xmrig | 00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0

Analysis

max time kernel
140s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 18:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
Size

1.5MB
MD5

194220776eb563a02629ed14703e010b
SHA1

95b9aab1964f6dcd87d3e88cccf0d2b1e16899d0
SHA256

00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0
SHA512

687a81e3d6f06ce456f9b85ea72d5b6772fab429e4f85e8e210ccc2963a1597661d3fd50c74430a74763be0f371d214021e62381bbd3676d134a7559479d5932
SSDEEP

24576:RVIl/WDGCi7/qkatXBF6727ZvhwoONE6phFrMiBsQVWGoPN9sMyE+fpEOjhxfHtK:ROdWCCi7/rahFD2P6QV8NqMyLEQ1K

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral2/memory/1312-0-0x00007FF6FE150000-0x00007FF6FE4A1000-memory.dmp	UPX
behavioral2/files/0x0009000000023403-5.dat	UPX
behavioral2/files/0x0007000000023412-7.dat	UPX
behavioral2/memory/1584-11-0x00007FF7AFE60000-0x00007FF7B01B1000-memory.dmp	UPX
behavioral2/files/0x0007000000023411-23.dat	UPX
behavioral2/files/0x0007000000023418-39.dat	UPX
behavioral2/files/0x0007000000023416-45.dat	UPX
behavioral2/files/0x0007000000023419-44.dat	UPX
behavioral2/memory/3928-60-0x00007FF6FC430000-0x00007FF6FC781000-memory.dmp	UPX
behavioral2/files/0x000700000002341d-67.dat	UPX
behavioral2/files/0x000700000002341b-81.dat	UPX
behavioral2/files/0x000700000002341e-92.dat	UPX
behavioral2/files/0x000700000002341f-99.dat	UPX
behavioral2/files/0x0007000000023421-104.dat	UPX
behavioral2/memory/3224-110-0x00007FF7A8810000-0x00007FF7A8B61000-memory.dmp	UPX
behavioral2/memory/1956-109-0x00007FF6D46E0000-0x00007FF6D4A31000-memory.dmp	UPX
behavioral2/memory/4668-108-0x00007FF64A470000-0x00007FF64A7C1000-memory.dmp	UPX
behavioral2/memory/3652-107-0x00007FF6C97D0000-0x00007FF6C9B21000-memory.dmp	UPX
behavioral2/memory/3748-106-0x00007FF793B70000-0x00007FF793EC1000-memory.dmp	UPX
behavioral2/memory/896-103-0x00007FF69CFF0000-0x00007FF69D341000-memory.dmp	UPX
behavioral2/memory/2220-102-0x00007FF6032A0000-0x00007FF6035F1000-memory.dmp	UPX
behavioral2/memory/456-101-0x00007FF7F4A20000-0x00007FF7F4D71000-memory.dmp	UPX
behavioral2/files/0x0007000000023420-96.dat	UPX
behavioral2/memory/3088-95-0x00007FF6DCD40000-0x00007FF6DD091000-memory.dmp	UPX
behavioral2/memory/1400-94-0x00007FF645E40000-0x00007FF646191000-memory.dmp	UPX
behavioral2/files/0x000700000002341a-88.dat	UPX
behavioral2/memory/4996-87-0x00007FF7A39F0000-0x00007FF7A3D41000-memory.dmp	UPX
behavioral2/memory/812-80-0x00007FF626920000-0x00007FF626C71000-memory.dmp	UPX
behavioral2/memory/4532-75-0x00007FF696850000-0x00007FF696BA1000-memory.dmp	UPX
behavioral2/files/0x000700000002341c-64.dat	UPX
behavioral2/files/0x0007000000023417-63.dat	UPX
behavioral2/memory/2632-61-0x00007FF71BF70000-0x00007FF71C2C1000-memory.dmp	UPX
behavioral2/files/0x0007000000023415-54.dat	UPX
behavioral2/memory/1660-43-0x00007FF68E230000-0x00007FF68E581000-memory.dmp	UPX
behavioral2/files/0x0007000000023414-42.dat	UPX
behavioral2/files/0x0007000000023422-114.dat	UPX
behavioral2/files/0x0007000000023426-132.dat	UPX
behavioral2/memory/548-135-0x00007FF6C5CE0000-0x00007FF6C6031000-memory.dmp	UPX
behavioral2/files/0x0007000000023427-144.dat	UPX
behavioral2/memory/1548-154-0x00007FF7DEF50000-0x00007FF7DF2A1000-memory.dmp	UPX
behavioral2/files/0x000700000002342b-162.dat	UPX
behavioral2/files/0x0007000000023429-170.dat	UPX
behavioral2/files/0x000700000002342d-177.dat	UPX
behavioral2/memory/4944-192-0x00007FF7869D0000-0x00007FF786D21000-memory.dmp	UPX
behavioral2/memory/3156-194-0x00007FF6D1F10000-0x00007FF6D2261000-memory.dmp	UPX
behavioral2/memory/4444-193-0x00007FF7037B0000-0x00007FF703B01000-memory.dmp	UPX
behavioral2/files/0x000700000002342f-189.dat	UPX
behavioral2/files/0x000700000002342e-188.dat	UPX
behavioral2/memory/3172-187-0x00007FF763A70000-0x00007FF763DC1000-memory.dmp	UPX
behavioral2/files/0x000700000002342c-181.dat	UPX
behavioral2/memory/3424-180-0x00007FF735B20000-0x00007FF735E71000-memory.dmp	UPX
behavioral2/memory/3672-174-0x00007FF70A440000-0x00007FF70A791000-memory.dmp	UPX
behavioral2/files/0x000700000002342a-172.dat	UPX
behavioral2/memory/1652-165-0x00007FF73D180000-0x00007FF73D4D1000-memory.dmp	UPX
behavioral2/memory/2780-163-0x00007FF657850000-0x00007FF657BA1000-memory.dmp	UPX
behavioral2/files/0x0007000000023428-167.dat	UPX
behavioral2/memory/4184-146-0x00007FF6B42E0000-0x00007FF6B4631000-memory.dmp	UPX
behavioral2/files/0x0007000000023425-138.dat	UPX
behavioral2/files/0x0007000000023424-137.dat	UPX
behavioral2/files/0x0007000000023423-133.dat	UPX
behavioral2/files/0x000900000002340a-123.dat	UPX
behavioral2/files/0x0007000000023413-33.dat	UPX
behavioral2/memory/2072-19-0x00007FF610350000-0x00007FF6106A1000-memory.dmp	UPX
behavioral2/memory/1312-2215-0x00007FF6FE150000-0x00007FF6FE4A1000-memory.dmp	UPX

XMRig Miner payload 60 IoCs

miner

resource	yara_rule
behavioral2/memory/3224-110-0x00007FF7A8810000-0x00007FF7A8B61000-memory.dmp	xmrig
behavioral2/memory/1956-109-0x00007FF6D46E0000-0x00007FF6D4A31000-memory.dmp	xmrig
behavioral2/memory/4668-108-0x00007FF64A470000-0x00007FF64A7C1000-memory.dmp	xmrig
behavioral2/memory/3652-107-0x00007FF6C97D0000-0x00007FF6C9B21000-memory.dmp	xmrig
behavioral2/memory/3748-106-0x00007FF793B70000-0x00007FF793EC1000-memory.dmp	xmrig
behavioral2/memory/896-103-0x00007FF69CFF0000-0x00007FF69D341000-memory.dmp	xmrig
behavioral2/memory/2220-102-0x00007FF6032A0000-0x00007FF6035F1000-memory.dmp	xmrig
behavioral2/memory/456-101-0x00007FF7F4A20000-0x00007FF7F4D71000-memory.dmp	xmrig
behavioral2/memory/3088-95-0x00007FF6DCD40000-0x00007FF6DD091000-memory.dmp	xmrig
behavioral2/memory/1400-94-0x00007FF645E40000-0x00007FF646191000-memory.dmp	xmrig
behavioral2/memory/812-80-0x00007FF626920000-0x00007FF626C71000-memory.dmp	xmrig
behavioral2/memory/2632-61-0x00007FF71BF70000-0x00007FF71C2C1000-memory.dmp	xmrig
behavioral2/memory/1660-43-0x00007FF68E230000-0x00007FF68E581000-memory.dmp	xmrig
behavioral2/memory/548-135-0x00007FF6C5CE0000-0x00007FF6C6031000-memory.dmp	xmrig
behavioral2/memory/1548-154-0x00007FF7DEF50000-0x00007FF7DF2A1000-memory.dmp	xmrig
behavioral2/memory/4944-192-0x00007FF7869D0000-0x00007FF786D21000-memory.dmp	xmrig
behavioral2/memory/3156-194-0x00007FF6D1F10000-0x00007FF6D2261000-memory.dmp	xmrig
behavioral2/memory/4444-193-0x00007FF7037B0000-0x00007FF703B01000-memory.dmp	xmrig
behavioral2/memory/3172-187-0x00007FF763A70000-0x00007FF763DC1000-memory.dmp	xmrig
behavioral2/memory/3424-180-0x00007FF735B20000-0x00007FF735E71000-memory.dmp	xmrig
behavioral2/memory/1652-165-0x00007FF73D180000-0x00007FF73D4D1000-memory.dmp	xmrig
behavioral2/memory/2780-163-0x00007FF657850000-0x00007FF657BA1000-memory.dmp	xmrig
behavioral2/memory/4184-146-0x00007FF6B42E0000-0x00007FF6B4631000-memory.dmp	xmrig
behavioral2/memory/1312-2215-0x00007FF6FE150000-0x00007FF6FE4A1000-memory.dmp	xmrig
behavioral2/memory/2072-2216-0x00007FF610350000-0x00007FF6106A1000-memory.dmp	xmrig
behavioral2/memory/1660-2217-0x00007FF68E230000-0x00007FF68E581000-memory.dmp	xmrig
behavioral2/memory/3928-2218-0x00007FF6FC430000-0x00007FF6FC781000-memory.dmp	xmrig
behavioral2/memory/4532-2219-0x00007FF696850000-0x00007FF696BA1000-memory.dmp	xmrig
behavioral2/memory/4996-2240-0x00007FF7A39F0000-0x00007FF7A3D41000-memory.dmp	xmrig
behavioral2/memory/3672-2253-0x00007FF70A440000-0x00007FF70A791000-memory.dmp	xmrig
behavioral2/memory/3424-2254-0x00007FF735B20000-0x00007FF735E71000-memory.dmp	xmrig
behavioral2/memory/2072-2281-0x00007FF610350000-0x00007FF6106A1000-memory.dmp	xmrig
behavioral2/memory/896-2280-0x00007FF69CFF0000-0x00007FF69D341000-memory.dmp	xmrig
behavioral2/memory/1584-2283-0x00007FF7AFE60000-0x00007FF7B01B1000-memory.dmp	xmrig
behavioral2/memory/2632-2285-0x00007FF71BF70000-0x00007FF71C2C1000-memory.dmp	xmrig
behavioral2/memory/1660-2289-0x00007FF68E230000-0x00007FF68E581000-memory.dmp	xmrig
behavioral2/memory/3748-2287-0x00007FF793B70000-0x00007FF793EC1000-memory.dmp	xmrig
behavioral2/memory/4532-2295-0x00007FF696850000-0x00007FF696BA1000-memory.dmp	xmrig
behavioral2/memory/812-2299-0x00007FF626920000-0x00007FF626C71000-memory.dmp	xmrig
behavioral2/memory/1400-2301-0x00007FF645E40000-0x00007FF646191000-memory.dmp	xmrig
behavioral2/memory/4668-2297-0x00007FF64A470000-0x00007FF64A7C1000-memory.dmp	xmrig
behavioral2/memory/3088-2294-0x00007FF6DCD40000-0x00007FF6DD091000-memory.dmp	xmrig
behavioral2/memory/3928-2292-0x00007FF6FC430000-0x00007FF6FC781000-memory.dmp	xmrig
behavioral2/memory/3224-2313-0x00007FF7A8810000-0x00007FF7A8B61000-memory.dmp	xmrig
behavioral2/memory/3652-2312-0x00007FF6C97D0000-0x00007FF6C9B21000-memory.dmp	xmrig
behavioral2/memory/456-2311-0x00007FF7F4A20000-0x00007FF7F4D71000-memory.dmp	xmrig
behavioral2/memory/1956-2310-0x00007FF6D46E0000-0x00007FF6D4A31000-memory.dmp	xmrig
behavioral2/memory/2220-2309-0x00007FF6032A0000-0x00007FF6035F1000-memory.dmp	xmrig
behavioral2/memory/4996-2308-0x00007FF7A39F0000-0x00007FF7A3D41000-memory.dmp	xmrig
behavioral2/memory/548-2315-0x00007FF6C5CE0000-0x00007FF6C6031000-memory.dmp	xmrig
behavioral2/memory/4184-2317-0x00007FF6B42E0000-0x00007FF6B4631000-memory.dmp	xmrig
behavioral2/memory/3172-2320-0x00007FF763A70000-0x00007FF763DC1000-memory.dmp	xmrig
behavioral2/memory/1548-2323-0x00007FF7DEF50000-0x00007FF7DF2A1000-memory.dmp	xmrig
behavioral2/memory/4944-2327-0x00007FF7869D0000-0x00007FF786D21000-memory.dmp	xmrig
behavioral2/memory/3156-2329-0x00007FF6D1F10000-0x00007FF6D2261000-memory.dmp	xmrig
behavioral2/memory/1652-2326-0x00007FF73D180000-0x00007FF73D4D1000-memory.dmp	xmrig
behavioral2/memory/2780-2321-0x00007FF657850000-0x00007FF657BA1000-memory.dmp	xmrig
behavioral2/memory/4444-2337-0x00007FF7037B0000-0x00007FF703B01000-memory.dmp	xmrig
behavioral2/memory/3424-2342-0x00007FF735B20000-0x00007FF735E71000-memory.dmp	xmrig
behavioral2/memory/3672-2335-0x00007FF70A440000-0x00007FF70A791000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1584	lzRMiqI.exe
2072	yFqxgAA.exe
896	MkfQunz.exe
1660	COEHjpC.exe
3748	dAPRDoi.exe
3928	BgFwwQV.exe
2632	UuzAqjk.exe
4532	qqwuGKS.exe
812	AlmLTVW.exe
4996	GcdixwN.exe
3652	jygamNe.exe
1400	sazonet.exe
4668	qRoCoWX.exe
3088	OsFgJjK.exe
456	MhtDHef.exe
2220	LkoeLTr.exe
1956	qAqkOlp.exe
3224	bDtrSCn.exe
548	ijMwtsB.exe
4184	CNybirJ.exe
3172	zZDLHBG.exe
1548	OvhsVxZ.exe
2780	mFeWAaF.exe
1652	DrdQGjm.exe
4944	obTurBK.exe
4444	IDZiUIG.exe
3672	jQeOsQU.exe
3424	oQYtBII.exe
3156	KPlibJm.exe
1008	mEMtroy.exe
3112	yIbQnUX.exe
4004	gGpZUWg.exe
2744	aAncOrp.exe
5080	tVGaieB.exe
4964	BrZaxqE.exe
3456	wyvlbbu.exe
4916	PgorBGU.exe
1512	qXArSsd.exe
3392	ktbjguL.exe
2344	sdArGEo.exe
2852	hitnJVI.exe
3512	drVhMPS.exe
3776	SibgXxd.exe
4304	qYzjWxy.exe
4308	Qhevvzd.exe
4760	wnmPnOI.exe
2856	sdIoJBy.exe
2912	eOClpLN.exe
3400	AvPKhRS.exe
4248	biLCzJc.exe
3876	RFwnkwz.exe
3132	OPawGZi.exe
4148	yHdKkZB.exe
752	JMbFjMY.exe
4496	ZinXwUn.exe
2264	sNQxcNb.exe
2008	GAaDsuQ.exe
4240	jfhMspH.exe
2776	plqoHfU.exe
2580	gOQAcNh.exe
3668	slzQTqD.exe
1588	DkGOaWu.exe
3564	POiLwyJ.exe
3180	zaIopqf.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1312-0-0x00007FF6FE150000-0x00007FF6FE4A1000-memory.dmp	upx
behavioral2/files/0x0009000000023403-5.dat	upx
behavioral2/files/0x0007000000023412-7.dat	upx
behavioral2/memory/1584-11-0x00007FF7AFE60000-0x00007FF7B01B1000-memory.dmp	upx
behavioral2/files/0x0007000000023411-23.dat	upx
behavioral2/files/0x0007000000023418-39.dat	upx
behavioral2/files/0x0007000000023416-45.dat	upx
behavioral2/files/0x0007000000023419-44.dat	upx
behavioral2/memory/3928-60-0x00007FF6FC430000-0x00007FF6FC781000-memory.dmp	upx
behavioral2/files/0x000700000002341d-67.dat	upx
behavioral2/files/0x000700000002341b-81.dat	upx
behavioral2/files/0x000700000002341e-92.dat	upx
behavioral2/files/0x000700000002341f-99.dat	upx
behavioral2/files/0x0007000000023421-104.dat	upx
behavioral2/memory/3224-110-0x00007FF7A8810000-0x00007FF7A8B61000-memory.dmp	upx
behavioral2/memory/1956-109-0x00007FF6D46E0000-0x00007FF6D4A31000-memory.dmp	upx
behavioral2/memory/4668-108-0x00007FF64A470000-0x00007FF64A7C1000-memory.dmp	upx
behavioral2/memory/3652-107-0x00007FF6C97D0000-0x00007FF6C9B21000-memory.dmp	upx
behavioral2/memory/3748-106-0x00007FF793B70000-0x00007FF793EC1000-memory.dmp	upx
behavioral2/memory/896-103-0x00007FF69CFF0000-0x00007FF69D341000-memory.dmp	upx
behavioral2/memory/2220-102-0x00007FF6032A0000-0x00007FF6035F1000-memory.dmp	upx
behavioral2/memory/456-101-0x00007FF7F4A20000-0x00007FF7F4D71000-memory.dmp	upx
behavioral2/files/0x0007000000023420-96.dat	upx
behavioral2/memory/3088-95-0x00007FF6DCD40000-0x00007FF6DD091000-memory.dmp	upx
behavioral2/memory/1400-94-0x00007FF645E40000-0x00007FF646191000-memory.dmp	upx
behavioral2/files/0x000700000002341a-88.dat	upx
behavioral2/memory/4996-87-0x00007FF7A39F0000-0x00007FF7A3D41000-memory.dmp	upx
behavioral2/memory/812-80-0x00007FF626920000-0x00007FF626C71000-memory.dmp	upx
behavioral2/memory/4532-75-0x00007FF696850000-0x00007FF696BA1000-memory.dmp	upx
behavioral2/files/0x000700000002341c-64.dat	upx
behavioral2/files/0x0007000000023417-63.dat	upx
behavioral2/memory/2632-61-0x00007FF71BF70000-0x00007FF71C2C1000-memory.dmp	upx
behavioral2/files/0x0007000000023415-54.dat	upx
behavioral2/memory/1660-43-0x00007FF68E230000-0x00007FF68E581000-memory.dmp	upx
behavioral2/files/0x0007000000023414-42.dat	upx
behavioral2/files/0x0007000000023422-114.dat	upx
behavioral2/files/0x0007000000023426-132.dat	upx
behavioral2/memory/548-135-0x00007FF6C5CE0000-0x00007FF6C6031000-memory.dmp	upx
behavioral2/files/0x0007000000023427-144.dat	upx
behavioral2/memory/1548-154-0x00007FF7DEF50000-0x00007FF7DF2A1000-memory.dmp	upx
behavioral2/files/0x000700000002342b-162.dat	upx
behavioral2/files/0x0007000000023429-170.dat	upx
behavioral2/files/0x000700000002342d-177.dat	upx
behavioral2/memory/4944-192-0x00007FF7869D0000-0x00007FF786D21000-memory.dmp	upx
behavioral2/memory/3156-194-0x00007FF6D1F10000-0x00007FF6D2261000-memory.dmp	upx
behavioral2/memory/4444-193-0x00007FF7037B0000-0x00007FF703B01000-memory.dmp	upx
behavioral2/files/0x000700000002342f-189.dat	upx
behavioral2/files/0x000700000002342e-188.dat	upx
behavioral2/memory/3172-187-0x00007FF763A70000-0x00007FF763DC1000-memory.dmp	upx
behavioral2/files/0x000700000002342c-181.dat	upx
behavioral2/memory/3424-180-0x00007FF735B20000-0x00007FF735E71000-memory.dmp	upx
behavioral2/memory/3672-174-0x00007FF70A440000-0x00007FF70A791000-memory.dmp	upx
behavioral2/files/0x000700000002342a-172.dat	upx
behavioral2/memory/1652-165-0x00007FF73D180000-0x00007FF73D4D1000-memory.dmp	upx
behavioral2/memory/2780-163-0x00007FF657850000-0x00007FF657BA1000-memory.dmp	upx
behavioral2/files/0x0007000000023428-167.dat	upx
behavioral2/memory/4184-146-0x00007FF6B42E0000-0x00007FF6B4631000-memory.dmp	upx
behavioral2/files/0x0007000000023425-138.dat	upx
behavioral2/files/0x0007000000023424-137.dat	upx
behavioral2/files/0x0007000000023423-133.dat	upx
behavioral2/files/0x000900000002340a-123.dat	upx
behavioral2/files/0x0007000000023413-33.dat	upx
behavioral2/memory/2072-19-0x00007FF610350000-0x00007FF6106A1000-memory.dmp	upx
behavioral2/memory/1312-2215-0x00007FF6FE150000-0x00007FF6FE4A1000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\eOClpLN.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\DkGOaWu.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\aOsrSrP.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\CRTJmro.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\WUsiIYY.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\zQlQKZV.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\oSfQhqg.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\MEryzRE.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\PhZEITQ.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\RiMbVFu.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\dQaTsHF.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\fEKcgQa.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\YZPEkMP.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\BawSmov.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\VkQakTW.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\LNxneXq.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\tkgVXwA.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\JnIDVPA.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\aXbVLgW.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\rgOEnnP.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\iOzdNuU.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\QSAtybe.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\aAncOrp.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\qofkIAW.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\GVDVayA.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\sVMPKIt.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\hyPPtqa.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\OPgBOUv.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\msReTea.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\npbhwdu.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\wXKVgQj.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\KhMzeOd.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\pXlRKuZ.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\hyhJEjt.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\uOFjFJk.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\lNgGjZj.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\PvpxQTB.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\RUYbZWw.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\vctfuJo.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\zLEcrGY.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\NdaiUSy.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\XjrbueB.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\YrpDRVh.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\DBnysgx.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\CMWNpea.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\VnObqHP.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\sKLMaBm.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\choYrmq.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\vBkrBZW.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\yDtRrBf.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\GPylxis.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\xcVOIex.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\nRcpGHd.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\obTurBK.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\xVuxKQS.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\OOmXLMx.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\cXUuWnR.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\QUGSGUm.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\ZlzYryY.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\yWKVfbw.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\PGFtdza.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\LnEaQyN.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\GHsbGSd.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
File created	C:\Windows\System\QrWbNPC.exe	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1312 wrote to memory of 1584	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	84
PID 1312 wrote to memory of 1584	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	84
PID 1312 wrote to memory of 896	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	85
PID 1312 wrote to memory of 896	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	85
PID 1312 wrote to memory of 2072	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	86
PID 1312 wrote to memory of 2072	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	86
PID 1312 wrote to memory of 1660	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	87
PID 1312 wrote to memory of 1660	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	87
PID 1312 wrote to memory of 3748	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	88
PID 1312 wrote to memory of 3748	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	88
PID 1312 wrote to memory of 3928	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	89
PID 1312 wrote to memory of 3928	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	89
PID 1312 wrote to memory of 2632	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	90
PID 1312 wrote to memory of 2632	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	90
PID 1312 wrote to memory of 4532	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	91
PID 1312 wrote to memory of 4532	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	91
PID 1312 wrote to memory of 812	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	92
PID 1312 wrote to memory of 812	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	92
PID 1312 wrote to memory of 4996	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	93
PID 1312 wrote to memory of 4996	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	93
PID 1312 wrote to memory of 3652	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	94
PID 1312 wrote to memory of 3652	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	94
PID 1312 wrote to memory of 1400	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	95
PID 1312 wrote to memory of 1400	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	95
PID 1312 wrote to memory of 4668	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	96
PID 1312 wrote to memory of 4668	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	96
PID 1312 wrote to memory of 3088	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	97
PID 1312 wrote to memory of 3088	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	97
PID 1312 wrote to memory of 456	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	98
PID 1312 wrote to memory of 456	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	98
PID 1312 wrote to memory of 2220	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	99
PID 1312 wrote to memory of 2220	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	99
PID 1312 wrote to memory of 1956	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	100
PID 1312 wrote to memory of 1956	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	100
PID 1312 wrote to memory of 3224	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	101
PID 1312 wrote to memory of 3224	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	101
PID 1312 wrote to memory of 548	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	102
PID 1312 wrote to memory of 548	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	102
PID 1312 wrote to memory of 4184	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	103
PID 1312 wrote to memory of 4184	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	103
PID 1312 wrote to memory of 3172	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	104
PID 1312 wrote to memory of 3172	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	104
PID 1312 wrote to memory of 1548	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	105
PID 1312 wrote to memory of 1548	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	105
PID 1312 wrote to memory of 2780	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	106
PID 1312 wrote to memory of 2780	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	106
PID 1312 wrote to memory of 1652	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	107
PID 1312 wrote to memory of 1652	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	107
PID 1312 wrote to memory of 4944	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	108
PID 1312 wrote to memory of 4944	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	108
PID 1312 wrote to memory of 4444	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	109
PID 1312 wrote to memory of 4444	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	109
PID 1312 wrote to memory of 3672	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	110
PID 1312 wrote to memory of 3672	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	110
PID 1312 wrote to memory of 3424	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	111
PID 1312 wrote to memory of 3424	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	111
PID 1312 wrote to memory of 3156	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	112
PID 1312 wrote to memory of 3156	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	112
PID 1312 wrote to memory of 1008	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	113
PID 1312 wrote to memory of 1008	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	113
PID 1312 wrote to memory of 3112	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	114
PID 1312 wrote to memory of 3112	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	114
PID 1312 wrote to memory of 4004	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	115
PID 1312 wrote to memory of 4004	1312	00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe	115

C:\Users\Admin\AppData\Local\Temp\00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe
"C:\Users\Admin\AppData\Local\Temp\00efa8e87d4009adce845625b49d932d0b479553082c1a330d6ba1f95509eab0.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1312
- C:\Windows\System\lzRMiqI.exe
  C:\Windows\System\lzRMiqI.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\MkfQunz.exe
  C:\Windows\System\MkfQunz.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\yFqxgAA.exe
  C:\Windows\System\yFqxgAA.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\COEHjpC.exe
  C:\Windows\System\COEHjpC.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\dAPRDoi.exe
  C:\Windows\System\dAPRDoi.exe
  2⤵
  - Executes dropped EXE
  PID:3748
- C:\Windows\System\BgFwwQV.exe
  C:\Windows\System\BgFwwQV.exe
  2⤵
  - Executes dropped EXE
  PID:3928
- C:\Windows\System\UuzAqjk.exe
  C:\Windows\System\UuzAqjk.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\qqwuGKS.exe
  C:\Windows\System\qqwuGKS.exe
  2⤵
  - Executes dropped EXE
  PID:4532
- C:\Windows\System\AlmLTVW.exe
  C:\Windows\System\AlmLTVW.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\GcdixwN.exe
  C:\Windows\System\GcdixwN.exe
  2⤵
  - Executes dropped EXE
  PID:4996
- C:\Windows\System\jygamNe.exe
  C:\Windows\System\jygamNe.exe
  2⤵
  - Executes dropped EXE
  PID:3652
- C:\Windows\System\sazonet.exe
  C:\Windows\System\sazonet.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\qRoCoWX.exe
  C:\Windows\System\qRoCoWX.exe
  2⤵
  - Executes dropped EXE
  PID:4668
- C:\Windows\System\OsFgJjK.exe
  C:\Windows\System\OsFgJjK.exe
  2⤵
  - Executes dropped EXE
  PID:3088
- C:\Windows\System\MhtDHef.exe
  C:\Windows\System\MhtDHef.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System\LkoeLTr.exe
  C:\Windows\System\LkoeLTr.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\qAqkOlp.exe
  C:\Windows\System\qAqkOlp.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\bDtrSCn.exe
  C:\Windows\System\bDtrSCn.exe
  2⤵
  - Executes dropped EXE
  PID:3224
- C:\Windows\System\ijMwtsB.exe
  C:\Windows\System\ijMwtsB.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\CNybirJ.exe
  C:\Windows\System\CNybirJ.exe
  2⤵
  - Executes dropped EXE
  PID:4184
- C:\Windows\System\zZDLHBG.exe
  C:\Windows\System\zZDLHBG.exe
  2⤵
  - Executes dropped EXE
  PID:3172
- C:\Windows\System\OvhsVxZ.exe
  C:\Windows\System\OvhsVxZ.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\mFeWAaF.exe
  C:\Windows\System\mFeWAaF.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\DrdQGjm.exe
  C:\Windows\System\DrdQGjm.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\obTurBK.exe
  C:\Windows\System\obTurBK.exe
  2⤵
  - Executes dropped EXE
  PID:4944
- C:\Windows\System\IDZiUIG.exe
  C:\Windows\System\IDZiUIG.exe
  2⤵
  - Executes dropped EXE
  PID:4444
- C:\Windows\System\jQeOsQU.exe
  C:\Windows\System\jQeOsQU.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\oQYtBII.exe
  C:\Windows\System\oQYtBII.exe
  2⤵
  - Executes dropped EXE
  PID:3424
- C:\Windows\System\KPlibJm.exe
  C:\Windows\System\KPlibJm.exe
  2⤵
  - Executes dropped EXE
  PID:3156
- C:\Windows\System\mEMtroy.exe
  C:\Windows\System\mEMtroy.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\yIbQnUX.exe
  C:\Windows\System\yIbQnUX.exe
  2⤵
  - Executes dropped EXE
  PID:3112
- C:\Windows\System\gGpZUWg.exe
  C:\Windows\System\gGpZUWg.exe
  2⤵
  - Executes dropped EXE
  PID:4004
- C:\Windows\System\aAncOrp.exe
  C:\Windows\System\aAncOrp.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\tVGaieB.exe
  C:\Windows\System\tVGaieB.exe
  2⤵
  - Executes dropped EXE
  PID:5080
- C:\Windows\System\BrZaxqE.exe
  C:\Windows\System\BrZaxqE.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\wyvlbbu.exe
  C:\Windows\System\wyvlbbu.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System\PgorBGU.exe
  C:\Windows\System\PgorBGU.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\qXArSsd.exe
  C:\Windows\System\qXArSsd.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\ktbjguL.exe
  C:\Windows\System\ktbjguL.exe
  2⤵
  - Executes dropped EXE
  PID:3392
- C:\Windows\System\sdArGEo.exe
  C:\Windows\System\sdArGEo.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\hitnJVI.exe
  C:\Windows\System\hitnJVI.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\drVhMPS.exe
  C:\Windows\System\drVhMPS.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\SibgXxd.exe
  C:\Windows\System\SibgXxd.exe
  2⤵
  - Executes dropped EXE
  PID:3776
- C:\Windows\System\qYzjWxy.exe
  C:\Windows\System\qYzjWxy.exe
  2⤵
  - Executes dropped EXE
  PID:4304
- C:\Windows\System\Qhevvzd.exe
  C:\Windows\System\Qhevvzd.exe
  2⤵
  - Executes dropped EXE
  PID:4308
- C:\Windows\System\wnmPnOI.exe
  C:\Windows\System\wnmPnOI.exe
  2⤵
  - Executes dropped EXE
  PID:4760
- C:\Windows\System\sdIoJBy.exe
  C:\Windows\System\sdIoJBy.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\eOClpLN.exe
  C:\Windows\System\eOClpLN.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\AvPKhRS.exe
  C:\Windows\System\AvPKhRS.exe
  2⤵
  - Executes dropped EXE
  PID:3400
- C:\Windows\System\biLCzJc.exe
  C:\Windows\System\biLCzJc.exe
  2⤵
  - Executes dropped EXE
  PID:4248
- C:\Windows\System\RFwnkwz.exe
  C:\Windows\System\RFwnkwz.exe
  2⤵
  - Executes dropped EXE
  PID:3876
- C:\Windows\System\OPawGZi.exe
  C:\Windows\System\OPawGZi.exe
  2⤵
  - Executes dropped EXE
  PID:3132
- C:\Windows\System\yHdKkZB.exe
  C:\Windows\System\yHdKkZB.exe
  2⤵
  - Executes dropped EXE
  PID:4148
- C:\Windows\System\JMbFjMY.exe
  C:\Windows\System\JMbFjMY.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\ZinXwUn.exe
  C:\Windows\System\ZinXwUn.exe
  2⤵
  - Executes dropped EXE
  PID:4496
- C:\Windows\System\sNQxcNb.exe
  C:\Windows\System\sNQxcNb.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\GAaDsuQ.exe
  C:\Windows\System\GAaDsuQ.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\jfhMspH.exe
  C:\Windows\System\jfhMspH.exe
  2⤵
  - Executes dropped EXE
  PID:4240
- C:\Windows\System\plqoHfU.exe
  C:\Windows\System\plqoHfU.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\gOQAcNh.exe
  C:\Windows\System\gOQAcNh.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\slzQTqD.exe
  C:\Windows\System\slzQTqD.exe
  2⤵
  - Executes dropped EXE
  PID:3668
- C:\Windows\System\DkGOaWu.exe
  C:\Windows\System\DkGOaWu.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\POiLwyJ.exe
  C:\Windows\System\POiLwyJ.exe
  2⤵
  - Executes dropped EXE
  PID:3564
- C:\Windows\System\zaIopqf.exe
  C:\Windows\System\zaIopqf.exe
  2⤵
  - Executes dropped EXE
  PID:3180
- C:\Windows\System\HBczVPy.exe
  C:\Windows\System\HBczVPy.exe
  2⤵
  PID:2712
- C:\Windows\System\mARrWrv.exe
  C:\Windows\System\mARrWrv.exe
  2⤵
  PID:4872
- C:\Windows\System\vBkrBZW.exe
  C:\Windows\System\vBkrBZW.exe
  2⤵
  PID:4952
- C:\Windows\System\RBrzuIT.exe
  C:\Windows\System\RBrzuIT.exe
  2⤵
  PID:4728
- C:\Windows\System\AikLhzy.exe
  C:\Windows\System\AikLhzy.exe
  2⤵
  PID:2272
- C:\Windows\System\iveKYrp.exe
  C:\Windows\System\iveKYrp.exe
  2⤵
  PID:4740
- C:\Windows\System\MeKwYia.exe
  C:\Windows\System\MeKwYia.exe
  2⤵
  PID:5024
- C:\Windows\System\vtickRs.exe
  C:\Windows\System\vtickRs.exe
  2⤵
  PID:1452
- C:\Windows\System\tkgVXwA.exe
  C:\Windows\System\tkgVXwA.exe
  2⤵
  PID:1488
- C:\Windows\System\YZOHokk.exe
  C:\Windows\System\YZOHokk.exe
  2⤵
  PID:1424
- C:\Windows\System\rPXRoZF.exe
  C:\Windows\System\rPXRoZF.exe
  2⤵
  PID:2612
- C:\Windows\System\SRilAqX.exe
  C:\Windows\System\SRilAqX.exe
  2⤵
  PID:2868
- C:\Windows\System\NXFzNZD.exe
  C:\Windows\System\NXFzNZD.exe
  2⤵
  PID:920
- C:\Windows\System\JnIDVPA.exe
  C:\Windows\System\JnIDVPA.exe
  2⤵
  PID:4716
- C:\Windows\System\xDZLgBT.exe
  C:\Windows\System\xDZLgBT.exe
  2⤵
  PID:540
- C:\Windows\System\JjZjLdI.exe
  C:\Windows\System\JjZjLdI.exe
  2⤵
  PID:3576
- C:\Windows\System\UsaduSB.exe
  C:\Windows\System\UsaduSB.exe
  2⤵
  PID:2756
- C:\Windows\System\cScCeIk.exe
  C:\Windows\System\cScCeIk.exe
  2⤵
  PID:4820
- C:\Windows\System\psuYdKr.exe
  C:\Windows\System\psuYdKr.exe
  2⤵
  PID:4732
- C:\Windows\System\mAHaDAJ.exe
  C:\Windows\System\mAHaDAJ.exe
  2⤵
  PID:1932
- C:\Windows\System\pFwQBUa.exe
  C:\Windows\System\pFwQBUa.exe
  2⤵
  PID:116
- C:\Windows\System\QrWbNPC.exe
  C:\Windows\System\QrWbNPC.exe
  2⤵
  PID:4788
- C:\Windows\System\PfGFnCx.exe
  C:\Windows\System\PfGFnCx.exe
  2⤵
  PID:4380
- C:\Windows\System\NCQJhcR.exe
  C:\Windows\System\NCQJhcR.exe
  2⤵
  PID:1464
- C:\Windows\System\xgbSUEG.exe
  C:\Windows\System\xgbSUEG.exe
  2⤵
  PID:436
- C:\Windows\System\PhZEITQ.exe
  C:\Windows\System\PhZEITQ.exe
  2⤵
  PID:3844
- C:\Windows\System\MaDqjrm.exe
  C:\Windows\System\MaDqjrm.exe
  2⤵
  PID:4852
- C:\Windows\System\LRJNztI.exe
  C:\Windows\System\LRJNztI.exe
  2⤵
  PID:4420
- C:\Windows\System\SAMXpXQ.exe
  C:\Windows\System\SAMXpXQ.exe
  2⤵
  PID:4804
- C:\Windows\System\aYMWAJv.exe
  C:\Windows\System\aYMWAJv.exe
  2⤵
  PID:1960
- C:\Windows\System\eYseEOb.exe
  C:\Windows\System\eYseEOb.exe
  2⤵
  PID:3116
- C:\Windows\System\NDyQsKZ.exe
  C:\Windows\System\NDyQsKZ.exe
  2⤵
  PID:3404
- C:\Windows\System\SDJIUOs.exe
  C:\Windows\System\SDJIUOs.exe
  2⤵
  PID:2020
- C:\Windows\System\RiMbVFu.exe
  C:\Windows\System\RiMbVFu.exe
  2⤵
  PID:3360
- C:\Windows\System\doguVls.exe
  C:\Windows\System\doguVls.exe
  2⤵
  PID:5156
- C:\Windows\System\oFWpAXQ.exe
  C:\Windows\System\oFWpAXQ.exe
  2⤵
  PID:5196
- C:\Windows\System\CJEQgML.exe
  C:\Windows\System\CJEQgML.exe
  2⤵
  PID:5220
- C:\Windows\System\dWElcsS.exe
  C:\Windows\System\dWElcsS.exe
  2⤵
  PID:5240
- C:\Windows\System\LHApqAQ.exe
  C:\Windows\System\LHApqAQ.exe
  2⤵
  PID:5260
- C:\Windows\System\USXeXQr.exe
  C:\Windows\System\USXeXQr.exe
  2⤵
  PID:5308
- C:\Windows\System\xPVcifN.exe
  C:\Windows\System\xPVcifN.exe
  2⤵
  PID:5328
- C:\Windows\System\XXwtIiZ.exe
  C:\Windows\System\XXwtIiZ.exe
  2⤵
  PID:5348
- C:\Windows\System\aqJnuZM.exe
  C:\Windows\System\aqJnuZM.exe
  2⤵
  PID:5400
- C:\Windows\System\EBMTcQv.exe
  C:\Windows\System\EBMTcQv.exe
  2⤵
  PID:5416
- C:\Windows\System\qkMqgdW.exe
  C:\Windows\System\qkMqgdW.exe
  2⤵
  PID:5436
- C:\Windows\System\aXbVLgW.exe
  C:\Windows\System\aXbVLgW.exe
  2⤵
  PID:5460
- C:\Windows\System\mEcdkpq.exe
  C:\Windows\System\mEcdkpq.exe
  2⤵
  PID:5480
- C:\Windows\System\AsqtPau.exe
  C:\Windows\System\AsqtPau.exe
  2⤵
  PID:5508
- C:\Windows\System\raGnzXb.exe
  C:\Windows\System\raGnzXb.exe
  2⤵
  PID:5548
- C:\Windows\System\rLbnvuf.exe
  C:\Windows\System\rLbnvuf.exe
  2⤵
  PID:5572
- C:\Windows\System\rgOEnnP.exe
  C:\Windows\System\rgOEnnP.exe
  2⤵
  PID:5588
- C:\Windows\System\YibvdvD.exe
  C:\Windows\System\YibvdvD.exe
  2⤵
  PID:5608
- C:\Windows\System\MLJizVh.exe
  C:\Windows\System\MLJizVh.exe
  2⤵
  PID:5632
- C:\Windows\System\HEMEhQG.exe
  C:\Windows\System\HEMEhQG.exe
  2⤵
  PID:5652
- C:\Windows\System\tSmkjba.exe
  C:\Windows\System\tSmkjba.exe
  2⤵
  PID:5700
- C:\Windows\System\oahTdAV.exe
  C:\Windows\System\oahTdAV.exe
  2⤵
  PID:5716
- C:\Windows\System\OPgBOUv.exe
  C:\Windows\System\OPgBOUv.exe
  2⤵
  PID:5744
- C:\Windows\System\qIzRuIx.exe
  C:\Windows\System\qIzRuIx.exe
  2⤵
  PID:5796
- C:\Windows\System\fKqTPau.exe
  C:\Windows\System\fKqTPau.exe
  2⤵
  PID:5844
- C:\Windows\System\bhXKHcU.exe
  C:\Windows\System\bhXKHcU.exe
  2⤵
  PID:5868
- C:\Windows\System\qAzvlyf.exe
  C:\Windows\System\qAzvlyf.exe
  2⤵
  PID:5900
- C:\Windows\System\aPNuzhC.exe
  C:\Windows\System\aPNuzhC.exe
  2⤵
  PID:5924
- C:\Windows\System\pxjdDBW.exe
  C:\Windows\System\pxjdDBW.exe
  2⤵
  PID:5944
- C:\Windows\System\YWcqOqw.exe
  C:\Windows\System\YWcqOqw.exe
  2⤵
  PID:5964
- C:\Windows\System\LsPgifD.exe
  C:\Windows\System\LsPgifD.exe
  2⤵
  PID:5988
- C:\Windows\System\HmISMoW.exe
  C:\Windows\System\HmISMoW.exe
  2⤵
  PID:6008
- C:\Windows\System\lzcwBfA.exe
  C:\Windows\System\lzcwBfA.exe
  2⤵
  PID:6028
- C:\Windows\System\qptkWZR.exe
  C:\Windows\System\qptkWZR.exe
  2⤵
  PID:6072
- C:\Windows\System\jKPLuZZ.exe
  C:\Windows\System\jKPLuZZ.exe
  2⤵
  PID:6132
- C:\Windows\System\muaNgAj.exe
  C:\Windows\System\muaNgAj.exe
  2⤵
  PID:4328
- C:\Windows\System\LusqKTp.exe
  C:\Windows\System\LusqKTp.exe
  2⤵
  PID:4488
- C:\Windows\System\JXmcYnN.exe
  C:\Windows\System\JXmcYnN.exe
  2⤵
  PID:3472
- C:\Windows\System\IuyUhtU.exe
  C:\Windows\System\IuyUhtU.exe
  2⤵
  PID:5184
- C:\Windows\System\rNMDBrD.exe
  C:\Windows\System\rNMDBrD.exe
  2⤵
  PID:5252
- C:\Windows\System\bGArQNg.exe
  C:\Windows\System\bGArQNg.exe
  2⤵
  PID:5320
- C:\Windows\System\sdFcuYe.exe
  C:\Windows\System\sdFcuYe.exe
  2⤵
  PID:5392
- C:\Windows\System\unAYuJK.exe
  C:\Windows\System\unAYuJK.exe
  2⤵
  PID:5372
- C:\Windows\System\blHEJVo.exe
  C:\Windows\System\blHEJVo.exe
  2⤵
  PID:5444
- C:\Windows\System\caEJlFf.exe
  C:\Windows\System\caEJlFf.exe
  2⤵
  PID:5556
- C:\Windows\System\zkUaGIF.exe
  C:\Windows\System\zkUaGIF.exe
  2⤵
  PID:5732
- C:\Windows\System\MHpbqhL.exe
  C:\Windows\System\MHpbqhL.exe
  2⤵
  PID:5788
- C:\Windows\System\eoQclLN.exe
  C:\Windows\System\eoQclLN.exe
  2⤵
  PID:5828
- C:\Windows\System\RMpeHsJ.exe
  C:\Windows\System\RMpeHsJ.exe
  2⤵
  PID:5896
- C:\Windows\System\BmpisKE.exe
  C:\Windows\System\BmpisKE.exe
  2⤵
  PID:6004
- C:\Windows\System\TYnXRQX.exe
  C:\Windows\System\TYnXRQX.exe
  2⤵
  PID:5996
- C:\Windows\System\TznYKEt.exe
  C:\Windows\System\TznYKEt.exe
  2⤵
  PID:6116
- C:\Windows\System\ulKcPfr.exe
  C:\Windows\System\ulKcPfr.exe
  2⤵
  PID:5124
- C:\Windows\System\rkJpOFR.exe
  C:\Windows\System\rkJpOFR.exe
  2⤵
  PID:3124
- C:\Windows\System\ZlzYryY.exe
  C:\Windows\System\ZlzYryY.exe
  2⤵
  PID:5500
- C:\Windows\System\zxdUjRK.exe
  C:\Windows\System\zxdUjRK.exe
  2⤵
  PID:5380
- C:\Windows\System\iOzdNuU.exe
  C:\Windows\System\iOzdNuU.exe
  2⤵
  PID:5540
- C:\Windows\System\xjKpOTG.exe
  C:\Windows\System\xjKpOTG.exe
  2⤵
  PID:5724
- C:\Windows\System\SscQqId.exe
  C:\Windows\System\SscQqId.exe
  2⤵
  PID:5892
- C:\Windows\System\ZQpBVDN.exe
  C:\Windows\System\ZQpBVDN.exe
  2⤵
  PID:3584
- C:\Windows\System\pXlRKuZ.exe
  C:\Windows\System\pXlRKuZ.exe
  2⤵
  PID:4900
- C:\Windows\System\KWRCLqT.exe
  C:\Windows\System\KWRCLqT.exe
  2⤵
  PID:5764
- C:\Windows\System\UhMxjCt.exe
  C:\Windows\System\UhMxjCt.exe
  2⤵
  PID:6048
- C:\Windows\System\hZQniEX.exe
  C:\Windows\System\hZQniEX.exe
  2⤵
  PID:5452
- C:\Windows\System\BwQUQhA.exe
  C:\Windows\System\BwQUQhA.exe
  2⤵
  PID:6052
- C:\Windows\System\TlwOepH.exe
  C:\Windows\System\TlwOepH.exe
  2⤵
  PID:6156
- C:\Windows\System\dgBQiuj.exe
  C:\Windows\System\dgBQiuj.exe
  2⤵
  PID:6188
- C:\Windows\System\CGIkMfk.exe
  C:\Windows\System\CGIkMfk.exe
  2⤵
  PID:6216
- C:\Windows\System\BZglpsK.exe
  C:\Windows\System\BZglpsK.exe
  2⤵
  PID:6252
- C:\Windows\System\Mxrkepa.exe
  C:\Windows\System\Mxrkepa.exe
  2⤵
  PID:6272
- C:\Windows\System\fHIxbjr.exe
  C:\Windows\System\fHIxbjr.exe
  2⤵
  PID:6324
- C:\Windows\System\eaalzmg.exe
  C:\Windows\System\eaalzmg.exe
  2⤵
  PID:6372
- C:\Windows\System\zwVYstv.exe
  C:\Windows\System\zwVYstv.exe
  2⤵
  PID:6392
- C:\Windows\System\pnJcKdp.exe
  C:\Windows\System\pnJcKdp.exe
  2⤵
  PID:6428
- C:\Windows\System\gdkhbno.exe
  C:\Windows\System\gdkhbno.exe
  2⤵
  PID:6448
- C:\Windows\System\zobAQVE.exe
  C:\Windows\System\zobAQVE.exe
  2⤵
  PID:6476
- C:\Windows\System\TmvDYKw.exe
  C:\Windows\System\TmvDYKw.exe
  2⤵
  PID:6500
- C:\Windows\System\yoPYTBe.exe
  C:\Windows\System\yoPYTBe.exe
  2⤵
  PID:6520
- C:\Windows\System\RCaaCjR.exe
  C:\Windows\System\RCaaCjR.exe
  2⤵
  PID:6572
- C:\Windows\System\XisfNPC.exe
  C:\Windows\System\XisfNPC.exe
  2⤵
  PID:6600
- C:\Windows\System\ZNKBBvi.exe
  C:\Windows\System\ZNKBBvi.exe
  2⤵
  PID:6624
- C:\Windows\System\QBkEdya.exe
  C:\Windows\System\QBkEdya.exe
  2⤵
  PID:6644
- C:\Windows\System\qofkIAW.exe
  C:\Windows\System\qofkIAW.exe
  2⤵
  PID:6680
- C:\Windows\System\wwNxYiy.exe
  C:\Windows\System\wwNxYiy.exe
  2⤵
  PID:6700
- C:\Windows\System\EWIGrru.exe
  C:\Windows\System\EWIGrru.exe
  2⤵
  PID:6724
- C:\Windows\System\EMOZmLG.exe
  C:\Windows\System\EMOZmLG.exe
  2⤵
  PID:6764
- C:\Windows\System\VuFlFlg.exe
  C:\Windows\System\VuFlFlg.exe
  2⤵
  PID:6784
- C:\Windows\System\OvfaOaj.exe
  C:\Windows\System\OvfaOaj.exe
  2⤵
  PID:6808
- C:\Windows\System\lNgGjZj.exe
  C:\Windows\System\lNgGjZj.exe
  2⤵
  PID:6828
- C:\Windows\System\YdqmKqR.exe
  C:\Windows\System\YdqmKqR.exe
  2⤵
  PID:6844
- C:\Windows\System\YoLBNGi.exe
  C:\Windows\System\YoLBNGi.exe
  2⤵
  PID:6880
- C:\Windows\System\wJTHaGD.exe
  C:\Windows\System\wJTHaGD.exe
  2⤵
  PID:6904
- C:\Windows\System\lVfpLWR.exe
  C:\Windows\System\lVfpLWR.exe
  2⤵
  PID:6928
- C:\Windows\System\iUSgKWh.exe
  C:\Windows\System\iUSgKWh.exe
  2⤵
  PID:6980
- C:\Windows\System\HLByzkQ.exe
  C:\Windows\System\HLByzkQ.exe
  2⤵
  PID:7000
- C:\Windows\System\yWkzVVl.exe
  C:\Windows\System\yWkzVVl.exe
  2⤵
  PID:7024
- C:\Windows\System\QTBEvcJ.exe
  C:\Windows\System\QTBEvcJ.exe
  2⤵
  PID:7044
- C:\Windows\System\OdbFCwa.exe
  C:\Windows\System\OdbFCwa.exe
  2⤵
  PID:7092
- C:\Windows\System\CoHzxQc.exe
  C:\Windows\System\CoHzxQc.exe
  2⤵
  PID:7116
- C:\Windows\System\xVuxKQS.exe
  C:\Windows\System\xVuxKQS.exe
  2⤵
  PID:7160
- C:\Windows\System\NmqwlaK.exe
  C:\Windows\System\NmqwlaK.exe
  2⤵
  PID:5660
- C:\Windows\System\wvbUDiG.exe
  C:\Windows\System\wvbUDiG.exe
  2⤵
  PID:6212
- C:\Windows\System\qGgAqQJ.exe
  C:\Windows\System\qGgAqQJ.exe
  2⤵
  PID:6248
- C:\Windows\System\iXcDdnW.exe
  C:\Windows\System\iXcDdnW.exe
  2⤵
  PID:6344
- C:\Windows\System\wsWwbJy.exe
  C:\Windows\System\wsWwbJy.exe
  2⤵
  PID:6316
- C:\Windows\System\kEgzgcc.exe
  C:\Windows\System\kEgzgcc.exe
  2⤵
  PID:6492
- C:\Windows\System\utYQMVq.exe
  C:\Windows\System\utYQMVq.exe
  2⤵
  PID:6528
- C:\Windows\System\DfZhDRa.exe
  C:\Windows\System\DfZhDRa.exe
  2⤵
  PID:6584
- C:\Windows\System\fwcELoe.exe
  C:\Windows\System\fwcELoe.exe
  2⤵
  PID:6640
- C:\Windows\System\KPExYsd.exe
  C:\Windows\System\KPExYsd.exe
  2⤵
  PID:6740
- C:\Windows\System\nPUuHua.exe
  C:\Windows\System\nPUuHua.exe
  2⤵
  PID:6776
- C:\Windows\System\xseiLOK.exe
  C:\Windows\System\xseiLOK.exe
  2⤵
  PID:6792
- C:\Windows\System\aqqUgBi.exe
  C:\Windows\System\aqqUgBi.exe
  2⤵
  PID:6936
- C:\Windows\System\jRpjTrL.exe
  C:\Windows\System\jRpjTrL.exe
  2⤵
  PID:6960
- C:\Windows\System\VkQakTW.exe
  C:\Windows\System\VkQakTW.exe
  2⤵
  PID:7020
- C:\Windows\System\CHABoDh.exe
  C:\Windows\System\CHABoDh.exe
  2⤵
  PID:6996
- C:\Windows\System\gQaxTjn.exe
  C:\Windows\System\gQaxTjn.exe
  2⤵
  PID:7104
- C:\Windows\System\lfIwhqb.exe
  C:\Windows\System\lfIwhqb.exe
  2⤵
  PID:6196
- C:\Windows\System\EOOeutw.exe
  C:\Windows\System\EOOeutw.exe
  2⤵
  PID:6296
- C:\Windows\System\TLMIBUv.exe
  C:\Windows\System\TLMIBUv.exe
  2⤵
  PID:6484
- C:\Windows\System\UszjlpV.exe
  C:\Windows\System\UszjlpV.exe
  2⤵
  PID:6956
- C:\Windows\System\OkDXGAC.exe
  C:\Windows\System\OkDXGAC.exe
  2⤵
  PID:6920
- C:\Windows\System\fBtzuWC.exe
  C:\Windows\System\fBtzuWC.exe
  2⤵
  PID:7080
- C:\Windows\System\VBwhoTF.exe
  C:\Windows\System\VBwhoTF.exe
  2⤵
  PID:7032
- C:\Windows\System\rmhxghZ.exe
  C:\Windows\System\rmhxghZ.exe
  2⤵
  PID:5488
- C:\Windows\System\oYSwQuM.exe
  C:\Windows\System\oYSwQuM.exe
  2⤵
  PID:6720
- C:\Windows\System\ssivuJQ.exe
  C:\Windows\System\ssivuJQ.exe
  2⤵
  PID:7184
- C:\Windows\System\OCZCvvs.exe
  C:\Windows\System\OCZCvvs.exe
  2⤵
  PID:7200
- C:\Windows\System\Kprmulf.exe
  C:\Windows\System\Kprmulf.exe
  2⤵
  PID:7220
- C:\Windows\System\UxitJdR.exe
  C:\Windows\System\UxitJdR.exe
  2⤵
  PID:7244
- C:\Windows\System\xFszrBV.exe
  C:\Windows\System\xFszrBV.exe
  2⤵
  PID:7264
- C:\Windows\System\mpEpjjc.exe
  C:\Windows\System\mpEpjjc.exe
  2⤵
  PID:7284
- C:\Windows\System\ebQyUKS.exe
  C:\Windows\System\ebQyUKS.exe
  2⤵
  PID:7308
- C:\Windows\System\laJVpax.exe
  C:\Windows\System\laJVpax.exe
  2⤵
  PID:7328
- C:\Windows\System\ANQYpJH.exe
  C:\Windows\System\ANQYpJH.exe
  2⤵
  PID:7352
- C:\Windows\System\izpkMea.exe
  C:\Windows\System\izpkMea.exe
  2⤵
  PID:7372
- C:\Windows\System\IZGZoth.exe
  C:\Windows\System\IZGZoth.exe
  2⤵
  PID:7440
- C:\Windows\System\ExhSlIp.exe
  C:\Windows\System\ExhSlIp.exe
  2⤵
  PID:7468
- C:\Windows\System\koBatQo.exe
  C:\Windows\System\koBatQo.exe
  2⤵
  PID:7524
- C:\Windows\System\bMfghct.exe
  C:\Windows\System\bMfghct.exe
  2⤵
  PID:7544
- C:\Windows\System\GYOXICn.exe
  C:\Windows\System\GYOXICn.exe
  2⤵
  PID:7576
- C:\Windows\System\RueuNwC.exe
  C:\Windows\System\RueuNwC.exe
  2⤵
  PID:7592
- C:\Windows\System\NaRlKtx.exe
  C:\Windows\System\NaRlKtx.exe
  2⤵
  PID:7616
- C:\Windows\System\MjPmGkE.exe
  C:\Windows\System\MjPmGkE.exe
  2⤵
  PID:7652
- C:\Windows\System\UAEYlTB.exe
  C:\Windows\System\UAEYlTB.exe
  2⤵
  PID:7672
- C:\Windows\System\rUlRWwT.exe
  C:\Windows\System\rUlRWwT.exe
  2⤵
  PID:7712
- C:\Windows\System\BUmfNAp.exe
  C:\Windows\System\BUmfNAp.exe
  2⤵
  PID:7732
- C:\Windows\System\cIpTkKf.exe
  C:\Windows\System\cIpTkKf.exe
  2⤵
  PID:7776
- C:\Windows\System\lOyxDeg.exe
  C:\Windows\System\lOyxDeg.exe
  2⤵
  PID:7796
- C:\Windows\System\NdaiUSy.exe
  C:\Windows\System\NdaiUSy.exe
  2⤵
  PID:7812
- C:\Windows\System\jNSegMn.exe
  C:\Windows\System\jNSegMn.exe
  2⤵
  PID:7832
- C:\Windows\System\XtctFJA.exe
  C:\Windows\System\XtctFJA.exe
  2⤵
  PID:7868
- C:\Windows\System\TScfMId.exe
  C:\Windows\System\TScfMId.exe
  2⤵
  PID:7892
- C:\Windows\System\gFgWaJU.exe
  C:\Windows\System\gFgWaJU.exe
  2⤵
  PID:7920
- C:\Windows\System\ojmWwip.exe
  C:\Windows\System\ojmWwip.exe
  2⤵
  PID:7936
- C:\Windows\System\EAtdAWC.exe
  C:\Windows\System\EAtdAWC.exe
  2⤵
  PID:7972
- C:\Windows\System\wQbGgNO.exe
  C:\Windows\System\wQbGgNO.exe
  2⤵
  PID:8016
- C:\Windows\System\gZtpEmi.exe
  C:\Windows\System\gZtpEmi.exe
  2⤵
  PID:8040
- C:\Windows\System\wirlIIE.exe
  C:\Windows\System\wirlIIE.exe
  2⤵
  PID:8056
- C:\Windows\System\NdbQYST.exe
  C:\Windows\System\NdbQYST.exe
  2⤵
  PID:8076
- C:\Windows\System\fCMbkeq.exe
  C:\Windows\System\fCMbkeq.exe
  2⤵
  PID:8100
- C:\Windows\System\ZFAobVI.exe
  C:\Windows\System\ZFAobVI.exe
  2⤵
  PID:8124
- C:\Windows\System\GkhCDyC.exe
  C:\Windows\System\GkhCDyC.exe
  2⤵
  PID:8144
- C:\Windows\System\bBlWMlz.exe
  C:\Windows\System\bBlWMlz.exe
  2⤵
  PID:8188
- C:\Windows\System\ZzwwtQt.exe
  C:\Windows\System\ZzwwtQt.exe
  2⤵
  PID:6516
- C:\Windows\System\HmWWYln.exe
  C:\Windows\System\HmWWYln.exe
  2⤵
  PID:7180
- C:\Windows\System\bdFpdNc.exe
  C:\Windows\System\bdFpdNc.exe
  2⤵
  PID:7368
- C:\Windows\System\yWKVfbw.exe
  C:\Windows\System\yWKVfbw.exe
  2⤵
  PID:7340
- C:\Windows\System\KzycsZY.exe
  C:\Windows\System\KzycsZY.exe
  2⤵
  PID:7404
- C:\Windows\System\CMCIvWD.exe
  C:\Windows\System\CMCIvWD.exe
  2⤵
  PID:7492
- C:\Windows\System\oVyXmxM.exe
  C:\Windows\System\oVyXmxM.exe
  2⤵
  PID:7560
- C:\Windows\System\SSqwMXd.exe
  C:\Windows\System\SSqwMXd.exe
  2⤵
  PID:7584
- C:\Windows\System\LnioKZS.exe
  C:\Windows\System\LnioKZS.exe
  2⤵
  PID:7688
- C:\Windows\System\dQaTsHF.exe
  C:\Windows\System\dQaTsHF.exe
  2⤵
  PID:7772
- C:\Windows\System\wPjrVxn.exe
  C:\Windows\System\wPjrVxn.exe
  2⤵
  PID:7900
- C:\Windows\System\gWWSDBC.exe
  C:\Windows\System\gWWSDBC.exe
  2⤵
  PID:7948
- C:\Windows\System\smZZgXL.exe
  C:\Windows\System\smZZgXL.exe
  2⤵
  PID:8004
- C:\Windows\System\vUSJKJl.exe
  C:\Windows\System\vUSJKJl.exe
  2⤵
  PID:8032
- C:\Windows\System\VTiDiTK.exe
  C:\Windows\System\VTiDiTK.exe
  2⤵
  PID:8172
- C:\Windows\System\DYdDekP.exe
  C:\Windows\System\DYdDekP.exe
  2⤵
  PID:6820
- C:\Windows\System\xCmLIdc.exe
  C:\Windows\System\xCmLIdc.exe
  2⤵
  PID:7216
- C:\Windows\System\opADXPu.exe
  C:\Windows\System\opADXPu.exe
  2⤵
  PID:7888
- C:\Windows\System\lPtWVDN.exe
  C:\Windows\System\lPtWVDN.exe
  2⤵
  PID:7876
- C:\Windows\System\osQYFXs.exe
  C:\Windows\System\osQYFXs.exe
  2⤵
  PID:8048
- C:\Windows\System\fEKcgQa.exe
  C:\Windows\System\fEKcgQa.exe
  2⤵
  PID:8068
- C:\Windows\System\hurzSaf.exe
  C:\Windows\System\hurzSaf.exe
  2⤵
  PID:8116
- C:\Windows\System\BVpuUwn.exe
  C:\Windows\System\BVpuUwn.exe
  2⤵
  PID:7808
- C:\Windows\System\JustbOK.exe
  C:\Windows\System\JustbOK.exe
  2⤵
  PID:7960
- C:\Windows\System\TitPjxr.exe
  C:\Windows\System\TitPjxr.exe
  2⤵
  PID:7964
- C:\Windows\System\TUQELvk.exe
  C:\Windows\System\TUQELvk.exe
  2⤵
  PID:7848
- C:\Windows\System\DrYfGGA.exe
  C:\Windows\System\DrYfGGA.exe
  2⤵
  PID:7564
- C:\Windows\System\rikZFqY.exe
  C:\Windows\System\rikZFqY.exe
  2⤵
  PID:8204
- C:\Windows\System\sVWjKdi.exe
  C:\Windows\System\sVWjKdi.exe
  2⤵
  PID:8224
- C:\Windows\System\YZPEkMP.exe
  C:\Windows\System\YZPEkMP.exe
  2⤵
  PID:8248
- C:\Windows\System\FwVOCEA.exe
  C:\Windows\System\FwVOCEA.exe
  2⤵
  PID:8288
- C:\Windows\System\tgrXTaG.exe
  C:\Windows\System\tgrXTaG.exe
  2⤵
  PID:8308
- C:\Windows\System\VhbEUvD.exe
  C:\Windows\System\VhbEUvD.exe
  2⤵
  PID:8340
- C:\Windows\System\CdVFxfH.exe
  C:\Windows\System\CdVFxfH.exe
  2⤵
  PID:8364
- C:\Windows\System\kancwdF.exe
  C:\Windows\System\kancwdF.exe
  2⤵
  PID:8392
- C:\Windows\System\eSFeYec.exe
  C:\Windows\System\eSFeYec.exe
  2⤵
  PID:8412
- C:\Windows\System\yDtRrBf.exe
  C:\Windows\System\yDtRrBf.exe
  2⤵
  PID:8432
- C:\Windows\System\qXBRsqH.exe
  C:\Windows\System\qXBRsqH.exe
  2⤵
  PID:8452
- C:\Windows\System\HBLziSt.exe
  C:\Windows\System\HBLziSt.exe
  2⤵
  PID:8476
- C:\Windows\System\RZypQJH.exe
  C:\Windows\System\RZypQJH.exe
  2⤵
  PID:8520
- C:\Windows\System\EHJHlIQ.exe
  C:\Windows\System\EHJHlIQ.exe
  2⤵
  PID:8540
- C:\Windows\System\penvXHB.exe
  C:\Windows\System\penvXHB.exe
  2⤵
  PID:8576
- C:\Windows\System\cSXWOGP.exe
  C:\Windows\System\cSXWOGP.exe
  2⤵
  PID:8600
- C:\Windows\System\ZGAsmtf.exe
  C:\Windows\System\ZGAsmtf.exe
  2⤵
  PID:8632
- C:\Windows\System\EZjDELE.exe
  C:\Windows\System\EZjDELE.exe
  2⤵
  PID:8688
- C:\Windows\System\QjZovQN.exe
  C:\Windows\System\QjZovQN.exe
  2⤵
  PID:8708
- C:\Windows\System\NerooEs.exe
  C:\Windows\System\NerooEs.exe
  2⤵
  PID:8744
- C:\Windows\System\CleKtgm.exe
  C:\Windows\System\CleKtgm.exe
  2⤵
  PID:8764
- C:\Windows\System\hPnStjc.exe
  C:\Windows\System\hPnStjc.exe
  2⤵
  PID:8792
- C:\Windows\System\zEXaKtu.exe
  C:\Windows\System\zEXaKtu.exe
  2⤵
  PID:8812
- C:\Windows\System\MQrFgor.exe
  C:\Windows\System\MQrFgor.exe
  2⤵
  PID:8836
- C:\Windows\System\MoHQzkl.exe
  C:\Windows\System\MoHQzkl.exe
  2⤵
  PID:8884
- C:\Windows\System\iFpIlXO.exe
  C:\Windows\System\iFpIlXO.exe
  2⤵
  PID:8908
- C:\Windows\System\mpqArTk.exe
  C:\Windows\System\mpqArTk.exe
  2⤵
  PID:8932
- C:\Windows\System\fAePBGY.exe
  C:\Windows\System\fAePBGY.exe
  2⤵
  PID:8952
- C:\Windows\System\DKGlngu.exe
  C:\Windows\System\DKGlngu.exe
  2⤵
  PID:8992
- C:\Windows\System\WgGsFrQ.exe
  C:\Windows\System\WgGsFrQ.exe
  2⤵
  PID:9020
- C:\Windows\System\TwuJdnr.exe
  C:\Windows\System\TwuJdnr.exe
  2⤵
  PID:9044
- C:\Windows\System\thgNXqB.exe
  C:\Windows\System\thgNXqB.exe
  2⤵
  PID:9064
- C:\Windows\System\AluUCLF.exe
  C:\Windows\System\AluUCLF.exe
  2⤵
  PID:9096
- C:\Windows\System\vqBtjsS.exe
  C:\Windows\System\vqBtjsS.exe
  2⤵
  PID:9112
- C:\Windows\System\GNGcMFX.exe
  C:\Windows\System\GNGcMFX.exe
  2⤵
  PID:9144
- C:\Windows\System\zqxsQZp.exe
  C:\Windows\System\zqxsQZp.exe
  2⤵
  PID:9160
- C:\Windows\System\zQlQKZV.exe
  C:\Windows\System\zQlQKZV.exe
  2⤵
  PID:9196
- C:\Windows\System\kHtcJTN.exe
  C:\Windows\System\kHtcJTN.exe
  2⤵
  PID:8240
- C:\Windows\System\eqesEwX.exe
  C:\Windows\System\eqesEwX.exe
  2⤵
  PID:8276
- C:\Windows\System\GARAMZs.exe
  C:\Windows\System\GARAMZs.exe
  2⤵
  PID:8348
- C:\Windows\System\CExaBzS.exe
  C:\Windows\System\CExaBzS.exe
  2⤵
  PID:8404
- C:\Windows\System\YlgUYdi.exe
  C:\Windows\System\YlgUYdi.exe
  2⤵
  PID:8444
- C:\Windows\System\EwYafrH.exe
  C:\Windows\System\EwYafrH.exe
  2⤵
  PID:8552
- C:\Windows\System\SjVVmlL.exe
  C:\Windows\System\SjVVmlL.exe
  2⤵
  PID:8612
- C:\Windows\System\ktYzPjK.exe
  C:\Windows\System\ktYzPjK.exe
  2⤵
  PID:8584
- C:\Windows\System\aVhJpoQ.exe
  C:\Windows\System\aVhJpoQ.exe
  2⤵
  PID:8716
- C:\Windows\System\xXCYeew.exe
  C:\Windows\System\xXCYeew.exe
  2⤵
  PID:8756
- C:\Windows\System\EjNIXzt.exe
  C:\Windows\System\EjNIXzt.exe
  2⤵
  PID:8856
- C:\Windows\System\giDKWAG.exe
  C:\Windows\System\giDKWAG.exe
  2⤵
  PID:8860
- C:\Windows\System\OohJipH.exe
  C:\Windows\System\OohJipH.exe
  2⤵
  PID:8928
- C:\Windows\System\GPylxis.exe
  C:\Windows\System\GPylxis.exe
  2⤵
  PID:9060
- C:\Windows\System\psSAWDB.exe
  C:\Windows\System\psSAWDB.exe
  2⤵
  PID:9104
- C:\Windows\System\yYofJkn.exe
  C:\Windows\System\yYofJkn.exe
  2⤵
  PID:8236
- C:\Windows\System\gclyVhm.exe
  C:\Windows\System\gclyVhm.exe
  2⤵
  PID:8424
- C:\Windows\System\khioMkY.exe
  C:\Windows\System\khioMkY.exe
  2⤵
  PID:8516
- C:\Windows\System\INMbpXw.exe
  C:\Windows\System\INMbpXw.exe
  2⤵
  PID:8740
- C:\Windows\System\KiWWAuB.exe
  C:\Windows\System\KiWWAuB.exe
  2⤵
  PID:8760
- C:\Windows\System\yGOoicP.exe
  C:\Windows\System\yGOoicP.exe
  2⤵
  PID:8944
- C:\Windows\System\HIzrrXW.exe
  C:\Windows\System\HIzrrXW.exe
  2⤵
  PID:8272
- C:\Windows\System\nLygdmH.exe
  C:\Windows\System\nLygdmH.exe
  2⤵
  PID:8380
- C:\Windows\System\juHjSfi.exe
  C:\Windows\System\juHjSfi.exe
  2⤵
  PID:8464
- C:\Windows\System\SuwhCza.exe
  C:\Windows\System\SuwhCza.exe
  2⤵
  PID:9208
- C:\Windows\System\CyQweHN.exe
  C:\Windows\System\CyQweHN.exe
  2⤵
  PID:9000
- C:\Windows\System\RKJMmli.exe
  C:\Windows\System\RKJMmli.exe
  2⤵
  PID:9240
- C:\Windows\System\pDpyPNQ.exe
  C:\Windows\System\pDpyPNQ.exe
  2⤵
  PID:9276
- C:\Windows\System\WucqZVE.exe
  C:\Windows\System\WucqZVE.exe
  2⤵
  PID:9296
- C:\Windows\System\uBkRrIg.exe
  C:\Windows\System\uBkRrIg.exe
  2⤵
  PID:9332
- C:\Windows\System\uGkHwzC.exe
  C:\Windows\System\uGkHwzC.exe
  2⤵
  PID:9352
- C:\Windows\System\fAOeIPR.exe
  C:\Windows\System\fAOeIPR.exe
  2⤵
  PID:9392
- C:\Windows\System\jMSUJJS.exe
  C:\Windows\System\jMSUJJS.exe
  2⤵
  PID:9416
- C:\Windows\System\IzmkFol.exe
  C:\Windows\System\IzmkFol.exe
  2⤵
  PID:9436
- C:\Windows\System\zvFhIwk.exe
  C:\Windows\System\zvFhIwk.exe
  2⤵
  PID:9452
- C:\Windows\System\XjrbueB.exe
  C:\Windows\System\XjrbueB.exe
  2⤵
  PID:9476
- C:\Windows\System\ZEyQIBV.exe
  C:\Windows\System\ZEyQIBV.exe
  2⤵
  PID:9500
- C:\Windows\System\fcVCAxX.exe
  C:\Windows\System\fcVCAxX.exe
  2⤵
  PID:9536
- C:\Windows\System\UMAuCQJ.exe
  C:\Windows\System\UMAuCQJ.exe
  2⤵
  PID:9572
- C:\Windows\System\GqKLetW.exe
  C:\Windows\System\GqKLetW.exe
  2⤵
  PID:9592
- C:\Windows\System\ZOfpaEW.exe
  C:\Windows\System\ZOfpaEW.exe
  2⤵
  PID:9624
- C:\Windows\System\FcZgnzI.exe
  C:\Windows\System\FcZgnzI.exe
  2⤵
  PID:9668
- C:\Windows\System\BWNoGwW.exe
  C:\Windows\System\BWNoGwW.exe
  2⤵
  PID:9688
- C:\Windows\System\vPClAmQ.exe
  C:\Windows\System\vPClAmQ.exe
  2⤵
  PID:9708
- C:\Windows\System\RgUQlbe.exe
  C:\Windows\System\RgUQlbe.exe
  2⤵
  PID:9736
- C:\Windows\System\cCJgNBJ.exe
  C:\Windows\System\cCJgNBJ.exe
  2⤵
  PID:9764
- C:\Windows\System\VumsJoz.exe
  C:\Windows\System\VumsJoz.exe
  2⤵
  PID:9788
- C:\Windows\System\XlRuCga.exe
  C:\Windows\System\XlRuCga.exe
  2⤵
  PID:9804
- C:\Windows\System\AfYXOGK.exe
  C:\Windows\System\AfYXOGK.exe
  2⤵
  PID:9824
- C:\Windows\System\RVGViwG.exe
  C:\Windows\System\RVGViwG.exe
  2⤵
  PID:9856
- C:\Windows\System\rMTctXw.exe
  C:\Windows\System\rMTctXw.exe
  2⤵
  PID:9888
- C:\Windows\System\umQmHPZ.exe
  C:\Windows\System\umQmHPZ.exe
  2⤵
  PID:9912
- C:\Windows\System\SCcAYmO.exe
  C:\Windows\System\SCcAYmO.exe
  2⤵
  PID:9928
- C:\Windows\System\wdUHcDy.exe
  C:\Windows\System\wdUHcDy.exe
  2⤵
  PID:9952
- C:\Windows\System\ULkSyOy.exe
  C:\Windows\System\ULkSyOy.exe
  2⤵
  PID:9976
- C:\Windows\System\BJbdXAU.exe
  C:\Windows\System\BJbdXAU.exe
  2⤵
  PID:9996
- C:\Windows\System\eQaPWqM.exe
  C:\Windows\System\eQaPWqM.exe
  2⤵
  PID:10012
- C:\Windows\System\vpZNxTr.exe
  C:\Windows\System\vpZNxTr.exe
  2⤵
  PID:10064
- C:\Windows\System\QMlOhCD.exe
  C:\Windows\System\QMlOhCD.exe
  2⤵
  PID:10096
- C:\Windows\System\tcEbbUb.exe
  C:\Windows\System\tcEbbUb.exe
  2⤵
  PID:10116
- C:\Windows\System\IZrPean.exe
  C:\Windows\System\IZrPean.exe
  2⤵
  PID:10136
- C:\Windows\System\lZGhuCh.exe
  C:\Windows\System\lZGhuCh.exe
  2⤵
  PID:10208
- C:\Windows\System\kHChjEW.exe
  C:\Windows\System\kHChjEW.exe
  2⤵
  PID:10232
- C:\Windows\System\xQbTKbp.exe
  C:\Windows\System\xQbTKbp.exe
  2⤵
  PID:9224
- C:\Windows\System\VAKSSlT.exe
  C:\Windows\System\VAKSSlT.exe
  2⤵
  PID:9264
- C:\Windows\System\DgJljIH.exe
  C:\Windows\System\DgJljIH.exe
  2⤵
  PID:9288
- C:\Windows\System\nTiIQqu.exe
  C:\Windows\System\nTiIQqu.exe
  2⤵
  PID:9424
- C:\Windows\System\ndSXkHj.exe
  C:\Windows\System\ndSXkHj.exe
  2⤵
  PID:9472
- C:\Windows\System\fIPqLes.exe
  C:\Windows\System\fIPqLes.exe
  2⤵
  PID:9548
- C:\Windows\System\bAZpQpB.exe
  C:\Windows\System\bAZpQpB.exe
  2⤵
  PID:9564
- C:\Windows\System\BAuidJB.exe
  C:\Windows\System\BAuidJB.exe
  2⤵
  PID:9588
- C:\Windows\System\oskoiSw.exe
  C:\Windows\System\oskoiSw.exe
  2⤵
  PID:9704
- C:\Windows\System\YUrTFdD.exe
  C:\Windows\System\YUrTFdD.exe
  2⤵
  PID:9756
- C:\Windows\System\SpbIMWT.exe
  C:\Windows\System\SpbIMWT.exe
  2⤵
  PID:9836
- C:\Windows\System\zHHLeCJ.exe
  C:\Windows\System\zHHLeCJ.exe
  2⤵
  PID:9904
- C:\Windows\System\gsOZHsq.exe
  C:\Windows\System\gsOZHsq.exe
  2⤵
  PID:10128
- C:\Windows\System\lsCUvjk.exe
  C:\Windows\System\lsCUvjk.exe
  2⤵
  PID:10180
- C:\Windows\System\XbCtJNI.exe
  C:\Windows\System\XbCtJNI.exe
  2⤵
  PID:10112
- C:\Windows\System\xbDoZvc.exe
  C:\Windows\System\xbDoZvc.exe
  2⤵
  PID:10220
- C:\Windows\System\xFoMkxw.exe
  C:\Windows\System\xFoMkxw.exe
  2⤵
  PID:9272
- C:\Windows\System\qzsCsjC.exe
  C:\Windows\System\qzsCsjC.exe
  2⤵
  PID:9368
- C:\Windows\System\FjixQJi.exe
  C:\Windows\System\FjixQJi.exe
  2⤵
  PID:9496
- C:\Windows\System\vaCpSNg.exe
  C:\Windows\System\vaCpSNg.exe
  2⤵
  PID:9800
- C:\Windows\System\YrpDRVh.exe
  C:\Windows\System\YrpDRVh.exe
  2⤵
  PID:9744
- C:\Windows\System\aOsrSrP.exe
  C:\Windows\System\aOsrSrP.exe
  2⤵
  PID:10032
- C:\Windows\System\sqaoRer.exe
  C:\Windows\System\sqaoRer.exe
  2⤵
  PID:9388
- C:\Windows\System\SjAFUwj.exe
  C:\Windows\System\SjAFUwj.exe
  2⤵
  PID:9448
- C:\Windows\System\IPqzOOC.exe
  C:\Windows\System\IPqzOOC.exe
  2⤵
  PID:9312
- C:\Windows\System\YRfgeAT.exe
  C:\Windows\System\YRfgeAT.exe
  2⤵
  PID:10052
- C:\Windows\System\OOmXLMx.exe
  C:\Windows\System\OOmXLMx.exe
  2⤵
  PID:4348
- C:\Windows\System\OpmhoGl.exe
  C:\Windows\System\OpmhoGl.exe
  2⤵
  PID:9444
- C:\Windows\System\QTLSXEX.exe
  C:\Windows\System\QTLSXEX.exe
  2⤵
  PID:10260
- C:\Windows\System\dCPdShe.exe
  C:\Windows\System\dCPdShe.exe
  2⤵
  PID:10312
- C:\Windows\System\fyZOQiK.exe
  C:\Windows\System\fyZOQiK.exe
  2⤵
  PID:10352
- C:\Windows\System\cRzMQCz.exe
  C:\Windows\System\cRzMQCz.exe
  2⤵
  PID:10384
- C:\Windows\System\yroySJF.exe
  C:\Windows\System\yroySJF.exe
  2⤵
  PID:10408
- C:\Windows\System\YmxQKqT.exe
  C:\Windows\System\YmxQKqT.exe
  2⤵
  PID:10440
- C:\Windows\System\LGdnXev.exe
  C:\Windows\System\LGdnXev.exe
  2⤵
  PID:10460
- C:\Windows\System\AxTvMcZ.exe
  C:\Windows\System\AxTvMcZ.exe
  2⤵
  PID:10484
- C:\Windows\System\ICzLDCT.exe
  C:\Windows\System\ICzLDCT.exe
  2⤵
  PID:10504
- C:\Windows\System\QvomgmC.exe
  C:\Windows\System\QvomgmC.exe
  2⤵
  PID:10520
- C:\Windows\System\Sbgzdqs.exe
  C:\Windows\System\Sbgzdqs.exe
  2⤵
  PID:10564
- C:\Windows\System\hyhJEjt.exe
  C:\Windows\System\hyhJEjt.exe
  2⤵
  PID:10584
- C:\Windows\System\qvQTOab.exe
  C:\Windows\System\qvQTOab.exe
  2⤵
  PID:10616
- C:\Windows\System\wpFotOO.exe
  C:\Windows\System\wpFotOO.exe
  2⤵
  PID:10640
- C:\Windows\System\OBRgdWj.exe
  C:\Windows\System\OBRgdWj.exe
  2⤵
  PID:10668
- C:\Windows\System\OuTfcFD.exe
  C:\Windows\System\OuTfcFD.exe
  2⤵
  PID:10688
- C:\Windows\System\KGNxssO.exe
  C:\Windows\System\KGNxssO.exe
  2⤵
  PID:10740
- C:\Windows\System\CRTJmro.exe
  C:\Windows\System\CRTJmro.exe
  2⤵
  PID:10776
- C:\Windows\System\fFoZjZa.exe
  C:\Windows\System\fFoZjZa.exe
  2⤵
  PID:10804
- C:\Windows\System\akOQFYm.exe
  C:\Windows\System\akOQFYm.exe
  2⤵
  PID:10824
- C:\Windows\System\buZEDbh.exe
  C:\Windows\System\buZEDbh.exe
  2⤵
  PID:10848
- C:\Windows\System\RMFmpXN.exe
  C:\Windows\System\RMFmpXN.exe
  2⤵
  PID:10864
- C:\Windows\System\wAGUZjS.exe
  C:\Windows\System\wAGUZjS.exe
  2⤵
  PID:10908
- C:\Windows\System\UnLMmMM.exe
  C:\Windows\System\UnLMmMM.exe
  2⤵
  PID:10936
- C:\Windows\System\BGuWKyZ.exe
  C:\Windows\System\BGuWKyZ.exe
  2⤵
  PID:10960
- C:\Windows\System\atBLKeS.exe
  C:\Windows\System\atBLKeS.exe
  2⤵
  PID:10980
- C:\Windows\System\rZtLChp.exe
  C:\Windows\System\rZtLChp.exe
  2⤵
  PID:11000
- C:\Windows\System\pYXBwaL.exe
  C:\Windows\System\pYXBwaL.exe
  2⤵
  PID:11040
- C:\Windows\System\tsQfkeI.exe
  C:\Windows\System\tsQfkeI.exe
  2⤵
  PID:11060
- C:\Windows\System\dLkLRQO.exe
  C:\Windows\System\dLkLRQO.exe
  2⤵
  PID:11080
- C:\Windows\System\zkSjvIy.exe
  C:\Windows\System\zkSjvIy.exe
  2⤵
  PID:11108
- C:\Windows\System\WfaBpMs.exe
  C:\Windows\System\WfaBpMs.exe
  2⤵
  PID:11168
- C:\Windows\System\GVDVayA.exe
  C:\Windows\System\GVDVayA.exe
  2⤵
  PID:11184
- C:\Windows\System\ZaTzSBe.exe
  C:\Windows\System\ZaTzSBe.exe
  2⤵
  PID:11204
- C:\Windows\System\oSfQhqg.exe
  C:\Windows\System\oSfQhqg.exe
  2⤵
  PID:11228
- C:\Windows\System\yRlldPk.exe
  C:\Windows\System\yRlldPk.exe
  2⤵
  PID:11248
- C:\Windows\System\GjuQBjq.exe
  C:\Windows\System\GjuQBjq.exe
  2⤵
  PID:10284
- C:\Windows\System\dsXBQkD.exe
  C:\Windows\System\dsXBQkD.exe
  2⤵
  PID:10296
- C:\Windows\System\MZwJUnu.exe
  C:\Windows\System\MZwJUnu.exe
  2⤵
  PID:10376
- C:\Windows\System\ErWQwuq.exe
  C:\Windows\System\ErWQwuq.exe
  2⤵
  PID:10540
- C:\Windows\System\xHJTLPM.exe
  C:\Windows\System\xHJTLPM.exe
  2⤵
  PID:10532
- C:\Windows\System\HGkgMiN.exe
  C:\Windows\System\HGkgMiN.exe
  2⤵
  PID:10608
- C:\Windows\System\iEiJhuh.exe
  C:\Windows\System\iEiJhuh.exe
  2⤵
  PID:10652
- C:\Windows\System\EjpnuxG.exe
  C:\Windows\System\EjpnuxG.exe
  2⤵
  PID:10736
- C:\Windows\System\nbtqCqk.exe
  C:\Windows\System\nbtqCqk.exe
  2⤵
  PID:10820
- C:\Windows\System\tDpXpQk.exe
  C:\Windows\System\tDpXpQk.exe
  2⤵
  PID:10844
- C:\Windows\System\LspPctm.exe
  C:\Windows\System\LspPctm.exe
  2⤵
  PID:10924
- C:\Windows\System\VolSeYT.exe
  C:\Windows\System\VolSeYT.exe
  2⤵
  PID:10976
- C:\Windows\System\ZMHivrN.exe
  C:\Windows\System\ZMHivrN.exe
  2⤵
  PID:11020
- C:\Windows\System\MbmTCeb.exe
  C:\Windows\System\MbmTCeb.exe
  2⤵
  PID:11076
- C:\Windows\System\vylXeuv.exe
  C:\Windows\System\vylXeuv.exe
  2⤵
  PID:11176
- C:\Windows\System\qwHfqDS.exe
  C:\Windows\System\qwHfqDS.exe
  2⤵
  PID:11244
- C:\Windows\System\KqfCcxf.exe
  C:\Windows\System\KqfCcxf.exe
  2⤵
  PID:10344
- C:\Windows\System\PuaHKrs.exe
  C:\Windows\System\PuaHKrs.exe
  2⤵
  PID:10472
- C:\Windows\System\GfrRiuH.exe
  C:\Windows\System\GfrRiuH.exe
  2⤵
  PID:10592
- C:\Windows\System\YkwgsxO.exe
  C:\Windows\System\YkwgsxO.exe
  2⤵
  PID:10576
- C:\Windows\System\XyuQtsN.exe
  C:\Windows\System\XyuQtsN.exe
  2⤵
  PID:10900
- C:\Windows\System\DQXyxTz.exe
  C:\Windows\System\DQXyxTz.exe
  2⤵
  PID:11008
- C:\Windows\System\fgZzPHZ.exe
  C:\Windows\System\fgZzPHZ.exe
  2⤵
  PID:4868
- C:\Windows\System\BtMZmfv.exe
  C:\Windows\System\BtMZmfv.exe
  2⤵
  PID:9920
- C:\Windows\System\McInjDJ.exe
  C:\Windows\System\McInjDJ.exe
  2⤵
  PID:10336
- C:\Windows\System\QJOBanN.exe
  C:\Windows\System\QJOBanN.exe
  2⤵
  PID:1332
- C:\Windows\System\mMFVSIY.exe
  C:\Windows\System\mMFVSIY.exe
  2⤵
  PID:11196
- C:\Windows\System\NFOoRlK.exe
  C:\Windows\System\NFOoRlK.exe
  2⤵
  PID:10916
- C:\Windows\System\rFrSNUm.exe
  C:\Windows\System\rFrSNUm.exe
  2⤵
  PID:10420
- C:\Windows\System\UgYIexg.exe
  C:\Windows\System\UgYIexg.exe
  2⤵
  PID:11284
- C:\Windows\System\PGFtdza.exe
  C:\Windows\System\PGFtdza.exe
  2⤵
  PID:11300
- C:\Windows\System\GPVMXVw.exe
  C:\Windows\System\GPVMXVw.exe
  2⤵
  PID:11356
- C:\Windows\System\JPvfgCE.exe
  C:\Windows\System\JPvfgCE.exe
  2⤵
  PID:11372
- C:\Windows\System\DBnysgx.exe
  C:\Windows\System\DBnysgx.exe
  2⤵
  PID:11396
- C:\Windows\System\eMuUEbE.exe
  C:\Windows\System\eMuUEbE.exe
  2⤵
  PID:11424
- C:\Windows\System\jWhbQbU.exe
  C:\Windows\System\jWhbQbU.exe
  2⤵
  PID:11464
- C:\Windows\System\aPgWneb.exe
  C:\Windows\System\aPgWneb.exe
  2⤵
  PID:11484
- C:\Windows\System\MjfkLur.exe
  C:\Windows\System\MjfkLur.exe
  2⤵
  PID:11532
- C:\Windows\System\QZbeimu.exe
  C:\Windows\System\QZbeimu.exe
  2⤵
  PID:11552
- C:\Windows\System\uOFjFJk.exe
  C:\Windows\System\uOFjFJk.exe
  2⤵
  PID:11568
- C:\Windows\System\EknzaWq.exe
  C:\Windows\System\EknzaWq.exe
  2⤵
  PID:11612
- C:\Windows\System\acKgPuc.exe
  C:\Windows\System\acKgPuc.exe
  2⤵
  PID:11664
- C:\Windows\System\QLDiTyO.exe
  C:\Windows\System\QLDiTyO.exe
  2⤵
  PID:11740
- C:\Windows\System\cHxPyHt.exe
  C:\Windows\System\cHxPyHt.exe
  2⤵
  PID:11756
- C:\Windows\System\JTXEwtn.exe
  C:\Windows\System\JTXEwtn.exe
  2⤵
  PID:11784
- C:\Windows\System\HhzNkrF.exe
  C:\Windows\System\HhzNkrF.exe
  2⤵
  PID:11808
- C:\Windows\System\sVMPKIt.exe
  C:\Windows\System\sVMPKIt.exe
  2⤵
  PID:11828
- C:\Windows\System\TEoWwcU.exe
  C:\Windows\System\TEoWwcU.exe
  2⤵
  PID:11848
- C:\Windows\System\xPwyeno.exe
  C:\Windows\System\xPwyeno.exe
  2⤵
  PID:11884
- C:\Windows\System\xcVOIex.exe
  C:\Windows\System\xcVOIex.exe
  2⤵
  PID:11904
- C:\Windows\System\nRcpGHd.exe
  C:\Windows\System\nRcpGHd.exe
  2⤵
  PID:11928
- C:\Windows\System\ZDHKMod.exe
  C:\Windows\System\ZDHKMod.exe
  2⤵
  PID:11948
- C:\Windows\System\kYaWfmV.exe
  C:\Windows\System\kYaWfmV.exe
  2⤵
  PID:11984
- C:\Windows\System\fXvxyxK.exe
  C:\Windows\System\fXvxyxK.exe
  2⤵
  PID:12012
- C:\Windows\System\SRCYgpi.exe
  C:\Windows\System\SRCYgpi.exe
  2⤵
  PID:12032
- C:\Windows\System\XnkKOXp.exe
  C:\Windows\System\XnkKOXp.exe
  2⤵
  PID:12052
- C:\Windows\System\obceZOp.exe
  C:\Windows\System\obceZOp.exe
  2⤵
  PID:12076
- C:\Windows\System\OHjkMgl.exe
  C:\Windows\System\OHjkMgl.exe
  2⤵
  PID:12124
- C:\Windows\System\MNHZMBC.exe
  C:\Windows\System\MNHZMBC.exe
  2⤵
  PID:12144
- C:\Windows\System\SyCcJYt.exe
  C:\Windows\System\SyCcJYt.exe
  2⤵
  PID:12168
- C:\Windows\System\fIwOoLB.exe
  C:\Windows\System\fIwOoLB.exe
  2⤵
  PID:12200
- C:\Windows\System\LNxneXq.exe
  C:\Windows\System\LNxneXq.exe
  2⤵
  PID:12228
- C:\Windows\System\lGPvozE.exe
  C:\Windows\System\lGPvozE.exe
  2⤵
  PID:12268
- C:\Windows\System\hOlsJKt.exe
  C:\Windows\System\hOlsJKt.exe
  2⤵
  PID:2932
- C:\Windows\System\iLziaZK.exe
  C:\Windows\System\iLziaZK.exe
  2⤵
  PID:11340
- C:\Windows\System\bFjdCyI.exe
  C:\Windows\System\bFjdCyI.exe
  2⤵
  PID:11392
- C:\Windows\System\ZzykoOV.exe
  C:\Windows\System\ZzykoOV.exe
  2⤵
  PID:11480
- C:\Windows\System\HflmBwX.exe
  C:\Windows\System\HflmBwX.exe
  2⤵
  PID:11504
- C:\Windows\System\PvpxQTB.exe
  C:\Windows\System\PvpxQTB.exe
  2⤵
  PID:11640
- C:\Windows\System\vqepMPl.exe
  C:\Windows\System\vqepMPl.exe
  2⤵
  PID:11676
- C:\Windows\System\rsbyiAH.exe
  C:\Windows\System\rsbyiAH.exe
  2⤵
  PID:3388
- C:\Windows\System\kbNqOaQ.exe
  C:\Windows\System\kbNqOaQ.exe
  2⤵
  PID:11584
- C:\Windows\System\kipFmRW.exe
  C:\Windows\System\kipFmRW.exe
  2⤵
  PID:11728
- C:\Windows\System\USCLitr.exe
  C:\Windows\System\USCLitr.exe
  2⤵
  PID:11804
- C:\Windows\System\JmiJGJg.exe
  C:\Windows\System\JmiJGJg.exe
  2⤵
  PID:11924
- C:\Windows\System\BwuXKzq.exe
  C:\Windows\System\BwuXKzq.exe
  2⤵
  PID:11976
- C:\Windows\System\nnpzmKU.exe
  C:\Windows\System\nnpzmKU.exe
  2⤵
  PID:11992
- C:\Windows\System\YfzoocX.exe
  C:\Windows\System\YfzoocX.exe
  2⤵
  PID:12072
- C:\Windows\System\OysJIdT.exe
  C:\Windows\System\OysJIdT.exe
  2⤵
  PID:12152
- C:\Windows\System\crHxjzI.exe
  C:\Windows\System\crHxjzI.exe
  2⤵
  PID:12188
- C:\Windows\System\tOCNlaU.exe
  C:\Windows\System\tOCNlaU.exe
  2⤵
  PID:12284
- C:\Windows\System\eQEWuhc.exe
  C:\Windows\System\eQEWuhc.exe
  2⤵
  PID:11272
- C:\Windows\System\gZCYqsM.exe
  C:\Windows\System\gZCYqsM.exe
  2⤵
  PID:11364
- C:\Windows\System\LlZwCfa.exe
  C:\Windows\System\LlZwCfa.exe
  2⤵
  PID:11440
- C:\Windows\System\zzpfErx.exe
  C:\Windows\System\zzpfErx.exe
  2⤵
  PID:11604
- C:\Windows\System\IhMTzGf.exe
  C:\Windows\System\IhMTzGf.exe
  2⤵
  PID:11608
- C:\Windows\System\cXUuWnR.exe
  C:\Windows\System\cXUuWnR.exe
  2⤵
  PID:11768
- C:\Windows\System\itmtjRu.exe
  C:\Windows\System\itmtjRu.exe
  2⤵
  PID:12028
- C:\Windows\System\WxKkdiR.exe
  C:\Windows\System\WxKkdiR.exe
  2⤵
  PID:12140
- C:\Windows\System\PNcTsLt.exe
  C:\Windows\System\PNcTsLt.exe
  2⤵
  PID:11436
- C:\Windows\System\bIeqpFj.exe
  C:\Windows\System\bIeqpFj.exe
  2⤵
  PID:1360
- C:\Windows\System\ioasEip.exe
  C:\Windows\System\ioasEip.exe
  2⤵
  PID:11800
- C:\Windows\System\LFhVPwx.exe
  C:\Windows\System\LFhVPwx.exe
  2⤵
  PID:12068
- C:\Windows\System\NICBpiB.exe
  C:\Windows\System\NICBpiB.exe
  2⤵
  PID:11444
- C:\Windows\System\ROxZKGb.exe
  C:\Windows\System\ROxZKGb.exe
  2⤵
  PID:12304
- C:\Windows\System\hrsPpUN.exe
  C:\Windows\System\hrsPpUN.exe
  2⤵
  PID:12328
- C:\Windows\System\qnIBPOs.exe
  C:\Windows\System\qnIBPOs.exe
  2⤵
  PID:12360
- C:\Windows\System\FQxMWJx.exe
  C:\Windows\System\FQxMWJx.exe
  2⤵
  PID:12400
- C:\Windows\System\SskJHRp.exe
  C:\Windows\System\SskJHRp.exe
  2⤵
  PID:12416
- C:\Windows\System\GkqXFck.exe
  C:\Windows\System\GkqXFck.exe
  2⤵
  PID:12448
- C:\Windows\System\FXfoKyg.exe
  C:\Windows\System\FXfoKyg.exe
  2⤵
  PID:12464
- C:\Windows\System\AWdMgPY.exe
  C:\Windows\System\AWdMgPY.exe
  2⤵
  PID:12492
- C:\Windows\System\QbmKQgS.exe
  C:\Windows\System\QbmKQgS.exe
  2⤵
  PID:12516
- C:\Windows\System\BvOQEAo.exe
  C:\Windows\System\BvOQEAo.exe
  2⤵
  PID:12564
- C:\Windows\System\VRFJCPL.exe
  C:\Windows\System\VRFJCPL.exe
  2⤵
  PID:12612
- C:\Windows\System\TTIRzRv.exe
  C:\Windows\System\TTIRzRv.exe
  2⤵
  PID:12628
- C:\Windows\System\qUywPWo.exe
  C:\Windows\System\qUywPWo.exe
  2⤵
  PID:12664
- C:\Windows\System\iPatwUh.exe
  C:\Windows\System\iPatwUh.exe
  2⤵
  PID:12684
- C:\Windows\System\VnObqHP.exe
  C:\Windows\System\VnObqHP.exe
  2⤵
  PID:12712
- C:\Windows\System\OKNMOAr.exe
  C:\Windows\System\OKNMOAr.exe
  2⤵
  PID:12752
- C:\Windows\System\QUGSGUm.exe
  C:\Windows\System\QUGSGUm.exe
  2⤵
  PID:12768
- C:\Windows\System\xGIMeEW.exe
  C:\Windows\System\xGIMeEW.exe
  2⤵
  PID:12792
- C:\Windows\System\CMWNpea.exe
  C:\Windows\System\CMWNpea.exe
  2⤵
  PID:12812
- C:\Windows\System\DtVfUkc.exe
  C:\Windows\System\DtVfUkc.exe
  2⤵
  PID:12828
- C:\Windows\System\vUgZmOw.exe
  C:\Windows\System\vUgZmOw.exe
  2⤵
  PID:12852
- C:\Windows\System\gXyNKtH.exe
  C:\Windows\System\gXyNKtH.exe
  2⤵
  PID:12876
- C:\Windows\System\MEryzRE.exe
  C:\Windows\System\MEryzRE.exe
  2⤵
  PID:12900
- C:\Windows\System\FKPmBZl.exe
  C:\Windows\System\FKPmBZl.exe
  2⤵
  PID:12920
- C:\Windows\System\XJaOnQN.exe
  C:\Windows\System\XJaOnQN.exe
  2⤵
  PID:12940
- C:\Windows\System\BEeHiHC.exe
  C:\Windows\System\BEeHiHC.exe
  2⤵
  PID:13008
- C:\Windows\System\RDImzko.exe
  C:\Windows\System\RDImzko.exe
  2⤵
  PID:13044
- C:\Windows\System\msReTea.exe
  C:\Windows\System\msReTea.exe
  2⤵
  PID:13064
- C:\Windows\System\ZUDJUJF.exe
  C:\Windows\System\ZUDJUJF.exe
  2⤵
  PID:13084
- C:\Windows\System\tCiNmOd.exe
  C:\Windows\System\tCiNmOd.exe
  2⤵
  PID:13108
- C:\Windows\System\ZpSWpRi.exe
  C:\Windows\System\ZpSWpRi.exe
  2⤵
  PID:13128
- C:\Windows\System\ZWwCoBN.exe
  C:\Windows\System\ZWwCoBN.exe
  2⤵
  PID:13156
- C:\Windows\System\QLqUUHu.exe
  C:\Windows\System\QLqUUHu.exe
  2⤵
  PID:13172
- C:\Windows\System\IZfLcJe.exe
  C:\Windows\System\IZfLcJe.exe
  2⤵
  PID:13228
- C:\Windows\System\FLNdflP.exe
  C:\Windows\System\FLNdflP.exe
  2⤵
  PID:13256
- C:\Windows\System\hyPPtqa.exe
  C:\Windows\System\hyPPtqa.exe
  2⤵
  PID:13308
- C:\Windows\System\IIZPfGk.exe
  C:\Windows\System\IIZPfGk.exe
  2⤵
  PID:12316
- C:\Windows\System\QSAtybe.exe
  C:\Windows\System\QSAtybe.exe
  2⤵
  PID:12352
- C:\Windows\System\aqjHEoJ.exe
  C:\Windows\System\aqjHEoJ.exe
  2⤵
  PID:12472
- C:\Windows\System\QoLtnrS.exe
  C:\Windows\System\QoLtnrS.exe
  2⤵
  PID:12500
- C:\Windows\System\npbhwdu.exe
  C:\Windows\System\npbhwdu.exe
  2⤵
  PID:1948
- C:\Windows\System\UWXxJqo.exe
  C:\Windows\System\UWXxJqo.exe
  2⤵
  PID:12592
- C:\Windows\System\ZFhpjKR.exe
  C:\Windows\System\ZFhpjKR.exe
  2⤵
  PID:12656
- C:\Windows\System\iNrBcRv.exe
  C:\Windows\System\iNrBcRv.exe
  2⤵
  PID:12676
- C:\Windows\System\gikLUFW.exe
  C:\Windows\System\gikLUFW.exe
  2⤵
  PID:12760
- C:\Windows\System\TkrBzhj.exe
  C:\Windows\System\TkrBzhj.exe
  2⤵
  PID:12864
- C:\Windows\System\pLZTrKK.exe
  C:\Windows\System\pLZTrKK.exe
  2⤵
  PID:12956
- C:\Windows\System\tGhRZGG.exe
  C:\Windows\System\tGhRZGG.exe
  2⤵
  PID:13076
- C:\Windows\System\XVadSDU.exe
  C:\Windows\System\XVadSDU.exe
  2⤵
  PID:13020
- C:\Windows\System\GhCmZjR.exe
  C:\Windows\System\GhCmZjR.exe
  2⤵
  PID:13104
- C:\Windows\System\DXBdGmm.exe
  C:\Windows\System\DXBdGmm.exe
  2⤵
  PID:13148
- C:\Windows\System\gPiRKKB.exe
  C:\Windows\System\gPiRKKB.exe
  2⤵
  PID:13248
- C:\Windows\System\SeDqVmc.exe
  C:\Windows\System\SeDqVmc.exe
  2⤵
  PID:12384
- C:\Windows\System\KDOhRUs.exe
  C:\Windows\System\KDOhRUs.exe
  2⤵
  PID:12408
- C:\Windows\System\XGZyVzM.exe
  C:\Windows\System\XGZyVzM.exe
  2⤵
  PID:12512
- C:\Windows\System\CofELuO.exe
  C:\Windows\System\CofELuO.exe
  2⤵
  PID:12620
- C:\Windows\System\BBSbpYi.exe
  C:\Windows\System\BBSbpYi.exe
  2⤵
  PID:12804
- C:\Windows\System\SgBLaEg.exe
  C:\Windows\System\SgBLaEg.exe
  2⤵
  PID:4736
- C:\Windows\System\ffoPrHr.exe
  C:\Windows\System\ffoPrHr.exe
  2⤵
  PID:12844
- C:\Windows\System\kiSSSGn.exe
  C:\Windows\System\kiSSSGn.exe
  2⤵
  PID:12912
- C:\Windows\System\FigySme.exe
  C:\Windows\System\FigySme.exe
  2⤵
  PID:13056
- C:\Windows\System\TsaxDJV.exe
  C:\Windows\System\TsaxDJV.exe
  2⤵
  PID:464
- C:\Windows\System\PjIrLTf.exe
  C:\Windows\System\PjIrLTf.exe
  2⤵
  PID:13292
- C:\Windows\System\NaiBeCG.exe
  C:\Windows\System\NaiBeCG.exe
  2⤵
  PID:12972
- C:\Windows\System\KHMuBHC.exe
  C:\Windows\System\KHMuBHC.exe
  2⤵
  PID:13216
- C:\Windows\System\ZQtFaPq.exe
  C:\Windows\System\ZQtFaPq.exe
  2⤵
  PID:12892
- C:\Windows\System\ePacGzu.exe
  C:\Windows\System\ePacGzu.exe
  2⤵
  PID:13348
- C:\Windows\System\eTrAuEn.exe
  C:\Windows\System\eTrAuEn.exe
  2⤵
  PID:13388
- C:\Windows\System\quoxJuZ.exe
  C:\Windows\System\quoxJuZ.exe
  2⤵
  PID:13412
- C:\Windows\System\GyvdLjy.exe
  C:\Windows\System\GyvdLjy.exe
  2⤵
  PID:13432
- C:\Windows\System\cpkqPnY.exe
  C:\Windows\System\cpkqPnY.exe
  2⤵
  PID:13476
- C:\Windows\System\qEYLUAM.exe
  C:\Windows\System\qEYLUAM.exe
  2⤵
  PID:13496
- C:\Windows\System\LZsfXgU.exe
  C:\Windows\System\LZsfXgU.exe
  2⤵
  PID:13512
- C:\Windows\System\DztQWOW.exe
  C:\Windows\System\DztQWOW.exe
  2⤵
  PID:13556
- C:\Windows\System\IqWPXLR.exe
  C:\Windows\System\IqWPXLR.exe
  2⤵
  PID:13584
- C:\Windows\System\mKQvjhg.exe
  C:\Windows\System\mKQvjhg.exe
  2⤵
  PID:13608
- C:\Windows\System\NPHJdqR.exe
  C:\Windows\System\NPHJdqR.exe
  2⤵
  PID:13624
- C:\Windows\System\SgqjjLb.exe
  C:\Windows\System\SgqjjLb.exe
  2⤵
  PID:13664
- C:\Windows\System\yEClGFU.exe
  C:\Windows\System\yEClGFU.exe
  2⤵
  PID:13704
- C:\Windows\System\BawSmov.exe
  C:\Windows\System\BawSmov.exe
  2⤵
  PID:13724
- C:\Windows\System\zoJXuKJ.exe
  C:\Windows\System\zoJXuKJ.exe
  2⤵
  PID:13748
- C:\Windows\System\UvhRaIf.exe
  C:\Windows\System\UvhRaIf.exe
  2⤵
  PID:13764
- C:\Windows\System\RdpSYDR.exe
  C:\Windows\System\RdpSYDR.exe
  2⤵
  PID:13784
- C:\Windows\System\VSEFUXE.exe
  C:\Windows\System\VSEFUXE.exe
  2⤵
  PID:13828
- C:\Windows\System\ASJVdia.exe
  C:\Windows\System\ASJVdia.exe
  2⤵
  PID:13848
- C:\Windows\System\NXNcNkP.exe
  C:\Windows\System\NXNcNkP.exe
  2⤵
  PID:13884
- C:\Windows\System\MeaQikn.exe
  C:\Windows\System\MeaQikn.exe
  2⤵
  PID:13916
- C:\Windows\System\fwcaWpY.exe
  C:\Windows\System\fwcaWpY.exe
  2⤵
  PID:13940
- C:\Windows\System\CCidvAh.exe
  C:\Windows\System\CCidvAh.exe
  2⤵
  PID:13980
- C:\Windows\System\MIvHIwG.exe
  C:\Windows\System\MIvHIwG.exe
  2⤵
  PID:14000
- C:\Windows\System\NSvnlkN.exe
  C:\Windows\System\NSvnlkN.exe
  2⤵
  PID:14028
- C:\Windows\System\dsHWTOw.exe
  C:\Windows\System\dsHWTOw.exe
  2⤵
  PID:14056
- C:\Windows\System\rWIhKGT.exe
  C:\Windows\System\rWIhKGT.exe
  2⤵
  PID:14076
- C:\Windows\System\LlumjHK.exe
  C:\Windows\System\LlumjHK.exe
  2⤵
  PID:14100
- C:\Windows\System\ggOmIvu.exe
  C:\Windows\System\ggOmIvu.exe
  2⤵
  PID:14120
- C:\Windows\System\QlRwQos.exe
  C:\Windows\System\QlRwQos.exe
  2⤵
  PID:14168
- C:\Windows\System\HgmpUlq.exe
  C:\Windows\System\HgmpUlq.exe
  2⤵
  PID:14188
- C:\Windows\System\sKLMaBm.exe
  C:\Windows\System\sKLMaBm.exe
  2⤵
  PID:14224
- C:\Windows\System\GDuYpjZ.exe
  C:\Windows\System\GDuYpjZ.exe
  2⤵
  PID:14244
- C:\Windows\System\wXKVgQj.exe
  C:\Windows\System\wXKVgQj.exe
  2⤵
  PID:14268
- C:\Windows\System\aHiUIaC.exe
  C:\Windows\System\aHiUIaC.exe
  2⤵
  PID:14292
- C:\Windows\System\QurFIpb.exe
  C:\Windows\System\QurFIpb.exe
  2⤵
  PID:14308
- C:\Windows\System\yjvUOkx.exe
  C:\Windows\System\yjvUOkx.exe
  2⤵
  PID:12348
- C:\Windows\System\tlQgYcq.exe
  C:\Windows\System\tlQgYcq.exe
  2⤵
  PID:13364
- C:\Windows\System\tNrsXkq.exe
  C:\Windows\System\tNrsXkq.exe
  2⤵
  PID:13424
- C:\Windows\System\iTzPWLV.exe
  C:\Windows\System\iTzPWLV.exe
  2⤵
  PID:13492
- C:\Windows\System\HcwbQEm.exe
  C:\Windows\System\HcwbQEm.exe
  2⤵
  PID:13532
- C:\Windows\System\KhMzeOd.exe
  C:\Windows\System\KhMzeOd.exe
  2⤵
  PID:13684
- C:\Windows\System\nMIzbdb.exe
  C:\Windows\System\nMIzbdb.exe
  2⤵
  PID:13736
- C:\Windows\System\xJoYhBF.exe
  C:\Windows\System\xJoYhBF.exe
  2⤵
  PID:13804
- C:\Windows\System\IaCznag.exe
  C:\Windows\System\IaCznag.exe
  2⤵
  PID:13792
- C:\Windows\System\KbupkJI.exe
  C:\Windows\System\KbupkJI.exe
  2⤵
  PID:13876
- C:\Windows\System\rBZComT.exe
  C:\Windows\System\rBZComT.exe
  2⤵
  PID:13904
- C:\Windows\System\RoCzXzL.exe
  C:\Windows\System\RoCzXzL.exe
  2⤵
  PID:14072
- C:\Windows\System\YxHGYMG.exe
  C:\Windows\System\YxHGYMG.exe
  2⤵
  PID:14144
- C:\Windows\System\ZqPqaok.exe
  C:\Windows\System\ZqPqaok.exe
  2⤵
  PID:14212
- C:\Windows\System\ZopfXTt.exe
  C:\Windows\System\ZopfXTt.exe
  2⤵
  PID:14236
- C:\Windows\System\iRbbMCb.exe
  C:\Windows\System\iRbbMCb.exe
  2⤵
  PID:14280
- C:\Windows\System\EDXFeKR.exe
  C:\Windows\System\EDXFeKR.exe
  2⤵
  PID:13644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AlmLTVW.exe

Filesize
1.5MB

MD5
f29f4e1d3809361eee6aedaf58d939ca

SHA1
03735c71ed5253e1bdca6dfb157d2400d1353ab3

SHA256
32b7f2a8c851b92741722bf337b391b35927ec0ee21ce070e23bf54d42f3ba9b

SHA512
ff937d60b1b6805d008650c8d7473371ef49188279784a476997dd89396b8dc4fce9b0c0b1920d1a052fec275b5ead2e643dab651204b4dfb7062018ee695aae

Download Submit
C:\Windows\System\BgFwwQV.exe

Filesize
1.5MB

MD5
7ae9fb5cbe848abc1a6e2a948f581be4

SHA1
dab4ab88be6cc9cac10a53ecb3a69840b0a46199

SHA256
8a1befcd5e92801b4a91faed4f64dfde269d8c4a0eea14328ff747f07a688c70

SHA512
ec8120621cfe5a7e18a7c0b35029a76cc386388ecd4588938b9ed83db7344e5a552dca3b9730d00d0536fca14cd1a6d8a7b18e0e78a1a06f6dcb28f2b35e0ed1

Download Submit
C:\Windows\System\CNybirJ.exe

Filesize
1.5MB

MD5
c0dacc5bad0c5049bc0a910ebf80cf13

SHA1
a3a1c8a9bf250b68667b182db69b2dcb95b944fb

SHA256
39dd1e06a41b194bd3f79b62364c4705b380c4f30dcd0e59ab5fde749e2118e3

SHA512
6a266157a8113bc8b4fb03eb18571637a1e8e90ddb7ae5473866c1dfe1c19f089b3f5a3cc7daf299248f2a1a1accca4d95aaccccd13f2c8748e3a63b4f93c398

Download Submit
C:\Windows\System\COEHjpC.exe

Filesize
1.5MB

MD5
9252a6cfbb70e2eff939331b44209283

SHA1
3d262b1fb56ca0a870b21af3fef1e3c30f7beb79

SHA256
e8e627d707bea63768a9fdd9074a7152ebbeaa8365c7af9bb385ce117f405d9f

SHA512
5a35b49a9462fbfae3dbc88add8d9bf8b485d804fe99e3d22e40307543d04b5b85858af561f1f178b3e43c4466a56d0723c79fd9f0fb267144513f5c316f1cd0

Download Submit
C:\Windows\System\DrdQGjm.exe

Filesize
1.5MB

MD5
008f24a502993354bb10f956d657b0bd

SHA1
01bdf278a958d60a06df15d8ad94c53cabae666e

SHA256
c53dec377a435080a48a49060414eb8a819c889cfedf389b77b389961bb944c6

SHA512
8d1c4b10951b066fa99ea7938e4d27a743db4bece8e6eaee3eaaaaa9969a6e33313a42a485b276476bad2fa4f79d2b3ef123b79eea140091286ea9bc36ae4f75

Download Submit
C:\Windows\System\GcdixwN.exe

Filesize
1.5MB

MD5
e5bbc4a994618bcd46ac3248ecb3d677

SHA1
7521c78d126ac63ab6d6a781df941b6a6264addc

SHA256
846f7d861d90495e6ab9ba0b3768b9f31306cd4c9c7a21e88a9baa0efcbfdc60

SHA512
333cf9c4618670ed457a13d6c1d28a4d4a2b7686fe9287d3965846c81d26e45b3f06c14cccdabd97659467f8c260585a0cdfa7e576f609eee96258e0bff14c04

Download Submit
C:\Windows\System\IDZiUIG.exe

Filesize
1.5MB

MD5
607c6129a3468013b3fd9b44d87e29ec

SHA1
f3bc343497d9c2975c23a9f2efc4b4dd1f2a9ed5

SHA256
3f2a83b03034940aaa6dc865ca1e2a3767eb8d38f9cd0651fef4798d5c01f766

SHA512
090ea5c0ceaa71df043f8b9b3f92e43b6f70ce2369c4bfa1548eb2f2530e23945095af918ac41eac22f5eccf7fad790d4d34f4b48a280bfe2e8c8e8044943641

Download Submit
C:\Windows\System\KPlibJm.exe

Filesize
1.5MB

MD5
c33d0a94f503147dca2c70407b6e0eb0

SHA1
98737cc222d08ff767905cd7e3f16e6fae6aae63

SHA256
2fdb2e3c8bbb7910de4593871287410f800a8a0b4bab410f993c78bf5dc20d4b

SHA512
c073445e08c3ae832180698b46b8a676fd171851b17916477e5891570fd7953fb0223b6eadae47eb5548b5ce2c24d27583957db1425ec6e87841c69dbdd418cf

Download Submit
C:\Windows\System\LkoeLTr.exe

Filesize
1.5MB

MD5
89e37cc8c64f29dfbab62cfc09b233d3

SHA1
b1734433f4e75ce107af4b6b5d2b789fbe967c78

SHA256
0452a0fedc92e8236c334c7ba1c9cc3617969de94a9bf51e16faa11fe9779750

SHA512
8856cd110af3ae1fad0b49126803789527e8abd020873797a8e58fa5a9498ab58f2b4e6f9aff19016054915364eb1c55d8edc925833bd5b54fb9e8af4f1cf27e

Download Submit
C:\Windows\System\MhtDHef.exe

Filesize
1.5MB

MD5
a60f4919c5cb91b629b4d4dd8979455d

SHA1
3396b8aabe02dc9ecab0cef2c5261e28aecc3d65

SHA256
ad8ca978dbffdb3d37629223529bc9bcf744d2077227be5cdaf6d49fcf634cbe

SHA512
b902fcbb7d15ccc861db3e3327e39420b86c4a3993d05be27c4b1267137eb3a0479538caa80911b0986f17f5f9d9a2ab677814047f7f3ef4df6d0bb085599924

Download Submit
C:\Windows\System\MkfQunz.exe

Filesize
1.5MB

MD5
3440cb08a6a1f83f41f8a3181502caa2

SHA1
8c18494fb2ffc44363d5ef53c9264367f9af5894

SHA256
eeeaeafd951830877bf3a3b07c42aae30699a948db9bdfcb5164c23110f38a78

SHA512
8542e9d38e0399efbe12a8969781fcabf4648f5527642f992348c97cb3fdad7719ff8f4c55e47b3f88806da26d847a67e30f542a1d731e08cd7e903e5d0b4166

Download Submit
C:\Windows\System\OsFgJjK.exe

Filesize
1.5MB

MD5
d80772ae37e23feb3027f26a30ae10c1

SHA1
1535c5a19cd504609c3b94988177405205a663d3

SHA256
1e8acf1e09c149e4284d99b3e5632c7aa8010d9881d9b33e040c1d68c359b07c

SHA512
2529806f4477008419381c9047048ef55d3bb6bec32b1b433ea4f4ce64b73ed26374aa422dede278365770f5b67e65ed02184c04454abb1ebce410d1d2687069

Download Submit
C:\Windows\System\OvhsVxZ.exe

Filesize
1.5MB

MD5
8bcdc806367c37e37fd1b701e858f215

SHA1
118387c7ab43ffe4f009b34237579380cb90faaa

SHA256
d4d6596043dafb5835482cfa1cdd7b01052346a41295302d08e40e4a40a08056

SHA512
b837687c638b5bff09d160fd1370d338f20d507246cf6fc6029f41f239f365975008863f4af6a9fdcb2dc6953d79afe4f2cf05794113ef5665e9beff5619cb18

Download Submit
C:\Windows\System\UuzAqjk.exe

Filesize
1.5MB

MD5
2477cb67f9f8659cef385186dc12461c

SHA1
5dc331cea2c8f87e9d19cf9ce758edaf532e78b9

SHA256
333962b5bf0936861da1fe3d4e921f5c0d7ca397972eecf1cec1717c44b385a4

SHA512
009551e74454d15e519031158cd1ab758e91ecc5e20983a36694d7dc5fca6bb36629b7b2df9494c3b840eba2d216844e159b2a85f091fb2c3cdf4b385e0b20cc

Download Submit
C:\Windows\System\aAncOrp.exe

Filesize
1.5MB

MD5
92c48a9895a0c4a9824a2632bf175f15

SHA1
eb8ab31806e915ba6a1defa1fa46e9da1b856f56

SHA256
ec76167a428dad664017c2c08d7b9d374cb68564299475e2581c254fa99ab67f

SHA512
861fa2ffe7a668e22bf14a984b80fd49637190a0fc5d9938cbde93eefe0ddc9d62aca4b225d2b3f5e6d365cb89087af65ece4c37e8588a7ed7079628fca90f6c

Download Submit
C:\Windows\System\bDtrSCn.exe

Filesize
1.5MB

MD5
9b24eb6f0444f87946772f4c0bee8690

SHA1
ac6c71893e63fed497dea9eded5b7620228002eb

SHA256
b5dc10f3b27339bf5400ea67f912756a619e5ac8f81ec8b77d021a9f00d9fd9a

SHA512
fcd26a739ebcc583b1f7871d799e904623bcab0fa3089d3aa440a5076f7f91375cf35974ba9275047266e1b331852788f1e544445eb14c6d8a7f79a6b352aefa

Download Submit
C:\Windows\System\dAPRDoi.exe

Filesize
1.5MB

MD5
4c94df5b155dbb58563ee8702e88f3c2

SHA1
84db870be9421e175eccc98d4b2c0aee4b68369b

SHA256
57d15b1023f85424ada9fef211c887aa2219b886f6366d16cb3870d92b6e1e59

SHA512
69a6ebd9cf713e7432ad78278349cafe46fea4f3d249f0be456821140d069e9b592492c97c4ecfc3df19d2cf50900a87cc55ba65246f3d49bc39bf6ce0835c94

Download Submit
C:\Windows\System\gGpZUWg.exe

Filesize
1.5MB

MD5
2554c8e316b0226bd159c6153f8a04ca

SHA1
bc1e4dd0dafba9034b72f9b2813f1a8a7a2e793b

SHA256
ad07775c632933d12ee4142d751f3a3316b2d6785bc4065df4e1ec6d27bf3a09

SHA512
6d622d6114527afb7e17fea9f85005e0faaba577abb12210551855a24de1a644ea02a2382af2612298c74c275173674a365331384160d5966a2ea9c5d7ad9546

Download Submit
C:\Windows\System\ijMwtsB.exe

Filesize
1.5MB

MD5
0fa07373d432f68de8a5e66a0339e046

SHA1
add7f71e0b1361285c55405b7969c6c1e9317143

SHA256
fd4e1160c7611de8b80bac03e64aa6843e27a33d68985f3fc78a67e810705866

SHA512
df372cf89053fb3cc5a60cb281cc8728b216b4bc6169562e98dad1c0ca2247d8c58d3f469588c3ebff2c145585fba796d59fb791815e1fff8eb9d1b0ca5c704b

Download Submit
C:\Windows\System\jQeOsQU.exe

Filesize
1.5MB

MD5
7da99f6d47796a9a96b075ad7c26b319

SHA1
721c54fcd4d979b1a1b9e003dda95c785b00ba39

SHA256
93b2e6596888e8b3346f6d8566ff08c08947b5bfd4f2f49758fe9c2e91390712

SHA512
54f5025b1a2f8c3d94f89ab645990ba8a7409a514ab051157c5d8001a2851febbb484b895e321d0c46e8f6848612677a3d756c3e63396ecd4b76cbc63a8eed91

Download Submit
C:\Windows\System\jygamNe.exe

Filesize
1.5MB

MD5
930c81aad84df4ef52a1004be788fab8

SHA1
1e96b78fe24c6bebaceb389b711f7417de91840e

SHA256
6fc5cfe6b8eb93110afd5c3229190197e5023bb68e505b5e60c4639e822089dc

SHA512
b6b134370e345e21e44f134d819cf89138fd597637059619866df37fe69efbb9c425b71dbc70d5ae4389b492032ef29243105fcbcb8761fd35adb1f38f3dd6f1

Download Submit
C:\Windows\System\lzRMiqI.exe

Filesize
1.5MB

MD5
924e76b0f7184d58d9317e597dc135ea

SHA1
517da14c7ce8b6456eb1d9e2dce4e3c4f2353520

SHA256
f3f913761a14f4d3426c05569486e70bb47b38a3cdfa10d6e11a54db9fa9d021

SHA512
f91584029eec0d5be9ec367e4fa60f8326576ef86ca92cb6a959e51d4b958833c03dcfdc663e77f533e72bf55a090969d02f8bd6010a7b9489275b3ec43cd119

Download Submit
C:\Windows\System\mEMtroy.exe

Filesize
1.5MB

MD5
99f38c032587bfbffaae6b888847e18d

SHA1
089ca6cd43966199f2e42440d76e30c0e9900230

SHA256
35897f62316e9fcfb8c96f9683f8c9b5f71c716add13501765b61a379126704a

SHA512
471bbbdee92a5254e59758232bfd99afc98db7d42c45339bc49b700e516a93a13df82ad59d5c24e22a811b3b836114a2ee263f69a4ba776c9a272b51ed76d04d

Download Submit
C:\Windows\System\mFeWAaF.exe

Filesize
1.5MB

MD5
1165fe8135357bca17586dd2d7b4fc2a

SHA1
4bf64d69ed902247781c8a1bc9fec84ba0377fb2

SHA256
673ddc4ff678f81894c74d72b500df73cdaa88dc6a26903d9f79fef16ba92e7f

SHA512
f8d2c3baf7f9ba4090d20b723f885be97a009a0275c429821c3bcfd689c55772bdcc1c4554d35acaaabd9d2c912f7c8f89fff65368434bb5d5e37acdd421448d

Download Submit
C:\Windows\System\oQYtBII.exe

Filesize
1.5MB

MD5
7fa5e2628101e446a5422aa813cd7f4c

SHA1
a7132ce2b1d74a99b673132a897b8a246fc5abe3

SHA256
2dea2ab12b6af2488e7af11a1ccca6a594aec775a7988d01c8d2444a40453607

SHA512
a80d0bbe1681845497e344475bf08fbb6546595937a30fb02146f4a23c08de0c525d23cc47305824e2c13f4b526a22ec12553ad547024d53dc09e767f79c6d60

Download Submit
C:\Windows\System\obTurBK.exe

Filesize
1.5MB

MD5
e85b16ac3aa4c6ebc9a9759330f5fc63

SHA1
6926af21ca85572d802231fac06fa7db2be05c91

SHA256
faf844b89c96a1d77e8e411d5e0df85fe0aca93f9fa2961b3eb80561d2f5182a

SHA512
9b22b2ab2ac5dd36826f56a6fd2edb9cc80e6763566e9ee3e8d87b44f002ab3d6c4d2c75a8d35402c11adaeaf084296cb1567bc5bc6fa776f2083bd67a5c6c54

Download Submit
C:\Windows\System\qAqkOlp.exe

Filesize
1.5MB

MD5
a679225df43a722ab043c8170c47cb9d

SHA1
b5f5ca366491fc40114b1180015ccb41ee06015f

SHA256
e6a826f3e7f521987c5311d11ed5048380efa4774a0b7552988a066127a7f164

SHA512
976fd2e1e3946da085c89c60868cea0c2d9e46ffa6309b812e88ee896c0cc9d8491032e57cc4b83b7597eb2eb829bb497be8dea16565d283d001d7a996cdfb5c

Download Submit
C:\Windows\System\qRoCoWX.exe

Filesize
1.5MB

MD5
ffd35a76b553fbc16fff32838b6161b5

SHA1
9d824d8dbfbe47d43f90e4dadccd9d38f7975e55

SHA256
7b5d8d52181e39d2052215c27ba2ccf4c15a00cf635d054d9edcc0dcd5eed660

SHA512
046cc72e300cac0eebf2b59124dfb1c260e076f89290ae128cfb863f3827cc3cb7ebd718b3212c0c90662ae223d89d8459f6842ffc478454b24bde0cb5522aee

Download Submit
C:\Windows\System\qqwuGKS.exe

Filesize
1.5MB

MD5
fb836f6ee85edcd9e171aad7d7181507

SHA1
0498b3cf96b4601f821892846866583e18544c2c

SHA256
f37981166a8443f0fefad7b55a5031656b27c090cf6d8483d1d257102f590a19

SHA512
3dec56d5640b23d6df8f7e8f679036ab7c7e8412bfe00af233391b7ad3a0b7856a96dc2bb2dc5a1448bb26e226af8d3a834ef12d36ca93dbc31279c3ccc9162d

Download Submit
C:\Windows\System\sazonet.exe

Filesize
1.5MB

MD5
9d673374e3d63806ff2813c113e6528c

SHA1
35e9f9b9756fdc43f0bc263df679002044bc240b

SHA256
74a4ae53426e92caf947112d70b7b70c7cd3e1b4d2afb6674d159f36902d0244

SHA512
6509840d3caf12f860b13ca3731c8f2ec3da3331937fd4d49c0fd7f345b51b1ff6a2f5248cad43c739689046625ebc0e37438d39c1282f1bb322c4c8896d413c

Download Submit
C:\Windows\System\yFqxgAA.exe

Filesize
1.5MB

MD5
34949ee8e6817f9a3240ca7250eaf77a

SHA1
cfd4304ad220d3aa6638bd71a1e7199ca3297f23

SHA256
3df213ba29e09989cf96bb69198613f5605bae3662002afc56ec604d93b2146f

SHA512
dc24d1aa9c89fb7694380e03aa7675b602263287bd717c32f24cc13dd252413b0c5aecdee38d205fd339f1cd8d92533968b3b1dd461094754c2c2f6be4bd7ecb

Download Submit
C:\Windows\System\yIbQnUX.exe

Filesize
1.5MB

MD5
fe68a7b583727cc32bdb558b1cdaaf6a

SHA1
213f4e3fd97489f36bcc20c31eb193b2e1761299

SHA256
a280571ec56ff301c5d4ea602687b8ce1c277a2ee076c0d51cd6b62f7323ec60

SHA512
8b42e85baf77019f33cb18b7fc975531737c02a7652592b52057c9e643772a1cef979d4f6323f99a8c09d9375378cd128181a850af0e63360f7b6705bdd75d6c

Download Submit
C:\Windows\System\zZDLHBG.exe

Filesize
1.5MB

MD5
19237c8c9490e4337a56d9d4f53aa3bc

SHA1
18b72981b4416cbd4a9b422c4ec37533286778cd

SHA256
cc59ecac43c21b0e5b27b9f3733ddac168c93538a0950df195a946c25c31988a

SHA512
1a7fe672b361c779bb839777914f46cd3a7c69085852ec3ae2f4d8a4d4a916d3aaa87569880bf3fd28d8a54b10d51542b3d85f59a71dec37e82ef4f70dc5c682

Download Submit
memory/456-2311-0x00007FF7F4A20000-0x00007FF7F4D71000-memory.dmp

Filesize
3.3MB

Download
memory/456-101-0x00007FF7F4A20000-0x00007FF7F4D71000-memory.dmp

Filesize
3.3MB

Download
memory/548-135-0x00007FF6C5CE0000-0x00007FF6C6031000-memory.dmp

Filesize
3.3MB

Download
memory/548-2315-0x00007FF6C5CE0000-0x00007FF6C6031000-memory.dmp

Filesize
3.3MB

Download
memory/812-80-0x00007FF626920000-0x00007FF626C71000-memory.dmp

Filesize
3.3MB

Download
memory/812-2299-0x00007FF626920000-0x00007FF626C71000-memory.dmp

Filesize
3.3MB

Download
memory/896-2280-0x00007FF69CFF0000-0x00007FF69D341000-memory.dmp

Filesize
3.3MB

Download
memory/896-103-0x00007FF69CFF0000-0x00007FF69D341000-memory.dmp

Filesize
3.3MB

Download
memory/1312-2215-0x00007FF6FE150000-0x00007FF6FE4A1000-memory.dmp

Filesize
3.3MB

Download
memory/1312-1-0x000001526FD70000-0x000001526FD80000-memory.dmp

Filesize
64KB

Download
memory/1312-0-0x00007FF6FE150000-0x00007FF6FE4A1000-memory.dmp

Filesize
3.3MB

Download
memory/1400-94-0x00007FF645E40000-0x00007FF646191000-memory.dmp

Filesize
3.3MB

Download
memory/1400-2301-0x00007FF645E40000-0x00007FF646191000-memory.dmp

Filesize
3.3MB

Download
memory/1548-154-0x00007FF7DEF50000-0x00007FF7DF2A1000-memory.dmp

Filesize
3.3MB

Download
memory/1548-2323-0x00007FF7DEF50000-0x00007FF7DF2A1000-memory.dmp

Filesize
3.3MB

Download
memory/1584-11-0x00007FF7AFE60000-0x00007FF7B01B1000-memory.dmp

Filesize
3.3MB

Download
memory/1584-2283-0x00007FF7AFE60000-0x00007FF7B01B1000-memory.dmp

Filesize
3.3MB

Download
memory/1652-2326-0x00007FF73D180000-0x00007FF73D4D1000-memory.dmp

Filesize
3.3MB

Download
memory/1652-165-0x00007FF73D180000-0x00007FF73D4D1000-memory.dmp

Filesize
3.3MB

Download
memory/1660-2289-0x00007FF68E230000-0x00007FF68E581000-memory.dmp

Filesize
3.3MB

Download
memory/1660-43-0x00007FF68E230000-0x00007FF68E581000-memory.dmp

Filesize
3.3MB

Download
memory/1660-2217-0x00007FF68E230000-0x00007FF68E581000-memory.dmp

Filesize
3.3MB

Download
memory/1956-2310-0x00007FF6D46E0000-0x00007FF6D4A31000-memory.dmp

Filesize
3.3MB

Download
memory/1956-109-0x00007FF6D46E0000-0x00007FF6D4A31000-memory.dmp

Filesize
3.3MB

Download
memory/2072-2216-0x00007FF610350000-0x00007FF6106A1000-memory.dmp

Filesize
3.3MB

Download
memory/2072-19-0x00007FF610350000-0x00007FF6106A1000-memory.dmp

Filesize
3.3MB

Download
memory/2072-2281-0x00007FF610350000-0x00007FF6106A1000-memory.dmp

Filesize
3.3MB

Download
memory/2220-102-0x00007FF6032A0000-0x00007FF6035F1000-memory.dmp

Filesize
3.3MB

Download
memory/2220-2309-0x00007FF6032A0000-0x00007FF6035F1000-memory.dmp

Filesize
3.3MB

Download
memory/2632-61-0x00007FF71BF70000-0x00007FF71C2C1000-memory.dmp

Filesize
3.3MB

Download
memory/2632-2285-0x00007FF71BF70000-0x00007FF71C2C1000-memory.dmp

Filesize
3.3MB

Download
memory/2780-2321-0x00007FF657850000-0x00007FF657BA1000-memory.dmp

Filesize
3.3MB

Download
memory/2780-163-0x00007FF657850000-0x00007FF657BA1000-memory.dmp

Filesize
3.3MB

Download
memory/3088-95-0x00007FF6DCD40000-0x00007FF6DD091000-memory.dmp

Filesize
3.3MB

Download
memory/3088-2294-0x00007FF6DCD40000-0x00007FF6DD091000-memory.dmp

Filesize
3.3MB

Download
memory/3156-2329-0x00007FF6D1F10000-0x00007FF6D2261000-memory.dmp

Filesize
3.3MB

Download
memory/3156-194-0x00007FF6D1F10000-0x00007FF6D2261000-memory.dmp

Filesize
3.3MB

Download
memory/3172-2320-0x00007FF763A70000-0x00007FF763DC1000-memory.dmp

Filesize
3.3MB

Download
memory/3172-187-0x00007FF763A70000-0x00007FF763DC1000-memory.dmp

Filesize
3.3MB

Download
memory/3224-2313-0x00007FF7A8810000-0x00007FF7A8B61000-memory.dmp

Filesize
3.3MB

Download
memory/3224-110-0x00007FF7A8810000-0x00007FF7A8B61000-memory.dmp

Filesize
3.3MB

Download
memory/3424-2342-0x00007FF735B20000-0x00007FF735E71000-memory.dmp

Filesize
3.3MB

Download
memory/3424-2254-0x00007FF735B20000-0x00007FF735E71000-memory.dmp

Filesize
3.3MB

Download
memory/3424-180-0x00007FF735B20000-0x00007FF735E71000-memory.dmp

Filesize
3.3MB

Download
memory/3652-2312-0x00007FF6C97D0000-0x00007FF6C9B21000-memory.dmp

Filesize
3.3MB

Download
memory/3652-107-0x00007FF6C97D0000-0x00007FF6C9B21000-memory.dmp

Filesize
3.3MB

Download
memory/3672-2335-0x00007FF70A440000-0x00007FF70A791000-memory.dmp

Filesize
3.3MB

Download
memory/3672-174-0x00007FF70A440000-0x00007FF70A791000-memory.dmp

Filesize
3.3MB

Download
memory/3672-2253-0x00007FF70A440000-0x00007FF70A791000-memory.dmp

Filesize
3.3MB

Download
memory/3748-2287-0x00007FF793B70000-0x00007FF793EC1000-memory.dmp

Filesize
3.3MB

Download
memory/3748-106-0x00007FF793B70000-0x00007FF793EC1000-memory.dmp

Filesize
3.3MB

Download
memory/3928-2292-0x00007FF6FC430000-0x00007FF6FC781000-memory.dmp

Filesize
3.3MB

Download
memory/3928-60-0x00007FF6FC430000-0x00007FF6FC781000-memory.dmp

Filesize
3.3MB

Download
memory/3928-2218-0x00007FF6FC430000-0x00007FF6FC781000-memory.dmp

Filesize
3.3MB

Download
memory/4184-2317-0x00007FF6B42E0000-0x00007FF6B4631000-memory.dmp

Filesize
3.3MB

Download
memory/4184-146-0x00007FF6B42E0000-0x00007FF6B4631000-memory.dmp

Filesize
3.3MB

Download
memory/4444-193-0x00007FF7037B0000-0x00007FF703B01000-memory.dmp

Filesize
3.3MB

Download
memory/4444-2337-0x00007FF7037B0000-0x00007FF703B01000-memory.dmp

Filesize
3.3MB

Download
memory/4532-2295-0x00007FF696850000-0x00007FF696BA1000-memory.dmp

Filesize
3.3MB

Download
memory/4532-2219-0x00007FF696850000-0x00007FF696BA1000-memory.dmp

Filesize
3.3MB

Download
memory/4532-75-0x00007FF696850000-0x00007FF696BA1000-memory.dmp

Filesize
3.3MB

Download
memory/4668-108-0x00007FF64A470000-0x00007FF64A7C1000-memory.dmp

Filesize
3.3MB

Download
memory/4668-2297-0x00007FF64A470000-0x00007FF64A7C1000-memory.dmp

Filesize
3.3MB

Download
memory/4944-2327-0x00007FF7869D0000-0x00007FF786D21000-memory.dmp

Filesize
3.3MB

Download
memory/4944-192-0x00007FF7869D0000-0x00007FF786D21000-memory.dmp

Filesize
3.3MB

Download
memory/4996-2240-0x00007FF7A39F0000-0x00007FF7A3D41000-memory.dmp

Filesize
3.3MB

Download
memory/4996-2308-0x00007FF7A39F0000-0x00007FF7A3D41000-memory.dmp

Filesize
3.3MB

Download
memory/4996-87-0x00007FF7A39F0000-0x00007FF7A3D41000-memory.dmp

Filesize
3.3MB

Download