xmrig | 265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
01/08/2024, 21:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
Size

2.4MB
MD5

8a4247829c44dfbcd6b73eeac6037f74
SHA1

416e583bab033bab23ed2ade2a7a1c721189f54a
SHA256

265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25
SHA512

3273229e3c1160f5c055769b07c7e6aeaced3ef69ae0179e789ddaa7af280c8c63b78ca38b4093bb0d20459154ccb822385957686e60a45e3ae1359fc9959292
SSDEEP

49152:Lz071uv4BPMkibTIA5sf6r+WVc2HhG82g1VQx7Va4qrS2:NABM

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral2/memory/4528-201-0x00007FF673330000-0x00007FF673722000-memory.dmp	xmrig
behavioral2/memory/416-221-0x00007FF6F7EC0000-0x00007FF6F82B2000-memory.dmp	xmrig
behavioral2/memory/440-229-0x00007FF7AC110000-0x00007FF7AC502000-memory.dmp	xmrig
behavioral2/memory/3732-254-0x00007FF6099A0000-0x00007FF609D92000-memory.dmp	xmrig
behavioral2/memory/3672-262-0x00007FF704040000-0x00007FF704432000-memory.dmp	xmrig
behavioral2/memory/3032-267-0x00007FF77BB30000-0x00007FF77BF22000-memory.dmp	xmrig
behavioral2/memory/4700-266-0x00007FF695760000-0x00007FF695B52000-memory.dmp	xmrig
behavioral2/memory/764-265-0x00007FF65B7D0000-0x00007FF65BBC2000-memory.dmp	xmrig
behavioral2/memory/2900-264-0x00007FF7E8430000-0x00007FF7E8822000-memory.dmp	xmrig
behavioral2/memory/1240-261-0x00007FF6F1C50000-0x00007FF6F2042000-memory.dmp	xmrig
behavioral2/memory/372-260-0x00007FF679B20000-0x00007FF679F12000-memory.dmp	xmrig
behavioral2/memory/1480-259-0x00007FF6992B0000-0x00007FF6996A2000-memory.dmp	xmrig
behavioral2/memory/4916-258-0x00007FF794040000-0x00007FF794432000-memory.dmp	xmrig
behavioral2/memory/4328-257-0x00007FF7EEB00000-0x00007FF7EEEF2000-memory.dmp	xmrig
behavioral2/memory/3164-256-0x00007FF79AD10000-0x00007FF79B102000-memory.dmp	xmrig
behavioral2/memory/2884-230-0x00007FF7C4A10000-0x00007FF7C4E02000-memory.dmp	xmrig
behavioral2/memory/264-222-0x00007FF7F28E0000-0x00007FF7F2CD2000-memory.dmp	xmrig
behavioral2/memory/856-219-0x00007FF704AF0000-0x00007FF704EE2000-memory.dmp	xmrig
behavioral2/memory/1236-200-0x00007FF716D90000-0x00007FF717182000-memory.dmp	xmrig
behavioral2/memory/1492-174-0x00007FF74A420000-0x00007FF74A812000-memory.dmp	xmrig
behavioral2/memory/1048-146-0x00007FF647C20000-0x00007FF648012000-memory.dmp	xmrig
behavioral2/memory/4416-103-0x00007FF76CF40000-0x00007FF76D332000-memory.dmp	xmrig
behavioral2/memory/1624-4164-0x00007FF7B63D0000-0x00007FF7B67C2000-memory.dmp	xmrig
behavioral2/memory/5076-4171-0x00007FF72DBD0000-0x00007FF72DFC2000-memory.dmp	xmrig
behavioral2/memory/2900-4176-0x00007FF7E8430000-0x00007FF7E8822000-memory.dmp	xmrig
behavioral2/memory/764-4190-0x00007FF65B7D0000-0x00007FF65BBC2000-memory.dmp	xmrig
behavioral2/memory/1492-4188-0x00007FF74A420000-0x00007FF74A812000-memory.dmp	xmrig
behavioral2/memory/4416-4183-0x00007FF76CF40000-0x00007FF76D332000-memory.dmp	xmrig
behavioral2/memory/1048-4180-0x00007FF647C20000-0x00007FF648012000-memory.dmp	xmrig
behavioral2/memory/4528-4200-0x00007FF673330000-0x00007FF673722000-memory.dmp	xmrig
behavioral2/memory/856-4204-0x00007FF704AF0000-0x00007FF704EE2000-memory.dmp	xmrig
behavioral2/memory/4328-4228-0x00007FF7EEB00000-0x00007FF7EEEF2000-memory.dmp	xmrig
behavioral2/memory/3032-4255-0x00007FF77BB30000-0x00007FF77BF22000-memory.dmp	xmrig
behavioral2/memory/3672-4263-0x00007FF704040000-0x00007FF704432000-memory.dmp	xmrig
behavioral2/memory/4700-4258-0x00007FF695760000-0x00007FF695B52000-memory.dmp	xmrig
behavioral2/memory/372-4250-0x00007FF679B20000-0x00007FF679F12000-memory.dmp	xmrig
behavioral2/memory/1480-4248-0x00007FF6992B0000-0x00007FF6996A2000-memory.dmp	xmrig
behavioral2/memory/4916-4244-0x00007FF794040000-0x00007FF794432000-memory.dmp	xmrig
behavioral2/memory/1240-4239-0x00007FF6F1C50000-0x00007FF6F2042000-memory.dmp	xmrig
behavioral2/memory/3164-4236-0x00007FF79AD10000-0x00007FF79B102000-memory.dmp	xmrig
behavioral2/memory/3732-4230-0x00007FF6099A0000-0x00007FF609D92000-memory.dmp	xmrig
behavioral2/memory/264-4219-0x00007FF7F28E0000-0x00007FF7F2CD2000-memory.dmp	xmrig
behavioral2/memory/1236-4217-0x00007FF716D90000-0x00007FF717182000-memory.dmp	xmrig
behavioral2/memory/416-4213-0x00007FF6F7EC0000-0x00007FF6F82B2000-memory.dmp	xmrig
behavioral2/memory/2884-4207-0x00007FF7C4A10000-0x00007FF7C4E02000-memory.dmp	xmrig
behavioral2/memory/440-4211-0x00007FF7AC110000-0x00007FF7AC502000-memory.dmp	xmrig
behavioral2/memory/4728-4515-0x00007FF672570000-0x00007FF672962000-memory.dmp	xmrig
behavioral2/memory/4728-4947-0x00007FF672570000-0x00007FF672962000-memory.dmp	xmrig

Blocklisted process makes network request 2 IoCs

flow	pid	Process
3	636	powershell.exe
5	636	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
636	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
1624	GGesdqv.exe
5076	cOPhBes.exe
2900	TcAfUBh.exe
764	chqshen.exe
4416	stXiwRs.exe
1048	yzQgovT.exe
1492	SLFmsDB.exe
1236	Wupukrx.exe
4528	EyfVSKf.exe
856	hEctZcK.exe
416	YuoHpPj.exe
264	QCZgXSE.exe
440	rxkdSkB.exe
2884	yJsWhyP.exe
3732	QsjZirJ.exe
3164	lfLjlGT.exe
4328	mqFFAwi.exe
4700	MORYdNp.exe
4916	fAKuEHZ.exe
1480	psMRyHQ.exe
372	dkgKYal.exe
1240	CzaaRYC.exe
3032	WKWkQIz.exe
3672	htbpOau.exe
1944	VYLpJhE.exe
1260	RQyjoKf.exe
3260	MwKplNN.exe
4600	dkwjmfu.exe
3008	dpHkUYf.exe
1600	IjxSNhy.exe
700	pqBGnuQ.exe
1636	nWmAOZk.exe
3080	LGmCfOq.exe
3952	wEiWbAC.exe
2260	VcNmrpK.exe
3428	fSuCAyd.exe
2924	fPcESjG.exe
2416	ctyMoBM.exe
2748	xtxUQET.exe
964	qfsbBaZ.exe
1140	faWLLhR.exe
4152	AUtFNSD.exe
184	DHiqbky.exe
3844	ZdBfpJG.exe
3976	dpjUeVA.exe
3904	agWodDk.exe
3656	YxKTXbf.exe
2628	RXxLziw.exe
4084	ipbxARx.exe
1364	ovxHUWG.exe
1896	NYLFveE.exe
4304	iNbVDjL.exe
748	SNgZUpI.exe
2272	htZZYnT.exe
2876	DNyLrhi.exe
716	byXtaZe.exe
1052	dKLvDJF.exe
5040	eNZbkWr.exe
1916	PIcvIUM.exe
2688	rbrGwaY.exe
768	vMvAZcq.exe
4864	usSRPAG.exe
1308	UpWulYi.exe
3640	UctAhar.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4728-0-0x00007FF672570000-0x00007FF672962000-memory.dmp	upx
behavioral2/files/0x0007000000023431-8.dat	upx
behavioral2/files/0x0007000000023432-26.dat	upx
behavioral2/files/0x0007000000023433-23.dat	upx
behavioral2/files/0x0007000000023436-47.dat	upx
behavioral2/files/0x000700000002343b-80.dat	upx
behavioral2/files/0x0007000000023441-110.dat	upx
behavioral2/files/0x0007000000023445-183.dat	upx
behavioral2/memory/4528-201-0x00007FF673330000-0x00007FF673722000-memory.dmp	upx
behavioral2/memory/416-221-0x00007FF6F7EC0000-0x00007FF6F82B2000-memory.dmp	upx
behavioral2/memory/440-229-0x00007FF7AC110000-0x00007FF7AC502000-memory.dmp	upx
behavioral2/memory/3732-254-0x00007FF6099A0000-0x00007FF609D92000-memory.dmp	upx
behavioral2/memory/3672-262-0x00007FF704040000-0x00007FF704432000-memory.dmp	upx
behavioral2/memory/3032-267-0x00007FF77BB30000-0x00007FF77BF22000-memory.dmp	upx
behavioral2/memory/4700-266-0x00007FF695760000-0x00007FF695B52000-memory.dmp	upx
behavioral2/memory/764-265-0x00007FF65B7D0000-0x00007FF65BBC2000-memory.dmp	upx
behavioral2/memory/2900-264-0x00007FF7E8430000-0x00007FF7E8822000-memory.dmp	upx
behavioral2/memory/1240-261-0x00007FF6F1C50000-0x00007FF6F2042000-memory.dmp	upx
behavioral2/memory/372-260-0x00007FF679B20000-0x00007FF679F12000-memory.dmp	upx
behavioral2/memory/1480-259-0x00007FF6992B0000-0x00007FF6996A2000-memory.dmp	upx
behavioral2/memory/4916-258-0x00007FF794040000-0x00007FF794432000-memory.dmp	upx
behavioral2/memory/4328-257-0x00007FF7EEB00000-0x00007FF7EEEF2000-memory.dmp	upx
behavioral2/memory/3164-256-0x00007FF79AD10000-0x00007FF79B102000-memory.dmp	upx
behavioral2/memory/2884-230-0x00007FF7C4A10000-0x00007FF7C4E02000-memory.dmp	upx
behavioral2/memory/264-222-0x00007FF7F28E0000-0x00007FF7F2CD2000-memory.dmp	upx
behavioral2/memory/856-219-0x00007FF704AF0000-0x00007FF704EE2000-memory.dmp	upx
behavioral2/memory/1236-200-0x00007FF716D90000-0x00007FF717182000-memory.dmp	upx
behavioral2/files/0x0007000000023451-191.dat	upx
behavioral2/files/0x0007000000023450-188.dat	upx
behavioral2/files/0x000700000002344b-179.dat	upx
behavioral2/memory/1492-174-0x00007FF74A420000-0x00007FF74A812000-memory.dmp	upx
behavioral2/files/0x000700000002344e-170.dat	upx
behavioral2/files/0x0007000000023440-167.dat	upx
behavioral2/files/0x0007000000023449-165.dat	upx
behavioral2/files/0x0007000000023448-162.dat	upx
behavioral2/files/0x000700000002344d-161.dat	upx
behavioral2/files/0x000800000002342e-160.dat	upx
behavioral2/files/0x0007000000023446-158.dat	upx
behavioral2/files/0x000700000002344f-177.dat	upx
behavioral2/files/0x0007000000023443-153.dat	upx
behavioral2/files/0x0007000000023442-150.dat	upx
behavioral2/memory/1048-146-0x00007FF647C20000-0x00007FF648012000-memory.dmp	upx
behavioral2/files/0x0007000000023447-144.dat	upx
behavioral2/files/0x0008000000023438-142.dat	upx
behavioral2/files/0x000700000002344c-141.dat	upx
behavioral2/files/0x000700000002343e-138.dat	upx
behavioral2/files/0x0007000000023444-137.dat	upx
behavioral2/files/0x000700000002344a-135.dat	upx
behavioral2/files/0x000700000002343f-127.dat	upx
behavioral2/files/0x000700000002343d-116.dat	upx
behavioral2/files/0x000700000002343c-114.dat	upx
behavioral2/files/0x0008000000023439-106.dat	upx
behavioral2/files/0x000700000002343a-97.dat	upx
behavioral2/memory/4416-103-0x00007FF76CF40000-0x00007FF76D332000-memory.dmp	upx
behavioral2/files/0x0007000000023437-73.dat	upx
behavioral2/files/0x0007000000023434-53.dat	upx
behavioral2/files/0x0007000000023435-44.dat	upx
behavioral2/files/0x0008000000023430-20.dat	upx
behavioral2/memory/5076-22-0x00007FF72DBD0000-0x00007FF72DFC2000-memory.dmp	upx
behavioral2/files/0x00090000000233dc-13.dat	upx
behavioral2/memory/1624-12-0x00007FF7B63D0000-0x00007FF7B67C2000-memory.dmp	upx
behavioral2/memory/1624-4164-0x00007FF7B63D0000-0x00007FF7B67C2000-memory.dmp	upx
behavioral2/memory/5076-4171-0x00007FF72DBD0000-0x00007FF72DFC2000-memory.dmp	upx
behavioral2/memory/2900-4176-0x00007FF7E8430000-0x00007FF7E8822000-memory.dmp	upx

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\STcznii.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\GoJAymr.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\KDfClfH.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\NaKCARA.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\lSaPTbe.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\cOPhBes.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\UpWulYi.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\ndYsyYO.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\rOvYBfQ.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\elwnnvz.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\myBtLcZ.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\ZjztFzZ.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\LWnluvr.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\tsZjzPO.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\vkbjTed.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\vLRwrcj.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\qRbPQfC.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\zvAIhYm.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\HVfzrUO.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\oroVuyP.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\bnWAuau.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\rvmtYYb.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\NalafXU.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\lZJmbOu.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\aFxZDOz.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\dXuWdub.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\QtPPLzL.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\tFOesud.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\QGPUXme.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\ZXGmXXV.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\nbXkKvs.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\Tbsdykw.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\vYfQLQk.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\lPHLpSZ.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\BPrFNEm.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\iNbVDjL.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\ZDLjfjp.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\AnndIKJ.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\IHGXPuO.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\SITnwpI.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\JzaXSii.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\MORYdNp.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\WGNUFZZ.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\blIjyEC.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\tBYPRUg.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\ovxHUWG.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\zVfvvvj.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\tPLURHr.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\UPzVjjj.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\pRfQibV.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\oZnNzIt.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\RXxLziw.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\llikFFJ.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\yPmoFye.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\lrLEPgQ.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\WpbdLRw.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\ekdoZsa.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\aMjfdDx.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\leEBgXx.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\xsvhUqk.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\DDUKbLv.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\lQijpHH.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\oQOeeuW.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
File created	C:\Windows\System\pnaQJKY.exe	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 21 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
636	powershell.exe
636	powershell.exe
636	powershell.exe

Suspicious behavior: LoadsDriver 64 IoCs

pid	Process
2260	Process not Found
2748	Process not Found
2924	Process not Found
2416	Process not Found
964	Process not Found
1140	Process not Found
4152	Process not Found
184	Process not Found
3844	Process not Found
1364	Process not Found
1896	Process not Found
3976	Process not Found
3904	Process not Found
3656	Process not Found
2628	Process not Found
4084	Process not Found
4304	Process not Found
748	Process not Found
2272	Process not Found
2876	Process not Found
5040	Process not Found
716	Process not Found
1052	Process not Found
1916	Process not Found
2688	Process not Found
768	Process not Found
4864	Process not Found
1308	Process not Found
3640	Process not Found
1372	Process not Found
4244	Process not Found
892	Process not Found
4788	Process not Found
3236	Process not Found
1996	Process not Found
1096	Process not Found
4016	Process not Found
5064	Process not Found
1076	Process not Found
2904	Process not Found
652	Process not Found
800	Process not Found
4592	Process not Found
2064	Process not Found
2796	Process not Found
1152	Process not Found
3956	Process not Found
5252	Process not Found
5276	Process not Found
5320	Process not Found
5364	Process not Found
5388	Process not Found
5440	Process not Found
5524	Process not Found
5736	Process not Found
5764	Process not Found
5840	Process not Found
5868	Process not Found
5932	Process not Found
6000	Process not Found
6028	Process not Found
5976	Process not Found
6092	Process not Found
5284	Process not Found

Suspicious use of AdjustPrivilegeToken 11 IoCs

description	pid	Process
Token: SeDebugPrivilege	636	powershell.exe
Token: SeLockMemoryPrivilege	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
Token: SeLockMemoryPrivilege	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
Token: SeCreateGlobalPrivilege	15060	dwm.exe
Token: SeChangeNotifyPrivilege	15060	dwm.exe
Token: 33	15060	dwm.exe
Token: SeIncBasePriorityPrivilege	15060	dwm.exe
Token: SeCreateGlobalPrivilege	14364	dwm.exe
Token: SeChangeNotifyPrivilege	14364	dwm.exe
Token: 33	14364	dwm.exe
Token: SeIncBasePriorityPrivilege	14364	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4728 wrote to memory of 636	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	84
PID 4728 wrote to memory of 636	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	84
PID 4728 wrote to memory of 1624	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	85
PID 4728 wrote to memory of 1624	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	85
PID 4728 wrote to memory of 5076	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	86
PID 4728 wrote to memory of 5076	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	86
PID 4728 wrote to memory of 2900	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	87
PID 4728 wrote to memory of 2900	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	87
PID 4728 wrote to memory of 4416	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	88
PID 4728 wrote to memory of 4416	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	88
PID 4728 wrote to memory of 764	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	89
PID 4728 wrote to memory of 764	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	89
PID 4728 wrote to memory of 1048	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	90
PID 4728 wrote to memory of 1048	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	90
PID 4728 wrote to memory of 1492	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	91
PID 4728 wrote to memory of 1492	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	91
PID 4728 wrote to memory of 1236	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	92
PID 4728 wrote to memory of 1236	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	92
PID 4728 wrote to memory of 4528	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	93
PID 4728 wrote to memory of 4528	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	93
PID 4728 wrote to memory of 856	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	94
PID 4728 wrote to memory of 856	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	94
PID 4728 wrote to memory of 3164	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	95
PID 4728 wrote to memory of 3164	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	95
PID 4728 wrote to memory of 416	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	96
PID 4728 wrote to memory of 416	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	96
PID 4728 wrote to memory of 264	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	97
PID 4728 wrote to memory of 264	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	97
PID 4728 wrote to memory of 440	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	98
PID 4728 wrote to memory of 440	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	98
PID 4728 wrote to memory of 2884	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	99
PID 4728 wrote to memory of 2884	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	99
PID 4728 wrote to memory of 3732	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	100
PID 4728 wrote to memory of 3732	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	100
PID 4728 wrote to memory of 4328	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	101
PID 4728 wrote to memory of 4328	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	101
PID 4728 wrote to memory of 1944	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	102
PID 4728 wrote to memory of 1944	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	102
PID 4728 wrote to memory of 4700	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	103
PID 4728 wrote to memory of 4700	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	103
PID 4728 wrote to memory of 4916	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	104
PID 4728 wrote to memory of 4916	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	104
PID 4728 wrote to memory of 1480	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	105
PID 4728 wrote to memory of 1480	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	105
PID 4728 wrote to memory of 4600	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	106
PID 4728 wrote to memory of 4600	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	106
PID 4728 wrote to memory of 3008	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	107
PID 4728 wrote to memory of 3008	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	107
PID 4728 wrote to memory of 372	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	108
PID 4728 wrote to memory of 372	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	108
PID 4728 wrote to memory of 1240	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	109
PID 4728 wrote to memory of 1240	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	109
PID 4728 wrote to memory of 3032	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	110
PID 4728 wrote to memory of 3032	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	110
PID 4728 wrote to memory of 3672	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	111
PID 4728 wrote to memory of 3672	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	111
PID 4728 wrote to memory of 1260	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	112
PID 4728 wrote to memory of 1260	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	112
PID 4728 wrote to memory of 3260	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	113
PID 4728 wrote to memory of 3260	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	113
PID 4728 wrote to memory of 1600	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	114
PID 4728 wrote to memory of 1600	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	114
PID 4728 wrote to memory of 1636	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	115
PID 4728 wrote to memory of 1636	4728	265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe	115

C:\Users\Admin\AppData\Local\Temp\265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe
"C:\Users\Admin\AppData\Local\Temp\265cd217dafad98b48d26d0af728fd99f5f7388a95b467f9832d3b096c298c25.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4728
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Blocklisted process makes network request
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:636
- - C:\Windows\system32\wermgr.exe
    "C:\Windows\system32\wermgr.exe" "-outproc" "0" "636" "2960" "2892" "2964" "0" "0" "2996" "0" "0" "0" "0" "0"
    3⤵
    PID:12796
- C:\Windows\System\GGesdqv.exe
  C:\Windows\System\GGesdqv.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\cOPhBes.exe
  C:\Windows\System\cOPhBes.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\TcAfUBh.exe
  C:\Windows\System\TcAfUBh.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\stXiwRs.exe
  C:\Windows\System\stXiwRs.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\chqshen.exe
  C:\Windows\System\chqshen.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\yzQgovT.exe
  C:\Windows\System\yzQgovT.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\SLFmsDB.exe
  C:\Windows\System\SLFmsDB.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\Wupukrx.exe
  C:\Windows\System\Wupukrx.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\EyfVSKf.exe
  C:\Windows\System\EyfVSKf.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\hEctZcK.exe
  C:\Windows\System\hEctZcK.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\lfLjlGT.exe
  C:\Windows\System\lfLjlGT.exe
  2⤵
  - Executes dropped EXE
  PID:3164
- C:\Windows\System\YuoHpPj.exe
  C:\Windows\System\YuoHpPj.exe
  2⤵
  - Executes dropped EXE
  PID:416
- C:\Windows\System\QCZgXSE.exe
  C:\Windows\System\QCZgXSE.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\rxkdSkB.exe
  C:\Windows\System\rxkdSkB.exe
  2⤵
  - Executes dropped EXE
  PID:440
- C:\Windows\System\yJsWhyP.exe
  C:\Windows\System\yJsWhyP.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\QsjZirJ.exe
  C:\Windows\System\QsjZirJ.exe
  2⤵
  - Executes dropped EXE
  PID:3732
- C:\Windows\System\mqFFAwi.exe
  C:\Windows\System\mqFFAwi.exe
  2⤵
  - Executes dropped EXE
  PID:4328
- C:\Windows\System\VYLpJhE.exe
  C:\Windows\System\VYLpJhE.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\MORYdNp.exe
  C:\Windows\System\MORYdNp.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\fAKuEHZ.exe
  C:\Windows\System\fAKuEHZ.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\psMRyHQ.exe
  C:\Windows\System\psMRyHQ.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\dkwjmfu.exe
  C:\Windows\System\dkwjmfu.exe
  2⤵
  - Executes dropped EXE
  PID:4600
- C:\Windows\System\dpHkUYf.exe
  C:\Windows\System\dpHkUYf.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\dkgKYal.exe
  C:\Windows\System\dkgKYal.exe
  2⤵
  - Executes dropped EXE
  PID:372
- C:\Windows\System\CzaaRYC.exe
  C:\Windows\System\CzaaRYC.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\WKWkQIz.exe
  C:\Windows\System\WKWkQIz.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\htbpOau.exe
  C:\Windows\System\htbpOau.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\RQyjoKf.exe
  C:\Windows\System\RQyjoKf.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\MwKplNN.exe
  C:\Windows\System\MwKplNN.exe
  2⤵
  - Executes dropped EXE
  PID:3260
- C:\Windows\System\IjxSNhy.exe
  C:\Windows\System\IjxSNhy.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\nWmAOZk.exe
  C:\Windows\System\nWmAOZk.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\pqBGnuQ.exe
  C:\Windows\System\pqBGnuQ.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\LGmCfOq.exe
  C:\Windows\System\LGmCfOq.exe
  2⤵
  - Executes dropped EXE
  PID:3080
- C:\Windows\System\wEiWbAC.exe
  C:\Windows\System\wEiWbAC.exe
  2⤵
  - Executes dropped EXE
  PID:3952
- C:\Windows\System\VcNmrpK.exe
  C:\Windows\System\VcNmrpK.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\fSuCAyd.exe
  C:\Windows\System\fSuCAyd.exe
  2⤵
  - Executes dropped EXE
  PID:3428
- C:\Windows\System\fPcESjG.exe
  C:\Windows\System\fPcESjG.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\ctyMoBM.exe
  C:\Windows\System\ctyMoBM.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\xtxUQET.exe
  C:\Windows\System\xtxUQET.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\qfsbBaZ.exe
  C:\Windows\System\qfsbBaZ.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\faWLLhR.exe
  C:\Windows\System\faWLLhR.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\AUtFNSD.exe
  C:\Windows\System\AUtFNSD.exe
  2⤵
  - Executes dropped EXE
  PID:4152
- C:\Windows\System\DHiqbky.exe
  C:\Windows\System\DHiqbky.exe
  2⤵
  - Executes dropped EXE
  PID:184
- C:\Windows\System\ZdBfpJG.exe
  C:\Windows\System\ZdBfpJG.exe
  2⤵
  - Executes dropped EXE
  PID:3844
- C:\Windows\System\dpjUeVA.exe
  C:\Windows\System\dpjUeVA.exe
  2⤵
  - Executes dropped EXE
  PID:3976
- C:\Windows\System\agWodDk.exe
  C:\Windows\System\agWodDk.exe
  2⤵
  - Executes dropped EXE
  PID:3904
- C:\Windows\System\YxKTXbf.exe
  C:\Windows\System\YxKTXbf.exe
  2⤵
  - Executes dropped EXE
  PID:3656
- C:\Windows\System\RXxLziw.exe
  C:\Windows\System\RXxLziw.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\ipbxARx.exe
  C:\Windows\System\ipbxARx.exe
  2⤵
  - Executes dropped EXE
  PID:4084
- C:\Windows\System\ovxHUWG.exe
  C:\Windows\System\ovxHUWG.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\NYLFveE.exe
  C:\Windows\System\NYLFveE.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\iNbVDjL.exe
  C:\Windows\System\iNbVDjL.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System\SNgZUpI.exe
  C:\Windows\System\SNgZUpI.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\htZZYnT.exe
  C:\Windows\System\htZZYnT.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\DNyLrhi.exe
  C:\Windows\System\DNyLrhi.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\byXtaZe.exe
  C:\Windows\System\byXtaZe.exe
  2⤵
  - Executes dropped EXE
  PID:716
- C:\Windows\System\dKLvDJF.exe
  C:\Windows\System\dKLvDJF.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\eNZbkWr.exe
  C:\Windows\System\eNZbkWr.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\PIcvIUM.exe
  C:\Windows\System\PIcvIUM.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\rbrGwaY.exe
  C:\Windows\System\rbrGwaY.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\vMvAZcq.exe
  C:\Windows\System\vMvAZcq.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\usSRPAG.exe
  C:\Windows\System\usSRPAG.exe
  2⤵
  - Executes dropped EXE
  PID:4864
- C:\Windows\System\UpWulYi.exe
  C:\Windows\System\UpWulYi.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\UctAhar.exe
  C:\Windows\System\UctAhar.exe
  2⤵
  - Executes dropped EXE
  PID:3640
- C:\Windows\System\ndbFbuc.exe
  C:\Windows\System\ndbFbuc.exe
  2⤵
  PID:1372
- C:\Windows\System\CZUvwut.exe
  C:\Windows\System\CZUvwut.exe
  2⤵
  PID:4244
- C:\Windows\System\IsOFmpm.exe
  C:\Windows\System\IsOFmpm.exe
  2⤵
  PID:892
- C:\Windows\System\AnJzhEO.exe
  C:\Windows\System\AnJzhEO.exe
  2⤵
  PID:4788
- C:\Windows\System\TTkIaHX.exe
  C:\Windows\System\TTkIaHX.exe
  2⤵
  PID:3236
- C:\Windows\System\ICKuRPp.exe
  C:\Windows\System\ICKuRPp.exe
  2⤵
  PID:1996
- C:\Windows\System\RVaOljx.exe
  C:\Windows\System\RVaOljx.exe
  2⤵
  PID:1096
- C:\Windows\System\FqhsbUl.exe
  C:\Windows\System\FqhsbUl.exe
  2⤵
  PID:4016
- C:\Windows\System\tGwnDZr.exe
  C:\Windows\System\tGwnDZr.exe
  2⤵
  PID:5064
- C:\Windows\System\SqPQWOf.exe
  C:\Windows\System\SqPQWOf.exe
  2⤵
  PID:1688
- C:\Windows\System\pHstQyC.exe
  C:\Windows\System\pHstQyC.exe
  2⤵
  PID:3564
- C:\Windows\System\rDGbhyf.exe
  C:\Windows\System\rDGbhyf.exe
  2⤵
  PID:1856
- C:\Windows\System\kEYKQhD.exe
  C:\Windows\System\kEYKQhD.exe
  2⤵
  PID:2768
- C:\Windows\System\kMHsqXA.exe
  C:\Windows\System\kMHsqXA.exe
  2⤵
  PID:4464
- C:\Windows\System\jGQyzbU.exe
  C:\Windows\System\jGQyzbU.exe
  2⤵
  PID:1760
- C:\Windows\System\MevYduL.exe
  C:\Windows\System\MevYduL.exe
  2⤵
  PID:1612
- C:\Windows\System\LRckIwZ.exe
  C:\Windows\System\LRckIwZ.exe
  2⤵
  PID:2040
- C:\Windows\System\WQQUdPo.exe
  C:\Windows\System\WQQUdPo.exe
  2⤵
  PID:3404
- C:\Windows\System\BYjOyRv.exe
  C:\Windows\System\BYjOyRv.exe
  2⤵
  PID:2504
- C:\Windows\System\ZAznJxy.exe
  C:\Windows\System\ZAznJxy.exe
  2⤵
  PID:4248
- C:\Windows\System\lPVzqpv.exe
  C:\Windows\System\lPVzqpv.exe
  2⤵
  PID:4488
- C:\Windows\System\DUxjWlV.exe
  C:\Windows\System\DUxjWlV.exe
  2⤵
  PID:4432
- C:\Windows\System\tcPvIbl.exe
  C:\Windows\System\tcPvIbl.exe
  2⤵
  PID:1684
- C:\Windows\System\CxZakpF.exe
  C:\Windows\System\CxZakpF.exe
  2⤵
  PID:3924
- C:\Windows\System\PUbHBpv.exe
  C:\Windows\System\PUbHBpv.exe
  2⤵
  PID:400
- C:\Windows\System\TPnDXAA.exe
  C:\Windows\System\TPnDXAA.exe
  2⤵
  PID:348
- C:\Windows\System\vzhyDzh.exe
  C:\Windows\System\vzhyDzh.exe
  2⤵
  PID:2584
- C:\Windows\System\ZbOGCMl.exe
  C:\Windows\System\ZbOGCMl.exe
  2⤵
  PID:112
- C:\Windows\System\SfdGmSe.exe
  C:\Windows\System\SfdGmSe.exe
  2⤵
  PID:1780
- C:\Windows\System\CovwIyj.exe
  C:\Windows\System\CovwIyj.exe
  2⤵
  PID:1000
- C:\Windows\System\Tbsdykw.exe
  C:\Windows\System\Tbsdykw.exe
  2⤵
  PID:2448
- C:\Windows\System\iZEXphA.exe
  C:\Windows\System\iZEXphA.exe
  2⤵
  PID:4684
- C:\Windows\System\ucJtkeu.exe
  C:\Windows\System\ucJtkeu.exe
  2⤵
  PID:2452
- C:\Windows\System\dXuWdub.exe
  C:\Windows\System\dXuWdub.exe
  2⤵
  PID:880
- C:\Windows\System\cTnqBOb.exe
  C:\Windows\System\cTnqBOb.exe
  2⤵
  PID:1900
- C:\Windows\System\AfREDNb.exe
  C:\Windows\System\AfREDNb.exe
  2⤵
  PID:1744
- C:\Windows\System\nXPtAjV.exe
  C:\Windows\System\nXPtAjV.exe
  2⤵
  PID:4044
- C:\Windows\System\bvrIEtS.exe
  C:\Windows\System\bvrIEtS.exe
  2⤵
  PID:3352
- C:\Windows\System\nPGsBSR.exe
  C:\Windows\System\nPGsBSR.exe
  2⤵
  PID:4300
- C:\Windows\System\EDPEXgu.exe
  C:\Windows\System\EDPEXgu.exe
  2⤵
  PID:3824
- C:\Windows\System\IfsmVXG.exe
  C:\Windows\System\IfsmVXG.exe
  2⤵
  PID:380
- C:\Windows\System\BFSibwG.exe
  C:\Windows\System\BFSibwG.exe
  2⤵
  PID:2124
- C:\Windows\System\HKkwojD.exe
  C:\Windows\System\HKkwojD.exe
  2⤵
  PID:1520
- C:\Windows\System\sXbzNrX.exe
  C:\Windows\System\sXbzNrX.exe
  2⤵
  PID:4564
- C:\Windows\System\UzRSqyf.exe
  C:\Windows\System\UzRSqyf.exe
  2⤵
  PID:5128
- C:\Windows\System\eZNmBMB.exe
  C:\Windows\System\eZNmBMB.exe
  2⤵
  PID:5156
- C:\Windows\System\mUoYPNu.exe
  C:\Windows\System\mUoYPNu.exe
  2⤵
  PID:5172
- C:\Windows\System\RIBbrjY.exe
  C:\Windows\System\RIBbrjY.exe
  2⤵
  PID:5200
- C:\Windows\System\FXjBvyK.exe
  C:\Windows\System\FXjBvyK.exe
  2⤵
  PID:5220
- C:\Windows\System\jMGanKn.exe
  C:\Windows\System\jMGanKn.exe
  2⤵
  PID:5248
- C:\Windows\System\ZDLjfjp.exe
  C:\Windows\System\ZDLjfjp.exe
  2⤵
  PID:5272
- C:\Windows\System\xlyImef.exe
  C:\Windows\System\xlyImef.exe
  2⤵
  PID:5292
- C:\Windows\System\XOjXuLZ.exe
  C:\Windows\System\XOjXuLZ.exe
  2⤵
  PID:5320
- C:\Windows\System\NYfLfpd.exe
  C:\Windows\System\NYfLfpd.exe
  2⤵
  PID:5344
- C:\Windows\System\iZWtrud.exe
  C:\Windows\System\iZWtrud.exe
  2⤵
  PID:5364
- C:\Windows\System\DAWIuBm.exe
  C:\Windows\System\DAWIuBm.exe
  2⤵
  PID:5388
- C:\Windows\System\TJPoQkr.exe
  C:\Windows\System\TJPoQkr.exe
  2⤵
  PID:5412
- C:\Windows\System\DEvXoCu.exe
  C:\Windows\System\DEvXoCu.exe
  2⤵
  PID:5440
- C:\Windows\System\WgTAfVV.exe
  C:\Windows\System\WgTAfVV.exe
  2⤵
  PID:5460
- C:\Windows\System\fHUsbaW.exe
  C:\Windows\System\fHUsbaW.exe
  2⤵
  PID:5484
- C:\Windows\System\IsFLumz.exe
  C:\Windows\System\IsFLumz.exe
  2⤵
  PID:5500
- C:\Windows\System\rCLTarA.exe
  C:\Windows\System\rCLTarA.exe
  2⤵
  PID:5524
- C:\Windows\System\GxGNYbW.exe
  C:\Windows\System\GxGNYbW.exe
  2⤵
  PID:5552
- C:\Windows\System\pZFJowd.exe
  C:\Windows\System\pZFJowd.exe
  2⤵
  PID:5572
- C:\Windows\System\IuElWic.exe
  C:\Windows\System\IuElWic.exe
  2⤵
  PID:5600
- C:\Windows\System\tdkemaf.exe
  C:\Windows\System\tdkemaf.exe
  2⤵
  PID:5616
- C:\Windows\System\eDLpcAG.exe
  C:\Windows\System\eDLpcAG.exe
  2⤵
  PID:5640
- C:\Windows\System\vTObDbn.exe
  C:\Windows\System\vTObDbn.exe
  2⤵
  PID:5668
- C:\Windows\System\jykqFHk.exe
  C:\Windows\System\jykqFHk.exe
  2⤵
  PID:5692
- C:\Windows\System\KvdDckm.exe
  C:\Windows\System\KvdDckm.exe
  2⤵
  PID:5712
- C:\Windows\System\vgrGXsb.exe
  C:\Windows\System\vgrGXsb.exe
  2⤵
  PID:5736
- C:\Windows\System\iKjXZHG.exe
  C:\Windows\System\iKjXZHG.exe
  2⤵
  PID:5764
- C:\Windows\System\ZQZaRZh.exe
  C:\Windows\System\ZQZaRZh.exe
  2⤵
  PID:5788
- C:\Windows\System\QKFJuHg.exe
  C:\Windows\System\QKFJuHg.exe
  2⤵
  PID:5808
- C:\Windows\System\tYGkrbp.exe
  C:\Windows\System\tYGkrbp.exe
  2⤵
  PID:5840
- C:\Windows\System\qWMbRnx.exe
  C:\Windows\System\qWMbRnx.exe
  2⤵
  PID:5868
- C:\Windows\System\pCBjYTd.exe
  C:\Windows\System\pCBjYTd.exe
  2⤵
  PID:5884
- C:\Windows\System\ASZGqee.exe
  C:\Windows\System\ASZGqee.exe
  2⤵
  PID:5908
- C:\Windows\System\jVLdKJS.exe
  C:\Windows\System\jVLdKJS.exe
  2⤵
  PID:5932
- C:\Windows\System\QmNVeiE.exe
  C:\Windows\System\QmNVeiE.exe
  2⤵
  PID:5956
- C:\Windows\System\HDCqmyF.exe
  C:\Windows\System\HDCqmyF.exe
  2⤵
  PID:5976
- C:\Windows\System\XiIaIAp.exe
  C:\Windows\System\XiIaIAp.exe
  2⤵
  PID:6000
- C:\Windows\System\MPuDOrM.exe
  C:\Windows\System\MPuDOrM.exe
  2⤵
  PID:6028
- C:\Windows\System\aDVoDsF.exe
  C:\Windows\System\aDVoDsF.exe
  2⤵
  PID:6044
- C:\Windows\System\WutCKOu.exe
  C:\Windows\System\WutCKOu.exe
  2⤵
  PID:6068
- C:\Windows\System\satmzbT.exe
  C:\Windows\System\satmzbT.exe
  2⤵
  PID:6092
- C:\Windows\System\cOTddiB.exe
  C:\Windows\System\cOTddiB.exe
  2⤵
  PID:6116
- C:\Windows\System\lTnEHqg.exe
  C:\Windows\System\lTnEHqg.exe
  2⤵
  PID:4176
- C:\Windows\System\MszIzHa.exe
  C:\Windows\System\MszIzHa.exe
  2⤵
  PID:2516
- C:\Windows\System\osOndUZ.exe
  C:\Windows\System\osOndUZ.exe
  2⤵
  PID:5152
- C:\Windows\System\vWpZcEU.exe
  C:\Windows\System\vWpZcEU.exe
  2⤵
  PID:1784
- C:\Windows\System\MjTFuWI.exe
  C:\Windows\System\MjTFuWI.exe
  2⤵
  PID:2908
- C:\Windows\System\SrLwXVs.exe
  C:\Windows\System\SrLwXVs.exe
  2⤵
  PID:5212
- C:\Windows\System\bjkVUEz.exe
  C:\Windows\System\bjkVUEz.exe
  2⤵
  PID:2060
- C:\Windows\System\fTdKjzH.exe
  C:\Windows\System\fTdKjzH.exe
  2⤵
  PID:5196
- C:\Windows\System\ApRFjCf.exe
  C:\Windows\System\ApRFjCf.exe
  2⤵
  PID:4204
- C:\Windows\System\IcMjaPp.exe
  C:\Windows\System\IcMjaPp.exe
  2⤵
  PID:5284
- C:\Windows\System\KMZITWt.exe
  C:\Windows\System\KMZITWt.exe
  2⤵
  PID:5648
- C:\Windows\System\JcPJSyv.exe
  C:\Windows\System\JcPJSyv.exe
  2⤵
  PID:5396
- C:\Windows\System\svBzINW.exe
  C:\Windows\System\svBzINW.exe
  2⤵
  PID:5456
- C:\Windows\System\DIAjZXk.exe
  C:\Windows\System\DIAjZXk.exe
  2⤵
  PID:5356
- C:\Windows\System\mYYjyLi.exe
  C:\Windows\System\mYYjyLi.exe
  2⤵
  PID:5608
- C:\Windows\System\hgvnclg.exe
  C:\Windows\System\hgvnclg.exe
  2⤵
  PID:5732
- C:\Windows\System\DkJadda.exe
  C:\Windows\System\DkJadda.exe
  2⤵
  PID:5516
- C:\Windows\System\redPkck.exe
  C:\Windows\System\redPkck.exe
  2⤵
  PID:5564
- C:\Windows\System\AfEstoy.exe
  C:\Windows\System\AfEstoy.exe
  2⤵
  PID:5856
- C:\Windows\System\ApTIpIt.exe
  C:\Windows\System\ApTIpIt.exe
  2⤵
  PID:5720
- C:\Windows\System\Fsxfyaq.exe
  C:\Windows\System\Fsxfyaq.exe
  2⤵
  PID:5896
- C:\Windows\System\wClFyJy.exe
  C:\Windows\System\wClFyJy.exe
  2⤵
  PID:1388
- C:\Windows\System\yMvsihE.exe
  C:\Windows\System\yMvsihE.exe
  2⤵
  PID:6164
- C:\Windows\System\sHGFoUb.exe
  C:\Windows\System\sHGFoUb.exe
  2⤵
  PID:6196
- C:\Windows\System\CNgtmDf.exe
  C:\Windows\System\CNgtmDf.exe
  2⤵
  PID:6216
- C:\Windows\System\DcQeAUB.exe
  C:\Windows\System\DcQeAUB.exe
  2⤵
  PID:6244
- C:\Windows\System\nRBWCMM.exe
  C:\Windows\System\nRBWCMM.exe
  2⤵
  PID:6264
- C:\Windows\System\CCqSTjr.exe
  C:\Windows\System\CCqSTjr.exe
  2⤵
  PID:6288
- C:\Windows\System\zgqSLZF.exe
  C:\Windows\System\zgqSLZF.exe
  2⤵
  PID:6316
- C:\Windows\System\wjkzbqO.exe
  C:\Windows\System\wjkzbqO.exe
  2⤵
  PID:6336
- C:\Windows\System\ceWISPl.exe
  C:\Windows\System\ceWISPl.exe
  2⤵
  PID:6368
- C:\Windows\System\JkCjpbC.exe
  C:\Windows\System\JkCjpbC.exe
  2⤵
  PID:6392
- C:\Windows\System\AysUIAd.exe
  C:\Windows\System\AysUIAd.exe
  2⤵
  PID:6412
- C:\Windows\System\PWEVGMA.exe
  C:\Windows\System\PWEVGMA.exe
  2⤵
  PID:6432
- C:\Windows\System\VYrcwBB.exe
  C:\Windows\System\VYrcwBB.exe
  2⤵
  PID:6456
- C:\Windows\System\ndYsyYO.exe
  C:\Windows\System\ndYsyYO.exe
  2⤵
  PID:6480
- C:\Windows\System\NdtPzrz.exe
  C:\Windows\System\NdtPzrz.exe
  2⤵
  PID:6500
- C:\Windows\System\zQChDDd.exe
  C:\Windows\System\zQChDDd.exe
  2⤵
  PID:6524
- C:\Windows\System\ondUfDk.exe
  C:\Windows\System\ondUfDk.exe
  2⤵
  PID:6548
- C:\Windows\System\rouwrXo.exe
  C:\Windows\System\rouwrXo.exe
  2⤵
  PID:6564
- C:\Windows\System\QXXALAe.exe
  C:\Windows\System\QXXALAe.exe
  2⤵
  PID:6592
- C:\Windows\System\PGdhbLy.exe
  C:\Windows\System\PGdhbLy.exe
  2⤵
  PID:6616
- C:\Windows\System\xmhHost.exe
  C:\Windows\System\xmhHost.exe
  2⤵
  PID:6648
- C:\Windows\System\mAOiwtL.exe
  C:\Windows\System\mAOiwtL.exe
  2⤵
  PID:6668
- C:\Windows\System\FrwLisG.exe
  C:\Windows\System\FrwLisG.exe
  2⤵
  PID:6692
- C:\Windows\System\EOfxMuu.exe
  C:\Windows\System\EOfxMuu.exe
  2⤵
  PID:6724
- C:\Windows\System\GIcFMlh.exe
  C:\Windows\System\GIcFMlh.exe
  2⤵
  PID:6756
- C:\Windows\System\JfMduCX.exe
  C:\Windows\System\JfMduCX.exe
  2⤵
  PID:6780
- C:\Windows\System\XTvkCiP.exe
  C:\Windows\System\XTvkCiP.exe
  2⤵
  PID:6800
- C:\Windows\System\lVzvhpd.exe
  C:\Windows\System\lVzvhpd.exe
  2⤵
  PID:6820
- C:\Windows\System\nqIEJee.exe
  C:\Windows\System\nqIEJee.exe
  2⤵
  PID:6844
- C:\Windows\System\HpvtdQN.exe
  C:\Windows\System\HpvtdQN.exe
  2⤵
  PID:6864
- C:\Windows\System\vcSCOwy.exe
  C:\Windows\System\vcSCOwy.exe
  2⤵
  PID:6884
- C:\Windows\System\EpoQYcw.exe
  C:\Windows\System\EpoQYcw.exe
  2⤵
  PID:6908
- C:\Windows\System\TafIwyG.exe
  C:\Windows\System\TafIwyG.exe
  2⤵
  PID:6924
- C:\Windows\System\WOTMCIy.exe
  C:\Windows\System\WOTMCIy.exe
  2⤵
  PID:6952
- C:\Windows\System\yaQvHSu.exe
  C:\Windows\System\yaQvHSu.exe
  2⤵
  PID:6976
- C:\Windows\System\TIZYBor.exe
  C:\Windows\System\TIZYBor.exe
  2⤵
  PID:6996
- C:\Windows\System\OHjBSbq.exe
  C:\Windows\System\OHjBSbq.exe
  2⤵
  PID:7016
- C:\Windows\System\zvAIhYm.exe
  C:\Windows\System\zvAIhYm.exe
  2⤵
  PID:7040
- C:\Windows\System\NZLsjoX.exe
  C:\Windows\System\NZLsjoX.exe
  2⤵
  PID:7064
- C:\Windows\System\RRzysFZ.exe
  C:\Windows\System\RRzysFZ.exe
  2⤵
  PID:7084
- C:\Windows\System\EnmNlqq.exe
  C:\Windows\System\EnmNlqq.exe
  2⤵
  PID:7104
- C:\Windows\System\merbrNT.exe
  C:\Windows\System\merbrNT.exe
  2⤵
  PID:7120
- C:\Windows\System\xpoDpSc.exe
  C:\Windows\System\xpoDpSc.exe
  2⤵
  PID:7144
- C:\Windows\System\ALsJdhk.exe
  C:\Windows\System\ALsJdhk.exe
  2⤵
  PID:6024
- C:\Windows\System\KPPKOCv.exe
  C:\Windows\System\KPPKOCv.exe
  2⤵
  PID:6040
- C:\Windows\System\MqLxAbU.exe
  C:\Windows\System\MqLxAbU.exe
  2⤵
  PID:5632
- C:\Windows\System\STcznii.exe
  C:\Windows\System\STcznii.exe
  2⤵
  PID:5948
- C:\Windows\System\PresDEe.exe
  C:\Windows\System\PresDEe.exe
  2⤵
  PID:5996
- C:\Windows\System\CJSimOo.exe
  C:\Windows\System\CJSimOo.exe
  2⤵
  PID:6172
- C:\Windows\System\qxbTxXA.exe
  C:\Windows\System\qxbTxXA.exe
  2⤵
  PID:5828
- C:\Windows\System\HZkoLqT.exe
  C:\Windows\System\HZkoLqT.exe
  2⤵
  PID:6124
- C:\Windows\System\pDjRhYW.exe
  C:\Windows\System\pDjRhYW.exe
  2⤵
  PID:3472
- C:\Windows\System\dgRnwZr.exe
  C:\Windows\System\dgRnwZr.exe
  2⤵
  PID:3944
- C:\Windows\System\PQZhKlQ.exe
  C:\Windows\System\PQZhKlQ.exe
  2⤵
  PID:5180
- C:\Windows\System\gmtllWU.exe
  C:\Windows\System\gmtllWU.exe
  2⤵
  PID:6556
- C:\Windows\System\pCgTiwI.exe
  C:\Windows\System\pCgTiwI.exe
  2⤵
  PID:5308
- C:\Windows\System\IDwOEIz.exe
  C:\Windows\System\IDwOEIz.exe
  2⤵
  PID:6272
- C:\Windows\System\iwlOEVt.exe
  C:\Windows\System\iwlOEVt.exe
  2⤵
  PID:5472
- C:\Windows\System\LxcBxpb.exe
  C:\Windows\System\LxcBxpb.exe
  2⤵
  PID:6308
- C:\Windows\System\OprVYrh.exe
  C:\Windows\System\OprVYrh.exe
  2⤵
  PID:6332
- C:\Windows\System\sxdXSjt.exe
  C:\Windows\System\sxdXSjt.exe
  2⤵
  PID:6132
- C:\Windows\System\icNSpfe.exe
  C:\Windows\System\icNSpfe.exe
  2⤵
  PID:6508
- C:\Windows\System\ifvCEdg.exe
  C:\Windows\System\ifvCEdg.exe
  2⤵
  PID:6836
- C:\Windows\System\JZTBBzp.exe
  C:\Windows\System\JZTBBzp.exe
  2⤵
  PID:6860
- C:\Windows\System\cFqqFPV.exe
  C:\Windows\System\cFqqFPV.exe
  2⤵
  PID:6944
- C:\Windows\System\ArQeHTj.exe
  C:\Windows\System\ArQeHTj.exe
  2⤵
  PID:7012
- C:\Windows\System\hXBoJqj.exe
  C:\Windows\System\hXBoJqj.exe
  2⤵
  PID:7128
- C:\Windows\System\oYltdSH.exe
  C:\Windows\System\oYltdSH.exe
  2⤵
  PID:7192
- C:\Windows\System\cwmEnNh.exe
  C:\Windows\System\cwmEnNh.exe
  2⤵
  PID:7216
- C:\Windows\System\cyHuuhB.exe
  C:\Windows\System\cyHuuhB.exe
  2⤵
  PID:7236
- C:\Windows\System\JhWsdYq.exe
  C:\Windows\System\JhWsdYq.exe
  2⤵
  PID:7256
- C:\Windows\System\bxvkftT.exe
  C:\Windows\System\bxvkftT.exe
  2⤵
  PID:7280
- C:\Windows\System\dyJdDuw.exe
  C:\Windows\System\dyJdDuw.exe
  2⤵
  PID:7312
- C:\Windows\System\LtqVktd.exe
  C:\Windows\System\LtqVktd.exe
  2⤵
  PID:7336
- C:\Windows\System\Osgypxp.exe
  C:\Windows\System\Osgypxp.exe
  2⤵
  PID:7368
- C:\Windows\System\bqkNxdK.exe
  C:\Windows\System\bqkNxdK.exe
  2⤵
  PID:7396
- C:\Windows\System\sUxzTXR.exe
  C:\Windows\System\sUxzTXR.exe
  2⤵
  PID:7416
- C:\Windows\System\MDPJfbE.exe
  C:\Windows\System\MDPJfbE.exe
  2⤵
  PID:7440
- C:\Windows\System\vCGZsxW.exe
  C:\Windows\System\vCGZsxW.exe
  2⤵
  PID:7464
- C:\Windows\System\iMMPSvf.exe
  C:\Windows\System\iMMPSvf.exe
  2⤵
  PID:7488
- C:\Windows\System\PiKQUXC.exe
  C:\Windows\System\PiKQUXC.exe
  2⤵
  PID:7508
- C:\Windows\System\PdGjczo.exe
  C:\Windows\System\PdGjczo.exe
  2⤵
  PID:7532
- C:\Windows\System\jxkRCIE.exe
  C:\Windows\System\jxkRCIE.exe
  2⤵
  PID:7556
- C:\Windows\System\uNSBNxi.exe
  C:\Windows\System\uNSBNxi.exe
  2⤵
  PID:7680
- C:\Windows\System\fvBNskr.exe
  C:\Windows\System\fvBNskr.exe
  2⤵
  PID:7732
- C:\Windows\System\Shbpklk.exe
  C:\Windows\System\Shbpklk.exe
  2⤵
  PID:7748
- C:\Windows\System\GgabCwa.exe
  C:\Windows\System\GgabCwa.exe
  2⤵
  PID:7764
- C:\Windows\System\OSHWyDD.exe
  C:\Windows\System\OSHWyDD.exe
  2⤵
  PID:7784
- C:\Windows\System\RfGdNwe.exe
  C:\Windows\System\RfGdNwe.exe
  2⤵
  PID:7808
- C:\Windows\System\BQZcCEO.exe
  C:\Windows\System\BQZcCEO.exe
  2⤵
  PID:7828
- C:\Windows\System\KpKKqXU.exe
  C:\Windows\System\KpKKqXU.exe
  2⤵
  PID:7852
- C:\Windows\System\rBJJNyX.exe
  C:\Windows\System\rBJJNyX.exe
  2⤵
  PID:7872
- C:\Windows\System\PaCUQMv.exe
  C:\Windows\System\PaCUQMv.exe
  2⤵
  PID:7896
- C:\Windows\System\WbpHTfg.exe
  C:\Windows\System\WbpHTfg.exe
  2⤵
  PID:7916
- C:\Windows\System\TkIdVOQ.exe
  C:\Windows\System\TkIdVOQ.exe
  2⤵
  PID:7940
- C:\Windows\System\TdZgOjb.exe
  C:\Windows\System\TdZgOjb.exe
  2⤵
  PID:7964
- C:\Windows\System\JBWlzKw.exe
  C:\Windows\System\JBWlzKw.exe
  2⤵
  PID:7988
- C:\Windows\System\MmXOvPx.exe
  C:\Windows\System\MmXOvPx.exe
  2⤵
  PID:8012
- C:\Windows\System\pSOjLfr.exe
  C:\Windows\System\pSOjLfr.exe
  2⤵
  PID:8032
- C:\Windows\System\tvwthGw.exe
  C:\Windows\System\tvwthGw.exe
  2⤵
  PID:8060
- C:\Windows\System\tSTabhH.exe
  C:\Windows\System\tSTabhH.exe
  2⤵
  PID:8092
- C:\Windows\System\kzDYQEs.exe
  C:\Windows\System\kzDYQEs.exe
  2⤵
  PID:8120
- C:\Windows\System\wKVfDom.exe
  C:\Windows\System\wKVfDom.exe
  2⤵
  PID:8136
- C:\Windows\System\ktrdiLE.exe
  C:\Windows\System\ktrdiLE.exe
  2⤵
  PID:8164
- C:\Windows\System\LCbIdNr.exe
  C:\Windows\System\LCbIdNr.exe
  2⤵
  PID:6384
- C:\Windows\System\jJnRvhz.exe
  C:\Windows\System\jJnRvhz.exe
  2⤵
  PID:7160
- C:\Windows\System\uoDwyVk.exe
  C:\Windows\System\uoDwyVk.exe
  2⤵
  PID:6064
- C:\Windows\System\fIxhBgb.exe
  C:\Windows\System\fIxhBgb.exe
  2⤵
  PID:5944
- C:\Windows\System\eZeRGDY.exe
  C:\Windows\System\eZeRGDY.exe
  2⤵
  PID:6516
- C:\Windows\System\myXvHcH.exe
  C:\Windows\System\myXvHcH.exe
  2⤵
  PID:6584
- C:\Windows\System\nxmVZNy.exe
  C:\Windows\System\nxmVZNy.exe
  2⤵
  PID:6632
- C:\Windows\System\sMQKPoA.exe
  C:\Windows\System\sMQKPoA.exe
  2⤵
  PID:7024
- C:\Windows\System\tqTCoob.exe
  C:\Windows\System\tqTCoob.exe
  2⤵
  PID:7212
- C:\Windows\System\ACNIZbf.exe
  C:\Windows\System\ACNIZbf.exe
  2⤵
  PID:6744
- C:\Windows\System\IZyKfBS.exe
  C:\Windows\System\IZyKfBS.exe
  2⤵
  PID:3568
- C:\Windows\System\mpSmBSl.exe
  C:\Windows\System\mpSmBSl.exe
  2⤵
  PID:5184
- C:\Windows\System\leEBgXx.exe
  C:\Windows\System\leEBgXx.exe
  2⤵
  PID:6892
- C:\Windows\System\yCdLRKR.exe
  C:\Windows\System\yCdLRKR.exe
  2⤵
  PID:5916
- C:\Windows\System\XbVSMjM.exe
  C:\Windows\System\XbVSMjM.exe
  2⤵
  PID:6572
- C:\Windows\System\oodNVVL.exe
  C:\Windows\System\oodNVVL.exe
  2⤵
  PID:6904
- C:\Windows\System\NJBVwbX.exe
  C:\Windows\System\NJBVwbX.exe
  2⤵
  PID:7100
- C:\Windows\System\KnOZkVF.exe
  C:\Windows\System\KnOZkVF.exe
  2⤵
  PID:7136
- C:\Windows\System\ETBStXo.exe
  C:\Windows\System\ETBStXo.exe
  2⤵
  PID:5592
- C:\Windows\System\EphWhCd.exe
  C:\Windows\System\EphWhCd.exe
  2⤵
  PID:6160
- C:\Windows\System\tUcgewY.exe
  C:\Windows\System\tUcgewY.exe
  2⤵
  PID:3028
- C:\Windows\System\KJdlbCA.exe
  C:\Windows\System\KJdlbCA.exe
  2⤵
  PID:5584
- C:\Windows\System\mBhJnJP.exe
  C:\Windows\System\mBhJnJP.exe
  2⤵
  PID:6664
- C:\Windows\System\TVjrPUw.exe
  C:\Windows\System\TVjrPUw.exe
  2⤵
  PID:7528
- C:\Windows\System\mZtXEWU.exe
  C:\Windows\System\mZtXEWU.exe
  2⤵
  PID:8224
- C:\Windows\System\MHGCmmA.exe
  C:\Windows\System\MHGCmmA.exe
  2⤵
  PID:8252
- C:\Windows\System\kOMYyHb.exe
  C:\Windows\System\kOMYyHb.exe
  2⤵
  PID:8280
- C:\Windows\System\sXWFvNP.exe
  C:\Windows\System\sXWFvNP.exe
  2⤵
  PID:8308
- C:\Windows\System\iSFbkoK.exe
  C:\Windows\System\iSFbkoK.exe
  2⤵
  PID:8328
- C:\Windows\System\PqFJLCT.exe
  C:\Windows\System\PqFJLCT.exe
  2⤵
  PID:8356
- C:\Windows\System\tZGVUhs.exe
  C:\Windows\System\tZGVUhs.exe
  2⤵
  PID:8376
- C:\Windows\System\PXMbuyN.exe
  C:\Windows\System\PXMbuyN.exe
  2⤵
  PID:8400
- C:\Windows\System\CVsSxqo.exe
  C:\Windows\System\CVsSxqo.exe
  2⤵
  PID:8428
- C:\Windows\System\rxjTITi.exe
  C:\Windows\System\rxjTITi.exe
  2⤵
  PID:8464
- C:\Windows\System\WfKWmZp.exe
  C:\Windows\System\WfKWmZp.exe
  2⤵
  PID:8484
- C:\Windows\System\JgtZGar.exe
  C:\Windows\System\JgtZGar.exe
  2⤵
  PID:8504
- C:\Windows\System\IBqwMDs.exe
  C:\Windows\System\IBqwMDs.exe
  2⤵
  PID:8532
- C:\Windows\System\nKgrjQi.exe
  C:\Windows\System\nKgrjQi.exe
  2⤵
  PID:8564
- C:\Windows\System\zVfvvvj.exe
  C:\Windows\System\zVfvvvj.exe
  2⤵
  PID:8588
- C:\Windows\System\WGNUFZZ.exe
  C:\Windows\System\WGNUFZZ.exe
  2⤵
  PID:8604
- C:\Windows\System\KIEgvcz.exe
  C:\Windows\System\KIEgvcz.exe
  2⤵
  PID:8620
- C:\Windows\System\PeyNmka.exe
  C:\Windows\System\PeyNmka.exe
  2⤵
  PID:8668
- C:\Windows\System\QUervqC.exe
  C:\Windows\System\QUervqC.exe
  2⤵
  PID:8692
- C:\Windows\System\EKPsrbc.exe
  C:\Windows\System\EKPsrbc.exe
  2⤵
  PID:8720
- C:\Windows\System\ZtTpLbh.exe
  C:\Windows\System\ZtTpLbh.exe
  2⤵
  PID:8748
- C:\Windows\System\APbuWYs.exe
  C:\Windows\System\APbuWYs.exe
  2⤵
  PID:8792
- C:\Windows\System\KFsWbOR.exe
  C:\Windows\System\KFsWbOR.exe
  2⤵
  PID:8808
- C:\Windows\System\lqqIDeg.exe
  C:\Windows\System\lqqIDeg.exe
  2⤵
  PID:8832
- C:\Windows\System\UIVyUmZ.exe
  C:\Windows\System\UIVyUmZ.exe
  2⤵
  PID:8856
- C:\Windows\System\RILSTGe.exe
  C:\Windows\System\RILSTGe.exe
  2⤵
  PID:8880
- C:\Windows\System\xbaWqGF.exe
  C:\Windows\System\xbaWqGF.exe
  2⤵
  PID:8896
- C:\Windows\System\YvfZLjb.exe
  C:\Windows\System\YvfZLjb.exe
  2⤵
  PID:8916
- C:\Windows\System\xXmORVU.exe
  C:\Windows\System\xXmORVU.exe
  2⤵
  PID:8940
- C:\Windows\System\ieeDXks.exe
  C:\Windows\System\ieeDXks.exe
  2⤵
  PID:8960
- C:\Windows\System\XEngxsF.exe
  C:\Windows\System\XEngxsF.exe
  2⤵
  PID:8988
- C:\Windows\System\AqIhIVS.exe
  C:\Windows\System\AqIhIVS.exe
  2⤵
  PID:9008
- C:\Windows\System\HHdXPTs.exe
  C:\Windows\System\HHdXPTs.exe
  2⤵
  PID:9032
- C:\Windows\System\ZlztZjZ.exe
  C:\Windows\System\ZlztZjZ.exe
  2⤵
  PID:9060
- C:\Windows\System\BXGECUB.exe
  C:\Windows\System\BXGECUB.exe
  2⤵
  PID:9076
- C:\Windows\System\TpLTeeD.exe
  C:\Windows\System\TpLTeeD.exe
  2⤵
  PID:9104
- C:\Windows\System\qhxMzaF.exe
  C:\Windows\System\qhxMzaF.exe
  2⤵
  PID:9124
- C:\Windows\System\GMdZRCG.exe
  C:\Windows\System\GMdZRCG.exe
  2⤵
  PID:7344
- C:\Windows\System\HFnXBMc.exe
  C:\Windows\System\HFnXBMc.exe
  2⤵
  PID:8200
- C:\Windows\System\xiJtuvY.exe
  C:\Windows\System\xiJtuvY.exe
  2⤵
  PID:7408
- C:\Windows\System\mEsSVpH.exe
  C:\Windows\System\mEsSVpH.exe
  2⤵
  PID:7248
- C:\Windows\System\HKUSfuR.exe
  C:\Windows\System\HKUSfuR.exe
  2⤵
  PID:5612
- C:\Windows\System\onYWSqI.exe
  C:\Windows\System\onYWSqI.exe
  2⤵
  PID:7904
- C:\Windows\System\tISFWkd.exe
  C:\Windows\System\tISFWkd.exe
  2⤵
  PID:8004
- C:\Windows\System\blwHKSl.exe
  C:\Windows\System\blwHKSl.exe
  2⤵
  PID:7624
- C:\Windows\System\iCSaBZj.exe
  C:\Windows\System\iCSaBZj.exe
  2⤵
  PID:8112
- C:\Windows\System\DWDSMmg.exe
  C:\Windows\System\DWDSMmg.exe
  2⤵
  PID:6424
- C:\Windows\System\jmbRJwa.exe
  C:\Windows\System\jmbRJwa.exe
  2⤵
  PID:6828
- C:\Windows\System\ntdeDop.exe
  C:\Windows\System\ntdeDop.exe
  2⤵
  PID:7188
- C:\Windows\System\BRIslYk.exe
  C:\Windows\System\BRIslYk.exe
  2⤵
  PID:6900
- C:\Windows\System\RLVotya.exe
  C:\Windows\System\RLVotya.exe
  2⤵
  PID:7412
- C:\Windows\System\lOdbXMP.exe
  C:\Windows\System\lOdbXMP.exe
  2⤵
  PID:8800
- C:\Windows\System\ysVfTAg.exe
  C:\Windows\System\ysVfTAg.exe
  2⤵
  PID:8208
- C:\Windows\System\ysEOvya.exe
  C:\Windows\System\ysEOvya.exe
  2⤵
  PID:8912
- C:\Windows\System\xrFbApu.exe
  C:\Windows\System\xrFbApu.exe
  2⤵
  PID:7744
- C:\Windows\System\DfJEnYm.exe
  C:\Windows\System\DfJEnYm.exe
  2⤵
  PID:7776
- C:\Windows\System\GafjVOZ.exe
  C:\Windows\System\GafjVOZ.exe
  2⤵
  PID:8272
- C:\Windows\System\xkvLOij.exe
  C:\Windows\System\xkvLOij.exe
  2⤵
  PID:7928
- C:\Windows\System\ySlJgwN.exe
  C:\Windows\System\ySlJgwN.exe
  2⤵
  PID:8024
- C:\Windows\System\VlDPfqy.exe
  C:\Windows\System\VlDPfqy.exe
  2⤵
  PID:9084
- C:\Windows\System\nkErVss.exe
  C:\Windows\System\nkErVss.exe
  2⤵
  PID:8444
- C:\Windows\System\SGmedvq.exe
  C:\Windows\System\SGmedvq.exe
  2⤵
  PID:8480
- C:\Windows\System\VVYjzSp.exe
  C:\Windows\System\VVYjzSp.exe
  2⤵
  PID:8540
- C:\Windows\System\KqBjYnv.exe
  C:\Windows\System\KqBjYnv.exe
  2⤵
  PID:6400
- C:\Windows\System\bILIReR.exe
  C:\Windows\System\bILIReR.exe
  2⤵
  PID:6532
- C:\Windows\System\bxMaXqI.exe
  C:\Windows\System\bxMaXqI.exe
  2⤵
  PID:9240
- C:\Windows\System\VKdzfjX.exe
  C:\Windows\System\VKdzfjX.exe
  2⤵
  PID:9268
- C:\Windows\System\vYfQLQk.exe
  C:\Windows\System\vYfQLQk.exe
  2⤵
  PID:9288
- C:\Windows\System\euzpICf.exe
  C:\Windows\System\euzpICf.exe
  2⤵
  PID:9316
- C:\Windows\System\kIqQARJ.exe
  C:\Windows\System\kIqQARJ.exe
  2⤵
  PID:9344
- C:\Windows\System\RfOjoqR.exe
  C:\Windows\System\RfOjoqR.exe
  2⤵
  PID:9368
- C:\Windows\System\gWnAsGe.exe
  C:\Windows\System\gWnAsGe.exe
  2⤵
  PID:9400
- C:\Windows\System\qKPWEuz.exe
  C:\Windows\System\qKPWEuz.exe
  2⤵
  PID:9428
- C:\Windows\System\XwDIpml.exe
  C:\Windows\System\XwDIpml.exe
  2⤵
  PID:9444
- C:\Windows\System\KravyDx.exe
  C:\Windows\System\KravyDx.exe
  2⤵
  PID:9472
- C:\Windows\System\jaWJPwu.exe
  C:\Windows\System\jaWJPwu.exe
  2⤵
  PID:9508
- C:\Windows\System\JTkuVxY.exe
  C:\Windows\System\JTkuVxY.exe
  2⤵
  PID:9532
- C:\Windows\System\LBcoLPz.exe
  C:\Windows\System\LBcoLPz.exe
  2⤵
  PID:9556
- C:\Windows\System\PzlwCGu.exe
  C:\Windows\System\PzlwCGu.exe
  2⤵
  PID:9580
- C:\Windows\System\gYHKbqP.exe
  C:\Windows\System\gYHKbqP.exe
  2⤵
  PID:9604
- C:\Windows\System\Hxionyh.exe
  C:\Windows\System\Hxionyh.exe
  2⤵
  PID:9632
- C:\Windows\System\RwezBZG.exe
  C:\Windows\System\RwezBZG.exe
  2⤵
  PID:9668
- C:\Windows\System\yEfXfGQ.exe
  C:\Windows\System\yEfXfGQ.exe
  2⤵
  PID:9696
- C:\Windows\System\NlQLXxI.exe
  C:\Windows\System\NlQLXxI.exe
  2⤵
  PID:9728
- C:\Windows\System\tsDPSpU.exe
  C:\Windows\System\tsDPSpU.exe
  2⤵
  PID:9752
- C:\Windows\System\SxwssdK.exe
  C:\Windows\System\SxwssdK.exe
  2⤵
  PID:9776
- C:\Windows\System\mUCBOMC.exe
  C:\Windows\System\mUCBOMC.exe
  2⤵
  PID:9804
- C:\Windows\System\iTnpXxK.exe
  C:\Windows\System\iTnpXxK.exe
  2⤵
  PID:9828
- C:\Windows\System\WkBebeS.exe
  C:\Windows\System\WkBebeS.exe
  2⤵
  PID:9852
- C:\Windows\System\DyMYFlN.exe
  C:\Windows\System\DyMYFlN.exe
  2⤵
  PID:9876
- C:\Windows\System\WaNoQsW.exe
  C:\Windows\System\WaNoQsW.exe
  2⤵
  PID:9900
- C:\Windows\System\xQlSihp.exe
  C:\Windows\System\xQlSihp.exe
  2⤵
  PID:9924
- C:\Windows\System\DhMyuMO.exe
  C:\Windows\System\DhMyuMO.exe
  2⤵
  PID:9944
- C:\Windows\System\HBRNmYw.exe
  C:\Windows\System\HBRNmYw.exe
  2⤵
  PID:9968
- C:\Windows\System\RlZWaDr.exe
  C:\Windows\System\RlZWaDr.exe
  2⤵
  PID:9996
- C:\Windows\System\abFnwBq.exe
  C:\Windows\System\abFnwBq.exe
  2⤵
  PID:10016
- C:\Windows\System\vzknJxG.exe
  C:\Windows\System\vzknJxG.exe
  2⤵
  PID:10036
- C:\Windows\System\VvgyoAE.exe
  C:\Windows\System\VvgyoAE.exe
  2⤵
  PID:10064
- C:\Windows\System\zBAYQHT.exe
  C:\Windows\System\zBAYQHT.exe
  2⤵
  PID:10088
- C:\Windows\System\bRrLIaX.exe
  C:\Windows\System\bRrLIaX.exe
  2⤵
  PID:10108
- C:\Windows\System\IFuoulu.exe
  C:\Windows\System\IFuoulu.exe
  2⤵
  PID:10128
- C:\Windows\System\VSJnmLE.exe
  C:\Windows\System\VSJnmLE.exe
  2⤵
  PID:10152
- C:\Windows\System\snxlHKP.exe
  C:\Windows\System\snxlHKP.exe
  2⤵
  PID:10176
- C:\Windows\System\uLGWOCb.exe
  C:\Windows\System\uLGWOCb.exe
  2⤵
  PID:10200
- C:\Windows\System\HJZozad.exe
  C:\Windows\System\HJZozad.exe
  2⤵
  PID:10232
- C:\Windows\System\zucHhHF.exe
  C:\Windows\System\zucHhHF.exe
  2⤵
  PID:8736
- C:\Windows\System\XDbiNSY.exe
  C:\Windows\System\XDbiNSY.exe
  2⤵
  PID:6496
- C:\Windows\System\bOPhkMd.exe
  C:\Windows\System\bOPhkMd.exe
  2⤵
  PID:8928
- C:\Windows\System\UtrewcT.exe
  C:\Windows\System\UtrewcT.exe
  2⤵
  PID:8976
- C:\Windows\System\uwKrGwH.exe
  C:\Windows\System\uwKrGwH.exe
  2⤵
  PID:7824
- C:\Windows\System\nVYLkTo.exe
  C:\Windows\System\nVYLkTo.exe
  2⤵
  PID:9044
- C:\Windows\System\XkdiHml.exe
  C:\Windows\System\XkdiHml.exe
  2⤵
  PID:6688
- C:\Windows\System\VfvSQQh.exe
  C:\Windows\System\VfvSQQh.exe
  2⤵
  PID:3900
- C:\Windows\System\ZHaDXGI.exe
  C:\Windows\System\ZHaDXGI.exe
  2⤵
  PID:7716
- C:\Windows\System\gtrJbKm.exe
  C:\Windows\System\gtrJbKm.exe
  2⤵
  PID:8368
- C:\Windows\System\LxkMZPu.exe
  C:\Windows\System\LxkMZPu.exe
  2⤵
  PID:8612
- C:\Windows\System\BLIIZTy.exe
  C:\Windows\System\BLIIZTy.exe
  2⤵
  PID:8388
- C:\Windows\System\AvIHRcb.exe
  C:\Windows\System\AvIHRcb.exe
  2⤵
  PID:8524
- C:\Windows\System\yBRERPu.exe
  C:\Windows\System\yBRERPu.exe
  2⤵
  PID:9232
- C:\Windows\System\czvxBFW.exe
  C:\Windows\System\czvxBFW.exe
  2⤵
  PID:9208
- C:\Windows\System\pucVOKy.exe
  C:\Windows\System\pucVOKy.exe
  2⤵
  PID:9388
- C:\Windows\System\TXBdxAK.exe
  C:\Windows\System\TXBdxAK.exe
  2⤵
  PID:9440
- C:\Windows\System\yJmyGzj.exe
  C:\Windows\System\yJmyGzj.exe
  2⤵
  PID:7912
- C:\Windows\System\lnxfzaR.exe
  C:\Windows\System\lnxfzaR.exe
  2⤵
  PID:8888
- C:\Windows\System\WoffEfb.exe
  C:\Windows\System\WoffEfb.exe
  2⤵
  PID:9588
- C:\Windows\System\IvqceCz.exe
  C:\Windows\System\IvqceCz.exe
  2⤵
  PID:9624
- C:\Windows\System\nIWBYrc.exe
  C:\Windows\System\nIWBYrc.exe
  2⤵
  PID:7252
- C:\Windows\System\fTZJsAW.exe
  C:\Windows\System\fTZJsAW.exe
  2⤵
  PID:9768
- C:\Windows\System\niORbiE.exe
  C:\Windows\System\niORbiE.exe
  2⤵
  PID:9864
- C:\Windows\System\puaylre.exe
  C:\Windows\System\puaylre.exe
  2⤵
  PID:10264
- C:\Windows\System\LKkXylz.exe
  C:\Windows\System\LKkXylz.exe
  2⤵
  PID:10288
- C:\Windows\System\lAROgdk.exe
  C:\Windows\System\lAROgdk.exe
  2⤵
  PID:10316
- C:\Windows\System\iuqYbfJ.exe
  C:\Windows\System\iuqYbfJ.exe
  2⤵
  PID:10344
- C:\Windows\System\RaxKFHT.exe
  C:\Windows\System\RaxKFHT.exe
  2⤵
  PID:10364
- C:\Windows\System\gQmHKrv.exe
  C:\Windows\System\gQmHKrv.exe
  2⤵
  PID:10388
- C:\Windows\System\PSFbxkc.exe
  C:\Windows\System\PSFbxkc.exe
  2⤵
  PID:10408
- C:\Windows\System\RWedRTY.exe
  C:\Windows\System\RWedRTY.exe
  2⤵
  PID:10428
- C:\Windows\System\mVQxrOS.exe
  C:\Windows\System\mVQxrOS.exe
  2⤵
  PID:10452
- C:\Windows\System\sEAmEMS.exe
  C:\Windows\System\sEAmEMS.exe
  2⤵
  PID:10480
- C:\Windows\System\ARnMizX.exe
  C:\Windows\System\ARnMizX.exe
  2⤵
  PID:10504
- C:\Windows\System\YFNKxWz.exe
  C:\Windows\System\YFNKxWz.exe
  2⤵
  PID:10524
- C:\Windows\System\EINaOFd.exe
  C:\Windows\System\EINaOFd.exe
  2⤵
  PID:10544
- C:\Windows\System\OMuxDNj.exe
  C:\Windows\System\OMuxDNj.exe
  2⤵
  PID:10572
- C:\Windows\System\yCAKwty.exe
  C:\Windows\System\yCAKwty.exe
  2⤵
  PID:10596
- C:\Windows\System\sgEMcMu.exe
  C:\Windows\System\sgEMcMu.exe
  2⤵
  PID:10624
- C:\Windows\System\rOvYBfQ.exe
  C:\Windows\System\rOvYBfQ.exe
  2⤵
  PID:10660
- C:\Windows\System\tsJgaRC.exe
  C:\Windows\System\tsJgaRC.exe
  2⤵
  PID:10680
- C:\Windows\System\xUdVABH.exe
  C:\Windows\System\xUdVABH.exe
  2⤵
  PID:10700
- C:\Windows\System\uHFWwhO.exe
  C:\Windows\System\uHFWwhO.exe
  2⤵
  PID:10724
- C:\Windows\System\uooEZJf.exe
  C:\Windows\System\uooEZJf.exe
  2⤵
  PID:10748
- C:\Windows\System\gGpMljO.exe
  C:\Windows\System\gGpMljO.exe
  2⤵
  PID:10764
- C:\Windows\System\bNWiOir.exe
  C:\Windows\System\bNWiOir.exe
  2⤵
  PID:10784
- C:\Windows\System\vHodvOl.exe
  C:\Windows\System\vHodvOl.exe
  2⤵
  PID:10804
- C:\Windows\System\VryCBBq.exe
  C:\Windows\System\VryCBBq.exe
  2⤵
  PID:10824
- C:\Windows\System\EmyXKBv.exe
  C:\Windows\System\EmyXKBv.exe
  2⤵
  PID:10864
- C:\Windows\System\NfvKGgm.exe
  C:\Windows\System\NfvKGgm.exe
  2⤵
  PID:10880
- C:\Windows\System\XgYPyCU.exe
  C:\Windows\System\XgYPyCU.exe
  2⤵
  PID:10904
- C:\Windows\System\dZmgxLA.exe
  C:\Windows\System\dZmgxLA.exe
  2⤵
  PID:10924
- C:\Windows\System\jWsIAnA.exe
  C:\Windows\System\jWsIAnA.exe
  2⤵
  PID:10948
- C:\Windows\System\twZjcoN.exe
  C:\Windows\System\twZjcoN.exe
  2⤵
  PID:10976
- C:\Windows\System\HaDArIC.exe
  C:\Windows\System\HaDArIC.exe
  2⤵
  PID:11004
- C:\Windows\System\tDQYNJt.exe
  C:\Windows\System\tDQYNJt.exe
  2⤵
  PID:11028
- C:\Windows\System\lkooxdR.exe
  C:\Windows\System\lkooxdR.exe
  2⤵
  PID:11056
- C:\Windows\System\voekLSq.exe
  C:\Windows\System\voekLSq.exe
  2⤵
  PID:11080
- C:\Windows\System\DNgWRff.exe
  C:\Windows\System\DNgWRff.exe
  2⤵
  PID:11104
- C:\Windows\System\xUfMtae.exe
  C:\Windows\System\xUfMtae.exe
  2⤵
  PID:11128
- C:\Windows\System\MrPgLvN.exe
  C:\Windows\System\MrPgLvN.exe
  2⤵
  PID:11148
- C:\Windows\System\pFMFxcT.exe
  C:\Windows\System\pFMFxcT.exe
  2⤵
  PID:11172
- C:\Windows\System\kJzCGHk.exe
  C:\Windows\System\kJzCGHk.exe
  2⤵
  PID:11196
- C:\Windows\System\ClFooSs.exe
  C:\Windows\System\ClFooSs.exe
  2⤵
  PID:11224
- C:\Windows\System\rUxYvIV.exe
  C:\Windows\System\rUxYvIV.exe
  2⤵
  PID:11244
- C:\Windows\System\DPkkoZD.exe
  C:\Windows\System\DPkkoZD.exe
  2⤵
  PID:11260
- C:\Windows\System\XVBOKVl.exe
  C:\Windows\System\XVBOKVl.exe
  2⤵
  PID:9072
- C:\Windows\System\YehKWZX.exe
  C:\Windows\System\YehKWZX.exe
  2⤵
  PID:9916
- C:\Windows\System\NTaodNq.exe
  C:\Windows\System\NTaodNq.exe
  2⤵
  PID:9960
- C:\Windows\System\pndtvTr.exe
  C:\Windows\System\pndtvTr.exe
  2⤵
  PID:6088
- C:\Windows\System\xPNtRMS.exe
  C:\Windows\System\xPNtRMS.exe
  2⤵
  PID:10032
- C:\Windows\System\IsIHNUJ.exe
  C:\Windows\System\IsIHNUJ.exe
  2⤵
  PID:8268
- C:\Windows\System\bTTPIEq.exe
  C:\Windows\System\bTTPIEq.exe
  2⤵
  PID:9028
- C:\Windows\System\tPLURHr.exe
  C:\Windows\System\tPLURHr.exe
  2⤵
  PID:8700
- C:\Windows\System\MPRCagY.exe
  C:\Windows\System\MPRCagY.exe
  2⤵
  PID:9256
- C:\Windows\System\mmrupKU.exe
  C:\Windows\System\mmrupKU.exe
  2⤵
  PID:9364
- C:\Windows\System\iyVVvLt.exe
  C:\Windows\System\iyVVvLt.exe
  2⤵
  PID:8344
- C:\Windows\System\zvncCuO.exe
  C:\Windows\System\zvncCuO.exe
  2⤵
  PID:7232
- C:\Windows\System\zkhnOqw.exe
  C:\Windows\System\zkhnOqw.exe
  2⤵
  PID:8496
- C:\Windows\System\hBjmBuk.exe
  C:\Windows\System\hBjmBuk.exe
  2⤵
  PID:3340
- C:\Windows\System\ClmQbpU.exe
  C:\Windows\System\ClmQbpU.exe
  2⤵
  PID:9276
- C:\Windows\System\sgLvrjn.exe
  C:\Windows\System\sgLvrjn.exe
  2⤵
  PID:9744
- C:\Windows\System\iVxlJQL.exe
  C:\Windows\System\iVxlJQL.exe
  2⤵
  PID:9792
- C:\Windows\System\HVlRKYl.exe
  C:\Windows\System\HVlRKYl.exe
  2⤵
  PID:6972
- C:\Windows\System\kKdTndS.exe
  C:\Windows\System\kKdTndS.exe
  2⤵
  PID:9836
- C:\Windows\System\EJAMkZe.exe
  C:\Windows\System\EJAMkZe.exe
  2⤵
  PID:9684
- C:\Windows\System\SGxZiLB.exe
  C:\Windows\System\SGxZiLB.exe
  2⤵
  PID:9736
- C:\Windows\System\itNFAFq.exe
  C:\Windows\System\itNFAFq.exe
  2⤵
  PID:10376
- C:\Windows\System\arhQlaz.exe
  C:\Windows\System\arhQlaz.exe
  2⤵
  PID:10404
- C:\Windows\System\mamIGOi.exe
  C:\Windows\System\mamIGOi.exe
  2⤵
  PID:10488
- C:\Windows\System\AWUclSK.exe
  C:\Windows\System\AWUclSK.exe
  2⤵
  PID:10580
- C:\Windows\System\sEShcgJ.exe
  C:\Windows\System\sEShcgJ.exe
  2⤵
  PID:8980
- C:\Windows\System\pAXUUSc.exe
  C:\Windows\System\pAXUUSc.exe
  2⤵
  PID:10096
- C:\Windows\System\iusLKZZ.exe
  C:\Windows\System\iusLKZZ.exe
  2⤵
  PID:10208
- C:\Windows\System\MpKdapH.exe
  C:\Windows\System\MpKdapH.exe
  2⤵
  PID:10224
- C:\Windows\System\tpQtrae.exe
  C:\Windows\System\tpQtrae.exe
  2⤵
  PID:7524
- C:\Windows\System\blIjyEC.exe
  C:\Windows\System\blIjyEC.exe
  2⤵
  PID:11280
- C:\Windows\System\kUkjmma.exe
  C:\Windows\System\kUkjmma.exe
  2⤵
  PID:11304
- C:\Windows\System\nwbvROD.exe
  C:\Windows\System\nwbvROD.exe
  2⤵
  PID:11324
- C:\Windows\System\CkpZQKX.exe
  C:\Windows\System\CkpZQKX.exe
  2⤵
  PID:11348
- C:\Windows\System\MDMNdRu.exe
  C:\Windows\System\MDMNdRu.exe
  2⤵
  PID:11372
- C:\Windows\System\aRDYMXU.exe
  C:\Windows\System\aRDYMXU.exe
  2⤵
  PID:11396
- C:\Windows\System\YuOXjbp.exe
  C:\Windows\System\YuOXjbp.exe
  2⤵
  PID:11416
- C:\Windows\System\wmjuzSJ.exe
  C:\Windows\System\wmjuzSJ.exe
  2⤵
  PID:11440
- C:\Windows\System\SxafNbY.exe
  C:\Windows\System\SxafNbY.exe
  2⤵
  PID:11468
- C:\Windows\System\stTfjJr.exe
  C:\Windows\System\stTfjJr.exe
  2⤵
  PID:11488
- C:\Windows\System\bTpXhUl.exe
  C:\Windows\System\bTpXhUl.exe
  2⤵
  PID:11524
- C:\Windows\System\nYpSZnY.exe
  C:\Windows\System\nYpSZnY.exe
  2⤵
  PID:11544
- C:\Windows\System\yijmeOP.exe
  C:\Windows\System\yijmeOP.exe
  2⤵
  PID:11564
- C:\Windows\System\WUragxJ.exe
  C:\Windows\System\WUragxJ.exe
  2⤵
  PID:11588
- C:\Windows\System\fkDVNDi.exe
  C:\Windows\System\fkDVNDi.exe
  2⤵
  PID:11612
- C:\Windows\System\OXrTOGB.exe
  C:\Windows\System\OXrTOGB.exe
  2⤵
  PID:11636
- C:\Windows\System\fCAYecF.exe
  C:\Windows\System\fCAYecF.exe
  2⤵
  PID:11660
- C:\Windows\System\TxRGfLQ.exe
  C:\Windows\System\TxRGfLQ.exe
  2⤵
  PID:11680
- C:\Windows\System\ETSaprW.exe
  C:\Windows\System\ETSaprW.exe
  2⤵
  PID:11704
- C:\Windows\System\AlhpfhM.exe
  C:\Windows\System\AlhpfhM.exe
  2⤵
  PID:11728
- C:\Windows\System\cAahvDP.exe
  C:\Windows\System\cAahvDP.exe
  2⤵
  PID:11756
- C:\Windows\System\ZzGVbuN.exe
  C:\Windows\System\ZzGVbuN.exe
  2⤵
  PID:11776
- C:\Windows\System\VLWYTrx.exe
  C:\Windows\System\VLWYTrx.exe
  2⤵
  PID:11796
- C:\Windows\System\zdZtqXE.exe
  C:\Windows\System\zdZtqXE.exe
  2⤵
  PID:11824
- C:\Windows\System\FnzPSez.exe
  C:\Windows\System\FnzPSez.exe
  2⤵
  PID:11848
- C:\Windows\System\myhUgPn.exe
  C:\Windows\System\myhUgPn.exe
  2⤵
  PID:11876
- C:\Windows\System\UmFFuAx.exe
  C:\Windows\System\UmFFuAx.exe
  2⤵
  PID:11896
- C:\Windows\System\qCjeIQU.exe
  C:\Windows\System\qCjeIQU.exe
  2⤵
  PID:11912
- C:\Windows\System\IaKOkml.exe
  C:\Windows\System\IaKOkml.exe
  2⤵
  PID:11928
- C:\Windows\System\JYJSHsX.exe
  C:\Windows\System\JYJSHsX.exe
  2⤵
  PID:11948
- C:\Windows\System\UvUvppC.exe
  C:\Windows\System\UvUvppC.exe
  2⤵
  PID:11964
- C:\Windows\System\fOyQYAA.exe
  C:\Windows\System\fOyQYAA.exe
  2⤵
  PID:11980
- C:\Windows\System\YRgjRFR.exe
  C:\Windows\System\YRgjRFR.exe
  2⤵
  PID:11996
- C:\Windows\System\TDhiMWL.exe
  C:\Windows\System\TDhiMWL.exe
  2⤵
  PID:12012
- C:\Windows\System\HHpxCMT.exe
  C:\Windows\System\HHpxCMT.exe
  2⤵
  PID:12032
- C:\Windows\System\uUmbCZT.exe
  C:\Windows\System\uUmbCZT.exe
  2⤵
  PID:12052
- C:\Windows\System\vkoIbXD.exe
  C:\Windows\System\vkoIbXD.exe
  2⤵
  PID:12076
- C:\Windows\System\fCLNviZ.exe
  C:\Windows\System\fCLNviZ.exe
  2⤵
  PID:12100
- C:\Windows\System\dvTUgBy.exe
  C:\Windows\System\dvTUgBy.exe
  2⤵
  PID:12116
- C:\Windows\System\enjBBPc.exe
  C:\Windows\System\enjBBPc.exe
  2⤵
  PID:12132
- C:\Windows\System\AGJbopS.exe
  C:\Windows\System\AGJbopS.exe
  2⤵
  PID:12156
- C:\Windows\System\qTLIern.exe
  C:\Windows\System\qTLIern.exe
  2⤵
  PID:12180
- C:\Windows\System\wbkmLBn.exe
  C:\Windows\System\wbkmLBn.exe
  2⤵
  PID:12212
- C:\Windows\System\xSACRFu.exe
  C:\Windows\System\xSACRFu.exe
  2⤵
  PID:12236
- C:\Windows\System\BGWNKat.exe
  C:\Windows\System\BGWNKat.exe
  2⤵
  PID:12264
- C:\Windows\System\eotcydx.exe
  C:\Windows\System\eotcydx.exe
  2⤵
  PID:10712
- C:\Windows\System\dwvkCfA.exe
  C:\Windows\System\dwvkCfA.exe
  2⤵
  PID:8780
- C:\Windows\System\FGIsets.exe
  C:\Windows\System\FGIsets.exe
  2⤵
  PID:8892
- C:\Windows\System\QKAQfmF.exe
  C:\Windows\System\QKAQfmF.exe
  2⤵
  PID:9180
- C:\Windows\System\qfVXhJS.exe
  C:\Windows\System\qfVXhJS.exe
  2⤵
  PID:10844
- C:\Windows\System\rKUFmsL.exe
  C:\Windows\System\rKUFmsL.exe
  2⤵
  PID:10940
- C:\Windows\System\DQRqWBY.exe
  C:\Windows\System\DQRqWBY.exe
  2⤵
  PID:10984
- C:\Windows\System\tagMjwS.exe
  C:\Windows\System\tagMjwS.exe
  2⤵
  PID:11044
- C:\Windows\System\XcgEOct.exe
  C:\Windows\System\XcgEOct.exe
  2⤵
  PID:10284
- C:\Windows\System\wFdVScp.exe
  C:\Windows\System\wFdVScp.exe
  2⤵
  PID:10336
- C:\Windows\System\qvfnMTw.exe
  C:\Windows\System\qvfnMTw.exe
  2⤵
  PID:11156
- C:\Windows\System\Csxrnqz.exe
  C:\Windows\System\Csxrnqz.exe
  2⤵
  PID:11192
- C:\Windows\System\zDgCFDm.exe
  C:\Windows\System\zDgCFDm.exe
  2⤵
  PID:10160
- C:\Windows\System\DYwKSco.exe
  C:\Windows\System\DYwKSco.exe
  2⤵
  PID:10520
- C:\Windows\System\YHKuOvQ.exe
  C:\Windows\System\YHKuOvQ.exe
  2⤵
  PID:9484
- C:\Windows\System\jubcUEf.exe
  C:\Windows\System\jubcUEf.exe
  2⤵
  PID:10560
- C:\Windows\System\nPisKgX.exe
  C:\Windows\System\nPisKgX.exe
  2⤵
  PID:9408
- C:\Windows\System\dCxkMvk.exe
  C:\Windows\System\dCxkMvk.exe
  2⤵
  PID:9552
- C:\Windows\System\WstFnnX.exe
  C:\Windows\System\WstFnnX.exe
  2⤵
  PID:6608
- C:\Windows\System\fKHxDmG.exe
  C:\Windows\System\fKHxDmG.exe
  2⤵
  PID:8236
- C:\Windows\System\zZKCSqz.exe
  C:\Windows\System\zZKCSqz.exe
  2⤵
  PID:9280
- C:\Windows\System\EUYKbxP.exe
  C:\Windows\System\EUYKbxP.exe
  2⤵
  PID:12304
- C:\Windows\System\JxXGZud.exe
  C:\Windows\System\JxXGZud.exe
  2⤵
  PID:12332
- C:\Windows\System\RtmuAyI.exe
  C:\Windows\System\RtmuAyI.exe
  2⤵
  PID:12360
- C:\Windows\System\HJETHAT.exe
  C:\Windows\System\HJETHAT.exe
  2⤵
  PID:12380
- C:\Windows\System\XCJFqLy.exe
  C:\Windows\System\XCJFqLy.exe
  2⤵
  PID:12400
- C:\Windows\System\EgoKdFs.exe
  C:\Windows\System\EgoKdFs.exe
  2⤵
  PID:12432
- C:\Windows\System\XHlLvbW.exe
  C:\Windows\System\XHlLvbW.exe
  2⤵
  PID:12452
- C:\Windows\System\uRctuxm.exe
  C:\Windows\System\uRctuxm.exe
  2⤵
  PID:12472
- C:\Windows\System\vzDuxur.exe
  C:\Windows\System\vzDuxur.exe
  2⤵
  PID:12496
- C:\Windows\System\RkhlIYR.exe
  C:\Windows\System\RkhlIYR.exe
  2⤵
  PID:12520
- C:\Windows\System\bVWwkiu.exe
  C:\Windows\System\bVWwkiu.exe
  2⤵
  PID:12548
- C:\Windows\System\SXyXSIj.exe
  C:\Windows\System\SXyXSIj.exe
  2⤵
  PID:12568
- C:\Windows\System\mAbgUwS.exe
  C:\Windows\System\mAbgUwS.exe
  2⤵
  PID:12596
- C:\Windows\System\edBIbrC.exe
  C:\Windows\System\edBIbrC.exe
  2⤵
  PID:12616
- C:\Windows\System\PLpHCWa.exe
  C:\Windows\System\PLpHCWa.exe
  2⤵
  PID:12640
- C:\Windows\System\ZaDthbt.exe
  C:\Windows\System\ZaDthbt.exe
  2⤵
  PID:12660
- C:\Windows\System\aHOHPWA.exe
  C:\Windows\System\aHOHPWA.exe
  2⤵
  PID:12688
- C:\Windows\System\xSTkXVk.exe
  C:\Windows\System\xSTkXVk.exe
  2⤵
  PID:12708
- C:\Windows\System\cShProk.exe
  C:\Windows\System\cShProk.exe
  2⤵
  PID:12728
- C:\Windows\System\KSCdhas.exe
  C:\Windows\System\KSCdhas.exe
  2⤵
  PID:12744
- C:\Windows\System\OvkWYsR.exe
  C:\Windows\System\OvkWYsR.exe
  2⤵
  PID:11904
- C:\Windows\System\VCwaEVV.exe
  C:\Windows\System\VCwaEVV.exe
  2⤵
  PID:11556
- C:\Windows\System\OLgFigv.exe
  C:\Windows\System\OLgFigv.exe
  2⤵
  PID:12680
- C:\Windows\System\STUJoot.exe
  C:\Windows\System\STUJoot.exe
  2⤵
  PID:12864
- C:\Windows\System\jniuhln.exe
  C:\Windows\System\jniuhln.exe
  2⤵
  PID:11672
- C:\Windows\System\jycszgs.exe
  C:\Windows\System\jycszgs.exe
  2⤵
  PID:11696
- C:\Windows\System\YGsrlpl.exe
  C:\Windows\System\YGsrlpl.exe
  2⤵
  PID:11036
- C:\Windows\System\jGZvvLX.exe
  C:\Windows\System\jGZvvLX.exe
  2⤵
  PID:12928
- C:\Windows\System\tknkjdl.exe
  C:\Windows\System\tknkjdl.exe
  2⤵
  PID:12936
- C:\Windows\System\doKEAVv.exe
  C:\Windows\System\doKEAVv.exe
  2⤵
  PID:12008
- C:\Windows\System\rGoUFRv.exe
  C:\Windows\System\rGoUFRv.exe
  2⤵
  PID:7740
- C:\Windows\System\OJBlQwF.exe
  C:\Windows\System\OJBlQwF.exe
  2⤵
  PID:7388
- C:\Windows\System\wJjkqdg.exe
  C:\Windows\System\wJjkqdg.exe
  2⤵
  PID:10856
- C:\Windows\System\WEJYJUV.exe
  C:\Windows\System\WEJYJUV.exe
  2⤵
  PID:9572
- C:\Windows\System\UJFzeLn.exe
  C:\Windows\System\UJFzeLn.exe
  2⤵
  PID:9420
- C:\Windows\System\enBDwXs.exe
  C:\Windows\System\enBDwXs.exe
  2⤵
  PID:10604
- C:\Windows\System\UPgYKBV.exe
  C:\Windows\System\UPgYKBV.exe
  2⤵
  PID:10448
- C:\Windows\System\hJymtrp.exe
  C:\Windows\System\hJymtrp.exe
  2⤵
  PID:12296
- C:\Windows\System\RtivCxJ.exe
  C:\Windows\System\RtivCxJ.exe
  2⤵
  PID:12420
- C:\Windows\System\ypqhsJD.exe
  C:\Windows\System\ypqhsJD.exe
  2⤵
  PID:12940
- C:\Windows\System\paGnTpI.exe
  C:\Windows\System\paGnTpI.exe
  2⤵
  PID:12128
- C:\Windows\System\BlVoMkL.exe
  C:\Windows\System\BlVoMkL.exe
  2⤵
  PID:12228
- C:\Windows\System\PvdXUqL.exe
  C:\Windows\System\PvdXUqL.exe
  2⤵
  PID:12168
- C:\Windows\System\JQZQYoD.exe
  C:\Windows\System\JQZQYoD.exe
  2⤵
  PID:13120
- C:\Windows\System\YhSDqVP.exe
  C:\Windows\System\YhSDqVP.exe
  2⤵
  PID:12536
- C:\Windows\System\eutZikL.exe
  C:\Windows\System\eutZikL.exe
  2⤵
  PID:13228
- C:\Windows\System\GwjNzdj.exe
  C:\Windows\System\GwjNzdj.exe
  2⤵
  PID:11812
- C:\Windows\System\KfDWsOo.exe
  C:\Windows\System\KfDWsOo.exe
  2⤵
  PID:11504
- C:\Windows\System\exhlYpU.exe
  C:\Windows\System\exhlYpU.exe
  2⤵
  PID:12028
- C:\Windows\System\AAJwskO.exe
  C:\Windows\System\AAJwskO.exe
  2⤵
  PID:10916
- C:\Windows\System\cFDLZHd.exe
  C:\Windows\System\cFDLZHd.exe
  2⤵
  PID:11816
- C:\Windows\System\QnvURqf.exe
  C:\Windows\System\QnvURqf.exe
  2⤵
  PID:11924
- C:\Windows\System\hKBnkbV.exe
  C:\Windows\System\hKBnkbV.exe
  2⤵
  PID:8104
- C:\Windows\System\CicuutJ.exe
  C:\Windows\System\CicuutJ.exe
  2⤵
  PID:11976
- C:\Windows\System\cZMMNnk.exe
  C:\Windows\System\cZMMNnk.exe
  2⤵
  PID:12244
- C:\Windows\System\YFFUecg.exe
  C:\Windows\System\YFFUecg.exe
  2⤵
  PID:8628
- C:\Windows\System\zIjgIrR.exe
  C:\Windows\System\zIjgIrR.exe
  2⤵
  PID:10008
- C:\Windows\System\MwMabGm.exe
  C:\Windows\System\MwMabGm.exe
  2⤵
  PID:10616
- C:\Windows\System\dmWVjFX.exe
  C:\Windows\System\dmWVjFX.exe
  2⤵
  PID:5972
- C:\Windows\System\vBhSYTM.exe
  C:\Windows\System\vBhSYTM.exe
  2⤵
  PID:5424
- C:\Windows\System\rMHoEnp.exe
  C:\Windows\System\rMHoEnp.exe
  2⤵
  PID:12876
- C:\Windows\System\qVuIrJE.exe
  C:\Windows\System\qVuIrJE.exe
  2⤵
  PID:9564
- C:\Windows\System\eTyEXUj.exe
  C:\Windows\System\eTyEXUj.exe
  2⤵
  PID:10196
- C:\Windows\System\KPNFCrl.exe
  C:\Windows\System\KPNFCrl.exe
  2⤵
  PID:13132
- C:\Windows\System\WASiZJt.exe
  C:\Windows\System\WASiZJt.exe
  2⤵
  PID:12020
- C:\Windows\System\nTqVFag.exe
  C:\Windows\System\nTqVFag.exe
  2⤵
  PID:12760
- C:\Windows\System\OnUNKiO.exe
  C:\Windows\System\OnUNKiO.exe
  2⤵
  PID:9436
- C:\Windows\System\YlUaPAR.exe
  C:\Windows\System\YlUaPAR.exe
  2⤵
  PID:13128
- C:\Windows\System\kjzHGcs.exe
  C:\Windows\System\kjzHGcs.exe
  2⤵
  PID:13304
- C:\Windows\System\FUApPhd.exe
  C:\Windows\System\FUApPhd.exe
  2⤵
  PID:13276
- C:\Windows\System\agJsiXL.exe
  C:\Windows\System\agJsiXL.exe
  2⤵
  PID:12612
- C:\Windows\System\fDpfsbb.exe
  C:\Windows\System\fDpfsbb.exe
  2⤵
  PID:12716
- C:\Windows\System\AhprGQn.exe
  C:\Windows\System\AhprGQn.exe
  2⤵
  PID:12024
- C:\Windows\System\BXccULE.exe
  C:\Windows\System\BXccULE.exe
  2⤵
  PID:8144
- C:\Windows\System\lFQoMJZ.exe
  C:\Windows\System\lFQoMJZ.exe
  2⤵
  PID:11424
- C:\Windows\System\UNzayQr.exe
  C:\Windows\System\UNzayQr.exe
  2⤵
  PID:12564
- C:\Windows\System\spqItKb.exe
  C:\Windows\System\spqItKb.exe
  2⤵
  PID:12992
- C:\Windows\System\PlyGTbG.exe
  C:\Windows\System\PlyGTbG.exe
  2⤵
  PID:11748
- C:\Windows\System\eqMFnlc.exe
  C:\Windows\System\eqMFnlc.exe
  2⤵
  PID:11536
- C:\Windows\System\LcFpkZm.exe
  C:\Windows\System\LcFpkZm.exe
  2⤵
  PID:13248
- C:\Windows\System\SJYADsu.exe
  C:\Windows\System\SJYADsu.exe
  2⤵
  PID:9340
- C:\Windows\System\ESqYgBO.exe
  C:\Windows\System\ESqYgBO.exe
  2⤵
  PID:13160
- C:\Windows\System\TKttQEq.exe
  C:\Windows\System\TKttQEq.exe
  2⤵
  PID:9992
- C:\Windows\System\qntbybk.exe
  C:\Windows\System\qntbybk.exe
  2⤵
  PID:11476
- C:\Windows\System\qmUMYjB.exe
  C:\Windows\System\qmUMYjB.exe
  2⤵
  PID:12880
- C:\Windows\System\GqbKemu.exe
  C:\Windows\System\GqbKemu.exe
  2⤵
  PID:10900
- C:\Windows\System\PXXDlYU.exe
  C:\Windows\System\PXXDlYU.exe
  2⤵
  PID:9120
- C:\Windows\System\nypCxfD.exe
  C:\Windows\System\nypCxfD.exe
  2⤵
  PID:12848
- C:\Windows\System\rsbzldo.exe
  C:\Windows\System\rsbzldo.exe
  2⤵
  PID:10272
- C:\Windows\System\gzCKUOg.exe
  C:\Windows\System\gzCKUOg.exe
  2⤵
  PID:10732
- C:\Windows\System\ENbUdbl.exe
  C:\Windows\System\ENbUdbl.exe
  2⤵
  PID:11364
- C:\Windows\System\KtwjTBT.exe
  C:\Windows\System\KtwjTBT.exe
  2⤵
  PID:13068
- C:\Windows\System\KFzCSyv.exe
  C:\Windows\System\KFzCSyv.exe
  2⤵
  PID:11624
- C:\Windows\System\RdRuLaM.exe
  C:\Windows\System\RdRuLaM.exe
  2⤵
  PID:13108
- C:\Windows\System\jQiQQQK.exe
  C:\Windows\System\jQiQQQK.exe
  2⤵
  PID:12812
- C:\Windows\System\dwTgPLX.exe
  C:\Windows\System\dwTgPLX.exe
  2⤵
  PID:13208
- C:\Windows\System\vGfXkua.exe
  C:\Windows\System\vGfXkua.exe
  2⤵
  PID:11268
- C:\Windows\System\ACFWcoP.exe
  C:\Windows\System\ACFWcoP.exe
  2⤵
  PID:11652
- C:\Windows\System\NyYnPfc.exe
  C:\Windows\System\NyYnPfc.exe
  2⤵
  PID:13140
- C:\Windows\System\CYUVyUG.exe
  C:\Windows\System\CYUVyUG.exe
  2⤵
  PID:516
- C:\Windows\System\GfJAhCm.exe
  C:\Windows\System\GfJAhCm.exe
  2⤵
  PID:12224
- C:\Windows\System\XLoHWAc.exe
  C:\Windows\System\XLoHWAc.exe
  2⤵
  PID:940
- C:\Windows\System\RIKQYEt.exe
  C:\Windows\System\RIKQYEt.exe
  2⤵
  PID:11180
- C:\Windows\System\fNkGsqm.exe
  C:\Windows\System\fNkGsqm.exe
  2⤵
  PID:12656
- C:\Windows\System\KwRfPKm.exe
  C:\Windows\System\KwRfPKm.exe
  2⤵
  PID:12948
- C:\Windows\System\WMmxvsP.exe
  C:\Windows\System\WMmxvsP.exe
  2⤵
  PID:4256
- C:\Windows\System\sJUWLkO.exe
  C:\Windows\System\sJUWLkO.exe
  2⤵
  PID:2328
- C:\Windows\System\mVqEpBs.exe
  C:\Windows\System\mVqEpBs.exe
  2⤵
  PID:1816
- C:\Windows\System\FjwhlDp.exe
  C:\Windows\System\FjwhlDp.exe
  2⤵
  PID:3056
- C:\Windows\System\pLKtNuH.exe
  C:\Windows\System\pLKtNuH.exe
  2⤵
  PID:12652
- C:\Windows\System\WlnDMaD.exe
  C:\Windows\System\WlnDMaD.exe
  2⤵
  PID:4440
- C:\Windows\System\eNfaYrr.exe
  C:\Windows\System\eNfaYrr.exe
  2⤵
  PID:12868
- C:\Windows\System\djIlDde.exe
  C:\Windows\System\djIlDde.exe
  2⤵
  PID:9724
- C:\Windows\System\pjxDUPf.exe
  C:\Windows\System\pjxDUPf.exe
  2⤵
  PID:11236
- C:\Windows\System\eEUSRmo.exe
  C:\Windows\System\eEUSRmo.exe
  2⤵
  PID:12444
- C:\Windows\System\uVupNuB.exe
  C:\Windows\System\uVupNuB.exe
  2⤵
  PID:8436
- C:\Windows\System\dEwedhA.exe
  C:\Windows\System\dEwedhA.exe
  2⤵
  PID:1468
- C:\Windows\System\uEOjiYF.exe
  C:\Windows\System\uEOjiYF.exe
  2⤵
  PID:13296
- C:\Windows\System\SFPocDX.exe
  C:\Windows\System\SFPocDX.exe
  2⤵
  PID:12092
- C:\Windows\System\XTjDIGu.exe
  C:\Windows\System\XTjDIGu.exe
  2⤵
  PID:11804
- C:\Windows\System\jdxiyZU.exe
  C:\Windows\System\jdxiyZU.exe
  2⤵
  PID:12836
- C:\Windows\System\FDTEBHt.exe
  C:\Windows\System\FDTEBHt.exe
  2⤵
  PID:3960
- C:\Windows\System\FknqOJw.exe
  C:\Windows\System\FknqOJw.exe
  2⤵
  PID:13320
- C:\Windows\System\aWdXHDI.exe
  C:\Windows\System\aWdXHDI.exe
  2⤵
  PID:13336
- C:\Windows\System\hgCWmsu.exe
  C:\Windows\System\hgCWmsu.exe
  2⤵
  PID:13356
- C:\Windows\System\PkJIhyB.exe
  C:\Windows\System\PkJIhyB.exe
  2⤵
  PID:13376
- C:\Windows\System\mDPkLdE.exe
  C:\Windows\System\mDPkLdE.exe
  2⤵
  PID:13392
- C:\Windows\System\DwxLMlV.exe
  C:\Windows\System\DwxLMlV.exe
  2⤵
  PID:13408
- C:\Windows\System\FHxhkNc.exe
  C:\Windows\System\FHxhkNc.exe
  2⤵
  PID:13424
- C:\Windows\System\LsBrbNR.exe
  C:\Windows\System\LsBrbNR.exe
  2⤵
  PID:13440
- C:\Windows\System\SVgFkow.exe
  C:\Windows\System\SVgFkow.exe
  2⤵
  PID:13456
- C:\Windows\System\mDhUUie.exe
  C:\Windows\System\mDhUUie.exe
  2⤵
  PID:13476
- C:\Windows\System\mhiZCMh.exe
  C:\Windows\System\mhiZCMh.exe
  2⤵
  PID:13492
- C:\Windows\System\KnpmVRE.exe
  C:\Windows\System\KnpmVRE.exe
  2⤵
  PID:13508
- C:\Windows\System\coThpzy.exe
  C:\Windows\System\coThpzy.exe
  2⤵
  PID:13524
- C:\Windows\System\lHofsGf.exe
  C:\Windows\System\lHofsGf.exe
  2⤵
  PID:13540
- C:\Windows\System\pfizhIf.exe
  C:\Windows\System\pfizhIf.exe
  2⤵
  PID:13556
- C:\Windows\System\pnfqQfS.exe
  C:\Windows\System\pnfqQfS.exe
  2⤵
  PID:13572
- C:\Windows\System\BFkKPyM.exe
  C:\Windows\System\BFkKPyM.exe
  2⤵
  PID:13596
- C:\Windows\System\lUIxYNw.exe
  C:\Windows\System\lUIxYNw.exe
  2⤵
  PID:13612
- C:\Windows\System\NiYeCYA.exe
  C:\Windows\System\NiYeCYA.exe
  2⤵
  PID:13628
- C:\Windows\System\dtHORHQ.exe
  C:\Windows\System\dtHORHQ.exe
  2⤵
  PID:13644
- C:\Windows\System\kNiPvTM.exe
  C:\Windows\System\kNiPvTM.exe
  2⤵
  PID:13660
- C:\Windows\System\fAXUHuR.exe
  C:\Windows\System\fAXUHuR.exe
  2⤵
  PID:13676
- C:\Windows\System\KiZzhcH.exe
  C:\Windows\System\KiZzhcH.exe
  2⤵
  PID:13692
- C:\Windows\System\sMqDIGO.exe
  C:\Windows\System\sMqDIGO.exe
  2⤵
  PID:13708
- C:\Windows\System\jDnBBTi.exe
  C:\Windows\System\jDnBBTi.exe
  2⤵
  PID:13732
- C:\Windows\System\ErqxNLT.exe
  C:\Windows\System\ErqxNLT.exe
  2⤵
  PID:13748
- C:\Windows\System\ZyAMPil.exe
  C:\Windows\System\ZyAMPil.exe
  2⤵
  PID:13764
- C:\Windows\System\JBGKlur.exe
  C:\Windows\System\JBGKlur.exe
  2⤵
  PID:13780
- C:\Windows\System\uhLEutB.exe
  C:\Windows\System\uhLEutB.exe
  2⤵
  PID:13796
- C:\Windows\System\gGqRTJn.exe
  C:\Windows\System\gGqRTJn.exe
  2⤵
  PID:13812
- C:\Windows\System\ksXpmGz.exe
  C:\Windows\System\ksXpmGz.exe
  2⤵
  PID:13828
- C:\Windows\System\zjelqfj.exe
  C:\Windows\System\zjelqfj.exe
  2⤵
  PID:13844
- C:\Windows\System\KdqSPMP.exe
  C:\Windows\System\KdqSPMP.exe
  2⤵
  PID:13872
- C:\Windows\System\dhRKyhZ.exe
  C:\Windows\System\dhRKyhZ.exe
  2⤵
  PID:13892
- C:\Windows\System\nfDpemJ.exe
  C:\Windows\System\nfDpemJ.exe
  2⤵
  PID:13908
- C:\Windows\System\hOqHqQd.exe
  C:\Windows\System\hOqHqQd.exe
  2⤵
  PID:13928
- C:\Windows\System\PUXAUtg.exe
  C:\Windows\System\PUXAUtg.exe
  2⤵
  PID:13944
- C:\Windows\System\rVQNOCn.exe
  C:\Windows\System\rVQNOCn.exe
  2⤵
  PID:13960
- C:\Windows\System\RRQFmSU.exe
  C:\Windows\System\RRQFmSU.exe
  2⤵
  PID:13976
- C:\Windows\System\NMvBSOr.exe
  C:\Windows\System\NMvBSOr.exe
  2⤵
  PID:13992
- C:\Windows\System\rvmtYYb.exe
  C:\Windows\System\rvmtYYb.exe
  2⤵
  PID:14012
- C:\Windows\System\nBSLrKz.exe
  C:\Windows\System\nBSLrKz.exe
  2⤵
  PID:14032
- C:\Windows\System\fIvWRpI.exe
  C:\Windows\System\fIvWRpI.exe
  2⤵
  PID:14048
- C:\Windows\System\EtcXzqO.exe
  C:\Windows\System\EtcXzqO.exe
  2⤵
  PID:14064
- C:\Windows\System\QDOPvoM.exe
  C:\Windows\System\QDOPvoM.exe
  2⤵
  PID:14080
- C:\Windows\System\pXuPzaO.exe
  C:\Windows\System\pXuPzaO.exe
  2⤵
  PID:14096
- C:\Windows\System\dzBVdlO.exe
  C:\Windows\System\dzBVdlO.exe
  2⤵
  PID:14124
- C:\Windows\System\aWtKIaP.exe
  C:\Windows\System\aWtKIaP.exe
  2⤵
  PID:14140
- C:\Windows\System\IYmEKqr.exe
  C:\Windows\System\IYmEKqr.exe
  2⤵
  PID:14156
- C:\Windows\System\yrqwBDK.exe
  C:\Windows\System\yrqwBDK.exe
  2⤵
  PID:14180
- C:\Windows\System\TCwnunb.exe
  C:\Windows\System\TCwnunb.exe
  2⤵
  PID:14204
- C:\Windows\System\enhCzZF.exe
  C:\Windows\System\enhCzZF.exe
  2⤵
  PID:14220
- C:\Windows\System\vRxAeVS.exe
  C:\Windows\System\vRxAeVS.exe
  2⤵
  PID:14236
- C:\Windows\System\SFSUSnh.exe
  C:\Windows\System\SFSUSnh.exe
  2⤵
  PID:14252
- C:\Windows\System\yXSqzEm.exe
  C:\Windows\System\yXSqzEm.exe
  2⤵
  PID:14268
- C:\Windows\System\UyQpxcx.exe
  C:\Windows\System\UyQpxcx.exe
  2⤵
  PID:14284
- C:\Windows\System\izzkgsk.exe
  C:\Windows\System\izzkgsk.exe
  2⤵
  PID:14300
- C:\Windows\System\YWEVIGf.exe
  C:\Windows\System\YWEVIGf.exe
  2⤵
  PID:14324
- C:\Windows\System\MADgUEw.exe
  C:\Windows\System\MADgUEw.exe
  2⤵
  PID:2988
- C:\Windows\System\bLufMis.exe
  C:\Windows\System\bLufMis.exe
  2⤵
  PID:13364
- C:\Windows\System\lbigLsC.exe
  C:\Windows\System\lbigLsC.exe
  2⤵
  PID:13432
- C:\Windows\System\EZoqGPc.exe
  C:\Windows\System\EZoqGPc.exe
  2⤵
  PID:13484
- C:\Windows\System\GSkRTwX.exe
  C:\Windows\System\GSkRTwX.exe
  2⤵
  PID:13520
- C:\Windows\System\ChMDHQy.exe
  C:\Windows\System\ChMDHQy.exe
  2⤵
  PID:13552
- C:\Windows\System\WwJEjKB.exe
  C:\Windows\System\WwJEjKB.exe
  2⤵
  PID:13592
- C:\Windows\System\kFPFdYQ.exe
  C:\Windows\System\kFPFdYQ.exe
  2⤵
  PID:13624
- C:\Windows\System\hWEPniX.exe
  C:\Windows\System\hWEPniX.exe
  2⤵
  PID:13656
- C:\Windows\System\xMSwjzo.exe
  C:\Windows\System\xMSwjzo.exe
  2⤵
  PID:13740
- C:\Windows\System\jtsSAVW.exe
  C:\Windows\System\jtsSAVW.exe
  2⤵
  PID:13804
- C:\Windows\System\vcnLWIu.exe
  C:\Windows\System\vcnLWIu.exe
  2⤵
  PID:13888
- C:\Windows\System\HSTzVRJ.exe
  C:\Windows\System\HSTzVRJ.exe
  2⤵
  PID:13940
- C:\Windows\System\jNkGVAL.exe
  C:\Windows\System\jNkGVAL.exe
  2⤵
  PID:13984
- C:\Windows\System\GgSmTxk.exe
  C:\Windows\System\GgSmTxk.exe
  2⤵
  PID:14024
- C:\Windows\System\kSCknLs.exe
  C:\Windows\System\kSCknLs.exe
  2⤵
  PID:14060
- C:\Windows\System\kQIWdig.exe
  C:\Windows\System\kQIWdig.exe
  2⤵
  PID:14088
- C:\Windows\System\jykIHMZ.exe
  C:\Windows\System\jykIHMZ.exe
  2⤵
  PID:14132
- C:\Windows\System\JzFMjzv.exe
  C:\Windows\System\JzFMjzv.exe
  2⤵
  PID:14172
- C:\Windows\System\XeNxgXW.exe
  C:\Windows\System\XeNxgXW.exe
  2⤵
  PID:14212
- C:\Windows\System\cHaPsVg.exe
  C:\Windows\System\cHaPsVg.exe
  2⤵
  PID:14260
- C:\Windows\System\ljidqEG.exe
  C:\Windows\System\ljidqEG.exe
  2⤵
  PID:14296
- C:\Windows\System\BgoeDWI.exe
  C:\Windows\System\BgoeDWI.exe
  2⤵
  PID:14312
- C:\Windows\System\sGRdMvo.exe
  C:\Windows\System\sGRdMvo.exe
  2⤵
  PID:13332
- C:\Windows\System\WBKqFed.exe
  C:\Windows\System\WBKqFed.exe
  2⤵
  PID:13316
- C:\Windows\System\oDuqGas.exe
  C:\Windows\System\oDuqGas.exe
  2⤵
  PID:13488
- C:\Windows\System\WvsGKVL.exe
  C:\Windows\System\WvsGKVL.exe
  2⤵
  PID:13568
- C:\Windows\System\lCedUyY.exe
  C:\Windows\System\lCedUyY.exe
  2⤵
  PID:13640
- C:\Windows\System\axJQlIp.exe
  C:\Windows\System\axJQlIp.exe
  2⤵
  PID:13788
- C:\Windows\System\yivxhom.exe
  C:\Windows\System\yivxhom.exe
  2⤵
  PID:13924
- C:\Windows\System\Fxjivwz.exe
  C:\Windows\System\Fxjivwz.exe
  2⤵
  PID:14008
- C:\Windows\System\LmQfKZy.exe
  C:\Windows\System\LmQfKZy.exe
  2⤵
  PID:1704
- C:\Windows\System\ZcAKBZV.exe
  C:\Windows\System\ZcAKBZV.exe
  2⤵
  PID:14188
- C:\Windows\System\WhJXUZZ.exe
  C:\Windows\System\WhJXUZZ.exe
  2⤵
  PID:14244
- C:\Windows\System\sXAJdfG.exe
  C:\Windows\System\sXAJdfG.exe
  2⤵
  PID:432
- C:\Windows\System\goRhWQd.exe
  C:\Windows\System\goRhWQd.exe
  2⤵
  PID:13352
- C:\Windows\System\TflixYT.exe
  C:\Windows\System\TflixYT.exe
  2⤵
  PID:13420
- C:\Windows\System\tCyOSep.exe
  C:\Windows\System\tCyOSep.exe
  2⤵
  PID:13516
- C:\Windows\System\fiiwErD.exe
  C:\Windows\System\fiiwErD.exe
  2⤵
  PID:13620
- C:\Windows\System\GPkZgvT.exe
  C:\Windows\System\GPkZgvT.exe
  2⤵
  PID:13884
- C:\Windows\System\XWMjkBx.exe
  C:\Windows\System\XWMjkBx.exe
  2⤵
  PID:14076
- C:\Windows\System\UZoavJh.exe
  C:\Windows\System\UZoavJh.exe
  2⤵
  PID:14320
- C:\Windows\System\xLfTXjC.exe
  C:\Windows\System\xLfTXjC.exe
  2⤵
  PID:4968
- C:\Windows\System\qrbqvDj.exe
  C:\Windows\System\qrbqvDj.exe
  2⤵
  PID:13972
- C:\Windows\System\ggfkjlX.exe
  C:\Windows\System\ggfkjlX.exe
  2⤵
  PID:14248
- C:\Windows\System\kxFsakw.exe
  C:\Windows\System\kxFsakw.exe
  2⤵
  PID:14232
- C:\Windows\System\embFgFJ.exe
  C:\Windows\System\embFgFJ.exe
  2⤵
  PID:14152
- C:\Windows\System\byeSjvc.exe
  C:\Windows\System\byeSjvc.exe
  2⤵
  PID:14276
- C:\Windows\System\MswKmCG.exe
  C:\Windows\System\MswKmCG.exe
  2⤵
  PID:14020
- C:\Windows\System\gagTtkL.exe
  C:\Windows\System\gagTtkL.exe
  2⤵
  PID:14352
- C:\Windows\System\PnZjLpk.exe
  C:\Windows\System\PnZjLpk.exe
  2⤵
  PID:14368
- C:\Windows\System\StYMmFL.exe
  C:\Windows\System\StYMmFL.exe
  2⤵
  PID:14384
- C:\Windows\System\zYEisZU.exe
  C:\Windows\System\zYEisZU.exe
  2⤵
  PID:14404
- C:\Windows\System\MrIYzqm.exe
  C:\Windows\System\MrIYzqm.exe
  2⤵
  PID:14428
- C:\Windows\System\jYBwkWU.exe
  C:\Windows\System\jYBwkWU.exe
  2⤵
  PID:14468
- C:\Windows\System\sjZEpFM.exe
  C:\Windows\System\sjZEpFM.exe
  2⤵
  PID:14484
- C:\Windows\System\PsoezGu.exe
  C:\Windows\System\PsoezGu.exe
  2⤵
  PID:14500
- C:\Windows\System\SDSGPSZ.exe
  C:\Windows\System\SDSGPSZ.exe
  2⤵
  PID:14520
- C:\Windows\System\NvKbOPM.exe
  C:\Windows\System\NvKbOPM.exe
  2⤵
  PID:14556
- C:\Windows\System\BgrUlMf.exe
  C:\Windows\System\BgrUlMf.exe
  2⤵
  PID:14576
- C:\Windows\System\hmCNmTz.exe
  C:\Windows\System\hmCNmTz.exe
  2⤵
  PID:14596
- C:\Windows\System\GcjdQPq.exe
  C:\Windows\System\GcjdQPq.exe
  2⤵
  PID:14616
- C:\Windows\System\RsXFISZ.exe
  C:\Windows\System\RsXFISZ.exe
  2⤵
  PID:14636
- C:\Windows\System\RwdLyss.exe
  C:\Windows\System\RwdLyss.exe
  2⤵
  PID:15076
- C:\Windows\System\wWmqoHj.exe
  C:\Windows\System\wWmqoHj.exe
  2⤵
  PID:15104
- C:\Windows\System\aTUYcFo.exe
  C:\Windows\System\aTUYcFo.exe
  2⤵
  PID:15124
- C:\Windows\System\KhczgCT.exe
  C:\Windows\System\KhczgCT.exe
  2⤵
  PID:15188
- C:\Windows\System\PvSGlox.exe
  C:\Windows\System\PvSGlox.exe
  2⤵
  PID:14380
- C:\Windows\System\GwduNPs.exe
  C:\Windows\System\GwduNPs.exe
  2⤵
  PID:14464
- C:\Windows\System\nhHvhgU.exe
  C:\Windows\System\nhHvhgU.exe
  2⤵
  PID:14592
- C:\Windows\System\VFATTKk.exe
  C:\Windows\System\VFATTKk.exe
  2⤵
  PID:14892
- C:\Windows\System\RHhAklE.exe
  C:\Windows\System\RHhAklE.exe
  2⤵
  PID:14912
- C:\Windows\System\FSzbJqb.exe
  C:\Windows\System\FSzbJqb.exe
  2⤵
  PID:14928
- C:\Windows\System\UPzVjjj.exe
  C:\Windows\System\UPzVjjj.exe
  2⤵
  PID:14944
- C:\Windows\System\oqTYBLu.exe
  C:\Windows\System\oqTYBLu.exe
  2⤵
  PID:14960
- C:\Windows\System\oGgXbiP.exe
  C:\Windows\System\oGgXbiP.exe
  2⤵
  PID:14972
- C:\Windows\System\CSJaQQK.exe
  C:\Windows\System\CSJaQQK.exe
  2⤵
  PID:15000
- C:\Windows\System\VPZJLhT.exe
  C:\Windows\System\VPZJLhT.exe
  2⤵
  PID:15012
- C:\Windows\System\qKfYzpb.exe
  C:\Windows\System\qKfYzpb.exe
  2⤵
  PID:15024
- C:\Windows\System\cLQORox.exe
  C:\Windows\System\cLQORox.exe
  2⤵
  PID:15040
- C:\Windows\System\fOwVMVr.exe
  C:\Windows\System\fOwVMVr.exe
  2⤵
  PID:1036
- C:\Windows\System\OvsysoU.exe
  C:\Windows\System\OvsysoU.exe
  2⤵
  PID:1292
- C:\Windows\System\uhCLhZT.exe
  C:\Windows\System\uhCLhZT.exe
  2⤵
  PID:1420
- C:\Windows\System\MwggdeU.exe
  C:\Windows\System\MwggdeU.exe
  2⤵
  PID:1864
- C:\Windows\System\VilGNAs.exe
  C:\Windows\System\VilGNAs.exe
  2⤵
  PID:15132
- C:\Windows\System\IrPtpOL.exe
  C:\Windows\System\IrPtpOL.exe
  2⤵
  PID:15244
- C:\Windows\System\WuHHmxr.exe
  C:\Windows\System\WuHHmxr.exe
  2⤵
  PID:15256
- C:\Windows\System\cEDBOJy.exe
  C:\Windows\System\cEDBOJy.exe
  2⤵
  PID:15288
- C:\Windows\System\tXmpKbp.exe
  C:\Windows\System\tXmpKbp.exe
  2⤵
  PID:14820
- C:\Windows\System\bnMpeXN.exe
  C:\Windows\System\bnMpeXN.exe
  2⤵
  PID:15048
- C:\Windows\System\VWmNzES.exe
  C:\Windows\System\VWmNzES.exe
  2⤵
  PID:1328
- C:\Windows\System\JoBfEEt.exe
  C:\Windows\System\JoBfEEt.exe
  2⤵
  PID:15096
- C:\Windows\System\wSZchWo.exe
  C:\Windows\System\wSZchWo.exe
  2⤵
  PID:3788
- C:\Windows\System\YNVQNfu.exe
  C:\Windows\System\YNVQNfu.exe
  2⤵
  PID:15240
- C:\Windows\System\LKifSxh.exe
  C:\Windows\System\LKifSxh.exe
  2⤵
  PID:15264
- C:\Windows\System\rEEwxse.exe
  C:\Windows\System\rEEwxse.exe
  2⤵
  PID:15280
- C:\Windows\System\gLNERJK.exe
  C:\Windows\System\gLNERJK.exe
  2⤵
  PID:15304
- C:\Windows\System\cYkQrHZ.exe
  C:\Windows\System\cYkQrHZ.exe
  2⤵
  PID:15332
- C:\Windows\System\VmAbUDK.exe
  C:\Windows\System\VmAbUDK.exe
  2⤵
  PID:556
- C:\Windows\System\FfjgWGJ.exe
  C:\Windows\System\FfjgWGJ.exe
  2⤵
  PID:15088
- C:\Windows\System\mpxuQEg.exe
  C:\Windows\System\mpxuQEg.exe
  2⤵
  PID:15140
- C:\Windows\System\gXhFXqc.exe
  C:\Windows\System\gXhFXqc.exe
  2⤵
  PID:3624
- C:\Windows\System\DISXHwZ.exe
  C:\Windows\System\DISXHwZ.exe
  2⤵
  PID:10384
- C:\Windows\System\bLGsnbC.exe
  C:\Windows\System\bLGsnbC.exe
  2⤵
  PID:4512
- C:\Windows\System\eRQKYYq.exe
  C:\Windows\System\eRQKYYq.exe
  2⤵
  PID:15144
- C:\Windows\System\NalafXU.exe
  C:\Windows\System\NalafXU.exe
  2⤵
  PID:3064
- C:\Windows\System\lHZRsfw.exe
  C:\Windows\System\lHZRsfw.exe
  2⤵
  PID:15232
- C:\Windows\System\ZawtNsQ.exe
  C:\Windows\System\ZawtNsQ.exe
  2⤵
  PID:15164
- C:\Windows\System\sdJjMnZ.exe
  C:\Windows\System\sdJjMnZ.exe
  2⤵
  PID:13404
- C:\Windows\System\UaOLOWn.exe
  C:\Windows\System\UaOLOWn.exe
  2⤵
  PID:13536
- C:\Windows\System\CEuxxDa.exe
  C:\Windows\System\CEuxxDa.exe
  2⤵
  PID:15136
- C:\Windows\System\GUaAmdD.exe
  C:\Windows\System\GUaAmdD.exe
  2⤵
  PID:13388
- C:\Windows\System\gHbJOCk.exe
  C:\Windows\System\gHbJOCk.exe
  2⤵
  PID:14568
- C:\Windows\System\qCWFlIA.exe
  C:\Windows\System\qCWFlIA.exe
  2⤵
  PID:14496
- C:\Windows\System\dplfZGj.exe
  C:\Windows\System\dplfZGj.exe
  2⤵
  PID:14540
- C:\Windows\System\yEGhztN.exe
  C:\Windows\System\yEGhztN.exe
  2⤵
  PID:14700
- C:\Windows\System\LzihTNM.exe
  C:\Windows\System\LzihTNM.exe
  2⤵
  PID:14708
- C:\Windows\System\GmzkfZZ.exe
  C:\Windows\System\GmzkfZZ.exe
  2⤵
  PID:14720
- C:\Windows\System\dJkSByH.exe
  C:\Windows\System\dJkSByH.exe
  2⤵
  PID:14744
- C:\Windows\System\nCeRBkr.exe
  C:\Windows\System\nCeRBkr.exe
  2⤵
  PID:14756
- C:\Windows\System\uSYdZeA.exe
  C:\Windows\System\uSYdZeA.exe
  2⤵
  PID:14776
- C:\Windows\System\iBPCxDR.exe
  C:\Windows\System\iBPCxDR.exe
  2⤵
  PID:14792
- C:\Windows\System\zSmetkW.exe
  C:\Windows\System\zSmetkW.exe
  2⤵
  PID:14656
- C:\Windows\System\qtBNnfl.exe
  C:\Windows\System\qtBNnfl.exe
  2⤵
  PID:14648
- C:\Windows\System\QFHqwrC.exe
  C:\Windows\System\QFHqwrC.exe
  2⤵
  PID:14604
- C:\Windows\System\lPHLpSZ.exe
  C:\Windows\System\lPHLpSZ.exe
  2⤵
  PID:14628
- C:\Windows\System\mGHDcGG.exe
  C:\Windows\System\mGHDcGG.exe
  2⤵
  PID:14480
- C:\Windows\System\yMjqjRw.exe
  C:\Windows\System\yMjqjRw.exe
  2⤵
  PID:14364
- C:\Windows\System\kwltnCw.exe
  C:\Windows\System\kwltnCw.exe
  2⤵
  PID:1008
- C:\Windows\System\HdVYZLz.exe
  C:\Windows\System\HdVYZLz.exe
  2⤵
  PID:14828
- C:\Windows\System\OGwmZBq.exe
  C:\Windows\System\OGwmZBq.exe
  2⤵
  PID:872
- C:\Windows\System\EyQzFSQ.exe
  C:\Windows\System\EyQzFSQ.exe
  2⤵
  PID:1004
- C:\Windows\System\vgjtcLL.exe
  C:\Windows\System\vgjtcLL.exe
  2⤵
  PID:1972
- C:\Windows\System\SYweJQC.exe
  C:\Windows\System\SYweJQC.exe
  2⤵
  PID:14880
- C:\Windows\System\MvRdkPX.exe
  C:\Windows\System\MvRdkPX.exe
  2⤵
  PID:3000
- C:\Windows\System\JpTqUFP.exe
  C:\Windows\System\JpTqUFP.exe
  2⤵
  PID:4708
- C:\Windows\System\AZdDWHY.exe
  C:\Windows\System\AZdDWHY.exe
  2⤵
  PID:15060
- C:\Windows\System\QZTeJkm.exe
  C:\Windows\System\QZTeJkm.exe
  2⤵
  PID:14860
- C:\Windows\System\uoypFHW.exe
  C:\Windows\System\uoypFHW.exe
  2⤵
  PID:3860
- C:\Windows\System\KrwIrxk.exe
  C:\Windows\System\KrwIrxk.exe
  2⤵
  PID:3884
- C:\Windows\System\QYEZHDJ.exe
  C:\Windows\System\QYEZHDJ.exe
  2⤵
  PID:14868
- C:\Windows\System\XYMJfLY.exe
  C:\Windows\System\XYMJfLY.exe
  2⤵
  PID:14900
- C:\Windows\System\VEShRij.exe
  C:\Windows\System\VEShRij.exe
  2⤵
  PID:14936
- C:\Windows\System\vHZWmlx.exe
  C:\Windows\System\vHZWmlx.exe
  2⤵
  PID:14952
- C:\Windows\System\LsWgcaP.exe
  C:\Windows\System\LsWgcaP.exe
  2⤵
  PID:3996
- C:\Windows\System\sBQcuOT.exe
  C:\Windows\System\sBQcuOT.exe
  2⤵
  PID:4088
- C:\Windows\System\giPQLWn.exe
  C:\Windows\System\giPQLWn.exe
  2⤵
  PID:4024
- C:\Windows\System\fVEFnRi.exe
  C:\Windows\System\fVEFnRi.exe
  2⤵
  PID:4180
- C:\Windows\System\JcaWAjr.exe
  C:\Windows\System\JcaWAjr.exe
  2⤵
  PID:4260
- C:\Windows\System\eKObOjG.exe
  C:\Windows\System\eKObOjG.exe
  2⤵
  PID:4324
- C:\Windows\System\JKdFomt.exe
  C:\Windows\System\JKdFomt.exe
  2⤵
  PID:5044
- C:\Windows\System\LSTZghI.exe
  C:\Windows\System\LSTZghI.exe
  2⤵
  PID:4136
- C:\Windows\System\nHvBFZO.exe
  C:\Windows\System\nHvBFZO.exe
  2⤵
  PID:1296
- C:\Windows\System\wvgxEdU.exe
  C:\Windows\System\wvgxEdU.exe
  2⤵
  PID:3812
- C:\Windows\System\zfXqUyd.exe
  C:\Windows\System\zfXqUyd.exe
  2⤵
  PID:15260
- C:\Windows\System\bADMVkh.exe
  C:\Windows\System\bADMVkh.exe
  2⤵
  PID:15320
- C:\Windows\System\tMvFrlW.exe
  C:\Windows\System\tMvFrlW.exe
  2⤵
  PID:15348
- C:\Windows\System\rGzFrOd.exe
  C:\Windows\System\rGzFrOd.exe
  2⤵
  PID:4672
- C:\Windows\System\oNJpiTn.exe
  C:\Windows\System\oNJpiTn.exe
  2⤵
  PID:4780
- C:\Windows\System\yeJEwqn.exe
  C:\Windows\System\yeJEwqn.exe
  2⤵
  PID:13464
- C:\Windows\System\UOtZsxZ.exe
  C:\Windows\System\UOtZsxZ.exe
  2⤵
  PID:3440
- C:\Windows\System\iUlIZCt.exe
  C:\Windows\System\iUlIZCt.exe
  2⤵
  PID:4560
- C:\Windows\System\KtXzQdr.exe
  C:\Windows\System\KtXzQdr.exe
  2⤵
  PID:868
- C:\Windows\System\ekdoZsa.exe
  C:\Windows\System\ekdoZsa.exe
  2⤵
  PID:4460
- C:\Windows\System\mdkqgjX.exe
  C:\Windows\System\mdkqgjX.exe
  2⤵
  PID:14876
- C:\Windows\System\FhzCydE.exe
  C:\Windows\System\FhzCydE.exe
  2⤵
  PID:14924
- C:\Windows\System\SFGCsUB.exe
  C:\Windows\System\SFGCsUB.exe
  2⤵
  PID:15008
- C:\Windows\System\cJGdjin.exe
  C:\Windows\System\cJGdjin.exe
  2⤵
  PID:4108
- C:\Windows\System\cEgKIzc.exe
  C:\Windows\System\cEgKIzc.exe
  2⤵
  PID:4280
- C:\Windows\System\JqIvvhW.exe
  C:\Windows\System\JqIvvhW.exe
  2⤵
  PID:15020
- C:\Windows\System\sZuQqnv.exe
  C:\Windows\System\sZuQqnv.exe
  2⤵
  PID:15324
- C:\Windows\System\tuiUacP.exe
  C:\Windows\System\tuiUacP.exe
  2⤵
  PID:15072
- C:\Windows\System\nMOZNQn.exe
  C:\Windows\System\nMOZNQn.exe
  2⤵
  PID:4548
- C:\Windows\System\djegpyJ.exe
  C:\Windows\System\djegpyJ.exe
  2⤵
  PID:776
- C:\Windows\System\VWNwyqJ.exe
  C:\Windows\System\VWNwyqJ.exe
  2⤵
  PID:15160
- C:\Windows\System\dTPTlOE.exe
  C:\Windows\System\dTPTlOE.exe
  2⤵
  PID:13436
- C:\Windows\System\NlGJfan.exe
  C:\Windows\System\NlGJfan.exe
  2⤵
  PID:14532
- C:\Windows\System\lTceIfX.exe
  C:\Windows\System\lTceIfX.exe
  2⤵
  PID:14688
- C:\Windows\System\jjIIvMr.exe
  C:\Windows\System\jjIIvMr.exe
  2⤵
  PID:14736
- C:\Windows\System\syDZcjU.exe
  C:\Windows\System\syDZcjU.exe
  2⤵
  PID:14768
- C:\Windows\System\nVJkolv.exe
  C:\Windows\System\nVJkolv.exe
  2⤵
  PID:3856
- C:\Windows\System\cJfrQVG.exe
  C:\Windows\System\cJfrQVG.exe
  2⤵
  PID:14548
- C:\Windows\System\MOahJMY.exe
  C:\Windows\System\MOahJMY.exe
  2⤵
  PID:704
- C:\Windows\System\xIzJmRd.exe
  C:\Windows\System\xIzJmRd.exe
  2⤵
  PID:5084
- C:\Windows\System\lnxLQDe.exe
  C:\Windows\System\lnxLQDe.exe
  2⤵
  PID:2960
- C:\Windows\System\ciijiVv.exe
  C:\Windows\System\ciijiVv.exe
  2⤵
  PID:1984
- C:\Windows\System\pKFBQBu.exe
  C:\Windows\System\pKFBQBu.exe
  2⤵
  PID:4148
- C:\Windows\System\DdynHlr.exe
  C:\Windows\System\DdynHlr.exe
  2⤵
  PID:14836
- C:\Windows\System\hmRnnne.exe
  C:\Windows\System\hmRnnne.exe
  2⤵
  PID:2180
- C:\Windows\System\JjWjAco.exe
  C:\Windows\System\JjWjAco.exe
  2⤵
  PID:2296
- C:\Windows\System\eVDMQAA.exe
  C:\Windows\System\eVDMQAA.exe
  2⤵
  PID:4612
- C:\Windows\System\PjrVhOE.exe
  C:\Windows\System\PjrVhOE.exe
  2⤵
  PID:2160
- C:\Windows\System\oaGYmpw.exe
  C:\Windows\System\oaGYmpw.exe
  2⤵
  PID:3128
- C:\Windows\System\fWPufoI.exe
  C:\Windows\System\fWPufoI.exe
  2⤵
  PID:15204
- C:\Windows\System\NubSYUk.exe
  C:\Windows\System\NubSYUk.exe
  2⤵
  PID:15352
- C:\Windows\System\ydpEYZO.exe
  C:\Windows\System\ydpEYZO.exe
  2⤵
  PID:14544
- C:\Windows\System\xQqDqCS.exe
  C:\Windows\System\xQqDqCS.exe
  2⤵
  PID:920
- C:\Windows\System\SATAaUR.exe
  C:\Windows\System\SATAaUR.exe
  2⤵
  PID:14684
- C:\Windows\System\FulVQVb.exe
  C:\Windows\System\FulVQVb.exe
  2⤵
  PID:5068
- C:\Windows\System\GEWcKQv.exe
  C:\Windows\System\GEWcKQv.exe
  2⤵
  PID:1244
- C:\Windows\System\jBcnyqH.exe
  C:\Windows\System\jBcnyqH.exe
  2⤵
  PID:14668
- C:\Windows\System\VKwiCmk.exe
  C:\Windows\System\VKwiCmk.exe
  2⤵
  PID:14660
- C:\Windows\System\IewuHEj.exe
  C:\Windows\System\IewuHEj.exe
  2⤵
  PID:14120
- C:\Windows\System\FzcJDPF.exe
  C:\Windows\System\FzcJDPF.exe
  2⤵
  PID:1080
- C:\Windows\System\ONSyyGh.exe
  C:\Windows\System\ONSyyGh.exe
  2⤵
  PID:592
- C:\Windows\System\KoJGONm.exe
  C:\Windows\System\KoJGONm.exe
  2⤵
  PID:3116
- C:\Windows\System\APlDfWf.exe
  C:\Windows\System\APlDfWf.exe
  2⤵
  PID:4608
- C:\Windows\System\pswWCTr.exe
  C:\Windows\System\pswWCTr.exe
  2⤵
  PID:14816
- C:\Windows\System\BknznzG.exe
  C:\Windows\System\BknznzG.exe
  2⤵
  PID:14672
- C:\Windows\System\npySbRi.exe
  C:\Windows\System\npySbRi.exe
  2⤵
  PID:1356
- C:\Windows\System\ztclsXm.exe
  C:\Windows\System\ztclsXm.exe
  2⤵
  PID:7204
- C:\Windows\System\uFYNhYK.exe
  C:\Windows\System\uFYNhYK.exe
  2⤵
  PID:7404
- C:\Windows\System\TQJQeqi.exe
  C:\Windows\System\TQJQeqi.exe
  2⤵
  PID:7452
- C:\Windows\System\CiMQFUN.exe
  C:\Windows\System\CiMQFUN.exe
  2⤵
  PID:7664
- C:\Windows\System\RmdHFYg.exe
  C:\Windows\System\RmdHFYg.exe
  2⤵
  PID:7672
- C:\Windows\System\sGpZpOs.exe
  C:\Windows\System\sGpZpOs.exe
  2⤵
  PID:8072
- C:\Windows\System\eyqMvVw.exe
  C:\Windows\System\eyqMvVw.exe
  2⤵
  PID:8076
- C:\Windows\System\WgejlCG.exe
  C:\Windows\System\WgejlCG.exe
  2⤵
  PID:8160
- C:\Windows\System\YjcwNsY.exe
  C:\Windows\System\YjcwNsY.exe
  2⤵
  PID:7692
- C:\Windows\System\fMphTrS.exe
  C:\Windows\System\fMphTrS.exe
  2⤵
  PID:8216
- C:\Windows\System\oHSBAje.exe
  C:\Windows\System\oHSBAje.exe
  2⤵
  PID:8260
- C:\Windows\System\APYfPaO.exe
  C:\Windows\System\APYfPaO.exe
  2⤵
  PID:7892
- C:\Windows\System\HtNRSqt.exe
  C:\Windows\System\HtNRSqt.exe
  2⤵
  PID:8340
- C:\Windows\System\VjnXqdj.exe
  C:\Windows\System\VjnXqdj.exe
  2⤵
  PID:8424
- C:\Windows\System\OZFEnzW.exe
  C:\Windows\System\OZFEnzW.exe
  2⤵
  PID:8528
- C:\Windows\System\GrMzpCA.exe
  C:\Windows\System\GrMzpCA.exe
  2⤵
  PID:6404
- C:\Windows\System\sGAHCoi.exe
  C:\Windows\System\sGAHCoi.exe
  2⤵
  PID:6916
- C:\Windows\System\AGItHRA.exe
  C:\Windows\System\AGItHRA.exe
  2⤵
  PID:7224
- C:\Windows\System\vHerCwb.exe
  C:\Windows\System\vHerCwb.exe
  2⤵
  PID:8296
- C:\Windows\System\jzsCWCK.exe
  C:\Windows\System\jzsCWCK.exe
  2⤵
  PID:3776
- C:\Windows\System\fpHcQCP.exe
  C:\Windows\System\fpHcQCP.exe
  2⤵
  PID:4936
- C:\Windows\System\DgfyqFr.exe
  C:\Windows\System\DgfyqFr.exe
  2⤵
  PID:4584
- C:\Windows\System\oZnNzIt.exe
  C:\Windows\System\oZnNzIt.exe
  2⤵
  PID:208
- C:\Windows\System\mYHpIpg.exe
  C:\Windows\System\mYHpIpg.exe
  2⤵
  PID:1412
- C:\Windows\System\bHebhiP.exe
  C:\Windows\System\bHebhiP.exe
  2⤵
  PID:4468
- C:\Windows\System\vMgwcay.exe
  C:\Windows\System\vMgwcay.exe
  2⤵
  PID:4040
- C:\Windows\System\DXKRUkx.exe
  C:\Windows\System\DXKRUkx.exe
  2⤵
  PID:3696
- C:\Windows\System\GUGPlGn.exe
  C:\Windows\System\GUGPlGn.exe
  2⤵
  PID:1752
- C:\Windows\System\QBQgWpy.exe
  C:\Windows\System\QBQgWpy.exe
  2⤵
  PID:452
- C:\Windows\System\BPrFNEm.exe
  C:\Windows\System\BPrFNEm.exe
  2⤵
  PID:2608
- C:\Windows\System\fklyfvI.exe
  C:\Windows\System\fklyfvI.exe
  2⤵
  PID:3104
- C:\Windows\System\NnfwfsW.exe
  C:\Windows\System\NnfwfsW.exe
  2⤵
  PID:2792
- C:\Windows\System\MOYPYTg.exe
  C:\Windows\System\MOYPYTg.exe
  2⤵
  PID:2036
- C:\Windows\System\JFOigFJ.exe
  C:\Windows\System\JFOigFJ.exe
  2⤵
  PID:1884
- C:\Windows\System\lDKOJfo.exe
  C:\Windows\System\lDKOJfo.exe
  2⤵
  PID:5072
- C:\Windows\System\tsSvKok.exe
  C:\Windows\System\tsSvKok.exe
  2⤵
  PID:14956
- C:\Windows\System\yIaqksk.exe
  C:\Windows\System\yIaqksk.exe
  2⤵
  PID:4572
- C:\Windows\System\kVKfEzG.exe
  C:\Windows\System\kVKfEzG.exe
  2⤵
  PID:376
- C:\Windows\System\IAGjMMv.exe
  C:\Windows\System\IAGjMMv.exe
  2⤵
  PID:1344
- C:\Windows\System\SNDINaV.exe
  C:\Windows\System\SNDINaV.exe
  2⤵
  PID:3092
- C:\Windows\System\FUsRcMs.exe
  C:\Windows\System\FUsRcMs.exe
  2⤵
  PID:448
- C:\Windows\System\sEXleYm.exe
  C:\Windows\System\sEXleYm.exe
  2⤵
  PID:1476
- C:\Windows\System\futCzVD.exe
  C:\Windows\System\futCzVD.exe
  2⤵
  PID:3456
- C:\Windows\System\EmeIRJN.exe
  C:\Windows\System\EmeIRJN.exe
  2⤵
  PID:15120
- C:\Windows\System\khgiywl.exe
  C:\Windows\System\khgiywl.exe
  2⤵
  PID:1092
- C:\Windows\System\EbPMxxU.exe
  C:\Windows\System\EbPMxxU.exe
  2⤵
  PID:13452
- C:\Windows\System\qRbPQfC.exe
  C:\Windows\System\qRbPQfC.exe
  2⤵
  PID:13468
- C:\Windows\System\rmWczwD.exe
  C:\Windows\System\rmWczwD.exe
  2⤵
  PID:14376
- C:\Windows\System\GFWyjLz.exe
  C:\Windows\System\GFWyjLz.exe
  2⤵
  PID:2624
- C:\Windows\System\QSfVTNs.exe
  C:\Windows\System\QSfVTNs.exe
  2⤵
  PID:14444
- C:\Windows\System\OwBYhiI.exe
  C:\Windows\System\OwBYhiI.exe
  2⤵
  PID:7180
- C:\Windows\System\UIcsNsp.exe
  C:\Windows\System\UIcsNsp.exe
  2⤵
  PID:7428
- C:\Windows\System\HgGmJBp.exe
  C:\Windows\System\HgGmJBp.exe
  2⤵
  PID:7548
- C:\Windows\System\bftsZIc.exe
  C:\Windows\System\bftsZIc.exe
  2⤵
  PID:7608

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:15060

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:14364

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:14836

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:14832

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:14888

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:14908

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:14940

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:14976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hm4dgnls.igt.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\CqIoUMI.exe

Filesize
8B

MD5
7844449f1717b2590e53c215fcf07352

SHA1
79d0c9d199e3401234813cacf5dd2de0f53d76f4

SHA256
d54f9b9a769720c875f9b7152a74884a4a9e5a4d80da35d3f847cb8b30b14f4d

SHA512
08987ef45e3b930599e24a17bad53cfff0dadf3651ece3e5b0469612e6c0a9a6cc61ef278c49c769a425e8c5349976b197865ce68d78055e84972e2fe8a0851c

Download Submit
C:\Windows\System\CzaaRYC.exe

Filesize
2.4MB

MD5
9cfb94b4a118dbc70fe8fe036396f1fa

SHA1
93eb24b17e96bdd753f338f86eb882c5481acad8

SHA256
5c5b112939c954a6f317bd5d11d1378a62da3ce3d2d8b06e01608d8250f7aff5

SHA512
f362c208c00362c5c69fb0266a316c578a5e6ee94fd667f2b4799b91007ea34dec0be50a1109e9fc5afa90d7a44c22fe1d97ad0c49bba8d86df75bbf8bb268d5

Download Submit
C:\Windows\System\EyfVSKf.exe

Filesize
2.4MB

MD5
fafdbc67167e5d8c220cc41450276ce7

SHA1
b35d011011a1f3f8dbaa7424fe7e007289fd8d4c

SHA256
6390a75fce9ac59941bf1afbe7677c7d829a685a18f84fef4becd484c1f32066

SHA512
11323f203958db069e1d6065d063f669f84c89f731e19c49f5e49468761ef01fb445d2ec6254edff46575273f2d0b773cb4cf1de07d74e549ab032e1b0de0429

Download Submit
C:\Windows\System\GGesdqv.exe

Filesize
2.4MB

MD5
4717ffecc7d7a347dff71e74e9833533

SHA1
676eb392bb291006c46129387b395d06b15f0adc

SHA256
fb71d1b2f1eb9366b1ce754ddd5a4b2968d995e6f0b38c01d9fec01dbb8ede59

SHA512
4d0febcb462d00210a3b3fd3b3e8bb1af11f5ff38eb8a21be1212bb37c002d2844e1f21af328810df8cc56c8ea608e4668e2b7bab86a63f2598c8d7ccb4d4af2

Download Submit
C:\Windows\System\IjxSNhy.exe

Filesize
2.4MB

MD5
6c1bcbb6e19eadd16ce29a82c163fe67

SHA1
e45192b4d793b5079593c2d7b95336a6b811af61

SHA256
272ab9b2ed918d35ba77555ac7be6e40fa0f68af8f6fe60c101f47500ca67698

SHA512
04a9bb08cd7bbd5a65d36bd45aa4967342071daeffe6cea0302610c5e18f292f0a80e6e7a5b9c8bc41d6b05cd9d8cb19dd9cacf00b12b013d4359e1c8280e867

Download Submit
C:\Windows\System\LGmCfOq.exe

Filesize
2.4MB

MD5
7866903006d8c0d01bee52b09801391f

SHA1
d7b3870d4c17ebde2994bb3a54e0667e099c944f

SHA256
b80f8a4e6f148136fe3ffc4e182f27ea7fdb92f2872d64fd60efc197080d4d33

SHA512
a559d9fc7d39370894fc883783182a3dd49ab2c62d4e88b0239b22eb635a31e8f27df458401c6659e8a78a6a0448ea792e9128083c3fee4c9e01f293f779d83f

Download Submit
C:\Windows\System\MORYdNp.exe

Filesize
2.4MB

MD5
6c03874a114582419231d4ddf566d829

SHA1
d0987652cc3634082a01ab59e674c5ef7cd3a0c4

SHA256
0a95921469e3a94f75882f2640b8fbec99f68dc120b01b204f672db97e26a58c

SHA512
e949ca96c164e8cc63c04497dfe473027410774dad600b7b362ca4202b1759a999e42ebf70d07f0223983a44a2933ef4bcf28a4f24d6dcc70ed3eac00a2fe66c

Download Submit
C:\Windows\System\MwKplNN.exe

Filesize
2.4MB

MD5
8b7e7cd067de700e11128b94afd9b786

SHA1
fa08f0d5a73d976d9b598970fe6f97efa06562b1

SHA256
485e08efa0dca508f5f80768f2cba771129f4a27411f891a97ddce3693929898

SHA512
c3ba880cc558e32d474f1dc9bbf515e370d047801c7cd58c31fd0ee4066de90b2cc6106fd3e9d00380adc4df353023d37ede7ec379a10caea404fdcfe7fcbc96

Download Submit
C:\Windows\System\QCZgXSE.exe

Filesize
2.4MB

MD5
00faf1233567beb96c59db83e6a318cf

SHA1
7dac9f856353f5074c28bb572b71b54fda025164

SHA256
aa6d75e2b98174eed09c7d899704d7090c72e762ff844d6dd962338423f11410

SHA512
49d88faee910a286d057adbb732db311e9af74ea4117e67e29227b8361534528c27ca4199efa9779c8443489ecbbbd797009e27f1218f5649ec5c3a4a5ef3c5a

Download Submit
C:\Windows\System\QsjZirJ.exe

Filesize
2.4MB

MD5
5a14b43de129de612c4fa754e138f010

SHA1
b726aebfd05d4fd4c1652b923af0004f0cf5bfcb

SHA256
410f6341876e2107e72a34ab056c21465a05c112515d8f04451177e1dedb57e1

SHA512
a5443de0789452099454273599bc3ee97afddc175df873c0271da32675f111de7ff9769cd6c7aaa117cb200ad03ac3acb665dae7a7000712415a3f8a1bd4f8c0

Download Submit
C:\Windows\System\RQyjoKf.exe

Filesize
2.4MB

MD5
428a335ade2f5e99ee6e8ad1e5126264

SHA1
a5ffc6a2ecbeeaa425c03d4fa8452ac6f9bc92ff

SHA256
920b51413609fc4d4fa7335c4ed6c2f937ca9e9eb8cfcdfb6c01a49cfdd37035

SHA512
1d75579e1b7dbb25fe70df552147a8d29f27ff4caf37907c3358d9c021c4a3cb1397b20b80fac8738aca2901e57f86267ed6b44bd13e525698cf7cf37f02a044

Download Submit
C:\Windows\System\SLFmsDB.exe

Filesize
2.4MB

MD5
3932e2619f816729620b6e43f268b27b

SHA1
be948b43a21c9c6887a41c150f0d1c6932214400

SHA256
29b06c27f8b95c3b0fd1b65a60e2d23fae43d30fddf35e64d54a87eed13832d4

SHA512
63beda0b266aa05d7d71e472fb386287b729362c72f9c887f7785f9781b3f1b185bed48dd4d58a71711f39e819423ab30925f236a07663bcf93b8ebf07031bdc

Download Submit
C:\Windows\System\TcAfUBh.exe

Filesize
2.4MB

MD5
68ea0d3cfa14d45535d1e6433d0225b8

SHA1
0cb3ca8622f8621eddd07af8e74010bcd0d3462f

SHA256
e79057d9181e11d01956fc6c889ac3035ac2ff32bc1775da2ec66acc7b639f02

SHA512
19421d39099931c8cd4e19c350067e0fb48d70cf6f7c44dc5854af14f8f6619c27c82f4bb730a28aa86d1ba55a3edfbd7dce55907f85f4735f23b85c9ecf5fd5

Download Submit
C:\Windows\System\VYLpJhE.exe

Filesize
2.4MB

MD5
7def911af6f75caa3e519ad7453a72c9

SHA1
cd270266ceb95c47a4d4f9e718419a6ee86caafb

SHA256
6387985df3dccc1bce072f872c89caf2f28f9b9c405c5410baf1561d34b15ce9

SHA512
a51c7592b2fc72ccea8a4ec6c759342b6511793b479dfa7b6959fd86e328b0a6116a65142835e6e25a6721f0b09beec07275db60b00bd9802e8148f76f4b015b

Download Submit
C:\Windows\System\VcNmrpK.exe

Filesize
2.4MB

MD5
4f85a1fe22bf292ef50483736b7fac49

SHA1
1961bcb81adf1bfd8ebf5c601961d266ee9de600

SHA256
cbb3c9edcd509bce80773b5ce48805736a6bbb91dcd97b0eb8113e33788d6bc8

SHA512
0c97f2388087168be046e282e4f87dfb730577682c232a9e50c514e8a1dceae864674948b333c8c32e570f3f4eb5bc6c26cdc2232ed0225366d9779a58f9a0c7

Download Submit
C:\Windows\System\WKWkQIz.exe

Filesize
2.4MB

MD5
f42747ed9e8b34dbe9c17c070a6d49a9

SHA1
4809e69340d686506011a2b3e0ada06795f55fa8

SHA256
c8b0770a3237d458a2059425aa225361e616fa0f8c18a2ecef051138341df0d2

SHA512
977430a92315ea41a2d75000f3e68d267859277f27547e7155d1d13cdfd5c37aa62f73107b654782fa7cf6442e81ae65b3de1961324c95cbc21977fa75dbbd69

Download Submit
C:\Windows\System\Wupukrx.exe

Filesize
2.4MB

MD5
3c6ba72abad760e4edb7358c7ab1345c

SHA1
24b928ee204441767cf64e5688f59122f9597b55

SHA256
1e309edaff5d46d24f929ac4961a32e93786cd300df7379410b9f30e796a004f

SHA512
acf7423bc79af1d55382975424495c0f650ceda465e960c681529c08ba42cfa888f6d74834d0b7e9a652bcaf8b651881b9fe6e139aade3ea96a7ad3645d0e2d9

Download Submit
C:\Windows\System\YuoHpPj.exe

Filesize
2.4MB

MD5
7d651525ec70cffeb83a116d08c8149b

SHA1
21e6b51b57a7f01dd39e19cab27666fa5b615a22

SHA256
2a0a928f431721440ca0daa0c27d8aa5272fca41f85a889a21760b423670a6f1

SHA512
283f18944d748861a53dcd70e00d8299618ef744f744e663b3534e0e8c2592bcd6b248eb4ce5f025d814fb2f16200b98f51099887033bc77b39ee608232fb884

Download Submit
C:\Windows\System\cOPhBes.exe

Filesize
2.4MB

MD5
40132816201dd71b16f8fdd8596d0071

SHA1
731984747f73503fbc52fdab614af9de9916dadb

SHA256
0f2eaab8c9c4a7245a7fe155887b88532bb539d3ce12d49bbcc0f8feab8aaba2

SHA512
e1061b75787220c6011e7924742d98c00da69f6ddaa5f6fe8babca9e515cfb2d9a1e915dbcde1d9184dac42684f2f95f7f0cc8830262d45edc85b9cdac3c068f

Download Submit
C:\Windows\System\chqshen.exe

Filesize
2.4MB

MD5
4cc86b9bf2f19de1150b1fb4ad7b0dca

SHA1
2195aee1326be4ab385cf0295418b11609467f6f

SHA256
1e4fd90eabc564df184021445a711f7fdfecbd7c2af240528154fa7b3fac7457

SHA512
a2675780c26c20aac4d3a15ef4b74714873b7fbe17a50f73b5e21b06e8d13ae1b9bb513c18afccef36bf55e35e56df2db291c25c8dbc036e9e82c2cb98ddbbed

Download Submit
C:\Windows\System\dkgKYal.exe

Filesize
2.4MB

MD5
aaea29ef57d3fc7d23a53849fa65e42a

SHA1
f6b41a1d6b8ed3d646b855f26bc587dc2f6df97c

SHA256
49507d996a7b89158b5dc8277d06b582d19211dcd19c6a1d8802df9363cdf03c

SHA512
2978be82a1fbb931e0f635b7dc7c59a6719205362680959544aa6e1ab71a417c238bfe659f0f970c1c99992d041e26a5fe62db8e124f9d2ad0e1583b73fdc04b

Download Submit
C:\Windows\System\dkwjmfu.exe

Filesize
2.4MB

MD5
8626d3e0120d987cb353ee7e6b7aed0f

SHA1
f31c63af1cb26b2d48cb750d6133fd742304e5bd

SHA256
e72d5ea2608acfa037e751a58203a50ff48a5a53ed420ab6697e2625f9286762

SHA512
4537f350135d41577eab634cc5160019a7ed6058f4dee4185103d8b303f8e7f26adcbcd7851b7f4942aaa96e70867d1de38d95c9d0bc6e5a160bf686df5c165b

Download Submit
C:\Windows\System\dpHkUYf.exe

Filesize
2.4MB

MD5
3fbcb5db798ade5c9c8b2c3313de9a83

SHA1
9e0c060e859e95b77e770072c7eaf81b892025b3

SHA256
df97f6cef1879379f13d553e886023dc89310253e9c86650ff5fb646bdc9a6bb

SHA512
ac4f5e6611069f07ca1dae9caa565ccdef491bb0a9ee5ff0f128f315e523971534d14ea2692fb8d1669edf0136a101718c9f10dd322f9e42693497fa09f2cc6c

Download Submit
C:\Windows\System\fAKuEHZ.exe

Filesize
2.4MB

MD5
b0a48d498a1fd532cfbc2f2aaf083ac9

SHA1
65667268a14291cffd475bcba3422aaafce2e5fe

SHA256
de97db609a6ac621bb730d20023bfa592f676d22c7a6fcf04b987363c0559190

SHA512
97228fd74d4bb12ad426e7f9c5af4f6863bb3a3b4bc137d70120e42d5be3a5c2263d2c8621da146b1f0ccbeb684b2124b10adb4a036f381aa7516ea0a0b4459f

Download Submit
C:\Windows\System\fSuCAyd.exe

Filesize
2.4MB

MD5
1dde6588cc2a725d7f9d1637cc53238d

SHA1
1031a284305e66e14448de1f0f6574cb8ca8965d

SHA256
0b01cf64dcbd017a3be88e4f329cafc07889aa668d48c191b5530ae9c60242d0

SHA512
6a422e60c447bb16df0847d9e4c5ec55b6ba6a9b64e68d125c17ec40f6c121e57de5bf49c1f657485fb2b57af02f485817aca457df2e97fc11458d21de03e4f4

Download Submit
C:\Windows\System\hEctZcK.exe

Filesize
2.4MB

MD5
b26227e1023d5bc417e73973e582aa7a

SHA1
7da2e9f0c58ed400e48ad882bc520685887c70ef

SHA256
03845ecb4bd11c0ce977f2c65aa830bdae744cb3088acdd58522efeed1b6236b

SHA512
949110f07b44a71af1b21dab26d8a2414df75bddb38a9c811f92b8a4cce57228a85adfdfb327175b67fe23bc50d66acad0e57a9eae38ebfa6f8062a5dbdf524c

Download Submit
C:\Windows\System\htbpOau.exe

Filesize
2.4MB

MD5
b3a90ddb984f5ca3a895c4aa3c993be6

SHA1
39e99b8703a5534a060e14cd2adcafa5e3520847

SHA256
a7bc9b14efe92648b83c22f3c30810e0ed59740536a64792dae7fad50b5b40d1

SHA512
3f3674a382ee7ade05256b14d4204b62507c83540016fe1821364eb1a1c00bddda9da0a49028d5831912fe066b882fe1e65ef67e6c46b6449ae8e16e1d7f3457

Download Submit
C:\Windows\System\lfLjlGT.exe

Filesize
2.4MB

MD5
75d1f921a35f6e55e7b28b8c2ff554c4

SHA1
f193c0c8662f3958ce9151c1d7853db8d61209a9

SHA256
e04b3ad5626067a70c9e0cdf62f5a9636de24a78c95535483ca1cfc947bbe4d7

SHA512
eb33d5522b3098390e8eac3544aafe1a41489e9bd5c77bc0582e3fa00a95daa75b4d787f12070b6866c873bb592b5a9e4a1ae8c0eedce4ab93f8a5c41123d5a6

Download Submit
C:\Windows\System\mqFFAwi.exe

Filesize
2.4MB

MD5
3f61612b407aa9cbad0eca2cabca9864

SHA1
37f12c482c8d01c1e592d7b2f153c945878f6a36

SHA256
30857664e3bedbb624c01c9c6a45123e84ceb439bfd883ee05863b53594f07ac

SHA512
dc41cde8c5def0bcff9d46a357648fa0a321bf057da9ba546f84c217be57410f29b2bafce09b7452af6b0cc43824caf1edfd485da6492455caba4a64429c49b3

Download Submit
C:\Windows\System\nWmAOZk.exe

Filesize
2.4MB

MD5
a37f043704eb48d35d9fbc4f32f31401

SHA1
3d2177c253809e1bf593acd1dc352250ba4b1eb8

SHA256
1a1ff16b2d89585a97132e356e4636852c690ae1fee41c9887ad67ec85c98c0b

SHA512
6bb7f81f359804e7669239054caf43fdbb02e2e24ec15a95132fa0a4797fa00e85a83425bd44b8097e3c1951c816f445bdb0eefcd0789e4302c1a6841fe08467

Download Submit
C:\Windows\System\pqBGnuQ.exe

Filesize
2.4MB

MD5
090a2ac5a2524bd7b7174c5d0b570749

SHA1
f39e64ffc3869cf8d3301494d953098f4e3c487f

SHA256
a93403041d05307ee9f583bb6eaeb88490e449bccc85893d58626c827b6fc8d3

SHA512
a839c8da4a4bddc6c4d844d965b062b32066c9e8739f91fecb5acf38ae144f685890986073558a6a18e41043855afa585357aab377080ad9f45075df5b7dd69d

Download Submit
C:\Windows\System\psMRyHQ.exe

Filesize
2.4MB

MD5
2cdbb3ed52fbc3920efa82f112736b9d

SHA1
19c73b2af6e952eaafce6170186c2da8f4373068

SHA256
cfd0eb7cd0f45cda8b9cbc06cd8134bfc3b8cf11500ef2812dd26b60a2e4ccb5

SHA512
9b36b1749d435ffd0ab16511950fcbb36467aaf48d5f01ad66c5835f7280123547dfe612385139564602e2f75ba03c101bd425511693ce548b72ec896a082888

Download Submit
C:\Windows\System\rxkdSkB.exe

Filesize
2.4MB

MD5
b6c35070781ba8692a7ba120afa49c97

SHA1
3a31552a93a06ed3d73fdd54413d8127553a3387

SHA256
f7df0b8057dd4f00791f1133470fddc77ee007f369d829e0d550a8198cd98990

SHA512
beae6b0b5eb32e1bc8fd8c49b164a6e60c9c3575e19b2c15093fdd4588150f56ea20ce035e773699ccef5725a9363d3409f62eaee284a4b862decba9ed3460ef

Download Submit
C:\Windows\System\stXiwRs.exe

Filesize
2.4MB

MD5
852d852029143af4ca0cc6af6722b8f4

SHA1
03768d4846c7a5f6a441143c0ef2e446974a1725

SHA256
0fcf74fe0ca63b0099cb3151b8c5f671a73aaee9c74ad79c3ea935ca7d496795

SHA512
2e5e87dcea5ed6ba7556f3c6086a39c6f6ecb1056aa8db8442c1a2e4fecfb92c64624604e68512f8f84ea50a2ca91a614e638461d261d329ce7bdee2c4d97b2c

Download Submit
C:\Windows\System\wEiWbAC.exe

Filesize
2.4MB

MD5
a26b51100a8bf7b3e3fb95ad3b3fe934

SHA1
1a3fda756dca5f49995bd36b8c0059dc5c86002c

SHA256
fe63e852f9cab54fac4613ddf59b32c32fcbd44841b8ad6afdd5ac3647a995a2

SHA512
fde5ba462211cb83755c03cfe10caf2ba5bfe04340065de3f8cbef57b0fa09eb6ac00200a7bb49c82fc3a74e8adb5edcd213fcea596e9554cb66bd54eb4101e4

Download Submit
C:\Windows\System\yJsWhyP.exe

Filesize
2.4MB

MD5
fbebb649bd266cb743717365d74c310c

SHA1
a54bf1e852f21d915229a5e83e4e997cfd53e020

SHA256
9164800e6a076d29043c00d4130dd075b5682f7a76184a5b40f0dee932e73697

SHA512
af40a81492ab6f194bae163d95482ff99a289575f888a3a4ebcfa1810236bd61be6495d7e10b055d4e6d0551b4488168c856cf40ea4104d29a74d5690d17844e

Download Submit
C:\Windows\System\yzQgovT.exe

Filesize
2.4MB

MD5
61f3c2e84f429c16283d2dba32caf3ce

SHA1
ca5f602e25f189750a75810d241c2ca8c0149f17

SHA256
77cabe9dc93fa6c6971b77c56d3627b927100baefa95b99317bb7d0abc3182d7

SHA512
428d4b9b1c4269ee67eaf84266cea686181bea2213233f81e0bdd687d0af248062ee9289bdbff4043f7590f1b63d169a0f100e475928b94eec521befaed8e744

Download Submit
memory/264-4219-0x00007FF7F28E0000-0x00007FF7F2CD2000-memory.dmp

Filesize
3.9MB

Download
memory/264-222-0x00007FF7F28E0000-0x00007FF7F2CD2000-memory.dmp

Filesize
3.9MB

Download
memory/372-4250-0x00007FF679B20000-0x00007FF679F12000-memory.dmp

Filesize
3.9MB

Download
memory/372-260-0x00007FF679B20000-0x00007FF679F12000-memory.dmp

Filesize
3.9MB

Download
memory/416-4213-0x00007FF6F7EC0000-0x00007FF6F82B2000-memory.dmp

Filesize
3.9MB

Download
memory/416-221-0x00007FF6F7EC0000-0x00007FF6F82B2000-memory.dmp

Filesize
3.9MB

Download
memory/440-229-0x00007FF7AC110000-0x00007FF7AC502000-memory.dmp

Filesize
3.9MB

Download
memory/440-4211-0x00007FF7AC110000-0x00007FF7AC502000-memory.dmp

Filesize
3.9MB

Download
memory/636-92-0x000001236F460000-0x000001236F482000-memory.dmp

Filesize
136KB

Download
memory/636-263-0x00007FFC6CE00000-0x00007FFC6D8C1000-memory.dmp

Filesize
10.8MB

Download
memory/636-6-0x00007FFC6CE03000-0x00007FFC6CE05000-memory.dmp

Filesize
8KB

Download
memory/636-67-0x00007FFC6CE00000-0x00007FFC6D8C1000-memory.dmp

Filesize
10.8MB

Download
memory/764-265-0x00007FF65B7D0000-0x00007FF65BBC2000-memory.dmp

Filesize
3.9MB

Download
memory/764-4190-0x00007FF65B7D0000-0x00007FF65BBC2000-memory.dmp

Filesize
3.9MB

Download
memory/856-219-0x00007FF704AF0000-0x00007FF704EE2000-memory.dmp

Filesize
3.9MB

Download
memory/856-4204-0x00007FF704AF0000-0x00007FF704EE2000-memory.dmp

Filesize
3.9MB

Download
memory/1048-4180-0x00007FF647C20000-0x00007FF648012000-memory.dmp

Filesize
3.9MB

Download
memory/1048-146-0x00007FF647C20000-0x00007FF648012000-memory.dmp

Filesize
3.9MB

Download
memory/1236-4217-0x00007FF716D90000-0x00007FF717182000-memory.dmp

Filesize
3.9MB

Download
memory/1236-200-0x00007FF716D90000-0x00007FF717182000-memory.dmp

Filesize
3.9MB

Download
memory/1240-261-0x00007FF6F1C50000-0x00007FF6F2042000-memory.dmp

Filesize
3.9MB

Download
memory/1240-4239-0x00007FF6F1C50000-0x00007FF6F2042000-memory.dmp

Filesize
3.9MB

Download
memory/1480-259-0x00007FF6992B0000-0x00007FF6996A2000-memory.dmp

Filesize
3.9MB

Download
memory/1480-4248-0x00007FF6992B0000-0x00007FF6996A2000-memory.dmp

Filesize
3.9MB

Download
memory/1492-174-0x00007FF74A420000-0x00007FF74A812000-memory.dmp

Filesize
3.9MB

Download
memory/1492-4188-0x00007FF74A420000-0x00007FF74A812000-memory.dmp

Filesize
3.9MB

Download
memory/1624-4164-0x00007FF7B63D0000-0x00007FF7B67C2000-memory.dmp

Filesize
3.9MB

Download
memory/1624-12-0x00007FF7B63D0000-0x00007FF7B67C2000-memory.dmp

Filesize
3.9MB

Download
memory/2884-230-0x00007FF7C4A10000-0x00007FF7C4E02000-memory.dmp

Filesize
3.9MB

Download
memory/2884-4207-0x00007FF7C4A10000-0x00007FF7C4E02000-memory.dmp

Filesize
3.9MB

Download
memory/2900-4176-0x00007FF7E8430000-0x00007FF7E8822000-memory.dmp

Filesize
3.9MB

Download
memory/2900-264-0x00007FF7E8430000-0x00007FF7E8822000-memory.dmp

Filesize
3.9MB

Download
memory/3032-4255-0x00007FF77BB30000-0x00007FF77BF22000-memory.dmp

Filesize
3.9MB

Download
memory/3032-267-0x00007FF77BB30000-0x00007FF77BF22000-memory.dmp

Filesize
3.9MB

Download
memory/3164-256-0x00007FF79AD10000-0x00007FF79B102000-memory.dmp

Filesize
3.9MB

Download
memory/3164-4236-0x00007FF79AD10000-0x00007FF79B102000-memory.dmp

Filesize
3.9MB

Download
memory/3672-262-0x00007FF704040000-0x00007FF704432000-memory.dmp

Filesize
3.9MB

Download
memory/3672-4263-0x00007FF704040000-0x00007FF704432000-memory.dmp

Filesize
3.9MB

Download
memory/3732-254-0x00007FF6099A0000-0x00007FF609D92000-memory.dmp

Filesize
3.9MB

Download
memory/3732-4230-0x00007FF6099A0000-0x00007FF609D92000-memory.dmp

Filesize
3.9MB

Download
memory/4328-257-0x00007FF7EEB00000-0x00007FF7EEEF2000-memory.dmp

Filesize
3.9MB

Download
memory/4328-4228-0x00007FF7EEB00000-0x00007FF7EEEF2000-memory.dmp

Filesize
3.9MB

Download
memory/4416-103-0x00007FF76CF40000-0x00007FF76D332000-memory.dmp

Filesize
3.9MB

Download
memory/4416-4183-0x00007FF76CF40000-0x00007FF76D332000-memory.dmp

Filesize
3.9MB

Download
memory/4528-4200-0x00007FF673330000-0x00007FF673722000-memory.dmp

Filesize
3.9MB

Download
memory/4528-201-0x00007FF673330000-0x00007FF673722000-memory.dmp

Filesize
3.9MB

Download
memory/4700-266-0x00007FF695760000-0x00007FF695B52000-memory.dmp

Filesize
3.9MB

Download
memory/4700-4258-0x00007FF695760000-0x00007FF695B52000-memory.dmp

Filesize
3.9MB

Download
memory/4728-0-0x00007FF672570000-0x00007FF672962000-memory.dmp

Filesize
3.9MB

Download
memory/4728-1-0x0000021A34A10000-0x0000021A34A20000-memory.dmp

Filesize
64KB

Download
memory/4728-4515-0x00007FF672570000-0x00007FF672962000-memory.dmp

Filesize
3.9MB

Download
memory/4728-4947-0x00007FF672570000-0x00007FF672962000-memory.dmp

Filesize
3.9MB

Download
memory/4916-4244-0x00007FF794040000-0x00007FF794432000-memory.dmp

Filesize
3.9MB

Download
memory/4916-258-0x00007FF794040000-0x00007FF794432000-memory.dmp

Filesize
3.9MB

Download
memory/5076-4171-0x00007FF72DBD0000-0x00007FF72DFC2000-memory.dmp

Filesize
3.9MB

Download
memory/5076-22-0x00007FF72DBD0000-0x00007FF72DFC2000-memory.dmp

Filesize
3.9MB

Download