xmrig | eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c

Analysis

max time kernel
28s
max time network
139s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07-03-2024 00:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
Size

2.0MB
MD5

b6b64048870a55d5663c41312f096b74
SHA1

3c369556cde225d61e96fbb8159ab286f816256b
SHA256

eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c
SHA512

f7a0925e9f4fd47d3a2bf088bf206cc0e9a3d64229faa157806b0450df29bc176d03afb70cd92b1cc1c7e3d7c0ee49226608f56add99860624d85c031357bc81
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIQOYkZtg946MEI:BemTLkNdfE0pZrQ6

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral1/memory/772-0-0x000000013FE20000-0x0000000140174000-memory.dmp	UPX
behavioral1/files/0x000b000000015e66-3.dat	UPX
behavioral1/files/0x000a00000001634e-9.dat	UPX
behavioral1/memory/2832-13-0x000000013F780000-0x000000013FAD4000-memory.dmp	UPX
behavioral1/files/0x0007000000016b75-18.dat	UPX
behavioral1/files/0x000b000000015e66-11.dat	UPX
behavioral1/files/0x000a000000016453-8.dat	UPX
behavioral1/files/0x000a00000001634e-6.dat	UPX
behavioral1/files/0x0007000000016b75-21.dat	UPX
behavioral1/files/0x000a000000016453-23.dat	UPX
behavioral1/files/0x0007000000016c0a-28.dat	UPX
behavioral1/files/0x000a000000016453-14.dat	UPX
behavioral1/files/0x0007000000016c0a-30.dat	UPX
behavioral1/memory/2916-34-0x000000013F8B0000-0x000000013FC04000-memory.dmp	UPX
behavioral1/memory/2108-33-0x000000013FA10000-0x000000013FD64000-memory.dmp	UPX
behavioral1/files/0x0009000000016c8a-39.dat	UPX
behavioral1/files/0x0007000000016bf1-25.dat	UPX
behavioral1/files/0x0007000000016bf1-44.dat	UPX
behavioral1/files/0x0006000000016db0-50.dat	UPX
behavioral1/files/0x0006000000016fd6-60.dat	UPX
behavioral1/files/0x0006000000016fd6-57.dat	UPX
behavioral1/files/0x0006000000017219-65.dat	UPX
behavioral1/files/0x0006000000017219-67.dat	UPX
behavioral1/files/0x000500000001869e-74.dat	UPX
behavioral1/memory/2624-114-0x000000013FF80000-0x00000001402D4000-memory.dmp	UPX
behavioral1/files/0x0006000000016e48-116.dat	UPX
behavioral1/memory/2688-118-0x000000013F350000-0x000000013F6A4000-memory.dmp	UPX
behavioral1/files/0x0006000000016d57-112.dat	UPX
behavioral1/files/0x0006000000018b4d-110.dat	UPX
behavioral1/files/0x0006000000018ae5-87.dat	UPX
behavioral1/files/0x0006000000018b3d-97.dat	UPX
behavioral1/files/0x0006000000018b27-91.dat	UPX
behavioral1/files/0x0006000000018ae5-82.dat	UPX
behavioral1/files/0x0007000000016c12-35.dat	UPX
behavioral1/files/0x0006000000018b36-94.dat	UPX
behavioral1/files/0x0006000000018b6f-119.dat	UPX
behavioral1/memory/2540-122-0x000000013F960000-0x000000013FCB4000-memory.dmp	UPX
behavioral1/files/0x0006000000018b6f-135.dat	UPX
behavioral1/memory/2796-137-0x000000013F650000-0x000000013F9A4000-memory.dmp	UPX
behavioral1/memory/2456-144-0x000000013FC40000-0x000000013FF94000-memory.dmp	UPX
behavioral1/memory/1944-145-0x000000013F550000-0x000000013F8A4000-memory.dmp	UPX
behavioral1/memory/2516-146-0x000000013F3D0000-0x000000013F724000-memory.dmp	UPX
behavioral1/memory/1344-147-0x000000013FB20000-0x000000013FE74000-memory.dmp	UPX
behavioral1/files/0x0006000000018ba8-152.dat	UPX
behavioral1/files/0x0006000000018b9c-155.dat	UPX
behavioral1/memory/1584-151-0x000000013F950000-0x000000013FCA4000-memory.dmp	UPX
behavioral1/memory/2772-157-0x000000013F330000-0x000000013F684000-memory.dmp	UPX
behavioral1/memory/320-158-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	UPX
behavioral1/memory/2708-159-0x000000013F830000-0x000000013FB84000-memory.dmp	UPX
behavioral1/memory/2392-160-0x000000013F610000-0x000000013F964000-memory.dmp	UPX
behavioral1/memory/2800-161-0x000000013F760000-0x000000013FAB4000-memory.dmp	UPX
behavioral1/memory/2464-162-0x000000013FC40000-0x000000013FF94000-memory.dmp	UPX
behavioral1/memory/1800-163-0x000000013FB70000-0x000000013FEC4000-memory.dmp	UPX
behavioral1/memory/1792-164-0x000000013F650000-0x000000013F9A4000-memory.dmp	UPX
behavioral1/memory/2008-166-0x000000013F600000-0x000000013F954000-memory.dmp	UPX
behavioral1/memory/2776-165-0x000000013FBB0000-0x000000013FF04000-memory.dmp	UPX
behavioral1/memory/2920-168-0x000000013FCD0000-0x0000000140024000-memory.dmp	UPX
behavioral1/memory/2344-169-0x000000013F560000-0x000000013F8B4000-memory.dmp	UPX
behavioral1/memory/2044-167-0x000000013FF90000-0x00000001402E4000-memory.dmp	UPX
behavioral1/memory/324-170-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	UPX
behavioral1/memory/1660-173-0x000000013FF00000-0x0000000140254000-memory.dmp	UPX
behavioral1/memory/2412-171-0x000000013F6E0000-0x000000013FA34000-memory.dmp	UPX
behavioral1/files/0x00050000000192f8-189.dat	UPX
behavioral1/files/0x0005000000019302-193.dat	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/772-0-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/files/0x000b000000015e66-3.dat	xmrig
behavioral1/files/0x000a00000001634e-9.dat	xmrig
behavioral1/memory/2832-13-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016b75-18.dat	xmrig
behavioral1/files/0x000b000000015e66-11.dat	xmrig
behavioral1/files/0x000a000000016453-8.dat	xmrig
behavioral1/files/0x000a00000001634e-6.dat	xmrig
behavioral1/files/0x0007000000016b75-21.dat	xmrig
behavioral1/files/0x000a000000016453-23.dat	xmrig
behavioral1/files/0x0007000000016c0a-28.dat	xmrig
behavioral1/files/0x000a000000016453-14.dat	xmrig
behavioral1/files/0x0007000000016c0a-30.dat	xmrig
behavioral1/memory/2916-34-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/2108-33-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/files/0x0009000000016c8a-39.dat	xmrig
behavioral1/files/0x0007000000016bf1-25.dat	xmrig
behavioral1/files/0x0007000000016bf1-44.dat	xmrig
behavioral1/files/0x0006000000016db0-50.dat	xmrig
behavioral1/files/0x0006000000016fd6-60.dat	xmrig
behavioral1/files/0x0006000000016fd6-57.dat	xmrig
behavioral1/files/0x0006000000017219-65.dat	xmrig
behavioral1/files/0x0006000000017219-67.dat	xmrig
behavioral1/files/0x000500000001869e-74.dat	xmrig
behavioral1/memory/2624-114-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016e48-116.dat	xmrig
behavioral1/memory/2688-118-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d57-112.dat	xmrig
behavioral1/files/0x0006000000018b4d-110.dat	xmrig
behavioral1/files/0x0006000000018ae5-87.dat	xmrig
behavioral1/files/0x0006000000018b3d-97.dat	xmrig
behavioral1/files/0x0006000000018b27-91.dat	xmrig
behavioral1/files/0x0006000000018ae5-82.dat	xmrig
behavioral1/files/0x0007000000016c12-35.dat	xmrig
behavioral1/files/0x0006000000018b36-94.dat	xmrig
behavioral1/files/0x0006000000018b6f-119.dat	xmrig
behavioral1/memory/2540-122-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018b6f-135.dat	xmrig
behavioral1/memory/2796-137-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/memory/2456-144-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/1944-145-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/2516-146-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/1344-147-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/files/0x0006000000018ba8-152.dat	xmrig
behavioral1/files/0x0006000000018b9c-155.dat	xmrig
behavioral1/memory/1584-151-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2772-157-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/320-158-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/2708-159-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/2392-160-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2800-161-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/2464-162-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/1800-163-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/1792-164-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/memory/2008-166-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/2776-165-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2920-168-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/memory/2344-169-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2044-167-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/324-170-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/1660-173-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/772-175-0x0000000001F20000-0x0000000002274000-memory.dmp	xmrig
behavioral1/memory/772-176-0x0000000001F20000-0x0000000002274000-memory.dmp	xmrig
behavioral1/memory/2412-171-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig

Executes dropped EXE 51 IoCs

pid	Process
2832	sQNphrT.exe
2344	KZFAbQk.exe
2108	JNGGVVX.exe
2916	ruOPmEs.exe
2624	GmxNtfw.exe
2688	WcABKEJ.exe
2540	AtufkVH.exe
2796	OYePIsZ.exe
2456	hbZmCVo.exe
1944	WRkLsbn.exe
2516	IqaeKKy.exe
1344	YMpBXfe.exe
1584	CqfHFXF.exe
2772	oyIgrpo.exe
320	MHlEhdQ.exe
324	bCrasMH.exe
2708	TSCraIz.exe
2412	cRbLhZm.exe
1660	dlJuiKP.exe
2392	NDrzACU.exe
2800	TedonOf.exe
2464	VuFnrCM.exe
1800	NdnTsfx.exe
1792	BRkMBVJ.exe
2776	AvXFtbm.exe
2008	JiDjVmN.exe
2044	XczXcfu.exe
2920	LHWcJNQ.exe
2296	JCYuoeu.exe
580	IKEGuME.exe
3020	OvYxXuB.exe
2312	dptExUb.exe
1000	AzTqDbp.exe
1664	kyetPGj.exe
1840	LnYLGCO.exe
1760	gzObbvr.exe
1364	wgwNxnV.exe
2056	ZeEJDWl.exe
2864	iDJHpzK.exe
3004	MXSEfCj.exe
1036	OuyYUml.exe
1072	SRzMGwF.exe
1112	ETQTGCY.exe
3040	jaQHugJ.exe
1648	SPSJxTx.exe
2320	JVVNXHt.exe
1200	DZXxayS.exe
1608	kmfssXt.exe
2252	fKhEAvW.exe
852	cWIVYhs.exe
3056	znfkvxM.exe

Loads dropped DLL 57 IoCs

pid	Process
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/772-0-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/files/0x000b000000015e66-3.dat	upx
behavioral1/files/0x000a00000001634e-9.dat	upx
behavioral1/memory/2832-13-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/files/0x0007000000016b75-18.dat	upx
behavioral1/files/0x000b000000015e66-11.dat	upx
behavioral1/files/0x000a000000016453-8.dat	upx
behavioral1/files/0x000a00000001634e-6.dat	upx
behavioral1/files/0x0007000000016b75-21.dat	upx
behavioral1/files/0x000a000000016453-23.dat	upx
behavioral1/files/0x0007000000016c0a-28.dat	upx
behavioral1/files/0x000a000000016453-14.dat	upx
behavioral1/files/0x0007000000016c0a-30.dat	upx
behavioral1/memory/2916-34-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/2108-33-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/files/0x0009000000016c8a-39.dat	upx
behavioral1/files/0x0007000000016bf1-25.dat	upx
behavioral1/files/0x0007000000016bf1-44.dat	upx
behavioral1/files/0x0006000000016db0-50.dat	upx
behavioral1/files/0x0006000000016fd6-60.dat	upx
behavioral1/files/0x0006000000016fd6-57.dat	upx
behavioral1/files/0x0006000000017219-65.dat	upx
behavioral1/files/0x0006000000017219-67.dat	upx
behavioral1/files/0x000500000001869e-74.dat	upx
behavioral1/memory/2624-114-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/files/0x0006000000016e48-116.dat	upx
behavioral1/memory/2688-118-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/files/0x0006000000016d57-112.dat	upx
behavioral1/files/0x0006000000018b4d-110.dat	upx
behavioral1/files/0x0006000000018ae5-87.dat	upx
behavioral1/files/0x0006000000018b3d-97.dat	upx
behavioral1/files/0x0006000000018b27-91.dat	upx
behavioral1/files/0x0006000000018ae5-82.dat	upx
behavioral1/files/0x0007000000016c12-35.dat	upx
behavioral1/files/0x0006000000018b36-94.dat	upx
behavioral1/files/0x0006000000018b6f-119.dat	upx
behavioral1/memory/2540-122-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/files/0x0006000000018b6f-135.dat	upx
behavioral1/memory/2796-137-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/memory/2456-144-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/1944-145-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2516-146-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/1344-147-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/files/0x0006000000018ba8-152.dat	upx
behavioral1/files/0x0006000000018b9c-155.dat	upx
behavioral1/memory/1584-151-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2772-157-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/320-158-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2708-159-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2392-160-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2800-161-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/2464-162-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/1800-163-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/1792-164-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/memory/2008-166-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2776-165-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2920-168-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/2344-169-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2044-167-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/324-170-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/1660-173-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/2412-171-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/files/0x00050000000192f8-189.dat	upx
behavioral1/files/0x0005000000019302-193.dat	upx

Drops file in Windows directory 57 IoCs

description	ioc	Process
File created	C:\Windows\System\JiDjVmN.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\SRzMGwF.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\fKhEAvW.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\AtufkVH.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\CqfHFXF.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\MHlEhdQ.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\AvXFtbm.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\KZFAbQk.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\GmxNtfw.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\ETQTGCY.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\DZXxayS.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\BRkMBVJ.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\ezPRLeG.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\swmrpaN.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\NdnTsfx.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\XczXcfu.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\LnYLGCO.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\ZeEJDWl.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\VuFnrCM.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\cWIVYhs.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\eZpErqL.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\znfkvxM.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\YMpBXfe.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\JCYuoeu.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\IKEGuME.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\BZsGdkB.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\kmfssXt.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\sQNphrT.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\ruOPmEs.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\IqaeKKy.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\WcABKEJ.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\jaQHugJ.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\SPSJxTx.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\NDrzACU.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\oyIgrpo.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\AzTqDbp.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\OuyYUml.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\cRbLhZm.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\dptExUb.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\TSCraIz.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\OYePIsZ.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\TedonOf.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\OvYxXuB.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\JcEaNlV.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\bCrasMH.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\gzObbvr.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\MXSEfCj.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\zssQyZW.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\WRkLsbn.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\wgwNxnV.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\kyetPGj.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\LHWcJNQ.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\hbZmCVo.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\dlJuiKP.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\iDJHpzK.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\JVVNXHt.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
File created	C:\Windows\System\JNGGVVX.exe	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 772 wrote to memory of 2344	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	29
PID 772 wrote to memory of 2344	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	29
PID 772 wrote to memory of 2344	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	29
PID 772 wrote to memory of 2832	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	30
PID 772 wrote to memory of 2832	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	30
PID 772 wrote to memory of 2832	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	30
PID 772 wrote to memory of 2916	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	31
PID 772 wrote to memory of 2916	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	31
PID 772 wrote to memory of 2916	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	31
PID 772 wrote to memory of 2108	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	32
PID 772 wrote to memory of 2108	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	32
PID 772 wrote to memory of 2108	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	32
PID 772 wrote to memory of 2540	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	33
PID 772 wrote to memory of 2540	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	33
PID 772 wrote to memory of 2540	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	33
PID 772 wrote to memory of 2624	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	34
PID 772 wrote to memory of 2624	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	34
PID 772 wrote to memory of 2624	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	34
PID 772 wrote to memory of 2516	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	35
PID 772 wrote to memory of 2516	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	35
PID 772 wrote to memory of 2516	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	35
PID 772 wrote to memory of 2688	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	36
PID 772 wrote to memory of 2688	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	36
PID 772 wrote to memory of 2688	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	36
PID 772 wrote to memory of 2708	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	37
PID 772 wrote to memory of 2708	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	37
PID 772 wrote to memory of 2708	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	37
PID 772 wrote to memory of 2796	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	38
PID 772 wrote to memory of 2796	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	38
PID 772 wrote to memory of 2796	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	38
PID 772 wrote to memory of 2412	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	39
PID 772 wrote to memory of 2412	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	39
PID 772 wrote to memory of 2412	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	39
PID 772 wrote to memory of 2456	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	40
PID 772 wrote to memory of 2456	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	40
PID 772 wrote to memory of 2456	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	40
PID 772 wrote to memory of 1660	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	41
PID 772 wrote to memory of 1660	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	41
PID 772 wrote to memory of 1660	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	41
PID 772 wrote to memory of 1944	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	42
PID 772 wrote to memory of 1944	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	42
PID 772 wrote to memory of 1944	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	42
PID 772 wrote to memory of 2392	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	43
PID 772 wrote to memory of 2392	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	43
PID 772 wrote to memory of 2392	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	43
PID 772 wrote to memory of 1344	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	44
PID 772 wrote to memory of 1344	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	44
PID 772 wrote to memory of 1344	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	44
PID 772 wrote to memory of 2800	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	45
PID 772 wrote to memory of 2800	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	45
PID 772 wrote to memory of 2800	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	45
PID 772 wrote to memory of 1584	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	46
PID 772 wrote to memory of 1584	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	46
PID 772 wrote to memory of 1584	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	46
PID 772 wrote to memory of 2464	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	47
PID 772 wrote to memory of 2464	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	47
PID 772 wrote to memory of 2464	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	47
PID 772 wrote to memory of 2772	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	48
PID 772 wrote to memory of 2772	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	48
PID 772 wrote to memory of 2772	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	48
PID 772 wrote to memory of 1800	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	49
PID 772 wrote to memory of 1800	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	49
PID 772 wrote to memory of 1800	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	49
PID 772 wrote to memory of 320	772	eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe	50

C:\Users\Admin\AppData\Local\Temp\eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe
"C:\Users\Admin\AppData\Local\Temp\eee22bf88f0fb22b1c566e9bdc8db0852870d4c66e617925abc13e1897c2d02c.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:772
- C:\Windows\System\KZFAbQk.exe
  C:\Windows\System\KZFAbQk.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\sQNphrT.exe
  C:\Windows\System\sQNphrT.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\ruOPmEs.exe
  C:\Windows\System\ruOPmEs.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\JNGGVVX.exe
  C:\Windows\System\JNGGVVX.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\AtufkVH.exe
  C:\Windows\System\AtufkVH.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\GmxNtfw.exe
  C:\Windows\System\GmxNtfw.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\IqaeKKy.exe
  C:\Windows\System\IqaeKKy.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\WcABKEJ.exe
  C:\Windows\System\WcABKEJ.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\TSCraIz.exe
  C:\Windows\System\TSCraIz.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\OYePIsZ.exe
  C:\Windows\System\OYePIsZ.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\cRbLhZm.exe
  C:\Windows\System\cRbLhZm.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\hbZmCVo.exe
  C:\Windows\System\hbZmCVo.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\dlJuiKP.exe
  C:\Windows\System\dlJuiKP.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\WRkLsbn.exe
  C:\Windows\System\WRkLsbn.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\NDrzACU.exe
  C:\Windows\System\NDrzACU.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\YMpBXfe.exe
  C:\Windows\System\YMpBXfe.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\TedonOf.exe
  C:\Windows\System\TedonOf.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\CqfHFXF.exe
  C:\Windows\System\CqfHFXF.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\VuFnrCM.exe
  C:\Windows\System\VuFnrCM.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\oyIgrpo.exe
  C:\Windows\System\oyIgrpo.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\NdnTsfx.exe
  C:\Windows\System\NdnTsfx.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\MHlEhdQ.exe
  C:\Windows\System\MHlEhdQ.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\BRkMBVJ.exe
  C:\Windows\System\BRkMBVJ.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\bCrasMH.exe
  C:\Windows\System\bCrasMH.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\AvXFtbm.exe
  C:\Windows\System\AvXFtbm.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\JiDjVmN.exe
  C:\Windows\System\JiDjVmN.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\LHWcJNQ.exe
  C:\Windows\System\LHWcJNQ.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\XczXcfu.exe
  C:\Windows\System\XczXcfu.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\IKEGuME.exe
  C:\Windows\System\IKEGuME.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\JCYuoeu.exe
  C:\Windows\System\JCYuoeu.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\OvYxXuB.exe
  C:\Windows\System\OvYxXuB.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\dptExUb.exe
  C:\Windows\System\dptExUb.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\wgwNxnV.exe
  C:\Windows\System\wgwNxnV.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\AzTqDbp.exe
  C:\Windows\System\AzTqDbp.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\iDJHpzK.exe
  C:\Windows\System\iDJHpzK.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\kyetPGj.exe
  C:\Windows\System\kyetPGj.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\OuyYUml.exe
  C:\Windows\System\OuyYUml.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\LnYLGCO.exe
  C:\Windows\System\LnYLGCO.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\SRzMGwF.exe
  C:\Windows\System\SRzMGwF.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\gzObbvr.exe
  C:\Windows\System\gzObbvr.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\ETQTGCY.exe
  C:\Windows\System\ETQTGCY.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\ZeEJDWl.exe
  C:\Windows\System\ZeEJDWl.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\jaQHugJ.exe
  C:\Windows\System\jaQHugJ.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\MXSEfCj.exe
  C:\Windows\System\MXSEfCj.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\SPSJxTx.exe
  C:\Windows\System\SPSJxTx.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\JVVNXHt.exe
  C:\Windows\System\JVVNXHt.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\BZsGdkB.exe
  C:\Windows\System\BZsGdkB.exe
  2⤵
  PID:888
- C:\Windows\System\DZXxayS.exe
  C:\Windows\System\DZXxayS.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\zssQyZW.exe
  C:\Windows\System\zssQyZW.exe
  2⤵
  PID:2184
- C:\Windows\System\kmfssXt.exe
  C:\Windows\System\kmfssXt.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\swmrpaN.exe
  C:\Windows\System\swmrpaN.exe
  2⤵
  PID:1604
- C:\Windows\System\fKhEAvW.exe
  C:\Windows\System\fKhEAvW.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\JcEaNlV.exe
  C:\Windows\System\JcEaNlV.exe
  2⤵
  PID:2896
- C:\Windows\System\cWIVYhs.exe
  C:\Windows\System\cWIVYhs.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\eZpErqL.exe
  C:\Windows\System\eZpErqL.exe
  2⤵
  PID:2232
- C:\Windows\System\znfkvxM.exe
  C:\Windows\System\znfkvxM.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\ezPRLeG.exe
  C:\Windows\System\ezPRLeG.exe
  2⤵
  PID:2644
- C:\Windows\System\UaxKXgO.exe
  C:\Windows\System\UaxKXgO.exe
  2⤵
  PID:2840
- C:\Windows\System\DhvxSIc.exe
  C:\Windows\System\DhvxSIc.exe
  2⤵
  PID:2572
- C:\Windows\System\UvYBqpJ.exe
  C:\Windows\System\UvYBqpJ.exe
  2⤵
  PID:2144
- C:\Windows\System\DYmFHpE.exe
  C:\Windows\System\DYmFHpE.exe
  2⤵
  PID:2460
- C:\Windows\System\YaqinZy.exe
  C:\Windows\System\YaqinZy.exe
  2⤵
  PID:2484
- C:\Windows\System\JApvaak.exe
  C:\Windows\System\JApvaak.exe
  2⤵
  PID:3016
- C:\Windows\System\aMwRdIV.exe
  C:\Windows\System\aMwRdIV.exe
  2⤵
  PID:2968
- C:\Windows\System\VEktsAa.exe
  C:\Windows\System\VEktsAa.exe
  2⤵
  PID:1076
- C:\Windows\System\BVivpzq.exe
  C:\Windows\System\BVivpzq.exe
  2⤵
  PID:1964
- C:\Windows\System\nGMataK.exe
  C:\Windows\System\nGMataK.exe
  2⤵
  PID:880
- C:\Windows\System\yRrYCxj.exe
  C:\Windows\System\yRrYCxj.exe
  2⤵
  PID:2424
- C:\Windows\System\NJJtOSl.exe
  C:\Windows\System\NJJtOSl.exe
  2⤵
  PID:1684
- C:\Windows\System\vSUflwt.exe
  C:\Windows\System\vSUflwt.exe
  2⤵
  PID:2908
- C:\Windows\System\bNDVHXA.exe
  C:\Windows\System\bNDVHXA.exe
  2⤵
  PID:2656
- C:\Windows\System\xAvnajZ.exe
  C:\Windows\System\xAvnajZ.exe
  2⤵
  PID:2820
- C:\Windows\System\WqoUmQy.exe
  C:\Windows\System\WqoUmQy.exe
  2⤵
  PID:1816
- C:\Windows\System\TcLgDFA.exe
  C:\Windows\System\TcLgDFA.exe
  2⤵
  PID:1128
- C:\Windows\System\eZczaSd.exe
  C:\Windows\System\eZczaSd.exe
  2⤵
  PID:2448
- C:\Windows\System\hRIVNVc.exe
  C:\Windows\System\hRIVNVc.exe
  2⤵
  PID:1828
- C:\Windows\System\YLSXhsF.exe
  C:\Windows\System\YLSXhsF.exe
  2⤵
  PID:2944
- C:\Windows\System\pfEkeyo.exe
  C:\Windows\System\pfEkeyo.exe
  2⤵
  PID:1084
- C:\Windows\System\xftWBnY.exe
  C:\Windows\System\xftWBnY.exe
  2⤵
  PID:592
- C:\Windows\System\QySCHWJ.exe
  C:\Windows\System\QySCHWJ.exe
  2⤵
  PID:1524
- C:\Windows\System\xpSGqOG.exe
  C:\Windows\System\xpSGqOG.exe
  2⤵
  PID:2280
- C:\Windows\System\KfpCKTH.exe
  C:\Windows\System\KfpCKTH.exe
  2⤵
  PID:2128
- C:\Windows\System\ufZFtaT.exe
  C:\Windows\System\ufZFtaT.exe
  2⤵
  PID:2928
- C:\Windows\System\fGqJIGX.exe
  C:\Windows\System\fGqJIGX.exe
  2⤵
  PID:2304
- C:\Windows\System\QLOuWvN.exe
  C:\Windows\System\QLOuWvN.exe
  2⤵
  PID:2452
- C:\Windows\System\thiLEeL.exe
  C:\Windows\System\thiLEeL.exe
  2⤵
  PID:1836
- C:\Windows\System\VEwEdXt.exe
  C:\Windows\System\VEwEdXt.exe
  2⤵
  PID:2224
- C:\Windows\System\ROwmpSn.exe
  C:\Windows\System\ROwmpSn.exe
  2⤵
  PID:2300
- C:\Windows\System\bPkHJvi.exe
  C:\Windows\System\bPkHJvi.exe
  2⤵
  PID:2244
- C:\Windows\System\xHKTqYB.exe
  C:\Windows\System\xHKTqYB.exe
  2⤵
  PID:832
- C:\Windows\System\BPRaMvI.exe
  C:\Windows\System\BPRaMvI.exe
  2⤵
  PID:1448
- C:\Windows\System\sdTzDnM.exe
  C:\Windows\System\sdTzDnM.exe
  2⤵
  PID:2760
- C:\Windows\System\xIaRSWZ.exe
  C:\Windows\System\xIaRSWZ.exe
  2⤵
  PID:1576
- C:\Windows\System\WsAwHRF.exe
  C:\Windows\System\WsAwHRF.exe
  2⤵
  PID:2740
- C:\Windows\System\zrRJMUS.exe
  C:\Windows\System\zrRJMUS.exe
  2⤵
  PID:1832
- C:\Windows\System\HubNpeF.exe
  C:\Windows\System\HubNpeF.exe
  2⤵
  PID:1528
- C:\Windows\System\BjudRZH.exe
  C:\Windows\System\BjudRZH.exe
  2⤵
  PID:2384
- C:\Windows\System\ViMMIqd.exe
  C:\Windows\System\ViMMIqd.exe
  2⤵
  PID:2152
- C:\Windows\System\ZIuiUgQ.exe
  C:\Windows\System\ZIuiUgQ.exe
  2⤵
  PID:1164
- C:\Windows\System\zJiPbjX.exe
  C:\Windows\System\zJiPbjX.exe
  2⤵
  PID:1108
- C:\Windows\System\AZHAwcG.exe
  C:\Windows\System\AZHAwcG.exe
  2⤵
  PID:1520
- C:\Windows\System\mCBkqYg.exe
  C:\Windows\System\mCBkqYg.exe
  2⤵
  PID:2240
- C:\Windows\System\xmdkUwZ.exe
  C:\Windows\System\xmdkUwZ.exe
  2⤵
  PID:276
- C:\Windows\System\mZSyXgM.exe
  C:\Windows\System\mZSyXgM.exe
  2⤵
  PID:1872
- C:\Windows\System\fMLEIdB.exe
  C:\Windows\System\fMLEIdB.exe
  2⤵
  PID:1700
- C:\Windows\System\HVHcoAw.exe
  C:\Windows\System\HVHcoAw.exe
  2⤵
  PID:2720
- C:\Windows\System\TefJlhn.exe
  C:\Windows\System\TefJlhn.exe
  2⤵
  PID:1012
- C:\Windows\System\NjLIwVg.exe
  C:\Windows\System\NjLIwVg.exe
  2⤵
  PID:1168
- C:\Windows\System\YWjucgT.exe
  C:\Windows\System\YWjucgT.exe
  2⤵
  PID:612
- C:\Windows\System\OxmDjIw.exe
  C:\Windows\System\OxmDjIw.exe
  2⤵
  PID:840
- C:\Windows\System\cSpwqrJ.exe
  C:\Windows\System\cSpwqrJ.exe
  2⤵
  PID:2336
- C:\Windows\System\AzvgItM.exe
  C:\Windows\System\AzvgItM.exe
  2⤵
  PID:2984
- C:\Windows\System\BaUFJnd.exe
  C:\Windows\System\BaUFJnd.exe
  2⤵
  PID:2348
- C:\Windows\System\cIpvDpw.exe
  C:\Windows\System\cIpvDpw.exe
  2⤵
  PID:2696
- C:\Windows\System\IPeNHMO.exe
  C:\Windows\System\IPeNHMO.exe
  2⤵
  PID:1292
- C:\Windows\System\NbyHlqp.exe
  C:\Windows\System\NbyHlqp.exe
  2⤵
  PID:1572
- C:\Windows\System\lKhKhJF.exe
  C:\Windows\System\lKhKhJF.exe
  2⤵
  PID:2924
- C:\Windows\System\oJEaPnv.exe
  C:\Windows\System\oJEaPnv.exe
  2⤵
  PID:2308
- C:\Windows\System\HePkhjU.exe
  C:\Windows\System\HePkhjU.exe
  2⤵
  PID:2088
- C:\Windows\System\sMADwOh.exe
  C:\Windows\System\sMADwOh.exe
  2⤵
  PID:1596
- C:\Windows\System\WBKDsZZ.exe
  C:\Windows\System\WBKDsZZ.exe
  2⤵
  PID:2992
- C:\Windows\System\jBPTHWt.exe
  C:\Windows\System\jBPTHWt.exe
  2⤵
  PID:1968
- C:\Windows\System\Klcswmn.exe
  C:\Windows\System\Klcswmn.exe
  2⤵
  PID:2196
- C:\Windows\System\mPAKvVA.exe
  C:\Windows\System\mPAKvVA.exe
  2⤵
  PID:2564
- C:\Windows\System\IckfrVa.exe
  C:\Windows\System\IckfrVa.exe
  2⤵
  PID:1512
- C:\Windows\System\araInvD.exe
  C:\Windows\System\araInvD.exe
  2⤵
  PID:1436
- C:\Windows\System\pcdSuEB.exe
  C:\Windows\System\pcdSuEB.exe
  2⤵
  PID:1636
- C:\Windows\System\BcAITiG.exe
  C:\Windows\System\BcAITiG.exe
  2⤵
  PID:2648
- C:\Windows\System\hAGQYUE.exe
  C:\Windows\System\hAGQYUE.exe
  2⤵
  PID:1824
- C:\Windows\System\OlrRfgu.exe
  C:\Windows\System\OlrRfgu.exe
  2⤵
  PID:2508
- C:\Windows\System\pJZhQZy.exe
  C:\Windows\System\pJZhQZy.exe
  2⤵
  PID:1396
- C:\Windows\System\oBGQKkv.exe
  C:\Windows\System\oBGQKkv.exe
  2⤵
  PID:2164
- C:\Windows\System\pyQDlwk.exe
  C:\Windows\System\pyQDlwk.exe
  2⤵
  PID:1416
- C:\Windows\System\VdQvJzy.exe
  C:\Windows\System\VdQvJzy.exe
  2⤵
  PID:2704
- C:\Windows\System\LczBejx.exe
  C:\Windows\System\LczBejx.exe
  2⤵
  PID:3000
- C:\Windows\System\PGbOqaz.exe
  C:\Windows\System\PGbOqaz.exe
  2⤵
  PID:1348
- C:\Windows\System\VCxSlyg.exe
  C:\Windows\System\VCxSlyg.exe
  2⤵
  PID:2816
- C:\Windows\System\TKlNXPC.exe
  C:\Windows\System\TKlNXPC.exe
  2⤵
  PID:1492
- C:\Windows\System\scBqQHW.exe
  C:\Windows\System\scBqQHW.exe
  2⤵
  PID:2792
- C:\Windows\System\OXmlnTs.exe
  C:\Windows\System\OXmlnTs.exe
  2⤵
  PID:2052
- C:\Windows\System\SEABgvl.exe
  C:\Windows\System\SEABgvl.exe
  2⤵
  PID:1640
- C:\Windows\System\yGrqQyV.exe
  C:\Windows\System\yGrqQyV.exe
  2⤵
  PID:2976
- C:\Windows\System\PZpHKro.exe
  C:\Windows\System\PZpHKro.exe
  2⤵
  PID:2112
- C:\Windows\System\rHwjPJz.exe
  C:\Windows\System\rHwjPJz.exe
  2⤵
  PID:2192
- C:\Windows\System\lcmpgpO.exe
  C:\Windows\System\lcmpgpO.exe
  2⤵
  PID:2220
- C:\Windows\System\iyDlRVr.exe
  C:\Windows\System\iyDlRVr.exe
  2⤵
  PID:528
- C:\Windows\System\NfNjEjh.exe
  C:\Windows\System\NfNjEjh.exe
  2⤵
  PID:2100
- C:\Windows\System\Tgevxqy.exe
  C:\Windows\System\Tgevxqy.exe
  2⤵
  PID:400
- C:\Windows\System\OoRDakT.exe
  C:\Windows\System\OoRDakT.exe
  2⤵
  PID:1068
- C:\Windows\System\QYNvqFt.exe
  C:\Windows\System\QYNvqFt.exe
  2⤵
  PID:1356
- C:\Windows\System\SXjWADF.exe
  C:\Windows\System\SXjWADF.exe
  2⤵
  PID:1088
- C:\Windows\System\GAglLiF.exe
  C:\Windows\System\GAglLiF.exe
  2⤵
  PID:2828
- C:\Windows\System\wDMyvFL.exe
  C:\Windows\System\wDMyvFL.exe
  2⤵
  PID:1052
- C:\Windows\System\NJSWgXb.exe
  C:\Windows\System\NJSWgXb.exe
  2⤵
  PID:2532
- C:\Windows\System\KrwQktF.exe
  C:\Windows\System\KrwQktF.exe
  2⤵
  PID:2040
- C:\Windows\System\fMIVBqC.exe
  C:\Windows\System\fMIVBqC.exe
  2⤵
  PID:2860
- C:\Windows\System\ioRgPms.exe
  C:\Windows\System\ioRgPms.exe
  2⤵
  PID:2768
- C:\Windows\System\IzSvYnc.exe
  C:\Windows\System\IzSvYnc.exe
  2⤵
  PID:2080
- C:\Windows\System\VsDHjfD.exe
  C:\Windows\System\VsDHjfD.exe
  2⤵
  PID:3088
- C:\Windows\System\AVgeCtI.exe
  C:\Windows\System\AVgeCtI.exe
  2⤵
  PID:3108
- C:\Windows\System\THOncdu.exe
  C:\Windows\System\THOncdu.exe
  2⤵
  PID:3124
- C:\Windows\System\NqxCyxu.exe
  C:\Windows\System\NqxCyxu.exe
  2⤵
  PID:3140
- C:\Windows\System\HgvplFV.exe
  C:\Windows\System\HgvplFV.exe
  2⤵
  PID:3156
- C:\Windows\System\sCMpCjD.exe
  C:\Windows\System\sCMpCjD.exe
  2⤵
  PID:3172
- C:\Windows\System\aecMhyk.exe
  C:\Windows\System\aecMhyk.exe
  2⤵
  PID:3188
- C:\Windows\System\zqdbBlV.exe
  C:\Windows\System\zqdbBlV.exe
  2⤵
  PID:3204
- C:\Windows\System\qzpxFXp.exe
  C:\Windows\System\qzpxFXp.exe
  2⤵
  PID:3220
- C:\Windows\System\McakAFb.exe
  C:\Windows\System\McakAFb.exe
  2⤵
  PID:3236
- C:\Windows\System\nDIHUyB.exe
  C:\Windows\System\nDIHUyB.exe
  2⤵
  PID:3252
- C:\Windows\System\hmrHPKd.exe
  C:\Windows\System\hmrHPKd.exe
  2⤵
  PID:3272
- C:\Windows\System\xnWOBLT.exe
  C:\Windows\System\xnWOBLT.exe
  2⤵
  PID:3288
- C:\Windows\System\CrZlEnO.exe
  C:\Windows\System\CrZlEnO.exe
  2⤵
  PID:3304
- C:\Windows\System\GVBUxtA.exe
  C:\Windows\System\GVBUxtA.exe
  2⤵
  PID:3320
- C:\Windows\System\jjmhase.exe
  C:\Windows\System\jjmhase.exe
  2⤵
  PID:3336
- C:\Windows\System\AwFAecd.exe
  C:\Windows\System\AwFAecd.exe
  2⤵
  PID:3352
- C:\Windows\System\hmODMxY.exe
  C:\Windows\System\hmODMxY.exe
  2⤵
  PID:3368
- C:\Windows\System\bVTXrUc.exe
  C:\Windows\System\bVTXrUc.exe
  2⤵
  PID:3384
- C:\Windows\System\HUnOWVt.exe
  C:\Windows\System\HUnOWVt.exe
  2⤵
  PID:3400
- C:\Windows\System\Xkfbnss.exe
  C:\Windows\System\Xkfbnss.exe
  2⤵
  PID:3416
- C:\Windows\System\HBxYBbU.exe
  C:\Windows\System\HBxYBbU.exe
  2⤵
  PID:3432
- C:\Windows\System\NlaCLOa.exe
  C:\Windows\System\NlaCLOa.exe
  2⤵
  PID:3448
- C:\Windows\System\BwaKZvx.exe
  C:\Windows\System\BwaKZvx.exe
  2⤵
  PID:3464
- C:\Windows\System\JrLXOPO.exe
  C:\Windows\System\JrLXOPO.exe
  2⤵
  PID:3480
- C:\Windows\System\ZrVqvAL.exe
  C:\Windows\System\ZrVqvAL.exe
  2⤵
  PID:3496
- C:\Windows\System\sXzjIPU.exe
  C:\Windows\System\sXzjIPU.exe
  2⤵
  PID:3512
- C:\Windows\System\crEYsSP.exe
  C:\Windows\System\crEYsSP.exe
  2⤵
  PID:3528
- C:\Windows\System\BsxwehH.exe
  C:\Windows\System\BsxwehH.exe
  2⤵
  PID:3544
- C:\Windows\System\VXSUCEE.exe
  C:\Windows\System\VXSUCEE.exe
  2⤵
  PID:3560
- C:\Windows\System\EmfCpXn.exe
  C:\Windows\System\EmfCpXn.exe
  2⤵
  PID:3576
- C:\Windows\System\NFadKUr.exe
  C:\Windows\System\NFadKUr.exe
  2⤵
  PID:3592
- C:\Windows\System\ZNDryha.exe
  C:\Windows\System\ZNDryha.exe
  2⤵
  PID:3608
- C:\Windows\System\ffsbXRZ.exe
  C:\Windows\System\ffsbXRZ.exe
  2⤵
  PID:3624
- C:\Windows\System\RldtyqP.exe
  C:\Windows\System\RldtyqP.exe
  2⤵
  PID:3640
- C:\Windows\System\WToXhWN.exe
  C:\Windows\System\WToXhWN.exe
  2⤵
  PID:3656
- C:\Windows\System\PyWYJkQ.exe
  C:\Windows\System\PyWYJkQ.exe
  2⤵
  PID:3672
- C:\Windows\System\rRUqoJv.exe
  C:\Windows\System\rRUqoJv.exe
  2⤵
  PID:3688
- C:\Windows\System\AzrYxiS.exe
  C:\Windows\System\AzrYxiS.exe
  2⤵
  PID:3704
- C:\Windows\System\wNfZXtA.exe
  C:\Windows\System\wNfZXtA.exe
  2⤵
  PID:3720
- C:\Windows\System\nPQTxtr.exe
  C:\Windows\System\nPQTxtr.exe
  2⤵
  PID:3736
- C:\Windows\System\xnDcAij.exe
  C:\Windows\System\xnDcAij.exe
  2⤵
  PID:3752
- C:\Windows\System\OvrtXGr.exe
  C:\Windows\System\OvrtXGr.exe
  2⤵
  PID:3768
- C:\Windows\System\SOeukRW.exe
  C:\Windows\System\SOeukRW.exe
  2⤵
  PID:3784
- C:\Windows\System\YBSJPFx.exe
  C:\Windows\System\YBSJPFx.exe
  2⤵
  PID:3800
- C:\Windows\System\hNefhZA.exe
  C:\Windows\System\hNefhZA.exe
  2⤵
  PID:3816
- C:\Windows\System\XouGlbG.exe
  C:\Windows\System\XouGlbG.exe
  2⤵
  PID:3832
- C:\Windows\System\YundMOd.exe
  C:\Windows\System\YundMOd.exe
  2⤵
  PID:3848
- C:\Windows\System\OTMeuWM.exe
  C:\Windows\System\OTMeuWM.exe
  2⤵
  PID:3864
- C:\Windows\System\BaKwdhC.exe
  C:\Windows\System\BaKwdhC.exe
  2⤵
  PID:3880
- C:\Windows\System\KfQyuPZ.exe
  C:\Windows\System\KfQyuPZ.exe
  2⤵
  PID:3896
- C:\Windows\System\hkdcRWp.exe
  C:\Windows\System\hkdcRWp.exe
  2⤵
  PID:3912
- C:\Windows\System\IuWtkBE.exe
  C:\Windows\System\IuWtkBE.exe
  2⤵
  PID:3928
- C:\Windows\System\hCAjwlx.exe
  C:\Windows\System\hCAjwlx.exe
  2⤵
  PID:3944
- C:\Windows\System\rHsladE.exe
  C:\Windows\System\rHsladE.exe
  2⤵
  PID:3960
- C:\Windows\System\noCZvKH.exe
  C:\Windows\System\noCZvKH.exe
  2⤵
  PID:3976
- C:\Windows\System\YrspDWF.exe
  C:\Windows\System\YrspDWF.exe
  2⤵
  PID:3992
- C:\Windows\System\CBdHKhx.exe
  C:\Windows\System\CBdHKhx.exe
  2⤵
  PID:4008
- C:\Windows\System\KIWPteM.exe
  C:\Windows\System\KIWPteM.exe
  2⤵
  PID:4024
- C:\Windows\System\rjpdXLM.exe
  C:\Windows\System\rjpdXLM.exe
  2⤵
  PID:4040
- C:\Windows\System\WUDduMJ.exe
  C:\Windows\System\WUDduMJ.exe
  2⤵
  PID:4056
- C:\Windows\System\TqjgOIg.exe
  C:\Windows\System\TqjgOIg.exe
  2⤵
  PID:4076
- C:\Windows\System\SQcuJlq.exe
  C:\Windows\System\SQcuJlq.exe
  2⤵
  PID:4092
- C:\Windows\System\rDugwTi.exe
  C:\Windows\System\rDugwTi.exe
  2⤵
  PID:2592
- C:\Windows\System\IxlqKeQ.exe
  C:\Windows\System\IxlqKeQ.exe
  2⤵
  PID:812
- C:\Windows\System\obmmAoC.exe
  C:\Windows\System\obmmAoC.exe
  2⤵
  PID:1496
- C:\Windows\System\GMBKXxg.exe
  C:\Windows\System\GMBKXxg.exe
  2⤵
  PID:2316
- C:\Windows\System\MCvbBZW.exe
  C:\Windows\System\MCvbBZW.exe
  2⤵
  PID:1864
- C:\Windows\System\peNDmXF.exe
  C:\Windows\System\peNDmXF.exe
  2⤵
  PID:1172
- C:\Windows\System\ZrxWkln.exe
  C:\Windows\System\ZrxWkln.exe
  2⤵
  PID:2140
- C:\Windows\System\TeRjwYV.exe
  C:\Windows\System\TeRjwYV.exe
  2⤵
  PID:3136
- C:\Windows\System\svmDvAL.exe
  C:\Windows\System\svmDvAL.exe
  2⤵
  PID:3200
- C:\Windows\System\zVUoGJV.exe
  C:\Windows\System\zVUoGJV.exe
  2⤵
  PID:3268
- C:\Windows\System\tLaBzXo.exe
  C:\Windows\System\tLaBzXo.exe
  2⤵
  PID:3332
- C:\Windows\System\MuMHsuO.exe
  C:\Windows\System\MuMHsuO.exe
  2⤵
  PID:1920
- C:\Windows\System\RGiCiRI.exe
  C:\Windows\System\RGiCiRI.exe
  2⤵
  PID:1288
- C:\Windows\System\kYJrnRd.exe
  C:\Windows\System\kYJrnRd.exe
  2⤵
  PID:1756
- C:\Windows\System\pESIHsY.exe
  C:\Windows\System\pESIHsY.exe
  2⤵
  PID:1264
- C:\Windows\System\qWrZerH.exe
  C:\Windows\System\qWrZerH.exe
  2⤵
  PID:3360
- C:\Windows\System\BAkuJHR.exe
  C:\Windows\System\BAkuJHR.exe
  2⤵
  PID:3424
- C:\Windows\System\devWCIV.exe
  C:\Windows\System\devWCIV.exe
  2⤵
  PID:3488
- C:\Windows\System\EdKaQVj.exe
  C:\Windows\System\EdKaQVj.exe
  2⤵
  PID:3552
- C:\Windows\System\LZEDcLA.exe
  C:\Windows\System\LZEDcLA.exe
  2⤵
  PID:1484
- C:\Windows\System\lzBwWpQ.exe
  C:\Windows\System\lzBwWpQ.exe
  2⤵
  PID:3080
- C:\Windows\System\ZErYYfN.exe
  C:\Windows\System\ZErYYfN.exe
  2⤵
  PID:3184
- C:\Windows\System\zXKPYPI.exe
  C:\Windows\System\zXKPYPI.exe
  2⤵
  PID:3248
- C:\Windows\System\swrlmEV.exe
  C:\Windows\System\swrlmEV.exe
  2⤵
  PID:3316
- C:\Windows\System\bUajaCg.exe
  C:\Windows\System\bUajaCg.exe
  2⤵
  PID:3572
- C:\Windows\System\Hpxrehg.exe
  C:\Windows\System\Hpxrehg.exe
  2⤵
  PID:3652
- C:\Windows\System\hpONWiQ.exe
  C:\Windows\System\hpONWiQ.exe
  2⤵
  PID:3716
- C:\Windows\System\eeSxnDL.exe
  C:\Windows\System\eeSxnDL.exe
  2⤵
  PID:3780
- C:\Windows\System\kYqUmCe.exe
  C:\Windows\System\kYqUmCe.exe
  2⤵
  PID:3840
- C:\Windows\System\zJqPakW.exe
  C:\Windows\System\zJqPakW.exe
  2⤵
  PID:3348
- C:\Windows\System\JUnQhJM.exe
  C:\Windows\System\JUnQhJM.exe
  2⤵
  PID:3412
- C:\Windows\System\LueEIBh.exe
  C:\Windows\System\LueEIBh.exe
  2⤵
  PID:3508
- C:\Windows\System\cjTOUQA.exe
  C:\Windows\System\cjTOUQA.exe
  2⤵
  PID:3876
- C:\Windows\System\vibdQxv.exe
  C:\Windows\System\vibdQxv.exe
  2⤵
  PID:3940
- C:\Windows\System\lEDhcJh.exe
  C:\Windows\System\lEDhcJh.exe
  2⤵
  PID:4004
- C:\Windows\System\juSnQGN.exe
  C:\Windows\System\juSnQGN.exe
  2⤵
  PID:2004
- C:\Windows\System\lHyIFwN.exe
  C:\Windows\System\lHyIFwN.exe
  2⤵
  PID:2808
- C:\Windows\System\EFIycII.exe
  C:\Windows\System\EFIycII.exe
  2⤵
  PID:3636
- C:\Windows\System\DDfpWlj.exe
  C:\Windows\System\DDfpWlj.exe
  2⤵
  PID:3728
- C:\Windows\System\TOSlaZu.exe
  C:\Windows\System\TOSlaZu.exe
  2⤵
  PID:3792
- C:\Windows\System\sagYpWd.exe
  C:\Windows\System\sagYpWd.exe
  2⤵
  PID:3856
- C:\Windows\System\qoMLfyN.exe
  C:\Windows\System\qoMLfyN.exe
  2⤵
  PID:4016
- C:\Windows\System\ZjnZLCO.exe
  C:\Windows\System\ZjnZLCO.exe
  2⤵
  PID:3924
- C:\Windows\System\fkHSoVC.exe
  C:\Windows\System\fkHSoVC.exe
  2⤵
  PID:4048
- C:\Windows\System\YCsjmop.exe
  C:\Windows\System\YCsjmop.exe
  2⤵
  PID:4088
- C:\Windows\System\AIvIXfX.exe
  C:\Windows\System\AIvIXfX.exe
  2⤵
  PID:2132
- C:\Windows\System\QgYLpFE.exe
  C:\Windows\System\QgYLpFE.exe
  2⤵
  PID:640
- C:\Windows\System\fygvMve.exe
  C:\Windows\System\fygvMve.exe
  2⤵
  PID:3300
- C:\Windows\System\zqGzEYO.exe
  C:\Windows\System\zqGzEYO.exe
  2⤵
  PID:2472
- C:\Windows\System\CBBnRvI.exe
  C:\Windows\System\CBBnRvI.exe
  2⤵
  PID:3524
- C:\Windows\System\WUDwQKj.exe
  C:\Windows\System\WUDwQKj.exe
  2⤵
  PID:3216
- C:\Windows\System\UfYJXjt.exe
  C:\Windows\System\UfYJXjt.exe
  2⤵
  PID:488
- C:\Windows\System\WMgyGlp.exe
  C:\Windows\System\WMgyGlp.exe
  2⤵
  PID:2672
- C:\Windows\System\WHWGajy.exe
  C:\Windows\System\WHWGajy.exe
  2⤵
  PID:3284
- C:\Windows\System\DgUdfyE.exe
  C:\Windows\System\DgUdfyE.exe
  2⤵
  PID:3380
- C:\Windows\System\npDWjLy.exe
  C:\Windows\System\npDWjLy.exe
  2⤵
  PID:3972
- C:\Windows\System\DoZNoXO.exe
  C:\Windows\System\DoZNoXO.exe
  2⤵
  PID:3668
- C:\Windows\System\XnoOBDJ.exe
  C:\Windows\System\XnoOBDJ.exe
  2⤵
  PID:1812
- C:\Windows\System\lsSSPWL.exe
  C:\Windows\System\lsSSPWL.exe
  2⤵
  PID:1672
- C:\Windows\System\tieiumR.exe
  C:\Windows\System\tieiumR.exe
  2⤵
  PID:3152
- C:\Windows\System\tmtLozX.exe
  C:\Windows\System\tmtLozX.exe
  2⤵
  PID:3504
- C:\Windows\System\WRDZYMX.exe
  C:\Windows\System\WRDZYMX.exe
  2⤵
  PID:2356
- C:\Windows\System\jWRhTRS.exe
  C:\Windows\System\jWRhTRS.exe
  2⤵
  PID:1676
- C:\Windows\System\kJeHVGp.exe
  C:\Windows\System\kJeHVGp.exe
  2⤵
  PID:3104
- C:\Windows\System\wnATkWt.exe
  C:\Windows\System\wnATkWt.exe
  2⤵
  PID:3344
- C:\Windows\System\RKgToDC.exe
  C:\Windows\System\RKgToDC.exe
  2⤵
  PID:4036
- C:\Windows\System\zvwuXgm.exe
  C:\Windows\System\zvwuXgm.exe
  2⤵
  PID:3760
- C:\Windows\System\nZxrkbf.exe
  C:\Windows\System\nZxrkbf.exe
  2⤵
  PID:3132
- C:\Windows\System\zswhxGz.exe
  C:\Windows\System\zswhxGz.exe
  2⤵
  PID:4108
- C:\Windows\System\hfihtJG.exe
  C:\Windows\System\hfihtJG.exe
  2⤵
  PID:4124
- C:\Windows\System\AhHsuCH.exe
  C:\Windows\System\AhHsuCH.exe
  2⤵
  PID:4140
- C:\Windows\System\fwiSoXg.exe
  C:\Windows\System\fwiSoXg.exe
  2⤵
  PID:4156
- C:\Windows\System\ngaVEqE.exe
  C:\Windows\System\ngaVEqE.exe
  2⤵
  PID:4172
- C:\Windows\System\CrdwxdN.exe
  C:\Windows\System\CrdwxdN.exe
  2⤵
  PID:4188
- C:\Windows\System\tImnayg.exe
  C:\Windows\System\tImnayg.exe
  2⤵
  PID:4204
- C:\Windows\System\nGNVKgv.exe
  C:\Windows\System\nGNVKgv.exe
  2⤵
  PID:4220
- C:\Windows\System\RpyEjcx.exe
  C:\Windows\System\RpyEjcx.exe
  2⤵
  PID:4236
- C:\Windows\System\VLswdzC.exe
  C:\Windows\System\VLswdzC.exe
  2⤵
  PID:4252
- C:\Windows\System\lilktvi.exe
  C:\Windows\System\lilktvi.exe
  2⤵
  PID:4268
- C:\Windows\System\CxtJRmU.exe
  C:\Windows\System\CxtJRmU.exe
  2⤵
  PID:4284
- C:\Windows\System\xLnwyRI.exe
  C:\Windows\System\xLnwyRI.exe
  2⤵
  PID:4300
- C:\Windows\System\IRmdMjF.exe
  C:\Windows\System\IRmdMjF.exe
  2⤵
  PID:4316
- C:\Windows\System\rOqAdWP.exe
  C:\Windows\System\rOqAdWP.exe
  2⤵
  PID:4332
- C:\Windows\System\viHQFMg.exe
  C:\Windows\System\viHQFMg.exe
  2⤵
  PID:4348
- C:\Windows\System\HJIqouK.exe
  C:\Windows\System\HJIqouK.exe
  2⤵
  PID:4372
- C:\Windows\System\qDIJask.exe
  C:\Windows\System\qDIJask.exe
  2⤵
  PID:4388
- C:\Windows\System\IalcmSD.exe
  C:\Windows\System\IalcmSD.exe
  2⤵
  PID:4408
- C:\Windows\System\hhYcCCP.exe
  C:\Windows\System\hhYcCCP.exe
  2⤵
  PID:4428
- C:\Windows\System\GIEtGge.exe
  C:\Windows\System\GIEtGge.exe
  2⤵
  PID:4444
- C:\Windows\System\TwdxKCe.exe
  C:\Windows\System\TwdxKCe.exe
  2⤵
  PID:4460
- C:\Windows\System\EeTbXBH.exe
  C:\Windows\System\EeTbXBH.exe
  2⤵
  PID:4476
- C:\Windows\System\GeLkiLO.exe
  C:\Windows\System\GeLkiLO.exe
  2⤵
  PID:4492
- C:\Windows\System\fvLZFGY.exe
  C:\Windows\System\fvLZFGY.exe
  2⤵
  PID:4508
- C:\Windows\System\MkodvEX.exe
  C:\Windows\System\MkodvEX.exe
  2⤵
  PID:4524
- C:\Windows\System\qOdmDcM.exe
  C:\Windows\System\qOdmDcM.exe
  2⤵
  PID:4540
- C:\Windows\System\mNpFcje.exe
  C:\Windows\System\mNpFcje.exe
  2⤵
  PID:4556
- C:\Windows\System\NViyhyh.exe
  C:\Windows\System\NViyhyh.exe
  2⤵
  PID:4572
- C:\Windows\System\eNCRdDw.exe
  C:\Windows\System\eNCRdDw.exe
  2⤵
  PID:4588
- C:\Windows\System\pMrDRVo.exe
  C:\Windows\System\pMrDRVo.exe
  2⤵
  PID:4604
- C:\Windows\System\qnuXFak.exe
  C:\Windows\System\qnuXFak.exe
  2⤵
  PID:4620
- C:\Windows\System\XbPBajY.exe
  C:\Windows\System\XbPBajY.exe
  2⤵
  PID:4636
- C:\Windows\System\MkhgDVW.exe
  C:\Windows\System\MkhgDVW.exe
  2⤵
  PID:4652
- C:\Windows\System\kNlanfz.exe
  C:\Windows\System\kNlanfz.exe
  2⤵
  PID:4668
- C:\Windows\System\wAFKBkM.exe
  C:\Windows\System\wAFKBkM.exe
  2⤵
  PID:4684
- C:\Windows\System\VAyBKVL.exe
  C:\Windows\System\VAyBKVL.exe
  2⤵
  PID:4700
- C:\Windows\System\hguAsxH.exe
  C:\Windows\System\hguAsxH.exe
  2⤵
  PID:4716
- C:\Windows\System\NKberbe.exe
  C:\Windows\System\NKberbe.exe
  2⤵
  PID:4732
- C:\Windows\System\muSVUfZ.exe
  C:\Windows\System\muSVUfZ.exe
  2⤵
  PID:4760
- C:\Windows\System\FjaHtkV.exe
  C:\Windows\System\FjaHtkV.exe
  2⤵
  PID:4776
- C:\Windows\System\KjkvgOG.exe
  C:\Windows\System\KjkvgOG.exe
  2⤵
  PID:4792
- C:\Windows\System\xcgUJPE.exe
  C:\Windows\System\xcgUJPE.exe
  2⤵
  PID:4808
- C:\Windows\System\CnqTDIY.exe
  C:\Windows\System\CnqTDIY.exe
  2⤵
  PID:4824
- C:\Windows\System\bnjRHFD.exe
  C:\Windows\System\bnjRHFD.exe
  2⤵
  PID:4840
- C:\Windows\System\rBbhjPU.exe
  C:\Windows\System\rBbhjPU.exe
  2⤵
  PID:4856
- C:\Windows\System\DYxQsTr.exe
  C:\Windows\System\DYxQsTr.exe
  2⤵
  PID:4872
- C:\Windows\System\kwiBrSd.exe
  C:\Windows\System\kwiBrSd.exe
  2⤵
  PID:4888
- C:\Windows\System\DneMAAn.exe
  C:\Windows\System\DneMAAn.exe
  2⤵
  PID:4904
- C:\Windows\System\mLTyQqq.exe
  C:\Windows\System\mLTyQqq.exe
  2⤵
  PID:4920
- C:\Windows\System\KLyIdCs.exe
  C:\Windows\System\KLyIdCs.exe
  2⤵
  PID:4936
- C:\Windows\System\OVveiuj.exe
  C:\Windows\System\OVveiuj.exe
  2⤵
  PID:4952
- C:\Windows\System\xYXKbGt.exe
  C:\Windows\System\xYXKbGt.exe
  2⤵
  PID:4972
- C:\Windows\System\AQxwhkB.exe
  C:\Windows\System\AQxwhkB.exe
  2⤵
  PID:4988
- C:\Windows\System\suggwfb.exe
  C:\Windows\System\suggwfb.exe
  2⤵
  PID:5004
- C:\Windows\System\JMoSWxK.exe
  C:\Windows\System\JMoSWxK.exe
  2⤵
  PID:5020
- C:\Windows\System\mpZxNcv.exe
  C:\Windows\System\mpZxNcv.exe
  2⤵
  PID:5036
- C:\Windows\System\gISWbob.exe
  C:\Windows\System\gISWbob.exe
  2⤵
  PID:5052
- C:\Windows\System\NOUISAM.exe
  C:\Windows\System\NOUISAM.exe
  2⤵
  PID:5068
- C:\Windows\System\aWKpNPP.exe
  C:\Windows\System\aWKpNPP.exe
  2⤵
  PID:5084
- C:\Windows\System\xcJfbPw.exe
  C:\Windows\System\xcJfbPw.exe
  2⤵
  PID:5100
- C:\Windows\System\WBNqFDr.exe
  C:\Windows\System\WBNqFDr.exe
  2⤵
  PID:5116
- C:\Windows\System\xbWGrkc.exe
  C:\Windows\System\xbWGrkc.exe
  2⤵
  PID:3824
- C:\Windows\System\MXkilbS.exe
  C:\Windows\System\MXkilbS.exe
  2⤵
  PID:1568
- C:\Windows\System\wYmZLLz.exe
  C:\Windows\System\wYmZLLz.exe
  2⤵
  PID:3908
- C:\Windows\System\pbweJAt.exe
  C:\Windows\System\pbweJAt.exe
  2⤵
  PID:4116
- C:\Windows\System\HTYjHSH.exe
  C:\Windows\System\HTYjHSH.exe
  2⤵
  PID:4180
- C:\Windows\System\ypTdFHO.exe
  C:\Windows\System\ypTdFHO.exe
  2⤵
  PID:4244
- C:\Windows\System\LuAZRKa.exe
  C:\Windows\System\LuAZRKa.exe
  2⤵
  PID:4308
- C:\Windows\System\qnYuwkJ.exe
  C:\Windows\System\qnYuwkJ.exe
  2⤵
  PID:3892
- C:\Windows\System\dYGEDhh.exe
  C:\Windows\System\dYGEDhh.exe
  2⤵
  PID:2124
- C:\Windows\System\SGJJQWk.exe
  C:\Windows\System\SGJJQWk.exe
  2⤵
  PID:3684
- C:\Windows\System\gyCmJAE.exe
  C:\Windows\System\gyCmJAE.exe
  2⤵
  PID:3872
- C:\Windows\System\xVQoBTw.exe
  C:\Windows\System\xVQoBTw.exe
  2⤵
  PID:1600
- C:\Windows\System\qwfaaRM.exe
  C:\Windows\System\qwfaaRM.exe
  2⤵
  PID:3620
- C:\Windows\System\RjnFhJL.exe
  C:\Windows\System\RjnFhJL.exe
  2⤵
  PID:3776
- C:\Windows\System\yeZgKJz.exe
  C:\Windows\System\yeZgKJz.exe
  2⤵
  PID:4104
- C:\Windows\System\cNsuOcy.exe
  C:\Windows\System\cNsuOcy.exe
  2⤵
  PID:4168
- C:\Windows\System\VGydYAG.exe
  C:\Windows\System\VGydYAG.exe
  2⤵
  PID:4264
- C:\Windows\System\BHcToEA.exe
  C:\Windows\System\BHcToEA.exe
  2⤵
  PID:4356
- C:\Windows\System\LZPIbXt.exe
  C:\Windows\System\LZPIbXt.exe
  2⤵
  PID:4420
- C:\Windows\System\jUcRhdR.exe
  C:\Windows\System\jUcRhdR.exe
  2⤵
  PID:4456
- C:\Windows\System\KlyaMTK.exe
  C:\Windows\System\KlyaMTK.exe
  2⤵
  PID:4548
- C:\Windows\System\OdWiDJn.exe
  C:\Windows\System\OdWiDJn.exe
  2⤵
  PID:4564
- C:\Windows\System\GpxBNEV.exe
  C:\Windows\System\GpxBNEV.exe
  2⤵
  PID:4616
- C:\Windows\System\oHTksRd.exe
  C:\Windows\System\oHTksRd.exe
  2⤵
  PID:4740
- C:\Windows\System\yCANpMk.exe
  C:\Windows\System\yCANpMk.exe
  2⤵
  PID:4400
- C:\Windows\System\ubGJHEZ.exe
  C:\Windows\System\ubGJHEZ.exe
  2⤵
  PID:4500
- C:\Windows\System\mlFQJPE.exe
  C:\Windows\System\mlFQJPE.exe
  2⤵
  PID:4568
- C:\Windows\System\IHVvVga.exe
  C:\Windows\System\IHVvVga.exe
  2⤵
  PID:4788
- C:\Windows\System\gMeqsDo.exe
  C:\Windows\System\gMeqsDo.exe
  2⤵
  PID:4852
- C:\Windows\System\rfMOxbo.exe
  C:\Windows\System\rfMOxbo.exe
  2⤵
  PID:4916
- C:\Windows\System\jVwnJfS.exe
  C:\Windows\System\jVwnJfS.exe
  2⤵
  PID:4628
- C:\Windows\System\mDKKOYy.exe
  C:\Windows\System\mDKKOYy.exe
  2⤵
  PID:4696
- C:\Windows\System\BzzYIqu.exe
  C:\Windows\System\BzzYIqu.exe
  2⤵
  PID:4984
- C:\Windows\System\uZsgiUn.exe
  C:\Windows\System\uZsgiUn.exe
  2⤵
  PID:5044
- C:\Windows\System\ghBJgCd.exe
  C:\Windows\System\ghBJgCd.exe
  2⤵
  PID:5112
- C:\Windows\System\DJvxfHr.exe
  C:\Windows\System\DJvxfHr.exe
  2⤵
  PID:4772
- C:\Windows\System\aPkUwgU.exe
  C:\Windows\System\aPkUwgU.exe
  2⤵
  PID:4836
- C:\Windows\System\BIsGsAY.exe
  C:\Windows\System\BIsGsAY.exe
  2⤵
  PID:4896
- C:\Windows\System\QabQajJ.exe
  C:\Windows\System\QabQajJ.exe
  2⤵
  PID:5028
- C:\Windows\System\hOCjAfu.exe
  C:\Windows\System\hOCjAfu.exe
  2⤵
  PID:5096
- C:\Windows\System\kzXbBpR.exe
  C:\Windows\System\kzXbBpR.exe
  2⤵
  PID:2260
- C:\Windows\System\GNjRzMg.exe
  C:\Windows\System\GNjRzMg.exe
  2⤵
  PID:3396
- C:\Windows\System\RYPOqsr.exe
  C:\Windows\System\RYPOqsr.exe
  2⤵
  PID:4292
- C:\Windows\System\UYKRmSL.exe
  C:\Windows\System\UYKRmSL.exe
  2⤵
  PID:4324
- C:\Windows\System\ypaLkog.exe
  C:\Windows\System\ypaLkog.exe
  2⤵
  PID:5060
- C:\Windows\System\RuEfTVR.exe
  C:\Windows\System\RuEfTVR.exe
  2⤵
  PID:2716
- C:\Windows\System\dJWKtRA.exe
  C:\Windows\System\dJWKtRA.exe
  2⤵
  PID:4396
- C:\Windows\System\dpcFViB.exe
  C:\Windows\System\dpcFViB.exe
  2⤵
  PID:4468
- C:\Windows\System\ycnrNZh.exe
  C:\Windows\System\ycnrNZh.exe
  2⤵
  PID:4912
- C:\Windows\System\gyOzWzp.exe
  C:\Windows\System\gyOzWzp.exe
  2⤵
  PID:5016
- C:\Windows\System\vlVRrMU.exe
  C:\Windows\System\vlVRrMU.exe
  2⤵
  PID:4148
- C:\Windows\System\uiIXcWw.exe
  C:\Windows\System\uiIXcWw.exe
  2⤵
  PID:4868
- C:\Windows\System\HbeJOtX.exe
  C:\Windows\System\HbeJOtX.exe
  2⤵
  PID:3988
- C:\Windows\System\lwGfKBi.exe
  C:\Windows\System\lwGfKBi.exe
  2⤵
  PID:2964
- C:\Windows\System\sqOBCno.exe
  C:\Windows\System\sqOBCno.exe
  2⤵
  PID:4100
- C:\Windows\System\xKQttSB.exe
  C:\Windows\System\xKQttSB.exe
  2⤵
  PID:4848
- C:\Windows\System\lPhuTtR.exe
  C:\Windows\System\lPhuTtR.exe
  2⤵
  PID:4200
- C:\Windows\System\qvIbhuP.exe
  C:\Windows\System\qvIbhuP.exe
  2⤵
  PID:4520
- C:\Windows\System\CalDsFu.exe
  C:\Windows\System\CalDsFu.exe
  2⤵
  PID:4712
- C:\Windows\System\KdtuUpV.exe
  C:\Windows\System\KdtuUpV.exe
  2⤵
  PID:4820
- C:\Windows\System\guiEpii.exe
  C:\Windows\System\guiEpii.exe
  2⤵
  PID:4932
- C:\Windows\System\QdhWrcP.exe
  C:\Windows\System\QdhWrcP.exe
  2⤵
  PID:2612
- C:\Windows\System\QyTponH.exe
  C:\Windows\System\QyTponH.exe
  2⤵
  PID:4328
- C:\Windows\System\IYxGpRt.exe
  C:\Windows\System\IYxGpRt.exe
  2⤵
  PID:5012
- C:\Windows\System\mYIKpFB.exe
  C:\Windows\System\mYIKpFB.exe
  2⤵
  PID:4532
- C:\Windows\System\XWhSIqp.exe
  C:\Windows\System\XWhSIqp.exe
  2⤵
  PID:4152
- C:\Windows\System\ZIoeJBl.exe
  C:\Windows\System\ZIoeJBl.exe
  2⤵
  PID:5000
- C:\Windows\System\DtmoaYv.exe
  C:\Windows\System\DtmoaYv.exe
  2⤵
  PID:5064
- C:\Windows\System\smyVigo.exe
  C:\Windows\System\smyVigo.exe
  2⤵
  PID:5108
- C:\Windows\System\ddJDnkF.exe
  C:\Windows\System\ddJDnkF.exe
  2⤵
  PID:4948
- C:\Windows\System\EIMSAaQ.exe
  C:\Windows\System\EIMSAaQ.exe
  2⤵
  PID:4676
- C:\Windows\System\XjUOhtB.exe
  C:\Windows\System\XjUOhtB.exe
  2⤵
  PID:4928
- C:\Windows\System\XWeEZdZ.exe
  C:\Windows\System\XWeEZdZ.exe
  2⤵
  PID:3764
- C:\Windows\System\nTjaVpJ.exe
  C:\Windows\System\nTjaVpJ.exe
  2⤵
  PID:5136
- C:\Windows\System\Kmikcdm.exe
  C:\Windows\System\Kmikcdm.exe
  2⤵
  PID:5152
- C:\Windows\System\ExHAuzs.exe
  C:\Windows\System\ExHAuzs.exe
  2⤵
  PID:5168
- C:\Windows\System\JfmmKNb.exe
  C:\Windows\System\JfmmKNb.exe
  2⤵
  PID:5184
- C:\Windows\System\ishBmsh.exe
  C:\Windows\System\ishBmsh.exe
  2⤵
  PID:5200
- C:\Windows\System\YKZpacm.exe
  C:\Windows\System\YKZpacm.exe
  2⤵
  PID:5216
- C:\Windows\System\MRchbAq.exe
  C:\Windows\System\MRchbAq.exe
  2⤵
  PID:5232
- C:\Windows\System\OBqKkSP.exe
  C:\Windows\System\OBqKkSP.exe
  2⤵
  PID:5248
- C:\Windows\System\wxEMTjc.exe
  C:\Windows\System\wxEMTjc.exe
  2⤵
  PID:5264
- C:\Windows\System\nsBtyVD.exe
  C:\Windows\System\nsBtyVD.exe
  2⤵
  PID:5280
- C:\Windows\System\ScZmlnI.exe
  C:\Windows\System\ScZmlnI.exe
  2⤵
  PID:5296
- C:\Windows\System\RdhlQbG.exe
  C:\Windows\System\RdhlQbG.exe
  2⤵
  PID:5312
- C:\Windows\System\eHLACdw.exe
  C:\Windows\System\eHLACdw.exe
  2⤵
  PID:5328
- C:\Windows\System\zXPvHfk.exe
  C:\Windows\System\zXPvHfk.exe
  2⤵
  PID:5344
- C:\Windows\System\nnwRhrX.exe
  C:\Windows\System\nnwRhrX.exe
  2⤵
  PID:5360
- C:\Windows\System\TUiiNlM.exe
  C:\Windows\System\TUiiNlM.exe
  2⤵
  PID:5376
- C:\Windows\System\MYTIEBk.exe
  C:\Windows\System\MYTIEBk.exe
  2⤵
  PID:5392
- C:\Windows\System\IVzoele.exe
  C:\Windows\System\IVzoele.exe
  2⤵
  PID:5412
- C:\Windows\System\bszhQRL.exe
  C:\Windows\System\bszhQRL.exe
  2⤵
  PID:5428
- C:\Windows\System\ETRLwQJ.exe
  C:\Windows\System\ETRLwQJ.exe
  2⤵
  PID:5444
- C:\Windows\System\cwfTbjZ.exe
  C:\Windows\System\cwfTbjZ.exe
  2⤵
  PID:5460
- C:\Windows\System\fZXGMCQ.exe
  C:\Windows\System\fZXGMCQ.exe
  2⤵
  PID:5476
- C:\Windows\System\jHVxxEY.exe
  C:\Windows\System\jHVxxEY.exe
  2⤵
  PID:5492
- C:\Windows\System\sIjKULh.exe
  C:\Windows\System\sIjKULh.exe
  2⤵
  PID:5508
- C:\Windows\System\XcXjVAi.exe
  C:\Windows\System\XcXjVAi.exe
  2⤵
  PID:5524
- C:\Windows\System\YZbuvXI.exe
  C:\Windows\System\YZbuvXI.exe
  2⤵
  PID:5540
- C:\Windows\System\WslWxUt.exe
  C:\Windows\System\WslWxUt.exe
  2⤵
  PID:5556
- C:\Windows\System\GvCQbAY.exe
  C:\Windows\System\GvCQbAY.exe
  2⤵
  PID:5572
- C:\Windows\System\NbUiZhT.exe
  C:\Windows\System\NbUiZhT.exe
  2⤵
  PID:5588
- C:\Windows\System\rdqkRTv.exe
  C:\Windows\System\rdqkRTv.exe
  2⤵
  PID:5604
- C:\Windows\System\uMYLzYA.exe
  C:\Windows\System\uMYLzYA.exe
  2⤵
  PID:5620
- C:\Windows\System\aOIbzne.exe
  C:\Windows\System\aOIbzne.exe
  2⤵
  PID:5636
- C:\Windows\System\DQNjqbc.exe
  C:\Windows\System\DQNjqbc.exe
  2⤵
  PID:5652
- C:\Windows\System\hPSCfRI.exe
  C:\Windows\System\hPSCfRI.exe
  2⤵
  PID:5668
- C:\Windows\System\NgsOVOX.exe
  C:\Windows\System\NgsOVOX.exe
  2⤵
  PID:5684
- C:\Windows\System\lOSIqsc.exe
  C:\Windows\System\lOSIqsc.exe
  2⤵
  PID:5700
- C:\Windows\System\SEWThTL.exe
  C:\Windows\System\SEWThTL.exe
  2⤵
  PID:5716
- C:\Windows\System\rnvMSjO.exe
  C:\Windows\System\rnvMSjO.exe
  2⤵
  PID:5732
- C:\Windows\System\pVDyxja.exe
  C:\Windows\System\pVDyxja.exe
  2⤵
  PID:5748
- C:\Windows\System\BJVCkcU.exe
  C:\Windows\System\BJVCkcU.exe
  2⤵
  PID:5764
- C:\Windows\System\dkRWgYF.exe
  C:\Windows\System\dkRWgYF.exe
  2⤵
  PID:5780
- C:\Windows\System\WFwScIa.exe
  C:\Windows\System\WFwScIa.exe
  2⤵
  PID:5796
- C:\Windows\System\BrgmhKY.exe
  C:\Windows\System\BrgmhKY.exe
  2⤵
  PID:5812
- C:\Windows\System\VHQrmaL.exe
  C:\Windows\System\VHQrmaL.exe
  2⤵
  PID:5828
- C:\Windows\System\XySmnZv.exe
  C:\Windows\System\XySmnZv.exe
  2⤵
  PID:5844
- C:\Windows\System\kYwuMTb.exe
  C:\Windows\System\kYwuMTb.exe
  2⤵
  PID:5860
- C:\Windows\System\MkaywEa.exe
  C:\Windows\System\MkaywEa.exe
  2⤵
  PID:5876
- C:\Windows\System\mTeTKXF.exe
  C:\Windows\System\mTeTKXF.exe
  2⤵
  PID:5892
- C:\Windows\System\lGTfDCI.exe
  C:\Windows\System\lGTfDCI.exe
  2⤵
  PID:5908
- C:\Windows\System\GWVorPv.exe
  C:\Windows\System\GWVorPv.exe
  2⤵
  PID:5924
- C:\Windows\System\rWBdmmZ.exe
  C:\Windows\System\rWBdmmZ.exe
  2⤵
  PID:5940
- C:\Windows\System\AXGefKJ.exe
  C:\Windows\System\AXGefKJ.exe
  2⤵
  PID:5956
- C:\Windows\System\UTQiNCM.exe
  C:\Windows\System\UTQiNCM.exe
  2⤵
  PID:5976
- C:\Windows\System\sAkFlKL.exe
  C:\Windows\System\sAkFlKL.exe
  2⤵
  PID:5992
- C:\Windows\System\cnmrgOS.exe
  C:\Windows\System\cnmrgOS.exe
  2⤵
  PID:6008
- C:\Windows\System\ipuZzfP.exe
  C:\Windows\System\ipuZzfP.exe
  2⤵
  PID:6024
- C:\Windows\System\LtEkHkY.exe
  C:\Windows\System\LtEkHkY.exe
  2⤵
  PID:6040
- C:\Windows\System\lFFupnh.exe
  C:\Windows\System\lFFupnh.exe
  2⤵
  PID:6056
- C:\Windows\System\BCYwcoL.exe
  C:\Windows\System\BCYwcoL.exe
  2⤵
  PID:6072
- C:\Windows\System\mtrLBJF.exe
  C:\Windows\System\mtrLBJF.exe
  2⤵
  PID:6088
- C:\Windows\System\OHexqFu.exe
  C:\Windows\System\OHexqFu.exe
  2⤵
  PID:6104
- C:\Windows\System\iMGhzPe.exe
  C:\Windows\System\iMGhzPe.exe
  2⤵
  PID:6120
- C:\Windows\System\dfITSJO.exe
  C:\Windows\System\dfITSJO.exe
  2⤵
  PID:6136
- C:\Windows\System\NnfwEKP.exe
  C:\Windows\System\NnfwEKP.exe
  2⤵
  PID:4472
- C:\Windows\System\AQbNJYH.exe
  C:\Windows\System\AQbNJYH.exe
  2⤵
  PID:4708
- C:\Windows\System\rACVkmh.exe
  C:\Windows\System\rACVkmh.exe
  2⤵
  PID:5164
- C:\Windows\System\HwPsArn.exe
  C:\Windows\System\HwPsArn.exe
  2⤵
  PID:5224
- C:\Windows\System\QqbzCkd.exe
  C:\Windows\System\QqbzCkd.exe
  2⤵
  PID:5288
- C:\Windows\System\YDrJwZo.exe
  C:\Windows\System\YDrJwZo.exe
  2⤵
  PID:5384
- C:\Windows\System\fuoAFJG.exe
  C:\Windows\System\fuoAFJG.exe
  2⤵
  PID:5420
- C:\Windows\System\yJaVzbf.exe
  C:\Windows\System\yJaVzbf.exe
  2⤵
  PID:5484
- C:\Windows\System\yiKjlxG.exe
  C:\Windows\System\yiKjlxG.exe
  2⤵
  PID:5548
- C:\Windows\System\AvNGkxk.exe
  C:\Windows\System\AvNGkxk.exe
  2⤵
  PID:5612
- C:\Windows\System\BaASrMu.exe
  C:\Windows\System\BaASrMu.exe
  2⤵
  PID:4996
- C:\Windows\System\tqulOxp.exe
  C:\Windows\System\tqulOxp.exe
  2⤵
  PID:4072
- C:\Windows\System\qSnzEGe.exe
  C:\Windows\System\qSnzEGe.exe
  2⤵
  PID:5180
- C:\Windows\System\SklitxI.exe
  C:\Windows\System\SklitxI.exe
  2⤵
  PID:5276
- C:\Windows\System\iZYOwgH.exe
  C:\Windows\System\iZYOwgH.exe
  2⤵
  PID:5340
- C:\Windows\System\GkWQWgO.exe
  C:\Windows\System\GkWQWgO.exe
  2⤵
  PID:5648
- C:\Windows\System\zEXzpRF.exe
  C:\Windows\System\zEXzpRF.exe
  2⤵
  PID:5712
- C:\Windows\System\PpTgYIr.exe
  C:\Windows\System\PpTgYIr.exe
  2⤵
  PID:5776
- C:\Windows\System\wceXgou.exe
  C:\Windows\System\wceXgou.exe
  2⤵
  PID:5408
- C:\Windows\System\hjsOkfa.exe
  C:\Windows\System\hjsOkfa.exe
  2⤵
  PID:5468
- C:\Windows\System\ZnyCUUp.exe
  C:\Windows\System\ZnyCUUp.exe
  2⤵
  PID:5536
- C:\Windows\System\onvrGjw.exe
  C:\Windows\System\onvrGjw.exe
  2⤵
  PID:5568
- C:\Windows\System\LFdCTUd.exe
  C:\Windows\System\LFdCTUd.exe
  2⤵
  PID:5760
- C:\Windows\System\dTtRYCl.exe
  C:\Windows\System\dTtRYCl.exe
  2⤵
  PID:5868
- C:\Windows\System\qIgqJRu.exe
  C:\Windows\System\qIgqJRu.exe
  2⤵
  PID:5904
- C:\Windows\System\acVEbXV.exe
  C:\Windows\System\acVEbXV.exe
  2⤵
  PID:5692
- C:\Windows\System\wUwdnft.exe
  C:\Windows\System\wUwdnft.exe
  2⤵
  PID:5788
- C:\Windows\System\jarHLnu.exe
  C:\Windows\System\jarHLnu.exe
  2⤵
  PID:5856
- C:\Windows\System\OKWqVOR.exe
  C:\Windows\System\OKWqVOR.exe
  2⤵
  PID:5972
- C:\Windows\System\otAyymb.exe
  C:\Windows\System\otAyymb.exe
  2⤵
  PID:5948
- C:\Windows\System\gYgSXKF.exe
  C:\Windows\System\gYgSXKF.exe
  2⤵
  PID:6036
- C:\Windows\System\NPAFurz.exe
  C:\Windows\System\NPAFurz.exe
  2⤵
  PID:6096
- C:\Windows\System\PVUvXWt.exe
  C:\Windows\System\PVUvXWt.exe
  2⤵
  PID:4516
- C:\Windows\System\eYKLToD.exe
  C:\Windows\System\eYKLToD.exe
  2⤵
  PID:6052
- C:\Windows\System\bxsNmfb.exe
  C:\Windows\System\bxsNmfb.exe
  2⤵
  PID:6116
- C:\Windows\System\laJkKzF.exe
  C:\Windows\System\laJkKzF.exe
  2⤵
  PID:5988
- C:\Windows\System\ZDJuHqZ.exe
  C:\Windows\System\ZDJuHqZ.exe
  2⤵
  PID:5324
- C:\Windows\System\jlRKryv.exe
  C:\Windows\System\jlRKryv.exe
  2⤵
  PID:5456
- C:\Windows\System\fhmIiHT.exe
  C:\Windows\System\fhmIiHT.exe
  2⤵
  PID:1764
- C:\Windows\System\haZplHj.exe
  C:\Windows\System\haZplHj.exe
  2⤵
  PID:5644
- C:\Windows\System\yGkZvfe.exe
  C:\Windows\System\yGkZvfe.exe
  2⤵
  PID:5744
- C:\Windows\System\oetPhSV.exe
  C:\Windows\System\oetPhSV.exe
  2⤵
  PID:5600
- C:\Windows\System\owHzlNP.exe
  C:\Windows\System\owHzlNP.exe
  2⤵
  PID:5660
- C:\Windows\System\cHxuCGS.exe
  C:\Windows\System\cHxuCGS.exe
  2⤵
  PID:5824
- C:\Windows\System\EkBDNyD.exe
  C:\Windows\System\EkBDNyD.exe
  2⤵
  PID:5148
- C:\Windows\System\PKBKppu.exe
  C:\Windows\System\PKBKppu.exe
  2⤵
  PID:5144
- C:\Windows\System\VCUIlSe.exe
  C:\Windows\System\VCUIlSe.exe
  2⤵
  PID:6000
- C:\Windows\System\QTKuzQW.exe
  C:\Windows\System\QTKuzQW.exe
  2⤵
  PID:6016
- C:\Windows\System\SJooTyI.exe
  C:\Windows\System\SJooTyI.exe
  2⤵
  PID:5532
- C:\Windows\System\waTItki.exe
  C:\Windows\System\waTItki.exe
  2⤵
  PID:5724
- C:\Windows\System\YoVFMCz.exe
  C:\Windows\System\YoVFMCz.exe
  2⤵
  PID:5888
- C:\Windows\System\zpRloUL.exe
  C:\Windows\System\zpRloUL.exe
  2⤵
  PID:6132
- C:\Windows\System\hVcSjNr.exe
  C:\Windows\System\hVcSjNr.exe
  2⤵
  PID:6020
- C:\Windows\System\HjLeJJA.exe
  C:\Windows\System\HjLeJJA.exe
  2⤵
  PID:3888
- C:\Windows\System\BDvSREC.exe
  C:\Windows\System\BDvSREC.exe
  2⤵
  PID:4232
- C:\Windows\System\RUmjiJw.exe
  C:\Windows\System\RUmjiJw.exe
  2⤵
  PID:5500
- C:\Windows\System\iccrTin.exe
  C:\Windows\System\iccrTin.exe
  2⤵
  PID:4136
- C:\Windows\System\MtVzlZj.exe
  C:\Windows\System\MtVzlZj.exe
  2⤵
  PID:4216
- C:\Windows\System\wGblabc.exe
  C:\Windows\System\wGblabc.exe
  2⤵
  PID:6048
- C:\Windows\System\mNeFLJU.exe
  C:\Windows\System\mNeFLJU.exe
  2⤵
  PID:5372
- C:\Windows\System\dqycrxy.exe
  C:\Windows\System\dqycrxy.exe
  2⤵
  PID:5272
- C:\Windows\System\DUYeaOO.exe
  C:\Windows\System\DUYeaOO.exe
  2⤵
  PID:5336
- C:\Windows\System\tDzOEow.exe
  C:\Windows\System\tDzOEow.exe
  2⤵
  PID:5984
- C:\Windows\System\EwhayYa.exe
  C:\Windows\System\EwhayYa.exe
  2⤵
  PID:6068
- C:\Windows\System\BrvoUbj.exe
  C:\Windows\System\BrvoUbj.exe
  2⤵
  PID:5676
- C:\Windows\System\DWpVcdw.exe
  C:\Windows\System\DWpVcdw.exe
  2⤵
  PID:4368
- C:\Windows\System\zduGZcn.exe
  C:\Windows\System\zduGZcn.exe
  2⤵
  PID:5400
- C:\Windows\System\wVHXDJA.exe
  C:\Windows\System\wVHXDJA.exe
  2⤵
  PID:6152
- C:\Windows\System\JCnSJec.exe
  C:\Windows\System\JCnSJec.exe
  2⤵
  PID:6168
- C:\Windows\System\kRiUXSi.exe
  C:\Windows\System\kRiUXSi.exe
  2⤵
  PID:6184
- C:\Windows\System\joAgTZh.exe
  C:\Windows\System\joAgTZh.exe
  2⤵
  PID:6204
- C:\Windows\System\lTybyAM.exe
  C:\Windows\System\lTybyAM.exe
  2⤵
  PID:6220
- C:\Windows\System\RliYvxn.exe
  C:\Windows\System\RliYvxn.exe
  2⤵
  PID:6236
- C:\Windows\System\RyVqNtU.exe
  C:\Windows\System\RyVqNtU.exe
  2⤵
  PID:6252
- C:\Windows\System\nKneZbk.exe
  C:\Windows\System\nKneZbk.exe
  2⤵
  PID:6268
- C:\Windows\System\WkrxFJY.exe
  C:\Windows\System\WkrxFJY.exe
  2⤵
  PID:6284
- C:\Windows\System\THileDF.exe
  C:\Windows\System\THileDF.exe
  2⤵
  PID:6300
- C:\Windows\System\ogHPaCW.exe
  C:\Windows\System\ogHPaCW.exe
  2⤵
  PID:6316
- C:\Windows\System\ZoPnRke.exe
  C:\Windows\System\ZoPnRke.exe
  2⤵
  PID:6332
- C:\Windows\System\exLcuzs.exe
  C:\Windows\System\exLcuzs.exe
  2⤵
  PID:6348
- C:\Windows\System\eYNMuXd.exe
  C:\Windows\System\eYNMuXd.exe
  2⤵
  PID:6364
- C:\Windows\System\vsUyrWP.exe
  C:\Windows\System\vsUyrWP.exe
  2⤵
  PID:6380
- C:\Windows\System\USQuUPx.exe
  C:\Windows\System\USQuUPx.exe
  2⤵
  PID:6396
- C:\Windows\System\vuuYqFD.exe
  C:\Windows\System\vuuYqFD.exe
  2⤵
  PID:6412
- C:\Windows\System\yDtWGKG.exe
  C:\Windows\System\yDtWGKG.exe
  2⤵
  PID:6428
- C:\Windows\System\vsaDvgl.exe
  C:\Windows\System\vsaDvgl.exe
  2⤵
  PID:6444
- C:\Windows\System\wHJUsJm.exe
  C:\Windows\System\wHJUsJm.exe
  2⤵
  PID:6460
- C:\Windows\System\IvMsWHz.exe
  C:\Windows\System\IvMsWHz.exe
  2⤵
  PID:6476
- C:\Windows\System\bmQPggC.exe
  C:\Windows\System\bmQPggC.exe
  2⤵
  PID:6492
- C:\Windows\System\lcRqRVw.exe
  C:\Windows\System\lcRqRVw.exe
  2⤵
  PID:6508
- C:\Windows\System\iCetVpg.exe
  C:\Windows\System\iCetVpg.exe
  2⤵
  PID:6524
- C:\Windows\System\IzhTHGZ.exe
  C:\Windows\System\IzhTHGZ.exe
  2⤵
  PID:6540
- C:\Windows\System\QjQJvPW.exe
  C:\Windows\System\QjQJvPW.exe
  2⤵
  PID:6556
- C:\Windows\System\KtXpRYe.exe
  C:\Windows\System\KtXpRYe.exe
  2⤵
  PID:6572
- C:\Windows\System\OYvhUIP.exe
  C:\Windows\System\OYvhUIP.exe
  2⤵
  PID:6588
- C:\Windows\System\ByCZDVZ.exe
  C:\Windows\System\ByCZDVZ.exe
  2⤵
  PID:6604
- C:\Windows\System\XKpHPZW.exe
  C:\Windows\System\XKpHPZW.exe
  2⤵
  PID:6624
- C:\Windows\System\hsSMwJO.exe
  C:\Windows\System\hsSMwJO.exe
  2⤵
  PID:6640
- C:\Windows\System\FRijtVD.exe
  C:\Windows\System\FRijtVD.exe
  2⤵
  PID:6656
- C:\Windows\System\MXHFYoZ.exe
  C:\Windows\System\MXHFYoZ.exe
  2⤵
  PID:6672
- C:\Windows\System\WKlqrXx.exe
  C:\Windows\System\WKlqrXx.exe
  2⤵
  PID:6688
- C:\Windows\System\mMfxPZi.exe
  C:\Windows\System\mMfxPZi.exe
  2⤵
  PID:6704
- C:\Windows\System\bVMRajc.exe
  C:\Windows\System\bVMRajc.exe
  2⤵
  PID:6720
- C:\Windows\System\PksOvev.exe
  C:\Windows\System\PksOvev.exe
  2⤵
  PID:6736
- C:\Windows\System\bVKXwfu.exe
  C:\Windows\System\bVKXwfu.exe
  2⤵
  PID:6752
- C:\Windows\System\QGwuVQN.exe
  C:\Windows\System\QGwuVQN.exe
  2⤵
  PID:6768
- C:\Windows\System\KJazMGi.exe
  C:\Windows\System\KJazMGi.exe
  2⤵
  PID:6784
- C:\Windows\System\ZpPZKgj.exe
  C:\Windows\System\ZpPZKgj.exe
  2⤵
  PID:6800
- C:\Windows\System\oOHdsFy.exe
  C:\Windows\System\oOHdsFy.exe
  2⤵
  PID:6816
- C:\Windows\System\TtplQWP.exe
  C:\Windows\System\TtplQWP.exe
  2⤵
  PID:6832
- C:\Windows\System\byKkJbF.exe
  C:\Windows\System\byKkJbF.exe
  2⤵
  PID:6848
- C:\Windows\System\dTXTsuL.exe
  C:\Windows\System\dTXTsuL.exe
  2⤵
  PID:6864
- C:\Windows\System\ZZJEBOg.exe
  C:\Windows\System\ZZJEBOg.exe
  2⤵
  PID:6880
- C:\Windows\System\lPqTdFH.exe
  C:\Windows\System\lPqTdFH.exe
  2⤵
  PID:6896
- C:\Windows\System\BpBxGiM.exe
  C:\Windows\System\BpBxGiM.exe
  2⤵
  PID:6912
- C:\Windows\System\OSFzITD.exe
  C:\Windows\System\OSFzITD.exe
  2⤵
  PID:6928
- C:\Windows\System\gUYfHbK.exe
  C:\Windows\System\gUYfHbK.exe
  2⤵
  PID:6944
- C:\Windows\System\mKfWmVX.exe
  C:\Windows\System\mKfWmVX.exe
  2⤵
  PID:6960
- C:\Windows\System\XrIlEYG.exe
  C:\Windows\System\XrIlEYG.exe
  2⤵
  PID:6976
- C:\Windows\System\PdEIogu.exe
  C:\Windows\System\PdEIogu.exe
  2⤵
  PID:6992
- C:\Windows\System\cufVIQq.exe
  C:\Windows\System\cufVIQq.exe
  2⤵
  PID:7008
- C:\Windows\System\KZgoHEy.exe
  C:\Windows\System\KZgoHEy.exe
  2⤵
  PID:7024
- C:\Windows\System\yFmosCo.exe
  C:\Windows\System\yFmosCo.exe
  2⤵
  PID:7040
- C:\Windows\System\bnMVrnw.exe
  C:\Windows\System\bnMVrnw.exe
  2⤵
  PID:7056
- C:\Windows\System\aWbaYjq.exe
  C:\Windows\System\aWbaYjq.exe
  2⤵
  PID:7072
- C:\Windows\System\KIuzgtr.exe
  C:\Windows\System\KIuzgtr.exe
  2⤵
  PID:7092
- C:\Windows\System\iQxUpTK.exe
  C:\Windows\System\iQxUpTK.exe
  2⤵
  PID:7108
- C:\Windows\System\UacahZH.exe
  C:\Windows\System\UacahZH.exe
  2⤵
  PID:7124
- C:\Windows\System\pxAMVxR.exe
  C:\Windows\System\pxAMVxR.exe
  2⤵
  PID:7140
- C:\Windows\System\zVNXDkm.exe
  C:\Windows\System\zVNXDkm.exe
  2⤵
  PID:7156
- C:\Windows\System\aJvyfTf.exe
  C:\Windows\System\aJvyfTf.exe
  2⤵
  PID:5968
- C:\Windows\System\VCLtjiz.exe
  C:\Windows\System\VCLtjiz.exe
  2⤵
  PID:6148
- C:\Windows\System\qKYLuqK.exe
  C:\Windows\System\qKYLuqK.exe
  2⤵
  PID:5840
- C:\Windows\System\HCoTznN.exe
  C:\Windows\System\HCoTznN.exe
  2⤵
  PID:6164
- C:\Windows\System\gJySHwx.exe
  C:\Windows\System\gJySHwx.exe
  2⤵
  PID:6196
- C:\Windows\System\FZVmEoV.exe
  C:\Windows\System\FZVmEoV.exe
  2⤵
  PID:6244
- C:\Windows\System\oADEelC.exe
  C:\Windows\System\oADEelC.exe
  2⤵
  PID:6312
- C:\Windows\System\ImCAlHo.exe
  C:\Windows\System\ImCAlHo.exe
  2⤵
  PID:6292
- C:\Windows\System\IBqyVfc.exe
  C:\Windows\System\IBqyVfc.exe
  2⤵
  PID:6408
- C:\Windows\System\jHsYQgO.exe
  C:\Windows\System\jHsYQgO.exe
  2⤵
  PID:6472
- C:\Windows\System\NBkawft.exe
  C:\Windows\System\NBkawft.exe
  2⤵
  PID:6296
- C:\Windows\System\hyAoTTu.exe
  C:\Windows\System\hyAoTTu.exe
  2⤵
  PID:6452
- C:\Windows\System\KTAqMPa.exe
  C:\Windows\System\KTAqMPa.exe
  2⤵
  PID:6532
- C:\Windows\System\ozOiZtH.exe
  C:\Windows\System\ozOiZtH.exe
  2⤵
  PID:6600
- C:\Windows\System\VVSUxcq.exe
  C:\Windows\System\VVSUxcq.exe
  2⤵
  PID:6664
- C:\Windows\System\EfMGBCz.exe
  C:\Windows\System\EfMGBCz.exe
  2⤵
  PID:6388
- C:\Windows\System\DmScEqd.exe
  C:\Windows\System\DmScEqd.exe
  2⤵
  PID:6484
- C:\Windows\System\LicUgMP.exe
  C:\Windows\System\LicUgMP.exe
  2⤵
  PID:6616
- C:\Windows\System\VQuMDnD.exe
  C:\Windows\System\VQuMDnD.exe
  2⤵
  PID:6700
- C:\Windows\System\tNynwGw.exe
  C:\Windows\System\tNynwGw.exe
  2⤵
  PID:6792
- C:\Windows\System\XkTIBQI.exe
  C:\Windows\System\XkTIBQI.exe
  2⤵
  PID:6520
- C:\Windows\System\dMJnXLB.exe
  C:\Windows\System\dMJnXLB.exe
  2⤵
  PID:6648
- C:\Windows\System\vLgzbjo.exe
  C:\Windows\System\vLgzbjo.exe
  2⤵
  PID:6856
- C:\Windows\System\aFwWaJo.exe
  C:\Windows\System\aFwWaJo.exe
  2⤵
  PID:6920
- C:\Windows\System\UHxwHnq.exe
  C:\Windows\System\UHxwHnq.exe
  2⤵
  PID:6844
- C:\Windows\System\HfjDomW.exe
  C:\Windows\System\HfjDomW.exe
  2⤵
  PID:7016
- C:\Windows\System\zUwmjaj.exe
  C:\Windows\System\zUwmjaj.exe
  2⤵
  PID:6908
- C:\Windows\System\Dovwhnq.exe
  C:\Windows\System\Dovwhnq.exe
  2⤵
  PID:7032
- C:\Windows\System\RBVycYq.exe
  C:\Windows\System\RBVycYq.exe
  2⤵
  PID:7084
- C:\Windows\System\amLSsKM.exe
  C:\Windows\System\amLSsKM.exe
  2⤵
  PID:7152
- C:\Windows\System\GtaiFtJ.exe
  C:\Windows\System\GtaiFtJ.exe
  2⤵
  PID:6216
- C:\Windows\System\NpfXMgu.exe
  C:\Windows\System\NpfXMgu.exe
  2⤵
  PID:6972
- C:\Windows\System\ywotWMO.exe
  C:\Windows\System\ywotWMO.exe
  2⤵
  PID:7164
- C:\Windows\System\jiBxazb.exe
  C:\Windows\System\jiBxazb.exe
  2⤵
  PID:5920
- C:\Windows\System\cZATaPG.exe
  C:\Windows\System\cZATaPG.exe
  2⤵
  PID:6440
- C:\Windows\System\pqWgcpD.exe
  C:\Windows\System\pqWgcpD.exe
  2⤵
  PID:6568
- C:\Windows\System\ZJvAINO.exe
  C:\Windows\System\ZJvAINO.exe
  2⤵
  PID:7100
- C:\Windows\System\ROJgdfd.exe
  C:\Windows\System\ROJgdfd.exe
  2⤵
  PID:6376
- C:\Windows\System\zaVFJTZ.exe
  C:\Windows\System\zaVFJTZ.exe
  2⤵
  PID:6764
- C:\Windows\System\NawDtkN.exe
  C:\Windows\System\NawDtkN.exe
  2⤵
  PID:6584
- C:\Windows\System\WNpDIxT.exe
  C:\Windows\System\WNpDIxT.exe
  2⤵
  PID:6500
- C:\Windows\System\SuUkiSF.exe
  C:\Windows\System\SuUkiSF.exe
  2⤵
  PID:6728
- C:\Windows\System\lUUkJKu.exe
  C:\Windows\System\lUUkJKu.exe
  2⤵
  PID:6456
- C:\Windows\System\SWxUEcO.exe
  C:\Windows\System\SWxUEcO.exe
  2⤵
  PID:6812
- C:\Windows\System\uxydAjh.exe
  C:\Windows\System\uxydAjh.exe
  2⤵
  PID:6620
- C:\Windows\System\jLnuIrQ.exe
  C:\Windows\System\jLnuIrQ.exe
  2⤵
  PID:6876
- C:\Windows\System\HQbgomb.exe
  C:\Windows\System\HQbgomb.exe
  2⤵
  PID:6956
- C:\Windows\System\iACnlYZ.exe
  C:\Windows\System\iACnlYZ.exe
  2⤵
  PID:2980
- C:\Windows\System\OlCRqef.exe
  C:\Windows\System\OlCRqef.exe
  2⤵
  PID:7048
- C:\Windows\System\wuZKdiG.exe
  C:\Windows\System\wuZKdiG.exe
  2⤵
  PID:6984
- C:\Windows\System\rfiiWrB.exe
  C:\Windows\System\rfiiWrB.exe
  2⤵
  PID:7004
- C:\Windows\System\LkHCMJL.exe
  C:\Windows\System\LkHCMJL.exe
  2⤵
  PID:6968
- C:\Windows\System\CLblPax.exe
  C:\Windows\System\CLblPax.exe
  2⤵
  PID:6392
- C:\Windows\System\qmQagkY.exe
  C:\Windows\System\qmQagkY.exe
  2⤵
  PID:7088
- C:\Windows\System\yyhrqkP.exe
  C:\Windows\System\yyhrqkP.exe
  2⤵
  PID:6636
- C:\Windows\System\RepXPta.exe
  C:\Windows\System\RepXPta.exe
  2⤵
  PID:6744
- C:\Windows\System\njcDDPm.exe
  C:\Windows\System\njcDDPm.exe
  2⤵
  PID:2012
- C:\Windows\System\mgSdNVC.exe
  C:\Windows\System\mgSdNVC.exe
  2⤵
  PID:5160
- C:\Windows\System\zkHqkEM.exe
  C:\Windows\System\zkHqkEM.exe
  2⤵
  PID:6356
- C:\Windows\System\pCEISjf.exe
  C:\Windows\System\pCEISjf.exe
  2⤵
  PID:6264
- C:\Windows\System\bZyYBpp.exe
  C:\Windows\System\bZyYBpp.exe
  2⤵
  PID:6328
- C:\Windows\System\JMWULxM.exe
  C:\Windows\System\JMWULxM.exe
  2⤵
  PID:836
- C:\Windows\System\AyRDUvl.exe
  C:\Windows\System\AyRDUvl.exe
  2⤵
  PID:6128
- C:\Windows\System\UZzHYzv.exe
  C:\Windows\System\UZzHYzv.exe
  2⤵
  PID:6904
- C:\Windows\System\QPjCrWl.exe
  C:\Windows\System\QPjCrWl.exe
  2⤵
  PID:7184
- C:\Windows\System\BUbIZdI.exe
  C:\Windows\System\BUbIZdI.exe
  2⤵
  PID:7200
- C:\Windows\System\RcINjhV.exe
  C:\Windows\System\RcINjhV.exe
  2⤵
  PID:7216
- C:\Windows\System\ZpLtpGz.exe
  C:\Windows\System\ZpLtpGz.exe
  2⤵
  PID:7232
- C:\Windows\System\bEzGotA.exe
  C:\Windows\System\bEzGotA.exe
  2⤵
  PID:7248
- C:\Windows\System\DopLeea.exe
  C:\Windows\System\DopLeea.exe
  2⤵
  PID:7264
- C:\Windows\System\xhfMiez.exe
  C:\Windows\System\xhfMiez.exe
  2⤵
  PID:7280
- C:\Windows\System\DWSTMFx.exe
  C:\Windows\System\DWSTMFx.exe
  2⤵
  PID:7296
- C:\Windows\System\cOCaVnS.exe
  C:\Windows\System\cOCaVnS.exe
  2⤵
  PID:7312
- C:\Windows\System\fSFWZBt.exe
  C:\Windows\System\fSFWZBt.exe
  2⤵
  PID:7328
- C:\Windows\System\FAYcdOW.exe
  C:\Windows\System\FAYcdOW.exe
  2⤵
  PID:7348
- C:\Windows\System\mneVelF.exe
  C:\Windows\System\mneVelF.exe
  2⤵
  PID:7364
- C:\Windows\System\nHvmXgB.exe
  C:\Windows\System\nHvmXgB.exe
  2⤵
  PID:7380
- C:\Windows\System\eibqzOW.exe
  C:\Windows\System\eibqzOW.exe
  2⤵
  PID:7396
- C:\Windows\System\TCQEMni.exe
  C:\Windows\System\TCQEMni.exe
  2⤵
  PID:7412
- C:\Windows\System\jqKLONG.exe
  C:\Windows\System\jqKLONG.exe
  2⤵
  PID:7428
- C:\Windows\System\uFpamfP.exe
  C:\Windows\System\uFpamfP.exe
  2⤵
  PID:7444
- C:\Windows\System\vGGwcMg.exe
  C:\Windows\System\vGGwcMg.exe
  2⤵
  PID:7460
- C:\Windows\System\ppNksmn.exe
  C:\Windows\System\ppNksmn.exe
  2⤵
  PID:7476
- C:\Windows\System\KfambcC.exe
  C:\Windows\System\KfambcC.exe
  2⤵
  PID:7492
- C:\Windows\System\TLHJpKK.exe
  C:\Windows\System\TLHJpKK.exe
  2⤵
  PID:7508
- C:\Windows\System\OCEdftH.exe
  C:\Windows\System\OCEdftH.exe
  2⤵
  PID:7524
- C:\Windows\System\WzheAnX.exe
  C:\Windows\System\WzheAnX.exe
  2⤵
  PID:7540
- C:\Windows\System\LuYUuEr.exe
  C:\Windows\System\LuYUuEr.exe
  2⤵
  PID:7556
- C:\Windows\System\libKbNV.exe
  C:\Windows\System\libKbNV.exe
  2⤵
  PID:7572
- C:\Windows\System\mRxCOTV.exe
  C:\Windows\System\mRxCOTV.exe
  2⤵
  PID:7588
- C:\Windows\System\HWftfUM.exe
  C:\Windows\System\HWftfUM.exe
  2⤵
  PID:7604
- C:\Windows\System\zJjDeKd.exe
  C:\Windows\System\zJjDeKd.exe
  2⤵
  PID:7620
- C:\Windows\System\RmstwPo.exe
  C:\Windows\System\RmstwPo.exe
  2⤵
  PID:7636
- C:\Windows\System\oHRdENj.exe
  C:\Windows\System\oHRdENj.exe
  2⤵
  PID:7652
- C:\Windows\System\dwytgKK.exe
  C:\Windows\System\dwytgKK.exe
  2⤵
  PID:7668
- C:\Windows\System\zLaojJa.exe
  C:\Windows\System\zLaojJa.exe
  2⤵
  PID:7684
- C:\Windows\System\qazXkTL.exe
  C:\Windows\System\qazXkTL.exe
  2⤵
  PID:7700
- C:\Windows\System\wQjZaBf.exe
  C:\Windows\System\wQjZaBf.exe
  2⤵
  PID:7716
- C:\Windows\System\ccheBdT.exe
  C:\Windows\System\ccheBdT.exe
  2⤵
  PID:7732
- C:\Windows\System\zzRGmGu.exe
  C:\Windows\System\zzRGmGu.exe
  2⤵
  PID:7748
- C:\Windows\System\oltdiZE.exe
  C:\Windows\System\oltdiZE.exe
  2⤵
  PID:7764
- C:\Windows\System\JtBEiXu.exe
  C:\Windows\System\JtBEiXu.exe
  2⤵
  PID:7780
- C:\Windows\System\mPnTUQB.exe
  C:\Windows\System\mPnTUQB.exe
  2⤵
  PID:7796
- C:\Windows\System\TOvcDui.exe
  C:\Windows\System\TOvcDui.exe
  2⤵
  PID:7812
- C:\Windows\System\iIMbNry.exe
  C:\Windows\System\iIMbNry.exe
  2⤵
  PID:7828
- C:\Windows\System\ZSZinUa.exe
  C:\Windows\System\ZSZinUa.exe
  2⤵
  PID:7844
- C:\Windows\System\TnDVOCT.exe
  C:\Windows\System\TnDVOCT.exe
  2⤵
  PID:7860
- C:\Windows\System\ADZuZTT.exe
  C:\Windows\System\ADZuZTT.exe
  2⤵
  PID:7876
- C:\Windows\System\yyIRiao.exe
  C:\Windows\System\yyIRiao.exe
  2⤵
  PID:7892
- C:\Windows\System\igxekzB.exe
  C:\Windows\System\igxekzB.exe
  2⤵
  PID:7908
- C:\Windows\System\EChApHk.exe
  C:\Windows\System\EChApHk.exe
  2⤵
  PID:7924
- C:\Windows\System\VSVxsbn.exe
  C:\Windows\System\VSVxsbn.exe
  2⤵
  PID:7940
- C:\Windows\System\eXbteOJ.exe
  C:\Windows\System\eXbteOJ.exe
  2⤵
  PID:7960
- C:\Windows\System\RpVkMue.exe
  C:\Windows\System\RpVkMue.exe
  2⤵
  PID:7976
- C:\Windows\System\EmTKZSb.exe
  C:\Windows\System\EmTKZSb.exe
  2⤵
  PID:7992
- C:\Windows\System\YYvlUdB.exe
  C:\Windows\System\YYvlUdB.exe
  2⤵
  PID:8008
- C:\Windows\System\aMEDAzx.exe
  C:\Windows\System\aMEDAzx.exe
  2⤵
  PID:8024
- C:\Windows\System\WcKzkcX.exe
  C:\Windows\System\WcKzkcX.exe
  2⤵
  PID:8040
- C:\Windows\System\XtsBdEy.exe
  C:\Windows\System\XtsBdEy.exe
  2⤵
  PID:8056
- C:\Windows\System\JIoAqOJ.exe
  C:\Windows\System\JIoAqOJ.exe
  2⤵
  PID:8072
- C:\Windows\System\wXOGXAn.exe
  C:\Windows\System\wXOGXAn.exe
  2⤵
  PID:8088
- C:\Windows\System\owRsLwO.exe
  C:\Windows\System\owRsLwO.exe
  2⤵
  PID:8104
- C:\Windows\System\BGQbAzp.exe
  C:\Windows\System\BGQbAzp.exe
  2⤵
  PID:8120
- C:\Windows\System\bjekCHJ.exe
  C:\Windows\System\bjekCHJ.exe
  2⤵
  PID:8136
- C:\Windows\System\SKgFARP.exe
  C:\Windows\System\SKgFARP.exe
  2⤵
  PID:8152
- C:\Windows\System\YrBIJXN.exe
  C:\Windows\System\YrBIJXN.exe
  2⤵
  PID:8168
- C:\Windows\System\aOupXWM.exe
  C:\Windows\System\aOupXWM.exe
  2⤵
  PID:8184
- C:\Windows\System\KpABlYh.exe
  C:\Windows\System\KpABlYh.exe
  2⤵
  PID:5952
- C:\Windows\System\KUkKXVd.exe
  C:\Windows\System\KUkKXVd.exe
  2⤵
  PID:6952
- C:\Windows\System\oObujwj.exe
  C:\Windows\System\oObujwj.exe
  2⤵
  PID:6940
- C:\Windows\System\ZmupLKw.exe
  C:\Windows\System\ZmupLKw.exe
  2⤵
  PID:6552
- C:\Windows\System\jfyLLBb.exe
  C:\Windows\System\jfyLLBb.exe
  2⤵
  PID:7180
- C:\Windows\System\mieQrZc.exe
  C:\Windows\System\mieQrZc.exe
  2⤵
  PID:6632
- C:\Windows\System\hjMOaQz.exe
  C:\Windows\System\hjMOaQz.exe
  2⤵
  PID:7148
- C:\Windows\System\qIknHHO.exe
  C:\Windows\System\qIknHHO.exe
  2⤵
  PID:7176
- C:\Windows\System\HnUcapV.exe
  C:\Windows\System\HnUcapV.exe
  2⤵
  PID:7212
- C:\Windows\System\vmtFmRy.exe
  C:\Windows\System\vmtFmRy.exe
  2⤵
  PID:7392
- C:\Windows\System\fzfETdn.exe
  C:\Windows\System\fzfETdn.exe
  2⤵
  PID:7452
- C:\Windows\System\avGQdvm.exe
  C:\Windows\System\avGQdvm.exe
  2⤵
  PID:7484
- C:\Windows\System\aippyEt.exe
  C:\Windows\System\aippyEt.exe
  2⤵
  PID:7548
- C:\Windows\System\acAARAl.exe
  C:\Windows\System\acAARAl.exe
  2⤵
  PID:7336
- C:\Windows\System\yVmXQpd.exe
  C:\Windows\System\yVmXQpd.exe
  2⤵
  PID:7504
- C:\Windows\System\LRqUJaA.exe
  C:\Windows\System\LRqUJaA.exe
  2⤵
  PID:7612
- C:\Windows\System\KelhGSu.exe
  C:\Windows\System\KelhGSu.exe
  2⤵
  PID:7676
- C:\Windows\System\PLzDBsg.exe
  C:\Windows\System\PLzDBsg.exe
  2⤵
  PID:7500
- C:\Windows\System\iYAYxIc.exe
  C:\Windows\System\iYAYxIc.exe
  2⤵
  PID:7436
- C:\Windows\System\qHbxwhs.exe
  C:\Windows\System\qHbxwhs.exe
  2⤵
  PID:7664
- C:\Windows\System\utZRXXp.exe
  C:\Windows\System\utZRXXp.exe
  2⤵
  PID:7744
- C:\Windows\System\rytkMHY.exe
  C:\Windows\System\rytkMHY.exe
  2⤵
  PID:7808
- C:\Windows\System\BpVMWZe.exe
  C:\Windows\System\BpVMWZe.exe
  2⤵
  PID:7872
- C:\Windows\System\BxCOVEt.exe
  C:\Windows\System\BxCOVEt.exe
  2⤵
  PID:7968
- C:\Windows\System\GcSrZCb.exe
  C:\Windows\System\GcSrZCb.exe
  2⤵
  PID:7568
- C:\Windows\System\pjVdExf.exe
  C:\Windows\System\pjVdExf.exe
  2⤵
  PID:7888
- C:\Windows\System\stENhwi.exe
  C:\Windows\System\stENhwi.exe
  2⤵
  PID:8016
- C:\Windows\System\wgLJKBt.exe
  C:\Windows\System\wgLJKBt.exe
  2⤵
  PID:8064
- C:\Windows\System\LyflxqG.exe
  C:\Windows\System\LyflxqG.exe
  2⤵
  PID:8160
- C:\Windows\System\OweNqNf.exe
  C:\Windows\System\OweNqNf.exe
  2⤵
  PID:6712
- C:\Windows\System\vAyxrfy.exe
  C:\Windows\System\vAyxrfy.exe
  2⤵
  PID:6892
- C:\Windows\System\mQTPErG.exe
  C:\Windows\System\mQTPErG.exe
  2⤵
  PID:7324
- C:\Windows\System\iJkalNi.exe
  C:\Windows\System\iJkalNi.exe
  2⤵
  PID:7424
- C:\Windows\System\tCupjIO.exe
  C:\Windows\System\tCupjIO.exe
  2⤵
  PID:7376
- C:\Windows\System\hJtBbxF.exe
  C:\Windows\System\hJtBbxF.exe
  2⤵
  PID:8144
- C:\Windows\System\EIQraWk.exe
  C:\Windows\System\EIQraWk.exe
  2⤵
  PID:7440
- C:\Windows\System\cSPENfX.exe
  C:\Windows\System\cSPENfX.exe
  2⤵
  PID:7360
- C:\Windows\System\IDNnLwK.exe
  C:\Windows\System\IDNnLwK.exe
  2⤵
  PID:7868
- C:\Windows\System\uBetGNH.exe
  C:\Windows\System\uBetGNH.exe
  2⤵
  PID:7660
- C:\Windows\System\UGeYkSL.exe
  C:\Windows\System\UGeYkSL.exe
  2⤵
  PID:6344
- C:\Windows\System\OzIIZwn.exe
  C:\Windows\System\OzIIZwn.exe
  2⤵
  PID:6748
- C:\Windows\System\UFUmbHH.exe
  C:\Windows\System\UFUmbHH.exe
  2⤵
  PID:7240
- C:\Windows\System\IwzEJQA.exe
  C:\Windows\System\IwzEJQA.exe
  2⤵
  PID:7552
- C:\Windows\System\SzcsZsz.exe
  C:\Windows\System\SzcsZsz.exe
  2⤵
  PID:7904
- C:\Windows\System\uxVosqX.exe
  C:\Windows\System\uxVosqX.exe
  2⤵
  PID:7596
- C:\Windows\System\EHYJPvA.exe
  C:\Windows\System\EHYJPvA.exe
  2⤵
  PID:7952
- C:\Windows\System\jZWwrKW.exe
  C:\Windows\System\jZWwrKW.exe
  2⤵
  PID:2576
- C:\Windows\System\QXLfSZH.exe
  C:\Windows\System\QXLfSZH.exe
  2⤵
  PID:7936
- C:\Windows\System\toWcJMR.exe
  C:\Windows\System\toWcJMR.exe
  2⤵
  PID:676
- C:\Windows\System\JozELnJ.exe
  C:\Windows\System\JozELnJ.exe
  2⤵
  PID:7856
- C:\Windows\System\ZzFOvnR.exe
  C:\Windows\System\ZzFOvnR.exe
  2⤵
  PID:7956
- C:\Windows\System\FbtgWjC.exe
  C:\Windows\System\FbtgWjC.exe
  2⤵
  PID:8096
- C:\Windows\System\UDGwYje.exe
  C:\Windows\System\UDGwYje.exe
  2⤵
  PID:8132
- C:\Windows\System\TJzXpDV.exe
  C:\Windows\System\TJzXpDV.exe
  2⤵
  PID:7408
- C:\Windows\System\HHKhfyN.exe
  C:\Windows\System\HHKhfyN.exe
  2⤵
  PID:8080
- C:\Windows\System\nKjKdtT.exe
  C:\Windows\System\nKjKdtT.exe
  2⤵
  PID:7292
- C:\Windows\System\qaSWhdJ.exe
  C:\Windows\System\qaSWhdJ.exe
  2⤵
  PID:8052
- C:\Windows\System\HudosZq.exe
  C:\Windows\System\HudosZq.exe
  2⤵
  PID:8148
- C:\Windows\System\iGbbTDZ.exe
  C:\Windows\System\iGbbTDZ.exe
  2⤵
  PID:7272
- C:\Windows\System\xkkGGdm.exe
  C:\Windows\System\xkkGGdm.exe
  2⤵
  PID:2548
- C:\Windows\System\QWAkfbV.exe
  C:\Windows\System\QWAkfbV.exe
  2⤵
  PID:7728
- C:\Windows\System\OkFByUu.exe
  C:\Windows\System\OkFByUu.exe
  2⤵
  PID:2156
- C:\Windows\System\kDLZdMu.exe
  C:\Windows\System\kDLZdMu.exe
  2⤵
  PID:7536
- C:\Windows\System\XYrAMKA.exe
  C:\Windows\System\XYrAMKA.exe
  2⤵
  PID:7256
- C:\Windows\System\mhSzkrb.exe
  C:\Windows\System\mhSzkrb.exe
  2⤵
  PID:7260
- C:\Windows\System\zwJRBGX.exe
  C:\Windows\System\zwJRBGX.exe
  2⤵
  PID:2636
- C:\Windows\System\eyzvbAY.exe
  C:\Windows\System\eyzvbAY.exe
  2⤵
  PID:8032
- C:\Windows\System\moiHqTz.exe
  C:\Windows\System\moiHqTz.exe
  2⤵
  PID:7948
- C:\Windows\System\wINxDwd.exe
  C:\Windows\System\wINxDwd.exe
  2⤵
  PID:7740
- C:\Windows\System\PWqrNsI.exe
  C:\Windows\System\PWqrNsI.exe
  2⤵
  PID:1372
- C:\Windows\System\lHZuuTR.exe
  C:\Windows\System\lHZuuTR.exe
  2⤵
  PID:7724
- C:\Windows\System\CjVGyRg.exe
  C:\Windows\System\CjVGyRg.exe
  2⤵
  PID:7756
- C:\Windows\System\tsAiEzG.exe
  C:\Windows\System\tsAiEzG.exe
  2⤵
  PID:7064
- C:\Windows\System\JtwYRGE.exe
  C:\Windows\System\JtwYRGE.exe
  2⤵
  PID:8200
- C:\Windows\System\NuUGOTD.exe
  C:\Windows\System\NuUGOTD.exe
  2⤵
  PID:8216
- C:\Windows\System\wLOZNGu.exe
  C:\Windows\System\wLOZNGu.exe
  2⤵
  PID:8232
- C:\Windows\System\swrJXzo.exe
  C:\Windows\System\swrJXzo.exe
  2⤵
  PID:8248
- C:\Windows\System\aerYOTZ.exe
  C:\Windows\System\aerYOTZ.exe
  2⤵
  PID:8264
- C:\Windows\System\fRntAGQ.exe
  C:\Windows\System\fRntAGQ.exe
  2⤵
  PID:8280
- C:\Windows\System\fjcTfag.exe
  C:\Windows\System\fjcTfag.exe
  2⤵
  PID:8296
- C:\Windows\System\LXrSySi.exe
  C:\Windows\System\LXrSySi.exe
  2⤵
  PID:8312
- C:\Windows\System\zjSIlxz.exe
  C:\Windows\System\zjSIlxz.exe
  2⤵
  PID:8328
- C:\Windows\System\cRHkqNy.exe
  C:\Windows\System\cRHkqNy.exe
  2⤵
  PID:8344
- C:\Windows\System\JemQfJS.exe
  C:\Windows\System\JemQfJS.exe
  2⤵
  PID:8360
- C:\Windows\System\iZtYkHb.exe
  C:\Windows\System\iZtYkHb.exe
  2⤵
  PID:8376
- C:\Windows\System\NuRcCiV.exe
  C:\Windows\System\NuRcCiV.exe
  2⤵
  PID:8396
- C:\Windows\System\NkIFxdM.exe
  C:\Windows\System\NkIFxdM.exe
  2⤵
  PID:8412
- C:\Windows\System\aOfhUZd.exe
  C:\Windows\System\aOfhUZd.exe
  2⤵
  PID:8428
- C:\Windows\System\WLnQjyP.exe
  C:\Windows\System\WLnQjyP.exe
  2⤵
  PID:8444
- C:\Windows\System\QwgWxNj.exe
  C:\Windows\System\QwgWxNj.exe
  2⤵
  PID:8460
- C:\Windows\System\RFqEpli.exe
  C:\Windows\System\RFqEpli.exe
  2⤵
  PID:8476
- C:\Windows\System\iryrIEX.exe
  C:\Windows\System\iryrIEX.exe
  2⤵
  PID:8492
- C:\Windows\System\uoACMyR.exe
  C:\Windows\System\uoACMyR.exe
  2⤵
  PID:8508
- C:\Windows\System\hLObQJt.exe
  C:\Windows\System\hLObQJt.exe
  2⤵
  PID:8524
- C:\Windows\System\neBMBPZ.exe
  C:\Windows\System\neBMBPZ.exe
  2⤵
  PID:8540
- C:\Windows\System\fglqxJr.exe
  C:\Windows\System\fglqxJr.exe
  2⤵
  PID:8556
- C:\Windows\System\aUTiWsi.exe
  C:\Windows\System\aUTiWsi.exe
  2⤵
  PID:8572
- C:\Windows\System\vJAuoUI.exe
  C:\Windows\System\vJAuoUI.exe
  2⤵
  PID:8588
- C:\Windows\System\hUkxZlJ.exe
  C:\Windows\System\hUkxZlJ.exe
  2⤵
  PID:8604
- C:\Windows\System\CNJlrRB.exe
  C:\Windows\System\CNJlrRB.exe
  2⤵
  PID:8620
- C:\Windows\System\ZweBFVS.exe
  C:\Windows\System\ZweBFVS.exe
  2⤵
  PID:8636
- C:\Windows\System\lFnzmSM.exe
  C:\Windows\System\lFnzmSM.exe
  2⤵
  PID:8652
- C:\Windows\System\YhuwlOw.exe
  C:\Windows\System\YhuwlOw.exe
  2⤵
  PID:8668
- C:\Windows\System\eXBxhYg.exe
  C:\Windows\System\eXBxhYg.exe
  2⤵
  PID:8684
- C:\Windows\System\eFLVmEf.exe
  C:\Windows\System\eFLVmEf.exe
  2⤵
  PID:8700
- C:\Windows\System\eZDBCjK.exe
  C:\Windows\System\eZDBCjK.exe
  2⤵
  PID:8716
- C:\Windows\System\iVsGtAd.exe
  C:\Windows\System\iVsGtAd.exe
  2⤵
  PID:8732
- C:\Windows\System\HTzUUJP.exe
  C:\Windows\System\HTzUUJP.exe
  2⤵
  PID:8748
- C:\Windows\System\OnticBs.exe
  C:\Windows\System\OnticBs.exe
  2⤵
  PID:8764
- C:\Windows\System\ediEszr.exe
  C:\Windows\System\ediEszr.exe
  2⤵
  PID:8792
- C:\Windows\System\groDMbf.exe
  C:\Windows\System\groDMbf.exe
  2⤵
  PID:8808
- C:\Windows\System\QipqIHU.exe
  C:\Windows\System\QipqIHU.exe
  2⤵
  PID:8824
- C:\Windows\System\KnxxqTz.exe
  C:\Windows\System\KnxxqTz.exe
  2⤵
  PID:8840
- C:\Windows\System\bYQXqJX.exe
  C:\Windows\System\bYQXqJX.exe
  2⤵
  PID:8856
- C:\Windows\System\VDyHfcS.exe
  C:\Windows\System\VDyHfcS.exe
  2⤵
  PID:8872
- C:\Windows\System\cMOMufq.exe
  C:\Windows\System\cMOMufq.exe
  2⤵
  PID:8888
- C:\Windows\System\bcmWmhw.exe
  C:\Windows\System\bcmWmhw.exe
  2⤵
  PID:8904
- C:\Windows\System\qngMYKR.exe
  C:\Windows\System\qngMYKR.exe
  2⤵
  PID:8920
- C:\Windows\System\dGAkVnP.exe
  C:\Windows\System\dGAkVnP.exe
  2⤵
  PID:8936
- C:\Windows\System\yrOCmPO.exe
  C:\Windows\System\yrOCmPO.exe
  2⤵
  PID:8956
- C:\Windows\System\JlCpuCN.exe
  C:\Windows\System\JlCpuCN.exe
  2⤵
  PID:8972
- C:\Windows\System\yYXxbTz.exe
  C:\Windows\System\yYXxbTz.exe
  2⤵
  PID:8988
- C:\Windows\System\SGGVUfx.exe
  C:\Windows\System\SGGVUfx.exe
  2⤵
  PID:9004
- C:\Windows\System\eQhfceL.exe
  C:\Windows\System\eQhfceL.exe
  2⤵
  PID:9020
- C:\Windows\System\scOcRIX.exe
  C:\Windows\System\scOcRIX.exe
  2⤵
  PID:9036
- C:\Windows\System\DPYZMNh.exe
  C:\Windows\System\DPYZMNh.exe
  2⤵
  PID:9052
- C:\Windows\System\gProhoL.exe
  C:\Windows\System\gProhoL.exe
  2⤵
  PID:9068
- C:\Windows\System\TdIxdyf.exe
  C:\Windows\System\TdIxdyf.exe
  2⤵
  PID:9084
- C:\Windows\System\ejnknVl.exe
  C:\Windows\System\ejnknVl.exe
  2⤵
  PID:9100
- C:\Windows\System\umRAYnY.exe
  C:\Windows\System\umRAYnY.exe
  2⤵
  PID:9116
- C:\Windows\System\UhzlPkg.exe
  C:\Windows\System\UhzlPkg.exe
  2⤵
  PID:9132
- C:\Windows\System\srMSBtK.exe
  C:\Windows\System\srMSBtK.exe
  2⤵
  PID:9148
- C:\Windows\System\rDoOkEJ.exe
  C:\Windows\System\rDoOkEJ.exe
  2⤵
  PID:9164
- C:\Windows\System\ROBXfpQ.exe
  C:\Windows\System\ROBXfpQ.exe
  2⤵
  PID:9180
- C:\Windows\System\FPbEkae.exe
  C:\Windows\System\FPbEkae.exe
  2⤵
  PID:9196
- C:\Windows\System\FHGxqcU.exe
  C:\Windows\System\FHGxqcU.exe
  2⤵
  PID:9212
- C:\Windows\System\suOOQVX.exe
  C:\Windows\System\suOOQVX.exe
  2⤵
  PID:7420
- C:\Windows\System\zigLtBJ.exe
  C:\Windows\System\zigLtBJ.exe
  2⤵
  PID:8244
- C:\Windows\System\uxOYuZl.exe
  C:\Windows\System\uxOYuZl.exe
  2⤵
  PID:7932
- C:\Windows\System\zjYQDVn.exe
  C:\Windows\System\zjYQDVn.exe
  2⤵
  PID:8228
- C:\Windows\System\adZolDI.exe
  C:\Windows\System\adZolDI.exe
  2⤵
  PID:8336
- C:\Windows\System\sMtFekg.exe
  C:\Windows\System\sMtFekg.exe
  2⤵
  PID:7820
- C:\Windows\System\RtHqnvX.exe
  C:\Windows\System\RtHqnvX.exe
  2⤵
  PID:8436
- C:\Windows\System\OHuumry.exe
  C:\Windows\System\OHuumry.exe
  2⤵
  PID:8256
- C:\Windows\System\MFAoctO.exe
  C:\Windows\System\MFAoctO.exe
  2⤵
  PID:8500
- C:\Windows\System\DORpOkg.exe
  C:\Windows\System\DORpOkg.exe
  2⤵
  PID:8564
- C:\Windows\System\tYZTtXy.exe
  C:\Windows\System\tYZTtXy.exe
  2⤵
  PID:8660
- C:\Windows\System\UhQkZZj.exe
  C:\Windows\System\UhQkZZj.exe
  2⤵
  PID:8692
- C:\Windows\System\IsmKuXa.exe
  C:\Windows\System\IsmKuXa.exe
  2⤵
  PID:8288
- C:\Windows\System\kqAqLgQ.exe
  C:\Windows\System\kqAqLgQ.exe
  2⤵
  PID:8352
- C:\Windows\System\NvujGPn.exe
  C:\Windows\System\NvujGPn.exe
  2⤵
  PID:8456
- C:\Windows\System\rpkHgHP.exe
  C:\Windows\System\rpkHgHP.exe
  2⤵
  PID:8612
- C:\Windows\System\DOeWIlT.exe
  C:\Windows\System\DOeWIlT.exe
  2⤵
  PID:8760
- C:\Windows\System\KXPMQZt.exe
  C:\Windows\System\KXPMQZt.exe
  2⤵
  PID:8580
- C:\Windows\System\tiFyLkj.exe
  C:\Windows\System\tiFyLkj.exe
  2⤵
  PID:8708
- C:\Windows\System\tTWitGM.exe
  C:\Windows\System\tTWitGM.exe
  2⤵
  PID:7824
- C:\Windows\System\DGUswIT.exe
  C:\Windows\System\DGUswIT.exe
  2⤵
  PID:8836
- C:\Windows\System\IGsXJso.exe
  C:\Windows\System\IGsXJso.exe
  2⤵
  PID:8864
- C:\Windows\System\AtRvunA.exe
  C:\Windows\System\AtRvunA.exe
  2⤵
  PID:8788
- C:\Windows\System\zGqbIUr.exe
  C:\Windows\System\zGqbIUr.exe
  2⤵
  PID:8820
- C:\Windows\System\DUBHzGu.exe
  C:\Windows\System\DUBHzGu.exe
  2⤵
  PID:8852
- C:\Windows\System\gnfzdOr.exe
  C:\Windows\System\gnfzdOr.exe
  2⤵
  PID:8912
- C:\Windows\System\HOKoNKI.exe
  C:\Windows\System\HOKoNKI.exe
  2⤵
  PID:9000
- C:\Windows\System\groVjnK.exe
  C:\Windows\System\groVjnK.exe
  2⤵
  PID:9064
- C:\Windows\System\UcuiDfn.exe
  C:\Windows\System\UcuiDfn.exe
  2⤵
  PID:9124
- C:\Windows\System\sTXcprC.exe
  C:\Windows\System\sTXcprC.exe
  2⤵
  PID:9156
- C:\Windows\System\EqwRrSe.exe
  C:\Windows\System\EqwRrSe.exe
  2⤵
  PID:2812
- C:\Windows\System\ePwpLLn.exe
  C:\Windows\System\ePwpLLn.exe
  2⤵
  PID:8980
- C:\Windows\System\vMNkOqM.exe
  C:\Windows\System\vMNkOqM.exe
  2⤵
  PID:9048
- C:\Windows\System\TknXuIY.exe
  C:\Windows\System\TknXuIY.exe
  2⤵
  PID:9140
- C:\Windows\System\zVWPGcw.exe
  C:\Windows\System\zVWPGcw.exe
  2⤵
  PID:8208
- C:\Windows\System\QAQqaBg.exe
  C:\Windows\System\QAQqaBg.exe
  2⤵
  PID:8404
- C:\Windows\System\lfersdA.exe
  C:\Windows\System\lfersdA.exe
  2⤵
  PID:8600
- C:\Windows\System\WLLwcSD.exe
  C:\Windows\System\WLLwcSD.exe
  2⤵
  PID:9176
- C:\Windows\System\XOstxHU.exe
  C:\Windows\System\XOstxHU.exe
  2⤵
  PID:8468
- C:\Windows\System\ecYZcBr.exe
  C:\Windows\System\ecYZcBr.exe
  2⤵
  PID:8756
- C:\Windows\System\tLLErVF.exe
  C:\Windows\System\tLLErVF.exe
  2⤵
  PID:8676
- C:\Windows\System\QyZKJkX.exe
  C:\Windows\System\QyZKJkX.exe
  2⤵
  PID:8664
- C:\Windows\System\zpGQlyF.exe
  C:\Windows\System\zpGQlyF.exe
  2⤵
  PID:8320
- C:\Windows\System\khkJuax.exe
  C:\Windows\System\khkJuax.exe
  2⤵
  PID:8552
- C:\Windows\System\ZUroQrR.exe
  C:\Windows\System\ZUroQrR.exe
  2⤵
  PID:2780
- C:\Windows\System\dGojvDx.exe
  C:\Windows\System\dGojvDx.exe
  2⤵
  PID:8880
- C:\Windows\System\ZSdpiei.exe
  C:\Windows\System\ZSdpiei.exe
  2⤵
  PID:9128
- C:\Windows\System\cNRXFhn.exe
  C:\Windows\System\cNRXFhn.exe
  2⤵
  PID:9016
- C:\Windows\System\ZdXmTSN.exe
  C:\Windows\System\ZdXmTSN.exe
  2⤵
  PID:8224
- C:\Windows\System\cASjCqJ.exe
  C:\Windows\System\cASjCqJ.exe
  2⤵
  PID:8368
- C:\Windows\System\GVUgakY.exe
  C:\Windows\System\GVUgakY.exe
  2⤵
  PID:8488
- C:\Windows\System\gsZJdxJ.exe
  C:\Windows\System\gsZJdxJ.exe
  2⤵
  PID:9096
- C:\Windows\System\nZZnAVH.exe
  C:\Windows\System\nZZnAVH.exe
  2⤵
  PID:8944
- C:\Windows\System\ZDZUwuo.exe
  C:\Windows\System\ZDZUwuo.exe
  2⤵
  PID:8780
- C:\Windows\System\qARlnPt.exe
  C:\Windows\System\qARlnPt.exe
  2⤵
  PID:8308
- C:\Windows\System\OwlzEfU.exe
  C:\Windows\System\OwlzEfU.exe
  2⤵
  PID:8536
- C:\Windows\System\vENypSk.exe
  C:\Windows\System\vENypSk.exe
  2⤵
  PID:8424
- C:\Windows\System\dPSqUFq.exe
  C:\Windows\System\dPSqUFq.exe
  2⤵
  PID:8932
- C:\Windows\System\kWMidpp.exe
  C:\Windows\System\kWMidpp.exe
  2⤵
  PID:8520
- C:\Windows\System\PzgaiTy.exe
  C:\Windows\System\PzgaiTy.exe
  2⤵
  PID:9060
- C:\Windows\System\apvTmln.exe
  C:\Windows\System\apvTmln.exe
  2⤵
  PID:9012
- C:\Windows\System\fjCGLMU.exe
  C:\Windows\System\fjCGLMU.exe
  2⤵
  PID:572
- C:\Windows\System\PxwbmHk.exe
  C:\Windows\System\PxwbmHk.exe
  2⤵
  PID:8372
- C:\Windows\System\bfffGfp.exe
  C:\Windows\System\bfffGfp.exe
  2⤵
  PID:9220
- C:\Windows\System\UpeAwks.exe
  C:\Windows\System\UpeAwks.exe
  2⤵
  PID:9236
- C:\Windows\System\PeIBCsz.exe
  C:\Windows\System\PeIBCsz.exe
  2⤵
  PID:9252
- C:\Windows\System\vSwhXsx.exe
  C:\Windows\System\vSwhXsx.exe
  2⤵
  PID:9272
- C:\Windows\System\rUQNZqD.exe
  C:\Windows\System\rUQNZqD.exe
  2⤵
  PID:9288
- C:\Windows\System\bkUfVwf.exe
  C:\Windows\System\bkUfVwf.exe
  2⤵
  PID:9304
- C:\Windows\System\CCFEVgs.exe
  C:\Windows\System\CCFEVgs.exe
  2⤵
  PID:9320
- C:\Windows\System\gOIcCSr.exe
  C:\Windows\System\gOIcCSr.exe
  2⤵
  PID:9336
- C:\Windows\System\UmFwGEi.exe
  C:\Windows\System\UmFwGEi.exe
  2⤵
  PID:9352
- C:\Windows\System\TjefGHz.exe
  C:\Windows\System\TjefGHz.exe
  2⤵
  PID:9368
- C:\Windows\System\Fgwmcqf.exe
  C:\Windows\System\Fgwmcqf.exe
  2⤵
  PID:9384
- C:\Windows\System\hqMKSRU.exe
  C:\Windows\System\hqMKSRU.exe
  2⤵
  PID:9400
- C:\Windows\System\tBcmWLc.exe
  C:\Windows\System\tBcmWLc.exe
  2⤵
  PID:9416
- C:\Windows\System\iByodoE.exe
  C:\Windows\System\iByodoE.exe
  2⤵
  PID:9432
- C:\Windows\System\JrMuwMS.exe
  C:\Windows\System\JrMuwMS.exe
  2⤵
  PID:9448
- C:\Windows\System\QsJHvjR.exe
  C:\Windows\System\QsJHvjR.exe
  2⤵
  PID:9464
- C:\Windows\System\bfFZFps.exe
  C:\Windows\System\bfFZFps.exe
  2⤵
  PID:9484
- C:\Windows\System\xqyqAOv.exe
  C:\Windows\System\xqyqAOv.exe
  2⤵
  PID:9500
- C:\Windows\System\XYBFMyV.exe
  C:\Windows\System\XYBFMyV.exe
  2⤵
  PID:9516
- C:\Windows\System\FzogBrT.exe
  C:\Windows\System\FzogBrT.exe
  2⤵
  PID:9532
- C:\Windows\System\dHZPePG.exe
  C:\Windows\System\dHZPePG.exe
  2⤵
  PID:9548
- C:\Windows\System\wGhlOhm.exe
  C:\Windows\System\wGhlOhm.exe
  2⤵
  PID:9564
- C:\Windows\System\xWgwxir.exe
  C:\Windows\System\xWgwxir.exe
  2⤵
  PID:9580
- C:\Windows\System\XopNWss.exe
  C:\Windows\System\XopNWss.exe
  2⤵
  PID:9596
- C:\Windows\System\KPbVzfd.exe
  C:\Windows\System\KPbVzfd.exe
  2⤵
  PID:9612
- C:\Windows\System\dotmOqS.exe
  C:\Windows\System\dotmOqS.exe
  2⤵
  PID:9628
- C:\Windows\System\VvGDMgx.exe
  C:\Windows\System\VvGDMgx.exe
  2⤵
  PID:9644
- C:\Windows\System\xzNmJLo.exe
  C:\Windows\System\xzNmJLo.exe
  2⤵
  PID:9660
- C:\Windows\System\UdFOmEA.exe
  C:\Windows\System\UdFOmEA.exe
  2⤵
  PID:9676
- C:\Windows\System\GrVrxqy.exe
  C:\Windows\System\GrVrxqy.exe
  2⤵
  PID:9692
- C:\Windows\System\TSpkUqs.exe
  C:\Windows\System\TSpkUqs.exe
  2⤵
  PID:9720
- C:\Windows\System\QzYbJUY.exe
  C:\Windows\System\QzYbJUY.exe
  2⤵
  PID:9736
- C:\Windows\System\SKPRbjs.exe
  C:\Windows\System\SKPRbjs.exe
  2⤵
  PID:9752
- C:\Windows\System\mzYRdbV.exe
  C:\Windows\System\mzYRdbV.exe
  2⤵
  PID:9768
- C:\Windows\System\XhvBvVr.exe
  C:\Windows\System\XhvBvVr.exe
  2⤵
  PID:9784
- C:\Windows\System\LTQYftp.exe
  C:\Windows\System\LTQYftp.exe
  2⤵
  PID:9800
- C:\Windows\System\nFjevTA.exe
  C:\Windows\System\nFjevTA.exe
  2⤵
  PID:9816
- C:\Windows\System\UBKUeKO.exe
  C:\Windows\System\UBKUeKO.exe
  2⤵
  PID:9832
- C:\Windows\System\feqZCDz.exe
  C:\Windows\System\feqZCDz.exe
  2⤵
  PID:9848
- C:\Windows\System\yJLHNpi.exe
  C:\Windows\System\yJLHNpi.exe
  2⤵
  PID:9868
- C:\Windows\System\QcuntJI.exe
  C:\Windows\System\QcuntJI.exe
  2⤵
  PID:9884
- C:\Windows\System\ArCVWuP.exe
  C:\Windows\System\ArCVWuP.exe
  2⤵
  PID:9900
- C:\Windows\System\ovWomjR.exe
  C:\Windows\System\ovWomjR.exe
  2⤵
  PID:9916
- C:\Windows\System\lrvJrkS.exe
  C:\Windows\System\lrvJrkS.exe
  2⤵
  PID:9932
- C:\Windows\System\BsFkdLM.exe
  C:\Windows\System\BsFkdLM.exe
  2⤵
  PID:9948
- C:\Windows\System\izzRYiI.exe
  C:\Windows\System\izzRYiI.exe
  2⤵
  PID:9964
- C:\Windows\System\OpCzlHl.exe
  C:\Windows\System\OpCzlHl.exe
  2⤵
  PID:9980
- C:\Windows\System\pHPkCEh.exe
  C:\Windows\System\pHPkCEh.exe
  2⤵
  PID:9996
- C:\Windows\System\OHsHVfW.exe
  C:\Windows\System\OHsHVfW.exe
  2⤵
  PID:10012
- C:\Windows\System\RtrFLlZ.exe
  C:\Windows\System\RtrFLlZ.exe
  2⤵
  PID:10028
- C:\Windows\System\IzxUPGH.exe
  C:\Windows\System\IzxUPGH.exe
  2⤵
  PID:10044
- C:\Windows\System\NPHxZpg.exe
  C:\Windows\System\NPHxZpg.exe
  2⤵
  PID:10060
- C:\Windows\System\vEHJQvf.exe
  C:\Windows\System\vEHJQvf.exe
  2⤵
  PID:10076
- C:\Windows\System\GovaQnC.exe
  C:\Windows\System\GovaQnC.exe
  2⤵
  PID:10092
- C:\Windows\System\wzQUkMH.exe
  C:\Windows\System\wzQUkMH.exe
  2⤵
  PID:10108
- C:\Windows\System\ZdBbxYa.exe
  C:\Windows\System\ZdBbxYa.exe
  2⤵
  PID:10124
- C:\Windows\System\dSTAQwn.exe
  C:\Windows\System\dSTAQwn.exe
  2⤵
  PID:10140
- C:\Windows\System\CXGCylG.exe
  C:\Windows\System\CXGCylG.exe
  2⤵
  PID:10156
- C:\Windows\System\zOEIRDL.exe
  C:\Windows\System\zOEIRDL.exe
  2⤵
  PID:10172
- C:\Windows\System\LiVKkvB.exe
  C:\Windows\System\LiVKkvB.exe
  2⤵
  PID:10188
- C:\Windows\System\EzHhWTF.exe
  C:\Windows\System\EzHhWTF.exe
  2⤵
  PID:10204
- C:\Windows\System\EdnDFyM.exe
  C:\Windows\System\EdnDFyM.exe
  2⤵
  PID:10220
- C:\Windows\System\LcyOfnZ.exe
  C:\Windows\System\LcyOfnZ.exe
  2⤵
  PID:10236
- C:\Windows\System\CmIxnSq.exe
  C:\Windows\System\CmIxnSq.exe
  2⤵
  PID:9208
- C:\Windows\System\gpgZgDV.exe
  C:\Windows\System\gpgZgDV.exe
  2⤵
  PID:1796
- C:\Windows\System\xotXGTd.exe
  C:\Windows\System\xotXGTd.exe
  2⤵
  PID:9296
- C:\Windows\System\jhcLgHg.exe
  C:\Windows\System\jhcLgHg.exe
  2⤵
  PID:8884
- C:\Windows\System\KhuNyTX.exe
  C:\Windows\System\KhuNyTX.exe
  2⤵
  PID:8616
- C:\Windows\System\oKCXZtU.exe
  C:\Windows\System\oKCXZtU.exe
  2⤵
  PID:9312
- C:\Windows\System\POOiBxI.exe
  C:\Windows\System\POOiBxI.exe
  2⤵
  PID:9344
- C:\Windows\System\FSCwjrw.exe
  C:\Windows\System\FSCwjrw.exe
  2⤵
  PID:9392
- C:\Windows\System\xMInPoa.exe
  C:\Windows\System\xMInPoa.exe
  2⤵
  PID:9428
- C:\Windows\System\eAbybxB.exe
  C:\Windows\System\eAbybxB.exe
  2⤵
  PID:9492
- C:\Windows\System\rpuhXTH.exe
  C:\Windows\System\rpuhXTH.exe
  2⤵
  PID:9528
- C:\Windows\System\rADSQWE.exe
  C:\Windows\System\rADSQWE.exe
  2⤵
  PID:9592
- C:\Windows\System\obrgbcE.exe
  C:\Windows\System\obrgbcE.exe
  2⤵
  PID:952
- C:\Windows\System\qtFemEG.exe
  C:\Windows\System\qtFemEG.exe
  2⤵
  PID:9652
- C:\Windows\System\rhCJJmE.exe
  C:\Windows\System\rhCJJmE.exe
  2⤵
  PID:9408
- C:\Windows\System\aRHrvLk.exe
  C:\Windows\System\aRHrvLk.exe
  2⤵
  PID:9480
- C:\Windows\System\fJDtLzM.exe
  C:\Windows\System\fJDtLzM.exe
  2⤵
  PID:9544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AtufkVH.exe

Filesize
1.6MB

MD5
194e25b6596a3f93aba60ad649276935

SHA1
8c21ef0ad589173aeb445c566d08d6062a1972ec

SHA256
8563a0ef04bd9c9e333f412925922b173388ddc011aea80377f4e355652b1abf

SHA512
07d0a763f76745328c4c16cbdd4caed131d7732528da011ad4fbdae5663e1b6059e7faffe738ded7ef1b53a3b54ece382cce74211476db158acab65e7af5a267

Download Submit
C:\Windows\system\AvXFtbm.exe

Filesize
2.0MB

MD5
6aed7651ad0757eb63a68ab32eed18c3

SHA1
e3385e5fd17b2f6e61e2b6f01d147799f517d812

SHA256
fed1cd29bf25fbae71599f424250542141c08bee2524ebfdbc7dd11fdc246812

SHA512
72ac7f4a343056c8f39d6b30f8bfdf25c09a7b5e576f37693beb70eae64de96a42b0847719bdc188568e203bc8d8780a692e230c9bd83fa3efd9892eeb9303f5

Download Submit
C:\Windows\system\CqfHFXF.exe

Filesize
1.4MB

MD5
5386736b5f6e304210e908b13d10efe5

SHA1
5684287826719d8dd8a47bd942ea9a0d29ac6507

SHA256
176bf160cf9c0c9cc8441b8d12e754fbdb15426ee19dcebaba32cf371cb3a67e

SHA512
5d6d056d053d476dc0e5173d40e46303e559046e999fab3679c48ff08e81c20d8c4c5a8298d5db618a89dc113fee39c9bf513d346bfc14758b120df28aab7961

Download Submit
C:\Windows\system\GmxNtfw.exe

Filesize
320KB

MD5
d21590ae8170aaccbcd19e7067ab6994

SHA1
10f350169749c21440531509a3e7295f89c18083

SHA256
46a31c66a5e2b5dc524bccbbcd87f163f058b2fedffe048e3850fee93fbd703a

SHA512
0a218e8b4f06e2867073755e2a8ca9407d373ed70a6cdd1433032aeda4491ab35054bde1767383405cb6459bec67b81063efb85a1f210d8040c877770e4e047f

Download Submit
C:\Windows\system\JCYuoeu.exe

Filesize
1.9MB

MD5
cb6a86d1688cd031e6cfd3b05b42186b

SHA1
fb9baa7d084675003f228dcb7b2ffc640c958956

SHA256
18af3ae9634b36e41a0a6ea44c8a6681543e2c9b9f418a33dc07c24637289018

SHA512
8cb8ba81b94e303232a233a742bd38a8e7e38979b10c471875a126deb0d173850dc156bddc3499288295f18d4594594e55045d0514507b059b82723a280fafc1

Download Submit
C:\Windows\system\JNGGVVX.exe

Filesize
640KB

MD5
469aca0e2abc33bcc5100f89b3196890

SHA1
b77c2be76b0bcd5c1640c82143bf4ae8abf6ed35

SHA256
8e4d419e754f89fae1d30741df9483d06709f6d20541cbce976b97c6b74f264f

SHA512
bb8f27156094a7b200e5c1844466de9827240ad5c62598ca983899918fcfddc76480438ab7ff457f4059655d26f5dee65f9d3ba57dc850a7e0c1c267d7e2bdae

Download Submit
C:\Windows\system\KZFAbQk.exe

Filesize
1.3MB

MD5
6bb0220dbafcb0a272f622deffda2112

SHA1
66b8685ac8af5abab6920c00c87e77b8b0e73e08

SHA256
721aaf85eacbc5712b9b1cbd43c241bf857b1447710fb1d72fea2ebd54741828

SHA512
a6f36b809e30be2d3be621a4e8f01bf23324a84dcd9a6d955f9f5d6ec92079a5a61c56ea04df952e4abefb5abe38fdfaa5fccb44a5872db9d24d1f639ff55e11

Download Submit
C:\Windows\system\LHWcJNQ.exe

Filesize
374KB

MD5
18ea25efca2c5cbe4b17267d35a1d71a

SHA1
8be1a4797be311ee52e2066d74ddb458cf84d0c0

SHA256
1a49eb6528464edf52f88f25299efa5f99be9d04bb49b1a31058a1ef60109e2c

SHA512
7afe08890991c8c98041337f13cfb826e3d78c037bcbd85382280a47ee9cd0b5a59ba9eaf8eecdfd2a2692bbfe1569c68ae1ebb08b66f96786623c519d69525e

Download Submit
C:\Windows\system\OYePIsZ.exe

Filesize
1.2MB

MD5
1e2c91c252fda2ba969dbe32b0b5ab77

SHA1
ab171f79b0e051763189f6cdb9168dd2af0b084f

SHA256
ea520e081a8e8135310d7168f90c0cf55bf3a607ff8dd73063a44570c10abf00

SHA512
376952619d13e73211b4ad7b27c979d9cc4f6e2961ac10d8f57882bec33161ecb5760b47d8607621ec4be8ef4d760bd317fb45b1946f2e0ffc31af3173e3d0a8

Download Submit
C:\Windows\system\OvYxXuB.exe

Filesize
1.4MB

MD5
2df7f374ac4484f2f441519c5c266f54

SHA1
fdc5591518ecce41f940339732ecde438979d73a

SHA256
b0e457b17455fbe75ed91ee8dfa7ee4604d41a970aa9701c9002e667ea936eec

SHA512
82164f5f170636e1175a9f80b5197e67a40239b31f72db3d7d1243f75ed1820a5b2f1be2d7615fcc8382e448edaf5b51ef50f3ef496de9fb4b61ece6f545dc95

Download Submit
C:\Windows\system\TSCraIz.exe

Filesize
2.0MB

MD5
768e272aac670ced7d8f941a246f1259

SHA1
733a9a50ebfb423fb22619e3a22687778f72374b

SHA256
ad900e276da83ecdd1c941621898ffa0d0df0297cd2393c80e4393d9061ccf9e

SHA512
2f595bca3a72b2e74a1f820bace7b548a75c40c3563eef1a2d3c9b5b6d41b0b34357c4f0e7142225e8ccdd5653b9ceb14c0e8ae7eea7bd85e88663996a6dd514

Download Submit
C:\Windows\system\WRkLsbn.exe

Filesize
2KB

MD5
6647b84b2b20fcea809a39e026550361

SHA1
e2f48a3c5b9d0dd97735f102e8686ab983ead4ac

SHA256
608c9a027610c2657b35c9a8bbc1de1606cc6d6ba250eac28be3ba3d8979c696

SHA512
1fdc4d16da5aa0b8c92f3df1fb54e2f9a2c041274ba1100b5bd0f90e901238216ddada207494c3659edddd68acd3f533fea6546f7635e5ff18e733fbc22d3725

Download Submit
C:\Windows\system\bCrasMH.exe

Filesize
2.0MB

MD5
1cdfdf34e84cff1dc78c700bc730afde

SHA1
75278ae955d52a4d2d989b8b9ad6643eafe17bc5

SHA256
73e157bb224ffc09ee92efcaf0f83edcd9f4db65aed324d81522a98fe45405e1

SHA512
4fb34e111466d41d48ed572983ef990ea75432b0b3ef03c657456fd610c22f495969c0dfbeb34356b95af053a3ec7ab65610d08b159769948b8988cef840d316

Download Submit
C:\Windows\system\cRbLhZm.exe

Filesize
192KB

MD5
4a486a2a371d8db348dc0ad03e9fd9f0

SHA1
edd912c5d606628022dc3216eaf2db7c93554ff7

SHA256
93ebf2ea35e05e71e9c9884bcb76799c1b9f2b81bf8decfe1ec83807b911916b

SHA512
deb1d7cb48c961fa18e748db8dfc9769c6fcedd4b7a26b044181e535fbdb31d7ead7b8ae69fab463473bcf0bbda0affdeecb9deffc51a89c74001f68a98bf60b

Download Submit
C:\Windows\system\hbZmCVo.exe

Filesize
832KB

MD5
fe23d8f2a683ea3c37e211db5c47c198

SHA1
c8d98757080f758fa71fe2947f967f4c2ba26b77

SHA256
e791fb8dbe7f5a7d384dc32653c49cf355982fbc2394ea1e3030cd6ebb798cb8

SHA512
ff5ab31bffe4dcd555455f3d81b2d9fca6cd687b604f37f4aa99e780677c84919321fd43b5fd13f9cb6081978b182fef58c2564f773d39cf2fefe33142ce3656

Download Submit
C:\Windows\system\ruOPmEs.exe

Filesize
641KB

MD5
d7948f753f3b0108ee3fd7e185ca49a8

SHA1
350c69fbd9243980154f0fee8c96c84cd05c8586

SHA256
4398ad9583e2b8802c9c7709abace1aeacb0e3dca074f19f4a16d9721ecfb868

SHA512
b8ac84ae313d56fd5b9a915f502029a9dcc33576bee1f89f8f66e5483b964e2c41eb01616f59d683b47793f43e5ca80620c28a13d7fd462b6d81c132d1d09b43

Download Submit
C:\Windows\system\ruOPmEs.exe

Filesize
1.9MB

MD5
d2464c85bc647b93870e8b4e632054cf

SHA1
ef31ee747c8965ac65230f9c5afd2ceb6f315e20

SHA256
1967d879054865c01dc9c3ed94fab62875e7adf48d519f2236a8a27cf5b04a5c

SHA512
4a8af0390c3efd26c28a7ecac8ce4171cfa33af376bedfe9cffd17a15fabebe17f1caf858738b1de4481059b9ca59397282d63e3731b1e3e1aece2194ae3abb7

Download Submit
C:\Windows\system\sQNphrT.exe

Filesize
1.1MB

MD5
fd82da185e5a49219183fc220b4a880e

SHA1
72267e320b4bd526e3e1ba9fd80a7fb4c5a4cfe6

SHA256
90d016700c3e836ddfa243662082a4e23adedef5e8fc1c5fa57b46f6e257b688

SHA512
5d3235aaa989eb1b4ca5a9593081fa027e0048eaa1c559694cb08aab5e1f8c46fbcea15d9c224026ec11917b04fdd3b3c42021c5a793d8d717a0510410258037

Download Submit
\Windows\system\AtufkVH.exe

Filesize
1.2MB

MD5
52d4b2a4c967be96c00252ec892d1c23

SHA1
cb637030d7049a28e0a38b3c4dbeab3d1c9de59e

SHA256
5e75946fe31133aa137f375c8a33b91c6fecb8a32af5dbe96a6f996803417081

SHA512
fe683a226a569d4fbc4c12d435f690f94c7872fc6dc64b13b733b525702833ef494821e07593471bea2023d3ba5c2135297dcd10fd2f4ec41fbdc2c50e875ed9

Download Submit
\Windows\system\AvXFtbm.exe

Filesize
576KB

MD5
2b325ba998218e1724cf0adeb30ee980

SHA1
91c91f972b93ca21c02dbae5cc375d4e1212c0a0

SHA256
3b509ef9edb2905d68e114a86a101a00bf7ea4fa51d16ade0566e14bca5a50a9

SHA512
d7398cce9bbdb945487f66d7ab2c5fc7624933379c2058d1b197daa7f380b66de5a2145bdf0033355e795b1072c67b0031b7045307d04119888457779d707df5

Download Submit
\Windows\system\CqfHFXF.exe

Filesize
2.0MB

MD5
89e4dfb3c1acd8dba97d3dc38a2dd977

SHA1
c9c623e4b14212abde0619400e3ecd03e468e7af

SHA256
42ee869f4cd4445c91f55e9600122010e53079ddc19101fc0a20fde24182c5ed

SHA512
a4fb056b65d9288e293fb397ba9a4095c375c4b108eb4c11956bd4d075c7bb9f157e20c5adb0a23a56f06df92d4fad7796995d73e894e6507251ef55b806cd6a

Download Submit
\Windows\system\GmxNtfw.exe

Filesize
448KB

MD5
0642442db4acbbfb6037e06789624264

SHA1
923aee440a6887c7a7a8a78085aa492b2cdcee65

SHA256
5d6249e3d37c32c515e6f20e0771180c7b51c791102dfffe39e4510d623eda85

SHA512
7fc8231c299b64743a966130c519362217b11d421c0ccc65ca7c97570221449b6e5bd90caefa97b416470db36fac07c3f48ea41836b395ab190e6121598e88a1

Download Submit
\Windows\system\IqaeKKy.exe

Filesize
2.0MB

MD5
6a8b04c439c2731e91cd03d083ecc623

SHA1
fc09d3f2129d3bea7653ed2149c77e36d43e905e

SHA256
05226b909c946c95f95e144c0a5b26dae249a2bb4a1ad954144612fcaa2b29b0

SHA512
ee7431d29412ef3f1550a300d1f07938b04ee9419d1510bf7e8a60c9e76084277f817b1a89b33e590ee0beb872c16150d83794fe85d4c88dffbaffcbea7b85c6

Download Submit
\Windows\system\JNGGVVX.exe

Filesize
960KB

MD5
180ec18cff675908ea09fb02b8edeae7

SHA1
908a0fde6e66598e819044f800d2fb12a2c2d5e4

SHA256
35e0571c2720559fc2e392ef1ac01a4890a7f5a52de790fe0560ba1ddb8b0978

SHA512
f4efca4f8c80307ac309f06271cca1b553bd93330b442aaa71749f3ce5f3d47dab778dbee66162c088762bb8f4726a65ed8e5313f9bd8da09d951b910b9f8e49

Download Submit
\Windows\system\KZFAbQk.exe

Filesize
2.0MB

MD5
598b889b7e530737fd569f3a0629ac16

SHA1
c1125e143845c9edb0a8e0b5c06dde437e46f815

SHA256
67efd1a67c49c9e8a809973fd11b3f0b0ce7afb815d2f107e9cce98d12af6320

SHA512
557987586d2c48a635b512bffdda160f2c2fd148123d8cce9ccd1480e82bd17d3a1831048f622eca62effde82e500bbf9ea012589420db922aeaeaa94c9a59ea

Download Submit
\Windows\system\MHlEhdQ.exe

Filesize
2.0MB

MD5
e4f00b263dbf34ce2181132905a088f2

SHA1
4c943f2089b5de48585c1e742d17bbd35fdbcd91

SHA256
6627e7bfaebe8363a07541ca40ffa2d7be4f1bfbc526f943ea00a6c1823601d0

SHA512
c26b65dd7bcd29c51ce65a83fe02c2c5f30863020d54227d7d7a0b864761e599131fb11d5ba343c49c9685d5060f14c804853b552f8e810c5c8bca1f21553adb

Download Submit
\Windows\system\NdnTsfx.exe

Filesize
1.1MB

MD5
35720b35ac7542f2e609a3865ba15475

SHA1
b5856a56cc6c6c6093f2bb3253b16b8f22abcc59

SHA256
6fd4c13eed42f050c1b12d09fa5afcf0810206ca337a65673510c8c205a453dd

SHA512
ed43cdb495d8598bf26a2f498464d3d5426e9d87fc9e059b3c2dfa0d7578ce1cadf4d56ea71b9aad5aee00ae35b93d3aa2be1b2a02c0728863ebbde0ffc3bd66

Download Submit
\Windows\system\WRkLsbn.exe

Filesize
64KB

MD5
51e4020b90426a266032ae5bcb74e5b3

SHA1
242fa8dc7d05d7b78f629fe2652627274810a122

SHA256
5984cb4794a67b4fd33c39a8582f294030d387db17fdb4933391142fb7f614c6

SHA512
5acda5a7b0ce962164cbb0c2fe75fb43a2d35d269fbb33e0eda06f3daf5a3cc37b11c0b76c58b3b3846604a879813821c87b0ead541065090905bfc897125758

Download Submit
\Windows\system\WcABKEJ.exe

Filesize
1.9MB

MD5
d27b770977a206be8f56c955027ca257

SHA1
4cc6b6128e7d4d65e882eb40b092103a77b8a524

SHA256
d3f505493021cf22b5d868e7d1ffe0387ad8678bd51585cbd7e682a8f23a8912

SHA512
7638ead0b449f1d61cf1f876d3bc69d15e66678ea7e2b1373ef0eea6da765669abe75f0a7c03f2067b3a4ca9ef808070f97381c10a8dce3e7bec3dcd0cc7bfe7

Download Submit
\Windows\system\XczXcfu.exe

Filesize
1.8MB

MD5
f200781f4ede92b9002186ba01fa2f4e

SHA1
4d0305ec2624e9cc166d33c36d5e30ace9c7c906

SHA256
d5d5c1025753b40b7be5874d24ee41204b364564293dc549c8bb4c9330001823

SHA512
74b28f35ac693b8b574753c6195a9ea326d0863c22fb56cc3a563a8a9a6f11dc59daca45445439c3b6dee7b5f75fb9588ff592464666f995862c0c62fef662ae

Download Submit
\Windows\system\YMpBXfe.exe

Filesize
768KB

MD5
096410221e55421e5c4c4275c7d21513

SHA1
a9a3350bb5b616aee4d0c922dc225694f8027702

SHA256
1162e04ab5acff6cf895e753ad87619013ecfffc06f47ed477cf1c201c040e66

SHA512
b442b0d589e49e95f8c072f6f97ae946c91e082ea0e6557eeef4f55282d6675cb325a5ba42eb1799fb9bff049919d0eef469abfd200cb35fe59f78974905588c

Download Submit
\Windows\system\dptExUb.exe

Filesize
2.0MB

MD5
96abce89fd10b4a5358c365f918602aa

SHA1
036226369e9e05e54b5d04c53d33d8fc99011603

SHA256
b14e393639ca98e60fc0ec9cce0b25abcfa4a06227532c58a1010a5558e68cb7

SHA512
5aaab93257e13d3b3fb3a0d597be640f6d80dbdfd10d7f016bd4427dae608eab3f32cf0765c0697f67fe2827fbb6d4fd6e5ce967ec666038567c674b9d505ebe

Download Submit
\Windows\system\hbZmCVo.exe

Filesize
903KB

MD5
e7161b86f49c71127f5ac50b87dc3e12

SHA1
1f271fe228236d21aeb773b80aa3f994830fa9e4

SHA256
b3808d8138f189af28fcff64a1b0e6aca90471780563263e8213b9ff933fa731

SHA512
e003bf81fa7af2b8533bb77f729bb455d8e000c8f2a7367192882c93ff2fbc707f9b334735133f0d9da1b057dee25a77fabcd3385b866d86306da12bbf3db27e

Download Submit
\Windows\system\oyIgrpo.exe

Filesize
2.0MB

MD5
881acf2acea79f8b177194e028605fde

SHA1
5022381bc602b41aee9960c5c965eba84c57e730

SHA256
2a3ca6e13ea25891a164d30e849f4ff8a3f8aed5537e1cbf4bb7b44844f68387

SHA512
6d131a0bb7531e85b8fca4b0b0f8e64cf3cd9b36347bb27ee8b14ae93696331d6bb7b6a708f59250aa80b83fd4f87f6be1d8f4f53165af6aa5c5d51384de3420

Download Submit
\Windows\system\ruOPmEs.exe

Filesize
704KB

MD5
27f1ae58c0e7ea96c463a8f0329d13e3

SHA1
a5352f33f2a7ec676e07aa36bd587f2a910b1502

SHA256
570ef729e78067f9e824a09ee84a0b44c24671dfe07947eaca970f453f235334

SHA512
51c2e61154a9cf7b8c51728bee23d084e40467a64fc74544ed07917de5c42cd2c4f093dc4dba57e475be140334b7f9d2f8c2784d353f9bec4fe5fc6098f5ad70

Download Submit
\Windows\system\sQNphrT.exe

Filesize
896KB

MD5
d8061570a3d685a09a8726d2e2043dcd

SHA1
5784ed9099dd4b61b63fc8ab2f585fc9e4456099

SHA256
2858747fe15b825bca2004f1fb5434e70a8f8952f994cb7850f53fc69e794e72

SHA512
491823d9b7c3d0e919d65b711645bd0839fa6e3b7a404dd101f61c497b50d40cc12658380d09032bb5d5d2ac84e5d2791f8235e5d4c6f54ca1090b042d3a4b7a

Download Submit
\Windows\system\wgwNxnV.exe

Filesize
1.4MB

MD5
28465531af81f587f8b8335abb040447

SHA1
20909d2052b4c229e7de900b1febdf476501b3ed

SHA256
1fd62e46067fcc4972f4244ef7f0d3cfdca670675aa98940b507aabe8e8f1f9b

SHA512
a2dbaf55e8c2166f67d515bfa696d6d58d7e0293f95e43399407eebb12d5355b89ec655820516371f6e5f7fdb6ec34138cca526b316101608598569dbc4d28c0

Download Submit
memory/320-158-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/324-170-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/772-172-0x0000000001F20000-0x0000000002274000-memory.dmp

Filesize
3.3MB

Download
memory/772-250-0x0000000001F20000-0x0000000002274000-memory.dmp

Filesize
3.3MB

Download
memory/772-115-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/772-253-0x0000000001F20000-0x0000000002274000-memory.dmp

Filesize
3.3MB

Download
memory/772-138-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/772-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/772-0-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/772-242-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/772-175-0x0000000001F20000-0x0000000002274000-memory.dmp

Filesize
3.3MB

Download
memory/772-243-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/772-244-0x0000000001F20000-0x0000000002274000-memory.dmp

Filesize
3.3MB

Download
memory/772-176-0x0000000001F20000-0x0000000002274000-memory.dmp

Filesize
3.3MB

Download
memory/772-156-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/772-174-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/772-38-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/772-241-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/772-17-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/772-237-0x0000000001F20000-0x0000000002274000-memory.dmp

Filesize
3.3MB

Download
memory/772-195-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/1000-240-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/1344-147-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/1584-151-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/1660-173-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/1792-164-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/1800-163-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/1944-145-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2008-166-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2044-167-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2108-33-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2296-196-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2312-238-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2344-169-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2392-160-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2412-171-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2456-1696-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2456-144-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2464-162-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2516-146-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2540-122-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-114-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-118-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-159-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2772-157-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2776-165-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2796-137-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-161-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-1864-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-13-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-34-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2920-168-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/3020-2615-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download