xmrig | 72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de

Analysis

max time kernel
149s
max time network
143s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 23:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
Size

1.4MB
MD5

9ff13d1e0641ee6546519cfc53314cc7
SHA1

ad68384229e95f5e2f9295d02180e5d0649b2c9e
SHA256

72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de
SHA512

669d6c87c455adef4e15a5a0f85f54c2e8744f38b7037927d11bdd8863885d5c20cdc832ae1cff95f5c4386e418489aace3c816b6aa808707badd1b4ae657d5b
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkFfkeMlN675EgEPgsU5qTqOkDilK3uPC:Lz071uv4BPMkFfdg6NsOL

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 20 IoCs

resource	yara_rule
behavioral1/memory/1700-186-0x000000013F700000-0x000000013FAF2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/3040-183-0x000000013F640000-0x000000013FA32000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2648-181-0x000000013F460000-0x000000013F852000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2540-179-0x000000013F940000-0x000000013FD32000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2192-177-0x000000013F6C0000-0x000000013FAB2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2772-176-0x000000013F6C0000-0x000000013FAB2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2688-175-0x000000013FD10000-0x0000000140102000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2724-174-0x000000013F210000-0x000000013F602000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2472-15-0x000000013FD20000-0x0000000140112000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2712-14-0x000000013F8D0000-0x000000013FCC2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2348-4646-0x000000013F870000-0x000000013FC62000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2688-5471-0x000000013FD10000-0x0000000140102000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2724-5472-0x000000013F210000-0x000000013F602000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2540-5473-0x000000013F940000-0x000000013FD32000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2472-5474-0x000000013FD20000-0x0000000140112000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2712-5489-0x000000013F8D0000-0x000000013FCC2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2772-5773-0x000000013F6C0000-0x000000013FAB2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2648-5772-0x000000013F460000-0x000000013F852000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/3040-5779-0x000000013F640000-0x000000013FA32000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1700-5778-0x000000013F700000-0x000000013FAF2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 53 IoCs

resource	yara_rule
behavioral1/memory/2348-0-0x000000013F870000-0x000000013FC62000-memory.dmp	UPX
behavioral1/files/0x000f000000012272-3.dat	UPX
behavioral1/files/0x0032000000014415-9.dat	UPX
behavioral1/files/0x00080000000145bc-17.dat	UPX
behavioral1/files/0x000f000000003683-32.dat	UPX
behavioral1/files/0x0006000000015cfd-79.dat	UPX
behavioral1/files/0x0006000000015d13-86.dat	UPX
behavioral1/files/0x0006000000015d42-100.dat	UPX
behavioral1/files/0x0006000000015f54-127.dat	UPX
behavioral1/files/0x00060000000160f3-134.dat	UPX
behavioral1/files/0x00060000000162cc-148.dat	UPX
behavioral1/files/0x0032000000014508-149.dat	UPX
behavioral1/files/0x00060000000165d4-167.dat	UPX
behavioral1/files/0x0006000000016448-156.dat	UPX
behavioral1/memory/1700-186-0x000000013F700000-0x000000013FAF2000-memory.dmp	UPX
behavioral1/memory/3040-183-0x000000013F640000-0x000000013FA32000-memory.dmp	UPX
behavioral1/memory/2648-181-0x000000013F460000-0x000000013F852000-memory.dmp	UPX
behavioral1/memory/2540-179-0x000000013F940000-0x000000013FD32000-memory.dmp	UPX
behavioral1/memory/2192-177-0x000000013F6C0000-0x000000013FAB2000-memory.dmp	UPX
behavioral1/memory/2772-176-0x000000013F6C0000-0x000000013FAB2000-memory.dmp	UPX
behavioral1/memory/2688-175-0x000000013FD10000-0x0000000140102000-memory.dmp	UPX
behavioral1/memory/2724-174-0x000000013F210000-0x000000013F602000-memory.dmp	UPX
behavioral1/files/0x0006000000016824-172.dat	UPX
behavioral1/files/0x0006000000016572-163.dat	UPX
behavioral1/files/0x0006000000016133-143.dat	UPX
behavioral1/files/0x0006000000015fd4-132.dat	UPX
behavioral1/files/0x0006000000015de5-123.dat	UPX
behavioral1/files/0x0006000000015d97-118.dat	UPX
behavioral1/files/0x0006000000015d72-113.dat	UPX
behavioral1/files/0x0006000000015d20-111.dat	UPX
behavioral1/files/0x0006000000015d09-109.dat	UPX
behavioral1/files/0x0006000000015cf3-107.dat	UPX
behavioral1/files/0x0006000000015ce2-96.dat	UPX
behavioral1/files/0x0006000000015cea-72.dat	UPX
behavioral1/files/0x0006000000015cbf-57.dat	UPX
behavioral1/files/0x0007000000015caf-51.dat	UPX
behavioral1/files/0x0006000000015cd6-63.dat	UPX
behavioral1/files/0x0006000000015cb7-56.dat	UPX
behavioral1/files/0x000800000001473e-42.dat	UPX
behavioral1/files/0x00080000000145c7-40.dat	UPX
behavioral1/files/0x0007000000014856-46.dat	UPX
behavioral1/memory/2472-15-0x000000013FD20000-0x0000000140112000-memory.dmp	UPX
behavioral1/memory/2712-14-0x000000013F8D0000-0x000000013FCC2000-memory.dmp	UPX
behavioral1/memory/2348-4646-0x000000013F870000-0x000000013FC62000-memory.dmp	UPX
behavioral1/memory/2688-5471-0x000000013FD10000-0x0000000140102000-memory.dmp	UPX
behavioral1/memory/2724-5472-0x000000013F210000-0x000000013F602000-memory.dmp	UPX
behavioral1/memory/2540-5473-0x000000013F940000-0x000000013FD32000-memory.dmp	UPX
behavioral1/memory/2472-5474-0x000000013FD20000-0x0000000140112000-memory.dmp	UPX
behavioral1/memory/2712-5489-0x000000013F8D0000-0x000000013FCC2000-memory.dmp	UPX
behavioral1/memory/2772-5773-0x000000013F6C0000-0x000000013FAB2000-memory.dmp	UPX
behavioral1/memory/2648-5772-0x000000013F460000-0x000000013F852000-memory.dmp	UPX
behavioral1/memory/3040-5779-0x000000013F640000-0x000000013FA32000-memory.dmp	UPX
behavioral1/memory/1700-5778-0x000000013F700000-0x000000013FAF2000-memory.dmp	UPX

XMRig Miner payload 21 IoCs

miner

resource	yara_rule
behavioral1/memory/1700-186-0x000000013F700000-0x000000013FAF2000-memory.dmp	xmrig
behavioral1/memory/3040-183-0x000000013F640000-0x000000013FA32000-memory.dmp	xmrig
behavioral1/memory/2648-181-0x000000013F460000-0x000000013F852000-memory.dmp	xmrig
behavioral1/memory/2540-179-0x000000013F940000-0x000000013FD32000-memory.dmp	xmrig
behavioral1/memory/2348-178-0x0000000003500000-0x00000000038F2000-memory.dmp	xmrig
behavioral1/memory/2192-177-0x000000013F6C0000-0x000000013FAB2000-memory.dmp	xmrig
behavioral1/memory/2772-176-0x000000013F6C0000-0x000000013FAB2000-memory.dmp	xmrig
behavioral1/memory/2688-175-0x000000013FD10000-0x0000000140102000-memory.dmp	xmrig
behavioral1/memory/2724-174-0x000000013F210000-0x000000013F602000-memory.dmp	xmrig
behavioral1/memory/2472-15-0x000000013FD20000-0x0000000140112000-memory.dmp	xmrig
behavioral1/memory/2712-14-0x000000013F8D0000-0x000000013FCC2000-memory.dmp	xmrig
behavioral1/memory/2348-4646-0x000000013F870000-0x000000013FC62000-memory.dmp	xmrig
behavioral1/memory/2688-5471-0x000000013FD10000-0x0000000140102000-memory.dmp	xmrig
behavioral1/memory/2724-5472-0x000000013F210000-0x000000013F602000-memory.dmp	xmrig
behavioral1/memory/2540-5473-0x000000013F940000-0x000000013FD32000-memory.dmp	xmrig
behavioral1/memory/2472-5474-0x000000013FD20000-0x0000000140112000-memory.dmp	xmrig
behavioral1/memory/2712-5489-0x000000013F8D0000-0x000000013FCC2000-memory.dmp	xmrig
behavioral1/memory/2772-5773-0x000000013F6C0000-0x000000013FAB2000-memory.dmp	xmrig
behavioral1/memory/2648-5772-0x000000013F460000-0x000000013F852000-memory.dmp	xmrig
behavioral1/memory/3040-5779-0x000000013F640000-0x000000013FA32000-memory.dmp	xmrig
behavioral1/memory/1700-5778-0x000000013F700000-0x000000013FAF2000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
2204	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2712	QqVEloE.exe
2472	jTSGzjH.exe
2724	yvzcwtD.exe
2688	jSwaMcF.exe
2772	ccGUcFk.exe
2192	AnObHCW.exe
2540	LfaSKSt.exe
2648	lLpePxv.exe
3040	FuyUOCe.exe
1700	wUNFfxT.exe
2780	rRqcSGq.exe
2860	qNsYRrZ.exe
768	kPhmIfp.exe
2476	ifjFHkQ.exe
2500	sFbjTDX.exe
1892	SWOdUAS.exe
2828	vLNAWPT.exe
1068	EGodoVK.exe
1196	sdeKLBt.exe
1988	jMKQWrn.exe
2156	QTegEDH.exe
1756	ZCGsLUS.exe
1556	JRxflBP.exe
1584	PSlCnnu.exe
1764	SsvoNMs.exe
1748	kqcMBBA.exe
780	umJDYyC.exe
1028	BxYIOEi.exe
612	MufDxyS.exe
1916	bnieckk.exe
556	rGBRYJG.exe
2496	QHbGQZF.exe
1772	eNwhpDn.exe
1616	kqQdCuB.exe
1312	zsbkLJH.exe
1924	gsUTWvL.exe
1868	zRkXrdZ.exe
2484	aLcoYIm.exe
1664	JcAqxfz.exe
2988	PKKjduU.exe
1224	UkVZEtq.exe
2324	lZCMiou.exe
2448	rGFkNAS.exe
2880	xlPwaOh.exe
1720	ZryOUjF.exe
1512	TgLaraa.exe
836	MTBQmIB.exe
1788	UqUxGZC.exe
628	GtPhcaS.exe
1440	VrxnnPP.exe
1708	oURpxEs.exe
2412	AcdlCtl.exe
980	OySfFSt.exe
2652	HLAaMKD.exe
2532	NHtZCql.exe
2792	RkTNFgb.exe
2584	aaKVsYa.exe
2020	Tzhklab.exe
2948	hSiLkeN.exe
1888	boVwgfZ.exe
2620	jgNFWYa.exe
2980	ufksDKn.exe
2848	MpQoTvF.exe
2176	FqPglvG.exe

Loads dropped DLL 64 IoCs

pid	Process
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe

UPX packed file 53 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2348-0-0x000000013F870000-0x000000013FC62000-memory.dmp	upx
behavioral1/files/0x000f000000012272-3.dat	upx
behavioral1/files/0x0032000000014415-9.dat	upx
behavioral1/files/0x00080000000145bc-17.dat	upx
behavioral1/files/0x000f000000003683-32.dat	upx
behavioral1/files/0x0006000000015cfd-79.dat	upx
behavioral1/files/0x0006000000015d13-86.dat	upx
behavioral1/files/0x0006000000015d42-100.dat	upx
behavioral1/files/0x0006000000015f54-127.dat	upx
behavioral1/files/0x00060000000160f3-134.dat	upx
behavioral1/files/0x00060000000162cc-148.dat	upx
behavioral1/files/0x0032000000014508-149.dat	upx
behavioral1/files/0x00060000000165d4-167.dat	upx
behavioral1/files/0x0006000000016448-156.dat	upx
behavioral1/memory/1700-186-0x000000013F700000-0x000000013FAF2000-memory.dmp	upx
behavioral1/memory/3040-183-0x000000013F640000-0x000000013FA32000-memory.dmp	upx
behavioral1/memory/2648-181-0x000000013F460000-0x000000013F852000-memory.dmp	upx
behavioral1/memory/2540-179-0x000000013F940000-0x000000013FD32000-memory.dmp	upx
behavioral1/memory/2192-177-0x000000013F6C0000-0x000000013FAB2000-memory.dmp	upx
behavioral1/memory/2772-176-0x000000013F6C0000-0x000000013FAB2000-memory.dmp	upx
behavioral1/memory/2688-175-0x000000013FD10000-0x0000000140102000-memory.dmp	upx
behavioral1/memory/2724-174-0x000000013F210000-0x000000013F602000-memory.dmp	upx
behavioral1/files/0x0006000000016824-172.dat	upx
behavioral1/files/0x0006000000016572-163.dat	upx
behavioral1/files/0x0006000000016133-143.dat	upx
behavioral1/files/0x0006000000015fd4-132.dat	upx
behavioral1/files/0x0006000000015de5-123.dat	upx
behavioral1/files/0x0006000000015d97-118.dat	upx
behavioral1/files/0x0006000000015d72-113.dat	upx
behavioral1/files/0x0006000000015d20-111.dat	upx
behavioral1/files/0x0006000000015d09-109.dat	upx
behavioral1/files/0x0006000000015cf3-107.dat	upx
behavioral1/files/0x0006000000015ce2-96.dat	upx
behavioral1/files/0x0006000000015cea-72.dat	upx
behavioral1/files/0x0006000000015cbf-57.dat	upx
behavioral1/files/0x0007000000015caf-51.dat	upx
behavioral1/files/0x0006000000015cd6-63.dat	upx
behavioral1/files/0x0006000000015cb7-56.dat	upx
behavioral1/files/0x000800000001473e-42.dat	upx
behavioral1/files/0x00080000000145c7-40.dat	upx
behavioral1/files/0x0007000000014856-46.dat	upx
behavioral1/memory/2472-15-0x000000013FD20000-0x0000000140112000-memory.dmp	upx
behavioral1/memory/2712-14-0x000000013F8D0000-0x000000013FCC2000-memory.dmp	upx
behavioral1/memory/2348-4646-0x000000013F870000-0x000000013FC62000-memory.dmp	upx
behavioral1/memory/2688-5471-0x000000013FD10000-0x0000000140102000-memory.dmp	upx
behavioral1/memory/2724-5472-0x000000013F210000-0x000000013F602000-memory.dmp	upx
behavioral1/memory/2540-5473-0x000000013F940000-0x000000013FD32000-memory.dmp	upx
behavioral1/memory/2472-5474-0x000000013FD20000-0x0000000140112000-memory.dmp	upx
behavioral1/memory/2712-5489-0x000000013F8D0000-0x000000013FCC2000-memory.dmp	upx
behavioral1/memory/2772-5773-0x000000013F6C0000-0x000000013FAB2000-memory.dmp	upx
behavioral1/memory/2648-5772-0x000000013F460000-0x000000013F852000-memory.dmp	upx
behavioral1/memory/3040-5779-0x000000013F640000-0x000000013FA32000-memory.dmp	upx
behavioral1/memory/1700-5778-0x000000013F700000-0x000000013FAF2000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\QzkcRct.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\LZKjseM.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\pUJXxVV.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\cvQgTEs.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\aVOkZKD.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\HZpdytX.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\HqicqOq.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\rvIlOom.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\sfUyUHb.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\kNchhYv.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\OvNtHSy.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\DPQMapP.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\CwxTuda.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\swjpOuf.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\OkjYsmf.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\cHwuPHH.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\VRzDlUv.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\XkfkSID.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\wCwigsN.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\szFRdAm.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\YqhLDlF.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\zeOvwDa.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\uLKLDnR.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\kzGwbhX.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\kMPRYvd.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\MWGinVK.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\vjQFOYz.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\jfzefMT.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\WATdTrP.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\TiqKbAN.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\fYbBylf.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\CDdGiql.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\psbuNCv.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\MroJsvF.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\UBvQWPx.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\jqyOOtK.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\eMWRnLA.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\mWnpNek.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\XfPnmTj.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\sTALqZt.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\OvFAvsL.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\ARafnFn.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\rdNeaEy.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\rUknqlW.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\wOxMSvs.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\ePGUlIE.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\dqtgKIB.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\xountmP.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\xNyMTXx.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\EEshUNG.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\BTVIuWh.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\hKbkeuE.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\KgegKlR.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\eNwhpDn.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\xGOQQeo.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\ZIkxpid.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\tnpPvGX.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\sSwnHgC.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\VboOQnw.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\UmwpduF.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\QuhhTGl.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\gzXLvbZ.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\oNGPYrO.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
File created	C:\Windows\System\YduPrAq.exe	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2204	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
Token: SeLockMemoryPrivilege	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
Token: SeDebugPrivilege	2204	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2348 wrote to memory of 2204	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	29
PID 2348 wrote to memory of 2204	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	29
PID 2348 wrote to memory of 2204	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	29
PID 2348 wrote to memory of 2712	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	30
PID 2348 wrote to memory of 2712	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	30
PID 2348 wrote to memory of 2712	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	30
PID 2348 wrote to memory of 2472	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	31
PID 2348 wrote to memory of 2472	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	31
PID 2348 wrote to memory of 2472	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	31
PID 2348 wrote to memory of 2724	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	32
PID 2348 wrote to memory of 2724	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	32
PID 2348 wrote to memory of 2724	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	32
PID 2348 wrote to memory of 2772	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	33
PID 2348 wrote to memory of 2772	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	33
PID 2348 wrote to memory of 2772	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	33
PID 2348 wrote to memory of 2688	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	34
PID 2348 wrote to memory of 2688	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	34
PID 2348 wrote to memory of 2688	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	34
PID 2348 wrote to memory of 2192	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	35
PID 2348 wrote to memory of 2192	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	35
PID 2348 wrote to memory of 2192	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	35
PID 2348 wrote to memory of 2540	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	36
PID 2348 wrote to memory of 2540	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	36
PID 2348 wrote to memory of 2540	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	36
PID 2348 wrote to memory of 2648	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	37
PID 2348 wrote to memory of 2648	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	37
PID 2348 wrote to memory of 2648	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	37
PID 2348 wrote to memory of 3040	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	38
PID 2348 wrote to memory of 3040	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	38
PID 2348 wrote to memory of 3040	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	38
PID 2348 wrote to memory of 2476	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	39
PID 2348 wrote to memory of 2476	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	39
PID 2348 wrote to memory of 2476	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	39
PID 2348 wrote to memory of 1700	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	40
PID 2348 wrote to memory of 1700	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	40
PID 2348 wrote to memory of 1700	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	40
PID 2348 wrote to memory of 2500	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	41
PID 2348 wrote to memory of 2500	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	41
PID 2348 wrote to memory of 2500	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	41
PID 2348 wrote to memory of 2780	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	42
PID 2348 wrote to memory of 2780	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	42
PID 2348 wrote to memory of 2780	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	42
PID 2348 wrote to memory of 2828	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	43
PID 2348 wrote to memory of 2828	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	43
PID 2348 wrote to memory of 2828	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	43
PID 2348 wrote to memory of 2860	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	44
PID 2348 wrote to memory of 2860	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	44
PID 2348 wrote to memory of 2860	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	44
PID 2348 wrote to memory of 1068	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	45
PID 2348 wrote to memory of 1068	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	45
PID 2348 wrote to memory of 1068	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	45
PID 2348 wrote to memory of 768	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	46
PID 2348 wrote to memory of 768	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	46
PID 2348 wrote to memory of 768	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	46
PID 2348 wrote to memory of 1196	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	47
PID 2348 wrote to memory of 1196	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	47
PID 2348 wrote to memory of 1196	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	47
PID 2348 wrote to memory of 1892	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	48
PID 2348 wrote to memory of 1892	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	48
PID 2348 wrote to memory of 1892	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	48
PID 2348 wrote to memory of 1988	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	49
PID 2348 wrote to memory of 1988	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	49
PID 2348 wrote to memory of 1988	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	49
PID 2348 wrote to memory of 2156	2348	72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe	50

C:\Users\Admin\AppData\Local\Temp\72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe
"C:\Users\Admin\AppData\Local\Temp\72fa53895c67b7ebf411e790cefd7de167a2aaf8fff7b2c9da401716090913de.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2204
- C:\Windows\System\QqVEloE.exe
  C:\Windows\System\QqVEloE.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\jTSGzjH.exe
  C:\Windows\System\jTSGzjH.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\yvzcwtD.exe
  C:\Windows\System\yvzcwtD.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\ccGUcFk.exe
  C:\Windows\System\ccGUcFk.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\jSwaMcF.exe
  C:\Windows\System\jSwaMcF.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\AnObHCW.exe
  C:\Windows\System\AnObHCW.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\LfaSKSt.exe
  C:\Windows\System\LfaSKSt.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\lLpePxv.exe
  C:\Windows\System\lLpePxv.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\FuyUOCe.exe
  C:\Windows\System\FuyUOCe.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\ifjFHkQ.exe
  C:\Windows\System\ifjFHkQ.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\wUNFfxT.exe
  C:\Windows\System\wUNFfxT.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\sFbjTDX.exe
  C:\Windows\System\sFbjTDX.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\rRqcSGq.exe
  C:\Windows\System\rRqcSGq.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\vLNAWPT.exe
  C:\Windows\System\vLNAWPT.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\qNsYRrZ.exe
  C:\Windows\System\qNsYRrZ.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\EGodoVK.exe
  C:\Windows\System\EGodoVK.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\kPhmIfp.exe
  C:\Windows\System\kPhmIfp.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\sdeKLBt.exe
  C:\Windows\System\sdeKLBt.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\SWOdUAS.exe
  C:\Windows\System\SWOdUAS.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\jMKQWrn.exe
  C:\Windows\System\jMKQWrn.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\QTegEDH.exe
  C:\Windows\System\QTegEDH.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\ZCGsLUS.exe
  C:\Windows\System\ZCGsLUS.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\JRxflBP.exe
  C:\Windows\System\JRxflBP.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\PSlCnnu.exe
  C:\Windows\System\PSlCnnu.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\SsvoNMs.exe
  C:\Windows\System\SsvoNMs.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\kqcMBBA.exe
  C:\Windows\System\kqcMBBA.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\umJDYyC.exe
  C:\Windows\System\umJDYyC.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\BxYIOEi.exe
  C:\Windows\System\BxYIOEi.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\MufDxyS.exe
  C:\Windows\System\MufDxyS.exe
  2⤵
  - Executes dropped EXE
  PID:612
- C:\Windows\System\bnieckk.exe
  C:\Windows\System\bnieckk.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\rGBRYJG.exe
  C:\Windows\System\rGBRYJG.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\QHbGQZF.exe
  C:\Windows\System\QHbGQZF.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\eNwhpDn.exe
  C:\Windows\System\eNwhpDn.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\kqQdCuB.exe
  C:\Windows\System\kqQdCuB.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\zsbkLJH.exe
  C:\Windows\System\zsbkLJH.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\gsUTWvL.exe
  C:\Windows\System\gsUTWvL.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\zRkXrdZ.exe
  C:\Windows\System\zRkXrdZ.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\aLcoYIm.exe
  C:\Windows\System\aLcoYIm.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\JcAqxfz.exe
  C:\Windows\System\JcAqxfz.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\PKKjduU.exe
  C:\Windows\System\PKKjduU.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\UkVZEtq.exe
  C:\Windows\System\UkVZEtq.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\lZCMiou.exe
  C:\Windows\System\lZCMiou.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\rGFkNAS.exe
  C:\Windows\System\rGFkNAS.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\xlPwaOh.exe
  C:\Windows\System\xlPwaOh.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\ZryOUjF.exe
  C:\Windows\System\ZryOUjF.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\MTBQmIB.exe
  C:\Windows\System\MTBQmIB.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\TgLaraa.exe
  C:\Windows\System\TgLaraa.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\UqUxGZC.exe
  C:\Windows\System\UqUxGZC.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\GtPhcaS.exe
  C:\Windows\System\GtPhcaS.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\VrxnnPP.exe
  C:\Windows\System\VrxnnPP.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\oURpxEs.exe
  C:\Windows\System\oURpxEs.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\AcdlCtl.exe
  C:\Windows\System\AcdlCtl.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\OySfFSt.exe
  C:\Windows\System\OySfFSt.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\HLAaMKD.exe
  C:\Windows\System\HLAaMKD.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\NHtZCql.exe
  C:\Windows\System\NHtZCql.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\RkTNFgb.exe
  C:\Windows\System\RkTNFgb.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\aaKVsYa.exe
  C:\Windows\System\aaKVsYa.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\Tzhklab.exe
  C:\Windows\System\Tzhklab.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\hSiLkeN.exe
  C:\Windows\System\hSiLkeN.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\jgNFWYa.exe
  C:\Windows\System\jgNFWYa.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\boVwgfZ.exe
  C:\Windows\System\boVwgfZ.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\ufksDKn.exe
  C:\Windows\System\ufksDKn.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\MpQoTvF.exe
  C:\Windows\System\MpQoTvF.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\FqPglvG.exe
  C:\Windows\System\FqPglvG.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\slzHLlL.exe
  C:\Windows\System\slzHLlL.exe
  2⤵
  PID:2212
- C:\Windows\System\uFWKYLI.exe
  C:\Windows\System\uFWKYLI.exe
  2⤵
  PID:1400
- C:\Windows\System\maHmMDV.exe
  C:\Windows\System\maHmMDV.exe
  2⤵
  PID:2200
- C:\Windows\System\ZVndSlS.exe
  C:\Windows\System\ZVndSlS.exe
  2⤵
  PID:2240
- C:\Windows\System\cIcJSsG.exe
  C:\Windows\System\cIcJSsG.exe
  2⤵
  PID:2408
- C:\Windows\System\womtbei.exe
  C:\Windows\System\womtbei.exe
  2⤵
  PID:772
- C:\Windows\System\nKYNYHg.exe
  C:\Windows\System\nKYNYHg.exe
  2⤵
  PID:2492
- C:\Windows\System\cWZPPob.exe
  C:\Windows\System\cWZPPob.exe
  2⤵
  PID:1504
- C:\Windows\System\utZrEgM.exe
  C:\Windows\System\utZrEgM.exe
  2⤵
  PID:2404
- C:\Windows\System\KJCqMry.exe
  C:\Windows\System\KJCqMry.exe
  2⤵
  PID:948
- C:\Windows\System\qfjXdnp.exe
  C:\Windows\System\qfjXdnp.exe
  2⤵
  PID:1560
- C:\Windows\System\qRaQtHj.exe
  C:\Windows\System\qRaQtHj.exe
  2⤵
  PID:964
- C:\Windows\System\tWnnQHJ.exe
  C:\Windows\System\tWnnQHJ.exe
  2⤵
  PID:1648
- C:\Windows\System\mFyJojl.exe
  C:\Windows\System\mFyJojl.exe
  2⤵
  PID:912
- C:\Windows\System\bLRJhWK.exe
  C:\Windows\System\bLRJhWK.exe
  2⤵
  PID:876
- C:\Windows\System\yvbkzpL.exe
  C:\Windows\System\yvbkzpL.exe
  2⤵
  PID:2864
- C:\Windows\System\HYQeoed.exe
  C:\Windows\System\HYQeoed.exe
  2⤵
  PID:2224
- C:\Windows\System\yDftXAA.exe
  C:\Windows\System\yDftXAA.exe
  2⤵
  PID:2460
- C:\Windows\System\fsHcicA.exe
  C:\Windows\System\fsHcicA.exe
  2⤵
  PID:888
- C:\Windows\System\gkyUgmN.exe
  C:\Windows\System\gkyUgmN.exe
  2⤵
  PID:1596
- C:\Windows\System\mdzBAJN.exe
  C:\Windows\System\mdzBAJN.exe
  2⤵
  PID:2400
- C:\Windows\System\TGUHZhj.exe
  C:\Windows\System\TGUHZhj.exe
  2⤵
  PID:2696
- C:\Windows\System\zTFPeME.exe
  C:\Windows\System\zTFPeME.exe
  2⤵
  PID:2392
- C:\Windows\System\kyWuuOU.exe
  C:\Windows\System\kyWuuOU.exe
  2⤵
  PID:2672
- C:\Windows\System\GzdEXDI.exe
  C:\Windows\System\GzdEXDI.exe
  2⤵
  PID:2632
- C:\Windows\System\jCKKSZC.exe
  C:\Windows\System\jCKKSZC.exe
  2⤵
  PID:2700
- C:\Windows\System\TDJSmoy.exe
  C:\Windows\System\TDJSmoy.exe
  2⤵
  PID:2520
- C:\Windows\System\ThaqdZo.exe
  C:\Windows\System\ThaqdZo.exe
  2⤵
  PID:2000
- C:\Windows\System\QbVBXbH.exe
  C:\Windows\System\QbVBXbH.exe
  2⤵
  PID:2576
- C:\Windows\System\BTVIuWh.exe
  C:\Windows\System\BTVIuWh.exe
  2⤵
  PID:2784
- C:\Windows\System\aikSPtc.exe
  C:\Windows\System\aikSPtc.exe
  2⤵
  PID:2004
- C:\Windows\System\XoGDSbv.exe
  C:\Windows\System\XoGDSbv.exe
  2⤵
  PID:2252
- C:\Windows\System\YumHrcH.exe
  C:\Windows\System\YumHrcH.exe
  2⤵
  PID:2596
- C:\Windows\System\GjBxvrk.exe
  C:\Windows\System\GjBxvrk.exe
  2⤵
  PID:264
- C:\Windows\System\PDhGbQX.exe
  C:\Windows\System\PDhGbQX.exe
  2⤵
  PID:3024
- C:\Windows\System\fTRPSXD.exe
  C:\Windows\System\fTRPSXD.exe
  2⤵
  PID:2072
- C:\Windows\System\ptAsGvC.exe
  C:\Windows\System\ptAsGvC.exe
  2⤵
  PID:304
- C:\Windows\System\IPpNuMT.exe
  C:\Windows\System\IPpNuMT.exe
  2⤵
  PID:1832
- C:\Windows\System\sEYewCl.exe
  C:\Windows\System\sEYewCl.exe
  2⤵
  PID:1320
- C:\Windows\System\JQnPtKC.exe
  C:\Windows\System\JQnPtKC.exe
  2⤵
  PID:2236
- C:\Windows\System\dJPRXwn.exe
  C:\Windows\System\dJPRXwn.exe
  2⤵
  PID:2444
- C:\Windows\System\FpoHNiJ.exe
  C:\Windows\System\FpoHNiJ.exe
  2⤵
  PID:2172
- C:\Windows\System\WiiAdET.exe
  C:\Windows\System\WiiAdET.exe
  2⤵
  PID:1784
- C:\Windows\System\bOVqNWk.exe
  C:\Windows\System\bOVqNWk.exe
  2⤵
  PID:2692
- C:\Windows\System\hsotfhP.exe
  C:\Windows\System\hsotfhP.exe
  2⤵
  PID:2488
- C:\Windows\System\TpsKdej.exe
  C:\Windows\System\TpsKdej.exe
  2⤵
  PID:1316
- C:\Windows\System\eVBqTRM.exe
  C:\Windows\System\eVBqTRM.exe
  2⤵
  PID:2636
- C:\Windows\System\nYCiAkX.exe
  C:\Windows\System\nYCiAkX.exe
  2⤵
  PID:2604
- C:\Windows\System\eRbcAoj.exe
  C:\Windows\System\eRbcAoj.exe
  2⤵
  PID:2704
- C:\Windows\System\mpwTHLw.exe
  C:\Windows\System\mpwTHLw.exe
  2⤵
  PID:2932
- C:\Windows\System\ACXkScI.exe
  C:\Windows\System\ACXkScI.exe
  2⤵
  PID:2564
- C:\Windows\System\WHeoCvE.exe
  C:\Windows\System\WHeoCvE.exe
  2⤵
  PID:340
- C:\Windows\System\thGWimj.exe
  C:\Windows\System\thGWimj.exe
  2⤵
  PID:1736
- C:\Windows\System\bxmQpWa.exe
  C:\Windows\System\bxmQpWa.exe
  2⤵
  PID:2120
- C:\Windows\System\fCneROm.exe
  C:\Windows\System\fCneROm.exe
  2⤵
  PID:2832
- C:\Windows\System\ZEekErH.exe
  C:\Windows\System\ZEekErH.exe
  2⤵
  PID:880
- C:\Windows\System\dlqqWFm.exe
  C:\Windows\System\dlqqWFm.exe
  2⤵
  PID:1976
- C:\Windows\System\GkjEgtt.exe
  C:\Windows\System\GkjEgtt.exe
  2⤵
  PID:1636
- C:\Windows\System\DsifEaq.exe
  C:\Windows\System\DsifEaq.exe
  2⤵
  PID:2536
- C:\Windows\System\ggZodHU.exe
  C:\Windows\System\ggZodHU.exe
  2⤵
  PID:580
- C:\Windows\System\pBYyVwF.exe
  C:\Windows\System\pBYyVwF.exe
  2⤵
  PID:3044
- C:\Windows\System\EkiLStf.exe
  C:\Windows\System\EkiLStf.exe
  2⤵
  PID:1356
- C:\Windows\System\pwfAsHM.exe
  C:\Windows\System\pwfAsHM.exe
  2⤵
  PID:1156
- C:\Windows\System\mlGzswk.exe
  C:\Windows\System\mlGzswk.exe
  2⤵
  PID:608
- C:\Windows\System\hBhfLyD.exe
  C:\Windows\System\hBhfLyD.exe
  2⤵
  PID:2064
- C:\Windows\System\rCkihlq.exe
  C:\Windows\System\rCkihlq.exe
  2⤵
  PID:812
- C:\Windows\System\QonMYzn.exe
  C:\Windows\System\QonMYzn.exe
  2⤵
  PID:1072
- C:\Windows\System\GCwRtUf.exe
  C:\Windows\System\GCwRtUf.exe
  2⤵
  PID:2440
- C:\Windows\System\OhTQEYn.exe
  C:\Windows\System\OhTQEYn.exe
  2⤵
  PID:3092
- C:\Windows\System\tXYVQSg.exe
  C:\Windows\System\tXYVQSg.exe
  2⤵
  PID:3108
- C:\Windows\System\hOvOgfq.exe
  C:\Windows\System\hOvOgfq.exe
  2⤵
  PID:3132
- C:\Windows\System\VJvzLtj.exe
  C:\Windows\System\VJvzLtj.exe
  2⤵
  PID:3148
- C:\Windows\System\BKZsgdw.exe
  C:\Windows\System\BKZsgdw.exe
  2⤵
  PID:3172
- C:\Windows\System\WuYYpQG.exe
  C:\Windows\System\WuYYpQG.exe
  2⤵
  PID:3192
- C:\Windows\System\mZYqLSC.exe
  C:\Windows\System\mZYqLSC.exe
  2⤵
  PID:3208
- C:\Windows\System\sHfDeNp.exe
  C:\Windows\System\sHfDeNp.exe
  2⤵
  PID:3224
- C:\Windows\System\YZiKvFp.exe
  C:\Windows\System\YZiKvFp.exe
  2⤵
  PID:3240
- C:\Windows\System\NwHkVVW.exe
  C:\Windows\System\NwHkVVW.exe
  2⤵
  PID:3260
- C:\Windows\System\zajsjZR.exe
  C:\Windows\System\zajsjZR.exe
  2⤵
  PID:3288
- C:\Windows\System\ObQAjyl.exe
  C:\Windows\System\ObQAjyl.exe
  2⤵
  PID:3304
- C:\Windows\System\NeYfjTX.exe
  C:\Windows\System\NeYfjTX.exe
  2⤵
  PID:3320
- C:\Windows\System\ZNwoTxQ.exe
  C:\Windows\System\ZNwoTxQ.exe
  2⤵
  PID:3336
- C:\Windows\System\lZCfPJf.exe
  C:\Windows\System\lZCfPJf.exe
  2⤵
  PID:3352
- C:\Windows\System\cmbODDa.exe
  C:\Windows\System\cmbODDa.exe
  2⤵
  PID:3368
- C:\Windows\System\WqrCDbL.exe
  C:\Windows\System\WqrCDbL.exe
  2⤵
  PID:3384
- C:\Windows\System\tjOTMqn.exe
  C:\Windows\System\tjOTMqn.exe
  2⤵
  PID:3428
- C:\Windows\System\wimGqiw.exe
  C:\Windows\System\wimGqiw.exe
  2⤵
  PID:3444
- C:\Windows\System\fdSVgWX.exe
  C:\Windows\System\fdSVgWX.exe
  2⤵
  PID:3460
- C:\Windows\System\QgvHKmP.exe
  C:\Windows\System\QgvHKmP.exe
  2⤵
  PID:3476
- C:\Windows\System\PdrzzOx.exe
  C:\Windows\System\PdrzzOx.exe
  2⤵
  PID:3492
- C:\Windows\System\OPlYQjX.exe
  C:\Windows\System\OPlYQjX.exe
  2⤵
  PID:3508
- C:\Windows\System\XGEbsdx.exe
  C:\Windows\System\XGEbsdx.exe
  2⤵
  PID:3524
- C:\Windows\System\dAOXAgt.exe
  C:\Windows\System\dAOXAgt.exe
  2⤵
  PID:3540
- C:\Windows\System\PJNpGWx.exe
  C:\Windows\System\PJNpGWx.exe
  2⤵
  PID:3556
- C:\Windows\System\pLLynQZ.exe
  C:\Windows\System\pLLynQZ.exe
  2⤵
  PID:3572
- C:\Windows\System\EYtxbnC.exe
  C:\Windows\System\EYtxbnC.exe
  2⤵
  PID:3588
- C:\Windows\System\yZdblMU.exe
  C:\Windows\System\yZdblMU.exe
  2⤵
  PID:3604
- C:\Windows\System\CkAdkxo.exe
  C:\Windows\System\CkAdkxo.exe
  2⤵
  PID:3620
- C:\Windows\System\PlWwfdA.exe
  C:\Windows\System\PlWwfdA.exe
  2⤵
  PID:3636
- C:\Windows\System\mLfusVx.exe
  C:\Windows\System\mLfusVx.exe
  2⤵
  PID:3652
- C:\Windows\System\kPedOmc.exe
  C:\Windows\System\kPedOmc.exe
  2⤵
  PID:3668
- C:\Windows\System\KUisnIj.exe
  C:\Windows\System\KUisnIj.exe
  2⤵
  PID:3684
- C:\Windows\System\foFslvq.exe
  C:\Windows\System\foFslvq.exe
  2⤵
  PID:3700
- C:\Windows\System\UGyUcfY.exe
  C:\Windows\System\UGyUcfY.exe
  2⤵
  PID:3716
- C:\Windows\System\QKlfomP.exe
  C:\Windows\System\QKlfomP.exe
  2⤵
  PID:3732
- C:\Windows\System\inBDYlt.exe
  C:\Windows\System\inBDYlt.exe
  2⤵
  PID:3748
- C:\Windows\System\iCuZFmd.exe
  C:\Windows\System\iCuZFmd.exe
  2⤵
  PID:3764
- C:\Windows\System\NFDCjim.exe
  C:\Windows\System\NFDCjim.exe
  2⤵
  PID:3780
- C:\Windows\System\DrNMgAt.exe
  C:\Windows\System\DrNMgAt.exe
  2⤵
  PID:3796
- C:\Windows\System\WAUnqSf.exe
  C:\Windows\System\WAUnqSf.exe
  2⤵
  PID:3812
- C:\Windows\System\QGvAvvU.exe
  C:\Windows\System\QGvAvvU.exe
  2⤵
  PID:3828
- C:\Windows\System\wOPopEJ.exe
  C:\Windows\System\wOPopEJ.exe
  2⤵
  PID:3844
- C:\Windows\System\aWTchdK.exe
  C:\Windows\System\aWTchdK.exe
  2⤵
  PID:3860
- C:\Windows\System\kDqeiYi.exe
  C:\Windows\System\kDqeiYi.exe
  2⤵
  PID:3876
- C:\Windows\System\FzbnzqF.exe
  C:\Windows\System\FzbnzqF.exe
  2⤵
  PID:3892
- C:\Windows\System\BsuFMVO.exe
  C:\Windows\System\BsuFMVO.exe
  2⤵
  PID:3908
- C:\Windows\System\tIiJTrm.exe
  C:\Windows\System\tIiJTrm.exe
  2⤵
  PID:3924
- C:\Windows\System\bVNQTDP.exe
  C:\Windows\System\bVNQTDP.exe
  2⤵
  PID:3940
- C:\Windows\System\sFmmVKV.exe
  C:\Windows\System\sFmmVKV.exe
  2⤵
  PID:3956
- C:\Windows\System\KCjUGfA.exe
  C:\Windows\System\KCjUGfA.exe
  2⤵
  PID:3972
- C:\Windows\System\ImXWTZw.exe
  C:\Windows\System\ImXWTZw.exe
  2⤵
  PID:3988
- C:\Windows\System\vpzsjoY.exe
  C:\Windows\System\vpzsjoY.exe
  2⤵
  PID:4004
- C:\Windows\System\vqZozMj.exe
  C:\Windows\System\vqZozMj.exe
  2⤵
  PID:4020
- C:\Windows\System\NKpimIQ.exe
  C:\Windows\System\NKpimIQ.exe
  2⤵
  PID:4036
- C:\Windows\System\VNewaSt.exe
  C:\Windows\System\VNewaSt.exe
  2⤵
  PID:4052
- C:\Windows\System\unARivW.exe
  C:\Windows\System\unARivW.exe
  2⤵
  PID:4068
- C:\Windows\System\hUXvbyG.exe
  C:\Windows\System\hUXvbyG.exe
  2⤵
  PID:4084
- C:\Windows\System\IazPDOL.exe
  C:\Windows\System\IazPDOL.exe
  2⤵
  PID:1112
- C:\Windows\System\gqNOVuq.exe
  C:\Windows\System\gqNOVuq.exe
  2⤵
  PID:2008
- C:\Windows\System\eqtuZTs.exe
  C:\Windows\System\eqtuZTs.exe
  2⤵
  PID:2432
- C:\Windows\System\EmhmclS.exe
  C:\Windows\System\EmhmclS.exe
  2⤵
  PID:2952
- C:\Windows\System\mUSrdWD.exe
  C:\Windows\System\mUSrdWD.exe
  2⤵
  PID:1804
- C:\Windows\System\eBVDpKt.exe
  C:\Windows\System\eBVDpKt.exe
  2⤵
  PID:2820
- C:\Windows\System\ULlvDNV.exe
  C:\Windows\System\ULlvDNV.exe
  2⤵
  PID:1628
- C:\Windows\System\AvWZOLK.exe
  C:\Windows\System\AvWZOLK.exe
  2⤵
  PID:1996
- C:\Windows\System\ficMmac.exe
  C:\Windows\System\ficMmac.exe
  2⤵
  PID:3008
- C:\Windows\System\xAqjyEj.exe
  C:\Windows\System\xAqjyEj.exe
  2⤵
  PID:2328
- C:\Windows\System\ZCJJxuG.exe
  C:\Windows\System\ZCJJxuG.exe
  2⤵
  PID:2016
- C:\Windows\System\naXFEyl.exe
  C:\Windows\System\naXFEyl.exe
  2⤵
  PID:616
- C:\Windows\System\FKHIYHW.exe
  C:\Windows\System\FKHIYHW.exe
  2⤵
  PID:3076
- C:\Windows\System\gsspURB.exe
  C:\Windows\System\gsspURB.exe
  2⤵
  PID:3100
- C:\Windows\System\UHBemju.exe
  C:\Windows\System\UHBemju.exe
  2⤵
  PID:1796
- C:\Windows\System\AeFJbun.exe
  C:\Windows\System\AeFJbun.exe
  2⤵
  PID:3140
- C:\Windows\System\EWYnOMj.exe
  C:\Windows\System\EWYnOMj.exe
  2⤵
  PID:3188
- C:\Windows\System\LpgHrsk.exe
  C:\Windows\System\LpgHrsk.exe
  2⤵
  PID:3200
- C:\Windows\System\qSKYKzw.exe
  C:\Windows\System\qSKYKzw.exe
  2⤵
  PID:3052
- C:\Windows\System\BaoaAka.exe
  C:\Windows\System\BaoaAka.exe
  2⤵
  PID:3332
- C:\Windows\System\EJsqoIV.exe
  C:\Windows\System\EJsqoIV.exe
  2⤵
  PID:2360
- C:\Windows\System\biabyPq.exe
  C:\Windows\System\biabyPq.exe
  2⤵
  PID:3360
- C:\Windows\System\vqdmKFi.exe
  C:\Windows\System\vqdmKFi.exe
  2⤵
  PID:3404
- C:\Windows\System\ubUGPLn.exe
  C:\Windows\System\ubUGPLn.exe
  2⤵
  PID:3088
- C:\Windows\System\fbVdTCS.exe
  C:\Windows\System\fbVdTCS.exe
  2⤵
  PID:3128
- C:\Windows\System\jhtPHwV.exe
  C:\Windows\System\jhtPHwV.exe
  2⤵
  PID:3160
- C:\Windows\System\lbGpLUE.exe
  C:\Windows\System\lbGpLUE.exe
  2⤵
  PID:3276
- C:\Windows\System\vKCQBQl.exe
  C:\Windows\System\vKCQBQl.exe
  2⤵
  PID:3344
- C:\Windows\System\wIrFCwN.exe
  C:\Windows\System\wIrFCwN.exe
  2⤵
  PID:3272
- C:\Windows\System\QsiRQjk.exe
  C:\Windows\System\QsiRQjk.exe
  2⤵
  PID:3420
- C:\Windows\System\kMBHXyH.exe
  C:\Windows\System\kMBHXyH.exe
  2⤵
  PID:3440
- C:\Windows\System\fdzDRvh.exe
  C:\Windows\System\fdzDRvh.exe
  2⤵
  PID:3484
- C:\Windows\System\DrVKQfF.exe
  C:\Windows\System\DrVKQfF.exe
  2⤵
  PID:3488
- C:\Windows\System\UgENmPF.exe
  C:\Windows\System\UgENmPF.exe
  2⤵
  PID:3520
- C:\Windows\System\nknCkMB.exe
  C:\Windows\System\nknCkMB.exe
  2⤵
  PID:3552
- C:\Windows\System\aKpvznd.exe
  C:\Windows\System\aKpvznd.exe
  2⤵
  PID:3564
- C:\Windows\System\MsljDSC.exe
  C:\Windows\System\MsljDSC.exe
  2⤵
  PID:3596
- C:\Windows\System\dNIiYWO.exe
  C:\Windows\System\dNIiYWO.exe
  2⤵
  PID:3628
- C:\Windows\System\wrtKYSR.exe
  C:\Windows\System\wrtKYSR.exe
  2⤵
  PID:3660
- C:\Windows\System\dyOgXkt.exe
  C:\Windows\System\dyOgXkt.exe
  2⤵
  PID:3692
- C:\Windows\System\ZAxBYVM.exe
  C:\Windows\System\ZAxBYVM.exe
  2⤵
  PID:3724
- C:\Windows\System\otgzmUl.exe
  C:\Windows\System\otgzmUl.exe
  2⤵
  PID:3756
- C:\Windows\System\yJJzyeN.exe
  C:\Windows\System\yJJzyeN.exe
  2⤵
  PID:3788
- C:\Windows\System\cggugsc.exe
  C:\Windows\System\cggugsc.exe
  2⤵
  PID:3820
- C:\Windows\System\OYmhJRy.exe
  C:\Windows\System\OYmhJRy.exe
  2⤵
  PID:3852
- C:\Windows\System\zdUrSIL.exe
  C:\Windows\System\zdUrSIL.exe
  2⤵
  PID:3884
- C:\Windows\System\oVoVFGO.exe
  C:\Windows\System\oVoVFGO.exe
  2⤵
  PID:3916
- C:\Windows\System\aVqQScI.exe
  C:\Windows\System\aVqQScI.exe
  2⤵
  PID:3948
- C:\Windows\System\WTexSBA.exe
  C:\Windows\System\WTexSBA.exe
  2⤵
  PID:3980
- C:\Windows\System\WIUDYFk.exe
  C:\Windows\System\WIUDYFk.exe
  2⤵
  PID:4012
- C:\Windows\System\LzKRKip.exe
  C:\Windows\System\LzKRKip.exe
  2⤵
  PID:4044
- C:\Windows\System\EKuykVK.exe
  C:\Windows\System\EKuykVK.exe
  2⤵
  PID:4076
- C:\Windows\System\btcUYdX.exe
  C:\Windows\System\btcUYdX.exe
  2⤵
  PID:1284
- C:\Windows\System\YdjgQeN.exe
  C:\Windows\System\YdjgQeN.exe
  2⤵
  PID:2116
- C:\Windows\System\CicSnKj.exe
  C:\Windows\System\CicSnKj.exe
  2⤵
  PID:1532
- C:\Windows\System\heGXLxD.exe
  C:\Windows\System\heGXLxD.exe
  2⤵
  PID:2640
- C:\Windows\System\uATwFYF.exe
  C:\Windows\System\uATwFYF.exe
  2⤵
  PID:1124
- C:\Windows\System\SUojkRd.exe
  C:\Windows\System\SUojkRd.exe
  2⤵
  PID:696
- C:\Windows\System\KlVftxf.exe
  C:\Windows\System\KlVftxf.exe
  2⤵
  PID:396
- C:\Windows\System\ZmGWajQ.exe
  C:\Windows\System\ZmGWajQ.exe
  2⤵
  PID:1044
- C:\Windows\System\tdCREtj.exe
  C:\Windows\System\tdCREtj.exe
  2⤵
  PID:3252
- C:\Windows\System\DoHyeZK.exe
  C:\Windows\System\DoHyeZK.exe
  2⤵
  PID:3300
- C:\Windows\System\vCSZwUr.exe
  C:\Windows\System\vCSZwUr.exe
  2⤵
  PID:1564
- C:\Windows\System\dNLDMzv.exe
  C:\Windows\System\dNLDMzv.exe
  2⤵
  PID:3412
- C:\Windows\System\LbXCCeL.exe
  C:\Windows\System\LbXCCeL.exe
  2⤵
  PID:3416
- C:\Windows\System\wcgzsUM.exe
  C:\Windows\System\wcgzsUM.exe
  2⤵
  PID:3376
- C:\Windows\System\GhBnJTn.exe
  C:\Windows\System\GhBnJTn.exe
  2⤵
  PID:3436
- C:\Windows\System\JuyNYjq.exe
  C:\Windows\System\JuyNYjq.exe
  2⤵
  PID:3532
- C:\Windows\System\SwViXHy.exe
  C:\Windows\System\SwViXHy.exe
  2⤵
  PID:3232
- C:\Windows\System\IQCXxck.exe
  C:\Windows\System\IQCXxck.exe
  2⤵
  PID:3648
- C:\Windows\System\ksokPrZ.exe
  C:\Windows\System\ksokPrZ.exe
  2⤵
  PID:3500
- C:\Windows\System\mhuadth.exe
  C:\Windows\System\mhuadth.exe
  2⤵
  PID:3580
- C:\Windows\System\evgVRlK.exe
  C:\Windows\System\evgVRlK.exe
  2⤵
  PID:3680
- C:\Windows\System\MHXAFnw.exe
  C:\Windows\System\MHXAFnw.exe
  2⤵
  PID:3804
- C:\Windows\System\ZBUHyBC.exe
  C:\Windows\System\ZBUHyBC.exe
  2⤵
  PID:3856
- C:\Windows\System\eyBkZjk.exe
  C:\Windows\System\eyBkZjk.exe
  2⤵
  PID:3920
- C:\Windows\System\OeJoDXp.exe
  C:\Windows\System\OeJoDXp.exe
  2⤵
  PID:3984
- C:\Windows\System\yOwsyty.exe
  C:\Windows\System\yOwsyty.exe
  2⤵
  PID:4048
- C:\Windows\System\OEoBOMw.exe
  C:\Windows\System\OEoBOMw.exe
  2⤵
  PID:2568
- C:\Windows\System\zvMEojb.exe
  C:\Windows\System\zvMEojb.exe
  2⤵
  PID:2528
- C:\Windows\System\vAzXtYS.exe
  C:\Windows\System\vAzXtYS.exe
  2⤵
  PID:2332
- C:\Windows\System\QOZwgXH.exe
  C:\Windows\System\QOZwgXH.exe
  2⤵
  PID:1624
- C:\Windows\System\UWsnNCl.exe
  C:\Windows\System\UWsnNCl.exe
  2⤵
  PID:3220
- C:\Windows\System\TdUKMTG.exe
  C:\Windows\System\TdUKMTG.exe
  2⤵
  PID:3396
- C:\Windows\System\YpWEzYM.exe
  C:\Windows\System\YpWEzYM.exe
  2⤵
  PID:3156
- C:\Windows\System\iVXYBAK.exe
  C:\Windows\System\iVXYBAK.exe
  2⤵
  PID:840
- C:\Windows\System\VJpnswb.exe
  C:\Windows\System\VJpnswb.exe
  2⤵
  PID:3712
- C:\Windows\System\jUqpyPd.exe
  C:\Windows\System\jUqpyPd.exe
  2⤵
  PID:3600
- C:\Windows\System\JVuFowy.exe
  C:\Windows\System\JVuFowy.exe
  2⤵
  PID:3744
- C:\Windows\System\NHVaeQl.exe
  C:\Windows\System\NHVaeQl.exe
  2⤵
  PID:3936
- C:\Windows\System\UJobfrT.exe
  C:\Windows\System\UJobfrT.exe
  2⤵
  PID:4064
- C:\Windows\System\VYLTaFr.exe
  C:\Windows\System\VYLTaFr.exe
  2⤵
  PID:1656
- C:\Windows\System\gEjaZPT.exe
  C:\Windows\System\gEjaZPT.exe
  2⤵
  PID:2080
- C:\Windows\System\tysrEHj.exe
  C:\Windows\System\tysrEHj.exe
  2⤵
  PID:3084
- C:\Windows\System\hVyQaxU.exe
  C:\Windows\System\hVyQaxU.exe
  2⤵
  PID:3124
- C:\Windows\System\AxnHFYX.exe
  C:\Windows\System\AxnHFYX.exe
  2⤵
  PID:3380
- C:\Windows\System\UNQYxRd.exe
  C:\Windows\System\UNQYxRd.exe
  2⤵
  PID:4108
- C:\Windows\System\tFoVouM.exe
  C:\Windows\System\tFoVouM.exe
  2⤵
  PID:4124
- C:\Windows\System\Oucekwu.exe
  C:\Windows\System\Oucekwu.exe
  2⤵
  PID:4140
- C:\Windows\System\uujNqhv.exe
  C:\Windows\System\uujNqhv.exe
  2⤵
  PID:4156
- C:\Windows\System\WKkakTa.exe
  C:\Windows\System\WKkakTa.exe
  2⤵
  PID:4172
- C:\Windows\System\Tenwzrd.exe
  C:\Windows\System\Tenwzrd.exe
  2⤵
  PID:4188
- C:\Windows\System\prHxssO.exe
  C:\Windows\System\prHxssO.exe
  2⤵
  PID:4204
- C:\Windows\System\XVIqopc.exe
  C:\Windows\System\XVIqopc.exe
  2⤵
  PID:4220
- C:\Windows\System\HkhdCMT.exe
  C:\Windows\System\HkhdCMT.exe
  2⤵
  PID:4236
- C:\Windows\System\CMLpWEK.exe
  C:\Windows\System\CMLpWEK.exe
  2⤵
  PID:4252
- C:\Windows\System\eSYTsTK.exe
  C:\Windows\System\eSYTsTK.exe
  2⤵
  PID:4268
- C:\Windows\System\ECNozcP.exe
  C:\Windows\System\ECNozcP.exe
  2⤵
  PID:4284
- C:\Windows\System\blyRGQZ.exe
  C:\Windows\System\blyRGQZ.exe
  2⤵
  PID:4300
- C:\Windows\System\wHaObtr.exe
  C:\Windows\System\wHaObtr.exe
  2⤵
  PID:4316
- C:\Windows\System\yyZRtYL.exe
  C:\Windows\System\yyZRtYL.exe
  2⤵
  PID:4332
- C:\Windows\System\QkdiSQB.exe
  C:\Windows\System\QkdiSQB.exe
  2⤵
  PID:4348
- C:\Windows\System\qSQXSLn.exe
  C:\Windows\System\qSQXSLn.exe
  2⤵
  PID:4364
- C:\Windows\System\hblTEYV.exe
  C:\Windows\System\hblTEYV.exe
  2⤵
  PID:4380
- C:\Windows\System\RDElYiA.exe
  C:\Windows\System\RDElYiA.exe
  2⤵
  PID:4396
- C:\Windows\System\dFMSkNU.exe
  C:\Windows\System\dFMSkNU.exe
  2⤵
  PID:4412
- C:\Windows\System\NPOqhgD.exe
  C:\Windows\System\NPOqhgD.exe
  2⤵
  PID:4428
- C:\Windows\System\cmsssZJ.exe
  C:\Windows\System\cmsssZJ.exe
  2⤵
  PID:4444
- C:\Windows\System\mTcRVQW.exe
  C:\Windows\System\mTcRVQW.exe
  2⤵
  PID:4460
- C:\Windows\System\CIazjDM.exe
  C:\Windows\System\CIazjDM.exe
  2⤵
  PID:4476
- C:\Windows\System\bNCUqnz.exe
  C:\Windows\System\bNCUqnz.exe
  2⤵
  PID:4492
- C:\Windows\System\ErFTkHB.exe
  C:\Windows\System\ErFTkHB.exe
  2⤵
  PID:4508
- C:\Windows\System\KfaXzDQ.exe
  C:\Windows\System\KfaXzDQ.exe
  2⤵
  PID:4524
- C:\Windows\System\jGdLhbf.exe
  C:\Windows\System\jGdLhbf.exe
  2⤵
  PID:4540
- C:\Windows\System\lFMLwNY.exe
  C:\Windows\System\lFMLwNY.exe
  2⤵
  PID:4556
- C:\Windows\System\ybvEyJP.exe
  C:\Windows\System\ybvEyJP.exe
  2⤵
  PID:4572
- C:\Windows\System\gjFbwlc.exe
  C:\Windows\System\gjFbwlc.exe
  2⤵
  PID:4588
- C:\Windows\System\hmfqTRT.exe
  C:\Windows\System\hmfqTRT.exe
  2⤵
  PID:4604
- C:\Windows\System\daWSEqn.exe
  C:\Windows\System\daWSEqn.exe
  2⤵
  PID:4620
- C:\Windows\System\zcdLteV.exe
  C:\Windows\System\zcdLteV.exe
  2⤵
  PID:4636
- C:\Windows\System\rgjUNzq.exe
  C:\Windows\System\rgjUNzq.exe
  2⤵
  PID:4652
- C:\Windows\System\kmVLreK.exe
  C:\Windows\System\kmVLreK.exe
  2⤵
  PID:4668
- C:\Windows\System\mVcMnrz.exe
  C:\Windows\System\mVcMnrz.exe
  2⤵
  PID:4684
- C:\Windows\System\fDBGBAz.exe
  C:\Windows\System\fDBGBAz.exe
  2⤵
  PID:4700
- C:\Windows\System\TmnGdQn.exe
  C:\Windows\System\TmnGdQn.exe
  2⤵
  PID:4716
- C:\Windows\System\YJKRyrW.exe
  C:\Windows\System\YJKRyrW.exe
  2⤵
  PID:4732
- C:\Windows\System\fzKeIhc.exe
  C:\Windows\System\fzKeIhc.exe
  2⤵
  PID:4748
- C:\Windows\System\vglnBaQ.exe
  C:\Windows\System\vglnBaQ.exe
  2⤵
  PID:4764
- C:\Windows\System\SEKxFFz.exe
  C:\Windows\System\SEKxFFz.exe
  2⤵
  PID:4780
- C:\Windows\System\WNtAiqb.exe
  C:\Windows\System\WNtAiqb.exe
  2⤵
  PID:4796
- C:\Windows\System\HzzxBfQ.exe
  C:\Windows\System\HzzxBfQ.exe
  2⤵
  PID:4812
- C:\Windows\System\qvszLng.exe
  C:\Windows\System\qvszLng.exe
  2⤵
  PID:4828
- C:\Windows\System\UynaXBZ.exe
  C:\Windows\System\UynaXBZ.exe
  2⤵
  PID:4844
- C:\Windows\System\XVsJDzK.exe
  C:\Windows\System\XVsJDzK.exe
  2⤵
  PID:4860
- C:\Windows\System\fewKTpq.exe
  C:\Windows\System\fewKTpq.exe
  2⤵
  PID:4876
- C:\Windows\System\hrvscuy.exe
  C:\Windows\System\hrvscuy.exe
  2⤵
  PID:4892
- C:\Windows\System\YhvHnKa.exe
  C:\Windows\System\YhvHnKa.exe
  2⤵
  PID:4908
- C:\Windows\System\mojRkgi.exe
  C:\Windows\System\mojRkgi.exe
  2⤵
  PID:4924
- C:\Windows\System\oyshXyY.exe
  C:\Windows\System\oyshXyY.exe
  2⤵
  PID:4940
- C:\Windows\System\fXymriu.exe
  C:\Windows\System\fXymriu.exe
  2⤵
  PID:4956
- C:\Windows\System\qhNKpiP.exe
  C:\Windows\System\qhNKpiP.exe
  2⤵
  PID:4972
- C:\Windows\System\zDEZWnp.exe
  C:\Windows\System\zDEZWnp.exe
  2⤵
  PID:4988
- C:\Windows\System\dxyhCvC.exe
  C:\Windows\System\dxyhCvC.exe
  2⤵
  PID:5004
- C:\Windows\System\SDJHmgQ.exe
  C:\Windows\System\SDJHmgQ.exe
  2⤵
  PID:5020
- C:\Windows\System\ZdgVfTw.exe
  C:\Windows\System\ZdgVfTw.exe
  2⤵
  PID:5036
- C:\Windows\System\hhKqHgJ.exe
  C:\Windows\System\hhKqHgJ.exe
  2⤵
  PID:5052
- C:\Windows\System\osPdpoY.exe
  C:\Windows\System\osPdpoY.exe
  2⤵
  PID:5068
- C:\Windows\System\zgEpowW.exe
  C:\Windows\System\zgEpowW.exe
  2⤵
  PID:5084
- C:\Windows\System\qaofaTv.exe
  C:\Windows\System\qaofaTv.exe
  2⤵
  PID:5100
- C:\Windows\System\ytotaJX.exe
  C:\Windows\System\ytotaJX.exe
  2⤵
  PID:5116
- C:\Windows\System\aaudRwy.exe
  C:\Windows\System\aaudRwy.exe
  2⤵
  PID:3760
- C:\Windows\System\KLNsrjG.exe
  C:\Windows\System\KLNsrjG.exe
  2⤵
  PID:3840
- C:\Windows\System\uwbPjZb.exe
  C:\Windows\System\uwbPjZb.exe
  2⤵
  PID:2276
- C:\Windows\System\oyssZty.exe
  C:\Windows\System\oyssZty.exe
  2⤵
  PID:2748
- C:\Windows\System\zlkmjbM.exe
  C:\Windows\System\zlkmjbM.exe
  2⤵
  PID:3268
- C:\Windows\System\omuVhCh.exe
  C:\Windows\System\omuVhCh.exe
  2⤵
  PID:4120
- C:\Windows\System\ynDTJkt.exe
  C:\Windows\System\ynDTJkt.exe
  2⤵
  PID:4152
- C:\Windows\System\wlzKhEo.exe
  C:\Windows\System\wlzKhEo.exe
  2⤵
  PID:4184
- C:\Windows\System\bXxOpNM.exe
  C:\Windows\System\bXxOpNM.exe
  2⤵
  PID:4232
- C:\Windows\System\JxDGAoF.exe
  C:\Windows\System\JxDGAoF.exe
  2⤵
  PID:4248
- C:\Windows\System\FypzKar.exe
  C:\Windows\System\FypzKar.exe
  2⤵
  PID:4280
- C:\Windows\System\hnRpqRz.exe
  C:\Windows\System\hnRpqRz.exe
  2⤵
  PID:4312
- C:\Windows\System\nyrLApG.exe
  C:\Windows\System\nyrLApG.exe
  2⤵
  PID:4344
- C:\Windows\System\uAaBwTj.exe
  C:\Windows\System\uAaBwTj.exe
  2⤵
  PID:4376
- C:\Windows\System\UlTgHqY.exe
  C:\Windows\System\UlTgHqY.exe
  2⤵
  PID:4408
- C:\Windows\System\BVZCQPu.exe
  C:\Windows\System\BVZCQPu.exe
  2⤵
  PID:4456
- C:\Windows\System\TxdZWuH.exe
  C:\Windows\System\TxdZWuH.exe
  2⤵
  PID:4472
- C:\Windows\System\gbLmGWN.exe
  C:\Windows\System\gbLmGWN.exe
  2⤵
  PID:4504
- C:\Windows\System\gOxxvOI.exe
  C:\Windows\System\gOxxvOI.exe
  2⤵
  PID:4536
- C:\Windows\System\bXcxsbL.exe
  C:\Windows\System\bXcxsbL.exe
  2⤵
  PID:4568
- C:\Windows\System\CDAdErt.exe
  C:\Windows\System\CDAdErt.exe
  2⤵
  PID:4600
- C:\Windows\System\BWzPsSi.exe
  C:\Windows\System\BWzPsSi.exe
  2⤵
  PID:4632
- C:\Windows\System\YewvgJn.exe
  C:\Windows\System\YewvgJn.exe
  2⤵
  PID:4680
- C:\Windows\System\bsLhEUo.exe
  C:\Windows\System\bsLhEUo.exe
  2⤵
  PID:4712
- C:\Windows\System\NBrwYSO.exe
  C:\Windows\System\NBrwYSO.exe
  2⤵
  PID:4744
- C:\Windows\System\RXTpJYj.exe
  C:\Windows\System\RXTpJYj.exe
  2⤵
  PID:4776
- C:\Windows\System\MJynseM.exe
  C:\Windows\System\MJynseM.exe
  2⤵
  PID:4788
- C:\Windows\System\sEkoIIy.exe
  C:\Windows\System\sEkoIIy.exe
  2⤵
  PID:4824
- C:\Windows\System\IuPPhIt.exe
  C:\Windows\System\IuPPhIt.exe
  2⤵
  PID:4900
- C:\Windows\System\XgtGyvB.exe
  C:\Windows\System\XgtGyvB.exe
  2⤵
  PID:4936
- C:\Windows\System\IlVTdky.exe
  C:\Windows\System\IlVTdky.exe
  2⤵
  PID:5000
- C:\Windows\System\QecTnRh.exe
  C:\Windows\System\QecTnRh.exe
  2⤵
  PID:5064
- C:\Windows\System\fhTmiQA.exe
  C:\Windows\System\fhTmiQA.exe
  2⤵
  PID:5140
- C:\Windows\System\hciQrMs.exe
  C:\Windows\System\hciQrMs.exe
  2⤵
  PID:5156
- C:\Windows\System\XtocsJS.exe
  C:\Windows\System\XtocsJS.exe
  2⤵
  PID:5172
- C:\Windows\System\hlrWRTr.exe
  C:\Windows\System\hlrWRTr.exe
  2⤵
  PID:5188
- C:\Windows\System\hPEIMSz.exe
  C:\Windows\System\hPEIMSz.exe
  2⤵
  PID:5204
- C:\Windows\System\UoSGxxn.exe
  C:\Windows\System\UoSGxxn.exe
  2⤵
  PID:5220
- C:\Windows\System\GeuzNAc.exe
  C:\Windows\System\GeuzNAc.exe
  2⤵
  PID:5236
- C:\Windows\System\xZnChQq.exe
  C:\Windows\System\xZnChQq.exe
  2⤵
  PID:5252
- C:\Windows\System\CtfjWhn.exe
  C:\Windows\System\CtfjWhn.exe
  2⤵
  PID:5268
- C:\Windows\System\RFbZULD.exe
  C:\Windows\System\RFbZULD.exe
  2⤵
  PID:5284
- C:\Windows\System\OSqjJad.exe
  C:\Windows\System\OSqjJad.exe
  2⤵
  PID:5300
- C:\Windows\System\kQMHmBr.exe
  C:\Windows\System\kQMHmBr.exe
  2⤵
  PID:5316
- C:\Windows\System\ACRcoGo.exe
  C:\Windows\System\ACRcoGo.exe
  2⤵
  PID:5332
- C:\Windows\System\cENaLei.exe
  C:\Windows\System\cENaLei.exe
  2⤵
  PID:5348
- C:\Windows\System\ttjuOcM.exe
  C:\Windows\System\ttjuOcM.exe
  2⤵
  PID:5364
- C:\Windows\System\SYNIsyU.exe
  C:\Windows\System\SYNIsyU.exe
  2⤵
  PID:5380
- C:\Windows\System\iKEaZeC.exe
  C:\Windows\System\iKEaZeC.exe
  2⤵
  PID:5396
- C:\Windows\System\FaZalIe.exe
  C:\Windows\System\FaZalIe.exe
  2⤵
  PID:5412
- C:\Windows\System\CsiLeXA.exe
  C:\Windows\System\CsiLeXA.exe
  2⤵
  PID:5428
- C:\Windows\System\bddpbiL.exe
  C:\Windows\System\bddpbiL.exe
  2⤵
  PID:5444
- C:\Windows\System\XYTbBcY.exe
  C:\Windows\System\XYTbBcY.exe
  2⤵
  PID:5460
- C:\Windows\System\dxZrRRz.exe
  C:\Windows\System\dxZrRRz.exe
  2⤵
  PID:5476
- C:\Windows\System\uLKLDnR.exe
  C:\Windows\System\uLKLDnR.exe
  2⤵
  PID:5492
- C:\Windows\System\UfroQVI.exe
  C:\Windows\System\UfroQVI.exe
  2⤵
  PID:5508
- C:\Windows\System\OBUpfQL.exe
  C:\Windows\System\OBUpfQL.exe
  2⤵
  PID:5524
- C:\Windows\System\srthkLJ.exe
  C:\Windows\System\srthkLJ.exe
  2⤵
  PID:5540
- C:\Windows\System\YkwHOhZ.exe
  C:\Windows\System\YkwHOhZ.exe
  2⤵
  PID:5556
- C:\Windows\System\CZsVLwd.exe
  C:\Windows\System\CZsVLwd.exe
  2⤵
  PID:5572
- C:\Windows\System\HiMmIVz.exe
  C:\Windows\System\HiMmIVz.exe
  2⤵
  PID:5588
- C:\Windows\System\DdADAKz.exe
  C:\Windows\System\DdADAKz.exe
  2⤵
  PID:5604
- C:\Windows\System\zASspwV.exe
  C:\Windows\System\zASspwV.exe
  2⤵
  PID:5620
- C:\Windows\System\vDZgtgr.exe
  C:\Windows\System\vDZgtgr.exe
  2⤵
  PID:5636
- C:\Windows\System\ZyHzRYD.exe
  C:\Windows\System\ZyHzRYD.exe
  2⤵
  PID:5652
- C:\Windows\System\GWfYBcL.exe
  C:\Windows\System\GWfYBcL.exe
  2⤵
  PID:5668
- C:\Windows\System\AquIGoO.exe
  C:\Windows\System\AquIGoO.exe
  2⤵
  PID:5684
- C:\Windows\System\jMDKrPJ.exe
  C:\Windows\System\jMDKrPJ.exe
  2⤵
  PID:5700
- C:\Windows\System\QugyHlR.exe
  C:\Windows\System\QugyHlR.exe
  2⤵
  PID:5716
- C:\Windows\System\ZFDPPdN.exe
  C:\Windows\System\ZFDPPdN.exe
  2⤵
  PID:5732
- C:\Windows\System\OhCCfIf.exe
  C:\Windows\System\OhCCfIf.exe
  2⤵
  PID:5748
- C:\Windows\System\mWnpNek.exe
  C:\Windows\System\mWnpNek.exe
  2⤵
  PID:5764
- C:\Windows\System\VunoDCp.exe
  C:\Windows\System\VunoDCp.exe
  2⤵
  PID:5780
- C:\Windows\System\vvQEHbT.exe
  C:\Windows\System\vvQEHbT.exe
  2⤵
  PID:5796
- C:\Windows\System\pyVLnWt.exe
  C:\Windows\System\pyVLnWt.exe
  2⤵
  PID:5812
- C:\Windows\System\cHvGgvY.exe
  C:\Windows\System\cHvGgvY.exe
  2⤵
  PID:5828
- C:\Windows\System\AVXEgRu.exe
  C:\Windows\System\AVXEgRu.exe
  2⤵
  PID:5844
- C:\Windows\System\CMtFoqz.exe
  C:\Windows\System\CMtFoqz.exe
  2⤵
  PID:5860
- C:\Windows\System\xEltLra.exe
  C:\Windows\System\xEltLra.exe
  2⤵
  PID:5876
- C:\Windows\System\yvOIvSF.exe
  C:\Windows\System\yvOIvSF.exe
  2⤵
  PID:5892
- C:\Windows\System\WwYHSOn.exe
  C:\Windows\System\WwYHSOn.exe
  2⤵
  PID:5908
- C:\Windows\System\WBxPGgT.exe
  C:\Windows\System\WBxPGgT.exe
  2⤵
  PID:5924
- C:\Windows\System\grhJwso.exe
  C:\Windows\System\grhJwso.exe
  2⤵
  PID:5940
- C:\Windows\System\XVLdvBe.exe
  C:\Windows\System\XVLdvBe.exe
  2⤵
  PID:5956
- C:\Windows\System\jUszRoF.exe
  C:\Windows\System\jUszRoF.exe
  2⤵
  PID:5972
- C:\Windows\System\QRsvYcT.exe
  C:\Windows\System\QRsvYcT.exe
  2⤵
  PID:5988
- C:\Windows\System\XvhEdSj.exe
  C:\Windows\System\XvhEdSj.exe
  2⤵
  PID:6064
- C:\Windows\System\jEdMTcu.exe
  C:\Windows\System\jEdMTcu.exe
  2⤵
  PID:6080
- C:\Windows\System\BJmIwHF.exe
  C:\Windows\System\BJmIwHF.exe
  2⤵
  PID:6096
- C:\Windows\System\aMaVjlb.exe
  C:\Windows\System\aMaVjlb.exe
  2⤵
  PID:6112
- C:\Windows\System\MCJLFiO.exe
  C:\Windows\System\MCJLFiO.exe
  2⤵
  PID:6128
- C:\Windows\System\WCRmuSy.exe
  C:\Windows\System\WCRmuSy.exe
  2⤵
  PID:4856
- C:\Windows\System\LAyqkfX.exe
  C:\Windows\System\LAyqkfX.exe
  2⤵
  PID:4888
- C:\Windows\System\iBepRJM.exe
  C:\Windows\System\iBepRJM.exe
  2⤵
  PID:5740
- C:\Windows\System\dsiZYjk.exe
  C:\Windows\System\dsiZYjk.exe
  2⤵
  PID:3632
- C:\Windows\System\aCuqpkJ.exe
  C:\Windows\System\aCuqpkJ.exe
  2⤵
  PID:2768
- C:\Windows\System\Ybjycma.exe
  C:\Windows\System\Ybjycma.exe
  2⤵
  PID:4356
- C:\Windows\System\ImPfPEO.exe
  C:\Windows\System\ImPfPEO.exe
  2⤵
  PID:5132
- C:\Windows\System\sOctLkT.exe
  C:\Windows\System\sOctLkT.exe
  2⤵
  PID:5196
- C:\Windows\System\nvoFgpY.exe
  C:\Windows\System\nvoFgpY.exe
  2⤵
  PID:5260
- C:\Windows\System\wCwigsN.exe
  C:\Windows\System\wCwigsN.exe
  2⤵
  PID:5328
- C:\Windows\System\ndfhpbb.exe
  C:\Windows\System\ndfhpbb.exe
  2⤵
  PID:5392
- C:\Windows\System\MaDlXMY.exe
  C:\Windows\System\MaDlXMY.exe
  2⤵
  PID:5456
- C:\Windows\System\iLJedgN.exe
  C:\Windows\System\iLJedgN.exe
  2⤵
  PID:5548
- C:\Windows\System\PTigMvK.exe
  C:\Windows\System\PTigMvK.exe
  2⤵
  PID:5612
- C:\Windows\System\XPqowrl.exe
  C:\Windows\System\XPqowrl.exe
  2⤵
  PID:5676
- C:\Windows\System\jatdQVc.exe
  C:\Windows\System\jatdQVc.exe
  2⤵
  PID:5744
- C:\Windows\System\AdSHiOk.exe
  C:\Windows\System\AdSHiOk.exe
  2⤵
  PID:5808
- C:\Windows\System\cxJakEU.exe
  C:\Windows\System\cxJakEU.exe
  2⤵
  PID:5872
- C:\Windows\System\jXeebJJ.exe
  C:\Windows\System\jXeebJJ.exe
  2⤵
  PID:5968
- C:\Windows\System\Ciwkujq.exe
  C:\Windows\System\Ciwkujq.exe
  2⤵
  PID:6012
- C:\Windows\System\AhSOmsg.exe
  C:\Windows\System\AhSOmsg.exe
  2⤵
  PID:6028
- C:\Windows\System\iuWCCJf.exe
  C:\Windows\System\iuWCCJf.exe
  2⤵
  PID:6044
- C:\Windows\System\myIOjxO.exe
  C:\Windows\System\myIOjxO.exe
  2⤵
  PID:6060
- C:\Windows\System\SpHuXRv.exe
  C:\Windows\System\SpHuXRv.exe
  2⤵
  PID:6120
- C:\Windows\System\miRlzht.exe
  C:\Windows\System\miRlzht.exe
  2⤵
  PID:5092
- C:\Windows\System\CLLswSK.exe
  C:\Windows\System\CLLswSK.exe
  2⤵
  PID:448
- C:\Windows\System\VFmhCtZ.exe
  C:\Windows\System\VFmhCtZ.exe
  2⤵
  PID:4756
- C:\Windows\System\GiniDjf.exe
  C:\Windows\System\GiniDjf.exe
  2⤵
  PID:5916
- C:\Windows\System\bzHxMLF.exe
  C:\Windows\System\bzHxMLF.exe
  2⤵
  PID:3020
- C:\Windows\System\BwxdUhQ.exe
  C:\Windows\System\BwxdUhQ.exe
  2⤵
  PID:1776
- C:\Windows\System\pNyGXSR.exe
  C:\Windows\System\pNyGXSR.exe
  2⤵
  PID:1368
- C:\Windows\System\kPBlpIi.exe
  C:\Windows\System\kPBlpIi.exe
  2⤵
  PID:6108
- C:\Windows\System\lAcxHQt.exe
  C:\Windows\System\lAcxHQt.exe
  2⤵
  PID:6140
- C:\Windows\System\eYptolt.exe
  C:\Windows\System\eYptolt.exe
  2⤵
  PID:5012
- C:\Windows\System\YumKrlc.exe
  C:\Windows\System\YumKrlc.exe
  2⤵
  PID:5076
- C:\Windows\System\bsFQwEy.exe
  C:\Windows\System\bsFQwEy.exe
  2⤵
  PID:3904
- C:\Windows\System\fyrCynp.exe
  C:\Windows\System\fyrCynp.exe
  2⤵
  PID:2872
- C:\Windows\System\XaWdExh.exe
  C:\Windows\System\XaWdExh.exe
  2⤵
  PID:4244
- C:\Windows\System\imJycQe.exe
  C:\Windows\System\imJycQe.exe
  2⤵
  PID:4372
- C:\Windows\System\geWRlPF.exe
  C:\Windows\System\geWRlPF.exe
  2⤵
  PID:4500
- C:\Windows\System\opxFyxB.exe
  C:\Windows\System\opxFyxB.exe
  2⤵
  PID:4644
- C:\Windows\System\BzdDFvJ.exe
  C:\Windows\System\BzdDFvJ.exe
  2⤵
  PID:4772
- C:\Windows\System\xAiZcCe.exe
  C:\Windows\System\xAiZcCe.exe
  2⤵
  PID:4932
- C:\Windows\System\vojsXXs.exe
  C:\Windows\System\vojsXXs.exe
  2⤵
  PID:5152
- C:\Windows\System\KMLpeYi.exe
  C:\Windows\System\KMLpeYi.exe
  2⤵
  PID:5216
- C:\Windows\System\cDUNERz.exe
  C:\Windows\System\cDUNERz.exe
  2⤵
  PID:5280
- C:\Windows\System\BOxpExA.exe
  C:\Windows\System\BOxpExA.exe
  2⤵
  PID:5376
- C:\Windows\System\novXofs.exe
  C:\Windows\System\novXofs.exe
  2⤵
  PID:5440
- C:\Windows\System\cOcUuml.exe
  C:\Windows\System\cOcUuml.exe
  2⤵
  PID:5504
- C:\Windows\System\gtJzVtx.exe
  C:\Windows\System\gtJzVtx.exe
  2⤵
  PID:5568
- C:\Windows\System\IqvooPc.exe
  C:\Windows\System\IqvooPc.exe
  2⤵
  PID:5632
- C:\Windows\System\uBoDETU.exe
  C:\Windows\System\uBoDETU.exe
  2⤵
  PID:5724
- C:\Windows\System\GKTpUYK.exe
  C:\Windows\System\GKTpUYK.exe
  2⤵
  PID:5788
- C:\Windows\System\nZmRBQE.exe
  C:\Windows\System\nZmRBQE.exe
  2⤵
  PID:5888
- C:\Windows\System\AjcqXwY.exe
  C:\Windows\System\AjcqXwY.exe
  2⤵
  PID:5980
- C:\Windows\System\qcAcqrV.exe
  C:\Windows\System\qcAcqrV.exe
  2⤵
  PID:4164
- C:\Windows\System\sRxtelW.exe
  C:\Windows\System\sRxtelW.exe
  2⤵
  PID:4420
- C:\Windows\System\feorfVZ.exe
  C:\Windows\System\feorfVZ.exe
  2⤵
  PID:4548
- C:\Windows\System\VvNqPSV.exe
  C:\Windows\System\VvNqPSV.exe
  2⤵
  PID:4660
- C:\Windows\System\NEDCUKN.exe
  C:\Windows\System\NEDCUKN.exe
  2⤵
  PID:4808
- C:\Windows\System\qpTCrrO.exe
  C:\Windows\System\qpTCrrO.exe
  2⤵
  PID:4676
- C:\Windows\System\fvJdJJB.exe
  C:\Windows\System\fvJdJJB.exe
  2⤵
  PID:4292
- C:\Windows\System\bnuLYNn.exe
  C:\Windows\System\bnuLYNn.exe
  2⤵
  PID:5388
- C:\Windows\System\BiSAOjv.exe
  C:\Windows\System\BiSAOjv.exe
  2⤵
  PID:5648
- C:\Windows\System\enBPfGW.exe
  C:\Windows\System\enBPfGW.exe
  2⤵
  PID:5932
- C:\Windows\System\mTimVwZ.exe
  C:\Windows\System\mTimVwZ.exe
  2⤵
  PID:6024
- C:\Windows\System\aEhfgJz.exe
  C:\Windows\System\aEhfgJz.exe
  2⤵
  PID:4884
- C:\Windows\System\EwrtpFk.exe
  C:\Windows\System\EwrtpFk.exe
  2⤵
  PID:2376
- C:\Windows\System\dXFHcmt.exe
  C:\Windows\System\dXFHcmt.exe
  2⤵
  PID:5324
- C:\Windows\System\isVyxGg.exe
  C:\Windows\System\isVyxGg.exe
  2⤵
  PID:1008
- C:\Windows\System\OwuRdvq.exe
  C:\Windows\System\OwuRdvq.exe
  2⤵
  PID:4580
- C:\Windows\System\WemCRkA.exe
  C:\Windows\System\WemCRkA.exe
  2⤵
  PID:5164
- C:\Windows\System\vMnftjX.exe
  C:\Windows\System\vMnftjX.exe
  2⤵
  PID:5424
- C:\Windows\System\jyRvkmO.exe
  C:\Windows\System\jyRvkmO.exe
  2⤵
  PID:6092
- C:\Windows\System\vFZNUiE.exe
  C:\Windows\System\vFZNUiE.exe
  2⤵
  PID:6008
- C:\Windows\System\ebsuKmS.exe
  C:\Windows\System\ebsuKmS.exe
  2⤵
  PID:5184
- C:\Windows\System\vVjnfni.exe
  C:\Windows\System\vVjnfni.exe
  2⤵
  PID:5372
- C:\Windows\System\pBISNbi.exe
  C:\Windows\System\pBISNbi.exe
  2⤵
  PID:2368
- C:\Windows\System\NXOCKzw.exe
  C:\Windows\System\NXOCKzw.exe
  2⤵
  PID:4968
- C:\Windows\System\ViHXrob.exe
  C:\Windows\System\ViHXrob.exe
  2⤵
  PID:5344
- C:\Windows\System\BWOCWzu.exe
  C:\Windows\System\BWOCWzu.exe
  2⤵
  PID:5760
- C:\Windows\System\zitautC.exe
  C:\Windows\System\zitautC.exe
  2⤵
  PID:5664
- C:\Windows\System\niVJzCR.exe
  C:\Windows\System\niVJzCR.exe
  2⤵
  PID:404
- C:\Windows\System\nPlbIcn.exe
  C:\Windows\System\nPlbIcn.exe
  2⤵
  PID:5360
- C:\Windows\System\PCzNudL.exe
  C:\Windows\System\PCzNudL.exe
  2⤵
  PID:5884
- C:\Windows\System\jdLqbRM.exe
  C:\Windows\System\jdLqbRM.exe
  2⤵
  PID:2380
- C:\Windows\System\BnzoLZw.exe
  C:\Windows\System\BnzoLZw.exe
  2⤵
  PID:4532
- C:\Windows\System\DGrvNgX.exe
  C:\Windows\System\DGrvNgX.exe
  2⤵
  PID:5712
- C:\Windows\System\OWYtJVL.exe
  C:\Windows\System\OWYtJVL.exe
  2⤵
  PID:6056
- C:\Windows\System\gAjTNum.exe
  C:\Windows\System\gAjTNum.exe
  2⤵
  PID:5128
- C:\Windows\System\HhBLbDL.exe
  C:\Windows\System\HhBLbDL.exe
  2⤵
  PID:4564
- C:\Windows\System\yBtHkuO.exe
  C:\Windows\System\yBtHkuO.exe
  2⤵
  PID:5340
- C:\Windows\System\bxsshoB.exe
  C:\Windows\System\bxsshoB.exe
  2⤵
  PID:5628
- C:\Windows\System\GCRmgDX.exe
  C:\Windows\System\GCRmgDX.exe
  2⤵
  PID:5948
- C:\Windows\System\howusLM.exe
  C:\Windows\System\howusLM.exe
  2⤵
  PID:5696
- C:\Windows\System\ixKPwPF.exe
  C:\Windows\System\ixKPwPF.exe
  2⤵
  PID:4308
- C:\Windows\System\GnPhnal.exe
  C:\Windows\System\GnPhnal.exe
  2⤵
  PID:1136
- C:\Windows\System\gIPHlUC.exe
  C:\Windows\System\gIPHlUC.exe
  2⤵
  PID:5804
- C:\Windows\System\MtztaRt.exe
  C:\Windows\System\MtztaRt.exe
  2⤵
  PID:5600
- C:\Windows\System\CFgNWoF.exe
  C:\Windows\System\CFgNWoF.exe
  2⤵
  PID:5868
- C:\Windows\System\bKyjgxZ.exe
  C:\Windows\System\bKyjgxZ.exe
  2⤵
  PID:5536
- C:\Windows\System\CZcAnsM.exe
  C:\Windows\System\CZcAnsM.exe
  2⤵
  PID:5840
- C:\Windows\System\CQjHETn.exe
  C:\Windows\System\CQjHETn.exe
  2⤵
  PID:4724
- C:\Windows\System\GRKOnkk.exe
  C:\Windows\System\GRKOnkk.exe
  2⤵
  PID:6160
- C:\Windows\System\POhAjYx.exe
  C:\Windows\System\POhAjYx.exe
  2⤵
  PID:6180
- C:\Windows\System\pSmehkf.exe
  C:\Windows\System\pSmehkf.exe
  2⤵
  PID:6196
- C:\Windows\System\aZQPJHH.exe
  C:\Windows\System\aZQPJHH.exe
  2⤵
  PID:6212
- C:\Windows\System\aYwQlto.exe
  C:\Windows\System\aYwQlto.exe
  2⤵
  PID:6228
- C:\Windows\System\XPTIYsO.exe
  C:\Windows\System\XPTIYsO.exe
  2⤵
  PID:6244
- C:\Windows\System\JArKudd.exe
  C:\Windows\System\JArKudd.exe
  2⤵
  PID:6260
- C:\Windows\System\SyvDGir.exe
  C:\Windows\System\SyvDGir.exe
  2⤵
  PID:6276
- C:\Windows\System\GNwjMNQ.exe
  C:\Windows\System\GNwjMNQ.exe
  2⤵
  PID:6292
- C:\Windows\System\iRsSzGH.exe
  C:\Windows\System\iRsSzGH.exe
  2⤵
  PID:6320
- C:\Windows\System\DCPwwoS.exe
  C:\Windows\System\DCPwwoS.exe
  2⤵
  PID:6384
- C:\Windows\System\IdrEwwK.exe
  C:\Windows\System\IdrEwwK.exe
  2⤵
  PID:6400
- C:\Windows\System\ynrgXms.exe
  C:\Windows\System\ynrgXms.exe
  2⤵
  PID:6416
- C:\Windows\System\KOtMrEO.exe
  C:\Windows\System\KOtMrEO.exe
  2⤵
  PID:6444
- C:\Windows\System\uxezIai.exe
  C:\Windows\System\uxezIai.exe
  2⤵
  PID:6580
- C:\Windows\System\SncPWcX.exe
  C:\Windows\System\SncPWcX.exe
  2⤵
  PID:6632
- C:\Windows\System\eVJlrnf.exe
  C:\Windows\System\eVJlrnf.exe
  2⤵
  PID:6740
- C:\Windows\System\LQxVRBb.exe
  C:\Windows\System\LQxVRBb.exe
  2⤵
  PID:6864
- C:\Windows\System\rlYwLZr.exe
  C:\Windows\System\rlYwLZr.exe
  2⤵
  PID:6880
- C:\Windows\System\YUziOKw.exe
  C:\Windows\System\YUziOKw.exe
  2⤵
  PID:6896
- C:\Windows\System\LSpeMBa.exe
  C:\Windows\System\LSpeMBa.exe
  2⤵
  PID:6912
- C:\Windows\System\OwGjphu.exe
  C:\Windows\System\OwGjphu.exe
  2⤵
  PID:6932
- C:\Windows\System\aoWFdIq.exe
  C:\Windows\System\aoWFdIq.exe
  2⤵
  PID:6948
- C:\Windows\System\bCSbZsN.exe
  C:\Windows\System\bCSbZsN.exe
  2⤵
  PID:6964
- C:\Windows\System\cWdsjlu.exe
  C:\Windows\System\cWdsjlu.exe
  2⤵
  PID:6980
- C:\Windows\System\gTPBdyD.exe
  C:\Windows\System\gTPBdyD.exe
  2⤵
  PID:6996
- C:\Windows\System\pXCsIsB.exe
  C:\Windows\System\pXCsIsB.exe
  2⤵
  PID:7012
- C:\Windows\System\wnTGDWn.exe
  C:\Windows\System\wnTGDWn.exe
  2⤵
  PID:7032
- C:\Windows\System\QWsoHCS.exe
  C:\Windows\System\QWsoHCS.exe
  2⤵
  PID:7048
- C:\Windows\System\vecKVgG.exe
  C:\Windows\System\vecKVgG.exe
  2⤵
  PID:7064
- C:\Windows\System\CMCiWrj.exe
  C:\Windows\System\CMCiWrj.exe
  2⤵
  PID:7080
- C:\Windows\System\jYlZQuF.exe
  C:\Windows\System\jYlZQuF.exe
  2⤵
  PID:7100
- C:\Windows\System\ycHnzNG.exe
  C:\Windows\System\ycHnzNG.exe
  2⤵
  PID:7116
- C:\Windows\System\cIJyPHt.exe
  C:\Windows\System\cIJyPHt.exe
  2⤵
  PID:7132
- C:\Windows\System\hvHFyrW.exe
  C:\Windows\System\hvHFyrW.exe
  2⤵
  PID:7148
- C:\Windows\System\lsTRfae.exe
  C:\Windows\System\lsTRfae.exe
  2⤵
  PID:7164
- C:\Windows\System\kmFVeYq.exe
  C:\Windows\System\kmFVeYq.exe
  2⤵
  PID:1176
- C:\Windows\System\rBWzWhC.exe
  C:\Windows\System\rBWzWhC.exe
  2⤵
  PID:5820
- C:\Windows\System\tNtXaPX.exe
  C:\Windows\System\tNtXaPX.exe
  2⤵
  PID:6156
- C:\Windows\System\eMulNNL.exe
  C:\Windows\System\eMulNNL.exe
  2⤵
  PID:6272
- C:\Windows\System\xVTSltG.exe
  C:\Windows\System\xVTSltG.exe
  2⤵
  PID:6208
- C:\Windows\System\oyxqZCA.exe
  C:\Windows\System\oyxqZCA.exe
  2⤵
  PID:6224
- C:\Windows\System\bfdIiNS.exe
  C:\Windows\System\bfdIiNS.exe
  2⤵
  PID:6288
- C:\Windows\System\OvmRfdN.exe
  C:\Windows\System\OvmRfdN.exe
  2⤵
  PID:2036
- C:\Windows\System\rOHNwZS.exe
  C:\Windows\System\rOHNwZS.exe
  2⤵
  PID:6328
- C:\Windows\System\JRhrPpN.exe
  C:\Windows\System\JRhrPpN.exe
  2⤵
  PID:6348
- C:\Windows\System\yuTjcLe.exe
  C:\Windows\System\yuTjcLe.exe
  2⤵
  PID:6344
- C:\Windows\System\hVbMZgV.exe
  C:\Windows\System\hVbMZgV.exe
  2⤵
  PID:6372
- C:\Windows\System\xJxnWZH.exe
  C:\Windows\System\xJxnWZH.exe
  2⤵
  PID:6424
- C:\Windows\System\ARVRMuS.exe
  C:\Windows\System\ARVRMuS.exe
  2⤵
  PID:6436
- C:\Windows\System\yVgIAtK.exe
  C:\Windows\System\yVgIAtK.exe
  2⤵
  PID:6480
- C:\Windows\System\uYnxwlG.exe
  C:\Windows\System\uYnxwlG.exe
  2⤵
  PID:6460
- C:\Windows\System\OmkXvxt.exe
  C:\Windows\System\OmkXvxt.exe
  2⤵
  PID:6476
- C:\Windows\System\mFJmUYw.exe
  C:\Windows\System\mFJmUYw.exe
  2⤵
  PID:6500
- C:\Windows\System\AjDyArS.exe
  C:\Windows\System\AjDyArS.exe
  2⤵
  PID:6516
- C:\Windows\System\Vcjzrnh.exe
  C:\Windows\System\Vcjzrnh.exe
  2⤵
  PID:6536
- C:\Windows\System\WVZqqUL.exe
  C:\Windows\System\WVZqqUL.exe
  2⤵
  PID:6548
- C:\Windows\System\AZQYGtv.exe
  C:\Windows\System\AZQYGtv.exe
  2⤵
  PID:6564
- C:\Windows\System\DVqmsqB.exe
  C:\Windows\System\DVqmsqB.exe
  2⤵
  PID:6568
- C:\Windows\System\gXSPAjA.exe
  C:\Windows\System\gXSPAjA.exe
  2⤵
  PID:6612
- C:\Windows\System\pPItduX.exe
  C:\Windows\System\pPItduX.exe
  2⤵
  PID:6624
- C:\Windows\System\rriBIms.exe
  C:\Windows\System\rriBIms.exe
  2⤵
  PID:6644
- C:\Windows\System\OugOWHv.exe
  C:\Windows\System\OugOWHv.exe
  2⤵
  PID:6692
- C:\Windows\System\tyWKiFQ.exe
  C:\Windows\System\tyWKiFQ.exe
  2⤵
  PID:6656
- C:\Windows\System\REcnpxM.exe
  C:\Windows\System\REcnpxM.exe
  2⤵
  PID:6672
- C:\Windows\System\TipHhtq.exe
  C:\Windows\System\TipHhtq.exe
  2⤵
  PID:6840
- C:\Windows\System\JqQICtw.exe
  C:\Windows\System\JqQICtw.exe
  2⤵
  PID:6860
- C:\Windows\System\QmlsVKt.exe
  C:\Windows\System\QmlsVKt.exe
  2⤵
  PID:6788
- C:\Windows\System\qpCCNeW.exe
  C:\Windows\System\qpCCNeW.exe
  2⤵
  PID:7156
- C:\Windows\System\zokshAy.exe
  C:\Windows\System\zokshAy.exe
  2⤵
  PID:7144
- C:\Windows\System\IoBMXxU.exe
  C:\Windows\System\IoBMXxU.exe
  2⤵
  PID:7140
- C:\Windows\System\AsWcOWR.exe
  C:\Windows\System\AsWcOWR.exe
  2⤵
  PID:5564
- C:\Windows\System\raEUMYo.exe
  C:\Windows\System\raEUMYo.exe
  2⤵
  PID:6220
- C:\Windows\System\qOubwQl.exe
  C:\Windows\System\qOubwQl.exe
  2⤵
  PID:6304
- C:\Windows\System\yoKHEqK.exe
  C:\Windows\System\yoKHEqK.exe
  2⤵
  PID:6540
- C:\Windows\System\deGkbjg.exe
  C:\Windows\System\deGkbjg.exe
  2⤵
  PID:6664
- C:\Windows\System\GyIPXsm.exe
  C:\Windows\System\GyIPXsm.exe
  2⤵
  PID:6596
- C:\Windows\System\SwEIXkl.exe
  C:\Windows\System\SwEIXkl.exe
  2⤵
  PID:6408
- C:\Windows\System\KdRlfuM.exe
  C:\Windows\System\KdRlfuM.exe
  2⤵
  PID:6756
- C:\Windows\System\HvxTDLp.exe
  C:\Windows\System\HvxTDLp.exe
  2⤵
  PID:6708
- C:\Windows\System\owdloMV.exe
  C:\Windows\System\owdloMV.exe
  2⤵
  PID:6688
- C:\Windows\System\gTohrbY.exe
  C:\Windows\System\gTohrbY.exe
  2⤵
  PID:6784
- C:\Windows\System\XFdMJYX.exe
  C:\Windows\System\XFdMJYX.exe
  2⤵
  PID:6796
- C:\Windows\System\EMJWgvn.exe
  C:\Windows\System\EMJWgvn.exe
  2⤵
  PID:6816
- C:\Windows\System\QGElyyC.exe
  C:\Windows\System\QGElyyC.exe
  2⤵
  PID:6856
- C:\Windows\System\JQBxNTM.exe
  C:\Windows\System\JQBxNTM.exe
  2⤵
  PID:6832
- C:\Windows\System\XdZyFcv.exe
  C:\Windows\System\XdZyFcv.exe
  2⤵
  PID:7040
- C:\Windows\System\LjKthuh.exe
  C:\Windows\System\LjKthuh.exe
  2⤵
  PID:7108
- C:\Windows\System\gcEcjhd.exe
  C:\Windows\System\gcEcjhd.exe
  2⤵
  PID:6956
- C:\Windows\System\Dfcfacc.exe
  C:\Windows\System\Dfcfacc.exe
  2⤵
  PID:6628
- C:\Windows\System\rRXtzwv.exe
  C:\Windows\System\rRXtzwv.exe
  2⤵
  PID:6412
- C:\Windows\System\gVPlpgD.exe
  C:\Windows\System\gVPlpgD.exe
  2⤵
  PID:6648
- C:\Windows\System\LEXYrmc.exe
  C:\Windows\System\LEXYrmc.exe
  2⤵
  PID:6652
- C:\Windows\System\tpsvQdL.exe
  C:\Windows\System\tpsvQdL.exe
  2⤵
  PID:6720
- C:\Windows\System\fvWiHtT.exe
  C:\Windows\System\fvWiHtT.exe
  2⤵
  PID:6780
- C:\Windows\System\MJozxXL.exe
  C:\Windows\System\MJozxXL.exe
  2⤵
  PID:6940
- C:\Windows\System\keSlBQM.exe
  C:\Windows\System\keSlBQM.exe
  2⤵
  PID:7028
- C:\Windows\System\LvNaMwF.exe
  C:\Windows\System\LvNaMwF.exe
  2⤵
  PID:7088
- C:\Windows\System\iCJGeqw.exe
  C:\Windows\System\iCJGeqw.exe
  2⤵
  PID:6928
- C:\Windows\System\QavNBkk.exe
  C:\Windows\System\QavNBkk.exe
  2⤵
  PID:7128
- C:\Windows\System\NSPuUEO.exe
  C:\Windows\System\NSPuUEO.exe
  2⤵
  PID:5048
- C:\Windows\System\nuaBvCR.exe
  C:\Windows\System\nuaBvCR.exe
  2⤵
  PID:7188
- C:\Windows\System\eoYVXIM.exe
  C:\Windows\System\eoYVXIM.exe
  2⤵
  PID:7204
- C:\Windows\System\DmrfuPA.exe
  C:\Windows\System\DmrfuPA.exe
  2⤵
  PID:7220
- C:\Windows\System\jYuAPyb.exe
  C:\Windows\System\jYuAPyb.exe
  2⤵
  PID:7236
- C:\Windows\System\ohPysiS.exe
  C:\Windows\System\ohPysiS.exe
  2⤵
  PID:7256
- C:\Windows\System\FmGkjRm.exe
  C:\Windows\System\FmGkjRm.exe
  2⤵
  PID:7272
- C:\Windows\System\pUqlGAd.exe
  C:\Windows\System\pUqlGAd.exe
  2⤵
  PID:7288
- C:\Windows\System\zZdeBlA.exe
  C:\Windows\System\zZdeBlA.exe
  2⤵
  PID:7304
- C:\Windows\System\KxIbGdB.exe
  C:\Windows\System\KxIbGdB.exe
  2⤵
  PID:7320
- C:\Windows\System\bktHJVt.exe
  C:\Windows\System\bktHJVt.exe
  2⤵
  PID:7336
- C:\Windows\System\IRojAfs.exe
  C:\Windows\System\IRojAfs.exe
  2⤵
  PID:7352
- C:\Windows\System\lcrnafL.exe
  C:\Windows\System\lcrnafL.exe
  2⤵
  PID:7368
- C:\Windows\System\bLZRqkl.exe
  C:\Windows\System\bLZRqkl.exe
  2⤵
  PID:7384
- C:\Windows\System\gopbkkD.exe
  C:\Windows\System\gopbkkD.exe
  2⤵
  PID:7400
- C:\Windows\System\nOALsJq.exe
  C:\Windows\System\nOALsJq.exe
  2⤵
  PID:7416
- C:\Windows\System\ZQjxgSm.exe
  C:\Windows\System\ZQjxgSm.exe
  2⤵
  PID:7432
- C:\Windows\System\FtiRwrB.exe
  C:\Windows\System\FtiRwrB.exe
  2⤵
  PID:7448
- C:\Windows\System\onoXUwl.exe
  C:\Windows\System\onoXUwl.exe
  2⤵
  PID:7468
- C:\Windows\System\RtuyjDx.exe
  C:\Windows\System\RtuyjDx.exe
  2⤵
  PID:7484
- C:\Windows\System\XxyIoWT.exe
  C:\Windows\System\XxyIoWT.exe
  2⤵
  PID:7540
- C:\Windows\System\UZtIFek.exe
  C:\Windows\System\UZtIFek.exe
  2⤵
  PID:7556
- C:\Windows\System\AflABTH.exe
  C:\Windows\System\AflABTH.exe
  2⤵
  PID:7572
- C:\Windows\System\PZQuaNW.exe
  C:\Windows\System\PZQuaNW.exe
  2⤵
  PID:7588
- C:\Windows\System\EWJKRIc.exe
  C:\Windows\System\EWJKRIc.exe
  2⤵
  PID:7604
- C:\Windows\System\jNutVPe.exe
  C:\Windows\System\jNutVPe.exe
  2⤵
  PID:7620
- C:\Windows\System\hTnwAAP.exe
  C:\Windows\System\hTnwAAP.exe
  2⤵
  PID:7636
- C:\Windows\System\QmCvmub.exe
  C:\Windows\System\QmCvmub.exe
  2⤵
  PID:7652
- C:\Windows\System\BJZQrgN.exe
  C:\Windows\System\BJZQrgN.exe
  2⤵
  PID:7668
- C:\Windows\System\hBKuSKE.exe
  C:\Windows\System\hBKuSKE.exe
  2⤵
  PID:7684
- C:\Windows\System\gTPHIko.exe
  C:\Windows\System\gTPHIko.exe
  2⤵
  PID:7708
- C:\Windows\System\lhFTyOo.exe
  C:\Windows\System\lhFTyOo.exe
  2⤵
  PID:7724
- C:\Windows\System\RItumSq.exe
  C:\Windows\System\RItumSq.exe
  2⤵
  PID:7740
- C:\Windows\System\etmHezI.exe
  C:\Windows\System\etmHezI.exe
  2⤵
  PID:7760
- C:\Windows\System\gLWyjrc.exe
  C:\Windows\System\gLWyjrc.exe
  2⤵
  PID:7776
- C:\Windows\System\cSlnYVV.exe
  C:\Windows\System\cSlnYVV.exe
  2⤵
  PID:7860
- C:\Windows\System\uyyAwMY.exe
  C:\Windows\System\uyyAwMY.exe
  2⤵
  PID:7876
- C:\Windows\System\TvfRxac.exe
  C:\Windows\System\TvfRxac.exe
  2⤵
  PID:7896
- C:\Windows\System\VgyQTnB.exe
  C:\Windows\System\VgyQTnB.exe
  2⤵
  PID:7912
- C:\Windows\System\DCEgSvX.exe
  C:\Windows\System\DCEgSvX.exe
  2⤵
  PID:8108
- C:\Windows\System\yjUMRik.exe
  C:\Windows\System\yjUMRik.exe
  2⤵
  PID:6616
- C:\Windows\System\xKnbJrH.exe
  C:\Windows\System\xKnbJrH.exe
  2⤵
  PID:6468
- C:\Windows\System\jfjAZzP.exe
  C:\Windows\System\jfjAZzP.exe
  2⤵
  PID:6332
- C:\Windows\System\QdWkVxu.exe
  C:\Windows\System\QdWkVxu.exe
  2⤵
  PID:6256
- C:\Windows\System\vujhouE.exe
  C:\Windows\System\vujhouE.exe
  2⤵
  PID:6728
- C:\Windows\System\aJJBxmC.exe
  C:\Windows\System\aJJBxmC.exe
  2⤵
  PID:7060
- C:\Windows\System\nKrHUqG.exe
  C:\Windows\System\nKrHUqG.exe
  2⤵
  PID:7112
- C:\Windows\System\BUlXDmr.exe
  C:\Windows\System\BUlXDmr.exe
  2⤵
  PID:7248
- C:\Windows\System\lSwiGAk.exe
  C:\Windows\System\lSwiGAk.exe
  2⤵
  PID:7380
- C:\Windows\System\bgdNikw.exe
  C:\Windows\System\bgdNikw.exe
  2⤵
  PID:7312
- C:\Windows\System\mpEyolk.exe
  C:\Windows\System\mpEyolk.exe
  2⤵
  PID:7456
- C:\Windows\System\Tcoeqzo.exe
  C:\Windows\System\Tcoeqzo.exe
  2⤵
  PID:6892
- C:\Windows\System\WKZRWNt.exe
  C:\Windows\System\WKZRWNt.exe
  2⤵
  PID:6872
- C:\Windows\System\TBzRaPH.exe
  C:\Windows\System\TBzRaPH.exe
  2⤵
  PID:6752
- C:\Windows\System\kIBTxLR.exe
  C:\Windows\System\kIBTxLR.exe
  2⤵
  PID:6700
- C:\Windows\System\VaTYPzJ.exe
  C:\Windows\System\VaTYPzJ.exe
  2⤵
  PID:6824
- C:\Windows\System\ZrSPklQ.exe
  C:\Windows\System\ZrSPklQ.exe
  2⤵
  PID:7004
- C:\Windows\System\eiwfIge.exe
  C:\Windows\System\eiwfIge.exe
  2⤵
  PID:7072
- C:\Windows\System\GagfLID.exe
  C:\Windows\System\GagfLID.exe
  2⤵
  PID:6712
- C:\Windows\System\NfIrwwb.exe
  C:\Windows\System\NfIrwwb.exe
  2⤵
  PID:6888
- C:\Windows\System\EMsqCzD.exe
  C:\Windows\System\EMsqCzD.exe
  2⤵
  PID:7200
- C:\Windows\System\UmwpduF.exe
  C:\Windows\System\UmwpduF.exe
  2⤵
  PID:7268
- C:\Windows\System\YJwsUph.exe
  C:\Windows\System\YJwsUph.exe
  2⤵
  PID:7360
- C:\Windows\System\ZLmhPCL.exe
  C:\Windows\System\ZLmhPCL.exe
  2⤵
  PID:7424
- C:\Windows\System\yfqBMQY.exe
  C:\Windows\System\yfqBMQY.exe
  2⤵
  PID:7508
- C:\Windows\System\iImJeiS.exe
  C:\Windows\System\iImJeiS.exe
  2⤵
  PID:7528
- C:\Windows\System\tXCirjy.exe
  C:\Windows\System\tXCirjy.exe
  2⤵
  PID:7580
- C:\Windows\System\zBkHoEU.exe
  C:\Windows\System\zBkHoEU.exe
  2⤵
  PID:7612
- C:\Windows\System\uJQLoFA.exe
  C:\Windows\System\uJQLoFA.exe
  2⤵
  PID:7648
- C:\Windows\System\uHDKiHm.exe
  C:\Windows\System\uHDKiHm.exe
  2⤵
  PID:7828
- C:\Windows\System\sSIWujI.exe
  C:\Windows\System\sSIWujI.exe
  2⤵
  PID:7904
- C:\Windows\System\HIlJYYD.exe
  C:\Windows\System\HIlJYYD.exe
  2⤵
  PID:7884
- C:\Windows\System\nCJMAQd.exe
  C:\Windows\System\nCJMAQd.exe
  2⤵
  PID:7844
- C:\Windows\System\DWsxLHQ.exe
  C:\Windows\System\DWsxLHQ.exe
  2⤵
  PID:8124
- C:\Windows\System\aQOnpgQ.exe
  C:\Windows\System\aQOnpgQ.exe
  2⤵
  PID:8148
- C:\Windows\System\rdBPlYW.exe
  C:\Windows\System\rdBPlYW.exe
  2⤵
  PID:7968
- C:\Windows\System\raubrBZ.exe
  C:\Windows\System\raubrBZ.exe
  2⤵
  PID:8188
- C:\Windows\System\cYcdkcq.exe
  C:\Windows\System\cYcdkcq.exe
  2⤵
  PID:6428
- C:\Windows\System\pUHcyuE.exe
  C:\Windows\System\pUHcyuE.exe
  2⤵
  PID:7984
- C:\Windows\System\ijwpMyq.exe
  C:\Windows\System\ijwpMyq.exe
  2⤵
  PID:8004
- C:\Windows\System\QEjAWHl.exe
  C:\Windows\System\QEjAWHl.exe
  2⤵
  PID:8012
- C:\Windows\System\raFiOBR.exe
  C:\Windows\System\raFiOBR.exe
  2⤵
  PID:7924
- C:\Windows\System\pWYILFF.exe
  C:\Windows\System\pWYILFF.exe
  2⤵
  PID:6236
- C:\Windows\System\BwxEFtb.exe
  C:\Windows\System\BwxEFtb.exe
  2⤵
  PID:7412
- C:\Windows\System\SwXDphb.exe
  C:\Windows\System\SwXDphb.exe
  2⤵
  PID:6976
- C:\Windows\System\JRHQPvf.exe
  C:\Windows\System\JRHQPvf.exe
  2⤵
  PID:4804
- C:\Windows\System\uWdzzPU.exe
  C:\Windows\System\uWdzzPU.exe
  2⤵
  PID:7536
- C:\Windows\System\WBMtPdG.exe
  C:\Windows\System\WBMtPdG.exe
  2⤵
  PID:7600
- C:\Windows\System\rimuEVj.exe
  C:\Windows\System\rimuEVj.exe
  2⤵
  PID:7644
- C:\Windows\System\SQGEMCX.exe
  C:\Windows\System\SQGEMCX.exe
  2⤵
  PID:6576
- C:\Windows\System\snRbKxD.exe
  C:\Windows\System\snRbKxD.exe
  2⤵
  PID:7180
- C:\Windows\System\nGPKvqs.exe
  C:\Windows\System\nGPKvqs.exe
  2⤵
  PID:7496
- C:\Windows\System\EeMSwYH.exe
  C:\Windows\System\EeMSwYH.exe
  2⤵
  PID:6792
- C:\Windows\System\EzTOOVe.exe
  C:\Windows\System\EzTOOVe.exe
  2⤵
  PID:6772
- C:\Windows\System\YlGlVaK.exe
  C:\Windows\System\YlGlVaK.exe
  2⤵
  PID:7232
- C:\Windows\System\foTxZjj.exe
  C:\Windows\System\foTxZjj.exe
  2⤵
  PID:7520
- C:\Windows\System\gLYkAGm.exe
  C:\Windows\System\gLYkAGm.exe
  2⤵
  PID:7680
- C:\Windows\System\aUxMmZo.exe
  C:\Windows\System\aUxMmZo.exe
  2⤵
  PID:7700
- C:\Windows\System\exJjLWE.exe
  C:\Windows\System\exJjLWE.exe
  2⤵
  PID:7736
- C:\Windows\System\JahYfwJ.exe
  C:\Windows\System\JahYfwJ.exe
  2⤵
  PID:7752
- C:\Windows\System\mhfhoOZ.exe
  C:\Windows\System\mhfhoOZ.exe
  2⤵
  PID:7796
- C:\Windows\System\yiWnleA.exe
  C:\Windows\System\yiWnleA.exe
  2⤵
  PID:7716
- C:\Windows\System\PoWTeTi.exe
  C:\Windows\System\PoWTeTi.exe
  2⤵
  PID:7804
- C:\Windows\System\ApMUhcr.exe
  C:\Windows\System\ApMUhcr.exe
  2⤵
  PID:7868
- C:\Windows\System\xQispqT.exe
  C:\Windows\System\xQispqT.exe
  2⤵
  PID:7816
- C:\Windows\System\kanootD.exe
  C:\Windows\System\kanootD.exe
  2⤵
  PID:8132
- C:\Windows\System\qdzefpb.exe
  C:\Windows\System\qdzefpb.exe
  2⤵
  PID:7824
- C:\Windows\System\AYvoVuV.exe
  C:\Windows\System\AYvoVuV.exe
  2⤵
  PID:8156
- C:\Windows\System\bgEihVc.exe
  C:\Windows\System\bgEihVc.exe
  2⤵
  PID:8068
- C:\Windows\System\apdhKqc.exe
  C:\Windows\System\apdhKqc.exe
  2⤵
  PID:8168
- C:\Windows\System\uQSTpzw.exe
  C:\Windows\System\uQSTpzw.exe
  2⤵
  PID:8116
- C:\Windows\System\BGYjkRn.exe
  C:\Windows\System\BGYjkRn.exe
  2⤵
  PID:7944
- C:\Windows\System\GUkgTQF.exe
  C:\Windows\System\GUkgTQF.exe
  2⤵
  PID:1576
- C:\Windows\System\RKaEdDL.exe
  C:\Windows\System\RKaEdDL.exe
  2⤵
  PID:8184
- C:\Windows\System\iwZzDIf.exe
  C:\Windows\System\iwZzDIf.exe
  2⤵
  PID:6472
- C:\Windows\System\ODOAZvK.exe
  C:\Windows\System\ODOAZvK.exe
  2⤵
  PID:7992
- C:\Windows\System\iSsutbJ.exe
  C:\Windows\System\iSsutbJ.exe
  2⤵
  PID:7772
- C:\Windows\System\qOlrefJ.exe
  C:\Windows\System\qOlrefJ.exe
  2⤵
  PID:7280
- C:\Windows\System\ZTjwkxt.exe
  C:\Windows\System\ZTjwkxt.exe
  2⤵
  PID:8036
- C:\Windows\System\gGkXADi.exe
  C:\Windows\System\gGkXADi.exe
  2⤵
  PID:8060
- C:\Windows\System\UcNYvXS.exe
  C:\Windows\System\UcNYvXS.exe
  2⤵
  PID:8092
- C:\Windows\System\vAxwubA.exe
  C:\Windows\System\vAxwubA.exe
  2⤵
  PID:8032
- C:\Windows\System\bnFofkD.exe
  C:\Windows\System\bnFofkD.exe
  2⤵
  PID:8048
- C:\Windows\System\CfpRUQW.exe
  C:\Windows\System\CfpRUQW.exe
  2⤵
  PID:7524
- C:\Windows\System\JoNkXsP.exe
  C:\Windows\System\JoNkXsP.exe
  2⤵
  PID:7196
- C:\Windows\System\GoewJel.exe
  C:\Windows\System\GoewJel.exe
  2⤵
  PID:6904
- C:\Windows\System\ZKAtzPk.exe
  C:\Windows\System\ZKAtzPk.exe
  2⤵
  PID:7584
- C:\Windows\System\sUfthuf.exe
  C:\Windows\System\sUfthuf.exe
  2⤵
  PID:7660
- C:\Windows\System\upxnufQ.exe
  C:\Windows\System\upxnufQ.exe
  2⤵
  PID:7748
- C:\Windows\System\VsLzaCW.exe
  C:\Windows\System\VsLzaCW.exe
  2⤵
  PID:2676
- C:\Windows\System\moTcnWp.exe
  C:\Windows\System\moTcnWp.exe
  2⤵
  PID:7848
- C:\Windows\System\MBfxJEn.exe
  C:\Windows\System\MBfxJEn.exe
  2⤵
  PID:8152
- C:\Windows\System\btgCqhl.exe
  C:\Windows\System\btgCqhl.exe
  2⤵
  PID:8164
- C:\Windows\System\CcuqZZy.exe
  C:\Windows\System\CcuqZZy.exe
  2⤵
  PID:7936
- C:\Windows\System\SfumDFQ.exe
  C:\Windows\System\SfumDFQ.exe
  2⤵
  PID:8000
- C:\Windows\System\qLXNvOl.exe
  C:\Windows\System\qLXNvOl.exe
  2⤵
  PID:6680
- C:\Windows\System\qggUEyM.exe
  C:\Windows\System\qggUEyM.exe
  2⤵
  PID:8180
- C:\Windows\System\QAoFNRF.exe
  C:\Windows\System\QAoFNRF.exe
  2⤵
  PID:6608
- C:\Windows\System\KDSEURU.exe
  C:\Windows\System\KDSEURU.exe
  2⤵
  PID:8104
- C:\Windows\System\lSDqwRC.exe
  C:\Windows\System\lSDqwRC.exe
  2⤵
  PID:6988
- C:\Windows\System\bvhsmxP.exe
  C:\Windows\System\bvhsmxP.exe
  2⤵
  PID:7504
- C:\Windows\System\TtdaVgC.exe
  C:\Windows\System\TtdaVgC.exe
  2⤵
  PID:6492
- C:\Windows\System\WkKvWij.exe
  C:\Windows\System\WkKvWij.exe
  2⤵
  PID:2756
- C:\Windows\System\GDanzMb.exe
  C:\Windows\System\GDanzMb.exe
  2⤵
  PID:6972
- C:\Windows\System\eYAyqWw.exe
  C:\Windows\System\eYAyqWw.exe
  2⤵
  PID:6920
- C:\Windows\System\ddAGGSX.exe
  C:\Windows\System\ddAGGSX.exe
  2⤵
  PID:8208
- C:\Windows\System\ghaoGUG.exe
  C:\Windows\System\ghaoGUG.exe
  2⤵
  PID:8224
- C:\Windows\System\gjSbRrV.exe
  C:\Windows\System\gjSbRrV.exe
  2⤵
  PID:8240
- C:\Windows\System\GjaCuqA.exe
  C:\Windows\System\GjaCuqA.exe
  2⤵
  PID:8256
- C:\Windows\System\xEVkVpm.exe
  C:\Windows\System\xEVkVpm.exe
  2⤵
  PID:8272
- C:\Windows\System\fzKVErb.exe
  C:\Windows\System\fzKVErb.exe
  2⤵
  PID:8304
- C:\Windows\System\YZLAZiK.exe
  C:\Windows\System\YZLAZiK.exe
  2⤵
  PID:8320
- C:\Windows\System\JnkMXpx.exe
  C:\Windows\System\JnkMXpx.exe
  2⤵
  PID:8336
- C:\Windows\System\kBEIhgy.exe
  C:\Windows\System\kBEIhgy.exe
  2⤵
  PID:8352
- C:\Windows\System\CqBFsQg.exe
  C:\Windows\System\CqBFsQg.exe
  2⤵
  PID:8368
- C:\Windows\System\xsULmyN.exe
  C:\Windows\System\xsULmyN.exe
  2⤵
  PID:8384
- C:\Windows\System\DeCzFid.exe
  C:\Windows\System\DeCzFid.exe
  2⤵
  PID:8400
- C:\Windows\System\RsqViZB.exe
  C:\Windows\System\RsqViZB.exe
  2⤵
  PID:8416
- C:\Windows\System\CsCFToP.exe
  C:\Windows\System\CsCFToP.exe
  2⤵
  PID:8432
- C:\Windows\System\mCbPhJj.exe
  C:\Windows\System\mCbPhJj.exe
  2⤵
  PID:8448
- C:\Windows\System\mALxZMk.exe
  C:\Windows\System\mALxZMk.exe
  2⤵
  PID:8464
- C:\Windows\System\JQUHnKz.exe
  C:\Windows\System\JQUHnKz.exe
  2⤵
  PID:8484
- C:\Windows\System\NaTdfXl.exe
  C:\Windows\System\NaTdfXl.exe
  2⤵
  PID:8500
- C:\Windows\System\FGhnMNG.exe
  C:\Windows\System\FGhnMNG.exe
  2⤵
  PID:8516
- C:\Windows\System\EnXynov.exe
  C:\Windows\System\EnXynov.exe
  2⤵
  PID:8532
- C:\Windows\System\zdsWRSQ.exe
  C:\Windows\System\zdsWRSQ.exe
  2⤵
  PID:8548
- C:\Windows\System\ximksOW.exe
  C:\Windows\System\ximksOW.exe
  2⤵
  PID:8564
- C:\Windows\System\iILUvyX.exe
  C:\Windows\System\iILUvyX.exe
  2⤵
  PID:8580
- C:\Windows\System\cbYBKuO.exe
  C:\Windows\System\cbYBKuO.exe
  2⤵
  PID:8596
- C:\Windows\System\zSHfBri.exe
  C:\Windows\System\zSHfBri.exe
  2⤵
  PID:8612
- C:\Windows\System\LmmhAMH.exe
  C:\Windows\System\LmmhAMH.exe
  2⤵
  PID:8628
- C:\Windows\System\xABpeKT.exe
  C:\Windows\System\xABpeKT.exe
  2⤵
  PID:8644
- C:\Windows\System\mQAWsds.exe
  C:\Windows\System\mQAWsds.exe
  2⤵
  PID:8660
- C:\Windows\System\ndcePvI.exe
  C:\Windows\System\ndcePvI.exe
  2⤵
  PID:8676
- C:\Windows\System\EgxtvrN.exe
  C:\Windows\System\EgxtvrN.exe
  2⤵
  PID:8692
- C:\Windows\System\VwpruRc.exe
  C:\Windows\System\VwpruRc.exe
  2⤵
  PID:8708
- C:\Windows\System\izNRVPR.exe
  C:\Windows\System\izNRVPR.exe
  2⤵
  PID:8724
- C:\Windows\System\XpHtxqV.exe
  C:\Windows\System\XpHtxqV.exe
  2⤵
  PID:8740
- C:\Windows\System\IKAkKDe.exe
  C:\Windows\System\IKAkKDe.exe
  2⤵
  PID:8756
- C:\Windows\System\xjoBZOD.exe
  C:\Windows\System\xjoBZOD.exe
  2⤵
  PID:8780
- C:\Windows\System\XqjLAme.exe
  C:\Windows\System\XqjLAme.exe
  2⤵
  PID:8796
- C:\Windows\System\SvyJyUh.exe
  C:\Windows\System\SvyJyUh.exe
  2⤵
  PID:8812
- C:\Windows\System\yQqjJKH.exe
  C:\Windows\System\yQqjJKH.exe
  2⤵
  PID:8832
- C:\Windows\System\kWJuRxN.exe
  C:\Windows\System\kWJuRxN.exe
  2⤵
  PID:8848
- C:\Windows\System\eeRfIFP.exe
  C:\Windows\System\eeRfIFP.exe
  2⤵
  PID:8864
- C:\Windows\System\zXzIxFw.exe
  C:\Windows\System\zXzIxFw.exe
  2⤵
  PID:8880
- C:\Windows\System\BAtYSyd.exe
  C:\Windows\System\BAtYSyd.exe
  2⤵
  PID:8896
- C:\Windows\System\GjLRenM.exe
  C:\Windows\System\GjLRenM.exe
  2⤵
  PID:8912
- C:\Windows\System\HDkVsar.exe
  C:\Windows\System\HDkVsar.exe
  2⤵
  PID:8928
- C:\Windows\System\eAiQxej.exe
  C:\Windows\System\eAiQxej.exe
  2⤵
  PID:8944
- C:\Windows\System\BYowsUm.exe
  C:\Windows\System\BYowsUm.exe
  2⤵
  PID:8960
- C:\Windows\System\wrDeWub.exe
  C:\Windows\System\wrDeWub.exe
  2⤵
  PID:8980
- C:\Windows\System\WoxqpdA.exe
  C:\Windows\System\WoxqpdA.exe
  2⤵
  PID:8996
- C:\Windows\System\cAgLUhM.exe
  C:\Windows\System\cAgLUhM.exe
  2⤵
  PID:9012
- C:\Windows\System\sZOKnrs.exe
  C:\Windows\System\sZOKnrs.exe
  2⤵
  PID:9028
- C:\Windows\System\rytCqXg.exe
  C:\Windows\System\rytCqXg.exe
  2⤵
  PID:9048
- C:\Windows\System\ulHRyKU.exe
  C:\Windows\System\ulHRyKU.exe
  2⤵
  PID:9068
- C:\Windows\System\MZDWeFS.exe
  C:\Windows\System\MZDWeFS.exe
  2⤵
  PID:9084
- C:\Windows\System\YFNZtuz.exe
  C:\Windows\System\YFNZtuz.exe
  2⤵
  PID:9100
- C:\Windows\System\bZbRFIX.exe
  C:\Windows\System\bZbRFIX.exe
  2⤵
  PID:9116
- C:\Windows\System\VDpXqzu.exe
  C:\Windows\System\VDpXqzu.exe
  2⤵
  PID:9132
- C:\Windows\System\JzdbxKB.exe
  C:\Windows\System\JzdbxKB.exe
  2⤵
  PID:9148
- C:\Windows\System\jRcBIKx.exe
  C:\Windows\System\jRcBIKx.exe
  2⤵
  PID:9164
- C:\Windows\System\HZqyYNy.exe
  C:\Windows\System\HZqyYNy.exe
  2⤵
  PID:9180
- C:\Windows\System\MHKFGKx.exe
  C:\Windows\System\MHKFGKx.exe
  2⤵
  PID:9196
- C:\Windows\System\TMdOemY.exe
  C:\Windows\System\TMdOemY.exe
  2⤵
  PID:9212
- C:\Windows\System\CeRdXyZ.exe
  C:\Windows\System\CeRdXyZ.exe
  2⤵
  PID:7768
- C:\Windows\System\QeauzLM.exe
  C:\Windows\System\QeauzLM.exe
  2⤵
  PID:8064
- C:\Windows\System\QNBiUJI.exe
  C:\Windows\System\QNBiUJI.exe
  2⤵
  PID:7948
- C:\Windows\System\vkjIPfN.exe
  C:\Windows\System\vkjIPfN.exe
  2⤵
  PID:7596
- C:\Windows\System\durtYMn.exe
  C:\Windows\System\durtYMn.exe
  2⤵
  PID:7264
- C:\Windows\System\KrKxicA.exe
  C:\Windows\System\KrKxicA.exe
  2⤵
  PID:6768
- C:\Windows\System\csvlnnh.exe
  C:\Windows\System\csvlnnh.exe
  2⤵
  PID:8044
- C:\Windows\System\NCVdntO.exe
  C:\Windows\System\NCVdntO.exe
  2⤵
  PID:7344
- C:\Windows\System\YgTBxth.exe
  C:\Windows\System\YgTBxth.exe
  2⤵
  PID:8236
- C:\Windows\System\LglbWsD.exe
  C:\Windows\System\LglbWsD.exe
  2⤵
  PID:7800
- C:\Windows\System\epGYREh.exe
  C:\Windows\System\epGYREh.exe
  2⤵
  PID:8172
- C:\Windows\System\fyuDreg.exe
  C:\Windows\System\fyuDreg.exe
  2⤵
  PID:8284
- C:\Windows\System\dgsMFIe.exe
  C:\Windows\System\dgsMFIe.exe
  2⤵
  PID:8328
- C:\Windows\System\LPKCHMn.exe
  C:\Windows\System\LPKCHMn.exe
  2⤵
  PID:8476
- C:\Windows\System\NdHdFkf.exe
  C:\Windows\System\NdHdFkf.exe
  2⤵
  PID:8312
- C:\Windows\System\wsbwyqF.exe
  C:\Windows\System\wsbwyqF.exe
  2⤵
  PID:8512
- C:\Windows\System\BAOPmJC.exe
  C:\Windows\System\BAOPmJC.exe
  2⤵
  PID:8440
- C:\Windows\System\rrrOAFw.exe
  C:\Windows\System\rrrOAFw.exe
  2⤵
  PID:8364
- C:\Windows\System\EGEDbug.exe
  C:\Windows\System\EGEDbug.exe
  2⤵
  PID:8428
- C:\Windows\System\bQUdeul.exe
  C:\Windows\System\bQUdeul.exe
  2⤵
  PID:8496
- C:\Windows\System\mSffaEz.exe
  C:\Windows\System\mSffaEz.exe
  2⤵
  PID:8544
- C:\Windows\System\EECxDGX.exe
  C:\Windows\System\EECxDGX.exe
  2⤵
  PID:8604
- C:\Windows\System\ToZbJoi.exe
  C:\Windows\System\ToZbJoi.exe
  2⤵
  PID:8592
- C:\Windows\System\lrhwRod.exe
  C:\Windows\System\lrhwRod.exe
  2⤵
  PID:8672
- C:\Windows\System\DZUwnwx.exe
  C:\Windows\System\DZUwnwx.exe
  2⤵
  PID:6496
- C:\Windows\System\FSQAsZM.exe
  C:\Windows\System\FSQAsZM.exe
  2⤵
  PID:8776
- C:\Windows\System\DaXFpZX.exe
  C:\Windows\System\DaXFpZX.exe
  2⤵
  PID:8748
- C:\Windows\System\BEIFUjH.exe
  C:\Windows\System\BEIFUjH.exe
  2⤵
  PID:8752
- C:\Windows\System\yWoIyIY.exe
  C:\Windows\System\yWoIyIY.exe
  2⤵
  PID:8824
- C:\Windows\System\IxIxpdv.exe
  C:\Windows\System\IxIxpdv.exe
  2⤵
  PID:8828
- C:\Windows\System\BUinwrh.exe
  C:\Windows\System\BUinwrh.exe
  2⤵
  PID:8860
- C:\Windows\System\nQJiYNP.exe
  C:\Windows\System\nQJiYNP.exe
  2⤵
  PID:8888
- C:\Windows\System\rwIOXjw.exe
  C:\Windows\System\rwIOXjw.exe
  2⤵
  PID:8936
- C:\Windows\System\UpZobfG.exe
  C:\Windows\System\UpZobfG.exe
  2⤵
  PID:8976
- C:\Windows\System\eLTgSpz.exe
  C:\Windows\System\eLTgSpz.exe
  2⤵
  PID:9040
- C:\Windows\System\NaFjcAm.exe
  C:\Windows\System\NaFjcAm.exe
  2⤵
  PID:8952
- C:\Windows\System\nvKpMYa.exe
  C:\Windows\System\nvKpMYa.exe
  2⤵
  PID:9056
- C:\Windows\System\HYIcDlq.exe
  C:\Windows\System\HYIcDlq.exe
  2⤵
  PID:8252
- C:\Windows\System\KRTwPek.exe
  C:\Windows\System\KRTwPek.exe
  2⤵
  PID:8472
- C:\Windows\System\DrJfaOt.exe
  C:\Windows\System\DrJfaOt.exe
  2⤵
  PID:8344
- C:\Windows\System\zOxAsmk.exe
  C:\Windows\System\zOxAsmk.exe
  2⤵
  PID:8204
- C:\Windows\System\uQsVazY.exe
  C:\Windows\System\uQsVazY.exe
  2⤵
  PID:2736
- C:\Windows\System\zdysOdj.exe
  C:\Windows\System\zdysOdj.exe
  2⤵
  PID:6776
- C:\Windows\System\LXtmyyr.exe
  C:\Windows\System\LXtmyyr.exe
  2⤵
  PID:8540
- C:\Windows\System\RAHBtYn.exe
  C:\Windows\System\RAHBtYn.exe
  2⤵
  PID:8380
- C:\Windows\System\NENHFpM.exe
  C:\Windows\System\NENHFpM.exe
  2⤵
  PID:8684
- C:\Windows\System\giKrIcU.exe
  C:\Windows\System\giKrIcU.exe
  2⤵
  PID:8808
- C:\Windows\System\cMFvREg.exe
  C:\Windows\System\cMFvREg.exe
  2⤵
  PID:8892
- C:\Windows\System\RihNaBb.exe
  C:\Windows\System\RihNaBb.exe
  2⤵
  PID:9092
- C:\Windows\System\WqKirUw.exe
  C:\Windows\System\WqKirUw.exe
  2⤵
  PID:9204
- C:\Windows\System\iYqEGyd.exe
  C:\Windows\System\iYqEGyd.exe
  2⤵
  PID:9140
- C:\Windows\System\utOJIuF.exe
  C:\Windows\System\utOJIuF.exe
  2⤵
  PID:7820
- C:\Windows\System\khHgqRo.exe
  C:\Windows\System\khHgqRo.exe
  2⤵
  PID:8080
- C:\Windows\System\zIVsmtX.exe
  C:\Windows\System\zIVsmtX.exe
  2⤵
  PID:9124
- C:\Windows\System\mwlEnxG.exe
  C:\Windows\System\mwlEnxG.exe
  2⤵
  PID:8348
- C:\Windows\System\LoDzodv.exe
  C:\Windows\System\LoDzodv.exe
  2⤵
  PID:8524
- C:\Windows\System\dsFtVix.exe
  C:\Windows\System\dsFtVix.exe
  2⤵
  PID:8360
- C:\Windows\System\VSupKsC.exe
  C:\Windows\System\VSupKsC.exe
  2⤵
  PID:8556
- C:\Windows\System\frmfOTG.exe
  C:\Windows\System\frmfOTG.exe
  2⤵
  PID:8480
- C:\Windows\System\BUyIqGo.exe
  C:\Windows\System\BUyIqGo.exe
  2⤵
  PID:8640
- C:\Windows\System\THNGaNm.exe
  C:\Windows\System\THNGaNm.exe
  2⤵
  PID:8772
- C:\Windows\System\xJxhOsj.exe
  C:\Windows\System\xJxhOsj.exe
  2⤵
  PID:8704
- C:\Windows\System\DjtxBsk.exe
  C:\Windows\System\DjtxBsk.exe
  2⤵
  PID:8904
- C:\Windows\System\lPErWlS.exe
  C:\Windows\System\lPErWlS.exe
  2⤵
  PID:9080
- C:\Windows\System\SKBIOBV.exe
  C:\Windows\System\SKBIOBV.exe
  2⤵
  PID:8872
- C:\Windows\System\DheoJDG.exe
  C:\Windows\System\DheoJDG.exe
  2⤵
  PID:7812
- C:\Windows\System\msLYPXE.exe
  C:\Windows\System\msLYPXE.exe
  2⤵
  PID:7732
- C:\Windows\System\oVkLSqI.exe
  C:\Windows\System\oVkLSqI.exe
  2⤵
  PID:8296
- C:\Windows\System\vzWzaJl.exe
  C:\Windows\System\vzWzaJl.exe
  2⤵
  PID:8804
- C:\Windows\System\sFgtFYH.exe
  C:\Windows\System\sFgtFYH.exe
  2⤵
  PID:6284
- C:\Windows\System\IkzUTBH.exe
  C:\Windows\System\IkzUTBH.exe
  2⤵
  PID:6504
- C:\Windows\System\cwwVkWK.exe
  C:\Windows\System\cwwVkWK.exe
  2⤵
  PID:9176
- C:\Windows\System\IXlrcDF.exe
  C:\Windows\System\IXlrcDF.exe
  2⤵
  PID:7704
- C:\Windows\System\siVDiDw.exe
  C:\Windows\System\siVDiDw.exe
  2⤵
  PID:8792
- C:\Windows\System\MJdSUSc.exe
  C:\Windows\System\MJdSUSc.exe
  2⤵
  PID:9096
- C:\Windows\System\dFEgjPg.exe
  C:\Windows\System\dFEgjPg.exe
  2⤵
  PID:9060
- C:\Windows\System\eyWzCRw.exe
  C:\Windows\System\eyWzCRw.exe
  2⤵
  PID:8268
- C:\Windows\System\FjkUlWN.exe
  C:\Windows\System\FjkUlWN.exe
  2⤵
  PID:9008
- C:\Windows\System\Mfuzhjb.exe
  C:\Windows\System\Mfuzhjb.exe
  2⤵
  PID:8820
- C:\Windows\System\JgEgyIh.exe
  C:\Windows\System\JgEgyIh.exe
  2⤵
  PID:8856
- C:\Windows\System\rubLEAg.exe
  C:\Windows\System\rubLEAg.exe
  2⤵
  PID:8988
- C:\Windows\System\ufJcblV.exe
  C:\Windows\System\ufJcblV.exe
  2⤵
  PID:8764
- C:\Windows\System\lQVYSvf.exe
  C:\Windows\System\lQVYSvf.exe
  2⤵
  PID:8088
- C:\Windows\System\tvsMOCq.exe
  C:\Windows\System\tvsMOCq.exe
  2⤵
  PID:9232
- C:\Windows\System\VCuFFuh.exe
  C:\Windows\System\VCuFFuh.exe
  2⤵
  PID:9248
- C:\Windows\System\HDwEjqO.exe
  C:\Windows\System\HDwEjqO.exe
  2⤵
  PID:9268
- C:\Windows\System\sIWoXNZ.exe
  C:\Windows\System\sIWoXNZ.exe
  2⤵
  PID:9284
- C:\Windows\System\VohaIHi.exe
  C:\Windows\System\VohaIHi.exe
  2⤵
  PID:9304
- C:\Windows\System\cIOVziW.exe
  C:\Windows\System\cIOVziW.exe
  2⤵
  PID:9320
- C:\Windows\System\fbEgyRa.exe
  C:\Windows\System\fbEgyRa.exe
  2⤵
  PID:9336
- C:\Windows\System\hrGmhvT.exe
  C:\Windows\System\hrGmhvT.exe
  2⤵
  PID:9352
- C:\Windows\System\DHeAYaT.exe
  C:\Windows\System\DHeAYaT.exe
  2⤵
  PID:9368
- C:\Windows\System\mRgfGSS.exe
  C:\Windows\System\mRgfGSS.exe
  2⤵
  PID:9384
- C:\Windows\System\IEsXasy.exe
  C:\Windows\System\IEsXasy.exe
  2⤵
  PID:9400
- C:\Windows\System\DrzUSCb.exe
  C:\Windows\System\DrzUSCb.exe
  2⤵
  PID:9416
- C:\Windows\System\XzpvMZs.exe
  C:\Windows\System\XzpvMZs.exe
  2⤵
  PID:9436
- C:\Windows\System\VWhYlSN.exe
  C:\Windows\System\VWhYlSN.exe
  2⤵
  PID:9452
- C:\Windows\System\cRcAbWN.exe
  C:\Windows\System\cRcAbWN.exe
  2⤵
  PID:9468
- C:\Windows\System\dQlOcPA.exe
  C:\Windows\System\dQlOcPA.exe
  2⤵
  PID:9488
- C:\Windows\System\ObLgjBB.exe
  C:\Windows\System\ObLgjBB.exe
  2⤵
  PID:9504
- C:\Windows\System\kzraCNm.exe
  C:\Windows\System\kzraCNm.exe
  2⤵
  PID:9520
- C:\Windows\System\RCLdbSb.exe
  C:\Windows\System\RCLdbSb.exe
  2⤵
  PID:9536
- C:\Windows\System\effhlPW.exe
  C:\Windows\System\effhlPW.exe
  2⤵
  PID:9552
- C:\Windows\System\rhXypZi.exe
  C:\Windows\System\rhXypZi.exe
  2⤵
  PID:9572
- C:\Windows\System\vxxvchw.exe
  C:\Windows\System\vxxvchw.exe
  2⤵
  PID:9588
- C:\Windows\System\OqKoabo.exe
  C:\Windows\System\OqKoabo.exe
  2⤵
  PID:9604
- C:\Windows\System\Axgfqxp.exe
  C:\Windows\System\Axgfqxp.exe
  2⤵
  PID:9620
- C:\Windows\System\fMEaVnl.exe
  C:\Windows\System\fMEaVnl.exe
  2⤵
  PID:9636
- C:\Windows\System\necWAAV.exe
  C:\Windows\System\necWAAV.exe
  2⤵
  PID:9652
- C:\Windows\System\pDDIPeb.exe
  C:\Windows\System\pDDIPeb.exe
  2⤵
  PID:9668
- C:\Windows\System\WIupsUm.exe
  C:\Windows\System\WIupsUm.exe
  2⤵
  PID:9684
- C:\Windows\System\PvbfkeP.exe
  C:\Windows\System\PvbfkeP.exe
  2⤵
  PID:9700
- C:\Windows\System\hKWQCMe.exe
  C:\Windows\System\hKWQCMe.exe
  2⤵
  PID:9716
- C:\Windows\System\KAXPrXW.exe
  C:\Windows\System\KAXPrXW.exe
  2⤵
  PID:9732
- C:\Windows\System\ZqPoITu.exe
  C:\Windows\System\ZqPoITu.exe
  2⤵
  PID:9748
- C:\Windows\System\sctdtfN.exe
  C:\Windows\System\sctdtfN.exe
  2⤵
  PID:9764
- C:\Windows\System\BEgjNAY.exe
  C:\Windows\System\BEgjNAY.exe
  2⤵
  PID:9780
- C:\Windows\System\icREHTe.exe
  C:\Windows\System\icREHTe.exe
  2⤵
  PID:9800
- C:\Windows\System\oNZffEa.exe
  C:\Windows\System\oNZffEa.exe
  2⤵
  PID:9816
- C:\Windows\System\LjCjRDh.exe
  C:\Windows\System\LjCjRDh.exe
  2⤵
  PID:9836
- C:\Windows\System\GddQWdW.exe
  C:\Windows\System\GddQWdW.exe
  2⤵
  PID:9852
- C:\Windows\System\pnjebNS.exe
  C:\Windows\System\pnjebNS.exe
  2⤵
  PID:9868
- C:\Windows\System\pVXCjLZ.exe
  C:\Windows\System\pVXCjLZ.exe
  2⤵
  PID:9884
- C:\Windows\System\oxAyNFh.exe
  C:\Windows\System\oxAyNFh.exe
  2⤵
  PID:9904
- C:\Windows\System\okdHVlj.exe
  C:\Windows\System\okdHVlj.exe
  2⤵
  PID:9920
- C:\Windows\System\KmJOhuE.exe
  C:\Windows\System\KmJOhuE.exe
  2⤵
  PID:9940
- C:\Windows\System\zhbWYLk.exe
  C:\Windows\System\zhbWYLk.exe
  2⤵
  PID:9956
- C:\Windows\System\hYhkGpl.exe
  C:\Windows\System\hYhkGpl.exe
  2⤵
  PID:9972
- C:\Windows\System\qKeKCfA.exe
  C:\Windows\System\qKeKCfA.exe
  2⤵
  PID:9988
- C:\Windows\System\YScvoUN.exe
  C:\Windows\System\YScvoUN.exe
  2⤵
  PID:10004
- C:\Windows\System\bwhskYa.exe
  C:\Windows\System\bwhskYa.exe
  2⤵
  PID:10020
- C:\Windows\System\RHslrlv.exe
  C:\Windows\System\RHslrlv.exe
  2⤵
  PID:10036
- C:\Windows\System\XPsYMcY.exe
  C:\Windows\System\XPsYMcY.exe
  2⤵
  PID:10052
- C:\Windows\System\eQqPtnk.exe
  C:\Windows\System\eQqPtnk.exe
  2⤵
  PID:10068
- C:\Windows\System\dAKzzVa.exe
  C:\Windows\System\dAKzzVa.exe
  2⤵
  PID:10084
- C:\Windows\System\MotGdkD.exe
  C:\Windows\System\MotGdkD.exe
  2⤵
  PID:10100
- C:\Windows\System\gSPAhYw.exe
  C:\Windows\System\gSPAhYw.exe
  2⤵
  PID:10116
- C:\Windows\System\rvUKKHy.exe
  C:\Windows\System\rvUKKHy.exe
  2⤵
  PID:10132
- C:\Windows\System\FdhCBji.exe
  C:\Windows\System\FdhCBji.exe
  2⤵
  PID:10148
- C:\Windows\System\OhjbNfH.exe
  C:\Windows\System\OhjbNfH.exe
  2⤵
  PID:10164
- C:\Windows\System\EmSOOvv.exe
  C:\Windows\System\EmSOOvv.exe
  2⤵
  PID:10180
- C:\Windows\System\aUTPBPl.exe
  C:\Windows\System\aUTPBPl.exe
  2⤵
  PID:10196
- C:\Windows\System\FAoRJwT.exe
  C:\Windows\System\FAoRJwT.exe
  2⤵
  PID:10212
- C:\Windows\System\feHIpju.exe
  C:\Windows\System\feHIpju.exe
  2⤵
  PID:10232
- C:\Windows\System\scpdGzR.exe
  C:\Windows\System\scpdGzR.exe
  2⤵
  PID:8560
- C:\Windows\System\mfdjtvD.exe
  C:\Windows\System\mfdjtvD.exe
  2⤵
  PID:9244
- C:\Windows\System\XAaLTvN.exe
  C:\Windows\System\XAaLTvN.exe
  2⤵
  PID:9260
- C:\Windows\System\zipqwst.exe
  C:\Windows\System\zipqwst.exe
  2⤵
  PID:9296
- C:\Windows\System\VcoYkar.exe
  C:\Windows\System\VcoYkar.exe
  2⤵
  PID:9300
- C:\Windows\System\yfiJxtM.exe
  C:\Windows\System\yfiJxtM.exe
  2⤵
  PID:9348
- C:\Windows\System\rrVBBHJ.exe
  C:\Windows\System\rrVBBHJ.exe
  2⤵
  PID:9396
- C:\Windows\System\ucXlSHc.exe
  C:\Windows\System\ucXlSHc.exe
  2⤵
  PID:9460
- C:\Windows\System\lpgZyWF.exe
  C:\Windows\System\lpgZyWF.exe
  2⤵
  PID:9528
- C:\Windows\System\qnfRjjo.exe
  C:\Windows\System\qnfRjjo.exe
  2⤵
  PID:9568
- C:\Windows\System\XRqmrMp.exe
  C:\Windows\System\XRqmrMp.exe
  2⤵
  PID:9628
- C:\Windows\System\JPoCOxW.exe
  C:\Windows\System\JPoCOxW.exe
  2⤵
  PID:9380
- C:\Windows\System\EDnirQA.exe
  C:\Windows\System\EDnirQA.exe
  2⤵
  PID:9476
- C:\Windows\System\XHMPAlg.exe
  C:\Windows\System\XHMPAlg.exe
  2⤵
  PID:9584
- C:\Windows\System\SRClZeF.exe
  C:\Windows\System\SRClZeF.exe
  2⤵
  PID:9644
- C:\Windows\System\KIAwcdh.exe
  C:\Windows\System\KIAwcdh.exe
  2⤵
  PID:9516
- C:\Windows\System\KhphAjm.exe
  C:\Windows\System\KhphAjm.exe
  2⤵
  PID:9692
- C:\Windows\System\aEpFnKw.exe
  C:\Windows\System\aEpFnKw.exe
  2⤵
  PID:9760
- C:\Windows\System\IWvdDMb.exe
  C:\Windows\System\IWvdDMb.exe
  2⤵
  PID:9828
- C:\Windows\System\KtHjFeS.exe
  C:\Windows\System\KtHjFeS.exe
  2⤵
  PID:9892
- C:\Windows\System\XOKMgQf.exe
  C:\Windows\System\XOKMgQf.exe
  2⤵
  PID:9712
- C:\Windows\System\bmgcsjY.exe
  C:\Windows\System\bmgcsjY.exe
  2⤵
  PID:9996
- C:\Windows\System\sshWnBN.exe
  C:\Windows\System\sshWnBN.exe
  2⤵
  PID:10032
- C:\Windows\System\LDUVkdf.exe
  C:\Windows\System\LDUVkdf.exe
  2⤵
  PID:10092
- C:\Windows\System\TaOYBTy.exe
  C:\Windows\System\TaOYBTy.exe
  2⤵
  PID:9708
- C:\Windows\System\zbmgaDQ.exe
  C:\Windows\System\zbmgaDQ.exe
  2⤵
  PID:10128
- C:\Windows\System\dquwYEL.exe
  C:\Windows\System\dquwYEL.exe
  2⤵
  PID:10192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AnObHCW.exe

Filesize
1.4MB

MD5
f065903fdd698bf7e7afab740d09a601

SHA1
e23641cbf4f4bbc934dbf6209438784bed0a7977

SHA256
2749dfaff0521fd814737b935ca59d7272e10bbe29714a4002775251ca8eeb7a

SHA512
6722ea743daca62560f37bcdf6276ae6a731152a71380b9561b57c18c20adacbc2f68bd399a99e814405a8febdc64d10570ec2db8b680e0521f3a1b40676286b

Download Submit
C:\Windows\system\EGodoVK.exe

Filesize
1.4MB

MD5
8dbdf5955079cf1d6b5cf52e0fa28af5

SHA1
92ac2df3c17c775f116e0eb49d4a698fc7f73596

SHA256
1666603d38dac73a97be2357d92dd9fc68ee92ebc38e17d05d050a5bda2b11b5

SHA512
4e50c973caace0626a6ddfa8f0b6f1ddbfa2c517b5418a12503e7d4dcc9b84f669fbcb44308a4886c9aadf3fcbd3a7ec326f75f7a8773d0b6ef5f89b756e4c97

Download Submit
C:\Windows\system\FuyUOCe.exe

Filesize
1.4MB

MD5
502015b9d87e2e6a67d23341f7b66d9a

SHA1
ba6cf62e0427519a9976225519a8e0abd0e68e77

SHA256
25699c2551bca58dfe623f924ac1bf8ba9cf6532f8920afe2c0485cbdda7c845

SHA512
5c79eef49efceaaeebee5844468482966c07922a4a70a33549a226ef0c376e707bd3d4f1374606071b7488247a239a6f060c07b8f17b5a80485c538feb4d3362

Download Submit
C:\Windows\system\JRxflBP.exe

Filesize
1.4MB

MD5
56f160d41a0c53564722f7d27f05deef

SHA1
31352f1bc9fe42016576217efcb871f22b53ffdc

SHA256
c188c8e32eaed46a243dc9e6a00660a2e8fd6af37333d60af14be31c585b7153

SHA512
0e5e0b79ff51e6effa893584c2ebfddc897745c2f71fb44797d01967c910c15f88e43ee033103dea4dc6a059d991ed2c3e5f78ba6b9e6d32b51417956404e03f

Download Submit
C:\Windows\system\KbaGMHs.exe

Filesize
8B

MD5
8df5d7cea6f17e33b828ee09a4f8c91e

SHA1
6aaff1a3a288a0aba2a3023d517e314fe986f730

SHA256
cebffee933f857324d8ea2bd5fb8dad33034c7e30f8e9b644e83274baeadc1d6

SHA512
aee4f16c452925a2700f8c6c545adb516dd855069c67839327087aebe75765ec2637a168ea26305bfaf7ca090b0abc3820134331985dd395f3751e82867cb7ea

Download Submit
C:\Windows\system\LfaSKSt.exe

Filesize
1.4MB

MD5
5c8e22c312d709e19ecd723fcafd3570

SHA1
cedb4a2b90a383264b17c9b4c7da5bc79fd4160b

SHA256
1162aa911d676a6c774d2bbfe6cbf221ebfb5ed0775fca7cb89aec2eaaca4de2

SHA512
da97c30b4db3ab4a4f63f5d04ce6dd3f8deb1643bb7c5b70e2ecc0785a0278841e92534a0f46f2188e5156fe73496d8219768f14da1b8102b42da271f64dce1c

Download Submit
C:\Windows\system\MufDxyS.exe

Filesize
1.4MB

MD5
9c1cc3a043833fa97778e2b210061df8

SHA1
3cb6db14cae1e7b02b935504dfd49f37c9a83b84

SHA256
b0587bf7acc45f69bde634ce78be59fbb8d1cc13fe544e35881516d2fa15dd99

SHA512
9764bb6e419aa734467257b2e12e462031425a1c016fcdd74a4fcd068e77e9b9142f938b56bfcffb838e8d9e7eabd72491e345aa472334d21041cd937f6e2d77

Download Submit
C:\Windows\system\PSlCnnu.exe

Filesize
1.4MB

MD5
d844c93e5eaf8fc2ad9c68f3e729fed5

SHA1
1f3833a6b05aee3615ddb6a8f76e70e4a577aadb

SHA256
e32d3350e590d23c31ffe7cd87b37ba231b19e2ed9823bad0506dc043d9d2f4b

SHA512
98afb86d9c9bf6c4f1c59708b2a94a11473cd17421b56a953b4aeddd7b077b4323471b6fbb471d192dc38d934e394c2382ff7eb1dc2f5d98e00924e073f6355b

Download Submit
C:\Windows\system\QHbGQZF.exe

Filesize
1.4MB

MD5
a01edb99f838b97e2bda5ba5ec5f5de0

SHA1
bb5fa15823d9ce6ebc4502da6d846f1b2bdb71a8

SHA256
ff8d6da4befdebe3a4112931ce25e3973ef6102a807434425684d61d4f068ea1

SHA512
e835c3878d981e385322b48f7e754096823f18a3522b742db6ad8926f471e77b44577d8c8138f5b8afeef410df6a2e73d0285d59557e7375b568d6edfa235803

Download Submit
C:\Windows\system\QTegEDH.exe

Filesize
1.4MB

MD5
1bd7ec76dc617e67ea11899d0e793579

SHA1
7d16740f9632ed78501eed73472c2ff383a1057c

SHA256
3d41fc2be328515d786c72851d9c715d91c40428b65dcc9c504b2bc8ea10a28b

SHA512
5f2be58141d25d98390b35e12835fe1dbb512533317fea4bdcc4210de0ebdcc36b670462084286ac587e7072b46e7a01a93813638b8cb13002f79db3685fdfcd

Download Submit
C:\Windows\system\SWOdUAS.exe

Filesize
1.4MB

MD5
ad8db8179b9ff5e6ad81556f7961a00d

SHA1
0dc965485a1637d6ec680ae0e15260c873ce9b10

SHA256
dacd6580b8d6da9c3a7ea89f6a32401e207be2ac50ad915e75551c5a6e40fc80

SHA512
53b037b9a6725afc44c2be8396f2f5580ddb4a606ec485840768b59ebf6c342e29a6b8453c812b63c5077e237a4867c01c06fae4bb5e21ee7a28a5c545e2af46

Download Submit
C:\Windows\system\ZCGsLUS.exe

Filesize
1.4MB

MD5
1e54a3f6c5e1304adcac8b6a161a6066

SHA1
54c6d1cc6ff4465ae3120440a4f55dac933d6373

SHA256
e34f24acc9702af73d3c7da776b08faf4a9ff396376d1078df056147a1c2f0ce

SHA512
4b767b68639f9bcfe0190dce3d36e49c160f8c72b3616ab14450e9c06af89d03907d28094c3459ed7b0e818a2a66f08fb5bcf78c5308604e0935c379be569fc0

Download Submit
C:\Windows\system\bnieckk.exe

Filesize
1.4MB

MD5
0d8868205e15ded93bdc179eb78c4d19

SHA1
f49123318aecbe882477037614c92d898cb7a8ab

SHA256
065c6ef627c2fde3a62344929e35a6a8d958d021b586486b992a5033cb041ecc

SHA512
30de226fe798fb48045cbfbd82d5a9fc94d20c452e9eeb90977311555b4c1b186fe60b9113998df84bd8a100952207410264d7e25264e63de36b7861cfd6a878

Download Submit
C:\Windows\system\ccGUcFk.exe

Filesize
1.4MB

MD5
d9408c5867c2367948a2da7cd23c6243

SHA1
44d18129981c7a0df960fdb3ab80021491286438

SHA256
cd9ca5d9542b6ec4b183e3ed5846e95aa0f3a4f0e6657d4ec8f4f7f57bb55473

SHA512
5516671ced1d170c196ec7ec83f89a69a66de679a011d3af1bfa6dc0a45b8a34f15af77f0d86d1ad26b75285cac40b35da0e578a5a4e2ae4c86c0ad0bb44e20b

Download Submit
C:\Windows\system\jMKQWrn.exe

Filesize
1.4MB

MD5
5f2e7f8bd27b2e44d16bca4f4afb059b

SHA1
008ac558e27b15359880e1a6429c26493756adb0

SHA256
10ed417ec7db551443ccebd78a94623bca5064de6a3d471f38733afba7323a71

SHA512
e371cb13cab85a919fbea897485c0aab2d440968c20c5f8321917fb2b8052ace7ba655556427cdcf6dd6fa1a3ee4f3d79ba9a166476e74c843837e42d81a62c7

Download Submit
C:\Windows\system\jSwaMcF.exe

Filesize
1.4MB

MD5
e520eb26386d085a4aa2440d6a026457

SHA1
f366fcc7ab3a5067b6244b0ef169251c38e8a75f

SHA256
6a7ce6e3c84d2cd37ac8c8c422e7a511c7db46ac78b9e0272bf7ef07eda6ca14

SHA512
4b6ecc9f04f01fa54a92dd93c1a0c6f7cde4183fc6f48ab35fc184621cec3bf0152c7262f5f98b4f4753470da0b337db05f292612b74905606712f25ed6ddb06

Download Submit
C:\Windows\system\kPhmIfp.exe

Filesize
1.4MB

MD5
859cc81046ab0744a85113f791cfcb5a

SHA1
965843ab39948d4a9ffb84225094905b8f18b6e4

SHA256
edad94e741f868d0e5b33ed4ab567a03de6465b79ef390bd3ce1f33af9a7b8bd

SHA512
f883ad8e2ed9bac28a1128bbd387c3fbb3b61a66740ffcf50e2de3baf4506dcc2abc94d1ae33ecc4c110bbd1964f78ac2a2d47e3f5a24c1b34c9f3753571249c

Download Submit
C:\Windows\system\kqcMBBA.exe

Filesize
1.4MB

MD5
01c4c99da5aac2aef90444ef184e1012

SHA1
70528e09d68f0be8304c92e16999b514d8cf52b9

SHA256
967c6e8d5954a2664afff074d5cfd64b9c4212cfb65d4b69ecb1b8f86b89bb47

SHA512
dbce2c90e749030c0ee4ef5e427de344813b10ae8d5a92a2a756f485fa796316eef63545b8e36df4c70c536b0d0ca80ccd48521d61b2b8488afffcad91568662

Download Submit
C:\Windows\system\lLpePxv.exe

Filesize
1.4MB

MD5
b89c1698fdec167054a2d6d4445f3cc0

SHA1
0de11fe238a09b0dac3967609f4f03ebfa2bb964

SHA256
8f42c8f0a18d3d96b39e18009970383c22c606fe7e7a32d3277251855b96619a

SHA512
7bdc87c7d0800a18ed93610e73b3e58fc4b52aa12025cc8f246ebe6ef4949a0da0a33825777885499e8a7146c4a1adac28dce8f8b9a6cae44bff51bd3a3a9211

Download Submit
C:\Windows\system\qNsYRrZ.exe

Filesize
1.4MB

MD5
8b13fdfc297e1c7f2dd604fd2e1aa20f

SHA1
76555e2c542cd8a69ff04e0589699be47e287580

SHA256
353bdc24a6fff9e97024f37be79c550b7ff93d38aff7ad52cba5c2271ec3df5c

SHA512
1c615dc4cf9d2a782590cf5e5462e75eacd96d59a9cc9b63c6d793a324133086ca14bf30eac4fb59601b41fedbe31bd4b876e807837199433e2b9bfa8ed63295

Download Submit
C:\Windows\system\rGBRYJG.exe

Filesize
1.4MB

MD5
6a4793aba68d2de0240fa89966e7d3ac

SHA1
d201c9f5c0a9c8a52b242674ae949fa3c06d3c14

SHA256
174467467fe4c38324fa9821446fcd10e77572c885ed3ac05ab20cdab237984f

SHA512
39df190fa3a8c7ddcc6f97d049328b41cd5ee79cb3e01b0cd32389bb37452aab17252b44f0fba5ce1630266e6e93434d1a5ec299e026f27b453243720f0d6adc

Download Submit
C:\Windows\system\rRqcSGq.exe

Filesize
1.4MB

MD5
75795e3663cc3409d577ba5706be57c4

SHA1
d8c9713f7b1ca4a6ac0b28d571b53be734aa01fe

SHA256
a989170cfcd1876480c656535d0c09f1425744d6d52790a8ffa28cf91b7c7f35

SHA512
e57b00e4ebb5c7acaa50c455dcd44591dd382e03e0805b11d7ef734a9a486d5a5c826bffbab5b000aea486b1acb6fb36c214dc3bd09e8ed1cc5074d8305f8ac0

Download Submit
C:\Windows\system\sFbjTDX.exe

Filesize
1.4MB

MD5
6ecaa1c14e430454a42c0189b8ec08e2

SHA1
15927144eab894ec38d198894fedaacdfde262c4

SHA256
51bbd314351e3d3d3f286333f71c821594e0bbd2318f85952be7fd2775d595b9

SHA512
c5d2a998b6dca76b6afb332bbecca3e33435e922dc588eff98faf3f2728b0a085fabbda3878528d1e33de912824cbd825e0a577705112bc814f10745eae57ac8

Download Submit
C:\Windows\system\sdeKLBt.exe

Filesize
1.4MB

MD5
d3a4271b53288c284204efb97bcd5b3d

SHA1
4cadd5ac512cd8980cbb57a7c57862dfafda6bfa

SHA256
794b385fc9b38400e9b9ade91579976909fee4f4306cfa00fa8459d9c457379c

SHA512
2e475eb93f01805e306ce5b3e56583522d458d323714fb973bcd97145d65f75f70b29c741ab50577b427d88711d71cc4b1b46e9584da2d5ea1da1d4dbe009896

Download Submit
C:\Windows\system\umJDYyC.exe

Filesize
1.4MB

MD5
e65c81973fa08738e1956660b5ff2c29

SHA1
9eb4a0c1dd0db737ee69201843268c339580fb67

SHA256
3ac49f1c49c89775d0635643b5fb6cf4b56fa16a7127f59e274a100bd19ab606

SHA512
87925eb6640a6e45ab10fddccc7539063cd24dbc01507a0de540fb87df14309b26ba4ebc19b60d249aa21ebf80d900ce3e7f9c4c045ef1ebf3aac4623ad37e05

Download Submit
C:\Windows\system\vLNAWPT.exe

Filesize
1.4MB

MD5
a807359282b885618b992d0d7b9fc168

SHA1
33a23920dc2b7b96d6f924a499cb1a62384b6d05

SHA256
c2dc502552dab549fd7c9befe34ccabd32d85d844e1d46beaf3f66d5aa0fa777

SHA512
0f792d54b7c0f0abfd551e0c0e07c84ebe206c0a025eacd9e74fa8169f349f6a00f85e6a4c912a49a1632b74511a3a7af9512cb4338d295f2fb6dee48753e8f6

Download Submit
C:\Windows\system\wUNFfxT.exe

Filesize
1.4MB

MD5
2eef6fc53460a9c05653ddb5eb339b58

SHA1
d480b4b6fce152db61b92a3347de8b9454517123

SHA256
211822dfed3f9d436f1ddc38842124b9077866746313626f0d566abc82bae4e4

SHA512
103bb931330e2d431b16a3955eee1024a77f8dbfdb84a099a6a1025f6dea0f9c73ea7c3fd98415a74758af01b46939ea371c451904079bf32ada43d28ab8069f

Download Submit
\Windows\system\BxYIOEi.exe

Filesize
1.4MB

MD5
11358ee7e4ab1408b837fa19247a2706

SHA1
e913e59a710137696e6e98bcedcdf6e4714e2cf6

SHA256
69251fdeb59f227eb35e375ef2f7b144f7a04a50e8f2ac573ffb9a96c08c8d2e

SHA512
ef2a23537cabb9800796706a5fa4e011b199ebce5dbe210f4d35c1e3834bb22039e8066790b51c5b7ce21703ffb31d392af6a55696cef45ac5ff022d8b3b6d28

Download Submit
\Windows\system\QqVEloE.exe

Filesize
1.4MB

MD5
d50be31972f61bada88a6bd00b9ced79

SHA1
81dea6cd689f48abf9d31629cba32b3c0e7a2b4f

SHA256
7e8bb3e1d9d50472ae7062d1ed0afbb8916dfbeb8990c6de12a202756ed3127c

SHA512
aa23f1250177b3c941a36b382f6bb44b0227cb6ccd4f99015b44c578dc0d3fcfae7992e8e9ef1e6ada362fd1f1d18d5ed4f609c3787daa247db65d6520205730

Download Submit
\Windows\system\SsvoNMs.exe

Filesize
1.4MB

MD5
ef34fb0bd216607e018e928536f2ced9

SHA1
c8a35ce4c10e3b100d56528df5f0f7977b8d51bc

SHA256
9637c9e1ce9e456d3e46b23b141e2d90a16608c3e9b710d0d7e5ead829d0f17e

SHA512
5e635b6cfe80cccaad9c3723dc29d5fd153facc6917971a9f5c7df97b725446da63523be71ba298c1f00b7a3590983e8528bf600f452ee7da7a0c01b8988051c

Download Submit
\Windows\system\ifjFHkQ.exe

Filesize
1.4MB

MD5
9702a33a3a9e9c0cbae3ed84b9ca020c

SHA1
1b36bf219c7ee74be458b668482642d6a75aa435

SHA256
63bb1250a02e96e95e48380e5252ce4770dbc8d6203c921ebad013f70bdc81c9

SHA512
4d367388b792b9c74ca6571bdcd86f50670dc900d6883c92942b970f6032d6a44cb5a5568ea618d20e34cb88bec53a26333537a4bf9731a9060a80a6d3c9ef64

Download Submit
\Windows\system\jTSGzjH.exe

Filesize
1.4MB

MD5
64308d135d7fc3cc65f5defe1ae361e3

SHA1
3b2ac07e8f0b64f347790aa24176cb53d9a707a4

SHA256
c44cb2f0e0aceb7521ac5377a4b196573fc5f87df1fedb20f4b256c31e252662

SHA512
6a1d749dfd4a1b7ec13434e91b1ef3e7f65ec791f7ffddf4b65e8cc5c8ffa5f38c3758d4587718102152c8bf5c3e04fd695198fcd6d1628d88456210a323a227

Download Submit
\Windows\system\yvzcwtD.exe

Filesize
1.4MB

MD5
e1b5d8772dc7cb2b4976157d5ebe40ab

SHA1
d2f2a02bbbc4aa6fa5763f7f543231e83fb61865

SHA256
c027b8168b9f8f3adfe02b44eaf7488be4c83ce28297322c2b2e592921af2394

SHA512
6869e32dd81a38557c25f5a2c31cd4875a3e0ad09e63f6e446fc7cac9a651326437482506800a089d5ee8ada6d6d5c95ada9115df87ba96da39ba5a41b503ff9

Download Submit
memory/1700-186-0x000000013F700000-0x000000013FAF2000-memory.dmp

Filesize
3.9MB

Download
memory/1700-5778-0x000000013F700000-0x000000013FAF2000-memory.dmp

Filesize
3.9MB

Download
memory/2192-177-0x000000013F6C0000-0x000000013FAB2000-memory.dmp

Filesize
3.9MB

Download
memory/2204-535-0x0000000001D90000-0x0000000001D98000-memory.dmp

Filesize
32KB

Download
memory/2204-520-0x000000001B7F0000-0x000000001BAD2000-memory.dmp

Filesize
2.9MB

Download
memory/2204-2326-0x000007FEF51E0000-0x000007FEF5B7D000-memory.dmp

Filesize
9.6MB

Download
memory/2204-173-0x000007FEF51E0000-0x000007FEF5B7D000-memory.dmp

Filesize
9.6MB

Download
memory/2204-33-0x0000000002C00000-0x0000000002C80000-memory.dmp

Filesize
512KB

Download
memory/2204-37-0x000007FEF549E000-0x000007FEF549F000-memory.dmp

Filesize
4KB

Download
memory/2348-180-0x000000013F460000-0x000000013F852000-memory.dmp

Filesize
3.9MB

Download
memory/2348-0-0x000000013F870000-0x000000013FC62000-memory.dmp

Filesize
3.9MB

Download
memory/2348-4646-0x000000013F870000-0x000000013FC62000-memory.dmp

Filesize
3.9MB

Download
memory/2348-182-0x0000000003500000-0x00000000038F2000-memory.dmp

Filesize
3.9MB

Download
memory/2348-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2348-184-0x0000000003500000-0x00000000038F2000-memory.dmp

Filesize
3.9MB

Download
memory/2348-185-0x0000000003500000-0x00000000038F2000-memory.dmp

Filesize
3.9MB

Download
memory/2348-187-0x000000013F170000-0x000000013F562000-memory.dmp

Filesize
3.9MB

Download
memory/2348-188-0x000000013FCB0000-0x00000001400A2000-memory.dmp

Filesize
3.9MB

Download
memory/2348-189-0x0000000003500000-0x00000000038F2000-memory.dmp

Filesize
3.9MB

Download
memory/2348-16-0x000000013FD20000-0x0000000140112000-memory.dmp

Filesize
3.9MB

Download
memory/2348-7-0x0000000002BC0000-0x0000000002FB2000-memory.dmp

Filesize
3.9MB

Download
memory/2348-27-0x000000013F210000-0x000000013F602000-memory.dmp

Filesize
3.9MB

Download
memory/2348-178-0x0000000003500000-0x00000000038F2000-memory.dmp

Filesize
3.9MB

Download
memory/2348-36-0x000000013FD10000-0x0000000140102000-memory.dmp

Filesize
3.9MB

Download
memory/2472-5474-0x000000013FD20000-0x0000000140112000-memory.dmp

Filesize
3.9MB

Download
memory/2472-15-0x000000013FD20000-0x0000000140112000-memory.dmp

Filesize
3.9MB

Download
memory/2540-179-0x000000013F940000-0x000000013FD32000-memory.dmp

Filesize
3.9MB

Download
memory/2540-5473-0x000000013F940000-0x000000013FD32000-memory.dmp

Filesize
3.9MB

Download
memory/2648-5772-0x000000013F460000-0x000000013F852000-memory.dmp

Filesize
3.9MB

Download
memory/2648-181-0x000000013F460000-0x000000013F852000-memory.dmp

Filesize
3.9MB

Download
memory/2688-5471-0x000000013FD10000-0x0000000140102000-memory.dmp

Filesize
3.9MB

Download
memory/2688-175-0x000000013FD10000-0x0000000140102000-memory.dmp

Filesize
3.9MB

Download
memory/2712-14-0x000000013F8D0000-0x000000013FCC2000-memory.dmp

Filesize
3.9MB

Download
memory/2712-5489-0x000000013F8D0000-0x000000013FCC2000-memory.dmp

Filesize
3.9MB

Download
memory/2724-5472-0x000000013F210000-0x000000013F602000-memory.dmp

Filesize
3.9MB

Download
memory/2724-174-0x000000013F210000-0x000000013F602000-memory.dmp

Filesize
3.9MB

Download
memory/2772-176-0x000000013F6C0000-0x000000013FAB2000-memory.dmp

Filesize
3.9MB

Download
memory/2772-5773-0x000000013F6C0000-0x000000013FAB2000-memory.dmp

Filesize
3.9MB

Download
memory/3040-183-0x000000013F640000-0x000000013FA32000-memory.dmp

Filesize
3.9MB

Download
memory/3040-5779-0x000000013F640000-0x000000013FA32000-memory.dmp

Filesize
3.9MB

Download