xmrig | 5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 22:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
Size

2.2MB
MD5

984ecc92fddfc422f5172db257405032
SHA1

2820a3586a4b0c61dd77d3e7c36b7fb2ad68ddf1
SHA256

5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f
SHA512

4c12ec4262b766ccaa6c0f2d071c7f8eb72eefd28d5eeabf37c82ea09cb2bfa79d580f918e61d543f8a8f21ab58d25ad546045e522be9860676c2ab9a97ab1f8
SSDEEP

49152:BezaTF8FcNkNdfE0pZ9ozt4wIlUNFMgxc2uhCUy8+gt:BemTLkNdfE0pZrZ

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral1/memory/1916-0-0x000000013F820000-0x000000013FB74000-memory.dmp	UPX
behavioral1/files/0x000a000000012286-3.dat	UPX
behavioral1/files/0x0036000000015678-10.dat	UPX
behavioral1/files/0x0008000000015cb8-26.dat	UPX
behavioral1/memory/1704-30-0x000000013F6D0000-0x000000013FA24000-memory.dmp	UPX
behavioral1/memory/2736-32-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	UPX
behavioral1/memory/2360-33-0x000000013FD30000-0x0000000140084000-memory.dmp	UPX
behavioral1/files/0x0007000000015bf4-34.dat	UPX
behavioral1/memory/2696-36-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	UPX
behavioral1/files/0x0007000000015cdf-42.dat	UPX
behavioral1/memory/2832-52-0x000000013F070000-0x000000013F3C4000-memory.dmp	UPX
behavioral1/files/0x0006000000016581-71.dat	UPX
behavioral1/memory/1916-80-0x000000013F820000-0x000000013FB74000-memory.dmp	UPX
behavioral1/files/0x0006000000016a8a-96.dat	UPX
behavioral1/files/0x0006000000016ceb-126.dat	UPX
behavioral1/files/0x0006000000016dba-190.dat	UPX
behavioral1/memory/2548-1188-0x000000013F580000-0x000000013F8D4000-memory.dmp	UPX
behavioral1/memory/2832-826-0x000000013F070000-0x000000013F3C4000-memory.dmp	UPX
behavioral1/memory/2880-524-0x000000013F470000-0x000000013F7C4000-memory.dmp	UPX
behavioral1/memory/2696-356-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	UPX
behavioral1/files/0x0006000000016d9f-186.dat	UPX
behavioral1/files/0x0006000000016d8b-181.dat	UPX
behavioral1/files/0x0006000000016d6f-176.dat	UPX
behavioral1/files/0x0006000000016d68-171.dat	UPX
behavioral1/files/0x0006000000016d64-166.dat	UPX
behavioral1/files/0x0006000000016d5f-161.dat	UPX
behavioral1/files/0x0006000000016d4b-156.dat	UPX
behavioral1/files/0x0006000000016d43-151.dat	UPX
behavioral1/files/0x0006000000016d3b-146.dat	UPX
behavioral1/files/0x0006000000016d32-141.dat	UPX
behavioral1/files/0x0006000000016d2a-136.dat	UPX
behavioral1/files/0x0006000000016d17-131.dat	UPX
behavioral1/files/0x0006000000016cc1-121.dat	UPX
behavioral1/files/0x0006000000016c78-116.dat	UPX
behavioral1/files/0x0006000000016c6f-111.dat	UPX
behavioral1/memory/2360-105-0x000000013FD30000-0x0000000140084000-memory.dmp	UPX
behavioral1/memory/2736-104-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	UPX
behavioral1/files/0x0006000000016c52-103.dat	UPX
behavioral1/memory/392-100-0x000000013F7D0000-0x000000013FB24000-memory.dmp	UPX
behavioral1/memory/2840-92-0x000000013F420000-0x000000013F774000-memory.dmp	UPX
behavioral1/memory/1704-90-0x000000013F6D0000-0x000000013FA24000-memory.dmp	UPX
behavioral1/memory/2648-89-0x000000013F650000-0x000000013F9A4000-memory.dmp	UPX
behavioral1/files/0x0006000000016835-87.dat	UPX
behavioral1/memory/2680-83-0x000000013FA30000-0x000000013FD84000-memory.dmp	UPX
behavioral1/files/0x00060000000165e1-78.dat	UPX
behavioral1/memory/2184-75-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	UPX
behavioral1/memory/2520-67-0x000000013F6E0000-0x000000013FA34000-memory.dmp	UPX
behavioral1/files/0x0008000000015d12-64.dat	UPX
behavioral1/memory/2548-60-0x000000013F580000-0x000000013F8D4000-memory.dmp	UPX
behavioral1/files/0x0007000000015cf0-58.dat	UPX
behavioral1/memory/2880-44-0x000000013F470000-0x000000013F7C4000-memory.dmp	UPX
behavioral1/files/0x0007000000015ce8-50.dat	UPX
behavioral1/files/0x0008000000015b6e-21.dat	UPX
behavioral1/files/0x0036000000015670-19.dat	UPX
behavioral1/memory/2868-27-0x000000013FF20000-0x0000000140274000-memory.dmp	UPX
behavioral1/memory/2648-25-0x000000013F650000-0x000000013F9A4000-memory.dmp	UPX
behavioral1/memory/2520-2776-0x000000013F6E0000-0x000000013FA34000-memory.dmp	UPX
behavioral1/memory/2680-2946-0x000000013FA30000-0x000000013FD84000-memory.dmp	UPX
behavioral1/memory/2840-3080-0x000000013F420000-0x000000013F774000-memory.dmp	UPX
behavioral1/memory/2868-4031-0x000000013FF20000-0x0000000140274000-memory.dmp	UPX
behavioral1/memory/2648-4032-0x000000013F650000-0x000000013F9A4000-memory.dmp	UPX
behavioral1/memory/2736-4034-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	UPX
behavioral1/memory/1704-4033-0x000000013F6D0000-0x000000013FA24000-memory.dmp	UPX
behavioral1/memory/2832-4035-0x000000013F070000-0x000000013F3C4000-memory.dmp	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1916-0-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/files/0x000a000000012286-3.dat	xmrig
behavioral1/files/0x0036000000015678-10.dat	xmrig
behavioral1/files/0x0008000000015cb8-26.dat	xmrig
behavioral1/memory/1704-30-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2736-32-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2360-33-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/files/0x0007000000015bf4-34.dat	xmrig
behavioral1/memory/2696-36-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015cdf-42.dat	xmrig
behavioral1/memory/2832-52-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016581-71.dat	xmrig
behavioral1/memory/1916-80-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/files/0x0006000000016a8a-96.dat	xmrig
behavioral1/files/0x0006000000016ceb-126.dat	xmrig
behavioral1/files/0x0006000000016dba-190.dat	xmrig
behavioral1/memory/2548-1188-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2832-826-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/memory/2880-524-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2696-356-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d9f-186.dat	xmrig
behavioral1/files/0x0006000000016d8b-181.dat	xmrig
behavioral1/files/0x0006000000016d6f-176.dat	xmrig
behavioral1/files/0x0006000000016d68-171.dat	xmrig
behavioral1/files/0x0006000000016d64-166.dat	xmrig
behavioral1/files/0x0006000000016d5f-161.dat	xmrig
behavioral1/files/0x0006000000016d4b-156.dat	xmrig
behavioral1/files/0x0006000000016d43-151.dat	xmrig
behavioral1/files/0x0006000000016d3b-146.dat	xmrig
behavioral1/files/0x0006000000016d32-141.dat	xmrig
behavioral1/files/0x0006000000016d2a-136.dat	xmrig
behavioral1/files/0x0006000000016d17-131.dat	xmrig
behavioral1/files/0x0006000000016cc1-121.dat	xmrig
behavioral1/files/0x0006000000016c78-116.dat	xmrig
behavioral1/files/0x0006000000016c6f-111.dat	xmrig
behavioral1/memory/2360-105-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/2736-104-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016c52-103.dat	xmrig
behavioral1/memory/392-100-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/2840-92-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/1916-91-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/1704-90-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2648-89-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016835-87.dat	xmrig
behavioral1/memory/2680-83-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/1916-82-0x0000000001E90000-0x00000000021E4000-memory.dmp	xmrig
behavioral1/files/0x00060000000165e1-78.dat	xmrig
behavioral1/memory/2184-75-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/2520-67-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/files/0x0008000000015d12-64.dat	xmrig
behavioral1/memory/2548-60-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015cf0-58.dat	xmrig
behavioral1/memory/2880-44-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015ce8-50.dat	xmrig
behavioral1/files/0x0008000000015b6e-21.dat	xmrig
behavioral1/files/0x0036000000015670-19.dat	xmrig
behavioral1/memory/2868-27-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/2648-25-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/memory/2520-2776-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/2680-2946-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/1916-3079-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2840-3080-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/1916-3726-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/2868-4031-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2868	eZdKPYa.exe
1704	jFqPvBN.exe
2648	xMEKXoo.exe
2736	JzYmEiK.exe
2360	UVuvIBe.exe
2696	VmJpuRK.exe
2880	jjkwIkY.exe
2832	roeKRVE.exe
2548	hiekbHO.exe
2520	TtoDjJw.exe
2184	DelnRaL.exe
2680	UULpkuj.exe
2840	XjBMjqq.exe
392	fNHSySO.exe
1956	qTAPGDV.exe
760	rYxzbtT.exe
1964	ikMIqWn.exe
1604	cJprKRv.exe
1540	AxkXpeo.exe
1648	yZKnGpY.exe
1440	paVFaCl.exe
1432	yIbIYXH.exe
2056	IBYvPIw.exe
1792	OnqIJDD.exe
2060	iilLjAZ.exe
2096	mHZDGMO.exe
2900	cXBTusb.exe
2296	XnbNEkg.exe
784	rElLfXS.exe
2684	YkucOao.exe
1464	gHqFrik.exe
2540	kHaoQPg.exe
1072	aFYMsPt.exe
856	ErgdSzk.exe
1124	LNwhamr.exe
2384	RiRRbHx.exe
2340	JlalcCg.exe
1764	emEKeJi.exe
2144	oNbxRiA.exe
1980	xkBtzyj.exe
656	zUXtDVS.exe
1596	ECzunaR.exe
1388	mCahiDc.exe
688	yirWgRX.exe
844	LZZSddp.exe
3028	otqkhjP.exe
1720	TVLskGg.exe
2008	zhrvGjv.exe
284	QMRJztA.exe
2280	GmYarWW.exe
2176	CBIXJLx.exe
1492	VByDFEr.exe
2272	sVZRLQD.exe
1736	BryrqNf.exe
2996	JchoXmX.exe
2988	TOlsFLp.exe
1588	abVFOMn.exe
1772	JTGpQnH.exe
2004	ChbEOXQ.exe
3060	TYWEKRh.exe
2748	lfWbqBn.exe
2768	IhfqwwN.exe
2672	HNQmeBw.exe
2564	LPnUzck.exe

Loads dropped DLL 64 IoCs

pid	Process
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1916-0-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/files/0x000a000000012286-3.dat	upx
behavioral1/files/0x0036000000015678-10.dat	upx
behavioral1/files/0x0008000000015cb8-26.dat	upx
behavioral1/memory/1704-30-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2736-32-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2360-33-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/files/0x0007000000015bf4-34.dat	upx
behavioral1/memory/2696-36-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/files/0x0007000000015cdf-42.dat	upx
behavioral1/memory/2832-52-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/files/0x0006000000016581-71.dat	upx
behavioral1/memory/1916-80-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/files/0x0006000000016a8a-96.dat	upx
behavioral1/files/0x0006000000016ceb-126.dat	upx
behavioral1/files/0x0006000000016dba-190.dat	upx
behavioral1/memory/2548-1188-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2832-826-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/memory/2880-524-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2696-356-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/files/0x0006000000016d9f-186.dat	upx
behavioral1/files/0x0006000000016d8b-181.dat	upx
behavioral1/files/0x0006000000016d6f-176.dat	upx
behavioral1/files/0x0006000000016d68-171.dat	upx
behavioral1/files/0x0006000000016d64-166.dat	upx
behavioral1/files/0x0006000000016d5f-161.dat	upx
behavioral1/files/0x0006000000016d4b-156.dat	upx
behavioral1/files/0x0006000000016d43-151.dat	upx
behavioral1/files/0x0006000000016d3b-146.dat	upx
behavioral1/files/0x0006000000016d32-141.dat	upx
behavioral1/files/0x0006000000016d2a-136.dat	upx
behavioral1/files/0x0006000000016d17-131.dat	upx
behavioral1/files/0x0006000000016cc1-121.dat	upx
behavioral1/files/0x0006000000016c78-116.dat	upx
behavioral1/files/0x0006000000016c6f-111.dat	upx
behavioral1/memory/2360-105-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/memory/2736-104-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/files/0x0006000000016c52-103.dat	upx
behavioral1/memory/392-100-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/2840-92-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/1704-90-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2648-89-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/files/0x0006000000016835-87.dat	upx
behavioral1/memory/2680-83-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/files/0x00060000000165e1-78.dat	upx
behavioral1/memory/2184-75-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2520-67-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/files/0x0008000000015d12-64.dat	upx
behavioral1/memory/2548-60-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/files/0x0007000000015cf0-58.dat	upx
behavioral1/memory/2880-44-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/files/0x0007000000015ce8-50.dat	upx
behavioral1/files/0x0008000000015b6e-21.dat	upx
behavioral1/files/0x0036000000015670-19.dat	upx
behavioral1/memory/2868-27-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2648-25-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/memory/2520-2776-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/2680-2946-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2840-3080-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2868-4031-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2648-4032-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/memory/2736-4034-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/1704-4033-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2832-4035-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\pxlOEgh.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\ObLuzJH.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\YSqFMKx.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\CFJFOuA.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\LSQzAvG.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\yUqNvKk.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\iMOzCKF.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\AxkXpeo.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\lvhHAaa.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\gDfrCXE.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\EhNNwDx.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\vEhKIqJ.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\uKDGlNT.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\CRMzkjT.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\LMOpDbM.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\AQFRJip.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\kXoviGk.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\xGeJvxY.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\dradhlJ.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\fsMxuzi.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\xaXCwJv.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\EmmUZzV.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\uCvGmRl.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\UjyziCd.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\QODHsGU.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\NzBIJQN.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\BEhkOmn.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\yirWgRX.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\LxfPkon.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\LdkOXXs.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\FHeSyDK.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\LSzFbCH.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\YCmAGda.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\vPMeSNY.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\zsqfgKe.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\AmUMAXn.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\AUPXSyG.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\GxFhDZx.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\NFiwpQv.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\HHHxLMn.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\uhqAwaw.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\wKRGOtW.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\EyeLMgS.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\DAOAEHH.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\lmqfZEB.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\UFEmOsa.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\GmwUxyk.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\rMhDVcV.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\boSaKmf.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\vbRSNlG.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\xMEKXoo.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\LJQbBbE.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\spHfBrF.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\pWAcNrj.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\dRiDtnx.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\edUrnNL.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\oeiHlxc.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\RkKatMf.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\uTrLklC.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\DExzkIK.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\RQhrPyU.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\fkkIxry.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\eRwVgRA.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
File created	C:\Windows\System\wMqpWET.exe	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1916 wrote to memory of 2868	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	29
PID 1916 wrote to memory of 2868	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	29
PID 1916 wrote to memory of 2868	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	29
PID 1916 wrote to memory of 1704	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	30
PID 1916 wrote to memory of 1704	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	30
PID 1916 wrote to memory of 1704	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	30
PID 1916 wrote to memory of 2360	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	31
PID 1916 wrote to memory of 2360	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	31
PID 1916 wrote to memory of 2360	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	31
PID 1916 wrote to memory of 2648	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	32
PID 1916 wrote to memory of 2648	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	32
PID 1916 wrote to memory of 2648	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	32
PID 1916 wrote to memory of 2696	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	33
PID 1916 wrote to memory of 2696	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	33
PID 1916 wrote to memory of 2696	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	33
PID 1916 wrote to memory of 2736	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	34
PID 1916 wrote to memory of 2736	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	34
PID 1916 wrote to memory of 2736	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	34
PID 1916 wrote to memory of 2880	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	35
PID 1916 wrote to memory of 2880	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	35
PID 1916 wrote to memory of 2880	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	35
PID 1916 wrote to memory of 2832	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	36
PID 1916 wrote to memory of 2832	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	36
PID 1916 wrote to memory of 2832	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	36
PID 1916 wrote to memory of 2548	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	37
PID 1916 wrote to memory of 2548	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	37
PID 1916 wrote to memory of 2548	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	37
PID 1916 wrote to memory of 2520	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	38
PID 1916 wrote to memory of 2520	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	38
PID 1916 wrote to memory of 2520	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	38
PID 1916 wrote to memory of 2184	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	39
PID 1916 wrote to memory of 2184	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	39
PID 1916 wrote to memory of 2184	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	39
PID 1916 wrote to memory of 2680	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	40
PID 1916 wrote to memory of 2680	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	40
PID 1916 wrote to memory of 2680	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	40
PID 1916 wrote to memory of 2840	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	41
PID 1916 wrote to memory of 2840	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	41
PID 1916 wrote to memory of 2840	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	41
PID 1916 wrote to memory of 392	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	42
PID 1916 wrote to memory of 392	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	42
PID 1916 wrote to memory of 392	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	42
PID 1916 wrote to memory of 1956	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	43
PID 1916 wrote to memory of 1956	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	43
PID 1916 wrote to memory of 1956	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	43
PID 1916 wrote to memory of 760	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	44
PID 1916 wrote to memory of 760	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	44
PID 1916 wrote to memory of 760	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	44
PID 1916 wrote to memory of 1964	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	45
PID 1916 wrote to memory of 1964	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	45
PID 1916 wrote to memory of 1964	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	45
PID 1916 wrote to memory of 1604	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	46
PID 1916 wrote to memory of 1604	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	46
PID 1916 wrote to memory of 1604	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	46
PID 1916 wrote to memory of 1540	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	47
PID 1916 wrote to memory of 1540	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	47
PID 1916 wrote to memory of 1540	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	47
PID 1916 wrote to memory of 1648	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	48
PID 1916 wrote to memory of 1648	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	48
PID 1916 wrote to memory of 1648	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	48
PID 1916 wrote to memory of 1440	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	49
PID 1916 wrote to memory of 1440	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	49
PID 1916 wrote to memory of 1440	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	49
PID 1916 wrote to memory of 1432	1916	5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe	50

C:\Users\Admin\AppData\Local\Temp\5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe
"C:\Users\Admin\AppData\Local\Temp\5af78b314eb8e12a50a449cbf982bcc82fdd0dc5cbf183ea6ce370ba15b3544f.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1916
- C:\Windows\System\eZdKPYa.exe
  C:\Windows\System\eZdKPYa.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\jFqPvBN.exe
  C:\Windows\System\jFqPvBN.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\UVuvIBe.exe
  C:\Windows\System\UVuvIBe.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\xMEKXoo.exe
  C:\Windows\System\xMEKXoo.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\VmJpuRK.exe
  C:\Windows\System\VmJpuRK.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\JzYmEiK.exe
  C:\Windows\System\JzYmEiK.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\jjkwIkY.exe
  C:\Windows\System\jjkwIkY.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\roeKRVE.exe
  C:\Windows\System\roeKRVE.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\hiekbHO.exe
  C:\Windows\System\hiekbHO.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\TtoDjJw.exe
  C:\Windows\System\TtoDjJw.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\DelnRaL.exe
  C:\Windows\System\DelnRaL.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\UULpkuj.exe
  C:\Windows\System\UULpkuj.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\XjBMjqq.exe
  C:\Windows\System\XjBMjqq.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\fNHSySO.exe
  C:\Windows\System\fNHSySO.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\qTAPGDV.exe
  C:\Windows\System\qTAPGDV.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\rYxzbtT.exe
  C:\Windows\System\rYxzbtT.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\ikMIqWn.exe
  C:\Windows\System\ikMIqWn.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\cJprKRv.exe
  C:\Windows\System\cJprKRv.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\AxkXpeo.exe
  C:\Windows\System\AxkXpeo.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\yZKnGpY.exe
  C:\Windows\System\yZKnGpY.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\paVFaCl.exe
  C:\Windows\System\paVFaCl.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\yIbIYXH.exe
  C:\Windows\System\yIbIYXH.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\IBYvPIw.exe
  C:\Windows\System\IBYvPIw.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\OnqIJDD.exe
  C:\Windows\System\OnqIJDD.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\iilLjAZ.exe
  C:\Windows\System\iilLjAZ.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\mHZDGMO.exe
  C:\Windows\System\mHZDGMO.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\cXBTusb.exe
  C:\Windows\System\cXBTusb.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\XnbNEkg.exe
  C:\Windows\System\XnbNEkg.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\rElLfXS.exe
  C:\Windows\System\rElLfXS.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\YkucOao.exe
  C:\Windows\System\YkucOao.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\gHqFrik.exe
  C:\Windows\System\gHqFrik.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\kHaoQPg.exe
  C:\Windows\System\kHaoQPg.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\aFYMsPt.exe
  C:\Windows\System\aFYMsPt.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\ErgdSzk.exe
  C:\Windows\System\ErgdSzk.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\LNwhamr.exe
  C:\Windows\System\LNwhamr.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\RiRRbHx.exe
  C:\Windows\System\RiRRbHx.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\JlalcCg.exe
  C:\Windows\System\JlalcCg.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\emEKeJi.exe
  C:\Windows\System\emEKeJi.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\oNbxRiA.exe
  C:\Windows\System\oNbxRiA.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\xkBtzyj.exe
  C:\Windows\System\xkBtzyj.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\zUXtDVS.exe
  C:\Windows\System\zUXtDVS.exe
  2⤵
  - Executes dropped EXE
  PID:656
- C:\Windows\System\ECzunaR.exe
  C:\Windows\System\ECzunaR.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\mCahiDc.exe
  C:\Windows\System\mCahiDc.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\yirWgRX.exe
  C:\Windows\System\yirWgRX.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\LZZSddp.exe
  C:\Windows\System\LZZSddp.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\otqkhjP.exe
  C:\Windows\System\otqkhjP.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\TVLskGg.exe
  C:\Windows\System\TVLskGg.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\zhrvGjv.exe
  C:\Windows\System\zhrvGjv.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\QMRJztA.exe
  C:\Windows\System\QMRJztA.exe
  2⤵
  - Executes dropped EXE
  PID:284
- C:\Windows\System\GmYarWW.exe
  C:\Windows\System\GmYarWW.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\CBIXJLx.exe
  C:\Windows\System\CBIXJLx.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\VByDFEr.exe
  C:\Windows\System\VByDFEr.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\sVZRLQD.exe
  C:\Windows\System\sVZRLQD.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\BryrqNf.exe
  C:\Windows\System\BryrqNf.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\JchoXmX.exe
  C:\Windows\System\JchoXmX.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\TOlsFLp.exe
  C:\Windows\System\TOlsFLp.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\abVFOMn.exe
  C:\Windows\System\abVFOMn.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\JTGpQnH.exe
  C:\Windows\System\JTGpQnH.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\ChbEOXQ.exe
  C:\Windows\System\ChbEOXQ.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\TYWEKRh.exe
  C:\Windows\System\TYWEKRh.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\lfWbqBn.exe
  C:\Windows\System\lfWbqBn.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\IhfqwwN.exe
  C:\Windows\System\IhfqwwN.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\HNQmeBw.exe
  C:\Windows\System\HNQmeBw.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\LPnUzck.exe
  C:\Windows\System\LPnUzck.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\ODihQaj.exe
  C:\Windows\System\ODihQaj.exe
  2⤵
  PID:2964
- C:\Windows\System\RUllfJH.exe
  C:\Windows\System\RUllfJH.exe
  2⤵
  PID:2000
- C:\Windows\System\LBxdIWc.exe
  C:\Windows\System\LBxdIWc.exe
  2⤵
  PID:344
- C:\Windows\System\FXExQqC.exe
  C:\Windows\System\FXExQqC.exe
  2⤵
  PID:1940
- C:\Windows\System\UsNLQoA.exe
  C:\Windows\System\UsNLQoA.exe
  2⤵
  PID:1632
- C:\Windows\System\TSGerbE.exe
  C:\Windows\System\TSGerbE.exe
  2⤵
  PID:1924
- C:\Windows\System\UrVBYLi.exe
  C:\Windows\System\UrVBYLi.exe
  2⤵
  PID:1200
- C:\Windows\System\yiURYYs.exe
  C:\Windows\System\yiURYYs.exe
  2⤵
  PID:1512
- C:\Windows\System\RBTidRq.exe
  C:\Windows\System\RBTidRq.exe
  2⤵
  PID:2084
- C:\Windows\System\LdbRsMf.exe
  C:\Windows\System\LdbRsMf.exe
  2⤵
  PID:2120
- C:\Windows\System\QGxhnuv.exe
  C:\Windows\System\QGxhnuv.exe
  2⤵
  PID:2052
- C:\Windows\System\esFevHN.exe
  C:\Windows\System\esFevHN.exe
  2⤵
  PID:1172
- C:\Windows\System\ogofjna.exe
  C:\Windows\System\ogofjna.exe
  2⤵
  PID:2192
- C:\Windows\System\lvhHAaa.exe
  C:\Windows\System\lvhHAaa.exe
  2⤵
  PID:1608
- C:\Windows\System\WjzYsIg.exe
  C:\Windows\System\WjzYsIg.exe
  2⤵
  PID:1884
- C:\Windows\System\nnNmTYD.exe
  C:\Windows\System\nnNmTYD.exe
  2⤵
  PID:2472
- C:\Windows\System\mAQsHZp.exe
  C:\Windows\System\mAQsHZp.exe
  2⤵
  PID:1356
- C:\Windows\System\zSdQbkH.exe
  C:\Windows\System\zSdQbkH.exe
  2⤵
  PID:1344
- C:\Windows\System\CXhvgxt.exe
  C:\Windows\System\CXhvgxt.exe
  2⤵
  PID:1852
- C:\Windows\System\BUYpdan.exe
  C:\Windows\System\BUYpdan.exe
  2⤵
  PID:1040
- C:\Windows\System\JdUVFPT.exe
  C:\Windows\System\JdUVFPT.exe
  2⤵
  PID:1768
- C:\Windows\System\YdpVDVx.exe
  C:\Windows\System\YdpVDVx.exe
  2⤵
  PID:944
- C:\Windows\System\zhWSsVX.exe
  C:\Windows\System\zhWSsVX.exe
  2⤵
  PID:1052
- C:\Windows\System\PBQSyVD.exe
  C:\Windows\System\PBQSyVD.exe
  2⤵
  PID:2924
- C:\Windows\System\gZmTHIH.exe
  C:\Windows\System\gZmTHIH.exe
  2⤵
  PID:2376
- C:\Windows\System\PNYJSMf.exe
  C:\Windows\System\PNYJSMf.exe
  2⤵
  PID:604
- C:\Windows\System\MBxRHhR.exe
  C:\Windows\System\MBxRHhR.exe
  2⤵
  PID:1912
- C:\Windows\System\PzuQZTf.exe
  C:\Windows\System\PzuQZTf.exe
  2⤵
  PID:2224
- C:\Windows\System\BbQDgsa.exe
  C:\Windows\System\BbQDgsa.exe
  2⤵
  PID:2424
- C:\Windows\System\rydDKVt.exe
  C:\Windows\System\rydDKVt.exe
  2⤵
  PID:2656
- C:\Windows\System\hyFfGhz.exe
  C:\Windows\System\hyFfGhz.exe
  2⤵
  PID:2264
- C:\Windows\System\IzSWxan.exe
  C:\Windows\System\IzSWxan.exe
  2⤵
  PID:2740
- C:\Windows\System\sKCTwNA.exe
  C:\Windows\System\sKCTwNA.exe
  2⤵
  PID:2960
- C:\Windows\System\HXxcfhO.exe
  C:\Windows\System\HXxcfhO.exe
  2⤵
  PID:2940
- C:\Windows\System\ypiQiJk.exe
  C:\Windows\System\ypiQiJk.exe
  2⤵
  PID:2168
- C:\Windows\System\MdCAkNV.exe
  C:\Windows\System\MdCAkNV.exe
  2⤵
  PID:2476
- C:\Windows\System\KGWWMgz.exe
  C:\Windows\System\KGWWMgz.exe
  2⤵
  PID:2596
- C:\Windows\System\HzAuMmG.exe
  C:\Windows\System\HzAuMmG.exe
  2⤵
  PID:2284
- C:\Windows\System\WHAAibW.exe
  C:\Windows\System\WHAAibW.exe
  2⤵
  PID:1080
- C:\Windows\System\xSFoDCe.exe
  C:\Windows\System\xSFoDCe.exe
  2⤵
  PID:576
- C:\Windows\System\cVjEvuW.exe
  C:\Windows\System\cVjEvuW.exe
  2⤵
  PID:772
- C:\Windows\System\KBqjLhy.exe
  C:\Windows\System\KBqjLhy.exe
  2⤵
  PID:2468
- C:\Windows\System\mpGSsPq.exe
  C:\Windows\System\mpGSsPq.exe
  2⤵
  PID:2152
- C:\Windows\System\hHpJpdx.exe
  C:\Windows\System\hHpJpdx.exe
  2⤵
  PID:328
- C:\Windows\System\gDfrCXE.exe
  C:\Windows\System\gDfrCXE.exe
  2⤵
  PID:1816
- C:\Windows\System\LJQbBbE.exe
  C:\Windows\System\LJQbBbE.exe
  2⤵
  PID:1136
- C:\Windows\System\bgAmKAB.exe
  C:\Windows\System\bgAmKAB.exe
  2⤵
  PID:2036
- C:\Windows\System\VHglNFU.exe
  C:\Windows\System\VHglNFU.exe
  2⤵
  PID:2164
- C:\Windows\System\qRPltYb.exe
  C:\Windows\System\qRPltYb.exe
  2⤵
  PID:2872
- C:\Windows\System\uzOANbd.exe
  C:\Windows\System\uzOANbd.exe
  2⤵
  PID:1584
- C:\Windows\System\McogJUJ.exe
  C:\Windows\System\McogJUJ.exe
  2⤵
  PID:2688
- C:\Windows\System\egudoep.exe
  C:\Windows\System\egudoep.exe
  2⤵
  PID:2676
- C:\Windows\System\OeIsItr.exe
  C:\Windows\System\OeIsItr.exe
  2⤵
  PID:2860
- C:\Windows\System\yjCEdAg.exe
  C:\Windows\System\yjCEdAg.exe
  2⤵
  PID:1948
- C:\Windows\System\ZhihiOu.exe
  C:\Windows\System\ZhihiOu.exe
  2⤵
  PID:2612
- C:\Windows\System\PNmuLiI.exe
  C:\Windows\System\PNmuLiI.exe
  2⤵
  PID:2308
- C:\Windows\System\YoCnoLY.exe
  C:\Windows\System\YoCnoLY.exe
  2⤵
  PID:2232
- C:\Windows\System\xPhyHDS.exe
  C:\Windows\System\xPhyHDS.exe
  2⤵
  PID:2032
- C:\Windows\System\bJExiMz.exe
  C:\Windows\System\bJExiMz.exe
  2⤵
  PID:1832
- C:\Windows\System\HxFtRzw.exe
  C:\Windows\System\HxFtRzw.exe
  2⤵
  PID:1532
- C:\Windows\System\SawPwnX.exe
  C:\Windows\System\SawPwnX.exe
  2⤵
  PID:2212
- C:\Windows\System\gRFLORn.exe
  C:\Windows\System\gRFLORn.exe
  2⤵
  PID:2148
- C:\Windows\System\WTVZhIl.exe
  C:\Windows\System\WTVZhIl.exe
  2⤵
  PID:3088
- C:\Windows\System\ptnVGRB.exe
  C:\Windows\System\ptnVGRB.exe
  2⤵
  PID:3104
- C:\Windows\System\rgpYkcZ.exe
  C:\Windows\System\rgpYkcZ.exe
  2⤵
  PID:3128
- C:\Windows\System\EhNNwDx.exe
  C:\Windows\System\EhNNwDx.exe
  2⤵
  PID:3144
- C:\Windows\System\VZNytTN.exe
  C:\Windows\System\VZNytTN.exe
  2⤵
  PID:3160
- C:\Windows\System\XVDccUI.exe
  C:\Windows\System\XVDccUI.exe
  2⤵
  PID:3180
- C:\Windows\System\vEhKIqJ.exe
  C:\Windows\System\vEhKIqJ.exe
  2⤵
  PID:3204
- C:\Windows\System\uvEmElb.exe
  C:\Windows\System\uvEmElb.exe
  2⤵
  PID:3232
- C:\Windows\System\DHtSubI.exe
  C:\Windows\System\DHtSubI.exe
  2⤵
  PID:3248
- C:\Windows\System\dcqNdVN.exe
  C:\Windows\System\dcqNdVN.exe
  2⤵
  PID:3272
- C:\Windows\System\znPEzkj.exe
  C:\Windows\System\znPEzkj.exe
  2⤵
  PID:3292
- C:\Windows\System\SiVkLWW.exe
  C:\Windows\System\SiVkLWW.exe
  2⤵
  PID:3312
- C:\Windows\System\OzhAXWb.exe
  C:\Windows\System\OzhAXWb.exe
  2⤵
  PID:3332
- C:\Windows\System\TPiHiaX.exe
  C:\Windows\System\TPiHiaX.exe
  2⤵
  PID:3352
- C:\Windows\System\YiYVhfJ.exe
  C:\Windows\System\YiYVhfJ.exe
  2⤵
  PID:3372
- C:\Windows\System\AVicOoW.exe
  C:\Windows\System\AVicOoW.exe
  2⤵
  PID:3392
- C:\Windows\System\ghSiSan.exe
  C:\Windows\System\ghSiSan.exe
  2⤵
  PID:3416
- C:\Windows\System\zsqfgKe.exe
  C:\Windows\System\zsqfgKe.exe
  2⤵
  PID:3436
- C:\Windows\System\wALRFOb.exe
  C:\Windows\System\wALRFOb.exe
  2⤵
  PID:3456
- C:\Windows\System\SINkmTJ.exe
  C:\Windows\System\SINkmTJ.exe
  2⤵
  PID:3476
- C:\Windows\System\QwMNswo.exe
  C:\Windows\System\QwMNswo.exe
  2⤵
  PID:3496
- C:\Windows\System\lzIEBAH.exe
  C:\Windows\System\lzIEBAH.exe
  2⤵
  PID:3516
- C:\Windows\System\bdkjxoU.exe
  C:\Windows\System\bdkjxoU.exe
  2⤵
  PID:3536
- C:\Windows\System\gFWNCds.exe
  C:\Windows\System\gFWNCds.exe
  2⤵
  PID:3556
- C:\Windows\System\XxWRFYi.exe
  C:\Windows\System\XxWRFYi.exe
  2⤵
  PID:3576
- C:\Windows\System\vxndomp.exe
  C:\Windows\System\vxndomp.exe
  2⤵
  PID:3596
- C:\Windows\System\bDnuDyE.exe
  C:\Windows\System\bDnuDyE.exe
  2⤵
  PID:3616
- C:\Windows\System\FZUJnbs.exe
  C:\Windows\System\FZUJnbs.exe
  2⤵
  PID:3636
- C:\Windows\System\TgXJKWy.exe
  C:\Windows\System\TgXJKWy.exe
  2⤵
  PID:3656
- C:\Windows\System\QpDvucS.exe
  C:\Windows\System\QpDvucS.exe
  2⤵
  PID:3676
- C:\Windows\System\aSQgLki.exe
  C:\Windows\System\aSQgLki.exe
  2⤵
  PID:3696
- C:\Windows\System\sEPWqBj.exe
  C:\Windows\System\sEPWqBj.exe
  2⤵
  PID:3716
- C:\Windows\System\Hvzmxkq.exe
  C:\Windows\System\Hvzmxkq.exe
  2⤵
  PID:3736
- C:\Windows\System\oHWqDHR.exe
  C:\Windows\System\oHWqDHR.exe
  2⤵
  PID:3756
- C:\Windows\System\ELOGRUs.exe
  C:\Windows\System\ELOGRUs.exe
  2⤵
  PID:3776
- C:\Windows\System\BIElapT.exe
  C:\Windows\System\BIElapT.exe
  2⤵
  PID:3796
- C:\Windows\System\NqYGsTE.exe
  C:\Windows\System\NqYGsTE.exe
  2⤵
  PID:3816
- C:\Windows\System\dvScwgl.exe
  C:\Windows\System\dvScwgl.exe
  2⤵
  PID:3836
- C:\Windows\System\jYnFnhC.exe
  C:\Windows\System\jYnFnhC.exe
  2⤵
  PID:3856
- C:\Windows\System\doKqlFj.exe
  C:\Windows\System\doKqlFj.exe
  2⤵
  PID:3876
- C:\Windows\System\qgvXGGE.exe
  C:\Windows\System\qgvXGGE.exe
  2⤵
  PID:3896
- C:\Windows\System\rtRitNr.exe
  C:\Windows\System\rtRitNr.exe
  2⤵
  PID:3916
- C:\Windows\System\XVGQPcz.exe
  C:\Windows\System\XVGQPcz.exe
  2⤵
  PID:3936
- C:\Windows\System\HARBJrC.exe
  C:\Windows\System\HARBJrC.exe
  2⤵
  PID:3956
- C:\Windows\System\hMPILzy.exe
  C:\Windows\System\hMPILzy.exe
  2⤵
  PID:3976
- C:\Windows\System\GsBouur.exe
  C:\Windows\System\GsBouur.exe
  2⤵
  PID:3996
- C:\Windows\System\NGNaUVe.exe
  C:\Windows\System\NGNaUVe.exe
  2⤵
  PID:4016
- C:\Windows\System\Lkcixfd.exe
  C:\Windows\System\Lkcixfd.exe
  2⤵
  PID:4036
- C:\Windows\System\LSQzAvG.exe
  C:\Windows\System\LSQzAvG.exe
  2⤵
  PID:4052
- C:\Windows\System\GShBlLc.exe
  C:\Windows\System\GShBlLc.exe
  2⤵
  PID:4076
- C:\Windows\System\LsTGmdT.exe
  C:\Windows\System\LsTGmdT.exe
  2⤵
  PID:1732
- C:\Windows\System\pyEphPq.exe
  C:\Windows\System\pyEphPq.exe
  2⤵
  PID:2020
- C:\Windows\System\dBlzeYg.exe
  C:\Windows\System\dBlzeYg.exe
  2⤵
  PID:1548
- C:\Windows\System\pzTUrAv.exe
  C:\Windows\System\pzTUrAv.exe
  2⤵
  PID:2664
- C:\Windows\System\WxUtrRp.exe
  C:\Windows\System\WxUtrRp.exe
  2⤵
  PID:624
- C:\Windows\System\kPoxMcZ.exe
  C:\Windows\System\kPoxMcZ.exe
  2⤵
  PID:2480
- C:\Windows\System\GeuSNva.exe
  C:\Windows\System\GeuSNva.exe
  2⤵
  PID:836
- C:\Windows\System\LlLDKxi.exe
  C:\Windows\System\LlLDKxi.exe
  2⤵
  PID:984
- C:\Windows\System\VQdpRba.exe
  C:\Windows\System\VQdpRba.exe
  2⤵
  PID:2692
- C:\Windows\System\ExZBTeM.exe
  C:\Windows\System\ExZBTeM.exe
  2⤵
  PID:2100
- C:\Windows\System\YPKIzQp.exe
  C:\Windows\System\YPKIzQp.exe
  2⤵
  PID:3096
- C:\Windows\System\iRumAiI.exe
  C:\Windows\System\iRumAiI.exe
  2⤵
  PID:3152
- C:\Windows\System\kaOZQJS.exe
  C:\Windows\System\kaOZQJS.exe
  2⤵
  PID:3172
- C:\Windows\System\ewaAkQJ.exe
  C:\Windows\System\ewaAkQJ.exe
  2⤵
  PID:3136
- C:\Windows\System\cwMrsYv.exe
  C:\Windows\System\cwMrsYv.exe
  2⤵
  PID:3220
- C:\Windows\System\uMrcTeg.exe
  C:\Windows\System\uMrcTeg.exe
  2⤵
  PID:3280
- C:\Windows\System\JUnUZsj.exe
  C:\Windows\System\JUnUZsj.exe
  2⤵
  PID:3320
- C:\Windows\System\qfRHbFB.exe
  C:\Windows\System\qfRHbFB.exe
  2⤵
  PID:3348
- C:\Windows\System\cDOoAPk.exe
  C:\Windows\System\cDOoAPk.exe
  2⤵
  PID:3380
- C:\Windows\System\KCpvAIu.exe
  C:\Windows\System\KCpvAIu.exe
  2⤵
  PID:2260
- C:\Windows\System\WUuUJTx.exe
  C:\Windows\System\WUuUJTx.exe
  2⤵
  PID:3428
- C:\Windows\System\TArSOFS.exe
  C:\Windows\System\TArSOFS.exe
  2⤵
  PID:3472
- C:\Windows\System\HmLTFwz.exe
  C:\Windows\System\HmLTFwz.exe
  2⤵
  PID:3512
- C:\Windows\System\YnpnXdO.exe
  C:\Windows\System\YnpnXdO.exe
  2⤵
  PID:3528
- C:\Windows\System\zRBxMJw.exe
  C:\Windows\System\zRBxMJw.exe
  2⤵
  PID:3572
- C:\Windows\System\dIEaQED.exe
  C:\Windows\System\dIEaQED.exe
  2⤵
  PID:3612
- C:\Windows\System\yoGmNFI.exe
  C:\Windows\System\yoGmNFI.exe
  2⤵
  PID:3644
- C:\Windows\System\UROQFJK.exe
  C:\Windows\System\UROQFJK.exe
  2⤵
  PID:3684
- C:\Windows\System\NVUdgKC.exe
  C:\Windows\System\NVUdgKC.exe
  2⤵
  PID:3724
- C:\Windows\System\xSJdgXP.exe
  C:\Windows\System\xSJdgXP.exe
  2⤵
  PID:3764
- C:\Windows\System\sXLjMiD.exe
  C:\Windows\System\sXLjMiD.exe
  2⤵
  PID:3748
- C:\Windows\System\LxfPkon.exe
  C:\Windows\System\LxfPkon.exe
  2⤵
  PID:3844
- C:\Windows\System\fjoJqPB.exe
  C:\Windows\System\fjoJqPB.exe
  2⤵
  PID:3848
- C:\Windows\System\VWJmrAR.exe
  C:\Windows\System\VWJmrAR.exe
  2⤵
  PID:3892
- C:\Windows\System\NVSxjRi.exe
  C:\Windows\System\NVSxjRi.exe
  2⤵
  PID:3924
- C:\Windows\System\zmDCwOg.exe
  C:\Windows\System\zmDCwOg.exe
  2⤵
  PID:3964
- C:\Windows\System\aCwfKPX.exe
  C:\Windows\System\aCwfKPX.exe
  2⤵
  PID:3952
- C:\Windows\System\CFSHQWv.exe
  C:\Windows\System\CFSHQWv.exe
  2⤵
  PID:2708
- C:\Windows\System\ZbRciHW.exe
  C:\Windows\System\ZbRciHW.exe
  2⤵
  PID:3992
- C:\Windows\System\SCibkGS.exe
  C:\Windows\System\SCibkGS.exe
  2⤵
  PID:4032
- C:\Windows\System\YRVqOIv.exe
  C:\Windows\System\YRVqOIv.exe
  2⤵
  PID:4060
- C:\Windows\System\mtJLGSS.exe
  C:\Windows\System\mtJLGSS.exe
  2⤵
  PID:4072
- C:\Windows\System\aUZTmqF.exe
  C:\Windows\System\aUZTmqF.exe
  2⤵
  PID:2236
- C:\Windows\System\Enfuaeq.exe
  C:\Windows\System\Enfuaeq.exe
  2⤵
  PID:2328
- C:\Windows\System\kPRnkvY.exe
  C:\Windows\System\kPRnkvY.exe
  2⤵
  PID:264
- C:\Windows\System\WMLlpah.exe
  C:\Windows\System\WMLlpah.exe
  2⤵
  PID:1300
- C:\Windows\System\HIQxXVS.exe
  C:\Windows\System\HIQxXVS.exe
  2⤵
  PID:3084
- C:\Windows\System\vlikvni.exe
  C:\Windows\System\vlikvni.exe
  2⤵
  PID:3196
- C:\Windows\System\qHtqxpB.exe
  C:\Windows\System\qHtqxpB.exe
  2⤵
  PID:3120
- C:\Windows\System\OqeQKkO.exe
  C:\Windows\System\OqeQKkO.exe
  2⤵
  PID:3140
- C:\Windows\System\DtjBgpv.exe
  C:\Windows\System\DtjBgpv.exe
  2⤵
  PID:2536
- C:\Windows\System\DExzkIK.exe
  C:\Windows\System\DExzkIK.exe
  2⤵
  PID:3304
- C:\Windows\System\PLwJjGT.exe
  C:\Windows\System\PLwJjGT.exe
  2⤵
  PID:3404
- C:\Windows\System\cZjmOVl.exe
  C:\Windows\System\cZjmOVl.exe
  2⤵
  PID:3400
- C:\Windows\System\bAZfWig.exe
  C:\Windows\System\bAZfWig.exe
  2⤵
  PID:3448
- C:\Windows\System\qpbJQun.exe
  C:\Windows\System\qpbJQun.exe
  2⤵
  PID:3568
- C:\Windows\System\rkgEijZ.exe
  C:\Windows\System\rkgEijZ.exe
  2⤵
  PID:3632
- C:\Windows\System\UdwSIsc.exe
  C:\Windows\System\UdwSIsc.exe
  2⤵
  PID:3668
- C:\Windows\System\vcgJDdR.exe
  C:\Windows\System\vcgJDdR.exe
  2⤵
  PID:3772
- C:\Windows\System\trEXuoP.exe
  C:\Windows\System\trEXuoP.exe
  2⤵
  PID:3744
- C:\Windows\System\xaXCwJv.exe
  C:\Windows\System\xaXCwJv.exe
  2⤵
  PID:2552
- C:\Windows\System\wCuiAYe.exe
  C:\Windows\System\wCuiAYe.exe
  2⤵
  PID:3808
- C:\Windows\System\WcOpejM.exe
  C:\Windows\System\WcOpejM.exe
  2⤵
  PID:3868
- C:\Windows\System\oNSMTMS.exe
  C:\Windows\System\oNSMTMS.exe
  2⤵
  PID:3944
- C:\Windows\System\dvyWTbw.exe
  C:\Windows\System\dvyWTbw.exe
  2⤵
  PID:4004
- C:\Windows\System\EVTfbOm.exe
  C:\Windows\System\EVTfbOm.exe
  2⤵
  PID:4084
- C:\Windows\System\yrmAGPJ.exe
  C:\Windows\System\yrmAGPJ.exe
  2⤵
  PID:2732
- C:\Windows\System\aYIeyDC.exe
  C:\Windows\System\aYIeyDC.exe
  2⤵
  PID:1576
- C:\Windows\System\vgUNTFS.exe
  C:\Windows\System\vgUNTFS.exe
  2⤵
  PID:304
- C:\Windows\System\gatGeBT.exe
  C:\Windows\System\gatGeBT.exe
  2⤵
  PID:2728
- C:\Windows\System\tOcgndf.exe
  C:\Windows\System\tOcgndf.exe
  2⤵
  PID:3268
- C:\Windows\System\yuwyKfG.exe
  C:\Windows\System\yuwyKfG.exe
  2⤵
  PID:2968
- C:\Windows\System\yerCKJJ.exe
  C:\Windows\System\yerCKJJ.exe
  2⤵
  PID:3368
- C:\Windows\System\fECDlsr.exe
  C:\Windows\System\fECDlsr.exe
  2⤵
  PID:3308
- C:\Windows\System\ZqMxeDO.exe
  C:\Windows\System\ZqMxeDO.exe
  2⤵
  PID:3344
- C:\Windows\System\KApbWrh.exe
  C:\Windows\System\KApbWrh.exe
  2⤵
  PID:3432
- C:\Windows\System\FbZthhf.exe
  C:\Windows\System\FbZthhf.exe
  2⤵
  PID:3564
- C:\Windows\System\NqJNVTf.exe
  C:\Windows\System\NqJNVTf.exe
  2⤵
  PID:3804
- C:\Windows\System\KJWKjat.exe
  C:\Windows\System\KJWKjat.exe
  2⤵
  PID:4100
- C:\Windows\System\Xpctqma.exe
  C:\Windows\System\Xpctqma.exe
  2⤵
  PID:4120
- C:\Windows\System\iHXXgSa.exe
  C:\Windows\System\iHXXgSa.exe
  2⤵
  PID:4144
- C:\Windows\System\btmfUCD.exe
  C:\Windows\System\btmfUCD.exe
  2⤵
  PID:4164
- C:\Windows\System\JSfpJJu.exe
  C:\Windows\System\JSfpJJu.exe
  2⤵
  PID:4184
- C:\Windows\System\jjteDce.exe
  C:\Windows\System\jjteDce.exe
  2⤵
  PID:4200
- C:\Windows\System\AmUMAXn.exe
  C:\Windows\System\AmUMAXn.exe
  2⤵
  PID:4220
- C:\Windows\System\VLWyfFK.exe
  C:\Windows\System\VLWyfFK.exe
  2⤵
  PID:4240
- C:\Windows\System\WnwhjmD.exe
  C:\Windows\System\WnwhjmD.exe
  2⤵
  PID:4256
- C:\Windows\System\GcxYfBx.exe
  C:\Windows\System\GcxYfBx.exe
  2⤵
  PID:4280
- C:\Windows\System\olyvJaG.exe
  C:\Windows\System\olyvJaG.exe
  2⤵
  PID:4300
- C:\Windows\System\cHAaOEa.exe
  C:\Windows\System\cHAaOEa.exe
  2⤵
  PID:4320
- C:\Windows\System\XTwNFzt.exe
  C:\Windows\System\XTwNFzt.exe
  2⤵
  PID:4336
- C:\Windows\System\ECgBXCK.exe
  C:\Windows\System\ECgBXCK.exe
  2⤵
  PID:4356
- C:\Windows\System\NGNrZoS.exe
  C:\Windows\System\NGNrZoS.exe
  2⤵
  PID:4380
- C:\Windows\System\spHfBrF.exe
  C:\Windows\System\spHfBrF.exe
  2⤵
  PID:4396
- C:\Windows\System\ZUaZdnL.exe
  C:\Windows\System\ZUaZdnL.exe
  2⤵
  PID:4416
- C:\Windows\System\GbJIFFO.exe
  C:\Windows\System\GbJIFFO.exe
  2⤵
  PID:4444
- C:\Windows\System\UCAqrpY.exe
  C:\Windows\System\UCAqrpY.exe
  2⤵
  PID:4464
- C:\Windows\System\sPiRttE.exe
  C:\Windows\System\sPiRttE.exe
  2⤵
  PID:4484
- C:\Windows\System\qDODrmS.exe
  C:\Windows\System\qDODrmS.exe
  2⤵
  PID:4504
- C:\Windows\System\KDxEWSS.exe
  C:\Windows\System\KDxEWSS.exe
  2⤵
  PID:4520
- C:\Windows\System\QvMaCGZ.exe
  C:\Windows\System\QvMaCGZ.exe
  2⤵
  PID:4540
- C:\Windows\System\BHkQaHs.exe
  C:\Windows\System\BHkQaHs.exe
  2⤵
  PID:4564
- C:\Windows\System\RZTEGwr.exe
  C:\Windows\System\RZTEGwr.exe
  2⤵
  PID:4584
- C:\Windows\System\hninNWS.exe
  C:\Windows\System\hninNWS.exe
  2⤵
  PID:4600
- C:\Windows\System\LdLClky.exe
  C:\Windows\System\LdLClky.exe
  2⤵
  PID:4624
- C:\Windows\System\TCyEfbL.exe
  C:\Windows\System\TCyEfbL.exe
  2⤵
  PID:4644
- C:\Windows\System\gloDUNz.exe
  C:\Windows\System\gloDUNz.exe
  2⤵
  PID:4664
- C:\Windows\System\YMGhHJj.exe
  C:\Windows\System\YMGhHJj.exe
  2⤵
  PID:4680
- C:\Windows\System\UFKQiBs.exe
  C:\Windows\System\UFKQiBs.exe
  2⤵
  PID:4704
- C:\Windows\System\SIdlsow.exe
  C:\Windows\System\SIdlsow.exe
  2⤵
  PID:4720
- C:\Windows\System\ZzjTGzr.exe
  C:\Windows\System\ZzjTGzr.exe
  2⤵
  PID:4744
- C:\Windows\System\mcTIkCl.exe
  C:\Windows\System\mcTIkCl.exe
  2⤵
  PID:4764
- C:\Windows\System\RqPpELC.exe
  C:\Windows\System\RqPpELC.exe
  2⤵
  PID:4784
- C:\Windows\System\URWBvjY.exe
  C:\Windows\System\URWBvjY.exe
  2⤵
  PID:4804
- C:\Windows\System\gQvzxxE.exe
  C:\Windows\System\gQvzxxE.exe
  2⤵
  PID:4820
- C:\Windows\System\vojKPto.exe
  C:\Windows\System\vojKPto.exe
  2⤵
  PID:4840
- C:\Windows\System\UoGAoVX.exe
  C:\Windows\System\UoGAoVX.exe
  2⤵
  PID:4860
- C:\Windows\System\iEvGzGv.exe
  C:\Windows\System\iEvGzGv.exe
  2⤵
  PID:4884
- C:\Windows\System\CoBiyaM.exe
  C:\Windows\System\CoBiyaM.exe
  2⤵
  PID:4904
- C:\Windows\System\ICpvFrV.exe
  C:\Windows\System\ICpvFrV.exe
  2⤵
  PID:4920
- C:\Windows\System\pWAcNrj.exe
  C:\Windows\System\pWAcNrj.exe
  2⤵
  PID:4940
- C:\Windows\System\dXRRxcJ.exe
  C:\Windows\System\dXRRxcJ.exe
  2⤵
  PID:4960
- C:\Windows\System\yeKDiLf.exe
  C:\Windows\System\yeKDiLf.exe
  2⤵
  PID:4984
- C:\Windows\System\leFqCjv.exe
  C:\Windows\System\leFqCjv.exe
  2⤵
  PID:5000
- C:\Windows\System\RPuRWJW.exe
  C:\Windows\System\RPuRWJW.exe
  2⤵
  PID:5024
- C:\Windows\System\sgkdPzQ.exe
  C:\Windows\System\sgkdPzQ.exe
  2⤵
  PID:5040
- C:\Windows\System\uAXzrQv.exe
  C:\Windows\System\uAXzrQv.exe
  2⤵
  PID:5060
- C:\Windows\System\kbVkvZD.exe
  C:\Windows\System\kbVkvZD.exe
  2⤵
  PID:5080
- C:\Windows\System\AMPjMmS.exe
  C:\Windows\System\AMPjMmS.exe
  2⤵
  PID:5104
- C:\Windows\System\uKXcSUl.exe
  C:\Windows\System\uKXcSUl.exe
  2⤵
  PID:3604
- C:\Windows\System\zCvTCyh.exe
  C:\Windows\System\zCvTCyh.exe
  2⤵
  PID:3708
- C:\Windows\System\EZLAgoy.exe
  C:\Windows\System\EZLAgoy.exe
  2⤵
  PID:3908
- C:\Windows\System\HkxiVfN.exe
  C:\Windows\System\HkxiVfN.exe
  2⤵
  PID:4048
- C:\Windows\System\GAQrwgp.exe
  C:\Windows\System\GAQrwgp.exe
  2⤵
  PID:3036
- C:\Windows\System\hyVBdwM.exe
  C:\Windows\System\hyVBdwM.exe
  2⤵
  PID:2896
- C:\Windows\System\dRiDtnx.exe
  C:\Windows\System\dRiDtnx.exe
  2⤵
  PID:1680
- C:\Windows\System\WMgkHbc.exe
  C:\Windows\System\WMgkHbc.exe
  2⤵
  PID:2660
- C:\Windows\System\JsbKIpW.exe
  C:\Windows\System\JsbKIpW.exe
  2⤵
  PID:3012
- C:\Windows\System\NhcBTOp.exe
  C:\Windows\System\NhcBTOp.exe
  2⤵
  PID:3624
- C:\Windows\System\QDPcEwy.exe
  C:\Windows\System\QDPcEwy.exe
  2⤵
  PID:3504
- C:\Windows\System\elkMwRn.exe
  C:\Windows\System\elkMwRn.exe
  2⤵
  PID:4132
- C:\Windows\System\yrnXmMb.exe
  C:\Windows\System\yrnXmMb.exe
  2⤵
  PID:3652
- C:\Windows\System\TouJxEk.exe
  C:\Windows\System\TouJxEk.exe
  2⤵
  PID:4116
- C:\Windows\System\UqFAyJT.exe
  C:\Windows\System\UqFAyJT.exe
  2⤵
  PID:4208
- C:\Windows\System\EyeLMgS.exe
  C:\Windows\System\EyeLMgS.exe
  2⤵
  PID:1628
- C:\Windows\System\sBUirSQ.exe
  C:\Windows\System\sBUirSQ.exe
  2⤵
  PID:4236
- C:\Windows\System\fvdfvfa.exe
  C:\Windows\System\fvdfvfa.exe
  2⤵
  PID:4268
- C:\Windows\System\KObCDue.exe
  C:\Windows\System\KObCDue.exe
  2⤵
  PID:4328
- C:\Windows\System\KxemcSw.exe
  C:\Windows\System\KxemcSw.exe
  2⤵
  PID:4368
- C:\Windows\System\SavqHjP.exe
  C:\Windows\System\SavqHjP.exe
  2⤵
  PID:4316
- C:\Windows\System\BYkixWb.exe
  C:\Windows\System\BYkixWb.exe
  2⤵
  PID:4344
- C:\Windows\System\ImxqhnP.exe
  C:\Windows\System\ImxqhnP.exe
  2⤵
  PID:4432
- C:\Windows\System\TxehtZM.exe
  C:\Windows\System\TxehtZM.exe
  2⤵
  PID:4456
- C:\Windows\System\mLZPCkZ.exe
  C:\Windows\System\mLZPCkZ.exe
  2⤵
  PID:4496
- C:\Windows\System\fXuTyAg.exe
  C:\Windows\System\fXuTyAg.exe
  2⤵
  PID:4536
- C:\Windows\System\dutyhQy.exe
  C:\Windows\System\dutyhQy.exe
  2⤵
  PID:4552
- C:\Windows\System\MMzrTtN.exe
  C:\Windows\System\MMzrTtN.exe
  2⤵
  PID:4580
- C:\Windows\System\sAUUCQw.exe
  C:\Windows\System\sAUUCQw.exe
  2⤵
  PID:4616
- C:\Windows\System\sEwjawQ.exe
  C:\Windows\System\sEwjawQ.exe
  2⤵
  PID:4640
- C:\Windows\System\ITggHsw.exe
  C:\Windows\System\ITggHsw.exe
  2⤵
  PID:4688
- C:\Windows\System\OnaqDRc.exe
  C:\Windows\System\OnaqDRc.exe
  2⤵
  PID:4728
- C:\Windows\System\yQsvddu.exe
  C:\Windows\System\yQsvddu.exe
  2⤵
  PID:4712
- C:\Windows\System\GneIAel.exe
  C:\Windows\System\GneIAel.exe
  2⤵
  PID:4756
- C:\Windows\System\DHBbEwM.exe
  C:\Windows\System\DHBbEwM.exe
  2⤵
  PID:4760
- C:\Windows\System\aXmuKwy.exe
  C:\Windows\System\aXmuKwy.exe
  2⤵
  PID:4796
- C:\Windows\System\BZxhDSU.exe
  C:\Windows\System\BZxhDSU.exe
  2⤵
  PID:4852
- C:\Windows\System\mBDjpdF.exe
  C:\Windows\System\mBDjpdF.exe
  2⤵
  PID:1968
- C:\Windows\System\waKiAEo.exe
  C:\Windows\System\waKiAEo.exe
  2⤵
  PID:4868
- C:\Windows\System\PUvmzJl.exe
  C:\Windows\System\PUvmzJl.exe
  2⤵
  PID:4880
- C:\Windows\System\XtTqpEj.exe
  C:\Windows\System\XtTqpEj.exe
  2⤵
  PID:4948
- C:\Windows\System\yDHKcGQ.exe
  C:\Windows\System\yDHKcGQ.exe
  2⤵
  PID:4956
- C:\Windows\System\zAMACdh.exe
  C:\Windows\System\zAMACdh.exe
  2⤵
  PID:840
- C:\Windows\System\xQfsaik.exe
  C:\Windows\System\xQfsaik.exe
  2⤵
  PID:2772
- C:\Windows\System\UjLkrnA.exe
  C:\Windows\System\UjLkrnA.exe
  2⤵
  PID:1272
- C:\Windows\System\sSxGneU.exe
  C:\Windows\System\sSxGneU.exe
  2⤵
  PID:5032
- C:\Windows\System\lTVqzFn.exe
  C:\Windows\System\lTVqzFn.exe
  2⤵
  PID:1420
- C:\Windows\System\mMHFnVo.exe
  C:\Windows\System\mMHFnVo.exe
  2⤵
  PID:3712
- C:\Windows\System\NKKlrtF.exe
  C:\Windows\System\NKKlrtF.exe
  2⤵
  PID:3984
- C:\Windows\System\RpfngFU.exe
  C:\Windows\System\RpfngFU.exe
  2⤵
  PID:4088
- C:\Windows\System\wnzWaEi.exe
  C:\Windows\System\wnzWaEi.exe
  2⤵
  PID:3972
- C:\Windows\System\jVMlYcF.exe
  C:\Windows\System\jVMlYcF.exe
  2⤵
  PID:1336
- C:\Windows\System\peNaogS.exe
  C:\Windows\System\peNaogS.exe
  2⤵
  PID:2064
- C:\Windows\System\rGYuOcU.exe
  C:\Windows\System\rGYuOcU.exe
  2⤵
  PID:1688
- C:\Windows\System\qkjKvMC.exe
  C:\Windows\System\qkjKvMC.exe
  2⤵
  PID:3552
- C:\Windows\System\FXfgrci.exe
  C:\Windows\System\FXfgrci.exe
  2⤵
  PID:3592
- C:\Windows\System\pxlOEgh.exe
  C:\Windows\System\pxlOEgh.exe
  2⤵
  PID:4128
- C:\Windows\System\McYsWQn.exe
  C:\Windows\System\McYsWQn.exe
  2⤵
  PID:3492
- C:\Windows\System\fsypqvf.exe
  C:\Windows\System\fsypqvf.exe
  2⤵
  PID:2072
- C:\Windows\System\AJCDNcU.exe
  C:\Windows\System\AJCDNcU.exe
  2⤵
  PID:4248
- C:\Windows\System\pwIJGWX.exe
  C:\Windows\System\pwIJGWX.exe
  2⤵
  PID:904
- C:\Windows\System\bYzxwXf.exe
  C:\Windows\System\bYzxwXf.exe
  2⤵
  PID:4264
- C:\Windows\System\RRAzpQH.exe
  C:\Windows\System\RRAzpQH.exe
  2⤵
  PID:4364
- C:\Windows\System\lhDokWo.exe
  C:\Windows\System\lhDokWo.exe
  2⤵
  PID:4412
- C:\Windows\System\AUPXSyG.exe
  C:\Windows\System\AUPXSyG.exe
  2⤵
  PID:4388
- C:\Windows\System\LOuQZvv.exe
  C:\Windows\System\LOuQZvv.exe
  2⤵
  PID:2668
- C:\Windows\System\YxAzyqP.exe
  C:\Windows\System\YxAzyqP.exe
  2⤵
  PID:4528
- C:\Windows\System\uKDGlNT.exe
  C:\Windows\System\uKDGlNT.exe
  2⤵
  PID:4512
- C:\Windows\System\WNaltnp.exe
  C:\Windows\System\WNaltnp.exe
  2⤵
  PID:4548
- C:\Windows\System\bIVvCAe.exe
  C:\Windows\System\bIVvCAe.exe
  2⤵
  PID:2160
- C:\Windows\System\YwFiEjf.exe
  C:\Windows\System\YwFiEjf.exe
  2⤵
  PID:2720
- C:\Windows\System\LdkOXXs.exe
  C:\Windows\System\LdkOXXs.exe
  2⤵
  PID:2496
- C:\Windows\System\bFSfNlL.exe
  C:\Windows\System\bFSfNlL.exe
  2⤵
  PID:2844
- C:\Windows\System\VWHaJDv.exe
  C:\Windows\System\VWHaJDv.exe
  2⤵
  PID:2332
- C:\Windows\System\LcYJyPU.exe
  C:\Windows\System\LcYJyPU.exe
  2⤵
  PID:4740
- C:\Windows\System\WJsBRPW.exe
  C:\Windows\System\WJsBRPW.exe
  2⤵
  PID:4732
- C:\Windows\System\gPoVXar.exe
  C:\Windows\System\gPoVXar.exe
  2⤵
  PID:4792
- C:\Windows\System\ZWiwiEf.exe
  C:\Windows\System\ZWiwiEf.exe
  2⤵
  PID:4900
- C:\Windows\System\kcrlsTG.exe
  C:\Windows\System\kcrlsTG.exe
  2⤵
  PID:1944
- C:\Windows\System\bQjzXna.exe
  C:\Windows\System\bQjzXna.exe
  2⤵
  PID:4936
- C:\Windows\System\ZOnObWs.exe
  C:\Windows\System\ZOnObWs.exe
  2⤵
  PID:4832
- C:\Windows\System\MMgYrRN.exe
  C:\Windows\System\MMgYrRN.exe
  2⤵
  PID:4836
- C:\Windows\System\iRZZGRG.exe
  C:\Windows\System\iRZZGRG.exe
  2⤵
  PID:5012
- C:\Windows\System\cYhaiok.exe
  C:\Windows\System\cYhaiok.exe
  2⤵
  PID:4916
- C:\Windows\System\YMzvkCU.exe
  C:\Windows\System\YMzvkCU.exe
  2⤵
  PID:4976
- C:\Windows\System\XgGoKKA.exe
  C:\Windows\System\XgGoKKA.exe
  2⤵
  PID:548
- C:\Windows\System\ZVKzgVr.exe
  C:\Windows\System\ZVKzgVr.exe
  2⤵
  PID:1528
- C:\Windows\System\IsInido.exe
  C:\Windows\System\IsInido.exe
  2⤵
  PID:5088
- C:\Windows\System\cNifona.exe
  C:\Windows\System\cNifona.exe
  2⤵
  PID:2220
- C:\Windows\System\zhtHJJx.exe
  C:\Windows\System\zhtHJJx.exe
  2⤵
  PID:1712
- C:\Windows\System\kaYnGSj.exe
  C:\Windows\System\kaYnGSj.exe
  2⤵
  PID:2544
- C:\Windows\System\IiZJXme.exe
  C:\Windows\System\IiZJXme.exe
  2⤵
  PID:2640
- C:\Windows\System\GGLOCyf.exe
  C:\Windows\System\GGLOCyf.exe
  2⤵
  PID:4068
- C:\Windows\System\AfNFjzC.exe
  C:\Windows\System\AfNFjzC.exe
  2⤵
  PID:552
- C:\Windows\System\ygDeHjR.exe
  C:\Windows\System\ygDeHjR.exe
  2⤵
  PID:3116
- C:\Windows\System\yjMHjqJ.exe
  C:\Windows\System\yjMHjqJ.exe
  2⤵
  PID:1484
- C:\Windows\System\IiDPiEn.exe
  C:\Windows\System\IiDPiEn.exe
  2⤵
  PID:3300
- C:\Windows\System\ObLuzJH.exe
  C:\Windows\System\ObLuzJH.exe
  2⤵
  PID:4136
- C:\Windows\System\uHANSiL.exe
  C:\Windows\System\uHANSiL.exe
  2⤵
  PID:1840
- C:\Windows\System\vTYRphV.exe
  C:\Windows\System\vTYRphV.exe
  2⤵
  PID:3728
- C:\Windows\System\LZoTQaO.exe
  C:\Windows\System\LZoTQaO.exe
  2⤵
  PID:4460
- C:\Windows\System\RJKDIYr.exe
  C:\Windows\System\RJKDIYr.exe
  2⤵
  PID:4180
- C:\Windows\System\zHrONqB.exe
  C:\Windows\System\zHrONqB.exe
  2⤵
  PID:4620
- C:\Windows\System\FHeSyDK.exe
  C:\Windows\System\FHeSyDK.exe
  2⤵
  PID:4700
- C:\Windows\System\jdOqdnq.exe
  C:\Windows\System\jdOqdnq.exe
  2⤵
  PID:4776
- C:\Windows\System\UvHGhMP.exe
  C:\Windows\System\UvHGhMP.exe
  2⤵
  PID:4972
- C:\Windows\System\zHAnqOr.exe
  C:\Windows\System\zHAnqOr.exe
  2⤵
  PID:5096
- C:\Windows\System\hMSmfai.exe
  C:\Windows\System\hMSmfai.exe
  2⤵
  PID:4472
- C:\Windows\System\HUuMFIU.exe
  C:\Windows\System\HUuMFIU.exe
  2⤵
  PID:4276
- C:\Windows\System\xYNFVay.exe
  C:\Windows\System\xYNFVay.exe
  2⤵
  PID:4312
- C:\Windows\System\XpzeEfc.exe
  C:\Windows\System\XpzeEfc.exe
  2⤵
  PID:800
- C:\Windows\System\whahuJD.exe
  C:\Windows\System\whahuJD.exe
  2⤵
  PID:4812
- C:\Windows\System\BLaqkRg.exe
  C:\Windows\System\BLaqkRg.exe
  2⤵
  PID:1708
- C:\Windows\System\OzglhbO.exe
  C:\Windows\System\OzglhbO.exe
  2⤵
  PID:488
- C:\Windows\System\vdhJNDl.exe
  C:\Windows\System\vdhJNDl.exe
  2⤵
  PID:3244
- C:\Windows\System\rLDZdeW.exe
  C:\Windows\System\rLDZdeW.exe
  2⤵
  PID:880
- C:\Windows\System\SoKHczu.exe
  C:\Windows\System\SoKHczu.exe
  2⤵
  PID:1960
- C:\Windows\System\lYpOdLS.exe
  C:\Windows\System\lYpOdLS.exe
  2⤵
  PID:4492
- C:\Windows\System\rcHQDXa.exe
  C:\Windows\System\rcHQDXa.exe
  2⤵
  PID:5100
- C:\Windows\System\vPAIdTF.exe
  C:\Windows\System\vPAIdTF.exe
  2⤵
  PID:4576
- C:\Windows\System\BhDZkqP.exe
  C:\Windows\System\BhDZkqP.exe
  2⤵
  PID:4024
- C:\Windows\System\poEjXfi.exe
  C:\Windows\System\poEjXfi.exe
  2⤵
  PID:1508
- C:\Windows\System\HFkVKxh.exe
  C:\Windows\System\HFkVKxh.exe
  2⤵
  PID:2752
- C:\Windows\System\DgTWGiE.exe
  C:\Windows\System\DgTWGiE.exe
  2⤵
  PID:4516
- C:\Windows\System\DAOAEHH.exe
  C:\Windows\System\DAOAEHH.exe
  2⤵
  PID:1660
- C:\Windows\System\iTVzYGT.exe
  C:\Windows\System\iTVzYGT.exe
  2⤵
  PID:4932
- C:\Windows\System\ZILkYOt.exe
  C:\Windows\System\ZILkYOt.exe
  2⤵
  PID:2636
- C:\Windows\System\QlNNkjr.exe
  C:\Windows\System\QlNNkjr.exe
  2⤵
  PID:4232
- C:\Windows\System\FvEIdbl.exe
  C:\Windows\System\FvEIdbl.exe
  2⤵
  PID:300
- C:\Windows\System\DDdAdrQ.exe
  C:\Windows\System\DDdAdrQ.exe
  2⤵
  PID:1616
- C:\Windows\System\xMZJcsU.exe
  C:\Windows\System\xMZJcsU.exe
  2⤵
  PID:3488
- C:\Windows\System\OBNsiJU.exe
  C:\Windows\System\OBNsiJU.exe
  2⤵
  PID:4308
- C:\Windows\System\nlPeucM.exe
  C:\Windows\System\nlPeucM.exe
  2⤵
  PID:2780
- C:\Windows\System\rtrpXGU.exe
  C:\Windows\System\rtrpXGU.exe
  2⤵
  PID:5136
- C:\Windows\System\WFgEOKT.exe
  C:\Windows\System\WFgEOKT.exe
  2⤵
  PID:5172
- C:\Windows\System\StWhbPh.exe
  C:\Windows\System\StWhbPh.exe
  2⤵
  PID:5188
- C:\Windows\System\tfcDAYP.exe
  C:\Windows\System\tfcDAYP.exe
  2⤵
  PID:5212
- C:\Windows\System\IAUWFQk.exe
  C:\Windows\System\IAUWFQk.exe
  2⤵
  PID:5228
- C:\Windows\System\wVTnHKy.exe
  C:\Windows\System\wVTnHKy.exe
  2⤵
  PID:5244
- C:\Windows\System\edUrnNL.exe
  C:\Windows\System\edUrnNL.exe
  2⤵
  PID:5260
- C:\Windows\System\kjbKrhr.exe
  C:\Windows\System\kjbKrhr.exe
  2⤵
  PID:5276
- C:\Windows\System\YwfbjVE.exe
  C:\Windows\System\YwfbjVE.exe
  2⤵
  PID:5296
- C:\Windows\System\EIWhXkE.exe
  C:\Windows\System\EIWhXkE.exe
  2⤵
  PID:5312
- C:\Windows\System\REMXVwr.exe
  C:\Windows\System\REMXVwr.exe
  2⤵
  PID:5328
- C:\Windows\System\uFVNpQv.exe
  C:\Windows\System\uFVNpQv.exe
  2⤵
  PID:5344
- C:\Windows\System\BynvARr.exe
  C:\Windows\System\BynvARr.exe
  2⤵
  PID:5360
- C:\Windows\System\srVVQtL.exe
  C:\Windows\System\srVVQtL.exe
  2⤵
  PID:5376
- C:\Windows\System\JRgFuCq.exe
  C:\Windows\System\JRgFuCq.exe
  2⤵
  PID:5392
- C:\Windows\System\XNdLAmO.exe
  C:\Windows\System\XNdLAmO.exe
  2⤵
  PID:5408
- C:\Windows\System\qEPynYK.exe
  C:\Windows\System\qEPynYK.exe
  2⤵
  PID:5424
- C:\Windows\System\bNIWxyS.exe
  C:\Windows\System\bNIWxyS.exe
  2⤵
  PID:5440
- C:\Windows\System\CGZZaSX.exe
  C:\Windows\System\CGZZaSX.exe
  2⤵
  PID:5456
- C:\Windows\System\GnkyDpx.exe
  C:\Windows\System\GnkyDpx.exe
  2⤵
  PID:5472
- C:\Windows\System\SDEFVsu.exe
  C:\Windows\System\SDEFVsu.exe
  2⤵
  PID:5488
- C:\Windows\System\sAKhQWo.exe
  C:\Windows\System\sAKhQWo.exe
  2⤵
  PID:5504
- C:\Windows\System\CmIJhdW.exe
  C:\Windows\System\CmIJhdW.exe
  2⤵
  PID:5520
- C:\Windows\System\ZAZgnpn.exe
  C:\Windows\System\ZAZgnpn.exe
  2⤵
  PID:5536
- C:\Windows\System\yiJHLPI.exe
  C:\Windows\System\yiJHLPI.exe
  2⤵
  PID:5552
- C:\Windows\System\omDGBFt.exe
  C:\Windows\System\omDGBFt.exe
  2⤵
  PID:5568
- C:\Windows\System\ETUwaXy.exe
  C:\Windows\System\ETUwaXy.exe
  2⤵
  PID:5584
- C:\Windows\System\deGheiq.exe
  C:\Windows\System\deGheiq.exe
  2⤵
  PID:5604
- C:\Windows\System\FtoPIDX.exe
  C:\Windows\System\FtoPIDX.exe
  2⤵
  PID:5620
- C:\Windows\System\qBCQjFi.exe
  C:\Windows\System\qBCQjFi.exe
  2⤵
  PID:5636
- C:\Windows\System\lgeiRpL.exe
  C:\Windows\System\lgeiRpL.exe
  2⤵
  PID:5652
- C:\Windows\System\fBiwlzg.exe
  C:\Windows\System\fBiwlzg.exe
  2⤵
  PID:5668
- C:\Windows\System\uoYfDsW.exe
  C:\Windows\System\uoYfDsW.exe
  2⤵
  PID:5692
- C:\Windows\System\dkJIXCl.exe
  C:\Windows\System\dkJIXCl.exe
  2⤵
  PID:5708
- C:\Windows\System\FhXebqX.exe
  C:\Windows\System\FhXebqX.exe
  2⤵
  PID:5724
- C:\Windows\System\ampFLub.exe
  C:\Windows\System\ampFLub.exe
  2⤵
  PID:5740
- C:\Windows\System\pfYNwAl.exe
  C:\Windows\System\pfYNwAl.exe
  2⤵
  PID:5756
- C:\Windows\System\lmqfZEB.exe
  C:\Windows\System\lmqfZEB.exe
  2⤵
  PID:5792
- C:\Windows\System\dFciilq.exe
  C:\Windows\System\dFciilq.exe
  2⤵
  PID:5808
- C:\Windows\System\oxZwDZl.exe
  C:\Windows\System\oxZwDZl.exe
  2⤵
  PID:5824
- C:\Windows\System\zlAQecc.exe
  C:\Windows\System\zlAQecc.exe
  2⤵
  PID:5840
- C:\Windows\System\RTWhOPD.exe
  C:\Windows\System\RTWhOPD.exe
  2⤵
  PID:5856
- C:\Windows\System\EBgVFra.exe
  C:\Windows\System\EBgVFra.exe
  2⤵
  PID:5872
- C:\Windows\System\iikyKBl.exe
  C:\Windows\System\iikyKBl.exe
  2⤵
  PID:5888
- C:\Windows\System\jOVtnVb.exe
  C:\Windows\System\jOVtnVb.exe
  2⤵
  PID:5904
- C:\Windows\System\IreNTcp.exe
  C:\Windows\System\IreNTcp.exe
  2⤵
  PID:5920
- C:\Windows\System\aLfOnLl.exe
  C:\Windows\System\aLfOnLl.exe
  2⤵
  PID:5936
- C:\Windows\System\MUiHvEG.exe
  C:\Windows\System\MUiHvEG.exe
  2⤵
  PID:5952
- C:\Windows\System\JIqZosE.exe
  C:\Windows\System\JIqZosE.exe
  2⤵
  PID:5968
- C:\Windows\System\EYWIRhg.exe
  C:\Windows\System\EYWIRhg.exe
  2⤵
  PID:5984
- C:\Windows\System\ezYUHqt.exe
  C:\Windows\System\ezYUHqt.exe
  2⤵
  PID:6000
- C:\Windows\System\gfdKSQc.exe
  C:\Windows\System\gfdKSQc.exe
  2⤵
  PID:6016
- C:\Windows\System\qFXYWGk.exe
  C:\Windows\System\qFXYWGk.exe
  2⤵
  PID:6032
- C:\Windows\System\IZycNfq.exe
  C:\Windows\System\IZycNfq.exe
  2⤵
  PID:6048
- C:\Windows\System\CRMzkjT.exe
  C:\Windows\System\CRMzkjT.exe
  2⤵
  PID:6064
- C:\Windows\System\UGrQaRX.exe
  C:\Windows\System\UGrQaRX.exe
  2⤵
  PID:6080
- C:\Windows\System\nJNFYfL.exe
  C:\Windows\System\nJNFYfL.exe
  2⤵
  PID:6096
- C:\Windows\System\ZNbLIgS.exe
  C:\Windows\System\ZNbLIgS.exe
  2⤵
  PID:6112
- C:\Windows\System\lEaereu.exe
  C:\Windows\System\lEaereu.exe
  2⤵
  PID:6128
- C:\Windows\System\yfZzJyo.exe
  C:\Windows\System\yfZzJyo.exe
  2⤵
  PID:4928
- C:\Windows\System\qhUmKzg.exe
  C:\Windows\System\qhUmKzg.exe
  2⤵
  PID:2572
- C:\Windows\System\UykwFIp.exe
  C:\Windows\System\UykwFIp.exe
  2⤵
  PID:2908
- C:\Windows\System\QlQjxZv.exe
  C:\Windows\System\QlQjxZv.exe
  2⤵
  PID:5132
- C:\Windows\System\thmkyRJ.exe
  C:\Windows\System\thmkyRJ.exe
  2⤵
  PID:5068
- C:\Windows\System\YWovkIb.exe
  C:\Windows\System\YWovkIb.exe
  2⤵
  PID:2392
- C:\Windows\System\sXsPxFS.exe
  C:\Windows\System\sXsPxFS.exe
  2⤵
  PID:5156
- C:\Windows\System\CJTzHRu.exe
  C:\Windows\System\CJTzHRu.exe
  2⤵
  PID:5184
- C:\Windows\System\KrLRZqG.exe
  C:\Windows\System\KrLRZqG.exe
  2⤵
  PID:5256
- C:\Windows\System\rQdzbvD.exe
  C:\Windows\System\rQdzbvD.exe
  2⤵
  PID:5284
- C:\Windows\System\eVlQcbl.exe
  C:\Windows\System\eVlQcbl.exe
  2⤵
  PID:5288
- C:\Windows\System\qjasHOb.exe
  C:\Windows\System\qjasHOb.exe
  2⤵
  PID:5320
- C:\Windows\System\StxgTlJ.exe
  C:\Windows\System\StxgTlJ.exe
  2⤵
  PID:5324
- C:\Windows\System\SlYukjQ.exe
  C:\Windows\System\SlYukjQ.exe
  2⤵
  PID:5416
- C:\Windows\System\ANNKksE.exe
  C:\Windows\System\ANNKksE.exe
  2⤵
  PID:5480
- C:\Windows\System\YganEtU.exe
  C:\Windows\System\YganEtU.exe
  2⤵
  PID:5544
- C:\Windows\System\eYdSkZU.exe
  C:\Windows\System\eYdSkZU.exe
  2⤵
  PID:5340
- C:\Windows\System\FqzxfYX.exe
  C:\Windows\System\FqzxfYX.exe
  2⤵
  PID:5560
- C:\Windows\System\wYftejB.exe
  C:\Windows\System\wYftejB.exe
  2⤵
  PID:5372
- C:\Windows\System\lcQpcaf.exe
  C:\Windows\System\lcQpcaf.exe
  2⤵
  PID:5496
- C:\Windows\System\gdSsHfV.exe
  C:\Windows\System\gdSsHfV.exe
  2⤵
  PID:5612
- C:\Windows\System\HaigfDc.exe
  C:\Windows\System\HaigfDc.exe
  2⤵
  PID:5464
- C:\Windows\System\LKyzXuX.exe
  C:\Windows\System\LKyzXuX.exe
  2⤵
  PID:5600
- C:\Windows\System\CHEIpsE.exe
  C:\Windows\System\CHEIpsE.exe
  2⤵
  PID:5680
- C:\Windows\System\jDeanuL.exe
  C:\Windows\System\jDeanuL.exe
  2⤵
  PID:5628
- C:\Windows\System\NXFxHzh.exe
  C:\Windows\System\NXFxHzh.exe
  2⤵
  PID:5748
- C:\Windows\System\aCPSMXL.exe
  C:\Windows\System\aCPSMXL.exe
  2⤵
  PID:5736
- C:\Windows\System\pLjQAAF.exe
  C:\Windows\System\pLjQAAF.exe
  2⤵
  PID:5772
- C:\Windows\System\yUSSKpD.exe
  C:\Windows\System\yUSSKpD.exe
  2⤵
  PID:5800
- C:\Windows\System\qnHxXFv.exe
  C:\Windows\System\qnHxXFv.exe
  2⤵
  PID:5864
- C:\Windows\System\ydsYBGn.exe
  C:\Windows\System\ydsYBGn.exe
  2⤵
  PID:5900
- C:\Windows\System\vKqVaCP.exe
  C:\Windows\System\vKqVaCP.exe
  2⤵
  PID:5960
- C:\Windows\System\eiuWCvo.exe
  C:\Windows\System\eiuWCvo.exe
  2⤵
  PID:5992
- C:\Windows\System\VgeNrAC.exe
  C:\Windows\System\VgeNrAC.exe
  2⤵
  PID:6028
- C:\Windows\System\EjOXQaO.exe
  C:\Windows\System\EjOXQaO.exe
  2⤵
  PID:5816
- C:\Windows\System\ZaZxbBr.exe
  C:\Windows\System\ZaZxbBr.exe
  2⤵
  PID:6008
- C:\Windows\System\BUzSOSz.exe
  C:\Windows\System\BUzSOSz.exe
  2⤵
  PID:6012
- C:\Windows\System\AeIvqtB.exe
  C:\Windows\System\AeIvqtB.exe
  2⤵
  PID:6088
- C:\Windows\System\LSzFbCH.exe
  C:\Windows\System\LSzFbCH.exe
  2⤵
  PID:6076
- C:\Windows\System\WRrvhnk.exe
  C:\Windows\System\WRrvhnk.exe
  2⤵
  PID:6104
- C:\Windows\System\KUwaWQf.exe
  C:\Windows\System\KUwaWQf.exe
  2⤵
  PID:5072
- C:\Windows\System\uFBdUPG.exe
  C:\Windows\System\uFBdUPG.exe
  2⤵
  PID:5128
- C:\Windows\System\gLcGMMJ.exe
  C:\Windows\System\gLcGMMJ.exe
  2⤵
  PID:5152
- C:\Windows\System\wEwjPkJ.exe
  C:\Windows\System\wEwjPkJ.exe
  2⤵
  PID:5292
- C:\Windows\System\eWeMFUK.exe
  C:\Windows\System\eWeMFUK.exe
  2⤵
  PID:5512
- C:\Windows\System\jGSQzmY.exe
  C:\Windows\System\jGSQzmY.exe
  2⤵
  PID:5528
- C:\Windows\System\maedafd.exe
  C:\Windows\System\maedafd.exe
  2⤵
  PID:5224
- C:\Windows\System\mZItLpu.exe
  C:\Windows\System\mZItLpu.exe
  2⤵
  PID:5404
- C:\Windows\System\GyKcOoW.exe
  C:\Windows\System\GyKcOoW.exe
  2⤵
  PID:5716
- C:\Windows\System\PWrLbaH.exe
  C:\Windows\System\PWrLbaH.exe
  2⤵
  PID:5236
- C:\Windows\System\afaJViJ.exe
  C:\Windows\System\afaJViJ.exe
  2⤵
  PID:5368
- C:\Windows\System\EQUFrTI.exe
  C:\Windows\System\EQUFrTI.exe
  2⤵
  PID:5448
- C:\Windows\System\UswcrJf.exe
  C:\Windows\System\UswcrJf.exe
  2⤵
  PID:5676
- C:\Windows\System\DkAZypi.exe
  C:\Windows\System\DkAZypi.exe
  2⤵
  PID:5688
- C:\Windows\System\VqHGQvJ.exe
  C:\Windows\System\VqHGQvJ.exe
  2⤵
  PID:5776
- C:\Windows\System\ClLcQrG.exe
  C:\Windows\System\ClLcQrG.exe
  2⤵
  PID:5896
- C:\Windows\System\LNAZKon.exe
  C:\Windows\System\LNAZKon.exe
  2⤵
  PID:5852
- C:\Windows\System\vvEsPcU.exe
  C:\Windows\System\vvEsPcU.exe
  2⤵
  PID:5980
- C:\Windows\System\LQeEvvJ.exe
  C:\Windows\System\LQeEvvJ.exe
  2⤵
  PID:6060
- C:\Windows\System\wWdrYTJ.exe
  C:\Windows\System\wWdrYTJ.exe
  2⤵
  PID:6140
- C:\Windows\System\WEzsjEb.exe
  C:\Windows\System\WEzsjEb.exe
  2⤵
  PID:2268
- C:\Windows\System\WGpjLdN.exe
  C:\Windows\System\WGpjLdN.exe
  2⤵
  PID:5204
- C:\Windows\System\EmgQHBZ.exe
  C:\Windows\System\EmgQHBZ.exe
  2⤵
  PID:5452
- C:\Windows\System\fDmPatK.exe
  C:\Windows\System\fDmPatK.exe
  2⤵
  PID:5144
- C:\Windows\System\HAbluxJ.exe
  C:\Windows\System\HAbluxJ.exe
  2⤵
  PID:5432
- C:\Windows\System\dZdNGyq.exe
  C:\Windows\System\dZdNGyq.exe
  2⤵
  PID:5784
- C:\Windows\System\dURfyVc.exe
  C:\Windows\System\dURfyVc.exe
  2⤵
  PID:1856
- C:\Windows\System\TujdWIN.exe
  C:\Windows\System\TujdWIN.exe
  2⤵
  PID:5880
- C:\Windows\System\uTkiPAK.exe
  C:\Windows\System\uTkiPAK.exe
  2⤵
  PID:1304
- C:\Windows\System\nevNAEn.exe
  C:\Windows\System\nevNAEn.exe
  2⤵
  PID:5020
- C:\Windows\System\xKpZWSo.exe
  C:\Windows\System\xKpZWSo.exe
  2⤵
  PID:5384
- C:\Windows\System\EXqRmoE.exe
  C:\Windows\System\EXqRmoE.exe
  2⤵
  PID:5660
- C:\Windows\System\HHHxLMn.exe
  C:\Windows\System\HHHxLMn.exe
  2⤵
  PID:5596
- C:\Windows\System\iMOzCKF.exe
  C:\Windows\System\iMOzCKF.exe
  2⤵
  PID:5272
- C:\Windows\System\yQauAdp.exe
  C:\Windows\System\yQauAdp.exe
  2⤵
  PID:5388
- C:\Windows\System\xKDLtuN.exe
  C:\Windows\System\xKDLtuN.exe
  2⤵
  PID:6044
- C:\Windows\System\tPBaKOa.exe
  C:\Windows\System\tPBaKOa.exe
  2⤵
  PID:5932
- C:\Windows\System\lJzJNOq.exe
  C:\Windows\System\lJzJNOq.exe
  2⤵
  PID:6120
- C:\Windows\System\DzxmbMM.exe
  C:\Windows\System\DzxmbMM.exe
  2⤵
  PID:6156
- C:\Windows\System\ALoHCor.exe
  C:\Windows\System\ALoHCor.exe
  2⤵
  PID:6172
- C:\Windows\System\dgZwVSD.exe
  C:\Windows\System\dgZwVSD.exe
  2⤵
  PID:6188
- C:\Windows\System\NXHssLa.exe
  C:\Windows\System\NXHssLa.exe
  2⤵
  PID:6204
- C:\Windows\System\NEAloVI.exe
  C:\Windows\System\NEAloVI.exe
  2⤵
  PID:6220
- C:\Windows\System\OftPSSX.exe
  C:\Windows\System\OftPSSX.exe
  2⤵
  PID:6236
- C:\Windows\System\rphFGNc.exe
  C:\Windows\System\rphFGNc.exe
  2⤵
  PID:6252
- C:\Windows\System\FTQaoXW.exe
  C:\Windows\System\FTQaoXW.exe
  2⤵
  PID:6268
- C:\Windows\System\YYtiPdU.exe
  C:\Windows\System\YYtiPdU.exe
  2⤵
  PID:6284
- C:\Windows\System\jfSqsbZ.exe
  C:\Windows\System\jfSqsbZ.exe
  2⤵
  PID:6300
- C:\Windows\System\EYJkaKU.exe
  C:\Windows\System\EYJkaKU.exe
  2⤵
  PID:6316
- C:\Windows\System\AbxHfcu.exe
  C:\Windows\System\AbxHfcu.exe
  2⤵
  PID:6332
- C:\Windows\System\iXWkVSR.exe
  C:\Windows\System\iXWkVSR.exe
  2⤵
  PID:6348
- C:\Windows\System\bGTUFee.exe
  C:\Windows\System\bGTUFee.exe
  2⤵
  PID:6364
- C:\Windows\System\xDBwqfA.exe
  C:\Windows\System\xDBwqfA.exe
  2⤵
  PID:6380
- C:\Windows\System\nUUASbn.exe
  C:\Windows\System\nUUASbn.exe
  2⤵
  PID:6396
- C:\Windows\System\LldMqPQ.exe
  C:\Windows\System\LldMqPQ.exe
  2⤵
  PID:6412
- C:\Windows\System\AbTPESm.exe
  C:\Windows\System\AbTPESm.exe
  2⤵
  PID:6428
- C:\Windows\System\uMucBIo.exe
  C:\Windows\System\uMucBIo.exe
  2⤵
  PID:6444
- C:\Windows\System\cAMWbIs.exe
  C:\Windows\System\cAMWbIs.exe
  2⤵
  PID:6460
- C:\Windows\System\fwhSZTb.exe
  C:\Windows\System\fwhSZTb.exe
  2⤵
  PID:6476
- C:\Windows\System\SGNeibH.exe
  C:\Windows\System\SGNeibH.exe
  2⤵
  PID:6492
- C:\Windows\System\YCmAGda.exe
  C:\Windows\System\YCmAGda.exe
  2⤵
  PID:6508
- C:\Windows\System\jcrzErt.exe
  C:\Windows\System\jcrzErt.exe
  2⤵
  PID:6524
- C:\Windows\System\oeiHlxc.exe
  C:\Windows\System\oeiHlxc.exe
  2⤵
  PID:6540
- C:\Windows\System\RFWbysS.exe
  C:\Windows\System\RFWbysS.exe
  2⤵
  PID:6556
- C:\Windows\System\ADcFTFh.exe
  C:\Windows\System\ADcFTFh.exe
  2⤵
  PID:6572
- C:\Windows\System\HkbcGlx.exe
  C:\Windows\System\HkbcGlx.exe
  2⤵
  PID:6588
- C:\Windows\System\VLQmugh.exe
  C:\Windows\System\VLQmugh.exe
  2⤵
  PID:6604
- C:\Windows\System\XTUoxVn.exe
  C:\Windows\System\XTUoxVn.exe
  2⤵
  PID:6620
- C:\Windows\System\CRWkGIA.exe
  C:\Windows\System\CRWkGIA.exe
  2⤵
  PID:6636
- C:\Windows\System\xFajPaj.exe
  C:\Windows\System\xFajPaj.exe
  2⤵
  PID:6652
- C:\Windows\System\bKqczyF.exe
  C:\Windows\System\bKqczyF.exe
  2⤵
  PID:6668
- C:\Windows\System\hTflQUe.exe
  C:\Windows\System\hTflQUe.exe
  2⤵
  PID:6684
- C:\Windows\System\tHAoQyd.exe
  C:\Windows\System\tHAoQyd.exe
  2⤵
  PID:6700
- C:\Windows\System\LXeLVul.exe
  C:\Windows\System\LXeLVul.exe
  2⤵
  PID:6716
- C:\Windows\System\CTNNzEq.exe
  C:\Windows\System\CTNNzEq.exe
  2⤵
  PID:6732
- C:\Windows\System\uJsbVWZ.exe
  C:\Windows\System\uJsbVWZ.exe
  2⤵
  PID:6748
- C:\Windows\System\djpdeog.exe
  C:\Windows\System\djpdeog.exe
  2⤵
  PID:6764
- C:\Windows\System\CTKmEPp.exe
  C:\Windows\System\CTKmEPp.exe
  2⤵
  PID:6780
- C:\Windows\System\xZYqtwY.exe
  C:\Windows\System\xZYqtwY.exe
  2⤵
  PID:6796
- C:\Windows\System\ZDNddon.exe
  C:\Windows\System\ZDNddon.exe
  2⤵
  PID:6812
- C:\Windows\System\SAPDzIB.exe
  C:\Windows\System\SAPDzIB.exe
  2⤵
  PID:6828
- C:\Windows\System\MixhuiH.exe
  C:\Windows\System\MixhuiH.exe
  2⤵
  PID:6844
- C:\Windows\System\feEnBsI.exe
  C:\Windows\System\feEnBsI.exe
  2⤵
  PID:6860
- C:\Windows\System\uRsAKfO.exe
  C:\Windows\System\uRsAKfO.exe
  2⤵
  PID:6876
- C:\Windows\System\JFCYZMR.exe
  C:\Windows\System\JFCYZMR.exe
  2⤵
  PID:6892
- C:\Windows\System\aObKfzH.exe
  C:\Windows\System\aObKfzH.exe
  2⤵
  PID:6908
- C:\Windows\System\vdWfSEP.exe
  C:\Windows\System\vdWfSEP.exe
  2⤵
  PID:6924
- C:\Windows\System\LoBsFSf.exe
  C:\Windows\System\LoBsFSf.exe
  2⤵
  PID:6940
- C:\Windows\System\EmmUZzV.exe
  C:\Windows\System\EmmUZzV.exe
  2⤵
  PID:6956
- C:\Windows\System\YlqjCgT.exe
  C:\Windows\System\YlqjCgT.exe
  2⤵
  PID:6972
- C:\Windows\System\LgVSiUD.exe
  C:\Windows\System\LgVSiUD.exe
  2⤵
  PID:6988
- C:\Windows\System\FEfCcqF.exe
  C:\Windows\System\FEfCcqF.exe
  2⤵
  PID:7004
- C:\Windows\System\UZgYqcH.exe
  C:\Windows\System\UZgYqcH.exe
  2⤵
  PID:7020
- C:\Windows\System\sMKjAUX.exe
  C:\Windows\System\sMKjAUX.exe
  2⤵
  PID:7036
- C:\Windows\System\CiqIAWQ.exe
  C:\Windows\System\CiqIAWQ.exe
  2⤵
  PID:7052
- C:\Windows\System\YcoQBsq.exe
  C:\Windows\System\YcoQBsq.exe
  2⤵
  PID:7068
- C:\Windows\System\UFEmOsa.exe
  C:\Windows\System\UFEmOsa.exe
  2⤵
  PID:7084
- C:\Windows\System\YZUNLsl.exe
  C:\Windows\System\YZUNLsl.exe
  2⤵
  PID:7100
- C:\Windows\System\keJMpkp.exe
  C:\Windows\System\keJMpkp.exe
  2⤵
  PID:7116
- C:\Windows\System\cOKMwlC.exe
  C:\Windows\System\cOKMwlC.exe
  2⤵
  PID:7132
- C:\Windows\System\OgAEZtp.exe
  C:\Windows\System\OgAEZtp.exe
  2⤵
  PID:7148
- C:\Windows\System\dbVxtuI.exe
  C:\Windows\System\dbVxtuI.exe
  2⤵
  PID:7164
- C:\Windows\System\ixKTHSp.exe
  C:\Windows\System\ixKTHSp.exe
  2⤵
  PID:5164
- C:\Windows\System\mBMYPox.exe
  C:\Windows\System\mBMYPox.exe
  2⤵
  PID:6168
- C:\Windows\System\NCadzWm.exe
  C:\Windows\System\NCadzWm.exe
  2⤵
  PID:6200
- C:\Windows\System\IZEVWIM.exe
  C:\Windows\System\IZEVWIM.exe
  2⤵
  PID:6232
- C:\Windows\System\XbUlVgb.exe
  C:\Windows\System\XbUlVgb.exe
  2⤵
  PID:6296
- C:\Windows\System\mjiQPhV.exe
  C:\Windows\System\mjiQPhV.exe
  2⤵
  PID:6328
- C:\Windows\System\XjsytQc.exe
  C:\Windows\System\XjsytQc.exe
  2⤵
  PID:6360
- C:\Windows\System\tQFYwoK.exe
  C:\Windows\System\tQFYwoK.exe
  2⤵
  PID:6420
- C:\Windows\System\sjYPFPT.exe
  C:\Windows\System\sjYPFPT.exe
  2⤵
  PID:6484
- C:\Windows\System\uuXhjTK.exe
  C:\Windows\System\uuXhjTK.exe
  2⤵
  PID:6468
- C:\Windows\System\NSJZiWb.exe
  C:\Windows\System\NSJZiWb.exe
  2⤵
  PID:6404
- C:\Windows\System\qpDIoVm.exe
  C:\Windows\System\qpDIoVm.exe
  2⤵
  PID:6340
- C:\Windows\System\bSgGJBd.exe
  C:\Windows\System\bSgGJBd.exe
  2⤵
  PID:6532
- C:\Windows\System\dtMnvfx.exe
  C:\Windows\System\dtMnvfx.exe
  2⤵
  PID:6580
- C:\Windows\System\NOimQyi.exe
  C:\Windows\System\NOimQyi.exe
  2⤵
  PID:6596
- C:\Windows\System\KILaxWD.exe
  C:\Windows\System\KILaxWD.exe
  2⤵
  PID:6600
- C:\Windows\System\sWTuNOb.exe
  C:\Windows\System\sWTuNOb.exe
  2⤵
  PID:6680
- C:\Windows\System\HYbYzQV.exe
  C:\Windows\System\HYbYzQV.exe
  2⤵
  PID:6744
- C:\Windows\System\PjrMxfL.exe
  C:\Windows\System\PjrMxfL.exe
  2⤵
  PID:6804
- C:\Windows\System\GhoJEUU.exe
  C:\Windows\System\GhoJEUU.exe
  2⤵
  PID:6840
- C:\Windows\System\dQKpJik.exe
  C:\Windows\System\dQKpJik.exe
  2⤵
  PID:6872
- C:\Windows\System\ZXCpTZQ.exe
  C:\Windows\System\ZXCpTZQ.exe
  2⤵
  PID:6724
- C:\Windows\System\ZEQaFqG.exe
  C:\Windows\System\ZEQaFqG.exe
  2⤵
  PID:6788
- C:\Windows\System\dkQTuLp.exe
  C:\Windows\System\dkQTuLp.exe
  2⤵
  PID:6852
- C:\Windows\System\xCWokjz.exe
  C:\Windows\System\xCWokjz.exe
  2⤵
  PID:6916
- C:\Windows\System\mYPwuPN.exe
  C:\Windows\System\mYPwuPN.exe
  2⤵
  PID:6964
- C:\Windows\System\vbRSNlG.exe
  C:\Windows\System\vbRSNlG.exe
  2⤵
  PID:6948
- C:\Windows\System\LoepyDz.exe
  C:\Windows\System\LoepyDz.exe
  2⤵
  PID:7128
- C:\Windows\System\QTeeUux.exe
  C:\Windows\System\QTeeUux.exe
  2⤵
  PID:6152
- C:\Windows\System\GcFOdqP.exe
  C:\Windows\System\GcFOdqP.exe
  2⤵
  PID:6276
- C:\Windows\System\srYULBL.exe
  C:\Windows\System\srYULBL.exe
  2⤵
  PID:6344
- C:\Windows\System\IIJnfqc.exe
  C:\Windows\System\IIJnfqc.exe
  2⤵
  PID:7112
- C:\Windows\System\QsnlGoc.exe
  C:\Windows\System\QsnlGoc.exe
  2⤵
  PID:5820
- C:\Windows\System\WFMWShH.exe
  C:\Windows\System\WFMWShH.exe
  2⤵
  PID:6312
- C:\Windows\System\YdPifci.exe
  C:\Windows\System\YdPifci.exe
  2⤵
  PID:6820
- C:\Windows\System\emZqgFy.exe
  C:\Windows\System\emZqgFy.exe
  2⤵
  PID:6808
- C:\Windows\System\MCyBMUv.exe
  C:\Windows\System\MCyBMUv.exe
  2⤵
  PID:6824
- C:\Windows\System\MgSLkBo.exe
  C:\Windows\System\MgSLkBo.exe
  2⤵
  PID:6184
- C:\Windows\System\dJNaYoe.exe
  C:\Windows\System\dJNaYoe.exe
  2⤵
  PID:6280
- C:\Windows\System\zFmCuDF.exe
  C:\Windows\System\zFmCuDF.exe
  2⤵
  PID:6504
- C:\Windows\System\pQmBUXS.exe
  C:\Windows\System\pQmBUXS.exe
  2⤵
  PID:6676
- C:\Windows\System\MMkiWfd.exe
  C:\Windows\System\MMkiWfd.exe
  2⤵
  PID:6900
- C:\Windows\System\QVDCmnG.exe
  C:\Windows\System\QVDCmnG.exe
  2⤵
  PID:6888
- C:\Windows\System\UTLcimI.exe
  C:\Windows\System\UTLcimI.exe
  2⤵
  PID:7028
- C:\Windows\System\RQhrPyU.exe
  C:\Windows\System\RQhrPyU.exe
  2⤵
  PID:6324
- C:\Windows\System\bBfoxNZ.exe
  C:\Windows\System\bBfoxNZ.exe
  2⤵
  PID:6376
- C:\Windows\System\mVrdJxT.exe
  C:\Windows\System\mVrdJxT.exe
  2⤵
  PID:6392
- C:\Windows\System\IpUwWbZ.exe
  C:\Windows\System\IpUwWbZ.exe
  2⤵
  PID:7176
- C:\Windows\System\pdcksLQ.exe
  C:\Windows\System\pdcksLQ.exe
  2⤵
  PID:7192
- C:\Windows\System\IUKCvYM.exe
  C:\Windows\System\IUKCvYM.exe
  2⤵
  PID:7208
- C:\Windows\System\sOhWiQL.exe
  C:\Windows\System\sOhWiQL.exe
  2⤵
  PID:7224
- C:\Windows\System\OXzblRP.exe
  C:\Windows\System\OXzblRP.exe
  2⤵
  PID:7240
- C:\Windows\System\DgExOXy.exe
  C:\Windows\System\DgExOXy.exe
  2⤵
  PID:7256
- C:\Windows\System\XfQsMPE.exe
  C:\Windows\System\XfQsMPE.exe
  2⤵
  PID:7272
- C:\Windows\System\zOEaWVS.exe
  C:\Windows\System\zOEaWVS.exe
  2⤵
  PID:7288
- C:\Windows\System\CyOVgyE.exe
  C:\Windows\System\CyOVgyE.exe
  2⤵
  PID:7304
- C:\Windows\System\znkSguz.exe
  C:\Windows\System\znkSguz.exe
  2⤵
  PID:7320
- C:\Windows\System\dZQfnZa.exe
  C:\Windows\System\dZQfnZa.exe
  2⤵
  PID:7336
- C:\Windows\System\UspnLYJ.exe
  C:\Windows\System\UspnLYJ.exe
  2⤵
  PID:7352
- C:\Windows\System\agDZKxV.exe
  C:\Windows\System\agDZKxV.exe
  2⤵
  PID:7368
- C:\Windows\System\gbTRwwS.exe
  C:\Windows\System\gbTRwwS.exe
  2⤵
  PID:7384
- C:\Windows\System\CfVgRzW.exe
  C:\Windows\System\CfVgRzW.exe
  2⤵
  PID:7400
- C:\Windows\System\ssOHwwE.exe
  C:\Windows\System\ssOHwwE.exe
  2⤵
  PID:7416
- C:\Windows\System\DqJEhbb.exe
  C:\Windows\System\DqJEhbb.exe
  2⤵
  PID:7432
- C:\Windows\System\seTXdIq.exe
  C:\Windows\System\seTXdIq.exe
  2⤵
  PID:7448
- C:\Windows\System\aTfoEBR.exe
  C:\Windows\System\aTfoEBR.exe
  2⤵
  PID:7464
- C:\Windows\System\QtQVQlz.exe
  C:\Windows\System\QtQVQlz.exe
  2⤵
  PID:7480
- C:\Windows\System\gDalGtc.exe
  C:\Windows\System\gDalGtc.exe
  2⤵
  PID:7496
- C:\Windows\System\kKPtWBT.exe
  C:\Windows\System\kKPtWBT.exe
  2⤵
  PID:7512
- C:\Windows\System\ytYLlCi.exe
  C:\Windows\System\ytYLlCi.exe
  2⤵
  PID:7528
- C:\Windows\System\ZZUjTkQ.exe
  C:\Windows\System\ZZUjTkQ.exe
  2⤵
  PID:7544
- C:\Windows\System\rUFDnOu.exe
  C:\Windows\System\rUFDnOu.exe
  2⤵
  PID:7560
- C:\Windows\System\YEEXhYk.exe
  C:\Windows\System\YEEXhYk.exe
  2⤵
  PID:7576
- C:\Windows\System\zEaTxFc.exe
  C:\Windows\System\zEaTxFc.exe
  2⤵
  PID:7592
- C:\Windows\System\BZFvcYl.exe
  C:\Windows\System\BZFvcYl.exe
  2⤵
  PID:7608
- C:\Windows\System\sgJCnZN.exe
  C:\Windows\System\sgJCnZN.exe
  2⤵
  PID:7624
- C:\Windows\System\uhAUFyB.exe
  C:\Windows\System\uhAUFyB.exe
  2⤵
  PID:7640
- C:\Windows\System\qBxMnrA.exe
  C:\Windows\System\qBxMnrA.exe
  2⤵
  PID:7656
- C:\Windows\System\PATsrNg.exe
  C:\Windows\System\PATsrNg.exe
  2⤵
  PID:7672
- C:\Windows\System\DqlFovk.exe
  C:\Windows\System\DqlFovk.exe
  2⤵
  PID:7688
- C:\Windows\System\YABSpQR.exe
  C:\Windows\System\YABSpQR.exe
  2⤵
  PID:7704
- C:\Windows\System\nEJJVCY.exe
  C:\Windows\System\nEJJVCY.exe
  2⤵
  PID:7720
- C:\Windows\System\nnNLmKo.exe
  C:\Windows\System\nnNLmKo.exe
  2⤵
  PID:7736
- C:\Windows\System\cLPKgWP.exe
  C:\Windows\System\cLPKgWP.exe
  2⤵
  PID:7752
- C:\Windows\System\HTTAVeu.exe
  C:\Windows\System\HTTAVeu.exe
  2⤵
  PID:7768
- C:\Windows\System\pxbSWNJ.exe
  C:\Windows\System\pxbSWNJ.exe
  2⤵
  PID:7784
- C:\Windows\System\fkkIxry.exe
  C:\Windows\System\fkkIxry.exe
  2⤵
  PID:7800
- C:\Windows\System\YnIkfTv.exe
  C:\Windows\System\YnIkfTv.exe
  2⤵
  PID:7816
- C:\Windows\System\pcmDZci.exe
  C:\Windows\System\pcmDZci.exe
  2⤵
  PID:7832
- C:\Windows\System\YXDBTCA.exe
  C:\Windows\System\YXDBTCA.exe
  2⤵
  PID:7848
- C:\Windows\System\BojpFIa.exe
  C:\Windows\System\BojpFIa.exe
  2⤵
  PID:7864
- C:\Windows\System\HddUjsH.exe
  C:\Windows\System\HddUjsH.exe
  2⤵
  PID:7880
- C:\Windows\System\wGfKaoX.exe
  C:\Windows\System\wGfKaoX.exe
  2⤵
  PID:7896
- C:\Windows\System\MhCqjue.exe
  C:\Windows\System\MhCqjue.exe
  2⤵
  PID:7912
- C:\Windows\System\HpyYQDj.exe
  C:\Windows\System\HpyYQDj.exe
  2⤵
  PID:7928
- C:\Windows\System\FZPKekN.exe
  C:\Windows\System\FZPKekN.exe
  2⤵
  PID:7944
- C:\Windows\System\UXNLvKe.exe
  C:\Windows\System\UXNLvKe.exe
  2⤵
  PID:7960
- C:\Windows\System\ROASzid.exe
  C:\Windows\System\ROASzid.exe
  2⤵
  PID:7976
- C:\Windows\System\bsvScYP.exe
  C:\Windows\System\bsvScYP.exe
  2⤵
  PID:7992
- C:\Windows\System\pJFKgkR.exe
  C:\Windows\System\pJFKgkR.exe
  2⤵
  PID:8008
- C:\Windows\System\voORkyl.exe
  C:\Windows\System\voORkyl.exe
  2⤵
  PID:8024
- C:\Windows\System\CtMdNam.exe
  C:\Windows\System\CtMdNam.exe
  2⤵
  PID:8040
- C:\Windows\System\hivTqVp.exe
  C:\Windows\System\hivTqVp.exe
  2⤵
  PID:8056
- C:\Windows\System\dzharUN.exe
  C:\Windows\System\dzharUN.exe
  2⤵
  PID:8072
- C:\Windows\System\kGoRIav.exe
  C:\Windows\System\kGoRIav.exe
  2⤵
  PID:8088
- C:\Windows\System\eQDOqDw.exe
  C:\Windows\System\eQDOqDw.exe
  2⤵
  PID:8104
- C:\Windows\System\KewoLFN.exe
  C:\Windows\System\KewoLFN.exe
  2⤵
  PID:8120
- C:\Windows\System\fcleHaU.exe
  C:\Windows\System\fcleHaU.exe
  2⤵
  PID:8136
- C:\Windows\System\FQlvJFU.exe
  C:\Windows\System\FQlvJFU.exe
  2⤵
  PID:8152
- C:\Windows\System\pWueOfC.exe
  C:\Windows\System\pWueOfC.exe
  2⤵
  PID:8168
- C:\Windows\System\hBjlaTd.exe
  C:\Windows\System\hBjlaTd.exe
  2⤵
  PID:8184
- C:\Windows\System\bjnHcoI.exe
  C:\Windows\System\bjnHcoI.exe
  2⤵
  PID:6372
- C:\Windows\System\ISqMLtX.exe
  C:\Windows\System\ISqMLtX.exe
  2⤵
  PID:7200
- C:\Windows\System\fExPpqu.exe
  C:\Windows\System\fExPpqu.exe
  2⤵
  PID:5436
- C:\Windows\System\nqhhtUE.exe
  C:\Windows\System\nqhhtUE.exe
  2⤵
  PID:6452
- C:\Windows\System\AGNZVlV.exe
  C:\Windows\System\AGNZVlV.exe
  2⤵
  PID:7236
- C:\Windows\System\JqOdyba.exe
  C:\Windows\System\JqOdyba.exe
  2⤵
  PID:7328
- C:\Windows\System\IrFMVDq.exe
  C:\Windows\System\IrFMVDq.exe
  2⤵
  PID:7488
- C:\Windows\System\QShcpkQ.exe
  C:\Windows\System\QShcpkQ.exe
  2⤵
  PID:7428
- C:\Windows\System\afSoPFB.exe
  C:\Windows\System\afSoPFB.exe
  2⤵
  PID:6696
- C:\Windows\System\sZfeatM.exe
  C:\Windows\System\sZfeatM.exe
  2⤵
  PID:6568
- C:\Windows\System\IhUpVXR.exe
  C:\Windows\System\IhUpVXR.exe
  2⤵
  PID:6628
- C:\Windows\System\cMXVajm.exe
  C:\Windows\System\cMXVajm.exe
  2⤵
  PID:6264
- C:\Windows\System\IEPHSGm.exe
  C:\Windows\System\IEPHSGm.exe
  2⤵
  PID:7520
- C:\Windows\System\FfHbYqz.exe
  C:\Windows\System\FfHbYqz.exe
  2⤵
  PID:7408
- C:\Windows\System\wCdJjRY.exe
  C:\Windows\System\wCdJjRY.exe
  2⤵
  PID:7316
- C:\Windows\System\BfnhapI.exe
  C:\Windows\System\BfnhapI.exe
  2⤵
  PID:7252
- C:\Windows\System\vPkwEha.exe
  C:\Windows\System\vPkwEha.exe
  2⤵
  PID:7188
- C:\Windows\System\yXNhhBR.exe
  C:\Windows\System\yXNhhBR.exe
  2⤵
  PID:7584
- C:\Windows\System\jDshRbF.exe
  C:\Windows\System\jDshRbF.exe
  2⤵
  PID:7380
- C:\Windows\System\qQCCqbG.exe
  C:\Windows\System\qQCCqbG.exe
  2⤵
  PID:7600
- C:\Windows\System\GgwyvNT.exe
  C:\Windows\System\GgwyvNT.exe
  2⤵
  PID:7680
- C:\Windows\System\qPchrzT.exe
  C:\Windows\System\qPchrzT.exe
  2⤵
  PID:7472
- C:\Windows\System\xIfkJjt.exe
  C:\Windows\System\xIfkJjt.exe
  2⤵
  PID:7664
- C:\Windows\System\JBUspGN.exe
  C:\Windows\System\JBUspGN.exe
  2⤵
  PID:7536
- C:\Windows\System\arjJqJb.exe
  C:\Windows\System\arjJqJb.exe
  2⤵
  PID:7744
- C:\Windows\System\TpFwWFE.exe
  C:\Windows\System\TpFwWFE.exe
  2⤵
  PID:7760
- C:\Windows\System\ZGguHjP.exe
  C:\Windows\System\ZGguHjP.exe
  2⤵
  PID:7808
- C:\Windows\System\tBasTye.exe
  C:\Windows\System\tBasTye.exe
  2⤵
  PID:7872
- C:\Windows\System\uMLTboq.exe
  C:\Windows\System\uMLTboq.exe
  2⤵
  PID:7936
- C:\Windows\System\uAUKYnC.exe
  C:\Windows\System\uAUKYnC.exe
  2⤵
  PID:7968
- C:\Windows\System\bDraNmV.exe
  C:\Windows\System\bDraNmV.exe
  2⤵
  PID:8004
- C:\Windows\System\PxqvxCj.exe
  C:\Windows\System\PxqvxCj.exe
  2⤵
  PID:8048
- C:\Windows\System\FolvqcC.exe
  C:\Windows\System\FolvqcC.exe
  2⤵
  PID:7984
- C:\Windows\System\AsQpDOa.exe
  C:\Windows\System\AsQpDOa.exe
  2⤵
  PID:7920
- C:\Windows\System\UYWTrRA.exe
  C:\Windows\System\UYWTrRA.exe
  2⤵
  PID:7988
- C:\Windows\System\moLgVEt.exe
  C:\Windows\System\moLgVEt.exe
  2⤵
  PID:8084
- C:\Windows\System\qXAZxwo.exe
  C:\Windows\System\qXAZxwo.exe
  2⤵
  PID:8112
- C:\Windows\System\gRVPpnQ.exe
  C:\Windows\System\gRVPpnQ.exe
  2⤵
  PID:8148
- C:\Windows\System\UXoSSlU.exe
  C:\Windows\System\UXoSSlU.exe
  2⤵
  PID:7264
- C:\Windows\System\TfbCPms.exe
  C:\Windows\System\TfbCPms.exe
  2⤵
  PID:7232
- C:\Windows\System\cmvMwVc.exe
  C:\Windows\System\cmvMwVc.exe
  2⤵
  PID:7492
- C:\Windows\System\iHPQbAC.exe
  C:\Windows\System\iHPQbAC.exe
  2⤵
  PID:6216
- C:\Windows\System\LMOpDbM.exe
  C:\Windows\System\LMOpDbM.exe
  2⤵
  PID:7216
- C:\Windows\System\GbNGjjM.exe
  C:\Windows\System\GbNGjjM.exe
  2⤵
  PID:7648
- C:\Windows\System\WbFlqYm.exe
  C:\Windows\System\WbFlqYm.exe
  2⤵
  PID:7728
- C:\Windows\System\yQXOfgU.exe
  C:\Windows\System\yQXOfgU.exe
  2⤵
  PID:7904
- C:\Windows\System\mEIIyNA.exe
  C:\Windows\System\mEIIyNA.exe
  2⤵
  PID:7284
- C:\Windows\System\gNBxAOP.exe
  C:\Windows\System\gNBxAOP.exe
  2⤵
  PID:8000
- C:\Windows\System\cabyCvP.exe
  C:\Windows\System\cabyCvP.exe
  2⤵
  PID:7048
- C:\Windows\System\AmjppGy.exe
  C:\Windows\System\AmjppGy.exe
  2⤵
  PID:7568
- C:\Windows\System\lOHrnRI.exe
  C:\Windows\System\lOHrnRI.exe
  2⤵
  PID:7716
- C:\Windows\System\NJrgXYp.exe
  C:\Windows\System\NJrgXYp.exe
  2⤵
  PID:6552
- C:\Windows\System\UqqNTVM.exe
  C:\Windows\System\UqqNTVM.exe
  2⤵
  PID:7860
- C:\Windows\System\QBMeRYU.exe
  C:\Windows\System\QBMeRYU.exe
  2⤵
  PID:8064
- C:\Windows\System\bSfwEvn.exe
  C:\Windows\System\bSfwEvn.exe
  2⤵
  PID:7700
- C:\Windows\System\QuQcoLs.exe
  C:\Windows\System\QuQcoLs.exe
  2⤵
  PID:8116
- C:\Windows\System\BrWXcmu.exe
  C:\Windows\System\BrWXcmu.exe
  2⤵
  PID:8100
- C:\Windows\System\TUrUaEP.exe
  C:\Windows\System\TUrUaEP.exe
  2⤵
  PID:7460
- C:\Windows\System\pbMbaEr.exe
  C:\Windows\System\pbMbaEr.exe
  2⤵
  PID:6760
- C:\Windows\System\AlBAFev.exe
  C:\Windows\System\AlBAFev.exe
  2⤵
  PID:7344
- C:\Windows\System\rbQajkD.exe
  C:\Windows\System\rbQajkD.exe
  2⤵
  PID:7636
- C:\Windows\System\aIcDGhV.exe
  C:\Windows\System\aIcDGhV.exe
  2⤵
  PID:7908
- C:\Windows\System\RkKatMf.exe
  C:\Windows\System\RkKatMf.exe
  2⤵
  PID:7712
- C:\Windows\System\NLpGGnI.exe
  C:\Windows\System\NLpGGnI.exe
  2⤵
  PID:7424
- C:\Windows\System\QdxmaHI.exe
  C:\Windows\System\QdxmaHI.exe
  2⤵
  PID:7776
- C:\Windows\System\VoKZUXt.exe
  C:\Windows\System\VoKZUXt.exe
  2⤵
  PID:7508
- C:\Windows\System\njoVymQ.exe
  C:\Windows\System\njoVymQ.exe
  2⤵
  PID:7632
- C:\Windows\System\vYqTZMX.exe
  C:\Windows\System\vYqTZMX.exe
  2⤵
  PID:6244
- C:\Windows\System\GKYuTwm.exe
  C:\Windows\System\GKYuTwm.exe
  2⤵
  PID:8180
- C:\Windows\System\IMmoVVD.exe
  C:\Windows\System\IMmoVVD.exe
  2⤵
  PID:6632
- C:\Windows\System\Zhrrobq.exe
  C:\Windows\System\Zhrrobq.exe
  2⤵
  PID:7840
- C:\Windows\System\bZWuQPE.exe
  C:\Windows\System\bZWuQPE.exe
  2⤵
  PID:7000
- C:\Windows\System\vPMeSNY.exe
  C:\Windows\System\vPMeSNY.exe
  2⤵
  PID:8036
- C:\Windows\System\cxuMJvk.exe
  C:\Windows\System\cxuMJvk.exe
  2⤵
  PID:8208
- C:\Windows\System\VUqIzTK.exe
  C:\Windows\System\VUqIzTK.exe
  2⤵
  PID:8224
- C:\Windows\System\IhphThp.exe
  C:\Windows\System\IhphThp.exe
  2⤵
  PID:8240
- C:\Windows\System\JAfbTBL.exe
  C:\Windows\System\JAfbTBL.exe
  2⤵
  PID:8256
- C:\Windows\System\XrLavcN.exe
  C:\Windows\System\XrLavcN.exe
  2⤵
  PID:8272
- C:\Windows\System\GxFhDZx.exe
  C:\Windows\System\GxFhDZx.exe
  2⤵
  PID:8288
- C:\Windows\System\uhqAwaw.exe
  C:\Windows\System\uhqAwaw.exe
  2⤵
  PID:8304
- C:\Windows\System\EfxszBy.exe
  C:\Windows\System\EfxszBy.exe
  2⤵
  PID:8320
- C:\Windows\System\sxrxGly.exe
  C:\Windows\System\sxrxGly.exe
  2⤵
  PID:8336
- C:\Windows\System\CHYxmHt.exe
  C:\Windows\System\CHYxmHt.exe
  2⤵
  PID:8352
- C:\Windows\System\gZExRoY.exe
  C:\Windows\System\gZExRoY.exe
  2⤵
  PID:8368
- C:\Windows\System\BJfSzwg.exe
  C:\Windows\System\BJfSzwg.exe
  2⤵
  PID:8384
- C:\Windows\System\VUHWPts.exe
  C:\Windows\System\VUHWPts.exe
  2⤵
  PID:8400
- C:\Windows\System\AHWrywH.exe
  C:\Windows\System\AHWrywH.exe
  2⤵
  PID:8416
- C:\Windows\System\mBiZXMz.exe
  C:\Windows\System\mBiZXMz.exe
  2⤵
  PID:8432
- C:\Windows\System\XpnshRA.exe
  C:\Windows\System\XpnshRA.exe
  2⤵
  PID:8448
- C:\Windows\System\WEWsAwv.exe
  C:\Windows\System\WEWsAwv.exe
  2⤵
  PID:8464
- C:\Windows\System\ZTchNrD.exe
  C:\Windows\System\ZTchNrD.exe
  2⤵
  PID:8480
- C:\Windows\System\IigzIXB.exe
  C:\Windows\System\IigzIXB.exe
  2⤵
  PID:8496
- C:\Windows\System\DFHalWC.exe
  C:\Windows\System\DFHalWC.exe
  2⤵
  PID:8512
- C:\Windows\System\wFxgHCT.exe
  C:\Windows\System\wFxgHCT.exe
  2⤵
  PID:8528
- C:\Windows\System\ERJPRos.exe
  C:\Windows\System\ERJPRos.exe
  2⤵
  PID:8544
- C:\Windows\System\YlwVfQq.exe
  C:\Windows\System\YlwVfQq.exe
  2⤵
  PID:8560
- C:\Windows\System\FtJaQDY.exe
  C:\Windows\System\FtJaQDY.exe
  2⤵
  PID:8576
- C:\Windows\System\khviGft.exe
  C:\Windows\System\khviGft.exe
  2⤵
  PID:8592
- C:\Windows\System\YSqFMKx.exe
  C:\Windows\System\YSqFMKx.exe
  2⤵
  PID:8608
- C:\Windows\System\hWOfmor.exe
  C:\Windows\System\hWOfmor.exe
  2⤵
  PID:8628
- C:\Windows\System\PnVbzVh.exe
  C:\Windows\System\PnVbzVh.exe
  2⤵
  PID:8644
- C:\Windows\System\yfLDENj.exe
  C:\Windows\System\yfLDENj.exe
  2⤵
  PID:8660
- C:\Windows\System\nYPbsgh.exe
  C:\Windows\System\nYPbsgh.exe
  2⤵
  PID:8676
- C:\Windows\System\BGhMuuN.exe
  C:\Windows\System\BGhMuuN.exe
  2⤵
  PID:8692
- C:\Windows\System\jEYdMHb.exe
  C:\Windows\System\jEYdMHb.exe
  2⤵
  PID:8904
- C:\Windows\System\JXQzfoO.exe
  C:\Windows\System\JXQzfoO.exe
  2⤵
  PID:8956
- C:\Windows\System\pkXKqtl.exe
  C:\Windows\System\pkXKqtl.exe
  2⤵
  PID:8972
- C:\Windows\System\oSISGkJ.exe
  C:\Windows\System\oSISGkJ.exe
  2⤵
  PID:8988
- C:\Windows\System\xLFxySE.exe
  C:\Windows\System\xLFxySE.exe
  2⤵
  PID:9004
- C:\Windows\System\xVyCMBv.exe
  C:\Windows\System\xVyCMBv.exe
  2⤵
  PID:9020
- C:\Windows\System\sYDxXnE.exe
  C:\Windows\System\sYDxXnE.exe
  2⤵
  PID:9036
- C:\Windows\System\ztXlLif.exe
  C:\Windows\System\ztXlLif.exe
  2⤵
  PID:9052
- C:\Windows\System\cCSKATd.exe
  C:\Windows\System\cCSKATd.exe
  2⤵
  PID:9068
- C:\Windows\System\jfyUNeJ.exe
  C:\Windows\System\jfyUNeJ.exe
  2⤵
  PID:9084
- C:\Windows\System\nVQgYRq.exe
  C:\Windows\System\nVQgYRq.exe
  2⤵
  PID:9100
- C:\Windows\System\rmRNvWX.exe
  C:\Windows\System\rmRNvWX.exe
  2⤵
  PID:9116
- C:\Windows\System\WYzirGo.exe
  C:\Windows\System\WYzirGo.exe
  2⤵
  PID:9132
- C:\Windows\System\uxFWNrD.exe
  C:\Windows\System\uxFWNrD.exe
  2⤵
  PID:8828
- C:\Windows\System\MYfnQOe.exe
  C:\Windows\System\MYfnQOe.exe
  2⤵
  PID:9000
- C:\Windows\System\AGDiSSE.exe
  C:\Windows\System\AGDiSSE.exe
  2⤵
  PID:9140
- C:\Windows\System\vjqAYtw.exe
  C:\Windows\System\vjqAYtw.exe
  2⤵
  PID:9152
- C:\Windows\System\SnLYZBp.exe
  C:\Windows\System\SnLYZBp.exe
  2⤵
  PID:9172
- C:\Windows\System\WZgctHP.exe
  C:\Windows\System\WZgctHP.exe
  2⤵
  PID:9176
- C:\Windows\System\plrqsjs.exe
  C:\Windows\System\plrqsjs.exe
  2⤵
  PID:9200
- C:\Windows\System\yujMQGo.exe
  C:\Windows\System\yujMQGo.exe
  2⤵
  PID:7396
- C:\Windows\System\djBobqf.exe
  C:\Windows\System\djBobqf.exe
  2⤵
  PID:8080
- C:\Windows\System\mPTsBcG.exe
  C:\Windows\System\mPTsBcG.exe
  2⤵
  PID:8252
- C:\Windows\System\jZaOdzw.exe
  C:\Windows\System\jZaOdzw.exe
  2⤵
  PID:8744
- C:\Windows\System\DKRlkqJ.exe
  C:\Windows\System\DKRlkqJ.exe
  2⤵
  PID:8876
- C:\Windows\System\nHmpenO.exe
  C:\Windows\System\nHmpenO.exe
  2⤵
  PID:8924
- C:\Windows\System\WtUDDcv.exe
  C:\Windows\System\WtUDDcv.exe
  2⤵
  PID:9160
- C:\Windows\System\xabDquR.exe
  C:\Windows\System\xabDquR.exe
  2⤵
  PID:8216
- C:\Windows\System\HnXYCKp.exe
  C:\Windows\System\HnXYCKp.exe
  2⤵
  PID:8380
- C:\Windows\System\BRQPAsZ.exe
  C:\Windows\System\BRQPAsZ.exe
  2⤵
  PID:8476
- C:\Windows\System\ODObJNJ.exe
  C:\Windows\System\ODObJNJ.exe
  2⤵
  PID:8536
- C:\Windows\System\EDloqLI.exe
  C:\Windows\System\EDloqLI.exe
  2⤵
  PID:8768
- C:\Windows\System\OjoNUbO.exe
  C:\Windows\System\OjoNUbO.exe
  2⤵
  PID:8788
- C:\Windows\System\XZiliAD.exe
  C:\Windows\System\XZiliAD.exe
  2⤵
  PID:8812
- C:\Windows\System\HOGHMzb.exe
  C:\Windows\System\HOGHMzb.exe
  2⤵
  PID:8836
- C:\Windows\System\PbskFWE.exe
  C:\Windows\System\PbskFWE.exe
  2⤵
  PID:8860
- C:\Windows\System\OyzCjwO.exe
  C:\Windows\System\OyzCjwO.exe
  2⤵
  PID:8888
- C:\Windows\System\AaUkBsQ.exe
  C:\Windows\System\AaUkBsQ.exe
  2⤵
  PID:8912
- C:\Windows\System\HBSilxV.exe
  C:\Windows\System\HBSilxV.exe
  2⤵
  PID:8672
- C:\Windows\System\uCvGmRl.exe
  C:\Windows\System\uCvGmRl.exe
  2⤵
  PID:8732
- C:\Windows\System\HiCEemL.exe
  C:\Windows\System\HiCEemL.exe
  2⤵
  PID:9076
- C:\Windows\System\NFiwpQv.exe
  C:\Windows\System\NFiwpQv.exe
  2⤵
  PID:8952
- C:\Windows\System\fxSGyLf.exe
  C:\Windows\System\fxSGyLf.exe
  2⤵
  PID:8936
- C:\Windows\System\CLQTKEZ.exe
  C:\Windows\System\CLQTKEZ.exe
  2⤵
  PID:9192
- C:\Windows\System\TnvkrWw.exe
  C:\Windows\System\TnvkrWw.exe
  2⤵
  PID:9032
- C:\Windows\System\rbuinxF.exe
  C:\Windows\System\rbuinxF.exe
  2⤵
  PID:8460
- C:\Windows\System\CcCkmTo.exe
  C:\Windows\System\CcCkmTo.exe
  2⤵
  PID:8636
- C:\Windows\System\dEHqAUl.exe
  C:\Windows\System\dEHqAUl.exe
  2⤵
  PID:8144
- C:\Windows\System\lOemPfC.exe
  C:\Windows\System\lOemPfC.exe
  2⤵
  PID:8708
- C:\Windows\System\QgMtUHQ.exe
  C:\Windows\System\QgMtUHQ.exe
  2⤵
  PID:8740
- C:\Windows\System\POzQGEb.exe
  C:\Windows\System\POzQGEb.exe
  2⤵
  PID:8776
- C:\Windows\System\bJqoqyT.exe
  C:\Windows\System\bJqoqyT.exe
  2⤵
  PID:8800
- C:\Windows\System\zvSnBDl.exe
  C:\Windows\System\zvSnBDl.exe
  2⤵
  PID:8808
- C:\Windows\System\oZGCRqF.exe
  C:\Windows\System\oZGCRqF.exe
  2⤵
  PID:8556
- C:\Windows\System\YtcPaGi.exe
  C:\Windows\System\YtcPaGi.exe
  2⤵
  PID:8968
- C:\Windows\System\DwMoNbG.exe
  C:\Windows\System\DwMoNbG.exe
  2⤵
  PID:8296
- C:\Windows\System\qGuhqzL.exe
  C:\Windows\System\qGuhqzL.exe
  2⤵
  PID:8348
- C:\Windows\System\TWUEkzr.exe
  C:\Windows\System\TWUEkzr.exe
  2⤵
  PID:8204
- C:\Windows\System\xbQjtEz.exe
  C:\Windows\System\xbQjtEz.exe
  2⤵
  PID:8300
- C:\Windows\System\wZRwVUh.exe
  C:\Windows\System\wZRwVUh.exe
  2⤵
  PID:8332
- C:\Windows\System\sZjCIFP.exe
  C:\Windows\System\sZjCIFP.exe
  2⤵
  PID:8508
- C:\Windows\System\tLbOqcz.exe
  C:\Windows\System\tLbOqcz.exe
  2⤵
  PID:8492
- C:\Windows\System\pZmbvye.exe
  C:\Windows\System\pZmbvye.exe
  2⤵
  PID:8712
- C:\Windows\System\gUZvoPA.exe
  C:\Windows\System\gUZvoPA.exe
  2⤵
  PID:8944
- C:\Windows\System\bdkWpDS.exe
  C:\Windows\System\bdkWpDS.exe
  2⤵
  PID:9080
- C:\Windows\System\hMWNpeg.exe
  C:\Windows\System\hMWNpeg.exe
  2⤵
  PID:8568
- C:\Windows\System\YovwFIO.exe
  C:\Windows\System\YovwFIO.exe
  2⤵
  PID:8520
- C:\Windows\System\lvfDnNh.exe
  C:\Windows\System\lvfDnNh.exe
  2⤵
  PID:8760
- C:\Windows\System\oruuUVY.exe
  C:\Windows\System\oruuUVY.exe
  2⤵
  PID:8700
- C:\Windows\System\bNHDsIu.exe
  C:\Windows\System\bNHDsIu.exe
  2⤵
  PID:8756
- C:\Windows\System\xROotcH.exe
  C:\Windows\System\xROotcH.exe
  2⤵
  PID:8796
- C:\Windows\System\nQMePcN.exe
  C:\Windows\System\nQMePcN.exe
  2⤵
  PID:8824
- C:\Windows\System\WNQmXYw.exe
  C:\Windows\System\WNQmXYw.exe
  2⤵
  PID:8920
- C:\Windows\System\rZFdjIn.exe
  C:\Windows\System\rZFdjIn.exe
  2⤵
  PID:9044
- C:\Windows\System\WnctLSS.exe
  C:\Windows\System\WnctLSS.exe
  2⤵
  PID:8264
- C:\Windows\System\RhSnNcX.exe
  C:\Windows\System\RhSnNcX.exe
  2⤵
  PID:8360
- C:\Windows\System\gnttwZM.exe
  C:\Windows\System\gnttwZM.exe
  2⤵
  PID:8444
- C:\Windows\System\qkljBYT.exe
  C:\Windows\System\qkljBYT.exe
  2⤵
  PID:8620
- C:\Windows\System\IMnDuxU.exe
  C:\Windows\System\IMnDuxU.exe
  2⤵
  PID:9128
- C:\Windows\System\dsFjLWN.exe
  C:\Windows\System\dsFjLWN.exe
  2⤵
  PID:9048
- C:\Windows\System\OhBMpJy.exe
  C:\Windows\System\OhBMpJy.exe
  2⤵
  PID:8652
- C:\Windows\System\MXDvSSJ.exe
  C:\Windows\System\MXDvSSJ.exe
  2⤵
  PID:8588
- C:\Windows\System\cPvFYiv.exe
  C:\Windows\System\cPvFYiv.exe
  2⤵
  PID:8200
- C:\Windows\System\OaRuuub.exe
  C:\Windows\System\OaRuuub.exe
  2⤵
  PID:8872
- C:\Windows\System\IncAKHY.exe
  C:\Windows\System\IncAKHY.exe
  2⤵
  PID:8232
- C:\Windows\System\FFAoXBF.exe
  C:\Windows\System\FFAoXBF.exe
  2⤵
  PID:8396
- C:\Windows\System\ywYMbjH.exe
  C:\Windows\System\ywYMbjH.exe
  2⤵
  PID:8980
- C:\Windows\System\jtlHdho.exe
  C:\Windows\System\jtlHdho.exe
  2⤵
  PID:8688
- C:\Windows\System\fxEwhHK.exe
  C:\Windows\System\fxEwhHK.exe
  2⤵
  PID:8472
- C:\Windows\System\UjyziCd.exe
  C:\Windows\System\UjyziCd.exe
  2⤵
  PID:8900
- C:\Windows\System\dKwJECT.exe
  C:\Windows\System\dKwJECT.exe
  2⤵
  PID:8408
- C:\Windows\System\sathqIC.exe
  C:\Windows\System\sathqIC.exe
  2⤵
  PID:8604
- C:\Windows\System\jlvALYX.exe
  C:\Windows\System\jlvALYX.exe
  2⤵
  PID:8996
- C:\Windows\System\zFeXDXD.exe
  C:\Windows\System\zFeXDXD.exe
  2⤵
  PID:8964
- C:\Windows\System\arJinDT.exe
  C:\Windows\System\arJinDT.exe
  2⤵
  PID:8584
- C:\Windows\System\yoWPUJF.exe
  C:\Windows\System\yoWPUJF.exe
  2⤵
  PID:9232
- C:\Windows\System\PpTEeVa.exe
  C:\Windows\System\PpTEeVa.exe
  2⤵
  PID:9248
- C:\Windows\System\WnuDMEE.exe
  C:\Windows\System\WnuDMEE.exe
  2⤵
  PID:9276
- C:\Windows\System\rjxzxhw.exe
  C:\Windows\System\rjxzxhw.exe
  2⤵
  PID:9296
- C:\Windows\System\GmwUxyk.exe
  C:\Windows\System\GmwUxyk.exe
  2⤵
  PID:9328
- C:\Windows\System\ellugdD.exe
  C:\Windows\System\ellugdD.exe
  2⤵
  PID:9344
- C:\Windows\System\qPtCQhY.exe
  C:\Windows\System\qPtCQhY.exe
  2⤵
  PID:9360
- C:\Windows\System\cLkiQQT.exe
  C:\Windows\System\cLkiQQT.exe
  2⤵
  PID:9380
- C:\Windows\System\TaPJXxW.exe
  C:\Windows\System\TaPJXxW.exe
  2⤵
  PID:9404
- C:\Windows\System\oBowYPo.exe
  C:\Windows\System\oBowYPo.exe
  2⤵
  PID:9424
- C:\Windows\System\GxSMBGJ.exe
  C:\Windows\System\GxSMBGJ.exe
  2⤵
  PID:9444
- C:\Windows\System\tboXphh.exe
  C:\Windows\System\tboXphh.exe
  2⤵
  PID:9460
- C:\Windows\System\wDEGpft.exe
  C:\Windows\System\wDEGpft.exe
  2⤵
  PID:9484
- C:\Windows\System\hDvoqHv.exe
  C:\Windows\System\hDvoqHv.exe
  2⤵
  PID:9500
- C:\Windows\System\mqjnazE.exe
  C:\Windows\System\mqjnazE.exe
  2⤵
  PID:9532
- C:\Windows\System\IGujudn.exe
  C:\Windows\System\IGujudn.exe
  2⤵
  PID:9548
- C:\Windows\System\lqioZBo.exe
  C:\Windows\System\lqioZBo.exe
  2⤵
  PID:9564
- C:\Windows\System\lmopReU.exe
  C:\Windows\System\lmopReU.exe
  2⤵
  PID:9580
- C:\Windows\System\qRDxKJg.exe
  C:\Windows\System\qRDxKJg.exe
  2⤵
  PID:9600
- C:\Windows\System\mhxMLqM.exe
  C:\Windows\System\mhxMLqM.exe
  2⤵
  PID:9616
- C:\Windows\System\usJrbRM.exe
  C:\Windows\System\usJrbRM.exe
  2⤵
  PID:9632
- C:\Windows\System\MuTeCYm.exe
  C:\Windows\System\MuTeCYm.exe
  2⤵
  PID:9660
- C:\Windows\System\ldlpkTv.exe
  C:\Windows\System\ldlpkTv.exe
  2⤵
  PID:9696
- C:\Windows\System\IukcgCH.exe
  C:\Windows\System\IukcgCH.exe
  2⤵
  PID:9712
- C:\Windows\System\jGLHCgz.exe
  C:\Windows\System\jGLHCgz.exe
  2⤵
  PID:9732
- C:\Windows\System\lFLojYa.exe
  C:\Windows\System\lFLojYa.exe
  2⤵
  PID:9752
- C:\Windows\System\CFJFOuA.exe
  C:\Windows\System\CFJFOuA.exe
  2⤵
  PID:9772
- C:\Windows\System\AQFRJip.exe
  C:\Windows\System\AQFRJip.exe
  2⤵
  PID:9792
- C:\Windows\System\iWJzBEZ.exe
  C:\Windows\System\iWJzBEZ.exe
  2⤵
  PID:9812
- C:\Windows\System\NzBIJQN.exe
  C:\Windows\System\NzBIJQN.exe
  2⤵
  PID:9828
- C:\Windows\System\XPVmNNj.exe
  C:\Windows\System\XPVmNNj.exe
  2⤵
  PID:9852
- C:\Windows\System\YjRpALR.exe
  C:\Windows\System\YjRpALR.exe
  2⤵
  PID:9872
- C:\Windows\System\dholapX.exe
  C:\Windows\System\dholapX.exe
  2⤵
  PID:9892
- C:\Windows\System\gNvHpYS.exe
  C:\Windows\System\gNvHpYS.exe
  2⤵
  PID:9912
- C:\Windows\System\QihUgko.exe
  C:\Windows\System\QihUgko.exe
  2⤵
  PID:9932
- C:\Windows\System\grxdUxY.exe
  C:\Windows\System\grxdUxY.exe
  2⤵
  PID:9956
- C:\Windows\System\RdrvWtP.exe
  C:\Windows\System\RdrvWtP.exe
  2⤵
  PID:9980
- C:\Windows\System\mtESUqL.exe
  C:\Windows\System\mtESUqL.exe
  2⤵
  PID:9996
- C:\Windows\System\hkODYHC.exe
  C:\Windows\System\hkODYHC.exe
  2⤵
  PID:10016
- C:\Windows\System\BjKxtIJ.exe
  C:\Windows\System\BjKxtIJ.exe
  2⤵
  PID:10040
- C:\Windows\System\JGIDaGm.exe
  C:\Windows\System\JGIDaGm.exe
  2⤵
  PID:10056
- C:\Windows\System\qnciFnX.exe
  C:\Windows\System\qnciFnX.exe
  2⤵
  PID:10076
- C:\Windows\System\BEhkOmn.exe
  C:\Windows\System\BEhkOmn.exe
  2⤵
  PID:10104
- C:\Windows\System\jhGaXwW.exe
  C:\Windows\System\jhGaXwW.exe
  2⤵
  PID:10124
- C:\Windows\System\mBIsFZm.exe
  C:\Windows\System\mBIsFZm.exe
  2⤵
  PID:10140
- C:\Windows\System\VPcqUQW.exe
  C:\Windows\System\VPcqUQW.exe
  2⤵
  PID:10168
- C:\Windows\System\QODHsGU.exe
  C:\Windows\System\QODHsGU.exe
  2⤵
  PID:10184
- C:\Windows\System\YkPheTV.exe
  C:\Windows\System\YkPheTV.exe
  2⤵
  PID:10200
- C:\Windows\System\RGCJLom.exe
  C:\Windows\System\RGCJLom.exe
  2⤵
  PID:10216
- C:\Windows\System\TbmpYSp.exe
  C:\Windows\System\TbmpYSp.exe
  2⤵
  PID:10232
- C:\Windows\System\KpYkhNE.exe
  C:\Windows\System\KpYkhNE.exe
  2⤵
  PID:8624
- C:\Windows\System\oTMTfGY.exe
  C:\Windows\System\oTMTfGY.exe
  2⤵
  PID:9240
- C:\Windows\System\CosMRhV.exe
  C:\Windows\System\CosMRhV.exe
  2⤵
  PID:8312
- C:\Windows\System\qJMaWHf.exe
  C:\Windows\System\qJMaWHf.exe
  2⤵
  PID:9268
- C:\Windows\System\nqbFvIs.exe
  C:\Windows\System\nqbFvIs.exe
  2⤵
  PID:9308
- C:\Windows\System\qBzGylP.exe
  C:\Windows\System\qBzGylP.exe
  2⤵
  PID:7888
- C:\Windows\System\YpYcQsK.exe
  C:\Windows\System\YpYcQsK.exe
  2⤵
  PID:9376
- C:\Windows\System\JUGzWUP.exe
  C:\Windows\System\JUGzWUP.exe
  2⤵
  PID:9396
- C:\Windows\System\VtXTQBL.exe
  C:\Windows\System\VtXTQBL.exe
  2⤵
  PID:9440
- C:\Windows\System\DSuzMds.exe
  C:\Windows\System\DSuzMds.exe
  2⤵
  PID:9476
- C:\Windows\System\ObXhfAe.exe
  C:\Windows\System\ObXhfAe.exe
  2⤵
  PID:9516
- C:\Windows\System\kEUvCAo.exe
  C:\Windows\System\kEUvCAo.exe
  2⤵
  PID:9520
- C:\Windows\System\rMhDVcV.exe
  C:\Windows\System\rMhDVcV.exe
  2⤵
  PID:9592
- C:\Windows\System\aANrPUT.exe
  C:\Windows\System\aANrPUT.exe
  2⤵
  PID:9652
- C:\Windows\System\JZflGoO.exe
  C:\Windows\System\JZflGoO.exe
  2⤵
  PID:9628
- C:\Windows\System\RvBTwQm.exe
  C:\Windows\System\RvBTwQm.exe
  2⤵
  PID:9684
- C:\Windows\System\hWXjcHU.exe
  C:\Windows\System\hWXjcHU.exe
  2⤵
  PID:9704
- C:\Windows\System\ETnayoK.exe
  C:\Windows\System\ETnayoK.exe
  2⤵
  PID:9748
- C:\Windows\System\UrkXeFk.exe
  C:\Windows\System\UrkXeFk.exe
  2⤵
  PID:9784
- C:\Windows\System\bOPxGyY.exe
  C:\Windows\System\bOPxGyY.exe
  2⤵
  PID:9804
- C:\Windows\System\pwMBOyY.exe
  C:\Windows\System\pwMBOyY.exe
  2⤵
  PID:9844
- C:\Windows\System\ZSCsteI.exe
  C:\Windows\System\ZSCsteI.exe
  2⤵
  PID:9880
- C:\Windows\System\BCGsISx.exe
  C:\Windows\System\BCGsISx.exe
  2⤵
  PID:9908
- C:\Windows\System\SLqMWmy.exe
  C:\Windows\System\SLqMWmy.exe
  2⤵
  PID:9952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AxkXpeo.exe

Filesize
2.2MB

MD5
9e7c1edb20ce15e860406d99f721225c

SHA1
88f9ecc45cf6039f5ed3690d4e20129cc35d7e9c

SHA256
62c22c51b7c6eb96d6319fa60641fbf6ca623c5fad09c1e57fd45b731900fe15

SHA512
46378cbf114a921ae78b436e719c2b844a81c052163bc48b4f0272b2b95699b757ced34d0b2c1348f27b2848ecabab5d6ea6a581978c49d24d5e04621ccd8954

Download Submit
C:\Windows\system\DelnRaL.exe

Filesize
2.2MB

MD5
7450a44095cf722e9604d7041daa2e4d

SHA1
5810fca300043afa3467737797f93b23ecb72b8b

SHA256
6035b02c7cf76346b91c294a05f6b5badc607aa5ec0207c48bfcd3efe2d67360

SHA512
65918d656072781570e6433932d8c3a579634a8e24b8d9464071bedfad15e99c458cd8eaaf22133a206563ddbe178112921319352c6c4c359d578c0265f58da3

Download Submit
C:\Windows\system\IBYvPIw.exe

Filesize
2.2MB

MD5
1b5746b1c8d8a85a523ebcdd48072841

SHA1
268697457e7a9e6f8d498803d26144461d80ec27

SHA256
4ba2d4cca9f82c9b98134fa64650016e0f0e967b8a69e81f422069b63ef1b0fb

SHA512
6240f477b004a5a80206b6d182b0772dedae3870b88573a56d158283f77faa5be7a24642ba218e727a6fd3f2cad7f2139fa9dbbe4f87a064455e7d0195a40f4d

Download Submit
C:\Windows\system\JzYmEiK.exe

Filesize
2.2MB

MD5
18d4942c09e3149eb1e52f9c0199f889

SHA1
1ca5d6cbf0b1726f7e900a2537f34992c5873f93

SHA256
fa4d3dee57ce5c4d6128a489fdc315ec42181845f6222c17168f5de4d3d08557

SHA512
0f5f0379adc4cf881a715dc8b49a3116d5e5a5e5a6a390536f5072d5fc386b17bd7dde25bbaca4817e84ab1cc40d97cd7ec2fdd313bba5ed23dc43a68067d086

Download Submit
C:\Windows\system\OnqIJDD.exe

Filesize
2.2MB

MD5
230d6c61324762cc7fd1e64d07d498c9

SHA1
22a8464e1593d02895d171a5b510260543f32868

SHA256
1155d554a8b196b2acc1efd9215b5fe5a9ade16d659bf6fa2b12c90c5df66e67

SHA512
b08fb8bdc927730499c75e8edd1e3003eac47de0bdbdb8a7705c7441b20fb7a4d7e4a1c85f4f361944243ff34b362188c3e0c8020c26b476b05c150a86428066

Download Submit
C:\Windows\system\TtoDjJw.exe

Filesize
2.2MB

MD5
b3a4704c2845429f3c95e1fd42d1c508

SHA1
b02a9e570e1477a29500a08dc2f6e5010f7b8c3e

SHA256
e8c60670a768dce9673ec68ff6c3375e9e11cd9711d13eceb403b14af36b5f47

SHA512
696791513a834a0e7e65a8a8bdc040c2f084da15711e742f755bfb674db6e8e314f6ba3180e11fd3248c7248d0b5dad43781cc5c3ae7f87feb0133e106c7fdaf

Download Submit
C:\Windows\system\UULpkuj.exe

Filesize
2.2MB

MD5
84976815b574a30d3e481b75c8a1dc49

SHA1
f438c44d2614be5f2c3f7690b92ce0f2871b9346

SHA256
2624e5ed3cbabd285876fa7180ce4409cb06bbf3c2807f99a4a839114a8da1bf

SHA512
3ab02c523f8b1700a0314b5f36c3d6f9d1cf6dc70c8ff5e8b8c36173c1e2fa15ae8fbe06bf41581552024a34a00593c0c950d575f01f43f2e2babb9076dbec37

Download Submit
C:\Windows\system\VmJpuRK.exe

Filesize
2.2MB

MD5
51b0db4d5f1982e763107f67c73610ae

SHA1
94182d68d7bbe6bdc78e764cb8825d3568ebfdbb

SHA256
4d27fabdc02dc84cc242b031e30cc75a71db3b9a958bea428cbfd492212f1c1b

SHA512
264cf02e3d7d123e446254e970957e4312f7894e21c039d3b2fe98031ac9ee3523c619a4a2f0ddefbb2cafd9a1bf22d24eabd4206c360f5a8748c26f72209f92

Download Submit
C:\Windows\system\XjBMjqq.exe

Filesize
2.2MB

MD5
97336a64cc47c3d20d5bf76269812b37

SHA1
c3f6fbdf0b95ac1cbbdde35887e0c2b1ee43059d

SHA256
293da04b584aa3a45c85a0f38a62b16d69862ce1ada013932f2c21a007d28678

SHA512
b98cc4576bd35779bf903d8bde99754bde20cffb4387a1038ddd006a0a2a11174e899566a8bec48475d95aad9dbb09306f7342a775576bdb459673c1166bcc9b

Download Submit
C:\Windows\system\XnbNEkg.exe

Filesize
2.2MB

MD5
67c47ccbc95a6761a6db29fda0e2ef81

SHA1
15701d10566b3b676b6d936c1e3ee29722c02446

SHA256
61166c5b82551caf7e7602efd1849eeba9bf1181b91d44bb2d9e20585fb846d5

SHA512
b29750741d1e48a83bcf08f71b02b6b3230146cda1373d71ebdaba935a846b16cc5d27ed9e4b0af3dcefcc533c297cad540d47d92104322efb6e3077f9329a3f

Download Submit
C:\Windows\system\YkucOao.exe

Filesize
2.2MB

MD5
9be9996104190c293d42986f73c65052

SHA1
731273fb1cd5bff9b7212b4eab8d412991668b22

SHA256
3ff9fbd809a50312c947eee589d08bf40be6c1625136795e1c634c77ec6a950f

SHA512
d3123183314925e1d14a95ed2624642f15f077b0e1fb43a1b97bca952a9be29b8657049eb906d190b1e4929d852e0ef455b02df9d93638ef8551771d8f6e38e7

Download Submit
C:\Windows\system\cJprKRv.exe

Filesize
2.2MB

MD5
666ac254a61e4cec36a7bacf8ef27cfc

SHA1
21e12ec8e6a971db9c1ac3e614031052e5b7a67a

SHA256
d57db2bf36dba9e143c4fce3ef374ea6e50256a46535b0e8d19620bd91cb27e8

SHA512
8eca884163b3a34deba0086c6e6a23959abdf8ecd7d105a1b2fe512726505c0827d52b1076424b9b527d23ec7f7f5a9793cbd47e60b3cb2ad337c6f8d3e8cbca

Download Submit
C:\Windows\system\cXBTusb.exe

Filesize
2.2MB

MD5
e1c73e6bee58f20b83af9ce051ccaedf

SHA1
19e8041e0f3d055755f799983f1bbbdaa21e2709

SHA256
98ce88e23235309ad0f899df41908e37857566b8d3dba4dbfad93f53564ddf7c

SHA512
954c8674838e6783afccd19802d3b9edd11b322833ced1f6b0ca0f1f18c306bdd8e544dcf35c38bf0d5abbc3f335b399d4599fd48d91dabfeb84123a6bea6204

Download Submit
C:\Windows\system\fNHSySO.exe

Filesize
2.2MB

MD5
16bacca6ff502da4837aa035bda788f1

SHA1
35ff5788ce71fd3adc48a5a66f6cf7a2e57f4b7e

SHA256
f18693d2beef15a6e6edb845fb1e1d5ad7b14452c054f16ef0722cbc44c990b5

SHA512
062527707ddf77675f34c5c4b0af6b8f026ff6dbd2514f2b56fc281527721471db98cf363bd2650cc976b7149d5d8052eb17c199a45a38ec6d1535dddccb1e9f

Download Submit
C:\Windows\system\gHqFrik.exe

Filesize
2.2MB

MD5
66b090a71ddbf43e360c96cc38cb6721

SHA1
a5e7fc89f310020a3a5ea6323aa05c59e8ed5f31

SHA256
9d037a438eff373b90f9c00c8cc2d1d814a0b9bc0605f0bbab14d17537893c16

SHA512
d9b809c8b64681d4dd656541f0b410ff3e8b8073f04b1fde7cacab1089bae4e639bad2906282cd7e5dd0b8f487c5d8114357ec51dcedf91e4d3e8678c2e4e991

Download Submit
C:\Windows\system\hiekbHO.exe

Filesize
2.2MB

MD5
1c0a204b0bb347c55a5e060fda1b9365

SHA1
d93c8514d68d4f8e2397e94bc3b3b735e127e491

SHA256
0c732ad33c4163e34ea4a163720c64a49c7031e723a4d591024bd9ff3747139d

SHA512
24ae5a0cb912d2cfc8da975e62e1c0e5c66d42048761cd4a9a7c491e20464e7f16dcc97aa52f55e433a78fdd787623dbc5860466fa7afe0650f89b69b379efaf

Download Submit
C:\Windows\system\iilLjAZ.exe

Filesize
2.2MB

MD5
1187a42b96278838691cfbc5ede86d0c

SHA1
ddde42501500f8c2c264d364e9d24fd4e7bdcb20

SHA256
5fe3e982c537227a7e1642b17ffd076e22fb2b6d4d8622d1a177a5443846c297

SHA512
876bb32d5452678b19d123c330b3afc33032b55ff90c71aa7d2a7fe2cf8fa23b291386c47c162eb12f52ec94c0db7078361d108106b879c7068208161308a86c

Download Submit
C:\Windows\system\ikMIqWn.exe

Filesize
2.2MB

MD5
270d26006cd129c148a6c66a069df4bb

SHA1
d0e4a2d857e95c05912afd1929debb4a16c61d3b

SHA256
c48a8dbf1caca013e405e41f71423c7919cdc54d91da11e0a884ed9cb3ee501a

SHA512
0f881b29d531d1eb247435a97679f5c83039578ebfc6503df382a4b971c3632e0af11009f26d48677326446c7ba656e3c4181f73bda0319016ecb29cb9dccd38

Download Submit
C:\Windows\system\jFqPvBN.exe

Filesize
2.2MB

MD5
8fe72932309354d77643c9c96f654f68

SHA1
f78a8888aad84f0c120eaed8a3db4cca992666e7

SHA256
54a4a5e006f187140d626936eb6895e174ab924eb8487c7c06fbc8e27c26f433

SHA512
83f46447a142d1c7cceffa09dc1c53bedb0e698973a8f6afa1a13430c8b9fa253481b73138462c2bf6196803d2f69d4751cf1f110b90c5091011da39a480ccd0

Download Submit
C:\Windows\system\jjkwIkY.exe

Filesize
2.2MB

MD5
d713471df22c7904ed8e66c09cf378b1

SHA1
7cb962e60089c9ca470bb0b67e63c55a7b8aa91c

SHA256
2e5ce72e8679bc84548903c4f9f93acefffb496c971c66d8c78704e73ecda34e

SHA512
9454f949b4a72e75eeac0d7f730c647f301a0915d15e3baaa470a9f0df3661168bb6b9494c9e8ec22a28cb9b542ef57cf703ccb19008ab664b74b3a54e8a1b37

Download Submit
C:\Windows\system\kHaoQPg.exe

Filesize
2.2MB

MD5
3753bb4852cd9bb50941731f4b0c06c2

SHA1
78b48b792265d62e379a6bf7659943aeb41f5857

SHA256
ad5ec54d052e241875c7775792e447f55ff94476eb262240f39cc11b679e2706

SHA512
e39a5b027544c2be151132bd0cb77d0df97cd68dd8f77b3bd3f1a1de12c7d81862e3e0f5fca91e7f23dd0e5061ffcefa54af37abc74d0240c300b725b710d4b8

Download Submit
C:\Windows\system\mHZDGMO.exe

Filesize
2.2MB

MD5
dd178c7e816857de29a8a6751055d7d4

SHA1
e0deba07e3aac5905596911703bc2b03c6f7bafe

SHA256
efa932174af6ec2caa1ef465d67c610932af6dba86e50d9cbe0ecefe9acae545

SHA512
1f8a2d0fce676e6951bc7a85a92c1313c64aa31087a1223c06ca9c8e89282ce12a26987802d92d0a826bd3d1b0ae032f1448995b13abc1a7935be1671cf00328

Download Submit
C:\Windows\system\paVFaCl.exe

Filesize
2.2MB

MD5
511931bed179b08b42068d309bdab1ae

SHA1
484929ac054fc9c5d1680c7d478a4d19ae9d8474

SHA256
2afec913ee7aacf44f032d97983735034eb3a843fe305eaca32e78a65a57103c

SHA512
9654c7f7c3579c5f03c2b106b9e9a79d51625f060d914d8f4db2d54840e94161d70a6eda8c175673c0fca92fa9932d25968f5322d5ace2281d1aee660805750f

Download Submit
C:\Windows\system\qTAPGDV.exe

Filesize
2.2MB

MD5
256ef4911fa8bb007294bbe046368e47

SHA1
04023abf9a0e91bcced22ec3b890c0ff2e735ea2

SHA256
81d4ad0a113c00d4d4860e74d85da7658562ffd8bb59ad0418262475fc04065c

SHA512
75a751d056813cc3accf67cb5614745ae80b4c2e96cd5b7c4775b41c1d5b4ec1d20de191f1f44e0848e06f3e6c9edd4f63e6c1ffe0d4700a110ac26566823c05

Download Submit
C:\Windows\system\rElLfXS.exe

Filesize
2.2MB

MD5
73712d6be4bd0245bb3b6ace7f1b9555

SHA1
92cf957f131c25e7e2a4ee55ba9d29c44e8fa173

SHA256
484c65dc0746145f69666d500a0d6e0113393b7012a33bfe170aa33cf5bd31ba

SHA512
b6cb06426249a798e5dc2c63913c0f8ac8dc1c799e83cb3756823725c9bbe0c967437a68f099769f813f1c57740967004bb8ca22ca6ac49d9ab1a1e33d82e7eb

Download Submit
C:\Windows\system\rYxzbtT.exe

Filesize
2.2MB

MD5
f417af350eda91b90f6ff52dbf71181f

SHA1
9a39c50fdfc6a309edc53d0642946ebe32038c39

SHA256
8b2a351f522b178e630014bd71c1d07c9d3571a568eb5b9ee57b2ad1d41f5666

SHA512
2459a63661da6313959d04d301a4c0bee75db97c8553f3337413c350b26b428f5b505275161664b6ba0f09861d0f641c127ab775930ef350b838e8b91a9f143f

Download Submit
C:\Windows\system\roeKRVE.exe

Filesize
2.2MB

MD5
e846179aa092e2e530d5225b56e31f71

SHA1
4153f8d2c9edc5b4fbef2e634e54f456ab7a9ca5

SHA256
cb289933a92e01b25d7513fa2681f0ad0a0777c89df2dce65413fb4c34f6ffca

SHA512
46ec13c74ed4ff704a2f58c7095dd9e57df759a7e5b8e86dc3944bf5197807909bf81864e1b4ef7f630006ed50d38744f968b217761fab613b503d95370cdede

Download Submit
C:\Windows\system\xMEKXoo.exe

Filesize
2.2MB

MD5
bf09d4b1a5c81ab15396ed9d8323cdb1

SHA1
1ddce76e53622285812ea5be09a43cfac99d56d0

SHA256
0e99b36ec4f8293e222af7c1573877c36501ad81eabeab6be32b4b7a626b61bd

SHA512
bf65d9ff4c52f6a4a98d65f263fc330d3d09b19c430fb758f8d476b020fc89407e6b5afd99fef1450338c944250948193f6fbec5a3d174c46b27eaa0c5dae881

Download Submit
C:\Windows\system\yIbIYXH.exe

Filesize
2.2MB

MD5
a8a16e08e433569c1dd82b006d7ec7f0

SHA1
7b01325e8a2b9456f20c16fbe7c9acbf754d1c1f

SHA256
62f5ced33bbac76a1f39aa2a5e6bac9d139f3627c8eb7729c6c002497e86cef8

SHA512
dcdbbb474d4ffef8b08d5449d88a5354e22db123e61b3e0d6cc571737ed2753ee9306b253b41b2e2eda16450a918c78dae53e0d82daf2d12101b47fbcceb2238

Download Submit
C:\Windows\system\yZKnGpY.exe

Filesize
2.2MB

MD5
e362bae173422d087bd38708bf18be0d

SHA1
c8ef816338bd0837b054f61588b6454a7b08a81c

SHA256
2dad57180d5c689c7822a3b6cdf0e1e598d268b544ff6411819dd1db1b86d4ca

SHA512
caa664355ef4faab6861c9c135fc439a666f86e916008e3c394bebcc464323f6ce8afd435c39305587dc1c5163f35df7d6f34ac19a77aff817382d30f0eeab7f

Download Submit
\Windows\system\UVuvIBe.exe

Filesize
2.2MB

MD5
b4afbdc6e3ce701dd841fa2268d4b3d7

SHA1
32acca380a946cf91106954c629da6a93f2d8893

SHA256
236c42834f1e3e16b48f404a83ce97422a4202f938a0f018fa801805f9acced1

SHA512
c14f072419b1233e1616a4776802834e1e97812527f5a0471168bc608663118ae09334375db653ed63c8b1841f862e1530115c8cb1500f843f6698884a15acc7

Download Submit
\Windows\system\eZdKPYa.exe

Filesize
2.2MB

MD5
c2cd720cc4f04792891cdd5a62a913cd

SHA1
9cdd97117bacd42599b1159575cce2997edbd781

SHA256
917b82ad124ed07640784ccd47f64f2269077482d2dcafea8fd762e4da116729

SHA512
561a0670c89dd2feeb05f919e3d8284fe68f74b6cfe1446c65865ab961cd84c10470fd2dfe386ad4bafbecda3521ae9b09b757c46f26a91592e58029eff9e8fc

Download Submit
memory/392-100-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/392-4042-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/1704-4033-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/1704-30-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/1704-90-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/1916-91-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/1916-3726-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1916-106-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-3279-0x0000000001E90000-0x00000000021E4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-3079-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/1916-99-0x0000000001E90000-0x00000000021E4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-2940-0x0000000001E90000-0x00000000021E4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-0-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/1916-2851-0x0000000001E90000-0x00000000021E4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-2775-0x0000000001E90000-0x00000000021E4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-14-0x0000000001E90000-0x00000000021E4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-28-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/1916-82-0x0000000001E90000-0x00000000021E4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-81-0x0000000001E90000-0x00000000021E4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-1185-0x0000000001E90000-0x00000000021E4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-31-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-74-0x0000000001E90000-0x00000000021E4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-51-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-80-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/1916-66-0x0000000001E90000-0x00000000021E4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-59-0x0000000001E90000-0x00000000021E4000-memory.dmp

Filesize
3.3MB

Download
memory/2184-4043-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2184-75-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2360-4037-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2360-33-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2360-105-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2520-2776-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2520-67-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2520-4041-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2548-4039-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-1188-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-60-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-25-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-89-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-4032-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-83-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2680-4040-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2680-2946-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2696-356-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-4036-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-36-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-104-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-4034-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-32-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-826-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-4035-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-52-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-92-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2840-3080-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2840-4044-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2868-27-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2868-4031-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2880-4038-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-524-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-44-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download