xmrig | 2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f

Analysis

max time kernel
59s
max time network
60s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
07/07/2024, 20:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
Size

1.5MB
MD5

5e106a36e6e2cf0d4c48e2426751c206
SHA1

dcf455a34a8eb9c80eb4fcef647f011d795dfda0
SHA256

2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f
SHA512

2657f81d666260d2cedf059c8d2eafcfe20514ecf275e72ac00f666a5b4ccbe906475fe2f3b877c78f00db3048fc764f687ddffe57fe7051b3e01f5659ab4a1d
SSDEEP

24576:RVIl/WDGCi7/qkatXBF6727uROGdN1cASXv8Bl6rM1k4QMQbDA4irGtQWdDMrJL:ROdWCCi7/rahwNUMJH4KrwDAL

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 59 IoCs

miner

resource	yara_rule
behavioral2/memory/1472-296-0x00007FF6C0110000-0x00007FF6C0461000-memory.dmp	xmrig
behavioral2/memory/1916-330-0x00007FF6E9C90000-0x00007FF6E9FE1000-memory.dmp	xmrig
behavioral2/memory/1516-344-0x00007FF6AB570000-0x00007FF6AB8C1000-memory.dmp	xmrig
behavioral2/memory/1176-471-0x00007FF6D7560000-0x00007FF6D78B1000-memory.dmp	xmrig
behavioral2/memory/2116-500-0x00007FF7A0090000-0x00007FF7A03E1000-memory.dmp	xmrig
behavioral2/memory/1808-2103-0x00007FF6B43A0000-0x00007FF6B46F1000-memory.dmp	xmrig
behavioral2/memory/636-508-0x00007FF632360000-0x00007FF6326B1000-memory.dmp	xmrig
behavioral2/memory/3512-507-0x00007FF7A21A0000-0x00007FF7A24F1000-memory.dmp	xmrig
behavioral2/memory/1352-506-0x00007FF775450000-0x00007FF7757A1000-memory.dmp	xmrig
behavioral2/memory/3184-505-0x00007FF7A1810000-0x00007FF7A1B61000-memory.dmp	xmrig
behavioral2/memory/2160-504-0x00007FF752680000-0x00007FF7529D1000-memory.dmp	xmrig
behavioral2/memory/3456-503-0x00007FF648C00000-0x00007FF648F51000-memory.dmp	xmrig
behavioral2/memory/516-502-0x00007FF75B2E0000-0x00007FF75B631000-memory.dmp	xmrig
behavioral2/memory/1960-501-0x00007FF6CEB20000-0x00007FF6CEE71000-memory.dmp	xmrig
behavioral2/memory/3060-470-0x00007FF77EBB0000-0x00007FF77EF01000-memory.dmp	xmrig
behavioral2/memory/1160-425-0x00007FF6F6A60000-0x00007FF6F6DB1000-memory.dmp	xmrig
behavioral2/memory/2808-408-0x00007FF7B13A0000-0x00007FF7B16F1000-memory.dmp	xmrig
behavioral2/memory/976-407-0x00007FF735920000-0x00007FF735C71000-memory.dmp	xmrig
behavioral2/memory/4756-369-0x00007FF603320000-0x00007FF603671000-memory.dmp	xmrig
behavioral2/memory/4696-343-0x00007FF690650000-0x00007FF6909A1000-memory.dmp	xmrig
behavioral2/memory/916-267-0x00007FF7F5380000-0x00007FF7F56D1000-memory.dmp	xmrig
behavioral2/memory/3188-244-0x00007FF7DB270000-0x00007FF7DB5C1000-memory.dmp	xmrig
behavioral2/memory/4288-243-0x00007FF643440000-0x00007FF643791000-memory.dmp	xmrig
behavioral2/memory/3708-60-0x00007FF78E620000-0x00007FF78E971000-memory.dmp	xmrig
behavioral2/memory/4608-2200-0x00007FF6B5940000-0x00007FF6B5C91000-memory.dmp	xmrig
behavioral2/memory/4468-2201-0x00007FF61CF50000-0x00007FF61D2A1000-memory.dmp	xmrig
behavioral2/memory/1460-2202-0x00007FF6BB5E0000-0x00007FF6BB931000-memory.dmp	xmrig
behavioral2/memory/2736-2203-0x00007FF66F4F0000-0x00007FF66F841000-memory.dmp	xmrig
behavioral2/memory/4656-2204-0x00007FF7ADA10000-0x00007FF7ADD61000-memory.dmp	xmrig
behavioral2/memory/1552-2205-0x00007FF6B5D30000-0x00007FF6B6081000-memory.dmp	xmrig
behavioral2/memory/4608-2207-0x00007FF6B5940000-0x00007FF6B5C91000-memory.dmp	xmrig
behavioral2/memory/1460-2209-0x00007FF6BB5E0000-0x00007FF6BB931000-memory.dmp	xmrig
behavioral2/memory/3708-2211-0x00007FF78E620000-0x00007FF78E971000-memory.dmp	xmrig
behavioral2/memory/4468-2213-0x00007FF61CF50000-0x00007FF61D2A1000-memory.dmp	xmrig
behavioral2/memory/2736-2215-0x00007FF66F4F0000-0x00007FF66F841000-memory.dmp	xmrig
behavioral2/memory/3188-2217-0x00007FF7DB270000-0x00007FF7DB5C1000-memory.dmp	xmrig
behavioral2/memory/3184-2219-0x00007FF7A1810000-0x00007FF7A1B61000-memory.dmp	xmrig
behavioral2/memory/516-2223-0x00007FF75B2E0000-0x00007FF75B631000-memory.dmp	xmrig
behavioral2/memory/4656-2222-0x00007FF7ADA10000-0x00007FF7ADD61000-memory.dmp	xmrig
behavioral2/memory/4288-2225-0x00007FF643440000-0x00007FF643791000-memory.dmp	xmrig
behavioral2/memory/916-2227-0x00007FF7F5380000-0x00007FF7F56D1000-memory.dmp	xmrig
behavioral2/memory/1472-2230-0x00007FF6C0110000-0x00007FF6C0461000-memory.dmp	xmrig
behavioral2/memory/2808-2237-0x00007FF7B13A0000-0x00007FF7B16F1000-memory.dmp	xmrig
behavioral2/memory/1160-2236-0x00007FF6F6A60000-0x00007FF6F6DB1000-memory.dmp	xmrig
behavioral2/memory/3512-2241-0x00007FF7A21A0000-0x00007FF7A24F1000-memory.dmp	xmrig
behavioral2/memory/1516-2239-0x00007FF6AB570000-0x00007FF6AB8C1000-memory.dmp	xmrig
behavioral2/memory/1916-2233-0x00007FF6E9C90000-0x00007FF6E9FE1000-memory.dmp	xmrig
behavioral2/memory/1176-2232-0x00007FF6D7560000-0x00007FF6D78B1000-memory.dmp	xmrig
behavioral2/memory/636-2252-0x00007FF632360000-0x00007FF6326B1000-memory.dmp	xmrig
behavioral2/memory/976-2249-0x00007FF735920000-0x00007FF735C71000-memory.dmp	xmrig
behavioral2/memory/1960-2259-0x00007FF6CEB20000-0x00007FF6CEE71000-memory.dmp	xmrig
behavioral2/memory/3456-2266-0x00007FF648C00000-0x00007FF648F51000-memory.dmp	xmrig
behavioral2/memory/4696-2258-0x00007FF690650000-0x00007FF6909A1000-memory.dmp	xmrig
behavioral2/memory/2116-2272-0x00007FF7A0090000-0x00007FF7A03E1000-memory.dmp	xmrig
behavioral2/memory/4756-2256-0x00007FF603320000-0x00007FF603671000-memory.dmp	xmrig
behavioral2/memory/1552-2254-0x00007FF6B5D30000-0x00007FF6B6081000-memory.dmp	xmrig
behavioral2/memory/1352-2263-0x00007FF775450000-0x00007FF7757A1000-memory.dmp	xmrig
behavioral2/memory/3060-2262-0x00007FF77EBB0000-0x00007FF77EF01000-memory.dmp	xmrig
behavioral2/memory/2160-2243-0x00007FF752680000-0x00007FF7529D1000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4608	TjeplYL.exe
1460	FpMoUhn.exe
4468	xFfFMGz.exe
3708	aSCcFqX.exe
3184	QZEAdwY.exe
1352	uQgiwqt.exe
2736	PRxGTpM.exe
4656	XmDZFrI.exe
1552	LEkyYnf.exe
3512	zQQlEPL.exe
4288	saQkGFG.exe
3188	GAoxoIv.exe
916	ZsXXFEV.exe
1472	lTrZaeR.exe
1916	rqiLmhP.exe
4696	MbDIKfr.exe
1516	HBlZBHg.exe
4756	SOOvohM.exe
976	DzqxQOQ.exe
2808	bZxjvMJ.exe
1160	TVSoMrD.exe
3060	lVicYXW.exe
1176	mThjdqP.exe
2116	zzqOGIL.exe
1960	izkhrDW.exe
516	YSghBPc.exe
636	uDWAMEz.exe
2160	elYQiNo.exe
3456	rDLNnEm.exe
2328	qeZKjLN.exe
3592	UWBUfDG.exe
2668	NHSeRNV.exe
2576	FYTIUPZ.exe
452	ToxYaUG.exe
1268	zWNeGou.exe
3828	PdqmocU.exe
4260	UKpuIEI.exe
4464	cvagfIU.exe
3516	ynTMaCX.exe
3008	jJqdTTs.exe
1932	xQzrFIQ.exe
3164	PVuVcGC.exe
964	hDyfPIA.exe
2680	szjpGXk.exe
1912	curCFZr.exe
800	aGWDBCj.exe
3676	NCybNdH.exe
464	quavMXi.exe
4684	RVLkpAy.exe
3508	hOsTFNV.exe
3428	lmHqlCq.exe
2112	yzVCFdR.exe
1496	UstAuPT.exe
3444	ZZnEyjN.exe
5052	etispQU.exe
2956	iTmFhAo.exe
3540	NtdDKby.exe
4488	UmbkjQi.exe
3392	sTqYGOb.exe
2124	oXULzTR.exe
1188	hksFjLn.exe
1788	WWhDyOA.exe
4416	TdweFez.exe
1220	hbtwnbi.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1808-0-0x00007FF6B43A0000-0x00007FF6B46F1000-memory.dmp	upx
behavioral2/files/0x00080000000233c6-5.dat	upx
behavioral2/files/0x00070000000233cc-17.dat	upx
behavioral2/files/0x00070000000233de-101.dat	upx
behavioral2/memory/1552-219-0x00007FF6B5D30000-0x00007FF6B6081000-memory.dmp	upx
behavioral2/memory/1472-296-0x00007FF6C0110000-0x00007FF6C0461000-memory.dmp	upx
behavioral2/memory/1916-330-0x00007FF6E9C90000-0x00007FF6E9FE1000-memory.dmp	upx
behavioral2/memory/1516-344-0x00007FF6AB570000-0x00007FF6AB8C1000-memory.dmp	upx
behavioral2/memory/1176-471-0x00007FF6D7560000-0x00007FF6D78B1000-memory.dmp	upx
behavioral2/memory/2116-500-0x00007FF7A0090000-0x00007FF7A03E1000-memory.dmp	upx
behavioral2/memory/1808-2103-0x00007FF6B43A0000-0x00007FF6B46F1000-memory.dmp	upx
behavioral2/memory/636-508-0x00007FF632360000-0x00007FF6326B1000-memory.dmp	upx
behavioral2/memory/3512-507-0x00007FF7A21A0000-0x00007FF7A24F1000-memory.dmp	upx
behavioral2/memory/1352-506-0x00007FF775450000-0x00007FF7757A1000-memory.dmp	upx
behavioral2/memory/3184-505-0x00007FF7A1810000-0x00007FF7A1B61000-memory.dmp	upx
behavioral2/memory/2160-504-0x00007FF752680000-0x00007FF7529D1000-memory.dmp	upx
behavioral2/memory/3456-503-0x00007FF648C00000-0x00007FF648F51000-memory.dmp	upx
behavioral2/memory/516-502-0x00007FF75B2E0000-0x00007FF75B631000-memory.dmp	upx
behavioral2/memory/1960-501-0x00007FF6CEB20000-0x00007FF6CEE71000-memory.dmp	upx
behavioral2/memory/3060-470-0x00007FF77EBB0000-0x00007FF77EF01000-memory.dmp	upx
behavioral2/memory/1160-425-0x00007FF6F6A60000-0x00007FF6F6DB1000-memory.dmp	upx
behavioral2/memory/2808-408-0x00007FF7B13A0000-0x00007FF7B16F1000-memory.dmp	upx
behavioral2/memory/976-407-0x00007FF735920000-0x00007FF735C71000-memory.dmp	upx
behavioral2/memory/4756-369-0x00007FF603320000-0x00007FF603671000-memory.dmp	upx
behavioral2/memory/4696-343-0x00007FF690650000-0x00007FF6909A1000-memory.dmp	upx
behavioral2/memory/916-267-0x00007FF7F5380000-0x00007FF7F56D1000-memory.dmp	upx
behavioral2/memory/3188-244-0x00007FF7DB270000-0x00007FF7DB5C1000-memory.dmp	upx
behavioral2/memory/4288-243-0x00007FF643440000-0x00007FF643791000-memory.dmp	upx
behavioral2/files/0x00070000000233f1-198.dat	upx
behavioral2/files/0x00070000000233f0-196.dat	upx
behavioral2/files/0x00070000000233dd-193.dat	upx
behavioral2/files/0x00070000000233e4-189.dat	upx
behavioral2/files/0x00070000000233ce-183.dat	upx
behavioral2/memory/4656-176-0x00007FF7ADA10000-0x00007FF7ADD61000-memory.dmp	upx
behavioral2/files/0x00070000000233ee-174.dat	upx
behavioral2/files/0x00070000000233da-173.dat	upx
behavioral2/files/0x00070000000233ed-171.dat	upx
behavioral2/files/0x00070000000233ec-170.dat	upx
behavioral2/files/0x00070000000233ea-168.dat	upx
behavioral2/files/0x00070000000233d8-166.dat	upx
behavioral2/files/0x00070000000233e9-165.dat	upx
behavioral2/files/0x00070000000233e8-163.dat	upx
behavioral2/files/0x00070000000233e0-159.dat	upx
behavioral2/files/0x00070000000233e7-154.dat	upx
behavioral2/files/0x00070000000233d7-151.dat	upx
behavioral2/files/0x00070000000233d6-147.dat	upx
behavioral2/files/0x00070000000233d5-145.dat	upx
behavioral2/files/0x00070000000233e6-144.dat	upx
behavioral2/files/0x00070000000233d3-136.dat	upx
behavioral2/files/0x00070000000233e5-135.dat	upx
behavioral2/files/0x00070000000233dc-132.dat	upx
behavioral2/files/0x00070000000233d2-182.dat	upx
behavioral2/memory/2736-125-0x00007FF66F4F0000-0x00007FF66F841000-memory.dmp	upx
behavioral2/files/0x00070000000233e3-120.dat	upx
behavioral2/files/0x00070000000233eb-169.dat	upx
behavioral2/files/0x00070000000233d9-114.dat	upx
behavioral2/files/0x00070000000233e1-108.dat	upx
behavioral2/files/0x00070000000233df-106.dat	upx
behavioral2/files/0x00070000000233d4-97.dat	upx
behavioral2/files/0x00070000000233db-91.dat	upx
behavioral2/files/0x00070000000233d0-83.dat	upx
behavioral2/files/0x00070000000233e2-115.dat	upx
behavioral2/files/0x00070000000233cd-77.dat	upx
behavioral2/files/0x00070000000233cf-67.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\wrsazuf.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\DTLdwtn.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\eKaXWxy.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\IKuLeKa.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\rNTPsPi.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\UCpbxgf.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\kWWOsmD.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\KWXwVKx.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\lVicYXW.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\NHSeRNV.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\XPREiOp.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\cklzMDV.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\EfIvqmU.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\xFfFMGz.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\idnSPdr.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\uLxaCBj.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\IxfAIDM.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\fGaotYX.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\dTaYDLe.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\dRUIDAr.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\NgNcQfJ.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\rDLNnEm.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\NCybNdH.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\xsTEuiG.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\VcrYldr.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\xDswnaW.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\sQYVfHU.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\xuBLZVJ.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\AaOUYIi.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\AcZtWkc.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\zjNaKIm.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\caWleCb.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\VBjbTfW.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\ePPJnKn.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\pxtfuNW.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\tZSLPwa.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\RfFsFrq.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\pfMNmvy.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\cIzWAMC.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\iqICTkI.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\rSbRXUH.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\HlSqOiH.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\FERTsgS.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\vsgUkmq.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\RfSMtcB.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\hkrndGZ.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\GasfZeO.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\cTlYPDb.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\YxTmpVW.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\flfmfMs.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\JRDrYCV.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\UyGTLZC.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\hxKAGit.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\tjNvIyY.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\luMWfuG.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\hXGvWEM.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\wgzOzaQ.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\SIGJRgW.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\UWBUfDG.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\UKpuIEI.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\KaJDztS.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\mOpnwwG.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\GNpbFUM.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
File created	C:\Windows\System\qjVehJB.exe	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1808 wrote to memory of 4608	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	82
PID 1808 wrote to memory of 4608	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	82
PID 1808 wrote to memory of 1460	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	83
PID 1808 wrote to memory of 1460	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	83
PID 1808 wrote to memory of 4468	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	84
PID 1808 wrote to memory of 4468	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	84
PID 1808 wrote to memory of 3708	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	85
PID 1808 wrote to memory of 3708	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	85
PID 1808 wrote to memory of 3184	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	86
PID 1808 wrote to memory of 3184	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	86
PID 1808 wrote to memory of 3512	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	87
PID 1808 wrote to memory of 3512	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	87
PID 1808 wrote to memory of 1352	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	88
PID 1808 wrote to memory of 1352	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	88
PID 1808 wrote to memory of 2736	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	89
PID 1808 wrote to memory of 2736	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	89
PID 1808 wrote to memory of 4656	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	90
PID 1808 wrote to memory of 4656	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	90
PID 1808 wrote to memory of 1552	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	91
PID 1808 wrote to memory of 1552	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	91
PID 1808 wrote to memory of 4288	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	92
PID 1808 wrote to memory of 4288	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	92
PID 1808 wrote to memory of 3188	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	93
PID 1808 wrote to memory of 3188	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	93
PID 1808 wrote to memory of 916	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	94
PID 1808 wrote to memory of 916	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	94
PID 1808 wrote to memory of 1472	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	95
PID 1808 wrote to memory of 1472	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	95
PID 1808 wrote to memory of 1916	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	96
PID 1808 wrote to memory of 1916	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	96
PID 1808 wrote to memory of 4696	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	97
PID 1808 wrote to memory of 4696	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	97
PID 1808 wrote to memory of 2116	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	98
PID 1808 wrote to memory of 2116	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	98
PID 1808 wrote to memory of 1516	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	99
PID 1808 wrote to memory of 1516	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	99
PID 1808 wrote to memory of 4756	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	100
PID 1808 wrote to memory of 4756	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	100
PID 1808 wrote to memory of 636	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	101
PID 1808 wrote to memory of 636	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	101
PID 1808 wrote to memory of 976	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	102
PID 1808 wrote to memory of 976	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	102
PID 1808 wrote to memory of 2808	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	103
PID 1808 wrote to memory of 2808	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	103
PID 1808 wrote to memory of 1160	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	104
PID 1808 wrote to memory of 1160	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	104
PID 1808 wrote to memory of 3060	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	105
PID 1808 wrote to memory of 3060	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	105
PID 1808 wrote to memory of 1176	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	106
PID 1808 wrote to memory of 1176	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	106
PID 1808 wrote to memory of 1960	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	107
PID 1808 wrote to memory of 1960	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	107
PID 1808 wrote to memory of 516	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	108
PID 1808 wrote to memory of 516	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	108
PID 1808 wrote to memory of 2160	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	109
PID 1808 wrote to memory of 2160	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	109
PID 1808 wrote to memory of 3456	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	110
PID 1808 wrote to memory of 3456	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	110
PID 1808 wrote to memory of 2328	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	111
PID 1808 wrote to memory of 2328	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	111
PID 1808 wrote to memory of 3592	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	112
PID 1808 wrote to memory of 3592	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	112
PID 1808 wrote to memory of 2668	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	113
PID 1808 wrote to memory of 2668	1808	2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe	113

C:\Users\Admin\AppData\Local\Temp\2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe
"C:\Users\Admin\AppData\Local\Temp\2f1d7bd5b6a073f7ccd103f600db8ee860a6dfc6cf0c3f49dabc1941f78b799f.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1808
- C:\Windows\System\TjeplYL.exe
  C:\Windows\System\TjeplYL.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\FpMoUhn.exe
  C:\Windows\System\FpMoUhn.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\xFfFMGz.exe
  C:\Windows\System\xFfFMGz.exe
  2⤵
  - Executes dropped EXE
  PID:4468
- C:\Windows\System\aSCcFqX.exe
  C:\Windows\System\aSCcFqX.exe
  2⤵
  - Executes dropped EXE
  PID:3708
- C:\Windows\System\QZEAdwY.exe
  C:\Windows\System\QZEAdwY.exe
  2⤵
  - Executes dropped EXE
  PID:3184
- C:\Windows\System\zQQlEPL.exe
  C:\Windows\System\zQQlEPL.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\uQgiwqt.exe
  C:\Windows\System\uQgiwqt.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\PRxGTpM.exe
  C:\Windows\System\PRxGTpM.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\XmDZFrI.exe
  C:\Windows\System\XmDZFrI.exe
  2⤵
  - Executes dropped EXE
  PID:4656
- C:\Windows\System\LEkyYnf.exe
  C:\Windows\System\LEkyYnf.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\saQkGFG.exe
  C:\Windows\System\saQkGFG.exe
  2⤵
  - Executes dropped EXE
  PID:4288
- C:\Windows\System\GAoxoIv.exe
  C:\Windows\System\GAoxoIv.exe
  2⤵
  - Executes dropped EXE
  PID:3188
- C:\Windows\System\ZsXXFEV.exe
  C:\Windows\System\ZsXXFEV.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\lTrZaeR.exe
  C:\Windows\System\lTrZaeR.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\rqiLmhP.exe
  C:\Windows\System\rqiLmhP.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\MbDIKfr.exe
  C:\Windows\System\MbDIKfr.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\zzqOGIL.exe
  C:\Windows\System\zzqOGIL.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\HBlZBHg.exe
  C:\Windows\System\HBlZBHg.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\SOOvohM.exe
  C:\Windows\System\SOOvohM.exe
  2⤵
  - Executes dropped EXE
  PID:4756
- C:\Windows\System\uDWAMEz.exe
  C:\Windows\System\uDWAMEz.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\DzqxQOQ.exe
  C:\Windows\System\DzqxQOQ.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\bZxjvMJ.exe
  C:\Windows\System\bZxjvMJ.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\TVSoMrD.exe
  C:\Windows\System\TVSoMrD.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\lVicYXW.exe
  C:\Windows\System\lVicYXW.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\mThjdqP.exe
  C:\Windows\System\mThjdqP.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\izkhrDW.exe
  C:\Windows\System\izkhrDW.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\YSghBPc.exe
  C:\Windows\System\YSghBPc.exe
  2⤵
  - Executes dropped EXE
  PID:516
- C:\Windows\System\elYQiNo.exe
  C:\Windows\System\elYQiNo.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\rDLNnEm.exe
  C:\Windows\System\rDLNnEm.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System\qeZKjLN.exe
  C:\Windows\System\qeZKjLN.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\UWBUfDG.exe
  C:\Windows\System\UWBUfDG.exe
  2⤵
  - Executes dropped EXE
  PID:3592
- C:\Windows\System\NHSeRNV.exe
  C:\Windows\System\NHSeRNV.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\FYTIUPZ.exe
  C:\Windows\System\FYTIUPZ.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\ToxYaUG.exe
  C:\Windows\System\ToxYaUG.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\zWNeGou.exe
  C:\Windows\System\zWNeGou.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\PdqmocU.exe
  C:\Windows\System\PdqmocU.exe
  2⤵
  - Executes dropped EXE
  PID:3828
- C:\Windows\System\UKpuIEI.exe
  C:\Windows\System\UKpuIEI.exe
  2⤵
  - Executes dropped EXE
  PID:4260
- C:\Windows\System\cvagfIU.exe
  C:\Windows\System\cvagfIU.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\RVLkpAy.exe
  C:\Windows\System\RVLkpAy.exe
  2⤵
  - Executes dropped EXE
  PID:4684
- C:\Windows\System\ynTMaCX.exe
  C:\Windows\System\ynTMaCX.exe
  2⤵
  - Executes dropped EXE
  PID:3516
- C:\Windows\System\jJqdTTs.exe
  C:\Windows\System\jJqdTTs.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\xQzrFIQ.exe
  C:\Windows\System\xQzrFIQ.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\PVuVcGC.exe
  C:\Windows\System\PVuVcGC.exe
  2⤵
  - Executes dropped EXE
  PID:3164
- C:\Windows\System\hDyfPIA.exe
  C:\Windows\System\hDyfPIA.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\szjpGXk.exe
  C:\Windows\System\szjpGXk.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\curCFZr.exe
  C:\Windows\System\curCFZr.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\aGWDBCj.exe
  C:\Windows\System\aGWDBCj.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\NCybNdH.exe
  C:\Windows\System\NCybNdH.exe
  2⤵
  - Executes dropped EXE
  PID:3676
- C:\Windows\System\quavMXi.exe
  C:\Windows\System\quavMXi.exe
  2⤵
  - Executes dropped EXE
  PID:464
- C:\Windows\System\hOsTFNV.exe
  C:\Windows\System\hOsTFNV.exe
  2⤵
  - Executes dropped EXE
  PID:3508
- C:\Windows\System\NtdDKby.exe
  C:\Windows\System\NtdDKby.exe
  2⤵
  - Executes dropped EXE
  PID:3540
- C:\Windows\System\UmbkjQi.exe
  C:\Windows\System\UmbkjQi.exe
  2⤵
  - Executes dropped EXE
  PID:4488
- C:\Windows\System\lmHqlCq.exe
  C:\Windows\System\lmHqlCq.exe
  2⤵
  - Executes dropped EXE
  PID:3428
- C:\Windows\System\sTqYGOb.exe
  C:\Windows\System\sTqYGOb.exe
  2⤵
  - Executes dropped EXE
  PID:3392
- C:\Windows\System\yzVCFdR.exe
  C:\Windows\System\yzVCFdR.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\UstAuPT.exe
  C:\Windows\System\UstAuPT.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\ZZnEyjN.exe
  C:\Windows\System\ZZnEyjN.exe
  2⤵
  - Executes dropped EXE
  PID:3444
- C:\Windows\System\etispQU.exe
  C:\Windows\System\etispQU.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\iTmFhAo.exe
  C:\Windows\System\iTmFhAo.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\oXULzTR.exe
  C:\Windows\System\oXULzTR.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\hksFjLn.exe
  C:\Windows\System\hksFjLn.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\WWhDyOA.exe
  C:\Windows\System\WWhDyOA.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\TdweFez.exe
  C:\Windows\System\TdweFez.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\hbtwnbi.exe
  C:\Windows\System\hbtwnbi.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\JvgzvkS.exe
  C:\Windows\System\JvgzvkS.exe
  2⤵
  PID:5000
- C:\Windows\System\WrxkuOq.exe
  C:\Windows\System\WrxkuOq.exe
  2⤵
  PID:4996
- C:\Windows\System\KeaUUyW.exe
  C:\Windows\System\KeaUUyW.exe
  2⤵
  PID:3588
- C:\Windows\System\NfXMLdQ.exe
  C:\Windows\System\NfXMLdQ.exe
  2⤵
  PID:3660
- C:\Windows\System\PIoMEKY.exe
  C:\Windows\System\PIoMEKY.exe
  2⤵
  PID:688
- C:\Windows\System\vdcHbcE.exe
  C:\Windows\System\vdcHbcE.exe
  2⤵
  PID:2900
- C:\Windows\System\VfpVxxg.exe
  C:\Windows\System\VfpVxxg.exe
  2⤵
  PID:4360
- C:\Windows\System\oHhktRI.exe
  C:\Windows\System\oHhktRI.exe
  2⤵
  PID:4352
- C:\Windows\System\ePPJnKn.exe
  C:\Windows\System\ePPJnKn.exe
  2⤵
  PID:4932
- C:\Windows\System\dkxkZSj.exe
  C:\Windows\System\dkxkZSj.exe
  2⤵
  PID:4508
- C:\Windows\System\KLOGBfq.exe
  C:\Windows\System\KLOGBfq.exe
  2⤵
  PID:1428
- C:\Windows\System\GjXzNCP.exe
  C:\Windows\System\GjXzNCP.exe
  2⤵
  PID:4572
- C:\Windows\System\zaBQKjY.exe
  C:\Windows\System\zaBQKjY.exe
  2⤵
  PID:748
- C:\Windows\System\qgEUBxp.exe
  C:\Windows\System\qgEUBxp.exe
  2⤵
  PID:5032
- C:\Windows\System\BfvpeNc.exe
  C:\Windows\System\BfvpeNc.exe
  2⤵
  PID:4920
- C:\Windows\System\DgoHtnB.exe
  C:\Windows\System\DgoHtnB.exe
  2⤵
  PID:4604
- C:\Windows\System\YiERNAG.exe
  C:\Windows\System\YiERNAG.exe
  2⤵
  PID:3012
- C:\Windows\System\ZLHzuJd.exe
  C:\Windows\System\ZLHzuJd.exe
  2⤵
  PID:3868
- C:\Windows\System\HlSqOiH.exe
  C:\Windows\System\HlSqOiH.exe
  2⤵
  PID:4972
- C:\Windows\System\aCiWNcq.exe
  C:\Windows\System\aCiWNcq.exe
  2⤵
  PID:2240
- C:\Windows\System\ZlkwSDJ.exe
  C:\Windows\System\ZlkwSDJ.exe
  2⤵
  PID:3656
- C:\Windows\System\KaJDztS.exe
  C:\Windows\System\KaJDztS.exe
  2⤵
  PID:4384
- C:\Windows\System\xgBFzbb.exe
  C:\Windows\System\xgBFzbb.exe
  2⤵
  PID:3116
- C:\Windows\System\bDuomPk.exe
  C:\Windows\System\bDuomPk.exe
  2⤵
  PID:5096
- C:\Windows\System\xsTEuiG.exe
  C:\Windows\System\xsTEuiG.exe
  2⤵
  PID:3524
- C:\Windows\System\atyapMp.exe
  C:\Windows\System\atyapMp.exe
  2⤵
  PID:4984
- C:\Windows\System\EAuqome.exe
  C:\Windows\System\EAuqome.exe
  2⤵
  PID:388
- C:\Windows\System\FRxstBJ.exe
  C:\Windows\System\FRxstBJ.exe
  2⤵
  PID:5072
- C:\Windows\System\mOpnwwG.exe
  C:\Windows\System\mOpnwwG.exe
  2⤵
  PID:3368
- C:\Windows\System\GMADwjU.exe
  C:\Windows\System\GMADwjU.exe
  2⤵
  PID:5160
- C:\Windows\System\kvEvgXv.exe
  C:\Windows\System\kvEvgXv.exe
  2⤵
  PID:5180
- C:\Windows\System\EPFxLxQ.exe
  C:\Windows\System\EPFxLxQ.exe
  2⤵
  PID:5220
- C:\Windows\System\PFQCGxK.exe
  C:\Windows\System\PFQCGxK.exe
  2⤵
  PID:5316
- C:\Windows\System\VxEdYBP.exe
  C:\Windows\System\VxEdYBP.exe
  2⤵
  PID:5332
- C:\Windows\System\ipZawbT.exe
  C:\Windows\System\ipZawbT.exe
  2⤵
  PID:5352
- C:\Windows\System\BPHuSpO.exe
  C:\Windows\System\BPHuSpO.exe
  2⤵
  PID:5368
- C:\Windows\System\VFYwyXL.exe
  C:\Windows\System\VFYwyXL.exe
  2⤵
  PID:5384
- C:\Windows\System\PiBnfny.exe
  C:\Windows\System\PiBnfny.exe
  2⤵
  PID:5400
- C:\Windows\System\RGyIxcY.exe
  C:\Windows\System\RGyIxcY.exe
  2⤵
  PID:5416
- C:\Windows\System\wwozJdw.exe
  C:\Windows\System\wwozJdw.exe
  2⤵
  PID:5432
- C:\Windows\System\oEsuQae.exe
  C:\Windows\System\oEsuQae.exe
  2⤵
  PID:5452
- C:\Windows\System\uFvIlwU.exe
  C:\Windows\System\uFvIlwU.exe
  2⤵
  PID:5468
- C:\Windows\System\wWTCvxd.exe
  C:\Windows\System\wWTCvxd.exe
  2⤵
  PID:5556
- C:\Windows\System\uFqnynn.exe
  C:\Windows\System\uFqnynn.exe
  2⤵
  PID:5580
- C:\Windows\System\KsujdmF.exe
  C:\Windows\System\KsujdmF.exe
  2⤵
  PID:5596
- C:\Windows\System\eKaXWxy.exe
  C:\Windows\System\eKaXWxy.exe
  2⤵
  PID:5620
- C:\Windows\System\vwHElJZ.exe
  C:\Windows\System\vwHElJZ.exe
  2⤵
  PID:5644
- C:\Windows\System\WrmpQfV.exe
  C:\Windows\System\WrmpQfV.exe
  2⤵
  PID:5664
- C:\Windows\System\jfcWISi.exe
  C:\Windows\System\jfcWISi.exe
  2⤵
  PID:5688
- C:\Windows\System\UGyuQvw.exe
  C:\Windows\System\UGyuQvw.exe
  2⤵
  PID:5704
- C:\Windows\System\XyzzBYL.exe
  C:\Windows\System\XyzzBYL.exe
  2⤵
  PID:5728
- C:\Windows\System\TmTDwSC.exe
  C:\Windows\System\TmTDwSC.exe
  2⤵
  PID:5752
- C:\Windows\System\boJMjNO.exe
  C:\Windows\System\boJMjNO.exe
  2⤵
  PID:5772
- C:\Windows\System\DJvozht.exe
  C:\Windows\System\DJvozht.exe
  2⤵
  PID:5792
- C:\Windows\System\OFywbiE.exe
  C:\Windows\System\OFywbiE.exe
  2⤵
  PID:5820
- C:\Windows\System\LNVIBjq.exe
  C:\Windows\System\LNVIBjq.exe
  2⤵
  PID:5840
- C:\Windows\System\OhGvVQw.exe
  C:\Windows\System\OhGvVQw.exe
  2⤵
  PID:5944
- C:\Windows\System\NXvjXuf.exe
  C:\Windows\System\NXvjXuf.exe
  2⤵
  PID:5964
- C:\Windows\System\YqHYAZG.exe
  C:\Windows\System\YqHYAZG.exe
  2⤵
  PID:5984
- C:\Windows\System\FSDNUfY.exe
  C:\Windows\System\FSDNUfY.exe
  2⤵
  PID:6020
- C:\Windows\System\hxKAGit.exe
  C:\Windows\System\hxKAGit.exe
  2⤵
  PID:6036
- C:\Windows\System\rjeGVSr.exe
  C:\Windows\System\rjeGVSr.exe
  2⤵
  PID:6060
- C:\Windows\System\zHfkCAx.exe
  C:\Windows\System\zHfkCAx.exe
  2⤵
  PID:6080
- C:\Windows\System\DQXGZld.exe
  C:\Windows\System\DQXGZld.exe
  2⤵
  PID:6100
- C:\Windows\System\LpJVCxk.exe
  C:\Windows\System\LpJVCxk.exe
  2⤵
  PID:6120
- C:\Windows\System\IKJPiDJ.exe
  C:\Windows\System\IKJPiDJ.exe
  2⤵
  PID:6140
- C:\Windows\System\GjKlXvh.exe
  C:\Windows\System\GjKlXvh.exe
  2⤵
  PID:3016
- C:\Windows\System\znkHxsL.exe
  C:\Windows\System\znkHxsL.exe
  2⤵
  PID:708
- C:\Windows\System\igKZOOT.exe
  C:\Windows\System\igKZOOT.exe
  2⤵
  PID:3180
- C:\Windows\System\idnSPdr.exe
  C:\Windows\System\idnSPdr.exe
  2⤵
  PID:4212
- C:\Windows\System\ygqHTAi.exe
  C:\Windows\System\ygqHTAi.exe
  2⤵
  PID:1028
- C:\Windows\System\uuTzacg.exe
  C:\Windows\System\uuTzacg.exe
  2⤵
  PID:2740
- C:\Windows\System\kdWAnOA.exe
  C:\Windows\System\kdWAnOA.exe
  2⤵
  PID:1524
- C:\Windows\System\ouJkVPX.exe
  C:\Windows\System\ouJkVPX.exe
  2⤵
  PID:2216
- C:\Windows\System\RIdFPfh.exe
  C:\Windows\System\RIdFPfh.exe
  2⤵
  PID:2896
- C:\Windows\System\ktZNHZt.exe
  C:\Windows\System\ktZNHZt.exe
  2⤵
  PID:1644
- C:\Windows\System\pxtfuNW.exe
  C:\Windows\System\pxtfuNW.exe
  2⤵
  PID:5444
- C:\Windows\System\FERTsgS.exe
  C:\Windows\System\FERTsgS.exe
  2⤵
  PID:5480
- C:\Windows\System\uLxaCBj.exe
  C:\Windows\System\uLxaCBj.exe
  2⤵
  PID:5132
- C:\Windows\System\TmzAzTv.exe
  C:\Windows\System\TmzAzTv.exe
  2⤵
  PID:5192
- C:\Windows\System\VcrYldr.exe
  C:\Windows\System\VcrYldr.exe
  2⤵
  PID:5236
- C:\Windows\System\xSiPHKe.exe
  C:\Windows\System\xSiPHKe.exe
  2⤵
  PID:5784
- C:\Windows\System\xdkaCPm.exe
  C:\Windows\System\xdkaCPm.exe
  2⤵
  PID:5324
- C:\Windows\System\JXegOBK.exe
  C:\Windows\System\JXegOBK.exe
  2⤵
  PID:5396
- C:\Windows\System\xUBKXjx.exe
  C:\Windows\System\xUBKXjx.exe
  2⤵
  PID:5428
- C:\Windows\System\MuaCJTE.exe
  C:\Windows\System\MuaCJTE.exe
  2⤵
  PID:6148
- C:\Windows\System\LmMEMsZ.exe
  C:\Windows\System\LmMEMsZ.exe
  2⤵
  PID:6252
- C:\Windows\System\rPXNnSi.exe
  C:\Windows\System\rPXNnSi.exe
  2⤵
  PID:6268
- C:\Windows\System\MchZAzL.exe
  C:\Windows\System\MchZAzL.exe
  2⤵
  PID:6284
- C:\Windows\System\XPREiOp.exe
  C:\Windows\System\XPREiOp.exe
  2⤵
  PID:6300
- C:\Windows\System\aLbQnkg.exe
  C:\Windows\System\aLbQnkg.exe
  2⤵
  PID:6316
- C:\Windows\System\YrtPBNT.exe
  C:\Windows\System\YrtPBNT.exe
  2⤵
  PID:6332
- C:\Windows\System\KlcQQeb.exe
  C:\Windows\System\KlcQQeb.exe
  2⤵
  PID:6348
- C:\Windows\System\VYLAlre.exe
  C:\Windows\System\VYLAlre.exe
  2⤵
  PID:6364
- C:\Windows\System\Mmnxqwd.exe
  C:\Windows\System\Mmnxqwd.exe
  2⤵
  PID:6380
- C:\Windows\System\RvvmMAP.exe
  C:\Windows\System\RvvmMAP.exe
  2⤵
  PID:6396
- C:\Windows\System\scWPSFE.exe
  C:\Windows\System\scWPSFE.exe
  2⤵
  PID:6412
- C:\Windows\System\siJADEk.exe
  C:\Windows\System\siJADEk.exe
  2⤵
  PID:6428
- C:\Windows\System\uxbTYwk.exe
  C:\Windows\System\uxbTYwk.exe
  2⤵
  PID:6444
- C:\Windows\System\vsgUkmq.exe
  C:\Windows\System\vsgUkmq.exe
  2⤵
  PID:6460
- C:\Windows\System\DdZYsQD.exe
  C:\Windows\System\DdZYsQD.exe
  2⤵
  PID:6572
- C:\Windows\System\ejtZvDW.exe
  C:\Windows\System\ejtZvDW.exe
  2⤵
  PID:6592
- C:\Windows\System\RfSMtcB.exe
  C:\Windows\System\RfSMtcB.exe
  2⤵
  PID:6616
- C:\Windows\System\qCrrUTa.exe
  C:\Windows\System\qCrrUTa.exe
  2⤵
  PID:6632
- C:\Windows\System\IKuLeKa.exe
  C:\Windows\System\IKuLeKa.exe
  2⤵
  PID:6652
- C:\Windows\System\jjSOlCU.exe
  C:\Windows\System\jjSOlCU.exe
  2⤵
  PID:6680
- C:\Windows\System\BwWgEvR.exe
  C:\Windows\System\BwWgEvR.exe
  2⤵
  PID:6700
- C:\Windows\System\nefOTyo.exe
  C:\Windows\System\nefOTyo.exe
  2⤵
  PID:6724
- C:\Windows\System\pxbPevx.exe
  C:\Windows\System\pxbPevx.exe
  2⤵
  PID:6748
- C:\Windows\System\nRVQgEi.exe
  C:\Windows\System\nRVQgEi.exe
  2⤵
  PID:6768
- C:\Windows\System\QtZNerV.exe
  C:\Windows\System\QtZNerV.exe
  2⤵
  PID:6788
- C:\Windows\System\pMcgxrH.exe
  C:\Windows\System\pMcgxrH.exe
  2⤵
  PID:6812
- C:\Windows\System\WirolWE.exe
  C:\Windows\System\WirolWE.exe
  2⤵
  PID:6836
- C:\Windows\System\IryyyTY.exe
  C:\Windows\System\IryyyTY.exe
  2⤵
  PID:6852
- C:\Windows\System\yYeXEss.exe
  C:\Windows\System\yYeXEss.exe
  2⤵
  PID:6876
- C:\Windows\System\yoXQiiX.exe
  C:\Windows\System\yoXQiiX.exe
  2⤵
  PID:6892
- C:\Windows\System\xDswnaW.exe
  C:\Windows\System\xDswnaW.exe
  2⤵
  PID:6912
- C:\Windows\System\MSPXVBM.exe
  C:\Windows\System\MSPXVBM.exe
  2⤵
  PID:6928
- C:\Windows\System\CukquPh.exe
  C:\Windows\System\CukquPh.exe
  2⤵
  PID:6948
- C:\Windows\System\rDsuDOS.exe
  C:\Windows\System\rDsuDOS.exe
  2⤵
  PID:6968
- C:\Windows\System\KYmmmpw.exe
  C:\Windows\System\KYmmmpw.exe
  2⤵
  PID:6988
- C:\Windows\System\AmiQXiu.exe
  C:\Windows\System\AmiQXiu.exe
  2⤵
  PID:7004
- C:\Windows\System\wdSpacx.exe
  C:\Windows\System\wdSpacx.exe
  2⤵
  PID:7024
- C:\Windows\System\toJTnLK.exe
  C:\Windows\System\toJTnLK.exe
  2⤵
  PID:7044
- C:\Windows\System\NOrRbkU.exe
  C:\Windows\System\NOrRbkU.exe
  2⤵
  PID:7060
- C:\Windows\System\sffQhnY.exe
  C:\Windows\System\sffQhnY.exe
  2⤵
  PID:7080
- C:\Windows\System\XkiWdrE.exe
  C:\Windows\System\XkiWdrE.exe
  2⤵
  PID:7100
- C:\Windows\System\qtEhplk.exe
  C:\Windows\System\qtEhplk.exe
  2⤵
  PID:7120
- C:\Windows\System\PKDyGTz.exe
  C:\Windows\System\PKDyGTz.exe
  2⤵
  PID:7136
- C:\Windows\System\fdvbKtJ.exe
  C:\Windows\System\fdvbKtJ.exe
  2⤵
  PID:7152
- C:\Windows\System\GNpbFUM.exe
  C:\Windows\System\GNpbFUM.exe
  2⤵
  PID:5852
- C:\Windows\System\UBxCcDA.exe
  C:\Windows\System\UBxCcDA.exe
  2⤵
  PID:5932
- C:\Windows\System\bwWzHhW.exe
  C:\Windows\System\bwWzHhW.exe
  2⤵
  PID:5980
- C:\Windows\System\YQvwozI.exe
  C:\Windows\System\YQvwozI.exe
  2⤵
  PID:6032
- C:\Windows\System\TzMVPFl.exe
  C:\Windows\System\TzMVPFl.exe
  2⤵
  PID:6068
- C:\Windows\System\tWbNils.exe
  C:\Windows\System\tWbNils.exe
  2⤵
  PID:6108
- C:\Windows\System\KDeKDLP.exe
  C:\Windows\System\KDeKDLP.exe
  2⤵
  PID:4736
- C:\Windows\System\XIOWgbH.exe
  C:\Windows\System\XIOWgbH.exe
  2⤵
  PID:4644
- C:\Windows\System\hWPWkao.exe
  C:\Windows\System\hWPWkao.exe
  2⤵
  PID:972
- C:\Windows\System\ClsGuJR.exe
  C:\Windows\System\ClsGuJR.exe
  2⤵
  PID:3052
- C:\Windows\System\hkrndGZ.exe
  C:\Windows\System\hkrndGZ.exe
  2⤵
  PID:4536
- C:\Windows\System\XiqtEge.exe
  C:\Windows\System\XiqtEge.exe
  2⤵
  PID:1368
- C:\Windows\System\SdjTEHE.exe
  C:\Windows\System\SdjTEHE.exe
  2⤵
  PID:4484
- C:\Windows\System\YEsCYYp.exe
  C:\Windows\System\YEsCYYp.exe
  2⤵
  PID:4388
- C:\Windows\System\AUtvrXO.exe
  C:\Windows\System\AUtvrXO.exe
  2⤵
  PID:5364
- C:\Windows\System\WNrYido.exe
  C:\Windows\System\WNrYido.exe
  2⤵
  PID:3776
- C:\Windows\System\hxADCmF.exe
  C:\Windows\System\hxADCmF.exe
  2⤵
  PID:5232
- C:\Windows\System\WzeWFPN.exe
  C:\Windows\System\WzeWFPN.exe
  2⤵
  PID:5340
- C:\Windows\System\CLzobea.exe
  C:\Windows\System\CLzobea.exe
  2⤵
  PID:1340
- C:\Windows\System\JgDJDtV.exe
  C:\Windows\System\JgDJDtV.exe
  2⤵
  PID:2372
- C:\Windows\System\ryggltJ.exe
  C:\Windows\System\ryggltJ.exe
  2⤵
  PID:6784
- C:\Windows\System\DbrHKos.exe
  C:\Windows\System\DbrHKos.exe
  2⤵
  PID:7420
- C:\Windows\System\NCbaXVj.exe
  C:\Windows\System\NCbaXVj.exe
  2⤵
  PID:7436
- C:\Windows\System\ZbLkecY.exe
  C:\Windows\System\ZbLkecY.exe
  2⤵
  PID:7452
- C:\Windows\System\gnNfFFj.exe
  C:\Windows\System\gnNfFFj.exe
  2⤵
  PID:7472
- C:\Windows\System\pkKzvWo.exe
  C:\Windows\System\pkKzvWo.exe
  2⤵
  PID:7492
- C:\Windows\System\rwWFfsc.exe
  C:\Windows\System\rwWFfsc.exe
  2⤵
  PID:7512
- C:\Windows\System\ADugYdW.exe
  C:\Windows\System\ADugYdW.exe
  2⤵
  PID:7532
- C:\Windows\System\DklXBdG.exe
  C:\Windows\System\DklXBdG.exe
  2⤵
  PID:7552
- C:\Windows\System\qtewsxu.exe
  C:\Windows\System\qtewsxu.exe
  2⤵
  PID:7572
- C:\Windows\System\AfMNDtR.exe
  C:\Windows\System\AfMNDtR.exe
  2⤵
  PID:7592
- C:\Windows\System\YvUBEye.exe
  C:\Windows\System\YvUBEye.exe
  2⤵
  PID:7608
- C:\Windows\System\WtmSIkl.exe
  C:\Windows\System\WtmSIkl.exe
  2⤵
  PID:7628
- C:\Windows\System\cklzMDV.exe
  C:\Windows\System\cklzMDV.exe
  2⤵
  PID:7648
- C:\Windows\System\SNUBllq.exe
  C:\Windows\System\SNUBllq.exe
  2⤵
  PID:7668
- C:\Windows\System\IPtzxLQ.exe
  C:\Windows\System\IPtzxLQ.exe
  2⤵
  PID:7688
- C:\Windows\System\TGdUXcr.exe
  C:\Windows\System\TGdUXcr.exe
  2⤵
  PID:7712
- C:\Windows\System\GoAxFUM.exe
  C:\Windows\System\GoAxFUM.exe
  2⤵
  PID:7736
- C:\Windows\System\nXMXhrY.exe
  C:\Windows\System\nXMXhrY.exe
  2⤵
  PID:7756
- C:\Windows\System\ZZCyoXc.exe
  C:\Windows\System\ZZCyoXc.exe
  2⤵
  PID:7772
- C:\Windows\System\IDKcxDw.exe
  C:\Windows\System\IDKcxDw.exe
  2⤵
  PID:7788
- C:\Windows\System\uWwFRCj.exe
  C:\Windows\System\uWwFRCj.exe
  2⤵
  PID:7804
- C:\Windows\System\dTaYDLe.exe
  C:\Windows\System\dTaYDLe.exe
  2⤵
  PID:7820
- C:\Windows\System\vWQgXcF.exe
  C:\Windows\System\vWQgXcF.exe
  2⤵
  PID:7836
- C:\Windows\System\bRrOMXj.exe
  C:\Windows\System\bRrOMXj.exe
  2⤵
  PID:7856
- C:\Windows\System\pzAZSuB.exe
  C:\Windows\System\pzAZSuB.exe
  2⤵
  PID:7916
- C:\Windows\System\poazLGE.exe
  C:\Windows\System\poazLGE.exe
  2⤵
  PID:7936
- C:\Windows\System\KxVEjOP.exe
  C:\Windows\System\KxVEjOP.exe
  2⤵
  PID:7956
- C:\Windows\System\eTvyNiC.exe
  C:\Windows\System\eTvyNiC.exe
  2⤵
  PID:7980
- C:\Windows\System\XanGiWz.exe
  C:\Windows\System\XanGiWz.exe
  2⤵
  PID:8000
- C:\Windows\System\dDyGfOL.exe
  C:\Windows\System\dDyGfOL.exe
  2⤵
  PID:8020
- C:\Windows\System\dCEKAya.exe
  C:\Windows\System\dCEKAya.exe
  2⤵
  PID:8048
- C:\Windows\System\EiRHisZ.exe
  C:\Windows\System\EiRHisZ.exe
  2⤵
  PID:8064
- C:\Windows\System\UVtNRjS.exe
  C:\Windows\System\UVtNRjS.exe
  2⤵
  PID:8084
- C:\Windows\System\hBKkbrj.exe
  C:\Windows\System\hBKkbrj.exe
  2⤵
  PID:8104
- C:\Windows\System\tZSLPwa.exe
  C:\Windows\System\tZSLPwa.exe
  2⤵
  PID:8120
- C:\Windows\System\FYrXYib.exe
  C:\Windows\System\FYrXYib.exe
  2⤵
  PID:8140
- C:\Windows\System\MocAvhS.exe
  C:\Windows\System\MocAvhS.exe
  2⤵
  PID:8164
- C:\Windows\System\aotUENv.exe
  C:\Windows\System\aotUENv.exe
  2⤵
  PID:8180
- C:\Windows\System\wpASWEb.exe
  C:\Windows\System\wpASWEb.exe
  2⤵
  PID:6280
- C:\Windows\System\RfFsFrq.exe
  C:\Windows\System\RfFsFrq.exe
  2⤵
  PID:6312
- C:\Windows\System\CqnrFoU.exe
  C:\Windows\System\CqnrFoU.exe
  2⤵
  PID:6356
- C:\Windows\System\nyFfIph.exe
  C:\Windows\System\nyFfIph.exe
  2⤵
  PID:2000
- C:\Windows\System\IxfAIDM.exe
  C:\Windows\System\IxfAIDM.exe
  2⤵
  PID:6424
- C:\Windows\System\PkiiOrf.exe
  C:\Windows\System\PkiiOrf.exe
  2⤵
  PID:6552
- C:\Windows\System\tWaEdDf.exe
  C:\Windows\System\tWaEdDf.exe
  2⤵
  PID:6568
- C:\Windows\System\tFQfYre.exe
  C:\Windows\System\tFQfYre.exe
  2⤵
  PID:6624
- C:\Windows\System\CBnmKSX.exe
  C:\Windows\System\CBnmKSX.exe
  2⤵
  PID:6668
- C:\Windows\System\QequvKr.exe
  C:\Windows\System\QequvKr.exe
  2⤵
  PID:6712
- C:\Windows\System\ufGbRtQ.exe
  C:\Windows\System\ufGbRtQ.exe
  2⤵
  PID:6776
- C:\Windows\System\zbPlVgw.exe
  C:\Windows\System\zbPlVgw.exe
  2⤵
  PID:6888
- C:\Windows\System\oKNFHFY.exe
  C:\Windows\System\oKNFHFY.exe
  2⤵
  PID:6940
- C:\Windows\System\SxbNcwY.exe
  C:\Windows\System\SxbNcwY.exe
  2⤵
  PID:7088
- C:\Windows\System\bIbnGef.exe
  C:\Windows\System\bIbnGef.exe
  2⤵
  PID:7128
- C:\Windows\System\qUfdwVw.exe
  C:\Windows\System\qUfdwVw.exe
  2⤵
  PID:3292
- C:\Windows\System\lDrHWJv.exe
  C:\Windows\System\lDrHWJv.exe
  2⤵
  PID:1920
- C:\Windows\System\pqFnXgr.exe
  C:\Windows\System\pqFnXgr.exe
  2⤵
  PID:3532
- C:\Windows\System\eOHJAtH.exe
  C:\Windows\System\eOHJAtH.exe
  2⤵
  PID:5976
- C:\Windows\System\CQcwCOr.exe
  C:\Windows\System\CQcwCOr.exe
  2⤵
  PID:4376
- C:\Windows\System\MtbbhzN.exe
  C:\Windows\System\MtbbhzN.exe
  2⤵
  PID:2704
- C:\Windows\System\ttPadgZ.exe
  C:\Windows\System\ttPadgZ.exe
  2⤵
  PID:3064
- C:\Windows\System\jRynptW.exe
  C:\Windows\System\jRynptW.exe
  2⤵
  PID:4284
- C:\Windows\System\pfMNmvy.exe
  C:\Windows\System\pfMNmvy.exe
  2⤵
  PID:5188
- C:\Windows\System\dRUIDAr.exe
  C:\Windows\System\dRUIDAr.exe
  2⤵
  PID:2880
- C:\Windows\System\bJQDIIb.exe
  C:\Windows\System\bJQDIIb.exe
  2⤵
  PID:6780
- C:\Windows\System\xXpfBNS.exe
  C:\Windows\System\xXpfBNS.exe
  2⤵
  PID:7500
- C:\Windows\System\eDJGDLh.exe
  C:\Windows\System\eDJGDLh.exe
  2⤵
  PID:7744
- C:\Windows\System\ACXxhYv.exe
  C:\Windows\System\ACXxhYv.exe
  2⤵
  PID:7448
- C:\Windows\System\vjxkeUK.exe
  C:\Windows\System\vjxkeUK.exe
  2⤵
  PID:8196
- C:\Windows\System\efTCpjP.exe
  C:\Windows\System\efTCpjP.exe
  2⤵
  PID:8212
- C:\Windows\System\RtJBlEx.exe
  C:\Windows\System\RtJBlEx.exe
  2⤵
  PID:8232
- C:\Windows\System\hIVsseJ.exe
  C:\Windows\System\hIVsseJ.exe
  2⤵
  PID:8260
- C:\Windows\System\lQogJrx.exe
  C:\Windows\System\lQogJrx.exe
  2⤵
  PID:8280
- C:\Windows\System\RaQsjtR.exe
  C:\Windows\System\RaQsjtR.exe
  2⤵
  PID:8300
- C:\Windows\System\cguxNdj.exe
  C:\Windows\System\cguxNdj.exe
  2⤵
  PID:8316
- C:\Windows\System\NdZgULv.exe
  C:\Windows\System\NdZgULv.exe
  2⤵
  PID:8332
- C:\Windows\System\oycbmqu.exe
  C:\Windows\System\oycbmqu.exe
  2⤵
  PID:8568
- C:\Windows\System\vuSNRaR.exe
  C:\Windows\System\vuSNRaR.exe
  2⤵
  PID:8588
- C:\Windows\System\PyNwAIK.exe
  C:\Windows\System\PyNwAIK.exe
  2⤵
  PID:8616
- C:\Windows\System\hRNVUQV.exe
  C:\Windows\System\hRNVUQV.exe
  2⤵
  PID:8632
- C:\Windows\System\JvNLPtc.exe
  C:\Windows\System\JvNLPtc.exe
  2⤵
  PID:8652
- C:\Windows\System\javgqDW.exe
  C:\Windows\System\javgqDW.exe
  2⤵
  PID:8788
- C:\Windows\System\hXGvWEM.exe
  C:\Windows\System\hXGvWEM.exe
  2⤵
  PID:8804
- C:\Windows\System\ZkYEGvt.exe
  C:\Windows\System\ZkYEGvt.exe
  2⤵
  PID:8828
- C:\Windows\System\wSRGVSo.exe
  C:\Windows\System\wSRGVSo.exe
  2⤵
  PID:8852
- C:\Windows\System\QEtUMTk.exe
  C:\Windows\System\QEtUMTk.exe
  2⤵
  PID:8876
- C:\Windows\System\aNXnzWr.exe
  C:\Windows\System\aNXnzWr.exe
  2⤵
  PID:8896
- C:\Windows\System\KCDEblp.exe
  C:\Windows\System\KCDEblp.exe
  2⤵
  PID:8920
- C:\Windows\System\SDxyoXM.exe
  C:\Windows\System\SDxyoXM.exe
  2⤵
  PID:8944
- C:\Windows\System\NOWPuUH.exe
  C:\Windows\System\NOWPuUH.exe
  2⤵
  PID:8964
- C:\Windows\System\vkRMGTm.exe
  C:\Windows\System\vkRMGTm.exe
  2⤵
  PID:8984
- C:\Windows\System\cTlYPDb.exe
  C:\Windows\System\cTlYPDb.exe
  2⤵
  PID:9012
- C:\Windows\System\PqXeWnL.exe
  C:\Windows\System\PqXeWnL.exe
  2⤵
  PID:9044
- C:\Windows\System\QpvrqKB.exe
  C:\Windows\System\QpvrqKB.exe
  2⤵
  PID:9068
- C:\Windows\System\KfWJdNk.exe
  C:\Windows\System\KfWJdNk.exe
  2⤵
  PID:9084
- C:\Windows\System\NgNcQfJ.exe
  C:\Windows\System\NgNcQfJ.exe
  2⤵
  PID:9108
- C:\Windows\System\dEnUQTi.exe
  C:\Windows\System\dEnUQTi.exe
  2⤵
  PID:9124
- C:\Windows\System\icjqJae.exe
  C:\Windows\System\icjqJae.exe
  2⤵
  PID:9144
- C:\Windows\System\zmvimGg.exe
  C:\Windows\System\zmvimGg.exe
  2⤵
  PID:9164
- C:\Windows\System\vuOnxmR.exe
  C:\Windows\System\vuOnxmR.exe
  2⤵
  PID:9188
- C:\Windows\System\rNTPsPi.exe
  C:\Windows\System\rNTPsPi.exe
  2⤵
  PID:9212
- C:\Windows\System\iDjVFSQ.exe
  C:\Windows\System\iDjVFSQ.exe
  2⤵
  PID:7624
- C:\Windows\System\hbuMQwu.exe
  C:\Windows\System\hbuMQwu.exe
  2⤵
  PID:7720
- C:\Windows\System\zZuEdeY.exe
  C:\Windows\System\zZuEdeY.exe
  2⤵
  PID:7408
- C:\Windows\System\ztotVTK.exe
  C:\Windows\System\ztotVTK.exe
  2⤵
  PID:7444
- C:\Windows\System\HJHyrRn.exe
  C:\Windows\System\HJHyrRn.exe
  2⤵
  PID:7524
- C:\Windows\System\OsnQyIw.exe
  C:\Windows\System\OsnQyIw.exe
  2⤵
  PID:7568
- C:\Windows\System\WBJPquY.exe
  C:\Windows\System\WBJPquY.exe
  2⤵
  PID:7540
- C:\Windows\System\uThYWRG.exe
  C:\Windows\System\uThYWRG.exe
  2⤵
  PID:7636
- C:\Windows\System\gFvqast.exe
  C:\Windows\System\gFvqast.exe
  2⤵
  PID:7664
- C:\Windows\System\YiwRvve.exe
  C:\Windows\System\YiwRvve.exe
  2⤵
  PID:7732
- C:\Windows\System\alPnVOI.exe
  C:\Windows\System\alPnVOI.exe
  2⤵
  PID:6408
- C:\Windows\System\PGczFTD.exe
  C:\Windows\System\PGczFTD.exe
  2⤵
  PID:7376
- C:\Windows\System\zsKcYvo.exe
  C:\Windows\System\zsKcYvo.exe
  2⤵
  PID:1688
- C:\Windows\System\zuPagds.exe
  C:\Windows\System\zuPagds.exe
  2⤵
  PID:7068
- C:\Windows\System\WGrdESM.exe
  C:\Windows\System\WGrdESM.exe
  2⤵
  PID:6560
- C:\Windows\System\xRNKcwo.exe
  C:\Windows\System\xRNKcwo.exe
  2⤵
  PID:7784
- C:\Windows\System\zNGIQfj.exe
  C:\Windows\System\zNGIQfj.exe
  2⤵
  PID:7844
- C:\Windows\System\bRBpJTX.exe
  C:\Windows\System\bRBpJTX.exe
  2⤵
  PID:2264
- C:\Windows\System\SCEZtGj.exe
  C:\Windows\System\SCEZtGj.exe
  2⤵
  PID:7952
- C:\Windows\System\vdfbbLV.exe
  C:\Windows\System\vdfbbLV.exe
  2⤵
  PID:8012
- C:\Windows\System\mKJTUcG.exe
  C:\Windows\System\mKJTUcG.exe
  2⤵
  PID:8092
- C:\Windows\System\YxTmpVW.exe
  C:\Windows\System\YxTmpVW.exe
  2⤵
  PID:8172
- C:\Windows\System\fuQEmUv.exe
  C:\Windows\System\fuQEmUv.exe
  2⤵
  PID:8564
- C:\Windows\System\zDzPXAc.exe
  C:\Windows\System\zDzPXAc.exe
  2⤵
  PID:8328
- C:\Windows\System\AqywyIJ.exe
  C:\Windows\System\AqywyIJ.exe
  2⤵
  PID:6584
- C:\Windows\System\YsrrsvL.exe
  C:\Windows\System\YsrrsvL.exe
  2⤵
  PID:6692
- C:\Windows\System\cAFaToY.exe
  C:\Windows\System\cAFaToY.exe
  2⤵
  PID:6936
- C:\Windows\System\KGAyEWk.exe
  C:\Windows\System\KGAyEWk.exe
  2⤵
  PID:8476
- C:\Windows\System\QYpdocU.exe
  C:\Windows\System\QYpdocU.exe
  2⤵
  PID:1104
- C:\Windows\System\lOLucqc.exe
  C:\Windows\System\lOLucqc.exe
  2⤵
  PID:6136
- C:\Windows\System\MHttfKb.exe
  C:\Windows\System\MHttfKb.exe
  2⤵
  PID:4540
- C:\Windows\System\EfIvqmU.exe
  C:\Windows\System\EfIvqmU.exe
  2⤵
  PID:6820
- C:\Windows\System\pysUZGI.exe
  C:\Windows\System\pysUZGI.exe
  2⤵
  PID:7460
- C:\Windows\System\IOXCDqC.exe
  C:\Windows\System\IOXCDqC.exe
  2⤵
  PID:8532
- C:\Windows\System\FAJHthB.exe
  C:\Windows\System\FAJHthB.exe
  2⤵
  PID:8960
- C:\Windows\System\CUcdKiy.exe
  C:\Windows\System\CUcdKiy.exe
  2⤵
  PID:8228
- C:\Windows\System\shoOtwt.exe
  C:\Windows\System\shoOtwt.exe
  2⤵
  PID:9224
- C:\Windows\System\KHQSYyI.exe
  C:\Windows\System\KHQSYyI.exe
  2⤵
  PID:9244
- C:\Windows\System\nIcIvCl.exe
  C:\Windows\System\nIcIvCl.exe
  2⤵
  PID:9264
- C:\Windows\System\PPwlMHQ.exe
  C:\Windows\System\PPwlMHQ.exe
  2⤵
  PID:9356
- C:\Windows\System\arTbbZr.exe
  C:\Windows\System\arTbbZr.exe
  2⤵
  PID:9372
- C:\Windows\System\MAYBzFS.exe
  C:\Windows\System\MAYBzFS.exe
  2⤵
  PID:9388
- C:\Windows\System\NHxeMKr.exe
  C:\Windows\System\NHxeMKr.exe
  2⤵
  PID:9420
- C:\Windows\System\ujxCPvP.exe
  C:\Windows\System\ujxCPvP.exe
  2⤵
  PID:9448
- C:\Windows\System\FetqeNA.exe
  C:\Windows\System\FetqeNA.exe
  2⤵
  PID:9476
- C:\Windows\System\vlsfbHL.exe
  C:\Windows\System\vlsfbHL.exe
  2⤵
  PID:9496
- C:\Windows\System\twBEDBB.exe
  C:\Windows\System\twBEDBB.exe
  2⤵
  PID:9516
- C:\Windows\System\ZiedEkv.exe
  C:\Windows\System\ZiedEkv.exe
  2⤵
  PID:9536
- C:\Windows\System\WNmjYEA.exe
  C:\Windows\System\WNmjYEA.exe
  2⤵
  PID:9556
- C:\Windows\System\VoqfCbA.exe
  C:\Windows\System\VoqfCbA.exe
  2⤵
  PID:9576
- C:\Windows\System\MJSLMTU.exe
  C:\Windows\System\MJSLMTU.exe
  2⤵
  PID:9596
- C:\Windows\System\cIzWAMC.exe
  C:\Windows\System\cIzWAMC.exe
  2⤵
  PID:9616
- C:\Windows\System\bmHXtkm.exe
  C:\Windows\System\bmHXtkm.exe
  2⤵
  PID:9636
- C:\Windows\System\YnQKXUL.exe
  C:\Windows\System\YnQKXUL.exe
  2⤵
  PID:9660
- C:\Windows\System\jiUWuvT.exe
  C:\Windows\System\jiUWuvT.exe
  2⤵
  PID:9684
- C:\Windows\System\RZonFjQ.exe
  C:\Windows\System\RZonFjQ.exe
  2⤵
  PID:9704
- C:\Windows\System\jUXsvrB.exe
  C:\Windows\System\jUXsvrB.exe
  2⤵
  PID:9724
- C:\Windows\System\wgzOzaQ.exe
  C:\Windows\System\wgzOzaQ.exe
  2⤵
  PID:9744
- C:\Windows\System\cNSCtJf.exe
  C:\Windows\System\cNSCtJf.exe
  2⤵
  PID:9768
- C:\Windows\System\GRJBuCV.exe
  C:\Windows\System\GRJBuCV.exe
  2⤵
  PID:9788
- C:\Windows\System\JkslpRP.exe
  C:\Windows\System\JkslpRP.exe
  2⤵
  PID:9804
- C:\Windows\System\wczkqFz.exe
  C:\Windows\System\wczkqFz.exe
  2⤵
  PID:9828
- C:\Windows\System\eSHFrad.exe
  C:\Windows\System\eSHFrad.exe
  2⤵
  PID:9852
- C:\Windows\System\amkUomV.exe
  C:\Windows\System\amkUomV.exe
  2⤵
  PID:9872
- C:\Windows\System\sYChrVf.exe
  C:\Windows\System\sYChrVf.exe
  2⤵
  PID:9896
- C:\Windows\System\ZiVOvex.exe
  C:\Windows\System\ZiVOvex.exe
  2⤵
  PID:9912
- C:\Windows\System\FZPBdNz.exe
  C:\Windows\System\FZPBdNz.exe
  2⤵
  PID:9940
- C:\Windows\System\flfmfMs.exe
  C:\Windows\System\flfmfMs.exe
  2⤵
  PID:9956
- C:\Windows\System\dXGyVVH.exe
  C:\Windows\System\dXGyVVH.exe
  2⤵
  PID:10084
- C:\Windows\System\kRlgOEO.exe
  C:\Windows\System\kRlgOEO.exe
  2⤵
  PID:10108
- C:\Windows\System\dSlAvlU.exe
  C:\Windows\System\dSlAvlU.exe
  2⤵
  PID:10124
- C:\Windows\System\tbufVZG.exe
  C:\Windows\System\tbufVZG.exe
  2⤵
  PID:10148
- C:\Windows\System\ubYQJtU.exe
  C:\Windows\System\ubYQJtU.exe
  2⤵
  PID:10176
- C:\Windows\System\AcSoxKa.exe
  C:\Windows\System\AcSoxKa.exe
  2⤵
  PID:10200
- C:\Windows\System\uPvQmyI.exe
  C:\Windows\System\uPvQmyI.exe
  2⤵
  PID:10220
- C:\Windows\System\puOvkJR.exe
  C:\Windows\System\puOvkJR.exe
  2⤵
  PID:9172
- C:\Windows\System\ChQWtYk.exe
  C:\Windows\System\ChQWtYk.exe
  2⤵
  PID:8292
- C:\Windows\System\OjzAEIJ.exe
  C:\Windows\System\OjzAEIJ.exe
  2⤵
  PID:7748
- C:\Windows\System\KWXwVKx.exe
  C:\Windows\System\KWXwVKx.exe
  2⤵
  PID:8432
- C:\Windows\System\EJhwuXb.exe
  C:\Windows\System\EJhwuXb.exe
  2⤵
  PID:336
- C:\Windows\System\qeRknIu.exe
  C:\Windows\System\qeRknIu.exe
  2⤵
  PID:8524
- C:\Windows\System\zmayufK.exe
  C:\Windows\System\zmayufK.exe
  2⤵
  PID:6740
- C:\Windows\System\OYqilMV.exe
  C:\Windows\System\OYqilMV.exe
  2⤵
  PID:7056
- C:\Windows\System\tjNvIyY.exe
  C:\Windows\System\tjNvIyY.exe
  2⤵
  PID:9024
- C:\Windows\System\quoGGds.exe
  C:\Windows\System\quoGGds.exe
  2⤵
  PID:9076
- C:\Windows\System\tKabGMY.exe
  C:\Windows\System\tKabGMY.exe
  2⤵
  PID:9240
- C:\Windows\System\vvsyvPJ.exe
  C:\Windows\System\vvsyvPJ.exe
  2⤵
  PID:8624
- C:\Windows\System\WRuOoTY.exe
  C:\Windows\System\WRuOoTY.exe
  2⤵
  PID:8668
- C:\Windows\System\fCmFUYq.exe
  C:\Windows\System\fCmFUYq.exe
  2⤵
  PID:8756
- C:\Windows\System\YhMHlaw.exe
  C:\Windows\System\YhMHlaw.exe
  2⤵
  PID:9488
- C:\Windows\System\fGaotYX.exe
  C:\Windows\System\fGaotYX.exe
  2⤵
  PID:9528
- C:\Windows\System\IbYdpGK.exe
  C:\Windows\System\IbYdpGK.exe
  2⤵
  PID:4516
- C:\Windows\System\cCrNBOu.exe
  C:\Windows\System\cCrNBOu.exe
  2⤵
  PID:9000
- C:\Windows\System\wcalfee.exe
  C:\Windows\System\wcalfee.exe
  2⤵
  PID:9060
- C:\Windows\System\SIGJRgW.exe
  C:\Windows\System\SIGJRgW.exe
  2⤵
  PID:9120
- C:\Windows\System\SARXqfL.exe
  C:\Windows\System\SARXqfL.exe
  2⤵
  PID:9764
- C:\Windows\System\YCxjqoz.exe
  C:\Windows\System\YCxjqoz.exe
  2⤵
  PID:9796
- C:\Windows\System\AjrhTTH.exe
  C:\Windows\System\AjrhTTH.exe
  2⤵
  PID:9272
- C:\Windows\System\xHgOPYH.exe
  C:\Windows\System\xHgOPYH.exe
  2⤵
  PID:10264
- C:\Windows\System\CFbCJJt.exe
  C:\Windows\System\CFbCJJt.exe
  2⤵
  PID:10296
- C:\Windows\System\BcSGLpk.exe
  C:\Windows\System\BcSGLpk.exe
  2⤵
  PID:10312
- C:\Windows\System\nJiWUAL.exe
  C:\Windows\System\nJiWUAL.exe
  2⤵
  PID:10364
- C:\Windows\System\eUhJqcv.exe
  C:\Windows\System\eUhJqcv.exe
  2⤵
  PID:10384
- C:\Windows\System\DVbBBDl.exe
  C:\Windows\System\DVbBBDl.exe
  2⤵
  PID:10408
- C:\Windows\System\QKlgXZw.exe
  C:\Windows\System\QKlgXZw.exe
  2⤵
  PID:10432
- C:\Windows\System\LuOLRtq.exe
  C:\Windows\System\LuOLRtq.exe
  2⤵
  PID:10452
- C:\Windows\System\UCpbxgf.exe
  C:\Windows\System\UCpbxgf.exe
  2⤵
  PID:10472
- C:\Windows\System\ZqJIsyQ.exe
  C:\Windows\System\ZqJIsyQ.exe
  2⤵
  PID:10496
- C:\Windows\System\QGIsBRH.exe
  C:\Windows\System\QGIsBRH.exe
  2⤵
  PID:10524
- C:\Windows\System\AxDeeVr.exe
  C:\Windows\System\AxDeeVr.exe
  2⤵
  PID:10556
- C:\Windows\System\zIMJfOy.exe
  C:\Windows\System\zIMJfOy.exe
  2⤵
  PID:10588
- C:\Windows\System\LaSuSkT.exe
  C:\Windows\System\LaSuSkT.exe
  2⤵
  PID:10620
- C:\Windows\System\nIXlNSp.exe
  C:\Windows\System\nIXlNSp.exe
  2⤵
  PID:10660
- C:\Windows\System\gkURVvZ.exe
  C:\Windows\System\gkURVvZ.exe
  2⤵
  PID:10676
- C:\Windows\System\yCyezVB.exe
  C:\Windows\System\yCyezVB.exe
  2⤵
  PID:10704
- C:\Windows\System\ZnZSqxb.exe
  C:\Windows\System\ZnZSqxb.exe
  2⤵
  PID:10724
- C:\Windows\System\GSFZvnl.exe
  C:\Windows\System\GSFZvnl.exe
  2⤵
  PID:10744
- C:\Windows\System\JRDrYCV.exe
  C:\Windows\System\JRDrYCV.exe
  2⤵
  PID:10764
- C:\Windows\System\seZBNxb.exe
  C:\Windows\System\seZBNxb.exe
  2⤵
  PID:10796
- C:\Windows\System\ZxsfENm.exe
  C:\Windows\System\ZxsfENm.exe
  2⤵
  PID:10820
- C:\Windows\System\epPYehL.exe
  C:\Windows\System\epPYehL.exe
  2⤵
  PID:10836
- C:\Windows\System\fmzVMSJ.exe
  C:\Windows\System\fmzVMSJ.exe
  2⤵
  PID:10852
- C:\Windows\System\qAIwbcv.exe
  C:\Windows\System\qAIwbcv.exe
  2⤵
  PID:10868
- C:\Windows\System\iYDBqdn.exe
  C:\Windows\System\iYDBqdn.exe
  2⤵
  PID:10884
- C:\Windows\System\uAnFwCT.exe
  C:\Windows\System\uAnFwCT.exe
  2⤵
  PID:10904
- C:\Windows\System\dirVLNo.exe
  C:\Windows\System\dirVLNo.exe
  2⤵
  PID:10920
- C:\Windows\System\CwyRUwA.exe
  C:\Windows\System\CwyRUwA.exe
  2⤵
  PID:10940
- C:\Windows\System\LPUQzQA.exe
  C:\Windows\System\LPUQzQA.exe
  2⤵
  PID:10964
- C:\Windows\System\EAdtKUS.exe
  C:\Windows\System\EAdtKUS.exe
  2⤵
  PID:10988
- C:\Windows\System\yeqJpOE.exe
  C:\Windows\System\yeqJpOE.exe
  2⤵
  PID:11012
- C:\Windows\System\qjVehJB.exe
  C:\Windows\System\qjVehJB.exe
  2⤵
  PID:11036
- C:\Windows\System\fsLuKpY.exe
  C:\Windows\System\fsLuKpY.exe
  2⤵
  PID:11056
- C:\Windows\System\EXLMGcK.exe
  C:\Windows\System\EXLMGcK.exe
  2⤵
  PID:11076
- C:\Windows\System\NwXIfwi.exe
  C:\Windows\System\NwXIfwi.exe
  2⤵
  PID:11100
- C:\Windows\System\EgfbHak.exe
  C:\Windows\System\EgfbHak.exe
  2⤵
  PID:11124
- C:\Windows\System\yTKMIwm.exe
  C:\Windows\System\yTKMIwm.exe
  2⤵
  PID:11144
- C:\Windows\System\ggdtxDm.exe
  C:\Windows\System\ggdtxDm.exe
  2⤵
  PID:11172
- C:\Windows\System\xTrlzci.exe
  C:\Windows\System\xTrlzci.exe
  2⤵
  PID:11192
- C:\Windows\System\FYDxgux.exe
  C:\Windows\System\FYDxgux.exe
  2⤵
  PID:11220
- C:\Windows\System\HQwwIUh.exe
  C:\Windows\System\HQwwIUh.exe
  2⤵
  PID:11240
- C:\Windows\System\xUdhSMN.exe
  C:\Windows\System\xUdhSMN.exe
  2⤵
  PID:6456
- C:\Windows\System\QDANRLl.exe
  C:\Windows\System\QDANRLl.exe
  2⤵
  PID:7400
- C:\Windows\System\autHdoB.exe
  C:\Windows\System\autHdoB.exe
  2⤵
  PID:8044
- C:\Windows\System\tGAvoEf.exe
  C:\Windows\System\tGAvoEf.exe
  2⤵
  PID:7588
- C:\Windows\System\UgQkWzv.exe
  C:\Windows\System\UgQkWzv.exe
  2⤵
  PID:7656
- C:\Windows\System\TscxiWt.exe
  C:\Windows\System\TscxiWt.exe
  2⤵
  PID:8348
- C:\Windows\System\UhXruSt.exe
  C:\Windows\System\UhXruSt.exe
  2⤵
  PID:5780
- C:\Windows\System\xgMPSFO.exe
  C:\Windows\System\xgMPSFO.exe
  2⤵
  PID:6648
- C:\Windows\System\kWWOsmD.exe
  C:\Windows\System\kWWOsmD.exe
  2⤵
  PID:3000
- C:\Windows\System\sJuEAZD.exe
  C:\Windows\System\sJuEAZD.exe
  2⤵
  PID:1852
- C:\Windows\System\IJSiPhz.exe
  C:\Windows\System\IJSiPhz.exe
  2⤵
  PID:1760
- C:\Windows\System\WLLCIJb.exe
  C:\Windows\System\WLLCIJb.exe
  2⤵
  PID:8252
- C:\Windows\System\dEDBbwx.exe
  C:\Windows\System\dEDBbwx.exe
  2⤵
  PID:7160
- C:\Windows\System\GLvIqrh.exe
  C:\Windows\System\GLvIqrh.exe
  2⤵
  PID:9984
- C:\Windows\System\gLHukZY.exe
  C:\Windows\System\gLHukZY.exe
  2⤵
  PID:9608
- C:\Windows\System\qFAvviH.exe
  C:\Windows\System\qFAvviH.exe
  2⤵
  PID:8976
- C:\Windows\System\ZJTuRyZ.exe
  C:\Windows\System\ZJTuRyZ.exe
  2⤵
  PID:10116
- C:\Windows\System\WZYgOKu.exe
  C:\Windows\System\WZYgOKu.exe
  2⤵
  PID:8404
- C:\Windows\System\tCoIBsq.exe
  C:\Windows\System\tCoIBsq.exe
  2⤵
  PID:9880
- C:\Windows\System\JinpwGK.exe
  C:\Windows\System\JinpwGK.exe
  2⤵
  PID:8820
- C:\Windows\System\OKyAMMk.exe
  C:\Windows\System\OKyAMMk.exe
  2⤵
  PID:9080
- C:\Windows\System\mZZBnvc.exe
  C:\Windows\System\mZZBnvc.exe
  2⤵
  PID:6640
- C:\Windows\System\sQYVfHU.exe
  C:\Windows\System\sQYVfHU.exe
  2⤵
  PID:9056
- C:\Windows\System\ayqyMJi.exe
  C:\Windows\System\ayqyMJi.exe
  2⤵
  PID:10256
- C:\Windows\System\LYuvTVY.exe
  C:\Windows\System\LYuvTVY.exe
  2⤵
  PID:4080
- C:\Windows\System\kSkmmTc.exe
  C:\Windows\System\kSkmmTc.exe
  2⤵
  PID:9412
- C:\Windows\System\LogpgoF.exe
  C:\Windows\System\LogpgoF.exe
  2⤵
  PID:9464
- C:\Windows\System\FEvzJNr.exe
  C:\Windows\System\FEvzJNr.exe
  2⤵
  PID:10392
- C:\Windows\System\RImJXlj.exe
  C:\Windows\System\RImJXlj.exe
  2⤵
  PID:10460
- C:\Windows\System\XddXrsG.exe
  C:\Windows\System\XddXrsG.exe
  2⤵
  PID:10516
- C:\Windows\System\LVSvHPS.exe
  C:\Windows\System\LVSvHPS.exe
  2⤵
  PID:9668
- C:\Windows\System\wkVmTFb.exe
  C:\Windows\System\wkVmTFb.exe
  2⤵
  PID:11268
- C:\Windows\System\xSqRLgF.exe
  C:\Windows\System\xSqRLgF.exe
  2⤵
  PID:11288
- C:\Windows\System\rJlRmIa.exe
  C:\Windows\System\rJlRmIa.exe
  2⤵
  PID:11312
- C:\Windows\System\GdpsqGP.exe
  C:\Windows\System\GdpsqGP.exe
  2⤵
  PID:11332
- C:\Windows\System\CXPInHX.exe
  C:\Windows\System\CXPInHX.exe
  2⤵
  PID:11352
- C:\Windows\System\SOAzjpx.exe
  C:\Windows\System\SOAzjpx.exe
  2⤵
  PID:11372
- C:\Windows\System\xwXJyJO.exe
  C:\Windows\System\xwXJyJO.exe
  2⤵
  PID:11392
- C:\Windows\System\uitdeAc.exe
  C:\Windows\System\uitdeAc.exe
  2⤵
  PID:11412
- C:\Windows\System\lpchZjd.exe
  C:\Windows\System\lpchZjd.exe
  2⤵
  PID:11432
- C:\Windows\System\LTadJJz.exe
  C:\Windows\System\LTadJJz.exe
  2⤵
  PID:11452
- C:\Windows\System\UyGTLZC.exe
  C:\Windows\System\UyGTLZC.exe
  2⤵
  PID:11472
- C:\Windows\System\eCEVaCH.exe
  C:\Windows\System\eCEVaCH.exe
  2⤵
  PID:11492
- C:\Windows\System\JCunamA.exe
  C:\Windows\System\JCunamA.exe
  2⤵
  PID:11512
- C:\Windows\System\AgUkywn.exe
  C:\Windows\System\AgUkywn.exe
  2⤵
  PID:11532
- C:\Windows\System\roKZAgW.exe
  C:\Windows\System\roKZAgW.exe
  2⤵
  PID:11552
- C:\Windows\System\bmFdvnR.exe
  C:\Windows\System\bmFdvnR.exe
  2⤵
  PID:11568
- C:\Windows\System\caWleCb.exe
  C:\Windows\System\caWleCb.exe
  2⤵
  PID:11584
- C:\Windows\System\rBJveOY.exe
  C:\Windows\System\rBJveOY.exe
  2⤵
  PID:11600
- C:\Windows\System\oyQiNhL.exe
  C:\Windows\System\oyQiNhL.exe
  2⤵
  PID:11616
- C:\Windows\System\begWwCI.exe
  C:\Windows\System\begWwCI.exe
  2⤵
  PID:11632
- C:\Windows\System\wSGFRtP.exe
  C:\Windows\System\wSGFRtP.exe
  2⤵
  PID:11648
- C:\Windows\System\wnkhXou.exe
  C:\Windows\System\wnkhXou.exe
  2⤵
  PID:11676
- C:\Windows\System\gKZryxf.exe
  C:\Windows\System\gKZryxf.exe
  2⤵
  PID:11704
- C:\Windows\System\GbmzPIB.exe
  C:\Windows\System\GbmzPIB.exe
  2⤵
  PID:11724
- C:\Windows\System\aCyWKLG.exe
  C:\Windows\System\aCyWKLG.exe
  2⤵
  PID:11748
- C:\Windows\System\lPrQCJG.exe
  C:\Windows\System\lPrQCJG.exe
  2⤵
  PID:11772
- C:\Windows\System\xuBLZVJ.exe
  C:\Windows\System\xuBLZVJ.exe
  2⤵
  PID:11796
- C:\Windows\System\yuArLGc.exe
  C:\Windows\System\yuArLGc.exe
  2⤵
  PID:11824
- C:\Windows\System\MAPWVxl.exe
  C:\Windows\System\MAPWVxl.exe
  2⤵
  PID:11840
- C:\Windows\System\lnDCmSC.exe
  C:\Windows\System\lnDCmSC.exe
  2⤵
  PID:11860
- C:\Windows\System\AaOUYIi.exe
  C:\Windows\System\AaOUYIi.exe
  2⤵
  PID:11880
- C:\Windows\System\TsMRGsJ.exe
  C:\Windows\System\TsMRGsJ.exe
  2⤵
  PID:11904
- C:\Windows\System\LhaLdcb.exe
  C:\Windows\System\LhaLdcb.exe
  2⤵
  PID:11924
- C:\Windows\System\OWAzWmt.exe
  C:\Windows\System\OWAzWmt.exe
  2⤵
  PID:11940
- C:\Windows\System\luMWfuG.exe
  C:\Windows\System\luMWfuG.exe
  2⤵
  PID:11956
- C:\Windows\System\DnJlkdm.exe
  C:\Windows\System\DnJlkdm.exe
  2⤵
  PID:11976
- C:\Windows\System\CfUcRIX.exe
  C:\Windows\System\CfUcRIX.exe
  2⤵
  PID:12000
- C:\Windows\System\NunYjuB.exe
  C:\Windows\System\NunYjuB.exe
  2⤵
  PID:12020
- C:\Windows\System\cbNmJMB.exe
  C:\Windows\System\cbNmJMB.exe
  2⤵
  PID:12036
- C:\Windows\System\fwBfgGL.exe
  C:\Windows\System\fwBfgGL.exe
  2⤵
  PID:12064
- C:\Windows\System\FDCuuWN.exe
  C:\Windows\System\FDCuuWN.exe
  2⤵
  PID:12084
- C:\Windows\System\rUiIhBu.exe
  C:\Windows\System\rUiIhBu.exe
  2⤵
  PID:12104
- C:\Windows\System\vrpEgmh.exe
  C:\Windows\System\vrpEgmh.exe
  2⤵
  PID:12128
- C:\Windows\System\aYSbuRl.exe
  C:\Windows\System\aYSbuRl.exe
  2⤵
  PID:12144
- C:\Windows\System\nWSjQBj.exe
  C:\Windows\System\nWSjQBj.exe
  2⤵
  PID:12192
- C:\Windows\System\bZvZjhy.exe
  C:\Windows\System\bZvZjhy.exe
  2⤵
  PID:12208
- C:\Windows\System\hJQHpPu.exe
  C:\Windows\System\hJQHpPu.exe
  2⤵
  PID:12224
- C:\Windows\System\leFTYWn.exe
  C:\Windows\System\leFTYWn.exe
  2⤵
  PID:12240
- C:\Windows\System\aHQFTGi.exe
  C:\Windows\System\aHQFTGi.exe
  2⤵
  PID:10632
- C:\Windows\System\TENgltv.exe
  C:\Windows\System\TENgltv.exe
  2⤵
  PID:9720
- C:\Windows\System\HArHzzB.exe
  C:\Windows\System\HArHzzB.exe
  2⤵
  PID:10092
- C:\Windows\System\kkNUpWO.exe
  C:\Windows\System\kkNUpWO.exe
  2⤵
  PID:10736
- C:\Windows\System\dlktiAh.exe
  C:\Windows\System\dlktiAh.exe
  2⤵
  PID:10772
- C:\Windows\System\MQgafoX.exe
  C:\Windows\System\MQgafoX.exe
  2⤵
  PID:9844
- C:\Windows\System\kItziZV.exe
  C:\Windows\System\kItziZV.exe
  2⤵
  PID:10876
- C:\Windows\System\GMMjPQj.exe
  C:\Windows\System\GMMjPQj.exe
  2⤵
  PID:8500
- C:\Windows\System\IJmyFJp.exe
  C:\Windows\System\IJmyFJp.exe
  2⤵
  PID:10936
- C:\Windows\System\mQpZrUE.exe
  C:\Windows\System\mQpZrUE.exe
  2⤵
  PID:10976
- C:\Windows\System\YFGJcmX.exe
  C:\Windows\System\YFGJcmX.exe
  2⤵
  PID:10956
- C:\Windows\System\IMqRkbr.exe
  C:\Windows\System\IMqRkbr.exe
  2⤵
  PID:9928
- C:\Windows\System\TTRSkyh.exe
  C:\Windows\System\TTRSkyh.exe
  2⤵
  PID:11232
- C:\Windows\System\WJUyRWn.exe
  C:\Windows\System\WJUyRWn.exe
  2⤵
  PID:7416
- C:\Windows\System\ghzMfyi.exe
  C:\Windows\System\ghzMfyi.exe
  2⤵
  PID:8732
- C:\Windows\System\AyKXKrj.exe
  C:\Windows\System\AyKXKrj.exe
  2⤵
  PID:8036
- C:\Windows\System\XMigGBE.exe
  C:\Windows\System\XMigGBE.exe
  2⤵
  PID:6844
- C:\Windows\System\CwyDBGE.exe
  C:\Windows\System\CwyDBGE.exe
  2⤵
  PID:3076
- C:\Windows\System\ujQAPIK.exe
  C:\Windows\System\ujQAPIK.exe
  2⤵
  PID:9948
- C:\Windows\System\aqIARcU.exe
  C:\Windows\System\aqIARcU.exe
  2⤵
  PID:4160
- C:\Windows\System\GdXMYRf.exe
  C:\Windows\System\GdXMYRf.exe
  2⤵
  PID:9456
- C:\Windows\System\pnJIqoD.exe
  C:\Windows\System\pnJIqoD.exe
  2⤵
  PID:10504
- C:\Windows\System\XRBamqw.exe
  C:\Windows\System\XRBamqw.exe
  2⤵
  PID:9652
- C:\Windows\System\eZFTrTe.exe
  C:\Windows\System\eZFTrTe.exe
  2⤵
  PID:11304
- C:\Windows\System\VWOkhNK.exe
  C:\Windows\System\VWOkhNK.exe
  2⤵
  PID:11340
- C:\Windows\System\kcBGNhS.exe
  C:\Windows\System\kcBGNhS.exe
  2⤵
  PID:10216
- C:\Windows\System\aJqYTst.exe
  C:\Windows\System\aJqYTst.exe
  2⤵
  PID:9136
- C:\Windows\System\tzJUnKb.exe
  C:\Windows\System\tzJUnKb.exe
  2⤵
  PID:11484
- C:\Windows\System\jsuKvhG.exe
  C:\Windows\System\jsuKvhG.exe
  2⤵
  PID:12296
- C:\Windows\System\hDRfqDl.exe
  C:\Windows\System\hDRfqDl.exe
  2⤵
  PID:12320
- C:\Windows\System\QqmPbms.exe
  C:\Windows\System\QqmPbms.exe
  2⤵
  PID:12336
- C:\Windows\System\jLmmfTi.exe
  C:\Windows\System\jLmmfTi.exe
  2⤵
  PID:12356
- C:\Windows\System\STgpcrg.exe
  C:\Windows\System\STgpcrg.exe
  2⤵
  PID:12372
- C:\Windows\System\iqICTkI.exe
  C:\Windows\System\iqICTkI.exe
  2⤵
  PID:12388
- C:\Windows\System\zMRiMiA.exe
  C:\Windows\System\zMRiMiA.exe
  2⤵
  PID:12404
- C:\Windows\System\pIbZjZw.exe
  C:\Windows\System\pIbZjZw.exe
  2⤵
  PID:12420
- C:\Windows\System\TEKrKcm.exe
  C:\Windows\System\TEKrKcm.exe
  2⤵
  PID:12440
- C:\Windows\System\CIMQJEs.exe
  C:\Windows\System\CIMQJEs.exe
  2⤵
  PID:12456
- C:\Windows\System\DjixCXT.exe
  C:\Windows\System\DjixCXT.exe
  2⤵
  PID:12472
- C:\Windows\System\azEfqti.exe
  C:\Windows\System\azEfqti.exe
  2⤵
  PID:12488
- C:\Windows\System\gqWqwue.exe
  C:\Windows\System\gqWqwue.exe
  2⤵
  PID:12508
- C:\Windows\System\KcQKJhW.exe
  C:\Windows\System\KcQKJhW.exe
  2⤵
  PID:12524
- C:\Windows\System\kToTAap.exe
  C:\Windows\System\kToTAap.exe
  2⤵
  PID:12544
- C:\Windows\System\QlLJdcU.exe
  C:\Windows\System\QlLJdcU.exe
  2⤵
  PID:12576
- C:\Windows\System\zKWSuuJ.exe
  C:\Windows\System\zKWSuuJ.exe
  2⤵
  PID:12600
- C:\Windows\System\xZJCIds.exe
  C:\Windows\System\xZJCIds.exe
  2⤵
  PID:12624
- C:\Windows\System\PKWgQay.exe
  C:\Windows\System\PKWgQay.exe
  2⤵
  PID:12640
- C:\Windows\System\EyoBiyr.exe
  C:\Windows\System\EyoBiyr.exe
  2⤵
  PID:12660
- C:\Windows\System\fAIXzwn.exe
  C:\Windows\System\fAIXzwn.exe
  2⤵
  PID:12680
- C:\Windows\System\gqdicXe.exe
  C:\Windows\System\gqdicXe.exe
  2⤵
  PID:12704
- C:\Windows\System\GDBCHjK.exe
  C:\Windows\System\GDBCHjK.exe
  2⤵
  PID:12728
- C:\Windows\System\ihfQucX.exe
  C:\Windows\System\ihfQucX.exe
  2⤵
  PID:12744
- C:\Windows\System\RhnPgPr.exe
  C:\Windows\System\RhnPgPr.exe
  2⤵
  PID:12764
- C:\Windows\System\KyrDJta.exe
  C:\Windows\System\KyrDJta.exe
  2⤵
  PID:12780
- C:\Windows\System\OesEngA.exe
  C:\Windows\System\OesEngA.exe
  2⤵
  PID:12804
- C:\Windows\System\kanrHtP.exe
  C:\Windows\System\kanrHtP.exe
  2⤵
  PID:12824
- C:\Windows\System\kJpYSOP.exe
  C:\Windows\System\kJpYSOP.exe
  2⤵
  PID:12848
- C:\Windows\System\DdgMpyt.exe
  C:\Windows\System\DdgMpyt.exe
  2⤵
  PID:12864
- C:\Windows\System\JDAFYPJ.exe
  C:\Windows\System\JDAFYPJ.exe
  2⤵
  PID:12888
- C:\Windows\System\eTsKQBn.exe
  C:\Windows\System\eTsKQBn.exe
  2⤵
  PID:12908
- C:\Windows\System\tCPbewH.exe
  C:\Windows\System\tCPbewH.exe
  2⤵
  PID:12928
- C:\Windows\System\bhwQQih.exe
  C:\Windows\System\bhwQQih.exe
  2⤵
  PID:12944
- C:\Windows\System\AMnAApD.exe
  C:\Windows\System\AMnAApD.exe
  2⤵
  PID:12984
- C:\Windows\System\dQasFMZ.exe
  C:\Windows\System\dQasFMZ.exe
  2⤵
  PID:13000
- C:\Windows\System\NDRuLrf.exe
  C:\Windows\System\NDRuLrf.exe
  2⤵
  PID:13024
- C:\Windows\System\ebRpjOq.exe
  C:\Windows\System\ebRpjOq.exe
  2⤵
  PID:13048
- C:\Windows\System\HKtZwUV.exe
  C:\Windows\System\HKtZwUV.exe
  2⤵
  PID:13064
- C:\Windows\System\hDDNYLu.exe
  C:\Windows\System\hDDNYLu.exe
  2⤵
  PID:13084
- C:\Windows\System\eYLqGcs.exe
  C:\Windows\System\eYLqGcs.exe
  2⤵
  PID:13120
- C:\Windows\System\kZRvnVZ.exe
  C:\Windows\System\kZRvnVZ.exe
  2⤵
  PID:13136
- C:\Windows\System\wrsazuf.exe
  C:\Windows\System\wrsazuf.exe
  2⤵
  PID:13156
- C:\Windows\System\DTLdwtn.exe
  C:\Windows\System\DTLdwtn.exe
  2⤵
  PID:13176
- C:\Windows\System\WeVaTye.exe
  C:\Windows\System\WeVaTye.exe
  2⤵
  PID:13200
- C:\Windows\System\ydxByNQ.exe
  C:\Windows\System\ydxByNQ.exe
  2⤵
  PID:13224
- C:\Windows\System\SjdwUWR.exe
  C:\Windows\System\SjdwUWR.exe
  2⤵
  PID:13244
- C:\Windows\System\LRSgMlq.exe
  C:\Windows\System\LRSgMlq.exe
  2⤵
  PID:13264
- C:\Windows\System\qTCSPdX.exe
  C:\Windows\System\qTCSPdX.exe
  2⤵
  PID:13288
- C:\Windows\System\NAmajPy.exe
  C:\Windows\System\NAmajPy.exe
  2⤵
  PID:13304
- C:\Windows\System\apfXqSy.exe
  C:\Windows\System\apfXqSy.exe
  2⤵
  PID:11608
- C:\Windows\System\VBjbTfW.exe
  C:\Windows\System\VBjbTfW.exe
  2⤵
  PID:11716
- C:\Windows\System\MqWpPpc.exe
  C:\Windows\System\MqWpPpc.exe
  2⤵
  PID:11760
- C:\Windows\System\ZqYbZSD.exe
  C:\Windows\System\ZqYbZSD.exe
  2⤵
  PID:11808
- C:\Windows\System\QbriMdB.exe
  C:\Windows\System\QbriMdB.exe
  2⤵
  PID:11212
- C:\Windows\System\noFyyBx.exe
  C:\Windows\System\noFyyBx.exe
  2⤵
  PID:8660
- C:\Windows\System\ILUeXlo.exe
  C:\Windows\System\ILUeXlo.exe
  2⤵
  PID:8116
- C:\Windows\System\rSbRXUH.exe
  C:\Windows\System\rSbRXUH.exe
  2⤵
  PID:9116
- C:\Windows\System\ezNlaCh.exe
  C:\Windows\System\ezNlaCh.exe
  2⤵
  PID:7696
- C:\Windows\System\JaNFtTd.exe
  C:\Windows\System\JaNFtTd.exe
  2⤵
  PID:5004
- C:\Windows\System\rFVWaZN.exe
  C:\Windows\System\rFVWaZN.exe
  2⤵
  PID:10304
- C:\Windows\System\mDaoBEd.exe
  C:\Windows\System\mDaoBEd.exe
  2⤵
  PID:10344
- C:\Windows\System\wWZTfMN.exe
  C:\Windows\System\wWZTfMN.exe
  2⤵
  PID:10376
- C:\Windows\System\lsgguxf.exe
  C:\Windows\System\lsgguxf.exe
  2⤵
  PID:7684
- C:\Windows\System\CukeTEc.exe
  C:\Windows\System\CukeTEc.exe
  2⤵
  PID:10140
- C:\Windows\System\RQBrIGG.exe
  C:\Windows\System\RQBrIGG.exe
  2⤵
  PID:9160
- C:\Windows\System\aawSZxV.exe
  C:\Windows\System\aawSZxV.exe
  2⤵
  PID:9824
- C:\Windows\System\SGIjlPA.exe
  C:\Windows\System\SGIjlPA.exe
  2⤵
  PID:9552
- C:\Windows\System\TmWUHkM.exe
  C:\Windows\System\TmWUHkM.exe
  2⤵
  PID:10628
- C:\Windows\System\OkhvHVF.exe
  C:\Windows\System\OkhvHVF.exe
  2⤵
  PID:13316
- C:\Windows\System\pBtDIAD.exe
  C:\Windows\System\pBtDIAD.exe
  2⤵
  PID:13336
- C:\Windows\System\AcZtWkc.exe
  C:\Windows\System\AcZtWkc.exe
  2⤵
  PID:13364
- C:\Windows\System\OwEPSCZ.exe
  C:\Windows\System\OwEPSCZ.exe
  2⤵
  PID:13384
- C:\Windows\System\AEHvXdp.exe
  C:\Windows\System\AEHvXdp.exe
  2⤵
  PID:13404
- C:\Windows\System\zBWKdzi.exe
  C:\Windows\System\zBWKdzi.exe
  2⤵
  PID:13428
- C:\Windows\System\clCbqGK.exe
  C:\Windows\System\clCbqGK.exe
  2⤵
  PID:13456
- C:\Windows\System\NptKqZd.exe
  C:\Windows\System\NptKqZd.exe
  2⤵
  PID:13488
- C:\Windows\System\dNwRIHq.exe
  C:\Windows\System\dNwRIHq.exe
  2⤵
  PID:13508
- C:\Windows\System\vqeZckr.exe
  C:\Windows\System\vqeZckr.exe
  2⤵
  PID:13532
- C:\Windows\System\zBjUSZI.exe
  C:\Windows\System\zBjUSZI.exe
  2⤵
  PID:13560
- C:\Windows\System\vkgvGAh.exe
  C:\Windows\System\vkgvGAh.exe
  2⤵
  PID:13588
- C:\Windows\System\vGnKzdI.exe
  C:\Windows\System\vGnKzdI.exe
  2⤵
  PID:13608
- C:\Windows\System\wmpybYm.exe
  C:\Windows\System\wmpybYm.exe
  2⤵
  PID:13636
- C:\Windows\System\MPRcvIX.exe
  C:\Windows\System\MPRcvIX.exe
  2⤵
  PID:13656
- C:\Windows\System\iKbiqoq.exe
  C:\Windows\System\iKbiqoq.exe
  2⤵
  PID:13680
- C:\Windows\System\bSACGbT.exe
  C:\Windows\System\bSACGbT.exe
  2⤵
  PID:13704
- C:\Windows\System\hbWKzPI.exe
  C:\Windows\System\hbWKzPI.exe
  2⤵
  PID:13724
- C:\Windows\System\CYPVnKA.exe
  C:\Windows\System\CYPVnKA.exe
  2⤵
  PID:13748
- C:\Windows\System\NUDEApA.exe
  C:\Windows\System\NUDEApA.exe
  2⤵
  PID:13772
- C:\Windows\System\WoWeotZ.exe
  C:\Windows\System\WoWeotZ.exe
  2⤵
  PID:13796
- C:\Windows\System\OydogLc.exe
  C:\Windows\System\OydogLc.exe
  2⤵
  PID:13824
- C:\Windows\System\kmNrYyC.exe
  C:\Windows\System\kmNrYyC.exe
  2⤵
  PID:13848
- C:\Windows\System\GSwHAkn.exe
  C:\Windows\System\GSwHAkn.exe
  2⤵
  PID:13868
- C:\Windows\System\UYkeMac.exe
  C:\Windows\System\UYkeMac.exe
  2⤵
  PID:13892
- C:\Windows\System\HWEAVdf.exe
  C:\Windows\System\HWEAVdf.exe
  2⤵
  PID:13916
- C:\Windows\System\GasfZeO.exe
  C:\Windows\System\GasfZeO.exe
  2⤵
  PID:13944
- C:\Windows\System\JfSwYJP.exe
  C:\Windows\System\JfSwYJP.exe
  2⤵
  PID:13968
- C:\Windows\System\vzhnfcL.exe
  C:\Windows\System\vzhnfcL.exe
  2⤵
  PID:14000
- C:\Windows\System\JwVOiaV.exe
  C:\Windows\System\JwVOiaV.exe
  2⤵
  PID:14032
- C:\Windows\System\AtEkrDY.exe
  C:\Windows\System\AtEkrDY.exe
  2⤵
  PID:14052
- C:\Windows\System\MyhTRdu.exe
  C:\Windows\System\MyhTRdu.exe
  2⤵
  PID:14076
- C:\Windows\System\CkgqFLh.exe
  C:\Windows\System\CkgqFLh.exe
  2⤵
  PID:14100
- C:\Windows\System\DnkrLSH.exe
  C:\Windows\System\DnkrLSH.exe
  2⤵
  PID:14124
- C:\Windows\System\DfEomnK.exe
  C:\Windows\System\DfEomnK.exe
  2⤵
  PID:14152
- C:\Windows\System\swRVmPQ.exe
  C:\Windows\System\swRVmPQ.exe
  2⤵
  PID:14168
- C:\Windows\System\TMTcduI.exe
  C:\Windows\System\TMTcduI.exe
  2⤵
  PID:14184
- C:\Windows\System\JfkXwGx.exe
  C:\Windows\System\JfkXwGx.exe
  2⤵
  PID:14204
- C:\Windows\System\fwfvTGK.exe
  C:\Windows\System\fwfvTGK.exe
  2⤵
  PID:14232
- C:\Windows\System\HPxtywm.exe
  C:\Windows\System\HPxtywm.exe
  2⤵
  PID:14252
- C:\Windows\System\DXwHEUY.exe
  C:\Windows\System\DXwHEUY.exe
  2⤵
  PID:14272
- C:\Windows\System\UgcrICY.exe
  C:\Windows\System\UgcrICY.exe
  2⤵
  PID:14296
- C:\Windows\System\rrXsDxI.exe
  C:\Windows\System\rrXsDxI.exe
  2⤵
  PID:14324
- C:\Windows\System\nURZAzl.exe
  C:\Windows\System\nURZAzl.exe
  2⤵
  PID:11380
- C:\Windows\System\UCTuPhr.exe
  C:\Windows\System\UCTuPhr.exe
  2⤵
  PID:9436
- C:\Windows\System\pGlEJdG.exe
  C:\Windows\System\pGlEJdG.exe
  2⤵
  PID:10668

C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\servicing\TrustedInstaller.exe
1⤵
PID:12544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\DzqxQOQ.exe

Filesize
1.5MB

MD5
b1c3d998777d2e7bf7cc584d839169d5

SHA1
7e05b56e0c68411b8e20127b7c37c5962a80f6ad

SHA256
114ad2ada21b246ffcd78bc6d3eaa7164aadf10dd6134b598993844afe2f614c

SHA512
8a9530d7143a813df8ea517180d7d1d95605fa2543bf21257401082f446bee0de20d3bb66683831d0a6a7b5988f3b58d0b6a6d57deb74debf6e8791609190c14

Download Submit
C:\Windows\System\FYTIUPZ.exe

Filesize
1.5MB

MD5
66eba5fb32c4ffe668ebc298339053c4

SHA1
73edee8f428643beff831c537a15f690ce60c43c

SHA256
6e101299028f9256b8f28956c397c62959fe21d9265bdee62c8ac4cde8f862d2

SHA512
c43a0886ab19a837263c7715663b5b65d523caeb130030177168ed572842d820b9ec9c46bfa0bf590f3c5f6d2bcf186c736f4ac0de5f6d90056433249a38680a

Download Submit
C:\Windows\System\FpMoUhn.exe

Filesize
1.5MB

MD5
0dcdda19bb55e227b54e5614a342b0f5

SHA1
47f1acea709f8c15ad56ca3578dbdbdf8206b2b9

SHA256
b3a951388922f11e11f5b3c29f0ed12f5335dd800288a556042af4408b4c15c6

SHA512
f224d7d481de62784e9d56b479218c413ce8bf48c1ac5885f7d738e3c6bc37c1e10a5f42a0add22ecfc7d043c2bc7bdd3ae8245f04efc5078bb0ab52fdb8d1ba

Download Submit
C:\Windows\System\GAoxoIv.exe

Filesize
1.5MB

MD5
2cf7aebbfc6558a2cd550ebcbda32d43

SHA1
85e72567f79325bce742911f216e16105f3ae14c

SHA256
6dc6060e570ed5d4b8ca1f3a4bac1fd56a0d2fe53502e5bc8fbe0f978c5042ff

SHA512
9c6e9abbcb887e7c19e58691801e8f84e93aed2c2ab811f3e2ab05062d695951608f930f2619f068a22638119e82aad5d7fb5b836601a9cd261b220495e22065

Download Submit
C:\Windows\System\HBlZBHg.exe

Filesize
1.5MB

MD5
3978871090503e92cd485f67ed511434

SHA1
31efb1f06882cf7e833a58fdda71593d51fc2b17

SHA256
b9a38bf62c54fa20c968d539d6e06feb7c588af0077c1a601953d2076543b6be

SHA512
4c65e1af431227e63cef592efbd4c51755a19a178dd744743bd21828869bef7f99596735a032bbcc1f04802461b769a08cc8edc54844b5bbf26ee9a1639719a4

Download Submit
C:\Windows\System\LEkyYnf.exe

Filesize
1.5MB

MD5
0dc6aeb04118b7c0611e80a39b4035d1

SHA1
a2e7a5fbe11345c20144704a9de90f0a7b4263d9

SHA256
5254c784dccad35c2224300a4370e05c69143c1f02ea9d931af84d58bdbe91f1

SHA512
df2cfc978323d74c1f6b084b349594ebab2699831bc74e114c6efd60d2d34bb624375babf38c42bd8e6c4774824d84b4f600de6ed5ce3655873072c14ad98e76

Download Submit
C:\Windows\System\MbDIKfr.exe

Filesize
1.5MB

MD5
c1e74dec3e3aad6c58a290f0d43f0b6c

SHA1
9e6033a56918ec697e9a8ef9b955b3e1773410d9

SHA256
37636db3dfa53e5297377678fe9dea39ab2a8bedc3675a6194e1d15c95505908

SHA512
b8b644408cd05e2e7ebb8b8c6cbfba38fcf11b87e326db24fc463c08faf4dee43a5837c56102a52e063685ce00c24d6e729f6e46bdeb7e3137a80c622d5320c8

Download Submit
C:\Windows\System\NHSeRNV.exe

Filesize
1.5MB

MD5
03135acedaa9c5e929e5d0666ba99e9c

SHA1
b8179d886c64bd9a26b17db0a1c4d9d60bba4a21

SHA256
1823d7e8d631311e8a063e0bf3414728b19c73c70a57ab75f55b2c469630a460

SHA512
d2364ca0385227b82403012fccea7954c26203ad78aed0e360f552435afd6a28dc2e2b9fb8b266af1207cf6cc394a35419a5d5f98381911c0df30e72ea64b361

Download Submit
C:\Windows\System\PRxGTpM.exe

Filesize
1.5MB

MD5
1d8420b40f37a67ffd236b0c5fd2ccee

SHA1
534a004cbc17661f1bcca4a9163f8c64fd953dae

SHA256
c15d93b80b15d9cbf0997a8b8060de570c14c670e145b3b3aa3b74e1d0e69d05

SHA512
749becffdff3170cbe75edd77d1f1b2eee455296fbd03cd553afe97558cc043c1b0c8c7ecb4d8df0a406071b739f1de11bea17613e6fd52b41cae444c10a2e51

Download Submit
C:\Windows\System\PdqmocU.exe

Filesize
1.5MB

MD5
d22a741e1abc6bd303ceb49c98c1f5bf

SHA1
1347ee42a7fc4ae4287945944cbc1de8d65f89be

SHA256
499964581337d5f21b8acecb03016b66114644353ca1e41dc567b20b072c86b7

SHA512
47c3ea850c17ee6b1a81187e8f84fe3745506010859ce7efdf8aef2fe370aca2608eab6bf7a14bda81a356b2edfa171177db76c7efa6ee001eee50500f3afc27

Download Submit
C:\Windows\System\QZEAdwY.exe

Filesize
1.5MB

MD5
b62873cb7b56cf02eda99ee88effb8d8

SHA1
7f5ec936ac0493b70f62a75d23064af1fe04ed3e

SHA256
05cac88a2facb458cc0e0ba3b3b9ab9ec63fedf6c7823263257d167881c752f1

SHA512
b8f77d5716d60510b0c86a53a736b5e835fc00bf3b843ff46263df96b362e3fa4a6bf5fbb647fed3bf07e822c20881e8cfa16bfe24970edcf628a24da0f90c3f

Download Submit
C:\Windows\System\SOOvohM.exe

Filesize
1.5MB

MD5
fb8c5115ccac21bc8fe648e68029497b

SHA1
31fcfa3c283c6b9b37382e3d7d7a01095e6ba361

SHA256
5b8c4557d0e41ac38fd8bc8d3832e43abba28b37359b5093d9553a63fdce754d

SHA512
a11eccdbe5a459cfdf824439febb35895ef13d437ef5cff0959621b556499ed1f0359d0ee417e9b3c2faa17eb239e998d9e409405addcbaa516abc46ef680478

Download Submit
C:\Windows\System\TVSoMrD.exe

Filesize
1.5MB

MD5
f9b0ea60a4c779b827d7249989babd07

SHA1
fba1dd98a4397aa3dbc9b61ba30d34ff398888a2

SHA256
992be9a04942d62712e36b52b2fa96924804fe56c1e96e6f27bf2f5cbf25f8f6

SHA512
5eb3e2ba95e7c12c41c8118185f2c449b13b6a2470c321a55b9b9302d6889f03bf788dcc1400afc28bf9eb72184684781d026e6d4d94f5da95a104f3cb56b307

Download Submit
C:\Windows\System\TjeplYL.exe

Filesize
1.5MB

MD5
88cf9920d6b07103f05f0525696e2674

SHA1
5ff7a9431584f543bcb466404e85450e556b9bd7

SHA256
fcc91b6bc413dbbd7e8a51a47071169e99cf967bfe58f91e5647ba0aac7909c3

SHA512
d30ca4548a732ca4a0c26711046bce67b5dde3ff5e8b2d7bbeba1c3870db025b6fc417981e5c2286a79b9203c55f83db9fe3282ace1662fbef1e73a824ea95d9

Download Submit
C:\Windows\System\ToxYaUG.exe

Filesize
1.5MB

MD5
2475235ca8dbaa05829fbff95db7d7b2

SHA1
afa924993c04e9b39f9c32275d60545d2dfb0adc

SHA256
34d3bc13abebf6bede577f40edbfa82888d2d11963c022e01fa470a9e25118ab

SHA512
bcbd84f58eb7e9d1445a2350996159b702a1dc36d5a9acd1b031197714604eab6e86b6ee3436b97c52117c9c2c8d541894ad00213236c2b923bf04b5a6621e04

Download Submit
C:\Windows\System\UKpuIEI.exe

Filesize
1.5MB

MD5
7a1eafef548b001c7db4985113c4c98a

SHA1
c1733c79042fccc9f5007a91fcacff7b496db0ba

SHA256
41f46797913d5d7a4f2abbe0be806f9cb033d80d5b2d181dd27ab7e602e0dcb6

SHA512
d3429dbcb5294b7132e576c623de1cd0b3f3fcbef40e0b02cc92ef6484b0d3b4a227c5f94c8ac817cfd8776d0ae3c321ae9e7e3de015fcf681082e03c60608b5

Download Submit
C:\Windows\System\UWBUfDG.exe

Filesize
1.5MB

MD5
a79effe716dea8391c8e082277b00e2a

SHA1
26bda8589f7f95a3327a81785d09bce1de724bde

SHA256
db71fcb91e34698e155375cd65766e578a819c0afee5670aec282fc48e433bbd

SHA512
ee7f8b544bc7a20a68f66f537e9161c9fc67ca17d0cea32858579c43186703f0742f30b6d65f4be0e98a9a80766aa175a55a5f8c839d91cd0be156730480386d

Download Submit
C:\Windows\System\XmDZFrI.exe

Filesize
1.5MB

MD5
1bf0bae5cd83f1d5c9a7b05e9e236d1d

SHA1
9ffcd06ce917c26a023c017ec1192c66e08d2630

SHA256
43f6ca5cbd30c129f79af8362145c843771873ae948151926f8c40bc935dca8e

SHA512
24d2b67dad03cca3275866d001aff682e8fc172036e3060b7f915cbc53d0360a4ce9633ff962306f68a82193aa13d1d420dfb67e9fe8abcded66d04865b31655

Download Submit
C:\Windows\System\YSghBPc.exe

Filesize
1.5MB

MD5
60d414a2df9df8310696c8dacb6eec69

SHA1
2f5132dbd31cc8978df10f2552af786a88399096

SHA256
bd0c1cc526d26fb64189a55eeee3dd26b8de326699ddbe4e8284d49d2d081dbe

SHA512
be65756cc2ba872139a3d27807fb8244584c315ca7f94e05ab6984d428202a4a43cdb40005859040eb4e487626fbf59d99ac8a0be4e6ea302b9286fbf1144fb9

Download Submit
C:\Windows\System\ZsXXFEV.exe

Filesize
1.5MB

MD5
cfa309dae4500d4f3ec22a4a9381c3ca

SHA1
e1d5eacf52d4bd2f93ba3073f7b63289a24066d9

SHA256
a5b7adfbbd0d7cc91a5dfa7d7b17f12ab34feec27d2217b92f762e518a099e47

SHA512
f1b19e98115de4edcaed636653d2fdd1a7a41d82f40550c648b31f4edd06879c529d5dedec1a8c6f43f4f6f4ddf761cf322e90b9bc9b8a95af448a49ba14db8b

Download Submit
C:\Windows\System\aSCcFqX.exe

Filesize
1.5MB

MD5
4040b5b32b9b5422014ac9e6c2044061

SHA1
8c46e9b96669b247eba47e2688a591ddb879ba67

SHA256
8897a8f962a32469ddd6f50fd0c2c02be2e6e50c1e3f12e2bd757d09312a4269

SHA512
af6b504a294d5d7d96476f703d20259e2989bdbe86e4d747d25c7bb606a4f511ff2294ddbaf839ddf4d4b8e635e996c89d59d083eca629e8799959c59fca85a3

Download Submit
C:\Windows\System\bZxjvMJ.exe

Filesize
1.5MB

MD5
bf4b31928e443a2e1dedc4346fcad3b1

SHA1
1955df3571f28b19dea26a18098c1488751eebef

SHA256
40906523701ed2d2814a9468bda3907d449ce482879ea73a71787eeb09b3a156

SHA512
884f0c65b63d74c736ca100028634f298b3ff94c845c8498d35e96b37dfd5511d5127268e33e57a9b7a49eda65418a19cf430fe6491550643387abb41a32bb0b

Download Submit
C:\Windows\System\cvagfIU.exe

Filesize
1.5MB

MD5
d004f2867e66cda88b98a5d16f0c4452

SHA1
16efe8df09fb1251d4a90e95d3b0ddc817bb37ea

SHA256
e5046e4256de1304988f8235de016dd80bb6e393f7df1d91e71858f25bf486dc

SHA512
0f1dcf7192f2c03a7717c57f2ebafae70029b7e57bf5509947e5da75513ba9d842aaf3bf7de0d6eb28a4f5a4fffde066283d78d50de6d259d6b5bb069fbef7cb

Download Submit
C:\Windows\System\elYQiNo.exe

Filesize
1.5MB

MD5
a7e492415a081d487d428cfb3d96251a

SHA1
7022fa0c7b472485b9a05c8152775b2ee53d4c67

SHA256
c9c0ea0352f7896edc1891d05b52ab6fbe354319275bf9575c16d42465d468fc

SHA512
77ba491c234daaec904e56277da4ed8728f785574eba1b91ab0f9fa185a9ea2406cf9b2997b30c1e48c916fd552248dc81b68834b588434447cfb457a01e8257

Download Submit
C:\Windows\System\izkhrDW.exe

Filesize
1.5MB

MD5
b41f9de6ed29438bb388ee27aa5d086f

SHA1
255619f8cba2cf9a9915ab93baaf7623a5840be2

SHA256
f80d54576166476f431687aba22c6402af4edf989191fe2d13eba149dcc76117

SHA512
069418566e0dc0e6faa95148e299fb2858ea817fb4bf8fd09f644f4607dec853e0bba5f7193e25eb37d3acdf2beaebf94cc8a500152bfc08be39ef25788d2638

Download Submit
C:\Windows\System\jJqdTTs.exe

Filesize
1.5MB

MD5
f9e1e1c3ca1d8a4134248b4d0d673cb6

SHA1
9a643ee4bcd73068451307b7063172378c67dd90

SHA256
288149422cca50b43fa17c73a88ac1cb7d3211b8c9080c0d5c84dc9dd284567f

SHA512
efc67ba13d7bf547f21dc1119558f20a4bfbc5a002f53437c07c801a6372021c36fcc605ad82a0bd66db33d8ba419905e798c9aee455dfaeb99948eb2875ae20

Download Submit
C:\Windows\System\lTrZaeR.exe

Filesize
1.5MB

MD5
28e4e3a7dc3e10368e9eeb0baa04ddd3

SHA1
77f306f116fc9a9a116ba754a0b245ebb6043cc9

SHA256
656fe189869d1bb7dab87d84808921f8def292b28c998ceb8974887b42ddb03b

SHA512
e8d305361fb64c97d2a897c0ba2da146cf5bac16d631ddcb10ab7323a5679b1bad9feabf2b16108593fa6cf7994d7f44839e4eb7ea96f8f59d660538b2c3c99d

Download Submit
C:\Windows\System\lVicYXW.exe

Filesize
1.5MB

MD5
7492a151288f7c68ef85a0a82950a006

SHA1
a1a909cf7b6cf9c8fe889cf34ac8a2283a6e1936

SHA256
17044943f79476df596ee5d2bed92c37983a17cf6d28267fd37e4d23ab41bd1f

SHA512
7fa9e1a5a073dba8c31887531b3a0b8767b58a14e25aa77100d987fa34a5510ac1fe94abecdb6abf1b4c6ceb6fcd7db12bace2bd56cdc16b0c8541cce1bedb33

Download Submit
C:\Windows\System\mThjdqP.exe

Filesize
1.5MB

MD5
2c268a1bcd192d30f22d2453747e98bf

SHA1
6d50be1039dd6505fd8a7dae53b970ad826b49dc

SHA256
abf78c08b60533bfcb016c46f61c34bdde0288093297c12d26a6ced86625cdae

SHA512
66b95c4f79fb886485a47df239ea31b500358a7c0ee6de2e5ae92598bbcf858cfa769a7169aa317b7401f7f5cc5eeeb4ff09f824e833d211bc3e80912e71a04c

Download Submit
C:\Windows\System\qeZKjLN.exe

Filesize
1.5MB

MD5
f8e226f4f52ae74cef81d6745f197a50

SHA1
8cd58330b5fe52e051892a495332fb354ad25a1b

SHA256
144124fbe71231e9783ce5387ee440c54bbf927be22930b3f9b9dca4e75c10cc

SHA512
595d56c0fc1568985db31033504d4da76131eb6189ed167dffa7bd772f0eae2d641088b308c5c75edfb03f0f4a528e4a7c5115b82a7df44907d8323055c8ae71

Download Submit
C:\Windows\System\rDLNnEm.exe

Filesize
1.5MB

MD5
63819f62cb6f983fdfa2a1ef2d03e065

SHA1
dca8e5bf17531d4f2c3330103e419ce3fbf94b5b

SHA256
2bce3b99bde751513547f4a0d31e9aa30e0291c3fb74e2ef602f7b666e077c43

SHA512
7da87675882a3f8fa268c230bbcc12b3eb06f39ce4e392b1dddc32c035ccb41d2a340b5bf53aa0020035228932599d60fcb8d0f8251996c953ebdc10293d11fd

Download Submit
C:\Windows\System\rqiLmhP.exe

Filesize
1.5MB

MD5
161a1f4e16dcac4167631ee44a86cc5b

SHA1
b8354d4902606be2a49cec986d8bcbcc5a65dea9

SHA256
23f2224e45dd1b9531feb70aa6ec17ad23c4ce78068d9ea9b54a7b9f9c0645ae

SHA512
74ee0fb8340245e4425c7e904ff0e06d97aedd0ee15f5b9a529535660f4bc8a81a5c05753a8459b30bb7c457c006eea54ae07a74340c14d8581961d82fe44e8f

Download Submit
C:\Windows\System\saQkGFG.exe

Filesize
1.5MB

MD5
910db34cf1f7743fc05484f32325c725

SHA1
f73409002e21cb17d6668904befb0810e8874a43

SHA256
9b4e9a7b9ec018524f1f7a29edf52ec89ff79f528f6b2e469110c3b42fda0ace

SHA512
76713f3f7147123e7a16cc1b57a859f304c7bc2fcd050ceda71f39cb9839eb714bc4b3e8e3cd6e8fb74acf40d7811d2b7572253263468dcf57ba5eb12f4c7acf

Download Submit
C:\Windows\System\uDWAMEz.exe

Filesize
1.5MB

MD5
5d88ebc9cd54368b1e59081840978298

SHA1
0e6591396b1781c365914eed2613a2eb0c7e5747

SHA256
1bbd7c4fd55a80c2ed549d832e96c5d8d420d04bd8f842a4a2793877e65c02a9

SHA512
5041dc04b82a59fc9215cd554acbcc01195e7fdf620a68f1f803edebd6100461df579d44fe1dd597cf7877c38c85a41d2a9a6a33fc770281a267b25e5ecc0e59

Download Submit
C:\Windows\System\uQgiwqt.exe

Filesize
1.5MB

MD5
ea8e8c2f99033c56f28153e337e4f851

SHA1
1a05577337e2306269096bbe80dbbf5db8c04235

SHA256
ce0f48ebee244a171a1727e9504e6916d148845069fe0605b586d243fcca3e76

SHA512
2cf692c08e2d21e0e82e17cc703877fc597f6abdb06464ee355ed6288ab341fb62e5d0871314558219b06892c5d6b7340f09b194c5a6b3325acd9c209c1b10bf

Download Submit
C:\Windows\System\xFfFMGz.exe

Filesize
1.5MB

MD5
1bc85536380c2d21819afc83bb5cffe8

SHA1
b1df962f4e33a46b826141117d89a884236949fa

SHA256
dfedaa42ded73a491f46cd67fadff20b2067e88969da616d62a0582de87fd88d

SHA512
0934c3fae98ff095fd826f7c9d14427f786814737238064351bf38e56f8853c4e2956b9417a6fe4e0c9aad89e63d70ee3088e107d39a3f66b9e7870418654474

Download Submit
C:\Windows\System\ynTMaCX.exe

Filesize
1.5MB

MD5
8824ff91a3575f4c51be5c71e75ba8ce

SHA1
507cb4bbe865beecdb06127547690e74cfeb0250

SHA256
bbb9e040573f1cf360d12133834b4837f1b7b8f2eae01fcac981eb68ca0c461f

SHA512
7b419b56f4888441972a7451472aec8437ef897ebe94d0d316d877fa53f647f9dd0ba780b571f31a2bdd4fe837a8e0c2b3987792e544f4ba1fa9f629f45e9c5b

Download Submit
C:\Windows\System\zQQlEPL.exe

Filesize
1.5MB

MD5
0d6b18e673ad57793ef62ee15622db03

SHA1
05b87da7ae926d22c50552f22e14f093fd6cabc8

SHA256
0b3ff00a7c5f81fde8e83facad5d3b9396de5c6fe0db2c8bb808a39c264d83c0

SHA512
87da3af81aba89bd7234c1aaf7a200974d85687bda2f292ec624a13af96fa299091151e99966c01b9e60a1861bd66b353f4d23417f3eed892621a0f8cae7011e

Download Submit
C:\Windows\System\zWNeGou.exe

Filesize
1.5MB

MD5
8a79ce6974c94850a63ff6f536cf1561

SHA1
e0f0158f6a533bf7f9bd314089ff751a11b34165

SHA256
af9aeb5f93bbd97c4bf7b48777588209f83815da6c99bc490c4ea0d33f602711

SHA512
75e68ed3d6bf7c787efd5bd869e9d6110fda2960b3377cb5f9adfbe10bbc454f6cd2ab882b344972c8dddd6aee9ba7782257db882b14d1a48060569139a62dba

Download Submit
C:\Windows\System\zzqOGIL.exe

Filesize
1.5MB

MD5
ce3992ce206cfc79a58cb9f84fb6f965

SHA1
284724aba7e81458abbbfbf44e9709e4bd698ff9

SHA256
43ea589884b55244b8deeca2340de1759f9d820fc6c6382be8a7ea286c62bf97

SHA512
154d0c1b8c157ad706233bde3d32a5a709fb969c3c92edb789a8b9d1a9506255516e91809363c32e3aa0222e71961b1c7ba4604884533d9760ccc3a5f32e6054

Download Submit
memory/516-502-0x00007FF75B2E0000-0x00007FF75B631000-memory.dmp

Filesize
3.3MB

Download
memory/516-2223-0x00007FF75B2E0000-0x00007FF75B631000-memory.dmp

Filesize
3.3MB

Download
memory/636-508-0x00007FF632360000-0x00007FF6326B1000-memory.dmp

Filesize
3.3MB

Download
memory/636-2252-0x00007FF632360000-0x00007FF6326B1000-memory.dmp

Filesize
3.3MB

Download
memory/916-2227-0x00007FF7F5380000-0x00007FF7F56D1000-memory.dmp

Filesize
3.3MB

Download
memory/916-267-0x00007FF7F5380000-0x00007FF7F56D1000-memory.dmp

Filesize
3.3MB

Download
memory/976-407-0x00007FF735920000-0x00007FF735C71000-memory.dmp

Filesize
3.3MB

Download
memory/976-2249-0x00007FF735920000-0x00007FF735C71000-memory.dmp

Filesize
3.3MB

Download
memory/1160-2236-0x00007FF6F6A60000-0x00007FF6F6DB1000-memory.dmp

Filesize
3.3MB

Download
memory/1160-425-0x00007FF6F6A60000-0x00007FF6F6DB1000-memory.dmp

Filesize
3.3MB

Download
memory/1176-471-0x00007FF6D7560000-0x00007FF6D78B1000-memory.dmp

Filesize
3.3MB

Download
memory/1176-2232-0x00007FF6D7560000-0x00007FF6D78B1000-memory.dmp

Filesize
3.3MB

Download
memory/1352-2263-0x00007FF775450000-0x00007FF7757A1000-memory.dmp

Filesize
3.3MB

Download
memory/1352-506-0x00007FF775450000-0x00007FF7757A1000-memory.dmp

Filesize
3.3MB

Download
memory/1460-32-0x00007FF6BB5E0000-0x00007FF6BB931000-memory.dmp

Filesize
3.3MB

Download
memory/1460-2209-0x00007FF6BB5E0000-0x00007FF6BB931000-memory.dmp

Filesize
3.3MB

Download
memory/1460-2202-0x00007FF6BB5E0000-0x00007FF6BB931000-memory.dmp

Filesize
3.3MB

Download
memory/1472-2230-0x00007FF6C0110000-0x00007FF6C0461000-memory.dmp

Filesize
3.3MB

Download
memory/1472-296-0x00007FF6C0110000-0x00007FF6C0461000-memory.dmp

Filesize
3.3MB

Download
memory/1516-344-0x00007FF6AB570000-0x00007FF6AB8C1000-memory.dmp

Filesize
3.3MB

Download
memory/1516-2239-0x00007FF6AB570000-0x00007FF6AB8C1000-memory.dmp

Filesize
3.3MB

Download
memory/1552-2205-0x00007FF6B5D30000-0x00007FF6B6081000-memory.dmp

Filesize
3.3MB

Download
memory/1552-2254-0x00007FF6B5D30000-0x00007FF6B6081000-memory.dmp

Filesize
3.3MB

Download
memory/1552-219-0x00007FF6B5D30000-0x00007FF6B6081000-memory.dmp

Filesize
3.3MB

Download
memory/1808-0-0x00007FF6B43A0000-0x00007FF6B46F1000-memory.dmp

Filesize
3.3MB

Download
memory/1808-1-0x000001F578320000-0x000001F578330000-memory.dmp

Filesize
64KB

Download
memory/1808-2103-0x00007FF6B43A0000-0x00007FF6B46F1000-memory.dmp

Filesize
3.3MB

Download
memory/1916-330-0x00007FF6E9C90000-0x00007FF6E9FE1000-memory.dmp

Filesize
3.3MB

Download
memory/1916-2233-0x00007FF6E9C90000-0x00007FF6E9FE1000-memory.dmp

Filesize
3.3MB

Download
memory/1960-501-0x00007FF6CEB20000-0x00007FF6CEE71000-memory.dmp

Filesize
3.3MB

Download
memory/1960-2259-0x00007FF6CEB20000-0x00007FF6CEE71000-memory.dmp

Filesize
3.3MB

Download
memory/2116-2272-0x00007FF7A0090000-0x00007FF7A03E1000-memory.dmp

Filesize
3.3MB

Download
memory/2116-500-0x00007FF7A0090000-0x00007FF7A03E1000-memory.dmp

Filesize
3.3MB

Download
memory/2160-2243-0x00007FF752680000-0x00007FF7529D1000-memory.dmp

Filesize
3.3MB

Download
memory/2160-504-0x00007FF752680000-0x00007FF7529D1000-memory.dmp

Filesize
3.3MB

Download
memory/2736-2203-0x00007FF66F4F0000-0x00007FF66F841000-memory.dmp

Filesize
3.3MB

Download
memory/2736-2215-0x00007FF66F4F0000-0x00007FF66F841000-memory.dmp

Filesize
3.3MB

Download
memory/2736-125-0x00007FF66F4F0000-0x00007FF66F841000-memory.dmp

Filesize
3.3MB

Download
memory/2808-408-0x00007FF7B13A0000-0x00007FF7B16F1000-memory.dmp

Filesize
3.3MB

Download
memory/2808-2237-0x00007FF7B13A0000-0x00007FF7B16F1000-memory.dmp

Filesize
3.3MB

Download
memory/3060-470-0x00007FF77EBB0000-0x00007FF77EF01000-memory.dmp

Filesize
3.3MB

Download
memory/3060-2262-0x00007FF77EBB0000-0x00007FF77EF01000-memory.dmp

Filesize
3.3MB

Download
memory/3184-2219-0x00007FF7A1810000-0x00007FF7A1B61000-memory.dmp

Filesize
3.3MB

Download
memory/3184-505-0x00007FF7A1810000-0x00007FF7A1B61000-memory.dmp

Filesize
3.3MB

Download
memory/3188-244-0x00007FF7DB270000-0x00007FF7DB5C1000-memory.dmp

Filesize
3.3MB

Download
memory/3188-2217-0x00007FF7DB270000-0x00007FF7DB5C1000-memory.dmp

Filesize
3.3MB

Download
memory/3456-503-0x00007FF648C00000-0x00007FF648F51000-memory.dmp

Filesize
3.3MB

Download
memory/3456-2266-0x00007FF648C00000-0x00007FF648F51000-memory.dmp

Filesize
3.3MB

Download
memory/3512-507-0x00007FF7A21A0000-0x00007FF7A24F1000-memory.dmp

Filesize
3.3MB

Download
memory/3512-2241-0x00007FF7A21A0000-0x00007FF7A24F1000-memory.dmp

Filesize
3.3MB

Download
memory/3708-60-0x00007FF78E620000-0x00007FF78E971000-memory.dmp

Filesize
3.3MB

Download
memory/3708-2211-0x00007FF78E620000-0x00007FF78E971000-memory.dmp

Filesize
3.3MB

Download
memory/4288-243-0x00007FF643440000-0x00007FF643791000-memory.dmp

Filesize
3.3MB

Download
memory/4288-2225-0x00007FF643440000-0x00007FF643791000-memory.dmp

Filesize
3.3MB

Download
memory/4468-18-0x00007FF61CF50000-0x00007FF61D2A1000-memory.dmp

Filesize
3.3MB

Download
memory/4468-2201-0x00007FF61CF50000-0x00007FF61D2A1000-memory.dmp

Filesize
3.3MB

Download
memory/4468-2213-0x00007FF61CF50000-0x00007FF61D2A1000-memory.dmp

Filesize
3.3MB

Download
memory/4608-2200-0x00007FF6B5940000-0x00007FF6B5C91000-memory.dmp

Filesize
3.3MB

Download
memory/4608-14-0x00007FF6B5940000-0x00007FF6B5C91000-memory.dmp

Filesize
3.3MB

Download
memory/4608-2207-0x00007FF6B5940000-0x00007FF6B5C91000-memory.dmp

Filesize
3.3MB

Download
memory/4656-2222-0x00007FF7ADA10000-0x00007FF7ADD61000-memory.dmp

Filesize
3.3MB

Download
memory/4656-2204-0x00007FF7ADA10000-0x00007FF7ADD61000-memory.dmp

Filesize
3.3MB

Download
memory/4656-176-0x00007FF7ADA10000-0x00007FF7ADD61000-memory.dmp

Filesize
3.3MB

Download
memory/4696-2258-0x00007FF690650000-0x00007FF6909A1000-memory.dmp

Filesize
3.3MB

Download
memory/4696-343-0x00007FF690650000-0x00007FF6909A1000-memory.dmp

Filesize
3.3MB

Download
memory/4756-369-0x00007FF603320000-0x00007FF603671000-memory.dmp

Filesize
3.3MB

Download
memory/4756-2256-0x00007FF603320000-0x00007FF603671000-memory.dmp

Filesize
3.3MB

Download