xmrig | 6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
07/05/2024, 22:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
Size

2.2MB
MD5

ff434364dfddf11724bf7985f2b93816
SHA1

f35254f1f797541631694af48b6bfcdd6c8a2c26
SHA256

6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b
SHA512

07fed184b0b26632f03636458e3fe52d280b2c4228862c214ff2fa872153945ef2ec602101e792f05a9dc4c4bb590faa9881aef2f55625233485c6f159803028
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIQOYilJ51sDqHpRzN0:BemTLkNdfE0pZrQn

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral1/memory/2216-0-0x000000013F5B0000-0x000000013F904000-memory.dmp	UPX
behavioral1/files/0x000b000000015605-6.dat	UPX
behavioral1/memory/2688-11-0x000000013FE60000-0x00000001401B4000-memory.dmp	UPX
behavioral1/files/0x0008000000015cce-13.dat	UPX
behavioral1/files/0x0009000000015c78-14.dat	UPX
behavioral1/files/0x0007000000015cee-20.dat	UPX
behavioral1/memory/2204-27-0x000000013F780000-0x000000013FAD4000-memory.dmp	UPX
behavioral1/memory/1748-24-0x000000013F730000-0x000000013FA84000-memory.dmp	UPX
behavioral1/files/0x0007000000015cf6-37.dat	UPX
behavioral1/files/0x000a000000015cfe-39.dat	UPX
behavioral1/files/0x0009000000015d1a-48.dat	UPX
behavioral1/files/0x0009000000015d07-44.dat	UPX
behavioral1/files/0x0007000000015d27-55.dat	UPX
behavioral1/files/0x0006000000015df1-69.dat	UPX
behavioral1/files/0x0006000000016c51-139.dat	UPX
behavioral1/memory/2616-583-0x000000013F600000-0x000000013F954000-memory.dmp	UPX
behavioral1/memory/2216-2403-0x000000013F5B0000-0x000000013F904000-memory.dmp	UPX
behavioral1/memory/2928-685-0x000000013F8B0000-0x000000013FC04000-memory.dmp	UPX
behavioral1/memory/2508-653-0x000000013FD30000-0x0000000140084000-memory.dmp	UPX
behavioral1/memory/2468-621-0x000000013F090000-0x000000013F3E4000-memory.dmp	UPX
behavioral1/memory/2488-593-0x000000013F920000-0x000000013FC74000-memory.dmp	UPX
behavioral1/memory/2740-589-0x000000013FA40000-0x000000013FD94000-memory.dmp	UPX
behavioral1/memory/2828-585-0x000000013FC10000-0x000000013FF64000-memory.dmp	UPX
behavioral1/memory/2528-637-0x000000013FFC0000-0x0000000140314000-memory.dmp	UPX
behavioral1/memory/2636-606-0x000000013FFC0000-0x0000000140314000-memory.dmp	UPX
behavioral1/memory/2696-575-0x000000013F030000-0x000000013F384000-memory.dmp	UPX
behavioral1/files/0x0006000000016cc6-169.dat	UPX
behavioral1/files/0x0009000000015c9f-164.dat	UPX
behavioral1/files/0x0006000000016cbe-160.dat	UPX
behavioral1/files/0x0006000000016cb6-154.dat	UPX
behavioral1/files/0x0006000000016ca5-149.dat	UPX
behavioral1/files/0x0006000000016c7c-144.dat	UPX
behavioral1/files/0x0006000000016c04-134.dat	UPX
behavioral1/files/0x0006000000016be2-124.dat	UPX
behavioral1/files/0x0006000000016bfb-129.dat	UPX
behavioral1/files/0x0006000000016a29-119.dat	UPX
behavioral1/files/0x00060000000167d5-114.dat	UPX
behavioral1/files/0x00060000000165ae-109.dat	UPX
behavioral1/files/0x000600000001650c-104.dat	UPX
behavioral1/files/0x0006000000016287-94.dat	UPX
behavioral1/files/0x0006000000016448-99.dat	UPX
behavioral1/files/0x0006000000016176-89.dat	UPX
behavioral1/files/0x00060000000160af-84.dat	UPX
behavioral1/files/0x0006000000015f7a-79.dat	UPX
behavioral1/files/0x0006000000015f01-74.dat	UPX
behavioral1/files/0x0007000000015d98-65.dat	UPX
behavioral1/files/0x0007000000015d31-59.dat	UPX
behavioral1/memory/2556-29-0x000000013F400000-0x000000013F754000-memory.dmp	UPX
behavioral1/memory/1748-2581-0x000000013F730000-0x000000013FA84000-memory.dmp	UPX
behavioral1/memory/2204-2845-0x000000013F780000-0x000000013FAD4000-memory.dmp	UPX
behavioral1/memory/2696-3459-0x000000013F030000-0x000000013F384000-memory.dmp	UPX
behavioral1/memory/2688-4008-0x000000013FE60000-0x00000001401B4000-memory.dmp	UPX
behavioral1/memory/1748-4009-0x000000013F730000-0x000000013FA84000-memory.dmp	UPX
behavioral1/memory/2204-4010-0x000000013F780000-0x000000013FAD4000-memory.dmp	UPX
behavioral1/memory/2556-4011-0x000000013F400000-0x000000013F754000-memory.dmp	UPX
behavioral1/memory/2616-4012-0x000000013F600000-0x000000013F954000-memory.dmp	UPX
behavioral1/memory/2740-4013-0x000000013FA40000-0x000000013FD94000-memory.dmp	UPX
behavioral1/memory/2696-4014-0x000000013F030000-0x000000013F384000-memory.dmp	UPX
behavioral1/memory/2828-4015-0x000000013FC10000-0x000000013FF64000-memory.dmp	UPX
behavioral1/memory/2636-4017-0x000000013FFC0000-0x0000000140314000-memory.dmp	UPX
behavioral1/memory/2488-4016-0x000000013F920000-0x000000013FC74000-memory.dmp	UPX
behavioral1/memory/2468-4021-0x000000013F090000-0x000000013F3E4000-memory.dmp	UPX
behavioral1/memory/2928-4020-0x000000013F8B0000-0x000000013FC04000-memory.dmp	UPX
behavioral1/memory/2508-4019-0x000000013FD30000-0x0000000140084000-memory.dmp	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2216-0-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/files/0x000b000000015605-6.dat	xmrig
behavioral1/memory/2688-11-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/files/0x0008000000015cce-13.dat	xmrig
behavioral1/files/0x0009000000015c78-14.dat	xmrig
behavioral1/files/0x0007000000015cee-20.dat	xmrig
behavioral1/memory/2204-27-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/1748-24-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/files/0x0007000000015cf6-37.dat	xmrig
behavioral1/files/0x000a000000015cfe-39.dat	xmrig
behavioral1/files/0x0009000000015d1a-48.dat	xmrig
behavioral1/files/0x0009000000015d07-44.dat	xmrig
behavioral1/files/0x0007000000015d27-55.dat	xmrig
behavioral1/files/0x0006000000015df1-69.dat	xmrig
behavioral1/files/0x0006000000016c51-139.dat	xmrig
behavioral1/memory/2616-583-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/2216-2403-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/2928-685-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/2508-653-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/2468-621-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2488-593-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/2740-589-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/2828-585-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2528-637-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2636-606-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2696-575-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/files/0x0006000000016cc6-169.dat	xmrig
behavioral1/files/0x0009000000015c9f-164.dat	xmrig
behavioral1/files/0x0006000000016cbe-160.dat	xmrig
behavioral1/files/0x0006000000016cb6-154.dat	xmrig
behavioral1/files/0x0006000000016ca5-149.dat	xmrig
behavioral1/files/0x0006000000016c7c-144.dat	xmrig
behavioral1/files/0x0006000000016c04-134.dat	xmrig
behavioral1/files/0x0006000000016be2-124.dat	xmrig
behavioral1/files/0x0006000000016bfb-129.dat	xmrig
behavioral1/files/0x0006000000016a29-119.dat	xmrig
behavioral1/files/0x00060000000167d5-114.dat	xmrig
behavioral1/files/0x00060000000165ae-109.dat	xmrig
behavioral1/files/0x000600000001650c-104.dat	xmrig
behavioral1/files/0x0006000000016287-94.dat	xmrig
behavioral1/files/0x0006000000016448-99.dat	xmrig
behavioral1/files/0x0006000000016176-89.dat	xmrig
behavioral1/files/0x00060000000160af-84.dat	xmrig
behavioral1/files/0x0006000000015f7a-79.dat	xmrig
behavioral1/files/0x0006000000015f01-74.dat	xmrig
behavioral1/files/0x0007000000015d98-65.dat	xmrig
behavioral1/files/0x0007000000015d31-59.dat	xmrig
behavioral1/memory/2556-29-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/1748-2581-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/2204-2845-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/2696-3459-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/2216-3652-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/2688-4008-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/1748-4009-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/2204-4010-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/2556-4011-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2616-4012-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/2740-4013-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/2696-4014-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/2828-4015-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2636-4017-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/2488-4016-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/2468-4021-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2928-4020-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2688	NWbRjLp.exe
1748	cXzxOWo.exe
2204	hjnqFJP.exe
2556	RfalDKm.exe
2696	LXjCFFf.exe
2616	irgkBTt.exe
2828	ZfXzjSs.exe
2740	SzMTtSP.exe
2488	uvEZdnh.exe
2636	mgZVMCj.exe
2468	wVUDvTV.exe
2528	jpuoPCh.exe
2508	fnLLBNl.exe
2928	oOYdBnn.exe
2976	uWJDKZW.exe
1908	MXoBQEi.exe
2648	iykeFov.exe
1348	THAntcH.exe
1924	ZzUVhTf.exe
2552	BXZBMdj.exe
1680	nmXDmZC.exe
2704	WgkNtgE.exe
2936	wWVjiQR.exe
2808	kgJicEP.exe
2952	KWRWSEy.exe
1644	YHcYfpQ.exe
816	LSVzNiu.exe
2324	MXFpnVh.exe
592	zqzjAxZ.exe
488	wXUlBrE.exe
1432	FxBLBIw.exe
1508	rFxrZnP.exe
1988	vdPVJOK.exe
1100	XIVGRNn.exe
1544	QXlGASL.exe
448	PflKtvv.exe
2268	JgDZQVg.exe
3012	ZjGMtMP.exe
1548	irKIOsl.exe
1480	KlhulfN.exe
1580	OScZXrg.exe
992	qVdlmtz.exe
304	FuXOBdc.exe
1092	jGtauxG.exe
1120	qDdKFUf.exe
920	QoqMimD.exe
2072	nsbbgqq.exe
2212	PcazUcA.exe
2200	UxvgdIl.exe
1464	NIcXNWR.exe
2340	jgphmdT.exe
892	zWOCZbG.exe
2860	DOobduM.exe
1768	pkmNEBR.exe
2140	lnhqvJk.exe
2864	LmIEVUz.exe
2132	klQiJhI.exe
1624	NKYIYUE.exe
1628	dFEtjML.exe
3068	iHHjDOG.exe
2604	AmrFOvB.exe
2700	cuyWCpq.exe
2712	eRsSJym.exe
2464	DshHGTy.exe

Loads dropped DLL 64 IoCs

pid	Process
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2216-0-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/files/0x000b000000015605-6.dat	upx
behavioral1/memory/2688-11-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/files/0x0008000000015cce-13.dat	upx
behavioral1/files/0x0009000000015c78-14.dat	upx
behavioral1/files/0x0007000000015cee-20.dat	upx
behavioral1/memory/2204-27-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/1748-24-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/files/0x0007000000015cf6-37.dat	upx
behavioral1/files/0x000a000000015cfe-39.dat	upx
behavioral1/files/0x0009000000015d1a-48.dat	upx
behavioral1/files/0x0009000000015d07-44.dat	upx
behavioral1/files/0x0007000000015d27-55.dat	upx
behavioral1/files/0x0006000000015df1-69.dat	upx
behavioral1/files/0x0006000000016c51-139.dat	upx
behavioral1/memory/2616-583-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2216-2403-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/2928-685-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/2508-653-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/memory/2468-621-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2488-593-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2740-589-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2828-585-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2528-637-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2636-606-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2696-575-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/files/0x0006000000016cc6-169.dat	upx
behavioral1/files/0x0009000000015c9f-164.dat	upx
behavioral1/files/0x0006000000016cbe-160.dat	upx
behavioral1/files/0x0006000000016cb6-154.dat	upx
behavioral1/files/0x0006000000016ca5-149.dat	upx
behavioral1/files/0x0006000000016c7c-144.dat	upx
behavioral1/files/0x0006000000016c04-134.dat	upx
behavioral1/files/0x0006000000016be2-124.dat	upx
behavioral1/files/0x0006000000016bfb-129.dat	upx
behavioral1/files/0x0006000000016a29-119.dat	upx
behavioral1/files/0x00060000000167d5-114.dat	upx
behavioral1/files/0x00060000000165ae-109.dat	upx
behavioral1/files/0x000600000001650c-104.dat	upx
behavioral1/files/0x0006000000016287-94.dat	upx
behavioral1/files/0x0006000000016448-99.dat	upx
behavioral1/files/0x0006000000016176-89.dat	upx
behavioral1/files/0x00060000000160af-84.dat	upx
behavioral1/files/0x0006000000015f7a-79.dat	upx
behavioral1/files/0x0006000000015f01-74.dat	upx
behavioral1/files/0x0007000000015d98-65.dat	upx
behavioral1/files/0x0007000000015d31-59.dat	upx
behavioral1/memory/2556-29-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/1748-2581-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2204-2845-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/2696-3459-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/2688-4008-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/1748-4009-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2204-4010-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/2556-4011-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2616-4012-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2740-4013-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2696-4014-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/2828-4015-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2636-4017-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/2488-4016-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2468-4021-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2928-4020-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/2508-4019-0x000000013FD30000-0x0000000140084000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\XpVhiuD.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\SzMTtSP.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\TcPSFSJ.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\faHmFpX.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\usjcHlg.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\MLHafsm.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\FRRFmzp.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\wWXLrGi.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\SgqHkTW.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\pZJsOxg.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\ZQZemyb.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\XNouRUX.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\ZMAbQuO.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\YyKNdIt.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\elbmfus.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\YOKIuIw.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\abFPqQA.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\YHcYfpQ.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\OxPjsTb.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\KzvibTt.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\vYjiXYk.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\FSYHNuu.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\QQzwGIY.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\gZPyDYE.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\SprpSKI.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\yevenPT.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\YzgBZHY.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\zTqZbgN.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\MNsuEqZ.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\BPVwLts.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\jpuoPCh.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\aaQprPF.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\TMyXeBA.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\NXKrQGk.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\YnexqEx.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\rLUCSyY.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\tAMKkBv.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\eLzyhBH.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\VULqqHe.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\qqeyYkR.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\BwLPgOQ.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\WgkNOTG.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\LkmgLqs.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\wUAnBSh.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\ACCdgSL.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\pxajtKi.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\oOsqhSK.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\HkQlRqT.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\zOrrlBY.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\wGHDugF.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\toeWYWv.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\tAbhRha.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\fEDstvg.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\eRsSJym.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\ZNQVHPV.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\cAwBuYm.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\UDIYZRl.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\KwmxHXd.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\jpGHhZO.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\iHHjDOG.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\AAvgBRE.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\TEJtzdR.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\RIBlXes.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
File created	C:\Windows\System\mDlYvPB.exe	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 2688	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	29
PID 2216 wrote to memory of 2688	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	29
PID 2216 wrote to memory of 2688	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	29
PID 2216 wrote to memory of 1748	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	30
PID 2216 wrote to memory of 1748	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	30
PID 2216 wrote to memory of 1748	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	30
PID 2216 wrote to memory of 2204	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	31
PID 2216 wrote to memory of 2204	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	31
PID 2216 wrote to memory of 2204	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	31
PID 2216 wrote to memory of 2556	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	32
PID 2216 wrote to memory of 2556	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	32
PID 2216 wrote to memory of 2556	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	32
PID 2216 wrote to memory of 2696	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	33
PID 2216 wrote to memory of 2696	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	33
PID 2216 wrote to memory of 2696	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	33
PID 2216 wrote to memory of 2616	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	34
PID 2216 wrote to memory of 2616	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	34
PID 2216 wrote to memory of 2616	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	34
PID 2216 wrote to memory of 2828	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	35
PID 2216 wrote to memory of 2828	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	35
PID 2216 wrote to memory of 2828	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	35
PID 2216 wrote to memory of 2740	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	36
PID 2216 wrote to memory of 2740	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	36
PID 2216 wrote to memory of 2740	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	36
PID 2216 wrote to memory of 2488	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	37
PID 2216 wrote to memory of 2488	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	37
PID 2216 wrote to memory of 2488	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	37
PID 2216 wrote to memory of 2636	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	38
PID 2216 wrote to memory of 2636	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	38
PID 2216 wrote to memory of 2636	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	38
PID 2216 wrote to memory of 2468	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	39
PID 2216 wrote to memory of 2468	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	39
PID 2216 wrote to memory of 2468	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	39
PID 2216 wrote to memory of 2528	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	40
PID 2216 wrote to memory of 2528	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	40
PID 2216 wrote to memory of 2528	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	40
PID 2216 wrote to memory of 2508	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	41
PID 2216 wrote to memory of 2508	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	41
PID 2216 wrote to memory of 2508	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	41
PID 2216 wrote to memory of 2928	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	42
PID 2216 wrote to memory of 2928	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	42
PID 2216 wrote to memory of 2928	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	42
PID 2216 wrote to memory of 2976	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	43
PID 2216 wrote to memory of 2976	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	43
PID 2216 wrote to memory of 2976	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	43
PID 2216 wrote to memory of 1908	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	44
PID 2216 wrote to memory of 1908	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	44
PID 2216 wrote to memory of 1908	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	44
PID 2216 wrote to memory of 2648	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	45
PID 2216 wrote to memory of 2648	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	45
PID 2216 wrote to memory of 2648	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	45
PID 2216 wrote to memory of 1348	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	46
PID 2216 wrote to memory of 1348	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	46
PID 2216 wrote to memory of 1348	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	46
PID 2216 wrote to memory of 1924	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	47
PID 2216 wrote to memory of 1924	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	47
PID 2216 wrote to memory of 1924	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	47
PID 2216 wrote to memory of 2552	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	48
PID 2216 wrote to memory of 2552	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	48
PID 2216 wrote to memory of 2552	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	48
PID 2216 wrote to memory of 1680	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	49
PID 2216 wrote to memory of 1680	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	49
PID 2216 wrote to memory of 1680	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	49
PID 2216 wrote to memory of 2704	2216	6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe	50

C:\Users\Admin\AppData\Local\Temp\6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe
"C:\Users\Admin\AppData\Local\Temp\6ac5eb4b9f8f96cfc2fea9fb8d628e92f708a9ab7a285a8afdb27f62052bb43b.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Windows\System\NWbRjLp.exe
  C:\Windows\System\NWbRjLp.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\cXzxOWo.exe
  C:\Windows\System\cXzxOWo.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\hjnqFJP.exe
  C:\Windows\System\hjnqFJP.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\RfalDKm.exe
  C:\Windows\System\RfalDKm.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\LXjCFFf.exe
  C:\Windows\System\LXjCFFf.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\irgkBTt.exe
  C:\Windows\System\irgkBTt.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\ZfXzjSs.exe
  C:\Windows\System\ZfXzjSs.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\SzMTtSP.exe
  C:\Windows\System\SzMTtSP.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\uvEZdnh.exe
  C:\Windows\System\uvEZdnh.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\mgZVMCj.exe
  C:\Windows\System\mgZVMCj.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\wVUDvTV.exe
  C:\Windows\System\wVUDvTV.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\jpuoPCh.exe
  C:\Windows\System\jpuoPCh.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\fnLLBNl.exe
  C:\Windows\System\fnLLBNl.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\oOYdBnn.exe
  C:\Windows\System\oOYdBnn.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\uWJDKZW.exe
  C:\Windows\System\uWJDKZW.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\MXoBQEi.exe
  C:\Windows\System\MXoBQEi.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\iykeFov.exe
  C:\Windows\System\iykeFov.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\THAntcH.exe
  C:\Windows\System\THAntcH.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\ZzUVhTf.exe
  C:\Windows\System\ZzUVhTf.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\BXZBMdj.exe
  C:\Windows\System\BXZBMdj.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\nmXDmZC.exe
  C:\Windows\System\nmXDmZC.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\WgkNtgE.exe
  C:\Windows\System\WgkNtgE.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\wWVjiQR.exe
  C:\Windows\System\wWVjiQR.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\kgJicEP.exe
  C:\Windows\System\kgJicEP.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\KWRWSEy.exe
  C:\Windows\System\KWRWSEy.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\YHcYfpQ.exe
  C:\Windows\System\YHcYfpQ.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\LSVzNiu.exe
  C:\Windows\System\LSVzNiu.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\MXFpnVh.exe
  C:\Windows\System\MXFpnVh.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\zqzjAxZ.exe
  C:\Windows\System\zqzjAxZ.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\wXUlBrE.exe
  C:\Windows\System\wXUlBrE.exe
  2⤵
  - Executes dropped EXE
  PID:488
- C:\Windows\System\FxBLBIw.exe
  C:\Windows\System\FxBLBIw.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\rFxrZnP.exe
  C:\Windows\System\rFxrZnP.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\vdPVJOK.exe
  C:\Windows\System\vdPVJOK.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\XIVGRNn.exe
  C:\Windows\System\XIVGRNn.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\QXlGASL.exe
  C:\Windows\System\QXlGASL.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\PflKtvv.exe
  C:\Windows\System\PflKtvv.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\JgDZQVg.exe
  C:\Windows\System\JgDZQVg.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\ZjGMtMP.exe
  C:\Windows\System\ZjGMtMP.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\irKIOsl.exe
  C:\Windows\System\irKIOsl.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\KlhulfN.exe
  C:\Windows\System\KlhulfN.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\OScZXrg.exe
  C:\Windows\System\OScZXrg.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\qVdlmtz.exe
  C:\Windows\System\qVdlmtz.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\FuXOBdc.exe
  C:\Windows\System\FuXOBdc.exe
  2⤵
  - Executes dropped EXE
  PID:304
- C:\Windows\System\jGtauxG.exe
  C:\Windows\System\jGtauxG.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\qDdKFUf.exe
  C:\Windows\System\qDdKFUf.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\QoqMimD.exe
  C:\Windows\System\QoqMimD.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\nsbbgqq.exe
  C:\Windows\System\nsbbgqq.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\PcazUcA.exe
  C:\Windows\System\PcazUcA.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\UxvgdIl.exe
  C:\Windows\System\UxvgdIl.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\NIcXNWR.exe
  C:\Windows\System\NIcXNWR.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\jgphmdT.exe
  C:\Windows\System\jgphmdT.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\zWOCZbG.exe
  C:\Windows\System\zWOCZbG.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\DOobduM.exe
  C:\Windows\System\DOobduM.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\pkmNEBR.exe
  C:\Windows\System\pkmNEBR.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\lnhqvJk.exe
  C:\Windows\System\lnhqvJk.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\LmIEVUz.exe
  C:\Windows\System\LmIEVUz.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\klQiJhI.exe
  C:\Windows\System\klQiJhI.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\NKYIYUE.exe
  C:\Windows\System\NKYIYUE.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\dFEtjML.exe
  C:\Windows\System\dFEtjML.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\iHHjDOG.exe
  C:\Windows\System\iHHjDOG.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\AmrFOvB.exe
  C:\Windows\System\AmrFOvB.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\cuyWCpq.exe
  C:\Windows\System\cuyWCpq.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\eRsSJym.exe
  C:\Windows\System\eRsSJym.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\DshHGTy.exe
  C:\Windows\System\DshHGTy.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\FjfAAoO.exe
  C:\Windows\System\FjfAAoO.exe
  2⤵
  PID:2600
- C:\Windows\System\ADEfwLM.exe
  C:\Windows\System\ADEfwLM.exe
  2⤵
  PID:2584
- C:\Windows\System\tskVjji.exe
  C:\Windows\System\tskVjji.exe
  2⤵
  PID:2412
- C:\Windows\System\YAeKMyv.exe
  C:\Windows\System\YAeKMyv.exe
  2⤵
  PID:1832
- C:\Windows\System\IDZsZUa.exe
  C:\Windows\System\IDZsZUa.exe
  2⤵
  PID:1920
- C:\Windows\System\EqxckfS.exe
  C:\Windows\System\EqxckfS.exe
  2⤵
  PID:1904
- C:\Windows\System\KFisNsh.exe
  C:\Windows\System\KFisNsh.exe
  2⤵
  PID:1936
- C:\Windows\System\ljgvzmu.exe
  C:\Windows\System\ljgvzmu.exe
  2⤵
  PID:2888
- C:\Windows\System\OxPjsTb.exe
  C:\Windows\System\OxPjsTb.exe
  2⤵
  PID:1956
- C:\Windows\System\qqeyYkR.exe
  C:\Windows\System\qqeyYkR.exe
  2⤵
  PID:2956
- C:\Windows\System\LahHHDB.exe
  C:\Windows\System\LahHHDB.exe
  2⤵
  PID:2372
- C:\Windows\System\xQpSGFi.exe
  C:\Windows\System\xQpSGFi.exe
  2⤵
  PID:1760
- C:\Windows\System\ONjItaj.exe
  C:\Windows\System\ONjItaj.exe
  2⤵
  PID:796
- C:\Windows\System\UNTnuAc.exe
  C:\Windows\System\UNTnuAc.exe
  2⤵
  PID:656
- C:\Windows\System\uulBlTl.exe
  C:\Windows\System\uulBlTl.exe
  2⤵
  PID:2280
- C:\Windows\System\MgKSxEJ.exe
  C:\Windows\System\MgKSxEJ.exe
  2⤵
  PID:1848
- C:\Windows\System\DrOxpxZ.exe
  C:\Windows\System\DrOxpxZ.exe
  2⤵
  PID:1304
- C:\Windows\System\myOCwCj.exe
  C:\Windows\System\myOCwCj.exe
  2⤵
  PID:2308
- C:\Windows\System\GmIjtfQ.exe
  C:\Windows\System\GmIjtfQ.exe
  2⤵
  PID:960
- C:\Windows\System\iJucmCH.exe
  C:\Windows\System\iJucmCH.exe
  2⤵
  PID:1584
- C:\Windows\System\qVJIuXv.exe
  C:\Windows\System\qVJIuXv.exe
  2⤵
  PID:1612
- C:\Windows\System\cnnNfDT.exe
  C:\Windows\System\cnnNfDT.exe
  2⤵
  PID:860
- C:\Windows\System\zgYNvrB.exe
  C:\Windows\System\zgYNvrB.exe
  2⤵
  PID:972
- C:\Windows\System\vnXCnct.exe
  C:\Windows\System\vnXCnct.exe
  2⤵
  PID:1944
- C:\Windows\System\YAHBBEF.exe
  C:\Windows\System\YAHBBEF.exe
  2⤵
  PID:1288
- C:\Windows\System\wOzfloy.exe
  C:\Windows\System\wOzfloy.exe
  2⤵
  PID:2824
- C:\Windows\System\ifkNzjz.exe
  C:\Windows\System\ifkNzjz.exe
  2⤵
  PID:1900
- C:\Windows\System\UCHAeOA.exe
  C:\Windows\System\UCHAeOA.exe
  2⤵
  PID:2876
- C:\Windows\System\xgxZeaT.exe
  C:\Windows\System\xgxZeaT.exe
  2⤵
  PID:2068
- C:\Windows\System\naGtTkn.exe
  C:\Windows\System\naGtTkn.exe
  2⤵
  PID:2992
- C:\Windows\System\JMYJuqN.exe
  C:\Windows\System\JMYJuqN.exe
  2⤵
  PID:3032
- C:\Windows\System\UdYlruU.exe
  C:\Windows\System\UdYlruU.exe
  2⤵
  PID:3024
- C:\Windows\System\CLeGZsv.exe
  C:\Windows\System\CLeGZsv.exe
  2⤵
  PID:1888
- C:\Windows\System\fsjgLYk.exe
  C:\Windows\System\fsjgLYk.exe
  2⤵
  PID:2480
- C:\Windows\System\YNulmOI.exe
  C:\Windows\System\YNulmOI.exe
  2⤵
  PID:2484
- C:\Windows\System\tQxRNMU.exe
  C:\Windows\System\tQxRNMU.exe
  2⤵
  PID:2964
- C:\Windows\System\bXilqRF.exe
  C:\Windows\System\bXilqRF.exe
  2⤵
  PID:1684
- C:\Windows\System\OzJvAsx.exe
  C:\Windows\System\OzJvAsx.exe
  2⤵
  PID:2352
- C:\Windows\System\VDrmBZo.exe
  C:\Windows\System\VDrmBZo.exe
  2⤵
  PID:1648
- C:\Windows\System\caaVnWh.exe
  C:\Windows\System\caaVnWh.exe
  2⤵
  PID:2320
- C:\Windows\System\CqAAgav.exe
  C:\Windows\System\CqAAgav.exe
  2⤵
  PID:2056
- C:\Windows\System\gHsEMjk.exe
  C:\Windows\System\gHsEMjk.exe
  2⤵
  PID:412
- C:\Windows\System\WvlMPek.exe
  C:\Windows\System\WvlMPek.exe
  2⤵
  PID:1660
- C:\Windows\System\aLxEXQA.exe
  C:\Windows\System\aLxEXQA.exe
  2⤵
  PID:3036
- C:\Windows\System\IXFfuDu.exe
  C:\Windows\System\IXFfuDu.exe
  2⤵
  PID:1188
- C:\Windows\System\pxajtKi.exe
  C:\Windows\System\pxajtKi.exe
  2⤵
  PID:1636
- C:\Windows\System\RYTwuWq.exe
  C:\Windows\System\RYTwuWq.exe
  2⤵
  PID:2852
- C:\Windows\System\QJjzkld.exe
  C:\Windows\System\QJjzkld.exe
  2⤵
  PID:724
- C:\Windows\System\DaZysGM.exe
  C:\Windows\System\DaZysGM.exe
  2⤵
  PID:2180
- C:\Windows\System\IlqOJiG.exe
  C:\Windows\System\IlqOJiG.exe
  2⤵
  PID:908
- C:\Windows\System\UYFonvt.exe
  C:\Windows\System\UYFonvt.exe
  2⤵
  PID:900
- C:\Windows\System\zEOAShO.exe
  C:\Windows\System\zEOAShO.exe
  2⤵
  PID:2116
- C:\Windows\System\PLrOUVk.exe
  C:\Windows\System\PLrOUVk.exe
  2⤵
  PID:956
- C:\Windows\System\CTYwKRr.exe
  C:\Windows\System\CTYwKRr.exe
  2⤵
  PID:2576
- C:\Windows\System\RvZhGkK.exe
  C:\Windows\System\RvZhGkK.exe
  2⤵
  PID:2684
- C:\Windows\System\YvKIVXG.exe
  C:\Windows\System\YvKIVXG.exe
  2⤵
  PID:1720
- C:\Windows\System\GlTKOdt.exe
  C:\Windows\System\GlTKOdt.exe
  2⤵
  PID:2532
- C:\Windows\System\TIStdLy.exe
  C:\Windows\System\TIStdLy.exe
  2⤵
  PID:2572
- C:\Windows\System\uONdwVf.exe
  C:\Windows\System\uONdwVf.exe
  2⤵
  PID:1352
- C:\Windows\System\KZquMxD.exe
  C:\Windows\System\KZquMxD.exe
  2⤵
  PID:2820
- C:\Windows\System\FCorkix.exe
  C:\Windows\System\FCorkix.exe
  2⤵
  PID:784
- C:\Windows\System\bbeeYtD.exe
  C:\Windows\System\bbeeYtD.exe
  2⤵
  PID:1280
- C:\Windows\System\sdSgiOL.exe
  C:\Windows\System\sdSgiOL.exe
  2⤵
  PID:380
- C:\Windows\System\mstLrzS.exe
  C:\Windows\System\mstLrzS.exe
  2⤵
  PID:564
- C:\Windows\System\mhdMfAU.exe
  C:\Windows\System\mhdMfAU.exe
  2⤵
  PID:2408
- C:\Windows\System\YhdNqhn.exe
  C:\Windows\System\YhdNqhn.exe
  2⤵
  PID:3052
- C:\Windows\System\NsptFhE.exe
  C:\Windows\System\NsptFhE.exe
  2⤵
  PID:1788
- C:\Windows\System\YidoAIk.exe
  C:\Windows\System\YidoAIk.exe
  2⤵
  PID:1780
- C:\Windows\System\kBjFaAC.exe
  C:\Windows\System\kBjFaAC.exe
  2⤵
  PID:576
- C:\Windows\System\LPbZbBw.exe
  C:\Windows\System\LPbZbBw.exe
  2⤵
  PID:1124
- C:\Windows\System\FfDbZtn.exe
  C:\Windows\System\FfDbZtn.exe
  2⤵
  PID:1600
- C:\Windows\System\AxdaCDY.exe
  C:\Windows\System\AxdaCDY.exe
  2⤵
  PID:2044
- C:\Windows\System\rbwGPZg.exe
  C:\Windows\System\rbwGPZg.exe
  2⤵
  PID:1880
- C:\Windows\System\RnELBXl.exe
  C:\Windows\System\RnELBXl.exe
  2⤵
  PID:2108
- C:\Windows\System\lutzLLM.exe
  C:\Windows\System\lutzLLM.exe
  2⤵
  PID:692
- C:\Windows\System\AseVMcm.exe
  C:\Windows\System\AseVMcm.exe
  2⤵
  PID:2844
- C:\Windows\System\UzwtvDI.exe
  C:\Windows\System\UzwtvDI.exe
  2⤵
  PID:3088
- C:\Windows\System\acDfPPx.exe
  C:\Windows\System\acDfPPx.exe
  2⤵
  PID:3104
- C:\Windows\System\mSDYzph.exe
  C:\Windows\System\mSDYzph.exe
  2⤵
  PID:3124
- C:\Windows\System\PhpEcld.exe
  C:\Windows\System\PhpEcld.exe
  2⤵
  PID:3140
- C:\Windows\System\RczRPUU.exe
  C:\Windows\System\RczRPUU.exe
  2⤵
  PID:3160
- C:\Windows\System\dwcgADl.exe
  C:\Windows\System\dwcgADl.exe
  2⤵
  PID:3180
- C:\Windows\System\WHcGwrv.exe
  C:\Windows\System\WHcGwrv.exe
  2⤵
  PID:3200
- C:\Windows\System\swthaaD.exe
  C:\Windows\System\swthaaD.exe
  2⤵
  PID:3216
- C:\Windows\System\glfFzrm.exe
  C:\Windows\System\glfFzrm.exe
  2⤵
  PID:3236
- C:\Windows\System\AzlQdkF.exe
  C:\Windows\System\AzlQdkF.exe
  2⤵
  PID:3252
- C:\Windows\System\reQVgIE.exe
  C:\Windows\System\reQVgIE.exe
  2⤵
  PID:3272
- C:\Windows\System\cBhWflO.exe
  C:\Windows\System\cBhWflO.exe
  2⤵
  PID:3288
- C:\Windows\System\qHgmcXZ.exe
  C:\Windows\System\qHgmcXZ.exe
  2⤵
  PID:3312
- C:\Windows\System\WjDxUsP.exe
  C:\Windows\System\WjDxUsP.exe
  2⤵
  PID:3328
- C:\Windows\System\QozfCkL.exe
  C:\Windows\System\QozfCkL.exe
  2⤵
  PID:3372
- C:\Windows\System\UejZIsz.exe
  C:\Windows\System\UejZIsz.exe
  2⤵
  PID:3388
- C:\Windows\System\JxGvdDH.exe
  C:\Windows\System\JxGvdDH.exe
  2⤵
  PID:3412
- C:\Windows\System\SGiKHka.exe
  C:\Windows\System\SGiKHka.exe
  2⤵
  PID:3428
- C:\Windows\System\qMFpbIC.exe
  C:\Windows\System\qMFpbIC.exe
  2⤵
  PID:3452
- C:\Windows\System\FoivCXu.exe
  C:\Windows\System\FoivCXu.exe
  2⤵
  PID:3468
- C:\Windows\System\SKzFoag.exe
  C:\Windows\System\SKzFoag.exe
  2⤵
  PID:3488
- C:\Windows\System\XUseeoE.exe
  C:\Windows\System\XUseeoE.exe
  2⤵
  PID:3504
- C:\Windows\System\PKnolDj.exe
  C:\Windows\System\PKnolDj.exe
  2⤵
  PID:3524
- C:\Windows\System\juqXsrR.exe
  C:\Windows\System\juqXsrR.exe
  2⤵
  PID:3540
- C:\Windows\System\lhGghtV.exe
  C:\Windows\System\lhGghtV.exe
  2⤵
  PID:3560
- C:\Windows\System\HMvTygC.exe
  C:\Windows\System\HMvTygC.exe
  2⤵
  PID:3580
- C:\Windows\System\AklhHCE.exe
  C:\Windows\System\AklhHCE.exe
  2⤵
  PID:3596
- C:\Windows\System\yBvMrdf.exe
  C:\Windows\System\yBvMrdf.exe
  2⤵
  PID:3616
- C:\Windows\System\ATrodgL.exe
  C:\Windows\System\ATrodgL.exe
  2⤵
  PID:3632
- C:\Windows\System\onQfcaj.exe
  C:\Windows\System\onQfcaj.exe
  2⤵
  PID:3652
- C:\Windows\System\qKgmqPy.exe
  C:\Windows\System\qKgmqPy.exe
  2⤵
  PID:3668
- C:\Windows\System\GtPwjxr.exe
  C:\Windows\System\GtPwjxr.exe
  2⤵
  PID:3684
- C:\Windows\System\txSkAqk.exe
  C:\Windows\System\txSkAqk.exe
  2⤵
  PID:3748
- C:\Windows\System\UrkLfNE.exe
  C:\Windows\System\UrkLfNE.exe
  2⤵
  PID:3768
- C:\Windows\System\JREavZu.exe
  C:\Windows\System\JREavZu.exe
  2⤵
  PID:3788
- C:\Windows\System\ZYUCCyo.exe
  C:\Windows\System\ZYUCCyo.exe
  2⤵
  PID:3804
- C:\Windows\System\bzJqyXm.exe
  C:\Windows\System\bzJqyXm.exe
  2⤵
  PID:3820
- C:\Windows\System\WsxIdOp.exe
  C:\Windows\System\WsxIdOp.exe
  2⤵
  PID:3840
- C:\Windows\System\IbxeKZG.exe
  C:\Windows\System\IbxeKZG.exe
  2⤵
  PID:3856
- C:\Windows\System\bTgUSyq.exe
  C:\Windows\System\bTgUSyq.exe
  2⤵
  PID:3872
- C:\Windows\System\XzXRDYP.exe
  C:\Windows\System\XzXRDYP.exe
  2⤵
  PID:3888
- C:\Windows\System\DHQpzUG.exe
  C:\Windows\System\DHQpzUG.exe
  2⤵
  PID:3908
- C:\Windows\System\lwrSQJs.exe
  C:\Windows\System\lwrSQJs.exe
  2⤵
  PID:3924
- C:\Windows\System\taIzWWg.exe
  C:\Windows\System\taIzWWg.exe
  2⤵
  PID:3940
- C:\Windows\System\pitImfT.exe
  C:\Windows\System\pitImfT.exe
  2⤵
  PID:3960
- C:\Windows\System\nAfdrnV.exe
  C:\Windows\System\nAfdrnV.exe
  2⤵
  PID:3976
- C:\Windows\System\dOKNtTa.exe
  C:\Windows\System\dOKNtTa.exe
  2⤵
  PID:3992
- C:\Windows\System\frLPQHM.exe
  C:\Windows\System\frLPQHM.exe
  2⤵
  PID:4012
- C:\Windows\System\hoKgsJG.exe
  C:\Windows\System\hoKgsJG.exe
  2⤵
  PID:4028
- C:\Windows\System\npzACFo.exe
  C:\Windows\System\npzACFo.exe
  2⤵
  PID:4044
- C:\Windows\System\jVSiiQk.exe
  C:\Windows\System\jVSiiQk.exe
  2⤵
  PID:4060
- C:\Windows\System\VWCOQEU.exe
  C:\Windows\System\VWCOQEU.exe
  2⤵
  PID:4080
- C:\Windows\System\NseKeuF.exe
  C:\Windows\System\NseKeuF.exe
  2⤵
  PID:968
- C:\Windows\System\TNDCCjA.exe
  C:\Windows\System\TNDCCjA.exe
  2⤵
  PID:3008
- C:\Windows\System\gziYBgU.exe
  C:\Windows\System\gziYBgU.exe
  2⤵
  PID:1436
- C:\Windows\System\xFRprlm.exe
  C:\Windows\System\xFRprlm.exe
  2⤵
  PID:3084
- C:\Windows\System\TCxucpN.exe
  C:\Windows\System\TCxucpN.exe
  2⤵
  PID:3116
- C:\Windows\System\zbUhkBF.exe
  C:\Windows\System\zbUhkBF.exe
  2⤵
  PID:2612
- C:\Windows\System\dGXHJwd.exe
  C:\Windows\System\dGXHJwd.exe
  2⤵
  PID:3212
- C:\Windows\System\BeqAywT.exe
  C:\Windows\System\BeqAywT.exe
  2⤵
  PID:3336
- C:\Windows\System\qyDHJCO.exe
  C:\Windows\System\qyDHJCO.exe
  2⤵
  PID:3352
- C:\Windows\System\TmxPvqf.exe
  C:\Windows\System\TmxPvqf.exe
  2⤵
  PID:3368
- C:\Windows\System\Hgefpgd.exe
  C:\Windows\System\Hgefpgd.exe
  2⤵
  PID:3408
- C:\Windows\System\RoJVeQf.exe
  C:\Windows\System\RoJVeQf.exe
  2⤵
  PID:3440
- C:\Windows\System\ErYCGNz.exe
  C:\Windows\System\ErYCGNz.exe
  2⤵
  PID:3520
- C:\Windows\System\FpCcDGZ.exe
  C:\Windows\System\FpCcDGZ.exe
  2⤵
  PID:3552
- C:\Windows\System\AEUFfdZ.exe
  C:\Windows\System\AEUFfdZ.exe
  2⤵
  PID:3496
- C:\Windows\System\OwAVorP.exe
  C:\Windows\System\OwAVorP.exe
  2⤵
  PID:3608
- C:\Windows\System\EKeUFui.exe
  C:\Windows\System\EKeUFui.exe
  2⤵
  PID:3680
- C:\Windows\System\TcPSFSJ.exe
  C:\Windows\System\TcPSFSJ.exe
  2⤵
  PID:3640
- C:\Windows\System\encnTUd.exe
  C:\Windows\System\encnTUd.exe
  2⤵
  PID:2540
- C:\Windows\System\szCkuIf.exe
  C:\Windows\System\szCkuIf.exe
  2⤵
  PID:3832
- C:\Windows\System\QFxapKf.exe
  C:\Windows\System\QFxapKf.exe
  2⤵
  PID:4008
- C:\Windows\System\oLUHNpY.exe
  C:\Windows\System\oLUHNpY.exe
  2⤵
  PID:4076
- C:\Windows\System\whffzRI.exe
  C:\Windows\System\whffzRI.exe
  2⤵
  PID:3796
- C:\Windows\System\QdnJcqp.exe
  C:\Windows\System\QdnJcqp.exe
  2⤵
  PID:3624
- C:\Windows\System\uSXcxlc.exe
  C:\Windows\System\uSXcxlc.exe
  2⤵
  PID:3692
- C:\Windows\System\MzjklAd.exe
  C:\Windows\System\MzjklAd.exe
  2⤵
  PID:3732
- C:\Windows\System\tjikyjc.exe
  C:\Windows\System\tjikyjc.exe
  2⤵
  PID:1108
- C:\Windows\System\yuOTWGe.exe
  C:\Windows\System\yuOTWGe.exe
  2⤵
  PID:3852
- C:\Windows\System\NhYoBtB.exe
  C:\Windows\System\NhYoBtB.exe
  2⤵
  PID:3948
- C:\Windows\System\aaQprPF.exe
  C:\Windows\System\aaQprPF.exe
  2⤵
  PID:4024
- C:\Windows\System\IZgfqrT.exe
  C:\Windows\System\IZgfqrT.exe
  2⤵
  PID:1984
- C:\Windows\System\FNZEyXr.exe
  C:\Windows\System\FNZEyXr.exe
  2⤵
  PID:3004
- C:\Windows\System\nBuKaxq.exe
  C:\Windows\System\nBuKaxq.exe
  2⤵
  PID:2804
- C:\Windows\System\xupneZO.exe
  C:\Windows\System\xupneZO.exe
  2⤵
  PID:3228
- C:\Windows\System\SyBvKwg.exe
  C:\Windows\System\SyBvKwg.exe
  2⤵
  PID:1360
- C:\Windows\System\LRJuXla.exe
  C:\Windows\System\LRJuXla.exe
  2⤵
  PID:1756
- C:\Windows\System\etSKSaD.exe
  C:\Windows\System\etSKSaD.exe
  2⤵
  PID:3300
- C:\Windows\System\iFnZkqE.exe
  C:\Windows\System\iFnZkqE.exe
  2⤵
  PID:568
- C:\Windows\System\UtNTsdM.exe
  C:\Windows\System\UtNTsdM.exe
  2⤵
  PID:3100
- C:\Windows\System\wPYabgQ.exe
  C:\Windows\System\wPYabgQ.exe
  2⤵
  PID:2632
- C:\Windows\System\HFbmswK.exe
  C:\Windows\System\HFbmswK.exe
  2⤵
  PID:3484
- C:\Windows\System\QNcRYGo.exe
  C:\Windows\System\QNcRYGo.exe
  2⤵
  PID:2924
- C:\Windows\System\csTrXcW.exe
  C:\Windows\System\csTrXcW.exe
  2⤵
  PID:2264
- C:\Windows\System\nEfpKJy.exe
  C:\Windows\System\nEfpKJy.exe
  2⤵
  PID:3360
- C:\Windows\System\NzLYkrU.exe
  C:\Windows\System\NzLYkrU.exe
  2⤵
  PID:3380
- C:\Windows\System\HCPJBOX.exe
  C:\Windows\System\HCPJBOX.exe
  2⤵
  PID:1328
- C:\Windows\System\pDbCcyO.exe
  C:\Windows\System\pDbCcyO.exe
  2⤵
  PID:1552
- C:\Windows\System\JPgxIUq.exe
  C:\Windows\System\JPgxIUq.exe
  2⤵
  PID:3448
- C:\Windows\System\pSePzWI.exe
  C:\Windows\System\pSePzWI.exe
  2⤵
  PID:1500
- C:\Windows\System\Ptvevze.exe
  C:\Windows\System\Ptvevze.exe
  2⤵
  PID:2672
- C:\Windows\System\TMyXeBA.exe
  C:\Windows\System\TMyXeBA.exe
  2⤵
  PID:1836
- C:\Windows\System\BvwxlyS.exe
  C:\Windows\System\BvwxlyS.exe
  2⤵
  PID:3904
- C:\Windows\System\RqTssgD.exe
  C:\Windows\System\RqTssgD.exe
  2⤵
  PID:1532
- C:\Windows\System\uXTbLmM.exe
  C:\Windows\System\uXTbLmM.exe
  2⤵
  PID:3424
- C:\Windows\System\XmndJsG.exe
  C:\Windows\System\XmndJsG.exe
  2⤵
  PID:4040
- C:\Windows\System\NXKrQGk.exe
  C:\Windows\System\NXKrQGk.exe
  2⤵
  PID:3868
- C:\Windows\System\pIFnhAB.exe
  C:\Windows\System\pIFnhAB.exe
  2⤵
  PID:3076
- C:\Windows\System\ecRxKEH.exe
  C:\Windows\System\ecRxKEH.exe
  2⤵
  PID:3896
- C:\Windows\System\ogPQwqa.exe
  C:\Windows\System\ogPQwqa.exe
  2⤵
  PID:952
- C:\Windows\System\JdbyuwJ.exe
  C:\Windows\System\JdbyuwJ.exe
  2⤵
  PID:4020
- C:\Windows\System\gxcSsyl.exe
  C:\Windows\System\gxcSsyl.exe
  2⤵
  PID:312
- C:\Windows\System\UEGvUPV.exe
  C:\Windows\System\UEGvUPV.exe
  2⤵
  PID:3304
- C:\Windows\System\cqEztVl.exe
  C:\Windows\System\cqEztVl.exe
  2⤵
  PID:1896
- C:\Windows\System\WzrhflY.exe
  C:\Windows\System\WzrhflY.exe
  2⤵
  PID:3320
- C:\Windows\System\FjMVQnb.exe
  C:\Windows\System\FjMVQnb.exe
  2⤵
  PID:3404
- C:\Windows\System\NJgLTqS.exe
  C:\Windows\System\NJgLTqS.exe
  2⤵
  PID:3112
- C:\Windows\System\JsDOCzm.exe
  C:\Windows\System\JsDOCzm.exe
  2⤵
  PID:2664
- C:\Windows\System\bYYOdYL.exe
  C:\Windows\System\bYYOdYL.exe
  2⤵
  PID:1184
- C:\Windows\System\VyrOvOa.exe
  C:\Windows\System\VyrOvOa.exe
  2⤵
  PID:3384
- C:\Windows\System\MFjVVNj.exe
  C:\Windows\System\MFjVVNj.exe
  2⤵
  PID:2812
- C:\Windows\System\OGgRcba.exe
  C:\Windows\System\OGgRcba.exe
  2⤵
  PID:3676
- C:\Windows\System\OZHOvqJ.exe
  C:\Windows\System\OZHOvqJ.exe
  2⤵
  PID:3576
- C:\Windows\System\VullGic.exe
  C:\Windows\System\VullGic.exe
  2⤵
  PID:3592
- C:\Windows\System\sgjHahg.exe
  C:\Windows\System\sgjHahg.exe
  2⤵
  PID:3436
- C:\Windows\System\jhHWUCY.exe
  C:\Windows\System\jhHWUCY.exe
  2⤵
  PID:3972
- C:\Windows\System\mBuEPod.exe
  C:\Windows\System\mBuEPod.exe
  2⤵
  PID:3056
- C:\Windows\System\cFVWGTX.exe
  C:\Windows\System\cFVWGTX.exe
  2⤵
  PID:848
- C:\Windows\System\SSPbiTi.exe
  C:\Windows\System\SSPbiTi.exe
  2⤵
  PID:3816
- C:\Windows\System\rKCgjYO.exe
  C:\Windows\System\rKCgjYO.exe
  2⤵
  PID:1676
- C:\Windows\System\nBuKlhc.exe
  C:\Windows\System\nBuKlhc.exe
  2⤵
  PID:2676
- C:\Windows\System\PtTEBPJ.exe
  C:\Windows\System\PtTEBPJ.exe
  2⤵
  PID:4056
- C:\Windows\System\MfdAflP.exe
  C:\Windows\System\MfdAflP.exe
  2⤵
  PID:3264
- C:\Windows\System\MyJpTiB.exe
  C:\Windows\System\MyJpTiB.exe
  2⤵
  PID:2496
- C:\Windows\System\kXdItVA.exe
  C:\Windows\System\kXdItVA.exe
  2⤵
  PID:336
- C:\Windows\System\BPDCRLm.exe
  C:\Windows\System\BPDCRLm.exe
  2⤵
  PID:3396
- C:\Windows\System\uHtVcPX.exe
  C:\Windows\System\uHtVcPX.exe
  2⤵
  PID:3280
- C:\Windows\System\KRAuuvE.exe
  C:\Windows\System\KRAuuvE.exe
  2⤵
  PID:3968
- C:\Windows\System\UYxsbYC.exe
  C:\Windows\System\UYxsbYC.exe
  2⤵
  PID:3248
- C:\Windows\System\TKbgKFU.exe
  C:\Windows\System\TKbgKFU.exe
  2⤵
  PID:3192
- C:\Windows\System\haWKepC.exe
  C:\Windows\System\haWKepC.exe
  2⤵
  PID:3716
- C:\Windows\System\xlVpzKA.exe
  C:\Windows\System\xlVpzKA.exe
  2⤵
  PID:2420
- C:\Windows\System\Bfzaeyd.exe
  C:\Windows\System\Bfzaeyd.exe
  2⤵
  PID:3848
- C:\Windows\System\YnexqEx.exe
  C:\Windows\System\YnexqEx.exe
  2⤵
  PID:3284
- C:\Windows\System\YrptRBM.exe
  C:\Windows\System\YrptRBM.exe
  2⤵
  PID:2520
- C:\Windows\System\rGZWBSA.exe
  C:\Windows\System\rGZWBSA.exe
  2⤵
  PID:3028
- C:\Windows\System\gWcpEhm.exe
  C:\Windows\System\gWcpEhm.exe
  2⤵
  PID:2744
- C:\Windows\System\CkfgrwP.exe
  C:\Windows\System\CkfgrwP.exe
  2⤵
  PID:3548
- C:\Windows\System\jKbjYmG.exe
  C:\Windows\System\jKbjYmG.exe
  2⤵
  PID:3060
- C:\Windows\System\TgqxLGP.exe
  C:\Windows\System\TgqxLGP.exe
  2⤵
  PID:3660
- C:\Windows\System\LwPvcqg.exe
  C:\Windows\System\LwPvcqg.exe
  2⤵
  PID:1672
- C:\Windows\System\yMaFjkf.exe
  C:\Windows\System\yMaFjkf.exe
  2⤵
  PID:3296
- C:\Windows\System\SjxxECW.exe
  C:\Windows\System\SjxxECW.exe
  2⤵
  PID:4100
- C:\Windows\System\SjEJUms.exe
  C:\Windows\System\SjEJUms.exe
  2⤵
  PID:4116
- C:\Windows\System\IUpUFZK.exe
  C:\Windows\System\IUpUFZK.exe
  2⤵
  PID:4140
- C:\Windows\System\XHdpbbS.exe
  C:\Windows\System\XHdpbbS.exe
  2⤵
  PID:4184
- C:\Windows\System\XbsvOWr.exe
  C:\Windows\System\XbsvOWr.exe
  2⤵
  PID:4200
- C:\Windows\System\KwvkAeI.exe
  C:\Windows\System\KwvkAeI.exe
  2⤵
  PID:4224
- C:\Windows\System\ZPBYYgG.exe
  C:\Windows\System\ZPBYYgG.exe
  2⤵
  PID:4244
- C:\Windows\System\FeMsEDu.exe
  C:\Windows\System\FeMsEDu.exe
  2⤵
  PID:4260
- C:\Windows\System\gdxRNCC.exe
  C:\Windows\System\gdxRNCC.exe
  2⤵
  PID:4276
- C:\Windows\System\ahxkLOX.exe
  C:\Windows\System\ahxkLOX.exe
  2⤵
  PID:4296
- C:\Windows\System\UHFQIbx.exe
  C:\Windows\System\UHFQIbx.exe
  2⤵
  PID:4312
- C:\Windows\System\HMGOPcz.exe
  C:\Windows\System\HMGOPcz.exe
  2⤵
  PID:4336
- C:\Windows\System\camohQl.exe
  C:\Windows\System\camohQl.exe
  2⤵
  PID:4352
- C:\Windows\System\lwKAbJR.exe
  C:\Windows\System\lwKAbJR.exe
  2⤵
  PID:4372
- C:\Windows\System\MgWIcUf.exe
  C:\Windows\System\MgWIcUf.exe
  2⤵
  PID:4392
- C:\Windows\System\HIvWKFx.exe
  C:\Windows\System\HIvWKFx.exe
  2⤵
  PID:4412
- C:\Windows\System\rUjrGyr.exe
  C:\Windows\System\rUjrGyr.exe
  2⤵
  PID:4432
- C:\Windows\System\qIlJVCU.exe
  C:\Windows\System\qIlJVCU.exe
  2⤵
  PID:4448
- C:\Windows\System\UYQaTqm.exe
  C:\Windows\System\UYQaTqm.exe
  2⤵
  PID:4464
- C:\Windows\System\LGPHYnv.exe
  C:\Windows\System\LGPHYnv.exe
  2⤵
  PID:4492
- C:\Windows\System\xlXhOhP.exe
  C:\Windows\System\xlXhOhP.exe
  2⤵
  PID:4512
- C:\Windows\System\ClcbrNR.exe
  C:\Windows\System\ClcbrNR.exe
  2⤵
  PID:4528
- C:\Windows\System\NMFDUcu.exe
  C:\Windows\System\NMFDUcu.exe
  2⤵
  PID:4544
- C:\Windows\System\blWzOPe.exe
  C:\Windows\System\blWzOPe.exe
  2⤵
  PID:4560
- C:\Windows\System\uPQxcUS.exe
  C:\Windows\System\uPQxcUS.exe
  2⤵
  PID:4580
- C:\Windows\System\uXARvRH.exe
  C:\Windows\System\uXARvRH.exe
  2⤵
  PID:4628
- C:\Windows\System\PWEbnjW.exe
  C:\Windows\System\PWEbnjW.exe
  2⤵
  PID:4644
- C:\Windows\System\KfMztLg.exe
  C:\Windows\System\KfMztLg.exe
  2⤵
  PID:4660
- C:\Windows\System\KHaghlz.exe
  C:\Windows\System\KHaghlz.exe
  2⤵
  PID:4700
- C:\Windows\System\WXdocjm.exe
  C:\Windows\System\WXdocjm.exe
  2⤵
  PID:4720
- C:\Windows\System\rLUCSyY.exe
  C:\Windows\System\rLUCSyY.exe
  2⤵
  PID:4740
- C:\Windows\System\TMtyTEZ.exe
  C:\Windows\System\TMtyTEZ.exe
  2⤵
  PID:4756
- C:\Windows\System\jHIghfp.exe
  C:\Windows\System\jHIghfp.exe
  2⤵
  PID:4776
- C:\Windows\System\cGsEyzh.exe
  C:\Windows\System\cGsEyzh.exe
  2⤵
  PID:4796
- C:\Windows\System\GDtwRFw.exe
  C:\Windows\System\GDtwRFw.exe
  2⤵
  PID:4816
- C:\Windows\System\WKwxyAG.exe
  C:\Windows\System\WKwxyAG.exe
  2⤵
  PID:4832
- C:\Windows\System\oFBPniG.exe
  C:\Windows\System\oFBPniG.exe
  2⤵
  PID:4848
- C:\Windows\System\jBxRMwN.exe
  C:\Windows\System\jBxRMwN.exe
  2⤵
  PID:4864
- C:\Windows\System\teRnqGW.exe
  C:\Windows\System\teRnqGW.exe
  2⤵
  PID:4884
- C:\Windows\System\XSyiPbW.exe
  C:\Windows\System\XSyiPbW.exe
  2⤵
  PID:4904
- C:\Windows\System\bTmksKY.exe
  C:\Windows\System\bTmksKY.exe
  2⤵
  PID:4924
- C:\Windows\System\TozduBK.exe
  C:\Windows\System\TozduBK.exe
  2⤵
  PID:4940
- C:\Windows\System\nBxWDoX.exe
  C:\Windows\System\nBxWDoX.exe
  2⤵
  PID:4956
- C:\Windows\System\JkOhVyT.exe
  C:\Windows\System\JkOhVyT.exe
  2⤵
  PID:4976
- C:\Windows\System\fBEOeNo.exe
  C:\Windows\System\fBEOeNo.exe
  2⤵
  PID:4992
- C:\Windows\System\CrdGYQi.exe
  C:\Windows\System\CrdGYQi.exe
  2⤵
  PID:5008
- C:\Windows\System\aEmKXdw.exe
  C:\Windows\System\aEmKXdw.exe
  2⤵
  PID:5024
- C:\Windows\System\sYROZUE.exe
  C:\Windows\System\sYROZUE.exe
  2⤵
  PID:5040
- C:\Windows\System\xFhkDZq.exe
  C:\Windows\System\xFhkDZq.exe
  2⤵
  PID:5068
- C:\Windows\System\mygfPhM.exe
  C:\Windows\System\mygfPhM.exe
  2⤵
  PID:5088
- C:\Windows\System\iiUXrbt.exe
  C:\Windows\System\iiUXrbt.exe
  2⤵
  PID:5104
- C:\Windows\System\dzelewQ.exe
  C:\Windows\System\dzelewQ.exe
  2⤵
  PID:1668
- C:\Windows\System\pTCHJvp.exe
  C:\Windows\System\pTCHJvp.exe
  2⤵
  PID:1424
- C:\Windows\System\tFMedlK.exe
  C:\Windows\System\tFMedlK.exe
  2⤵
  PID:584
- C:\Windows\System\pZJsOxg.exe
  C:\Windows\System\pZJsOxg.exe
  2⤵
  PID:4180
- C:\Windows\System\uoLClbs.exe
  C:\Windows\System\uoLClbs.exe
  2⤵
  PID:4128
- C:\Windows\System\CBHDvBf.exe
  C:\Windows\System\CBHDvBf.exe
  2⤵
  PID:4208
- C:\Windows\System\fjIjbnx.exe
  C:\Windows\System\fjIjbnx.exe
  2⤵
  PID:4232
- C:\Windows\System\CUXRCrQ.exe
  C:\Windows\System\CUXRCrQ.exe
  2⤵
  PID:4288
- C:\Windows\System\pdvAgUx.exe
  C:\Windows\System\pdvAgUx.exe
  2⤵
  PID:4328
- C:\Windows\System\EKhkqEw.exe
  C:\Windows\System\EKhkqEw.exe
  2⤵
  PID:4360
- C:\Windows\System\kdfLGsg.exe
  C:\Windows\System\kdfLGsg.exe
  2⤵
  PID:4408
- C:\Windows\System\BYzhxJV.exe
  C:\Windows\System\BYzhxJV.exe
  2⤵
  PID:4480
- C:\Windows\System\VZSvKil.exe
  C:\Windows\System\VZSvKil.exe
  2⤵
  PID:4520
- C:\Windows\System\LZNGbuA.exe
  C:\Windows\System\LZNGbuA.exe
  2⤵
  PID:4308
- C:\Windows\System\MWBGgqI.exe
  C:\Windows\System\MWBGgqI.exe
  2⤵
  PID:4456
- C:\Windows\System\TfSKkKX.exe
  C:\Windows\System\TfSKkKX.exe
  2⤵
  PID:4508
- C:\Windows\System\FZaqANu.exe
  C:\Windows\System\FZaqANu.exe
  2⤵
  PID:4420
- C:\Windows\System\FKIENmR.exe
  C:\Windows\System\FKIENmR.exe
  2⤵
  PID:4624
- C:\Windows\System\IvCVHxs.exe
  C:\Windows\System\IvCVHxs.exe
  2⤵
  PID:4576
- C:\Windows\System\UONhiJZ.exe
  C:\Windows\System\UONhiJZ.exe
  2⤵
  PID:4712
- C:\Windows\System\UxIgGRq.exe
  C:\Windows\System\UxIgGRq.exe
  2⤵
  PID:4752
- C:\Windows\System\SJZydFm.exe
  C:\Windows\System\SJZydFm.exe
  2⤵
  PID:4792
- C:\Windows\System\pEhTeNb.exe
  C:\Windows\System\pEhTeNb.exe
  2⤵
  PID:4824
- C:\Windows\System\SzKiQuD.exe
  C:\Windows\System\SzKiQuD.exe
  2⤵
  PID:4896
- C:\Windows\System\nUUaaBG.exe
  C:\Windows\System\nUUaaBG.exe
  2⤵
  PID:4964
- C:\Windows\System\HkQlRqT.exe
  C:\Windows\System\HkQlRqT.exe
  2⤵
  PID:5004
- C:\Windows\System\bXjhJZY.exe
  C:\Windows\System\bXjhJZY.exe
  2⤵
  PID:4808
- C:\Windows\System\VtGdlhr.exe
  C:\Windows\System\VtGdlhr.exe
  2⤵
  PID:1916
- C:\Windows\System\cAUARCK.exe
  C:\Windows\System\cAUARCK.exe
  2⤵
  PID:3136
- C:\Windows\System\YiGFEhe.exe
  C:\Windows\System\YiGFEhe.exe
  2⤵
  PID:4872
- C:\Windows\System\qzNaYbm.exe
  C:\Windows\System\qzNaYbm.exe
  2⤵
  PID:4912
- C:\Windows\System\ivjQPLj.exe
  C:\Windows\System\ivjQPLj.exe
  2⤵
  PID:4988
- C:\Windows\System\pxXaxuN.exe
  C:\Windows\System\pxXaxuN.exe
  2⤵
  PID:4088
- C:\Windows\System\XChtvvR.exe
  C:\Windows\System\XChtvvR.exe
  2⤵
  PID:4148
- C:\Windows\System\PxxqwFa.exe
  C:\Windows\System\PxxqwFa.exe
  2⤵
  PID:4172
- C:\Windows\System\hkEdOan.exe
  C:\Windows\System\hkEdOan.exe
  2⤵
  PID:3460
- C:\Windows\System\IHXPVNW.exe
  C:\Windows\System\IHXPVNW.exe
  2⤵
  PID:2472
- C:\Windows\System\RjbPDnr.exe
  C:\Windows\System\RjbPDnr.exe
  2⤵
  PID:4212
- C:\Windows\System\EGyJcnU.exe
  C:\Windows\System\EGyJcnU.exe
  2⤵
  PID:4268
- C:\Windows\System\ToJJwdb.exe
  C:\Windows\System\ToJJwdb.exe
  2⤵
  PID:4304
- C:\Windows\System\soTBRRK.exe
  C:\Windows\System\soTBRRK.exe
  2⤵
  PID:4484
- C:\Windows\System\bDcIUWS.exe
  C:\Windows\System\bDcIUWS.exe
  2⤵
  PID:4332
- C:\Windows\System\aGieYwR.exe
  C:\Windows\System\aGieYwR.exe
  2⤵
  PID:4568
- C:\Windows\System\zXTvCrW.exe
  C:\Windows\System\zXTvCrW.exe
  2⤵
  PID:4748
- C:\Windows\System\rYPGNqm.exe
  C:\Windows\System\rYPGNqm.exe
  2⤵
  PID:4692
- C:\Windows\System\eKnkIbH.exe
  C:\Windows\System\eKnkIbH.exe
  2⤵
  PID:4772
- C:\Windows\System\jvmNXbP.exe
  C:\Windows\System\jvmNXbP.exe
  2⤵
  PID:5080
- C:\Windows\System\skedNsm.exe
  C:\Windows\System\skedNsm.exe
  2⤵
  PID:4500
- C:\Windows\System\oXWfBpo.exe
  C:\Windows\System\oXWfBpo.exe
  2⤵
  PID:4708
- C:\Windows\System\ckDagLj.exe
  C:\Windows\System\ckDagLj.exe
  2⤵
  PID:4892
- C:\Windows\System\pMifxgt.exe
  C:\Windows\System\pMifxgt.exe
  2⤵
  PID:5112
- C:\Windows\System\NQiFhPT.exe
  C:\Windows\System\NQiFhPT.exe
  2⤵
  PID:4916
- C:\Windows\System\GinxNmX.exe
  C:\Windows\System\GinxNmX.exe
  2⤵
  PID:1216
- C:\Windows\System\BxziVcN.exe
  C:\Windows\System\BxziVcN.exe
  2⤵
  PID:4840
- C:\Windows\System\UsKPpdu.exe
  C:\Windows\System\UsKPpdu.exe
  2⤵
  PID:2444
- C:\Windows\System\XkpXfUb.exe
  C:\Windows\System\XkpXfUb.exe
  2⤵
  PID:4220
- C:\Windows\System\bMrtMMi.exe
  C:\Windows\System\bMrtMMi.exe
  2⤵
  PID:4196
- C:\Windows\System\DdTDLhm.exe
  C:\Windows\System\DdTDLhm.exe
  2⤵
  PID:4216
- C:\Windows\System\XXaHXvC.exe
  C:\Windows\System\XXaHXvC.exe
  2⤵
  PID:4684
- C:\Windows\System\teVBYvZ.exe
  C:\Windows\System\teVBYvZ.exe
  2⤵
  PID:4936
- C:\Windows\System\OXzKrpb.exe
  C:\Windows\System\OXzKrpb.exe
  2⤵
  PID:4804
- C:\Windows\System\sfiYNtR.exe
  C:\Windows\System\sfiYNtR.exe
  2⤵
  PID:4972
- C:\Windows\System\SftashM.exe
  C:\Windows\System\SftashM.exe
  2⤵
  PID:4108
- C:\Windows\System\QymVLLX.exe
  C:\Windows\System\QymVLLX.exe
  2⤵
  PID:5076
- C:\Windows\System\AAvgBRE.exe
  C:\Windows\System\AAvgBRE.exe
  2⤵
  PID:4124
- C:\Windows\System\xfvZtli.exe
  C:\Windows\System\xfvZtli.exe
  2⤵
  PID:4764
- C:\Windows\System\HEgilVJ.exe
  C:\Windows\System\HEgilVJ.exe
  2⤵
  PID:3196
- C:\Windows\System\CXizMmM.exe
  C:\Windows\System\CXizMmM.exe
  2⤵
  PID:3532
- C:\Windows\System\bbWaUHZ.exe
  C:\Windows\System\bbWaUHZ.exe
  2⤵
  PID:5036
- C:\Windows\System\OvcWEMi.exe
  C:\Windows\System\OvcWEMi.exe
  2⤵
  PID:5096
- C:\Windows\System\lKCmQav.exe
  C:\Windows\System\lKCmQav.exe
  2⤵
  PID:4164
- C:\Windows\System\YSqJKqn.exe
  C:\Windows\System\YSqJKqn.exe
  2⤵
  PID:4844
- C:\Windows\System\JKMaAUP.exe
  C:\Windows\System\JKMaAUP.exe
  2⤵
  PID:5144
- C:\Windows\System\XkLIqiY.exe
  C:\Windows\System\XkLIqiY.exe
  2⤵
  PID:5160
- C:\Windows\System\zlRVeDc.exe
  C:\Windows\System\zlRVeDc.exe
  2⤵
  PID:5176
- C:\Windows\System\oBBpNTX.exe
  C:\Windows\System\oBBpNTX.exe
  2⤵
  PID:5196
- C:\Windows\System\fRvICZh.exe
  C:\Windows\System\fRvICZh.exe
  2⤵
  PID:5220
- C:\Windows\System\BRHlCLO.exe
  C:\Windows\System\BRHlCLO.exe
  2⤵
  PID:5240
- C:\Windows\System\glfASBc.exe
  C:\Windows\System\glfASBc.exe
  2⤵
  PID:5260
- C:\Windows\System\aFgPkrm.exe
  C:\Windows\System\aFgPkrm.exe
  2⤵
  PID:5284
- C:\Windows\System\npYtBpy.exe
  C:\Windows\System\npYtBpy.exe
  2⤵
  PID:5300
- C:\Windows\System\WtsRNcI.exe
  C:\Windows\System\WtsRNcI.exe
  2⤵
  PID:5320
- C:\Windows\System\ctpxHIr.exe
  C:\Windows\System\ctpxHIr.exe
  2⤵
  PID:5336
- C:\Windows\System\cfYrKdg.exe
  C:\Windows\System\cfYrKdg.exe
  2⤵
  PID:5352
- C:\Windows\System\tCyHZDM.exe
  C:\Windows\System\tCyHZDM.exe
  2⤵
  PID:5396
- C:\Windows\System\ZNQVHPV.exe
  C:\Windows\System\ZNQVHPV.exe
  2⤵
  PID:5412
- C:\Windows\System\cEfMbyg.exe
  C:\Windows\System\cEfMbyg.exe
  2⤵
  PID:5428
- C:\Windows\System\vpgUuOH.exe
  C:\Windows\System\vpgUuOH.exe
  2⤵
  PID:5444
- C:\Windows\System\QURQtEd.exe
  C:\Windows\System\QURQtEd.exe
  2⤵
  PID:5464
- C:\Windows\System\iufiedT.exe
  C:\Windows\System\iufiedT.exe
  2⤵
  PID:5492
- C:\Windows\System\nEvKEaF.exe
  C:\Windows\System\nEvKEaF.exe
  2⤵
  PID:5508
- C:\Windows\System\yKwLuxQ.exe
  C:\Windows\System\yKwLuxQ.exe
  2⤵
  PID:5524
- C:\Windows\System\kXMxNIU.exe
  C:\Windows\System\kXMxNIU.exe
  2⤵
  PID:5544
- C:\Windows\System\CIjkxuV.exe
  C:\Windows\System\CIjkxuV.exe
  2⤵
  PID:5568
- C:\Windows\System\juvKzXg.exe
  C:\Windows\System\juvKzXg.exe
  2⤵
  PID:5592
- C:\Windows\System\bdpmUNd.exe
  C:\Windows\System\bdpmUNd.exe
  2⤵
  PID:5612
- C:\Windows\System\ZQZemyb.exe
  C:\Windows\System\ZQZemyb.exe
  2⤵
  PID:5640
- C:\Windows\System\DJfwSRR.exe
  C:\Windows\System\DJfwSRR.exe
  2⤵
  PID:5660
- C:\Windows\System\jLPYeeR.exe
  C:\Windows\System\jLPYeeR.exe
  2⤵
  PID:5680
- C:\Windows\System\LVGVOyZ.exe
  C:\Windows\System\LVGVOyZ.exe
  2⤵
  PID:5704
- C:\Windows\System\tsqDBnM.exe
  C:\Windows\System\tsqDBnM.exe
  2⤵
  PID:5724
- C:\Windows\System\hcdYqJY.exe
  C:\Windows\System\hcdYqJY.exe
  2⤵
  PID:5744
- C:\Windows\System\UYLatQq.exe
  C:\Windows\System\UYLatQq.exe
  2⤵
  PID:5788
- C:\Windows\System\qliPmYN.exe
  C:\Windows\System\qliPmYN.exe
  2⤵
  PID:5804
- C:\Windows\System\bVkWQig.exe
  C:\Windows\System\bVkWQig.exe
  2⤵
  PID:5820
- C:\Windows\System\CPesUeU.exe
  C:\Windows\System\CPesUeU.exe
  2⤵
  PID:5840
- C:\Windows\System\arUrUal.exe
  C:\Windows\System\arUrUal.exe
  2⤵
  PID:5856
- C:\Windows\System\RMcWiaM.exe
  C:\Windows\System\RMcWiaM.exe
  2⤵
  PID:5872
- C:\Windows\System\TEJtzdR.exe
  C:\Windows\System\TEJtzdR.exe
  2⤵
  PID:5888
- C:\Windows\System\fpAimqp.exe
  C:\Windows\System\fpAimqp.exe
  2⤵
  PID:5904
- C:\Windows\System\nVWIXRF.exe
  C:\Windows\System\nVWIXRF.exe
  2⤵
  PID:5920
- C:\Windows\System\fzgWFUa.exe
  C:\Windows\System\fzgWFUa.exe
  2⤵
  PID:5936
- C:\Windows\System\LRpiQAS.exe
  C:\Windows\System\LRpiQAS.exe
  2⤵
  PID:5952
- C:\Windows\System\CyJJrkN.exe
  C:\Windows\System\CyJJrkN.exe
  2⤵
  PID:5968
- C:\Windows\System\HBopTLS.exe
  C:\Windows\System\HBopTLS.exe
  2⤵
  PID:5984
- C:\Windows\System\ujKwnyh.exe
  C:\Windows\System\ujKwnyh.exe
  2⤵
  PID:6000
- C:\Windows\System\fRsAMvT.exe
  C:\Windows\System\fRsAMvT.exe
  2⤵
  PID:6016
- C:\Windows\System\pUKNtxG.exe
  C:\Windows\System\pUKNtxG.exe
  2⤵
  PID:6032
- C:\Windows\System\yIbvygL.exe
  C:\Windows\System\yIbvygL.exe
  2⤵
  PID:6052
- C:\Windows\System\SmsGrkG.exe
  C:\Windows\System\SmsGrkG.exe
  2⤵
  PID:6068
- C:\Windows\System\aUqlCkh.exe
  C:\Windows\System\aUqlCkh.exe
  2⤵
  PID:6084
- C:\Windows\System\xkeXAqT.exe
  C:\Windows\System\xkeXAqT.exe
  2⤵
  PID:6104
- C:\Windows\System\PuTnXzs.exe
  C:\Windows\System\PuTnXzs.exe
  2⤵
  PID:6120
- C:\Windows\System\cgneoMC.exe
  C:\Windows\System\cgneoMC.exe
  2⤵
  PID:6140
- C:\Windows\System\ItOlpot.exe
  C:\Windows\System\ItOlpot.exe
  2⤵
  PID:4640
- C:\Windows\System\dxCCKUc.exe
  C:\Windows\System\dxCCKUc.exe
  2⤵
  PID:5172
- C:\Windows\System\wUouYgF.exe
  C:\Windows\System\wUouYgF.exe
  2⤵
  PID:5208
- C:\Windows\System\NptLdXe.exe
  C:\Windows\System\NptLdXe.exe
  2⤵
  PID:4676
- C:\Windows\System\kSvtrxc.exe
  C:\Windows\System\kSvtrxc.exe
  2⤵
  PID:5252
- C:\Windows\System\jRXlmYq.exe
  C:\Windows\System\jRXlmYq.exe
  2⤵
  PID:5296
- C:\Windows\System\tmXuhmL.exe
  C:\Windows\System\tmXuhmL.exe
  2⤵
  PID:5364
- C:\Windows\System\kSpXOiD.exe
  C:\Windows\System\kSpXOiD.exe
  2⤵
  PID:5380
- C:\Windows\System\XNouRUX.exe
  C:\Windows\System\XNouRUX.exe
  2⤵
  PID:5424
- C:\Windows\System\XGHXApt.exe
  C:\Windows\System\XGHXApt.exe
  2⤵
  PID:5500
- C:\Windows\System\zlBqkdQ.exe
  C:\Windows\System\zlBqkdQ.exe
  2⤵
  PID:5580
- C:\Windows\System\UKGUulR.exe
  C:\Windows\System\UKGUulR.exe
  2⤵
  PID:3720
- C:\Windows\System\rjERiqR.exe
  C:\Windows\System\rjERiqR.exe
  2⤵
  PID:5636
- C:\Windows\System\KMJLzCS.exe
  C:\Windows\System\KMJLzCS.exe
  2⤵
  PID:5676
- C:\Windows\System\KzvibTt.exe
  C:\Windows\System\KzvibTt.exe
  2⤵
  PID:5552
- C:\Windows\System\wqFecEB.exe
  C:\Windows\System\wqFecEB.exe
  2⤵
  PID:5756
- C:\Windows\System\gIPFnQX.exe
  C:\Windows\System\gIPFnQX.exe
  2⤵
  PID:5488
- C:\Windows\System\UcrigQg.exe
  C:\Windows\System\UcrigQg.exe
  2⤵
  PID:5268
- C:\Windows\System\pVYrUGJ.exe
  C:\Windows\System\pVYrUGJ.exe
  2⤵
  PID:5772
- C:\Windows\System\DydgxFT.exe
  C:\Windows\System\DydgxFT.exe
  2⤵
  PID:5440
- C:\Windows\System\zEVBdgq.exe
  C:\Windows\System\zEVBdgq.exe
  2⤵
  PID:5516
- C:\Windows\System\yCoOiFW.exe
  C:\Windows\System\yCoOiFW.exe
  2⤵
  PID:5608
- C:\Windows\System\LyZFjIL.exe
  C:\Windows\System\LyZFjIL.exe
  2⤵
  PID:5692
- C:\Windows\System\egkTGQQ.exe
  C:\Windows\System\egkTGQQ.exe
  2⤵
  PID:5740
- C:\Windows\System\GiLOMOY.exe
  C:\Windows\System\GiLOMOY.exe
  2⤵
  PID:5800
- C:\Windows\System\hWsiNPc.exe
  C:\Windows\System\hWsiNPc.exe
  2⤵
  PID:5848
- C:\Windows\System\BwLPgOQ.exe
  C:\Windows\System\BwLPgOQ.exe
  2⤵
  PID:5916
- C:\Windows\System\zGVhdil.exe
  C:\Windows\System\zGVhdil.exe
  2⤵
  PID:6008
- C:\Windows\System\idDkGWE.exe
  C:\Windows\System\idDkGWE.exe
  2⤵
  PID:6048
- C:\Windows\System\kuqWsog.exe
  C:\Windows\System\kuqWsog.exe
  2⤵
  PID:6112
- C:\Windows\System\zkUuQYc.exe
  C:\Windows\System\zkUuQYc.exe
  2⤵
  PID:4488
- C:\Windows\System\kptnyfB.exe
  C:\Windows\System\kptnyfB.exe
  2⤵
  PID:2900
- C:\Windows\System\jMYqDbJ.exe
  C:\Windows\System\jMYqDbJ.exe
  2⤵
  PID:5048
- C:\Windows\System\qfpuKqE.exe
  C:\Windows\System\qfpuKqE.exe
  2⤵
  PID:6060
- C:\Windows\System\RCIbQNW.exe
  C:\Windows\System\RCIbQNW.exe
  2⤵
  PID:5084
- C:\Windows\System\cdckmTK.exe
  C:\Windows\System\cdckmTK.exe
  2⤵
  PID:5132
- C:\Windows\System\mMVHxyF.exe
  C:\Windows\System\mMVHxyF.exe
  2⤵
  PID:4616
- C:\Windows\System\LHputEL.exe
  C:\Windows\System\LHputEL.exe
  2⤵
  PID:5868
- C:\Windows\System\CgYeBDO.exe
  C:\Windows\System\CgYeBDO.exe
  2⤵
  PID:5960
- C:\Windows\System\yGaKBOH.exe
  C:\Windows\System\yGaKBOH.exe
  2⤵
  PID:6028
- C:\Windows\System\IbwzWGM.exe
  C:\Windows\System\IbwzWGM.exe
  2⤵
  PID:5388
- C:\Windows\System\bxBKnuq.exe
  C:\Windows\System\bxBKnuq.exe
  2⤵
  PID:5532
- C:\Windows\System\xARhMcv.exe
  C:\Windows\System\xARhMcv.exe
  2⤵
  PID:5620
- C:\Windows\System\cAwBuYm.exe
  C:\Windows\System\cAwBuYm.exe
  2⤵
  PID:5720
- C:\Windows\System\TXqMmBi.exe
  C:\Windows\System\TXqMmBi.exe
  2⤵
  PID:5768
- C:\Windows\System\BcMzhor.exe
  C:\Windows\System\BcMzhor.exe
  2⤵
  PID:5700
- C:\Windows\System\YOKIuIw.exe
  C:\Windows\System\YOKIuIw.exe
  2⤵
  PID:5796
- C:\Windows\System\zWHScMq.exe
  C:\Windows\System\zWHScMq.exe
  2⤵
  PID:5584
- C:\Windows\System\OywQXda.exe
  C:\Windows\System\OywQXda.exe
  2⤵
  PID:5896
- C:\Windows\System\xRIFDYD.exe
  C:\Windows\System\xRIFDYD.exe
  2⤵
  PID:3952
- C:\Windows\System\BDIJWOL.exe
  C:\Windows\System\BDIJWOL.exe
  2⤵
  PID:5212
- C:\Windows\System\QppDHcA.exe
  C:\Windows\System\QppDHcA.exe
  2⤵
  PID:5236
- C:\Windows\System\bHfbZOI.exe
  C:\Windows\System\bHfbZOI.exe
  2⤵
  PID:5436
- C:\Windows\System\YOcoXLK.exe
  C:\Windows\System\YOcoXLK.exe
  2⤵
  PID:5632
- C:\Windows\System\YslDvDe.exe
  C:\Windows\System\YslDvDe.exe
  2⤵
  PID:5308
- C:\Windows\System\genhJAS.exe
  C:\Windows\System\genhJAS.exe
  2⤵
  PID:5600
- C:\Windows\System\DStjVcs.exe
  C:\Windows\System\DStjVcs.exe
  2⤵
  PID:5280
- C:\Windows\System\qXQrEIw.exe
  C:\Windows\System\qXQrEIw.exe
  2⤵
  PID:5912
- C:\Windows\System\ZUeoeRk.exe
  C:\Windows\System\ZUeoeRk.exe
  2⤵
  PID:5764
- C:\Windows\System\faHmFpX.exe
  C:\Windows\System\faHmFpX.exe
  2⤵
  PID:6136
- C:\Windows\System\bhvgrIc.exe
  C:\Windows\System\bhvgrIc.exe
  2⤵
  PID:6024
- C:\Windows\System\eBZvDze.exe
  C:\Windows\System\eBZvDze.exe
  2⤵
  PID:5604
- C:\Windows\System\SvcLHXc.exe
  C:\Windows\System\SvcLHXc.exe
  2⤵
  PID:5812
- C:\Windows\System\RaGtvfa.exe
  C:\Windows\System\RaGtvfa.exe
  2⤵
  PID:6116
- C:\Windows\System\wKMQFyd.exe
  C:\Windows\System\wKMQFyd.exe
  2⤵
  PID:5864
- C:\Windows\System\EFUWelr.exe
  C:\Windows\System\EFUWelr.exe
  2⤵
  PID:3644
- C:\Windows\System\mPeobdJ.exe
  C:\Windows\System\mPeobdJ.exe
  2⤵
  PID:5360
- C:\Windows\System\BDXUQDA.exe
  C:\Windows\System\BDXUQDA.exe
  2⤵
  PID:6044
- C:\Windows\System\uMAAQIZ.exe
  C:\Windows\System\uMAAQIZ.exe
  2⤵
  PID:3780
- C:\Windows\System\IWrqwbT.exe
  C:\Windows\System\IWrqwbT.exe
  2⤵
  PID:3900
- C:\Windows\System\SqjerkI.exe
  C:\Windows\System\SqjerkI.exe
  2⤵
  PID:5344
- C:\Windows\System\ctmhjRP.exe
  C:\Windows\System\ctmhjRP.exe
  2⤵
  PID:5928
- C:\Windows\System\SeOWCNM.exe
  C:\Windows\System\SeOWCNM.exe
  2⤵
  PID:4880
- C:\Windows\System\ZhjmzZZ.exe
  C:\Windows\System\ZhjmzZZ.exe
  2⤵
  PID:5128
- C:\Windows\System\XMXsPmq.exe
  C:\Windows\System\XMXsPmq.exe
  2⤵
  PID:5980
- C:\Windows\System\IdJMANM.exe
  C:\Windows\System\IdJMANM.exe
  2⤵
  PID:5332
- C:\Windows\System\uVWeQXH.exe
  C:\Windows\System\uVWeQXH.exe
  2⤵
  PID:5192
- C:\Windows\System\NDbyxlO.exe
  C:\Windows\System\NDbyxlO.exe
  2⤵
  PID:5564
- C:\Windows\System\wQRLdjJ.exe
  C:\Windows\System\wQRLdjJ.exe
  2⤵
  PID:3708
- C:\Windows\System\aAbZOnj.exe
  C:\Windows\System\aAbZOnj.exe
  2⤵
  PID:5408
- C:\Windows\System\QdkuRsb.exe
  C:\Windows\System\QdkuRsb.exe
  2⤵
  PID:5948
- C:\Windows\System\lReQsXO.exe
  C:\Windows\System\lReQsXO.exe
  2⤵
  PID:3728
- C:\Windows\System\LygQZSl.exe
  C:\Windows\System\LygQZSl.exe
  2⤵
  PID:3188
- C:\Windows\System\cpTITkm.exe
  C:\Windows\System\cpTITkm.exe
  2⤵
  PID:5536
- C:\Windows\System\fhYHgRH.exe
  C:\Windows\System\fhYHgRH.exe
  2⤵
  PID:6132
- C:\Windows\System\hqovFga.exe
  C:\Windows\System\hqovFga.exe
  2⤵
  PID:5628
- C:\Windows\System\egAcdBy.exe
  C:\Windows\System\egAcdBy.exe
  2⤵
  PID:5784
- C:\Windows\System\EZzdMdw.exe
  C:\Windows\System\EZzdMdw.exe
  2⤵
  PID:5376
- C:\Windows\System\mUsIqtz.exe
  C:\Windows\System\mUsIqtz.exe
  2⤵
  PID:4656
- C:\Windows\System\nwGkSpA.exe
  C:\Windows\System\nwGkSpA.exe
  2⤵
  PID:6040
- C:\Windows\System\nUprcZx.exe
  C:\Windows\System\nUprcZx.exe
  2⤵
  PID:6164
- C:\Windows\System\yBGnVgh.exe
  C:\Windows\System\yBGnVgh.exe
  2⤵
  PID:6180
- C:\Windows\System\hyjdfKb.exe
  C:\Windows\System\hyjdfKb.exe
  2⤵
  PID:6204
- C:\Windows\System\kxpqAUo.exe
  C:\Windows\System\kxpqAUo.exe
  2⤵
  PID:6224
- C:\Windows\System\xHtVBXx.exe
  C:\Windows\System\xHtVBXx.exe
  2⤵
  PID:6244
- C:\Windows\System\MwkAVwK.exe
  C:\Windows\System\MwkAVwK.exe
  2⤵
  PID:6264
- C:\Windows\System\hMxfVuQ.exe
  C:\Windows\System\hMxfVuQ.exe
  2⤵
  PID:6280
- C:\Windows\System\fmGsVlQ.exe
  C:\Windows\System\fmGsVlQ.exe
  2⤵
  PID:6308
- C:\Windows\System\QHqZdxl.exe
  C:\Windows\System\QHqZdxl.exe
  2⤵
  PID:6324
- C:\Windows\System\bYfdaOQ.exe
  C:\Windows\System\bYfdaOQ.exe
  2⤵
  PID:6344
- C:\Windows\System\IBkDwwH.exe
  C:\Windows\System\IBkDwwH.exe
  2⤵
  PID:6364
- C:\Windows\System\inAxqQA.exe
  C:\Windows\System\inAxqQA.exe
  2⤵
  PID:6380
- C:\Windows\System\YECrWRN.exe
  C:\Windows\System\YECrWRN.exe
  2⤵
  PID:6396
- C:\Windows\System\OodhAzU.exe
  C:\Windows\System\OodhAzU.exe
  2⤵
  PID:6412
- C:\Windows\System\DtieFdF.exe
  C:\Windows\System\DtieFdF.exe
  2⤵
  PID:6432
- C:\Windows\System\FLnxkJD.exe
  C:\Windows\System\FLnxkJD.exe
  2⤵
  PID:6448
- C:\Windows\System\gwKmrmR.exe
  C:\Windows\System\gwKmrmR.exe
  2⤵
  PID:6468
- C:\Windows\System\VqtyyAI.exe
  C:\Windows\System\VqtyyAI.exe
  2⤵
  PID:6484
- C:\Windows\System\kerEEfk.exe
  C:\Windows\System\kerEEfk.exe
  2⤵
  PID:6500
- C:\Windows\System\mJOGkak.exe
  C:\Windows\System\mJOGkak.exe
  2⤵
  PID:6516
- C:\Windows\System\FQsVIah.exe
  C:\Windows\System\FQsVIah.exe
  2⤵
  PID:6540
- C:\Windows\System\zsAsWMk.exe
  C:\Windows\System\zsAsWMk.exe
  2⤵
  PID:6560
- C:\Windows\System\gmPLDFa.exe
  C:\Windows\System\gmPLDFa.exe
  2⤵
  PID:6576
- C:\Windows\System\kKNCsEZ.exe
  C:\Windows\System\kKNCsEZ.exe
  2⤵
  PID:6596
- C:\Windows\System\zxAHgVu.exe
  C:\Windows\System\zxAHgVu.exe
  2⤵
  PID:6624
- C:\Windows\System\wafPyVA.exe
  C:\Windows\System\wafPyVA.exe
  2⤵
  PID:6640
- C:\Windows\System\AKPyWTn.exe
  C:\Windows\System\AKPyWTn.exe
  2⤵
  PID:6656
- C:\Windows\System\ZBGSQqN.exe
  C:\Windows\System\ZBGSQqN.exe
  2⤵
  PID:6672
- C:\Windows\System\QuPgzIc.exe
  C:\Windows\System\QuPgzIc.exe
  2⤵
  PID:6688
- C:\Windows\System\zOrrlBY.exe
  C:\Windows\System\zOrrlBY.exe
  2⤵
  PID:6704
- C:\Windows\System\XhPFieA.exe
  C:\Windows\System\XhPFieA.exe
  2⤵
  PID:6720
- C:\Windows\System\ErTKLeJ.exe
  C:\Windows\System\ErTKLeJ.exe
  2⤵
  PID:6736
- C:\Windows\System\iBHjCpw.exe
  C:\Windows\System\iBHjCpw.exe
  2⤵
  PID:6752
- C:\Windows\System\YYHwfaT.exe
  C:\Windows\System\YYHwfaT.exe
  2⤵
  PID:6768
- C:\Windows\System\UTHYzFL.exe
  C:\Windows\System\UTHYzFL.exe
  2⤵
  PID:6788
- C:\Windows\System\ztsjjGX.exe
  C:\Windows\System\ztsjjGX.exe
  2⤵
  PID:6808
- C:\Windows\System\MHtyZbn.exe
  C:\Windows\System\MHtyZbn.exe
  2⤵
  PID:6828
- C:\Windows\System\bBsVWeH.exe
  C:\Windows\System\bBsVWeH.exe
  2⤵
  PID:6848
- C:\Windows\System\QFjTeyb.exe
  C:\Windows\System\QFjTeyb.exe
  2⤵
  PID:6864
- C:\Windows\System\LIkwFBi.exe
  C:\Windows\System\LIkwFBi.exe
  2⤵
  PID:6880
- C:\Windows\System\mymfNlW.exe
  C:\Windows\System\mymfNlW.exe
  2⤵
  PID:6896
- C:\Windows\System\MvuKApj.exe
  C:\Windows\System\MvuKApj.exe
  2⤵
  PID:6912
- C:\Windows\System\UDIYZRl.exe
  C:\Windows\System\UDIYZRl.exe
  2⤵
  PID:6928
- C:\Windows\System\pWIqHjO.exe
  C:\Windows\System\pWIqHjO.exe
  2⤵
  PID:6952
- C:\Windows\System\VVGxWOq.exe
  C:\Windows\System\VVGxWOq.exe
  2⤵
  PID:6968
- C:\Windows\System\IRdBnSz.exe
  C:\Windows\System\IRdBnSz.exe
  2⤵
  PID:6992
- C:\Windows\System\shENdrP.exe
  C:\Windows\System\shENdrP.exe
  2⤵
  PID:7020
- C:\Windows\System\YizfxAV.exe
  C:\Windows\System\YizfxAV.exe
  2⤵
  PID:7036
- C:\Windows\System\UVyDZxo.exe
  C:\Windows\System\UVyDZxo.exe
  2⤵
  PID:7052
- C:\Windows\System\PeZLnaW.exe
  C:\Windows\System\PeZLnaW.exe
  2⤵
  PID:7160
- C:\Windows\System\KMmxRqN.exe
  C:\Windows\System\KMmxRqN.exe
  2⤵
  PID:6156
- C:\Windows\System\mtxVIOp.exe
  C:\Windows\System\mtxVIOp.exe
  2⤵
  PID:6196
- C:\Windows\System\lQPLcgn.exe
  C:\Windows\System\lQPLcgn.exe
  2⤵
  PID:6236
- C:\Windows\System\QWjKvBN.exe
  C:\Windows\System\QWjKvBN.exe
  2⤵
  PID:6276
- C:\Windows\System\QdwjtJq.exe
  C:\Windows\System\QdwjtJq.exe
  2⤵
  PID:4072
- C:\Windows\System\SSagktl.exe
  C:\Windows\System\SSagktl.exe
  2⤵
  PID:6356
- C:\Windows\System\iLlrlRW.exe
  C:\Windows\System\iLlrlRW.exe
  2⤵
  PID:6420
- C:\Windows\System\InJobEj.exe
  C:\Windows\System\InJobEj.exe
  2⤵
  PID:6536
- C:\Windows\System\tGdmWtH.exe
  C:\Windows\System\tGdmWtH.exe
  2⤵
  PID:6604
- C:\Windows\System\XUZjUDc.exe
  C:\Windows\System\XUZjUDc.exe
  2⤵
  PID:3932
- C:\Windows\System\DSYnMyP.exe
  C:\Windows\System\DSYnMyP.exe
  2⤵
  PID:6300
- C:\Windows\System\sUMgWFD.exe
  C:\Windows\System\sUMgWFD.exe
  2⤵
  PID:6336
- C:\Windows\System\GFCOghT.exe
  C:\Windows\System\GFCOghT.exe
  2⤵
  PID:6376
- C:\Windows\System\tKjcWvI.exe
  C:\Windows\System\tKjcWvI.exe
  2⤵
  PID:6652
- C:\Windows\System\mqplXOe.exe
  C:\Windows\System\mqplXOe.exe
  2⤵
  PID:6684
- C:\Windows\System\pjcfHlI.exe
  C:\Windows\System\pjcfHlI.exe
  2⤵
  PID:6816
- C:\Windows\System\ZIucDBK.exe
  C:\Windows\System\ZIucDBK.exe
  2⤵
  PID:6860
- C:\Windows\System\FOlSgQa.exe
  C:\Windows\System\FOlSgQa.exe
  2⤵
  PID:6960
- C:\Windows\System\boWtoiU.exe
  C:\Windows\System\boWtoiU.exe
  2⤵
  PID:7012
- C:\Windows\System\sjoobUj.exe
  C:\Windows\System\sjoobUj.exe
  2⤵
  PID:6508
- C:\Windows\System\KGqDNiN.exe
  C:\Windows\System\KGqDNiN.exe
  2⤵
  PID:6636
- C:\Windows\System\kiJUcKf.exe
  C:\Windows\System\kiJUcKf.exe
  2⤵
  PID:6796
- C:\Windows\System\pQPWlkg.exe
  C:\Windows\System\pQPWlkg.exe
  2⤵
  PID:6988
- C:\Windows\System\mtBCfCV.exe
  C:\Windows\System\mtBCfCV.exe
  2⤵
  PID:6584
- C:\Windows\System\DmAjikm.exe
  C:\Windows\System\DmAjikm.exe
  2⤵
  PID:6728
- C:\Windows\System\UmyyTAS.exe
  C:\Windows\System\UmyyTAS.exe
  2⤵
  PID:6804
- C:\Windows\System\GKkIXPi.exe
  C:\Windows\System\GKkIXPi.exe
  2⤵
  PID:6476
- C:\Windows\System\rCFOJcm.exe
  C:\Windows\System\rCFOJcm.exe
  2⤵
  PID:7156
- C:\Windows\System\xKBtAJy.exe
  C:\Windows\System\xKBtAJy.exe
  2⤵
  PID:6936
- C:\Windows\System\lFrCcHB.exe
  C:\Windows\System\lFrCcHB.exe
  2⤵
  PID:7140
- C:\Windows\System\HUYghHj.exe
  C:\Windows\System\HUYghHj.exe
  2⤵
  PID:7152
- C:\Windows\System\ZznmchR.exe
  C:\Windows\System\ZznmchR.exe
  2⤵
  PID:7080
- C:\Windows\System\TpmZwsC.exe
  C:\Windows\System\TpmZwsC.exe
  2⤵
  PID:7104
- C:\Windows\System\bgElYRk.exe
  C:\Windows\System\bgElYRk.exe
  2⤵
  PID:6272
- C:\Windows\System\GZelkJf.exe
  C:\Windows\System\GZelkJf.exe
  2⤵
  PID:5372
- C:\Windows\System\QrDYbci.exe
  C:\Windows\System\QrDYbci.exe
  2⤵
  PID:6608
- C:\Windows\System\lqBVduD.exe
  C:\Windows\System\lqBVduD.exe
  2⤵
  PID:6220
- C:\Windows\System\APtJvbY.exe
  C:\Windows\System\APtJvbY.exe
  2⤵
  PID:6496
- C:\Windows\System\jpqeOHJ.exe
  C:\Windows\System\jpqeOHJ.exe
  2⤵
  PID:6616
- C:\Windows\System\PtdXaPz.exe
  C:\Windows\System\PtdXaPz.exe
  2⤵
  PID:6332
- C:\Windows\System\GdNGZaF.exe
  C:\Windows\System\GdNGZaF.exe
  2⤵
  PID:5964
- C:\Windows\System\BHlEela.exe
  C:\Windows\System\BHlEela.exe
  2⤵
  PID:6408
- C:\Windows\System\DfJJxKU.exe
  C:\Windows\System\DfJJxKU.exe
  2⤵
  PID:6776
- C:\Windows\System\THZrMYi.exe
  C:\Windows\System\THZrMYi.exe
  2⤵
  PID:6892
- C:\Windows\System\ekkTJQJ.exe
  C:\Windows\System\ekkTJQJ.exe
  2⤵
  PID:6588
- C:\Windows\System\vQNKkjz.exe
  C:\Windows\System\vQNKkjz.exe
  2⤵
  PID:6700
- C:\Windows\System\wfesUsF.exe
  C:\Windows\System\wfesUsF.exe
  2⤵
  PID:6872
- C:\Windows\System\oiaXrUM.exe
  C:\Windows\System\oiaXrUM.exe
  2⤵
  PID:6512
- C:\Windows\System\bFIOCGv.exe
  C:\Windows\System\bFIOCGv.exe
  2⤵
  PID:7048
- C:\Windows\System\ScDDTwa.exe
  C:\Windows\System\ScDDTwa.exe
  2⤵
  PID:6696
- C:\Windows\System\qRiNoJT.exe
  C:\Windows\System\qRiNoJT.exe
  2⤵
  PID:6548
- C:\Windows\System\XpszjyV.exe
  C:\Windows\System\XpszjyV.exe
  2⤵
  PID:7096
- C:\Windows\System\XjSVoun.exe
  C:\Windows\System\XjSVoun.exe
  2⤵
  PID:7072
- C:\Windows\System\HxaLDsC.exe
  C:\Windows\System\HxaLDsC.exe
  2⤵
  PID:5188
- C:\Windows\System\rBTMHoi.exe
  C:\Windows\System\rBTMHoi.exe
  2⤵
  PID:3836
- C:\Windows\System\eudWNKt.exe
  C:\Windows\System\eudWNKt.exe
  2⤵
  PID:4004
- C:\Windows\System\QHZFgBO.exe
  C:\Windows\System\QHZFgBO.exe
  2⤵
  PID:6296
- C:\Windows\System\RAYKPIw.exe
  C:\Windows\System\RAYKPIw.exe
  2⤵
  PID:6532
- C:\Windows\System\AHiQyIy.exe
  C:\Windows\System\AHiQyIy.exe
  2⤵
  PID:6372
- C:\Windows\System\maffyWP.exe
  C:\Windows\System\maffyWP.exe
  2⤵
  PID:7008
- C:\Windows\System\ijvcFlg.exe
  C:\Windows\System\ijvcFlg.exe
  2⤵
  PID:6764
- C:\Windows\System\wiAhrxw.exe
  C:\Windows\System\wiAhrxw.exe
  2⤵
  PID:7060
- C:\Windows\System\dmkMTvG.exe
  C:\Windows\System\dmkMTvG.exe
  2⤵
  PID:5836
- C:\Windows\System\oaAZrfy.exe
  C:\Windows\System\oaAZrfy.exe
  2⤵
  PID:7076
- C:\Windows\System\vIkVVZf.exe
  C:\Windows\System\vIkVVZf.exe
  2⤵
  PID:7184
- C:\Windows\System\KdDQsnB.exe
  C:\Windows\System\KdDQsnB.exe
  2⤵
  PID:7200
- C:\Windows\System\xWVfUST.exe
  C:\Windows\System\xWVfUST.exe
  2⤵
  PID:7216
- C:\Windows\System\DBJEohz.exe
  C:\Windows\System\DBJEohz.exe
  2⤵
  PID:7232
- C:\Windows\System\zslTBWD.exe
  C:\Windows\System\zslTBWD.exe
  2⤵
  PID:7248
- C:\Windows\System\RPZabdf.exe
  C:\Windows\System\RPZabdf.exe
  2⤵
  PID:7264
- C:\Windows\System\KQUMEyu.exe
  C:\Windows\System\KQUMEyu.exe
  2⤵
  PID:7284
- C:\Windows\System\DMjMHkf.exe
  C:\Windows\System\DMjMHkf.exe
  2⤵
  PID:7300
- C:\Windows\System\AsEfzwE.exe
  C:\Windows\System\AsEfzwE.exe
  2⤵
  PID:7320
- C:\Windows\System\VBZWFPk.exe
  C:\Windows\System\VBZWFPk.exe
  2⤵
  PID:7336
- C:\Windows\System\kOUOVYm.exe
  C:\Windows\System\kOUOVYm.exe
  2⤵
  PID:7360
- C:\Windows\System\BTHZbcz.exe
  C:\Windows\System\BTHZbcz.exe
  2⤵
  PID:7380
- C:\Windows\System\cBTcLWa.exe
  C:\Windows\System\cBTcLWa.exe
  2⤵
  PID:7396
- C:\Windows\System\sBGtVWX.exe
  C:\Windows\System\sBGtVWX.exe
  2⤵
  PID:7412
- C:\Windows\System\ewPwxOX.exe
  C:\Windows\System\ewPwxOX.exe
  2⤵
  PID:7432
- C:\Windows\System\rwmIJYo.exe
  C:\Windows\System\rwmIJYo.exe
  2⤵
  PID:7452
- C:\Windows\System\urWZqTZ.exe
  C:\Windows\System\urWZqTZ.exe
  2⤵
  PID:7468
- C:\Windows\System\oOsqhSK.exe
  C:\Windows\System\oOsqhSK.exe
  2⤵
  PID:7488
- C:\Windows\System\UQXonty.exe
  C:\Windows\System\UQXonty.exe
  2⤵
  PID:7504
- C:\Windows\System\urnEoKE.exe
  C:\Windows\System\urnEoKE.exe
  2⤵
  PID:7520
- C:\Windows\System\TUXjxaQ.exe
  C:\Windows\System\TUXjxaQ.exe
  2⤵
  PID:7540
- C:\Windows\System\fzDmGOP.exe
  C:\Windows\System\fzDmGOP.exe
  2⤵
  PID:7568
- C:\Windows\System\miKADCG.exe
  C:\Windows\System\miKADCG.exe
  2⤵
  PID:7592
- C:\Windows\System\AOczsWM.exe
  C:\Windows\System\AOczsWM.exe
  2⤵
  PID:7716
- C:\Windows\System\vYjiXYk.exe
  C:\Windows\System\vYjiXYk.exe
  2⤵
  PID:7736
- C:\Windows\System\GgNcCJv.exe
  C:\Windows\System\GgNcCJv.exe
  2⤵
  PID:7752
- C:\Windows\System\yvOFJuC.exe
  C:\Windows\System\yvOFJuC.exe
  2⤵
  PID:7772
- C:\Windows\System\thXMCPA.exe
  C:\Windows\System\thXMCPA.exe
  2⤵
  PID:7792
- C:\Windows\System\ahzYhGI.exe
  C:\Windows\System\ahzYhGI.exe
  2⤵
  PID:7812
- C:\Windows\System\yYBhjEL.exe
  C:\Windows\System\yYBhjEL.exe
  2⤵
  PID:7832
- C:\Windows\System\fhhAODZ.exe
  C:\Windows\System\fhhAODZ.exe
  2⤵
  PID:7852
- C:\Windows\System\JeRnmfA.exe
  C:\Windows\System\JeRnmfA.exe
  2⤵
  PID:7868
- C:\Windows\System\SVQsgsh.exe
  C:\Windows\System\SVQsgsh.exe
  2⤵
  PID:7884
- C:\Windows\System\PeCzMIN.exe
  C:\Windows\System\PeCzMIN.exe
  2⤵
  PID:7900
- C:\Windows\System\WRohRZY.exe
  C:\Windows\System\WRohRZY.exe
  2⤵
  PID:7920
- C:\Windows\System\SWtFTNw.exe
  C:\Windows\System\SWtFTNw.exe
  2⤵
  PID:7948
- C:\Windows\System\Rbwnwsr.exe
  C:\Windows\System\Rbwnwsr.exe
  2⤵
  PID:7964
- C:\Windows\System\lJihCFX.exe
  C:\Windows\System\lJihCFX.exe
  2⤵
  PID:7980
- C:\Windows\System\kpHoTTv.exe
  C:\Windows\System\kpHoTTv.exe
  2⤵
  PID:8000
- C:\Windows\System\CnjyvRb.exe
  C:\Windows\System\CnjyvRb.exe
  2⤵
  PID:8020
- C:\Windows\System\uSacUcg.exe
  C:\Windows\System\uSacUcg.exe
  2⤵
  PID:8044
- C:\Windows\System\MrLBBdZ.exe
  C:\Windows\System\MrLBBdZ.exe
  2⤵
  PID:8068
- C:\Windows\System\arvqAIC.exe
  C:\Windows\System\arvqAIC.exe
  2⤵
  PID:8084
- C:\Windows\System\RIBlXes.exe
  C:\Windows\System\RIBlXes.exe
  2⤵
  PID:8100
- C:\Windows\System\MpOFdHh.exe
  C:\Windows\System\MpOFdHh.exe
  2⤵
  PID:8124
- C:\Windows\System\LNZdhah.exe
  C:\Windows\System\LNZdhah.exe
  2⤵
  PID:8148
- C:\Windows\System\eVAeSdm.exe
  C:\Windows\System\eVAeSdm.exe
  2⤵
  PID:8180
- C:\Windows\System\gVWlUbH.exe
  C:\Windows\System\gVWlUbH.exe
  2⤵
  PID:6824
- C:\Windows\System\HsstVJW.exe
  C:\Windows\System\HsstVJW.exe
  2⤵
  PID:7180
- C:\Windows\System\JtridEn.exe
  C:\Windows\System\JtridEn.exe
  2⤵
  PID:6572
- C:\Windows\System\GqbMlXF.exe
  C:\Windows\System\GqbMlXF.exe
  2⤵
  PID:6844
- C:\Windows\System\LayDoOK.exe
  C:\Windows\System\LayDoOK.exe
  2⤵
  PID:7116
- C:\Windows\System\VUJecnl.exe
  C:\Windows\System\VUJecnl.exe
  2⤵
  PID:6944
- C:\Windows\System\FOPPxZR.exe
  C:\Windows\System\FOPPxZR.exe
  2⤵
  PID:7124
- C:\Windows\System\lRvbPhv.exe
  C:\Windows\System\lRvbPhv.exe
  2⤵
  PID:7240
- C:\Windows\System\LosXIhx.exe
  C:\Windows\System\LosXIhx.exe
  2⤵
  PID:7312
- C:\Windows\System\tfphfsy.exe
  C:\Windows\System\tfphfsy.exe
  2⤵
  PID:7352
- C:\Windows\System\wdZRBdk.exe
  C:\Windows\System\wdZRBdk.exe
  2⤵
  PID:7420
- C:\Windows\System\nXWnvUN.exe
  C:\Windows\System\nXWnvUN.exe
  2⤵
  PID:7532
- C:\Windows\System\sQWeREH.exe
  C:\Windows\System\sQWeREH.exe
  2⤵
  PID:7588
- C:\Windows\System\KQeuqwk.exe
  C:\Windows\System\KQeuqwk.exe
  2⤵
  PID:6948
- C:\Windows\System\usjcHlg.exe
  C:\Windows\System\usjcHlg.exe
  2⤵
  PID:7484
- C:\Windows\System\MHEzvMI.exe
  C:\Windows\System\MHEzvMI.exe
  2⤵
  PID:7000
- C:\Windows\System\tEQTIdY.exe
  C:\Windows\System\tEQTIdY.exe
  2⤵
  PID:7196
- C:\Windows\System\twYeZtm.exe
  C:\Windows\System\twYeZtm.exe
  2⤵
  PID:7332
- C:\Windows\System\mMiKNcg.exe
  C:\Windows\System\mMiKNcg.exe
  2⤵
  PID:7724
- C:\Windows\System\wGHDugF.exe
  C:\Windows\System\wGHDugF.exe
  2⤵
  PID:7728
- C:\Windows\System\odqozIt.exe
  C:\Windows\System\odqozIt.exe
  2⤵
  PID:7256
- C:\Windows\System\otmCnYB.exe
  C:\Windows\System\otmCnYB.exe
  2⤵
  PID:7444
- C:\Windows\System\NNWlugK.exe
  C:\Windows\System\NNWlugK.exe
  2⤵
  PID:7516
- C:\Windows\System\cjGWGOr.exe
  C:\Windows\System\cjGWGOr.exe
  2⤵
  PID:7632
- C:\Windows\System\hrdHpEs.exe
  C:\Windows\System\hrdHpEs.exe
  2⤵
  PID:7668
- C:\Windows\System\UGxuMBt.exe
  C:\Windows\System\UGxuMBt.exe
  2⤵
  PID:7688
- C:\Windows\System\OhKSiHm.exe
  C:\Windows\System\OhKSiHm.exe
  2⤵
  PID:7704
- C:\Windows\System\kNgNOWH.exe
  C:\Windows\System\kNgNOWH.exe
  2⤵
  PID:7748
- C:\Windows\System\LSQzvVj.exe
  C:\Windows\System\LSQzvVj.exe
  2⤵
  PID:7800
- C:\Windows\System\FfBBfXr.exe
  C:\Windows\System\FfBBfXr.exe
  2⤵
  PID:7848
- C:\Windows\System\lVWUMBv.exe
  C:\Windows\System\lVWUMBv.exe
  2⤵
  PID:7908
- C:\Windows\System\oXEtrUU.exe
  C:\Windows\System\oXEtrUU.exe
  2⤵
  PID:7860
- C:\Windows\System\LjYwFTe.exe
  C:\Windows\System\LjYwFTe.exe
  2⤵
  PID:7992
- C:\Windows\System\xytfIvB.exe
  C:\Windows\System\xytfIvB.exe
  2⤵
  PID:7784
- C:\Windows\System\KtQNYLJ.exe
  C:\Windows\System\KtQNYLJ.exe
  2⤵
  PID:8108
- C:\Windows\System\YGhmQCZ.exe
  C:\Windows\System\YGhmQCZ.exe
  2⤵
  PID:7824
- C:\Windows\System\ZMAbQuO.exe
  C:\Windows\System\ZMAbQuO.exe
  2⤵
  PID:7896
- C:\Windows\System\WHkjHna.exe
  C:\Windows\System\WHkjHna.exe
  2⤵
  PID:8156
- C:\Windows\System\TxCKrVa.exe
  C:\Windows\System\TxCKrVa.exe
  2⤵
  PID:8052
- C:\Windows\System\FAjLxHR.exe
  C:\Windows\System\FAjLxHR.exe
  2⤵
  PID:8096
- C:\Windows\System\FIDzDzx.exe
  C:\Windows\System\FIDzDzx.exe
  2⤵
  PID:8064
- C:\Windows\System\snMyrKj.exe
  C:\Windows\System\snMyrKj.exe
  2⤵
  PID:8168
- C:\Windows\System\WgkNOTG.exe
  C:\Windows\System\WgkNOTG.exe
  2⤵
  PID:780
- C:\Windows\System\OTkNFmL.exe
  C:\Windows\System\OTkNFmL.exe
  2⤵
  PID:6920
- C:\Windows\System\olAAeFS.exe
  C:\Windows\System\olAAeFS.exe
  2⤵
  PID:6924
- C:\Windows\System\qvGGSMo.exe
  C:\Windows\System\qvGGSMo.exe
  2⤵
  PID:6648
- C:\Windows\System\wwRuZfZ.exe
  C:\Windows\System\wwRuZfZ.exe
  2⤵
  PID:7092
- C:\Windows\System\NjsdyNb.exe
  C:\Windows\System\NjsdyNb.exe
  2⤵
  PID:7428
- C:\Windows\System\DwijqBN.exe
  C:\Windows\System\DwijqBN.exe
  2⤵
  PID:7528
- C:\Windows\System\TJjgXyf.exe
  C:\Windows\System\TJjgXyf.exe
  2⤵
  PID:6800
- C:\Windows\System\yaJFeMt.exe
  C:\Windows\System\yaJFeMt.exe
  2⤵
  PID:6256
- C:\Windows\System\BLeYXmX.exe
  C:\Windows\System\BLeYXmX.exe
  2⤵
  PID:7308
- C:\Windows\System\FeAwumG.exe
  C:\Windows\System\FeAwumG.exe
  2⤵
  PID:7680
- C:\Windows\System\YMnUcet.exe
  C:\Windows\System\YMnUcet.exe
  2⤵
  PID:7708
- C:\Windows\System\XAOzzRx.exe
  C:\Windows\System\XAOzzRx.exe
  2⤵
  PID:7604
- C:\Windows\System\iSJKuTG.exe
  C:\Windows\System\iSJKuTG.exe
  2⤵
  PID:7956
- C:\Windows\System\csZOFYi.exe
  C:\Windows\System\csZOFYi.exe
  2⤵
  PID:7512
- C:\Windows\System\mSEAKRG.exe
  C:\Windows\System\mSEAKRG.exe
  2⤵
  PID:7760
- C:\Windows\System\GmKvNGD.exe
  C:\Windows\System\GmKvNGD.exe
  2⤵
  PID:8032
- C:\Windows\System\flZKEXW.exe
  C:\Windows\System\flZKEXW.exe
  2⤵
  PID:8120
- C:\Windows\System\vibklme.exe
  C:\Windows\System\vibklme.exe
  2⤵
  PID:8012
- C:\Windows\System\xkQGaOX.exe
  C:\Windows\System\xkQGaOX.exe
  2⤵
  PID:6552
- C:\Windows\System\MHjpFUb.exe
  C:\Windows\System\MHjpFUb.exe
  2⤵
  PID:7344
- C:\Windows\System\mczyLhf.exe
  C:\Windows\System\mczyLhf.exe
  2⤵
  PID:3700
- C:\Windows\System\iceTWCZ.exe
  C:\Windows\System\iceTWCZ.exe
  2⤵
  PID:8144
- C:\Windows\System\owWuzeW.exe
  C:\Windows\System\owWuzeW.exe
  2⤵
  PID:8008
- C:\Windows\System\nJyZdYS.exe
  C:\Windows\System\nJyZdYS.exe
  2⤵
  PID:7424
- C:\Windows\System\iuUjaxi.exe
  C:\Windows\System\iuUjaxi.exe
  2⤵
  PID:7276
- C:\Windows\System\IrGIEwz.exe
  C:\Windows\System\IrGIEwz.exe
  2⤵
  PID:7148
- C:\Windows\System\SDYEoEe.exe
  C:\Windows\System\SDYEoEe.exe
  2⤵
  PID:7560
- C:\Windows\System\joRmhtJ.exe
  C:\Windows\System\joRmhtJ.exe
  2⤵
  PID:7616
- C:\Windows\System\xuxPbJg.exe
  C:\Windows\System\xuxPbJg.exe
  2⤵
  PID:7552
- C:\Windows\System\cAjzrgX.exe
  C:\Windows\System\cAjzrgX.exe
  2⤵
  PID:7696
- C:\Windows\System\PMnSNNj.exe
  C:\Windows\System\PMnSNNj.exe
  2⤵
  PID:7764
- C:\Windows\System\OhCErrl.exe
  C:\Windows\System\OhCErrl.exe
  2⤵
  PID:8116
- C:\Windows\System\YyKNdIt.exe
  C:\Windows\System\YyKNdIt.exe
  2⤵
  PID:7700
- C:\Windows\System\cFweiRT.exe
  C:\Windows\System\cFweiRT.exe
  2⤵
  PID:7936
- C:\Windows\System\erxUZsJ.exe
  C:\Windows\System\erxUZsJ.exe
  2⤵
  PID:7944
- C:\Windows\System\YOwqvfc.exe
  C:\Windows\System\YOwqvfc.exe
  2⤵
  PID:7892
- C:\Windows\System\FlqDHIm.exe
  C:\Windows\System\FlqDHIm.exe
  2⤵
  PID:7044
- C:\Windows\System\lKUpPHk.exe
  C:\Windows\System\lKUpPHk.exe
  2⤵
  PID:7440
- C:\Windows\System\gZPyDYE.exe
  C:\Windows\System\gZPyDYE.exe
  2⤵
  PID:7820
- C:\Windows\System\gygAcWR.exe
  C:\Windows\System\gygAcWR.exe
  2⤵
  PID:8080
- C:\Windows\System\jmmSsHJ.exe
  C:\Windows\System\jmmSsHJ.exe
  2⤵
  PID:8172
- C:\Windows\System\iVlGmOc.exe
  C:\Windows\System\iVlGmOc.exe
  2⤵
  PID:7652
- C:\Windows\System\FxbGVaS.exe
  C:\Windows\System\FxbGVaS.exe
  2⤵
  PID:7644
- C:\Windows\System\VEwtDtx.exe
  C:\Windows\System\VEwtDtx.exe
  2⤵
  PID:7476
- C:\Windows\System\iONyXRg.exe
  C:\Windows\System\iONyXRg.exe
  2⤵
  PID:8140
- C:\Windows\System\elbmfus.exe
  C:\Windows\System\elbmfus.exe
  2⤵
  PID:7660
- C:\Windows\System\xldOrhl.exe
  C:\Windows\System\xldOrhl.exe
  2⤵
  PID:7664
- C:\Windows\System\ZrzodQf.exe
  C:\Windows\System\ZrzodQf.exe
  2⤵
  PID:7392
- C:\Windows\System\rOYvQSq.exe
  C:\Windows\System\rOYvQSq.exe
  2⤵
  PID:8188
- C:\Windows\System\OuPzHNM.exe
  C:\Windows\System\OuPzHNM.exe
  2⤵
  PID:8136
- C:\Windows\System\iAHeBZB.exe
  C:\Windows\System\iAHeBZB.exe
  2⤵
  PID:7408
- C:\Windows\System\nVRhdKv.exe
  C:\Windows\System\nVRhdKv.exe
  2⤵
  PID:6188
- C:\Windows\System\aGWUXFF.exe
  C:\Windows\System\aGWUXFF.exe
  2⤵
  PID:7296
- C:\Windows\System\LdivRSz.exe
  C:\Windows\System\LdivRSz.exe
  2⤵
  PID:8200
- C:\Windows\System\AKibFuk.exe
  C:\Windows\System\AKibFuk.exe
  2⤵
  PID:8232
- C:\Windows\System\vGHPQOt.exe
  C:\Windows\System\vGHPQOt.exe
  2⤵
  PID:8248
- C:\Windows\System\vPOBGnj.exe
  C:\Windows\System\vPOBGnj.exe
  2⤵
  PID:8264
- C:\Windows\System\hmjnPCb.exe
  C:\Windows\System\hmjnPCb.exe
  2⤵
  PID:8280
- C:\Windows\System\NGxmKVF.exe
  C:\Windows\System\NGxmKVF.exe
  2⤵
  PID:8296
- C:\Windows\System\ELHjrOi.exe
  C:\Windows\System\ELHjrOi.exe
  2⤵
  PID:8312
- C:\Windows\System\pXGgeSA.exe
  C:\Windows\System\pXGgeSA.exe
  2⤵
  PID:8356
- C:\Windows\System\tarrnMk.exe
  C:\Windows\System\tarrnMk.exe
  2⤵
  PID:8376
- C:\Windows\System\fWrIjGi.exe
  C:\Windows\System\fWrIjGi.exe
  2⤵
  PID:8392
- C:\Windows\System\qHXyPNb.exe
  C:\Windows\System\qHXyPNb.exe
  2⤵
  PID:8408
- C:\Windows\System\RBWBCOz.exe
  C:\Windows\System\RBWBCOz.exe
  2⤵
  PID:8424
- C:\Windows\System\hBDhZFs.exe
  C:\Windows\System\hBDhZFs.exe
  2⤵
  PID:8448
- C:\Windows\System\eYNEhOW.exe
  C:\Windows\System\eYNEhOW.exe
  2⤵
  PID:8476
- C:\Windows\System\HIsoWdz.exe
  C:\Windows\System\HIsoWdz.exe
  2⤵
  PID:8504
- C:\Windows\System\oGhAqld.exe
  C:\Windows\System\oGhAqld.exe
  2⤵
  PID:8524
- C:\Windows\System\dlMKnoM.exe
  C:\Windows\System\dlMKnoM.exe
  2⤵
  PID:8540
- C:\Windows\System\FSYHNuu.exe
  C:\Windows\System\FSYHNuu.exe
  2⤵
  PID:8556
- C:\Windows\System\UFoyVgn.exe
  C:\Windows\System\UFoyVgn.exe
  2⤵
  PID:8576
- C:\Windows\System\WTJYSDN.exe
  C:\Windows\System\WTJYSDN.exe
  2⤵
  PID:8596
- C:\Windows\System\yqCoIJR.exe
  C:\Windows\System\yqCoIJR.exe
  2⤵
  PID:8616
- C:\Windows\System\nniyNpR.exe
  C:\Windows\System\nniyNpR.exe
  2⤵
  PID:8652
- C:\Windows\System\PXsvIUk.exe
  C:\Windows\System\PXsvIUk.exe
  2⤵
  PID:8668
- C:\Windows\System\pDyrZkV.exe
  C:\Windows\System\pDyrZkV.exe
  2⤵
  PID:8688
- C:\Windows\System\MvjcoYy.exe
  C:\Windows\System\MvjcoYy.exe
  2⤵
  PID:8708
- C:\Windows\System\coApXIl.exe
  C:\Windows\System\coApXIl.exe
  2⤵
  PID:8724
- C:\Windows\System\XfJfqzK.exe
  C:\Windows\System\XfJfqzK.exe
  2⤵
  PID:8740
- C:\Windows\System\YGbyJmU.exe
  C:\Windows\System\YGbyJmU.exe
  2⤵
  PID:8756
- C:\Windows\System\LUrhVxQ.exe
  C:\Windows\System\LUrhVxQ.exe
  2⤵
  PID:8780
- C:\Windows\System\BaizgDT.exe
  C:\Windows\System\BaizgDT.exe
  2⤵
  PID:8796
- C:\Windows\System\iSPWwMt.exe
  C:\Windows\System\iSPWwMt.exe
  2⤵
  PID:8812
- C:\Windows\System\nIVHPTB.exe
  C:\Windows\System\nIVHPTB.exe
  2⤵
  PID:8828
- C:\Windows\System\TJaYtqR.exe
  C:\Windows\System\TJaYtqR.exe
  2⤵
  PID:8844
- C:\Windows\System\KwmxHXd.exe
  C:\Windows\System\KwmxHXd.exe
  2⤵
  PID:8860
- C:\Windows\System\QIGPRFw.exe
  C:\Windows\System\QIGPRFw.exe
  2⤵
  PID:8880
- C:\Windows\System\csqdQJB.exe
  C:\Windows\System\csqdQJB.exe
  2⤵
  PID:8896
- C:\Windows\System\PpsLTIV.exe
  C:\Windows\System\PpsLTIV.exe
  2⤵
  PID:8960
- C:\Windows\System\SprpSKI.exe
  C:\Windows\System\SprpSKI.exe
  2⤵
  PID:8980
- C:\Windows\System\nytKtId.exe
  C:\Windows\System\nytKtId.exe
  2⤵
  PID:8996
- C:\Windows\System\FMqFJrV.exe
  C:\Windows\System\FMqFJrV.exe
  2⤵
  PID:9012
- C:\Windows\System\bPGqUEQ.exe
  C:\Windows\System\bPGqUEQ.exe
  2⤵
  PID:9036
- C:\Windows\System\RNPkGBg.exe
  C:\Windows\System\RNPkGBg.exe
  2⤵
  PID:9052
- C:\Windows\System\PHnbzFB.exe
  C:\Windows\System\PHnbzFB.exe
  2⤵
  PID:9076
- C:\Windows\System\MrLeQQc.exe
  C:\Windows\System\MrLeQQc.exe
  2⤵
  PID:9092
- C:\Windows\System\FwApzhn.exe
  C:\Windows\System\FwApzhn.exe
  2⤵
  PID:9108
- C:\Windows\System\FhTewwM.exe
  C:\Windows\System\FhTewwM.exe
  2⤵
  PID:9132
- C:\Windows\System\gEoEWAA.exe
  C:\Windows\System\gEoEWAA.exe
  2⤵
  PID:9152
- C:\Windows\System\ioGxyGp.exe
  C:\Windows\System\ioGxyGp.exe
  2⤵
  PID:9168
- C:\Windows\System\phoqiOy.exe
  C:\Windows\System\phoqiOy.exe
  2⤵
  PID:9204
- C:\Windows\System\tuXDxuD.exe
  C:\Windows\System\tuXDxuD.exe
  2⤵
  PID:8208
- C:\Windows\System\marpThU.exe
  C:\Windows\System\marpThU.exe
  2⤵
  PID:7376
- C:\Windows\System\cUcBcaP.exe
  C:\Windows\System\cUcBcaP.exe
  2⤵
  PID:8220
- C:\Windows\System\VOhZAyi.exe
  C:\Windows\System\VOhZAyi.exe
  2⤵
  PID:8260
- C:\Windows\System\FXYUpuR.exe
  C:\Windows\System\FXYUpuR.exe
  2⤵
  PID:8320
- C:\Windows\System\LkmgLqs.exe
  C:\Windows\System\LkmgLqs.exe
  2⤵
  PID:8308
- C:\Windows\System\uJnnsql.exe
  C:\Windows\System\uJnnsql.exe
  2⤵
  PID:8344
- C:\Windows\System\jdxkHjh.exe
  C:\Windows\System\jdxkHjh.exe
  2⤵
  PID:8372
- C:\Windows\System\fBKkeLy.exe
  C:\Windows\System\fBKkeLy.exe
  2⤵
  PID:8416
- C:\Windows\System\wUAnBSh.exe
  C:\Windows\System\wUAnBSh.exe
  2⤵
  PID:8404
- C:\Windows\System\FLdUMZb.exe
  C:\Windows\System\FLdUMZb.exe
  2⤵
  PID:8468
- C:\Windows\System\SrUNVDg.exe
  C:\Windows\System\SrUNVDg.exe
  2⤵
  PID:8496
- C:\Windows\System\VQlLYbG.exe
  C:\Windows\System\VQlLYbG.exe
  2⤵
  PID:8552
- C:\Windows\System\eemrGWE.exe
  C:\Windows\System\eemrGWE.exe
  2⤵
  PID:8536
- C:\Windows\System\RKnkbJS.exe
  C:\Windows\System\RKnkbJS.exe
  2⤵
  PID:8624
- C:\Windows\System\qFgXrem.exe
  C:\Windows\System\qFgXrem.exe
  2⤵
  PID:8636
- C:\Windows\System\tWRUpgk.exe
  C:\Windows\System\tWRUpgk.exe
  2⤵
  PID:8660
- C:\Windows\System\IaLBoFv.exe
  C:\Windows\System\IaLBoFv.exe
  2⤵
  PID:8696
- C:\Windows\System\NTIuVYH.exe
  C:\Windows\System\NTIuVYH.exe
  2⤵
  PID:8720
- C:\Windows\System\KYBFWMV.exe
  C:\Windows\System\KYBFWMV.exe
  2⤵
  PID:8824
- C:\Windows\System\zDedGrz.exe
  C:\Windows\System\zDedGrz.exe
  2⤵
  PID:8892
- C:\Windows\System\nBXimSi.exe
  C:\Windows\System\nBXimSi.exe
  2⤵
  PID:8868
- C:\Windows\System\JbXnLcz.exe
  C:\Windows\System\JbXnLcz.exe
  2⤵
  PID:8732
- C:\Windows\System\geemUqh.exe
  C:\Windows\System\geemUqh.exe
  2⤵
  PID:8924
- C:\Windows\System\WyUrhBx.exe
  C:\Windows\System\WyUrhBx.exe
  2⤵
  PID:8944
- C:\Windows\System\gUqqCcK.exe
  C:\Windows\System\gUqqCcK.exe
  2⤵
  PID:8972
- C:\Windows\System\PRAlMHp.exe
  C:\Windows\System\PRAlMHp.exe
  2⤵
  PID:9008
- C:\Windows\System\aabwnMz.exe
  C:\Windows\System\aabwnMz.exe
  2⤵
  PID:9032
- C:\Windows\System\UXgKdkT.exe
  C:\Windows\System\UXgKdkT.exe
  2⤵
  PID:9068
- C:\Windows\System\fZgzqdJ.exe
  C:\Windows\System\fZgzqdJ.exe
  2⤵
  PID:9128
- C:\Windows\System\PxxdwFI.exe
  C:\Windows\System\PxxdwFI.exe
  2⤵
  PID:9160
- C:\Windows\System\yIbppTl.exe
  C:\Windows\System\yIbppTl.exe
  2⤵
  PID:9180
- C:\Windows\System\wQwOKZR.exe
  C:\Windows\System\wQwOKZR.exe
  2⤵
  PID:9192
- C:\Windows\System\yCefRFH.exe
  C:\Windows\System\yCefRFH.exe
  2⤵
  PID:7996
- C:\Windows\System\wvHOSYk.exe
  C:\Windows\System\wvHOSYk.exe
  2⤵
  PID:8216
- C:\Windows\System\HIOeFis.exe
  C:\Windows\System\HIOeFis.exe
  2⤵
  PID:8240
- C:\Windows\System\tRGiQkr.exe
  C:\Windows\System\tRGiQkr.exe
  2⤵
  PID:8272
- C:\Windows\System\PLwowaz.exe
  C:\Windows\System\PLwowaz.exe
  2⤵
  PID:8352
- C:\Windows\System\ZRJlDRE.exe
  C:\Windows\System\ZRJlDRE.exe
  2⤵
  PID:8456
- C:\Windows\System\cwaTlIJ.exe
  C:\Windows\System\cwaTlIJ.exe
  2⤵
  PID:8336
- C:\Windows\System\Hevovqw.exe
  C:\Windows\System\Hevovqw.exe
  2⤵
  PID:8492
- C:\Windows\System\ATYkFhs.exe
  C:\Windows\System\ATYkFhs.exe
  2⤵
  PID:8632
- C:\Windows\System\PlhhzWY.exe
  C:\Windows\System\PlhhzWY.exe
  2⤵
  PID:8680
- C:\Windows\System\QPlUpLP.exe
  C:\Windows\System\QPlUpLP.exe
  2⤵
  PID:8716
- C:\Windows\System\AvgHXzR.exe
  C:\Windows\System\AvgHXzR.exe
  2⤵
  PID:8772
- C:\Windows\System\KtdlGvH.exe
  C:\Windows\System\KtdlGvH.exe
  2⤵
  PID:8872
- C:\Windows\System\JIJmaYi.exe
  C:\Windows\System\JIJmaYi.exe
  2⤵
  PID:8936
- C:\Windows\System\YtueyfW.exe
  C:\Windows\System\YtueyfW.exe
  2⤵
  PID:9196
- C:\Windows\System\ZxUdbqR.exe
  C:\Windows\System\ZxUdbqR.exe
  2⤵
  PID:8988
- C:\Windows\System\gZKZymj.exe
  C:\Windows\System\gZKZymj.exe
  2⤵
  PID:9028
- C:\Windows\System\CtXaYtq.exe
  C:\Windows\System\CtXaYtq.exe
  2⤵
  PID:9124
- C:\Windows\System\HzxjlEW.exe
  C:\Windows\System\HzxjlEW.exe
  2⤵
  PID:9188
- C:\Windows\System\yJWpsVZ.exe
  C:\Windows\System\yJWpsVZ.exe
  2⤵
  PID:7260
- C:\Windows\System\AJIvsFJ.exe
  C:\Windows\System\AJIvsFJ.exe
  2⤵
  PID:9212
- C:\Windows\System\aasRTAi.exe
  C:\Windows\System\aasRTAi.exe
  2⤵
  PID:8256
- C:\Windows\System\OUOShQm.exe
  C:\Windows\System\OUOShQm.exe
  2⤵
  PID:8444
- C:\Windows\System\yLhEurp.exe
  C:\Windows\System\yLhEurp.exe
  2⤵
  PID:7600
- C:\Windows\System\HYEREJT.exe
  C:\Windows\System\HYEREJT.exe
  2⤵
  PID:8592
- C:\Windows\System\sLbYFGF.exe
  C:\Windows\System\sLbYFGF.exe
  2⤵
  PID:8648
- C:\Windows\System\LfmVrwb.exe
  C:\Windows\System\LfmVrwb.exe
  2⤵
  PID:8888
- C:\Windows\System\jpGHhZO.exe
  C:\Windows\System\jpGHhZO.exe
  2⤵
  PID:8736
- C:\Windows\System\MweFIwt.exe
  C:\Windows\System\MweFIwt.exe
  2⤵
  PID:1596
- C:\Windows\System\cjhoAKv.exe
  C:\Windows\System\cjhoAKv.exe
  2⤵
  PID:9060
- C:\Windows\System\DEAzrau.exe
  C:\Windows\System\DEAzrau.exe
  2⤵
  PID:8244
- C:\Windows\System\yAmpJji.exe
  C:\Windows\System\yAmpJji.exe
  2⤵
  PID:8500
- C:\Windows\System\zhyCApZ.exe
  C:\Windows\System\zhyCApZ.exe
  2⤵
  PID:8644
- C:\Windows\System\BMfctOn.exe
  C:\Windows\System\BMfctOn.exe
  2⤵
  PID:7580
- C:\Windows\System\FQgagtt.exe
  C:\Windows\System\FQgagtt.exe
  2⤵
  PID:8436
- C:\Windows\System\cgivOlm.exe
  C:\Windows\System\cgivOlm.exe
  2⤵
  PID:8788
- C:\Windows\System\DQJEXMP.exe
  C:\Windows\System\DQJEXMP.exe
  2⤵
  PID:9020
- C:\Windows\System\rVLmLaP.exe
  C:\Windows\System\rVLmLaP.exe
  2⤵
  PID:9116
- C:\Windows\System\uIMDMCJ.exe
  C:\Windows\System\uIMDMCJ.exe
  2⤵
  PID:8440
- C:\Windows\System\PVGYkkz.exe
  C:\Windows\System\PVGYkkz.exe
  2⤵
  PID:8792
- C:\Windows\System\iDVhyYm.exe
  C:\Windows\System\iDVhyYm.exe
  2⤵
  PID:8608
- C:\Windows\System\DdxZVaT.exe
  C:\Windows\System\DdxZVaT.exe
  2⤵
  PID:8484
- C:\Windows\System\QQzwGIY.exe
  C:\Windows\System\QQzwGIY.exe
  2⤵
  PID:8464
- C:\Windows\System\wWXLrGi.exe
  C:\Windows\System\wWXLrGi.exe
  2⤵
  PID:9236
- C:\Windows\System\eTiLKwc.exe
  C:\Windows\System\eTiLKwc.exe
  2⤵
  PID:9256
- C:\Windows\System\GOGSufg.exe
  C:\Windows\System\GOGSufg.exe
  2⤵
  PID:9276
- C:\Windows\System\MkyxCLn.exe
  C:\Windows\System\MkyxCLn.exe
  2⤵
  PID:9304
- C:\Windows\System\fDmPxMw.exe
  C:\Windows\System\fDmPxMw.exe
  2⤵
  PID:9320
- C:\Windows\System\MFLPuks.exe
  C:\Windows\System\MFLPuks.exe
  2⤵
  PID:9340
- C:\Windows\System\fxtohqR.exe
  C:\Windows\System\fxtohqR.exe
  2⤵
  PID:9376
- C:\Windows\System\ATksjgC.exe
  C:\Windows\System\ATksjgC.exe
  2⤵
  PID:9396
- C:\Windows\System\zHznHqy.exe
  C:\Windows\System\zHznHqy.exe
  2⤵
  PID:9412
- C:\Windows\System\CNVWRtS.exe
  C:\Windows\System\CNVWRtS.exe
  2⤵
  PID:9428
- C:\Windows\System\IzrHaYj.exe
  C:\Windows\System\IzrHaYj.exe
  2⤵
  PID:9444
- C:\Windows\System\CNONTdx.exe
  C:\Windows\System\CNONTdx.exe
  2⤵
  PID:9464
- C:\Windows\System\vyvQPnw.exe
  C:\Windows\System\vyvQPnw.exe
  2⤵
  PID:9484
- C:\Windows\System\GQBChPX.exe
  C:\Windows\System\GQBChPX.exe
  2⤵
  PID:9500
- C:\Windows\System\MJzMHQB.exe
  C:\Windows\System\MJzMHQB.exe
  2⤵
  PID:9516
- C:\Windows\System\JUWBFOZ.exe
  C:\Windows\System\JUWBFOZ.exe
  2⤵
  PID:9536
- C:\Windows\System\ilfzObC.exe
  C:\Windows\System\ilfzObC.exe
  2⤵
  PID:9556
- C:\Windows\System\QPTdWIP.exe
  C:\Windows\System\QPTdWIP.exe
  2⤵
  PID:9572
- C:\Windows\System\QgmfBLa.exe
  C:\Windows\System\QgmfBLa.exe
  2⤵
  PID:9588
- C:\Windows\System\ZmFUQzt.exe
  C:\Windows\System\ZmFUQzt.exe
  2⤵
  PID:9608
- C:\Windows\System\MmqAGbT.exe
  C:\Windows\System\MmqAGbT.exe
  2⤵
  PID:9624
- C:\Windows\System\mDlYvPB.exe
  C:\Windows\System\mDlYvPB.exe
  2⤵
  PID:9644
- C:\Windows\System\gleBkrF.exe
  C:\Windows\System\gleBkrF.exe
  2⤵
  PID:9660
- C:\Windows\System\CewqZvO.exe
  C:\Windows\System\CewqZvO.exe
  2⤵
  PID:9680
- C:\Windows\System\FlNfTwj.exe
  C:\Windows\System\FlNfTwj.exe
  2⤵
  PID:9700
- C:\Windows\System\JjPzXaq.exe
  C:\Windows\System\JjPzXaq.exe
  2⤵
  PID:9724
- C:\Windows\System\enBpAcI.exe
  C:\Windows\System\enBpAcI.exe
  2⤵
  PID:9740
- C:\Windows\System\fpQRWFW.exe
  C:\Windows\System\fpQRWFW.exe
  2⤵
  PID:9756
- C:\Windows\System\LsgcjaU.exe
  C:\Windows\System\LsgcjaU.exe
  2⤵
  PID:9776
- C:\Windows\System\XKbYlUn.exe
  C:\Windows\System\XKbYlUn.exe
  2⤵
  PID:9792
- C:\Windows\System\qDUcOfz.exe
  C:\Windows\System\qDUcOfz.exe
  2⤵
  PID:9808
- C:\Windows\System\yDKkMPp.exe
  C:\Windows\System\yDKkMPp.exe
  2⤵
  PID:9828
- C:\Windows\System\uXevAZp.exe
  C:\Windows\System\uXevAZp.exe
  2⤵
  PID:9856
- C:\Windows\System\OotuABu.exe
  C:\Windows\System\OotuABu.exe
  2⤵
  PID:9884
- C:\Windows\System\IVLvFMQ.exe
  C:\Windows\System\IVLvFMQ.exe
  2⤵
  PID:9900
- C:\Windows\System\MLHafsm.exe
  C:\Windows\System\MLHafsm.exe
  2⤵
  PID:9956
- C:\Windows\System\miMjKLF.exe
  C:\Windows\System\miMjKLF.exe
  2⤵
  PID:9980
- C:\Windows\System\jByrFMl.exe
  C:\Windows\System\jByrFMl.exe
  2⤵
  PID:10000
- C:\Windows\System\fhZUkJF.exe
  C:\Windows\System\fhZUkJF.exe
  2⤵
  PID:10016
- C:\Windows\System\bCXOeik.exe
  C:\Windows\System\bCXOeik.exe
  2⤵
  PID:10040
- C:\Windows\System\EMVikwU.exe
  C:\Windows\System\EMVikwU.exe
  2⤵
  PID:10060
- C:\Windows\System\uoJWCNh.exe
  C:\Windows\System\uoJWCNh.exe
  2⤵
  PID:10084
- C:\Windows\System\VgAaUAg.exe
  C:\Windows\System\VgAaUAg.exe
  2⤵
  PID:10100
- C:\Windows\System\gEdVUJa.exe
  C:\Windows\System\gEdVUJa.exe
  2⤵
  PID:10120
- C:\Windows\System\vqNWpFG.exe
  C:\Windows\System\vqNWpFG.exe
  2⤵
  PID:10136
- C:\Windows\System\abFPqQA.exe
  C:\Windows\System\abFPqQA.exe
  2⤵
  PID:10168
- C:\Windows\System\GOQhSfA.exe
  C:\Windows\System\GOQhSfA.exe
  2⤵
  PID:10184
- C:\Windows\System\nvuaBMY.exe
  C:\Windows\System\nvuaBMY.exe
  2⤵
  PID:10208
- C:\Windows\System\YJuEOvO.exe
  C:\Windows\System\YJuEOvO.exe
  2⤵
  PID:10224
- C:\Windows\System\eoFrJGJ.exe
  C:\Windows\System\eoFrJGJ.exe
  2⤵
  PID:9224
- C:\Windows\System\MHBBheq.exe
  C:\Windows\System\MHBBheq.exe
  2⤵
  PID:8548
- C:\Windows\System\JhQYpKZ.exe
  C:\Windows\System\JhQYpKZ.exe
  2⤵
  PID:8684
- C:\Windows\System\JiHqVSN.exe
  C:\Windows\System\JiHqVSN.exe
  2⤵
  PID:9264
- C:\Windows\System\rrRqmhY.exe
  C:\Windows\System\rrRqmhY.exe
  2⤵
  PID:9252
- C:\Windows\System\EIKGjXC.exe
  C:\Windows\System\EIKGjXC.exe
  2⤵
  PID:9288
- C:\Windows\System\GqFZIvU.exe
  C:\Windows\System\GqFZIvU.exe
  2⤵
  PID:9352
- C:\Windows\System\nYXdsGW.exe
  C:\Windows\System\nYXdsGW.exe
  2⤵
  PID:9364
- C:\Windows\System\ntetiSe.exe
  C:\Windows\System\ntetiSe.exe
  2⤵
  PID:9388
- C:\Windows\System\dWJyOok.exe
  C:\Windows\System\dWJyOok.exe
  2⤵
  PID:9440
- C:\Windows\System\dieoyBL.exe
  C:\Windows\System\dieoyBL.exe
  2⤵
  PID:9476
- C:\Windows\System\fCYVFQp.exe
  C:\Windows\System\fCYVFQp.exe
  2⤵
  PID:9460
- C:\Windows\System\PByHsLA.exe
  C:\Windows\System\PByHsLA.exe
  2⤵
  PID:9492
- C:\Windows\System\XDKKPTc.exe
  C:\Windows\System\XDKKPTc.exe
  2⤵
  PID:9552
- C:\Windows\System\GOxtDgh.exe
  C:\Windows\System\GOxtDgh.exe
  2⤵
  PID:9620
- C:\Windows\System\qSZLkuX.exe
  C:\Windows\System\qSZLkuX.exe
  2⤵
  PID:9604
- C:\Windows\System\HZvJcBk.exe
  C:\Windows\System\HZvJcBk.exe
  2⤵
  PID:9676
- C:\Windows\System\AYbOPIe.exe
  C:\Windows\System\AYbOPIe.exe
  2⤵
  PID:9568
- C:\Windows\System\CyAcmtq.exe
  C:\Windows\System\CyAcmtq.exe
  2⤵
  PID:9732
- C:\Windows\System\yZOIbbE.exe
  C:\Windows\System\yZOIbbE.exe
  2⤵
  PID:9800
- C:\Windows\System\GCfJtVv.exe
  C:\Windows\System\GCfJtVv.exe
  2⤵
  PID:9788
- C:\Windows\System\TOzRqxh.exe
  C:\Windows\System\TOzRqxh.exe
  2⤵
  PID:9820
- C:\Windows\System\oSyNogc.exe
  C:\Windows\System\oSyNogc.exe
  2⤵
  PID:9772
- C:\Windows\System\QJxpOaw.exe
  C:\Windows\System\QJxpOaw.exe
  2⤵
  PID:9876
- C:\Windows\System\nYBIyqW.exe
  C:\Windows\System\nYBIyqW.exe
  2⤵
  PID:9924
- C:\Windows\System\rEgJZHi.exe
  C:\Windows\System\rEgJZHi.exe
  2⤵
  PID:9944
- C:\Windows\System\PehMiAG.exe
  C:\Windows\System\PehMiAG.exe
  2⤵
  PID:9992
- C:\Windows\System\dTIHjAD.exe
  C:\Windows\System\dTIHjAD.exe
  2⤵
  PID:10036
- C:\Windows\System\XrQyhvG.exe
  C:\Windows\System\XrQyhvG.exe
  2⤵
  PID:10052
- C:\Windows\System\EjRvnGD.exe
  C:\Windows\System\EjRvnGD.exe
  2⤵
  PID:10056
- C:\Windows\System\VarXteU.exe
  C:\Windows\System\VarXteU.exe
  2⤵
  PID:10096
- C:\Windows\System\qJWElbv.exe
  C:\Windows\System\qJWElbv.exe
  2⤵
  PID:10144
- C:\Windows\System\LdwAhqG.exe
  C:\Windows\System\LdwAhqG.exe
  2⤵
  PID:10148
- C:\Windows\System\mVuLuTx.exe
  C:\Windows\System\mVuLuTx.exe
  2⤵
  PID:10200

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BXZBMdj.exe

Filesize
2.2MB

MD5
0d030e5f10f2f291ac16e25e0c0c0889

SHA1
7bcaec3cdb8fdaae4afb3700265e435126ad1837

SHA256
b70e63b31d926be767e6758bf42f6d446fb92792b209aec585219a3ac2006c40

SHA512
12621846de34911f7a8eea7325ce1c13a3cabf31ad8384affbfeb3be4bf1fbb6415183147b18b7b89a3f105f9dddef5759c7a91173beb1cce935b636a982ee90

Download Submit
C:\Windows\system\FxBLBIw.exe

Filesize
2.2MB

MD5
c30f8158aaa579e629c6f76bf1a91a17

SHA1
b24c2785ba7fa90cc6ba91f040d51970db2c3a33

SHA256
30c1d22ad3e8489a8895410f2d35f9a9269325fd016b24f110de06929d2f314d

SHA512
3a2b78a64cef8f5709e2276b5d7754a717a6c19a9921df232b2538b00d770b244c83d5d069fc7274e0c9af4d47a39cfd4280d70c65460b5d4c294c275bd663e1

Download Submit
C:\Windows\system\KWRWSEy.exe

Filesize
2.2MB

MD5
f836992569d90ac243a7b0db55cb841d

SHA1
6b4295136233be237b05769d8afad2955e1ec5f3

SHA256
4a7b772f33de1914f53995fffd7d08788a2ada9f2f4a4d00546416ede73b593c

SHA512
71082bc133265c160952b06cebf6d21c78ab5d75699c486934607bd3cd247a95e8d96f374fcc8727e636fef7beffee6645f8a816306401f76b16ae62535792e2

Download Submit
C:\Windows\system\LSVzNiu.exe

Filesize
2.2MB

MD5
0298acf4bad0fa3c416d938d58fa4016

SHA1
2a902a543e6ed138686a58ca97284ba5de9ea89a

SHA256
8ef227e44955917660ba5011e188b0ebf523a0e458f56cd981bbe0b194ced331

SHA512
a82503802fb50628f0bca8fb217fcfc00f5e9491b6edf3160f0954dd7c9df85357fa79809c344db9efdf9f10051cc090943b5d9b71b850e4d1f3ed4ef6793c00

Download Submit
C:\Windows\system\LXjCFFf.exe

Filesize
2.2MB

MD5
e479bb9e32986811d5edcf0cff79b09b

SHA1
2b5d81867a6819820b103e1a9a180fc8200a18b4

SHA256
9eadb43dae503f293472874c3e2fc8742b33f12e54ff48b58584617ad4b982de

SHA512
3e0078f25f01e451aa02281b9f80d6af9fe94afc381d4cd3cb9c8402e71a21a02a04f398a59993b5f7111c9f4be8548dc4f1fef4c15b6364f010ca56cd516126

Download Submit
C:\Windows\system\MXFpnVh.exe

Filesize
2.2MB

MD5
e0d3cdb2b8237e136f303643f0f3f0ff

SHA1
27da5cb0d9e053a57cb0c8d6f12d7b2fb2a96401

SHA256
79834f46ef929cc1abdf8cda329d59019d4bc6d0909a551ac6c5795a35a14ebc

SHA512
dd0e89ca2a210070d56cfc654e428e600237ee990eb74f17cda4049d12f85d24545b48ddce87a5e41e85d77b3d2969df6de5d708ec096dafbd58c09b3522714d

Download Submit
C:\Windows\system\MXoBQEi.exe

Filesize
2.2MB

MD5
6d00fb482bba59b7c214efd464787d1c

SHA1
6b3d2285c7bbfbc90be0def1ccb1808debf44b6b

SHA256
6a3c9df6581e675d8ccd43c3a5e493cf94287444c4da7c4cc17021bced5c0266

SHA512
46831c7d342e7a0146875cbaec4c3ffe9f69cebb463952573c08666b8d8c5b2f322ce6e9cbb156a76c37b28dc8022bc381eab831c747491ea80ac8afb9d59690

Download Submit
C:\Windows\system\NWbRjLp.exe

Filesize
2.2MB

MD5
5bbf62cfce2935157acc7cbc0928f512

SHA1
68748a9ae009d4bc54e9d566f26fcb767ef0f15a

SHA256
262b78f73e7cd23d244163222acbeff545b9e72544fc043972dea6542fd26cd7

SHA512
f88fee0f7cafb3605ef095c4ca4104fa00ce4d3c44659b2c06167705374d0fda4a60cba23b488664c0ab7977d3e45a79a58788d3e53c424be056d05063c1570b

Download Submit
C:\Windows\system\SzMTtSP.exe

Filesize
2.2MB

MD5
504c5e32e1a9a485c78b1ce6b6c37b25

SHA1
0c729ac910dc6d00ef7d4488a7dc77811adf5c03

SHA256
f604f9062432162d449bfe62b7886b634ea8ed4173e33de42c8391d8e2e14e6a

SHA512
3a792cb1960c813647b346d42bf44953d44eed44377409b1118cb38aaf581426d4515b666093d69de5c30025eafb9a12c7e33773a1d43bdc0be1812abeabc496

Download Submit
C:\Windows\system\THAntcH.exe

Filesize
2.2MB

MD5
e22b4bf5c4220d079cacb5bcdcd78e3c

SHA1
8854699b3965b93f87d10bbbcbff289263072d41

SHA256
3a0345af062f94ef768728e841aec33d008cea5c028470b4f86639b112a72334

SHA512
baae8e401fc23f6ad20ad543614f02ffab0f7651d5f615cb6bf473b305a22b72eb807e94e880234572c1fcad44e191264587f111257d68f3f0d6cc5577f867e8

Download Submit
C:\Windows\system\WgkNtgE.exe

Filesize
2.2MB

MD5
edfdde21930172332551381ec4ee0051

SHA1
4deea48b925958b8d1dbf3e780eb47a9a99dff61

SHA256
a8552db01279ed76884a5e38ff874abcb2017f5701bfa0c7209edd5881827dd1

SHA512
9cae43bc61a2cda6c076805706f9a2ed91f1a5c8dd7dcbccb165b6b9356f8fdeae32bff8003a5d29ddc0665971088af4e8740613fbfb92e3effb4b9da8029167

Download Submit
C:\Windows\system\YHcYfpQ.exe

Filesize
2.2MB

MD5
c77c3391445438b24f379119457a77ed

SHA1
bc9e7993b5d5a3f08155c8316c164dbd2ca31677

SHA256
f642ffd081de160062a491d6be18ba93e536269c988990ba7d876715f105e57d

SHA512
390ab02b4b81ed868d48c468a360b4d8da6613f7c6f2d95b2f3d0361235337d90ccc7117100ed1d0618e96d184dd1bfd4ee856fdae9b5aab9cb2b281aea4fe3c

Download Submit
C:\Windows\system\ZfXzjSs.exe

Filesize
2.2MB

MD5
e67ff176b1f09714cf4f3d4aeeff3cda

SHA1
18157c6daa86ac38767fbff44829dad33d42020f

SHA256
b8221ff7deee3a4aca40506c4589419e343018e69d792aac84f5f6cea8484dc0

SHA512
ad92105c1ac9a8d5a77d121092783d0e1d612dd33ca16f45ee641de3ea9e6e74310cdd01b7b5783e1fc8cb72d9e93607fe451affa40fb89a4eb569fed245322c

Download Submit
C:\Windows\system\ZzUVhTf.exe

Filesize
2.2MB

MD5
f4d647d6b7c8292b22afd9617210db4c

SHA1
8cadb1c27b805beef87f95bb3f03f946ee5f80b2

SHA256
7cc1b151d010de9c80a4d5952c77b3dfef43bfce403da7e5852397d792051395

SHA512
ed134d5e789f7f8e2ade57ac221b7b2009aa23680d853c277a8b2d7d911615cb82223edc44b1b0a5fbe846af8bb29c359a70e010eaa06e818205fa9499036789

Download Submit
C:\Windows\system\cXzxOWo.exe

Filesize
2.2MB

MD5
5252c86c54537296bb39a7a00cbddec0

SHA1
e9025a696b4f27bb7b8e1076c380dbc7bdc0545c

SHA256
a62cb65028c1f9a8fd4b41ebedeba1ad606cf422fea0d609eb29fcb5e03fc426

SHA512
88d06dc8cb2d7a731134cffebba0ecb331e48500e028c25ec6ed3b34da70377204105d84f6143ecbdb8436f49db0ecf104365b047ec1dedbaf9f1a0b66d29870

Download Submit
C:\Windows\system\fnLLBNl.exe

Filesize
2.2MB

MD5
d94bb59e7e03a1b8bbb449d4abe822f5

SHA1
e3db07af8e4bebf5cd58ae42a7fa89ab03c312b3

SHA256
b2ed3ec368b6140cb3b194cad5cb86c6ec4683a1349b0e56bdd37f647ae8ba3e

SHA512
bf5ec409dc89b1dd473f53af93fb3d537354910f81d05a7d5f9895e5e41311ae0f2790e6e45b571ce9e4ced68623993188a226bd4fc0f6e469cdf1ab3a795c00

Download Submit
C:\Windows\system\hjnqFJP.exe

Filesize
2.2MB

MD5
17e5350063835befbc7f640e489562c5

SHA1
65d83038038dc73184a287e536703cfc8e77bf7b

SHA256
591453f003b291fbb1bd01ae35ebfa82a06d252679fb746bbec13079c69ba73b

SHA512
9ea596d1c635035c9a54e8dfc9e7884e1e9d6641789f7a83d92a6c7939593f1fa90d7f42ae3922295cf21c4bdbb4fee9bf96f8f19dae71689715a42c057d2f16

Download Submit
C:\Windows\system\irgkBTt.exe

Filesize
2.2MB

MD5
b3d9881dcb4b897b70e2d1ac5387c539

SHA1
e4221b10de875dfd1dcc2b6ca502490c69e978f7

SHA256
c5f787f10506d1d04138bf3e8fb799aef6094ad10fe13dcb53de8c84256c9e41

SHA512
8db3d466821bdf6b3d829e288b56175cf101c2289e6d86a32c735623f12b99f7f8e97c232b22c45abd776fdb53c83776c0e4c6348d93396c4eccc110d6739067

Download Submit
C:\Windows\system\iykeFov.exe

Filesize
2.2MB

MD5
cd12d4164b15b3be44f903a934c8f34c

SHA1
0d2b6ee7c046228503bb4d4e0e62cd3d4e8829b4

SHA256
1602876b1c6170ec2f9f9dad47932450eaed0ea9c1c74108896ee690127311bf

SHA512
2d3e0361a58b1e08ec06c5572c9945be3e34418da45670e015d428a43978c4eee16fdfa90657705178de9a51362ff8e05d7b35c493e71551c716e74da51f180c

Download Submit
C:\Windows\system\jpuoPCh.exe

Filesize
2.2MB

MD5
9462c34a218d158a39147ab96afc24f2

SHA1
ad0aae1637cc5ce475e95bc793d05a3bbbdf7001

SHA256
cb19516d97c30d0aff20957500f5c34986b231b9f878fdaf5610e779d325ae70

SHA512
a1ec275b3ed01b46f5033198e1528a59afeb53dd7c7956e95cae8c1e871e094849180995b3171f47b314b4ebdad1f7dab06d5e1334ad28d02bbefc1b474c2ffc

Download Submit
C:\Windows\system\kgJicEP.exe

Filesize
2.2MB

MD5
873917d6990cd0b8619c2f08c1c08c67

SHA1
1ae9a77771b5e535e5da537e395733482718fd3a

SHA256
a392e3d0e2a6f55dcbc881a7e3ff9f8904085b7a128dfbb60bc9dfe018cac5b1

SHA512
a3569286b8d7d3267e69dbdc72094ebb75ba75286486f051c70fa2b4db698f99624e5e559afd6fc9a1e714561a4ff4520fd777f536f2916aa9a8df0d38e9ee38

Download Submit
C:\Windows\system\mgZVMCj.exe

Filesize
2.2MB

MD5
229a82601d609eb15cd894d22a8ae63d

SHA1
3ab6f1689330d429a83aa65ed76b6d8b57b31f97

SHA256
5fa2cef2db09c7c751109ab0baff0ceb40d39621d166e7b44a584c308f7d2900

SHA512
2657af922f0a1485801bfc5d20acc4897e312cd13a6e62d5f69a8d485299749429d041325928f053de157c883e74bfd2692f955613e9aa93e82698c8105b8fba

Download Submit
C:\Windows\system\nmXDmZC.exe

Filesize
2.2MB

MD5
6f7a04d14d340cf85208ec749de227e5

SHA1
2b3a7fa7e3e786fb0d1c08196714524b6c8a43f5

SHA256
619d97128780613defd83711ba4ff5ffda35196ed8f54fbca6170e7f3ffab9dd

SHA512
0959c46ee4f34582511809cf7da12ff2651bed220f140368dc878bc08efbe0bf7b4f7e7d2fa640e7005ac310d46ad3e0d0080619fe6e9021f415f98a1b749b20

Download Submit
C:\Windows\system\oOYdBnn.exe

Filesize
2.2MB

MD5
f085cf3f65f0e31c5abdeddd7c0a584e

SHA1
6a5f7a2d10626526079d6de1b38a678b3dd2973e

SHA256
06e21c998127194420ca0bda1ae2b19cb75df4e3658f21695165d2ad73180f59

SHA512
c42757fd9cd14a3b26426ba9ca32410a6fb4bd745dd7f73ec4154fe8bd82aa8e795022bca941434c5bc05086617e847d9b6d664eef5eb5094d768c6154cdc33b

Download Submit
C:\Windows\system\rFxrZnP.exe

Filesize
2.2MB

MD5
03bfbe96a645957fd66a14dd821d630e

SHA1
3b0250a9f2032741ce7b38c6f9e6ebc1c751593c

SHA256
613a26ebf092cf4a21e26d3646d149d3c2a4356315e2a2040d4876451c5e3cef

SHA512
3b8f0faeaa850af0551eec09e6b653e7be0f94d29a5af309e8c0e111ef8c2bcfe0ca56e72da7650b8f8630a93964a421d8ab0d42701e38c80633759c0997c59e

Download Submit
C:\Windows\system\uWJDKZW.exe

Filesize
2.2MB

MD5
086f2274e9b5a7d2b8d2bcd4e1bd3e51

SHA1
78f761e16b57438830e47c80de80233402656878

SHA256
881e6d327915f3a00bc809aade1e41e84b7bd4ec1754c9826fdd80bf5de40715

SHA512
115debe1f799bb99b5011c73fff52b34fc37af70007852ffaef52935515c4fc276e58736226d3eb819b023ec42a8b786db72779f2d132b2481710ee4a97ea536

Download Submit
C:\Windows\system\uvEZdnh.exe

Filesize
2.2MB

MD5
bed8da13ddb17082efee640c6df5799b

SHA1
e8ed029319818eb5040b90f49d839ab8a53aad00

SHA256
56cb1755069ed6685df105eff1140b06e3fc5443951b1cb90ca7812f898d690f

SHA512
69472e2aecd7d8d5c84abb0f14c776409692b18d737ff40a706b330f7edce3579b115ff4cf6939d850c043425db22fe684f33025bb23945a51c65a333904fb3e

Download Submit
C:\Windows\system\wVUDvTV.exe

Filesize
2.2MB

MD5
ae6b1a836420e126f6ca9e9bbf33cbef

SHA1
7cdeceea1fb1496f637f9586a991a74b8c3bea4c

SHA256
3984a9e04a203d1fdc634e45366e78195eecfd606bd8dd6fd92d2c31fd8c2d0a

SHA512
772e02b987978ff6d215c7595934f6a513e3755a28d6a751f3513841560aa107d7079db8fdc3cababe8ef5babca202f70fda895f6903ffea21d76f0d87e94369

Download Submit
C:\Windows\system\wWVjiQR.exe

Filesize
2.2MB

MD5
69ec001091d3ed109a66b48644f6d5f1

SHA1
2157231b49945efa4a087213eb80d9ed6252849c

SHA256
9d198f011a3dc136443ed8ba20ecbda5d9374391f2bae1ac660e17dfebe4a7c4

SHA512
bdb5f729435e242390f7e3f7c4b760f00c9276f30e4a85e5fc70e34213172cb0261909842918b96172633d01058c6aaaf0872db8f20236cdc514975d1781d942

Download Submit
C:\Windows\system\wXUlBrE.exe

Filesize
2.2MB

MD5
15ea8f38ae6bc5cc7d0b7b93abf374e6

SHA1
f7495e3308b3e4ab279bb359b47c118df45375b1

SHA256
0a413ddc205af4f5a04c265956abdea6f5b12b60a4450970034da53b80af0239

SHA512
b7df7c763f568a2811df985f7e0fff8fd927e6c54478eeb5ad0bbd516636708f869770e319436ddf55e00c540b0b7cc7d3d95a011d83f06dd9a53616f4a97f6c

Download Submit
C:\Windows\system\zqzjAxZ.exe

Filesize
2.2MB

MD5
5b873f2fb53ba1f819b3b6b1447461ee

SHA1
43511f0efa618dcbb4e5c495ee71676b6e3d5137

SHA256
9538dfb13d6c4cb28630611ab1b542a2c6fab57cc30ffd1698da39919d6558cb

SHA512
cf83f1875b99d571543e3a8ea5f5f93400af3921abdcab6d5f6a553b4ce581a5510b8c0f8d8588d2f6e6eb9c4fa685f0b19221ac9725176fd9adf279db8a07f2

Download Submit
\Windows\system\RfalDKm.exe

Filesize
2.2MB

MD5
0e65190ce29f4dac1ee47b7cbc8de00a

SHA1
f2afa0faf0202f239a73fbe58ea1490d2ba05cb9

SHA256
3494bc2c1c9b7e9a86080a241021f2069c4c4cecd4690ff1a23d4666660c724c

SHA512
c60ebb5ebacc2f7c9c959bb4360e8a42781f0f2232f9ad393bb695de99fb81038596adcb1560276508f33b269509ee7cded6b18d271fe779266f3d0fc7a2396d

Download Submit
memory/1748-24-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/1748-2581-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/1748-4009-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2204-27-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-2845-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2204-4010-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2216-2403-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2216-3913-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2216-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2216-614-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2216-628-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2216-10-0x0000000001EF0000-0x0000000002244000-memory.dmp

Filesize
3.3MB

Download
memory/2216-643-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2216-3654-0x0000000001EF0000-0x0000000002244000-memory.dmp

Filesize
3.3MB

Download
memory/2216-588-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2216-3653-0x0000000001EF0000-0x0000000002244000-memory.dmp

Filesize
3.3MB

Download
memory/2216-592-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2216-3652-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2216-598-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2216-3651-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2216-3650-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2216-3649-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2216-725-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2216-0-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2216-717-0x0000000001EF0000-0x0000000002244000-memory.dmp

Filesize
3.3MB

Download
memory/2216-655-0x0000000001EF0000-0x0000000002244000-memory.dmp

Filesize
3.3MB

Download
memory/2216-3648-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2216-38-0x0000000001EF0000-0x0000000002244000-memory.dmp

Filesize
3.3MB

Download
memory/2216-28-0x0000000001EF0000-0x0000000002244000-memory.dmp

Filesize
3.3MB

Download
memory/2216-33-0x0000000001EF0000-0x0000000002244000-memory.dmp

Filesize
3.3MB

Download
memory/2216-3647-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2216-2579-0x0000000001EF0000-0x0000000002244000-memory.dmp

Filesize
3.3MB

Download
memory/2216-3049-0x0000000001EF0000-0x0000000002244000-memory.dmp

Filesize
3.3MB

Download
memory/2216-2682-0x0000000001EF0000-0x0000000002244000-memory.dmp

Filesize
3.3MB

Download
memory/2216-2849-0x0000000001EF0000-0x0000000002244000-memory.dmp

Filesize
3.3MB

Download
memory/2216-8-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2468-621-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2468-4021-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2488-4016-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2488-593-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2508-4019-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2508-653-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2528-637-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2528-4018-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2556-4011-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2556-29-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2616-583-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2616-4012-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2636-4017-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2636-606-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2688-11-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-4008-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-4014-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2696-575-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2696-3459-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2740-4013-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2740-589-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2828-4015-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2828-585-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2928-685-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2928-4020-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download