xmrig | c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028

Analysis

max time kernel
151s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 03:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
Size

1.6MB
MD5

a865dfd1209493fc5e85305ea180fa5a
SHA1

908a532669674324a642f996bc0882f4bfbc1da3
SHA256

c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028
SHA512

d788cdc3525d52ee5dee94bda4eacb37bbb1437bbdcf1afbc543803f074f9cc2e49909356ff46a5b59faaa35b411bd60358c23f85d7280466d9b161e5a2901bf
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvj7NaVNqd9OeSZXCdzvd4/iooIXsLq9Uab:Lz071uv4BPMkHC0IaSEzQR4iRLUUaazY

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 40 IoCs

resource	yara_rule
behavioral2/memory/4272-221-0x00007FF7844F0000-0x00007FF7848E2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4252-252-0x00007FF7A1DE0000-0x00007FF7A21D2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2276-273-0x00007FF728FC0000-0x00007FF7293B2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3244-293-0x00007FF7AEA00000-0x00007FF7AEDF2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1788-292-0x00007FF67A700000-0x00007FF67AAF2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2100-285-0x00007FF67DDF0000-0x00007FF67E1E2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4532-271-0x00007FF6DD180000-0x00007FF6DD572000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4040-270-0x00007FF7A5E40000-0x00007FF7A6232000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3020-269-0x00007FF6D1D10000-0x00007FF6D2102000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/420-267-0x00007FF6E2200000-0x00007FF6E25F2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4732-266-0x00007FF798A90000-0x00007FF798E82000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1600-199-0x00007FF6E0360000-0x00007FF6E0752000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4280-166-0x00007FF7BAD10000-0x00007FF7BB102000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1884-105-0x00007FF6C3060000-0x00007FF6C3452000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1640-84-0x00007FF7213E0000-0x00007FF7217D2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4004-53-0x00007FF7423D0000-0x00007FF7427C2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4720-26-0x00007FF7FDF20000-0x00007FF7FE312000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/836-1861-0x00007FF613C10000-0x00007FF614002000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3868-1862-0x00007FF6726B0000-0x00007FF672AA2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4004-1867-0x00007FF7423D0000-0x00007FF7427C2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/5088-1874-0x00007FF642230000-0x00007FF642622000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1640-1883-0x00007FF7213E0000-0x00007FF7217D2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2276-1896-0x00007FF728FC0000-0x00007FF7293B2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1884-1893-0x00007FF6C3060000-0x00007FF6C3452000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2860-1908-0x00007FF7A8590000-0x00007FF7A8982000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4280-1945-0x00007FF7BAD10000-0x00007FF7BB102000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4732-1961-0x00007FF798A90000-0x00007FF798E82000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4532-1969-0x00007FF6DD180000-0x00007FF6DD572000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/420-1965-0x00007FF6E2200000-0x00007FF6E25F2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3020-1968-0x00007FF6D1D10000-0x00007FF6D2102000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4252-1958-0x00007FF7A1DE0000-0x00007FF7A21D2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2624-1950-0x00007FF7ABAD0000-0x00007FF7ABEC2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4272-1941-0x00007FF7844F0000-0x00007FF7848E2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/3244-1936-0x00007FF7AEA00000-0x00007FF7AEDF2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4024-1928-0x00007FF606FA0000-0x00007FF607392000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1788-1921-0x00007FF67A700000-0x00007FF67AAF2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/2100-1915-0x00007FF67DDF0000-0x00007FF67E1E2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/1600-1903-0x00007FF6E0360000-0x00007FF6E0752000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/4040-1988-0x00007FF7A5E40000-0x00007FF7A6232000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral2/memory/668-2814-0x00007FF796440000-0x00007FF796832000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/668-0-0x00007FF796440000-0x00007FF796832000-memory.dmp	UPX
behavioral2/files/0x0008000000023246-5.dat	UPX
behavioral2/files/0x000700000002324d-8.dat	UPX
behavioral2/files/0x000900000002324c-16.dat	UPX
behavioral2/files/0x000700000002324f-24.dat	UPX
behavioral2/files/0x0007000000023250-31.dat	UPX
behavioral2/files/0x000700000002324e-32.dat	UPX
behavioral2/memory/5088-37-0x00007FF642230000-0x00007FF642622000-memory.dmp	UPX
behavioral2/files/0x0007000000023252-55.dat	UPX
behavioral2/files/0x0007000000023259-89.dat	UPX
behavioral2/files/0x000700000002325f-113.dat	UPX
behavioral2/files/0x0007000000023265-150.dat	UPX
behavioral2/files/0x000700000002326e-188.dat	UPX
behavioral2/memory/4272-221-0x00007FF7844F0000-0x00007FF7848E2000-memory.dmp	UPX
behavioral2/memory/4252-252-0x00007FF7A1DE0000-0x00007FF7A21D2000-memory.dmp	UPX
behavioral2/memory/2276-273-0x00007FF728FC0000-0x00007FF7293B2000-memory.dmp	UPX
behavioral2/memory/3244-293-0x00007FF7AEA00000-0x00007FF7AEDF2000-memory.dmp	UPX
behavioral2/memory/1788-292-0x00007FF67A700000-0x00007FF67AAF2000-memory.dmp	UPX
behavioral2/memory/2100-285-0x00007FF67DDF0000-0x00007FF67E1E2000-memory.dmp	UPX
behavioral2/memory/4532-271-0x00007FF6DD180000-0x00007FF6DD572000-memory.dmp	UPX
behavioral2/memory/4040-270-0x00007FF7A5E40000-0x00007FF7A6232000-memory.dmp	UPX
behavioral2/memory/3020-269-0x00007FF6D1D10000-0x00007FF6D2102000-memory.dmp	UPX
behavioral2/memory/420-267-0x00007FF6E2200000-0x00007FF6E25F2000-memory.dmp	UPX
behavioral2/memory/4732-266-0x00007FF798A90000-0x00007FF798E82000-memory.dmp	UPX
behavioral2/memory/1600-199-0x00007FF6E0360000-0x00007FF6E0752000-memory.dmp	UPX
behavioral2/files/0x0007000000023270-198.dat	UPX
behavioral2/files/0x000700000002326f-197.dat	UPX
behavioral2/files/0x0007000000023261-191.dat	UPX
behavioral2/files/0x000700000002326c-183.dat	UPX
behavioral2/files/0x000700000002325e-180.dat	UPX
behavioral2/files/0x000700000002326a-176.dat	UPX
behavioral2/files/0x000700000002325d-173.dat	UPX
behavioral2/files/0x0007000000023269-172.dat	UPX
behavioral2/files/0x0007000000023268-171.dat	UPX
behavioral2/files/0x000700000002325c-167.dat	UPX
behavioral2/memory/4280-166-0x00007FF7BAD10000-0x00007FF7BB102000-memory.dmp	UPX
behavioral2/memory/2624-160-0x00007FF7ABAD0000-0x00007FF7ABEC2000-memory.dmp	UPX
behavioral2/files/0x0007000000023267-159.dat	UPX
behavioral2/files/0x000700000002325b-157.dat	UPX
behavioral2/files/0x0007000000023266-154.dat	UPX
behavioral2/files/0x0007000000023264-148.dat	UPX
behavioral2/files/0x0007000000023263-145.dat	UPX
behavioral2/files/0x000700000002326d-187.dat	UPX
behavioral2/files/0x0007000000023262-140.dat	UPX
behavioral2/files/0x0007000000023257-134.dat	UPX
behavioral2/memory/4024-128-0x00007FF606FA0000-0x00007FF607392000-memory.dmp	UPX
behavioral2/files/0x0007000000023260-121.dat	UPX
behavioral2/files/0x000700000002325a-118.dat	UPX
behavioral2/files/0x0007000000023256-129.dat	UPX
behavioral2/files/0x0007000000023258-106.dat	UPX
behavioral2/memory/1884-105-0x00007FF6C3060000-0x00007FF6C3452000-memory.dmp	UPX
behavioral2/memory/1640-84-0x00007FF7213E0000-0x00007FF7217D2000-memory.dmp	UPX
behavioral2/files/0x0007000000023255-78.dat	UPX
behavioral2/files/0x000800000002324b-95.dat	UPX
behavioral2/files/0x0007000000023254-69.dat	UPX
behavioral2/files/0x0007000000023253-66.dat	UPX
behavioral2/memory/2860-61-0x00007FF7A8590000-0x00007FF7A8982000-memory.dmp	UPX
behavioral2/memory/4004-53-0x00007FF7423D0000-0x00007FF7427C2000-memory.dmp	UPX
behavioral2/files/0x0007000000023251-54.dat	UPX
behavioral2/memory/836-33-0x00007FF613C10000-0x00007FF614002000-memory.dmp	UPX
behavioral2/memory/4720-26-0x00007FF7FDF20000-0x00007FF7FE312000-memory.dmp	UPX
behavioral2/memory/3868-21-0x00007FF6726B0000-0x00007FF672AA2000-memory.dmp	UPX
behavioral2/memory/2500-11-0x00007FF7DA9E0000-0x00007FF7DADD2000-memory.dmp	UPX
behavioral2/memory/836-1861-0x00007FF613C10000-0x00007FF614002000-memory.dmp	UPX

XMRig Miner payload 40 IoCs

miner

resource	yara_rule
behavioral2/memory/4272-221-0x00007FF7844F0000-0x00007FF7848E2000-memory.dmp	xmrig
behavioral2/memory/4252-252-0x00007FF7A1DE0000-0x00007FF7A21D2000-memory.dmp	xmrig
behavioral2/memory/2276-273-0x00007FF728FC0000-0x00007FF7293B2000-memory.dmp	xmrig
behavioral2/memory/3244-293-0x00007FF7AEA00000-0x00007FF7AEDF2000-memory.dmp	xmrig
behavioral2/memory/1788-292-0x00007FF67A700000-0x00007FF67AAF2000-memory.dmp	xmrig
behavioral2/memory/2100-285-0x00007FF67DDF0000-0x00007FF67E1E2000-memory.dmp	xmrig
behavioral2/memory/4532-271-0x00007FF6DD180000-0x00007FF6DD572000-memory.dmp	xmrig
behavioral2/memory/4040-270-0x00007FF7A5E40000-0x00007FF7A6232000-memory.dmp	xmrig
behavioral2/memory/3020-269-0x00007FF6D1D10000-0x00007FF6D2102000-memory.dmp	xmrig
behavioral2/memory/420-267-0x00007FF6E2200000-0x00007FF6E25F2000-memory.dmp	xmrig
behavioral2/memory/4732-266-0x00007FF798A90000-0x00007FF798E82000-memory.dmp	xmrig
behavioral2/memory/1600-199-0x00007FF6E0360000-0x00007FF6E0752000-memory.dmp	xmrig
behavioral2/memory/4280-166-0x00007FF7BAD10000-0x00007FF7BB102000-memory.dmp	xmrig
behavioral2/memory/1884-105-0x00007FF6C3060000-0x00007FF6C3452000-memory.dmp	xmrig
behavioral2/memory/1640-84-0x00007FF7213E0000-0x00007FF7217D2000-memory.dmp	xmrig
behavioral2/memory/4004-53-0x00007FF7423D0000-0x00007FF7427C2000-memory.dmp	xmrig
behavioral2/memory/4720-26-0x00007FF7FDF20000-0x00007FF7FE312000-memory.dmp	xmrig
behavioral2/memory/836-1861-0x00007FF613C10000-0x00007FF614002000-memory.dmp	xmrig
behavioral2/memory/3868-1862-0x00007FF6726B0000-0x00007FF672AA2000-memory.dmp	xmrig
behavioral2/memory/4004-1867-0x00007FF7423D0000-0x00007FF7427C2000-memory.dmp	xmrig
behavioral2/memory/5088-1874-0x00007FF642230000-0x00007FF642622000-memory.dmp	xmrig
behavioral2/memory/1640-1883-0x00007FF7213E0000-0x00007FF7217D2000-memory.dmp	xmrig
behavioral2/memory/2276-1896-0x00007FF728FC0000-0x00007FF7293B2000-memory.dmp	xmrig
behavioral2/memory/1884-1893-0x00007FF6C3060000-0x00007FF6C3452000-memory.dmp	xmrig
behavioral2/memory/2860-1908-0x00007FF7A8590000-0x00007FF7A8982000-memory.dmp	xmrig
behavioral2/memory/4280-1945-0x00007FF7BAD10000-0x00007FF7BB102000-memory.dmp	xmrig
behavioral2/memory/4732-1961-0x00007FF798A90000-0x00007FF798E82000-memory.dmp	xmrig
behavioral2/memory/4532-1969-0x00007FF6DD180000-0x00007FF6DD572000-memory.dmp	xmrig
behavioral2/memory/420-1965-0x00007FF6E2200000-0x00007FF6E25F2000-memory.dmp	xmrig
behavioral2/memory/3020-1968-0x00007FF6D1D10000-0x00007FF6D2102000-memory.dmp	xmrig
behavioral2/memory/4252-1958-0x00007FF7A1DE0000-0x00007FF7A21D2000-memory.dmp	xmrig
behavioral2/memory/2624-1950-0x00007FF7ABAD0000-0x00007FF7ABEC2000-memory.dmp	xmrig
behavioral2/memory/4272-1941-0x00007FF7844F0000-0x00007FF7848E2000-memory.dmp	xmrig
behavioral2/memory/3244-1936-0x00007FF7AEA00000-0x00007FF7AEDF2000-memory.dmp	xmrig
behavioral2/memory/4024-1928-0x00007FF606FA0000-0x00007FF607392000-memory.dmp	xmrig
behavioral2/memory/1788-1921-0x00007FF67A700000-0x00007FF67AAF2000-memory.dmp	xmrig
behavioral2/memory/2100-1915-0x00007FF67DDF0000-0x00007FF67E1E2000-memory.dmp	xmrig
behavioral2/memory/1600-1903-0x00007FF6E0360000-0x00007FF6E0752000-memory.dmp	xmrig
behavioral2/memory/4040-1988-0x00007FF7A5E40000-0x00007FF7A6232000-memory.dmp	xmrig
behavioral2/memory/668-2814-0x00007FF796440000-0x00007FF796832000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
5	4788	powershell.exe
9	4788	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
4788	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2500	WunnBSc.exe
3868	DjwShaF.exe
4720	NXsCNaX.exe
5088	qycXdWg.exe
836	QMKVcDd.exe
4004	ZCsbhvH.exe
2860	npoqOBb.exe
1640	ssXNzwZ.exe
2276	KXFcdda.exe
1884	zRWkKTo.exe
4024	FKySdqm.exe
2100	ypELYLn.exe
2624	GrhGqfT.exe
4280	RgYxScx.exe
1788	cSWNzXv.exe
1600	PktiROt.exe
4272	jWjkMdu.exe
4252	tnqzUCx.exe
4732	PMvHedy.exe
420	DGEmSMg.exe
3020	ZMGPXiZ.exe
3244	PpjnXSg.exe
4040	trRWkZh.exe
4532	HNBDQGy.exe
4012	lQmFXwE.exe
4684	MagzukG.exe
716	mTOiBre.exe
1728	qIwdTEH.exe
3996	cQQswEz.exe
1072	wvLPzbz.exe
4688	RlnKKqL.exe
5044	sNcjObQ.exe
2436	eUqnpKd.exe
4712	WKSqGIk.exe
4192	EuUbMbe.exe
572	aiPXJoR.exe
4404	kRcRqDk.exe
3672	txuzNyR.exe
3396	DCGmyvj.exe
2248	yYqMcHy.exe
1988	EaitcfM.exe
1764	XCWLgxz.exe
4492	IWNjTvI.exe
2052	UsBXzMF.exe
2336	mJlGsJV.exe
4516	jAYELDN.exe
5124	UUAdonp.exe
5144	LFNhOim.exe
3300	OMPPkBo.exe
5168	wMfkWDb.exe
5244	GYnhDmG.exe
5260	uQuWbIv.exe
5280	xBYEYgo.exe
5308	jJvZMIn.exe
5340	JILNkSj.exe
5424	hXzZcYg.exe
5448	LhAyqqR.exe
5184	zeNckrW.exe
5500	xifWSiI.exe
5516	LYWZJbo.exe
5212	tEnPUsy.exe
5532	XRZOXMj.exe
5552	niKLMOf.exe
5592	aJasURD.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/668-0-0x00007FF796440000-0x00007FF796832000-memory.dmp	upx
behavioral2/files/0x0008000000023246-5.dat	upx
behavioral2/files/0x000700000002324d-8.dat	upx
behavioral2/files/0x000900000002324c-16.dat	upx
behavioral2/files/0x000700000002324f-24.dat	upx
behavioral2/files/0x0007000000023250-31.dat	upx
behavioral2/files/0x000700000002324e-32.dat	upx
behavioral2/memory/5088-37-0x00007FF642230000-0x00007FF642622000-memory.dmp	upx
behavioral2/files/0x0007000000023252-55.dat	upx
behavioral2/files/0x0007000000023259-89.dat	upx
behavioral2/files/0x000700000002325f-113.dat	upx
behavioral2/files/0x0007000000023265-150.dat	upx
behavioral2/files/0x000700000002326e-188.dat	upx
behavioral2/memory/4272-221-0x00007FF7844F0000-0x00007FF7848E2000-memory.dmp	upx
behavioral2/memory/4252-252-0x00007FF7A1DE0000-0x00007FF7A21D2000-memory.dmp	upx
behavioral2/memory/2276-273-0x00007FF728FC0000-0x00007FF7293B2000-memory.dmp	upx
behavioral2/memory/3244-293-0x00007FF7AEA00000-0x00007FF7AEDF2000-memory.dmp	upx
behavioral2/memory/1788-292-0x00007FF67A700000-0x00007FF67AAF2000-memory.dmp	upx
behavioral2/memory/2100-285-0x00007FF67DDF0000-0x00007FF67E1E2000-memory.dmp	upx
behavioral2/memory/4532-271-0x00007FF6DD180000-0x00007FF6DD572000-memory.dmp	upx
behavioral2/memory/4040-270-0x00007FF7A5E40000-0x00007FF7A6232000-memory.dmp	upx
behavioral2/memory/3020-269-0x00007FF6D1D10000-0x00007FF6D2102000-memory.dmp	upx
behavioral2/memory/420-267-0x00007FF6E2200000-0x00007FF6E25F2000-memory.dmp	upx
behavioral2/memory/4732-266-0x00007FF798A90000-0x00007FF798E82000-memory.dmp	upx
behavioral2/memory/1600-199-0x00007FF6E0360000-0x00007FF6E0752000-memory.dmp	upx
behavioral2/files/0x0007000000023270-198.dat	upx
behavioral2/files/0x000700000002326f-197.dat	upx
behavioral2/files/0x0007000000023261-191.dat	upx
behavioral2/files/0x000700000002326c-183.dat	upx
behavioral2/files/0x000700000002325e-180.dat	upx
behavioral2/files/0x000700000002326a-176.dat	upx
behavioral2/files/0x000700000002325d-173.dat	upx
behavioral2/files/0x0007000000023269-172.dat	upx
behavioral2/files/0x0007000000023268-171.dat	upx
behavioral2/files/0x000700000002325c-167.dat	upx
behavioral2/memory/4280-166-0x00007FF7BAD10000-0x00007FF7BB102000-memory.dmp	upx
behavioral2/memory/2624-160-0x00007FF7ABAD0000-0x00007FF7ABEC2000-memory.dmp	upx
behavioral2/files/0x0007000000023267-159.dat	upx
behavioral2/files/0x000700000002325b-157.dat	upx
behavioral2/files/0x0007000000023266-154.dat	upx
behavioral2/files/0x0007000000023264-148.dat	upx
behavioral2/files/0x0007000000023263-145.dat	upx
behavioral2/files/0x000700000002326d-187.dat	upx
behavioral2/files/0x0007000000023262-140.dat	upx
behavioral2/files/0x0007000000023257-134.dat	upx
behavioral2/memory/4024-128-0x00007FF606FA0000-0x00007FF607392000-memory.dmp	upx
behavioral2/files/0x0007000000023260-121.dat	upx
behavioral2/files/0x000700000002325a-118.dat	upx
behavioral2/files/0x0007000000023256-129.dat	upx
behavioral2/files/0x0007000000023258-106.dat	upx
behavioral2/memory/1884-105-0x00007FF6C3060000-0x00007FF6C3452000-memory.dmp	upx
behavioral2/memory/1640-84-0x00007FF7213E0000-0x00007FF7217D2000-memory.dmp	upx
behavioral2/files/0x0007000000023255-78.dat	upx
behavioral2/files/0x000800000002324b-95.dat	upx
behavioral2/files/0x0007000000023254-69.dat	upx
behavioral2/files/0x0007000000023253-66.dat	upx
behavioral2/memory/2860-61-0x00007FF7A8590000-0x00007FF7A8982000-memory.dmp	upx
behavioral2/memory/4004-53-0x00007FF7423D0000-0x00007FF7427C2000-memory.dmp	upx
behavioral2/files/0x0007000000023251-54.dat	upx
behavioral2/memory/836-33-0x00007FF613C10000-0x00007FF614002000-memory.dmp	upx
behavioral2/memory/4720-26-0x00007FF7FDF20000-0x00007FF7FE312000-memory.dmp	upx
behavioral2/memory/3868-21-0x00007FF6726B0000-0x00007FF672AA2000-memory.dmp	upx
behavioral2/memory/2500-11-0x00007FF7DA9E0000-0x00007FF7DADD2000-memory.dmp	upx
behavioral2/memory/836-1861-0x00007FF613C10000-0x00007FF614002000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	raw.githubusercontent.com
5	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\rURzuIj.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\kowGegz.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\MIKwiGo.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\dNdpDOf.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\FiewDNl.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\YvXsJmi.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\GcafUve.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\HKhnyHW.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\GMKcXMq.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\ejtAuHJ.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\kfMTluY.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\HVFGNOr.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\ndKfiSi.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\pFdLZTR.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\bJmQvmV.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\vfMfmmn.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\nKsEDEP.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\FBnnwAy.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\dYAsVjr.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\TFgKbKl.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\EuUbMbe.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\DIGGoXg.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\bFEubAi.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\HZIxDhl.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\cQJwZKK.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\xhZrXuA.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\afSobPf.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\Rvuzuvu.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\hVrnbxW.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\KRxmheb.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\FPRQVhX.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\WeHjEtZ.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\JxneZYn.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\ErXkIfX.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\FqXFsYW.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\oAavKkP.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\mPlOdGc.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\bbBypLJ.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\MKvmjZw.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\qIygAlS.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\aflURdF.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\WEzqjMj.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\wyzoPYc.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\twctOYR.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\SVQRrGh.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\QrgBUiA.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\oLCczJf.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\JdKEEOp.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\VxNNkZJ.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\orTMXqo.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\wnPZzKb.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\vPKSvSo.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\fejAvvc.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\hXzZcYg.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\lwcxQMh.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\Mgkvgpw.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\pxbsuHQ.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\KjbKFaV.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\DdcfzDY.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\EcfPisB.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\kbiHTqN.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\qTwKXcR.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\SZWTGqm.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
File created	C:\Windows\System\eoapLnf.exe	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wermgr.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	wermgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	wermgr.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4788	powershell.exe
4788	powershell.exe
4788	powershell.exe
4788	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
Token: SeLockMemoryPrivilege	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
Token: SeDebugPrivilege	4788	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 668 wrote to memory of 4788	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	92
PID 668 wrote to memory of 4788	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	92
PID 668 wrote to memory of 2500	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	93
PID 668 wrote to memory of 2500	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	93
PID 668 wrote to memory of 3868	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	94
PID 668 wrote to memory of 3868	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	94
PID 668 wrote to memory of 4720	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	95
PID 668 wrote to memory of 4720	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	95
PID 668 wrote to memory of 5088	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	96
PID 668 wrote to memory of 5088	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	96
PID 668 wrote to memory of 836	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	97
PID 668 wrote to memory of 836	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	97
PID 668 wrote to memory of 4004	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	98
PID 668 wrote to memory of 4004	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	98
PID 668 wrote to memory of 2860	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	99
PID 668 wrote to memory of 2860	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	99
PID 668 wrote to memory of 1640	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	100
PID 668 wrote to memory of 1640	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	100
PID 668 wrote to memory of 2276	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	101
PID 668 wrote to memory of 2276	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	101
PID 668 wrote to memory of 1884	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	102
PID 668 wrote to memory of 1884	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	102
PID 668 wrote to memory of 4024	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	103
PID 668 wrote to memory of 4024	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	103
PID 668 wrote to memory of 2100	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	104
PID 668 wrote to memory of 2100	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	104
PID 668 wrote to memory of 2624	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	105
PID 668 wrote to memory of 2624	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	105
PID 668 wrote to memory of 4280	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	106
PID 668 wrote to memory of 4280	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	106
PID 668 wrote to memory of 1788	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	107
PID 668 wrote to memory of 1788	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	107
PID 668 wrote to memory of 1600	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	108
PID 668 wrote to memory of 1600	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	108
PID 668 wrote to memory of 4272	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	109
PID 668 wrote to memory of 4272	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	109
PID 668 wrote to memory of 4252	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	110
PID 668 wrote to memory of 4252	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	110
PID 668 wrote to memory of 4732	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	111
PID 668 wrote to memory of 4732	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	111
PID 668 wrote to memory of 420	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	112
PID 668 wrote to memory of 420	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	112
PID 668 wrote to memory of 3020	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	113
PID 668 wrote to memory of 3020	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	113
PID 668 wrote to memory of 3244	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	114
PID 668 wrote to memory of 3244	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	114
PID 668 wrote to memory of 4040	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	115
PID 668 wrote to memory of 4040	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	115
PID 668 wrote to memory of 4532	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	116
PID 668 wrote to memory of 4532	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	116
PID 668 wrote to memory of 4012	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	117
PID 668 wrote to memory of 4012	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	117
PID 668 wrote to memory of 4684	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	118
PID 668 wrote to memory of 4684	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	118
PID 668 wrote to memory of 716	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	119
PID 668 wrote to memory of 716	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	119
PID 668 wrote to memory of 1728	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	120
PID 668 wrote to memory of 1728	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	120
PID 668 wrote to memory of 3996	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	121
PID 668 wrote to memory of 3996	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	121
PID 668 wrote to memory of 1072	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	122
PID 668 wrote to memory of 1072	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	122
PID 668 wrote to memory of 4688	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	123
PID 668 wrote to memory of 4688	668	c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe	123

C:\Users\Admin\AppData\Local\Temp\c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe
"C:\Users\Admin\AppData\Local\Temp\c269ce9d8aa041591891038a78f66b031c47cf93a782efe426fe36fe53906028.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:668
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4788
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "4788" "2960" "1104" "2964" "0" "0" "2968" "0" "0" "0" "0" "0"
    3⤵
    - Checks processor information in registry
    - Enumerates system info in registry
    PID:8196
- C:\Windows\System\WunnBSc.exe
  C:\Windows\System\WunnBSc.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\DjwShaF.exe
  C:\Windows\System\DjwShaF.exe
  2⤵
  - Executes dropped EXE
  PID:3868
- C:\Windows\System\NXsCNaX.exe
  C:\Windows\System\NXsCNaX.exe
  2⤵
  - Executes dropped EXE
  PID:4720
- C:\Windows\System\qycXdWg.exe
  C:\Windows\System\qycXdWg.exe
  2⤵
  - Executes dropped EXE
  PID:5088
- C:\Windows\System\QMKVcDd.exe
  C:\Windows\System\QMKVcDd.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\ZCsbhvH.exe
  C:\Windows\System\ZCsbhvH.exe
  2⤵
  - Executes dropped EXE
  PID:4004
- C:\Windows\System\npoqOBb.exe
  C:\Windows\System\npoqOBb.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\ssXNzwZ.exe
  C:\Windows\System\ssXNzwZ.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\KXFcdda.exe
  C:\Windows\System\KXFcdda.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\zRWkKTo.exe
  C:\Windows\System\zRWkKTo.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\FKySdqm.exe
  C:\Windows\System\FKySdqm.exe
  2⤵
  - Executes dropped EXE
  PID:4024
- C:\Windows\System\ypELYLn.exe
  C:\Windows\System\ypELYLn.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\GrhGqfT.exe
  C:\Windows\System\GrhGqfT.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\RgYxScx.exe
  C:\Windows\System\RgYxScx.exe
  2⤵
  - Executes dropped EXE
  PID:4280
- C:\Windows\System\cSWNzXv.exe
  C:\Windows\System\cSWNzXv.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\PktiROt.exe
  C:\Windows\System\PktiROt.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\jWjkMdu.exe
  C:\Windows\System\jWjkMdu.exe
  2⤵
  - Executes dropped EXE
  PID:4272
- C:\Windows\System\tnqzUCx.exe
  C:\Windows\System\tnqzUCx.exe
  2⤵
  - Executes dropped EXE
  PID:4252
- C:\Windows\System\PMvHedy.exe
  C:\Windows\System\PMvHedy.exe
  2⤵
  - Executes dropped EXE
  PID:4732
- C:\Windows\System\DGEmSMg.exe
  C:\Windows\System\DGEmSMg.exe
  2⤵
  - Executes dropped EXE
  PID:420
- C:\Windows\System\ZMGPXiZ.exe
  C:\Windows\System\ZMGPXiZ.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\PpjnXSg.exe
  C:\Windows\System\PpjnXSg.exe
  2⤵
  - Executes dropped EXE
  PID:3244
- C:\Windows\System\trRWkZh.exe
  C:\Windows\System\trRWkZh.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\HNBDQGy.exe
  C:\Windows\System\HNBDQGy.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\lQmFXwE.exe
  C:\Windows\System\lQmFXwE.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\MagzukG.exe
  C:\Windows\System\MagzukG.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\mTOiBre.exe
  C:\Windows\System\mTOiBre.exe
  2⤵
  - Executes dropped EXE
  PID:716
- C:\Windows\System\qIwdTEH.exe
  C:\Windows\System\qIwdTEH.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\cQQswEz.exe
  C:\Windows\System\cQQswEz.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System\wvLPzbz.exe
  C:\Windows\System\wvLPzbz.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\RlnKKqL.exe
  C:\Windows\System\RlnKKqL.exe
  2⤵
  - Executes dropped EXE
  PID:4688
- C:\Windows\System\sNcjObQ.exe
  C:\Windows\System\sNcjObQ.exe
  2⤵
  - Executes dropped EXE
  PID:5044
- C:\Windows\System\eUqnpKd.exe
  C:\Windows\System\eUqnpKd.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\IWNjTvI.exe
  C:\Windows\System\IWNjTvI.exe
  2⤵
  - Executes dropped EXE
  PID:4492
- C:\Windows\System\WKSqGIk.exe
  C:\Windows\System\WKSqGIk.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\EuUbMbe.exe
  C:\Windows\System\EuUbMbe.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\aiPXJoR.exe
  C:\Windows\System\aiPXJoR.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\kRcRqDk.exe
  C:\Windows\System\kRcRqDk.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\txuzNyR.exe
  C:\Windows\System\txuzNyR.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\DCGmyvj.exe
  C:\Windows\System\DCGmyvj.exe
  2⤵
  - Executes dropped EXE
  PID:3396
- C:\Windows\System\yYqMcHy.exe
  C:\Windows\System\yYqMcHy.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\EaitcfM.exe
  C:\Windows\System\EaitcfM.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\XCWLgxz.exe
  C:\Windows\System\XCWLgxz.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\OMPPkBo.exe
  C:\Windows\System\OMPPkBo.exe
  2⤵
  - Executes dropped EXE
  PID:3300
- C:\Windows\System\UsBXzMF.exe
  C:\Windows\System\UsBXzMF.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\mJlGsJV.exe
  C:\Windows\System\mJlGsJV.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\jAYELDN.exe
  C:\Windows\System\jAYELDN.exe
  2⤵
  - Executes dropped EXE
  PID:4516
- C:\Windows\System\UUAdonp.exe
  C:\Windows\System\UUAdonp.exe
  2⤵
  - Executes dropped EXE
  PID:5124
- C:\Windows\System\LFNhOim.exe
  C:\Windows\System\LFNhOim.exe
  2⤵
  - Executes dropped EXE
  PID:5144
- C:\Windows\System\wMfkWDb.exe
  C:\Windows\System\wMfkWDb.exe
  2⤵
  - Executes dropped EXE
  PID:5168
- C:\Windows\System\zeNckrW.exe
  C:\Windows\System\zeNckrW.exe
  2⤵
  - Executes dropped EXE
  PID:5184
- C:\Windows\System\tEnPUsy.exe
  C:\Windows\System\tEnPUsy.exe
  2⤵
  - Executes dropped EXE
  PID:5212
- C:\Windows\System\GYnhDmG.exe
  C:\Windows\System\GYnhDmG.exe
  2⤵
  - Executes dropped EXE
  PID:5244
- C:\Windows\System\uQuWbIv.exe
  C:\Windows\System\uQuWbIv.exe
  2⤵
  - Executes dropped EXE
  PID:5260
- C:\Windows\System\xBYEYgo.exe
  C:\Windows\System\xBYEYgo.exe
  2⤵
  - Executes dropped EXE
  PID:5280
- C:\Windows\System\jJvZMIn.exe
  C:\Windows\System\jJvZMIn.exe
  2⤵
  - Executes dropped EXE
  PID:5308
- C:\Windows\System\JILNkSj.exe
  C:\Windows\System\JILNkSj.exe
  2⤵
  - Executes dropped EXE
  PID:5340
- C:\Windows\System\EKzzptW.exe
  C:\Windows\System\EKzzptW.exe
  2⤵
  PID:5364
- C:\Windows\System\SGFNMkn.exe
  C:\Windows\System\SGFNMkn.exe
  2⤵
  PID:5384
- C:\Windows\System\iVigOjP.exe
  C:\Windows\System\iVigOjP.exe
  2⤵
  PID:5400
- C:\Windows\System\hXzZcYg.exe
  C:\Windows\System\hXzZcYg.exe
  2⤵
  - Executes dropped EXE
  PID:5424
- C:\Windows\System\LhAyqqR.exe
  C:\Windows\System\LhAyqqR.exe
  2⤵
  - Executes dropped EXE
  PID:5448
- C:\Windows\System\EzImUUk.exe
  C:\Windows\System\EzImUUk.exe
  2⤵
  PID:5484
- C:\Windows\System\xifWSiI.exe
  C:\Windows\System\xifWSiI.exe
  2⤵
  - Executes dropped EXE
  PID:5500
- C:\Windows\System\LYWZJbo.exe
  C:\Windows\System\LYWZJbo.exe
  2⤵
  - Executes dropped EXE
  PID:5516
- C:\Windows\System\XRZOXMj.exe
  C:\Windows\System\XRZOXMj.exe
  2⤵
  - Executes dropped EXE
  PID:5532
- C:\Windows\System\niKLMOf.exe
  C:\Windows\System\niKLMOf.exe
  2⤵
  - Executes dropped EXE
  PID:5552
- C:\Windows\System\aJasURD.exe
  C:\Windows\System\aJasURD.exe
  2⤵
  - Executes dropped EXE
  PID:5592
- C:\Windows\System\rZFwIYA.exe
  C:\Windows\System\rZFwIYA.exe
  2⤵
  PID:5664
- C:\Windows\System\MitdZcr.exe
  C:\Windows\System\MitdZcr.exe
  2⤵
  PID:5992
- C:\Windows\System\ardJACQ.exe
  C:\Windows\System\ardJACQ.exe
  2⤵
  PID:6020
- C:\Windows\System\EvazaDK.exe
  C:\Windows\System\EvazaDK.exe
  2⤵
  PID:6036
- C:\Windows\System\IcSYZel.exe
  C:\Windows\System\IcSYZel.exe
  2⤵
  PID:6064
- C:\Windows\System\gHZcGrQ.exe
  C:\Windows\System\gHZcGrQ.exe
  2⤵
  PID:6080
- C:\Windows\System\sNMXUTi.exe
  C:\Windows\System\sNMXUTi.exe
  2⤵
  PID:6096
- C:\Windows\System\doSQECW.exe
  C:\Windows\System\doSQECW.exe
  2⤵
  PID:6124
- C:\Windows\System\MnbBFsd.exe
  C:\Windows\System\MnbBFsd.exe
  2⤵
  PID:2024
- C:\Windows\System\sasDQce.exe
  C:\Windows\System\sasDQce.exe
  2⤵
  PID:888
- C:\Windows\System\WyjrOSA.exe
  C:\Windows\System\WyjrOSA.exe
  2⤵
  PID:2300
- C:\Windows\System\jmqaZEd.exe
  C:\Windows\System\jmqaZEd.exe
  2⤵
  PID:3104
- C:\Windows\System\CoeKqnC.exe
  C:\Windows\System\CoeKqnC.exe
  2⤵
  PID:4808
- C:\Windows\System\bOfVYIy.exe
  C:\Windows\System\bOfVYIy.exe
  2⤵
  PID:4088
- C:\Windows\System\teXsNrP.exe
  C:\Windows\System\teXsNrP.exe
  2⤵
  PID:2804
- C:\Windows\System\qGzFRHw.exe
  C:\Windows\System\qGzFRHw.exe
  2⤵
  PID:2332
- C:\Windows\System\FmkQhKv.exe
  C:\Windows\System\FmkQhKv.exe
  2⤵
  PID:2660
- C:\Windows\System\vgMpBhn.exe
  C:\Windows\System\vgMpBhn.exe
  2⤵
  PID:732
- C:\Windows\System\WlFthMu.exe
  C:\Windows\System\WlFthMu.exe
  2⤵
  PID:4288
- C:\Windows\System\BGbTudT.exe
  C:\Windows\System\BGbTudT.exe
  2⤵
  PID:2188
- C:\Windows\System\qZgVZon.exe
  C:\Windows\System\qZgVZon.exe
  2⤵
  PID:5136
- C:\Windows\System\PSAqhJD.exe
  C:\Windows\System\PSAqhJD.exe
  2⤵
  PID:5180
- C:\Windows\System\kwJeHNL.exe
  C:\Windows\System\kwJeHNL.exe
  2⤵
  PID:5232
- C:\Windows\System\cSufKqz.exe
  C:\Windows\System\cSufKqz.exe
  2⤵
  PID:5292
- C:\Windows\System\dZKJhFt.exe
  C:\Windows\System\dZKJhFt.exe
  2⤵
  PID:5332
- C:\Windows\System\WtyqZSI.exe
  C:\Windows\System\WtyqZSI.exe
  2⤵
  PID:2496
- C:\Windows\System\orTMXqo.exe
  C:\Windows\System\orTMXqo.exe
  2⤵
  PID:5224
- C:\Windows\System\FvfYsUO.exe
  C:\Windows\System\FvfYsUO.exe
  2⤵
  PID:4420
- C:\Windows\System\QzlqzMC.exe
  C:\Windows\System\QzlqzMC.exe
  2⤵
  PID:5352
- C:\Windows\System\LUHhQgY.exe
  C:\Windows\System\LUHhQgY.exe
  2⤵
  PID:6060
- C:\Windows\System\yqtJQaN.exe
  C:\Windows\System\yqtJQaN.exe
  2⤵
  PID:2208
- C:\Windows\System\pyWclAC.exe
  C:\Windows\System\pyWclAC.exe
  2⤵
  PID:4620
- C:\Windows\System\oPAiiSA.exe
  C:\Windows\System\oPAiiSA.exe
  2⤵
  PID:5060
- C:\Windows\System\IFtvYNI.exe
  C:\Windows\System\IFtvYNI.exe
  2⤵
  PID:908
- C:\Windows\System\mZEFfBN.exe
  C:\Windows\System\mZEFfBN.exe
  2⤵
  PID:3940
- C:\Windows\System\lPKWNIe.exe
  C:\Windows\System\lPKWNIe.exe
  2⤵
  PID:2628
- C:\Windows\System\ssOiwTo.exe
  C:\Windows\System\ssOiwTo.exe
  2⤵
  PID:4356
- C:\Windows\System\xLENqvw.exe
  C:\Windows\System\xLENqvw.exe
  2⤵
  PID:2992
- C:\Windows\System\SLkIQGL.exe
  C:\Windows\System\SLkIQGL.exe
  2⤵
  PID:1500
- C:\Windows\System\cAnDwHm.exe
  C:\Windows\System\cAnDwHm.exe
  2⤵
  PID:2348
- C:\Windows\System\WSvHQLN.exe
  C:\Windows\System\WSvHQLN.exe
  2⤵
  PID:1300
- C:\Windows\System\oplrLhx.exe
  C:\Windows\System\oplrLhx.exe
  2⤵
  PID:1968
- C:\Windows\System\mjNHtXD.exe
  C:\Windows\System\mjNHtXD.exe
  2⤵
  PID:4908
- C:\Windows\System\LRIZiqA.exe
  C:\Windows\System\LRIZiqA.exe
  2⤵
  PID:5824
- C:\Windows\System\PGLveiX.exe
  C:\Windows\System\PGLveiX.exe
  2⤵
  PID:5732
- C:\Windows\System\CoMwijP.exe
  C:\Windows\System\CoMwijP.exe
  2⤵
  PID:5564
- C:\Windows\System\fJieDzS.exe
  C:\Windows\System\fJieDzS.exe
  2⤵
  PID:6012
- C:\Windows\System\exSONYn.exe
  C:\Windows\System\exSONYn.exe
  2⤵
  PID:4400
- C:\Windows\System\qBvFxyc.exe
  C:\Windows\System\qBvFxyc.exe
  2⤵
  PID:5208
- C:\Windows\System\DLqcrXf.exe
  C:\Windows\System\DLqcrXf.exe
  2⤵
  PID:4292
- C:\Windows\System\hpyukeo.exe
  C:\Windows\System\hpyukeo.exe
  2⤵
  PID:2928
- C:\Windows\System\gXmCRZS.exe
  C:\Windows\System\gXmCRZS.exe
  2⤵
  PID:3540
- C:\Windows\System\OESbPVN.exe
  C:\Windows\System\OESbPVN.exe
  2⤵
  PID:4708
- C:\Windows\System\EyCmifX.exe
  C:\Windows\System\EyCmifX.exe
  2⤵
  PID:4548
- C:\Windows\System\IXLRkiz.exe
  C:\Windows\System\IXLRkiz.exe
  2⤵
  PID:3608
- C:\Windows\System\bqlVdwp.exe
  C:\Windows\System\bqlVdwp.exe
  2⤵
  PID:1452
- C:\Windows\System\AmVfBos.exe
  C:\Windows\System\AmVfBos.exe
  2⤵
  PID:1192
- C:\Windows\System\UFxDUgB.exe
  C:\Windows\System\UFxDUgB.exe
  2⤵
  PID:6160
- C:\Windows\System\VxYszhO.exe
  C:\Windows\System\VxYszhO.exe
  2⤵
  PID:6180
- C:\Windows\System\toNeKrm.exe
  C:\Windows\System\toNeKrm.exe
  2⤵
  PID:6200
- C:\Windows\System\qrBduxW.exe
  C:\Windows\System\qrBduxW.exe
  2⤵
  PID:6220
- C:\Windows\System\pAMBfDg.exe
  C:\Windows\System\pAMBfDg.exe
  2⤵
  PID:6240
- C:\Windows\System\yHGvmpa.exe
  C:\Windows\System\yHGvmpa.exe
  2⤵
  PID:6260
- C:\Windows\System\UBAKXfQ.exe
  C:\Windows\System\UBAKXfQ.exe
  2⤵
  PID:6284
- C:\Windows\System\mkxvixz.exe
  C:\Windows\System\mkxvixz.exe
  2⤵
  PID:6304
- C:\Windows\System\pafQhTE.exe
  C:\Windows\System\pafQhTE.exe
  2⤵
  PID:6324
- C:\Windows\System\yxtdSwP.exe
  C:\Windows\System\yxtdSwP.exe
  2⤵
  PID:6348
- C:\Windows\System\JByoXqv.exe
  C:\Windows\System\JByoXqv.exe
  2⤵
  PID:6364
- C:\Windows\System\FWMUVmO.exe
  C:\Windows\System\FWMUVmO.exe
  2⤵
  PID:6384
- C:\Windows\System\lknUIMt.exe
  C:\Windows\System\lknUIMt.exe
  2⤵
  PID:6404
- C:\Windows\System\kFogtAy.exe
  C:\Windows\System\kFogtAy.exe
  2⤵
  PID:6424
- C:\Windows\System\PGIvMAv.exe
  C:\Windows\System\PGIvMAv.exe
  2⤵
  PID:6452
- C:\Windows\System\AFCXOhz.exe
  C:\Windows\System\AFCXOhz.exe
  2⤵
  PID:6472
- C:\Windows\System\GAGDUDc.exe
  C:\Windows\System\GAGDUDc.exe
  2⤵
  PID:6492
- C:\Windows\System\SdTPKfP.exe
  C:\Windows\System\SdTPKfP.exe
  2⤵
  PID:6512
- C:\Windows\System\zBFOEfM.exe
  C:\Windows\System\zBFOEfM.exe
  2⤵
  PID:6536
- C:\Windows\System\XtMwtHk.exe
  C:\Windows\System\XtMwtHk.exe
  2⤵
  PID:6552
- C:\Windows\System\XXhpDrc.exe
  C:\Windows\System\XXhpDrc.exe
  2⤵
  PID:6576
- C:\Windows\System\EvpEkgd.exe
  C:\Windows\System\EvpEkgd.exe
  2⤵
  PID:6596
- C:\Windows\System\RnGoJAC.exe
  C:\Windows\System\RnGoJAC.exe
  2⤵
  PID:6624
- C:\Windows\System\darHtSh.exe
  C:\Windows\System\darHtSh.exe
  2⤵
  PID:6648
- C:\Windows\System\mLUHXhA.exe
  C:\Windows\System\mLUHXhA.exe
  2⤵
  PID:6664
- C:\Windows\System\iLVWydJ.exe
  C:\Windows\System\iLVWydJ.exe
  2⤵
  PID:6684
- C:\Windows\System\MFvWeQg.exe
  C:\Windows\System\MFvWeQg.exe
  2⤵
  PID:6704
- C:\Windows\System\hTFOZKs.exe
  C:\Windows\System\hTFOZKs.exe
  2⤵
  PID:6732
- C:\Windows\System\gRpZjHw.exe
  C:\Windows\System\gRpZjHw.exe
  2⤵
  PID:6748
- C:\Windows\System\vzVpkLY.exe
  C:\Windows\System\vzVpkLY.exe
  2⤵
  PID:6768
- C:\Windows\System\MJkSCTY.exe
  C:\Windows\System\MJkSCTY.exe
  2⤵
  PID:6792
- C:\Windows\System\mJBQAPr.exe
  C:\Windows\System\mJBQAPr.exe
  2⤵
  PID:6812
- C:\Windows\System\STtBXCP.exe
  C:\Windows\System\STtBXCP.exe
  2⤵
  PID:6828
- C:\Windows\System\WdCWtda.exe
  C:\Windows\System\WdCWtda.exe
  2⤵
  PID:6852
- C:\Windows\System\CPMMdlw.exe
  C:\Windows\System\CPMMdlw.exe
  2⤵
  PID:6872
- C:\Windows\System\wJYaCkl.exe
  C:\Windows\System\wJYaCkl.exe
  2⤵
  PID:6892
- C:\Windows\System\XBzOUVD.exe
  C:\Windows\System\XBzOUVD.exe
  2⤵
  PID:6916
- C:\Windows\System\bkKTBYi.exe
  C:\Windows\System\bkKTBYi.exe
  2⤵
  PID:6932
- C:\Windows\System\tWcLnGs.exe
  C:\Windows\System\tWcLnGs.exe
  2⤵
  PID:6956
- C:\Windows\System\spYwWnz.exe
  C:\Windows\System\spYwWnz.exe
  2⤵
  PID:6976
- C:\Windows\System\flnnTda.exe
  C:\Windows\System\flnnTda.exe
  2⤵
  PID:6996
- C:\Windows\System\GlqXpLm.exe
  C:\Windows\System\GlqXpLm.exe
  2⤵
  PID:7016
- C:\Windows\System\IdHlVJc.exe
  C:\Windows\System\IdHlVJc.exe
  2⤵
  PID:7036
- C:\Windows\System\EbJFVqz.exe
  C:\Windows\System\EbJFVqz.exe
  2⤵
  PID:7056
- C:\Windows\System\nCQIZsY.exe
  C:\Windows\System\nCQIZsY.exe
  2⤵
  PID:7076
- C:\Windows\System\qrmouvX.exe
  C:\Windows\System\qrmouvX.exe
  2⤵
  PID:7100
- C:\Windows\System\htqdZsV.exe
  C:\Windows\System\htqdZsV.exe
  2⤵
  PID:7120
- C:\Windows\System\jxIPlnM.exe
  C:\Windows\System\jxIPlnM.exe
  2⤵
  PID:7140
- C:\Windows\System\RSCBGar.exe
  C:\Windows\System\RSCBGar.exe
  2⤵
  PID:7160
- C:\Windows\System\oHNjXlr.exe
  C:\Windows\System\oHNjXlr.exe
  2⤵
  PID:3084
- C:\Windows\System\ofpAyov.exe
  C:\Windows\System\ofpAyov.exe
  2⤵
  PID:3968
- C:\Windows\System\VcMOXjJ.exe
  C:\Windows\System\VcMOXjJ.exe
  2⤵
  PID:6016
- C:\Windows\System\fyDycEy.exe
  C:\Windows\System\fyDycEy.exe
  2⤵
  PID:516
- C:\Windows\System\EPQYALh.exe
  C:\Windows\System\EPQYALh.exe
  2⤵
  PID:5752
- C:\Windows\System\SyxSfeq.exe
  C:\Windows\System\SyxSfeq.exe
  2⤵
  PID:2240
- C:\Windows\System\qsdwnmB.exe
  C:\Windows\System\qsdwnmB.exe
  2⤵
  PID:2244
- C:\Windows\System\HTSvnFZ.exe
  C:\Windows\System\HTSvnFZ.exe
  2⤵
  PID:6188
- C:\Windows\System\QtIxKGW.exe
  C:\Windows\System\QtIxKGW.exe
  2⤵
  PID:6236
- C:\Windows\System\dHvvRuk.exe
  C:\Windows\System\dHvvRuk.exe
  2⤵
  PID:6300
- C:\Windows\System\FDJrjmV.exe
  C:\Windows\System\FDJrjmV.exe
  2⤵
  PID:6340
- C:\Windows\System\UzWgZgA.exe
  C:\Windows\System\UzWgZgA.exe
  2⤵
  PID:6396
- C:\Windows\System\YZiLmAU.exe
  C:\Windows\System\YZiLmAU.exe
  2⤵
  PID:5960
- C:\Windows\System\bTFDxvh.exe
  C:\Windows\System\bTFDxvh.exe
  2⤵
  PID:6488
- C:\Windows\System\oDhIorg.exe
  C:\Windows\System\oDhIorg.exe
  2⤵
  PID:5012
- C:\Windows\System\IauFKQD.exe
  C:\Windows\System\IauFKQD.exe
  2⤵
  PID:6232
- C:\Windows\System\wAvzcld.exe
  C:\Windows\System\wAvzcld.exe
  2⤵
  PID:6676
- C:\Windows\System\LnNSgls.exe
  C:\Windows\System\LnNSgls.exe
  2⤵
  PID:6740
- C:\Windows\System\oBARHuW.exe
  C:\Windows\System\oBARHuW.exe
  2⤵
  PID:6760
- C:\Windows\System\nCgPWWN.exe
  C:\Windows\System\nCgPWWN.exe
  2⤵
  PID:6808
- C:\Windows\System\dqIniVZ.exe
  C:\Windows\System\dqIniVZ.exe
  2⤵
  PID:6560
- C:\Windows\System\CduxXvG.exe
  C:\Windows\System\CduxXvG.exe
  2⤵
  PID:7188
- C:\Windows\System\aVQNvfd.exe
  C:\Windows\System\aVQNvfd.exe
  2⤵
  PID:7208
- C:\Windows\System\tyYwOTj.exe
  C:\Windows\System\tyYwOTj.exe
  2⤵
  PID:7232
- C:\Windows\System\ivBLEVb.exe
  C:\Windows\System\ivBLEVb.exe
  2⤵
  PID:7248
- C:\Windows\System\GpVJHJD.exe
  C:\Windows\System\GpVJHJD.exe
  2⤵
  PID:7268
- C:\Windows\System\dEFqWnk.exe
  C:\Windows\System\dEFqWnk.exe
  2⤵
  PID:7284
- C:\Windows\System\vmSnRAk.exe
  C:\Windows\System\vmSnRAk.exe
  2⤵
  PID:7308
- C:\Windows\System\ZYyPRFN.exe
  C:\Windows\System\ZYyPRFN.exe
  2⤵
  PID:7332
- C:\Windows\System\TFlHBjR.exe
  C:\Windows\System\TFlHBjR.exe
  2⤵
  PID:7356
- C:\Windows\System\MigQFDF.exe
  C:\Windows\System\MigQFDF.exe
  2⤵
  PID:7376
- C:\Windows\System\ayZrjLx.exe
  C:\Windows\System\ayZrjLx.exe
  2⤵
  PID:7396
- C:\Windows\System\JxnQTCc.exe
  C:\Windows\System\JxnQTCc.exe
  2⤵
  PID:7416
- C:\Windows\System\vbdEidC.exe
  C:\Windows\System\vbdEidC.exe
  2⤵
  PID:7436
- C:\Windows\System\aXZgsGz.exe
  C:\Windows\System\aXZgsGz.exe
  2⤵
  PID:7456
- C:\Windows\System\bXZZtmF.exe
  C:\Windows\System\bXZZtmF.exe
  2⤵
  PID:7480
- C:\Windows\System\DdMLoWu.exe
  C:\Windows\System\DdMLoWu.exe
  2⤵
  PID:7500
- C:\Windows\System\xEMgxva.exe
  C:\Windows\System\xEMgxva.exe
  2⤵
  PID:7520
- C:\Windows\System\GQvqHOy.exe
  C:\Windows\System\GQvqHOy.exe
  2⤵
  PID:7540
- C:\Windows\System\HmIaibu.exe
  C:\Windows\System\HmIaibu.exe
  2⤵
  PID:7560
- C:\Windows\System\IaFfYxG.exe
  C:\Windows\System\IaFfYxG.exe
  2⤵
  PID:7584
- C:\Windows\System\DShMNjY.exe
  C:\Windows\System\DShMNjY.exe
  2⤵
  PID:7604
- C:\Windows\System\MlyApyP.exe
  C:\Windows\System\MlyApyP.exe
  2⤵
  PID:7624
- C:\Windows\System\ZJBGMkp.exe
  C:\Windows\System\ZJBGMkp.exe
  2⤵
  PID:7644
- C:\Windows\System\TdLbLZQ.exe
  C:\Windows\System\TdLbLZQ.exe
  2⤵
  PID:7664
- C:\Windows\System\fYxHzlS.exe
  C:\Windows\System\fYxHzlS.exe
  2⤵
  PID:7684
- C:\Windows\System\MDdrzBF.exe
  C:\Windows\System\MDdrzBF.exe
  2⤵
  PID:7712
- C:\Windows\System\NSvSmtY.exe
  C:\Windows\System\NSvSmtY.exe
  2⤵
  PID:7728
- C:\Windows\System\jYluXSO.exe
  C:\Windows\System\jYluXSO.exe
  2⤵
  PID:7748
- C:\Windows\System\ImjwkSy.exe
  C:\Windows\System\ImjwkSy.exe
  2⤵
  PID:7768
- C:\Windows\System\EcGvxKK.exe
  C:\Windows\System\EcGvxKK.exe
  2⤵
  PID:7792
- C:\Windows\System\roENOGe.exe
  C:\Windows\System\roENOGe.exe
  2⤵
  PID:7820
- C:\Windows\System\woAMlmz.exe
  C:\Windows\System\woAMlmz.exe
  2⤵
  PID:7836
- C:\Windows\System\nWpiBPn.exe
  C:\Windows\System\nWpiBPn.exe
  2⤵
  PID:7860
- C:\Windows\System\oVZVAsV.exe
  C:\Windows\System\oVZVAsV.exe
  2⤵
  PID:7880
- C:\Windows\System\ItfsmrO.exe
  C:\Windows\System\ItfsmrO.exe
  2⤵
  PID:7896
- C:\Windows\System\BaQTEzt.exe
  C:\Windows\System\BaQTEzt.exe
  2⤵
  PID:7916
- C:\Windows\System\DmvPFiD.exe
  C:\Windows\System\DmvPFiD.exe
  2⤵
  PID:7940
- C:\Windows\System\nLPqeyM.exe
  C:\Windows\System\nLPqeyM.exe
  2⤵
  PID:7956
- C:\Windows\System\Bzyfntc.exe
  C:\Windows\System\Bzyfntc.exe
  2⤵
  PID:7976
- C:\Windows\System\LpHPblS.exe
  C:\Windows\System\LpHPblS.exe
  2⤵
  PID:8004
- C:\Windows\System\FudPiTm.exe
  C:\Windows\System\FudPiTm.exe
  2⤵
  PID:8024
- C:\Windows\System\WTiNsuI.exe
  C:\Windows\System\WTiNsuI.exe
  2⤵
  PID:8044
- C:\Windows\System\RquIidW.exe
  C:\Windows\System\RquIidW.exe
  2⤵
  PID:8060
- C:\Windows\System\wmlBOFF.exe
  C:\Windows\System\wmlBOFF.exe
  2⤵
  PID:8084
- C:\Windows\System\RkVixCC.exe
  C:\Windows\System\RkVixCC.exe
  2⤵
  PID:8108
- C:\Windows\System\OqqeRTN.exe
  C:\Windows\System\OqqeRTN.exe
  2⤵
  PID:8128
- C:\Windows\System\SygcFtx.exe
  C:\Windows\System\SygcFtx.exe
  2⤵
  PID:8148
- C:\Windows\System\WmgVUDD.exe
  C:\Windows\System\WmgVUDD.exe
  2⤵
  PID:8172
- C:\Windows\System\MjvTaqL.exe
  C:\Windows\System\MjvTaqL.exe
  2⤵
  PID:6228
- C:\Windows\System\slliXrr.exe
  C:\Windows\System\slliXrr.exe
  2⤵
  PID:6944
- C:\Windows\System\qSiDpoI.exe
  C:\Windows\System\qSiDpoI.exe
  2⤵
  PID:7028
- C:\Windows\System\VxNNkZJ.exe
  C:\Windows\System\VxNNkZJ.exe
  2⤵
  PID:7096
- C:\Windows\System\LCFLrjX.exe
  C:\Windows\System\LCFLrjX.exe
  2⤵
  PID:4032
- C:\Windows\System\iHsLQVq.exe
  C:\Windows\System\iHsLQVq.exe
  2⤵
  PID:6720
- C:\Windows\System\NHQlLWI.exe
  C:\Windows\System\NHQlLWI.exe
  2⤵
  PID:3416
- C:\Windows\System\QKjxTiY.exe
  C:\Windows\System\QKjxTiY.exe
  2⤵
  PID:5540
- C:\Windows\System\FIwaCUb.exe
  C:\Windows\System\FIwaCUb.exe
  2⤵
  PID:6280
- C:\Windows\System\YKqZhTf.exe
  C:\Windows\System\YKqZhTf.exe
  2⤵
  PID:6332
- C:\Windows\System\uCutJeT.exe
  C:\Windows\System\uCutJeT.exe
  2⤵
  PID:4196
- C:\Windows\System\imNIMfK.exe
  C:\Windows\System\imNIMfK.exe
  2⤵
  PID:6692
- C:\Windows\System\BwGZpmV.exe
  C:\Windows\System\BwGZpmV.exe
  2⤵
  PID:6780
- C:\Windows\System\MMmDhBc.exe
  C:\Windows\System\MMmDhBc.exe
  2⤵
  PID:6940
- C:\Windows\System\JCSQMkS.exe
  C:\Windows\System\JCSQMkS.exe
  2⤵
  PID:7244
- C:\Windows\System\NnTFNBM.exe
  C:\Windows\System\NnTFNBM.exe
  2⤵
  PID:7300
- C:\Windows\System\NNbyMcO.exe
  C:\Windows\System\NNbyMcO.exe
  2⤵
  PID:7328
- C:\Windows\System\iBParIH.exe
  C:\Windows\System\iBParIH.exe
  2⤵
  PID:6660
- C:\Windows\System\DSNVPiU.exe
  C:\Windows\System\DSNVPiU.exe
  2⤵
  PID:7128
- C:\Windows\System\oWQRfcZ.exe
  C:\Windows\System\oWQRfcZ.exe
  2⤵
  PID:7492
- C:\Windows\System\AypIiAr.exe
  C:\Windows\System\AypIiAr.exe
  2⤵
  PID:8200
- C:\Windows\System\nmVlEDU.exe
  C:\Windows\System\nmVlEDU.exe
  2⤵
  PID:8220
- C:\Windows\System\JuaFRxw.exe
  C:\Windows\System\JuaFRxw.exe
  2⤵
  PID:8240
- C:\Windows\System\SKZavuw.exe
  C:\Windows\System\SKZavuw.exe
  2⤵
  PID:8260
- C:\Windows\System\qYSJzRF.exe
  C:\Windows\System\qYSJzRF.exe
  2⤵
  PID:8280
- C:\Windows\System\sIKoEBO.exe
  C:\Windows\System\sIKoEBO.exe
  2⤵
  PID:8300
- C:\Windows\System\JpKFMdH.exe
  C:\Windows\System\JpKFMdH.exe
  2⤵
  PID:8316
- C:\Windows\System\bUKCYfS.exe
  C:\Windows\System\bUKCYfS.exe
  2⤵
  PID:8336
- C:\Windows\System\sjbuXXp.exe
  C:\Windows\System\sjbuXXp.exe
  2⤵
  PID:8356
- C:\Windows\System\JcuNMiw.exe
  C:\Windows\System\JcuNMiw.exe
  2⤵
  PID:9084
- C:\Windows\System\QULJpJR.exe
  C:\Windows\System\QULJpJR.exe
  2⤵
  PID:9108
- C:\Windows\System\zOsRoIS.exe
  C:\Windows\System\zOsRoIS.exe
  2⤵
  PID:9136
- C:\Windows\System\BNauJcM.exe
  C:\Windows\System\BNauJcM.exe
  2⤵
  PID:9156
- C:\Windows\System\LMhwlbD.exe
  C:\Windows\System\LMhwlbD.exe
  2⤵
  PID:9172
- C:\Windows\System\PVknOcO.exe
  C:\Windows\System\PVknOcO.exe
  2⤵
  PID:9200
- C:\Windows\System\ogoiKKc.exe
  C:\Windows\System\ogoiKKc.exe
  2⤵
  PID:7616
- C:\Windows\System\fWgmOGk.exe
  C:\Windows\System\fWgmOGk.exe
  2⤵
  PID:7660
- C:\Windows\System\kXuoiQv.exe
  C:\Windows\System\kXuoiQv.exe
  2⤵
  PID:7760
- C:\Windows\System\KAWXTSN.exe
  C:\Windows\System\KAWXTSN.exe
  2⤵
  PID:7788
- C:\Windows\System\DYrtdHM.exe
  C:\Windows\System\DYrtdHM.exe
  2⤵
  PID:7868
- C:\Windows\System\FjZMcVP.exe
  C:\Windows\System\FjZMcVP.exe
  2⤵
  PID:6836
- C:\Windows\System\PjnRjiS.exe
  C:\Windows\System\PjnRjiS.exe
  2⤵
  PID:7464
- C:\Windows\System\XkNYtGq.exe
  C:\Windows\System\XkNYtGq.exe
  2⤵
  PID:7200
- C:\Windows\System\qnInHdY.exe
  C:\Windows\System\qnInHdY.exe
  2⤵
  PID:7556
- C:\Windows\System\eKLGakD.exe
  C:\Windows\System\eKLGakD.exe
  2⤵
  PID:8268
- C:\Windows\System\yzsduyY.exe
  C:\Windows\System\yzsduyY.exe
  2⤵
  PID:8656
- C:\Windows\System\wlbMvnV.exe
  C:\Windows\System\wlbMvnV.exe
  2⤵
  PID:7832
- C:\Windows\System\eGRYLIw.exe
  C:\Windows\System\eGRYLIw.exe
  2⤵
  PID:7856
- C:\Windows\System\sPmvUKw.exe
  C:\Windows\System\sPmvUKw.exe
  2⤵
  PID:7912
- C:\Windows\System\AUbaJqn.exe
  C:\Windows\System\AUbaJqn.exe
  2⤵
  PID:7932
- C:\Windows\System\vqEqKTP.exe
  C:\Windows\System\vqEqKTP.exe
  2⤵
  PID:8744
- C:\Windows\System\KyhYXBG.exe
  C:\Windows\System\KyhYXBG.exe
  2⤵
  PID:8040
- C:\Windows\System\ERLEXXl.exe
  C:\Windows\System\ERLEXXl.exe
  2⤵
  PID:8080
- C:\Windows\System\tjOjwdT.exe
  C:\Windows\System\tjOjwdT.exe
  2⤵
  PID:8140
- C:\Windows\System\rLVEARn.exe
  C:\Windows\System\rLVEARn.exe
  2⤵
  PID:8776
- C:\Windows\System\ZtZRLKA.exe
  C:\Windows\System\ZtZRLKA.exe
  2⤵
  PID:3864
- C:\Windows\System\vDADNkd.exe
  C:\Windows\System\vDADNkd.exe
  2⤵
  PID:8860
- C:\Windows\System\VOpbpeD.exe
  C:\Windows\System\VOpbpeD.exe
  2⤵
  PID:8868
- C:\Windows\System\PrKtrPj.exe
  C:\Windows\System\PrKtrPj.exe
  2⤵
  PID:6468
- C:\Windows\System\HekHVkM.exe
  C:\Windows\System\HekHVkM.exe
  2⤵
  PID:7196
- C:\Windows\System\uLNnbJM.exe
  C:\Windows\System\uLNnbJM.exe
  2⤵
  PID:7116
- C:\Windows\System\SPLkPED.exe
  C:\Windows\System\SPLkPED.exe
  2⤵
  PID:8256
- C:\Windows\System\RUmIxmT.exe
  C:\Windows\System\RUmIxmT.exe
  2⤵
  PID:8964
- C:\Windows\System\oEJJTjK.exe
  C:\Windows\System\oEJJTjK.exe
  2⤵
  PID:8704
- C:\Windows\System\JMJdpNV.exe
  C:\Windows\System\JMJdpNV.exe
  2⤵
  PID:9100
- C:\Windows\System\xUuXpHn.exe
  C:\Windows\System\xUuXpHn.exe
  2⤵
  PID:8932
- C:\Windows\System\bJmQvmV.exe
  C:\Windows\System\bJmQvmV.exe
  2⤵
  PID:8664
- C:\Windows\System\liamKNC.exe
  C:\Windows\System\liamKNC.exe
  2⤵
  PID:7720
- C:\Windows\System\hmiajJo.exe
  C:\Windows\System\hmiajJo.exe
  2⤵
  PID:8788
- C:\Windows\System\ODuFpOp.exe
  C:\Windows\System\ODuFpOp.exe
  2⤵
  PID:6672
- C:\Windows\System\nlMRMog.exe
  C:\Windows\System\nlMRMog.exe
  2⤵
  PID:2980
- C:\Windows\System\goeKyBv.exe
  C:\Windows\System\goeKyBv.exe
  2⤵
  PID:9228
- C:\Windows\System\mhuyPwa.exe
  C:\Windows\System\mhuyPwa.exe
  2⤵
  PID:9260
- C:\Windows\System\ZfNYVXS.exe
  C:\Windows\System\ZfNYVXS.exe
  2⤵
  PID:9280
- C:\Windows\System\HvBxlaU.exe
  C:\Windows\System\HvBxlaU.exe
  2⤵
  PID:9300
- C:\Windows\System\KBItWbp.exe
  C:\Windows\System\KBItWbp.exe
  2⤵
  PID:9316
- C:\Windows\System\EsBboLK.exe
  C:\Windows\System\EsBboLK.exe
  2⤵
  PID:9332
- C:\Windows\System\MTIFrGG.exe
  C:\Windows\System\MTIFrGG.exe
  2⤵
  PID:9352
- C:\Windows\System\oUClQse.exe
  C:\Windows\System\oUClQse.exe
  2⤵
  PID:9376
- C:\Windows\System\dKQDOtu.exe
  C:\Windows\System\dKQDOtu.exe
  2⤵
  PID:9392
- C:\Windows\System\cCbLhMg.exe
  C:\Windows\System\cCbLhMg.exe
  2⤵
  PID:9408
- C:\Windows\System\rXdWtWN.exe
  C:\Windows\System\rXdWtWN.exe
  2⤵
  PID:9428
- C:\Windows\System\gjNkdcq.exe
  C:\Windows\System\gjNkdcq.exe
  2⤵
  PID:9448
- C:\Windows\System\oAnxrxo.exe
  C:\Windows\System\oAnxrxo.exe
  2⤵
  PID:9468
- C:\Windows\System\yCOrvAP.exe
  C:\Windows\System\yCOrvAP.exe
  2⤵
  PID:9484
- C:\Windows\System\AcRNCUx.exe
  C:\Windows\System\AcRNCUx.exe
  2⤵
  PID:9508
- C:\Windows\System\IsEmbej.exe
  C:\Windows\System\IsEmbej.exe
  2⤵
  PID:9524
- C:\Windows\System\QteggTG.exe
  C:\Windows\System\QteggTG.exe
  2⤵
  PID:9544
- C:\Windows\System\vPSHGlP.exe
  C:\Windows\System\vPSHGlP.exe
  2⤵
  PID:9564
- C:\Windows\System\ixXPkPf.exe
  C:\Windows\System\ixXPkPf.exe
  2⤵
  PID:9584
- C:\Windows\System\TvIksKu.exe
  C:\Windows\System\TvIksKu.exe
  2⤵
  PID:9600
- C:\Windows\System\nYyFpvC.exe
  C:\Windows\System\nYyFpvC.exe
  2⤵
  PID:9624
- C:\Windows\System\GpvbCWL.exe
  C:\Windows\System\GpvbCWL.exe
  2⤵
  PID:9644
- C:\Windows\System\GmvTNdW.exe
  C:\Windows\System\GmvTNdW.exe
  2⤵
  PID:9664
- C:\Windows\System\tTafMgu.exe
  C:\Windows\System\tTafMgu.exe
  2⤵
  PID:9688
- C:\Windows\System\AIbvWCO.exe
  C:\Windows\System\AIbvWCO.exe
  2⤵
  PID:9708
- C:\Windows\System\jDYFnUL.exe
  C:\Windows\System\jDYFnUL.exe
  2⤵
  PID:9728
- C:\Windows\System\VeJQREs.exe
  C:\Windows\System\VeJQREs.exe
  2⤵
  PID:9748
- C:\Windows\System\WJrRKms.exe
  C:\Windows\System\WJrRKms.exe
  2⤵
  PID:9768
- C:\Windows\System\kTzepmg.exe
  C:\Windows\System\kTzepmg.exe
  2⤵
  PID:9792
- C:\Windows\System\wjdmGqA.exe
  C:\Windows\System\wjdmGqA.exe
  2⤵
  PID:9812
- C:\Windows\System\cJecDcN.exe
  C:\Windows\System\cJecDcN.exe
  2⤵
  PID:9836
- C:\Windows\System\EJcbJsd.exe
  C:\Windows\System\EJcbJsd.exe
  2⤵
  PID:9856
- C:\Windows\System\saIqymn.exe
  C:\Windows\System\saIqymn.exe
  2⤵
  PID:9876
- C:\Windows\System\pimblIp.exe
  C:\Windows\System\pimblIp.exe
  2⤵
  PID:9912
- C:\Windows\System\zmPajwX.exe
  C:\Windows\System\zmPajwX.exe
  2⤵
  PID:9928
- C:\Windows\System\PPCDlpO.exe
  C:\Windows\System\PPCDlpO.exe
  2⤵
  PID:9948
- C:\Windows\System\wtymeyP.exe
  C:\Windows\System\wtymeyP.exe
  2⤵
  PID:9964
- C:\Windows\System\dVtYDpE.exe
  C:\Windows\System\dVtYDpE.exe
  2⤵
  PID:9984
- C:\Windows\System\GmSceIE.exe
  C:\Windows\System\GmSceIE.exe
  2⤵
  PID:10004
- C:\Windows\System\WEzqjMj.exe
  C:\Windows\System\WEzqjMj.exe
  2⤵
  PID:10028
- C:\Windows\System\JWSjUaM.exe
  C:\Windows\System\JWSjUaM.exe
  2⤵
  PID:10048
- C:\Windows\System\MjDpPnu.exe
  C:\Windows\System\MjDpPnu.exe
  2⤵
  PID:10068
- C:\Windows\System\qpElpsw.exe
  C:\Windows\System\qpElpsw.exe
  2⤵
  PID:10088
- C:\Windows\System\eGQVqhG.exe
  C:\Windows\System\eGQVqhG.exe
  2⤵
  PID:10108
- C:\Windows\System\afmqzVE.exe
  C:\Windows\System\afmqzVE.exe
  2⤵
  PID:10128
- C:\Windows\System\YuyZANW.exe
  C:\Windows\System\YuyZANW.exe
  2⤵
  PID:10144
- C:\Windows\System\dIQGbZX.exe
  C:\Windows\System\dIQGbZX.exe
  2⤵
  PID:10168
- C:\Windows\System\fAGdwqi.exe
  C:\Windows\System\fAGdwqi.exe
  2⤵
  PID:10184
- C:\Windows\System\LEtvGjz.exe
  C:\Windows\System\LEtvGjz.exe
  2⤵
  PID:10204
- C:\Windows\System\cAGwHfu.exe
  C:\Windows\System\cAGwHfu.exe
  2⤵
  PID:10220
- C:\Windows\System\EwHIlea.exe
  C:\Windows\System\EwHIlea.exe
  2⤵
  PID:10236
- C:\Windows\System\AzBKMLZ.exe
  C:\Windows\System\AzBKMLZ.exe
  2⤵
  PID:7368
- C:\Windows\System\NGnqthp.exe
  C:\Windows\System\NGnqthp.exe
  2⤵
  PID:7432
- C:\Windows\System\cQYkzTh.exe
  C:\Windows\System\cQYkzTh.exe
  2⤵
  PID:7136
- C:\Windows\System\MBAyOgK.exe
  C:\Windows\System\MBAyOgK.exe
  2⤵
  PID:8632
- C:\Windows\System\QRyQDLJ.exe
  C:\Windows\System\QRyQDLJ.exe
  2⤵
  PID:2920
- C:\Windows\System\zoNohbQ.exe
  C:\Windows\System\zoNohbQ.exe
  2⤵
  PID:6848
- C:\Windows\System\sJmQQlV.exe
  C:\Windows\System\sJmQQlV.exe
  2⤵
  PID:7320
- C:\Windows\System\oZkcfIc.exe
  C:\Windows\System\oZkcfIc.exe
  2⤵
  PID:6904
- C:\Windows\System\HVFGNOr.exe
  C:\Windows\System\HVFGNOr.exe
  2⤵
  PID:8568
- C:\Windows\System\MmjRKYJ.exe
  C:\Windows\System\MmjRKYJ.exe
  2⤵
  PID:7496
- C:\Windows\System\glzMPSe.exe
  C:\Windows\System\glzMPSe.exe
  2⤵
  PID:9340
- C:\Windows\System\BcUEKhq.exe
  C:\Windows\System\BcUEKhq.exe
  2⤵
  PID:9436
- C:\Windows\System\OJJBXmA.exe
  C:\Windows\System\OJJBXmA.exe
  2⤵
  PID:9476
- C:\Windows\System\CxGfEXz.exe
  C:\Windows\System\CxGfEXz.exe
  2⤵
  PID:7848
- C:\Windows\System\ZWwTFFD.exe
  C:\Windows\System\ZWwTFFD.exe
  2⤵
  PID:8076
- C:\Windows\System\HmezEnA.exe
  C:\Windows\System\HmezEnA.exe
  2⤵
  PID:7548
- C:\Windows\System\roFfWsX.exe
  C:\Windows\System\roFfWsX.exe
  2⤵
  PID:8272
- C:\Windows\System\OoSYQxp.exe
  C:\Windows\System\OoSYQxp.exe
  2⤵
  PID:6592
- C:\Windows\System\ThewKZX.exe
  C:\Windows\System\ThewKZX.exe
  2⤵
  PID:5372
- C:\Windows\System\hemVqun.exe
  C:\Windows\System\hemVqun.exe
  2⤵
  PID:9104
- C:\Windows\System\ogvgjzC.exe
  C:\Windows\System\ogvgjzC.exe
  2⤵
  PID:7092
- C:\Windows\System\uHfEqRk.exe
  C:\Windows\System\uHfEqRk.exe
  2⤵
  PID:7704
- C:\Windows\System\ZuEWfyL.exe
  C:\Windows\System\ZuEWfyL.exe
  2⤵
  PID:9960
- C:\Windows\System\onsFmzK.exe
  C:\Windows\System\onsFmzK.exe
  2⤵
  PID:9256
- C:\Windows\System\sHpssrl.exe
  C:\Windows\System\sHpssrl.exe
  2⤵
  PID:9384
- C:\Windows\System\gPCJsQC.exe
  C:\Windows\System\gPCJsQC.exe
  2⤵
  PID:8156
- C:\Windows\System\ShqJDja.exe
  C:\Windows\System\ShqJDja.exe
  2⤵
  PID:9640
- C:\Windows\System\XGNOpsM.exe
  C:\Windows\System\XGNOpsM.exe
  2⤵
  PID:9788
- C:\Windows\System\kJACYXt.exe
  C:\Windows\System\kJACYXt.exe
  2⤵
  PID:10252
- C:\Windows\System\uGpNIBN.exe
  C:\Windows\System\uGpNIBN.exe
  2⤵
  PID:10272
- C:\Windows\System\ICGCVnC.exe
  C:\Windows\System\ICGCVnC.exe
  2⤵
  PID:10296
- C:\Windows\System\IYFlUxv.exe
  C:\Windows\System\IYFlUxv.exe
  2⤵
  PID:10316
- C:\Windows\System\DaRwGdP.exe
  C:\Windows\System\DaRwGdP.exe
  2⤵
  PID:10336
- C:\Windows\System\SUEFExw.exe
  C:\Windows\System\SUEFExw.exe
  2⤵
  PID:10376
- C:\Windows\System\dRYfXps.exe
  C:\Windows\System\dRYfXps.exe
  2⤵
  PID:10392
- C:\Windows\System\tgIayyG.exe
  C:\Windows\System\tgIayyG.exe
  2⤵
  PID:10408
- C:\Windows\System\zRqEFrF.exe
  C:\Windows\System\zRqEFrF.exe
  2⤵
  PID:10428
- C:\Windows\System\hVrnbxW.exe
  C:\Windows\System\hVrnbxW.exe
  2⤵
  PID:10444
- C:\Windows\System\kAtZhxz.exe
  C:\Windows\System\kAtZhxz.exe
  2⤵
  PID:10468
- C:\Windows\System\wyzoPYc.exe
  C:\Windows\System\wyzoPYc.exe
  2⤵
  PID:10496
- C:\Windows\System\TsOsPzz.exe
  C:\Windows\System\TsOsPzz.exe
  2⤵
  PID:10516
- C:\Windows\System\OtCjBPR.exe
  C:\Windows\System\OtCjBPR.exe
  2⤵
  PID:10536
- C:\Windows\System\JjsCplD.exe
  C:\Windows\System\JjsCplD.exe
  2⤵
  PID:10560
- C:\Windows\System\yraRhWx.exe
  C:\Windows\System\yraRhWx.exe
  2⤵
  PID:10580
- C:\Windows\System\HcAalmB.exe
  C:\Windows\System\HcAalmB.exe
  2⤵
  PID:10608
- C:\Windows\System\VGnBFwa.exe
  C:\Windows\System\VGnBFwa.exe
  2⤵
  PID:10624
- C:\Windows\System\olWysQE.exe
  C:\Windows\System\olWysQE.exe
  2⤵
  PID:10652
- C:\Windows\System\XWBStmj.exe
  C:\Windows\System\XWBStmj.exe
  2⤵
  PID:10684
- C:\Windows\System\ySAwSzs.exe
  C:\Windows\System\ySAwSzs.exe
  2⤵
  PID:10712
- C:\Windows\System\QcndHtY.exe
  C:\Windows\System\QcndHtY.exe
  2⤵
  PID:10744
- C:\Windows\System\tZdFaDo.exe
  C:\Windows\System\tZdFaDo.exe
  2⤵
  PID:10760
- C:\Windows\System\VNkpssx.exe
  C:\Windows\System\VNkpssx.exe
  2⤵
  PID:10780
- C:\Windows\System\ctWbZRp.exe
  C:\Windows\System\ctWbZRp.exe
  2⤵
  PID:10808
- C:\Windows\System\ptylvEo.exe
  C:\Windows\System\ptylvEo.exe
  2⤵
  PID:10828
- C:\Windows\System\CvTAkif.exe
  C:\Windows\System\CvTAkif.exe
  2⤵
  PID:10852
- C:\Windows\System\TkKQbxR.exe
  C:\Windows\System\TkKQbxR.exe
  2⤵
  PID:10868
- C:\Windows\System\vbwJnBP.exe
  C:\Windows\System\vbwJnBP.exe
  2⤵
  PID:10892
- C:\Windows\System\FIiqUnw.exe
  C:\Windows\System\FIiqUnw.exe
  2⤵
  PID:10912
- C:\Windows\System\ixiwTen.exe
  C:\Windows\System\ixiwTen.exe
  2⤵
  PID:10936
- C:\Windows\System\PEpemod.exe
  C:\Windows\System\PEpemod.exe
  2⤵
  PID:10952
- C:\Windows\System\DgRBezV.exe
  C:\Windows\System\DgRBezV.exe
  2⤵
  PID:10976
- C:\Windows\System\JwmTnRt.exe
  C:\Windows\System\JwmTnRt.exe
  2⤵
  PID:11000
- C:\Windows\System\ndsynoQ.exe
  C:\Windows\System\ndsynoQ.exe
  2⤵
  PID:11020
- C:\Windows\System\kkaQoiY.exe
  C:\Windows\System\kkaQoiY.exe
  2⤵
  PID:11044
- C:\Windows\System\ckIdedp.exe
  C:\Windows\System\ckIdedp.exe
  2⤵
  PID:11064
- C:\Windows\System\RmSPNPr.exe
  C:\Windows\System\RmSPNPr.exe
  2⤵
  PID:11084
- C:\Windows\System\vfMfmmn.exe
  C:\Windows\System\vfMfmmn.exe
  2⤵
  PID:11112
- C:\Windows\System\lTgGxmH.exe
  C:\Windows\System\lTgGxmH.exe
  2⤵
  PID:11132
- C:\Windows\System\VAHzPIL.exe
  C:\Windows\System\VAHzPIL.exe
  2⤵
  PID:11152
- C:\Windows\System\uGFmBjG.exe
  C:\Windows\System\uGFmBjG.exe
  2⤵
  PID:11172
- C:\Windows\System\ObXtVQG.exe
  C:\Windows\System\ObXtVQG.exe
  2⤵
  PID:11192
- C:\Windows\System\zJRvTZg.exe
  C:\Windows\System\zJRvTZg.exe
  2⤵
  PID:11220
- C:\Windows\System\qgnNcbn.exe
  C:\Windows\System\qgnNcbn.exe
  2⤵
  PID:11244
- C:\Windows\System\tfjsSgF.exe
  C:\Windows\System\tfjsSgF.exe
  2⤵
  PID:11260
- C:\Windows\System\kNLJNLj.exe
  C:\Windows\System\kNLJNLj.exe
  2⤵
  PID:9940
- C:\Windows\System\iApMFTM.exe
  C:\Windows\System\iApMFTM.exe
  2⤵
  PID:9980
- C:\Windows\System\dnwzhkH.exe
  C:\Windows\System\dnwzhkH.exe
  2⤵
  PID:2256
- C:\Windows\System\XsYWpOZ.exe
  C:\Windows\System\XsYWpOZ.exe
  2⤵
  PID:9848
- C:\Windows\System\fjaRARB.exe
  C:\Windows\System\fjaRARB.exe
  2⤵
  PID:9824
- C:\Windows\System\VwAwiDT.exe
  C:\Windows\System\VwAwiDT.exe
  2⤵
  PID:10064
- C:\Windows\System\hdHSjRz.exe
  C:\Windows\System\hdHSjRz.exe
  2⤵
  PID:10100
- C:\Windows\System\YXHsvlD.exe
  C:\Windows\System\YXHsvlD.exe
  2⤵
  PID:10152
- C:\Windows\System\XBVNDjz.exe
  C:\Windows\System\XBVNDjz.exe
  2⤵
  PID:10492
- C:\Windows\System\eRzCavd.exe
  C:\Windows\System\eRzCavd.exe
  2⤵
  PID:7084
- C:\Windows\System\deyHQGy.exe
  C:\Windows\System\deyHQGy.exe
  2⤵
  PID:10544
- C:\Windows\System\YvXsJmi.exe
  C:\Windows\System\YvXsJmi.exe
  2⤵
  PID:11276
- C:\Windows\System\AncVtzk.exe
  C:\Windows\System\AncVtzk.exe
  2⤵
  PID:11296
- C:\Windows\System\vAdHhhH.exe
  C:\Windows\System\vAdHhhH.exe
  2⤵
  PID:11312
- C:\Windows\System\qMBUjoH.exe
  C:\Windows\System\qMBUjoH.exe
  2⤵
  PID:11328
- C:\Windows\System\ONQjxtc.exe
  C:\Windows\System\ONQjxtc.exe
  2⤵
  PID:11344
- C:\Windows\System\tBHGimJ.exe
  C:\Windows\System\tBHGimJ.exe
  2⤵
  PID:11360
- C:\Windows\System\BRophuh.exe
  C:\Windows\System\BRophuh.exe
  2⤵
  PID:11380
- C:\Windows\System\gApNbkU.exe
  C:\Windows\System\gApNbkU.exe
  2⤵
  PID:11420
- C:\Windows\System\hJtdiOG.exe
  C:\Windows\System\hJtdiOG.exe
  2⤵
  PID:11456
- C:\Windows\System\WhGXhoD.exe
  C:\Windows\System\WhGXhoD.exe
  2⤵
  PID:11480
- C:\Windows\System\uJFbOPT.exe
  C:\Windows\System\uJFbOPT.exe
  2⤵
  PID:11500
- C:\Windows\System\CFWNAKy.exe
  C:\Windows\System\CFWNAKy.exe
  2⤵
  PID:11516
- C:\Windows\System\bITWOoX.exe
  C:\Windows\System\bITWOoX.exe
  2⤵
  PID:11532
- C:\Windows\System\kXDinbd.exe
  C:\Windows\System\kXDinbd.exe
  2⤵
  PID:11548
- C:\Windows\System\nukKURs.exe
  C:\Windows\System\nukKURs.exe
  2⤵
  PID:11568
- C:\Windows\System\exlZZDJ.exe
  C:\Windows\System\exlZZDJ.exe
  2⤵
  PID:11708
- C:\Windows\System\DEYjiri.exe
  C:\Windows\System\DEYjiri.exe
  2⤵
  PID:11728
- C:\Windows\System\PmSOPlq.exe
  C:\Windows\System\PmSOPlq.exe
  2⤵
  PID:11744
- C:\Windows\System\UBijsFb.exe
  C:\Windows\System\UBijsFb.exe
  2⤵
  PID:11764
- C:\Windows\System\vslMZGD.exe
  C:\Windows\System\vslMZGD.exe
  2⤵
  PID:11792
- C:\Windows\System\qMgdtnV.exe
  C:\Windows\System\qMgdtnV.exe
  2⤵
  PID:11808
- C:\Windows\System\vhEsitC.exe
  C:\Windows\System\vhEsitC.exe
  2⤵
  PID:11832
- C:\Windows\System\DWhskHW.exe
  C:\Windows\System\DWhskHW.exe
  2⤵
  PID:11852
- C:\Windows\System\TOSMYcM.exe
  C:\Windows\System\TOSMYcM.exe
  2⤵
  PID:11872
- C:\Windows\System\QsnIDLd.exe
  C:\Windows\System\QsnIDLd.exe
  2⤵
  PID:11888
- C:\Windows\System\VEdHjXi.exe
  C:\Windows\System\VEdHjXi.exe
  2⤵
  PID:11908
- C:\Windows\System\LAEdeJz.exe
  C:\Windows\System\LAEdeJz.exe
  2⤵
  PID:11924
- C:\Windows\System\kxERXOz.exe
  C:\Windows\System\kxERXOz.exe
  2⤵
  PID:11948
- C:\Windows\System\nHlugGv.exe
  C:\Windows\System\nHlugGv.exe
  2⤵
  PID:11972
- C:\Windows\System\hkSokVo.exe
  C:\Windows\System\hkSokVo.exe
  2⤵
  PID:11992
- C:\Windows\System\zYBKCDE.exe
  C:\Windows\System\zYBKCDE.exe
  2⤵
  PID:12012
- C:\Windows\System\qwRQNWW.exe
  C:\Windows\System\qwRQNWW.exe
  2⤵
  PID:12040
- C:\Windows\System\plvPhez.exe
  C:\Windows\System\plvPhez.exe
  2⤵
  PID:8016
- C:\Windows\System\fczNgbI.exe
  C:\Windows\System\fczNgbI.exe
  2⤵
  PID:10752
- C:\Windows\System\CtViITa.exe
  C:\Windows\System\CtViITa.exe
  2⤵
  PID:10664
- C:\Windows\System\ObfiVgB.exe
  C:\Windows\System\ObfiVgB.exe
  2⤵
  PID:11352
- C:\Windows\System\qQCOWDO.exe
  C:\Windows\System\qQCOWDO.exe
  2⤵
  PID:11236
- C:\Windows\System\kXwatsU.exe
  C:\Windows\System\kXwatsU.exe
  2⤵
  PID:9872
- C:\Windows\System\JcCHWBN.exe
  C:\Windows\System\JcCHWBN.exe
  2⤵
  PID:10000
- C:\Windows\System\PFJIbIb.exe
  C:\Windows\System\PFJIbIb.exe
  2⤵
  PID:11496
- C:\Windows\System\BDJbGCS.exe
  C:\Windows\System\BDJbGCS.exe
  2⤵
  PID:10348
- C:\Windows\System\pDZZDbX.exe
  C:\Windows\System\pDZZDbX.exe
  2⤵
  PID:11508
- C:\Windows\System\ZySnuPO.exe
  C:\Windows\System\ZySnuPO.exe
  2⤵
  PID:11596
- C:\Windows\System\aRbwRhT.exe
  C:\Windows\System\aRbwRhT.exe
  2⤵
  PID:12184
- C:\Windows\System\oakpPon.exe
  C:\Windows\System\oakpPon.exe
  2⤵
  PID:12208
- C:\Windows\System\GpFOHJo.exe
  C:\Windows\System\GpFOHJo.exe
  2⤵
  PID:12232
- C:\Windows\System\QukTSCN.exe
  C:\Windows\System\QukTSCN.exe
  2⤵
  PID:12052
- C:\Windows\System\SMDdjSE.exe
  C:\Windows\System\SMDdjSE.exe
  2⤵
  PID:11920
- C:\Windows\System\KScjvMf.exe
  C:\Windows\System\KScjvMf.exe
  2⤵
  PID:12000
- C:\Windows\System\nRMWplh.exe
  C:\Windows\System\nRMWplh.exe
  2⤵
  PID:11684
- C:\Windows\System\qKPiRev.exe
  C:\Windows\System\qKPiRev.exe
  2⤵
  PID:11724
- C:\Windows\System\DIGGoXg.exe
  C:\Windows\System\DIGGoXg.exe
  2⤵
  PID:11756
- C:\Windows\System\BgPlGLz.exe
  C:\Windows\System\BgPlGLz.exe
  2⤵
  PID:11804
- C:\Windows\System\UkkRdpb.exe
  C:\Windows\System\UkkRdpb.exe
  2⤵
  PID:11844
- C:\Windows\System\CAyJQek.exe
  C:\Windows\System\CAyJQek.exe
  2⤵
  PID:9580
- C:\Windows\System\lkhddia.exe
  C:\Windows\System\lkhddia.exe
  2⤵
  PID:10440
- C:\Windows\System\KZLUYww.exe
  C:\Windows\System\KZLUYww.exe
  2⤵
  PID:12300
- C:\Windows\System\EAHxzvZ.exe
  C:\Windows\System\EAHxzvZ.exe
  2⤵
  PID:12332
- C:\Windows\System\kXoBufI.exe
  C:\Windows\System\kXoBufI.exe
  2⤵
  PID:12356
- C:\Windows\System\CCqKYPB.exe
  C:\Windows\System\CCqKYPB.exe
  2⤵
  PID:12380
- C:\Windows\System\sKspyEC.exe
  C:\Windows\System\sKspyEC.exe
  2⤵
  PID:12396
- C:\Windows\System\DTJYepj.exe
  C:\Windows\System\DTJYepj.exe
  2⤵
  PID:12420
- C:\Windows\System\NYAoePl.exe
  C:\Windows\System\NYAoePl.exe
  2⤵
  PID:12444
- C:\Windows\System\imnBElp.exe
  C:\Windows\System\imnBElp.exe
  2⤵
  PID:12616
- C:\Windows\System\SoZfPSz.exe
  C:\Windows\System\SoZfPSz.exe
  2⤵
  PID:12672
- C:\Windows\System\rPjeANL.exe
  C:\Windows\System\rPjeANL.exe
  2⤵
  PID:12688
- C:\Windows\System\VADZMTH.exe
  C:\Windows\System\VADZMTH.exe
  2⤵
  PID:12716
- C:\Windows\System\bFEubAi.exe
  C:\Windows\System\bFEubAi.exe
  2⤵
  PID:12740
- C:\Windows\System\iYGKaVZ.exe
  C:\Windows\System\iYGKaVZ.exe
  2⤵
  PID:12760
- C:\Windows\System\aTxKPOI.exe
  C:\Windows\System\aTxKPOI.exe
  2⤵
  PID:12776
- C:\Windows\System\qvvIpOn.exe
  C:\Windows\System\qvvIpOn.exe
  2⤵
  PID:12800
- C:\Windows\System\FpMUxpi.exe
  C:\Windows\System\FpMUxpi.exe
  2⤵
  PID:12868
- C:\Windows\System\VPTwbEs.exe
  C:\Windows\System\VPTwbEs.exe
  2⤵
  PID:13012
- C:\Windows\System\QNhJtiV.exe
  C:\Windows\System\QNhJtiV.exe
  2⤵
  PID:13040
- C:\Windows\System\REODTFX.exe
  C:\Windows\System\REODTFX.exe
  2⤵
  PID:13060
- C:\Windows\System\AIOvPRj.exe
  C:\Windows\System\AIOvPRj.exe
  2⤵
  PID:13080
- C:\Windows\System\HwdoiSP.exe
  C:\Windows\System\HwdoiSP.exe
  2⤵
  PID:13124
- C:\Windows\System\rILQuqS.exe
  C:\Windows\System\rILQuqS.exe
  2⤵
  PID:13144
- C:\Windows\System\Mtobaar.exe
  C:\Windows\System\Mtobaar.exe
  2⤵
  PID:13164
- C:\Windows\System\NvRsAyY.exe
  C:\Windows\System\NvRsAyY.exe
  2⤵
  PID:13288
- C:\Windows\System\ZFEeYRV.exe
  C:\Windows\System\ZFEeYRV.exe
  2⤵
  PID:13308
- C:\Windows\System\BnOUzvi.exe
  C:\Windows\System\BnOUzvi.exe
  2⤵
  PID:8160
- C:\Windows\System\glnaMaz.exe
  C:\Windows\System\glnaMaz.exe
  2⤵
  PID:10232
- C:\Windows\System\CMjJXvS.exe
  C:\Windows\System\CMjJXvS.exe
  2⤵
  PID:11184
- C:\Windows\System\VbOQWph.exe
  C:\Windows\System\VbOQWph.exe
  2⤵
  PID:11540
- C:\Windows\System\uoWyawc.exe
  C:\Windows\System\uoWyawc.exe
  2⤵
  PID:11524
- C:\Windows\System\qkkgXVw.exe
  C:\Windows\System\qkkgXVw.exe
  2⤵
  PID:11656
- C:\Windows\System\XxlxSWb.exe
  C:\Windows\System\XxlxSWb.exe
  2⤵
  PID:8508
- C:\Windows\System\KEeqEKD.exe
  C:\Windows\System\KEeqEKD.exe
  2⤵
  PID:12456
- C:\Windows\System\twctOYR.exe
  C:\Windows\System\twctOYR.exe
  2⤵
  PID:12500
- C:\Windows\System\NlMshPP.exe
  C:\Windows\System\NlMshPP.exe
  2⤵
  PID:11720
- C:\Windows\System\Ywdjhsk.exe
  C:\Windows\System\Ywdjhsk.exe
  2⤵
  PID:11828
- C:\Windows\System\FGWDCSb.exe
  C:\Windows\System\FGWDCSb.exe
  2⤵
  PID:12292
- C:\Windows\System\WthDcvY.exe
  C:\Windows\System\WthDcvY.exe
  2⤵
  PID:12604
- C:\Windows\System\grJdIbR.exe
  C:\Windows\System\grJdIbR.exe
  2⤵
  PID:12416
- C:\Windows\System\KtbfhEb.exe
  C:\Windows\System\KtbfhEb.exe
  2⤵
  PID:12460
- C:\Windows\System\FoJIqFy.exe
  C:\Windows\System\FoJIqFy.exe
  2⤵
  PID:12528
- C:\Windows\System\LVGCanY.exe
  C:\Windows\System\LVGCanY.exe
  2⤵
  PID:12708
- C:\Windows\System\hwejsZW.exe
  C:\Windows\System\hwejsZW.exe
  2⤵
  PID:12324
- C:\Windows\System\RoikPMd.exe
  C:\Windows\System\RoikPMd.exe
  2⤵
  PID:12712
- C:\Windows\System\iBSMYeF.exe
  C:\Windows\System\iBSMYeF.exe
  2⤵
  PID:12968
- C:\Windows\System\nmDcKNY.exe
  C:\Windows\System\nmDcKNY.exe
  2⤵
  PID:12756
- C:\Windows\System\VtvFegK.exe
  C:\Windows\System\VtvFegK.exe
  2⤵
  PID:12976
- C:\Windows\System\EBnuqGk.exe
  C:\Windows\System\EBnuqGk.exe
  2⤵
  PID:13076
- C:\Windows\System\JDCZoMf.exe
  C:\Windows\System\JDCZoMf.exe
  2⤵
  PID:10332
- C:\Windows\System\CAuVMkt.exe
  C:\Windows\System\CAuVMkt.exe
  2⤵
  PID:13300
- C:\Windows\System\mgfxeQZ.exe
  C:\Windows\System\mgfxeQZ.exe
  2⤵
  PID:12344
- C:\Windows\System\OWIMEea.exe
  C:\Windows\System\OWIMEea.exe
  2⤵
  PID:13004
- C:\Windows\System\pIyJHEb.exe
  C:\Windows\System\pIyJHEb.exe
  2⤵
  PID:1812
- C:\Windows\System\kqVRKJN.exe
  C:\Windows\System\kqVRKJN.exe
  2⤵
  PID:3556
- C:\Windows\System\YOsKgMK.exe
  C:\Windows\System\YOsKgMK.exe
  2⤵
  PID:4660
- C:\Windows\System\SVQRrGh.exe
  C:\Windows\System\SVQRrGh.exe
  2⤵
  PID:11492
- C:\Windows\System\NUvWiyn.exe
  C:\Windows\System\NUvWiyn.exe
  2⤵
  PID:7372
- C:\Windows\System\qRxEknJ.exe
  C:\Windows\System\qRxEknJ.exe
  2⤵
  PID:11100
- C:\Windows\System\xyPVQpR.exe
  C:\Windows\System\xyPVQpR.exe
  2⤵
  PID:10840
- C:\Windows\System\YsMiDkO.exe
  C:\Windows\System\YsMiDkO.exe
  2⤵
  PID:12484
- C:\Windows\System\FHJANEu.exe
  C:\Windows\System\FHJANEu.exe
  2⤵
  PID:12196
- C:\Windows\System\xPdXlTp.exe
  C:\Windows\System\xPdXlTp.exe
  2⤵
  PID:4700
- C:\Windows\System\RXwuINa.exe
  C:\Windows\System\RXwuINa.exe
  2⤵
  PID:12592
- C:\Windows\System\yENcrnh.exe
  C:\Windows\System\yENcrnh.exe
  2⤵
  PID:10244
- C:\Windows\System\WjxBxoR.exe
  C:\Windows\System\WjxBxoR.exe
  2⤵
  PID:4068
- C:\Windows\System\PxSTaoF.exe
  C:\Windows\System\PxSTaoF.exe
  2⤵
  PID:3000
- C:\Windows\System\zafBQwJ.exe
  C:\Windows\System\zafBQwJ.exe
  2⤵
  PID:13028
- C:\Windows\System\blrIqPV.exe
  C:\Windows\System\blrIqPV.exe
  2⤵
  PID:2400
- C:\Windows\System\ZKzcnpK.exe
  C:\Windows\System\ZKzcnpK.exe
  2⤵
  PID:13176
- C:\Windows\System\zllqCoD.exe
  C:\Windows\System\zllqCoD.exe
  2⤵
  PID:12316
- C:\Windows\System\BsibBXA.exe
  C:\Windows\System\BsibBXA.exe
  2⤵
  PID:4864
- C:\Windows\System\IjfwjzA.exe
  C:\Windows\System\IjfwjzA.exe
  2⤵
  PID:4036
- C:\Windows\System\NtMYYDc.exe
  C:\Windows\System\NtMYYDc.exe
  2⤵
  PID:10352
- C:\Windows\System\uPKHBdc.exe
  C:\Windows\System\uPKHBdc.exe
  2⤵
  PID:1996
- C:\Windows\System\wjsKjHa.exe
  C:\Windows\System\wjsKjHa.exe
  2⤵
  PID:12656
- C:\Windows\System\TfyLWGt.exe
  C:\Windows\System\TfyLWGt.exe
  2⤵
  PID:13072
- C:\Windows\System\Ospzlvg.exe
  C:\Windows\System\Ospzlvg.exe
  2⤵
  PID:4952
- C:\Windows\System\AojQRKr.exe
  C:\Windows\System\AojQRKr.exe
  2⤵
  PID:2996
- C:\Windows\System\emvcKda.exe
  C:\Windows\System\emvcKda.exe
  2⤵
  PID:11904
- C:\Windows\System\QrgBUiA.exe
  C:\Windows\System\QrgBUiA.exe
  2⤵
  PID:4144
- C:\Windows\System\bJVCtcD.exe
  C:\Windows\System\bJVCtcD.exe
  2⤵
  PID:1260
- C:\Windows\System\RYAsqpS.exe
  C:\Windows\System\RYAsqpS.exe
  2⤵
  PID:5512
- C:\Windows\System\idizjvu.exe
  C:\Windows\System\idizjvu.exe
  2⤵
  PID:4384
- C:\Windows\System\wsmZSsI.exe
  C:\Windows\System\wsmZSsI.exe
  2⤵
  PID:2484
- C:\Windows\System\xlIbKWa.exe
  C:\Windows\System\xlIbKWa.exe
  2⤵
  PID:12768
- C:\Windows\System\bUtpgWQ.exe
  C:\Windows\System\bUtpgWQ.exe
  2⤵
  PID:4392
- C:\Windows\System\FrlttHW.exe
  C:\Windows\System\FrlttHW.exe
  2⤵
  PID:3656
- C:\Windows\System\MJwWpyP.exe
  C:\Windows\System\MJwWpyP.exe
  2⤵
  PID:2820
- C:\Windows\System\CohsFlF.exe
  C:\Windows\System\CohsFlF.exe
  2⤵
  PID:404
- C:\Windows\System\jlfCwcp.exe
  C:\Windows\System\jlfCwcp.exe
  2⤵
  PID:1664
- C:\Windows\System\xqgyVpr.exe
  C:\Windows\System\xqgyVpr.exe
  2⤵
  PID:2904
- C:\Windows\System\EHFCqSi.exe
  C:\Windows\System\EHFCqSi.exe
  2⤵
  PID:13052
- C:\Windows\System\hQYmDwC.exe
  C:\Windows\System\hQYmDwC.exe
  2⤵
  PID:5756
- C:\Windows\System\UVSETdA.exe
  C:\Windows\System\UVSETdA.exe
  2⤵
  PID:4564
- C:\Windows\System\IpWahbz.exe
  C:\Windows\System\IpWahbz.exe
  2⤵
  PID:3532
- C:\Windows\System\lRdQlvx.exe
  C:\Windows\System\lRdQlvx.exe
  2⤵
  PID:6136
- C:\Windows\System\dWmkdjN.exe
  C:\Windows\System\dWmkdjN.exe
  2⤵
  PID:4976
- C:\Windows\System\GLftwRG.exe
  C:\Windows\System\GLftwRG.exe
  2⤵
  PID:5684
- C:\Windows\System\wymjTuD.exe
  C:\Windows\System\wymjTuD.exe
  2⤵
  PID:5476
- C:\Windows\System\BKXhaPR.exe
  C:\Windows\System\BKXhaPR.exe
  2⤵
  PID:5444
- C:\Windows\System\NUEWWoZ.exe
  C:\Windows\System\NUEWWoZ.exe
  2⤵
  PID:5360
- C:\Windows\System\DYEQGeu.exe
  C:\Windows\System\DYEQGeu.exe
  2⤵
  PID:5584
- C:\Windows\System\cxOawXT.exe
  C:\Windows\System\cxOawXT.exe
  2⤵
  PID:5704
- C:\Windows\System\AGphlvP.exe
  C:\Windows\System\AGphlvP.exe
  2⤵
  PID:4152
- C:\Windows\System\mmQlYiU.exe
  C:\Windows\System\mmQlYiU.exe
  2⤵
  PID:5200
- C:\Windows\System\sXTSuYO.exe
  C:\Windows\System\sXTSuYO.exe
  2⤵
  PID:5780
- C:\Windows\System\jYcOhul.exe
  C:\Windows\System\jYcOhul.exe
  2⤵
  PID:12680
- C:\Windows\System\DQRygcN.exe
  C:\Windows\System\DQRygcN.exe
  2⤵
  PID:1768
- C:\Windows\System\OOxFTUR.exe
  C:\Windows\System\OOxFTUR.exe
  2⤵
  PID:13276
- C:\Windows\System\LDojOBO.exe
  C:\Windows\System\LDojOBO.exe
  2⤵
  PID:5032
- C:\Windows\System\lqshHcc.exe
  C:\Windows\System\lqshHcc.exe
  2⤵
  PID:5840
- C:\Windows\System\LIGEUVk.exe
  C:\Windows\System\LIGEUVk.exe
  2⤵
  PID:5300
- C:\Windows\System\RliCdAW.exe
  C:\Windows\System\RliCdAW.exe
  2⤵
  PID:5864
- C:\Windows\System\OmTasJs.exe
  C:\Windows\System\OmTasJs.exe
  2⤵
  PID:5640
- C:\Windows\System\avvpmgI.exe
  C:\Windows\System\avvpmgI.exe
  2⤵
  PID:1588
- C:\Windows\System\konxeDc.exe
  C:\Windows\System\konxeDc.exe
  2⤵
  PID:3500
- C:\Windows\System\TNhLuZc.exe
  C:\Windows\System\TNhLuZc.exe
  2⤵
  PID:5872
- C:\Windows\System\LekxGKw.exe
  C:\Windows\System\LekxGKw.exe
  2⤵
  PID:5948
- C:\Windows\System\XAEffBV.exe
  C:\Windows\System\XAEffBV.exe
  2⤵
  PID:13108
- C:\Windows\System\YBSdVlE.exe
  C:\Windows\System\YBSdVlE.exe
  2⤵
  PID:1572
- C:\Windows\System\vvREhbC.exe
  C:\Windows\System\vvREhbC.exe
  2⤵
  PID:456
- C:\Windows\System\APzOkDe.exe
  C:\Windows\System\APzOkDe.exe
  2⤵
  PID:5652
- C:\Windows\System\mUfptHv.exe
  C:\Windows\System\mUfptHv.exe
  2⤵
  PID:5952
- C:\Windows\System\bCzyrIT.exe
  C:\Windows\System\bCzyrIT.exe
  2⤵
  PID:5604
- C:\Windows\System\kDRCHnt.exe
  C:\Windows\System\kDRCHnt.exe
  2⤵
  PID:5844
- C:\Windows\System\DWVSwlq.exe
  C:\Windows\System\DWVSwlq.exe
  2⤵
  PID:5796
- C:\Windows\System\wVPxLrP.exe
  C:\Windows\System\wVPxLrP.exe
  2⤵
  PID:4592
- C:\Windows\System\FGsCAAs.exe
  C:\Windows\System\FGsCAAs.exe
  2⤵
  PID:5876
- C:\Windows\System\cefiapm.exe
  C:\Windows\System\cefiapm.exe
  2⤵
  PID:5804
- C:\Windows\System\qsVZgiY.exe
  C:\Windows\System\qsVZgiY.exe
  2⤵
  PID:5972
- C:\Windows\System\hkzwndd.exe
  C:\Windows\System\hkzwndd.exe
  2⤵
  PID:3960
- C:\Windows\System\XcQyEfk.exe
  C:\Windows\System\XcQyEfk.exe
  2⤵
  PID:13264
- C:\Windows\System\kBjjKiX.exe
  C:\Windows\System\kBjjKiX.exe
  2⤵
  PID:5392
- C:\Windows\System\FUhGFhP.exe
  C:\Windows\System\FUhGFhP.exe
  2⤵
  PID:5480
- C:\Windows\System\yhKSMHI.exe
  C:\Windows\System\yhKSMHI.exe
  2⤵
  PID:3484
- C:\Windows\System\hAdyEuT.exe
  C:\Windows\System\hAdyEuT.exe
  2⤵
  PID:1792
- C:\Windows\System\JfBPVZr.exe
  C:\Windows\System\JfBPVZr.exe
  2⤵
  PID:5416
- C:\Windows\System\HZIxDhl.exe
  C:\Windows\System\HZIxDhl.exe
  2⤵
  PID:5700
- C:\Windows\System\hOQudqN.exe
  C:\Windows\System\hOQudqN.exe
  2⤵
  PID:2236
- C:\Windows\System\ehHbkbT.exe
  C:\Windows\System\ehHbkbT.exe
  2⤵
  PID:2072
- C:\Windows\System\gNrWuyu.exe
  C:\Windows\System\gNrWuyu.exe
  2⤵
  PID:5420
- C:\Windows\System\BQgfZXO.exe
  C:\Windows\System\BQgfZXO.exe
  2⤵
  PID:688
- C:\Windows\System\dhcqoOE.exe
  C:\Windows\System\dhcqoOE.exe
  2⤵
  PID:1832
- C:\Windows\System\EeUIkxf.exe
  C:\Windows\System\EeUIkxf.exe
  2⤵
  PID:5440
- C:\Windows\System\IFwHTCK.exe
  C:\Windows\System\IFwHTCK.exe
  2⤵
  PID:2688
- C:\Windows\System\IhWeZeH.exe
  C:\Windows\System\IhWeZeH.exe
  2⤵
  PID:828
- C:\Windows\System\zDmhxLZ.exe
  C:\Windows\System\zDmhxLZ.exe
  2⤵
  PID:5900
- C:\Windows\System\VtqIRZW.exe
  C:\Windows\System\VtqIRZW.exe
  2⤵
  PID:644
- C:\Windows\System\FrHOgLW.exe
  C:\Windows\System\FrHOgLW.exe
  2⤵
  PID:12520
- C:\Windows\System\yCoVNlx.exe
  C:\Windows\System\yCoVNlx.exe
  2⤵
  PID:3712
- C:\Windows\System\jyKUUGh.exe
  C:\Windows\System\jyKUUGh.exe
  2⤵
  PID:2392
- C:\Windows\System\euAuqGA.exe
  C:\Windows\System\euAuqGA.exe
  2⤵
  PID:4624
- C:\Windows\System\mbwkQDJ.exe
  C:\Windows\System\mbwkQDJ.exe
  2⤵
  PID:2936
- C:\Windows\System\uRRDeKE.exe
  C:\Windows\System\uRRDeKE.exe
  2⤵
  PID:5436
- C:\Windows\System\oaBhkmN.exe
  C:\Windows\System\oaBhkmN.exe
  2⤵
  PID:5852
- C:\Windows\System\kktCjhC.exe
  C:\Windows\System\kktCjhC.exe
  2⤵
  PID:3992
- C:\Windows\System\XwcpGeQ.exe
  C:\Windows\System\XwcpGeQ.exe
  2⤵
  PID:3508
- C:\Windows\System\czgmJCz.exe
  C:\Windows\System\czgmJCz.exe
  2⤵
  PID:5808
- C:\Windows\System\kqubiKy.exe
  C:\Windows\System\kqubiKy.exe
  2⤵
  PID:5408
- C:\Windows\System\TRJBxof.exe
  C:\Windows\System\TRJBxof.exe
  2⤵
  PID:3056
- C:\Windows\System\iMUIOHF.exe
  C:\Windows\System\iMUIOHF.exe
  2⤵
  PID:13212
- C:\Windows\System\VUztFXo.exe
  C:\Windows\System\VUztFXo.exe
  2⤵
  PID:2380
- C:\Windows\System\mVWOVTF.exe
  C:\Windows\System\mVWOVTF.exe
  2⤵
  PID:5396
- C:\Windows\System\XVyYiLC.exe
  C:\Windows\System\XVyYiLC.exe
  2⤵
  PID:4540
- C:\Windows\System\RVZlOFy.exe
  C:\Windows\System\RVZlOFy.exe
  2⤵
  PID:2472
- C:\Windows\System\czCCsuW.exe
  C:\Windows\System\czCCsuW.exe
  2⤵
  PID:11864
- C:\Windows\System\bzjglwO.exe
  C:\Windows\System\bzjglwO.exe
  2⤵
  PID:13344
- C:\Windows\System\WMYhfwb.exe
  C:\Windows\System\WMYhfwb.exe
  2⤵
  PID:13360
- C:\Windows\System\dpDSzaN.exe
  C:\Windows\System\dpDSzaN.exe
  2⤵
  PID:13376
- C:\Windows\System\lwuXnXE.exe
  C:\Windows\System\lwuXnXE.exe
  2⤵
  PID:14104
- C:\Windows\System\qDidFwp.exe
  C:\Windows\System\qDidFwp.exe
  2⤵
  PID:14120
- C:\Windows\System\DQbIFMW.exe
  C:\Windows\System\DQbIFMW.exe
  2⤵
  PID:14184
- C:\Windows\System\cHDIMNz.exe
  C:\Windows\System\cHDIMNz.exe
  2⤵
  PID:14204
- C:\Windows\System\jGaPuXF.exe
  C:\Windows\System\jGaPuXF.exe
  2⤵
  PID:14224
- C:\Windows\System\aUqwDzk.exe
  C:\Windows\System\aUqwDzk.exe
  2⤵
  PID:14248
- C:\Windows\System\VOkynUI.exe
  C:\Windows\System\VOkynUI.exe
  2⤵
  PID:14280
- C:\Windows\System\UDojeDB.exe
  C:\Windows\System\UDojeDB.exe
  2⤵
  PID:14300
- C:\Windows\System\fUXjxjl.exe
  C:\Windows\System\fUXjxjl.exe
  2⤵
  PID:13316
- C:\Windows\System\FYKVfhW.exe
  C:\Windows\System\FYKVfhW.exe
  2⤵
  PID:11740
- C:\Windows\System\aflURdF.exe
  C:\Windows\System\aflURdF.exe
  2⤵
  PID:5572
- C:\Windows\System\acOHjrX.exe
  C:\Windows\System\acOHjrX.exe
  2⤵
  PID:13396
- C:\Windows\System\dvEcUcQ.exe
  C:\Windows\System\dvEcUcQ.exe
  2⤵
  PID:13368
- C:\Windows\System\eSMoQbh.exe
  C:\Windows\System\eSMoQbh.exe
  2⤵
  PID:13412
- C:\Windows\System\ecKBjFa.exe
  C:\Windows\System\ecKBjFa.exe
  2⤵
  PID:13432
- C:\Windows\System\DYYCmQp.exe
  C:\Windows\System\DYYCmQp.exe
  2⤵
  PID:13448
- C:\Windows\System\MkfVPmY.exe
  C:\Windows\System\MkfVPmY.exe
  2⤵
  PID:13444
- C:\Windows\System\LWLolOk.exe
  C:\Windows\System\LWLolOk.exe
  2⤵
  PID:13484
- C:\Windows\System\bpDdUgq.exe
  C:\Windows\System\bpDdUgq.exe
  2⤵
  PID:13524
- C:\Windows\System\HkEmdzh.exe
  C:\Windows\System\HkEmdzh.exe
  2⤵
  PID:13528
- C:\Windows\System\MeSWGee.exe
  C:\Windows\System\MeSWGee.exe
  2⤵
  PID:13556
- C:\Windows\System\KMjUyhs.exe
  C:\Windows\System\KMjUyhs.exe
  2⤵
  PID:13588
- C:\Windows\System\wiejEjh.exe
  C:\Windows\System\wiejEjh.exe
  2⤵
  PID:4920
- C:\Windows\System\xlsUWbD.exe
  C:\Windows\System\xlsUWbD.exe
  2⤵
  PID:13616
- C:\Windows\System\jxHAnre.exe
  C:\Windows\System\jxHAnre.exe
  2⤵
  PID:13636
- C:\Windows\System\lwcxQMh.exe
  C:\Windows\System\lwcxQMh.exe
  2⤵
  PID:13648
- C:\Windows\System\BJmErTo.exe
  C:\Windows\System\BJmErTo.exe
  2⤵
  PID:13680
- C:\Windows\System\drrkDQV.exe
  C:\Windows\System\drrkDQV.exe
  2⤵
  PID:13696
- C:\Windows\System\VzToXGA.exe
  C:\Windows\System\VzToXGA.exe
  2⤵
  PID:13720
- C:\Windows\System\qVOuqvX.exe
  C:\Windows\System\qVOuqvX.exe
  2⤵
  PID:13736
- C:\Windows\System\fBwFMIe.exe
  C:\Windows\System\fBwFMIe.exe
  2⤵
  PID:13756
- C:\Windows\System\IxPKHlS.exe
  C:\Windows\System\IxPKHlS.exe
  2⤵
  PID:13772
- C:\Windows\System\byBxzlP.exe
  C:\Windows\System\byBxzlP.exe
  2⤵
  PID:13788
- C:\Windows\System\UcOreJS.exe
  C:\Windows\System\UcOreJS.exe
  2⤵
  PID:13800
- C:\Windows\System\HoyEybW.exe
  C:\Windows\System\HoyEybW.exe
  2⤵
  PID:13828
- C:\Windows\System\NkFsyNs.exe
  C:\Windows\System\NkFsyNs.exe
  2⤵
  PID:13844
- C:\Windows\System\vOIddwo.exe
  C:\Windows\System\vOIddwo.exe
  2⤵
  PID:13868
- C:\Windows\System\jICUZUw.exe
  C:\Windows\System\jICUZUw.exe
  2⤵
  PID:2172
- C:\Windows\System\LvGYCwL.exe
  C:\Windows\System\LvGYCwL.exe
  2⤵
  PID:13896
- C:\Windows\System\iMbJRSv.exe
  C:\Windows\System\iMbJRSv.exe
  2⤵
  PID:13924
- C:\Windows\System\atGhieU.exe
  C:\Windows\System\atGhieU.exe
  2⤵
  PID:13940
- C:\Windows\System\QzmCuIx.exe
  C:\Windows\System\QzmCuIx.exe
  2⤵
  PID:13952
- C:\Windows\System\SGgDGTM.exe
  C:\Windows\System\SGgDGTM.exe
  2⤵
  PID:12788
- C:\Windows\System\gZRGctc.exe
  C:\Windows\System\gZRGctc.exe
  2⤵
  PID:13964
- C:\Windows\System\TsqvjHN.exe
  C:\Windows\System\TsqvjHN.exe
  2⤵
  PID:13984
- C:\Windows\System\NUFDPUB.exe
  C:\Windows\System\NUFDPUB.exe
  2⤵
  PID:14004
- C:\Windows\System\afJzwRU.exe
  C:\Windows\System\afJzwRU.exe
  2⤵
  PID:14020
- C:\Windows\System\gYYbFvV.exe
  C:\Windows\System\gYYbFvV.exe
  2⤵
  PID:1928
- C:\Windows\System\vIOxibP.exe
  C:\Windows\System\vIOxibP.exe
  2⤵
  PID:14024
- C:\Windows\System\IWDjwLB.exe
  C:\Windows\System\IWDjwLB.exe
  2⤵
  PID:14072
- C:\Windows\System\QCYQUgM.exe
  C:\Windows\System\QCYQUgM.exe
  2⤵
  PID:14048
- C:\Windows\System\IMMlgzj.exe
  C:\Windows\System\IMMlgzj.exe
  2⤵
  PID:14064
- C:\Windows\System\WKUSywt.exe
  C:\Windows\System\WKUSywt.exe
  2⤵
  PID:14092
- C:\Windows\System\GUlrmDp.exe
  C:\Windows\System\GUlrmDp.exe
  2⤵
  PID:3204
- C:\Windows\System\AwEmrly.exe
  C:\Windows\System\AwEmrly.exe
  2⤵
  PID:14128
- C:\Windows\System\ZHCaVZU.exe
  C:\Windows\System\ZHCaVZU.exe
  2⤵
  PID:14244
- C:\Windows\System\YuOGgod.exe
  C:\Windows\System\YuOGgod.exe
  2⤵
  PID:14144
- C:\Windows\System\XAshNmA.exe
  C:\Windows\System\XAshNmA.exe
  2⤵
  PID:3208
- C:\Windows\System\NazvrIo.exe
  C:\Windows\System\NazvrIo.exe
  2⤵
  PID:14160
- C:\Windows\System\tKncVdz.exe
  C:\Windows\System\tKncVdz.exe
  2⤵
  PID:3212
- C:\Windows\System\vhSOBCf.exe
  C:\Windows\System\vhSOBCf.exe
  2⤵
  PID:5880
- C:\Windows\System\riTptNE.exe
  C:\Windows\System\riTptNE.exe
  2⤵
  PID:14308
- C:\Windows\System\jIprvKS.exe
  C:\Windows\System\jIprvKS.exe
  2⤵
  PID:14168
- C:\Windows\System\piLGXeq.exe
  C:\Windows\System\piLGXeq.exe
  2⤵
  PID:6112
- C:\Windows\System\bYRcGqu.exe
  C:\Windows\System\bYRcGqu.exe
  2⤵
  PID:14240
- C:\Windows\System\ZYXASAb.exe
  C:\Windows\System\ZYXASAb.exe
  2⤵
  PID:12752
- C:\Windows\System\cwEZMUx.exe
  C:\Windows\System\cwEZMUx.exe
  2⤵
  PID:14296
- C:\Windows\System\HUKSxgH.exe
  C:\Windows\System\HUKSxgH.exe
  2⤵
  PID:4996
- C:\Windows\System\EHmkbMQ.exe
  C:\Windows\System\EHmkbMQ.exe
  2⤵
  PID:6076
- C:\Windows\System\TYvseZA.exe
  C:\Windows\System\TYvseZA.exe
  2⤵
  PID:14220
- C:\Windows\System\TpAEYMQ.exe
  C:\Windows\System\TpAEYMQ.exe
  2⤵
  PID:13324
- C:\Windows\System\ecuKrrF.exe
  C:\Windows\System\ecuKrrF.exe
  2⤵
  PID:5608
- C:\Windows\System\FiewDNl.exe
  C:\Windows\System\FiewDNl.exe
  2⤵
  PID:5988
- C:\Windows\System\bVcDBFx.exe
  C:\Windows\System\bVcDBFx.exe
  2⤵
  PID:6088
- C:\Windows\System\lsiZHyw.exe
  C:\Windows\System\lsiZHyw.exe
  2⤵
  PID:6032
- C:\Windows\System\VQdyGjC.exe
  C:\Windows\System\VQdyGjC.exe
  2⤵
  PID:3036
- C:\Windows\System\AcAgNDy.exe
  C:\Windows\System\AcAgNDy.exe
  2⤵
  PID:3524
- C:\Windows\System\VunuzFb.exe
  C:\Windows\System\VunuzFb.exe
  2⤵
  PID:13384
- C:\Windows\System\dGUYYFF.exe
  C:\Windows\System\dGUYYFF.exe
  2⤵
  PID:1416
- C:\Windows\System\rhfNytp.exe
  C:\Windows\System\rhfNytp.exe
  2⤵
  PID:13460
- C:\Windows\System\ttDXOhA.exe
  C:\Windows\System\ttDXOhA.exe
  2⤵
  PID:13424
- C:\Windows\System\qnpWPgs.exe
  C:\Windows\System\qnpWPgs.exe
  2⤵
  PID:13428
- C:\Windows\System\JliqkWz.exe
  C:\Windows\System\JliqkWz.exe
  2⤵
  PID:2756
- C:\Windows\System\TRsdKRt.exe
  C:\Windows\System\TRsdKRt.exe
  2⤵
  PID:13532
- C:\Windows\System\RhfJmUm.exe
  C:\Windows\System\RhfJmUm.exe
  2⤵
  PID:13548
- C:\Windows\System\rVUeiup.exe
  C:\Windows\System\rVUeiup.exe
  2⤵
  PID:13608
- C:\Windows\System\lMdlVJm.exe
  C:\Windows\System\lMdlVJm.exe
  2⤵
  PID:13596
- C:\Windows\System\uPHZZSf.exe
  C:\Windows\System\uPHZZSf.exe
  2⤵
  PID:13676
- C:\Windows\System\ySFsjSU.exe
  C:\Windows\System\ySFsjSU.exe
  2⤵
  PID:6168
- C:\Windows\System\sCwckIz.exe
  C:\Windows\System\sCwckIz.exe
  2⤵
  PID:13692
- C:\Windows\System\PUrcNVE.exe
  C:\Windows\System\PUrcNVE.exe
  2⤵
  PID:13712
- C:\Windows\System\OzKjZuo.exe
  C:\Windows\System\OzKjZuo.exe
  2⤵
  PID:13728
- C:\Windows\System\zTYYgyI.exe
  C:\Windows\System\zTYYgyI.exe
  2⤵
  PID:13768
- C:\Windows\System\iSfSWSk.exe
  C:\Windows\System\iSfSWSk.exe
  2⤵
  PID:13824
- C:\Windows\System\UVEDrpx.exe
  C:\Windows\System\UVEDrpx.exe
  2⤵
  PID:6728
- C:\Windows\System\FKMSQFl.exe
  C:\Windows\System\FKMSQFl.exe
  2⤵
  PID:13836
- C:\Windows\System\ljsXgZi.exe
  C:\Windows\System\ljsXgZi.exe
  2⤵
  PID:13860
- C:\Windows\System\xHzLKvS.exe
  C:\Windows\System\xHzLKvS.exe
  2⤵
  PID:13920
- C:\Windows\System\TtwPUcm.exe
  C:\Windows\System\TtwPUcm.exe
  2⤵
  PID:13884
- C:\Windows\System\uBFalBo.exe
  C:\Windows\System\uBFalBo.exe
  2⤵
  PID:6524
- C:\Windows\System\IOLNgVT.exe
  C:\Windows\System\IOLNgVT.exe
  2⤵
  PID:4556
- C:\Windows\System\WNzNmPA.exe
  C:\Windows\System\WNzNmPA.exe
  2⤵
  PID:12572
- C:\Windows\System\ErXkIfX.exe
  C:\Windows\System\ErXkIfX.exe
  2⤵
  PID:14100
- C:\Windows\System\iqqqQIR.exe
  C:\Windows\System\iqqqQIR.exe
  2⤵
  PID:6860
- C:\Windows\System\ANIFsje.exe
  C:\Windows\System\ANIFsje.exe
  2⤵
  PID:14076
- C:\Windows\System\XvvMRNc.exe
  C:\Windows\System\XvvMRNc.exe
  2⤵
  PID:14216
- C:\Windows\System\lqAItUn.exe
  C:\Windows\System\lqAItUn.exe
  2⤵
  PID:14272
- C:\Windows\System\CDKPDsa.exe
  C:\Windows\System\CDKPDsa.exe
  2⤵
  PID:1888
- C:\Windows\System\wmrtLzJ.exe
  C:\Windows\System\wmrtLzJ.exe
  2⤵
  PID:4120
- C:\Windows\System\jhmPfii.exe
  C:\Windows\System\jhmPfii.exe
  2⤵
  PID:7024
- C:\Windows\System\nJfykqA.exe
  C:\Windows\System\nJfykqA.exe
  2⤵
  PID:1656
- C:\Windows\System\QwhKCzJ.exe
  C:\Windows\System\QwhKCzJ.exe
  2⤵
  PID:7472
- C:\Windows\System\FldQwPv.exe
  C:\Windows\System\FldQwPv.exe
  2⤵
  PID:7580
- C:\Windows\System\aNhzJXa.exe
  C:\Windows\System\aNhzJXa.exe
  2⤵
  PID:7612
- C:\Windows\System\EnUfLkX.exe
  C:\Windows\System\EnUfLkX.exe
  2⤵
  PID:5908
- C:\Windows\System\AywNkvo.exe
  C:\Windows\System\AywNkvo.exe
  2⤵
  PID:5904
- C:\Windows\System\TYftgSU.exe
  C:\Windows\System\TYftgSU.exe
  2⤵
  PID:13404
- C:\Windows\System\kFyibyT.exe
  C:\Windows\System\kFyibyT.exe
  2⤵
  PID:1596
- C:\Windows\System\ModLwyG.exe
  C:\Windows\System\ModLwyG.exe
  2⤵
  PID:13652
- C:\Windows\System\sPpBfeB.exe
  C:\Windows\System\sPpBfeB.exe
  2⤵
  PID:6316
- C:\Windows\System\OAmRvSm.exe
  C:\Windows\System\OAmRvSm.exe
  2⤵
  PID:7852
- C:\Windows\System\rZzkqVe.exe
  C:\Windows\System\rZzkqVe.exe
  2⤵
  PID:13472
- C:\Windows\System\DgjjimU.exe
  C:\Windows\System\DgjjimU.exe
  2⤵
  PID:6504
- C:\Windows\System\RnwtrSR.exe
  C:\Windows\System\RnwtrSR.exe
  2⤵
  PID:4348
- C:\Windows\System\takgldF.exe
  C:\Windows\System\takgldF.exe
  2⤵
  PID:13500
- C:\Windows\System\CxmUxPH.exe
  C:\Windows\System\CxmUxPH.exe
  2⤵
  PID:13564
- C:\Windows\System\WBaaBxh.exe
  C:\Windows\System\WBaaBxh.exe
  2⤵
  PID:6320
- C:\Windows\System\uOPaiiZ.exe
  C:\Windows\System\uOPaiiZ.exe
  2⤵
  PID:6520
- C:\Windows\System\PVDaaXy.exe
  C:\Windows\System\PVDaaXy.exe
  2⤵
  PID:7340
- C:\Windows\System\xoRheMp.exe
  C:\Windows\System\xoRheMp.exe
  2⤵
  PID:6620
- C:\Windows\System\CTStagL.exe
  C:\Windows\System\CTStagL.exe
  2⤵
  PID:6292
- C:\Windows\System\aAZkvOE.exe
  C:\Windows\System\aAZkvOE.exe
  2⤵
  PID:13816
- C:\Windows\System\umbYjuC.exe
  C:\Windows\System\umbYjuC.exe
  2⤵
  PID:13796
- C:\Windows\System\fxbOWZJ.exe
  C:\Windows\System\fxbOWZJ.exe
  2⤵
  PID:6412
- C:\Windows\System\YLLCPdK.exe
  C:\Windows\System\YLLCPdK.exe
  2⤵
  PID:13852
- C:\Windows\System\tzLQZaV.exe
  C:\Windows\System\tzLQZaV.exe
  2⤵
  PID:7528
- C:\Windows\System\OhiPqJu.exe
  C:\Windows\System\OhiPqJu.exe
  2⤵
  PID:6788
- C:\Windows\System\iFfxOiV.exe
  C:\Windows\System\iFfxOiV.exe
  2⤵
  PID:13936
- C:\Windows\System\krIyQzf.exe
  C:\Windows\System\krIyQzf.exe
  2⤵
  PID:6584
- C:\Windows\System\iLEVtcP.exe
  C:\Windows\System\iLEVtcP.exe
  2⤵
  PID:1420
- C:\Windows\System\THqEYdp.exe
  C:\Windows\System\THqEYdp.exe
  2⤵
  PID:7756
- C:\Windows\System\OBGybuT.exe
  C:\Windows\System\OBGybuT.exe
  2⤵
  PID:7708
- C:\Windows\System\MrVQWTy.exe
  C:\Windows\System\MrVQWTy.exe
  2⤵
  PID:14012
- C:\Windows\System\HUzAEdN.exe
  C:\Windows\System\HUzAEdN.exe
  2⤵
  PID:6336
- C:\Windows\System\VKOrmBh.exe
  C:\Windows\System\VKOrmBh.exe
  2⤵
  PID:8476
- C:\Windows\System\anoIICY.exe
  C:\Windows\System\anoIICY.exe
  2⤵
  PID:2080
- C:\Windows\System\HXCGKQE.exe
  C:\Windows\System\HXCGKQE.exe
  2⤵
  PID:14232
- C:\Windows\System\EXcdVig.exe
  C:\Windows\System\EXcdVig.exe
  2⤵
  PID:3472
- C:\Windows\System\ODpEiyZ.exe
  C:\Windows\System\ODpEiyZ.exe
  2⤵
  PID:7132
- C:\Windows\System\KjeBiyE.exe
  C:\Windows\System\KjeBiyE.exe
  2⤵
  PID:14260
- C:\Windows\System\AfhEuFJ.exe
  C:\Windows\System\AfhEuFJ.exe
  2⤵
  PID:7316
- C:\Windows\System\LwidOpm.exe
  C:\Windows\System\LwidOpm.exe
  2⤵
  PID:7180
- C:\Windows\System\bSmBKzY.exe
  C:\Windows\System\bSmBKzY.exe
  2⤵
  PID:7064
- C:\Windows\System\MiWmvPd.exe
  C:\Windows\System\MiWmvPd.exe
  2⤵
  PID:2232
- C:\Windows\System\SFywufT.exe
  C:\Windows\System\SFywufT.exe
  2⤵
  PID:14172
- C:\Windows\System\ebZbjae.exe
  C:\Windows\System\ebZbjae.exe
  2⤵
  PID:5468
- C:\Windows\System\TurkkTl.exe
  C:\Windows\System\TurkkTl.exe
  2⤵
  PID:8636
- C:\Windows\System\swMwPLC.exe
  C:\Windows\System\swMwPLC.exe
  2⤵
  PID:14288
- C:\Windows\System\oqJPIRx.exe
  C:\Windows\System\oqJPIRx.exe
  2⤵
  PID:5800
- C:\Windows\System\SyvtoEv.exe
  C:\Windows\System\SyvtoEv.exe
  2⤵
  PID:8644
- C:\Windows\System\PHOqHzO.exe
  C:\Windows\System\PHOqHzO.exe
  2⤵
  PID:7656
- C:\Windows\System\UsavNZl.exe
  C:\Windows\System\UsavNZl.exe
  2⤵
  PID:13540
- C:\Windows\System\fhDZdaL.exe
  C:\Windows\System\fhDZdaL.exe
  2⤵
  PID:4816
- C:\Windows\System\CerNOIC.exe
  C:\Windows\System\CerNOIC.exe
  2⤵
  PID:7348
- C:\Windows\System\GozgRbt.exe
  C:\Windows\System\GozgRbt.exe
  2⤵
  PID:13912
- C:\Windows\System\LVDAUlf.exe
  C:\Windows\System\LVDAUlf.exe
  2⤵
  PID:13496
- C:\Windows\System\kYsyGrs.exe
  C:\Windows\System\kYsyGrs.exe
  2⤵
  PID:8400
- C:\Windows\System\TywOGFS.exe
  C:\Windows\System\TywOGFS.exe
  2⤵
  PID:5204
- C:\Windows\System\IxJaLve.exe
  C:\Windows\System\IxJaLve.exe
  2⤵
  PID:8440
- C:\Windows\System\OiRFXCf.exe
  C:\Windows\System\OiRFXCf.exe
  2⤵
  PID:8456
- C:\Windows\System\MLqQIxN.exe
  C:\Windows\System\MLqQIxN.exe
  2⤵
  PID:8800
- C:\Windows\System\GxeRPYi.exe
  C:\Windows\System\GxeRPYi.exe
  2⤵
  PID:8852
- C:\Windows\System\VyFWNES.exe
  C:\Windows\System\VyFWNES.exe
  2⤵
  PID:8624
- C:\Windows\System\IzHVTZh.exe
  C:\Windows\System\IzHVTZh.exe
  2⤵
  PID:7988
- C:\Windows\System\TaoLcBN.exe
  C:\Windows\System\TaoLcBN.exe
  2⤵
  PID:8904
- C:\Windows\System\UeZvRoR.exe
  C:\Windows\System\UeZvRoR.exe
  2⤵
  PID:8560
- C:\Windows\System\CqAYiQd.exe
  C:\Windows\System\CqAYiQd.exe
  2⤵
  PID:7904
- C:\Windows\System\cJFyJrQ.exe
  C:\Windows\System\cJFyJrQ.exe
  2⤵
  PID:6912
- C:\Windows\System\ZOcghAB.exe
  C:\Windows\System\ZOcghAB.exe
  2⤵
  PID:8596
- C:\Windows\System\HwIdUNo.exe
  C:\Windows\System\HwIdUNo.exe
  2⤵
  PID:8616
- C:\Windows\System\otwbQhn.exe
  C:\Windows\System\otwbQhn.exe
  2⤵
  PID:6900
- C:\Windows\System\Zerahrv.exe
  C:\Windows\System\Zerahrv.exe
  2⤵
  PID:6460
- C:\Windows\System\OQWMOFj.exe
  C:\Windows\System\OQWMOFj.exe
  2⤵
  PID:8988
- C:\Windows\System\TtquQff.exe
  C:\Windows\System\TtquQff.exe
  2⤵
  PID:8672
- C:\Windows\System\GrtwMuc.exe
  C:\Windows\System\GrtwMuc.exe
  2⤵
  PID:6644
- C:\Windows\System\zQQuudM.exe
  C:\Windows\System\zQQuudM.exe
  2⤵
  PID:14264
- C:\Windows\System\CYFeoQT.exe
  C:\Windows\System\CYFeoQT.exe
  2⤵
  PID:4868
- C:\Windows\System\tlFvlNh.exe
  C:\Windows\System\tlFvlNh.exe
  2⤵
  PID:9020
- C:\Windows\System\uaMJJMf.exe
  C:\Windows\System\uaMJJMf.exe
  2⤵
  PID:7568
- C:\Windows\System\TJAgWcs.exe
  C:\Windows\System\TJAgWcs.exe
  2⤵
  PID:13976
- C:\Windows\System\TOKWYJu.exe
  C:\Windows\System\TOKWYJu.exe
  2⤵
  PID:8532
- C:\Windows\System\XdksXBs.exe
  C:\Windows\System\XdksXBs.exe
  2⤵
  PID:1012
- C:\Windows\System\mdkaCOH.exe
  C:\Windows\System\mdkaCOH.exe
  2⤵
  PID:8468
- C:\Windows\System\uyoigEu.exe
  C:\Windows\System\uyoigEu.exe
  2⤵
  PID:14032
- C:\Windows\System\tnHdqgd.exe
  C:\Windows\System\tnHdqgd.exe
  2⤵
  PID:5276
- C:\Windows\System\PtoEOmm.exe
  C:\Windows\System\PtoEOmm.exe
  2⤵
  PID:8784
- C:\Windows\System\JPvGFbA.exe
  C:\Windows\System\JPvGFbA.exe
  2⤵
  PID:8576
- C:\Windows\System\VxHZGXU.exe
  C:\Windows\System\VxHZGXU.exe
  2⤵
  PID:14156
- C:\Windows\System\bSySORO.exe
  C:\Windows\System\bSySORO.exe
  2⤵
  PID:7424
- C:\Windows\System\xAByDBs.exe
  C:\Windows\System\xAByDBs.exe
  2⤵
  PID:14196
- C:\Windows\System\lzBPNcU.exe
  C:\Windows\System\lzBPNcU.exe
  2⤵
  PID:6044
- C:\Windows\System\JyAtFnw.exe
  C:\Windows\System\JyAtFnw.exe
  2⤵
  PID:9092
- C:\Windows\System\oDhyUBq.exe
  C:\Windows\System\oDhyUBq.exe
  2⤵
  PID:1392
- C:\Windows\System\SDGitMu.exe
  C:\Windows\System\SDGitMu.exe
  2⤵
  PID:8864
- C:\Windows\System\rURzuIj.exe
  C:\Windows\System\rURzuIj.exe
  2⤵
  PID:8592
- C:\Windows\System\SNAijUA.exe
  C:\Windows\System\SNAijUA.exe
  2⤵
  PID:8840
- C:\Windows\System\ZBiFhPw.exe
  C:\Windows\System\ZBiFhPw.exe
  2⤵
  PID:8832
- C:\Windows\System\DhpVReo.exe
  C:\Windows\System\DhpVReo.exe
  2⤵
  PID:8956
- C:\Windows\System\kIMjLUs.exe
  C:\Windows\System\kIMjLUs.exe
  2⤵
  PID:8960
- C:\Windows\System\HMltbcL.exe
  C:\Windows\System\HMltbcL.exe
  2⤵
  PID:8684
- C:\Windows\System\WIMRviY.exe
  C:\Windows\System\WIMRviY.exe
  2⤵
  PID:9004
- C:\Windows\System\NRcefCs.exe
  C:\Windows\System\NRcefCs.exe
  2⤵
  PID:6028
- C:\Windows\System\HGQVYxQ.exe
  C:\Windows\System\HGQVYxQ.exe
  2⤵
  PID:13440
- C:\Windows\System\kMjteME.exe
  C:\Windows\System\kMjteME.exe
  2⤵
  PID:8460
- C:\Windows\System\StngITB.exe
  C:\Windows\System\StngITB.exe
  2⤵
  PID:6248
- C:\Windows\System\cuQoWti.exe
  C:\Windows\System\cuQoWti.exe
  2⤵
  PID:1568
- C:\Windows\System\XLLnTKV.exe
  C:\Windows\System\XLLnTKV.exe
  2⤵
  PID:13632
- C:\Windows\System\AsxgMnD.exe
  C:\Windows\System\AsxgMnD.exe
  2⤵
  PID:8940
- C:\Windows\System\tcXqJOf.exe
  C:\Windows\System\tcXqJOf.exe
  2⤵
  PID:6716
- C:\Windows\System\pSzrqFt.exe
  C:\Windows\System\pSzrqFt.exe
  2⤵
  PID:7108
- C:\Windows\System\TbgbfEd.exe
  C:\Windows\System\TbgbfEd.exe
  2⤵
  PID:7408
- C:\Windows\System\gBQnYWC.exe
  C:\Windows\System\gBQnYWC.exe
  2⤵
  PID:3512
- C:\Windows\System\nrZDdaS.exe
  C:\Windows\System\nrZDdaS.exe
  2⤵
  PID:6656
- C:\Windows\System\EsHXTEi.exe
  C:\Windows\System\EsHXTEi.exe
  2⤵
  PID:14044
- C:\Windows\System\nfvqNHo.exe
  C:\Windows\System\nfvqNHo.exe
  2⤵
  PID:8700
- C:\Windows\System\mDGZXjY.exe
  C:\Windows\System\mDGZXjY.exe
  2⤵
  PID:8364
- C:\Windows\System\gzsSxdL.exe
  C:\Windows\System\gzsSxdL.exe
  2⤵
  PID:13856
- C:\Windows\System\sDCRjwR.exe
  C:\Windows\System\sDCRjwR.exe
  2⤵
  PID:9056
- C:\Windows\System\FEliwEz.exe
  C:\Windows\System\FEliwEz.exe
  2⤵
  PID:9064
- C:\Windows\System\zJrHzAi.exe
  C:\Windows\System\zJrHzAi.exe
  2⤵
  PID:8768
- C:\Windows\System\TZNkWqy.exe
  C:\Windows\System\TZNkWqy.exe
  2⤵
  PID:8812
- C:\Windows\System\VgWAfTH.exe
  C:\Windows\System\VgWAfTH.exe
  2⤵
  PID:8412
- C:\Windows\System\yGRMztU.exe
  C:\Windows\System\yGRMztU.exe
  2⤵
  PID:8724
- C:\Windows\System\RGtJQDe.exe
  C:\Windows\System\RGtJQDe.exe
  2⤵
  PID:9652
- C:\Windows\System\pnhTVjM.exe
  C:\Windows\System\pnhTVjM.exe
  2⤵
  PID:7640
- C:\Windows\System\KSCEfvT.exe
  C:\Windows\System\KSCEfvT.exe
  2⤵
  PID:8608
- C:\Windows\System\fopfDVK.exe
  C:\Windows\System\fopfDVK.exe
  2⤵
  PID:7968
- C:\Windows\System\XxTEfHF.exe
  C:\Windows\System\XxTEfHF.exe
  2⤵
  PID:9288
- C:\Windows\System\JYRplGQ.exe
  C:\Windows\System\JYRplGQ.exe
  2⤵
  PID:6988
- C:\Windows\System\xGBBsxQ.exe
  C:\Windows\System\xGBBsxQ.exe
  2⤵
  PID:2656
- C:\Windows\System\CrXRpMY.exe
  C:\Windows\System\CrXRpMY.exe
  2⤵
  PID:8836
- C:\Windows\System\TgnYXTw.exe
  C:\Windows\System\TgnYXTw.exe
  2⤵
  PID:9244
- C:\Windows\System\WIPBpMn.exe
  C:\Windows\System\WIPBpMn.exe
  2⤵
  PID:6216
- C:\Windows\System\hiPWxdk.exe
  C:\Windows\System\hiPWxdk.exe
  2⤵
  PID:7724
- C:\Windows\System\enyMAbO.exe
  C:\Windows\System\enyMAbO.exe
  2⤵
  PID:8180
- C:\Windows\System\Mgkvgpw.exe
  C:\Windows\System\Mgkvgpw.exe
  2⤵
  PID:9052
- C:\Windows\System\kRrHVmW.exe
  C:\Windows\System\kRrHVmW.exe
  2⤵
  PID:7600
- C:\Windows\System\XUErHZP.exe
  C:\Windows\System\XUErHZP.exe
  2⤵
  PID:14136
- C:\Windows\System\KCXBYMQ.exe
  C:\Windows\System\KCXBYMQ.exe
  2⤵
  PID:8820
- C:\Windows\System\UlGPJJy.exe
  C:\Windows\System\UlGPJJy.exe
  2⤵
  PID:14292
- C:\Windows\System\lGEEdXy.exe
  C:\Windows\System\lGEEdXy.exe
  2⤵
  PID:14056
- C:\Windows\System\aXJXhmj.exe
  C:\Windows\System\aXJXhmj.exe
  2⤵
  PID:2796
- C:\Windows\System\ggeVODV.exe
  C:\Windows\System\ggeVODV.exe
  2⤵
  PID:7816
- C:\Windows\System\jtuxwyj.exe
  C:\Windows\System\jtuxwyj.exe
  2⤵
  PID:8544
- C:\Windows\System\nKyPTod.exe
  C:\Windows\System\nKyPTod.exe
  2⤵
  PID:8124
- C:\Windows\System\ZujafNu.exe
  C:\Windows\System\ZujafNu.exe
  2⤵
  PID:9372
- C:\Windows\System\TVWagjK.exe
  C:\Windows\System\TVWagjK.exe
  2⤵
  PID:7744
- C:\Windows\System\XiNXRgj.exe
  C:\Windows\System\XiNXRgj.exe
  2⤵
  PID:4452
- C:\Windows\System\sGJjpsn.exe
  C:\Windows\System\sGJjpsn.exe
  2⤵
  PID:8884
- C:\Windows\System\GumRpfT.exe
  C:\Windows\System\GumRpfT.exe
  2⤵
  PID:6984
- C:\Windows\System\MKIYaRC.exe
  C:\Windows\System\MKIYaRC.exe
  2⤵
  PID:6888
- C:\Windows\System\OeTOLbR.exe
  C:\Windows\System\OeTOLbR.exe
  2⤵
  PID:8952
- C:\Windows\System\lolXVSk.exe
  C:\Windows\System\lolXVSk.exe
  2⤵
  PID:13568
- C:\Windows\System\BvEWDZH.exe
  C:\Windows\System\BvEWDZH.exe
  2⤵
  PID:8760
- C:\Windows\System\juXYphF.exe
  C:\Windows\System\juXYphF.exe
  2⤵
  PID:9196
- C:\Windows\System\FqXFsYW.exe
  C:\Windows\System\FqXFsYW.exe
  2⤵
  PID:8912
- C:\Windows\System\FuDACug.exe
  C:\Windows\System\FuDACug.exe
  2⤵
  PID:6416
- C:\Windows\System\JDsrZWC.exe
  C:\Windows\System\JDsrZWC.exe
  2⤵
  PID:9248
- C:\Windows\System\DTmlPXJ.exe
  C:\Windows\System\DTmlPXJ.exe
  2⤵
  PID:8764
- C:\Windows\System\IBSQIdz.exe
  C:\Windows\System\IBSQIdz.exe
  2⤵
  PID:7776
- C:\Windows\System\UDjAhhI.exe
  C:\Windows\System\UDjAhhI.exe
  2⤵
  PID:13576
- C:\Windows\System\FkJeZPH.exe
  C:\Windows\System\FkJeZPH.exe
  2⤵
  PID:8376
- C:\Windows\System\RJDBIMg.exe
  C:\Windows\System\RJDBIMg.exe
  2⤵
  PID:6764
- C:\Windows\System\UkDlhet.exe
  C:\Windows\System\UkDlhet.exe
  2⤵
  PID:9864
- C:\Windows\System\JqHkqgo.exe
  C:\Windows\System\JqHkqgo.exe
  2⤵
  PID:8968
- C:\Windows\System\gnfYPvd.exe
  C:\Windows\System\gnfYPvd.exe
  2⤵
  PID:6072
- C:\Windows\System\msWuIoS.exe
  C:\Windows\System\msWuIoS.exe
  2⤵
  PID:13992
- C:\Windows\System\FmQCQwC.exe
  C:\Windows\System\FmQCQwC.exe
  2⤵
  PID:14096
- C:\Windows\System\vQipHHj.exe
  C:\Windows\System\vQipHHj.exe
  2⤵
  PID:8408
- C:\Windows\System\CvbrxUw.exe
  C:\Windows\System\CvbrxUw.exe
  2⤵
  PID:8908
- C:\Windows\System\yDTqcLL.exe
  C:\Windows\System\yDTqcLL.exe
  2⤵
  PID:7804
- C:\Windows\System\psKgsPF.exe
  C:\Windows\System\psKgsPF.exe
  2⤵
  PID:8036
- C:\Windows\System\UOhEXIG.exe
  C:\Windows\System\UOhEXIG.exe
  2⤵
  PID:8944
- C:\Windows\System\SqVNehF.exe
  C:\Windows\System\SqVNehF.exe
  2⤵
  PID:3680
- C:\Windows\System\jFWggJN.exe
  C:\Windows\System\jFWggJN.exe
  2⤵
  PID:9036
- C:\Windows\System\rbUeqzL.exe
  C:\Windows\System\rbUeqzL.exe
  2⤵
  PID:8236
- C:\Windows\System\oIQxiGK.exe
  C:\Windows\System\oIQxiGK.exe
  2⤵
  PID:7404
- C:\Windows\System\zQdtwQc.exe
  C:\Windows\System\zQdtwQc.exe
  2⤵
  PID:8420
- C:\Windows\System\qTQTdNs.exe
  C:\Windows\System\qTQTdNs.exe
  2⤵
  PID:8464
- C:\Windows\System\iAMznWS.exe
  C:\Windows\System\iAMznWS.exe
  2⤵
  PID:9596
- C:\Windows\System\aWrGHzS.exe
  C:\Windows\System\aWrGHzS.exe
  2⤵
  PID:8732
- C:\Windows\System\FggToza.exe
  C:\Windows\System\FggToza.exe
  2⤵
  PID:8292
- C:\Windows\System\ESxYTOs.exe
  C:\Windows\System\ESxYTOs.exe
  2⤵
  PID:8372
- C:\Windows\System\daTUGxo.exe
  C:\Windows\System\daTUGxo.exe
  2⤵
  PID:8652
- C:\Windows\System\sNhkNLf.exe
  C:\Windows\System\sNhkNLf.exe
  2⤵
  PID:9348
- C:\Windows\System\XpHnGYz.exe
  C:\Windows\System\XpHnGYz.exe
  2⤵
  PID:7156
- C:\Windows\System\oTCAbwT.exe
  C:\Windows\System\oTCAbwT.exe
  2⤵
  PID:8984
- C:\Windows\System\aFuVgYk.exe
  C:\Windows\System\aFuVgYk.exe
  2⤵
  PID:9012
- C:\Windows\System\ZtCVxYt.exe
  C:\Windows\System\ZtCVxYt.exe
  2⤵
  PID:8680
- C:\Windows\System\AsCAUUO.exe
  C:\Windows\System\AsCAUUO.exe
  2⤵
  PID:9844
- C:\Windows\System\qdnmKqt.exe
  C:\Windows\System\qdnmKqt.exe
  2⤵
  PID:7736
- C:\Windows\System\VezwkDz.exe
  C:\Windows\System\VezwkDz.exe
  2⤵
  PID:13716
- C:\Windows\System\OWVnTat.exe
  C:\Windows\System\OWVnTat.exe
  2⤵
  PID:9464
- C:\Windows\System\HMkZMRC.exe
  C:\Windows\System\HMkZMRC.exe
  2⤵
  PID:14148
- C:\Windows\System\kNprsKe.exe
  C:\Windows\System\kNprsKe.exe
  2⤵
  PID:8648
- C:\Windows\System\fMiWEAV.exe
  C:\Windows\System\fMiWEAV.exe
  2⤵
  PID:9700
- C:\Windows\System\rnzxrlZ.exe
  C:\Windows\System\rnzxrlZ.exe
  2⤵
  PID:8668
- C:\Windows\System\eoapLnf.exe
  C:\Windows\System\eoapLnf.exe
  2⤵
  PID:10120
- C:\Windows\System\FMaIeac.exe
  C:\Windows\System\FMaIeac.exe
  2⤵
  PID:9496
- C:\Windows\System\GaxtYWa.exe
  C:\Windows\System\GaxtYWa.exe
  2⤵
  PID:8368
- C:\Windows\System\UqfTEmD.exe
  C:\Windows\System\UqfTEmD.exe
  2⤵
  PID:10600
- C:\Windows\System\bCEfhrA.exe
  C:\Windows\System\bCEfhrA.exe
  2⤵
  PID:10648
- C:\Windows\System\wEGiWIu.exe
  C:\Windows\System\wEGiWIu.exe
  2⤵
  PID:9608
- C:\Windows\System\Bdivmdz.exe
  C:\Windows\System\Bdivmdz.exe
  2⤵
  PID:6756
- C:\Windows\System\hfllUOt.exe
  C:\Windows\System\hfllUOt.exe
  2⤵
  PID:7876
- C:\Windows\System\XdgnJJf.exe
  C:\Windows\System\XdgnJJf.exe
  2⤵
  PID:10136
- C:\Windows\System\TLhcveP.exe
  C:\Windows\System\TLhcveP.exe
  2⤵
  PID:10056
- C:\Windows\System\GZMPjmL.exe
  C:\Windows\System\GZMPjmL.exe
  2⤵
  PID:6296
- C:\Windows\System\lEBlTFx.exe
  C:\Windows\System\lEBlTFx.exe
  2⤵
  PID:6376
- C:\Windows\System\cpozeNT.exe
  C:\Windows\System\cpozeNT.exe
  2⤵
  PID:12476
- C:\Windows\System\TafUhWn.exe
  C:\Windows\System\TafUhWn.exe
  2⤵
  PID:9704
- C:\Windows\System\QRouNoH.exe
  C:\Windows\System\QRouNoH.exe
  2⤵
  PID:8528
- C:\Windows\System\cTgVeFx.exe
  C:\Windows\System\cTgVeFx.exe
  2⤵
  PID:14068
- C:\Windows\System\ggAzNHw.exe
  C:\Windows\System\ggAzNHw.exe
  2⤵
  PID:9560
- C:\Windows\System\XEKBezX.exe
  C:\Windows\System\XEKBezX.exe
  2⤵
  PID:10164
- C:\Windows\System\WOSTpOz.exe
  C:\Windows\System\WOSTpOz.exe
  2⤵
  PID:7780
- C:\Windows\System\mjfdamf.exe
  C:\Windows\System\mjfdamf.exe
  2⤵
  PID:8620
- C:\Windows\System\dRSilZp.exe
  C:\Windows\System\dRSilZp.exe
  2⤵
  PID:7444
- C:\Windows\System\slVaGMn.exe
  C:\Windows\System\slVaGMn.exe
  2⤵
  PID:9756
- C:\Windows\System\iALMYJg.exe
  C:\Windows\System\iALMYJg.exe
  2⤵
  PID:9456
- C:\Windows\System\SHSCTgd.exe
  C:\Windows\System\SHSCTgd.exe
  2⤵
  PID:9612
- C:\Windows\System\ybROnlE.exe
  C:\Windows\System\ybROnlE.exe
  2⤵
  PID:9716
- C:\Windows\System\AYYuWaq.exe
  C:\Windows\System\AYYuWaq.exe
  2⤵
  PID:9724
- C:\Windows\System\etkKdUc.exe
  C:\Windows\System\etkKdUc.exe
  2⤵
  PID:7888
- C:\Windows\System\mtbPBVK.exe
  C:\Windows\System\mtbPBVK.exe
  2⤵
  PID:9500
- C:\Windows\System\DKuabce.exe
  C:\Windows\System\DKuabce.exe
  2⤵
  PID:10288
- C:\Windows\System\wPpcunS.exe
  C:\Windows\System\wPpcunS.exe
  2⤵
  PID:7256
- C:\Windows\System\OKcUdEI.exe
  C:\Windows\System\OKcUdEI.exe
  2⤵
  PID:6532
- C:\Windows\System\paYFEKv.exe
  C:\Windows\System\paYFEKv.exe
  2⤵
  PID:8444
- C:\Windows\System\eKmvbud.exe
  C:\Windows\System\eKmvbud.exe
  2⤵
  PID:10592
- C:\Windows\System\sUNakfk.exe
  C:\Windows\System\sUNakfk.exe
  2⤵
  PID:9576
- C:\Windows\System\YjghVCR.exe
  C:\Windows\System\YjghVCR.exe
  2⤵
  PID:9740
- C:\Windows\System\ejQwHGK.exe
  C:\Windows\System\ejQwHGK.exe
  2⤵
  PID:7344
- C:\Windows\System\xqgcaES.exe
  C:\Windows\System\xqgcaES.exe
  2⤵
  PID:7216
- C:\Windows\System\nsHOiTQ.exe
  C:\Windows\System\nsHOiTQ.exe
  2⤵
  PID:11008
- C:\Windows\System\PbxwKnS.exe
  C:\Windows\System\PbxwKnS.exe
  2⤵
  PID:7068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_id5a4uoe.ypy.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\DGEmSMg.exe

Filesize
1.6MB

MD5
cc98e27052b8c5897c489d4822f06953

SHA1
494f8edb186552871dad3b881058ef3424d0eaad

SHA256
60e6e0111ad03a0b767ba6c3d68ff8d988f90205f95d04021026335ed57b9d66

SHA512
9b6d4b731dd14f0d3623a2ab1b1543d0fcfe587d13d69ab04a6f9c02d3cb0d0984409acdb6b1b43b32520dac7adca588514e4f031ab8762e17b46295acbb0024

Download Submit
C:\Windows\System\DjwShaF.exe

Filesize
1.6MB

MD5
e29346d14e70eccc5e5fa59ae167a731

SHA1
6440e0e2e12375ccc191162f3aa3a16d95954fcd

SHA256
0e2416309346b3f9b0b38c0cf210307030524f8bb83146741094a1dfbac08f75

SHA512
015c2e5a14aa239c92af9e0ace90994233aba4d76445b8608c326bfe1d20eb9819649204d34804fcf6c05cf8df465e8c34bd34a41f756f99a93ebdf827cb58a2

Download Submit
C:\Windows\System\EuUbMbe.exe

Filesize
1.7MB

MD5
4b677c38084e2450caed41811830df96

SHA1
e6c6e1116dac3b10d7fd83bb23f943ef08229dc5

SHA256
7357bc920d2e3a22945641e5ea18144dd9174d5304fcfad5eeab2b2ba185a644

SHA512
17a45107b586dcba9bf98341566f8c44d0389afac979844574bdc761bc232c419e4d695543157b8729a5c05b143b21570e71d8c6bf1447d0179205c3bf58b611

Download Submit
C:\Windows\System\FKySdqm.exe

Filesize
1.6MB

MD5
aac6895f3c48368e567a03b48cd0a20b

SHA1
1530b7b88ab7f23cf7463c500d5a94859a79b078

SHA256
666f692db26cb10090a79d2237076ccc7c7732cba6f8f5a50deb8cf49473d50a

SHA512
d1ad2b344d1e1ccdb0aa7cf2bad889978ca1f08eca8a95617ca01b67cce721d7366dabd865db666e19d87f20788e5034094b0a0c9ab765a18bb477a395e6d51d

Download Submit
C:\Windows\System\GrhGqfT.exe

Filesize
1.6MB

MD5
6dab457caa8a658025d095a7ed643885

SHA1
06fc3fd9b37c0ddf37422a37492383f400499c41

SHA256
67b291df8cc84792d3838cb350e21562e2150434925d7529e5b86faaff398ce8

SHA512
628afbfce02b6f67d82b6fa6e7eaac378795c6e4017db175a256fb842ecc9526d55ace0108f378dce31c3a4fd0c7d5c58608ac031df2fb50bc66fdef9ed58d3e

Download Submit
C:\Windows\System\HNBDQGy.exe

Filesize
1.6MB

MD5
d9e41b7d93de1d3e92e1a0ec6a6e306f

SHA1
642e9b66c21e21885b3fefaef390faf1484a5aa4

SHA256
5b33abbe533aa1b2b465a59a22c069e96a256b471a1e417b6c06837aad6e44fe

SHA512
89b784b38b6e2424512501307ece5b8800c6b9f46b1d1223093118d8470c7e69f48ed1d0f6cff96061c104a473821b7057c33195d4d7ef30762ef03b2536fddc

Download Submit
C:\Windows\System\KXFcdda.exe

Filesize
1.6MB

MD5
3d82f155a03ad3eda5186baadc098246

SHA1
c11dfc42ad589b0863d92e3d9301c465635dd4b8

SHA256
26e56efa39a6668eaf01f845b12e06cb9a0bc9d937f1162e380b1510ee427548

SHA512
b745d94d08c5110c57bd4212dea993297009dbf5724ab02d6f5fd786911a13f3ca9631ee66e9094f06d91fdb432b98e540634d5c5e1e6bbd364280f87f9d0c4a

Download Submit
C:\Windows\System\MagzukG.exe

Filesize
1.6MB

MD5
aa309be36ead437d835b47eea3e659c4

SHA1
76775703beaa675995604822e6839cb5cf5b2fab

SHA256
6c90523efb160e7e2018854f5f7773de4491b481493552939a6c63320929e39b

SHA512
de85ad226e869e97d6d998437d0ead62fa833fd3008c4f467cc18ca7586c33f25f68c172d5336c0ec9ffb9ddda55ad0e8027497b4f2f49e60bb144c490bc7937

Download Submit
C:\Windows\System\NXsCNaX.exe

Filesize
1.6MB

MD5
ce03a414e54fe6a6d2352d9772e096f7

SHA1
86fa104174593af4d9021f9f6ec6041a7cd6c0e8

SHA256
b853ff262e4411e5bc289b3c2edd482721101967f555aad6299e6bee4ccae541

SHA512
c203603187738e27170a317c60b1fb3c381c25681ca969233d9be0b10a4406dd1b67bd59cbdce4bb6aba1fbb17d6447ab8a20bac23eaed0b8edb624ec29c6253

Download Submit
C:\Windows\System\PMvHedy.exe

Filesize
1.6MB

MD5
954123b961a689d2707fbce6009bf24b

SHA1
818356512b0867ab2b8a8d6aeda630e38d20ef23

SHA256
f8a6222aa93a6c7d4e8309026deceaa82c9fed36e091b34e92523f6bb3465f0c

SHA512
e5d8fd54feaac1c59106b4d702bd1d36cbbefd2273c435c77e6e66ce5b77b6ceebe994889d8bb7eec9ede1ad52d3bf9ef66e0c49e8139c70191e97822231e4e2

Download Submit
C:\Windows\System\PktiROt.exe

Filesize
1.6MB

MD5
9933083b952a73cdb42e94feaa8719bb

SHA1
c1ed0873f6bebbd7b16d863238487dd1b6dbfb9c

SHA256
9f056a84110a6e6e3c06884619121f8a21261b5d58416835d0f4d99666782d62

SHA512
234bf0ec6e1a8a828139218b9ec95f8f14d518eabc35b599f85ff26074c04fac5b4c4930ec9aaac4dc7039261e7a916c44ce15089cbfcdbfec115edd34fa6d47

Download Submit
C:\Windows\System\PpjnXSg.exe

Filesize
1.6MB

MD5
0c8ec99f3adfc98adb51b38581247893

SHA1
6650c4e15c1ac03c5c427f2f85b27e21f7b8f6d0

SHA256
4eb6110f66dca6e7b17a94015fbf662ec475296c1773805cb1d5d4fcb83815fe

SHA512
a3576e2102ac1f45bd86fef87a8eae8453a7598e084f4907dfb2c4b919b5d9c7c627082c0ede3712bc281301a901775d178c8879b8d18b918f2bbf95c908bb63

Download Submit
C:\Windows\System\QMKVcDd.exe

Filesize
1.6MB

MD5
18edf0865276fb7a875696ce7f479265

SHA1
ea129f59745c9fd5d18e05cfb2c2ee2efb6b40f0

SHA256
25b9c5f4a473fe533cc029178425530854677b3a1fc877dc9633363e4fe8475d

SHA512
dc53e4d3aa7eb4188e9b409662de9c1a0a9d066a022333471bee21bca298c4f97260af90587b70a904637b8de83874fd8117dbd35a056c8a675c7f9052a85383

Download Submit
C:\Windows\System\RgYxScx.exe

Filesize
1.6MB

MD5
f44996ef0d1fa30e06af9c17be148ce3

SHA1
9e5496c6be4adf61c0cf3766719fbc6cdfd61084

SHA256
763bdf45418a3d6f8c1cf960ee9084bbe76a4fa2f9df044883fc57a9480e93be

SHA512
c1484403731451a4db696757207128c20a57d71122731b0ed6ade0fb1e46597ce439a4a55a9af5b34de6aa8f72874194280294a58ff1d3462370b7801fe491b6

Download Submit
C:\Windows\System\RlnKKqL.exe

Filesize
1.6MB

MD5
d2d3e1694d86c2a2324f984b35a6d635

SHA1
e09f419c37e558dbe69b94ce799cb9b859f02e2a

SHA256
9dd452570f1cc752d20772f7da7a0dfe5d16ea37ab2182682bee7bd3e1f5ea18

SHA512
3d28c06f78e07e39f40a4b1d2e109d5835dc207155b95060e3fcd480f9e74dc13f186ec4c62e1ebc052473badc1328b1da8f52873b02c7fab09f6f456d5a5e97

Download Submit
C:\Windows\System\WKSqGIk.exe

Filesize
1.7MB

MD5
5afda77b4b078272948f7e1b99ff5617

SHA1
298022aa1558bf575b763ae8321bc85243b74c69

SHA256
7eeb8fd15ce268003ffeb735a51b05bdf865cf117f9b9c5d72a6b2cfce8b03cc

SHA512
f989f2e1710033000ad3c64e92e0f2a270add30af3bd6439f7a1eeb95611b12d5ab039fbe8c89e1e308a830a18b228a997125d07f889f25f5e04e3b3983a0bad

Download Submit
C:\Windows\System\WunnBSc.exe

Filesize
1.6MB

MD5
2e05b9f207154d44e596d561c2997cd7

SHA1
8d288c16f32671b77b5e7b63ea150a7f31708dfe

SHA256
09f3e68deb7ae3369c90f42a98df3d94ae5c29f3aa3b7c0a8f3b62db458e52fd

SHA512
37aa25eb944434aef294072ec9e361437401a301b4d9b4c88441c84910e291c25183d952fdced7d8fa96439a3e86079c61b2e491356afdd8e75f2d73f68a1d6f

Download Submit
C:\Windows\System\ZCsbhvH.exe

Filesize
1.6MB

MD5
2812f2e87b2b29ac79363d2d89a82b3e

SHA1
dbf6c1e13e4e8905c8c636d305c1575876c3b6dd

SHA256
bf12f1e5327dbd95f9b1065a73edda8a2d08e515ebdf6ff8dcb2788df45f6f74

SHA512
1d02360d61f5e77a8db5eea94cf327a2517b6b104cc32b4541e7877cca9d08f1e231845cab13c9ffdf37ab062166eb427505ad4eed5ea8e5fc5733ae4e1abbc1

Download Submit
C:\Windows\System\ZMGPXiZ.exe

Filesize
1.6MB

MD5
ed0f3a43b53508aeec24d897caf842f5

SHA1
46b01c9632e3ae049eb7325e5c9419a1fd049abc

SHA256
6197b4e46255eae1e1044d95840cb7b92faa8056b5b27320328321ae895998f7

SHA512
87bdf4f733c250059046459a1b309cab3427c92d888e53d45fd37547c733ce60b94bc8cb0021cc2fa363b6cbf1e6ae446a528d5c6e1775f77cf54fe0d7a96c01

Download Submit
C:\Windows\System\aiPXJoR.exe

Filesize
1.7MB

MD5
8e8d72a1ae38c4f7b020dc238ae61e7c

SHA1
2d7eb5e5333bc768a1f34b799422db1d34fdb55d

SHA256
aa132de5decdc37ea4b244877ec1906fbf6e57705594cbb875b170c7b8d52712

SHA512
1ef9ceff4a0a71c9fdffae03d1d7b1b35fa74d2f5c5d91049d8b2cf0be06b73db68f5748d42722929cfb30fe34d5487b1aeb3719202a8b7ee39873e466753e58

Download Submit
C:\Windows\System\cQQswEz.exe

Filesize
1.6MB

MD5
824f368e19001b5c801f0a66e3576be4

SHA1
f0e4f7982704176ff216b5ea43a8b9a59a0e325d

SHA256
7abed72db1719ec27a26a6ad54dce60c65e1dc65d1053d11e02e4bb42af897cb

SHA512
90f8b1b32222402fad85af1fdaee1110e1ebe375aae4656bf1cf8e95d4f9e1f50d065ba210ad7dd85aed839fa181fed4ac2db8588317d2207cb5acc37bffb988

Download Submit
C:\Windows\System\cSWNzXv.exe

Filesize
1.6MB

MD5
83692fa5b79627bb419547d38e3076be

SHA1
d03a4f64a218d2b1d0893d5d804a2922d1303fa9

SHA256
bd11fb72a9427021fd46cf361b1e7ebb9fbd8812c6f94f19b0c89c8394e4086e

SHA512
fe56944694ecc519f0e0479a94ea9e0191f801b373411e9ae287d1f3c3e5a937bb3f8305875eb3e047d292b33386c931e3d0a4942880451a0eaceb8d9b32fc5d

Download Submit
C:\Windows\System\eUqnpKd.exe

Filesize
1.7MB

MD5
784c12fd364377ae14b468ff88c0b4f4

SHA1
f2324dc7b806224a5447c613981837465ca714db

SHA256
ee7b9f1e56482eb5b3f7a27356b5db24d87958f54f4a051fcdc32c94f0d0e44b

SHA512
a24736ef330337ae7b514d0e5da5d64aed9c4e3d1bd99837afae0909555956bb263d4ed6eff7a193eda5d34b726bf97f9acada6ab07138c4bfe3fd9a60b3e9ef

Download Submit
C:\Windows\System\jWjkMdu.exe

Filesize
1.6MB

MD5
c5de6528c253f3a7e2c98a213c29d9a2

SHA1
fa5c9a6bd2397384893ff0acafbd3dc8cd172a25

SHA256
d5895f8b68dfa5cef63de034a1e38421d09024104934f198c01b2d4829a0e57c

SHA512
99cb0cde420ce82a9d2033d3ab4c35b0b0a8653b49f9ea406b04fd86fcb9a19c3f18c53743f44a73ea6f3964fb4437b4bb5563e1e598830ede9f430047d781c4

Download Submit
C:\Windows\System\kRcRqDk.exe

Filesize
1.7MB

MD5
95eb62e7336c0564f169bdb18b8ec5f1

SHA1
fb58bef6b0a17927428584858538831786f8ab36

SHA256
2ca88a7717a5efd2be9ce6d2c453929df855d5fac2b0092ea74b561600514470

SHA512
8803077aa9c0c5abaf54cf1d6b8dc06494eb30930f6cf2175d1d6434e5ee136492bc250e8c470b80cbdda5375d558c5f81196596679ed5d4c97d4163b5369e20

Download Submit
C:\Windows\System\lQmFXwE.exe

Filesize
1.6MB

MD5
fe7cebd378f54683a07bedb3d04953f2

SHA1
6578fded2d6c54447c9ab70e012eb13c8c230e31

SHA256
e9e37ee0b35070336fedc9c88e96c2b25def68a146972ab7512045b8bf68275e

SHA512
7e573bc350811765c0f54344bdc6c1b4e757bc78b4ec7d62177a5d54afb288062c0abc79654a3248d5f5f6f0f0c8b3d5bbc71284c19b50045d716ffa579ffebf

Download Submit
C:\Windows\System\mTOiBre.exe

Filesize
1.6MB

MD5
6c21dd7a274e37dac310f23fec7f3ff0

SHA1
d40c35012d4230b56a1413d4c8281d4b92901fca

SHA256
b0c2ec220dea0670a7ab0140b591bbdd5fb860898ef5c43993c35c6c13e12f2a

SHA512
64a4f2c204a1c3390c8210a4108e677cc674f196f38162433e8fe4db2f23db645508f6de54b9d51721f07ddd2244aac0cf53432d793b8eb11a9a6c913b60a518

Download Submit
C:\Windows\System\npoqOBb.exe

Filesize
1.6MB

MD5
da13ff7c7a532f21e2567978c3686fbf

SHA1
783c9d30400716ab1be98b3afacedebadd668adf

SHA256
625f0606777afd16b72dcfb0b4886d1f70e562253c8d51b73fbd0a793771e7c5

SHA512
2283ea26944136a6d6256b0d8f4870c0b5f1cba51531c72c058c069bf71887fa374cc92107e2c521188ef6d7904eab6e6e1f8fd3917a34e3e914a38c08295a24

Download Submit
C:\Windows\System\qIwdTEH.exe

Filesize
1.6MB

MD5
e939976f5074640103665ef425732420

SHA1
ec0af4fe8dae261681a5bf582a56b70b47b1c70d

SHA256
8075268edc78d97d1adde03c7b8ee71e299e109cd55335d1ec950ae4beafb868

SHA512
9922cb4f74568a960eceed2d0b0e3685696f5b1d306b8d20f06ecae5134f829d52a335989b29a6c6de388286bbc87a62b242d9ece25894dff73621eb0437ffaf

Download Submit
C:\Windows\System\qycXdWg.exe

Filesize
1.6MB

MD5
3e0033949a72845e1e1348ecfa4703de

SHA1
ee9056d614a604fa70edcaff2c4cb9d8660308e2

SHA256
fde05a2ea46175497e4f95263ad068f1a11dd07a1ac0e1731f39df3a7ad2909d

SHA512
422755461213b40db8bdd12a92620db96642df78797efedb9767e0f19a06ec7fd4e0a7ad98c0176140b37fdd5c4511cab7002f5d3b9d6e6b1540cde058eda52a

Download Submit
C:\Windows\System\sNcjObQ.exe

Filesize
1.6MB

MD5
a59bc1c3c6a22d10165c9d77d2f572f4

SHA1
9a0f9d564dff085428972d40302a74442d36cfd3

SHA256
a91970680848aa4ee602e6aa6be927fef4edf029b977430d81a6ea62ad147178

SHA512
e60446769f9357bf3a58d2a58ac8de9ec51e4e22c668701c7662da520392c1be31b32774b78b6d46eb2e4399e2008d9bbb29b4a31cf0420c5c944215f51df7e0

Download Submit
C:\Windows\System\ssXNzwZ.exe

Filesize
1.6MB

MD5
f23047498e94e7db17e7368fcf5a6046

SHA1
002e1d4586aeefb7d2179dedafd799880c109507

SHA256
7b763a1ceff92d9aca9dd98925d23a809c8d3d315be99c6152d144fa073cd2cc

SHA512
974bb199918c9a09468ee1823526d7272fd417344429dd51efea368f116c82d0f81be4f5d8e4e0934488bcd0b94503d8d7bd70100835486a23932d248853cb08

Download Submit
C:\Windows\System\tViSZSs.exe

Filesize
8B

MD5
e71397695bfc95ac5fe1d82687725659

SHA1
45272317203fb987b8952f41b0170bd5a78944b0

SHA256
593106c260dc81c57565b84dcf164e3aba348716b31b67ed996f84e8eb33a8f2

SHA512
b0a8d0ea3899c2bbb7c006edeeb2ecf2f4894f56db8d8ff247c4e6fc5083c186ab234b2494615de540e99bc5dda8055b1dfec22d34c5a32a9febff889f810e0e

Download Submit
C:\Windows\System\tnqzUCx.exe

Filesize
1.6MB

MD5
3067756a696a8b34550a96375d7e217c

SHA1
a9bb45ff2cfd94bf4260da7315b5cbdbd851db80

SHA256
c2fbbd615c928f8cf3af8128cb71839da4ca73b9199cd3cd135afc5b1c7927d1

SHA512
354c687602cd9d51ea6ef7a911e2583c645953739972715add86b426ad31357dc7b1e4c2919d0385e976be38fe897ad582ce341944d77362afdfe4853c15c8c2

Download Submit
C:\Windows\System\trRWkZh.exe

Filesize
1.6MB

MD5
f56a90600de84be18ce352c2d9281478

SHA1
e5904e56d192573c5a83f5854f8d858bc66d8515

SHA256
a0fbf2d4a1580b32ac6bd96d5b4441c0b6c6ba84e03ef842f0d22fa0d60c33cf

SHA512
5a9ac0446422a1ee7072c94b8209b9cfcb6c55685a46651984eb4935def4da35dc574c0a5e0b0a5c71a2d45b9acd453987a08eaa53cd7397a98febce7d435238

Download Submit
C:\Windows\System\txuzNyR.exe

Filesize
1.7MB

MD5
591bf63cefa6d7fbc360ba7c0b100fc7

SHA1
e7933a03edc82019d70039c9d28cc949c77ff694

SHA256
630bb3d7d23bb8ef0ae178d7a2e560f6b6451ad8487cb86d7438dd4c1af02627

SHA512
37f298312f4e9d854b78e103d09d4f4f0489c6fcd04802fb0ebeccffa499a7689262df9a5016ffd04d0305662afe700b55ad00aa03216a4a82f46db1fbf562f5

Download Submit
C:\Windows\System\wvLPzbz.exe

Filesize
1.6MB

MD5
3fe3edb963a963b12cad676c807c09a7

SHA1
f735f40a019ab3c34a862c24de4c3f3052bb4e2b

SHA256
29018c192b097093e1cc6ce6acf8d156f207bf4bf90509a619a1e406c6019475

SHA512
4cb6b19c0c92c373babd531cbb4a461af87f04161818cb75bc75a8df391c31083698e09ea3ff021d60314fdf68dae575df41a62d63299669450e8d5e6a12e4cc

Download Submit
C:\Windows\System\ypELYLn.exe

Filesize
1.6MB

MD5
a84469daadc27835b7d6cc4c172a20dd

SHA1
28aa6281e91bb322cf491a93da4836e7523248c3

SHA256
97beaa3427d88806a0f8d6dbcbf058b9de5bfe58dd8a10fb87e80661da23453d

SHA512
6b37b2598211332d249c950102661d599cf492f9b2364e569cf4a6e7ef72089d8a2fa45acd25200689940896beddfcea0cb69ba0c7f83fcfac63ab33db5a37b0

Download Submit
C:\Windows\System\zRWkKTo.exe

Filesize
1.6MB

MD5
48984bf60eade3a9020195b7bb34e157

SHA1
2a3540c324556cbff17f76c6288f8cbe1a869a34

SHA256
48f3941e44c6cf64900b417b68fabdbdc97d9be770b45f14390a03e7c5ecec57

SHA512
fe803d6e57795b5674838b11b77a0c402dcd83b019763ef8c668031b97e8a8b15371b0a7d81f37e0a912729d151f0c81f4c8e2273e762041fb020407314623e5

Download Submit
memory/420-1965-0x00007FF6E2200000-0x00007FF6E25F2000-memory.dmp

Filesize
3.9MB

Download
memory/420-267-0x00007FF6E2200000-0x00007FF6E25F2000-memory.dmp

Filesize
3.9MB

Download
memory/668-2814-0x00007FF796440000-0x00007FF796832000-memory.dmp

Filesize
3.9MB

Download
memory/668-0-0x00007FF796440000-0x00007FF796832000-memory.dmp

Filesize
3.9MB

Download
memory/668-1-0x0000021098F80000-0x0000021098F90000-memory.dmp

Filesize
64KB

Download
memory/836-1861-0x00007FF613C10000-0x00007FF614002000-memory.dmp

Filesize
3.9MB

Download
memory/836-33-0x00007FF613C10000-0x00007FF614002000-memory.dmp

Filesize
3.9MB

Download
memory/1600-199-0x00007FF6E0360000-0x00007FF6E0752000-memory.dmp

Filesize
3.9MB

Download
memory/1600-1903-0x00007FF6E0360000-0x00007FF6E0752000-memory.dmp

Filesize
3.9MB

Download
memory/1640-84-0x00007FF7213E0000-0x00007FF7217D2000-memory.dmp

Filesize
3.9MB

Download
memory/1640-1883-0x00007FF7213E0000-0x00007FF7217D2000-memory.dmp

Filesize
3.9MB

Download
memory/1788-1921-0x00007FF67A700000-0x00007FF67AAF2000-memory.dmp

Filesize
3.9MB

Download
memory/1788-292-0x00007FF67A700000-0x00007FF67AAF2000-memory.dmp

Filesize
3.9MB

Download
memory/1884-1893-0x00007FF6C3060000-0x00007FF6C3452000-memory.dmp

Filesize
3.9MB

Download
memory/1884-105-0x00007FF6C3060000-0x00007FF6C3452000-memory.dmp

Filesize
3.9MB

Download
memory/2100-285-0x00007FF67DDF0000-0x00007FF67E1E2000-memory.dmp

Filesize
3.9MB

Download
memory/2100-1915-0x00007FF67DDF0000-0x00007FF67E1E2000-memory.dmp

Filesize
3.9MB

Download
memory/2276-1896-0x00007FF728FC0000-0x00007FF7293B2000-memory.dmp

Filesize
3.9MB

Download
memory/2276-273-0x00007FF728FC0000-0x00007FF7293B2000-memory.dmp

Filesize
3.9MB

Download
memory/2500-11-0x00007FF7DA9E0000-0x00007FF7DADD2000-memory.dmp

Filesize
3.9MB

Download
memory/2624-160-0x00007FF7ABAD0000-0x00007FF7ABEC2000-memory.dmp

Filesize
3.9MB

Download
memory/2624-1950-0x00007FF7ABAD0000-0x00007FF7ABEC2000-memory.dmp

Filesize
3.9MB

Download
memory/2860-1908-0x00007FF7A8590000-0x00007FF7A8982000-memory.dmp

Filesize
3.9MB

Download
memory/2860-61-0x00007FF7A8590000-0x00007FF7A8982000-memory.dmp

Filesize
3.9MB

Download
memory/3020-269-0x00007FF6D1D10000-0x00007FF6D2102000-memory.dmp

Filesize
3.9MB

Download
memory/3020-1968-0x00007FF6D1D10000-0x00007FF6D2102000-memory.dmp

Filesize
3.9MB

Download
memory/3244-1936-0x00007FF7AEA00000-0x00007FF7AEDF2000-memory.dmp

Filesize
3.9MB

Download
memory/3244-293-0x00007FF7AEA00000-0x00007FF7AEDF2000-memory.dmp

Filesize
3.9MB

Download
memory/3868-21-0x00007FF6726B0000-0x00007FF672AA2000-memory.dmp

Filesize
3.9MB

Download
memory/3868-1862-0x00007FF6726B0000-0x00007FF672AA2000-memory.dmp

Filesize
3.9MB

Download
memory/4004-53-0x00007FF7423D0000-0x00007FF7427C2000-memory.dmp

Filesize
3.9MB

Download
memory/4004-1867-0x00007FF7423D0000-0x00007FF7427C2000-memory.dmp

Filesize
3.9MB

Download
memory/4024-128-0x00007FF606FA0000-0x00007FF607392000-memory.dmp

Filesize
3.9MB

Download
memory/4024-1928-0x00007FF606FA0000-0x00007FF607392000-memory.dmp

Filesize
3.9MB

Download
memory/4040-270-0x00007FF7A5E40000-0x00007FF7A6232000-memory.dmp

Filesize
3.9MB

Download
memory/4040-1988-0x00007FF7A5E40000-0x00007FF7A6232000-memory.dmp

Filesize
3.9MB

Download
memory/4252-1958-0x00007FF7A1DE0000-0x00007FF7A21D2000-memory.dmp

Filesize
3.9MB

Download
memory/4252-252-0x00007FF7A1DE0000-0x00007FF7A21D2000-memory.dmp

Filesize
3.9MB

Download
memory/4272-1941-0x00007FF7844F0000-0x00007FF7848E2000-memory.dmp

Filesize
3.9MB

Download
memory/4272-221-0x00007FF7844F0000-0x00007FF7848E2000-memory.dmp

Filesize
3.9MB

Download
memory/4280-1945-0x00007FF7BAD10000-0x00007FF7BB102000-memory.dmp

Filesize
3.9MB

Download
memory/4280-166-0x00007FF7BAD10000-0x00007FF7BB102000-memory.dmp

Filesize
3.9MB

Download
memory/4532-1969-0x00007FF6DD180000-0x00007FF6DD572000-memory.dmp

Filesize
3.9MB

Download
memory/4532-271-0x00007FF6DD180000-0x00007FF6DD572000-memory.dmp

Filesize
3.9MB

Download
memory/4720-26-0x00007FF7FDF20000-0x00007FF7FE312000-memory.dmp

Filesize
3.9MB

Download
memory/4732-1961-0x00007FF798A90000-0x00007FF798E82000-memory.dmp

Filesize
3.9MB

Download
memory/4732-266-0x00007FF798A90000-0x00007FF798E82000-memory.dmp

Filesize
3.9MB

Download
memory/4788-356-0x00000148793F0000-0x0000014879B96000-memory.dmp

Filesize
7.6MB

Download
memory/4788-272-0x00007FF82DDE3000-0x00007FF82DDE5000-memory.dmp

Filesize
8KB

Download
memory/4788-303-0x0000014878810000-0x0000014878832000-memory.dmp

Filesize
136KB

Download
memory/5088-1874-0x00007FF642230000-0x00007FF642622000-memory.dmp

Filesize
3.9MB

Download
memory/5088-37-0x00007FF642230000-0x00007FF642622000-memory.dmp

Filesize
3.9MB

Download