xmrig | d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07f

Analysis

max time kernel
99s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19-12-2024 21:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
Size

3.8MB
MD5

759b37cf5c8faa63bdcb66bc6f0e87f0
SHA1

8069492a83c1e93977e378ad38e0cb406652ef78
SHA256

d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07f
SHA512

5e5744f8c9b8f9adef2c1cb421442c3172a8459486f4b50f1c43aea5c09b5577fba51cf218b74d60f66bcd2c5baa2c0d5a2d6ec0ab493771572c462cdf0a9834
SSDEEP

49152:ROdWCCi7/ras56uL3pgrCEdMKPFotsgEBr6GjvzW+UBA3Gd7po52xWKQY2SfcX:RWWBibf56utgpPFotBER/mQ5

Score

10^/10

xmrig miner upx

Malware Config

Signatures

Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 56 IoCs

miner

resource	yara_rule
behavioral2/memory/4752-65-0x00007FF79F3E0000-0x00007FF79F731000-memory.dmp	xmrig
behavioral2/memory/4032-90-0x00007FF673910000-0x00007FF673C61000-memory.dmp	xmrig
behavioral2/memory/876-102-0x00007FF62DCC0000-0x00007FF62E011000-memory.dmp	xmrig
behavioral2/memory/2720-108-0x00007FF706870000-0x00007FF706BC1000-memory.dmp	xmrig
behavioral2/memory/2060-110-0x00007FF6E63E0000-0x00007FF6E6731000-memory.dmp	xmrig
behavioral2/memory/2064-109-0x00007FF690A90000-0x00007FF690DE1000-memory.dmp	xmrig
behavioral2/memory/732-107-0x00007FF6C9560000-0x00007FF6C98B1000-memory.dmp	xmrig
behavioral2/memory/1008-104-0x00007FF6C3610000-0x00007FF6C3961000-memory.dmp	xmrig
behavioral2/memory/3616-98-0x00007FF731350000-0x00007FF7316A1000-memory.dmp	xmrig
behavioral2/memory/3240-88-0x00007FF7EE9F0000-0x00007FF7EED41000-memory.dmp	xmrig
behavioral2/memory/2804-79-0x00007FF60C140000-0x00007FF60C491000-memory.dmp	xmrig
behavioral2/memory/1636-153-0x00007FF78EC10000-0x00007FF78EF61000-memory.dmp	xmrig
behavioral2/memory/1868-198-0x00007FF630D10000-0x00007FF631061000-memory.dmp	xmrig
behavioral2/memory/4888-197-0x00007FF7D0780000-0x00007FF7D0AD1000-memory.dmp	xmrig
behavioral2/memory/4336-192-0x00007FF7F95C0000-0x00007FF7F9911000-memory.dmp	xmrig
behavioral2/memory/4572-156-0x00007FF69B310000-0x00007FF69B661000-memory.dmp	xmrig
behavioral2/memory/1816-142-0x00007FF7769C0000-0x00007FF776D11000-memory.dmp	xmrig
behavioral2/memory/1252-125-0x00007FF654140000-0x00007FF654491000-memory.dmp	xmrig
behavioral2/memory/2276-123-0x00007FF687CE0000-0x00007FF688031000-memory.dmp	xmrig
behavioral2/memory/964-210-0x00007FF70FE90000-0x00007FF7101E1000-memory.dmp	xmrig
behavioral2/memory/3912-214-0x00007FF75AFC0000-0x00007FF75B311000-memory.dmp	xmrig
behavioral2/memory/1640-219-0x00007FF787E50000-0x00007FF7881A1000-memory.dmp	xmrig
behavioral2/memory/1608-218-0x00007FF7217C0000-0x00007FF721B11000-memory.dmp	xmrig
behavioral2/memory/4180-213-0x00007FF74BE00000-0x00007FF74C151000-memory.dmp	xmrig
behavioral2/memory/4628-228-0x00007FF6E48B0000-0x00007FF6E4C01000-memory.dmp	xmrig
behavioral2/memory/2636-701-0x00007FF6A5D30000-0x00007FF6A6081000-memory.dmp	xmrig
behavioral2/memory/3620-817-0x00007FF7523F0000-0x00007FF752741000-memory.dmp	xmrig
behavioral2/memory/1420-930-0x00007FF7DE530000-0x00007FF7DE881000-memory.dmp	xmrig
behavioral2/memory/2840-1095-0x00007FF7EB7B0000-0x00007FF7EBB01000-memory.dmp	xmrig
behavioral2/memory/3108-1084-0x00007FF6E2870000-0x00007FF6E2BC1000-memory.dmp	xmrig
behavioral2/memory/4180-2396-0x00007FF74BE00000-0x00007FF74C151000-memory.dmp	xmrig
behavioral2/memory/1640-2398-0x00007FF787E50000-0x00007FF7881A1000-memory.dmp	xmrig
behavioral2/memory/2804-2400-0x00007FF60C140000-0x00007FF60C491000-memory.dmp	xmrig
behavioral2/memory/3912-2402-0x00007FF75AFC0000-0x00007FF75B311000-memory.dmp	xmrig
behavioral2/memory/3240-2406-0x00007FF7EE9F0000-0x00007FF7EED41000-memory.dmp	xmrig
behavioral2/memory/3616-2414-0x00007FF731350000-0x00007FF7316A1000-memory.dmp	xmrig
behavioral2/memory/2064-2424-0x00007FF690A90000-0x00007FF690DE1000-memory.dmp	xmrig
behavioral2/memory/4628-2412-0x00007FF6E48B0000-0x00007FF6E4C01000-memory.dmp	xmrig
behavioral2/memory/4032-2411-0x00007FF673910000-0x00007FF673C61000-memory.dmp	xmrig
behavioral2/memory/1608-2409-0x00007FF7217C0000-0x00007FF721B11000-memory.dmp	xmrig
behavioral2/memory/732-2436-0x00007FF6C9560000-0x00007FF6C98B1000-memory.dmp	xmrig
behavioral2/memory/876-2438-0x00007FF62DCC0000-0x00007FF62E011000-memory.dmp	xmrig
behavioral2/memory/2060-2440-0x00007FF6E63E0000-0x00007FF6E6731000-memory.dmp	xmrig
behavioral2/memory/2720-2435-0x00007FF706870000-0x00007FF706BC1000-memory.dmp	xmrig
behavioral2/memory/1008-2433-0x00007FF6C3610000-0x00007FF6C3961000-memory.dmp	xmrig
behavioral2/memory/2276-2503-0x00007FF687CE0000-0x00007FF688031000-memory.dmp	xmrig
behavioral2/memory/1252-2505-0x00007FF654140000-0x00007FF654491000-memory.dmp	xmrig
behavioral2/memory/1816-2507-0x00007FF7769C0000-0x00007FF776D11000-memory.dmp	xmrig
behavioral2/memory/2636-2509-0x00007FF6A5D30000-0x00007FF6A6081000-memory.dmp	xmrig
behavioral2/memory/1636-2511-0x00007FF78EC10000-0x00007FF78EF61000-memory.dmp	xmrig
behavioral2/memory/3620-2513-0x00007FF7523F0000-0x00007FF752741000-memory.dmp	xmrig
behavioral2/memory/1868-2518-0x00007FF630D10000-0x00007FF631061000-memory.dmp	xmrig
behavioral2/memory/3108-2525-0x00007FF6E2870000-0x00007FF6E2BC1000-memory.dmp	xmrig
behavioral2/memory/4336-2524-0x00007FF7F95C0000-0x00007FF7F9911000-memory.dmp	xmrig
behavioral2/memory/1420-2522-0x00007FF7DE530000-0x00007FF7DE881000-memory.dmp	xmrig
behavioral2/memory/2840-2520-0x00007FF7EB7B0000-0x00007FF7EBB01000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
964	ubydago.exe
1640	paRXoLl.exe
4180	BWGkgjv.exe
4752	UZiKdPI.exe
4888	lXnncMt.exe
2804	QIkuxoE.exe
3912	puvRRXM.exe
3240	Fihyhbh.exe
1608	lLWxdog.exe
4032	SNwowpd.exe
4628	qscrvVi.exe
732	jgkQaYE.exe
3616	ZgMSeNu.exe
2720	ZgKwsea.exe
876	wDNdZBN.exe
1008	zXkLUqr.exe
2064	cSyEnHC.exe
2060	NCLdXHH.exe
2276	upFcwgT.exe
1252	nigIYAI.exe
2636	AMuHTsV.exe
1816	UMwWbII.exe
1636	ZAsOrSc.exe
3620	EyshPRz.exe
3108	RXqXHPN.exe
4336	jRwnITY.exe
1420	hHbEVrg.exe
2840	jxaPVhP.exe
1868	rEfzVmk.exe
1768	uTKaOPX.exe
1544	xbThUhS.exe
4176	PKDbEtv.exe
1340	ALEFfDc.exe
2012	kMESXnF.exe
2548	rYiYfGz.exe
1504	CAflIFE.exe
3128	xmsKSnO.exe
3424	JKqjLYE.exe
4480	oPgherY.exe
4432	hQXrpgL.exe
948	bAzlgGx.exe
4436	GqiouTq.exe
208	zSGDTZQ.exe
1836	xJIPLFf.exe
2492	kCitzyx.exe
4052	hvQRiJN.exe
1080	xZyQrWg.exe
220	Xjmazwj.exe
4484	UtYPDkU.exe
3700	VPfTNlu.exe
3392	IVmMrBc.exe
2128	RqEZelV.exe
3268	QeXawHm.exe
2332	tLLDmPW.exe
628	NecDKlU.exe
1392	wjITWEO.exe
3840	GGLVmbJ.exe
4820	DwQiOXJ.exe
4840	AqJiVPQ.exe
4524	eHZdqDK.exe
3852	ZhGyKmj.exe
3432	feIeiOi.exe
5048	JdVzpRY.exe
4248	HYJiYES.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4572-0-0x00007FF69B310000-0x00007FF69B661000-memory.dmp	upx
behavioral2/files/0x000b000000023b8f-5.dat	upx
behavioral2/files/0x000a000000023b93-12.dat	upx
behavioral2/memory/1640-16-0x00007FF787E50000-0x00007FF7881A1000-memory.dmp	upx
behavioral2/files/0x000a000000023b94-15.dat	upx
behavioral2/memory/964-8-0x00007FF70FE90000-0x00007FF7101E1000-memory.dmp	upx
behavioral2/files/0x000a000000023b97-32.dat	upx
behavioral2/files/0x000a000000023b9b-54.dat	upx
behavioral2/memory/1608-51-0x00007FF7217C0000-0x00007FF721B11000-memory.dmp	upx
behavioral2/memory/3912-50-0x00007FF75AFC0000-0x00007FF75B311000-memory.dmp	upx
behavioral2/files/0x000a000000023b9a-48.dat	upx
behavioral2/files/0x000a000000023b99-46.dat	upx
behavioral2/files/0x000a000000023b96-43.dat	upx
behavioral2/files/0x000a000000023b95-42.dat	upx
behavioral2/files/0x000a000000023b98-37.dat	upx
behavioral2/memory/4888-28-0x00007FF7D0780000-0x00007FF7D0AD1000-memory.dmp	upx
behavioral2/memory/4180-27-0x00007FF74BE00000-0x00007FF74C151000-memory.dmp	upx
behavioral2/memory/4752-65-0x00007FF79F3E0000-0x00007FF79F731000-memory.dmp	upx
behavioral2/files/0x000a000000023b9c-70.dat	upx
behavioral2/files/0x000b000000023b9f-91.dat	upx
behavioral2/memory/4032-90-0x00007FF673910000-0x00007FF673C61000-memory.dmp	upx
behavioral2/files/0x0008000000023bb7-99.dat	upx
behavioral2/memory/876-102-0x00007FF62DCC0000-0x00007FF62E011000-memory.dmp	upx
behavioral2/memory/2720-108-0x00007FF706870000-0x00007FF706BC1000-memory.dmp	upx
behavioral2/memory/2060-110-0x00007FF6E63E0000-0x00007FF6E6731000-memory.dmp	upx
behavioral2/memory/2064-109-0x00007FF690A90000-0x00007FF690DE1000-memory.dmp	upx
behavioral2/memory/732-107-0x00007FF6C9560000-0x00007FF6C98B1000-memory.dmp	upx
behavioral2/files/0x000b000000023b90-105.dat	upx
behavioral2/memory/1008-104-0x00007FF6C3610000-0x00007FF6C3961000-memory.dmp	upx
behavioral2/memory/3616-98-0x00007FF731350000-0x00007FF7316A1000-memory.dmp	upx
behavioral2/files/0x000e000000023bae-94.dat	upx
behavioral2/files/0x000a000000023ba7-93.dat	upx
behavioral2/memory/3240-88-0x00007FF7EE9F0000-0x00007FF7EED41000-memory.dmp	upx
behavioral2/files/0x000b000000023b9e-81.dat	upx
behavioral2/memory/2804-79-0x00007FF60C140000-0x00007FF60C491000-memory.dmp	upx
behavioral2/files/0x000b000000023b9d-76.dat	upx
behavioral2/memory/4628-62-0x00007FF6E48B0000-0x00007FF6E4C01000-memory.dmp	upx
behavioral2/files/0x0009000000023bbd-118.dat	upx
behavioral2/files/0x0008000000023bc7-138.dat	upx
behavioral2/memory/1636-153-0x00007FF78EC10000-0x00007FF78EF61000-memory.dmp	upx
behavioral2/files/0x0008000000023bc9-162.dat	upx
behavioral2/files/0x0008000000023bfb-168.dat	upx
behavioral2/files/0x0008000000023bfd-185.dat	upx
behavioral2/memory/1868-198-0x00007FF630D10000-0x00007FF631061000-memory.dmp	upx
behavioral2/memory/4888-197-0x00007FF7D0780000-0x00007FF7D0AD1000-memory.dmp	upx
behavioral2/memory/4336-192-0x00007FF7F95C0000-0x00007FF7F9911000-memory.dmp	upx
behavioral2/files/0x0008000000023bfa-184.dat	upx
behavioral2/memory/2840-182-0x00007FF7EB7B0000-0x00007FF7EBB01000-memory.dmp	upx
behavioral2/files/0x0008000000023bfc-181.dat	upx
behavioral2/files/0x0008000000023bfe-186.dat	upx
behavioral2/files/0x0008000000023bf9-173.dat	upx
behavioral2/files/0x0008000000023bca-172.dat	upx
behavioral2/memory/1420-169-0x00007FF7DE530000-0x00007FF7DE881000-memory.dmp	upx
behavioral2/memory/3108-165-0x00007FF6E2870000-0x00007FF6E2BC1000-memory.dmp	upx
behavioral2/files/0x0008000000023bc8-159.dat	upx
behavioral2/memory/4572-156-0x00007FF69B310000-0x00007FF69B661000-memory.dmp	upx
behavioral2/memory/3620-149-0x00007FF7523F0000-0x00007FF752741000-memory.dmp	upx
behavioral2/files/0x0008000000023bc4-144.dat	upx
behavioral2/memory/1816-142-0x00007FF7769C0000-0x00007FF776D11000-memory.dmp	upx
behavioral2/files/0x000e000000023bc2-132.dat	upx
behavioral2/files/0x0009000000023bbe-136.dat	upx
behavioral2/memory/2636-131-0x00007FF6A5D30000-0x00007FF6A6081000-memory.dmp	upx
behavioral2/memory/1252-125-0x00007FF654140000-0x00007FF654491000-memory.dmp	upx
behavioral2/memory/2276-123-0x00007FF687CE0000-0x00007FF688031000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\UWqwuNB.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\QMGBMai.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\LKTZvxT.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\AXIEseB.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\STXMZLy.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\oDGngIW.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\vsyBqcR.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\zXQlKYT.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\qtuGMAY.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\ZbyALOf.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\uxIVYkX.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\uFrKzlN.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\oNvKpko.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\LeKDANQ.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\sFkfyWj.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\lRIrJyg.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\rYiYfGz.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\DwQiOXJ.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\UQEDPdu.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\gNyfgxF.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\ElyqMyj.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\dLexzNQ.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\OGUKids.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\ggMOXnE.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\pUHgxtT.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\lDRnRrM.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\nUaMdNm.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\yldzWki.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\QdSqruu.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\puvRRXM.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\jgkQaYE.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\eXIwjZg.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\AsFzNoJ.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\uXqKICf.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\lasTBml.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\wHjbATh.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\dsrGzmP.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\WeRPpmP.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\lqSxvgE.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\YPSTqXe.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\kuluhOi.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\SNwowpd.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\AMuHTsV.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\CsqeqMv.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\tdofwbR.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\rxNUFRl.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\MqfbOwu.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\hQXrpgL.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\sauNJvh.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\BOyjrQc.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\mZyxGHX.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\BTvxHsr.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\JTfBqKT.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\iUPLEtc.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\GiDvsnQ.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\PloIBth.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\kbjOlMC.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\MGnODEN.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\BtHlegm.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\rntdPKf.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\IEsxzxx.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\zNiTXGq.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\ioBZKSV.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
File created	C:\Windows\System\aSBKVPs.exe	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4572 wrote to memory of 964	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	83
PID 4572 wrote to memory of 964	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	83
PID 4572 wrote to memory of 1640	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	84
PID 4572 wrote to memory of 1640	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	84
PID 4572 wrote to memory of 4180	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	85
PID 4572 wrote to memory of 4180	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	85
PID 4572 wrote to memory of 4752	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	86
PID 4572 wrote to memory of 4752	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	86
PID 4572 wrote to memory of 4888	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	87
PID 4572 wrote to memory of 4888	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	87
PID 4572 wrote to memory of 2804	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	88
PID 4572 wrote to memory of 2804	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	88
PID 4572 wrote to memory of 3912	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	89
PID 4572 wrote to memory of 3912	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	89
PID 4572 wrote to memory of 3240	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	90
PID 4572 wrote to memory of 3240	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	90
PID 4572 wrote to memory of 1608	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	91
PID 4572 wrote to memory of 1608	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	91
PID 4572 wrote to memory of 4032	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	92
PID 4572 wrote to memory of 4032	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	92
PID 4572 wrote to memory of 4628	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	93
PID 4572 wrote to memory of 4628	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	93
PID 4572 wrote to memory of 732	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	94
PID 4572 wrote to memory of 732	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	94
PID 4572 wrote to memory of 3616	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	95
PID 4572 wrote to memory of 3616	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	95
PID 4572 wrote to memory of 2720	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	96
PID 4572 wrote to memory of 2720	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	96
PID 4572 wrote to memory of 876	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	97
PID 4572 wrote to memory of 876	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	97
PID 4572 wrote to memory of 1008	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	98
PID 4572 wrote to memory of 1008	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	98
PID 4572 wrote to memory of 2064	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	99
PID 4572 wrote to memory of 2064	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	99
PID 4572 wrote to memory of 2060	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	100
PID 4572 wrote to memory of 2060	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	100
PID 4572 wrote to memory of 2276	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	101
PID 4572 wrote to memory of 2276	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	101
PID 4572 wrote to memory of 1252	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	102
PID 4572 wrote to memory of 1252	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	102
PID 4572 wrote to memory of 2636	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	103
PID 4572 wrote to memory of 2636	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	103
PID 4572 wrote to memory of 1816	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	104
PID 4572 wrote to memory of 1816	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	104
PID 4572 wrote to memory of 1636	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	105
PID 4572 wrote to memory of 1636	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	105
PID 4572 wrote to memory of 3620	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	106
PID 4572 wrote to memory of 3620	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	106
PID 4572 wrote to memory of 3108	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	107
PID 4572 wrote to memory of 3108	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	107
PID 4572 wrote to memory of 2840	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	108
PID 4572 wrote to memory of 2840	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	108
PID 4572 wrote to memory of 4336	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	109
PID 4572 wrote to memory of 4336	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	109
PID 4572 wrote to memory of 1420	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	110
PID 4572 wrote to memory of 1420	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	110
PID 4572 wrote to memory of 1868	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	111
PID 4572 wrote to memory of 1868	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	111
PID 4572 wrote to memory of 1768	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	112
PID 4572 wrote to memory of 1768	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	112
PID 4572 wrote to memory of 1544	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	113
PID 4572 wrote to memory of 1544	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	113
PID 4572 wrote to memory of 4176	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	114
PID 4572 wrote to memory of 4176	4572	d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe	114

C:\Users\Admin\AppData\Local\Temp\d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe
"C:\Users\Admin\AppData\Local\Temp\d6f358c2bc67e96d9f00ae66c98993d0dc88edb18a4ce0a3fba206706576f07fN.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4572
- C:\Windows\System\ubydago.exe
  C:\Windows\System\ubydago.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\paRXoLl.exe
  C:\Windows\System\paRXoLl.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\BWGkgjv.exe
  C:\Windows\System\BWGkgjv.exe
  2⤵
  - Executes dropped EXE
  PID:4180
- C:\Windows\System\UZiKdPI.exe
  C:\Windows\System\UZiKdPI.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\lXnncMt.exe
  C:\Windows\System\lXnncMt.exe
  2⤵
  - Executes dropped EXE
  PID:4888
- C:\Windows\System\QIkuxoE.exe
  C:\Windows\System\QIkuxoE.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\puvRRXM.exe
  C:\Windows\System\puvRRXM.exe
  2⤵
  - Executes dropped EXE
  PID:3912
- C:\Windows\System\Fihyhbh.exe
  C:\Windows\System\Fihyhbh.exe
  2⤵
  - Executes dropped EXE
  PID:3240
- C:\Windows\System\lLWxdog.exe
  C:\Windows\System\lLWxdog.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\SNwowpd.exe
  C:\Windows\System\SNwowpd.exe
  2⤵
  - Executes dropped EXE
  PID:4032
- C:\Windows\System\qscrvVi.exe
  C:\Windows\System\qscrvVi.exe
  2⤵
  - Executes dropped EXE
  PID:4628
- C:\Windows\System\jgkQaYE.exe
  C:\Windows\System\jgkQaYE.exe
  2⤵
  - Executes dropped EXE
  PID:732
- C:\Windows\System\ZgMSeNu.exe
  C:\Windows\System\ZgMSeNu.exe
  2⤵
  - Executes dropped EXE
  PID:3616
- C:\Windows\System\ZgKwsea.exe
  C:\Windows\System\ZgKwsea.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\wDNdZBN.exe
  C:\Windows\System\wDNdZBN.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\zXkLUqr.exe
  C:\Windows\System\zXkLUqr.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\cSyEnHC.exe
  C:\Windows\System\cSyEnHC.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\NCLdXHH.exe
  C:\Windows\System\NCLdXHH.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\upFcwgT.exe
  C:\Windows\System\upFcwgT.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\nigIYAI.exe
  C:\Windows\System\nigIYAI.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\AMuHTsV.exe
  C:\Windows\System\AMuHTsV.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\UMwWbII.exe
  C:\Windows\System\UMwWbII.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\ZAsOrSc.exe
  C:\Windows\System\ZAsOrSc.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\EyshPRz.exe
  C:\Windows\System\EyshPRz.exe
  2⤵
  - Executes dropped EXE
  PID:3620
- C:\Windows\System\RXqXHPN.exe
  C:\Windows\System\RXqXHPN.exe
  2⤵
  - Executes dropped EXE
  PID:3108
- C:\Windows\System\jxaPVhP.exe
  C:\Windows\System\jxaPVhP.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\jRwnITY.exe
  C:\Windows\System\jRwnITY.exe
  2⤵
  - Executes dropped EXE
  PID:4336
- C:\Windows\System\hHbEVrg.exe
  C:\Windows\System\hHbEVrg.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\rEfzVmk.exe
  C:\Windows\System\rEfzVmk.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\uTKaOPX.exe
  C:\Windows\System\uTKaOPX.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\xbThUhS.exe
  C:\Windows\System\xbThUhS.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\PKDbEtv.exe
  C:\Windows\System\PKDbEtv.exe
  2⤵
  - Executes dropped EXE
  PID:4176
- C:\Windows\System\ALEFfDc.exe
  C:\Windows\System\ALEFfDc.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\rYiYfGz.exe
  C:\Windows\System\rYiYfGz.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\kMESXnF.exe
  C:\Windows\System\kMESXnF.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\CAflIFE.exe
  C:\Windows\System\CAflIFE.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\xmsKSnO.exe
  C:\Windows\System\xmsKSnO.exe
  2⤵
  - Executes dropped EXE
  PID:3128
- C:\Windows\System\JKqjLYE.exe
  C:\Windows\System\JKqjLYE.exe
  2⤵
  - Executes dropped EXE
  PID:3424
- C:\Windows\System\oPgherY.exe
  C:\Windows\System\oPgherY.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\hQXrpgL.exe
  C:\Windows\System\hQXrpgL.exe
  2⤵
  - Executes dropped EXE
  PID:4432
- C:\Windows\System\bAzlgGx.exe
  C:\Windows\System\bAzlgGx.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\GqiouTq.exe
  C:\Windows\System\GqiouTq.exe
  2⤵
  - Executes dropped EXE
  PID:4436
- C:\Windows\System\zSGDTZQ.exe
  C:\Windows\System\zSGDTZQ.exe
  2⤵
  - Executes dropped EXE
  PID:208
- C:\Windows\System\xJIPLFf.exe
  C:\Windows\System\xJIPLFf.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\kCitzyx.exe
  C:\Windows\System\kCitzyx.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\hvQRiJN.exe
  C:\Windows\System\hvQRiJN.exe
  2⤵
  - Executes dropped EXE
  PID:4052
- C:\Windows\System\xZyQrWg.exe
  C:\Windows\System\xZyQrWg.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\Xjmazwj.exe
  C:\Windows\System\Xjmazwj.exe
  2⤵
  - Executes dropped EXE
  PID:220
- C:\Windows\System\UtYPDkU.exe
  C:\Windows\System\UtYPDkU.exe
  2⤵
  - Executes dropped EXE
  PID:4484
- C:\Windows\System\VPfTNlu.exe
  C:\Windows\System\VPfTNlu.exe
  2⤵
  - Executes dropped EXE
  PID:3700
- C:\Windows\System\tLLDmPW.exe
  C:\Windows\System\tLLDmPW.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\IVmMrBc.exe
  C:\Windows\System\IVmMrBc.exe
  2⤵
  - Executes dropped EXE
  PID:3392
- C:\Windows\System\RqEZelV.exe
  C:\Windows\System\RqEZelV.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\QeXawHm.exe
  C:\Windows\System\QeXawHm.exe
  2⤵
  - Executes dropped EXE
  PID:3268
- C:\Windows\System\NecDKlU.exe
  C:\Windows\System\NecDKlU.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\wjITWEO.exe
  C:\Windows\System\wjITWEO.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\GGLVmbJ.exe
  C:\Windows\System\GGLVmbJ.exe
  2⤵
  - Executes dropped EXE
  PID:3840
- C:\Windows\System\DwQiOXJ.exe
  C:\Windows\System\DwQiOXJ.exe
  2⤵
  - Executes dropped EXE
  PID:4820
- C:\Windows\System\AqJiVPQ.exe
  C:\Windows\System\AqJiVPQ.exe
  2⤵
  - Executes dropped EXE
  PID:4840
- C:\Windows\System\eHZdqDK.exe
  C:\Windows\System\eHZdqDK.exe
  2⤵
  - Executes dropped EXE
  PID:4524
- C:\Windows\System\ZhGyKmj.exe
  C:\Windows\System\ZhGyKmj.exe
  2⤵
  - Executes dropped EXE
  PID:3852
- C:\Windows\System\feIeiOi.exe
  C:\Windows\System\feIeiOi.exe
  2⤵
  - Executes dropped EXE
  PID:3432
- C:\Windows\System\JdVzpRY.exe
  C:\Windows\System\JdVzpRY.exe
  2⤵
  - Executes dropped EXE
  PID:5048
- C:\Windows\System\HYJiYES.exe
  C:\Windows\System\HYJiYES.exe
  2⤵
  - Executes dropped EXE
  PID:4248
- C:\Windows\System\UCIlSZF.exe
  C:\Windows\System\UCIlSZF.exe
  2⤵
  PID:2824
- C:\Windows\System\TZJaQzY.exe
  C:\Windows\System\TZJaQzY.exe
  2⤵
  PID:4308
- C:\Windows\System\qGQhEIZ.exe
  C:\Windows\System\qGQhEIZ.exe
  2⤵
  PID:4620
- C:\Windows\System\qTRgzCq.exe
  C:\Windows\System\qTRgzCq.exe
  2⤵
  PID:952
- C:\Windows\System\kgGVGTi.exe
  C:\Windows\System\kgGVGTi.exe
  2⤵
  PID:1932
- C:\Windows\System\tUiPYvt.exe
  C:\Windows\System\tUiPYvt.exe
  2⤵
  PID:4220
- C:\Windows\System\VMmABsZ.exe
  C:\Windows\System\VMmABsZ.exe
  2⤵
  PID:4832
- C:\Windows\System\LkMPGgb.exe
  C:\Windows\System\LkMPGgb.exe
  2⤵
  PID:2704
- C:\Windows\System\tfmKrth.exe
  C:\Windows\System\tfmKrth.exe
  2⤵
  PID:2800
- C:\Windows\System\zAEyTjO.exe
  C:\Windows\System\zAEyTjO.exe
  2⤵
  PID:3308
- C:\Windows\System\CvZzTtY.exe
  C:\Windows\System\CvZzTtY.exe
  2⤵
  PID:4056
- C:\Windows\System\ZbyALOf.exe
  C:\Windows\System\ZbyALOf.exe
  2⤵
  PID:860
- C:\Windows\System\rntdPKf.exe
  C:\Windows\System\rntdPKf.exe
  2⤵
  PID:3956
- C:\Windows\System\QXVdIkL.exe
  C:\Windows\System\QXVdIkL.exe
  2⤵
  PID:4148
- C:\Windows\System\EhMAWgM.exe
  C:\Windows\System\EhMAWgM.exe
  2⤵
  PID:4392
- C:\Windows\System\nTABXkn.exe
  C:\Windows\System\nTABXkn.exe
  2⤵
  PID:4736
- C:\Windows\System\lLqjbbq.exe
  C:\Windows\System\lLqjbbq.exe
  2⤵
  PID:3716
- C:\Windows\System\Cyifwml.exe
  C:\Windows\System\Cyifwml.exe
  2⤵
  PID:3904
- C:\Windows\System\orNFmGC.exe
  C:\Windows\System\orNFmGC.exe
  2⤵
  PID:884
- C:\Windows\System\SIvJoNT.exe
  C:\Windows\System\SIvJoNT.exe
  2⤵
  PID:5052
- C:\Windows\System\SQQuAtJ.exe
  C:\Windows\System\SQQuAtJ.exe
  2⤵
  PID:916
- C:\Windows\System\RWNfOzl.exe
  C:\Windows\System\RWNfOzl.exe
  2⤵
  PID:2524
- C:\Windows\System\UVufkYs.exe
  C:\Windows\System\UVufkYs.exe
  2⤵
  PID:4560
- C:\Windows\System\uQSOohs.exe
  C:\Windows\System\uQSOohs.exe
  2⤵
  PID:4132
- C:\Windows\System\dFSpbdz.exe
  C:\Windows\System\dFSpbdz.exe
  2⤵
  PID:332
- C:\Windows\System\sauNJvh.exe
  C:\Windows\System\sauNJvh.exe
  2⤵
  PID:4728
- C:\Windows\System\kugiiTP.exe
  C:\Windows\System\kugiiTP.exe
  2⤵
  PID:1220
- C:\Windows\System\TktxcyE.exe
  C:\Windows\System\TktxcyE.exe
  2⤵
  PID:1900
- C:\Windows\System\dLexzNQ.exe
  C:\Windows\System\dLexzNQ.exe
  2⤵
  PID:2216
- C:\Windows\System\ZthNPST.exe
  C:\Windows\System\ZthNPST.exe
  2⤵
  PID:5092
- C:\Windows\System\IaxsRIg.exe
  C:\Windows\System\IaxsRIg.exe
  2⤵
  PID:3180
- C:\Windows\System\WJRfrYm.exe
  C:\Windows\System\WJRfrYm.exe
  2⤵
  PID:4864
- C:\Windows\System\TfZvsSd.exe
  C:\Windows\System\TfZvsSd.exe
  2⤵
  PID:5076
- C:\Windows\System\yFCKJRH.exe
  C:\Windows\System\yFCKJRH.exe
  2⤵
  PID:2828
- C:\Windows\System\uezSRUU.exe
  C:\Windows\System\uezSRUU.exe
  2⤵
  PID:4808
- C:\Windows\System\NPBewuG.exe
  C:\Windows\System\NPBewuG.exe
  2⤵
  PID:2956
- C:\Windows\System\kYWMlEz.exe
  C:\Windows\System\kYWMlEz.exe
  2⤵
  PID:1824
- C:\Windows\System\LzcOQlp.exe
  C:\Windows\System\LzcOQlp.exe
  2⤵
  PID:4212
- C:\Windows\System\ThQxOYj.exe
  C:\Windows\System\ThQxOYj.exe
  2⤵
  PID:4088
- C:\Windows\System\VhWfwgT.exe
  C:\Windows\System\VhWfwgT.exe
  2⤵
  PID:3004
- C:\Windows\System\CPwTTfZ.exe
  C:\Windows\System\CPwTTfZ.exe
  2⤵
  PID:4816
- C:\Windows\System\CGBzNny.exe
  C:\Windows\System\CGBzNny.exe
  2⤵
  PID:2564
- C:\Windows\System\jiZDcXa.exe
  C:\Windows\System\jiZDcXa.exe
  2⤵
  PID:3972
- C:\Windows\System\ePkbtwV.exe
  C:\Windows\System\ePkbtwV.exe
  2⤵
  PID:1648
- C:\Windows\System\QsqPTTP.exe
  C:\Windows\System\QsqPTTP.exe
  2⤵
  PID:3412
- C:\Windows\System\CGlSfLI.exe
  C:\Windows\System\CGlSfLI.exe
  2⤵
  PID:3132
- C:\Windows\System\mrVphPL.exe
  C:\Windows\System\mrVphPL.exe
  2⤵
  PID:2304
- C:\Windows\System\rjwOvju.exe
  C:\Windows\System\rjwOvju.exe
  2⤵
  PID:4196
- C:\Windows\System\TroVIIx.exe
  C:\Windows\System\TroVIIx.exe
  2⤵
  PID:2296
- C:\Windows\System\QpuXkPR.exe
  C:\Windows\System\QpuXkPR.exe
  2⤵
  PID:2484
- C:\Windows\System\VETvbhz.exe
  C:\Windows\System\VETvbhz.exe
  2⤵
  PID:4636
- C:\Windows\System\QJtXJlL.exe
  C:\Windows\System\QJtXJlL.exe
  2⤵
  PID:5156
- C:\Windows\System\SvQyYzk.exe
  C:\Windows\System\SvQyYzk.exe
  2⤵
  PID:5196
- C:\Windows\System\KFvZFIr.exe
  C:\Windows\System\KFvZFIr.exe
  2⤵
  PID:5232
- C:\Windows\System\zSQrGEz.exe
  C:\Windows\System\zSQrGEz.exe
  2⤵
  PID:5264
- C:\Windows\System\DUPqmcd.exe
  C:\Windows\System\DUPqmcd.exe
  2⤵
  PID:5292
- C:\Windows\System\OgcbtFd.exe
  C:\Windows\System\OgcbtFd.exe
  2⤵
  PID:5332
- C:\Windows\System\gpaozvK.exe
  C:\Windows\System\gpaozvK.exe
  2⤵
  PID:5360
- C:\Windows\System\RvfGDVW.exe
  C:\Windows\System\RvfGDVW.exe
  2⤵
  PID:5388
- C:\Windows\System\HLMShCg.exe
  C:\Windows\System\HLMShCg.exe
  2⤵
  PID:5424
- C:\Windows\System\ZTWXStZ.exe
  C:\Windows\System\ZTWXStZ.exe
  2⤵
  PID:5464
- C:\Windows\System\IEsxzxx.exe
  C:\Windows\System\IEsxzxx.exe
  2⤵
  PID:5492
- C:\Windows\System\JdiNvPm.exe
  C:\Windows\System\JdiNvPm.exe
  2⤵
  PID:5512
- C:\Windows\System\qbJbsZI.exe
  C:\Windows\System\qbJbsZI.exe
  2⤵
  PID:5540
- C:\Windows\System\sRYACeL.exe
  C:\Windows\System\sRYACeL.exe
  2⤵
  PID:5572
- C:\Windows\System\oxRLWWN.exe
  C:\Windows\System\oxRLWWN.exe
  2⤵
  PID:5592
- C:\Windows\System\dHLwJVt.exe
  C:\Windows\System\dHLwJVt.exe
  2⤵
  PID:5624
- C:\Windows\System\iUPLEtc.exe
  C:\Windows\System\iUPLEtc.exe
  2⤵
  PID:5652
- C:\Windows\System\iSvlqJS.exe
  C:\Windows\System\iSvlqJS.exe
  2⤵
  PID:5668
- C:\Windows\System\sjvIHjv.exe
  C:\Windows\System\sjvIHjv.exe
  2⤵
  PID:5692
- C:\Windows\System\CWwkpWe.exe
  C:\Windows\System\CWwkpWe.exe
  2⤵
  PID:5720
- C:\Windows\System\UDwncIL.exe
  C:\Windows\System\UDwncIL.exe
  2⤵
  PID:5744
- C:\Windows\System\PVZvSCX.exe
  C:\Windows\System\PVZvSCX.exe
  2⤵
  PID:5768
- C:\Windows\System\WAdGAJy.exe
  C:\Windows\System\WAdGAJy.exe
  2⤵
  PID:5792
- C:\Windows\System\yYaFQNN.exe
  C:\Windows\System\yYaFQNN.exe
  2⤵
  PID:5816
- C:\Windows\System\gkLANtH.exe
  C:\Windows\System\gkLANtH.exe
  2⤵
  PID:5864
- C:\Windows\System\QMqfeeq.exe
  C:\Windows\System\QMqfeeq.exe
  2⤵
  PID:5920
- C:\Windows\System\ASPPlDA.exe
  C:\Windows\System\ASPPlDA.exe
  2⤵
  PID:5940
- C:\Windows\System\JpJgmwP.exe
  C:\Windows\System\JpJgmwP.exe
  2⤵
  PID:5968
- C:\Windows\System\fLDJghR.exe
  C:\Windows\System\fLDJghR.exe
  2⤵
  PID:6004
- C:\Windows\System\YbFjjBD.exe
  C:\Windows\System\YbFjjBD.exe
  2⤵
  PID:6040
- C:\Windows\System\DmOHyLK.exe
  C:\Windows\System\DmOHyLK.exe
  2⤵
  PID:6068
- C:\Windows\System\GyFRWzQ.exe
  C:\Windows\System\GyFRWzQ.exe
  2⤵
  PID:6104
- C:\Windows\System\zVaSHTa.exe
  C:\Windows\System\zVaSHTa.exe
  2⤵
  PID:6128
- C:\Windows\System\fJvwDRD.exe
  C:\Windows\System\fJvwDRD.exe
  2⤵
  PID:4508
- C:\Windows\System\LXxAdrR.exe
  C:\Windows\System\LXxAdrR.exe
  2⤵
  PID:1600
- C:\Windows\System\qqswxHZ.exe
  C:\Windows\System\qqswxHZ.exe
  2⤵
  PID:2488
- C:\Windows\System\bDaYDck.exe
  C:\Windows\System\bDaYDck.exe
  2⤵
  PID:5220
- C:\Windows\System\EDoIezx.exe
  C:\Windows\System\EDoIezx.exe
  2⤵
  PID:5204
- C:\Windows\System\FHMdzNh.exe
  C:\Windows\System\FHMdzNh.exe
  2⤵
  PID:5340
- C:\Windows\System\BExEpGc.exe
  C:\Windows\System\BExEpGc.exe
  2⤵
  PID:5380
- C:\Windows\System\jgWOiPk.exe
  C:\Windows\System\jgWOiPk.exe
  2⤵
  PID:5448
- C:\Windows\System\aICNCYe.exe
  C:\Windows\System\aICNCYe.exe
  2⤵
  PID:5352
- C:\Windows\System\GiDvsnQ.exe
  C:\Windows\System\GiDvsnQ.exe
  2⤵
  PID:5504
- C:\Windows\System\JAhIZYm.exe
  C:\Windows\System\JAhIZYm.exe
  2⤵
  PID:5660
- C:\Windows\System\YkKsvDL.exe
  C:\Windows\System\YkKsvDL.exe
  2⤵
  PID:5740
- C:\Windows\System\bPhNCGv.exe
  C:\Windows\System\bPhNCGv.exe
  2⤵
  PID:5892
- C:\Windows\System\xAPuSoG.exe
  C:\Windows\System\xAPuSoG.exe
  2⤵
  PID:5708
- C:\Windows\System\Eaqolga.exe
  C:\Windows\System\Eaqolga.exe
  2⤵
  PID:5984
- C:\Windows\System\BOyjrQc.exe
  C:\Windows\System\BOyjrQc.exe
  2⤵
  PID:5760
- C:\Windows\System\SDkptke.exe
  C:\Windows\System\SDkptke.exe
  2⤵
  PID:5964
- C:\Windows\System\rLshEwv.exe
  C:\Windows\System\rLshEwv.exe
  2⤵
  PID:6036
- C:\Windows\System\CCzRJSO.exe
  C:\Windows\System\CCzRJSO.exe
  2⤵
  PID:1324
- C:\Windows\System\IvOWpow.exe
  C:\Windows\System\IvOWpow.exe
  2⤵
  PID:5212
- C:\Windows\System\PloIBth.exe
  C:\Windows\System\PloIBth.exe
  2⤵
  PID:4216
- C:\Windows\System\CTEMzSu.exe
  C:\Windows\System\CTEMzSu.exe
  2⤵
  PID:5480
- C:\Windows\System\zzUuTzB.exe
  C:\Windows\System\zzUuTzB.exe
  2⤵
  PID:5584
- C:\Windows\System\UkzTSsj.exe
  C:\Windows\System\UkzTSsj.exe
  2⤵
  PID:5732
- C:\Windows\System\PrcDwmn.exe
  C:\Windows\System\PrcDwmn.exe
  2⤵
  PID:5764
- C:\Windows\System\pwIgnnv.exe
  C:\Windows\System\pwIgnnv.exe
  2⤵
  PID:5936
- C:\Windows\System\wpKbLKP.exe
  C:\Windows\System\wpKbLKP.exe
  2⤵
  PID:5524
- C:\Windows\System\qgKrFpo.exe
  C:\Windows\System\qgKrFpo.exe
  2⤵
  PID:5144
- C:\Windows\System\qNeeqAi.exe
  C:\Windows\System\qNeeqAi.exe
  2⤵
  PID:4828
- C:\Windows\System\jIWyNMg.exe
  C:\Windows\System\jIWyNMg.exe
  2⤵
  PID:1968
- C:\Windows\System\oWnmKCn.exe
  C:\Windows\System\oWnmKCn.exe
  2⤵
  PID:5368
- C:\Windows\System\OUqWSei.exe
  C:\Windows\System\OUqWSei.exe
  2⤵
  PID:6196
- C:\Windows\System\DgpQPpG.exe
  C:\Windows\System\DgpQPpG.exe
  2⤵
  PID:6216
- C:\Windows\System\VDyUBPs.exe
  C:\Windows\System\VDyUBPs.exe
  2⤵
  PID:6240
- C:\Windows\System\ryiIfDX.exe
  C:\Windows\System\ryiIfDX.exe
  2⤵
  PID:6268
- C:\Windows\System\SmqHriH.exe
  C:\Windows\System\SmqHriH.exe
  2⤵
  PID:6296
- C:\Windows\System\LJceAcC.exe
  C:\Windows\System\LJceAcC.exe
  2⤵
  PID:6320
- C:\Windows\System\cDuRljW.exe
  C:\Windows\System\cDuRljW.exe
  2⤵
  PID:6344
- C:\Windows\System\VxHobly.exe
  C:\Windows\System\VxHobly.exe
  2⤵
  PID:6376
- C:\Windows\System\lnfPnbr.exe
  C:\Windows\System\lnfPnbr.exe
  2⤵
  PID:6408
- C:\Windows\System\gafaAXV.exe
  C:\Windows\System\gafaAXV.exe
  2⤵
  PID:6428
- C:\Windows\System\IJHQcaB.exe
  C:\Windows\System\IJHQcaB.exe
  2⤵
  PID:6448
- C:\Windows\System\LtCCRVF.exe
  C:\Windows\System\LtCCRVF.exe
  2⤵
  PID:6472
- C:\Windows\System\MQVadig.exe
  C:\Windows\System\MQVadig.exe
  2⤵
  PID:6508
- C:\Windows\System\xmnUFNK.exe
  C:\Windows\System\xmnUFNK.exe
  2⤵
  PID:6528
- C:\Windows\System\hbfbZTC.exe
  C:\Windows\System\hbfbZTC.exe
  2⤵
  PID:6552
- C:\Windows\System\ZJPtIlR.exe
  C:\Windows\System\ZJPtIlR.exe
  2⤵
  PID:6568
- C:\Windows\System\LlnyRuy.exe
  C:\Windows\System\LlnyRuy.exe
  2⤵
  PID:6584
- C:\Windows\System\shzeLTQ.exe
  C:\Windows\System\shzeLTQ.exe
  2⤵
  PID:6608
- C:\Windows\System\gdThJsJ.exe
  C:\Windows\System\gdThJsJ.exe
  2⤵
  PID:6636
- C:\Windows\System\cTcHARj.exe
  C:\Windows\System\cTcHARj.exe
  2⤵
  PID:6660
- C:\Windows\System\RjJlAge.exe
  C:\Windows\System\RjJlAge.exe
  2⤵
  PID:6684
- C:\Windows\System\WvWJcFe.exe
  C:\Windows\System\WvWJcFe.exe
  2⤵
  PID:6728
- C:\Windows\System\aiXBOCJ.exe
  C:\Windows\System\aiXBOCJ.exe
  2⤵
  PID:6760
- C:\Windows\System\eRvEYTk.exe
  C:\Windows\System\eRvEYTk.exe
  2⤵
  PID:6788
- C:\Windows\System\pNLsaJE.exe
  C:\Windows\System\pNLsaJE.exe
  2⤵
  PID:6824
- C:\Windows\System\RhcyWgz.exe
  C:\Windows\System\RhcyWgz.exe
  2⤵
  PID:6860
- C:\Windows\System\WoUdxfl.exe
  C:\Windows\System\WoUdxfl.exe
  2⤵
  PID:6884
- C:\Windows\System\UwyHWpz.exe
  C:\Windows\System\UwyHWpz.exe
  2⤵
  PID:6908
- C:\Windows\System\KRwPaFT.exe
  C:\Windows\System\KRwPaFT.exe
  2⤵
  PID:6936
- C:\Windows\System\lyTjGYN.exe
  C:\Windows\System\lyTjGYN.exe
  2⤵
  PID:6968
- C:\Windows\System\kkXVVsK.exe
  C:\Windows\System\kkXVVsK.exe
  2⤵
  PID:6992
- C:\Windows\System\nriCfAB.exe
  C:\Windows\System\nriCfAB.exe
  2⤵
  PID:7020
- C:\Windows\System\NhyHeSK.exe
  C:\Windows\System\NhyHeSK.exe
  2⤵
  PID:7052
- C:\Windows\System\DsmHgEB.exe
  C:\Windows\System\DsmHgEB.exe
  2⤵
  PID:7084
- C:\Windows\System\LKTZvxT.exe
  C:\Windows\System\LKTZvxT.exe
  2⤵
  PID:7112
- C:\Windows\System\dxsQBQr.exe
  C:\Windows\System\dxsQBQr.exe
  2⤵
  PID:7144
- C:\Windows\System\sYhQfKj.exe
  C:\Windows\System\sYhQfKj.exe
  2⤵
  PID:7164
- C:\Windows\System\EgkGhHo.exe
  C:\Windows\System\EgkGhHo.exe
  2⤵
  PID:6180
- C:\Windows\System\lWxnmdZ.exe
  C:\Windows\System\lWxnmdZ.exe
  2⤵
  PID:6208
- C:\Windows\System\KLfzCoM.exe
  C:\Windows\System\KLfzCoM.exe
  2⤵
  PID:6288
- C:\Windows\System\kUqzIoF.exe
  C:\Windows\System\kUqzIoF.exe
  2⤵
  PID:6392
- C:\Windows\System\biTePGw.exe
  C:\Windows\System\biTePGw.exe
  2⤵
  PID:6456
- C:\Windows\System\kbjOlMC.exe
  C:\Windows\System\kbjOlMC.exe
  2⤵
  PID:6424
- C:\Windows\System\DagHJRl.exe
  C:\Windows\System\DagHJRl.exe
  2⤵
  PID:6488
- C:\Windows\System\SZFEVNb.exe
  C:\Windows\System\SZFEVNb.exe
  2⤵
  PID:6504
- C:\Windows\System\tdXTnTi.exe
  C:\Windows\System\tdXTnTi.exe
  2⤵
  PID:6520
- C:\Windows\System\HwJhshY.exe
  C:\Windows\System\HwJhshY.exe
  2⤵
  PID:6624
- C:\Windows\System\dPCwvPG.exe
  C:\Windows\System\dPCwvPG.exe
  2⤵
  PID:6780
- C:\Windows\System\jgCIyYj.exe
  C:\Windows\System\jgCIyYj.exe
  2⤵
  PID:6744
- C:\Windows\System\TqcgPSI.exe
  C:\Windows\System\TqcgPSI.exe
  2⤵
  PID:6804
- C:\Windows\System\gPrAory.exe
  C:\Windows\System\gPrAory.exe
  2⤵
  PID:7032
- C:\Windows\System\ADNEQuC.exe
  C:\Windows\System\ADNEQuC.exe
  2⤵
  PID:7040
- C:\Windows\System\ftzXMTd.exe
  C:\Windows\System\ftzXMTd.exe
  2⤵
  PID:7000
- C:\Windows\System\ZTemDoa.exe
  C:\Windows\System\ZTemDoa.exe
  2⤵
  PID:7132
- C:\Windows\System\FFsEytE.exe
  C:\Windows\System\FFsEytE.exe
  2⤵
  PID:6400
- C:\Windows\System\ntULPDQ.exe
  C:\Windows\System\ntULPDQ.exe
  2⤵
  PID:6236
- C:\Windows\System\UQEDPdu.exe
  C:\Windows\System\UQEDPdu.exe
  2⤵
  PID:516
- C:\Windows\System\uPiigpW.exe
  C:\Windows\System\uPiigpW.exe
  2⤵
  PID:6484
- C:\Windows\System\eVueKDz.exe
  C:\Windows\System\eVueKDz.exe
  2⤵
  PID:6808
- C:\Windows\System\QyZIdVD.exe
  C:\Windows\System\QyZIdVD.exe
  2⤵
  PID:7068
- C:\Windows\System\ZeJSYHp.exe
  C:\Windows\System\ZeJSYHp.exe
  2⤵
  PID:6784
- C:\Windows\System\cdjwrGI.exe
  C:\Windows\System\cdjwrGI.exe
  2⤵
  PID:6900
- C:\Windows\System\tJnnzod.exe
  C:\Windows\System\tJnnzod.exe
  2⤵
  PID:3960
- C:\Windows\System\HBNjWSh.exe
  C:\Windows\System\HBNjWSh.exe
  2⤵
  PID:7192
- C:\Windows\System\hhWNGfy.exe
  C:\Windows\System\hhWNGfy.exe
  2⤵
  PID:7220
- C:\Windows\System\YwuYIRf.exe
  C:\Windows\System\YwuYIRf.exe
  2⤵
  PID:7248
- C:\Windows\System\JhzPdvK.exe
  C:\Windows\System\JhzPdvK.exe
  2⤵
  PID:7276
- C:\Windows\System\JJYFjsX.exe
  C:\Windows\System\JJYFjsX.exe
  2⤵
  PID:7300
- C:\Windows\System\NZGbXgT.exe
  C:\Windows\System\NZGbXgT.exe
  2⤵
  PID:7340
- C:\Windows\System\iOqcXRn.exe
  C:\Windows\System\iOqcXRn.exe
  2⤵
  PID:7384
- C:\Windows\System\UWqwuNB.exe
  C:\Windows\System\UWqwuNB.exe
  2⤵
  PID:7412
- C:\Windows\System\upTcllF.exe
  C:\Windows\System\upTcllF.exe
  2⤵
  PID:7440
- C:\Windows\System\eSzUFOS.exe
  C:\Windows\System\eSzUFOS.exe
  2⤵
  PID:7472
- C:\Windows\System\nLkPEsf.exe
  C:\Windows\System\nLkPEsf.exe
  2⤵
  PID:7512
- C:\Windows\System\pZgHYgF.exe
  C:\Windows\System\pZgHYgF.exe
  2⤵
  PID:7536
- C:\Windows\System\eXIwjZg.exe
  C:\Windows\System\eXIwjZg.exe
  2⤵
  PID:7568
- C:\Windows\System\GpCbzlv.exe
  C:\Windows\System\GpCbzlv.exe
  2⤵
  PID:7588
- C:\Windows\System\XaJMEZN.exe
  C:\Windows\System\XaJMEZN.exe
  2⤵
  PID:7612
- C:\Windows\System\JtJQyow.exe
  C:\Windows\System\JtJQyow.exe
  2⤵
  PID:7644
- C:\Windows\System\QYzpBwW.exe
  C:\Windows\System\QYzpBwW.exe
  2⤵
  PID:7672
- C:\Windows\System\hQWpFQO.exe
  C:\Windows\System\hQWpFQO.exe
  2⤵
  PID:7692
- C:\Windows\System\VqtKhLp.exe
  C:\Windows\System\VqtKhLp.exe
  2⤵
  PID:7720
- C:\Windows\System\PiNfSKo.exe
  C:\Windows\System\PiNfSKo.exe
  2⤵
  PID:7756
- C:\Windows\System\dPXbvdC.exe
  C:\Windows\System\dPXbvdC.exe
  2⤵
  PID:7788
- C:\Windows\System\CBaFGec.exe
  C:\Windows\System\CBaFGec.exe
  2⤵
  PID:7816
- C:\Windows\System\AsFzNoJ.exe
  C:\Windows\System\AsFzNoJ.exe
  2⤵
  PID:7844
- C:\Windows\System\BQxFWeW.exe
  C:\Windows\System\BQxFWeW.exe
  2⤵
  PID:7880
- C:\Windows\System\poSCtFC.exe
  C:\Windows\System\poSCtFC.exe
  2⤵
  PID:7912
- C:\Windows\System\owBBXzF.exe
  C:\Windows\System\owBBXzF.exe
  2⤵
  PID:7940
- C:\Windows\System\OUOLUbH.exe
  C:\Windows\System\OUOLUbH.exe
  2⤵
  PID:7972
- C:\Windows\System\GwXTkII.exe
  C:\Windows\System\GwXTkII.exe
  2⤵
  PID:7988
- C:\Windows\System\lDRnRrM.exe
  C:\Windows\System\lDRnRrM.exe
  2⤵
  PID:8020
- C:\Windows\System\tchcmQH.exe
  C:\Windows\System\tchcmQH.exe
  2⤵
  PID:8040
- C:\Windows\System\fYDntkH.exe
  C:\Windows\System\fYDntkH.exe
  2⤵
  PID:8068
- C:\Windows\System\EDcVmvA.exe
  C:\Windows\System\EDcVmvA.exe
  2⤵
  PID:8096
- C:\Windows\System\YUweSIB.exe
  C:\Windows\System\YUweSIB.exe
  2⤵
  PID:8120
- C:\Windows\System\hwOEQWz.exe
  C:\Windows\System\hwOEQWz.exe
  2⤵
  PID:8152
- C:\Windows\System\AjNgmeY.exe
  C:\Windows\System\AjNgmeY.exe
  2⤵
  PID:8188
- C:\Windows\System\oxjuAjd.exe
  C:\Windows\System\oxjuAjd.exe
  2⤵
  PID:6928
- C:\Windows\System\RoGdERm.exe
  C:\Windows\System\RoGdERm.exe
  2⤵
  PID:7180
- C:\Windows\System\hquvhEx.exe
  C:\Windows\System\hquvhEx.exe
  2⤵
  PID:6924
- C:\Windows\System\BTvxHsr.exe
  C:\Windows\System\BTvxHsr.exe
  2⤵
  PID:7272
- C:\Windows\System\ZlgrYtr.exe
  C:\Windows\System\ZlgrYtr.exe
  2⤵
  PID:7292
- C:\Windows\System\CrqMwdS.exe
  C:\Windows\System\CrqMwdS.exe
  2⤵
  PID:7428
- C:\Windows\System\nOopiHC.exe
  C:\Windows\System\nOopiHC.exe
  2⤵
  PID:7492
- C:\Windows\System\ndhKmCv.exe
  C:\Windows\System\ndhKmCv.exe
  2⤵
  PID:7600
- C:\Windows\System\YmKpWOE.exe
  C:\Windows\System\YmKpWOE.exe
  2⤵
  PID:7664
- C:\Windows\System\DuOjkkZ.exe
  C:\Windows\System\DuOjkkZ.exe
  2⤵
  PID:6516
- C:\Windows\System\IkMSsOS.exe
  C:\Windows\System\IkMSsOS.exe
  2⤵
  PID:7700
- C:\Windows\System\AXIEseB.exe
  C:\Windows\System\AXIEseB.exe
  2⤵
  PID:7732
- C:\Windows\System\FZfpTJc.exe
  C:\Windows\System\FZfpTJc.exe
  2⤵
  PID:7104
- C:\Windows\System\CpHvuqF.exe
  C:\Windows\System\CpHvuqF.exe
  2⤵
  PID:7868
- C:\Windows\System\uxIVYkX.exe
  C:\Windows\System\uxIVYkX.exe
  2⤵
  PID:7980
- C:\Windows\System\AbrBewQ.exe
  C:\Windows\System\AbrBewQ.exe
  2⤵
  PID:7968
- C:\Windows\System\fGQkIsV.exe
  C:\Windows\System\fGQkIsV.exe
  2⤵
  PID:8132
- C:\Windows\System\LmZUzOS.exe
  C:\Windows\System\LmZUzOS.exe
  2⤵
  PID:8180
- C:\Windows\System\uxpaNxg.exe
  C:\Windows\System\uxpaNxg.exe
  2⤵
  PID:7296
- C:\Windows\System\pjvXcdY.exe
  C:\Windows\System\pjvXcdY.exe
  2⤵
  PID:7076
- C:\Windows\System\YwRheKo.exe
  C:\Windows\System\YwRheKo.exe
  2⤵
  PID:7244
- C:\Windows\System\ONcKlrt.exe
  C:\Windows\System\ONcKlrt.exe
  2⤵
  PID:7460
- C:\Windows\System\NEUYsnN.exe
  C:\Windows\System\NEUYsnN.exe
  2⤵
  PID:7840
- C:\Windows\System\wkVaRyo.exe
  C:\Windows\System\wkVaRyo.exe
  2⤵
  PID:7924
- C:\Windows\System\opuoCNo.exe
  C:\Windows\System\opuoCNo.exe
  2⤵
  PID:8104
- C:\Windows\System\OGUKids.exe
  C:\Windows\System\OGUKids.exe
  2⤵
  PID:7464
- C:\Windows\System\EucIxQw.exe
  C:\Windows\System\EucIxQw.exe
  2⤵
  PID:7608
- C:\Windows\System\SxnqbQa.exe
  C:\Windows\System\SxnqbQa.exe
  2⤵
  PID:8200
- C:\Windows\System\jGNyvnU.exe
  C:\Windows\System\jGNyvnU.exe
  2⤵
  PID:8228
- C:\Windows\System\uFrKzlN.exe
  C:\Windows\System\uFrKzlN.exe
  2⤵
  PID:8284
- C:\Windows\System\maVobCT.exe
  C:\Windows\System\maVobCT.exe
  2⤵
  PID:8308
- C:\Windows\System\UIkLHhq.exe
  C:\Windows\System\UIkLHhq.exe
  2⤵
  PID:8328
- C:\Windows\System\oNvKpko.exe
  C:\Windows\System\oNvKpko.exe
  2⤵
  PID:8344
- C:\Windows\System\tMzyeKA.exe
  C:\Windows\System\tMzyeKA.exe
  2⤵
  PID:8368
- C:\Windows\System\bhrorpe.exe
  C:\Windows\System\bhrorpe.exe
  2⤵
  PID:8384
- C:\Windows\System\ytmvJCR.exe
  C:\Windows\System\ytmvJCR.exe
  2⤵
  PID:8400
- C:\Windows\System\QrLxgOa.exe
  C:\Windows\System\QrLxgOa.exe
  2⤵
  PID:8416
- C:\Windows\System\OhYrokT.exe
  C:\Windows\System\OhYrokT.exe
  2⤵
  PID:8440
- C:\Windows\System\IYTJylZ.exe
  C:\Windows\System\IYTJylZ.exe
  2⤵
  PID:8472
- C:\Windows\System\RkKOpVI.exe
  C:\Windows\System\RkKOpVI.exe
  2⤵
  PID:8500
- C:\Windows\System\IwkWhPB.exe
  C:\Windows\System\IwkWhPB.exe
  2⤵
  PID:8520
- C:\Windows\System\HJJRwmE.exe
  C:\Windows\System\HJJRwmE.exe
  2⤵
  PID:8536
- C:\Windows\System\EowSsgN.exe
  C:\Windows\System\EowSsgN.exe
  2⤵
  PID:8568
- C:\Windows\System\kBJQemo.exe
  C:\Windows\System\kBJQemo.exe
  2⤵
  PID:8596
- C:\Windows\System\Bxbgwcm.exe
  C:\Windows\System\Bxbgwcm.exe
  2⤵
  PID:8616
- C:\Windows\System\CZoCrqz.exe
  C:\Windows\System\CZoCrqz.exe
  2⤵
  PID:8648
- C:\Windows\System\STXMZLy.exe
  C:\Windows\System\STXMZLy.exe
  2⤵
  PID:8668
- C:\Windows\System\KLbICzF.exe
  C:\Windows\System\KLbICzF.exe
  2⤵
  PID:8688
- C:\Windows\System\uGlEoWc.exe
  C:\Windows\System\uGlEoWc.exe
  2⤵
  PID:8708
- C:\Windows\System\uKcjdup.exe
  C:\Windows\System\uKcjdup.exe
  2⤵
  PID:8736
- C:\Windows\System\qrsjVMN.exe
  C:\Windows\System\qrsjVMN.exe
  2⤵
  PID:8772
- C:\Windows\System\uILUnNB.exe
  C:\Windows\System\uILUnNB.exe
  2⤵
  PID:8796
- C:\Windows\System\XHkEnZi.exe
  C:\Windows\System\XHkEnZi.exe
  2⤵
  PID:8824
- C:\Windows\System\gMoKDJq.exe
  C:\Windows\System\gMoKDJq.exe
  2⤵
  PID:8856
- C:\Windows\System\IrSBvlb.exe
  C:\Windows\System\IrSBvlb.exe
  2⤵
  PID:8884
- C:\Windows\System\ywFPwIC.exe
  C:\Windows\System\ywFPwIC.exe
  2⤵
  PID:8908
- C:\Windows\System\fMJFHCX.exe
  C:\Windows\System\fMJFHCX.exe
  2⤵
  PID:8940
- C:\Windows\System\HAajIid.exe
  C:\Windows\System\HAajIid.exe
  2⤵
  PID:8972
- C:\Windows\System\DQqSAOJ.exe
  C:\Windows\System\DQqSAOJ.exe
  2⤵
  PID:9000
- C:\Windows\System\zNiTXGq.exe
  C:\Windows\System\zNiTXGq.exe
  2⤵
  PID:9032
- C:\Windows\System\ICyXRWV.exe
  C:\Windows\System\ICyXRWV.exe
  2⤵
  PID:9048
- C:\Windows\System\pDeUyrz.exe
  C:\Windows\System\pDeUyrz.exe
  2⤵
  PID:9084
- C:\Windows\System\rLYheQU.exe
  C:\Windows\System\rLYheQU.exe
  2⤵
  PID:9104
- C:\Windows\System\QkuIpTH.exe
  C:\Windows\System\QkuIpTH.exe
  2⤵
  PID:9140
- C:\Windows\System\wTjHGTU.exe
  C:\Windows\System\wTjHGTU.exe
  2⤵
  PID:9172
- C:\Windows\System\bZjaYwh.exe
  C:\Windows\System\bZjaYwh.exe
  2⤵
  PID:9208
- C:\Windows\System\pZrrVAV.exe
  C:\Windows\System\pZrrVAV.exe
  2⤵
  PID:8212
- C:\Windows\System\xSxgaak.exe
  C:\Windows\System\xSxgaak.exe
  2⤵
  PID:7212
- C:\Windows\System\NybNDUb.exe
  C:\Windows\System\NybNDUb.exe
  2⤵
  PID:7776
- C:\Windows\System\qsZgEOn.exe
  C:\Windows\System\qsZgEOn.exe
  2⤵
  PID:8448
- C:\Windows\System\ggMOXnE.exe
  C:\Windows\System\ggMOXnE.exe
  2⤵
  PID:8376
- C:\Windows\System\bRrQyCe.exe
  C:\Windows\System\bRrQyCe.exe
  2⤵
  PID:8260
- C:\Windows\System\RlbIWOv.exe
  C:\Windows\System\RlbIWOv.exe
  2⤵
  PID:8316
- C:\Windows\System\xVCHTve.exe
  C:\Windows\System\xVCHTve.exe
  2⤵
  PID:8452
- C:\Windows\System\mbwGNmf.exe
  C:\Windows\System\mbwGNmf.exe
  2⤵
  PID:8604
- C:\Windows\System\iUoSsdB.exe
  C:\Windows\System\iUoSsdB.exe
  2⤵
  PID:8496
- C:\Windows\System\nUaMdNm.exe
  C:\Windows\System\nUaMdNm.exe
  2⤵
  PID:8980
- C:\Windows\System\acUXjDH.exe
  C:\Windows\System\acUXjDH.exe
  2⤵
  PID:8960
- C:\Windows\System\nSlWCiv.exe
  C:\Windows\System\nSlWCiv.exe
  2⤵
  PID:9100
- C:\Windows\System\ZtUQHCT.exe
  C:\Windows\System\ZtUQHCT.exe
  2⤵
  PID:8336
- C:\Windows\System\ErETHaJ.exe
  C:\Windows\System\ErETHaJ.exe
  2⤵
  PID:8340
- C:\Windows\System\zVkYRUA.exe
  C:\Windows\System\zVkYRUA.exe
  2⤵
  PID:8608
- C:\Windows\System\YnfXfHK.exe
  C:\Windows\System\YnfXfHK.exe
  2⤵
  PID:8684
- C:\Windows\System\LnXplmC.exe
  C:\Windows\System\LnXplmC.exe
  2⤵
  PID:8456
- C:\Windows\System\HAadobE.exe
  C:\Windows\System\HAadobE.exe
  2⤵
  PID:8380
- C:\Windows\System\gNyfgxF.exe
  C:\Windows\System\gNyfgxF.exe
  2⤵
  PID:9096
- C:\Windows\System\MuWQkGu.exe
  C:\Windows\System\MuWQkGu.exe
  2⤵
  PID:9180
- C:\Windows\System\OLcZnro.exe
  C:\Windows\System\OLcZnro.exe
  2⤵
  PID:8628
- C:\Windows\System\ExVWQcN.exe
  C:\Windows\System\ExVWQcN.exe
  2⤵
  PID:8676
- C:\Windows\System\dpkwvne.exe
  C:\Windows\System\dpkwvne.exe
  2⤵
  PID:8268
- C:\Windows\System\OGkbvIW.exe
  C:\Windows\System\OGkbvIW.exe
  2⤵
  PID:8248
- C:\Windows\System\jMZIUIp.exe
  C:\Windows\System\jMZIUIp.exe
  2⤵
  PID:9228
- C:\Windows\System\pUHgxtT.exe
  C:\Windows\System\pUHgxtT.exe
  2⤵
  PID:9256
- C:\Windows\System\cTRDfMc.exe
  C:\Windows\System\cTRDfMc.exe
  2⤵
  PID:9276
- C:\Windows\System\gGTvKWt.exe
  C:\Windows\System\gGTvKWt.exe
  2⤵
  PID:9300
- C:\Windows\System\XxqYEQH.exe
  C:\Windows\System\XxqYEQH.exe
  2⤵
  PID:9328
- C:\Windows\System\ElyqMyj.exe
  C:\Windows\System\ElyqMyj.exe
  2⤵
  PID:9356
- C:\Windows\System\ORGHVth.exe
  C:\Windows\System\ORGHVth.exe
  2⤵
  PID:9380
- C:\Windows\System\GjEgqtf.exe
  C:\Windows\System\GjEgqtf.exe
  2⤵
  PID:9404
- C:\Windows\System\gXdaPBT.exe
  C:\Windows\System\gXdaPBT.exe
  2⤵
  PID:9432
- C:\Windows\System\bkkhgve.exe
  C:\Windows\System\bkkhgve.exe
  2⤵
  PID:9460
- C:\Windows\System\BPVHZun.exe
  C:\Windows\System\BPVHZun.exe
  2⤵
  PID:9496
- C:\Windows\System\XxFbbhe.exe
  C:\Windows\System\XxFbbhe.exe
  2⤵
  PID:9524
- C:\Windows\System\rrUPsAA.exe
  C:\Windows\System\rrUPsAA.exe
  2⤵
  PID:9548
- C:\Windows\System\IeblIrv.exe
  C:\Windows\System\IeblIrv.exe
  2⤵
  PID:9584
- C:\Windows\System\lilHNkV.exe
  C:\Windows\System\lilHNkV.exe
  2⤵
  PID:9612
- C:\Windows\System\toGfyJG.exe
  C:\Windows\System\toGfyJG.exe
  2⤵
  PID:9640
- C:\Windows\System\aEckQAx.exe
  C:\Windows\System\aEckQAx.exe
  2⤵
  PID:9660
- C:\Windows\System\EKfGcMV.exe
  C:\Windows\System\EKfGcMV.exe
  2⤵
  PID:9692
- C:\Windows\System\JCquPHl.exe
  C:\Windows\System\JCquPHl.exe
  2⤵
  PID:9716
- C:\Windows\System\ndXvpMy.exe
  C:\Windows\System\ndXvpMy.exe
  2⤵
  PID:9748
- C:\Windows\System\HKKZopn.exe
  C:\Windows\System\HKKZopn.exe
  2⤵
  PID:9776
- C:\Windows\System\sCRVJKo.exe
  C:\Windows\System\sCRVJKo.exe
  2⤵
  PID:9812
- C:\Windows\System\mwUcLMs.exe
  C:\Windows\System\mwUcLMs.exe
  2⤵
  PID:9840
- C:\Windows\System\OHqLmJk.exe
  C:\Windows\System\OHqLmJk.exe
  2⤵
  PID:9868
- C:\Windows\System\nPgOPHm.exe
  C:\Windows\System\nPgOPHm.exe
  2⤵
  PID:9900
- C:\Windows\System\SAoRucN.exe
  C:\Windows\System\SAoRucN.exe
  2⤵
  PID:9928
- C:\Windows\System\SBMUbpN.exe
  C:\Windows\System\SBMUbpN.exe
  2⤵
  PID:9960
- C:\Windows\System\iVuCzBF.exe
  C:\Windows\System\iVuCzBF.exe
  2⤵
  PID:9984
- C:\Windows\System\uRJVyUQ.exe
  C:\Windows\System\uRJVyUQ.exe
  2⤵
  PID:10016
- C:\Windows\System\OjlTGVu.exe
  C:\Windows\System\OjlTGVu.exe
  2⤵
  PID:10040
- C:\Windows\System\jdGiXiP.exe
  C:\Windows\System\jdGiXiP.exe
  2⤵
  PID:10068
- C:\Windows\System\ltZnbEm.exe
  C:\Windows\System\ltZnbEm.exe
  2⤵
  PID:10088
- C:\Windows\System\gVLfpMF.exe
  C:\Windows\System\gVLfpMF.exe
  2⤵
  PID:10128
- C:\Windows\System\nsosSgN.exe
  C:\Windows\System\nsosSgN.exe
  2⤵
  PID:10172
- C:\Windows\System\BfQkdpX.exe
  C:\Windows\System\BfQkdpX.exe
  2⤵
  PID:10188
- C:\Windows\System\uNxKMKO.exe
  C:\Windows\System\uNxKMKO.exe
  2⤵
  PID:10224
- C:\Windows\System\zyzarow.exe
  C:\Windows\System\zyzarow.exe
  2⤵
  PID:9220
- C:\Windows\System\YhhFPzX.exe
  C:\Windows\System\YhhFPzX.exe
  2⤵
  PID:9284
- C:\Windows\System\ryXcrLk.exe
  C:\Windows\System\ryXcrLk.exe
  2⤵
  PID:9344
- C:\Windows\System\dYAKCQk.exe
  C:\Windows\System\dYAKCQk.exe
  2⤵
  PID:9400
- C:\Windows\System\BkSanSY.exe
  C:\Windows\System\BkSanSY.exe
  2⤵
  PID:9456
- C:\Windows\System\QIDhLKG.exe
  C:\Windows\System\QIDhLKG.exe
  2⤵
  PID:9512
- C:\Windows\System\Rmstmtr.exe
  C:\Windows\System\Rmstmtr.exe
  2⤵
  PID:9604
- C:\Windows\System\SlosoIe.exe
  C:\Windows\System\SlosoIe.exe
  2⤵
  PID:9676
- C:\Windows\System\naqlgaP.exe
  C:\Windows\System\naqlgaP.exe
  2⤵
  PID:9724
- C:\Windows\System\NrTIxmD.exe
  C:\Windows\System\NrTIxmD.exe
  2⤵
  PID:9756
- C:\Windows\System\YglzSrv.exe
  C:\Windows\System\YglzSrv.exe
  2⤵
  PID:9880
- C:\Windows\System\nHAJgdX.exe
  C:\Windows\System\nHAJgdX.exe
  2⤵
  PID:9924
- C:\Windows\System\QMGBMai.exe
  C:\Windows\System\QMGBMai.exe
  2⤵
  PID:10004
- C:\Windows\System\hrJNwcH.exe
  C:\Windows\System\hrJNwcH.exe
  2⤵
  PID:10056
- C:\Windows\System\CsqeqMv.exe
  C:\Windows\System\CsqeqMv.exe
  2⤵
  PID:10136
- C:\Windows\System\mVEPvNo.exe
  C:\Windows\System\mVEPvNo.exe
  2⤵
  PID:10200
- C:\Windows\System\ioBZKSV.exe
  C:\Windows\System\ioBZKSV.exe
  2⤵
  PID:9268
- C:\Windows\System\uIrHShd.exe
  C:\Windows\System\uIrHShd.exe
  2⤵
  PID:9364
- C:\Windows\System\CKFxDbK.exe
  C:\Windows\System\CKFxDbK.exe
  2⤵
  PID:9492
- C:\Windows\System\VRWGDjm.exe
  C:\Windows\System\VRWGDjm.exe
  2⤵
  PID:9700
- C:\Windows\System\qChreld.exe
  C:\Windows\System\qChreld.exe
  2⤵
  PID:9836
- C:\Windows\System\tdofwbR.exe
  C:\Windows\System\tdofwbR.exe
  2⤵
  PID:9992
- C:\Windows\System\znraxKn.exe
  C:\Windows\System\znraxKn.exe
  2⤵
  PID:10168
- C:\Windows\System\pEThYme.exe
  C:\Windows\System\pEThYme.exe
  2⤵
  PID:9316
- C:\Windows\System\cWEmnTK.exe
  C:\Windows\System\cWEmnTK.exe
  2⤵
  PID:9628
- C:\Windows\System\mcPljYr.exe
  C:\Windows\System\mcPljYr.exe
  2⤵
  PID:10064
- C:\Windows\System\xkkmAKw.exe
  C:\Windows\System\xkkmAKw.exe
  2⤵
  PID:9648
- C:\Windows\System\MQUZcrK.exe
  C:\Windows\System\MQUZcrK.exe
  2⤵
  PID:10236
- C:\Windows\System\xmCSvtJ.exe
  C:\Windows\System\xmCSvtJ.exe
  2⤵
  PID:10260
- C:\Windows\System\KMZngDs.exe
  C:\Windows\System\KMZngDs.exe
  2⤵
  PID:10276
- C:\Windows\System\SZAKsJy.exe
  C:\Windows\System\SZAKsJy.exe
  2⤵
  PID:10304
- C:\Windows\System\EJvaGzX.exe
  C:\Windows\System\EJvaGzX.exe
  2⤵
  PID:10328
- C:\Windows\System\XzqqySk.exe
  C:\Windows\System\XzqqySk.exe
  2⤵
  PID:10348
- C:\Windows\System\JTfBqKT.exe
  C:\Windows\System\JTfBqKT.exe
  2⤵
  PID:10388
- C:\Windows\System\wqjAEFT.exe
  C:\Windows\System\wqjAEFT.exe
  2⤵
  PID:10408
- C:\Windows\System\jFOmWwr.exe
  C:\Windows\System\jFOmWwr.exe
  2⤵
  PID:10440
- C:\Windows\System\gBHpNlG.exe
  C:\Windows\System\gBHpNlG.exe
  2⤵
  PID:10472
- C:\Windows\System\KnCOtbo.exe
  C:\Windows\System\KnCOtbo.exe
  2⤵
  PID:10508
- C:\Windows\System\leLqjDy.exe
  C:\Windows\System\leLqjDy.exe
  2⤵
  PID:10540
- C:\Windows\System\kOlZsLS.exe
  C:\Windows\System\kOlZsLS.exe
  2⤵
  PID:10564
- C:\Windows\System\QjLiVrz.exe
  C:\Windows\System\QjLiVrz.exe
  2⤵
  PID:10584
- C:\Windows\System\WIBgYAd.exe
  C:\Windows\System\WIBgYAd.exe
  2⤵
  PID:10604
- C:\Windows\System\KaHlpbu.exe
  C:\Windows\System\KaHlpbu.exe
  2⤵
  PID:10628
- C:\Windows\System\eVEmFup.exe
  C:\Windows\System\eVEmFup.exe
  2⤵
  PID:10652
- C:\Windows\System\ZmpcGrt.exe
  C:\Windows\System\ZmpcGrt.exe
  2⤵
  PID:10676
- C:\Windows\System\kXqOWKI.exe
  C:\Windows\System\kXqOWKI.exe
  2⤵
  PID:10700
- C:\Windows\System\btEsQnz.exe
  C:\Windows\System\btEsQnz.exe
  2⤵
  PID:10736
- C:\Windows\System\LeKDANQ.exe
  C:\Windows\System\LeKDANQ.exe
  2⤵
  PID:10760
- C:\Windows\System\rhZXTXI.exe
  C:\Windows\System\rhZXTXI.exe
  2⤵
  PID:10792
- C:\Windows\System\nwvXBkR.exe
  C:\Windows\System\nwvXBkR.exe
  2⤵
  PID:10824
- C:\Windows\System\nFfURAE.exe
  C:\Windows\System\nFfURAE.exe
  2⤵
  PID:10856
- C:\Windows\System\icFRFNZ.exe
  C:\Windows\System\icFRFNZ.exe
  2⤵
  PID:10884
- C:\Windows\System\VCwEEmr.exe
  C:\Windows\System\VCwEEmr.exe
  2⤵
  PID:10912
- C:\Windows\System\kqgIHJG.exe
  C:\Windows\System\kqgIHJG.exe
  2⤵
  PID:10940
- C:\Windows\System\tLswFgX.exe
  C:\Windows\System\tLswFgX.exe
  2⤵
  PID:10964
- C:\Windows\System\ROMOOKY.exe
  C:\Windows\System\ROMOOKY.exe
  2⤵
  PID:11000
- C:\Windows\System\ZvZYNAE.exe
  C:\Windows\System\ZvZYNAE.exe
  2⤵
  PID:11028
- C:\Windows\System\aVgaQCK.exe
  C:\Windows\System\aVgaQCK.exe
  2⤵
  PID:11048
- C:\Windows\System\kRVKuTp.exe
  C:\Windows\System\kRVKuTp.exe
  2⤵
  PID:11064
- C:\Windows\System\vbseokq.exe
  C:\Windows\System\vbseokq.exe
  2⤵
  PID:11092
- C:\Windows\System\ztHzvgt.exe
  C:\Windows\System\ztHzvgt.exe
  2⤵
  PID:11128
- C:\Windows\System\yGDqAFj.exe
  C:\Windows\System\yGDqAFj.exe
  2⤵
  PID:11156
- C:\Windows\System\dIsfwSy.exe
  C:\Windows\System\dIsfwSy.exe
  2⤵
  PID:11180
- C:\Windows\System\HpAgFaE.exe
  C:\Windows\System\HpAgFaE.exe
  2⤵
  PID:11216
- C:\Windows\System\CRAFGrP.exe
  C:\Windows\System\CRAFGrP.exe
  2⤵
  PID:11244
- C:\Windows\System\XtBvvhX.exe
  C:\Windows\System\XtBvvhX.exe
  2⤵
  PID:9884
- C:\Windows\System\RKFVBkF.exe
  C:\Windows\System\RKFVBkF.exe
  2⤵
  PID:10320
- C:\Windows\System\gmiXdah.exe
  C:\Windows\System\gmiXdah.exe
  2⤵
  PID:10376
- C:\Windows\System\ElFKpea.exe
  C:\Windows\System\ElFKpea.exe
  2⤵
  PID:10404
- C:\Windows\System\bjDMdQI.exe
  C:\Windows\System\bjDMdQI.exe
  2⤵
  PID:10488
- C:\Windows\System\MKsNtEd.exe
  C:\Windows\System\MKsNtEd.exe
  2⤵
  PID:10556
- C:\Windows\System\acSFsmu.exe
  C:\Windows\System\acSFsmu.exe
  2⤵
  PID:10620
- C:\Windows\System\iNhfDAr.exe
  C:\Windows\System\iNhfDAr.exe
  2⤵
  PID:10708
- C:\Windows\System\yoCbYcb.exe
  C:\Windows\System\yoCbYcb.exe
  2⤵
  PID:10752
- C:\Windows\System\VimLQhs.exe
  C:\Windows\System\VimLQhs.exe
  2⤵
  PID:10812
- C:\Windows\System\rRdptMt.exe
  C:\Windows\System\rRdptMt.exe
  2⤵
  PID:10936
- C:\Windows\System\pkqrHLb.exe
  C:\Windows\System\pkqrHLb.exe
  2⤵
  PID:10988
- C:\Windows\System\SHOIgOz.exe
  C:\Windows\System\SHOIgOz.exe
  2⤵
  PID:11016
- C:\Windows\System\yldzWki.exe
  C:\Windows\System\yldzWki.exe
  2⤵
  PID:11116
- C:\Windows\System\aDetVNB.exe
  C:\Windows\System\aDetVNB.exe
  2⤵
  PID:11232
- C:\Windows\System\ipHtmBR.exe
  C:\Windows\System\ipHtmBR.exe
  2⤵
  PID:11256
- C:\Windows\System\mAsWMla.exe
  C:\Windows\System\mAsWMla.exe
  2⤵
  PID:8324
- C:\Windows\System\KvlpJPU.exe
  C:\Windows\System\KvlpJPU.exe
  2⤵
  PID:10528
- C:\Windows\System\rIpoAvx.exe
  C:\Windows\System\rIpoAvx.exe
  2⤵
  PID:10592
- C:\Windows\System\vsyBqcR.exe
  C:\Windows\System\vsyBqcR.exe
  2⤵
  PID:10672
- C:\Windows\System\abzrKWK.exe
  C:\Windows\System\abzrKWK.exe
  2⤵
  PID:10844
- C:\Windows\System\VhqHsLU.exe
  C:\Windows\System\VhqHsLU.exe
  2⤵
  PID:10984
- C:\Windows\System\fcrmXPc.exe
  C:\Windows\System\fcrmXPc.exe
  2⤵
  PID:10992
- C:\Windows\System\ZnENhyI.exe
  C:\Windows\System\ZnENhyI.exe
  2⤵
  PID:11280
- C:\Windows\System\xJIflJR.exe
  C:\Windows\System\xJIflJR.exe
  2⤵
  PID:11296
- C:\Windows\System\wpeUQmz.exe
  C:\Windows\System\wpeUQmz.exe
  2⤵
  PID:11396
- C:\Windows\System\WDaBplx.exe
  C:\Windows\System\WDaBplx.exe
  2⤵
  PID:11416
- C:\Windows\System\hztdvri.exe
  C:\Windows\System\hztdvri.exe
  2⤵
  PID:11448
- C:\Windows\System\HxFhVgn.exe
  C:\Windows\System\HxFhVgn.exe
  2⤵
  PID:11508
- C:\Windows\System\sFkfyWj.exe
  C:\Windows\System\sFkfyWj.exe
  2⤵
  PID:11536
- C:\Windows\System\WMNudqt.exe
  C:\Windows\System\WMNudqt.exe
  2⤵
  PID:11564
- C:\Windows\System\mHufWTP.exe
  C:\Windows\System\mHufWTP.exe
  2⤵
  PID:11596
- C:\Windows\System\tpDJpOL.exe
  C:\Windows\System\tpDJpOL.exe
  2⤵
  PID:11628
- C:\Windows\System\xhTmKnG.exe
  C:\Windows\System\xhTmKnG.exe
  2⤵
  PID:11656
- C:\Windows\System\EVRqozm.exe
  C:\Windows\System\EVRqozm.exe
  2⤵
  PID:11688
- C:\Windows\System\RVoAKGO.exe
  C:\Windows\System\RVoAKGO.exe
  2⤵
  PID:11708
- C:\Windows\System\NKtCYJh.exe
  C:\Windows\System\NKtCYJh.exe
  2⤵
  PID:11744
- C:\Windows\System\HCtPzkM.exe
  C:\Windows\System\HCtPzkM.exe
  2⤵
  PID:11772
- C:\Windows\System\bVdecmU.exe
  C:\Windows\System\bVdecmU.exe
  2⤵
  PID:11808
- C:\Windows\System\SwfEXZo.exe
  C:\Windows\System\SwfEXZo.exe
  2⤵
  PID:11832
- C:\Windows\System\uoRIbmf.exe
  C:\Windows\System\uoRIbmf.exe
  2⤵
  PID:11860
- C:\Windows\System\vGwrWTQ.exe
  C:\Windows\System\vGwrWTQ.exe
  2⤵
  PID:11892
- C:\Windows\System\vvsMuWT.exe
  C:\Windows\System\vvsMuWT.exe
  2⤵
  PID:11916
- C:\Windows\System\fnRNQTj.exe
  C:\Windows\System\fnRNQTj.exe
  2⤵
  PID:11944
- C:\Windows\System\eyjAeLF.exe
  C:\Windows\System\eyjAeLF.exe
  2⤵
  PID:11960
- C:\Windows\System\UFXbXfL.exe
  C:\Windows\System\UFXbXfL.exe
  2⤵
  PID:11976
- C:\Windows\System\MGnODEN.exe
  C:\Windows\System\MGnODEN.exe
  2⤵
  PID:11996
- C:\Windows\System\zuNvIoY.exe
  C:\Windows\System\zuNvIoY.exe
  2⤵
  PID:12020
- C:\Windows\System\TKbVySS.exe
  C:\Windows\System\TKbVySS.exe
  2⤵
  PID:12068
- C:\Windows\System\ihcEyIF.exe
  C:\Windows\System\ihcEyIF.exe
  2⤵
  PID:12112
- C:\Windows\System\Rexqxoe.exe
  C:\Windows\System\Rexqxoe.exe
  2⤵
  PID:12136
- C:\Windows\System\xbmaQul.exe
  C:\Windows\System\xbmaQul.exe
  2⤵
  PID:12168
- C:\Windows\System\BJllFyC.exe
  C:\Windows\System\BJllFyC.exe
  2⤵
  PID:12196
- C:\Windows\System\WeRPpmP.exe
  C:\Windows\System\WeRPpmP.exe
  2⤵
  PID:12224
- C:\Windows\System\yClnicA.exe
  C:\Windows\System\yClnicA.exe
  2⤵
  PID:12256
- C:\Windows\System\sWqehSO.exe
  C:\Windows\System\sWqehSO.exe
  2⤵
  PID:11040
- C:\Windows\System\MvCkGYj.exe
  C:\Windows\System\MvCkGYj.exe
  2⤵
  PID:11084
- C:\Windows\System\EATbkiU.exe
  C:\Windows\System\EATbkiU.exe
  2⤵
  PID:11136
- C:\Windows\System\RSrrDoc.exe
  C:\Windows\System\RSrrDoc.exe
  2⤵
  PID:10372
- C:\Windows\System\oDGngIW.exe
  C:\Windows\System\oDGngIW.exe
  2⤵
  PID:10636
- C:\Windows\System\JpfXICA.exe
  C:\Windows\System\JpfXICA.exe
  2⤵
  PID:11380
- C:\Windows\System\UOMDCCw.exe
  C:\Windows\System\UOMDCCw.exe
  2⤵
  PID:11304
- C:\Windows\System\mZyxGHX.exe
  C:\Windows\System\mZyxGHX.exe
  2⤵
  PID:11456
- C:\Windows\System\hdiXGuG.exe
  C:\Windows\System\hdiXGuG.exe
  2⤵
  PID:11588
- C:\Windows\System\jAlIfUI.exe
  C:\Windows\System\jAlIfUI.exe
  2⤵
  PID:11648
- C:\Windows\System\UaWGDOS.exe
  C:\Windows\System\UaWGDOS.exe
  2⤵
  PID:11700
- C:\Windows\System\HMNumgh.exe
  C:\Windows\System\HMNumgh.exe
  2⤵
  PID:11760
- C:\Windows\System\EqbdePU.exe
  C:\Windows\System\EqbdePU.exe
  2⤵
  PID:11828
- C:\Windows\System\JPwcZMt.exe
  C:\Windows\System\JPwcZMt.exe
  2⤵
  PID:11888
- C:\Windows\System\TGNfmaK.exe
  C:\Windows\System\TGNfmaK.exe
  2⤵
  PID:11932
- C:\Windows\System\nzOPsdG.exe
  C:\Windows\System\nzOPsdG.exe
  2⤵
  PID:12036
- C:\Windows\System\pwZospJ.exe
  C:\Windows\System\pwZospJ.exe
  2⤵
  PID:12076
- C:\Windows\System\wswzXHk.exe
  C:\Windows\System\wswzXHk.exe
  2⤵
  PID:12164
- C:\Windows\System\MqfbOwu.exe
  C:\Windows\System\MqfbOwu.exe
  2⤵
  PID:12192
- C:\Windows\System\YvbXnZq.exe
  C:\Windows\System\YvbXnZq.exe
  2⤵
  PID:12212
- C:\Windows\System\DeaBzGd.exe
  C:\Windows\System\DeaBzGd.exe
  2⤵
  PID:12272
- C:\Windows\System\GJCBCXK.exe
  C:\Windows\System\GJCBCXK.exe
  2⤵
  PID:10664
- C:\Windows\System\tsgGYTn.exe
  C:\Windows\System\tsgGYTn.exe
  2⤵
  PID:11336
- C:\Windows\System\IhbmRys.exe
  C:\Windows\System\IhbmRys.exe
  2⤵
  PID:10808
- C:\Windows\System\GKROwgQ.exe
  C:\Windows\System\GKROwgQ.exe
  2⤵
  PID:832
- C:\Windows\System\fAkOWbs.exe
  C:\Windows\System\fAkOWbs.exe
  2⤵
  PID:11668
- C:\Windows\System\zXQlKYT.exe
  C:\Windows\System\zXQlKYT.exe
  2⤵
  PID:11856
- C:\Windows\System\cBZLHtv.exe
  C:\Windows\System\cBZLHtv.exe
  2⤵
  PID:3372
- C:\Windows\System\ipRPSRF.exe
  C:\Windows\System\ipRPSRF.exe
  2⤵
  PID:12004
- C:\Windows\System\kDaFxUl.exe
  C:\Windows\System\kDaFxUl.exe
  2⤵
  PID:11288
- C:\Windows\System\mVpLwSY.exe
  C:\Windows\System\mVpLwSY.exe
  2⤵
  PID:12248
- C:\Windows\System\DYVGSeS.exe
  C:\Windows\System\DYVGSeS.exe
  2⤵
  PID:4284
- C:\Windows\System\SpheBYI.exe
  C:\Windows\System\SpheBYI.exe
  2⤵
  PID:11912
- C:\Windows\System\qibKDrU.exe
  C:\Windows\System\qibKDrU.exe
  2⤵
  PID:12308
- C:\Windows\System\EePSEby.exe
  C:\Windows\System\EePSEby.exe
  2⤵
  PID:12336
- C:\Windows\System\XncrRGT.exe
  C:\Windows\System\XncrRGT.exe
  2⤵
  PID:12376
- C:\Windows\System\jjDPiGj.exe
  C:\Windows\System\jjDPiGj.exe
  2⤵
  PID:12412
- C:\Windows\System\wDtYATB.exe
  C:\Windows\System\wDtYATB.exe
  2⤵
  PID:12448
- C:\Windows\System\hhgqHaO.exe
  C:\Windows\System\hhgqHaO.exe
  2⤵
  PID:12484
- C:\Windows\System\CpzVwFx.exe
  C:\Windows\System\CpzVwFx.exe
  2⤵
  PID:12516
- C:\Windows\System\soiWLoY.exe
  C:\Windows\System\soiWLoY.exe
  2⤵
  PID:12556
- C:\Windows\System\lqSxvgE.exe
  C:\Windows\System\lqSxvgE.exe
  2⤵
  PID:12620
- C:\Windows\System\bYlHcpl.exe
  C:\Windows\System\bYlHcpl.exe
  2⤵
  PID:12636
- C:\Windows\System\ZqMEzYP.exe
  C:\Windows\System\ZqMEzYP.exe
  2⤵
  PID:12652
- C:\Windows\System\khDPTMa.exe
  C:\Windows\System\khDPTMa.exe
  2⤵
  PID:12668
- C:\Windows\System\bbYjMDN.exe
  C:\Windows\System\bbYjMDN.exe
  2⤵
  PID:12684
- C:\Windows\System\mPxKpzM.exe
  C:\Windows\System\mPxKpzM.exe
  2⤵
  PID:12704
- C:\Windows\System\DwuwYZu.exe
  C:\Windows\System\DwuwYZu.exe
  2⤵
  PID:12720
- C:\Windows\System\WSjTDGr.exe
  C:\Windows\System\WSjTDGr.exe
  2⤵
  PID:12736
- C:\Windows\System\rgTAeuf.exe
  C:\Windows\System\rgTAeuf.exe
  2⤵
  PID:12752
- C:\Windows\System\nsfixAb.exe
  C:\Windows\System\nsfixAb.exe
  2⤵
  PID:12768
- C:\Windows\System\begTdFv.exe
  C:\Windows\System\begTdFv.exe
  2⤵
  PID:12788
- C:\Windows\System\JmQZRBF.exe
  C:\Windows\System\JmQZRBF.exe
  2⤵
  PID:12812
- C:\Windows\System\hTQEfYx.exe
  C:\Windows\System\hTQEfYx.exe
  2⤵
  PID:12836
- C:\Windows\System\BKDxAdm.exe
  C:\Windows\System\BKDxAdm.exe
  2⤵
  PID:12860
- C:\Windows\System\flzaWrA.exe
  C:\Windows\System\flzaWrA.exe
  2⤵
  PID:12888
- C:\Windows\System\ycKuPkq.exe
  C:\Windows\System\ycKuPkq.exe
  2⤵
  PID:12908
- C:\Windows\System\ayunGGU.exe
  C:\Windows\System\ayunGGU.exe
  2⤵
  PID:12940
- C:\Windows\System\GpclfeW.exe
  C:\Windows\System\GpclfeW.exe
  2⤵
  PID:12964
- C:\Windows\System\QBpgCOZ.exe
  C:\Windows\System\QBpgCOZ.exe
  2⤵
  PID:12988
- C:\Windows\System\yEXJgok.exe
  C:\Windows\System\yEXJgok.exe
  2⤵
  PID:13012
- C:\Windows\System\KxqwRFw.exe
  C:\Windows\System\KxqwRFw.exe
  2⤵
  PID:13040
- C:\Windows\System\YPSTqXe.exe
  C:\Windows\System\YPSTqXe.exe
  2⤵
  PID:13068
- C:\Windows\System\FuVUYDU.exe
  C:\Windows\System\FuVUYDU.exe
  2⤵
  PID:13112
- C:\Windows\System\LCnCkws.exe
  C:\Windows\System\LCnCkws.exe
  2⤵
  PID:13140
- C:\Windows\System\cTuDUCk.exe
  C:\Windows\System\cTuDUCk.exe
  2⤵
  PID:13168
- C:\Windows\System\AyTjFps.exe
  C:\Windows\System\AyTjFps.exe
  2⤵
  PID:13196
- C:\Windows\System\GTPSzzl.exe
  C:\Windows\System\GTPSzzl.exe
  2⤵
  PID:13228
- C:\Windows\System\KxHQdOT.exe
  C:\Windows\System\KxHQdOT.exe
  2⤵
  PID:13252
- C:\Windows\System\ARHlthf.exe
  C:\Windows\System\ARHlthf.exe
  2⤵
  PID:13292
- C:\Windows\System\fuJxVpN.exe
  C:\Windows\System\fuJxVpN.exe
  2⤵
  PID:12184
- C:\Windows\System\WgHLmBn.exe
  C:\Windows\System\WgHLmBn.exe
  2⤵
  PID:12096
- C:\Windows\System\ACJAFcn.exe
  C:\Windows\System\ACJAFcn.exe
  2⤵
  PID:12364
- C:\Windows\System\kHHSXgF.exe
  C:\Windows\System\kHHSXgF.exe
  2⤵
  PID:12508
- C:\Windows\System\xwiUJBv.exe
  C:\Windows\System\xwiUJBv.exe
  2⤵
  PID:12576
- C:\Windows\System\WPpzIBQ.exe
  C:\Windows\System\WPpzIBQ.exe
  2⤵
  PID:12744
- C:\Windows\System\WxjYCeS.exe
  C:\Windows\System\WxjYCeS.exe
  2⤵
  PID:12608
- C:\Windows\System\bZKXWDY.exe
  C:\Windows\System\bZKXWDY.exe
  2⤵
  PID:12856
- C:\Windows\System\JAjnQfy.exe
  C:\Windows\System\JAjnQfy.exe
  2⤵
  PID:12876
- C:\Windows\System\mutNQuK.exe
  C:\Windows\System\mutNQuK.exe
  2⤵
  PID:13136
- C:\Windows\System\QdSqruu.exe
  C:\Windows\System\QdSqruu.exe
  2⤵
  PID:4644
- C:\Windows\System\obfmirW.exe
  C:\Windows\System\obfmirW.exe
  2⤵
  PID:13180
- C:\Windows\System\UuNTvYV.exe
  C:\Windows\System\UuNTvYV.exe
  2⤵
  PID:13304
- C:\Windows\System\AjVQqKm.exe
  C:\Windows\System\AjVQqKm.exe
  2⤵
  PID:13248
- C:\Windows\System\agcMiCH.exe
  C:\Windows\System\agcMiCH.exe
  2⤵
  PID:12332
- C:\Windows\System\OYsEKDb.exe
  C:\Windows\System\OYsEKDb.exe
  2⤵
  PID:12648
- C:\Windows\System\YbUXnlX.exe
  C:\Windows\System\YbUXnlX.exe
  2⤵
  PID:12732
- C:\Windows\System\QeqgyIy.exe
  C:\Windows\System\QeqgyIy.exe
  2⤵
  PID:12540
- C:\Windows\System\hVoWcFC.exe
  C:\Windows\System\hVoWcFC.exe
  2⤵
  PID:13064
- C:\Windows\System\uabmExS.exe
  C:\Windows\System\uabmExS.exe
  2⤵
  PID:13004
- C:\Windows\System\GKlaqeX.exe
  C:\Windows\System\GKlaqeX.exe
  2⤵
  PID:13164
- C:\Windows\System\cCqVfHL.exe
  C:\Windows\System\cCqVfHL.exe
  2⤵
  PID:12612
- C:\Windows\System\OlXShzW.exe
  C:\Windows\System\OlXShzW.exe
  2⤵
  PID:12956
- C:\Windows\System\pjmNKGT.exe
  C:\Windows\System\pjmNKGT.exe
  2⤵
  PID:12976
- C:\Windows\System\fmUAulu.exe
  C:\Windows\System\fmUAulu.exe
  2⤵
  PID:13320
- C:\Windows\System\gzaHFyo.exe
  C:\Windows\System\gzaHFyo.exe
  2⤵
  PID:13356
- C:\Windows\System\jnflGxu.exe
  C:\Windows\System\jnflGxu.exe
  2⤵
  PID:13380
- C:\Windows\System\FKAwISA.exe
  C:\Windows\System\FKAwISA.exe
  2⤵
  PID:13408
- C:\Windows\System\txCBjBi.exe
  C:\Windows\System\txCBjBi.exe
  2⤵
  PID:13432
- C:\Windows\System\kAOfKzL.exe
  C:\Windows\System\kAOfKzL.exe
  2⤵
  PID:13456
- C:\Windows\System\OismtrI.exe
  C:\Windows\System\OismtrI.exe
  2⤵
  PID:13488
- C:\Windows\System\YplOcOW.exe
  C:\Windows\System\YplOcOW.exe
  2⤵
  PID:13520
- C:\Windows\System\GjBIklg.exe
  C:\Windows\System\GjBIklg.exe
  2⤵
  PID:13540
- C:\Windows\System\rOvteit.exe
  C:\Windows\System\rOvteit.exe
  2⤵
  PID:13556
- C:\Windows\System\rBzXWzJ.exe
  C:\Windows\System\rBzXWzJ.exe
  2⤵
  PID:13572
- C:\Windows\System\UmbdwCu.exe
  C:\Windows\System\UmbdwCu.exe
  2⤵
  PID:13588
- C:\Windows\System\eSGRmdF.exe
  C:\Windows\System\eSGRmdF.exe
  2⤵
  PID:13604
- C:\Windows\System\iQswwwv.exe
  C:\Windows\System\iQswwwv.exe
  2⤵
  PID:13624
- C:\Windows\System\dEwDbDP.exe
  C:\Windows\System\dEwDbDP.exe
  2⤵
  PID:13648
- C:\Windows\System\pdQHykA.exe
  C:\Windows\System\pdQHykA.exe
  2⤵
  PID:13704
- C:\Windows\System\YhwvUuv.exe
  C:\Windows\System\YhwvUuv.exe
  2⤵
  PID:13724
- C:\Windows\System\lpbmASB.exe
  C:\Windows\System\lpbmASB.exe
  2⤵
  PID:13760
- C:\Windows\System\DJsFIui.exe
  C:\Windows\System\DJsFIui.exe
  2⤵
  PID:13788
- C:\Windows\System\uecvIyy.exe
  C:\Windows\System\uecvIyy.exe
  2⤵
  PID:13816
- C:\Windows\System\glBUpbO.exe
  C:\Windows\System\glBUpbO.exe
  2⤵
  PID:13844
- C:\Windows\System\CisJiHW.exe
  C:\Windows\System\CisJiHW.exe
  2⤵
  PID:13884
- C:\Windows\System\aSBKVPs.exe
  C:\Windows\System\aSBKVPs.exe
  2⤵
  PID:13912
- C:\Windows\System\XYCStAk.exe
  C:\Windows\System\XYCStAk.exe
  2⤵
  PID:13948
- C:\Windows\System\mcXRaTb.exe
  C:\Windows\System\mcXRaTb.exe
  2⤵
  PID:13972
- C:\Windows\System\PXutEAf.exe
  C:\Windows\System\PXutEAf.exe
  2⤵
  PID:13996
- C:\Windows\System\NfnvknP.exe
  C:\Windows\System\NfnvknP.exe
  2⤵
  PID:14032
- C:\Windows\System\lmoRFLf.exe
  C:\Windows\System\lmoRFLf.exe
  2⤵
  PID:14060
- C:\Windows\System\cwrlstk.exe
  C:\Windows\System\cwrlstk.exe
  2⤵
  PID:14088
- C:\Windows\System\exiNyvW.exe
  C:\Windows\System\exiNyvW.exe
  2⤵
  PID:14116
- C:\Windows\System\RseHzKv.exe
  C:\Windows\System\RseHzKv.exe
  2⤵
  PID:14148
- C:\Windows\System\zaotfEN.exe
  C:\Windows\System\zaotfEN.exe
  2⤵
  PID:14180
- C:\Windows\System\xsYeZgL.exe
  C:\Windows\System\xsYeZgL.exe
  2⤵
  PID:14204
- C:\Windows\System\NEzBbnx.exe
  C:\Windows\System\NEzBbnx.exe
  2⤵
  PID:14272
- C:\Windows\System\dEBprNg.exe
  C:\Windows\System\dEBprNg.exe
  2⤵
  PID:14288
- C:\Windows\System\RLJeJiO.exe
  C:\Windows\System\RLJeJiO.exe
  2⤵
  PID:14308
- C:\Windows\System\DTxzLeQ.exe
  C:\Windows\System\DTxzLeQ.exe
  2⤵
  PID:14324
- C:\Windows\System\WRwbppx.exe
  C:\Windows\System\WRwbppx.exe
  2⤵
  PID:760
- C:\Windows\System\myrValx.exe
  C:\Windows\System\myrValx.exe
  2⤵
  PID:12820
- C:\Windows\System\ynYasji.exe
  C:\Windows\System\ynYasji.exe
  2⤵
  PID:13396
- C:\Windows\System\KOeupoQ.exe
  C:\Windows\System\KOeupoQ.exe
  2⤵
  PID:13472
- C:\Windows\System\AaCJSEL.exe
  C:\Windows\System\AaCJSEL.exe
  2⤵
  PID:13532
- C:\Windows\System\CNQuUpa.exe
  C:\Windows\System\CNQuUpa.exe
  2⤵
  PID:13568
- C:\Windows\System\wxrYDKf.exe
  C:\Windows\System\wxrYDKf.exe
  2⤵
  PID:13612
- C:\Windows\System\DVUiDpl.exe
  C:\Windows\System\DVUiDpl.exe
  2⤵
  PID:13688
- C:\Windows\System\VwRCcdp.exe
  C:\Windows\System\VwRCcdp.exe
  2⤵
  PID:13984
- C:\Windows\System\trSLjKy.exe
  C:\Windows\System\trSLjKy.exe
  2⤵
  PID:10872
- C:\Windows\System\lfwEpyJ.exe
  C:\Windows\System\lfwEpyJ.exe
  2⤵
  PID:14020
- C:\Windows\System\DjdJNnE.exe
  C:\Windows\System\DjdJNnE.exe
  2⤵
  PID:14008
- C:\Windows\System\fnbLPfL.exe
  C:\Windows\System\fnbLPfL.exe
  2⤵
  PID:14108
- C:\Windows\System\aDHTPhu.exe
  C:\Windows\System\aDHTPhu.exe
  2⤵
  PID:14268
- C:\Windows\System\qtuGMAY.exe
  C:\Windows\System\qtuGMAY.exe
  2⤵
  PID:14244
- C:\Windows\System\KxLEhhN.exe
  C:\Windows\System\KxLEhhN.exe
  2⤵
  PID:14296
- C:\Windows\System\jIgbnFY.exe
  C:\Windows\System\jIgbnFY.exe
  2⤵
  PID:13584
- C:\Windows\System\EAYjQTr.exe
  C:\Windows\System\EAYjQTr.exe
  2⤵
  PID:13692
- C:\Windows\System\uXqKICf.exe
  C:\Windows\System\uXqKICf.exe
  2⤵
  PID:13668
- C:\Windows\System\jMsSMOa.exe
  C:\Windows\System\jMsSMOa.exe
  2⤵
  PID:13988
- C:\Windows\System\xKcqmsi.exe
  C:\Windows\System\xKcqmsi.exe
  2⤵
  PID:14080
- C:\Windows\System\ocsAReG.exe
  C:\Windows\System\ocsAReG.exe
  2⤵
  PID:2452
- C:\Windows\System\HvkeRUd.exe
  C:\Windows\System\HvkeRUd.exe
  2⤵
  PID:14236
- C:\Windows\System\zAVHXKT.exe
  C:\Windows\System\zAVHXKT.exe
  2⤵
  PID:13600
- C:\Windows\System\BtHlegm.exe
  C:\Windows\System\BtHlegm.exe
  2⤵
  PID:13536
- C:\Windows\System\LEswNWj.exe
  C:\Windows\System\LEswNWj.exe
  2⤵
  PID:14012
- C:\Windows\System\FRuosyv.exe
  C:\Windows\System\FRuosyv.exe
  2⤵
  PID:14344
- C:\Windows\System\ssFsCDf.exe
  C:\Windows\System\ssFsCDf.exe
  2⤵
  PID:14380
- C:\Windows\System\QdhAzKM.exe
  C:\Windows\System\QdhAzKM.exe
  2⤵
  PID:14400
- C:\Windows\System\PkiuIqs.exe
  C:\Windows\System\PkiuIqs.exe
  2⤵
  PID:14432
- C:\Windows\System\lRIrJyg.exe
  C:\Windows\System\lRIrJyg.exe
  2⤵
  PID:14460
- C:\Windows\System\hIYfnIP.exe
  C:\Windows\System\hIYfnIP.exe
  2⤵
  PID:14480
- C:\Windows\System\kuluhOi.exe
  C:\Windows\System\kuluhOi.exe
  2⤵
  PID:14508
- C:\Windows\System\eBvYfAS.exe
  C:\Windows\System\eBvYfAS.exe
  2⤵
  PID:14536
- C:\Windows\System\YqrSOge.exe
  C:\Windows\System\YqrSOge.exe
  2⤵
  PID:14560
- C:\Windows\System\nGzccLs.exe
  C:\Windows\System\nGzccLs.exe
  2⤵
  PID:14588
- C:\Windows\System\FtRBsLh.exe
  C:\Windows\System\FtRBsLh.exe
  2⤵
  PID:14616
- C:\Windows\System\wcNrvOj.exe
  C:\Windows\System\wcNrvOj.exe
  2⤵
  PID:14644
- C:\Windows\System\QaXJaOg.exe
  C:\Windows\System\QaXJaOg.exe
  2⤵
  PID:14676
- C:\Windows\System\DrNCvxh.exe
  C:\Windows\System\DrNCvxh.exe
  2⤵
  PID:14704
- C:\Windows\System\SPoWTsJ.exe
  C:\Windows\System\SPoWTsJ.exe
  2⤵
  PID:14732
- C:\Windows\System\XWpyjPV.exe
  C:\Windows\System\XWpyjPV.exe
  2⤵
  PID:14760
- C:\Windows\System\XkdxSAh.exe
  C:\Windows\System\XkdxSAh.exe
  2⤵
  PID:14780
- C:\Windows\System\qRdyJrh.exe
  C:\Windows\System\qRdyJrh.exe
  2⤵
  PID:14804
- C:\Windows\System\VWiYvIE.exe
  C:\Windows\System\VWiYvIE.exe
  2⤵
  PID:14832
- C:\Windows\System\jBuhYZe.exe
  C:\Windows\System\jBuhYZe.exe
  2⤵
  PID:14860
- C:\Windows\System\LwoLaQz.exe
  C:\Windows\System\LwoLaQz.exe
  2⤵
  PID:14892
- C:\Windows\System\CKeHgWO.exe
  C:\Windows\System\CKeHgWO.exe
  2⤵
  PID:14924
- C:\Windows\System\qAepQAg.exe
  C:\Windows\System\qAepQAg.exe
  2⤵
  PID:14952
- C:\Windows\System\IsNLiff.exe
  C:\Windows\System\IsNLiff.exe
  2⤵
  PID:14988
- C:\Windows\System\lasTBml.exe
  C:\Windows\System\lasTBml.exe
  2⤵
  PID:15012
- C:\Windows\System\fnIwOcf.exe
  C:\Windows\System\fnIwOcf.exe
  2⤵
  PID:15032
- C:\Windows\System\RlfJOCP.exe
  C:\Windows\System\RlfJOCP.exe
  2⤵
  PID:15060
- C:\Windows\System\iPslEPx.exe
  C:\Windows\System\iPslEPx.exe
  2⤵
  PID:15164
- C:\Windows\System\qIgZIfn.exe
  C:\Windows\System\qIgZIfn.exe
  2⤵
  PID:15180
- C:\Windows\System\wHjbATh.exe
  C:\Windows\System\wHjbATh.exe
  2⤵
  PID:15204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\ALEFfDc.exe

Filesize
3.8MB

MD5
31bae3d9fb92883c198661a890324a6c

SHA1
5629a5e270b9d23d1c15eb0dbeb874c358ca3244

SHA256
293d7bb30eaa6b5bac4047cc23e5f7bf2e1d16c9077ae5ea4d7f4473a970c4f7

SHA512
7fba0500f694886ec40ae5b440796341d5ec28efa1b166d312e6f0604700385f18f248f39ea1e3002e8e6ca0330ce0e32d21c248ef5ef1f5e7a5fd03736dbe8f

Download Submit
C:\Windows\System\AMuHTsV.exe

Filesize
3.8MB

MD5
b3e6105b16df9ccf36c220f51bc2c527

SHA1
f6f021bd31194f005cf73726616611f5926e5b02

SHA256
ed69a1260c2fb091dc25c82d000ad3f0c2b3599940a23b05949e72d93a9df4a7

SHA512
4741f28c4519833ce996a4054873ce64ce8000d45099a94151f18c84cb108b142a92b76ce0bf51806c844f8df60abca82fd40415f3a3d49ad2913c63c2adef1c

Download Submit
C:\Windows\System\BWGkgjv.exe

Filesize
3.8MB

MD5
4eb7ecc5cb38c6194666e860f8233892

SHA1
be010c4c43a3622b695b394d0be62e1cb79f5c2b

SHA256
5c046426c0fdcccf8701436cb1153e152635fb7365f5be991f55ff749dc70ac2

SHA512
4dd201d76370705521fc13d4dee22ea8feecc6524b154adf5e057f4dc9e6eae824dcf486104cdcd1c88aefe7b73c7cb876982c95949768cb8f083a20d1fa3634

Download Submit
C:\Windows\System\EyshPRz.exe

Filesize
3.8MB

MD5
f3588e424ad1cf76db82726fe9f95d73

SHA1
7afa6db53a039ead2f0301b07e7e86381e309884

SHA256
a1c0ab8fed714cb14c095b962653e80032de828fe00c94b8b7d045b14a7f2dce

SHA512
17b23e3048ffd033eff683971539dac72c794f0c2165008d50b36b457933f48418d421ba6b38713953aab16a2a6f32fb25616dd8d02077b3b31b883dc67aee01

Download Submit
C:\Windows\System\Fihyhbh.exe

Filesize
3.8MB

MD5
9247a69f7de949c16ba4342320d4db26

SHA1
ca9d4079b5bcf9103c5825d79610d74d246ec15a

SHA256
944ff6619197f16493bf51d9b5675bd00d2357a6b5d92b651427cda5b0f945f1

SHA512
2b13741f161bea909caec02c61f18939cd419081ef64381bf1242722919ec93a23143dd069effae66f5edb835e108662a9ce6f5cd717e329deae0584e004b0ad

Download Submit
C:\Windows\System\NCLdXHH.exe

Filesize
3.8MB

MD5
86f7da234fe18317c1d564f47ce04832

SHA1
3b2cc26370e43f43490999772fb466f7e31a8000

SHA256
d2746e6350efb67e0225a870516944809366186940d8b93933d02558b1f31312

SHA512
a09ad5ce96856813b3e5dc846a64e1abaa6b77304b45e87c7f59b608cf220927b359e0d0e8ed0bc85ebf62a6bbd7becddbeadc3acb0b79b671f9fd0872ec3700

Download Submit
C:\Windows\System\PKDbEtv.exe

Filesize
3.8MB

MD5
412816a3466180139affdb04f24bd100

SHA1
d62085353d6e94fd71942f03d2b76665b5e8de9a

SHA256
9a196d5ce3c4638670c38d8563820f0a7c099e2f2a2f8da96b88512091a3dcdb

SHA512
897121de29e5e5490b33747cc855fd506c843f7f850b363e83a6c548386e8ceaabe3cee2be6d0cd2c59c3036b7e973a9649c5ab47099806038fc41fb78117f2c

Download Submit
C:\Windows\System\QIkuxoE.exe

Filesize
3.8MB

MD5
4f2959ca9d6e3fe7ae3528d0d43b9a3f

SHA1
d4d3d6b093cd41f49418f17bc8ab1886d3f8e8f2

SHA256
18f4a91d56e661c97c3235fe7e11d57657ec8dcaf397dc983ece3ed2a44a8c8a

SHA512
b84de6e47acd9205f1bcbcf761a580918bee319dc32e4ed3855ee3534385b64690186083f1bfe59ed3cb67721b3f791ecc86c367a559b22629d3cf4463b929c7

Download Submit
C:\Windows\System\RXqXHPN.exe

Filesize
3.8MB

MD5
93d41cbde097e9054beafdbd733c3ba3

SHA1
410817b7a4c7fe4f05124df6d863822f3a9df81c

SHA256
cf46659f9e981a5307f0e25c35f7b3cc45434952c8f8d62e99514984ec18ac34

SHA512
a3305e172bce82016fe10345d16ec51241a9296754da9445b3c825a7702f2bd3e759744afbd425448b39be061c7924f6ea41598f845c02d9ab3a18b4549228ca

Download Submit
C:\Windows\System\SNwowpd.exe

Filesize
3.8MB

MD5
beabaa5d2c0bb8b9cf25b675a3346ea9

SHA1
e5425819d2633a2c02da158195251410880caf88

SHA256
0f6f083083237384974895e4205862d22b69295516d7606bd97452690afe92de

SHA512
b04f7ed7dcaa440808f400211e6c601d0a31f2b325bcf16e0aff2eb06fea69ae53adf689e4edb03e7b1ec4dbb616f5409eba7176e3553abdccf7065eecf2d49f

Download Submit
C:\Windows\System\UMwWbII.exe

Filesize
3.8MB

MD5
1e89782ed121ea94156e5cb7bfedff0e

SHA1
d585a4140b55387c7ed21222a090b41b39c19985

SHA256
5522e9cd6b57b10f2f2cf771b3420d6bc4f0bb9730626d546e7caa8017e36f7c

SHA512
16bfb95b345c024e353959dcb2cd1e41bc089e24d1bf0af69ea34edbf60dcedc4a7a0f232162ab8631ae51bc464966674d235e78f2150193c47ef4ce7edd949e

Download Submit
C:\Windows\System\UZiKdPI.exe

Filesize
3.8MB

MD5
14a75ab587ecba129f7e2820dc6e2107

SHA1
3380b55c7887045ef8a5ae1440fcddd5c66318ea

SHA256
5a5d200ddea90d466e121902a2322f856a5749547ee7519569647a0545ae5e47

SHA512
d8820bf054ca01b25ffb936c8a36b77ca187753a7fa093f7a566f63249673b03d0a70f883a2c6bea916d83b2309caa2cd14b41f051ba219f53f73290f2101d48

Download Submit
C:\Windows\System\ZAsOrSc.exe

Filesize
3.8MB

MD5
2f6dbbf63921e51a98b847fdac7e706d

SHA1
0737725a50f61dcac804c3750420764623863f76

SHA256
697b5a3cc3108f548db1d17cfd3e36340ac4da7c1913861a61d17bdea5219ca2

SHA512
4179c3ad178b72979fe791c76590c229cc0562dab94d4b5ee85a5c8432986f2da19646e3abe01b4c4a0f32901860e7b4ced628c693d2c866f144b1cd91404815

Download Submit
C:\Windows\System\ZgKwsea.exe

Filesize
3.8MB

MD5
b6172474a582d81eb0ec1c31953b7d31

SHA1
8f490f4df18b0ad78296cf0e1130470d5502670d

SHA256
4ee915ad01c3c64104b67a60d6a6ce7c69cecbca0a0b3bfe8baf6a5aade7fb77

SHA512
b4197118b20c8ed456c400cd3c66a77706189aede0eedb1a051c0698425caaecf8d0545a44d87fd02332f612df22023c4b2b1ee531a2df69efaaf5e0682fab47

Download Submit
C:\Windows\System\ZgMSeNu.exe

Filesize
3.8MB

MD5
37576b3d5a97612e9b0a1f298009a48e

SHA1
6755b9bf8e1da9156b7626ecbcb0603849aaf223

SHA256
95ae31bfa2992f24f448fe04a51edc121b6b73f4e8c1e4e362899afcc8aa06d3

SHA512
2c4638d60681b59fe832353a7995da264d3b4e63e9b2e24d7ba82b4ef6eb0e18e1408e616418db5d9b424a67e6367f48c4eaa497fe60558e0cf79f0cb37196f7

Download Submit
C:\Windows\System\cSyEnHC.exe

Filesize
3.8MB

MD5
022c07f520dad71b8fb7c34d196aa3ba

SHA1
ef2b4fa69dfa353ebc454a15a3748a76687fe1ab

SHA256
961d2b5eb874bb345da96af1d971f006a4418c8a360171f0938c2472ebfa808a

SHA512
f02e5b20e8a9a8201062ec7851690ab3b5e76c0cd969bc35abc747ad7af0184bc5574de552aacab52896c9415f339306de86cffa4240ac789d782ae16d1a5bb4

Download Submit
C:\Windows\System\hHbEVrg.exe

Filesize
3.8MB

MD5
28b29c746b5bdbfbb17f4da06a9d76b9

SHA1
8de6432ae7207ab8661341191c98ca0da5b1e1e7

SHA256
63995d68e8c2246c40b9a537bb4910f48b66269ac7c4f20e4f60dd39141eef8d

SHA512
1e0ba5b84f60d3642b91fde5adf1434bb978ade4b2165c38ae1fc4eb6f1a9fc5f397cb894012d83235679d7bf8b0eeedc43c068de99306fb3c772b6af095814e

Download Submit
C:\Windows\System\jRwnITY.exe

Filesize
3.8MB

MD5
e83e97beb11ef1741da0e383d67c91c7

SHA1
dc69c7755522d55c9d4210f8823ffbca30b10b08

SHA256
f00dd02b69e6ff3c7e67682e169fdcecd14e0e3f9442c88d71eab1966444ab06

SHA512
f8d1b6bb9ae7915e99d2b346b8a5f5ff49bba3e3bd235e04b9d0b362040ba4f6b671963babf724031755287228adc722cdd71b8f9588fbb9c2ebf60497104554

Download Submit
C:\Windows\System\jgkQaYE.exe

Filesize
3.8MB

MD5
505bff94f0a53450eb7a6fa219388ef7

SHA1
744b37921481c59b818483813af4a3482dec4829

SHA256
a99c1f4c2a91e02ba3702e42a101a3f56b35af772bcf353a454a530425a19e0a

SHA512
f16ededb2293778cf07c24b29e161cb769278cfed0da76e0766f0c24b87657ded2bd8bbfbd961e4d26840b871637be4f195647d9a7e9b6449a1c6547e65ed1c0

Download Submit
C:\Windows\System\jxaPVhP.exe

Filesize
3.8MB

MD5
15b14884e97a114865dd9879ffd7fa27

SHA1
d44fc46219d133f3fd2d98b9a86b9bed863598e1

SHA256
542b6b65ac45935428282891c7685c9c0304894753d6162b7bbf0ff4d909e5be

SHA512
f0941527d7d2dbcb424bbbd67cc42db6ba1c1564f3f64b2e1ad49eb93b2176f3f9cc62ffd995d7a3783477fab0e513edd0a04194ff267d7dfbfd60c64534764e

Download Submit
C:\Windows\System\lLWxdog.exe

Filesize
3.8MB

MD5
6562c886c2b70faf909bec7482b7a70c

SHA1
16c23afe07e14ac2526f67286e568d479a70d125

SHA256
d087dd172e70bbb3a3949b6e4f00008156243851f19319c62bcd68130e0dfe9a

SHA512
c1a9836025f177d0bb355c5df54014e85fdc7ff7efc933b56e135026f20f31f5d95c87c0de9db78ee94f1cfe5f354d60b2d7b195e3a52f8ace5cab40b3275a6d

Download Submit
C:\Windows\System\lXnncMt.exe

Filesize
3.8MB

MD5
5217e1eb74e9b8ffaf5a14043ba97ea0

SHA1
32f010f43adb095a71a3818edc6032bc95040ace

SHA256
d477eea05fb26b0e403d7e2f81ed1ff4a575e97409417be496016af468332b3a

SHA512
a7dcee5f5d663e2c031554160d5ce095fbedf6bad6af50b8221f1d5da04712f1866162229ec997dea1c9efce45a3fd49def77563d0c714bc3d5267a5e91380d3

Download Submit
C:\Windows\System\nigIYAI.exe

Filesize
3.8MB

MD5
0cd653f6d64dfb43a7baac1de3be9fbf

SHA1
ddeeaa5f431c09390a0a252a957c6a1cd52dc527

SHA256
5401b434468e611a86e5d6085e1e991a46e4d27cc1f711ed0e871a56a4734ead

SHA512
1c4e07f77148969090897334877d21748075ae23d995141f4bca16b276838320b059bd55b3901fc20bae634f29f13bf98201ee88e54d8bf4510ce38833eae98c

Download Submit
C:\Windows\System\paRXoLl.exe

Filesize
3.8MB

MD5
4dcd5aff9220e004cedf7a13e2ba661f

SHA1
db459153641a8fab94350677eee928fc06418063

SHA256
28a6bb1237c77cef6471fd1bfd746d33e5e1e6ac8849037e237bab5049c54f34

SHA512
8d2359fc2995494a25f55761e689bdc346bfc3977ccd75e7c9655f9d1397d9478fc37eb5a789824ebd6d4f3c1ecad6320c4e592e13617a6730208e5be5fd9bd6

Download Submit
C:\Windows\System\puvRRXM.exe

Filesize
3.8MB

MD5
23901c282aff718b2fe03f3054a3170b

SHA1
0fbc89c3f78be4547e2f6bf94e2807863cdd5761

SHA256
31dc8292dc2cfa826a5f7c26597778a52362507e19b3720f622370b57816d22d

SHA512
f74fa30e8c76f11208111717bd89396e3b5b55206aa76d81459fec9c540c33f0f55239c691eb64e7920fdebd141b4b2ffb700b32aac756699cac0f6ebbaaddf0

Download Submit
C:\Windows\System\qscrvVi.exe

Filesize
3.8MB

MD5
aa256f75e6d0f0a7fcacb1a11178c8f0

SHA1
0a4886858705e628b3e13b68225372a32a838e9d

SHA256
5dd37cc02cdb90d0fe19d051627c370cce3d385623b896e3ef946af52f3c2038

SHA512
0b2d3472a856118770c4c0403b6ef30badedf9175e5fd9707b79e927a77cf8f0184383b0a5ea1eac962c327e427b8cec2720ade30c067c129037061d782183d2

Download Submit
C:\Windows\System\rEfzVmk.exe

Filesize
3.8MB

MD5
37a98dda6944980d2b7a86b813f212f2

SHA1
16d0415a11de40605488eabd390814220c3a3dd4

SHA256
b593740ec7b1b6e952a1e6f5c2b3ebce0234bad509e6393e41a0dc5264e434c7

SHA512
70a70a252538d10d4f04f9adcfc21486834c18cd89032ba0c63264a89c763086fadab6e8f1e79d4dc7542a9ffeae771e42d77c227006d6af62d1779553a422cb

Download Submit
C:\Windows\System\uTKaOPX.exe

Filesize
3.8MB

MD5
2f0c53e869ea958e2af34a789cae8976

SHA1
9827aa52f6c815ae0ab3680c981a74f2c84329a1

SHA256
5c300002c59721ab0a2fcd01819d22c76b8c7f2e1f7c1ab327dadd7a6fff3417

SHA512
c0794ad4cecc2c860fc4989f79d864ac3ccd99a4a78858117c69b17c7fe5bc4624fb5764b937f7538356991e8171bd061f53857baf43acd0a1734050d6ea2302

Download Submit
C:\Windows\System\ubydago.exe

Filesize
3.8MB

MD5
967d50d2ffb3b0f173605760f3dc58b6

SHA1
4c8e31f617aa5076ab8cda1bc684c7e34b2cface

SHA256
e5e17416eaa0d7314955c83a421c0d55b67312d6b1d56811d9c165d17f7a0e68

SHA512
a0f991aba6daee5fb104041f162928a57f177ba1c7b4d23052900a61cc66622cbbfb9ff354140c29eb3856e93e8218ee53a91363e24f3eba3bf296dc883cc462

Download Submit
C:\Windows\System\upFcwgT.exe

Filesize
3.8MB

MD5
27b29f202a3d56b01c62a807f8fcae8c

SHA1
ca4074d8587e0294b1a4e251dfa318e7539e1cb0

SHA256
07b8531d88a3713f74f379028e974acb9886cc2066d263bc33ebd532e4ff023a

SHA512
b93e155774ac096fcb9309d5cd906801014f020be0da69eb967d6024822ec1c7fb43dff788f46d8fd0e0d83e6a133335790b95fb7c0df33e439e882da1e10021

Download Submit
C:\Windows\System\wDNdZBN.exe

Filesize
3.8MB

MD5
cba2e50b538638497907711ed83fcdb6

SHA1
2d478e4e70a03902473bec8fa3c836b5d6c4ca48

SHA256
f44bf62d6b228783330ea1e3af6b1b427ea2c80c8f436e98fede99fcb6fde399

SHA512
2cdf241a81f160771b8b2f8d877eb539c7afa04dd89ea310b534881addb85346b1df0dc434a2aee98dcc29339a2ee0333b759eee0f710cdec8b442a47607ed10

Download Submit
C:\Windows\System\xbThUhS.exe

Filesize
3.8MB

MD5
f7c5cf613150a401aeaaed199cdc0d6d

SHA1
ca5eae1227ce7c6548adb9aa0df6036ef6dbd879

SHA256
3f5076aacfb0b300fd0495c8301eac37f506252397fe041edd9ed15aa12fe148

SHA512
2b9369435c48458ef6836d2ba7174ae7c112ebe4302679c445cdba2e17577afe875d45337295489c0a6e4efd803b1c73d423b456530365904f4ba2d2f6275039

Download Submit
C:\Windows\System\zXkLUqr.exe

Filesize
3.8MB

MD5
c9768f0f62ac3d3097ac06c57b85506f

SHA1
752b119997dc68cd63aea24cbc18714a9d2d006d

SHA256
54378c7d98bcb0cdfb5d172df7dab88b3398bd24d4db8b52e4a5dced85f75757

SHA512
81f00b9b47afd928e27b5d50484b9a1058a85f49274200ce0222214a05026078edc1ed38a18eb816f707c94b03fb25bf20973b24b12bda166ce16d043719a9e3

Download Submit
memory/732-2436-0x00007FF6C9560000-0x00007FF6C98B1000-memory.dmp

Filesize
3.3MB

Download
memory/732-107-0x00007FF6C9560000-0x00007FF6C98B1000-memory.dmp

Filesize
3.3MB

Download
memory/876-102-0x00007FF62DCC0000-0x00007FF62E011000-memory.dmp

Filesize
3.3MB

Download
memory/876-2438-0x00007FF62DCC0000-0x00007FF62E011000-memory.dmp

Filesize
3.3MB

Download
memory/964-8-0x00007FF70FE90000-0x00007FF7101E1000-memory.dmp

Filesize
3.3MB

Download
memory/964-210-0x00007FF70FE90000-0x00007FF7101E1000-memory.dmp

Filesize
3.3MB

Download
memory/1008-2433-0x00007FF6C3610000-0x00007FF6C3961000-memory.dmp

Filesize
3.3MB

Download
memory/1008-104-0x00007FF6C3610000-0x00007FF6C3961000-memory.dmp

Filesize
3.3MB

Download
memory/1252-125-0x00007FF654140000-0x00007FF654491000-memory.dmp

Filesize
3.3MB

Download
memory/1252-2505-0x00007FF654140000-0x00007FF654491000-memory.dmp

Filesize
3.3MB

Download
memory/1420-2522-0x00007FF7DE530000-0x00007FF7DE881000-memory.dmp

Filesize
3.3MB

Download
memory/1420-930-0x00007FF7DE530000-0x00007FF7DE881000-memory.dmp

Filesize
3.3MB

Download
memory/1420-169-0x00007FF7DE530000-0x00007FF7DE881000-memory.dmp

Filesize
3.3MB

Download
memory/1608-51-0x00007FF7217C0000-0x00007FF721B11000-memory.dmp

Filesize
3.3MB

Download
memory/1608-218-0x00007FF7217C0000-0x00007FF721B11000-memory.dmp

Filesize
3.3MB

Download
memory/1608-2409-0x00007FF7217C0000-0x00007FF721B11000-memory.dmp

Filesize
3.3MB

Download
memory/1636-2511-0x00007FF78EC10000-0x00007FF78EF61000-memory.dmp

Filesize
3.3MB

Download
memory/1636-153-0x00007FF78EC10000-0x00007FF78EF61000-memory.dmp

Filesize
3.3MB

Download
memory/1640-219-0x00007FF787E50000-0x00007FF7881A1000-memory.dmp

Filesize
3.3MB

Download
memory/1640-16-0x00007FF787E50000-0x00007FF7881A1000-memory.dmp

Filesize
3.3MB

Download
memory/1640-2398-0x00007FF787E50000-0x00007FF7881A1000-memory.dmp

Filesize
3.3MB

Download
memory/1816-2507-0x00007FF7769C0000-0x00007FF776D11000-memory.dmp

Filesize
3.3MB

Download
memory/1816-142-0x00007FF7769C0000-0x00007FF776D11000-memory.dmp

Filesize
3.3MB

Download
memory/1868-2518-0x00007FF630D10000-0x00007FF631061000-memory.dmp

Filesize
3.3MB

Download
memory/1868-198-0x00007FF630D10000-0x00007FF631061000-memory.dmp

Filesize
3.3MB

Download
memory/2060-2440-0x00007FF6E63E0000-0x00007FF6E6731000-memory.dmp

Filesize
3.3MB

Download
memory/2060-110-0x00007FF6E63E0000-0x00007FF6E6731000-memory.dmp

Filesize
3.3MB

Download
memory/2064-109-0x00007FF690A90000-0x00007FF690DE1000-memory.dmp

Filesize
3.3MB

Download
memory/2064-2424-0x00007FF690A90000-0x00007FF690DE1000-memory.dmp

Filesize
3.3MB

Download
memory/2276-123-0x00007FF687CE0000-0x00007FF688031000-memory.dmp

Filesize
3.3MB

Download
memory/2276-2503-0x00007FF687CE0000-0x00007FF688031000-memory.dmp

Filesize
3.3MB

Download
memory/2636-2509-0x00007FF6A5D30000-0x00007FF6A6081000-memory.dmp

Filesize
3.3MB

Download
memory/2636-131-0x00007FF6A5D30000-0x00007FF6A6081000-memory.dmp

Filesize
3.3MB

Download
memory/2636-701-0x00007FF6A5D30000-0x00007FF6A6081000-memory.dmp

Filesize
3.3MB

Download
memory/2720-108-0x00007FF706870000-0x00007FF706BC1000-memory.dmp

Filesize
3.3MB

Download
memory/2720-2435-0x00007FF706870000-0x00007FF706BC1000-memory.dmp

Filesize
3.3MB

Download
memory/2804-2400-0x00007FF60C140000-0x00007FF60C491000-memory.dmp

Filesize
3.3MB

Download
memory/2804-79-0x00007FF60C140000-0x00007FF60C491000-memory.dmp

Filesize
3.3MB

Download
memory/2840-182-0x00007FF7EB7B0000-0x00007FF7EBB01000-memory.dmp

Filesize
3.3MB

Download
memory/2840-1095-0x00007FF7EB7B0000-0x00007FF7EBB01000-memory.dmp

Filesize
3.3MB

Download
memory/2840-2520-0x00007FF7EB7B0000-0x00007FF7EBB01000-memory.dmp

Filesize
3.3MB

Download
memory/3108-2525-0x00007FF6E2870000-0x00007FF6E2BC1000-memory.dmp

Filesize
3.3MB

Download
memory/3108-1084-0x00007FF6E2870000-0x00007FF6E2BC1000-memory.dmp

Filesize
3.3MB

Download
memory/3108-165-0x00007FF6E2870000-0x00007FF6E2BC1000-memory.dmp

Filesize
3.3MB

Download
memory/3240-88-0x00007FF7EE9F0000-0x00007FF7EED41000-memory.dmp

Filesize
3.3MB

Download
memory/3240-2406-0x00007FF7EE9F0000-0x00007FF7EED41000-memory.dmp

Filesize
3.3MB

Download
memory/3616-98-0x00007FF731350000-0x00007FF7316A1000-memory.dmp

Filesize
3.3MB

Download
memory/3616-2414-0x00007FF731350000-0x00007FF7316A1000-memory.dmp

Filesize
3.3MB

Download
memory/3620-817-0x00007FF7523F0000-0x00007FF752741000-memory.dmp

Filesize
3.3MB

Download
memory/3620-149-0x00007FF7523F0000-0x00007FF752741000-memory.dmp

Filesize
3.3MB

Download
memory/3620-2513-0x00007FF7523F0000-0x00007FF752741000-memory.dmp

Filesize
3.3MB

Download
memory/3912-2402-0x00007FF75AFC0000-0x00007FF75B311000-memory.dmp

Filesize
3.3MB

Download
memory/3912-50-0x00007FF75AFC0000-0x00007FF75B311000-memory.dmp

Filesize
3.3MB

Download
memory/3912-214-0x00007FF75AFC0000-0x00007FF75B311000-memory.dmp

Filesize
3.3MB

Download
memory/4032-90-0x00007FF673910000-0x00007FF673C61000-memory.dmp

Filesize
3.3MB

Download
memory/4032-2411-0x00007FF673910000-0x00007FF673C61000-memory.dmp

Filesize
3.3MB

Download
memory/4180-27-0x00007FF74BE00000-0x00007FF74C151000-memory.dmp

Filesize
3.3MB

Download
memory/4180-2396-0x00007FF74BE00000-0x00007FF74C151000-memory.dmp

Filesize
3.3MB

Download
memory/4180-213-0x00007FF74BE00000-0x00007FF74C151000-memory.dmp

Filesize
3.3MB

Download
memory/4336-2524-0x00007FF7F95C0000-0x00007FF7F9911000-memory.dmp

Filesize
3.3MB

Download
memory/4336-192-0x00007FF7F95C0000-0x00007FF7F9911000-memory.dmp

Filesize
3.3MB

Download
memory/4572-0-0x00007FF69B310000-0x00007FF69B661000-memory.dmp

Filesize
3.3MB

Download
memory/4572-156-0x00007FF69B310000-0x00007FF69B661000-memory.dmp

Filesize
3.3MB

Download
memory/4572-1-0x0000023CF7600000-0x0000023CF7610000-memory.dmp

Filesize
64KB

Download
memory/4628-62-0x00007FF6E48B0000-0x00007FF6E4C01000-memory.dmp

Filesize
3.3MB

Download
memory/4628-2412-0x00007FF6E48B0000-0x00007FF6E4C01000-memory.dmp

Filesize
3.3MB

Download
memory/4628-228-0x00007FF6E48B0000-0x00007FF6E4C01000-memory.dmp

Filesize
3.3MB

Download
memory/4752-65-0x00007FF79F3E0000-0x00007FF79F731000-memory.dmp

Filesize
3.3MB

Download
memory/4888-197-0x00007FF7D0780000-0x00007FF7D0AD1000-memory.dmp

Filesize
3.3MB

Download
memory/4888-28-0x00007FF7D0780000-0x00007FF7D0AD1000-memory.dmp

Filesize
3.3MB

Download