xmrig | ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a

Analysis

max time kernel
94s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20-09-2024 23:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
Size

1.9MB
MD5

f255a455decc484750df07f9bc596844
SHA1

518de5f04d4eb9958e1d49acb5812a23393f1b37
SHA256

ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a
SHA512

7c05c51f8f827e86f918c34fb4460f309090bf4f647d41d8a98594dbd2316e37a7f15e7020278b9f8d73b8e3df0436f880e6026bad0f209edf1c320adb3ecc21
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIQuQu5eq7D:oemTLkNdfE0pZrQE

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/2880-0-0x00007FF6F8FF0000-0x00007FF6F9344000-memory.dmp	xmrig
behavioral2/files/0x0009000000023420-5.dat	xmrig
behavioral2/files/0x000700000002348e-72.dat	xmrig
behavioral2/files/0x0007000000023492-93.dat	xmrig
behavioral2/files/0x0007000000023498-118.dat	xmrig
behavioral2/files/0x00070000000234a5-182.dat	xmrig
behavioral2/memory/1792-207-0x00007FF7791A0000-0x00007FF7794F4000-memory.dmp	xmrig
behavioral2/memory/3516-220-0x00007FF69A5B0000-0x00007FF69A904000-memory.dmp	xmrig
behavioral2/memory/2028-237-0x00007FF6439A0000-0x00007FF643CF4000-memory.dmp	xmrig
behavioral2/memory/4180-245-0x00007FF6FDA80000-0x00007FF6FDDD4000-memory.dmp	xmrig
behavioral2/memory/1228-247-0x00007FF768770000-0x00007FF768AC4000-memory.dmp	xmrig
behavioral2/memory/4476-246-0x00007FF6DD8C0000-0x00007FF6DDC14000-memory.dmp	xmrig
behavioral2/memory/2760-244-0x00007FF6586A0000-0x00007FF6589F4000-memory.dmp	xmrig
behavioral2/memory/3020-243-0x00007FF69F4F0000-0x00007FF69F844000-memory.dmp	xmrig
behavioral2/memory/1172-242-0x00007FF619BC0000-0x00007FF619F14000-memory.dmp	xmrig
behavioral2/memory/664-241-0x00007FF6625E0000-0x00007FF662934000-memory.dmp	xmrig
behavioral2/memory/3700-240-0x00007FF7DFAC0000-0x00007FF7DFE14000-memory.dmp	xmrig
behavioral2/memory/820-239-0x00007FF7A4860000-0x00007FF7A4BB4000-memory.dmp	xmrig
behavioral2/memory/4960-238-0x00007FF7B34F0000-0x00007FF7B3844000-memory.dmp	xmrig
behavioral2/memory/2732-236-0x00007FF73E2E0000-0x00007FF73E634000-memory.dmp	xmrig
behavioral2/memory/400-235-0x00007FF75C970000-0x00007FF75CCC4000-memory.dmp	xmrig
behavioral2/memory/2220-234-0x00007FF63DBD0000-0x00007FF63DF24000-memory.dmp	xmrig
behavioral2/memory/2740-233-0x00007FF6974A0000-0x00007FF6977F4000-memory.dmp	xmrig
behavioral2/memory/2320-232-0x00007FF608AA0000-0x00007FF608DF4000-memory.dmp	xmrig
behavioral2/memory/3180-219-0x00007FF75D650000-0x00007FF75D9A4000-memory.dmp	xmrig
behavioral2/memory/2512-213-0x00007FF6AF2A0000-0x00007FF6AF5F4000-memory.dmp	xmrig
behavioral2/files/0x00070000000234a4-177.dat	xmrig
behavioral2/files/0x00070000000234a3-174.dat	xmrig
behavioral2/files/0x00070000000234a0-171.dat	xmrig
behavioral2/files/0x00070000000234a2-168.dat	xmrig
behavioral2/files/0x00070000000234a1-165.dat	xmrig
behavioral2/files/0x000700000002349f-155.dat	xmrig
behavioral2/files/0x000700000002349e-153.dat	xmrig
behavioral2/files/0x000700000002349d-145.dat	xmrig
behavioral2/files/0x000700000002349c-143.dat	xmrig
behavioral2/files/0x000700000002349b-141.dat	xmrig
behavioral2/files/0x000700000002349a-139.dat	xmrig
behavioral2/files/0x0007000000023499-137.dat	xmrig
behavioral2/files/0x0007000000023497-133.dat	xmrig
behavioral2/files/0x0007000000023493-127.dat	xmrig
behavioral2/files/0x0007000000023496-125.dat	xmrig
behavioral2/files/0x000700000002348b-122.dat	xmrig
behavioral2/memory/2332-114-0x00007FF740BD0000-0x00007FF740F24000-memory.dmp	xmrig
behavioral2/files/0x0007000000023495-111.dat	xmrig
behavioral2/files/0x0007000000023494-107.dat	xmrig
behavioral2/files/0x000700000002348c-103.dat	xmrig
behavioral2/files/0x000700000002348d-101.dat	xmrig
behavioral2/files/0x0007000000023491-91.dat	xmrig
behavioral2/files/0x0007000000023489-89.dat	xmrig
behavioral2/files/0x0007000000023490-87.dat	xmrig
behavioral2/memory/4528-85-0x00007FF6BEBA0000-0x00007FF6BEEF4000-memory.dmp	xmrig
behavioral2/files/0x000700000002348a-82.dat	xmrig
behavioral2/memory/404-77-0x00007FF673640000-0x00007FF673994000-memory.dmp	xmrig
behavioral2/memory/4208-66-0x00007FF64E220000-0x00007FF64E574000-memory.dmp	xmrig
behavioral2/files/0x000700000002348f-62.dat	xmrig
behavioral2/memory/3500-58-0x00007FF631290000-0x00007FF6315E4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023487-46.dat	xmrig
behavioral2/files/0x0007000000023485-45.dat	xmrig
behavioral2/memory/4940-42-0x00007FF7AE890000-0x00007FF7AEBE4000-memory.dmp	xmrig
behavioral2/memory/1352-37-0x00007FF6CBC70000-0x00007FF6CBFC4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023486-32.dat	xmrig
behavioral2/files/0x0007000000023488-31.dat	xmrig
behavioral2/files/0x0007000000023484-24.dat	xmrig
behavioral2/memory/4640-20-0x00007FF62E060000-0x00007FF62E3B4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1836	QtQtMsI.exe
4640	YdEXdPd.exe
1352	ogJkFUi.exe
3500	qJYfbGs.exe
4208	fgYGUZJ.exe
4940	vvoNMpQ.exe
1172	wevVuGx.exe
404	RAOmDUk.exe
3020	KKWnKSc.exe
2760	mULCwwA.exe
4528	pkiLnRc.exe
2332	TaLSqYf.exe
1792	wAUbtSU.exe
2512	vEkJtBW.exe
3180	upmdGBz.exe
3516	SCxcKBF.exe
2320	hAvRZgy.exe
2740	DdpBSkw.exe
4180	YNWfIEf.exe
4476	qVaxqwT.exe
2220	qJkUuaX.exe
1228	wcAbXGA.exe
400	TDOIsRv.exe
2732	QkyNuUJ.exe
2028	XdtKkwp.exe
4960	KMqsGSS.exe
820	OCaabMP.exe
3700	ERaFZUr.exe
664	OddEVny.exe
4108	TRVogKL.exe
2228	PjAqEfS.exe
3596	kxyUeET.exe
2936	bjJQnen.exe
1972	xMgOfNQ.exe
2924	AsMkNDA.exe
636	oUydWHc.exe
3328	MJKzNWG.exe
3632	SUeQvOp.exe
2416	NqqukVC.exe
3228	xMFEDRY.exe
3016	Fnnaybs.exe
2056	rzbQTTO.exe
2912	OTPzryv.exe
2452	Hqtvkhb.exe
4184	uIwNlAh.exe
4228	eYLsjFu.exe
3216	ptlVIOj.exe
1712	MjWDFgr.exe
1516	bDkLdYB.exe
4036	bPdCgGf.exe
4880	voTbVMq.exe
4576	VyRPAYF.exe
4344	xAYkgTf.exe
3348	iiFNFiV.exe
556	qgUZacD.exe
1176	vOZhmhy.exe
4828	uuDmenI.exe
2920	TYCCNBW.exe
4636	kyNBOTB.exe
3576	AGGqWEL.exe
3100	YmPgYkv.exe
3436	aLpxMkB.exe
2544	yIYLiCD.exe
5024	qBAtFtg.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2880-0-0x00007FF6F8FF0000-0x00007FF6F9344000-memory.dmp	upx
behavioral2/files/0x0009000000023420-5.dat	upx
behavioral2/files/0x000700000002348e-72.dat	upx
behavioral2/files/0x0007000000023492-93.dat	upx
behavioral2/files/0x0007000000023498-118.dat	upx
behavioral2/files/0x00070000000234a5-182.dat	upx
behavioral2/memory/1792-207-0x00007FF7791A0000-0x00007FF7794F4000-memory.dmp	upx
behavioral2/memory/3516-220-0x00007FF69A5B0000-0x00007FF69A904000-memory.dmp	upx
behavioral2/memory/2028-237-0x00007FF6439A0000-0x00007FF643CF4000-memory.dmp	upx
behavioral2/memory/4180-245-0x00007FF6FDA80000-0x00007FF6FDDD4000-memory.dmp	upx
behavioral2/memory/1228-247-0x00007FF768770000-0x00007FF768AC4000-memory.dmp	upx
behavioral2/memory/4476-246-0x00007FF6DD8C0000-0x00007FF6DDC14000-memory.dmp	upx
behavioral2/memory/2760-244-0x00007FF6586A0000-0x00007FF6589F4000-memory.dmp	upx
behavioral2/memory/3020-243-0x00007FF69F4F0000-0x00007FF69F844000-memory.dmp	upx
behavioral2/memory/1172-242-0x00007FF619BC0000-0x00007FF619F14000-memory.dmp	upx
behavioral2/memory/664-241-0x00007FF6625E0000-0x00007FF662934000-memory.dmp	upx
behavioral2/memory/3700-240-0x00007FF7DFAC0000-0x00007FF7DFE14000-memory.dmp	upx
behavioral2/memory/820-239-0x00007FF7A4860000-0x00007FF7A4BB4000-memory.dmp	upx
behavioral2/memory/4960-238-0x00007FF7B34F0000-0x00007FF7B3844000-memory.dmp	upx
behavioral2/memory/2732-236-0x00007FF73E2E0000-0x00007FF73E634000-memory.dmp	upx
behavioral2/memory/400-235-0x00007FF75C970000-0x00007FF75CCC4000-memory.dmp	upx
behavioral2/memory/2220-234-0x00007FF63DBD0000-0x00007FF63DF24000-memory.dmp	upx
behavioral2/memory/2740-233-0x00007FF6974A0000-0x00007FF6977F4000-memory.dmp	upx
behavioral2/memory/2320-232-0x00007FF608AA0000-0x00007FF608DF4000-memory.dmp	upx
behavioral2/memory/3180-219-0x00007FF75D650000-0x00007FF75D9A4000-memory.dmp	upx
behavioral2/memory/2512-213-0x00007FF6AF2A0000-0x00007FF6AF5F4000-memory.dmp	upx
behavioral2/files/0x00070000000234a4-177.dat	upx
behavioral2/files/0x00070000000234a3-174.dat	upx
behavioral2/files/0x00070000000234a0-171.dat	upx
behavioral2/files/0x00070000000234a2-168.dat	upx
behavioral2/files/0x00070000000234a1-165.dat	upx
behavioral2/files/0x000700000002349f-155.dat	upx
behavioral2/files/0x000700000002349e-153.dat	upx
behavioral2/files/0x000700000002349d-145.dat	upx
behavioral2/files/0x000700000002349c-143.dat	upx
behavioral2/files/0x000700000002349b-141.dat	upx
behavioral2/files/0x000700000002349a-139.dat	upx
behavioral2/files/0x0007000000023499-137.dat	upx
behavioral2/files/0x0007000000023497-133.dat	upx
behavioral2/files/0x0007000000023493-127.dat	upx
behavioral2/files/0x0007000000023496-125.dat	upx
behavioral2/files/0x000700000002348b-122.dat	upx
behavioral2/memory/2332-114-0x00007FF740BD0000-0x00007FF740F24000-memory.dmp	upx
behavioral2/files/0x0007000000023495-111.dat	upx
behavioral2/files/0x0007000000023494-107.dat	upx
behavioral2/files/0x000700000002348c-103.dat	upx
behavioral2/files/0x000700000002348d-101.dat	upx
behavioral2/files/0x0007000000023491-91.dat	upx
behavioral2/files/0x0007000000023489-89.dat	upx
behavioral2/files/0x0007000000023490-87.dat	upx
behavioral2/memory/4528-85-0x00007FF6BEBA0000-0x00007FF6BEEF4000-memory.dmp	upx
behavioral2/files/0x000700000002348a-82.dat	upx
behavioral2/memory/404-77-0x00007FF673640000-0x00007FF673994000-memory.dmp	upx
behavioral2/memory/4208-66-0x00007FF64E220000-0x00007FF64E574000-memory.dmp	upx
behavioral2/files/0x000700000002348f-62.dat	upx
behavioral2/memory/3500-58-0x00007FF631290000-0x00007FF6315E4000-memory.dmp	upx
behavioral2/files/0x0007000000023487-46.dat	upx
behavioral2/files/0x0007000000023485-45.dat	upx
behavioral2/memory/4940-42-0x00007FF7AE890000-0x00007FF7AEBE4000-memory.dmp	upx
behavioral2/memory/1352-37-0x00007FF6CBC70000-0x00007FF6CBFC4000-memory.dmp	upx
behavioral2/files/0x0007000000023486-32.dat	upx
behavioral2/files/0x0007000000023488-31.dat	upx
behavioral2/files/0x0007000000023484-24.dat	upx
behavioral2/memory/4640-20-0x00007FF62E060000-0x00007FF62E3B4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\buJAdLY.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\iUGhtiJ.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\IArzWbB.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\VIFKecq.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\Fbixubn.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\tsIfdJF.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\puuHwXJ.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\yyEjlSy.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\ulLfmHU.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\OYBnadT.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\crAxWvg.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\vtkOWqU.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\OlOQdez.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\TbHCRQh.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\vVugdrx.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\OkHOBSY.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\auNntNv.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\MvcdecX.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\iQisMRT.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\hEsiNls.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\VZCDAjY.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\osceRVO.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\qJkUuaX.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\iiFNFiV.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\BeBHDiQ.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\wlGgtPt.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\ciwjEqy.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\BsIHhkF.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\nGGMMpN.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\vvoNMpQ.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\sWIZUXK.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\FvTTpSb.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\zOLijoK.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\KVzwlZl.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\VjOMMil.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\TYCCNBW.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\yKwovJs.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\OHGFUQu.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\RGGvote.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\pIwUtdu.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\WEFcIGP.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\qiuygvX.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\BidpYmM.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\uyXnhoP.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\ZkSVQZP.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\ZrFCGrA.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\EENSgxZ.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\LpVBkkG.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\uznFDDB.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\BLTeJiz.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\fcbMfcG.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\SCxcKBF.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\zNdbGsc.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\GraQLXc.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\uWEzLuo.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\PPGFSqx.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\sPNNBuP.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\VkwLENI.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\QrCLJEF.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\IzeZNJq.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\EEQmzOV.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\SNoLpJY.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\JfvWcHm.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
File created	C:\Windows\System\twqKvCJ.exe	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2880 wrote to memory of 1836	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	83
PID 2880 wrote to memory of 1836	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	83
PID 2880 wrote to memory of 4640	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	84
PID 2880 wrote to memory of 4640	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	84
PID 2880 wrote to memory of 1352	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	85
PID 2880 wrote to memory of 1352	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	85
PID 2880 wrote to memory of 3500	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	86
PID 2880 wrote to memory of 3500	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	86
PID 2880 wrote to memory of 4208	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	87
PID 2880 wrote to memory of 4208	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	87
PID 2880 wrote to memory of 4940	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	88
PID 2880 wrote to memory of 4940	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	88
PID 2880 wrote to memory of 1172	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	89
PID 2880 wrote to memory of 1172	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	89
PID 2880 wrote to memory of 404	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	90
PID 2880 wrote to memory of 404	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	90
PID 2880 wrote to memory of 3516	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	91
PID 2880 wrote to memory of 3516	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	91
PID 2880 wrote to memory of 1792	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	92
PID 2880 wrote to memory of 1792	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	92
PID 2880 wrote to memory of 2512	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	93
PID 2880 wrote to memory of 2512	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	93
PID 2880 wrote to memory of 3180	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	94
PID 2880 wrote to memory of 3180	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	94
PID 2880 wrote to memory of 3020	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	95
PID 2880 wrote to memory of 3020	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	95
PID 2880 wrote to memory of 2760	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	96
PID 2880 wrote to memory of 2760	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	96
PID 2880 wrote to memory of 4528	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	97
PID 2880 wrote to memory of 4528	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	97
PID 2880 wrote to memory of 2332	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	98
PID 2880 wrote to memory of 2332	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	98
PID 2880 wrote to memory of 2320	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	99
PID 2880 wrote to memory of 2320	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	99
PID 2880 wrote to memory of 2740	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	100
PID 2880 wrote to memory of 2740	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	100
PID 2880 wrote to memory of 4180	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	101
PID 2880 wrote to memory of 4180	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	101
PID 2880 wrote to memory of 4476	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	102
PID 2880 wrote to memory of 4476	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	102
PID 2880 wrote to memory of 2220	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	103
PID 2880 wrote to memory of 2220	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	103
PID 2880 wrote to memory of 1228	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	104
PID 2880 wrote to memory of 1228	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	104
PID 2880 wrote to memory of 400	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	105
PID 2880 wrote to memory of 400	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	105
PID 2880 wrote to memory of 2732	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	106
PID 2880 wrote to memory of 2732	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	106
PID 2880 wrote to memory of 2028	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	107
PID 2880 wrote to memory of 2028	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	107
PID 2880 wrote to memory of 4960	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	108
PID 2880 wrote to memory of 4960	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	108
PID 2880 wrote to memory of 820	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	109
PID 2880 wrote to memory of 820	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	109
PID 2880 wrote to memory of 3700	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	110
PID 2880 wrote to memory of 3700	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	110
PID 2880 wrote to memory of 664	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	111
PID 2880 wrote to memory of 664	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	111
PID 2880 wrote to memory of 3596	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	112
PID 2880 wrote to memory of 3596	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	112
PID 2880 wrote to memory of 4108	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	113
PID 2880 wrote to memory of 4108	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	113
PID 2880 wrote to memory of 2228	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	114
PID 2880 wrote to memory of 2228	2880	ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe	114

C:\Users\Admin\AppData\Local\Temp\ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe
"C:\Users\Admin\AppData\Local\Temp\ff5ba18b23a852a7e3ede2c3a51fbdf732e18fe7aba9eca9dea8a7ed84709c0a.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2880
- C:\Windows\System\QtQtMsI.exe
  C:\Windows\System\QtQtMsI.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\YdEXdPd.exe
  C:\Windows\System\YdEXdPd.exe
  2⤵
  - Executes dropped EXE
  PID:4640
- C:\Windows\System\ogJkFUi.exe
  C:\Windows\System\ogJkFUi.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\qJYfbGs.exe
  C:\Windows\System\qJYfbGs.exe
  2⤵
  - Executes dropped EXE
  PID:3500
- C:\Windows\System\fgYGUZJ.exe
  C:\Windows\System\fgYGUZJ.exe
  2⤵
  - Executes dropped EXE
  PID:4208
- C:\Windows\System\vvoNMpQ.exe
  C:\Windows\System\vvoNMpQ.exe
  2⤵
  - Executes dropped EXE
  PID:4940
- C:\Windows\System\wevVuGx.exe
  C:\Windows\System\wevVuGx.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\RAOmDUk.exe
  C:\Windows\System\RAOmDUk.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\SCxcKBF.exe
  C:\Windows\System\SCxcKBF.exe
  2⤵
  - Executes dropped EXE
  PID:3516
- C:\Windows\System\wAUbtSU.exe
  C:\Windows\System\wAUbtSU.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\vEkJtBW.exe
  C:\Windows\System\vEkJtBW.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\upmdGBz.exe
  C:\Windows\System\upmdGBz.exe
  2⤵
  - Executes dropped EXE
  PID:3180
- C:\Windows\System\KKWnKSc.exe
  C:\Windows\System\KKWnKSc.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\mULCwwA.exe
  C:\Windows\System\mULCwwA.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\pkiLnRc.exe
  C:\Windows\System\pkiLnRc.exe
  2⤵
  - Executes dropped EXE
  PID:4528
- C:\Windows\System\TaLSqYf.exe
  C:\Windows\System\TaLSqYf.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\hAvRZgy.exe
  C:\Windows\System\hAvRZgy.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\DdpBSkw.exe
  C:\Windows\System\DdpBSkw.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\YNWfIEf.exe
  C:\Windows\System\YNWfIEf.exe
  2⤵
  - Executes dropped EXE
  PID:4180
- C:\Windows\System\qVaxqwT.exe
  C:\Windows\System\qVaxqwT.exe
  2⤵
  - Executes dropped EXE
  PID:4476
- C:\Windows\System\qJkUuaX.exe
  C:\Windows\System\qJkUuaX.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\wcAbXGA.exe
  C:\Windows\System\wcAbXGA.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\TDOIsRv.exe
  C:\Windows\System\TDOIsRv.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\QkyNuUJ.exe
  C:\Windows\System\QkyNuUJ.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\XdtKkwp.exe
  C:\Windows\System\XdtKkwp.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\KMqsGSS.exe
  C:\Windows\System\KMqsGSS.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\OCaabMP.exe
  C:\Windows\System\OCaabMP.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\ERaFZUr.exe
  C:\Windows\System\ERaFZUr.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System\OddEVny.exe
  C:\Windows\System\OddEVny.exe
  2⤵
  - Executes dropped EXE
  PID:664
- C:\Windows\System\kxyUeET.exe
  C:\Windows\System\kxyUeET.exe
  2⤵
  - Executes dropped EXE
  PID:3596
- C:\Windows\System\TRVogKL.exe
  C:\Windows\System\TRVogKL.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System\PjAqEfS.exe
  C:\Windows\System\PjAqEfS.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\bjJQnen.exe
  C:\Windows\System\bjJQnen.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\xMgOfNQ.exe
  C:\Windows\System\xMgOfNQ.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\AsMkNDA.exe
  C:\Windows\System\AsMkNDA.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\oUydWHc.exe
  C:\Windows\System\oUydWHc.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\MJKzNWG.exe
  C:\Windows\System\MJKzNWG.exe
  2⤵
  - Executes dropped EXE
  PID:3328
- C:\Windows\System\SUeQvOp.exe
  C:\Windows\System\SUeQvOp.exe
  2⤵
  - Executes dropped EXE
  PID:3632
- C:\Windows\System\NqqukVC.exe
  C:\Windows\System\NqqukVC.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\xMFEDRY.exe
  C:\Windows\System\xMFEDRY.exe
  2⤵
  - Executes dropped EXE
  PID:3228
- C:\Windows\System\Fnnaybs.exe
  C:\Windows\System\Fnnaybs.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\rzbQTTO.exe
  C:\Windows\System\rzbQTTO.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\OTPzryv.exe
  C:\Windows\System\OTPzryv.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\Hqtvkhb.exe
  C:\Windows\System\Hqtvkhb.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\uIwNlAh.exe
  C:\Windows\System\uIwNlAh.exe
  2⤵
  - Executes dropped EXE
  PID:4184
- C:\Windows\System\eYLsjFu.exe
  C:\Windows\System\eYLsjFu.exe
  2⤵
  - Executes dropped EXE
  PID:4228
- C:\Windows\System\ptlVIOj.exe
  C:\Windows\System\ptlVIOj.exe
  2⤵
  - Executes dropped EXE
  PID:3216
- C:\Windows\System\MjWDFgr.exe
  C:\Windows\System\MjWDFgr.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\bDkLdYB.exe
  C:\Windows\System\bDkLdYB.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\bPdCgGf.exe
  C:\Windows\System\bPdCgGf.exe
  2⤵
  - Executes dropped EXE
  PID:4036
- C:\Windows\System\voTbVMq.exe
  C:\Windows\System\voTbVMq.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\VyRPAYF.exe
  C:\Windows\System\VyRPAYF.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\xAYkgTf.exe
  C:\Windows\System\xAYkgTf.exe
  2⤵
  - Executes dropped EXE
  PID:4344
- C:\Windows\System\iiFNFiV.exe
  C:\Windows\System\iiFNFiV.exe
  2⤵
  - Executes dropped EXE
  PID:3348
- C:\Windows\System\qgUZacD.exe
  C:\Windows\System\qgUZacD.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\vOZhmhy.exe
  C:\Windows\System\vOZhmhy.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\uuDmenI.exe
  C:\Windows\System\uuDmenI.exe
  2⤵
  - Executes dropped EXE
  PID:4828
- C:\Windows\System\TYCCNBW.exe
  C:\Windows\System\TYCCNBW.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\kyNBOTB.exe
  C:\Windows\System\kyNBOTB.exe
  2⤵
  - Executes dropped EXE
  PID:4636
- C:\Windows\System\AGGqWEL.exe
  C:\Windows\System\AGGqWEL.exe
  2⤵
  - Executes dropped EXE
  PID:3576
- C:\Windows\System\YmPgYkv.exe
  C:\Windows\System\YmPgYkv.exe
  2⤵
  - Executes dropped EXE
  PID:3100
- C:\Windows\System\aLpxMkB.exe
  C:\Windows\System\aLpxMkB.exe
  2⤵
  - Executes dropped EXE
  PID:3436
- C:\Windows\System\yIYLiCD.exe
  C:\Windows\System\yIYLiCD.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\qBAtFtg.exe
  C:\Windows\System\qBAtFtg.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\System\aUPPOaf.exe
  C:\Windows\System\aUPPOaf.exe
  2⤵
  PID:448
- C:\Windows\System\zNdbGsc.exe
  C:\Windows\System\zNdbGsc.exe
  2⤵
  PID:2312
- C:\Windows\System\dGOXqnH.exe
  C:\Windows\System\dGOXqnH.exe
  2⤵
  PID:464
- C:\Windows\System\urlraSr.exe
  C:\Windows\System\urlraSr.exe
  2⤵
  PID:1132
- C:\Windows\System\AjGNlzF.exe
  C:\Windows\System\AjGNlzF.exe
  2⤵
  PID:2536
- C:\Windows\System\MBQiYFk.exe
  C:\Windows\System\MBQiYFk.exe
  2⤵
  PID:3988
- C:\Windows\System\qAuGNOV.exe
  C:\Windows\System\qAuGNOV.exe
  2⤵
  PID:4748
- C:\Windows\System\kIfiHdg.exe
  C:\Windows\System\kIfiHdg.exe
  2⤵
  PID:5036
- C:\Windows\System\tIAdPwR.exe
  C:\Windows\System\tIAdPwR.exe
  2⤵
  PID:3308
- C:\Windows\System\gWOTgOQ.exe
  C:\Windows\System\gWOTgOQ.exe
  2⤵
  PID:2152
- C:\Windows\System\ZrCjSWp.exe
  C:\Windows\System\ZrCjSWp.exe
  2⤵
  PID:844
- C:\Windows\System\CGZUKqr.exe
  C:\Windows\System\CGZUKqr.exe
  2⤵
  PID:4132
- C:\Windows\System\WAUoVWF.exe
  C:\Windows\System\WAUoVWF.exe
  2⤵
  PID:4992
- C:\Windows\System\zNKerdn.exe
  C:\Windows\System\zNKerdn.exe
  2⤵
  PID:4244
- C:\Windows\System\mBPKffe.exe
  C:\Windows\System\mBPKffe.exe
  2⤵
  PID:2208
- C:\Windows\System\iaTGzNX.exe
  C:\Windows\System\iaTGzNX.exe
  2⤵
  PID:4068
- C:\Windows\System\AXUvUlE.exe
  C:\Windows\System\AXUvUlE.exe
  2⤵
  PID:2252
- C:\Windows\System\hAVkVLe.exe
  C:\Windows\System\hAVkVLe.exe
  2⤵
  PID:4308
- C:\Windows\System\IArzWbB.exe
  C:\Windows\System\IArzWbB.exe
  2⤵
  PID:3508
- C:\Windows\System\ONMftdT.exe
  C:\Windows\System\ONMftdT.exe
  2⤵
  PID:3776
- C:\Windows\System\LWTiUpG.exe
  C:\Windows\System\LWTiUpG.exe
  2⤵
  PID:1628
- C:\Windows\System\Fuaxtin.exe
  C:\Windows\System\Fuaxtin.exe
  2⤵
  PID:2264
- C:\Windows\System\jXEnaVz.exe
  C:\Windows\System\jXEnaVz.exe
  2⤵
  PID:4428
- C:\Windows\System\OPhHMWl.exe
  C:\Windows\System\OPhHMWl.exe
  2⤵
  PID:1736
- C:\Windows\System\YmapsXk.exe
  C:\Windows\System\YmapsXk.exe
  2⤵
  PID:5032
- C:\Windows\System\MJPAgQy.exe
  C:\Windows\System\MJPAgQy.exe
  2⤵
  PID:4284
- C:\Windows\System\jBUQorC.exe
  C:\Windows\System\jBUQorC.exe
  2⤵
  PID:1464
- C:\Windows\System\iAEWssL.exe
  C:\Windows\System\iAEWssL.exe
  2⤵
  PID:3620
- C:\Windows\System\pXOwHsu.exe
  C:\Windows\System\pXOwHsu.exe
  2⤵
  PID:5136
- C:\Windows\System\LcIVHZX.exe
  C:\Windows\System\LcIVHZX.exe
  2⤵
  PID:5152
- C:\Windows\System\tOoBeoQ.exe
  C:\Windows\System\tOoBeoQ.exe
  2⤵
  PID:5168
- C:\Windows\System\ihJVOIM.exe
  C:\Windows\System\ihJVOIM.exe
  2⤵
  PID:5184
- C:\Windows\System\VFGlSpW.exe
  C:\Windows\System\VFGlSpW.exe
  2⤵
  PID:5200
- C:\Windows\System\ekFCWrD.exe
  C:\Windows\System\ekFCWrD.exe
  2⤵
  PID:5216
- C:\Windows\System\KKxsdoV.exe
  C:\Windows\System\KKxsdoV.exe
  2⤵
  PID:5432
- C:\Windows\System\hNqQCDz.exe
  C:\Windows\System\hNqQCDz.exe
  2⤵
  PID:5448
- C:\Windows\System\neShePR.exe
  C:\Windows\System\neShePR.exe
  2⤵
  PID:5464
- C:\Windows\System\CFgsAyi.exe
  C:\Windows\System\CFgsAyi.exe
  2⤵
  PID:5480
- C:\Windows\System\FdyBabU.exe
  C:\Windows\System\FdyBabU.exe
  2⤵
  PID:5496
- C:\Windows\System\qxQEpLt.exe
  C:\Windows\System\qxQEpLt.exe
  2⤵
  PID:5512
- C:\Windows\System\enihzNl.exe
  C:\Windows\System\enihzNl.exe
  2⤵
  PID:5528
- C:\Windows\System\CDTKSeY.exe
  C:\Windows\System\CDTKSeY.exe
  2⤵
  PID:5544
- C:\Windows\System\XkfMFys.exe
  C:\Windows\System\XkfMFys.exe
  2⤵
  PID:5608
- C:\Windows\System\skJQvDF.exe
  C:\Windows\System\skJQvDF.exe
  2⤵
  PID:5696
- C:\Windows\System\gzeqCQj.exe
  C:\Windows\System\gzeqCQj.exe
  2⤵
  PID:5712
- C:\Windows\System\NaHtYjA.exe
  C:\Windows\System\NaHtYjA.exe
  2⤵
  PID:5728
- C:\Windows\System\iNAEhFd.exe
  C:\Windows\System\iNAEhFd.exe
  2⤵
  PID:5744
- C:\Windows\System\mcjFHTv.exe
  C:\Windows\System\mcjFHTv.exe
  2⤵
  PID:5760
- C:\Windows\System\uJPlKKj.exe
  C:\Windows\System\uJPlKKj.exe
  2⤵
  PID:5836
- C:\Windows\System\qOpGiGe.exe
  C:\Windows\System\qOpGiGe.exe
  2⤵
  PID:5852
- C:\Windows\System\JvUIpcx.exe
  C:\Windows\System\JvUIpcx.exe
  2⤵
  PID:5868
- C:\Windows\System\dNalURY.exe
  C:\Windows\System\dNalURY.exe
  2⤵
  PID:5896
- C:\Windows\System\SHGsWds.exe
  C:\Windows\System\SHGsWds.exe
  2⤵
  PID:5928
- C:\Windows\System\EsSWLZV.exe
  C:\Windows\System\EsSWLZV.exe
  2⤵
  PID:5956
- C:\Windows\System\RuKqzFt.exe
  C:\Windows\System\RuKqzFt.exe
  2⤵
  PID:5976
- C:\Windows\System\hyQkiAm.exe
  C:\Windows\System\hyQkiAm.exe
  2⤵
  PID:6008
- C:\Windows\System\SgenGdp.exe
  C:\Windows\System\SgenGdp.exe
  2⤵
  PID:6040
- C:\Windows\System\MXVkjCE.exe
  C:\Windows\System\MXVkjCE.exe
  2⤵
  PID:6064
- C:\Windows\System\kjBOXmH.exe
  C:\Windows\System\kjBOXmH.exe
  2⤵
  PID:6080
- C:\Windows\System\EGJArnN.exe
  C:\Windows\System\EGJArnN.exe
  2⤵
  PID:6112
- C:\Windows\System\cHptgKU.exe
  C:\Windows\System\cHptgKU.exe
  2⤵
  PID:6140
- C:\Windows\System\jDbchbW.exe
  C:\Windows\System\jDbchbW.exe
  2⤵
  PID:940
- C:\Windows\System\VoyWyoQ.exe
  C:\Windows\System\VoyWyoQ.exe
  2⤵
  PID:2424
- C:\Windows\System\ttgucxe.exe
  C:\Windows\System\ttgucxe.exe
  2⤵
  PID:3920
- C:\Windows\System\lVzvrJO.exe
  C:\Windows\System\lVzvrJO.exe
  2⤵
  PID:1940
- C:\Windows\System\iOGYTnB.exe
  C:\Windows\System\iOGYTnB.exe
  2⤵
  PID:4836
- C:\Windows\System\kISzhJq.exe
  C:\Windows\System\kISzhJq.exe
  2⤵
  PID:5128
- C:\Windows\System\oOgBrCx.exe
  C:\Windows\System\oOgBrCx.exe
  2⤵
  PID:5196
- C:\Windows\System\jWzqWjS.exe
  C:\Windows\System\jWzqWjS.exe
  2⤵
  PID:5288
- C:\Windows\System\dNJaSit.exe
  C:\Windows\System\dNJaSit.exe
  2⤵
  PID:5328
- C:\Windows\System\EZinHFw.exe
  C:\Windows\System\EZinHFw.exe
  2⤵
  PID:2640
- C:\Windows\System\DVmurja.exe
  C:\Windows\System\DVmurja.exe
  2⤵
  PID:5476
- C:\Windows\System\FpkCTUg.exe
  C:\Windows\System\FpkCTUg.exe
  2⤵
  PID:5488
- C:\Windows\System\GraQLXc.exe
  C:\Windows\System\GraQLXc.exe
  2⤵
  PID:2484
- C:\Windows\System\ZqIugBx.exe
  C:\Windows\System\ZqIugBx.exe
  2⤵
  PID:5564
- C:\Windows\System\KZJLEKj.exe
  C:\Windows\System\KZJLEKj.exe
  2⤵
  PID:3236
- C:\Windows\System\uPCrhLz.exe
  C:\Windows\System\uPCrhLz.exe
  2⤵
  PID:3752
- C:\Windows\System\ZkSVQZP.exe
  C:\Windows\System\ZkSVQZP.exe
  2⤵
  PID:2120
- C:\Windows\System\gTdMyCM.exe
  C:\Windows\System\gTdMyCM.exe
  2⤵
  PID:2140
- C:\Windows\System\vVugdrx.exe
  C:\Windows\System\vVugdrx.exe
  2⤵
  PID:5736
- C:\Windows\System\vJCNLbq.exe
  C:\Windows\System\vJCNLbq.exe
  2⤵
  PID:4728
- C:\Windows\System\looVlHW.exe
  C:\Windows\System\looVlHW.exe
  2⤵
  PID:2684
- C:\Windows\System\rncVcQZ.exe
  C:\Windows\System\rncVcQZ.exe
  2⤵
  PID:5792
- C:\Windows\System\erXpdhd.exe
  C:\Windows\System\erXpdhd.exe
  2⤵
  PID:4712
- C:\Windows\System\HLzNjiZ.exe
  C:\Windows\System\HLzNjiZ.exe
  2⤵
  PID:3952
- C:\Windows\System\IzeZNJq.exe
  C:\Windows\System\IzeZNJq.exe
  2⤵
  PID:1820
- C:\Windows\System\UtPhOxy.exe
  C:\Windows\System\UtPhOxy.exe
  2⤵
  PID:4152
- C:\Windows\System\KjsfCKi.exe
  C:\Windows\System\KjsfCKi.exe
  2⤵
  PID:5880
- C:\Windows\System\OciPfbn.exe
  C:\Windows\System\OciPfbn.exe
  2⤵
  PID:5944
- C:\Windows\System\IvsdCEg.exe
  C:\Windows\System\IvsdCEg.exe
  2⤵
  PID:5988
- C:\Windows\System\iEhHZZb.exe
  C:\Windows\System\iEhHZZb.exe
  2⤵
  PID:6024
- C:\Windows\System\cYojtdj.exe
  C:\Windows\System\cYojtdj.exe
  2⤵
  PID:4904
- C:\Windows\System\OkHOBSY.exe
  C:\Windows\System\OkHOBSY.exe
  2⤵
  PID:6100
- C:\Windows\System\nMPyWmS.exe
  C:\Windows\System\nMPyWmS.exe
  2⤵
  PID:6132
- C:\Windows\System\AdlwHuR.exe
  C:\Windows\System\AdlwHuR.exe
  2⤵
  PID:2248
- C:\Windows\System\EWXMlnc.exe
  C:\Windows\System\EWXMlnc.exe
  2⤵
  PID:3160
- C:\Windows\System\MhBNwHk.exe
  C:\Windows\System\MhBNwHk.exe
  2⤵
  PID:5192
- C:\Windows\System\eRdMmLl.exe
  C:\Windows\System\eRdMmLl.exe
  2⤵
  PID:5312
- C:\Windows\System\zsRIuaM.exe
  C:\Windows\System\zsRIuaM.exe
  2⤵
  PID:5460
- C:\Windows\System\vrQWhrw.exe
  C:\Windows\System\vrQWhrw.exe
  2⤵
  PID:4432
- C:\Windows\System\iTVAfLZ.exe
  C:\Windows\System\iTVAfLZ.exe
  2⤵
  PID:60
- C:\Windows\System\IssPkny.exe
  C:\Windows\System\IssPkny.exe
  2⤵
  PID:5624
- C:\Windows\System\CnqbvRB.exe
  C:\Windows\System\CnqbvRB.exe
  2⤵
  PID:3288
- C:\Windows\System\OBkNMCv.exe
  C:\Windows\System\OBkNMCv.exe
  2⤵
  PID:3076
- C:\Windows\System\lNnYSGe.exe
  C:\Windows\System\lNnYSGe.exe
  2⤵
  PID:3956
- C:\Windows\System\zLtRyis.exe
  C:\Windows\System\zLtRyis.exe
  2⤵
  PID:5828
- C:\Windows\System\TFCxvkn.exe
  C:\Windows\System\TFCxvkn.exe
  2⤵
  PID:6004
- C:\Windows\System\DIKkRKa.exe
  C:\Windows\System\DIKkRKa.exe
  2⤵
  PID:1528
- C:\Windows\System\waAlATq.exe
  C:\Windows\System\waAlATq.exe
  2⤵
  PID:720
- C:\Windows\System\lOcRZaJ.exe
  C:\Windows\System\lOcRZaJ.exe
  2⤵
  PID:1092
- C:\Windows\System\cXVOigi.exe
  C:\Windows\System\cXVOigi.exe
  2⤵
  PID:4864
- C:\Windows\System\DtwNdZL.exe
  C:\Windows\System\DtwNdZL.exe
  2⤵
  PID:5372
- C:\Windows\System\yaRiWDc.exe
  C:\Windows\System\yaRiWDc.exe
  2⤵
  PID:5560
- C:\Windows\System\vxMfALH.exe
  C:\Windows\System\vxMfALH.exe
  2⤵
  PID:5780
- C:\Windows\System\hGdquCx.exe
  C:\Windows\System\hGdquCx.exe
  2⤵
  PID:3252
- C:\Windows\System\GDwaaKb.exe
  C:\Windows\System\GDwaaKb.exe
  2⤵
  PID:6056
- C:\Windows\System\NGrhNtm.exe
  C:\Windows\System\NGrhNtm.exe
  2⤵
  PID:5180
- C:\Windows\System\CPlmpJb.exe
  C:\Windows\System\CPlmpJb.exe
  2⤵
  PID:396
- C:\Windows\System\sNfhDTy.exe
  C:\Windows\System\sNfhDTy.exe
  2⤵
  PID:6076
- C:\Windows\System\TyeUnxZ.exe
  C:\Windows\System\TyeUnxZ.exe
  2⤵
  PID:6152
- C:\Windows\System\mnKPUTC.exe
  C:\Windows\System\mnKPUTC.exe
  2⤵
  PID:6176
- C:\Windows\System\QnAsOpw.exe
  C:\Windows\System\QnAsOpw.exe
  2⤵
  PID:6216
- C:\Windows\System\WEFcIGP.exe
  C:\Windows\System\WEFcIGP.exe
  2⤵
  PID:6240
- C:\Windows\System\RTBaLGX.exe
  C:\Windows\System\RTBaLGX.exe
  2⤵
  PID:6272
- C:\Windows\System\udZHsOX.exe
  C:\Windows\System\udZHsOX.exe
  2⤵
  PID:6300
- C:\Windows\System\JkEWnRf.exe
  C:\Windows\System\JkEWnRf.exe
  2⤵
  PID:6340
- C:\Windows\System\gylJwOc.exe
  C:\Windows\System\gylJwOc.exe
  2⤵
  PID:6364
- C:\Windows\System\vkbQzsJ.exe
  C:\Windows\System\vkbQzsJ.exe
  2⤵
  PID:6384
- C:\Windows\System\okoHaMU.exe
  C:\Windows\System\okoHaMU.exe
  2⤵
  PID:6408
- C:\Windows\System\PGzTFsL.exe
  C:\Windows\System\PGzTFsL.exe
  2⤵
  PID:6436
- C:\Windows\System\KySMgsm.exe
  C:\Windows\System\KySMgsm.exe
  2⤵
  PID:6456
- C:\Windows\System\aMxjXCe.exe
  C:\Windows\System\aMxjXCe.exe
  2⤵
  PID:6496
- C:\Windows\System\hlMbkuh.exe
  C:\Windows\System\hlMbkuh.exe
  2⤵
  PID:6516
- C:\Windows\System\jbocHeM.exe
  C:\Windows\System\jbocHeM.exe
  2⤵
  PID:6548
- C:\Windows\System\UEsePZH.exe
  C:\Windows\System\UEsePZH.exe
  2⤵
  PID:6572
- C:\Windows\System\UWmoIEB.exe
  C:\Windows\System\UWmoIEB.exe
  2⤵
  PID:6596
- C:\Windows\System\VIFKecq.exe
  C:\Windows\System\VIFKecq.exe
  2⤵
  PID:6628
- C:\Windows\System\qVXeXbT.exe
  C:\Windows\System\qVXeXbT.exe
  2⤵
  PID:6660
- C:\Windows\System\ghWKCTb.exe
  C:\Windows\System\ghWKCTb.exe
  2⤵
  PID:6684
- C:\Windows\System\vGHsdDy.exe
  C:\Windows\System\vGHsdDy.exe
  2⤵
  PID:6716
- C:\Windows\System\TaUKlPX.exe
  C:\Windows\System\TaUKlPX.exe
  2⤵
  PID:6748
- C:\Windows\System\fNYrPSe.exe
  C:\Windows\System\fNYrPSe.exe
  2⤵
  PID:6780
- C:\Windows\System\bIkCsxJ.exe
  C:\Windows\System\bIkCsxJ.exe
  2⤵
  PID:6824
- C:\Windows\System\XtdGbEd.exe
  C:\Windows\System\XtdGbEd.exe
  2⤵
  PID:6848
- C:\Windows\System\wYCZXcv.exe
  C:\Windows\System\wYCZXcv.exe
  2⤵
  PID:6876
- C:\Windows\System\sLIyFKw.exe
  C:\Windows\System\sLIyFKw.exe
  2⤵
  PID:6904
- C:\Windows\System\VGNnDHa.exe
  C:\Windows\System\VGNnDHa.exe
  2⤵
  PID:6932
- C:\Windows\System\nHAptWI.exe
  C:\Windows\System\nHAptWI.exe
  2⤵
  PID:6960
- C:\Windows\System\pdaQipT.exe
  C:\Windows\System\pdaQipT.exe
  2⤵
  PID:6988
- C:\Windows\System\bVnFTZl.exe
  C:\Windows\System\bVnFTZl.exe
  2⤵
  PID:7020
- C:\Windows\System\JecexQR.exe
  C:\Windows\System\JecexQR.exe
  2⤵
  PID:7048
- C:\Windows\System\InGghwZ.exe
  C:\Windows\System\InGghwZ.exe
  2⤵
  PID:7072
- C:\Windows\System\ZdvNUXS.exe
  C:\Windows\System\ZdvNUXS.exe
  2⤵
  PID:7100
- C:\Windows\System\kkNbpqf.exe
  C:\Windows\System\kkNbpqf.exe
  2⤵
  PID:7120
- C:\Windows\System\Ufznutu.exe
  C:\Windows\System\Ufznutu.exe
  2⤵
  PID:7148
- C:\Windows\System\jvNqMRK.exe
  C:\Windows\System\jvNqMRK.exe
  2⤵
  PID:5832
- C:\Windows\System\ZacpnvP.exe
  C:\Windows\System\ZacpnvP.exe
  2⤵
  PID:6168
- C:\Windows\System\HnZqUiF.exe
  C:\Windows\System\HnZqUiF.exe
  2⤵
  PID:6288
- C:\Windows\System\gfrCqgJ.exe
  C:\Windows\System\gfrCqgJ.exe
  2⤵
  PID:6332
- C:\Windows\System\VkchJEW.exe
  C:\Windows\System\VkchJEW.exe
  2⤵
  PID:6352
- C:\Windows\System\sPNNBuP.exe
  C:\Windows\System\sPNNBuP.exe
  2⤵
  PID:6452
- C:\Windows\System\MBKbGdk.exe
  C:\Windows\System\MBKbGdk.exe
  2⤵
  PID:6536
- C:\Windows\System\OmESPjx.exe
  C:\Windows\System\OmESPjx.exe
  2⤵
  PID:6544
- C:\Windows\System\FcXYaPe.exe
  C:\Windows\System\FcXYaPe.exe
  2⤵
  PID:6640
- C:\Windows\System\fYYIGgP.exe
  C:\Windows\System\fYYIGgP.exe
  2⤵
  PID:6760
- C:\Windows\System\aNKyyLJ.exe
  C:\Windows\System\aNKyyLJ.exe
  2⤵
  PID:6776
- C:\Windows\System\YTlADLK.exe
  C:\Windows\System\YTlADLK.exe
  2⤵
  PID:6892
- C:\Windows\System\cmTfvoU.exe
  C:\Windows\System\cmTfvoU.exe
  2⤵
  PID:6888
- C:\Windows\System\LpVBkkG.exe
  C:\Windows\System\LpVBkkG.exe
  2⤵
  PID:6948
- C:\Windows\System\nOwRCBF.exe
  C:\Windows\System\nOwRCBF.exe
  2⤵
  PID:7004
- C:\Windows\System\maeUNFc.exe
  C:\Windows\System\maeUNFc.exe
  2⤵
  PID:7064
- C:\Windows\System\auNntNv.exe
  C:\Windows\System\auNntNv.exe
  2⤵
  PID:7160
- C:\Windows\System\HJJZjfz.exe
  C:\Windows\System\HJJZjfz.exe
  2⤵
  PID:6208
- C:\Windows\System\yUulPlS.exe
  C:\Windows\System\yUulPlS.exe
  2⤵
  PID:6508
- C:\Windows\System\TzXnJXz.exe
  C:\Windows\System\TzXnJXz.exe
  2⤵
  PID:6528
- C:\Windows\System\KTlurpV.exe
  C:\Windows\System\KTlurpV.exe
  2⤵
  PID:6676
- C:\Windows\System\XMPWcdK.exe
  C:\Windows\System\XMPWcdK.exe
  2⤵
  PID:6868
- C:\Windows\System\XFfySXN.exe
  C:\Windows\System\XFfySXN.exe
  2⤵
  PID:6972
- C:\Windows\System\QOtlwOg.exe
  C:\Windows\System\QOtlwOg.exe
  2⤵
  PID:6200
- C:\Windows\System\LWXCbfl.exe
  C:\Windows\System\LWXCbfl.exe
  2⤵
  PID:6400
- C:\Windows\System\DCrzhbT.exe
  C:\Windows\System\DCrzhbT.exe
  2⤵
  PID:6620
- C:\Windows\System\tlphBxa.exe
  C:\Windows\System\tlphBxa.exe
  2⤵
  PID:6744
- C:\Windows\System\rHpMJFL.exe
  C:\Windows\System\rHpMJFL.exe
  2⤵
  PID:6920
- C:\Windows\System\mtcOJYI.exe
  C:\Windows\System\mtcOJYI.exe
  2⤵
  PID:7204
- C:\Windows\System\DRgSRda.exe
  C:\Windows\System\DRgSRda.exe
  2⤵
  PID:7220
- C:\Windows\System\fzqYZru.exe
  C:\Windows\System\fzqYZru.exe
  2⤵
  PID:7248
- C:\Windows\System\vtkOWqU.exe
  C:\Windows\System\vtkOWqU.exe
  2⤵
  PID:7276
- C:\Windows\System\WbYnOsQ.exe
  C:\Windows\System\WbYnOsQ.exe
  2⤵
  PID:7312
- C:\Windows\System\nHWKlID.exe
  C:\Windows\System\nHWKlID.exe
  2⤵
  PID:7344
- C:\Windows\System\gYqsdUQ.exe
  C:\Windows\System\gYqsdUQ.exe
  2⤵
  PID:7372
- C:\Windows\System\cbOLdck.exe
  C:\Windows\System\cbOLdck.exe
  2⤵
  PID:7412
- C:\Windows\System\eoGnrwF.exe
  C:\Windows\System\eoGnrwF.exe
  2⤵
  PID:7432
- C:\Windows\System\kpoKoKz.exe
  C:\Windows\System\kpoKoKz.exe
  2⤵
  PID:7460
- C:\Windows\System\qiuygvX.exe
  C:\Windows\System\qiuygvX.exe
  2⤵
  PID:7492
- C:\Windows\System\vsxiTCv.exe
  C:\Windows\System\vsxiTCv.exe
  2⤵
  PID:7516
- C:\Windows\System\EYLEdaL.exe
  C:\Windows\System\EYLEdaL.exe
  2⤵
  PID:7544
- C:\Windows\System\FklqfOa.exe
  C:\Windows\System\FklqfOa.exe
  2⤵
  PID:7568
- C:\Windows\System\ZrFCGrA.exe
  C:\Windows\System\ZrFCGrA.exe
  2⤵
  PID:7600
- C:\Windows\System\rlnNORa.exe
  C:\Windows\System\rlnNORa.exe
  2⤵
  PID:7640
- C:\Windows\System\LyUGRfb.exe
  C:\Windows\System\LyUGRfb.exe
  2⤵
  PID:7660
- C:\Windows\System\GFcVMsR.exe
  C:\Windows\System\GFcVMsR.exe
  2⤵
  PID:7692
- C:\Windows\System\FzPJkoP.exe
  C:\Windows\System\FzPJkoP.exe
  2⤵
  PID:7712
- C:\Windows\System\WkPjJvf.exe
  C:\Windows\System\WkPjJvf.exe
  2⤵
  PID:7740
- C:\Windows\System\ARntlId.exe
  C:\Windows\System\ARntlId.exe
  2⤵
  PID:7756
- C:\Windows\System\INtrOIh.exe
  C:\Windows\System\INtrOIh.exe
  2⤵
  PID:7788
- C:\Windows\System\qYbYxHg.exe
  C:\Windows\System\qYbYxHg.exe
  2⤵
  PID:7812
- C:\Windows\System\CfKHtly.exe
  C:\Windows\System\CfKHtly.exe
  2⤵
  PID:7840
- C:\Windows\System\WIsiWHu.exe
  C:\Windows\System\WIsiWHu.exe
  2⤵
  PID:7864
- C:\Windows\System\VyghzWc.exe
  C:\Windows\System\VyghzWc.exe
  2⤵
  PID:7892
- C:\Windows\System\Fbixubn.exe
  C:\Windows\System\Fbixubn.exe
  2⤵
  PID:7916
- C:\Windows\System\qZdLLkF.exe
  C:\Windows\System\qZdLLkF.exe
  2⤵
  PID:7940
- C:\Windows\System\xGyxHwa.exe
  C:\Windows\System\xGyxHwa.exe
  2⤵
  PID:7972
- C:\Windows\System\yOEFame.exe
  C:\Windows\System\yOEFame.exe
  2⤵
  PID:7996
- C:\Windows\System\mOmzddX.exe
  C:\Windows\System\mOmzddX.exe
  2⤵
  PID:8024
- C:\Windows\System\jsDzisj.exe
  C:\Windows\System\jsDzisj.exe
  2⤵
  PID:8052
- C:\Windows\System\pGAGtdu.exe
  C:\Windows\System\pGAGtdu.exe
  2⤵
  PID:8092
- C:\Windows\System\YjlaQXM.exe
  C:\Windows\System\YjlaQXM.exe
  2⤵
  PID:8120
- C:\Windows\System\palvhnn.exe
  C:\Windows\System\palvhnn.exe
  2⤵
  PID:8144
- C:\Windows\System\sWIZUXK.exe
  C:\Windows\System\sWIZUXK.exe
  2⤵
  PID:8188
- C:\Windows\System\yMEQaWt.exe
  C:\Windows\System\yMEQaWt.exe
  2⤵
  PID:7188
- C:\Windows\System\PAgYmzI.exe
  C:\Windows\System\PAgYmzI.exe
  2⤵
  PID:7216
- C:\Windows\System\osXQZbk.exe
  C:\Windows\System\osXQZbk.exe
  2⤵
  PID:7268
- C:\Windows\System\AaCEEWN.exe
  C:\Windows\System\AaCEEWN.exe
  2⤵
  PID:7404
- C:\Windows\System\stMrxDu.exe
  C:\Windows\System\stMrxDu.exe
  2⤵
  PID:7428
- C:\Windows\System\cPPjYhF.exe
  C:\Windows\System\cPPjYhF.exe
  2⤵
  PID:6188
- C:\Windows\System\BeBHDiQ.exe
  C:\Windows\System\BeBHDiQ.exe
  2⤵
  PID:7528
- C:\Windows\System\JxMRdZM.exe
  C:\Windows\System\JxMRdZM.exe
  2⤵
  PID:7560
- C:\Windows\System\wbEYiTz.exe
  C:\Windows\System\wbEYiTz.exe
  2⤵
  PID:7620
- C:\Windows\System\bxmFxcC.exe
  C:\Windows\System\bxmFxcC.exe
  2⤵
  PID:7688
- C:\Windows\System\JJxzPMY.exe
  C:\Windows\System\JJxzPMY.exe
  2⤵
  PID:7752
- C:\Windows\System\qZFctFX.exe
  C:\Windows\System\qZFctFX.exe
  2⤵
  PID:7824
- C:\Windows\System\hXiKDQi.exe
  C:\Windows\System\hXiKDQi.exe
  2⤵
  PID:7884
- C:\Windows\System\TjlmJPe.exe
  C:\Windows\System\TjlmJPe.exe
  2⤵
  PID:7964
- C:\Windows\System\duyLvaM.exe
  C:\Windows\System\duyLvaM.exe
  2⤵
  PID:7980
- C:\Windows\System\DXtHZku.exe
  C:\Windows\System\DXtHZku.exe
  2⤵
  PID:8132
- C:\Windows\System\Oiptocs.exe
  C:\Windows\System\Oiptocs.exe
  2⤵
  PID:7036
- C:\Windows\System\Fwvmaap.exe
  C:\Windows\System\Fwvmaap.exe
  2⤵
  PID:7212
- C:\Windows\System\ndjoRIe.exe
  C:\Windows\System\ndjoRIe.exe
  2⤵
  PID:7508
- C:\Windows\System\zRHInCo.exe
  C:\Windows\System\zRHInCo.exe
  2⤵
  PID:7612
- C:\Windows\System\sFKAOHN.exe
  C:\Windows\System\sFKAOHN.exe
  2⤵
  PID:7748
- C:\Windows\System\slQphnS.exe
  C:\Windows\System\slQphnS.exe
  2⤵
  PID:7952
- C:\Windows\System\egqRBNB.exe
  C:\Windows\System\egqRBNB.exe
  2⤵
  PID:7932
- C:\Windows\System\uxVpOdf.exe
  C:\Windows\System\uxVpOdf.exe
  2⤵
  PID:7108
- C:\Windows\System\JHteCQb.exe
  C:\Windows\System\JHteCQb.exe
  2⤵
  PID:7704
- C:\Windows\System\nZcfZLk.exe
  C:\Windows\System\nZcfZLk.exe
  2⤵
  PID:7804
- C:\Windows\System\RBLYTcI.exe
  C:\Windows\System\RBLYTcI.exe
  2⤵
  PID:7236
- C:\Windows\System\wucOmfb.exe
  C:\Windows\System\wucOmfb.exe
  2⤵
  PID:8216
- C:\Windows\System\tZKQPWO.exe
  C:\Windows\System\tZKQPWO.exe
  2⤵
  PID:8236
- C:\Windows\System\RUXYsDq.exe
  C:\Windows\System\RUXYsDq.exe
  2⤵
  PID:8272
- C:\Windows\System\gLYqByy.exe
  C:\Windows\System\gLYqByy.exe
  2⤵
  PID:8324
- C:\Windows\System\PCzicPj.exe
  C:\Windows\System\PCzicPj.exe
  2⤵
  PID:8344
- C:\Windows\System\cpHfcPo.exe
  C:\Windows\System\cpHfcPo.exe
  2⤵
  PID:8380
- C:\Windows\System\eeWfGUx.exe
  C:\Windows\System\eeWfGUx.exe
  2⤵
  PID:8404
- C:\Windows\System\buJAdLY.exe
  C:\Windows\System\buJAdLY.exe
  2⤵
  PID:8444
- C:\Windows\System\JVYgESz.exe
  C:\Windows\System\JVYgESz.exe
  2⤵
  PID:8472
- C:\Windows\System\lgswHOs.exe
  C:\Windows\System\lgswHOs.exe
  2⤵
  PID:8496
- C:\Windows\System\EYEkkBs.exe
  C:\Windows\System\EYEkkBs.exe
  2⤵
  PID:8528
- C:\Windows\System\xvGzTlE.exe
  C:\Windows\System\xvGzTlE.exe
  2⤵
  PID:8556
- C:\Windows\System\zPMGAOW.exe
  C:\Windows\System\zPMGAOW.exe
  2⤵
  PID:8572
- C:\Windows\System\jazUuys.exe
  C:\Windows\System\jazUuys.exe
  2⤵
  PID:8596
- C:\Windows\System\sEJNCJU.exe
  C:\Windows\System\sEJNCJU.exe
  2⤵
  PID:8632
- C:\Windows\System\QuTjVQX.exe
  C:\Windows\System\QuTjVQX.exe
  2⤵
  PID:8668
- C:\Windows\System\wwsOkdI.exe
  C:\Windows\System\wwsOkdI.exe
  2⤵
  PID:8696
- C:\Windows\System\hnjGIEN.exe
  C:\Windows\System\hnjGIEN.exe
  2⤵
  PID:8724
- C:\Windows\System\cddfEYv.exe
  C:\Windows\System\cddfEYv.exe
  2⤵
  PID:8752
- C:\Windows\System\DhLxtgF.exe
  C:\Windows\System\DhLxtgF.exe
  2⤵
  PID:8772
- C:\Windows\System\PbrZpMY.exe
  C:\Windows\System\PbrZpMY.exe
  2⤵
  PID:8804
- C:\Windows\System\yKwovJs.exe
  C:\Windows\System\yKwovJs.exe
  2⤵
  PID:8824
- C:\Windows\System\TAGsoEU.exe
  C:\Windows\System\TAGsoEU.exe
  2⤵
  PID:8860
- C:\Windows\System\JqQcCUP.exe
  C:\Windows\System\JqQcCUP.exe
  2⤵
  PID:8884
- C:\Windows\System\ORhakMy.exe
  C:\Windows\System\ORhakMy.exe
  2⤵
  PID:8916
- C:\Windows\System\voOSBUs.exe
  C:\Windows\System\voOSBUs.exe
  2⤵
  PID:8948
- C:\Windows\System\ihLsxsN.exe
  C:\Windows\System\ihLsxsN.exe
  2⤵
  PID:8964
- C:\Windows\System\BidpYmM.exe
  C:\Windows\System\BidpYmM.exe
  2⤵
  PID:8992
- C:\Windows\System\xNBPUYa.exe
  C:\Windows\System\xNBPUYa.exe
  2⤵
  PID:9024
- C:\Windows\System\MezMwZU.exe
  C:\Windows\System\MezMwZU.exe
  2⤵
  PID:9052
- C:\Windows\System\aTaDetj.exe
  C:\Windows\System\aTaDetj.exe
  2⤵
  PID:9072
- C:\Windows\System\GZnJUEd.exe
  C:\Windows\System\GZnJUEd.exe
  2⤵
  PID:9088
- C:\Windows\System\GVYimdK.exe
  C:\Windows\System\GVYimdK.exe
  2⤵
  PID:9104
- C:\Windows\System\pWpZpbM.exe
  C:\Windows\System\pWpZpbM.exe
  2⤵
  PID:9124
- C:\Windows\System\gIRenTG.exe
  C:\Windows\System\gIRenTG.exe
  2⤵
  PID:9148
- C:\Windows\System\uUkPhhV.exe
  C:\Windows\System\uUkPhhV.exe
  2⤵
  PID:9176
- C:\Windows\System\LlcrvsP.exe
  C:\Windows\System\LlcrvsP.exe
  2⤵
  PID:9208
- C:\Windows\System\rHlmjTX.exe
  C:\Windows\System\rHlmjTX.exe
  2⤵
  PID:8196
- C:\Windows\System\MvcdecX.exe
  C:\Windows\System\MvcdecX.exe
  2⤵
  PID:8204
- C:\Windows\System\JPQvpVq.exe
  C:\Windows\System\JPQvpVq.exe
  2⤵
  PID:8256
- C:\Windows\System\tIAQhlI.exe
  C:\Windows\System\tIAQhlI.exe
  2⤵
  PID:8368
- C:\Windows\System\Kzoylxb.exe
  C:\Windows\System\Kzoylxb.exe
  2⤵
  PID:8392
- C:\Windows\System\xhPNeQe.exe
  C:\Windows\System\xhPNeQe.exe
  2⤵
  PID:8456
- C:\Windows\System\xaZdtkm.exe
  C:\Windows\System\xaZdtkm.exe
  2⤵
  PID:8544
- C:\Windows\System\dPGlXyM.exe
  C:\Windows\System\dPGlXyM.exe
  2⤵
  PID:8588
- C:\Windows\System\zkzkAvo.exe
  C:\Windows\System\zkzkAvo.exe
  2⤵
  PID:8680
- C:\Windows\System\tPMfgaE.exe
  C:\Windows\System\tPMfgaE.exe
  2⤵
  PID:8780
- C:\Windows\System\MqmQTJr.exe
  C:\Windows\System\MqmQTJr.exe
  2⤵
  PID:8796
- C:\Windows\System\BuHbSPz.exe
  C:\Windows\System\BuHbSPz.exe
  2⤵
  PID:8852
- C:\Windows\System\EEQmzOV.exe
  C:\Windows\System\EEQmzOV.exe
  2⤵
  PID:8880
- C:\Windows\System\zzzZsxy.exe
  C:\Windows\System\zzzZsxy.exe
  2⤵
  PID:8940
- C:\Windows\System\jqjSNVR.exe
  C:\Windows\System\jqjSNVR.exe
  2⤵
  PID:8988
- C:\Windows\System\mYbElJO.exe
  C:\Windows\System\mYbElJO.exe
  2⤵
  PID:9000
- C:\Windows\System\ulLfmHU.exe
  C:\Windows\System\ulLfmHU.exe
  2⤵
  PID:9084
- C:\Windows\System\CnfkaTp.exe
  C:\Windows\System\CnfkaTp.exe
  2⤵
  PID:9136
- C:\Windows\System\YHJllvS.exe
  C:\Windows\System\YHJllvS.exe
  2⤵
  PID:9116
- C:\Windows\System\zxBzbic.exe
  C:\Windows\System\zxBzbic.exe
  2⤵
  PID:8396
- C:\Windows\System\EOqTOvr.exe
  C:\Windows\System\EOqTOvr.exe
  2⤵
  PID:8536
- C:\Windows\System\iQisMRT.exe
  C:\Windows\System\iQisMRT.exe
  2⤵
  PID:8692
- C:\Windows\System\fUMydNP.exe
  C:\Windows\System\fUMydNP.exe
  2⤵
  PID:8648
- C:\Windows\System\ahBaJJd.exe
  C:\Windows\System\ahBaJJd.exe
  2⤵
  PID:8848
- C:\Windows\System\EPYAstR.exe
  C:\Windows\System\EPYAstR.exe
  2⤵
  PID:9192
- C:\Windows\System\SNoLpJY.exe
  C:\Windows\System\SNoLpJY.exe
  2⤵
  PID:9008
- C:\Windows\System\OHGFUQu.exe
  C:\Windows\System\OHGFUQu.exe
  2⤵
  PID:9252
- C:\Windows\System\FkZXldX.exe
  C:\Windows\System\FkZXldX.exe
  2⤵
  PID:9276
- C:\Windows\System\KVzwlZl.exe
  C:\Windows\System\KVzwlZl.exe
  2⤵
  PID:9296
- C:\Windows\System\XGsCqxa.exe
  C:\Windows\System\XGsCqxa.exe
  2⤵
  PID:9356
- C:\Windows\System\wzqhCsL.exe
  C:\Windows\System\wzqhCsL.exe
  2⤵
  PID:9388
- C:\Windows\System\VwlobOX.exe
  C:\Windows\System\VwlobOX.exe
  2⤵
  PID:9416
- C:\Windows\System\WJZCYiB.exe
  C:\Windows\System\WJZCYiB.exe
  2⤵
  PID:9440
- C:\Windows\System\sIGMcCl.exe
  C:\Windows\System\sIGMcCl.exe
  2⤵
  PID:9476
- C:\Windows\System\DSPwMzk.exe
  C:\Windows\System\DSPwMzk.exe
  2⤵
  PID:9508
- C:\Windows\System\OSsYSRD.exe
  C:\Windows\System\OSsYSRD.exe
  2⤵
  PID:9548
- C:\Windows\System\mXCdMPQ.exe
  C:\Windows\System\mXCdMPQ.exe
  2⤵
  PID:9580
- C:\Windows\System\lFnlAUy.exe
  C:\Windows\System\lFnlAUy.exe
  2⤵
  PID:9624
- C:\Windows\System\egxhjYz.exe
  C:\Windows\System\egxhjYz.exe
  2⤵
  PID:9656
- C:\Windows\System\otfaEjz.exe
  C:\Windows\System\otfaEjz.exe
  2⤵
  PID:9676
- C:\Windows\System\nysgyfd.exe
  C:\Windows\System\nysgyfd.exe
  2⤵
  PID:9708
- C:\Windows\System\uTNGCGw.exe
  C:\Windows\System\uTNGCGw.exe
  2⤵
  PID:9740
- C:\Windows\System\MWzQGll.exe
  C:\Windows\System\MWzQGll.exe
  2⤵
  PID:9772
- C:\Windows\System\RGGvote.exe
  C:\Windows\System\RGGvote.exe
  2⤵
  PID:9788
- C:\Windows\System\yVJPuLa.exe
  C:\Windows\System\yVJPuLa.exe
  2⤵
  PID:9804
- C:\Windows\System\XuDsTBc.exe
  C:\Windows\System\XuDsTBc.exe
  2⤵
  PID:9828
- C:\Windows\System\gzOqfeZ.exe
  C:\Windows\System\gzOqfeZ.exe
  2⤵
  PID:9852
- C:\Windows\System\uHURNQD.exe
  C:\Windows\System\uHURNQD.exe
  2⤵
  PID:9872
- C:\Windows\System\VejzQWO.exe
  C:\Windows\System\VejzQWO.exe
  2⤵
  PID:9896
- C:\Windows\System\RMLneGR.exe
  C:\Windows\System\RMLneGR.exe
  2⤵
  PID:9912
- C:\Windows\System\lxjIWdF.exe
  C:\Windows\System\lxjIWdF.exe
  2⤵
  PID:9940
- C:\Windows\System\KsppNkW.exe
  C:\Windows\System\KsppNkW.exe
  2⤵
  PID:9968
- C:\Windows\System\TkMYRbl.exe
  C:\Windows\System\TkMYRbl.exe
  2⤵
  PID:10000
- C:\Windows\System\AzQhiGp.exe
  C:\Windows\System\AzQhiGp.exe
  2⤵
  PID:10044
- C:\Windows\System\Uejiyfm.exe
  C:\Windows\System\Uejiyfm.exe
  2⤵
  PID:10080
- C:\Windows\System\WVxFhtk.exe
  C:\Windows\System\WVxFhtk.exe
  2⤵
  PID:10108
- C:\Windows\System\SJQqLyx.exe
  C:\Windows\System\SJQqLyx.exe
  2⤵
  PID:10148
- C:\Windows\System\ENcrzPx.exe
  C:\Windows\System\ENcrzPx.exe
  2⤵
  PID:10172
- C:\Windows\System\DaRankf.exe
  C:\Windows\System\DaRankf.exe
  2⤵
  PID:10196
- C:\Windows\System\xQRpBpH.exe
  C:\Windows\System\xQRpBpH.exe
  2⤵
  PID:10216
- C:\Windows\System\UPzRmok.exe
  C:\Windows\System\UPzRmok.exe
  2⤵
  PID:8416
- C:\Windows\System\pXjtVIr.exe
  C:\Windows\System\pXjtVIr.exe
  2⤵
  PID:9144
- C:\Windows\System\ZCYQmSp.exe
  C:\Windows\System\ZCYQmSp.exe
  2⤵
  PID:8904
- C:\Windows\System\JFRDaWq.exe
  C:\Windows\System\JFRDaWq.exe
  2⤵
  PID:8336
- C:\Windows\System\LUXTTwh.exe
  C:\Windows\System\LUXTTwh.exe
  2⤵
  PID:9244
- C:\Windows\System\vBvLynj.exe
  C:\Windows\System\vBvLynj.exe
  2⤵
  PID:9464
- C:\Windows\System\PgSsPOI.exe
  C:\Windows\System\PgSsPOI.exe
  2⤵
  PID:9412
- C:\Windows\System\LozMYrr.exe
  C:\Windows\System\LozMYrr.exe
  2⤵
  PID:9576
- C:\Windows\System\GRAGPoO.exe
  C:\Windows\System\GRAGPoO.exe
  2⤵
  PID:9496
- C:\Windows\System\ONgFyLP.exe
  C:\Windows\System\ONgFyLP.exe
  2⤵
  PID:9648
- C:\Windows\System\PbgvrFq.exe
  C:\Windows\System\PbgvrFq.exe
  2⤵
  PID:9728
- C:\Windows\System\oipCfNJ.exe
  C:\Windows\System\oipCfNJ.exe
  2⤵
  PID:9760
- C:\Windows\System\vvXDpkw.exe
  C:\Windows\System\vvXDpkw.exe
  2⤵
  PID:9844
- C:\Windows\System\aUijwaG.exe
  C:\Windows\System\aUijwaG.exe
  2⤵
  PID:9868
- C:\Windows\System\gilPZqW.exe
  C:\Windows\System\gilPZqW.exe
  2⤵
  PID:9952
- C:\Windows\System\EUqiVRu.exe
  C:\Windows\System\EUqiVRu.exe
  2⤵
  PID:10100
- C:\Windows\System\OlOQdez.exe
  C:\Windows\System\OlOQdez.exe
  2⤵
  PID:10052
- C:\Windows\System\oKmMGjV.exe
  C:\Windows\System\oKmMGjV.exe
  2⤵
  PID:10160
- C:\Windows\System\qOcZvSj.exe
  C:\Windows\System\qOcZvSj.exe
  2⤵
  PID:9200
- C:\Windows\System\BuVuhrE.exe
  C:\Windows\System\BuVuhrE.exe
  2⤵
  PID:10236
- C:\Windows\System\DifPmmc.exe
  C:\Windows\System\DifPmmc.exe
  2⤵
  PID:9228
- C:\Windows\System\dyAsLKr.exe
  C:\Windows\System\dyAsLKr.exe
  2⤵
  PID:9536
- C:\Windows\System\foUWsWW.exe
  C:\Windows\System\foUWsWW.exe
  2⤵
  PID:9784
- C:\Windows\System\oEQpWZM.exe
  C:\Windows\System\oEQpWZM.exe
  2⤵
  PID:9700
- C:\Windows\System\wICkfxi.exe
  C:\Windows\System\wICkfxi.exe
  2⤵
  PID:10208
- C:\Windows\System\hBCRmLn.exe
  C:\Windows\System\hBCRmLn.exe
  2⤵
  PID:9316
- C:\Windows\System\bwKnajq.exe
  C:\Windows\System\bwKnajq.exe
  2⤵
  PID:10136
- C:\Windows\System\VUoNkDA.exe
  C:\Windows\System\VUoNkDA.exe
  2⤵
  PID:8912
- C:\Windows\System\PswOBfm.exe
  C:\Windows\System\PswOBfm.exe
  2⤵
  PID:8932
- C:\Windows\System\oEbFXqF.exe
  C:\Windows\System\oEbFXqF.exe
  2⤵
  PID:10264
- C:\Windows\System\fnrywYL.exe
  C:\Windows\System\fnrywYL.exe
  2⤵
  PID:10304
- C:\Windows\System\GcETLnv.exe
  C:\Windows\System\GcETLnv.exe
  2⤵
  PID:10336
- C:\Windows\System\mGUhpLV.exe
  C:\Windows\System\mGUhpLV.exe
  2⤵
  PID:10360
- C:\Windows\System\SGTfvbF.exe
  C:\Windows\System\SGTfvbF.exe
  2⤵
  PID:10412
- C:\Windows\System\uznFDDB.exe
  C:\Windows\System\uznFDDB.exe
  2⤵
  PID:10428
- C:\Windows\System\yFfSLUx.exe
  C:\Windows\System\yFfSLUx.exe
  2⤵
  PID:10444
- C:\Windows\System\BLcojGt.exe
  C:\Windows\System\BLcojGt.exe
  2⤵
  PID:10464
- C:\Windows\System\hGVLLTG.exe
  C:\Windows\System\hGVLLTG.exe
  2⤵
  PID:10484
- C:\Windows\System\XAWmNao.exe
  C:\Windows\System\XAWmNao.exe
  2⤵
  PID:10504
- C:\Windows\System\sFqvHri.exe
  C:\Windows\System\sFqvHri.exe
  2⤵
  PID:10520
- C:\Windows\System\SDgwqdV.exe
  C:\Windows\System\SDgwqdV.exe
  2⤵
  PID:10540
- C:\Windows\System\rtjBJvv.exe
  C:\Windows\System\rtjBJvv.exe
  2⤵
  PID:10564
- C:\Windows\System\plYkUKU.exe
  C:\Windows\System\plYkUKU.exe
  2⤵
  PID:10584
- C:\Windows\System\RshYGvK.exe
  C:\Windows\System\RshYGvK.exe
  2⤵
  PID:10604
- C:\Windows\System\EwreUXV.exe
  C:\Windows\System\EwreUXV.exe
  2⤵
  PID:10620
- C:\Windows\System\CXYkrpC.exe
  C:\Windows\System\CXYkrpC.exe
  2⤵
  PID:10640
- C:\Windows\System\EpIbBeU.exe
  C:\Windows\System\EpIbBeU.exe
  2⤵
  PID:10656
- C:\Windows\System\jBfPqqY.exe
  C:\Windows\System\jBfPqqY.exe
  2⤵
  PID:10696
- C:\Windows\System\myPpqUI.exe
  C:\Windows\System\myPpqUI.exe
  2⤵
  PID:10712
- C:\Windows\System\CmjxQlq.exe
  C:\Windows\System\CmjxQlq.exe
  2⤵
  PID:10728
- C:\Windows\System\rdBUxLm.exe
  C:\Windows\System\rdBUxLm.exe
  2⤵
  PID:10760
- C:\Windows\System\HqkNCaL.exe
  C:\Windows\System\HqkNCaL.exe
  2⤵
  PID:10788
- C:\Windows\System\UMklnXA.exe
  C:\Windows\System\UMklnXA.exe
  2⤵
  PID:10824
- C:\Windows\System\FvTTpSb.exe
  C:\Windows\System\FvTTpSb.exe
  2⤵
  PID:10844
- C:\Windows\System\JfvWcHm.exe
  C:\Windows\System\JfvWcHm.exe
  2⤵
  PID:10876
- C:\Windows\System\ndzvqfe.exe
  C:\Windows\System\ndzvqfe.exe
  2⤵
  PID:10908
- C:\Windows\System\OwmPCoP.exe
  C:\Windows\System\OwmPCoP.exe
  2⤵
  PID:10940
- C:\Windows\System\TbHCRQh.exe
  C:\Windows\System\TbHCRQh.exe
  2⤵
  PID:10976
- C:\Windows\System\dKFNpiW.exe
  C:\Windows\System\dKFNpiW.exe
  2⤵
  PID:11012
- C:\Windows\System\CEcwmQY.exe
  C:\Windows\System\CEcwmQY.exe
  2⤵
  PID:11040
- C:\Windows\System\CNETZAe.exe
  C:\Windows\System\CNETZAe.exe
  2⤵
  PID:11068
- C:\Windows\System\RnujtSB.exe
  C:\Windows\System\RnujtSB.exe
  2⤵
  PID:11104
- C:\Windows\System\lmceEcw.exe
  C:\Windows\System\lmceEcw.exe
  2⤵
  PID:11124
- C:\Windows\System\NJBqztN.exe
  C:\Windows\System\NJBqztN.exe
  2⤵
  PID:11148
- C:\Windows\System\BzPCcmd.exe
  C:\Windows\System\BzPCcmd.exe
  2⤵
  PID:11180
- C:\Windows\System\GwvnNQA.exe
  C:\Windows\System\GwvnNQA.exe
  2⤵
  PID:11204
- C:\Windows\System\zgzjckD.exe
  C:\Windows\System\zgzjckD.exe
  2⤵
  PID:11240
- C:\Windows\System\dQtQyPX.exe
  C:\Windows\System\dQtQyPX.exe
  2⤵
  PID:10184
- C:\Windows\System\BLTeJiz.exe
  C:\Windows\System\BLTeJiz.exe
  2⤵
  PID:10260
- C:\Windows\System\RDyDfxt.exe
  C:\Windows\System\RDyDfxt.exe
  2⤵
  PID:10288
- C:\Windows\System\ivaYfbF.exe
  C:\Windows\System\ivaYfbF.exe
  2⤵
  PID:10392
- C:\Windows\System\NqXnGym.exe
  C:\Windows\System\NqXnGym.exe
  2⤵
  PID:9060
- C:\Windows\System\KnwzFaS.exe
  C:\Windows\System\KnwzFaS.exe
  2⤵
  PID:10420
- C:\Windows\System\osDplOg.exe
  C:\Windows\System\osDplOg.exe
  2⤵
  PID:10512
- C:\Windows\System\ooyPirk.exe
  C:\Windows\System\ooyPirk.exe
  2⤵
  PID:10576
- C:\Windows\System\eZPsOON.exe
  C:\Windows\System\eZPsOON.exe
  2⤵
  PID:10820
- C:\Windows\System\oERRNEA.exe
  C:\Windows\System\oERRNEA.exe
  2⤵
  PID:10676
- C:\Windows\System\aenftEX.exe
  C:\Windows\System\aenftEX.exe
  2⤵
  PID:10796
- C:\Windows\System\VkJKKrE.exe
  C:\Windows\System\VkJKKrE.exe
  2⤵
  PID:10960
- C:\Windows\System\wdPDXPG.exe
  C:\Windows\System\wdPDXPG.exe
  2⤵
  PID:10832
- C:\Windows\System\LOEGqUh.exe
  C:\Windows\System\LOEGqUh.exe
  2⤵
  PID:10920
- C:\Windows\System\BCTmjmA.exe
  C:\Windows\System\BCTmjmA.exe
  2⤵
  PID:11140
- C:\Windows\System\pqpimdD.exe
  C:\Windows\System\pqpimdD.exe
  2⤵
  PID:11260
- C:\Windows\System\OHbtOJD.exe
  C:\Windows\System\OHbtOJD.exe
  2⤵
  PID:11220
- C:\Windows\System\VkwLENI.exe
  C:\Windows\System\VkwLENI.exe
  2⤵
  PID:10248
- C:\Windows\System\auYwwrm.exe
  C:\Windows\System\auYwwrm.exe
  2⤵
  PID:10368
- C:\Windows\System\hPRelmF.exe
  C:\Windows\System\hPRelmF.exe
  2⤵
  PID:10528
- C:\Windows\System\podfYdM.exe
  C:\Windows\System\podfYdM.exe
  2⤵
  PID:10856
- C:\Windows\System\JaFdcJn.exe
  C:\Windows\System\JaFdcJn.exe
  2⤵
  PID:10708
- C:\Windows\System\cwbmfFf.exe
  C:\Windows\System\cwbmfFf.exe
  2⤵
  PID:11052
- C:\Windows\System\JkECjvP.exe
  C:\Windows\System\JkECjvP.exe
  2⤵
  PID:10256
- C:\Windows\System\WovMYYF.exe
  C:\Windows\System\WovMYYF.exe
  2⤵
  PID:10436
- C:\Windows\System\LwTOUsL.exe
  C:\Windows\System\LwTOUsL.exe
  2⤵
  PID:10632
- C:\Windows\System\oQXkRsc.exe
  C:\Windows\System\oQXkRsc.exe
  2⤵
  PID:10124
- C:\Windows\System\dFZlTNk.exe
  C:\Windows\System\dFZlTNk.exe
  2⤵
  PID:11272
- C:\Windows\System\ciwjEqy.exe
  C:\Windows\System\ciwjEqy.exe
  2⤵
  PID:11288
- C:\Windows\System\cmgiAPU.exe
  C:\Windows\System\cmgiAPU.exe
  2⤵
  PID:11304
- C:\Windows\System\lMvSOKo.exe
  C:\Windows\System\lMvSOKo.exe
  2⤵
  PID:11336
- C:\Windows\System\vTUWxBS.exe
  C:\Windows\System\vTUWxBS.exe
  2⤵
  PID:11360
- C:\Windows\System\azddXvB.exe
  C:\Windows\System\azddXvB.exe
  2⤵
  PID:11388
- C:\Windows\System\dXBhEVE.exe
  C:\Windows\System\dXBhEVE.exe
  2⤵
  PID:11416
- C:\Windows\System\AZMHaxU.exe
  C:\Windows\System\AZMHaxU.exe
  2⤵
  PID:11452
- C:\Windows\System\kBKEhBr.exe
  C:\Windows\System\kBKEhBr.exe
  2⤵
  PID:11480
- C:\Windows\System\KqmqqWU.exe
  C:\Windows\System\KqmqqWU.exe
  2⤵
  PID:11512
- C:\Windows\System\RbhPoCt.exe
  C:\Windows\System\RbhPoCt.exe
  2⤵
  PID:11552
- C:\Windows\System\xHZFejb.exe
  C:\Windows\System\xHZFejb.exe
  2⤵
  PID:11576
- C:\Windows\System\TWrAhmG.exe
  C:\Windows\System\TWrAhmG.exe
  2⤵
  PID:11600
- C:\Windows\System\snnzUde.exe
  C:\Windows\System\snnzUde.exe
  2⤵
  PID:11616
- C:\Windows\System\BsIHhkF.exe
  C:\Windows\System\BsIHhkF.exe
  2⤵
  PID:11640
- C:\Windows\System\pjTnguF.exe
  C:\Windows\System\pjTnguF.exe
  2⤵
  PID:11656
- C:\Windows\System\hizyrbe.exe
  C:\Windows\System\hizyrbe.exe
  2⤵
  PID:11676
- C:\Windows\System\tjMewqF.exe
  C:\Windows\System\tjMewqF.exe
  2⤵
  PID:11704
- C:\Windows\System\ILdcqPT.exe
  C:\Windows\System\ILdcqPT.exe
  2⤵
  PID:11720
- C:\Windows\System\dnFgEKe.exe
  C:\Windows\System\dnFgEKe.exe
  2⤵
  PID:11736
- C:\Windows\System\JLUUMFM.exe
  C:\Windows\System\JLUUMFM.exe
  2⤵
  PID:11772
- C:\Windows\System\IKvfLal.exe
  C:\Windows\System\IKvfLal.exe
  2⤵
  PID:11800
- C:\Windows\System\QrCLJEF.exe
  C:\Windows\System\QrCLJEF.exe
  2⤵
  PID:11828
- C:\Windows\System\QLnQkkE.exe
  C:\Windows\System\QLnQkkE.exe
  2⤵
  PID:11860
- C:\Windows\System\XDtUEgX.exe
  C:\Windows\System\XDtUEgX.exe
  2⤵
  PID:11880
- C:\Windows\System\pFLphDS.exe
  C:\Windows\System\pFLphDS.exe
  2⤵
  PID:11916
- C:\Windows\System\bYLnwje.exe
  C:\Windows\System\bYLnwje.exe
  2⤵
  PID:11948
- C:\Windows\System\rtXPDnQ.exe
  C:\Windows\System\rtXPDnQ.exe
  2⤵
  PID:11964
- C:\Windows\System\BCKIQHU.exe
  C:\Windows\System\BCKIQHU.exe
  2⤵
  PID:11996
- C:\Windows\System\xwrQxuq.exe
  C:\Windows\System\xwrQxuq.exe
  2⤵
  PID:12024
- C:\Windows\System\OYBnadT.exe
  C:\Windows\System\OYBnadT.exe
  2⤵
  PID:12044
- C:\Windows\System\lMvEvAq.exe
  C:\Windows\System\lMvEvAq.exe
  2⤵
  PID:12084
- C:\Windows\System\zTSKEZx.exe
  C:\Windows\System\zTSKEZx.exe
  2⤵
  PID:12120
- C:\Windows\System\JsOrjOa.exe
  C:\Windows\System\JsOrjOa.exe
  2⤵
  PID:12148
- C:\Windows\System\crAxWvg.exe
  C:\Windows\System\crAxWvg.exe
  2⤵
  PID:12188
- C:\Windows\System\cfkQnhx.exe
  C:\Windows\System\cfkQnhx.exe
  2⤵
  PID:12216
- C:\Windows\System\fHRfaJW.exe
  C:\Windows\System\fHRfaJW.exe
  2⤵
  PID:12252
- C:\Windows\System\goIeDdi.exe
  C:\Windows\System\goIeDdi.exe
  2⤵
  PID:12276
- C:\Windows\System\zUdNRrE.exe
  C:\Windows\System\zUdNRrE.exe
  2⤵
  PID:9860
- C:\Windows\System\KmxDxhY.exe
  C:\Windows\System\KmxDxhY.exe
  2⤵
  PID:11324
- C:\Windows\System\txnbfFK.exe
  C:\Windows\System\txnbfFK.exe
  2⤵
  PID:11404
- C:\Windows\System\IWdVPMg.exe
  C:\Windows\System\IWdVPMg.exe
  2⤵
  PID:11316
- C:\Windows\System\zNrZHmo.exe
  C:\Windows\System\zNrZHmo.exe
  2⤵
  PID:11524
- C:\Windows\System\XBokLJB.exe
  C:\Windows\System\XBokLJB.exe
  2⤵
  PID:11588
- C:\Windows\System\bllfawv.exe
  C:\Windows\System\bllfawv.exe
  2⤵
  PID:11544
- C:\Windows\System\XLRYrha.exe
  C:\Windows\System\XLRYrha.exe
  2⤵
  PID:11612
- C:\Windows\System\FgsOTdf.exe
  C:\Windows\System\FgsOTdf.exe
  2⤵
  PID:11672
- C:\Windows\System\QYQFHoV.exe
  C:\Windows\System\QYQFHoV.exe
  2⤵
  PID:11816
- C:\Windows\System\CPrIhxa.exe
  C:\Windows\System\CPrIhxa.exe
  2⤵
  PID:11824
- C:\Windows\System\VjOMMil.exe
  C:\Windows\System\VjOMMil.exe
  2⤵
  PID:12032
- C:\Windows\System\vMdyNRS.exe
  C:\Windows\System\vMdyNRS.exe
  2⤵
  PID:12036
- C:\Windows\System\jVKXaoT.exe
  C:\Windows\System\jVKXaoT.exe
  2⤵
  PID:12008
- C:\Windows\System\aPeUxOJ.exe
  C:\Windows\System\aPeUxOJ.exe
  2⤵
  PID:12200
- C:\Windows\System\NJdSQMA.exe
  C:\Windows\System\NJdSQMA.exe
  2⤵
  PID:12244
- C:\Windows\System\LtvNuNP.exe
  C:\Windows\System\LtvNuNP.exe
  2⤵
  PID:12160
- C:\Windows\System\PRHOpOz.exe
  C:\Windows\System\PRHOpOz.exe
  2⤵
  PID:12204
- C:\Windows\System\hEsiNls.exe
  C:\Windows\System\hEsiNls.exe
  2⤵
  PID:10232
- C:\Windows\System\PTksMlX.exe
  C:\Windows\System\PTksMlX.exe
  2⤵
  PID:11536
- C:\Windows\System\qUkUiHV.exe
  C:\Windows\System\qUkUiHV.exe
  2⤵
  PID:11908
- C:\Windows\System\oduZyYK.exe
  C:\Windows\System\oduZyYK.exe
  2⤵
  PID:11984
- C:\Windows\System\eItCJhB.exe
  C:\Windows\System\eItCJhB.exe
  2⤵
  PID:11960
- C:\Windows\System\rgSpkDD.exe
  C:\Windows\System\rgSpkDD.exe
  2⤵
  PID:11464
- C:\Windows\System\QSLiaiP.exe
  C:\Windows\System\QSLiaiP.exe
  2⤵
  PID:11904
- C:\Windows\System\DUVMndk.exe
  C:\Windows\System\DUVMndk.exe
  2⤵
  PID:11748
- C:\Windows\System\nGGMMpN.exe
  C:\Windows\System\nGGMMpN.exe
  2⤵
  PID:11796
- C:\Windows\System\rSLNDEV.exe
  C:\Windows\System\rSLNDEV.exe
  2⤵
  PID:11280
- C:\Windows\System\VeFVBwP.exe
  C:\Windows\System\VeFVBwP.exe
  2⤵
  PID:12316
- C:\Windows\System\FxxVsxb.exe
  C:\Windows\System\FxxVsxb.exe
  2⤵
  PID:12344
- C:\Windows\System\DfYlvpU.exe
  C:\Windows\System\DfYlvpU.exe
  2⤵
  PID:12376
- C:\Windows\System\kwqqwFu.exe
  C:\Windows\System\kwqqwFu.exe
  2⤵
  PID:12408
- C:\Windows\System\uyfKMkP.exe
  C:\Windows\System\uyfKMkP.exe
  2⤵
  PID:12436
- C:\Windows\System\qPWDmuN.exe
  C:\Windows\System\qPWDmuN.exe
  2⤵
  PID:12464
- C:\Windows\System\uPwtgBS.exe
  C:\Windows\System\uPwtgBS.exe
  2⤵
  PID:12572
- C:\Windows\System\BJbnAVe.exe
  C:\Windows\System\BJbnAVe.exe
  2⤵
  PID:12588
- C:\Windows\System\GoqEfZR.exe
  C:\Windows\System\GoqEfZR.exe
  2⤵
  PID:12616
- C:\Windows\System\MmsbhOo.exe
  C:\Windows\System\MmsbhOo.exe
  2⤵
  PID:12636
- C:\Windows\System\MfhFPTi.exe
  C:\Windows\System\MfhFPTi.exe
  2⤵
  PID:12660
- C:\Windows\System\uWEzLuo.exe
  C:\Windows\System\uWEzLuo.exe
  2⤵
  PID:12692
- C:\Windows\System\ObusxEQ.exe
  C:\Windows\System\ObusxEQ.exe
  2⤵
  PID:12720
- C:\Windows\System\WWGgOpy.exe
  C:\Windows\System\WWGgOpy.exe
  2⤵
  PID:12748
- C:\Windows\System\nxUjQkr.exe
  C:\Windows\System\nxUjQkr.exe
  2⤵
  PID:12776
- C:\Windows\System\cWocEDu.exe
  C:\Windows\System\cWocEDu.exe
  2⤵
  PID:12796
- C:\Windows\System\cxGcDIt.exe
  C:\Windows\System\cxGcDIt.exe
  2⤵
  PID:12816
- C:\Windows\System\SrUbjiD.exe
  C:\Windows\System\SrUbjiD.exe
  2⤵
  PID:12852
- C:\Windows\System\VxCsEVR.exe
  C:\Windows\System\VxCsEVR.exe
  2⤵
  PID:12876
- C:\Windows\System\HabSNZV.exe
  C:\Windows\System\HabSNZV.exe
  2⤵
  PID:12900
- C:\Windows\System\BBtTSua.exe
  C:\Windows\System\BBtTSua.exe
  2⤵
  PID:12932
- C:\Windows\System\yyaqQoh.exe
  C:\Windows\System\yyaqQoh.exe
  2⤵
  PID:12948
- C:\Windows\System\MpNYUig.exe
  C:\Windows\System\MpNYUig.exe
  2⤵
  PID:12972
- C:\Windows\System\vPwVyTx.exe
  C:\Windows\System\vPwVyTx.exe
  2⤵
  PID:13016
- C:\Windows\System\DAAsORM.exe
  C:\Windows\System\DAAsORM.exe
  2⤵
  PID:13040
- C:\Windows\System\LyUCkRo.exe
  C:\Windows\System\LyUCkRo.exe
  2⤵
  PID:13064
- C:\Windows\System\rivswSX.exe
  C:\Windows\System\rivswSX.exe
  2⤵
  PID:13088
- C:\Windows\System\nsthbeJ.exe
  C:\Windows\System\nsthbeJ.exe
  2⤵
  PID:13112
- C:\Windows\System\vJYjRzn.exe
  C:\Windows\System\vJYjRzn.exe
  2⤵
  PID:13140
- C:\Windows\System\XqDvSIe.exe
  C:\Windows\System\XqDvSIe.exe
  2⤵
  PID:13156
- C:\Windows\System\lWxUuFd.exe
  C:\Windows\System\lWxUuFd.exe
  2⤵
  PID:13184
- C:\Windows\System\aVxndKv.exe
  C:\Windows\System\aVxndKv.exe
  2⤵
  PID:13212
- C:\Windows\System\TAwEBeF.exe
  C:\Windows\System\TAwEBeF.exe
  2⤵
  PID:13244
- C:\Windows\System\iUGhtiJ.exe
  C:\Windows\System\iUGhtiJ.exe
  2⤵
  PID:13268
- C:\Windows\System\OhMcFMf.exe
  C:\Windows\System\OhMcFMf.exe
  2⤵
  PID:13300
- C:\Windows\System\uQPpcOq.exe
  C:\Windows\System\uQPpcOq.exe
  2⤵
  PID:11592
- C:\Windows\System\tsIfdJF.exe
  C:\Windows\System\tsIfdJF.exe
  2⤵
  PID:12300
- C:\Windows\System\NFjsHiF.exe
  C:\Windows\System\NFjsHiF.exe
  2⤵
  PID:12324
- C:\Windows\System\JcmGlWb.exe
  C:\Windows\System\JcmGlWb.exe
  2⤵
  PID:12448
- C:\Windows\System\bkhmKfi.exe
  C:\Windows\System\bkhmKfi.exe
  2⤵
  PID:12504
- C:\Windows\System\cbZJKUM.exe
  C:\Windows\System\cbZJKUM.exe
  2⤵
  PID:12600
- C:\Windows\System\GHOSHtJ.exe
  C:\Windows\System\GHOSHtJ.exe
  2⤵
  PID:12624
- C:\Windows\System\yXTtKPf.exe
  C:\Windows\System\yXTtKPf.exe
  2⤵
  PID:12708
- C:\Windows\System\aPaskDg.exe
  C:\Windows\System\aPaskDg.exe
  2⤵
  PID:12760
- C:\Windows\System\fNJaYSv.exe
  C:\Windows\System\fNJaYSv.exe
  2⤵
  PID:12840
- C:\Windows\System\xCVgRqI.exe
  C:\Windows\System\xCVgRqI.exe
  2⤵
  PID:12940
- C:\Windows\System\QFqSnuL.exe
  C:\Windows\System\QFqSnuL.exe
  2⤵
  PID:13004
- C:\Windows\System\GUewHxH.exe
  C:\Windows\System\GUewHxH.exe
  2⤵
  PID:13052
- C:\Windows\System\VZCDAjY.exe
  C:\Windows\System\VZCDAjY.exe
  2⤵
  PID:13128
- C:\Windows\System\puuHwXJ.exe
  C:\Windows\System\puuHwXJ.exe
  2⤵
  PID:13228
- C:\Windows\System\OHyfNSg.exe
  C:\Windows\System\OHyfNSg.exe
  2⤵
  PID:13196
- C:\Windows\System\ELarOFD.exe
  C:\Windows\System\ELarOFD.exe
  2⤵
  PID:12536
- C:\Windows\System\eMobCYO.exe
  C:\Windows\System\eMobCYO.exe
  2⤵
  PID:12456
- C:\Windows\System\aJLZcDi.exe
  C:\Windows\System\aJLZcDi.exe
  2⤵
  PID:12732
- C:\Windows\System\pDwMQJz.exe
  C:\Windows\System\pDwMQJz.exe
  2⤵
  PID:12984
- C:\Windows\System\VUEQXBi.exe
  C:\Windows\System\VUEQXBi.exe
  2⤵
  PID:12964
- C:\Windows\System\VPagswF.exe
  C:\Windows\System\VPagswF.exe
  2⤵
  PID:1976
- C:\Windows\System\QAiMwyF.exe
  C:\Windows\System\QAiMwyF.exe
  2⤵
  PID:12352
- C:\Windows\System\GUyrTKd.exe
  C:\Windows\System\GUyrTKd.exe
  2⤵
  PID:12688
- C:\Windows\System\pwQmucv.exe
  C:\Windows\System\pwQmucv.exe
  2⤵
  PID:13276
- C:\Windows\System\duQBHwn.exe
  C:\Windows\System\duQBHwn.exe
  2⤵
  PID:12860
- C:\Windows\System\sgslXcW.exe
  C:\Windows\System\sgslXcW.exe
  2⤵
  PID:13152
- C:\Windows\System\eYcyfZF.exe
  C:\Windows\System\eYcyfZF.exe
  2⤵
  PID:13340
- C:\Windows\System\TwKqlzr.exe
  C:\Windows\System\TwKqlzr.exe
  2⤵
  PID:13372
- C:\Windows\System\JjgqOUZ.exe
  C:\Windows\System\JjgqOUZ.exe
  2⤵
  PID:13392
- C:\Windows\System\inAbdbl.exe
  C:\Windows\System\inAbdbl.exe
  2⤵
  PID:13416
- C:\Windows\System\NoEEbbf.exe
  C:\Windows\System\NoEEbbf.exe
  2⤵
  PID:13440
- C:\Windows\System\pqrrCRN.exe
  C:\Windows\System\pqrrCRN.exe
  2⤵
  PID:13468
- C:\Windows\System\zOLijoK.exe
  C:\Windows\System\zOLijoK.exe
  2⤵
  PID:13500
- C:\Windows\System\vOAJXpT.exe
  C:\Windows\System\vOAJXpT.exe
  2⤵
  PID:13540
- C:\Windows\System\cowZJhY.exe
  C:\Windows\System\cowZJhY.exe
  2⤵
  PID:13560
- C:\Windows\System\ZPVkMok.exe
  C:\Windows\System\ZPVkMok.exe
  2⤵
  PID:13592
- C:\Windows\System\lMGGOaQ.exe
  C:\Windows\System\lMGGOaQ.exe
  2⤵
  PID:13620
- C:\Windows\System\sotZeaT.exe
  C:\Windows\System\sotZeaT.exe
  2⤵
  PID:13640
- C:\Windows\System\AMufKLr.exe
  C:\Windows\System\AMufKLr.exe
  2⤵
  PID:13680
- C:\Windows\System\TRmMmcj.exe
  C:\Windows\System\TRmMmcj.exe
  2⤵
  PID:13704
- C:\Windows\System\tDKUjJr.exe
  C:\Windows\System\tDKUjJr.exe
  2⤵
  PID:13744
- C:\Windows\System\jrtlYfY.exe
  C:\Windows\System\jrtlYfY.exe
  2⤵
  PID:13768
- C:\Windows\System\lyGUris.exe
  C:\Windows\System\lyGUris.exe
  2⤵
  PID:13796
- C:\Windows\System\XwtGCvy.exe
  C:\Windows\System\XwtGCvy.exe
  2⤵
  PID:13824
- C:\Windows\System\weOeUEE.exe
  C:\Windows\System\weOeUEE.exe
  2⤵
  PID:13852
- C:\Windows\System\SZJxAHv.exe
  C:\Windows\System\SZJxAHv.exe
  2⤵
  PID:13868
- C:\Windows\System\IMYeocv.exe
  C:\Windows\System\IMYeocv.exe
  2⤵
  PID:13904
- C:\Windows\System\kFRegte.exe
  C:\Windows\System\kFRegte.exe
  2⤵
  PID:13932
- C:\Windows\System\qJvGZbL.exe
  C:\Windows\System\qJvGZbL.exe
  2⤵
  PID:13948
- C:\Windows\System\eKxRVbV.exe
  C:\Windows\System\eKxRVbV.exe
  2⤵
  PID:13968
- C:\Windows\System\ztCoajY.exe
  C:\Windows\System\ztCoajY.exe
  2⤵
  PID:13996
- C:\Windows\System\yazQybr.exe
  C:\Windows\System\yazQybr.exe
  2⤵
  PID:14016
- C:\Windows\System\tMgSgoH.exe
  C:\Windows\System\tMgSgoH.exe
  2⤵
  PID:14064
- C:\Windows\System\LMkkDwm.exe
  C:\Windows\System\LMkkDwm.exe
  2⤵
  PID:14088
- C:\Windows\System\QaYelok.exe
  C:\Windows\System\QaYelok.exe
  2⤵
  PID:14116
- C:\Windows\System\fcbMfcG.exe
  C:\Windows\System\fcbMfcG.exe
  2⤵
  PID:14144
- C:\Windows\System\tMoRbxz.exe
  C:\Windows\System\tMoRbxz.exe
  2⤵
  PID:14172
- C:\Windows\System\osceRVO.exe
  C:\Windows\System\osceRVO.exe
  2⤵
  PID:14192
- C:\Windows\System\twqKvCJ.exe
  C:\Windows\System\twqKvCJ.exe
  2⤵
  PID:14224
- C:\Windows\System\EoSefPz.exe
  C:\Windows\System\EoSefPz.exe
  2⤵
  PID:14240
- C:\Windows\System\EQnZJnb.exe
  C:\Windows\System\EQnZJnb.exe
  2⤵
  PID:14276
- C:\Windows\System\JYTooah.exe
  C:\Windows\System\JYTooah.exe
  2⤵
  PID:14304
- C:\Windows\System\EENSgxZ.exe
  C:\Windows\System\EENSgxZ.exe
  2⤵
  PID:14332
- C:\Windows\System\uoqVeBM.exe
  C:\Windows\System\uoqVeBM.exe
  2⤵
  PID:13364
- C:\Windows\System\FBdJjaO.exe
  C:\Windows\System\FBdJjaO.exe
  2⤵
  PID:13384
- C:\Windows\System\rkRjemA.exe
  C:\Windows\System\rkRjemA.exe
  2⤵
  PID:13432
- C:\Windows\System\uyXnhoP.exe
  C:\Windows\System\uyXnhoP.exe
  2⤵
  PID:13476
- C:\Windows\System\bNTmUqA.exe
  C:\Windows\System\bNTmUqA.exe
  2⤵
  PID:13528
- C:\Windows\System\bGQhugZ.exe
  C:\Windows\System\bGQhugZ.exe
  2⤵
  PID:13656
- C:\Windows\System\mkZzilY.exe
  C:\Windows\System\mkZzilY.exe
  2⤵
  PID:13752
- C:\Windows\System\mAEYPce.exe
  C:\Windows\System\mAEYPce.exe
  2⤵
  PID:13816
- C:\Windows\System\ECbOmKM.exe
  C:\Windows\System\ECbOmKM.exe
  2⤵
  PID:13860
- C:\Windows\System\eNQZzvV.exe
  C:\Windows\System\eNQZzvV.exe
  2⤵
  PID:13964
- C:\Windows\System\oglEvft.exe
  C:\Windows\System\oglEvft.exe
  2⤵
  PID:13980
- C:\Windows\System\aOracrw.exe
  C:\Windows\System\aOracrw.exe
  2⤵
  PID:14084
- C:\Windows\System\YnoaZTK.exe
  C:\Windows\System\YnoaZTK.exe
  2⤵
  PID:14164
- C:\Windows\System\RLzlPQc.exe
  C:\Windows\System\RLzlPQc.exe
  2⤵
  PID:14232
- C:\Windows\System\hQrPBOr.exe
  C:\Windows\System\hQrPBOr.exe
  2⤵
  PID:14268
- C:\Windows\System\kAqYmDF.exe
  C:\Windows\System\kAqYmDF.exe
  2⤵
  PID:13224
- C:\Windows\System\QFWGdhP.exe
  C:\Windows\System\QFWGdhP.exe
  2⤵
  PID:13336
- C:\Windows\System\BZioEAx.exe
  C:\Windows\System\BZioEAx.exe
  2⤵
  PID:13556
- C:\Windows\System\XNeMfDq.exe
  C:\Windows\System\XNeMfDq.exe
  2⤵
  PID:13928
- C:\Windows\System\GMylRxZ.exe
  C:\Windows\System\GMylRxZ.exe
  2⤵
  PID:13792
- C:\Windows\System\FniLkpo.exe
  C:\Windows\System\FniLkpo.exe
  2⤵
  PID:14136
- C:\Windows\System\rptYfWD.exe
  C:\Windows\System\rptYfWD.exe
  2⤵
  PID:14208
- C:\Windows\System\JaVGlhc.exe
  C:\Windows\System\JaVGlhc.exe
  2⤵
  PID:13408
- C:\Windows\System\ZpulaJD.exe
  C:\Windows\System\ZpulaJD.exe
  2⤵
  PID:14108
- C:\Windows\System\fZGJXjl.exe
  C:\Windows\System\fZGJXjl.exe
  2⤵
  PID:14348
- C:\Windows\System\DMvrmqT.exe
  C:\Windows\System\DMvrmqT.exe
  2⤵
  PID:14364
- C:\Windows\System\xsWDWdO.exe
  C:\Windows\System\xsWDWdO.exe
  2⤵
  PID:14396
- C:\Windows\System\CBXrCmR.exe
  C:\Windows\System\CBXrCmR.exe
  2⤵
  PID:14432
- C:\Windows\System\XRnDqqB.exe
  C:\Windows\System\XRnDqqB.exe
  2⤵
  PID:14456
- C:\Windows\System\LAMvYfs.exe
  C:\Windows\System\LAMvYfs.exe
  2⤵
  PID:14472
- C:\Windows\System\PrCwwqr.exe
  C:\Windows\System\PrCwwqr.exe
  2⤵
  PID:14508
- C:\Windows\System\exUFybU.exe
  C:\Windows\System\exUFybU.exe
  2⤵
  PID:14528
- C:\Windows\System\JoAyYHm.exe
  C:\Windows\System\JoAyYHm.exe
  2⤵
  PID:14556
- C:\Windows\System\YRBUkAt.exe
  C:\Windows\System\YRBUkAt.exe
  2⤵
  PID:14584
- C:\Windows\System\KZGVIGK.exe
  C:\Windows\System\KZGVIGK.exe
  2⤵
  PID:14612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\AsMkNDA.exe

Filesize
1.9MB

MD5
af93b3474e66258f65bc9b60cdf3fb8c

SHA1
830f701df81c176ebd1c995a56567a03a5898edb

SHA256
06fbc1b7b6e697fdbb9c451b832ac3bceae5ff040a270d4c203de4d42505e9be

SHA512
69cc761c166107fb163479fef72fbf371ab4921ba7ce77c84f16b5da1dec9ee774dcda0fa58e43715108513577f12d67010b119a7761ea26690cdb31ae2a26d1

Download Submit
C:\Windows\System\DdpBSkw.exe

Filesize
1.9MB

MD5
c8624fc0f0bfcb854fac7282e6b8b656

SHA1
39e5310efa5ea2c6b5ac882515fa195440f58b2d

SHA256
b84a3ee35a8a19c7064675b65e82ac8cee947d39dc98cd1a601c439695c1a3fc

SHA512
07458ad874ed81e4e14647b376a57e8e4102b910db9212070f49741d85e778625088b05c80827dbd892facb0059647439d946bbd5028a1c16c60a75ae7f46c1a

Download Submit
C:\Windows\System\ERaFZUr.exe

Filesize
1.9MB

MD5
f94baaaf2c7f852402e0cb2c65bd6c8e

SHA1
df6ed50cd3d39bbb6b97ccbeb184e52972486654

SHA256
3fbbeca4cf19d7523116f669fa3e3488f6005a8a06679ff8befe108f11924517

SHA512
d80b9300ac88129e3d44795b6f15fafbf89fee4c36bd377d16d806c443c4f27217a40d7313205a03a6d473828d0ab39ec6bb17b1af80f865420db7f737f047b8

Download Submit
C:\Windows\System\KKWnKSc.exe

Filesize
1.9MB

MD5
d474dbb53f8670b605a156d53ebdb3ff

SHA1
e5080cbb5b80ec67d837e265c9ce39752fd19854

SHA256
1fe8de4e37b9e579f2b0855d08ea2e477f06397ac1a4efd13965d7e89543fe30

SHA512
fcdd7a322676483c49537e18b53f04a2d5ed7462730dab4d1aa6e854b05f1072bd32bfa3a7a83a542e8b0e245bf0b542b09b41ef18bc4820e42cd7bf213e0b5c

Download Submit
C:\Windows\System\KMqsGSS.exe

Filesize
1.9MB

MD5
9cc0be4da1092613f357bda9ef37f674

SHA1
003f85582f56fbfeafbedb9d6c457bc92d6778a2

SHA256
d1966d5adba491804355de395ec4a68053138b72b144aa3472543538506dde24

SHA512
c841dff08db1096b0148cff9d1179336ce27efca46ab86bda1386afab4dfcc2a1469b2d92153d83b7bfd53070a0c5b568570ffeca141f4523c32b4bf61bfc8a2

Download Submit
C:\Windows\System\OCaabMP.exe

Filesize
1.9MB

MD5
07064d6a9598ac3954415daf0401d782

SHA1
ae26609a2cd2cfb97e44824b33cf674e7cc83bb4

SHA256
0bd9962863074e074f5c696e44b7852443a12a2cccf23bc5dadc9fffc9758a19

SHA512
7f71354717eff5819481fbfe33f8086a1ade2ea82bd2f3e2f1960ca0d7f3e1ffb9f005c07aa48a2826ad804ca869d911836ab9c01dfd843e3d0f3a8122f3b7cc

Download Submit
C:\Windows\System\OddEVny.exe

Filesize
1.9MB

MD5
763cd9b3b6b8ac2c5cdfb8b38a26189d

SHA1
1957245fa15781983cec9377185180c32eab1c17

SHA256
e1b5817636ef12fffc613e8689878f1e63800f568dd8c0544bf1e5e6e7644114

SHA512
d2626e13a22db489713ed224be6ff3c1c65eb7d4e05fa13303461e18607d83e42befae7d3f84d678625b54b790dd9a77a56d00af76e8005c65991b6c9f181b3f

Download Submit
C:\Windows\System\PjAqEfS.exe

Filesize
1.9MB

MD5
47c2e4eb00b5f2afa1598d4b9cf1e408

SHA1
4ac89826a3de6165898d068bb3b372bc189f9913

SHA256
8efb95b60679fc366538acccca468b9f2c3400592bbeefe8c5c8d8a875ba1ed0

SHA512
4453b2f5ce818e0a7f479981c9fcc95f8457bad2fa2e8f0837175be349d166a81138d8dfca01cba55c3bd9b97502a3afa292f111b64900b0da6df49ebee330f6

Download Submit
C:\Windows\System\QkyNuUJ.exe

Filesize
1.9MB

MD5
6372e75ee6d298a64ece5493ba8d60a1

SHA1
c9d8046ec374a89b931d8e2a015a6f492ff664dd

SHA256
9d42d9d98401317314fc551756ee174480c4d16ff68d57d13af28a07e4fab445

SHA512
c993efa96333eed0cc66fdfab4f3b3f8d9a56c826c934ac9a06a00125917becf877a11bcd3e3944a7f6d539e81fa8083f20e05596ce4bb86f2dfda616e7b49e1

Download Submit
C:\Windows\System\QtQtMsI.exe

Filesize
1.9MB

MD5
73a0646f781579814dbe763332853da9

SHA1
1a7f20d5540fbe59a80913d95a06e8064b886504

SHA256
dc3943a90b4c5ba85e45e8594d618b60106ecdd3eb372164c028a365fd41010a

SHA512
5bdc602433d09022219c7312c4ef1706ef116534b4bc18133a33346bfbb8f239ba61f21a3f163390b76d1ab879c6ddfdeb035cc9d78afb1bf32112cc754e37e0

Download Submit
C:\Windows\System\RAOmDUk.exe

Filesize
1.9MB

MD5
c9654d25ed5832ae23249d49d1f933fa

SHA1
bd46523885be30daed09ba266cba12dd037f4376

SHA256
6666b4e17e910743b77f58aa93b4dfa9ab63b8ea8fe9a01cfe8bd06c1d10b0b2

SHA512
7a56919f12fe5e801752765bd590ad9489be568d5e8c8482968a0485b1ff32ab4ad05e58c64cb0f1e385afc04a0c8e116cfcf0faf2745c376547ed8af9f9d76e

Download Submit
C:\Windows\System\SCxcKBF.exe

Filesize
1.9MB

MD5
4241a814f54fdfa5215306650e2c1ce3

SHA1
adef2df1f5975e3ab914a14512fad93869e609d6

SHA256
ebbd0112af368b3b276275d474d057a60a8c594f848e6abc4e3271b363c0498b

SHA512
a249fec3788f6c0365e408129f34d87009b12fe95cf6c9b4988a1373b627c752a88542552dd3b5400a46bfe5a81cd89765c156bb9d9993b11ff2c563caa4a515

Download Submit
C:\Windows\System\TDOIsRv.exe

Filesize
1.9MB

MD5
0b32816016c74a3d8ceb91ae96efe0d4

SHA1
a98f0d567dbcf526af71ff87267aac0c9709d913

SHA256
57d9a375a9bf89c7dbc27e6a8e599e01df529dd990373e111f19257bff6420e4

SHA512
9bc9c3314a6929982fa01341e640f9c4d49e3b6571cff1e7c2c5199cab59ccfbe755de012f5061dcd48c12de103a86356019f921383828d3a140a84414a92287

Download Submit
C:\Windows\System\TRVogKL.exe

Filesize
1.9MB

MD5
26a75978f0ab7d987b9cc4e501a275b0

SHA1
eccb8f07f253bf19f406b64c1e36207f2c3a182f

SHA256
485d8e35882dbddc2c027fa0a244fcaca660387c0d4cdbfa62d6e5f5a367d6ff

SHA512
5362b62edc19375ce9177fff93446c041e2d7968c163f911f81377428d9694d809d12986f6261a27df738d1e36e671ff99c73730e1b16cfbbbb06955eb660675

Download Submit
C:\Windows\System\TaLSqYf.exe

Filesize
1.9MB

MD5
c09916044b78d455a0126ea7f4d2c567

SHA1
38be8db26f497daf622571a0aa169cf0bc04e92f

SHA256
0c2240b5008192ccc2aca7a5990ef3e1d15aacd1a77b4090fabb19096a0c7eb5

SHA512
819a842c66dabf6d99924952a19c366268caed51170cab6a1a21167bfa0962f38d106b8e3a06810556df7689310862ae23da525982d516deccc29a83a371e838

Download Submit
C:\Windows\System\XdtKkwp.exe

Filesize
1.9MB

MD5
8c7ac135e336511299dbb295c3a7644f

SHA1
cd4b394544a92818e00e2dabc77d6c85669673ad

SHA256
e8a6ce5e8677ac96962e100ea813d755c6641d398ac947c98a121c0e46cc0f7e

SHA512
6f797cfa0f1a43a0120ad7e6fdb067d0608f6c32cbddcf1f42d222e5f4b5036d743a822e80b679a1d93eb8cff611fe704b89231bd1c64e0ad5308ef72bab7071

Download Submit
C:\Windows\System\YNWfIEf.exe

Filesize
1.9MB

MD5
6ad2be31b1c9ef98a898ad70b7558a39

SHA1
5c976b787a7fa5059dcae32f34300503f151ab48

SHA256
795aec72c63c71ebc286bb1d2e2e77e120f6ee4a5fd977173f33502c31d6af30

SHA512
2bd6b3a1cb990aeeb09170d48f86a1085faee33bd435cf77e37b184df72f115bfcfb54743fda08a9e7a31cb6a7de621fb41979feb717cad288ffaed07e42eac8

Download Submit
C:\Windows\System\YdEXdPd.exe

Filesize
1.9MB

MD5
8c3c95d8b278cea867569d75b888417c

SHA1
e48b32d5e1e0f160283f3dc7b90ef3155592862b

SHA256
85c4c0a2b61664e13b960c835f3fec179e88c52e94587a90f18a6cdd77011133

SHA512
c391eec024214bdf8d04ddae7d0b8cef4623ec3d042dba1c17421a545ffae125c2103ad38068968a07f1565145491f948a0227dbce113c9996d0720d5b06580b

Download Submit
C:\Windows\System\bjJQnen.exe

Filesize
1.9MB

MD5
82854a28adfff377adec3e9f28f51884

SHA1
0526ba84c9ce68eac6540fea0e48a2164310fc11

SHA256
35c33d6fcbfa5b2c4620f8594243804628469936a129285243d3988211eecd6a

SHA512
2d41223de901235eaeff6cfd436da8213f9063a03773087b8bd92e6305bbe766c8d9693bee63fd6258f12eb1866bd954500a1175e21890945e3b73c65a8f6229

Download Submit
C:\Windows\System\fgYGUZJ.exe

Filesize
1.9MB

MD5
ea0415973d73233d6e521c9ed4f8956d

SHA1
906224be1d78ac72ad16ff1077587440ac26a98e

SHA256
0e9a1cf4a197e550d80635b9eca5ff7bc539e580a0d51a57ce0058e474e4ab8a

SHA512
27fcf76c36a0f6360712ddaca64c668650a9c13e4294b3f96e56ee817bd567b7bf67f5947f8b24f6abec69f14b9eb48fe8bf0d1cf208dc01c548aca773501c07

Download Submit
C:\Windows\System\hAvRZgy.exe

Filesize
1.9MB

MD5
6af67b1fd27c2ceacd5a7a17382b6855

SHA1
42523b036c561e30e09fae57f9fda7a210fbf30e

SHA256
7beb75c3f34e709dfdb514aa8faa33f0825ccdd7193242b8f32f5e9aac783075

SHA512
9828dbfcc961ff7b8863963a9a304029b3f53a8ca8f10a9ea1299b63d192c3a0091e35954464060efd31079b4890b8cbb3c8a9204df9d35bb04c976ada41de71

Download Submit
C:\Windows\System\kxyUeET.exe

Filesize
1.9MB

MD5
db0d72c8227f4eb85e4158b1cfadd974

SHA1
996f0e443264b0c6bfff5d0362b0554b7979b0f0

SHA256
3968411dce8c09ceba9ffd6f46348889a40c40db3df07373174616ec0dcd6277

SHA512
7da0990ea2e7015614f1538fc1f29a9c86a71cdadaf8d0f585fd964201795c2ef83ce83991e4a1f83e8e05582a9b8d42be2b3600b0d7a05007047a3ce3458a07

Download Submit
C:\Windows\System\mULCwwA.exe

Filesize
1.9MB

MD5
21dff24958d9f8dda99317885e0c15aa

SHA1
bbdfd91f5e37f13d79f744766ecc48b490247aec

SHA256
027aafd9a9f12cfcb3362946a61c0eb27f0040ba7ad7d13fac545a7bd21a4387

SHA512
a65689b352408b58bb05c7e0e9d8e90ef89afcf236575db962f6f4114697ae3b6177bbe3a6ff6a68a99c9955e7f60a9f8a6f8565560648d2a02b081958951193

Download Submit
C:\Windows\System\ogJkFUi.exe

Filesize
1.9MB

MD5
9714e02ba7b1e48090041223be9e546b

SHA1
8e9969547f2125ecc5328e8980608ae23a204e65

SHA256
aa013b870f94822d9033740e39cab17959c5614b2d50a93c0c8656e6783c9e39

SHA512
24e24e62ac1d46f03de434c2311c584b3f4949ac71ee71a182a2291e6be1dc9c71a5803ab37a0856ce1bb92eef019c1cd44ca51cd41d692cedd3f28e3e1d7626

Download Submit
C:\Windows\System\pkiLnRc.exe

Filesize
1.9MB

MD5
bd075319a97252cf9a5093c1197f4d9e

SHA1
f00ef45a437a68eceb8dd634dbc1204be511cabb

SHA256
9131782ed83b68d9797a5f4d13540e51e0ac2b962e9c92fae6c1fd6bf9468d82

SHA512
68097f6fad44930731457a0c7c11c70d02588ddaff9cfad699762256fd1abe3b4ef1717216d238d5bff3957bcbb0e57a0f9403ef9ecacc40e0d902a6761ef76f

Download Submit
C:\Windows\System\qJYfbGs.exe

Filesize
1.9MB

MD5
fba0b0025c82de8c9d409029b3d9c7e6

SHA1
cb2b6c3759d29b20c9f5d35ec89061c3902da5a9

SHA256
cafbeb08db59dcbcd463a415c3146ce95b6ecbf8302af842c7f0ca4fd540904b

SHA512
672583abab70ec71a6528f4b6c4c4db012995c272d757e03a74dfa69308be2630ffdf012459e7ae39c081b6a3b5c6c7c11f3da3ade3ccec998488de4bacfbc84

Download Submit
C:\Windows\System\qJkUuaX.exe

Filesize
1.9MB

MD5
931899b2f25563f7e24ae173bbba2dff

SHA1
c960f87992c820bf8447f8542e825f654478b67f

SHA256
f1cb761deb97f78bf101e6d4ce48d962dc8c1f86949d4154f6e874795410bac9

SHA512
43c47f01626da819f1a40a6ab19cf79a8a5540b33bc1586134528e2d83ac3a6cac847baa64bd3824d65d0f65346ef7742f6c4dd94a09c6927fb069a8a0b2a1b2

Download Submit
C:\Windows\System\qVaxqwT.exe

Filesize
1.9MB

MD5
cae8b6fdbacfc6577fcdf3b311a4324b

SHA1
534d51656419a6946efaf917e34bf71d3d692ada

SHA256
9343ade775bee0613908ca75a1b8aa1175da4981491e8ef794e6cd4e3ad661a5

SHA512
1f7ddd95d08bc68082b9d6d46523ea93c703d9f513af9c6d798977a4f4a93bbed2c3312ea94c73a345e65a719cb8b7b6220a8a5e9280f558df3e8b82210e0918

Download Submit
C:\Windows\System\upmdGBz.exe

Filesize
1.9MB

MD5
3f370302c657c7616a8991c0e4d9843b

SHA1
b5dd39ed0bba5b818c62c7f2d6cca1ce96f88f10

SHA256
46ee5a1f0aeaf6dcad986bc5871b411a336cc0c3da0bb2463fd20e2d0557e0f4

SHA512
aba34448b9ca00e673a5c876667bdc890eb2c5a192dec43c389c077e222050d64f8846d691dc50826d0eaf835371675b26989914b024bf0b1f06af86347555f8

Download Submit
C:\Windows\System\vEkJtBW.exe

Filesize
1.9MB

MD5
b4cbd93c4fdcc1cd52e142cd5068f08f

SHA1
e5b0f2af600484877ef8ad3bf13ee3046dfc06f3

SHA256
d20a0e0b79b46b19c74a61c3a070d96230b7a3ef8233ccfb9588202be5b31c72

SHA512
9c4076e28538035f100b22e81c996528c162e745a28c0f6cdaf83ec70acca7f44318200b05265297710ee657b00eedf5fe205d9b1e114c3aca24f3aaddecb66a

Download Submit
C:\Windows\System\vvoNMpQ.exe

Filesize
1.9MB

MD5
cbba6507a094ad7875352b76e1db5ec9

SHA1
414db7b3c75ce68374419fc4fbd4d4b7eadedb0e

SHA256
4d39aadbc7000026e19d44cab94ad4a1fb4e9fd0eeaecc27118fa4d7966aea58

SHA512
807bc834973392d85c6e12fb8e3e34cdc29d9ead743c34f850e9b0de0fe1a34f28494cdc49aa42061f96b6852ae44dcbcb132ead787d4eb6e2767da23dc6a8e6

Download Submit
C:\Windows\System\wAUbtSU.exe

Filesize
1.9MB

MD5
694a96de05c29d3f1b4fe77972f4923c

SHA1
23326aa15989374bdbc81210f45f345453353d0a

SHA256
1bcf4fe0809f862d4b6e9202fb9d71952b55158000f4e89cc7e3ab717e29285c

SHA512
60142beacd55d2386bfcebf8f58da626a7b661a3870db13d51497a9242036693cf07b7d9d93fbf4c5f41283485c72b4e8ccbc7978cf2a65ee2a6ecdba1fdaa4b

Download Submit
C:\Windows\System\wcAbXGA.exe

Filesize
1.9MB

MD5
2df28e26c755379b6689e95464448243

SHA1
edc7cf9c61398f44717ac245db996bda12aaf7c1

SHA256
9ac2fbf373013324c98fbe3469001d7e648331d2a7a6e710b3d9112891c29901

SHA512
795df6464d5ec767f0df2043237408baa59e9396459335969837af603a8eb3d60a5fb7ca32bba498bdceea0d2c632bfdd062c4f73d25deeb313df81fdfb95d28

Download Submit
C:\Windows\System\wevVuGx.exe

Filesize
1.9MB

MD5
f3e4e4fe8666e28ebd7b5111d4f8c3d1

SHA1
9ee9f999f3306d751a35daec422e2c4b469d337f

SHA256
32bea7774b743f1639d9c58acad7e93ade9c4e90b5417f3c3bd88800a6df64c0

SHA512
a9c45f8606dff230a24e5078404c45db03a7d8f28567f029d5a3559c362a50f6393958b87d7af2b454d49ed718c3f626d13a3ec8210bfda74a7378c5c079bf63

Download Submit
C:\Windows\System\xMgOfNQ.exe

Filesize
1.9MB

MD5
18a03efea2d26c73533ddf28ff40ba80

SHA1
5f89a35fc6ba6a89cbc599cfebcfff4c2bdc7dae

SHA256
74727260c135d85f8ec4755f7f462466d88443b4ffac6797ce28c2dbee47213c

SHA512
156fa62bff93620ef6ee7811059cecd3db06c5e3ab81d578d2f6c6795c40fec96f00e251c118264d57a312739f3e8f5c89a2affde52a6bcd7cfd794f072518a0

Download Submit
memory/400-2307-0x00007FF75C970000-0x00007FF75CCC4000-memory.dmp

Filesize
3.3MB

Download
memory/400-235-0x00007FF75C970000-0x00007FF75CCC4000-memory.dmp

Filesize
3.3MB

Download
memory/404-1271-0x00007FF673640000-0x00007FF673994000-memory.dmp

Filesize
3.3MB

Download
memory/404-2293-0x00007FF673640000-0x00007FF673994000-memory.dmp

Filesize
3.3MB

Download
memory/404-77-0x00007FF673640000-0x00007FF673994000-memory.dmp

Filesize
3.3MB

Download
memory/664-241-0x00007FF6625E0000-0x00007FF662934000-memory.dmp

Filesize
3.3MB

Download
memory/664-2314-0x00007FF6625E0000-0x00007FF662934000-memory.dmp

Filesize
3.3MB

Download
memory/820-2312-0x00007FF7A4860000-0x00007FF7A4BB4000-memory.dmp

Filesize
3.3MB

Download
memory/820-239-0x00007FF7A4860000-0x00007FF7A4BB4000-memory.dmp

Filesize
3.3MB

Download
memory/1172-2296-0x00007FF619BC0000-0x00007FF619F14000-memory.dmp

Filesize
3.3MB

Download
memory/1172-242-0x00007FF619BC0000-0x00007FF619F14000-memory.dmp

Filesize
3.3MB

Download
memory/1228-247-0x00007FF768770000-0x00007FF768AC4000-memory.dmp

Filesize
3.3MB

Download
memory/1228-2308-0x00007FF768770000-0x00007FF768AC4000-memory.dmp

Filesize
3.3MB

Download
memory/1352-1119-0x00007FF6CBC70000-0x00007FF6CBFC4000-memory.dmp

Filesize
3.3MB

Download
memory/1352-2292-0x00007FF6CBC70000-0x00007FF6CBFC4000-memory.dmp

Filesize
3.3MB

Download
memory/1352-37-0x00007FF6CBC70000-0x00007FF6CBFC4000-memory.dmp

Filesize
3.3MB

Download
memory/1792-207-0x00007FF7791A0000-0x00007FF7794F4000-memory.dmp

Filesize
3.3MB

Download
memory/1792-2298-0x00007FF7791A0000-0x00007FF7794F4000-memory.dmp

Filesize
3.3MB

Download
memory/1836-1110-0x00007FF60F1F0000-0x00007FF60F544000-memory.dmp

Filesize
3.3MB

Download
memory/1836-8-0x00007FF60F1F0000-0x00007FF60F544000-memory.dmp

Filesize
3.3MB

Download
memory/1836-2286-0x00007FF60F1F0000-0x00007FF60F544000-memory.dmp

Filesize
3.3MB

Download
memory/2028-237-0x00007FF6439A0000-0x00007FF643CF4000-memory.dmp

Filesize
3.3MB

Download
memory/2028-2309-0x00007FF6439A0000-0x00007FF643CF4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-2306-0x00007FF63DBD0000-0x00007FF63DF24000-memory.dmp

Filesize
3.3MB

Download
memory/2220-234-0x00007FF63DBD0000-0x00007FF63DF24000-memory.dmp

Filesize
3.3MB

Download
memory/2320-232-0x00007FF608AA0000-0x00007FF608DF4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-2305-0x00007FF608AA0000-0x00007FF608DF4000-memory.dmp

Filesize
3.3MB

Download
memory/2332-1275-0x00007FF740BD0000-0x00007FF740F24000-memory.dmp

Filesize
3.3MB

Download
memory/2332-2297-0x00007FF740BD0000-0x00007FF740F24000-memory.dmp

Filesize
3.3MB

Download
memory/2332-114-0x00007FF740BD0000-0x00007FF740F24000-memory.dmp

Filesize
3.3MB

Download
memory/2512-213-0x00007FF6AF2A0000-0x00007FF6AF5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2512-2303-0x00007FF6AF2A0000-0x00007FF6AF5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-236-0x00007FF73E2E0000-0x00007FF73E634000-memory.dmp

Filesize
3.3MB

Download
memory/2732-2311-0x00007FF73E2E0000-0x00007FF73E634000-memory.dmp

Filesize
3.3MB

Download
memory/2740-2299-0x00007FF6974A0000-0x00007FF6977F4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-233-0x00007FF6974A0000-0x00007FF6977F4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-244-0x00007FF6586A0000-0x00007FF6589F4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-2294-0x00007FF6586A0000-0x00007FF6589F4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-954-0x00007FF6F8FF0000-0x00007FF6F9344000-memory.dmp

Filesize
3.3MB

Download
memory/2880-1-0x000001C9596B0000-0x000001C9596C0000-memory.dmp

Filesize
64KB

Download
memory/2880-0-0x00007FF6F8FF0000-0x00007FF6F9344000-memory.dmp

Filesize
3.3MB

Download
memory/3020-2291-0x00007FF69F4F0000-0x00007FF69F844000-memory.dmp

Filesize
3.3MB

Download
memory/3020-243-0x00007FF69F4F0000-0x00007FF69F844000-memory.dmp

Filesize
3.3MB

Download
memory/3180-2301-0x00007FF75D650000-0x00007FF75D9A4000-memory.dmp

Filesize
3.3MB

Download
memory/3180-219-0x00007FF75D650000-0x00007FF75D9A4000-memory.dmp

Filesize
3.3MB

Download
memory/3500-58-0x00007FF631290000-0x00007FF6315E4000-memory.dmp

Filesize
3.3MB

Download
memory/3500-2289-0x00007FF631290000-0x00007FF6315E4000-memory.dmp

Filesize
3.3MB

Download
memory/3516-220-0x00007FF69A5B0000-0x00007FF69A904000-memory.dmp

Filesize
3.3MB

Download
memory/3516-2302-0x00007FF69A5B0000-0x00007FF69A904000-memory.dmp

Filesize
3.3MB

Download
memory/3700-2313-0x00007FF7DFAC0000-0x00007FF7DFE14000-memory.dmp

Filesize
3.3MB

Download
memory/3700-240-0x00007FF7DFAC0000-0x00007FF7DFE14000-memory.dmp

Filesize
3.3MB

Download
memory/4180-2300-0x00007FF6FDA80000-0x00007FF6FDDD4000-memory.dmp

Filesize
3.3MB

Download
memory/4180-245-0x00007FF6FDA80000-0x00007FF6FDDD4000-memory.dmp

Filesize
3.3MB

Download
memory/4208-2290-0x00007FF64E220000-0x00007FF64E574000-memory.dmp

Filesize
3.3MB

Download
memory/4208-66-0x00007FF64E220000-0x00007FF64E574000-memory.dmp

Filesize
3.3MB

Download
memory/4476-246-0x00007FF6DD8C0000-0x00007FF6DDC14000-memory.dmp

Filesize
3.3MB

Download
memory/4476-2304-0x00007FF6DD8C0000-0x00007FF6DDC14000-memory.dmp

Filesize
3.3MB

Download
memory/4528-85-0x00007FF6BEBA0000-0x00007FF6BEEF4000-memory.dmp

Filesize
3.3MB

Download
memory/4528-1274-0x00007FF6BEBA0000-0x00007FF6BEEF4000-memory.dmp

Filesize
3.3MB

Download
memory/4528-2295-0x00007FF6BEBA0000-0x00007FF6BEEF4000-memory.dmp

Filesize
3.3MB

Download
memory/4640-2287-0x00007FF62E060000-0x00007FF62E3B4000-memory.dmp

Filesize
3.3MB

Download
memory/4640-20-0x00007FF62E060000-0x00007FF62E3B4000-memory.dmp

Filesize
3.3MB

Download
memory/4640-1112-0x00007FF62E060000-0x00007FF62E3B4000-memory.dmp

Filesize
3.3MB

Download
memory/4940-2288-0x00007FF7AE890000-0x00007FF7AEBE4000-memory.dmp

Filesize
3.3MB

Download
memory/4940-42-0x00007FF7AE890000-0x00007FF7AEBE4000-memory.dmp

Filesize
3.3MB

Download
memory/4960-238-0x00007FF7B34F0000-0x00007FF7B3844000-memory.dmp

Filesize
3.3MB

Download
memory/4960-2310-0x00007FF7B34F0000-0x00007FF7B3844000-memory.dmp

Filesize
3.3MB

Download