xmrig | 2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc

Analysis

max time kernel
150s
max time network
141s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 19:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
Size

3.0MB
MD5

56861f5746650ac966ef44b9fcbca314
SHA1

845efca9facc0d69105080f46121ed44d3d40634
SHA256

2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc
SHA512

e89b68ee55fd69fb8f3dfe330a58778545f664e2226120b5186b713a366781b399f91cb6c0e883536683a445ba30bc60288b64c5de7246ec8231468b52688f82
SSDEEP

49152:71G1NtyBwTI3ySZbrkXV1etEKLlWUTOfeiRA2R76zHrWax9hMkHC0INFWEWBN4t:71ONtyBeSFkXV1etEKLlWUTOfeiRA2RR

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 47 IoCs

resource	yara_rule
behavioral1/files/0x000d0000000153cf-2.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2172-7-0x000000013F570000-0x000000013F966000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0036000000015c6d-9.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0007000000015cad-15.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x001400000000549e-38.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0008000000015cdb-46.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2392-76-0x000000013FAF0000-0x000000013FEE6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2784-91-0x000000013FF30000-0x0000000140326000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0007000000016597-49.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000016cab-90.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000016cc9-109.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000016ce1-113.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000016c7a-107.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000016c26-104.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000016cf5-121.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000016d17-135.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000016d27-140.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000016d06-128.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000016a45-103.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/312-100-0x000000013F120000-0x000000013F516000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000016c17-72.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x000a000000015cca-52.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000016c2e-79.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2600-57-0x000000013FF40000-0x0000000140336000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x00060000000167ef-54.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000016ced-116.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000017060-192.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000016d40-169.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000016d4b-177.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000016f82-188.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2172-2961-0x000000013F570000-0x000000013F966000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000016d67-184.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000016d44-174.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0034000000015c7c-162.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000016d3b-166.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000016d1f-137.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000016d0e-130.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0006000000016cfe-123.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2928-153-0x000000013F540000-0x000000013F936000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2920-150-0x000000013F120000-0x000000013F516000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2432-39-0x000000013F2B0000-0x000000013F6A6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/files/0x0007000000015cb9-31.dat	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2688-28-0x000000013FD30000-0x0000000140126000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2624-20-0x000000013F0A0000-0x000000013F496000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/3008-14-0x000000013FBF0000-0x000000013FFE6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2432-4037-0x000000013F2B0000-0x000000013F6A6000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2688-7204-0x000000013FD30000-0x0000000140126000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 47 IoCs

resource	yara_rule
behavioral1/files/0x000d0000000153cf-2.dat	UPX
behavioral1/memory/2172-7-0x000000013F570000-0x000000013F966000-memory.dmp	UPX
behavioral1/files/0x0036000000015c6d-9.dat	UPX
behavioral1/files/0x0007000000015cad-15.dat	UPX
behavioral1/files/0x001400000000549e-38.dat	UPX
behavioral1/files/0x0008000000015cdb-46.dat	UPX
behavioral1/memory/2392-76-0x000000013FAF0000-0x000000013FEE6000-memory.dmp	UPX
behavioral1/memory/2784-91-0x000000013FF30000-0x0000000140326000-memory.dmp	UPX
behavioral1/files/0x0007000000016597-49.dat	UPX
behavioral1/files/0x0006000000016cab-90.dat	UPX
behavioral1/files/0x0006000000016cc9-109.dat	UPX
behavioral1/files/0x0006000000016ce1-113.dat	UPX
behavioral1/files/0x0006000000016c7a-107.dat	UPX
behavioral1/files/0x0006000000016c26-104.dat	UPX
behavioral1/files/0x0006000000016cf5-121.dat	UPX
behavioral1/files/0x0006000000016d17-135.dat	UPX
behavioral1/files/0x0006000000016d27-140.dat	UPX
behavioral1/files/0x0006000000016d06-128.dat	UPX
behavioral1/files/0x0006000000016a45-103.dat	UPX
behavioral1/memory/312-100-0x000000013F120000-0x000000013F516000-memory.dmp	UPX
behavioral1/files/0x0006000000016c17-72.dat	UPX
behavioral1/files/0x000a000000015cca-52.dat	UPX
behavioral1/files/0x0006000000016c2e-79.dat	UPX
behavioral1/memory/2600-57-0x000000013FF40000-0x0000000140336000-memory.dmp	UPX
behavioral1/files/0x00060000000167ef-54.dat	UPX
behavioral1/files/0x0006000000016ced-116.dat	UPX
behavioral1/files/0x0006000000017060-192.dat	UPX
behavioral1/files/0x0006000000016d40-169.dat	UPX
behavioral1/files/0x0006000000016d4b-177.dat	UPX
behavioral1/files/0x0006000000016f82-188.dat	UPX
behavioral1/memory/2172-2961-0x000000013F570000-0x000000013F966000-memory.dmp	UPX
behavioral1/files/0x0006000000016d67-184.dat	UPX
behavioral1/files/0x0006000000016d44-174.dat	UPX
behavioral1/files/0x0034000000015c7c-162.dat	UPX
behavioral1/files/0x0006000000016d3b-166.dat	UPX
behavioral1/files/0x0006000000016d1f-137.dat	UPX
behavioral1/files/0x0006000000016d0e-130.dat	UPX
behavioral1/files/0x0006000000016cfe-123.dat	UPX
behavioral1/memory/2928-153-0x000000013F540000-0x000000013F936000-memory.dmp	UPX
behavioral1/memory/2920-150-0x000000013F120000-0x000000013F516000-memory.dmp	UPX
behavioral1/memory/2432-39-0x000000013F2B0000-0x000000013F6A6000-memory.dmp	UPX
behavioral1/files/0x0007000000015cb9-31.dat	UPX
behavioral1/memory/2688-28-0x000000013FD30000-0x0000000140126000-memory.dmp	UPX
behavioral1/memory/2624-20-0x000000013F0A0000-0x000000013F496000-memory.dmp	UPX
behavioral1/memory/3008-14-0x000000013FBF0000-0x000000013FFE6000-memory.dmp	UPX
behavioral1/memory/2432-4037-0x000000013F2B0000-0x000000013F6A6000-memory.dmp	UPX
behavioral1/memory/2688-7204-0x000000013FD30000-0x0000000140126000-memory.dmp	UPX

XMRig Miner payload 47 IoCs

miner

resource	yara_rule
behavioral1/files/0x000d0000000153cf-2.dat	xmrig
behavioral1/memory/2172-7-0x000000013F570000-0x000000013F966000-memory.dmp	xmrig
behavioral1/files/0x0036000000015c6d-9.dat	xmrig
behavioral1/files/0x0007000000015cad-15.dat	xmrig
behavioral1/files/0x001400000000549e-38.dat	xmrig
behavioral1/files/0x0008000000015cdb-46.dat	xmrig
behavioral1/memory/2392-76-0x000000013FAF0000-0x000000013FEE6000-memory.dmp	xmrig
behavioral1/memory/2784-91-0x000000013FF30000-0x0000000140326000-memory.dmp	xmrig
behavioral1/files/0x0007000000016597-49.dat	xmrig
behavioral1/files/0x0006000000016cab-90.dat	xmrig
behavioral1/files/0x0006000000016cc9-109.dat	xmrig
behavioral1/files/0x0006000000016ce1-113.dat	xmrig
behavioral1/files/0x0006000000016c7a-107.dat	xmrig
behavioral1/files/0x0006000000016c26-104.dat	xmrig
behavioral1/files/0x0006000000016cf5-121.dat	xmrig
behavioral1/files/0x0006000000016d17-135.dat	xmrig
behavioral1/files/0x0006000000016d27-140.dat	xmrig
behavioral1/files/0x0006000000016d06-128.dat	xmrig
behavioral1/files/0x0006000000016a45-103.dat	xmrig
behavioral1/memory/312-100-0x000000013F120000-0x000000013F516000-memory.dmp	xmrig
behavioral1/files/0x0006000000016c17-72.dat	xmrig
behavioral1/files/0x000a000000015cca-52.dat	xmrig
behavioral1/files/0x0006000000016c2e-79.dat	xmrig
behavioral1/memory/2600-57-0x000000013FF40000-0x0000000140336000-memory.dmp	xmrig
behavioral1/files/0x00060000000167ef-54.dat	xmrig
behavioral1/files/0x0006000000016ced-116.dat	xmrig
behavioral1/files/0x0006000000017060-192.dat	xmrig
behavioral1/files/0x0006000000016d40-169.dat	xmrig
behavioral1/files/0x0006000000016d4b-177.dat	xmrig
behavioral1/files/0x0006000000016f82-188.dat	xmrig
behavioral1/memory/2172-2961-0x000000013F570000-0x000000013F966000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d67-184.dat	xmrig
behavioral1/files/0x0006000000016d44-174.dat	xmrig
behavioral1/files/0x0034000000015c7c-162.dat	xmrig
behavioral1/files/0x0006000000016d3b-166.dat	xmrig
behavioral1/files/0x0006000000016d1f-137.dat	xmrig
behavioral1/files/0x0006000000016d0e-130.dat	xmrig
behavioral1/files/0x0006000000016cfe-123.dat	xmrig
behavioral1/memory/2928-153-0x000000013F540000-0x000000013F936000-memory.dmp	xmrig
behavioral1/memory/2920-150-0x000000013F120000-0x000000013F516000-memory.dmp	xmrig
behavioral1/memory/2432-39-0x000000013F2B0000-0x000000013F6A6000-memory.dmp	xmrig
behavioral1/files/0x0007000000015cb9-31.dat	xmrig
behavioral1/memory/2688-28-0x000000013FD30000-0x0000000140126000-memory.dmp	xmrig
behavioral1/memory/2624-20-0x000000013F0A0000-0x000000013F496000-memory.dmp	xmrig
behavioral1/memory/3008-14-0x000000013FBF0000-0x000000013FFE6000-memory.dmp	xmrig
behavioral1/memory/2432-4037-0x000000013F2B0000-0x000000013F6A6000-memory.dmp	xmrig
behavioral1/memory/2688-7204-0x000000013FD30000-0x0000000140126000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
3012	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
3008	aCkbrOg.exe
2688	NOPATWP.exe
2624	LNEnrfE.exe
2432	RKfXkhE.exe
2600	wbuoubM.exe
2392	nxifSJg.exe
312	urqCtTJ.exe
2920	fReAUhl.exe
2784	dfkDzqP.exe
2928	gSxeHbq.exe
1240	GnGDhkX.exe
2912	RdANJnX.exe
2748	cyqvlzJ.exe
2924	ZVJkPqA.exe
3044	fbYblGX.exe
1312	tnsEtkT.exe
112	bbsfxuq.exe
2276	MjwXxUo.exe
1252	gVNtVGC.exe
2060	FCfOJYA.exe
2708	kfrFXBB.exe
2040	FtnDWgn.exe
1624	sluuXWH.exe
1988	HUZYoCT.exe
2012	pOasppt.exe
2436	ZoAQMme.exe
1136	fhDfchT.exe
2084	UPJBgwH.exe
1792	TXGBbbp.exe
3048	BpvYWwR.exe
452	OGVPWcn.exe
2828	XWyTxKw.exe
800	AgrlDcz.exe
1540	yPaDRWP.exe
240	QKGVJEN.exe
1888	POvrucS.exe
956	tJNVfIX.exe
1640	NqMLYrf.exe
768	Auryrya.exe
108	zCGnNka.exe
548	KguYmpG.exe
1560	WBIsMRt.exe
876	sZAfmuZ.exe
1736	ccnDQFC.exe
1568	VDPPeMb.exe
2976	ubyAtQX.exe
1500	cSkgzeD.exe
2592	BxSMRUT.exe
2424	RqytRcN.exe
1628	cgKYnKo.exe
2448	UbdAIqh.exe
2616	MaKKgIB.exe
1616	XwbeXUt.exe
2496	uqJfSxA.exe
2284	qZBvDpm.exe
2744	zgLpIua.exe
1936	nPfXgcb.exe
1464	RbVYrHj.exe
1780	AoHaEJK.exe
2652	QVevTSv.exe
1456	YphDZeI.exe
2844	JvCVzhl.exe
2260	JklRWLK.exe
2512	kTWFGyo.exe

Loads dropped DLL 64 IoCs

pid	Process
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe

UPX packed file 47 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000d0000000153cf-2.dat	upx
behavioral1/memory/2172-7-0x000000013F570000-0x000000013F966000-memory.dmp	upx
behavioral1/files/0x0036000000015c6d-9.dat	upx
behavioral1/files/0x0007000000015cad-15.dat	upx
behavioral1/files/0x001400000000549e-38.dat	upx
behavioral1/files/0x0008000000015cdb-46.dat	upx
behavioral1/memory/2392-76-0x000000013FAF0000-0x000000013FEE6000-memory.dmp	upx
behavioral1/memory/2784-91-0x000000013FF30000-0x0000000140326000-memory.dmp	upx
behavioral1/files/0x0007000000016597-49.dat	upx
behavioral1/files/0x0006000000016cab-90.dat	upx
behavioral1/files/0x0006000000016cc9-109.dat	upx
behavioral1/files/0x0006000000016ce1-113.dat	upx
behavioral1/files/0x0006000000016c7a-107.dat	upx
behavioral1/files/0x0006000000016c26-104.dat	upx
behavioral1/files/0x0006000000016cf5-121.dat	upx
behavioral1/files/0x0006000000016d17-135.dat	upx
behavioral1/files/0x0006000000016d27-140.dat	upx
behavioral1/files/0x0006000000016d06-128.dat	upx
behavioral1/files/0x0006000000016a45-103.dat	upx
behavioral1/memory/312-100-0x000000013F120000-0x000000013F516000-memory.dmp	upx
behavioral1/files/0x0006000000016c17-72.dat	upx
behavioral1/files/0x000a000000015cca-52.dat	upx
behavioral1/files/0x0006000000016c2e-79.dat	upx
behavioral1/memory/2600-57-0x000000013FF40000-0x0000000140336000-memory.dmp	upx
behavioral1/files/0x00060000000167ef-54.dat	upx
behavioral1/files/0x0006000000016ced-116.dat	upx
behavioral1/files/0x0006000000017060-192.dat	upx
behavioral1/files/0x0006000000016d40-169.dat	upx
behavioral1/files/0x0006000000016d4b-177.dat	upx
behavioral1/files/0x0006000000016f82-188.dat	upx
behavioral1/memory/2172-2961-0x000000013F570000-0x000000013F966000-memory.dmp	upx
behavioral1/files/0x0006000000016d67-184.dat	upx
behavioral1/files/0x0006000000016d44-174.dat	upx
behavioral1/files/0x0034000000015c7c-162.dat	upx
behavioral1/files/0x0006000000016d3b-166.dat	upx
behavioral1/files/0x0006000000016d1f-137.dat	upx
behavioral1/files/0x0006000000016d0e-130.dat	upx
behavioral1/files/0x0006000000016cfe-123.dat	upx
behavioral1/memory/2928-153-0x000000013F540000-0x000000013F936000-memory.dmp	upx
behavioral1/memory/2920-150-0x000000013F120000-0x000000013F516000-memory.dmp	upx
behavioral1/memory/2432-39-0x000000013F2B0000-0x000000013F6A6000-memory.dmp	upx
behavioral1/files/0x0007000000015cb9-31.dat	upx
behavioral1/memory/2688-28-0x000000013FD30000-0x0000000140126000-memory.dmp	upx
behavioral1/memory/2624-20-0x000000013F0A0000-0x000000013F496000-memory.dmp	upx
behavioral1/memory/3008-14-0x000000013FBF0000-0x000000013FFE6000-memory.dmp	upx
behavioral1/memory/2432-4037-0x000000013F2B0000-0x000000013F6A6000-memory.dmp	upx
behavioral1/memory/2688-7204-0x000000013FD30000-0x0000000140126000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\lhvBDek.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\dRhysOC.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\CzyaRTp.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\wQXqQNR.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\gYPjgmM.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\SOrCFhb.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\qZUqLGY.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\IyKRDsG.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\OXbFsbp.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\JEPGwNk.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\RBpvbfG.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\FKJNnuU.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\CJlMLDk.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\FYYglTY.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\ufooQWi.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\TLYzsgd.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\JFuTaCb.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\SOIyvfT.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\aXDMqwG.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\hsUgpsG.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\cQPpLQC.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\ORZphUz.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\mKckJmN.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\yRCbCIP.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\qoTHOOB.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\VPJsnGS.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\oTuyISl.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\TmZIeLr.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\MUfPywg.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\VZXvYuT.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\XInTuoh.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\wgoiPqS.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\pJblcnA.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\muzoUqG.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\jimmnFS.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\WBvpWCB.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\mqlfFDh.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\fVBtSHC.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\JYAHPRz.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\VOIAhzn.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\gGLOjLD.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\mMuegzv.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\tvmOnIV.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\ZXDRZWn.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\erZIafJ.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\PlUGiri.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\KJVaUSx.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\AxHnYwG.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\OUbuNRj.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\HuNOjYU.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\TRabAGo.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\ivKegtG.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\WMRtElV.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\ZtGbuzs.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\tUoghwb.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\RyBzJjB.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\IdSjDwb.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\hCXEuHN.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\EgkXbhP.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\zkVBEkx.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\joKMPih.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\tQLWlRY.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\sTTyQOv.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
File created	C:\Windows\System\bxexkMu.exe	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
3012	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
Token: SeLockMemoryPrivilege	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
Token: SeDebugPrivilege	3012	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 3012	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	29
PID 2172 wrote to memory of 3012	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	29
PID 2172 wrote to memory of 3012	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	29
PID 2172 wrote to memory of 3008	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	30
PID 2172 wrote to memory of 3008	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	30
PID 2172 wrote to memory of 3008	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	30
PID 2172 wrote to memory of 2624	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	31
PID 2172 wrote to memory of 2624	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	31
PID 2172 wrote to memory of 2624	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	31
PID 2172 wrote to memory of 2688	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	32
PID 2172 wrote to memory of 2688	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	32
PID 2172 wrote to memory of 2688	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	32
PID 2172 wrote to memory of 2432	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	33
PID 2172 wrote to memory of 2432	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	33
PID 2172 wrote to memory of 2432	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	33
PID 2172 wrote to memory of 2600	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	34
PID 2172 wrote to memory of 2600	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	34
PID 2172 wrote to memory of 2600	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	34
PID 2172 wrote to memory of 2392	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	35
PID 2172 wrote to memory of 2392	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	35
PID 2172 wrote to memory of 2392	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	35
PID 2172 wrote to memory of 312	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	36
PID 2172 wrote to memory of 312	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	36
PID 2172 wrote to memory of 312	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	36
PID 2172 wrote to memory of 2912	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	37
PID 2172 wrote to memory of 2912	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	37
PID 2172 wrote to memory of 2912	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	37
PID 2172 wrote to memory of 2920	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	38
PID 2172 wrote to memory of 2920	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	38
PID 2172 wrote to memory of 2920	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	38
PID 2172 wrote to memory of 2748	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	39
PID 2172 wrote to memory of 2748	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	39
PID 2172 wrote to memory of 2748	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	39
PID 2172 wrote to memory of 2784	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	40
PID 2172 wrote to memory of 2784	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	40
PID 2172 wrote to memory of 2784	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	40
PID 2172 wrote to memory of 2924	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	41
PID 2172 wrote to memory of 2924	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	41
PID 2172 wrote to memory of 2924	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	41
PID 2172 wrote to memory of 2928	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	42
PID 2172 wrote to memory of 2928	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	42
PID 2172 wrote to memory of 2928	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	42
PID 2172 wrote to memory of 3044	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	43
PID 2172 wrote to memory of 3044	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	43
PID 2172 wrote to memory of 3044	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	43
PID 2172 wrote to memory of 1240	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	44
PID 2172 wrote to memory of 1240	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	44
PID 2172 wrote to memory of 1240	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	44
PID 2172 wrote to memory of 1312	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	45
PID 2172 wrote to memory of 1312	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	45
PID 2172 wrote to memory of 1312	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	45
PID 2172 wrote to memory of 112	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	46
PID 2172 wrote to memory of 112	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	46
PID 2172 wrote to memory of 112	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	46
PID 2172 wrote to memory of 2708	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	47
PID 2172 wrote to memory of 2708	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	47
PID 2172 wrote to memory of 2708	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	47
PID 2172 wrote to memory of 2276	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	48
PID 2172 wrote to memory of 2276	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	48
PID 2172 wrote to memory of 2276	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	48
PID 2172 wrote to memory of 2040	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	49
PID 2172 wrote to memory of 2040	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	49
PID 2172 wrote to memory of 2040	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	49
PID 2172 wrote to memory of 1252	2172	2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe	50

C:\Users\Admin\AppData\Local\Temp\2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe
"C:\Users\Admin\AppData\Local\Temp\2579a9ccecddaa24caab396acd79808249b01418650698fa9cd49655b886bafc.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3012
- C:\Windows\System\aCkbrOg.exe
  C:\Windows\System\aCkbrOg.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\LNEnrfE.exe
  C:\Windows\System\LNEnrfE.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\NOPATWP.exe
  C:\Windows\System\NOPATWP.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\RKfXkhE.exe
  C:\Windows\System\RKfXkhE.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\wbuoubM.exe
  C:\Windows\System\wbuoubM.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\nxifSJg.exe
  C:\Windows\System\nxifSJg.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\urqCtTJ.exe
  C:\Windows\System\urqCtTJ.exe
  2⤵
  - Executes dropped EXE
  PID:312
- C:\Windows\System\RdANJnX.exe
  C:\Windows\System\RdANJnX.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\fReAUhl.exe
  C:\Windows\System\fReAUhl.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\cyqvlzJ.exe
  C:\Windows\System\cyqvlzJ.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\dfkDzqP.exe
  C:\Windows\System\dfkDzqP.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\ZVJkPqA.exe
  C:\Windows\System\ZVJkPqA.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\gSxeHbq.exe
  C:\Windows\System\gSxeHbq.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\fbYblGX.exe
  C:\Windows\System\fbYblGX.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\GnGDhkX.exe
  C:\Windows\System\GnGDhkX.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\tnsEtkT.exe
  C:\Windows\System\tnsEtkT.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\bbsfxuq.exe
  C:\Windows\System\bbsfxuq.exe
  2⤵
  - Executes dropped EXE
  PID:112
- C:\Windows\System\kfrFXBB.exe
  C:\Windows\System\kfrFXBB.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\MjwXxUo.exe
  C:\Windows\System\MjwXxUo.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\FtnDWgn.exe
  C:\Windows\System\FtnDWgn.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\gVNtVGC.exe
  C:\Windows\System\gVNtVGC.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\sluuXWH.exe
  C:\Windows\System\sluuXWH.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\FCfOJYA.exe
  C:\Windows\System\FCfOJYA.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\HUZYoCT.exe
  C:\Windows\System\HUZYoCT.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\pOasppt.exe
  C:\Windows\System\pOasppt.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\ZoAQMme.exe
  C:\Windows\System\ZoAQMme.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\fhDfchT.exe
  C:\Windows\System\fhDfchT.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\TXGBbbp.exe
  C:\Windows\System\TXGBbbp.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\UPJBgwH.exe
  C:\Windows\System\UPJBgwH.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\OGVPWcn.exe
  C:\Windows\System\OGVPWcn.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\BpvYWwR.exe
  C:\Windows\System\BpvYWwR.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\AgrlDcz.exe
  C:\Windows\System\AgrlDcz.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\XWyTxKw.exe
  C:\Windows\System\XWyTxKw.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\POvrucS.exe
  C:\Windows\System\POvrucS.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\yPaDRWP.exe
  C:\Windows\System\yPaDRWP.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\Auryrya.exe
  C:\Windows\System\Auryrya.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\QKGVJEN.exe
  C:\Windows\System\QKGVJEN.exe
  2⤵
  - Executes dropped EXE
  PID:240
- C:\Windows\System\zCGnNka.exe
  C:\Windows\System\zCGnNka.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\tJNVfIX.exe
  C:\Windows\System\tJNVfIX.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\KguYmpG.exe
  C:\Windows\System\KguYmpG.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\NqMLYrf.exe
  C:\Windows\System\NqMLYrf.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\iQkzWob.exe
  C:\Windows\System\iQkzWob.exe
  2⤵
  PID:2136
- C:\Windows\System\WBIsMRt.exe
  C:\Windows\System\WBIsMRt.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\DwBXJZA.exe
  C:\Windows\System\DwBXJZA.exe
  2⤵
  PID:1180
- C:\Windows\System\sZAfmuZ.exe
  C:\Windows\System\sZAfmuZ.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\mxFGgnU.exe
  C:\Windows\System\mxFGgnU.exe
  2⤵
  PID:1612
- C:\Windows\System\ccnDQFC.exe
  C:\Windows\System\ccnDQFC.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\bEieCBN.exe
  C:\Windows\System\bEieCBN.exe
  2⤵
  PID:1724
- C:\Windows\System\VDPPeMb.exe
  C:\Windows\System\VDPPeMb.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\DOMbUdu.exe
  C:\Windows\System\DOMbUdu.exe
  2⤵
  PID:1872
- C:\Windows\System\ubyAtQX.exe
  C:\Windows\System\ubyAtQX.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\LfeSiMg.exe
  C:\Windows\System\LfeSiMg.exe
  2⤵
  PID:2508
- C:\Windows\System\cSkgzeD.exe
  C:\Windows\System\cSkgzeD.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\EabhBMP.exe
  C:\Windows\System\EabhBMP.exe
  2⤵
  PID:2296
- C:\Windows\System\BxSMRUT.exe
  C:\Windows\System\BxSMRUT.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\DslWTHD.exe
  C:\Windows\System\DslWTHD.exe
  2⤵
  PID:2700
- C:\Windows\System\RqytRcN.exe
  C:\Windows\System\RqytRcN.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\aDIdXpS.exe
  C:\Windows\System\aDIdXpS.exe
  2⤵
  PID:2416
- C:\Windows\System\cgKYnKo.exe
  C:\Windows\System\cgKYnKo.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\nmoSOCX.exe
  C:\Windows\System\nmoSOCX.exe
  2⤵
  PID:2884
- C:\Windows\System\UbdAIqh.exe
  C:\Windows\System\UbdAIqh.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\YBedSbp.exe
  C:\Windows\System\YBedSbp.exe
  2⤵
  PID:2456
- C:\Windows\System\MaKKgIB.exe
  C:\Windows\System\MaKKgIB.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\fVAhoxI.exe
  C:\Windows\System\fVAhoxI.exe
  2⤵
  PID:2024
- C:\Windows\System\XwbeXUt.exe
  C:\Windows\System\XwbeXUt.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\DLToWMq.exe
  C:\Windows\System\DLToWMq.exe
  2⤵
  PID:2772
- C:\Windows\System\uqJfSxA.exe
  C:\Windows\System\uqJfSxA.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\fQkUdtN.exe
  C:\Windows\System\fQkUdtN.exe
  2⤵
  PID:1256
- C:\Windows\System\qZBvDpm.exe
  C:\Windows\System\qZBvDpm.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\ydNivVh.exe
  C:\Windows\System\ydNivVh.exe
  2⤵
  PID:2564
- C:\Windows\System\zgLpIua.exe
  C:\Windows\System\zgLpIua.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\ZSkDWUT.exe
  C:\Windows\System\ZSkDWUT.exe
  2⤵
  PID:2192
- C:\Windows\System\nPfXgcb.exe
  C:\Windows\System\nPfXgcb.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\lhLKkee.exe
  C:\Windows\System\lhLKkee.exe
  2⤵
  PID:696
- C:\Windows\System\RbVYrHj.exe
  C:\Windows\System\RbVYrHj.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\PdZpSDU.exe
  C:\Windows\System\PdZpSDU.exe
  2⤵
  PID:412
- C:\Windows\System\AoHaEJK.exe
  C:\Windows\System\AoHaEJK.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\AtngLyI.exe
  C:\Windows\System\AtngLyI.exe
  2⤵
  PID:1596
- C:\Windows\System\QVevTSv.exe
  C:\Windows\System\QVevTSv.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\tqKzoAR.exe
  C:\Windows\System\tqKzoAR.exe
  2⤵
  PID:648
- C:\Windows\System\YphDZeI.exe
  C:\Windows\System\YphDZeI.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\AnEkMSq.exe
  C:\Windows\System\AnEkMSq.exe
  2⤵
  PID:2184
- C:\Windows\System\JvCVzhl.exe
  C:\Windows\System\JvCVzhl.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\ucfWOkA.exe
  C:\Windows\System\ucfWOkA.exe
  2⤵
  PID:2000
- C:\Windows\System\JklRWLK.exe
  C:\Windows\System\JklRWLK.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\ewOBFJa.exe
  C:\Windows\System\ewOBFJa.exe
  2⤵
  PID:1524
- C:\Windows\System\kTWFGyo.exe
  C:\Windows\System\kTWFGyo.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\HyXuKnB.exe
  C:\Windows\System\HyXuKnB.exe
  2⤵
  PID:2568
- C:\Windows\System\SRZQXjy.exe
  C:\Windows\System\SRZQXjy.exe
  2⤵
  PID:2032
- C:\Windows\System\fKUHxDu.exe
  C:\Windows\System\fKUHxDu.exe
  2⤵
  PID:272
- C:\Windows\System\BRvHibb.exe
  C:\Windows\System\BRvHibb.exe
  2⤵
  PID:2316
- C:\Windows\System\XNYHBLw.exe
  C:\Windows\System\XNYHBLw.exe
  2⤵
  PID:1696
- C:\Windows\System\duEvWmW.exe
  C:\Windows\System\duEvWmW.exe
  2⤵
  PID:1212
- C:\Windows\System\zdDtJzf.exe
  C:\Windows\System\zdDtJzf.exe
  2⤵
  PID:980
- C:\Windows\System\LadEhYv.exe
  C:\Windows\System\LadEhYv.exe
  2⤵
  PID:1900
- C:\Windows\System\YDlBTwC.exe
  C:\Windows\System\YDlBTwC.exe
  2⤵
  PID:2396
- C:\Windows\System\mNhcUKD.exe
  C:\Windows\System\mNhcUKD.exe
  2⤵
  PID:3088
- C:\Windows\System\uChKeQE.exe
  C:\Windows\System\uChKeQE.exe
  2⤵
  PID:3104
- C:\Windows\System\CNaYkIT.exe
  C:\Windows\System\CNaYkIT.exe
  2⤵
  PID:3120
- C:\Windows\System\ZwthbRN.exe
  C:\Windows\System\ZwthbRN.exe
  2⤵
  PID:3136
- C:\Windows\System\PFtxsvb.exe
  C:\Windows\System\PFtxsvb.exe
  2⤵
  PID:3152
- C:\Windows\System\kuFkpKB.exe
  C:\Windows\System\kuFkpKB.exe
  2⤵
  PID:3168
- C:\Windows\System\bsErIbA.exe
  C:\Windows\System\bsErIbA.exe
  2⤵
  PID:3184
- C:\Windows\System\FapSogk.exe
  C:\Windows\System\FapSogk.exe
  2⤵
  PID:3200
- C:\Windows\System\tHfaRyF.exe
  C:\Windows\System\tHfaRyF.exe
  2⤵
  PID:3216
- C:\Windows\System\UjZzXMQ.exe
  C:\Windows\System\UjZzXMQ.exe
  2⤵
  PID:3232
- C:\Windows\System\rlxBaDO.exe
  C:\Windows\System\rlxBaDO.exe
  2⤵
  PID:3248
- C:\Windows\System\KoLEmhY.exe
  C:\Windows\System\KoLEmhY.exe
  2⤵
  PID:3264
- C:\Windows\System\LUXLzAg.exe
  C:\Windows\System\LUXLzAg.exe
  2⤵
  PID:3280
- C:\Windows\System\mKfXOvO.exe
  C:\Windows\System\mKfXOvO.exe
  2⤵
  PID:3296
- C:\Windows\System\FzUYZBA.exe
  C:\Windows\System\FzUYZBA.exe
  2⤵
  PID:3316
- C:\Windows\System\onnmofn.exe
  C:\Windows\System\onnmofn.exe
  2⤵
  PID:3336
- C:\Windows\System\UCEECyc.exe
  C:\Windows\System\UCEECyc.exe
  2⤵
  PID:3352
- C:\Windows\System\SEzhlhG.exe
  C:\Windows\System\SEzhlhG.exe
  2⤵
  PID:3368
- C:\Windows\System\ZFievgL.exe
  C:\Windows\System\ZFievgL.exe
  2⤵
  PID:3384
- C:\Windows\System\ZLXDVrO.exe
  C:\Windows\System\ZLXDVrO.exe
  2⤵
  PID:3400
- C:\Windows\System\ztMBKMT.exe
  C:\Windows\System\ztMBKMT.exe
  2⤵
  PID:3416
- C:\Windows\System\KCYZycw.exe
  C:\Windows\System\KCYZycw.exe
  2⤵
  PID:3432
- C:\Windows\System\nlQvDbm.exe
  C:\Windows\System\nlQvDbm.exe
  2⤵
  PID:3448
- C:\Windows\System\HRVSGPY.exe
  C:\Windows\System\HRVSGPY.exe
  2⤵
  PID:3464
- C:\Windows\System\KMglhmy.exe
  C:\Windows\System\KMglhmy.exe
  2⤵
  PID:3480
- C:\Windows\System\WRMJfjn.exe
  C:\Windows\System\WRMJfjn.exe
  2⤵
  PID:3496
- C:\Windows\System\fMmhrht.exe
  C:\Windows\System\fMmhrht.exe
  2⤵
  PID:3528
- C:\Windows\System\DWdTUKq.exe
  C:\Windows\System\DWdTUKq.exe
  2⤵
  PID:3552
- C:\Windows\System\zROGCka.exe
  C:\Windows\System\zROGCka.exe
  2⤵
  PID:3600
- C:\Windows\System\dKzbqOt.exe
  C:\Windows\System\dKzbqOt.exe
  2⤵
  PID:3632
- C:\Windows\System\lBQUuyZ.exe
  C:\Windows\System\lBQUuyZ.exe
  2⤵
  PID:3692
- C:\Windows\System\opSWydf.exe
  C:\Windows\System\opSWydf.exe
  2⤵
  PID:3720
- C:\Windows\System\ENUxliN.exe
  C:\Windows\System\ENUxliN.exe
  2⤵
  PID:3736
- C:\Windows\System\UijNybf.exe
  C:\Windows\System\UijNybf.exe
  2⤵
  PID:3752
- C:\Windows\System\uGHKeSX.exe
  C:\Windows\System\uGHKeSX.exe
  2⤵
  PID:3768
- C:\Windows\System\FbeBtxK.exe
  C:\Windows\System\FbeBtxK.exe
  2⤵
  PID:3784
- C:\Windows\System\XgUzxoZ.exe
  C:\Windows\System\XgUzxoZ.exe
  2⤵
  PID:3804
- C:\Windows\System\BqukPxu.exe
  C:\Windows\System\BqukPxu.exe
  2⤵
  PID:3832
- C:\Windows\System\FGJeCJK.exe
  C:\Windows\System\FGJeCJK.exe
  2⤵
  PID:3848
- C:\Windows\System\TuAfQOc.exe
  C:\Windows\System\TuAfQOc.exe
  2⤵
  PID:3864
- C:\Windows\System\THNhXDl.exe
  C:\Windows\System\THNhXDl.exe
  2⤵
  PID:3880
- C:\Windows\System\rzIzXTU.exe
  C:\Windows\System\rzIzXTU.exe
  2⤵
  PID:3900
- C:\Windows\System\UjyiYWZ.exe
  C:\Windows\System\UjyiYWZ.exe
  2⤵
  PID:3920
- C:\Windows\System\uEaoBvY.exe
  C:\Windows\System\uEaoBvY.exe
  2⤵
  PID:3936
- C:\Windows\System\uWAMCpg.exe
  C:\Windows\System\uWAMCpg.exe
  2⤵
  PID:3952
- C:\Windows\System\dacNSmi.exe
  C:\Windows\System\dacNSmi.exe
  2⤵
  PID:3976
- C:\Windows\System\Plwuwcj.exe
  C:\Windows\System\Plwuwcj.exe
  2⤵
  PID:3996
- C:\Windows\System\QFzbNyT.exe
  C:\Windows\System\QFzbNyT.exe
  2⤵
  PID:4016
- C:\Windows\System\hlHFAeS.exe
  C:\Windows\System\hlHFAeS.exe
  2⤵
  PID:4036
- C:\Windows\System\CnVEtWp.exe
  C:\Windows\System\CnVEtWp.exe
  2⤵
  PID:4080
- C:\Windows\System\TTgdypE.exe
  C:\Windows\System\TTgdypE.exe
  2⤵
  PID:2760
- C:\Windows\System\iGNFtYI.exe
  C:\Windows\System\iGNFtYI.exe
  2⤵
  PID:2800
- C:\Windows\System\OktXUKD.exe
  C:\Windows\System\OktXUKD.exe
  2⤵
  PID:3128
- C:\Windows\System\CBwiZro.exe
  C:\Windows\System\CBwiZro.exe
  2⤵
  PID:3192
- C:\Windows\System\jiXItBf.exe
  C:\Windows\System\jiXItBf.exe
  2⤵
  PID:1296
- C:\Windows\System\ihcQNDx.exe
  C:\Windows\System\ihcQNDx.exe
  2⤵
  PID:284
- C:\Windows\System\HRhwoBX.exe
  C:\Windows\System\HRhwoBX.exe
  2⤵
  PID:3260
- C:\Windows\System\DAYTbKk.exe
  C:\Windows\System\DAYTbKk.exe
  2⤵
  PID:3328
- C:\Windows\System\RQTZJQp.exe
  C:\Windows\System\RQTZJQp.exe
  2⤵
  PID:3704
- C:\Windows\System\jEIHpmj.exe
  C:\Windows\System\jEIHpmj.exe
  2⤵
  PID:3780
- C:\Windows\System\HqfvdPG.exe
  C:\Windows\System\HqfvdPG.exe
  2⤵
  PID:3828
- C:\Windows\System\CuOfWCf.exe
  C:\Windows\System\CuOfWCf.exe
  2⤵
  PID:3892
- C:\Windows\System\CKALfUF.exe
  C:\Windows\System\CKALfUF.exe
  2⤵
  PID:3164
- C:\Windows\System\rXXTsuC.exe
  C:\Windows\System\rXXTsuC.exe
  2⤵
  PID:3080
- C:\Windows\System\mnHNSvV.exe
  C:\Windows\System\mnHNSvV.exe
  2⤵
  PID:3856
- C:\Windows\System\reSGLOP.exe
  C:\Windows\System\reSGLOP.exe
  2⤵
  PID:1952
- C:\Windows\System\ScdaEMM.exe
  C:\Windows\System\ScdaEMM.exe
  2⤵
  PID:3032
- C:\Windows\System\xRUHqXb.exe
  C:\Windows\System\xRUHqXb.exe
  2⤵
  PID:2532
- C:\Windows\System\NLnmQYc.exe
  C:\Windows\System\NLnmQYc.exe
  2⤵
  PID:1276
- C:\Windows\System\dpPzMpb.exe
  C:\Windows\System\dpPzMpb.exe
  2⤵
  PID:3288
- C:\Windows\System\JKJIvnA.exe
  C:\Windows\System\JKJIvnA.exe
  2⤵
  PID:2220
- C:\Windows\System\ztigKqk.exe
  C:\Windows\System\ztigKqk.exe
  2⤵
  PID:1440
- C:\Windows\System\RHgEydH.exe
  C:\Windows\System\RHgEydH.exe
  2⤵
  PID:1528
- C:\Windows\System\gSKVVTv.exe
  C:\Windows\System\gSKVVTv.exe
  2⤵
  PID:2952
- C:\Windows\System\faOUJbx.exe
  C:\Windows\System\faOUJbx.exe
  2⤵
  PID:2108
- C:\Windows\System\hyUTCCE.exe
  C:\Windows\System\hyUTCCE.exe
  2⤵
  PID:1768
- C:\Windows\System\sEyfdLx.exe
  C:\Windows\System\sEyfdLx.exe
  2⤵
  PID:2308
- C:\Windows\System\AdTfLDP.exe
  C:\Windows\System\AdTfLDP.exe
  2⤵
  PID:1644
- C:\Windows\System\qwPNJBq.exe
  C:\Windows\System\qwPNJBq.exe
  2⤵
  PID:2640
- C:\Windows\System\ABEDzei.exe
  C:\Windows\System\ABEDzei.exe
  2⤵
  PID:2604
- C:\Windows\System\QkbwIhI.exe
  C:\Windows\System\QkbwIhI.exe
  2⤵
  PID:3148
- C:\Windows\System\MCqvTsv.exe
  C:\Windows\System\MCqvTsv.exe
  2⤵
  PID:3240
- C:\Windows\System\bwNsLzd.exe
  C:\Windows\System\bwNsLzd.exe
  2⤵
  PID:3312
- C:\Windows\System\QxZXyht.exe
  C:\Windows\System\QxZXyht.exe
  2⤵
  PID:3444
- C:\Windows\System\lVQraox.exe
  C:\Windows\System\lVQraox.exe
  2⤵
  PID:3508
- C:\Windows\System\joHUWBA.exe
  C:\Windows\System\joHUWBA.exe
  2⤵
  PID:3524
- C:\Windows\System\HLQJMNR.exe
  C:\Windows\System\HLQJMNR.exe
  2⤵
  PID:3580
- C:\Windows\System\JNdLROf.exe
  C:\Windows\System\JNdLROf.exe
  2⤵
  PID:3596
- C:\Windows\System\LMzcPkv.exe
  C:\Windows\System\LMzcPkv.exe
  2⤵
  PID:3660
- C:\Windows\System\czcpaLh.exe
  C:\Windows\System\czcpaLh.exe
  2⤵
  PID:3676
- C:\Windows\System\oLtzkrz.exe
  C:\Windows\System\oLtzkrz.exe
  2⤵
  PID:3732
- C:\Windows\System\fdvrSFp.exe
  C:\Windows\System\fdvrSFp.exe
  2⤵
  PID:3796
- C:\Windows\System\RDDAZwV.exe
  C:\Windows\System\RDDAZwV.exe
  2⤵
  PID:3872
- C:\Windows\System\YWtAddd.exe
  C:\Windows\System\YWtAddd.exe
  2⤵
  PID:3916
- C:\Windows\System\mGoQHgB.exe
  C:\Windows\System\mGoQHgB.exe
  2⤵
  PID:3992
- C:\Windows\System\gdoUZcM.exe
  C:\Windows\System\gdoUZcM.exe
  2⤵
  PID:4088
- C:\Windows\System\ScSTyIR.exe
  C:\Windows\System\ScSTyIR.exe
  2⤵
  PID:3096
- C:\Windows\System\FoGwPcQ.exe
  C:\Windows\System\FoGwPcQ.exe
  2⤵
  PID:960
- C:\Windows\System\luQHCGH.exe
  C:\Windows\System\luQHCGH.exe
  2⤵
  PID:3364
- C:\Windows\System\RxaELCq.exe
  C:\Windows\System\RxaELCq.exe
  2⤵
  PID:1676
- C:\Windows\System\SDKVreq.exe
  C:\Windows\System\SDKVreq.exe
  2⤵
  PID:2944
- C:\Windows\System\ZKgNZle.exe
  C:\Windows\System\ZKgNZle.exe
  2⤵
  PID:3456
- C:\Windows\System\jnxXeRG.exe
  C:\Windows\System\jnxXeRG.exe
  2⤵
  PID:2020
- C:\Windows\System\Unjpqzj.exe
  C:\Windows\System\Unjpqzj.exe
  2⤵
  PID:3616
- C:\Windows\System\AtprRKa.exe
  C:\Windows\System\AtprRKa.exe
  2⤵
  PID:3624
- C:\Windows\System\FKJNnuU.exe
  C:\Windows\System\FKJNnuU.exe
  2⤵
  PID:3700
- C:\Windows\System\RgeRRKx.exe
  C:\Windows\System\RgeRRKx.exe
  2⤵
  PID:1924
- C:\Windows\System\CtBXasj.exe
  C:\Windows\System\CtBXasj.exe
  2⤵
  PID:3932
- C:\Windows\System\HAkrQYA.exe
  C:\Windows\System\HAkrQYA.exe
  2⤵
  PID:3972
- C:\Windows\System\jkvERWz.exe
  C:\Windows\System\jkvERWz.exe
  2⤵
  PID:4064
- C:\Windows\System\qQHtwGn.exe
  C:\Windows\System\qQHtwGn.exe
  2⤵
  PID:3112
- C:\Windows\System\psDhKOs.exe
  C:\Windows\System\psDhKOs.exe
  2⤵
  PID:2608
- C:\Windows\System\XHibWaU.exe
  C:\Windows\System\XHibWaU.exe
  2⤵
  PID:2716
- C:\Windows\System\nomabwR.exe
  C:\Windows\System\nomabwR.exe
  2⤵
  PID:2520
- C:\Windows\System\tfZWFLh.exe
  C:\Windows\System\tfZWFLh.exe
  2⤵
  PID:1784
- C:\Windows\System\ItECCNs.exe
  C:\Windows\System\ItECCNs.exe
  2⤵
  PID:2812
- C:\Windows\System\NgIBGnl.exe
  C:\Windows\System\NgIBGnl.exe
  2⤵
  PID:596
- C:\Windows\System\WEQXUBi.exe
  C:\Windows\System\WEQXUBi.exe
  2⤵
  PID:276
- C:\Windows\System\nMdVfPe.exe
  C:\Windows\System\nMdVfPe.exe
  2⤵
  PID:1316
- C:\Windows\System\oTCbgQq.exe
  C:\Windows\System\oTCbgQq.exe
  2⤵
  PID:3304
- C:\Windows\System\lgkOEvz.exe
  C:\Windows\System\lgkOEvz.exe
  2⤵
  PID:880
- C:\Windows\System\OCPIRCb.exe
  C:\Windows\System\OCPIRCb.exe
  2⤵
  PID:3208
- C:\Windows\System\MAunYmI.exe
  C:\Windows\System\MAunYmI.exe
  2⤵
  PID:3476
- C:\Windows\System\HBJjvih.exe
  C:\Windows\System\HBJjvih.exe
  2⤵
  PID:3576
- C:\Windows\System\luqNcaI.exe
  C:\Windows\System\luqNcaI.exe
  2⤵
  PID:3516
- C:\Windows\System\ZYLbfZL.exe
  C:\Windows\System\ZYLbfZL.exe
  2⤵
  PID:3728
- C:\Windows\System\xEgZbdj.exe
  C:\Windows\System\xEgZbdj.exe
  2⤵
  PID:3592
- C:\Windows\System\kDZexeE.exe
  C:\Windows\System\kDZexeE.exe
  2⤵
  PID:3672
- C:\Windows\System\SPCkaTG.exe
  C:\Windows\System\SPCkaTG.exe
  2⤵
  PID:4028
- C:\Windows\System\XSiwQSo.exe
  C:\Windows\System\XSiwQSo.exe
  2⤵
  PID:560
- C:\Windows\System\EKgVhbr.exe
  C:\Windows\System\EKgVhbr.exe
  2⤵
  PID:3424
- C:\Windows\System\nUBYcpl.exe
  C:\Windows\System\nUBYcpl.exe
  2⤵
  PID:1504
- C:\Windows\System\NGNIRHC.exe
  C:\Windows\System\NGNIRHC.exe
  2⤵
  PID:4044
- C:\Windows\System\zKOOeHy.exe
  C:\Windows\System\zKOOeHy.exe
  2⤵
  PID:2668
- C:\Windows\System\gigIJuk.exe
  C:\Windows\System\gigIJuk.exe
  2⤵
  PID:1100
- C:\Windows\System\bczIkqm.exe
  C:\Windows\System\bczIkqm.exe
  2⤵
  PID:3620
- C:\Windows\System\GsqBFwY.exe
  C:\Windows\System\GsqBFwY.exe
  2⤵
  PID:3748
- C:\Windows\System\bhuvzDk.exe
  C:\Windows\System\bhuvzDk.exe
  2⤵
  PID:1104
- C:\Windows\System\KvCXwpt.exe
  C:\Windows\System\KvCXwpt.exe
  2⤵
  PID:1532
- C:\Windows\System\deJVQyr.exe
  C:\Windows\System\deJVQyr.exe
  2⤵
  PID:3028
- C:\Windows\System\FYYcHkY.exe
  C:\Windows\System\FYYcHkY.exe
  2⤵
  PID:1520
- C:\Windows\System\CGYGzvg.exe
  C:\Windows\System\CGYGzvg.exe
  2⤵
  PID:788
- C:\Windows\System\XsTJgKH.exe
  C:\Windows\System\XsTJgKH.exe
  2⤵
  PID:1260
- C:\Windows\System\nMNxuzH.exe
  C:\Windows\System\nMNxuzH.exe
  2⤵
  PID:2792
- C:\Windows\System\kTgjhXP.exe
  C:\Windows\System\kTgjhXP.exe
  2⤵
  PID:3412
- C:\Windows\System\Mkxbhlu.exe
  C:\Windows\System\Mkxbhlu.exe
  2⤵
  PID:3568
- C:\Windows\System\EKMIqUY.exe
  C:\Windows\System\EKMIqUY.exe
  2⤵
  PID:1548
- C:\Windows\System\IhhGXfn.exe
  C:\Windows\System\IhhGXfn.exe
  2⤵
  PID:3764
- C:\Windows\System\FFDirnk.exe
  C:\Windows\System\FFDirnk.exe
  2⤵
  PID:4056
- C:\Windows\System\CJvnYto.exe
  C:\Windows\System\CJvnYto.exe
  2⤵
  PID:3844
- C:\Windows\System\PANKbko.exe
  C:\Windows\System\PANKbko.exe
  2⤵
  PID:3428
- C:\Windows\System\uGEZMqT.exe
  C:\Windows\System\uGEZMqT.exe
  2⤵
  PID:3292
- C:\Windows\System\tOsqgKX.exe
  C:\Windows\System\tOsqgKX.exe
  2⤵
  PID:3652
- C:\Windows\System\EtLPzFR.exe
  C:\Windows\System\EtLPzFR.exe
  2⤵
  PID:3948
- C:\Windows\System\pzgmOmf.exe
  C:\Windows\System\pzgmOmf.exe
  2⤵
  PID:3488
- C:\Windows\System\ARYuCBj.exe
  C:\Windows\System\ARYuCBj.exe
  2⤵
  PID:4072
- C:\Windows\System\GlHotZi.exe
  C:\Windows\System\GlHotZi.exe
  2⤵
  PID:2764
- C:\Windows\System\bUlULsN.exe
  C:\Windows\System\bUlULsN.exe
  2⤵
  PID:1580
- C:\Windows\System\sVekaep.exe
  C:\Windows\System\sVekaep.exe
  2⤵
  PID:3040
- C:\Windows\System\fxWzdlr.exe
  C:\Windows\System\fxWzdlr.exe
  2⤵
  PID:2240
- C:\Windows\System\ZUuIFfB.exe
  C:\Windows\System\ZUuIFfB.exe
  2⤵
  PID:2852
- C:\Windows\System\UywUpcA.exe
  C:\Windows\System\UywUpcA.exe
  2⤵
  PID:3572
- C:\Windows\System\ufNtXbl.exe
  C:\Windows\System\ufNtXbl.exe
  2⤵
  PID:1120
- C:\Windows\System\tNorAeG.exe
  C:\Windows\System\tNorAeG.exe
  2⤵
  PID:4012
- C:\Windows\System\siYPWWR.exe
  C:\Windows\System\siYPWWR.exe
  2⤵
  PID:3380
- C:\Windows\System\FIQtqCq.exe
  C:\Windows\System\FIQtqCq.exe
  2⤵
  PID:3540
- C:\Windows\System\jeXXRMe.exe
  C:\Windows\System\jeXXRMe.exe
  2⤵
  PID:4104
- C:\Windows\System\IwSrpCo.exe
  C:\Windows\System\IwSrpCo.exe
  2⤵
  PID:4140
- C:\Windows\System\BCSgSZM.exe
  C:\Windows\System\BCSgSZM.exe
  2⤵
  PID:4212
- C:\Windows\System\JBdwUQm.exe
  C:\Windows\System\JBdwUQm.exe
  2⤵
  PID:4228
- C:\Windows\System\lJmebSK.exe
  C:\Windows\System\lJmebSK.exe
  2⤵
  PID:4244
- C:\Windows\System\GohlRFC.exe
  C:\Windows\System\GohlRFC.exe
  2⤵
  PID:4260
- C:\Windows\System\aOIPOwd.exe
  C:\Windows\System\aOIPOwd.exe
  2⤵
  PID:4276
- C:\Windows\System\BIHbmfj.exe
  C:\Windows\System\BIHbmfj.exe
  2⤵
  PID:4292
- C:\Windows\System\KAUyuYi.exe
  C:\Windows\System\KAUyuYi.exe
  2⤵
  PID:4308
- C:\Windows\System\ePYfYpa.exe
  C:\Windows\System\ePYfYpa.exe
  2⤵
  PID:4324
- C:\Windows\System\erbYKnF.exe
  C:\Windows\System\erbYKnF.exe
  2⤵
  PID:4344
- C:\Windows\System\XsusBbP.exe
  C:\Windows\System\XsusBbP.exe
  2⤵
  PID:4360
- C:\Windows\System\ZUCoqLD.exe
  C:\Windows\System\ZUCoqLD.exe
  2⤵
  PID:4376
- C:\Windows\System\ivtHxdo.exe
  C:\Windows\System\ivtHxdo.exe
  2⤵
  PID:4392
- C:\Windows\System\SMztRnV.exe
  C:\Windows\System\SMztRnV.exe
  2⤵
  PID:4408
- C:\Windows\System\XudzCEk.exe
  C:\Windows\System\XudzCEk.exe
  2⤵
  PID:4424
- C:\Windows\System\jvFKTuw.exe
  C:\Windows\System\jvFKTuw.exe
  2⤵
  PID:4444
- C:\Windows\System\MiPUEwZ.exe
  C:\Windows\System\MiPUEwZ.exe
  2⤵
  PID:4460
- C:\Windows\System\gxzrqNL.exe
  C:\Windows\System\gxzrqNL.exe
  2⤵
  PID:4480
- C:\Windows\System\ggzuMtI.exe
  C:\Windows\System\ggzuMtI.exe
  2⤵
  PID:4496
- C:\Windows\System\ygJLcfU.exe
  C:\Windows\System\ygJLcfU.exe
  2⤵
  PID:4516
- C:\Windows\System\NRYCJeH.exe
  C:\Windows\System\NRYCJeH.exe
  2⤵
  PID:4532
- C:\Windows\System\BSobQPw.exe
  C:\Windows\System\BSobQPw.exe
  2⤵
  PID:4548
- C:\Windows\System\AxSvZAX.exe
  C:\Windows\System\AxSvZAX.exe
  2⤵
  PID:4628
- C:\Windows\System\tQLWlRY.exe
  C:\Windows\System\tQLWlRY.exe
  2⤵
  PID:4644
- C:\Windows\System\oTCGrIT.exe
  C:\Windows\System\oTCGrIT.exe
  2⤵
  PID:4664
- C:\Windows\System\zdiXkvw.exe
  C:\Windows\System\zdiXkvw.exe
  2⤵
  PID:4680
- C:\Windows\System\BzPqOVm.exe
  C:\Windows\System\BzPqOVm.exe
  2⤵
  PID:4696
- C:\Windows\System\AhTyCDs.exe
  C:\Windows\System\AhTyCDs.exe
  2⤵
  PID:4712
- C:\Windows\System\xZvZsIX.exe
  C:\Windows\System\xZvZsIX.exe
  2⤵
  PID:4728
- C:\Windows\System\hNfzSkp.exe
  C:\Windows\System\hNfzSkp.exe
  2⤵
  PID:4744
- C:\Windows\System\ypafmCb.exe
  C:\Windows\System\ypafmCb.exe
  2⤵
  PID:4760
- C:\Windows\System\LoZYROH.exe
  C:\Windows\System\LoZYROH.exe
  2⤵
  PID:4784
- C:\Windows\System\WLIJboB.exe
  C:\Windows\System\WLIJboB.exe
  2⤵
  PID:4800
- C:\Windows\System\IjPWrLN.exe
  C:\Windows\System\IjPWrLN.exe
  2⤵
  PID:4816
- C:\Windows\System\YYyGmVG.exe
  C:\Windows\System\YYyGmVG.exe
  2⤵
  PID:4832
- C:\Windows\System\PvGsQpb.exe
  C:\Windows\System\PvGsQpb.exe
  2⤵
  PID:4884
- C:\Windows\System\dElrdDG.exe
  C:\Windows\System\dElrdDG.exe
  2⤵
  PID:4900
- C:\Windows\System\XhWfGQg.exe
  C:\Windows\System\XhWfGQg.exe
  2⤵
  PID:4924
- C:\Windows\System\Zabstsc.exe
  C:\Windows\System\Zabstsc.exe
  2⤵
  PID:4940
- C:\Windows\System\WFVwZSs.exe
  C:\Windows\System\WFVwZSs.exe
  2⤵
  PID:4968
- C:\Windows\System\dkhsOLW.exe
  C:\Windows\System\dkhsOLW.exe
  2⤵
  PID:4984
- C:\Windows\System\dECNQxm.exe
  C:\Windows\System\dECNQxm.exe
  2⤵
  PID:5004
- C:\Windows\System\XLjkMcX.exe
  C:\Windows\System\XLjkMcX.exe
  2⤵
  PID:5020
- C:\Windows\System\vRGAHzJ.exe
  C:\Windows\System\vRGAHzJ.exe
  2⤵
  PID:5052
- C:\Windows\System\QoLQSWM.exe
  C:\Windows\System\QoLQSWM.exe
  2⤵
  PID:5068
- C:\Windows\System\opZWQjR.exe
  C:\Windows\System\opZWQjR.exe
  2⤵
  PID:5084
- C:\Windows\System\ZrBAZKM.exe
  C:\Windows\System\ZrBAZKM.exe
  2⤵
  PID:5100
- C:\Windows\System\fKQmNWf.exe
  C:\Windows\System\fKQmNWf.exe
  2⤵
  PID:5116
- C:\Windows\System\qDjMZFt.exe
  C:\Windows\System\qDjMZFt.exe
  2⤵
  PID:2264
- C:\Windows\System\MmmzLMn.exe
  C:\Windows\System\MmmzLMn.exe
  2⤵
  PID:2664
- C:\Windows\System\HXKuYgD.exe
  C:\Windows\System\HXKuYgD.exe
  2⤵
  PID:2364
- C:\Windows\System\zLvWskw.exe
  C:\Windows\System\zLvWskw.exe
  2⤵
  PID:4124
- C:\Windows\System\ugJlkpZ.exe
  C:\Windows\System\ugJlkpZ.exe
  2⤵
  PID:4136
- C:\Windows\System\KrnxxVV.exe
  C:\Windows\System\KrnxxVV.exe
  2⤵
  PID:752
- C:\Windows\System\vYqvPUB.exe
  C:\Windows\System\vYqvPUB.exe
  2⤵
  PID:4148
- C:\Windows\System\yKVPgdw.exe
  C:\Windows\System\yKVPgdw.exe
  2⤵
  PID:4172
- C:\Windows\System\wRXIhcD.exe
  C:\Windows\System\wRXIhcD.exe
  2⤵
  PID:3440
- C:\Windows\System\sLHYLVY.exe
  C:\Windows\System\sLHYLVY.exe
  2⤵
  PID:4048
- C:\Windows\System\qdGyrRV.exe
  C:\Windows\System\qdGyrRV.exe
  2⤵
  PID:4180
- C:\Windows\System\OcOYZjN.exe
  C:\Windows\System\OcOYZjN.exe
  2⤵
  PID:4200
- C:\Windows\System\hLvtYHJ.exe
  C:\Windows\System\hLvtYHJ.exe
  2⤵
  PID:4240
- C:\Windows\System\EdinhMO.exe
  C:\Windows\System\EdinhMO.exe
  2⤵
  PID:4304
- C:\Windows\System\WMlsyXa.exe
  C:\Windows\System\WMlsyXa.exe
  2⤵
  PID:4400
- C:\Windows\System\mDCSDod.exe
  C:\Windows\System\mDCSDod.exe
  2⤵
  PID:4468
- C:\Windows\System\ypVSAbq.exe
  C:\Windows\System\ypVSAbq.exe
  2⤵
  PID:4540
- C:\Windows\System\fYhTdgk.exe
  C:\Windows\System\fYhTdgk.exe
  2⤵
  PID:4436
- C:\Windows\System\oNdYhvJ.exe
  C:\Windows\System\oNdYhvJ.exe
  2⤵
  PID:4560
- C:\Windows\System\kiazRXR.exe
  C:\Windows\System\kiazRXR.exe
  2⤵
  PID:4316
- C:\Windows\System\HdvSTGZ.exe
  C:\Windows\System\HdvSTGZ.exe
  2⤵
  PID:4388
- C:\Windows\System\QQIkSXc.exe
  C:\Windows\System\QQIkSXc.exe
  2⤵
  PID:4488
- C:\Windows\System\AzRlWPk.exe
  C:\Windows\System\AzRlWPk.exe
  2⤵
  PID:4568
- C:\Windows\System\DbTjObN.exe
  C:\Windows\System\DbTjObN.exe
  2⤵
  PID:4596
- C:\Windows\System\kyYDmBd.exe
  C:\Windows\System\kyYDmBd.exe
  2⤵
  PID:4608
- C:\Windows\System\ZSaUkXm.exe
  C:\Windows\System\ZSaUkXm.exe
  2⤵
  PID:4624
- C:\Windows\System\VxirUtD.exe
  C:\Windows\System\VxirUtD.exe
  2⤵
  PID:4740
- C:\Windows\System\DBGwONr.exe
  C:\Windows\System\DBGwONr.exe
  2⤵
  PID:4768
- C:\Windows\System\oCgLUWI.exe
  C:\Windows\System\oCgLUWI.exe
  2⤵
  PID:4780
- C:\Windows\System\CgeypMj.exe
  C:\Windows\System\CgeypMj.exe
  2⤵
  PID:4692
- C:\Windows\System\kFziWbW.exe
  C:\Windows\System\kFziWbW.exe
  2⤵
  PID:4796
- C:\Windows\System\AxbOvpf.exe
  C:\Windows\System\AxbOvpf.exe
  2⤵
  PID:4844
- C:\Windows\System\DRzRpFW.exe
  C:\Windows\System\DRzRpFW.exe
  2⤵
  PID:4872
- C:\Windows\System\zQtEvrP.exe
  C:\Windows\System\zQtEvrP.exe
  2⤵
  PID:4892
- C:\Windows\System\BKxZouG.exe
  C:\Windows\System\BKxZouG.exe
  2⤵
  PID:4880
- C:\Windows\System\KAjvhdj.exe
  C:\Windows\System\KAjvhdj.exe
  2⤵
  PID:4912
- C:\Windows\System\HmwLUSl.exe
  C:\Windows\System\HmwLUSl.exe
  2⤵
  PID:2420
- C:\Windows\System\UvKqQeh.exe
  C:\Windows\System\UvKqQeh.exe
  2⤵
  PID:5032
- C:\Windows\System\MIaNvIe.exe
  C:\Windows\System\MIaNvIe.exe
  2⤵
  PID:5012
- C:\Windows\System\GmbePSp.exe
  C:\Windows\System\GmbePSp.exe
  2⤵
  PID:5048
- C:\Windows\System\WTbjdow.exe
  C:\Windows\System\WTbjdow.exe
  2⤵
  PID:5096
- C:\Windows\System\YZdtOgd.exe
  C:\Windows\System\YZdtOgd.exe
  2⤵
  PID:5112
- C:\Windows\System\KrLCgNK.exe
  C:\Windows\System\KrLCgNK.exe
  2⤵
  PID:2168
- C:\Windows\System\okVHAqS.exe
  C:\Windows\System\okVHAqS.exe
  2⤵
  PID:5076
- C:\Windows\System\ggXAjrA.exe
  C:\Windows\System\ggXAjrA.exe
  2⤵
  PID:4120
- C:\Windows\System\CsZfEDC.exe
  C:\Windows\System\CsZfEDC.exe
  2⤵
  PID:4156
- C:\Windows\System\WGAMlEB.exe
  C:\Windows\System\WGAMlEB.exe
  2⤵
  PID:4008
- C:\Windows\System\PgbeMeP.exe
  C:\Windows\System\PgbeMeP.exe
  2⤵
  PID:4272
- C:\Windows\System\YONLPIi.exe
  C:\Windows\System\YONLPIi.exe
  2⤵
  PID:3668
- C:\Windows\System\SNYtrPC.exe
  C:\Windows\System\SNYtrPC.exe
  2⤵
  PID:4440
- C:\Windows\System\QnSLSGG.exe
  C:\Windows\System\QnSLSGG.exe
  2⤵
  PID:4160
- C:\Windows\System\nIyuBLX.exe
  C:\Windows\System\nIyuBLX.exe
  2⤵
  PID:4168
- C:\Windows\System\nsWUZAA.exe
  C:\Windows\System\nsWUZAA.exe
  2⤵
  PID:4504
- C:\Windows\System\thEKWtl.exe
  C:\Windows\System\thEKWtl.exe
  2⤵
  PID:4528
- C:\Windows\System\cLAyigF.exe
  C:\Windows\System\cLAyigF.exe
  2⤵
  PID:4420
- C:\Windows\System\BFQmtLR.exe
  C:\Windows\System\BFQmtLR.exe
  2⤵
  PID:4456
- C:\Windows\System\tboAPFv.exe
  C:\Windows\System\tboAPFv.exe
  2⤵
  PID:4688
- C:\Windows\System\DElLqEt.exe
  C:\Windows\System\DElLqEt.exe
  2⤵
  PID:4704
- C:\Windows\System\NdxKzpR.exe
  C:\Windows\System\NdxKzpR.exe
  2⤵
  PID:776
- C:\Windows\System\pINSMVk.exe
  C:\Windows\System\pINSMVk.exe
  2⤵
  PID:4960
- C:\Windows\System\ldKiDBa.exe
  C:\Windows\System\ldKiDBa.exe
  2⤵
  PID:912
- C:\Windows\System\BRUgayc.exe
  C:\Windows\System\BRUgayc.exe
  2⤵
  PID:3228
- C:\Windows\System\IQlZNGP.exe
  C:\Windows\System\IQlZNGP.exe
  2⤵
  PID:4908
- C:\Windows\System\xzEVxpw.exe
  C:\Windows\System\xzEVxpw.exe
  2⤵
  PID:4524
- C:\Windows\System\cwRYuNo.exe
  C:\Windows\System\cwRYuNo.exe
  2⤵
  PID:4600
- C:\Windows\System\UoSbRWj.exe
  C:\Windows\System\UoSbRWj.exe
  2⤵
  PID:4708
- C:\Windows\System\FZZteva.exe
  C:\Windows\System\FZZteva.exe
  2⤵
  PID:4848
- C:\Windows\System\pveTLHQ.exe
  C:\Windows\System\pveTLHQ.exe
  2⤵
  PID:4936
- C:\Windows\System\AZJeBhO.exe
  C:\Windows\System\AZJeBhO.exe
  2⤵
  PID:4980
- C:\Windows\System\QZfXeUd.exe
  C:\Windows\System\QZfXeUd.exe
  2⤵
  PID:3180
- C:\Windows\System\sOudFTg.exe
  C:\Windows\System\sOudFTg.exe
  2⤵
  PID:4220
- C:\Windows\System\RtyltLf.exe
  C:\Windows\System\RtyltLf.exe
  2⤵
  PID:4100
- C:\Windows\System\rqnBBmx.exe
  C:\Windows\System\rqnBBmx.exe
  2⤵
  PID:4252
- C:\Windows\System\gBKosIK.exe
  C:\Windows\System\gBKosIK.exe
  2⤵
  PID:4656
- C:\Windows\System\WrIAxxM.exe
  C:\Windows\System\WrIAxxM.exe
  2⤵
  PID:5044
- C:\Windows\System\twGArhS.exe
  C:\Windows\System\twGArhS.exe
  2⤵
  PID:4068
- C:\Windows\System\SkQGeIE.exe
  C:\Windows\System\SkQGeIE.exe
  2⤵
  PID:4192
- C:\Windows\System\nQTYxwA.exe
  C:\Windows\System\nQTYxwA.exe
  2⤵
  PID:5000
- C:\Windows\System\gKUzEHl.exe
  C:\Windows\System\gKUzEHl.exe
  2⤵
  PID:4556
- C:\Windows\System\rnLsPIw.exe
  C:\Windows\System\rnLsPIw.exe
  2⤵
  PID:4356
- C:\Windows\System\TmTPgbW.exe
  C:\Windows\System\TmTPgbW.exe
  2⤵
  PID:4320
- C:\Windows\System\mVterrJ.exe
  C:\Windows\System\mVterrJ.exe
  2⤵
  PID:4976
- C:\Windows\System\VMAtzZF.exe
  C:\Windows\System\VMAtzZF.exe
  2⤵
  PID:4340
- C:\Windows\System\xjtNUqS.exe
  C:\Windows\System\xjtNUqS.exe
  2⤵
  PID:5016
- C:\Windows\System\woLrEHf.exe
  C:\Windows\System\woLrEHf.exe
  2⤵
  PID:5064
- C:\Windows\System\NLMuqPw.exe
  C:\Windows\System\NLMuqPw.exe
  2⤵
  PID:2460
- C:\Windows\System\IooOkjD.exe
  C:\Windows\System\IooOkjD.exe
  2⤵
  PID:5108
- C:\Windows\System\UQnDSdo.exe
  C:\Windows\System\UQnDSdo.exe
  2⤵
  PID:4996
- C:\Windows\System\SpzshcX.exe
  C:\Windows\System\SpzshcX.exe
  2⤵
  PID:2360
- C:\Windows\System\JzbPaIf.exe
  C:\Windows\System\JzbPaIf.exe
  2⤵
  PID:3408
- C:\Windows\System\qdOIYeI.exe
  C:\Windows\System\qdOIYeI.exe
  2⤵
  PID:2052
- C:\Windows\System\IuSkYOZ.exe
  C:\Windows\System\IuSkYOZ.exe
  2⤵
  PID:4336
- C:\Windows\System\wUsGwLn.exe
  C:\Windows\System\wUsGwLn.exe
  2⤵
  PID:4724
- C:\Windows\System\tUoghwb.exe
  C:\Windows\System\tUoghwb.exe
  2⤵
  PID:4952
- C:\Windows\System\uzoRpFL.exe
  C:\Windows\System\uzoRpFL.exe
  2⤵
  PID:4188
- C:\Windows\System\JxOsxAQ.exe
  C:\Windows\System\JxOsxAQ.exe
  2⤵
  PID:4288
- C:\Windows\System\QcYwmxU.exe
  C:\Windows\System\QcYwmxU.exe
  2⤵
  PID:4916
- C:\Windows\System\HJPIeOm.exe
  C:\Windows\System\HJPIeOm.exe
  2⤵
  PID:1352
- C:\Windows\System\skoGAFW.exe
  C:\Windows\System\skoGAFW.exe
  2⤵
  PID:4564
- C:\Windows\System\BoatWCP.exe
  C:\Windows\System\BoatWCP.exe
  2⤵
  PID:5132
- C:\Windows\System\hSWcPyG.exe
  C:\Windows\System\hSWcPyG.exe
  2⤵
  PID:5156
- C:\Windows\System\BvvzWrg.exe
  C:\Windows\System\BvvzWrg.exe
  2⤵
  PID:5172
- C:\Windows\System\tasDzbR.exe
  C:\Windows\System\tasDzbR.exe
  2⤵
  PID:5192
- C:\Windows\System\gWJqLeR.exe
  C:\Windows\System\gWJqLeR.exe
  2⤵
  PID:5208
- C:\Windows\System\PMvlFWf.exe
  C:\Windows\System\PMvlFWf.exe
  2⤵
  PID:5232
- C:\Windows\System\qnhlGIZ.exe
  C:\Windows\System\qnhlGIZ.exe
  2⤵
  PID:5252
- C:\Windows\System\pQGfXEb.exe
  C:\Windows\System\pQGfXEb.exe
  2⤵
  PID:5272
- C:\Windows\System\GaPqvHu.exe
  C:\Windows\System\GaPqvHu.exe
  2⤵
  PID:5288
- C:\Windows\System\fJVfwWZ.exe
  C:\Windows\System\fJVfwWZ.exe
  2⤵
  PID:5308
- C:\Windows\System\fbeQeQR.exe
  C:\Windows\System\fbeQeQR.exe
  2⤵
  PID:5324
- C:\Windows\System\CpoAHrS.exe
  C:\Windows\System\CpoAHrS.exe
  2⤵
  PID:5340
- C:\Windows\System\wjiMFmB.exe
  C:\Windows\System\wjiMFmB.exe
  2⤵
  PID:5360
- C:\Windows\System\oVNCAyp.exe
  C:\Windows\System\oVNCAyp.exe
  2⤵
  PID:5376
- C:\Windows\System\dFEPiOe.exe
  C:\Windows\System\dFEPiOe.exe
  2⤵
  PID:5396
- C:\Windows\System\XDVtuIz.exe
  C:\Windows\System\XDVtuIz.exe
  2⤵
  PID:5416
- C:\Windows\System\dWxFGnE.exe
  C:\Windows\System\dWxFGnE.exe
  2⤵
  PID:5432
- C:\Windows\System\IeIbrdr.exe
  C:\Windows\System\IeIbrdr.exe
  2⤵
  PID:5452
- C:\Windows\System\xNFXKxB.exe
  C:\Windows\System\xNFXKxB.exe
  2⤵
  PID:5472
- C:\Windows\System\kjiSiFM.exe
  C:\Windows\System\kjiSiFM.exe
  2⤵
  PID:5492
- C:\Windows\System\QHtEQbG.exe
  C:\Windows\System\QHtEQbG.exe
  2⤵
  PID:5508
- C:\Windows\System\jmceQAF.exe
  C:\Windows\System\jmceQAF.exe
  2⤵
  PID:5528
- C:\Windows\System\FCrYvTE.exe
  C:\Windows\System\FCrYvTE.exe
  2⤵
  PID:5548
- C:\Windows\System\tkuJvUh.exe
  C:\Windows\System\tkuJvUh.exe
  2⤵
  PID:5568
- C:\Windows\System\SHrZCso.exe
  C:\Windows\System\SHrZCso.exe
  2⤵
  PID:5584
- C:\Windows\System\XgbeLge.exe
  C:\Windows\System\XgbeLge.exe
  2⤵
  PID:5604
- C:\Windows\System\xNizRzY.exe
  C:\Windows\System\xNizRzY.exe
  2⤵
  PID:5624
- C:\Windows\System\JTuFHLi.exe
  C:\Windows\System\JTuFHLi.exe
  2⤵
  PID:5648
- C:\Windows\System\LWeopAa.exe
  C:\Windows\System\LWeopAa.exe
  2⤵
  PID:5668
- C:\Windows\System\xlTFzYp.exe
  C:\Windows\System\xlTFzYp.exe
  2⤵
  PID:5684
- C:\Windows\System\AgsWSRm.exe
  C:\Windows\System\AgsWSRm.exe
  2⤵
  PID:5704
- C:\Windows\System\dwbOQbX.exe
  C:\Windows\System\dwbOQbX.exe
  2⤵
  PID:5720
- C:\Windows\System\NbUdbJw.exe
  C:\Windows\System\NbUdbJw.exe
  2⤵
  PID:5736
- C:\Windows\System\vnKbJFb.exe
  C:\Windows\System\vnKbJFb.exe
  2⤵
  PID:5752
- C:\Windows\System\gMGiXED.exe
  C:\Windows\System\gMGiXED.exe
  2⤵
  PID:5776
- C:\Windows\System\JzKjnPO.exe
  C:\Windows\System\JzKjnPO.exe
  2⤵
  PID:5796
- C:\Windows\System\dCEKsKZ.exe
  C:\Windows\System\dCEKsKZ.exe
  2⤵
  PID:5812
- C:\Windows\System\aOHUrVp.exe
  C:\Windows\System\aOHUrVp.exe
  2⤵
  PID:5836
- C:\Windows\System\wIrmjyR.exe
  C:\Windows\System\wIrmjyR.exe
  2⤵
  PID:5860
- C:\Windows\System\JWBnFyo.exe
  C:\Windows\System\JWBnFyo.exe
  2⤵
  PID:5892
- C:\Windows\System\uBqZCFo.exe
  C:\Windows\System\uBqZCFo.exe
  2⤵
  PID:5908
- C:\Windows\System\syGubBj.exe
  C:\Windows\System\syGubBj.exe
  2⤵
  PID:5928
- C:\Windows\System\JfkJCyD.exe
  C:\Windows\System\JfkJCyD.exe
  2⤵
  PID:5944
- C:\Windows\System\DiNsdYE.exe
  C:\Windows\System\DiNsdYE.exe
  2⤵
  PID:5964
- C:\Windows\System\YklhSYS.exe
  C:\Windows\System\YklhSYS.exe
  2⤵
  PID:5980
- C:\Windows\System\OXFEhMj.exe
  C:\Windows\System\OXFEhMj.exe
  2⤵
  PID:6004
- C:\Windows\System\ZcTAPjF.exe
  C:\Windows\System\ZcTAPjF.exe
  2⤵
  PID:6020
- C:\Windows\System\hkzLmNQ.exe
  C:\Windows\System\hkzLmNQ.exe
  2⤵
  PID:6044
- C:\Windows\System\RIwpsrI.exe
  C:\Windows\System\RIwpsrI.exe
  2⤵
  PID:6064
- C:\Windows\System\GKsWEsV.exe
  C:\Windows\System\GKsWEsV.exe
  2⤵
  PID:6084
- C:\Windows\System\cdvhSOu.exe
  C:\Windows\System\cdvhSOu.exe
  2⤵
  PID:6100
- C:\Windows\System\MKpyNoX.exe
  C:\Windows\System\MKpyNoX.exe
  2⤵
  PID:6124
- C:\Windows\System\arFSEsm.exe
  C:\Windows\System\arFSEsm.exe
  2⤵
  PID:1556
- C:\Windows\System\adyWYlN.exe
  C:\Windows\System\adyWYlN.exe
  2⤵
  PID:5204
- C:\Windows\System\CNVRlcj.exe
  C:\Windows\System\CNVRlcj.exe
  2⤵
  PID:5280
- C:\Windows\System\ieZWpka.exe
  C:\Windows\System\ieZWpka.exe
  2⤵
  PID:5356
- C:\Windows\System\QTeBOIQ.exe
  C:\Windows\System\QTeBOIQ.exe
  2⤵
  PID:5392
- C:\Windows\System\HgCEQoV.exe
  C:\Windows\System\HgCEQoV.exe
  2⤵
  PID:2756
- C:\Windows\System\uIlbemc.exe
  C:\Windows\System\uIlbemc.exe
  2⤵
  PID:4196
- C:\Windows\System\QXCqqIA.exe
  C:\Windows\System\QXCqqIA.exe
  2⤵
  PID:4588
- C:\Windows\System\onbCRfu.exe
  C:\Windows\System\onbCRfu.exe
  2⤵
  PID:5504
- C:\Windows\System\EHQQcbQ.exe
  C:\Windows\System\EHQQcbQ.exe
  2⤵
  PID:5700
- C:\Windows\System\zVkLcQZ.exe
  C:\Windows\System\zVkLcQZ.exe
  2⤵
  PID:5804
- C:\Windows\System\dLOXgro.exe
  C:\Windows\System\dLOXgro.exe
  2⤵
  PID:5856
- C:\Windows\System\iEwoAhw.exe
  C:\Windows\System\iEwoAhw.exe
  2⤵
  PID:5936
- C:\Windows\System\kYSlAqj.exe
  C:\Windows\System\kYSlAqj.exe
  2⤵
  PID:5972
- C:\Windows\System\JYUUjys.exe
  C:\Windows\System\JYUUjys.exe
  2⤵
  PID:6012
- C:\Windows\System\SdMYBHj.exe
  C:\Windows\System\SdMYBHj.exe
  2⤵
  PID:6060
- C:\Windows\System\CtocVfN.exe
  C:\Windows\System\CtocVfN.exe
  2⤵
  PID:5188
- C:\Windows\System\boTYMqz.exe
  C:\Windows\System\boTYMqz.exe
  2⤵
  PID:6132
- C:\Windows\System\ZzSFAZN.exe
  C:\Windows\System\ZzSFAZN.exe
  2⤵
  PID:5268
- C:\Windows\System\sltRyhf.exe
  C:\Windows\System\sltRyhf.exe
  2⤵
  PID:5384
- C:\Windows\System\SdRWOuw.exe
  C:\Windows\System\SdRWOuw.exe
  2⤵
  PID:3256
- C:\Windows\System\ntoxBhy.exe
  C:\Windows\System\ntoxBhy.exe
  2⤵
  PID:3392
- C:\Windows\System\ueKTRvi.exe
  C:\Windows\System\ueKTRvi.exe
  2⤵
  PID:5152
- C:\Windows\System\fiGLjSG.exe
  C:\Windows\System\fiGLjSG.exe
  2⤵
  PID:5556
- C:\Windows\System\WfbNhKs.exe
  C:\Windows\System\WfbNhKs.exe
  2⤵
  PID:6120
- C:\Windows\System\ukJCJDV.exe
  C:\Windows\System\ukJCJDV.exe
  2⤵
  PID:5200
- C:\Windows\System\RbJJweK.exe
  C:\Windows\System\RbJJweK.exe
  2⤵
  PID:5228
- C:\Windows\System\USgAntb.exe
  C:\Windows\System\USgAntb.exe
  2⤵
  PID:5304
- C:\Windows\System\HvkVImb.exe
  C:\Windows\System\HvkVImb.exe
  2⤵
  PID:5372
- C:\Windows\System\bbAmTHo.exe
  C:\Windows\System\bbAmTHo.exe
  2⤵
  PID:5520
- C:\Windows\System\TGSpjLB.exe
  C:\Windows\System\TGSpjLB.exe
  2⤵
  PID:6116
- C:\Windows\System\sRaGgqc.exe
  C:\Windows\System\sRaGgqc.exe
  2⤵
  PID:5712
- C:\Windows\System\gDMUdYO.exe
  C:\Windows\System\gDMUdYO.exe
  2⤵
  PID:5820
- C:\Windows\System\dSToeCR.exe
  C:\Windows\System\dSToeCR.exe
  2⤵
  PID:5876
- C:\Windows\System\gCJnaNy.exe
  C:\Windows\System\gCJnaNy.exe
  2⤵
  PID:5916
- C:\Windows\System\MTHBMdj.exe
  C:\Windows\System\MTHBMdj.exe
  2⤵
  PID:5960
- C:\Windows\System\tmANYeO.exe
  C:\Windows\System\tmANYeO.exe
  2⤵
  PID:6000
- C:\Windows\System\RtiuyHP.exe
  C:\Windows\System\RtiuyHP.exe
  2⤵
  PID:6040
- C:\Windows\System\gNjiwhu.exe
  C:\Windows\System\gNjiwhu.exe
  2⤵
  PID:6112
- C:\Windows\System\JYhwoUM.exe
  C:\Windows\System\JYhwoUM.exe
  2⤵
  PID:5408
- C:\Windows\System\NHGJijz.exe
  C:\Windows\System\NHGJijz.exe
  2⤵
  PID:5904
- C:\Windows\System\kHlAVVM.exe
  C:\Windows\System\kHlAVVM.exe
  2⤵
  PID:2908
- C:\Windows\System\FOblFjF.exe
  C:\Windows\System\FOblFjF.exe
  2⤵
  PID:5580
- C:\Windows\System\gOAZIJm.exe
  C:\Windows\System\gOAZIJm.exe
  2⤵
  PID:5656
- C:\Windows\System\YjlFvBj.exe
  C:\Windows\System\YjlFvBj.exe
  2⤵
  PID:5844
- C:\Windows\System\OoMKgFU.exe
  C:\Windows\System\OoMKgFU.exe
  2⤵
  PID:5728
- C:\Windows\System\sOhuZue.exe
  C:\Windows\System\sOhuZue.exe
  2⤵
  PID:1700
- C:\Windows\System\qpJrTjY.exe
  C:\Windows\System\qpJrTjY.exe
  2⤵
  PID:5676
- C:\Windows\System\tuAOqZX.exe
  C:\Windows\System\tuAOqZX.exe
  2⤵
  PID:5388
- C:\Windows\System\nrzwxWK.exe
  C:\Windows\System\nrzwxWK.exe
  2⤵
  PID:5348
- C:\Windows\System\VRtcRVP.exe
  C:\Windows\System\VRtcRVP.exe
  2⤵
  PID:5996
- C:\Windows\System\OtKUYKm.exe
  C:\Windows\System\OtKUYKm.exe
  2⤵
  PID:6108
- C:\Windows\System\maNfKDd.exe
  C:\Windows\System\maNfKDd.exe
  2⤵
  PID:2464
- C:\Windows\System\GeSqumi.exe
  C:\Windows\System\GeSqumi.exe
  2⤵
  PID:5664
- C:\Windows\System\yyJgzPF.exe
  C:\Windows\System\yyJgzPF.exe
  2⤵
  PID:1264
- C:\Windows\System\mBLBNNK.exe
  C:\Windows\System\mBLBNNK.exe
  2⤵
  PID:5148
- C:\Windows\System\ObRKncV.exe
  C:\Windows\System\ObRKncV.exe
  2⤵
  PID:5784
- C:\Windows\System\ksDbiXG.exe
  C:\Windows\System\ksDbiXG.exe
  2⤵
  PID:6056
- C:\Windows\System\pZzGGKR.exe
  C:\Windows\System\pZzGGKR.exe
  2⤵
  PID:2880
- C:\Windows\System\kfKPJmA.exe
  C:\Windows\System\kfKPJmA.exe
  2⤵
  PID:5184
- C:\Windows\System\LpTKAfQ.exe
  C:\Windows\System\LpTKAfQ.exe
  2⤵
  PID:5412
- C:\Windows\System\htrwOZP.exe
  C:\Windows\System\htrwOZP.exe
  2⤵
  PID:4828
- C:\Windows\System\isZiTzC.exe
  C:\Windows\System\isZiTzC.exe
  2⤵
  PID:1552
- C:\Windows\System\xjkKMZu.exe
  C:\Windows\System\xjkKMZu.exe
  2⤵
  PID:1584
- C:\Windows\System\MQxEkfM.exe
  C:\Windows\System\MQxEkfM.exe
  2⤵
  PID:5680
- C:\Windows\System\wYxRpoK.exe
  C:\Windows\System\wYxRpoK.exe
  2⤵
  PID:5300
- C:\Windows\System\zSlCcdv.exe
  C:\Windows\System\zSlCcdv.exe
  2⤵
  PID:5640
- C:\Windows\System\oPMxmgj.exe
  C:\Windows\System\oPMxmgj.exe
  2⤵
  PID:5956
- C:\Windows\System\DINMgxV.exe
  C:\Windows\System\DINMgxV.exe
  2⤵
  PID:2208
- C:\Windows\System\QSpxuBU.exe
  C:\Windows\System\QSpxuBU.exe
  2⤵
  PID:6080
- C:\Windows\System\vUDsbmS.exe
  C:\Windows\System\vUDsbmS.exe
  2⤵
  PID:5696
- C:\Windows\System\UZSeXLI.exe
  C:\Windows\System\UZSeXLI.exe
  2⤵
  PID:5320
- C:\Windows\System\vfGAcuv.exe
  C:\Windows\System\vfGAcuv.exe
  2⤵
  PID:5992
- C:\Windows\System\LbHtjfl.exe
  C:\Windows\System\LbHtjfl.exe
  2⤵
  PID:4584
- C:\Windows\System\gGiExzs.exe
  C:\Windows\System\gGiExzs.exe
  2⤵
  PID:5448
- C:\Windows\System\OmjOWir.exe
  C:\Windows\System\OmjOWir.exe
  2⤵
  PID:6036
- C:\Windows\System\CRlceaM.exe
  C:\Windows\System\CRlceaM.exe
  2⤵
  PID:5336
- C:\Windows\System\wIQcYCv.exe
  C:\Windows\System\wIQcYCv.exe
  2⤵
  PID:5036
- C:\Windows\System\AoUfeIH.exe
  C:\Windows\System\AoUfeIH.exe
  2⤵
  PID:5832
- C:\Windows\System\wiRUmTJ.exe
  C:\Windows\System\wiRUmTJ.exe
  2⤵
  PID:5792
- C:\Windows\System\QtpmXsx.exe
  C:\Windows\System\QtpmXsx.exe
  2⤵
  PID:6096
- C:\Windows\System\RBbMVxB.exe
  C:\Windows\System\RBbMVxB.exe
  2⤵
  PID:5884
- C:\Windows\System\UWVwhOF.exe
  C:\Windows\System\UWVwhOF.exe
  2⤵
  PID:5596
- C:\Windows\System\RCcAHzP.exe
  C:\Windows\System\RCcAHzP.exe
  2⤵
  PID:6164
- C:\Windows\System\FwuXSTz.exe
  C:\Windows\System\FwuXSTz.exe
  2⤵
  PID:6188
- C:\Windows\System\ceVWnMW.exe
  C:\Windows\System\ceVWnMW.exe
  2⤵
  PID:6208
- C:\Windows\System\gqHmtRg.exe
  C:\Windows\System\gqHmtRg.exe
  2⤵
  PID:6232
- C:\Windows\System\YGdCyNz.exe
  C:\Windows\System\YGdCyNz.exe
  2⤵
  PID:6248
- C:\Windows\System\kZmEoya.exe
  C:\Windows\System\kZmEoya.exe
  2⤵
  PID:6268
- C:\Windows\System\oTgzGNH.exe
  C:\Windows\System\oTgzGNH.exe
  2⤵
  PID:6288
- C:\Windows\System\NXTqwRN.exe
  C:\Windows\System\NXTqwRN.exe
  2⤵
  PID:6308
- C:\Windows\System\Mquossj.exe
  C:\Windows\System\Mquossj.exe
  2⤵
  PID:6324
- C:\Windows\System\qIOyLnM.exe
  C:\Windows\System\qIOyLnM.exe
  2⤵
  PID:6348
- C:\Windows\System\GRmILAG.exe
  C:\Windows\System\GRmILAG.exe
  2⤵
  PID:6364
- C:\Windows\System\NqGIEDY.exe
  C:\Windows\System\NqGIEDY.exe
  2⤵
  PID:6384
- C:\Windows\System\SBsRNSq.exe
  C:\Windows\System\SBsRNSq.exe
  2⤵
  PID:6400
- C:\Windows\System\dFAYtlJ.exe
  C:\Windows\System\dFAYtlJ.exe
  2⤵
  PID:6420
- C:\Windows\System\xttQEeu.exe
  C:\Windows\System\xttQEeu.exe
  2⤵
  PID:6440
- C:\Windows\System\PQmKYQD.exe
  C:\Windows\System\PQmKYQD.exe
  2⤵
  PID:6460
- C:\Windows\System\GWkjaBS.exe
  C:\Windows\System\GWkjaBS.exe
  2⤵
  PID:6476
- C:\Windows\System\iBdePVq.exe
  C:\Windows\System\iBdePVq.exe
  2⤵
  PID:6496
- C:\Windows\System\MYekMaf.exe
  C:\Windows\System\MYekMaf.exe
  2⤵
  PID:6512
- C:\Windows\System\KlIPICl.exe
  C:\Windows\System\KlIPICl.exe
  2⤵
  PID:6536
- C:\Windows\System\HPlaDxy.exe
  C:\Windows\System\HPlaDxy.exe
  2⤵
  PID:6552
- C:\Windows\System\sOjqfOw.exe
  C:\Windows\System\sOjqfOw.exe
  2⤵
  PID:6572
- C:\Windows\System\OkWfIwk.exe
  C:\Windows\System\OkWfIwk.exe
  2⤵
  PID:6588
- C:\Windows\System\GjYavmv.exe
  C:\Windows\System\GjYavmv.exe
  2⤵
  PID:6608
- C:\Windows\System\udWwvdi.exe
  C:\Windows\System\udWwvdi.exe
  2⤵
  PID:6628
- C:\Windows\System\RwTlbcP.exe
  C:\Windows\System\RwTlbcP.exe
  2⤵
  PID:6644
- C:\Windows\System\eUARxCM.exe
  C:\Windows\System\eUARxCM.exe
  2⤵
  PID:6660
- C:\Windows\System\uVDTcTr.exe
  C:\Windows\System\uVDTcTr.exe
  2⤵
  PID:6680
- C:\Windows\System\ZhpzBny.exe
  C:\Windows\System\ZhpzBny.exe
  2⤵
  PID:6696
- C:\Windows\System\OLOxDYA.exe
  C:\Windows\System\OLOxDYA.exe
  2⤵
  PID:6720
- C:\Windows\System\ivXVTCU.exe
  C:\Windows\System\ivXVTCU.exe
  2⤵
  PID:6740
- C:\Windows\System\HptsGQo.exe
  C:\Windows\System\HptsGQo.exe
  2⤵
  PID:6760
- C:\Windows\System\TMDVtsO.exe
  C:\Windows\System\TMDVtsO.exe
  2⤵
  PID:6776
- C:\Windows\System\wkIParf.exe
  C:\Windows\System\wkIParf.exe
  2⤵
  PID:6796
- C:\Windows\System\plMQoTw.exe
  C:\Windows\System\plMQoTw.exe
  2⤵
  PID:6816
- C:\Windows\System\RqZVVRM.exe
  C:\Windows\System\RqZVVRM.exe
  2⤵
  PID:6832
- C:\Windows\System\lhvBDek.exe
  C:\Windows\System\lhvBDek.exe
  2⤵
  PID:6852
- C:\Windows\System\gFTxkwu.exe
  C:\Windows\System\gFTxkwu.exe
  2⤵
  PID:6872
- C:\Windows\System\ZSAXYpH.exe
  C:\Windows\System\ZSAXYpH.exe
  2⤵
  PID:6892
- C:\Windows\System\JExSTiU.exe
  C:\Windows\System\JExSTiU.exe
  2⤵
  PID:6908
- C:\Windows\System\pXUvJqh.exe
  C:\Windows\System\pXUvJqh.exe
  2⤵
  PID:6928
- C:\Windows\System\AHxQtNV.exe
  C:\Windows\System\AHxQtNV.exe
  2⤵
  PID:6944
- C:\Windows\System\cHcCCnc.exe
  C:\Windows\System\cHcCCnc.exe
  2⤵
  PID:6960
- C:\Windows\System\PqgDRWP.exe
  C:\Windows\System\PqgDRWP.exe
  2⤵
  PID:6976
- C:\Windows\System\eqoQvWl.exe
  C:\Windows\System\eqoQvWl.exe
  2⤵
  PID:6996
- C:\Windows\System\friVDya.exe
  C:\Windows\System\friVDya.exe
  2⤵
  PID:7016
- C:\Windows\System\Osvthps.exe
  C:\Windows\System\Osvthps.exe
  2⤵
  PID:7036
- C:\Windows\System\tRCftSL.exe
  C:\Windows\System\tRCftSL.exe
  2⤵
  PID:7052
- C:\Windows\System\RIrEzLF.exe
  C:\Windows\System\RIrEzLF.exe
  2⤵
  PID:7072
- C:\Windows\System\YVgIIPv.exe
  C:\Windows\System\YVgIIPv.exe
  2⤵
  PID:7088
- C:\Windows\System\lqahHqd.exe
  C:\Windows\System\lqahHqd.exe
  2⤵
  PID:7104
- C:\Windows\System\ldcxyID.exe
  C:\Windows\System\ldcxyID.exe
  2⤵
  PID:7120
- C:\Windows\System\TRjWJbg.exe
  C:\Windows\System\TRjWJbg.exe
  2⤵
  PID:7144
- C:\Windows\System\aVKkqts.exe
  C:\Windows\System\aVKkqts.exe
  2⤵
  PID:7164
- C:\Windows\System\MainypY.exe
  C:\Windows\System\MainypY.exe
  2⤵
  PID:5924
- C:\Windows\System\mmKqwCK.exe
  C:\Windows\System\mmKqwCK.exe
  2⤵
  PID:5616
- C:\Windows\System\dEkCYbs.exe
  C:\Windows\System\dEkCYbs.exe
  2⤵
  PID:6184
- C:\Windows\System\xlKRGlE.exe
  C:\Windows\System\xlKRGlE.exe
  2⤵
  PID:6228
- C:\Windows\System\BefmOfD.exe
  C:\Windows\System\BefmOfD.exe
  2⤵
  PID:6296
- C:\Windows\System\JpBTxri.exe
  C:\Windows\System\JpBTxri.exe
  2⤵
  PID:6340
- C:\Windows\System\nCcvWHb.exe
  C:\Windows\System\nCcvWHb.exe
  2⤵
  PID:6408
- C:\Windows\System\AsTPKhM.exe
  C:\Windows\System\AsTPKhM.exe
  2⤵
  PID:6452
- C:\Windows\System\iaPGhCw.exe
  C:\Windows\System\iaPGhCw.exe
  2⤵
  PID:6524
- C:\Windows\System\gSuzdrR.exe
  C:\Windows\System\gSuzdrR.exe
  2⤵
  PID:6560
- C:\Windows\System\ELqEjkK.exe
  C:\Windows\System\ELqEjkK.exe
  2⤵
  PID:6600
- C:\Windows\System\TkzVCCM.exe
  C:\Windows\System\TkzVCCM.exe
  2⤵
  PID:6704
- C:\Windows\System\lKDORne.exe
  C:\Windows\System\lKDORne.exe
  2⤵
  PID:7152
- C:\Windows\System\IZPTtIc.exe
  C:\Windows\System\IZPTtIc.exe
  2⤵
  PID:6224
- C:\Windows\System\OLyTLdK.exe
  C:\Windows\System\OLyTLdK.exe
  2⤵
  PID:6416
- C:\Windows\System\WGXkmGH.exe
  C:\Windows\System\WGXkmGH.exe
  2⤵
  PID:6532
- C:\Windows\System\sTTyQOv.exe
  C:\Windows\System\sTTyQOv.exe
  2⤵
  PID:5620
- C:\Windows\System\qBbyvRA.exe
  C:\Windows\System\qBbyvRA.exe
  2⤵
  PID:6992
- C:\Windows\System\DKcBWZG.exe
  C:\Windows\System\DKcBWZG.exe
  2⤵
  PID:7128
- C:\Windows\System\JSshKly.exe
  C:\Windows\System\JSshKly.exe
  2⤵
  PID:6276
- C:\Windows\System\NiKxJWP.exe
  C:\Windows\System\NiKxJWP.exe
  2⤵
  PID:6380
- C:\Windows\System\JrSUOlQ.exe
  C:\Windows\System\JrSUOlQ.exe
  2⤵
  PID:6392
- C:\Windows\System\vPrzJDh.exe
  C:\Windows\System\vPrzJDh.exe
  2⤵
  PID:6716
- C:\Windows\System\HtaSjKp.exe
  C:\Windows\System\HtaSjKp.exe
  2⤵
  PID:4956
- C:\Windows\System\PBAFbdl.exe
  C:\Windows\System\PBAFbdl.exe
  2⤵
  PID:6200
- C:\Windows\System\cgEUgjF.exe
  C:\Windows\System\cgEUgjF.exe
  2⤵
  PID:6824
- C:\Windows\System\ONAVLej.exe
  C:\Windows\System\ONAVLej.exe
  2⤵
  PID:6156
- C:\Windows\System\LMiFyjv.exe
  C:\Windows\System\LMiFyjv.exe
  2⤵
  PID:6864
- C:\Windows\System\XRcScBv.exe
  C:\Windows\System\XRcScBv.exe
  2⤵
  PID:7012
- C:\Windows\System\KuVdwOC.exe
  C:\Windows\System\KuVdwOC.exe
  2⤵
  PID:6284
- C:\Windows\System\lEvzRnw.exe
  C:\Windows\System\lEvzRnw.exe
  2⤵
  PID:6360
- C:\Windows\System\UvGGaSl.exe
  C:\Windows\System\UvGGaSl.exe
  2⤵
  PID:6472
- C:\Windows\System\PFngglW.exe
  C:\Windows\System\PFngglW.exe
  2⤵
  PID:6508
- C:\Windows\System\cafTEZV.exe
  C:\Windows\System\cafTEZV.exe
  2⤵
  PID:6584
- C:\Windows\System\GwzggIw.exe
  C:\Windows\System\GwzggIw.exe
  2⤵
  PID:6652
- C:\Windows\System\xgUXdco.exe
  C:\Windows\System\xgUXdco.exe
  2⤵
  PID:6732
- C:\Windows\System\zByncac.exe
  C:\Windows\System\zByncac.exe
  2⤵
  PID:6804
- C:\Windows\System\KkpeXVN.exe
  C:\Windows\System\KkpeXVN.exe
  2⤵
  PID:6848
- C:\Windows\System\wkeiWHU.exe
  C:\Windows\System\wkeiWHU.exe
  2⤵
  PID:6920
- C:\Windows\System\AjFcSLu.exe
  C:\Windows\System\AjFcSLu.exe
  2⤵
  PID:6784
- C:\Windows\System\dQKLjMp.exe
  C:\Windows\System\dQKLjMp.exe
  2⤵
  PID:6176
- C:\Windows\System\hCfcNfu.exe
  C:\Windows\System\hCfcNfu.exe
  2⤵
  PID:7116
- C:\Windows\System\RjvMCgX.exe
  C:\Windows\System\RjvMCgX.exe
  2⤵
  PID:6528
- C:\Windows\System\dtzjKZe.exe
  C:\Windows\System\dtzjKZe.exe
  2⤵
  PID:6988
- C:\Windows\System\FWTeVwh.exe
  C:\Windows\System\FWTeVwh.exe
  2⤵
  PID:6140
- C:\Windows\System\SZweAOk.exe
  C:\Windows\System\SZweAOk.exe
  2⤵
  PID:1536
- C:\Windows\System\usFAAEm.exe
  C:\Windows\System\usFAAEm.exe
  2⤵
  PID:6172
- C:\Windows\System\jZGAulw.exe
  C:\Windows\System\jZGAulw.exe
  2⤵
  PID:6968
- C:\Windows\System\cbtgnBJ.exe
  C:\Windows\System\cbtgnBJ.exe
  2⤵
  PID:6972
- C:\Windows\System\ShstIin.exe
  C:\Windows\System\ShstIin.exe
  2⤵
  PID:5352
- C:\Windows\System\BHGhdxB.exe
  C:\Windows\System\BHGhdxB.exe
  2⤵
  PID:7096
- C:\Windows\System\wQDbXpA.exe
  C:\Windows\System\wQDbXpA.exe
  2⤵
  PID:6676
- C:\Windows\System\kKWLOEh.exe
  C:\Windows\System\kKWLOEh.exe
  2⤵
  PID:6468
- C:\Windows\System\ihmewLK.exe
  C:\Windows\System\ihmewLK.exe
  2⤵
  PID:6548
- C:\Windows\System\kfuSLHb.exe
  C:\Windows\System\kfuSLHb.exe
  2⤵
  PID:6840
- C:\Windows\System\HcJhxZX.exe
  C:\Windows\System\HcJhxZX.exe
  2⤵
  PID:6956
- C:\Windows\System\CYCWTkY.exe
  C:\Windows\System\CYCWTkY.exe
  2⤵
  PID:6772
- C:\Windows\System\bLdShLO.exe
  C:\Windows\System\bLdShLO.exe
  2⤵
  PID:7080
- C:\Windows\System\dNRqinR.exe
  C:\Windows\System\dNRqinR.exe
  2⤵
  PID:6336
- C:\Windows\System\oCPtXkv.exe
  C:\Windows\System\oCPtXkv.exe
  2⤵
  PID:6624
- C:\Windows\System\rgFcCnz.exe
  C:\Windows\System\rgFcCnz.exe
  2⤵
  PID:6216
- C:\Windows\System\WplscgR.exe
  C:\Windows\System\WplscgR.exe
  2⤵
  PID:5428
- C:\Windows\System\MvWVrSH.exe
  C:\Windows\System\MvWVrSH.exe
  2⤵
  PID:5732
- C:\Windows\System\mJfnWoA.exe
  C:\Windows\System\mJfnWoA.exe
  2⤵
  PID:6372
- C:\Windows\System\EaNeitl.exe
  C:\Windows\System\EaNeitl.exe
  2⤵
  PID:6240
- C:\Windows\System\IjrCWIw.exe
  C:\Windows\System\IjrCWIw.exe
  2⤵
  PID:6844
- C:\Windows\System\CnFXizj.exe
  C:\Windows\System\CnFXizj.exe
  2⤵
  PID:6916
- C:\Windows\System\Wqjzpbz.exe
  C:\Windows\System\Wqjzpbz.exe
  2⤵
  PID:6332
- C:\Windows\System\SLfsPPX.exe
  C:\Windows\System\SLfsPPX.exe
  2⤵
  PID:6160
- C:\Windows\System\pOZMQBs.exe
  C:\Windows\System\pOZMQBs.exe
  2⤵
  PID:7112
- C:\Windows\System\mokuZfM.exe
  C:\Windows\System\mokuZfM.exe
  2⤵
  PID:6672
- C:\Windows\System\TNjvxaU.exe
  C:\Windows\System\TNjvxaU.exe
  2⤵
  PID:6768
- C:\Windows\System\aeJpzgW.exe
  C:\Windows\System\aeJpzgW.exe
  2⤵
  PID:6936
- C:\Windows\System\BJMkUkg.exe
  C:\Windows\System\BJMkUkg.exe
  2⤵
  PID:1400
- C:\Windows\System\aQpWdQu.exe
  C:\Windows\System\aQpWdQu.exe
  2⤵
  PID:6580
- C:\Windows\System\PjrUnAC.exe
  C:\Windows\System\PjrUnAC.exe
  2⤵
  PID:7136
- C:\Windows\System\bAvdJSZ.exe
  C:\Windows\System\bAvdJSZ.exe
  2⤵
  PID:992
- C:\Windows\System\zhCxSex.exe
  C:\Windows\System\zhCxSex.exe
  2⤵
  PID:7172
- C:\Windows\System\MjsnnIO.exe
  C:\Windows\System\MjsnnIO.exe
  2⤵
  PID:7188
- C:\Windows\System\VJFOWHc.exe
  C:\Windows\System\VJFOWHc.exe
  2⤵
  PID:7208
- C:\Windows\System\qnqFHhE.exe
  C:\Windows\System\qnqFHhE.exe
  2⤵
  PID:7228
- C:\Windows\System\DJtRFln.exe
  C:\Windows\System\DJtRFln.exe
  2⤵
  PID:7276
- C:\Windows\System\EOijFsa.exe
  C:\Windows\System\EOijFsa.exe
  2⤵
  PID:7300
- C:\Windows\System\WXaQCKm.exe
  C:\Windows\System\WXaQCKm.exe
  2⤵
  PID:7316
- C:\Windows\System\dJnGFTr.exe
  C:\Windows\System\dJnGFTr.exe
  2⤵
  PID:7336
- C:\Windows\System\zQiVFNS.exe
  C:\Windows\System\zQiVFNS.exe
  2⤵
  PID:7352
- C:\Windows\System\OnHUvYL.exe
  C:\Windows\System\OnHUvYL.exe
  2⤵
  PID:7368
- C:\Windows\System\pTmwMTA.exe
  C:\Windows\System\pTmwMTA.exe
  2⤵
  PID:7388
- C:\Windows\System\kZdjHBB.exe
  C:\Windows\System\kZdjHBB.exe
  2⤵
  PID:7408
- C:\Windows\System\wSwxPPa.exe
  C:\Windows\System\wSwxPPa.exe
  2⤵
  PID:7424
- C:\Windows\System\JIYhSCe.exe
  C:\Windows\System\JIYhSCe.exe
  2⤵
  PID:7448
- C:\Windows\System\SbuYHru.exe
  C:\Windows\System\SbuYHru.exe
  2⤵
  PID:7468
- C:\Windows\System\vIAzOwy.exe
  C:\Windows\System\vIAzOwy.exe
  2⤵
  PID:7488
- C:\Windows\System\creElvt.exe
  C:\Windows\System\creElvt.exe
  2⤵
  PID:7508
- C:\Windows\System\EPbjaku.exe
  C:\Windows\System\EPbjaku.exe
  2⤵
  PID:7524
- C:\Windows\System\QOydDZd.exe
  C:\Windows\System\QOydDZd.exe
  2⤵
  PID:7540
- C:\Windows\System\qnAKsZh.exe
  C:\Windows\System\qnAKsZh.exe
  2⤵
  PID:7568
- C:\Windows\System\mSDHzQb.exe
  C:\Windows\System\mSDHzQb.exe
  2⤵
  PID:7584
- C:\Windows\System\ZrAGMFj.exe
  C:\Windows\System\ZrAGMFj.exe
  2⤵
  PID:7612
- C:\Windows\System\ghMqjqg.exe
  C:\Windows\System\ghMqjqg.exe
  2⤵
  PID:7632
- C:\Windows\System\lgWkzfg.exe
  C:\Windows\System\lgWkzfg.exe
  2⤵
  PID:7656
- C:\Windows\System\ZnTFHeS.exe
  C:\Windows\System\ZnTFHeS.exe
  2⤵
  PID:7680
- C:\Windows\System\TRhkKTt.exe
  C:\Windows\System\TRhkKTt.exe
  2⤵
  PID:7700
- C:\Windows\System\mlWpzmW.exe
  C:\Windows\System\mlWpzmW.exe
  2⤵
  PID:7720
- C:\Windows\System\dRJqfwD.exe
  C:\Windows\System\dRJqfwD.exe
  2⤵
  PID:7736
- C:\Windows\System\gmSryOD.exe
  C:\Windows\System\gmSryOD.exe
  2⤵
  PID:7756
- C:\Windows\System\bSzAwaW.exe
  C:\Windows\System\bSzAwaW.exe
  2⤵
  PID:7772
- C:\Windows\System\lqVhMqQ.exe
  C:\Windows\System\lqVhMqQ.exe
  2⤵
  PID:7792
- C:\Windows\System\xtgXgBT.exe
  C:\Windows\System\xtgXgBT.exe
  2⤵
  PID:7816
- C:\Windows\System\KxIgPVe.exe
  C:\Windows\System\KxIgPVe.exe
  2⤵
  PID:7836
- C:\Windows\System\rRMOjlf.exe
  C:\Windows\System\rRMOjlf.exe
  2⤵
  PID:7856
- C:\Windows\System\iXvdctl.exe
  C:\Windows\System\iXvdctl.exe
  2⤵
  PID:7876
- C:\Windows\System\SZCmefd.exe
  C:\Windows\System\SZCmefd.exe
  2⤵
  PID:7896
- C:\Windows\System\okcAyWd.exe
  C:\Windows\System\okcAyWd.exe
  2⤵
  PID:7920
- C:\Windows\System\PnkESdd.exe
  C:\Windows\System\PnkESdd.exe
  2⤵
  PID:7940
- C:\Windows\System\SyQfdqN.exe
  C:\Windows\System\SyQfdqN.exe
  2⤵
  PID:7964
- C:\Windows\System\xwaHMKq.exe
  C:\Windows\System\xwaHMKq.exe
  2⤵
  PID:7980
- C:\Windows\System\UgbSrDP.exe
  C:\Windows\System\UgbSrDP.exe
  2⤵
  PID:8000
- C:\Windows\System\PXmuHIh.exe
  C:\Windows\System\PXmuHIh.exe
  2⤵
  PID:8016
- C:\Windows\System\rHlkBUr.exe
  C:\Windows\System\rHlkBUr.exe
  2⤵
  PID:8036
- C:\Windows\System\ooDtZeN.exe
  C:\Windows\System\ooDtZeN.exe
  2⤵
  PID:8052
- C:\Windows\System\WepBbBh.exe
  C:\Windows\System\WepBbBh.exe
  2⤵
  PID:8072
- C:\Windows\System\HGfcpua.exe
  C:\Windows\System\HGfcpua.exe
  2⤵
  PID:8088
- C:\Windows\System\ucJzsvx.exe
  C:\Windows\System\ucJzsvx.exe
  2⤵
  PID:8104
- C:\Windows\System\dBtfsNA.exe
  C:\Windows\System\dBtfsNA.exe
  2⤵
  PID:8120
- C:\Windows\System\qOFXMmA.exe
  C:\Windows\System\qOFXMmA.exe
  2⤵
  PID:8136
- C:\Windows\System\xTWKfNT.exe
  C:\Windows\System\xTWKfNT.exe
  2⤵
  PID:8152
- C:\Windows\System\bHnWhEc.exe
  C:\Windows\System\bHnWhEc.exe
  2⤵
  PID:8168
- C:\Windows\System\vlLjKID.exe
  C:\Windows\System\vlLjKID.exe
  2⤵
  PID:8184
- C:\Windows\System\TfKZirC.exe
  C:\Windows\System\TfKZirC.exe
  2⤵
  PID:7196
- C:\Windows\System\uamdqdv.exe
  C:\Windows\System\uamdqdv.exe
  2⤵
  PID:7244
- C:\Windows\System\qCHnyer.exe
  C:\Windows\System\qCHnyer.exe
  2⤵
  PID:6244
- C:\Windows\System\TJOMnEm.exe
  C:\Windows\System\TJOMnEm.exe
  2⤵
  PID:7220
- C:\Windows\System\PzwqIBT.exe
  C:\Windows\System\PzwqIBT.exe
  2⤵
  PID:2488
- C:\Windows\System\KsuzuXV.exe
  C:\Windows\System\KsuzuXV.exe
  2⤵
  PID:6596
- C:\Windows\System\AEBOOLm.exe
  C:\Windows\System\AEBOOLm.exe
  2⤵
  PID:6904
- C:\Windows\System\czgQxFY.exe
  C:\Windows\System\czgQxFY.exe
  2⤵
  PID:7180
- C:\Windows\System\WuQlVCa.exe
  C:\Windows\System\WuQlVCa.exe
  2⤵
  PID:7084
- C:\Windows\System\XdqwLNE.exe
  C:\Windows\System\XdqwLNE.exe
  2⤵
  PID:6756
- C:\Windows\System\CnzsFPG.exe
  C:\Windows\System\CnzsFPG.exe
  2⤵
  PID:7308
- C:\Windows\System\SchTcOJ.exe
  C:\Windows\System\SchTcOJ.exe
  2⤵
  PID:7376
- C:\Windows\System\FVNcomE.exe
  C:\Windows\System\FVNcomE.exe
  2⤵
  PID:7416
- C:\Windows\System\URgfijR.exe
  C:\Windows\System\URgfijR.exe
  2⤵
  PID:7464
- C:\Windows\System\BKtLwHV.exe
  C:\Windows\System\BKtLwHV.exe
  2⤵
  PID:7504
- C:\Windows\System\gGgaTmK.exe
  C:\Windows\System\gGgaTmK.exe
  2⤵
  PID:7576
- C:\Windows\System\VfJTRNK.exe
  C:\Windows\System\VfJTRNK.exe
  2⤵
  PID:7624
- C:\Windows\System\EewKhOH.exe
  C:\Windows\System\EewKhOH.exe
  2⤵
  PID:7440
- C:\Windows\System\ZdnZbtI.exe
  C:\Windows\System\ZdnZbtI.exe
  2⤵
  PID:7400
- C:\Windows\System\eKBZRFA.exe
  C:\Windows\System\eKBZRFA.exe
  2⤵
  PID:7664
- C:\Windows\System\wlBoZoJ.exe
  C:\Windows\System\wlBoZoJ.exe
  2⤵
  PID:7480
- C:\Windows\System\JWysoaF.exe
  C:\Windows\System\JWysoaF.exe
  2⤵
  PID:7644
- C:\Windows\System\bkjtcxe.exe
  C:\Windows\System\bkjtcxe.exe
  2⤵
  PID:7596
- C:\Windows\System\UZzaEfU.exe
  C:\Windows\System\UZzaEfU.exe
  2⤵
  PID:7640
- C:\Windows\System\yqZKFWO.exe
  C:\Windows\System\yqZKFWO.exe
  2⤵
  PID:7696
- C:\Windows\System\evcWFse.exe
  C:\Windows\System\evcWFse.exe
  2⤵
  PID:7800
- C:\Windows\System\EfixDhz.exe
  C:\Windows\System\EfixDhz.exe
  2⤵
  PID:7888
- C:\Windows\System\cmNfYwF.exe
  C:\Windows\System\cmNfYwF.exe
  2⤵
  PID:7988
- C:\Windows\System\lwuFTeK.exe
  C:\Windows\System\lwuFTeK.exe
  2⤵
  PID:7972
- C:\Windows\System\DoQSNWX.exe
  C:\Windows\System\DoQSNWX.exe
  2⤵
  PID:7936
- C:\Windows\System\tEMjgJd.exe
  C:\Windows\System\tEMjgJd.exe
  2⤵
  PID:8096
- C:\Windows\System\ElAtkOK.exe
  C:\Windows\System\ElAtkOK.exe
  2⤵
  PID:8132
- C:\Windows\System\OxNRlvE.exe
  C:\Windows\System\OxNRlvE.exe
  2⤵
  PID:7252
- C:\Windows\System\eScISoI.exe
  C:\Windows\System\eScISoI.exe
  2⤵
  PID:6792
- C:\Windows\System\FOkGezJ.exe
  C:\Windows\System\FOkGezJ.exe
  2⤵
  PID:7296
- C:\Windows\System\raDcDgr.exe
  C:\Windows\System\raDcDgr.exe
  2⤵
  PID:7500
- C:\Windows\System\zawGwZH.exe
  C:\Windows\System\zawGwZH.exe
  2⤵
  PID:7396
- C:\Windows\System\fgaxQHl.exe
  C:\Windows\System\fgaxQHl.exe
  2⤵
  PID:7268
- C:\Windows\System\VBRaYmn.exe
  C:\Windows\System\VBRaYmn.exe
  2⤵
  PID:7064
- C:\Windows\System\heHXfqi.exe
  C:\Windows\System\heHXfqi.exe
  2⤵
  PID:7068
- C:\Windows\System\UUTNHyP.exe
  C:\Windows\System\UUTNHyP.exe
  2⤵
  PID:6728
- C:\Windows\System\jBWtqjz.exe
  C:\Windows\System\jBWtqjz.exe
  2⤵
  PID:7432
- C:\Windows\System\HwPEaQz.exe
  C:\Windows\System\HwPEaQz.exe
  2⤵
  PID:7604
- C:\Windows\System\SyaKejH.exe
  C:\Windows\System\SyaKejH.exe
  2⤵
  PID:7712
- C:\Windows\System\lNLgnCm.exe
  C:\Windows\System\lNLgnCm.exe
  2⤵
  PID:7708
- C:\Windows\System\MgwnpfY.exe
  C:\Windows\System\MgwnpfY.exe
  2⤵
  PID:7784
- C:\Windows\System\WjuaMGZ.exe
  C:\Windows\System\WjuaMGZ.exe
  2⤵
  PID:7872
- C:\Windows\System\friNWzL.exe
  C:\Windows\System\friNWzL.exe
  2⤵
  PID:7732
- C:\Windows\System\nGWmsGM.exe
  C:\Windows\System\nGWmsGM.exe
  2⤵
  PID:7852
- C:\Windows\System\VzZUEnw.exe
  C:\Windows\System\VzZUEnw.exe
  2⤵
  PID:7948
- C:\Windows\System\DspcgPb.exe
  C:\Windows\System\DspcgPb.exe
  2⤵
  PID:7992
- C:\Windows\System\mUQqMcq.exe
  C:\Windows\System\mUQqMcq.exe
  2⤵
  PID:8064
- C:\Windows\System\YDUPaMl.exe
  C:\Windows\System\YDUPaMl.exe
  2⤵
  PID:8008
- C:\Windows\System\XEXOhpT.exe
  C:\Windows\System\XEXOhpT.exe
  2⤵
  PID:7140
- C:\Windows\System\olTbgIg.exe
  C:\Windows\System\olTbgIg.exe
  2⤵
  PID:7288
- C:\Windows\System\pEwVTtE.exe
  C:\Windows\System\pEwVTtE.exe
  2⤵
  PID:8128
- C:\Windows\System\SXcrMuv.exe
  C:\Windows\System\SXcrMuv.exe
  2⤵
  PID:8100
- C:\Windows\System\fIcrYTl.exe
  C:\Windows\System\fIcrYTl.exe
  2⤵
  PID:7292
- C:\Windows\System\vdPShAw.exe
  C:\Windows\System\vdPShAw.exe
  2⤵
  PID:2164
- C:\Windows\System\IrbsZul.exe
  C:\Windows\System\IrbsZul.exe
  2⤵
  PID:8112
- C:\Windows\System\lrlooPV.exe
  C:\Windows\System\lrlooPV.exe
  2⤵
  PID:6860
- C:\Windows\System\PWhjxpB.exe
  C:\Windows\System\PWhjxpB.exe
  2⤵
  PID:7460
- C:\Windows\System\UUgfXof.exe
  C:\Windows\System\UUgfXof.exe
  2⤵
  PID:7548
- C:\Windows\System\UVlQPMX.exe
  C:\Windows\System\UVlQPMX.exe
  2⤵
  PID:7716
- C:\Windows\System\qxXkBXj.exe
  C:\Windows\System\qxXkBXj.exe
  2⤵
  PID:7780
- C:\Windows\System\VVusSdV.exe
  C:\Windows\System\VVusSdV.exe
  2⤵
  PID:7848
- C:\Windows\System\lnvnjwh.exe
  C:\Windows\System\lnvnjwh.exe
  2⤵
  PID:7960
- C:\Windows\System\OimQNRJ.exe
  C:\Windows\System\OimQNRJ.exe
  2⤵
  PID:8176
- C:\Windows\System\UcbJZbb.exe
  C:\Windows\System\UcbJZbb.exe
  2⤵
  PID:7272
- C:\Windows\System\fyakuPW.exe
  C:\Windows\System\fyakuPW.exe
  2⤵
  PID:7652
- C:\Windows\System\BlFdGNc.exe
  C:\Windows\System\BlFdGNc.exe
  2⤵
  PID:7748
- C:\Windows\System\dxCVgsV.exe
  C:\Windows\System\dxCVgsV.exe
  2⤵
  PID:7832
- C:\Windows\System\INSQcLJ.exe
  C:\Windows\System\INSQcLJ.exe
  2⤵
  PID:7752
- C:\Windows\System\yHcUOsv.exe
  C:\Windows\System\yHcUOsv.exe
  2⤵
  PID:8024
- C:\Windows\System\IiTJzxk.exe
  C:\Windows\System\IiTJzxk.exe
  2⤵
  PID:7928
- C:\Windows\System\BGYhRpX.exe
  C:\Windows\System\BGYhRpX.exe
  2⤵
  PID:7932
- C:\Windows\System\tpEMCww.exe
  C:\Windows\System\tpEMCww.exe
  2⤵
  PID:8028
- C:\Windows\System\wxpuDXU.exe
  C:\Windows\System\wxpuDXU.exe
  2⤵
  PID:7908
- C:\Windows\System\CZmTdUC.exe
  C:\Windows\System\CZmTdUC.exe
  2⤵
  PID:8160
- C:\Windows\System\sWqIPFX.exe
  C:\Windows\System\sWqIPFX.exe
  2⤵
  PID:8048
- C:\Windows\System\cMOwoRU.exe
  C:\Windows\System\cMOwoRU.exe
  2⤵
  PID:7556
- C:\Windows\System\iyFPhdP.exe
  C:\Windows\System\iyFPhdP.exe
  2⤵
  PID:8204
- C:\Windows\System\XfszEmD.exe
  C:\Windows\System\XfszEmD.exe
  2⤵
  PID:8220
- C:\Windows\System\kFKEfHM.exe
  C:\Windows\System\kFKEfHM.exe
  2⤵
  PID:8240
- C:\Windows\System\oukLlIa.exe
  C:\Windows\System\oukLlIa.exe
  2⤵
  PID:8256
- C:\Windows\System\AiiYHHT.exe
  C:\Windows\System\AiiYHHT.exe
  2⤵
  PID:8272
- C:\Windows\System\TmSxiyY.exe
  C:\Windows\System\TmSxiyY.exe
  2⤵
  PID:8324
- C:\Windows\System\bVsOJEv.exe
  C:\Windows\System\bVsOJEv.exe
  2⤵
  PID:8340
- C:\Windows\System\UxUdxlr.exe
  C:\Windows\System\UxUdxlr.exe
  2⤵
  PID:8356
- C:\Windows\System\qHPENEP.exe
  C:\Windows\System\qHPENEP.exe
  2⤵
  PID:8376
- C:\Windows\System\MKmOFZZ.exe
  C:\Windows\System\MKmOFZZ.exe
  2⤵
  PID:8392
- C:\Windows\System\tdcCkEk.exe
  C:\Windows\System\tdcCkEk.exe
  2⤵
  PID:8408
- C:\Windows\System\FoNupoY.exe
  C:\Windows\System\FoNupoY.exe
  2⤵
  PID:8428
- C:\Windows\System\bgPxbXD.exe
  C:\Windows\System\bgPxbXD.exe
  2⤵
  PID:8444
- C:\Windows\System\bzAkzEw.exe
  C:\Windows\System\bzAkzEw.exe
  2⤵
  PID:8460
- C:\Windows\System\MDchKiF.exe
  C:\Windows\System\MDchKiF.exe
  2⤵
  PID:8476
- C:\Windows\System\hOxbxah.exe
  C:\Windows\System\hOxbxah.exe
  2⤵
  PID:8492
- C:\Windows\System\etYwQET.exe
  C:\Windows\System\etYwQET.exe
  2⤵
  PID:8512
- C:\Windows\System\tXwzxND.exe
  C:\Windows\System\tXwzxND.exe
  2⤵
  PID:8528
- C:\Windows\System\JtasHZy.exe
  C:\Windows\System\JtasHZy.exe
  2⤵
  PID:8544
- C:\Windows\System\sNpMZSD.exe
  C:\Windows\System\sNpMZSD.exe
  2⤵
  PID:8564
- C:\Windows\System\UlNBpfO.exe
  C:\Windows\System\UlNBpfO.exe
  2⤵
  PID:8588
- C:\Windows\System\kbdafxD.exe
  C:\Windows\System\kbdafxD.exe
  2⤵
  PID:8608
- C:\Windows\System\TLRMMqw.exe
  C:\Windows\System\TLRMMqw.exe
  2⤵
  PID:8624
- C:\Windows\System\MIlKuRr.exe
  C:\Windows\System\MIlKuRr.exe
  2⤵
  PID:8644
- C:\Windows\System\phCfJJF.exe
  C:\Windows\System\phCfJJF.exe
  2⤵
  PID:8708
- C:\Windows\System\otQYYJD.exe
  C:\Windows\System\otQYYJD.exe
  2⤵
  PID:8724
- C:\Windows\System\PNjVfBY.exe
  C:\Windows\System\PNjVfBY.exe
  2⤵
  PID:8744
- C:\Windows\System\jZBlctz.exe
  C:\Windows\System\jZBlctz.exe
  2⤵
  PID:8768
- C:\Windows\System\etDjZgQ.exe
  C:\Windows\System\etDjZgQ.exe
  2⤵
  PID:8784
- C:\Windows\System\LtmyqiK.exe
  C:\Windows\System\LtmyqiK.exe
  2⤵
  PID:8800
- C:\Windows\System\SJlVWRS.exe
  C:\Windows\System\SJlVWRS.exe
  2⤵
  PID:8816
- C:\Windows\System\aVOuEyR.exe
  C:\Windows\System\aVOuEyR.exe
  2⤵
  PID:8832
- C:\Windows\System\wjiFOEw.exe
  C:\Windows\System\wjiFOEw.exe
  2⤵
  PID:8848
- C:\Windows\System\GaqCfdz.exe
  C:\Windows\System\GaqCfdz.exe
  2⤵
  PID:8864
- C:\Windows\System\sGXoLSp.exe
  C:\Windows\System\sGXoLSp.exe
  2⤵
  PID:8888
- C:\Windows\System\PjZdHYx.exe
  C:\Windows\System\PjZdHYx.exe
  2⤵
  PID:8904
- C:\Windows\System\PcWBKTk.exe
  C:\Windows\System\PcWBKTk.exe
  2⤵
  PID:8924
- C:\Windows\System\icnwWXM.exe
  C:\Windows\System\icnwWXM.exe
  2⤵
  PID:8940
- C:\Windows\System\FkBdLTF.exe
  C:\Windows\System\FkBdLTF.exe
  2⤵
  PID:8972
- C:\Windows\System\aPMAwUN.exe
  C:\Windows\System\aPMAwUN.exe
  2⤵
  PID:8996
- C:\Windows\System\LhdfomF.exe
  C:\Windows\System\LhdfomF.exe
  2⤵
  PID:9016
- C:\Windows\System\WrsSHTN.exe
  C:\Windows\System\WrsSHTN.exe
  2⤵
  PID:9044
- C:\Windows\System\YYPFggF.exe
  C:\Windows\System\YYPFggF.exe
  2⤵
  PID:9064
- C:\Windows\System\igAOkdA.exe
  C:\Windows\System\igAOkdA.exe
  2⤵
  PID:9080
- C:\Windows\System\FiczrFg.exe
  C:\Windows\System\FiczrFg.exe
  2⤵
  PID:9108
- C:\Windows\System\yuGIfTL.exe
  C:\Windows\System\yuGIfTL.exe
  2⤵
  PID:9124
- C:\Windows\System\YhrLRzV.exe
  C:\Windows\System\YhrLRzV.exe
  2⤵
  PID:9148
- C:\Windows\System\fBVlbWf.exe
  C:\Windows\System\fBVlbWf.exe
  2⤵
  PID:9168
- C:\Windows\System\CJGICfR.exe
  C:\Windows\System\CJGICfR.exe
  2⤵
  PID:9184
- C:\Windows\System\esbBMAI.exe
  C:\Windows\System\esbBMAI.exe
  2⤵
  PID:9204
- C:\Windows\System\FYbHyiM.exe
  C:\Windows\System\FYbHyiM.exe
  2⤵
  PID:7536
- C:\Windows\System\QVmprby.exe
  C:\Windows\System\QVmprby.exe
  2⤵
  PID:7692
- C:\Windows\System\oKXoIoK.exe
  C:\Windows\System\oKXoIoK.exe
  2⤵
  PID:8280
- C:\Windows\System\bweiwGu.exe
  C:\Windows\System\bweiwGu.exe
  2⤵
  PID:8296
- C:\Windows\System\saoTIhz.exe
  C:\Windows\System\saoTIhz.exe
  2⤵
  PID:8060
- C:\Windows\System\HOpbLFv.exe
  C:\Windows\System\HOpbLFv.exe
  2⤵
  PID:7668
- C:\Windows\System\YAQYtCY.exe
  C:\Windows\System\YAQYtCY.exe
  2⤵
  PID:8308
- C:\Windows\System\omiwuoP.exe
  C:\Windows\System\omiwuoP.exe
  2⤵
  PID:8312
- C:\Windows\System\BylFVlW.exe
  C:\Windows\System\BylFVlW.exe
  2⤵
  PID:8388
- C:\Windows\System\EhrpNkb.exe
  C:\Windows\System\EhrpNkb.exe
  2⤵
  PID:8456
- C:\Windows\System\crZEnbO.exe
  C:\Windows\System\crZEnbO.exe
  2⤵
  PID:8552
- C:\Windows\System\jSdTVRO.exe
  C:\Windows\System\jSdTVRO.exe
  2⤵
  PID:8604
- C:\Windows\System\KqkqYqF.exe
  C:\Windows\System\KqkqYqF.exe
  2⤵
  PID:8508
- C:\Windows\System\vWcsllx.exe
  C:\Windows\System\vWcsllx.exe
  2⤵
  PID:8500
- C:\Windows\System\fOlZdbU.exe
  C:\Windows\System\fOlZdbU.exe
  2⤵
  PID:8368
- C:\Windows\System\ExAuaOw.exe
  C:\Windows\System\ExAuaOw.exe
  2⤵
  PID:8440
- C:\Windows\System\mKgNzNL.exe
  C:\Windows\System\mKgNzNL.exe
  2⤵
  PID:8572
- C:\Windows\System\SkXshTl.exe
  C:\Windows\System\SkXshTl.exe
  2⤵
  PID:8616
- C:\Windows\System\NVwWtVE.exe
  C:\Windows\System\NVwWtVE.exe
  2⤵
  PID:8664
- C:\Windows\System\rjWYXEq.exe
  C:\Windows\System\rjWYXEq.exe
  2⤵
  PID:8684
- C:\Windows\System\gRRzaDp.exe
  C:\Windows\System\gRRzaDp.exe
  2⤵
  PID:7812
- C:\Windows\System\mBRMcJu.exe
  C:\Windows\System\mBRMcJu.exe
  2⤵
  PID:8736
- C:\Windows\System\tSCXueP.exe
  C:\Windows\System\tSCXueP.exe
  2⤵
  PID:8760
- C:\Windows\System\bGRRLLA.exe
  C:\Windows\System\bGRRLLA.exe
  2⤵
  PID:8792
- C:\Windows\System\vzYBevi.exe
  C:\Windows\System\vzYBevi.exe
  2⤵
  PID:8856
- C:\Windows\System\EadtoDX.exe
  C:\Windows\System\EadtoDX.exe
  2⤵
  PID:8780
- C:\Windows\System\sdgzsRM.exe
  C:\Windows\System\sdgzsRM.exe
  2⤵
  PID:8844
- C:\Windows\System\tpyoIIX.exe
  C:\Windows\System\tpyoIIX.exe
  2⤵
  PID:8884
- C:\Windows\System\ABjeokG.exe
  C:\Windows\System\ABjeokG.exe
  2⤵
  PID:8948
- C:\Windows\System\atWpAay.exe
  C:\Windows\System\atWpAay.exe
  2⤵
  PID:8964
- C:\Windows\System\ZEjpzwL.exe
  C:\Windows\System\ZEjpzwL.exe
  2⤵
  PID:8984
- C:\Windows\System\DwkhJST.exe
  C:\Windows\System\DwkhJST.exe
  2⤵
  PID:9024
- C:\Windows\System\YPSKxSI.exe
  C:\Windows\System\YPSKxSI.exe
  2⤵
  PID:9028
- C:\Windows\System\LYuOvho.exe
  C:\Windows\System\LYuOvho.exe
  2⤵
  PID:9072
- C:\Windows\System\KIFsJES.exe
  C:\Windows\System\KIFsJES.exe
  2⤵
  PID:9116
- C:\Windows\System\FjDJtBX.exe
  C:\Windows\System\FjDJtBX.exe
  2⤵
  PID:9164
- C:\Windows\System\wMXPWAu.exe
  C:\Windows\System\wMXPWAu.exe
  2⤵
  PID:7564
- C:\Windows\System\MmdmjlP.exe
  C:\Windows\System\MmdmjlP.exe
  2⤵
  PID:9100
- C:\Windows\System\LcgHRyM.exe
  C:\Windows\System\LcgHRyM.exe
  2⤵
  PID:8268
- C:\Windows\System\UbJpoch.exe
  C:\Windows\System\UbJpoch.exe
  2⤵
  PID:8424
- C:\Windows\System\NaEDemA.exe
  C:\Windows\System\NaEDemA.exe
  2⤵
  PID:8252
- C:\Windows\System\rFoSluy.exe
  C:\Windows\System\rFoSluy.exe
  2⤵
  PID:8304
- C:\Windows\System\FULfRiB.exe
  C:\Windows\System\FULfRiB.exe
  2⤵
  PID:9136
- C:\Windows\System\VZgNfbm.exe
  C:\Windows\System\VZgNfbm.exe
  2⤵
  PID:8880
- C:\Windows\System\UHBjrpb.exe
  C:\Windows\System\UHBjrpb.exe
  2⤵
  PID:9156
- C:\Windows\System\NPEKPrT.exe
  C:\Windows\System\NPEKPrT.exe
  2⤵
  PID:8420
- C:\Windows\System\jHOzRKC.exe
  C:\Windows\System\jHOzRKC.exe
  2⤵
  PID:8740
- C:\Windows\System\RQWmnBN.exe
  C:\Windows\System\RQWmnBN.exe
  2⤵
  PID:8952
- C:\Windows\System\SvMldgZ.exe
  C:\Windows\System\SvMldgZ.exe
  2⤵
  PID:9056
- C:\Windows\System\ZeGEEVv.exe
  C:\Windows\System\ZeGEEVv.exe
  2⤵
  PID:8300
- C:\Windows\System\fRLTRwZ.exe
  C:\Windows\System\fRLTRwZ.exe
  2⤵
  PID:8828
- C:\Windows\System\UaghebP.exe
  C:\Windows\System\UaghebP.exe
  2⤵
  PID:9200
- C:\Windows\System\vYCXHjn.exe
  C:\Windows\System\vYCXHjn.exe
  2⤵
  PID:7744
- C:\Windows\System\PhNoaZD.exe
  C:\Windows\System\PhNoaZD.exe
  2⤵
  PID:9176
- C:\Windows\System\JLWZJbQ.exe
  C:\Windows\System\JLWZJbQ.exe
  2⤵
  PID:8236
- C:\Windows\System\NJNXRBT.exe
  C:\Windows\System\NJNXRBT.exe
  2⤵
  PID:8584
- C:\Windows\System\YPQFOuB.exe
  C:\Windows\System\YPQFOuB.exe
  2⤵
  PID:8636
- C:\Windows\System\WBvpWCB.exe
  C:\Windows\System\WBvpWCB.exe
  2⤵
  PID:8680
- C:\Windows\System\kdOvTQO.exe
  C:\Windows\System\kdOvTQO.exe
  2⤵
  PID:8876
- C:\Windows\System\xTyUyTJ.exe
  C:\Windows\System\xTyUyTJ.exe
  2⤵
  PID:9004
- C:\Windows\System\XRYrDkY.exe
  C:\Windows\System\XRYrDkY.exe
  2⤵
  PID:7828
- C:\Windows\System\LzlGQtg.exe
  C:\Windows\System\LzlGQtg.exe
  2⤵
  PID:8824
- C:\Windows\System\bgVeDHK.exe
  C:\Windows\System\bgVeDHK.exe
  2⤵
  PID:8404
- C:\Windows\System\eVGfOVx.exe
  C:\Windows\System\eVGfOVx.exe
  2⤵
  PID:8400
- C:\Windows\System\whuhxXu.exe
  C:\Windows\System\whuhxXu.exe
  2⤵
  PID:8352
- C:\Windows\System\jvgXpdW.exe
  C:\Windows\System\jvgXpdW.exe
  2⤵
  PID:8384
- C:\Windows\System\KkyGZUi.exe
  C:\Windows\System\KkyGZUi.exe
  2⤵
  PID:8536
- C:\Windows\System\RtYaZwk.exe
  C:\Windows\System\RtYaZwk.exe
  2⤵
  PID:8540
- C:\Windows\System\GnmuUdW.exe
  C:\Windows\System\GnmuUdW.exe
  2⤵
  PID:9096
- C:\Windows\System\OVqpEeo.exe
  C:\Windows\System\OVqpEeo.exe
  2⤵
  PID:8756
- C:\Windows\System\JqReRRK.exe
  C:\Windows\System\JqReRRK.exe
  2⤵
  PID:8656
- C:\Windows\System\PiJMdWk.exe
  C:\Windows\System\PiJMdWk.exe
  2⤵
  PID:8600
- C:\Windows\System\pMEdvBc.exe
  C:\Windows\System\pMEdvBc.exe
  2⤵
  PID:8980
- C:\Windows\System\lZlYEKu.exe
  C:\Windows\System\lZlYEKu.exe
  2⤵
  PID:8336
- C:\Windows\System\Rbmpeis.exe
  C:\Windows\System\Rbmpeis.exe
  2⤵
  PID:8520
- C:\Windows\System\xJCaYWF.exe
  C:\Windows\System\xJCaYWF.exe
  2⤵
  PID:9220
- C:\Windows\System\vCJDxpE.exe
  C:\Windows\System\vCJDxpE.exe
  2⤵
  PID:9240
- C:\Windows\System\jbxkFae.exe
  C:\Windows\System\jbxkFae.exe
  2⤵
  PID:9256
- C:\Windows\System\TPdvnCS.exe
  C:\Windows\System\TPdvnCS.exe
  2⤵
  PID:9316
- C:\Windows\System\IXsiwby.exe
  C:\Windows\System\IXsiwby.exe
  2⤵
  PID:9332
- C:\Windows\System\RNTeCPa.exe
  C:\Windows\System\RNTeCPa.exe
  2⤵
  PID:9352
- C:\Windows\System\TNVNSrx.exe
  C:\Windows\System\TNVNSrx.exe
  2⤵
  PID:9368
- C:\Windows\System\GqPQKKs.exe
  C:\Windows\System\GqPQKKs.exe
  2⤵
  PID:9392
- C:\Windows\System\vmgjbxM.exe
  C:\Windows\System\vmgjbxM.exe
  2⤵
  PID:9412
- C:\Windows\System\oKhCsjw.exe
  C:\Windows\System\oKhCsjw.exe
  2⤵
  PID:9428
- C:\Windows\System\msrBWFy.exe
  C:\Windows\System\msrBWFy.exe
  2⤵
  PID:9448
- C:\Windows\System\CGcffCc.exe
  C:\Windows\System\CGcffCc.exe
  2⤵
  PID:9484
- C:\Windows\System\gmgRecu.exe
  C:\Windows\System\gmgRecu.exe
  2⤵
  PID:9500
- C:\Windows\System\iTSKUDQ.exe
  C:\Windows\System\iTSKUDQ.exe
  2⤵
  PID:9520
- C:\Windows\System\xTgsQhc.exe
  C:\Windows\System\xTgsQhc.exe
  2⤵
  PID:9536
- C:\Windows\System\BheHjTL.exe
  C:\Windows\System\BheHjTL.exe
  2⤵
  PID:9552
- C:\Windows\System\ExRwcAC.exe
  C:\Windows\System\ExRwcAC.exe
  2⤵
  PID:9568
- C:\Windows\System\VbicKPA.exe
  C:\Windows\System\VbicKPA.exe
  2⤵
  PID:9584
- C:\Windows\System\PvURCZS.exe
  C:\Windows\System\PvURCZS.exe
  2⤵
  PID:9600
- C:\Windows\System\PIurOVV.exe
  C:\Windows\System\PIurOVV.exe
  2⤵
  PID:9616
- C:\Windows\System\AVjIhNN.exe
  C:\Windows\System\AVjIhNN.exe
  2⤵
  PID:9632
- C:\Windows\System\YrAAezG.exe
  C:\Windows\System\YrAAezG.exe
  2⤵
  PID:9648
- C:\Windows\System\QgOWhGf.exe
  C:\Windows\System\QgOWhGf.exe
  2⤵
  PID:9712
- C:\Windows\System\wRiinxp.exe
  C:\Windows\System\wRiinxp.exe
  2⤵
  PID:9728
- C:\Windows\System\xSWHxQi.exe
  C:\Windows\System\xSWHxQi.exe
  2⤵
  PID:9744
- C:\Windows\System\TigGYIr.exe
  C:\Windows\System\TigGYIr.exe
  2⤵
  PID:9760
- C:\Windows\System\iqnqYZa.exe
  C:\Windows\System\iqnqYZa.exe
  2⤵
  PID:9776
- C:\Windows\System\DozPVUy.exe
  C:\Windows\System\DozPVUy.exe
  2⤵
  PID:9792
- C:\Windows\System\WBGzzsB.exe
  C:\Windows\System\WBGzzsB.exe
  2⤵
  PID:9816
- C:\Windows\System\ANQdoAs.exe
  C:\Windows\System\ANQdoAs.exe
  2⤵
  PID:9836
- C:\Windows\System\etNlSxX.exe
  C:\Windows\System\etNlSxX.exe
  2⤵
  PID:9852
- C:\Windows\System\MVFRXMM.exe
  C:\Windows\System\MVFRXMM.exe
  2⤵
  PID:9872
- C:\Windows\System\nrDQPst.exe
  C:\Windows\System\nrDQPst.exe
  2⤵
  PID:9888
- C:\Windows\System\MtIxNTt.exe
  C:\Windows\System\MtIxNTt.exe
  2⤵
  PID:9908
- C:\Windows\System\ljTRcfk.exe
  C:\Windows\System\ljTRcfk.exe
  2⤵
  PID:9924
- C:\Windows\System\oIKSZPF.exe
  C:\Windows\System\oIKSZPF.exe
  2⤵
  PID:9940
- C:\Windows\System\NWiuQHY.exe
  C:\Windows\System\NWiuQHY.exe
  2⤵
  PID:9964
- C:\Windows\System\pxCByeo.exe
  C:\Windows\System\pxCByeo.exe
  2⤵
  PID:9984
- C:\Windows\System\BRuUxpi.exe
  C:\Windows\System\BRuUxpi.exe
  2⤵
  PID:10012
- C:\Windows\System\wVJQbOt.exe
  C:\Windows\System\wVJQbOt.exe
  2⤵
  PID:10028
- C:\Windows\System\bifxJrz.exe
  C:\Windows\System\bifxJrz.exe
  2⤵
  PID:10056
- C:\Windows\System\IVOWDpP.exe
  C:\Windows\System\IVOWDpP.exe
  2⤵
  PID:10072
- C:\Windows\System\lgkDfXM.exe
  C:\Windows\System\lgkDfXM.exe
  2⤵
  PID:10088
- C:\Windows\System\VYSIXuP.exe
  C:\Windows\System\VYSIXuP.exe
  2⤵
  PID:10108
- C:\Windows\System\iDWqwEr.exe
  C:\Windows\System\iDWqwEr.exe
  2⤵
  PID:10124
- C:\Windows\System\ZTfIngF.exe
  C:\Windows\System\ZTfIngF.exe
  2⤵
  PID:10144
- C:\Windows\System\Imihctj.exe
  C:\Windows\System\Imihctj.exe
  2⤵
  PID:10164
- C:\Windows\System\nqlZZcI.exe
  C:\Windows\System\nqlZZcI.exe
  2⤵
  PID:10180
- C:\Windows\System\YmMXIDM.exe
  C:\Windows\System\YmMXIDM.exe
  2⤵
  PID:10200
- C:\Windows\System\IOZbKTh.exe
  C:\Windows\System\IOZbKTh.exe
  2⤵
  PID:10236
- C:\Windows\System\dAryHpc.exe
  C:\Windows\System\dAryHpc.exe
  2⤵
  PID:9252
- C:\Windows\System\xDQtltR.exe
  C:\Windows\System\xDQtltR.exe
  2⤵
  PID:9032
- C:\Windows\System\sOxPpVo.exe
  C:\Windows\System\sOxPpVo.exe
  2⤵
  PID:9236
- C:\Windows\System\ZczCPAM.exe
  C:\Windows\System\ZczCPAM.exe
  2⤵
  PID:9228
- C:\Windows\System\YImVcRP.exe
  C:\Windows\System\YImVcRP.exe
  2⤵
  PID:9040
- C:\Windows\System\MQiIdNt.exe
  C:\Windows\System\MQiIdNt.exe
  2⤵
  PID:9296
- C:\Windows\System\UpBSgyl.exe
  C:\Windows\System\UpBSgyl.exe
  2⤵
  PID:9312
- C:\Windows\System\XhzPEaI.exe
  C:\Windows\System\XhzPEaI.exe
  2⤵
  PID:9364
- C:\Windows\System\FapyPUd.exe
  C:\Windows\System\FapyPUd.exe
  2⤵
  PID:9408
- C:\Windows\System\AXhRqPv.exe
  C:\Windows\System\AXhRqPv.exe
  2⤵
  PID:9468
- C:\Windows\System\FaYMSaX.exe
  C:\Windows\System\FaYMSaX.exe
  2⤵
  PID:9496
- C:\Windows\System\etoHJRZ.exe
  C:\Windows\System\etoHJRZ.exe
  2⤵
  PID:9516
- C:\Windows\System\JJiTErc.exe
  C:\Windows\System\JJiTErc.exe
  2⤵
  PID:9608
- C:\Windows\System\jGYNzCy.exe
  C:\Windows\System\jGYNzCy.exe
  2⤵
  PID:9640
- C:\Windows\System\DfIHZvx.exe
  C:\Windows\System\DfIHZvx.exe
  2⤵
  PID:9656
- C:\Windows\System\fGSgDHa.exe
  C:\Windows\System\fGSgDHa.exe
  2⤵
  PID:9684
- C:\Windows\System\EuXOQOj.exe
  C:\Windows\System\EuXOQOj.exe
  2⤵
  PID:9696
- C:\Windows\System\NndnZcK.exe
  C:\Windows\System\NndnZcK.exe
  2⤵
  PID:9724
- C:\Windows\System\WVgXjmi.exe
  C:\Windows\System\WVgXjmi.exe
  2⤵
  PID:9800
- C:\Windows\System\oPQWYVd.exe
  C:\Windows\System\oPQWYVd.exe
  2⤵
  PID:9812
- C:\Windows\System\PzjcYCb.exe
  C:\Windows\System\PzjcYCb.exe
  2⤵
  PID:9920
- C:\Windows\System\vUAVxsx.exe
  C:\Windows\System\vUAVxsx.exe
  2⤵
  PID:9960
- C:\Windows\System\srQEVzB.exe
  C:\Windows\System\srQEVzB.exe
  2⤵
  PID:9752
- C:\Windows\System\OCBNveN.exe
  C:\Windows\System\OCBNveN.exe
  2⤵
  PID:9936
- C:\Windows\System\SFjOuIF.exe
  C:\Windows\System\SFjOuIF.exe
  2⤵
  PID:9824
- C:\Windows\System\SWrstoe.exe
  C:\Windows\System\SWrstoe.exe
  2⤵
  PID:9976
- C:\Windows\System\weiKtCl.exe
  C:\Windows\System\weiKtCl.exe
  2⤵
  PID:10048
- C:\Windows\System\BtezXvJ.exe
  C:\Windows\System\BtezXvJ.exe
  2⤵
  PID:10068
- C:\Windows\System\VIupQZH.exe
  C:\Windows\System\VIupQZH.exe
  2⤵
  PID:10160
- C:\Windows\System\jLCDNlD.exe
  C:\Windows\System\jLCDNlD.exe
  2⤵
  PID:10196
- C:\Windows\System\wrBmHII.exe
  C:\Windows\System\wrBmHII.exe
  2⤵
  PID:10100
- C:\Windows\System\yBRQtlz.exe
  C:\Windows\System\yBRQtlz.exe
  2⤵
  PID:9180
- C:\Windows\System\xOpMGJJ.exe
  C:\Windows\System\xOpMGJJ.exe
  2⤵
  PID:10172
- C:\Windows\System\yTdKeAt.exe
  C:\Windows\System\yTdKeAt.exe
  2⤵
  PID:10212
- C:\Windows\System\sWZlWGh.exe
  C:\Windows\System\sWZlWGh.exe
  2⤵
  PID:8916
- C:\Windows\System\pBksVwo.exe
  C:\Windows\System\pBksVwo.exe
  2⤵
  PID:9280
- C:\Windows\System\hbZUcOr.exe
  C:\Windows\System\hbZUcOr.exe
  2⤵
  PID:9304
- C:\Windows\System\OVuQQpZ.exe
  C:\Windows\System\OVuQQpZ.exe
  2⤵
  PID:9384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BpvYWwR.exe

Filesize
3.0MB

MD5
22b821f44b852bc0190b05c059b38615

SHA1
99505ae2e2fa4539d7b42ed6cf57d68e507a9dd0

SHA256
84dfbe9d28109c9585368f260fb1ec27aa5eb7cb9128e07b9e218500a0a05aa3

SHA512
25615215dc9f11848055dc76b52137e769ecd989ecd86a39016d397e7dbd2022e2abb0a10341a47d164db56a23d4be069dd267af0d812efce189a76c0beed446

Download Submit
C:\Windows\system\FCfOJYA.exe

Filesize
3.0MB

MD5
e3d6d407516e07006589e2792edaba0e

SHA1
bda1327aea2ebe2568b988813c886a8fa37b2366

SHA256
7307676001b522a1fc78d9defc2a90e0cfb8fca245190e42ea6c33e247bf63f7

SHA512
284ec07080039075ec2f8853b2420d33e9ca6bb562d2002e449c9f0b2f89068882a94f16ff6ec76e7baaba68e45b1a3e7ff98dbf2d9a881552794d97a6c50011

Download Submit
C:\Windows\system\GnGDhkX.exe

Filesize
3.0MB

MD5
62acbbf393f5f20eaab8df0fcbb8fcf1

SHA1
365eb36daa89bb276a901d37424e28c128ede3e8

SHA256
fac405d7e37dfd989bf7f05efdf913085300e35fc8427a3ce9f4b81e6a7d21a9

SHA512
dd301f53339e61ee991a1b3c3e5e7b559e7e9e52b1e501290093a2c695f59c6b750f0c057b7b113dac15c308be47f81e9fea804b8bdad86c261ceec03c3f6a36

Download Submit
C:\Windows\system\LNEnrfE.exe

Filesize
3.0MB

MD5
f908ca518db661ec8b0daa6cb793e76d

SHA1
6300aee7fb3d83cdad091634f1d62cba7eccfdc5

SHA256
a2bb69346b96ba632e2c75e29e7b8f3dd823c7cbaac905d58c32b3c716271455

SHA512
5f17a063e3ea33490895dd00ed8587c86de1ca974f335b93177d58aad390aa2a6b24f1c3eede5f6229265c89a6f78af3b7565cbadae48817384442a34ece5c1f

Download Submit
C:\Windows\system\MjwXxUo.exe

Filesize
3.0MB

MD5
97674ebe027f5d4ff2a86e4195147187

SHA1
45da11b0db961d658879774614b3fd6ea0dfd42a

SHA256
09a4e7f832cca03948102ce9169b9fcff4418f97edfcf190f5d5115c5d6e1772

SHA512
a7f5a3752c85ce50e563b3928b9906683864abedb18b7e9a172765fa968a412da4d941548487b1ac52cbdd5403ff18a518f9ac04c7fd17c16c1f09014122dccb

Download Submit
C:\Windows\system\NOPATWP.exe

Filesize
3.0MB

MD5
db7a137141ce8b0883c662f7ec47efc5

SHA1
b190d11e4798ed3dcb867b87a78dd95caf4d3c38

SHA256
06989180656f6b9f3cecc947880cca003d794d5c7636a1a107c5afa33a1b742e

SHA512
fc444577a666e564e90ec6bb1a1783db5abb00aa22f0bae833073dc5d3bd701f359f53b7ab7cf5dc1fe1e4010cc71792ce3c276d90ea9c4a4c907cfa54122281

Download Submit
C:\Windows\system\RKfXkhE.exe

Filesize
3.0MB

MD5
2658d8f4d9841b2618785b3aef87023a

SHA1
fd5378af8917d07a1a694947f7dbb34876813d86

SHA256
72de4f2baf837fe94f8d9c1b7185761462cebdfb10a10c17f4075bb4bc4507e3

SHA512
989a90b83041ea781e1417c1862c7dcaa205befacdac9707d0b87e7426568a93e86a94c3e1d8f67a02ab18c39c7f77e227d02de7df4c65667d8f660ae30805f3

Download Submit
C:\Windows\system\UPJBgwH.exe

Filesize
3.0MB

MD5
f759cb0fbd0f92bf8a53ff60ca1aaf84

SHA1
683ec1f4db9868aeb715b551db8814c2a636c9c5

SHA256
5dc9e32aabba1626b578620dc76dcecc80968b8b3470b4560b2aef05d1d0079d

SHA512
bc445de1165d4911e59f8486f9b3d8dea1fbee180bede6fdb654a8d7ac16bb663f364e2019edb90549cf85a57836d953f10a00ad486ea96a74fa00e67161a601

Download Submit
C:\Windows\system\ZVJkPqA.exe

Filesize
3.0MB

MD5
d988ceb28fe54da1bf5d443cd49aef4f

SHA1
f485aa5d8837d184fdf66659b54facdfd355e8bc

SHA256
55c988356fae2ac349099fbe22c37e82c65f9aff15eda1e0c8fb516c2767f5d4

SHA512
80a6b8f25a4b468a9dca942c53e40d91d8fa293ba09d9b0d7e8db54991fc5bd980350b4539850e5cf338dcae1c5e95a3fef37236590ac48f893bac659a3c49b7

Download Submit
C:\Windows\system\ZoAQMme.exe

Filesize
3.0MB

MD5
d51cd63325d716b8519c199e91906bd4

SHA1
d86841b483c1ce2e719a50dce41d72b04f4fca02

SHA256
bbb53bea3bcade97dad09f57c0cb16cb714ec40d033614c52a830dc3b118d10e

SHA512
d0c5c1ff5f2ddb7d451f3927f72f995e841a4118b30d48d4695ab1b819cda6fca7ab7558784da4aeb5b5900548a6a551bec2563d9fffdbfc21e0bb66133fee8c

Download Submit
C:\Windows\system\bbsfxuq.exe

Filesize
3.0MB

MD5
8fc37ed69206571ed509fd67bc62d194

SHA1
d88414e3bc98f009497dbf572b6306b2af8b06c9

SHA256
25b9b6167b96487942d730ac4ad9e236a1a4c1b94a2b4e46d9498ba070f4780e

SHA512
7adcbda8f605bfffda803dd3837c38c1da5433a97c35e098ed7de5d3c9246a348c6f6ce038585708a2542cbab865dc4d0b80b579ec90e5314fc6baedd238cf57

Download Submit
C:\Windows\system\cyqvlzJ.exe

Filesize
3.0MB

MD5
6a60b9ffe2e398aa5e2d4ca89f919782

SHA1
81649f8ba90c0d1a4431a7b527c01df540526fb6

SHA256
3c6887d556371ffdf4068548d5a3d8daba79993a9c691d703d699048ec209c00

SHA512
a1bc440129ce556f287b4f297ff4d739d01d691b995fb1d50af696291cc820416b9a34873099eea3cee4a8949279e4e10c72ef00e9a2cb24e1b916a95fbb092a

Download Submit
C:\Windows\system\dfkDzqP.exe

Filesize
3.0MB

MD5
277c88f8ccbc01bb6ff82f1fdc809b5c

SHA1
52db9a3baa18c3a1ac33215a5d96d8e08b20fac6

SHA256
7028946d7726438f2c18b36aa8bcdaf942cb578b09652c2e48b55e7b98bff872

SHA512
bd3c08fc3cbe4912a59f2a41ebd3c4b9979b65200482dc7cea3913b3163a55d3be0a47ef65566dc142d2f0b0a2a5e06163fa25ef67bee8c1f824f07e3b193ab5

Download Submit
C:\Windows\system\fbYblGX.exe

Filesize
3.0MB

MD5
fa5b80ed2b0c6b087ea9b8ca58b8acde

SHA1
cdf37e40d451556f4ef7e824d67b466e85d33dcf

SHA256
b439e4df39099aa9e14c00da81f630c55ccb02bfc5a67c4bd4356ee9ade6d5b3

SHA512
faa7c9bf47d81ce74a973e3160546353bf4b907fe284cb84f9e0a8a203c92d1ef7381f5c0530582eddfbb7937d5492282febfaac79a9f115bbfef99bff4c561a

Download Submit
C:\Windows\system\fhDfchT.exe

Filesize
3.0MB

MD5
15867538fb23d3846861ed7b47bcf678

SHA1
614bf45acefbb99cc826b3fab55e554123181658

SHA256
e4765b6f66d579a8ed2749aeed7aada3633dee704ac7fadf68938b0ff0ed57e8

SHA512
047bdf51b9a9eb22eed8f0aa0f54ed6e31951a00b24eaa32ad7cc2e9b6809a68207d114f2c157cb358a9e9bbe5cb628cbed6b0acf82de9d207bdb1cb461bc9be

Download Submit
C:\Windows\system\gSxeHbq.exe

Filesize
3.0MB

MD5
a459b614d0bf02daaba0b3babd8aae2c

SHA1
21fa1a783ce5bb0257130f079650d080d11db765

SHA256
3f66c47e15ae6bcf33b4f304d2fa34b940695437825c4b2574b48beef3ef0dc1

SHA512
406eb69fdd50ac145b26bb58d4a5852045b2ce3e38ed3e3fb68fa988b846f099afb3c8bdc9760e441569b25a5469ae79d4837ce75aa41218e3c28c468afaf474

Download Submit
C:\Windows\system\gVNtVGC.exe

Filesize
3.0MB

MD5
30f5b9c93618338748cbc679d9f6b42f

SHA1
a76c1d27a0b507091f1e73fcbaba464a73af2336

SHA256
5614cdcb4c6ab5bf0dfb54cec62b310161502b36c26ae1f93a8921c700be59fb

SHA512
fd605f8f01efcb5839a71b925ee3f87ab6a4dfbe3fb777f06b80547a2dc3c42cea3f44eef4fb5bdd9eff631e0095428f7b8424151ddb8e8ada120188d644ee5d

Download Submit
C:\Windows\system\nxifSJg.exe

Filesize
3.0MB

MD5
17c055a44bfa7e09cf20c4e3353ec19d

SHA1
7b4835a6cad8c0885109e3c9ad70100f00c306fc

SHA256
717bd4588fb8406bd48cba5592e25a6bbd34b45f3ad133867b08b12d21d4621f

SHA512
8d9a33012051a69a9d0679f08d5b03036439cf70f7d14e8304604a6b8efec06029b6ba001b650dd6f0949eb628b2b0c93b94be52d54a77ba87f7867cf8794ce6

Download Submit
C:\Windows\system\tnsEtkT.exe

Filesize
3.0MB

MD5
3b259ea5deb8cff06bb61071dc49d240

SHA1
bf565871be37b359ca2cb350047870776fb38d6b

SHA256
18e2ba414e06632b6adfe7c027e7049d501473096cb1aa5a9b386abea46af303

SHA512
ee0777fe410f36ff22b15ea3a8388455f0d87a1bf9426b138114656d1a04626be9e9fd864937133089fb6d2eddead9b2ded56260ab40edb45953966fa3f98e83

Download Submit
C:\Windows\system\wbuoubM.exe

Filesize
3.0MB

MD5
4a8dd8c2f21678b56ac678ac1a565dbb

SHA1
2ae0998cb5d576cbfd5753d913e3eae35e326154

SHA256
730aaae1edb2dcd70cc165072a98aa725746a33d738ee2473b285fb90dea3327

SHA512
49398e3b73a6f2f6eea52c475f364207a463365d1af8805efee47f692b736dc50d3ff63b422b885c492a0b920499e5207b26f9ae3f3981a375840e1467eced48

Download Submit
\Windows\system\AgrlDcz.exe

Filesize
3.0MB

MD5
d5102bec5239e191350c3945bb53fce1

SHA1
7f481c3225622678b3681c054d5aab62147d0532

SHA256
25bd45139a1332d9ed3cc484673f764acc81cabc85425c010aa4f65dd4d287fb

SHA512
29ebdbbbb34e55aa8ee976b2109b4aee1571fa4fc6e646512fbbc89b6b2d080b3af9eec975540c98421e77aa0e536656bb2efdfe84f401420e024a114ea179c2

Download Submit
\Windows\system\FtnDWgn.exe

Filesize
3.0MB

MD5
092a0d31dd8efbe42f9f0df137e82ccb

SHA1
fc46ea072d7fb2b300fb6779c01a818563a2f456

SHA256
58a18e4b56e56c26cb315442485c788c5841e0b3a51ccd1bbd657a67a7b0528a

SHA512
08c86d0d08d11099bd9f552c1d8ae42680f37cc856e9fe3a77e37789147e6a4da4fd2a5052621142eb0fd164c943eb5ff38a3010eb3175d45b36ae7708481f47

Download Submit
\Windows\system\HUZYoCT.exe

Filesize
3.0MB

MD5
7ba6fe61ad74d4d7896bcb326491960f

SHA1
903ff7abb781bb1a5d5ddfd0a713dbcc8531973d

SHA256
a2a799ed195485334d1209cedf5da136b7b140bcccf370499245d3c05fb23751

SHA512
1a0655cf76b535650239c6f4815e3ba1f1a038aabb5dc2e172a75ca9d971626430b3500abbd2b81461e05ec44b0aab95c36ceb58d379bbe637f7c10b82c8432b

Download Submit
\Windows\system\OGVPWcn.exe

Filesize
3.0MB

MD5
8fb923d32afa3ab60e9fdfe15540475c

SHA1
523193880f2ed157da67a0143b0a7af0e91d014f

SHA256
f7088ac8209054b08ccf7ba56b0495ce113cc9b99a0aa206de02173f450de44b

SHA512
b35eea0c8d4cc887e870360d86acf4c73e6cbda017b434ac1877d4ed34be704243f9bb52add61a7cec8c91088cd3c9e4b933011cadd0b392de7dbba9633383c4

Download Submit
\Windows\system\RdANJnX.exe

Filesize
3.0MB

MD5
ddabb17b213fb7773e946407dcee711f

SHA1
f9b5cedb2692d4221636af82054971f92a855656

SHA256
5d586369efbe9b525194e7299e203ab1f5426799e94d2bf1ebda57d72c9526c7

SHA512
50c06a9f593e01b801bc687cd9d066e235770732909a5b7391f2f64973e4add26cf9ab7f622bfc53e9d934e0471bd80854ce833544dacc0965184cbf023058a1

Download Submit
\Windows\system\TXGBbbp.exe

Filesize
3.0MB

MD5
7e792d957fca02068468f956495c468a

SHA1
7c6a2033d4694129d491df510080111de37d1dd0

SHA256
8a8c324516b00617a3d9ec863daca2e72bab026b8c9379be8435be33d3112e44

SHA512
01abe4f8bff3c2e7d35f556d2964135de091a55057abe5ac52c6ef0595a3183fa562e5dbd8e97de1c6cd24b1e96c4c4d6d1c765d651e1db238724d2749b1d747

Download Submit
\Windows\system\XWyTxKw.exe

Filesize
3.0MB

MD5
116ebde9f27182a83b07d7d028aecc48

SHA1
9abe7af4b6601c9bf0f4ffdc3863c7de6dbdd417

SHA256
201d20e8f593ae151c0f54bb821a3b6ff93f0d57ae19885f9eb636324c7fad79

SHA512
9d2d76a1d4c2bc0bd9fee31dbac596605bfec462e9de1970591257e33ccaab907e9e379cd3bf9011ec30cb788fe6cd85bd7e241bde9fe7934b4818d184870033

Download Submit
\Windows\system\aCkbrOg.exe

Filesize
3.0MB

MD5
b9c4864131ccaf6aff526226836f19e5

SHA1
8b94a1e11184238bc2512312a4bb0bcdd2606fd7

SHA256
48df071d73d508eaf32da8459096506bff1217f4ab2a26f443afb7c9fd11226d

SHA512
132bf93be2f117142fac2c40e34b1fb30a19f6f457625cd377c2f69d02d64080a2e5489fea80a8c23e93bbb86c8fed8bea03f1c99d2f7e0e1dc9efa1edc50b5c

Download Submit
\Windows\system\fReAUhl.exe

Filesize
3.0MB

MD5
2542cfad7267d2458d2e203283908023

SHA1
5ea91e3cbd4ce6adf981ab7ff09fdbca386e8a35

SHA256
06217e28da4944b50fc4c26289b8cb374f1bd6210450100a25a3c27b341aaae0

SHA512
20596693e05d92ba8282804077c6d1c1b7ea715b9d731f4a38ca471a7348026d4e3c8bce054008c4282fee94d8ecbbd44f876088d041a10a1af09232dc2f0cc7

Download Submit
\Windows\system\kfrFXBB.exe

Filesize
3.0MB

MD5
e0e2a41b0ad3720cb849e2cd79b091a7

SHA1
5b85dc03253f49a435b47aeef4b5c1504971339c

SHA256
427f5ae1ab62ef08ca0a0d2df2de920fe6a9350f8e596800d6c879d0f9c65583

SHA512
3e734aa52db032f30de4c58eb1b78c2ad05bff8982a14865c9efc19bae29c78868fe5442b3a2a58104e4d987f831d3a99eed66ac37ce5e143e24bfba47b9eda6

Download Submit
\Windows\system\pOasppt.exe

Filesize
3.0MB

MD5
ccca3fe7c3aaf25d60198bdcb8278819

SHA1
14f7a56fccf854ac24d6b3780830f202e3ef3855

SHA256
cf95066b3274ef730a92500aef7057411ad2df489e181b3153d7299baf96e405

SHA512
1822eead3a4c058d72d023c3e45df7bbc314a2eb3f5c4337337aa8b6779e32431fff98203c67ea517fcf52af6983492d128ed7e4bed7ed5739828c46511ea214

Download Submit
\Windows\system\sluuXWH.exe

Filesize
3.0MB

MD5
ab2a1a41ff6ab1e33fd9e319bf52e19e

SHA1
9245c5463de6d70f53b6aa77ded20bd45a84b76c

SHA256
70e091fb12e4fe21e594e9d0d7b4a46ab0b2993368c9b6404a83cff6b18cf505

SHA512
9c3bdfa9c58b2632fbde9588c90bb3a7fedc97107275035a264216e40bbafcef1aabb38f9a22fb8263b261bb8d147041770bcd9a1ae3d710087c60e622510713

Download Submit
\Windows\system\urqCtTJ.exe

Filesize
3.0MB

MD5
c65d46fcaa6014cc302f762dfb3611d4

SHA1
53d7037158b9a950a131f8180f1f840fa2f5f7a8

SHA256
b7d5fd0f79cc4bf6d75e8baeefff4fa8b78cf6895262762ed318769d25e8f0af

SHA512
9149f06d4eb1bd70dd0ab2d228be131c5a23b25ffa98a9cb64503b83ea311edba596af05527d94b612f6d1294a4b455ec7bd1f4f400517a57255570f516cab2b

Download Submit
memory/312-100-0x000000013F120000-0x000000013F516000-memory.dmp

Filesize
4.0MB

Download
memory/2172-0-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2172-4853-0x0000000003A50000-0x0000000003E46000-memory.dmp

Filesize
4.0MB

Download
memory/2172-36-0x0000000003A50000-0x0000000003E46000-memory.dmp

Filesize
4.0MB

Download
memory/2172-95-0x0000000003A50000-0x0000000003E46000-memory.dmp

Filesize
4.0MB

Download
memory/2172-98-0x0000000003A50000-0x0000000003E46000-memory.dmp

Filesize
4.0MB

Download
memory/2172-151-0x0000000003A50000-0x0000000003E46000-memory.dmp

Filesize
4.0MB

Download
memory/2172-73-0x000000013F120000-0x000000013F516000-memory.dmp

Filesize
4.0MB

Download
memory/2172-102-0x0000000003A50000-0x0000000003E46000-memory.dmp

Filesize
4.0MB

Download
memory/2172-45-0x000000013FF40000-0x0000000140336000-memory.dmp

Filesize
4.0MB

Download
memory/2172-70-0x000000013FAF0000-0x000000013FEE6000-memory.dmp

Filesize
4.0MB

Download
memory/2172-2961-0x000000013F570000-0x000000013F966000-memory.dmp

Filesize
4.0MB

Download
memory/2172-89-0x0000000003A50000-0x0000000003E46000-memory.dmp

Filesize
4.0MB

Download
memory/2172-4034-0x0000000003A50000-0x0000000003E46000-memory.dmp

Filesize
4.0MB

Download
memory/2172-27-0x000000013F0A0000-0x000000013F496000-memory.dmp

Filesize
4.0MB

Download
memory/2172-6365-0x0000000003A50000-0x0000000003E46000-memory.dmp

Filesize
4.0MB

Download
memory/2172-25-0x000000013FBF0000-0x000000013FFE6000-memory.dmp

Filesize
4.0MB

Download
memory/2172-77-0x000000013FF30000-0x0000000140326000-memory.dmp

Filesize
4.0MB

Download
memory/2172-19-0x000000013FD30000-0x0000000140126000-memory.dmp

Filesize
4.0MB

Download
memory/2172-5785-0x0000000003A50000-0x0000000003E46000-memory.dmp

Filesize
4.0MB

Download
memory/2172-7-0x000000013F570000-0x000000013F966000-memory.dmp

Filesize
4.0MB

Download
memory/2392-76-0x000000013FAF0000-0x000000013FEE6000-memory.dmp

Filesize
4.0MB

Download
memory/2432-39-0x000000013F2B0000-0x000000013F6A6000-memory.dmp

Filesize
4.0MB

Download
memory/2432-4037-0x000000013F2B0000-0x000000013F6A6000-memory.dmp

Filesize
4.0MB

Download
memory/2600-57-0x000000013FF40000-0x0000000140336000-memory.dmp

Filesize
4.0MB

Download
memory/2624-20-0x000000013F0A0000-0x000000013F496000-memory.dmp

Filesize
4.0MB

Download
memory/2688-28-0x000000013FD30000-0x0000000140126000-memory.dmp

Filesize
4.0MB

Download
memory/2688-7204-0x000000013FD30000-0x0000000140126000-memory.dmp

Filesize
4.0MB

Download
memory/2784-91-0x000000013FF30000-0x0000000140326000-memory.dmp

Filesize
4.0MB

Download
memory/2920-150-0x000000013F120000-0x000000013F516000-memory.dmp

Filesize
4.0MB

Download
memory/2928-153-0x000000013F540000-0x000000013F936000-memory.dmp

Filesize
4.0MB

Download
memory/3008-14-0x000000013FBF0000-0x000000013FFE6000-memory.dmp

Filesize
4.0MB

Download
memory/3012-37-0x000007FEF5C7E000-0x000007FEF5C7F000-memory.dmp

Filesize
4KB

Download
memory/3012-32-0x0000000002A10000-0x0000000002A90000-memory.dmp

Filesize
512KB

Download
memory/3012-80-0x0000000001C90000-0x0000000001C98000-memory.dmp

Filesize
32KB

Download
memory/3012-66-0x000000001B7D0000-0x000000001BAB2000-memory.dmp

Filesize
2.9MB

Download