xmrig | 98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83

Analysis

max time kernel
95s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
05/07/2024, 00:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
Size

1.5MB
MD5

d8bb7b7179a0bc35e7d9772b4a49e44e
SHA1

16153d103102d35bee804ba251db95eb4be4ef75
SHA256

98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83
SHA512

adfaa73519058473054d86db5ceeeafe5b12c3ddf806ca535ffe5b55acf8e58dd6dd8d587fc22f625b872074f9ed4fd83463306e3558e9a9dab1df0b21f66d24
SSDEEP

24576:RVIl/WDGCi7/qkatXBF6727uROGdN1cASXv8Bl6rM1k4QMQbDA4irGtQWdDMyJ:ROdWCCi7/rahwNUMJH4KrwDXJ

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 56 IoCs

miner

resource	yara_rule
behavioral2/memory/3056-495-0x00007FF74B030000-0x00007FF74B381000-memory.dmp	xmrig
behavioral2/memory/60-498-0x00007FF70FA20000-0x00007FF70FD71000-memory.dmp	xmrig
behavioral2/memory/1732-503-0x00007FF6F1830000-0x00007FF6F1B81000-memory.dmp	xmrig
behavioral2/memory/3804-509-0x00007FF7EAAA0000-0x00007FF7EADF1000-memory.dmp	xmrig
behavioral2/memory/1080-508-0x00007FF625990000-0x00007FF625CE1000-memory.dmp	xmrig
behavioral2/memory/3380-514-0x00007FF6B48A0000-0x00007FF6B4BF1000-memory.dmp	xmrig
behavioral2/memory/4728-516-0x00007FF743990000-0x00007FF743CE1000-memory.dmp	xmrig
behavioral2/memory/444-520-0x00007FF761400000-0x00007FF761751000-memory.dmp	xmrig
behavioral2/memory/2296-522-0x00007FF63F6D0000-0x00007FF63FA21000-memory.dmp	xmrig
behavioral2/memory/2592-526-0x00007FF6A5A50000-0x00007FF6A5DA1000-memory.dmp	xmrig
behavioral2/memory/2312-531-0x00007FF672CE0000-0x00007FF673031000-memory.dmp	xmrig
behavioral2/memory/4700-532-0x00007FF623120000-0x00007FF623471000-memory.dmp	xmrig
behavioral2/memory/4564-536-0x00007FF645F90000-0x00007FF6462E1000-memory.dmp	xmrig
behavioral2/memory/2516-539-0x00007FF7D60F0000-0x00007FF7D6441000-memory.dmp	xmrig
behavioral2/memory/4696-545-0x00007FF711070000-0x00007FF7113C1000-memory.dmp	xmrig
behavioral2/memory/4000-533-0x00007FF6AF160000-0x00007FF6AF4B1000-memory.dmp	xmrig
behavioral2/memory/3600-527-0x00007FF6683A0000-0x00007FF6686F1000-memory.dmp	xmrig
behavioral2/memory/2988-521-0x00007FF7B8D40000-0x00007FF7B9091000-memory.dmp	xmrig
behavioral2/memory/4376-519-0x00007FF7CE270000-0x00007FF7CE5C1000-memory.dmp	xmrig
behavioral2/memory/5064-515-0x00007FF69A840000-0x00007FF69AB91000-memory.dmp	xmrig
behavioral2/memory/4032-512-0x00007FF70DB70000-0x00007FF70DEC1000-memory.dmp	xmrig
behavioral2/memory/2492-510-0x00007FF6C53C0000-0x00007FF6C5711000-memory.dmp	xmrig
behavioral2/memory/3480-507-0x00007FF689FA0000-0x00007FF68A2F1000-memory.dmp	xmrig
behavioral2/memory/4536-502-0x00007FF65E290000-0x00007FF65E5E1000-memory.dmp	xmrig
behavioral2/memory/4660-2417-0x00007FF763A60000-0x00007FF763DB1000-memory.dmp	xmrig
behavioral2/memory/2856-2452-0x00007FF650910000-0x00007FF650C61000-memory.dmp	xmrig
behavioral2/memory/2892-2454-0x00007FF6B1D00000-0x00007FF6B2051000-memory.dmp	xmrig
behavioral2/memory/2892-2476-0x00007FF6B1D00000-0x00007FF6B2051000-memory.dmp	xmrig
behavioral2/memory/2856-2478-0x00007FF650910000-0x00007FF650C61000-memory.dmp	xmrig
behavioral2/memory/3548-2480-0x00007FF7AA030000-0x00007FF7AA381000-memory.dmp	xmrig
behavioral2/memory/2840-2486-0x00007FF662040000-0x00007FF662391000-memory.dmp	xmrig
behavioral2/memory/60-2488-0x00007FF70FA20000-0x00007FF70FD71000-memory.dmp	xmrig
behavioral2/memory/1732-2491-0x00007FF6F1830000-0x00007FF6F1B81000-memory.dmp	xmrig
behavioral2/memory/4536-2492-0x00007FF65E290000-0x00007FF65E5E1000-memory.dmp	xmrig
behavioral2/memory/3480-2496-0x00007FF689FA0000-0x00007FF68A2F1000-memory.dmp	xmrig
behavioral2/memory/1080-2494-0x00007FF625990000-0x00007FF625CE1000-memory.dmp	xmrig
behavioral2/memory/4648-2485-0x00007FF616F70000-0x00007FF6172C1000-memory.dmp	xmrig
behavioral2/memory/3056-2482-0x00007FF74B030000-0x00007FF74B381000-memory.dmp	xmrig
behavioral2/memory/3380-2511-0x00007FF6B48A0000-0x00007FF6B4BF1000-memory.dmp	xmrig
behavioral2/memory/2312-2512-0x00007FF672CE0000-0x00007FF673031000-memory.dmp	xmrig
behavioral2/memory/4700-2524-0x00007FF623120000-0x00007FF623471000-memory.dmp	xmrig
behavioral2/memory/2516-2530-0x00007FF7D60F0000-0x00007FF7D6441000-memory.dmp	xmrig
behavioral2/memory/4696-2533-0x00007FF711070000-0x00007FF7113C1000-memory.dmp	xmrig
behavioral2/memory/4564-2528-0x00007FF645F90000-0x00007FF6462E1000-memory.dmp	xmrig
behavioral2/memory/4000-2526-0x00007FF6AF160000-0x00007FF6AF4B1000-memory.dmp	xmrig
behavioral2/memory/4032-2520-0x00007FF70DB70000-0x00007FF70DEC1000-memory.dmp	xmrig
behavioral2/memory/444-2518-0x00007FF761400000-0x00007FF761751000-memory.dmp	xmrig
behavioral2/memory/2988-2517-0x00007FF7B8D40000-0x00007FF7B9091000-memory.dmp	xmrig
behavioral2/memory/2296-2515-0x00007FF63F6D0000-0x00007FF63FA21000-memory.dmp	xmrig
behavioral2/memory/2492-2522-0x00007FF6C53C0000-0x00007FF6C5711000-memory.dmp	xmrig
behavioral2/memory/2592-2504-0x00007FF6A5A50000-0x00007FF6A5DA1000-memory.dmp	xmrig
behavioral2/memory/4376-2503-0x00007FF7CE270000-0x00007FF7CE5C1000-memory.dmp	xmrig
behavioral2/memory/3804-2500-0x00007FF7EAAA0000-0x00007FF7EADF1000-memory.dmp	xmrig
behavioral2/memory/3600-2499-0x00007FF6683A0000-0x00007FF6686F1000-memory.dmp	xmrig
behavioral2/memory/5064-2509-0x00007FF69A840000-0x00007FF69AB91000-memory.dmp	xmrig
behavioral2/memory/4728-2507-0x00007FF743990000-0x00007FF743CE1000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2892	SDnVYEU.exe
2856	xLUKXcE.exe
3548	pjaeJoP.exe
4648	NHrmugf.exe
2840	hHeJDWu.exe
3056	jKwvvAn.exe
60	fYnTZwy.exe
4536	MRsdniA.exe
1732	GQfboVj.exe
3480	YKSKCew.exe
1080	JWaMGmk.exe
3804	BoMmufv.exe
2492	BPHLMvY.exe
4032	vivBTIU.exe
3380	YkMpnEo.exe
5064	dWrtIMA.exe
4728	YbYmSUd.exe
4376	TZzzjIa.exe
444	FKjWhaZ.exe
2988	jSAoRku.exe
2296	uuFNcrB.exe
2592	GKERBKh.exe
3600	WmHHoXP.exe
2312	FRQOGHP.exe
4700	BycwdUa.exe
4000	BZaoYFQ.exe
4564	gXGXDEa.exe
2516	QkFzlgd.exe
4696	jYIGbEm.exe
2064	ggxVZHK.exe
1888	zkcHkEf.exe
3348	WUewPdT.exe
4612	zwrlfbg.exe
4988	QwvylCe.exe
836	fykpnkH.exe
2640	TSkPzIZ.exe
4328	PaZlELS.exe
3516	OeudGYL.exe
2148	IIJVAiU.exe
1060	ZFxXfrX.exe
4972	pYguFCH.exe
3996	YIxxGyl.exe
3032	dpEcxWK.exe
3368	nFxXJTZ.exe
1628	uUbJFfe.exe
5024	RNbKhpm.exe
3336	JdFNaOQ.exe
4784	SUNwJzC.exe
2712	sIxSzkC.exe
2124	GOgiwcq.exe
220	BvQugZT.exe
1692	lqDmgVn.exe
4384	ScXDNBI.exe
3432	fOETOjr.exe
1264	lySBPyo.exe
4932	QjueGPQ.exe
4576	khqqMQk.exe
3340	qOQRsRf.exe
228	CVSQppm.exe
640	VHvrCgd.exe
2436	ZhxDfqC.exe
376	TLRLXdh.exe
3104	Dormfao.exe
2776	ymbdhqt.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4660-0-0x00007FF763A60000-0x00007FF763DB1000-memory.dmp	upx
behavioral2/files/0x0005000000022f01-5.dat	upx
behavioral2/files/0x0008000000023462-8.dat	upx
behavioral2/files/0x000900000002345c-10.dat	upx
behavioral2/memory/2892-9-0x00007FF6B1D00000-0x00007FF6B2051000-memory.dmp	upx
behavioral2/memory/2856-16-0x00007FF650910000-0x00007FF650C61000-memory.dmp	upx
behavioral2/files/0x0007000000023463-23.dat	upx
behavioral2/files/0x0007000000023464-26.dat	upx
behavioral2/files/0x0007000000023465-35.dat	upx
behavioral2/files/0x0007000000023466-44.dat	upx
behavioral2/files/0x000700000002346b-69.dat	upx
behavioral2/files/0x000700000002346d-81.dat	upx
behavioral2/files/0x0007000000023473-111.dat	upx
behavioral2/files/0x0007000000023477-123.dat	upx
behavioral2/files/0x000700000002347e-158.dat	upx
behavioral2/memory/3056-495-0x00007FF74B030000-0x00007FF74B381000-memory.dmp	upx
behavioral2/memory/60-498-0x00007FF70FA20000-0x00007FF70FD71000-memory.dmp	upx
behavioral2/memory/1732-503-0x00007FF6F1830000-0x00007FF6F1B81000-memory.dmp	upx
behavioral2/memory/3804-509-0x00007FF7EAAA0000-0x00007FF7EADF1000-memory.dmp	upx
behavioral2/memory/1080-508-0x00007FF625990000-0x00007FF625CE1000-memory.dmp	upx
behavioral2/memory/3380-514-0x00007FF6B48A0000-0x00007FF6B4BF1000-memory.dmp	upx
behavioral2/memory/4728-516-0x00007FF743990000-0x00007FF743CE1000-memory.dmp	upx
behavioral2/memory/444-520-0x00007FF761400000-0x00007FF761751000-memory.dmp	upx
behavioral2/memory/2296-522-0x00007FF63F6D0000-0x00007FF63FA21000-memory.dmp	upx
behavioral2/memory/2592-526-0x00007FF6A5A50000-0x00007FF6A5DA1000-memory.dmp	upx
behavioral2/memory/2312-531-0x00007FF672CE0000-0x00007FF673031000-memory.dmp	upx
behavioral2/memory/4700-532-0x00007FF623120000-0x00007FF623471000-memory.dmp	upx
behavioral2/memory/4564-536-0x00007FF645F90000-0x00007FF6462E1000-memory.dmp	upx
behavioral2/memory/2516-539-0x00007FF7D60F0000-0x00007FF7D6441000-memory.dmp	upx
behavioral2/memory/4696-545-0x00007FF711070000-0x00007FF7113C1000-memory.dmp	upx
behavioral2/memory/4000-533-0x00007FF6AF160000-0x00007FF6AF4B1000-memory.dmp	upx
behavioral2/memory/3600-527-0x00007FF6683A0000-0x00007FF6686F1000-memory.dmp	upx
behavioral2/memory/2988-521-0x00007FF7B8D40000-0x00007FF7B9091000-memory.dmp	upx
behavioral2/memory/4376-519-0x00007FF7CE270000-0x00007FF7CE5C1000-memory.dmp	upx
behavioral2/memory/5064-515-0x00007FF69A840000-0x00007FF69AB91000-memory.dmp	upx
behavioral2/memory/4032-512-0x00007FF70DB70000-0x00007FF70DEC1000-memory.dmp	upx
behavioral2/memory/2492-510-0x00007FF6C53C0000-0x00007FF6C5711000-memory.dmp	upx
behavioral2/memory/3480-507-0x00007FF689FA0000-0x00007FF68A2F1000-memory.dmp	upx
behavioral2/memory/4536-502-0x00007FF65E290000-0x00007FF65E5E1000-memory.dmp	upx
behavioral2/files/0x0007000000023480-168.dat	upx
behavioral2/files/0x000700000002347f-163.dat	upx
behavioral2/files/0x000700000002347d-161.dat	upx
behavioral2/files/0x000700000002347c-156.dat	upx
behavioral2/files/0x000700000002347b-151.dat	upx
behavioral2/files/0x000700000002347a-146.dat	upx
behavioral2/files/0x0007000000023479-141.dat	upx
behavioral2/files/0x0007000000023478-136.dat	upx
behavioral2/files/0x0007000000023476-126.dat	upx
behavioral2/files/0x0007000000023475-121.dat	upx
behavioral2/files/0x0007000000023474-116.dat	upx
behavioral2/files/0x0007000000023472-106.dat	upx
behavioral2/files/0x0007000000023471-101.dat	upx
behavioral2/files/0x0007000000023470-96.dat	upx
behavioral2/files/0x000700000002346f-91.dat	upx
behavioral2/files/0x000700000002346e-86.dat	upx
behavioral2/files/0x000700000002346c-76.dat	upx
behavioral2/files/0x000700000002346a-63.dat	upx
behavioral2/files/0x0007000000023469-59.dat	upx
behavioral2/files/0x0007000000023468-54.dat	upx
behavioral2/files/0x0007000000023467-49.dat	upx
behavioral2/memory/2840-32-0x00007FF662040000-0x00007FF662391000-memory.dmp	upx
behavioral2/memory/4648-27-0x00007FF616F70000-0x00007FF6172C1000-memory.dmp	upx
behavioral2/memory/3548-20-0x00007FF7AA030000-0x00007FF7AA381000-memory.dmp	upx
behavioral2/memory/4660-2417-0x00007FF763A60000-0x00007FF763DB1000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\iOatnRF.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\YMGJArE.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\wPbLkSL.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\nlEFTOm.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\xlrowNR.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\FgZjAmz.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\ZorbFIK.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\GKERBKh.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\QqPdOpr.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\KUDPljk.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\lxTixHS.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\MQAupss.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\qvpzJvJ.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\TQOqgwS.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\uuyLXAo.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\DpiXhHn.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\lJHkSVT.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\LqRziOb.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\MgnaypQ.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\oEZMloQ.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\rnpqeJL.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\uSwQkzN.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\IWchwNu.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\cCMOsHL.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\MUhDOeL.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\TZwzzbK.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\SAlxvVB.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\RaIlVrY.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\NKlTzYL.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\gHJfJFd.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\SUNwJzC.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\AYuynEY.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\BjhPRoC.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\oavBjwd.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\EGoRJWU.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\xpJSNVU.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\PIwozgH.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\jHlRvZX.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\RxBZtsv.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\TgPmcsb.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\XEDFOIU.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\FUynOgA.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\xzuxrIe.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\kSXYCuO.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\kbOYCWw.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\avtWfez.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\HLjiHBa.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\nTznRde.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\cyVcLky.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\ZibTChA.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\rnRLyCr.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\BjhudBJ.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\UpiZBJW.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\XJfpiBo.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\PIFyuZB.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\iEQgNVK.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\UsJEauw.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\SLhSzdE.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\DuwVjZf.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\AomYFpb.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\PjLhUSk.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\cPsCbzi.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\QtKCIdq.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
File created	C:\Windows\System\TCrwuRL.exe	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4660 wrote to memory of 2892	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	82
PID 4660 wrote to memory of 2892	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	82
PID 4660 wrote to memory of 2856	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	83
PID 4660 wrote to memory of 2856	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	83
PID 4660 wrote to memory of 3548	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	84
PID 4660 wrote to memory of 3548	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	84
PID 4660 wrote to memory of 4648	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	85
PID 4660 wrote to memory of 4648	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	85
PID 4660 wrote to memory of 2840	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	86
PID 4660 wrote to memory of 2840	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	86
PID 4660 wrote to memory of 3056	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	87
PID 4660 wrote to memory of 3056	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	87
PID 4660 wrote to memory of 60	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	88
PID 4660 wrote to memory of 60	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	88
PID 4660 wrote to memory of 4536	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	89
PID 4660 wrote to memory of 4536	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	89
PID 4660 wrote to memory of 1732	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	90
PID 4660 wrote to memory of 1732	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	90
PID 4660 wrote to memory of 3480	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	91
PID 4660 wrote to memory of 3480	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	91
PID 4660 wrote to memory of 1080	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	92
PID 4660 wrote to memory of 1080	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	92
PID 4660 wrote to memory of 3804	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	93
PID 4660 wrote to memory of 3804	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	93
PID 4660 wrote to memory of 2492	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	94
PID 4660 wrote to memory of 2492	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	94
PID 4660 wrote to memory of 4032	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	95
PID 4660 wrote to memory of 4032	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	95
PID 4660 wrote to memory of 3380	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	96
PID 4660 wrote to memory of 3380	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	96
PID 4660 wrote to memory of 5064	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	97
PID 4660 wrote to memory of 5064	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	97
PID 4660 wrote to memory of 4728	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	98
PID 4660 wrote to memory of 4728	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	98
PID 4660 wrote to memory of 4376	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	99
PID 4660 wrote to memory of 4376	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	99
PID 4660 wrote to memory of 444	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	100
PID 4660 wrote to memory of 444	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	100
PID 4660 wrote to memory of 2988	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	101
PID 4660 wrote to memory of 2988	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	101
PID 4660 wrote to memory of 2296	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	102
PID 4660 wrote to memory of 2296	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	102
PID 4660 wrote to memory of 2592	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	103
PID 4660 wrote to memory of 2592	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	103
PID 4660 wrote to memory of 3600	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	104
PID 4660 wrote to memory of 3600	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	104
PID 4660 wrote to memory of 2312	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	105
PID 4660 wrote to memory of 2312	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	105
PID 4660 wrote to memory of 4700	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	106
PID 4660 wrote to memory of 4700	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	106
PID 4660 wrote to memory of 4000	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	107
PID 4660 wrote to memory of 4000	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	107
PID 4660 wrote to memory of 4564	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	108
PID 4660 wrote to memory of 4564	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	108
PID 4660 wrote to memory of 2516	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	109
PID 4660 wrote to memory of 2516	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	109
PID 4660 wrote to memory of 4696	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	110
PID 4660 wrote to memory of 4696	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	110
PID 4660 wrote to memory of 2064	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	111
PID 4660 wrote to memory of 2064	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	111
PID 4660 wrote to memory of 1888	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	112
PID 4660 wrote to memory of 1888	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	112
PID 4660 wrote to memory of 3348	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	113
PID 4660 wrote to memory of 3348	4660	98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe	113

C:\Users\Admin\AppData\Local\Temp\98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe
"C:\Users\Admin\AppData\Local\Temp\98adf47b1b369b37cc0cf10b90ee878d460b75fc7ee75e72516353d5a919af83.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4660
- C:\Windows\System\SDnVYEU.exe
  C:\Windows\System\SDnVYEU.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\xLUKXcE.exe
  C:\Windows\System\xLUKXcE.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\pjaeJoP.exe
  C:\Windows\System\pjaeJoP.exe
  2⤵
  - Executes dropped EXE
  PID:3548
- C:\Windows\System\NHrmugf.exe
  C:\Windows\System\NHrmugf.exe
  2⤵
  - Executes dropped EXE
  PID:4648
- C:\Windows\System\hHeJDWu.exe
  C:\Windows\System\hHeJDWu.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\jKwvvAn.exe
  C:\Windows\System\jKwvvAn.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\fYnTZwy.exe
  C:\Windows\System\fYnTZwy.exe
  2⤵
  - Executes dropped EXE
  PID:60
- C:\Windows\System\MRsdniA.exe
  C:\Windows\System\MRsdniA.exe
  2⤵
  - Executes dropped EXE
  PID:4536
- C:\Windows\System\GQfboVj.exe
  C:\Windows\System\GQfboVj.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\YKSKCew.exe
  C:\Windows\System\YKSKCew.exe
  2⤵
  - Executes dropped EXE
  PID:3480
- C:\Windows\System\JWaMGmk.exe
  C:\Windows\System\JWaMGmk.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\BoMmufv.exe
  C:\Windows\System\BoMmufv.exe
  2⤵
  - Executes dropped EXE
  PID:3804
- C:\Windows\System\BPHLMvY.exe
  C:\Windows\System\BPHLMvY.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\vivBTIU.exe
  C:\Windows\System\vivBTIU.exe
  2⤵
  - Executes dropped EXE
  PID:4032
- C:\Windows\System\YkMpnEo.exe
  C:\Windows\System\YkMpnEo.exe
  2⤵
  - Executes dropped EXE
  PID:3380
- C:\Windows\System\dWrtIMA.exe
  C:\Windows\System\dWrtIMA.exe
  2⤵
  - Executes dropped EXE
  PID:5064
- C:\Windows\System\YbYmSUd.exe
  C:\Windows\System\YbYmSUd.exe
  2⤵
  - Executes dropped EXE
  PID:4728
- C:\Windows\System\TZzzjIa.exe
  C:\Windows\System\TZzzjIa.exe
  2⤵
  - Executes dropped EXE
  PID:4376
- C:\Windows\System\FKjWhaZ.exe
  C:\Windows\System\FKjWhaZ.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\jSAoRku.exe
  C:\Windows\System\jSAoRku.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\uuFNcrB.exe
  C:\Windows\System\uuFNcrB.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\GKERBKh.exe
  C:\Windows\System\GKERBKh.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\WmHHoXP.exe
  C:\Windows\System\WmHHoXP.exe
  2⤵
  - Executes dropped EXE
  PID:3600
- C:\Windows\System\FRQOGHP.exe
  C:\Windows\System\FRQOGHP.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\BycwdUa.exe
  C:\Windows\System\BycwdUa.exe
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Windows\System\BZaoYFQ.exe
  C:\Windows\System\BZaoYFQ.exe
  2⤵
  - Executes dropped EXE
  PID:4000
- C:\Windows\System\gXGXDEa.exe
  C:\Windows\System\gXGXDEa.exe
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Windows\System\QkFzlgd.exe
  C:\Windows\System\QkFzlgd.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\jYIGbEm.exe
  C:\Windows\System\jYIGbEm.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\ggxVZHK.exe
  C:\Windows\System\ggxVZHK.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\zkcHkEf.exe
  C:\Windows\System\zkcHkEf.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\WUewPdT.exe
  C:\Windows\System\WUewPdT.exe
  2⤵
  - Executes dropped EXE
  PID:3348
- C:\Windows\System\zwrlfbg.exe
  C:\Windows\System\zwrlfbg.exe
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Windows\System\QwvylCe.exe
  C:\Windows\System\QwvylCe.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\fykpnkH.exe
  C:\Windows\System\fykpnkH.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\TSkPzIZ.exe
  C:\Windows\System\TSkPzIZ.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\PaZlELS.exe
  C:\Windows\System\PaZlELS.exe
  2⤵
  - Executes dropped EXE
  PID:4328
- C:\Windows\System\OeudGYL.exe
  C:\Windows\System\OeudGYL.exe
  2⤵
  - Executes dropped EXE
  PID:3516
- C:\Windows\System\IIJVAiU.exe
  C:\Windows\System\IIJVAiU.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\ZFxXfrX.exe
  C:\Windows\System\ZFxXfrX.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\pYguFCH.exe
  C:\Windows\System\pYguFCH.exe
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Windows\System\YIxxGyl.exe
  C:\Windows\System\YIxxGyl.exe
  2⤵
  - Executes dropped EXE
  PID:3996
- C:\Windows\System\dpEcxWK.exe
  C:\Windows\System\dpEcxWK.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\nFxXJTZ.exe
  C:\Windows\System\nFxXJTZ.exe
  2⤵
  - Executes dropped EXE
  PID:3368
- C:\Windows\System\uUbJFfe.exe
  C:\Windows\System\uUbJFfe.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\RNbKhpm.exe
  C:\Windows\System\RNbKhpm.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\JdFNaOQ.exe
  C:\Windows\System\JdFNaOQ.exe
  2⤵
  - Executes dropped EXE
  PID:3336
- C:\Windows\System\SUNwJzC.exe
  C:\Windows\System\SUNwJzC.exe
  2⤵
  - Executes dropped EXE
  PID:4784
- C:\Windows\System\sIxSzkC.exe
  C:\Windows\System\sIxSzkC.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\GOgiwcq.exe
  C:\Windows\System\GOgiwcq.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\BvQugZT.exe
  C:\Windows\System\BvQugZT.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\lqDmgVn.exe
  C:\Windows\System\lqDmgVn.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\ScXDNBI.exe
  C:\Windows\System\ScXDNBI.exe
  2⤵
  - Executes dropped EXE
  PID:4384
- C:\Windows\System\fOETOjr.exe
  C:\Windows\System\fOETOjr.exe
  2⤵
  - Executes dropped EXE
  PID:3432
- C:\Windows\System\lySBPyo.exe
  C:\Windows\System\lySBPyo.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\QjueGPQ.exe
  C:\Windows\System\QjueGPQ.exe
  2⤵
  - Executes dropped EXE
  PID:4932
- C:\Windows\System\khqqMQk.exe
  C:\Windows\System\khqqMQk.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\qOQRsRf.exe
  C:\Windows\System\qOQRsRf.exe
  2⤵
  - Executes dropped EXE
  PID:3340
- C:\Windows\System\CVSQppm.exe
  C:\Windows\System\CVSQppm.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System\VHvrCgd.exe
  C:\Windows\System\VHvrCgd.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\ZhxDfqC.exe
  C:\Windows\System\ZhxDfqC.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\TLRLXdh.exe
  C:\Windows\System\TLRLXdh.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\Dormfao.exe
  C:\Windows\System\Dormfao.exe
  2⤵
  - Executes dropped EXE
  PID:3104
- C:\Windows\System\ymbdhqt.exe
  C:\Windows\System\ymbdhqt.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\QqPdOpr.exe
  C:\Windows\System\QqPdOpr.exe
  2⤵
  PID:4448
- C:\Windows\System\hHPCzZO.exe
  C:\Windows\System\hHPCzZO.exe
  2⤵
  PID:1000
- C:\Windows\System\AMzUmtr.exe
  C:\Windows\System\AMzUmtr.exe
  2⤵
  PID:512
- C:\Windows\System\fNpRGvU.exe
  C:\Windows\System\fNpRGvU.exe
  2⤵
  PID:4404
- C:\Windows\System\WVfOvXB.exe
  C:\Windows\System\WVfOvXB.exe
  2⤵
  PID:3472
- C:\Windows\System\znZDdnI.exe
  C:\Windows\System\znZDdnI.exe
  2⤵
  PID:668
- C:\Windows\System\PDTaadQ.exe
  C:\Windows\System\PDTaadQ.exe
  2⤵
  PID:3312
- C:\Windows\System\AakFlTt.exe
  C:\Windows\System\AakFlTt.exe
  2⤵
  PID:2564
- C:\Windows\System\khhrheg.exe
  C:\Windows\System\khhrheg.exe
  2⤵
  PID:1212
- C:\Windows\System\ThCNjEk.exe
  C:\Windows\System\ThCNjEk.exe
  2⤵
  PID:4148
- C:\Windows\System\oWmxKrr.exe
  C:\Windows\System\oWmxKrr.exe
  2⤵
  PID:3164
- C:\Windows\System\ihRdnZX.exe
  C:\Windows\System\ihRdnZX.exe
  2⤵
  PID:628
- C:\Windows\System\NvfGeIh.exe
  C:\Windows\System\NvfGeIh.exe
  2⤵
  PID:4016
- C:\Windows\System\ilURDlm.exe
  C:\Windows\System\ilURDlm.exe
  2⤵
  PID:3932
- C:\Windows\System\fMQDZry.exe
  C:\Windows\System\fMQDZry.exe
  2⤵
  PID:5092
- C:\Windows\System\MJIKuoa.exe
  C:\Windows\System\MJIKuoa.exe
  2⤵
  PID:4152
- C:\Windows\System\hvVMYxx.exe
  C:\Windows\System\hvVMYxx.exe
  2⤵
  PID:2496
- C:\Windows\System\vAzeTPm.exe
  C:\Windows\System\vAzeTPm.exe
  2⤵
  PID:2276
- C:\Windows\System\eYfmZjA.exe
  C:\Windows\System\eYfmZjA.exe
  2⤵
  PID:3512
- C:\Windows\System\IQdGgIu.exe
  C:\Windows\System\IQdGgIu.exe
  2⤵
  PID:1128
- C:\Windows\System\iOatnRF.exe
  C:\Windows\System\iOatnRF.exe
  2⤵
  PID:4296
- C:\Windows\System\FANUgID.exe
  C:\Windows\System\FANUgID.exe
  2⤵
  PID:2956
- C:\Windows\System\jHlRvZX.exe
  C:\Windows\System\jHlRvZX.exe
  2⤵
  PID:1548
- C:\Windows\System\SnNhxfu.exe
  C:\Windows\System\SnNhxfu.exe
  2⤵
  PID:1676
- C:\Windows\System\IyjLQZx.exe
  C:\Windows\System\IyjLQZx.exe
  2⤵
  PID:1380
- C:\Windows\System\tZVUGye.exe
  C:\Windows\System\tZVUGye.exe
  2⤵
  PID:4836
- C:\Windows\System\oLMVIcs.exe
  C:\Windows\System\oLMVIcs.exe
  2⤵
  PID:3140
- C:\Windows\System\dnrYnzL.exe
  C:\Windows\System\dnrYnzL.exe
  2⤵
  PID:4580
- C:\Windows\System\YroFdzp.exe
  C:\Windows\System\YroFdzp.exe
  2⤵
  PID:2248
- C:\Windows\System\YBkknsG.exe
  C:\Windows\System\YBkknsG.exe
  2⤵
  PID:2936
- C:\Windows\System\ZYJByDO.exe
  C:\Windows\System\ZYJByDO.exe
  2⤵
  PID:3008
- C:\Windows\System\QSHURKW.exe
  C:\Windows\System\QSHURKW.exe
  2⤵
  PID:4632
- C:\Windows\System\WwjmwJv.exe
  C:\Windows\System\WwjmwJv.exe
  2⤵
  PID:4996
- C:\Windows\System\uZPLINO.exe
  C:\Windows\System\uZPLINO.exe
  2⤵
  PID:812
- C:\Windows\System\YMGJArE.exe
  C:\Windows\System\YMGJArE.exe
  2⤵
  PID:5144
- C:\Windows\System\XtlbhkP.exe
  C:\Windows\System\XtlbhkP.exe
  2⤵
  PID:5172
- C:\Windows\System\kWxxFwo.exe
  C:\Windows\System\kWxxFwo.exe
  2⤵
  PID:5204
- C:\Windows\System\OoveEQR.exe
  C:\Windows\System\OoveEQR.exe
  2⤵
  PID:5228
- C:\Windows\System\AVgfyuF.exe
  C:\Windows\System\AVgfyuF.exe
  2⤵
  PID:5256
- C:\Windows\System\QQaINLW.exe
  C:\Windows\System\QQaINLW.exe
  2⤵
  PID:5280
- C:\Windows\System\LYXZKGy.exe
  C:\Windows\System\LYXZKGy.exe
  2⤵
  PID:5308
- C:\Windows\System\HCwUMII.exe
  C:\Windows\System\HCwUMII.exe
  2⤵
  PID:5336
- C:\Windows\System\tAXwWrw.exe
  C:\Windows\System\tAXwWrw.exe
  2⤵
  PID:5364
- C:\Windows\System\XEDFOIU.exe
  C:\Windows\System\XEDFOIU.exe
  2⤵
  PID:5396
- C:\Windows\System\UtPieCV.exe
  C:\Windows\System\UtPieCV.exe
  2⤵
  PID:5424
- C:\Windows\System\nmSJmpL.exe
  C:\Windows\System\nmSJmpL.exe
  2⤵
  PID:5448
- C:\Windows\System\RERnmlD.exe
  C:\Windows\System\RERnmlD.exe
  2⤵
  PID:5476
- C:\Windows\System\RykNxzo.exe
  C:\Windows\System\RykNxzo.exe
  2⤵
  PID:5504
- C:\Windows\System\TsmAXaT.exe
  C:\Windows\System\TsmAXaT.exe
  2⤵
  PID:5532
- C:\Windows\System\JitvwKk.exe
  C:\Windows\System\JitvwKk.exe
  2⤵
  PID:5560
- C:\Windows\System\sihjEwc.exe
  C:\Windows\System\sihjEwc.exe
  2⤵
  PID:5588
- C:\Windows\System\boMlRfw.exe
  C:\Windows\System\boMlRfw.exe
  2⤵
  PID:5616
- C:\Windows\System\mAzKCjc.exe
  C:\Windows\System\mAzKCjc.exe
  2⤵
  PID:5648
- C:\Windows\System\bRlmgyy.exe
  C:\Windows\System\bRlmgyy.exe
  2⤵
  PID:5676
- C:\Windows\System\ZGadODM.exe
  C:\Windows\System\ZGadODM.exe
  2⤵
  PID:5700
- C:\Windows\System\ThEnEEE.exe
  C:\Windows\System\ThEnEEE.exe
  2⤵
  PID:5732
- C:\Windows\System\KTXzGEB.exe
  C:\Windows\System\KTXzGEB.exe
  2⤵
  PID:5760
- C:\Windows\System\WxFRHit.exe
  C:\Windows\System\WxFRHit.exe
  2⤵
  PID:5784
- C:\Windows\System\XwTZUFz.exe
  C:\Windows\System\XwTZUFz.exe
  2⤵
  PID:5812
- C:\Windows\System\eDHTAhq.exe
  C:\Windows\System\eDHTAhq.exe
  2⤵
  PID:5840
- C:\Windows\System\AyKYwbv.exe
  C:\Windows\System\AyKYwbv.exe
  2⤵
  PID:5872
- C:\Windows\System\aGKQdyr.exe
  C:\Windows\System\aGKQdyr.exe
  2⤵
  PID:5896
- C:\Windows\System\nhbtsCg.exe
  C:\Windows\System\nhbtsCg.exe
  2⤵
  PID:5924
- C:\Windows\System\sTblcDr.exe
  C:\Windows\System\sTblcDr.exe
  2⤵
  PID:5952
- C:\Windows\System\MCzOFQP.exe
  C:\Windows\System\MCzOFQP.exe
  2⤵
  PID:5980
- C:\Windows\System\SBXIRmv.exe
  C:\Windows\System\SBXIRmv.exe
  2⤵
  PID:6012
- C:\Windows\System\jKxEyWe.exe
  C:\Windows\System\jKxEyWe.exe
  2⤵
  PID:6040
- C:\Windows\System\BQCBvcH.exe
  C:\Windows\System\BQCBvcH.exe
  2⤵
  PID:6064
- C:\Windows\System\wpKOChA.exe
  C:\Windows\System\wpKOChA.exe
  2⤵
  PID:6096
- C:\Windows\System\RxBZtsv.exe
  C:\Windows\System\RxBZtsv.exe
  2⤵
  PID:6120
- C:\Windows\System\GiHuTBl.exe
  C:\Windows\System\GiHuTBl.exe
  2⤵
  PID:4824
- C:\Windows\System\VCCEexF.exe
  C:\Windows\System\VCCEexF.exe
  2⤵
  PID:1932
- C:\Windows\System\NnyJzFF.exe
  C:\Windows\System\NnyJzFF.exe
  2⤵
  PID:1652
- C:\Windows\System\nWcnOaD.exe
  C:\Windows\System\nWcnOaD.exe
  2⤵
  PID:4200
- C:\Windows\System\jzvxFsW.exe
  C:\Windows\System\jzvxFsW.exe
  2⤵
  PID:5136
- C:\Windows\System\CtgRopI.exe
  C:\Windows\System\CtgRopI.exe
  2⤵
  PID:5196
- C:\Windows\System\GFLFyRS.exe
  C:\Windows\System\GFLFyRS.exe
  2⤵
  PID:5248
- C:\Windows\System\sopatxF.exe
  C:\Windows\System\sopatxF.exe
  2⤵
  PID:5304
- C:\Windows\System\kfflMoW.exe
  C:\Windows\System\kfflMoW.exe
  2⤵
  PID:5464
- C:\Windows\System\rqCKUwz.exe
  C:\Windows\System\rqCKUwz.exe
  2⤵
  PID:5584
- C:\Windows\System\ZsZaYgD.exe
  C:\Windows\System\ZsZaYgD.exe
  2⤵
  PID:5660
- C:\Windows\System\MxNIOLZ.exe
  C:\Windows\System\MxNIOLZ.exe
  2⤵
  PID:3132
- C:\Windows\System\HYxZQks.exe
  C:\Windows\System\HYxZQks.exe
  2⤵
  PID:644
- C:\Windows\System\TCFyfik.exe
  C:\Windows\System\TCFyfik.exe
  2⤵
  PID:5892
- C:\Windows\System\GploFjk.exe
  C:\Windows\System\GploFjk.exe
  2⤵
  PID:5940
- C:\Windows\System\ezzXMII.exe
  C:\Windows\System\ezzXMII.exe
  2⤵
  PID:232
- C:\Windows\System\LFzbdVC.exe
  C:\Windows\System\LFzbdVC.exe
  2⤵
  PID:6088
- C:\Windows\System\zGEgSnA.exe
  C:\Windows\System\zGEgSnA.exe
  2⤵
  PID:1668
- C:\Windows\System\eSqjPVZ.exe
  C:\Windows\System\eSqjPVZ.exe
  2⤵
  PID:4912
- C:\Windows\System\mOtPzbo.exe
  C:\Windows\System\mOtPzbo.exe
  2⤵
  PID:3676
- C:\Windows\System\NlEqdox.exe
  C:\Windows\System\NlEqdox.exe
  2⤵
  PID:5164
- C:\Windows\System\qxgnJjT.exe
  C:\Windows\System\qxgnJjT.exe
  2⤵
  PID:3956
- C:\Windows\System\BlvPqmj.exe
  C:\Windows\System\BlvPqmj.exe
  2⤵
  PID:1352
- C:\Windows\System\yOTDZYU.exe
  C:\Windows\System\yOTDZYU.exe
  2⤵
  PID:5240
- C:\Windows\System\jxFdBbv.exe
  C:\Windows\System\jxFdBbv.exe
  2⤵
  PID:4156
- C:\Windows\System\OlibKAQ.exe
  C:\Windows\System\OlibKAQ.exe
  2⤵
  PID:5300
- C:\Windows\System\IPzzdaQ.exe
  C:\Windows\System\IPzzdaQ.exe
  2⤵
  PID:5636
- C:\Windows\System\BXYLNUt.exe
  C:\Windows\System\BXYLNUt.exe
  2⤵
  PID:2032
- C:\Windows\System\OnFfHax.exe
  C:\Windows\System\OnFfHax.exe
  2⤵
  PID:4512
- C:\Windows\System\aoKPAKG.exe
  C:\Windows\System\aoKPAKG.exe
  2⤵
  PID:6024
- C:\Windows\System\eNmBFSX.exe
  C:\Windows\System\eNmBFSX.exe
  2⤵
  PID:5412
- C:\Windows\System\mKPlVSt.exe
  C:\Windows\System\mKPlVSt.exe
  2⤵
  PID:5688
- C:\Windows\System\GPiGIdw.exe
  C:\Windows\System\GPiGIdw.exe
  2⤵
  PID:2292
- C:\Windows\System\EZgBMrb.exe
  C:\Windows\System\EZgBMrb.exe
  2⤵
  PID:4320
- C:\Windows\System\TQOqgwS.exe
  C:\Windows\System\TQOqgwS.exe
  2⤵
  PID:1420
- C:\Windows\System\LyVOICL.exe
  C:\Windows\System\LyVOICL.exe
  2⤵
  PID:2688
- C:\Windows\System\lJHkSVT.exe
  C:\Windows\System\lJHkSVT.exe
  2⤵
  PID:5224
- C:\Windows\System\GGlYgnE.exe
  C:\Windows\System\GGlYgnE.exe
  2⤵
  PID:3940
- C:\Windows\System\zDcCREg.exe
  C:\Windows\System\zDcCREg.exe
  2⤵
  PID:5884
- C:\Windows\System\MXptYwV.exe
  C:\Windows\System\MXptYwV.exe
  2⤵
  PID:6056
- C:\Windows\System\wIguToj.exe
  C:\Windows\System\wIguToj.exe
  2⤵
  PID:5668
- C:\Windows\System\lyWULjh.exe
  C:\Windows\System\lyWULjh.exe
  2⤵
  PID:4208
- C:\Windows\System\UtfvhKF.exe
  C:\Windows\System\UtfvhKF.exe
  2⤵
  PID:5632
- C:\Windows\System\EUHuGjl.exe
  C:\Windows\System\EUHuGjl.exe
  2⤵
  PID:6156
- C:\Windows\System\EDzzRnK.exe
  C:\Windows\System\EDzzRnK.exe
  2⤵
  PID:6176
- C:\Windows\System\TJbhOWb.exe
  C:\Windows\System\TJbhOWb.exe
  2⤵
  PID:6200
- C:\Windows\System\XZZtRqD.exe
  C:\Windows\System\XZZtRqD.exe
  2⤵
  PID:6228
- C:\Windows\System\yDiWyvr.exe
  C:\Windows\System\yDiWyvr.exe
  2⤵
  PID:6248
- C:\Windows\System\QdivlSZ.exe
  C:\Windows\System\QdivlSZ.exe
  2⤵
  PID:6288
- C:\Windows\System\aGQAgyo.exe
  C:\Windows\System\aGQAgyo.exe
  2⤵
  PID:6308
- C:\Windows\System\fIweqfg.exe
  C:\Windows\System\fIweqfg.exe
  2⤵
  PID:6340
- C:\Windows\System\rqMvxzL.exe
  C:\Windows\System\rqMvxzL.exe
  2⤵
  PID:6364
- C:\Windows\System\wxCumpt.exe
  C:\Windows\System\wxCumpt.exe
  2⤵
  PID:6388
- C:\Windows\System\ZonsOZJ.exe
  C:\Windows\System\ZonsOZJ.exe
  2⤵
  PID:6404
- C:\Windows\System\PIRrEPb.exe
  C:\Windows\System\PIRrEPb.exe
  2⤵
  PID:6432
- C:\Windows\System\TFLKEVE.exe
  C:\Windows\System\TFLKEVE.exe
  2⤵
  PID:6456
- C:\Windows\System\tqvKRDS.exe
  C:\Windows\System\tqvKRDS.exe
  2⤵
  PID:6484
- C:\Windows\System\PVlTWgt.exe
  C:\Windows\System\PVlTWgt.exe
  2⤵
  PID:6520
- C:\Windows\System\HZLlxGx.exe
  C:\Windows\System\HZLlxGx.exe
  2⤵
  PID:6552
- C:\Windows\System\DttKyYE.exe
  C:\Windows\System\DttKyYE.exe
  2⤵
  PID:6572
- C:\Windows\System\jTJkojF.exe
  C:\Windows\System\jTJkojF.exe
  2⤵
  PID:6608
- C:\Windows\System\JPSSZbj.exe
  C:\Windows\System\JPSSZbj.exe
  2⤵
  PID:6640
- C:\Windows\System\ubmJnmy.exe
  C:\Windows\System\ubmJnmy.exe
  2⤵
  PID:6660
- C:\Windows\System\lPlFNHP.exe
  C:\Windows\System\lPlFNHP.exe
  2⤵
  PID:6696
- C:\Windows\System\kSXYCuO.exe
  C:\Windows\System\kSXYCuO.exe
  2⤵
  PID:6716
- C:\Windows\System\fhhmxHF.exe
  C:\Windows\System\fhhmxHF.exe
  2⤵
  PID:6736
- C:\Windows\System\VtqcyuB.exe
  C:\Windows\System\VtqcyuB.exe
  2⤵
  PID:6760
- C:\Windows\System\zxXQYoS.exe
  C:\Windows\System\zxXQYoS.exe
  2⤵
  PID:6780
- C:\Windows\System\kbOYCWw.exe
  C:\Windows\System\kbOYCWw.exe
  2⤵
  PID:6812
- C:\Windows\System\gWkiGjn.exe
  C:\Windows\System\gWkiGjn.exe
  2⤵
  PID:6836
- C:\Windows\System\QtKCIdq.exe
  C:\Windows\System\QtKCIdq.exe
  2⤵
  PID:6856
- C:\Windows\System\cvBxvKi.exe
  C:\Windows\System\cvBxvKi.exe
  2⤵
  PID:6876
- C:\Windows\System\tXGdPXv.exe
  C:\Windows\System\tXGdPXv.exe
  2⤵
  PID:6912
- C:\Windows\System\fpqqrIM.exe
  C:\Windows\System\fpqqrIM.exe
  2⤵
  PID:6928
- C:\Windows\System\fAqSXZm.exe
  C:\Windows\System\fAqSXZm.exe
  2⤵
  PID:6952
- C:\Windows\System\JIACDeE.exe
  C:\Windows\System\JIACDeE.exe
  2⤵
  PID:6980
- C:\Windows\System\FmomJRK.exe
  C:\Windows\System\FmomJRK.exe
  2⤵
  PID:7000
- C:\Windows\System\BnQaaXQ.exe
  C:\Windows\System\BnQaaXQ.exe
  2⤵
  PID:7024
- C:\Windows\System\sRyCCmj.exe
  C:\Windows\System\sRyCCmj.exe
  2⤵
  PID:7048
- C:\Windows\System\nOwHULt.exe
  C:\Windows\System\nOwHULt.exe
  2⤵
  PID:7088
- C:\Windows\System\FDxrdfm.exe
  C:\Windows\System\FDxrdfm.exe
  2⤵
  PID:7104
- C:\Windows\System\ZoxaSHp.exe
  C:\Windows\System\ZoxaSHp.exe
  2⤵
  PID:7124
- C:\Windows\System\aakYPCn.exe
  C:\Windows\System\aakYPCn.exe
  2⤵
  PID:3404
- C:\Windows\System\XyfRace.exe
  C:\Windows\System\XyfRace.exe
  2⤵
  PID:6220
- C:\Windows\System\yBeiTNy.exe
  C:\Windows\System\yBeiTNy.exe
  2⤵
  PID:6244
- C:\Windows\System\FkqWQGp.exe
  C:\Windows\System\FkqWQGp.exe
  2⤵
  PID:6304
- C:\Windows\System\KQuslMO.exe
  C:\Windows\System\KQuslMO.exe
  2⤵
  PID:6356
- C:\Windows\System\TrtMlzT.exe
  C:\Windows\System\TrtMlzT.exe
  2⤵
  PID:6400
- C:\Windows\System\OitKMSZ.exe
  C:\Windows\System\OitKMSZ.exe
  2⤵
  PID:6480
- C:\Windows\System\ijHJNRu.exe
  C:\Windows\System\ijHJNRu.exe
  2⤵
  PID:6528
- C:\Windows\System\oHuSjYj.exe
  C:\Windows\System\oHuSjYj.exe
  2⤵
  PID:6728
- C:\Windows\System\cIzHdAw.exe
  C:\Windows\System\cIzHdAw.exe
  2⤵
  PID:6772
- C:\Windows\System\UpiZBJW.exe
  C:\Windows\System\UpiZBJW.exe
  2⤵
  PID:6804
- C:\Windows\System\XCjBgKb.exe
  C:\Windows\System\XCjBgKb.exe
  2⤵
  PID:6940
- C:\Windows\System\YKGgDfB.exe
  C:\Windows\System\YKGgDfB.exe
  2⤵
  PID:6992
- C:\Windows\System\LsjRgOK.exe
  C:\Windows\System\LsjRgOK.exe
  2⤵
  PID:6968
- C:\Windows\System\TADFOtA.exe
  C:\Windows\System\TADFOtA.exe
  2⤵
  PID:7096
- C:\Windows\System\QMYMzXJ.exe
  C:\Windows\System\QMYMzXJ.exe
  2⤵
  PID:7112
- C:\Windows\System\ugAvnQN.exe
  C:\Windows\System\ugAvnQN.exe
  2⤵
  PID:7144
- C:\Windows\System\PUPekQW.exe
  C:\Windows\System\PUPekQW.exe
  2⤵
  PID:6108
- C:\Windows\System\pXlKouZ.exe
  C:\Windows\System\pXlKouZ.exe
  2⤵
  PID:6240
- C:\Windows\System\EVqvmpK.exe
  C:\Windows\System\EVqvmpK.exe
  2⤵
  PID:6592
- C:\Windows\System\fFktfnC.exe
  C:\Windows\System\fFktfnC.exe
  2⤵
  PID:6832
- C:\Windows\System\MsrmWIs.exe
  C:\Windows\System\MsrmWIs.exe
  2⤵
  PID:6948
- C:\Windows\System\aIrnooJ.exe
  C:\Windows\System\aIrnooJ.exe
  2⤵
  PID:7152
- C:\Windows\System\SIlboPK.exe
  C:\Windows\System\SIlboPK.exe
  2⤵
  PID:6424
- C:\Windows\System\ECbbXwK.exe
  C:\Windows\System\ECbbXwK.exe
  2⤵
  PID:6988
- C:\Windows\System\DJEFyZK.exe
  C:\Windows\System\DJEFyZK.exe
  2⤵
  PID:7064
- C:\Windows\System\cisWWOi.exe
  C:\Windows\System\cisWWOi.exe
  2⤵
  PID:7172
- C:\Windows\System\TgPmcsb.exe
  C:\Windows\System\TgPmcsb.exe
  2⤵
  PID:7196
- C:\Windows\System\hxJSPgi.exe
  C:\Windows\System\hxJSPgi.exe
  2⤵
  PID:7228
- C:\Windows\System\UqnDkLK.exe
  C:\Windows\System\UqnDkLK.exe
  2⤵
  PID:7252
- C:\Windows\System\axVRlPM.exe
  C:\Windows\System\axVRlPM.exe
  2⤵
  PID:7276
- C:\Windows\System\DYynTAr.exe
  C:\Windows\System\DYynTAr.exe
  2⤵
  PID:7324
- C:\Windows\System\zrshqLt.exe
  C:\Windows\System\zrshqLt.exe
  2⤵
  PID:7344
- C:\Windows\System\ZBRVeVd.exe
  C:\Windows\System\ZBRVeVd.exe
  2⤵
  PID:7380
- C:\Windows\System\RheFeKO.exe
  C:\Windows\System\RheFeKO.exe
  2⤵
  PID:7400
- C:\Windows\System\cdmiGXa.exe
  C:\Windows\System\cdmiGXa.exe
  2⤵
  PID:7440
- C:\Windows\System\vFyqHMv.exe
  C:\Windows\System\vFyqHMv.exe
  2⤵
  PID:7464
- C:\Windows\System\vQLJXym.exe
  C:\Windows\System\vQLJXym.exe
  2⤵
  PID:7492
- C:\Windows\System\ifDXiPl.exe
  C:\Windows\System\ifDXiPl.exe
  2⤵
  PID:7520
- C:\Windows\System\DuwVjZf.exe
  C:\Windows\System\DuwVjZf.exe
  2⤵
  PID:7540
- C:\Windows\System\kBWsplJ.exe
  C:\Windows\System\kBWsplJ.exe
  2⤵
  PID:7560
- C:\Windows\System\hPJyJNp.exe
  C:\Windows\System\hPJyJNp.exe
  2⤵
  PID:7588
- C:\Windows\System\MWDIFUk.exe
  C:\Windows\System\MWDIFUk.exe
  2⤵
  PID:7620
- C:\Windows\System\oavBjwd.exe
  C:\Windows\System\oavBjwd.exe
  2⤵
  PID:7656
- C:\Windows\System\hPooWsP.exe
  C:\Windows\System\hPooWsP.exe
  2⤵
  PID:7676
- C:\Windows\System\cNtNmkF.exe
  C:\Windows\System\cNtNmkF.exe
  2⤵
  PID:7700
- C:\Windows\System\kSGOpKJ.exe
  C:\Windows\System\kSGOpKJ.exe
  2⤵
  PID:7736
- C:\Windows\System\FFBLTds.exe
  C:\Windows\System\FFBLTds.exe
  2⤵
  PID:7752
- C:\Windows\System\nTznRde.exe
  C:\Windows\System\nTznRde.exe
  2⤵
  PID:7776
- C:\Windows\System\nXssIWw.exe
  C:\Windows\System\nXssIWw.exe
  2⤵
  PID:7804
- C:\Windows\System\lFjaxXe.exe
  C:\Windows\System\lFjaxXe.exe
  2⤵
  PID:7828
- C:\Windows\System\JHbQEwo.exe
  C:\Windows\System\JHbQEwo.exe
  2⤵
  PID:7848
- C:\Windows\System\OvOGtum.exe
  C:\Windows\System\OvOGtum.exe
  2⤵
  PID:7868
- C:\Windows\System\XWtJNGw.exe
  C:\Windows\System\XWtJNGw.exe
  2⤵
  PID:7884
- C:\Windows\System\MDVSWFh.exe
  C:\Windows\System\MDVSWFh.exe
  2⤵
  PID:7908
- C:\Windows\System\AWMkupJ.exe
  C:\Windows\System\AWMkupJ.exe
  2⤵
  PID:7988
- C:\Windows\System\FtGKMEn.exe
  C:\Windows\System\FtGKMEn.exe
  2⤵
  PID:8008
- C:\Windows\System\jSFqHGr.exe
  C:\Windows\System\jSFqHGr.exe
  2⤵
  PID:8032
- C:\Windows\System\YfyrAqV.exe
  C:\Windows\System\YfyrAqV.exe
  2⤵
  PID:8052
- C:\Windows\System\pqPkPal.exe
  C:\Windows\System\pqPkPal.exe
  2⤵
  PID:8072
- C:\Windows\System\ukZbtpu.exe
  C:\Windows\System\ukZbtpu.exe
  2⤵
  PID:8096
- C:\Windows\System\axxVRsJ.exe
  C:\Windows\System\axxVRsJ.exe
  2⤵
  PID:8116
- C:\Windows\System\SYqgtrw.exe
  C:\Windows\System\SYqgtrw.exe
  2⤵
  PID:8152
- C:\Windows\System\kXznozW.exe
  C:\Windows\System\kXznozW.exe
  2⤵
  PID:8176
- C:\Windows\System\BOSGfeC.exe
  C:\Windows\System\BOSGfeC.exe
  2⤵
  PID:7036
- C:\Windows\System\NUymAWn.exe
  C:\Windows\System\NUymAWn.exe
  2⤵
  PID:7208
- C:\Windows\System\scVBVFD.exe
  C:\Windows\System\scVBVFD.exe
  2⤵
  PID:7264
- C:\Windows\System\aHTHXDo.exe
  C:\Windows\System\aHTHXDo.exe
  2⤵
  PID:7296
- C:\Windows\System\FOgUPrj.exe
  C:\Windows\System\FOgUPrj.exe
  2⤵
  PID:7392
- C:\Windows\System\iMHeAvI.exe
  C:\Windows\System\iMHeAvI.exe
  2⤵
  PID:6756
- C:\Windows\System\BbUVwuJ.exe
  C:\Windows\System\BbUVwuJ.exe
  2⤵
  PID:7584
- C:\Windows\System\avtWfez.exe
  C:\Windows\System\avtWfez.exe
  2⤵
  PID:7648
- C:\Windows\System\rnpqeJL.exe
  C:\Windows\System\rnpqeJL.exe
  2⤵
  PID:7672
- C:\Windows\System\QDjRgDv.exe
  C:\Windows\System\QDjRgDv.exe
  2⤵
  PID:7712
- C:\Windows\System\jBtNhsf.exe
  C:\Windows\System\jBtNhsf.exe
  2⤵
  PID:7724
- C:\Windows\System\vqDEJJm.exe
  C:\Windows\System\vqDEJJm.exe
  2⤵
  PID:7788
- C:\Windows\System\PqKuMda.exe
  C:\Windows\System\PqKuMda.exe
  2⤵
  PID:7860
- C:\Windows\System\YyDFXsd.exe
  C:\Windows\System\YyDFXsd.exe
  2⤵
  PID:7836
- C:\Windows\System\PuILZoS.exe
  C:\Windows\System\PuILZoS.exe
  2⤵
  PID:7880
- C:\Windows\System\UKZnoji.exe
  C:\Windows\System\UKZnoji.exe
  2⤵
  PID:7924
- C:\Windows\System\bYOVOmY.exe
  C:\Windows\System\bYOVOmY.exe
  2⤵
  PID:7996
- C:\Windows\System\ANzOVTk.exe
  C:\Windows\System\ANzOVTk.exe
  2⤵
  PID:8024
- C:\Windows\System\GYhcpUv.exe
  C:\Windows\System\GYhcpUv.exe
  2⤵
  PID:8060
- C:\Windows\System\cgTAtQC.exe
  C:\Windows\System\cgTAtQC.exe
  2⤵
  PID:8132
- C:\Windows\System\kckfzKL.exe
  C:\Windows\System\kckfzKL.exe
  2⤵
  PID:6724
- C:\Windows\System\yNActDe.exe
  C:\Windows\System\yNActDe.exe
  2⤵
  PID:7456
- C:\Windows\System\iApUWSc.exe
  C:\Windows\System\iApUWSc.exe
  2⤵
  PID:7484
- C:\Windows\System\PshBwEC.exe
  C:\Windows\System\PshBwEC.exe
  2⤵
  PID:7528
- C:\Windows\System\eXWIapT.exe
  C:\Windows\System\eXWIapT.exe
  2⤵
  PID:7600
- C:\Windows\System\UPtbOqL.exe
  C:\Windows\System\UPtbOqL.exe
  2⤵
  PID:7692
- C:\Windows\System\VEmRBin.exe
  C:\Windows\System\VEmRBin.exe
  2⤵
  PID:7980
- C:\Windows\System\UyKpiMJ.exe
  C:\Windows\System\UyKpiMJ.exe
  2⤵
  PID:8228
- C:\Windows\System\HPOLwDU.exe
  C:\Windows\System\HPOLwDU.exe
  2⤵
  PID:8252
- C:\Windows\System\ABkBsNC.exe
  C:\Windows\System\ABkBsNC.exe
  2⤵
  PID:8272
- C:\Windows\System\mxMQlPl.exe
  C:\Windows\System\mxMQlPl.exe
  2⤵
  PID:8340
- C:\Windows\System\UNVOxWm.exe
  C:\Windows\System\UNVOxWm.exe
  2⤵
  PID:8360
- C:\Windows\System\tdoiyer.exe
  C:\Windows\System\tdoiyer.exe
  2⤵
  PID:8456
- C:\Windows\System\jqXFROC.exe
  C:\Windows\System\jqXFROC.exe
  2⤵
  PID:8476
- C:\Windows\System\cmsAMLK.exe
  C:\Windows\System\cmsAMLK.exe
  2⤵
  PID:8516
- C:\Windows\System\EGoRJWU.exe
  C:\Windows\System\EGoRJWU.exe
  2⤵
  PID:8584
- C:\Windows\System\XXAYkZT.exe
  C:\Windows\System\XXAYkZT.exe
  2⤵
  PID:8604
- C:\Windows\System\aICSfxu.exe
  C:\Windows\System\aICSfxu.exe
  2⤵
  PID:8628
- C:\Windows\System\OUuydhi.exe
  C:\Windows\System\OUuydhi.exe
  2⤵
  PID:8644
- C:\Windows\System\zhpOuHc.exe
  C:\Windows\System\zhpOuHc.exe
  2⤵
  PID:8676
- C:\Windows\System\dVwUGnC.exe
  C:\Windows\System\dVwUGnC.exe
  2⤵
  PID:8708
- C:\Windows\System\nvumfTF.exe
  C:\Windows\System\nvumfTF.exe
  2⤵
  PID:8764
- C:\Windows\System\BDbmldW.exe
  C:\Windows\System\BDbmldW.exe
  2⤵
  PID:8796
- C:\Windows\System\xZTEaQc.exe
  C:\Windows\System\xZTEaQc.exe
  2⤵
  PID:8820
- C:\Windows\System\kSodZuF.exe
  C:\Windows\System\kSodZuF.exe
  2⤵
  PID:8840
- C:\Windows\System\argGPHJ.exe
  C:\Windows\System\argGPHJ.exe
  2⤵
  PID:8868
- C:\Windows\System\DadSMQO.exe
  C:\Windows\System\DadSMQO.exe
  2⤵
  PID:8908
- C:\Windows\System\cbwQLzT.exe
  C:\Windows\System\cbwQLzT.exe
  2⤵
  PID:8936
- C:\Windows\System\cRWUADc.exe
  C:\Windows\System\cRWUADc.exe
  2⤵
  PID:8980
- C:\Windows\System\ZLnozpG.exe
  C:\Windows\System\ZLnozpG.exe
  2⤵
  PID:8996
- C:\Windows\System\SdlEvBb.exe
  C:\Windows\System\SdlEvBb.exe
  2⤵
  PID:9016
- C:\Windows\System\hwNgPKz.exe
  C:\Windows\System\hwNgPKz.exe
  2⤵
  PID:9040
- C:\Windows\System\JLbGpfG.exe
  C:\Windows\System\JLbGpfG.exe
  2⤵
  PID:9060
- C:\Windows\System\QSFRxAg.exe
  C:\Windows\System\QSFRxAg.exe
  2⤵
  PID:9080
- C:\Windows\System\lrzojAW.exe
  C:\Windows\System\lrzojAW.exe
  2⤵
  PID:9100
- C:\Windows\System\BSLiTxJ.exe
  C:\Windows\System\BSLiTxJ.exe
  2⤵
  PID:9132
- C:\Windows\System\hiNEJBW.exe
  C:\Windows\System\hiNEJBW.exe
  2⤵
  PID:9152
- C:\Windows\System\OGYmmit.exe
  C:\Windows\System\OGYmmit.exe
  2⤵
  PID:9208
- C:\Windows\System\vREXfIv.exe
  C:\Windows\System\vREXfIv.exe
  2⤵
  PID:7332
- C:\Windows\System\IcKznvk.exe
  C:\Windows\System\IcKznvk.exe
  2⤵
  PID:7436
- C:\Windows\System\cpFHjbo.exe
  C:\Windows\System\cpFHjbo.exe
  2⤵
  PID:7784
- C:\Windows\System\TMNnXHW.exe
  C:\Windows\System\TMNnXHW.exe
  2⤵
  PID:7856
- C:\Windows\System\mmPuGWX.exe
  C:\Windows\System\mmPuGWX.exe
  2⤵
  PID:7536
- C:\Windows\System\jZzLdDH.exe
  C:\Windows\System\jZzLdDH.exe
  2⤵
  PID:8224
- C:\Windows\System\GWIRYov.exe
  C:\Windows\System\GWIRYov.exe
  2⤵
  PID:8352
- C:\Windows\System\jcTGhbU.exe
  C:\Windows\System\jcTGhbU.exe
  2⤵
  PID:8548
- C:\Windows\System\bMtTEef.exe
  C:\Windows\System\bMtTEef.exe
  2⤵
  PID:8596
- C:\Windows\System\uKLAkuB.exe
  C:\Windows\System\uKLAkuB.exe
  2⤵
  PID:8616
- C:\Windows\System\HSDQfGl.exe
  C:\Windows\System\HSDQfGl.exe
  2⤵
  PID:8660
- C:\Windows\System\ougdVRH.exe
  C:\Windows\System\ougdVRH.exe
  2⤵
  PID:8776
- C:\Windows\System\asnEAxb.exe
  C:\Windows\System\asnEAxb.exe
  2⤵
  PID:8836
- C:\Windows\System\mNoPcAU.exe
  C:\Windows\System\mNoPcAU.exe
  2⤵
  PID:8888
- C:\Windows\System\dTPLtQl.exe
  C:\Windows\System\dTPLtQl.exe
  2⤵
  PID:8920
- C:\Windows\System\tVpuhnR.exe
  C:\Windows\System\tVpuhnR.exe
  2⤵
  PID:9032
- C:\Windows\System\CPBNkgr.exe
  C:\Windows\System\CPBNkgr.exe
  2⤵
  PID:9092
- C:\Windows\System\eBbkyBK.exe
  C:\Windows\System\eBbkyBK.exe
  2⤵
  PID:9160
- C:\Windows\System\DPRvUKr.exe
  C:\Windows\System\DPRvUKr.exe
  2⤵
  PID:7500
- C:\Windows\System\nIOvDVR.exe
  C:\Windows\System\nIOvDVR.exe
  2⤵
  PID:7820
- C:\Windows\System\lENBRxq.exe
  C:\Windows\System\lENBRxq.exe
  2⤵
  PID:8348
- C:\Windows\System\qhppYHP.exe
  C:\Windows\System\qhppYHP.exe
  2⤵
  PID:8536
- C:\Windows\System\rAoxbCW.exe
  C:\Windows\System\rAoxbCW.exe
  2⤵
  PID:8652
- C:\Windows\System\JgExOhe.exe
  C:\Windows\System\JgExOhe.exe
  2⤵
  PID:8780
- C:\Windows\System\MPyRJWQ.exe
  C:\Windows\System\MPyRJWQ.exe
  2⤵
  PID:8928
- C:\Windows\System\fXvOQpr.exe
  C:\Windows\System\fXvOQpr.exe
  2⤵
  PID:9144
- C:\Windows\System\xBvgjNZ.exe
  C:\Windows\System\xBvgjNZ.exe
  2⤵
  PID:7340
- C:\Windows\System\mLCkcUp.exe
  C:\Windows\System\mLCkcUp.exe
  2⤵
  PID:8420
- C:\Windows\System\ZknLdii.exe
  C:\Windows\System\ZknLdii.exe
  2⤵
  PID:8904
- C:\Windows\System\ILXCaUa.exe
  C:\Windows\System\ILXCaUa.exe
  2⤵
  PID:8044
- C:\Windows\System\zEGGRvj.exe
  C:\Windows\System\zEGGRvj.exe
  2⤵
  PID:8388
- C:\Windows\System\NEtFkgv.exe
  C:\Windows\System\NEtFkgv.exe
  2⤵
  PID:9232
- C:\Windows\System\LgZnzFj.exe
  C:\Windows\System\LgZnzFj.exe
  2⤵
  PID:9256
- C:\Windows\System\toRMSuV.exe
  C:\Windows\System\toRMSuV.exe
  2⤵
  PID:9272
- C:\Windows\System\Kzxvzmy.exe
  C:\Windows\System\Kzxvzmy.exe
  2⤵
  PID:9300
- C:\Windows\System\zEkAvZs.exe
  C:\Windows\System\zEkAvZs.exe
  2⤵
  PID:9340
- C:\Windows\System\BxXxaMf.exe
  C:\Windows\System\BxXxaMf.exe
  2⤵
  PID:9364
- C:\Windows\System\VAhjeRl.exe
  C:\Windows\System\VAhjeRl.exe
  2⤵
  PID:9420
- C:\Windows\System\OrDMfnb.exe
  C:\Windows\System\OrDMfnb.exe
  2⤵
  PID:9436
- C:\Windows\System\eNDFDQP.exe
  C:\Windows\System\eNDFDQP.exe
  2⤵
  PID:9464
- C:\Windows\System\LKEiBfW.exe
  C:\Windows\System\LKEiBfW.exe
  2⤵
  PID:9484
- C:\Windows\System\AfbNaYX.exe
  C:\Windows\System\AfbNaYX.exe
  2⤵
  PID:9508
- C:\Windows\System\NwkpYqi.exe
  C:\Windows\System\NwkpYqi.exe
  2⤵
  PID:9536
- C:\Windows\System\YTywsnf.exe
  C:\Windows\System\YTywsnf.exe
  2⤵
  PID:9584
- C:\Windows\System\hVhOflF.exe
  C:\Windows\System\hVhOflF.exe
  2⤵
  PID:9608
- C:\Windows\System\oSLBEcV.exe
  C:\Windows\System\oSLBEcV.exe
  2⤵
  PID:9636
- C:\Windows\System\ftzKAzl.exe
  C:\Windows\System\ftzKAzl.exe
  2⤵
  PID:9656
- C:\Windows\System\ypZFDBt.exe
  C:\Windows\System\ypZFDBt.exe
  2⤵
  PID:9676
- C:\Windows\System\HWgPTvY.exe
  C:\Windows\System\HWgPTvY.exe
  2⤵
  PID:9736
- C:\Windows\System\KlipNdZ.exe
  C:\Windows\System\KlipNdZ.exe
  2⤵
  PID:9760
- C:\Windows\System\AmtSBfK.exe
  C:\Windows\System\AmtSBfK.exe
  2⤵
  PID:9784
- C:\Windows\System\rVjtpZG.exe
  C:\Windows\System\rVjtpZG.exe
  2⤵
  PID:9820
- C:\Windows\System\BasjUsV.exe
  C:\Windows\System\BasjUsV.exe
  2⤵
  PID:9848
- C:\Windows\System\cQIrqmW.exe
  C:\Windows\System\cQIrqmW.exe
  2⤵
  PID:9872
- C:\Windows\System\HsuGNSx.exe
  C:\Windows\System\HsuGNSx.exe
  2⤵
  PID:9888
- C:\Windows\System\KUDPljk.exe
  C:\Windows\System\KUDPljk.exe
  2⤵
  PID:9928
- C:\Windows\System\cDFEkzs.exe
  C:\Windows\System\cDFEkzs.exe
  2⤵
  PID:9948
- C:\Windows\System\bBQszOT.exe
  C:\Windows\System\bBQszOT.exe
  2⤵
  PID:9976
- C:\Windows\System\cuTtUUN.exe
  C:\Windows\System\cuTtUUN.exe
  2⤵
  PID:9996
- C:\Windows\System\sdIfkMG.exe
  C:\Windows\System\sdIfkMG.exe
  2⤵
  PID:10016
- C:\Windows\System\ljVTgls.exe
  C:\Windows\System\ljVTgls.exe
  2⤵
  PID:10060
- C:\Windows\System\nTYKqiF.exe
  C:\Windows\System\nTYKqiF.exe
  2⤵
  PID:10104
- C:\Windows\System\LjQPjtG.exe
  C:\Windows\System\LjQPjtG.exe
  2⤵
  PID:10132
- C:\Windows\System\BDosDyT.exe
  C:\Windows\System\BDosDyT.exe
  2⤵
  PID:10152
- C:\Windows\System\PmJrcJt.exe
  C:\Windows\System\PmJrcJt.exe
  2⤵
  PID:10172
- C:\Windows\System\eqBHFis.exe
  C:\Windows\System\eqBHFis.exe
  2⤵
  PID:10196
- C:\Windows\System\bMjmciO.exe
  C:\Windows\System\bMjmciO.exe
  2⤵
  PID:9192
- C:\Windows\System\zHdvZLt.exe
  C:\Windows\System\zHdvZLt.exe
  2⤵
  PID:9220
- C:\Windows\System\EgXZTuE.exe
  C:\Windows\System\EgXZTuE.exe
  2⤵
  PID:9280
- C:\Windows\System\DRQatfs.exe
  C:\Windows\System\DRQatfs.exe
  2⤵
  PID:9392
- C:\Windows\System\ijChNQO.exe
  C:\Windows\System\ijChNQO.exe
  2⤵
  PID:9456
- C:\Windows\System\avmiUtp.exe
  C:\Windows\System\avmiUtp.exe
  2⤵
  PID:9504
- C:\Windows\System\mHMkXfL.exe
  C:\Windows\System\mHMkXfL.exe
  2⤵
  PID:9628
- C:\Windows\System\NVPTwDP.exe
  C:\Windows\System\NVPTwDP.exe
  2⤵
  PID:9604
- C:\Windows\System\Lksaydy.exe
  C:\Windows\System\Lksaydy.exe
  2⤵
  PID:9692
- C:\Windows\System\lDqRCmD.exe
  C:\Windows\System\lDqRCmD.exe
  2⤵
  PID:9728
- C:\Windows\System\yamgiiL.exe
  C:\Windows\System\yamgiiL.exe
  2⤵
  PID:9772
- C:\Windows\System\TdqaXRt.exe
  C:\Windows\System\TdqaXRt.exe
  2⤵
  PID:9832
- C:\Windows\System\Njmxxht.exe
  C:\Windows\System\Njmxxht.exe
  2⤵
  PID:9860
- C:\Windows\System\vMJHdbL.exe
  C:\Windows\System\vMJHdbL.exe
  2⤵
  PID:9904
- C:\Windows\System\uLfsubm.exe
  C:\Windows\System\uLfsubm.exe
  2⤵
  PID:9984
- C:\Windows\System\AYuynEY.exe
  C:\Windows\System\AYuynEY.exe
  2⤵
  PID:10112
- C:\Windows\System\nexbaEY.exe
  C:\Windows\System\nexbaEY.exe
  2⤵
  PID:10144
- C:\Windows\System\hWRKDfg.exe
  C:\Windows\System\hWRKDfg.exe
  2⤵
  PID:10216
- C:\Windows\System\eaxEGEL.exe
  C:\Windows\System\eaxEGEL.exe
  2⤵
  PID:9336
- C:\Windows\System\UvVaOzj.exe
  C:\Windows\System\UvVaOzj.exe
  2⤵
  PID:9412
- C:\Windows\System\SAlxvVB.exe
  C:\Windows\System\SAlxvVB.exe
  2⤵
  PID:9476
- C:\Windows\System\YAzQlQk.exe
  C:\Windows\System\YAzQlQk.exe
  2⤵
  PID:9644
- C:\Windows\System\qBtxjcR.exe
  C:\Windows\System\qBtxjcR.exe
  2⤵
  PID:9912
- C:\Windows\System\wObqEBa.exe
  C:\Windows\System\wObqEBa.exe
  2⤵
  PID:9920
- C:\Windows\System\uJfwAwW.exe
  C:\Windows\System\uJfwAwW.exe
  2⤵
  PID:10092
- C:\Windows\System\aQXcdXJ.exe
  C:\Windows\System\aQXcdXJ.exe
  2⤵
  PID:9296
- C:\Windows\System\GpFSgFs.exe
  C:\Windows\System\GpFSgFs.exe
  2⤵
  PID:9496
- C:\Windows\System\HLjiHBa.exe
  C:\Windows\System\HLjiHBa.exe
  2⤵
  PID:10280
- C:\Windows\System\vNdWhLA.exe
  C:\Windows\System\vNdWhLA.exe
  2⤵
  PID:10316
- C:\Windows\System\enOlkmK.exe
  C:\Windows\System\enOlkmK.exe
  2⤵
  PID:10340
- C:\Windows\System\pRbnjle.exe
  C:\Windows\System\pRbnjle.exe
  2⤵
  PID:10360
- C:\Windows\System\oaPJBSK.exe
  C:\Windows\System\oaPJBSK.exe
  2⤵
  PID:10376
- C:\Windows\System\xpJSNVU.exe
  C:\Windows\System\xpJSNVU.exe
  2⤵
  PID:10424
- C:\Windows\System\UEQtYLY.exe
  C:\Windows\System\UEQtYLY.exe
  2⤵
  PID:10448
- C:\Windows\System\eNJeMIr.exe
  C:\Windows\System\eNJeMIr.exe
  2⤵
  PID:10468
- C:\Windows\System\XhHwpXr.exe
  C:\Windows\System\XhHwpXr.exe
  2⤵
  PID:10488
- C:\Windows\System\ZdvyRCo.exe
  C:\Windows\System\ZdvyRCo.exe
  2⤵
  PID:10504
- C:\Windows\System\huNIwiz.exe
  C:\Windows\System\huNIwiz.exe
  2⤵
  PID:10552
- C:\Windows\System\uUhjNwi.exe
  C:\Windows\System\uUhjNwi.exe
  2⤵
  PID:10572
- C:\Windows\System\ecdbTRE.exe
  C:\Windows\System\ecdbTRE.exe
  2⤵
  PID:10608
- C:\Windows\System\intlqDJ.exe
  C:\Windows\System\intlqDJ.exe
  2⤵
  PID:10628
- C:\Windows\System\QOoeFei.exe
  C:\Windows\System\QOoeFei.exe
  2⤵
  PID:10652
- C:\Windows\System\eGvnLDR.exe
  C:\Windows\System\eGvnLDR.exe
  2⤵
  PID:10684
- C:\Windows\System\BdQQZuB.exe
  C:\Windows\System\BdQQZuB.exe
  2⤵
  PID:10704
- C:\Windows\System\pBYhiBB.exe
  C:\Windows\System\pBYhiBB.exe
  2⤵
  PID:10736
- C:\Windows\System\qpZvDDd.exe
  C:\Windows\System\qpZvDDd.exe
  2⤵
  PID:10756
- C:\Windows\System\pPywcBu.exe
  C:\Windows\System\pPywcBu.exe
  2⤵
  PID:10784
- C:\Windows\System\UUxLBxE.exe
  C:\Windows\System\UUxLBxE.exe
  2⤵
  PID:10800
- C:\Windows\System\BcIRFhe.exe
  C:\Windows\System\BcIRFhe.exe
  2⤵
  PID:10828
- C:\Windows\System\CfCoEwh.exe
  C:\Windows\System\CfCoEwh.exe
  2⤵
  PID:10856
- C:\Windows\System\BWSldqN.exe
  C:\Windows\System\BWSldqN.exe
  2⤵
  PID:10880
- C:\Windows\System\QqRmIMw.exe
  C:\Windows\System\QqRmIMw.exe
  2⤵
  PID:10904
- C:\Windows\System\VaFZmTX.exe
  C:\Windows\System\VaFZmTX.exe
  2⤵
  PID:10920
- C:\Windows\System\JopsZKh.exe
  C:\Windows\System\JopsZKh.exe
  2⤵
  PID:10944
- C:\Windows\System\fMXAoRV.exe
  C:\Windows\System\fMXAoRV.exe
  2⤵
  PID:10988
- C:\Windows\System\kKqKrVg.exe
  C:\Windows\System\kKqKrVg.exe
  2⤵
  PID:11032
- C:\Windows\System\Iegypxw.exe
  C:\Windows\System\Iegypxw.exe
  2⤵
  PID:11084
- C:\Windows\System\bsbuNex.exe
  C:\Windows\System\bsbuNex.exe
  2⤵
  PID:11132
- C:\Windows\System\AomYFpb.exe
  C:\Windows\System\AomYFpb.exe
  2⤵
  PID:11164
- C:\Windows\System\yrjqdKw.exe
  C:\Windows\System\yrjqdKw.exe
  2⤵
  PID:11184
- C:\Windows\System\sJDrdmM.exe
  C:\Windows\System\sJDrdmM.exe
  2⤵
  PID:11204
- C:\Windows\System\lXSiDit.exe
  C:\Windows\System\lXSiDit.exe
  2⤵
  PID:11220
- C:\Windows\System\QtTNPbm.exe
  C:\Windows\System\QtTNPbm.exe
  2⤵
  PID:11256
- C:\Windows\System\GlrwfLC.exe
  C:\Windows\System\GlrwfLC.exe
  2⤵
  PID:10244
- C:\Windows\System\TRipPlY.exe
  C:\Windows\System\TRipPlY.exe
  2⤵
  PID:9592
- C:\Windows\System\uSwQkzN.exe
  C:\Windows\System\uSwQkzN.exe
  2⤵
  PID:10408
- C:\Windows\System\lmcJVJb.exe
  C:\Windows\System\lmcJVJb.exe
  2⤵
  PID:10464
- C:\Windows\System\rsTBcUE.exe
  C:\Windows\System\rsTBcUE.exe
  2⤵
  PID:10512
- C:\Windows\System\NvHfrqO.exe
  C:\Windows\System\NvHfrqO.exe
  2⤵
  PID:10536
- C:\Windows\System\OLXUGeR.exe
  C:\Windows\System\OLXUGeR.exe
  2⤵
  PID:10620
- C:\Windows\System\ysENosj.exe
  C:\Windows\System\ysENosj.exe
  2⤵
  PID:10692
- C:\Windows\System\DkPbuaL.exe
  C:\Windows\System\DkPbuaL.exe
  2⤵
  PID:10744
- C:\Windows\System\bEewkRP.exe
  C:\Windows\System\bEewkRP.exe
  2⤵
  PID:10752
- C:\Windows\System\EpOzfYs.exe
  C:\Windows\System\EpOzfYs.exe
  2⤵
  PID:10820
- C:\Windows\System\ATMeXWw.exe
  C:\Windows\System\ATMeXWw.exe
  2⤵
  PID:10852
- C:\Windows\System\FDJglrZ.exe
  C:\Windows\System\FDJglrZ.exe
  2⤵
  PID:10980
- C:\Windows\System\TnftukC.exe
  C:\Windows\System\TnftukC.exe
  2⤵
  PID:11008
- C:\Windows\System\pdWngXw.exe
  C:\Windows\System\pdWngXw.exe
  2⤵
  PID:11180
- C:\Windows\System\PWeyeze.exe
  C:\Windows\System\PWeyeze.exe
  2⤵
  PID:11176
- C:\Windows\System\IkxwaEo.exe
  C:\Windows\System\IkxwaEo.exe
  2⤵
  PID:11248
- C:\Windows\System\IwXiXmx.exe
  C:\Windows\System\IwXiXmx.exe
  2⤵
  PID:10256
- C:\Windows\System\FQDvIUH.exe
  C:\Windows\System\FQDvIUH.exe
  2⤵
  PID:11060
- C:\Windows\System\dExxfpO.exe
  C:\Windows\System\dExxfpO.exe
  2⤵
  PID:10500
- C:\Windows\System\SGEGjsL.exe
  C:\Windows\System\SGEGjsL.exe
  2⤵
  PID:10936
- C:\Windows\System\LZevVKG.exe
  C:\Windows\System\LZevVKG.exe
  2⤵
  PID:9856
- C:\Windows\System\bXsdufF.exe
  C:\Windows\System\bXsdufF.exe
  2⤵
  PID:11280
- C:\Windows\System\GQNooSB.exe
  C:\Windows\System\GQNooSB.exe
  2⤵
  PID:11296
- C:\Windows\System\lxTixHS.exe
  C:\Windows\System\lxTixHS.exe
  2⤵
  PID:11316
- C:\Windows\System\lyBvhgq.exe
  C:\Windows\System\lyBvhgq.exe
  2⤵
  PID:11336
- C:\Windows\System\EuYOBgz.exe
  C:\Windows\System\EuYOBgz.exe
  2⤵
  PID:11352
- C:\Windows\System\iZCHUet.exe
  C:\Windows\System\iZCHUet.exe
  2⤵
  PID:11368
- C:\Windows\System\WKgVPCd.exe
  C:\Windows\System\WKgVPCd.exe
  2⤵
  PID:11400
- C:\Windows\System\SizCOWX.exe
  C:\Windows\System\SizCOWX.exe
  2⤵
  PID:11424
- C:\Windows\System\YcpMPQG.exe
  C:\Windows\System\YcpMPQG.exe
  2⤵
  PID:11448
- C:\Windows\System\khiTqAd.exe
  C:\Windows\System\khiTqAd.exe
  2⤵
  PID:11468
- C:\Windows\System\NtxeKgN.exe
  C:\Windows\System\NtxeKgN.exe
  2⤵
  PID:11540
- C:\Windows\System\VJEkNkF.exe
  C:\Windows\System\VJEkNkF.exe
  2⤵
  PID:11564
- C:\Windows\System\MrfClTl.exe
  C:\Windows\System\MrfClTl.exe
  2⤵
  PID:11588
- C:\Windows\System\XJfpiBo.exe
  C:\Windows\System\XJfpiBo.exe
  2⤵
  PID:11616
- C:\Windows\System\CUTAeex.exe
  C:\Windows\System\CUTAeex.exe
  2⤵
  PID:11636
- C:\Windows\System\zEVCELT.exe
  C:\Windows\System\zEVCELT.exe
  2⤵
  PID:11720
- C:\Windows\System\dCAOnnv.exe
  C:\Windows\System\dCAOnnv.exe
  2⤵
  PID:11736
- C:\Windows\System\qQgDwta.exe
  C:\Windows\System\qQgDwta.exe
  2⤵
  PID:11780
- C:\Windows\System\XxPJlbT.exe
  C:\Windows\System\XxPJlbT.exe
  2⤵
  PID:11812
- C:\Windows\System\ZQdETtP.exe
  C:\Windows\System\ZQdETtP.exe
  2⤵
  PID:11844
- C:\Windows\System\uOfKTwG.exe
  C:\Windows\System\uOfKTwG.exe
  2⤵
  PID:11864
- C:\Windows\System\BEhNbLz.exe
  C:\Windows\System\BEhNbLz.exe
  2⤵
  PID:11884
- C:\Windows\System\Dytmsst.exe
  C:\Windows\System\Dytmsst.exe
  2⤵
  PID:11904
- C:\Windows\System\FGWVoZn.exe
  C:\Windows\System\FGWVoZn.exe
  2⤵
  PID:11920
- C:\Windows\System\qowdEZs.exe
  C:\Windows\System\qowdEZs.exe
  2⤵
  PID:11980
- C:\Windows\System\wPbLkSL.exe
  C:\Windows\System\wPbLkSL.exe
  2⤵
  PID:12000
- C:\Windows\System\GbEOtuE.exe
  C:\Windows\System\GbEOtuE.exe
  2⤵
  PID:12020
- C:\Windows\System\Gtlsffv.exe
  C:\Windows\System\Gtlsffv.exe
  2⤵
  PID:12040
- C:\Windows\System\nlEFTOm.exe
  C:\Windows\System\nlEFTOm.exe
  2⤵
  PID:12060
- C:\Windows\System\IWIMfub.exe
  C:\Windows\System\IWIMfub.exe
  2⤵
  PID:12144
- C:\Windows\System\FrFUQjG.exe
  C:\Windows\System\FrFUQjG.exe
  2⤵
  PID:12160
- C:\Windows\System\idUWnra.exe
  C:\Windows\System\idUWnra.exe
  2⤵
  PID:12196
- C:\Windows\System\IWchwNu.exe
  C:\Windows\System\IWchwNu.exe
  2⤵
  PID:12216
- C:\Windows\System\qiyjmTF.exe
  C:\Windows\System\qiyjmTF.exe
  2⤵
  PID:12236
- C:\Windows\System\PjLhUSk.exe
  C:\Windows\System\PjLhUSk.exe
  2⤵
  PID:12256
- C:\Windows\System\YdOzdzS.exe
  C:\Windows\System\YdOzdzS.exe
  2⤵
  PID:12284
- C:\Windows\System\kwROKaS.exe
  C:\Windows\System\kwROKaS.exe
  2⤵
  PID:10476
- C:\Windows\System\xgTRYbx.exe
  C:\Windows\System\xgTRYbx.exe
  2⤵
  PID:10664
- C:\Windows\System\ZdHtuHP.exe
  C:\Windows\System\ZdHtuHP.exe
  2⤵
  PID:10916
- C:\Windows\System\YGikAKn.exe
  C:\Windows\System\YGikAKn.exe
  2⤵
  PID:11192
- C:\Windows\System\FxujpOa.exe
  C:\Windows\System\FxujpOa.exe
  2⤵
  PID:11160
- C:\Windows\System\JWLmSpL.exe
  C:\Windows\System\JWLmSpL.exe
  2⤵
  PID:11364
- C:\Windows\System\RLNauOS.exe
  C:\Windows\System\RLNauOS.exe
  2⤵
  PID:11416
- C:\Windows\System\MkHyZUB.exe
  C:\Windows\System\MkHyZUB.exe
  2⤵
  PID:11464
- C:\Windows\System\bifOjIj.exe
  C:\Windows\System\bifOjIj.exe
  2⤵
  PID:11396
- C:\Windows\System\IhfuQdb.exe
  C:\Windows\System\IhfuQdb.exe
  2⤵
  PID:11612
- C:\Windows\System\MQAupss.exe
  C:\Windows\System\MQAupss.exe
  2⤵
  PID:11624
- C:\Windows\System\iMHFKaw.exe
  C:\Windows\System\iMHFKaw.exe
  2⤵
  PID:11692
- C:\Windows\System\emwWjQt.exe
  C:\Windows\System\emwWjQt.exe
  2⤵
  PID:11756
- C:\Windows\System\TfKgEZG.exe
  C:\Windows\System\TfKgEZG.exe
  2⤵
  PID:11892
- C:\Windows\System\DfnQcjZ.exe
  C:\Windows\System\DfnQcjZ.exe
  2⤵
  PID:11872
- C:\Windows\System\cSyAsMv.exe
  C:\Windows\System\cSyAsMv.exe
  2⤵
  PID:11944
- C:\Windows\System\WGDlWxI.exe
  C:\Windows\System\WGDlWxI.exe
  2⤵
  PID:12012
- C:\Windows\System\dwuVOHu.exe
  C:\Windows\System\dwuVOHu.exe
  2⤵
  PID:12152
- C:\Windows\System\bPBOSFF.exe
  C:\Windows\System\bPBOSFF.exe
  2⤵
  PID:12180
- C:\Windows\System\VIdBrpJ.exe
  C:\Windows\System\VIdBrpJ.exe
  2⤵
  PID:12244
- C:\Windows\System\nVdZdvJ.exe
  C:\Windows\System\nVdZdvJ.exe
  2⤵
  PID:10748
- C:\Windows\System\IGXnJHp.exe
  C:\Windows\System\IGXnJHp.exe
  2⤵
  PID:10456
- C:\Windows\System\qPIccDl.exe
  C:\Windows\System\qPIccDl.exe
  2⤵
  PID:11108
- C:\Windows\System\mwuAilp.exe
  C:\Windows\System\mwuAilp.exe
  2⤵
  PID:11460
- C:\Windows\System\MntEyLt.exe
  C:\Windows\System\MntEyLt.exe
  2⤵
  PID:11580
- C:\Windows\System\fjVmxNT.exe
  C:\Windows\System\fjVmxNT.exe
  2⤵
  PID:11392
- C:\Windows\System\iIgijkP.exe
  C:\Windows\System\iIgijkP.exe
  2⤵
  PID:11684
- C:\Windows\System\vuKyScc.exe
  C:\Windows\System\vuKyScc.exe
  2⤵
  PID:11560
- C:\Windows\System\aECRGeO.exe
  C:\Windows\System\aECRGeO.exe
  2⤵
  PID:11840
- C:\Windows\System\hazPDIt.exe
  C:\Windows\System\hazPDIt.exe
  2⤵
  PID:11940
- C:\Windows\System\LxOvGmo.exe
  C:\Windows\System\LxOvGmo.exe
  2⤵
  PID:12140
- C:\Windows\System\cCMOsHL.exe
  C:\Windows\System\cCMOsHL.exe
  2⤵
  PID:12028
- C:\Windows\System\cYYADrX.exe
  C:\Windows\System\cYYADrX.exe
  2⤵
  PID:11276
- C:\Windows\System\xqrJtNv.exe
  C:\Windows\System\xqrJtNv.exe
  2⤵
  PID:12276
- C:\Windows\System\hrfUxDM.exe
  C:\Windows\System\hrfUxDM.exe
  2⤵
  PID:11824
- C:\Windows\System\joSszPr.exe
  C:\Windows\System\joSszPr.exe
  2⤵
  PID:11272
- C:\Windows\System\bPhLJaN.exe
  C:\Windows\System\bPhLJaN.exe
  2⤵
  PID:12300
- C:\Windows\System\PDaWfQg.exe
  C:\Windows\System\PDaWfQg.exe
  2⤵
  PID:12316
- C:\Windows\System\qjSFvxK.exe
  C:\Windows\System\qjSFvxK.exe
  2⤵
  PID:12336
- C:\Windows\System\yXLBMve.exe
  C:\Windows\System\yXLBMve.exe
  2⤵
  PID:12356
- C:\Windows\System\HbiJTBn.exe
  C:\Windows\System\HbiJTBn.exe
  2⤵
  PID:12376
- C:\Windows\System\RxlBRhL.exe
  C:\Windows\System\RxlBRhL.exe
  2⤵
  PID:12396
- C:\Windows\System\NKlTzYL.exe
  C:\Windows\System\NKlTzYL.exe
  2⤵
  PID:12416
- C:\Windows\System\rPsoLWw.exe
  C:\Windows\System\rPsoLWw.exe
  2⤵
  PID:12444
- C:\Windows\System\KjxsNNX.exe
  C:\Windows\System\KjxsNNX.exe
  2⤵
  PID:12464
- C:\Windows\System\bqMSBuZ.exe
  C:\Windows\System\bqMSBuZ.exe
  2⤵
  PID:12484
- C:\Windows\System\inoRfbw.exe
  C:\Windows\System\inoRfbw.exe
  2⤵
  PID:12500
- C:\Windows\System\QsJaHuu.exe
  C:\Windows\System\QsJaHuu.exe
  2⤵
  PID:12516
- C:\Windows\System\PWhbOPR.exe
  C:\Windows\System\PWhbOPR.exe
  2⤵
  PID:12532
- C:\Windows\System\cZHMoRa.exe
  C:\Windows\System\cZHMoRa.exe
  2⤵
  PID:12548
- C:\Windows\System\OipoKOt.exe
  C:\Windows\System\OipoKOt.exe
  2⤵
  PID:12564
- C:\Windows\System\EOjeUTT.exe
  C:\Windows\System\EOjeUTT.exe
  2⤵
  PID:12580
- C:\Windows\System\vszxZvL.exe
  C:\Windows\System\vszxZvL.exe
  2⤵
  PID:12596
- C:\Windows\System\gEMCOIM.exe
  C:\Windows\System\gEMCOIM.exe
  2⤵
  PID:12612
- C:\Windows\System\lLzmTii.exe
  C:\Windows\System\lLzmTii.exe
  2⤵
  PID:12632
- C:\Windows\System\kITyQqf.exe
  C:\Windows\System\kITyQqf.exe
  2⤵
  PID:12652
- C:\Windows\System\kAqLjiE.exe
  C:\Windows\System\kAqLjiE.exe
  2⤵
  PID:12676
- C:\Windows\System\lKJYhBe.exe
  C:\Windows\System\lKJYhBe.exe
  2⤵
  PID:12692
- C:\Windows\System\DeqULBj.exe
  C:\Windows\System\DeqULBj.exe
  2⤵
  PID:12716
- C:\Windows\System\hIGXiJn.exe
  C:\Windows\System\hIGXiJn.exe
  2⤵
  PID:12736
- C:\Windows\System\EuulBMH.exe
  C:\Windows\System\EuulBMH.exe
  2⤵
  PID:12760
- C:\Windows\System\inPRLth.exe
  C:\Windows\System\inPRLth.exe
  2⤵
  PID:12784
- C:\Windows\System\FhYJGBk.exe
  C:\Windows\System\FhYJGBk.exe
  2⤵
  PID:12800
- C:\Windows\System\uuyLXAo.exe
  C:\Windows\System\uuyLXAo.exe
  2⤵
  PID:12816
- C:\Windows\System\kIvQwUN.exe
  C:\Windows\System\kIvQwUN.exe
  2⤵
  PID:12836
- C:\Windows\System\BZMwDnM.exe
  C:\Windows\System\BZMwDnM.exe
  2⤵
  PID:12852
- C:\Windows\System\BNZTRIy.exe
  C:\Windows\System\BNZTRIy.exe
  2⤵
  PID:12868
- C:\Windows\System\GHYevwl.exe
  C:\Windows\System\GHYevwl.exe
  2⤵
  PID:12888
- C:\Windows\System\GFjzuKi.exe
  C:\Windows\System\GFjzuKi.exe
  2⤵
  PID:12920
- C:\Windows\System\fNsbrLY.exe
  C:\Windows\System\fNsbrLY.exe
  2⤵
  PID:12936
- C:\Windows\System\niGKZQT.exe
  C:\Windows\System\niGKZQT.exe
  2⤵
  PID:12956
- C:\Windows\System\FZJfJDq.exe
  C:\Windows\System\FZJfJDq.exe
  2⤵
  PID:12980
- C:\Windows\System\rZilTTu.exe
  C:\Windows\System\rZilTTu.exe
  2⤵
  PID:13000
- C:\Windows\System\uDXtDgB.exe
  C:\Windows\System\uDXtDgB.exe
  2⤵
  PID:13020
- C:\Windows\System\KWibwpX.exe
  C:\Windows\System\KWibwpX.exe
  2⤵
  PID:13044
- C:\Windows\System\GNrlOAs.exe
  C:\Windows\System\GNrlOAs.exe
  2⤵
  PID:13064
- C:\Windows\System\TGofmOI.exe
  C:\Windows\System\TGofmOI.exe
  2⤵
  PID:13088
- C:\Windows\System\MYtHCqR.exe
  C:\Windows\System\MYtHCqR.exe
  2⤵
  PID:13104
- C:\Windows\System\ZfOnTTA.exe
  C:\Windows\System\ZfOnTTA.exe
  2⤵
  PID:13124
- C:\Windows\System\NyLsDgP.exe
  C:\Windows\System\NyLsDgP.exe
  2⤵
  PID:13144
- C:\Windows\System\TsPFlYl.exe
  C:\Windows\System\TsPFlYl.exe
  2⤵
  PID:13168
- C:\Windows\System\pKIUlyj.exe
  C:\Windows\System\pKIUlyj.exe
  2⤵
  PID:13192
- C:\Windows\System\GSczZnV.exe
  C:\Windows\System\GSczZnV.exe
  2⤵
  PID:13212
- C:\Windows\System\lYCrwQO.exe
  C:\Windows\System\lYCrwQO.exe
  2⤵
  PID:13240
- C:\Windows\System\DKmHQYK.exe
  C:\Windows\System\DKmHQYK.exe
  2⤵
  PID:13256
- C:\Windows\System\WleovPP.exe
  C:\Windows\System\WleovPP.exe
  2⤵
  PID:13276
- C:\Windows\System\njKUoYI.exe
  C:\Windows\System\njKUoYI.exe
  2⤵
  PID:13296
- C:\Windows\System\AiPKYTI.exe
  C:\Windows\System\AiPKYTI.exe
  2⤵
  PID:11700
- C:\Windows\System\KdPGkfc.exe
  C:\Windows\System\KdPGkfc.exe
  2⤵
  PID:11608
- C:\Windows\System\MhQhvyB.exe
  C:\Windows\System\MhQhvyB.exe
  2⤵
  PID:11796
- C:\Windows\System\FAaIZdm.exe
  C:\Windows\System\FAaIZdm.exe
  2⤵
  PID:12492
- C:\Windows\System\CCHWJdE.exe
  C:\Windows\System\CCHWJdE.exe
  2⤵
  PID:12544
- C:\Windows\System\ykWhlpO.exe
  C:\Windows\System\ykWhlpO.exe
  2⤵
  PID:12648
- C:\Windows\System\ZljYtCp.exe
  C:\Windows\System\ZljYtCp.exe
  2⤵
  PID:11172
- C:\Windows\System\NMBSskA.exe
  C:\Windows\System\NMBSskA.exe
  2⤵
  PID:12748
- C:\Windows\System\fMNwKnP.exe
  C:\Windows\System\fMNwKnP.exe
  2⤵
  PID:12252
- C:\Windows\System\XFUcZdg.exe
  C:\Windows\System\XFUcZdg.exe
  2⤵
  PID:12404
- C:\Windows\System\uWLUyhT.exe
  C:\Windows\System\uWLUyhT.exe
  2⤵
  PID:12792
- C:\Windows\System\xqMFuki.exe
  C:\Windows\System\xqMFuki.exe
  2⤵
  PID:12528
- C:\Windows\System\axYjdCl.exe
  C:\Windows\System\axYjdCl.exe
  2⤵
  PID:12644
- C:\Windows\System\TsTNBVH.exe
  C:\Windows\System\TsTNBVH.exe
  2⤵
  PID:12976
- C:\Windows\System\zDwcHoj.exe
  C:\Windows\System\zDwcHoj.exe
  2⤵
  PID:13032
- C:\Windows\System\RaIlVrY.exe
  C:\Windows\System\RaIlVrY.exe
  2⤵
  PID:13096
- C:\Windows\System\vfJBqSL.exe
  C:\Windows\System\vfJBqSL.exe
  2⤵
  PID:13152
- C:\Windows\System\omcgBJs.exe
  C:\Windows\System\omcgBJs.exe
  2⤵
  PID:13316
- C:\Windows\System\PKKWlPM.exe
  C:\Windows\System\PKKWlPM.exe
  2⤵
  PID:13332
- C:\Windows\System\VxctJXE.exe
  C:\Windows\System\VxctJXE.exe
  2⤵
  PID:13348
- C:\Windows\System\fmiGeIr.exe
  C:\Windows\System\fmiGeIr.exe
  2⤵
  PID:13368
- C:\Windows\System\bvDgxju.exe
  C:\Windows\System\bvDgxju.exe
  2⤵
  PID:13384
- C:\Windows\System\xiHANYv.exe
  C:\Windows\System\xiHANYv.exe
  2⤵
  PID:13400
- C:\Windows\System\YoZeeCW.exe
  C:\Windows\System\YoZeeCW.exe
  2⤵
  PID:13416
- C:\Windows\System\cNUbJQL.exe
  C:\Windows\System\cNUbJQL.exe
  2⤵
  PID:13432
- C:\Windows\System\jCzJZFA.exe
  C:\Windows\System\jCzJZFA.exe
  2⤵
  PID:13448
- C:\Windows\System\dztBxev.exe
  C:\Windows\System\dztBxev.exe
  2⤵
  PID:13464
- C:\Windows\System\lrisDsx.exe
  C:\Windows\System\lrisDsx.exe
  2⤵
  PID:13480
- C:\Windows\System\JXAcwYs.exe
  C:\Windows\System\JXAcwYs.exe
  2⤵
  PID:13496
- C:\Windows\System\ZrdwYVB.exe
  C:\Windows\System\ZrdwYVB.exe
  2⤵
  PID:13512
- C:\Windows\System\YMMgHqg.exe
  C:\Windows\System\YMMgHqg.exe
  2⤵
  PID:13536
- C:\Windows\System\cPNThca.exe
  C:\Windows\System\cPNThca.exe
  2⤵
  PID:13556
- C:\Windows\System\DRzzDcS.exe
  C:\Windows\System\DRzzDcS.exe
  2⤵
  PID:13580
- C:\Windows\System\zjQioYU.exe
  C:\Windows\System\zjQioYU.exe
  2⤵
  PID:13600
- C:\Windows\System\ZrCxLBz.exe
  C:\Windows\System\ZrCxLBz.exe
  2⤵
  PID:13620
- C:\Windows\System\JrsAdgw.exe
  C:\Windows\System\JrsAdgw.exe
  2⤵
  PID:13640
- C:\Windows\System\zKcSQFW.exe
  C:\Windows\System\zKcSQFW.exe
  2⤵
  PID:13664
- C:\Windows\System\sAMkpHj.exe
  C:\Windows\System\sAMkpHj.exe
  2⤵
  PID:13692
- C:\Windows\System\zBCWKLR.exe
  C:\Windows\System\zBCWKLR.exe
  2⤵
  PID:13712
- C:\Windows\System\uGhageL.exe
  C:\Windows\System\uGhageL.exe
  2⤵
  PID:13728
- C:\Windows\System\gggvYWa.exe
  C:\Windows\System\gggvYWa.exe
  2⤵
  PID:13752
- C:\Windows\System\PIFyuZB.exe
  C:\Windows\System\PIFyuZB.exe
  2⤵
  PID:13776
- C:\Windows\System\YaMXSts.exe
  C:\Windows\System\YaMXSts.exe
  2⤵
  PID:13800
- C:\Windows\System\SfhkTxQ.exe
  C:\Windows\System\SfhkTxQ.exe
  2⤵
  PID:13824
- C:\Windows\System\DFxSEQz.exe
  C:\Windows\System\DFxSEQz.exe
  2⤵
  PID:13848
- C:\Windows\System\MUhDOeL.exe
  C:\Windows\System\MUhDOeL.exe
  2⤵
  PID:13868
- C:\Windows\System\ZibTChA.exe
  C:\Windows\System\ZibTChA.exe
  2⤵
  PID:13888
- C:\Windows\System\jtjGpjy.exe
  C:\Windows\System\jtjGpjy.exe
  2⤵
  PID:13908
- C:\Windows\System\aBSvcjy.exe
  C:\Windows\System\aBSvcjy.exe
  2⤵
  PID:13928
- C:\Windows\System\OVtKwYM.exe
  C:\Windows\System\OVtKwYM.exe
  2⤵
  PID:13948
- C:\Windows\System\zpyovlw.exe
  C:\Windows\System\zpyovlw.exe
  2⤵
  PID:13968
- C:\Windows\System\ULinyia.exe
  C:\Windows\System\ULinyia.exe
  2⤵
  PID:13992
- C:\Windows\System\RBjKqNp.exe
  C:\Windows\System\RBjKqNp.exe
  2⤵
  PID:14012
- C:\Windows\System\VNhXssL.exe
  C:\Windows\System\VNhXssL.exe
  2⤵
  PID:14032
- C:\Windows\System\mHetjXP.exe
  C:\Windows\System\mHetjXP.exe
  2⤵
  PID:14060
- C:\Windows\System\vmsSqUV.exe
  C:\Windows\System\vmsSqUV.exe
  2⤵
  PID:14084
- C:\Windows\System\DpiXhHn.exe
  C:\Windows\System\DpiXhHn.exe
  2⤵
  PID:14100
- C:\Windows\System\yyGxItz.exe
  C:\Windows\System\yyGxItz.exe
  2⤵
  PID:14120
- C:\Windows\System\fERRIoI.exe
  C:\Windows\System\fERRIoI.exe
  2⤵
  PID:14140
- C:\Windows\System\OmInLdA.exe
  C:\Windows\System\OmInLdA.exe
  2⤵
  PID:14160
- C:\Windows\System\jNWRrec.exe
  C:\Windows\System\jNWRrec.exe
  2⤵
  PID:14176
- C:\Windows\System\mugETMa.exe
  C:\Windows\System\mugETMa.exe
  2⤵
  PID:14192
- C:\Windows\System\lCevrvW.exe
  C:\Windows\System\lCevrvW.exe
  2⤵
  PID:14208
- C:\Windows\System\BVQDdgB.exe
  C:\Windows\System\BVQDdgB.exe
  2⤵
  PID:916
- C:\Windows\System\TlVbBrd.exe
  C:\Windows\System\TlVbBrd.exe
  2⤵
  PID:13816
- C:\Windows\System\Vqmittu.exe
  C:\Windows\System\Vqmittu.exe
  2⤵
  PID:13880
- C:\Windows\System\OqojaWI.exe
  C:\Windows\System\OqojaWI.exe
  2⤵
  PID:14008
- C:\Windows\System\wvTNumT.exe
  C:\Windows\System\wvTNumT.exe
  2⤵
  PID:13392
- C:\Windows\System\TTDFWKG.exe
  C:\Windows\System\TTDFWKG.exe
  2⤵
  PID:13460
- C:\Windows\System\LsZTshg.exe
  C:\Windows\System\LsZTshg.exe
  2⤵
  PID:14332
- C:\Windows\System\enbHeOT.exe
  C:\Windows\System\enbHeOT.exe
  2⤵
  PID:5056
- C:\Windows\System\qIbSEeZ.exe
  C:\Windows\System\qIbSEeZ.exe
  2⤵
  PID:13896
- C:\Windows\System\brgwlvH.exe
  C:\Windows\System\brgwlvH.exe
  2⤵
  PID:14220
- C:\Windows\System\NKAjxbU.exe
  C:\Windows\System\NKAjxbU.exe
  2⤵
  PID:13252
- C:\Windows\System\sNQduqT.exe
  C:\Windows\System\sNQduqT.exe
  2⤵
  PID:13288
- C:\Windows\System\kmRMydN.exe
  C:\Windows\System\kmRMydN.exe
  2⤵
  PID:14172
- C:\Windows\System\hWylKSa.exe
  C:\Windows\System\hWylKSa.exe
  2⤵
  PID:12948
- C:\Windows\System\WJHWZtW.exe
  C:\Windows\System\WJHWZtW.exe
  2⤵
  PID:14216
- C:\Windows\System\FgZjAmz.exe
  C:\Windows\System\FgZjAmz.exe
  2⤵
  PID:11476
- C:\Windows\System\ScmPGyA.exe
  C:\Windows\System\ScmPGyA.exe
  2⤵
  PID:14328
- C:\Windows\System\swRtvrP.exe
  C:\Windows\System\swRtvrP.exe
  2⤵
  PID:14244
- C:\Windows\System\PIwozgH.exe
  C:\Windows\System\PIwozgH.exe
  2⤵
  PID:13076
- C:\Windows\System\vSFRLwQ.exe
  C:\Windows\System\vSFRLwQ.exe
  2⤵
  PID:14296
- C:\Windows\System\xhapTiy.exe
  C:\Windows\System\xhapTiy.exe
  2⤵
  PID:13224
- C:\Windows\System\QIKQUhG.exe
  C:\Windows\System\QIKQUhG.exe
  2⤵
  PID:14076

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BPHLMvY.exe

Filesize
1.5MB

MD5
419507ba4ed77a0169430c12060b2781

SHA1
ac36a4bfad6979d3758e6154518c18ee351fef97

SHA256
0ba1cb46530f345f78d317cd76714ffa17e3d0cc4329a9f2c4de560090fc841d

SHA512
598b40988144197c4e4a16ee79053c4241e12a37f40546c0e38ef27ad10ef5d9abffccd0de44ea422522c910e8cbce499625a303442b03779849b8cf56c2ea26

Download Submit
C:\Windows\System\BZaoYFQ.exe

Filesize
1.5MB

MD5
9962fda271daae8bb8351cc99dc4b58a

SHA1
62360f260dfd4893c7ac8a43e3c2834a86ca055b

SHA256
e61c92ec8ce74937b57f8fe17190b954ec63e244ae8693234a5af71763c813bb

SHA512
4077c1e225eca04f673d460da3b3ea2bd3e6f14f2e65897a46f08076be9031f3a77886193f551a2993761c9ec2f27c516936a6f8f4e7b8e1b81895c0bfc169dc

Download Submit
C:\Windows\System\BoMmufv.exe

Filesize
1.5MB

MD5
2c883522b1b5880e6c0749a5a679fe92

SHA1
9be249e67a1d7530b449c8000aed7b6998e8957d

SHA256
72287b1541adbdbf2a58c00c569c3cc012cd5aca3890b22801b756ffb07a9d27

SHA512
374335c994d18998b07a6ac2eafe1306ade455a2f56a6f0c43442c34ac94d7f7f45c247415c398cbaf6775e6bdb776c8c86675406912ddcd3451b70f943bf9b7

Download Submit
C:\Windows\System\BycwdUa.exe

Filesize
1.5MB

MD5
75a5dcff7b24aef555ac19367bd2079a

SHA1
ddf7aaaddcb85dc1bf4b41d2514be733ade10fd3

SHA256
cd788bc675bf258c3a7bc0cbc03dc28f6daf4d8432f5dd58f703eb933b344fb6

SHA512
11b6d1e3e90a4f1cc9ca825db11fbcde4451a3c971a8a7027977792f8203fc151e586f7a19327c470755adbc7c118210249e4933a67c3f6b2d0a9c819b1af927

Download Submit
C:\Windows\System\FKjWhaZ.exe

Filesize
1.5MB

MD5
1192e0a052e7c49fb7ddf198e210a1f9

SHA1
8bbe420805db4af58bed29bef9d87163bc85ecce

SHA256
4946db7fb6920c62974130d208ed74c726a41a27795c107154df50ff458dd15a

SHA512
d7d7088bd30b51bd7cedccfb21205c649059ad3ba3d810bcecd4be69c5604725de50b9f83fefabad9304107aae05d5cd905ddd7c9f37b40b046bc3b163fd7d43

Download Submit
C:\Windows\System\FRQOGHP.exe

Filesize
1.5MB

MD5
13a491eb5087dace0d8422bb8628dca5

SHA1
9325b96d3c34fbab8f0c6738e696fe579dc5e3b9

SHA256
ebd5b6f42505a7f20d697b8b2d341f606d4d31ab1d894ec083dbf9eef468ba07

SHA512
89cdc5b4bb784f3e185588547e69667e06d46a1ab89aee97bd735d089f6d719a9b1ba109c16335eec38254ac4239802764308b054850f665077a13e00d759479

Download Submit
C:\Windows\System\GKERBKh.exe

Filesize
1.5MB

MD5
1787d17bde08dca021d17b49a3ce9573

SHA1
fe1f57cf0143109d8c0383429bc2a122ce4739d4

SHA256
963ea3f7c12e696b72400a2d2709ab0da604a96ab65935e9ca3a961d04672180

SHA512
7281e576fe67a293c5d9179894febf92e69b3ca2db395868f178aae0c9b61ebcef6c7279ef73396c25d3817e3f2317af2438aa9fe3898f87a84eb36c41d08a3b

Download Submit
C:\Windows\System\GQfboVj.exe

Filesize
1.5MB

MD5
ff3e468cec2d734748dae6c674317076

SHA1
773c9d4e359a64c71dbca601fbadedd753059282

SHA256
8b32a96f51d3c064654d70b7225b190ec6a5d31bf225ecec10e59f5f4fbe4542

SHA512
26f439b67b26814a0a25e79248fb0c11ec92a767fd56f58a2463e5c5ebe79f8e3e6f9a0876574d323d0043fa5ad04b544d45c2dce43f4ea8be5cad2900608373

Download Submit
C:\Windows\System\JWaMGmk.exe

Filesize
1.5MB

MD5
69bc1744cddcdb6d644ae9d0e5e25b84

SHA1
b9cf1e4289b5c3866e9e83b0ebf967600b21dff9

SHA256
1e8c7255174d118bb4fb2072cb96aa15e6b0494d61c33193d4d381a592236bed

SHA512
1672faf79385f11ad9ab016153c7cf70482b6c93420b1867772a69ddc7a85dcf9c5b12ec58b59873107ca63985ab08249b94fae4ded5ccb9d04581c89274e545

Download Submit
C:\Windows\System\MRsdniA.exe

Filesize
1.5MB

MD5
684e26b3077d17db9135d5127daf3884

SHA1
a79fb86b22f9a68b91c659c8647d171be9a9131e

SHA256
a678999ba975b871f5428a7aeae7cae8bf13b8ff8b548d285e4b23365117bf35

SHA512
137b7b4419e3fe0379c9a44ba090a25d0265ce917e24f9cde934298b74cdd515efb0e1f1ff3825183bb9418d37129f8993344eec31e2f07687bdf5ccfb17ba9b

Download Submit
C:\Windows\System\NHrmugf.exe

Filesize
1.5MB

MD5
1befa852fd2490b3b909cdb045401e45

SHA1
c48a332c08956b34c265a205b83f7981fd02fdd0

SHA256
ffea6749a6f79f92cbbe067169c5d878ff51bfaffa7cda4d6bc6dc541eb25242

SHA512
45fd4343e2f67fc614231d894bc1e0448a4e466bdb12b7a18a12d7ad464162816eed2c9825a4a6352234cd8f35e8cc23cad1c407cb1559c7b24d809b241bff2e

Download Submit
C:\Windows\System\QkFzlgd.exe

Filesize
1.5MB

MD5
cddb5b8c680aa89394925e8ea7dc8383

SHA1
0ee4f233dec1fd9d15f9da0deefab58c931c2752

SHA256
63f9bd12e0a3b849138562bf6f116cadef1bfea289b9ce5dc0d55de518aea830

SHA512
3d057f2fbbcdd86d13fb49a73bfec15293b0c7154df59e753ba300afa5931e515850aa0834b9a260602677d746934804973666fd8e066ef8f655b240ea061b68

Download Submit
C:\Windows\System\SDnVYEU.exe

Filesize
1.5MB

MD5
1e8051f9d4f6b070b8481dc630e562b8

SHA1
ea3fdf908d8bec8c484a9de2d5fd42ac0b20da6a

SHA256
ef251e78348f8c45d742485f68a82091843ac497d9147b0eca5144e91d0bd327

SHA512
722491ddb78ad856b85eb50d8b63f3d55718aa4eebfce2fd17ff3ff0b3e2fa5afd298b2aa91c8e04bbf7439628221968a80e1e3c6c68d159d7956dce2492155e

Download Submit
C:\Windows\System\TZzzjIa.exe

Filesize
1.5MB

MD5
801ee35a1ae3c9dd49be64f928786797

SHA1
69c196c17fe4d63605c5493ca4cd908221f3fc3e

SHA256
16ce428d1fb432623fdb4872ac73851e1c2f59b8b726f8248bc77567a9693f97

SHA512
1f7e78b8f8e0d3ad835486c45031d9e05fd747e160507003fa1ae2db1bde9de5121d77e9cbab2ced59abf4ed77e52e44a79c32aa698a68157fad3eac8c350be6

Download Submit
C:\Windows\System\WUewPdT.exe

Filesize
1.5MB

MD5
1f64d9c7fafa7ee87442d3f724154148

SHA1
952599009923a506f808cf2575dcda1f0c536c57

SHA256
a170b68a4802e1966bedb3e6f7cb004c931b2aeeb70464ecf236c93550fc2ff9

SHA512
af36f6cc0842e32ed5a2c5d071b5e5d48531f9963275fd75f3f27f1dd82c891612150de11d04c92234ad598d5b820d2d40b32640662f5511fafa753891700521

Download Submit
C:\Windows\System\WmHHoXP.exe

Filesize
1.5MB

MD5
80820f852aaf4ddabc8295b1cd5172ac

SHA1
093156fdd9c926ec4b189e52075fa2da248ad6f3

SHA256
090e95828e36125f92333731ad977adcc274e1abfacbd5c1a84054c6c2a093eb

SHA512
2e7dc7f324e21ecd14771e9ae993eebec27c99a4edc13d70b3f3e9539da263b0b7f52e24f2a6ebe4e9ad355fcb2e48566c0611b8308b52056ee648d2dd5494eb

Download Submit
C:\Windows\System\YKSKCew.exe

Filesize
1.5MB

MD5
a5ac02f6ba2ffa18a2207ed98ed53f81

SHA1
1f26b940ab18bd9541df4a8d405bccdc5451458e

SHA256
bd70e5e9dfe99b017077c752f07d27949c264b27b29c24d8f9cd8a3492111c7c

SHA512
2d5508ac1fdb8474f97db2b9088545d426f5cc872693a6c6d024aa6b8c8c7bed87b9a0ac44eb10c2b83072751e990e02ce7d3cd11f380bc60740728acc451c5e

Download Submit
C:\Windows\System\YbYmSUd.exe

Filesize
1.5MB

MD5
a5b01754a97550ed81c1802af82ecdf0

SHA1
a9cad889a977b0c70d9ef2cacabdbceb5dc313e2

SHA256
a0ff72380522e2f78e3fee9819914b37d4e12281ad8afac9854b546b98be9879

SHA512
d511831cee19d8cdda1345e02317e5f37efaeb0641dd08c2489bed1e31efc3df3127171d3701f5282e2850b3957ae8d4533063b1a905042eb547f1351c14f278

Download Submit
C:\Windows\System\YkMpnEo.exe

Filesize
1.5MB

MD5
c0974d9c98fe0177fcf34832ae60f2b6

SHA1
009ce4745664985b5cb43353733d7630d41fedf1

SHA256
1e804fc3468a10d7f5323a1bb9fe55f806ed5bd1fd72602597d7a4bb788a1729

SHA512
a623e3471e82ae796408bb5621d161de49ec30d105e29125a6255bc6baf602d2fcd709fbb20007be594c5f8a72a8abb48bc06d90c13f06c18e42286849119f6c

Download Submit
C:\Windows\System\dWrtIMA.exe

Filesize
1.5MB

MD5
f3b512b3e809714be18b923e38392ea2

SHA1
999c5a26bd9a93328bd8c628f9a42b19683a32c4

SHA256
5bdb76909feaef5eac7505b7d7cbc82d72b93758eb6ef48b8e0074d8570fc9ca

SHA512
9b6657311d7455e1f4362abec0e40537f8c43c134940f15ce45165538f8f755321ac6d86467315fdec9c125e2f41605f88ba7b8d5a1befe9e428f8cc10256ce1

Download Submit
C:\Windows\System\fYnTZwy.exe

Filesize
1.5MB

MD5
9cb90370eb4acaa4f494d832ea367f3d

SHA1
a580a5d88801bae6115b41cad368b583f2679fe6

SHA256
2215d31604a896ef63447de012d63e2196a1aca8fe9cd9fc35c2d2dda5a7c2d0

SHA512
c4cf9aa86eb6c044b6feb869bfa2dd3e5fe44d50e1ecde6edbff320ffd2fb818bee7c73f2d4c98ff3a7e1e4901297a45c02ca618ee56d76c195f09f857707810

Download Submit
C:\Windows\System\gXGXDEa.exe

Filesize
1.5MB

MD5
0520e57a2dede3a518161c78a754e367

SHA1
b69fc2de770433d8e8b732ecad60964b813bb879

SHA256
d924434bc93e4352d3b0910d0f8f0d21f9a0613ce13ae5831254849857078f8b

SHA512
9fd000065552577405e3c563b1a380c181ca46be382975469f8829449e9f9e14fa6deb47d1300c3a93a049940519903432ec32151e901a39dfb698159163d73b

Download Submit
C:\Windows\System\ggxVZHK.exe

Filesize
1.5MB

MD5
96d917d7e215810c751b948f8faf7917

SHA1
9a5a2c203ddb884b5ed18b9a3fd4950555550147

SHA256
d64987d3d2e851c3e498fc2b668346f0f146680a7772d2449ae64ea2894746d9

SHA512
195fa8f3f9060603e0c4f26507aea58708f8a58cca88883af7aebade760bc9e7218058f0d3b284d210d732b6ba5066d8d8eb2210ec34e2649d7c95fd1dfdce67

Download Submit
C:\Windows\System\hHeJDWu.exe

Filesize
1.5MB

MD5
5841572490f32016affa6ddec10c7376

SHA1
3dec2f16caf46193b8c1c5c0f05ca4f74aacf64a

SHA256
ee29ca178b3d10d6c52c709ce4f889f7d9c09f94a83f08846f0c06d7741d3cfa

SHA512
9c170d58e08c096670984dfd3848ecb55c8830d563637dfa014aa7c133997fdda1d22f4cee0bf6b5ab6d135bcc1f81c3c842684945cc201e007664a42632b6b5

Download Submit
C:\Windows\System\jKwvvAn.exe

Filesize
1.5MB

MD5
d96215d668aaea506884587bdbadda9a

SHA1
025ce2ce7998c7408c18c28dab9ccdaf5542e0ab

SHA256
235f5e44e7d337cc1c3d4e68dc724ac3d1b10e8831f691eba8a222df5a477a61

SHA512
cc2d25218c3c0c290265dc9f76c753febb9486be8f7c9a1968a8e65049bbbb7c7b9d793b3c55b52455bf0021e6579633adbfccb02735c6de17b2f67a9eee2e5e

Download Submit
C:\Windows\System\jSAoRku.exe

Filesize
1.5MB

MD5
0bd8c4a4a92f21efbd4a1ea1daf2ab34

SHA1
8a411e160685a49c7904de0be74ed9517242c610

SHA256
bffaa5b41e90c8637fa846e4ac129ebce0f95d048bdddf572b01b5dec99b6362

SHA512
fbf415e8b900c1180689a19052c2bed7c750d499403df2804cd695b44cd2918131b90535ca435c34f8aff1bf364c4e80d7998b796173a06e6cee89244b7aedaa

Download Submit
C:\Windows\System\jYIGbEm.exe

Filesize
1.5MB

MD5
8ba911f0927fa13762a012db2407ba72

SHA1
2d9259f576987fc1f64ea7cd7ea81ece76e69d25

SHA256
afae9026e24a13d04ee80e6f39214164eb8e2c0912c6b233c7321abfc70ae935

SHA512
e9724f135fb3339ee63dd8129ed3ff3ec1fb89a66f74ed56f7280b77d9238d18ac792ce122d66fd34bf28460ca39ba922add0760a60f4fb82d8f95c3a93f44eb

Download Submit
C:\Windows\System\pjaeJoP.exe

Filesize
1.5MB

MD5
99f016de5245d4662e70ee1e391edc9c

SHA1
aeb95eaa8c4ec76c35d501ef90465357fbd8a668

SHA256
e15d70132bfe4df8e8c73fa22b8926b5c87b9d289b9693d0b8812ba017b50d20

SHA512
8cc2b43b8b93468823487bb83aa846c22210fcd1da7abe67342f9a99baca36683c43fccf269f6f74643db0c315b287d45546ed00842e85a68901d7f6271cd499

Download Submit
C:\Windows\System\uuFNcrB.exe

Filesize
1.5MB

MD5
375e7d147c0867366490595cddbcd5a8

SHA1
ff40d2f912e408a3f4e348f06529a175af45711d

SHA256
9ea37b421ab6c0af106be9c94fba1723252a85f65ef5a7eb7c4c4330199a8eb2

SHA512
3aa29ea2cbb32f3be2ee4a9e79c192b4a04b9fcf981e7864f5195a7f7d934716920d71a2523aebebd9f0f64345118205fe7fed33a1ab5a33e35fc432ac9a85af

Download Submit
C:\Windows\System\vivBTIU.exe

Filesize
1.5MB

MD5
5d78e495361d5dd5d8c0669acdb337b9

SHA1
d2f617321600029902f6d23198aa20cd89a3d898

SHA256
56cf9c0ee0701419428fd5185a3e088340e043de18cd923abb466f4c8eb1f4ed

SHA512
467994377bca94607f2f10c9d382cefd4457bc054341719b662d0ae970cfbd2dc02b0fa45a6ee5f5b225effabcf6eee5b63065c4c5c9bacf87bfd53fddb172ea

Download Submit
C:\Windows\System\xLUKXcE.exe

Filesize
1.5MB

MD5
f825355f33b4bbf8e0ac757f7a81f553

SHA1
f3e839c95dfd6171c29fd20969cfb0181b679756

SHA256
19b9c190e7eb8fd2f84d7c8abb4cce6614aae092ad7b9663a1c2cc5036f645e9

SHA512
55fa15773317650c626b99bbd1c6b3f42ddcbfb30c97a6f581effa7dcee54d27484d628c41149c2b8698aade3a09d4bda3bea8f5722f41da8887971bf62b3701

Download Submit
C:\Windows\System\zkcHkEf.exe

Filesize
1.5MB

MD5
f6b2b2aad5ba533b13c8b14bd1b88ebc

SHA1
e027751848cc3e674af2329861eab4c27048c5f1

SHA256
088a3454642ed16ba1e56e8ba610e44887908a51e00c78490860a2bde38c7b8d

SHA512
b111e696418bcc8f2ef04813de01496c9ad9bf679715fd08e6a6452876d2b335858df285a44033bf9c06389aac375fdf425bdcff6b04db0846c6adf6cb1a3fcb

Download Submit
C:\Windows\System\zwrlfbg.exe

Filesize
1.5MB

MD5
d966a17ba0a4a78c84de95c94c524c53

SHA1
fdaf892b5abe74799d8a0c63f98ac641f1472c84

SHA256
e7b4b85e2237b53bf2834126ee7aa032a02b87f377b1d60c063056ab62407c87

SHA512
654cb761da7673b7b69e35184a865f2c5e6eb78e2dea0386f3666212f2447c0373ead902bba080260424dacf5d37971c68bc6420027fbcb32281aede266ea9e5

Download Submit
memory/60-2488-0x00007FF70FA20000-0x00007FF70FD71000-memory.dmp

Filesize
3.3MB

Download
memory/60-498-0x00007FF70FA20000-0x00007FF70FD71000-memory.dmp

Filesize
3.3MB

Download
memory/444-520-0x00007FF761400000-0x00007FF761751000-memory.dmp

Filesize
3.3MB

Download
memory/444-2518-0x00007FF761400000-0x00007FF761751000-memory.dmp

Filesize
3.3MB

Download
memory/1080-2494-0x00007FF625990000-0x00007FF625CE1000-memory.dmp

Filesize
3.3MB

Download
memory/1080-508-0x00007FF625990000-0x00007FF625CE1000-memory.dmp

Filesize
3.3MB

Download
memory/1732-2491-0x00007FF6F1830000-0x00007FF6F1B81000-memory.dmp

Filesize
3.3MB

Download
memory/1732-503-0x00007FF6F1830000-0x00007FF6F1B81000-memory.dmp

Filesize
3.3MB

Download
memory/2296-2515-0x00007FF63F6D0000-0x00007FF63FA21000-memory.dmp

Filesize
3.3MB

Download
memory/2296-522-0x00007FF63F6D0000-0x00007FF63FA21000-memory.dmp

Filesize
3.3MB

Download
memory/2312-531-0x00007FF672CE0000-0x00007FF673031000-memory.dmp

Filesize
3.3MB

Download
memory/2312-2512-0x00007FF672CE0000-0x00007FF673031000-memory.dmp

Filesize
3.3MB

Download
memory/2492-510-0x00007FF6C53C0000-0x00007FF6C5711000-memory.dmp

Filesize
3.3MB

Download
memory/2492-2522-0x00007FF6C53C0000-0x00007FF6C5711000-memory.dmp

Filesize
3.3MB

Download
memory/2516-2530-0x00007FF7D60F0000-0x00007FF7D6441000-memory.dmp

Filesize
3.3MB

Download
memory/2516-539-0x00007FF7D60F0000-0x00007FF7D6441000-memory.dmp

Filesize
3.3MB

Download
memory/2592-2504-0x00007FF6A5A50000-0x00007FF6A5DA1000-memory.dmp

Filesize
3.3MB

Download
memory/2592-526-0x00007FF6A5A50000-0x00007FF6A5DA1000-memory.dmp

Filesize
3.3MB

Download
memory/2840-2486-0x00007FF662040000-0x00007FF662391000-memory.dmp

Filesize
3.3MB

Download
memory/2840-32-0x00007FF662040000-0x00007FF662391000-memory.dmp

Filesize
3.3MB

Download
memory/2856-2452-0x00007FF650910000-0x00007FF650C61000-memory.dmp

Filesize
3.3MB

Download
memory/2856-2478-0x00007FF650910000-0x00007FF650C61000-memory.dmp

Filesize
3.3MB

Download
memory/2856-16-0x00007FF650910000-0x00007FF650C61000-memory.dmp

Filesize
3.3MB

Download
memory/2892-2476-0x00007FF6B1D00000-0x00007FF6B2051000-memory.dmp

Filesize
3.3MB

Download
memory/2892-9-0x00007FF6B1D00000-0x00007FF6B2051000-memory.dmp

Filesize
3.3MB

Download
memory/2892-2454-0x00007FF6B1D00000-0x00007FF6B2051000-memory.dmp

Filesize
3.3MB

Download
memory/2988-2517-0x00007FF7B8D40000-0x00007FF7B9091000-memory.dmp

Filesize
3.3MB

Download
memory/2988-521-0x00007FF7B8D40000-0x00007FF7B9091000-memory.dmp

Filesize
3.3MB

Download
memory/3056-495-0x00007FF74B030000-0x00007FF74B381000-memory.dmp

Filesize
3.3MB

Download
memory/3056-2482-0x00007FF74B030000-0x00007FF74B381000-memory.dmp

Filesize
3.3MB

Download
memory/3380-2511-0x00007FF6B48A0000-0x00007FF6B4BF1000-memory.dmp

Filesize
3.3MB

Download
memory/3380-514-0x00007FF6B48A0000-0x00007FF6B4BF1000-memory.dmp

Filesize
3.3MB

Download
memory/3480-2496-0x00007FF689FA0000-0x00007FF68A2F1000-memory.dmp

Filesize
3.3MB

Download
memory/3480-507-0x00007FF689FA0000-0x00007FF68A2F1000-memory.dmp

Filesize
3.3MB

Download
memory/3548-2480-0x00007FF7AA030000-0x00007FF7AA381000-memory.dmp

Filesize
3.3MB

Download
memory/3548-20-0x00007FF7AA030000-0x00007FF7AA381000-memory.dmp

Filesize
3.3MB

Download
memory/3600-527-0x00007FF6683A0000-0x00007FF6686F1000-memory.dmp

Filesize
3.3MB

Download
memory/3600-2499-0x00007FF6683A0000-0x00007FF6686F1000-memory.dmp

Filesize
3.3MB

Download
memory/3804-509-0x00007FF7EAAA0000-0x00007FF7EADF1000-memory.dmp

Filesize
3.3MB

Download
memory/3804-2500-0x00007FF7EAAA0000-0x00007FF7EADF1000-memory.dmp

Filesize
3.3MB

Download
memory/4000-2526-0x00007FF6AF160000-0x00007FF6AF4B1000-memory.dmp

Filesize
3.3MB

Download
memory/4000-533-0x00007FF6AF160000-0x00007FF6AF4B1000-memory.dmp

Filesize
3.3MB

Download
memory/4032-512-0x00007FF70DB70000-0x00007FF70DEC1000-memory.dmp

Filesize
3.3MB

Download
memory/4032-2520-0x00007FF70DB70000-0x00007FF70DEC1000-memory.dmp

Filesize
3.3MB

Download
memory/4376-2503-0x00007FF7CE270000-0x00007FF7CE5C1000-memory.dmp

Filesize
3.3MB

Download
memory/4376-519-0x00007FF7CE270000-0x00007FF7CE5C1000-memory.dmp

Filesize
3.3MB

Download
memory/4536-502-0x00007FF65E290000-0x00007FF65E5E1000-memory.dmp

Filesize
3.3MB

Download
memory/4536-2492-0x00007FF65E290000-0x00007FF65E5E1000-memory.dmp

Filesize
3.3MB

Download
memory/4564-536-0x00007FF645F90000-0x00007FF6462E1000-memory.dmp

Filesize
3.3MB

Download
memory/4564-2528-0x00007FF645F90000-0x00007FF6462E1000-memory.dmp

Filesize
3.3MB

Download
memory/4648-2485-0x00007FF616F70000-0x00007FF6172C1000-memory.dmp

Filesize
3.3MB

Download
memory/4648-27-0x00007FF616F70000-0x00007FF6172C1000-memory.dmp

Filesize
3.3MB

Download
memory/4660-1-0x0000021D1D970000-0x0000021D1D980000-memory.dmp

Filesize
64KB

Download
memory/4660-0-0x00007FF763A60000-0x00007FF763DB1000-memory.dmp

Filesize
3.3MB

Download
memory/4660-2417-0x00007FF763A60000-0x00007FF763DB1000-memory.dmp

Filesize
3.3MB

Download
memory/4696-2533-0x00007FF711070000-0x00007FF7113C1000-memory.dmp

Filesize
3.3MB

Download
memory/4696-545-0x00007FF711070000-0x00007FF7113C1000-memory.dmp

Filesize
3.3MB

Download
memory/4700-2524-0x00007FF623120000-0x00007FF623471000-memory.dmp

Filesize
3.3MB

Download
memory/4700-532-0x00007FF623120000-0x00007FF623471000-memory.dmp

Filesize
3.3MB

Download
memory/4728-516-0x00007FF743990000-0x00007FF743CE1000-memory.dmp

Filesize
3.3MB

Download
memory/4728-2507-0x00007FF743990000-0x00007FF743CE1000-memory.dmp

Filesize
3.3MB

Download
memory/5064-515-0x00007FF69A840000-0x00007FF69AB91000-memory.dmp

Filesize
3.3MB

Download
memory/5064-2509-0x00007FF69A840000-0x00007FF69AB91000-memory.dmp

Filesize
3.3MB

Download