcf.exe
  2⤵
  PID:5980
- C:\Windows\System\dCgLlSo.exe
  C:\Windows\System\dCgLlSo.exe
  2⤵
  PID:11404
- C:\Windows\System\MYosFMa.exe
  C:\Windows\System\MYosFMa.exe
  2⤵
  PID:9060
- C:\Windows\System\qHWLCSV.exe
  C:\Windows\System\qHWLCSV.exe
  2⤵
  PID:9592
- C:\Windows\System\fetzmdv.exe
  C:\Windows\System\fetzmdv.exe
  2⤵
  PID:2728
- C:\Windows\System\RyjXyaG.exe
  C:\Windows\System\RyjXyaG.exe
  2⤵
  PID:11196
- C:\Windows\System\oQSwaPk.exe
  C:\Windows\System\oQSwaPk.exe
  2⤵
  PID:10848
- C:\Windows\System\sQzizYN.exe
  C:\Windows\System\sQzizYN.exe
  2⤵
  PID:9000
- C:\Windows\System\aIwEsVl.exe
  C:\Windows\System\aIwEsVl.exe
  2⤵
  PID:11828
- C:\Windows\System\tzBgAJo.exe
  C:\Windows\System\tzBgAJo.exe
  2⤵
  PID:11800
- C:\Windows\System\ZlAAPnA.exe
  C:\Windows\System\ZlAAPnA.exe
  2⤵
  PID:11776
- C:\Windows\System\wHFjYsO.exe
  C:\Windows\System\wHFjYsO.exe
  2⤵
  PID:11756
- C:\Windows\System\wNksunn.exe
  C:\Windows\System\wNksunn.exe
  2⤵
  PID:11732
- C:\Windows\System\nHIsuQc.exe
  C:\Windows\System\nHIsuQc.exe
  2⤵
  PID:11712
- C:\Windows\System\dnqzPNC.exe
  C:\Windows\System\dnqzPNC.exe
  2⤵
  PID:11692
- C:\Windows\System\IPsCott.exe
  C:\Windows\System\IPsCott.exe
  2⤵
  PID:11672
- C:\Windows\System\YfrPvTh.exe
  C:\Windows\System\YfrPvTh.exe
  2⤵
  PID:11648
- C:\Windows\System\ecvEWhE.exe
  C:\Windows\System\ecvEWhE.exe
  2⤵
  PID:11628
- C:\Windows\System\iVwTveQ.exe
  C:\Windows\System\iVwTveQ.exe
  2⤵
  PID:11608
- C:\Windows\System\HKWPMvY.exe
  C:\Windows\System\HKWPMvY.exe
  2⤵
  PID:11592
- C:\Windows\System\BdywYJC.exe
  C:\Windows\System\BdywYJC.exe
  2⤵
  PID:11552
- C:\Windows\System\rnHOeYp.exe
  C:\Windows\System\rnHOeYp.exe
  2⤵
  PID:11528
- C:\Windows\System\dWPFjQt.exe
  C:\Windows\System\dWPFjQt.exe
  2⤵
  PID:11508
- C:\Windows\System\zDBLXDk.exe
  C:\Windows\System\zDBLXDk.exe
  2⤵
  PID:11484
- C:\Windows\System\JmGJdxf.exe
  C:\Windows\System\JmGJdxf.exe
  2⤵
  PID:11460
- C:\Windows\System\rzsZvXD.exe
  C:\Windows\System\rzsZvXD.exe
  2⤵
  PID:11436
- C:\Windows\System\yMMZqfB.exe
  C:\Windows\System\yMMZqfB.exe
  2⤵
  PID:11416
- C:\Windows\System\LplaBtk.exe
  C:\Windows\System\LplaBtk.exe
  2⤵
  PID:11396
- C:\Windows\System\KhkhYVT.exe
  C:\Windows\System\KhkhYVT.exe
  2⤵
  PID:11372
- C:\Windows\System\atvWaNG.exe
  C:\Windows\System\atvWaNG.exe
  2⤵
  PID:11352
- C:\Windows\System\eEeLoHO.exe
  C:\Windows\System\eEeLoHO.exe
  2⤵
  PID:11324
- C:\Windows\System\oUUFxnl.exe
  C:\Windows\System\oUUFxnl.exe
  2⤵
  PID:11304
- C:\Windows\System\kzuVQHB.exe
  C:\Windows\System\kzuVQHB.exe
  2⤵
  PID:11284
- C:\Windows\System\VfusbrW.exe
  C:\Windows\System\VfusbrW.exe
  2⤵
  PID:11268
- C:\Windows\System\khnMEeI.exe
  C:\Windows\System\khnMEeI.exe
  2⤵
  PID:10880
- C:\Windows\System\CkjdgKc.exe
  C:\Windows\System\CkjdgKc.exe
  2⤵
  PID:5288
- C:\Windows\System\cWpWYWE.exe
  C:\Windows\System\cWpWYWE.exe
  2⤵
  PID:6108
- C:\Windows\System\jFYyoeT.exe
  C:\Windows\System\jFYyoeT.exe
  2⤵
  PID:2888
- C:\Windows\System\bzrdXOZ.exe
  C:\Windows\System\bzrdXOZ.exe
  2⤵
  PID:5260
- C:\Windows\System\pgMvMxB.exe
  C:\Windows\System\pgMvMxB.exe
  2⤵
  PID:10512
- C:\Windows\System\nmPkQtO.exe
  C:\Windows\System\nmPkQtO.exe
  2⤵
  PID:10832
- C:\Windows\System\lrULLFI.exe
  C:\Windows\System\lrULLFI.exe
  2⤵
  PID:5940
- C:\Windows\System\SwwKZXr.exe
  C:\Windows\System\SwwKZXr.exe
  2⤵
  PID:7008
- C:\Windows\System\EtiYDHi.exe
  C:\Windows\System\EtiYDHi.exe
  2⤵
  PID:7340
- C:\Windows\System\CYnEWYT.exe
  C:\Windows\System\CYnEWYT.exe
  2⤵
  PID:5976
- C:\Windows\System\tDovvZd.exe
  C:\Windows\System\tDovvZd.exe
  2⤵
  PID:5892
- C:\Windows\System\tVAnrLu.exe
  C:\Windows\System\tVAnrLu.exe
  2⤵
  PID:10372
- C:\Windows\System\mEhcCkb.exe
  C:\Windows\System\mEhcCkb.exe
  2⤵
  PID:9868
- C:\Windows\System\jipdDzP.exe
  C:\Windows\System\jipdDzP.exe
  2⤵
  PID:9756
- C:\Windows\System\RphFoZI.exe
  C:\Windows\System\RphFoZI.exe
  2⤵
  PID:10940
- C:\Windows\System\ZMHVKcz.exe
  C:\Windows\System\ZMHVKcz.exe
  2⤵
  PID:10872
- C:\Windows\System\TbdjcAK.exe
  C:\Windows\System\TbdjcAK.exe
  2⤵
  PID:11140
- C:\Windows\System\XURTRGM.exe
  C:\Windows\System\XURTRGM.exe
  2⤵
  PID:10628
- C:\Windows\System\UoGCRHV.exe
  C:\Windows\System\UoGCRHV.exe
  2⤵
  PID:10696
- C:\Windows\System\pJdXXhi.exe
  C:\Windows\System\pJdXXhi.exe
  2⤵
  PID:11920
- C:\Windows\System\LAnBaHh.exe
  C:\Windows\System\LAnBaHh.exe
  2⤵
  PID:9820
- C:\Windows\System\ubUmXLe.exe
  C:\Windows\System\ubUmXLe.exe
  2⤵
  PID:5812
- C:\Windows\System\lixrTpr.exe
  C:\Windows\System\lixrTpr.exe
  2⤵
  PID:10932
- C:\Windows\System\xVnxKvi.exe
  C:\Windows\System\xVnxKvi.exe
  2⤵
  PID:12064
- C:\Windows\System\ZzhtbEM.exe
  C:\Windows\System\ZzhtbEM.exe
  2⤵
  PID:10616
- C:\Windows\System\uWUJIfr.exe
  C:\Windows\System\uWUJIfr.exe
  2⤵
  PID:4740
- C:\Windows\System\CCbgLVK.exe
  C:\Windows\System\CCbgLVK.exe
  2⤵
  PID:6000
- C:\Windows\System\oCdQkcS.exe
  C:\Windows\System\oCdQkcS.exe
  2⤵
  PID:12688
- C:\Windows\System\dkEuPHn.exe
  C:\Windows\System\dkEuPHn.exe
  2⤵
  PID:12748
- C:\Windows\System\evlBVCK.exe
  C:\Windows\System\evlBVCK.exe
  2⤵
  PID:13360
- C:\Windows\System\mOdKSlG.exe
  C:\Windows\System\mOdKSlG.exe
  2⤵
  PID:13664
- C:\Windows\System\SgVPLsz.exe
  C:\Windows\System\SgVPLsz.exe
  2⤵
  PID:14132
- C:\Windows\System\rgnbJXx.exe
  C:\Windows\System\rgnbJXx.exe
  2⤵
  PID:14112
- C:\Windows\System\bilZlFh.exe
  C:\Windows\System\bilZlFh.exe
  2⤵
  PID:12580
- C:\Windows\System\lVBtbPz.exe
  C:\Windows\System\lVBtbPz.exe
  2⤵
  PID:11444
- C:\Windows\System\eRUzhVm.exe
  C:\Windows\System\eRUzhVm.exe
  2⤵
  PID:7496
- C:\Windows\System\fLjvdbD.exe
  C:\Windows\System\fLjvdbD.exe
  2⤵
  PID:12380
- C:\Windows\System\FDObCkT.exe
  C:\Windows\System\FDObCkT.exe
  2⤵
  PID:2008
- C:\Windows\System\loTahNA.exe
  C:\Windows\System\loTahNA.exe
  2⤵
  PID:6360
- C:\Windows\System\DoqxOHN.exe
  C:\Windows\System\DoqxOHN.exe
  2⤵
  PID:7648
- C:\Windows\System\PqEMNvZ.exe
  C:\Windows\System\PqEMNvZ.exe
  2⤵
  PID:11428
- C:\Windows\System\gXJyeoP.exe
  C:\Windows\System\gXJyeoP.exe
  2⤵
  PID:11448
- C:\Windows\System\kTuPDlD.exe
  C:\Windows\System\kTuPDlD.exe
  2⤵
  PID:8064
- C:\Windows\System\MejQYAG.exe
  C:\Windows\System\MejQYAG.exe
  2⤵
  PID:4952
- C:\Windows\System\VrCORTd.exe
  C:\Windows\System\VrCORTd.exe
  2⤵
  PID:4296
- C:\Windows\System\MHFGwKz.exe
  C:\Windows\System\MHFGwKz.exe
  2⤵
  PID:13300
- C:\Windows\System\OJAVcVv.exe
  C:\Windows\System\OJAVcVv.exe
  2⤵
  PID:6872
- C:\Windows\System\eDYvSIp.exe
  C:\Windows\System\eDYvSIp.exe
  2⤵
  PID:6364
- C:\Windows\System\iEkpbRr.exe
  C:\Windows\System\iEkpbRr.exe
  2⤵
  PID:13128
- C:\Windows\System\sCmfkyK.exe
  C:\Windows\System\sCmfkyK.exe
  2⤵
  PID:13088
- C:\Windows\System\mvEPTZe.exe
  C:\Windows\System\mvEPTZe.exe
  2⤵
  PID:13020
- C:\Windows\System\zZbmGrs.exe
  C:\Windows\System\zZbmGrs.exe
  2⤵
  PID:12980
- C:\Windows\System\KRNUcmC.exe
  C:\Windows\System\KRNUcmC.exe
  2⤵
  PID:12940
- C:\Windows\System\LDEdnFN.exe
  C:\Windows\System\LDEdnFN.exe
  2⤵
  PID:7884
- C:\Windows\System\hXojWNd.exe
  C:\Windows\System\hXojWNd.exe
  2⤵
  PID:5376
- C:\Windows\System\RjrrurI.exe
  C:\Windows\System\RjrrurI.exe
  2⤵
  PID:12720
- C:\Windows\System\vRHtnho.exe
  C:\Windows\System\vRHtnho.exe
  2⤵
  PID:13960
- C:\Windows\System\kGYDiqm.exe
  C:\Windows\System\kGYDiqm.exe
  2⤵
  PID:13552
- C:\Windows\System\vYjFUvE.exe
  C:\Windows\System\vYjFUvE.exe
  2⤵
  PID:13900
- C:\Windows\System\BmPJMFY.exe
  C:\Windows\System\BmPJMFY.exe
  2⤵
  PID:13800
- C:\Windows\System\CiiLMkZ.exe
  C:\Windows\System\CiiLMkZ.exe
  2⤵
  PID:14148
- C:\Windows\System\CSztFvb.exe
  C:\Windows\System\CSztFvb.exe
  2⤵
  PID:5588
- C:\Windows\System\NKXJhne.exe
  C:\Windows\System\NKXJhne.exe
  2⤵
  PID:12104
- C:\Windows\System\qEZODcB.exe
  C:\Windows\System\qEZODcB.exe
  2⤵
  PID:12652
- C:\Windows\System\mNfoyDE.exe
  C:\Windows\System\mNfoyDE.exe
  2⤵
  PID:7684
- C:\Windows\System\YuuykxP.exe
  C:\Windows\System\YuuykxP.exe
  2⤵
  PID:2876
- C:\Windows\System\RFQQzZS.exe
  C:\Windows\System\RFQQzZS.exe
  2⤵
  PID:12560
- C:\Windows\System\SLLdGBr.exe
  C:\Windows\System\SLLdGBr.exe
  2⤵
  PID:12524
- C:\Windows\System\KjXtyJb.exe
  C:\Windows\System\KjXtyJb.exe
  2⤵
  PID:12492
- C:\Windows\System\umhzCIA.exe
  C:\Windows\System\umhzCIA.exe
  2⤵
  PID:6760
- C:\Windows\System\aEGpQoV.exe
  C:\Windows\System\aEGpQoV.exe
  2⤵
  PID:7704
- C:\Windows\System\GqSNBao.exe
  C:\Windows\System\GqSNBao.exe
  2⤵
  PID:7892
- C:\Windows\System\AKYDYxJ.exe
  C:\Windows\System\AKYDYxJ.exe
  2⤵
  PID:12724
- C:\Windows\System\nJcpOKa.exe
  C:\Windows\System\nJcpOKa.exe
  2⤵
  PID:7508
- C:\Windows\System\ukeeNcw.exe
  C:\Windows\System\ukeeNcw.exe
  2⤵
  PID:1372
- C:\Windows\System\EUAAXsO.exe
  C:\Windows\System\EUAAXsO.exe
  2⤵
  PID:5324
- C:\Windows\System\XqaHCCs.exe
  C:\Windows\System\XqaHCCs.exe
  2⤵
  PID:8024
- C:\Windows\System\hsPWBbF.exe
  C:\Windows\System\hsPWBbF.exe
  2⤵
  PID:12332
- C:\Windows\System\GbVZFkJ.exe
  C:\Windows\System\GbVZFkJ.exe
  2⤵
  PID:12328
- C:\Windows\System\QLlHoum.exe
  C:\Windows\System\QLlHoum.exe
  2⤵
  PID:7120
- C:\Windows\System\THmzaGV.exe
  C:\Windows\System\THmzaGV.exe
  2⤵
  PID:12308
- C:\Windows\System\XSpobIE.exe
  C:\Windows\System\XSpobIE.exe
  2⤵
  PID:4612
- C:\Windows\System\HsgwJrj.exe
  C:\Windows\System\HsgwJrj.exe
  2⤵
  PID:11344
- C:\Windows\System\sJyVVif.exe
  C:\Windows\System\sJyVVif.exe
  2⤵
  PID:14088
- C:\Windows\System\GDQjQpJ.exe
  C:\Windows\System\GDQjQpJ.exe
  2⤵
  PID:14072
- C:\Windows\System\VUlaEFH.exe
  C:\Windows\System\VUlaEFH.exe
  2⤵
  PID:14052
- C:\Windows\System\tHbSJzM.exe
  C:\Windows\System\tHbSJzM.exe
  2⤵
  PID:14032
- C:\Windows\System\NWpJKyw.exe
  C:\Windows\System\NWpJKyw.exe
  2⤵
  PID:14012
- C:\Windows\System\kkwMMal.exe
  C:\Windows\System\kkwMMal.exe
  2⤵
  PID:13988
- C:\Windows\System\LQENoSu.exe
  C:\Windows\System\LQENoSu.exe
  2⤵
  PID:13968
- C:\Windows\System\oJbpovb.exe
  C:\Windows\System\oJbpovb.exe
  2⤵
  PID:13948
- C:\Windows\System\rHuHfgb.exe
  C:\Windows\System\rHuHfgb.exe
  2⤵
  PID:13912
- C:\Windows\System\gdHKYnO.exe
  C:\Windows\System\gdHKYnO.exe
  2⤵
  PID:13888
- C:\Windows\System\eLIzzaQ.exe
  C:\Windows\System\eLIzzaQ.exe
  2⤵
  PID:13864
- C:\Windows\System\VPRqTkw.exe
  C:\Windows\System\VPRqTkw.exe
  2⤵
  PID:13844
- C:\Windows\System\DOaLoyW.exe
  C:\Windows\System\DOaLoyW.exe
  2⤵
  PID:13824
- C:\Windows\System\HOerOFc.exe
  C:\Windows\System\HOerOFc.exe
  2⤵
  PID:13804
- C:\Windows\System\OuKuqyN.exe
  C:\Windows\System\OuKuqyN.exe
  2⤵
  PID:13776
- C:\Windows\System\JpLueJD.exe
  C:\Windows\System\JpLueJD.exe
  2⤵
  PID:13644
- C:\Windows\System\AAADGlP.exe
  C:\Windows\System\AAADGlP.exe
  2⤵
  PID:13620
- C:\Windows\System\ebBDldv.exe
  C:\Windows\System\ebBDldv.exe
  2⤵
  PID:13604
- C:\Windows\System\gyjyyjV.exe
  C:\Windows\System\gyjyyjV.exe
  2⤵
  PID:13580
- C:\Windows\System\DGaXMae.exe
  C:\Windows\System\DGaXMae.exe
  2⤵
  PID:13560
- C:\Windows\System\tXfHAsq.exe
  C:\Windows\System\tXfHAsq.exe
  2⤵
  PID:13540
- C:\Windows\System\jeKaChw.exe
  C:\Windows\System\jeKaChw.exe
  2⤵
  PID:13524
- C:\Windows\System\Opgjnjw.exe
  C:\Windows\System\Opgjnjw.exe
  2⤵
  PID:13500
- C:\Windows\System\xlEkCxY.exe
  C:\Windows\System\xlEkCxY.exe
  2⤵
  PID:13484
- C:\Windows\System\fnwgvXC.exe
  C:\Windows\System\fnwgvXC.exe
  2⤵
  PID:13456
- C:\Windows\System\AJfHHQn.exe
  C:\Windows\System\AJfHHQn.exe
  2⤵
  PID:13432
- C:\Windows\System\oVZuvpu.exe
  C:\Windows\System\oVZuvpu.exe
  2⤵
  PID:13412
- C:\Windows\System\OppOmqt.exe
  C:\Windows\System\OppOmqt.exe
  2⤵
  PID:13396
- C:\Windows\System\BhMbNxP.exe
  C:\Windows\System\BhMbNxP.exe
  2⤵
  PID:13376
- C:\Windows\System\uwOYLFk.exe
  C:\Windows\System\uwOYLFk.exe
  2⤵
  PID:13336
- C:\Windows\System\xGaSPDc.exe
  C:\Windows\System\xGaSPDc.exe
  2⤵
  PID:13316
- C:\Windows\System\LDFHnTa.exe
  C:\Windows\System\LDFHnTa.exe
  2⤵
  PID:6900
- C:\Windows\System\SirBiiR.exe
  C:\Windows\System\SirBiiR.exe
  2⤵
  PID:12644
- C:\Windows\System\rqTTjpt.exe
  C:\Windows\System\rqTTjpt.exe
  2⤵
  PID:6404
- C:\Windows\System\NRjbiIY.exe
  C:\Windows\System\NRjbiIY.exe
  2⤵
  PID:7584
- C:\Windows\System\BsBbvYf.exe
  C:\Windows\System\BsBbvYf.exe
  2⤵
  PID:12600
- C:\Windows\System\xXhCFZM.exe
  C:\Windows\System\xXhCFZM.exe
  2⤵
  PID:12392
- C:\Windows\System\EsfMZOd.exe
  C:\Windows\System\EsfMZOd.exe
  2⤵
  PID:11820
- C:\Windows\System\wKDXThm.exe
  C:\Windows\System\wKDXThm.exe
  2⤵
  PID:11560
- C:\Windows\System\ZxmyMBn.exe
  C:\Windows\System\ZxmyMBn.exe
  2⤵
  PID:12356
- C:\Windows\System\kqmrmGS.exe
  C:\Windows\System\kqmrmGS.exe
  2⤵
  PID:12344
- C:\Windows\System\SepiUhd.exe
  C:\Windows\System\SepiUhd.exe
  2⤵
  PID:11964
- C:\Windows\System\aAjxoAS.exe
  C:\Windows\System\aAjxoAS.exe
  2⤵
  PID:11384
- C:\Windows\System\lxyYFFR.exe
  C:\Windows\System\lxyYFFR.exe
  2⤵
  PID:11852
- C:\Windows\System\PWfAnCP.exe
  C:\Windows\System\PWfAnCP.exe
  2⤵
  PID:12604
- C:\Windows\System\fywCEpw.exe
  C:\Windows\System\fywCEpw.exe
  2⤵
  PID:7480
- C:\Windows\System\VvnIkAN.exe
  C:\Windows\System\VvnIkAN.exe
  2⤵
  PID:11600
- C:\Windows\System\hFimSeV.exe
  C:\Windows\System\hFimSeV.exe
  2⤵
  PID:11728
- C:\Windows\System\IvEojhu.exe
  C:\Windows\System\IvEojhu.exe
  2⤵
  PID:12048
- C:\Windows\System\HKhIbAa.exe
  C:\Windows\System\HKhIbAa.exe
  2⤵
  PID:11296
- C:\Windows\System\tyrLRuB.exe
  C:\Windows\System\tyrLRuB.exe
  2⤵
  PID:6704
- C:\Windows\System\pRPUUtq.exe
  C:\Windows\System\pRPUUtq.exe
  2⤵
  PID:4616
- C:\Windows\System\ceGnFFD.exe
  C:\Windows\System\ceGnFFD.exe
  2⤵
  PID:1920
- C:\Windows\System\GhpwRLE.exe
  C:\Windows\System\GhpwRLE.exe
  2⤵
  PID:2644
- C:\Windows\System\lFcdIEJ.exe
  C:\Windows\System\lFcdIEJ.exe
  2⤵
  PID:1012
- C:\Windows\System\ADcNNzg.exe
  C:\Windows\System\ADcNNzg.exe
  2⤵
  PID:4648
- C:\Windows\System\QdKYbeD.exe
  C:\Windows\System\QdKYbeD.exe
  2⤵
  PID:2400
- C:\Windows\System\WfgiLaK.exe
  C:\Windows\System\WfgiLaK.exe
  2⤵
  PID:6580
- C:\Windows\System\DpQNqLQ.exe
  C:\Windows\System\DpQNqLQ.exe
  2⤵
  PID:7532
- C:\Windows\System\hbYHFJR.exe
  C:\Windows\System\hbYHFJR.exe
  2⤵
  PID:5196
- C:\Windows\System\edNjqpC.exe
  C:\Windows\System\edNjqpC.exe
  2⤵
  PID:8076
- C:\Windows\System\pHuplWZ.exe
  C:\Windows\System\pHuplWZ.exe
  2⤵
  PID:13308
- C:\Windows\System\uFGQdTW.exe
  C:\Windows\System\uFGQdTW.exe
  2⤵
  PID:13292
- C:\Windows\System\IvsrKoG.exe
  C:\Windows\System\IvsrKoG.exe
  2⤵
  PID:13272
- C:\Windows\System\LPvGGzS.exe
  C:\Windows\System\LPvGGzS.exe
  2⤵
  PID:13252
- C:\Windows\System\GvICXEU.exe
  C:\Windows\System\GvICXEU.exe
  2⤵
  PID:13236
- C:\Windows\System\sIXUXcK.exe
  C:\Windows\System\sIXUXcK.exe
  2⤵
  PID:13216
- C:\Windows\System\exYbqiz.exe
  C:\Windows\System\exYbqiz.exe
  2⤵
  PID:13196
- C:\Windows\System\ryqHGlQ.exe
  C:\Windows\System\ryqHGlQ.exe
  2⤵
  PID:13176
- C:\Windows\System\HnLOtyY.exe
  C:\Windows\System\HnLOtyY.exe
  2⤵
  PID:13156
- C:\Windows\System\gtwUzJl.exe
  C:\Windows\System\gtwUzJl.exe
  2⤵
  PID:13140
- C:\Windows\System\XJbXevv.exe
  C:\Windows\System\XJbXevv.exe
  2⤵
  PID:13120
- C:\Windows\System\TXLOvnQ.exe
  C:\Windows\System\TXLOvnQ.exe
  2⤵
  PID:13100
- C:\Windows\System\YRlgWpw.exe
  C:\Windows\System\YRlgWpw.exe
  2⤵
  PID:13080
- C:\Windows\System\PxPzXnz.exe
  C:\Windows\System\PxPzXnz.exe
  2⤵
  PID:13064
- C:\Windows\System\cOXAJqM.exe
  C:\Windows\System\cOXAJqM.exe
  2⤵
  PID:13044
- C:\Windows\System\WerCqRv.exe
  C:\Windows\System\WerCqRv.exe
  2⤵
  PID:13024
- C:\Windows\System\ewJvClP.exe
  C:\Windows\System\ewJvClP.exe
  2⤵
  PID:13004
- C:\Windows\System\WYrNlkq.exe
  C:\Windows\System\WYrNlkq.exe
  2⤵
  PID:12988
- C:\Windows\System\HETcVwH.exe
  C:\Windows\System\HETcVwH.exe
  2⤵
  PID:12968
- C:\Windows\System\RMTixcN.exe
  C:\Windows\System\RMTixcN.exe
  2⤵
  PID:12948
- C:\Windows\System\UPHzTwz.exe
  C:\Windows\System\UPHzTwz.exe
  2⤵
  PID:12932
- C:\Windows\System\RWAdkKs.exe
  C:\Windows\System\RWAdkKs.exe
  2⤵
  PID:12912
- C:\Windows\System\zmBBaQv.exe
  C:\Windows\System\zmBBaQv.exe
  2⤵
  PID:12896
- C:\Windows\System\EsWIFWJ.exe
  C:\Windows\System\EsWIFWJ.exe
  2⤵
  PID:12876
- C:\Windows\System\EFzNqaS.exe
  C:\Windows\System\EFzNqaS.exe
  2⤵
  PID:12860
- C:\Windows\System\vDWQXUE.exe
  C:\Windows\System\vDWQXUE.exe
  2⤵
  PID:12840
- C:\Windows\System\YhhuODc.exe
  C:\Windows\System\YhhuODc.exe
  2⤵
  PID:12728
- C:\Windows\System\qgFsJMq.exe
  C:\Windows\System\qgFsJMq.exe
  2⤵
  PID:12708
- C:\Windows\System\YRMYjXi.exe
  C:\Windows\System\YRMYjXi.exe
  2⤵
  PID:12672
- C:\Windows\System\AFucEcD.exe
  C:\Windows\System\AFucEcD.exe
  2⤵
  PID:12656
- C:\Windows\System\siIGdhB.exe
  C:\Windows\System\siIGdhB.exe
  2⤵
  PID:12636
- C:\Windows\System\hKMLimD.exe
  C:\Windows\System\hKMLimD.exe
  2⤵
  PID:12612
- C:\Windows\System\hhOMHXC.exe
  C:\Windows\System\hhOMHXC.exe
  2⤵
  PID:12588
- C:\Windows\System\wivCUbd.exe
  C:\Windows\System\wivCUbd.exe
  2⤵
  PID:12568
- C:\Windows\System\WrAsBvp.exe
  C:\Windows\System\WrAsBvp.exe
  2⤵
  PID:12552
- C:\Windows\System\RTyDYHa.exe
  C:\Windows\System\RTyDYHa.exe
  2⤵
  PID:12532
- C:\Windows\System\SMEiYfc.exe
  C:\Windows\System\SMEiYfc.exe
  2⤵
  PID:12512
- C:\Windows\System\yclZVfQ.exe
  C:\Windows\System\yclZVfQ.exe
  2⤵
  PID:12496
- C:\Windows\System\DlHMtwK.exe
  C:\Windows\System\DlHMtwK.exe
  2⤵
  PID:12476
- C:\Windows\System\tbPpqJx.exe
  C:\Windows\System\tbPpqJx.exe
  2⤵
  PID:12456
- C:\Windows\System\pyOCPIw.exe
  C:\Windows\System\pyOCPIw.exe
  2⤵
  PID:12440
- C:\Windows\System\gYowaQR.exe
  C:\Windows\System\gYowaQR.exe
  2⤵
  PID:12420
- C:\Windows\System\kunqfHp.exe
  C:\Windows\System\kunqfHp.exe
  2⤵
  PID:12404
- C:\Windows\System\RXtWznO.exe
  C:\Windows\System\RXtWznO.exe
  2⤵
  PID:12384
- C:\Windows\System\hPZYFbE.exe
  C:\Windows\System\hPZYFbE.exe
  2⤵
  PID:5988
- C:\Windows\System\ShRkwcn.exe
  C:\Windows\System\ShRkwcn.exe
  2⤵
  PID:10344
- C:\Windows\System\NblOEEK.exe
  C:\Windows\System\NblOEEK.exe
  2⤵
  PID:2436
- C:\Windows\System\QBYVdNj.exe
  C:\Windows\System\QBYVdNj.exe
  2⤵
  PID:6136
- C:\Windows\System\PKmeqYu.exe
  C:\Windows\System\PKmeqYu.exe
  2⤵
  PID:7900
- C:\Windows\System\frRqtoe.exe
  C:\Windows\System\frRqtoe.exe
  2⤵
  PID:12248
- C:\Windows\System\zLxZDbn.exe
  C:\Windows\System\zLxZDbn.exe
  2⤵
  PID:11704
- C:\Windows\System\lzsItoY.exe
  C:\Windows\System\lzsItoY.exe
  2⤵
  PID:11496
- C:\Windows\System\XndSDtp.exe
  C:\Windows\System\XndSDtp.exe
  2⤵
  PID:1872
- C:\Windows\System\KQkKhAe.exe
  C:\Windows\System\KQkKhAe.exe
  2⤵
  PID:6936
- C:\Windows\System\QqqbJtQ.exe
  C:\Windows\System\QqqbJtQ.exe
  2⤵
  PID:2948
- C:\Windows\System\YroeGVh.exe
  C:\Windows\System\YroeGVh.exe
  2⤵
  PID:12280
- C:\Windows\System\aYSulgn.exe
  C:\Windows\System\aYSulgn.exe
  2⤵
  PID:11604
- C:\Windows\System\qLMAzNv.exe
  C:\Windows\System\qLMAzNv.exe
  2⤵
  PID:2908
- C:\Windows\System\uXUZXXa.exe
  C:\Windows\System\uXUZXXa.exe
  2⤵
  PID:10588
- C:\Windows\System\LyRRasH.exe
  C:\Windows\System\LyRRasH.exe
  2⤵
  PID:3568
- C:\Windows\System\FJmpMly.exe
  C:\Windows\System\FJmpMly.exe
  2⤵
  PID:11824
- C:\Windows\System\REZDeHo.exe
  C:\Windows\System\REZDeHo.exe
  2⤵
  PID:15252
- C:\Windows\System\IBrhDBV.exe
  C:\Windows\System\IBrhDBV.exe
  2⤵
  PID:10412
- C:\Windows\System\iQzBoVH.exe
  C:\Windows\System\iQzBoVH.exe
  2⤵
  PID:10828
- C:\Windows\System\sYEHNok.exe
  C:\Windows\System\sYEHNok.exe
  2⤵
  PID:10496
- C:\Windows\System\aRLeTiN.exe
  C:\Windows\System\aRLeTiN.exe
  2⤵
  PID:10508
- C:\Windows\System\StMgjXa.exe
  C:\Windows\System\StMgjXa.exe
  2⤵
  PID:10448
- C:\Windows\System\tgWqvmA.exe
  C:\Windows\System\tgWqvmA.exe
  2⤵
  PID:1904
- C:\Windows\System\NaQzncH.exe
  C:\Windows\System\NaQzncH.exe
  2⤵
  PID:13492
- C:\Windows\System\FuNUBFb.exe
  C:\Windows\System\FuNUBFb.exe
  2⤵
  PID:11080
- C:\Windows\System\AjMGazk.exe
  C:\Windows\System\AjMGazk.exe
  2⤵
  PID:7672
- C:\Windows\System\OidzVze.exe
  C:\Windows\System\OidzVze.exe
  2⤵
  PID:13452
- C:\Windows\System\ojfsYsA.exe
  C:\Windows\System\ojfsYsA.exe
  2⤵
  PID:7944
- C:\Windows\System\oFiTWYs.exe
  C:\Windows\System\oFiTWYs.exe
  2⤵
  PID:10044
- C:\Windows\System\sDwBaIw.exe
  C:\Windows\System\sDwBaIw.exe
  2⤵
  PID:7624
- C:\Windows\System\OfaUyAc.exe
  C:\Windows\System\OfaUyAc.exe
  2⤵
  PID:10380
- C:\Windows\System\XxhnYEk.exe
  C:\Windows\System\XxhnYEk.exe
  2⤵
  PID:11172
- C:\Windows\System\XJQbUWh.exe
  C:\Windows\System\XJQbUWh.exe
  2⤵
  PID:14936
- C:\Windows\System\NrArOkg.exe
  C:\Windows\System\NrArOkg.exe
  2⤵
  PID:4528
- C:\Windows\System\gtVSRiC.exe
  C:\Windows\System\gtVSRiC.exe
  2⤵
  PID:10312
- C:\Windows\System\dDCrlTj.exe
  C:\Windows\System\dDCrlTj.exe
  2⤵
  PID:7700
- C:\Windows\System\EAwqBff.exe
  C:\Windows\System\EAwqBff.exe
  2⤵
  PID:10140
- C:\Windows\System\UPJzupx.exe
  C:\Windows\System\UPJzupx.exe
  2⤵
  PID:12188
- C:\Windows\System\eQiBdXS.exe
  C:\Windows\System\eQiBdXS.exe
  2⤵
  PID:14920
- C:\Windows\System\kGeDYfL.exe
  C:\Windows\System\kGeDYfL.exe
  2⤵
  PID:9796
- C:\Windows\System\IDwEnFR.exe
  C:\Windows\System\IDwEnFR.exe
  2⤵
  PID:11940
- C:\Windows\System\ZSWjpYR.exe
  C:\Windows\System\ZSWjpYR.exe
  2⤵
  PID:14952
- C:\Windows\System\jTOmHEz.exe
  C:\Windows\System\jTOmHEz.exe
  2⤵
  PID:15632
- C:\Windows\System\kCIFttz.exe
  C:\Windows\System\kCIFttz.exe
  2⤵
  PID:15612
- C:\Windows\System\wxGkGwA.exe
  C:\Windows\System\wxGkGwA.exe
  2⤵
  PID:15776
- C:\Windows\System\JUcNJqw.exe
  C:\Windows\System\JUcNJqw.exe
  2⤵
  PID:15760
- C:\Windows\System\LaQZvPG.exe
  C:\Windows\System\LaQZvPG.exe
  2⤵
  PID:15732
- C:\Windows\System\Eimvgmz.exe
  C:\Windows\System\Eimvgmz.exe
  2⤵
  PID:15712
- C:\Windows\System\PIidgLf.exe
  C:\Windows\System\PIidgLf.exe
  2⤵
  PID:15692
- C:\Windows\System\BnKtYmv.exe
  C:\Windows\System\BnKtYmv.exe
  2⤵
  PID:15672
- C:\Windows\System\ZLTyCOt.exe
  C:\Windows\System\ZLTyCOt.exe
  2⤵
  PID:15652
- C:\Windows\System\lMNgEtQ.exe
  C:\Windows\System\lMNgEtQ.exe
  2⤵
  PID:15588
- C:\Windows\System\PsYrRmH.exe
  C:\Windows\System\PsYrRmH.exe
  2⤵
  PID:15568
- C:\Windows\System\fHJLjbK.exe
  C:\Windows\System\fHJLjbK.exe
  2⤵
  PID:15548
- C:\Windows\System\fFlpQIT.exe
  C:\Windows\System\fFlpQIT.exe
  2⤵
  PID:15528
- C:\Windows\System\jveOuBS.exe
  C:\Windows\System\jveOuBS.exe
  2⤵
  PID:15508
- C:\Windows\System\DKuzIEv.exe
  C:\Windows\System\DKuzIEv.exe
  2⤵
  PID:15488
- C:\Windows\System\URNfUym.exe
  C:\Windows\System\URNfUym.exe
  2⤵
  PID:15468
- C:\Windows\System\PLSVxtk.exe
  C:\Windows\System\PLSVxtk.exe
  2⤵
  PID:15448
- C:\Windows\System\Jbpkqse.exe
  C:\Windows\System\Jbpkqse.exe
  2⤵
  PID:15424
- C:\Windows\System\EwkYEIK.exe
  C:\Windows\System\EwkYEIK.exe
  2⤵
  PID:15408
- C:\Windows\System\EoihynK.exe
  C:\Windows\System\EoihynK.exe
  2⤵
  PID:16336
- C:\Windows\System\NTSKSdJ.exe
  C:\Windows\System\NTSKSdJ.exe
  2⤵
  PID:16312
- C:\Windows\System\lLMlIyb.exe
  C:\Windows\System\lLMlIyb.exe
  2⤵
  PID:16288
- C:\Windows\System\QVrfJSf.exe
  C:\Windows\System\QVrfJSf.exe
  2⤵
  PID:16268
- C:\Windows\System\RHnEUcs.exe
  C:\Windows\System\RHnEUcs.exe
  2⤵
  PID:16248
- C:\Windows\System\wWtCweL.exe
  C:\Windows\System\wWtCweL.exe
  2⤵
  PID:16360
- C:\Windows\System\QtzSlZW.exe
  C:\Windows\System\QtzSlZW.exe
  2⤵
  PID:16224
- C:\Windows\System\cPidtDF.exe
  C:\Windows\System\cPidtDF.exe
  2⤵
  PID:6420
- C:\Windows\System\eLFlHSt.exe
  C:\Windows\System\eLFlHSt.exe
  2⤵
  PID:3524
- C:\Windows\System\bepWjSN.exe
  C:\Windows\System\bepWjSN.exe
  2⤵
  PID:7380
- C:\Windows\System\fvAAlgL.exe
  C:\Windows\System\fvAAlgL.exe
  2⤵
  PID:8400
- C:\Windows\System\LadxCuH.exe
  C:\Windows\System\LadxCuH.exe
  2⤵
  PID:15084
- C:\Windows\System\WNNzWhF.exe
  C:\Windows\System\WNNzWhF.exe
  2⤵
  PID:6188
- C:\Windows\System\dJphZKD.exe
  C:\Windows\System\dJphZKD.exe
  2⤵
  PID:5044
- C:\Windows\System\LVClfSQ.exe
  C:\Windows\System\LVClfSQ.exe
  2⤵
  PID:15496
- C:\Windows\System\nPRtLMb.exe
  C:\Windows\System\nPRtLMb.exe
  2⤵
  PID:15952
- C:\Windows\System\QHsJDPt.exe
  C:\Windows\System\QHsJDPt.exe
  2⤵
  PID:15748
- C:\Windows\System\UbzNgOg.exe
  C:\Windows\System\UbzNgOg.exe
  2⤵
  PID:15704
- C:\Windows\System\pGYBNKV.exe
  C:\Windows\System\pGYBNKV.exe
  2⤵
  PID:15560
- C:\Windows\System\AbVgidE.exe
  C:\Windows\System\AbVgidE.exe
  2⤵
  PID:16280
- C:\Windows\System\WPqSPHN.exe
  C:\Windows\System\WPqSPHN.exe
  2⤵
  PID:15016
- C:\Windows\System\qWawSDg.exe
  C:\Windows\System\qWawSDg.exe
  2⤵
  PID:16216
- C:\Windows\System\nyHRYeF.exe
  C:\Windows\System\nyHRYeF.exe
  2⤵
  PID:16164
- C:\Windows\System\GecACSE.exe
  C:\Windows\System\GecACSE.exe
  2⤵
  PID:12028
- C:\Windows\System\pHJJtEG.exe
  C:\Windows\System\pHJJtEG.exe
  2⤵
  PID:16304
- C:\Windows\System\eurZAbh.exe
  C:\Windows\System\eurZAbh.exe
  2⤵
  PID:16264
- C:\Windows\System\lsqDAHr.exe
  C:\Windows\System\lsqDAHr.exe
  2⤵
  PID:16532
- C:\Windows\System\yJYJePD.exe
  C:\Windows\System\yJYJePD.exe
  2⤵
  PID:16944
- C:\Windows\System\ybnBIMa.exe
  C:\Windows\System\ybnBIMa.exe
  2⤵
  PID:16928
- C:\Windows\System\vZZjGSU.exe
  C:\Windows\System\vZZjGSU.exe
  2⤵
  PID:16892
- C:\Windows\System\cHtXKXY.exe
  C:\Windows\System\cHtXKXY.exe
  2⤵
  PID:16876
- C:\Windows\System\cqLZGky.exe
  C:\Windows\System\cqLZGky.exe
  2⤵
  PID:16852
- C:\Windows\System\WkffcEB.exe
  C:\Windows\System\WkffcEB.exe
  2⤵
  PID:16836
- C:\Windows\System\HkwkeKY.exe
  C:\Windows\System\HkwkeKY.exe
  2⤵
  PID:16816
- C:\Windows\System\kiBcjiu.exe
  C:\Windows\System\kiBcjiu.exe
  2⤵
  PID:16984
- C:\Windows\System\BWUBcEq.exe
  C:\Windows\System\BWUBcEq.exe
  2⤵
  PID:17340
- C:\Windows\System\NXrfipB.exe
  C:\Windows\System\NXrfipB.exe
  2⤵
  PID:17312
- C:\Windows\System\BooBarm.exe
  C:\Windows\System\BooBarm.exe
  2⤵
  PID:17288
- C:\Windows\System\MxIZPCM.exe
  C:\Windows\System\MxIZPCM.exe
  2⤵
  PID:17264
- C:\Windows\System\uFMpUbD.exe
  C:\Windows\System\uFMpUbD.exe
  2⤵
  PID:17244
- C:\Windows\System\dBqjIGd.exe
  C:\Windows\System\dBqjIGd.exe
  2⤵
  PID:17224
- C:\Windows\System\RWQshez.exe
  C:\Windows\System\RWQshez.exe
  2⤵
  PID:17200
- C:\Windows\System\YrOSKKR.exe
  C:\Windows\System\YrOSKKR.exe
  2⤵
  PID:17176
- C:\Windows\System\dJJxJsH.exe
  C:\Windows\System\dJJxJsH.exe
  2⤵
  PID:17148
- C:\Windows\System\SETgmRI.exe
  C:\Windows\System\SETgmRI.exe
  2⤵
  PID:16792
- C:\Windows\System\LmSsiCk.exe
  C:\Windows\System\LmSsiCk.exe
  2⤵
  PID:16772
- C:\Windows\System\IaSWMjI.exe
  C:\Windows\System\IaSWMjI.exe
  2⤵
  PID:16752
- C:\Windows\System\NlyccKs.exe
  C:\Windows\System\NlyccKs.exe
  2⤵
  PID:16728
- C:\Windows\System\yucoSGJ.exe
  C:\Windows\System\yucoSGJ.exe
  2⤵
  PID:16708
- C:\Windows\System\KZaRlmL.exe
  C:\Windows\System\KZaRlmL.exe
  2⤵
  PID:16688
- C:\Windows\System\tnaLBoz.exe
  C:\Windows\System\tnaLBoz.exe
  2⤵
  PID:16664
- C:\Windows\System\SRGKGtZ.exe
  C:\Windows\System\SRGKGtZ.exe
  2⤵
  PID:16648
- C:\Windows\System\nFPHnfZ.exe
  C:\Windows\System\nFPHnfZ.exe
  2⤵
  PID:16624
- C:\Windows\System\qDSckMX.exe
  C:\Windows\System\qDSckMX.exe
  2⤵
  PID:16604
- C:\Windows\System\kLlSViE.exe
  C:\Windows\System\kLlSViE.exe
  2⤵
  PID:16580
- C:\Windows\System\IaCfNyn.exe
  C:\Windows\System\IaCfNyn.exe
  2⤵
  PID:16556
- C:\Windows\System\ovAGwgk.exe
  C:\Windows\System\ovAGwgk.exe
  2⤵
  PID:16512
- C:\Windows\System\HptObfb.exe
  C:\Windows\System\HptObfb.exe
  2⤵
  PID:16492
- C:\Windows\System\JcQPLvc.exe
  C:\Windows\System\JcQPLvc.exe
  2⤵
  PID:16472
- C:\Windows\System\zcLqdIw.exe
  C:\Windows\System\zcLqdIw.exe
  2⤵
  PID:16448
- C:\Windows\System\btnMDUe.exe
  C:\Windows\System\btnMDUe.exe
  2⤵
  PID:16424
- C:\Windows\System\oqutMYC.exe
  C:\Windows\System\oqutMYC.exe
  2⤵
  PID:9800
- C:\Windows\System\RVAEUTG.exe
  C:\Windows\System\RVAEUTG.exe
  2⤵
  PID:16464
- C:\Windows\System\yBETAit.exe
  C:\Windows\System\yBETAit.exe
  2⤵
  PID:15940
- C:\Windows\System\TNLYHBg.exe
  C:\Windows\System\TNLYHBg.exe
  2⤵
  PID:15520
- C:\Windows\System\tBPaQfI.exe
  C:\Windows\System\tBPaQfI.exe
  2⤵
  PID:15484
- C:\Windows\System\ZhdvacZ.exe
  C:\Windows\System\ZhdvacZ.exe
  2⤵
  PID:15416
- C:\Windows\System\ITkBWJB.exe
  C:\Windows\System\ITkBWJB.exe
  2⤵
  PID:16912
- C:\Windows\System\aCPaAXE.exe
  C:\Windows\System\aCPaAXE.exe
  2⤵
  PID:17092
- C:\Windows\System\tMFZjBM.exe
  C:\Windows\System\tMFZjBM.exe
  2⤵
  PID:15420
- C:\Windows\System\ScImqhr.exe
  C:\Windows\System\ScImqhr.exe
  2⤵
  PID:16824
- C:\Windows\System\AmBnHCF.exe
  C:\Windows\System\AmBnHCF.exe
  2⤵
  PID:15596
- C:\Windows\System\wQgCkLj.exe
  C:\Windows\System\wQgCkLj.exe
  2⤵
  PID:15640
- C:\Windows\System\AKtTFVa.exe
  C:\Windows\System\AKtTFVa.exe
  2⤵
  PID:6292
- C:\Windows\System\BRlEhWb.exe
  C:\Windows\System\BRlEhWb.exe
  2⤵
  PID:15788
- C:\Windows\System\yzfaHeI.exe
  C:\Windows\System\yzfaHeI.exe
  2⤵
  PID:16260
- C:\Windows\System\YCtinDw.exe
  C:\Windows\System\YCtinDw.exe
  2⤵
  PID:16196
- C:\Windows\System\bMikYUm.exe
  C:\Windows\System\bMikYUm.exe
  2⤵
  PID:16092
- C:\Windows\System\cuDqRcL.exe
  C:\Windows\System\cuDqRcL.exe
  2⤵
  PID:16096
- C:\Windows\System\IRmCbii.exe
  C:\Windows\System\IRmCbii.exe
  2⤵
  PID:15988
- C:\Windows\System\njSvqUy.exe
  C:\Windows\System\njSvqUy.exe
  2⤵
  PID:15456
- C:\Windows\System\vitQtNS.exe
  C:\Windows\System\vitQtNS.exe
  2⤵
  PID:15372
- C:\Windows\System\JeCTqjm.exe
  C:\Windows\System\JeCTqjm.exe
  2⤵
  PID:14572
- C:\Windows\System\TWDEXZN.exe
  C:\Windows\System\TWDEXZN.exe
  2⤵
  PID:15740
- C:\Windows\System\vaHjoYV.exe
  C:\Windows\System\vaHjoYV.exe
  2⤵
  PID:15668
- C:\Windows\System\dqvDoyd.exe
  C:\Windows\System\dqvDoyd.exe
  2⤵
  PID:15580
- C:\Windows\System\ENMHBZd.exe
  C:\Windows\System\ENMHBZd.exe
  2⤵
  PID:15432
- C:\Windows\System\NDSpnwS.exe
  C:\Windows\System\NDSpnwS.exe
  2⤵
  PID:16380
- C:\Windows\System\WhAncAY.exe
  C:\Windows\System\WhAncAY.exe
  2⤵
  PID:16204
- C:\Windows\System\Vhguwil.exe
  C:\Windows\System\Vhguwil.exe
  2⤵
  PID:16180
- C:\Windows\System\IioIaiu.exe
  C:\Windows\System\IioIaiu.exe
  2⤵
  PID:15388
- C:\Windows\System\ENkuEOB.exe
  C:\Windows\System\ENkuEOB.exe
  2⤵
  PID:15364
- C:\Windows\System\LbRlcKM.exe
  C:\Windows\System\LbRlcKM.exe
  2⤵
  PID:8552
- C:\Windows\System\jwFOsNt.exe
  C:\Windows\System\jwFOsNt.exe
  2⤵
  PID:2760
- C:\Windows\System\uekfRjO.exe
  C:\Windows\System\uekfRjO.exe
  2⤵
  PID:10088
- C:\Windows\System\zKMlqSJ.exe
  C:\Windows\System\zKMlqSJ.exe
  2⤵
  PID:11192
- C:\Windows\System\mkRlbPz.exe
  C:\Windows\System\mkRlbPz.exe
  2⤵
  PID:11316
- C:\Windows\System\DuTciWz.exe
  C:\Windows\System\DuTciWz.exe
  2⤵
  PID:13688
- C:\Windows\System\wxIunBH.exe
  C:\Windows\System\wxIunBH.exe
  2⤵
  PID:12128
- C:\Windows\System\dsOTMYL.exe
  C:\Windows\System\dsOTMYL.exe
  2⤵
  PID:15020
- C:\Windows\System\OiPRClD.exe
  C:\Windows\System\OiPRClD.exe
  2⤵
  PID:10116
- C:\Windows\System\mGzzCnh.exe
  C:\Windows\System\mGzzCnh.exe
  2⤵
  PID:14488
- C:\Windows\System\aKzlZbT.exe
  C:\Windows\System\aKzlZbT.exe
  2⤵
  PID:12184
- C:\Windows\System\OazzrFN.exe
  C:\Windows\System\OazzrFN.exe
  2⤵
  PID:7992
- C:\Windows\System\GQWTzmB.exe
  C:\Windows\System\GQWTzmB.exe
  2⤵
  PID:8968
- C:\Windows\System\WmuDLwo.exe
  C:\Windows\System\WmuDLwo.exe
  2⤵
  PID:10768
- C:\Windows\System\QPSZSQQ.exe
  C:\Windows\System\QPSZSQQ.exe
  2⤵
  PID:7068
- C:\Windows\System\RoEgjll.exe
  C:\Windows\System\RoEgjll.exe
  2⤵
  PID:10008
- C:\Windows\System\PqttRmW.exe
  C:\Windows\System\PqttRmW.exe
  2⤵
  PID:9580
- C:\Windows\System\hoMoFmY.exe
  C:\Windows\System\hoMoFmY.exe
  2⤵
  PID:7880
- C:\Windows\System\rjvyAZX.exe
  C:\Windows\System\rjvyAZX.exe
  2⤵
  PID:10292
- C:\Windows\System\grKewDq.exe
  C:\Windows\System\grKewDq.exe
  2⤵
  PID:3356
- C:\Windows\System\cWXIXJa.exe
  C:\Windows\System\cWXIXJa.exe
  2⤵
  PID:7076
- C:\Windows\System\aIuRKdh.exe
  C:\Windows\System\aIuRKdh.exe
  2⤵
  PID:12072
- C:\Windows\System\vZTKIvY.exe
  C:\Windows\System\vZTKIvY.exe
  2⤵
  PID:7520
- C:\Windows\System\jsmDVlU.exe
  C:\Windows\System\jsmDVlU.exe
  2⤵
  PID:12196
- C:\Windows\System\gLhCDIm.exe
  C:\Windows\System\gLhCDIm.exe
  2⤵
  PID:12020
- C:\Windows\System\uSESmdx.exe
  C:\Windows\System\uSESmdx.exe
  2⤵
  PID:12140
- C:\Windows\System\IOkeNOJ.exe
  C:\Windows\System\IOkeNOJ.exe
  2⤵
  PID:11944
- C:\Windows\System\ExsmGRi.exe
  C:\Windows\System\ExsmGRi.exe
  2⤵
  PID:15160
- C:\Windows\System\kHYfKdk.exe
  C:\Windows\System\kHYfKdk.exe
  2⤵
  PID:6604
- C:\Windows\System\GzouOrA.exe
  C:\Windows\System\GzouOrA.exe
  2⤵
  PID:8800
- C:\Windows\System\xGKJFni.exe
  C:\Windows\System\xGKJFni.exe
  2⤵
  PID:10356
- C:\Windows\System\UIHKEko.exe
  C:\Windows\System\UIHKEko.exe
  2⤵
  PID:14456
- C:\Windows\System\LGeaAfg.exe
  C:\Windows\System\LGeaAfg.exe
  2⤵
  PID:14824
- C:\Windows\System\afnKaqS.exe
  C:\Windows\System\afnKaqS.exe
  2⤵
  PID:10532
- C:\Windows\System\Fefffcv.exe
  C:\Windows\System\Fefffcv.exe
  2⤵
  PID:8616
- C:\Windows\System\fHvBtWu.exe
  C:\Windows\System\fHvBtWu.exe
  2⤵
  PID:6848
- C:\Windows\System\KPfrHKy.exe
  C:\Windows\System\KPfrHKy.exe
  2⤵
  PID:13424
- C:\Windows\System\DipGGXn.exe
  C:\Windows\System\DipGGXn.exe
  2⤵
  PID:2348
- C:\Windows\System\HKebScz.exe
  C:\Windows\System\HKebScz.exe
  2⤵
  PID:11040
- C:\Windows\System\yPExfhV.exe
  C:\Windows\System\yPExfhV.exe
  2⤵
  PID:8628
- C:\Windows\System\xMzxfKi.exe
  C:\Windows\System\xMzxfKi.exe
  2⤵
  PID:10252
- C:\Windows\System\WqEPTFD.exe
  C:\Windows\System\WqEPTFD.exe
  2⤵
  PID:9088
- C:\Windows\System\CezQskW.exe
  C:\Windows\System\CezQskW.exe
  2⤵
  PID:5316
- C:\Windows\System\sxYXwKz.exe
  C:\Windows\System\sxYXwKz.exe
  2⤵
  PID:12076
- C:\Windows\System\JREOIgC.exe
  C:\Windows\System\JREOIgC.exe
  2⤵
  PID:10752
- C:\Windows\System\sWxrQkB.exe
  C:\Windows\System\sWxrQkB.exe
  2⤵
  PID:14064
- C:\Windows\System\TNfkNyO.exe
  C:\Windows\System\TNfkNyO.exe
  2⤵
  PID:9100
- C:\Windows\System\HqmJjhV.exe
  C:\Windows\System\HqmJjhV.exe
  2⤵
  PID:11784
- C:\Windows\System\JTKkfyT.exe
  C:\Windows\System\JTKkfyT.exe
  2⤵
  PID:15300
- C:\Windows\System\UgTzNGF.exe
  C:\Windows\System\UgTzNGF.exe
  2⤵
  PID:14440
- C:\Windows\System\RTSXnUZ.exe
  C:\Windows\System\RTSXnUZ.exe
  2⤵
  PID:6952
- C:\Windows\System\JWCmwFA.exe
  C:\Windows\System\JWCmwFA.exe
  2⤵
  PID:9312
- C:\Windows\System\diDyVpp.exe
  C:\Windows\System\diDyVpp.exe
  2⤵
  PID:11412
- C:\Windows\System\zxWeeCc.exe
  C:\Windows\System\zxWeeCc.exe
  2⤵
  PID:14808
- C:\Windows\System\zLIpHfY.exe
  C:\Windows\System\zLIpHfY.exe
  2⤵
  PID:9600
- C:\Windows\System\bdHCHfv.exe
  C:\Windows\System\bdHCHfv.exe
  2⤵
  PID:8620
- C:\Windows\System\HwSfvZM.exe
  C:\Windows\System\HwSfvZM.exe
  2⤵
  PID:12452
- C:\Windows\System\rCKCPnm.exe
  C:\Windows\System\rCKCPnm.exe
  2⤵
  PID:8904
- C:\Windows\System\zxkxvQR.exe
  C:\Windows\System\zxkxvQR.exe
  2⤵
  PID:8512
- C:\Windows\System\WXvQsEA.exe
  C:\Windows\System\WXvQsEA.exe
  2⤵
  PID:15212
- C:\Windows\System\fVUECjY.exe
  C:\Windows\System\fVUECjY.exe
  2⤵
  PID:5916
- C:\Windows\System\ZtnKZGS.exe
  C:\Windows\System\ZtnKZGS.exe
  2⤵
  PID:3496
- C:\Windows\System\SMYIOlT.exe
  C:\Windows\System\SMYIOlT.exe
  2⤵
  PID:4748
- C:\Windows\System\iJHbrxo.exe
  C:\Windows\System\iJHbrxo.exe
  2⤵
  PID:6128
- C:\Windows\System\PFEDMOg.exe
  C:\Windows\System\PFEDMOg.exe
  2⤵
  PID:14972
- C:\Windows\System\LVYWIsU.exe
  C:\Windows\System\LVYWIsU.exe
  2⤵
  PID:5548
- C:\Windows\System\FiQcLsW.exe
  C:\Windows\System\FiQcLsW.exe
  2⤵
  PID:8208
- C:\Windows\System\wCJxmxf.exe
  C:\Windows\System\wCJxmxf.exe
  2⤵
  PID:4336
- C:\Windows\System\DzbqWAo.exe
  C:\Windows\System\DzbqWAo.exe
  2⤵
  PID:12172
- C:\Windows\System\lqCjVMr.exe
  C:\Windows\System\lqCjVMr.exe
  2⤵
  PID:12000
- C:\Windows\System\ACCykSt.exe
  C:\Windows\System\ACCykSt.exe
  2⤵
  PID:12032
- C:\Windows\System\fpvGXnt.exe
  C:\Windows\System\fpvGXnt.exe
  2⤵
  PID:12160
- C:\Windows\System\IpmAiGb.exe
  C:\Windows\System\IpmAiGb.exe
  2⤵
  PID:14420
- C:\Windows\System\ReQIyNm.exe
  C:\Windows\System\ReQIyNm.exe
  2⤵
  PID:14388
- C:\Windows\System\YMxKTUK.exe
  C:\Windows\System\YMxKTUK.exe
  2⤵
  PID:6824
- C:\Windows\System\iAcyDeu.exe
  C:\Windows\System\iAcyDeu.exe
  2⤵
  PID:13516
- C:\Windows\System\dEvaOyN.exe
  C:\Windows\System\dEvaOyN.exe
  2⤵
  PID:10552
- C:\Windows\System\FPomwjj.exe
  C:\Windows\System\FPomwjj.exe
  2⤵
  PID:8308
- C:\Windows\System\fvKoNKZ.exe
  C:\Windows\System\fvKoNKZ.exe
  2⤵
  PID:8856
- C:\Windows\System\SNIwjHU.exe
  C:\Windows\System\SNIwjHU.exe
  2⤵
  PID:7912
- C:\Windows\System\iiIkiPS.exe
  C:\Windows\System\iiIkiPS.exe
  2⤵
  PID:9744
- C:\Windows\System\zzknAyj.exe
  C:\Windows\System\zzknAyj.exe
  2⤵
  PID:7272
- C:\Windows\System\ahekQSl.exe
  C:\Windows\System\ahekQSl.exe
  2⤵
  PID:7052
- C:\Windows\System\vdESbkP.exe
  C:\Windows\System\vdESbkP.exe
  2⤵
  PID:8996
- C:\Windows\System\ltRRTcE.exe
  C:\Windows\System\ltRRTcE.exe
  2⤵
  PID:12820
- C:\Windows\System\ImjVOfL.exe
  C:\Windows\System\ImjVOfL.exe
  2⤵
  PID:15316
- C:\Windows\System\MdtXVOx.exe
  C:\Windows\System\MdtXVOx.exe
  2⤵
  PID:11932
- C:\Windows\System\TTWjlmh.exe
  C:\Windows\System\TTWjlmh.exe
  2⤵
  PID:5232
- C:\Windows\System\AvYmUPr.exe
  C:\Windows\System\AvYmUPr.exe
  2⤵
  PID:9648
- C:\Windows\System\FuYwHgO.exe
  C:\Windows\System\FuYwHgO.exe
  2⤵
  PID:9848
- C:\Windows\System\JHluqWM.exe
  C:\Windows\System\JHluqWM.exe
  2⤵
  PID:10068
- C:\Windows\System\akIMxwc.exe
  C:\Windows\System\akIMxwc.exe
  2⤵
  PID:10084
- C:\Windows\System\LoRMEmo.exe
  C:\Windows\System\LoRMEmo.exe
  2⤵
  PID:9204
- C:\Windows\System\ixuUoxL.exe
  C:\Windows\System\ixuUoxL.exe
  2⤵
  PID:10204
- C:\Windows\System\ulkxvaZ.exe
  C:\Windows\System\ulkxvaZ.exe
  2⤵
  PID:10428
- C:\Windows\System\aipHxeo.exe
  C:\Windows\System\aipHxeo.exe
  2⤵
  PID:11208
- C:\Windows\System\bFUnebD.exe
  C:\Windows\System\bFUnebD.exe
  2⤵
  PID:11116
- C:\Windows\System\euNPJGk.exe
  C:\Windows\System\euNPJGk.exe
  2⤵
  PID:11212
- C:\Windows\System\jcfPxFP.exe
  C:\Windows\System\jcfPxFP.exe
  2⤵
  PID:5420
- C:\Windows\System\oMZSSIC.exe
  C:\Windows\System\oMZSSIC.exe
  2⤵
  PID:10340
- C:\Windows\System\UZeSTYJ.exe
  C:\Windows\System\UZeSTYJ.exe
  2⤵
  PID:4804
- C:\Windows\System\UjzowCM.exe
  C:\Windows\System\UjzowCM.exe
  2⤵
  PID:10320
- C:\Windows\System\MdJvevK.exe
  C:\Windows\System\MdJvevK.exe
  2⤵
  PID:10136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_r0fopig1.yot.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AhmFeYx.exe

Filesize
1.8MB

MD5
f50034143fbb751417626d0d04df348c

SHA1
acddfbe4a0de0044cc28bbc379d286c42ef11ce1

SHA256
592dcc8aa51d538507bed5d8c523831322990acb6ea2d213b46928a5ec11d83a

SHA512
0da657532a9518e94a461ff14b7b4e1abdfcbf42cd8281eda7c1ef18513f8935a0c893f252e4c7e435c772a8d6681db78813d8c8e447b89fbbce89ed7b73f96f

Download Submit
C:\Windows\System\BEVaqrF.exe

Filesize
1.9MB

MD5
451104e9d7fa9a54727edf558d659b19

SHA1
63c793ad6e6993e3d7911161ea951fecd0a94495

SHA256
6ed284e1ca13ca75c4811271064659a713f350b12e0b9567a5bb2342daeee550

SHA512
61600b58197ff85cb15619d25330069665a6159f50cdb8916124b9bb9fb3a2268fc01d0daa4a3a95e6e9c859c9e12b1c23618330b182f6632c75105d7b661cf0

Download Submit
C:\Windows\System\BEVaqrF.exe

Filesize
115KB

MD5
2c30e0abda3d96360fdce2345960fa83

SHA1
5c42788840f1a70616e2c48641fb8f4c25ba17d7

SHA256
fac31cbbc69b64df3880de3d4d9b9c1b9c19f654af62dd9f4dc7fcc531920b58

SHA512
fe153c702c195ce3938763cbf24fc1831d1e6f0c2f1eb448a3fc77066c8d0be615e54c88e0933fff4579ebe42227d2edef54b0ec98ff53e253e82a0dfc1fbbbd

Download Submit
C:\Windows\System\CJednrj.exe

Filesize
1.9MB

MD5
52b5905e964aa378d4cb24cd9984b9ee

SHA1
0fb1ed1e79f644e083f76c8f792e5d0a2212f99f

SHA256
a7c3da5b53b473eb541a778a2d0af9b1963022cc1dc3564e8733d13b130913b2

SHA512
71511099c0ee1e9c24b639ef1bed61280673a56f0bdf353444c59b400e3eb8d042468edea81b438d8530907136852b333195bcc4e0f51aa90a0773fa8ee05a2c

Download Submit
C:\Windows\System\CZNMsdl.exe

Filesize
1.1MB

MD5
a093996abe7835e88584180c57950227

SHA1
f5920a542348decd0056be3a87a1ebc9c3386a7e

SHA256
93daf8ef56540f6302ad2d84984497e4b8556382a87ce404daadbc7c57d91d3e

SHA512
1242dd7797f9ae6b8802e7416446c32b2e7b0547d149b48b7c9a2d2c3f7931daf0de7c76d0b42629f664b31654b498df0ac76a74be79956db543888d1af56c75

Download Submit
C:\Windows\System\CZNMsdl.exe

Filesize
1.8MB

MD5
5cd3049dad5151785de87293b9579f33

SHA1
21b0d7f9b127d817f670697e82c62a411e958efb

SHA256
3131e3d492995d837a5bfa80caae1ac9380b4a6c4fdb4de539c11def83606932

SHA512
f1923d4d0c645629fddc57ace94ed695b06eda5cbb86b3973cdb5265d0f74494de22c909e2a32c61395a7e471fefabb98e3533ebbe96fefce753dab8ac4baca1

Download Submit
C:\Windows\System\CgzUnWf.exe

Filesize
256KB

MD5
83d262b7a8df16a23522f5daf833a523

SHA1
ad087841f1b43730e5e6645ac6bab43eb7022a3e

SHA256
ff4734ad87088bf001e133422ce6091bc3be2c2a8eedabed82e932e65724bc37

SHA512
d4091ce23f65da2a8e27e8eef0a29ac68b222950240ee06d49f4ace4225d2833e846abd192c249971416baaba50b0ec74711a76f3e0644750cedd657691b033e

Download Submit
C:\Windows\System\EmOQdeE.exe

Filesize
1.8MB

MD5
973c314fde776236a1252833c61a4113

SHA1
0220a3ff67ff835ddc95e6edfadbde28e0cd8e89

SHA256
901c0340ed950042e41a2a2be971e03fc822f020e0863c21e249da1e93d94af1

SHA512
4700e33887e7e38424ad68e55b2bfb12b307f4aec8cebf0bc57116fc9adb9b249c52bffdb4a317d2f005831ea90052d32fe99142bfe3905b1b91d312b19d76c9

Download Submit
C:\Windows\System\EpZuFvL.exe

Filesize
576KB

MD5
c3d03a9d37f5edf2280ce6b2b3c5fbef

SHA1
f13d7156c1061252682d37ff0da0cac93c34953e

SHA256
87f048a961f73c31785d7e94921a9a359d719bf76105c9601eca055227d1c1db

SHA512
07bab652c526204ee9528b6d8bd65b22dc499a44c1267b60f71a7439366582f72e58adec4d23b764a0ff0478fd6ffd60597a561b86fe20b6db5ee2bd531950b5

Download Submit
C:\Windows\System\EpZuFvL.exe

Filesize
1.8MB

MD5
2725552c77636d33601eb306bd56b534

SHA1
562267e01192e9f10e5fec8962ae8d29ff358bb6

SHA256
02cbe8c3e5b1f5c8588c5ea8b4163b9037d4f254d6d61e75bf91b23f93a275e2

SHA512
0a3b5ef27107e1eb09b05c099df5723907605c89713d1770f2df83224b2b123cd663a32b64bf0fb15e7182b02db04883df283efab4bcf660ffdc3b6df0ef3526

Download Submit
C:\Windows\System\JqgMgmG.exe

Filesize
128KB

MD5
4faadaeab68805f04a3264b24b4484e7

SHA1
1506c8fa28d842c0dbf87aa4fae07f0c1d21c224

SHA256
023ac7fc351f6d2e4691b22c68fbc17c1895254a67982bf0958242ced6e67f29

SHA512
933034705851d18a168ec6a4a2f7a5330c92a605b28011dc44e331b0baa53be92639772e268a3dcd0b9551cd627b9185e234399894d0a898c1ae6ffdbb38edec

Download Submit
C:\Windows\System\LwXajns.exe

Filesize
320KB

MD5
f8515607e38f00a39fa6baf1fde6dd70

SHA1
01e333a1c1d9a929b5be146b2c47f40aee831176

SHA256
950561c68e6cde68beedfdaa6b1c51cd4429220934b59298dc5df8b6902b7efd

SHA512
ddf5a2558700cfbc69f6e62bcc458f18de7603a3d72f83dde1a5e666215517a196573730fe8c511f61aa15cb902b6b65cc438cf9feb33984edad2e9144947014

Download Submit
C:\Windows\System\LwXajns.exe

Filesize
1.8MB

MD5
e5d8f71789f0d9de8f8deaa693d889a5

SHA1
e86bf013a17deacdaf40b3b175c16a144349e026

SHA256
a87446c4859dbde09524f3451d17d495c8d52c4afa9b152b078431b4768d002e

SHA512
e5c7e870c89e78ed501bcd03f633e0ade3c52d81921e88e1d430a89328360cca96821ac862a66239b9ccf508a6adaa3112c05a4750da8d6b70c8aeb819afe959

Download Submit
C:\Windows\System\NvWerZk.exe

Filesize
1.8MB

MD5
1e90ba5093e088cbadf0d50193c80d57

SHA1
5014ab09e7d7d6b25285acdd5ee2709a961f7d50

SHA256
be405ea72c6cd650660d8aa3e979fa124c833e7064aba7b6bb9d3aecc1532be4

SHA512
ab4da723cf0504a6014f9b430185a03131d5aac093ff68b2672968495c88b5e1fe37f32d1179bcba8a1504d6ccca7c0d777b04ea6bd0022ffa20b3f7fb20c41a

Download Submit
C:\Windows\System\OVZeojY.exe

Filesize
8B

MD5
30a9dfceb37577cb23b97b50ee0ca790

SHA1
b56360a546aafbfa7ce003cd05916a7ab7239259

SHA256
44dda0d0cfe87b066fcb3ae3e2b0cbc86f86ca0fdd14c7ce736c7a63fedce1f4

SHA512
f1ae1743e6029aabc9e7387b476be46b30f000874bca6e0907b605cfb329a40abfc7d4eb3d891027c469be0356b370267e0531be7c50ab8183a5aad8ce1cbe57

Download Submit
C:\Windows\System\QSmMYbP.exe

Filesize
1.8MB

MD5
8fe3a9efbbd0ce8455dae48c531653ac

SHA1
4794d76aa68a67b589b1df8008de5850b257bbc9

SHA256
067d12c9b5c2743bc947fee5ca88820fa8fb5e3d974535d09fc1a9ae5bec29c5

SHA512
0675df327b1c8e1e57bd29af36e1e524dadb35b1667957f40607e294d06acc6fc1de0f7499215298c51f7cc861fe77c10c6a32a2762d766691a5bf3e34eb0b84

Download Submit
C:\Windows\System\SWYuhFV.exe

Filesize
64KB

MD5
2b844d5b6b62dc9a3481183eddaa5d38

SHA1
87d636595dfedf6c2d0e0dff07b8562c1756b097

SHA256
701fd725195e6f41fa8c30a535b7c6fe836dda87218adae65589c77aac994408

SHA512
b48efac78940e6733b31810b8151f5b393d25eb481bcf3aa4f899e0ef27db951cc3620a8ae4658e19daeed7ac299c394da82ad4efd782b4ad07d1d3e507148d9

Download Submit
C:\Windows\System\SWYuhFV.exe

Filesize
1.9MB

MD5
1ab759157f68dd289e48e19cd996ca6b

SHA1
f320f2d4db00f9bc46197f56f58dd8ea4fefe70f

SHA256
2ca63059dbfc6e4f89bae3f6acf7526dad841c19f68fcf7f0e664d13e509a9db

SHA512
f58a0b3c76a7d13e7e2511c5cbb3fa850ce994fa07ac6d3ff57d5814720fa3ed4f3cf79fa9b2352a2c1e5d9fbc862fea3a4d16845d1a4a2e70848f3c710ef492

Download Submit
C:\Windows\System\TKzzHqb.exe

Filesize
768KB

MD5
35676f35504153272713e5785c03bda7

SHA1
fce9dfd32fe3e8adc2c73b614f318d843344ac9c

SHA256
ddd0af20edb6e76d8dd58607a47bd3b7043e916f7e5f06e48ea7c431daf3a64f

SHA512
d38b1cf8a9e38523fe20f30e0d830a559fcdb7e264dcf8bb4c9dc7a8c61eb62d4ab7a92db55eca6a893ad23eb8cfdce9d101a78e9e6ac71e7a412596760fc730

Download Submit
C:\Windows\System\TlDImxW.exe

Filesize
1.9MB

MD5
22526b3150c61312d44b7ea5ad18c947

SHA1
0fdefec39e53107509b30ca6cf3be5c5b1ee19b4

SHA256
bb96abd0946d5f2a64421fb231d6997e0b3ea2cfe6d77f9565b49436c043ca05

SHA512
60d591e4cd1737bccad2932477c57679da562593d43f23ee3bfd86252a6d380745f903c959e697880c6775519547f88661a7769d7e2a28f38a0350f9e36846f0

Download Submit
C:\Windows\System\UYfoTxH.exe

Filesize
1.9MB

MD5
fc62bc5de6e1e1fd162e119220deb8f2

SHA1
b68a86307112092be144a74d44942322297e60aa

SHA256
7361509180e3f39ae1c5d47fd401b6b716184ef6577436d2d207e1fa7998962d

SHA512
5042d53af09771276215dc57d5d6a49b747ec0198cebe617eebad9bb4cd986ede19d7f48443c27a7a57e2f6914e36fa74e73c66d4d981254b10718892730b64e

Download Submit
C:\Windows\System\XxGsluI.exe

Filesize
1.9MB

MD5
e3241174cc02747844e375102d2a34a2

SHA1
114c4103b1f062378513332b50d0218728b9a208

SHA256
00fccad9c1618e7824b5d49b793b4a8cc3a46365226837510d2e38500d44ba75

SHA512
1853d2eb995ef636027802ab929bfee4ce9fceda846fcb19a6a64c95d309ae95408288c104c24af8b2ce30d820891497eb4a1f1163657625f205d456c00192d0

Download Submit
C:\Windows\System\YfXFqtT.exe

Filesize
1.9MB

MD5
5a8a868f6e48c1c65508e3941c4cdfa2

SHA1
11826ba59467eef04e90d7a8536e03902a11c895

SHA256
d5b9cb652cffe7ab1b3664a1f2e31094f648ff595d75b16028b1ab650d57cb98

SHA512
c714e59099b0b8bd678b1047b675168fa2992d74740281cb1b93c608a22e395f5fc8818970390d864196d752d94c7dcec6f591353f9c9123f7adee68a61d6430

Download Submit
C:\Windows\System\ZVRkdsO.exe

Filesize
1.9MB

MD5
eb4b42fd2702007fef280f8f0cbfe785

SHA1
755e4a5c50a50955704b92ad7f518728c4255f5f

SHA256
69fbb95579ee4c7b8498bba94c21a19ea05443dd731886438c1e29f9d200c9b6

SHA512
5701a4a171f83232aaf95f474cad44f9bb4067fa643e9c68fdb3b5ca7fe771fa86fffb3a4b3d800b7fb915f407a3579410926fc5b81410cb2538f9c62da35d78

Download Submit
C:\Windows\System\aUuhTyx.exe

Filesize
1.8MB

MD5
c70a5570503b107ebc1d0abf374cea08

SHA1
48007f35e4d8deb54e224f1e19e727f3c5f58166

SHA256
fdbd2920d33574867e16b85e7f4bb29edbf61d2d21f9d8947bd9c8ad57cda2ed

SHA512
0bdf1871862ea4220cafb9809b517dd1ad6bf15e914bac21a458627de46d204d105f3b46391864e43b42739d96f0f8b10c106640e2e6449cc77d4201c57442bc

Download Submit
C:\Windows\System\aUuhTyx.exe

Filesize
192KB

MD5
3c72dbc23a6622fc0ba13a655fe73cb7

SHA1
6400c6610e252688e509f655c0c1742cd3e76fe5

SHA256
60d46b68e2dec4dd54b3b98e2936c740b0a81687ef7e61fcba1931ad2151177b

SHA512
3a7f13d7a9e5345a11dd9caea7215ff9ce8b932aed2a7f40bd5687fae6e2d3d8e292fd0a0419fc98b97394994c5924266d8190f3af6015bdcdaf26d71a97a6cc

Download Submit
C:\Windows\System\bZAQUjX.exe

Filesize
1.9MB

MD5
e197489c72e08376702505be21c0de98

SHA1
4ff580186882781bece9283c67e353f9de870e39

SHA256
3800e420b9c7672284ff3a575b6d9e0da5f53b8061d7cf3a39f72674ff06aa27

SHA512
7604ebcfffad13d89ec61040f611d316bb22dbf7abb1908508b82e853b15b53a90df29bf2bbd12328349bd9d74c9e92f802e16b9c0b1cd35dee7de97aa4974d8

Download Submit
C:\Windows\System\cTkmrJN.exe

Filesize
1.9MB

MD5
53f0aa4db49319200d4ab98c6fad0bc7

SHA1
8c993704a8e19dae0affe06ef2a35b27b4f4127a

SHA256
7e51ae98aeb37f9483f7531a4cfbee29dc5e6ce79130ef96f4e34d70431de37b

SHA512
9e8bf2c7e210cd827dea2fefdbc81043f9af58d304d95fceb49d64a929a4378b34de61f372dabc6297628025c06f901be5657ca2275e9bc10e3617ee9d1bf004

Download Submit
C:\Windows\System\clGRmLS.exe

Filesize
1.8MB

MD5
7d99c5d348325e53aa9f87af5b6476cf

SHA1
37860ed2ffe7a2509ecefa0dc94fd362ad01d845

SHA256
15c33610cc212602211dc456032a8c82250f0c77d09244c27efb4bf8b87f8293

SHA512
ebff6e4bff2fa8b46841e991ef1966d446e465f898d65c9c61c958b5f6fc87a6a1d52364cd39ace1377419b79ec8c4bf987de98b9ee35538271f4a31228be57f

Download Submit
C:\Windows\System\iaXlwMd.exe

Filesize
1.9MB

MD5
f3075e95e7ec274d743b65099efcaad1

SHA1
9e84762f0a0141f954cbdbe77f985e7764eb72fd

SHA256
dc4b1b080557b22fe5d05d9289bd50d2f9e41885339c8e590f2a06cbb464ead5

SHA512
9cf97980dca8f7bba152fb2abe17fa5f56837affff838742b7301e4ccce05ac93a12c7cfe8b96ca86a4d258da9821e91654797bc6a34c94c669013b62ced9072

Download Submit
C:\Windows\System\itYvDym.exe

Filesize
1.9MB

MD5
7462e9cbee195ab540ea1a9b12937b12

SHA1
8edbb25edc482d3dc6af091f3a26989f9d180860

SHA256
8324379fc39f58d9d04c4d4431ae5306a9901cdd5974c9d1955cb8ad095ab13a

SHA512
b700f527946f282bb98d017e253c4fc80774872450ed12ef94b8e55e546308d5a8e9372e6f9ab26dd16f1ba5c850b8952555305356621ba24f69e48ea50d9eaa

Download Submit
C:\Windows\System\jTuuVdy.exe

Filesize
1.9MB

MD5
15072526b8c427a3c6fccc45724728ce

SHA1
35ce06af7ab423f13793e2f40363d5b717afb7ff

SHA256
736cb33258935348e1f390467c029fa24e77fab836e8d13fc6507d74a726659f

SHA512
3958314778f8ed1c06ee8471a8dc3295a688a9ddf087a2c5e3682f83041ba61042b6599a15e3dfdf6cb681d73a399a2297f81c422d6e22230154b52d092cfa88

Download Submit
C:\Windows\System\jriBKZp.exe

Filesize
1.8MB

MD5
6d3443c42ec439282f484a6a7369a33e

SHA1
a285353560fbc2d68a483ac68b911f3b486ae4bc

SHA256
be6923690f0c6a5c7689ac58e3c1c7d09b429401a4872be65d7aa622f01da01e

SHA512
6ea214538fb07c883b87198af1f26ae48d7d1328a3e6440af63ed9ab587d73172291cb8d812a793d5996869624b3d60404700f9f1c651fac95f67e6e82a3c242

Download Submit
C:\Windows\System\lSPYAZc.exe

Filesize
1.8MB

MD5
23ef5d495874ae5c0e45208ba60a43d3

SHA1
0421f62da2435c2e1529ceef37f2693c78cde77f

SHA256
ef08a9188ea26f58119ce415b4c5b94f5128da90c5d53683e98cb52dfcba4d46

SHA512
7ee26abcbf688a8fa50ba882168642286c953e5eb614c483966c2adeef7452b25ad9110192c0e1e0b683c02bfdc23b52e7cf8102147bd9e56a0a8ab34d5c0b08

Download Submit
C:\Windows\System\nwsOafZ.exe

Filesize
1.9MB

MD5
3c4f2a16d96300a4c7edd917531b2b0c

SHA1
9dc547e82065c2b15b0da8870945d314cdebe0cc

SHA256
92a8baa5bb1c8d430930ea749dfc8755872a12f9764fddeabe1bd69545b3d995

SHA512
3168119fd958378cfd68e20ed045fa22bdcf1729767f74773a72deae10d80e07c8c61a99e364811ffae8015934f0de7cdb571a641d11c66708fa2dce1169c178

Download Submit
C:\Windows\System\oFdHcDK.exe

Filesize
1.9MB

MD5
a3b2f2fc5fd60794f9a859f67adf7882

SHA1
20c8b3a482ad1b3e1b862bc9f75ca38c926f5903

SHA256
0d8b6f134593e6c1462fec89ec50d8cf31f907591da3dbc34a4e739432eb603e

SHA512
5f4308ed2979d06d136da23f2025f5268a28a370b57945ba35fef728e8684e761a1ef5c001f228d62d9732e1e03f9416c78aa3b6cfe42f09183dc150710ea753

Download Submit
C:\Windows\System\pkzcDBA.exe

Filesize
42KB

MD5
68b7bb904b345d9a62bdd749b2ad3c1b

SHA1
981b0d2263e4b6268aa139955525fafe80cfdcf5

SHA256
2c216b8d7a7ab8789e8f311d7d3763abca95bb1b84fb0edda7e17c398c6af233

SHA512
cce54c08d8793b7677aca64122c57a90aa1ac4bc8f0a3736829d36637708db6ebd379099bae65a72cf1fa660a9d03aea29338ddba24df84961df5d45a3681e69

Download Submit
C:\Windows\System\qEzEwCg.exe

Filesize
1.9MB

MD5
c7264804237bc4faf0ace01ae0f54950

SHA1
b9bdd3f6d8a02931d26edeb43a74dcdeb6871bc0

SHA256
50df176af88cfc6035898ff83da7381408561232e9082ff9d69edbdb9a8ef25c

SHA512
35a0873507095ed849dec826bca6915a3b0a793f7720c845bb60ec8facb40198687817afd8ddfd492c1dd880b8030a5f7279957470808ceb99ae5f616427fba8

Download Submit
C:\Windows\System\rSsxaIF.exe

Filesize
1.9MB

MD5
a94b9097219b5da5f74405d75d234d38

SHA1
402fd67e4f000205db6ce25ed2d8a15c9e5c1bf7

SHA256
019b5c4472301f35125a7b01bfb0e735951491a3fcfb9003081fedfe68e8bcea

SHA512
356f037fc51ebca3f91c89388d101b129e33f3ec80bc4f74869e1322ae24034b05061a6c182193bd5f7d15bf4712a61dfb8b33a5496b5dff2aca650666122d78

Download Submit
C:\Windows\System\sxXzDtm.exe

Filesize
1.9MB

MD5
86b1d7a955dbed8471822e43480bc325

SHA1
8b7fceb9d876ebb6a4ce5870aaaac4734d8b9783

SHA256
83ada20d02c25449b63e20c16672fab94edb1f8a5c09c6eba95acb4be3eb8c3f

SHA512
78d2a774a78a791abaaac85761dcecad0fb5d04302a5cf377f066c93e7d35d9042784b87f2438237fe39146302dd0e313fca12fab15e124c988be0c1b1827fcb

Download Submit
C:\Windows\System\tCTIcuQ.exe

Filesize
1.9MB

MD5
9ee8168b7a4cfb2bce2f62b2f2c9fdda

SHA1
b3b415f67e4615ad8d40a6bd3d178d0c340e38f5

SHA256
5105ae735fede96df9d40f7a296b8220c92c851cf901cec1cc28a93d1d0100de

SHA512
92fc3f6d5216e18ce64a648dabec76ed7914422c26ad69bcd9ef2015e13627dc66dea1be91a6bafa42cdf86760561a9b27acb946df09ea203a37e9c5a4d50577

Download Submit
C:\Windows\System\uhprycI.exe

Filesize
1.8MB

MD5
9a7028f46be0a27debbae6fec92bb36c

SHA1
1d71fc737c60f1dec8537172a18e07e3b1f6f2f7

SHA256
ce3b01a0e870849813cdc0be2779669cfb77e54c9b6f00c5c8aedaa05f286a4e

SHA512
416e28bf06adbde9f6296cab98faefe2cdb55ef7ddd89f81e3b6df2c9dfdc2bbb90cb87b07e422f25c5f211266e5e2696bbe54c4a58994804d33ac0d2f918f49

Download Submit
C:\Windows\System\vVSGtdw.exe

Filesize
1.9MB

MD5
7d71acfb5d0c4a742a2f6d991f661c96

SHA1
6e3be1f02432965f6f3cae6fc0c7337d0e448f58

SHA256
ea4a30d235ba87adb9c49b3c3a9da2fd0fcf5618fc4fcc55fc2bbc6b8fa58dc3

SHA512
9a1a46198ce79e45bdcb703bc3323e479f556f37d9f9015c0568e112c89b8fc27dc97bf17c6386f1b850af82a14dc068a2a2f2534368a983302b605b7b6042c9

Download Submit
C:\Windows\System\wYwQLBs.exe

Filesize
1.8MB

MD5
14e191db5eed202e44fe8015aa556aa5

SHA1
013544ea36a92e45446c8e0b60e1138f54f25f1b

SHA256
26d08d31147bf202825ff10ee63ff26b8bbdbd712e6c4b5bdd64090e4617a540

SHA512
b68905ca75636f08fe2815c3336328887cbadc5e35cf9bfbce382d37c919699ba1e48622ad9041c1d807e4d549555c8b27f289b74a38ec5f073a3f82713f1990

Download Submit
C:\Windows\System\xOWKrIo.exe

Filesize
1.9MB

MD5
b246b2f04c1a9e63e104f4f99ea9d69c

SHA1
1c4d5dbd5a83d7bd9cc3aaa8a9a73e843bd4f207

SHA256
af6b5b24919b59b1cc5ede8dbd4da124f435f4bc3c8f7eabeca7fb2fe108a4bc

SHA512
c63fb39bd20edd3fa68158cf252d2d70320b7126288f75fba54d1da465ab5b1c55dfce026c76e54ded458a2f08415b4a5e7d1d774ea220d3c4433e54ee17aa65

Download Submit
memory/380-304-0x00007FF665B10000-0x00007FF665F02000-memory.dmp

Filesize
3.9MB

Download
memory/440-322-0x00007FF649810000-0x00007FF649C02000-memory.dmp

Filesize
3.9MB

Download
memory/452-232-0x00007FF6FF4A0000-0x00007FF6FF892000-memory.dmp

Filesize
3.9MB

Download
memory/572-303-0x00007FF73BFF0000-0x00007FF73C3E2000-memory.dmp

Filesize
3.9MB

Download
memory/696-305-0x00007FF7C0690000-0x00007FF7C0A82000-memory.dmp

Filesize
3.9MB

Download
memory/736-329-0x000001F8E91B0000-0x000001F8E91C0000-memory.dmp

Filesize
64KB

Download
memory/736-222-0x00007FFD2A2E0000-0x00007FFD2ADA1000-memory.dmp

Filesize
10.8MB

Download
memory/736-250-0x000001F8E9270000-0x000001F8E9292000-memory.dmp

Filesize
136KB

Download
memory/760-0-0x00007FF7636D0000-0x00007FF763AC2000-memory.dmp

Filesize
3.9MB

Download
memory/760-1-0x0000028A70A20000-0x0000028A70A30000-memory.dmp

Filesize
64KB

Download
memory/836-328-0x00007FF610750000-0x00007FF610B42000-memory.dmp

Filesize
3.9MB

Download
memory/880-307-0x00007FF678540000-0x00007FF678932000-memory.dmp

Filesize
3.9MB

Download
memory/1112-295-0x00007FF60C630000-0x00007FF60CA22000-memory.dmp

Filesize
3.9MB

Download
memory/1284-225-0x00007FF657740000-0x00007FF657B32000-memory.dmp

Filesize
3.9MB

Download
memory/1416-313-0x00007FF792A30000-0x00007FF792E22000-memory.dmp

Filesize
3.9MB

Download
memory/1620-309-0x00007FF6EA250000-0x00007FF6EA642000-memory.dmp

Filesize
3.9MB

Download
memory/1648-330-0x00007FF641740000-0x00007FF641B32000-memory.dmp

Filesize
3.9MB

Download
memory/1692-306-0x00007FF6731B0000-0x00007FF6735A2000-memory.dmp

Filesize
3.9MB

Download
memory/1700-233-0x00007FF70CC50000-0x00007FF70D042000-memory.dmp

Filesize
3.9MB

Download
memory/1708-298-0x00007FF7A6990000-0x00007FF7A6D82000-memory.dmp

Filesize
3.9MB

Download
memory/1748-227-0x00007FF68E100000-0x00007FF68E4F2000-memory.dmp

Filesize
3.9MB

Download
memory/1936-318-0x00007FF76B7F0000-0x00007FF76BBE2000-memory.dmp

Filesize
3.9MB

Download
memory/2052-81-0x00007FF626140000-0x00007FF626532000-memory.dmp

Filesize
3.9MB

Download
memory/2264-280-0x00007FF7E1670000-0x00007FF7E1A62000-memory.dmp

Filesize
3.9MB

Download
memory/2308-228-0x00007FF715B50000-0x00007FF715F42000-memory.dmp

Filesize
3.9MB

Download
memory/2324-301-0x00007FF734F40000-0x00007FF735332000-memory.dmp

Filesize
3.9MB

Download
memory/2388-327-0x00007FF6A76D0000-0x00007FF6A7AC2000-memory.dmp

Filesize
3.9MB

Download
memory/2584-300-0x00007FF6F6C00000-0x00007FF6F6FF2000-memory.dmp

Filesize
3.9MB

Download
memory/2588-297-0x00007FF725190000-0x00007FF725582000-memory.dmp

Filesize
3.9MB

Download
memory/2900-130-0x00007FF674150000-0x00007FF674542000-memory.dmp

Filesize
3.9MB

Download
memory/2912-95-0x00007FF695E00000-0x00007FF6961F2000-memory.dmp

Filesize
3.9MB

Download
memory/3056-316-0x00007FF791B50000-0x00007FF791F42000-memory.dmp

Filesize
3.9MB

Download
memory/3116-320-0x00007FF787C50000-0x00007FF788042000-memory.dmp

Filesize
3.9MB

Download
memory/3160-20-0x00007FF637A50000-0x00007FF637E42000-memory.dmp

Filesize
3.9MB

Download
memory/3176-290-0x00007FF6E8FF0000-0x00007FF6E93E2000-memory.dmp

Filesize
3.9MB

Download
memory/3448-231-0x00007FF6F6FB0000-0x00007FF6F73A2000-memory.dmp

Filesize
3.9MB

Download
memory/3620-11-0x00007FF735770000-0x00007FF735B62000-memory.dmp

Filesize
3.9MB

Download
memory/3668-223-0x00007FF7490A0000-0x00007FF749492000-memory.dmp

Filesize
3.9MB

Download
memory/3744-56-0x00007FF7DAC80000-0x00007FF7DB072000-memory.dmp

Filesize
3.9MB

Download
memory/3824-224-0x00007FF7364B0000-0x00007FF7368A2000-memory.dmp

Filesize
3.9MB

Download
memory/3988-37-0x00007FF79D920000-0x00007FF79DD12000-memory.dmp

Filesize
3.9MB

Download
memory/3992-321-0x00007FF668D70000-0x00007FF669162000-memory.dmp

Filesize
3.9MB

Download
memory/4128-319-0x00007FF7BA3A0000-0x00007FF7BA792000-memory.dmp

Filesize
3.9MB

Download
memory/4232-229-0x00007FF6C0AB0000-0x00007FF6C0EA2000-memory.dmp

Filesize
3.9MB

Download
memory/4264-296-0x00007FF7E28F0000-0x00007FF7E2CE2000-memory.dmp

Filesize
3.9MB

Download
memory/4332-310-0x00007FF6C8C70000-0x00007FF6C9062000-memory.dmp

Filesize
3.9MB

Download
memory/4440-311-0x00007FF64D0F0000-0x00007FF64D4E2000-memory.dmp

Filesize
3.9MB

Download
memory/4520-286-0x00007FF72BAF0000-0x00007FF72BEE2000-memory.dmp

Filesize
3.9MB

Download
memory/4572-226-0x00007FF6A4620000-0x00007FF6A4A12000-memory.dmp

Filesize
3.9MB

Download
memory/4592-312-0x00007FF79A750000-0x00007FF79AB42000-memory.dmp

Filesize
3.9MB

Download
memory/4652-308-0x00007FF7363C0000-0x00007FF7367B2000-memory.dmp

Filesize
3.9MB

Download
memory/4716-299-0x00007FF71D2E0000-0x00007FF71D6D2000-memory.dmp

Filesize
3.9MB

Download
memory/4780-302-0x00007FF6A61D0000-0x00007FF6A65C2000-memory.dmp

Filesize
3.9MB

Download
memory/4824-230-0x00007FF77CE80000-0x00007FF77D272000-memory.dmp

Filesize
3.9MB

Download
memory/4828-216-0x00007FF605BB0000-0x00007FF605FA2000-memory.dmp

Filesize
3.9MB

Download
memory/4864-314-0x00007FF63C640000-0x00007FF63CA32000-memory.dmp

Filesize
3.9MB

Download
memory/4912-326-0x00007FF7E37D0000-0x00007FF7E3BC2000-memory.dmp

Filesize
3.9MB

Download
memory/4992-294-0x00007FF6FA360000-0x00007FF6FA752000-memory.dmp

Filesize
3.9MB

Download
memory/5052-315-0x00007FF6DBEC0000-0x00007FF6DC2B2000-memory.dmp

Filesize
3.9MB

Download
memory/5056-317-0x00007FF7C0930000-0x00007FF7C0D22000-memory.dmp

Filesize
3.9MB

Download
memory/5080-87-0x00007FF7CF330000-0x00007FF7CF722000-memory.dmp

Filesize
3.9MB

Download
memory/5096-162-0x00007FF7E3520000-0x00007FF7E3912000-memory.dmp

Filesize
3.9MB

Download
memory/5136-323-0x00007FF6BCA50000-0x00007FF6BCE42000-memory.dmp

Filesize
3.9MB

Download
memory/5164-324-0x00007FF7DBD00000-0x00007FF7DC0F2000-memory.dmp

Filesize
3.9MB

Download
memory/5184-325-0x00007FF72F750000-0x00007FF72FB42000-memory.dmp

Filesize
3.9MB

Download