xmrig | 3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2024, 04:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
Size

1.7MB
MD5

4c85442ea5fdeabe5bcd2b6067bc67d0
SHA1

17ddc98b083f1bcb469c371f7cd5dc26e2977d0d
SHA256

3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5
SHA512

3328b0c2121553ad1efb0fd6c4d21e73ef3f6b55f5bbe77b3f1089bbcf41c292bb3208deb198e8b349a8470c4a096f714de83acd4bcad3ffd81cbe96d789a3de
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkibTJH+2Q/ynKeWY1s38kQu12bPxvyuzaBgJ9pcFt5:Lz071uv4BPMkibTIA5I4TNrpDGK4n

Score

10^/10

xmrig execution miner persistence privilege_escalation upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 43 IoCs

miner

resource	yara_rule
behavioral2/memory/1924-37-0x00007FF6EF210000-0x00007FF6EF602000-memory.dmp	xmrig
behavioral2/memory/5252-56-0x00007FF784680000-0x00007FF784A72000-memory.dmp	xmrig
behavioral2/memory/6140-72-0x00007FF633080000-0x00007FF633472000-memory.dmp	xmrig
behavioral2/memory/4684-104-0x00007FF61BD00000-0x00007FF61C0F2000-memory.dmp	xmrig
behavioral2/memory/4336-107-0x00007FF6C4050000-0x00007FF6C4442000-memory.dmp	xmrig
behavioral2/memory/688-110-0x00007FF69F030000-0x00007FF69F422000-memory.dmp	xmrig
behavioral2/memory/5292-111-0x00007FF7E5E30000-0x00007FF7E6222000-memory.dmp	xmrig
behavioral2/memory/3152-109-0x00007FF6A9420000-0x00007FF6A9812000-memory.dmp	xmrig
behavioral2/memory/5336-108-0x00007FF7125A0000-0x00007FF712992000-memory.dmp	xmrig
behavioral2/memory/1664-106-0x00007FF650190000-0x00007FF650582000-memory.dmp	xmrig
behavioral2/memory/536-105-0x00007FF7377E0000-0x00007FF737BD2000-memory.dmp	xmrig
behavioral2/memory/4440-103-0x00007FF6A58F0000-0x00007FF6A5CE2000-memory.dmp	xmrig
behavioral2/memory/2560-97-0x00007FF7AAA20000-0x00007FF7AAE12000-memory.dmp	xmrig
behavioral2/memory/2952-93-0x00007FF62FC20000-0x00007FF630012000-memory.dmp	xmrig
behavioral2/memory/5740-82-0x00007FF645650000-0x00007FF645A42000-memory.dmp	xmrig
behavioral2/memory/1548-125-0x00007FF608F10000-0x00007FF609302000-memory.dmp	xmrig
behavioral2/memory/5776-165-0x00007FF771390000-0x00007FF771782000-memory.dmp	xmrig
behavioral2/memory/5024-169-0x00007FF7E35C0000-0x00007FF7E39B2000-memory.dmp	xmrig
behavioral2/memory/4652-156-0x00007FF7B4EF0000-0x00007FF7B52E2000-memory.dmp	xmrig
behavioral2/memory/5752-149-0x00007FF7AACC0000-0x00007FF7AB0B2000-memory.dmp	xmrig
behavioral2/memory/1848-148-0x00007FF601930000-0x00007FF601D22000-memory.dmp	xmrig
behavioral2/memory/3472-3598-0x00007FF69A8A0000-0x00007FF69AC92000-memory.dmp	xmrig
behavioral2/memory/6072-3600-0x00007FF7C85D0000-0x00007FF7C89C2000-memory.dmp	xmrig
behavioral2/memory/1548-3603-0x00007FF608F10000-0x00007FF609302000-memory.dmp	xmrig
behavioral2/memory/6056-4584-0x00007FF7307E0000-0x00007FF730BD2000-memory.dmp	xmrig
behavioral2/memory/1924-4589-0x00007FF6EF210000-0x00007FF6EF602000-memory.dmp	xmrig
behavioral2/memory/5252-4593-0x00007FF784680000-0x00007FF784A72000-memory.dmp	xmrig
behavioral2/memory/536-4596-0x00007FF7377E0000-0x00007FF737BD2000-memory.dmp	xmrig
behavioral2/memory/6140-4600-0x00007FF633080000-0x00007FF633472000-memory.dmp	xmrig
behavioral2/memory/5740-4603-0x00007FF645650000-0x00007FF645A42000-memory.dmp	xmrig
behavioral2/memory/4440-4631-0x00007FF6A58F0000-0x00007FF6A5CE2000-memory.dmp	xmrig
behavioral2/memory/4336-4627-0x00007FF6C4050000-0x00007FF6C4442000-memory.dmp	xmrig
behavioral2/memory/5292-4692-0x00007FF7E5E30000-0x00007FF7E6222000-memory.dmp	xmrig
behavioral2/memory/5336-4624-0x00007FF7125A0000-0x00007FF712992000-memory.dmp	xmrig
behavioral2/memory/6072-4698-0x00007FF7C85D0000-0x00007FF7C89C2000-memory.dmp	xmrig
behavioral2/memory/3472-4696-0x00007FF69A8A0000-0x00007FF69AC92000-memory.dmp	xmrig
behavioral2/memory/1548-5304-0x00007FF608F10000-0x00007FF609302000-memory.dmp	xmrig
behavioral2/memory/6056-5324-0x00007FF7307E0000-0x00007FF730BD2000-memory.dmp	xmrig
behavioral2/memory/5024-5318-0x00007FF7E35C0000-0x00007FF7E39B2000-memory.dmp	xmrig
behavioral2/memory/4652-5316-0x00007FF7B4EF0000-0x00007FF7B52E2000-memory.dmp	xmrig
behavioral2/memory/5776-5314-0x00007FF771390000-0x00007FF771782000-memory.dmp	xmrig
behavioral2/memory/5752-5310-0x00007FF7AACC0000-0x00007FF7AB0B2000-memory.dmp	xmrig
behavioral2/memory/1848-5308-0x00007FF601930000-0x00007FF601D22000-memory.dmp	xmrig

Blocklisted process makes network request 7 IoCs

flow	pid	Process
8	2688	powershell.exe
10	2688	powershell.exe
14	2688	powershell.exe
15	2688	powershell.exe
18	2688	powershell.exe
24	2688	powershell.exe
25	2688	powershell.exe

Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Software\Microsoft\Active Setup\Installed Components	explorer.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
2688	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
1924	Vbesdqw.exe
5252	VaJQLLW.exe
536	TGKOHxe.exe
6140	HUjPAHx.exe
5740	GAGwXHD.exe
1664	CDVBknP.exe
2952	XXcnRni.exe
2560	eBAUbrf.exe
4336	penEiZt.exe
5336	mwYExLv.exe
3152	vdrRlNi.exe
688	wbMWNoZ.exe
4440	PCiMwHn.exe
4684	vtmthne.exe
5292	RdkLopc.exe
3472	DEKcQty.exe
6072	hrgovrw.exe
1548	KYnWdae.exe
1848	yRAYEua.exe
5752	NNLWtYw.exe
5776	insldSk.exe
4652	WfPSgqq.exe
5024	mWPIfDk.exe
6056	rrOjCCY.exe
1572	WbhzwBR.exe
3296	EuKisvc.exe
2204	mCybFgm.exe
2520	dnfnLji.exe
2364	uIAaUFq.exe
944	dRWXdzP.exe
5676	rwXFcmq.exe
5840	RlunhrT.exe
1388	WFiMfDW.exe
3952	pjHjHXX.exe
5956	pWzQBQk.exe
1936	qsFhvjR.exe
4616	FMcmalD.exe
1448	RIznwGV.exe
2848	aiwucAT.exe
2572	xKPyZRb.exe
368	fQfHfFf.exe
5460	NoOupaD.exe
3060	NuUGUSC.exe
4756	hdWXpdJ.exe
2652	cGRktpd.exe
4544	UmSdBkP.exe
4012	bFPXMen.exe
3608	EkCuEix.exe
2836	mPaGTDM.exe
4840	jhnHluh.exe
4880	eNIcuqv.exe
2796	QxQDrzQ.exe
5052	BRyVaMY.exe
4052	FKvaRUa.exe
4348	bzDlOMB.exe
2028	MLMnPRb.exe
4964	gdAXLWa.exe
6068	kfjdwRO.exe
5308	KElsBhZ.exe
2140	aukhdJx.exe
3000	IKdUdkr.exe
5648	QMTeWok.exe
5784	kOHiCqT.exe
4976	NfqjLEq.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2528-0-0x00007FF7F96D0000-0x00007FF7F9AC2000-memory.dmp	upx
behavioral2/files/0x00090000000233e4-6.dat	upx
behavioral2/files/0x000800000002341f-12.dat	upx
behavioral2/files/0x0007000000023420-16.dat	upx
behavioral2/files/0x0007000000023422-25.dat	upx
behavioral2/files/0x0007000000023421-23.dat	upx
behavioral2/memory/1924-37-0x00007FF6EF210000-0x00007FF6EF602000-memory.dmp	upx
behavioral2/memory/5252-56-0x00007FF784680000-0x00007FF784A72000-memory.dmp	upx
behavioral2/memory/6140-72-0x00007FF633080000-0x00007FF633472000-memory.dmp	upx
behavioral2/files/0x000700000002342e-90.dat	upx
behavioral2/files/0x000700000002342a-95.dat	upx
behavioral2/files/0x000800000002342c-102.dat	upx
behavioral2/memory/4684-104-0x00007FF61BD00000-0x00007FF61C0F2000-memory.dmp	upx
behavioral2/memory/4336-107-0x00007FF6C4050000-0x00007FF6C4442000-memory.dmp	upx
behavioral2/memory/688-110-0x00007FF69F030000-0x00007FF69F422000-memory.dmp	upx
behavioral2/memory/6072-113-0x00007FF7C85D0000-0x00007FF7C89C2000-memory.dmp	upx
behavioral2/files/0x0009000000023412-114.dat	upx
behavioral2/memory/3472-112-0x00007FF69A8A0000-0x00007FF69AC92000-memory.dmp	upx
behavioral2/memory/5292-111-0x00007FF7E5E30000-0x00007FF7E6222000-memory.dmp	upx
behavioral2/memory/3152-109-0x00007FF6A9420000-0x00007FF6A9812000-memory.dmp	upx
behavioral2/memory/5336-108-0x00007FF7125A0000-0x00007FF712992000-memory.dmp	upx
behavioral2/memory/1664-106-0x00007FF650190000-0x00007FF650582000-memory.dmp	upx
behavioral2/memory/536-105-0x00007FF7377E0000-0x00007FF737BD2000-memory.dmp	upx
behavioral2/memory/4440-103-0x00007FF6A58F0000-0x00007FF6A5CE2000-memory.dmp	upx
behavioral2/memory/2560-97-0x00007FF7AAA20000-0x00007FF7AAE12000-memory.dmp	upx
behavioral2/memory/2952-93-0x00007FF62FC20000-0x00007FF630012000-memory.dmp	upx
behavioral2/files/0x0007000000023429-88.dat	upx
behavioral2/files/0x000700000002342d-84.dat	upx
behavioral2/memory/5740-82-0x00007FF645650000-0x00007FF645A42000-memory.dmp	upx
behavioral2/files/0x0007000000023428-80.dat	upx
behavioral2/files/0x0007000000023427-74.dat	upx
behavioral2/files/0x0007000000023426-59.dat	upx
behavioral2/files/0x0007000000023424-49.dat	upx
behavioral2/files/0x0007000000023423-43.dat	upx
behavioral2/files/0x0007000000023425-45.dat	upx
behavioral2/files/0x000700000002342f-122.dat	upx
behavioral2/memory/1548-125-0x00007FF608F10000-0x00007FF609302000-memory.dmp	upx
behavioral2/files/0x0007000000023430-131.dat	upx
behavioral2/files/0x0007000000023432-144.dat	upx
behavioral2/files/0x0007000000023433-150.dat	upx
behavioral2/files/0x0007000000023435-162.dat	upx
behavioral2/memory/5776-165-0x00007FF771390000-0x00007FF771782000-memory.dmp	upx
behavioral2/memory/5024-169-0x00007FF7E35C0000-0x00007FF7E39B2000-memory.dmp	upx
behavioral2/files/0x0007000000023437-175.dat	upx
behavioral2/files/0x0007000000023436-173.dat	upx
behavioral2/files/0x0007000000023434-160.dat	upx
behavioral2/memory/6056-157-0x00007FF7307E0000-0x00007FF730BD2000-memory.dmp	upx
behavioral2/memory/4652-156-0x00007FF7B4EF0000-0x00007FF7B52E2000-memory.dmp	upx
behavioral2/memory/5752-149-0x00007FF7AACC0000-0x00007FF7AB0B2000-memory.dmp	upx
behavioral2/memory/1848-148-0x00007FF601930000-0x00007FF601D22000-memory.dmp	upx
behavioral2/files/0x0007000000023431-142.dat	upx
behavioral2/files/0x000800000002342b-132.dat	upx
behavioral2/files/0x0007000000023438-257.dat	upx
behavioral2/files/0x0007000000023459-273.dat	upx
behavioral2/files/0x000700000002345b-276.dat	upx
behavioral2/files/0x000700000002345e-282.dat	upx
behavioral2/files/0x000700000002345f-285.dat	upx
behavioral2/files/0x0007000000023460-288.dat	upx
behavioral2/files/0x000700000002345d-279.dat	upx
behavioral2/files/0x0007000000023458-270.dat	upx
behavioral2/files/0x0007000000023455-266.dat	upx
behavioral2/memory/3472-3598-0x00007FF69A8A0000-0x00007FF69AC92000-memory.dmp	upx
behavioral2/memory/6072-3600-0x00007FF7C85D0000-0x00007FF7C89C2000-memory.dmp	upx
behavioral2/memory/1548-3603-0x00007FF608F10000-0x00007FF609302000-memory.dmp	upx

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	explorer.exe
File opened (read-only)	\??\F:	explorer.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	raw.githubusercontent.com
8	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\zRHkUkG.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\byaIsZN.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\BrGtyNv.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\NuUGUSC.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\tGwQNAn.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\vMuVdoK.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\CddMFoC.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\IvWHYMj.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\mBaVtrO.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\qYQEemr.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\GZybSLq.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\NEAtAzM.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\PBGVDXE.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\PPrtFCw.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\DGELuck.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\hehEgeB.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\dzbDMkX.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\wbMWNoZ.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\ZHPyddI.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\TMLiVWf.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\zJYGnnj.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\CGxJHUm.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\YVxcGsC.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\PEsPmbX.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\SWQLBuD.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\LPjiZtU.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\bjtMmrH.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\mBLhEvJ.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\UgNqRdE.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\GxpQRqM.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\ZGPvdwD.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\IpPNMpN.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\nRYdUyV.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\rMrcbCi.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\YrJNCYt.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\CsKKhJa.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\ErwcJKZ.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\EXzXdyd.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\oOlFbhT.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\jfKLqtl.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\SHpyGWY.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\EFggVZr.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\HMqyloA.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\bPWnpfi.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\LKVcGdz.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\QOqRLfp.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\ETDtVIA.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\yinpbjE.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\WIAsWkZ.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\MuVTLcT.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\HgjMUTP.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\xZIyasP.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\jznytYH.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\NNhqgCc.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\xZrwhXH.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\cKIwyCJ.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\RQDHhun.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\jlIqKWG.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\VhxTTOG.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\jQaTphi.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\dEAxAsN.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\CbzIhLQ.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\IFbSnId.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
File created	C:\Windows\System\rnwmpyH.exe	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2447855248-390457009-3660902674-1000\{0BE10ADF-2977-4CCA-A04E-B7EBF196D1AA}	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	explorer.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2688	powershell.exe
2688	powershell.exe
2688	powershell.exe

Suspicious use of AdjustPrivilegeToken 17 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
Token: SeLockMemoryPrivilege	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
Token: SeDebugPrivilege	2688	powershell.exe
Token: SeCreateGlobalPrivilege	12808	dwm.exe
Token: SeChangeNotifyPrivilege	12808	dwm.exe
Token: 33	12808	dwm.exe
Token: SeIncBasePriorityPrivilege	12808	dwm.exe
Token: SeShutdownPrivilege	7600	explorer.exe
Token: SeCreatePagefilePrivilege	7600	explorer.exe
Token: SeShutdownPrivilege	7600	explorer.exe
Token: SeCreatePagefilePrivilege	7600	explorer.exe
Token: SeShutdownPrivilege	7600	explorer.exe
Token: SeCreatePagefilePrivilege	7600	explorer.exe
Token: SeShutdownPrivilege	7600	explorer.exe
Token: SeCreatePagefilePrivilege	7600	explorer.exe
Token: SeShutdownPrivilege	7600	explorer.exe
Token: SeCreatePagefilePrivilege	7600	explorer.exe

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
13228	sihost.exe
7600	explorer.exe
7600	explorer.exe
7600	explorer.exe
7600	explorer.exe
7600	explorer.exe
7600	explorer.exe
7600	explorer.exe

Suspicious use of SendNotifyMessage 9 IoCs

pid	Process
7600	explorer.exe
7600	explorer.exe
7600	explorer.exe
7600	explorer.exe
7600	explorer.exe
7600	explorer.exe
7600	explorer.exe
7600	explorer.exe
7600	explorer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 2688	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	83
PID 2528 wrote to memory of 2688	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	83
PID 2528 wrote to memory of 1924	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	84
PID 2528 wrote to memory of 1924	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	84
PID 2528 wrote to memory of 5252	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	85
PID 2528 wrote to memory of 5252	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	85
PID 2528 wrote to memory of 536	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	86
PID 2528 wrote to memory of 536	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	86
PID 2528 wrote to memory of 6140	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	87
PID 2528 wrote to memory of 6140	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	87
PID 2528 wrote to memory of 5740	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	88
PID 2528 wrote to memory of 5740	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	88
PID 2528 wrote to memory of 1664	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	89
PID 2528 wrote to memory of 1664	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	89
PID 2528 wrote to memory of 2952	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	90
PID 2528 wrote to memory of 2952	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	90
PID 2528 wrote to memory of 2560	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	91
PID 2528 wrote to memory of 2560	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	91
PID 2528 wrote to memory of 4336	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	92
PID 2528 wrote to memory of 4336	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	92
PID 2528 wrote to memory of 5336	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	93
PID 2528 wrote to memory of 5336	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	93
PID 2528 wrote to memory of 3152	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	94
PID 2528 wrote to memory of 3152	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	94
PID 2528 wrote to memory of 688	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	95
PID 2528 wrote to memory of 688	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	95
PID 2528 wrote to memory of 4440	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	96
PID 2528 wrote to memory of 4440	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	96
PID 2528 wrote to memory of 4684	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	97
PID 2528 wrote to memory of 4684	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	97
PID 2528 wrote to memory of 5292	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	98
PID 2528 wrote to memory of 5292	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	98
PID 2528 wrote to memory of 3472	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	99
PID 2528 wrote to memory of 3472	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	99
PID 2528 wrote to memory of 6072	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	100
PID 2528 wrote to memory of 6072	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	100
PID 2528 wrote to memory of 1548	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	101
PID 2528 wrote to memory of 1548	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	101
PID 2528 wrote to memory of 1848	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	102
PID 2528 wrote to memory of 1848	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	102
PID 2528 wrote to memory of 5752	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	103
PID 2528 wrote to memory of 5752	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	103
PID 2528 wrote to memory of 5776	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	104
PID 2528 wrote to memory of 5776	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	104
PID 2528 wrote to memory of 4652	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	105
PID 2528 wrote to memory of 4652	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	105
PID 2528 wrote to memory of 5024	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	106
PID 2528 wrote to memory of 5024	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	106
PID 2528 wrote to memory of 6056	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	107
PID 2528 wrote to memory of 6056	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	107
PID 2528 wrote to memory of 1572	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	108
PID 2528 wrote to memory of 1572	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	108
PID 2528 wrote to memory of 3296	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	109
PID 2528 wrote to memory of 3296	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	109
PID 2528 wrote to memory of 2204	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	110
PID 2528 wrote to memory of 2204	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	110
PID 2528 wrote to memory of 2520	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	111
PID 2528 wrote to memory of 2520	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	111
PID 2528 wrote to memory of 2364	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	115
PID 2528 wrote to memory of 2364	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	115
PID 2528 wrote to memory of 944	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	116
PID 2528 wrote to memory of 944	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	116
PID 2528 wrote to memory of 5676	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	117
PID 2528 wrote to memory of 5676	2528	3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe	117

C:\Users\Admin\AppData\Local\Temp\3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe
"C:\Users\Admin\AppData\Local\Temp\3f030f1c326b5757a89c8ef4e501c2c2fe4815cf48a5c12a08121b9535028dd5.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2688
- C:\Windows\System\Vbesdqw.exe
  C:\Windows\System\Vbesdqw.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\VaJQLLW.exe
  C:\Windows\System\VaJQLLW.exe
  2⤵
  - Executes dropped EXE
  PID:5252
- C:\Windows\System\TGKOHxe.exe
  C:\Windows\System\TGKOHxe.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\HUjPAHx.exe
  C:\Windows\System\HUjPAHx.exe
  2⤵
  - Executes dropped EXE
  PID:6140
- C:\Windows\System\GAGwXHD.exe
  C:\Windows\System\GAGwXHD.exe
  2⤵
  - Executes dropped EXE
  PID:5740
- C:\Windows\System\CDVBknP.exe
  C:\Windows\System\CDVBknP.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\XXcnRni.exe
  C:\Windows\System\XXcnRni.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\eBAUbrf.exe
  C:\Windows\System\eBAUbrf.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\penEiZt.exe
  C:\Windows\System\penEiZt.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\mwYExLv.exe
  C:\Windows\System\mwYExLv.exe
  2⤵
  - Executes dropped EXE
  PID:5336
- C:\Windows\System\vdrRlNi.exe
  C:\Windows\System\vdrRlNi.exe
  2⤵
  - Executes dropped EXE
  PID:3152
- C:\Windows\System\wbMWNoZ.exe
  C:\Windows\System\wbMWNoZ.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\PCiMwHn.exe
  C:\Windows\System\PCiMwHn.exe
  2⤵
  - Executes dropped EXE
  PID:4440
- C:\Windows\System\vtmthne.exe
  C:\Windows\System\vtmthne.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\RdkLopc.exe
  C:\Windows\System\RdkLopc.exe
  2⤵
  - Executes dropped EXE
  PID:5292
- C:\Windows\System\DEKcQty.exe
  C:\Windows\System\DEKcQty.exe
  2⤵
  - Executes dropped EXE
  PID:3472
- C:\Windows\System\hrgovrw.exe
  C:\Windows\System\hrgovrw.exe
  2⤵
  - Executes dropped EXE
  PID:6072
- C:\Windows\System\KYnWdae.exe
  C:\Windows\System\KYnWdae.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\yRAYEua.exe
  C:\Windows\System\yRAYEua.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\NNLWtYw.exe
  C:\Windows\System\NNLWtYw.exe
  2⤵
  - Executes dropped EXE
  PID:5752
- C:\Windows\System\insldSk.exe
  C:\Windows\System\insldSk.exe
  2⤵
  - Executes dropped EXE
  PID:5776
- C:\Windows\System\WfPSgqq.exe
  C:\Windows\System\WfPSgqq.exe
  2⤵
  - Executes dropped EXE
  PID:4652
- C:\Windows\System\mWPIfDk.exe
  C:\Windows\System\mWPIfDk.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\rrOjCCY.exe
  C:\Windows\System\rrOjCCY.exe
  2⤵
  - Executes dropped EXE
  PID:6056
- C:\Windows\System\WbhzwBR.exe
  C:\Windows\System\WbhzwBR.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\EuKisvc.exe
  C:\Windows\System\EuKisvc.exe
  2⤵
  - Executes dropped EXE
  PID:3296
- C:\Windows\System\mCybFgm.exe
  C:\Windows\System\mCybFgm.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\dnfnLji.exe
  C:\Windows\System\dnfnLji.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\uIAaUFq.exe
  C:\Windows\System\uIAaUFq.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\dRWXdzP.exe
  C:\Windows\System\dRWXdzP.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\rwXFcmq.exe
  C:\Windows\System\rwXFcmq.exe
  2⤵
  - Executes dropped EXE
  PID:5676
- C:\Windows\System\RlunhrT.exe
  C:\Windows\System\RlunhrT.exe
  2⤵
  - Executes dropped EXE
  PID:5840
- C:\Windows\System\WFiMfDW.exe
  C:\Windows\System\WFiMfDW.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\pjHjHXX.exe
  C:\Windows\System\pjHjHXX.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\pWzQBQk.exe
  C:\Windows\System\pWzQBQk.exe
  2⤵
  - Executes dropped EXE
  PID:5956
- C:\Windows\System\qsFhvjR.exe
  C:\Windows\System\qsFhvjR.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\FMcmalD.exe
  C:\Windows\System\FMcmalD.exe
  2⤵
  - Executes dropped EXE
  PID:4616
- C:\Windows\System\RIznwGV.exe
  C:\Windows\System\RIznwGV.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\aiwucAT.exe
  C:\Windows\System\aiwucAT.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\xKPyZRb.exe
  C:\Windows\System\xKPyZRb.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\fQfHfFf.exe
  C:\Windows\System\fQfHfFf.exe
  2⤵
  - Executes dropped EXE
  PID:368
- C:\Windows\System\NoOupaD.exe
  C:\Windows\System\NoOupaD.exe
  2⤵
  - Executes dropped EXE
  PID:5460
- C:\Windows\System\NuUGUSC.exe
  C:\Windows\System\NuUGUSC.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\hdWXpdJ.exe
  C:\Windows\System\hdWXpdJ.exe
  2⤵
  - Executes dropped EXE
  PID:4756
- C:\Windows\System\cGRktpd.exe
  C:\Windows\System\cGRktpd.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\UmSdBkP.exe
  C:\Windows\System\UmSdBkP.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\bFPXMen.exe
  C:\Windows\System\bFPXMen.exe
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\System\EkCuEix.exe
  C:\Windows\System\EkCuEix.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\mPaGTDM.exe
  C:\Windows\System\mPaGTDM.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\jhnHluh.exe
  C:\Windows\System\jhnHluh.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\eNIcuqv.exe
  C:\Windows\System\eNIcuqv.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\QxQDrzQ.exe
  C:\Windows\System\QxQDrzQ.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\BRyVaMY.exe
  C:\Windows\System\BRyVaMY.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\FKvaRUa.exe
  C:\Windows\System\FKvaRUa.exe
  2⤵
  - Executes dropped EXE
  PID:4052
- C:\Windows\System\bzDlOMB.exe
  C:\Windows\System\bzDlOMB.exe
  2⤵
  - Executes dropped EXE
  PID:4348
- C:\Windows\System\MLMnPRb.exe
  C:\Windows\System\MLMnPRb.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\gdAXLWa.exe
  C:\Windows\System\gdAXLWa.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\kfjdwRO.exe
  C:\Windows\System\kfjdwRO.exe
  2⤵
  - Executes dropped EXE
  PID:6068
- C:\Windows\System\KElsBhZ.exe
  C:\Windows\System\KElsBhZ.exe
  2⤵
  - Executes dropped EXE
  PID:5308
- C:\Windows\System\aukhdJx.exe
  C:\Windows\System\aukhdJx.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\IKdUdkr.exe
  C:\Windows\System\IKdUdkr.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\QMTeWok.exe
  C:\Windows\System\QMTeWok.exe
  2⤵
  - Executes dropped EXE
  PID:5648
- C:\Windows\System\kOHiCqT.exe
  C:\Windows\System\kOHiCqT.exe
  2⤵
  - Executes dropped EXE
  PID:5784
- C:\Windows\System\NfqjLEq.exe
  C:\Windows\System\NfqjLEq.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System\fwWuVoy.exe
  C:\Windows\System\fwWuVoy.exe
  2⤵
  PID:2268
- C:\Windows\System\MzOvwZy.exe
  C:\Windows\System\MzOvwZy.exe
  2⤵
  PID:2404
- C:\Windows\System\zFRdTFn.exe
  C:\Windows\System\zFRdTFn.exe
  2⤵
  PID:4792
- C:\Windows\System\Nqwonan.exe
  C:\Windows\System\Nqwonan.exe
  2⤵
  PID:5264
- C:\Windows\System\YqukgIv.exe
  C:\Windows\System\YqukgIv.exe
  2⤵
  PID:5148
- C:\Windows\System\hePOgph.exe
  C:\Windows\System\hePOgph.exe
  2⤵
  PID:956
- C:\Windows\System\YwcYVbQ.exe
  C:\Windows\System\YwcYVbQ.exe
  2⤵
  PID:5112
- C:\Windows\System\ChpfovX.exe
  C:\Windows\System\ChpfovX.exe
  2⤵
  PID:4392
- C:\Windows\System\dHWpxhE.exe
  C:\Windows\System\dHWpxhE.exe
  2⤵
  PID:5712
- C:\Windows\System\BrvdbQJ.exe
  C:\Windows\System\BrvdbQJ.exe
  2⤵
  PID:5276
- C:\Windows\System\HtxNokH.exe
  C:\Windows\System\HtxNokH.exe
  2⤵
  PID:5896
- C:\Windows\System\JkUBRYq.exe
  C:\Windows\System\JkUBRYq.exe
  2⤵
  PID:1784
- C:\Windows\System\hVhlLmJ.exe
  C:\Windows\System\hVhlLmJ.exe
  2⤵
  PID:5984
- C:\Windows\System\CIoMXeB.exe
  C:\Windows\System\CIoMXeB.exe
  2⤵
  PID:5996
- C:\Windows\System\mwQVpNu.exe
  C:\Windows\System\mwQVpNu.exe
  2⤵
  PID:5468
- C:\Windows\System\isVymyf.exe
  C:\Windows\System\isVymyf.exe
  2⤵
  PID:3128
- C:\Windows\System\JBugcFw.exe
  C:\Windows\System\JBugcFw.exe
  2⤵
  PID:6136
- C:\Windows\System\bGDyLPF.exe
  C:\Windows\System\bGDyLPF.exe
  2⤵
  PID:3116
- C:\Windows\System\UWTRYjM.exe
  C:\Windows\System\UWTRYjM.exe
  2⤵
  PID:2072
- C:\Windows\System\iPAznxv.exe
  C:\Windows\System\iPAznxv.exe
  2⤵
  PID:4368
- C:\Windows\System\AQWWLlO.exe
  C:\Windows\System\AQWWLlO.exe
  2⤵
  PID:2120
- C:\Windows\System\tbrSFFG.exe
  C:\Windows\System\tbrSFFG.exe
  2⤵
  PID:1428
- C:\Windows\System\FaVoZVx.exe
  C:\Windows\System\FaVoZVx.exe
  2⤵
  PID:2780
- C:\Windows\System\gXWvpej.exe
  C:\Windows\System\gXWvpej.exe
  2⤵
  PID:3408
- C:\Windows\System\EfLshSI.exe
  C:\Windows\System\EfLshSI.exe
  2⤵
  PID:3492
- C:\Windows\System\UmpBsAa.exe
  C:\Windows\System\UmpBsAa.exe
  2⤵
  PID:1252
- C:\Windows\System\EMPZGcD.exe
  C:\Windows\System\EMPZGcD.exe
  2⤵
  PID:4464
- C:\Windows\System\XoWGJEj.exe
  C:\Windows\System\XoWGJEj.exe
  2⤵
  PID:4364
- C:\Windows\System\BvVYVuQ.exe
  C:\Windows\System\BvVYVuQ.exe
  2⤵
  PID:4292
- C:\Windows\System\FrTWaEa.exe
  C:\Windows\System\FrTWaEa.exe
  2⤵
  PID:4768
- C:\Windows\System\oFINLiq.exe
  C:\Windows\System\oFINLiq.exe
  2⤵
  PID:4776
- C:\Windows\System\YwnNsub.exe
  C:\Windows\System\YwnNsub.exe
  2⤵
  PID:4056
- C:\Windows\System\AUQtncT.exe
  C:\Windows\System\AUQtncT.exe
  2⤵
  PID:3056
- C:\Windows\System\kbnOthc.exe
  C:\Windows\System\kbnOthc.exe
  2⤵
  PID:3480
- C:\Windows\System\AsQVWIh.exe
  C:\Windows\System\AsQVWIh.exe
  2⤵
  PID:5380
- C:\Windows\System\kcQoGYS.exe
  C:\Windows\System\kcQoGYS.exe
  2⤵
  PID:5644
- C:\Windows\System\mDpUrAF.exe
  C:\Windows\System\mDpUrAF.exe
  2⤵
  PID:3920
- C:\Windows\System\YBnDNEG.exe
  C:\Windows\System\YBnDNEG.exe
  2⤵
  PID:2972
- C:\Windows\System\Ejsjype.exe
  C:\Windows\System\Ejsjype.exe
  2⤵
  PID:5360
- C:\Windows\System\lZXpfib.exe
  C:\Windows\System\lZXpfib.exe
  2⤵
  PID:1812
- C:\Windows\System\gdmdUxo.exe
  C:\Windows\System\gdmdUxo.exe
  2⤵
  PID:5532
- C:\Windows\System\iUShnxz.exe
  C:\Windows\System\iUShnxz.exe
  2⤵
  PID:2272
- C:\Windows\System\zXOPPng.exe
  C:\Windows\System\zXOPPng.exe
  2⤵
  PID:3200
- C:\Windows\System\DTuDsyc.exe
  C:\Windows\System\DTuDsyc.exe
  2⤵
  PID:1544
- C:\Windows\System\yTeVugP.exe
  C:\Windows\System\yTeVugP.exe
  2⤵
  PID:4536
- C:\Windows\System\VANZOBC.exe
  C:\Windows\System\VANZOBC.exe
  2⤵
  PID:5284
- C:\Windows\System\yHkPZZc.exe
  C:\Windows\System\yHkPZZc.exe
  2⤵
  PID:1508
- C:\Windows\System\hYGLtxA.exe
  C:\Windows\System\hYGLtxA.exe
  2⤵
  PID:5260
- C:\Windows\System\xfitkkf.exe
  C:\Windows\System\xfitkkf.exe
  2⤵
  PID:3688
- C:\Windows\System\cWeSELF.exe
  C:\Windows\System\cWeSELF.exe
  2⤵
  PID:5940
- C:\Windows\System\ZNtcnAR.exe
  C:\Windows\System\ZNtcnAR.exe
  2⤵
  PID:2216
- C:\Windows\System\kATbmPV.exe
  C:\Windows\System\kATbmPV.exe
  2⤵
  PID:2524
- C:\Windows\System\xwcjXtX.exe
  C:\Windows\System\xwcjXtX.exe
  2⤵
  PID:3720
- C:\Windows\System\sodVjWZ.exe
  C:\Windows\System\sodVjWZ.exe
  2⤵
  PID:2456
- C:\Windows\System\rzyyCiM.exe
  C:\Windows\System\rzyyCiM.exe
  2⤵
  PID:952
- C:\Windows\System\dLyqfFJ.exe
  C:\Windows\System\dLyqfFJ.exe
  2⤵
  PID:4992
- C:\Windows\System\OJxEPge.exe
  C:\Windows\System\OJxEPge.exe
  2⤵
  PID:4948
- C:\Windows\System\olbpwAz.exe
  C:\Windows\System\olbpwAz.exe
  2⤵
  PID:5356
- C:\Windows\System\vHrDyiA.exe
  C:\Windows\System\vHrDyiA.exe
  2⤵
  PID:4664
- C:\Windows\System\WfydagP.exe
  C:\Windows\System\WfydagP.exe
  2⤵
  PID:2356
- C:\Windows\System\ItpezxY.exe
  C:\Windows\System\ItpezxY.exe
  2⤵
  PID:4000
- C:\Windows\System\eVEWtKr.exe
  C:\Windows\System\eVEWtKr.exe
  2⤵
  PID:5496
- C:\Windows\System\MmnJYSL.exe
  C:\Windows\System\MmnJYSL.exe
  2⤵
  PID:5300
- C:\Windows\System\aHLLhlo.exe
  C:\Windows\System\aHLLhlo.exe
  2⤵
  PID:2852
- C:\Windows\System\hJHZxLR.exe
  C:\Windows\System\hJHZxLR.exe
  2⤵
  PID:4700
- C:\Windows\System\wyJFjja.exe
  C:\Windows\System\wyJFjja.exe
  2⤵
  PID:3876
- C:\Windows\System\iuAOGhc.exe
  C:\Windows\System\iuAOGhc.exe
  2⤵
  PID:5664
- C:\Windows\System\uzlWKKi.exe
  C:\Windows\System\uzlWKKi.exe
  2⤵
  PID:3604
- C:\Windows\System\jCkEYFT.exe
  C:\Windows\System\jCkEYFT.exe
  2⤵
  PID:5400
- C:\Windows\System\GgUpdqI.exe
  C:\Windows\System\GgUpdqI.exe
  2⤵
  PID:2596
- C:\Windows\System\glzqmGA.exe
  C:\Windows\System\glzqmGA.exe
  2⤵
  PID:3368
- C:\Windows\System\qfgxAkK.exe
  C:\Windows\System\qfgxAkK.exe
  2⤵
  PID:5944
- C:\Windows\System\HtojojR.exe
  C:\Windows\System\HtojojR.exe
  2⤵
  PID:3684
- C:\Windows\System\ExIGINU.exe
  C:\Windows\System\ExIGINU.exe
  2⤵
  PID:3064
- C:\Windows\System\HAEYhPX.exe
  C:\Windows\System\HAEYhPX.exe
  2⤵
  PID:1896
- C:\Windows\System\kugVZuW.exe
  C:\Windows\System\kugVZuW.exe
  2⤵
  PID:5008
- C:\Windows\System\vhtJtNz.exe
  C:\Windows\System\vhtJtNz.exe
  2⤵
  PID:6076
- C:\Windows\System\oWHxjQS.exe
  C:\Windows\System\oWHxjQS.exe
  2⤵
  PID:5124
- C:\Windows\System\kAHEwDB.exe
  C:\Windows\System\kAHEwDB.exe
  2⤵
  PID:4968
- C:\Windows\System\hKqUqAA.exe
  C:\Windows\System\hKqUqAA.exe
  2⤵
  PID:3940
- C:\Windows\System\yMRSSJO.exe
  C:\Windows\System\yMRSSJO.exe
  2⤵
  PID:2324
- C:\Windows\System\YaUFAYo.exe
  C:\Windows\System\YaUFAYo.exe
  2⤵
  PID:1668
- C:\Windows\System\XevpKFa.exe
  C:\Windows\System\XevpKFa.exe
  2⤵
  PID:5716
- C:\Windows\System\BBUxmEL.exe
  C:\Windows\System\BBUxmEL.exe
  2⤵
  PID:6156
- C:\Windows\System\bgpZgcg.exe
  C:\Windows\System\bgpZgcg.exe
  2⤵
  PID:6172
- C:\Windows\System\kYCrPyg.exe
  C:\Windows\System\kYCrPyg.exe
  2⤵
  PID:6236
- C:\Windows\System\SmQxQVJ.exe
  C:\Windows\System\SmQxQVJ.exe
  2⤵
  PID:6256
- C:\Windows\System\WyMCKRN.exe
  C:\Windows\System\WyMCKRN.exe
  2⤵
  PID:6276
- C:\Windows\System\sEgdTlc.exe
  C:\Windows\System\sEgdTlc.exe
  2⤵
  PID:6300
- C:\Windows\System\CFVTIhA.exe
  C:\Windows\System\CFVTIhA.exe
  2⤵
  PID:6320
- C:\Windows\System\noaijbM.exe
  C:\Windows\System\noaijbM.exe
  2⤵
  PID:6352
- C:\Windows\System\cpNpQIx.exe
  C:\Windows\System\cpNpQIx.exe
  2⤵
  PID:6388
- C:\Windows\System\dEAxAsN.exe
  C:\Windows\System\dEAxAsN.exe
  2⤵
  PID:6412
- C:\Windows\System\dcliLDO.exe
  C:\Windows\System\dcliLDO.exe
  2⤵
  PID:6432
- C:\Windows\System\TPOKidY.exe
  C:\Windows\System\TPOKidY.exe
  2⤵
  PID:6456
- C:\Windows\System\vhZXxyS.exe
  C:\Windows\System\vhZXxyS.exe
  2⤵
  PID:6480
- C:\Windows\System\NiWbIHk.exe
  C:\Windows\System\NiWbIHk.exe
  2⤵
  PID:6552
- C:\Windows\System\BChHKDT.exe
  C:\Windows\System\BChHKDT.exe
  2⤵
  PID:6628
- C:\Windows\System\VQWKGZJ.exe
  C:\Windows\System\VQWKGZJ.exe
  2⤵
  PID:6664
- C:\Windows\System\bsqdKcg.exe
  C:\Windows\System\bsqdKcg.exe
  2⤵
  PID:6692
- C:\Windows\System\DIPOqbW.exe
  C:\Windows\System\DIPOqbW.exe
  2⤵
  PID:6712
- C:\Windows\System\tBWVCUI.exe
  C:\Windows\System\tBWVCUI.exe
  2⤵
  PID:6748
- C:\Windows\System\qUrBhNS.exe
  C:\Windows\System\qUrBhNS.exe
  2⤵
  PID:6776
- C:\Windows\System\qaBygWi.exe
  C:\Windows\System\qaBygWi.exe
  2⤵
  PID:6792
- C:\Windows\System\fKMsKoy.exe
  C:\Windows\System\fKMsKoy.exe
  2⤵
  PID:6828
- C:\Windows\System\segzvUn.exe
  C:\Windows\System\segzvUn.exe
  2⤵
  PID:6856
- C:\Windows\System\OHSwgNz.exe
  C:\Windows\System\OHSwgNz.exe
  2⤵
  PID:6888
- C:\Windows\System\EZukuNk.exe
  C:\Windows\System\EZukuNk.exe
  2⤵
  PID:6904
- C:\Windows\System\VbtlZXV.exe
  C:\Windows\System\VbtlZXV.exe
  2⤵
  PID:6924
- C:\Windows\System\cKnLgLE.exe
  C:\Windows\System\cKnLgLE.exe
  2⤵
  PID:6956
- C:\Windows\System\oIxksuy.exe
  C:\Windows\System\oIxksuy.exe
  2⤵
  PID:6996
- C:\Windows\System\XDEOFxH.exe
  C:\Windows\System\XDEOFxH.exe
  2⤵
  PID:7016
- C:\Windows\System\igWeqME.exe
  C:\Windows\System\igWeqME.exe
  2⤵
  PID:7084
- C:\Windows\System\KFSRjYr.exe
  C:\Windows\System\KFSRjYr.exe
  2⤵
  PID:7104
- C:\Windows\System\gsEQfdP.exe
  C:\Windows\System\gsEQfdP.exe
  2⤵
  PID:7148
- C:\Windows\System\XkJbhCU.exe
  C:\Windows\System\XkJbhCU.exe
  2⤵
  PID:4300
- C:\Windows\System\WxMoTCj.exe
  C:\Windows\System\WxMoTCj.exe
  2⤵
  PID:4752
- C:\Windows\System\RPuUhfC.exe
  C:\Windows\System\RPuUhfC.exe
  2⤵
  PID:3304
- C:\Windows\System\uTQvcrM.exe
  C:\Windows\System\uTQvcrM.exe
  2⤵
  PID:6296
- C:\Windows\System\zpLhWwn.exe
  C:\Windows\System\zpLhWwn.exe
  2⤵
  PID:6248
- C:\Windows\System\QmGCvlf.exe
  C:\Windows\System\QmGCvlf.exe
  2⤵
  PID:6400
- C:\Windows\System\LhMxTzj.exe
  C:\Windows\System\LhMxTzj.exe
  2⤵
  PID:6344
- C:\Windows\System\woCBBPq.exe
  C:\Windows\System\woCBBPq.exe
  2⤵
  PID:6440
- C:\Windows\System\EYVVfpy.exe
  C:\Windows\System\EYVVfpy.exe
  2⤵
  PID:6520
- C:\Windows\System\AleKQjJ.exe
  C:\Windows\System\AleKQjJ.exe
  2⤵
  PID:6588
- C:\Windows\System\GPFmdno.exe
  C:\Windows\System\GPFmdno.exe
  2⤵
  PID:6620
- C:\Windows\System\LiFEgQT.exe
  C:\Windows\System\LiFEgQT.exe
  2⤵
  PID:6720
- C:\Windows\System\oxqmqvZ.exe
  C:\Windows\System\oxqmqvZ.exe
  2⤵
  PID:6800
- C:\Windows\System\YVXmGVy.exe
  C:\Windows\System\YVXmGVy.exe
  2⤵
  PID:6764
- C:\Windows\System\VoiCNZq.exe
  C:\Windows\System\VoiCNZq.exe
  2⤵
  PID:6916
- C:\Windows\System\fFOyXyY.exe
  C:\Windows\System\fFOyXyY.exe
  2⤵
  PID:6964
- C:\Windows\System\NxFJjho.exe
  C:\Windows\System\NxFJjho.exe
  2⤵
  PID:6988
- C:\Windows\System\OZLSrCm.exe
  C:\Windows\System\OZLSrCm.exe
  2⤵
  PID:6980
- C:\Windows\System\mbyNzhu.exe
  C:\Windows\System\mbyNzhu.exe
  2⤵
  PID:7044
- C:\Windows\System\OaiRDSt.exe
  C:\Windows\System\OaiRDSt.exe
  2⤵
  PID:7144
- C:\Windows\System\UDpWChN.exe
  C:\Windows\System\UDpWChN.exe
  2⤵
  PID:1364
- C:\Windows\System\kuVSwqw.exe
  C:\Windows\System\kuVSwqw.exe
  2⤵
  PID:6196
- C:\Windows\System\MZrRPTJ.exe
  C:\Windows\System\MZrRPTJ.exe
  2⤵
  PID:6424
- C:\Windows\System\BoxeizD.exe
  C:\Windows\System\BoxeizD.exe
  2⤵
  PID:6532
- C:\Windows\System\uIrjCzu.exe
  C:\Windows\System\uIrjCzu.exe
  2⤵
  PID:6768
- C:\Windows\System\zMrACbR.exe
  C:\Windows\System\zMrACbR.exe
  2⤵
  PID:6896
- C:\Windows\System\glsbGAI.exe
  C:\Windows\System\glsbGAI.exe
  2⤵
  PID:2828
- C:\Windows\System\CUqACbX.exe
  C:\Windows\System\CUqACbX.exe
  2⤵
  PID:7064
- C:\Windows\System\FNYsuRR.exe
  C:\Windows\System\FNYsuRR.exe
  2⤵
  PID:5768
- C:\Windows\System\vnflokJ.exe
  C:\Windows\System\vnflokJ.exe
  2⤵
  PID:6600
- C:\Windows\System\VAbrctD.exe
  C:\Windows\System\VAbrctD.exe
  2⤵
  PID:6900
- C:\Windows\System\PvRAzmn.exe
  C:\Windows\System\PvRAzmn.exe
  2⤵
  PID:6316
- C:\Windows\System\rSQVltZ.exe
  C:\Windows\System\rSQVltZ.exe
  2⤵
  PID:6308
- C:\Windows\System\DmdTXLB.exe
  C:\Windows\System\DmdTXLB.exe
  2⤵
  PID:7196
- C:\Windows\System\llBNyhz.exe
  C:\Windows\System\llBNyhz.exe
  2⤵
  PID:7216
- C:\Windows\System\OWGYged.exe
  C:\Windows\System\OWGYged.exe
  2⤵
  PID:7252
- C:\Windows\System\MDrvutX.exe
  C:\Windows\System\MDrvutX.exe
  2⤵
  PID:7280
- C:\Windows\System\GQQkFrr.exe
  C:\Windows\System\GQQkFrr.exe
  2⤵
  PID:7300
- C:\Windows\System\cHrtqXC.exe
  C:\Windows\System\cHrtqXC.exe
  2⤵
  PID:7340
- C:\Windows\System\KuKaizs.exe
  C:\Windows\System\KuKaizs.exe
  2⤵
  PID:7388
- C:\Windows\System\wqXyPWO.exe
  C:\Windows\System\wqXyPWO.exe
  2⤵
  PID:7404
- C:\Windows\System\tYwtWSq.exe
  C:\Windows\System\tYwtWSq.exe
  2⤵
  PID:7428
- C:\Windows\System\TKxXtlz.exe
  C:\Windows\System\TKxXtlz.exe
  2⤵
  PID:7448
- C:\Windows\System\qpaIWOk.exe
  C:\Windows\System\qpaIWOk.exe
  2⤵
  PID:7464
- C:\Windows\System\vggrJVY.exe
  C:\Windows\System\vggrJVY.exe
  2⤵
  PID:7488
- C:\Windows\System\wdkWtXw.exe
  C:\Windows\System\wdkWtXw.exe
  2⤵
  PID:7516
- C:\Windows\System\qihgxJT.exe
  C:\Windows\System\qihgxJT.exe
  2⤵
  PID:7560
- C:\Windows\System\VmCSomq.exe
  C:\Windows\System\VmCSomq.exe
  2⤵
  PID:7576
- C:\Windows\System\qbYeXxF.exe
  C:\Windows\System\qbYeXxF.exe
  2⤵
  PID:7604
- C:\Windows\System\NQDiPWf.exe
  C:\Windows\System\NQDiPWf.exe
  2⤵
  PID:7656
- C:\Windows\System\UGhvQCg.exe
  C:\Windows\System\UGhvQCg.exe
  2⤵
  PID:7704
- C:\Windows\System\NJeBZqA.exe
  C:\Windows\System\NJeBZqA.exe
  2⤵
  PID:7724
- C:\Windows\System\LBFzrjR.exe
  C:\Windows\System\LBFzrjR.exe
  2⤵
  PID:7752
- C:\Windows\System\lYlMQFF.exe
  C:\Windows\System\lYlMQFF.exe
  2⤵
  PID:7776
- C:\Windows\System\mjsIusX.exe
  C:\Windows\System\mjsIusX.exe
  2⤵
  PID:7796
- C:\Windows\System\WAETbep.exe
  C:\Windows\System\WAETbep.exe
  2⤵
  PID:7812
- C:\Windows\System\TLJaaOJ.exe
  C:\Windows\System\TLJaaOJ.exe
  2⤵
  PID:7836
- C:\Windows\System\MFmYnyL.exe
  C:\Windows\System\MFmYnyL.exe
  2⤵
  PID:7852
- C:\Windows\System\VBcRSAH.exe
  C:\Windows\System\VBcRSAH.exe
  2⤵
  PID:7872
- C:\Windows\System\ZOaXLyn.exe
  C:\Windows\System\ZOaXLyn.exe
  2⤵
  PID:7896
- C:\Windows\System\ZYjcYwm.exe
  C:\Windows\System\ZYjcYwm.exe
  2⤵
  PID:7924
- C:\Windows\System\qpebYJW.exe
  C:\Windows\System\qpebYJW.exe
  2⤵
  PID:7988
- C:\Windows\System\IuUOHlq.exe
  C:\Windows\System\IuUOHlq.exe
  2⤵
  PID:8012
- C:\Windows\System\kRlbJbA.exe
  C:\Windows\System\kRlbJbA.exe
  2⤵
  PID:8028
- C:\Windows\System\EUftgGN.exe
  C:\Windows\System\EUftgGN.exe
  2⤵
  PID:8060
- C:\Windows\System\YIZspvK.exe
  C:\Windows\System\YIZspvK.exe
  2⤵
  PID:8080
- C:\Windows\System\mqHFdNU.exe
  C:\Windows\System\mqHFdNU.exe
  2⤵
  PID:8100
- C:\Windows\System\HzCeVCR.exe
  C:\Windows\System\HzCeVCR.exe
  2⤵
  PID:8156
- C:\Windows\System\JkBazMh.exe
  C:\Windows\System\JkBazMh.exe
  2⤵
  PID:7128
- C:\Windows\System\MTyqfrS.exe
  C:\Windows\System\MTyqfrS.exe
  2⤵
  PID:7208
- C:\Windows\System\MnbvJLm.exe
  C:\Windows\System\MnbvJLm.exe
  2⤵
  PID:7232
- C:\Windows\System\SQIzANo.exe
  C:\Windows\System\SQIzANo.exe
  2⤵
  PID:7288
- C:\Windows\System\tRLygAb.exe
  C:\Windows\System\tRLygAb.exe
  2⤵
  PID:7416
- C:\Windows\System\JsJiTNi.exe
  C:\Windows\System\JsJiTNi.exe
  2⤵
  PID:7396
- C:\Windows\System\yVacNxn.exe
  C:\Windows\System\yVacNxn.exe
  2⤵
  PID:7484
- C:\Windows\System\MyIxUUO.exe
  C:\Windows\System\MyIxUUO.exe
  2⤵
  PID:7504
- C:\Windows\System\eyHQpgR.exe
  C:\Windows\System\eyHQpgR.exe
  2⤵
  PID:7572
- C:\Windows\System\PCikYBA.exe
  C:\Windows\System\PCikYBA.exe
  2⤵
  PID:7624
- C:\Windows\System\CQpuODl.exe
  C:\Windows\System\CQpuODl.exe
  2⤵
  PID:7684
- C:\Windows\System\UqRujDR.exe
  C:\Windows\System\UqRujDR.exe
  2⤵
  PID:7820
- C:\Windows\System\LndRfez.exe
  C:\Windows\System\LndRfez.exe
  2⤵
  PID:7808
- C:\Windows\System\qlgMkLJ.exe
  C:\Windows\System\qlgMkLJ.exe
  2⤵
  PID:7888
- C:\Windows\System\ZOOydyY.exe
  C:\Windows\System\ZOOydyY.exe
  2⤵
  PID:7960
- C:\Windows\System\nTRRFZw.exe
  C:\Windows\System\nTRRFZw.exe
  2⤵
  PID:8020
- C:\Windows\System\BlYqPeY.exe
  C:\Windows\System\BlYqPeY.exe
  2⤵
  PID:8096
- C:\Windows\System\ksLzpNM.exe
  C:\Windows\System\ksLzpNM.exe
  2⤵
  PID:8184
- C:\Windows\System\ZGPvdwD.exe
  C:\Windows\System\ZGPvdwD.exe
  2⤵
  PID:7204
- C:\Windows\System\PrXfFiD.exe
  C:\Windows\System\PrXfFiD.exe
  2⤵
  PID:7368
- C:\Windows\System\uTSuold.exe
  C:\Windows\System\uTSuold.exe
  2⤵
  PID:7496
- C:\Windows\System\CxqbxWb.exe
  C:\Windows\System\CxqbxWb.exe
  2⤵
  PID:7720
- C:\Windows\System\nvWqHNM.exe
  C:\Windows\System\nvWqHNM.exe
  2⤵
  PID:7936
- C:\Windows\System\uEIlaam.exe
  C:\Windows\System\uEIlaam.exe
  2⤵
  PID:7868
- C:\Windows\System\ibokQvS.exe
  C:\Windows\System\ibokQvS.exe
  2⤵
  PID:8036
- C:\Windows\System\WawBucW.exe
  C:\Windows\System\WawBucW.exe
  2⤵
  PID:7212
- C:\Windows\System\ElAEWiZ.exe
  C:\Windows\System\ElAEWiZ.exe
  2⤵
  PID:7652
- C:\Windows\System\fLYTqMU.exe
  C:\Windows\System\fLYTqMU.exe
  2⤵
  PID:7268
- C:\Windows\System\jIMFhgs.exe
  C:\Windows\System\jIMFhgs.exe
  2⤵
  PID:8208
- C:\Windows\System\TmUFRyx.exe
  C:\Windows\System\TmUFRyx.exe
  2⤵
  PID:8228
- C:\Windows\System\cqsNpuF.exe
  C:\Windows\System\cqsNpuF.exe
  2⤵
  PID:8268
- C:\Windows\System\NzEjcCY.exe
  C:\Windows\System\NzEjcCY.exe
  2⤵
  PID:8288
- C:\Windows\System\XmkIQdh.exe
  C:\Windows\System\XmkIQdh.exe
  2⤵
  PID:8316
- C:\Windows\System\MBEQIeu.exe
  C:\Windows\System\MBEQIeu.exe
  2⤵
  PID:8344
- C:\Windows\System\rejJngD.exe
  C:\Windows\System\rejJngD.exe
  2⤵
  PID:8372
- C:\Windows\System\OqgkzWz.exe
  C:\Windows\System\OqgkzWz.exe
  2⤵
  PID:8424
- C:\Windows\System\GLZwraX.exe
  C:\Windows\System\GLZwraX.exe
  2⤵
  PID:8440
- C:\Windows\System\WJxMbwq.exe
  C:\Windows\System\WJxMbwq.exe
  2⤵
  PID:8468
- C:\Windows\System\TPGtsYm.exe
  C:\Windows\System\TPGtsYm.exe
  2⤵
  PID:8520
- C:\Windows\System\aXbPrBh.exe
  C:\Windows\System\aXbPrBh.exe
  2⤵
  PID:8600
- C:\Windows\System\wiBnwRT.exe
  C:\Windows\System\wiBnwRT.exe
  2⤵
  PID:8620
- C:\Windows\System\moSKfnB.exe
  C:\Windows\System\moSKfnB.exe
  2⤵
  PID:8636
- C:\Windows\System\Hhqojja.exe
  C:\Windows\System\Hhqojja.exe
  2⤵
  PID:8652
- C:\Windows\System\LKIZOyV.exe
  C:\Windows\System\LKIZOyV.exe
  2⤵
  PID:8668
- C:\Windows\System\HzaJYVK.exe
  C:\Windows\System\HzaJYVK.exe
  2⤵
  PID:8684
- C:\Windows\System\PxdRsBs.exe
  C:\Windows\System\PxdRsBs.exe
  2⤵
  PID:8700
- C:\Windows\System\avAnyqO.exe
  C:\Windows\System\avAnyqO.exe
  2⤵
  PID:8716
- C:\Windows\System\QGoChiU.exe
  C:\Windows\System\QGoChiU.exe
  2⤵
  PID:8732
- C:\Windows\System\FHKTWUz.exe
  C:\Windows\System\FHKTWUz.exe
  2⤵
  PID:8748
- C:\Windows\System\WiWxLkK.exe
  C:\Windows\System\WiWxLkK.exe
  2⤵
  PID:8764
- C:\Windows\System\dWtoPTC.exe
  C:\Windows\System\dWtoPTC.exe
  2⤵
  PID:8780
- C:\Windows\System\mobGiAi.exe
  C:\Windows\System\mobGiAi.exe
  2⤵
  PID:8796
- C:\Windows\System\FyohSSF.exe
  C:\Windows\System\FyohSSF.exe
  2⤵
  PID:8812
- C:\Windows\System\MZsOTBY.exe
  C:\Windows\System\MZsOTBY.exe
  2⤵
  PID:8828
- C:\Windows\System\uESxVXr.exe
  C:\Windows\System\uESxVXr.exe
  2⤵
  PID:8844
- C:\Windows\System\dEaKiTM.exe
  C:\Windows\System\dEaKiTM.exe
  2⤵
  PID:8924
- C:\Windows\System\sHftZMg.exe
  C:\Windows\System\sHftZMg.exe
  2⤵
  PID:8988
- C:\Windows\System\EKFuvJF.exe
  C:\Windows\System\EKFuvJF.exe
  2⤵
  PID:9064
- C:\Windows\System\yRgPvaA.exe
  C:\Windows\System\yRgPvaA.exe
  2⤵
  PID:9092
- C:\Windows\System\lnXNGlB.exe
  C:\Windows\System\lnXNGlB.exe
  2⤵
  PID:9112
- C:\Windows\System\gUkYhsz.exe
  C:\Windows\System\gUkYhsz.exe
  2⤵
  PID:9156
- C:\Windows\System\vpUHKYA.exe
  C:\Windows\System\vpUHKYA.exe
  2⤵
  PID:8220
- C:\Windows\System\MhEfoVA.exe
  C:\Windows\System\MhEfoVA.exe
  2⤵
  PID:8308
- C:\Windows\System\DwXWYPR.exe
  C:\Windows\System\DwXWYPR.exe
  2⤵
  PID:8312
- C:\Windows\System\MuVTLcT.exe
  C:\Windows\System\MuVTLcT.exe
  2⤵
  PID:8412
- C:\Windows\System\iXaSpcr.exe
  C:\Windows\System\iXaSpcr.exe
  2⤵
  PID:8460
- C:\Windows\System\pDkBNCZ.exe
  C:\Windows\System\pDkBNCZ.exe
  2⤵
  PID:8592
- C:\Windows\System\cZGDZui.exe
  C:\Windows\System\cZGDZui.exe
  2⤵
  PID:8504
- C:\Windows\System\QjVYSJW.exe
  C:\Windows\System\QjVYSJW.exe
  2⤵
  PID:8556
- C:\Windows\System\OwdVyni.exe
  C:\Windows\System\OwdVyni.exe
  2⤵
  PID:8568
- C:\Windows\System\Pyejqur.exe
  C:\Windows\System\Pyejqur.exe
  2⤵
  PID:8580
- C:\Windows\System\UOSDRSm.exe
  C:\Windows\System\UOSDRSm.exe
  2⤵
  PID:8820
- C:\Windows\System\BoRhTKR.exe
  C:\Windows\System\BoRhTKR.exe
  2⤵
  PID:8900
- C:\Windows\System\kDyqirI.exe
  C:\Windows\System\kDyqirI.exe
  2⤵
  PID:8740
- C:\Windows\System\YiBeRBk.exe
  C:\Windows\System\YiBeRBk.exe
  2⤵
  PID:8948
- C:\Windows\System\KOlQtwQ.exe
  C:\Windows\System\KOlQtwQ.exe
  2⤵
  PID:9040
- C:\Windows\System\XlEKpFz.exe
  C:\Windows\System\XlEKpFz.exe
  2⤵
  PID:9032
- C:\Windows\System\XEiBktX.exe
  C:\Windows\System\XEiBktX.exe
  2⤵
  PID:9088
- C:\Windows\System\XxzcgNx.exe
  C:\Windows\System\XxzcgNx.exe
  2⤵
  PID:9184
- C:\Windows\System\HFIOQNR.exe
  C:\Windows\System\HFIOQNR.exe
  2⤵
  PID:8000
- C:\Windows\System\AWUxTTX.exe
  C:\Windows\System\AWUxTTX.exe
  2⤵
  PID:8396
- C:\Windows\System\uOcdLJS.exe
  C:\Windows\System\uOcdLJS.exe
  2⤵
  PID:8632
- C:\Windows\System\yetNOtU.exe
  C:\Windows\System\yetNOtU.exe
  2⤵
  PID:8560
- C:\Windows\System\twzoOWP.exe
  C:\Windows\System\twzoOWP.exe
  2⤵
  PID:8300
- C:\Windows\System\JVBxeBx.exe
  C:\Windows\System\JVBxeBx.exe
  2⤵
  PID:9052
- C:\Windows\System\XpDoaho.exe
  C:\Windows\System\XpDoaho.exe
  2⤵
  PID:8260
- C:\Windows\System\dinqMpR.exe
  C:\Windows\System\dinqMpR.exe
  2⤵
  PID:8552
- C:\Windows\System\JQbnCLC.exe
  C:\Windows\System\JQbnCLC.exe
  2⤵
  PID:8564
- C:\Windows\System\PrNrQxq.exe
  C:\Windows\System\PrNrQxq.exe
  2⤵
  PID:8508
- C:\Windows\System\QJxWqvc.exe
  C:\Windows\System\QJxWqvc.exe
  2⤵
  PID:9232
- C:\Windows\System\jfPYPXT.exe
  C:\Windows\System\jfPYPXT.exe
  2⤵
  PID:9256
- C:\Windows\System\wNVYxyl.exe
  C:\Windows\System\wNVYxyl.exe
  2⤵
  PID:9288
- C:\Windows\System\iSrPCKV.exe
  C:\Windows\System\iSrPCKV.exe
  2⤵
  PID:9304
- C:\Windows\System\wcQGttS.exe
  C:\Windows\System\wcQGttS.exe
  2⤵
  PID:9328
- C:\Windows\System\CrWJdug.exe
  C:\Windows\System\CrWJdug.exe
  2⤵
  PID:9384
- C:\Windows\System\eHtARdY.exe
  C:\Windows\System\eHtARdY.exe
  2⤵
  PID:9408
- C:\Windows\System\ijmJlxq.exe
  C:\Windows\System\ijmJlxq.exe
  2⤵
  PID:9476
- C:\Windows\System\QyIZYAs.exe
  C:\Windows\System\QyIZYAs.exe
  2⤵
  PID:9492
- C:\Windows\System\yTcUudw.exe
  C:\Windows\System\yTcUudw.exe
  2⤵
  PID:9512
- C:\Windows\System\PcLbImP.exe
  C:\Windows\System\PcLbImP.exe
  2⤵
  PID:9596
- C:\Windows\System\PAibvEv.exe
  C:\Windows\System\PAibvEv.exe
  2⤵
  PID:9620
- C:\Windows\System\ElJrPau.exe
  C:\Windows\System\ElJrPau.exe
  2⤵
  PID:9648
- C:\Windows\System\mpmJPuf.exe
  C:\Windows\System\mpmJPuf.exe
  2⤵
  PID:9676
- C:\Windows\System\SJLowWw.exe
  C:\Windows\System\SJLowWw.exe
  2⤵
  PID:9700
- C:\Windows\System\pBsWJhF.exe
  C:\Windows\System\pBsWJhF.exe
  2⤵
  PID:9720
- C:\Windows\System\KgjoBYM.exe
  C:\Windows\System\KgjoBYM.exe
  2⤵
  PID:9764
- C:\Windows\System\hKlrnpB.exe
  C:\Windows\System\hKlrnpB.exe
  2⤵
  PID:9784
- C:\Windows\System\FVQfyXt.exe
  C:\Windows\System\FVQfyXt.exe
  2⤵
  PID:9804
- C:\Windows\System\nsTparS.exe
  C:\Windows\System\nsTparS.exe
  2⤵
  PID:9832
- C:\Windows\System\WVcQvRQ.exe
  C:\Windows\System\WVcQvRQ.exe
  2⤵
  PID:9856
- C:\Windows\System\XMqrBYd.exe
  C:\Windows\System\XMqrBYd.exe
  2⤵
  PID:9888
- C:\Windows\System\VMjguri.exe
  C:\Windows\System\VMjguri.exe
  2⤵
  PID:9916
- C:\Windows\System\MOZOudG.exe
  C:\Windows\System\MOZOudG.exe
  2⤵
  PID:9936
- C:\Windows\System\GcfnjyF.exe
  C:\Windows\System\GcfnjyF.exe
  2⤵
  PID:9964
- C:\Windows\System\UvYbPvJ.exe
  C:\Windows\System\UvYbPvJ.exe
  2⤵
  PID:10016
- C:\Windows\System\vWcAHts.exe
  C:\Windows\System\vWcAHts.exe
  2⤵
  PID:10040
- C:\Windows\System\tAuqmbe.exe
  C:\Windows\System\tAuqmbe.exe
  2⤵
  PID:10064
- C:\Windows\System\tDkbCAF.exe
  C:\Windows\System\tDkbCAF.exe
  2⤵
  PID:10104
- C:\Windows\System\dbrNYIZ.exe
  C:\Windows\System\dbrNYIZ.exe
  2⤵
  PID:10128
- C:\Windows\System\Tfyrzvs.exe
  C:\Windows\System\Tfyrzvs.exe
  2⤵
  PID:10148
- C:\Windows\System\Pwmehcq.exe
  C:\Windows\System\Pwmehcq.exe
  2⤵
  PID:10180
- C:\Windows\System\RXwFana.exe
  C:\Windows\System\RXwFana.exe
  2⤵
  PID:10212
- C:\Windows\System\ueBLZMJ.exe
  C:\Windows\System\ueBLZMJ.exe
  2⤵
  PID:10228
- C:\Windows\System\CMfGCnF.exe
  C:\Windows\System\CMfGCnF.exe
  2⤵
  PID:8448
- C:\Windows\System\KwpUiBj.exe
  C:\Windows\System\KwpUiBj.exe
  2⤵
  PID:9224
- C:\Windows\System\ioJZeCq.exe
  C:\Windows\System\ioJZeCq.exe
  2⤵
  PID:9240
- C:\Windows\System\KQoGBMa.exe
  C:\Windows\System\KQoGBMa.exe
  2⤵
  PID:9300
- C:\Windows\System\qoIDTih.exe
  C:\Windows\System\qoIDTih.exe
  2⤵
  PID:9424
- C:\Windows\System\YqCCVEM.exe
  C:\Windows\System\YqCCVEM.exe
  2⤵
  PID:9508
- C:\Windows\System\vYGsPqV.exe
  C:\Windows\System\vYGsPqV.exe
  2⤵
  PID:9524
- C:\Windows\System\DWWOTuk.exe
  C:\Windows\System\DWWOTuk.exe
  2⤵
  PID:9584
- C:\Windows\System\PMmPUkH.exe
  C:\Windows\System\PMmPUkH.exe
  2⤵
  PID:9668
- C:\Windows\System\CkysJgy.exe
  C:\Windows\System\CkysJgy.exe
  2⤵
  PID:9696
- C:\Windows\System\kLEbSVa.exe
  C:\Windows\System\kLEbSVa.exe
  2⤵
  PID:9780
- C:\Windows\System\sgGncsw.exe
  C:\Windows\System\sgGncsw.exe
  2⤵
  PID:9904
- C:\Windows\System\jWImKSc.exe
  C:\Windows\System\jWImKSc.exe
  2⤵
  PID:9956
- C:\Windows\System\ltsZbQZ.exe
  C:\Windows\System\ltsZbQZ.exe
  2⤵
  PID:9976
- C:\Windows\System\gdxCkkS.exe
  C:\Windows\System\gdxCkkS.exe
  2⤵
  PID:10060
- C:\Windows\System\fqekerX.exe
  C:\Windows\System\fqekerX.exe
  2⤵
  PID:10176
- C:\Windows\System\APUWKRM.exe
  C:\Windows\System\APUWKRM.exe
  2⤵
  PID:10236
- C:\Windows\System\efnNfaa.exe
  C:\Windows\System\efnNfaa.exe
  2⤵
  PID:7460
- C:\Windows\System\QBzpeux.exe
  C:\Windows\System\QBzpeux.exe
  2⤵
  PID:9324
- C:\Windows\System\PALgbqb.exe
  C:\Windows\System\PALgbqb.exe
  2⤵
  PID:9472
- C:\Windows\System\dKmNvsD.exe
  C:\Windows\System\dKmNvsD.exe
  2⤵
  PID:9732
- C:\Windows\System\LApYdAZ.exe
  C:\Windows\System\LApYdAZ.exe
  2⤵
  PID:9944
- C:\Windows\System\TYATtHW.exe
  C:\Windows\System\TYATtHW.exe
  2⤵
  PID:10160
- C:\Windows\System\cIhitXJ.exe
  C:\Windows\System\cIhitXJ.exe
  2⤵
  PID:8976
- C:\Windows\System\cPJbCOq.exe
  C:\Windows\System\cPJbCOq.exe
  2⤵
  PID:9296
- C:\Windows\System\jznytYH.exe
  C:\Windows\System\jznytYH.exe
  2⤵
  PID:9840
- C:\Windows\System\QKqZnlJ.exe
  C:\Windows\System\QKqZnlJ.exe
  2⤵
  PID:10052
- C:\Windows\System\tZsHmsg.exe
  C:\Windows\System\tZsHmsg.exe
  2⤵
  PID:10204
- C:\Windows\System\mkkOaVB.exe
  C:\Windows\System\mkkOaVB.exe
  2⤵
  PID:10256
- C:\Windows\System\VRoNDLF.exe
  C:\Windows\System\VRoNDLF.exe
  2⤵
  PID:10272
- C:\Windows\System\YciERkM.exe
  C:\Windows\System\YciERkM.exe
  2⤵
  PID:10316
- C:\Windows\System\XznrOAw.exe
  C:\Windows\System\XznrOAw.exe
  2⤵
  PID:10348
- C:\Windows\System\ydQhBgp.exe
  C:\Windows\System\ydQhBgp.exe
  2⤵
  PID:10372
- C:\Windows\System\QZKNnlM.exe
  C:\Windows\System\QZKNnlM.exe
  2⤵
  PID:10392
- C:\Windows\System\VxBqglG.exe
  C:\Windows\System\VxBqglG.exe
  2⤵
  PID:10436
- C:\Windows\System\rEkXaAw.exe
  C:\Windows\System\rEkXaAw.exe
  2⤵
  PID:10512
- C:\Windows\System\iLmdGhu.exe
  C:\Windows\System\iLmdGhu.exe
  2⤵
  PID:10532
- C:\Windows\System\KevURFH.exe
  C:\Windows\System\KevURFH.exe
  2⤵
  PID:10560
- C:\Windows\System\OroXEUb.exe
  C:\Windows\System\OroXEUb.exe
  2⤵
  PID:10580
- C:\Windows\System\uvXzsHp.exe
  C:\Windows\System\uvXzsHp.exe
  2⤵
  PID:10600
- C:\Windows\System\MdEEDKS.exe
  C:\Windows\System\MdEEDKS.exe
  2⤵
  PID:10644
- C:\Windows\System\uqEfQgc.exe
  C:\Windows\System\uqEfQgc.exe
  2⤵
  PID:10684
- C:\Windows\System\KLqQZJG.exe
  C:\Windows\System\KLqQZJG.exe
  2⤵
  PID:10712
- C:\Windows\System\krBtHBa.exe
  C:\Windows\System\krBtHBa.exe
  2⤵
  PID:10732
- C:\Windows\System\gomJdSd.exe
  C:\Windows\System\gomJdSd.exe
  2⤵
  PID:10776
- C:\Windows\System\fjBApNC.exe
  C:\Windows\System\fjBApNC.exe
  2⤵
  PID:10792
- C:\Windows\System\pnTWYTR.exe
  C:\Windows\System\pnTWYTR.exe
  2⤵
  PID:10816
- C:\Windows\System\UZxpWzn.exe
  C:\Windows\System\UZxpWzn.exe
  2⤵
  PID:10844
- C:\Windows\System\EBpdMBM.exe
  C:\Windows\System\EBpdMBM.exe
  2⤵
  PID:10872
- C:\Windows\System\JYMeogD.exe
  C:\Windows\System\JYMeogD.exe
  2⤵
  PID:10896
- C:\Windows\System\xPxtZAQ.exe
  C:\Windows\System\xPxtZAQ.exe
  2⤵
  PID:10912
- C:\Windows\System\jRUFFkG.exe
  C:\Windows\System\jRUFFkG.exe
  2⤵
  PID:10932
- C:\Windows\System\EBpnEHZ.exe
  C:\Windows\System\EBpnEHZ.exe
  2⤵
  PID:10964
- C:\Windows\System\LEFgmnH.exe
  C:\Windows\System\LEFgmnH.exe
  2⤵
  PID:11024
- C:\Windows\System\kObCwRV.exe
  C:\Windows\System\kObCwRV.exe
  2⤵
  PID:11060
- C:\Windows\System\siQxCir.exe
  C:\Windows\System\siQxCir.exe
  2⤵
  PID:11084
- C:\Windows\System\FGKVqTo.exe
  C:\Windows\System\FGKVqTo.exe
  2⤵
  PID:11100
- C:\Windows\System\oPYzQHQ.exe
  C:\Windows\System\oPYzQHQ.exe
  2⤵
  PID:11128
- C:\Windows\System\bEVrcny.exe
  C:\Windows\System\bEVrcny.exe
  2⤵
  PID:11144
- C:\Windows\System\yuDPRrl.exe
  C:\Windows\System\yuDPRrl.exe
  2⤵
  PID:11172
- C:\Windows\System\EJmhEtp.exe
  C:\Windows\System\EJmhEtp.exe
  2⤵
  PID:11188
- C:\Windows\System\zrSCLko.exe
  C:\Windows\System\zrSCLko.exe
  2⤵
  PID:11212
- C:\Windows\System\BZHuPSl.exe
  C:\Windows\System\BZHuPSl.exe
  2⤵
  PID:11232
- C:\Windows\System\GyUCORv.exe
  C:\Windows\System\GyUCORv.exe
  2⤵
  PID:11252
- C:\Windows\System\UHcyUNp.exe
  C:\Windows\System\UHcyUNp.exe
  2⤵
  PID:10268
- C:\Windows\System\gAmybgY.exe
  C:\Windows\System\gAmybgY.exe
  2⤵
  PID:10312
- C:\Windows\System\RmbrQHU.exe
  C:\Windows\System\RmbrQHU.exe
  2⤵
  PID:10388
- C:\Windows\System\SvzShhZ.exe
  C:\Windows\System\SvzShhZ.exe
  2⤵
  PID:10488
- C:\Windows\System\zNRuXgY.exe
  C:\Windows\System\zNRuXgY.exe
  2⤵
  PID:10548
- C:\Windows\System\BNdRGFV.exe
  C:\Windows\System\BNdRGFV.exe
  2⤵
  PID:10640
- C:\Windows\System\LRdydDB.exe
  C:\Windows\System\LRdydDB.exe
  2⤵
  PID:10668
- C:\Windows\System\dmuWJBT.exe
  C:\Windows\System\dmuWJBT.exe
  2⤵
  PID:10752
- C:\Windows\System\TOkevqk.exe
  C:\Windows\System\TOkevqk.exe
  2⤵
  PID:10864
- C:\Windows\System\LBjlxpk.exe
  C:\Windows\System\LBjlxpk.exe
  2⤵
  PID:10952
- C:\Windows\System\SoHIGIe.exe
  C:\Windows\System\SoHIGIe.exe
  2⤵
  PID:11004
- C:\Windows\System\LKVcGdz.exe
  C:\Windows\System\LKVcGdz.exe
  2⤵
  PID:11136
- C:\Windows\System\IaKCUFL.exe
  C:\Windows\System\IaKCUFL.exe
  2⤵
  PID:11184
- C:\Windows\System\ZkaNiqd.exe
  C:\Windows\System\ZkaNiqd.exe
  2⤵
  PID:11244
- C:\Windows\System\mKbjEKt.exe
  C:\Windows\System\mKbjEKt.exe
  2⤵
  PID:11204
- C:\Windows\System\KYRGbCF.exe
  C:\Windows\System\KYRGbCF.exe
  2⤵
  PID:10456
- C:\Windows\System\jDzHGuH.exe
  C:\Windows\System\jDzHGuH.exe
  2⤵
  PID:10356
- C:\Windows\System\MNSYmtF.exe
  C:\Windows\System\MNSYmtF.exe
  2⤵
  PID:10432
- C:\Windows\System\asMsfEv.exe
  C:\Windows\System\asMsfEv.exe
  2⤵
  PID:10680
- C:\Windows\System\qYekPJv.exe
  C:\Windows\System\qYekPJv.exe
  2⤵
  PID:2300
- C:\Windows\System\qMTIDRr.exe
  C:\Windows\System\qMTIDRr.exe
  2⤵
  PID:10948
- C:\Windows\System\idFByti.exe
  C:\Windows\System\idFByti.exe
  2⤵
  PID:11116
- C:\Windows\System\yygzTLz.exe
  C:\Windows\System\yygzTLz.exe
  2⤵
  PID:10524
- C:\Windows\System\uYeWDRp.exe
  C:\Windows\System\uYeWDRp.exe
  2⤵
  PID:11224
- C:\Windows\System\UYEBlCI.exe
  C:\Windows\System\UYEBlCI.exe
  2⤵
  PID:10308
- C:\Windows\System\HWtUphO.exe
  C:\Windows\System\HWtUphO.exe
  2⤵
  PID:10940
- C:\Windows\System\uBetKId.exe
  C:\Windows\System\uBetKId.exe
  2⤵
  PID:11272
- C:\Windows\System\gwYBcsd.exe
  C:\Windows\System\gwYBcsd.exe
  2⤵
  PID:11304
- C:\Windows\System\CVunjqY.exe
  C:\Windows\System\CVunjqY.exe
  2⤵
  PID:11324
- C:\Windows\System\fuFXVZp.exe
  C:\Windows\System\fuFXVZp.exe
  2⤵
  PID:11344
- C:\Windows\System\XAWraXy.exe
  C:\Windows\System\XAWraXy.exe
  2⤵
  PID:11372
- C:\Windows\System\nSkOkuR.exe
  C:\Windows\System\nSkOkuR.exe
  2⤵
  PID:11436
- C:\Windows\System\ErwcJKZ.exe
  C:\Windows\System\ErwcJKZ.exe
  2⤵
  PID:11500
- C:\Windows\System\ZHpxFnY.exe
  C:\Windows\System\ZHpxFnY.exe
  2⤵
  PID:11520
- C:\Windows\System\nrUhqNN.exe
  C:\Windows\System\nrUhqNN.exe
  2⤵
  PID:11548
- C:\Windows\System\GdWtLHu.exe
  C:\Windows\System\GdWtLHu.exe
  2⤵
  PID:11564
- C:\Windows\System\ZwukcrB.exe
  C:\Windows\System\ZwukcrB.exe
  2⤵
  PID:11588
- C:\Windows\System\XrIKIWM.exe
  C:\Windows\System\XrIKIWM.exe
  2⤵
  PID:11608
- C:\Windows\System\TMLiVWf.exe
  C:\Windows\System\TMLiVWf.exe
  2⤵
  PID:11632
- C:\Windows\System\TsAgNhJ.exe
  C:\Windows\System\TsAgNhJ.exe
  2⤵
  PID:11652
- C:\Windows\System\aPLcsmY.exe
  C:\Windows\System\aPLcsmY.exe
  2⤵
  PID:11708
- C:\Windows\System\UfgkiKj.exe
  C:\Windows\System\UfgkiKj.exe
  2⤵
  PID:11740
- C:\Windows\System\VrsJdzl.exe
  C:\Windows\System\VrsJdzl.exe
  2⤵
  PID:11760
- C:\Windows\System\dxdPETK.exe
  C:\Windows\System\dxdPETK.exe
  2⤵
  PID:11788
- C:\Windows\System\tuWoAHr.exe
  C:\Windows\System\tuWoAHr.exe
  2⤵
  PID:11820
- C:\Windows\System\yXPVrpM.exe
  C:\Windows\System\yXPVrpM.exe
  2⤵
  PID:11840
- C:\Windows\System\HSsqkpH.exe
  C:\Windows\System\HSsqkpH.exe
  2⤵
  PID:11860
- C:\Windows\System\kSLSMOh.exe
  C:\Windows\System\kSLSMOh.exe
  2⤵
  PID:11880
- C:\Windows\System\rkLxZiv.exe
  C:\Windows\System\rkLxZiv.exe
  2⤵
  PID:11924
- C:\Windows\System\WAQUXiZ.exe
  C:\Windows\System\WAQUXiZ.exe
  2⤵
  PID:11944
- C:\Windows\System\KXYmFwf.exe
  C:\Windows\System\KXYmFwf.exe
  2⤵
  PID:11984
- C:\Windows\System\FrKMmeN.exe
  C:\Windows\System\FrKMmeN.exe
  2⤵
  PID:12020
- C:\Windows\System\jfKLqtl.exe
  C:\Windows\System\jfKLqtl.exe
  2⤵
  PID:12044
- C:\Windows\System\nIjdMgh.exe
  C:\Windows\System\nIjdMgh.exe
  2⤵
  PID:12076
- C:\Windows\System\RQDHhun.exe
  C:\Windows\System\RQDHhun.exe
  2⤵
  PID:12112
- C:\Windows\System\tLebbqK.exe
  C:\Windows\System\tLebbqK.exe
  2⤵
  PID:12216
- C:\Windows\System\zoSFcZd.exe
  C:\Windows\System\zoSFcZd.exe
  2⤵
  PID:12232
- C:\Windows\System\KxalGxM.exe
  C:\Windows\System\KxalGxM.exe
  2⤵
  PID:12248
- C:\Windows\System\VOMOATm.exe
  C:\Windows\System\VOMOATm.exe
  2⤵
  PID:12264
- C:\Windows\System\WNnuZBj.exe
  C:\Windows\System\WNnuZBj.exe
  2⤵
  PID:12280
- C:\Windows\System\nXpENpz.exe
  C:\Windows\System\nXpENpz.exe
  2⤵
  PID:11164
- C:\Windows\System\AknUZUd.exe
  C:\Windows\System\AknUZUd.exe
  2⤵
  PID:10924
- C:\Windows\System\fOVUToK.exe
  C:\Windows\System\fOVUToK.exe
  2⤵
  PID:10572
- C:\Windows\System\mMcMJHv.exe
  C:\Windows\System\mMcMJHv.exe
  2⤵
  PID:11268
- C:\Windows\System\qYntJgd.exe
  C:\Windows\System\qYntJgd.exe
  2⤵
  PID:11316
- C:\Windows\System\nlmwmUT.exe
  C:\Windows\System\nlmwmUT.exe
  2⤵
  PID:11340
- C:\Windows\System\aVfzJhR.exe
  C:\Windows\System\aVfzJhR.exe
  2⤵
  PID:11384
- C:\Windows\System\dKTQDMO.exe
  C:\Windows\System\dKTQDMO.exe
  2⤵
  PID:11464
- C:\Windows\System\PBGVDXE.exe
  C:\Windows\System\PBGVDXE.exe
  2⤵
  PID:11480
- C:\Windows\System\iZlLWhp.exe
  C:\Windows\System\iZlLWhp.exe
  2⤵
  PID:11508
- C:\Windows\System\ivkmEqi.exe
  C:\Windows\System\ivkmEqi.exe
  2⤵
  PID:11536
- C:\Windows\System\IpPNMpN.exe
  C:\Windows\System\IpPNMpN.exe
  2⤵
  PID:11560
- C:\Windows\System\bNQjnYk.exe
  C:\Windows\System\bNQjnYk.exe
  2⤵
  PID:11680
- C:\Windows\System\CfPjhcM.exe
  C:\Windows\System\CfPjhcM.exe
  2⤵
  PID:11772
- C:\Windows\System\lbBUgmN.exe
  C:\Windows\System\lbBUgmN.exe
  2⤵
  PID:11908
- C:\Windows\System\xogWdMo.exe
  C:\Windows\System\xogWdMo.exe
  2⤵
  PID:11936
- C:\Windows\System\cHXvLhk.exe
  C:\Windows\System\cHXvLhk.exe
  2⤵
  PID:12240
- C:\Windows\System\eUhTcUQ.exe
  C:\Windows\System\eUhTcUQ.exe
  2⤵
  PID:12152
- C:\Windows\System\fnVCkXe.exe
  C:\Windows\System\fnVCkXe.exe
  2⤵
  PID:12184
- C:\Windows\System\ewKLGAL.exe
  C:\Windows\System\ewKLGAL.exe
  2⤵
  PID:12200
- C:\Windows\System\LAlDpzB.exe
  C:\Windows\System\LAlDpzB.exe
  2⤵
  PID:11624
- C:\Windows\System\YQktBCH.exe
  C:\Windows\System\YQktBCH.exe
  2⤵
  PID:11836
- C:\Windows\System\glkzOBY.exe
  C:\Windows\System\glkzOBY.exe
  2⤵
  PID:3524
- C:\Windows\System\bbySQHQ.exe
  C:\Windows\System\bbySQHQ.exe
  2⤵
  PID:11120
- C:\Windows\System\uixBAoI.exe
  C:\Windows\System\uixBAoI.exe
  2⤵
  PID:12008
- C:\Windows\System\CoGqhjc.exe
  C:\Windows\System\CoGqhjc.exe
  2⤵
  PID:3632
- C:\Windows\System\UwwMTGO.exe
  C:\Windows\System\UwwMTGO.exe
  2⤵
  PID:11996
- C:\Windows\System\tuphQaF.exe
  C:\Windows\System\tuphQaF.exe
  2⤵
  PID:1096
- C:\Windows\System\tPJbzaH.exe
  C:\Windows\System\tPJbzaH.exe
  2⤵
  PID:11528
- C:\Windows\System\WFLHJwL.exe
  C:\Windows\System\WFLHJwL.exe
  2⤵
  PID:12144
- C:\Windows\System\ofsQwEF.exe
  C:\Windows\System\ofsQwEF.exe
  2⤵
  PID:11932
- C:\Windows\System\pXoVzyP.exe
  C:\Windows\System\pXoVzyP.exe
  2⤵
  PID:11488
- C:\Windows\System\ppXoxpW.exe
  C:\Windows\System\ppXoxpW.exe
  2⤵
  PID:10608
- C:\Windows\System\CIsTebI.exe
  C:\Windows\System\CIsTebI.exe
  2⤵
  PID:12324
- C:\Windows\System\NHukvEt.exe
  C:\Windows\System\NHukvEt.exe
  2⤵
  PID:12364
- C:\Windows\System\UnMktfa.exe
  C:\Windows\System\UnMktfa.exe
  2⤵
  PID:12388
- C:\Windows\System\aLqHvBl.exe
  C:\Windows\System\aLqHvBl.exe
  2⤵
  PID:12416
- C:\Windows\System\IdXakXK.exe
  C:\Windows\System\IdXakXK.exe
  2⤵
  PID:12436
- C:\Windows\System\mkdbmUg.exe
  C:\Windows\System\mkdbmUg.exe
  2⤵
  PID:12460
- C:\Windows\System\MLvpxZW.exe
  C:\Windows\System\MLvpxZW.exe
  2⤵
  PID:12480
- C:\Windows\System\OBfQnou.exe
  C:\Windows\System\OBfQnou.exe
  2⤵
  PID:12508
- C:\Windows\System\ZqMYJqA.exe
  C:\Windows\System\ZqMYJqA.exe
  2⤵
  PID:12524
- C:\Windows\System\rdKCXeC.exe
  C:\Windows\System\rdKCXeC.exe
  2⤵
  PID:12544
- C:\Windows\System\scClkjF.exe
  C:\Windows\System\scClkjF.exe
  2⤵
  PID:12576
- C:\Windows\System\FsjIsyW.exe
  C:\Windows\System\FsjIsyW.exe
  2⤵
  PID:12628
- C:\Windows\System\BtRbZzb.exe
  C:\Windows\System\BtRbZzb.exe
  2⤵
  PID:12676
- C:\Windows\System\cNhxFVM.exe
  C:\Windows\System\cNhxFVM.exe
  2⤵
  PID:12704
- C:\Windows\System\MwUmJfP.exe
  C:\Windows\System\MwUmJfP.exe
  2⤵
  PID:12736
- C:\Windows\System\MoconPX.exe
  C:\Windows\System\MoconPX.exe
  2⤵
  PID:12760
- C:\Windows\System\lxDRpBZ.exe
  C:\Windows\System\lxDRpBZ.exe
  2⤵
  PID:12784
- C:\Windows\System\ricLoYC.exe
  C:\Windows\System\ricLoYC.exe
  2⤵
  PID:12868
- C:\Windows\System\AVbXwlL.exe
  C:\Windows\System\AVbXwlL.exe
  2⤵
  PID:12884
- C:\Windows\System\TAwFxrh.exe
  C:\Windows\System\TAwFxrh.exe
  2⤵
  PID:12904
- C:\Windows\System\qlETTCi.exe
  C:\Windows\System\qlETTCi.exe
  2⤵
  PID:12944
- C:\Windows\System\CBwScwG.exe
  C:\Windows\System\CBwScwG.exe
  2⤵
  PID:12988
- C:\Windows\System\tcvpbvV.exe
  C:\Windows\System\tcvpbvV.exe
  2⤵
  PID:13008
- C:\Windows\System\cFrghNw.exe
  C:\Windows\System\cFrghNw.exe
  2⤵
  PID:13052
- C:\Windows\System\UiXtpVG.exe
  C:\Windows\System\UiXtpVG.exe
  2⤵
  PID:13084
- C:\Windows\System\sazEiqr.exe
  C:\Windows\System\sazEiqr.exe
  2⤵
  PID:13100
- C:\Windows\System\vKiLDSv.exe
  C:\Windows\System\vKiLDSv.exe
  2⤵
  PID:13120
- C:\Windows\System\GgYwZzR.exe
  C:\Windows\System\GgYwZzR.exe
  2⤵
  PID:13140
- C:\Windows\System\ioTlcFi.exe
  C:\Windows\System\ioTlcFi.exe
  2⤵
  PID:13188
- C:\Windows\System\gHsjcRP.exe
  C:\Windows\System\gHsjcRP.exe
  2⤵
  PID:12936
- C:\Windows\System\uYccJaY.exe
  C:\Windows\System\uYccJaY.exe
  2⤵
  PID:12984
- C:\Windows\System\oxaHWZg.exe
  C:\Windows\System\oxaHWZg.exe
  2⤵
  PID:3216
- C:\Windows\System\FzZwNcb.exe
  C:\Windows\System\FzZwNcb.exe
  2⤵
  PID:12336
- C:\Windows\System\gMZxzOh.exe
  C:\Windows\System\gMZxzOh.exe
  2⤵
  PID:12356
- C:\Windows\System\aNKONoA.exe
  C:\Windows\System\aNKONoA.exe
  2⤵
  PID:11332
- C:\Windows\System\qPaxrjH.exe
  C:\Windows\System\qPaxrjH.exe
  2⤵
  PID:12308
- C:\Windows\System\VWmdnbz.exe
  C:\Windows\System\VWmdnbz.exe
  2⤵
  PID:12408
- C:\Windows\System\eqmrBbn.exe
  C:\Windows\System\eqmrBbn.exe
  2⤵
  PID:12540
- C:\Windows\System\TGUqbWD.exe
  C:\Windows\System\TGUqbWD.exe
  2⤵
  PID:12588
- C:\Windows\System\AnbBdNA.exe
  C:\Windows\System\AnbBdNA.exe
  2⤵
  PID:12616
- C:\Windows\System\LPRqgGJ.exe
  C:\Windows\System\LPRqgGJ.exe
  2⤵
  PID:12716
- C:\Windows\System\nGnhCEB.exe
  C:\Windows\System\nGnhCEB.exe
  2⤵
  PID:4696
- C:\Windows\System\mdZWxjS.exe
  C:\Windows\System\mdZWxjS.exe
  2⤵
  PID:12212
- C:\Windows\System\mifDzCn.exe
  C:\Windows\System\mifDzCn.exe
  2⤵
  PID:12592
- C:\Windows\System\iaWNwIA.exe
  C:\Windows\System\iaWNwIA.exe
  2⤵
  PID:2332
- C:\Windows\System\zCITExo.exe
  C:\Windows\System\zCITExo.exe
  2⤵
  PID:12824
- C:\Windows\System\olqmhQD.exe
  C:\Windows\System\olqmhQD.exe
  2⤵
  PID:12828
- C:\Windows\System\OjzWPOM.exe
  C:\Windows\System\OjzWPOM.exe
  2⤵
  PID:12900
- C:\Windows\System\IZdTDYX.exe
  C:\Windows\System\IZdTDYX.exe
  2⤵
  PID:13136
- C:\Windows\System\nccgxEU.exe
  C:\Windows\System\nccgxEU.exe
  2⤵
  PID:788
- C:\Windows\System\SRJIvDk.exe
  C:\Windows\System\SRJIvDk.exe
  2⤵
  PID:716
- C:\Windows\System\YoaZjVz.exe
  C:\Windows\System\YoaZjVz.exe
  2⤵
  PID:5340
- C:\Windows\System\ohxezzc.exe
  C:\Windows\System\ohxezzc.exe
  2⤵
  PID:2004
- C:\Windows\System\DzikiXY.exe
  C:\Windows\System\DzikiXY.exe
  2⤵
  PID:13180
- C:\Windows\System\JiMxFOJ.exe
  C:\Windows\System\JiMxFOJ.exe
  2⤵
  PID:12688
- C:\Windows\System\fJyfMjO.exe
  C:\Windows\System\fJyfMjO.exe
  2⤵
  PID:3980
- C:\Windows\System\GyFyluC.exe
  C:\Windows\System\GyFyluC.exe
  2⤵
  PID:13264
- C:\Windows\System\WIAsWkZ.exe
  C:\Windows\System\WIAsWkZ.exe
  2⤵
  PID:4888
- C:\Windows\System\zKjuoue.exe
  C:\Windows\System\zKjuoue.exe
  2⤵
  PID:3576
- C:\Windows\System\jXfkHbX.exe
  C:\Windows\System\jXfkHbX.exe
  2⤵
  PID:4248
- C:\Windows\System\niPYUHL.exe
  C:\Windows\System\niPYUHL.exe
  2⤵
  PID:13308
- C:\Windows\System\HPLIIJp.exe
  C:\Windows\System\HPLIIJp.exe
  2⤵
  PID:5092
- C:\Windows\System\zNIeEYo.exe
  C:\Windows\System\zNIeEYo.exe
  2⤵
  PID:3744
- C:\Windows\System\aGxJEnH.exe
  C:\Windows\System\aGxJEnH.exe
  2⤵
  PID:5880
- C:\Windows\System\STZUkJG.exe
  C:\Windows\System\STZUkJG.exe
  2⤵
  PID:3736
- C:\Windows\System\SKIDXTC.exe
  C:\Windows\System\SKIDXTC.exe
  2⤵
  PID:3700
- C:\Windows\System\FGSPvGj.exe
  C:\Windows\System\FGSPvGj.exe
  2⤵
  PID:3956
- C:\Windows\System\zcBffDM.exe
  C:\Windows\System\zcBffDM.exe
  2⤵
  PID:3972
- C:\Windows\System\gYyoZqB.exe
  C:\Windows\System\gYyoZqB.exe
  2⤵
  PID:12864
- C:\Windows\System\JENBsrD.exe
  C:\Windows\System\JENBsrD.exe
  2⤵
  PID:12964
- C:\Windows\System\UGUrUKR.exe
  C:\Windows\System\UGUrUKR.exe
  2⤵
  PID:5100
- C:\Windows\System\rfgXcJU.exe
  C:\Windows\System\rfgXcJU.exe
  2⤵
  PID:5724
- C:\Windows\System\zIfkwAa.exe
  C:\Windows\System\zIfkwAa.exe
  2⤵
  PID:13160
- C:\Windows\System\BrLSofK.exe
  C:\Windows\System\BrLSofK.exe
  2⤵
  PID:3748
- C:\Windows\System\LoYAQyM.exe
  C:\Windows\System\LoYAQyM.exe
  2⤵
  PID:4264
- C:\Windows\System\bIIyBtc.exe
  C:\Windows\System\bIIyBtc.exe
  2⤵
  PID:2696
- C:\Windows\System\QzZKagy.exe
  C:\Windows\System\QzZKagy.exe
  2⤵
  PID:5040
- C:\Windows\System\rUUHAyS.exe
  C:\Windows\System\rUUHAyS.exe
  2⤵
  PID:3712
- C:\Windows\System\HvUYSFx.exe
  C:\Windows\System\HvUYSFx.exe
  2⤵
  PID:4548
- C:\Windows\System\lghaXPB.exe
  C:\Windows\System\lghaXPB.exe
  2⤵
  PID:4132
- C:\Windows\System\kZAOZSr.exe
  C:\Windows\System\kZAOZSr.exe
  2⤵
  PID:2208
- C:\Windows\System\ZgmEVEG.exe
  C:\Windows\System\ZgmEVEG.exe
  2⤵
  PID:4272
- C:\Windows\System\qvfzeqy.exe
  C:\Windows\System\qvfzeqy.exe
  2⤵
  PID:6116
- C:\Windows\System\wWdksCA.exe
  C:\Windows\System\wWdksCA.exe
  2⤵
  PID:3016
- C:\Windows\System\lHcZkgf.exe
  C:\Windows\System\lHcZkgf.exe
  2⤵
  PID:4188
- C:\Windows\System\bcROlQj.exe
  C:\Windows\System\bcROlQj.exe
  2⤵
  PID:6232
- C:\Windows\System\KWilpFj.exe
  C:\Windows\System\KWilpFj.exe
  2⤵
  PID:7592
- C:\Windows\System\sCdZOtF.exe
  C:\Windows\System\sCdZOtF.exe
  2⤵
  PID:3344
- C:\Windows\System\YBiDTMG.exe
  C:\Windows\System\YBiDTMG.exe
  2⤵
  PID:7644
- C:\Windows\System\haaxohT.exe
  C:\Windows\System\haaxohT.exe
  2⤵
  PID:700
- C:\Windows\System\tWgPsDM.exe
  C:\Windows\System\tWgPsDM.exe
  2⤵
  PID:7680
- C:\Windows\System\HNFHfvF.exe
  C:\Windows\System\HNFHfvF.exe
  2⤵
  PID:4220
- C:\Windows\System\hlYYtvz.exe
  C:\Windows\System\hlYYtvz.exe
  2⤵
  PID:2020
- C:\Windows\System\zaeFfJo.exe
  C:\Windows\System\zaeFfJo.exe
  2⤵
  PID:1124
- C:\Windows\System\UkfsNbv.exe
  C:\Windows\System\UkfsNbv.exe
  2⤵
  PID:1100
- C:\Windows\System\fwGrPEs.exe
  C:\Windows\System\fwGrPEs.exe
  2⤵
  PID:7740
- C:\Windows\System\RdCBkXS.exe
  C:\Windows\System\RdCBkXS.exe
  2⤵
  PID:1180
- C:\Windows\System\duwGUtC.exe
  C:\Windows\System\duwGUtC.exe
  2⤵
  PID:6660
- C:\Windows\System\wsQzDBQ.exe
  C:\Windows\System\wsQzDBQ.exe
  2⤵
  PID:1176
- C:\Windows\System\VPJGAxY.exe
  C:\Windows\System\VPJGAxY.exe
  2⤵
  PID:13044
- C:\Windows\System\bUYuucE.exe
  C:\Windows\System\bUYuucE.exe
  2⤵
  PID:3776
- C:\Windows\System\BNscLRJ.exe
  C:\Windows\System\BNscLRJ.exe
  2⤵
  PID:3280
- C:\Windows\System\jwsutyI.exe
  C:\Windows\System\jwsutyI.exe
  2⤵
  PID:3240
- C:\Windows\System\SScyaBH.exe
  C:\Windows\System\SScyaBH.exe
  2⤵
  PID:3260
- C:\Windows\System\CAjlWBp.exe
  C:\Windows\System\CAjlWBp.exe
  2⤵
  PID:1724
- C:\Windows\System\grfYdIb.exe
  C:\Windows\System\grfYdIb.exe
  2⤵
  PID:6272
- C:\Windows\System\hFZKarY.exe
  C:\Windows\System\hFZKarY.exe
  2⤵
  PID:7996
- C:\Windows\System\wELQndH.exe
  C:\Windows\System\wELQndH.exe
  2⤵
  PID:7244
- C:\Windows\System\jhIlWxe.exe
  C:\Windows\System\jhIlWxe.exe
  2⤵
  PID:2580
- C:\Windows\System\fvOIiCb.exe
  C:\Windows\System\fvOIiCb.exe
  2⤵
  PID:9576
- C:\Windows\System\diuJFlq.exe
  C:\Windows\System\diuJFlq.exe
  2⤵
  PID:3860
- C:\Windows\System\EKUkrhs.exe
  C:\Windows\System\EKUkrhs.exe
  2⤵
  PID:4148
- C:\Windows\System\CfRzjqk.exe
  C:\Windows\System\CfRzjqk.exe
  2⤵
  PID:6680
- C:\Windows\System\EeoVfCq.exe
  C:\Windows\System\EeoVfCq.exe
  2⤵
  PID:1560
- C:\Windows\System\EuTfGfG.exe
  C:\Windows\System\EuTfGfG.exe
  2⤵
  PID:6952
- C:\Windows\System\IourMlv.exe
  C:\Windows\System\IourMlv.exe
  2⤵
  PID:4488
- C:\Windows\System\QOXyHFR.exe
  C:\Windows\System\QOXyHFR.exe
  2⤵
  PID:3196
- C:\Windows\System\imrCMId.exe
  C:\Windows\System\imrCMId.exe
  2⤵
  PID:5748
- C:\Windows\System\JxXUJZp.exe
  C:\Windows\System\JxXUJZp.exe
  2⤵
  PID:7188
- C:\Windows\System\uQZWSbB.exe
  C:\Windows\System\uQZWSbB.exe
  2⤵
  PID:4612
- C:\Windows\System\hmCjRdu.exe
  C:\Windows\System\hmCjRdu.exe
  2⤵
  PID:7228
- C:\Windows\System\ZkIiHXk.exe
  C:\Windows\System\ZkIiHXk.exe
  2⤵
  PID:4324
- C:\Windows\System\futnvrg.exe
  C:\Windows\System\futnvrg.exe
  2⤵
  PID:4152
- C:\Windows\System\SbCZuvd.exe
  C:\Windows\System\SbCZuvd.exe
  2⤵
  PID:7316
- C:\Windows\System\UYnNTjK.exe
  C:\Windows\System\UYnNTjK.exe
  2⤵
  PID:1776
- C:\Windows\System\lPmBPoK.exe
  C:\Windows\System\lPmBPoK.exe
  2⤵
  PID:5316
- C:\Windows\System\QNBsQMW.exe
  C:\Windows\System\QNBsQMW.exe
  2⤵
  PID:5036
- C:\Windows\System\mURemKY.exe
  C:\Windows\System\mURemKY.exe
  2⤵
  PID:7380
- C:\Windows\System\dPPmrRd.exe
  C:\Windows\System\dPPmrRd.exe
  2⤵
  PID:7076
- C:\Windows\System\frPjMgg.exe
  C:\Windows\System\frPjMgg.exe
  2⤵
  PID:7112
- C:\Windows\System\GJcBPCe.exe
  C:\Windows\System\GJcBPCe.exe
  2⤵
  PID:5056
- C:\Windows\System\bRdWXct.exe
  C:\Windows\System\bRdWXct.exe
  2⤵
  PID:5876
- C:\Windows\System\XgtiQEH.exe
  C:\Windows\System\XgtiQEH.exe
  2⤵
  PID:1128
- C:\Windows\System\MjuKpdE.exe
  C:\Windows\System\MjuKpdE.exe
  2⤵
  PID:1676
- C:\Windows\System\gwmqKsX.exe
  C:\Windows\System\gwmqKsX.exe
  2⤵
  PID:4004
- C:\Windows\System\cHPqYgq.exe
  C:\Windows\System\cHPqYgq.exe
  2⤵
  PID:5540
- C:\Windows\System\hzdxslf.exe
  C:\Windows\System\hzdxslf.exe
  2⤵
  PID:5004
- C:\Windows\System\JMiEktR.exe
  C:\Windows\System\JMiEktR.exe
  2⤵
  PID:5240
- C:\Windows\System\ufoSgKQ.exe
  C:\Windows\System\ufoSgKQ.exe
  2⤵
  PID:4212
- C:\Windows\System\tlSQllt.exe
  C:\Windows\System\tlSQllt.exe
  2⤵
  PID:8548
- C:\Windows\System\wAfuoqK.exe
  C:\Windows\System\wAfuoqK.exe
  2⤵
  PID:8676
- C:\Windows\System\dizAETr.exe
  C:\Windows\System\dizAETr.exe
  2⤵
  PID:8576
- C:\Windows\System\fiqhKSe.exe
  C:\Windows\System\fiqhKSe.exe
  2⤵
  PID:6824
- C:\Windows\System\bSCEktW.exe
  C:\Windows\System\bSCEktW.exe
  2⤵
  PID:1688
- C:\Windows\System\Epxhhdu.exe
  C:\Windows\System\Epxhhdu.exe
  2⤵
  PID:7788
- C:\Windows\System\KeBGuNL.exe
  C:\Windows\System\KeBGuNL.exe
  2⤵
  PID:6848
- C:\Windows\System\HIcaxol.exe
  C:\Windows\System\HIcaxol.exe
  2⤵
  PID:13200
- C:\Windows\System\ZQxcMNs.exe
  C:\Windows\System\ZQxcMNs.exe
  2⤵
  PID:2888
- C:\Windows\System\rSeGDxt.exe
  C:\Windows\System\rSeGDxt.exe
  2⤵
  PID:2340
- C:\Windows\System\NBfjhTR.exe
  C:\Windows\System\NBfjhTR.exe
  2⤵
  PID:5312
- C:\Windows\System\CCPxnGq.exe
  C:\Windows\System\CCPxnGq.exe
  2⤵
  PID:7292
- C:\Windows\System\sXDYlhL.exe
  C:\Windows\System\sXDYlhL.exe
  2⤵
  PID:7060
- C:\Windows\System\MxyJyfD.exe
  C:\Windows\System\MxyJyfD.exe
  2⤵
  PID:3164
- C:\Windows\System\mtoiTAg.exe
  C:\Windows\System\mtoiTAg.exe
  2⤵
  PID:9664
- C:\Windows\System\juosvCz.exe
  C:\Windows\System\juosvCz.exe
  2⤵
  PID:3168
- C:\Windows\System\QafpYiF.exe
  C:\Windows\System\QafpYiF.exe
  2⤵
  PID:9872
- C:\Windows\System\xSwJjky.exe
  C:\Windows\System\xSwJjky.exe
  2⤵
  PID:3400
- C:\Windows\System\xddyNaJ.exe
  C:\Windows\System\xddyNaJ.exe
  2⤵
  PID:10048
- C:\Windows\System\ySnwzYJ.exe
  C:\Windows\System\ySnwzYJ.exe
  2⤵
  PID:10112
- C:\Windows\System\swtaMPc.exe
  C:\Windows\System\swtaMPc.exe
  2⤵
  PID:3500
- C:\Windows\System\rjUhosY.exe
  C:\Windows\System\rjUhosY.exe
  2⤵
  PID:13248
- C:\Windows\System\mjQAOAx.exe
  C:\Windows\System\mjQAOAx.exe
  2⤵
  PID:8128
- C:\Windows\System\bDjFNjI.exe
  C:\Windows\System\bDjFNjI.exe
  2⤵
  PID:10208
- C:\Windows\System\GSHCwzI.exe
  C:\Windows\System\GSHCwzI.exe
  2⤵
  PID:9268
- C:\Windows\System\AuwEvNc.exe
  C:\Windows\System\AuwEvNc.exe
  2⤵
  PID:9348
- C:\Windows\System\BAAGnDk.exe
  C:\Windows\System\BAAGnDk.exe
  2⤵
  PID:9712
- C:\Windows\System\VIlqHZz.exe
  C:\Windows\System\VIlqHZz.exe
  2⤵
  PID:9756
- C:\Windows\System\kEaVkcJ.exe
  C:\Windows\System\kEaVkcJ.exe
  2⤵
  PID:9844
- C:\Windows\System\oqKtssd.exe
  C:\Windows\System\oqKtssd.exe
  2⤵
  PID:10080
- C:\Windows\System\qVBAOQP.exe
  C:\Windows\System\qVBAOQP.exe
  2⤵
  PID:10088
- C:\Windows\System\WTggTyE.exe
  C:\Windows\System\WTggTyE.exe
  2⤵
  PID:9484
- C:\Windows\System\CmnfRXx.exe
  C:\Windows\System\CmnfRXx.exe
  2⤵
  PID:9716
- C:\Windows\System\BzOFaGs.exe
  C:\Windows\System\BzOFaGs.exe
  2⤵
  PID:3384
- C:\Windows\System\ckmYYDV.exe
  C:\Windows\System\ckmYYDV.exe
  2⤵
  PID:740
- C:\Windows\System\SRTuoAk.exe
  C:\Windows\System\SRTuoAk.exe
  2⤵
  PID:6652
- C:\Windows\System\uMWHLGn.exe
  C:\Windows\System\uMWHLGn.exe
  2⤵
  PID:10616
- C:\Windows\System\KphXwGh.exe
  C:\Windows\System\KphXwGh.exe
  2⤵
  PID:10720
- C:\Windows\System\YbzfYPh.exe
  C:\Windows\System\YbzfYPh.exe
  2⤵
  PID:10764
- C:\Windows\System\iymNomK.exe
  C:\Windows\System\iymNomK.exe
  2⤵
  PID:6488
- C:\Windows\System\eCBLghl.exe
  C:\Windows\System\eCBLghl.exe
  2⤵
  PID:7552
- C:\Windows\System\huIpZYb.exe
  C:\Windows\System\huIpZYb.exe
  2⤵
  PID:11056
- C:\Windows\System\qRRggYd.exe
  C:\Windows\System\qRRggYd.exe
  2⤵
  PID:11160
- C:\Windows\System\VDmSDRa.exe
  C:\Windows\System\VDmSDRa.exe
  2⤵
  PID:8408
- C:\Windows\System\RcRnpma.exe
  C:\Windows\System\RcRnpma.exe
  2⤵
  PID:5692
- C:\Windows\System\bDjrzml.exe
  C:\Windows\System\bDjrzml.exe
  2⤵
  PID:1500
- C:\Windows\System\PrrIgbS.exe
  C:\Windows\System\PrrIgbS.exe
  2⤵
  PID:3264
- C:\Windows\System\QQFSVIO.exe
  C:\Windows\System\QQFSVIO.exe
  2⤵
  PID:4384
- C:\Windows\System\cbjHUmJ.exe
  C:\Windows\System\cbjHUmJ.exe
  2⤵
  PID:2868
- C:\Windows\System\IjwEmKo.exe
  C:\Windows\System\IjwEmKo.exe
  2⤵
  PID:3928
- C:\Windows\System\jwQiDYn.exe
  C:\Windows\System\jwQiDYn.exe
  2⤵
  PID:5608
- C:\Windows\System\HjtAJVA.exe
  C:\Windows\System\HjtAJVA.exe
  2⤵
  PID:5696
- C:\Windows\System\gIQGmHp.exe
  C:\Windows\System\gIQGmHp.exe
  2⤵
  PID:7040
- C:\Windows\System\kAvtTrz.exe
  C:\Windows\System\kAvtTrz.exe
  2⤵
  PID:5368
- C:\Windows\System\vuwLCBF.exe
  C:\Windows\System\vuwLCBF.exe
  2⤵
  PID:1628
- C:\Windows\System\BOSHiwJ.exe
  C:\Windows\System\BOSHiwJ.exe
  2⤵
  PID:3516
- C:\Windows\System\TlTPWhm.exe
  C:\Windows\System\TlTPWhm.exe
  2⤵
  PID:5176
- C:\Windows\System\mvVojSE.exe
  C:\Windows\System\mvVojSE.exe
  2⤵
  PID:3692
- C:\Windows\System\GUDiUOk.exe
  C:\Windows\System\GUDiUOk.exe
  2⤵
  PID:6364
- C:\Windows\System\OKVQwnp.exe
  C:\Windows\System\OKVQwnp.exe
  2⤵
  PID:13000
- C:\Windows\System\OnPjadQ.exe
  C:\Windows\System\OnPjadQ.exe
  2⤵
  PID:2448
- C:\Windows\System\FqyOdGS.exe
  C:\Windows\System\FqyOdGS.exe
  2⤵
  PID:5952
- C:\Windows\System\ZCflYPy.exe
  C:\Windows\System\ZCflYPy.exe
  2⤵
  PID:1996
- C:\Windows\System\xWkixvV.exe
  C:\Windows\System\xWkixvV.exe
  2⤵
  PID:3868
- C:\Windows\System\LyxKBkf.exe
  C:\Windows\System\LyxKBkf.exe
  2⤵
  PID:2956
- C:\Windows\System\ZsaEQSa.exe
  C:\Windows\System\ZsaEQSa.exe
  2⤵
  PID:9144
- C:\Windows\System\rWiYgNZ.exe
  C:\Windows\System\rWiYgNZ.exe
  2⤵
  PID:4008
- C:\Windows\System\SBTaDLN.exe
  C:\Windows\System\SBTaDLN.exe
  2⤵
  PID:12132
- C:\Windows\System\SZYTbva.exe
  C:\Windows\System\SZYTbva.exe
  2⤵
  PID:2552
- C:\Windows\System\vCDdrVy.exe
  C:\Windows\System\vCDdrVy.exe
  2⤵
  PID:11556
- C:\Windows\System\JJvWPpM.exe
  C:\Windows\System\JJvWPpM.exe
  2⤵
  PID:3900
- C:\Windows\System\VAajsrR.exe
  C:\Windows\System\VAajsrR.exe
  2⤵
  PID:11800
- C:\Windows\System\OLplYHT.exe
  C:\Windows\System\OLplYHT.exe
  2⤵
  PID:3160
- C:\Windows\System\imLdemo.exe
  C:\Windows\System\imLdemo.exe
  2⤵
  PID:12332
- C:\Windows\System\QlujwpE.exe
  C:\Windows\System\QlujwpE.exe
  2⤵
  PID:1076
- C:\Windows\System\VKImCyi.exe
  C:\Windows\System\VKImCyi.exe
  2⤵
  PID:1016
- C:\Windows\System\qldMhXT.exe
  C:\Windows\System\qldMhXT.exe
  2⤵
  PID:9016
- C:\Windows\System\cUoLLmD.exe
  C:\Windows\System\cUoLLmD.exe
  2⤵
  PID:7008
- C:\Windows\System\pcLYaWe.exe
  C:\Windows\System\pcLYaWe.exe
  2⤵
  PID:6688
- C:\Windows\System\ihJoYWP.exe
  C:\Windows\System\ihJoYWP.exe
  2⤵
  PID:9572
- C:\Windows\System\VqqOnms.exe
  C:\Windows\System\VqqOnms.exe
  2⤵
  PID:5564
- C:\Windows\System\BaHTCLK.exe
  C:\Windows\System\BaHTCLK.exe
  2⤵
  PID:12860
- C:\Windows\System\IFDjnmi.exe
  C:\Windows\System\IFDjnmi.exe
  2⤵
  PID:9320
- C:\Windows\System\WkvRuSj.exe
  C:\Windows\System\WkvRuSj.exe
  2⤵
  PID:9744
- C:\Windows\System\nQkinBt.exe
  C:\Windows\System\nQkinBt.exe
  2⤵
  PID:12932
- C:\Windows\System\uibXiJB.exe
  C:\Windows\System\uibXiJB.exe
  2⤵
  PID:5020
- C:\Windows\System\KMLCgJA.exe
  C:\Windows\System\KMLCgJA.exe
  2⤵
  PID:13040
- C:\Windows\System\ibwzlNb.exe
  C:\Windows\System\ibwzlNb.exe
  2⤵
  PID:1948
- C:\Windows\System\pXOxaVv.exe
  C:\Windows\System\pXOxaVv.exe
  2⤵
  PID:3184
- C:\Windows\System\QedmVvK.exe
  C:\Windows\System\QedmVvK.exe
  2⤵
  PID:9176
- C:\Windows\System\ySfIVuW.exe
  C:\Windows\System\ySfIVuW.exe
  2⤵
  PID:7880
- C:\Windows\System\WQecBvP.exe
  C:\Windows\System\WQecBvP.exe
  2⤵
  PID:6048
- C:\Windows\System\lVvRmUy.exe
  C:\Windows\System\lVvRmUy.exe
  2⤵
  PID:9568
- C:\Windows\System\rucAYru.exe
  C:\Windows\System\rucAYru.exe
  2⤵
  PID:868
- C:\Windows\System\LzCycvt.exe
  C:\Windows\System\LzCycvt.exe
  2⤵
  PID:3936
- C:\Windows\System\TzIaXOf.exe
  C:\Windows\System\TzIaXOf.exe
  2⤵
  PID:1228
- C:\Windows\System\xyVNJuD.exe
  C:\Windows\System\xyVNJuD.exe
  2⤵
  PID:3888
- C:\Windows\System\RGvlOmn.exe
  C:\Windows\System\RGvlOmn.exe
  2⤵
  PID:4552
- C:\Windows\System\abofRRT.exe
  C:\Windows\System\abofRRT.exe
  2⤵
  PID:10168
- C:\Windows\System\yAgUHWN.exe
  C:\Windows\System\yAgUHWN.exe
  2⤵
  PID:13276
- C:\Windows\System\zLcqzdU.exe
  C:\Windows\System\zLcqzdU.exe
  2⤵
  PID:3208
- C:\Windows\System\ppHPkmR.exe
  C:\Windows\System\ppHPkmR.exe
  2⤵
  PID:3308
- C:\Windows\System\WAjeCjl.exe
  C:\Windows\System\WAjeCjl.exe
  2⤵
  PID:9776
- C:\Windows\System\VNnlkSC.exe
  C:\Windows\System\VNnlkSC.exe
  2⤵
  PID:8296
- C:\Windows\System\RHhVfSq.exe
  C:\Windows\System\RHhVfSq.exe
  2⤵
  PID:5436
- C:\Windows\System\xqSFjea.exe
  C:\Windows\System\xqSFjea.exe
  2⤵
  PID:5216
- C:\Windows\System\PqJeDpt.exe
  C:\Windows\System\PqJeDpt.exe
  2⤵
  PID:864
- C:\Windows\System\apxRGAR.exe
  C:\Windows\System\apxRGAR.exe
  2⤵
  PID:1324
- C:\Windows\System\PfRJcMF.exe
  C:\Windows\System\PfRJcMF.exe
  2⤵
  PID:3412
- C:\Windows\System\hXmaInP.exe
  C:\Windows\System\hXmaInP.exe
  2⤵
  PID:3504
- C:\Windows\System\viUjqpd.exe
  C:\Windows\System\viUjqpd.exe
  2⤵
  PID:5200
- C:\Windows\System\tbfvaWn.exe
  C:\Windows\System\tbfvaWn.exe
  2⤵
  PID:4524
- C:\Windows\System\FOtIcWY.exe
  C:\Windows\System\FOtIcWY.exe
  2⤵
  PID:1568
- C:\Windows\System\ftdlhNT.exe
  C:\Windows\System\ftdlhNT.exe
  2⤵
  PID:9404
- C:\Windows\System\iHEyBZs.exe
  C:\Windows\System\iHEyBZs.exe
  2⤵
  PID:4772
- C:\Windows\System\RpoazVz.exe
  C:\Windows\System\RpoazVz.exe
  2⤵
  PID:4308
- C:\Windows\System\QYrHKeb.exe
  C:\Windows\System\QYrHKeb.exe
  2⤵
  PID:5628
- C:\Windows\System\TKFjrEE.exe
  C:\Windows\System\TKFjrEE.exe
  2⤵
  PID:10120
- C:\Windows\System\GpxFdxP.exe
  C:\Windows\System\GpxFdxP.exe
  2⤵
  PID:1056
- C:\Windows\System\eNhwQSM.exe
  C:\Windows\System\eNhwQSM.exe
  2⤵
  PID:1644
- C:\Windows\System\snTTfFn.exe
  C:\Windows\System\snTTfFn.exe
  2⤵
  PID:2284
- C:\Windows\System\zySbfFX.exe
  C:\Windows\System\zySbfFX.exe
  2⤵
  PID:10464
- C:\Windows\System\eqmFhDs.exe
  C:\Windows\System\eqmFhDs.exe
  2⤵
  PID:10804
- C:\Windows\System\fsgguPg.exe
  C:\Windows\System\fsgguPg.exe
  2⤵
  PID:2824
- C:\Windows\System\eXyqdNX.exe
  C:\Windows\System\eXyqdNX.exe
  2⤵
  PID:3724
- C:\Windows\System\GrELkvA.exe
  C:\Windows\System\GrELkvA.exe
  2⤵
  PID:4144
- C:\Windows\System\PIgXMHw.exe
  C:\Windows\System\PIgXMHw.exe
  2⤵
  PID:6148
- C:\Windows\System\MHJdctq.exe
  C:\Windows\System\MHJdctq.exe
  2⤵
  PID:6216
- C:\Windows\System\rBeoezF.exe
  C:\Windows\System\rBeoezF.exe
  2⤵
  PID:6312
- C:\Windows\System\YJlvwhQ.exe
  C:\Windows\System\YJlvwhQ.exe
  2⤵
  PID:4372
- C:\Windows\System\tcjnOvP.exe
  C:\Windows\System\tcjnOvP.exe
  2⤵
  PID:6264
- C:\Windows\System\sILNwuy.exe
  C:\Windows\System\sILNwuy.exe
  2⤵
  PID:6292
- C:\Windows\System\UoKPZzY.exe
  C:\Windows\System\UoKPZzY.exe
  2⤵
  PID:6476
- C:\Windows\System\TZfsQpv.exe
  C:\Windows\System\TZfsQpv.exe
  2⤵
  PID:6404
- C:\Windows\System\bwoEJoP.exe
  C:\Windows\System\bwoEJoP.exe
  2⤵
  PID:5660
- C:\Windows\System\FmaLZmJ.exe
  C:\Windows\System\FmaLZmJ.exe
  2⤵
  PID:5304
- C:\Windows\System\flmhWqq.exe
  C:\Windows\System\flmhWqq.exe
  2⤵
  PID:6528
- C:\Windows\System\fSoRelo.exe
  C:\Windows\System\fSoRelo.exe
  2⤵
  PID:6612
- C:\Windows\System\AHuRqsx.exe
  C:\Windows\System\AHuRqsx.exe
  2⤵
  PID:6644
- C:\Windows\System\qHxshDH.exe
  C:\Windows\System\qHxshDH.exe
  2⤵
  PID:11080
- C:\Windows\System\rPKQdPF.exe
  C:\Windows\System\rPKQdPF.exe
  2⤵
  PID:10596
- C:\Windows\System\ZYEHvVD.exe
  C:\Windows\System\ZYEHvVD.exe
  2⤵
  PID:4692
- C:\Windows\System\rKMATFm.exe
  C:\Windows\System\rKMATFm.exe
  2⤵
  PID:6840
- C:\Windows\System\dKwTYxS.exe
  C:\Windows\System\dKwTYxS.exe
  2⤵
  PID:4180
- C:\Windows\System\MQsnAiz.exe
  C:\Windows\System\MQsnAiz.exe
  2⤵
  PID:1596
- C:\Windows\System\TfGyakc.exe
  C:\Windows\System\TfGyakc.exe
  2⤵
  PID:12084
- C:\Windows\System\rPaWLnm.exe
  C:\Windows\System\rPaWLnm.exe
  2⤵
  PID:6812
- C:\Windows\System\qeGLuak.exe
  C:\Windows\System\qeGLuak.exe
  2⤵
  PID:5736
- C:\Windows\System\QMeflZB.exe
  C:\Windows\System\QMeflZB.exe
  2⤵
  PID:1484
- C:\Windows\System\hgDNCbz.exe
  C:\Windows\System\hgDNCbz.exe
  2⤵
  PID:10244
- C:\Windows\System\QBqesQq.exe
  C:\Windows\System\QBqesQq.exe
  2⤵
  PID:6968
- C:\Windows\System\bdGAkYh.exe
  C:\Windows\System\bdGAkYh.exe
  2⤵
  PID:6972
- C:\Windows\System\ArjLWEa.exe
  C:\Windows\System\ArjLWEa.exe
  2⤵
  PID:7024
- C:\Windows\System\DtkqboW.exe
  C:\Windows\System\DtkqboW.exe
  2⤵
  PID:7120
- C:\Windows\System\QRvwZNL.exe
  C:\Windows\System\QRvwZNL.exe
  2⤵
  PID:3224
- C:\Windows\System\aZayPfR.exe
  C:\Windows\System\aZayPfR.exe
  2⤵
  PID:5388
- C:\Windows\System\JTkeFjQ.exe
  C:\Windows\System\JTkeFjQ.exe
  2⤵
  PID:6772
- C:\Windows\System\OwDKDzF.exe
  C:\Windows\System\OwDKDzF.exe
  2⤵
  PID:6268
- C:\Windows\System\ileMnIk.exe
  C:\Windows\System\ileMnIk.exe
  2⤵
  PID:5404
- C:\Windows\System\FWXHupS.exe
  C:\Windows\System\FWXHupS.exe
  2⤵
  PID:5812
- C:\Windows\System\QUhiYpV.exe
  C:\Windows\System\QUhiYpV.exe
  2⤵
  PID:4736
- C:\Windows\System\IZjPOfv.exe
  C:\Windows\System\IZjPOfv.exe
  2⤵
  PID:1356
- C:\Windows\System\MoPCIfo.exe
  C:\Windows\System\MoPCIfo.exe
  2⤵
  PID:3912
- C:\Windows\System\tLkwzqv.exe
  C:\Windows\System\tLkwzqv.exe
  2⤵
  PID:3020
- C:\Windows\System\qKRCcyC.exe
  C:\Windows\System\qKRCcyC.exe
  2⤵
  PID:3796
- C:\Windows\System\yQiViXa.exe
  C:\Windows\System\yQiViXa.exe
  2⤵
  PID:3248
- C:\Windows\System\XhxqAIz.exe
  C:\Windows\System\XhxqAIz.exe
  2⤵
  PID:5852
- C:\Windows\System\MOSlHdd.exe
  C:\Windows\System\MOSlHdd.exe
  2⤵
  PID:5960
- C:\Windows\System\gGIPYWy.exe
  C:\Windows\System\gGIPYWy.exe
  2⤵
  PID:7240
- C:\Windows\System\vnmeJff.exe
  C:\Windows\System\vnmeJff.exe
  2⤵
  PID:7944
- C:\Windows\System\JtaaYeM.exe
  C:\Windows\System\JtaaYeM.exe
  2⤵
  PID:7884
- C:\Windows\System\njrqGAp.exe
  C:\Windows\System\njrqGAp.exe
  2⤵
  PID:8008
- C:\Windows\System\jfIxxTq.exe
  C:\Windows\System\jfIxxTq.exe
  2⤵
  PID:8088
- C:\Windows\System\hByMDwN.exe
  C:\Windows\System\hByMDwN.exe
  2⤵
  PID:8356
- C:\Windows\System\ztaDdmC.exe
  C:\Windows\System\ztaDdmC.exe
  2⤵
  PID:7320
- C:\Windows\System\jlfwhLU.exe
  C:\Windows\System\jlfwhLU.exe
  2⤵
  PID:8108
- C:\Windows\System\MfqgTiv.exe
  C:\Windows\System\MfqgTiv.exe
  2⤵
  PID:8048
- C:\Windows\System\xcVTVBY.exe
  C:\Windows\System\xcVTVBY.exe
  2⤵
  PID:7972
- C:\Windows\System\uZKFOOo.exe
  C:\Windows\System\uZKFOOo.exe
  2⤵
  PID:7968
- C:\Windows\System\xjHMNKB.exe
  C:\Windows\System\xjHMNKB.exe
  2⤵
  PID:8132
- C:\Windows\System\DkJswLL.exe
  C:\Windows\System\DkJswLL.exe
  2⤵
  PID:7412
- C:\Windows\System\CrBAFhl.exe
  C:\Windows\System\CrBAFhl.exe
  2⤵
  PID:7568
- C:\Windows\System\QwWvYPU.exe
  C:\Windows\System\QwWvYPU.exe
  2⤵
  PID:11240
- C:\Windows\System\uPWtEhe.exe
  C:\Windows\System\uPWtEhe.exe
  2⤵
  PID:13060
- C:\Windows\System\lrZvTav.exe
  C:\Windows\System\lrZvTav.exe
  2⤵
  PID:1540
- C:\Windows\System\fFlvUDz.exe
  C:\Windows\System\fFlvUDz.exe
  2⤵
  PID:9420
- C:\Windows\System\qTHzhYP.exe
  C:\Windows\System\qTHzhYP.exe
  2⤵
  PID:4780
- C:\Windows\System\SPqZpWw.exe
  C:\Windows\System\SPqZpWw.exe
  2⤵
  PID:2296
- C:\Windows\System\FaxJczs.exe
  C:\Windows\System\FaxJczs.exe
  2⤵
  PID:10188
- C:\Windows\System\HuYzCZS.exe
  C:\Windows\System\HuYzCZS.exe
  2⤵
  PID:5192
- C:\Windows\System\MeoexNg.exe
  C:\Windows\System\MeoexNg.exe
  2⤵
  PID:4060
- C:\Windows\System\szAEOyf.exe
  C:\Windows\System\szAEOyf.exe
  2⤵
  PID:4344
- C:\Windows\System\mahgLOP.exe
  C:\Windows\System\mahgLOP.exe
  2⤵
  PID:4480
- C:\Windows\System\OCnMFhM.exe
  C:\Windows\System\OCnMFhM.exe
  2⤵
  PID:6132
- C:\Windows\System\oYtETMU.exe
  C:\Windows\System\oYtETMU.exe
  2⤵
  PID:10956
- C:\Windows\System\IbndebV.exe
  C:\Windows\System\IbndebV.exe
  2⤵
  PID:6448
- C:\Windows\System\gjHEtGH.exe
  C:\Windows\System\gjHEtGH.exe
  2⤵
  PID:6360
- C:\Windows\System\UKhasyO.exe
  C:\Windows\System\UKhasyO.exe
  2⤵
  PID:7440
- C:\Windows\System\TUUqsgE.exe
  C:\Windows\System\TUUqsgE.exe
  2⤵
  PID:7544
- C:\Windows\System\AuLmVeQ.exe
  C:\Windows\System\AuLmVeQ.exe
  2⤵
  PID:1888
- C:\Windows\System\QRRIOAI.exe
  C:\Windows\System\QRRIOAI.exe
  2⤵
  PID:5180
- C:\Windows\System\rnBzrSO.exe
  C:\Windows\System\rnBzrSO.exe
  2⤵
  PID:2200
- C:\Windows\System\wXsfbvn.exe
  C:\Windows\System\wXsfbvn.exe
  2⤵
  PID:6872
- C:\Windows\System\ZrVPVCG.exe
  C:\Windows\System\ZrVPVCG.exe
  2⤵
  PID:7004
- C:\Windows\System\jNviVys.exe
  C:\Windows\System\jNviVys.exe
  2⤵
  PID:4044
- C:\Windows\System\DrVTegj.exe
  C:\Windows\System\DrVTegj.exe
  2⤵
  PID:4304
- C:\Windows\System\LeqQgzs.exe
  C:\Windows\System\LeqQgzs.exe
  2⤵
  PID:7096
- C:\Windows\System\xRMNnNE.exe
  C:\Windows\System\xRMNnNE.exe
  2⤵
  PID:6012
- C:\Windows\System\HcnqkeG.exe
  C:\Windows\System\HcnqkeG.exe
  2⤵
  PID:7136
- C:\Windows\System\wAkjqbg.exe
  C:\Windows\System\wAkjqbg.exe
  2⤵
  PID:6788
- C:\Windows\System\roOZpoK.exe
  C:\Windows\System\roOZpoK.exe
  2⤵
  PID:13048
- C:\Windows\System\TsdeKlu.exe
  C:\Windows\System\TsdeKlu.exe
  2⤵
  PID:1004
- C:\Windows\System\csQShbB.exe
  C:\Windows\System\csQShbB.exe
  2⤵
  PID:11748
- C:\Windows\System\lsdRGkn.exe
  C:\Windows\System\lsdRGkn.exe
  2⤵
  PID:5788
- C:\Windows\System\NqNrTBJ.exe
  C:\Windows\System\NqNrTBJ.exe
  2⤵
  PID:6676
- C:\Windows\System\ommIyuD.exe
  C:\Windows\System\ommIyuD.exe
  2⤵
  PID:4928
- C:\Windows\System\soxUyvs.exe
  C:\Windows\System\soxUyvs.exe
  2⤵
  PID:8368
- C:\Windows\System\UggbWXf.exe
  C:\Windows\System\UggbWXf.exe
  2⤵
  PID:12312
- C:\Windows\System\qPEoUwA.exe
  C:\Windows\System\qPEoUwA.exe
  2⤵
  PID:9644
- C:\Windows\System\VJKdedt.exe
  C:\Windows\System\VJKdedt.exe
  2⤵
  PID:9560
- C:\Windows\System\bVZUxEw.exe
  C:\Windows\System\bVZUxEw.exe
  2⤵
  PID:9464
- C:\Windows\System\yUgkUSB.exe
  C:\Windows\System\yUgkUSB.exe
  2⤵
  PID:9440
- C:\Windows\System\kDCcGzt.exe
  C:\Windows\System\kDCcGzt.exe
  2⤵
  PID:9336
- C:\Windows\System\zSabnRQ.exe
  C:\Windows\System\zSabnRQ.exe
  2⤵
  PID:9352
- C:\Windows\System\oAWSWYD.exe
  C:\Windows\System\oAWSWYD.exe
  2⤵
  PID:8384
- C:\Windows\System\tUIOzPF.exe
  C:\Windows\System\tUIOzPF.exe
  2⤵
  PID:8808
- C:\Windows\System\zHAvTsd.exe
  C:\Windows\System\zHAvTsd.exe
  2⤵
  PID:8728
- C:\Windows\System\vOYwvIe.exe
  C:\Windows\System\vOYwvIe.exe
  2⤵
  PID:8616
- C:\Windows\System\glKcOib.exe
  C:\Windows\System\glKcOib.exe
  2⤵
  PID:8964
- C:\Windows\System\vQOHHnZ.exe
  C:\Windows\System\vQOHHnZ.exe
  2⤵
  PID:8864
- C:\Windows\System\LDIDnEP.exe
  C:\Windows\System\LDIDnEP.exe
  2⤵
  PID:8868
- C:\Windows\System\dFOvEMl.exe
  C:\Windows\System\dFOvEMl.exe
  2⤵
  PID:8960
- C:\Windows\System\AGoAYrz.exe
  C:\Windows\System\AGoAYrz.exe
  2⤵
  PID:9004
- C:\Windows\System\ALXAIBO.exe
  C:\Windows\System\ALXAIBO.exe
  2⤵
  PID:9036
- C:\Windows\System\YWJSbDQ.exe
  C:\Windows\System\YWJSbDQ.exe
  2⤵
  PID:9084
- C:\Windows\System\autgiSn.exe
  C:\Windows\System\autgiSn.exe
  2⤵
  PID:9180
- C:\Windows\System\eXGhOsk.exe
  C:\Windows\System\eXGhOsk.exe
  2⤵
  PID:8464
- C:\Windows\System\VYVdFhm.exe
  C:\Windows\System\VYVdFhm.exe
  2⤵
  PID:8712
- C:\Windows\System\gIDUUBw.exe
  C:\Windows\System\gIDUUBw.exe
  2⤵
  PID:8980
- C:\Windows\System\dlIQLds.exe
  C:\Windows\System\dlIQLds.exe
  2⤵
  PID:8824
- C:\Windows\System\rmXTgyx.exe
  C:\Windows\System\rmXTgyx.exe
  2⤵
  PID:8516
- C:\Windows\System\ZsCalXb.exe
  C:\Windows\System\ZsCalXb.exe
  2⤵
  PID:7832
- C:\Windows\System\SNmbKKE.exe
  C:\Windows\System\SNmbKKE.exe
  2⤵
  PID:7424
- C:\Windows\System\gFecnCg.exe
  C:\Windows\System\gFecnCg.exe
  2⤵
  PID:7540
- C:\Windows\System\QUXXiuI.exe
  C:\Windows\System\QUXXiuI.exe
  2⤵
  PID:6204
- C:\Windows\System\iGKUNjy.exe
  C:\Windows\System\iGKUNjy.exe
  2⤵
  PID:11728
- C:\Windows\System\YHmKkUK.exe
  C:\Windows\System\YHmKkUK.exe
  2⤵
  PID:7844
- C:\Windows\System\ouVQDHQ.exe
  C:\Windows\System\ouVQDHQ.exe
  2⤵
  PID:12712
- C:\Windows\System\jKYuSPv.exe
  C:\Windows\System\jKYuSPv.exe
  2⤵
  PID:1420
- C:\Windows\System\KRdlFvJ.exe
  C:\Windows\System\KRdlFvJ.exe
  2⤵
  PID:11208
- C:\Windows\System\yhmYXhG.exe
  C:\Windows\System\yhmYXhG.exe
  2⤵
  PID:5500
- C:\Windows\System\XtcDgDj.exe
  C:\Windows\System\XtcDgDj.exe
  2⤵
  PID:860
- C:\Windows\System\ymEekbL.exe
  C:\Windows\System\ymEekbL.exe
  2⤵
  PID:2912
- C:\Windows\System\VvSKzWz.exe
  C:\Windows\System\VvSKzWz.exe
  2⤵
  PID:12412
- C:\Windows\System\AQwuixa.exe
  C:\Windows\System\AQwuixa.exe
  2⤵
  PID:12880
- C:\Windows\System\pFZhfkz.exe
  C:\Windows\System\pFZhfkz.exe
  2⤵
  PID:4328
- C:\Windows\System\XqBUWpN.exe
  C:\Windows\System\XqBUWpN.exe
  2⤵
  PID:6804
- C:\Windows\System\zjdhuoZ.exe
  C:\Windows\System\zjdhuoZ.exe
  2⤵
  PID:10248
- C:\Windows\System\LmFlbeI.exe
  C:\Windows\System\LmFlbeI.exe
  2⤵
  PID:9848
- C:\Windows\System\SbOahmR.exe
  C:\Windows\System\SbOahmR.exe
  2⤵
  PID:7948
- C:\Windows\System\niQmtes.exe
  C:\Windows\System\niQmtes.exe
  2⤵
  PID:9728
- C:\Windows\System\KdNnivO.exe
  C:\Windows\System\KdNnivO.exe
  2⤵
  PID:1556
- C:\Windows\System\ODYmfTG.exe
  C:\Windows\System\ODYmfTG.exe
  2⤵
  PID:6096
- C:\Windows\System\dUKgUhb.exe
  C:\Windows\System\dUKgUhb.exe
  2⤵
  PID:640
- C:\Windows\System\ePiCKfq.exe
  C:\Windows\System\ePiCKfq.exe
  2⤵
  PID:2884
- C:\Windows\System\tfZKkmG.exe
  C:\Windows\System\tfZKkmG.exe
  2⤵
  PID:4192
- C:\Windows\System\tuoxmCY.exe
  C:\Windows\System\tuoxmCY.exe
  2⤵
  PID:12844
- C:\Windows\System\sQwouQD.exe
  C:\Windows\System\sQwouQD.exe
  2⤵
  PID:13304
- C:\Windows\System\djrdPCt.exe
  C:\Windows\System\djrdPCt.exe
  2⤵
  PID:1248
- C:\Windows\System\FQcOoIm.exe
  C:\Windows\System\FQcOoIm.exe
  2⤵
  PID:3728
- C:\Windows\System\uZHKRzP.exe
  C:\Windows\System\uZHKRzP.exe
  2⤵
  PID:7032
- C:\Windows\System\WiujUke.exe
  C:\Windows\System\WiujUke.exe
  2⤵
  PID:3588
- C:\Windows\System\edwVLiU.exe
  C:\Windows\System\edwVLiU.exe
  2⤵
  PID:5416
- C:\Windows\System\ryaEXoJ.exe
  C:\Windows\System\ryaEXoJ.exe
  2⤵
  PID:10124
- C:\Windows\System\QLYvOpa.exe
  C:\Windows\System\QLYvOpa.exe
  2⤵
  PID:10768
- C:\Windows\System\srPCvta.exe
  C:\Windows\System\srPCvta.exe
  2⤵
  PID:9992
- C:\Windows\System\zMWhVzY.exe
  C:\Windows\System\zMWhVzY.exe
  2⤵
  PID:11368
- C:\Windows\System\KGNhISU.exe
  C:\Windows\System\KGNhISU.exe
  2⤵
  PID:10828
- C:\Windows\System\JwPpoom.exe
  C:\Windows\System\JwPpoom.exe
  2⤵
  PID:9876
- C:\Windows\System\ddbXWBJ.exe
  C:\Windows\System\ddbXWBJ.exe
  2⤵
  PID:9552
- C:\Windows\System\QABYnim.exe
  C:\Windows\System\QABYnim.exe
  2⤵
  PID:10332
- C:\Windows\System\cHfJlrm.exe
  C:\Windows\System\cHfJlrm.exe
  2⤵
  PID:10408
- C:\Windows\System\NzTrKnF.exe
  C:\Windows\System\NzTrKnF.exe
  2⤵
  PID:10400
- C:\Windows\System\KGeKqxG.exe
  C:\Windows\System\KGeKqxG.exe
  2⤵
  PID:10636
- C:\Windows\System\wnSjynR.exe
  C:\Windows\System\wnSjynR.exe
  2⤵
  PID:10504
- C:\Windows\System\KrCMAFo.exe
  C:\Windows\System\KrCMAFo.exe
  2⤵
  PID:10724
- C:\Windows\System\ZlWRqZQ.exe
  C:\Windows\System\ZlWRqZQ.exe
  2⤵
  PID:10808
- C:\Windows\System\KBUODtT.exe
  C:\Windows\System\KBUODtT.exe
  2⤵
  PID:11068
- C:\Windows\System\BvySTvg.exe
  C:\Windows\System\BvySTvg.exe
  2⤵
  PID:11108
- C:\Windows\System\NAceBhB.exe
  C:\Windows\System\NAceBhB.exe
  2⤵
  PID:10920
- C:\Windows\System\ncHMnWm.exe
  C:\Windows\System\ncHMnWm.exe
  2⤵
  PID:10496
- C:\Windows\System\nZjNUcf.exe
  C:\Windows\System\nZjNUcf.exe
  2⤵
  PID:2452
- C:\Windows\System\spfDMDM.exe
  C:\Windows\System\spfDMDM.exe
  2⤵
  PID:4216
- C:\Windows\System\BCZDnQx.exe
  C:\Windows\System\BCZDnQx.exe
  2⤵
  PID:6212
- C:\Windows\System\FcCCDWY.exe
  C:\Windows\System\FcCCDWY.exe
  2⤵
  PID:7124
- C:\Windows\System\xSsxgQT.exe
  C:\Windows\System\xSsxgQT.exe
  2⤵
  PID:12380
- C:\Windows\System\cllYfwe.exe
  C:\Windows\System\cllYfwe.exe
  2⤵
  PID:11476
- C:\Windows\System\kDHoAle.exe
  C:\Windows\System\kDHoAle.exe
  2⤵
  PID:11716
- C:\Windows\System\HJOkWVW.exe
  C:\Windows\System\HJOkWVW.exe
  2⤵
  PID:11512
- C:\Windows\System\zdrjbLO.exe
  C:\Windows\System\zdrjbLO.exe
  2⤵
  PID:11472
- C:\Windows\System\orpXMkQ.exe
  C:\Windows\System\orpXMkQ.exe
  2⤵
  PID:11584
- C:\Windows\System\JaclWLH.exe
  C:\Windows\System\JaclWLH.exe
  2⤵
  PID:11292
- C:\Windows\System\dDgSohc.exe
  C:\Windows\System\dDgSohc.exe
  2⤵
  PID:12176
- C:\Windows\System\oYDPTrI.exe
  C:\Windows\System\oYDPTrI.exe
  2⤵
  PID:11684
- C:\Windows\System\fXrNIqn.exe
  C:\Windows\System\fXrNIqn.exe
  2⤵
  PID:11980
- C:\Windows\System\cnFuSvX.exe
  C:\Windows\System\cnFuSvX.exe
  2⤵
  PID:12108
- C:\Windows\System\bTfEpvz.exe
  C:\Windows\System\bTfEpvz.exe
  2⤵
  PID:12128
- C:\Windows\System\ewowXzo.exe
  C:\Windows\System\ewowXzo.exe
  2⤵
  PID:12072
- C:\Windows\System\IUovsfg.exe
  C:\Windows\System\IUovsfg.exe
  2⤵
  PID:11964
- C:\Windows\System\HbMUBdO.exe
  C:\Windows\System\HbMUBdO.exe
  2⤵
  PID:11956
- C:\Windows\System\zbmntqR.exe
  C:\Windows\System\zbmntqR.exe
  2⤵
  PID:11896
- C:\Windows\System\BkxTxqq.exe
  C:\Windows\System\BkxTxqq.exe
  2⤵
  PID:11804
- C:\Windows\System\KWpffwX.exe
  C:\Windows\System\KWpffwX.exe
  2⤵
  PID:11720
- C:\Windows\System\nosnzZF.exe
  C:\Windows\System\nosnzZF.exe
  2⤵
  PID:5016
- C:\Windows\System\wuatgHJ.exe
  C:\Windows\System\wuatgHJ.exe
  2⤵
  PID:11736
- C:\Windows\System\johugej.exe
  C:\Windows\System\johugej.exe
  2⤵
  PID:11444
- C:\Windows\System\qTiQxFr.exe
  C:\Windows\System\qTiQxFr.exe
  2⤵
  PID:11260
- C:\Windows\System\IDJwuQo.exe
  C:\Windows\System\IDJwuQo.exe
  2⤵
  PID:6464
- C:\Windows\System\OqokMnC.exe
  C:\Windows\System\OqokMnC.exe
  2⤵
  PID:12568
- C:\Windows\System\SoDSmeX.exe
  C:\Windows\System\SoDSmeX.exe
  2⤵
  PID:12600
- C:\Windows\System\krjXskV.exe
  C:\Windows\System\krjXskV.exe
  2⤵
  PID:12344
- C:\Windows\System\nZXPdlX.exe
  C:\Windows\System\nZXPdlX.exe
  2⤵
  PID:11732
- C:\Windows\System\viOWZId.exe
  C:\Windows\System\viOWZId.exe
  2⤵
  PID:13036
- C:\Windows\System\MqlkVHz.exe
  C:\Windows\System\MqlkVHz.exe
  2⤵
  PID:12208
- C:\Windows\System\hFQydhP.exe
  C:\Windows\System\hFQydhP.exe
  2⤵
  PID:12104
- C:\Windows\System\wbWHnbF.exe
  C:\Windows\System\wbWHnbF.exe
  2⤵
  PID:11364
- C:\Windows\System\IKIHbse.exe
  C:\Windows\System\IKIHbse.exe
  2⤵
  PID:10360
- C:\Windows\System\eMrGhhe.exe
  C:\Windows\System\eMrGhhe.exe
  2⤵
  PID:9884
- C:\Windows\System\hfgwAOg.exe
  C:\Windows\System\hfgwAOg.exe
  2⤵
  PID:12968
- C:\Windows\System\SQdKePf.exe
  C:\Windows\System\SQdKePf.exe
  2⤵
  PID:9740
- C:\Windows\System\KmqNwaY.exe
  C:\Windows\System\KmqNwaY.exe
  2⤵
  PID:3396
- C:\Windows\System\xIItXMh.exe
  C:\Windows\System\xIItXMh.exe
  2⤵
  PID:764
- C:\Windows\System\ylXmFxY.exe
  C:\Windows\System\ylXmFxY.exe
  2⤵
  PID:7328
- C:\Windows\System\MbpLwjB.exe
  C:\Windows\System\MbpLwjB.exe
  2⤵
  PID:7192
- C:\Windows\System\AIfdrtY.exe
  C:\Windows\System\AIfdrtY.exe
  2⤵
  PID:7528
- C:\Windows\System\cmGrokg.exe
  C:\Windows\System\cmGrokg.exe
  2⤵
  PID:4168
- C:\Windows\System\amyesyy.exe
  C:\Windows\System\amyesyy.exe
  2⤵
  PID:4688
- C:\Windows\System\yTQfEMR.exe
  C:\Windows\System\yTQfEMR.exe
  2⤵
  PID:4092
- C:\Windows\System\dMcomOJ.exe
  C:\Windows\System\dMcomOJ.exe
  2⤵
  PID:5844
- C:\Windows\System\DFJDhUv.exe
  C:\Windows\System\DFJDhUv.exe
  2⤵
  PID:13296
- C:\Windows\System\QQbOaZE.exe
  C:\Windows\System\QQbOaZE.exe
  2⤵
  PID:10164
- C:\Windows\System\XOfQwIo.exe
  C:\Windows\System\XOfQwIo.exe
  2⤵
  PID:11916
- C:\Windows\System\zplUVJM.exe
  C:\Windows\System\zplUVJM.exe
  2⤵
  PID:8120
- C:\Windows\System\AJyhNLL.exe
  C:\Windows\System\AJyhNLL.exe
  2⤵
  PID:12684
- C:\Windows\System\RlDDglf.exe
  C:\Windows\System\RlDDglf.exe
  2⤵
  PID:10344
- C:\Windows\System\HHaAKOG.exe
  C:\Windows\System\HHaAKOG.exe
  2⤵
  PID:10004
- C:\Windows\System\RFMNmjK.exe
  C:\Windows\System\RFMNmjK.exe
  2⤵
  PID:6516
- C:\Windows\System\JHBEOLN.exe
  C:\Windows\System\JHBEOLN.exe
  2⤵
  PID:9908
- C:\Windows\System\rhGIPso.exe
  C:\Windows\System\rhGIPso.exe
  2⤵
  PID:6724
- C:\Windows\System\XbegXtf.exe
  C:\Windows\System\XbegXtf.exe
  2⤵
  PID:7180
- C:\Windows\System\ZzuHqUI.exe
  C:\Windows\System\ZzuHqUI.exe
  2⤵
  PID:10588

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:13180

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
- Suspicious use of FindShellTrayWindow
PID:13228

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:12808

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:6472
- C:\Windows\explorer.exe
  explorer.exe /LOADSAVEDWINDOWS
  2⤵
  - Boot or Logon Autostart Execution: Active Setup
  - Enumerates connected drives
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:7600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rsvs1tgw.ug0.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\CDVBknP.exe

Filesize
1.7MB

MD5
52898793e5e52850d97ae7cc55b10eb5

SHA1
d96ccb8db5f3e9b6fff64aa5e05c0eeb4a9e9a34

SHA256
fb3db2c2dc48e1b73eb51cbccb7c80c2eab9637b61a87fbf7042ae02121fd0ea

SHA512
754d376f96c37d20c63b7948170f232c00b5e100218c81fccad6ed34fe6aa5be925d7ac5034b1965192f42533f88bef5608786536276bcf7f4c0632c779b40fa

Download Submit
C:\Windows\System\DEKcQty.exe

Filesize
1.7MB

MD5
fb739863f36d41b79206828f9f18ffbc

SHA1
498951e9445385114cbc4da5da72ee5fff584bec

SHA256
22acd56ae21bbd852e64538df59dc53257a376f16f070a4e666058fba0d6a9ce

SHA512
a51874fbe0c3a965d958b43eb9af87bb2810be0eaee4f343fa95fd890cff0e6e5575692010796271e5d6654bba3c54a91a871de36730eafc37b083cec6de0e00

Download Submit
C:\Windows\System\EuKisvc.exe

Filesize
1.7MB

MD5
718b68e2e9358bebd3108854aa6b22b6

SHA1
e0cdad09433936bf4ad9b3f8b4066ae28a180265

SHA256
c7b3d10a2b22c2c361a8664bbf5d642290a4c358f3ffa6c8b3fc81822c5b3b0a

SHA512
c98605371eb51829b1d66daa09884156ca0fc5fb6034e1568c6551ae053928371cce48a301570c3760d6dd341c92fe503cbdb8a77fd014aef16882e0c53a83e2

Download Submit
C:\Windows\System\GAGwXHD.exe

Filesize
1.7MB

MD5
9366e9ecd8faefd0c601753ab6cfc892

SHA1
23b215bc68255061bcf4412aef5ed6eb3e6cfe16

SHA256
8a9517db2a0b81ac867826c25a91286063e393f02bf127d8e6cd3463657e4f87

SHA512
f231e908f23a24db331697d2ac443c5f3f362b396a1c47cc26433535c3d9fc837891d530654e2a1a381db807cee1cbff2dc1d41dd7726886cdd9db5209e98346

Download Submit
C:\Windows\System\HUjPAHx.exe

Filesize
1.7MB

MD5
879e10d89af6d98cb63bfe74ef5106b4

SHA1
92fcbedf5e513e71b48030bf18715136cc0bde67

SHA256
eb4b5d98da92e6258f2bf7ac1acca5c9fb480ffe1398daac004eaa40660ef964

SHA512
3dd39a4b8fad7d9eec846897556f1ab5d239d81dfae39aa135687c06ce862b1f841fd5c3ba63b597e07eb0ac0a9586684c7b49238c500915bf544891997b23f3

Download Submit
C:\Windows\System\KYnWdae.exe

Filesize
1.7MB

MD5
610d0325b9751cc13baf6bc72cce92f4

SHA1
c9cb81931a9f8213b191a622bae2d8051307c09d

SHA256
fe55e88c87084f6670fd0fe4edcc97e269b6f03ac9f3c6211a6eecc9178aa893

SHA512
43647fe61722ecad79d5120b975ee95d5e3cd2d58dbf43145ed37169098aa6fe6a5fecdc3d687e5ec260733a39be4241991449b3ca435e6ffc08247fe8b57ad8

Download Submit
C:\Windows\System\NNLWtYw.exe

Filesize
1.7MB

MD5
971b9c7d0e89f8c00d545f81ea85b3d0

SHA1
f68de6d1842b2a9fefce859f1058392fcbd4ad03

SHA256
78c952c174bb86dbfeb26b24ee68fca33c9341418cdac7e9f08fc6fda5fcedc8

SHA512
f9a998341baa9c87f3bdafd2cc85f9fddab8b151daab0ffa88a57f849d83a053aed260b7a8d9a8ed71df2a7f76d5b3a999ed40d8c32df438c90559724b32715d

Download Submit
C:\Windows\System\PCiMwHn.exe

Filesize
1.7MB

MD5
740e3664f4115c5ac5aac8c58e5f5ad8

SHA1
f276a06578eee91d0aff8c0896f77024dc250836

SHA256
3155bdca21402c9bb24cf08356b7d55abb5adf2baf8ddc57433ff3fb6c522408

SHA512
5cbff5cfffe9997d3bd05698c8048e772d014ef120e03f75a6439842dc61534ec5091af9c9bd8fda61761f345a6f121cef2f7f03a8fa829835ce73906e2a8dfa

Download Submit
C:\Windows\System\RdkLopc.exe

Filesize
1.7MB

MD5
7119f139453748f6b138b2a250bbcc2e

SHA1
ce7089d1385e2a636c0e48852d7b2361c52a4c26

SHA256
c265b3905bda5220400bc23b39df6581bef39705ac72cf7f38c8bc9c8cd74c54

SHA512
c66abd91385dc0b3c07a4768c9ab9f695e9bb4be4d9e5f75fe3b14b0891196e6f1500b2f169ed25c1071f39335a060a3363d477f0fa1d435224dce6d9c786a43

Download Submit
C:\Windows\System\RlunhrT.exe

Filesize
1.7MB

MD5
8ff021045056d5ab8a231753d4107ba9

SHA1
99c2f7a0513408e5626bb9764e9598fb9580e9ae

SHA256
2f3309d9249a5b11f2b86647a4bc367f59be668ae530b150407dce5038f9f883

SHA512
2ef39d10f695ab78f604fd8939fb6ec61e7ad39255be5d9aef79b91f85d1ffb03edcff21b2e8c0c8e54ae2cebe279285e5d83427d0853f0ff266c0508fcf1f8d

Download Submit
C:\Windows\System\TGKOHxe.exe

Filesize
1.7MB

MD5
011110e2c025c7558596304300865b5f

SHA1
e11d7be545e4d18ed1cd074ef1bc65fef1453442

SHA256
f129e1329ad050c2527e923c39e6c6a99d29db4e0201fab9af4ff0ce5c62c6d4

SHA512
701b1a87769cee2575d7b8457ebe3265b5950b97840b39128caaf2ded6a28253e44f4a408d72f6e1115111fcca7036344a0ecddeeeff3aea0bd3877c987b4733

Download Submit
C:\Windows\System\VaJQLLW.exe

Filesize
1.7MB

MD5
de82f7a2e74fb7400806c30ae3440e3b

SHA1
c1bc2dd6ddee144c4ae73746de54e45c06395d0f

SHA256
7845b8618e14cb5d4fdf71e76ecc0e24b02f3099d7178d382a30230a62f21e8d

SHA512
dc94b4d34ae3ca85a325af04a5074c31c4294ae6ee4ec5cfbe8d42a839a721839e9f075e43c0ac8c48597f6331f262cdacbb92df6dc4506d78e3a7bc96685994

Download Submit
C:\Windows\System\Vbesdqw.exe

Filesize
1.7MB

MD5
5103ac8b54accb28306e2d092ac140b9

SHA1
dcb7dd4c24d60b44d0b209f494230107c438c384

SHA256
f67370264ce1bdc3d00e96afd9b0a96e918a3e539e4ac84d363686478fe5855d

SHA512
c9808911f96423b0978139a2a0cc471a725a1cc5297273d200b8766b70d673b79c48e56ad42713a2d90033269e4711ede00bdfb2223ed27615ec1e7995eaaa5b

Download Submit
C:\Windows\System\WFiMfDW.exe

Filesize
1.7MB

MD5
2d6da36ea1f5b58fe160ce83401b44fb

SHA1
b842d7ecff395d8e475a6e97ccbe676fc7c42246

SHA256
87782d68ae5dd5f441f0574c28570e409dc2cce74ec33b64f8d506239c4a108d

SHA512
eb8297e4253633124317daaf1817c135a1c0ebb27ec85c155c717269717fe23619c99aed48bbe1ca2e1e1475c478302466cd5dd2a1db5f121e1778ad9102899e

Download Submit
C:\Windows\System\WbhzwBR.exe

Filesize
1.7MB

MD5
068a814cc045877789aab89bdf29a1a4

SHA1
f0964d400cc18912450bbd07f23d5e167d33696b

SHA256
dbae3abc6bc7ef6814a18aef4f0ecdecda396e4dedb82bff8a47c2d8dcaf134d

SHA512
d51bc80403ecae410257b315e02bc757216da2a162d58d74ecb270bc95a1d17e7f65670075662a3163e726dc37ea69ed9cae80b6f9b7ffd2c93822ca0246a688

Download Submit
C:\Windows\System\WfPSgqq.exe

Filesize
1.7MB

MD5
49317444572945c14762f35983e00e07

SHA1
432af5cabdcee0d54b90a90e449ddf7e3780f1f8

SHA256
03d597591bb11b69efc13caf54c547802d273f21ac5a94536447d0ecabd76232

SHA512
820a1da8e9a887ca294e59d5c936644b6c4392fb8f9e049942e9abc78683287d6f1bf837dbaf0daf5613c367ac8948aaad01661627578a75b0c2bc0452f3faf1

Download Submit
C:\Windows\System\XXcnRni.exe

Filesize
1.7MB

MD5
abbab506dfeaae9417682adae3cff16b

SHA1
57fb0003962a32e267ce28f48a4b1bba5fc4da9c

SHA256
ea638dfe85475acc5b6983a298ef2981d292291e1fdefbe2dd62b7dd5850607b

SHA512
2aad40a0ccf392014507942ea57a4409202eb76e6f4be7598ad896ac59357eae50f9094aeda26129e89da2b70e42c151193c043cc267b4a5e8d0e88a233faaaf

Download Submit
C:\Windows\System\dRWXdzP.exe

Filesize
1.7MB

MD5
2489042a939ab05e4d3f8a67555cc230

SHA1
51a6cdeb1b533e09d307732a3e69341766fc8f4a

SHA256
c18bf55914927ef37fa3e43d7c464840acd54bdc3e18343d3995173316767ecc

SHA512
cd47fa4b23ba0f91506df2cb56436d5661630529f923cf3fd20d553bb0d2e997810d5ac1addb136ac3e4cecfee16a4ebbeaca11d26d17315744f97ab46422ec5

Download Submit
C:\Windows\System\dnfnLji.exe

Filesize
1.7MB

MD5
b15c14ad9b445755a52fed3509600614

SHA1
f04bda1735aa96f51f82452b3fa02df105f924b5

SHA256
818ca74cf48148f7a6b03114e6295a7c46b6f8474c49e565eb71a183f70ee575

SHA512
4f2d0f67cd28b6c242c22f68b4bfd9cec5701c99a35ce0a416318ca8b1029d7f5b150285fe624c87b4b96ae2d4f8768c46df202811b0bdc806771be594d422f8

Download Submit
C:\Windows\System\eBAUbrf.exe

Filesize
1.7MB

MD5
d852668bb8242b11ac8ba05b659cc03a

SHA1
60b871e834a949e93b2db6ce67f10f5d13670698

SHA256
dde94db098f12fae360865ee6ca9e6953d3d23f5c0b33fde64b185561d4051c8

SHA512
0316a5352675c067ddcb1af7d3610a3c5c2d613b7018827f7d8e03b0d8898870f47848eb08a957863b32a971acc73563bc7da5628005432bb92503f614ad1215

Download Submit
C:\Windows\System\hrgovrw.exe

Filesize
1.7MB

MD5
0f2d607792d8c895b5dcf1ccbf920966

SHA1
00336af76b36395154ad75d1b0a3486fdda7d264

SHA256
8270722fb11e2cec12279657b406db9d66042f645d3cea3476606b8a39bcbf46

SHA512
55f474834ee76bbc05213c6f2efc76248f9fee849eaab1e36900bd6acbd89e7f0ea6def98cc151159934b9effc48b3e0c1f6ecc98bd302698e52846acf98bd16

Download Submit
C:\Windows\System\insldSk.exe

Filesize
1.7MB

MD5
6eed6401f5d78d4753822a3172103728

SHA1
f2c471abb3b0515da39362ee9181db4f3ece462a

SHA256
668c4e97f67586883fa3876f5c2c29cbe21754fe24017eead275b7e3efbb39aa

SHA512
c70204887c328d549fe606eeabfd4a9cf0349657df7f77bcb0e2fa5585116669c37118dcfda0c5bb01e5622c13e314dee9ed876da269a27c5e1bab40386b5eb8

Download Submit
C:\Windows\System\jjhyBvC.exe

Filesize
8B

MD5
92dce7fd7ec69f225baee909f1f20d27

SHA1
0fe748b20df273698767537e59de10e23a351a61

SHA256
3a8d52b801fd1c8bd120153342611f7386eb5ce0ad255d57304ec96ec9b31a84

SHA512
1e58e425b780ebf633a365e2d3edf8bb342f5bfe09e8d802b0d4dd60a53770b35758c32e598b9a4f78c23d6a0841ec0499f88be809f17838167d0c02b8f0c743

Download Submit
C:\Windows\System\mCybFgm.exe

Filesize
1.7MB

MD5
0cacf17dde621274d7b06eaeb3359961

SHA1
d1086bb95f574e73ef847513d60be38a8ab5c185

SHA256
eea2a1544da6913fbb1382e933af819bf4b86ec25d689fb00793e6cdbe586acf

SHA512
f76dcd3547527f0e71b67b0603ab4b19d85aa100c8b3e3e51a10dea21a7f2a5b3f025917855aa45c192dbbec6148806af650c411f146c5a978c28d52b0fa2baa

Download Submit
C:\Windows\System\mWPIfDk.exe

Filesize
1.7MB

MD5
61224a0ad47ee8368b6a7449343fb825

SHA1
c229c2bdd0ca0da66768613f9f5fd1a305fa1369

SHA256
91d678b3a8840355b97dfefd261b1b7365607c2bc7d97de41693479254b843a9

SHA512
933b8d2d4de407e9a4376334a9dc3611a5829257cc74b71f87ff433bef462166e8d9bbf46ec1a317e39168383679bcfb209aac0b0c8df1b4490b03872c31da2c

Download Submit
C:\Windows\System\mwYExLv.exe

Filesize
1.7MB

MD5
392d42ab585c84e72a4a1b7873e6cb86

SHA1
c3ea382b493ae6d8e43d009d7b24aa5fdc67ef80

SHA256
b3ed309c68ed32b7476d9c31d86186ffafd63d04e9d2c968dd9d032f551daf9d

SHA512
c0e08dc509ef3a294fde0196f69e0083f2393f101c6008a8f1c0765a0155775c3f9f2b06ef69e76d1dc949003e521ed164d815ff21b80573a7fcb6f3e9c7296e

Download Submit
C:\Windows\System\pWzQBQk.exe

Filesize
1.7MB

MD5
1f3856f1926ce20921232292c02a9f94

SHA1
54b285ccfdf76df6e3f66226bed6e11b6cd35155

SHA256
1fb2fc376a007d4d759951797c15ab5bbc85ac31a1840ae6844a028897ca13f4

SHA512
30638e282fbcc986160d685cdcdd5bcefa67c050710f43d0cbe407ca5ec73cb206b4bbe32a529482474631f092bd6a28786b72c032653aefbad5ef0e88340289

Download Submit
C:\Windows\System\penEiZt.exe

Filesize
1.7MB

MD5
0c583a5d19891477bc0203203a622ab1

SHA1
76ef0bbc66a4114557f39b3864b6a8629d482d0c

SHA256
844038a248af456f12c3b8720913fb15727cd5d7c0d6618955c66bdfe3e477d3

SHA512
2c2f2b1e4e1859eb41d6da19d3431c897557489b92480a7336ab6c7a4dd022926c30cd3bb146d31535e4473c8a4901b01452609614d2a8efa862dcf5e11e0578

Download Submit
C:\Windows\System\pjHjHXX.exe

Filesize
1.7MB

MD5
9b7051b7e62bd31b56383e02fe80f97e

SHA1
7a44eb814750b0cf71bfdd2d6806daefb331eabf

SHA256
cdb72434371af4976b40859bcdbcffdbede5df3f3fcbfe60a4a8d4ff9785c29d

SHA512
a14a68a6d588159acfc081f18ea37b3341bde89047505f736c594b59257b39b5d4ad998412e335f8eea17dc13ed4dc78a969618356f34eeb20e66ac421d96859

Download Submit
C:\Windows\System\qsFhvjR.exe

Filesize
1.7MB

MD5
dbe8081068d2101323499117f70b0168

SHA1
3b4b2ef0ad2add6bc6e8ee64947e39f0df967c62

SHA256
e12eab3d6062dbaddabec65bb3ae8fbb8fb6354720796c503afaad8cc03538c6

SHA512
30deedac509c7e094d9869099195a944259d4b695c3b5efecf89fc8d89c3b45bfc2165c8c2704c17ef6eedef666c9d32050b41c88e9eb664cf9176d24c27636b

Download Submit
C:\Windows\System\rrOjCCY.exe

Filesize
1.7MB

MD5
4f285cb248d66a2dc6a76f305b773bfb

SHA1
c09d41202fe3f78f73907ee203a0dddd42965b23

SHA256
434b2b0bbc07302daaae297bd1a5d75976d875161b6ca452bb61bde1d46fb100

SHA512
a66d851fae05007dd2a28cd1dd47ff856785181a0c6df598ddc43b7824bb92907aacb360ff5cefde69f7665803664929fd82f3d96eafec32d4b2e9bc4ab9e112

Download Submit
C:\Windows\System\rwXFcmq.exe

Filesize
1.7MB

MD5
89c7e172de972761e8796b23f8a7c7c1

SHA1
73ba817a20150a71e423101b1c3def99070e7b6f

SHA256
a5592e813e010eb171b1a1a7c31fd099a55cf2514f3730ab97751d631cc09323

SHA512
c93e12d2b729fa5ecedd5dc7d60db6ddd929a6da65678e89d3b0b087a2aabbab0392be98b4da23e36fe9e26d80ef877401fc9166596ea7bc70756957cb45837a

Download Submit
C:\Windows\System\uIAaUFq.exe

Filesize
1.7MB

MD5
967d80fc4962bb03114b9b07b7b6f0b7

SHA1
fa83d9e92a92cb66cafb9dbc002925e0d74e9f92

SHA256
8f12a529435ed48c0581257dd852e3de85dc7ec75c8d41fa9be7d748181fe2c7

SHA512
f7d4417036ddeed652f532fea5dd5674caaff7578d89c91902827e4f1022ef72a39f34bd2c6b95e2eed60da28cbba7d8159b97b983d126a1ca4ab1c1fc98b15f

Download Submit
C:\Windows\System\vdrRlNi.exe

Filesize
1.7MB

MD5
ca4a277411e379df81fc1a4c3d61a853

SHA1
02dca2baec2fc552429aa81d30480ee9cfdcaba1

SHA256
98a6da5ef6679c7490d3cdf40e4bc74b13900255937723ce6b3c26f326f03c2d

SHA512
38f2f28f6d2870a09439fc5410f8c0cb34c57ee9df6ad7a824b7381c3d93ecec4c135f65c9996f92e786514ece8b270a96d19e4ef0e23da1c4cfae392a6da13f

Download Submit
C:\Windows\System\vtmthne.exe

Filesize
1.7MB

MD5
cab6becf064e939e2845b6fec4ed5e9f

SHA1
6da55819d22ab0833c6363ae07cd37154d0ea37e

SHA256
040c820499f4be689fa0730dbb92909ac18ef14578cd64e91ef6205100a4f21b

SHA512
ac6627375316c66bc5340c95d750fa750b9b964ccde83ed3fa1f6d942e07e22e9f96ee8549a5445a2f431cbd9a51397c0c2a7b38f31a9cc97223de70d8d07dee

Download Submit
C:\Windows\System\wbMWNoZ.exe

Filesize
1.7MB

MD5
8132538bdcf26e9d94db107099d99db5

SHA1
a6f3b4aa15bb240c4787e569a980899a58ea8d06

SHA256
4703e2477670618c8052ad31add7d450ef98ebfed5ccd6d27f70668b7738ee89

SHA512
951dd1f71b0f5f3442b7265b78c9db8c71ede8ab864b02eeeb94920852317da8a62878efa50d0641d14fc55a608e99fc2a9c027b194cc6606da02e8236251939

Download Submit
C:\Windows\System\yRAYEua.exe

Filesize
1.7MB

MD5
f44fbba7ae9a8f9753fa7421bb1b6579

SHA1
79a3838ba9b84ce59205f9bd26e26e489dd7087a

SHA256
3665a59b74c8272872fedc07bf7a9f402244026eb1414dbea3453f457f22bb4c

SHA512
2c5ff9878e87fdba524f6ec201316dbf4cd502f617202f0850dabd1218055a26d7dd5311ccd22474b4f49bef6ec6b6c4672bd28382c78c7ba742535f06a9b2c7

Download Submit
memory/536-4596-0x00007FF7377E0000-0x00007FF737BD2000-memory.dmp

Filesize
3.9MB

Download
memory/536-105-0x00007FF7377E0000-0x00007FF737BD2000-memory.dmp

Filesize
3.9MB

Download
memory/688-110-0x00007FF69F030000-0x00007FF69F422000-memory.dmp

Filesize
3.9MB

Download
memory/1548-3603-0x00007FF608F10000-0x00007FF609302000-memory.dmp

Filesize
3.9MB

Download
memory/1548-125-0x00007FF608F10000-0x00007FF609302000-memory.dmp

Filesize
3.9MB

Download
memory/1548-5304-0x00007FF608F10000-0x00007FF609302000-memory.dmp

Filesize
3.9MB

Download
memory/1664-106-0x00007FF650190000-0x00007FF650582000-memory.dmp

Filesize
3.9MB

Download
memory/1848-5308-0x00007FF601930000-0x00007FF601D22000-memory.dmp

Filesize
3.9MB

Download
memory/1848-148-0x00007FF601930000-0x00007FF601D22000-memory.dmp

Filesize
3.9MB

Download
memory/1924-4589-0x00007FF6EF210000-0x00007FF6EF602000-memory.dmp

Filesize
3.9MB

Download
memory/1924-37-0x00007FF6EF210000-0x00007FF6EF602000-memory.dmp

Filesize
3.9MB

Download
memory/2528-0-0x00007FF7F96D0000-0x00007FF7F9AC2000-memory.dmp

Filesize
3.9MB

Download
memory/2528-1-0x000001EF5C620000-0x000001EF5C630000-memory.dmp

Filesize
64KB

Download
memory/2560-97-0x00007FF7AAA20000-0x00007FF7AAE12000-memory.dmp

Filesize
3.9MB

Download
memory/2688-2883-0x00007FFC72D23000-0x00007FFC72D25000-memory.dmp

Filesize
8KB

Download
memory/2688-28-0x00007FFC72D20000-0x00007FFC737E1000-memory.dmp

Filesize
10.8MB

Download
memory/2688-48-0x00007FFC72D20000-0x00007FFC737E1000-memory.dmp

Filesize
10.8MB

Download
memory/2688-5-0x00007FFC72D23000-0x00007FFC72D25000-memory.dmp

Filesize
8KB

Download
memory/2688-38-0x000002107CB10000-0x000002107CB32000-memory.dmp

Filesize
136KB

Download
memory/2688-118-0x000002107D880000-0x000002107E026000-memory.dmp

Filesize
7.6MB

Download
memory/2952-93-0x00007FF62FC20000-0x00007FF630012000-memory.dmp

Filesize
3.9MB

Download
memory/3152-109-0x00007FF6A9420000-0x00007FF6A9812000-memory.dmp

Filesize
3.9MB

Download
memory/3472-4696-0x00007FF69A8A0000-0x00007FF69AC92000-memory.dmp

Filesize
3.9MB

Download
memory/3472-3598-0x00007FF69A8A0000-0x00007FF69AC92000-memory.dmp

Filesize
3.9MB

Download
memory/3472-112-0x00007FF69A8A0000-0x00007FF69AC92000-memory.dmp

Filesize
3.9MB

Download
memory/4336-4627-0x00007FF6C4050000-0x00007FF6C4442000-memory.dmp

Filesize
3.9MB

Download
memory/4336-107-0x00007FF6C4050000-0x00007FF6C4442000-memory.dmp

Filesize
3.9MB

Download
memory/4440-103-0x00007FF6A58F0000-0x00007FF6A5CE2000-memory.dmp

Filesize
3.9MB

Download
memory/4440-4631-0x00007FF6A58F0000-0x00007FF6A5CE2000-memory.dmp

Filesize
3.9MB

Download
memory/4652-5316-0x00007FF7B4EF0000-0x00007FF7B52E2000-memory.dmp

Filesize
3.9MB

Download
memory/4652-156-0x00007FF7B4EF0000-0x00007FF7B52E2000-memory.dmp

Filesize
3.9MB

Download
memory/4684-104-0x00007FF61BD00000-0x00007FF61C0F2000-memory.dmp

Filesize
3.9MB

Download
memory/5024-5318-0x00007FF7E35C0000-0x00007FF7E39B2000-memory.dmp

Filesize
3.9MB

Download
memory/5024-169-0x00007FF7E35C0000-0x00007FF7E39B2000-memory.dmp

Filesize
3.9MB

Download
memory/5252-4593-0x00007FF784680000-0x00007FF784A72000-memory.dmp

Filesize
3.9MB

Download
memory/5252-56-0x00007FF784680000-0x00007FF784A72000-memory.dmp

Filesize
3.9MB

Download
memory/5292-4692-0x00007FF7E5E30000-0x00007FF7E6222000-memory.dmp

Filesize
3.9MB

Download
memory/5292-111-0x00007FF7E5E30000-0x00007FF7E6222000-memory.dmp

Filesize
3.9MB

Download
memory/5336-108-0x00007FF7125A0000-0x00007FF712992000-memory.dmp

Filesize
3.9MB

Download
memory/5336-4624-0x00007FF7125A0000-0x00007FF712992000-memory.dmp

Filesize
3.9MB

Download
memory/5740-82-0x00007FF645650000-0x00007FF645A42000-memory.dmp

Filesize
3.9MB

Download
memory/5740-4603-0x00007FF645650000-0x00007FF645A42000-memory.dmp

Filesize
3.9MB

Download
memory/5752-149-0x00007FF7AACC0000-0x00007FF7AB0B2000-memory.dmp

Filesize
3.9MB

Download
memory/5752-5310-0x00007FF7AACC0000-0x00007FF7AB0B2000-memory.dmp

Filesize
3.9MB

Download
memory/5776-165-0x00007FF771390000-0x00007FF771782000-memory.dmp

Filesize
3.9MB

Download
memory/5776-5314-0x00007FF771390000-0x00007FF771782000-memory.dmp

Filesize
3.9MB

Download
memory/6056-157-0x00007FF7307E0000-0x00007FF730BD2000-memory.dmp

Filesize
3.9MB

Download
memory/6056-4584-0x00007FF7307E0000-0x00007FF730BD2000-memory.dmp

Filesize
3.9MB

Download
memory/6056-5324-0x00007FF7307E0000-0x00007FF730BD2000-memory.dmp

Filesize
3.9MB

Download
memory/6072-4698-0x00007FF7C85D0000-0x00007FF7C89C2000-memory.dmp

Filesize
3.9MB

Download
memory/6072-3600-0x00007FF7C85D0000-0x00007FF7C89C2000-memory.dmp

Filesize
3.9MB

Download
memory/6072-113-0x00007FF7C85D0000-0x00007FF7C89C2000-memory.dmp

Filesize
3.9MB

Download
memory/6140-4600-0x00007FF633080000-0x00007FF633472000-memory.dmp

Filesize
3.9MB

Download
memory/6140-72-0x00007FF633080000-0x00007FF633472000-memory.dmp

Filesize
3.9MB

Download