xmrig | 24cb6196aa98dfc62b45ddc0f9bfb2e846f57a0692fefa9aa7448c826de03436

Analysis

max time kernel
148s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
27/04/2024, 09:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
Size

1.7MB
MD5

02ef9ca96b719f29fd30988a021bb092
SHA1

690c8e07fc621f446d545456b8690957158c94c2
SHA256

24cb6196aa98dfc62b45ddc0f9bfb2e846f57a0692fefa9aa7448c826de03436
SHA512

07e6297002a8cdcff19411e89e65f5abc9e5888aadd30ee74ba00dcf96495201855037009cd9a1cecc6ee3eb456af0c03aa3b5912190408ec4cbc11bc51f3e31
SSDEEP

49152:Lz071uv4BPMkibTIA5lCx7kvRWa4pxtUr:NAB6

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 36 IoCs

miner

resource	yara_rule
behavioral2/memory/1404-14-0x00007FF70EEE0000-0x00007FF70F2D2000-memory.dmp	xmrig
behavioral2/memory/2284-229-0x00007FF703960000-0x00007FF703D52000-memory.dmp	xmrig
behavioral2/memory/4580-261-0x00007FF7644C0000-0x00007FF7648B2000-memory.dmp	xmrig
behavioral2/memory/1896-381-0x00007FF745390000-0x00007FF745782000-memory.dmp	xmrig
behavioral2/memory/2876-387-0x00007FF6CF4E0000-0x00007FF6CF8D2000-memory.dmp	xmrig
behavioral2/memory/3424-386-0x00007FF7E9960000-0x00007FF7E9D52000-memory.dmp	xmrig
behavioral2/memory/964-344-0x00007FF641030000-0x00007FF641422000-memory.dmp	xmrig
behavioral2/memory/4528-266-0x00007FF762CE0000-0x00007FF7630D2000-memory.dmp	xmrig
behavioral2/memory/1992-264-0x00007FF7B7F10000-0x00007FF7B8302000-memory.dmp	xmrig
behavioral2/memory/2388-263-0x00007FF6F9630000-0x00007FF6F9A22000-memory.dmp	xmrig
behavioral2/memory/656-260-0x00007FF7E53E0000-0x00007FF7E57D2000-memory.dmp	xmrig
behavioral2/memory/3100-259-0x00007FF797E10000-0x00007FF798202000-memory.dmp	xmrig
behavioral2/memory/3780-258-0x00007FF7E5320000-0x00007FF7E5712000-memory.dmp	xmrig
behavioral2/memory/2264-255-0x00007FF7637B0000-0x00007FF763BA2000-memory.dmp	xmrig
behavioral2/memory/4272-161-0x00007FF702EB0000-0x00007FF7032A2000-memory.dmp	xmrig
behavioral2/memory/4000-78-0x00007FF7FCDD0000-0x00007FF7FD1C2000-memory.dmp	xmrig
behavioral2/memory/4304-58-0x00007FF79D1F0000-0x00007FF79D5E2000-memory.dmp	xmrig
behavioral2/memory/5092-4617-0x00007FF711050000-0x00007FF711442000-memory.dmp	xmrig
behavioral2/memory/3704-4621-0x00007FF770B50000-0x00007FF770F42000-memory.dmp	xmrig
behavioral2/memory/5092-4968-0x00007FF711050000-0x00007FF711442000-memory.dmp	xmrig
behavioral2/memory/4304-4974-0x00007FF79D1F0000-0x00007FF79D5E2000-memory.dmp	xmrig
behavioral2/memory/4000-4972-0x00007FF7FCDD0000-0x00007FF7FD1C2000-memory.dmp	xmrig
behavioral2/memory/4528-5040-0x00007FF762CE0000-0x00007FF7630D2000-memory.dmp	xmrig
behavioral2/memory/964-5094-0x00007FF641030000-0x00007FF641422000-memory.dmp	xmrig
behavioral2/memory/3100-5103-0x00007FF797E10000-0x00007FF798202000-memory.dmp	xmrig
behavioral2/memory/656-5092-0x00007FF7E53E0000-0x00007FF7E57D2000-memory.dmp	xmrig
behavioral2/memory/3424-5098-0x00007FF7E9960000-0x00007FF7E9D52000-memory.dmp	xmrig
behavioral2/memory/2264-5077-0x00007FF7637B0000-0x00007FF763BA2000-memory.dmp	xmrig
behavioral2/memory/4272-5047-0x00007FF702EB0000-0x00007FF7032A2000-memory.dmp	xmrig
behavioral2/memory/1896-5037-0x00007FF745390000-0x00007FF745782000-memory.dmp	xmrig
behavioral2/memory/2284-5042-0x00007FF703960000-0x00007FF703D52000-memory.dmp	xmrig
behavioral2/memory/3780-5101-0x00007FF7E5320000-0x00007FF7E5712000-memory.dmp	xmrig
behavioral2/memory/2876-5117-0x00007FF6CF4E0000-0x00007FF6CF8D2000-memory.dmp	xmrig
behavioral2/memory/4580-5142-0x00007FF7644C0000-0x00007FF7648B2000-memory.dmp	xmrig
behavioral2/memory/2388-5176-0x00007FF6F9630000-0x00007FF6F9A22000-memory.dmp	xmrig
behavioral2/memory/5060-5303-0x00007FF768F40000-0x00007FF769332000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1404	OvdwqcO.exe
3364	pqJLkuJ.exe
5092	AWKZYCu.exe
4304	tlXtMkZ.exe
4000	oFzwsOS.exe
4528	FcWAGgj.exe
3704	mBmDpfV.exe
4272	cJRlvqo.exe
964	oYIqiht.exe
1896	uTcNIpe.exe
2284	qawFRIS.exe
2264	ziaZEEI.exe
3780	ABTrmzo.exe
3100	eBJweTw.exe
656	WOmktcL.exe
4580	OHvEOPy.exe
3424	UzjjbOZ.exe
5060	ZVTBlfr.exe
2388	dTtvbeU.exe
2876	JjQJApK.exe
1992	mSrFCGF.exe
1472	kDcvKWu.exe
4320	XRFnqMS.exe
1408	AbXxtvS.exe
3912	RsxjRBi.exe
2984	xgfDwcd.exe
368	XDYRCLY.exe
4636	aMahgxu.exe
552	UcnXbXo.exe
3992	jYwvIFc.exe
2200	IqtvJgl.exe
4640	kCNoACG.exe
1684	vYVttNE.exe
2108	TkDwmEd.exe
3016	FuldSJf.exe
3644	CpCnYYU.exe
1160	qNVQSnd.exe
4788	pLlLOCv.exe
756	rtPlWRq.exe
3520	fXIEkeq.exe
5116	FnIdFhM.exe
3580	dsTgARO.exe
1184	eLxiXVB.exe
2460	rbSCLln.exe
4780	EqLJvWz.exe
1932	WHKRoVX.exe
1056	UifZKJY.exe
4708	hWtdaFP.exe
1084	KyrnbMV.exe
2376	JFJvqQv.exe
3068	JZfMJxB.exe
4544	OPPAMKN.exe
4552	eNizvEq.exe
4156	uGSuYVb.exe
1564	edNwiVI.exe
624	lepQABt.exe
4648	NiyrIbA.exe
4248	JueFvaA.exe
3840	nqSQQBl.exe
2436	ZMZUVBb.exe
4796	FvlpSDu.exe
4308	UhDXbFm.exe
4488	JuYoWlY.exe
3436	zsxLiqR.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1936-0-0x00007FF6490C0000-0x00007FF6494B2000-memory.dmp	upx
behavioral2/files/0x000b000000023ba1-5.dat	upx
behavioral2/files/0x000a000000023ba5-9.dat	upx
behavioral2/memory/1404-14-0x00007FF70EEE0000-0x00007FF70F2D2000-memory.dmp	upx
behavioral2/files/0x000a000000023ba7-35.dat	upx
behavioral2/files/0x000a000000023bad-53.dat	upx
behavioral2/files/0x000a000000023ba9-69.dat	upx
behavioral2/files/0x000a000000023bbf-146.dat	upx
behavioral2/files/0x000a000000023bca-210.dat	upx
behavioral2/memory/2284-229-0x00007FF703960000-0x00007FF703D52000-memory.dmp	upx
behavioral2/memory/4580-261-0x00007FF7644C0000-0x00007FF7648B2000-memory.dmp	upx
behavioral2/memory/1896-381-0x00007FF745390000-0x00007FF745782000-memory.dmp	upx
behavioral2/memory/2876-387-0x00007FF6CF4E0000-0x00007FF6CF8D2000-memory.dmp	upx
behavioral2/memory/3424-386-0x00007FF7E9960000-0x00007FF7E9D52000-memory.dmp	upx
behavioral2/memory/964-344-0x00007FF641030000-0x00007FF641422000-memory.dmp	upx
behavioral2/memory/4528-266-0x00007FF762CE0000-0x00007FF7630D2000-memory.dmp	upx
behavioral2/memory/1992-264-0x00007FF7B7F10000-0x00007FF7B8302000-memory.dmp	upx
behavioral2/memory/2388-263-0x00007FF6F9630000-0x00007FF6F9A22000-memory.dmp	upx
behavioral2/memory/5060-262-0x00007FF768F40000-0x00007FF769332000-memory.dmp	upx
behavioral2/memory/656-260-0x00007FF7E53E0000-0x00007FF7E57D2000-memory.dmp	upx
behavioral2/memory/3100-259-0x00007FF797E10000-0x00007FF798202000-memory.dmp	upx
behavioral2/memory/3780-258-0x00007FF7E5320000-0x00007FF7E5712000-memory.dmp	upx
behavioral2/memory/2264-255-0x00007FF7637B0000-0x00007FF763BA2000-memory.dmp	upx
behavioral2/files/0x000a000000023bc9-207.dat	upx
behavioral2/files/0x000a000000023bc8-204.dat	upx
behavioral2/files/0x000a000000023bc7-200.dat	upx
behavioral2/files/0x000a000000023bc6-193.dat	upx
behavioral2/files/0x000a000000023bc4-176.dat	upx
behavioral2/files/0x000a000000023bc3-173.dat	upx
behavioral2/files/0x000a000000023bba-169.dat	upx
behavioral2/files/0x000a000000023bb9-164.dat	upx
behavioral2/memory/4272-161-0x00007FF702EB0000-0x00007FF7032A2000-memory.dmp	upx
behavioral2/files/0x000a000000023bc1-157.dat	upx
behavioral2/files/0x000a000000023bb3-156.dat	upx
behavioral2/files/0x000a000000023bc0-153.dat	upx
behavioral2/files/0x0031000000023bb6-148.dat	upx
behavioral2/files/0x000a000000023bb0-137.dat	upx
behavioral2/files/0x000a000000023bbe-131.dat	upx
behavioral2/files/0x000a000000023bbd-130.dat	upx
behavioral2/files/0x000a000000023bb5-129.dat	upx
behavioral2/files/0x000a000000023bb4-126.dat	upx
behavioral2/files/0x000a000000023bbc-125.dat	upx
behavioral2/files/0x000a000000023bab-124.dat	upx
behavioral2/files/0x000a000000023bc5-179.dat	upx
behavioral2/memory/3704-109-0x00007FF770B50000-0x00007FF770F42000-memory.dmp	upx
behavioral2/files/0x000a000000023bc2-158.dat	upx
behavioral2/files/0x0031000000023bb8-106.dat	upx
behavioral2/files/0x000a000000023bb2-139.dat	upx
behavioral2/files/0x000a000000023bb1-98.dat	upx
behavioral2/files/0x000a000000023baf-92.dat	upx
behavioral2/files/0x000a000000023bac-89.dat	upx
behavioral2/files/0x000a000000023bbb-115.dat	upx
behavioral2/files/0x000a000000023baa-79.dat	upx
behavioral2/memory/4000-78-0x00007FF7FCDD0000-0x00007FF7FD1C2000-memory.dmp	upx
behavioral2/files/0x0031000000023bb7-105.dat	upx
behavioral2/files/0x000a000000023bae-85.dat	upx
behavioral2/memory/5092-50-0x00007FF711050000-0x00007FF711442000-memory.dmp	upx
behavioral2/files/0x000a000000023ba8-46.dat	upx
behavioral2/memory/4304-58-0x00007FF79D1F0000-0x00007FF79D5E2000-memory.dmp	upx
behavioral2/files/0x000a000000023ba6-40.dat	upx
behavioral2/memory/3364-27-0x00007FF7EC720000-0x00007FF7ECB12000-memory.dmp	upx
behavioral2/memory/5092-4617-0x00007FF711050000-0x00007FF711442000-memory.dmp	upx
behavioral2/memory/3704-4621-0x00007FF770B50000-0x00007FF770F42000-memory.dmp	upx
behavioral2/memory/5092-4968-0x00007FF711050000-0x00007FF711442000-memory.dmp	upx

Drops file in System32 directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db	OfficeClickToRun.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db-wal	OfficeClickToRun.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db-shm	OfficeClickToRun.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\iSxeEeG.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\KvkjrQP.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\jtsZGhl.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\kbeHJtX.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\BGYWcrH.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\ARTycXW.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\AxChvgK.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\PqTECmI.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\JGGKtSu.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\pZpQPft.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\WMIktzJ.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\WjiDWhp.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\bxHXPJo.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\EmKMtMf.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\njgzdUI.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\xDxRFyt.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\RyFfgJs.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\eAgffQw.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\BGurrAq.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\AqdSuOY.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\SCVxsRl.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\thDRPIS.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\JZfMJxB.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\REJtziD.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\bbJnoGv.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\wizPsaW.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\duYQhMu.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\nZRKgbT.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\iFbBjrG.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\JRKijjp.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\FbIdrSm.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\ljMuVOj.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\CHFmcGy.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\FAQSEhM.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\PYHUqBC.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\MDzwqsM.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\INpFQPn.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\axXDUGg.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\AdYztBO.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\ReuHOma.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\EttDybf.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\TPNNIhb.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\MoWDeBs.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\cZqymGd.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\uuWpmOv.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\RsxjRBi.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\gEJVUdz.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\XBdaUZr.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\ArpQAhj.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\OfNllDU.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\ciQOJKh.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\QTHDpkw.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\nwDsYLJ.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\snnuGQB.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\QmzLVXc.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\ZvjCWqr.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\iOqPxbl.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\LrEpgnf.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\aopDABY.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\OVYjUyX.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\LbrEohR.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\dsgeVIp.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\ZLaaizs.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
File created	C:\Windows\System\rpAGwyK.exe	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	OfficeClickToRun.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	OfficeClickToRun.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	OfficeClickToRun.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	OfficeClickToRun.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	OfficeClickToRun.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	OfficeClickToRun.exe

Modifies data under HKEY_USERS 56 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\ExternalFeatureOverrides\officeclicktorun	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSCategoriesSeverities = "1329 10,1329 50,1329 15,1329 100,1329 6"	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "2"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSCategoriesSeverities = "1329 50,1329 10,1329 15,1329 100,1329 6"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\all\Overrides	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\officeclicktorun\Overrides	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\ExternalFeatureOverrides\officeclicktorun	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\Overrides	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\Overrides	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs	OfficeClickToRun.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor	OfficeClickToRun.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\officeclicktorun\Overrides	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	OfficeClickToRun.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "2"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSTagIds0 = "5804129,7202269,17110992,41484365,39965824,7153487,17110988,508368333,17962391,17962392,3462423,3702920,3700754,3965062,4297094,7153421,18716193,7153435,7202265,20502174,6308191,18407617"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\FirstSession\officeclicktorun	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "1"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	OfficeClickToRun.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "1"	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSTagIds0 = "5804129,17110992,7202269,41484365,17110988,7153487,39965824,17962391,508368333,17962392,3462423,3702920,3700754,3965062,4297094,7153421,18716193,7153435,7202265,20502174,6308191,18407617"	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\TrustCenter\Experimentation	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\FirstSession\officeclicktorun	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\all\Overrides	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\TrustCenter\Experimentation	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	OfficeClickToRun.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3968	powershell.exe
3968	powershell.exe
3968	powershell.exe
3968	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
Token: SeDebugPrivilege	3968	powershell.exe
Token: SeLockMemoryPrivilege	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
13624	OfficeClickToRun.exe
5492	OfficeClickToRun.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 3968	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	87
PID 1936 wrote to memory of 3968	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	87
PID 1936 wrote to memory of 1404	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	88
PID 1936 wrote to memory of 1404	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	88
PID 1936 wrote to memory of 3364	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	89
PID 1936 wrote to memory of 3364	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	89
PID 1936 wrote to memory of 4000	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	90
PID 1936 wrote to memory of 4000	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	90
PID 1936 wrote to memory of 5092	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	91
PID 1936 wrote to memory of 5092	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	91
PID 1936 wrote to memory of 4304	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	92
PID 1936 wrote to memory of 4304	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	92
PID 1936 wrote to memory of 4528	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	93
PID 1936 wrote to memory of 4528	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	93
PID 1936 wrote to memory of 3704	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	94
PID 1936 wrote to memory of 3704	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	94
PID 1936 wrote to memory of 2264	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	95
PID 1936 wrote to memory of 2264	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	95
PID 1936 wrote to memory of 4272	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	96
PID 1936 wrote to memory of 4272	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	96
PID 1936 wrote to memory of 964	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	97
PID 1936 wrote to memory of 964	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	97
PID 1936 wrote to memory of 1896	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	98
PID 1936 wrote to memory of 1896	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	98
PID 1936 wrote to memory of 2284	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	99
PID 1936 wrote to memory of 2284	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	99
PID 1936 wrote to memory of 3780	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	100
PID 1936 wrote to memory of 3780	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	100
PID 1936 wrote to memory of 3100	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	101
PID 1936 wrote to memory of 3100	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	101
PID 1936 wrote to memory of 656	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	102
PID 1936 wrote to memory of 656	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	102
PID 1936 wrote to memory of 4580	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	103
PID 1936 wrote to memory of 4580	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	103
PID 1936 wrote to memory of 1408	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	104
PID 1936 wrote to memory of 1408	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	104
PID 1936 wrote to memory of 3912	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	105
PID 1936 wrote to memory of 3912	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	105
PID 1936 wrote to memory of 3424	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	106
PID 1936 wrote to memory of 3424	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	106
PID 1936 wrote to memory of 5060	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	107
PID 1936 wrote to memory of 5060	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	107
PID 1936 wrote to memory of 2388	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	108
PID 1936 wrote to memory of 2388	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	108
PID 1936 wrote to memory of 2876	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	109
PID 1936 wrote to memory of 2876	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	109
PID 1936 wrote to memory of 1992	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	110
PID 1936 wrote to memory of 1992	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	110
PID 1936 wrote to memory of 1472	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	111
PID 1936 wrote to memory of 1472	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	111
PID 1936 wrote to memory of 4320	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	112
PID 1936 wrote to memory of 4320	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	112
PID 1936 wrote to memory of 2984	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	113
PID 1936 wrote to memory of 2984	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	113
PID 1936 wrote to memory of 368	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	114
PID 1936 wrote to memory of 368	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	114
PID 1936 wrote to memory of 4636	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	115
PID 1936 wrote to memory of 4636	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	115
PID 1936 wrote to memory of 552	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	116
PID 1936 wrote to memory of 552	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	116
PID 1936 wrote to memory of 3992	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	117
PID 1936 wrote to memory of 3992	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	117
PID 1936 wrote to memory of 2200	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	118
PID 1936 wrote to memory of 2200	1936	02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe	118

C:\Users\Admin\AppData\Local\Temp\02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\02ef9ca96b719f29fd30988a021bb092_JaffaCakes118.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1936
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3968
- C:\Windows\System\OvdwqcO.exe
  C:\Windows\System\OvdwqcO.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\pqJLkuJ.exe
  C:\Windows\System\pqJLkuJ.exe
  2⤵
  - Executes dropped EXE
  PID:3364
- C:\Windows\System\oFzwsOS.exe
  C:\Windows\System\oFzwsOS.exe
  2⤵
  - Executes dropped EXE
  PID:4000
- C:\Windows\System\AWKZYCu.exe
  C:\Windows\System\AWKZYCu.exe
  2⤵
  - Executes dropped EXE
  PID:5092
- C:\Windows\System\tlXtMkZ.exe
  C:\Windows\System\tlXtMkZ.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System\FcWAGgj.exe
  C:\Windows\System\FcWAGgj.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\mBmDpfV.exe
  C:\Windows\System\mBmDpfV.exe
  2⤵
  - Executes dropped EXE
  PID:3704
- C:\Windows\System\ziaZEEI.exe
  C:\Windows\System\ziaZEEI.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\cJRlvqo.exe
  C:\Windows\System\cJRlvqo.exe
  2⤵
  - Executes dropped EXE
  PID:4272
- C:\Windows\System\oYIqiht.exe
  C:\Windows\System\oYIqiht.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\uTcNIpe.exe
  C:\Windows\System\uTcNIpe.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\qawFRIS.exe
  C:\Windows\System\qawFRIS.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\ABTrmzo.exe
  C:\Windows\System\ABTrmzo.exe
  2⤵
  - Executes dropped EXE
  PID:3780
- C:\Windows\System\eBJweTw.exe
  C:\Windows\System\eBJweTw.exe
  2⤵
  - Executes dropped EXE
  PID:3100
- C:\Windows\System\WOmktcL.exe
  C:\Windows\System\WOmktcL.exe
  2⤵
  - Executes dropped EXE
  PID:656
- C:\Windows\System\OHvEOPy.exe
  C:\Windows\System\OHvEOPy.exe
  2⤵
  - Executes dropped EXE
  PID:4580
- C:\Windows\System\AbXxtvS.exe
  C:\Windows\System\AbXxtvS.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\RsxjRBi.exe
  C:\Windows\System\RsxjRBi.exe
  2⤵
  - Executes dropped EXE
  PID:3912
- C:\Windows\System\UzjjbOZ.exe
  C:\Windows\System\UzjjbOZ.exe
  2⤵
  - Executes dropped EXE
  PID:3424
- C:\Windows\System\ZVTBlfr.exe
  C:\Windows\System\ZVTBlfr.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\dTtvbeU.exe
  C:\Windows\System\dTtvbeU.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\JjQJApK.exe
  C:\Windows\System\JjQJApK.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\mSrFCGF.exe
  C:\Windows\System\mSrFCGF.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\kDcvKWu.exe
  C:\Windows\System\kDcvKWu.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\XRFnqMS.exe
  C:\Windows\System\XRFnqMS.exe
  2⤵
  - Executes dropped EXE
  PID:4320
- C:\Windows\System\xgfDwcd.exe
  C:\Windows\System\xgfDwcd.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\XDYRCLY.exe
  C:\Windows\System\XDYRCLY.exe
  2⤵
  - Executes dropped EXE
  PID:368
- C:\Windows\System\aMahgxu.exe
  C:\Windows\System\aMahgxu.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System\UcnXbXo.exe
  C:\Windows\System\UcnXbXo.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\jYwvIFc.exe
  C:\Windows\System\jYwvIFc.exe
  2⤵
  - Executes dropped EXE
  PID:3992
- C:\Windows\System\IqtvJgl.exe
  C:\Windows\System\IqtvJgl.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\kCNoACG.exe
  C:\Windows\System\kCNoACG.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\vYVttNE.exe
  C:\Windows\System\vYVttNE.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\TkDwmEd.exe
  C:\Windows\System\TkDwmEd.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\FuldSJf.exe
  C:\Windows\System\FuldSJf.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\CpCnYYU.exe
  C:\Windows\System\CpCnYYU.exe
  2⤵
  - Executes dropped EXE
  PID:3644
- C:\Windows\System\qNVQSnd.exe
  C:\Windows\System\qNVQSnd.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\pLlLOCv.exe
  C:\Windows\System\pLlLOCv.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\rtPlWRq.exe
  C:\Windows\System\rtPlWRq.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\fXIEkeq.exe
  C:\Windows\System\fXIEkeq.exe
  2⤵
  - Executes dropped EXE
  PID:3520
- C:\Windows\System\ZMZUVBb.exe
  C:\Windows\System\ZMZUVBb.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\FnIdFhM.exe
  C:\Windows\System\FnIdFhM.exe
  2⤵
  - Executes dropped EXE
  PID:5116
- C:\Windows\System\dsTgARO.exe
  C:\Windows\System\dsTgARO.exe
  2⤵
  - Executes dropped EXE
  PID:3580
- C:\Windows\System\eLxiXVB.exe
  C:\Windows\System\eLxiXVB.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\rbSCLln.exe
  C:\Windows\System\rbSCLln.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\EqLJvWz.exe
  C:\Windows\System\EqLJvWz.exe
  2⤵
  - Executes dropped EXE
  PID:4780
- C:\Windows\System\WHKRoVX.exe
  C:\Windows\System\WHKRoVX.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\UifZKJY.exe
  C:\Windows\System\UifZKJY.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\hWtdaFP.exe
  C:\Windows\System\hWtdaFP.exe
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Windows\System\KyrnbMV.exe
  C:\Windows\System\KyrnbMV.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\JFJvqQv.exe
  C:\Windows\System\JFJvqQv.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\JZfMJxB.exe
  C:\Windows\System\JZfMJxB.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\OPPAMKN.exe
  C:\Windows\System\OPPAMKN.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\eNizvEq.exe
  C:\Windows\System\eNizvEq.exe
  2⤵
  - Executes dropped EXE
  PID:4552
- C:\Windows\System\uGSuYVb.exe
  C:\Windows\System\uGSuYVb.exe
  2⤵
  - Executes dropped EXE
  PID:4156
- C:\Windows\System\edNwiVI.exe
  C:\Windows\System\edNwiVI.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\lepQABt.exe
  C:\Windows\System\lepQABt.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\NiyrIbA.exe
  C:\Windows\System\NiyrIbA.exe
  2⤵
  - Executes dropped EXE
  PID:4648
- C:\Windows\System\JueFvaA.exe
  C:\Windows\System\JueFvaA.exe
  2⤵
  - Executes dropped EXE
  PID:4248
- C:\Windows\System\nqSQQBl.exe
  C:\Windows\System\nqSQQBl.exe
  2⤵
  - Executes dropped EXE
  PID:3840
- C:\Windows\System\FvlpSDu.exe
  C:\Windows\System\FvlpSDu.exe
  2⤵
  - Executes dropped EXE
  PID:4796
- C:\Windows\System\UhDXbFm.exe
  C:\Windows\System\UhDXbFm.exe
  2⤵
  - Executes dropped EXE
  PID:4308
- C:\Windows\System\JuYoWlY.exe
  C:\Windows\System\JuYoWlY.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\zsxLiqR.exe
  C:\Windows\System\zsxLiqR.exe
  2⤵
  - Executes dropped EXE
  PID:3436
- C:\Windows\System\dDXmqHZ.exe
  C:\Windows\System\dDXmqHZ.exe
  2⤵
  PID:4988
- C:\Windows\System\nnqEPCE.exe
  C:\Windows\System\nnqEPCE.exe
  2⤵
  PID:2248
- C:\Windows\System\FoacmhY.exe
  C:\Windows\System\FoacmhY.exe
  2⤵
  PID:3936
- C:\Windows\System\CAaierO.exe
  C:\Windows\System\CAaierO.exe
  2⤵
  PID:1972
- C:\Windows\System\QGZjGiA.exe
  C:\Windows\System\QGZjGiA.exe
  2⤵
  PID:4616
- C:\Windows\System\TxrmRbg.exe
  C:\Windows\System\TxrmRbg.exe
  2⤵
  PID:1588
- C:\Windows\System\JovdIgx.exe
  C:\Windows\System\JovdIgx.exe
  2⤵
  PID:3340
- C:\Windows\System\HFHiBJf.exe
  C:\Windows\System\HFHiBJf.exe
  2⤵
  PID:4064
- C:\Windows\System\xfmvPRG.exe
  C:\Windows\System\xfmvPRG.exe
  2⤵
  PID:1616
- C:\Windows\System\uNUGvBH.exe
  C:\Windows\System\uNUGvBH.exe
  2⤵
  PID:3168
- C:\Windows\System\RQfkGfJ.exe
  C:\Windows\System\RQfkGfJ.exe
  2⤵
  PID:1324
- C:\Windows\System\fusFqCj.exe
  C:\Windows\System\fusFqCj.exe
  2⤵
  PID:3844
- C:\Windows\System\QbsjvDi.exe
  C:\Windows\System\QbsjvDi.exe
  2⤵
  PID:1596
- C:\Windows\System\VXgpIHX.exe
  C:\Windows\System\VXgpIHX.exe
  2⤵
  PID:3460
- C:\Windows\System\llHEiiA.exe
  C:\Windows\System\llHEiiA.exe
  2⤵
  PID:4188
- C:\Windows\System\unySxpz.exe
  C:\Windows\System\unySxpz.exe
  2⤵
  PID:2672
- C:\Windows\System\xPJXolO.exe
  C:\Windows\System\xPJXolO.exe
  2⤵
  PID:4472
- C:\Windows\System\CUKTjha.exe
  C:\Windows\System\CUKTjha.exe
  2⤵
  PID:920
- C:\Windows\System\yugECQT.exe
  C:\Windows\System\yugECQT.exe
  2⤵
  PID:4252
- C:\Windows\System\QhQwxAV.exe
  C:\Windows\System\QhQwxAV.exe
  2⤵
  PID:540
- C:\Windows\System\mBisEca.exe
  C:\Windows\System\mBisEca.exe
  2⤵
  PID:4624
- C:\Windows\System\uBJrGCo.exe
  C:\Windows\System\uBJrGCo.exe
  2⤵
  PID:1540
- C:\Windows\System\getPBzW.exe
  C:\Windows\System\getPBzW.exe
  2⤵
  PID:5136
- C:\Windows\System\zodXCEi.exe
  C:\Windows\System\zodXCEi.exe
  2⤵
  PID:5168
- C:\Windows\System\MYjKjSC.exe
  C:\Windows\System\MYjKjSC.exe
  2⤵
  PID:5200
- C:\Windows\System\bAYzSyd.exe
  C:\Windows\System\bAYzSyd.exe
  2⤵
  PID:5220
- C:\Windows\System\iXswUPh.exe
  C:\Windows\System\iXswUPh.exe
  2⤵
  PID:5260
- C:\Windows\System\DZzTUks.exe
  C:\Windows\System\DZzTUks.exe
  2⤵
  PID:5280
- C:\Windows\System\rJQDtVz.exe
  C:\Windows\System\rJQDtVz.exe
  2⤵
  PID:5296
- C:\Windows\System\aDEWPdN.exe
  C:\Windows\System\aDEWPdN.exe
  2⤵
  PID:5316
- C:\Windows\System\CFHDNge.exe
  C:\Windows\System\CFHDNge.exe
  2⤵
  PID:5336
- C:\Windows\System\KHzvFhP.exe
  C:\Windows\System\KHzvFhP.exe
  2⤵
  PID:5356
- C:\Windows\System\RKhqWXS.exe
  C:\Windows\System\RKhqWXS.exe
  2⤵
  PID:5376
- C:\Windows\System\KQrNynk.exe
  C:\Windows\System\KQrNynk.exe
  2⤵
  PID:5400
- C:\Windows\System\iPKNlcV.exe
  C:\Windows\System\iPKNlcV.exe
  2⤵
  PID:5424
- C:\Windows\System\zNEfLzv.exe
  C:\Windows\System\zNEfLzv.exe
  2⤵
  PID:5564
- C:\Windows\System\LqAUYjB.exe
  C:\Windows\System\LqAUYjB.exe
  2⤵
  PID:5596
- C:\Windows\System\PiNwykc.exe
  C:\Windows\System\PiNwykc.exe
  2⤵
  PID:5652
- C:\Windows\System\MEIXTvO.exe
  C:\Windows\System\MEIXTvO.exe
  2⤵
  PID:5680
- C:\Windows\System\LhnxibN.exe
  C:\Windows\System\LhnxibN.exe
  2⤵
  PID:5700
- C:\Windows\System\zummMMK.exe
  C:\Windows\System\zummMMK.exe
  2⤵
  PID:5724
- C:\Windows\System\epsGFyI.exe
  C:\Windows\System\epsGFyI.exe
  2⤵
  PID:5744
- C:\Windows\System\SGrwhBD.exe
  C:\Windows\System\SGrwhBD.exe
  2⤵
  PID:5764
- C:\Windows\System\xycHBJP.exe
  C:\Windows\System\xycHBJP.exe
  2⤵
  PID:5784
- C:\Windows\System\vgWiult.exe
  C:\Windows\System\vgWiult.exe
  2⤵
  PID:5804
- C:\Windows\System\YMmikgv.exe
  C:\Windows\System\YMmikgv.exe
  2⤵
  PID:5908
- C:\Windows\System\okufpWj.exe
  C:\Windows\System\okufpWj.exe
  2⤵
  PID:5940
- C:\Windows\System\zazZMCb.exe
  C:\Windows\System\zazZMCb.exe
  2⤵
  PID:5956
- C:\Windows\System\ipdSGKy.exe
  C:\Windows\System\ipdSGKy.exe
  2⤵
  PID:5976
- C:\Windows\System\zhXCrIF.exe
  C:\Windows\System\zhXCrIF.exe
  2⤵
  PID:6004
- C:\Windows\System\XHxUfms.exe
  C:\Windows\System\XHxUfms.exe
  2⤵
  PID:6020
- C:\Windows\System\CziWFRn.exe
  C:\Windows\System\CziWFRn.exe
  2⤵
  PID:6036
- C:\Windows\System\uRKmEKh.exe
  C:\Windows\System\uRKmEKh.exe
  2⤵
  PID:6052
- C:\Windows\System\eBBIdsz.exe
  C:\Windows\System\eBBIdsz.exe
  2⤵
  PID:6068
- C:\Windows\System\SCcZJnB.exe
  C:\Windows\System\SCcZJnB.exe
  2⤵
  PID:6096
- C:\Windows\System\KFRcUXX.exe
  C:\Windows\System\KFRcUXX.exe
  2⤵
  PID:6112
- C:\Windows\System\HJWvfAJ.exe
  C:\Windows\System\HJWvfAJ.exe
  2⤵
  PID:6132
- C:\Windows\System\yLAAFPy.exe
  C:\Windows\System\yLAAFPy.exe
  2⤵
  PID:4888
- C:\Windows\System\WjrJJRD.exe
  C:\Windows\System\WjrJJRD.exe
  2⤵
  PID:2564
- C:\Windows\System\qXTGfxo.exe
  C:\Windows\System\qXTGfxo.exe
  2⤵
  PID:5292
- C:\Windows\System\QCVIsgx.exe
  C:\Windows\System\QCVIsgx.exe
  2⤵
  PID:5348
- C:\Windows\System\xMfOIqn.exe
  C:\Windows\System\xMfOIqn.exe
  2⤵
  PID:4428
- C:\Windows\System\iTMiStU.exe
  C:\Windows\System\iTMiStU.exe
  2⤵
  PID:6168
- C:\Windows\System\XGUVKTY.exe
  C:\Windows\System\XGUVKTY.exe
  2⤵
  PID:6184
- C:\Windows\System\eQBRLdb.exe
  C:\Windows\System\eQBRLdb.exe
  2⤵
  PID:6208
- C:\Windows\System\WnsoIpH.exe
  C:\Windows\System\WnsoIpH.exe
  2⤵
  PID:6232
- C:\Windows\System\eEmQnUm.exe
  C:\Windows\System\eEmQnUm.exe
  2⤵
  PID:6248
- C:\Windows\System\mOlkRVQ.exe
  C:\Windows\System\mOlkRVQ.exe
  2⤵
  PID:6272
- C:\Windows\System\rolJTjS.exe
  C:\Windows\System\rolJTjS.exe
  2⤵
  PID:6296
- C:\Windows\System\IOJpQvr.exe
  C:\Windows\System\IOJpQvr.exe
  2⤵
  PID:6312
- C:\Windows\System\nDDnDDW.exe
  C:\Windows\System\nDDnDDW.exe
  2⤵
  PID:6420
- C:\Windows\System\AWlvESx.exe
  C:\Windows\System\AWlvESx.exe
  2⤵
  PID:6436
- C:\Windows\System\UZKGJaG.exe
  C:\Windows\System\UZKGJaG.exe
  2⤵
  PID:6452
- C:\Windows\System\JvZFXpl.exe
  C:\Windows\System\JvZFXpl.exe
  2⤵
  PID:6484
- C:\Windows\System\skgmaqn.exe
  C:\Windows\System\skgmaqn.exe
  2⤵
  PID:6508
- C:\Windows\System\zNzXGwp.exe
  C:\Windows\System\zNzXGwp.exe
  2⤵
  PID:6528
- C:\Windows\System\oWTbrss.exe
  C:\Windows\System\oWTbrss.exe
  2⤵
  PID:6552
- C:\Windows\System\DRbEDSE.exe
  C:\Windows\System\DRbEDSE.exe
  2⤵
  PID:6568
- C:\Windows\System\nkRsQmq.exe
  C:\Windows\System\nkRsQmq.exe
  2⤵
  PID:6596
- C:\Windows\System\rUbrPgQ.exe
  C:\Windows\System\rUbrPgQ.exe
  2⤵
  PID:6612
- C:\Windows\System\RjbPger.exe
  C:\Windows\System\RjbPger.exe
  2⤵
  PID:6640
- C:\Windows\System\YGxqAaK.exe
  C:\Windows\System\YGxqAaK.exe
  2⤵
  PID:6660
- C:\Windows\System\tnXsRCg.exe
  C:\Windows\System\tnXsRCg.exe
  2⤵
  PID:6680
- C:\Windows\System\FFZVhXd.exe
  C:\Windows\System\FFZVhXd.exe
  2⤵
  PID:6704
- C:\Windows\System\YExHops.exe
  C:\Windows\System\YExHops.exe
  2⤵
  PID:6724
- C:\Windows\System\dmzzwxb.exe
  C:\Windows\System\dmzzwxb.exe
  2⤵
  PID:6744
- C:\Windows\System\meyfAhB.exe
  C:\Windows\System\meyfAhB.exe
  2⤵
  PID:6764
- C:\Windows\System\vEcbVip.exe
  C:\Windows\System\vEcbVip.exe
  2⤵
  PID:6780
- C:\Windows\System\XPQnMjX.exe
  C:\Windows\System\XPQnMjX.exe
  2⤵
  PID:6808
- C:\Windows\System\qmfiqIh.exe
  C:\Windows\System\qmfiqIh.exe
  2⤵
  PID:6832
- C:\Windows\System\dWbqmge.exe
  C:\Windows\System\dWbqmge.exe
  2⤵
  PID:6856
- C:\Windows\System\zhTRNcA.exe
  C:\Windows\System\zhTRNcA.exe
  2⤵
  PID:6880
- C:\Windows\System\mrodcex.exe
  C:\Windows\System\mrodcex.exe
  2⤵
  PID:6896
- C:\Windows\System\wDMVGjv.exe
  C:\Windows\System\wDMVGjv.exe
  2⤵
  PID:6916
- C:\Windows\System\XIkwdnJ.exe
  C:\Windows\System\XIkwdnJ.exe
  2⤵
  PID:6932
- C:\Windows\System\JyrzhAk.exe
  C:\Windows\System\JyrzhAk.exe
  2⤵
  PID:6948
- C:\Windows\System\akocfIe.exe
  C:\Windows\System\akocfIe.exe
  2⤵
  PID:6964
- C:\Windows\System\EDkcpLT.exe
  C:\Windows\System\EDkcpLT.exe
  2⤵
  PID:7028
- C:\Windows\System\ErFAvTb.exe
  C:\Windows\System\ErFAvTb.exe
  2⤵
  PID:7048
- C:\Windows\System\HthMCRA.exe
  C:\Windows\System\HthMCRA.exe
  2⤵
  PID:7072
- C:\Windows\System\pKwPUet.exe
  C:\Windows\System\pKwPUet.exe
  2⤵
  PID:7092
- C:\Windows\System\LCQyJsN.exe
  C:\Windows\System\LCQyJsN.exe
  2⤵
  PID:7108
- C:\Windows\System\nEMWobx.exe
  C:\Windows\System\nEMWobx.exe
  2⤵
  PID:7132
- C:\Windows\System\MxAlXwT.exe
  C:\Windows\System\MxAlXwT.exe
  2⤵
  PID:7164
- C:\Windows\System\sYeeEqH.exe
  C:\Windows\System\sYeeEqH.exe
  2⤵
  PID:2468
- C:\Windows\System\HUPDtwA.exe
  C:\Windows\System\HUPDtwA.exe
  2⤵
  PID:216
- C:\Windows\System\zmAEFez.exe
  C:\Windows\System\zmAEFez.exe
  2⤵
  PID:1220
- C:\Windows\System\GeMJErS.exe
  C:\Windows\System\GeMJErS.exe
  2⤵
  PID:1928
- C:\Windows\System\zbghzaq.exe
  C:\Windows\System\zbghzaq.exe
  2⤵
  PID:5144
- C:\Windows\System\sWRZRMt.exe
  C:\Windows\System\sWRZRMt.exe
  2⤵
  PID:5188
- C:\Windows\System\RRFCfBI.exe
  C:\Windows\System\RRFCfBI.exe
  2⤵
  PID:5228
- C:\Windows\System\OlMIRfV.exe
  C:\Windows\System\OlMIRfV.exe
  2⤵
  PID:5308
- C:\Windows\System\JDlkCFK.exe
  C:\Windows\System\JDlkCFK.exe
  2⤵
  PID:5344
- C:\Windows\System\NTxRtFs.exe
  C:\Windows\System\NTxRtFs.exe
  2⤵
  PID:5388
- C:\Windows\System\mTvzLsN.exe
  C:\Windows\System\mTvzLsN.exe
  2⤵
  PID:5500
- C:\Windows\System\ntlthMW.exe
  C:\Windows\System\ntlthMW.exe
  2⤵
  PID:6192
- C:\Windows\System\VOtXrFQ.exe
  C:\Windows\System\VOtXrFQ.exe
  2⤵
  PID:5520
- C:\Windows\System\VsJecqx.exe
  C:\Windows\System\VsJecqx.exe
  2⤵
  PID:5576
- C:\Windows\System\FmtVayx.exe
  C:\Windows\System\FmtVayx.exe
  2⤵
  PID:5620
- C:\Windows\System\esuvRFO.exe
  C:\Windows\System\esuvRFO.exe
  2⤵
  PID:5712
- C:\Windows\System\fAPEvlI.exe
  C:\Windows\System\fAPEvlI.exe
  2⤵
  PID:5740
- C:\Windows\System\fyQxJDM.exe
  C:\Windows\System\fyQxJDM.exe
  2⤵
  PID:5776
- C:\Windows\System\PryNukh.exe
  C:\Windows\System\PryNukh.exe
  2⤵
  PID:3344
- C:\Windows\System\ffnlmvg.exe
  C:\Windows\System\ffnlmvg.exe
  2⤵
  PID:6652
- C:\Windows\System\IswKVqr.exe
  C:\Windows\System\IswKVqr.exe
  2⤵
  PID:6260
- C:\Windows\System\frnqtZO.exe
  C:\Windows\System\frnqtZO.exe
  2⤵
  PID:5916
- C:\Windows\System\tcfxHzu.exe
  C:\Windows\System\tcfxHzu.exe
  2⤵
  PID:5948
- C:\Windows\System\UKZteQf.exe
  C:\Windows\System\UKZteQf.exe
  2⤵
  PID:5972
- C:\Windows\System\eoytZtl.exe
  C:\Windows\System\eoytZtl.exe
  2⤵
  PID:6044
- C:\Windows\System\NFcrYlC.exe
  C:\Windows\System\NFcrYlC.exe
  2⤵
  PID:6084
- C:\Windows\System\QrEyODU.exe
  C:\Windows\System\QrEyODU.exe
  2⤵
  PID:6124
- C:\Windows\System\xIQXpaD.exe
  C:\Windows\System\xIQXpaD.exe
  2⤵
  PID:1664
- C:\Windows\System\DkiWDNT.exe
  C:\Windows\System\DkiWDNT.exe
  2⤵
  PID:5372
- C:\Windows\System\nMKCRCr.exe
  C:\Windows\System\nMKCRCr.exe
  2⤵
  PID:6152
- C:\Windows\System\zXwzWoV.exe
  C:\Windows\System\zXwzWoV.exe
  2⤵
  PID:6180
- C:\Windows\System\JZZHGIq.exe
  C:\Windows\System\JZZHGIq.exe
  2⤵
  PID:6672
- C:\Windows\System\SfeSWpI.exe
  C:\Windows\System\SfeSWpI.exe
  2⤵
  PID:7184
- C:\Windows\System\FQYUSlr.exe
  C:\Windows\System\FQYUSlr.exe
  2⤵
  PID:7200
- C:\Windows\System\LtLzZVO.exe
  C:\Windows\System\LtLzZVO.exe
  2⤵
  PID:7216
- C:\Windows\System\aheKAvx.exe
  C:\Windows\System\aheKAvx.exe
  2⤵
  PID:7232
- C:\Windows\System\FAkFqYl.exe
  C:\Windows\System\FAkFqYl.exe
  2⤵
  PID:7248
- C:\Windows\System\fruTiLT.exe
  C:\Windows\System\fruTiLT.exe
  2⤵
  PID:7268
- C:\Windows\System\znuROsW.exe
  C:\Windows\System\znuROsW.exe
  2⤵
  PID:7284
- C:\Windows\System\UsiIbfU.exe
  C:\Windows\System\UsiIbfU.exe
  2⤵
  PID:7300
- C:\Windows\System\scQjVgm.exe
  C:\Windows\System\scQjVgm.exe
  2⤵
  PID:7316
- C:\Windows\System\TyWQPWp.exe
  C:\Windows\System\TyWQPWp.exe
  2⤵
  PID:7340
- C:\Windows\System\cXMDqUU.exe
  C:\Windows\System\cXMDqUU.exe
  2⤵
  PID:7356
- C:\Windows\System\oCSWKwv.exe
  C:\Windows\System\oCSWKwv.exe
  2⤵
  PID:7380
- C:\Windows\System\CKSumzW.exe
  C:\Windows\System\CKSumzW.exe
  2⤵
  PID:7400
- C:\Windows\System\HbgLIHI.exe
  C:\Windows\System\HbgLIHI.exe
  2⤵
  PID:7416
- C:\Windows\System\qKwUUqt.exe
  C:\Windows\System\qKwUUqt.exe
  2⤵
  PID:7440
- C:\Windows\System\YasWLUf.exe
  C:\Windows\System\YasWLUf.exe
  2⤵
  PID:7472
- C:\Windows\System\MiJwqNq.exe
  C:\Windows\System\MiJwqNq.exe
  2⤵
  PID:7488
- C:\Windows\System\aLnMliB.exe
  C:\Windows\System\aLnMliB.exe
  2⤵
  PID:7512
- C:\Windows\System\JXjWapi.exe
  C:\Windows\System\JXjWapi.exe
  2⤵
  PID:7536
- C:\Windows\System\tybtXnt.exe
  C:\Windows\System\tybtXnt.exe
  2⤵
  PID:7556
- C:\Windows\System\SYhejzf.exe
  C:\Windows\System\SYhejzf.exe
  2⤵
  PID:7584
- C:\Windows\System\cmsChkb.exe
  C:\Windows\System\cmsChkb.exe
  2⤵
  PID:7608
- C:\Windows\System\GERdvYe.exe
  C:\Windows\System\GERdvYe.exe
  2⤵
  PID:7640
- C:\Windows\System\wDpJEzw.exe
  C:\Windows\System\wDpJEzw.exe
  2⤵
  PID:7656
- C:\Windows\System\JvrDtjA.exe
  C:\Windows\System\JvrDtjA.exe
  2⤵
  PID:7684
- C:\Windows\System\UUHDWDF.exe
  C:\Windows\System\UUHDWDF.exe
  2⤵
  PID:7700
- C:\Windows\System\OVqOjOo.exe
  C:\Windows\System\OVqOjOo.exe
  2⤵
  PID:7720
- C:\Windows\System\dWFKCle.exe
  C:\Windows\System\dWFKCle.exe
  2⤵
  PID:7740
- C:\Windows\System\vTKaDKQ.exe
  C:\Windows\System\vTKaDKQ.exe
  2⤵
  PID:7764
- C:\Windows\System\RFLZuuJ.exe
  C:\Windows\System\RFLZuuJ.exe
  2⤵
  PID:7784
- C:\Windows\System\ILRumhJ.exe
  C:\Windows\System\ILRumhJ.exe
  2⤵
  PID:7804
- C:\Windows\System\OsLZyZE.exe
  C:\Windows\System\OsLZyZE.exe
  2⤵
  PID:7828
- C:\Windows\System\UymjkSR.exe
  C:\Windows\System\UymjkSR.exe
  2⤵
  PID:7856
- C:\Windows\System\RafPOmT.exe
  C:\Windows\System\RafPOmT.exe
  2⤵
  PID:7880
- C:\Windows\System\BAkPkrT.exe
  C:\Windows\System\BAkPkrT.exe
  2⤵
  PID:7896
- C:\Windows\System\aNuUsPL.exe
  C:\Windows\System\aNuUsPL.exe
  2⤵
  PID:7924
- C:\Windows\System\gETDrKH.exe
  C:\Windows\System\gETDrKH.exe
  2⤵
  PID:7948
- C:\Windows\System\pxvpjeM.exe
  C:\Windows\System\pxvpjeM.exe
  2⤵
  PID:7968
- C:\Windows\System\JLQOlHf.exe
  C:\Windows\System\JLQOlHf.exe
  2⤵
  PID:7984
- C:\Windows\System\RRnqVIc.exe
  C:\Windows\System\RRnqVIc.exe
  2⤵
  PID:8000
- C:\Windows\System\rVEsPbM.exe
  C:\Windows\System\rVEsPbM.exe
  2⤵
  PID:8016
- C:\Windows\System\MSgueqU.exe
  C:\Windows\System\MSgueqU.exe
  2⤵
  PID:8040
- C:\Windows\System\peKStiV.exe
  C:\Windows\System\peKStiV.exe
  2⤵
  PID:8060
- C:\Windows\System\GjXVaIu.exe
  C:\Windows\System\GjXVaIu.exe
  2⤵
  PID:8080
- C:\Windows\System\OdrwZZc.exe
  C:\Windows\System\OdrwZZc.exe
  2⤵
  PID:8096
- C:\Windows\System\OEHCEHR.exe
  C:\Windows\System\OEHCEHR.exe
  2⤵
  PID:8120
- C:\Windows\System\OfSfZUy.exe
  C:\Windows\System\OfSfZUy.exe
  2⤵
  PID:8148
- C:\Windows\System\XFxZQgM.exe
  C:\Windows\System\XFxZQgM.exe
  2⤵
  PID:8164
- C:\Windows\System\GPUGPVw.exe
  C:\Windows\System\GPUGPVw.exe
  2⤵
  PID:8188
- C:\Windows\System\RMZcnjd.exe
  C:\Windows\System\RMZcnjd.exe
  2⤵
  PID:6304
- C:\Windows\System\eBbLRDL.exe
  C:\Windows\System\eBbLRDL.exe
  2⤵
  PID:6268
- C:\Windows\System\uMKKCWO.exe
  C:\Windows\System\uMKKCWO.exe
  2⤵
  PID:5384
- C:\Windows\System\MHjjxXJ.exe
  C:\Windows\System\MHjjxXJ.exe
  2⤵
  PID:5708
- C:\Windows\System\NnuXPHP.exe
  C:\Windows\System\NnuXPHP.exe
  2⤵
  PID:6412
- C:\Windows\System\MGadYCh.exe
  C:\Windows\System\MGadYCh.exe
  2⤵
  PID:6448
- C:\Windows\System\ewwxEVd.exe
  C:\Windows\System\ewwxEVd.exe
  2⤵
  PID:6520
- C:\Windows\System\xMfDLnW.exe
  C:\Windows\System\xMfDLnW.exe
  2⤵
  PID:6496
- C:\Windows\System\BdOlTxg.exe
  C:\Windows\System\BdOlTxg.exe
  2⤵
  PID:6604
- C:\Windows\System\TEQkciB.exe
  C:\Windows\System\TEQkciB.exe
  2⤵
  PID:6688
- C:\Windows\System\zWeQtBd.exe
  C:\Windows\System\zWeQtBd.exe
  2⤵
  PID:7124
- C:\Windows\System\AvZGZzU.exe
  C:\Windows\System\AvZGZzU.exe
  2⤵
  PID:6776
- C:\Windows\System\xCKTpsZ.exe
  C:\Windows\System\xCKTpsZ.exe
  2⤵
  PID:1656
- C:\Windows\System\SaYzrTy.exe
  C:\Windows\System\SaYzrTy.exe
  2⤵
  PID:6700
- C:\Windows\System\riqmrdQ.exe
  C:\Windows\System\riqmrdQ.exe
  2⤵
  PID:6848
- C:\Windows\System\fJOwNOP.exe
  C:\Windows\System\fJOwNOP.exe
  2⤵
  PID:6876
- C:\Windows\System\VDpZbJA.exe
  C:\Windows\System\VDpZbJA.exe
  2⤵
  PID:6924
- C:\Windows\System\MMnnvMc.exe
  C:\Windows\System\MMnnvMc.exe
  2⤵
  PID:6960
- C:\Windows\System\bEttKMK.exe
  C:\Windows\System\bEttKMK.exe
  2⤵
  PID:556
- C:\Windows\System\akaHvMi.exe
  C:\Windows\System\akaHvMi.exe
  2⤵
  PID:4284
- C:\Windows\System\SaxDOqz.exe
  C:\Windows\System\SaxDOqz.exe
  2⤵
  PID:5676
- C:\Windows\System\STHogZg.exe
  C:\Windows\System\STHogZg.exe
  2⤵
  PID:7596
- C:\Windows\System\WCeHmWs.exe
  C:\Windows\System\WCeHmWs.exe
  2⤵
  PID:2396
- C:\Windows\System\BgdBGFn.exe
  C:\Windows\System\BgdBGFn.exe
  2⤵
  PID:7620
- C:\Windows\System\aRYJePA.exe
  C:\Windows\System\aRYJePA.exe
  2⤵
  PID:7040
- C:\Windows\System\fAiRpyg.exe
  C:\Windows\System\fAiRpyg.exe
  2⤵
  PID:8216
- C:\Windows\System\nWmRXLr.exe
  C:\Windows\System\nWmRXLr.exe
  2⤵
  PID:8232
- C:\Windows\System\RzIEzlb.exe
  C:\Windows\System\RzIEzlb.exe
  2⤵
  PID:8252
- C:\Windows\System\ARAhUuT.exe
  C:\Windows\System\ARAhUuT.exe
  2⤵
  PID:8280
- C:\Windows\System\lLQawxj.exe
  C:\Windows\System\lLQawxj.exe
  2⤵
  PID:8296
- C:\Windows\System\JVubnbu.exe
  C:\Windows\System\JVubnbu.exe
  2⤵
  PID:8320
- C:\Windows\System\xSGjJqD.exe
  C:\Windows\System\xSGjJqD.exe
  2⤵
  PID:8340
- C:\Windows\System\qpRdPgs.exe
  C:\Windows\System\qpRdPgs.exe
  2⤵
  PID:8360
- C:\Windows\System\RyYqQNe.exe
  C:\Windows\System\RyYqQNe.exe
  2⤵
  PID:8380
- C:\Windows\System\OeqORAo.exe
  C:\Windows\System\OeqORAo.exe
  2⤵
  PID:8396
- C:\Windows\System\zqPLMJl.exe
  C:\Windows\System\zqPLMJl.exe
  2⤵
  PID:8416
- C:\Windows\System\exrfOLV.exe
  C:\Windows\System\exrfOLV.exe
  2⤵
  PID:8436
- C:\Windows\System\EPGcQfU.exe
  C:\Windows\System\EPGcQfU.exe
  2⤵
  PID:8452
- C:\Windows\System\AqdSuOY.exe
  C:\Windows\System\AqdSuOY.exe
  2⤵
  PID:8480
- C:\Windows\System\HJCDHMX.exe
  C:\Windows\System\HJCDHMX.exe
  2⤵
  PID:8496
- C:\Windows\System\kTMFiTb.exe
  C:\Windows\System\kTMFiTb.exe
  2⤵
  PID:8520
- C:\Windows\System\BFJDTJh.exe
  C:\Windows\System\BFJDTJh.exe
  2⤵
  PID:8544
- C:\Windows\System\qWVBOPS.exe
  C:\Windows\System\qWVBOPS.exe
  2⤵
  PID:8564
- C:\Windows\System\KTqDYCv.exe
  C:\Windows\System\KTqDYCv.exe
  2⤵
  PID:8580
- C:\Windows\System\ndNVvOm.exe
  C:\Windows\System\ndNVvOm.exe
  2⤵
  PID:8632
- C:\Windows\System\ZjszdiC.exe
  C:\Windows\System\ZjszdiC.exe
  2⤵
  PID:8652
- C:\Windows\System\IoPDMnR.exe
  C:\Windows\System\IoPDMnR.exe
  2⤵
  PID:8672
- C:\Windows\System\qhqVlUa.exe
  C:\Windows\System\qhqVlUa.exe
  2⤵
  PID:8696
- C:\Windows\System\sGIWXEa.exe
  C:\Windows\System\sGIWXEa.exe
  2⤵
  PID:8712
- C:\Windows\System\gtkYNEP.exe
  C:\Windows\System\gtkYNEP.exe
  2⤵
  PID:8736
- C:\Windows\System\FhZhlid.exe
  C:\Windows\System\FhZhlid.exe
  2⤵
  PID:8764
- C:\Windows\System\WHAweHU.exe
  C:\Windows\System\WHAweHU.exe
  2⤵
  PID:8780
- C:\Windows\System\KPquhmt.exe
  C:\Windows\System\KPquhmt.exe
  2⤵
  PID:8800
- C:\Windows\System\bEqTEeT.exe
  C:\Windows\System\bEqTEeT.exe
  2⤵
  PID:8820
- C:\Windows\System\hIojvyt.exe
  C:\Windows\System\hIojvyt.exe
  2⤵
  PID:8844
- C:\Windows\System\MUHAhej.exe
  C:\Windows\System\MUHAhej.exe
  2⤵
  PID:8864
- C:\Windows\System\THBXKTr.exe
  C:\Windows\System\THBXKTr.exe
  2⤵
  PID:8884
- C:\Windows\System\haLoyQt.exe
  C:\Windows\System\haLoyQt.exe
  2⤵
  PID:8904
- C:\Windows\System\vmSKUWd.exe
  C:\Windows\System\vmSKUWd.exe
  2⤵
  PID:8928
- C:\Windows\System\naqbVtr.exe
  C:\Windows\System\naqbVtr.exe
  2⤵
  PID:8944
- C:\Windows\System\CbCCsqC.exe
  C:\Windows\System\CbCCsqC.exe
  2⤵
  PID:8968
- C:\Windows\System\GTLxzEh.exe
  C:\Windows\System\GTLxzEh.exe
  2⤵
  PID:8984
- C:\Windows\System\BQmPFur.exe
  C:\Windows\System\BQmPFur.exe
  2⤵
  PID:9012
- C:\Windows\System\YSFCoTt.exe
  C:\Windows\System\YSFCoTt.exe
  2⤵
  PID:9032
- C:\Windows\System\wnsrdPS.exe
  C:\Windows\System\wnsrdPS.exe
  2⤵
  PID:9052
- C:\Windows\System\kxxtrRR.exe
  C:\Windows\System\kxxtrRR.exe
  2⤵
  PID:9076
- C:\Windows\System\VJinzkq.exe
  C:\Windows\System\VJinzkq.exe
  2⤵
  PID:9100
- C:\Windows\System\txRXbNL.exe
  C:\Windows\System\txRXbNL.exe
  2⤵
  PID:9116
- C:\Windows\System\ZStOOPF.exe
  C:\Windows\System\ZStOOPF.exe
  2⤵
  PID:9136
- C:\Windows\System\BzkbPoK.exe
  C:\Windows\System\BzkbPoK.exe
  2⤵
  PID:9156
- C:\Windows\System\QNsQdeT.exe
  C:\Windows\System\QNsQdeT.exe
  2⤵
  PID:9188
- C:\Windows\System\yBUVirn.exe
  C:\Windows\System\yBUVirn.exe
  2⤵
  PID:7912
- C:\Windows\System\dLxXUgq.exe
  C:\Windows\System\dLxXUgq.exe
  2⤵
  PID:7084
- C:\Windows\System\SbpAERW.exe
  C:\Windows\System\SbpAERW.exe
  2⤵
  PID:7964
- C:\Windows\System\HlEpGCn.exe
  C:\Windows\System\HlEpGCn.exe
  2⤵
  PID:4088
- C:\Windows\System\BMZBiYB.exe
  C:\Windows\System\BMZBiYB.exe
  2⤵
  PID:7376
- C:\Windows\System\eHrWHXJ.exe
  C:\Windows\System\eHrWHXJ.exe
  2⤵
  PID:5184
- C:\Windows\System\EeLBARQ.exe
  C:\Windows\System\EeLBARQ.exe
  2⤵
  PID:5256
- C:\Windows\System\iSdAqqh.exe
  C:\Windows\System\iSdAqqh.exe
  2⤵
  PID:7436
- C:\Windows\System\TAtqIhc.exe
  C:\Windows\System\TAtqIhc.exe
  2⤵
  PID:6828
- C:\Windows\System\GoPinBJ.exe
  C:\Windows\System\GoPinBJ.exe
  2⤵
  PID:5760
- C:\Windows\System\pyNyovB.exe
  C:\Windows\System\pyNyovB.exe
  2⤵
  PID:7592
- C:\Windows\System\TYzWAgm.exe
  C:\Windows\System\TYzWAgm.exe
  2⤵
  PID:7368
- C:\Windows\System\IfiwnBS.exe
  C:\Windows\System\IfiwnBS.exe
  2⤵
  PID:5880
- C:\Windows\System\MMadPIY.exe
  C:\Windows\System\MMadPIY.exe
  2⤵
  PID:5932
- C:\Windows\System\IKLMUXr.exe
  C:\Windows\System\IKLMUXr.exe
  2⤵
  PID:6028
- C:\Windows\System\smHenyo.exe
  C:\Windows\System\smHenyo.exe
  2⤵
  PID:1780
- C:\Windows\System\tpBUscR.exe
  C:\Windows\System\tpBUscR.exe
  2⤵
  PID:7992
- C:\Windows\System\xlAZjsf.exe
  C:\Windows\System\xlAZjsf.exe
  2⤵
  PID:8012
- C:\Windows\System\MUZbfYQ.exe
  C:\Windows\System\MUZbfYQ.exe
  2⤵
  PID:8056
- C:\Windows\System\kLKpVBM.exe
  C:\Windows\System\kLKpVBM.exe
  2⤵
  PID:8088
- C:\Windows\System\sdoxnXw.exe
  C:\Windows\System\sdoxnXw.exe
  2⤵
  PID:8116
- C:\Windows\System\nnEoQYj.exe
  C:\Windows\System\nnEoQYj.exe
  2⤵
  PID:8508
- C:\Windows\System\ecxFeSz.exe
  C:\Windows\System\ecxFeSz.exe
  2⤵
  PID:6308
- C:\Windows\System\zLpsmxb.exe
  C:\Windows\System\zLpsmxb.exe
  2⤵
  PID:8540
- C:\Windows\System\YtCvkEJ.exe
  C:\Windows\System\YtCvkEJ.exe
  2⤵
  PID:9232
- C:\Windows\System\PKpGwSv.exe
  C:\Windows\System\PKpGwSv.exe
  2⤵
  PID:9256
- C:\Windows\System\eDjBZON.exe
  C:\Windows\System\eDjBZON.exe
  2⤵
  PID:9284
- C:\Windows\System\mvldgnt.exe
  C:\Windows\System\mvldgnt.exe
  2⤵
  PID:9300
- C:\Windows\System\Qbgunjr.exe
  C:\Windows\System\Qbgunjr.exe
  2⤵
  PID:9324
- C:\Windows\System\UpaerTE.exe
  C:\Windows\System\UpaerTE.exe
  2⤵
  PID:9348
- C:\Windows\System\wSSkPMv.exe
  C:\Windows\System\wSSkPMv.exe
  2⤵
  PID:9372
- C:\Windows\System\JYmfGdk.exe
  C:\Windows\System\JYmfGdk.exe
  2⤵
  PID:9396
- C:\Windows\System\XARwiIo.exe
  C:\Windows\System\XARwiIo.exe
  2⤵
  PID:9412
- C:\Windows\System\BMOSUqs.exe
  C:\Windows\System\BMOSUqs.exe
  2⤵
  PID:9432
- C:\Windows\System\MnNXowy.exe
  C:\Windows\System\MnNXowy.exe
  2⤵
  PID:9492
- C:\Windows\System\erdVojs.exe
  C:\Windows\System\erdVojs.exe
  2⤵
  PID:9524
- C:\Windows\System\xtbYZaK.exe
  C:\Windows\System\xtbYZaK.exe
  2⤵
  PID:9540
- C:\Windows\System\DhDqtlU.exe
  C:\Windows\System\DhDqtlU.exe
  2⤵
  PID:9564
- C:\Windows\System\YPouIop.exe
  C:\Windows\System\YPouIop.exe
  2⤵
  PID:9580
- C:\Windows\System\PLBdhEy.exe
  C:\Windows\System\PLBdhEy.exe
  2⤵
  PID:9604
- C:\Windows\System\aPdUaFj.exe
  C:\Windows\System\aPdUaFj.exe
  2⤵
  PID:9628
- C:\Windows\System\vEzAyrV.exe
  C:\Windows\System\vEzAyrV.exe
  2⤵
  PID:9648
- C:\Windows\System\zMrZZFC.exe
  C:\Windows\System\zMrZZFC.exe
  2⤵
  PID:9668
- C:\Windows\System\uFrCaaR.exe
  C:\Windows\System\uFrCaaR.exe
  2⤵
  PID:9692
- C:\Windows\System\kMvJXQU.exe
  C:\Windows\System\kMvJXQU.exe
  2⤵
  PID:9712
- C:\Windows\System\RifcEws.exe
  C:\Windows\System\RifcEws.exe
  2⤵
  PID:9736
- C:\Windows\System\IBotovJ.exe
  C:\Windows\System\IBotovJ.exe
  2⤵
  PID:9756
- C:\Windows\System\KpnobHf.exe
  C:\Windows\System\KpnobHf.exe
  2⤵
  PID:9776
- C:\Windows\System\DzNFjsd.exe
  C:\Windows\System\DzNFjsd.exe
  2⤵
  PID:9796
- C:\Windows\System\XXQDIgN.exe
  C:\Windows\System\XXQDIgN.exe
  2⤵
  PID:9820
- C:\Windows\System\uVxxlOF.exe
  C:\Windows\System\uVxxlOF.exe
  2⤵
  PID:9836
- C:\Windows\System\wUTxmzI.exe
  C:\Windows\System\wUTxmzI.exe
  2⤵
  PID:9860
- C:\Windows\System\tWCeshJ.exe
  C:\Windows\System\tWCeshJ.exe
  2⤵
  PID:9884
- C:\Windows\System\wzYIFuF.exe
  C:\Windows\System\wzYIFuF.exe
  2⤵
  PID:9900
- C:\Windows\System\QMPtnOq.exe
  C:\Windows\System\QMPtnOq.exe
  2⤵
  PID:9928
- C:\Windows\System\vhIfKtc.exe
  C:\Windows\System\vhIfKtc.exe
  2⤵
  PID:9948
- C:\Windows\System\cWBapTo.exe
  C:\Windows\System\cWBapTo.exe
  2⤵
  PID:9968
- C:\Windows\System\bZshIcv.exe
  C:\Windows\System\bZshIcv.exe
  2⤵
  PID:9992
- C:\Windows\System\gnpBrhO.exe
  C:\Windows\System\gnpBrhO.exe
  2⤵
  PID:10012
- C:\Windows\System\ydVSooI.exe
  C:\Windows\System\ydVSooI.exe
  2⤵
  PID:10040
- C:\Windows\System\XZMyQWg.exe
  C:\Windows\System\XZMyQWg.exe
  2⤵
  PID:10056
- C:\Windows\System\PewVpdF.exe
  C:\Windows\System\PewVpdF.exe
  2⤵
  PID:10084
- C:\Windows\System\Zpypdow.exe
  C:\Windows\System\Zpypdow.exe
  2⤵
  PID:10104
- C:\Windows\System\PbCGEQI.exe
  C:\Windows\System\PbCGEQI.exe
  2⤵
  PID:10124
- C:\Windows\System\qucZBqH.exe
  C:\Windows\System\qucZBqH.exe
  2⤵
  PID:10148
- C:\Windows\System\TXGjkdn.exe
  C:\Windows\System\TXGjkdn.exe
  2⤵
  PID:10164
- C:\Windows\System\JkAAzsm.exe
  C:\Windows\System\JkAAzsm.exe
  2⤵
  PID:10188
- C:\Windows\System\qnlYTBY.exe
  C:\Windows\System\qnlYTBY.exe
  2⤵
  PID:10204
- C:\Windows\System\viXspuS.exe
  C:\Windows\System\viXspuS.exe
  2⤵
  PID:10228
- C:\Windows\System\VlCeZMn.exe
  C:\Windows\System\VlCeZMn.exe
  2⤵
  PID:7192
- C:\Windows\System\YteYSQc.exe
  C:\Windows\System\YteYSQc.exe
  2⤵
  PID:7256
- C:\Windows\System\NnCRUQh.exe
  C:\Windows\System\NnCRUQh.exe
  2⤵
  PID:7308
- C:\Windows\System\JWUewjn.exe
  C:\Windows\System\JWUewjn.exe
  2⤵
  PID:8748
- C:\Windows\System\rbXJRVu.exe
  C:\Windows\System\rbXJRVu.exe
  2⤵
  PID:8840
- C:\Windows\System\KCwlfCO.exe
  C:\Windows\System\KCwlfCO.exe
  2⤵
  PID:8860
- C:\Windows\System\KkhwcxC.exe
  C:\Windows\System\KkhwcxC.exe
  2⤵
  PID:8920
- C:\Windows\System\DHPkaGG.exe
  C:\Windows\System\DHPkaGG.exe
  2⤵
  PID:8960
- C:\Windows\System\ELsstvE.exe
  C:\Windows\System\ELsstvE.exe
  2⤵
  PID:9128
- C:\Windows\System\IqPVgrU.exe
  C:\Windows\System\IqPVgrU.exe
  2⤵
  PID:7664
- C:\Windows\System\PkakPVj.exe
  C:\Windows\System\PkakPVj.exe
  2⤵
  PID:7712
- C:\Windows\System\ASJkTAJ.exe
  C:\Windows\System\ASJkTAJ.exe
  2⤵
  PID:7748
- C:\Windows\System\RQlIWdF.exe
  C:\Windows\System\RQlIWdF.exe
  2⤵
  PID:7780
- C:\Windows\System\cxPHEev.exe
  C:\Windows\System\cxPHEev.exe
  2⤵
  PID:7836
- C:\Windows\System\nDZicgn.exe
  C:\Windows\System\nDZicgn.exe
  2⤵
  PID:7936
- C:\Windows\System\oFVBhRk.exe
  C:\Windows\System\oFVBhRk.exe
  2⤵
  PID:10256
- C:\Windows\System\xRgYFwZ.exe
  C:\Windows\System\xRgYFwZ.exe
  2⤵
  PID:10280
- C:\Windows\System\GcFxfVY.exe
  C:\Windows\System\GcFxfVY.exe
  2⤵
  PID:10304
- C:\Windows\System\JInQEYp.exe
  C:\Windows\System\JInQEYp.exe
  2⤵
  PID:10332
- C:\Windows\System\mtOTYRl.exe
  C:\Windows\System\mtOTYRl.exe
  2⤵
  PID:10360
- C:\Windows\System\RAKhrgJ.exe
  C:\Windows\System\RAKhrgJ.exe
  2⤵
  PID:10376
- C:\Windows\System\YGQkBEU.exe
  C:\Windows\System\YGQkBEU.exe
  2⤵
  PID:10404
- C:\Windows\System\EoUcPsj.exe
  C:\Windows\System\EoUcPsj.exe
  2⤵
  PID:10420
- C:\Windows\System\WKCVBkg.exe
  C:\Windows\System\WKCVBkg.exe
  2⤵
  PID:10444
- C:\Windows\System\IAAKEWl.exe
  C:\Windows\System\IAAKEWl.exe
  2⤵
  PID:10468
- C:\Windows\System\LaxZCHY.exe
  C:\Windows\System\LaxZCHY.exe
  2⤵
  PID:10488
- C:\Windows\System\uowWsVz.exe
  C:\Windows\System\uowWsVz.exe
  2⤵
  PID:10512
- C:\Windows\System\rXzKOBC.exe
  C:\Windows\System\rXzKOBC.exe
  2⤵
  PID:10532
- C:\Windows\System\ajuuOPm.exe
  C:\Windows\System\ajuuOPm.exe
  2⤵
  PID:10556
- C:\Windows\System\dTnTVMu.exe
  C:\Windows\System\dTnTVMu.exe
  2⤵
  PID:10572
- C:\Windows\System\IrVWJlb.exe
  C:\Windows\System\IrVWJlb.exe
  2⤵
  PID:10596
- C:\Windows\System\OdOYjig.exe
  C:\Windows\System\OdOYjig.exe
  2⤵
  PID:10616
- C:\Windows\System\JFhxXVo.exe
  C:\Windows\System\JFhxXVo.exe
  2⤵
  PID:10636
- C:\Windows\System\hOLZcBS.exe
  C:\Windows\System\hOLZcBS.exe
  2⤵
  PID:10660
- C:\Windows\System\zHFhUCr.exe
  C:\Windows\System\zHFhUCr.exe
  2⤵
  PID:10680
- C:\Windows\System\Cecsgrv.exe
  C:\Windows\System\Cecsgrv.exe
  2⤵
  PID:10700
- C:\Windows\System\fdANQVQ.exe
  C:\Windows\System\fdANQVQ.exe
  2⤵
  PID:10720
- C:\Windows\System\rgXlDiN.exe
  C:\Windows\System\rgXlDiN.exe
  2⤵
  PID:10744
- C:\Windows\System\qpQZbFi.exe
  C:\Windows\System\qpQZbFi.exe
  2⤵
  PID:6444
- C:\Windows\System\rvHYDUg.exe
  C:\Windows\System\rvHYDUg.exe
  2⤵
  PID:6524
- C:\Windows\System\eIRzQJc.exe
  C:\Windows\System\eIRzQJc.exe
  2⤵
  PID:6716
- C:\Windows\System\InKhcTN.exe
  C:\Windows\System\InKhcTN.exe
  2⤵
  PID:6760
- C:\Windows\System\otjzrYQ.exe
  C:\Windows\System\otjzrYQ.exe
  2⤵
  PID:9612
- C:\Windows\System\dGrwygL.exe
  C:\Windows\System\dGrwygL.exe
  2⤵
  PID:9656
- C:\Windows\System\MlAKNVj.exe
  C:\Windows\System\MlAKNVj.exe
  2⤵
  PID:8812
- C:\Windows\System\TGZpvos.exe
  C:\Windows\System\TGZpvos.exe
  2⤵
  PID:9784
- C:\Windows\System\TrFoJxm.exe
  C:\Windows\System\TrFoJxm.exe
  2⤵
  PID:9944
- C:\Windows\System\zfFXptD.exe
  C:\Windows\System\zfFXptD.exe
  2⤵
  PID:6868
- C:\Windows\System\qLtSiBW.exe
  C:\Windows\System\qLtSiBW.exe
  2⤵
  PID:10048
- C:\Windows\System\ylzKLqk.exe
  C:\Windows\System\ylzKLqk.exe
  2⤵
  PID:7352
- C:\Windows\System\GcgHNfi.exe
  C:\Windows\System\GcgHNfi.exe
  2⤵
  PID:4104
- C:\Windows\System\fJQjkkp.exe
  C:\Windows\System\fJQjkkp.exe
  2⤵
  PID:8204
- C:\Windows\System\PxbuzQn.exe
  C:\Windows\System\PxbuzQn.exe
  2⤵
  PID:8264
- C:\Windows\System\gMDxKgH.exe
  C:\Windows\System\gMDxKgH.exe
  2⤵
  PID:6064
- C:\Windows\System\dGzCaiX.exe
  C:\Windows\System\dGzCaiX.exe
  2⤵
  PID:10460
- C:\Windows\System\lfhoscN.exe
  C:\Windows\System\lfhoscN.exe
  2⤵
  PID:8448
- C:\Windows\System\RdWCdxX.exe
  C:\Windows\System\RdWCdxX.exe
  2⤵
  PID:10716
- C:\Windows\System\fSotZaM.exe
  C:\Windows\System\fSotZaM.exe
  2⤵
  PID:408
- C:\Windows\System\fkVXOtl.exe
  C:\Windows\System\fkVXOtl.exe
  2⤵
  PID:8292
- C:\Windows\System\VbIihGI.exe
  C:\Windows\System\VbIihGI.exe
  2⤵
  PID:6788
- C:\Windows\System\UNFvixw.exe
  C:\Windows\System\UNFvixw.exe
  2⤵
  PID:9344
- C:\Windows\System\SMJzBIu.exe
  C:\Windows\System\SMJzBIu.exe
  2⤵
  PID:11280
- C:\Windows\System\EWbUyKF.exe
  C:\Windows\System\EWbUyKF.exe
  2⤵
  PID:11300
- C:\Windows\System\pXftbdm.exe
  C:\Windows\System\pXftbdm.exe
  2⤵
  PID:11324
- C:\Windows\System\zjKboIO.exe
  C:\Windows\System\zjKboIO.exe
  2⤵
  PID:11372
- C:\Windows\System\PZxIIGW.exe
  C:\Windows\System\PZxIIGW.exe
  2⤵
  PID:11392
- C:\Windows\System\NzltFei.exe
  C:\Windows\System\NzltFei.exe
  2⤵
  PID:11424
- C:\Windows\System\tRLSISr.exe
  C:\Windows\System\tRLSISr.exe
  2⤵
  PID:11460
- C:\Windows\System\lJhEKym.exe
  C:\Windows\System\lJhEKym.exe
  2⤵
  PID:11484
- C:\Windows\System\FcpGFJn.exe
  C:\Windows\System\FcpGFJn.exe
  2⤵
  PID:11504
- C:\Windows\System\DYmIYxF.exe
  C:\Windows\System\DYmIYxF.exe
  2⤵
  PID:11524
- C:\Windows\System\OpDvTDW.exe
  C:\Windows\System\OpDvTDW.exe
  2⤵
  PID:11552
- C:\Windows\System\HqBTDBB.exe
  C:\Windows\System\HqBTDBB.exe
  2⤵
  PID:11568
- C:\Windows\System\DpKfsWX.exe
  C:\Windows\System\DpKfsWX.exe
  2⤵
  PID:11592
- C:\Windows\System\XMXFyJO.exe
  C:\Windows\System\XMXFyJO.exe
  2⤵
  PID:11612
- C:\Windows\System\RrdlSvL.exe
  C:\Windows\System\RrdlSvL.exe
  2⤵
  PID:11628
- C:\Windows\System\qlcbUqH.exe
  C:\Windows\System\qlcbUqH.exe
  2⤵
  PID:11644
- C:\Windows\System\utSjbZP.exe
  C:\Windows\System\utSjbZP.exe
  2⤵
  PID:11660
- C:\Windows\System\OghwnmD.exe
  C:\Windows\System\OghwnmD.exe
  2⤵
  PID:11680
- C:\Windows\System\VwowSbM.exe
  C:\Windows\System\VwowSbM.exe
  2⤵
  PID:11696
- C:\Windows\System\uPDBPWQ.exe
  C:\Windows\System\uPDBPWQ.exe
  2⤵
  PID:11712
- C:\Windows\System\YpNGOCT.exe
  C:\Windows\System\YpNGOCT.exe
  2⤵
  PID:11728
- C:\Windows\System\YOZvUHi.exe
  C:\Windows\System\YOZvUHi.exe
  2⤵
  PID:11744
- C:\Windows\System\WshBgIX.exe
  C:\Windows\System\WshBgIX.exe
  2⤵
  PID:11760
- C:\Windows\System\rdtUgbP.exe
  C:\Windows\System\rdtUgbP.exe
  2⤵
  PID:11780
- C:\Windows\System\TsqpDhf.exe
  C:\Windows\System\TsqpDhf.exe
  2⤵
  PID:11800
- C:\Windows\System\pxCNPXz.exe
  C:\Windows\System\pxCNPXz.exe
  2⤵
  PID:11824
- C:\Windows\System\EPJvSqU.exe
  C:\Windows\System\EPJvSqU.exe
  2⤵
  PID:11848
- C:\Windows\System\uYqjCPr.exe
  C:\Windows\System\uYqjCPr.exe
  2⤵
  PID:11876
- C:\Windows\System\lSFUesT.exe
  C:\Windows\System\lSFUesT.exe
  2⤵
  PID:11904
- C:\Windows\System\sFMhOIS.exe
  C:\Windows\System\sFMhOIS.exe
  2⤵
  PID:11920
- C:\Windows\System\NyVNyJe.exe
  C:\Windows\System\NyVNyJe.exe
  2⤵
  PID:11944
- C:\Windows\System\QlLJtDC.exe
  C:\Windows\System\QlLJtDC.exe
  2⤵
  PID:11968
- C:\Windows\System\VeGhwLy.exe
  C:\Windows\System\VeGhwLy.exe
  2⤵
  PID:12016
- C:\Windows\System\tocQYJs.exe
  C:\Windows\System\tocQYJs.exe
  2⤵
  PID:12040
- C:\Windows\System\KHWDdui.exe
  C:\Windows\System\KHWDdui.exe
  2⤵
  PID:12060
- C:\Windows\System\GpGwOsu.exe
  C:\Windows\System\GpGwOsu.exe
  2⤵
  PID:12084
- C:\Windows\System\ZWhmZTg.exe
  C:\Windows\System\ZWhmZTg.exe
  2⤵
  PID:12188
- C:\Windows\System\TuKhikT.exe
  C:\Windows\System\TuKhikT.exe
  2⤵
  PID:12212
- C:\Windows\System\sIqFDgH.exe
  C:\Windows\System\sIqFDgH.exe
  2⤵
  PID:12240
- C:\Windows\System\HXKiwIC.exe
  C:\Windows\System\HXKiwIC.exe
  2⤵
  PID:12260
- C:\Windows\System\bvtMkPw.exe
  C:\Windows\System\bvtMkPw.exe
  2⤵
  PID:12276
- C:\Windows\System\YpexdVO.exe
  C:\Windows\System\YpexdVO.exe
  2⤵
  PID:8644
- C:\Windows\System\ftlfmNA.exe
  C:\Windows\System\ftlfmNA.exe
  2⤵
  PID:8692
- C:\Windows\System\ODWgAPK.exe
  C:\Windows\System\ODWgAPK.exe
  2⤵
  PID:5236
- C:\Windows\System\ypvxZxq.exe
  C:\Windows\System\ypvxZxq.exe
  2⤵
  PID:10980
- C:\Windows\System\GiQBxyF.exe
  C:\Windows\System\GiQBxyF.exe
  2⤵
  PID:9828
- C:\Windows\System\JpJkuqg.exe
  C:\Windows\System\JpJkuqg.exe
  2⤵
  PID:9868
- C:\Windows\System\BdqkEKR.exe
  C:\Windows\System\BdqkEKR.exe
  2⤵
  PID:8940
- C:\Windows\System\FYrhYvX.exe
  C:\Windows\System\FYrhYvX.exe
  2⤵
  PID:8980
- C:\Windows\System\wOGFpGp.exe
  C:\Windows\System\wOGFpGp.exe
  2⤵
  PID:9108
- C:\Windows\System\mnFQyxp.exe
  C:\Windows\System\mnFQyxp.exe
  2⤵
  PID:3004
- C:\Windows\System\NnLOACk.exe
  C:\Windows\System\NnLOACk.exe
  2⤵
  PID:7872
- C:\Windows\System\VmSMEUb.exe
  C:\Windows\System\VmSMEUb.exe
  2⤵
  PID:10368
- C:\Windows\System\ttOtaWX.exe
  C:\Windows\System\ttOtaWX.exe
  2⤵
  PID:7412
- C:\Windows\System\hdUqqAf.exe
  C:\Windows\System\hdUqqAf.exe
  2⤵
  PID:6176
- C:\Windows\System\UGGuwtn.exe
  C:\Windows\System\UGGuwtn.exe
  2⤵
  PID:8476
- C:\Windows\System\BGyMMXo.exe
  C:\Windows\System\BGyMMXo.exe
  2⤵
  PID:10540
- C:\Windows\System\rIpXIHD.exe
  C:\Windows\System\rIpXIHD.exe
  2⤵
  PID:6380
- C:\Windows\System\AbbSKqW.exe
  C:\Windows\System\AbbSKqW.exe
  2⤵
  PID:10628
- C:\Windows\System\oBIndzS.exe
  C:\Windows\System\oBIndzS.exe
  2⤵
  PID:10676
- C:\Windows\System\YoNitbK.exe
  C:\Windows\System\YoNitbK.exe
  2⤵
  PID:6620
- C:\Windows\System\LbCYzfO.exe
  C:\Windows\System\LbCYzfO.exe
  2⤵
  PID:12312
- C:\Windows\System\qUUIKtz.exe
  C:\Windows\System\qUUIKtz.exe
  2⤵
  PID:12348
- C:\Windows\System\jyFertJ.exe
  C:\Windows\System\jyFertJ.exe
  2⤵
  PID:12364
- C:\Windows\System\PVHhFne.exe
  C:\Windows\System\PVHhFne.exe
  2⤵
  PID:12388
- C:\Windows\System\gpQogdd.exe
  C:\Windows\System\gpQogdd.exe
  2⤵
  PID:12412
- C:\Windows\System\FGYakPu.exe
  C:\Windows\System\FGYakPu.exe
  2⤵
  PID:12436
- C:\Windows\System\nFFNzZq.exe
  C:\Windows\System\nFFNzZq.exe
  2⤵
  PID:12456
- C:\Windows\System\klkdjat.exe
  C:\Windows\System\klkdjat.exe
  2⤵
  PID:12476
- C:\Windows\System\KNpdskF.exe
  C:\Windows\System\KNpdskF.exe
  2⤵
  PID:12500
- C:\Windows\System\owVcFsN.exe
  C:\Windows\System\owVcFsN.exe
  2⤵
  PID:12520
- C:\Windows\System\gcIWaOq.exe
  C:\Windows\System\gcIWaOq.exe
  2⤵
  PID:12536
- C:\Windows\System\nDXXpcc.exe
  C:\Windows\System\nDXXpcc.exe
  2⤵
  PID:12560
- C:\Windows\System\nwDsYLJ.exe
  C:\Windows\System\nwDsYLJ.exe
  2⤵
  PID:12584
- C:\Windows\System\WurZPcK.exe
  C:\Windows\System\WurZPcK.exe
  2⤵
  PID:12608
- C:\Windows\System\hVOodgT.exe
  C:\Windows\System\hVOodgT.exe
  2⤵
  PID:12628
- C:\Windows\System\hJFyKDX.exe
  C:\Windows\System\hJFyKDX.exe
  2⤵
  PID:12652
- C:\Windows\System\kieBTol.exe
  C:\Windows\System\kieBTol.exe
  2⤵
  PID:12668
- C:\Windows\System\FcNTaBC.exe
  C:\Windows\System\FcNTaBC.exe
  2⤵
  PID:12688
- C:\Windows\System\IcdgxAx.exe
  C:\Windows\System\IcdgxAx.exe
  2⤵
  PID:12704
- C:\Windows\System\wPKGRXd.exe
  C:\Windows\System\wPKGRXd.exe
  2⤵
  PID:12720
- C:\Windows\System\OdzzXiF.exe
  C:\Windows\System\OdzzXiF.exe
  2⤵
  PID:12736
- C:\Windows\System\ykBbVRk.exe
  C:\Windows\System\ykBbVRk.exe
  2⤵
  PID:12752
- C:\Windows\System\ZFDMeaF.exe
  C:\Windows\System\ZFDMeaF.exe
  2⤵
  PID:12776
- C:\Windows\System\dmclFdw.exe
  C:\Windows\System\dmclFdw.exe
  2⤵
  PID:12792
- C:\Windows\System\gaOVTOz.exe
  C:\Windows\System\gaOVTOz.exe
  2⤵
  PID:12812
- C:\Windows\System\NAURRhi.exe
  C:\Windows\System\NAURRhi.exe
  2⤵
  PID:12836
- C:\Windows\System\mweuVNx.exe
  C:\Windows\System\mweuVNx.exe
  2⤵
  PID:12852
- C:\Windows\System\ibueoyN.exe
  C:\Windows\System\ibueoyN.exe
  2⤵
  PID:12876
- C:\Windows\System\gOoSMxw.exe
  C:\Windows\System\gOoSMxw.exe
  2⤵
  PID:9228
- C:\Windows\System\HGGAOEh.exe
  C:\Windows\System\HGGAOEh.exe
  2⤵
  PID:9088
- C:\Windows\System\TcoCByr.exe
  C:\Windows\System\TcoCByr.exe
  2⤵
  PID:9268
- C:\Windows\System\hlUfaDw.exe
  C:\Windows\System\hlUfaDw.exe
  2⤵
  PID:9292
- C:\Windows\System\HxSXuoF.exe
  C:\Windows\System\HxSXuoF.exe
  2⤵
  PID:6104
- C:\Windows\System\tRaSDuT.exe
  C:\Windows\System\tRaSDuT.exe
  2⤵
  PID:10396
- C:\Windows\System\zouMsfz.exe
  C:\Windows\System\zouMsfz.exe
  2⤵
  PID:9380
- C:\Windows\System\PyTjBjK.exe
  C:\Windows\System\PyTjBjK.exe
  2⤵
  PID:8492
- C:\Windows\System\pJWIDXC.exe
  C:\Windows\System\pJWIDXC.exe
  2⤵
  PID:8112
- C:\Windows\System\wrsBhGM.exe
  C:\Windows\System\wrsBhGM.exe
  2⤵
  PID:9488
- C:\Windows\System\qxLpWQK.exe
  C:\Windows\System\qxLpWQK.exe
  2⤵
  PID:9536
- C:\Windows\System\UOMHSwE.exe
  C:\Windows\System\UOMHSwE.exe
  2⤵
  PID:11432
- C:\Windows\System\szRMrOC.exe
  C:\Windows\System\szRMrOC.exe
  2⤵
  PID:11532
- C:\Windows\System\EbAoyaS.exe
  C:\Windows\System\EbAoyaS.exe
  2⤵
  PID:11640
- C:\Windows\System\gsCJHeT.exe
  C:\Windows\System\gsCJHeT.exe
  2⤵
  PID:11724
- C:\Windows\System\RcYDYki.exe
  C:\Windows\System\RcYDYki.exe
  2⤵
  PID:11840
- C:\Windows\System\dFupUkK.exe
  C:\Windows\System\dFupUkK.exe
  2⤵
  PID:11072
- C:\Windows\System\PBppjeX.exe
  C:\Windows\System\PBppjeX.exe
  2⤵
  PID:11940
- C:\Windows\System\ZyuNRMd.exe
  C:\Windows\System\ZyuNRMd.exe
  2⤵
  PID:10032
- C:\Windows\System\bnwXeJp.exe
  C:\Windows\System\bnwXeJp.exe
  2⤵
  PID:10076
- C:\Windows\System\wZwrBMR.exe
  C:\Windows\System\wZwrBMR.exe
  2⤵
  PID:10120
- C:\Windows\System\EgqceOe.exe
  C:\Windows\System\EgqceOe.exe
  2⤵
  PID:10172
- C:\Windows\System\HDxhGge.exe
  C:\Windows\System\HDxhGge.exe
  2⤵
  PID:10212
- C:\Windows\System\EGePXSp.exe
  C:\Windows\System\EGePXSp.exe
  2⤵
  PID:5436
- C:\Windows\System\oVmXFJq.exe
  C:\Windows\System\oVmXFJq.exe
  2⤵
  PID:7276
- C:\Windows\System\GAKwMif.exe
  C:\Windows\System\GAKwMif.exe
  2⤵
  PID:7392
- C:\Windows\System\sIfbzKc.exe
  C:\Windows\System\sIfbzKc.exe
  2⤵
  PID:8856
- C:\Windows\System\gXiPZxl.exe
  C:\Windows\System\gXiPZxl.exe
  2⤵
  PID:7552
- C:\Windows\System\phNLONv.exe
  C:\Windows\System\phNLONv.exe
  2⤵
  PID:7648
- C:\Windows\System\RVHeWzz.exe
  C:\Windows\System\RVHeWzz.exe
  2⤵
  PID:7732
- C:\Windows\System\pvEaXlG.exe
  C:\Windows\System\pvEaXlG.exe
  2⤵
  PID:7820
- C:\Windows\System\OzbKhOU.exe
  C:\Windows\System\OzbKhOU.exe
  2⤵
  PID:9212
- C:\Windows\System\stHRftx.exe
  C:\Windows\System\stHRftx.exe
  2⤵
  PID:10272
- C:\Windows\System\rZDmTIK.exe
  C:\Windows\System\rZDmTIK.exe
  2⤵
  PID:1652
- C:\Windows\System\ztaaufb.exe
  C:\Windows\System\ztaaufb.exe
  2⤵
  PID:10348
- C:\Windows\System\niCMult.exe
  C:\Windows\System\niCMult.exe
  2⤵
  PID:10428
- C:\Windows\System\QwpveoK.exe
  C:\Windows\System\QwpveoK.exe
  2⤵
  PID:11620
- C:\Windows\System\eBvLnRH.exe
  C:\Windows\System\eBvLnRH.exe
  2⤵
  PID:11720
- C:\Windows\System\msXwnhx.exe
  C:\Windows\System\msXwnhx.exe
  2⤵
  PID:11812
- C:\Windows\System\RZGCATd.exe
  C:\Windows\System\RZGCATd.exe
  2⤵
  PID:11976
- C:\Windows\System\vUIfQDu.exe
  C:\Windows\System\vUIfQDu.exe
  2⤵
  PID:5276
- C:\Windows\System\kUDBrVF.exe
  C:\Windows\System\kUDBrVF.exe
  2⤵
  PID:9620
- C:\Windows\System\ykoEvxp.exe
  C:\Windows\System\ykoEvxp.exe
  2⤵
  PID:9664
- C:\Windows\System\aWCdLKh.exe
  C:\Windows\System\aWCdLKh.exe
  2⤵
  PID:11836
- C:\Windows\System\svnSPVm.exe
  C:\Windows\System\svnSPVm.exe
  2⤵
  PID:12340
- C:\Windows\System\WjYdZrB.exe
  C:\Windows\System\WjYdZrB.exe
  2⤵
  PID:12484
- C:\Windows\System\WkvdoEk.exe
  C:\Windows\System\WkvdoEk.exe
  2⤵
  PID:12516
- C:\Windows\System\IcPeIPY.exe
  C:\Windows\System\IcPeIPY.exe
  2⤵
  PID:8576
- C:\Windows\System\uHoYXHX.exe
  C:\Windows\System\uHoYXHX.exe
  2⤵
  PID:10928
- C:\Windows\System\NClCoLB.exe
  C:\Windows\System\NClCoLB.exe
  2⤵
  PID:11756
- C:\Windows\System\VuXkEZE.exe
  C:\Windows\System\VuXkEZE.exe
  2⤵
  PID:11608
- C:\Windows\System\QnyZDXx.exe
  C:\Windows\System\QnyZDXx.exe
  2⤵
  PID:11332
- C:\Windows\System\XRXVVEX.exe
  C:\Windows\System\XRXVVEX.exe
  2⤵
  PID:620
- C:\Windows\System\ORyQhaN.exe
  C:\Windows\System\ORyQhaN.exe
  2⤵
  PID:8572
- C:\Windows\System\tlawMng.exe
  C:\Windows\System\tlawMng.exe
  2⤵
  PID:10604
- C:\Windows\System\nBNBPXa.exe
  C:\Windows\System\nBNBPXa.exe
  2⤵
  PID:11400
- C:\Windows\System\xQSJhJq.exe
  C:\Windows\System\xQSJhJq.exe
  2⤵
  PID:5104
- C:\Windows\System\JUFxfiD.exe
  C:\Windows\System\JUFxfiD.exe
  2⤵
  PID:11316
- C:\Windows\System\pzHUMgl.exe
  C:\Windows\System\pzHUMgl.exe
  2⤵
  PID:13272
- C:\Windows\System\TpEXkEU.exe
  C:\Windows\System\TpEXkEU.exe
  2⤵
  PID:8560
- C:\Windows\System\fDVTVQX.exe
  C:\Windows\System\fDVTVQX.exe
  2⤵
  PID:9132
- C:\Windows\System\GNewVfC.exe
  C:\Windows\System\GNewVfC.exe
  2⤵
  PID:10672
- C:\Windows\System\rnBmSQw.exe
  C:\Windows\System\rnBmSQw.exe
  2⤵
  PID:11624
- C:\Windows\System\hOFacSJ.exe
  C:\Windows\System\hOFacSJ.exe
  2⤵
  PID:11064
- C:\Windows\System\zRKotjn.exe
  C:\Windows\System\zRKotjn.exe
  2⤵
  PID:3888
- C:\Windows\System\gYXzgUj.exe
  C:\Windows\System\gYXzgUj.exe
  2⤵
  PID:7776
- C:\Windows\System\MRQArrW.exe
  C:\Windows\System\MRQArrW.exe
  2⤵
  PID:3232
- C:\Windows\System\mvyANqX.exe
  C:\Windows\System\mvyANqX.exe
  2⤵
  PID:668
- C:\Windows\System\VzGrCZt.exe
  C:\Windows\System\VzGrCZt.exe
  2⤵
  PID:4192
- C:\Windows\System\igdGlBu.exe
  C:\Windows\System\igdGlBu.exe
  2⤵
  PID:10644
- C:\Windows\System\MNYCJMI.exe
  C:\Windows\System\MNYCJMI.exe
  2⤵
  PID:2520
- C:\Windows\System\qWICRvd.exe
  C:\Windows\System\qWICRvd.exe
  2⤵
  PID:8104
- C:\Windows\System\tUQJybB.exe
  C:\Windows\System\tUQJybB.exe
  2⤵
  PID:1908
- C:\Windows\System\TUvdTFF.exe
  C:\Windows\System\TUvdTFF.exe
  2⤵
  PID:12788
- C:\Windows\System\ysvOrRe.exe
  C:\Windows\System\ysvOrRe.exe
  2⤵
  PID:10956
- C:\Windows\System\tDDTVba.exe
  C:\Windows\System\tDDTVba.exe
  2⤵
  PID:5016
- C:\Windows\System\HaPnuFh.exe
  C:\Windows\System\HaPnuFh.exe
  2⤵
  PID:12396
- C:\Windows\System\rIOVZEV.exe
  C:\Windows\System\rIOVZEV.exe
  2⤵
  PID:7696
- C:\Windows\System\JFZWbsd.exe
  C:\Windows\System\JFZWbsd.exe
  2⤵
  PID:1944
- C:\Windows\System\NwXEfuL.exe
  C:\Windows\System\NwXEfuL.exe
  2⤵
  PID:11980
- C:\Windows\System\zhPwtYD.exe
  C:\Windows\System\zhPwtYD.exe
  2⤵
  PID:8708
- C:\Windows\System\ayYBDCG.exe
  C:\Windows\System\ayYBDCG.exe
  2⤵
  PID:3944
- C:\Windows\System\QdEltnR.exe
  C:\Windows\System\QdEltnR.exe
  2⤵
  PID:10900
- C:\Windows\System\AMLUxAW.exe
  C:\Windows\System\AMLUxAW.exe
  2⤵
  PID:12860
- C:\Windows\System\NmsvSMk.exe
  C:\Windows\System\NmsvSMk.exe
  2⤵
  PID:12420
- C:\Windows\System\lSqQrxF.exe
  C:\Windows\System\lSqQrxF.exe
  2⤵
  PID:432
- C:\Windows\System\XhIpAdl.exe
  C:\Windows\System\XhIpAdl.exe
  2⤵
  PID:3252
- C:\Windows\System\rBrpLNM.exe
  C:\Windows\System\rBrpLNM.exe
  2⤵
  PID:10000
- C:\Windows\System\jDYqXHD.exe
  C:\Windows\System\jDYqXHD.exe
  2⤵
  PID:12076
- C:\Windows\System\cgJTzvt.exe
  C:\Windows\System\cgJTzvt.exe
  2⤵
  PID:12400
- C:\Windows\System\PFJhwNj.exe
  C:\Windows\System\PFJhwNj.exe
  2⤵
  PID:1076
- C:\Windows\System\CnHRsUi.exe
  C:\Windows\System\CnHRsUi.exe
  2⤵
  PID:4896
- C:\Windows\System\dXBaXHq.exe
  C:\Windows\System\dXBaXHq.exe
  2⤵
  PID:6864
- C:\Windows\System\WAhaMwQ.exe
  C:\Windows\System\WAhaMwQ.exe
  2⤵
  PID:8728
- C:\Windows\System\sgNnCxi.exe
  C:\Windows\System\sgNnCxi.exe
  2⤵
  PID:9532
- C:\Windows\System\hMvJDzI.exe
  C:\Windows\System\hMvJDzI.exe
  2⤵
  PID:4340
- C:\Windows\System\yyTPPdM.exe
  C:\Windows\System\yyTPPdM.exe
  2⤵
  PID:5164
- C:\Windows\System\Ybkwrvr.exe
  C:\Windows\System\Ybkwrvr.exe
  2⤵
  PID:13244
- C:\Windows\System\GGGeMIK.exe
  C:\Windows\System\GGGeMIK.exe
  2⤵
  PID:4840
- C:\Windows\System\HcwyOYa.exe
  C:\Windows\System\HcwyOYa.exe
  2⤵
  PID:5020
- C:\Windows\System\QVlOLJE.exe
  C:\Windows\System\QVlOLJE.exe
  2⤵
  PID:2864
- C:\Windows\System\UkddXcJ.exe
  C:\Windows\System\UkddXcJ.exe
  2⤵
  PID:700
- C:\Windows\System\SnxNRJp.exe
  C:\Windows\System\SnxNRJp.exe
  2⤵
  PID:3876
- C:\Windows\System\WUnQobc.exe
  C:\Windows\System\WUnQobc.exe
  2⤵
  PID:10828
- C:\Windows\System\uaBMwKT.exe
  C:\Windows\System\uaBMwKT.exe
  2⤵
  PID:64
- C:\Windows\System\BKzNwCB.exe
  C:\Windows\System\BKzNwCB.exe
  2⤵
  PID:12252
- C:\Windows\System\UWnfQpp.exe
  C:\Windows\System\UWnfQpp.exe
  2⤵
  PID:2424
- C:\Windows\System\ewOZyCl.exe
  C:\Windows\System\ewOZyCl.exe
  2⤵
  PID:2916
- C:\Windows\System\FNsDhpV.exe
  C:\Windows\System\FNsDhpV.exe
  2⤵
  PID:5860
- C:\Windows\System\RmWdRDp.exe
  C:\Windows\System\RmWdRDp.exe
  2⤵
  PID:10548
- C:\Windows\System\UdFOacg.exe
  C:\Windows\System\UdFOacg.exe
  2⤵
  PID:13316
- C:\Windows\System\HgFAmbq.exe
  C:\Windows\System\HgFAmbq.exe
  2⤵
  PID:13344
- C:\Windows\System\LCVFOuC.exe
  C:\Windows\System\LCVFOuC.exe
  2⤵
  PID:13368
- C:\Windows\System\dlRBLvN.exe
  C:\Windows\System\dlRBLvN.exe
  2⤵
  PID:13392
- C:\Windows\System\PIZiFwA.exe
  C:\Windows\System\PIZiFwA.exe
  2⤵
  PID:13416
- C:\Windows\System\RJDqIqo.exe
  C:\Windows\System\RJDqIqo.exe
  2⤵
  PID:13432
- C:\Windows\System\rPhelQZ.exe
  C:\Windows\System\rPhelQZ.exe
  2⤵
  PID:13456
- C:\Windows\System\OYSHeba.exe
  C:\Windows\System\OYSHeba.exe
  2⤵
  PID:13492
- C:\Windows\System\VVxqQtg.exe
  C:\Windows\System\VVxqQtg.exe
  2⤵
  PID:13516
- C:\Windows\System\xLGWeqC.exe
  C:\Windows\System\xLGWeqC.exe
  2⤵
  PID:13544
- C:\Windows\System\TOOrlGq.exe
  C:\Windows\System\TOOrlGq.exe
  2⤵
  PID:13564
- C:\Windows\System\wNnPPBz.exe
  C:\Windows\System\wNnPPBz.exe
  2⤵
  PID:13588
- C:\Windows\System\URlqFEW.exe
  C:\Windows\System\URlqFEW.exe
  2⤵
  PID:13936
- C:\Windows\System\DVBxKCL.exe
  C:\Windows\System\DVBxKCL.exe
  2⤵
  PID:14052
- C:\Windows\System\YonyMDv.exe
  C:\Windows\System\YonyMDv.exe
  2⤵
  PID:14068
- C:\Windows\System\xQvfwWA.exe
  C:\Windows\System\xQvfwWA.exe
  2⤵
  PID:14088
- C:\Windows\System\btRDUKN.exe
  C:\Windows\System\btRDUKN.exe
  2⤵
  PID:14188
- C:\Windows\System\ZnCRdzo.exe
  C:\Windows\System\ZnCRdzo.exe
  2⤵
  PID:14204
- C:\Windows\System\MjNDqHT.exe
  C:\Windows\System\MjNDqHT.exe
  2⤵
  PID:13340
- C:\Windows\System\WggMbMC.exe
  C:\Windows\System\WggMbMC.exe
  2⤵
  PID:13448
- C:\Windows\System\YxAlTPY.exe
  C:\Windows\System\YxAlTPY.exe
  2⤵
  PID:13640
- C:\Windows\System\KVlDlpG.exe
  C:\Windows\System\KVlDlpG.exe
  2⤵
  PID:13584
- C:\Windows\System\tOfIsXZ.exe
  C:\Windows\System\tOfIsXZ.exe
  2⤵
  PID:13676
- C:\Windows\System\dGClLmg.exe
  C:\Windows\System\dGClLmg.exe
  2⤵
  PID:13932
- C:\Windows\System\FEkYKNo.exe
  C:\Windows\System\FEkYKNo.exe
  2⤵
  PID:13632
- C:\Windows\System\bOcOSiz.exe
  C:\Windows\System\bOcOSiz.exe
  2⤵
  PID:13784
- C:\Windows\System\MgCRWct.exe
  C:\Windows\System\MgCRWct.exe
  2⤵
  PID:13752
- C:\Windows\System\KOohwFJ.exe
  C:\Windows\System\KOohwFJ.exe
  2⤵
  PID:12640
- C:\Windows\System\zCRVPWS.exe
  C:\Windows\System\zCRVPWS.exe
  2⤵
  PID:13844
- C:\Windows\System\WgIUuCa.exe
  C:\Windows\System\WgIUuCa.exe
  2⤵
  PID:2600
- C:\Windows\System\mXmLyjw.exe
  C:\Windows\System\mXmLyjw.exe
  2⤵
  PID:13872
- C:\Windows\System\UajwLtT.exe
  C:\Windows\System\UajwLtT.exe
  2⤵
  PID:13944
- C:\Windows\System\GpQUCCY.exe
  C:\Windows\System\GpQUCCY.exe
  2⤵
  PID:13880
- C:\Windows\System\xjaKcfb.exe
  C:\Windows\System\xjaKcfb.exe
  2⤵
  PID:5396
- C:\Windows\System\AboJQvp.exe
  C:\Windows\System\AboJQvp.exe
  2⤵
  PID:13528
- C:\Windows\System\EUtZpUC.exe
  C:\Windows\System\EUtZpUC.exe
  2⤵
  PID:1676
- C:\Windows\System\QRephNh.exe
  C:\Windows\System\QRephNh.exe
  2⤵
  PID:9744
- C:\Windows\System\gIvMOxq.exe
  C:\Windows\System\gIvMOxq.exe
  2⤵
  PID:2220
- C:\Windows\System\pWDZpct.exe
  C:\Windows\System\pWDZpct.exe
  2⤵
  PID:13428
- C:\Windows\System\lDyetiz.exe
  C:\Windows\System\lDyetiz.exe
  2⤵
  PID:13816
- C:\Windows\System\JcpVqXt.exe
  C:\Windows\System\JcpVqXt.exe
  2⤵
  PID:13712
- C:\Windows\System\SIbNWsf.exe
  C:\Windows\System\SIbNWsf.exe
  2⤵
  PID:13908
- C:\Windows\System\XnOZUWK.exe
  C:\Windows\System\XnOZUWK.exe
  2⤵
  PID:4908
- C:\Windows\System\VToNBPU.exe
  C:\Windows\System\VToNBPU.exe
  2⤵
  PID:3240
- C:\Windows\System\NGpLjAT.exe
  C:\Windows\System\NGpLjAT.exe
  2⤵
  PID:14024
- C:\Windows\System\RsxSZKo.exe
  C:\Windows\System\RsxSZKo.exe
  2⤵
  PID:3176
- C:\Windows\System\JQhZZqD.exe
  C:\Windows\System\JQhZZqD.exe
  2⤵
  PID:1608
- C:\Windows\System\qVkTKvK.exe
  C:\Windows\System\qVkTKvK.exe
  2⤵
  PID:2588
- C:\Windows\System\MBrCjOZ.exe
  C:\Windows\System\MBrCjOZ.exe
  2⤵
  PID:1600
- C:\Windows\System\FaoaaMT.exe
  C:\Windows\System\FaoaaMT.exe
  2⤵
  PID:3300
- C:\Windows\System\ZvjCWqr.exe
  C:\Windows\System\ZvjCWqr.exe
  2⤵
  PID:2168
- C:\Windows\System\cYnImRr.exe
  C:\Windows\System\cYnImRr.exe
  2⤵
  PID:1768
- C:\Windows\System\vVsOenO.exe
  C:\Windows\System\vVsOenO.exe
  2⤵
  PID:1252
- C:\Windows\System\BUfgGgo.exe
  C:\Windows\System\BUfgGgo.exe
  2⤵
  PID:2676
- C:\Windows\System\rQfkDTo.exe
  C:\Windows\System\rQfkDTo.exe
  2⤵
  PID:14364
- C:\Windows\System\nFfcdKH.exe
  C:\Windows\System\nFfcdKH.exe
  2⤵
  PID:14436
- C:\Windows\System\RxFErsF.exe
  C:\Windows\System\RxFErsF.exe
  2⤵
  PID:14652
- C:\Windows\System\xmkIEsD.exe
  C:\Windows\System\xmkIEsD.exe
  2⤵
  PID:14676
- C:\Windows\System\ibqwpUA.exe
  C:\Windows\System\ibqwpUA.exe
  2⤵
  PID:14712
- C:\Windows\System\yrtSJWl.exe
  C:\Windows\System\yrtSJWl.exe
  2⤵
  PID:14736
- C:\Windows\System\FWkIxmv.exe
  C:\Windows\System\FWkIxmv.exe
  2⤵
  PID:14760
- C:\Windows\System\hHlFpnZ.exe
  C:\Windows\System\hHlFpnZ.exe
  2⤵
  PID:14780
- C:\Windows\System\jngGtfs.exe
  C:\Windows\System\jngGtfs.exe
  2⤵
  PID:14812
- C:\Windows\System\NYqTTZd.exe
  C:\Windows\System\NYqTTZd.exe
  2⤵
  PID:14852
- C:\Windows\System\eomSQWc.exe
  C:\Windows\System\eomSQWc.exe
  2⤵
  PID:14880
- C:\Windows\System\YXjYSEF.exe
  C:\Windows\System\YXjYSEF.exe
  2⤵
  PID:14908
- C:\Windows\System\AQheoaL.exe
  C:\Windows\System\AQheoaL.exe
  2⤵
  PID:14944
- C:\Windows\System\wIvNRIB.exe
  C:\Windows\System\wIvNRIB.exe
  2⤵
  PID:14968
- C:\Windows\System\eIlXnRP.exe
  C:\Windows\System\eIlXnRP.exe
  2⤵
  PID:14984
- C:\Windows\System\ehAXNVo.exe
  C:\Windows\System\ehAXNVo.exe
  2⤵
  PID:15004
- C:\Windows\System\FXUGJEA.exe
  C:\Windows\System\FXUGJEA.exe
  2⤵
  PID:15040
- C:\Windows\System\AhqWPyR.exe
  C:\Windows\System\AhqWPyR.exe
  2⤵
  PID:15060
- C:\Windows\System\ihyyubj.exe
  C:\Windows\System\ihyyubj.exe
  2⤵
  PID:15100
- C:\Windows\System\xkBflZt.exe
  C:\Windows\System\xkBflZt.exe
  2⤵
  PID:15116
- C:\Windows\System\UvcKmdU.exe
  C:\Windows\System\UvcKmdU.exe
  2⤵
  PID:15156
- C:\Windows\System\fyjtrIW.exe
  C:\Windows\System\fyjtrIW.exe
  2⤵
  PID:15172
- C:\Windows\System\uRvwPgt.exe
  C:\Windows\System\uRvwPgt.exe
  2⤵
  PID:15188
- C:\Windows\System\VCGJkLj.exe
  C:\Windows\System\VCGJkLj.exe
  2⤵
  PID:15216
- C:\Windows\System\MDOuXBo.exe
  C:\Windows\System\MDOuXBo.exe
  2⤵
  PID:15244
- C:\Windows\System\HbZdkpG.exe
  C:\Windows\System\HbZdkpG.exe
  2⤵
  PID:15280
- C:\Windows\System\PFZqcRD.exe
  C:\Windows\System\PFZqcRD.exe
  2⤵
  PID:15316
- C:\Windows\System\GbdRUEC.exe
  C:\Windows\System\GbdRUEC.exe
  2⤵
  PID:15332
- C:\Windows\System\wCyHDXR.exe
  C:\Windows\System\wCyHDXR.exe
  2⤵
  PID:4536
- C:\Windows\System\agkZrin.exe
  C:\Windows\System\agkZrin.exe
  2⤵
  PID:628
- C:\Windows\System\OFwgmHs.exe
  C:\Windows\System\OFwgmHs.exe
  2⤵
  PID:4412
- C:\Windows\System\XZcNwna.exe
  C:\Windows\System\XZcNwna.exe
  2⤵
  PID:5180
- C:\Windows\System\zoVMggY.exe
  C:\Windows\System\zoVMggY.exe
  2⤵
  PID:14508
- C:\Windows\System\WFMjrAg.exe
  C:\Windows\System\WFMjrAg.exe
  2⤵
  PID:5128
- C:\Windows\System\eQmqwQA.exe
  C:\Windows\System\eQmqwQA.exe
  2⤵
  PID:14468
- C:\Windows\System\dkGTkPx.exe
  C:\Windows\System\dkGTkPx.exe
  2⤵
  PID:3796
- C:\Windows\System\UrMCtLj.exe
  C:\Windows\System\UrMCtLj.exe
  2⤵
  PID:14552
- C:\Windows\System\AwviIkL.exe
  C:\Windows\System\AwviIkL.exe
  2⤵
  PID:5072
- C:\Windows\System\hizSxLi.exe
  C:\Windows\System\hizSxLi.exe
  2⤵
  PID:14572
- C:\Windows\System\FmNGWkl.exe
  C:\Windows\System\FmNGWkl.exe
  2⤵
  PID:14584
- C:\Windows\System\pvWqTgd.exe
  C:\Windows\System\pvWqTgd.exe
  2⤵
  PID:5160
- C:\Windows\System\LKiahgA.exe
  C:\Windows\System\LKiahgA.exe
  2⤵
  PID:14756
- C:\Windows\System\rLoTREF.exe
  C:\Windows\System\rLoTREF.exe
  2⤵
  PID:5444
- C:\Windows\System\UHIjNzS.exe
  C:\Windows\System\UHIjNzS.exe
  2⤵
  PID:5440
- C:\Windows\System\GHXOktH.exe
  C:\Windows\System\GHXOktH.exe
  2⤵
  PID:5820
- C:\Windows\System\fBJVgaR.exe
  C:\Windows\System\fBJVgaR.exe
  2⤵
  PID:5688
- C:\Windows\System\MAcCEau.exe
  C:\Windows\System\MAcCEau.exe
  2⤵
  PID:5840
- C:\Windows\System\YvMLWwz.exe
  C:\Windows\System\YvMLWwz.exe
  2⤵
  PID:14960
- C:\Windows\System\hwNYQHj.exe
  C:\Windows\System\hwNYQHj.exe
  2⤵
  PID:14872
- C:\Windows\System\GqYandz.exe
  C:\Windows\System\GqYandz.exe
  2⤵
  PID:5812
- C:\Windows\System\hRlAHVa.exe
  C:\Windows\System\hRlAHVa.exe
  2⤵
  PID:14916
- C:\Windows\System\TvDXfYo.exe
  C:\Windows\System\TvDXfYo.exe
  2⤵
  PID:5868
- C:\Windows\System\UOWOamx.exe
  C:\Windows\System\UOWOamx.exe
  2⤵
  PID:15036
- C:\Windows\System\HUjwQJO.exe
  C:\Windows\System\HUjwQJO.exe
  2⤵
  PID:15108
- C:\Windows\System\hECstap.exe
  C:\Windows\System\hECstap.exe
  2⤵
  PID:1424
- C:\Windows\System\Cqqitgw.exe
  C:\Windows\System\Cqqitgw.exe
  2⤵
  PID:15296
- C:\Windows\System\JtsgLmp.exe
  C:\Windows\System\JtsgLmp.exe
  2⤵
  PID:2708
- C:\Windows\System\MgdMUGF.exe
  C:\Windows\System\MgdMUGF.exe
  2⤵
  PID:14396
- C:\Windows\System\enPiOxF.exe
  C:\Windows\System\enPiOxF.exe
  2⤵
  PID:6384
- C:\Windows\System\iOIGLku.exe
  C:\Windows\System\iOIGLku.exe
  2⤵
  PID:4260
- C:\Windows\System\pyzHjIG.exe
  C:\Windows\System\pyzHjIG.exe
  2⤵
  PID:14516
- C:\Windows\System\JNiEByH.exe
  C:\Windows\System\JNiEByH.exe
  2⤵
  PID:6376
- C:\Windows\System\hjkusAO.exe
  C:\Windows\System\hjkusAO.exe
  2⤵
  PID:7008
- C:\Windows\System\ijxQBAb.exe
  C:\Windows\System\ijxQBAb.exe
  2⤵
  PID:14532
- C:\Windows\System\uVZmayo.exe
  C:\Windows\System\uVZmayo.exe
  2⤵
  PID:14388
- C:\Windows\System\mrqtBfO.exe
  C:\Windows\System\mrqtBfO.exe
  2⤵
  PID:6792
- C:\Windows\System\GdJExSJ.exe
  C:\Windows\System\GdJExSJ.exe
  2⤵
  PID:14604
- C:\Windows\System\PNYvkKe.exe
  C:\Windows\System\PNYvkKe.exe
  2⤵
  PID:5628
- C:\Windows\System\feACrjP.exe
  C:\Windows\System\feACrjP.exe
  2⤵
  PID:14660
- C:\Windows\System\ldYHmYJ.exe
  C:\Windows\System\ldYHmYJ.exe
  2⤵
  PID:13820
- C:\Windows\System\SDZkcdT.exe
  C:\Windows\System\SDZkcdT.exe
  2⤵
  PID:14632
- C:\Windows\System\oFKAUAh.exe
  C:\Windows\System\oFKAUAh.exe
  2⤵
  PID:14808
- C:\Windows\System\lERQxNX.exe
  C:\Windows\System\lERQxNX.exe
  2⤵
  PID:5992
- C:\Windows\System\GuNByjI.exe
  C:\Windows\System\GuNByjI.exe
  2⤵
  PID:7180
- C:\Windows\System\lIWzGBL.exe
  C:\Windows\System\lIWzGBL.exe
  2⤵
  PID:4716
- C:\Windows\System\iFBdgEK.exe
  C:\Windows\System\iFBdgEK.exe
  2⤵
  PID:13728
- C:\Windows\System\bYfWzVx.exe
  C:\Windows\System\bYfWzVx.exe
  2⤵
  PID:13780
- C:\Windows\System\VNBGvXp.exe
  C:\Windows\System\VNBGvXp.exe
  2⤵
  PID:1300
- C:\Windows\System\ufJSUPp.exe
  C:\Windows\System\ufJSUPp.exe
  2⤵
  PID:5328
- C:\Windows\System\dOWxwLr.exe
  C:\Windows\System\dOWxwLr.exe
  2⤵
  PID:13336
- C:\Windows\System\cCHMdwJ.exe
  C:\Windows\System\cCHMdwJ.exe
  2⤵
  PID:7456
- C:\Windows\System\bAgYmAR.exe
  C:\Windows\System\bAgYmAR.exe
  2⤵
  PID:5692
- C:\Windows\System\gaHhXhr.exe
  C:\Windows\System\gaHhXhr.exe
  2⤵
  PID:5848
- C:\Windows\System\BMCMeFb.exe
  C:\Windows\System\BMCMeFb.exe
  2⤵
  PID:5772
- C:\Windows\System\qPNHbuw.exe
  C:\Windows\System\qPNHbuw.exe
  2⤵
  PID:7920
- C:\Windows\System\VMTvyKl.exe
  C:\Windows\System\VMTvyKl.exe
  2⤵
  PID:7944
- C:\Windows\System\XCbApSB.exe
  C:\Windows\System\XCbApSB.exe
  2⤵
  PID:5852
- C:\Windows\System\Etdeiab.exe
  C:\Windows\System\Etdeiab.exe
  2⤵
  PID:15048
- C:\Windows\System\sNkeEaS.exe
  C:\Windows\System\sNkeEaS.exe
  2⤵
  PID:6344
- C:\Windows\System\grdWMlA.exe
  C:\Windows\System\grdWMlA.exe
  2⤵
  PID:3144
- C:\Windows\System\PSbfhiQ.exe
  C:\Windows\System\PSbfhiQ.exe
  2⤵
  PID:7432
- C:\Windows\System\nHpFAXU.exe
  C:\Windows\System\nHpFAXU.exe
  2⤵
  PID:6164
- C:\Windows\System\JdAHfNW.exe
  C:\Windows\System\JdAHfNW.exe
  2⤵
  PID:6372
- C:\Windows\System\prymmgR.exe
  C:\Windows\System\prymmgR.exe
  2⤵
  PID:6000
- C:\Windows\System\FitrZHG.exe
  C:\Windows\System\FitrZHG.exe
  2⤵
  PID:6972
- C:\Windows\System\rgiumLu.exe
  C:\Windows\System\rgiumLu.exe
  2⤵
  PID:7524
- C:\Windows\System\WlxlKHB.exe
  C:\Windows\System\WlxlKHB.exe
  2⤵
  PID:7816
- C:\Windows\System\nVcIjTj.exe
  C:\Windows\System\nVcIjTj.exe
  2⤵
  PID:7772
- C:\Windows\System\ddFjTEu.exe
  C:\Windows\System\ddFjTEu.exe
  2⤵
  PID:14500
- C:\Windows\System\KzZYYCM.exe
  C:\Windows\System\KzZYYCM.exe
  2⤵
  PID:14428
- C:\Windows\System\tXWYIRT.exe
  C:\Windows\System\tXWYIRT.exe
  2⤵
  PID:4964
- C:\Windows\System\CTzPiUH.exe
  C:\Windows\System\CTzPiUH.exe
  2⤵
  PID:5616
- C:\Windows\System\oJYpcbp.exe
  C:\Windows\System\oJYpcbp.exe
  2⤵
  PID:8068
- C:\Windows\System\FssToug.exe
  C:\Windows\System\FssToug.exe
  2⤵
  PID:5856
- C:\Windows\System\iofyKYU.exe
  C:\Windows\System\iofyKYU.exe
  2⤵
  PID:6696
- C:\Windows\System\duCYtpx.exe
  C:\Windows\System\duCYtpx.exe
  2⤵
  PID:8512
- C:\Windows\System\SgQkIpZ.exe
  C:\Windows\System\SgQkIpZ.exe
  2⤵
  PID:5660
- C:\Windows\System\qQTdwey.exe
  C:\Windows\System\qQTdwey.exe
  2⤵
  PID:13956
- C:\Windows\System\mzjASAR.exe
  C:\Windows\System\mzjASAR.exe
  2⤵
  PID:13412
- C:\Windows\System\llVYxdU.exe
  C:\Windows\System\llVYxdU.exe
  2⤵
  PID:13876
- C:\Windows\System\gpYfLTG.exe
  C:\Windows\System\gpYfLTG.exe
  2⤵
  PID:8604
- C:\Windows\System\KpHZtYT.exe
  C:\Windows\System\KpHZtYT.exe
  2⤵
  PID:7520
- C:\Windows\System\patnjGm.exe
  C:\Windows\System\patnjGm.exe
  2⤵
  PID:7576
- C:\Windows\System\HFWuigf.exe
  C:\Windows\System\HFWuigf.exe
  2⤵
  PID:8288
- C:\Windows\System\dVsNvAa.exe
  C:\Windows\System\dVsNvAa.exe
  2⤵
  PID:4764
- C:\Windows\System\bXCnLFW.exe
  C:\Windows\System\bXCnLFW.exe
  2⤵
  PID:5996
- C:\Windows\System\xsIDQpy.exe
  C:\Windows\System\xsIDQpy.exe
  2⤵
  PID:15208
- C:\Windows\System\MXfdUVC.exe
  C:\Windows\System\MXfdUVC.exe
  2⤵
  PID:6340
- C:\Windows\System\ZtqrHxe.exe
  C:\Windows\System\ZtqrHxe.exe
  2⤵
  PID:5032
- C:\Windows\System\OxbplDf.exe
  C:\Windows\System\OxbplDf.exe
  2⤵
  PID:8688
- C:\Windows\System\TDhrDsL.exe
  C:\Windows\System\TDhrDsL.exe
  2⤵
  PID:7908
- C:\Windows\System\ZHWCiyi.exe
  C:\Windows\System\ZHWCiyi.exe
  2⤵
  PID:9768
- C:\Windows\System\xyqWQxj.exe
  C:\Windows\System\xyqWQxj.exe
  2⤵
  PID:8276
- C:\Windows\System\YwsPhNO.exe
  C:\Windows\System\YwsPhNO.exe
  2⤵
  PID:6740
- C:\Windows\System\HoHUpXG.exe
  C:\Windows\System\HoHUpXG.exe
  2⤵
  PID:224
- C:\Windows\System\xviuigQ.exe
  C:\Windows\System\xviuigQ.exe
  2⤵
  PID:4212
- C:\Windows\System\AKuqQoS.exe
  C:\Windows\System\AKuqQoS.exe
  2⤵
  PID:8372
- C:\Windows\System\qfjhDGw.exe
  C:\Windows\System\qfjhDGw.exe
  2⤵
  PID:14820
- C:\Windows\System\uguFePD.exe
  C:\Windows\System\uguFePD.exe
  2⤵
  PID:15128
- C:\Windows\System\tAlEcXl.exe
  C:\Windows\System\tAlEcXl.exe
  2⤵
  PID:7904
- C:\Windows\System\qBSXPpC.exe
  C:\Windows\System\qBSXPpC.exe
  2⤵
  PID:7208
- C:\Windows\System\DpyHYjM.exe
  C:\Windows\System\DpyHYjM.exe
  2⤵
  PID:10740
- C:\Windows\System\jgbzCjr.exe
  C:\Windows\System\jgbzCjr.exe
  2⤵
  PID:7364
- C:\Windows\System\zspZgkv.exe
  C:\Windows\System\zspZgkv.exe
  2⤵
  PID:14936
- C:\Windows\System\EkcceAf.exe
  C:\Windows\System\EkcceAf.exe
  2⤵
  PID:14844
- C:\Windows\System\rfUrsxs.exe
  C:\Windows\System\rfUrsxs.exe
  2⤵
  PID:10808
- C:\Windows\System\WSLyahJ.exe
  C:\Windows\System\WSLyahJ.exe
  2⤵
  PID:8036
- C:\Windows\System\BZvVGAC.exe
  C:\Windows\System\BZvVGAC.exe
  2⤵
  PID:7600
- C:\Windows\System\OVfwEHp.exe
  C:\Windows\System\OVfwEHp.exe
  2⤵
  PID:15228
- C:\Windows\System\zUCzQYH.exe
  C:\Windows\System\zUCzQYH.exe
  2⤵
  PID:14456
- C:\Windows\System\AqFcVsX.exe
  C:\Windows\System\AqFcVsX.exe
  2⤵
  PID:10872
- C:\Windows\System\EQInziK.exe
  C:\Windows\System\EQInziK.exe
  2⤵
  PID:7636
- C:\Windows\System\GxinTQd.exe
  C:\Windows\System\GxinTQd.exe
  2⤵
  PID:7148
- C:\Windows\System\AHwWyCd.exe
  C:\Windows\System\AHwWyCd.exe
  2⤵
  PID:14644
- C:\Windows\System\QunovqH.exe
  C:\Windows\System\QunovqH.exe
  2⤵
  PID:14728
- C:\Windows\System\AxwvONa.exe
  C:\Windows\System\AxwvONa.exe
  2⤵
  PID:9748
- C:\Windows\System\piOurTR.exe
  C:\Windows\System\piOurTR.exe
  2⤵
  PID:14672
- C:\Windows\System\xsxzkbD.exe
  C:\Windows\System\xsxzkbD.exe
  2⤵
  PID:9200
- C:\Windows\System\oBOlgXx.exe
  C:\Windows\System\oBOlgXx.exe
  2⤵
  PID:15096
- C:\Windows\System\CUWAjgt.exe
  C:\Windows\System\CUWAjgt.exe
  2⤵
  PID:6432
- C:\Windows\System\przRDjl.exe
  C:\Windows\System\przRDjl.exe
  2⤵
  PID:14744
- C:\Windows\System\oFHKfnx.exe
  C:\Windows\System\oFHKfnx.exe
  2⤵
  PID:3428
- C:\Windows\System\mmlAswR.exe
  C:\Windows\System\mmlAswR.exe
  2⤵
  PID:11144
- C:\Windows\System\mitebHn.exe
  C:\Windows\System\mitebHn.exe
  2⤵
  PID:8272
- C:\Windows\System\GtyiCrn.exe
  C:\Windows\System\GtyiCrn.exe
  2⤵
  PID:11008
- C:\Windows\System\PXbORru.exe
  C:\Windows\System\PXbORru.exe
  2⤵
  PID:10884
- C:\Windows\System\xUglnjB.exe
  C:\Windows\System\xUglnjB.exe
  2⤵
  PID:9208
- C:\Windows\System\oMMiFYo.exe
  C:\Windows\System\oMMiFYo.exe
  2⤵
  PID:15252
- C:\Windows\System\yMzIQiV.exe
  C:\Windows\System\yMzIQiV.exe
  2⤵
  PID:5584
- C:\Windows\System\nRlKrSe.exe
  C:\Windows\System\nRlKrSe.exe
  2⤵
  PID:9552
- C:\Windows\System\YHfzBQa.exe
  C:\Windows\System\YHfzBQa.exe
  2⤵
  PID:8200
- C:\Windows\System\ONiHQgF.exe
  C:\Windows\System\ONiHQgF.exe
  2⤵
  PID:11136
- C:\Windows\System\LcISEJd.exe
  C:\Windows\System\LcISEJd.exe
  2⤵
  PID:6396
- C:\Windows\System\zgyXRso.exe
  C:\Windows\System\zgyXRso.exe
  2⤵
  PID:14540
- C:\Windows\System\wrumSuB.exe
  C:\Windows\System\wrumSuB.exe
  2⤵
  PID:10972
- C:\Windows\System\OBSUacs.exe
  C:\Windows\System\OBSUacs.exe
  2⤵
  PID:10868
- C:\Windows\System\FJLcIOO.exe
  C:\Windows\System\FJLcIOO.exe
  2⤵
  PID:10876
- C:\Windows\System\vWkSWYo.exe
  C:\Windows\System\vWkSWYo.exe
  2⤵
  PID:5332
- C:\Windows\System\IoOZGaO.exe
  C:\Windows\System\IoOZGaO.exe
  2⤵
  PID:10036
- C:\Windows\System\cbnErxM.exe
  C:\Windows\System\cbnErxM.exe
  2⤵
  PID:10352
- C:\Windows\System\WqcwpML.exe
  C:\Windows\System\WqcwpML.exe
  2⤵
  PID:10940
- C:\Windows\System\IQYPwBE.exe
  C:\Windows\System\IQYPwBE.exe
  2⤵
  PID:4444
- C:\Windows\System\tphheTm.exe
  C:\Windows\System\tphheTm.exe
  2⤵
  PID:10840
- C:\Windows\System\SbsslMN.exe
  C:\Windows\System\SbsslMN.exe
  2⤵
  PID:11048
- C:\Windows\System\yXuWCzF.exe
  C:\Windows\System\yXuWCzF.exe
  2⤵
  PID:5884
- C:\Windows\System\qCjPuPt.exe
  C:\Windows\System\qCjPuPt.exe
  2⤵
  PID:6908
- C:\Windows\System\AAYqCTr.exe
  C:\Windows\System\AAYqCTr.exe
  2⤵
  PID:9444
- C:\Windows\System\kXBQCys.exe
  C:\Windows\System\kXBQCys.exe
  2⤵
  PID:11180
- C:\Windows\System\XlIrtBq.exe
  C:\Windows\System\XlIrtBq.exe
  2⤵
  PID:6492
- C:\Windows\System\eDExCun.exe
  C:\Windows\System\eDExCun.exe
  2⤵
  PID:11128
- C:\Windows\System\OvNWXOv.exe
  C:\Windows\System\OvNWXOv.exe
  2⤵
  PID:10028
- C:\Windows\System\GDndcxG.exe
  C:\Windows\System\GDndcxG.exe
  2⤵
  PID:6772
- C:\Windows\System\GSSUtkO.exe
  C:\Windows\System\GSSUtkO.exe
  2⤵
  PID:12116
- C:\Windows\System\GWKIZzK.exe
  C:\Windows\System\GWKIZzK.exe
  2⤵
  PID:8376
- C:\Windows\System\LsLONAI.exe
  C:\Windows\System\LsLONAI.exe
  2⤵
  PID:5800
- C:\Windows\System\ndOpBXy.exe
  C:\Windows\System\ndOpBXy.exe
  2⤵
  PID:6120
- C:\Windows\System\FkNEder.exe
  C:\Windows\System\FkNEder.exe
  2⤵
  PID:8328
- C:\Windows\System\lPRuFyU.exe
  C:\Windows\System\lPRuFyU.exe
  2⤵
  PID:9204
- C:\Windows\System\zWCpFaa.exe
  C:\Windows\System\zWCpFaa.exe
  2⤵
  PID:8472
- C:\Windows\System\vIYfLZt.exe
  C:\Windows\System\vIYfLZt.exe
  2⤵
  PID:9700
- C:\Windows\System\dDFKWmA.exe
  C:\Windows\System\dDFKWmA.exe
  2⤵
  PID:7892
- C:\Windows\System\jySIPyz.exe
  C:\Windows\System\jySIPyz.exe
  2⤵
  PID:12912
- C:\Windows\System\oLwDzyv.exe
  C:\Windows\System\oLwDzyv.exe
  2⤵
  PID:12112
- C:\Windows\System\vuAuaDa.exe
  C:\Windows\System\vuAuaDa.exe
  2⤵
  PID:12936
- C:\Windows\System\urVHMZH.exe
  C:\Windows\System\urVHMZH.exe
  2⤵
  PID:3576
- C:\Windows\System\MhYHyQR.exe
  C:\Windows\System\MhYHyQR.exe
  2⤵
  PID:9368
- C:\Windows\System\OPYWdNz.exe
  C:\Windows\System\OPYWdNz.exe
  2⤵
  PID:12984
- C:\Windows\System\mRjgmPl.exe
  C:\Windows\System\mRjgmPl.exe
  2⤵
  PID:5572
- C:\Windows\System\iOqPxbl.exe
  C:\Windows\System\iOqPxbl.exe
  2⤵
  PID:14236
- C:\Windows\System\yWqUgRu.exe
  C:\Windows\System\yWqUgRu.exe
  2⤵
  PID:10968
- C:\Windows\System\YHPwCud.exe
  C:\Windows\System\YHPwCud.exe
  2⤵
  PID:11340
- C:\Windows\System\atdFVGC.exe
  C:\Windows\System\atdFVGC.exe
  2⤵
  PID:5176
- C:\Windows\System\yylkICx.exe
  C:\Windows\System\yylkICx.exe
  2⤵
  PID:5988
- C:\Windows\System\CYFqPbu.exe
  C:\Windows\System\CYFqPbu.exe
  2⤵
  PID:13000
- C:\Windows\System\aVvVEPA.exe
  C:\Windows\System\aVvVEPA.exe
  2⤵
  PID:10992
- C:\Windows\System\crmxUEB.exe
  C:\Windows\System\crmxUEB.exe
  2⤵
  PID:10984
- C:\Windows\System\YvKvdCH.exe
  C:\Windows\System\YvKvdCH.exe
  2⤵
  PID:12008
- C:\Windows\System\FtVNQcL.exe
  C:\Windows\System\FtVNQcL.exe
  2⤵
  PID:11152
- C:\Windows\System\bgJlvkZ.exe
  C:\Windows\System\bgJlvkZ.exe
  2⤵
  PID:12128
- C:\Windows\System\CBuYYTY.exe
  C:\Windows\System\CBuYYTY.exe
  2⤵
  PID:12552
- C:\Windows\System\DiLjEFn.exe
  C:\Windows\System\DiLjEFn.exe
  2⤵
  PID:8964
- C:\Windows\System\HdJpqfw.exe
  C:\Windows\System\HdJpqfw.exe
  2⤵
  PID:11512
- C:\Windows\System\aSCTHmV.exe
  C:\Windows\System\aSCTHmV.exe
  2⤵
  PID:10776
- C:\Windows\System\WAkwIQc.exe
  C:\Windows\System\WAkwIQc.exe
  2⤵
  PID:8172
- C:\Windows\System\TDIWRDR.exe
  C:\Windows\System\TDIWRDR.exe
  2⤵
  PID:11448
- C:\Windows\System\xkNErlH.exe
  C:\Windows\System\xkNErlH.exe
  2⤵
  PID:13216
- C:\Windows\System\nxPmohH.exe
  C:\Windows\System\nxPmohH.exe
  2⤵
  PID:8628
- C:\Windows\System\nmPqQtD.exe
  C:\Windows\System\nmPqQtD.exe
  2⤵
  PID:8744
- C:\Windows\System\OEbAYJA.exe
  C:\Windows\System\OEbAYJA.exe
  2⤵
  PID:11232
- C:\Windows\System\daNfnPR.exe
  C:\Windows\System\daNfnPR.exe
  2⤵
  PID:9848
- C:\Windows\System\ImBZagv.exe
  C:\Windows\System\ImBZagv.exe
  2⤵
  PID:14416
- C:\Windows\System\NnQoZJN.exe
  C:\Windows\System\NnQoZJN.exe
  2⤵
  PID:6536
- C:\Windows\System\YXNpyso.exe
  C:\Windows\System\YXNpyso.exe
  2⤵
  PID:9772
- C:\Windows\System\RiTQLzS.exe
  C:\Windows\System\RiTQLzS.exe
  2⤵
  PID:11020
- C:\Windows\System\YhxtcBK.exe
  C:\Windows\System\YhxtcBK.exe
  2⤵
  PID:11676
- C:\Windows\System\DBQcdIC.exe
  C:\Windows\System\DBQcdIC.exe
  2⤵
  PID:10864
- C:\Windows\System\WdYhyct.exe
  C:\Windows\System\WdYhyct.exe
  2⤵
  PID:11704
- C:\Windows\System\HQTCccE.exe
  C:\Windows\System\HQTCccE.exe
  2⤵
  PID:11276
- C:\Windows\System\VyMTmAm.exe
  C:\Windows\System\VyMTmAm.exe
  2⤵
  PID:7496
- C:\Windows\System\AUUcTTp.exe
  C:\Windows\System\AUUcTTp.exe
  2⤵
  PID:12660
- C:\Windows\System\bGqygwr.exe
  C:\Windows\System\bGqygwr.exe
  2⤵
  PID:11868
- C:\Windows\System\ZlieZKx.exe
  C:\Windows\System\ZlieZKx.exe
  2⤵
  PID:12144
- C:\Windows\System\agbeqVi.exe
  C:\Windows\System\agbeqVi.exe
  2⤵
  PID:13080
- C:\Windows\System\EeGXayN.exe
  C:\Windows\System\EeGXayN.exe
  2⤵
  PID:10904
- C:\Windows\System\WIQbyTc.exe
  C:\Windows\System\WIQbyTc.exe
  2⤵
  PID:11436
- C:\Windows\System\QeVLKsS.exe
  C:\Windows\System\QeVLKsS.exe
  2⤵
  PID:10412
- C:\Windows\System\xysSUkd.exe
  C:\Windows\System\xysSUkd.exe
  2⤵
  PID:13104
- C:\Windows\System\eplAmNe.exe
  C:\Windows\System\eplAmNe.exe
  2⤵
  PID:13264
- C:\Windows\System\rSZcYdb.exe
  C:\Windows\System\rSZcYdb.exe
  2⤵
  PID:8828
- C:\Windows\System\EesCNEx.exe
  C:\Windows\System\EesCNEx.exe
  2⤵
  PID:11380
- C:\Windows\System\WMbwlUi.exe
  C:\Windows\System\WMbwlUi.exe
  2⤵
  PID:3896
- C:\Windows\System\diJuJxy.exe
  C:\Windows\System\diJuJxy.exe
  2⤵
  PID:9048
- C:\Windows\System\hzuZYWL.exe
  C:\Windows\System\hzuZYWL.exe
  2⤵
  PID:6628
- C:\Windows\System\PtMjxYM.exe
  C:\Windows\System\PtMjxYM.exe
  2⤵
  PID:8616
- C:\Windows\System\AajJDQa.exe
  C:\Windows\System\AajJDQa.exe
  2⤵
  PID:9064
- C:\Windows\System\IjHmzyb.exe
  C:\Windows\System\IjHmzyb.exe
  2⤵
  PID:8368
- C:\Windows\System\dhAuJBa.exe
  C:\Windows\System\dhAuJBa.exe
  2⤵
  PID:12376
- C:\Windows\System\rHVLiEr.exe
  C:\Windows\System\rHVLiEr.exe
  2⤵
  PID:11132
- C:\Windows\System\PgCkubH.exe
  C:\Windows\System\PgCkubH.exe
  2⤵
  PID:11420
- C:\Windows\System\wgNxkVI.exe
  C:\Windows\System\wgNxkVI.exe
  2⤵
  PID:10648
- C:\Windows\System\YnVRvej.exe
  C:\Windows\System\YnVRvej.exe
  2⤵
  PID:6220
- C:\Windows\System\EVRQSDO.exe
  C:\Windows\System\EVRQSDO.exe
  2⤵
  PID:11768
- C:\Windows\System\sgCJktA.exe
  C:\Windows\System\sgCJktA.exe
  2⤵
  PID:11584
- C:\Windows\System\MUvZAQk.exe
  C:\Windows\System\MUvZAQk.exe
  2⤵
  PID:12120
- C:\Windows\System\HkPHYTM.exe
  C:\Windows\System\HkPHYTM.exe
  2⤵
  PID:9588
- C:\Windows\System\LKkNXFm.exe
  C:\Windows\System\LKkNXFm.exe
  2⤵
  PID:9464
- C:\Windows\System\yEpuYMu.exe
  C:\Windows\System\yEpuYMu.exe
  2⤵
  PID:8048
- C:\Windows\System\aBxKOED.exe
  C:\Windows\System\aBxKOED.exe
  2⤵
  PID:13036
- C:\Windows\System\KhmaGvp.exe
  C:\Windows\System\KhmaGvp.exe
  2⤵
  PID:11184
- C:\Windows\System\MrtJOXy.exe
  C:\Windows\System\MrtJOXy.exe
  2⤵
  PID:8832
- C:\Windows\System\ctLQfqV.exe
  C:\Windows\System\ctLQfqV.exe
  2⤵
  PID:11308
- C:\Windows\System\VjbNNjp.exe
  C:\Windows\System\VjbNNjp.exe
  2⤵
  PID:11468
- C:\Windows\System\aezHwUI.exe
  C:\Windows\System\aezHwUI.exe
  2⤵
  PID:12056
- C:\Windows\System\BINJhrp.exe
  C:\Windows\System\BINJhrp.exe
  2⤵
  PID:8668
- C:\Windows\System\dZQhWXp.exe
  C:\Windows\System\dZQhWXp.exe
  2⤵
  PID:9060
- C:\Windows\System\emmNhqY.exe
  C:\Windows\System\emmNhqY.exe
  2⤵
  PID:12716
- C:\Windows\System\tUglJqH.exe
  C:\Windows\System\tUglJqH.exe
  2⤵
  PID:12760
- C:\Windows\System\HlFAkjL.exe
  C:\Windows\System\HlFAkjL.exe
  2⤵
  PID:8684
- C:\Windows\System\wqdYdVz.exe
  C:\Windows\System\wqdYdVz.exe
  2⤵
  PID:12284
- C:\Windows\System\rfTEqfT.exe
  C:\Windows\System\rfTEqfT.exe
  2⤵
  PID:12820
- C:\Windows\System\IgVwIrG.exe
  C:\Windows\System\IgVwIrG.exe
  2⤵
  PID:12732
- C:\Windows\System\OFdTDLg.exe
  C:\Windows\System\OFdTDLg.exe
  2⤵
  PID:13232
- C:\Windows\System\jkyohlS.exe
  C:\Windows\System\jkyohlS.exe
  2⤵
  PID:13288
- C:\Windows\System\tTpAzse.exe
  C:\Windows\System\tTpAzse.exe
  2⤵
  PID:12220
- C:\Windows\System\qqypZdW.exe
  C:\Windows\System\qqypZdW.exe
  2⤵
  PID:11916
- C:\Windows\System\zdxeRPC.exe
  C:\Windows\System\zdxeRPC.exe
  2⤵
  PID:13004
- C:\Windows\System\dsgeVIp.exe
  C:\Windows\System\dsgeVIp.exe
  2⤵
  PID:12176
- C:\Windows\System\mAujdNg.exe
  C:\Windows\System\mAujdNg.exe
  2⤵
  PID:8732
- C:\Windows\System\gxQmxsH.exe
  C:\Windows\System\gxQmxsH.exe
  2⤵
  PID:14164
- C:\Windows\System\PwShClK.exe
  C:\Windows\System\PwShClK.exe
  2⤵
  PID:10988
- C:\Windows\System\jzqJmij.exe
  C:\Windows\System\jzqJmij.exe
  2⤵
  PID:9752
- C:\Windows\System\YXHTwKM.exe
  C:\Windows\System\YXHTwKM.exe
  2⤵
  PID:12072
- C:\Windows\System\LvrrGXx.exe
  C:\Windows\System\LvrrGXx.exe
  2⤵
  PID:5368
- C:\Windows\System\SMijSPy.exe
  C:\Windows\System\SMijSPy.exe
  2⤵
  PID:4864
- C:\Windows\System\IEkHskZ.exe
  C:\Windows\System\IEkHskZ.exe
  2⤵
  PID:12932
- C:\Windows\System\VofaXyV.exe
  C:\Windows\System\VofaXyV.exe
  2⤵
  PID:13140
- C:\Windows\System\iaXmgCJ.exe
  C:\Windows\System\iaXmgCJ.exe
  2⤵
  PID:10504
- C:\Windows\System\PfIYDPR.exe
  C:\Windows\System\PfIYDPR.exe
  2⤵
  PID:11084
- C:\Windows\System\kFYrwYA.exe
  C:\Windows\System\kFYrwYA.exe
  2⤵
  PID:7484
- C:\Windows\System\BQvDZmr.exe
  C:\Windows\System\BQvDZmr.exe
  2⤵
  PID:12556
- C:\Windows\System\Hdixupu.exe
  C:\Windows\System\Hdixupu.exe
  2⤵
  PID:13228
- C:\Windows\System\zQItoBm.exe
  C:\Windows\System\zQItoBm.exe
  2⤵
  PID:6224
- C:\Windows\System\XjcCKUS.exe
  C:\Windows\System\XjcCKUS.exe
  2⤵
  PID:12360
- C:\Windows\System\ZmmvsLw.exe
  C:\Windows\System\ZmmvsLw.exe
  2⤵
  PID:5864
- C:\Windows\System\gtxJmJW.exe
  C:\Windows\System\gtxJmJW.exe
  2⤵
  PID:5088
- C:\Windows\System\pdywwbh.exe
  C:\Windows\System\pdywwbh.exe
  2⤵
  PID:11652
- C:\Windows\System\LIhITxE.exe
  C:\Windows\System\LIhITxE.exe
  2⤵
  PID:11456
- C:\Windows\System\pNgIMOB.exe
  C:\Windows\System\pNgIMOB.exe
  2⤵
  PID:12884
- C:\Windows\System\ciOHrgK.exe
  C:\Windows\System\ciOHrgK.exe
  2⤵
  PID:12148
- C:\Windows\System\niLUpkK.exe
  C:\Windows\System\niLUpkK.exe
  2⤵
  PID:10264
- C:\Windows\System\RfSYmnQ.exe
  C:\Windows\System\RfSYmnQ.exe
  2⤵
  PID:4160
- C:\Windows\System\hCivhXJ.exe
  C:\Windows\System\hCivhXJ.exe
  2⤵
  PID:1872
- C:\Windows\System\vMEZsgT.exe
  C:\Windows\System\vMEZsgT.exe
  2⤵
  PID:12464
- C:\Windows\System\zyjPCku.exe
  C:\Windows\System\zyjPCku.exe
  2⤵
  PID:10784
- C:\Windows\System\PIWlVJe.exe
  C:\Windows\System\PIWlVJe.exe
  2⤵
  PID:12864
- C:\Windows\System\rNcVIfE.exe
  C:\Windows\System\rNcVIfE.exe
  2⤵
  PID:10852
- C:\Windows\System\tKSYrGf.exe
  C:\Windows\System\tKSYrGf.exe
  2⤵
  PID:12980
- C:\Windows\System\nuMIIjA.exe
  C:\Windows\System\nuMIIjA.exe
  2⤵
  PID:12256
- C:\Windows\System\cbaeXVA.exe
  C:\Windows\System\cbaeXVA.exe
  2⤵
  PID:13072
- C:\Windows\System\BqgvvLH.exe
  C:\Windows\System\BqgvvLH.exe
  2⤵
  PID:14308
- C:\Windows\System\AXvtzaP.exe
  C:\Windows\System\AXvtzaP.exe
  2⤵
  PID:12944
- C:\Windows\System\pBvEjkb.exe
  C:\Windows\System\pBvEjkb.exe
  2⤵
  PID:4392
- C:\Windows\System\DPszEzM.exe
  C:\Windows\System\DPszEzM.exe
  2⤵
  PID:8184
- C:\Windows\System\Sgqnqxe.exe
  C:\Windows\System\Sgqnqxe.exe
  2⤵
  PID:13208
- C:\Windows\System\sygLlAE.exe
  C:\Windows\System\sygLlAE.exe
  2⤵
  PID:3064
- C:\Windows\System\HDFCzwC.exe
  C:\Windows\System\HDFCzwC.exe
  2⤵
  PID:14284

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
1⤵
PID:11400

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:13624

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
- Drops file in System32 directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:5492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_pxpy40lf.yeo.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\ABTrmzo.exe

Filesize
1.7MB

MD5
4afdf9ee084eff600cb94f519a1d3593

SHA1
09233c67dbb74d1bc2afcb28475b9c5c44960c1d

SHA256
adfb109b383d2b89a67e84f999bedec47741b2953c663dbc490c55a923a8c67f

SHA512
014030b95597c7ddae4dbd00fc81766a06cf77b62325d73448be4ffe015796924b7b3c0f46323ba768fb1ff52f93bb115602d6bfae071c4c2df0ba0a37dd27c0

Download Submit
C:\Windows\System\AWKZYCu.exe

Filesize
1.7MB

MD5
76dbec99f84796d6845b68a74021ee4b

SHA1
d046335fed2ccedf74179d8900cbb5fe28bd6c0f

SHA256
fa873cc23511bf4a6e5fa97f52393abe8dc3594c826a29e6ecb61bcfc25ae71f

SHA512
91d3e4302aa3cb2c2b0f96cbc7a0d9945aeb9a6471610494642e98f0d1cfba762413da21f38ff6fce612d5f4d2d0c142892e3c8425204d1f942f6b9db02c10fe

Download Submit
C:\Windows\System\AbXxtvS.exe

Filesize
1.7MB

MD5
af8464d2c900783dc07a332bbe3c7ce0

SHA1
a379d4e50c9402ae49d90cb466969bd8df801e43

SHA256
fd16a2a843729193f8657541c06a7e08340e507c7674b57080bbdd0e7a187966

SHA512
2ed460dd0de0652429cb0d1645c4e86925e2027580b72c3d0c2edadde1b524274d458ddd2e89bda45ad0bc08d2867204d1f7afb42870b0297b68a8119d0d962b

Download Submit
C:\Windows\System\CpCnYYU.exe

Filesize
1.7MB

MD5
cee955d79eb8056d6089d4aedb05013a

SHA1
cf15c4b901fd969b9a61d142c498dab4f0ecf945

SHA256
49b8f653885f442665c16cd85e8f06a8e337d4a6f69d427a79edb9adb3454343

SHA512
925151226bc6570e5613510c59d9b2050562306cf5bf26f397a193356a6f100e1dea9511bb35042ed52cf8294bc5be0309a83d9c25f12ae290940ddad0cec8e5

Download Submit
C:\Windows\System\FcWAGgj.exe

Filesize
1.7MB

MD5
075c204b7a1d7fb4bdf7fe0dafba02c0

SHA1
1d418c1b5392cf1433cad8990d2a567e858e83fd

SHA256
1890cf29b2c95bb039d69a956b0569dde3d4b02469827cc68c5fa22933def02c

SHA512
ced644075fe019f773d055275af6ecff6708a9586d9909831c422c6d15a55b2ac234a33336a0fbc64b14024b41f9bcbbdc5bd12772ad445a495165596ced5879

Download Submit
C:\Windows\System\FuldSJf.exe

Filesize
1.7MB

MD5
be6384f18639b9b94afd88d1fc3f3ece

SHA1
ec445013b87714db9ee46122447494af48c89687

SHA256
2b7d674935d7c10db54c68fabb66093edec75493fc7d47d7dcb09c6cc5fa1f12

SHA512
d168ecd2a0b713e98373e010280fae28d11e60afc8185d60f6ef033131da81f0c0585157b0e9e76d12c3b6616fd4ba20928c93d38e356a0e9ab5edc6822748b8

Download Submit
C:\Windows\System\IqtvJgl.exe

Filesize
1.7MB

MD5
c27c9b1a02f303c023f95aad4a36b80c

SHA1
6bee55d4a148369c43e101d98af061c4a71c70bc

SHA256
7490da1cee1f23c090686aa08d6cc4135edad3e85844e106089ee17cd893c636

SHA512
151eeba066c55d4b584f69eda64523d96d0661690bbd20a45b5a3061e6588be0b5c390ff9e8aa2aedf0d3a0b9fd838d2bbaef855d9dbac2a4b8d564e1db99223

Download Submit
C:\Windows\System\JjQJApK.exe

Filesize
1.7MB

MD5
cf80cf4dee396fc37592a6cd1af80449

SHA1
273cd4a83fcbe1ee550ad081776597155bea49da

SHA256
4d6cb0607f92c76e465d6c0d39918bf0e4a204fc40f642a3a5ef192e797de43a

SHA512
4433cdf65fe18dd9e40cd6fd83f9be07716a3f84506f3b371661cf9c5f9faf4a168fe88e338e8db5e9ba7a2cc8f59e26fb749e45a4b8dc79df63ce43b291e225

Download Submit
C:\Windows\System\OHvEOPy.exe

Filesize
1.7MB

MD5
e4bc75794d2c76ffdd0c9f83a66b1190

SHA1
46abbafe6bf37c3a09c7218237b9ccf638116753

SHA256
8497dcb1ad08d2403a2a2b4bf2255fe6b4f7f0521ed63257b74dd96de0f74e9e

SHA512
3137e97f85c88fe35da1a5bf73737fadb92fe13c5f01bf674e4cf6235905cdf5ba199ba169d31f9e12626835e67831ee3108959efffa786641b33c711a6b7721

Download Submit
C:\Windows\System\OvdwqcO.exe

Filesize
1.7MB

MD5
5ec3c262ef662f73c84e9b51208ce568

SHA1
29aecd95b1fbf991ad0c62d007cb0c35773226fa

SHA256
da32735484003355a4500e8b19c2a8f1334f715d9cf011c0b3756e4444796e80

SHA512
ba191a29e991e1fd38a4d1e20c46f69862d85f9eb4f744521f37c7481408d97ed069e2b36538c3a512162d2e8f1907a700495e6fe95a651533e1f486712faf7e

Download Submit
C:\Windows\System\RsxjRBi.exe

Filesize
1.7MB

MD5
71d3d4921ded126912756f849c811296

SHA1
685d4338c71497e9ac2a9c64f8b3a4d0920eb9ce

SHA256
6ecfb5c4e1d8cffb2306de8f6a58aed1aafc77bffff9aba585fbdc45f6497c63

SHA512
dc97dea373fd5a96c2c7e4cf7fb2e09d2616d96694cfa9b7fb9c4ed498049bf0967401f4b39ac326c01dca799fb541ede32e880b7572865d22195f1bbb02ee6a

Download Submit
C:\Windows\System\TkDwmEd.exe

Filesize
1.7MB

MD5
364d353b3a67ae7275a3262982446a7f

SHA1
fbaddd3809a2d3973066008db085b69878f2bd12

SHA256
0813fb7f9f01ce40e170ddeaa1fec9fb0194597bc04de93a418cb9b1b656c8fc

SHA512
0abbb71f0ba85dae9f8dcc32cc44d586e9eec83f8cc5f3c6406209feb1ae716511e2c42f2afcfb6192ef83558d92484a202e4aa9719c5a3ee739db58aec18f86

Download Submit
C:\Windows\System\UcnXbXo.exe

Filesize
1.7MB

MD5
fd127782248c1d1797e92d38cce1aa33

SHA1
bc9f795b47247d73f073e4c8e8d7ce1877729d61

SHA256
c0c1e576a1eed81ef25aee4a80f1eec8ab8332b971f35bf7b378eda2658082b8

SHA512
93c243bf80e7cbd4be4cf9773eb867a46b4da762b7f5a0c11d07707941854f2a82a69410489d07e65f60addb479478c42ddafcd0804bda8c2736c5542a4d4af5

Download Submit
C:\Windows\System\UzjjbOZ.exe

Filesize
1.7MB

MD5
ebe6b5b0b2984c7babad1da9a202bd92

SHA1
cdaed1839b4d3f2df1d817b2a4a43db83cecf405

SHA256
fd2b660603021345d1fab91d3386c5ec89470cc719d439b33c9d47e0b3d03999

SHA512
6b0a3b92c564f3f9a80086f4451ebf45bd08d2c7db215203bed5a30fa2e6543d744e1c0f72ca8e9a94dd539795cd8c842288db3f9d6e2b1da8d4dbfa89299dab

Download Submit
C:\Windows\System\WOmktcL.exe

Filesize
1.7MB

MD5
35e1ad0649753129289310bf83628262

SHA1
96b0ff4c241a5c81404edbbc707bc52e8da845f4

SHA256
95a6ea1b688119f4e75273ff7e086f1aae2c1e935a0dc86e804317c2ee3141ad

SHA512
0899f53e939c1ec4df621f708cc775eac8b48c589e3dfd4037702ed9652ae3c006558eb5a7903789cce625b6d2590b5aa104d0991bcf64defd42d6972ac9b032

Download Submit
C:\Windows\System\XDYRCLY.exe

Filesize
1.7MB

MD5
351cfb1a69b7efcb2202c67b1bc49229

SHA1
fcef865f2bb86af2c24f1ff995f20da292d04845

SHA256
a1434317985a027b6d997bba3bf15a10dc9461ce481a429944cf6be750e69d98

SHA512
051b5725da553b1bec455181c8f356aae44f6cd14677d72dae7c4d73c9c899c779b53e4008dc608d2a923193c5050cf9d797b256f5f521a33682df67fffc9e1e

Download Submit
C:\Windows\System\XRFnqMS.exe

Filesize
1.7MB

MD5
3d9b9de5bc10e48575daf710f94bf551

SHA1
c29db84c176b75a4993eab29058ff4c887fb85a7

SHA256
cf261044a4f7766e9529e4c4ab6a41d02eea7f9be1aec01ef58507b78873f66c

SHA512
29e3a8b0fa43efe35ac2d1e30960fa491d0f2ae231aadb441160d090aeaa0e31792f19ed6f3d1a41a6713a70511e24d3eca70d918330a6afc07bd9669b07a2f0

Download Submit
C:\Windows\System\ZVTBlfr.exe

Filesize
1.7MB

MD5
201c0c071baeafa8d78eebef4bdc0e97

SHA1
fd157d8bc3702834b43cf6d75b3626dae31e0e00

SHA256
97c9ccbd8ec88e5fef32a0c52e37f69d83e806df39817a752e5778b179a5cc76

SHA512
87fc88725f386b01bff077c831245ba43a60e9677fbad911d7339b42fe83f8c58dde4a5ef60f0a6efd177a40ff238270628bd973dea111ed652b7d36da36f3f4

Download Submit
C:\Windows\System\aMahgxu.exe

Filesize
1.7MB

MD5
5edac84ef623916996ecf5ceebc99f02

SHA1
d8662dd679e5b88fd819e0153064ce313d662385

SHA256
dec8fbb32ff524ec1de6541bc7f4e005fa4600b28c9e1b4e68b27e19b1c07571

SHA512
788b0407ec3f982aa37947ad02b49770890017102d557276b3108d444a0024c322fd62dcd0738aace8696f4e7e508680c19e2af0a994dec033a6ce56e4a6a67d

Download Submit
C:\Windows\System\cJRlvqo.exe

Filesize
1.7MB

MD5
2823a22a4fc4cf77ed6f65f4e34a1e9b

SHA1
09d7172f45a5b399dd9d5b55c461ce07bc95c723

SHA256
9040435b8fa79e50adcc7a695cada03ab73188f0129eadc7bf4c5cbfe8586730

SHA512
83f85a8f06cdee556cb08d72f99872fa45ce37846806dd1c16debe47b8910f6d5950c1d276967478f93fbd05ac7c4a901653e9834f25c06c649546a4fcab628c

Download Submit
C:\Windows\System\dTtvbeU.exe

Filesize
1.7MB

MD5
cfc614f23d35e38e354714a40a6bc94a

SHA1
cb2ef6e29f5b1b85f6ffdf33a2f032ea07d6a721

SHA256
43fdf51cda21fb80a3fb68a85323223ee38aa78d7f27d4eb7f72e2aa39fbd1c2

SHA512
db6abbc8dd4b90b205b761bee09d61515602dff9e7826de843a8f9920bf4fd3ca94a91ddb81cb20cd2aa8a98653c70f01a624f45742c1ff9915e591433487967

Download Submit
C:\Windows\System\eBJweTw.exe

Filesize
1.7MB

MD5
7f85c5fa1ff7cc7d720b19c9699eb64c

SHA1
e4fdef721876eb3ac9d351ad9878a0d3f8db2d24

SHA256
421f1c337e93ae9cc4c3216bef6432c4589ed8ffa29dec71ff427a8ae7416544

SHA512
c9a9f5df82cc7b8b8906db4d3175fc58496cc258d33750ed6b76fb890f54e5d082be1b6bc1c215812df5bd38720f319095aaaa2f26abe92b0a27f9588a4688e5

Download Submit
C:\Windows\System\jYwvIFc.exe

Filesize
1.7MB

MD5
7c66be1f32afd7a4cce11b0425da9833

SHA1
34b5ff186e38a62ff5f153ba665fbbe653449bea

SHA256
ab3f2e35cf4b277f70bfae744f4c947b481806d43a6d542605a4c5fb0cd35952

SHA512
d483845f225a43e4053b12692ddd3dd0ee92a4ad7ca3783f565f6568745e30c9cc55a98f18d25f96cd3f9640bd5c60fbfffca75e1b8fab8098bdef2acb0b4ae0

Download Submit
C:\Windows\System\kCNoACG.exe

Filesize
1.7MB

MD5
866fe902073eef6c68de9fccb7670b59

SHA1
db83359c87e28ee14e6c4e4b4a4287ff292130ac

SHA256
13234cdc381549357f41b535db32baf6d37ce6407c43c9fa3d34cd0e0d310800

SHA512
a6d4ea510f10aa790ec53af2439f6225e5c65f0191986b63db7d6c9a0ac0e18d51b93765967844f8effb7fcd9ab310f8a15c25d389ddca1ec0dbbd2bcdb11675

Download Submit
C:\Windows\System\kDcvKWu.exe

Filesize
1.7MB

MD5
1ca036a522460d54795144c0d8a4fefb

SHA1
83701c6b7eb6f8cb58b85348669c5015d656707d

SHA256
547d47790de1e1c438abd2309d7301e92a70ab6f7857acad72173119347b75e1

SHA512
e5d26a68a7b0afa7a052c344f64adb0ce19f4fdb6aeb5ba1513630d3cc37d665418fd94d6d194c70ddfcb8f0e6ed328f3630a1e8c614d7ba2f8cf06398754849

Download Submit
C:\Windows\System\mBmDpfV.exe

Filesize
1.7MB

MD5
f2e5de50c42a77ae2d7e103d4033961d

SHA1
8b4eb166cfa80b5bc830dc889918e3bb1b4865b6

SHA256
81186299e4bd543fda888b3a692d133bd5fca78c8942cf59456df3323c08c837

SHA512
2483f3cca00f06bf635513af623ecde9523cda979fc05b9024229cc4e00287aa3cffc3fb09838e1cc30cf3e9523c0edb48d7f107107e98fc171fc14ff98d2772

Download Submit
C:\Windows\System\mSrFCGF.exe

Filesize
1.7MB

MD5
ad58394d11aa2ea332fc20ad9394826c

SHA1
ae807173226c246d7e187bb358093627860dfb47

SHA256
4b189b275f72be5c761c7b79608c6997f6b970be907aa85752f24b1d8f659ed1

SHA512
bded908704eccff38cc0538192b8d5ed37fba854a8171f3994319b985eae68e2e215bf88f7aecd1fa7b2d0bf01a39028e1c9b1427c0bbeb286f22f036d80fdfc

Download Submit
C:\Windows\System\oFzwsOS.exe

Filesize
1.7MB

MD5
e382036b3967cb5cf1ed19d1afdb7b27

SHA1
07a2c4ac891799e225b92a464b84ce267c86c9e7

SHA256
d793127afb24542127a7e1f2fec68abe2732e8d68c82830410ae11093c90fd53

SHA512
1576a11d9c9d4005e2de8270251efa6a3dbdef757f0300fc0b1521843a5f7a3b7af50fcd93fd2a881536d06bd2ba2e54d69aaa449ccd8e69cc4b694d33bffd89

Download Submit
C:\Windows\System\oYIqiht.exe

Filesize
1.7MB

MD5
52ae4016007e418e2773933acf3598be

SHA1
f12fc92c40d53f09c484b3da25a1286b4f1e13ef

SHA256
f17324d039ddc452f2fc2fac39bda6f21f1e99eadc3eb51718573157ab7d2ba3

SHA512
5782368d7fb83fd14d2415518858d16bcc97c0dd5e7b3a8e8d5dac1f127c585c0e0b38a9e4d113ca67d8e0f1f54cb4981e9d95736c4014ba0977dc89398ae7c0

Download Submit
C:\Windows\System\pLlLOCv.exe

Filesize
1.7MB

MD5
323df9743c32bf44726c254038483b32

SHA1
89e0e390b4a03e49cd9c523f47535e5ed422edef

SHA256
b2f6357117ec5f6fe87d64e99ed0b16dae820a33d40e4041f11659efcc96bc5c

SHA512
160bb912ff8b24603506844f483ee0bb1c2991360f6a22ea8de8cda4d6dd142a75a0fab1f807eb7c73dc8e8c38fee26d16e9a40b5d98a905fd566676a59a6a65

Download Submit
C:\Windows\System\pqJLkuJ.exe

Filesize
1.7MB

MD5
12b70ea2ad803e0f66fb16979ce2f637

SHA1
eae182d5dd9bc0175ad2f155105a732ceb58785c

SHA256
4bb55d264b9e6254d1c7abc256b65e2df1f0b7bfc33124b1e3ea207f2b4124c4

SHA512
37618f89809b87a886e5e2296ec16f026f5c7b3b0d5653920717c05daa155efb8edae82605a8e8a1fb887045110853b13aabc19a7a75353a146f510ed5533bc8

Download Submit
C:\Windows\System\qNVQSnd.exe

Filesize
1.7MB

MD5
650bd0b636b29aa29b66e3d07ef7f82d

SHA1
6159e5753036eb6c0e75a930e38d63559550345b

SHA256
ed547aefbec010e3b0a53085fe40e87b3e25a38b1a5a55b65d78af98088bbf71

SHA512
33db702126e35f28960b0d73d5b7e0ca432f1c0dac22575c3cd4146d54857c2445fdd8879d6fe1db44ddae5db08540ea490d19695340932c946209472de0bb02

Download Submit
C:\Windows\System\qawFRIS.exe

Filesize
1.7MB

MD5
a011111b3886f1cd849f2920ea21830b

SHA1
d7c3e06ea4c5179eaee75c25a30f93cc30fb1084

SHA256
468b69cf28e41f8ea18d0340cb7fa73d0cdb95d1b4f85dfbaa0bd77c76616185

SHA512
6989b03eb7cc348f3ad5b987bcc76be47cdf14d3afbd3810df18579ed093bb1eadfb9a3e809601e9439c4eff6f2781ca8f757a932706fe329909cd3f964fa39b

Download Submit
C:\Windows\System\rtPlWRq.exe

Filesize
1.7MB

MD5
c05d4971fbbcb8c6102a91787dd87510

SHA1
eb547ba1c680b66d5d9afe8920fa034f445a7076

SHA256
571581d967f90c3b4b198fbb1bd3fabef30ed004c594830648963046c81c4a56

SHA512
06ae3db42f0f5872786fada95bb7f768887672bdcf2d59084635a45c97dda190c2c71949e823901818954c2451e915922983e08d11eafebf3afa99798edd9218

Download Submit
C:\Windows\System\tlXtMkZ.exe

Filesize
1.7MB

MD5
19eef1356c566a78c61fe8cf7c29735f

SHA1
3c25145349d24d4a3c2f034d262fae60829fa479

SHA256
93002f5c533c4f8986c23b40fa88c4e15b7a3f5ea094ab39d0f3eecab7b53623

SHA512
40681e652b3437c3659fa46e28f12aa734573909225bc64c36b86e11cfe380ea647ab1a5a5ddaa52c69ec139eaefd30380f548080b32f40b76e9ef887fad70d1

Download Submit
C:\Windows\System\uTcNIpe.exe

Filesize
1.7MB

MD5
140f72a1ab904c2e34387ef2f5e0db1a

SHA1
2cbba081fc9c2775c9f5cdca6273714750873620

SHA256
f66ccdfb3a1b57865ba317c42eac60400ef3d556e443bf1ecf018810b8b92ff0

SHA512
06d4e536e48b1ac46a4fb202c6faab8f8baf4445bc23fea4c0c9d8831ebb67de59a3e1fce432f7dc4a5c8f0045e652b4d4c9dbc30dda2c3dd0b8bd8c72e0d847

Download Submit
C:\Windows\System\vYVttNE.exe

Filesize
1.7MB

MD5
7fc5c3ee9c53414b6c6af7c1bdac9e04

SHA1
afff25a86799494831093119e8dbc5238ca9a552

SHA256
6f3b31d0e03e1862bea863b7c1bb402ebe6393ee1ed9a2a35a00d092914e2721

SHA512
427de6f656c4635bb20c3fc060ecd34cbea34250f34749df5156fc3dfc743fdbeecabad77d0b0aa8ee8f758004c68fc96a59c23836747e834125c31e72bdad4e

Download Submit
C:\Windows\System\xgfDwcd.exe

Filesize
1.7MB

MD5
83a6740b5534be458b3fd15ab2cb6160

SHA1
5dd148f2087f836db4356232104cafe4d39330fa

SHA256
3c25f70542db0b0b70b4183fa428af9ad233e63adc6f0e4e387640191138d964

SHA512
dce4a1aac629c52c7a69672d3252b30ac8c6052765df33f207a0e5390ed058f8988a183f1c8edc18f7ce7f5dd57b747cd56838fd324d1b7a9958e279ddaece4f

Download Submit
C:\Windows\System\yVFrsFk.exe

Filesize
8B

MD5
d8f939ee099285eb5299be97436baa4d

SHA1
e982a1f84114c575869e996a9a214509ee9e0e66

SHA256
e7c262920797c23676b4311de18f70723dfd833b4d38ec2d89ac9d49b2f67690

SHA512
e31bd5edb5ca774adb6b49128eb293ef2a9394fca94c3def6901a7d4903de06386842bbd81ce1630fc901df52644e493a263be2bc59bd514aa7a1f110b251fe2

Download Submit
C:\Windows\System\ziaZEEI.exe

Filesize
1.7MB

MD5
cf663ed1811a76451e2ee993bc16578e

SHA1
3078f38de70932cd2b2bf535a3c4a7def37d6196

SHA256
cdcac5f14bc22c1c7a06a50bbe8118125e4265b07e4b1f84d9adf6382215020b

SHA512
497386d2760cc1dc88f43eaf0c234aab4dbc87db45a686ca04cfd47d5dd77d9f1e0cc84adac0b1eb3328e74201f9f900eddb9d99a8285e2bbb4a1a243d62512f

Download Submit
memory/656-5092-0x00007FF7E53E0000-0x00007FF7E57D2000-memory.dmp

Filesize
3.9MB

Download
memory/656-260-0x00007FF7E53E0000-0x00007FF7E57D2000-memory.dmp

Filesize
3.9MB

Download
memory/964-344-0x00007FF641030000-0x00007FF641422000-memory.dmp

Filesize
3.9MB

Download
memory/964-5094-0x00007FF641030000-0x00007FF641422000-memory.dmp

Filesize
3.9MB

Download
memory/1404-14-0x00007FF70EEE0000-0x00007FF70F2D2000-memory.dmp

Filesize
3.9MB

Download
memory/1896-381-0x00007FF745390000-0x00007FF745782000-memory.dmp

Filesize
3.9MB

Download
memory/1896-5037-0x00007FF745390000-0x00007FF745782000-memory.dmp

Filesize
3.9MB

Download
memory/1936-0-0x00007FF6490C0000-0x00007FF6494B2000-memory.dmp

Filesize
3.9MB

Download
memory/1936-1-0x00000293EDD40000-0x00000293EDD50000-memory.dmp

Filesize
64KB

Download
memory/1992-264-0x00007FF7B7F10000-0x00007FF7B8302000-memory.dmp

Filesize
3.9MB

Download
memory/2264-5077-0x00007FF7637B0000-0x00007FF763BA2000-memory.dmp

Filesize
3.9MB

Download
memory/2264-255-0x00007FF7637B0000-0x00007FF763BA2000-memory.dmp

Filesize
3.9MB

Download
memory/2284-229-0x00007FF703960000-0x00007FF703D52000-memory.dmp

Filesize
3.9MB

Download
memory/2284-5042-0x00007FF703960000-0x00007FF703D52000-memory.dmp

Filesize
3.9MB

Download
memory/2388-263-0x00007FF6F9630000-0x00007FF6F9A22000-memory.dmp

Filesize
3.9MB

Download
memory/2388-5176-0x00007FF6F9630000-0x00007FF6F9A22000-memory.dmp

Filesize
3.9MB

Download
memory/2876-387-0x00007FF6CF4E0000-0x00007FF6CF8D2000-memory.dmp

Filesize
3.9MB

Download
memory/2876-5117-0x00007FF6CF4E0000-0x00007FF6CF8D2000-memory.dmp

Filesize
3.9MB

Download
memory/3100-5103-0x00007FF797E10000-0x00007FF798202000-memory.dmp

Filesize
3.9MB

Download
memory/3100-259-0x00007FF797E10000-0x00007FF798202000-memory.dmp

Filesize
3.9MB

Download
memory/3364-27-0x00007FF7EC720000-0x00007FF7ECB12000-memory.dmp

Filesize
3.9MB

Download
memory/3424-386-0x00007FF7E9960000-0x00007FF7E9D52000-memory.dmp

Filesize
3.9MB

Download
memory/3424-5098-0x00007FF7E9960000-0x00007FF7E9D52000-memory.dmp

Filesize
3.9MB

Download
memory/3704-109-0x00007FF770B50000-0x00007FF770F42000-memory.dmp

Filesize
3.9MB

Download
memory/3704-4621-0x00007FF770B50000-0x00007FF770F42000-memory.dmp

Filesize
3.9MB

Download
memory/3780-258-0x00007FF7E5320000-0x00007FF7E5712000-memory.dmp

Filesize
3.9MB

Download
memory/3780-5101-0x00007FF7E5320000-0x00007FF7E5712000-memory.dmp

Filesize
3.9MB

Download
memory/3968-2060-0x00007FFE33BC0000-0x00007FFE34681000-memory.dmp

Filesize
10.8MB

Download
memory/3968-562-0x0000017E104D0000-0x0000017E104F2000-memory.dmp

Filesize
136KB

Download
memory/3968-265-0x00007FFE33BC0000-0x00007FFE34681000-memory.dmp

Filesize
10.8MB

Download
memory/3968-28-0x0000017E10510000-0x0000017E10520000-memory.dmp

Filesize
64KB

Download
memory/4000-78-0x00007FF7FCDD0000-0x00007FF7FD1C2000-memory.dmp

Filesize
3.9MB

Download
memory/4000-4972-0x00007FF7FCDD0000-0x00007FF7FD1C2000-memory.dmp

Filesize
3.9MB

Download
memory/4272-5047-0x00007FF702EB0000-0x00007FF7032A2000-memory.dmp

Filesize
3.9MB

Download
memory/4272-161-0x00007FF702EB0000-0x00007FF7032A2000-memory.dmp

Filesize
3.9MB

Download
memory/4304-58-0x00007FF79D1F0000-0x00007FF79D5E2000-memory.dmp

Filesize
3.9MB

Download
memory/4304-4974-0x00007FF79D1F0000-0x00007FF79D5E2000-memory.dmp

Filesize
3.9MB

Download
memory/4528-5040-0x00007FF762CE0000-0x00007FF7630D2000-memory.dmp

Filesize
3.9MB

Download
memory/4528-266-0x00007FF762CE0000-0x00007FF7630D2000-memory.dmp

Filesize
3.9MB

Download
memory/4580-261-0x00007FF7644C0000-0x00007FF7648B2000-memory.dmp

Filesize
3.9MB

Download
memory/4580-5142-0x00007FF7644C0000-0x00007FF7648B2000-memory.dmp

Filesize
3.9MB

Download
memory/5060-262-0x00007FF768F40000-0x00007FF769332000-memory.dmp

Filesize
3.9MB

Download
memory/5060-5303-0x00007FF768F40000-0x00007FF769332000-memory.dmp

Filesize
3.9MB

Download
memory/5092-4968-0x00007FF711050000-0x00007FF711442000-memory.dmp

Filesize
3.9MB

Download
memory/5092-4617-0x00007FF711050000-0x00007FF711442000-memory.dmp

Filesize
3.9MB

Download
memory/5092-50-0x00007FF711050000-0x00007FF711442000-memory.dmp

Filesize
3.9MB

Download