xmrig | 481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15/04/2024, 20:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
Size

1.4MB
MD5

b17163249d15171777193ac43da801f1
SHA1

47306965dd17509303cb4a53095b71c365445b81
SHA256

481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca
SHA512

8993169e5e26904459994fcd8d67285df30b288b666f9caf7d033a3ba61e6d5399edf14c0daec4c14ce41365336a0681973420251d92473eb90c98ef34649678
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjhMgXQP9+G5KBe2ulQ9PRKHK+:Lz071uv4BPMkHC0INx29L5KQ2uBt

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 18 IoCs

resource	yara_rule
behavioral2/memory/2868-496-0x00007FF608730000-0x00007FF608B22000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3296-745-0x00007FF693290000-0x00007FF693682000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1480-778-0x00007FF6741B0000-0x00007FF6745A2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/492-790-0x00007FF63E310000-0x00007FF63E702000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3036-793-0x00007FF6B0EB0000-0x00007FF6B12A2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4420-796-0x00007FF6864C0000-0x00007FF6868B2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4488-1271-0x00007FF79A270000-0x00007FF79A662000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/9380-2008-0x00007FF66D050000-0x00007FF66D442000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3156-1304-0x00007FF7FF740000-0x00007FF7FFB32000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3504-795-0x00007FF66EDC0000-0x00007FF66F1B2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4112-794-0x00007FF7A2010000-0x00007FF7A2402000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3728-792-0x00007FF7710F0000-0x00007FF7714E2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3976-791-0x00007FF68CEB0000-0x00007FF68D2A2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1812-789-0x00007FF77F950000-0x00007FF77FD42000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2716-788-0x00007FF6B9380000-0x00007FF6B9772000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3780-348-0x00007FF7E2C10000-0x00007FF7E3002000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2840-246-0x00007FF61CD00000-0x00007FF61D0F2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3160-38-0x00007FF73EF50000-0x00007FF73F342000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/3344-0-0x00007FF61A8D0000-0x00007FF61ACC2000-memory.dmp	UPX
behavioral2/files/0x00080000000233ed-6.dat	UPX
behavioral2/files/0x00070000000233f4-41.dat	UPX
behavioral2/files/0x00070000000233f8-64.dat	UPX
behavioral2/files/0x0007000000023400-107.dat	UPX
behavioral2/memory/2868-496-0x00007FF608730000-0x00007FF608B22000-memory.dmp	UPX
behavioral2/memory/3296-745-0x00007FF693290000-0x00007FF693682000-memory.dmp	UPX
behavioral2/memory/1480-778-0x00007FF6741B0000-0x00007FF6745A2000-memory.dmp	UPX
behavioral2/memory/492-790-0x00007FF63E310000-0x00007FF63E702000-memory.dmp	UPX
behavioral2/memory/3036-793-0x00007FF6B0EB0000-0x00007FF6B12A2000-memory.dmp	UPX
behavioral2/memory/4420-796-0x00007FF6864C0000-0x00007FF6868B2000-memory.dmp	UPX
behavioral2/memory/4488-1271-0x00007FF79A270000-0x00007FF79A662000-memory.dmp	UPX
behavioral2/memory/8320-1856-0x00007FF787590000-0x00007FF787982000-memory.dmp	UPX
behavioral2/memory/9896-1869-0x00007FF613C90000-0x00007FF614082000-memory.dmp	UPX
behavioral2/memory/6840-1950-0x00007FF724FB0000-0x00007FF7253A2000-memory.dmp	UPX
behavioral2/memory/6820-1949-0x00007FF7629A0000-0x00007FF762D92000-memory.dmp	UPX
behavioral2/memory/6356-1982-0x00007FF6263E0000-0x00007FF6267D2000-memory.dmp	UPX
behavioral2/memory/7552-2185-0x00007FF7B3C70000-0x00007FF7B4062000-memory.dmp	UPX
behavioral2/memory/7696-2065-0x00007FF6559E0000-0x00007FF655DD2000-memory.dmp	UPX
behavioral2/memory/7628-2015-0x00007FF6122C0000-0x00007FF6126B2000-memory.dmp	UPX
behavioral2/memory/9252-2014-0x00007FF70CA00000-0x00007FF70CDF2000-memory.dmp	UPX
behavioral2/memory/9328-2013-0x00007FF6823A0000-0x00007FF682792000-memory.dmp	UPX
behavioral2/memory/8660-2012-0x00007FF77F450000-0x00007FF77F842000-memory.dmp	UPX
behavioral2/memory/9312-2011-0x00007FF7E64E0000-0x00007FF7E68D2000-memory.dmp	UPX
behavioral2/memory/9672-2010-0x00007FF79D330000-0x00007FF79D722000-memory.dmp	UPX
behavioral2/memory/9688-1995-0x00007FF7B42B0000-0x00007FF7B46A2000-memory.dmp	UPX
behavioral2/memory/7272-1985-0x00007FF7DF4D0000-0x00007FF7DF8C2000-memory.dmp	UPX
behavioral2/memory/10940-1984-0x00007FF73A9B0000-0x00007FF73ADA2000-memory.dmp	UPX
behavioral2/memory/8044-1980-0x00007FF7F1F50000-0x00007FF7F2342000-memory.dmp	UPX
behavioral2/memory/10208-1978-0x00007FF6AEDE0000-0x00007FF6AF1D2000-memory.dmp	UPX
behavioral2/memory/8120-1977-0x00007FF69F1D0000-0x00007FF69F5C2000-memory.dmp	UPX
behavioral2/memory/7916-1976-0x00007FF7C2330000-0x00007FF7C2722000-memory.dmp	UPX
behavioral2/memory/9380-2008-0x00007FF66D050000-0x00007FF66D442000-memory.dmp	UPX
behavioral2/memory/5708-1969-0x00007FF6161B0000-0x00007FF6165A2000-memory.dmp	UPX
behavioral2/memory/6348-1968-0x00007FF6E0C80000-0x00007FF6E1072000-memory.dmp	UPX
behavioral2/memory/8048-1967-0x00007FF7F8A20000-0x00007FF7F8E12000-memory.dmp	UPX
behavioral2/memory/10152-1964-0x00007FF616A80000-0x00007FF616E72000-memory.dmp	UPX
behavioral2/memory/9968-1963-0x00007FF6D0490000-0x00007FF6D0882000-memory.dmp	UPX
behavioral2/memory/4472-1962-0x00007FF6372E0000-0x00007FF6376D2000-memory.dmp	UPX
behavioral2/memory/7440-1960-0x00007FF657D10000-0x00007FF658102000-memory.dmp	UPX
behavioral2/memory/7388-1959-0x00007FF76DA10000-0x00007FF76DE02000-memory.dmp	UPX
behavioral2/memory/7476-1958-0x00007FF669290000-0x00007FF669682000-memory.dmp	UPX
behavioral2/memory/10168-1957-0x00007FF7A0EB0000-0x00007FF7A12A2000-memory.dmp	UPX
behavioral2/memory/7648-1956-0x00007FF718EA0000-0x00007FF719292000-memory.dmp	UPX
behavioral2/memory/9272-1955-0x00007FF6FB500000-0x00007FF6FB8F2000-memory.dmp	UPX
behavioral2/memory/10784-1954-0x00007FF72ABC0000-0x00007FF72AFB2000-memory.dmp	UPX
behavioral2/memory/9524-1953-0x00007FF65C070000-0x00007FF65C462000-memory.dmp	UPX
behavioral2/memory/8852-1952-0x00007FF61EB40000-0x00007FF61EF32000-memory.dmp	UPX
behavioral2/memory/5848-1979-0x00007FF70CDD0000-0x00007FF70D1C2000-memory.dmp	UPX
behavioral2/memory/7680-1966-0x00007FF7F8B80000-0x00007FF7F8F72000-memory.dmp	UPX
behavioral2/memory/7716-1961-0x00007FF67B840000-0x00007FF67BC32000-memory.dmp	UPX
behavioral2/memory/9736-1868-0x00007FF724D10000-0x00007FF725102000-memory.dmp	UPX
behavioral2/memory/9600-1878-0x00007FF7AB550000-0x00007FF7AB942000-memory.dmp	UPX
behavioral2/memory/8388-1857-0x00007FF69C8A0000-0x00007FF69CC92000-memory.dmp	UPX
behavioral2/memory/3156-1304-0x00007FF7FF740000-0x00007FF7FFB32000-memory.dmp	UPX
behavioral2/memory/3504-795-0x00007FF66EDC0000-0x00007FF66F1B2000-memory.dmp	UPX
behavioral2/memory/4112-794-0x00007FF7A2010000-0x00007FF7A2402000-memory.dmp	UPX
behavioral2/memory/3728-792-0x00007FF7710F0000-0x00007FF7714E2000-memory.dmp	UPX
behavioral2/memory/3976-791-0x00007FF68CEB0000-0x00007FF68D2A2000-memory.dmp	UPX
behavioral2/memory/1812-789-0x00007FF77F950000-0x00007FF77FD42000-memory.dmp	UPX
behavioral2/memory/2716-788-0x00007FF6B9380000-0x00007FF6B9772000-memory.dmp	UPX
behavioral2/memory/3780-348-0x00007FF7E2C10000-0x00007FF7E3002000-memory.dmp	UPX
behavioral2/memory/2840-246-0x00007FF61CD00000-0x00007FF61D0F2000-memory.dmp	UPX
behavioral2/files/0x0007000000023416-235.dat	UPX

XMRig Miner payload 18 IoCs

miner

resource	yara_rule
behavioral2/memory/2868-496-0x00007FF608730000-0x00007FF608B22000-memory.dmp	xmrig
behavioral2/memory/3296-745-0x00007FF693290000-0x00007FF693682000-memory.dmp	xmrig
behavioral2/memory/1480-778-0x00007FF6741B0000-0x00007FF6745A2000-memory.dmp	xmrig
behavioral2/memory/492-790-0x00007FF63E310000-0x00007FF63E702000-memory.dmp	xmrig
behavioral2/memory/3036-793-0x00007FF6B0EB0000-0x00007FF6B12A2000-memory.dmp	xmrig
behavioral2/memory/4420-796-0x00007FF6864C0000-0x00007FF6868B2000-memory.dmp	xmrig
behavioral2/memory/4488-1271-0x00007FF79A270000-0x00007FF79A662000-memory.dmp	xmrig
behavioral2/memory/9380-2008-0x00007FF66D050000-0x00007FF66D442000-memory.dmp	xmrig
behavioral2/memory/3156-1304-0x00007FF7FF740000-0x00007FF7FFB32000-memory.dmp	xmrig
behavioral2/memory/3504-795-0x00007FF66EDC0000-0x00007FF66F1B2000-memory.dmp	xmrig
behavioral2/memory/4112-794-0x00007FF7A2010000-0x00007FF7A2402000-memory.dmp	xmrig
behavioral2/memory/3728-792-0x00007FF7710F0000-0x00007FF7714E2000-memory.dmp	xmrig
behavioral2/memory/3976-791-0x00007FF68CEB0000-0x00007FF68D2A2000-memory.dmp	xmrig
behavioral2/memory/1812-789-0x00007FF77F950000-0x00007FF77FD42000-memory.dmp	xmrig
behavioral2/memory/2716-788-0x00007FF6B9380000-0x00007FF6B9772000-memory.dmp	xmrig
behavioral2/memory/3780-348-0x00007FF7E2C10000-0x00007FF7E3002000-memory.dmp	xmrig
behavioral2/memory/2840-246-0x00007FF61CD00000-0x00007FF61D0F2000-memory.dmp	xmrig
behavioral2/memory/3160-38-0x00007FF73EF50000-0x00007FF73F342000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4100	hubFaaB.exe
3160	NWRbIyo.exe
2840	tPsHUGM.exe
3780	yNwVjaN.exe
2868	mXLoPVj.exe
3296	hWJsDJt.exe
3060	AmosfxC.exe
1480	IkeUvjn.exe
2716	atTwsEt.exe
1812	SZwFMvV.exe
492	DEIGMky.exe
3976	OdsAnkA.exe
3728	PRuIUum.exe
3036	lTHpvAr.exe
4112	MoiUmxK.exe
1428	kvprgiQ.exe
3504	zAUwARr.exe
4420	JKcHcpW.exe
4488	PKwXmLk.exe
3156	FCUXmYh.exe
1944	TCVUxZf.exe
2596	ppCbGzb.exe
4816	CpunNvd.exe
924	axwwqWA.exe
3328	vHkDYqu.exe
2644	fXQUUBc.exe
5000	VGOUdxr.exe
3672	HzbutWw.exe
4596	MSdOEAf.exe
4600	pBxzLMg.exe
892	EXdruJa.exe
4264	aadSEsY.exe
1092	jbuWfCG.exe
2412	qlwGyCD.exe
2016	yjdjBqX.exe
4088	ybKfRcJ.exe
1540	IfXmLku.exe
768	DoNXAXI.exe
4560	toiVWIc.exe
1704	DHhDuEE.exe
4396	oLvplRF.exe
3652	IAKcOxE.exe
4832	CBOYBIA.exe
1424	qZPGxvI.exe
4924	FpOziTs.exe
408	kjftWEk.exe
1308	WJXcYIR.exe
4436	JKJpbuS.exe
1604	shBOSXu.exe
4556	zWPjNUt.exe
2104	trZLSfD.exe
2404	zPZkiSR.exe
4244	wqaLpMZ.exe
4372	xGPZeRW.exe
752	IqoQKUR.exe
2880	tqVkZCh.exe
2184	gPdQFwi.exe
1584	KqSbazj.exe
760	wvHesXo.exe
3956	QgHmWDj.exe
1260	fhBBhXa.exe
4044	rZdtPoV.exe
3628	jFIltLW.exe
4972	SLERCoe.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3344-0-0x00007FF61A8D0000-0x00007FF61ACC2000-memory.dmp	upx
behavioral2/files/0x00080000000233ed-6.dat	upx
behavioral2/files/0x00070000000233f4-41.dat	upx
behavioral2/files/0x00070000000233f8-64.dat	upx
behavioral2/files/0x0007000000023400-107.dat	upx
behavioral2/memory/2868-496-0x00007FF608730000-0x00007FF608B22000-memory.dmp	upx
behavioral2/memory/3296-745-0x00007FF693290000-0x00007FF693682000-memory.dmp	upx
behavioral2/memory/1480-778-0x00007FF6741B0000-0x00007FF6745A2000-memory.dmp	upx
behavioral2/memory/492-790-0x00007FF63E310000-0x00007FF63E702000-memory.dmp	upx
behavioral2/memory/3036-793-0x00007FF6B0EB0000-0x00007FF6B12A2000-memory.dmp	upx
behavioral2/memory/4420-796-0x00007FF6864C0000-0x00007FF6868B2000-memory.dmp	upx
behavioral2/memory/4488-1271-0x00007FF79A270000-0x00007FF79A662000-memory.dmp	upx
behavioral2/memory/8320-1856-0x00007FF787590000-0x00007FF787982000-memory.dmp	upx
behavioral2/memory/9896-1869-0x00007FF613C90000-0x00007FF614082000-memory.dmp	upx
behavioral2/memory/6840-1950-0x00007FF724FB0000-0x00007FF7253A2000-memory.dmp	upx
behavioral2/memory/6820-1949-0x00007FF7629A0000-0x00007FF762D92000-memory.dmp	upx
behavioral2/memory/6356-1982-0x00007FF6263E0000-0x00007FF6267D2000-memory.dmp	upx
behavioral2/memory/7552-2185-0x00007FF7B3C70000-0x00007FF7B4062000-memory.dmp	upx
behavioral2/memory/7696-2065-0x00007FF6559E0000-0x00007FF655DD2000-memory.dmp	upx
behavioral2/memory/7628-2015-0x00007FF6122C0000-0x00007FF6126B2000-memory.dmp	upx
behavioral2/memory/9252-2014-0x00007FF70CA00000-0x00007FF70CDF2000-memory.dmp	upx
behavioral2/memory/9328-2013-0x00007FF6823A0000-0x00007FF682792000-memory.dmp	upx
behavioral2/memory/8660-2012-0x00007FF77F450000-0x00007FF77F842000-memory.dmp	upx
behavioral2/memory/9312-2011-0x00007FF7E64E0000-0x00007FF7E68D2000-memory.dmp	upx
behavioral2/memory/9672-2010-0x00007FF79D330000-0x00007FF79D722000-memory.dmp	upx
behavioral2/memory/9688-1995-0x00007FF7B42B0000-0x00007FF7B46A2000-memory.dmp	upx
behavioral2/memory/7272-1985-0x00007FF7DF4D0000-0x00007FF7DF8C2000-memory.dmp	upx
behavioral2/memory/10940-1984-0x00007FF73A9B0000-0x00007FF73ADA2000-memory.dmp	upx
behavioral2/memory/8044-1980-0x00007FF7F1F50000-0x00007FF7F2342000-memory.dmp	upx
behavioral2/memory/10208-1978-0x00007FF6AEDE0000-0x00007FF6AF1D2000-memory.dmp	upx
behavioral2/memory/8120-1977-0x00007FF69F1D0000-0x00007FF69F5C2000-memory.dmp	upx
behavioral2/memory/7916-1976-0x00007FF7C2330000-0x00007FF7C2722000-memory.dmp	upx
behavioral2/memory/9380-2008-0x00007FF66D050000-0x00007FF66D442000-memory.dmp	upx
behavioral2/memory/5708-1969-0x00007FF6161B0000-0x00007FF6165A2000-memory.dmp	upx
behavioral2/memory/6348-1968-0x00007FF6E0C80000-0x00007FF6E1072000-memory.dmp	upx
behavioral2/memory/8048-1967-0x00007FF7F8A20000-0x00007FF7F8E12000-memory.dmp	upx
behavioral2/memory/10152-1964-0x00007FF616A80000-0x00007FF616E72000-memory.dmp	upx
behavioral2/memory/9968-1963-0x00007FF6D0490000-0x00007FF6D0882000-memory.dmp	upx
behavioral2/memory/4472-1962-0x00007FF6372E0000-0x00007FF6376D2000-memory.dmp	upx
behavioral2/memory/7440-1960-0x00007FF657D10000-0x00007FF658102000-memory.dmp	upx
behavioral2/memory/7388-1959-0x00007FF76DA10000-0x00007FF76DE02000-memory.dmp	upx
behavioral2/memory/7476-1958-0x00007FF669290000-0x00007FF669682000-memory.dmp	upx
behavioral2/memory/10168-1957-0x00007FF7A0EB0000-0x00007FF7A12A2000-memory.dmp	upx
behavioral2/memory/7648-1956-0x00007FF718EA0000-0x00007FF719292000-memory.dmp	upx
behavioral2/memory/9272-1955-0x00007FF6FB500000-0x00007FF6FB8F2000-memory.dmp	upx
behavioral2/memory/10784-1954-0x00007FF72ABC0000-0x00007FF72AFB2000-memory.dmp	upx
behavioral2/memory/9524-1953-0x00007FF65C070000-0x00007FF65C462000-memory.dmp	upx
behavioral2/memory/8852-1952-0x00007FF61EB40000-0x00007FF61EF32000-memory.dmp	upx
behavioral2/memory/5848-1979-0x00007FF70CDD0000-0x00007FF70D1C2000-memory.dmp	upx
behavioral2/memory/7680-1966-0x00007FF7F8B80000-0x00007FF7F8F72000-memory.dmp	upx
behavioral2/memory/7716-1961-0x00007FF67B840000-0x00007FF67BC32000-memory.dmp	upx
behavioral2/memory/9736-1868-0x00007FF724D10000-0x00007FF725102000-memory.dmp	upx
behavioral2/memory/9600-1878-0x00007FF7AB550000-0x00007FF7AB942000-memory.dmp	upx
behavioral2/memory/8388-1857-0x00007FF69C8A0000-0x00007FF69CC92000-memory.dmp	upx
behavioral2/memory/3156-1304-0x00007FF7FF740000-0x00007FF7FFB32000-memory.dmp	upx
behavioral2/memory/3504-795-0x00007FF66EDC0000-0x00007FF66F1B2000-memory.dmp	upx
behavioral2/memory/4112-794-0x00007FF7A2010000-0x00007FF7A2402000-memory.dmp	upx
behavioral2/memory/3728-792-0x00007FF7710F0000-0x00007FF7714E2000-memory.dmp	upx
behavioral2/memory/3976-791-0x00007FF68CEB0000-0x00007FF68D2A2000-memory.dmp	upx
behavioral2/memory/1812-789-0x00007FF77F950000-0x00007FF77FD42000-memory.dmp	upx
behavioral2/memory/2716-788-0x00007FF6B9380000-0x00007FF6B9772000-memory.dmp	upx
behavioral2/memory/3780-348-0x00007FF7E2C10000-0x00007FF7E3002000-memory.dmp	upx
behavioral2/memory/2840-246-0x00007FF61CD00000-0x00007FF61D0F2000-memory.dmp	upx
behavioral2/files/0x0007000000023416-235.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\bqULCxe.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\chNTosN.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\jTFULZJ.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\bRFopTD.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\BXSVqFL.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\ruHxRZP.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\jyJNNMF.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\EwoQzOR.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\SoKWuLo.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\xvcRtBY.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\SNIkZgq.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\ACEGxTm.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\bCMOFXW.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\BpVsiDN.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\nMBDSWN.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\SNaQEWS.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\MxIWxYw.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\MyYHNLS.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\QjHWzAR.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\dYpzixg.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\FRzIsLk.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\wzIOGdr.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\FYDUMfV.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\hAMnsdk.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\jLQGdlL.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\fuJHxwV.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\KlNeuAJ.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\tXvFvAf.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\oGJowbO.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\SlAbrxW.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\OsOTEwQ.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\ASwMqHy.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\TAcQQmT.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\DRElNIY.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\HHmknFQ.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\cxuVeVZ.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\RzmUmrN.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\lOGmBLd.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\cTHYKiG.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\MkCzrfe.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\ziuySxw.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\nVuHZsR.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\PvhcnbZ.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\VYqaNIW.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\TXWGpBh.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\xMTmqQI.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\dPoYyCD.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\vkxjUJi.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\KGDFbfp.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\utvIxZW.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\OaGeQvk.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\wcpJErX.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\VvyESMS.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\uFQNpft.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\upSbwdf.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\RUWKius.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\TUlRcAH.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\gxlnMgL.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\cXfnibe.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\SYqGgXe.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\qAjNgKA.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\AKMhZIK.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\eSLaxPX.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
File created	C:\Windows\System\rFyvdcT.exe	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4904	powershell.exe
4904	powershell.exe
4904	powershell.exe
4904	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4904	powershell.exe
Token: SeLockMemoryPrivilege	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
Token: SeLockMemoryPrivilege	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3344 wrote to memory of 4904	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	89
PID 3344 wrote to memory of 4904	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	89
PID 3344 wrote to memory of 4100	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	90
PID 3344 wrote to memory of 4100	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	90
PID 3344 wrote to memory of 3160	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	91
PID 3344 wrote to memory of 3160	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	91
PID 3344 wrote to memory of 2840	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	92
PID 3344 wrote to memory of 2840	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	92
PID 3344 wrote to memory of 3780	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	93
PID 3344 wrote to memory of 3780	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	93
PID 3344 wrote to memory of 2868	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	94
PID 3344 wrote to memory of 2868	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	94
PID 3344 wrote to memory of 3296	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	95
PID 3344 wrote to memory of 3296	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	95
PID 3344 wrote to memory of 492	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	96
PID 3344 wrote to memory of 492	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	96
PID 3344 wrote to memory of 3060	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	97
PID 3344 wrote to memory of 3060	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	97
PID 3344 wrote to memory of 3976	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	98
PID 3344 wrote to memory of 3976	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	98
PID 3344 wrote to memory of 1480	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	99
PID 3344 wrote to memory of 1480	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	99
PID 3344 wrote to memory of 2716	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	100
PID 3344 wrote to memory of 2716	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	100
PID 3344 wrote to memory of 1812	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	101
PID 3344 wrote to memory of 1812	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	101
PID 3344 wrote to memory of 3728	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	102
PID 3344 wrote to memory of 3728	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	102
PID 3344 wrote to memory of 3036	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	103
PID 3344 wrote to memory of 3036	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	103
PID 3344 wrote to memory of 4112	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	104
PID 3344 wrote to memory of 4112	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	104
PID 3344 wrote to memory of 1428	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	105
PID 3344 wrote to memory of 1428	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	105
PID 3344 wrote to memory of 4816	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	106
PID 3344 wrote to memory of 4816	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	106
PID 3344 wrote to memory of 924	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	107
PID 3344 wrote to memory of 924	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	107
PID 3344 wrote to memory of 3504	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	108
PID 3344 wrote to memory of 3504	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	108
PID 3344 wrote to memory of 4420	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	109
PID 3344 wrote to memory of 4420	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	109
PID 3344 wrote to memory of 4488	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	110
PID 3344 wrote to memory of 4488	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	110
PID 3344 wrote to memory of 3156	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	111
PID 3344 wrote to memory of 3156	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	111
PID 3344 wrote to memory of 1944	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	112
PID 3344 wrote to memory of 1944	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	112
PID 3344 wrote to memory of 2596	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	113
PID 3344 wrote to memory of 2596	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	113
PID 3344 wrote to memory of 3328	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	114
PID 3344 wrote to memory of 3328	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	114
PID 3344 wrote to memory of 2644	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	115
PID 3344 wrote to memory of 2644	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	115
PID 3344 wrote to memory of 5000	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	116
PID 3344 wrote to memory of 5000	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	116
PID 3344 wrote to memory of 3672	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	117
PID 3344 wrote to memory of 3672	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	117
PID 3344 wrote to memory of 1704	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	118
PID 3344 wrote to memory of 1704	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	118
PID 3344 wrote to memory of 4396	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	119
PID 3344 wrote to memory of 4396	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	119
PID 3344 wrote to memory of 4596	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	120
PID 3344 wrote to memory of 4596	3344	481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe	120

C:\Users\Admin\AppData\Local\Temp\481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe
"C:\Users\Admin\AppData\Local\Temp\481e684ad498523df8ef578d609d920599c2fb8dbcaf2c802fa5dacce9b5bfca.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3344
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4904
- C:\Windows\System\hubFaaB.exe
  C:\Windows\System\hubFaaB.exe
  2⤵
  - Executes dropped EXE
  PID:4100
- C:\Windows\System\NWRbIyo.exe
  C:\Windows\System\NWRbIyo.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\tPsHUGM.exe
  C:\Windows\System\tPsHUGM.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\yNwVjaN.exe
  C:\Windows\System\yNwVjaN.exe
  2⤵
  - Executes dropped EXE
  PID:3780
- C:\Windows\System\mXLoPVj.exe
  C:\Windows\System\mXLoPVj.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\hWJsDJt.exe
  C:\Windows\System\hWJsDJt.exe
  2⤵
  - Executes dropped EXE
  PID:3296
- C:\Windows\System\DEIGMky.exe
  C:\Windows\System\DEIGMky.exe
  2⤵
  - Executes dropped EXE
  PID:492
- C:\Windows\System\AmosfxC.exe
  C:\Windows\System\AmosfxC.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\OdsAnkA.exe
  C:\Windows\System\OdsAnkA.exe
  2⤵
  - Executes dropped EXE
  PID:3976
- C:\Windows\System\IkeUvjn.exe
  C:\Windows\System\IkeUvjn.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\atTwsEt.exe
  C:\Windows\System\atTwsEt.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\SZwFMvV.exe
  C:\Windows\System\SZwFMvV.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\PRuIUum.exe
  C:\Windows\System\PRuIUum.exe
  2⤵
  - Executes dropped EXE
  PID:3728
- C:\Windows\System\lTHpvAr.exe
  C:\Windows\System\lTHpvAr.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\MoiUmxK.exe
  C:\Windows\System\MoiUmxK.exe
  2⤵
  - Executes dropped EXE
  PID:4112
- C:\Windows\System\kvprgiQ.exe
  C:\Windows\System\kvprgiQ.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\CpunNvd.exe
  C:\Windows\System\CpunNvd.exe
  2⤵
  - Executes dropped EXE
  PID:4816
- C:\Windows\System\axwwqWA.exe
  C:\Windows\System\axwwqWA.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\zAUwARr.exe
  C:\Windows\System\zAUwARr.exe
  2⤵
  - Executes dropped EXE
  PID:3504
- C:\Windows\System\JKcHcpW.exe
  C:\Windows\System\JKcHcpW.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\PKwXmLk.exe
  C:\Windows\System\PKwXmLk.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\FCUXmYh.exe
  C:\Windows\System\FCUXmYh.exe
  2⤵
  - Executes dropped EXE
  PID:3156
- C:\Windows\System\TCVUxZf.exe
  C:\Windows\System\TCVUxZf.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\ppCbGzb.exe
  C:\Windows\System\ppCbGzb.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\vHkDYqu.exe
  C:\Windows\System\vHkDYqu.exe
  2⤵
  - Executes dropped EXE
  PID:3328
- C:\Windows\System\fXQUUBc.exe
  C:\Windows\System\fXQUUBc.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\VGOUdxr.exe
  C:\Windows\System\VGOUdxr.exe
  2⤵
  - Executes dropped EXE
  PID:5000
- C:\Windows\System\HzbutWw.exe
  C:\Windows\System\HzbutWw.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\DHhDuEE.exe
  C:\Windows\System\DHhDuEE.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\oLvplRF.exe
  C:\Windows\System\oLvplRF.exe
  2⤵
  - Executes dropped EXE
  PID:4396
- C:\Windows\System\MSdOEAf.exe
  C:\Windows\System\MSdOEAf.exe
  2⤵
  - Executes dropped EXE
  PID:4596
- C:\Windows\System\pBxzLMg.exe
  C:\Windows\System\pBxzLMg.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\EXdruJa.exe
  C:\Windows\System\EXdruJa.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\aadSEsY.exe
  C:\Windows\System\aadSEsY.exe
  2⤵
  - Executes dropped EXE
  PID:4264
- C:\Windows\System\jbuWfCG.exe
  C:\Windows\System\jbuWfCG.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\qlwGyCD.exe
  C:\Windows\System\qlwGyCD.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\yjdjBqX.exe
  C:\Windows\System\yjdjBqX.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\ybKfRcJ.exe
  C:\Windows\System\ybKfRcJ.exe
  2⤵
  - Executes dropped EXE
  PID:4088
- C:\Windows\System\IfXmLku.exe
  C:\Windows\System\IfXmLku.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\DoNXAXI.exe
  C:\Windows\System\DoNXAXI.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\toiVWIc.exe
  C:\Windows\System\toiVWIc.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\IAKcOxE.exe
  C:\Windows\System\IAKcOxE.exe
  2⤵
  - Executes dropped EXE
  PID:3652
- C:\Windows\System\SCWHCsx.exe
  C:\Windows\System\SCWHCsx.exe
  2⤵
  PID:2136
- C:\Windows\System\CBOYBIA.exe
  C:\Windows\System\CBOYBIA.exe
  2⤵
  - Executes dropped EXE
  PID:4832
- C:\Windows\System\qZPGxvI.exe
  C:\Windows\System\qZPGxvI.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\FpOziTs.exe
  C:\Windows\System\FpOziTs.exe
  2⤵
  - Executes dropped EXE
  PID:4924
- C:\Windows\System\kjftWEk.exe
  C:\Windows\System\kjftWEk.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\facsFad.exe
  C:\Windows\System\facsFad.exe
  2⤵
  PID:2240
- C:\Windows\System\GfzVAXc.exe
  C:\Windows\System\GfzVAXc.exe
  2⤵
  PID:5032
- C:\Windows\System\WJXcYIR.exe
  C:\Windows\System\WJXcYIR.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\JKJpbuS.exe
  C:\Windows\System\JKJpbuS.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\shBOSXu.exe
  C:\Windows\System\shBOSXu.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\zWPjNUt.exe
  C:\Windows\System\zWPjNUt.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System\trZLSfD.exe
  C:\Windows\System\trZLSfD.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\JWqtdWw.exe
  C:\Windows\System\JWqtdWw.exe
  2⤵
  PID:3484
- C:\Windows\System\zPZkiSR.exe
  C:\Windows\System\zPZkiSR.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\wqaLpMZ.exe
  C:\Windows\System\wqaLpMZ.exe
  2⤵
  - Executes dropped EXE
  PID:4244
- C:\Windows\System\xGPZeRW.exe
  C:\Windows\System\xGPZeRW.exe
  2⤵
  - Executes dropped EXE
  PID:4372
- C:\Windows\System\IqoQKUR.exe
  C:\Windows\System\IqoQKUR.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\tqVkZCh.exe
  C:\Windows\System\tqVkZCh.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\ZcwOOoD.exe
  C:\Windows\System\ZcwOOoD.exe
  2⤵
  PID:220
- C:\Windows\System\gPdQFwi.exe
  C:\Windows\System\gPdQFwi.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\KqSbazj.exe
  C:\Windows\System\KqSbazj.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\IkgoNvb.exe
  C:\Windows\System\IkgoNvb.exe
  2⤵
  PID:4180
- C:\Windows\System\wvHesXo.exe
  C:\Windows\System\wvHesXo.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\QgHmWDj.exe
  C:\Windows\System\QgHmWDj.exe
  2⤵
  - Executes dropped EXE
  PID:3956
- C:\Windows\System\fhBBhXa.exe
  C:\Windows\System\fhBBhXa.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\rZdtPoV.exe
  C:\Windows\System\rZdtPoV.exe
  2⤵
  - Executes dropped EXE
  PID:4044
- C:\Windows\System\jFIltLW.exe
  C:\Windows\System\jFIltLW.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- C:\Windows\System\SLERCoe.exe
  C:\Windows\System\SLERCoe.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\aEZzjyu.exe
  C:\Windows\System\aEZzjyu.exe
  2⤵
  PID:3336
- C:\Windows\System\yNlgrAO.exe
  C:\Windows\System\yNlgrAO.exe
  2⤵
  PID:632
- C:\Windows\System\HwNlAfK.exe
  C:\Windows\System\HwNlAfK.exe
  2⤵
  PID:5136
- C:\Windows\System\erMXIdo.exe
  C:\Windows\System\erMXIdo.exe
  2⤵
  PID:5152
- C:\Windows\System\gANWuou.exe
  C:\Windows\System\gANWuou.exe
  2⤵
  PID:5184
- C:\Windows\System\jbsBnum.exe
  C:\Windows\System\jbsBnum.exe
  2⤵
  PID:5200
- C:\Windows\System\rfoAtoM.exe
  C:\Windows\System\rfoAtoM.exe
  2⤵
  PID:5220
- C:\Windows\System\bAXAXkS.exe
  C:\Windows\System\bAXAXkS.exe
  2⤵
  PID:5236
- C:\Windows\System\HHXWqzM.exe
  C:\Windows\System\HHXWqzM.exe
  2⤵
  PID:5276
- C:\Windows\System\xFBGWvF.exe
  C:\Windows\System\xFBGWvF.exe
  2⤵
  PID:5300
- C:\Windows\System\bzrjnne.exe
  C:\Windows\System\bzrjnne.exe
  2⤵
  PID:5324
- C:\Windows\System\ZSsYXMB.exe
  C:\Windows\System\ZSsYXMB.exe
  2⤵
  PID:5340
- C:\Windows\System\WDKRPZS.exe
  C:\Windows\System\WDKRPZS.exe
  2⤵
  PID:5360
- C:\Windows\System\bFktUoO.exe
  C:\Windows\System\bFktUoO.exe
  2⤵
  PID:5384
- C:\Windows\System\yOLEfzU.exe
  C:\Windows\System\yOLEfzU.exe
  2⤵
  PID:5400
- C:\Windows\System\EHtvvyA.exe
  C:\Windows\System\EHtvvyA.exe
  2⤵
  PID:5420
- C:\Windows\System\yzVdRbS.exe
  C:\Windows\System\yzVdRbS.exe
  2⤵
  PID:5444
- C:\Windows\System\aTtFZcJ.exe
  C:\Windows\System\aTtFZcJ.exe
  2⤵
  PID:5460
- C:\Windows\System\CkEQMoQ.exe
  C:\Windows\System\CkEQMoQ.exe
  2⤵
  PID:5480
- C:\Windows\System\FmReVpg.exe
  C:\Windows\System\FmReVpg.exe
  2⤵
  PID:5500
- C:\Windows\System\WFoEHsk.exe
  C:\Windows\System\WFoEHsk.exe
  2⤵
  PID:5528
- C:\Windows\System\LGCxQhA.exe
  C:\Windows\System\LGCxQhA.exe
  2⤵
  PID:5544
- C:\Windows\System\agJkerY.exe
  C:\Windows\System\agJkerY.exe
  2⤵
  PID:5564
- C:\Windows\System\RjewFYo.exe
  C:\Windows\System\RjewFYo.exe
  2⤵
  PID:5584
- C:\Windows\System\ZqMDjBs.exe
  C:\Windows\System\ZqMDjBs.exe
  2⤵
  PID:5608
- C:\Windows\System\ElviMKb.exe
  C:\Windows\System\ElviMKb.exe
  2⤵
  PID:5624
- C:\Windows\System\dLmsFvE.exe
  C:\Windows\System\dLmsFvE.exe
  2⤵
  PID:5644
- C:\Windows\System\hIhGLvO.exe
  C:\Windows\System\hIhGLvO.exe
  2⤵
  PID:5672
- C:\Windows\System\pVpRhUX.exe
  C:\Windows\System\pVpRhUX.exe
  2⤵
  PID:5696
- C:\Windows\System\yVWLtIl.exe
  C:\Windows\System\yVWLtIl.exe
  2⤵
  PID:5716
- C:\Windows\System\tDvOyIr.exe
  C:\Windows\System\tDvOyIr.exe
  2⤵
  PID:5732
- C:\Windows\System\OTbIIDk.exe
  C:\Windows\System\OTbIIDk.exe
  2⤵
  PID:5752
- C:\Windows\System\gvPhZtz.exe
  C:\Windows\System\gvPhZtz.exe
  2⤵
  PID:5772
- C:\Windows\System\SrwQRwn.exe
  C:\Windows\System\SrwQRwn.exe
  2⤵
  PID:5792
- C:\Windows\System\mkLIpNP.exe
  C:\Windows\System\mkLIpNP.exe
  2⤵
  PID:5812
- C:\Windows\System\jZIGJai.exe
  C:\Windows\System\jZIGJai.exe
  2⤵
  PID:5832
- C:\Windows\System\mvlAaIk.exe
  C:\Windows\System\mvlAaIk.exe
  2⤵
  PID:5848
- C:\Windows\System\jMVmqGZ.exe
  C:\Windows\System\jMVmqGZ.exe
  2⤵
  PID:5864
- C:\Windows\System\Obvqved.exe
  C:\Windows\System\Obvqved.exe
  2⤵
  PID:5884
- C:\Windows\System\PAClgIr.exe
  C:\Windows\System\PAClgIr.exe
  2⤵
  PID:5904
- C:\Windows\System\ZhtLJOM.exe
  C:\Windows\System\ZhtLJOM.exe
  2⤵
  PID:5920
- C:\Windows\System\lvRhqHQ.exe
  C:\Windows\System\lvRhqHQ.exe
  2⤵
  PID:5936
- C:\Windows\System\qcmBZsj.exe
  C:\Windows\System\qcmBZsj.exe
  2⤵
  PID:5956
- C:\Windows\System\UOtxHQt.exe
  C:\Windows\System\UOtxHQt.exe
  2⤵
  PID:5972
- C:\Windows\System\UpVQznE.exe
  C:\Windows\System\UpVQznE.exe
  2⤵
  PID:5992
- C:\Windows\System\JrTHyrA.exe
  C:\Windows\System\JrTHyrA.exe
  2⤵
  PID:6012
- C:\Windows\System\cUlGcnS.exe
  C:\Windows\System\cUlGcnS.exe
  2⤵
  PID:6028
- C:\Windows\System\zkrHoCY.exe
  C:\Windows\System\zkrHoCY.exe
  2⤵
  PID:6048
- C:\Windows\System\xZlAPbL.exe
  C:\Windows\System\xZlAPbL.exe
  2⤵
  PID:6068
- C:\Windows\System\wCSHzIb.exe
  C:\Windows\System\wCSHzIb.exe
  2⤵
  PID:6088
- C:\Windows\System\pVVeMSz.exe
  C:\Windows\System\pVVeMSz.exe
  2⤵
  PID:6104
- C:\Windows\System\BMEqmpI.exe
  C:\Windows\System\BMEqmpI.exe
  2⤵
  PID:6120
- C:\Windows\System\kbKjzmn.exe
  C:\Windows\System\kbKjzmn.exe
  2⤵
  PID:6140
- C:\Windows\System\KzrCyrG.exe
  C:\Windows\System\KzrCyrG.exe
  2⤵
  PID:3116
- C:\Windows\System\LNOwXxq.exe
  C:\Windows\System\LNOwXxq.exe
  2⤵
  PID:524
- C:\Windows\System\mgPRvqp.exe
  C:\Windows\System\mgPRvqp.exe
  2⤵
  PID:3680
- C:\Windows\System\ayeFZYG.exe
  C:\Windows\System\ayeFZYG.exe
  2⤵
  PID:2944
- C:\Windows\System\QjuKMEI.exe
  C:\Windows\System\QjuKMEI.exe
  2⤵
  PID:8
- C:\Windows\System\EXCIPds.exe
  C:\Windows\System\EXCIPds.exe
  2⤵
  PID:3684
- C:\Windows\System\bmZiCvk.exe
  C:\Windows\System\bmZiCvk.exe
  2⤵
  PID:5124
- C:\Windows\System\FUaJoaC.exe
  C:\Windows\System\FUaJoaC.exe
  2⤵
  PID:3052
- C:\Windows\System\KMkeNrd.exe
  C:\Windows\System\KMkeNrd.exe
  2⤵
  PID:5348
- C:\Windows\System\ALqHNFk.exe
  C:\Windows\System\ALqHNFk.exe
  2⤵
  PID:1548
- C:\Windows\System\gDOycpT.exe
  C:\Windows\System\gDOycpT.exe
  2⤵
  PID:5416
- C:\Windows\System\ziVEThX.exe
  C:\Windows\System\ziVEThX.exe
  2⤵
  PID:1440
- C:\Windows\System\xdTLcOE.exe
  C:\Windows\System\xdTLcOE.exe
  2⤵
  PID:5452
- C:\Windows\System\FmlOorq.exe
  C:\Windows\System\FmlOorq.exe
  2⤵
  PID:956
- C:\Windows\System\vHmcayf.exe
  C:\Windows\System\vHmcayf.exe
  2⤵
  PID:6160
- C:\Windows\System\hoMFJzD.exe
  C:\Windows\System\hoMFJzD.exe
  2⤵
  PID:6176
- C:\Windows\System\FgmYKmw.exe
  C:\Windows\System\FgmYKmw.exe
  2⤵
  PID:6192
- C:\Windows\System\uBDxzNM.exe
  C:\Windows\System\uBDxzNM.exe
  2⤵
  PID:6212
- C:\Windows\System\yJWobcC.exe
  C:\Windows\System\yJWobcC.exe
  2⤵
  PID:6232
- C:\Windows\System\IuqJVhP.exe
  C:\Windows\System\IuqJVhP.exe
  2⤵
  PID:6280
- C:\Windows\System\xIeyKgd.exe
  C:\Windows\System\xIeyKgd.exe
  2⤵
  PID:6300
- C:\Windows\System\xADooZo.exe
  C:\Windows\System\xADooZo.exe
  2⤵
  PID:6316
- C:\Windows\System\rrVWWKV.exe
  C:\Windows\System\rrVWWKV.exe
  2⤵
  PID:6336
- C:\Windows\System\hrHovsf.exe
  C:\Windows\System\hrHovsf.exe
  2⤵
  PID:6356
- C:\Windows\System\ivAucti.exe
  C:\Windows\System\ivAucti.exe
  2⤵
  PID:6376
- C:\Windows\System\VjeWpxb.exe
  C:\Windows\System\VjeWpxb.exe
  2⤵
  PID:6396
- C:\Windows\System\dMFzhef.exe
  C:\Windows\System\dMFzhef.exe
  2⤵
  PID:6412
- C:\Windows\System\eDzXcHu.exe
  C:\Windows\System\eDzXcHu.exe
  2⤵
  PID:6428
- C:\Windows\System\wXxxuhv.exe
  C:\Windows\System\wXxxuhv.exe
  2⤵
  PID:6448
- C:\Windows\System\ocKNQcq.exe
  C:\Windows\System\ocKNQcq.exe
  2⤵
  PID:6464
- C:\Windows\System\uyuNktP.exe
  C:\Windows\System\uyuNktP.exe
  2⤵
  PID:6484
- C:\Windows\System\AVevyeM.exe
  C:\Windows\System\AVevyeM.exe
  2⤵
  PID:6504
- C:\Windows\System\gdPtLtJ.exe
  C:\Windows\System\gdPtLtJ.exe
  2⤵
  PID:6520
- C:\Windows\System\oeefQWr.exe
  C:\Windows\System\oeefQWr.exe
  2⤵
  PID:6540
- C:\Windows\System\gdkftln.exe
  C:\Windows\System\gdkftln.exe
  2⤵
  PID:6556
- C:\Windows\System\pmdMZut.exe
  C:\Windows\System\pmdMZut.exe
  2⤵
  PID:6572
- C:\Windows\System\yWlnSft.exe
  C:\Windows\System\yWlnSft.exe
  2⤵
  PID:6592
- C:\Windows\System\AbWGOqV.exe
  C:\Windows\System\AbWGOqV.exe
  2⤵
  PID:6612
- C:\Windows\System\sTyUndX.exe
  C:\Windows\System\sTyUndX.exe
  2⤵
  PID:6632
- C:\Windows\System\rshSxpT.exe
  C:\Windows\System\rshSxpT.exe
  2⤵
  PID:6648
- C:\Windows\System\vDfYQwj.exe
  C:\Windows\System\vDfYQwj.exe
  2⤵
  PID:6668
- C:\Windows\System\zpKzRCx.exe
  C:\Windows\System\zpKzRCx.exe
  2⤵
  PID:6696
- C:\Windows\System\YeOJSUw.exe
  C:\Windows\System\YeOJSUw.exe
  2⤵
  PID:6712
- C:\Windows\System\izrUpaE.exe
  C:\Windows\System\izrUpaE.exe
  2⤵
  PID:6732
- C:\Windows\System\sEMIoAF.exe
  C:\Windows\System\sEMIoAF.exe
  2⤵
  PID:6752
- C:\Windows\System\lYmfLbb.exe
  C:\Windows\System\lYmfLbb.exe
  2⤵
  PID:6768
- C:\Windows\System\mXWHSHT.exe
  C:\Windows\System\mXWHSHT.exe
  2⤵
  PID:6784
- C:\Windows\System\ZCIjgfi.exe
  C:\Windows\System\ZCIjgfi.exe
  2⤵
  PID:6804
- C:\Windows\System\OKLUCAf.exe
  C:\Windows\System\OKLUCAf.exe
  2⤵
  PID:6820
- C:\Windows\System\Vibgiow.exe
  C:\Windows\System\Vibgiow.exe
  2⤵
  PID:6840
- C:\Windows\System\kTUmZng.exe
  C:\Windows\System\kTUmZng.exe
  2⤵
  PID:6856
- C:\Windows\System\lniCMBV.exe
  C:\Windows\System\lniCMBV.exe
  2⤵
  PID:6876
- C:\Windows\System\fICNxnl.exe
  C:\Windows\System\fICNxnl.exe
  2⤵
  PID:6896
- C:\Windows\System\wNDuyGD.exe
  C:\Windows\System\wNDuyGD.exe
  2⤵
  PID:6916
- C:\Windows\System\lwoxTPw.exe
  C:\Windows\System\lwoxTPw.exe
  2⤵
  PID:6932
- C:\Windows\System\aeBcEYN.exe
  C:\Windows\System\aeBcEYN.exe
  2⤵
  PID:6948
- C:\Windows\System\jlPtaLP.exe
  C:\Windows\System\jlPtaLP.exe
  2⤵
  PID:6968
- C:\Windows\System\AsdINBP.exe
  C:\Windows\System\AsdINBP.exe
  2⤵
  PID:6984
- C:\Windows\System\XdZzBaB.exe
  C:\Windows\System\XdZzBaB.exe
  2⤵
  PID:7000
- C:\Windows\System\FmrkPBA.exe
  C:\Windows\System\FmrkPBA.exe
  2⤵
  PID:7020
- C:\Windows\System\xutsxCc.exe
  C:\Windows\System\xutsxCc.exe
  2⤵
  PID:7036
- C:\Windows\System\nSDJmke.exe
  C:\Windows\System\nSDJmke.exe
  2⤵
  PID:7056
- C:\Windows\System\sSJwvAQ.exe
  C:\Windows\System\sSJwvAQ.exe
  2⤵
  PID:7072
- C:\Windows\System\LWIEtYQ.exe
  C:\Windows\System\LWIEtYQ.exe
  2⤵
  PID:7088
- C:\Windows\System\xsgoCSD.exe
  C:\Windows\System\xsgoCSD.exe
  2⤵
  PID:7108
- C:\Windows\System\FQdUyeA.exe
  C:\Windows\System\FQdUyeA.exe
  2⤵
  PID:7124
- C:\Windows\System\ixomwCZ.exe
  C:\Windows\System\ixomwCZ.exe
  2⤵
  PID:7144
- C:\Windows\System\ctgSXrF.exe
  C:\Windows\System\ctgSXrF.exe
  2⤵
  PID:7164
- C:\Windows\System\sHcDFJH.exe
  C:\Windows\System\sHcDFJH.exe
  2⤵
  PID:4472
- C:\Windows\System\CmmRMFE.exe
  C:\Windows\System\CmmRMFE.exe
  2⤵
  PID:5540
- C:\Windows\System\qRMhnLQ.exe
  C:\Windows\System\qRMhnLQ.exe
  2⤵
  PID:3276
- C:\Windows\System\CQJTZYG.exe
  C:\Windows\System\CQJTZYG.exe
  2⤵
  PID:4508
- C:\Windows\System\OrKfwrO.exe
  C:\Windows\System\OrKfwrO.exe
  2⤵
  PID:5804
- C:\Windows\System\sjRPyqA.exe
  C:\Windows\System\sjRPyqA.exe
  2⤵
  PID:5844
- C:\Windows\System\gNXbaKN.exe
  C:\Windows\System\gNXbaKN.exe
  2⤵
  PID:5916
- C:\Windows\System\ZTcKVhd.exe
  C:\Windows\System\ZTcKVhd.exe
  2⤵
  PID:5948
- C:\Windows\System\fKdUoAS.exe
  C:\Windows\System\fKdUoAS.exe
  2⤵
  PID:6000
- C:\Windows\System\QbYrske.exe
  C:\Windows\System\QbYrske.exe
  2⤵
  PID:708
- C:\Windows\System\UjVPONx.exe
  C:\Windows\System\UjVPONx.exe
  2⤵
  PID:4184
- C:\Windows\System\eVYrpKh.exe
  C:\Windows\System\eVYrpKh.exe
  2⤵
  PID:4248
- C:\Windows\System\VIzswXu.exe
  C:\Windows\System\VIzswXu.exe
  2⤵
  PID:7188
- C:\Windows\System\htWEnVG.exe
  C:\Windows\System\htWEnVG.exe
  2⤵
  PID:7208
- C:\Windows\System\IdXLGST.exe
  C:\Windows\System\IdXLGST.exe
  2⤵
  PID:7224
- C:\Windows\System\urgLwhf.exe
  C:\Windows\System\urgLwhf.exe
  2⤵
  PID:7244
- C:\Windows\System\VQsRvvc.exe
  C:\Windows\System\VQsRvvc.exe
  2⤵
  PID:7264
- C:\Windows\System\VYiIgDe.exe
  C:\Windows\System\VYiIgDe.exe
  2⤵
  PID:7280
- C:\Windows\System\smOGvXs.exe
  C:\Windows\System\smOGvXs.exe
  2⤵
  PID:7296
- C:\Windows\System\EhmSBWb.exe
  C:\Windows\System\EhmSBWb.exe
  2⤵
  PID:7316
- C:\Windows\System\TExRnmr.exe
  C:\Windows\System\TExRnmr.exe
  2⤵
  PID:7336
- C:\Windows\System\XFGPsHx.exe
  C:\Windows\System\XFGPsHx.exe
  2⤵
  PID:7352
- C:\Windows\System\UnPbCyH.exe
  C:\Windows\System\UnPbCyH.exe
  2⤵
  PID:7368
- C:\Windows\System\QGoQCLr.exe
  C:\Windows\System\QGoQCLr.exe
  2⤵
  PID:7388
- C:\Windows\System\FfFoFki.exe
  C:\Windows\System\FfFoFki.exe
  2⤵
  PID:7408
- C:\Windows\System\LrDpIWh.exe
  C:\Windows\System\LrDpIWh.exe
  2⤵
  PID:7424
- C:\Windows\System\qXILMjx.exe
  C:\Windows\System\qXILMjx.exe
  2⤵
  PID:7440
- C:\Windows\System\lqsTzcX.exe
  C:\Windows\System\lqsTzcX.exe
  2⤵
  PID:7460
- C:\Windows\System\jPPRBXj.exe
  C:\Windows\System\jPPRBXj.exe
  2⤵
  PID:7476
- C:\Windows\System\eRzgIUY.exe
  C:\Windows\System\eRzgIUY.exe
  2⤵
  PID:7496
- C:\Windows\System\lDYDYPb.exe
  C:\Windows\System\lDYDYPb.exe
  2⤵
  PID:7512
- C:\Windows\System\JMFKPBq.exe
  C:\Windows\System\JMFKPBq.exe
  2⤵
  PID:7536
- C:\Windows\System\oMsyObF.exe
  C:\Windows\System\oMsyObF.exe
  2⤵
  PID:7556
- C:\Windows\System\lZwPUWM.exe
  C:\Windows\System\lZwPUWM.exe
  2⤵
  PID:7572
- C:\Windows\System\SHvnthC.exe
  C:\Windows\System\SHvnthC.exe
  2⤵
  PID:7596
- C:\Windows\System\wVpVDFC.exe
  C:\Windows\System\wVpVDFC.exe
  2⤵
  PID:7616
- C:\Windows\System\exClmBT.exe
  C:\Windows\System\exClmBT.exe
  2⤵
  PID:7632
- C:\Windows\System\drhLFmT.exe
  C:\Windows\System\drhLFmT.exe
  2⤵
  PID:7648
- C:\Windows\System\XdpSsqc.exe
  C:\Windows\System\XdpSsqc.exe
  2⤵
  PID:7664
- C:\Windows\System\dKkAWxW.exe
  C:\Windows\System\dKkAWxW.exe
  2⤵
  PID:7680
- C:\Windows\System\WNliUby.exe
  C:\Windows\System\WNliUby.exe
  2⤵
  PID:7700
- C:\Windows\System\WfwOgLj.exe
  C:\Windows\System\WfwOgLj.exe
  2⤵
  PID:7716
- C:\Windows\System\djOltyC.exe
  C:\Windows\System\djOltyC.exe
  2⤵
  PID:7736
- C:\Windows\System\YZcEwdy.exe
  C:\Windows\System\YZcEwdy.exe
  2⤵
  PID:7752
- C:\Windows\System\LQLSSUi.exe
  C:\Windows\System\LQLSSUi.exe
  2⤵
  PID:7772
- C:\Windows\System\MaNFzCy.exe
  C:\Windows\System\MaNFzCy.exe
  2⤵
  PID:7788
- C:\Windows\System\utxnSgN.exe
  C:\Windows\System\utxnSgN.exe
  2⤵
  PID:7816
- C:\Windows\System\ewpsjBj.exe
  C:\Windows\System\ewpsjBj.exe
  2⤵
  PID:7836
- C:\Windows\System\pyIzhCS.exe
  C:\Windows\System\pyIzhCS.exe
  2⤵
  PID:7852
- C:\Windows\System\jEjHKNI.exe
  C:\Windows\System\jEjHKNI.exe
  2⤵
  PID:7872
- C:\Windows\System\rEbiUyq.exe
  C:\Windows\System\rEbiUyq.exe
  2⤵
  PID:7888
- C:\Windows\System\ZoKmLTA.exe
  C:\Windows\System\ZoKmLTA.exe
  2⤵
  PID:7920
- C:\Windows\System\qieshJq.exe
  C:\Windows\System\qieshJq.exe
  2⤵
  PID:7936
- C:\Windows\System\gFpkLma.exe
  C:\Windows\System\gFpkLma.exe
  2⤵
  PID:7960
- C:\Windows\System\AoELyjk.exe
  C:\Windows\System\AoELyjk.exe
  2⤵
  PID:7980
- C:\Windows\System\gDPHsFB.exe
  C:\Windows\System\gDPHsFB.exe
  2⤵
  PID:7996
- C:\Windows\System\WjjwEnH.exe
  C:\Windows\System\WjjwEnH.exe
  2⤵
  PID:8012
- C:\Windows\System\PjPHncV.exe
  C:\Windows\System\PjPHncV.exe
  2⤵
  PID:8028
- C:\Windows\System\qqzVnuz.exe
  C:\Windows\System\qqzVnuz.exe
  2⤵
  PID:8048
- C:\Windows\System\eqDYFdk.exe
  C:\Windows\System\eqDYFdk.exe
  2⤵
  PID:8064
- C:\Windows\System\RbfpSOh.exe
  C:\Windows\System\RbfpSOh.exe
  2⤵
  PID:8084
- C:\Windows\System\PjoeixI.exe
  C:\Windows\System\PjoeixI.exe
  2⤵
  PID:8100
- C:\Windows\System\XkvItKR.exe
  C:\Windows\System\XkvItKR.exe
  2⤵
  PID:8120
- C:\Windows\System\snREhmt.exe
  C:\Windows\System\snREhmt.exe
  2⤵
  PID:8140
- C:\Windows\System\QXrJsNI.exe
  C:\Windows\System\QXrJsNI.exe
  2⤵
  PID:8180
- C:\Windows\System\xYOzyVR.exe
  C:\Windows\System\xYOzyVR.exe
  2⤵
  PID:2532
- C:\Windows\System\suEmGZG.exe
  C:\Windows\System\suEmGZG.exe
  2⤵
  PID:4856
- C:\Windows\System\DVbjjCn.exe
  C:\Windows\System\DVbjjCn.exe
  2⤵
  PID:5432
- C:\Windows\System\kMnUSwU.exe
  C:\Windows\System\kMnUSwU.exe
  2⤵
  PID:5488
- C:\Windows\System\kEcmJCW.exe
  C:\Windows\System\kEcmJCW.exe
  2⤵
  PID:5512
- C:\Windows\System\CALwMYQ.exe
  C:\Windows\System\CALwMYQ.exe
  2⤵
  PID:1928
- C:\Windows\System\RYFzIbv.exe
  C:\Windows\System\RYFzIbv.exe
  2⤵
  PID:336
- C:\Windows\System\pJECJRd.exe
  C:\Windows\System\pJECJRd.exe
  2⤵
  PID:1828
- C:\Windows\System\SAJYQSK.exe
  C:\Windows\System\SAJYQSK.exe
  2⤵
  PID:5040
- C:\Windows\System\hNcwLEa.exe
  C:\Windows\System\hNcwLEa.exe
  2⤵
  PID:6324
- C:\Windows\System\bbEPncj.exe
  C:\Windows\System\bbEPncj.exe
  2⤵
  PID:5692
- C:\Windows\System\ubngeRJ.exe
  C:\Windows\System\ubngeRJ.exe
  2⤵
  PID:6536
- C:\Windows\System\kWxutww.exe
  C:\Windows\System\kWxutww.exe
  2⤵
  PID:6564
- C:\Windows\System\iArflFs.exe
  C:\Windows\System\iArflFs.exe
  2⤵
  PID:8216
- C:\Windows\System\GYRCWGL.exe
  C:\Windows\System\GYRCWGL.exe
  2⤵
  PID:8232
- C:\Windows\System\MlKqCeO.exe
  C:\Windows\System\MlKqCeO.exe
  2⤵
  PID:8252
- C:\Windows\System\bbLZkLh.exe
  C:\Windows\System\bbLZkLh.exe
  2⤵
  PID:8268
- C:\Windows\System\VWMsabd.exe
  C:\Windows\System\VWMsabd.exe
  2⤵
  PID:8288
- C:\Windows\System\OfxudAJ.exe
  C:\Windows\System\OfxudAJ.exe
  2⤵
  PID:8304
- C:\Windows\System\ZJmHCxB.exe
  C:\Windows\System\ZJmHCxB.exe
  2⤵
  PID:8324
- C:\Windows\System\kAXXaXR.exe
  C:\Windows\System\kAXXaXR.exe
  2⤵
  PID:8344
- C:\Windows\System\cSovOAY.exe
  C:\Windows\System\cSovOAY.exe
  2⤵
  PID:8360
- C:\Windows\System\fZgFtpV.exe
  C:\Windows\System\fZgFtpV.exe
  2⤵
  PID:8376
- C:\Windows\System\eVuMual.exe
  C:\Windows\System\eVuMual.exe
  2⤵
  PID:8396
- C:\Windows\System\gWjDvkZ.exe
  C:\Windows\System\gWjDvkZ.exe
  2⤵
  PID:8412
- C:\Windows\System\jKfbiZp.exe
  C:\Windows\System\jKfbiZp.exe
  2⤵
  PID:8432
- C:\Windows\System\qBgiuYk.exe
  C:\Windows\System\qBgiuYk.exe
  2⤵
  PID:8448
- C:\Windows\System\sARxmZt.exe
  C:\Windows\System\sARxmZt.exe
  2⤵
  PID:8468
- C:\Windows\System\TtpPJZA.exe
  C:\Windows\System\TtpPJZA.exe
  2⤵
  PID:8492
- C:\Windows\System\zwimvuH.exe
  C:\Windows\System\zwimvuH.exe
  2⤵
  PID:8512
- C:\Windows\System\sprIAyY.exe
  C:\Windows\System\sprIAyY.exe
  2⤵
  PID:8532
- C:\Windows\System\FIXnzPY.exe
  C:\Windows\System\FIXnzPY.exe
  2⤵
  PID:8548
- C:\Windows\System\rvpJlzr.exe
  C:\Windows\System\rvpJlzr.exe
  2⤵
  PID:8564
- C:\Windows\System\QARJZpg.exe
  C:\Windows\System\QARJZpg.exe
  2⤵
  PID:8628
- C:\Windows\System\Zjzeycf.exe
  C:\Windows\System\Zjzeycf.exe
  2⤵
  PID:8648
- C:\Windows\System\HjAWAmC.exe
  C:\Windows\System\HjAWAmC.exe
  2⤵
  PID:8668
- C:\Windows\System\zvcRmRr.exe
  C:\Windows\System\zvcRmRr.exe
  2⤵
  PID:8748
- C:\Windows\System\rqhEqpl.exe
  C:\Windows\System\rqhEqpl.exe
  2⤵
  PID:8800
- C:\Windows\System\KUtHexI.exe
  C:\Windows\System\KUtHexI.exe
  2⤵
  PID:8820
- C:\Windows\System\EEqiyFZ.exe
  C:\Windows\System\EEqiyFZ.exe
  2⤵
  PID:8836
- C:\Windows\System\IRQpKjE.exe
  C:\Windows\System\IRQpKjE.exe
  2⤵
  PID:8852
- C:\Windows\System\rXttFNE.exe
  C:\Windows\System\rXttFNE.exe
  2⤵
  PID:8872
- C:\Windows\System\PewHBSx.exe
  C:\Windows\System\PewHBSx.exe
  2⤵
  PID:8888
- C:\Windows\System\VxnYCAF.exe
  C:\Windows\System\VxnYCAF.exe
  2⤵
  PID:8904
- C:\Windows\System\qoznOSn.exe
  C:\Windows\System\qoznOSn.exe
  2⤵
  PID:8924
- C:\Windows\System\pZcVPJe.exe
  C:\Windows\System\pZcVPJe.exe
  2⤵
  PID:8940
- C:\Windows\System\hBjXCnp.exe
  C:\Windows\System\hBjXCnp.exe
  2⤵
  PID:8960
- C:\Windows\System\qGKXiYw.exe
  C:\Windows\System\qGKXiYw.exe
  2⤵
  PID:8980
- C:\Windows\System\vfuQSiB.exe
  C:\Windows\System\vfuQSiB.exe
  2⤵
  PID:9000
- C:\Windows\System\Msvlkbr.exe
  C:\Windows\System\Msvlkbr.exe
  2⤵
  PID:9016
- C:\Windows\System\yHLvryC.exe
  C:\Windows\System\yHLvryC.exe
  2⤵
  PID:5968
- C:\Windows\System\HVgaANW.exe
  C:\Windows\System\HVgaANW.exe
  2⤵
  PID:6912
- C:\Windows\System\EDKaPuv.exe
  C:\Windows\System\EDKaPuv.exe
  2⤵
  PID:6064
- C:\Windows\System\PCPHmdr.exe
  C:\Windows\System\PCPHmdr.exe
  2⤵
  PID:5212
- C:\Windows\System\wnunIhO.exe
  C:\Windows\System\wnunIhO.exe
  2⤵
  PID:5252
- C:\Windows\System\DRLZBKB.exe
  C:\Windows\System\DRLZBKB.exe
  2⤵
  PID:6812
- C:\Windows\System\dTnztxV.exe
  C:\Windows\System\dTnztxV.exe
  2⤵
  PID:6760
- C:\Windows\System\EPucHnU.exe
  C:\Windows\System\EPucHnU.exe
  2⤵
  PID:7152
- C:\Windows\System\kTbKyde.exe
  C:\Windows\System\kTbKyde.exe
  2⤵
  PID:2272
- C:\Windows\System\OelfFLv.exe
  C:\Windows\System\OelfFLv.exe
  2⤵
  PID:3408
- C:\Windows\System\wYkyArE.exe
  C:\Windows\System\wYkyArE.exe
  2⤵
  PID:6776
- C:\Windows\System\SbdBSwC.exe
  C:\Windows\System\SbdBSwC.exe
  2⤵
  PID:6976
- C:\Windows\System\FQJiSLB.exe
  C:\Windows\System\FQJiSLB.exe
  2⤵
  PID:7136
- C:\Windows\System\bVjlQsZ.exe
  C:\Windows\System\bVjlQsZ.exe
  2⤵
  PID:6888
- C:\Windows\System\SewZafC.exe
  C:\Windows\System\SewZafC.exe
  2⤵
  PID:5292
- C:\Windows\System\OssBnCz.exe
  C:\Windows\System\OssBnCz.exe
  2⤵
  PID:5336
- C:\Windows\System\kLPhvPw.exe
  C:\Windows\System\kLPhvPw.exe
  2⤵
  PID:5372
- C:\Windows\System\gZiuIzC.exe
  C:\Windows\System\gZiuIzC.exe
  2⤵
  PID:2608
- C:\Windows\System\zXETZVg.exe
  C:\Windows\System\zXETZVg.exe
  2⤵
  PID:5556
- C:\Windows\System\eZhlRMT.exe
  C:\Windows\System\eZhlRMT.exe
  2⤵
  PID:5592
- C:\Windows\System\bvcBeFy.exe
  C:\Windows\System\bvcBeFy.exe
  2⤵
  PID:5632
- C:\Windows\System\qsrTDQc.exe
  C:\Windows\System\qsrTDQc.exe
  2⤵
  PID:6308
- C:\Windows\System\FLlRjxU.exe
  C:\Windows\System\FLlRjxU.exe
  2⤵
  PID:6348
- C:\Windows\System\BlQcTmp.exe
  C:\Windows\System\BlQcTmp.exe
  2⤵
  PID:6500
- C:\Windows\System\gGpyrMP.exe
  C:\Windows\System\gGpyrMP.exe
  2⤵
  PID:6620
- C:\Windows\System\NxuAzVp.exe
  C:\Windows\System\NxuAzVp.exe
  2⤵
  PID:5900
- C:\Windows\System\qwNGxeY.exe
  C:\Windows\System\qwNGxeY.exe
  2⤵
  PID:6056
- C:\Windows\System\rjaaAIy.exe
  C:\Windows\System\rjaaAIy.exe
  2⤵
  PID:1176
- C:\Windows\System\rjYQZcD.exe
  C:\Windows\System\rjYQZcD.exe
  2⤵
  PID:7812
- C:\Windows\System\TvNlSgK.exe
  C:\Windows\System\TvNlSgK.exe
  2⤵
  PID:7488
- C:\Windows\System\PZXmYgl.exe
  C:\Windows\System\PZXmYgl.exe
  2⤵
  PID:8808
- C:\Windows\System\izqNuSh.exe
  C:\Windows\System\izqNuSh.exe
  2⤵
  PID:7176
- C:\Windows\System\LzoTSAa.exe
  C:\Windows\System\LzoTSAa.exe
  2⤵
  PID:6024
- C:\Windows\System\dYhFNtL.exe
  C:\Windows\System\dYhFNtL.exe
  2⤵
  PID:5132
- C:\Windows\System\GxEYcfQ.exe
  C:\Windows\System\GxEYcfQ.exe
  2⤵
  PID:5708
- C:\Windows\System\WoYwDHx.exe
  C:\Windows\System\WoYwDHx.exe
  2⤵
  PID:7140
- C:\Windows\System\oWqnyMf.exe
  C:\Windows\System\oWqnyMf.exe
  2⤵
  PID:7068
- C:\Windows\System\KPEvooa.exe
  C:\Windows\System\KPEvooa.exe
  2⤵
  PID:6996
- C:\Windows\System\uHqIrLK.exe
  C:\Windows\System\uHqIrLK.exe
  2⤵
  PID:6908
- C:\Windows\System\rVSlqag.exe
  C:\Windows\System\rVSlqag.exe
  2⤵
  PID:6800
- C:\Windows\System\eckTOck.exe
  C:\Windows\System\eckTOck.exe
  2⤵
  PID:6728
- C:\Windows\System\TUaVoBD.exe
  C:\Windows\System\TUaVoBD.exe
  2⤵
  PID:6660
- C:\Windows\System\YLvQoFj.exe
  C:\Windows\System\YLvQoFj.exe
  2⤵
  PID:6580
- C:\Windows\System\LoTyZap.exe
  C:\Windows\System\LoTyZap.exe
  2⤵
  PID:6456
- C:\Windows\System\ESAdNHb.exe
  C:\Windows\System\ESAdNHb.exe
  2⤵
  PID:6404
- C:\Windows\System\CEnrqxC.exe
  C:\Windows\System\CEnrqxC.exe
  2⤵
  PID:6364
- C:\Windows\System\fYMzqdr.exe
  C:\Windows\System\fYMzqdr.exe
  2⤵
  PID:6240
- C:\Windows\System\qewBfYF.exe
  C:\Windows\System\qewBfYF.exe
  2⤵
  PID:6200
- C:\Windows\System\Byslvuv.exe
  C:\Windows\System\Byslvuv.exe
  2⤵
  PID:6168
- C:\Windows\System\dXtXpxD.exe
  C:\Windows\System\dXtXpxD.exe
  2⤵
  PID:3152
- C:\Windows\System\UsIEmsJ.exe
  C:\Windows\System\UsIEmsJ.exe
  2⤵
  PID:5412
- C:\Windows\System\lTBhrVy.exe
  C:\Windows\System\lTBhrVy.exe
  2⤵
  PID:2216
- C:\Windows\System\cdsvCWM.exe
  C:\Windows\System\cdsvCWM.exe
  2⤵
  PID:7916
- C:\Windows\System\FYIcJWD.exe
  C:\Windows\System\FYIcJWD.exe
  2⤵
  PID:8156
- C:\Windows\System\gCLUfly.exe
  C:\Windows\System\gCLUfly.exe
  2⤵
  PID:6512
- C:\Windows\System\hJiETuJ.exe
  C:\Windows\System\hJiETuJ.exe
  2⤵
  PID:8456
- C:\Windows\System\JsFUzOe.exe
  C:\Windows\System\JsFUzOe.exe
  2⤵
  PID:8692
- C:\Windows\System\RRwipGJ.exe
  C:\Windows\System\RRwipGJ.exe
  2⤵
  PID:9132
- C:\Windows\System\ELBICGe.exe
  C:\Windows\System\ELBICGe.exe
  2⤵
  PID:9164
- C:\Windows\System\vliPTrV.exe
  C:\Windows\System\vliPTrV.exe
  2⤵
  PID:7272
- C:\Windows\System\VAAOMxw.exe
  C:\Windows\System\VAAOMxw.exe
  2⤵
  PID:7308
- C:\Windows\System\zXlFiGx.exe
  C:\Windows\System\zXlFiGx.exe
  2⤵
  PID:7348
- C:\Windows\System\htPcqPf.exe
  C:\Windows\System\htPcqPf.exe
  2⤵
  PID:7420
- C:\Windows\System\kyQDIgy.exe
  C:\Windows\System\kyQDIgy.exe
  2⤵
  PID:7472
- C:\Windows\System\wbpKKca.exe
  C:\Windows\System\wbpKKca.exe
  2⤵
  PID:7552
- C:\Windows\System\uooEuZz.exe
  C:\Windows\System\uooEuZz.exe
  2⤵
  PID:7628
- C:\Windows\System\TWbvZuI.exe
  C:\Windows\System\TWbvZuI.exe
  2⤵
  PID:7696
- C:\Windows\System\EkwAvoK.exe
  C:\Windows\System\EkwAvoK.exe
  2⤵
  PID:7732
- C:\Windows\System\aWgiAeN.exe
  C:\Windows\System\aWgiAeN.exe
  2⤵
  PID:7928
- C:\Windows\System\zsvRMKd.exe
  C:\Windows\System\zsvRMKd.exe
  2⤵
  PID:8044
- C:\Windows\System\wyAaxra.exe
  C:\Windows\System\wyAaxra.exe
  2⤵
  PID:1852
- C:\Windows\System\elqNOQR.exe
  C:\Windows\System\elqNOQR.exe
  2⤵
  PID:8224
- C:\Windows\System\HRPpVML.exe
  C:\Windows\System\HRPpVML.exe
  2⤵
  PID:8284
- C:\Windows\System\qjBGlVq.exe
  C:\Windows\System\qjBGlVq.exe
  2⤵
  PID:8320
- C:\Windows\System\xaFBYdC.exe
  C:\Windows\System\xaFBYdC.exe
  2⤵
  PID:8388
- C:\Windows\System\XYqDWeL.exe
  C:\Windows\System\XYqDWeL.exe
  2⤵
  PID:8444
- C:\Windows\System\UAHfTNa.exe
  C:\Windows\System\UAHfTNa.exe
  2⤵
  PID:8508
- C:\Windows\System\qEDUVOk.exe
  C:\Windows\System\qEDUVOk.exe
  2⤵
  PID:8556
- C:\Windows\System\JWRbLCI.exe
  C:\Windows\System\JWRbLCI.exe
  2⤵
  PID:8660
- C:\Windows\System\gXhCtvD.exe
  C:\Windows\System\gXhCtvD.exe
  2⤵
  PID:9236
- C:\Windows\System\MjjppiT.exe
  C:\Windows\System\MjjppiT.exe
  2⤵
  PID:9252
- C:\Windows\System\VFkLhql.exe
  C:\Windows\System\VFkLhql.exe
  2⤵
  PID:9272
- C:\Windows\System\OCVVjHw.exe
  C:\Windows\System\OCVVjHw.exe
  2⤵
  PID:9288
- C:\Windows\System\vpJPGkC.exe
  C:\Windows\System\vpJPGkC.exe
  2⤵
  PID:9312
- C:\Windows\System\uCjubdF.exe
  C:\Windows\System\uCjubdF.exe
  2⤵
  PID:9328
- C:\Windows\System\HMMPMHF.exe
  C:\Windows\System\HMMPMHF.exe
  2⤵
  PID:9344
- C:\Windows\System\lWbKhRe.exe
  C:\Windows\System\lWbKhRe.exe
  2⤵
  PID:9364
- C:\Windows\System\lNtpnoT.exe
  C:\Windows\System\lNtpnoT.exe
  2⤵
  PID:9380
- C:\Windows\System\gnWmJEa.exe
  C:\Windows\System\gnWmJEa.exe
  2⤵
  PID:9404
- C:\Windows\System\GrHYkZt.exe
  C:\Windows\System\GrHYkZt.exe
  2⤵
  PID:9420
- C:\Windows\System\cTKveLq.exe
  C:\Windows\System\cTKveLq.exe
  2⤵
  PID:9440
- C:\Windows\System\VQfGORp.exe
  C:\Windows\System\VQfGORp.exe
  2⤵
  PID:9456
- C:\Windows\System\bmSrqrV.exe
  C:\Windows\System\bmSrqrV.exe
  2⤵
  PID:9472
- C:\Windows\System\CekSphQ.exe
  C:\Windows\System\CekSphQ.exe
  2⤵
  PID:9492
- C:\Windows\System\wSCTUyZ.exe
  C:\Windows\System\wSCTUyZ.exe
  2⤵
  PID:9508
- C:\Windows\System\rlZjjdH.exe
  C:\Windows\System\rlZjjdH.exe
  2⤵
  PID:9524
- C:\Windows\System\IkMPJIG.exe
  C:\Windows\System\IkMPJIG.exe
  2⤵
  PID:9544
- C:\Windows\System\LTPDHlW.exe
  C:\Windows\System\LTPDHlW.exe
  2⤵
  PID:9564
- C:\Windows\System\vKNHpSu.exe
  C:\Windows\System\vKNHpSu.exe
  2⤵
  PID:9584
- C:\Windows\System\udicayP.exe
  C:\Windows\System\udicayP.exe
  2⤵
  PID:9600
- C:\Windows\System\fvfMUQx.exe
  C:\Windows\System\fvfMUQx.exe
  2⤵
  PID:9620
- C:\Windows\System\ObqHfMK.exe
  C:\Windows\System\ObqHfMK.exe
  2⤵
  PID:9636
- C:\Windows\System\urTZhAv.exe
  C:\Windows\System\urTZhAv.exe
  2⤵
  PID:9652
- C:\Windows\System\vmWRHKi.exe
  C:\Windows\System\vmWRHKi.exe
  2⤵
  PID:9672
- C:\Windows\System\GJgOcOq.exe
  C:\Windows\System\GJgOcOq.exe
  2⤵
  PID:9688
- C:\Windows\System\zXuBltX.exe
  C:\Windows\System\zXuBltX.exe
  2⤵
  PID:9708
- C:\Windows\System\plSnokc.exe
  C:\Windows\System\plSnokc.exe
  2⤵
  PID:9736
- C:\Windows\System\YzDyoQS.exe
  C:\Windows\System\YzDyoQS.exe
  2⤵
  PID:9756
- C:\Windows\System\RNvPSdf.exe
  C:\Windows\System\RNvPSdf.exe
  2⤵
  PID:9776
- C:\Windows\System\zmktSLG.exe
  C:\Windows\System\zmktSLG.exe
  2⤵
  PID:9792
- C:\Windows\System\YYPBmNz.exe
  C:\Windows\System\YYPBmNz.exe
  2⤵
  PID:9812
- C:\Windows\System\rSnzqSc.exe
  C:\Windows\System\rSnzqSc.exe
  2⤵
  PID:9828
- C:\Windows\System\hyTqlPZ.exe
  C:\Windows\System\hyTqlPZ.exe
  2⤵
  PID:9848
- C:\Windows\System\qmgxeKA.exe
  C:\Windows\System\qmgxeKA.exe
  2⤵
  PID:9864
- C:\Windows\System\FltuGCH.exe
  C:\Windows\System\FltuGCH.exe
  2⤵
  PID:9880
- C:\Windows\System\NzbDMmQ.exe
  C:\Windows\System\NzbDMmQ.exe
  2⤵
  PID:9896
- C:\Windows\System\gKVflpP.exe
  C:\Windows\System\gKVflpP.exe
  2⤵
  PID:9916
- C:\Windows\System\mZycmjX.exe
  C:\Windows\System\mZycmjX.exe
  2⤵
  PID:9932
- C:\Windows\System\lyNjvEk.exe
  C:\Windows\System\lyNjvEk.exe
  2⤵
  PID:9952
- C:\Windows\System\TwSUvLk.exe
  C:\Windows\System\TwSUvLk.exe
  2⤵
  PID:9968
- C:\Windows\System\XjrzQmW.exe
  C:\Windows\System\XjrzQmW.exe
  2⤵
  PID:9988
- C:\Windows\System\LctYsZF.exe
  C:\Windows\System\LctYsZF.exe
  2⤵
  PID:10004
- C:\Windows\System\tSpjQRQ.exe
  C:\Windows\System\tSpjQRQ.exe
  2⤵
  PID:10024
- C:\Windows\System\RYqETrU.exe
  C:\Windows\System\RYqETrU.exe
  2⤵
  PID:10044
- C:\Windows\System\rKbtJVs.exe
  C:\Windows\System\rKbtJVs.exe
  2⤵
  PID:10060
- C:\Windows\System\oFJFHOp.exe
  C:\Windows\System\oFJFHOp.exe
  2⤵
  PID:10080
- C:\Windows\System\hhrqRWe.exe
  C:\Windows\System\hhrqRWe.exe
  2⤵
  PID:10096
- C:\Windows\System\NhZCrUM.exe
  C:\Windows\System\NhZCrUM.exe
  2⤵
  PID:10116
- C:\Windows\System\dhnDlSx.exe
  C:\Windows\System\dhnDlSx.exe
  2⤵
  PID:10136
- C:\Windows\System\LbDnAWo.exe
  C:\Windows\System\LbDnAWo.exe
  2⤵
  PID:10152
- C:\Windows\System\GyZZcsu.exe
  C:\Windows\System\GyZZcsu.exe
  2⤵
  PID:10168
- C:\Windows\System\qQzVWFD.exe
  C:\Windows\System\qQzVWFD.exe
  2⤵
  PID:10192
- C:\Windows\System\qQUeHhY.exe
  C:\Windows\System\qQUeHhY.exe
  2⤵
  PID:10208
- C:\Windows\System\bAXeZQU.exe
  C:\Windows\System\bAXeZQU.exe
  2⤵
  PID:10224
- C:\Windows\System\JIRRaGT.exe
  C:\Windows\System\JIRRaGT.exe
  2⤵
  PID:10244
- C:\Windows\System\QMqISfj.exe
  C:\Windows\System\QMqISfj.exe
  2⤵
  PID:10264
- C:\Windows\System\YsIXWCH.exe
  C:\Windows\System\YsIXWCH.exe
  2⤵
  PID:10280
- C:\Windows\System\XchAPpB.exe
  C:\Windows\System\XchAPpB.exe
  2⤵
  PID:10296
- C:\Windows\System\NVqBVdm.exe
  C:\Windows\System\NVqBVdm.exe
  2⤵
  PID:10316
- C:\Windows\System\ZFtRCex.exe
  C:\Windows\System\ZFtRCex.exe
  2⤵
  PID:10336
- C:\Windows\System\wrcFzoQ.exe
  C:\Windows\System\wrcFzoQ.exe
  2⤵
  PID:10352
- C:\Windows\System\ghUBhwh.exe
  C:\Windows\System\ghUBhwh.exe
  2⤵
  PID:10368
- C:\Windows\System\Bqltnan.exe
  C:\Windows\System\Bqltnan.exe
  2⤵
  PID:10388
- C:\Windows\System\JnGphfa.exe
  C:\Windows\System\JnGphfa.exe
  2⤵
  PID:10408
- C:\Windows\System\wvEgclt.exe
  C:\Windows\System\wvEgclt.exe
  2⤵
  PID:10428
- C:\Windows\System\AExJKHg.exe
  C:\Windows\System\AExJKHg.exe
  2⤵
  PID:10444
- C:\Windows\System\pWKiHcm.exe
  C:\Windows\System\pWKiHcm.exe
  2⤵
  PID:10464
- C:\Windows\System\dYFMnGD.exe
  C:\Windows\System\dYFMnGD.exe
  2⤵
  PID:10484
- C:\Windows\System\PgfgAai.exe
  C:\Windows\System\PgfgAai.exe
  2⤵
  PID:10500
- C:\Windows\System\sWwglVF.exe
  C:\Windows\System\sWwglVF.exe
  2⤵
  PID:10516
- C:\Windows\System\wsMnsSE.exe
  C:\Windows\System\wsMnsSE.exe
  2⤵
  PID:10536
- C:\Windows\System\wiKJqwP.exe
  C:\Windows\System\wiKJqwP.exe
  2⤵
  PID:10552
- C:\Windows\System\LIccEvr.exe
  C:\Windows\System\LIccEvr.exe
  2⤵
  PID:10572
- C:\Windows\System\MnfxRXB.exe
  C:\Windows\System\MnfxRXB.exe
  2⤵
  PID:10588
- C:\Windows\System\VksfIIX.exe
  C:\Windows\System\VksfIIX.exe
  2⤵
  PID:10612
- C:\Windows\System\cJDiEoQ.exe
  C:\Windows\System\cJDiEoQ.exe
  2⤵
  PID:10628
- C:\Windows\System\PIKCULb.exe
  C:\Windows\System\PIKCULb.exe
  2⤵
  PID:10644
- C:\Windows\System\orwBARt.exe
  C:\Windows\System\orwBARt.exe
  2⤵
  PID:10660
- C:\Windows\System\CHHwzZa.exe
  C:\Windows\System\CHHwzZa.exe
  2⤵
  PID:10680
- C:\Windows\System\vYYcPaA.exe
  C:\Windows\System\vYYcPaA.exe
  2⤵
  PID:10696
- C:\Windows\System\xWtVmaw.exe
  C:\Windows\System\xWtVmaw.exe
  2⤵
  PID:10716
- C:\Windows\System\mkDaBfO.exe
  C:\Windows\System\mkDaBfO.exe
  2⤵
  PID:10732
- C:\Windows\System\Xlghrwm.exe
  C:\Windows\System\Xlghrwm.exe
  2⤵
  PID:10752
- C:\Windows\System\PNrJuXV.exe
  C:\Windows\System\PNrJuXV.exe
  2⤵
  PID:10768
- C:\Windows\System\vOXqpZI.exe
  C:\Windows\System\vOXqpZI.exe
  2⤵
  PID:10784
- C:\Windows\System\NMpSUYs.exe
  C:\Windows\System\NMpSUYs.exe
  2⤵
  PID:10800
- C:\Windows\System\IveuMlc.exe
  C:\Windows\System\IveuMlc.exe
  2⤵
  PID:10816
- C:\Windows\System\OIqrCxS.exe
  C:\Windows\System\OIqrCxS.exe
  2⤵
  PID:10832
- C:\Windows\System\OvNeHgH.exe
  C:\Windows\System\OvNeHgH.exe
  2⤵
  PID:10848
- C:\Windows\System\BGBKlvm.exe
  C:\Windows\System\BGBKlvm.exe
  2⤵
  PID:10864
- C:\Windows\System\ddyBaSw.exe
  C:\Windows\System\ddyBaSw.exe
  2⤵
  PID:10888
- C:\Windows\System\bOiSdCd.exe
  C:\Windows\System\bOiSdCd.exe
  2⤵
  PID:10904
- C:\Windows\System\hERVuZD.exe
  C:\Windows\System\hERVuZD.exe
  2⤵
  PID:10924
- C:\Windows\System\nlNktIN.exe
  C:\Windows\System\nlNktIN.exe
  2⤵
  PID:10940
- C:\Windows\System\ngDrqxA.exe
  C:\Windows\System\ngDrqxA.exe
  2⤵
  PID:10956
- C:\Windows\System\IaTMHUB.exe
  C:\Windows\System\IaTMHUB.exe
  2⤵
  PID:10972
- C:\Windows\System\tPCSRIC.exe
  C:\Windows\System\tPCSRIC.exe
  2⤵
  PID:10992
- C:\Windows\System\PRWWjHO.exe
  C:\Windows\System\PRWWjHO.exe
  2⤵
  PID:11008
- C:\Windows\System\mUrKZnO.exe
  C:\Windows\System\mUrKZnO.exe
  2⤵
  PID:11028
- C:\Windows\System\vGbksgr.exe
  C:\Windows\System\vGbksgr.exe
  2⤵
  PID:11044
- C:\Windows\System\yBpCcsI.exe
  C:\Windows\System\yBpCcsI.exe
  2⤵
  PID:11064
- C:\Windows\System\unJKFKy.exe
  C:\Windows\System\unJKFKy.exe
  2⤵
  PID:11080
- C:\Windows\System\guRfnsz.exe
  C:\Windows\System\guRfnsz.exe
  2⤵
  PID:11100
- C:\Windows\System\oQEDAfu.exe
  C:\Windows\System\oQEDAfu.exe
  2⤵
  PID:11116
- C:\Windows\System\QTdFuJZ.exe
  C:\Windows\System\QTdFuJZ.exe
  2⤵
  PID:11140
- C:\Windows\System\WSQSStC.exe
  C:\Windows\System\WSQSStC.exe
  2⤵
  PID:11156
- C:\Windows\System\fLQcLLI.exe
  C:\Windows\System\fLQcLLI.exe
  2⤵
  PID:11176
- C:\Windows\System\WqKuDAH.exe
  C:\Windows\System\WqKuDAH.exe
  2⤵
  PID:11196
- C:\Windows\System\PcxQqqE.exe
  C:\Windows\System\PcxQqqE.exe
  2⤵
  PID:11216
- C:\Windows\System\EYeXpmc.exe
  C:\Windows\System\EYeXpmc.exe
  2⤵
  PID:11232
- C:\Windows\System\TBBDMWx.exe
  C:\Windows\System\TBBDMWx.exe
  2⤵
  PID:11248
- C:\Windows\System\BBLcnDg.exe
  C:\Windows\System\BBLcnDg.exe
  2⤵
  PID:8832
- C:\Windows\System\aviuLOv.exe
  C:\Windows\System\aviuLOv.exe
  2⤵
  PID:8880
- C:\Windows\System\NExVOBe.exe
  C:\Windows\System\NExVOBe.exe
  2⤵
  PID:9008
- C:\Windows\System\ELYeleM.exe
  C:\Windows\System\ELYeleM.exe
  2⤵
  PID:11276
- C:\Windows\System\qcCpuub.exe
  C:\Windows\System\qcCpuub.exe
  2⤵
  PID:11296
- C:\Windows\System\jpfmaQb.exe
  C:\Windows\System\jpfmaQb.exe
  2⤵
  PID:11312
- C:\Windows\System\eKMmPta.exe
  C:\Windows\System\eKMmPta.exe
  2⤵
  PID:11332
- C:\Windows\System\fZMlSWt.exe
  C:\Windows\System\fZMlSWt.exe
  2⤵
  PID:11348
- C:\Windows\System\BsjyDyN.exe
  C:\Windows\System\BsjyDyN.exe
  2⤵
  PID:11368
- C:\Windows\System\yElXoUd.exe
  C:\Windows\System\yElXoUd.exe
  2⤵
  PID:11384
- C:\Windows\System\xUaKmhO.exe
  C:\Windows\System\xUaKmhO.exe
  2⤵
  PID:11408
- C:\Windows\System\NlMHwdx.exe
  C:\Windows\System\NlMHwdx.exe
  2⤵
  PID:11424
- C:\Windows\System\xFjPpnk.exe
  C:\Windows\System\xFjPpnk.exe
  2⤵
  PID:11444
- C:\Windows\System\iBfPrkS.exe
  C:\Windows\System\iBfPrkS.exe
  2⤵
  PID:11460
- C:\Windows\System\COWIaMu.exe
  C:\Windows\System\COWIaMu.exe
  2⤵
  PID:11476
- C:\Windows\System\PhXLLnS.exe
  C:\Windows\System\PhXLLnS.exe
  2⤵
  PID:11496
- C:\Windows\System\SEUWHlr.exe
  C:\Windows\System\SEUWHlr.exe
  2⤵
  PID:11512
- C:\Windows\System\Epdcpjl.exe
  C:\Windows\System\Epdcpjl.exe
  2⤵
  PID:11528
- C:\Windows\System\MaoOWZs.exe
  C:\Windows\System\MaoOWZs.exe
  2⤵
  PID:11548
- C:\Windows\System\bocJEtj.exe
  C:\Windows\System\bocJEtj.exe
  2⤵
  PID:12152
- C:\Windows\System\ijLWDZs.exe
  C:\Windows\System\ijLWDZs.exe
  2⤵
  PID:12188
- C:\Windows\System\NdPedsi.exe
  C:\Windows\System\NdPedsi.exe
  2⤵
  PID:12208
- C:\Windows\System\gpGzpyP.exe
  C:\Windows\System\gpGzpyP.exe
  2⤵
  PID:12224
- C:\Windows\System\nVMpOdz.exe
  C:\Windows\System\nVMpOdz.exe
  2⤵
  PID:12244
- C:\Windows\System\jFQrWjG.exe
  C:\Windows\System\jFQrWjG.exe
  2⤵
  PID:12260
- C:\Windows\System\LTjxFWH.exe
  C:\Windows\System\LTjxFWH.exe
  2⤵
  PID:12276
- C:\Windows\System\szRVJFT.exe
  C:\Windows\System\szRVJFT.exe
  2⤵
  PID:6780
- C:\Windows\System\etyhFvT.exe
  C:\Windows\System\etyhFvT.exe
  2⤵
  PID:6684
- C:\Windows\System\eQWuFro.exe
  C:\Windows\System\eQWuFro.exe
  2⤵
  PID:6392
- C:\Windows\System\KFBiFUR.exe
  C:\Windows\System\KFBiFUR.exe
  2⤵
  PID:6228
- C:\Windows\System\CIVfmsh.exe
  C:\Windows\System\CIVfmsh.exe
  2⤵
  PID:3524
- C:\Windows\System\zaStteD.exe
  C:\Windows\System\zaStteD.exe
  2⤵
  PID:4516
- C:\Windows\System\GRNjIPI.exe
  C:\Windows\System\GRNjIPI.exe
  2⤵
  PID:5308
- C:\Windows\System\aBTpgkN.exe
  C:\Windows\System\aBTpgkN.exe
  2⤵
  PID:8312
- C:\Windows\System\TBSpWni.exe
  C:\Windows\System\TBSpWni.exe
  2⤵
  PID:8260
- C:\Windows\System\EprMDyh.exe
  C:\Windows\System\EprMDyh.exe
  2⤵
  PID:8108
- C:\Windows\System\lBzmtOB.exe
  C:\Windows\System\lBzmtOB.exe
  2⤵
  PID:8408
- C:\Windows\System\JFFMujI.exe
  C:\Windows\System\JFFMujI.exe
  2⤵
  PID:11732
- C:\Windows\System\UKpfnnd.exe
  C:\Windows\System\UKpfnnd.exe
  2⤵
  PID:11736
- C:\Windows\System\neRANED.exe
  C:\Windows\System\neRANED.exe
  2⤵
  PID:8300
- C:\Windows\System\xKTbyPh.exe
  C:\Windows\System\xKTbyPh.exe
  2⤵
  PID:8540
- C:\Windows\System\pezmZtu.exe
  C:\Windows\System\pezmZtu.exe
  2⤵
  PID:9416
- C:\Windows\System\sLmCJiv.exe
  C:\Windows\System\sLmCJiv.exe
  2⤵
  PID:9836
- C:\Windows\System\pqaReLa.exe
  C:\Windows\System\pqaReLa.exe
  2⤵
  PID:9872
- C:\Windows\System\AXzWfxQ.exe
  C:\Windows\System\AXzWfxQ.exe
  2⤵
  PID:10036
- C:\Windows\System\xOGkKxT.exe
  C:\Windows\System\xOGkKxT.exe
  2⤵
  PID:10104
- C:\Windows\System\TkzelIb.exe
  C:\Windows\System\TkzelIb.exe
  2⤵
  PID:10216
- C:\Windows\System\kuTFuPW.exe
  C:\Windows\System\kuTFuPW.exe
  2⤵
  PID:10288
- C:\Windows\System\RQrKlsC.exe
  C:\Windows\System\RQrKlsC.exe
  2⤵
  PID:10456
- C:\Windows\System\RdpofMG.exe
  C:\Windows\System\RdpofMG.exe
  2⤵
  PID:10492
- C:\Windows\System\uavwYZM.exe
  C:\Windows\System\uavwYZM.exe
  2⤵
  PID:10524
- C:\Windows\System\ShtEhXN.exe
  C:\Windows\System\ShtEhXN.exe
  2⤵
  PID:10636
- C:\Windows\System\yQiCkvS.exe
  C:\Windows\System\yQiCkvS.exe
  2⤵
  PID:10672
- C:\Windows\System\NfQKzgZ.exe
  C:\Windows\System\NfQKzgZ.exe
  2⤵
  PID:10712
- C:\Windows\System\OSNXlJH.exe
  C:\Windows\System\OSNXlJH.exe
  2⤵
  PID:10744
- C:\Windows\System\JskWbRG.exe
  C:\Windows\System\JskWbRG.exe
  2⤵
  PID:10776
- C:\Windows\System\NleoXOi.exe
  C:\Windows\System\NleoXOi.exe
  2⤵
  PID:8796
- C:\Windows\System\ywoZlCG.exe
  C:\Windows\System\ywoZlCG.exe
  2⤵
  PID:10844
- C:\Windows\System\OrGtQnA.exe
  C:\Windows\System\OrGtQnA.exe
  2⤵
  PID:8948
- C:\Windows\System\zRxjsIX.exe
  C:\Windows\System\zRxjsIX.exe
  2⤵
  PID:10980
- C:\Windows\System\YfzBCZn.exe
  C:\Windows\System\YfzBCZn.exe
  2⤵
  PID:11184
- C:\Windows\System\UNlDDsN.exe
  C:\Windows\System\UNlDDsN.exe
  2⤵
  PID:11228
- C:\Windows\System\AsHQaZh.exe
  C:\Windows\System\AsHQaZh.exe
  2⤵
  PID:5856
- C:\Windows\System\ShOELaB.exe
  C:\Windows\System\ShOELaB.exe
  2⤵
  PID:5988
- C:\Windows\System\kGyMhVr.exe
  C:\Windows\System\kGyMhVr.exe
  2⤵
  PID:5208
- C:\Windows\System\qjSfqZv.exe
  C:\Windows\System\qjSfqZv.exe
  2⤵
  PID:5860
- C:\Windows\System\EEtEzIh.exe
  C:\Windows\System\EEtEzIh.exe
  2⤵
  PID:6848
- C:\Windows\System\KqnYEvw.exe
  C:\Windows\System\KqnYEvw.exe
  2⤵
  PID:6008
- C:\Windows\System\MnCWYtB.exe
  C:\Windows\System\MnCWYtB.exe
  2⤵
  PID:7096
- C:\Windows\System\VmBedNj.exe
  C:\Windows\System\VmBedNj.exe
  2⤵
  PID:7008
- C:\Windows\System\NsugKhW.exe
  C:\Windows\System\NsugKhW.exe
  2⤵
  PID:5352
- C:\Windows\System\fRdweTI.exe
  C:\Windows\System\fRdweTI.exe
  2⤵
  PID:12300
- C:\Windows\System\NSYRCUh.exe
  C:\Windows\System\NSYRCUh.exe
  2⤵
  PID:12320
- C:\Windows\System\vGHdIQO.exe
  C:\Windows\System\vGHdIQO.exe
  2⤵
  PID:12336
- C:\Windows\System\hfbNMvH.exe
  C:\Windows\System\hfbNMvH.exe
  2⤵
  PID:12356
- C:\Windows\System\FCrcIQP.exe
  C:\Windows\System\FCrcIQP.exe
  2⤵
  PID:12376
- C:\Windows\System\vwPhRdT.exe
  C:\Windows\System\vwPhRdT.exe
  2⤵
  PID:12392
- C:\Windows\System\irqWnVZ.exe
  C:\Windows\System\irqWnVZ.exe
  2⤵
  PID:12412
- C:\Windows\System\QkQIVAA.exe
  C:\Windows\System\QkQIVAA.exe
  2⤵
  PID:12428
- C:\Windows\System\LbTCudq.exe
  C:\Windows\System\LbTCudq.exe
  2⤵
  PID:12448
- C:\Windows\System\GqjmaXC.exe
  C:\Windows\System\GqjmaXC.exe
  2⤵
  PID:12468
- C:\Windows\System\XwDjXRc.exe
  C:\Windows\System\XwDjXRc.exe
  2⤵
  PID:12484
- C:\Windows\System\qLuYrUN.exe
  C:\Windows\System\qLuYrUN.exe
  2⤵
  PID:12500
- C:\Windows\System\pfuPzwf.exe
  C:\Windows\System\pfuPzwf.exe
  2⤵
  PID:12520
- C:\Windows\System\clXUTFh.exe
  C:\Windows\System\clXUTFh.exe
  2⤵
  PID:12536
- C:\Windows\System\ZNNsmzA.exe
  C:\Windows\System\ZNNsmzA.exe
  2⤵
  PID:12556
- C:\Windows\System\sUEFWOA.exe
  C:\Windows\System\sUEFWOA.exe
  2⤵
  PID:12572
- C:\Windows\System\dtmqXor.exe
  C:\Windows\System\dtmqXor.exe
  2⤵
  PID:12592
- C:\Windows\System\lhfjjWg.exe
  C:\Windows\System\lhfjjWg.exe
  2⤵
  PID:12608
- C:\Windows\System\qDKojLp.exe
  C:\Windows\System\qDKojLp.exe
  2⤵
  PID:12632
- C:\Windows\System\ZGSqRlN.exe
  C:\Windows\System\ZGSqRlN.exe
  2⤵
  PID:12648
- C:\Windows\System\TMdeKiR.exe
  C:\Windows\System\TMdeKiR.exe
  2⤵
  PID:12668
- C:\Windows\System\RvXGunl.exe
  C:\Windows\System\RvXGunl.exe
  2⤵
  PID:12684
- C:\Windows\System\CevleLA.exe
  C:\Windows\System\CevleLA.exe
  2⤵
  PID:12704
- C:\Windows\System\AjWCNng.exe
  C:\Windows\System\AjWCNng.exe
  2⤵
  PID:12724
- C:\Windows\System\xRhPkPZ.exe
  C:\Windows\System\xRhPkPZ.exe
  2⤵
  PID:12740
- C:\Windows\System\CmWcKbC.exe
  C:\Windows\System\CmWcKbC.exe
  2⤵
  PID:12760
- C:\Windows\System\aNNzwdV.exe
  C:\Windows\System\aNNzwdV.exe
  2⤵
  PID:12780
- C:\Windows\System\JVHLYDz.exe
  C:\Windows\System\JVHLYDz.exe
  2⤵
  PID:12796
- C:\Windows\System\DCeysau.exe
  C:\Windows\System\DCeysau.exe
  2⤵
  PID:12812
- C:\Windows\System\eXdbsxc.exe
  C:\Windows\System\eXdbsxc.exe
  2⤵
  PID:12832
- C:\Windows\System\MbeySeh.exe
  C:\Windows\System\MbeySeh.exe
  2⤵
  PID:12852
- C:\Windows\System\nlVqghI.exe
  C:\Windows\System\nlVqghI.exe
  2⤵
  PID:12868
- C:\Windows\System\kceybYy.exe
  C:\Windows\System\kceybYy.exe
  2⤵
  PID:12884
- C:\Windows\System\zihisVy.exe
  C:\Windows\System\zihisVy.exe
  2⤵
  PID:12900
- C:\Windows\System\kqKrTlJ.exe
  C:\Windows\System\kqKrTlJ.exe
  2⤵
  PID:12916
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 12916 -s 184
    3⤵
    PID:14152
- C:\Windows\System\dkhjtig.exe
  C:\Windows\System\dkhjtig.exe
  2⤵
  PID:12932
- C:\Windows\System\JPPeLUT.exe
  C:\Windows\System\JPPeLUT.exe
  2⤵
  PID:12948
- C:\Windows\System\aAPmUer.exe
  C:\Windows\System\aAPmUer.exe
  2⤵
  PID:12968
- C:\Windows\System\AruyGjp.exe
  C:\Windows\System\AruyGjp.exe
  2⤵
  PID:12988
- C:\Windows\System\elpKezL.exe
  C:\Windows\System\elpKezL.exe
  2⤵
  PID:13004
- C:\Windows\System\CzNEBuU.exe
  C:\Windows\System\CzNEBuU.exe
  2⤵
  PID:13020
- C:\Windows\System\NDMqNoZ.exe
  C:\Windows\System\NDMqNoZ.exe
  2⤵
  PID:13040
- C:\Windows\System\UJeXqyE.exe
  C:\Windows\System\UJeXqyE.exe
  2⤵
  PID:13056
- C:\Windows\System\zfGSsZv.exe
  C:\Windows\System\zfGSsZv.exe
  2⤵
  PID:13076
- C:\Windows\System\hyMsXiG.exe
  C:\Windows\System\hyMsXiG.exe
  2⤵
  PID:13096
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 13096 -s 240
    3⤵
    PID:13632
- C:\Windows\System\fpIUwEq.exe
  C:\Windows\System\fpIUwEq.exe
  2⤵
  PID:13112
- C:\Windows\System\MPCGqnw.exe
  C:\Windows\System\MPCGqnw.exe
  2⤵
  PID:11328
- C:\Windows\System\sydrCYx.exe
  C:\Windows\System\sydrCYx.exe
  2⤵
  PID:1400
- C:\Windows\System\USxauQX.exe
  C:\Windows\System\USxauQX.exe
  2⤵
  PID:10604
- C:\Windows\System\pMCzvNb.exe
  C:\Windows\System\pMCzvNb.exe
  2⤵
  PID:8004
- C:\Windows\System\RdsNiZh.exe
  C:\Windows\System\RdsNiZh.exe
  2⤵
  PID:13168
- C:\Windows\System\fICNTqd.exe
  C:\Windows\System\fICNTqd.exe
  2⤵
  PID:13260
- C:\Windows\System\YsXgTpE.exe
  C:\Windows\System\YsXgTpE.exe
  2⤵
  PID:11092
- C:\Windows\System\RRHFgjn.exe
  C:\Windows\System\RRHFgjn.exe
  2⤵
  PID:12016
- C:\Windows\System\OebOWFq.exe
  C:\Windows\System\OebOWFq.exe
  2⤵
  PID:11268
- C:\Windows\System\QSwtwUJ.exe
  C:\Windows\System\QSwtwUJ.exe
  2⤵
  PID:11356
- C:\Windows\System\kEAvIHE.exe
  C:\Windows\System\kEAvIHE.exe
  2⤵
  PID:11376
- C:\Windows\System\VmDkSjS.exe
  C:\Windows\System\VmDkSjS.exe
  2⤵
  PID:11452
- C:\Windows\System\bNZuJTd.exe
  C:\Windows\System\bNZuJTd.exe
  2⤵
  PID:11524
- C:\Windows\System\hxdiEOz.exe
  C:\Windows\System\hxdiEOz.exe
  2⤵
  PID:11572
- C:\Windows\System\zJuQRYr.exe
  C:\Windows\System\zJuQRYr.exe
  2⤵
  PID:9152
- C:\Windows\System\LrZyNKB.exe
  C:\Windows\System\LrZyNKB.exe
  2⤵
  PID:8676
- C:\Windows\System\gitDbNF.exe
  C:\Windows\System\gitDbNF.exe
  2⤵
  PID:9648
- C:\Windows\System\JiXduGy.exe
  C:\Windows\System\JiXduGy.exe
  2⤵
  PID:9844
- C:\Windows\System\zoxVrZj.exe
  C:\Windows\System\zoxVrZj.exe
  2⤵
  PID:10232
- C:\Windows\System\jhvYxBo.exe
  C:\Windows\System\jhvYxBo.exe
  2⤵
  PID:13188
- C:\Windows\System\uukyiPI.exe
  C:\Windows\System\uukyiPI.exe
  2⤵
  PID:13236
- C:\Windows\System\YWRxojd.exe
  C:\Windows\System\YWRxojd.exe
  2⤵
  PID:9480
- C:\Windows\System\SYsUVAH.exe
  C:\Windows\System\SYsUVAH.exe
  2⤵
  PID:5660
- C:\Windows\System\VIoiVrr.exe
  C:\Windows\System\VIoiVrr.exe
  2⤵
  PID:12076
- C:\Windows\System\BoHlKaf.exe
  C:\Windows\System\BoHlKaf.exe
  2⤵
  PID:12148
- C:\Windows\System\QZhkwui.exe
  C:\Windows\System\QZhkwui.exe
  2⤵
  PID:12200
- C:\Windows\System\HrpsFrq.exe
  C:\Windows\System\HrpsFrq.exe
  2⤵
  PID:4432
- C:\Windows\System\pzHSNgI.exe
  C:\Windows\System\pzHSNgI.exe
  2⤵
  PID:7324
- C:\Windows\System\vSqWLDZ.exe
  C:\Windows\System\vSqWLDZ.exe
  2⤵
  PID:8480
- C:\Windows\System\TaSVDBr.exe
  C:\Windows\System\TaSVDBr.exe
  2⤵
  PID:9232
- C:\Windows\System\KlmCobk.exe
  C:\Windows\System\KlmCobk.exe
  2⤵
  PID:5428
- C:\Windows\System\aLXEDYV.exe
  C:\Windows\System\aLXEDYV.exe
  2⤵
  PID:636
- C:\Windows\System\zpIxdPV.exe
  C:\Windows\System\zpIxdPV.exe
  2⤵
  PID:9856
- C:\Windows\System\IXElDrQ.exe
  C:\Windows\System\IXElDrQ.exe
  2⤵
  PID:10532
- C:\Windows\System\FbtfCiP.exe
  C:\Windows\System\FbtfCiP.exe
  2⤵
  PID:12352
- C:\Windows\System\CcbMcXZ.exe
  C:\Windows\System\CcbMcXZ.exe
  2⤵
  PID:9304
- C:\Windows\System\aSkaWCc.exe
  C:\Windows\System\aSkaWCc.exe
  2⤵
  PID:9356
- C:\Windows\System\MCukUmO.exe
  C:\Windows\System\MCukUmO.exe
  2⤵
  PID:7900
- C:\Windows\System\InwylUR.exe
  C:\Windows\System\InwylUR.exe
  2⤵
  PID:1572
- C:\Windows\System\PoptAuF.exe
  C:\Windows\System\PoptAuF.exe
  2⤵
  PID:12664
- C:\Windows\System\llkVbBA.exe
  C:\Windows\System\llkVbBA.exe
  2⤵
  PID:11648
- C:\Windows\System\Bzztxcs.exe
  C:\Windows\System\Bzztxcs.exe
  2⤵
  PID:10180
- C:\Windows\System\VbtPfLJ.exe
  C:\Windows\System\VbtPfLJ.exe
  2⤵
  PID:7364
- C:\Windows\System\aqcNobW.exe
  C:\Windows\System\aqcNobW.exe
  2⤵
  PID:7116
- C:\Windows\System\GAoeJrh.exe
  C:\Windows\System\GAoeJrh.exe
  2⤵
  PID:12400
- C:\Windows\System\ZZOURCX.exe
  C:\Windows\System\ZZOURCX.exe
  2⤵
  PID:12328
- C:\Windows\System\JFbhFbp.exe
  C:\Windows\System\JFbhFbp.exe
  2⤵
  PID:7832
- C:\Windows\System\PpwEoDV.exe
  C:\Windows\System\PpwEoDV.exe
  2⤵
  PID:8040
- C:\Windows\System\gbgfZcd.exe
  C:\Windows\System\gbgfZcd.exe
  2⤵
  PID:9532
- C:\Windows\System\kiVispb.exe
  C:\Windows\System\kiVispb.exe
  2⤵
  PID:1340
- C:\Windows\System\wuGHiBz.exe
  C:\Windows\System\wuGHiBz.exe
  2⤵
  PID:6692
- C:\Windows\System\IpCoQIv.exe
  C:\Windows\System\IpCoQIv.exe
  2⤵
  PID:1544
- C:\Windows\System\EFJJcSm.exe
  C:\Windows\System\EFJJcSm.exe
  2⤵
  PID:13084
- C:\Windows\System\ABTpKsD.exe
  C:\Windows\System\ABTpKsD.exe
  2⤵
  PID:9324
- C:\Windows\System\YblwJkj.exe
  C:\Windows\System\YblwJkj.exe
  2⤵
  PID:9904
- C:\Windows\System\ZFQmgMf.exe
  C:\Windows\System\ZFQmgMf.exe
  2⤵
  PID:2132
- C:\Windows\System\AjzFoFq.exe
  C:\Windows\System\AjzFoFq.exe
  2⤵
  PID:5640
- C:\Windows\System\DBmccNd.exe
  C:\Windows\System\DBmccNd.exe
  2⤵
  PID:12660
- C:\Windows\System\zKhIxMM.exe
  C:\Windows\System\zKhIxMM.exe
  2⤵
  PID:8812
- C:\Windows\System\onctiJy.exe
  C:\Windows\System\onctiJy.exe
  2⤵
  PID:1648
- C:\Windows\System\PWxnSsK.exe
  C:\Windows\System\PWxnSsK.exe
  2⤵
  PID:12296
- C:\Windows\System\jxdYCll.exe
  C:\Windows\System\jxdYCll.exe
  2⤵
  PID:10020
- C:\Windows\System\RzGGiHB.exe
  C:\Windows\System\RzGGiHB.exe
  2⤵
  PID:11980
- C:\Windows\System\fwAKxNZ.exe
  C:\Windows\System\fwAKxNZ.exe
  2⤵
  PID:13320
- C:\Windows\System\JGInAeJ.exe
  C:\Windows\System\JGInAeJ.exe
  2⤵
  PID:13340
- C:\Windows\System\vjWdLzI.exe
  C:\Windows\System\vjWdLzI.exe
  2⤵
  PID:13356
- C:\Windows\System\nRuBaOy.exe
  C:\Windows\System\nRuBaOy.exe
  2⤵
  PID:13376
- C:\Windows\System\mkvNjqI.exe
  C:\Windows\System\mkvNjqI.exe
  2⤵
  PID:13392
- C:\Windows\System\mMScbFj.exe
  C:\Windows\System\mMScbFj.exe
  2⤵
  PID:13412
- C:\Windows\System\WaDbxNi.exe
  C:\Windows\System\WaDbxNi.exe
  2⤵
  PID:13428
- C:\Windows\System\SeTXGnG.exe
  C:\Windows\System\SeTXGnG.exe
  2⤵
  PID:13448
- C:\Windows\System\hLaidRt.exe
  C:\Windows\System\hLaidRt.exe
  2⤵
  PID:13464
- C:\Windows\System\CYfzDQF.exe
  C:\Windows\System\CYfzDQF.exe
  2⤵
  PID:13480
- C:\Windows\System\EvRFfSU.exe
  C:\Windows\System\EvRFfSU.exe
  2⤵
  PID:13512
- C:\Windows\System\zUKZvHT.exe
  C:\Windows\System\zUKZvHT.exe
  2⤵
  PID:13528
- C:\Windows\System\tCXbqfk.exe
  C:\Windows\System\tCXbqfk.exe
  2⤵
  PID:13560
- C:\Windows\System\FACFVOp.exe
  C:\Windows\System\FACFVOp.exe
  2⤵
  PID:13608
- C:\Windows\System\CnNPlKv.exe
  C:\Windows\System\CnNPlKv.exe
  2⤵
  PID:13624
- C:\Windows\System\BksjYik.exe
  C:\Windows\System\BksjYik.exe
  2⤵
  PID:13744
- C:\Windows\System\NQzKIbK.exe
  C:\Windows\System\NQzKIbK.exe
  2⤵
  PID:13928
- C:\Windows\System\YrgPEgf.exe
  C:\Windows\System\YrgPEgf.exe
  2⤵
  PID:13964
- C:\Windows\System\UYOQUUW.exe
  C:\Windows\System\UYOQUUW.exe
  2⤵
  PID:14216
- C:\Windows\System\Uotletb.exe
  C:\Windows\System\Uotletb.exe
  2⤵
  PID:14244
- C:\Windows\System\dngrBXa.exe
  C:\Windows\System\dngrBXa.exe
  2⤵
  PID:14260
- C:\Windows\System\eUiCThM.exe
  C:\Windows\System\eUiCThM.exe
  2⤵
  PID:14276
- C:\Windows\System\efTAUzQ.exe
  C:\Windows\System\efTAUzQ.exe
  2⤵
  PID:14304
- C:\Windows\System\jtMJzRB.exe
  C:\Windows\System\jtMJzRB.exe
  2⤵
  PID:11776
- C:\Windows\System\btawEll.exe
  C:\Windows\System\btawEll.exe
  2⤵
  PID:7524
- C:\Windows\System\oNlqZQZ.exe
  C:\Windows\System\oNlqZQZ.exe
  2⤵
  PID:12996
- C:\Windows\System\RRNfGTE.exe
  C:\Windows\System\RRNfGTE.exe
  2⤵
  PID:3456
- C:\Windows\System\tSDNcGg.exe
  C:\Windows\System\tSDNcGg.exe
  2⤵
  PID:3280
- C:\Windows\System\nJCcqyD.exe
  C:\Windows\System\nJCcqyD.exe
  2⤵
  PID:9184
- C:\Windows\System\ReKYcSD.exe
  C:\Windows\System\ReKYcSD.exe
  2⤵
  PID:12104
- C:\Windows\System\FLUBbpg.exe
  C:\Windows\System\FLUBbpg.exe
  2⤵
  PID:9300
- C:\Windows\System\luBeXYd.exe
  C:\Windows\System\luBeXYd.exe
  2⤵
  PID:2500
- C:\Windows\System\ZLMhoPU.exe
  C:\Windows\System\ZLMhoPU.exe
  2⤵
  PID:13460
- C:\Windows\System\ixxnyUj.exe
  C:\Windows\System\ixxnyUj.exe
  2⤵
  PID:11284
- C:\Windows\System\vQrzLTX.exe
  C:\Windows\System\vQrzLTX.exe
  2⤵
  PID:10420
- C:\Windows\System\cdSYoTQ.exe
  C:\Windows\System\cdSYoTQ.exe
  2⤵
  PID:10580
- C:\Windows\System\DTOMoDI.exe
  C:\Windows\System\DTOMoDI.exe
  2⤵
  PID:8464
- C:\Windows\System\TgCCVht.exe
  C:\Windows\System\TgCCVht.exe
  2⤵
  PID:14188
- C:\Windows\System\dxwNbwg.exe
  C:\Windows\System\dxwNbwg.exe
  2⤵
  PID:13976
- C:\Windows\System\nTVbtlO.exe
  C:\Windows\System\nTVbtlO.exe
  2⤵
  PID:14228
- C:\Windows\System\GVlpgGZ.exe
  C:\Windows\System\GVlpgGZ.exe
  2⤵
  PID:5172
- C:\Windows\System\upLPISO.exe
  C:\Windows\System\upLPISO.exe
  2⤵
  PID:10148
- C:\Windows\System\CnWGIYE.exe
  C:\Windows\System\CnWGIYE.exe
  2⤵
  PID:8092
- C:\Windows\System\INHhtWd.exe
  C:\Windows\System\INHhtWd.exe
  2⤵
  PID:9536
- C:\Windows\System\pIxysaa.exe
  C:\Windows\System\pIxysaa.exe
  2⤵
  PID:13332
- C:\Windows\System\amWMWpV.exe
  C:\Windows\System\amWMWpV.exe
  2⤵
  PID:13520
- C:\Windows\System\uslHtLJ.exe
  C:\Windows\System\uslHtLJ.exe
  2⤵
  PID:3548
- C:\Windows\System\HEPRxKe.exe
  C:\Windows\System\HEPRxKe.exe
  2⤵
  PID:14008
- C:\Windows\System\LKEmhuZ.exe
  C:\Windows\System\LKEmhuZ.exe
  2⤵
  PID:14020
- C:\Windows\System\lsDOirZ.exe
  C:\Windows\System\lsDOirZ.exe
  2⤵
  PID:8604
- C:\Windows\System\gqGeBIV.exe
  C:\Windows\System\gqGeBIV.exe
  2⤵
  PID:13804
- C:\Windows\System\OHghEzP.exe
  C:\Windows\System\OHghEzP.exe
  2⤵
  PID:12804
- C:\Windows\System\EnAlrxK.exe
  C:\Windows\System\EnAlrxK.exe
  2⤵
  PID:13632
- C:\Windows\System\wqGJOCQ.exe
  C:\Windows\System\wqGJOCQ.exe
  2⤵
  PID:8868
- C:\Windows\System\yfZRfni.exe
  C:\Windows\System\yfZRfni.exe
  2⤵
  PID:8600
- C:\Windows\System\NSJvlAh.exe
  C:\Windows\System\NSJvlAh.exe
  2⤵
  PID:7880
- C:\Windows\System\hAOZvxu.exe
  C:\Windows\System\hAOZvxu.exe
  2⤵
  PID:13488
- C:\Windows\System\BsZAjRh.exe
  C:\Windows\System\BsZAjRh.exe
  2⤵
  PID:13808
- C:\Windows\System\RZZMrQC.exe
  C:\Windows\System\RZZMrQC.exe
  2⤵
  PID:10360
- C:\Windows\System\KDqOtlo.exe
  C:\Windows\System\KDqOtlo.exe
  2⤵
  PID:10912
- C:\Windows\System\nXXsdbF.exe
  C:\Windows\System\nXXsdbF.exe
  2⤵
  PID:11612
- C:\Windows\System\nYjJxcy.exe
  C:\Windows\System\nYjJxcy.exe
  2⤵
  PID:12444
- C:\Windows\System\vAOuNDp.exe
  C:\Windows\System\vAOuNDp.exe
  2⤵
  PID:6472
- C:\Windows\System\BwUyNhi.exe
  C:\Windows\System\BwUyNhi.exe
  2⤵
  PID:5744
- C:\Windows\System\etvQiGI.exe
  C:\Windows\System\etvQiGI.exe
  2⤵
  PID:10276
- C:\Windows\System\NnuFIVr.exe
  C:\Windows\System\NnuFIVr.exe
  2⤵
  PID:14316
- C:\Windows\System\MiywhBd.exe
  C:\Windows\System\MiywhBd.exe
  2⤵
  PID:10920
- C:\Windows\System\pFJgJhv.exe
  C:\Windows\System\pFJgJhv.exe
  2⤵
  PID:13496
- C:\Windows\System\mzXKyrv.exe
  C:\Windows\System\mzXKyrv.exe
  2⤵
  PID:5284
- C:\Windows\System\LWdHnzY.exe
  C:\Windows\System\LWdHnzY.exe
  2⤵
  PID:4384
- C:\Windows\System\tQJzGwo.exe
  C:\Windows\System\tQJzGwo.exe
  2⤵
  PID:9504
- C:\Windows\System\gdECkbt.exe
  C:\Windows\System\gdECkbt.exe
  2⤵
  PID:1628
- C:\Windows\System\HtxBkCt.exe
  C:\Windows\System\HtxBkCt.exe
  2⤵
  PID:10704
- C:\Windows\System\DuUKQQy.exe
  C:\Windows\System\DuUKQQy.exe
  2⤵
  PID:9200
- C:\Windows\System\xxNxMhV.exe
  C:\Windows\System\xxNxMhV.exe
  2⤵
  PID:3436
- C:\Windows\System\LrBjrQM.exe
  C:\Windows\System\LrBjrQM.exe
  2⤵
  PID:4276
- C:\Windows\System\YkCaURV.exe
  C:\Windows\System\YkCaURV.exe
  2⤵
  PID:3916
- C:\Windows\System\pPLisRP.exe
  C:\Windows\System\pPLisRP.exe
  2⤵
  PID:4316
- C:\Windows\System\fHHtizY.exe
  C:\Windows\System\fHHtizY.exe
  2⤵
  PID:13736
- C:\Windows\System\hEljCoB.exe
  C:\Windows\System\hEljCoB.exe
  2⤵
  PID:13700
- C:\Windows\System\jdGiTPY.exe
  C:\Windows\System\jdGiTPY.exe
  2⤵
  PID:12656
- C:\Windows\System\MozJwFA.exe
  C:\Windows\System\MozJwFA.exe
  2⤵
  PID:10760
- C:\Windows\System\EwpkpWK.exe
  C:\Windows\System\EwpkpWK.exe
  2⤵
  PID:4692
- C:\Windows\System\gGqzhSe.exe
  C:\Windows\System\gGqzhSe.exe
  2⤵
  PID:2196
- C:\Windows\System\CtnKLxV.exe
  C:\Windows\System\CtnKLxV.exe
  2⤵
  PID:14152
- C:\Windows\System\tXRxsVU.exe
  C:\Windows\System\tXRxsVU.exe
  2⤵
  PID:11492
- C:\Windows\System\ceXUtvV.exe
  C:\Windows\System\ceXUtvV.exe
  2⤵
  PID:13864
- C:\Windows\System\ywHwOqa.exe
  C:\Windows\System\ywHwOqa.exe
  2⤵
  PID:4732
- C:\Windows\System\NvQGkhN.exe
  C:\Windows\System\NvQGkhN.exe
  2⤵
  PID:12584
- C:\Windows\System\GfoOBBi.exe
  C:\Windows\System\GfoOBBi.exe
  2⤵
  PID:7240
- C:\Windows\System\UISfwgG.exe
  C:\Windows\System\UISfwgG.exe
  2⤵
  PID:13640
- C:\Windows\System\CqgnYnq.exe
  C:\Windows\System\CqgnYnq.exe
  2⤵
  PID:4476
- C:\Windows\System\dzpZkmv.exe
  C:\Windows\System\dzpZkmv.exe
  2⤵
  PID:12588
- C:\Windows\System\qykrdCf.exe
  C:\Windows\System\qykrdCf.exe
  2⤵
  PID:14312
- C:\Windows\System\iPjfoet.exe
  C:\Windows\System\iPjfoet.exe
  2⤵
  PID:13604
- C:\Windows\System\AeUUTwX.exe
  C:\Windows\System\AeUUTwX.exe
  2⤵
  PID:10160
- C:\Windows\System\XXBIxSC.exe
  C:\Windows\System\XXBIxSC.exe
  2⤵
  PID:4448
- C:\Windows\System\qdCsmHF.exe
  C:\Windows\System\qdCsmHF.exe
  2⤵
  PID:2316
- C:\Windows\System\GToxPjE.exe
  C:\Windows\System\GToxPjE.exe
  2⤵
  PID:3324
- C:\Windows\System\dwpupRN.exe
  C:\Windows\System\dwpupRN.exe
  2⤵
  PID:13216
- C:\Windows\System\PSRWhgc.exe
  C:\Windows\System\PSRWhgc.exe
  2⤵
  PID:1432
- C:\Windows\System\fvicmjp.exe
  C:\Windows\System\fvicmjp.exe
  2⤵
  PID:10692
- C:\Windows\System\uUSpyVU.exe
  C:\Windows\System\uUSpyVU.exe
  2⤵
  PID:8476
- C:\Windows\System\yJjzeuf.exe
  C:\Windows\System\yJjzeuf.exe
  2⤵
  PID:9412
- C:\Windows\System\WTCJXgk.exe
  C:\Windows\System\WTCJXgk.exe
  2⤵
  PID:6552
- C:\Windows\System\wISkozs.exe
  C:\Windows\System\wISkozs.exe
  2⤵
  PID:1940
- C:\Windows\System\RkjHsIA.exe
  C:\Windows\System\RkjHsIA.exe
  2⤵
  PID:10220
- C:\Windows\System\AyTPdXR.exe
  C:\Windows\System\AyTPdXR.exe
  2⤵
  PID:11152
- C:\Windows\System\FGyKKos.exe
  C:\Windows\System\FGyKKos.exe
  2⤵
  PID:2084
- C:\Windows\System\uxUWirH.exe
  C:\Windows\System\uxUWirH.exe
  2⤵
  PID:5100
- C:\Windows\System\SeMbwNT.exe
  C:\Windows\System\SeMbwNT.exe
  2⤵
  PID:5964
- C:\Windows\System\PDcpnWn.exe
  C:\Windows\System\PDcpnWn.exe
  2⤵
  PID:12924
- C:\Windows\System\YLzRIuj.exe
  C:\Windows\System\YLzRIuj.exe
  2⤵
  PID:11432
- C:\Windows\System\MfVtBgV.exe
  C:\Windows\System\MfVtBgV.exe
  2⤵
  PID:12600
- C:\Windows\System\egDqAjq.exe
  C:\Windows\System\egDqAjq.exe
  2⤵
  PID:14148
- C:\Windows\System\cmatwLb.exe
  C:\Windows\System\cmatwLb.exe
  2⤵
  PID:4492
- C:\Windows\System\uFEQHOn.exe
  C:\Windows\System\uFEQHOn.exe
  2⤵
  PID:10508
- C:\Windows\System\pbbmVhJ.exe
  C:\Windows\System\pbbmVhJ.exe
  2⤵
  PID:11820
- C:\Windows\System\hkLmzEu.exe
  C:\Windows\System\hkLmzEu.exe
  2⤵
  PID:12768
- C:\Windows\System\nfkxOyo.exe
  C:\Windows\System\nfkxOyo.exe
  2⤵
  PID:14488
- C:\Windows\System\oxwPucJ.exe
  C:\Windows\System\oxwPucJ.exe
  2⤵
  PID:14784
- C:\Windows\System\qBSfwdN.exe
  C:\Windows\System\qBSfwdN.exe
  2⤵
  PID:14816
- C:\Windows\System\uzIAgTc.exe
  C:\Windows\System\uzIAgTc.exe
  2⤵
  PID:14832
- C:\Windows\System\JpdKVkc.exe
  C:\Windows\System\JpdKVkc.exe
  2⤵
  PID:14844
- C:\Windows\System\LBBWwls.exe
  C:\Windows\System\LBBWwls.exe
  2⤵
  PID:14876
- C:\Windows\System\UbFjOOe.exe
  C:\Windows\System\UbFjOOe.exe
  2⤵
  PID:14892
- C:\Windows\System\EBjohUl.exe
  C:\Windows\System\EBjohUl.exe
  2⤵
  PID:2228
- C:\Windows\System\MhobsYo.exe
  C:\Windows\System\MhobsYo.exe
  2⤵
  PID:15292
- C:\Windows\System\bqULCxe.exe
  C:\Windows\System\bqULCxe.exe
  2⤵
  PID:14408
- C:\Windows\System\tmHqSdw.exe
  C:\Windows\System\tmHqSdw.exe
  2⤵
  PID:9788
- C:\Windows\System\LeqPumn.exe
  C:\Windows\System\LeqPumn.exe
  2⤵
  PID:208
- C:\Windows\System\IvsnTwY.exe
  C:\Windows\System\IvsnTwY.exe
  2⤵
  PID:14596
- C:\Windows\System\xZiFHSb.exe
  C:\Windows\System\xZiFHSb.exe
  2⤵
  PID:14636
- C:\Windows\System\eXGPPMq.exe
  C:\Windows\System\eXGPPMq.exe
  2⤵
  PID:14652
- C:\Windows\System\WJaLVpI.exe
  C:\Windows\System\WJaLVpI.exe
  2⤵
  PID:14672
- C:\Windows\System\mVqrRAE.exe
  C:\Windows\System\mVqrRAE.exe
  2⤵
  PID:14948
- C:\Windows\System\xKqfXAe.exe
  C:\Windows\System\xKqfXAe.exe
  2⤵
  PID:5668
- C:\Windows\System\vokloWF.exe
  C:\Windows\System\vokloWF.exe
  2⤵
  PID:15024
- C:\Windows\System\IYwCUla.exe
  C:\Windows\System\IYwCUla.exe
  2⤵
  PID:14396
- C:\Windows\System\JExhNec.exe
  C:\Windows\System\JExhNec.exe
  2⤵
  PID:6864
- C:\Windows\System\fwxDqhY.exe
  C:\Windows\System\fwxDqhY.exe
  2⤵
  PID:12640
- C:\Windows\System\VbXFnrD.exe
  C:\Windows\System\VbXFnrD.exe
  2⤵
  PID:3256
- C:\Windows\System\HUVlSvQ.exe
  C:\Windows\System\HUVlSvQ.exe
  2⤵
  PID:13408
- C:\Windows\System\qdbPwHh.exe
  C:\Windows\System\qdbPwHh.exe
  2⤵
  PID:3144
- C:\Windows\System\umVhTOS.exe
  C:\Windows\System\umVhTOS.exe
  2⤵
  PID:12876
- C:\Windows\System\XbEToQB.exe
  C:\Windows\System\XbEToQB.exe
  2⤵
  PID:14556
- C:\Windows\System\OjGaZAr.exe
  C:\Windows\System\OjGaZAr.exe
  2⤵
  PID:14528
- C:\Windows\System\uJolbRi.exe
  C:\Windows\System\uJolbRi.exe
  2⤵
  PID:14576
- C:\Windows\System\yqewFXI.exe
  C:\Windows\System\yqewFXI.exe
  2⤵
  PID:14600
- C:\Windows\System\uvrjtBE.exe
  C:\Windows\System\uvrjtBE.exe
  2⤵
  PID:14888
- C:\Windows\System\LkBqKWO.exe
  C:\Windows\System\LkBqKWO.exe
  2⤵
  PID:14896
- C:\Windows\System\rEnOPXE.exe
  C:\Windows\System\rEnOPXE.exe
  2⤵
  PID:3660
- C:\Windows\System\hjNMgNt.exe
  C:\Windows\System\hjNMgNt.exe
  2⤵
  PID:14952
- C:\Windows\System\iGjOzAL.exe
  C:\Windows\System\iGjOzAL.exe
  2⤵
  PID:6740
- C:\Windows\System\PITlVZS.exe
  C:\Windows\System\PITlVZS.exe
  2⤵
  PID:15008
- C:\Windows\System\dkdCVvb.exe
  C:\Windows\System\dkdCVvb.exe
  2⤵
  PID:15040
- C:\Windows\System\xLPhRtk.exe
  C:\Windows\System\xLPhRtk.exe
  2⤵
  PID:15004
- C:\Windows\System\oHajdLo.exe
  C:\Windows\System\oHajdLo.exe
  2⤵
  PID:15120
- C:\Windows\System\IMUbSeb.exe
  C:\Windows\System\IMUbSeb.exe
  2⤵
  PID:15328
- C:\Windows\System\gSmwhjC.exe
  C:\Windows\System\gSmwhjC.exe
  2⤵
  PID:12088
- C:\Windows\System\ozAbdnO.exe
  C:\Windows\System\ozAbdnO.exe
  2⤵
  PID:12492
- C:\Windows\System\oImTlpi.exe
  C:\Windows\System\oImTlpi.exe
  2⤵
  PID:15076
- C:\Windows\System\MZYHXvM.exe
  C:\Windows\System\MZYHXvM.exe
  2⤵
  PID:15248
- C:\Windows\System\NpKwJkk.exe
  C:\Windows\System\NpKwJkk.exe
  2⤵
  PID:10440
- C:\Windows\System\pLjLRrI.exe
  C:\Windows\System\pLjLRrI.exe
  2⤵
  PID:5600
- C:\Windows\System\ozukVTV.exe
  C:\Windows\System\ozukVTV.exe
  2⤵
  PID:1764
- C:\Windows\System\vKRCHZX.exe
  C:\Windows\System\vKRCHZX.exe
  2⤵
  PID:8696
- C:\Windows\System\FRzIsLk.exe
  C:\Windows\System\FRzIsLk.exe
  2⤵
  PID:15336
- C:\Windows\System\hMUolOD.exe
  C:\Windows\System\hMUolOD.exe
  2⤵
  PID:10596
- C:\Windows\System\UuqmTfq.exe
  C:\Windows\System\UuqmTfq.exe
  2⤵
  PID:2308
- C:\Windows\System\HmmvKds.exe
  C:\Windows\System\HmmvKds.exe
  2⤵
  PID:2708
- C:\Windows\System\yiNlmeG.exe
  C:\Windows\System\yiNlmeG.exe
  2⤵
  PID:1268
- C:\Windows\System\Doeipym.exe
  C:\Windows\System\Doeipym.exe
  2⤵
  PID:7132
- C:\Windows\System\GrrtwoL.exe
  C:\Windows\System\GrrtwoL.exe
  2⤵
  PID:14548
- C:\Windows\System\hhaeuTM.exe
  C:\Windows\System\hhaeuTM.exe
  2⤵
  PID:15356
- C:\Windows\System\YjgrYme.exe
  C:\Windows\System\YjgrYme.exe
  2⤵
  PID:14392
- C:\Windows\System\LkRSsiJ.exe
  C:\Windows\System\LkRSsiJ.exe
  2⤵
  PID:10436
- C:\Windows\System\dhItLCL.exe
  C:\Windows\System\dhItLCL.exe
  2⤵
  PID:14700
- C:\Windows\System\OFePAph.exe
  C:\Windows\System\OFePAph.exe
  2⤵
  PID:8704
- C:\Windows\System\wHZcPQJ.exe
  C:\Windows\System\wHZcPQJ.exe
  2⤵
  PID:9080
- C:\Windows\System\CDcQVXa.exe
  C:\Windows\System\CDcQVXa.exe
  2⤵
  PID:9032
- C:\Windows\System\zyuCSbN.exe
  C:\Windows\System\zyuCSbN.exe
  2⤵
  PID:14988
- C:\Windows\System\xfGjPSg.exe
  C:\Windows\System\xfGjPSg.exe
  2⤵
  PID:9156
- C:\Windows\System\vKHCKWn.exe
  C:\Windows\System\vKHCKWn.exe
  2⤵
  PID:15152
- C:\Windows\System\XNybxhs.exe
  C:\Windows\System\XNybxhs.exe
  2⤵
  PID:15176
- C:\Windows\System\qTeDRqV.exe
  C:\Windows\System\qTeDRqV.exe
  2⤵
  PID:14440
- C:\Windows\System\coUCLAV.exe
  C:\Windows\System\coUCLAV.exe
  2⤵
  PID:3948
- C:\Windows\System\WqeFXfm.exe
  C:\Windows\System\WqeFXfm.exe
  2⤵
  PID:14424
- C:\Windows\System\aVTqBBR.exe
  C:\Windows\System\aVTqBBR.exe
  2⤵
  PID:9076
- C:\Windows\System\kWXhMDD.exe
  C:\Windows\System\kWXhMDD.exe
  2⤵
  PID:11984
- C:\Windows\System\hbDFhrz.exe
  C:\Windows\System\hbDFhrz.exe
  2⤵
  PID:14456
- C:\Windows\System\QuXvXuh.exe
  C:\Windows\System\QuXvXuh.exe
  2⤵
  PID:14568
- C:\Windows\System\vCXzUuZ.exe
  C:\Windows\System\vCXzUuZ.exe
  2⤵
  PID:14984
- C:\Windows\System\uSCInIO.exe
  C:\Windows\System\uSCInIO.exe
  2⤵
  PID:9048
- C:\Windows\System\FKESnlG.exe
  C:\Windows\System\FKESnlG.exe
  2⤵
  PID:15164
- C:\Windows\System\ZJWtcyH.exe
  C:\Windows\System\ZJWtcyH.exe
  2⤵
  PID:14792
- C:\Windows\System\xmzmzBm.exe
  C:\Windows\System\xmzmzBm.exe
  2⤵
  PID:15124
- C:\Windows\System\yzfryzN.exe
  C:\Windows\System\yzfryzN.exe
  2⤵
  PID:8276
- C:\Windows\System\RCvReLe.exe
  C:\Windows\System\RCvReLe.exe
  2⤵
  PID:8176
- C:\Windows\System\uIuRWYh.exe
  C:\Windows\System\uIuRWYh.exe
  2⤵
  PID:15108
- C:\Windows\System\kCiZcgA.exe
  C:\Windows\System\kCiZcgA.exe
  2⤵
  PID:15136
- C:\Windows\System\vwITcRw.exe
  C:\Windows\System\vwITcRw.exe
  2⤵
  PID:14724
- C:\Windows\System\MuBpDVV.exe
  C:\Windows\System\MuBpDVV.exe
  2⤵
  PID:15196
- C:\Windows\System\kAKoTjQ.exe
  C:\Windows\System\kAKoTjQ.exe
  2⤵
  PID:14996
- C:\Windows\System\RKmMoWS.exe
  C:\Windows\System\RKmMoWS.exe
  2⤵
  PID:5320
- C:\Windows\System\PCdmgzT.exe
  C:\Windows\System\PCdmgzT.exe
  2⤵
  PID:6248
- C:\Windows\System\rjeyijJ.exe
  C:\Windows\System\rjeyijJ.exe
  2⤵
  PID:9204
- C:\Windows\System\EObNVWL.exe
  C:\Windows\System\EObNVWL.exe
  2⤵
  PID:9084
- C:\Windows\System\qplPPUj.exe
  C:\Windows\System\qplPPUj.exe
  2⤵
  PID:8136
- C:\Windows\System\CMTMQlt.exe
  C:\Windows\System\CMTMQlt.exe
  2⤵
  PID:8788
- C:\Windows\System\NGHfQuf.exe
  C:\Windows\System\NGHfQuf.exe
  2⤵
  PID:14840
- C:\Windows\System\wHQNvGN.exe
  C:\Windows\System\wHQNvGN.exe
  2⤵
  PID:5808
- C:\Windows\System\tXbekfK.exe
  C:\Windows\System\tXbekfK.exe
  2⤵
  PID:15064
- C:\Windows\System\SmcNosv.exe
  C:\Windows\System\SmcNosv.exe
  2⤵
  PID:12480
- C:\Windows\System\MnJfhDO.exe
  C:\Windows\System\MnJfhDO.exe
  2⤵
  PID:15224
- C:\Windows\System\PUkClNF.exe
  C:\Windows\System\PUkClNF.exe
  2⤵
  PID:2656
- C:\Windows\System\jvTUKbj.exe
  C:\Windows\System\jvTUKbj.exe
  2⤵
  PID:15340
- C:\Windows\System\ZZDuvIY.exe
  C:\Windows\System\ZZDuvIY.exe
  2⤵
  PID:15208
- C:\Windows\System\TeqWeIj.exe
  C:\Windows\System\TeqWeIj.exe
  2⤵
  PID:7376
- C:\Windows\System\xNxicyA.exe
  C:\Windows\System\xNxicyA.exe
  2⤵
  PID:60
- C:\Windows\System\NBvjvee.exe
  C:\Windows\System\NBvjvee.exe
  2⤵
  PID:14428
- C:\Windows\System\GPNsomN.exe
  C:\Windows\System\GPNsomN.exe
  2⤵
  PID:3164
- C:\Windows\System\DhXPvsR.exe
  C:\Windows\System\DhXPvsR.exe
  2⤵
  PID:9140
- C:\Windows\System\nimDfiO.exe
  C:\Windows\System\nimDfiO.exe
  2⤵
  PID:6608
- C:\Windows\System\aGAwilO.exe
  C:\Windows\System\aGAwilO.exe
  2⤵
  PID:11536
- C:\Windows\System\nDNkWTu.exe
  C:\Windows\System\nDNkWTu.exe
  2⤵
  PID:14692
- C:\Windows\System\eduTgam.exe
  C:\Windows\System\eduTgam.exe
  2⤵
  PID:6136
- C:\Windows\System\ojifxYN.exe
  C:\Windows\System\ojifxYN.exe
  2⤵
  PID:14632
- C:\Windows\System\vXANgZM.exe
  C:\Windows\System\vXANgZM.exe
  2⤵
  PID:11828
- C:\Windows\System\wHgXUlo.exe
  C:\Windows\System\wHgXUlo.exe
  2⤵
  PID:5160
- C:\Windows\System\QOduxGA.exe
  C:\Windows\System\QOduxGA.exe
  2⤵
  PID:8640
- C:\Windows\System\qxvowCC.exe
  C:\Windows\System\qxvowCC.exe
  2⤵
  PID:15080
- C:\Windows\System\BAUuCOm.exe
  C:\Windows\System\BAUuCOm.exe
  2⤵
  PID:7436
- C:\Windows\System\ZzjtStB.exe
  C:\Windows\System\ZzjtStB.exe
  2⤵
  PID:11744
- C:\Windows\System\GENKJGq.exe
  C:\Windows\System\GENKJGq.exe
  2⤵
  PID:6116
- C:\Windows\System\SYCGnPX.exe
  C:\Windows\System\SYCGnPX.exe
  2⤵
  PID:11584
- C:\Windows\System\xTTXYPY.exe
  C:\Windows\System\xTTXYPY.exe
  2⤵
  PID:5572
- C:\Windows\System\mCPzKeR.exe
  C:\Windows\System\mCPzKeR.exe
  2⤵
  PID:7784
- C:\Windows\System\zHDcHlD.exe
  C:\Windows\System\zHDcHlD.exe
  2⤵
  PID:9128
- C:\Windows\System\lUdkyim.exe
  C:\Windows\System\lUdkyim.exe
  2⤵
  PID:9752
- C:\Windows\System\aDgWJqA.exe
  C:\Windows\System\aDgWJqA.exe
  2⤵
  PID:14912
- C:\Windows\System\neXnHRf.exe
  C:\Windows\System\neXnHRf.exe
  2⤵
  PID:7848
- C:\Windows\System\bVwGOzR.exe
  C:\Windows\System\bVwGOzR.exe
  2⤵
  PID:15084
- C:\Windows\System\ZssPYiX.exe
  C:\Windows\System\ZssPYiX.exe
  2⤵
  PID:14404
- C:\Windows\System\MBNXGuE.exe
  C:\Windows\System\MBNXGuE.exe
  2⤵
  PID:5148
- C:\Windows\System\kchYUsN.exe
  C:\Windows\System\kchYUsN.exe
  2⤵
  PID:6956
- C:\Windows\System\yUbifvE.exe
  C:\Windows\System\yUbifvE.exe
  2⤵
  PID:376
- C:\Windows\System\bLILabZ.exe
  C:\Windows\System\bLILabZ.exe
  2⤵
  PID:4464
- C:\Windows\System\CZNapqJ.exe
  C:\Windows\System\CZNapqJ.exe
  2⤵
  PID:11568
- C:\Windows\System\XsOmtsc.exe
  C:\Windows\System\XsOmtsc.exe
  2⤵
  PID:2668
- C:\Windows\System\nYDENJT.exe
  C:\Windows\System\nYDENJT.exe
  2⤵
  PID:8860
- C:\Windows\System\ZcGvKTW.exe
  C:\Windows\System\ZcGvKTW.exe
  2⤵
  PID:15280
- C:\Windows\System\FCNvHaM.exe
  C:\Windows\System\FCNvHaM.exe
  2⤵
  PID:12124
- C:\Windows\System\FdTvFol.exe
  C:\Windows\System\FdTvFol.exe
  2⤵
  PID:14368
- C:\Windows\System\BPSFxna.exe
  C:\Windows\System\BPSFxna.exe
  2⤵
  PID:14604
- C:\Windows\System\eAIKcGK.exe
  C:\Windows\System\eAIKcGK.exe
  2⤵
  PID:12024
- C:\Windows\System\AAiLvnQ.exe
  C:\Windows\System\AAiLvnQ.exe
  2⤵
  PID:11920
- C:\Windows\System\CVBsCZM.exe
  C:\Windows\System\CVBsCZM.exe
  2⤵
  PID:12532
- C:\Windows\System\iyWeieT.exe
  C:\Windows\System\iyWeieT.exe
  2⤵
  PID:9716
- C:\Windows\System\nYHwMZR.exe
  C:\Windows\System\nYHwMZR.exe
  2⤵
  PID:11844
- C:\Windows\System\edwGjav.exe
  C:\Windows\System\edwGjav.exe
  2⤵
  PID:6588
- C:\Windows\System\VrQDGfD.exe
  C:\Windows\System\VrQDGfD.exe
  2⤵
  PID:12072
- C:\Windows\System\iPAuhKP.exe
  C:\Windows\System\iPAuhKP.exe
  2⤵
  PID:11724
- C:\Windows\System\LUHGRfY.exe
  C:\Windows\System\LUHGRfY.exe
  2⤵
  PID:4744
- C:\Windows\System\HfbwLQD.exe
  C:\Windows\System\HfbwLQD.exe
  2⤵
  PID:14776
- C:\Windows\System\CMPpRPz.exe
  C:\Windows\System\CMPpRPz.exe
  2⤵
  PID:8340
- C:\Windows\System\aNzrnYi.exe
  C:\Windows\System\aNzrnYi.exe
  2⤵
  PID:9116
- C:\Windows\System\nnPCzMc.exe
  C:\Windows\System\nnPCzMc.exe
  2⤵
  PID:4996
- C:\Windows\System\myPVHvq.exe
  C:\Windows\System\myPVHvq.exe
  2⤵
  PID:10624
- C:\Windows\System\vQrwBGQ.exe
  C:\Windows\System\vQrwBGQ.exe
  2⤵
  PID:11916
- C:\Windows\System\HORVxZE.exe
  C:\Windows\System\HORVxZE.exe
  2⤵
  PID:14716
- C:\Windows\System\ajSFtGV.exe
  C:\Windows\System\ajSFtGV.exe
  2⤵
  PID:15036
- C:\Windows\System\AQBnSeT.exe
  C:\Windows\System\AQBnSeT.exe
  2⤵
  PID:11688
- C:\Windows\System\IjHyXhv.exe
  C:\Windows\System\IjHyXhv.exe
  2⤵
  PID:14808
- C:\Windows\System\NEDfvrx.exe
  C:\Windows\System\NEDfvrx.exe
  2⤵
  PID:15044
- C:\Windows\System\aGmdirB.exe
  C:\Windows\System\aGmdirB.exe
  2⤵
  PID:9228
- C:\Windows\System\qtJsQmX.exe
  C:\Windows\System\qtJsQmX.exe
  2⤵
  PID:11604
- C:\Windows\System\dGtebvr.exe
  C:\Windows\System\dGtebvr.exe
  2⤵
  PID:11624
- C:\Windows\System\maEldrC.exe
  C:\Windows\System\maEldrC.exe
  2⤵
  PID:9124
- C:\Windows\System\MplCLGV.exe
  C:\Windows\System\MplCLGV.exe
  2⤵
  PID:7952
- C:\Windows\System\ElAKruj.exe
  C:\Windows\System\ElAKruj.exe
  2⤵
  PID:9724
- C:\Windows\System\LDHNYDp.exe
  C:\Windows\System\LDHNYDp.exe
  2⤵
  PID:10304
- C:\Windows\System\zdFbcyx.exe
  C:\Windows\System\zdFbcyx.exe
  2⤵
  PID:14544
- C:\Windows\System\nmmCVXg.exe
  C:\Windows\System\nmmCVXg.exe
  2⤵
  PID:14964
- C:\Windows\System\vLnmkwW.exe
  C:\Windows\System\vLnmkwW.exe
  2⤵
  PID:8280
- C:\Windows\System\quHQFNH.exe
  C:\Windows\System\quHQFNH.exe
  2⤵
  PID:10128
- C:\Windows\System\qBuqGEu.exe
  C:\Windows\System\qBuqGEu.exe
  2⤵
  PID:11000
- C:\Windows\System\WzsrEXr.exe
  C:\Windows\System\WzsrEXr.exe
  2⤵
  PID:12748
- C:\Windows\System\TplNDyY.exe
  C:\Windows\System\TplNDyY.exe
  2⤵
  PID:8740
- C:\Windows\System\gVnWJiw.exe
  C:\Windows\System\gVnWJiw.exe
  2⤵
  PID:9612
- C:\Windows\System\JjGeyew.exe
  C:\Windows\System\JjGeyew.exe
  2⤵
  PID:7232
- C:\Windows\System\joZWhbh.exe
  C:\Windows\System\joZWhbh.exe
  2⤵
  PID:11764
- C:\Windows\System\AUbKUvX.exe
  C:\Windows\System\AUbKUvX.exe
  2⤵
  PID:13156
- C:\Windows\System\BCeNtDW.exe
  C:\Windows\System\BCeNtDW.exe
  2⤵
  PID:7728
- C:\Windows\System\FZrlKLV.exe
  C:\Windows\System\FZrlKLV.exe
  2⤵
  PID:11972
- C:\Windows\System\UFUNGPa.exe
  C:\Windows\System\UFUNGPa.exe
  2⤵
  PID:7608
- C:\Windows\System\nukSZcD.exe
  C:\Windows\System\nukSZcD.exe
  2⤵
  PID:5576
- C:\Windows\System\CeeUIJD.exe
  C:\Windows\System\CeeUIJD.exe
  2⤵
  PID:14472
- C:\Windows\System\jSvqpJr.exe
  C:\Windows\System\jSvqpJr.exe
  2⤵
  PID:6100
- C:\Windows\System\ReWnsEq.exe
  C:\Windows\System\ReWnsEq.exe
  2⤵
  PID:11860
- C:\Windows\System\iWoHpGY.exe
  C:\Windows\System\iWoHpGY.exe
  2⤵
  PID:15056
- C:\Windows\System\RyKaWxy.exe
  C:\Windows\System\RyKaWxy.exe
  2⤵
  PID:12052
- C:\Windows\System\AwXJddl.exe
  C:\Windows\System\AwXJddl.exe
  2⤵
  PID:8792
- C:\Windows\System\koxRLsz.exe
  C:\Windows\System\koxRLsz.exe
  2⤵
  PID:8712
- C:\Windows\System\duxcfmI.exe
  C:\Windows\System\duxcfmI.exe
  2⤵
  PID:5368
- C:\Windows\System\KSMRtDL.exe
  C:\Windows\System\KSMRtDL.exe
  2⤵
  PID:7764
- C:\Windows\System\lxworvJ.exe
  C:\Windows\System\lxworvJ.exe
  2⤵
  PID:14460
- C:\Windows\System\vPlQEVy.exe
  C:\Windows\System\vPlQEVy.exe
  2⤵
  PID:4444
- C:\Windows\System\NWzTeXj.exe
  C:\Windows\System\NWzTeXj.exe
  2⤵
  PID:9668
- C:\Windows\System\iUwUqDl.exe
  C:\Windows\System\iUwUqDl.exe
  2⤵
  PID:6600
- C:\Windows\System\BfFxkEE.exe
  C:\Windows\System\BfFxkEE.exe
  2⤵
  PID:11792
- C:\Windows\System\lHftkSC.exe
  C:\Windows\System\lHftkSC.exe
  2⤵
  PID:11988
- C:\Windows\System\kFczcwf.exe
  C:\Windows\System\kFczcwf.exe
  2⤵
  PID:6852
- C:\Windows\System\xnTEYtr.exe
  C:\Windows\System\xnTEYtr.exe
  2⤵
  PID:9964
- C:\Windows\System\ThJnQyb.exe
  C:\Windows\System\ThJnQyb.exe
  2⤵
  PID:11112
- C:\Windows\System\Gptuvhs.exe
  C:\Windows\System\Gptuvhs.exe
  2⤵
  PID:6132
- C:\Windows\System\tDXVxNu.exe
  C:\Windows\System\tDXVxNu.exe
  2⤵
  PID:7048
- C:\Windows\System\xzMKNSH.exe
  C:\Windows\System\xzMKNSH.exe
  2⤵
  PID:11488
- C:\Windows\System\mnyDUOC.exe
  C:\Windows\System\mnyDUOC.exe
  2⤵
  PID:5652
- C:\Windows\System\nHLtVOi.exe
  C:\Windows\System\nHLtVOi.exe
  2⤵
  PID:9592
- C:\Windows\System\mYHhduw.exe
  C:\Windows\System\mYHhduw.exe
  2⤵
  PID:12268
- C:\Windows\System\hTXhCds.exe
  C:\Windows\System\hTXhCds.exe
  2⤵
  PID:4792
- C:\Windows\System\BwlLWvX.exe
  C:\Windows\System\BwlLWvX.exe
  2⤵
  PID:2856
- C:\Windows\System\dUodYWz.exe
  C:\Windows\System\dUodYWz.exe
  2⤵
  PID:10144
- C:\Windows\System\unxIQZI.exe
  C:\Windows\System\unxIQZI.exe
  2⤵
  PID:13128
- C:\Windows\System\yJukHHO.exe
  C:\Windows\System\yJukHHO.exe
  2⤵
  PID:10988
- C:\Windows\System\yitxMcG.exe
  C:\Windows\System\yitxMcG.exe
  2⤵
  PID:9028
- C:\Windows\System\PrJvoFz.exe
  C:\Windows\System\PrJvoFz.exe
  2⤵
  PID:7760
- C:\Windows\System\fkgUeGU.exe
  C:\Windows\System\fkgUeGU.exe
  2⤵
  PID:10916
- C:\Windows\System\gjybEPW.exe
  C:\Windows\System\gjybEPW.exe
  2⤵
  PID:7896
- C:\Windows\System\pltWvGd.exe
  C:\Windows\System\pltWvGd.exe
  2⤵
  PID:10164
- C:\Windows\System\WRuKstd.exe
  C:\Windows\System\WRuKstd.exe
  2⤵
  PID:11896
- C:\Windows\System\UOOwFbl.exe
  C:\Windows\System\UOOwFbl.exe
  2⤵
  PID:11484
- C:\Windows\System\XRvzYsj.exe
  C:\Windows\System\XRvzYsj.exe
  2⤵
  PID:12112
- C:\Windows\System\ZpYwdYT.exe
  C:\Windows\System\ZpYwdYT.exe
  2⤵
  PID:12184
- C:\Windows\System\NTqAzAx.exe
  C:\Windows\System\NTqAzAx.exe
  2⤵
  PID:8612
- C:\Windows\System\jahssKw.exe
  C:\Windows\System\jahssKw.exe
  2⤵
  PID:11608
- C:\Windows\System\qpuzDJu.exe
  C:\Windows\System\qpuzDJu.exe
  2⤵
  PID:9732
- C:\Windows\System\EwAJyxV.exe
  C:\Windows\System\EwAJyxV.exe
  2⤵
  PID:2192
- C:\Windows\System\kaqxJhA.exe
  C:\Windows\System\kaqxJhA.exe
  2⤵
  PID:5688

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 744 -p 12336 -ip 12336
1⤵
PID:13864

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 184 -p 12484 -ip 12484
1⤵
PID:2196

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 520 -p 8540 -ip 8540
1⤵
PID:13496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0dy3djge.fgi.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\AmosfxC.exe

Filesize
1.4MB

MD5
cb1a18b2907871798cd9e47de668bb72

SHA1
3fa101c877f8ccdb52d55ecc7945c5288dd64531

SHA256
87b84accf2f0e75308d0c673b9eb133143433d15ea3bcf293ccfe451e8eb5c9a

SHA512
ee09a9ea0845469e648747d129ee5b121262bb976bb8b0cc4e7b7442fab33c1b952ab7d8a1d53e86d606abec14465a4b50a1ed4a165b805eff89eec8974d22aa

Download Submit
C:\Windows\System\CBOYBIA.exe

Filesize
1.4MB

MD5
57ecda64e33444581507f0eb6bc420ff

SHA1
a791005ea12a85a1d20e8f347cfea404d1faf42a

SHA256
920588b44e2bcdeabc17e370abf7dbf1ffab634ad714ca4d5e0999ebe308944f

SHA512
5ffa95d8ac38d58fc2e63a20016582fc787677770f66b8c42a2c05986b2baa072f1601975f280760a81d943e84d5d3479cce3c6431d4be1c967ad5800ab7bc34

Download Submit
C:\Windows\System\CpunNvd.exe

Filesize
1.4MB

MD5
327ab7ab362ade873c90309359b17b64

SHA1
6f5b490a674e82b55f13166504cab3cdce4e88d3

SHA256
44dc66fa9af433358990108281af7231a3407512b0c1f8d638893c1d2429f7a7

SHA512
9084ae6afab94e928464157f42d8d12c7dc094221682e1b3050476bfde4aa4eb0c91974d3c5b04982ddda629736fa3b37039b8433659d8e8bed4ab884f60325f

Download Submit
C:\Windows\System\DEIGMky.exe

Filesize
1.4MB

MD5
e4f0bec4743dc85f6a37931b274ce747

SHA1
0baebd0f0425af6635b5ed8a8c507ec66bb4f72a

SHA256
b725ae87ef030c666cb54638a2a43a77b42d4ea1c54432dec8bc6ee02d00b375

SHA512
a1baa60857a64c0884f6400da2896efdd9604b8a73c82b39d8a475a3df953db569c6b92c5e44d6e2ca7b7e8a4eccc8557a95e1b99ca5f5b5939d18c04304a5c6

Download Submit
C:\Windows\System\DHhDuEE.exe

Filesize
1.4MB

MD5
998932ecf704e34c5c4bfe8ebb2db225

SHA1
6a45595af67b4ddb1a4404f3f448dcc894a68fc6

SHA256
ff1a024473bdf184cd4e49def1afd6192017f7279e3953b66f13974b49101763

SHA512
dadc22fced9da2b2805784dfd3abb791479529ac79dab1d777ca7220b9146d37cb7ac4ed2512bbd23666cd5963fafe57046d95d10d03fe935bfb089ca4b609e9

Download Submit
C:\Windows\System\DoNXAXI.exe

Filesize
1.4MB

MD5
d787c1847321b37a18ce25b53bd9752e

SHA1
804c7292d7b786859749f29e0ed1c952e7973099

SHA256
08d7708612dc05533083f2b243082147fb1c3137d6511b29f59d8870e64b7b34

SHA512
61e8707ad899cb9a596012752e1b560443a2174aa5ebd6d0170e7291901fb2d79895def5332b14391e5cc1031acad74fe71a03ecf6fea01274edd617a1ad3dbb

Download Submit
C:\Windows\System\EXdruJa.exe

Filesize
1.4MB

MD5
aa39c7ce8f893efe9d5a92bbbbc8871c

SHA1
3763d81b42cb3d4d68b8b616673ba1a3ed0d6e67

SHA256
5a737513bfeb09bba19b7e0f9bf66a18ff35083c18408320044a8b6c3ea14a79

SHA512
7fcdad34984292f664912ef3af41aadfb5d00e085dbe3628c38640d99dbbaa38ba0b3bda31d9d6686ac26b7d6c3ba138c0aad3e159d1b60f0d73017a1665b8d2

Download Submit
C:\Windows\System\FCUXmYh.exe

Filesize
1.4MB

MD5
73da309533126c27c735fd866e7c0aac

SHA1
da5d6e86866f8e0f337c2e27797562541de2b174

SHA256
5d1fe8e9de57925d132d499b4466196be09ff3f28a54ab03f0d1e97fdad2dfcb

SHA512
88a1cea5d6952164d3092430cf5c58e16201a25183203f2be5925cf0b5a0ab87bdd4015bd6b0661974287c1e079d1ee8baa8d8d95d60579689ab4ed963966d86

Download Submit
C:\Windows\System\HzbutWw.exe

Filesize
1.4MB

MD5
83f50db9b842053f7594d7c7beb8b37d

SHA1
1c03a10fb25a7ca2c58bbb2c968285fb3e2a23ab

SHA256
4640758db2592565886ed5fd54ccde2487c7a22e2db10eb22bfb2dbc1835b1d6

SHA512
fff912b6f631dfe31b22ce7762cb13e67bcb40a373a4892d2e64a1412bc11ecde8b313e2a01f5debbab76803a6329368e7e6375ddbb175c8b79622498a8b3771

Download Submit
C:\Windows\System\IAKcOxE.exe

Filesize
1.4MB

MD5
9e1375d21c1b65982d039a92d0473525

SHA1
c3899b7ca6d7b49d1a0c4f5559bd91f725eae9c5

SHA256
4d3692b7e9e6e31f33d14c7d5353030ca1addadfd740e772b2ba9463a590d3ae

SHA512
bc1dc1e84d9a6aea9d338dfc1957a11ea750da54250f7742a70b4e7d1a6947c96b65f7d8af26ec638d3ac97c429265efae8a6dca219928e9958cd36c5e742e7b

Download Submit
C:\Windows\System\IfXmLku.exe

Filesize
1.4MB

MD5
d5ca31b1ca117cc17ad3357c7635d619

SHA1
df9608eb43af28105d5d9a8de2d96a79bbd193d8

SHA256
4813d85589a82216d9f7d2178a7e8eb9c26ff1a25a8975e69ecd6083cb8e3385

SHA512
4d4da61e7361337db728c4876d68740a75dd7fd4b6f6d1b0410be8c08302f76752d59307fa3c480ab0cd53388b27a40656c6d886c4db41f9e9c82ef9a96985a3

Download Submit
C:\Windows\System\IkeUvjn.exe

Filesize
1.4MB

MD5
87a6579b6c025958596c63ded5fe3b15

SHA1
5b3bd2c2b030dbdef6d15e9acb3e2d551427d74d

SHA256
f3e1cd422ce6f36fe64dc340d3f869dafe0bc40dceee95660f1149fb992a7907

SHA512
b9d42150ed062e49761e00b7b07e1df2bc9f45eddde79cdf0e6464998ea5ff5edfb628bb852a83c3768d0fcae2b2ac926e66e23bba73e17bf7cf0746cd143bc1

Download Submit
C:\Windows\System\JKcHcpW.exe

Filesize
1.4MB

MD5
fdcb7d82d1ee889489cc70cd7d4068eb

SHA1
d3ec19dc80577c03bbad5d81e2f676536e05ce1a

SHA256
cc2e5db1bf3b038c8cd5f463b5064d477c88946d9cbd5635b9bce0b7af19c4ac

SHA512
fba78be016c734652159897874c4985fc8252f8bd2b00b3a3b54b89d7213fddcf03e8503a43280e1938cbb052e65349505e506487d47f375ae769a6eb4dfca92

Download Submit
C:\Windows\System\MSdOEAf.exe

Filesize
1.4MB

MD5
c507a18104818f6d5f6a8e7af9ab484c

SHA1
744f1d35554ecb907a2f675c36d5b2bd260f099a

SHA256
d2ead6dc3e8fea2fc2524673b993b4c8b25c9bea5739988392806fd33904499c

SHA512
cc3662459dfd8494ae6cc376fcf92494875641656a18c08985342aa6e85583700310d9433851c6efa49d09bdba3a040aeb815be253001487ec8ec53718b88841

Download Submit
C:\Windows\System\MoiUmxK.exe

Filesize
1.4MB

MD5
157f49213ed0b8097606e09034385817

SHA1
469095dbdd933d266558bbe6a9fc8f2964bb8329

SHA256
193c5a5caf088cbab74fd5fd3439af18ae6a389e9168de9d0ae9fcbc40a1df21

SHA512
adc66f79e6c2184c643d42abbce6cbdade77b1a9eca4f20528781d0246e07221b46bbe1357e3e3fe0130dbd2b5a7f350b7c4cba3e8b06e4bd9f23fb27c7dd8f6

Download Submit
C:\Windows\System\NWRbIyo.exe

Filesize
1.4MB

MD5
06b7932538c202be54ce2f4293e5981e

SHA1
9421c5b5ed198884ccb2efe91f7f724056b6f701

SHA256
a6f373a8169e0d44e7af7efe9cdf76c08837b6338a6f3fbffcd8b4ed71ed0575

SHA512
71d1edc1447e03a67f2d3008937520cfc0f5403297facf4221bd82a05bef3a797b1e43104de9d9c2fee81f74b2801ec7b85f448eb894b94d426c16d3871f9a80

Download Submit
C:\Windows\System\OdsAnkA.exe

Filesize
1.4MB

MD5
7e1b0360c61a46ac552fe8174cebbb10

SHA1
135d9b783a16e0d194e76077a15895a933586065

SHA256
bd7821d597c8aa584b01062e83987ec45e1a24d24ed2797205836c9eb674093e

SHA512
631be9aaa4d8cc2120093f4754ec658ecc60c8e643e633800690b7e21ea36d65484a77d2ddc1603437cd4384c436f88400c63f55bcf38a68b0811b2544c779b7

Download Submit
C:\Windows\System\PKwXmLk.exe

Filesize
1.4MB

MD5
d02dc79a47844ba848735a5c55ef87ae

SHA1
3f37492bb47e94ee285cdecf53337b83fa2d6bfa

SHA256
51bd8b706ffc78e38119fb013b23ffd0473212d2059b904ff71544318410d038

SHA512
bae0778aa1b8d7412c4ec483cce8447155ca6f615f91a7592a8ccd1c9d837ba4f14da3d19378b793e431bd598e5c9f517940b076a37a25fa3c440dbbaba674d3

Download Submit
C:\Windows\System\PRuIUum.exe

Filesize
1.4MB

MD5
370939857517d987ff18fe5b969b9e17

SHA1
67c74ad2194300d34dc247e726779944e521151e

SHA256
abb3f5985cafaa3a9460b288ecc7f5912c9749fa658843c725fbb3ba0faf1391

SHA512
241da7fd5281a97a6d2305f4296f378d57a680ce6f760a7c03d648670d36dbd0f9e189ba814a332933f9a17ad126bb37bec52c4e14701130e53ac9de2cb72e1c

Download Submit
C:\Windows\System\SZwFMvV.exe

Filesize
1.4MB

MD5
18a9c76efab9cb49692d4b5eed2813d2

SHA1
c4d5a18a237b9fed45885265b4bc027a6607186a

SHA256
20b91996f56027d4491dbb63bbb7499cbd6ffe5a5ca51d0a57bf6ae0d625cc39

SHA512
79add8a00e79f7a2f35bd00a04af45dd2f53f574d44ef189c78973d3015f7c028fefbe8dcbf4c6f083b9d243ce1168561989489e090983e08c26ffe17150aedb

Download Submit
C:\Windows\System\TCVUxZf.exe

Filesize
1.4MB

MD5
4affcbe409c1242d9bf536c402aa5187

SHA1
7e4e202592be0ffdeabc4acc4417427650e1946e

SHA256
55c51bfb53d1445bbdf2cbeda124265a20799d45dd04892a210019281b578991

SHA512
387e67ce2d56e99e662f638c90966987c551bd1674a239444c6c978c46fd9be6bad54860b4301ccd6cb432d76295b7881a1f6fd6c9603701d714678a1137eff8

Download Submit
C:\Windows\System\VGOUdxr.exe

Filesize
1.4MB

MD5
c68169d085fafcaa231a2cabab12e4c8

SHA1
132a448949e5e5d838dffce7ae4feae6e92d19ad

SHA256
878200d5b7c36562e70d04f25f988d48344154634059bc254b38adff5d2fa2cd

SHA512
13294f691637282dc8d8ea443548794c3677b3b04eb7dbb691f887429e6b59c9fa3651aaa160b1291c75860b165921d9bb153ab612b8b896549204c2fd257489

Download Submit
C:\Windows\System\aadSEsY.exe

Filesize
1.4MB

MD5
34e91b2182aad3707959c535463107d9

SHA1
1c873abf7a065644503cc63a3fcb5fb69e1cfec4

SHA256
68c4e2aece61ae3661dd4ca6e10687f3b239748e2e99319321b11e3dfca00f42

SHA512
fcaebf95119078a0334ffef1b0019e54bfdbc350736ce8b9e254fbe096181cedf2924eb2b86c8beaa31fe8750e41154b264c159fb045e3c9a74439979c077531

Download Submit
C:\Windows\System\atTwsEt.exe

Filesize
1.4MB

MD5
388ebb5b2db87c7861601feab79ff769

SHA1
c54e143f084d0a31e73e09698b01cdcbcd39a08b

SHA256
c691815daee672f32741859f565698ff6a11a851e0a50bf025e7d63e932d4683

SHA512
a94feb3afc91efb3f4ae528a9367f6653ab6a837c7382832fc85f48169c338540faf4869c36a3baa8a8bfe8378de6288a79eb791f17c297a0133d0404e810bdb

Download Submit
C:\Windows\System\axwwqWA.exe

Filesize
1.4MB

MD5
63d92260373624029f4f3ce828c0f15f

SHA1
0314dfcc3f8d1f76c3568e2a68b8ae73eadb74b9

SHA256
38bbd2991c72d42cd2aaa89c5fa78fef3385f9fa9a2b37d873f48d7d5112397c

SHA512
05081f79ffb9eb106dc6e91bc82329b4ad5314797c3c3a7cafc2ac763fcd39888b4aa7e3e5ea3374ffc40f0f2759c76375d55109142ee64c3a04f0019eb659fe

Download Submit
C:\Windows\System\fXQUUBc.exe

Filesize
1.4MB

MD5
0435a0069d1471be560ae6451860bf70

SHA1
fb1940924b15b1bdfe65a570998948b7d1f5ff5d

SHA256
53ff74b31225e4cb5094f059089063242c4c1a34b5a63af885cef689ae406970

SHA512
59e03070381fd29bb554b162a8bd431ed09304287ad084b771af09ff790721698c39d674cc1e19f8bc0b401ff57df8b5f91a5747172825b5b912e2d067f11480

Download Submit
C:\Windows\System\hWJsDJt.exe

Filesize
1.4MB

MD5
62fb23b0b07b60f1849dacc2b7d8487c

SHA1
e30760a8dcf2e0d8eff7c03a706e5c42bf1061a0

SHA256
b6144db2273b7c4277824a9d879869bb74b4b4e289e48f39d01856e596f84680

SHA512
47e272a3cea85e5d90ecb00c02ed7648ce317a0cdff6fc72f195d405ea47da55c039c3d56718d97dbe61a4792243df272db25f57717bb4e3564643ba3daeef66

Download Submit
C:\Windows\System\hubFaaB.exe

Filesize
1.4MB

MD5
0fbe7a0b3cf7008a37db3d57dbb957d7

SHA1
f2363ff09e5eb2ac2621f3912e454204527bcb36

SHA256
88e3e40e28691ff45e12f53351e736e0603b2fb23ad7e861bf04029e015ee913

SHA512
736a57e621c3b9b4a23513cd52b8b99069e919279f1eeb22b8f3353df661c9b81495e0e9b82d57a368e88cf67c6c5e6af291609e6e59217a8fcdf4a0782c3258

Download Submit
C:\Windows\System\hxhKbhJ.exe

Filesize
8B

MD5
76860bc6bcf1b962e8a2e2eb292a4bf6

SHA1
eb87db8a1bc4e53a442a3f1452dad31ebf337320

SHA256
0c7d1822ddaeb86897a410445e7015124a04f518d6418bfc26f4a46336cbbf53

SHA512
4a411de28e286563ff5d02d738b10b02f1034fd988f1bef2002f2765356449f6b3486aa93dfc28c44550060a88590f8f6e516156b12db24d65a9d99e449df45a

Download Submit
C:\Windows\System\jbuWfCG.exe

Filesize
1.4MB

MD5
8d2a329de470dbd25bc33bf9f8812f47

SHA1
d23b1ff5334ee9b9b53c01e15fb672ba4e5aa728

SHA256
c30cb1429afcb2f30388ca2a1277229429673a9697195e64fc6ff402992d80ac

SHA512
43e6d73d3150379d9f29ccfda974a7790233743f9bf98bd602671d0f8ae4d93526c4e693d37902ef69565fff7953c10e6cde1da2f2742dcb58a75c6b1ef4830a

Download Submit
C:\Windows\System\kvprgiQ.exe

Filesize
1.4MB

MD5
0b7666fa9982eb8861f614c5b4e46854

SHA1
b47cb1dc6f887eda53d38aaba79969cb5fb2f2a2

SHA256
f1c67677f8fe50583b4a66e1d365c77cdf7239a36adacec60078b146b57eb00b

SHA512
beb3c157412d73e84b2f2ec8ce8d5c226bf1be2205913d6ce5b9ce125194c5524d9d1fca93c838fcf9b79ec79e6f0adeb2b71aaf1d82a694434941bb7feb941d

Download Submit
C:\Windows\System\lTHpvAr.exe

Filesize
1.4MB

MD5
94176d62a90b792746f487b7b8eba407

SHA1
c073b6f29d898f3c7cd3e63c6a40aff139c5cade

SHA256
de2b3c2813ea27ed7422ad39d82dd169be04868d988b0541e013d23f58d7b8f7

SHA512
c35311beadb3a9db7685d77ae6f4c122e13420951727e727c33591bafa60c855041e54b57a9d5309404ee863ac94c66fce9aa33ffed18a856b0d537fde5fdb6d

Download Submit
C:\Windows\System\mXLoPVj.exe

Filesize
1.4MB

MD5
481e6e1835b94cf909f2a4d4ebcf135a

SHA1
1a8849fd11767bb319980793b937d4a685ad5f4e

SHA256
7ae92b721fcaafbc9190c64f231b4695da7d37cfcbbeece8d464b64867421556

SHA512
9bd2eb241f44d79d2d6105705055d021746ff3a8f76fe26ef79ee258116e67ba992220b674fa9b06e208e03c6c04e3d278e80318ffe560e7d1295201245b4477

Download Submit
C:\Windows\System\oLvplRF.exe

Filesize
1.4MB

MD5
3d37cf6200078d2c310f40078d124aa0

SHA1
e872f5ecbfe1876dc3cb6991cd8c9b94f7a4be74

SHA256
acb48f9eaa47c2748f39409b759d6bafa1cc8fa562e638300301501ad6665592

SHA512
3892c5708002a052770db236ae05dab7aecd1aba2ee1f4aaf161a1c59d1fed26810a4be8c12da500a39b461ec53a921895a382091b167e06c71870fb09fc866b

Download Submit
C:\Windows\System\pBxzLMg.exe

Filesize
1.4MB

MD5
56a4f2768f1117c54d99c2780b1cfbcd

SHA1
24068c2cbc8068b6f5580d2986e5e943f6283d0e

SHA256
1cdc6ceb029e7c0f02f5a246c627049c6dca2e65148533fea8f5e8c74e23dd56

SHA512
7f86f4415bc59153227e93108fbc3ccdfccba20c13855459744e521010c4da8a58253f6efebc1b7343271dad9f195cf4f6cadccd68e6c099dbfb111beb398198

Download Submit
C:\Windows\System\ppCbGzb.exe

Filesize
1.4MB

MD5
7c8d528d31f1bcfa58d9bfcf8d7a7048

SHA1
9df9e8be79e0e1186cb6f96d9e7e3b435b9be406

SHA256
7546e188305e1b6e5762620da55786862bb9573122650a1252fe300e49114bb6

SHA512
46bd3e0a6b5f6c450e68f93b98e673cc775410b7d51b4647e83ebe31c4731ab046ccb8acb2a5c1bfb99b346332d0763110fd4f9d5836ae6fee79e8a4b6b9ff29

Download Submit
C:\Windows\System\qZPGxvI.exe

Filesize
1.4MB

MD5
4d6bf3c0e68ed930283e39d31c55fdf6

SHA1
59201b6bf50a0bc3d32cd7df16fcbc5557286334

SHA256
bf75aeeef0b76b5a2262728cb563fd306d42f8d4455424a9872bb3ef85545cdb

SHA512
1190f74e68b5296f41ef2c65c26bfd8b961ee36af046ec9dfd9d00f63966d5a06626cc113664bf76d48ccb91adfd873f4a07170941b07ec89108a1ced326e6cb

Download Submit
C:\Windows\System\qlwGyCD.exe

Filesize
1.4MB

MD5
311d86f82805ef60d5091a7bfde79dfc

SHA1
93b48e70b0d8ffe6961fb1e25872a052d31fcdf8

SHA256
69fab8e0d6be389c6f973ba4dd94d0d110c89f7e8d5695600ee0aec2686c302b

SHA512
ba0691ece427a398577bd40d5ba781101a8e12cd6d9be8b326b2c241717bf1ac9847331efc768bb7f06ae0d407a718ddda34ff5ad0b9f5059c6c99234869581d

Download Submit
C:\Windows\System\tPsHUGM.exe

Filesize
1.4MB

MD5
aed09337fb24d455f46c7b5110759bb4

SHA1
60aab89850d82c70f6c0aa152f2ca200be51bad0

SHA256
ef02824690bfffe4fa6a2df5125eb7fb8c37a792db06030b3a236f54ad13518d

SHA512
d686897da577a702c5027c038970c03528ed2c677b48c3bd7ca2a2a95eadf6ebdf7cdefbeb6c30d7c37b0ef507136fe83893013f61757c23147c87b9b1c7e8d3

Download Submit
C:\Windows\System\toiVWIc.exe

Filesize
1.4MB

MD5
1956da8d8af35df92e6ac5c743b51ef4

SHA1
300d720a92392576a97401d4dd847917998af814

SHA256
6fa6b93a951dd00cb2a5fb717329a94720526e202a0202970b8c5dc3bcec1a59

SHA512
046bd303543380b47f0b32f4bfe007156a48ebdc42fe2f706e5eca6fc4903b64cb3dd123ab9a1191300943a17834737a47b04a5936ba56549782586b3d291b76

Download Submit
C:\Windows\System\vHkDYqu.exe

Filesize
1.4MB

MD5
a0918da9953ecf0d404af8eb3c413c5a

SHA1
a52c7405497681347b53bab46be16f60fa1a1ad1

SHA256
9729668c6e16cd539f97a8249b5432fedeeace182a6765836c6908e24cf9cf65

SHA512
fe86910bb8d039235a0fff7c33fa59ddb91f5d2093e689203b1e94db943ce8e5635bfad59b17cdac7a3cd1eabc538aa3255621cd223d863e845936b124b57719

Download Submit
C:\Windows\System\yNwVjaN.exe

Filesize
1.4MB

MD5
be1fb18441e51709eb9ae861c332dd71

SHA1
10da89e6eb266514337319246b13b09c5add88c1

SHA256
53d314b07c9b47b87d03cfbccbc69a4e6af34c5d601ee4e94c5a0e82e86102d4

SHA512
b3fde3ec976749166d80c2770e7540a1766b32c35b78779391aaff0f8e27cfb882bc20326a61b579f7b519c1b56037981f8139374e2cfadf94f9cecbe5247825

Download Submit
C:\Windows\System\ybKfRcJ.exe

Filesize
1.4MB

MD5
0901d36fbcd898234a0dc681f3641c04

SHA1
c196513ecb185803b197fa0c8abca2967d7e6651

SHA256
0ced09ecedc5fb036a2a4fa9a96d959a9399cfca2e8abefd9330ec083fd99337

SHA512
526f44ebf654c8cb64968b41216150faabf1c7039ee78cf3ab7a11f2dbe164f5038dbc624955b6ce74dac2eb40bdd159f8ce3fd45e27f86da6a06160d3752aa2

Download Submit
C:\Windows\System\yjdjBqX.exe

Filesize
1.4MB

MD5
2a381013c77fc7ad0c2be18645ac9b39

SHA1
e672c9d4fc0e87f1f8b022ce1b27dc1281829568

SHA256
60e89d042e6999fb746100d83bd005154aabc3a7765968899a51a4a2b6442b9a

SHA512
b58bc518e462fca04c014110f71a305fd3f5240f129fa9bd327f5e3350d96294c581612bce388704a88bc68dc0568577e3c3abbe4875cfc7b202f74bb2aa8b6b

Download Submit
C:\Windows\System\zAUwARr.exe

Filesize
1.4MB

MD5
fb355d5318e87f907ff45b72ff85a77d

SHA1
068e1f2ebe2b79ae280f8e3ea235d2e88e2e8ec5

SHA256
88563b012c39d31a092db681e1504745b4f7e32f1d0ac318f40ab993cd6e26a7

SHA512
2670ed116727f4fcf5bd7c2977592913112f72ca1febfc6c121cecedffc6ff0a7f0cc0d0a55373f0af3ad93ac05d5c984b419293f45f7e94ac3c5910734144b3

Download Submit
memory/492-790-0x00007FF63E310000-0x00007FF63E702000-memory.dmp

Filesize
3.9MB

Download
memory/1480-778-0x00007FF6741B0000-0x00007FF6745A2000-memory.dmp

Filesize
3.9MB

Download
memory/1812-789-0x00007FF77F950000-0x00007FF77FD42000-memory.dmp

Filesize
3.9MB

Download
memory/2716-788-0x00007FF6B9380000-0x00007FF6B9772000-memory.dmp

Filesize
3.9MB

Download
memory/2840-246-0x00007FF61CD00000-0x00007FF61D0F2000-memory.dmp

Filesize
3.9MB

Download
memory/2868-496-0x00007FF608730000-0x00007FF608B22000-memory.dmp

Filesize
3.9MB

Download
memory/3036-793-0x00007FF6B0EB0000-0x00007FF6B12A2000-memory.dmp

Filesize
3.9MB

Download
memory/3156-1304-0x00007FF7FF740000-0x00007FF7FFB32000-memory.dmp

Filesize
3.9MB

Download
memory/3160-38-0x00007FF73EF50000-0x00007FF73F342000-memory.dmp

Filesize
3.9MB

Download
memory/3296-745-0x00007FF693290000-0x00007FF693682000-memory.dmp

Filesize
3.9MB

Download
memory/3344-0-0x00007FF61A8D0000-0x00007FF61ACC2000-memory.dmp

Filesize
3.9MB

Download
memory/3344-1-0x0000013047B80000-0x0000013047B90000-memory.dmp

Filesize
64KB

Download
memory/3504-795-0x00007FF66EDC0000-0x00007FF66F1B2000-memory.dmp

Filesize
3.9MB

Download
memory/3728-792-0x00007FF7710F0000-0x00007FF7714E2000-memory.dmp

Filesize
3.9MB

Download
memory/3780-348-0x00007FF7E2C10000-0x00007FF7E3002000-memory.dmp

Filesize
3.9MB

Download
memory/3976-791-0x00007FF68CEB0000-0x00007FF68D2A2000-memory.dmp

Filesize
3.9MB

Download
memory/4100-11-0x00007FF628C80000-0x00007FF629072000-memory.dmp

Filesize
3.9MB

Download
memory/4112-794-0x00007FF7A2010000-0x00007FF7A2402000-memory.dmp

Filesize
3.9MB

Download
memory/4420-796-0x00007FF6864C0000-0x00007FF6868B2000-memory.dmp

Filesize
3.9MB

Download
memory/4472-1962-0x00007FF6372E0000-0x00007FF6376D2000-memory.dmp

Filesize
3.9MB

Download
memory/4488-1271-0x00007FF79A270000-0x00007FF79A662000-memory.dmp

Filesize
3.9MB

Download
memory/4904-732-0x000001886BA50000-0x000001886BA72000-memory.dmp

Filesize
136KB

Download
memory/4904-70-0x000001886BA90000-0x000001886BAA0000-memory.dmp

Filesize
64KB

Download
memory/4904-131-0x000001886BA90000-0x000001886BAA0000-memory.dmp

Filesize
64KB

Download
memory/5708-1969-0x00007FF6161B0000-0x00007FF6165A2000-memory.dmp

Filesize
3.9MB

Download
memory/5848-1979-0x00007FF70CDD0000-0x00007FF70D1C2000-memory.dmp

Filesize
3.9MB

Download
memory/6348-1968-0x00007FF6E0C80000-0x00007FF6E1072000-memory.dmp

Filesize
3.9MB

Download
memory/6356-1982-0x00007FF6263E0000-0x00007FF6267D2000-memory.dmp

Filesize
3.9MB

Download
memory/6820-1949-0x00007FF7629A0000-0x00007FF762D92000-memory.dmp

Filesize
3.9MB

Download
memory/6840-1950-0x00007FF724FB0000-0x00007FF7253A2000-memory.dmp

Filesize
3.9MB

Download
memory/7272-1985-0x00007FF7DF4D0000-0x00007FF7DF8C2000-memory.dmp

Filesize
3.9MB

Download
memory/7388-1959-0x00007FF76DA10000-0x00007FF76DE02000-memory.dmp

Filesize
3.9MB

Download
memory/7440-1960-0x00007FF657D10000-0x00007FF658102000-memory.dmp

Filesize
3.9MB

Download
memory/7476-1958-0x00007FF669290000-0x00007FF669682000-memory.dmp

Filesize
3.9MB

Download
memory/7552-2185-0x00007FF7B3C70000-0x00007FF7B4062000-memory.dmp

Filesize
3.9MB

Download
memory/7628-2015-0x00007FF6122C0000-0x00007FF6126B2000-memory.dmp

Filesize
3.9MB

Download
memory/7648-1956-0x00007FF718EA0000-0x00007FF719292000-memory.dmp

Filesize
3.9MB

Download
memory/7680-1966-0x00007FF7F8B80000-0x00007FF7F8F72000-memory.dmp

Filesize
3.9MB

Download
memory/7696-2065-0x00007FF6559E0000-0x00007FF655DD2000-memory.dmp

Filesize
3.9MB

Download
memory/7716-1961-0x00007FF67B840000-0x00007FF67BC32000-memory.dmp

Filesize
3.9MB

Download
memory/7916-1976-0x00007FF7C2330000-0x00007FF7C2722000-memory.dmp

Filesize
3.9MB

Download
memory/8044-1980-0x00007FF7F1F50000-0x00007FF7F2342000-memory.dmp

Filesize
3.9MB

Download
memory/8048-1967-0x00007FF7F8A20000-0x00007FF7F8E12000-memory.dmp

Filesize
3.9MB

Download
memory/8120-1977-0x00007FF69F1D0000-0x00007FF69F5C2000-memory.dmp

Filesize
3.9MB

Download
memory/8320-1856-0x00007FF787590000-0x00007FF787982000-memory.dmp

Filesize
3.9MB

Download
memory/8388-1857-0x00007FF69C8A0000-0x00007FF69CC92000-memory.dmp

Filesize
3.9MB

Download
memory/8660-2012-0x00007FF77F450000-0x00007FF77F842000-memory.dmp

Filesize
3.9MB

Download
memory/8852-1952-0x00007FF61EB40000-0x00007FF61EF32000-memory.dmp

Filesize
3.9MB

Download
memory/9252-2014-0x00007FF70CA00000-0x00007FF70CDF2000-memory.dmp

Filesize
3.9MB

Download
memory/9272-1955-0x00007FF6FB500000-0x00007FF6FB8F2000-memory.dmp

Filesize
3.9MB

Download
memory/9312-2011-0x00007FF7E64E0000-0x00007FF7E68D2000-memory.dmp

Filesize
3.9MB

Download
memory/9328-2013-0x00007FF6823A0000-0x00007FF682792000-memory.dmp

Filesize
3.9MB

Download
memory/9380-2008-0x00007FF66D050000-0x00007FF66D442000-memory.dmp

Filesize
3.9MB

Download
memory/9524-1953-0x00007FF65C070000-0x00007FF65C462000-memory.dmp

Filesize
3.9MB

Download
memory/9600-1878-0x00007FF7AB550000-0x00007FF7AB942000-memory.dmp

Filesize
3.9MB

Download
memory/9672-2010-0x00007FF79D330000-0x00007FF79D722000-memory.dmp

Filesize
3.9MB

Download
memory/9688-1995-0x00007FF7B42B0000-0x00007FF7B46A2000-memory.dmp

Filesize
3.9MB

Download
memory/9736-1868-0x00007FF724D10000-0x00007FF725102000-memory.dmp

Filesize
3.9MB

Download
memory/9896-1869-0x00007FF613C90000-0x00007FF614082000-memory.dmp

Filesize
3.9MB

Download
memory/9968-1963-0x00007FF6D0490000-0x00007FF6D0882000-memory.dmp

Filesize
3.9MB

Download
memory/10152-1964-0x00007FF616A80000-0x00007FF616E72000-memory.dmp

Filesize
3.9MB

Download
memory/10168-1957-0x00007FF7A0EB0000-0x00007FF7A12A2000-memory.dmp

Filesize
3.9MB

Download
memory/10208-1978-0x00007FF6AEDE0000-0x00007FF6AF1D2000-memory.dmp

Filesize
3.9MB

Download
memory/10784-1954-0x00007FF72ABC0000-0x00007FF72AFB2000-memory.dmp

Filesize
3.9MB

Download
memory/10940-1984-0x00007FF73A9B0000-0x00007FF73ADA2000-memory.dmp

Filesize
3.9MB

Download