xmrig | c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028

Analysis

max time kernel
150s
max time network
144s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21/05/2024, 03:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
Size

1.6MB
MD5

a865dfd1209493fc5e85305ea180fa5a
SHA1

908a532669674324a642f996bc0882f4bfbc1da3
SHA256

c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028
SHA512

d788cdc3525d52ee5dee94bda4eacb37bbb1437bbdcf1afbc543803f074f9cc2e49909356ff46a5b59faaa35b411bd60358c23f85d7280466d9b161e5a2901bf
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvj7NaVNqd9OeSZXCdzvd4/iooIXsLq9Uab:Lz071uv4BPMkHC0IaSEzQR4iRLUUaazY

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 25 IoCs

resource	yara_rule
behavioral1/memory/2840-12-0x000000013F270000-0x000000013F662000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/808-170-0x000000013FDD0000-0x00000001401C2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2316-168-0x000000013F5F0000-0x000000013F9E2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2952-166-0x000000013F6B0000-0x000000013FAA2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2608-164-0x000000013FD10000-0x0000000140102000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2652-160-0x000000013F360000-0x000000013F752000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2576-145-0x000000013FD20000-0x0000000140112000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2820-136-0x000000013FBD0000-0x000000013FFC2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2564-128-0x000000013FA60000-0x000000013FE52000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2600-126-0x000000013F6F0000-0x000000013FAE2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2592-124-0x000000013F780000-0x000000013FB72000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2656-122-0x000000013F4A0000-0x000000013F892000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/3056-740-0x000000013FDB0000-0x00000001401A2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2952-4243-0x000000013F6B0000-0x000000013FAA2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2652-4280-0x000000013F360000-0x000000013F752000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2820-4278-0x000000013FBD0000-0x000000013FFC2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2600-4288-0x000000013F6F0000-0x000000013FAE2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2840-4295-0x000000013F270000-0x000000013F662000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2576-4290-0x000000013FD20000-0x0000000140112000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/808-4268-0x000000013FDD0000-0x00000001401C2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2656-4267-0x000000013F4A0000-0x000000013F892000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2608-4358-0x000000013FD10000-0x0000000140102000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2564-4310-0x000000013FA60000-0x000000013FE52000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2316-4348-0x000000013F5F0000-0x000000013F9E2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2592-4315-0x000000013F780000-0x000000013FB72000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 58 IoCs

resource	yara_rule
behavioral1/files/0x000c0000000144e4-5.dat	UPX
behavioral1/memory/3056-6-0x000000013FDB0000-0x00000001401A2000-memory.dmp	UPX
behavioral1/memory/2840-12-0x000000013F270000-0x000000013F662000-memory.dmp	UPX
behavioral1/files/0x0007000000004e76-22.dat	UPX
behavioral1/files/0x0007000000014baa-33.dat	UPX
behavioral1/files/0x0008000000014b63-29.dat	UPX
behavioral1/files/0x000a000000014bea-39.dat	UPX
behavioral1/files/0x0007000000015ce1-48.dat	UPX
behavioral1/files/0x0006000000015d56-73.dat	UPX
behavioral1/files/0x0006000000015d79-92.dat	UPX
behavioral1/files/0x0006000000015d87-99.dat	UPX
behavioral1/files/0x0006000000015e3a-114.dat	UPX
behavioral1/files/0x0006000000016843-194.dat	UPX
behavioral1/files/0x0006000000016117-181.dat	UPX
behavioral1/files/0x0006000000015f6d-178.dat	UPX
behavioral1/files/0x00060000000164b2-175.dat	UPX
behavioral1/files/0x00060000000161e7-174.dat	UPX
behavioral1/files/0x0006000000015fe9-173.dat	UPX
behavioral1/memory/808-170-0x000000013FDD0000-0x00000001401C2000-memory.dmp	UPX
behavioral1/memory/2316-168-0x000000013F5F0000-0x000000013F9E2000-memory.dmp	UPX
behavioral1/memory/2952-166-0x000000013F6B0000-0x000000013FAA2000-memory.dmp	UPX
behavioral1/memory/2608-164-0x000000013FD10000-0x0000000140102000-memory.dmp	UPX
behavioral1/memory/2652-160-0x000000013F360000-0x000000013F752000-memory.dmp	UPX
behavioral1/files/0x0006000000016572-156.dat	UPX
behavioral1/files/0x000600000001630b-150.dat	UPX
behavioral1/memory/2576-145-0x000000013FD20000-0x0000000140112000-memory.dmp	UPX
behavioral1/memory/2820-136-0x000000013FBD0000-0x000000013FFC2000-memory.dmp	UPX
behavioral1/files/0x000600000001661c-185.dat	UPX
behavioral1/files/0x0006000000015eaf-140.dat	UPX
behavioral1/memory/2564-128-0x000000013FA60000-0x000000013FE52000-memory.dmp	UPX
behavioral1/memory/2600-126-0x000000013F6F0000-0x000000013FAE2000-memory.dmp	UPX
behavioral1/memory/2592-124-0x000000013F780000-0x000000013FB72000-memory.dmp	UPX
behavioral1/memory/2656-122-0x000000013F4A0000-0x000000013F892000-memory.dmp	UPX
behavioral1/files/0x0006000000015d9b-109.dat	UPX
behavioral1/files/0x0033000000014726-118.dat	UPX
behavioral1/files/0x0006000000015d6f-88.dat	UPX
behavioral1/files/0x0006000000015d8f-103.dat	UPX
behavioral1/files/0x0006000000015d67-83.dat	UPX
behavioral1/files/0x0006000000015d5e-78.dat	UPX
behavioral1/files/0x0006000000015d4a-68.dat	UPX
behavioral1/files/0x0006000000015d07-59.dat	UPX
behavioral1/files/0x0006000000015d28-62.dat	UPX
behavioral1/files/0x0006000000015ceb-53.dat	UPX
behavioral1/files/0x000a000000014e51-43.dat	UPX
behavioral1/files/0x003400000001471d-19.dat	UPX
behavioral1/memory/3056-740-0x000000013FDB0000-0x00000001401A2000-memory.dmp	UPX
behavioral1/memory/2952-4243-0x000000013F6B0000-0x000000013FAA2000-memory.dmp	UPX
behavioral1/memory/2652-4280-0x000000013F360000-0x000000013F752000-memory.dmp	UPX
behavioral1/memory/2820-4278-0x000000013FBD0000-0x000000013FFC2000-memory.dmp	UPX
behavioral1/memory/2600-4288-0x000000013F6F0000-0x000000013FAE2000-memory.dmp	UPX
behavioral1/memory/2840-4295-0x000000013F270000-0x000000013F662000-memory.dmp	UPX
behavioral1/memory/2576-4290-0x000000013FD20000-0x0000000140112000-memory.dmp	UPX
behavioral1/memory/808-4268-0x000000013FDD0000-0x00000001401C2000-memory.dmp	UPX
behavioral1/memory/2656-4267-0x000000013F4A0000-0x000000013F892000-memory.dmp	UPX
behavioral1/memory/2608-4358-0x000000013FD10000-0x0000000140102000-memory.dmp	UPX
behavioral1/memory/2564-4310-0x000000013FA60000-0x000000013FE52000-memory.dmp	UPX
behavioral1/memory/2316-4348-0x000000013F5F0000-0x000000013F9E2000-memory.dmp	UPX
behavioral1/memory/2592-4315-0x000000013F780000-0x000000013FB72000-memory.dmp	UPX

XMRig Miner payload 26 IoCs

miner

resource	yara_rule
behavioral1/memory/2840-12-0x000000013F270000-0x000000013F662000-memory.dmp	xmrig
behavioral1/memory/808-170-0x000000013FDD0000-0x00000001401C2000-memory.dmp	xmrig
behavioral1/memory/2316-168-0x000000013F5F0000-0x000000013F9E2000-memory.dmp	xmrig
behavioral1/memory/2952-166-0x000000013F6B0000-0x000000013FAA2000-memory.dmp	xmrig
behavioral1/memory/2608-164-0x000000013FD10000-0x0000000140102000-memory.dmp	xmrig
behavioral1/memory/3056-163-0x0000000003320000-0x0000000003712000-memory.dmp	xmrig
behavioral1/memory/2652-160-0x000000013F360000-0x000000013F752000-memory.dmp	xmrig
behavioral1/memory/2576-145-0x000000013FD20000-0x0000000140112000-memory.dmp	xmrig
behavioral1/memory/2820-136-0x000000013FBD0000-0x000000013FFC2000-memory.dmp	xmrig
behavioral1/memory/2564-128-0x000000013FA60000-0x000000013FE52000-memory.dmp	xmrig
behavioral1/memory/2600-126-0x000000013F6F0000-0x000000013FAE2000-memory.dmp	xmrig
behavioral1/memory/2592-124-0x000000013F780000-0x000000013FB72000-memory.dmp	xmrig
behavioral1/memory/2656-122-0x000000013F4A0000-0x000000013F892000-memory.dmp	xmrig
behavioral1/memory/3056-740-0x000000013FDB0000-0x00000001401A2000-memory.dmp	xmrig
behavioral1/memory/2952-4243-0x000000013F6B0000-0x000000013FAA2000-memory.dmp	xmrig
behavioral1/memory/2652-4280-0x000000013F360000-0x000000013F752000-memory.dmp	xmrig
behavioral1/memory/2820-4278-0x000000013FBD0000-0x000000013FFC2000-memory.dmp	xmrig
behavioral1/memory/2600-4288-0x000000013F6F0000-0x000000013FAE2000-memory.dmp	xmrig
behavioral1/memory/2840-4295-0x000000013F270000-0x000000013F662000-memory.dmp	xmrig
behavioral1/memory/2576-4290-0x000000013FD20000-0x0000000140112000-memory.dmp	xmrig
behavioral1/memory/808-4268-0x000000013FDD0000-0x00000001401C2000-memory.dmp	xmrig
behavioral1/memory/2656-4267-0x000000013F4A0000-0x000000013F892000-memory.dmp	xmrig
behavioral1/memory/2608-4358-0x000000013FD10000-0x0000000140102000-memory.dmp	xmrig
behavioral1/memory/2564-4310-0x000000013FA60000-0x000000013FE52000-memory.dmp	xmrig
behavioral1/memory/2316-4348-0x000000013F5F0000-0x000000013F9E2000-memory.dmp	xmrig
behavioral1/memory/2592-4315-0x000000013F780000-0x000000013FB72000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
1280	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2840	SBBmxmJ.exe
2656	uXrROkg.exe
2592	IwZKCGN.exe
2600	QkzuvZA.exe
2564	eOaZLgi.exe
2820	SXBBHxG.exe
2576	ZaWEdfv.exe
2652	zilvZXh.exe
2608	qGSCCLh.exe
2952	aQSqriH.exe
2316	KdWoPPy.exe
808	vdZFGtV.exe
2932	GvWMfbu.exe
2976	hXuhSBT.exe
2100	GGeMrOG.exe
2772	TUZMSQf.exe
1648	nSMtmeQ.exe
1524	NmrFjyh.exe
1704	xvrOROO.exe
2804	REWQiLZ.exe
2108	qQYoiyH.exe
1316	OOdSvkV.exe
1692	NbohPyr.exe
580	WUOwjVx.exe
1776	ZbidRmr.exe
984	xgFMPxe.exe
1652	yOKMjin.exe
2416	ixHUMBM.exe
1592	QBrfVTU.exe
2216	tQHNXnp.exe
1040	SlhMOBm.exe
1156	zzARnWR.exe
784	pVrkCCQ.exe
1536	bRbyUcD.exe
1944	cFanCZf.exe
1288	BhRAXZx.exe
1864	AzngIkb.exe
2536	UOPLyoe.exe
2848	nsViIPn.exe
2276	hsFdtLx.exe
1700	jbQbKEw.exe
900	rElTwGB.exe
2896	ETdfCUz.exe
2352	ljBZUAI.exe
1500	wWuIXpG.exe
1256	rwMBLnV.exe
804	KKqsqmx.exe
1608	QVAOUhN.exe
2580	SRGEuQK.exe
2852	btCpatp.exe
2464	aJhOdeB.exe
2956	wWxnSuS.exe
2988	uKTRVbW.exe
2532	pqzXwhH.exe
2712	lhLJzRV.exe
2292	IFbzwwD.exe
1400	iWxIyat.exe
2168	JuZFYnG.exe
1080	MgEiFtR.exe
1780	PSLTfmw.exe
2000	AbsABsB.exe
2136	QMyWjAH.exe
1284	KGLCOJi.exe
3032	oaNrUyc.exe

Loads dropped DLL 64 IoCs

pid	Process
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe

UPX packed file 58 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000c0000000144e4-5.dat	upx
behavioral1/memory/3056-6-0x000000013FDB0000-0x00000001401A2000-memory.dmp	upx
behavioral1/memory/2840-12-0x000000013F270000-0x000000013F662000-memory.dmp	upx
behavioral1/files/0x0007000000004e76-22.dat	upx
behavioral1/files/0x0007000000014baa-33.dat	upx
behavioral1/files/0x0008000000014b63-29.dat	upx
behavioral1/files/0x000a000000014bea-39.dat	upx
behavioral1/files/0x0007000000015ce1-48.dat	upx
behavioral1/files/0x0006000000015d56-73.dat	upx
behavioral1/files/0x0006000000015d79-92.dat	upx
behavioral1/files/0x0006000000015d87-99.dat	upx
behavioral1/files/0x0006000000015e3a-114.dat	upx
behavioral1/files/0x0006000000016843-194.dat	upx
behavioral1/files/0x0006000000016117-181.dat	upx
behavioral1/files/0x0006000000015f6d-178.dat	upx
behavioral1/files/0x00060000000164b2-175.dat	upx
behavioral1/files/0x00060000000161e7-174.dat	upx
behavioral1/files/0x0006000000015fe9-173.dat	upx
behavioral1/memory/808-170-0x000000013FDD0000-0x00000001401C2000-memory.dmp	upx
behavioral1/memory/2316-168-0x000000013F5F0000-0x000000013F9E2000-memory.dmp	upx
behavioral1/memory/2952-166-0x000000013F6B0000-0x000000013FAA2000-memory.dmp	upx
behavioral1/memory/2608-164-0x000000013FD10000-0x0000000140102000-memory.dmp	upx
behavioral1/memory/2652-160-0x000000013F360000-0x000000013F752000-memory.dmp	upx
behavioral1/files/0x0006000000016572-156.dat	upx
behavioral1/files/0x000600000001630b-150.dat	upx
behavioral1/memory/2576-145-0x000000013FD20000-0x0000000140112000-memory.dmp	upx
behavioral1/memory/2820-136-0x000000013FBD0000-0x000000013FFC2000-memory.dmp	upx
behavioral1/files/0x000600000001661c-185.dat	upx
behavioral1/files/0x0006000000015eaf-140.dat	upx
behavioral1/memory/2564-128-0x000000013FA60000-0x000000013FE52000-memory.dmp	upx
behavioral1/memory/2600-126-0x000000013F6F0000-0x000000013FAE2000-memory.dmp	upx
behavioral1/memory/2592-124-0x000000013F780000-0x000000013FB72000-memory.dmp	upx
behavioral1/memory/2656-122-0x000000013F4A0000-0x000000013F892000-memory.dmp	upx
behavioral1/files/0x0006000000015d9b-109.dat	upx
behavioral1/files/0x0033000000014726-118.dat	upx
behavioral1/files/0x0006000000015d6f-88.dat	upx
behavioral1/files/0x0006000000015d8f-103.dat	upx
behavioral1/files/0x0006000000015d67-83.dat	upx
behavioral1/files/0x0006000000015d5e-78.dat	upx
behavioral1/files/0x0006000000015d4a-68.dat	upx
behavioral1/files/0x0006000000015d07-59.dat	upx
behavioral1/files/0x0006000000015d28-62.dat	upx
behavioral1/files/0x0006000000015ceb-53.dat	upx
behavioral1/files/0x000a000000014e51-43.dat	upx
behavioral1/files/0x003400000001471d-19.dat	upx
behavioral1/memory/3056-740-0x000000013FDB0000-0x00000001401A2000-memory.dmp	upx
behavioral1/memory/2952-4243-0x000000013F6B0000-0x000000013FAA2000-memory.dmp	upx
behavioral1/memory/2652-4280-0x000000013F360000-0x000000013F752000-memory.dmp	upx
behavioral1/memory/2820-4278-0x000000013FBD0000-0x000000013FFC2000-memory.dmp	upx
behavioral1/memory/2600-4288-0x000000013F6F0000-0x000000013FAE2000-memory.dmp	upx
behavioral1/memory/2840-4295-0x000000013F270000-0x000000013F662000-memory.dmp	upx
behavioral1/memory/2576-4290-0x000000013FD20000-0x0000000140112000-memory.dmp	upx
behavioral1/memory/808-4268-0x000000013FDD0000-0x00000001401C2000-memory.dmp	upx
behavioral1/memory/2656-4267-0x000000013F4A0000-0x000000013F892000-memory.dmp	upx
behavioral1/memory/2608-4358-0x000000013FD10000-0x0000000140102000-memory.dmp	upx
behavioral1/memory/2564-4310-0x000000013FA60000-0x000000013FE52000-memory.dmp	upx
behavioral1/memory/2316-4348-0x000000013F5F0000-0x000000013F9E2000-memory.dmp	upx
behavioral1/memory/2592-4315-0x000000013F780000-0x000000013FB72000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\jtaXvZU.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\ijbixsq.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\vAVbvnl.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\xhkscyS.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\psSFeDN.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\ezkpdji.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\kQPBMpB.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\jYhSlzx.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\pYTijwp.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\IcaYMVL.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\ufNPCNR.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\IUJSMPu.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\fdsLgDu.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\TEYapQp.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\NYSGpwy.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\hxqIcJp.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\yWGxRIH.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\AjzlzZc.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\cPHxrfT.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\gapAeJa.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\bGCMchA.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\DJWbzUC.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\eNaEADS.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\ERvazFu.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\wHBgaox.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\eUAXvaD.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\iwGcQNF.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\KQNlNuB.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\rbbhITT.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\GSzLIlF.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\SzJENHc.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\MUtWqWa.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\swfjZqa.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\GsSsdbM.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\ubNTgAL.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\rOJaKYU.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\XTEXRZD.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\Ufymela.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\poPQSwb.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\jBUQRSR.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\oFRwZCR.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\jjlvEFj.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\oYRQnmz.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\aVPTWLd.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\WiEndAl.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\jyrPoPP.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\eFVgKRf.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\UcHoQTF.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\qGKiOOZ.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\OBDeqGp.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\hHZZNPI.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\hEWkGaA.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\orQwdCT.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\KkpsBhz.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\ZlLZxKv.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\KixFswb.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\btdcymA.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\rVQojzO.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\FFSxLGz.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\nbkpuIc.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\GHogXCz.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\bbWsbzm.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\qEDPNBk.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\XrfnRVU.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1280	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
Token: SeLockMemoryPrivilege	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
Token: SeDebugPrivilege	1280	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 1280	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	29
PID 3056 wrote to memory of 1280	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	29
PID 3056 wrote to memory of 1280	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	29
PID 3056 wrote to memory of 2840	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	30
PID 3056 wrote to memory of 2840	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	30
PID 3056 wrote to memory of 2840	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	30
PID 3056 wrote to memory of 2656	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	31
PID 3056 wrote to memory of 2656	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	31
PID 3056 wrote to memory of 2656	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	31
PID 3056 wrote to memory of 2592	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	32
PID 3056 wrote to memory of 2592	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	32
PID 3056 wrote to memory of 2592	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	32
PID 3056 wrote to memory of 2600	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	33
PID 3056 wrote to memory of 2600	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	33
PID 3056 wrote to memory of 2600	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	33
PID 3056 wrote to memory of 2564	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	34
PID 3056 wrote to memory of 2564	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	34
PID 3056 wrote to memory of 2564	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	34
PID 3056 wrote to memory of 2820	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	35
PID 3056 wrote to memory of 2820	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	35
PID 3056 wrote to memory of 2820	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	35
PID 3056 wrote to memory of 2576	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	36
PID 3056 wrote to memory of 2576	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	36
PID 3056 wrote to memory of 2576	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	36
PID 3056 wrote to memory of 2652	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	37
PID 3056 wrote to memory of 2652	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	37
PID 3056 wrote to memory of 2652	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	37
PID 3056 wrote to memory of 2608	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	38
PID 3056 wrote to memory of 2608	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	38
PID 3056 wrote to memory of 2608	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	38
PID 3056 wrote to memory of 2952	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	39
PID 3056 wrote to memory of 2952	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	39
PID 3056 wrote to memory of 2952	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	39
PID 3056 wrote to memory of 2316	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	40
PID 3056 wrote to memory of 2316	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	40
PID 3056 wrote to memory of 2316	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	40
PID 3056 wrote to memory of 808	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	41
PID 3056 wrote to memory of 808	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	41
PID 3056 wrote to memory of 808	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	41
PID 3056 wrote to memory of 2932	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	42
PID 3056 wrote to memory of 2932	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	42
PID 3056 wrote to memory of 2932	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	42
PID 3056 wrote to memory of 2976	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	43
PID 3056 wrote to memory of 2976	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	43
PID 3056 wrote to memory of 2976	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	43
PID 3056 wrote to memory of 2100	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	44
PID 3056 wrote to memory of 2100	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	44
PID 3056 wrote to memory of 2100	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	44
PID 3056 wrote to memory of 2772	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	45
PID 3056 wrote to memory of 2772	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	45
PID 3056 wrote to memory of 2772	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	45
PID 3056 wrote to memory of 1648	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	46
PID 3056 wrote to memory of 1648	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	46
PID 3056 wrote to memory of 1648	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	46
PID 3056 wrote to memory of 1524	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	47
PID 3056 wrote to memory of 1524	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	47
PID 3056 wrote to memory of 1524	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	47
PID 3056 wrote to memory of 1704	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	48
PID 3056 wrote to memory of 1704	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	48
PID 3056 wrote to memory of 1704	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	48
PID 3056 wrote to memory of 2804	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	49
PID 3056 wrote to memory of 2804	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	49
PID 3056 wrote to memory of 2804	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	49
PID 3056 wrote to memory of 2108	3056	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	50

C:\Users\Admin\AppData\Local\Temp\c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
"C:\Users\Admin\AppData\Local\Temp\c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1280
- C:\Windows\System\SBBmxmJ.exe
  C:\Windows\System\SBBmxmJ.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\uXrROkg.exe
  C:\Windows\System\uXrROkg.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\IwZKCGN.exe
  C:\Windows\System\IwZKCGN.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\QkzuvZA.exe
  C:\Windows\System\QkzuvZA.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\eOaZLgi.exe
  C:\Windows\System\eOaZLgi.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\SXBBHxG.exe
  C:\Windows\System\SXBBHxG.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\ZaWEdfv.exe
  C:\Windows\System\ZaWEdfv.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\zilvZXh.exe
  C:\Windows\System\zilvZXh.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\qGSCCLh.exe
  C:\Windows\System\qGSCCLh.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\aQSqriH.exe
  C:\Windows\System\aQSqriH.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\KdWoPPy.exe
  C:\Windows\System\KdWoPPy.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\vdZFGtV.exe
  C:\Windows\System\vdZFGtV.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\GvWMfbu.exe
  C:\Windows\System\GvWMfbu.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\hXuhSBT.exe
  C:\Windows\System\hXuhSBT.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\GGeMrOG.exe
  C:\Windows\System\GGeMrOG.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\TUZMSQf.exe
  C:\Windows\System\TUZMSQf.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\nSMtmeQ.exe
  C:\Windows\System\nSMtmeQ.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\NmrFjyh.exe
  C:\Windows\System\NmrFjyh.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\xvrOROO.exe
  C:\Windows\System\xvrOROO.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\REWQiLZ.exe
  C:\Windows\System\REWQiLZ.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\qQYoiyH.exe
  C:\Windows\System\qQYoiyH.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\OOdSvkV.exe
  C:\Windows\System\OOdSvkV.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\NbohPyr.exe
  C:\Windows\System\NbohPyr.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\yOKMjin.exe
  C:\Windows\System\yOKMjin.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\WUOwjVx.exe
  C:\Windows\System\WUOwjVx.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\ixHUMBM.exe
  C:\Windows\System\ixHUMBM.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\ZbidRmr.exe
  C:\Windows\System\ZbidRmr.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\tQHNXnp.exe
  C:\Windows\System\tQHNXnp.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\xgFMPxe.exe
  C:\Windows\System\xgFMPxe.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\SlhMOBm.exe
  C:\Windows\System\SlhMOBm.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\QBrfVTU.exe
  C:\Windows\System\QBrfVTU.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\zzARnWR.exe
  C:\Windows\System\zzARnWR.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\pVrkCCQ.exe
  C:\Windows\System\pVrkCCQ.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\bRbyUcD.exe
  C:\Windows\System\bRbyUcD.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\cFanCZf.exe
  C:\Windows\System\cFanCZf.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\BhRAXZx.exe
  C:\Windows\System\BhRAXZx.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\AzngIkb.exe
  C:\Windows\System\AzngIkb.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\hsFdtLx.exe
  C:\Windows\System\hsFdtLx.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\UOPLyoe.exe
  C:\Windows\System\UOPLyoe.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\rElTwGB.exe
  C:\Windows\System\rElTwGB.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\nsViIPn.exe
  C:\Windows\System\nsViIPn.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\ljBZUAI.exe
  C:\Windows\System\ljBZUAI.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\jbQbKEw.exe
  C:\Windows\System\jbQbKEw.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\trnEDmX.exe
  C:\Windows\System\trnEDmX.exe
  2⤵
  PID:2372
- C:\Windows\System\ETdfCUz.exe
  C:\Windows\System\ETdfCUz.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\fEuXcMa.exe
  C:\Windows\System\fEuXcMa.exe
  2⤵
  PID:1664
- C:\Windows\System\wWuIXpG.exe
  C:\Windows\System\wWuIXpG.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\sHLeViQ.exe
  C:\Windows\System\sHLeViQ.exe
  2⤵
  PID:880
- C:\Windows\System\rwMBLnV.exe
  C:\Windows\System\rwMBLnV.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\eNUSFKj.exe
  C:\Windows\System\eNUSFKj.exe
  2⤵
  PID:1624
- C:\Windows\System\KKqsqmx.exe
  C:\Windows\System\KKqsqmx.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\DTxuiFd.exe
  C:\Windows\System\DTxuiFd.exe
  2⤵
  PID:1604
- C:\Windows\System\QVAOUhN.exe
  C:\Windows\System\QVAOUhN.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\dRdkdgE.exe
  C:\Windows\System\dRdkdgE.exe
  2⤵
  PID:2044
- C:\Windows\System\SRGEuQK.exe
  C:\Windows\System\SRGEuQK.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\BUMjCdj.exe
  C:\Windows\System\BUMjCdj.exe
  2⤵
  PID:2264
- C:\Windows\System\btCpatp.exe
  C:\Windows\System\btCpatp.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\FYPuuqh.exe
  C:\Windows\System\FYPuuqh.exe
  2⤵
  PID:2636
- C:\Windows\System\aJhOdeB.exe
  C:\Windows\System\aJhOdeB.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\zCUCAnh.exe
  C:\Windows\System\zCUCAnh.exe
  2⤵
  PID:2612
- C:\Windows\System\wWxnSuS.exe
  C:\Windows\System\wWxnSuS.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\NQCIZJZ.exe
  C:\Windows\System\NQCIZJZ.exe
  2⤵
  PID:2408
- C:\Windows\System\uKTRVbW.exe
  C:\Windows\System\uKTRVbW.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\WDFDDUj.exe
  C:\Windows\System\WDFDDUj.exe
  2⤵
  PID:2928
- C:\Windows\System\pqzXwhH.exe
  C:\Windows\System\pqzXwhH.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\YHaAyRe.exe
  C:\Windows\System\YHaAyRe.exe
  2⤵
  PID:1812
- C:\Windows\System\lhLJzRV.exe
  C:\Windows\System\lhLJzRV.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\uirFPPy.exe
  C:\Windows\System\uirFPPy.exe
  2⤵
  PID:2836
- C:\Windows\System\IFbzwwD.exe
  C:\Windows\System\IFbzwwD.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\kNUrchb.exe
  C:\Windows\System\kNUrchb.exe
  2⤵
  PID:2540
- C:\Windows\System\iWxIyat.exe
  C:\Windows\System\iWxIyat.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\RakyZok.exe
  C:\Windows\System\RakyZok.exe
  2⤵
  PID:2620
- C:\Windows\System\JuZFYnG.exe
  C:\Windows\System\JuZFYnG.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\xBwrAwX.exe
  C:\Windows\System\xBwrAwX.exe
  2⤵
  PID:2300
- C:\Windows\System\MgEiFtR.exe
  C:\Windows\System\MgEiFtR.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\JwYNjRQ.exe
  C:\Windows\System\JwYNjRQ.exe
  2⤵
  PID:740
- C:\Windows\System\PSLTfmw.exe
  C:\Windows\System\PSLTfmw.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\BjSHamO.exe
  C:\Windows\System\BjSHamO.exe
  2⤵
  PID:768
- C:\Windows\System\AbsABsB.exe
  C:\Windows\System\AbsABsB.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\rzCbKrH.exe
  C:\Windows\System\rzCbKrH.exe
  2⤵
  PID:2444
- C:\Windows\System\QMyWjAH.exe
  C:\Windows\System\QMyWjAH.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\xmzqCCw.exe
  C:\Windows\System\xmzqCCw.exe
  2⤵
  PID:1620
- C:\Windows\System\KGLCOJi.exe
  C:\Windows\System\KGLCOJi.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\qJwkSXi.exe
  C:\Windows\System\qJwkSXi.exe
  2⤵
  PID:2528
- C:\Windows\System\oaNrUyc.exe
  C:\Windows\System\oaNrUyc.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\VuhDCAO.exe
  C:\Windows\System\VuhDCAO.exe
  2⤵
  PID:1508
- C:\Windows\System\wpgyeJW.exe
  C:\Windows\System\wpgyeJW.exe
  2⤵
  PID:2380
- C:\Windows\System\ZVpcWND.exe
  C:\Windows\System\ZVpcWND.exe
  2⤵
  PID:1556
- C:\Windows\System\LCHLBiY.exe
  C:\Windows\System\LCHLBiY.exe
  2⤵
  PID:2800
- C:\Windows\System\PDrNQPe.exe
  C:\Windows\System\PDrNQPe.exe
  2⤵
  PID:272
- C:\Windows\System\JTyRuMR.exe
  C:\Windows\System\JTyRuMR.exe
  2⤵
  PID:1292
- C:\Windows\System\WaKyiXy.exe
  C:\Windows\System\WaKyiXy.exe
  2⤵
  PID:2876
- C:\Windows\System\gomyBeR.exe
  C:\Windows\System\gomyBeR.exe
  2⤵
  PID:2252
- C:\Windows\System\zWRSsOu.exe
  C:\Windows\System\zWRSsOu.exe
  2⤵
  PID:884
- C:\Windows\System\HvBOdif.exe
  C:\Windows\System\HvBOdif.exe
  2⤵
  PID:2396
- C:\Windows\System\QgJpkrd.exe
  C:\Windows\System\QgJpkrd.exe
  2⤵
  PID:2948
- C:\Windows\System\FbXyWGV.exe
  C:\Windows\System\FbXyWGV.exe
  2⤵
  PID:2760
- C:\Windows\System\WXZTOEB.exe
  C:\Windows\System\WXZTOEB.exe
  2⤵
  PID:2572
- C:\Windows\System\WYjBtJQ.exe
  C:\Windows\System\WYjBtJQ.exe
  2⤵
  PID:2132
- C:\Windows\System\HjLYMBb.exe
  C:\Windows\System\HjLYMBb.exe
  2⤵
  PID:2232
- C:\Windows\System\UZdCUAu.exe
  C:\Windows\System\UZdCUAu.exe
  2⤵
  PID:3092
- C:\Windows\System\naPLbBB.exe
  C:\Windows\System\naPLbBB.exe
  2⤵
  PID:3108
- C:\Windows\System\bRdvpeJ.exe
  C:\Windows\System\bRdvpeJ.exe
  2⤵
  PID:3124
- C:\Windows\System\NtEcClQ.exe
  C:\Windows\System\NtEcClQ.exe
  2⤵
  PID:3140
- C:\Windows\System\LiBXCzq.exe
  C:\Windows\System\LiBXCzq.exe
  2⤵
  PID:3156
- C:\Windows\System\mvkvVeC.exe
  C:\Windows\System\mvkvVeC.exe
  2⤵
  PID:3172
- C:\Windows\System\MqXUoXV.exe
  C:\Windows\System\MqXUoXV.exe
  2⤵
  PID:3188
- C:\Windows\System\pdSUrhX.exe
  C:\Windows\System\pdSUrhX.exe
  2⤵
  PID:3204
- C:\Windows\System\nAIlhVS.exe
  C:\Windows\System\nAIlhVS.exe
  2⤵
  PID:3220
- C:\Windows\System\JGRoKsm.exe
  C:\Windows\System\JGRoKsm.exe
  2⤵
  PID:3236
- C:\Windows\System\DKedeRQ.exe
  C:\Windows\System\DKedeRQ.exe
  2⤵
  PID:3252
- C:\Windows\System\QWqmtme.exe
  C:\Windows\System\QWqmtme.exe
  2⤵
  PID:3268
- C:\Windows\System\XHlDtPT.exe
  C:\Windows\System\XHlDtPT.exe
  2⤵
  PID:3284
- C:\Windows\System\WyHJWcn.exe
  C:\Windows\System\WyHJWcn.exe
  2⤵
  PID:3300
- C:\Windows\System\wLWmtXx.exe
  C:\Windows\System\wLWmtXx.exe
  2⤵
  PID:3316
- C:\Windows\System\TRlHPnF.exe
  C:\Windows\System\TRlHPnF.exe
  2⤵
  PID:3332
- C:\Windows\System\JjGedaR.exe
  C:\Windows\System\JjGedaR.exe
  2⤵
  PID:3348
- C:\Windows\System\HFuCkax.exe
  C:\Windows\System\HFuCkax.exe
  2⤵
  PID:3364
- C:\Windows\System\jeqADHC.exe
  C:\Windows\System\jeqADHC.exe
  2⤵
  PID:3380
- C:\Windows\System\JVmWOSf.exe
  C:\Windows\System\JVmWOSf.exe
  2⤵
  PID:3396
- C:\Windows\System\NWOnWOa.exe
  C:\Windows\System\NWOnWOa.exe
  2⤵
  PID:3412
- C:\Windows\System\kFkbFct.exe
  C:\Windows\System\kFkbFct.exe
  2⤵
  PID:3428
- C:\Windows\System\toLHJox.exe
  C:\Windows\System\toLHJox.exe
  2⤵
  PID:3444
- C:\Windows\System\hPwZqHf.exe
  C:\Windows\System\hPwZqHf.exe
  2⤵
  PID:3460
- C:\Windows\System\cWRXjNL.exe
  C:\Windows\System\cWRXjNL.exe
  2⤵
  PID:3476
- C:\Windows\System\pwLiaqf.exe
  C:\Windows\System\pwLiaqf.exe
  2⤵
  PID:3492
- C:\Windows\System\pgWaZzw.exe
  C:\Windows\System\pgWaZzw.exe
  2⤵
  PID:3508
- C:\Windows\System\FEsrcye.exe
  C:\Windows\System\FEsrcye.exe
  2⤵
  PID:3524
- C:\Windows\System\VlXTdug.exe
  C:\Windows\System\VlXTdug.exe
  2⤵
  PID:3540
- C:\Windows\System\UprXrkZ.exe
  C:\Windows\System\UprXrkZ.exe
  2⤵
  PID:3556
- C:\Windows\System\QmLtXwG.exe
  C:\Windows\System\QmLtXwG.exe
  2⤵
  PID:3572
- C:\Windows\System\MlPatJb.exe
  C:\Windows\System\MlPatJb.exe
  2⤵
  PID:3588
- C:\Windows\System\EguBAkw.exe
  C:\Windows\System\EguBAkw.exe
  2⤵
  PID:3604
- C:\Windows\System\GkAWHkj.exe
  C:\Windows\System\GkAWHkj.exe
  2⤵
  PID:3620
- C:\Windows\System\LDkrAAt.exe
  C:\Windows\System\LDkrAAt.exe
  2⤵
  PID:3636
- C:\Windows\System\YAhdCCb.exe
  C:\Windows\System\YAhdCCb.exe
  2⤵
  PID:3652
- C:\Windows\System\PTFlxza.exe
  C:\Windows\System\PTFlxza.exe
  2⤵
  PID:3668
- C:\Windows\System\AtBFgfH.exe
  C:\Windows\System\AtBFgfH.exe
  2⤵
  PID:3684
- C:\Windows\System\HuhHDpx.exe
  C:\Windows\System\HuhHDpx.exe
  2⤵
  PID:3700
- C:\Windows\System\QpDjGIR.exe
  C:\Windows\System\QpDjGIR.exe
  2⤵
  PID:3716
- C:\Windows\System\jtaXvZU.exe
  C:\Windows\System\jtaXvZU.exe
  2⤵
  PID:3736
- C:\Windows\System\dHRbLas.exe
  C:\Windows\System\dHRbLas.exe
  2⤵
  PID:3752
- C:\Windows\System\TQSbViS.exe
  C:\Windows\System\TQSbViS.exe
  2⤵
  PID:3768
- C:\Windows\System\RQmKhnH.exe
  C:\Windows\System\RQmKhnH.exe
  2⤵
  PID:3784
- C:\Windows\System\koWZJmV.exe
  C:\Windows\System\koWZJmV.exe
  2⤵
  PID:3800
- C:\Windows\System\DQFjoag.exe
  C:\Windows\System\DQFjoag.exe
  2⤵
  PID:3816
- C:\Windows\System\chqtuYi.exe
  C:\Windows\System\chqtuYi.exe
  2⤵
  PID:3832
- C:\Windows\System\ajvTvHK.exe
  C:\Windows\System\ajvTvHK.exe
  2⤵
  PID:3848
- C:\Windows\System\IbYmFIu.exe
  C:\Windows\System\IbYmFIu.exe
  2⤵
  PID:3864
- C:\Windows\System\HaVWuUK.exe
  C:\Windows\System\HaVWuUK.exe
  2⤵
  PID:3880
- C:\Windows\System\nVoxmQb.exe
  C:\Windows\System\nVoxmQb.exe
  2⤵
  PID:3896
- C:\Windows\System\FUPVsFM.exe
  C:\Windows\System\FUPVsFM.exe
  2⤵
  PID:3912
- C:\Windows\System\rVQojzO.exe
  C:\Windows\System\rVQojzO.exe
  2⤵
  PID:3928
- C:\Windows\System\ZFNObxQ.exe
  C:\Windows\System\ZFNObxQ.exe
  2⤵
  PID:3944
- C:\Windows\System\LhgmjHf.exe
  C:\Windows\System\LhgmjHf.exe
  2⤵
  PID:3960
- C:\Windows\System\yRTZgrx.exe
  C:\Windows\System\yRTZgrx.exe
  2⤵
  PID:3976
- C:\Windows\System\JCqjjwu.exe
  C:\Windows\System\JCqjjwu.exe
  2⤵
  PID:3992
- C:\Windows\System\JNmHXDa.exe
  C:\Windows\System\JNmHXDa.exe
  2⤵
  PID:4008
- C:\Windows\System\rZHMqvZ.exe
  C:\Windows\System\rZHMqvZ.exe
  2⤵
  PID:4024
- C:\Windows\System\qpJlgsa.exe
  C:\Windows\System\qpJlgsa.exe
  2⤵
  PID:4040
- C:\Windows\System\oqtmQaK.exe
  C:\Windows\System\oqtmQaK.exe
  2⤵
  PID:4056
- C:\Windows\System\HLOgcNM.exe
  C:\Windows\System\HLOgcNM.exe
  2⤵
  PID:4072
- C:\Windows\System\hibWjDJ.exe
  C:\Windows\System\hibWjDJ.exe
  2⤵
  PID:4088
- C:\Windows\System\EnneLMT.exe
  C:\Windows\System\EnneLMT.exe
  2⤵
  PID:764
- C:\Windows\System\KbyksJa.exe
  C:\Windows\System\KbyksJa.exe
  2⤵
  PID:3132
- C:\Windows\System\EeJMnOQ.exe
  C:\Windows\System\EeJMnOQ.exe
  2⤵
  PID:3196
- C:\Windows\System\GZJBOcj.exe
  C:\Windows\System\GZJBOcj.exe
  2⤵
  PID:3260
- C:\Windows\System\ZtctxSF.exe
  C:\Windows\System\ZtctxSF.exe
  2⤵
  PID:3324
- C:\Windows\System\sJlnNiz.exe
  C:\Windows\System\sJlnNiz.exe
  2⤵
  PID:3388
- C:\Windows\System\EDSBVWc.exe
  C:\Windows\System\EDSBVWc.exe
  2⤵
  PID:2004
- C:\Windows\System\CfZuCfk.exe
  C:\Windows\System\CfZuCfk.exe
  2⤵
  PID:3488
- C:\Windows\System\BxuxNES.exe
  C:\Windows\System\BxuxNES.exe
  2⤵
  PID:3552
- C:\Windows\System\fcjaDnK.exe
  C:\Windows\System\fcjaDnK.exe
  2⤵
  PID:3616
- C:\Windows\System\qFRLSQJ.exe
  C:\Windows\System\qFRLSQJ.exe
  2⤵
  PID:1760
- C:\Windows\System\BsaxKgp.exe
  C:\Windows\System\BsaxKgp.exe
  2⤵
  PID:2112
- C:\Windows\System\ArvZgLN.exe
  C:\Windows\System\ArvZgLN.exe
  2⤵
  PID:1452
- C:\Windows\System\nbvLUWg.exe
  C:\Windows\System\nbvLUWg.exe
  2⤵
  PID:3708
- C:\Windows\System\VWkMCbH.exe
  C:\Windows\System\VWkMCbH.exe
  2⤵
  PID:3748
- C:\Windows\System\eLMnjxV.exe
  C:\Windows\System\eLMnjxV.exe
  2⤵
  PID:3808
- C:\Windows\System\PoTzhLg.exe
  C:\Windows\System\PoTzhLg.exe
  2⤵
  PID:3872
- C:\Windows\System\ovWRqsp.exe
  C:\Windows\System\ovWRqsp.exe
  2⤵
  PID:3936
- C:\Windows\System\NGpixaJ.exe
  C:\Windows\System\NGpixaJ.exe
  2⤵
  PID:4000
- C:\Windows\System\EwOGXNN.exe
  C:\Windows\System\EwOGXNN.exe
  2⤵
  PID:4064
- C:\Windows\System\aVsCLBR.exe
  C:\Windows\System\aVsCLBR.exe
  2⤵
  PID:2116
- C:\Windows\System\kUAPkRN.exe
  C:\Windows\System\kUAPkRN.exe
  2⤵
  PID:4112
- C:\Windows\System\hOwQYLq.exe
  C:\Windows\System\hOwQYLq.exe
  2⤵
  PID:4128
- C:\Windows\System\aGqbCcx.exe
  C:\Windows\System\aGqbCcx.exe
  2⤵
  PID:4144
- C:\Windows\System\fsNHXSL.exe
  C:\Windows\System\fsNHXSL.exe
  2⤵
  PID:4160
- C:\Windows\System\xCEWvyH.exe
  C:\Windows\System\xCEWvyH.exe
  2⤵
  PID:4176
- C:\Windows\System\YCQJgyj.exe
  C:\Windows\System\YCQJgyj.exe
  2⤵
  PID:4192
- C:\Windows\System\ALTFzOx.exe
  C:\Windows\System\ALTFzOx.exe
  2⤵
  PID:4208
- C:\Windows\System\PAhLgwR.exe
  C:\Windows\System\PAhLgwR.exe
  2⤵
  PID:4224
- C:\Windows\System\wgCAbzb.exe
  C:\Windows\System\wgCAbzb.exe
  2⤵
  PID:4240
- C:\Windows\System\ajYWfjw.exe
  C:\Windows\System\ajYWfjw.exe
  2⤵
  PID:4256
- C:\Windows\System\AymEAko.exe
  C:\Windows\System\AymEAko.exe
  2⤵
  PID:4272
- C:\Windows\System\FppphZj.exe
  C:\Windows\System\FppphZj.exe
  2⤵
  PID:4288
- C:\Windows\System\ZRdbsFP.exe
  C:\Windows\System\ZRdbsFP.exe
  2⤵
  PID:4304
- C:\Windows\System\rclEPXx.exe
  C:\Windows\System\rclEPXx.exe
  2⤵
  PID:4320
- C:\Windows\System\UZIsMSH.exe
  C:\Windows\System\UZIsMSH.exe
  2⤵
  PID:4336
- C:\Windows\System\AudYuxY.exe
  C:\Windows\System\AudYuxY.exe
  2⤵
  PID:4352
- C:\Windows\System\xRCEXpt.exe
  C:\Windows\System\xRCEXpt.exe
  2⤵
  PID:4368
- C:\Windows\System\mlwXjLX.exe
  C:\Windows\System\mlwXjLX.exe
  2⤵
  PID:4384
- C:\Windows\System\ILZNEtF.exe
  C:\Windows\System\ILZNEtF.exe
  2⤵
  PID:4400
- C:\Windows\System\iHeYXdy.exe
  C:\Windows\System\iHeYXdy.exe
  2⤵
  PID:4416
- C:\Windows\System\gabWjGU.exe
  C:\Windows\System\gabWjGU.exe
  2⤵
  PID:4432
- C:\Windows\System\wFyuOpo.exe
  C:\Windows\System\wFyuOpo.exe
  2⤵
  PID:4448
- C:\Windows\System\FXYXqPB.exe
  C:\Windows\System\FXYXqPB.exe
  2⤵
  PID:4464
- C:\Windows\System\dhButNU.exe
  C:\Windows\System\dhButNU.exe
  2⤵
  PID:4484
- C:\Windows\System\IJdeZDZ.exe
  C:\Windows\System\IJdeZDZ.exe
  2⤵
  PID:4500
- C:\Windows\System\auWsOIp.exe
  C:\Windows\System\auWsOIp.exe
  2⤵
  PID:4516
- C:\Windows\System\TuApedD.exe
  C:\Windows\System\TuApedD.exe
  2⤵
  PID:4532
- C:\Windows\System\euPoqdI.exe
  C:\Windows\System\euPoqdI.exe
  2⤵
  PID:4548
- C:\Windows\System\hHZZNPI.exe
  C:\Windows\System\hHZZNPI.exe
  2⤵
  PID:4564
- C:\Windows\System\hwyXXKR.exe
  C:\Windows\System\hwyXXKR.exe
  2⤵
  PID:4580
- C:\Windows\System\iNVPBuY.exe
  C:\Windows\System\iNVPBuY.exe
  2⤵
  PID:4596
- C:\Windows\System\LJELuKG.exe
  C:\Windows\System\LJELuKG.exe
  2⤵
  PID:4612
- C:\Windows\System\nGinIiG.exe
  C:\Windows\System\nGinIiG.exe
  2⤵
  PID:4628
- C:\Windows\System\xRWOVdf.exe
  C:\Windows\System\xRWOVdf.exe
  2⤵
  PID:4644
- C:\Windows\System\TPNrrfd.exe
  C:\Windows\System\TPNrrfd.exe
  2⤵
  PID:4660
- C:\Windows\System\WZglbRf.exe
  C:\Windows\System\WZglbRf.exe
  2⤵
  PID:4676
- C:\Windows\System\orUldPX.exe
  C:\Windows\System\orUldPX.exe
  2⤵
  PID:4692
- C:\Windows\System\GVouMLX.exe
  C:\Windows\System\GVouMLX.exe
  2⤵
  PID:4708
- C:\Windows\System\iNioUQt.exe
  C:\Windows\System\iNioUQt.exe
  2⤵
  PID:4724
- C:\Windows\System\WNDpJPn.exe
  C:\Windows\System\WNDpJPn.exe
  2⤵
  PID:4740
- C:\Windows\System\buvojcx.exe
  C:\Windows\System\buvojcx.exe
  2⤵
  PID:4756
- C:\Windows\System\ueFBWnA.exe
  C:\Windows\System\ueFBWnA.exe
  2⤵
  PID:4772
- C:\Windows\System\aIRUxiX.exe
  C:\Windows\System\aIRUxiX.exe
  2⤵
  PID:4788
- C:\Windows\System\tfuzbOm.exe
  C:\Windows\System\tfuzbOm.exe
  2⤵
  PID:4804
- C:\Windows\System\eQOePjO.exe
  C:\Windows\System\eQOePjO.exe
  2⤵
  PID:4820
- C:\Windows\System\dzsHsuh.exe
  C:\Windows\System\dzsHsuh.exe
  2⤵
  PID:4836
- C:\Windows\System\hBtxZZb.exe
  C:\Windows\System\hBtxZZb.exe
  2⤵
  PID:4852
- C:\Windows\System\CMgGbvZ.exe
  C:\Windows\System\CMgGbvZ.exe
  2⤵
  PID:4868
- C:\Windows\System\kWmJOUH.exe
  C:\Windows\System\kWmJOUH.exe
  2⤵
  PID:4884
- C:\Windows\System\oWvzEnQ.exe
  C:\Windows\System\oWvzEnQ.exe
  2⤵
  PID:4900
- C:\Windows\System\ysSsPMa.exe
  C:\Windows\System\ysSsPMa.exe
  2⤵
  PID:4916
- C:\Windows\System\ZBmYMxo.exe
  C:\Windows\System\ZBmYMxo.exe
  2⤵
  PID:4932
- C:\Windows\System\pTMcZza.exe
  C:\Windows\System\pTMcZza.exe
  2⤵
  PID:4948
- C:\Windows\System\PaOgfmD.exe
  C:\Windows\System\PaOgfmD.exe
  2⤵
  PID:4964
- C:\Windows\System\uYPycrw.exe
  C:\Windows\System\uYPycrw.exe
  2⤵
  PID:4980
- C:\Windows\System\zzjMvBl.exe
  C:\Windows\System\zzjMvBl.exe
  2⤵
  PID:4996
- C:\Windows\System\XZFtVco.exe
  C:\Windows\System\XZFtVco.exe
  2⤵
  PID:5012
- C:\Windows\System\ZCMDVso.exe
  C:\Windows\System\ZCMDVso.exe
  2⤵
  PID:5028
- C:\Windows\System\rSVZFsr.exe
  C:\Windows\System\rSVZFsr.exe
  2⤵
  PID:5044
- C:\Windows\System\fsMdBnW.exe
  C:\Windows\System\fsMdBnW.exe
  2⤵
  PID:5060
- C:\Windows\System\wHBgaox.exe
  C:\Windows\System\wHBgaox.exe
  2⤵
  PID:5076
- C:\Windows\System\bIENMqj.exe
  C:\Windows\System\bIENMqj.exe
  2⤵
  PID:5092
- C:\Windows\System\EjIDYnT.exe
  C:\Windows\System\EjIDYnT.exe
  2⤵
  PID:5108
- C:\Windows\System\JQctLNT.exe
  C:\Windows\System\JQctLNT.exe
  2⤵
  PID:1740
- C:\Windows\System\qPWBbUG.exe
  C:\Windows\System\qPWBbUG.exe
  2⤵
  PID:1100
- C:\Windows\System\MCypnvz.exe
  C:\Windows\System\MCypnvz.exe
  2⤵
  PID:3296
- C:\Windows\System\YEVACkC.exe
  C:\Windows\System\YEVACkC.exe
  2⤵
  PID:3548
- C:\Windows\System\hbCDcIq.exe
  C:\Windows\System\hbCDcIq.exe
  2⤵
  PID:1984
- C:\Windows\System\MdmuyMx.exe
  C:\Windows\System\MdmuyMx.exe
  2⤵
  PID:3844
- C:\Windows\System\fombsKS.exe
  C:\Windows\System\fombsKS.exe
  2⤵
  PID:2796
- C:\Windows\System\PEIOKph.exe
  C:\Windows\System\PEIOKph.exe
  2⤵
  PID:4184
- C:\Windows\System\ZzxkZjR.exe
  C:\Windows\System\ZzxkZjR.exe
  2⤵
  PID:4248
- C:\Windows\System\qJjLcwe.exe
  C:\Windows\System\qJjLcwe.exe
  2⤵
  PID:4312
- C:\Windows\System\GUaZHLw.exe
  C:\Windows\System\GUaZHLw.exe
  2⤵
  PID:4376
- C:\Windows\System\iZIYTNO.exe
  C:\Windows\System\iZIYTNO.exe
  2⤵
  PID:4440
- C:\Windows\System\OaPjWZt.exe
  C:\Windows\System\OaPjWZt.exe
  2⤵
  PID:4508
- C:\Windows\System\rmxOXwZ.exe
  C:\Windows\System\rmxOXwZ.exe
  2⤵
  PID:4572
- C:\Windows\System\guaANQZ.exe
  C:\Windows\System\guaANQZ.exe
  2⤵
  PID:4636
- C:\Windows\System\gdNbBak.exe
  C:\Windows\System\gdNbBak.exe
  2⤵
  PID:292
- C:\Windows\System\GHEvqNZ.exe
  C:\Windows\System\GHEvqNZ.exe
  2⤵
  PID:4704
- C:\Windows\System\DMfFmru.exe
  C:\Windows\System\DMfFmru.exe
  2⤵
  PID:4768
- C:\Windows\System\JXWJPlx.exe
  C:\Windows\System\JXWJPlx.exe
  2⤵
  PID:4832
- C:\Windows\System\XXHrVbi.exe
  C:\Windows\System\XXHrVbi.exe
  2⤵
  PID:4892
- C:\Windows\System\zqjuhaw.exe
  C:\Windows\System\zqjuhaw.exe
  2⤵
  PID:4956
- C:\Windows\System\azEKDUQ.exe
  C:\Windows\System\azEKDUQ.exe
  2⤵
  PID:5020
- C:\Windows\System\boDayDi.exe
  C:\Windows\System\boDayDi.exe
  2⤵
  PID:5084
- C:\Windows\System\GzkKtXw.exe
  C:\Windows\System\GzkKtXw.exe
  2⤵
  PID:1820
- C:\Windows\System\aFuRsra.exe
  C:\Windows\System\aFuRsra.exe
  2⤵
  PID:2056
- C:\Windows\System\bjKBLzE.exe
  C:\Windows\System\bjKBLzE.exe
  2⤵
  PID:4220
- C:\Windows\System\rSBZYfu.exe
  C:\Windows\System\rSBZYfu.exe
  2⤵
  PID:4476
- C:\Windows\System\lPAUqyI.exe
  C:\Windows\System\lPAUqyI.exe
  2⤵
  PID:4672
- C:\Windows\System\OrvPLnp.exe
  C:\Windows\System\OrvPLnp.exe
  2⤵
  PID:4924
- C:\Windows\System\UDyhxnX.exe
  C:\Windows\System\UDyhxnX.exe
  2⤵
  PID:5056
- C:\Windows\System\jmjTDzm.exe
  C:\Windows\System\jmjTDzm.exe
  2⤵
  PID:4472
- C:\Windows\System\cTXCAIP.exe
  C:\Windows\System\cTXCAIP.exe
  2⤵
  PID:2248
- C:\Windows\System\bmMocpo.exe
  C:\Windows\System\bmMocpo.exe
  2⤵
  PID:5136
- C:\Windows\System\rfwZOtF.exe
  C:\Windows\System\rfwZOtF.exe
  2⤵
  PID:5152
- C:\Windows\System\eEhIIZL.exe
  C:\Windows\System\eEhIIZL.exe
  2⤵
  PID:5168
- C:\Windows\System\YEpgHIQ.exe
  C:\Windows\System\YEpgHIQ.exe
  2⤵
  PID:5184
- C:\Windows\System\hyJUrvT.exe
  C:\Windows\System\hyJUrvT.exe
  2⤵
  PID:5200
- C:\Windows\System\Awxauvx.exe
  C:\Windows\System\Awxauvx.exe
  2⤵
  PID:5228
- C:\Windows\System\jOijLeg.exe
  C:\Windows\System\jOijLeg.exe
  2⤵
  PID:5244
- C:\Windows\System\MGxecQM.exe
  C:\Windows\System\MGxecQM.exe
  2⤵
  PID:5260
- C:\Windows\System\kDseAPZ.exe
  C:\Windows\System\kDseAPZ.exe
  2⤵
  PID:5276
- C:\Windows\System\VUexISW.exe
  C:\Windows\System\VUexISW.exe
  2⤵
  PID:5292
- C:\Windows\System\StDDcqg.exe
  C:\Windows\System\StDDcqg.exe
  2⤵
  PID:5308
- C:\Windows\System\VwGlWKS.exe
  C:\Windows\System\VwGlWKS.exe
  2⤵
  PID:5324
- C:\Windows\System\WBjZNPH.exe
  C:\Windows\System\WBjZNPH.exe
  2⤵
  PID:5340
- C:\Windows\System\QlwNamD.exe
  C:\Windows\System\QlwNamD.exe
  2⤵
  PID:5356
- C:\Windows\System\yVATGBx.exe
  C:\Windows\System\yVATGBx.exe
  2⤵
  PID:5560
- C:\Windows\System\PnSfxdN.exe
  C:\Windows\System\PnSfxdN.exe
  2⤵
  PID:5576
- C:\Windows\System\ZfyMICv.exe
  C:\Windows\System\ZfyMICv.exe
  2⤵
  PID:5592
- C:\Windows\System\fgQFoqy.exe
  C:\Windows\System\fgQFoqy.exe
  2⤵
  PID:5608
- C:\Windows\System\iAqxvJf.exe
  C:\Windows\System\iAqxvJf.exe
  2⤵
  PID:5624
- C:\Windows\System\gjeePOy.exe
  C:\Windows\System\gjeePOy.exe
  2⤵
  PID:5640
- C:\Windows\System\gXCWVRY.exe
  C:\Windows\System\gXCWVRY.exe
  2⤵
  PID:5656
- C:\Windows\System\wqDhSTL.exe
  C:\Windows\System\wqDhSTL.exe
  2⤵
  PID:5672
- C:\Windows\System\MnYLHED.exe
  C:\Windows\System\MnYLHED.exe
  2⤵
  PID:5688
- C:\Windows\System\gUhmcct.exe
  C:\Windows\System\gUhmcct.exe
  2⤵
  PID:5704
- C:\Windows\System\LHikGcJ.exe
  C:\Windows\System\LHikGcJ.exe
  2⤵
  PID:5720
- C:\Windows\System\ODElbee.exe
  C:\Windows\System\ODElbee.exe
  2⤵
  PID:5736
- C:\Windows\System\DUDSZlW.exe
  C:\Windows\System\DUDSZlW.exe
  2⤵
  PID:5752
- C:\Windows\System\JlFfuAw.exe
  C:\Windows\System\JlFfuAw.exe
  2⤵
  PID:5768
- C:\Windows\System\HtLZrWO.exe
  C:\Windows\System\HtLZrWO.exe
  2⤵
  PID:5784
- C:\Windows\System\GmLwyMi.exe
  C:\Windows\System\GmLwyMi.exe
  2⤵
  PID:5800
- C:\Windows\System\VPAdoZb.exe
  C:\Windows\System\VPAdoZb.exe
  2⤵
  PID:5816
- C:\Windows\System\lniZKoP.exe
  C:\Windows\System\lniZKoP.exe
  2⤵
  PID:5832
- C:\Windows\System\NTbYGSZ.exe
  C:\Windows\System\NTbYGSZ.exe
  2⤵
  PID:5848
- C:\Windows\System\PTMmUea.exe
  C:\Windows\System\PTMmUea.exe
  2⤵
  PID:5864
- C:\Windows\System\cQzOZsh.exe
  C:\Windows\System\cQzOZsh.exe
  2⤵
  PID:5880
- C:\Windows\System\Mkmlhyo.exe
  C:\Windows\System\Mkmlhyo.exe
  2⤵
  PID:5896
- C:\Windows\System\OvItUJs.exe
  C:\Windows\System\OvItUJs.exe
  2⤵
  PID:5912
- C:\Windows\System\NfqOGqT.exe
  C:\Windows\System\NfqOGqT.exe
  2⤵
  PID:5928
- C:\Windows\System\iwIjCEc.exe
  C:\Windows\System\iwIjCEc.exe
  2⤵
  PID:5956
- C:\Windows\System\xxeNPun.exe
  C:\Windows\System\xxeNPun.exe
  2⤵
  PID:5972
- C:\Windows\System\OaXscrZ.exe
  C:\Windows\System\OaXscrZ.exe
  2⤵
  PID:5988
- C:\Windows\System\EzoVtzW.exe
  C:\Windows\System\EzoVtzW.exe
  2⤵
  PID:6004
- C:\Windows\System\XwAZKtp.exe
  C:\Windows\System\XwAZKtp.exe
  2⤵
  PID:6020
- C:\Windows\System\BHMwrAl.exe
  C:\Windows\System\BHMwrAl.exe
  2⤵
  PID:6036
- C:\Windows\System\GQOSBMm.exe
  C:\Windows\System\GQOSBMm.exe
  2⤵
  PID:6052
- C:\Windows\System\vZxAakY.exe
  C:\Windows\System\vZxAakY.exe
  2⤵
  PID:6068
- C:\Windows\System\MUwSwVd.exe
  C:\Windows\System\MUwSwVd.exe
  2⤵
  PID:6084
- C:\Windows\System\AxecgGY.exe
  C:\Windows\System\AxecgGY.exe
  2⤵
  PID:6100
- C:\Windows\System\CPpjhib.exe
  C:\Windows\System\CPpjhib.exe
  2⤵
  PID:6116
- C:\Windows\System\JkdgXsu.exe
  C:\Windows\System\JkdgXsu.exe
  2⤵
  PID:6132
- C:\Windows\System\JlyDeLr.exe
  C:\Windows\System\JlyDeLr.exe
  2⤵
  PID:1852
- C:\Windows\System\waUhqaY.exe
  C:\Windows\System\waUhqaY.exe
  2⤵
  PID:5164
- C:\Windows\System\YSMDZCa.exe
  C:\Windows\System\YSMDZCa.exe
  2⤵
  PID:5240
- C:\Windows\System\vvGeyrF.exe
  C:\Windows\System\vvGeyrF.exe
  2⤵
  PID:5300
- C:\Windows\System\tAMcoFw.exe
  C:\Windows\System\tAMcoFw.exe
  2⤵
  PID:5364
- C:\Windows\System\LooSViZ.exe
  C:\Windows\System\LooSViZ.exe
  2⤵
  PID:5380
- C:\Windows\System\ZZWtSTB.exe
  C:\Windows\System\ZZWtSTB.exe
  2⤵
  PID:5400
- C:\Windows\System\rSvKSaC.exe
  C:\Windows\System\rSvKSaC.exe
  2⤵
  PID:2392
- C:\Windows\System\pKHrVis.exe
  C:\Windows\System\pKHrVis.exe
  2⤵
  PID:5432
- C:\Windows\System\fDfoRBW.exe
  C:\Windows\System\fDfoRBW.exe
  2⤵
  PID:5448
- C:\Windows\System\JgYEJrM.exe
  C:\Windows\System\JgYEJrM.exe
  2⤵
  PID:5460
- C:\Windows\System\tBBsxQT.exe
  C:\Windows\System\tBBsxQT.exe
  2⤵
  PID:5476
- C:\Windows\System\EKtwcEG.exe
  C:\Windows\System\EKtwcEG.exe
  2⤵
  PID:2632
- C:\Windows\System\udtcSUQ.exe
  C:\Windows\System\udtcSUQ.exe
  2⤵
  PID:2752
- C:\Windows\System\AKuBhcr.exe
  C:\Windows\System\AKuBhcr.exe
  2⤵
  PID:1396
- C:\Windows\System\ORfxNuL.exe
  C:\Windows\System\ORfxNuL.exe
  2⤵
  PID:308
- C:\Windows\System\xfnJyLH.exe
  C:\Windows\System\xfnJyLH.exe
  2⤵
  PID:6152
- C:\Windows\System\XcsFGSY.exe
  C:\Windows\System\XcsFGSY.exe
  2⤵
  PID:6168
- C:\Windows\System\IRjOWcK.exe
  C:\Windows\System\IRjOWcK.exe
  2⤵
  PID:6184
- C:\Windows\System\hTZMwhb.exe
  C:\Windows\System\hTZMwhb.exe
  2⤵
  PID:6200
- C:\Windows\System\DlBOEof.exe
  C:\Windows\System\DlBOEof.exe
  2⤵
  PID:6216
- C:\Windows\System\mIifSzy.exe
  C:\Windows\System\mIifSzy.exe
  2⤵
  PID:6232
- C:\Windows\System\ndEfkoM.exe
  C:\Windows\System\ndEfkoM.exe
  2⤵
  PID:6248
- C:\Windows\System\vuRcDre.exe
  C:\Windows\System\vuRcDre.exe
  2⤵
  PID:6264
- C:\Windows\System\gmMopSF.exe
  C:\Windows\System\gmMopSF.exe
  2⤵
  PID:6280
- C:\Windows\System\ZUuHIjR.exe
  C:\Windows\System\ZUuHIjR.exe
  2⤵
  PID:6296
- C:\Windows\System\SQkGJIY.exe
  C:\Windows\System\SQkGJIY.exe
  2⤵
  PID:6312
- C:\Windows\System\XYQTtqV.exe
  C:\Windows\System\XYQTtqV.exe
  2⤵
  PID:6328
- C:\Windows\System\SUUHPcg.exe
  C:\Windows\System\SUUHPcg.exe
  2⤵
  PID:6344
- C:\Windows\System\xmTPfES.exe
  C:\Windows\System\xmTPfES.exe
  2⤵
  PID:6360
- C:\Windows\System\ygrxNiV.exe
  C:\Windows\System\ygrxNiV.exe
  2⤵
  PID:6376
- C:\Windows\System\XGejASn.exe
  C:\Windows\System\XGejASn.exe
  2⤵
  PID:6392
- C:\Windows\System\muMHOUg.exe
  C:\Windows\System\muMHOUg.exe
  2⤵
  PID:6408
- C:\Windows\System\TiEswSq.exe
  C:\Windows\System\TiEswSq.exe
  2⤵
  PID:6424
- C:\Windows\System\HpcRQRy.exe
  C:\Windows\System\HpcRQRy.exe
  2⤵
  PID:6440
- C:\Windows\System\xnFrnBo.exe
  C:\Windows\System\xnFrnBo.exe
  2⤵
  PID:6456
- C:\Windows\System\gpqhcNV.exe
  C:\Windows\System\gpqhcNV.exe
  2⤵
  PID:6472
- C:\Windows\System\hRPTVlm.exe
  C:\Windows\System\hRPTVlm.exe
  2⤵
  PID:6488
- C:\Windows\System\QCfExcq.exe
  C:\Windows\System\QCfExcq.exe
  2⤵
  PID:6508
- C:\Windows\System\tLnjPWz.exe
  C:\Windows\System\tLnjPWz.exe
  2⤵
  PID:6524
- C:\Windows\System\qZsqwPc.exe
  C:\Windows\System\qZsqwPc.exe
  2⤵
  PID:6544
- C:\Windows\System\NCHMfhv.exe
  C:\Windows\System\NCHMfhv.exe
  2⤵
  PID:6948
- C:\Windows\System\GjOPORx.exe
  C:\Windows\System\GjOPORx.exe
  2⤵
  PID:6968
- C:\Windows\System\pkzrSSY.exe
  C:\Windows\System\pkzrSSY.exe
  2⤵
  PID:1532
- C:\Windows\System\CoMESfT.exe
  C:\Windows\System\CoMESfT.exe
  2⤵
  PID:5812
- C:\Windows\System\QVMSHAW.exe
  C:\Windows\System\QVMSHAW.exe
  2⤵
  PID:6076
- C:\Windows\System\zIcENcI.exe
  C:\Windows\System\zIcENcI.exe
  2⤵
  PID:6208
- C:\Windows\System\EAYdWEd.exe
  C:\Windows\System\EAYdWEd.exe
  2⤵
  PID:6308
- C:\Windows\System\eyqDeSI.exe
  C:\Windows\System\eyqDeSI.exe
  2⤵
  PID:6432
- C:\Windows\System\CgOqppO.exe
  C:\Windows\System\CgOqppO.exe
  2⤵
  PID:5584
- C:\Windows\System\fouhVWN.exe
  C:\Windows\System\fouhVWN.exe
  2⤵
  PID:5504
- C:\Windows\System\IQxmkyF.exe
  C:\Windows\System\IQxmkyF.exe
  2⤵
  PID:5528
- C:\Windows\System\wdbBJyU.exe
  C:\Windows\System\wdbBJyU.exe
  2⤵
  PID:5552
- C:\Windows\System\zUYiOCQ.exe
  C:\Windows\System\zUYiOCQ.exe
  2⤵
  PID:6496
- C:\Windows\System\oLUJghy.exe
  C:\Windows\System\oLUJghy.exe
  2⤵
  PID:3760
- C:\Windows\System\qahdlBe.exe
  C:\Windows\System\qahdlBe.exe
  2⤵
  PID:3828
- C:\Windows\System\ybEcRQa.exe
  C:\Windows\System\ybEcRQa.exe
  2⤵
  PID:3920
- C:\Windows\System\ysvbhAt.exe
  C:\Windows\System\ysvbhAt.exe
  2⤵
  PID:4016
- C:\Windows\System\KsRktaZ.exe
  C:\Windows\System\KsRktaZ.exe
  2⤵
  PID:4080
- C:\Windows\System\FgfLgRE.exe
  C:\Windows\System\FgfLgRE.exe
  2⤵
  PID:3232
- C:\Windows\System\gEryOxP.exe
  C:\Windows\System\gEryOxP.exe
  2⤵
  PID:3484
- C:\Windows\System\kHfbFoP.exe
  C:\Windows\System\kHfbFoP.exe
  2⤵
  PID:2032
- C:\Windows\System\AKdSwhR.exe
  C:\Windows\System\AKdSwhR.exe
  2⤵
  PID:4140
- C:\Windows\System\iCzWOQs.exe
  C:\Windows\System\iCzWOQs.exe
  2⤵
  PID:4328
- C:\Windows\System\TamBtPS.exe
  C:\Windows\System\TamBtPS.exe
  2⤵
  PID:4396
- C:\Windows\System\mkfXSqL.exe
  C:\Windows\System\mkfXSqL.exe
  2⤵
  PID:4748
- C:\Windows\System\hYhZOqC.exe
  C:\Windows\System\hYhZOqC.exe
  2⤵
  PID:4876
- C:\Windows\System\MiUGRUv.exe
  C:\Windows\System\MiUGRUv.exe
  2⤵
  PID:5040
- C:\Windows\System\MxDxAxs.exe
  C:\Windows\System\MxDxAxs.exe
  2⤵
  PID:1636
- C:\Windows\System\IpspXVc.exe
  C:\Windows\System\IpspXVc.exe
  2⤵
  PID:4736
- C:\Windows\System\NnFwRwI.exe
  C:\Windows\System\NnFwRwI.exe
  2⤵
  PID:5116
- C:\Windows\System\xyNVHgq.exe
  C:\Windows\System\xyNVHgq.exe
  2⤵
  PID:5148
- C:\Windows\System\hFcwmHy.exe
  C:\Windows\System\hFcwmHy.exe
  2⤵
  PID:5252
- C:\Windows\System\wStIYdR.exe
  C:\Windows\System\wStIYdR.exe
  2⤵
  PID:5636
- C:\Windows\System\QHVbZrS.exe
  C:\Windows\System\QHVbZrS.exe
  2⤵
  PID:5792
- C:\Windows\System\zfSsFCD.exe
  C:\Windows\System\zfSsFCD.exe
  2⤵
  PID:1932
- C:\Windows\System\ZrEImXV.exe
  C:\Windows\System\ZrEImXV.exe
  2⤵
  PID:1804
- C:\Windows\System\PZIohng.exe
  C:\Windows\System\PZIohng.exe
  2⤵
  PID:5468
- C:\Windows\System\HJmbiFG.exe
  C:\Windows\System\HJmbiFG.exe
  2⤵
  PID:6160
- C:\Windows\System\dhDGvXX.exe
  C:\Windows\System\dhDGvXX.exe
  2⤵
  PID:6260
- C:\Windows\System\KgQqjuc.exe
  C:\Windows\System\KgQqjuc.exe
  2⤵
  PID:6352
- C:\Windows\System\rvlmNJp.exe
  C:\Windows\System\rvlmNJp.exe
  2⤵
  PID:6480
- C:\Windows\System\nEyBhss.exe
  C:\Windows\System\nEyBhss.exe
  2⤵
  PID:6748
- C:\Windows\System\EaLCYLe.exe
  C:\Windows\System\EaLCYLe.exe
  2⤵
  PID:6768
- C:\Windows\System\jAMjaVw.exe
  C:\Windows\System\jAMjaVw.exe
  2⤵
  PID:6796
- C:\Windows\System\IEqNmNS.exe
  C:\Windows\System\IEqNmNS.exe
  2⤵
  PID:488
- C:\Windows\System\obiDTGD.exe
  C:\Windows\System\obiDTGD.exe
  2⤵
  PID:4036
- C:\Windows\System\JmFETux.exe
  C:\Windows\System\JmFETux.exe
  2⤵
  PID:4264
- C:\Windows\System\wHjWCDP.exe
  C:\Windows\System\wHjWCDP.exe
  2⤵
  PID:4492
- C:\Windows\System\zHgdsNh.exe
  C:\Windows\System\zHgdsNh.exe
  2⤵
  PID:4560
- C:\Windows\System\awtcGzG.exe
  C:\Windows\System\awtcGzG.exe
  2⤵
  PID:4652
- C:\Windows\System\LeLSvjD.exe
  C:\Windows\System\LeLSvjD.exe
  2⤵
  PID:4880
- C:\Windows\System\CEUYJJN.exe
  C:\Windows\System\CEUYJJN.exe
  2⤵
  PID:3424
- C:\Windows\System\GaBdqOu.exe
  C:\Windows\System\GaBdqOu.exe
  2⤵
  PID:4992
- C:\Windows\System\ExaDGXH.exe
  C:\Windows\System\ExaDGXH.exe
  2⤵
  PID:1796
- C:\Windows\System\xStPOiH.exe
  C:\Windows\System\xStPOiH.exe
  2⤵
  PID:4284
- C:\Windows\System\LigiRwZ.exe
  C:\Windows\System\LigiRwZ.exe
  2⤵
  PID:5288
- C:\Windows\System\cAxmEyb.exe
  C:\Windows\System\cAxmEyb.exe
  2⤵
  PID:1756
- C:\Windows\System\OdFTscs.exe
  C:\Windows\System\OdFTscs.exe
  2⤵
  PID:1084
- C:\Windows\System\MUSRvwS.exe
  C:\Windows\System\MUSRvwS.exe
  2⤵
  PID:4592
- C:\Windows\System\wBYdqhb.exe
  C:\Windows\System\wBYdqhb.exe
  2⤵
  PID:4668
- C:\Windows\System\mgSnwlh.exe
  C:\Windows\System\mgSnwlh.exe
  2⤵
  PID:5220
- C:\Windows\System\LgjvjNf.exe
  C:\Windows\System\LgjvjNf.exe
  2⤵
  PID:5632
- C:\Windows\System\wsjHhCq.exe
  C:\Windows\System\wsjHhCq.exe
  2⤵
  PID:5828
- C:\Windows\System\zmoJTnf.exe
  C:\Windows\System\zmoJTnf.exe
  2⤵
  PID:6028
- C:\Windows\System\OSUCkMC.exe
  C:\Windows\System\OSUCkMC.exe
  2⤵
  PID:5268
- C:\Windows\System\ZGuniCG.exe
  C:\Windows\System\ZGuniCG.exe
  2⤵
  PID:2668
- C:\Windows\System\KxOjdgy.exe
  C:\Windows\System\KxOjdgy.exe
  2⤵
  PID:6324
- C:\Windows\System\OVlYtsU.exe
  C:\Windows\System\OVlYtsU.exe
  2⤵
  PID:6516
- C:\Windows\System\QPAVkTU.exe
  C:\Windows\System\QPAVkTU.exe
  2⤵
  PID:6564
- C:\Windows\System\vgwnMHg.exe
  C:\Windows\System\vgwnMHg.exe
  2⤵
  PID:6580
- C:\Windows\System\JeUOCkH.exe
  C:\Windows\System\JeUOCkH.exe
  2⤵
  PID:6612
- C:\Windows\System\NkANIqP.exe
  C:\Windows\System\NkANIqP.exe
  2⤵
  PID:6640
- C:\Windows\System\tSYDfRp.exe
  C:\Windows\System\tSYDfRp.exe
  2⤵
  PID:6648
- C:\Windows\System\LWuMYZT.exe
  C:\Windows\System\LWuMYZT.exe
  2⤵
  PID:6664
- C:\Windows\System\MBrGvIU.exe
  C:\Windows\System\MBrGvIU.exe
  2⤵
  PID:6680
- C:\Windows\System\mDrSiLz.exe
  C:\Windows\System\mDrSiLz.exe
  2⤵
  PID:6692
- C:\Windows\System\lEfayOw.exe
  C:\Windows\System\lEfayOw.exe
  2⤵
  PID:6712
- C:\Windows\System\nobqLvP.exe
  C:\Windows\System\nobqLvP.exe
  2⤵
  PID:6728
- C:\Windows\System\YCjeWfY.exe
  C:\Windows\System\YCjeWfY.exe
  2⤵
  PID:2924
- C:\Windows\System\eGOArAE.exe
  C:\Windows\System\eGOArAE.exe
  2⤵
  PID:5568
- C:\Windows\System\pwNzMsZ.exe
  C:\Windows\System\pwNzMsZ.exe
  2⤵
  PID:2764
- C:\Windows\System\GUdYjTb.exe
  C:\Windows\System\GUdYjTb.exe
  2⤵
  PID:2060
- C:\Windows\System\xabCnLJ.exe
  C:\Windows\System\xabCnLJ.exe
  2⤵
  PID:2680
- C:\Windows\System\DNOoAYX.exe
  C:\Windows\System\DNOoAYX.exe
  2⤵
  PID:1248
- C:\Windows\System\XlqNTWw.exe
  C:\Windows\System\XlqNTWw.exe
  2⤵
  PID:860
- C:\Windows\System\jpQmHUg.exe
  C:\Windows\System\jpQmHUg.exe
  2⤵
  PID:2548
- C:\Windows\System\yMOJfjC.exe
  C:\Windows\System\yMOJfjC.exe
  2⤵
  PID:6876
- C:\Windows\System\XCzoPAV.exe
  C:\Windows\System\XCzoPAV.exe
  2⤵
  PID:6864
- C:\Windows\System\RedhKrO.exe
  C:\Windows\System\RedhKrO.exe
  2⤵
  PID:2092
- C:\Windows\System\FKwOBkk.exe
  C:\Windows\System\FKwOBkk.exe
  2⤵
  PID:2828
- C:\Windows\System\ssYKzNF.exe
  C:\Windows\System\ssYKzNF.exe
  2⤵
  PID:6896
- C:\Windows\System\pDGghZa.exe
  C:\Windows\System\pDGghZa.exe
  2⤵
  PID:640
- C:\Windows\System\VNlCryH.exe
  C:\Windows\System\VNlCryH.exe
  2⤵
  PID:1964
- C:\Windows\System\vUucGSE.exe
  C:\Windows\System\vUucGSE.exe
  2⤵
  PID:3080
- C:\Windows\System\MQfmhBA.exe
  C:\Windows\System\MQfmhBA.exe
  2⤵
  PID:6940
- C:\Windows\System\jHHaKGt.exe
  C:\Windows\System\jHHaKGt.exe
  2⤵
  PID:3044
- C:\Windows\System\OAVMHGA.exe
  C:\Windows\System\OAVMHGA.exe
  2⤵
  PID:1144
- C:\Windows\System\DLLIGWD.exe
  C:\Windows\System\DLLIGWD.exe
  2⤵
  PID:2640
- C:\Windows\System\jwnkUVf.exe
  C:\Windows\System\jwnkUVf.exe
  2⤵
  PID:6844
- C:\Windows\System\dhXNbKO.exe
  C:\Windows\System\dhXNbKO.exe
  2⤵
  PID:6964
- C:\Windows\System\NeHqZCv.exe
  C:\Windows\System\NeHqZCv.exe
  2⤵
  PID:2072
- C:\Windows\System\bbWsbzm.exe
  C:\Windows\System\bbWsbzm.exe
  2⤵
  PID:7016
- C:\Windows\System\karmRry.exe
  C:\Windows\System\karmRry.exe
  2⤵
  PID:7000
- C:\Windows\System\sRHQcmd.exe
  C:\Windows\System\sRHQcmd.exe
  2⤵
  PID:6992
- C:\Windows\System\FhtXEie.exe
  C:\Windows\System\FhtXEie.exe
  2⤵
  PID:7028
- C:\Windows\System\lZdGzrA.exe
  C:\Windows\System\lZdGzrA.exe
  2⤵
  PID:7052
- C:\Windows\System\tcwwUTB.exe
  C:\Windows\System\tcwwUTB.exe
  2⤵
  PID:2360
- C:\Windows\System\XoQmJCF.exe
  C:\Windows\System\XoQmJCF.exe
  2⤵
  PID:2184
- C:\Windows\System\hsYFXGR.exe
  C:\Windows\System\hsYFXGR.exe
  2⤵
  PID:7060
- C:\Windows\System\avDEixH.exe
  C:\Windows\System\avDEixH.exe
  2⤵
  PID:7084
- C:\Windows\System\yCxDBJa.exe
  C:\Windows\System\yCxDBJa.exe
  2⤵
  PID:7100
- C:\Windows\System\BbtraZR.exe
  C:\Windows\System\BbtraZR.exe
  2⤵
  PID:7116
- C:\Windows\System\vRtPFld.exe
  C:\Windows\System\vRtPFld.exe
  2⤵
  PID:7132
- C:\Windows\System\FBPxpSo.exe
  C:\Windows\System\FBPxpSo.exe
  2⤵
  PID:7148
- C:\Windows\System\qUxdhSK.exe
  C:\Windows\System\qUxdhSK.exe
  2⤵
  PID:7164
- C:\Windows\System\hFafheV.exe
  C:\Windows\System\hFafheV.exe
  2⤵
  PID:612
- C:\Windows\System\LwwqLMB.exe
  C:\Windows\System\LwwqLMB.exe
  2⤵
  PID:7064
- C:\Windows\System\Ypksvhi.exe
  C:\Windows\System\Ypksvhi.exe
  2⤵
  PID:3248
- C:\Windows\System\YTgqdsB.exe
  C:\Windows\System\YTgqdsB.exe
  2⤵
  PID:3312
- C:\Windows\System\FRzIXNK.exe
  C:\Windows\System\FRzIXNK.exe
  2⤵
  PID:3408
- C:\Windows\System\SJwoPck.exe
  C:\Windows\System\SJwoPck.exe
  2⤵
  PID:3472
- C:\Windows\System\YCkvqeU.exe
  C:\Windows\System\YCkvqeU.exe
  2⤵
  PID:3536
- C:\Windows\System\gHajcIt.exe
  C:\Windows\System\gHajcIt.exe
  2⤵
  PID:3596
- C:\Windows\System\QybiGEH.exe
  C:\Windows\System\QybiGEH.exe
  2⤵
  PID:3660
- C:\Windows\System\asWxtUC.exe
  C:\Windows\System\asWxtUC.exe
  2⤵
  PID:1656
- C:\Windows\System\IBmHoQh.exe
  C:\Windows\System\IBmHoQh.exe
  2⤵
  PID:1228
- C:\Windows\System\SesuQBw.exe
  C:\Windows\System\SesuQBw.exe
  2⤵
  PID:4152
- C:\Windows\System\GtTFpIu.exe
  C:\Windows\System\GtTFpIu.exe
  2⤵
  PID:1640
- C:\Windows\System\VSjgcvR.exe
  C:\Windows\System\VSjgcvR.exe
  2⤵
  PID:5908
- C:\Windows\System\DCyWtjS.exe
  C:\Windows\System\DCyWtjS.exe
  2⤵
  PID:6012
- C:\Windows\System\dasDcAJ.exe
  C:\Windows\System\dasDcAJ.exe
  2⤵
  PID:2140
- C:\Windows\System\XMyzGFZ.exe
  C:\Windows\System\XMyzGFZ.exe
  2⤵
  PID:3040
- C:\Windows\System\TXDacZc.exe
  C:\Windows\System\TXDacZc.exe
  2⤵
  PID:5452
- C:\Windows\System\AEbfyww.exe
  C:\Windows\System\AEbfyww.exe
  2⤵
  PID:1772
- C:\Windows\System\VJossPz.exe
  C:\Windows\System\VJossPz.exe
  2⤵
  PID:5420
- C:\Windows\System\GwFmpOP.exe
  C:\Windows\System\GwFmpOP.exe
  2⤵
  PID:6148
- C:\Windows\System\qQZVmOs.exe
  C:\Windows\System\qQZVmOs.exe
  2⤵
  PID:6276
- C:\Windows\System\HRBkEMx.exe
  C:\Windows\System\HRBkEMx.exe
  2⤵
  PID:6404
- C:\Windows\System\VczelOs.exe
  C:\Windows\System\VczelOs.exe
  2⤵
  PID:5944
- C:\Windows\System\DGMoQvB.exe
  C:\Windows\System\DGMoQvB.exe
  2⤵
  PID:6340
- C:\Windows\System\qJTXEpG.exe
  C:\Windows\System\qJTXEpG.exe
  2⤵
  PID:5548
- C:\Windows\System\lMdntDu.exe
  C:\Windows\System\lMdntDu.exe
  2⤵
  PID:5516
- C:\Windows\System\BfOuobR.exe
  C:\Windows\System\BfOuobR.exe
  2⤵
  PID:5588
- C:\Windows\System\YjPENFL.exe
  C:\Windows\System\YjPENFL.exe
  2⤵
  PID:5680
- C:\Windows\System\BMdIeWK.exe
  C:\Windows\System\BMdIeWK.exe
  2⤵
  PID:2328
- C:\Windows\System\VyRSbfk.exe
  C:\Windows\System\VyRSbfk.exe
  2⤵
  PID:5952
- C:\Windows\System\WzmEwiK.exe
  C:\Windows\System\WzmEwiK.exe
  2⤵
  PID:3728
- C:\Windows\System\LbNUpGK.exe
  C:\Windows\System\LbNUpGK.exe
  2⤵
  PID:6080
- C:\Windows\System\WxZMLvg.exe
  C:\Windows\System\WxZMLvg.exe
  2⤵
  PID:3984
- C:\Windows\System\DChGdVn.exe
  C:\Windows\System\DChGdVn.exe
  2⤵
  PID:4048
- C:\Windows\System\PQeCBNR.exe
  C:\Windows\System\PQeCBNR.exe
  2⤵
  PID:3100
- C:\Windows\System\lxoqJpx.exe
  C:\Windows\System\lxoqJpx.exe
  2⤵
  PID:3612
- C:\Windows\System\fSCodqR.exe
  C:\Windows\System\fSCodqR.exe
  2⤵
  PID:1816
- C:\Windows\System\ROnpqRa.exe
  C:\Windows\System\ROnpqRa.exe
  2⤵
  PID:3908
- C:\Windows\System\hdjSZww.exe
  C:\Windows\System\hdjSZww.exe
  2⤵
  PID:4848
- C:\Windows\System\bOhVskM.exe
  C:\Windows\System\bOhVskM.exe
  2⤵
  PID:4412
- C:\Windows\System\VBTtMPn.exe
  C:\Windows\System\VBTtMPn.exe
  2⤵
  PID:5088
- C:\Windows\System\rNCsoNw.exe
  C:\Windows\System\rNCsoNw.exe
  2⤵
  PID:4348
- C:\Windows\System\iOGudVm.exe
  C:\Windows\System\iOGudVm.exe
  2⤵
  PID:2296
- C:\Windows\System\PoVcOxd.exe
  C:\Windows\System\PoVcOxd.exe
  2⤵
  PID:1712
- C:\Windows\System\ixzABAQ.exe
  C:\Windows\System\ixzABAQ.exe
  2⤵
  PID:1728
- C:\Windows\System\RUGMhYH.exe
  C:\Windows\System\RUGMhYH.exe
  2⤵
  PID:5964
- C:\Windows\System\pTRgqRx.exe
  C:\Windows\System\pTRgqRx.exe
  2⤵
  PID:2304
- C:\Windows\System\SwvZVUS.exe
  C:\Windows\System\SwvZVUS.exe
  2⤵
  PID:6944
- C:\Windows\System\tUIOwIx.exe
  C:\Windows\System\tUIOwIx.exe
  2⤵
  PID:6292
- C:\Windows\System\dkjWPyf.exe
  C:\Windows\System\dkjWPyf.exe
  2⤵
  PID:6520
- C:\Windows\System\CMwgqWj.exe
  C:\Windows\System\CMwgqWj.exe
  2⤵
  PID:6792
- C:\Windows\System\wFpBxTv.exe
  C:\Windows\System\wFpBxTv.exe
  2⤵
  PID:1336
- C:\Windows\System\pnnYmAg.exe
  C:\Windows\System\pnnYmAg.exe
  2⤵
  PID:5072
- C:\Windows\System\fDxiOZj.exe
  C:\Windows\System\fDxiOZj.exe
  2⤵
  PID:4860
- C:\Windows\System\sRfeYkJ.exe
  C:\Windows\System\sRfeYkJ.exe
  2⤵
  PID:4928
- C:\Windows\System\eyZvrBI.exe
  C:\Windows\System\eyZvrBI.exe
  2⤵
  PID:5920
- C:\Windows\System\KqiUGOC.exe
  C:\Windows\System\KqiUGOC.exe
  2⤵
  PID:6388
- C:\Windows\System\uiblIyP.exe
  C:\Windows\System\uiblIyP.exe
  2⤵
  PID:6572
- C:\Windows\System\TQmUYYG.exe
  C:\Windows\System\TQmUYYG.exe
  2⤵
  PID:6660
- C:\Windows\System\YueteVo.exe
  C:\Windows\System\YueteVo.exe
  2⤵
  PID:6724
- C:\Windows\System\saQlRhn.exe
  C:\Windows\System\saQlRhn.exe
  2⤵
  PID:1324
- C:\Windows\System\pviEhEY.exe
  C:\Windows\System\pviEhEY.exe
  2⤵
  PID:2856
- C:\Windows\System\CcCETmh.exe
  C:\Windows\System\CcCETmh.exe
  2⤵
  PID:5372
- C:\Windows\System\gUEUKxD.exe
  C:\Windows\System\gUEUKxD.exe
  2⤵
  PID:4864
- C:\Windows\System\QWzAeoq.exe
  C:\Windows\System\QWzAeoq.exe
  2⤵
  PID:5216
- C:\Windows\System\hYwGbYC.exe
  C:\Windows\System\hYwGbYC.exe
  2⤵
  PID:6224
- C:\Windows\System\iywOGWy.exe
  C:\Windows\System\iywOGWy.exe
  2⤵
  PID:5436
- C:\Windows\System\SIZjIcg.exe
  C:\Windows\System\SIZjIcg.exe
  2⤵
  PID:6604
- C:\Windows\System\ydqrDbi.exe
  C:\Windows\System\ydqrDbi.exe
  2⤵
  PID:6700
- C:\Windows\System\mkTplvu.exe
  C:\Windows\System\mkTplvu.exe
  2⤵
  PID:5668
- C:\Windows\System\yCQOvNE.exe
  C:\Windows\System\yCQOvNE.exe
  2⤵
  PID:2440
- C:\Windows\System\XEbOYnx.exe
  C:\Windows\System\XEbOYnx.exe
  2⤵
  PID:4232
- C:\Windows\System\GoWNreG.exe
  C:\Windows\System\GoWNreG.exe
  2⤵
  PID:6852
- C:\Windows\System\rZjraYU.exe
  C:\Windows\System\rZjraYU.exe
  2⤵
  PID:452
- C:\Windows\System\gBFOtrh.exe
  C:\Windows\System\gBFOtrh.exe
  2⤵
  PID:2144
- C:\Windows\System\qwQxLNu.exe
  C:\Windows\System\qwQxLNu.exe
  2⤵
  PID:6980
- C:\Windows\System\lZdbYwy.exe
  C:\Windows\System\lZdbYwy.exe
  2⤵
  PID:6856
- C:\Windows\System\lkvGpip.exe
  C:\Windows\System\lkvGpip.exe
  2⤵
  PID:5824
- C:\Windows\System\lpkrrlR.exe
  C:\Windows\System\lpkrrlR.exe
  2⤵
  PID:3180
- C:\Windows\System\CjZwVws.exe
  C:\Windows\System\CjZwVws.exe
  2⤵
  PID:6608
- C:\Windows\System\VzMdhmm.exe
  C:\Windows\System\VzMdhmm.exe
  2⤵
  PID:3004
- C:\Windows\System\XXELstV.exe
  C:\Windows\System\XXELstV.exe
  2⤵
  PID:2644
- C:\Windows\System\telqreC.exe
  C:\Windows\System\telqreC.exe
  2⤵
  PID:6756
- C:\Windows\System\xHwUdUn.exe
  C:\Windows\System\xHwUdUn.exe
  2⤵
  PID:6776
- C:\Windows\System\VNpSAUA.exe
  C:\Windows\System\VNpSAUA.exe
  2⤵
  PID:4200
- C:\Windows\System\Xiunuix.exe
  C:\Windows\System\Xiunuix.exe
  2⤵
  PID:6996
- C:\Windows\System\pDJivZZ.exe
  C:\Windows\System\pDJivZZ.exe
  2⤵
  PID:1540
- C:\Windows\System\oClAMuV.exe
  C:\Windows\System\oClAMuV.exe
  2⤵
  PID:7112
- C:\Windows\System\PXLzIbL.exe
  C:\Windows\System\PXLzIbL.exe
  2⤵
  PID:1028
- C:\Windows\System\PuKIngk.exe
  C:\Windows\System\PuKIngk.exe
  2⤵
  PID:3376
- C:\Windows\System\thGcFTU.exe
  C:\Windows\System\thGcFTU.exe
  2⤵
  PID:7056
- C:\Windows\System\Mozkfze.exe
  C:\Windows\System\Mozkfze.exe
  2⤵
  PID:7092
- C:\Windows\System\rGoYghP.exe
  C:\Windows\System\rGoYghP.exe
  2⤵
  PID:7128
- C:\Windows\System\otiqsbX.exe
  C:\Windows\System\otiqsbX.exe
  2⤵
  PID:1588
- C:\Windows\System\tzILmCo.exe
  C:\Windows\System\tzILmCo.exe
  2⤵
  PID:3308
- C:\Windows\System\JOOTLbs.exe
  C:\Windows\System\JOOTLbs.exe
  2⤵
  PID:5984
- C:\Windows\System\hCYecny.exe
  C:\Windows\System\hCYecny.exe
  2⤵
  PID:2084
- C:\Windows\System\imVyPfb.exe
  C:\Windows\System\imVyPfb.exe
  2⤵
  PID:6400
- C:\Windows\System\qVmmMDY.exe
  C:\Windows\System\qVmmMDY.exe
  2⤵
  PID:6500
- C:\Windows\System\cLChuUl.exe
  C:\Windows\System\cLChuUl.exe
  2⤵
  PID:3568
- C:\Windows\System\yahqIdh.exe
  C:\Windows\System\yahqIdh.exe
  2⤵
  PID:5616
- C:\Windows\System\tmCiwuK.exe
  C:\Windows\System\tmCiwuK.exe
  2⤵
  PID:5904
- C:\Windows\System\AGUqPfU.exe
  C:\Windows\System\AGUqPfU.exe
  2⤵
  PID:5332
- C:\Windows\System\YzxkZlo.exe
  C:\Windows\System\YzxkZlo.exe
  2⤵
  PID:6244
- C:\Windows\System\RSOWTmf.exe
  C:\Windows\System\RSOWTmf.exe
  2⤵
  PID:5540
- C:\Windows\System\AYYsxRx.exe
  C:\Windows\System\AYYsxRx.exe
  2⤵
  PID:5748
- C:\Windows\System\HKODnJi.exe
  C:\Windows\System\HKODnJi.exe
  2⤵
  PID:776
- C:\Windows\System\QdFKWRS.exe
  C:\Windows\System\QdFKWRS.exe
  2⤵
  PID:1968
- C:\Windows\System\LGFEmcV.exe
  C:\Windows\System\LGFEmcV.exe
  2⤵
  PID:4032
- C:\Windows\System\HShVqJw.exe
  C:\Windows\System\HShVqJw.exe
  2⤵
  PID:3456
- C:\Windows\System\IGrAJrD.exe
  C:\Windows\System\IGrAJrD.exe
  2⤵
  PID:4172
- C:\Windows\System\hJfbwdk.exe
  C:\Windows\System\hJfbwdk.exe
  2⤵
  PID:6112
- C:\Windows\System\SQkIUgd.exe
  C:\Windows\System\SQkIUgd.exe
  2⤵
  PID:4456
- C:\Windows\System\ZEEsbyU.exe
  C:\Windows\System\ZEEsbyU.exe
  2⤵
  PID:4428
- C:\Windows\System\MTZIEwj.exe
  C:\Windows\System\MTZIEwj.exe
  2⤵
  PID:4976
- C:\Windows\System\ZAijpFW.exe
  C:\Windows\System\ZAijpFW.exe
  2⤵
  PID:4944
- C:\Windows\System\mfMaYiu.exe
  C:\Windows\System\mfMaYiu.exe
  2⤵
  PID:5604
- C:\Windows\System\QmeDLys.exe
  C:\Windows\System\QmeDLys.exe
  2⤵
  PID:5224
- C:\Windows\System\ophtYmm.exe
  C:\Windows\System\ophtYmm.exe
  2⤵
  PID:6092
- C:\Windows\System\lxWbSUN.exe
  C:\Windows\System\lxWbSUN.exe
  2⤵
  PID:2152
- C:\Windows\System\TcMVKKP.exe
  C:\Windows\System\TcMVKKP.exe
  2⤵
  PID:4624
- C:\Windows\System\gZVCGHZ.exe
  C:\Windows\System\gZVCGHZ.exe
  2⤵
  PID:5440
- C:\Windows\System\ELQLdBl.exe
  C:\Windows\System\ELQLdBl.exe
  2⤵
  PID:6416
- C:\Windows\System\MAVPKqY.exe
  C:\Windows\System\MAVPKqY.exe
  2⤵
  PID:4156
- C:\Windows\System\jObTMDY.exe
  C:\Windows\System\jObTMDY.exe
  2⤵
  PID:6556
- C:\Windows\System\jXGNIle.exe
  C:\Windows\System\jXGNIle.exe
  2⤵
  PID:2740
- C:\Windows\System\jMVHISC.exe
  C:\Windows\System\jMVHISC.exe
  2⤵
  PID:4296
- C:\Windows\System\zAPMNIZ.exe
  C:\Windows\System\zAPMNIZ.exe
  2⤵
  PID:6164
- C:\Windows\System\gajJiwx.exe
  C:\Windows\System\gajJiwx.exe
  2⤵
  PID:2736
- C:\Windows\System\ICUsCkX.exe
  C:\Windows\System\ICUsCkX.exe
  2⤵
  PID:5760
- C:\Windows\System\YJQVcLa.exe
  C:\Windows\System\YJQVcLa.exe
  2⤵
  PID:4828
- C:\Windows\System\guphmPP.exe
  C:\Windows\System\guphmPP.exe
  2⤵
  PID:6720
- C:\Windows\System\IdLtdnk.exe
  C:\Windows\System\IdLtdnk.exe
  2⤵
  PID:4528
- C:\Windows\System\XUHFzHP.exe
  C:\Windows\System\XUHFzHP.exe
  2⤵
  PID:6900
- C:\Windows\System\CkNIDPA.exe
  C:\Windows\System\CkNIDPA.exe
  2⤵
  PID:1568
- C:\Windows\System\aTEkbMz.exe
  C:\Windows\System\aTEkbMz.exe
  2⤵
  PID:4108
- C:\Windows\System\lqjkXvJ.exe
  C:\Windows\System\lqjkXvJ.exe
  2⤵
  PID:6128
- C:\Windows\System\Tkjwmsr.exe
  C:\Windows\System\Tkjwmsr.exe
  2⤵
  PID:2340
- C:\Windows\System\lhTRjMU.exe
  C:\Windows\System\lhTRjMU.exe
  2⤵
  PID:1828
- C:\Windows\System\oeIxQoP.exe
  C:\Windows\System\oeIxQoP.exe
  2⤵
  PID:2432
- C:\Windows\System\EDONMCn.exe
  C:\Windows\System\EDONMCn.exe
  2⤵
  PID:3628
- C:\Windows\System\vuFVCZC.exe
  C:\Windows\System\vuFVCZC.exe
  2⤵
  PID:7108
- C:\Windows\System\jUDHVTZ.exe
  C:\Windows\System\jUDHVTZ.exe
  2⤵
  PID:5396
- C:\Windows\System\ysfPRjS.exe
  C:\Windows\System\ysfPRjS.exe
  2⤵
  PID:5488
- C:\Windows\System\btRjIqU.exe
  C:\Windows\System\btRjIqU.exe
  2⤵
  PID:2996
- C:\Windows\System\HlMjmwn.exe
  C:\Windows\System\HlMjmwn.exe
  2⤵
  PID:6368
- C:\Windows\System\ljnhswr.exe
  C:\Windows\System\ljnhswr.exe
  2⤵
  PID:2268
- C:\Windows\System\FuWuijY.exe
  C:\Windows\System\FuWuijY.exe
  2⤵
  PID:5844
- C:\Windows\System\VtTguzR.exe
  C:\Windows\System\VtTguzR.exe
  2⤵
  PID:3468
- C:\Windows\System\uLPHtns.exe
  C:\Windows\System\uLPHtns.exe
  2⤵
  PID:5336
- C:\Windows\System\uEfKcea.exe
  C:\Windows\System\uEfKcea.exe
  2⤵
  PID:6540
- C:\Windows\System\BHGjyQc.exe
  C:\Windows\System\BHGjyQc.exe
  2⤵
  PID:3724
- C:\Windows\System\rSUVtIm.exe
  C:\Windows\System\rSUVtIm.exe
  2⤵
  PID:4392
- C:\Windows\System\wAmtJaY.exe
  C:\Windows\System\wAmtJaY.exe
  2⤵
  PID:4816
- C:\Windows\System\ilShniS.exe
  C:\Windows\System\ilShniS.exe
  2⤵
  PID:3792
- C:\Windows\System\dzmsxeu.exe
  C:\Windows\System\dzmsxeu.exe
  2⤵
  PID:5888
- C:\Windows\System\foBkCNF.exe
  C:\Windows\System\foBkCNF.exe
  2⤵
  PID:6788
- C:\Windows\System\jpcEjlF.exe
  C:\Windows\System\jpcEjlF.exe
  2⤵
  PID:4988
- C:\Windows\System\JbtnXTW.exe
  C:\Windows\System\JbtnXTW.exe
  2⤵
  PID:4844
- C:\Windows\System\ImzLfQN.exe
  C:\Windows\System\ImzLfQN.exe
  2⤵
  PID:5008
- C:\Windows\System\bIFerWT.exe
  C:\Windows\System\bIFerWT.exe
  2⤵
  PID:2512
- C:\Windows\System\KOAOtxw.exe
  C:\Windows\System\KOAOtxw.exe
  2⤵
  PID:4608
- C:\Windows\System\aKTMqLN.exe
  C:\Windows\System\aKTMqLN.exe
  2⤵
  PID:2368
- C:\Windows\System\FMccvlS.exe
  C:\Windows\System\FMccvlS.exe
  2⤵
  PID:6688
- C:\Windows\System\qtHVDpO.exe
  C:\Windows\System\qtHVDpO.exe
  2⤵
  PID:2616
- C:\Windows\System\gUWFkxs.exe
  C:\Windows\System\gUWFkxs.exe
  2⤵
  PID:4168
- C:\Windows\System\gVsjAQI.exe
  C:\Windows\System\gVsjAQI.exe
  2⤵
  PID:4540
- C:\Windows\System\McGNLay.exe
  C:\Windows\System\McGNLay.exe
  2⤵
  PID:3280
- C:\Windows\System\YZpOQBV.exe
  C:\Windows\System\YZpOQBV.exe
  2⤵
  PID:1860
- C:\Windows\System\ffBdeCW.exe
  C:\Windows\System\ffBdeCW.exe
  2⤵
  PID:872
- C:\Windows\System\RTiryrQ.exe
  C:\Windows\System\RTiryrQ.exe
  2⤵
  PID:7020
- C:\Windows\System\qAcUhnL.exe
  C:\Windows\System\qAcUhnL.exe
  2⤵
  PID:6176
- C:\Windows\System\aBJNAwq.exe
  C:\Windows\System\aBJNAwq.exe
  2⤵
  PID:6536
- C:\Windows\System\ARRBxVJ.exe
  C:\Windows\System\ARRBxVJ.exe
  2⤵
  PID:4300
- C:\Windows\System\NFPYjiZ.exe
  C:\Windows\System\NFPYjiZ.exe
  2⤵
  PID:5036
- C:\Windows\System\tmJLZdF.exe
  C:\Windows\System\tmJLZdF.exe
  2⤵
  PID:3228
- C:\Windows\System\iIqklYD.exe
  C:\Windows\System\iIqklYD.exe
  2⤵
  PID:5376
- C:\Windows\System\WAjmSfq.exe
  C:\Windows\System\WAjmSfq.exe
  2⤵
  PID:5424
- C:\Windows\System\dvPLYti.exe
  C:\Windows\System\dvPLYti.exe
  2⤵
  PID:4972
- C:\Windows\System\kuxdZJh.exe
  C:\Windows\System\kuxdZJh.exe
  2⤵
  PID:5352
- C:\Windows\System\RjYUOil.exe
  C:\Windows\System\RjYUOil.exe
  2⤵
  PID:2288
- C:\Windows\System\JebXNrR.exe
  C:\Windows\System\JebXNrR.exe
  2⤵
  PID:7040
- C:\Windows\System\GhyPXpg.exe
  C:\Windows\System\GhyPXpg.exe
  2⤵
  PID:7004
- C:\Windows\System\wVEFOOh.exe
  C:\Windows\System\wVEFOOh.exe
  2⤵
  PID:6736
- C:\Windows\System\rYrXYhl.exe
  C:\Windows\System\rYrXYhl.exe
  2⤵
  PID:6468
- C:\Windows\System\TiBkUuG.exe
  C:\Windows\System\TiBkUuG.exe
  2⤵
  PID:5600
- C:\Windows\System\onHZkRC.exe
  C:\Windows\System\onHZkRC.exe
  2⤵
  PID:4780
- C:\Windows\System\mpbldTY.exe
  C:\Windows\System\mpbldTY.exe
  2⤵
  PID:2584
- C:\Windows\System\rFrGkBL.exe
  C:\Windows\System\rFrGkBL.exe
  2⤵
  PID:6336
- C:\Windows\System\CXyNjZr.exe
  C:\Windows\System\CXyNjZr.exe
  2⤵
  PID:6240
- C:\Windows\System\ijbixsq.exe
  C:\Windows\System\ijbixsq.exe
  2⤵
  PID:1688
- C:\Windows\System\twCSRCo.exe
  C:\Windows\System\twCSRCo.exe
  2⤵
  PID:4556
- C:\Windows\System\MKgcwyM.exe
  C:\Windows\System\MKgcwyM.exe
  2⤵
  PID:2980
- C:\Windows\System\trRKKmk.exe
  C:\Windows\System\trRKKmk.exe
  2⤵
  PID:2172
- C:\Windows\System\ZpayBTw.exe
  C:\Windows\System\ZpayBTw.exe
  2⤵
  PID:7184
- C:\Windows\System\bjgkjQv.exe
  C:\Windows\System\bjgkjQv.exe
  2⤵
  PID:7200
- C:\Windows\System\wfWsQgA.exe
  C:\Windows\System\wfWsQgA.exe
  2⤵
  PID:7216
- C:\Windows\System\MEjjBOz.exe
  C:\Windows\System\MEjjBOz.exe
  2⤵
  PID:7232
- C:\Windows\System\XRkWKSt.exe
  C:\Windows\System\XRkWKSt.exe
  2⤵
  PID:7248
- C:\Windows\System\AvtRIRe.exe
  C:\Windows\System\AvtRIRe.exe
  2⤵
  PID:7264
- C:\Windows\System\gpwQAQm.exe
  C:\Windows\System\gpwQAQm.exe
  2⤵
  PID:7280
- C:\Windows\System\wetIbWD.exe
  C:\Windows\System\wetIbWD.exe
  2⤵
  PID:7296
- C:\Windows\System\muWeDMW.exe
  C:\Windows\System\muWeDMW.exe
  2⤵
  PID:7312
- C:\Windows\System\znHVNUM.exe
  C:\Windows\System\znHVNUM.exe
  2⤵
  PID:7328
- C:\Windows\System\boRrHNM.exe
  C:\Windows\System\boRrHNM.exe
  2⤵
  PID:7344
- C:\Windows\System\EmbGZfC.exe
  C:\Windows\System\EmbGZfC.exe
  2⤵
  PID:7360
- C:\Windows\System\DtcrXKi.exe
  C:\Windows\System\DtcrXKi.exe
  2⤵
  PID:7376
- C:\Windows\System\tyrQDke.exe
  C:\Windows\System\tyrQDke.exe
  2⤵
  PID:7392
- C:\Windows\System\pIHaEmQ.exe
  C:\Windows\System\pIHaEmQ.exe
  2⤵
  PID:7408
- C:\Windows\System\KSiXnXJ.exe
  C:\Windows\System\KSiXnXJ.exe
  2⤵
  PID:7424
- C:\Windows\System\wOtiTBn.exe
  C:\Windows\System\wOtiTBn.exe
  2⤵
  PID:7440
- C:\Windows\System\DvzApbu.exe
  C:\Windows\System\DvzApbu.exe
  2⤵
  PID:7456
- C:\Windows\System\TkwZDfv.exe
  C:\Windows\System\TkwZDfv.exe
  2⤵
  PID:7472
- C:\Windows\System\RSUOWDW.exe
  C:\Windows\System\RSUOWDW.exe
  2⤵
  PID:7492
- C:\Windows\System\spffBbc.exe
  C:\Windows\System\spffBbc.exe
  2⤵
  PID:7508
- C:\Windows\System\CpIMeht.exe
  C:\Windows\System\CpIMeht.exe
  2⤵
  PID:7524
- C:\Windows\System\zeCVPck.exe
  C:\Windows\System\zeCVPck.exe
  2⤵
  PID:7540
- C:\Windows\System\eWgWvVk.exe
  C:\Windows\System\eWgWvVk.exe
  2⤵
  PID:7556
- C:\Windows\System\SpXnaQa.exe
  C:\Windows\System\SpXnaQa.exe
  2⤵
  PID:7572
- C:\Windows\System\UqnMOCS.exe
  C:\Windows\System\UqnMOCS.exe
  2⤵
  PID:7588
- C:\Windows\System\ARppfzE.exe
  C:\Windows\System\ARppfzE.exe
  2⤵
  PID:7604
- C:\Windows\System\Vengwjm.exe
  C:\Windows\System\Vengwjm.exe
  2⤵
  PID:7620
- C:\Windows\System\PtkSvmx.exe
  C:\Windows\System\PtkSvmx.exe
  2⤵
  PID:7636
- C:\Windows\System\WnAWMjs.exe
  C:\Windows\System\WnAWMjs.exe
  2⤵
  PID:7652
- C:\Windows\System\pHBccUr.exe
  C:\Windows\System\pHBccUr.exe
  2⤵
  PID:7668
- C:\Windows\System\DFtaiVK.exe
  C:\Windows\System\DFtaiVK.exe
  2⤵
  PID:7684
- C:\Windows\System\JVloRXI.exe
  C:\Windows\System\JVloRXI.exe
  2⤵
  PID:7700
- C:\Windows\System\fxEnQag.exe
  C:\Windows\System\fxEnQag.exe
  2⤵
  PID:7724
- C:\Windows\System\YTcHhnQ.exe
  C:\Windows\System\YTcHhnQ.exe
  2⤵
  PID:7740
- C:\Windows\System\DXPfCct.exe
  C:\Windows\System\DXPfCct.exe
  2⤵
  PID:7756
- C:\Windows\System\aQTzdOh.exe
  C:\Windows\System\aQTzdOh.exe
  2⤵
  PID:7772
- C:\Windows\System\hzAMnyX.exe
  C:\Windows\System\hzAMnyX.exe
  2⤵
  PID:7788
- C:\Windows\System\zUUHmza.exe
  C:\Windows\System\zUUHmza.exe
  2⤵
  PID:7804
- C:\Windows\System\LpFROpd.exe
  C:\Windows\System\LpFROpd.exe
  2⤵
  PID:7820
- C:\Windows\System\BVThbZS.exe
  C:\Windows\System\BVThbZS.exe
  2⤵
  PID:7836
- C:\Windows\System\bfCKkRA.exe
  C:\Windows\System\bfCKkRA.exe
  2⤵
  PID:7852
- C:\Windows\System\jwUlFGc.exe
  C:\Windows\System\jwUlFGc.exe
  2⤵
  PID:7868
- C:\Windows\System\BdSvVNs.exe
  C:\Windows\System\BdSvVNs.exe
  2⤵
  PID:7884
- C:\Windows\System\bGCMchA.exe
  C:\Windows\System\bGCMchA.exe
  2⤵
  PID:7900
- C:\Windows\System\stWSQkR.exe
  C:\Windows\System\stWSQkR.exe
  2⤵
  PID:7916
- C:\Windows\System\yWsbwjt.exe
  C:\Windows\System\yWsbwjt.exe
  2⤵
  PID:7932
- C:\Windows\System\diFsphZ.exe
  C:\Windows\System\diFsphZ.exe
  2⤵
  PID:7948
- C:\Windows\System\GUWTZaP.exe
  C:\Windows\System\GUWTZaP.exe
  2⤵
  PID:7964
- C:\Windows\System\BnvHZZF.exe
  C:\Windows\System\BnvHZZF.exe
  2⤵
  PID:7980
- C:\Windows\System\eGOlDTx.exe
  C:\Windows\System\eGOlDTx.exe
  2⤵
  PID:7996
- C:\Windows\System\ubBpluH.exe
  C:\Windows\System\ubBpluH.exe
  2⤵
  PID:8012
- C:\Windows\System\xfdOGxO.exe
  C:\Windows\System\xfdOGxO.exe
  2⤵
  PID:8028
- C:\Windows\System\aaHscfA.exe
  C:\Windows\System\aaHscfA.exe
  2⤵
  PID:8044
- C:\Windows\System\PhzQnqP.exe
  C:\Windows\System\PhzQnqP.exe
  2⤵
  PID:8060
- C:\Windows\System\YnNdhJF.exe
  C:\Windows\System\YnNdhJF.exe
  2⤵
  PID:8076
- C:\Windows\System\ogqIIdS.exe
  C:\Windows\System\ogqIIdS.exe
  2⤵
  PID:8092
- C:\Windows\System\qqTbImZ.exe
  C:\Windows\System\qqTbImZ.exe
  2⤵
  PID:8108
- C:\Windows\System\JUTUCRG.exe
  C:\Windows\System\JUTUCRG.exe
  2⤵
  PID:8124
- C:\Windows\System\gxyWJob.exe
  C:\Windows\System\gxyWJob.exe
  2⤵
  PID:8140
- C:\Windows\System\DJDWOnc.exe
  C:\Windows\System\DJDWOnc.exe
  2⤵
  PID:8156
- C:\Windows\System\fuKtTDf.exe
  C:\Windows\System\fuKtTDf.exe
  2⤵
  PID:8172
- C:\Windows\System\oEpVssR.exe
  C:\Windows\System\oEpVssR.exe
  2⤵
  PID:8188
- C:\Windows\System\MQuYhsB.exe
  C:\Windows\System\MQuYhsB.exe
  2⤵
  PID:7212
- C:\Windows\System\WPYRued.exe
  C:\Windows\System\WPYRued.exe
  2⤵
  PID:6888
- C:\Windows\System\oDpvnez.exe
  C:\Windows\System\oDpvnez.exe
  2⤵
  PID:1732
- C:\Windows\System\skwTSmT.exe
  C:\Windows\System\skwTSmT.exe
  2⤵
  PID:3088
- C:\Windows\System\FpoICgK.exe
  C:\Windows\System\FpoICgK.exe
  2⤵
  PID:7196
- C:\Windows\System\eVmJVLe.exe
  C:\Windows\System\eVmJVLe.exe
  2⤵
  PID:7256
- C:\Windows\System\ioTnnUF.exe
  C:\Windows\System\ioTnnUF.exe
  2⤵
  PID:7400
- C:\Windows\System\jdCnrrH.exe
  C:\Windows\System\jdCnrrH.exe
  2⤵
  PID:7228
- C:\Windows\System\gcCIrBA.exe
  C:\Windows\System\gcCIrBA.exe
  2⤵
  PID:7468
- C:\Windows\System\PxZlJHH.exe
  C:\Windows\System\PxZlJHH.exe
  2⤵
  PID:7384
- C:\Windows\System\JXYRyee.exe
  C:\Windows\System\JXYRyee.exe
  2⤵
  PID:7564
- C:\Windows\System\ZUzmyFG.exe
  C:\Windows\System\ZUzmyFG.exe
  2⤵
  PID:7596
- C:\Windows\System\pfiRSIs.exe
  C:\Windows\System\pfiRSIs.exe
  2⤵
  PID:7552
- C:\Windows\System\waQwUTc.exe
  C:\Windows\System\waQwUTc.exe
  2⤵
  PID:7356
- C:\Windows\System\AWDYvVF.exe
  C:\Windows\System\AWDYvVF.exe
  2⤵
  PID:7648
- C:\Windows\System\HUBfOhW.exe
  C:\Windows\System\HUBfOhW.exe
  2⤵
  PID:7488
- C:\Windows\System\xSfHMMs.exe
  C:\Windows\System\xSfHMMs.exe
  2⤵
  PID:7584
- C:\Windows\System\XqENrxG.exe
  C:\Windows\System\XqENrxG.exe
  2⤵
  PID:7696
- C:\Windows\System\DcqCBMY.exe
  C:\Windows\System\DcqCBMY.exe
  2⤵
  PID:7716
- C:\Windows\System\mTgXcRh.exe
  C:\Windows\System\mTgXcRh.exe
  2⤵
  PID:7764
- C:\Windows\System\YeafRWu.exe
  C:\Windows\System\YeafRWu.exe
  2⤵
  PID:7828
- C:\Windows\System\AxFUKiC.exe
  C:\Windows\System\AxFUKiC.exe
  2⤵
  PID:7864
- C:\Windows\System\ipjSHyq.exe
  C:\Windows\System\ipjSHyq.exe
  2⤵
  PID:7928
- C:\Windows\System\HkEfszR.exe
  C:\Windows\System\HkEfszR.exe
  2⤵
  PID:7988
- C:\Windows\System\uuEkQqd.exe
  C:\Windows\System\uuEkQqd.exe
  2⤵
  PID:7816
- C:\Windows\System\hfgHztS.exe
  C:\Windows\System\hfgHztS.exe
  2⤵
  PID:7876
- C:\Windows\System\poPQSwb.exe
  C:\Windows\System\poPQSwb.exe
  2⤵
  PID:7940
- C:\Windows\System\PtMVrRv.exe
  C:\Windows\System\PtMVrRv.exe
  2⤵
  PID:8004
- C:\Windows\System\CEKaSUt.exe
  C:\Windows\System\CEKaSUt.exe
  2⤵
  PID:8056
- C:\Windows\System\nnBlMxF.exe
  C:\Windows\System\nnBlMxF.exe
  2⤵
  PID:8116
- C:\Windows\System\kiWrPKl.exe
  C:\Windows\System\kiWrPKl.exe
  2⤵
  PID:8072
- C:\Windows\System\GoXMzmV.exe
  C:\Windows\System\GoXMzmV.exe
  2⤵
  PID:8040
- C:\Windows\System\afJSzrU.exe
  C:\Windows\System\afJSzrU.exe
  2⤵
  PID:8164
- C:\Windows\System\UlzSplj.exe
  C:\Windows\System\UlzSplj.exe
  2⤵
  PID:7180
- C:\Windows\System\vQDSEYj.exe
  C:\Windows\System\vQDSEYj.exe
  2⤵
  PID:1916
- C:\Windows\System\swfGjWy.exe
  C:\Windows\System\swfGjWy.exe
  2⤵
  PID:7224
- C:\Windows\System\BbAKdqF.exe
  C:\Windows\System\BbAKdqF.exe
  2⤵
  PID:7288
- C:\Windows\System\yeYcZBr.exe
  C:\Windows\System\yeYcZBr.exe
  2⤵
  PID:7192
- C:\Windows\System\NDaJgqn.exe
  C:\Windows\System\NDaJgqn.exe
  2⤵
  PID:7464
- C:\Windows\System\VdZTmMR.exe
  C:\Windows\System\VdZTmMR.exe
  2⤵
  PID:7628
- C:\Windows\System\qyouWkc.exe
  C:\Windows\System\qyouWkc.exe
  2⤵
  PID:7692
- C:\Windows\System\iQEJpaB.exe
  C:\Windows\System\iQEJpaB.exe
  2⤵
  PID:7452
- C:\Windows\System\JIvIzRW.exe
  C:\Windows\System\JIvIzRW.exe
  2⤵
  PID:7752
- C:\Windows\System\pdtuNEy.exe
  C:\Windows\System\pdtuNEy.exe
  2⤵
  PID:7580
- C:\Windows\System\SXfLGne.exe
  C:\Windows\System\SXfLGne.exe
  2⤵
  PID:7800
- C:\Windows\System\TGvpqWw.exe
  C:\Windows\System\TGvpqWw.exe
  2⤵
  PID:7748
- C:\Windows\System\qdBSYnb.exe
  C:\Windows\System\qdBSYnb.exe
  2⤵
  PID:7992
- C:\Windows\System\hkaoBuN.exe
  C:\Windows\System\hkaoBuN.exe
  2⤵
  PID:8036
- C:\Windows\System\iEBToFc.exe
  C:\Windows\System\iEBToFc.exe
  2⤵
  PID:3000
- C:\Windows\System\zTNhERL.exe
  C:\Windows\System\zTNhERL.exe
  2⤵
  PID:7480
- C:\Windows\System\QbXRsLS.exe
  C:\Windows\System\QbXRsLS.exe
  2⤵
  PID:7448
- C:\Windows\System\MQbzUdl.exe
  C:\Windows\System\MQbzUdl.exe
  2⤵
  PID:8088
- C:\Windows\System\jRolzVd.exe
  C:\Windows\System\jRolzVd.exe
  2⤵
  PID:7532
- C:\Windows\System\GwPQYSc.exe
  C:\Windows\System\GwPQYSc.exe
  2⤵
  PID:7796
- C:\Windows\System\MsKqUXO.exe
  C:\Windows\System\MsKqUXO.exe
  2⤵
  PID:8052
- C:\Windows\System\rLQodHL.exe
  C:\Windows\System\rLQodHL.exe
  2⤵
  PID:7924
- C:\Windows\System\LvzraGY.exe
  C:\Windows\System\LvzraGY.exe
  2⤵
  PID:7972
- C:\Windows\System\baVeGsZ.exe
  C:\Windows\System\baVeGsZ.exe
  2⤵
  PID:7404
- C:\Windows\System\bdGGSae.exe
  C:\Windows\System\bdGGSae.exe
  2⤵
  PID:7304
- C:\Windows\System\lJQjJqt.exe
  C:\Windows\System\lJQjJqt.exe
  2⤵
  PID:7860
- C:\Windows\System\dHUlwiG.exe
  C:\Windows\System\dHUlwiG.exe
  2⤵
  PID:7784
- C:\Windows\System\maOJyMe.exe
  C:\Windows\System\maOJyMe.exe
  2⤵
  PID:8204
- C:\Windows\System\kZqTfro.exe
  C:\Windows\System\kZqTfro.exe
  2⤵
  PID:8220
- C:\Windows\System\Hbrwlhk.exe
  C:\Windows\System\Hbrwlhk.exe
  2⤵
  PID:8236
- C:\Windows\System\AfxLjQo.exe
  C:\Windows\System\AfxLjQo.exe
  2⤵
  PID:8252
- C:\Windows\System\bNyyqkZ.exe
  C:\Windows\System\bNyyqkZ.exe
  2⤵
  PID:8268
- C:\Windows\System\batyLpw.exe
  C:\Windows\System\batyLpw.exe
  2⤵
  PID:8288
- C:\Windows\System\jxBycOA.exe
  C:\Windows\System\jxBycOA.exe
  2⤵
  PID:8304
- C:\Windows\System\dMKCEKD.exe
  C:\Windows\System\dMKCEKD.exe
  2⤵
  PID:8320
- C:\Windows\System\yJqADwI.exe
  C:\Windows\System\yJqADwI.exe
  2⤵
  PID:8336
- C:\Windows\System\AqZXrzO.exe
  C:\Windows\System\AqZXrzO.exe
  2⤵
  PID:8352
- C:\Windows\System\unpzwCd.exe
  C:\Windows\System\unpzwCd.exe
  2⤵
  PID:8368
- C:\Windows\System\RIqVHVh.exe
  C:\Windows\System\RIqVHVh.exe
  2⤵
  PID:8384
- C:\Windows\System\TodqMyS.exe
  C:\Windows\System\TodqMyS.exe
  2⤵
  PID:8400
- C:\Windows\System\zaTafYB.exe
  C:\Windows\System\zaTafYB.exe
  2⤵
  PID:8416
- C:\Windows\System\kLQdUSF.exe
  C:\Windows\System\kLQdUSF.exe
  2⤵
  PID:8432
- C:\Windows\System\xVNmVQR.exe
  C:\Windows\System\xVNmVQR.exe
  2⤵
  PID:8448
- C:\Windows\System\LWnwZom.exe
  C:\Windows\System\LWnwZom.exe
  2⤵
  PID:8464
- C:\Windows\System\uaYtshb.exe
  C:\Windows\System\uaYtshb.exe
  2⤵
  PID:8480
- C:\Windows\System\ANYnleQ.exe
  C:\Windows\System\ANYnleQ.exe
  2⤵
  PID:8496
- C:\Windows\System\HljDFaw.exe
  C:\Windows\System\HljDFaw.exe
  2⤵
  PID:8512
- C:\Windows\System\uvQfpEL.exe
  C:\Windows\System\uvQfpEL.exe
  2⤵
  PID:8528
- C:\Windows\System\EgkUwij.exe
  C:\Windows\System\EgkUwij.exe
  2⤵
  PID:8544
- C:\Windows\System\vAydtYf.exe
  C:\Windows\System\vAydtYf.exe
  2⤵
  PID:8560
- C:\Windows\System\mflSuEw.exe
  C:\Windows\System\mflSuEw.exe
  2⤵
  PID:8576
- C:\Windows\System\qsPoKqF.exe
  C:\Windows\System\qsPoKqF.exe
  2⤵
  PID:8592
- C:\Windows\System\NGnzdRY.exe
  C:\Windows\System\NGnzdRY.exe
  2⤵
  PID:8608
- C:\Windows\System\iajfeOQ.exe
  C:\Windows\System\iajfeOQ.exe
  2⤵
  PID:8624
- C:\Windows\System\PVwCgvu.exe
  C:\Windows\System\PVwCgvu.exe
  2⤵
  PID:8640
- C:\Windows\System\BqqyeFf.exe
  C:\Windows\System\BqqyeFf.exe
  2⤵
  PID:8656
- C:\Windows\System\TpNBvGJ.exe
  C:\Windows\System\TpNBvGJ.exe
  2⤵
  PID:8672
- C:\Windows\System\HIJWUFv.exe
  C:\Windows\System\HIJWUFv.exe
  2⤵
  PID:8688
- C:\Windows\System\srFvGAD.exe
  C:\Windows\System\srFvGAD.exe
  2⤵
  PID:8704
- C:\Windows\System\cgqdQqN.exe
  C:\Windows\System\cgqdQqN.exe
  2⤵
  PID:8720
- C:\Windows\System\ptlqorK.exe
  C:\Windows\System\ptlqorK.exe
  2⤵
  PID:8736
- C:\Windows\System\bFNWXqG.exe
  C:\Windows\System\bFNWXqG.exe
  2⤵
  PID:8752
- C:\Windows\System\jwHqPhS.exe
  C:\Windows\System\jwHqPhS.exe
  2⤵
  PID:8768
- C:\Windows\System\KLmewnA.exe
  C:\Windows\System\KLmewnA.exe
  2⤵
  PID:8784
- C:\Windows\System\pnBBIsq.exe
  C:\Windows\System\pnBBIsq.exe
  2⤵
  PID:8800
- C:\Windows\System\WMBtcil.exe
  C:\Windows\System\WMBtcil.exe
  2⤵
  PID:8816
- C:\Windows\System\PUuoenb.exe
  C:\Windows\System\PUuoenb.exe
  2⤵
  PID:8832
- C:\Windows\System\vuUFRht.exe
  C:\Windows\System\vuUFRht.exe
  2⤵
  PID:8848
- C:\Windows\System\MEItDkZ.exe
  C:\Windows\System\MEItDkZ.exe
  2⤵
  PID:8864
- C:\Windows\System\wPCoTUf.exe
  C:\Windows\System\wPCoTUf.exe
  2⤵
  PID:8880
- C:\Windows\System\tOsmmBH.exe
  C:\Windows\System\tOsmmBH.exe
  2⤵
  PID:8896
- C:\Windows\System\yEjfCig.exe
  C:\Windows\System\yEjfCig.exe
  2⤵
  PID:8912
- C:\Windows\System\QFqHpiR.exe
  C:\Windows\System\QFqHpiR.exe
  2⤵
  PID:8928
- C:\Windows\System\Jqpuqca.exe
  C:\Windows\System\Jqpuqca.exe
  2⤵
  PID:8944
- C:\Windows\System\itdBmRH.exe
  C:\Windows\System\itdBmRH.exe
  2⤵
  PID:8960
- C:\Windows\System\BazlWMx.exe
  C:\Windows\System\BazlWMx.exe
  2⤵
  PID:8976
- C:\Windows\System\IpIpCYo.exe
  C:\Windows\System\IpIpCYo.exe
  2⤵
  PID:8992
- C:\Windows\System\kwmyTHX.exe
  C:\Windows\System\kwmyTHX.exe
  2⤵
  PID:9008
- C:\Windows\System\YJktCtb.exe
  C:\Windows\System\YJktCtb.exe
  2⤵
  PID:9024
- C:\Windows\System\PShadIm.exe
  C:\Windows\System\PShadIm.exe
  2⤵
  PID:9040
- C:\Windows\System\ITjTDCP.exe
  C:\Windows\System\ITjTDCP.exe
  2⤵
  PID:9056
- C:\Windows\System\IJeNIwm.exe
  C:\Windows\System\IJeNIwm.exe
  2⤵
  PID:9072
- C:\Windows\System\rZDDyLV.exe
  C:\Windows\System\rZDDyLV.exe
  2⤵
  PID:9088
- C:\Windows\System\JFobqxU.exe
  C:\Windows\System\JFobqxU.exe
  2⤵
  PID:9104
- C:\Windows\System\VvayOCy.exe
  C:\Windows\System\VvayOCy.exe
  2⤵
  PID:9120
- C:\Windows\System\ySJxkXp.exe
  C:\Windows\System\ySJxkXp.exe
  2⤵
  PID:9136
- C:\Windows\System\rarMfMz.exe
  C:\Windows\System\rarMfMz.exe
  2⤵
  PID:9152
- C:\Windows\System\WyadqJe.exe
  C:\Windows\System\WyadqJe.exe
  2⤵
  PID:9168
- C:\Windows\System\WsgYIwA.exe
  C:\Windows\System\WsgYIwA.exe
  2⤵
  PID:9184
- C:\Windows\System\iqhCzsp.exe
  C:\Windows\System\iqhCzsp.exe
  2⤵
  PID:9200
- C:\Windows\System\OnebZMj.exe
  C:\Windows\System\OnebZMj.exe
  2⤵
  PID:7676
- C:\Windows\System\qbQVZZE.exe
  C:\Windows\System\qbQVZZE.exe
  2⤵
  PID:6740
- C:\Windows\System\tZPnxeD.exe
  C:\Windows\System\tZPnxeD.exe
  2⤵
  PID:7736
- C:\Windows\System\GHVBcBe.exe
  C:\Windows\System\GHVBcBe.exe
  2⤵
  PID:8184
- C:\Windows\System\VKTVGFn.exe
  C:\Windows\System\VKTVGFn.exe
  2⤵
  PID:8232
- C:\Windows\System\LBxFvGv.exe
  C:\Windows\System\LBxFvGv.exe
  2⤵
  PID:8248
- C:\Windows\System\Hgwmjlh.exe
  C:\Windows\System\Hgwmjlh.exe
  2⤵
  PID:8296
- C:\Windows\System\jFkRpWV.exe
  C:\Windows\System\jFkRpWV.exe
  2⤵
  PID:8316
- C:\Windows\System\NwAjDiC.exe
  C:\Windows\System\NwAjDiC.exe
  2⤵
  PID:8344
- C:\Windows\System\YXqjRry.exe
  C:\Windows\System\YXqjRry.exe
  2⤵
  PID:8380
- C:\Windows\System\FekqpVy.exe
  C:\Windows\System\FekqpVy.exe
  2⤵
  PID:7320
- C:\Windows\System\wFcWWDC.exe
  C:\Windows\System\wFcWWDC.exe
  2⤵
  PID:8460
- C:\Windows\System\nAAaCqK.exe
  C:\Windows\System\nAAaCqK.exe
  2⤵
  PID:8524
- C:\Windows\System\blZdBrM.exe
  C:\Windows\System\blZdBrM.exe
  2⤵
  PID:8588
- C:\Windows\System\stqynXw.exe
  C:\Windows\System\stqynXw.exe
  2⤵
  PID:8648
- C:\Windows\System\dGDbuRM.exe
  C:\Windows\System\dGDbuRM.exe
  2⤵
  PID:8536
- C:\Windows\System\tMOxZDR.exe
  C:\Windows\System\tMOxZDR.exe
  2⤵
  PID:8504
- C:\Windows\System\wloVGXl.exe
  C:\Windows\System\wloVGXl.exe
  2⤵
  PID:8716
- C:\Windows\System\gLhpvcL.exe
  C:\Windows\System\gLhpvcL.exe
  2⤵
  PID:8600
- C:\Windows\System\JErpjjb.exe
  C:\Windows\System\JErpjjb.exe
  2⤵
  PID:8728
- C:\Windows\System\SHdUdWQ.exe
  C:\Windows\System\SHdUdWQ.exe
  2⤵
  PID:8812
- C:\Windows\System\MlIXQKH.exe
  C:\Windows\System\MlIXQKH.exe
  2⤵
  PID:8840
- C:\Windows\System\LDcOLSa.exe
  C:\Windows\System\LDcOLSa.exe
  2⤵
  PID:8700
- C:\Windows\System\uJbvtrO.exe
  C:\Windows\System\uJbvtrO.exe
  2⤵
  PID:8764
- C:\Windows\System\gNVrYVO.exe
  C:\Windows\System\gNVrYVO.exe
  2⤵
  PID:8824
- C:\Windows\System\RzytSHg.exe
  C:\Windows\System\RzytSHg.exe
  2⤵
  PID:8828
- C:\Windows\System\MnTeZYG.exe
  C:\Windows\System\MnTeZYG.exe
  2⤵
  PID:8856
- C:\Windows\System\pqexWXm.exe
  C:\Windows\System\pqexWXm.exe
  2⤵
  PID:8892
- C:\Windows\System\CQertBE.exe
  C:\Windows\System\CQertBE.exe
  2⤵
  PID:9004
- C:\Windows\System\vaAzSEk.exe
  C:\Windows\System\vaAzSEk.exe
  2⤵
  PID:9036
- C:\Windows\System\LRudbyj.exe
  C:\Windows\System\LRudbyj.exe
  2⤵
  PID:9096
- C:\Windows\System\JSprQxo.exe
  C:\Windows\System\JSprQxo.exe
  2⤵
  PID:9160
- C:\Windows\System\hEKWIbX.exe
  C:\Windows\System\hEKWIbX.exe
  2⤵
  PID:9052
- C:\Windows\System\jjBcjsy.exe
  C:\Windows\System\jjBcjsy.exe
  2⤵
  PID:9080
- C:\Windows\System\WaxHaoR.exe
  C:\Windows\System\WaxHaoR.exe
  2⤵
  PID:9116
- C:\Windows\System\MMoGwKe.exe
  C:\Windows\System\MMoGwKe.exe
  2⤵
  PID:9208
- C:\Windows\System\mQkfTMy.exe
  C:\Windows\System\mQkfTMy.exe
  2⤵
  PID:8136
- C:\Windows\System\YdVYPob.exe
  C:\Windows\System\YdVYPob.exe
  2⤵
  PID:8328
- C:\Windows\System\wZREUUR.exe
  C:\Windows\System\wZREUUR.exe
  2⤵
  PID:8428
- C:\Windows\System\hrFcWjQ.exe
  C:\Windows\System\hrFcWjQ.exe
  2⤵
  PID:8284
- C:\Windows\System\hbNLQDw.exe
  C:\Windows\System\hbNLQDw.exe
  2⤵
  PID:8572
- C:\Windows\System\WmXONaj.exe
  C:\Windows\System\WmXONaj.exe
  2⤵
  PID:8604
- C:\Windows\System\DeoWYym.exe
  C:\Windows\System\DeoWYym.exe
  2⤵
  PID:8936
- C:\Windows\System\BizAXkw.exe
  C:\Windows\System\BizAXkw.exe
  2⤵
  PID:8520
- C:\Windows\System\zSMHBXb.exe
  C:\Windows\System\zSMHBXb.exe
  2⤵
  PID:8276
- C:\Windows\System\idNHbtJ.exe
  C:\Windows\System\idNHbtJ.exe
  2⤵
  PID:8440
- C:\Windows\System\VJDNbgF.exe
  C:\Windows\System\VJDNbgF.exe
  2⤵
  PID:8748
- C:\Windows\System\XKzvhFZ.exe
  C:\Windows\System\XKzvhFZ.exe
  2⤵
  PID:8876
- C:\Windows\System\ChnpWee.exe
  C:\Windows\System\ChnpWee.exe
  2⤵
  PID:8956
- C:\Windows\System\Qsmivji.exe
  C:\Windows\System\Qsmivji.exe
  2⤵
  PID:8888
- C:\Windows\System\qLHlidg.exe
  C:\Windows\System\qLHlidg.exe
  2⤵
  PID:9068
- C:\Windows\System\SpanjjY.exe
  C:\Windows\System\SpanjjY.exe
  2⤵
  PID:9180
- C:\Windows\System\kpuTYjM.exe
  C:\Windows\System\kpuTYjM.exe
  2⤵
  PID:8244
- C:\Windows\System\nXmJPKv.exe
  C:\Windows\System\nXmJPKv.exe
  2⤵
  PID:8780
- C:\Windows\System\pFIFmuR.exe
  C:\Windows\System\pFIFmuR.exe
  2⤵
  PID:8492
- C:\Windows\System\plITwRc.exe
  C:\Windows\System\plITwRc.exe
  2⤵
  PID:8924
- C:\Windows\System\SdLXrUj.exe
  C:\Windows\System\SdLXrUj.exe
  2⤵
  PID:9112
- C:\Windows\System\VRXywcc.exe
  C:\Windows\System\VRXywcc.exe
  2⤵
  PID:8392
- C:\Windows\System\KTiMNUk.exe
  C:\Windows\System\KTiMNUk.exe
  2⤵
  PID:8472
- C:\Windows\System\gifwQCf.exe
  C:\Windows\System\gifwQCf.exe
  2⤵
  PID:8476
- C:\Windows\System\dUrGzXU.exe
  C:\Windows\System\dUrGzXU.exe
  2⤵
  PID:8444
- C:\Windows\System\VKDPHOy.exe
  C:\Windows\System\VKDPHOy.exe
  2⤵
  PID:9048
- C:\Windows\System\XRkDiSj.exe
  C:\Windows\System\XRkDiSj.exe
  2⤵
  PID:8668
- C:\Windows\System\RxMBRLO.exe
  C:\Windows\System\RxMBRLO.exe
  2⤵
  PID:9224
- C:\Windows\System\rIUzDUX.exe
  C:\Windows\System\rIUzDUX.exe
  2⤵
  PID:9240
- C:\Windows\System\fqQkRjE.exe
  C:\Windows\System\fqQkRjE.exe
  2⤵
  PID:9256
- C:\Windows\System\yyVhQlu.exe
  C:\Windows\System\yyVhQlu.exe
  2⤵
  PID:9272
- C:\Windows\System\sEspYtP.exe
  C:\Windows\System\sEspYtP.exe
  2⤵
  PID:9292
- C:\Windows\System\kfrorHS.exe
  C:\Windows\System\kfrorHS.exe
  2⤵
  PID:9308
- C:\Windows\System\bmZCtSM.exe
  C:\Windows\System\bmZCtSM.exe
  2⤵
  PID:9324
- C:\Windows\System\xhaRLyj.exe
  C:\Windows\System\xhaRLyj.exe
  2⤵
  PID:9340
- C:\Windows\System\VAyYyIP.exe
  C:\Windows\System\VAyYyIP.exe
  2⤵
  PID:9356
- C:\Windows\System\YVndBCh.exe
  C:\Windows\System\YVndBCh.exe
  2⤵
  PID:9376
- C:\Windows\System\cZnqazN.exe
  C:\Windows\System\cZnqazN.exe
  2⤵
  PID:9392
- C:\Windows\System\ajwvkyE.exe
  C:\Windows\System\ajwvkyE.exe
  2⤵
  PID:9408
- C:\Windows\System\JlwbSMq.exe
  C:\Windows\System\JlwbSMq.exe
  2⤵
  PID:9424
- C:\Windows\System\oDtWFtZ.exe
  C:\Windows\System\oDtWFtZ.exe
  2⤵
  PID:9448
- C:\Windows\System\DHmmcYM.exe
  C:\Windows\System\DHmmcYM.exe
  2⤵
  PID:9464
- C:\Windows\System\OqbHWgA.exe
  C:\Windows\System\OqbHWgA.exe
  2⤵
  PID:9480
- C:\Windows\System\TzJCIcE.exe
  C:\Windows\System\TzJCIcE.exe
  2⤵
  PID:9496
- C:\Windows\System\VASiGOY.exe
  C:\Windows\System\VASiGOY.exe
  2⤵
  PID:9512
- C:\Windows\System\mLUmiGQ.exe
  C:\Windows\System\mLUmiGQ.exe
  2⤵
  PID:9528
- C:\Windows\System\OqfGnvK.exe
  C:\Windows\System\OqfGnvK.exe
  2⤵
  PID:9544
- C:\Windows\System\FXIdqPi.exe
  C:\Windows\System\FXIdqPi.exe
  2⤵
  PID:9560
- C:\Windows\System\nxiUQSg.exe
  C:\Windows\System\nxiUQSg.exe
  2⤵
  PID:9576
- C:\Windows\System\ecRxdbp.exe
  C:\Windows\System\ecRxdbp.exe
  2⤵
  PID:9592
- C:\Windows\System\PRzsJmO.exe
  C:\Windows\System\PRzsJmO.exe
  2⤵
  PID:9608
- C:\Windows\System\uoiSZkW.exe
  C:\Windows\System\uoiSZkW.exe
  2⤵
  PID:9624
- C:\Windows\System\RoxqHqS.exe
  C:\Windows\System\RoxqHqS.exe
  2⤵
  PID:9640
- C:\Windows\System\PIpmtBx.exe
  C:\Windows\System\PIpmtBx.exe
  2⤵
  PID:9656
- C:\Windows\System\jKAArSW.exe
  C:\Windows\System\jKAArSW.exe
  2⤵
  PID:9672
- C:\Windows\System\gDKeXwH.exe
  C:\Windows\System\gDKeXwH.exe
  2⤵
  PID:9688
- C:\Windows\System\rNeRZVu.exe
  C:\Windows\System\rNeRZVu.exe
  2⤵
  PID:9704
- C:\Windows\System\mTEKofP.exe
  C:\Windows\System\mTEKofP.exe
  2⤵
  PID:9720
- C:\Windows\System\YEyKWHy.exe
  C:\Windows\System\YEyKWHy.exe
  2⤵
  PID:9736
- C:\Windows\System\xkncvfR.exe
  C:\Windows\System\xkncvfR.exe
  2⤵
  PID:9752
- C:\Windows\System\OJeubpi.exe
  C:\Windows\System\OJeubpi.exe
  2⤵
  PID:9768
- C:\Windows\System\vGKwCbU.exe
  C:\Windows\System\vGKwCbU.exe
  2⤵
  PID:9788
- C:\Windows\System\GwxqSwG.exe
  C:\Windows\System\GwxqSwG.exe
  2⤵
  PID:9804
- C:\Windows\System\wsndXJg.exe
  C:\Windows\System\wsndXJg.exe
  2⤵
  PID:9820
- C:\Windows\System\WfsDPNx.exe
  C:\Windows\System\WfsDPNx.exe
  2⤵
  PID:9836
- C:\Windows\System\KdBgFYF.exe
  C:\Windows\System\KdBgFYF.exe
  2⤵
  PID:9852
- C:\Windows\System\FaDkbyO.exe
  C:\Windows\System\FaDkbyO.exe
  2⤵
  PID:9868
- C:\Windows\System\RSkIixc.exe
  C:\Windows\System\RSkIixc.exe
  2⤵
  PID:9884
- C:\Windows\System\vSsNUfw.exe
  C:\Windows\System\vSsNUfw.exe
  2⤵
  PID:9900
- C:\Windows\System\ChgjBFv.exe
  C:\Windows\System\ChgjBFv.exe
  2⤵
  PID:9916
- C:\Windows\System\upsmuCq.exe
  C:\Windows\System\upsmuCq.exe
  2⤵
  PID:9932
- C:\Windows\System\PCJqHaj.exe
  C:\Windows\System\PCJqHaj.exe
  2⤵
  PID:9948
- C:\Windows\System\OAiQoBE.exe
  C:\Windows\System\OAiQoBE.exe
  2⤵
  PID:9964
- C:\Windows\System\Vnhyzvd.exe
  C:\Windows\System\Vnhyzvd.exe
  2⤵
  PID:9980
- C:\Windows\System\sUMQYXF.exe
  C:\Windows\System\sUMQYXF.exe
  2⤵
  PID:9996
- C:\Windows\System\WRAkhTC.exe
  C:\Windows\System\WRAkhTC.exe
  2⤵
  PID:10012
- C:\Windows\System\qiuQpWf.exe
  C:\Windows\System\qiuQpWf.exe
  2⤵
  PID:10028
- C:\Windows\System\deHDXsr.exe
  C:\Windows\System\deHDXsr.exe
  2⤵
  PID:10044
- C:\Windows\System\AmcYTdy.exe
  C:\Windows\System\AmcYTdy.exe
  2⤵
  PID:10060
- C:\Windows\System\QryWRLE.exe
  C:\Windows\System\QryWRLE.exe
  2⤵
  PID:10076
- C:\Windows\System\BcWCWyF.exe
  C:\Windows\System\BcWCWyF.exe
  2⤵
  PID:10092
- C:\Windows\System\zsHOrLP.exe
  C:\Windows\System\zsHOrLP.exe
  2⤵
  PID:10108
- C:\Windows\System\kzdMIDT.exe
  C:\Windows\System\kzdMIDT.exe
  2⤵
  PID:10124
- C:\Windows\System\kYhCsaq.exe
  C:\Windows\System\kYhCsaq.exe
  2⤵
  PID:10140
- C:\Windows\System\RDzVFAB.exe
  C:\Windows\System\RDzVFAB.exe
  2⤵
  PID:10156
- C:\Windows\System\nwtltpk.exe
  C:\Windows\System\nwtltpk.exe
  2⤵
  PID:10172
- C:\Windows\System\vhXNpiu.exe
  C:\Windows\System\vhXNpiu.exe
  2⤵
  PID:10188
- C:\Windows\System\vwpiGcW.exe
  C:\Windows\System\vwpiGcW.exe
  2⤵
  PID:10204
- C:\Windows\System\EhIQLPB.exe
  C:\Windows\System\EhIQLPB.exe
  2⤵
  PID:10220
- C:\Windows\System\fgEXyyc.exe
  C:\Windows\System\fgEXyyc.exe
  2⤵
  PID:10236
- C:\Windows\System\xmbajxS.exe
  C:\Windows\System\xmbajxS.exe
  2⤵
  PID:9128
- C:\Windows\System\ismQqEQ.exe
  C:\Windows\System\ismQqEQ.exe
  2⤵
  PID:9280
- C:\Windows\System\UeQRzwx.exe
  C:\Windows\System\UeQRzwx.exe
  2⤵
  PID:9016
- C:\Windows\System\vVTMkff.exe
  C:\Windows\System\vVTMkff.exe
  2⤵
  PID:9236
- C:\Windows\System\aZUmYSi.exe
  C:\Windows\System\aZUmYSi.exe
  2⤵
  PID:7732
- C:\Windows\System\yOUCKXD.exe
  C:\Windows\System\yOUCKXD.exe
  2⤵
  PID:1000
- C:\Windows\System\tIqiNGD.exe
  C:\Windows\System\tIqiNGD.exe
  2⤵
  PID:9348
- C:\Windows\System\ikVmSyn.exe
  C:\Windows\System\ikVmSyn.exe
  2⤵
  PID:9416
- C:\Windows\System\dyacywZ.exe
  C:\Windows\System\dyacywZ.exe
  2⤵
  PID:9460
- C:\Windows\System\lKizbfB.exe
  C:\Windows\System\lKizbfB.exe
  2⤵
  PID:9552
- C:\Windows\System\gvXuQlK.exe
  C:\Windows\System\gvXuQlK.exe
  2⤵
  PID:9472
- C:\Windows\System\FFIlMMt.exe
  C:\Windows\System\FFIlMMt.exe
  2⤵
  PID:9584
- C:\Windows\System\HkAthOB.exe
  C:\Windows\System\HkAthOB.exe
  2⤵
  PID:9504
- C:\Windows\System\TNAeDIV.exe
  C:\Windows\System\TNAeDIV.exe
  2⤵
  PID:9588
- C:\Windows\System\pdITcgo.exe
  C:\Windows\System\pdITcgo.exe
  2⤵
  PID:9568
- C:\Windows\System\OKMmAUX.exe
  C:\Windows\System\OKMmAUX.exe
  2⤵
  PID:9620
- C:\Windows\System\RTOAFGY.exe
  C:\Windows\System\RTOAFGY.exe
  2⤵
  PID:9680
- C:\Windows\System\TQWFZxV.exe
  C:\Windows\System\TQWFZxV.exe
  2⤵
  PID:9636
- C:\Windows\System\hKUJynR.exe
  C:\Windows\System\hKUJynR.exe
  2⤵
  PID:9604
- C:\Windows\System\VBXGebQ.exe
  C:\Windows\System\VBXGebQ.exe
  2⤵
  PID:9632
- C:\Windows\System\vtxmFYs.exe
  C:\Windows\System\vtxmFYs.exe
  2⤵
  PID:9828
- C:\Windows\System\FYZraWz.exe
  C:\Windows\System\FYZraWz.exe
  2⤵
  PID:9728
- C:\Windows\System\lumxUPC.exe
  C:\Windows\System\lumxUPC.exe
  2⤵
  PID:9800
- C:\Windows\System\jcbkUkC.exe
  C:\Windows\System\jcbkUkC.exe
  2⤵
  PID:9880
- C:\Windows\System\xHpHTsb.exe
  C:\Windows\System\xHpHTsb.exe
  2⤵
  PID:9908
- C:\Windows\System\grwAkST.exe
  C:\Windows\System\grwAkST.exe
  2⤵
  PID:9972
- C:\Windows\System\qchQNSw.exe
  C:\Windows\System\qchQNSw.exe
  2⤵
  PID:9956
- C:\Windows\System\RsaPsYm.exe
  C:\Windows\System\RsaPsYm.exe
  2⤵
  PID:9992
- C:\Windows\System\quRHvXg.exe
  C:\Windows\System\quRHvXg.exe
  2⤵
  PID:10024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CqSGKRG.exe

Filesize
18B

MD5
7e241728f2343f18cf6d4cb72504ec78

SHA1
9cccbb0aba79ab3a2a9bf3155046eceaac78c7ba

SHA256
b2bd378e2abde42a5bf8b9cf629215db74a908498b48485014a09a596a8fd24d

SHA512
45847f8bf306e058894f07ec94236dd09abb29d6656564c3c9064e8b9250fff7a27d019d62b82152715bd4101f38c68aa1616c8e535f5837908b522624314c32

Download Submit
C:\Windows\system\GGeMrOG.exe

Filesize
1.6MB

MD5
9368377db894288aadf0007a36b51f63

SHA1
88cba0d9270e5aff871e4f18109bd1488549abca

SHA256
2756b4442f6eade72adf33bc11a87540e5c3e7e596a1486c7af8fc05bf7f93ab

SHA512
8a3a26feaf7c7bf58c1f96aaf5fbf4cbc571f4b65540537d30d27240ab778a4a6fa80b78c13b07c0eaaae811cab17731d97ff81cc5c54ca2730cb0fa24e5cffd

Download Submit
C:\Windows\system\GvWMfbu.exe

Filesize
1.6MB

MD5
26c299517ba0eeb390a0fc2f8f0553fe

SHA1
2715fec411ddbe1b27617501f36f06a6ffb9f405

SHA256
7e9d126b525a6a0a3dd5213da1438b7cbc528d789af518a4fd7b7275bbb63b79

SHA512
8e62ee8207fe955fd704ea0ea70075e0525bbd46693aa2f7b759d5276631045ca842dccab74599113f530dc8db8e739380e48d143468d7fc452de1d828ff4091

Download Submit
C:\Windows\system\IwZKCGN.exe

Filesize
1.6MB

MD5
1609b0189b925a3525893d7bd3eee46f

SHA1
e0df6397b9ac842d05ab38b0fabc7376d69c9504

SHA256
4cdcb5c4b34800e8460e3b0c2d3bb91740901c526e6ecc8fead759abe835035f

SHA512
d404ac48dea2937c3fea13ff66878675aa4c4be2f75a2c7929dd05f69d2363d86f84a19e3c752b3eec0d5fa84e8450142a93f52c55e12bbe7733c59d437e3b43

Download Submit
C:\Windows\system\KdWoPPy.exe

Filesize
1.6MB

MD5
ba9efef7ce00c3277cf0d5b3b7e2032c

SHA1
c14e85345e5b516e0c18f3b0c6923933d6b22ba5

SHA256
d6e117866145a0adbc1b9ad61533b8ed96b118945e705ac76f415d03fe480959

SHA512
96e9a69909b70276c055d12adb0a088f6d3098f4d3fea5714b949e4a514271d457974633d1c40c15ffa97d396a16424f1e6d6dc4037da3387d4723a8b56ebc47

Download Submit
C:\Windows\system\NbohPyr.exe

Filesize
1.6MB

MD5
a0deff62c38bcd8f02fc27c012a3cb43

SHA1
5fc4fdcde5fa4b361356abefd9cf346b58b77fc9

SHA256
2f83ce70964b93c163e9dd0fbf219cb1975cf468aa296704e5df89675a29581b

SHA512
5bb4caf6a7dcce9c1700b198c7a3e7ec7219bd79fdf9a929ed18eb006c3b64fbe7ff56d0370d3ea09bf5ac732b327abb1027b716e0b8f5ecb562503add1bf685

Download Submit
C:\Windows\system\NmrFjyh.exe

Filesize
1.6MB

MD5
7f9e78eb679da32c1752a19703f5e9a8

SHA1
d5439557316cd067cba9fa476cc4544cbdcb1e79

SHA256
0ccd5f348bda3e371bb409d3eb68a57c389f88c68390ea2585573920a56fc625

SHA512
44c44ea7a424354ba00fd2ff7a576e4bf7f13b90214954262f434462fc4a76d508ca316160ecb3f72fa4b9b13843676346b9c4cc01b2fc453c23045c9ea50712

Download Submit
C:\Windows\system\OOdSvkV.exe

Filesize
1.6MB

MD5
b9b27a868addee3459398bc64fc5e2ca

SHA1
43de801c792d1b9a942dd0cde0880bf3d68028a8

SHA256
02b9a0b0b103ef144248535e920ca1de417915ccc00fc198d7735b7b61a0657c

SHA512
45158993514f744eeb783d33de6ebdd126d29ffd2356b0ba374f909ce4216207a699f43fe8d6d0d2ff3ffeaaf07349e63e587eed1a9bc3d0bb19543d8ac4cf71

Download Submit
C:\Windows\system\QBrfVTU.exe

Filesize
1.6MB

MD5
31233c4e5b1d1cc0e6a1b2b6c4f4452e

SHA1
4673b7451da9b712bf75c007567763a62cc81b87

SHA256
84d5d3469adc8f6b9b67d1bc8caa3594ad17a3d0e86d4891f53cc6b0d89027c9

SHA512
490924a687802a444ce16598be34c4e4dcafb3c682ef8c804270daada380865a567eee799f55f916cccd994c3251a23b2e3e41982d771bd175bdc8ec3c2021d0

Download Submit
C:\Windows\system\QkzuvZA.exe

Filesize
1.6MB

MD5
61e0aaecf466addc3d9dec6f23ed1192

SHA1
e2ece234520cd518eb64e6c0f20698d5f52f127d

SHA256
b390520eb2ee9900b80dd886f4efde778b842117514d6e4096872410d311f09e

SHA512
befb578e9d6b2400fe1b012ca215754c48b1214c0bab57e3811b910a1e832ad7a09171798afe57495ac1b2e3a9bea6de83be86081536e475ccb0cdb1daa7724f

Download Submit
C:\Windows\system\REWQiLZ.exe

Filesize
1.6MB

MD5
9a222314b001cb1414101f7d7608e74e

SHA1
3acaae74cdbc9891ae7b7b715cd2b51bdb4c0798

SHA256
7335fb44d37d838f66a6a9c249d2ab776b7c3af4be9405b96f6aef7650656523

SHA512
2f599cc7f65444d549c5915d7372993f5b8b30dbb1c2644f681c1d0b42d64071e6b04b0808f019b503f7c230699332a4f566fc4de00aa1d7d94ffdfe00b785a4

Download Submit
C:\Windows\system\SBBmxmJ.exe

Filesize
1.6MB

MD5
00a7451637f1de9c99cc6482668a7963

SHA1
247ea4c37220bd95aefa869c8edd72585d4ee3a7

SHA256
78f0b5dca8f250483d3e6b24a7fa28ec482fef7f45a5dfbd62479f43e7c4d21e

SHA512
bf9f6eaf38be4214adcad62070b554962eed3420e0cabc643740c590d51a266ba94bbf7e9acbeca112015202164538c86e045b00d19731a04983506d962cb8b4

Download Submit
C:\Windows\system\SXBBHxG.exe

Filesize
1.6MB

MD5
e9ccf65938d8c34a96e8b8722eb5b159

SHA1
bf5071201bda7d120972366d0480f53455568ab9

SHA256
4453fe233595d65b779c5ad47554a69f85145a09cbccffeafb01997005d852aa

SHA512
84e4ea402c2d58f61213ed787b7a270ba64fd6d1d4faee154db196f8889a2d5853b17b6898697d2d2f6d7c313afced047b4febee0afbc08115d7bc3a830398ce

Download Submit
C:\Windows\system\TUZMSQf.exe

Filesize
1.6MB

MD5
2777eb0b25f6b2cc05d4a560b869ef19

SHA1
ffb936e7c5d6ce5e78a3f76fb7868cb41db4b975

SHA256
f1337e742a95c40ce5c5ea3c997c23b681635cffad2f1ee269f8ead5a61091e3

SHA512
3e8cf0940ddf81b92176a27b90321e952f3910476e68759d714318a8428a260388f47c7e4cfd0e427a7c800b2d2f65eab9675a664c472f5b7e6673cac9d64632

Download Submit
C:\Windows\system\WUOwjVx.exe

Filesize
1.6MB

MD5
cbe716642117a2a2ba5de5d3129492c8

SHA1
e9b82f11504eca061a05252dd57a4e1a4776bac3

SHA256
8b8fa557b70ab2370f226e359c17167cf10f047af063d8727689f376b6ea5e5c

SHA512
99a83c32e79fdb59fa268e0dd00cdc677a913fd839a2cbf0865ceff9ae6f7a644736c0b6c298641d90a187208add133bf18ee44610a243ff0dce0d993cd50044

Download Submit
C:\Windows\system\ZaWEdfv.exe

Filesize
1.6MB

MD5
997ab1408de3b0346bd097e4c6961bcb

SHA1
4a073629379bf55869da505b067f06f2e3bafa0e

SHA256
c68d6ee16a541f8fc569510b1550b0f5e953efd76fad1396dfad161ef4a25dd4

SHA512
9937ca0b277e19b94b26c5aa7b242ed270212ef5fc0da8e14a1a337885bea576345fe218c78ffe82625b45fd410019247b5131a14cda3130266bcd9e2c415924

Download Submit
C:\Windows\system\ZbidRmr.exe

Filesize
1.6MB

MD5
a8648c8c8c5e480277505d5a4c5035c8

SHA1
b3952ecc5e4619f51b3154dd589c15d2c9cfd98c

SHA256
cddfec966368141fd44a84154a1bca2498c7c83f0fbf99bad3e87ec969d662c8

SHA512
cb2ed5eca0627f2696ee5c26f199c2e59c10935583d3973328eb218ed483ae5336b30e77f0bde30578cd7e0f9ff13990a7483f2eac2f492e60aaea52ebe0eb32

Download Submit
C:\Windows\system\aQSqriH.exe

Filesize
1.6MB

MD5
bce6cd7cd2156f66ed5da873da4ba763

SHA1
2423d680daf5f13f0a16a6662522500ced2f48d4

SHA256
4a1cb40795555c63d3dbf8b0cbc58e844f90ed0d837a72b5899623eaf81adb1f

SHA512
7f54ff2b09097a356c52a2a84646af6132aebe5c8317ea609dad167475f71fbf65ddb458595dbca27ac79562b692b0e70c5f8133bff5fb99bf2fa4d2f4bca596

Download Submit
C:\Windows\system\eOaZLgi.exe

Filesize
1.6MB

MD5
9e45c1d6a6b9cc57c59cbcfb490a2281

SHA1
1763ca4aa8963d1c35d04ddaa7bf66fb7b281af6

SHA256
2edaa3a514693d8da133de11bc2c132819da0d379108716467b1d0f8cb6e6ad6

SHA512
d7228d224b9851ed2273aed5f338318855f4e1e6e111274a1d72f6cc22a77939b6086c16deba353942fd4f4f5bed57c30d4786bc091c32494a9b4bdfee5439a7

Download Submit
C:\Windows\system\hXuhSBT.exe

Filesize
1.6MB

MD5
8da66db135ed7fe59fe96a38fc23bf22

SHA1
654f5bd95c34333ae67e6a87f45ad23ca6d3b59d

SHA256
39f4820d0e93e8598c97fd3e3774d57254934381fce6e1c3e3320e0d1013a1ae

SHA512
0eaadd3f3f7b4a49e1c9dc6858ee3c4eacc1758e6b67d5df207effae90a599ff6d0385cc0f6e0de880fbf5c899d9beb69600100247669af5d9b69fabaad5669d

Download Submit
C:\Windows\system\hnSDdlu.exe

Filesize
8B

MD5
e71397695bfc95ac5fe1d82687725659

SHA1
45272317203fb987b8952f41b0170bd5a78944b0

SHA256
593106c260dc81c57565b84dcf164e3aba348716b31b67ed996f84e8eb33a8f2

SHA512
b0a8d0ea3899c2bbb7c006edeeb2ecf2f4894f56db8d8ff247c4e6fc5083c186ab234b2494615de540e99bc5dda8055b1dfec22d34c5a32a9febff889f810e0e

Download Submit
C:\Windows\system\ixHUMBM.exe

Filesize
1.6MB

MD5
7759988458b94c0d9ab7c773d51d705c

SHA1
43b7acd8c5bd3e6ebd4ff278799ed52c3130b557

SHA256
ed849a802576d35df94d0eb8d95cb34a2f3adc4a0729efaa88add9d7b9b448fc

SHA512
93029517f0b76673f87779da60993bb4d7fe90f6d6dd24f86df966fad4c5a9ee16375c0fd21b577b36ab3ff1e1cc70b6b930f24a593f359c906f473f04921035

Download Submit
C:\Windows\system\nSMtmeQ.exe

Filesize
1.6MB

MD5
191a90b453a2c90c5f2e1582f1e3eaba

SHA1
a4a7e8bd127508206a573d7017e721ee59b42ab1

SHA256
c4eb79d6c4c9cc1898ac2c33ce36af86e13c7c940702e6e2511cb0f89260ad6b

SHA512
97cb29d0a6764809a1f4dba0064b2e17c6fc9465f46a4da31fc9ec7c02fb4fa969d454c11a92bf5705ba94b8b03da91cc96903620268b05c0cb4bd4fea33b1d6

Download Submit
C:\Windows\system\qGSCCLh.exe

Filesize
1.6MB

MD5
e6544e36ab5f06cc1a90dab229d3573f

SHA1
8badc64517245a1d4a47616bf837ee9b4b58fdad

SHA256
904ef97472beb76b22db97622e591e78b417ba5b4651d51e546b9cf6faa84aac

SHA512
9d21d8d5038479acdc1e4c83bcde0854d1b47a038a0f91dea0d82848b963940c024d3585b942b7133a7af47116c6225de343e459e4859c1ddbe06164bcfe6d5f

Download Submit
C:\Windows\system\qQYoiyH.exe

Filesize
1.6MB

MD5
cfba28dd76e39e01c6b0490032548404

SHA1
bed17eec66f8f2b87aafbc6cbc054f36b022e228

SHA256
37d737adb160392cf4bc5bac60e7961bcf6e61721fa9ffcfd1766bda6611a7e0

SHA512
a30c67b79d43a0f549b432f836c668d75cf4fa7d83a7b55e12ad041b9dfda8a0081a82028515804f09d50df3affd54d78ccee5ac75751d2e3d08e1ad5a4f6f49

Download Submit
C:\Windows\system\uXrROkg.exe

Filesize
1.6MB

MD5
20f4ac0a5b9b4b89cdf4af295708e0c1

SHA1
e198e72dcc97555e017620009f01463a807def55

SHA256
846fa40d3ab1d6a16c089c8935fda0a354afebf489f0af1ccb35ca22cc919867

SHA512
540ba3bf7722595c2148c8ff9ab114d710711c5b585bf514cc7616283ffceeaa7d595dc7a7386d41620ee7b6c5fd345c63e83388c9a41a5527afcbff076f1dcd

Download Submit
C:\Windows\system\vdZFGtV.exe

Filesize
1.6MB

MD5
2ed33b3e1e0007d3562a2103c78e1f75

SHA1
0e76185cf97c570032a137e4aea9001f1c5d09a2

SHA256
43829620bd4f1e63550379fa0d843ccf417831ab581623c605a50d177f6b4877

SHA512
8f20fb1ce1539ec0ce3a6f5063827f4c7e264b77c100f8abbd159af0bc9f0fc9d66bb33c52cbb8ed4e0ff1bb872b7c66106b07a003f014ec4daf6385b42f8207

Download Submit
C:\Windows\system\xgFMPxe.exe

Filesize
1.6MB

MD5
28692a8c3b67d84ff592fc67a08c7eaa

SHA1
99093b97b593e6ba175ac2b0917478a1616e7940

SHA256
4e0f56bc3dd5377e6da19ded0bc39df43de9358f27cc588c55bfec71c87f2784

SHA512
945667538cd1ef929ab5e19f7b4384df3d793f6b3f443e48e0a639669ff3730911ca29420aadad327a45e97d583e6f4d06b832a37a52a82a2f894d81b490c510

Download Submit
C:\Windows\system\xvrOROO.exe

Filesize
1.6MB

MD5
5a2c1d94038fbf5c27961a5b29a4b7b1

SHA1
0f06d339a19f348e4b135922e1892d67bae69db3

SHA256
085814710746345d0280952fbd1b8b0a026592162c50f5e83a566f047debebf3

SHA512
b754dd7881a091d739c4b1ab50ad161079a8b3fa9e90ae508901ad8b7e0d20b6fbfe00b18dc44aff35971079dbae251b6aaf9f173a9ca4f492386cbe63f381e8

Download Submit
C:\Windows\system\yOKMjin.exe

Filesize
1.6MB

MD5
a85f589db5a885f5b90d60363b817c82

SHA1
6a8c3c869f762de5c3d035847debf4b92984e9e9

SHA256
0d00760baa3fc1d00237aca9adbf703dd26351f6a8e4de9a45b9fb8a806b4cff

SHA512
29ebfa90cdc61afd78545da912d1f8f66e19b6ba0824664858862307f3447700ccf0c8cd7b5d7aceefec1dc6bbe7981e4eda65b4fe42e88db5c1b4b48f06cbf2

Download Submit
C:\Windows\system\zilvZXh.exe

Filesize
1.6MB

MD5
def3c75ddb438b96257cedc22c920d0f

SHA1
e8b8be8370032816d66855952d074b3681db31ed

SHA256
72ba7e4a56cef1e9a9335379944fa6f6a633f96a49729bb8018042c7d744d0f8

SHA512
42eb32c09811e06a9d170e4d69b684a62abb4acef17b431952c2b0c9c38c878443ff07e87bd9f9dce24ad7cf5951dc0ebafa629be8e271554a60cecd14cab852

Download Submit
C:\Windows\system\zzARnWR.exe

Filesize
1.6MB

MD5
b94d02ebd2c3a68886492b190150657b

SHA1
d7e26622e0125a354132dba8fa4336234264e242

SHA256
005167388fadb7b327c43115bf80616084c1fbdfc6b545ea3c5de526c26c0695

SHA512
c93c7645aa18789907fe46b1fd67413336dba6806740677ecdac1dcbd3bd138d3a7bc0a39e51b5f2f988f3201793288f592f366be5ec56734b9aa5f75f22c521

Download Submit
\Windows\system\SlhMOBm.exe

Filesize
1.6MB

MD5
1673d77d56c09941f269254eb9ddf161

SHA1
a51d35769a6d456c7474d06b7613f7003aea17f0

SHA256
41870d2300e6454a0cabde5af9305aa31ec0462eca35341c30f41e17e6fa3772

SHA512
4ca3d87a611581d346d617afe63f298f16baf1bffac187b8a6cec351e893534bbd86dfee8c745d8877ec0ead1ed1a141c235d78eccf237e2d449043546264dfc

Download Submit
\Windows\system\tQHNXnp.exe

Filesize
1.6MB

MD5
8967b345068d695162f40c1f08f4ab96

SHA1
8d733d92b57d339a5655bbbcde9b0373244aa056

SHA256
aed969213e29e9c0a6eb92b238d90a54798ec334ef8f9baeb417e2754b73fb10

SHA512
776192c32d23eacd3e7fc6e22e7c556692bb67d71f1c41b286713b7fe9fa81838b826c8d9f34fe277ad2f8ba3f088639274c766c6506e2ad2038e298e9193470

Download Submit
memory/808-4268-0x000000013FDD0000-0x00000001401C2000-memory.dmp

Filesize
3.9MB

Download
memory/808-170-0x000000013FDD0000-0x00000001401C2000-memory.dmp

Filesize
3.9MB

Download
memory/1280-162-0x0000000001D90000-0x0000000001D98000-memory.dmp

Filesize
32KB

Download
memory/1280-13-0x0000000002B00000-0x0000000002B80000-memory.dmp

Filesize
512KB

Download
memory/1280-157-0x000000001B730000-0x000000001BA12000-memory.dmp

Filesize
2.9MB

Download
memory/1280-1269-0x000007FEF6280000-0x000007FEF6C1D000-memory.dmp

Filesize
9.6MB

Download
memory/1280-15-0x000007FEF653E000-0x000007FEF653F000-memory.dmp

Filesize
4KB

Download
memory/1280-171-0x000007FEF6280000-0x000007FEF6C1D000-memory.dmp

Filesize
9.6MB

Download
memory/1280-121-0x000007FEF6280000-0x000007FEF6C1D000-memory.dmp

Filesize
9.6MB

Download
memory/2316-4348-0x000000013F5F0000-0x000000013F9E2000-memory.dmp

Filesize
3.9MB

Download
memory/2316-168-0x000000013F5F0000-0x000000013F9E2000-memory.dmp

Filesize
3.9MB

Download
memory/2564-128-0x000000013FA60000-0x000000013FE52000-memory.dmp

Filesize
3.9MB

Download
memory/2564-4310-0x000000013FA60000-0x000000013FE52000-memory.dmp

Filesize
3.9MB

Download
memory/2576-4290-0x000000013FD20000-0x0000000140112000-memory.dmp

Filesize
3.9MB

Download
memory/2576-145-0x000000013FD20000-0x0000000140112000-memory.dmp

Filesize
3.9MB

Download
memory/2592-4315-0x000000013F780000-0x000000013FB72000-memory.dmp

Filesize
3.9MB

Download
memory/2592-124-0x000000013F780000-0x000000013FB72000-memory.dmp

Filesize
3.9MB

Download
memory/2600-4288-0x000000013F6F0000-0x000000013FAE2000-memory.dmp

Filesize
3.9MB

Download
memory/2600-126-0x000000013F6F0000-0x000000013FAE2000-memory.dmp

Filesize
3.9MB

Download
memory/2608-4358-0x000000013FD10000-0x0000000140102000-memory.dmp

Filesize
3.9MB

Download
memory/2608-164-0x000000013FD10000-0x0000000140102000-memory.dmp

Filesize
3.9MB

Download
memory/2652-160-0x000000013F360000-0x000000013F752000-memory.dmp

Filesize
3.9MB

Download
memory/2652-4280-0x000000013F360000-0x000000013F752000-memory.dmp

Filesize
3.9MB

Download
memory/2656-4267-0x000000013F4A0000-0x000000013F892000-memory.dmp

Filesize
3.9MB

Download
memory/2656-122-0x000000013F4A0000-0x000000013F892000-memory.dmp

Filesize
3.9MB

Download
memory/2820-136-0x000000013FBD0000-0x000000013FFC2000-memory.dmp

Filesize
3.9MB

Download
memory/2820-4278-0x000000013FBD0000-0x000000013FFC2000-memory.dmp

Filesize
3.9MB

Download
memory/2840-12-0x000000013F270000-0x000000013F662000-memory.dmp

Filesize
3.9MB

Download
memory/2840-4295-0x000000013F270000-0x000000013F662000-memory.dmp

Filesize
3.9MB

Download
memory/2952-166-0x000000013F6B0000-0x000000013FAA2000-memory.dmp

Filesize
3.9MB

Download
memory/2952-4243-0x000000013F6B0000-0x000000013FAA2000-memory.dmp

Filesize
3.9MB

Download
memory/3056-143-0x0000000002DB0000-0x00000000031A2000-memory.dmp

Filesize
3.9MB

Download
memory/3056-740-0x000000013FDB0000-0x00000001401A2000-memory.dmp

Filesize
3.9MB

Download
memory/3056-14-0x000000013F270000-0x000000013F662000-memory.dmp

Filesize
3.9MB

Download
memory/3056-127-0x0000000002DB0000-0x00000000031A2000-memory.dmp

Filesize
3.9MB

Download
memory/3056-149-0x000000013F360000-0x000000013F752000-memory.dmp

Filesize
3.9MB

Download
memory/3056-0-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/3056-172-0x000000013F4A0000-0x000000013F892000-memory.dmp

Filesize
3.9MB

Download
memory/3056-123-0x000000013F780000-0x000000013FB72000-memory.dmp

Filesize
3.9MB

Download
memory/3056-125-0x000000013F6F0000-0x000000013FAE2000-memory.dmp

Filesize
3.9MB

Download
memory/3056-132-0x0000000002DB0000-0x00000000031A2000-memory.dmp

Filesize
3.9MB

Download
memory/3056-169-0x0000000003320000-0x0000000003712000-memory.dmp

Filesize
3.9MB

Download
memory/3056-163-0x0000000003320000-0x0000000003712000-memory.dmp

Filesize
3.9MB

Download
memory/3056-165-0x000000013F6B0000-0x000000013FAA2000-memory.dmp

Filesize
3.9MB

Download
memory/3056-167-0x000000013F5F0000-0x000000013F9E2000-memory.dmp

Filesize
3.9MB

Download
memory/3056-6-0x000000013FDB0000-0x00000001401A2000-memory.dmp

Filesize
3.9MB

Download