xmrig | 872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29

Analysis

max time kernel
148s
max time network
155s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-05-2024 00:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
Size

1.7MB
MD5

f020769b01e079c05ba21885fad0da2b
SHA1

2b9ac6aeeb7e0720388b27b21f3e87cc8c59261f
SHA256

872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29
SHA512

4516bffe8e19679e661526f9f4a926a9b3c2c029f542b40122eae9b733bcc1ea16ce34a45e979da9f0a087f8603c59e8b167e103bbe11b2679111eb927345a93
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkyW1HU/ek5Q1szp5NnNvZWNChZ7K6WefmedkVoMCr2:Lz071uv4BPMkyW10/w16BvZuaXj2

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Detects executables containing URLs to raw contents of a Github gist 23 IoCs

resource	yara_rule
behavioral1/memory/2540-9-0x000000013F780000-0x000000013FB72000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2620-26-0x000000013F050000-0x000000013F442000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1156-99-0x000000013F7D0000-0x000000013FBC2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2080-97-0x000000013F700000-0x000000013FAF2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2840-95-0x000000013FBF0000-0x000000013FFE2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2384-93-0x000000013FCD0000-0x00000001400C2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2608-81-0x000000013FC80000-0x0000000140072000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2444-79-0x000000013FE10000-0x0000000140202000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1008-102-0x000000013F650000-0x000000013FA42000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2356-87-0x000000013F530000-0x000000013F922000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2912-77-0x000000013F7D0000-0x000000013FBC2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2608-1803-0x000000013FC80000-0x0000000140072000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2444-2586-0x000000013FE10000-0x0000000140202000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1156-2655-0x000000013F7D0000-0x000000013FBC2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2840-2656-0x000000013FBF0000-0x000000013FFE2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2080-2758-0x000000013F700000-0x000000013FAF2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/3040-2809-0x000000013FDE0000-0x00000001401D2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/1008-3297-0x000000013F650000-0x000000013FA42000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2912-3298-0x000000013F7D0000-0x000000013FBC2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2620-3132-0x000000013F050000-0x000000013F442000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2384-3296-0x000000013FCD0000-0x00000001400C2000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2356-3130-0x000000013F530000-0x000000013F922000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL
behavioral1/memory/2540-2995-0x000000013F780000-0x000000013FB72000-memory.dmp	INDICATOR_SUSPICIOUS_EXE_RawGitHub_URL

UPX dump on OEP (original entry point) 57 IoCs

resource	yara_rule
behavioral1/memory/2240-0-0x000000013FA90000-0x000000013FE82000-memory.dmp	UPX
behavioral1/files/0x000d0000000122d1-3.dat	UPX
behavioral1/memory/2540-9-0x000000013F780000-0x000000013FB72000-memory.dmp	UPX
behavioral1/memory/3040-14-0x000000013FDE0000-0x00000001401D2000-memory.dmp	UPX
behavioral1/memory/2620-26-0x000000013F050000-0x000000013F442000-memory.dmp	UPX
behavioral1/files/0x000800000001269e-28.dat	UPX
behavioral1/files/0x000f0000000006fd-36.dat	UPX
behavioral1/files/0x001a000000012300-37.dat	UPX
behavioral1/files/0x000900000001267d-12.dat	UPX
behavioral1/files/0x00090000000139d6-49.dat	UPX
behavioral1/files/0x0006000000014c67-56.dat	UPX
behavioral1/files/0x0006000000014ec4-67.dat	UPX
behavioral1/files/0x0006000000014fe1-73.dat	UPX
behavioral1/memory/1156-99-0x000000013F7D0000-0x000000013FBC2000-memory.dmp	UPX
behavioral1/files/0x0006000000015c0d-138.dat	UPX
behavioral1/files/0x0006000000015c23-143.dat	UPX
behavioral1/files/0x0006000000015c3c-153.dat	UPX
behavioral1/files/0x0006000000015c7c-171.dat	UPX
behavioral1/files/0x0006000000015db4-193.dat	UPX
behavioral1/files/0x0006000000015cb9-183.dat	UPX
behavioral1/files/0x0006000000015d88-187.dat	UPX
behavioral1/files/0x0006000000015c87-178.dat	UPX
behavioral1/files/0x0006000000015c69-168.dat	UPX
behavioral1/files/0x0006000000015c5d-163.dat	UPX
behavioral1/files/0x0006000000015c52-158.dat	UPX
behavioral1/files/0x0006000000015c2f-148.dat	UPX
behavioral1/files/0x0006000000015a98-137.dat	UPX
behavioral1/files/0x0006000000015a2d-127.dat	UPX
behavioral1/files/0x000600000001560a-122.dat	UPX
behavioral1/files/0x00060000000155e2-117.dat	UPX
behavioral1/files/0x00060000000155d9-112.dat	UPX
behavioral1/memory/2080-97-0x000000013F700000-0x000000013FAF2000-memory.dmp	UPX
behavioral1/memory/2840-95-0x000000013FBF0000-0x000000013FFE2000-memory.dmp	UPX
behavioral1/memory/2384-93-0x000000013FCD0000-0x00000001400C2000-memory.dmp	UPX
behavioral1/files/0x0006000000015364-90.dat	UPX
behavioral1/memory/2608-81-0x000000013FC80000-0x0000000140072000-memory.dmp	UPX
behavioral1/files/0x00060000000155d4-106.dat	UPX
behavioral1/memory/2444-79-0x000000013FE10000-0x0000000140202000-memory.dmp	UPX
behavioral1/memory/1008-102-0x000000013F650000-0x000000013FA42000-memory.dmp	UPX
behavioral1/memory/2356-87-0x000000013F530000-0x000000013F922000-memory.dmp	UPX
behavioral1/files/0x0006000000015264-86.dat	UPX
behavioral1/memory/2912-77-0x000000013F7D0000-0x000000013FBC2000-memory.dmp	UPX
behavioral1/files/0x0006000000014e3d-61.dat	UPX
behavioral1/files/0x00090000000126f7-48.dat	UPX
behavioral1/files/0x00230000000122f8-13.dat	UPX
behavioral1/memory/2608-1803-0x000000013FC80000-0x0000000140072000-memory.dmp	UPX
behavioral1/memory/2444-2586-0x000000013FE10000-0x0000000140202000-memory.dmp	UPX
behavioral1/memory/1156-2655-0x000000013F7D0000-0x000000013FBC2000-memory.dmp	UPX
behavioral1/memory/2840-2656-0x000000013FBF0000-0x000000013FFE2000-memory.dmp	UPX
behavioral1/memory/2080-2758-0x000000013F700000-0x000000013FAF2000-memory.dmp	UPX
behavioral1/memory/3040-2809-0x000000013FDE0000-0x00000001401D2000-memory.dmp	UPX
behavioral1/memory/1008-3297-0x000000013F650000-0x000000013FA42000-memory.dmp	UPX
behavioral1/memory/2912-3298-0x000000013F7D0000-0x000000013FBC2000-memory.dmp	UPX
behavioral1/memory/2620-3132-0x000000013F050000-0x000000013F442000-memory.dmp	UPX
behavioral1/memory/2384-3296-0x000000013FCD0000-0x00000001400C2000-memory.dmp	UPX
behavioral1/memory/2356-3130-0x000000013F530000-0x000000013F922000-memory.dmp	UPX
behavioral1/memory/2540-2995-0x000000013F780000-0x000000013FB72000-memory.dmp	UPX

XMRig Miner payload 24 IoCs

miner

resource	yara_rule
behavioral1/memory/2540-9-0x000000013F780000-0x000000013FB72000-memory.dmp	xmrig
behavioral1/memory/2620-26-0x000000013F050000-0x000000013F442000-memory.dmp	xmrig
behavioral1/memory/2240-89-0x0000000002A20000-0x0000000002E12000-memory.dmp	xmrig
behavioral1/memory/1156-99-0x000000013F7D0000-0x000000013FBC2000-memory.dmp	xmrig
behavioral1/memory/2080-97-0x000000013F700000-0x000000013FAF2000-memory.dmp	xmrig
behavioral1/memory/2840-95-0x000000013FBF0000-0x000000013FFE2000-memory.dmp	xmrig
behavioral1/memory/2384-93-0x000000013FCD0000-0x00000001400C2000-memory.dmp	xmrig
behavioral1/memory/2608-81-0x000000013FC80000-0x0000000140072000-memory.dmp	xmrig
behavioral1/memory/2444-79-0x000000013FE10000-0x0000000140202000-memory.dmp	xmrig
behavioral1/memory/1008-102-0x000000013F650000-0x000000013FA42000-memory.dmp	xmrig
behavioral1/memory/2356-87-0x000000013F530000-0x000000013F922000-memory.dmp	xmrig
behavioral1/memory/2912-77-0x000000013F7D0000-0x000000013FBC2000-memory.dmp	xmrig
behavioral1/memory/2608-1803-0x000000013FC80000-0x0000000140072000-memory.dmp	xmrig
behavioral1/memory/2444-2586-0x000000013FE10000-0x0000000140202000-memory.dmp	xmrig
behavioral1/memory/1156-2655-0x000000013F7D0000-0x000000013FBC2000-memory.dmp	xmrig
behavioral1/memory/2840-2656-0x000000013FBF0000-0x000000013FFE2000-memory.dmp	xmrig
behavioral1/memory/2080-2758-0x000000013F700000-0x000000013FAF2000-memory.dmp	xmrig
behavioral1/memory/3040-2809-0x000000013FDE0000-0x00000001401D2000-memory.dmp	xmrig
behavioral1/memory/1008-3297-0x000000013F650000-0x000000013FA42000-memory.dmp	xmrig
behavioral1/memory/2912-3298-0x000000013F7D0000-0x000000013FBC2000-memory.dmp	xmrig
behavioral1/memory/2620-3132-0x000000013F050000-0x000000013F442000-memory.dmp	xmrig
behavioral1/memory/2384-3296-0x000000013FCD0000-0x00000001400C2000-memory.dmp	xmrig
behavioral1/memory/2356-3130-0x000000013F530000-0x000000013F922000-memory.dmp	xmrig
behavioral1/memory/2540-2995-0x000000013F780000-0x000000013FB72000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
1072	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
2540	faIRQJj.exe
3040	GppKqPa.exe
2620	DsCcwZI.exe
2912	BTGSsTx.exe
2444	Jbzgcbj.exe
2608	tICmkOr.exe
2356	KIxIUmF.exe
2384	DkdFLUn.exe
2840	SGdvRBo.exe
2080	JDbLPuJ.exe
1156	jzSnyRA.exe
1008	eaQwnjD.exe
888	qHelpqd.exe
2592	awonPDo.exe
2544	uJwLoHk.exe
1128	VALNpEf.exe
1948	msyNZVw.exe
1104	uQNQkCA.exe
2692	ZjUbGSL.exe
944	EzxgNoh.exe
812	QZeibVI.exe
936	CbLZSlP.exe
1644	UJWeVCh.exe
3036	OewZNhz.exe
2736	fBBdoGR.exe
772	nDSLFft.exe
1504	eTEgWXj.exe
2536	nUjqKtv.exe
1988	oNEgRAo.exe
2044	zGcXBIs.exe
3016	dbQqEps.exe
2144	hqqNweD.exe
1060	qLOJuJN.exe
1960	WDIsxKh.exe
1304	SCMjNUc.exe
800	lLqBVeA.exe
1096	isPGoOV.exe
1964	rbPaOLu.exe
1940	RiKSFet.exe
1932	Yuzvpid.exe
608	PXlsjzY.exe
1752	CWEhuSS.exe
2300	ekoRcPY.exe
2308	MUEPVBO.exe
2864	oJaYzGT.exe
268	ozVDLRZ.exe
2216	GtlMVTK.exe
1700	HOtSUiG.exe
2024	fSYpVKI.exe
2748	IGqYeUz.exe
2068	ffmifSp.exe
1584	rOxRelI.exe
1612	FqSokQv.exe
2448	XodpOGI.exe
2508	IgRlIMF.exe
2532	pxgwefB.exe
2148	WNBdNMM.exe
3064	XtOFLur.exe
2468	cLduDPh.exe
3024	ziTAXWR.exe
2992	NEKchpD.exe
2332	OfUsaPa.exe
292	ngRPHLx.exe
2996	XlDYwzI.exe

Loads dropped DLL 64 IoCs

pid	Process
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe

UPX packed file 57 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2240-0-0x000000013FA90000-0x000000013FE82000-memory.dmp	upx
behavioral1/files/0x000d0000000122d1-3.dat	upx
behavioral1/memory/2540-9-0x000000013F780000-0x000000013FB72000-memory.dmp	upx
behavioral1/memory/3040-14-0x000000013FDE0000-0x00000001401D2000-memory.dmp	upx
behavioral1/memory/2620-26-0x000000013F050000-0x000000013F442000-memory.dmp	upx
behavioral1/files/0x000800000001269e-28.dat	upx
behavioral1/files/0x000f0000000006fd-36.dat	upx
behavioral1/files/0x001a000000012300-37.dat	upx
behavioral1/files/0x000900000001267d-12.dat	upx
behavioral1/files/0x00090000000139d6-49.dat	upx
behavioral1/files/0x0006000000014c67-56.dat	upx
behavioral1/files/0x0006000000014ec4-67.dat	upx
behavioral1/files/0x0006000000014fe1-73.dat	upx
behavioral1/memory/1156-99-0x000000013F7D0000-0x000000013FBC2000-memory.dmp	upx
behavioral1/files/0x0006000000015c0d-138.dat	upx
behavioral1/files/0x0006000000015c23-143.dat	upx
behavioral1/files/0x0006000000015c3c-153.dat	upx
behavioral1/files/0x0006000000015c7c-171.dat	upx
behavioral1/files/0x0006000000015db4-193.dat	upx
behavioral1/files/0x0006000000015cb9-183.dat	upx
behavioral1/files/0x0006000000015d88-187.dat	upx
behavioral1/files/0x0006000000015c87-178.dat	upx
behavioral1/files/0x0006000000015c69-168.dat	upx
behavioral1/files/0x0006000000015c5d-163.dat	upx
behavioral1/files/0x0006000000015c52-158.dat	upx
behavioral1/files/0x0006000000015c2f-148.dat	upx
behavioral1/files/0x0006000000015a98-137.dat	upx
behavioral1/files/0x0006000000015a2d-127.dat	upx
behavioral1/files/0x000600000001560a-122.dat	upx
behavioral1/files/0x00060000000155e2-117.dat	upx
behavioral1/files/0x00060000000155d9-112.dat	upx
behavioral1/memory/2080-97-0x000000013F700000-0x000000013FAF2000-memory.dmp	upx
behavioral1/memory/2840-95-0x000000013FBF0000-0x000000013FFE2000-memory.dmp	upx
behavioral1/memory/2384-93-0x000000013FCD0000-0x00000001400C2000-memory.dmp	upx
behavioral1/files/0x0006000000015364-90.dat	upx
behavioral1/memory/2608-81-0x000000013FC80000-0x0000000140072000-memory.dmp	upx
behavioral1/files/0x00060000000155d4-106.dat	upx
behavioral1/memory/2444-79-0x000000013FE10000-0x0000000140202000-memory.dmp	upx
behavioral1/memory/1008-102-0x000000013F650000-0x000000013FA42000-memory.dmp	upx
behavioral1/memory/2356-87-0x000000013F530000-0x000000013F922000-memory.dmp	upx
behavioral1/files/0x0006000000015264-86.dat	upx
behavioral1/memory/2912-77-0x000000013F7D0000-0x000000013FBC2000-memory.dmp	upx
behavioral1/files/0x0006000000014e3d-61.dat	upx
behavioral1/files/0x00090000000126f7-48.dat	upx
behavioral1/files/0x00230000000122f8-13.dat	upx
behavioral1/memory/2608-1803-0x000000013FC80000-0x0000000140072000-memory.dmp	upx
behavioral1/memory/2444-2586-0x000000013FE10000-0x0000000140202000-memory.dmp	upx
behavioral1/memory/1156-2655-0x000000013F7D0000-0x000000013FBC2000-memory.dmp	upx
behavioral1/memory/2840-2656-0x000000013FBF0000-0x000000013FFE2000-memory.dmp	upx
behavioral1/memory/2080-2758-0x000000013F700000-0x000000013FAF2000-memory.dmp	upx
behavioral1/memory/3040-2809-0x000000013FDE0000-0x00000001401D2000-memory.dmp	upx
behavioral1/memory/1008-3297-0x000000013F650000-0x000000013FA42000-memory.dmp	upx
behavioral1/memory/2912-3298-0x000000013F7D0000-0x000000013FBC2000-memory.dmp	upx
behavioral1/memory/2620-3132-0x000000013F050000-0x000000013F442000-memory.dmp	upx
behavioral1/memory/2384-3296-0x000000013FCD0000-0x00000001400C2000-memory.dmp	upx
behavioral1/memory/2356-3130-0x000000013F530000-0x000000013F922000-memory.dmp	upx
behavioral1/memory/2540-2995-0x000000013F780000-0x000000013FB72000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\VLMddOI.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\ifVDHEb.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\KNocfMP.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\VALNpEf.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\XQwCueU.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\fLHAyZI.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\YxflzNp.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\iDOjsNN.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\rBBXerG.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\egTuIRC.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\ZrgkiIb.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\wOFheHS.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\uJwLoHk.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\OtJZJge.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\KJiDVHR.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\oZaVxRy.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\HOVMDzo.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\dFnUzvj.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\jeCRujh.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\wShkHNq.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\SPTrqqA.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\JOCLerZ.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\KYMtyDy.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\KIitPNA.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\sgPaUIo.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\NkABacC.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\JmSdTLF.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\ZGaoRWf.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\WqOLWsv.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\cxkcIfY.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\BzwcLdv.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\KDolyyR.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\YmAlwBD.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\yJOOmHK.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\ELJMkMw.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\kpFqdFK.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\WnoBgqa.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\byJQtvM.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\YdDItBv.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\QFcGLKh.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\PxXTRXI.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\jXaLIwy.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\UzUzfbs.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\uQlPPkS.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\tbqwnGo.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\NXEKLrS.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\ufViBBi.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\jDkrDsX.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\pSxsPsl.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\mOEnwll.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\SYdtHTY.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\ANBqXPU.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\SiZaWjv.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\gPYEBwr.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\ExgZNhE.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\vvOUHTj.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\EunkSwR.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\HVGyMLo.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\sPLpGGP.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\ecmBiYI.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\zWmrpja.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\uEgyqIl.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\etbYBht.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
File created	C:\Windows\System\knfxncN.exe	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1072	powershell.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
Token: SeDebugPrivilege	1072	powershell.exe
Token: SeLockMemoryPrivilege	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 1072	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	29
PID 2240 wrote to memory of 1072	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	29
PID 2240 wrote to memory of 1072	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	29
PID 2240 wrote to memory of 2540	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	30
PID 2240 wrote to memory of 2540	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	30
PID 2240 wrote to memory of 2540	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	30
PID 2240 wrote to memory of 3040	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	31
PID 2240 wrote to memory of 3040	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	31
PID 2240 wrote to memory of 3040	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	31
PID 2240 wrote to memory of 2620	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	32
PID 2240 wrote to memory of 2620	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	32
PID 2240 wrote to memory of 2620	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	32
PID 2240 wrote to memory of 2912	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	33
PID 2240 wrote to memory of 2912	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	33
PID 2240 wrote to memory of 2912	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	33
PID 2240 wrote to memory of 2444	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	34
PID 2240 wrote to memory of 2444	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	34
PID 2240 wrote to memory of 2444	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	34
PID 2240 wrote to memory of 2608	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	35
PID 2240 wrote to memory of 2608	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	35
PID 2240 wrote to memory of 2608	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	35
PID 2240 wrote to memory of 2356	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	36
PID 2240 wrote to memory of 2356	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	36
PID 2240 wrote to memory of 2356	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	36
PID 2240 wrote to memory of 2384	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	37
PID 2240 wrote to memory of 2384	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	37
PID 2240 wrote to memory of 2384	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	37
PID 2240 wrote to memory of 2840	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	38
PID 2240 wrote to memory of 2840	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	38
PID 2240 wrote to memory of 2840	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	38
PID 2240 wrote to memory of 2080	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	39
PID 2240 wrote to memory of 2080	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	39
PID 2240 wrote to memory of 2080	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	39
PID 2240 wrote to memory of 1156	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	40
PID 2240 wrote to memory of 1156	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	40
PID 2240 wrote to memory of 1156	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	40
PID 2240 wrote to memory of 1008	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	41
PID 2240 wrote to memory of 1008	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	41
PID 2240 wrote to memory of 1008	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	41
PID 2240 wrote to memory of 888	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	42
PID 2240 wrote to memory of 888	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	42
PID 2240 wrote to memory of 888	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	42
PID 2240 wrote to memory of 2592	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	43
PID 2240 wrote to memory of 2592	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	43
PID 2240 wrote to memory of 2592	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	43
PID 2240 wrote to memory of 2544	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	44
PID 2240 wrote to memory of 2544	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	44
PID 2240 wrote to memory of 2544	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	44
PID 2240 wrote to memory of 1128	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	45
PID 2240 wrote to memory of 1128	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	45
PID 2240 wrote to memory of 1128	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	45
PID 2240 wrote to memory of 1948	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	46
PID 2240 wrote to memory of 1948	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	46
PID 2240 wrote to memory of 1948	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	46
PID 2240 wrote to memory of 1104	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	47
PID 2240 wrote to memory of 1104	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	47
PID 2240 wrote to memory of 1104	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	47
PID 2240 wrote to memory of 2692	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	48
PID 2240 wrote to memory of 2692	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	48
PID 2240 wrote to memory of 2692	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	48
PID 2240 wrote to memory of 944	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	49
PID 2240 wrote to memory of 944	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	49
PID 2240 wrote to memory of 944	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	49
PID 2240 wrote to memory of 812	2240	872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe	50

C:\Users\Admin\AppData\Local\Temp\872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe
"C:\Users\Admin\AppData\Local\Temp\872938776a3f25ca4953c17d88f01b64f8291f43de2995940546dfb6a90c8e29.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1072
- C:\Windows\System\faIRQJj.exe
  C:\Windows\System\faIRQJj.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\GppKqPa.exe
  C:\Windows\System\GppKqPa.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\DsCcwZI.exe
  C:\Windows\System\DsCcwZI.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\BTGSsTx.exe
  C:\Windows\System\BTGSsTx.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\Jbzgcbj.exe
  C:\Windows\System\Jbzgcbj.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\tICmkOr.exe
  C:\Windows\System\tICmkOr.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\KIxIUmF.exe
  C:\Windows\System\KIxIUmF.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\DkdFLUn.exe
  C:\Windows\System\DkdFLUn.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\SGdvRBo.exe
  C:\Windows\System\SGdvRBo.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\JDbLPuJ.exe
  C:\Windows\System\JDbLPuJ.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\jzSnyRA.exe
  C:\Windows\System\jzSnyRA.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\eaQwnjD.exe
  C:\Windows\System\eaQwnjD.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\qHelpqd.exe
  C:\Windows\System\qHelpqd.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\awonPDo.exe
  C:\Windows\System\awonPDo.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\uJwLoHk.exe
  C:\Windows\System\uJwLoHk.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\VALNpEf.exe
  C:\Windows\System\VALNpEf.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\msyNZVw.exe
  C:\Windows\System\msyNZVw.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\uQNQkCA.exe
  C:\Windows\System\uQNQkCA.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\ZjUbGSL.exe
  C:\Windows\System\ZjUbGSL.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\EzxgNoh.exe
  C:\Windows\System\EzxgNoh.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\QZeibVI.exe
  C:\Windows\System\QZeibVI.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\CbLZSlP.exe
  C:\Windows\System\CbLZSlP.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\UJWeVCh.exe
  C:\Windows\System\UJWeVCh.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\OewZNhz.exe
  C:\Windows\System\OewZNhz.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\fBBdoGR.exe
  C:\Windows\System\fBBdoGR.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\nDSLFft.exe
  C:\Windows\System\nDSLFft.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\eTEgWXj.exe
  C:\Windows\System\eTEgWXj.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\nUjqKtv.exe
  C:\Windows\System\nUjqKtv.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\oNEgRAo.exe
  C:\Windows\System\oNEgRAo.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\zGcXBIs.exe
  C:\Windows\System\zGcXBIs.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\dbQqEps.exe
  C:\Windows\System\dbQqEps.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\hqqNweD.exe
  C:\Windows\System\hqqNweD.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\qLOJuJN.exe
  C:\Windows\System\qLOJuJN.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\WDIsxKh.exe
  C:\Windows\System\WDIsxKh.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\SCMjNUc.exe
  C:\Windows\System\SCMjNUc.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\lLqBVeA.exe
  C:\Windows\System\lLqBVeA.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\isPGoOV.exe
  C:\Windows\System\isPGoOV.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\rbPaOLu.exe
  C:\Windows\System\rbPaOLu.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\RiKSFet.exe
  C:\Windows\System\RiKSFet.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\Yuzvpid.exe
  C:\Windows\System\Yuzvpid.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\PXlsjzY.exe
  C:\Windows\System\PXlsjzY.exe
  2⤵
  - Executes dropped EXE
  PID:608
- C:\Windows\System\CWEhuSS.exe
  C:\Windows\System\CWEhuSS.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\ekoRcPY.exe
  C:\Windows\System\ekoRcPY.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\MUEPVBO.exe
  C:\Windows\System\MUEPVBO.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\oJaYzGT.exe
  C:\Windows\System\oJaYzGT.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\ozVDLRZ.exe
  C:\Windows\System\ozVDLRZ.exe
  2⤵
  - Executes dropped EXE
  PID:268
- C:\Windows\System\GtlMVTK.exe
  C:\Windows\System\GtlMVTK.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\HOtSUiG.exe
  C:\Windows\System\HOtSUiG.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\fSYpVKI.exe
  C:\Windows\System\fSYpVKI.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\IGqYeUz.exe
  C:\Windows\System\IGqYeUz.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\ffmifSp.exe
  C:\Windows\System\ffmifSp.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\rOxRelI.exe
  C:\Windows\System\rOxRelI.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\FqSokQv.exe
  C:\Windows\System\FqSokQv.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\XodpOGI.exe
  C:\Windows\System\XodpOGI.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\IgRlIMF.exe
  C:\Windows\System\IgRlIMF.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\pxgwefB.exe
  C:\Windows\System\pxgwefB.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\WNBdNMM.exe
  C:\Windows\System\WNBdNMM.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\XtOFLur.exe
  C:\Windows\System\XtOFLur.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\cLduDPh.exe
  C:\Windows\System\cLduDPh.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\ziTAXWR.exe
  C:\Windows\System\ziTAXWR.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\NEKchpD.exe
  C:\Windows\System\NEKchpD.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\OfUsaPa.exe
  C:\Windows\System\OfUsaPa.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\ngRPHLx.exe
  C:\Windows\System\ngRPHLx.exe
  2⤵
  - Executes dropped EXE
  PID:292
- C:\Windows\System\XlDYwzI.exe
  C:\Windows\System\XlDYwzI.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\yPxfhzZ.exe
  C:\Windows\System\yPxfhzZ.exe
  2⤵
  PID:456
- C:\Windows\System\guEqhOB.exe
  C:\Windows\System\guEqhOB.exe
  2⤵
  PID:2364
- C:\Windows\System\DStvdIO.exe
  C:\Windows\System\DStvdIO.exe
  2⤵
  PID:2304
- C:\Windows\System\WbKuFvN.exe
  C:\Windows\System\WbKuFvN.exe
  2⤵
  PID:1916
- C:\Windows\System\IqIbOlj.exe
  C:\Windows\System\IqIbOlj.exe
  2⤵
  PID:2672
- C:\Windows\System\CaRHStC.exe
  C:\Windows\System\CaRHStC.exe
  2⤵
  PID:2132
- C:\Windows\System\ACXJsYg.exe
  C:\Windows\System\ACXJsYg.exe
  2⤵
  PID:2916
- C:\Windows\System\AVjXnTm.exe
  C:\Windows\System\AVjXnTm.exe
  2⤵
  PID:1728
- C:\Windows\System\bpzAoVW.exe
  C:\Windows\System\bpzAoVW.exe
  2⤵
  PID:1696
- C:\Windows\System\iViYsRC.exe
  C:\Windows\System\iViYsRC.exe
  2⤵
  PID:1628
- C:\Windows\System\mLTLvoS.exe
  C:\Windows\System\mLTLvoS.exe
  2⤵
  PID:2740
- C:\Windows\System\mtvTYQx.exe
  C:\Windows\System\mtvTYQx.exe
  2⤵
  PID:472
- C:\Windows\System\IernDXn.exe
  C:\Windows\System\IernDXn.exe
  2⤵
  PID:2952
- C:\Windows\System\hvEXSaN.exe
  C:\Windows\System\hvEXSaN.exe
  2⤵
  PID:1992
- C:\Windows\System\pzJtpVw.exe
  C:\Windows\System\pzJtpVw.exe
  2⤵
  PID:2164
- C:\Windows\System\UcVxjSc.exe
  C:\Windows\System\UcVxjSc.exe
  2⤵
  PID:1068
- C:\Windows\System\HhEKYXo.exe
  C:\Windows\System\HhEKYXo.exe
  2⤵
  PID:2056
- C:\Windows\System\rkGnLiN.exe
  C:\Windows\System\rkGnLiN.exe
  2⤵
  PID:2528
- C:\Windows\System\GLDGEJm.exe
  C:\Windows\System\GLDGEJm.exe
  2⤵
  PID:1708
- C:\Windows\System\FLMRLaG.exe
  C:\Windows\System\FLMRLaG.exe
  2⤵
  PID:672
- C:\Windows\System\ZTUdsAF.exe
  C:\Windows\System\ZTUdsAF.exe
  2⤵
  PID:1484
- C:\Windows\System\yigxSPA.exe
  C:\Windows\System\yigxSPA.exe
  2⤵
  PID:2176
- C:\Windows\System\iJaLqFS.exe
  C:\Windows\System\iJaLqFS.exe
  2⤵
  PID:1048
- C:\Windows\System\ibQghDA.exe
  C:\Windows\System\ibQghDA.exe
  2⤵
  PID:2220
- C:\Windows\System\fFWeavS.exe
  C:\Windows\System\fFWeavS.exe
  2⤵
  PID:2604
- C:\Windows\System\khZrPhd.exe
  C:\Windows\System\khZrPhd.exe
  2⤵
  PID:288
- C:\Windows\System\BjMSvAZ.exe
  C:\Windows\System\BjMSvAZ.exe
  2⤵
  PID:892
- C:\Windows\System\SYdtHTY.exe
  C:\Windows\System\SYdtHTY.exe
  2⤵
  PID:3056
- C:\Windows\System\pkfrRPN.exe
  C:\Windows\System\pkfrRPN.exe
  2⤵
  PID:2124
- C:\Windows\System\VbzunPA.exe
  C:\Windows\System\VbzunPA.exe
  2⤵
  PID:2032
- C:\Windows\System\SmvjEvH.exe
  C:\Windows\System\SmvjEvH.exe
  2⤵
  PID:1756
- C:\Windows\System\StxCpop.exe
  C:\Windows\System\StxCpop.exe
  2⤵
  PID:2760
- C:\Windows\System\jvMrOUx.exe
  C:\Windows\System\jvMrOUx.exe
  2⤵
  PID:1448
- C:\Windows\System\AAWydev.exe
  C:\Windows\System\AAWydev.exe
  2⤵
  PID:2652
- C:\Windows\System\tNubvZi.exe
  C:\Windows\System\tNubvZi.exe
  2⤵
  PID:2372
- C:\Windows\System\RDflyiH.exe
  C:\Windows\System\RDflyiH.exe
  2⤵
  PID:2492
- C:\Windows\System\nigINQe.exe
  C:\Windows\System\nigINQe.exe
  2⤵
  PID:2428
- C:\Windows\System\bEAvoZb.exe
  C:\Windows\System\bEAvoZb.exe
  2⤵
  PID:1480
- C:\Windows\System\MxvUQTP.exe
  C:\Windows\System\MxvUQTP.exe
  2⤵
  PID:2256
- C:\Windows\System\kMrOWHP.exe
  C:\Windows\System\kMrOWHP.exe
  2⤵
  PID:1056
- C:\Windows\System\hfDPzKm.exe
  C:\Windows\System\hfDPzKm.exe
  2⤵
  PID:636
- C:\Windows\System\QzTRGFg.exe
  C:\Windows\System\QzTRGFg.exe
  2⤵
  PID:2036
- C:\Windows\System\ruNQTWT.exe
  C:\Windows\System\ruNQTWT.exe
  2⤵
  PID:1540
- C:\Windows\System\RIiMshY.exe
  C:\Windows\System\RIiMshY.exe
  2⤵
  PID:2336
- C:\Windows\System\tFpbZZx.exe
  C:\Windows\System\tFpbZZx.exe
  2⤵
  PID:2948
- C:\Windows\System\UEJZTeX.exe
  C:\Windows\System\UEJZTeX.exe
  2⤵
  PID:3012
- C:\Windows\System\Xenqqip.exe
  C:\Windows\System\Xenqqip.exe
  2⤵
  PID:592
- C:\Windows\System\YhadVjo.exe
  C:\Windows\System\YhadVjo.exe
  2⤵
  PID:1152
- C:\Windows\System\rbreYMj.exe
  C:\Windows\System\rbreYMj.exe
  2⤵
  PID:2224
- C:\Windows\System\ZGaoRWf.exe
  C:\Windows\System\ZGaoRWf.exe
  2⤵
  PID:1508
- C:\Windows\System\snnxefj.exe
  C:\Windows\System\snnxefj.exe
  2⤵
  PID:960
- C:\Windows\System\LJCqcfT.exe
  C:\Windows\System\LJCqcfT.exe
  2⤵
  PID:1944
- C:\Windows\System\QvovLWy.exe
  C:\Windows\System\QvovLWy.exe
  2⤵
  PID:1120
- C:\Windows\System\eabluAH.exe
  C:\Windows\System\eabluAH.exe
  2⤵
  PID:1044
- C:\Windows\System\yBwACZy.exe
  C:\Windows\System\yBwACZy.exe
  2⤵
  PID:2100
- C:\Windows\System\kCidGap.exe
  C:\Windows\System\kCidGap.exe
  2⤵
  PID:1196
- C:\Windows\System\HIOcRzB.exe
  C:\Windows\System\HIOcRzB.exe
  2⤵
  PID:2816
- C:\Windows\System\dCYckEk.exe
  C:\Windows\System\dCYckEk.exe
  2⤵
  PID:2324
- C:\Windows\System\xVFjiMP.exe
  C:\Windows\System\xVFjiMP.exe
  2⤵
  PID:912
- C:\Windows\System\YrchZeq.exe
  C:\Windows\System\YrchZeq.exe
  2⤵
  PID:1720
- C:\Windows\System\NTDNiFb.exe
  C:\Windows\System\NTDNiFb.exe
  2⤵
  PID:2828
- C:\Windows\System\BpylOlf.exe
  C:\Windows\System\BpylOlf.exe
  2⤵
  PID:1384
- C:\Windows\System\GPFQGBa.exe
  C:\Windows\System\GPFQGBa.exe
  2⤵
  PID:2028
- C:\Windows\System\ZOuvvRv.exe
  C:\Windows\System\ZOuvvRv.exe
  2⤵
  PID:1164
- C:\Windows\System\iSkJpjb.exe
  C:\Windows\System\iSkJpjb.exe
  2⤵
  PID:1620
- C:\Windows\System\yspFSDy.exe
  C:\Windows\System\yspFSDy.exe
  2⤵
  PID:2412
- C:\Windows\System\OGwUjmv.exe
  C:\Windows\System\OGwUjmv.exe
  2⤵
  PID:852
- C:\Windows\System\tDcbdAW.exe
  C:\Windows\System\tDcbdAW.exe
  2⤵
  PID:1636
- C:\Windows\System\DrBgymm.exe
  C:\Windows\System\DrBgymm.exe
  2⤵
  PID:308
- C:\Windows\System\KTTRLUd.exe
  C:\Windows\System\KTTRLUd.exe
  2⤵
  PID:2552
- C:\Windows\System\kvbdwAD.exe
  C:\Windows\System\kvbdwAD.exe
  2⤵
  PID:2560
- C:\Windows\System\hHOnhyj.exe
  C:\Windows\System\hHOnhyj.exe
  2⤵
  PID:932
- C:\Windows\System\BrRVumJ.exe
  C:\Windows\System\BrRVumJ.exe
  2⤵
  PID:2512
- C:\Windows\System\KkSEnfN.exe
  C:\Windows\System\KkSEnfN.exe
  2⤵
  PID:856
- C:\Windows\System\wPgkNaa.exe
  C:\Windows\System\wPgkNaa.exe
  2⤵
  PID:2012
- C:\Windows\System\QSQSgnc.exe
  C:\Windows\System\QSQSgnc.exe
  2⤵
  PID:2784
- C:\Windows\System\BCRDFHF.exe
  C:\Windows\System\BCRDFHF.exe
  2⤵
  PID:1608
- C:\Windows\System\BdfqoOH.exe
  C:\Windows\System\BdfqoOH.exe
  2⤵
  PID:2556
- C:\Windows\System\YgILasV.exe
  C:\Windows\System\YgILasV.exe
  2⤵
  PID:2836
- C:\Windows\System\yJOOmHK.exe
  C:\Windows\System\yJOOmHK.exe
  2⤵
  PID:2484
- C:\Windows\System\mWRrzWV.exe
  C:\Windows\System\mWRrzWV.exe
  2⤵
  PID:940
- C:\Windows\System\oRRrbtR.exe
  C:\Windows\System\oRRrbtR.exe
  2⤵
  PID:2184
- C:\Windows\System\ZgrHEHL.exe
  C:\Windows\System\ZgrHEHL.exe
  2⤵
  PID:1712
- C:\Windows\System\kxPDMdH.exe
  C:\Windows\System\kxPDMdH.exe
  2⤵
  PID:1836
- C:\Windows\System\FCjuOad.exe
  C:\Windows\System\FCjuOad.exe
  2⤵
  PID:3060
- C:\Windows\System\oYYpudB.exe
  C:\Windows\System\oYYpudB.exe
  2⤵
  PID:2656
- C:\Windows\System\ljtDKxl.exe
  C:\Windows\System\ljtDKxl.exe
  2⤵
  PID:2548
- C:\Windows\System\JIFOCrA.exe
  C:\Windows\System\JIFOCrA.exe
  2⤵
  PID:1492
- C:\Windows\System\ElSXBcU.exe
  C:\Windows\System\ElSXBcU.exe
  2⤵
  PID:3004
- C:\Windows\System\UNwZzeY.exe
  C:\Windows\System\UNwZzeY.exe
  2⤵
  PID:2040
- C:\Windows\System\rToaNtt.exe
  C:\Windows\System\rToaNtt.exe
  2⤵
  PID:952
- C:\Windows\System\gfFMDxS.exe
  C:\Windows\System\gfFMDxS.exe
  2⤵
  PID:1716
- C:\Windows\System\BXXNvmR.exe
  C:\Windows\System\BXXNvmR.exe
  2⤵
  PID:2956
- C:\Windows\System\VrMyWkh.exe
  C:\Windows\System\VrMyWkh.exe
  2⤵
  PID:1564
- C:\Windows\System\sDwoHhC.exe
  C:\Windows\System\sDwoHhC.exe
  2⤵
  PID:2984
- C:\Windows\System\SUDIjWG.exe
  C:\Windows\System\SUDIjWG.exe
  2⤵
  PID:1652
- C:\Windows\System\aipdWdm.exe
  C:\Windows\System\aipdWdm.exe
  2⤵
  PID:2876
- C:\Windows\System\KuIGqdT.exe
  C:\Windows\System\KuIGqdT.exe
  2⤵
  PID:2244
- C:\Windows\System\UFEmmAC.exe
  C:\Windows\System\UFEmmAC.exe
  2⤵
  PID:1268
- C:\Windows\System\OrqGmEX.exe
  C:\Windows\System\OrqGmEX.exe
  2⤵
  PID:2396
- C:\Windows\System\MdqAUgG.exe
  C:\Windows\System\MdqAUgG.exe
  2⤵
  PID:2208
- C:\Windows\System\GZTVNxs.exe
  C:\Windows\System\GZTVNxs.exe
  2⤵
  PID:2232
- C:\Windows\System\MkSfSKH.exe
  C:\Windows\System\MkSfSKH.exe
  2⤵
  PID:2716
- C:\Windows\System\xzQDELE.exe
  C:\Windows\System\xzQDELE.exe
  2⤵
  PID:2296
- C:\Windows\System\szMTUyB.exe
  C:\Windows\System\szMTUyB.exe
  2⤵
  PID:2792
- C:\Windows\System\OVccsqV.exe
  C:\Windows\System\OVccsqV.exe
  2⤵
  PID:3020
- C:\Windows\System\XFCIgrR.exe
  C:\Windows\System\XFCIgrR.exe
  2⤵
  PID:884
- C:\Windows\System\sPLpGGP.exe
  C:\Windows\System\sPLpGGP.exe
  2⤵
  PID:1472
- C:\Windows\System\PadUUTC.exe
  C:\Windows\System\PadUUTC.exe
  2⤵
  PID:2848
- C:\Windows\System\dQjDEpJ.exe
  C:\Windows\System\dQjDEpJ.exe
  2⤵
  PID:2712
- C:\Windows\System\FLcsuKQ.exe
  C:\Windows\System\FLcsuKQ.exe
  2⤵
  PID:1632
- C:\Windows\System\LVJqPwc.exe
  C:\Windows\System\LVJqPwc.exe
  2⤵
  PID:2320
- C:\Windows\System\ljCnvAC.exe
  C:\Windows\System\ljCnvAC.exe
  2⤵
  PID:1524
- C:\Windows\System\igLZqje.exe
  C:\Windows\System\igLZqje.exe
  2⤵
  PID:1012
- C:\Windows\System\HxVQCqk.exe
  C:\Windows\System\HxVQCqk.exe
  2⤵
  PID:1668
- C:\Windows\System\VfqvhHm.exe
  C:\Windows\System\VfqvhHm.exe
  2⤵
  PID:1488
- C:\Windows\System\KYDPksP.exe
  C:\Windows\System\KYDPksP.exe
  2⤵
  PID:1624
- C:\Windows\System\KYMtyDy.exe
  C:\Windows\System\KYMtyDy.exe
  2⤵
  PID:2504
- C:\Windows\System\aKaSwkN.exe
  C:\Windows\System\aKaSwkN.exe
  2⤵
  PID:556
- C:\Windows\System\LptzcgV.exe
  C:\Windows\System\LptzcgV.exe
  2⤵
  PID:1772
- C:\Windows\System\mdtcprL.exe
  C:\Windows\System\mdtcprL.exe
  2⤵
  PID:3080
- C:\Windows\System\nEgxOUB.exe
  C:\Windows\System\nEgxOUB.exe
  2⤵
  PID:3100
- C:\Windows\System\BxlKAMJ.exe
  C:\Windows\System\BxlKAMJ.exe
  2⤵
  PID:3120
- C:\Windows\System\yAPiPvI.exe
  C:\Windows\System\yAPiPvI.exe
  2⤵
  PID:3136
- C:\Windows\System\VcxbBJy.exe
  C:\Windows\System\VcxbBJy.exe
  2⤵
  PID:3152
- C:\Windows\System\KjmfWYk.exe
  C:\Windows\System\KjmfWYk.exe
  2⤵
  PID:3168
- C:\Windows\System\sscaKwj.exe
  C:\Windows\System\sscaKwj.exe
  2⤵
  PID:3184
- C:\Windows\System\zEZBwCF.exe
  C:\Windows\System\zEZBwCF.exe
  2⤵
  PID:3200
- C:\Windows\System\sZarhIn.exe
  C:\Windows\System\sZarhIn.exe
  2⤵
  PID:3216
- C:\Windows\System\nPFmUMa.exe
  C:\Windows\System\nPFmUMa.exe
  2⤵
  PID:3236
- C:\Windows\System\QLNMXzu.exe
  C:\Windows\System\QLNMXzu.exe
  2⤵
  PID:3252
- C:\Windows\System\BmJLmPQ.exe
  C:\Windows\System\BmJLmPQ.exe
  2⤵
  PID:3272
- C:\Windows\System\lwPzHvD.exe
  C:\Windows\System\lwPzHvD.exe
  2⤵
  PID:3304
- C:\Windows\System\bfMCYVV.exe
  C:\Windows\System\bfMCYVV.exe
  2⤵
  PID:3324
- C:\Windows\System\RfFWcdb.exe
  C:\Windows\System\RfFWcdb.exe
  2⤵
  PID:3340
- C:\Windows\System\FfRNcQf.exe
  C:\Windows\System\FfRNcQf.exe
  2⤵
  PID:3360
- C:\Windows\System\VHIrYto.exe
  C:\Windows\System\VHIrYto.exe
  2⤵
  PID:3380
- C:\Windows\System\CkXBcQv.exe
  C:\Windows\System\CkXBcQv.exe
  2⤵
  PID:3396
- C:\Windows\System\LFlcBgN.exe
  C:\Windows\System\LFlcBgN.exe
  2⤵
  PID:3412
- C:\Windows\System\cOluMKj.exe
  C:\Windows\System\cOluMKj.exe
  2⤵
  PID:3432
- C:\Windows\System\yYXxlbQ.exe
  C:\Windows\System\yYXxlbQ.exe
  2⤵
  PID:3448
- C:\Windows\System\HzoWOru.exe
  C:\Windows\System\HzoWOru.exe
  2⤵
  PID:3464
- C:\Windows\System\SsCZewa.exe
  C:\Windows\System\SsCZewa.exe
  2⤵
  PID:3480
- C:\Windows\System\wvZjYnU.exe
  C:\Windows\System\wvZjYnU.exe
  2⤵
  PID:3496
- C:\Windows\System\GJdkOCi.exe
  C:\Windows\System\GJdkOCi.exe
  2⤵
  PID:3512
- C:\Windows\System\kvoOJbH.exe
  C:\Windows\System\kvoOJbH.exe
  2⤵
  PID:3528
- C:\Windows\System\VyfWtkb.exe
  C:\Windows\System\VyfWtkb.exe
  2⤵
  PID:3544
- C:\Windows\System\hjLYmVF.exe
  C:\Windows\System\hjLYmVF.exe
  2⤵
  PID:3560
- C:\Windows\System\CNKyuPo.exe
  C:\Windows\System\CNKyuPo.exe
  2⤵
  PID:3576
- C:\Windows\System\IZiOaZz.exe
  C:\Windows\System\IZiOaZz.exe
  2⤵
  PID:3592
- C:\Windows\System\OReYaWX.exe
  C:\Windows\System\OReYaWX.exe
  2⤵
  PID:3608
- C:\Windows\System\EneelnX.exe
  C:\Windows\System\EneelnX.exe
  2⤵
  PID:3624
- C:\Windows\System\nLAJHvC.exe
  C:\Windows\System\nLAJHvC.exe
  2⤵
  PID:3640
- C:\Windows\System\wdMhcyK.exe
  C:\Windows\System\wdMhcyK.exe
  2⤵
  PID:3660
- C:\Windows\System\qNhcttz.exe
  C:\Windows\System\qNhcttz.exe
  2⤵
  PID:3676
- C:\Windows\System\fewbLFM.exe
  C:\Windows\System\fewbLFM.exe
  2⤵
  PID:3692
- C:\Windows\System\tkHEDbQ.exe
  C:\Windows\System\tkHEDbQ.exe
  2⤵
  PID:3720
- C:\Windows\System\nOkGkxH.exe
  C:\Windows\System\nOkGkxH.exe
  2⤵
  PID:3744
- C:\Windows\System\AQEVatK.exe
  C:\Windows\System\AQEVatK.exe
  2⤵
  PID:3760
- C:\Windows\System\dFXNWSh.exe
  C:\Windows\System\dFXNWSh.exe
  2⤵
  PID:3780
- C:\Windows\System\PQMnSOI.exe
  C:\Windows\System\PQMnSOI.exe
  2⤵
  PID:3796
- C:\Windows\System\fOgQdTG.exe
  C:\Windows\System\fOgQdTG.exe
  2⤵
  PID:3812
- C:\Windows\System\aWOSWPQ.exe
  C:\Windows\System\aWOSWPQ.exe
  2⤵
  PID:3832
- C:\Windows\System\xJtCHoL.exe
  C:\Windows\System\xJtCHoL.exe
  2⤵
  PID:3848
- C:\Windows\System\AlQWkgg.exe
  C:\Windows\System\AlQWkgg.exe
  2⤵
  PID:3864
- C:\Windows\System\tRxKePW.exe
  C:\Windows\System\tRxKePW.exe
  2⤵
  PID:3880
- C:\Windows\System\zdAmwpD.exe
  C:\Windows\System\zdAmwpD.exe
  2⤵
  PID:3900
- C:\Windows\System\hjNWsDf.exe
  C:\Windows\System\hjNWsDf.exe
  2⤵
  PID:3920
- C:\Windows\System\MhqeXDR.exe
  C:\Windows\System\MhqeXDR.exe
  2⤵
  PID:3936
- C:\Windows\System\kzhoUvg.exe
  C:\Windows\System\kzhoUvg.exe
  2⤵
  PID:3952
- C:\Windows\System\fWkPHEF.exe
  C:\Windows\System\fWkPHEF.exe
  2⤵
  PID:3972
- C:\Windows\System\ghmjwkr.exe
  C:\Windows\System\ghmjwkr.exe
  2⤵
  PID:3988
- C:\Windows\System\jAuPBAd.exe
  C:\Windows\System\jAuPBAd.exe
  2⤵
  PID:4004
- C:\Windows\System\YLDkEQg.exe
  C:\Windows\System\YLDkEQg.exe
  2⤵
  PID:4020
- C:\Windows\System\yPbjKXk.exe
  C:\Windows\System\yPbjKXk.exe
  2⤵
  PID:4036
- C:\Windows\System\zCPtjjf.exe
  C:\Windows\System\zCPtjjf.exe
  2⤵
  PID:4052
- C:\Windows\System\cWXJBty.exe
  C:\Windows\System\cWXJBty.exe
  2⤵
  PID:4068
- C:\Windows\System\OnUZwTw.exe
  C:\Windows\System\OnUZwTw.exe
  2⤵
  PID:4084
- C:\Windows\System\DbIAAkP.exe
  C:\Windows\System\DbIAAkP.exe
  2⤵
  PID:572
- C:\Windows\System\gwYxuXH.exe
  C:\Windows\System\gwYxuXH.exe
  2⤵
  PID:1724
- C:\Windows\System\MKyyTZI.exe
  C:\Windows\System\MKyyTZI.exe
  2⤵
  PID:3088
- C:\Windows\System\pUEemUz.exe
  C:\Windows\System\pUEemUz.exe
  2⤵
  PID:524
- C:\Windows\System\AdjhCoI.exe
  C:\Windows\System\AdjhCoI.exe
  2⤵
  PID:2004
- C:\Windows\System\KYdgHmD.exe
  C:\Windows\System\KYdgHmD.exe
  2⤵
  PID:3128
- C:\Windows\System\CdvnJUy.exe
  C:\Windows\System\CdvnJUy.exe
  2⤵
  PID:3164
- C:\Windows\System\ZrgkiIb.exe
  C:\Windows\System\ZrgkiIb.exe
  2⤵
  PID:3232
- C:\Windows\System\llGHvoN.exe
  C:\Windows\System\llGHvoN.exe
  2⤵
  PID:3244
- C:\Windows\System\KgWnZGH.exe
  C:\Windows\System\KgWnZGH.exe
  2⤵
  PID:3280
- C:\Windows\System\VNUcxUo.exe
  C:\Windows\System\VNUcxUo.exe
  2⤵
  PID:3284
- C:\Windows\System\kUCpuTG.exe
  C:\Windows\System\kUCpuTG.exe
  2⤵
  PID:3316
- C:\Windows\System\CkpnsoJ.exe
  C:\Windows\System\CkpnsoJ.exe
  2⤵
  PID:3296
- C:\Windows\System\wHBcySC.exe
  C:\Windows\System\wHBcySC.exe
  2⤵
  PID:3356
- C:\Windows\System\bnfFwLr.exe
  C:\Windows\System\bnfFwLr.exe
  2⤵
  PID:3388
- C:\Windows\System\wrPSkbQ.exe
  C:\Windows\System\wrPSkbQ.exe
  2⤵
  PID:3428
- C:\Windows\System\HVGyMLo.exe
  C:\Windows\System\HVGyMLo.exe
  2⤵
  PID:3460
- C:\Windows\System\zAloeTT.exe
  C:\Windows\System\zAloeTT.exe
  2⤵
  PID:3492
- C:\Windows\System\jXRUKOG.exe
  C:\Windows\System\jXRUKOG.exe
  2⤵
  PID:3552
- C:\Windows\System\eCvQxnl.exe
  C:\Windows\System\eCvQxnl.exe
  2⤵
  PID:3588
- C:\Windows\System\dGSTYXP.exe
  C:\Windows\System\dGSTYXP.exe
  2⤵
  PID:3444
- C:\Windows\System\cjdZNlq.exe
  C:\Windows\System\cjdZNlq.exe
  2⤵
  PID:3684
- C:\Windows\System\ecmBiYI.exe
  C:\Windows\System\ecmBiYI.exe
  2⤵
  PID:3476
- C:\Windows\System\BGEFHwT.exe
  C:\Windows\System\BGEFHwT.exe
  2⤵
  PID:2020
- C:\Windows\System\NkABacC.exe
  C:\Windows\System\NkABacC.exe
  2⤵
  PID:3668
- C:\Windows\System\BaTtMzL.exe
  C:\Windows\System\BaTtMzL.exe
  2⤵
  PID:3740
- C:\Windows\System\PaqlniH.exe
  C:\Windows\System\PaqlniH.exe
  2⤵
  PID:3756
- C:\Windows\System\HroucVx.exe
  C:\Windows\System\HroucVx.exe
  2⤵
  PID:3804
- C:\Windows\System\JPvQByN.exe
  C:\Windows\System\JPvQByN.exe
  2⤵
  PID:3788
- C:\Windows\System\RbMBWmQ.exe
  C:\Windows\System\RbMBWmQ.exe
  2⤵
  PID:3876
- C:\Windows\System\gobFMUd.exe
  C:\Windows\System\gobFMUd.exe
  2⤵
  PID:3860
- C:\Windows\System\ciDuQlR.exe
  C:\Windows\System\ciDuQlR.exe
  2⤵
  PID:3916
- C:\Windows\System\stAskEC.exe
  C:\Windows\System\stAskEC.exe
  2⤵
  PID:3948
- C:\Windows\System\jzrCOmI.exe
  C:\Windows\System\jzrCOmI.exe
  2⤵
  PID:3984
- C:\Windows\System\xKpMfAy.exe
  C:\Windows\System\xKpMfAy.exe
  2⤵
  PID:4048
- C:\Windows\System\JBnOmWu.exe
  C:\Windows\System\JBnOmWu.exe
  2⤵
  PID:3996
- C:\Windows\System\EeqNRdX.exe
  C:\Windows\System\EeqNRdX.exe
  2⤵
  PID:4032
- C:\Windows\System\aHEzJBk.exe
  C:\Windows\System\aHEzJBk.exe
  2⤵
  PID:2360
- C:\Windows\System\cRNTMjV.exe
  C:\Windows\System\cRNTMjV.exe
  2⤵
  PID:4064
- C:\Windows\System\fPkfHRS.exe
  C:\Windows\System\fPkfHRS.exe
  2⤵
  PID:908
- C:\Windows\System\DMywnEB.exe
  C:\Windows\System\DMywnEB.exe
  2⤵
  PID:3108
- C:\Windows\System\obFrumz.exe
  C:\Windows\System\obFrumz.exe
  2⤵
  PID:3148
- C:\Windows\System\lSgmkkB.exe
  C:\Windows\System\lSgmkkB.exe
  2⤵
  PID:3268
- C:\Windows\System\KADaOPV.exe
  C:\Windows\System\KADaOPV.exe
  2⤵
  PID:3208
- C:\Windows\System\CUGGVli.exe
  C:\Windows\System\CUGGVli.exe
  2⤵
  PID:3348
- C:\Windows\System\MfjwjuL.exe
  C:\Windows\System\MfjwjuL.exe
  2⤵
  PID:3376
- C:\Windows\System\lmSOBZm.exe
  C:\Windows\System\lmSOBZm.exe
  2⤵
  PID:3116
- C:\Windows\System\wSHAGIo.exe
  C:\Windows\System\wSHAGIo.exe
  2⤵
  PID:3540
- C:\Windows\System\oZaVxRy.exe
  C:\Windows\System\oZaVxRy.exe
  2⤵
  PID:3648
- C:\Windows\System\WqOLWsv.exe
  C:\Windows\System\WqOLWsv.exe
  2⤵
  PID:3672
- C:\Windows\System\zezKmMd.exe
  C:\Windows\System\zezKmMd.exe
  2⤵
  PID:3844
- C:\Windows\System\HkSwmZp.exe
  C:\Windows\System\HkSwmZp.exe
  2⤵
  PID:3772
- C:\Windows\System\DCEhtej.exe
  C:\Windows\System\DCEhtej.exe
  2⤵
  PID:3752
- C:\Windows\System\UYnjWtB.exe
  C:\Windows\System\UYnjWtB.exe
  2⤵
  PID:3912
- C:\Windows\System\jTcqnVp.exe
  C:\Windows\System\jTcqnVp.exe
  2⤵
  PID:3944
- C:\Windows\System\pfGXZfi.exe
  C:\Windows\System\pfGXZfi.exe
  2⤵
  PID:4044
- C:\Windows\System\LDfMHUQ.exe
  C:\Windows\System\LDfMHUQ.exe
  2⤵
  PID:4092
- C:\Windows\System\LKsIBbP.exe
  C:\Windows\System\LKsIBbP.exe
  2⤵
  PID:3096
- C:\Windows\System\crDIQEO.exe
  C:\Windows\System\crDIQEO.exe
  2⤵
  PID:3228
- C:\Windows\System\MBWurps.exe
  C:\Windows\System\MBWurps.exe
  2⤵
  PID:3132
- C:\Windows\System\QOVZtRY.exe
  C:\Windows\System\QOVZtRY.exe
  2⤵
  PID:3336
- C:\Windows\System\CojyZWI.exe
  C:\Windows\System\CojyZWI.exe
  2⤵
  PID:3404
- C:\Windows\System\AcfeMLu.exe
  C:\Windows\System\AcfeMLu.exe
  2⤵
  PID:3600
- C:\Windows\System\eiifMWR.exe
  C:\Windows\System\eiifMWR.exe
  2⤵
  PID:3688
- C:\Windows\System\dvoScaF.exe
  C:\Windows\System\dvoScaF.exe
  2⤵
  PID:3872
- C:\Windows\System\lAsajNk.exe
  C:\Windows\System\lAsajNk.exe
  2⤵
  PID:3828
- C:\Windows\System\yeeTXIy.exe
  C:\Windows\System\yeeTXIy.exe
  2⤵
  PID:2832
- C:\Windows\System\ZkuTBhE.exe
  C:\Windows\System\ZkuTBhE.exe
  2⤵
  PID:3656
- C:\Windows\System\TLyUTpI.exe
  C:\Windows\System\TLyUTpI.exe
  2⤵
  PID:1216
- C:\Windows\System\xYNblyL.exe
  C:\Windows\System\xYNblyL.exe
  2⤵
  PID:3896
- C:\Windows\System\ncbjkXF.exe
  C:\Windows\System\ncbjkXF.exe
  2⤵
  PID:4112
- C:\Windows\System\mUFZgKt.exe
  C:\Windows\System\mUFZgKt.exe
  2⤵
  PID:4132
- C:\Windows\System\pDUDPqz.exe
  C:\Windows\System\pDUDPqz.exe
  2⤵
  PID:4148
- C:\Windows\System\crqdSdG.exe
  C:\Windows\System\crqdSdG.exe
  2⤵
  PID:4164
- C:\Windows\System\Ezjffax.exe
  C:\Windows\System\Ezjffax.exe
  2⤵
  PID:4180
- C:\Windows\System\sEbzGox.exe
  C:\Windows\System\sEbzGox.exe
  2⤵
  PID:4196
- C:\Windows\System\mgUUDBw.exe
  C:\Windows\System\mgUUDBw.exe
  2⤵
  PID:4212
- C:\Windows\System\pbeiqWV.exe
  C:\Windows\System\pbeiqWV.exe
  2⤵
  PID:4228
- C:\Windows\System\YwGoXWf.exe
  C:\Windows\System\YwGoXWf.exe
  2⤵
  PID:4244
- C:\Windows\System\xkdTGqF.exe
  C:\Windows\System\xkdTGqF.exe
  2⤵
  PID:4260
- C:\Windows\System\sTTdDjF.exe
  C:\Windows\System\sTTdDjF.exe
  2⤵
  PID:4276
- C:\Windows\System\LRncJrC.exe
  C:\Windows\System\LRncJrC.exe
  2⤵
  PID:4292
- C:\Windows\System\VfIYHBx.exe
  C:\Windows\System\VfIYHBx.exe
  2⤵
  PID:4308
- C:\Windows\System\OJZSxlC.exe
  C:\Windows\System\OJZSxlC.exe
  2⤵
  PID:4324
- C:\Windows\System\hweEzqQ.exe
  C:\Windows\System\hweEzqQ.exe
  2⤵
  PID:4340
- C:\Windows\System\wFtEcJT.exe
  C:\Windows\System\wFtEcJT.exe
  2⤵
  PID:4356
- C:\Windows\System\BDfKrNU.exe
  C:\Windows\System\BDfKrNU.exe
  2⤵
  PID:4372
- C:\Windows\System\EgyvnAe.exe
  C:\Windows\System\EgyvnAe.exe
  2⤵
  PID:4388
- C:\Windows\System\KbCNFHb.exe
  C:\Windows\System\KbCNFHb.exe
  2⤵
  PID:4404
- C:\Windows\System\EdxQLkX.exe
  C:\Windows\System\EdxQLkX.exe
  2⤵
  PID:4420
- C:\Windows\System\HOVMDzo.exe
  C:\Windows\System\HOVMDzo.exe
  2⤵
  PID:4436
- C:\Windows\System\IbuaGMh.exe
  C:\Windows\System\IbuaGMh.exe
  2⤵
  PID:4452
- C:\Windows\System\CaeGVIj.exe
  C:\Windows\System\CaeGVIj.exe
  2⤵
  PID:4468
- C:\Windows\System\ekoVLcT.exe
  C:\Windows\System\ekoVLcT.exe
  2⤵
  PID:4484
- C:\Windows\System\QCIPKar.exe
  C:\Windows\System\QCIPKar.exe
  2⤵
  PID:4500
- C:\Windows\System\InzBRug.exe
  C:\Windows\System\InzBRug.exe
  2⤵
  PID:4516
- C:\Windows\System\fJKPATz.exe
  C:\Windows\System\fJKPATz.exe
  2⤵
  PID:4532
- C:\Windows\System\jDkrDsX.exe
  C:\Windows\System\jDkrDsX.exe
  2⤵
  PID:4548
- C:\Windows\System\hwdbWjG.exe
  C:\Windows\System\hwdbWjG.exe
  2⤵
  PID:4564
- C:\Windows\System\MNTHFUB.exe
  C:\Windows\System\MNTHFUB.exe
  2⤵
  PID:4580
- C:\Windows\System\UaYjIoX.exe
  C:\Windows\System\UaYjIoX.exe
  2⤵
  PID:4596
- C:\Windows\System\xUbTXzQ.exe
  C:\Windows\System\xUbTXzQ.exe
  2⤵
  PID:4612
- C:\Windows\System\PGEAVMB.exe
  C:\Windows\System\PGEAVMB.exe
  2⤵
  PID:4628
- C:\Windows\System\iCdfHjd.exe
  C:\Windows\System\iCdfHjd.exe
  2⤵
  PID:4644
- C:\Windows\System\xsUnHeE.exe
  C:\Windows\System\xsUnHeE.exe
  2⤵
  PID:4660
- C:\Windows\System\GntGyYT.exe
  C:\Windows\System\GntGyYT.exe
  2⤵
  PID:4676
- C:\Windows\System\ANBqXPU.exe
  C:\Windows\System\ANBqXPU.exe
  2⤵
  PID:4692
- C:\Windows\System\CaUibHA.exe
  C:\Windows\System\CaUibHA.exe
  2⤵
  PID:4708
- C:\Windows\System\lsvsDrn.exe
  C:\Windows\System\lsvsDrn.exe
  2⤵
  PID:4724
- C:\Windows\System\nFYYKtT.exe
  C:\Windows\System\nFYYKtT.exe
  2⤵
  PID:4740
- C:\Windows\System\NWvAchh.exe
  C:\Windows\System\NWvAchh.exe
  2⤵
  PID:4756
- C:\Windows\System\wIcOAFw.exe
  C:\Windows\System\wIcOAFw.exe
  2⤵
  PID:4772
- C:\Windows\System\qImupRW.exe
  C:\Windows\System\qImupRW.exe
  2⤵
  PID:4788
- C:\Windows\System\sjtIipR.exe
  C:\Windows\System\sjtIipR.exe
  2⤵
  PID:4804
- C:\Windows\System\nJuxxiR.exe
  C:\Windows\System\nJuxxiR.exe
  2⤵
  PID:4820
- C:\Windows\System\CWhmeAs.exe
  C:\Windows\System\CWhmeAs.exe
  2⤵
  PID:4836
- C:\Windows\System\oenJWwN.exe
  C:\Windows\System\oenJWwN.exe
  2⤵
  PID:4852
- C:\Windows\System\zWmrpja.exe
  C:\Windows\System\zWmrpja.exe
  2⤵
  PID:4868
- C:\Windows\System\uEgyqIl.exe
  C:\Windows\System\uEgyqIl.exe
  2⤵
  PID:4884
- C:\Windows\System\CJosQCe.exe
  C:\Windows\System\CJosQCe.exe
  2⤵
  PID:4900
- C:\Windows\System\OBGHJLe.exe
  C:\Windows\System\OBGHJLe.exe
  2⤵
  PID:4916
- C:\Windows\System\SiZaWjv.exe
  C:\Windows\System\SiZaWjv.exe
  2⤵
  PID:4932
- C:\Windows\System\gzhEAUn.exe
  C:\Windows\System\gzhEAUn.exe
  2⤵
  PID:4948
- C:\Windows\System\DCwZzjQ.exe
  C:\Windows\System\DCwZzjQ.exe
  2⤵
  PID:4964
- C:\Windows\System\jXaLIwy.exe
  C:\Windows\System\jXaLIwy.exe
  2⤵
  PID:4980
- C:\Windows\System\RnrCMIB.exe
  C:\Windows\System\RnrCMIB.exe
  2⤵
  PID:4996
- C:\Windows\System\bqhklqf.exe
  C:\Windows\System\bqhklqf.exe
  2⤵
  PID:5012
- C:\Windows\System\CPoeikY.exe
  C:\Windows\System\CPoeikY.exe
  2⤵
  PID:5032
- C:\Windows\System\EkkyZqV.exe
  C:\Windows\System\EkkyZqV.exe
  2⤵
  PID:5048
- C:\Windows\System\corYfjl.exe
  C:\Windows\System\corYfjl.exe
  2⤵
  PID:5064
- C:\Windows\System\vqfaxbo.exe
  C:\Windows\System\vqfaxbo.exe
  2⤵
  PID:5080
- C:\Windows\System\ODDAwAV.exe
  C:\Windows\System\ODDAwAV.exe
  2⤵
  PID:5096
- C:\Windows\System\cxkcIfY.exe
  C:\Windows\System\cxkcIfY.exe
  2⤵
  PID:5112
- C:\Windows\System\veCgXxX.exe
  C:\Windows\System\veCgXxX.exe
  2⤵
  PID:3288
- C:\Windows\System\zDCbrOl.exe
  C:\Windows\System\zDCbrOl.exe
  2⤵
  PID:3292
- C:\Windows\System\jJihroR.exe
  C:\Windows\System\jJihroR.exe
  2⤵
  PID:3840
- C:\Windows\System\kJCEeoE.exe
  C:\Windows\System\kJCEeoE.exe
  2⤵
  PID:4124
- C:\Windows\System\fpCWPGq.exe
  C:\Windows\System\fpCWPGq.exe
  2⤵
  PID:4144
- C:\Windows\System\nzzUrnQ.exe
  C:\Windows\System\nzzUrnQ.exe
  2⤵
  PID:4252
- C:\Windows\System\VLMddOI.exe
  C:\Windows\System\VLMddOI.exe
  2⤵
  PID:4236
- C:\Windows\System\gnTGJgX.exe
  C:\Windows\System\gnTGJgX.exe
  2⤵
  PID:4268
- C:\Windows\System\KxfycIX.exe
  C:\Windows\System\KxfycIX.exe
  2⤵
  PID:4316
- C:\Windows\System\XQwCueU.exe
  C:\Windows\System\XQwCueU.exe
  2⤵
  PID:4332
- C:\Windows\System\WGkulod.exe
  C:\Windows\System\WGkulod.exe
  2⤵
  PID:4412
- C:\Windows\System\OsJTQVw.exe
  C:\Windows\System\OsJTQVw.exe
  2⤵
  PID:4336
- C:\Windows\System\sBcRAll.exe
  C:\Windows\System\sBcRAll.exe
  2⤵
  PID:4368
- C:\Windows\System\SMwhVDm.exe
  C:\Windows\System\SMwhVDm.exe
  2⤵
  PID:4460
- C:\Windows\System\AfREBhc.exe
  C:\Windows\System\AfREBhc.exe
  2⤵
  PID:4428
- C:\Windows\System\UigqmOW.exe
  C:\Windows\System\UigqmOW.exe
  2⤵
  PID:4544
- C:\Windows\System\OQmMYsv.exe
  C:\Windows\System\OQmMYsv.exe
  2⤵
  PID:4576
- C:\Windows\System\eZXIwfh.exe
  C:\Windows\System\eZXIwfh.exe
  2⤵
  PID:4624
- C:\Windows\System\DIRjkWY.exe
  C:\Windows\System\DIRjkWY.exe
  2⤵
  PID:4592
- C:\Windows\System\noCHGaN.exe
  C:\Windows\System\noCHGaN.exe
  2⤵
  PID:4732
- C:\Windows\System\FPhsurQ.exe
  C:\Windows\System\FPhsurQ.exe
  2⤵
  PID:4688
- C:\Windows\System\frZgwor.exe
  C:\Windows\System\frZgwor.exe
  2⤵
  PID:4764
- C:\Windows\System\vikqbAV.exe
  C:\Windows\System\vikqbAV.exe
  2⤵
  PID:4800
- C:\Windows\System\cHIBMor.exe
  C:\Windows\System\cHIBMor.exe
  2⤵
  PID:4864
- C:\Windows\System\jtUYBNt.exe
  C:\Windows\System\jtUYBNt.exe
  2⤵
  PID:4928
- C:\Windows\System\NLkNAiP.exe
  C:\Windows\System\NLkNAiP.exe
  2⤵
  PID:4908
- C:\Windows\System\XIkOUlb.exe
  C:\Windows\System\XIkOUlb.exe
  2⤵
  PID:4812
- C:\Windows\System\BzwcLdv.exe
  C:\Windows\System\BzwcLdv.exe
  2⤵
  PID:4940
- C:\Windows\System\laFRPHn.exe
  C:\Windows\System\laFRPHn.exe
  2⤵
  PID:5056
- C:\Windows\System\UAWJvSE.exe
  C:\Windows\System\UAWJvSE.exe
  2⤵
  PID:5044
- C:\Windows\System\ELJMkMw.exe
  C:\Windows\System\ELJMkMw.exe
  2⤵
  PID:5104
- C:\Windows\System\yZNAXtI.exe
  C:\Windows\System\yZNAXtI.exe
  2⤵
  PID:4120
- C:\Windows\System\yCyliAX.exe
  C:\Windows\System\yCyliAX.exe
  2⤵
  PID:3424
- C:\Windows\System\zqHmqOV.exe
  C:\Windows\System\zqHmqOV.exe
  2⤵
  PID:4108
- C:\Windows\System\oyjmVJO.exe
  C:\Windows\System\oyjmVJO.exe
  2⤵
  PID:4176
- C:\Windows\System\WavDIEv.exe
  C:\Windows\System\WavDIEv.exe
  2⤵
  PID:4352
- C:\Windows\System\CXwSoPz.exe
  C:\Windows\System\CXwSoPz.exe
  2⤵
  PID:4508
- C:\Windows\System\vJUcACu.exe
  C:\Windows\System\vJUcACu.exe
  2⤵
  PID:4560
- C:\Windows\System\xSMasPM.exe
  C:\Windows\System\xSMasPM.exe
  2⤵
  PID:4652
- C:\Windows\System\hSvBVOc.exe
  C:\Windows\System\hSvBVOc.exe
  2⤵
  PID:4796
- C:\Windows\System\yxCDLnu.exe
  C:\Windows\System\yxCDLnu.exe
  2⤵
  PID:4272
- C:\Windows\System\TyeHSaR.exe
  C:\Windows\System\TyeHSaR.exe
  2⤵
  PID:4972
- C:\Windows\System\tbtLcEL.exe
  C:\Windows\System\tbtLcEL.exe
  2⤵
  PID:4448
- C:\Windows\System\rRqVehk.exe
  C:\Windows\System\rRqVehk.exe
  2⤵
  PID:4524
- C:\Windows\System\gPYEBwr.exe
  C:\Windows\System\gPYEBwr.exe
  2⤵
  PID:4636
- C:\Windows\System\GgaFqTz.exe
  C:\Windows\System\GgaFqTz.exe
  2⤵
  PID:4656
- C:\Windows\System\fLHAyZI.exe
  C:\Windows\System\fLHAyZI.exe
  2⤵
  PID:4860
- C:\Windows\System\fNFwGjT.exe
  C:\Windows\System\fNFwGjT.exe
  2⤵
  PID:5028
- C:\Windows\System\qeBcWMN.exe
  C:\Windows\System\qeBcWMN.exe
  2⤵
  PID:5092
- C:\Windows\System\kTbCxwL.exe
  C:\Windows\System\kTbCxwL.exe
  2⤵
  PID:3572
- C:\Windows\System\aHDPYwB.exe
  C:\Windows\System\aHDPYwB.exe
  2⤵
  PID:4172
- C:\Windows\System\dBSQIdC.exe
  C:\Windows\System\dBSQIdC.exe
  2⤵
  PID:4748
- C:\Windows\System\EOszzkB.exe
  C:\Windows\System\EOszzkB.exe
  2⤵
  PID:4496
- C:\Windows\System\cVjxiOa.exe
  C:\Windows\System\cVjxiOa.exe
  2⤵
  PID:4780
- C:\Windows\System\eWZrimF.exe
  C:\Windows\System\eWZrimF.exe
  2⤵
  PID:4320
- C:\Windows\System\oxBCnwb.exe
  C:\Windows\System\oxBCnwb.exe
  2⤵
  PID:4876
- C:\Windows\System\XnjbZYP.exe
  C:\Windows\System\XnjbZYP.exe
  2⤵
  PID:3604
- C:\Windows\System\LiKFjut.exe
  C:\Windows\System\LiKFjut.exe
  2⤵
  PID:4080
- C:\Windows\System\lODFeBd.exe
  C:\Windows\System\lODFeBd.exe
  2⤵
  PID:4816
- C:\Windows\System\WWExIiV.exe
  C:\Windows\System\WWExIiV.exe
  2⤵
  PID:4364
- C:\Windows\System\sWBWjPH.exe
  C:\Windows\System\sWBWjPH.exe
  2⤵
  PID:4300
- C:\Windows\System\oEcTsOo.exe
  C:\Windows\System\oEcTsOo.exe
  2⤵
  PID:4752
- C:\Windows\System\RROhjYv.exe
  C:\Windows\System\RROhjYv.exe
  2⤵
  PID:5136
- C:\Windows\System\XmMLoKp.exe
  C:\Windows\System\XmMLoKp.exe
  2⤵
  PID:5152
- C:\Windows\System\AcTrgMN.exe
  C:\Windows\System\AcTrgMN.exe
  2⤵
  PID:5168
- C:\Windows\System\kBvHeTV.exe
  C:\Windows\System\kBvHeTV.exe
  2⤵
  PID:5184
- C:\Windows\System\rwwWgJc.exe
  C:\Windows\System\rwwWgJc.exe
  2⤵
  PID:5200
- C:\Windows\System\bRJsJVU.exe
  C:\Windows\System\bRJsJVU.exe
  2⤵
  PID:5216
- C:\Windows\System\MqEsUjC.exe
  C:\Windows\System\MqEsUjC.exe
  2⤵
  PID:5232
- C:\Windows\System\mcrvVXF.exe
  C:\Windows\System\mcrvVXF.exe
  2⤵
  PID:5248
- C:\Windows\System\ctbzcqc.exe
  C:\Windows\System\ctbzcqc.exe
  2⤵
  PID:5264
- C:\Windows\System\cZgrqfT.exe
  C:\Windows\System\cZgrqfT.exe
  2⤵
  PID:5280
- C:\Windows\System\KPFQTeP.exe
  C:\Windows\System\KPFQTeP.exe
  2⤵
  PID:5296
- C:\Windows\System\IkxFQsy.exe
  C:\Windows\System\IkxFQsy.exe
  2⤵
  PID:5312
- C:\Windows\System\aWfYKJD.exe
  C:\Windows\System\aWfYKJD.exe
  2⤵
  PID:5328
- C:\Windows\System\DVMzana.exe
  C:\Windows\System\DVMzana.exe
  2⤵
  PID:5344
- C:\Windows\System\yEgKLYi.exe
  C:\Windows\System\yEgKLYi.exe
  2⤵
  PID:5360
- C:\Windows\System\vekdpEO.exe
  C:\Windows\System\vekdpEO.exe
  2⤵
  PID:5376
- C:\Windows\System\jbdSsmO.exe
  C:\Windows\System\jbdSsmO.exe
  2⤵
  PID:5392
- C:\Windows\System\oixzAEU.exe
  C:\Windows\System\oixzAEU.exe
  2⤵
  PID:5408
- C:\Windows\System\RssndGW.exe
  C:\Windows\System\RssndGW.exe
  2⤵
  PID:5424
- C:\Windows\System\IHdqMef.exe
  C:\Windows\System\IHdqMef.exe
  2⤵
  PID:5440
- C:\Windows\System\VdAFLsx.exe
  C:\Windows\System\VdAFLsx.exe
  2⤵
  PID:5456
- C:\Windows\System\EbGjoUP.exe
  C:\Windows\System\EbGjoUP.exe
  2⤵
  PID:5472
- C:\Windows\System\rMrHhju.exe
  C:\Windows\System\rMrHhju.exe
  2⤵
  PID:5492
- C:\Windows\System\mpqXrtK.exe
  C:\Windows\System\mpqXrtK.exe
  2⤵
  PID:5508
- C:\Windows\System\cUnerCy.exe
  C:\Windows\System\cUnerCy.exe
  2⤵
  PID:5524
- C:\Windows\System\YUBLCpH.exe
  C:\Windows\System\YUBLCpH.exe
  2⤵
  PID:5540
- C:\Windows\System\fYxwJuh.exe
  C:\Windows\System\fYxwJuh.exe
  2⤵
  PID:5556
- C:\Windows\System\gziKVnP.exe
  C:\Windows\System\gziKVnP.exe
  2⤵
  PID:5576
- C:\Windows\System\qPilEYX.exe
  C:\Windows\System\qPilEYX.exe
  2⤵
  PID:5592
- C:\Windows\System\vBLAOSm.exe
  C:\Windows\System\vBLAOSm.exe
  2⤵
  PID:5608
- C:\Windows\System\kIAXvfz.exe
  C:\Windows\System\kIAXvfz.exe
  2⤵
  PID:5624
- C:\Windows\System\fIMuZTi.exe
  C:\Windows\System\fIMuZTi.exe
  2⤵
  PID:5640
- C:\Windows\System\yJSpmsF.exe
  C:\Windows\System\yJSpmsF.exe
  2⤵
  PID:5656
- C:\Windows\System\eLFNZCt.exe
  C:\Windows\System\eLFNZCt.exe
  2⤵
  PID:5672
- C:\Windows\System\kBOlXwE.exe
  C:\Windows\System\kBOlXwE.exe
  2⤵
  PID:5692
- C:\Windows\System\dazorlC.exe
  C:\Windows\System\dazorlC.exe
  2⤵
  PID:5708
- C:\Windows\System\ufViBBi.exe
  C:\Windows\System\ufViBBi.exe
  2⤵
  PID:5724
- C:\Windows\System\jwimWEQ.exe
  C:\Windows\System\jwimWEQ.exe
  2⤵
  PID:5740
- C:\Windows\System\AWVZrrM.exe
  C:\Windows\System\AWVZrrM.exe
  2⤵
  PID:5756
- C:\Windows\System\JqeUCsT.exe
  C:\Windows\System\JqeUCsT.exe
  2⤵
  PID:5772
- C:\Windows\System\JqKKpFY.exe
  C:\Windows\System\JqKKpFY.exe
  2⤵
  PID:5788
- C:\Windows\System\YLhLaOD.exe
  C:\Windows\System\YLhLaOD.exe
  2⤵
  PID:5804
- C:\Windows\System\YLAJFhw.exe
  C:\Windows\System\YLAJFhw.exe
  2⤵
  PID:5820
- C:\Windows\System\OtwyQMl.exe
  C:\Windows\System\OtwyQMl.exe
  2⤵
  PID:5836
- C:\Windows\System\BbuZqfx.exe
  C:\Windows\System\BbuZqfx.exe
  2⤵
  PID:5852
- C:\Windows\System\sjPmNdF.exe
  C:\Windows\System\sjPmNdF.exe
  2⤵
  PID:5868
- C:\Windows\System\yeQlzTx.exe
  C:\Windows\System\yeQlzTx.exe
  2⤵
  PID:5884
- C:\Windows\System\MZrANgA.exe
  C:\Windows\System\MZrANgA.exe
  2⤵
  PID:5900
- C:\Windows\System\pbvaVGh.exe
  C:\Windows\System\pbvaVGh.exe
  2⤵
  PID:5916
- C:\Windows\System\kPxLLHx.exe
  C:\Windows\System\kPxLLHx.exe
  2⤵
  PID:5932
- C:\Windows\System\kqRkxcD.exe
  C:\Windows\System\kqRkxcD.exe
  2⤵
  PID:5948
- C:\Windows\System\fudizuZ.exe
  C:\Windows\System\fudizuZ.exe
  2⤵
  PID:6000
- C:\Windows\System\KifciZv.exe
  C:\Windows\System\KifciZv.exe
  2⤵
  PID:6016
- C:\Windows\System\wyajhit.exe
  C:\Windows\System\wyajhit.exe
  2⤵
  PID:6032
- C:\Windows\System\DsiVPjf.exe
  C:\Windows\System\DsiVPjf.exe
  2⤵
  PID:6048
- C:\Windows\System\zDiVWUH.exe
  C:\Windows\System\zDiVWUH.exe
  2⤵
  PID:6064
- C:\Windows\System\kGwVIaK.exe
  C:\Windows\System\kGwVIaK.exe
  2⤵
  PID:6080
- C:\Windows\System\PpPRtCS.exe
  C:\Windows\System\PpPRtCS.exe
  2⤵
  PID:6096
- C:\Windows\System\FoBTjxd.exe
  C:\Windows\System\FoBTjxd.exe
  2⤵
  PID:6112
- C:\Windows\System\MWtLwUb.exe
  C:\Windows\System\MWtLwUb.exe
  2⤵
  PID:6132
- C:\Windows\System\fVjZXKJ.exe
  C:\Windows\System\fVjZXKJ.exe
  2⤵
  PID:4220
- C:\Windows\System\kpFqdFK.exe
  C:\Windows\System\kpFqdFK.exe
  2⤵
  PID:4608
- C:\Windows\System\yMKwegS.exe
  C:\Windows\System\yMKwegS.exe
  2⤵
  PID:5072
- C:\Windows\System\snCihju.exe
  C:\Windows\System\snCihju.exe
  2⤵
  PID:5132
- C:\Windows\System\ayYOZFO.exe
  C:\Windows\System\ayYOZFO.exe
  2⤵
  PID:5148
- C:\Windows\System\bOfHYeb.exe
  C:\Windows\System\bOfHYeb.exe
  2⤵
  PID:5244
- C:\Windows\System\hcpoBNp.exe
  C:\Windows\System\hcpoBNp.exe
  2⤵
  PID:5320
- C:\Windows\System\mZTfAlm.exe
  C:\Windows\System\mZTfAlm.exe
  2⤵
  PID:5384
- C:\Windows\System\jzLyjlZ.exe
  C:\Windows\System\jzLyjlZ.exe
  2⤵
  PID:5372
- C:\Windows\System\pitNTte.exe
  C:\Windows\System\pitNTte.exe
  2⤵
  PID:5368
- C:\Windows\System\yWMCgqX.exe
  C:\Windows\System\yWMCgqX.exe
  2⤵
  PID:5400
- C:\Windows\System\MltkEzp.exe
  C:\Windows\System\MltkEzp.exe
  2⤵
  PID:5488
- C:\Windows\System\dWNOKKw.exe
  C:\Windows\System\dWNOKKw.exe
  2⤵
  PID:5548
- C:\Windows\System\luzBEUv.exe
  C:\Windows\System\luzBEUv.exe
  2⤵
  PID:5616
- C:\Windows\System\SrXIIHy.exe
  C:\Windows\System\SrXIIHy.exe
  2⤵
  PID:5532
- C:\Windows\System\qSwYSrV.exe
  C:\Windows\System\qSwYSrV.exe
  2⤵
  PID:5664
- C:\Windows\System\xWDoAJs.exe
  C:\Windows\System\xWDoAJs.exe
  2⤵
  PID:5572
- C:\Windows\System\ALEieDu.exe
  C:\Windows\System\ALEieDu.exe
  2⤵
  PID:5504
- C:\Windows\System\LjqXuxr.exe
  C:\Windows\System\LjqXuxr.exe
  2⤵
  PID:5720
- C:\Windows\System\HRxaSkU.exe
  C:\Windows\System\HRxaSkU.exe
  2⤵
  PID:5636
- C:\Windows\System\xbKszNV.exe
  C:\Windows\System\xbKszNV.exe
  2⤵
  PID:5780
- C:\Windows\System\xaxhqmv.exe
  C:\Windows\System\xaxhqmv.exe
  2⤵
  PID:5796
- C:\Windows\System\nBGLtIP.exe
  C:\Windows\System\nBGLtIP.exe
  2⤵
  PID:5912
- C:\Windows\System\cfmQQet.exe
  C:\Windows\System\cfmQQet.exe
  2⤵
  PID:5928
- C:\Windows\System\bbMJQpf.exe
  C:\Windows\System\bbMJQpf.exe
  2⤵
  PID:5968
- C:\Windows\System\FaPewhv.exe
  C:\Windows\System\FaPewhv.exe
  2⤵
  PID:6040
- C:\Windows\System\XYVbvcc.exe
  C:\Windows\System\XYVbvcc.exe
  2⤵
  PID:6056
- C:\Windows\System\OcjTzIK.exe
  C:\Windows\System\OcjTzIK.exe
  2⤵
  PID:6092
- C:\Windows\System\WxCHYog.exe
  C:\Windows\System\WxCHYog.exe
  2⤵
  PID:4924
- C:\Windows\System\OjEmEDX.exe
  C:\Windows\System\OjEmEDX.exe
  2⤵
  PID:5144
- C:\Windows\System\HojXqRo.exe
  C:\Windows\System\HojXqRo.exe
  2⤵
  PID:4528
- C:\Windows\System\oeLsuVL.exe
  C:\Windows\System\oeLsuVL.exe
  2⤵
  PID:5212
- C:\Windows\System\tfIfWmv.exe
  C:\Windows\System\tfIfWmv.exe
  2⤵
  PID:5416
- C:\Windows\System\RBLCQrj.exe
  C:\Windows\System\RBLCQrj.exe
  2⤵
  PID:5680
- C:\Windows\System\QCGJCZk.exe
  C:\Windows\System\QCGJCZk.exe
  2⤵
  PID:5732
- C:\Windows\System\hxaYFQW.exe
  C:\Windows\System\hxaYFQW.exe
  2⤵
  PID:5848
- C:\Windows\System\ihNqIBe.exe
  C:\Windows\System\ihNqIBe.exe
  2⤵
  PID:5908
- C:\Windows\System\jtbrPtH.exe
  C:\Windows\System\jtbrPtH.exe
  2⤵
  PID:5892
- C:\Windows\System\pmyDujY.exe
  C:\Windows\System\pmyDujY.exe
  2⤵
  PID:108
- C:\Windows\System\IEDmjpL.exe
  C:\Windows\System\IEDmjpL.exe
  2⤵
  PID:6008
- C:\Windows\System\ktAlilt.exe
  C:\Windows\System\ktAlilt.exe
  2⤵
  PID:6104
- C:\Windows\System\DAqvrcs.exe
  C:\Windows\System\DAqvrcs.exe
  2⤵
  PID:6028
- C:\Windows\System\PcZBxwh.exe
  C:\Windows\System\PcZBxwh.exe
  2⤵
  PID:5128
- C:\Windows\System\vpOOeND.exe
  C:\Windows\System\vpOOeND.exe
  2⤵
  PID:6120
- C:\Windows\System\mVjXxAB.exe
  C:\Windows\System\mVjXxAB.exe
  2⤵
  PID:5240
- C:\Windows\System\gEOhrkJ.exe
  C:\Windows\System\gEOhrkJ.exe
  2⤵
  PID:5484
- C:\Windows\System\etbYBht.exe
  C:\Windows\System\etbYBht.exe
  2⤵
  PID:5272
- C:\Windows\System\DTFQqPC.exe
  C:\Windows\System\DTFQqPC.exe
  2⤵
  PID:5684
- C:\Windows\System\oYNGppV.exe
  C:\Windows\System\oYNGppV.exe
  2⤵
  PID:5468
- C:\Windows\System\NiBFWHh.exe
  C:\Windows\System\NiBFWHh.exe
  2⤵
  PID:5668
- C:\Windows\System\BgkimIt.exe
  C:\Windows\System\BgkimIt.exe
  2⤵
  PID:5768
- C:\Windows\System\vDwEZLw.exe
  C:\Windows\System\vDwEZLw.exe
  2⤵
  PID:5980
- C:\Windows\System\JzyUYhK.exe
  C:\Windows\System\JzyUYhK.exe
  2⤵
  PID:5192
- C:\Windows\System\TcMnmEI.exe
  C:\Windows\System\TcMnmEI.exe
  2⤵
  PID:5336
- C:\Windows\System\asGyVDD.exe
  C:\Windows\System\asGyVDD.exe
  2⤵
  PID:5700
- C:\Windows\System\IpRKZBT.exe
  C:\Windows\System\IpRKZBT.exe
  2⤵
  PID:5752
- C:\Windows\System\KjbjSCj.exe
  C:\Windows\System\KjbjSCj.exe
  2⤵
  PID:5520
- C:\Windows\System\iPTYEHa.exe
  C:\Windows\System\iPTYEHa.exe
  2⤵
  PID:6060
- C:\Windows\System\Dinnrrd.exe
  C:\Windows\System\Dinnrrd.exe
  2⤵
  PID:5304
- C:\Windows\System\ifVDHEb.exe
  C:\Windows\System\ifVDHEb.exe
  2⤵
  PID:5688
- C:\Windows\System\DAtEijc.exe
  C:\Windows\System\DAtEijc.exe
  2⤵
  PID:6076
- C:\Windows\System\fsMHnsZ.exe
  C:\Windows\System\fsMHnsZ.exe
  2⤵
  PID:5956
- C:\Windows\System\zXTtQsd.exe
  C:\Windows\System\zXTtQsd.exe
  2⤵
  PID:5604
- C:\Windows\System\kVMRUmG.exe
  C:\Windows\System\kVMRUmG.exe
  2⤵
  PID:5452
- C:\Windows\System\qxoHRZc.exe
  C:\Windows\System\qxoHRZc.exe
  2⤵
  PID:5880
- C:\Windows\System\dFnUzvj.exe
  C:\Windows\System\dFnUzvj.exe
  2⤵
  PID:6152
- C:\Windows\System\mFlWyKl.exe
  C:\Windows\System\mFlWyKl.exe
  2⤵
  PID:6168
- C:\Windows\System\FbEDUHA.exe
  C:\Windows\System\FbEDUHA.exe
  2⤵
  PID:6184
- C:\Windows\System\QuRbPrx.exe
  C:\Windows\System\QuRbPrx.exe
  2⤵
  PID:6204
- C:\Windows\System\lBlKQAB.exe
  C:\Windows\System\lBlKQAB.exe
  2⤵
  PID:6224
- C:\Windows\System\SpcDBeM.exe
  C:\Windows\System\SpcDBeM.exe
  2⤵
  PID:6240
- C:\Windows\System\CNqXugU.exe
  C:\Windows\System\CNqXugU.exe
  2⤵
  PID:6256
- C:\Windows\System\ysiQrYJ.exe
  C:\Windows\System\ysiQrYJ.exe
  2⤵
  PID:6272
- C:\Windows\System\gsBdWcL.exe
  C:\Windows\System\gsBdWcL.exe
  2⤵
  PID:6288
- C:\Windows\System\WqrAsOh.exe
  C:\Windows\System\WqrAsOh.exe
  2⤵
  PID:6304
- C:\Windows\System\iUKPUJM.exe
  C:\Windows\System\iUKPUJM.exe
  2⤵
  PID:6320
- C:\Windows\System\YOZYkry.exe
  C:\Windows\System\YOZYkry.exe
  2⤵
  PID:6336
- C:\Windows\System\syVTdGl.exe
  C:\Windows\System\syVTdGl.exe
  2⤵
  PID:6352
- C:\Windows\System\iIOTDjk.exe
  C:\Windows\System\iIOTDjk.exe
  2⤵
  PID:6368
- C:\Windows\System\BQGrAio.exe
  C:\Windows\System\BQGrAio.exe
  2⤵
  PID:6384
- C:\Windows\System\JMrxkZQ.exe
  C:\Windows\System\JMrxkZQ.exe
  2⤵
  PID:6400
- C:\Windows\System\grMeUnK.exe
  C:\Windows\System\grMeUnK.exe
  2⤵
  PID:6416
- C:\Windows\System\tgfQoGM.exe
  C:\Windows\System\tgfQoGM.exe
  2⤵
  PID:6436
- C:\Windows\System\vFraaXh.exe
  C:\Windows\System\vFraaXh.exe
  2⤵
  PID:6452
- C:\Windows\System\jWvSysU.exe
  C:\Windows\System\jWvSysU.exe
  2⤵
  PID:6468
- C:\Windows\System\FtnGYqW.exe
  C:\Windows\System\FtnGYqW.exe
  2⤵
  PID:6484
- C:\Windows\System\tvJWqIX.exe
  C:\Windows\System\tvJWqIX.exe
  2⤵
  PID:6500
- C:\Windows\System\eLtvEjU.exe
  C:\Windows\System\eLtvEjU.exe
  2⤵
  PID:6516
- C:\Windows\System\AGMLDhF.exe
  C:\Windows\System\AGMLDhF.exe
  2⤵
  PID:6532
- C:\Windows\System\FuUOiYG.exe
  C:\Windows\System\FuUOiYG.exe
  2⤵
  PID:6548
- C:\Windows\System\gjgTtGP.exe
  C:\Windows\System\gjgTtGP.exe
  2⤵
  PID:6564
- C:\Windows\System\sMZGpai.exe
  C:\Windows\System\sMZGpai.exe
  2⤵
  PID:6580
- C:\Windows\System\OVrHIAm.exe
  C:\Windows\System\OVrHIAm.exe
  2⤵
  PID:6596
- C:\Windows\System\NqeNWKN.exe
  C:\Windows\System\NqeNWKN.exe
  2⤵
  PID:6612
- C:\Windows\System\CBtQtgB.exe
  C:\Windows\System\CBtQtgB.exe
  2⤵
  PID:6628
- C:\Windows\System\yNzyPUM.exe
  C:\Windows\System\yNzyPUM.exe
  2⤵
  PID:6644
- C:\Windows\System\jELmBbt.exe
  C:\Windows\System\jELmBbt.exe
  2⤵
  PID:6660
- C:\Windows\System\eavxHOb.exe
  C:\Windows\System\eavxHOb.exe
  2⤵
  PID:6676
- C:\Windows\System\HGCXNXe.exe
  C:\Windows\System\HGCXNXe.exe
  2⤵
  PID:6692
- C:\Windows\System\bsIYaEE.exe
  C:\Windows\System\bsIYaEE.exe
  2⤵
  PID:6708
- C:\Windows\System\fZoQCAU.exe
  C:\Windows\System\fZoQCAU.exe
  2⤵
  PID:6724
- C:\Windows\System\BBsIIJy.exe
  C:\Windows\System\BBsIIJy.exe
  2⤵
  PID:6740
- C:\Windows\System\yfjQaOC.exe
  C:\Windows\System\yfjQaOC.exe
  2⤵
  PID:6756
- C:\Windows\System\hRBdSfJ.exe
  C:\Windows\System\hRBdSfJ.exe
  2⤵
  PID:6772
- C:\Windows\System\qEsKFUC.exe
  C:\Windows\System\qEsKFUC.exe
  2⤵
  PID:6788
- C:\Windows\System\vEuBFXK.exe
  C:\Windows\System\vEuBFXK.exe
  2⤵
  PID:6804
- C:\Windows\System\QhLhinL.exe
  C:\Windows\System\QhLhinL.exe
  2⤵
  PID:6824
- C:\Windows\System\xQybTlN.exe
  C:\Windows\System\xQybTlN.exe
  2⤵
  PID:6848
- C:\Windows\System\pzHHtMi.exe
  C:\Windows\System\pzHHtMi.exe
  2⤵
  PID:6864
- C:\Windows\System\ljCfQaZ.exe
  C:\Windows\System\ljCfQaZ.exe
  2⤵
  PID:6880
- C:\Windows\System\bsqFOso.exe
  C:\Windows\System\bsqFOso.exe
  2⤵
  PID:6896
- C:\Windows\System\tkcjPcr.exe
  C:\Windows\System\tkcjPcr.exe
  2⤵
  PID:6912
- C:\Windows\System\zabVWmo.exe
  C:\Windows\System\zabVWmo.exe
  2⤵
  PID:6928
- C:\Windows\System\teLTIIA.exe
  C:\Windows\System\teLTIIA.exe
  2⤵
  PID:6944
- C:\Windows\System\iJOgfyt.exe
  C:\Windows\System\iJOgfyt.exe
  2⤵
  PID:6968
- C:\Windows\System\lNeLLeq.exe
  C:\Windows\System\lNeLLeq.exe
  2⤵
  PID:6988
- C:\Windows\System\fZwSalY.exe
  C:\Windows\System\fZwSalY.exe
  2⤵
  PID:7020
- C:\Windows\System\HAafiOM.exe
  C:\Windows\System\HAafiOM.exe
  2⤵
  PID:7036
- C:\Windows\System\APjmTRa.exe
  C:\Windows\System\APjmTRa.exe
  2⤵
  PID:7052
- C:\Windows\System\iSMWuYf.exe
  C:\Windows\System\iSMWuYf.exe
  2⤵
  PID:7072
- C:\Windows\System\JwAVvVG.exe
  C:\Windows\System\JwAVvVG.exe
  2⤵
  PID:7092
- C:\Windows\System\IetDlya.exe
  C:\Windows\System\IetDlya.exe
  2⤵
  PID:7136
- C:\Windows\System\WfuxPLs.exe
  C:\Windows\System\WfuxPLs.exe
  2⤵
  PID:7152
- C:\Windows\System\drKSeUS.exe
  C:\Windows\System\drKSeUS.exe
  2⤵
  PID:5568
- C:\Windows\System\DiuSINr.exe
  C:\Windows\System\DiuSINr.exe
  2⤵
  PID:6024
- C:\Windows\System\FGjqhsw.exe
  C:\Windows\System\FGjqhsw.exe
  2⤵
  PID:6220
- C:\Windows\System\EXNRNWg.exe
  C:\Windows\System\EXNRNWg.exe
  2⤵
  PID:6192
- C:\Windows\System\Imgjlmy.exe
  C:\Windows\System\Imgjlmy.exe
  2⤵
  PID:5292
- C:\Windows\System\srZDWQu.exe
  C:\Windows\System\srZDWQu.exe
  2⤵
  PID:6268
- C:\Windows\System\qjKBbEi.exe
  C:\Windows\System\qjKBbEi.exe
  2⤵
  PID:6316
- C:\Windows\System\DhzAMVW.exe
  C:\Windows\System\DhzAMVW.exe
  2⤵
  PID:6328
- C:\Windows\System\UYTXQrX.exe
  C:\Windows\System\UYTXQrX.exe
  2⤵
  PID:6408
- C:\Windows\System\oCJAkKp.exe
  C:\Windows\System\oCJAkKp.exe
  2⤵
  PID:6392
- C:\Windows\System\InlmTCM.exe
  C:\Windows\System\InlmTCM.exe
  2⤵
  PID:6476
- C:\Windows\System\PrMRSKq.exe
  C:\Windows\System\PrMRSKq.exe
  2⤵
  PID:6528
- C:\Windows\System\MEvfLwi.exe
  C:\Windows\System\MEvfLwi.exe
  2⤵
  PID:6576
- C:\Windows\System\uaeIYDw.exe
  C:\Windows\System\uaeIYDw.exe
  2⤵
  PID:6592
- C:\Windows\System\ZQOXPLj.exe
  C:\Windows\System\ZQOXPLj.exe
  2⤵
  PID:6624
- C:\Windows\System\oQNyAPA.exe
  C:\Windows\System\oQNyAPA.exe
  2⤵
  PID:6704
- C:\Windows\System\cgVVvza.exe
  C:\Windows\System\cgVVvza.exe
  2⤵
  PID:6656
- C:\Windows\System\UuojuCz.exe
  C:\Windows\System\UuojuCz.exe
  2⤵
  PID:6748
- C:\Windows\System\IlWFtwa.exe
  C:\Windows\System\IlWFtwa.exe
  2⤵
  PID:6560
- C:\Windows\System\xaWfbaE.exe
  C:\Windows\System\xaWfbaE.exe
  2⤵
  PID:6720
- C:\Windows\System\rsaGhLL.exe
  C:\Windows\System\rsaGhLL.exe
  2⤵
  PID:6904
- C:\Windows\System\wOFheHS.exe
  C:\Windows\System\wOFheHS.exe
  2⤵
  PID:6952
- C:\Windows\System\EzEgLGr.exe
  C:\Windows\System\EzEgLGr.exe
  2⤵
  PID:6920
- C:\Windows\System\AhehBsi.exe
  C:\Windows\System\AhehBsi.exe
  2⤵
  PID:6160
- C:\Windows\System\TfdcCxg.exe
  C:\Windows\System\TfdcCxg.exe
  2⤵
  PID:7148
- C:\Windows\System\UUCAIkU.exe
  C:\Windows\System\UUCAIkU.exe
  2⤵
  PID:6196
- C:\Windows\System\BSYEpna.exe
  C:\Windows\System\BSYEpna.exe
  2⤵
  PID:6284
- C:\Windows\System\eaAbkIl.exe
  C:\Windows\System\eaAbkIl.exe
  2⤵
  PID:7108
- C:\Windows\System\ROTNspL.exe
  C:\Windows\System\ROTNspL.exe
  2⤵
  PID:6216
- C:\Windows\System\pSxsPsl.exe
  C:\Windows\System\pSxsPsl.exe
  2⤵
  PID:6872
- C:\Windows\System\koGcZsn.exe
  C:\Windows\System\koGcZsn.exe
  2⤵
  PID:6672
- C:\Windows\System\PhzzmeW.exe
  C:\Windows\System\PhzzmeW.exe
  2⤵
  PID:6784
- C:\Windows\System\zhzvxUk.exe
  C:\Windows\System\zhzvxUk.exe
  2⤵
  PID:6396
- C:\Windows\System\XYCkHNh.exe
  C:\Windows\System\XYCkHNh.exe
  2⤵
  PID:7064
- C:\Windows\System\mIzkQGn.exe
  C:\Windows\System\mIzkQGn.exe
  2⤵
  PID:7104
- C:\Windows\System\tLkrNSF.exe
  C:\Windows\System\tLkrNSF.exe
  2⤵
  PID:6688
- C:\Windows\System\KCVMrQq.exe
  C:\Windows\System\KCVMrQq.exe
  2⤵
  PID:6832
- C:\Windows\System\tyqXeDS.exe
  C:\Windows\System\tyqXeDS.exe
  2⤵
  PID:6892
- C:\Windows\System\nMQDbVB.exe
  C:\Windows\System\nMQDbVB.exe
  2⤵
  PID:6300
- C:\Windows\System\vFOiIXo.exe
  C:\Windows\System\vFOiIXo.exe
  2⤵
  PID:6252
- C:\Windows\System\VwEfWLd.exe
  C:\Windows\System\VwEfWLd.exe
  2⤵
  PID:7084
- C:\Windows\System\WIEBHge.exe
  C:\Windows\System\WIEBHge.exe
  2⤵
  PID:7008
- C:\Windows\System\yhYepOd.exe
  C:\Windows\System\yhYepOd.exe
  2⤵
  PID:7016
- C:\Windows\System\amBqsHz.exe
  C:\Windows\System\amBqsHz.exe
  2⤵
  PID:7160
- C:\Windows\System\ECejuCA.exe
  C:\Windows\System\ECejuCA.exe
  2⤵
  PID:6556
- C:\Windows\System\npkllNC.exe
  C:\Windows\System\npkllNC.exe
  2⤵
  PID:7132
- C:\Windows\System\HyouQQX.exe
  C:\Windows\System\HyouQQX.exe
  2⤵
  PID:6544
- C:\Windows\System\iNthgPO.exe
  C:\Windows\System\iNthgPO.exe
  2⤵
  PID:6796
- C:\Windows\System\ylDVCgG.exe
  C:\Windows\System\ylDVCgG.exe
  2⤵
  PID:7112
- C:\Windows\System\KspwAtV.exe
  C:\Windows\System\KspwAtV.exe
  2⤵
  PID:7060
- C:\Windows\System\pWExMJl.exe
  C:\Windows\System\pWExMJl.exe
  2⤵
  PID:7004
- C:\Windows\System\ktihZXp.exe
  C:\Windows\System\ktihZXp.exe
  2⤵
  PID:6888
- C:\Windows\System\doSHoFN.exe
  C:\Windows\System\doSHoFN.exe
  2⤵
  PID:6444
- C:\Windows\System\mVLGdSB.exe
  C:\Windows\System\mVLGdSB.exe
  2⤵
  PID:7044
- C:\Windows\System\RHWKIxB.exe
  C:\Windows\System\RHWKIxB.exe
  2⤵
  PID:6464
- C:\Windows\System\wBntVpl.exe
  C:\Windows\System\wBntVpl.exe
  2⤵
  PID:7516
- C:\Windows\System\KNocfMP.exe
  C:\Windows\System\KNocfMP.exe
  2⤵
  PID:7548
- C:\Windows\System\WnoBgqa.exe
  C:\Windows\System\WnoBgqa.exe
  2⤵
  PID:7568
- C:\Windows\System\QPauBVc.exe
  C:\Windows\System\QPauBVc.exe
  2⤵
  PID:7584
- C:\Windows\System\pjlcqqY.exe
  C:\Windows\System\pjlcqqY.exe
  2⤵
  PID:7600
- C:\Windows\System\GCxXUFm.exe
  C:\Windows\System\GCxXUFm.exe
  2⤵
  PID:7616
- C:\Windows\System\oXBciAT.exe
  C:\Windows\System\oXBciAT.exe
  2⤵
  PID:7632
- C:\Windows\System\CKghqVB.exe
  C:\Windows\System\CKghqVB.exe
  2⤵
  PID:7648
- C:\Windows\System\pLcbeZI.exe
  C:\Windows\System\pLcbeZI.exe
  2⤵
  PID:7760
- C:\Windows\System\PxOorjE.exe
  C:\Windows\System\PxOorjE.exe
  2⤵
  PID:7776
- C:\Windows\System\NDdtZkq.exe
  C:\Windows\System\NDdtZkq.exe
  2⤵
  PID:7792
- C:\Windows\System\BEdBOEQ.exe
  C:\Windows\System\BEdBOEQ.exe
  2⤵
  PID:7808
- C:\Windows\System\BLALprN.exe
  C:\Windows\System\BLALprN.exe
  2⤵
  PID:7824
- C:\Windows\System\rXMFlri.exe
  C:\Windows\System\rXMFlri.exe
  2⤵
  PID:7840
- C:\Windows\System\Ztamnuq.exe
  C:\Windows\System\Ztamnuq.exe
  2⤵
  PID:7856
- C:\Windows\System\jlFIoQA.exe
  C:\Windows\System\jlFIoQA.exe
  2⤵
  PID:7872
- C:\Windows\System\WgrzzZm.exe
  C:\Windows\System\WgrzzZm.exe
  2⤵
  PID:7888
- C:\Windows\System\IHbsqqa.exe
  C:\Windows\System\IHbsqqa.exe
  2⤵
  PID:7904
- C:\Windows\System\yEjehKy.exe
  C:\Windows\System\yEjehKy.exe
  2⤵
  PID:7920
- C:\Windows\System\JMUeOec.exe
  C:\Windows\System\JMUeOec.exe
  2⤵
  PID:7936
- C:\Windows\System\nWkkhZO.exe
  C:\Windows\System\nWkkhZO.exe
  2⤵
  PID:7952
- C:\Windows\System\AergVZt.exe
  C:\Windows\System\AergVZt.exe
  2⤵
  PID:7968
- C:\Windows\System\YJyigoN.exe
  C:\Windows\System\YJyigoN.exe
  2⤵
  PID:7984
- C:\Windows\System\vAbvxQZ.exe
  C:\Windows\System\vAbvxQZ.exe
  2⤵
  PID:8000
- C:\Windows\System\TieoTZm.exe
  C:\Windows\System\TieoTZm.exe
  2⤵
  PID:8016
- C:\Windows\System\BqUwmMa.exe
  C:\Windows\System\BqUwmMa.exe
  2⤵
  PID:8032
- C:\Windows\System\BUuefOi.exe
  C:\Windows\System\BUuefOi.exe
  2⤵
  PID:8048
- C:\Windows\System\efSjRZh.exe
  C:\Windows\System\efSjRZh.exe
  2⤵
  PID:8064
- C:\Windows\System\IJmeYAz.exe
  C:\Windows\System\IJmeYAz.exe
  2⤵
  PID:8080
- C:\Windows\System\VsqJmhw.exe
  C:\Windows\System\VsqJmhw.exe
  2⤵
  PID:8100
- C:\Windows\System\WeWvtRC.exe
  C:\Windows\System\WeWvtRC.exe
  2⤵
  PID:8116
- C:\Windows\System\otCNYsw.exe
  C:\Windows\System\otCNYsw.exe
  2⤵
  PID:8132
- C:\Windows\System\mdkLDkB.exe
  C:\Windows\System\mdkLDkB.exe
  2⤵
  PID:8148
- C:\Windows\System\GFooZHr.exe
  C:\Windows\System\GFooZHr.exe
  2⤵
  PID:8164
- C:\Windows\System\aKXjaWl.exe
  C:\Windows\System\aKXjaWl.exe
  2⤵
  PID:8180
- C:\Windows\System\YXEaaJH.exe
  C:\Windows\System\YXEaaJH.exe
  2⤵
  PID:1308
- C:\Windows\System\bvcyxny.exe
  C:\Windows\System\bvcyxny.exe
  2⤵
  PID:7312
- C:\Windows\System\eooPfdE.exe
  C:\Windows\System\eooPfdE.exe
  2⤵
  PID:6200
- C:\Windows\System\SLXOhGw.exe
  C:\Windows\System\SLXOhGw.exe
  2⤵
  PID:7332
- C:\Windows\System\oKRZSej.exe
  C:\Windows\System\oKRZSej.exe
  2⤵
  PID:6936
- C:\Windows\System\ofcPXmW.exe
  C:\Windows\System\ofcPXmW.exe
  2⤵
  PID:7460
- C:\Windows\System\VEbGmYd.exe
  C:\Windows\System\VEbGmYd.exe
  2⤵
  PID:2776
- C:\Windows\System\aPdFunV.exe
  C:\Windows\System\aPdFunV.exe
  2⤵
  PID:7480
- C:\Windows\System\sFabRvV.exe
  C:\Windows\System\sFabRvV.exe
  2⤵
  PID:7496
- C:\Windows\System\AHLIcvU.exe
  C:\Windows\System\AHLIcvU.exe
  2⤵
  PID:7508
- C:\Windows\System\PvtzqSd.exe
  C:\Windows\System\PvtzqSd.exe
  2⤵
  PID:7536
- C:\Windows\System\KJiDVHR.exe
  C:\Windows\System\KJiDVHR.exe
  2⤵
  PID:7640
- C:\Windows\System\rDxQtXq.exe
  C:\Windows\System\rDxQtXq.exe
  2⤵
  PID:7772
- C:\Windows\System\gkPkaAD.exe
  C:\Windows\System\gkPkaAD.exe
  2⤵
  PID:7864
- C:\Windows\System\mZoDaKh.exe
  C:\Windows\System\mZoDaKh.exe
  2⤵
  PID:7680
- C:\Windows\System\mOEnwll.exe
  C:\Windows\System\mOEnwll.exe
  2⤵
  PID:7700
- C:\Windows\System\YwiICwx.exe
  C:\Windows\System\YwiICwx.exe
  2⤵
  PID:7560
- C:\Windows\System\uVDrMAb.exe
  C:\Windows\System\uVDrMAb.exe
  2⤵
  PID:7624
- C:\Windows\System\EqJuItb.exe
  C:\Windows\System\EqJuItb.exe
  2⤵
  PID:7660
- C:\Windows\System\bChqAOc.exe
  C:\Windows\System\bChqAOc.exe
  2⤵
  PID:7708
- C:\Windows\System\upFlNFG.exe
  C:\Windows\System\upFlNFG.exe
  2⤵
  PID:7928
- C:\Windows\System\awgVpDd.exe
  C:\Windows\System\awgVpDd.exe
  2⤵
  PID:7716
- C:\Windows\System\PDQOzOt.exe
  C:\Windows\System\PDQOzOt.exe
  2⤵
  PID:7992
- C:\Windows\System\pgaJXnP.exe
  C:\Windows\System\pgaJXnP.exe
  2⤵
  PID:8028
- C:\Windows\System\qAIvEiG.exe
  C:\Windows\System\qAIvEiG.exe
  2⤵
  PID:8096
- C:\Windows\System\xiLmlli.exe
  C:\Windows\System\xiLmlli.exe
  2⤵
  PID:7916
- C:\Windows\System\DcmGhAY.exe
  C:\Windows\System\DcmGhAY.exe
  2⤵
  PID:8072
- C:\Windows\System\kyXRpRB.exe
  C:\Windows\System\kyXRpRB.exe
  2⤵
  PID:8044
- C:\Windows\System\YNeUacU.exe
  C:\Windows\System\YNeUacU.exe
  2⤵
  PID:8160
- C:\Windows\System\QgOiGBa.exe
  C:\Windows\System\QgOiGBa.exe
  2⤵
  PID:8188
- C:\Windows\System\DznnwxL.exe
  C:\Windows\System\DznnwxL.exe
  2⤵
  PID:8172
- C:\Windows\System\LYrzKUR.exe
  C:\Windows\System\LYrzKUR.exe
  2⤵
  PID:6496
- C:\Windows\System\QKRiPuB.exe
  C:\Windows\System\QKRiPuB.exe
  2⤵
  PID:7260
- C:\Windows\System\GIrYvmw.exe
  C:\Windows\System\GIrYvmw.exe
  2⤵
  PID:7268
- C:\Windows\System\weBbRff.exe
  C:\Windows\System\weBbRff.exe
  2⤵
  PID:6448
- C:\Windows\System\jffWjOo.exe
  C:\Windows\System\jffWjOo.exe
  2⤵
  PID:7380
- C:\Windows\System\LQKIaae.exe
  C:\Windows\System\LQKIaae.exe
  2⤵
  PID:7416
- C:\Windows\System\HyExRct.exe
  C:\Windows\System\HyExRct.exe
  2⤵
  PID:7284
- C:\Windows\System\pYsRFaA.exe
  C:\Windows\System\pYsRFaA.exe
  2⤵
  PID:7340
- C:\Windows\System\lLqwKpC.exe
  C:\Windows\System\lLqwKpC.exe
  2⤵
  PID:7376
- C:\Windows\System\ORVdnOh.exe
  C:\Windows\System\ORVdnOh.exe
  2⤵
  PID:7412
- C:\Windows\System\mJoTeAl.exe
  C:\Windows\System\mJoTeAl.exe
  2⤵
  PID:6380
- C:\Windows\System\vUKsgRz.exe
  C:\Windows\System\vUKsgRz.exe
  2⤵
  PID:6176
- C:\Windows\System\PZtnDbd.exe
  C:\Windows\System\PZtnDbd.exe
  2⤵
  PID:1496
- C:\Windows\System\vBBtbEM.exe
  C:\Windows\System\vBBtbEM.exe
  2⤵
  PID:7476
- C:\Windows\System\iiuNxTP.exe
  C:\Windows\System\iiuNxTP.exe
  2⤵
  PID:7528
- C:\Windows\System\LyzsSvr.exe
  C:\Windows\System\LyzsSvr.exe
  2⤵
  PID:7608
- C:\Windows\System\dCrzmzr.exe
  C:\Windows\System\dCrzmzr.exe
  2⤵
  PID:7768
- C:\Windows\System\EQFixWc.exe
  C:\Windows\System\EQFixWc.exe
  2⤵
  PID:7728
- C:\Windows\System\rPAaWHZ.exe
  C:\Windows\System\rPAaWHZ.exe
  2⤵
  PID:7688
- C:\Windows\System\VMKgBzp.exe
  C:\Windows\System\VMKgBzp.exe
  2⤵
  PID:7592
- C:\Windows\System\PxTyttJ.exe
  C:\Windows\System\PxTyttJ.exe
  2⤵
  PID:6460
- C:\Windows\System\UFGNJNe.exe
  C:\Windows\System\UFGNJNe.exe
  2⤵
  PID:7732
- C:\Windows\System\QLpuyhC.exe
  C:\Windows\System\QLpuyhC.exe
  2⤵
  PID:7692
- C:\Windows\System\dkXWUkw.exe
  C:\Windows\System\dkXWUkw.exe
  2⤵
  PID:7868
- C:\Windows\System\EmSlcmt.exe
  C:\Windows\System\EmSlcmt.exe
  2⤵
  PID:8012
- C:\Windows\System\alsFVqs.exe
  C:\Windows\System\alsFVqs.exe
  2⤵
  PID:8144
- C:\Windows\System\KNjHIZp.exe
  C:\Windows\System\KNjHIZp.exe
  2⤵
  PID:8060
- C:\Windows\System\ePnhWhJ.exe
  C:\Windows\System\ePnhWhJ.exe
  2⤵
  PID:8076
- C:\Windows\System\sLBkelC.exe
  C:\Windows\System\sLBkelC.exe
  2⤵
  PID:7276
- C:\Windows\System\rQAoWBn.exe
  C:\Windows\System\rQAoWBn.exe
  2⤵
  PID:6716
- C:\Windows\System\AohAoZc.exe
  C:\Windows\System\AohAoZc.exe
  2⤵
  PID:7320
- C:\Windows\System\xJfmNXf.exe
  C:\Windows\System\xJfmNXf.exe
  2⤵
  PID:6908
- C:\Windows\System\amMGEZu.exe
  C:\Windows\System\amMGEZu.exe
  2⤵
  PID:7448
- C:\Windows\System\ELawOkc.exe
  C:\Windows\System\ELawOkc.exe
  2⤵
  PID:7196
- C:\Windows\System\Uolwmpq.exe
  C:\Windows\System\Uolwmpq.exe
  2⤵
  PID:7316
- C:\Windows\System\QdbWNlw.exe
  C:\Windows\System\QdbWNlw.exe
  2⤵
  PID:7336
- C:\Windows\System\Wihvozm.exe
  C:\Windows\System\Wihvozm.exe
  2⤵
  PID:7228
- C:\Windows\System\nSMoYLd.exe
  C:\Windows\System\nSMoYLd.exe
  2⤵
  PID:7248
- C:\Windows\System\uPcYsAL.exe
  C:\Windows\System\uPcYsAL.exe
  2⤵
  PID:8140
- C:\Windows\System\CzerhEI.exe
  C:\Windows\System\CzerhEI.exe
  2⤵
  PID:7212
- C:\Windows\System\TQFCRyt.exe
  C:\Windows\System\TQFCRyt.exe
  2⤵
  PID:7432
- C:\Windows\System\oiIWdWI.exe
  C:\Windows\System\oiIWdWI.exe
  2⤵
  PID:7392
- C:\Windows\System\mnLXbDh.exe
  C:\Windows\System\mnLXbDh.exe
  2⤵
  PID:7544
- C:\Windows\System\SextWEk.exe
  C:\Windows\System\SextWEk.exe
  2⤵
  PID:7404
- C:\Windows\System\jlWZtdj.exe
  C:\Windows\System\jlWZtdj.exe
  2⤵
  PID:7752
- C:\Windows\System\njTeFsS.exe
  C:\Windows\System\njTeFsS.exe
  2⤵
  PID:1020
- C:\Windows\System\sGUzcmD.exe
  C:\Windows\System\sGUzcmD.exe
  2⤵
  PID:2820
- C:\Windows\System\nXYONbA.exe
  C:\Windows\System\nXYONbA.exe
  2⤵
  PID:7488
- C:\Windows\System\cLJAADs.exe
  C:\Windows\System\cLJAADs.exe
  2⤵
  PID:7580
- C:\Windows\System\zVLyXMB.exe
  C:\Windows\System\zVLyXMB.exe
  2⤵
  PID:8240
- C:\Windows\System\ZmKmFId.exe
  C:\Windows\System\ZmKmFId.exe
  2⤵
  PID:8260
- C:\Windows\System\Spfsjmn.exe
  C:\Windows\System\Spfsjmn.exe
  2⤵
  PID:8276
- C:\Windows\System\rRWtXPN.exe
  C:\Windows\System\rRWtXPN.exe
  2⤵
  PID:8292
- C:\Windows\System\xFQDAFR.exe
  C:\Windows\System\xFQDAFR.exe
  2⤵
  PID:8308
- C:\Windows\System\kCrOlxJ.exe
  C:\Windows\System\kCrOlxJ.exe
  2⤵
  PID:8324
- C:\Windows\System\khOMlgH.exe
  C:\Windows\System\khOMlgH.exe
  2⤵
  PID:8340
- C:\Windows\System\NLhOiDn.exe
  C:\Windows\System\NLhOiDn.exe
  2⤵
  PID:8360
- C:\Windows\System\wVQFIAP.exe
  C:\Windows\System\wVQFIAP.exe
  2⤵
  PID:8376
- C:\Windows\System\VhAGcqU.exe
  C:\Windows\System\VhAGcqU.exe
  2⤵
  PID:8392
- C:\Windows\System\qmNlpwL.exe
  C:\Windows\System\qmNlpwL.exe
  2⤵
  PID:8408
- C:\Windows\System\iHceiTg.exe
  C:\Windows\System\iHceiTg.exe
  2⤵
  PID:8424
- C:\Windows\System\vFCUtLb.exe
  C:\Windows\System\vFCUtLb.exe
  2⤵
  PID:8440
- C:\Windows\System\ifgQXKw.exe
  C:\Windows\System\ifgQXKw.exe
  2⤵
  PID:8456
- C:\Windows\System\YxflzNp.exe
  C:\Windows\System\YxflzNp.exe
  2⤵
  PID:8472
- C:\Windows\System\KwhqAct.exe
  C:\Windows\System\KwhqAct.exe
  2⤵
  PID:8488
- C:\Windows\System\pwXqWHL.exe
  C:\Windows\System\pwXqWHL.exe
  2⤵
  PID:8508
- C:\Windows\System\iOimOOX.exe
  C:\Windows\System\iOimOOX.exe
  2⤵
  PID:8524
- C:\Windows\System\jwLoZaM.exe
  C:\Windows\System\jwLoZaM.exe
  2⤵
  PID:8540
- C:\Windows\System\JIViFDW.exe
  C:\Windows\System\JIViFDW.exe
  2⤵
  PID:8556
- C:\Windows\System\rCGmfHu.exe
  C:\Windows\System\rCGmfHu.exe
  2⤵
  PID:8576
- C:\Windows\System\uEvnLse.exe
  C:\Windows\System\uEvnLse.exe
  2⤵
  PID:8592
- C:\Windows\System\OdGHEvi.exe
  C:\Windows\System\OdGHEvi.exe
  2⤵
  PID:8608
- C:\Windows\System\buOfHni.exe
  C:\Windows\System\buOfHni.exe
  2⤵
  PID:8624
- C:\Windows\System\pFsQsxD.exe
  C:\Windows\System\pFsQsxD.exe
  2⤵
  PID:8640
- C:\Windows\System\WQgxgwz.exe
  C:\Windows\System\WQgxgwz.exe
  2⤵
  PID:8660
- C:\Windows\System\JLXevUY.exe
  C:\Windows\System\JLXevUY.exe
  2⤵
  PID:8680
- C:\Windows\System\cWvRUDe.exe
  C:\Windows\System\cWvRUDe.exe
  2⤵
  PID:8696
- C:\Windows\System\nthVgqf.exe
  C:\Windows\System\nthVgqf.exe
  2⤵
  PID:8712
- C:\Windows\System\ALokeFZ.exe
  C:\Windows\System\ALokeFZ.exe
  2⤵
  PID:8728
- C:\Windows\System\lqIhvEP.exe
  C:\Windows\System\lqIhvEP.exe
  2⤵
  PID:8744
- C:\Windows\System\ivCJOKV.exe
  C:\Windows\System\ivCJOKV.exe
  2⤵
  PID:8764
- C:\Windows\System\scZWrgR.exe
  C:\Windows\System\scZWrgR.exe
  2⤵
  PID:8780
- C:\Windows\System\WkFuUVr.exe
  C:\Windows\System\WkFuUVr.exe
  2⤵
  PID:8796
- C:\Windows\System\DQnJeHx.exe
  C:\Windows\System\DQnJeHx.exe
  2⤵
  PID:8812
- C:\Windows\System\FSxsDEv.exe
  C:\Windows\System\FSxsDEv.exe
  2⤵
  PID:8828
- C:\Windows\System\EkgOjEK.exe
  C:\Windows\System\EkgOjEK.exe
  2⤵
  PID:8844
- C:\Windows\System\mTmIsJC.exe
  C:\Windows\System\mTmIsJC.exe
  2⤵
  PID:8860
- C:\Windows\System\OjHqfnS.exe
  C:\Windows\System\OjHqfnS.exe
  2⤵
  PID:8876
- C:\Windows\System\VPhANUx.exe
  C:\Windows\System\VPhANUx.exe
  2⤵
  PID:8892
- C:\Windows\System\jxxYMYr.exe
  C:\Windows\System\jxxYMYr.exe
  2⤵
  PID:8908
- C:\Windows\System\QWlRNuN.exe
  C:\Windows\System\QWlRNuN.exe
  2⤵
  PID:8924
- C:\Windows\System\YtIAGtC.exe
  C:\Windows\System\YtIAGtC.exe
  2⤵
  PID:8940
- C:\Windows\System\WysGxlM.exe
  C:\Windows\System\WysGxlM.exe
  2⤵
  PID:8956
- C:\Windows\System\KMKMaNg.exe
  C:\Windows\System\KMKMaNg.exe
  2⤵
  PID:8972
- C:\Windows\System\VqwaAOF.exe
  C:\Windows\System\VqwaAOF.exe
  2⤵
  PID:8988
- C:\Windows\System\EifPOrn.exe
  C:\Windows\System\EifPOrn.exe
  2⤵
  PID:9004
- C:\Windows\System\bOToxVU.exe
  C:\Windows\System\bOToxVU.exe
  2⤵
  PID:9020
- C:\Windows\System\eLXOqAu.exe
  C:\Windows\System\eLXOqAu.exe
  2⤵
  PID:9036
- C:\Windows\System\svLTGmc.exe
  C:\Windows\System\svLTGmc.exe
  2⤵
  PID:9052
- C:\Windows\System\xhxVQDy.exe
  C:\Windows\System\xhxVQDy.exe
  2⤵
  PID:9068
- C:\Windows\System\uxQmBwW.exe
  C:\Windows\System\uxQmBwW.exe
  2⤵
  PID:9084
- C:\Windows\System\RfUwYbr.exe
  C:\Windows\System\RfUwYbr.exe
  2⤵
  PID:9100
- C:\Windows\System\WbqMgKY.exe
  C:\Windows\System\WbqMgKY.exe
  2⤵
  PID:9116
- C:\Windows\System\QMXzWfq.exe
  C:\Windows\System\QMXzWfq.exe
  2⤵
  PID:9132
- C:\Windows\System\NJNvnCy.exe
  C:\Windows\System\NJNvnCy.exe
  2⤵
  PID:9148
- C:\Windows\System\CNAaiZA.exe
  C:\Windows\System\CNAaiZA.exe
  2⤵
  PID:9164
- C:\Windows\System\Ulcddml.exe
  C:\Windows\System\Ulcddml.exe
  2⤵
  PID:9184
- C:\Windows\System\jlPnlUo.exe
  C:\Windows\System\jlPnlUo.exe
  2⤵
  PID:9208
- C:\Windows\System\MzANHDw.exe
  C:\Windows\System\MzANHDw.exe
  2⤵
  PID:7724
- C:\Windows\System\LkOmPYM.exe
  C:\Windows\System\LkOmPYM.exe
  2⤵
  PID:8088
- C:\Windows\System\hDThhtP.exe
  C:\Windows\System\hDThhtP.exe
  2⤵
  PID:7852
- C:\Windows\System\jySPpLJ.exe
  C:\Windows\System\jySPpLJ.exe
  2⤵
  PID:7280
- C:\Windows\System\QEOStGU.exe
  C:\Windows\System\QEOStGU.exe
  2⤵
  PID:7948
- C:\Windows\System\MHWAbUS.exe
  C:\Windows\System\MHWAbUS.exe
  2⤵
  PID:7424
- C:\Windows\System\MUWPUzy.exe
  C:\Windows\System\MUWPUzy.exe
  2⤵
  PID:7396
- C:\Windows\System\NXDjFMA.exe
  C:\Windows\System\NXDjFMA.exe
  2⤵
  PID:8256
- C:\Windows\System\LRsvxGl.exe
  C:\Windows\System\LRsvxGl.exe
  2⤵
  PID:8156
- C:\Windows\System\rqnudBy.exe
  C:\Windows\System\rqnudBy.exe
  2⤵
  PID:8008
- C:\Windows\System\zkgyRIa.exe
  C:\Windows\System\zkgyRIa.exe
  2⤵
  PID:1512
- C:\Windows\System\ExgZNhE.exe
  C:\Windows\System\ExgZNhE.exe
  2⤵
  PID:7216
- C:\Windows\System\yKgbELT.exe
  C:\Windows\System\yKgbELT.exe
  2⤵
  PID:8348
- C:\Windows\System\ANGcfDJ.exe
  C:\Windows\System\ANGcfDJ.exe
  2⤵
  PID:7308
- C:\Windows\System\VNiAfua.exe
  C:\Windows\System\VNiAfua.exe
  2⤵
  PID:8352
- C:\Windows\System\bIvpNMn.exe
  C:\Windows\System\bIvpNMn.exe
  2⤵
  PID:7236
- C:\Windows\System\IKZmiER.exe
  C:\Windows\System\IKZmiER.exe
  2⤵
  PID:8204
- C:\Windows\System\CRfWmxn.exe
  C:\Windows\System\CRfWmxn.exe
  2⤵
  PID:8272
- C:\Windows\System\JNlmzti.exe
  C:\Windows\System\JNlmzti.exe
  2⤵
  PID:8388
- C:\Windows\System\kwAEHoZ.exe
  C:\Windows\System\kwAEHoZ.exe
  2⤵
  PID:8332
- C:\Windows\System\WXZVxop.exe
  C:\Windows\System\WXZVxop.exe
  2⤵
  PID:8448
- C:\Windows\System\PRDzcid.exe
  C:\Windows\System\PRDzcid.exe
  2⤵
  PID:8372
- C:\Windows\System\OBeOyQF.exe
  C:\Windows\System\OBeOyQF.exe
  2⤵
  PID:8400
- C:\Windows\System\cqtBBTK.exe
  C:\Windows\System\cqtBBTK.exe
  2⤵
  PID:928
- C:\Windows\System\byJQtvM.exe
  C:\Windows\System\byJQtvM.exe
  2⤵
  PID:8432
- C:\Windows\System\kRiyCzQ.exe
  C:\Windows\System\kRiyCzQ.exe
  2⤵
  PID:924
- C:\Windows\System\ntBGSCf.exe
  C:\Windows\System\ntBGSCf.exe
  2⤵
  PID:8620
- C:\Windows\System\PWtTyfA.exe
  C:\Windows\System\PWtTyfA.exe
  2⤵
  PID:8572
- C:\Windows\System\uAlyjNT.exe
  C:\Windows\System\uAlyjNT.exe
  2⤵
  PID:8568
- C:\Windows\System\iDOjsNN.exe
  C:\Windows\System\iDOjsNN.exe
  2⤵
  PID:8688
- C:\Windows\System\iBiqVSF.exe
  C:\Windows\System\iBiqVSF.exe
  2⤵
  PID:8636
- C:\Windows\System\wpCpeQq.exe
  C:\Windows\System\wpCpeQq.exe
  2⤵
  PID:8752
- C:\Windows\System\gATmHei.exe
  C:\Windows\System\gATmHei.exe
  2⤵
  PID:8820
- C:\Windows\System\DjamOwo.exe
  C:\Windows\System\DjamOwo.exe
  2⤵
  PID:8852
- C:\Windows\System\wYUDoZc.exe
  C:\Windows\System\wYUDoZc.exe
  2⤵
  PID:8916
- C:\Windows\System\QsNReAp.exe
  C:\Windows\System\QsNReAp.exe
  2⤵
  PID:8952
- C:\Windows\System\RWQrmun.exe
  C:\Windows\System\RWQrmun.exe
  2⤵
  PID:8980
- C:\Windows\System\SKwuVvC.exe
  C:\Windows\System\SKwuVvC.exe
  2⤵
  PID:1812
- C:\Windows\System\NDrkbhT.exe
  C:\Windows\System\NDrkbhT.exe
  2⤵
  PID:8968
- C:\Windows\System\AQvWOHu.exe
  C:\Windows\System\AQvWOHu.exe
  2⤵
  PID:8840
- C:\Windows\System\PVLlsnQ.exe
  C:\Windows\System\PVLlsnQ.exe
  2⤵
  PID:9028
- C:\Windows\System\NUEQuHM.exe
  C:\Windows\System\NUEQuHM.exe
  2⤵
  PID:9108
- C:\Windows\System\KCLDSnT.exe
  C:\Windows\System\KCLDSnT.exe
  2⤵
  PID:9144
- C:\Windows\System\CEczgta.exe
  C:\Windows\System\CEczgta.exe
  2⤵
  PID:9064
- C:\Windows\System\MPqfNDp.exe
  C:\Windows\System\MPqfNDp.exe
  2⤵
  PID:9092
- C:\Windows\System\uRAazzc.exe
  C:\Windows\System\uRAazzc.exe
  2⤵
  PID:9156
- C:\Windows\System\SpDufRc.exe
  C:\Windows\System\SpDufRc.exe
  2⤵
  PID:7244
- C:\Windows\System\gyDouCo.exe
  C:\Windows\System\gyDouCo.exe
  2⤵
  PID:7348
- C:\Windows\System\PpEuZYF.exe
  C:\Windows\System\PpEuZYF.exe
  2⤵
  PID:7328
- C:\Windows\System\sxdDUdI.exe
  C:\Windows\System\sxdDUdI.exe
  2⤵
  PID:8232
- C:\Windows\System\rnuEopZ.exe
  C:\Windows\System\rnuEopZ.exe
  2⤵
  PID:7472
- C:\Windows\System\SoMxFGl.exe
  C:\Windows\System\SoMxFGl.exe
  2⤵
  PID:7252
- C:\Windows\System\eoYTCeX.exe
  C:\Windows\System\eoYTCeX.exe
  2⤵
  PID:7832
- C:\Windows\System\JFSUihx.exe
  C:\Windows\System\JFSUihx.exe
  2⤵
  PID:7672
- C:\Windows\System\EjdYDGB.exe
  C:\Windows\System\EjdYDGB.exe
  2⤵
  PID:6608
- C:\Windows\System\KkqYdmE.exe
  C:\Windows\System\KkqYdmE.exe
  2⤵
  PID:7440
- C:\Windows\System\aGnvovk.exe
  C:\Windows\System\aGnvovk.exe
  2⤵
  PID:8368
- C:\Windows\System\rBBXerG.exe
  C:\Windows\System\rBBXerG.exe
  2⤵
  PID:8504
- C:\Windows\System\ICbRcmm.exe
  C:\Windows\System\ICbRcmm.exe
  2⤵
  PID:8496
- C:\Windows\System\RWMogtD.exe
  C:\Windows\System\RWMogtD.exe
  2⤵
  PID:968
- C:\Windows\System\FFfIqoT.exe
  C:\Windows\System\FFfIqoT.exe
  2⤵
  PID:8616
- C:\Windows\System\hknJCmt.exe
  C:\Windows\System\hknJCmt.exe
  2⤵
  PID:8532
- C:\Windows\System\uUtQEcP.exe
  C:\Windows\System\uUtQEcP.exe
  2⤵
  PID:8792
- C:\Windows\System\NLbCPcY.exe
  C:\Windows\System\NLbCPcY.exe
  2⤵
  PID:8704
- C:\Windows\System\ktVeHUn.exe
  C:\Windows\System\ktVeHUn.exe
  2⤵
  PID:8708
- C:\Windows\System\jeCRujh.exe
  C:\Windows\System\jeCRujh.exe
  2⤵
  PID:8772
- C:\Windows\System\zXswyBY.exe
  C:\Windows\System\zXswyBY.exe
  2⤵
  PID:8984
- C:\Windows\System\TavCSjY.exe
  C:\Windows\System\TavCSjY.exe
  2⤵
  PID:8900
- C:\Windows\System\BzhwoWp.exe
  C:\Windows\System\BzhwoWp.exe
  2⤵
  PID:8996
- C:\Windows\System\LjwzyOk.exe
  C:\Windows\System\LjwzyOk.exe
  2⤵
  PID:7696
- C:\Windows\System\PPmeRYO.exe
  C:\Windows\System\PPmeRYO.exe
  2⤵
  PID:9124
- C:\Windows\System\PEjmzbJ.exe
  C:\Windows\System\PEjmzbJ.exe
  2⤵
  PID:1464
- C:\Windows\System\DGTCcMY.exe
  C:\Windows\System\DGTCcMY.exe
  2⤵
  PID:5352
- C:\Windows\System\REjkzvp.exe
  C:\Windows\System\REjkzvp.exe
  2⤵
  PID:2880
- C:\Windows\System\cwfjhUb.exe
  C:\Windows\System\cwfjhUb.exe
  2⤵
  PID:7128
- C:\Windows\System\syzcLUD.exe
  C:\Windows\System\syzcLUD.exe
  2⤵
  PID:7288
- C:\Windows\System\aDQEKJj.exe
  C:\Windows\System\aDQEKJj.exe
  2⤵
  PID:2908
- C:\Windows\System\uRzeObD.exe
  C:\Windows\System\uRzeObD.exe
  2⤵
  PID:8484
- C:\Windows\System\IeooNha.exe
  C:\Windows\System\IeooNha.exe
  2⤵
  PID:8268
- C:\Windows\System\ONHNVqX.exe
  C:\Windows\System\ONHNVqX.exe
  2⤵
  PID:8632
- C:\Windows\System\huHDrhl.exe
  C:\Windows\System\huHDrhl.exe
  2⤵
  PID:8776
- C:\Windows\System\ILBuhOL.exe
  C:\Windows\System\ILBuhOL.exe
  2⤵
  PID:8948
- C:\Windows\System\SdwwLEJ.exe
  C:\Windows\System\SdwwLEJ.exe
  2⤵
  PID:8868
- C:\Windows\System\kZpGxvZ.exe
  C:\Windows\System\kZpGxvZ.exe
  2⤵
  PID:9128
- C:\Windows\System\zFgUppC.exe
  C:\Windows\System\zFgUppC.exe
  2⤵
  PID:9176
- C:\Windows\System\DEJzNKY.exe
  C:\Windows\System\DEJzNKY.exe
  2⤵
  PID:8588
- C:\Windows\System\WRiBEuR.exe
  C:\Windows\System\WRiBEuR.exe
  2⤵
  PID:8480
- C:\Windows\System\vDJChcY.exe
  C:\Windows\System\vDJChcY.exe
  2⤵
  PID:8964
- C:\Windows\System\AtUoSOQ.exe
  C:\Windows\System\AtUoSOQ.exe
  2⤵
  PID:9264
- C:\Windows\System\oGzkbyV.exe
  C:\Windows\System\oGzkbyV.exe
  2⤵
  PID:9284
- C:\Windows\System\xNdMPUu.exe
  C:\Windows\System\xNdMPUu.exe
  2⤵
  PID:9316
- C:\Windows\System\swweJLI.exe
  C:\Windows\System\swweJLI.exe
  2⤵
  PID:9352
- C:\Windows\System\nqHRDJt.exe
  C:\Windows\System\nqHRDJt.exe
  2⤵
  PID:9376
- C:\Windows\System\QqqvUHb.exe
  C:\Windows\System\QqqvUHb.exe
  2⤵
  PID:9404
- C:\Windows\System\dGjoisE.exe
  C:\Windows\System\dGjoisE.exe
  2⤵
  PID:9512
- C:\Windows\System\VTMPApt.exe
  C:\Windows\System\VTMPApt.exe
  2⤵
  PID:9528
- C:\Windows\System\knfxncN.exe
  C:\Windows\System\knfxncN.exe
  2⤵
  PID:9544
- C:\Windows\System\KSkmmZl.exe
  C:\Windows\System\KSkmmZl.exe
  2⤵
  PID:9560
- C:\Windows\System\VjXKdOX.exe
  C:\Windows\System\VjXKdOX.exe
  2⤵
  PID:9576
- C:\Windows\System\mHQrOHi.exe
  C:\Windows\System\mHQrOHi.exe
  2⤵
  PID:9592
- C:\Windows\System\ptdROOm.exe
  C:\Windows\System\ptdROOm.exe
  2⤵
  PID:9608
- C:\Windows\System\eweGyUw.exe
  C:\Windows\System\eweGyUw.exe
  2⤵
  PID:9624
- C:\Windows\System\HiewZhG.exe
  C:\Windows\System\HiewZhG.exe
  2⤵
  PID:9640
- C:\Windows\System\WKSHBdY.exe
  C:\Windows\System\WKSHBdY.exe
  2⤵
  PID:9656
- C:\Windows\System\YcWnlVQ.exe
  C:\Windows\System\YcWnlVQ.exe
  2⤵
  PID:9684
- C:\Windows\System\kBopLFZ.exe
  C:\Windows\System\kBopLFZ.exe
  2⤵
  PID:9708
- C:\Windows\System\gYyxfhN.exe
  C:\Windows\System\gYyxfhN.exe
  2⤵
  PID:9732
- C:\Windows\System\dFGnqWU.exe
  C:\Windows\System\dFGnqWU.exe
  2⤵
  PID:9752
- C:\Windows\System\ECKCooO.exe
  C:\Windows\System\ECKCooO.exe
  2⤵
  PID:9768
- C:\Windows\System\vcmNSkI.exe
  C:\Windows\System\vcmNSkI.exe
  2⤵
  PID:9784
- C:\Windows\System\XAytsgt.exe
  C:\Windows\System\XAytsgt.exe
  2⤵
  PID:9800
- C:\Windows\System\ZXAHddD.exe
  C:\Windows\System\ZXAHddD.exe
  2⤵
  PID:9816
- C:\Windows\System\wxUZHGM.exe
  C:\Windows\System\wxUZHGM.exe
  2⤵
  PID:9832
- C:\Windows\System\WHlgPzT.exe
  C:\Windows\System\WHlgPzT.exe
  2⤵
  PID:9848
- C:\Windows\System\fzySkpb.exe
  C:\Windows\System\fzySkpb.exe
  2⤵
  PID:9864
- C:\Windows\System\gbFGWMJ.exe
  C:\Windows\System\gbFGWMJ.exe
  2⤵
  PID:9880
- C:\Windows\System\iOMyjIu.exe
  C:\Windows\System\iOMyjIu.exe
  2⤵
  PID:9896
- C:\Windows\System\ODEPloU.exe
  C:\Windows\System\ODEPloU.exe
  2⤵
  PID:9912
- C:\Windows\System\ckTwKVB.exe
  C:\Windows\System\ckTwKVB.exe
  2⤵
  PID:9928
- C:\Windows\System\GHhnXCS.exe
  C:\Windows\System\GHhnXCS.exe
  2⤵
  PID:9944
- C:\Windows\System\xEouIie.exe
  C:\Windows\System\xEouIie.exe
  2⤵
  PID:9960
- C:\Windows\System\ZoKwpiV.exe
  C:\Windows\System\ZoKwpiV.exe
  2⤵
  PID:9980
- C:\Windows\System\nIzJvjR.exe
  C:\Windows\System\nIzJvjR.exe
  2⤵
  PID:9996
- C:\Windows\System\xphkwOq.exe
  C:\Windows\System\xphkwOq.exe
  2⤵
  PID:10012
- C:\Windows\System\igchnKl.exe
  C:\Windows\System\igchnKl.exe
  2⤵
  PID:10028
- C:\Windows\System\OtJZJge.exe
  C:\Windows\System\OtJZJge.exe
  2⤵
  PID:10044
- C:\Windows\System\XLjWIGI.exe
  C:\Windows\System\XLjWIGI.exe
  2⤵
  PID:10060
- C:\Windows\System\BEHdaOV.exe
  C:\Windows\System\BEHdaOV.exe
  2⤵
  PID:10076
- C:\Windows\System\UtUrIkV.exe
  C:\Windows\System\UtUrIkV.exe
  2⤵
  PID:10092
- C:\Windows\System\iumxrpc.exe
  C:\Windows\System\iumxrpc.exe
  2⤵
  PID:10116
- C:\Windows\System\fiIzTzV.exe
  C:\Windows\System\fiIzTzV.exe
  2⤵
  PID:10144
- C:\Windows\System\rvOXSmv.exe
  C:\Windows\System\rvOXSmv.exe
  2⤵
  PID:10576
- C:\Windows\System\cyrCgLX.exe
  C:\Windows\System\cyrCgLX.exe
  2⤵
  PID:10592
- C:\Windows\System\nadhmJP.exe
  C:\Windows\System\nadhmJP.exe
  2⤵
  PID:10608
- C:\Windows\System\aAvTfCc.exe
  C:\Windows\System\aAvTfCc.exe
  2⤵
  PID:10624
- C:\Windows\System\dUdZgLb.exe
  C:\Windows\System\dUdZgLb.exe
  2⤵
  PID:10640
- C:\Windows\System\CQeMUOd.exe
  C:\Windows\System\CQeMUOd.exe
  2⤵
  PID:10656
- C:\Windows\System\rgHDOMv.exe
  C:\Windows\System\rgHDOMv.exe
  2⤵
  PID:10672
- C:\Windows\System\LACzRmV.exe
  C:\Windows\System\LACzRmV.exe
  2⤵
  PID:10688
- C:\Windows\System\zRTVCXt.exe
  C:\Windows\System\zRTVCXt.exe
  2⤵
  PID:10704
- C:\Windows\System\DQQtQAs.exe
  C:\Windows\System\DQQtQAs.exe
  2⤵
  PID:10720
- C:\Windows\System\pjalIsv.exe
  C:\Windows\System\pjalIsv.exe
  2⤵
  PID:10736
- C:\Windows\System\vwnSwDh.exe
  C:\Windows\System\vwnSwDh.exe
  2⤵
  PID:10752
- C:\Windows\System\qYmoQuI.exe
  C:\Windows\System\qYmoQuI.exe
  2⤵
  PID:10768
- C:\Windows\System\aLaDZkQ.exe
  C:\Windows\System\aLaDZkQ.exe
  2⤵
  PID:10784
- C:\Windows\System\SuLwBON.exe
  C:\Windows\System\SuLwBON.exe
  2⤵
  PID:10800
- C:\Windows\System\RByhrFF.exe
  C:\Windows\System\RByhrFF.exe
  2⤵
  PID:10816
- C:\Windows\System\cuuZFgr.exe
  C:\Windows\System\cuuZFgr.exe
  2⤵
  PID:10848
- C:\Windows\System\rPBfKos.exe
  C:\Windows\System\rPBfKos.exe
  2⤵
  PID:10864
- C:\Windows\System\RjfDuHE.exe
  C:\Windows\System\RjfDuHE.exe
  2⤵
  PID:10880
- C:\Windows\System\lDbmonc.exe
  C:\Windows\System\lDbmonc.exe
  2⤵
  PID:10896
- C:\Windows\System\jDbrEXL.exe
  C:\Windows\System\jDbrEXL.exe
  2⤵
  PID:10912
- C:\Windows\System\lZRuhgK.exe
  C:\Windows\System\lZRuhgK.exe
  2⤵
  PID:10928
- C:\Windows\System\jEFYhFF.exe
  C:\Windows\System\jEFYhFF.exe
  2⤵
  PID:10944
- C:\Windows\System\xdQzFwx.exe
  C:\Windows\System\xdQzFwx.exe
  2⤵
  PID:10960
- C:\Windows\System\cAsmZFq.exe
  C:\Windows\System\cAsmZFq.exe
  2⤵
  PID:10992
- C:\Windows\System\dOPEiqc.exe
  C:\Windows\System\dOPEiqc.exe
  2⤵
  PID:11008
- C:\Windows\System\UvlnvJH.exe
  C:\Windows\System\UvlnvJH.exe
  2⤵
  PID:11024
- C:\Windows\System\QUNFiBX.exe
  C:\Windows\System\QUNFiBX.exe
  2⤵
  PID:11044
- C:\Windows\System\cfIWyzU.exe
  C:\Windows\System\cfIWyzU.exe
  2⤵
  PID:11060
- C:\Windows\System\kXkypqq.exe
  C:\Windows\System\kXkypqq.exe
  2⤵
  PID:11076
- C:\Windows\System\BCWrohY.exe
  C:\Windows\System\BCWrohY.exe
  2⤵
  PID:11092
- C:\Windows\System\sugNNET.exe
  C:\Windows\System\sugNNET.exe
  2⤵
  PID:11108
- C:\Windows\System\bzWokCe.exe
  C:\Windows\System\bzWokCe.exe
  2⤵
  PID:11136
- C:\Windows\System\bQYHtMG.exe
  C:\Windows\System\bQYHtMG.exe
  2⤵
  PID:11152
- C:\Windows\System\DhqvzNr.exe
  C:\Windows\System\DhqvzNr.exe
  2⤵
  PID:11168
- C:\Windows\System\WXFGsng.exe
  C:\Windows\System\WXFGsng.exe
  2⤵
  PID:11184
- C:\Windows\System\xAvgQgO.exe
  C:\Windows\System\xAvgQgO.exe
  2⤵
  PID:11200
- C:\Windows\System\dFOABqe.exe
  C:\Windows\System\dFOABqe.exe
  2⤵
  PID:11216
- C:\Windows\System\cysbNKk.exe
  C:\Windows\System\cysbNKk.exe
  2⤵
  PID:11232
- C:\Windows\System\YdDItBv.exe
  C:\Windows\System\YdDItBv.exe
  2⤵
  PID:11248
- C:\Windows\System\twcuSXW.exe
  C:\Windows\System\twcuSXW.exe
  2⤵
  PID:10128
- C:\Windows\System\CdlNMpH.exe
  C:\Windows\System\CdlNMpH.exe
  2⤵
  PID:10588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CbLZSlP.exe

Filesize
1.7MB

MD5
571e0870684008d61116eef4232bd748

SHA1
b70a9fe965e18177380a83b0bd215ae1438f0563

SHA256
6808465e80755d130a0d70630f71d151f265587542104596272f11aa362d0cde

SHA512
7de3972da5d606b43143c0e51e4c18a4d8eb9746bce98b001cfc54ff0144be4bd9b68f456e3dedb033ea231372be16f5061dc1a691233d4137da6a0707e04ec4

Download Submit
C:\Windows\system\DsCcwZI.exe

Filesize
1.7MB

MD5
f2aebe7b98f853f03d86180ca28498ab

SHA1
ad5ad54d49de996bb34ff71c06dd354c418c3308

SHA256
7e84d25af3f6b17182cd86a65613688420073a43f6186ae53452da59c20259ea

SHA512
1010f25ded3e5a228c90ce60248792bb762cfd001e8bd6d0b91c2512389b0262203bf1bf95e6be032d9514ddf3026ef3209ed60b1641319ac92879d97b2ac231

Download Submit
C:\Windows\system\EzxgNoh.exe

Filesize
1.7MB

MD5
d720966c5728c2c72a94746c7015fb4c

SHA1
95d383167f732f4603992da6970fefc6f5a941a8

SHA256
00badc8141cc0408714110ebfdd5f84a268a46d4f5fef0b4973e693e8649ba87

SHA512
3278b7759d6b48625690d241070898014d216cc9626a16fed8b6080b12511e4837a6c12d2ad3e748769f63c0357d6580b9abb509f4ae65958003e49dc5290048

Download Submit
C:\Windows\system\GppKqPa.exe

Filesize
1.7MB

MD5
78ad0c869e7ccec707f8f9a35ff57912

SHA1
d0e1369696e90a9345827c5a01f891ba729c3d04

SHA256
4381b0d841376e6eab4fc2a6901ba6d6baa11cb6c4b43703608e055b662342d0

SHA512
b4163417315e8dbc0cbafb4cafce7f2c33cce01fae5075178139edcbcd48513e2747c9045851c3747256c401a3113991aef05c07d0d6ffeeb83e84378c4641ab

Download Submit
C:\Windows\system\JDbLPuJ.exe

Filesize
1.7MB

MD5
98fed68f5fecd2aaaa78b8b733b2b572

SHA1
51551e3113759026dfbf10561b74b19bced7c2ec

SHA256
d64274fbb80857c9b8c958629a1d22ae43cf2a14110c205049e7742a3bfc4cb8

SHA512
375af951476ac83373a8f4327d75e7594942ef363d61d001fcc20523c7ca86e6dd54f0ac83b2720045e4e99c666002b42161ac5447502f0aa36e1dcf2434fa87

Download Submit
C:\Windows\system\Jbzgcbj.exe

Filesize
1.7MB

MD5
72d3220f6c59a0d264bd28a8681ca380

SHA1
211bac63f444237498abe930bfd4b8f1570ee576

SHA256
043a0a39038f67e672f5cfe18a40941ccd1562f932f3cf6800888d2c356d6668

SHA512
440d56b71d58ba68fad9bd4eddb8926488a1672d9d4f1fb27e7f883cfc63aaa7b2ef2373faa4918d3410ae0438ca65825944474420201db6f393758b4ef69ff2

Download Submit
C:\Windows\system\KIxIUmF.exe

Filesize
1.7MB

MD5
821ba36fe7f67771ee81ddd38b741c76

SHA1
b604bce2bc3407875ada050062548c42bab8a76c

SHA256
01f938dcce35320f447d671a0d916bf1ba63412681bbc166b5fb5c9e40b6b204

SHA512
2423576b1d0e0c0fb6ed6aef14584423ecf7ef17445f8c950c2b6f64e0203d0e1c7408a5e3feeda273f8fc718bfb9a9fef985e585e096ac128f6bcce28806f81

Download Submit
C:\Windows\system\OewZNhz.exe

Filesize
1.7MB

MD5
75c504ba5c0a43dcce96a5cd2254b15f

SHA1
00cc9c7f1f4fecdf7413e18664b440263d40266f

SHA256
225822bc1e70878abe6b6325b92d6b245ae3d5566210dcd79dd69e3b2eafd6ab

SHA512
637fd5e07671cb339ac8d3008f506759d7e187d4ae7b32c09872db65a8af2505610ec523bde81b02a8bb7fb98c5f0d00c3e4a86ca94c1d0691c6bd02bae956a1

Download Submit
C:\Windows\system\QZeibVI.exe

Filesize
1.7MB

MD5
f7c57991fd670428fd15ca1e4a13fc8c

SHA1
251bd4ca854b576f02f1f13be3303c2a20368f06

SHA256
1477b64271bcf22506b1eafe549d194ef279b394196bbfa6f446c021386e22c2

SHA512
291a120d9df0f25c07991fc8ce020aefa5899531c1e9e5a9f2cfb2d431a62d62f6acdc4e72fd20034882900d1670c05e9a3ef78c260b3a6dc7845f933944eace

Download Submit
C:\Windows\system\SGdvRBo.exe

Filesize
1.7MB

MD5
1960ac0b7dc11d85469d97962c8e9b0d

SHA1
c1942f0ec605c0ddf6618cebbc40cb00dcc72c84

SHA256
845063383592ea5dce604941b67ef978df40e5c3ffc47e88fb142adfe5bbccbf

SHA512
579af7c883226fb93deba7170f474b58e537c4fded2e2a23e96cd097cc8e5f0b0c583397a7bd493b3768f3b946c3255bd600a161691f133f427acd6c6812ff07

Download Submit
C:\Windows\system\UJWeVCh.exe

Filesize
1.7MB

MD5
20bfbdb2e5ccf9d84ce8337c6c73dadd

SHA1
ff6297bef2c3fba6db974d93568e9ac0968a3864

SHA256
6aae2f590898ccdbcf124bab0b0859924efd321596d997107b0f58f57269a136

SHA512
e884b967163e47e455bd0b8ecf09e37cfd3114a1cbcdd58db2f437d89b69b297d5c4458f0560087528798529ba41e84ee31eea8e29a8468f1a3357ce5b7778c7

Download Submit
C:\Windows\system\VALNpEf.exe

Filesize
1.7MB

MD5
465a8739a8857c74124c5265562d1ad4

SHA1
7339a441ae6d77d51157a1787c05c52a74876c3a

SHA256
b3782214234e5df166bab908f51320be04f2a86c5af3391e75fc59300f3eeaa4

SHA512
f7ea9a80fef30e02ae62b8d73a1dd73e1d2ec94ca4a486c64f7a6e56a3bff556bf34f9de4ecb58a8629c2c567a42696122cbdf45722d86a46335a7ec7e91a43f

Download Submit
C:\Windows\system\ZjUbGSL.exe

Filesize
1.7MB

MD5
5e3246bec488f8e60227dc746532eccf

SHA1
0b8a68b03e193cde0e08ec60a81c5b76f83ec40e

SHA256
d7221dd819712b51958f5811ac6ab0db55ad4c0a88b17a11e1261e2d4b3246b0

SHA512
4d2c0982f17367bcacb6eaf58fb8a27880f579bd16828199fd3d52dcaeb052c8d0cf543d417da15df436c886544de01bd05b404e20e365e66a8ddb5c3dd37b18

Download Submit
C:\Windows\system\dbQqEps.exe

Filesize
1.8MB

MD5
4311269e3f0cef069d9aa6110b1ac459

SHA1
9f9f31ffce0f788e548b8bd57889419c2378b1d9

SHA256
7ca8a25e02154b0d31dc15c1303b40f60e21d57accc875062941d5c9233680ee

SHA512
db4c8e2113637e905b7442df858177f6ea107baa7e69abaa69539f68bffaf87f0f642f56a4b4995c31674e0e2c5f95678a4ffec2cf321ad7d8735f6f68a60d39

Download Submit
C:\Windows\system\eTEgWXj.exe

Filesize
1.7MB

MD5
82a143b74704589dcb55edbf50f649fd

SHA1
b04ef9f5583c26e3aba163d66697fa8e31dc1f06

SHA256
8faf12d2ca0c3c2050fdc5adc0ca4c313babd9388f9e9de76cfd8415b3173639

SHA512
cdca94df465f91712eb2be26d8d90b85019a5d8862b2c2d39044c051a468603221bb29fdd7f92301baa8645566b225843663f1cf083159c351770cb773e44f32

Download Submit
C:\Windows\system\eaQwnjD.exe

Filesize
1.7MB

MD5
14e58d7644d6d4066ad9ff7f74155b35

SHA1
37433c00c3edd684a6a71419955aea0823ec4a28

SHA256
32874c23864050d91fa7ae63da530542e2748c7f8137cb58428f6938703ed4cd

SHA512
383f50b2f6208ce0de8cf1d4103e1d4c7d7339233eca4f8bc046540ea56727d9acc68e5fb0c7011fc646bbb0c7bcf6841360d494367f3f7bb4952099699f6cd6

Download Submit
C:\Windows\system\fBBdoGR.exe

Filesize
1.7MB

MD5
3e64ef46313e795f76634c29553f4c5a

SHA1
42736a55e8d9a16a77c027e02dc511d29f6603f1

SHA256
5b17b5ecd2e37e24eb4717f03c6e0c5cdabb1525a4b7923e1f691d51ef65c603

SHA512
bd4b8f8ade954f5eac8c5bd85a53ecb970dac4d27a9681bda0f47aaf073194472c25c69674fd20f4d3eeacf31a902a70fe135ba4fe72ff89730fc79476ed886d

Download Submit
C:\Windows\system\hqqNweD.exe

Filesize
1.8MB

MD5
85da68f0c486450d31c59b359b9098f3

SHA1
207c43de25c5d9672c18d3d37235e777f6684ba0

SHA256
880732d88fc5c306a7b35a12f6df9c8d618194ebc6ddad5506b9844c94554bf4

SHA512
6d2de6ae17dfcf45773aa4dc0b1410029170dc4ee8a29f98ebbb5cbd3b4982e76ecf05e0e47cd95607bc16f25a2e286b64d4b555bdd0293603ed62b9f16b7e5b

Download Submit
C:\Windows\system\jzSnyRA.exe

Filesize
1.7MB

MD5
3b80ddf2a706f416266a6bf9b2cf10c3

SHA1
e62cfc093da699b60e27499bdfa7f99d99916ad7

SHA256
2e9c9fddc9e6e17a55ecde83e6e5a2bc270b44b4b0277477e3b96bf6ed74a96b

SHA512
5622e865a659bc738466f07efbfec3225fd2ddf64ab9d4ee2105aa5852a7f403be936b23677d26c359992e9297e6c57759b7eaf87d2b0eccd0c85766b97dcf8b

Download Submit
C:\Windows\system\msyNZVw.exe

Filesize
1.7MB

MD5
01013df3f3a194987cce01dded8fd8fb

SHA1
5da16cfd7d645acd5f4931cf0c158346e60616fc

SHA256
bc8d3bd00ef157ac466b28b41979de2f2d4416b0cfe11e6fe6ede425e5b10327

SHA512
aae3230805ea30d0910b8af186af6646c4e52f0a795d3d17139462cb6d471e4c8ab8f3441e0f5c515a10afe9584f1214a51c1f9035cd4f70b8a3512592e84aa2

Download Submit
C:\Windows\system\nDSLFft.exe

Filesize
1.7MB

MD5
bb4413d3a17ca5b6fc7ab7952edd439c

SHA1
c7be2e304189ec9a003df6998c005175877aa79f

SHA256
78d71ad6644d3f58b7d5f1d853ee7396f1e10e12b5f96075abbde04b9e08da32

SHA512
3030b8181d5daa5151617c5583e5f29179f691ee794315977c3ac419abc6ec7993d1385760a80c82957e6214d45a8028954a8e1193d1ba1876b3c46b62220066

Download Submit
C:\Windows\system\oNEgRAo.exe

Filesize
1.7MB

MD5
6c16d3e10e41c1fcd4151bceb026051b

SHA1
5f27e368eb0dc4263788f5891ea69304dea93e9c

SHA256
fc8c96f840399f3236f1c916c83e506401e668c46a5b8f3446246a94d458c599

SHA512
a46fdb3c1c5b8501f940c0f030998cf46d2af304e2721a52b3629675c2f62dc73c22e6f9cdc12fc977ba6682f6ca1d7f19f61cec57c5ced510a90cf8e36588cf

Download Submit
C:\Windows\system\qHelpqd.exe

Filesize
1.7MB

MD5
c187a0d8f062fe709d6a42f0418aef0e

SHA1
f7066452f684a6bd958c3b92ce67a0cef9ac497b

SHA256
7e3081bf91962fd12f66a64d1ae5a03427ce6989cf328a89062b393383f1eddc

SHA512
d57c0b3dffd25cf7a3c01c167398daa1ea34e960006f228650e3152187376d56cda243230398ded147263ecd48396aa8cebf57af57250770d11c259293ac2080

Download Submit
C:\Windows\system\uJwLoHk.exe

Filesize
1.7MB

MD5
53d004e016f5024fdab97016e3313697

SHA1
c8c5cba06c1e47596035f825c95717380fca192c

SHA256
5ac08f6bdbf0ae90bb1ab55fe0401ebd218d4323ac52e054929c27773918e8e1

SHA512
fe5a402cb5059978fe46de6d9135f99766a7461f4af18c1e6307a7b735bfc51015fc34cff2b850ef455e91724e22e5c1de8be83d0cffa5e30887fd9620bc7d08

Download Submit
C:\Windows\system\uQNQkCA.exe

Filesize
1.7MB

MD5
a3a75b984a6054317b6346e02dbdbd02

SHA1
9936af1892de29189dae6e3b868f090dbde5e78a

SHA256
34b5de8d6b1e634bd6b0964495ec24ac72f33e3c2d5ab93dcdad67260568d7e8

SHA512
352203f35807054baffb00b7792d52f3056ac6670d713204a0723ee35992963605a18c71bb05e2f3cc5a26b55006b5df0b9932aa433077ff56980ea9594de91b

Download Submit
C:\Windows\system\zGcXBIs.exe

Filesize
1.8MB

MD5
48c0b8e26cd2f10371b32d1087dc36f0

SHA1
88cc557cdfaea6c68690989df1433ccc3cde3e32

SHA256
f29e5bd54b71dc23c2fec248706659993ab9defb41f9193cb809bd2b228d980a

SHA512
c10bd92b13d39b501324e65b963e6b0fd0c0f4d5df24c4d9cdcc1bdaee2201c9f37467c4385de9338228d20c8593ebbbc2f40823d0b59010284b3b451e25ab9b

Download Submit
\Windows\system\BTGSsTx.exe

Filesize
1.7MB

MD5
14e8985649aa5276696f33d22376d112

SHA1
57e0d822225bb994e16892a07e3f8e2058e697f0

SHA256
00438e39d44b60fdfaa1a55c006020d408f3c92d1c087b783a66be0a036180e4

SHA512
0620e0cfe9a2ee479945d7aba92265b988966e15fa46981d3898b5e1089a28875908dc5e60ca5a897c211c5881076c83e89edbf94f9eb0077dc5fe4169da5d48

Download Submit
\Windows\system\DkdFLUn.exe

Filesize
1.7MB

MD5
224394350cb4ada994c9ca1f96469902

SHA1
4be6ffdca99679e76babd8152e412472627511d9

SHA256
e49edd8d22bace015a6cd9d636588a265b98a2ecb9ae63d4eac39384ca02d274

SHA512
a5277a0c1b73281ba239ce0860d2c72d613321c77eceb30667ae9d5128afb416e06dac7eb8a4ae26369a971f2d19b16e3e6716bfe23bacde028d4fac871dc9a3

Download Submit
\Windows\system\awonPDo.exe

Filesize
1.7MB

MD5
bde7dcb16f990dc0b02345881f8e0b96

SHA1
a2296e0ddac8d8f245441911981a205451be8c87

SHA256
085e3d535cdfb51da70e8f0bbbf86b777805c458ffd3d9f672bc99a5f527330c

SHA512
60eff11581b2a18246d799d531f4fd3787fb2f5a9a22eada3474d427546e7110d6a3224c130e7826fea3cb5e8bcdb4be1a228357fb84454c38fcfb8d8a32a14c

Download Submit
\Windows\system\faIRQJj.exe

Filesize
1.7MB

MD5
47dafbab4565249df2a99db39bf7e8f0

SHA1
0e2c5e99b61356670013cf35fce998fafb3aefec

SHA256
25faf0ce437cfceaa7f9944bf9f109033ae591a8d5dd1aab5f986889623c6e43

SHA512
dd8f573a91e02b089d6f5bd520de43d5e8cb19c01b0a67aef5ff2b916bebaca647e6ef20350eebc1023756fc6065a85bf84ad9db6aca285cef131a3158325430

Download Submit
\Windows\system\nUjqKtv.exe

Filesize
1.7MB

MD5
7139a5548261c923ec6d19734e234898

SHA1
978f75e3f9945885a290a9d543dfcf6d788cf46d

SHA256
318da91fa2a39dca51be3d4a8af70bb87f779f65e877b807756620318680f315

SHA512
98b1833c3d0f5215968616635b61dd734abc4d81d5ae6291a6f65c051cdb55a043baf023caa1e6200b42da10c177544bb9c8e652874b310f16da8471f6bdbdfc

Download Submit
\Windows\system\tICmkOr.exe

Filesize
1.7MB

MD5
7d2dae2711fce28dd4ab0aa005ded4f7

SHA1
d495c36064aafabbb87ccfbe3717109eae614544

SHA256
e75029d9eef0994dd369ca48e7d6f0e2097a7e6a1479078e58b368a34dbf62ee

SHA512
5c070b67709105767c59e4038448f0582f6aa95caf5853400f57d19597db16547a3569d824c232b5defea46b3651918fa0fe548e31cceac94046a60220e53bfe

Download Submit
memory/1008-3297-0x000000013F650000-0x000000013FA42000-memory.dmp

Filesize
3.9MB

Download
memory/1008-102-0x000000013F650000-0x000000013FA42000-memory.dmp

Filesize
3.9MB

Download
memory/1072-27-0x000007FEF628E000-0x000007FEF628F000-memory.dmp

Filesize
4KB

Download
memory/1072-133-0x000007FEF5FD0000-0x000007FEF696D000-memory.dmp

Filesize
9.6MB

Download
memory/1072-76-0x000007FEF5FD0000-0x000007FEF696D000-memory.dmp

Filesize
9.6MB

Download
memory/1072-41-0x0000000001F40000-0x0000000001F48000-memory.dmp

Filesize
32KB

Download
memory/1072-74-0x000007FEF5FD0000-0x000007FEF696D000-memory.dmp

Filesize
9.6MB

Download
memory/1072-40-0x000000001B300000-0x000000001B5E2000-memory.dmp

Filesize
2.9MB

Download
memory/1156-2655-0x000000013F7D0000-0x000000013FBC2000-memory.dmp

Filesize
3.9MB

Download
memory/1156-99-0x000000013F7D0000-0x000000013FBC2000-memory.dmp

Filesize
3.9MB

Download
memory/2080-97-0x000000013F700000-0x000000013FAF2000-memory.dmp

Filesize
3.9MB

Download
memory/2080-2758-0x000000013F700000-0x000000013FAF2000-memory.dmp

Filesize
3.9MB

Download
memory/2240-8-0x0000000002A20000-0x0000000002E12000-memory.dmp

Filesize
3.9MB

Download
memory/2240-103-0x0000000002A20000-0x0000000002E12000-memory.dmp

Filesize
3.9MB

Download
memory/2240-96-0x0000000002A20000-0x0000000002E12000-memory.dmp

Filesize
3.9MB

Download
memory/2240-94-0x0000000002A20000-0x0000000002E12000-memory.dmp

Filesize
3.9MB

Download
memory/2240-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2240-98-0x0000000002A20000-0x0000000002E12000-memory.dmp

Filesize
3.9MB

Download
memory/2240-82-0x000000013F530000-0x000000013F922000-memory.dmp

Filesize
3.9MB

Download
memory/2240-89-0x0000000002A20000-0x0000000002E12000-memory.dmp

Filesize
3.9MB

Download
memory/2240-80-0x0000000002A20000-0x0000000002E12000-memory.dmp

Filesize
3.9MB

Download
memory/2240-100-0x000000013F650000-0x000000013FA42000-memory.dmp

Filesize
3.9MB

Download
memory/2240-21-0x000000013F050000-0x000000013F442000-memory.dmp

Filesize
3.9MB

Download
memory/2240-0-0x000000013FA90000-0x000000013FE82000-memory.dmp

Filesize
3.9MB

Download
memory/2240-78-0x0000000002A20000-0x0000000002E12000-memory.dmp

Filesize
3.9MB

Download
memory/2356-3130-0x000000013F530000-0x000000013F922000-memory.dmp

Filesize
3.9MB

Download
memory/2356-87-0x000000013F530000-0x000000013F922000-memory.dmp

Filesize
3.9MB

Download
memory/2384-3296-0x000000013FCD0000-0x00000001400C2000-memory.dmp

Filesize
3.9MB

Download
memory/2384-93-0x000000013FCD0000-0x00000001400C2000-memory.dmp

Filesize
3.9MB

Download
memory/2444-79-0x000000013FE10000-0x0000000140202000-memory.dmp

Filesize
3.9MB

Download
memory/2444-2586-0x000000013FE10000-0x0000000140202000-memory.dmp

Filesize
3.9MB

Download
memory/2540-9-0x000000013F780000-0x000000013FB72000-memory.dmp

Filesize
3.9MB

Download
memory/2540-2995-0x000000013F780000-0x000000013FB72000-memory.dmp

Filesize
3.9MB

Download
memory/2608-81-0x000000013FC80000-0x0000000140072000-memory.dmp

Filesize
3.9MB

Download
memory/2608-1803-0x000000013FC80000-0x0000000140072000-memory.dmp

Filesize
3.9MB

Download
memory/2620-26-0x000000013F050000-0x000000013F442000-memory.dmp

Filesize
3.9MB

Download
memory/2620-3132-0x000000013F050000-0x000000013F442000-memory.dmp

Filesize
3.9MB

Download
memory/2840-2656-0x000000013FBF0000-0x000000013FFE2000-memory.dmp

Filesize
3.9MB

Download
memory/2840-95-0x000000013FBF0000-0x000000013FFE2000-memory.dmp

Filesize
3.9MB

Download
memory/2912-3298-0x000000013F7D0000-0x000000013FBC2000-memory.dmp

Filesize
3.9MB

Download
memory/2912-77-0x000000013F7D0000-0x000000013FBC2000-memory.dmp

Filesize
3.9MB

Download
memory/3040-2809-0x000000013FDE0000-0x00000001401D2000-memory.dmp

Filesize
3.9MB

Download
memory/3040-14-0x000000013FDE0000-0x00000001401D2000-memory.dmp

Filesize
3.9MB

Download