xmrig | 72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
20/05/2024, 23:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
Size

2.1MB
MD5

67fc3d27f516054c52d367aef075891b
SHA1

da9697638d6c706895a975edaec798f85d46aa9c
SHA256

72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa
SHA512

c8a37f27852207337d1cd3ec650dd94f3ddf86bd19b893cb24f60ee23409bc92514196d8b0c5baf4f58d4962215275f5ec3e8eae3bbcf351bb48d1ebb2ccfa39
SSDEEP

49152:oezaTF8FcNkNdfE0pZ9ozt4wIQwNGyXGVfC:oemTLkNdfE0pZrQ0

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral1/memory/2064-2-0x000000013FD50000-0x00000001400A4000-memory.dmp	UPX
behavioral1/files/0x000c00000001225d-3.dat	UPX
behavioral1/files/0x0032000000015d85-13.dat	UPX
behavioral1/files/0x0008000000016122-14.dat	UPX
behavioral1/memory/2888-8-0x000000013FD10000-0x0000000140064000-memory.dmp	UPX
behavioral1/memory/2432-71-0x000000013FB80000-0x000000013FED4000-memory.dmp	UPX
behavioral1/memory/2016-88-0x000000013F400000-0x000000013F754000-memory.dmp	UPX
behavioral1/memory/2064-86-0x000000013FD50000-0x00000001400A4000-memory.dmp	UPX
behavioral1/memory/2920-98-0x000000013FB90000-0x000000013FEE4000-memory.dmp	UPX
behavioral1/files/0x00060000000173c5-124.dat	UPX
behavioral1/files/0x000600000001738c-116.dat	UPX
behavioral1/files/0x00060000000190bc-191.dat	UPX
behavioral1/memory/2432-1457-0x000000013FB80000-0x000000013FED4000-memory.dmp	UPX
behavioral1/files/0x00060000000190b3-188.dat	UPX
behavioral1/files/0x000500000001877f-184.dat	UPX
behavioral1/files/0x0005000000018674-179.dat	UPX
behavioral1/files/0x000d00000001865b-174.dat	UPX
behavioral1/files/0x000600000001864a-169.dat	UPX
behavioral1/files/0x0006000000017510-164.dat	UPX
behavioral1/files/0x0006000000017472-155.dat	UPX
behavioral1/files/0x000600000001748d-158.dat	UPX
behavioral1/files/0x00060000000173dc-143.dat	UPX
behavioral1/files/0x00060000000173e7-139.dat	UPX
behavioral1/files/0x000600000001737b-131.dat	UPX
behavioral1/files/0x000600000001737e-119.dat	UPX
behavioral1/files/0x000600000001745d-146.dat	UPX
behavioral1/files/0x00060000000173df-135.dat	UPX
behavioral1/memory/2196-105-0x000000013F4C0000-0x000000013F814000-memory.dmp	UPX
behavioral1/memory/2640-104-0x000000013F3E0000-0x000000013F734000-memory.dmp	UPX
behavioral1/files/0x0006000000016e56-102.dat	UPX
behavioral1/memory/2272-100-0x000000013F3E0000-0x000000013F734000-memory.dmp	UPX
behavioral1/files/0x0006000000016f7e-108.dat	UPX
behavioral1/memory/2988-99-0x000000013F360000-0x000000013F6B4000-memory.dmp	UPX
behavioral1/files/0x0006000000016d85-84.dat	UPX
behavioral1/files/0x0006000000016da9-92.dat	UPX
behavioral1/memory/2888-89-0x000000013FD10000-0x0000000140064000-memory.dmp	UPX
behavioral1/memory/2856-80-0x000000013F960000-0x000000013FCB4000-memory.dmp	UPX
behavioral1/files/0x0006000000016d31-70.dat	UPX
behavioral1/memory/2600-68-0x000000013FCC0000-0x0000000140014000-memory.dmp	UPX
behavioral1/memory/2656-66-0x000000013FE20000-0x0000000140174000-memory.dmp	UPX
behavioral1/files/0x0006000000016d81-75.dat	UPX
behavioral1/memory/2704-65-0x000000013F840000-0x000000013FB94000-memory.dmp	UPX
behavioral1/files/0x0008000000016d21-54.dat	UPX
behavioral1/files/0x00070000000164ec-51.dat	UPX
behavioral1/files/0x00070000000161ee-50.dat	UPX
behavioral1/memory/2560-45-0x000000013FFA0000-0x00000001402F4000-memory.dmp	UPX
behavioral1/memory/2640-44-0x000000013F3E0000-0x000000013F734000-memory.dmp	UPX
behavioral1/memory/2988-40-0x000000013F360000-0x000000013F6B4000-memory.dmp	UPX
behavioral1/memory/2576-61-0x000000013FF20000-0x0000000140274000-memory.dmp	UPX
behavioral1/files/0x0006000000016d29-58.dat	UPX
behavioral1/files/0x0007000000016575-35.dat	UPX
behavioral1/files/0x00070000000163eb-34.dat	UPX
behavioral1/memory/2920-24-0x000000013FB90000-0x000000013FEE4000-memory.dmp	UPX
behavioral1/memory/2888-4068-0x000000013FD10000-0x0000000140064000-memory.dmp	UPX
behavioral1/memory/2920-4069-0x000000013FB90000-0x000000013FEE4000-memory.dmp	UPX
behavioral1/memory/2640-4071-0x000000013F3E0000-0x000000013F734000-memory.dmp	UPX
behavioral1/memory/2988-4070-0x000000013F360000-0x000000013F6B4000-memory.dmp	UPX
behavioral1/memory/2560-4072-0x000000013FFA0000-0x00000001402F4000-memory.dmp	UPX
behavioral1/memory/2856-4076-0x000000013F960000-0x000000013FCB4000-memory.dmp	UPX
behavioral1/memory/2576-4075-0x000000013FF20000-0x0000000140274000-memory.dmp	UPX
behavioral1/memory/2600-4074-0x000000013FCC0000-0x0000000140014000-memory.dmp	UPX
behavioral1/memory/2704-4073-0x000000013F840000-0x000000013FB94000-memory.dmp	UPX
behavioral1/memory/2656-4077-0x000000013FE20000-0x0000000140174000-memory.dmp	UPX
behavioral1/memory/2432-4078-0x000000013FB80000-0x000000013FED4000-memory.dmp	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2064-2-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/files/0x000c00000001225d-3.dat	xmrig
behavioral1/files/0x0032000000015d85-13.dat	xmrig
behavioral1/files/0x0008000000016122-14.dat	xmrig
behavioral1/memory/2888-8-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/2432-71-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2016-88-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2064-86-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/2920-98-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/files/0x00060000000173c5-124.dat	xmrig
behavioral1/files/0x000600000001738c-116.dat	xmrig
behavioral1/files/0x00060000000190bc-191.dat	xmrig
behavioral1/memory/2432-1457-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/files/0x00060000000190b3-188.dat	xmrig
behavioral1/files/0x000500000001877f-184.dat	xmrig
behavioral1/files/0x0005000000018674-179.dat	xmrig
behavioral1/files/0x000d00000001865b-174.dat	xmrig
behavioral1/files/0x000600000001864a-169.dat	xmrig
behavioral1/files/0x0006000000017510-164.dat	xmrig
behavioral1/files/0x0006000000017472-155.dat	xmrig
behavioral1/files/0x000600000001748d-158.dat	xmrig
behavioral1/files/0x00060000000173dc-143.dat	xmrig
behavioral1/files/0x00060000000173e7-139.dat	xmrig
behavioral1/files/0x000600000001737b-131.dat	xmrig
behavioral1/files/0x000600000001737e-119.dat	xmrig
behavioral1/files/0x000600000001745d-146.dat	xmrig
behavioral1/files/0x00060000000173df-135.dat	xmrig
behavioral1/memory/2196-105-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/memory/2640-104-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/files/0x0006000000016e56-102.dat	xmrig
behavioral1/memory/2272-100-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/files/0x0006000000016f7e-108.dat	xmrig
behavioral1/memory/2988-99-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d85-84.dat	xmrig
behavioral1/files/0x0006000000016da9-92.dat	xmrig
behavioral1/memory/2064-90-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2888-89-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/2064-81-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2856-80-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d31-70.dat	xmrig
behavioral1/memory/2064-69-0x0000000002020000-0x0000000002374000-memory.dmp	xmrig
behavioral1/memory/2600-68-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/2656-66-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d81-75.dat	xmrig
behavioral1/memory/2704-65-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d21-54.dat	xmrig
behavioral1/files/0x00070000000164ec-51.dat	xmrig
behavioral1/files/0x00070000000161ee-50.dat	xmrig
behavioral1/memory/2064-46-0x0000000002020000-0x0000000002374000-memory.dmp	xmrig
behavioral1/memory/2560-45-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2640-44-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2988-40-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/2576-61-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d29-58.dat	xmrig
behavioral1/files/0x0007000000016575-35.dat	xmrig
behavioral1/files/0x00070000000163eb-34.dat	xmrig
behavioral1/memory/2920-24-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2888-4068-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/2920-4069-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2640-4071-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2988-4070-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/2560-4072-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2856-4076-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/2576-4075-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2888	RCJlyFA.exe
2920	owzhYGX.exe
2988	ydpvOod.exe
2640	ykrFdFx.exe
2560	CeTLRlj.exe
2576	pQDscUu.exe
2704	QXUZePA.exe
2656	LAHRMba.exe
2600	rqPVSGQ.exe
2432	ezIsVmf.exe
2856	uJRNBcL.exe
2016	oUuhRYo.exe
2272	ujnTDPg.exe
2196	YnoyERe.exe
1664	xNaILVK.exe
2232	vGiKDam.exe
2024	bzOxpFq.exe
2424	xBSUsFY.exe
1700	qXTSOKz.exe
1052	FjkYYGP.exe
2248	RNMEkpM.exe
336	hpohsPb.exe
1988	IdiEfCo.exe
592	SyGDRMh.exe
2336	cugHfxx.exe
2384	PcFFniX.exe
2808	sSlpGzu.exe
3028	YrtZPzB.exe
1104	IVReGpk.exe
2952	bqZkyKx.exe
1868	bBBxXKQ.exe
804	CdsaTFM.exe
712	uEjzxXj.exe
2972	fhyRHxi.exe
1812	KhnXJgG.exe
1532	RLcovRl.exe
1676	CXFNNMk.exe
1344	flKSkEo.exe
2124	czeSgGh.exe
2784	zzsrKst.exe
1216	BLvFTRr.exe
960	rybkJfr.exe
2160	xxStqcH.exe
1736	RXzlMwV.exe
1944	XFqUQaR.exe
360	vdnJfVe.exe
3056	JWYFWRF.exe
1948	tsfExHT.exe
872	qQNLTli.exe
2188	dWUvTtR.exe
2408	tPLcdqT.exe
2828	rcuIVdh.exe
1600	ORWuWOt.exe
2840	UTpMGVK.exe
1620	YfQQYpX.exe
2568	GnWwbOb.exe
2584	qvbBgSk.exe
2596	EdkAxss.exe
2860	jgKtaQj.exe
2052	ECQoROy.exe
404	yamKrsw.exe
1096	luDRSgZ.exe
2008	kZBIiSc.exe
576	wADonRL.exe

Loads dropped DLL 64 IoCs

pid	Process
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2064-2-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/files/0x000c00000001225d-3.dat	upx
behavioral1/files/0x0032000000015d85-13.dat	upx
behavioral1/files/0x0008000000016122-14.dat	upx
behavioral1/memory/2888-8-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2432-71-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2016-88-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2064-86-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/2920-98-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/files/0x00060000000173c5-124.dat	upx
behavioral1/files/0x000600000001738c-116.dat	upx
behavioral1/files/0x00060000000190bc-191.dat	upx
behavioral1/memory/2432-1457-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/files/0x00060000000190b3-188.dat	upx
behavioral1/files/0x000500000001877f-184.dat	upx
behavioral1/files/0x0005000000018674-179.dat	upx
behavioral1/files/0x000d00000001865b-174.dat	upx
behavioral1/files/0x000600000001864a-169.dat	upx
behavioral1/files/0x0006000000017510-164.dat	upx
behavioral1/files/0x0006000000017472-155.dat	upx
behavioral1/files/0x000600000001748d-158.dat	upx
behavioral1/files/0x00060000000173dc-143.dat	upx
behavioral1/files/0x00060000000173e7-139.dat	upx
behavioral1/files/0x000600000001737b-131.dat	upx
behavioral1/files/0x000600000001737e-119.dat	upx
behavioral1/files/0x000600000001745d-146.dat	upx
behavioral1/files/0x00060000000173df-135.dat	upx
behavioral1/memory/2196-105-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/memory/2640-104-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/files/0x0006000000016e56-102.dat	upx
behavioral1/memory/2272-100-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/files/0x0006000000016f7e-108.dat	upx
behavioral1/memory/2988-99-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/files/0x0006000000016d85-84.dat	upx
behavioral1/files/0x0006000000016da9-92.dat	upx
behavioral1/memory/2888-89-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2856-80-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/files/0x0006000000016d31-70.dat	upx
behavioral1/memory/2600-68-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/2656-66-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/files/0x0006000000016d81-75.dat	upx
behavioral1/memory/2704-65-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/files/0x0008000000016d21-54.dat	upx
behavioral1/files/0x00070000000164ec-51.dat	upx
behavioral1/files/0x00070000000161ee-50.dat	upx
behavioral1/memory/2560-45-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2640-44-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2988-40-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2576-61-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/files/0x0006000000016d29-58.dat	upx
behavioral1/files/0x0007000000016575-35.dat	upx
behavioral1/files/0x00070000000163eb-34.dat	upx
behavioral1/memory/2920-24-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2888-4068-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2920-4069-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2640-4071-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2988-4070-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2560-4072-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2856-4076-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/2576-4075-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2600-4074-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/2704-4073-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/2656-4077-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/2432-4078-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\gNLJvvH.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\NSLxYrc.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\RBfdYQW.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\dOoQRON.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\zzsrKst.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\HtZLEyb.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\rdhJeSU.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\MsJatkg.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\QsieHcV.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\KwDTuBy.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\jrpoPUq.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\sQGQGQU.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\qjQHynW.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\rnhOzZJ.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\YMXQbGO.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\GrOHySR.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\vBDeNVz.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\pjEPZzg.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\AXqEJmc.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\BwEoqeD.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\wWFSRaj.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\lmxcbkc.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\oJSbmUx.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\zmpCBQN.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\jEGREkk.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\pzWehlx.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\wFjOLqi.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\MkrDzEK.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\EFdjbNt.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\EJCGphB.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\xzrFkfD.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\VTYQohR.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\dhSzaim.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\SkOrCfJ.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\hVpGrBV.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\PCTuCEx.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\hwUaWvh.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\OXRqJNs.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\qyFWaow.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\dTaMYgD.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\fdBNqwO.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\ucwHTLA.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\YyahQtS.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\LccmBTY.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\pnaLerp.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\ElJoLlA.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\qlsTsJt.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\oUuhRYo.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\GYUhxxJ.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\WuVDTwx.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\cgJWghz.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\LJIRaIP.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\xzUoqxc.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\VoivPJY.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\pLFBXLF.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\UKrKeng.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\CWXrAlf.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\hhOldNm.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\JkbcTgU.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\bcAbavb.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\exanjzy.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\JWsOTPM.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\TjhAcOf.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
File created	C:\Windows\System\XTXqCfn.exe	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 2888	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	29
PID 2064 wrote to memory of 2888	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	29
PID 2064 wrote to memory of 2888	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	29
PID 2064 wrote to memory of 2920	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	30
PID 2064 wrote to memory of 2920	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	30
PID 2064 wrote to memory of 2920	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	30
PID 2064 wrote to memory of 2988	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	31
PID 2064 wrote to memory of 2988	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	31
PID 2064 wrote to memory of 2988	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	31
PID 2064 wrote to memory of 2576	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	32
PID 2064 wrote to memory of 2576	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	32
PID 2064 wrote to memory of 2576	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	32
PID 2064 wrote to memory of 2640	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	33
PID 2064 wrote to memory of 2640	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	33
PID 2064 wrote to memory of 2640	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	33
PID 2064 wrote to memory of 2704	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	34
PID 2064 wrote to memory of 2704	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	34
PID 2064 wrote to memory of 2704	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	34
PID 2064 wrote to memory of 2560	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	35
PID 2064 wrote to memory of 2560	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	35
PID 2064 wrote to memory of 2560	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	35
PID 2064 wrote to memory of 2656	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	36
PID 2064 wrote to memory of 2656	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	36
PID 2064 wrote to memory of 2656	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	36
PID 2064 wrote to memory of 2600	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	37
PID 2064 wrote to memory of 2600	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	37
PID 2064 wrote to memory of 2600	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	37
PID 2064 wrote to memory of 2432	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	38
PID 2064 wrote to memory of 2432	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	38
PID 2064 wrote to memory of 2432	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	38
PID 2064 wrote to memory of 2856	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	39
PID 2064 wrote to memory of 2856	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	39
PID 2064 wrote to memory of 2856	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	39
PID 2064 wrote to memory of 2016	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	40
PID 2064 wrote to memory of 2016	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	40
PID 2064 wrote to memory of 2016	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	40
PID 2064 wrote to memory of 2272	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	41
PID 2064 wrote to memory of 2272	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	41
PID 2064 wrote to memory of 2272	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	41
PID 2064 wrote to memory of 2196	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	42
PID 2064 wrote to memory of 2196	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	42
PID 2064 wrote to memory of 2196	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	42
PID 2064 wrote to memory of 1664	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	43
PID 2064 wrote to memory of 1664	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	43
PID 2064 wrote to memory of 1664	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	43
PID 2064 wrote to memory of 2424	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	44
PID 2064 wrote to memory of 2424	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	44
PID 2064 wrote to memory of 2424	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	44
PID 2064 wrote to memory of 2232	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	45
PID 2064 wrote to memory of 2232	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	45
PID 2064 wrote to memory of 2232	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	45
PID 2064 wrote to memory of 1052	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	46
PID 2064 wrote to memory of 1052	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	46
PID 2064 wrote to memory of 1052	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	46
PID 2064 wrote to memory of 2024	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	47
PID 2064 wrote to memory of 2024	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	47
PID 2064 wrote to memory of 2024	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	47
PID 2064 wrote to memory of 2248	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	48
PID 2064 wrote to memory of 2248	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	48
PID 2064 wrote to memory of 2248	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	48
PID 2064 wrote to memory of 1700	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	49
PID 2064 wrote to memory of 1700	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	49
PID 2064 wrote to memory of 1700	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	49
PID 2064 wrote to memory of 1988	2064	72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe	50

C:\Users\Admin\AppData\Local\Temp\72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe
"C:\Users\Admin\AppData\Local\Temp\72f88101f92d30e1fb9b6b69d78f767ea3ffb790d48746e0c0faa497bcaf68fa.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Windows\System\RCJlyFA.exe
  C:\Windows\System\RCJlyFA.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\owzhYGX.exe
  C:\Windows\System\owzhYGX.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\ydpvOod.exe
  C:\Windows\System\ydpvOod.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\pQDscUu.exe
  C:\Windows\System\pQDscUu.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\ykrFdFx.exe
  C:\Windows\System\ykrFdFx.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\QXUZePA.exe
  C:\Windows\System\QXUZePA.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\CeTLRlj.exe
  C:\Windows\System\CeTLRlj.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\LAHRMba.exe
  C:\Windows\System\LAHRMba.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\rqPVSGQ.exe
  C:\Windows\System\rqPVSGQ.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\ezIsVmf.exe
  C:\Windows\System\ezIsVmf.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\uJRNBcL.exe
  C:\Windows\System\uJRNBcL.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\oUuhRYo.exe
  C:\Windows\System\oUuhRYo.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\ujnTDPg.exe
  C:\Windows\System\ujnTDPg.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\YnoyERe.exe
  C:\Windows\System\YnoyERe.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\xNaILVK.exe
  C:\Windows\System\xNaILVK.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\xBSUsFY.exe
  C:\Windows\System\xBSUsFY.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\vGiKDam.exe
  C:\Windows\System\vGiKDam.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\FjkYYGP.exe
  C:\Windows\System\FjkYYGP.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\bzOxpFq.exe
  C:\Windows\System\bzOxpFq.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\RNMEkpM.exe
  C:\Windows\System\RNMEkpM.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\qXTSOKz.exe
  C:\Windows\System\qXTSOKz.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\IdiEfCo.exe
  C:\Windows\System\IdiEfCo.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\hpohsPb.exe
  C:\Windows\System\hpohsPb.exe
  2⤵
  - Executes dropped EXE
  PID:336
- C:\Windows\System\SyGDRMh.exe
  C:\Windows\System\SyGDRMh.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\cugHfxx.exe
  C:\Windows\System\cugHfxx.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\PcFFniX.exe
  C:\Windows\System\PcFFniX.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\sSlpGzu.exe
  C:\Windows\System\sSlpGzu.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\YrtZPzB.exe
  C:\Windows\System\YrtZPzB.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\IVReGpk.exe
  C:\Windows\System\IVReGpk.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\bqZkyKx.exe
  C:\Windows\System\bqZkyKx.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\bBBxXKQ.exe
  C:\Windows\System\bBBxXKQ.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\CdsaTFM.exe
  C:\Windows\System\CdsaTFM.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\uEjzxXj.exe
  C:\Windows\System\uEjzxXj.exe
  2⤵
  - Executes dropped EXE
  PID:712
- C:\Windows\System\fhyRHxi.exe
  C:\Windows\System\fhyRHxi.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\KhnXJgG.exe
  C:\Windows\System\KhnXJgG.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\RLcovRl.exe
  C:\Windows\System\RLcovRl.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\CXFNNMk.exe
  C:\Windows\System\CXFNNMk.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\flKSkEo.exe
  C:\Windows\System\flKSkEo.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\czeSgGh.exe
  C:\Windows\System\czeSgGh.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\zzsrKst.exe
  C:\Windows\System\zzsrKst.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\BLvFTRr.exe
  C:\Windows\System\BLvFTRr.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\rybkJfr.exe
  C:\Windows\System\rybkJfr.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\xxStqcH.exe
  C:\Windows\System\xxStqcH.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\RXzlMwV.exe
  C:\Windows\System\RXzlMwV.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\XFqUQaR.exe
  C:\Windows\System\XFqUQaR.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\vdnJfVe.exe
  C:\Windows\System\vdnJfVe.exe
  2⤵
  - Executes dropped EXE
  PID:360
- C:\Windows\System\JWYFWRF.exe
  C:\Windows\System\JWYFWRF.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\tsfExHT.exe
  C:\Windows\System\tsfExHT.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\qQNLTli.exe
  C:\Windows\System\qQNLTli.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\dWUvTtR.exe
  C:\Windows\System\dWUvTtR.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\tPLcdqT.exe
  C:\Windows\System\tPLcdqT.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\rcuIVdh.exe
  C:\Windows\System\rcuIVdh.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\ORWuWOt.exe
  C:\Windows\System\ORWuWOt.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\UTpMGVK.exe
  C:\Windows\System\UTpMGVK.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\YfQQYpX.exe
  C:\Windows\System\YfQQYpX.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\GnWwbOb.exe
  C:\Windows\System\GnWwbOb.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\qvbBgSk.exe
  C:\Windows\System\qvbBgSk.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\EdkAxss.exe
  C:\Windows\System\EdkAxss.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\jgKtaQj.exe
  C:\Windows\System\jgKtaQj.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\ECQoROy.exe
  C:\Windows\System\ECQoROy.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\yamKrsw.exe
  C:\Windows\System\yamKrsw.exe
  2⤵
  - Executes dropped EXE
  PID:404
- C:\Windows\System\kZBIiSc.exe
  C:\Windows\System\kZBIiSc.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\luDRSgZ.exe
  C:\Windows\System\luDRSgZ.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\WrKODxu.exe
  C:\Windows\System\WrKODxu.exe
  2⤵
  PID:320
- C:\Windows\System\wADonRL.exe
  C:\Windows\System\wADonRL.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\gQVvSFo.exe
  C:\Windows\System\gQVvSFo.exe
  2⤵
  PID:1136
- C:\Windows\System\RvGxhFW.exe
  C:\Windows\System\RvGxhFW.exe
  2⤵
  PID:2004
- C:\Windows\System\UKrKeng.exe
  C:\Windows\System\UKrKeng.exe
  2⤵
  PID:276
- C:\Windows\System\wSCTSje.exe
  C:\Windows\System\wSCTSje.exe
  2⤵
  PID:284
- C:\Windows\System\ObrlMKh.exe
  C:\Windows\System\ObrlMKh.exe
  2⤵
  PID:2532
- C:\Windows\System\wTSpgDT.exe
  C:\Windows\System\wTSpgDT.exe
  2⤵
  PID:2068
- C:\Windows\System\GxomadV.exe
  C:\Windows\System\GxomadV.exe
  2⤵
  PID:2228
- C:\Windows\System\HtZLEyb.exe
  C:\Windows\System\HtZLEyb.exe
  2⤵
  PID:2664
- C:\Windows\System\ITMoDPL.exe
  C:\Windows\System\ITMoDPL.exe
  2⤵
  PID:2964
- C:\Windows\System\NBuTkpZ.exe
  C:\Windows\System\NBuTkpZ.exe
  2⤵
  PID:1544
- C:\Windows\System\gONughy.exe
  C:\Windows\System\gONughy.exe
  2⤵
  PID:1984
- C:\Windows\System\fhxrWjZ.exe
  C:\Windows\System\fhxrWjZ.exe
  2⤵
  PID:2908
- C:\Windows\System\akxoizI.exe
  C:\Windows\System\akxoizI.exe
  2⤵
  PID:916
- C:\Windows\System\zNOatIw.exe
  C:\Windows\System\zNOatIw.exe
  2⤵
  PID:1384
- C:\Windows\System\PVVPzIO.exe
  C:\Windows\System\PVVPzIO.exe
  2⤵
  PID:2080
- C:\Windows\System\bKfZskW.exe
  C:\Windows\System\bKfZskW.exe
  2⤵
  PID:3000
- C:\Windows\System\VxYVYcs.exe
  C:\Windows\System\VxYVYcs.exe
  2⤵
  PID:1584
- C:\Windows\System\nGjckDB.exe
  C:\Windows\System\nGjckDB.exe
  2⤵
  PID:1756
- C:\Windows\System\CTpjTsh.exe
  C:\Windows\System\CTpjTsh.exe
  2⤵
  PID:2152
- C:\Windows\System\eGaaPhX.exe
  C:\Windows\System\eGaaPhX.exe
  2⤵
  PID:1564
- C:\Windows\System\yLAoxMD.exe
  C:\Windows\System\yLAoxMD.exe
  2⤵
  PID:2900
- C:\Windows\System\dIPfMAN.exe
  C:\Windows\System\dIPfMAN.exe
  2⤵
  PID:2724
- C:\Windows\System\JllYAwg.exe
  C:\Windows\System\JllYAwg.exe
  2⤵
  PID:2936
- C:\Windows\System\CwaByzu.exe
  C:\Windows\System\CwaByzu.exe
  2⤵
  PID:2868
- C:\Windows\System\xzrFkfD.exe
  C:\Windows\System\xzrFkfD.exe
  2⤵
  PID:1036
- C:\Windows\System\sFJsAoB.exe
  C:\Windows\System\sFJsAoB.exe
  2⤵
  PID:1000
- C:\Windows\System\RrvSmjF.exe
  C:\Windows\System\RrvSmjF.exe
  2⤵
  PID:3084
- C:\Windows\System\xyBqcjx.exe
  C:\Windows\System\xyBqcjx.exe
  2⤵
  PID:3100
- C:\Windows\System\YZSZUPR.exe
  C:\Windows\System\YZSZUPR.exe
  2⤵
  PID:3120
- C:\Windows\System\ePouQMb.exe
  C:\Windows\System\ePouQMb.exe
  2⤵
  PID:3136
- C:\Windows\System\yesLXaa.exe
  C:\Windows\System\yesLXaa.exe
  2⤵
  PID:3160
- C:\Windows\System\JEWTvEb.exe
  C:\Windows\System\JEWTvEb.exe
  2⤵
  PID:3176
- C:\Windows\System\AYBoqcK.exe
  C:\Windows\System\AYBoqcK.exe
  2⤵
  PID:3192
- C:\Windows\System\myauOgg.exe
  C:\Windows\System\myauOgg.exe
  2⤵
  PID:3212
- C:\Windows\System\HTsJKmY.exe
  C:\Windows\System\HTsJKmY.exe
  2⤵
  PID:3232
- C:\Windows\System\yVzpFOF.exe
  C:\Windows\System\yVzpFOF.exe
  2⤵
  PID:3248
- C:\Windows\System\oaBrCOH.exe
  C:\Windows\System\oaBrCOH.exe
  2⤵
  PID:3268
- C:\Windows\System\LOzZFYo.exe
  C:\Windows\System\LOzZFYo.exe
  2⤵
  PID:3288
- C:\Windows\System\WurVUhS.exe
  C:\Windows\System\WurVUhS.exe
  2⤵
  PID:3308
- C:\Windows\System\ThKksch.exe
  C:\Windows\System\ThKksch.exe
  2⤵
  PID:3328
- C:\Windows\System\UnpjbqG.exe
  C:\Windows\System\UnpjbqG.exe
  2⤵
  PID:3348
- C:\Windows\System\LpOpdnd.exe
  C:\Windows\System\LpOpdnd.exe
  2⤵
  PID:3368
- C:\Windows\System\XMsAdhm.exe
  C:\Windows\System\XMsAdhm.exe
  2⤵
  PID:3384
- C:\Windows\System\SZBVZtY.exe
  C:\Windows\System\SZBVZtY.exe
  2⤵
  PID:3436
- C:\Windows\System\DNeJwfD.exe
  C:\Windows\System\DNeJwfD.exe
  2⤵
  PID:3460
- C:\Windows\System\PXwDdLw.exe
  C:\Windows\System\PXwDdLw.exe
  2⤵
  PID:3476
- C:\Windows\System\FoFpUQZ.exe
  C:\Windows\System\FoFpUQZ.exe
  2⤵
  PID:3492
- C:\Windows\System\dxOuglc.exe
  C:\Windows\System\dxOuglc.exe
  2⤵
  PID:3508
- C:\Windows\System\JfyBIqZ.exe
  C:\Windows\System\JfyBIqZ.exe
  2⤵
  PID:3540
- C:\Windows\System\hoZICTo.exe
  C:\Windows\System\hoZICTo.exe
  2⤵
  PID:3560
- C:\Windows\System\osTOFPb.exe
  C:\Windows\System\osTOFPb.exe
  2⤵
  PID:3580
- C:\Windows\System\EpodfPt.exe
  C:\Windows\System\EpodfPt.exe
  2⤵
  PID:3600
- C:\Windows\System\CWXrAlf.exe
  C:\Windows\System\CWXrAlf.exe
  2⤵
  PID:3620
- C:\Windows\System\uuRMKaM.exe
  C:\Windows\System\uuRMKaM.exe
  2⤵
  PID:3640
- C:\Windows\System\tYelzFY.exe
  C:\Windows\System\tYelzFY.exe
  2⤵
  PID:3660
- C:\Windows\System\uhGhhgY.exe
  C:\Windows\System\uhGhhgY.exe
  2⤵
  PID:3680
- C:\Windows\System\IltIaWl.exe
  C:\Windows\System\IltIaWl.exe
  2⤵
  PID:3700
- C:\Windows\System\VvdKUOu.exe
  C:\Windows\System\VvdKUOu.exe
  2⤵
  PID:3720
- C:\Windows\System\zCNvfuZ.exe
  C:\Windows\System\zCNvfuZ.exe
  2⤵
  PID:3740
- C:\Windows\System\YdXWiOD.exe
  C:\Windows\System\YdXWiOD.exe
  2⤵
  PID:3760
- C:\Windows\System\OconoMe.exe
  C:\Windows\System\OconoMe.exe
  2⤵
  PID:3780
- C:\Windows\System\PVXeAsh.exe
  C:\Windows\System\PVXeAsh.exe
  2⤵
  PID:3800
- C:\Windows\System\cgSmPnn.exe
  C:\Windows\System\cgSmPnn.exe
  2⤵
  PID:3820
- C:\Windows\System\udmgppc.exe
  C:\Windows\System\udmgppc.exe
  2⤵
  PID:3840
- C:\Windows\System\exanjzy.exe
  C:\Windows\System\exanjzy.exe
  2⤵
  PID:3860
- C:\Windows\System\JKmRbdu.exe
  C:\Windows\System\JKmRbdu.exe
  2⤵
  PID:3880
- C:\Windows\System\lsPjdzY.exe
  C:\Windows\System\lsPjdzY.exe
  2⤵
  PID:3900
- C:\Windows\System\WsQaBuX.exe
  C:\Windows\System\WsQaBuX.exe
  2⤵
  PID:3920
- C:\Windows\System\aauanGl.exe
  C:\Windows\System\aauanGl.exe
  2⤵
  PID:3940
- C:\Windows\System\palzcZs.exe
  C:\Windows\System\palzcZs.exe
  2⤵
  PID:3960
- C:\Windows\System\HyMoiRI.exe
  C:\Windows\System\HyMoiRI.exe
  2⤵
  PID:3980
- C:\Windows\System\ELjZohs.exe
  C:\Windows\System\ELjZohs.exe
  2⤵
  PID:4000
- C:\Windows\System\LUJuJPi.exe
  C:\Windows\System\LUJuJPi.exe
  2⤵
  PID:4020
- C:\Windows\System\aNSqeJr.exe
  C:\Windows\System\aNSqeJr.exe
  2⤵
  PID:4040
- C:\Windows\System\XmHnkaK.exe
  C:\Windows\System\XmHnkaK.exe
  2⤵
  PID:4060
- C:\Windows\System\KXJVxFa.exe
  C:\Windows\System\KXJVxFa.exe
  2⤵
  PID:4080
- C:\Windows\System\AHfhKKj.exe
  C:\Windows\System\AHfhKKj.exe
  2⤵
  PID:540
- C:\Windows\System\dYiztAQ.exe
  C:\Windows\System\dYiztAQ.exe
  2⤵
  PID:1488
- C:\Windows\System\GyLfGuR.exe
  C:\Windows\System\GyLfGuR.exe
  2⤵
  PID:2960
- C:\Windows\System\CYNjhWM.exe
  C:\Windows\System\CYNjhWM.exe
  2⤵
  PID:2224
- C:\Windows\System\CQuoTtG.exe
  C:\Windows\System\CQuoTtG.exe
  2⤵
  PID:1936
- C:\Windows\System\clyVasU.exe
  C:\Windows\System\clyVasU.exe
  2⤵
  PID:1728
- C:\Windows\System\jEGREkk.exe
  C:\Windows\System\jEGREkk.exe
  2⤵
  PID:896
- C:\Windows\System\fNcbMvT.exe
  C:\Windows\System\fNcbMvT.exe
  2⤵
  PID:1724
- C:\Windows\System\kzSHLyt.exe
  C:\Windows\System\kzSHLyt.exe
  2⤵
  PID:1872
- C:\Windows\System\TuGIwSl.exe
  C:\Windows\System\TuGIwSl.exe
  2⤵
  PID:2200
- C:\Windows\System\IgvhnrL.exe
  C:\Windows\System\IgvhnrL.exe
  2⤵
  PID:1764
- C:\Windows\System\Qhgummm.exe
  C:\Windows\System\Qhgummm.exe
  2⤵
  PID:1904
- C:\Windows\System\AXqEJmc.exe
  C:\Windows\System\AXqEJmc.exe
  2⤵
  PID:1692
- C:\Windows\System\NoLndHb.exe
  C:\Windows\System\NoLndHb.exe
  2⤵
  PID:3116
- C:\Windows\System\eimffnf.exe
  C:\Windows\System\eimffnf.exe
  2⤵
  PID:3148
- C:\Windows\System\bHXXgwP.exe
  C:\Windows\System\bHXXgwP.exe
  2⤵
  PID:3220
- C:\Windows\System\MHMeYNj.exe
  C:\Windows\System\MHMeYNj.exe
  2⤵
  PID:3260
- C:\Windows\System\AQDjDmd.exe
  C:\Windows\System\AQDjDmd.exe
  2⤵
  PID:776
- C:\Windows\System\ATTKbVD.exe
  C:\Windows\System\ATTKbVD.exe
  2⤵
  PID:1548
- C:\Windows\System\yqEalax.exe
  C:\Windows\System\yqEalax.exe
  2⤵
  PID:2324
- C:\Windows\System\OHbMNRK.exe
  C:\Windows\System\OHbMNRK.exe
  2⤵
  PID:3304
- C:\Windows\System\mXCqmsP.exe
  C:\Windows\System\mXCqmsP.exe
  2⤵
  PID:2944
- C:\Windows\System\cBQLiEY.exe
  C:\Windows\System\cBQLiEY.exe
  2⤵
  PID:3340
- C:\Windows\System\cwoXlru.exe
  C:\Windows\System\cwoXlru.exe
  2⤵
  PID:3280
- C:\Windows\System\xSZyCUE.exe
  C:\Windows\System\xSZyCUE.exe
  2⤵
  PID:3364
- C:\Windows\System\aVIFMjk.exe
  C:\Windows\System\aVIFMjk.exe
  2⤵
  PID:3276
- C:\Windows\System\rZkwyYP.exe
  C:\Windows\System\rZkwyYP.exe
  2⤵
  PID:3208
- C:\Windows\System\JbisXcx.exe
  C:\Windows\System\JbisXcx.exe
  2⤵
  PID:3128
- C:\Windows\System\BsqcJHW.exe
  C:\Windows\System\BsqcJHW.exe
  2⤵
  PID:3396
- C:\Windows\System\qdNUHDX.exe
  C:\Windows\System\qdNUHDX.exe
  2⤵
  PID:3412
- C:\Windows\System\LEonond.exe
  C:\Windows\System\LEonond.exe
  2⤵
  PID:3456
- C:\Windows\System\xbKkyLz.exe
  C:\Windows\System\xbKkyLz.exe
  2⤵
  PID:3448
- C:\Windows\System\jcmoSOh.exe
  C:\Windows\System\jcmoSOh.exe
  2⤵
  PID:3528
- C:\Windows\System\gjsgdRd.exe
  C:\Windows\System\gjsgdRd.exe
  2⤵
  PID:3472
- C:\Windows\System\WRCoGrs.exe
  C:\Windows\System\WRCoGrs.exe
  2⤵
  PID:3588
- C:\Windows\System\gBEISdb.exe
  C:\Windows\System\gBEISdb.exe
  2⤵
  PID:3748
- C:\Windows\System\nxZAlmV.exe
  C:\Windows\System\nxZAlmV.exe
  2⤵
  PID:3768
- C:\Windows\System\PdeqtLk.exe
  C:\Windows\System\PdeqtLk.exe
  2⤵
  PID:3816
- C:\Windows\System\DykAWBg.exe
  C:\Windows\System\DykAWBg.exe
  2⤵
  PID:3828
- C:\Windows\System\cQFZWFK.exe
  C:\Windows\System\cQFZWFK.exe
  2⤵
  PID:3876
- C:\Windows\System\rnhOzZJ.exe
  C:\Windows\System\rnhOzZJ.exe
  2⤵
  PID:3892
- C:\Windows\System\ejGXdUj.exe
  C:\Windows\System\ejGXdUj.exe
  2⤵
  PID:3936
- C:\Windows\System\tmEobnW.exe
  C:\Windows\System\tmEobnW.exe
  2⤵
  PID:3976
- C:\Windows\System\NFqczUz.exe
  C:\Windows\System\NFqczUz.exe
  2⤵
  PID:3992
- C:\Windows\System\KlnVLHd.exe
  C:\Windows\System\KlnVLHd.exe
  2⤵
  PID:4012
- C:\Windows\System\NHPIIvB.exe
  C:\Windows\System\NHPIIvB.exe
  2⤵
  PID:4068
- C:\Windows\System\SwKaiDK.exe
  C:\Windows\System\SwKaiDK.exe
  2⤵
  PID:1068
- C:\Windows\System\qYRkYqf.exe
  C:\Windows\System\qYRkYqf.exe
  2⤵
  PID:2392
- C:\Windows\System\oRQyGSH.exe
  C:\Windows\System\oRQyGSH.exe
  2⤵
  PID:2528
- C:\Windows\System\JTuGYBY.exe
  C:\Windows\System\JTuGYBY.exe
  2⤵
  PID:1256
- C:\Windows\System\sevvKUp.exe
  C:\Windows\System\sevvKUp.exe
  2⤵
  PID:928
- C:\Windows\System\LcszwRa.exe
  C:\Windows\System\LcszwRa.exe
  2⤵
  PID:1056
- C:\Windows\System\YPBkosU.exe
  C:\Windows\System\YPBkosU.exe
  2⤵
  PID:1044
- C:\Windows\System\qxgOhor.exe
  C:\Windows\System\qxgOhor.exe
  2⤵
  PID:3228
- C:\Windows\System\SXDkJra.exe
  C:\Windows\System\SXDkJra.exe
  2⤵
  PID:2548
- C:\Windows\System\yzXGspw.exe
  C:\Windows\System\yzXGspw.exe
  2⤵
  PID:3344
- C:\Windows\System\iTVtfjL.exe
  C:\Windows\System\iTVtfjL.exe
  2⤵
  PID:1020
- C:\Windows\System\FsholAU.exe
  C:\Windows\System\FsholAU.exe
  2⤵
  PID:2304
- C:\Windows\System\AIqkibr.exe
  C:\Windows\System\AIqkibr.exe
  2⤵
  PID:3420
- C:\Windows\System\vcgutCc.exe
  C:\Windows\System\vcgutCc.exe
  2⤵
  PID:2100
- C:\Windows\System\XpwZuRS.exe
  C:\Windows\System\XpwZuRS.exe
  2⤵
  PID:3516
- C:\Windows\System\UWojIjJ.exe
  C:\Windows\System\UWojIjJ.exe
  2⤵
  PID:3112
- C:\Windows\System\atislAX.exe
  C:\Windows\System\atislAX.exe
  2⤵
  PID:1336
- C:\Windows\System\iPbFHWM.exe
  C:\Windows\System\iPbFHWM.exe
  2⤵
  PID:2076
- C:\Windows\System\qpASStx.exe
  C:\Windows\System\qpASStx.exe
  2⤵
  PID:1956
- C:\Windows\System\hhOldNm.exe
  C:\Windows\System\hhOldNm.exe
  2⤵
  PID:3284
- C:\Windows\System\KvvlYqn.exe
  C:\Windows\System\KvvlYqn.exe
  2⤵
  PID:3404
- C:\Windows\System\kJKVwYA.exe
  C:\Windows\System\kJKVwYA.exe
  2⤵
  PID:3696
- C:\Windows\System\ggOBFwE.exe
  C:\Windows\System\ggOBFwE.exe
  2⤵
  PID:3712
- C:\Windows\System\CRgvnvu.exe
  C:\Windows\System\CRgvnvu.exe
  2⤵
  PID:3872
- C:\Windows\System\mfbjJpu.exe
  C:\Windows\System\mfbjJpu.exe
  2⤵
  PID:2712
- C:\Windows\System\JWsOTPM.exe
  C:\Windows\System\JWsOTPM.exe
  2⤵
  PID:2192
- C:\Windows\System\FuApnwg.exe
  C:\Windows\System\FuApnwg.exe
  2⤵
  PID:2140
- C:\Windows\System\BqplVgD.exe
  C:\Windows\System\BqplVgD.exe
  2⤵
  PID:3868
- C:\Windows\System\QUCFwZX.exe
  C:\Windows\System\QUCFwZX.exe
  2⤵
  PID:3852
- C:\Windows\System\xYBHbdk.exe
  C:\Windows\System\xYBHbdk.exe
  2⤵
  PID:3808
- C:\Windows\System\VTYQohR.exe
  C:\Windows\System\VTYQohR.exe
  2⤵
  PID:3360
- C:\Windows\System\TwwJltm.exe
  C:\Windows\System\TwwJltm.exe
  2⤵
  PID:3732
- C:\Windows\System\WslMMQT.exe
  C:\Windows\System\WslMMQT.exe
  2⤵
  PID:1972
- C:\Windows\System\GEnCAoI.exe
  C:\Windows\System\GEnCAoI.exe
  2⤵
  PID:4048
- C:\Windows\System\nMhvtzz.exe
  C:\Windows\System\nMhvtzz.exe
  2⤵
  PID:3168
- C:\Windows\System\RzXfnVg.exe
  C:\Windows\System\RzXfnVg.exe
  2⤵
  PID:1616
- C:\Windows\System\eqDiZbQ.exe
  C:\Windows\System\eqDiZbQ.exe
  2⤵
  PID:3244
- C:\Windows\System\bbzFplt.exe
  C:\Windows\System\bbzFplt.exe
  2⤵
  PID:2328
- C:\Windows\System\tPrSPJa.exe
  C:\Windows\System\tPrSPJa.exe
  2⤵
  PID:3320
- C:\Windows\System\IZlAEyS.exe
  C:\Windows\System\IZlAEyS.exe
  2⤵
  PID:3132
- C:\Windows\System\QagQzHL.exe
  C:\Windows\System\QagQzHL.exe
  2⤵
  PID:2148
- C:\Windows\System\qbWjrXM.exe
  C:\Windows\System\qbWjrXM.exe
  2⤵
  PID:3668
- C:\Windows\System\gJcuHXf.exe
  C:\Windows\System\gJcuHXf.exe
  2⤵
  PID:3688
- C:\Windows\System\YuaosaP.exe
  C:\Windows\System\YuaosaP.exe
  2⤵
  PID:3896
- C:\Windows\System\pmTtIax.exe
  C:\Windows\System\pmTtIax.exe
  2⤵
  PID:2768
- C:\Windows\System\OHOniho.exe
  C:\Windows\System\OHOniho.exe
  2⤵
  PID:972
- C:\Windows\System\IFkStvG.exe
  C:\Windows\System\IFkStvG.exe
  2⤵
  PID:2416
- C:\Windows\System\LfesQTl.exe
  C:\Windows\System\LfesQTl.exe
  2⤵
  PID:4032
- C:\Windows\System\XCdWEFS.exe
  C:\Windows\System\XCdWEFS.exe
  2⤵
  PID:3488
- C:\Windows\System\FsRYdTX.exe
  C:\Windows\System\FsRYdTX.exe
  2⤵
  PID:2540
- C:\Windows\System\dhSzaim.exe
  C:\Windows\System\dhSzaim.exe
  2⤵
  PID:3952
- C:\Windows\System\EGttqcF.exe
  C:\Windows\System\EGttqcF.exe
  2⤵
  PID:2180
- C:\Windows\System\NbNBDxK.exe
  C:\Windows\System\NbNBDxK.exe
  2⤵
  PID:3336
- C:\Windows\System\hztGlTk.exe
  C:\Windows\System\hztGlTk.exe
  2⤵
  PID:2452
- C:\Windows\System\pzWehlx.exe
  C:\Windows\System\pzWehlx.exe
  2⤵
  PID:2412
- C:\Windows\System\eLslkuV.exe
  C:\Windows\System\eLslkuV.exe
  2⤵
  PID:2136
- C:\Windows\System\SbxehUW.exe
  C:\Windows\System\SbxehUW.exe
  2⤵
  PID:1172
- C:\Windows\System\dFwrxTK.exe
  C:\Windows\System\dFwrxTK.exe
  2⤵
  PID:1768
- C:\Windows\System\YMXQbGO.exe
  C:\Windows\System\YMXQbGO.exe
  2⤵
  PID:2720
- C:\Windows\System\yTfuduU.exe
  C:\Windows\System\yTfuduU.exe
  2⤵
  PID:3988
- C:\Windows\System\iENYOMb.exe
  C:\Windows\System\iENYOMb.exe
  2⤵
  PID:3656
- C:\Windows\System\wwmTvjo.exe
  C:\Windows\System\wwmTvjo.exe
  2⤵
  PID:4052
- C:\Windows\System\pmkMebS.exe
  C:\Windows\System\pmkMebS.exe
  2⤵
  PID:3716
- C:\Windows\System\BnidUGs.exe
  C:\Windows\System\BnidUGs.exe
  2⤵
  PID:1268
- C:\Windows\System\rVvUOoW.exe
  C:\Windows\System\rVvUOoW.exe
  2⤵
  PID:4072
- C:\Windows\System\ycGIuxb.exe
  C:\Windows\System\ycGIuxb.exe
  2⤵
  PID:2364
- C:\Windows\System\gVIRapD.exe
  C:\Windows\System\gVIRapD.exe
  2⤵
  PID:2396
- C:\Windows\System\OfWmoCt.exe
  C:\Windows\System\OfWmoCt.exe
  2⤵
  PID:4028
- C:\Windows\System\VRWKoTy.exe
  C:\Windows\System\VRWKoTy.exe
  2⤵
  PID:2360
- C:\Windows\System\feDmtnf.exe
  C:\Windows\System\feDmtnf.exe
  2⤵
  PID:2028
- C:\Windows\System\cRimfXO.exe
  C:\Windows\System\cRimfXO.exe
  2⤵
  PID:3444
- C:\Windows\System\oOcwJRc.exe
  C:\Windows\System\oOcwJRc.exe
  2⤵
  PID:3632
- C:\Windows\System\iOzRzlt.exe
  C:\Windows\System\iOzRzlt.exe
  2⤵
  PID:304
- C:\Windows\System\vnQUOKd.exe
  C:\Windows\System\vnQUOKd.exe
  2⤵
  PID:1324
- C:\Windows\System\iDJNdUH.exe
  C:\Windows\System\iDJNdUH.exe
  2⤵
  PID:3532
- C:\Windows\System\FQYkvsd.exe
  C:\Windows\System\FQYkvsd.exe
  2⤵
  PID:2344
- C:\Windows\System\ePiuIxH.exe
  C:\Windows\System\ePiuIxH.exe
  2⤵
  PID:1632
- C:\Windows\System\RAurOzl.exe
  C:\Windows\System\RAurOzl.exe
  2⤵
  PID:1932
- C:\Windows\System\MTKeOHa.exe
  C:\Windows\System\MTKeOHa.exe
  2⤵
  PID:2636
- C:\Windows\System\DvcCosX.exe
  C:\Windows\System\DvcCosX.exe
  2⤵
  PID:1800
- C:\Windows\System\bupRDCr.exe
  C:\Windows\System\bupRDCr.exe
  2⤵
  PID:3672
- C:\Windows\System\mrUKIGJ.exe
  C:\Windows\System\mrUKIGJ.exe
  2⤵
  PID:1864
- C:\Windows\System\aWKaIBw.exe
  C:\Windows\System\aWKaIBw.exe
  2⤵
  PID:3856
- C:\Windows\System\wFjOLqi.exe
  C:\Windows\System\wFjOLqi.exe
  2⤵
  PID:2040
- C:\Windows\System\LtZRhVe.exe
  C:\Windows\System\LtZRhVe.exe
  2⤵
  PID:1976
- C:\Windows\System\wtsbHED.exe
  C:\Windows\System\wtsbHED.exe
  2⤵
  PID:2692
- C:\Windows\System\Xctbbmi.exe
  C:\Windows\System\Xctbbmi.exe
  2⤵
  PID:2928
- C:\Windows\System\apzjXtJ.exe
  C:\Windows\System\apzjXtJ.exe
  2⤵
  PID:4108
- C:\Windows\System\pZkNYCV.exe
  C:\Windows\System\pZkNYCV.exe
  2⤵
  PID:4124
- C:\Windows\System\EaivOpQ.exe
  C:\Windows\System\EaivOpQ.exe
  2⤵
  PID:4140
- C:\Windows\System\MkrDzEK.exe
  C:\Windows\System\MkrDzEK.exe
  2⤵
  PID:4156
- C:\Windows\System\bJEyoXb.exe
  C:\Windows\System\bJEyoXb.exe
  2⤵
  PID:4172
- C:\Windows\System\mFMGJhy.exe
  C:\Windows\System\mFMGJhy.exe
  2⤵
  PID:4192
- C:\Windows\System\NvfwNqI.exe
  C:\Windows\System\NvfwNqI.exe
  2⤵
  PID:4212
- C:\Windows\System\WBIJzFZ.exe
  C:\Windows\System\WBIJzFZ.exe
  2⤵
  PID:4228
- C:\Windows\System\XFqIhaW.exe
  C:\Windows\System\XFqIhaW.exe
  2⤵
  PID:4248
- C:\Windows\System\NEsojGK.exe
  C:\Windows\System\NEsojGK.exe
  2⤵
  PID:4264
- C:\Windows\System\mOpzWyW.exe
  C:\Windows\System\mOpzWyW.exe
  2⤵
  PID:4280
- C:\Windows\System\hTrwvvt.exe
  C:\Windows\System\hTrwvvt.exe
  2⤵
  PID:4320
- C:\Windows\System\uQCzQcq.exe
  C:\Windows\System\uQCzQcq.exe
  2⤵
  PID:4348
- C:\Windows\System\NlZAnou.exe
  C:\Windows\System\NlZAnou.exe
  2⤵
  PID:4364
- C:\Windows\System\PmJwOpH.exe
  C:\Windows\System\PmJwOpH.exe
  2⤵
  PID:4384
- C:\Windows\System\xoRpgnK.exe
  C:\Windows\System\xoRpgnK.exe
  2⤵
  PID:4400
- C:\Windows\System\GrOHySR.exe
  C:\Windows\System\GrOHySR.exe
  2⤵
  PID:4416
- C:\Windows\System\nWgklfU.exe
  C:\Windows\System\nWgklfU.exe
  2⤵
  PID:4432
- C:\Windows\System\RjiUAZd.exe
  C:\Windows\System\RjiUAZd.exe
  2⤵
  PID:4448
- C:\Windows\System\HCvZdao.exe
  C:\Windows\System\HCvZdao.exe
  2⤵
  PID:4464
- C:\Windows\System\BCTGoio.exe
  C:\Windows\System\BCTGoio.exe
  2⤵
  PID:4480
- C:\Windows\System\UvMbEPq.exe
  C:\Windows\System\UvMbEPq.exe
  2⤵
  PID:4496
- C:\Windows\System\ZSOSCLM.exe
  C:\Windows\System\ZSOSCLM.exe
  2⤵
  PID:4512
- C:\Windows\System\MExGRNW.exe
  C:\Windows\System\MExGRNW.exe
  2⤵
  PID:4532
- C:\Windows\System\MgBJEJX.exe
  C:\Windows\System\MgBJEJX.exe
  2⤵
  PID:4548
- C:\Windows\System\KjWAgsh.exe
  C:\Windows\System\KjWAgsh.exe
  2⤵
  PID:4564
- C:\Windows\System\qDfeMuT.exe
  C:\Windows\System\qDfeMuT.exe
  2⤵
  PID:4580
- C:\Windows\System\rdhJeSU.exe
  C:\Windows\System\rdhJeSU.exe
  2⤵
  PID:4596
- C:\Windows\System\fLdOQQq.exe
  C:\Windows\System\fLdOQQq.exe
  2⤵
  PID:4612
- C:\Windows\System\BlucExZ.exe
  C:\Windows\System\BlucExZ.exe
  2⤵
  PID:4628
- C:\Windows\System\agLTCQU.exe
  C:\Windows\System\agLTCQU.exe
  2⤵
  PID:4644
- C:\Windows\System\xdChnSZ.exe
  C:\Windows\System\xdChnSZ.exe
  2⤵
  PID:4660
- C:\Windows\System\ieVWivW.exe
  C:\Windows\System\ieVWivW.exe
  2⤵
  PID:4676
- C:\Windows\System\MqrQYgv.exe
  C:\Windows\System\MqrQYgv.exe
  2⤵
  PID:4692
- C:\Windows\System\KiJvwPW.exe
  C:\Windows\System\KiJvwPW.exe
  2⤵
  PID:4712
- C:\Windows\System\TLaWwod.exe
  C:\Windows\System\TLaWwod.exe
  2⤵
  PID:4736
- C:\Windows\System\IdVRSNk.exe
  C:\Windows\System\IdVRSNk.exe
  2⤵
  PID:4764
- C:\Windows\System\srTSALQ.exe
  C:\Windows\System\srTSALQ.exe
  2⤵
  PID:4840
- C:\Windows\System\iBOWMoH.exe
  C:\Windows\System\iBOWMoH.exe
  2⤵
  PID:4872
- C:\Windows\System\FPXoUNH.exe
  C:\Windows\System\FPXoUNH.exe
  2⤵
  PID:4888
- C:\Windows\System\zUYuHAr.exe
  C:\Windows\System\zUYuHAr.exe
  2⤵
  PID:4904
- C:\Windows\System\UowiDST.exe
  C:\Windows\System\UowiDST.exe
  2⤵
  PID:4920
- C:\Windows\System\GIVlOfq.exe
  C:\Windows\System\GIVlOfq.exe
  2⤵
  PID:4940
- C:\Windows\System\MMDTOkI.exe
  C:\Windows\System\MMDTOkI.exe
  2⤵
  PID:4960
- C:\Windows\System\qyFWaow.exe
  C:\Windows\System\qyFWaow.exe
  2⤵
  PID:4996
- C:\Windows\System\LQQPVRY.exe
  C:\Windows\System\LQQPVRY.exe
  2⤵
  PID:5012
- C:\Windows\System\KWucWwu.exe
  C:\Windows\System\KWucWwu.exe
  2⤵
  PID:5028
- C:\Windows\System\dUhzyVg.exe
  C:\Windows\System\dUhzyVg.exe
  2⤵
  PID:5044
- C:\Windows\System\HuOdZdF.exe
  C:\Windows\System\HuOdZdF.exe
  2⤵
  PID:5060
- C:\Windows\System\IPjVJWM.exe
  C:\Windows\System\IPjVJWM.exe
  2⤵
  PID:5076
- C:\Windows\System\dkYkLmX.exe
  C:\Windows\System\dkYkLmX.exe
  2⤵
  PID:5092
- C:\Windows\System\IeoMsWG.exe
  C:\Windows\System\IeoMsWG.exe
  2⤵
  PID:5112
- C:\Windows\System\HfHZjIV.exe
  C:\Windows\System\HfHZjIV.exe
  2⤵
  PID:2044
- C:\Windows\System\ZKwJyty.exe
  C:\Windows\System\ZKwJyty.exe
  2⤵
  PID:2496
- C:\Windows\System\bCMXZwR.exe
  C:\Windows\System\bCMXZwR.exe
  2⤵
  PID:2804
- C:\Windows\System\eChRyHy.exe
  C:\Windows\System\eChRyHy.exe
  2⤵
  PID:2440
- C:\Windows\System\vGiiELB.exe
  C:\Windows\System\vGiiELB.exe
  2⤵
  PID:624
- C:\Windows\System\HbJtPtK.exe
  C:\Windows\System\HbJtPtK.exe
  2⤵
  PID:1992
- C:\Windows\System\AzaFcgf.exe
  C:\Windows\System\AzaFcgf.exe
  2⤵
  PID:3848
- C:\Windows\System\dlMvvOS.exe
  C:\Windows\System\dlMvvOS.exe
  2⤵
  PID:4164
- C:\Windows\System\vwweOsN.exe
  C:\Windows\System\vwweOsN.exe
  2⤵
  PID:4300
- C:\Windows\System\GzxutrY.exe
  C:\Windows\System\GzxutrY.exe
  2⤵
  PID:4312
- C:\Windows\System\dTaMYgD.exe
  C:\Windows\System\dTaMYgD.exe
  2⤵
  PID:820
- C:\Windows\System\npdPHig.exe
  C:\Windows\System\npdPHig.exe
  2⤵
  PID:4332
- C:\Windows\System\yaZFvBI.exe
  C:\Windows\System\yaZFvBI.exe
  2⤵
  PID:2504
- C:\Windows\System\CWyGskP.exe
  C:\Windows\System\CWyGskP.exe
  2⤵
  PID:4360
- C:\Windows\System\QkCRDrh.exe
  C:\Windows\System\QkCRDrh.exe
  2⤵
  PID:4520
- C:\Windows\System\koBdloy.exe
  C:\Windows\System\koBdloy.exe
  2⤵
  PID:4560
- C:\Windows\System\bzImUiK.exe
  C:\Windows\System\bzImUiK.exe
  2⤵
  PID:4652
- C:\Windows\System\NmTocPh.exe
  C:\Windows\System\NmTocPh.exe
  2⤵
  PID:4720
- C:\Windows\System\dHxNUmK.exe
  C:\Windows\System\dHxNUmK.exe
  2⤵
  PID:2036
- C:\Windows\System\Fiustle.exe
  C:\Windows\System\Fiustle.exe
  2⤵
  PID:4376
- C:\Windows\System\baDtzpR.exe
  C:\Windows\System\baDtzpR.exe
  2⤵
  PID:4708
- C:\Windows\System\YrTIHsf.exe
  C:\Windows\System\YrTIHsf.exe
  2⤵
  PID:4640
- C:\Windows\System\PhtNMbo.exe
  C:\Windows\System\PhtNMbo.exe
  2⤵
  PID:4576
- C:\Windows\System\eVVMnuq.exe
  C:\Windows\System\eVVMnuq.exe
  2⤵
  PID:4508
- C:\Windows\System\hpKHeNm.exe
  C:\Windows\System\hpKHeNm.exe
  2⤵
  PID:4440
- C:\Windows\System\isuELns.exe
  C:\Windows\System\isuELns.exe
  2⤵
  PID:4760
- C:\Windows\System\BocikhL.exe
  C:\Windows\System\BocikhL.exe
  2⤵
  PID:4784
- C:\Windows\System\fllvAwK.exe
  C:\Windows\System\fllvAwK.exe
  2⤵
  PID:4800
- C:\Windows\System\iupBANM.exe
  C:\Windows\System\iupBANM.exe
  2⤵
  PID:4820
- C:\Windows\System\RsdQEPP.exe
  C:\Windows\System\RsdQEPP.exe
  2⤵
  PID:4832
- C:\Windows\System\uktStWL.exe
  C:\Windows\System\uktStWL.exe
  2⤵
  PID:560
- C:\Windows\System\FerscGM.exe
  C:\Windows\System\FerscGM.exe
  2⤵
  PID:4864
- C:\Windows\System\BwEoqeD.exe
  C:\Windows\System\BwEoqeD.exe
  2⤵
  PID:4860
- C:\Windows\System\wkDHjer.exe
  C:\Windows\System\wkDHjer.exe
  2⤵
  PID:4948
- C:\Windows\System\kMSoQoL.exe
  C:\Windows\System\kMSoQoL.exe
  2⤵
  PID:5088
- C:\Windows\System\knngwCq.exe
  C:\Windows\System\knngwCq.exe
  2⤵
  PID:3052
- C:\Windows\System\HraIPuZ.exe
  C:\Windows\System\HraIPuZ.exe
  2⤵
  PID:584
- C:\Windows\System\wykWKfe.exe
  C:\Windows\System\wykWKfe.exe
  2⤵
  PID:4132
- C:\Windows\System\JmHKZAG.exe
  C:\Windows\System\JmHKZAG.exe
  2⤵
  PID:5104
- C:\Windows\System\EjlDYfh.exe
  C:\Windows\System\EjlDYfh.exe
  2⤵
  PID:2520
- C:\Windows\System\tLqmMAW.exe
  C:\Windows\System\tLqmMAW.exe
  2⤵
  PID:5036
- C:\Windows\System\iUxYvUg.exe
  C:\Windows\System\iUxYvUg.exe
  2⤵
  PID:1092
- C:\Windows\System\tsBEXGB.exe
  C:\Windows\System\tsBEXGB.exe
  2⤵
  PID:4152
- C:\Windows\System\ZxkttWZ.exe
  C:\Windows\System\ZxkttWZ.exe
  2⤵
  PID:4224
- C:\Windows\System\LlLJXjn.exe
  C:\Windows\System\LlLJXjn.exe
  2⤵
  PID:4204
- C:\Windows\System\eMUlAEN.exe
  C:\Windows\System\eMUlAEN.exe
  2⤵
  PID:4208
- C:\Windows\System\FMMYBFz.exe
  C:\Windows\System\FMMYBFz.exe
  2⤵
  PID:4292
- C:\Windows\System\ClQoXSp.exe
  C:\Windows\System\ClQoXSp.exe
  2⤵
  PID:2252
- C:\Windows\System\CqSvcpx.exe
  C:\Windows\System\CqSvcpx.exe
  2⤵
  PID:4460
- C:\Windows\System\kHIlVRa.exe
  C:\Windows\System\kHIlVRa.exe
  2⤵
  PID:4488
- C:\Windows\System\WZmwRJA.exe
  C:\Windows\System\WZmwRJA.exe
  2⤵
  PID:4604
- C:\Windows\System\iGFaymg.exe
  C:\Windows\System\iGFaymg.exe
  2⤵
  PID:2564
- C:\Windows\System\eKvqlgS.exe
  C:\Windows\System\eKvqlgS.exe
  2⤵
  PID:4812
- C:\Windows\System\MTBgRcD.exe
  C:\Windows\System\MTBgRcD.exe
  2⤵
  PID:4916
- C:\Windows\System\olXgNjC.exe
  C:\Windows\System\olXgNjC.exe
  2⤵
  PID:4988
- C:\Windows\System\HJThQAb.exe
  C:\Windows\System\HJThQAb.exe
  2⤵
  PID:5024
- C:\Windows\System\ZklJIqR.exe
  C:\Windows\System\ZklJIqR.exe
  2⤵
  PID:4700
- C:\Windows\System\CowBpVq.exe
  C:\Windows\System\CowBpVq.exe
  2⤵
  PID:4684
- C:\Windows\System\FKgKJHc.exe
  C:\Windows\System\FKgKJHc.exe
  2⤵
  PID:4504
- C:\Windows\System\TXOxXRv.exe
  C:\Windows\System\TXOxXRv.exe
  2⤵
  PID:4752
- C:\Windows\System\DEKPjvO.exe
  C:\Windows\System\DEKPjvO.exe
  2⤵
  PID:4932
- C:\Windows\System\GacpZBc.exe
  C:\Windows\System\GacpZBc.exe
  2⤵
  PID:5052
- C:\Windows\System\kceOTko.exe
  C:\Windows\System\kceOTko.exe
  2⤵
  PID:2268
- C:\Windows\System\VbgmHIe.exe
  C:\Windows\System\VbgmHIe.exe
  2⤵
  PID:5100
- C:\Windows\System\xRrZbdP.exe
  C:\Windows\System\xRrZbdP.exe
  2⤵
  PID:1740
- C:\Windows\System\WVgmHAm.exe
  C:\Windows\System\WVgmHAm.exe
  2⤵
  PID:4296
- C:\Windows\System\zfuopTK.exe
  C:\Windows\System\zfuopTK.exe
  2⤵
  PID:4456
- C:\Windows\System\iNfOEJu.exe
  C:\Windows\System\iNfOEJu.exe
  2⤵
  PID:680
- C:\Windows\System\IcOgbRg.exe
  C:\Windows\System\IcOgbRg.exe
  2⤵
  PID:4308
- C:\Windows\System\PtoEvZW.exe
  C:\Windows\System\PtoEvZW.exe
  2⤵
  PID:1668
- C:\Windows\System\LVrlHZB.exe
  C:\Windows\System\LVrlHZB.exe
  2⤵
  PID:2236
- C:\Windows\System\cPeqTny.exe
  C:\Windows\System\cPeqTny.exe
  2⤵
  PID:4556
- C:\Windows\System\RhgyuHB.exe
  C:\Windows\System\RhgyuHB.exe
  2⤵
  PID:4624
- C:\Windows\System\FaHtYXH.exe
  C:\Windows\System\FaHtYXH.exe
  2⤵
  PID:4380
- C:\Windows\System\IIERmES.exe
  C:\Windows\System\IIERmES.exe
  2⤵
  PID:4912
- C:\Windows\System\gfMcmdT.exe
  C:\Windows\System\gfMcmdT.exe
  2⤵
  PID:4972
- C:\Windows\System\gsEQBsn.exe
  C:\Windows\System\gsEQBsn.exe
  2⤵
  PID:4788
- C:\Windows\System\vtLnNne.exe
  C:\Windows\System\vtLnNne.exe
  2⤵
  PID:4668
- C:\Windows\System\qiEJsjh.exe
  C:\Windows\System\qiEJsjh.exe
  2⤵
  PID:5056
- C:\Windows\System\OfMfIQk.exe
  C:\Windows\System\OfMfIQk.exe
  2⤵
  PID:3648
- C:\Windows\System\qrTGFuC.exe
  C:\Windows\System\qrTGFuC.exe
  2⤵
  PID:2708
- C:\Windows\System\pQdJbBB.exe
  C:\Windows\System\pQdJbBB.exe
  2⤵
  PID:4792
- C:\Windows\System\HfvJEQS.exe
  C:\Windows\System\HfvJEQS.exe
  2⤵
  PID:5040
- C:\Windows\System\YNGNarP.exe
  C:\Windows\System\YNGNarP.exe
  2⤵
  PID:1876
- C:\Windows\System\xUyLtqA.exe
  C:\Windows\System\xUyLtqA.exe
  2⤵
  PID:4620
- C:\Windows\System\FkHLQTB.exe
  C:\Windows\System\FkHLQTB.exe
  2⤵
  PID:4884
- C:\Windows\System\ZFrRtyC.exe
  C:\Windows\System\ZFrRtyC.exe
  2⤵
  PID:2556
- C:\Windows\System\OVDHXDY.exe
  C:\Windows\System\OVDHXDY.exe
  2⤵
  PID:2332
- C:\Windows\System\sDGudpo.exe
  C:\Windows\System\sDGudpo.exe
  2⤵
  PID:4288
- C:\Windows\System\kNpBHBh.exe
  C:\Windows\System\kNpBHBh.exe
  2⤵
  PID:4852
- C:\Windows\System\TgrQYqx.exe
  C:\Windows\System\TgrQYqx.exe
  2⤵
  PID:4856
- C:\Windows\System\dzXtXEC.exe
  C:\Windows\System\dzXtXEC.exe
  2⤵
  PID:5136
- C:\Windows\System\TGzHULL.exe
  C:\Windows\System\TGzHULL.exe
  2⤵
  PID:5156
- C:\Windows\System\LtFQgcB.exe
  C:\Windows\System\LtFQgcB.exe
  2⤵
  PID:5172
- C:\Windows\System\sFufYOs.exe
  C:\Windows\System\sFufYOs.exe
  2⤵
  PID:5192
- C:\Windows\System\OlXWoLN.exe
  C:\Windows\System\OlXWoLN.exe
  2⤵
  PID:5264
- C:\Windows\System\YliCuUs.exe
  C:\Windows\System\YliCuUs.exe
  2⤵
  PID:5280
- C:\Windows\System\BKEFyAN.exe
  C:\Windows\System\BKEFyAN.exe
  2⤵
  PID:5300
- C:\Windows\System\XcmeiTc.exe
  C:\Windows\System\XcmeiTc.exe
  2⤵
  PID:5320
- C:\Windows\System\qSkjeWO.exe
  C:\Windows\System\qSkjeWO.exe
  2⤵
  PID:5336
- C:\Windows\System\bSlRWtk.exe
  C:\Windows\System\bSlRWtk.exe
  2⤵
  PID:5356
- C:\Windows\System\NMVPGPV.exe
  C:\Windows\System\NMVPGPV.exe
  2⤵
  PID:5372
- C:\Windows\System\IlYfyci.exe
  C:\Windows\System\IlYfyci.exe
  2⤵
  PID:5388
- C:\Windows\System\kkllids.exe
  C:\Windows\System\kkllids.exe
  2⤵
  PID:5424
- C:\Windows\System\mejWAFz.exe
  C:\Windows\System\mejWAFz.exe
  2⤵
  PID:5440
- C:\Windows\System\ArytOhC.exe
  C:\Windows\System\ArytOhC.exe
  2⤵
  PID:5456
- C:\Windows\System\IabRqFp.exe
  C:\Windows\System\IabRqFp.exe
  2⤵
  PID:5472
- C:\Windows\System\roLXuMV.exe
  C:\Windows\System\roLXuMV.exe
  2⤵
  PID:5488
- C:\Windows\System\BJIZrNk.exe
  C:\Windows\System\BJIZrNk.exe
  2⤵
  PID:5508
- C:\Windows\System\yJuBmpG.exe
  C:\Windows\System\yJuBmpG.exe
  2⤵
  PID:5524
- C:\Windows\System\Rqlmtzo.exe
  C:\Windows\System\Rqlmtzo.exe
  2⤵
  PID:5544
- C:\Windows\System\kpfhWlY.exe
  C:\Windows\System\kpfhWlY.exe
  2⤵
  PID:5564
- C:\Windows\System\TGcEMNF.exe
  C:\Windows\System\TGcEMNF.exe
  2⤵
  PID:5588
- C:\Windows\System\YbfmNmn.exe
  C:\Windows\System\YbfmNmn.exe
  2⤵
  PID:5604
- C:\Windows\System\eQCGgvc.exe
  C:\Windows\System\eQCGgvc.exe
  2⤵
  PID:5636
- C:\Windows\System\EkIqbRp.exe
  C:\Windows\System\EkIqbRp.exe
  2⤵
  PID:5652
- C:\Windows\System\qQVrqny.exe
  C:\Windows\System\qQVrqny.exe
  2⤵
  PID:5668
- C:\Windows\System\fDPelIV.exe
  C:\Windows\System\fDPelIV.exe
  2⤵
  PID:5700
- C:\Windows\System\zTyNwSu.exe
  C:\Windows\System\zTyNwSu.exe
  2⤵
  PID:5716
- C:\Windows\System\RNXbPth.exe
  C:\Windows\System\RNXbPth.exe
  2⤵
  PID:5732
- C:\Windows\System\PoNAEeg.exe
  C:\Windows\System\PoNAEeg.exe
  2⤵
  PID:5748
- C:\Windows\System\fxZBttb.exe
  C:\Windows\System\fxZBttb.exe
  2⤵
  PID:5768
- C:\Windows\System\GjrjhuX.exe
  C:\Windows\System\GjrjhuX.exe
  2⤵
  PID:5784
- C:\Windows\System\SLtkwsd.exe
  C:\Windows\System\SLtkwsd.exe
  2⤵
  PID:5800
- C:\Windows\System\dOIutUf.exe
  C:\Windows\System\dOIutUf.exe
  2⤵
  PID:5816
- C:\Windows\System\fdBNqwO.exe
  C:\Windows\System\fdBNqwO.exe
  2⤵
  PID:5832
- C:\Windows\System\RaBpqxi.exe
  C:\Windows\System\RaBpqxi.exe
  2⤵
  PID:5848
- C:\Windows\System\CnMUQfE.exe
  C:\Windows\System\CnMUQfE.exe
  2⤵
  PID:5864
- C:\Windows\System\iBuohCr.exe
  C:\Windows\System\iBuohCr.exe
  2⤵
  PID:5880
- C:\Windows\System\kWOIPVJ.exe
  C:\Windows\System\kWOIPVJ.exe
  2⤵
  PID:5920
- C:\Windows\System\PCBzriG.exe
  C:\Windows\System\PCBzriG.exe
  2⤵
  PID:5944
- C:\Windows\System\SZbUtyC.exe
  C:\Windows\System\SZbUtyC.exe
  2⤵
  PID:5984
- C:\Windows\System\zAADRWa.exe
  C:\Windows\System\zAADRWa.exe
  2⤵
  PID:6004
- C:\Windows\System\WXDXRuo.exe
  C:\Windows\System\WXDXRuo.exe
  2⤵
  PID:6024
- C:\Windows\System\gXWnKYT.exe
  C:\Windows\System\gXWnKYT.exe
  2⤵
  PID:6048
- C:\Windows\System\qMMWohE.exe
  C:\Windows\System\qMMWohE.exe
  2⤵
  PID:6064
- C:\Windows\System\GJhujaY.exe
  C:\Windows\System\GJhujaY.exe
  2⤵
  PID:6080
- C:\Windows\System\yafJaKO.exe
  C:\Windows\System\yafJaKO.exe
  2⤵
  PID:6096
- C:\Windows\System\Srepxiz.exe
  C:\Windows\System\Srepxiz.exe
  2⤵
  PID:6116
- C:\Windows\System\DZtPhjt.exe
  C:\Windows\System\DZtPhjt.exe
  2⤵
  PID:6132
- C:\Windows\System\quOVXKi.exe
  C:\Windows\System\quOVXKi.exe
  2⤵
  PID:4528
- C:\Windows\System\XXxjPuI.exe
  C:\Windows\System\XXxjPuI.exe
  2⤵
  PID:4756
- C:\Windows\System\EhkrghK.exe
  C:\Windows\System\EhkrghK.exe
  2⤵
  PID:2728
- C:\Windows\System\HtXIsVE.exe
  C:\Windows\System\HtXIsVE.exe
  2⤵
  PID:5188
- C:\Windows\System\lezaDbp.exe
  C:\Windows\System\lezaDbp.exe
  2⤵
  PID:4828
- C:\Windows\System\mndytlh.exe
  C:\Windows\System\mndytlh.exe
  2⤵
  PID:2356
- C:\Windows\System\ANqQyeo.exe
  C:\Windows\System\ANqQyeo.exe
  2⤵
  PID:4220
- C:\Windows\System\BwRMDcp.exe
  C:\Windows\System\BwRMDcp.exe
  2⤵
  PID:5276
- C:\Windows\System\DyyDlDQ.exe
  C:\Windows\System\DyyDlDQ.exe
  2⤵
  PID:4428
- C:\Windows\System\FwurGjm.exe
  C:\Windows\System\FwurGjm.exe
  2⤵
  PID:5132
- C:\Windows\System\FpLyRxo.exe
  C:\Windows\System\FpLyRxo.exe
  2⤵
  PID:5308
- C:\Windows\System\mYBzNsF.exe
  C:\Windows\System\mYBzNsF.exe
  2⤵
  PID:5228
- C:\Windows\System\dZWEOrQ.exe
  C:\Windows\System\dZWEOrQ.exe
  2⤵
  PID:5248
- C:\Windows\System\jtGQipv.exe
  C:\Windows\System\jtGQipv.exe
  2⤵
  PID:5288
- C:\Windows\System\pLCZEzZ.exe
  C:\Windows\System\pLCZEzZ.exe
  2⤵
  PID:5364
- C:\Windows\System\JdAuamX.exe
  C:\Windows\System\JdAuamX.exe
  2⤵
  PID:5432
- C:\Windows\System\BPacLIK.exe
  C:\Windows\System\BPacLIK.exe
  2⤵
  PID:5496
- C:\Windows\System\cZSbNxc.exe
  C:\Windows\System\cZSbNxc.exe
  2⤵
  PID:5368
- C:\Windows\System\jrpoPUq.exe
  C:\Windows\System\jrpoPUq.exe
  2⤵
  PID:5536
- C:\Windows\System\CunImIF.exe
  C:\Windows\System\CunImIF.exe
  2⤵
  PID:5556
- C:\Windows\System\aJQDCRr.exe
  C:\Windows\System\aJQDCRr.exe
  2⤵
  PID:5516
- C:\Windows\System\zlnwbNr.exe
  C:\Windows\System\zlnwbNr.exe
  2⤵
  PID:5616
- C:\Windows\System\Uzqkaye.exe
  C:\Windows\System\Uzqkaye.exe
  2⤵
  PID:5660
- C:\Windows\System\iePwHxu.exe
  C:\Windows\System\iePwHxu.exe
  2⤵
  PID:5676
- C:\Windows\System\USDXDTK.exe
  C:\Windows\System\USDXDTK.exe
  2⤵
  PID:5696
- C:\Windows\System\pFngaIP.exe
  C:\Windows\System\pFngaIP.exe
  2⤵
  PID:5688
- C:\Windows\System\ltYmKTT.exe
  C:\Windows\System\ltYmKTT.exe
  2⤵
  PID:5708
- C:\Windows\System\kcJaqHV.exe
  C:\Windows\System\kcJaqHV.exe
  2⤵
  PID:5872
- C:\Windows\System\jboyejH.exe
  C:\Windows\System\jboyejH.exe
  2⤵
  PID:5892
- C:\Windows\System\HXikgCV.exe
  C:\Windows\System\HXikgCV.exe
  2⤵
  PID:5908
- C:\Windows\System\uHZBFVP.exe
  C:\Windows\System\uHZBFVP.exe
  2⤵
  PID:5824
- C:\Windows\System\CRpDTFC.exe
  C:\Windows\System\CRpDTFC.exe
  2⤵
  PID:5860
- C:\Windows\System\UCjrOmK.exe
  C:\Windows\System\UCjrOmK.exe
  2⤵
  PID:5964
- C:\Windows\System\NQMmUul.exe
  C:\Windows\System\NQMmUul.exe
  2⤵
  PID:5996
- C:\Windows\System\CVtzlel.exe
  C:\Windows\System\CVtzlel.exe
  2⤵
  PID:5980
- C:\Windows\System\ksiKXpN.exe
  C:\Windows\System\ksiKXpN.exe
  2⤵
  PID:6060
- C:\Windows\System\DklKYqX.exe
  C:\Windows\System\DklKYqX.exe
  2⤵
  PID:6044
- C:\Windows\System\GYUhxxJ.exe
  C:\Windows\System\GYUhxxJ.exe
  2⤵
  PID:6104
- C:\Windows\System\pJCIQNh.exe
  C:\Windows\System\pJCIQNh.exe
  2⤵
  PID:4796
- C:\Windows\System\sYhHOXG.exe
  C:\Windows\System\sYhHOXG.exe
  2⤵
  PID:5180
- C:\Windows\System\EnFGaJZ.exe
  C:\Windows\System\EnFGaJZ.exe
  2⤵
  PID:4900
- C:\Windows\System\NXIXBkx.exe
  C:\Windows\System\NXIXBkx.exe
  2⤵
  PID:5200
- C:\Windows\System\nFXvezK.exe
  C:\Windows\System\nFXvezK.exe
  2⤵
  PID:5380
- C:\Windows\System\GUTEzmA.exe
  C:\Windows\System\GUTEzmA.exe
  2⤵
  PID:5400
- C:\Windows\System\cHFnlhd.exe
  C:\Windows\System\cHFnlhd.exe
  2⤵
  PID:5504
- C:\Windows\System\gyFnXvR.exe
  C:\Windows\System\gyFnXvR.exe
  2⤵
  PID:5272
- C:\Windows\System\bgTluao.exe
  C:\Windows\System\bgTluao.exe
  2⤵
  PID:5344
- C:\Windows\System\WkTZgGc.exe
  C:\Windows\System\WkTZgGc.exe
  2⤵
  PID:5352
- C:\Windows\System\cVITqIw.exe
  C:\Windows\System\cVITqIw.exe
  2⤵
  PID:5404
- C:\Windows\System\sSJMMvH.exe
  C:\Windows\System\sSJMMvH.exe
  2⤵
  PID:5420
- C:\Windows\System\SEDWwcA.exe
  C:\Windows\System\SEDWwcA.exe
  2⤵
  PID:5692
- C:\Windows\System\JeoqqrB.exe
  C:\Windows\System\JeoqqrB.exe
  2⤵
  PID:5928
- C:\Windows\System\CAewYMC.exe
  C:\Windows\System\CAewYMC.exe
  2⤵
  PID:5796
- C:\Windows\System\bbnMiNV.exe
  C:\Windows\System\bbnMiNV.exe
  2⤵
  PID:5856
- C:\Windows\System\ygrnVBg.exe
  C:\Windows\System\ygrnVBg.exe
  2⤵
  PID:5412
- C:\Windows\System\YKZvOSK.exe
  C:\Windows\System\YKZvOSK.exe
  2⤵
  PID:6112
- C:\Windows\System\usxEmVR.exe
  C:\Windows\System\usxEmVR.exe
  2⤵
  PID:5612
- C:\Windows\System\kHXSYbJ.exe
  C:\Windows\System\kHXSYbJ.exe
  2⤵
  PID:6072
- C:\Windows\System\ZRfbTKl.exe
  C:\Windows\System\ZRfbTKl.exe
  2⤵
  PID:5584
- C:\Windows\System\KzWBbfM.exe
  C:\Windows\System\KzWBbfM.exe
  2⤵
  PID:6056
- C:\Windows\System\qECiBes.exe
  C:\Windows\System\qECiBes.exe
  2⤵
  PID:5756
- C:\Windows\System\gqCLjEN.exe
  C:\Windows\System\gqCLjEN.exe
  2⤵
  PID:312
- C:\Windows\System\IJwBpDO.exe
  C:\Windows\System\IJwBpDO.exe
  2⤵
  PID:5332
- C:\Windows\System\ucwHTLA.exe
  C:\Windows\System\ucwHTLA.exe
  2⤵
  PID:5216
- C:\Windows\System\qBSkXSu.exe
  C:\Windows\System\qBSkXSu.exe
  2⤵
  PID:5932
- C:\Windows\System\mEvQWmg.exe
  C:\Windows\System\mEvQWmg.exe
  2⤵
  PID:5560
- C:\Windows\System\gwbGXyH.exe
  C:\Windows\System\gwbGXyH.exe
  2⤵
  PID:6032
- C:\Windows\System\vVlVaDq.exe
  C:\Windows\System\vVlVaDq.exe
  2⤵
  PID:644
- C:\Windows\System\mkzxuAK.exe
  C:\Windows\System\mkzxuAK.exe
  2⤵
  PID:1968
- C:\Windows\System\sarSmTc.exe
  C:\Windows\System\sarSmTc.exe
  2⤵
  PID:2340
- C:\Windows\System\BOAksFJ.exe
  C:\Windows\System\BOAksFJ.exe
  2⤵
  PID:6020
- C:\Windows\System\fIlsSTi.exe
  C:\Windows\System\fIlsSTi.exe
  2⤵
  PID:5244
- C:\Windows\System\PKZQNOD.exe
  C:\Windows\System\PKZQNOD.exe
  2⤵
  PID:5240
- C:\Windows\System\VvKBpjJ.exe
  C:\Windows\System\VvKBpjJ.exe
  2⤵
  PID:5648
- C:\Windows\System\SxuNNla.exe
  C:\Windows\System\SxuNNla.exe
  2⤵
  PID:4780
- C:\Windows\System\kaDujRr.exe
  C:\Windows\System\kaDujRr.exe
  2⤵
  PID:5480
- C:\Windows\System\SdOfnZj.exe
  C:\Windows\System\SdOfnZj.exe
  2⤵
  PID:5808
- C:\Windows\System\bbxIAcN.exe
  C:\Windows\System\bbxIAcN.exe
  2⤵
  PID:5684
- C:\Windows\System\NpZShpU.exe
  C:\Windows\System\NpZShpU.exe
  2⤵
  PID:5844
- C:\Windows\System\asWALzj.exe
  C:\Windows\System\asWALzj.exe
  2⤵
  PID:4808
- C:\Windows\System\QIkmyzx.exe
  C:\Windows\System\QIkmyzx.exe
  2⤵
  PID:5168
- C:\Windows\System\Hjzuwfy.exe
  C:\Windows\System\Hjzuwfy.exe
  2⤵
  PID:6156
- C:\Windows\System\fuyMNdo.exe
  C:\Windows\System\fuyMNdo.exe
  2⤵
  PID:6176
- C:\Windows\System\FeqKkOS.exe
  C:\Windows\System\FeqKkOS.exe
  2⤵
  PID:6192
- C:\Windows\System\EHpIHkY.exe
  C:\Windows\System\EHpIHkY.exe
  2⤵
  PID:6212
- C:\Windows\System\GElxMEQ.exe
  C:\Windows\System\GElxMEQ.exe
  2⤵
  PID:6232
- C:\Windows\System\wMLNnSb.exe
  C:\Windows\System\wMLNnSb.exe
  2⤵
  PID:6252
- C:\Windows\System\KTkuHOe.exe
  C:\Windows\System\KTkuHOe.exe
  2⤵
  PID:6268
- C:\Windows\System\yqyDggx.exe
  C:\Windows\System\yqyDggx.exe
  2⤵
  PID:6288
- C:\Windows\System\lgYpTBG.exe
  C:\Windows\System\lgYpTBG.exe
  2⤵
  PID:6308
- C:\Windows\System\jaqiZcr.exe
  C:\Windows\System\jaqiZcr.exe
  2⤵
  PID:6324
- C:\Windows\System\CnBjbRI.exe
  C:\Windows\System\CnBjbRI.exe
  2⤵
  PID:6368
- C:\Windows\System\ynxRRtd.exe
  C:\Windows\System\ynxRRtd.exe
  2⤵
  PID:6384
- C:\Windows\System\nATpRkI.exe
  C:\Windows\System\nATpRkI.exe
  2⤵
  PID:6400
- C:\Windows\System\HCzJuxn.exe
  C:\Windows\System\HCzJuxn.exe
  2⤵
  PID:6420
- C:\Windows\System\WaBsiZv.exe
  C:\Windows\System\WaBsiZv.exe
  2⤵
  PID:6436
- C:\Windows\System\tTsuQCX.exe
  C:\Windows\System\tTsuQCX.exe
  2⤵
  PID:6452
- C:\Windows\System\YyahQtS.exe
  C:\Windows\System\YyahQtS.exe
  2⤵
  PID:6472
- C:\Windows\System\BxyZIBl.exe
  C:\Windows\System\BxyZIBl.exe
  2⤵
  PID:6508
- C:\Windows\System\oxhPpxV.exe
  C:\Windows\System\oxhPpxV.exe
  2⤵
  PID:6532
- C:\Windows\System\adnLOMS.exe
  C:\Windows\System\adnLOMS.exe
  2⤵
  PID:6564
- C:\Windows\System\gNLJvvH.exe
  C:\Windows\System\gNLJvvH.exe
  2⤵
  PID:6588
- C:\Windows\System\LdjdSIA.exe
  C:\Windows\System\LdjdSIA.exe
  2⤵
  PID:6612
- C:\Windows\System\YYlmVsE.exe
  C:\Windows\System\YYlmVsE.exe
  2⤵
  PID:6640
- C:\Windows\System\yiHuWJV.exe
  C:\Windows\System\yiHuWJV.exe
  2⤵
  PID:6656
- C:\Windows\System\yleHfAn.exe
  C:\Windows\System\yleHfAn.exe
  2⤵
  PID:6680
- C:\Windows\System\YkrXObu.exe
  C:\Windows\System\YkrXObu.exe
  2⤵
  PID:6704
- C:\Windows\System\GlQcAIC.exe
  C:\Windows\System\GlQcAIC.exe
  2⤵
  PID:6728
- C:\Windows\System\AgBNzOY.exe
  C:\Windows\System\AgBNzOY.exe
  2⤵
  PID:6744
- C:\Windows\System\LccmBTY.exe
  C:\Windows\System\LccmBTY.exe
  2⤵
  PID:6764
- C:\Windows\System\bXWJQOA.exe
  C:\Windows\System\bXWJQOA.exe
  2⤵
  PID:6780
- C:\Windows\System\gFyEHOa.exe
  C:\Windows\System\gFyEHOa.exe
  2⤵
  PID:6800
- C:\Windows\System\fwbCaDe.exe
  C:\Windows\System\fwbCaDe.exe
  2⤵
  PID:6824
- C:\Windows\System\fNSXjMV.exe
  C:\Windows\System\fNSXjMV.exe
  2⤵
  PID:6844
- C:\Windows\System\ZTngaiO.exe
  C:\Windows\System\ZTngaiO.exe
  2⤵
  PID:6860
- C:\Windows\System\wbMYNjc.exe
  C:\Windows\System\wbMYNjc.exe
  2⤵
  PID:6888
- C:\Windows\System\sRuiwbe.exe
  C:\Windows\System\sRuiwbe.exe
  2⤵
  PID:6904
- C:\Windows\System\TMlSFbl.exe
  C:\Windows\System\TMlSFbl.exe
  2⤵
  PID:6924
- C:\Windows\System\MpRCkZQ.exe
  C:\Windows\System\MpRCkZQ.exe
  2⤵
  PID:6940
- C:\Windows\System\rTtlWsf.exe
  C:\Windows\System\rTtlWsf.exe
  2⤵
  PID:6956
- C:\Windows\System\HcPbCjj.exe
  C:\Windows\System\HcPbCjj.exe
  2⤵
  PID:6976
- C:\Windows\System\dBKBcIj.exe
  C:\Windows\System\dBKBcIj.exe
  2⤵
  PID:6996
- C:\Windows\System\LkGIoLz.exe
  C:\Windows\System\LkGIoLz.exe
  2⤵
  PID:7012
- C:\Windows\System\KgwYeyS.exe
  C:\Windows\System\KgwYeyS.exe
  2⤵
  PID:7028
- C:\Windows\System\NpfVQnn.exe
  C:\Windows\System\NpfVQnn.exe
  2⤵
  PID:7048
- C:\Windows\System\SzqzEog.exe
  C:\Windows\System\SzqzEog.exe
  2⤵
  PID:7068
- C:\Windows\System\ACyhPWz.exe
  C:\Windows\System\ACyhPWz.exe
  2⤵
  PID:7084
- C:\Windows\System\vrtykeL.exe
  C:\Windows\System\vrtykeL.exe
  2⤵
  PID:7140
- C:\Windows\System\vAcoHBd.exe
  C:\Windows\System\vAcoHBd.exe
  2⤵
  PID:7156
- C:\Windows\System\cHxDzCi.exe
  C:\Windows\System\cHxDzCi.exe
  2⤵
  PID:6016
- C:\Windows\System\xMPvuWI.exe
  C:\Windows\System\xMPvuWI.exe
  2⤵
  PID:1880
- C:\Windows\System\bgBBsJi.exe
  C:\Windows\System\bgBBsJi.exe
  2⤵
  PID:6168
- C:\Windows\System\PsDjaWt.exe
  C:\Windows\System\PsDjaWt.exe
  2⤵
  PID:6240
- C:\Windows\System\LeHXmsA.exe
  C:\Windows\System\LeHXmsA.exe
  2⤵
  PID:6316
- C:\Windows\System\BFjjEAU.exe
  C:\Windows\System\BFjjEAU.exe
  2⤵
  PID:6220
- C:\Windows\System\eEshAxs.exe
  C:\Windows\System\eEshAxs.exe
  2⤵
  PID:6264
- C:\Windows\System\gpubkDv.exe
  C:\Windows\System\gpubkDv.exe
  2⤵
  PID:5464
- C:\Windows\System\gQxsdAO.exe
  C:\Windows\System\gQxsdAO.exe
  2⤵
  PID:6040
- C:\Windows\System\rbKeztY.exe
  C:\Windows\System\rbKeztY.exe
  2⤵
  PID:5236
- C:\Windows\System\qXJknjs.exe
  C:\Windows\System\qXJknjs.exe
  2⤵
  PID:5260
- C:\Windows\System\CICxGUr.exe
  C:\Windows\System\CICxGUr.exe
  2⤵
  PID:6188
- C:\Windows\System\MZKiSWk.exe
  C:\Windows\System\MZKiSWk.exe
  2⤵
  PID:6332
- C:\Windows\System\MusnUcg.exe
  C:\Windows\System\MusnUcg.exe
  2⤵
  PID:6444
- C:\Windows\System\gkHDovU.exe
  C:\Windows\System\gkHDovU.exe
  2⤵
  PID:6500
- C:\Windows\System\ZBHlHgt.exe
  C:\Windows\System\ZBHlHgt.exe
  2⤵
  PID:6544
- C:\Windows\System\uwItkuF.exe
  C:\Windows\System\uwItkuF.exe
  2⤵
  PID:6432
- C:\Windows\System\oNZlSpe.exe
  C:\Windows\System\oNZlSpe.exe
  2⤵
  PID:6344
- C:\Windows\System\fFHHgFS.exe
  C:\Windows\System\fFHHgFS.exe
  2⤵
  PID:6696
- C:\Windows\System\EUrRuPM.exe
  C:\Windows\System\EUrRuPM.exe
  2⤵
  PID:6360
- C:\Windows\System\XUlYUGa.exe
  C:\Windows\System\XUlYUGa.exe
  2⤵
  PID:6516
- C:\Windows\System\IYPOZfz.exe
  C:\Windows\System\IYPOZfz.exe
  2⤵
  PID:6576
- C:\Windows\System\PNjCapD.exe
  C:\Windows\System\PNjCapD.exe
  2⤵
  PID:6776
- C:\Windows\System\BXERQTA.exe
  C:\Windows\System\BXERQTA.exe
  2⤵
  PID:6676
- C:\Windows\System\PCWFCng.exe
  C:\Windows\System\PCWFCng.exe
  2⤵
  PID:6760
- C:\Windows\System\SMmVvUH.exe
  C:\Windows\System\SMmVvUH.exe
  2⤵
  PID:6816
- C:\Windows\System\DwmrtxG.exe
  C:\Windows\System\DwmrtxG.exe
  2⤵
  PID:6624
- C:\Windows\System\tZekoYR.exe
  C:\Windows\System\tZekoYR.exe
  2⤵
  PID:6936
- C:\Windows\System\RxjsdWY.exe
  C:\Windows\System\RxjsdWY.exe
  2⤵
  PID:7004
- C:\Windows\System\HAZJsyp.exe
  C:\Windows\System\HAZJsyp.exe
  2⤵
  PID:7040
- C:\Windows\System\cUzDULb.exe
  C:\Windows\System\cUzDULb.exe
  2⤵
  PID:6796
- C:\Windows\System\iFvjJMk.exe
  C:\Windows\System\iFvjJMk.exe
  2⤵
  PID:6720
- C:\Windows\System\OmIBxvp.exe
  C:\Windows\System\OmIBxvp.exe
  2⤵
  PID:6920
- C:\Windows\System\UBqMFuX.exe
  C:\Windows\System\UBqMFuX.exe
  2⤵
  PID:7020
- C:\Windows\System\DRwnwxK.exe
  C:\Windows\System\DRwnwxK.exe
  2⤵
  PID:6836
- C:\Windows\System\VgBzpCM.exe
  C:\Windows\System\VgBzpCM.exe
  2⤵
  PID:6876
- C:\Windows\System\wPQTNwl.exe
  C:\Windows\System\wPQTNwl.exe
  2⤵
  PID:7096
- C:\Windows\System\VUXVokO.exe
  C:\Windows\System\VUXVokO.exe
  2⤵
  PID:5840
- C:\Windows\System\mEreffl.exe
  C:\Windows\System\mEreffl.exe
  2⤵
  PID:6204
- C:\Windows\System\hXzQMcJ.exe
  C:\Windows\System\hXzQMcJ.exe
  2⤵
  PID:5904
- C:\Windows\System\aBkTWFv.exe
  C:\Windows\System\aBkTWFv.exe
  2⤵
  PID:7100
- C:\Windows\System\TwMxmGj.exe
  C:\Windows\System\TwMxmGj.exe
  2⤵
  PID:6528
- C:\Windows\System\VkEdXvK.exe
  C:\Windows\System\VkEdXvK.exe
  2⤵
  PID:6668
- C:\Windows\System\ocJnOfu.exe
  C:\Windows\System\ocJnOfu.exe
  2⤵
  PID:7036
- C:\Windows\System\qmADyyy.exe
  C:\Windows\System\qmADyyy.exe
  2⤵
  PID:6712
- C:\Windows\System\SptWzrq.exe
  C:\Windows\System\SptWzrq.exe
  2⤵
  PID:5144
- C:\Windows\System\WPElRhB.exe
  C:\Windows\System\WPElRhB.exe
  2⤵
  PID:6556
- C:\Windows\System\gAInRwH.exe
  C:\Windows\System\gAInRwH.exe
  2⤵
  PID:6300
- C:\Windows\System\hzPhvVS.exe
  C:\Windows\System\hzPhvVS.exe
  2⤵
  PID:6428
- C:\Windows\System\QiaQmHc.exe
  C:\Windows\System\QiaQmHc.exe
  2⤵
  PID:6792
- C:\Windows\System\ankZloh.exe
  C:\Windows\System\ankZloh.exe
  2⤵
  PID:6948
- C:\Windows\System\TaqNFLN.exe
  C:\Windows\System\TaqNFLN.exe
  2⤵
  PID:5624
- C:\Windows\System\ALWSiIJ.exe
  C:\Windows\System\ALWSiIJ.exe
  2⤵
  PID:7080
- C:\Windows\System\ZcYElKW.exe
  C:\Windows\System\ZcYElKW.exe
  2⤵
  PID:6604
- C:\Windows\System\bRTjllD.exe
  C:\Windows\System\bRTjllD.exe
  2⤵
  PID:7064
- C:\Windows\System\tKwApAy.exe
  C:\Windows\System\tKwApAy.exe
  2⤵
  PID:6496
- C:\Windows\System\JrufRTg.exe
  C:\Windows\System\JrufRTg.exe
  2⤵
  PID:6772
- C:\Windows\System\jMHXnfq.exe
  C:\Windows\System\jMHXnfq.exe
  2⤵
  PID:6856
- C:\Windows\System\NJeuPyD.exe
  C:\Windows\System\NJeuPyD.exe
  2⤵
  PID:7116
- C:\Windows\System\ncJPdYw.exe
  C:\Windows\System\ncJPdYw.exe
  2⤵
  PID:5328
- C:\Windows\System\OFJITLH.exe
  C:\Windows\System\OFJITLH.exe
  2⤵
  PID:6380
- C:\Windows\System\oxIEZxy.exe
  C:\Windows\System\oxIEZxy.exe
  2⤵
  PID:6628
- C:\Windows\System\dYMCMjd.exe
  C:\Windows\System\dYMCMjd.exe
  2⤵
  PID:7136
- C:\Windows\System\hwUaWvh.exe
  C:\Windows\System\hwUaWvh.exe
  2⤵
  PID:6700
- C:\Windows\System\hZjzUvv.exe
  C:\Windows\System\hZjzUvv.exe
  2⤵
  PID:6992
- C:\Windows\System\LpixjJx.exe
  C:\Windows\System\LpixjJx.exe
  2⤵
  PID:7164
- C:\Windows\System\SJQBMwp.exe
  C:\Windows\System\SJQBMwp.exe
  2⤵
  PID:6884
- C:\Windows\System\LLXSHEK.exe
  C:\Windows\System\LLXSHEK.exe
  2⤵
  PID:6320
- C:\Windows\System\XupSlEM.exe
  C:\Windows\System\XupSlEM.exe
  2⤵
  PID:6396
- C:\Windows\System\crBlRQo.exe
  C:\Windows\System\crBlRQo.exe
  2⤵
  PID:6916
- C:\Windows\System\etNNiaV.exe
  C:\Windows\System\etNNiaV.exe
  2⤵
  PID:7104
- C:\Windows\System\CeuAann.exe
  C:\Windows\System\CeuAann.exe
  2⤵
  PID:6636
- C:\Windows\System\SQVGuRC.exe
  C:\Windows\System\SQVGuRC.exe
  2⤵
  PID:5256
- C:\Windows\System\qhdEsHC.exe
  C:\Windows\System\qhdEsHC.exe
  2⤵
  PID:6284
- C:\Windows\System\XugWwyT.exe
  C:\Windows\System\XugWwyT.exe
  2⤵
  PID:6560
- C:\Windows\System\xhiqdDu.exe
  C:\Windows\System\xhiqdDu.exe
  2⤵
  PID:5540
- C:\Windows\System\WoZiWTa.exe
  C:\Windows\System\WoZiWTa.exe
  2⤵
  PID:6788
- C:\Windows\System\fJQfUHX.exe
  C:\Windows\System\fJQfUHX.exe
  2⤵
  PID:1552
- C:\Windows\System\jIpAslZ.exe
  C:\Windows\System\jIpAslZ.exe
  2⤵
  PID:6280
- C:\Windows\System\yLxXAtx.exe
  C:\Windows\System\yLxXAtx.exe
  2⤵
  PID:5976
- C:\Windows\System\gHdzARf.exe
  C:\Windows\System\gHdzARf.exe
  2⤵
  PID:6912
- C:\Windows\System\OcOIinY.exe
  C:\Windows\System\OcOIinY.exe
  2⤵
  PID:6932
- C:\Windows\System\tmrItgg.exe
  C:\Windows\System\tmrItgg.exe
  2⤵
  PID:6968
- C:\Windows\System\UPxFBmh.exe
  C:\Windows\System\UPxFBmh.exe
  2⤵
  PID:6740
- C:\Windows\System\NVmcjTB.exe
  C:\Windows\System\NVmcjTB.exe
  2⤵
  PID:6260
- C:\Windows\System\WOcaYEw.exe
  C:\Windows\System\WOcaYEw.exe
  2⤵
  PID:6652
- C:\Windows\System\mzAYNMA.exe
  C:\Windows\System\mzAYNMA.exe
  2⤵
  PID:1928
- C:\Windows\System\lxIYPdn.exe
  C:\Windows\System\lxIYPdn.exe
  2⤵
  PID:7172
- C:\Windows\System\dTUBByc.exe
  C:\Windows\System\dTUBByc.exe
  2⤵
  PID:7192
- C:\Windows\System\WOpYonv.exe
  C:\Windows\System\WOpYonv.exe
  2⤵
  PID:7208
- C:\Windows\System\kfqLMZJ.exe
  C:\Windows\System\kfqLMZJ.exe
  2⤵
  PID:7232
- C:\Windows\System\vOPLNPL.exe
  C:\Windows\System\vOPLNPL.exe
  2⤵
  PID:7252
- C:\Windows\System\TjhAcOf.exe
  C:\Windows\System\TjhAcOf.exe
  2⤵
  PID:7272
- C:\Windows\System\yhgEbHh.exe
  C:\Windows\System\yhgEbHh.exe
  2⤵
  PID:7288
- C:\Windows\System\WCoUmgE.exe
  C:\Windows\System\WCoUmgE.exe
  2⤵
  PID:7308
- C:\Windows\System\xzMeKpy.exe
  C:\Windows\System\xzMeKpy.exe
  2⤵
  PID:7324
- C:\Windows\System\adGYXPK.exe
  C:\Windows\System\adGYXPK.exe
  2⤵
  PID:7364
- C:\Windows\System\pastmmY.exe
  C:\Windows\System\pastmmY.exe
  2⤵
  PID:7380
- C:\Windows\System\CoXPgvi.exe
  C:\Windows\System\CoXPgvi.exe
  2⤵
  PID:7396
- C:\Windows\System\enHbRtF.exe
  C:\Windows\System\enHbRtF.exe
  2⤵
  PID:7420
- C:\Windows\System\diLDObH.exe
  C:\Windows\System\diLDObH.exe
  2⤵
  PID:7436
- C:\Windows\System\JlACbUq.exe
  C:\Windows\System\JlACbUq.exe
  2⤵
  PID:7452
- C:\Windows\System\EFKwFpv.exe
  C:\Windows\System\EFKwFpv.exe
  2⤵
  PID:7468
- C:\Windows\System\SDCISNB.exe
  C:\Windows\System\SDCISNB.exe
  2⤵
  PID:7492
- C:\Windows\System\SkOrCfJ.exe
  C:\Windows\System\SkOrCfJ.exe
  2⤵
  PID:7512
- C:\Windows\System\ioIQBff.exe
  C:\Windows\System\ioIQBff.exe
  2⤵
  PID:7528
- C:\Windows\System\jTgRGSQ.exe
  C:\Windows\System\jTgRGSQ.exe
  2⤵
  PID:7560
- C:\Windows\System\SfFwPce.exe
  C:\Windows\System\SfFwPce.exe
  2⤵
  PID:7576
- C:\Windows\System\jBquuoU.exe
  C:\Windows\System\jBquuoU.exe
  2⤵
  PID:7596
- C:\Windows\System\gtROjkp.exe
  C:\Windows\System\gtROjkp.exe
  2⤵
  PID:7612
- C:\Windows\System\qScbnuM.exe
  C:\Windows\System\qScbnuM.exe
  2⤵
  PID:7628
- C:\Windows\System\qEPhvXd.exe
  C:\Windows\System\qEPhvXd.exe
  2⤵
  PID:7648
- C:\Windows\System\fUAfsex.exe
  C:\Windows\System\fUAfsex.exe
  2⤵
  PID:7680
- C:\Windows\System\xbulGTy.exe
  C:\Windows\System\xbulGTy.exe
  2⤵
  PID:7696
- C:\Windows\System\XZEKnpU.exe
  C:\Windows\System\XZEKnpU.exe
  2⤵
  PID:7720
- C:\Windows\System\UEOHbqJ.exe
  C:\Windows\System\UEOHbqJ.exe
  2⤵
  PID:7744
- C:\Windows\System\WuVDTwx.exe
  C:\Windows\System\WuVDTwx.exe
  2⤵
  PID:7764
- C:\Windows\System\hqvrPnH.exe
  C:\Windows\System\hqvrPnH.exe
  2⤵
  PID:7784
- C:\Windows\System\gvHcDZo.exe
  C:\Windows\System\gvHcDZo.exe
  2⤵
  PID:7800
- C:\Windows\System\LMzaMzt.exe
  C:\Windows\System\LMzaMzt.exe
  2⤵
  PID:7816
- C:\Windows\System\USKpnhD.exe
  C:\Windows\System\USKpnhD.exe
  2⤵
  PID:7844
- C:\Windows\System\oYPgqpo.exe
  C:\Windows\System\oYPgqpo.exe
  2⤵
  PID:7864
- C:\Windows\System\gUpANet.exe
  C:\Windows\System\gUpANet.exe
  2⤵
  PID:7884
- C:\Windows\System\wrOCmyk.exe
  C:\Windows\System\wrOCmyk.exe
  2⤵
  PID:7904
- C:\Windows\System\TXSTukT.exe
  C:\Windows\System\TXSTukT.exe
  2⤵
  PID:7924
- C:\Windows\System\XLDnFRz.exe
  C:\Windows\System\XLDnFRz.exe
  2⤵
  PID:7940
- C:\Windows\System\cAWDTQI.exe
  C:\Windows\System\cAWDTQI.exe
  2⤵
  PID:7956
- C:\Windows\System\NNfSQzB.exe
  C:\Windows\System\NNfSQzB.exe
  2⤵
  PID:7976
- C:\Windows\System\hVpGrBV.exe
  C:\Windows\System\hVpGrBV.exe
  2⤵
  PID:7996
- C:\Windows\System\qCnBLmC.exe
  C:\Windows\System\qCnBLmC.exe
  2⤵
  PID:8012
- C:\Windows\System\EJHxsEl.exe
  C:\Windows\System\EJHxsEl.exe
  2⤵
  PID:8032
- C:\Windows\System\isPAanV.exe
  C:\Windows\System\isPAanV.exe
  2⤵
  PID:8056
- C:\Windows\System\hDGyHTJ.exe
  C:\Windows\System\hDGyHTJ.exe
  2⤵
  PID:8076
- C:\Windows\System\WAwHXwD.exe
  C:\Windows\System\WAwHXwD.exe
  2⤵
  PID:8100
- C:\Windows\System\YKMtHZL.exe
  C:\Windows\System\YKMtHZL.exe
  2⤵
  PID:8116
- C:\Windows\System\pHvPjaj.exe
  C:\Windows\System\pHvPjaj.exe
  2⤵
  PID:8136
- C:\Windows\System\LqtEBDL.exe
  C:\Windows\System\LqtEBDL.exe
  2⤵
  PID:8156
- C:\Windows\System\WHKwNHJ.exe
  C:\Windows\System\WHKwNHJ.exe
  2⤵
  PID:8180
- C:\Windows\System\XfOwqmk.exe
  C:\Windows\System\XfOwqmk.exe
  2⤵
  PID:7200
- C:\Windows\System\zlPXGze.exe
  C:\Windows\System\zlPXGze.exe
  2⤵
  PID:7056
- C:\Windows\System\pPnHNOs.exe
  C:\Windows\System\pPnHNOs.exe
  2⤵
  PID:7248
- C:\Windows\System\YyDLVHc.exe
  C:\Windows\System\YyDLVHc.exe
  2⤵
  PID:7320
- C:\Windows\System\LxeTbSS.exe
  C:\Windows\System\LxeTbSS.exe
  2⤵
  PID:7216
- C:\Windows\System\gCZlAPQ.exe
  C:\Windows\System\gCZlAPQ.exe
  2⤵
  PID:7268
- C:\Windows\System\teaZqVz.exe
  C:\Windows\System\teaZqVz.exe
  2⤵
  PID:7412
- C:\Windows\System\hVNEdDP.exe
  C:\Windows\System\hVNEdDP.exe
  2⤵
  PID:7340
- C:\Windows\System\hJzVzww.exe
  C:\Windows\System\hJzVzww.exe
  2⤵
  PID:7448
- C:\Windows\System\TREhKDR.exe
  C:\Windows\System\TREhKDR.exe
  2⤵
  PID:7480
- C:\Windows\System\nqWOFmz.exe
  C:\Windows\System\nqWOFmz.exe
  2⤵
  PID:7504
- C:\Windows\System\cgJWghz.exe
  C:\Windows\System\cgJWghz.exe
  2⤵
  PID:7568
- C:\Windows\System\FiEXKRc.exe
  C:\Windows\System\FiEXKRc.exe
  2⤵
  PID:7508
- C:\Windows\System\freZVxC.exe
  C:\Windows\System\freZVxC.exe
  2⤵
  PID:7552
- C:\Windows\System\ammpKdV.exe
  C:\Windows\System\ammpKdV.exe
  2⤵
  PID:7636
- C:\Windows\System\MsJatkg.exe
  C:\Windows\System\MsJatkg.exe
  2⤵
  PID:7540
- C:\Windows\System\QGjPgdr.exe
  C:\Windows\System\QGjPgdr.exe
  2⤵
  PID:7688
- C:\Windows\System\guNdMHD.exe
  C:\Windows\System\guNdMHD.exe
  2⤵
  PID:7732
- C:\Windows\System\LFZSOFP.exe
  C:\Windows\System\LFZSOFP.exe
  2⤵
  PID:7716
- C:\Windows\System\VoivPJY.exe
  C:\Windows\System\VoivPJY.exe
  2⤵
  PID:7772
- C:\Windows\System\VFSuvLB.exe
  C:\Windows\System\VFSuvLB.exe
  2⤵
  PID:7812
- C:\Windows\System\lismCRc.exe
  C:\Windows\System\lismCRc.exe
  2⤵
  PID:7836
- C:\Windows\System\mrkryrS.exe
  C:\Windows\System\mrkryrS.exe
  2⤵
  PID:7856
- C:\Windows\System\eYUgywF.exe
  C:\Windows\System\eYUgywF.exe
  2⤵
  PID:7892
- C:\Windows\System\vBDeNVz.exe
  C:\Windows\System\vBDeNVz.exe
  2⤵
  PID:7920
- C:\Windows\System\rTWbiMv.exe
  C:\Windows\System\rTWbiMv.exe
  2⤵
  PID:7060
- C:\Windows\System\PhJUmEt.exe
  C:\Windows\System\PhJUmEt.exe
  2⤵
  PID:7948
- C:\Windows\System\pFlOExU.exe
  C:\Windows\System\pFlOExU.exe
  2⤵
  PID:8020
- C:\Windows\System\MXMQtmJ.exe
  C:\Windows\System\MXMQtmJ.exe
  2⤵
  PID:7984
- C:\Windows\System\IxSNLqR.exe
  C:\Windows\System\IxSNLqR.exe
  2⤵
  PID:8092
- C:\Windows\System\wqIzXVa.exe
  C:\Windows\System\wqIzXVa.exe
  2⤵
  PID:8064
- C:\Windows\System\fRexsfY.exe
  C:\Windows\System\fRexsfY.exe
  2⤵
  PID:8132
- C:\Windows\System\ZAdJnSg.exe
  C:\Windows\System\ZAdJnSg.exe
  2⤵
  PID:8176
- C:\Windows\System\oMeBsHz.exe
  C:\Windows\System\oMeBsHz.exe
  2⤵
  PID:6752
- C:\Windows\System\xFmatwT.exe
  C:\Windows\System\xFmatwT.exe
  2⤵
  PID:7240
- C:\Windows\System\dwgaZHD.exe
  C:\Windows\System\dwgaZHD.exe
  2⤵
  PID:7304
- C:\Windows\System\vhymHDn.exe
  C:\Windows\System\vhymHDn.exe
  2⤵
  PID:7404
- C:\Windows\System\paPMlJL.exe
  C:\Windows\System\paPMlJL.exe
  2⤵
  PID:7360
- C:\Windows\System\EwOJrwe.exe
  C:\Windows\System\EwOJrwe.exe
  2⤵
  PID:7520
- C:\Windows\System\HHsVdhB.exe
  C:\Windows\System\HHsVdhB.exe
  2⤵
  PID:7432
- C:\Windows\System\neEmJDd.exe
  C:\Windows\System\neEmJDd.exe
  2⤵
  PID:7644
- C:\Windows\System\oOeNSLw.exe
  C:\Windows\System\oOeNSLw.exe
  2⤵
  PID:7604
- C:\Windows\System\VhexaTZ.exe
  C:\Windows\System\VhexaTZ.exe
  2⤵
  PID:7760
- C:\Windows\System\orONxFh.exe
  C:\Windows\System\orONxFh.exe
  2⤵
  PID:7880
- C:\Windows\System\qyamwLt.exe
  C:\Windows\System\qyamwLt.exe
  2⤵
  PID:7592
- C:\Windows\System\HGwRpdU.exe
  C:\Windows\System\HGwRpdU.exe
  2⤵
  PID:5916
- C:\Windows\System\CNSyWtI.exe
  C:\Windows\System\CNSyWtI.exe
  2⤵
  PID:8044
- C:\Windows\System\KeUSgpb.exe
  C:\Windows\System\KeUSgpb.exe
  2⤵
  PID:8028
- C:\Windows\System\hFYZLnC.exe
  C:\Windows\System\hFYZLnC.exe
  2⤵
  PID:8024
- C:\Windows\System\dccghUt.exe
  C:\Windows\System\dccghUt.exe
  2⤵
  PID:7860
- C:\Windows\System\GWNkQou.exe
  C:\Windows\System\GWNkQou.exe
  2⤵
  PID:8128
- C:\Windows\System\BQGWatf.exe
  C:\Windows\System\BQGWatf.exe
  2⤵
  PID:7128
- C:\Windows\System\wWFSRaj.exe
  C:\Windows\System\wWFSRaj.exe
  2⤵
  PID:7332
- C:\Windows\System\JmHzSaE.exe
  C:\Windows\System\JmHzSaE.exe
  2⤵
  PID:8068
- C:\Windows\System\JEfUODh.exe
  C:\Windows\System\JEfUODh.exe
  2⤵
  PID:7188
- C:\Windows\System\WIuDrtc.exe
  C:\Windows\System\WIuDrtc.exe
  2⤵
  PID:8188
- C:\Windows\System\sQGQGQU.exe
  C:\Windows\System\sQGQGQU.exe
  2⤵
  PID:7376
- C:\Windows\System\cEfxdXq.exe
  C:\Windows\System\cEfxdXq.exe
  2⤵
  PID:6756
- C:\Windows\System\fNEAVUV.exe
  C:\Windows\System\fNEAVUV.exe
  2⤵
  PID:7588
- C:\Windows\System\DrHRyqI.exe
  C:\Windows\System\DrHRyqI.exe
  2⤵
  PID:6468
- C:\Windows\System\uEVALzN.exe
  C:\Windows\System\uEVALzN.exe
  2⤵
  PID:7808
- C:\Windows\System\BxPjYYb.exe
  C:\Windows\System\BxPjYYb.exe
  2⤵
  PID:8164
- C:\Windows\System\TQVBMii.exe
  C:\Windows\System\TQVBMii.exe
  2⤵
  PID:5912
- C:\Windows\System\fiRmBPw.exe
  C:\Windows\System\fiRmBPw.exe
  2⤵
  PID:8144
- C:\Windows\System\SgBmRmz.exe
  C:\Windows\System\SgBmRmz.exe
  2⤵
  PID:7260
- C:\Windows\System\EQfEEjp.exe
  C:\Windows\System\EQfEEjp.exe
  2⤵
  PID:8008
- C:\Windows\System\qbOeIHX.exe
  C:\Windows\System\qbOeIHX.exe
  2⤵
  PID:7352
- C:\Windows\System\VDHWLTr.exe
  C:\Windows\System\VDHWLTr.exe
  2⤵
  PID:8088
- C:\Windows\System\ByxgFNb.exe
  C:\Windows\System\ByxgFNb.exe
  2⤵
  PID:7692
- C:\Windows\System\IifSrdY.exe
  C:\Windows\System\IifSrdY.exe
  2⤵
  PID:8108
- C:\Windows\System\umLrVdt.exe
  C:\Windows\System\umLrVdt.exe
  2⤵
  PID:8204
- C:\Windows\System\yaDKsDF.exe
  C:\Windows\System\yaDKsDF.exe
  2⤵
  PID:8260
- C:\Windows\System\RwUlyAW.exe
  C:\Windows\System\RwUlyAW.exe
  2⤵
  PID:8276
- C:\Windows\System\huCJYsn.exe
  C:\Windows\System\huCJYsn.exe
  2⤵
  PID:8292
- C:\Windows\System\XAoRurl.exe
  C:\Windows\System\XAoRurl.exe
  2⤵
  PID:8324
- C:\Windows\System\dkCuWQl.exe
  C:\Windows\System\dkCuWQl.exe
  2⤵
  PID:8340
- C:\Windows\System\ytNwzgp.exe
  C:\Windows\System\ytNwzgp.exe
  2⤵
  PID:8356
- C:\Windows\System\ViufuAJ.exe
  C:\Windows\System\ViufuAJ.exe
  2⤵
  PID:8372
- C:\Windows\System\qYoIMRl.exe
  C:\Windows\System\qYoIMRl.exe
  2⤵
  PID:8404
- C:\Windows\System\yAzFAkl.exe
  C:\Windows\System\yAzFAkl.exe
  2⤵
  PID:8420
- C:\Windows\System\XTXqCfn.exe
  C:\Windows\System\XTXqCfn.exe
  2⤵
  PID:8436
- C:\Windows\System\QsieHcV.exe
  C:\Windows\System\QsieHcV.exe
  2⤵
  PID:8452
- C:\Windows\System\MlHhjGi.exe
  C:\Windows\System\MlHhjGi.exe
  2⤵
  PID:8472
- C:\Windows\System\KqNRMcQ.exe
  C:\Windows\System\KqNRMcQ.exe
  2⤵
  PID:8488
- C:\Windows\System\aJnWity.exe
  C:\Windows\System\aJnWity.exe
  2⤵
  PID:8504
- C:\Windows\System\CuRoEPC.exe
  C:\Windows\System\CuRoEPC.exe
  2⤵
  PID:8520
- C:\Windows\System\REaZTbn.exe
  C:\Windows\System\REaZTbn.exe
  2⤵
  PID:8536
- C:\Windows\System\diethxj.exe
  C:\Windows\System\diethxj.exe
  2⤵
  PID:8552
- C:\Windows\System\glWJTLr.exe
  C:\Windows\System\glWJTLr.exe
  2⤵
  PID:8568
- C:\Windows\System\vDMjQQn.exe
  C:\Windows\System\vDMjQQn.exe
  2⤵
  PID:8584
- C:\Windows\System\aZMPhhA.exe
  C:\Windows\System\aZMPhhA.exe
  2⤵
  PID:8600
- C:\Windows\System\ncuRRio.exe
  C:\Windows\System\ncuRRio.exe
  2⤵
  PID:8620
- C:\Windows\System\VCghMRr.exe
  C:\Windows\System\VCghMRr.exe
  2⤵
  PID:8640
- C:\Windows\System\LXpMrAx.exe
  C:\Windows\System\LXpMrAx.exe
  2⤵
  PID:8708
- C:\Windows\System\ezqOtwQ.exe
  C:\Windows\System\ezqOtwQ.exe
  2⤵
  PID:8724
- C:\Windows\System\oTqrRuZ.exe
  C:\Windows\System\oTqrRuZ.exe
  2⤵
  PID:8740
- C:\Windows\System\GzeAgWu.exe
  C:\Windows\System\GzeAgWu.exe
  2⤵
  PID:8756
- C:\Windows\System\JcDOXFj.exe
  C:\Windows\System\JcDOXFj.exe
  2⤵
  PID:8772
- C:\Windows\System\URNMvXp.exe
  C:\Windows\System\URNMvXp.exe
  2⤵
  PID:8788
- C:\Windows\System\hyMlrND.exe
  C:\Windows\System\hyMlrND.exe
  2⤵
  PID:8804
- C:\Windows\System\VVqMLpa.exe
  C:\Windows\System\VVqMLpa.exe
  2⤵
  PID:8820
- C:\Windows\System\dvbeFip.exe
  C:\Windows\System\dvbeFip.exe
  2⤵
  PID:8836
- C:\Windows\System\TafGWLp.exe
  C:\Windows\System\TafGWLp.exe
  2⤵
  PID:8852
- C:\Windows\System\qtBaLxH.exe
  C:\Windows\System\qtBaLxH.exe
  2⤵
  PID:8868
- C:\Windows\System\vGFqRGs.exe
  C:\Windows\System\vGFqRGs.exe
  2⤵
  PID:8884
- C:\Windows\System\IanCngl.exe
  C:\Windows\System\IanCngl.exe
  2⤵
  PID:8900
- C:\Windows\System\qdJxFAy.exe
  C:\Windows\System\qdJxFAy.exe
  2⤵
  PID:8916
- C:\Windows\System\jqNmNYy.exe
  C:\Windows\System\jqNmNYy.exe
  2⤵
  PID:8932
- C:\Windows\System\pKSqksW.exe
  C:\Windows\System\pKSqksW.exe
  2⤵
  PID:8948
- C:\Windows\System\FRbuKJz.exe
  C:\Windows\System\FRbuKJz.exe
  2⤵
  PID:8964
- C:\Windows\System\QqCPrZr.exe
  C:\Windows\System\QqCPrZr.exe
  2⤵
  PID:8980
- C:\Windows\System\BzoSJka.exe
  C:\Windows\System\BzoSJka.exe
  2⤵
  PID:8996
- C:\Windows\System\JqmuvZB.exe
  C:\Windows\System\JqmuvZB.exe
  2⤵
  PID:9012
- C:\Windows\System\BbNlRjE.exe
  C:\Windows\System\BbNlRjE.exe
  2⤵
  PID:9028
- C:\Windows\System\ZNGCpiq.exe
  C:\Windows\System\ZNGCpiq.exe
  2⤵
  PID:9044
- C:\Windows\System\CzUcfCM.exe
  C:\Windows\System\CzUcfCM.exe
  2⤵
  PID:9060
- C:\Windows\System\JIvzewH.exe
  C:\Windows\System\JIvzewH.exe
  2⤵
  PID:9076
- C:\Windows\System\PsqtOsA.exe
  C:\Windows\System\PsqtOsA.exe
  2⤵
  PID:9092
- C:\Windows\System\TeaaXik.exe
  C:\Windows\System\TeaaXik.exe
  2⤵
  PID:9108
- C:\Windows\System\PCTuCEx.exe
  C:\Windows\System\PCTuCEx.exe
  2⤵
  PID:9124
- C:\Windows\System\JBmbtFx.exe
  C:\Windows\System\JBmbtFx.exe
  2⤵
  PID:9140
- C:\Windows\System\qjQHynW.exe
  C:\Windows\System\qjQHynW.exe
  2⤵
  PID:9156
- C:\Windows\System\PbBQpUt.exe
  C:\Windows\System\PbBQpUt.exe
  2⤵
  PID:9172
- C:\Windows\System\bxiDePv.exe
  C:\Windows\System\bxiDePv.exe
  2⤵
  PID:9188
- C:\Windows\System\aLkkiIr.exe
  C:\Windows\System\aLkkiIr.exe
  2⤵
  PID:9204
- C:\Windows\System\vPEEfoH.exe
  C:\Windows\System\vPEEfoH.exe
  2⤵
  PID:8212
- C:\Windows\System\OXRqJNs.exe
  C:\Windows\System\OXRqJNs.exe
  2⤵
  PID:7500
- C:\Windows\System\RquVcpC.exe
  C:\Windows\System\RquVcpC.exe
  2⤵
  PID:7660
- C:\Windows\System\EykTRbZ.exe
  C:\Windows\System\EykTRbZ.exe
  2⤵
  PID:7776
- C:\Windows\System\hFMxnBC.exe
  C:\Windows\System\hFMxnBC.exe
  2⤵
  PID:7428
- C:\Windows\System\sYkvyEO.exe
  C:\Windows\System\sYkvyEO.exe
  2⤵
  PID:8040
- C:\Windows\System\FZnRWdI.exe
  C:\Windows\System\FZnRWdI.exe
  2⤵
  PID:7792
- C:\Windows\System\jIiOeTQ.exe
  C:\Windows\System\jIiOeTQ.exe
  2⤵
  PID:8228
- C:\Windows\System\tmHslhI.exe
  C:\Windows\System\tmHslhI.exe
  2⤵
  PID:8248
- C:\Windows\System\RqVAFWR.exe
  C:\Windows\System\RqVAFWR.exe
  2⤵
  PID:2300
- C:\Windows\System\oDWytNQ.exe
  C:\Windows\System\oDWytNQ.exe
  2⤵
  PID:8272
- C:\Windows\System\QRANWZH.exe
  C:\Windows\System\QRANWZH.exe
  2⤵
  PID:8304
- C:\Windows\System\ixUcTJf.exe
  C:\Windows\System\ixUcTJf.exe
  2⤵
  PID:8336
- C:\Windows\System\UegmDsk.exe
  C:\Windows\System\UegmDsk.exe
  2⤵
  PID:8364
- C:\Windows\System\NSLxYrc.exe
  C:\Windows\System\NSLxYrc.exe
  2⤵
  PID:8384
- C:\Windows\System\UNtvTuS.exe
  C:\Windows\System\UNtvTuS.exe
  2⤵
  PID:8400
- C:\Windows\System\ZhUTKSg.exe
  C:\Windows\System\ZhUTKSg.exe
  2⤵
  PID:8448
- C:\Windows\System\RgCPbNk.exe
  C:\Windows\System\RgCPbNk.exe
  2⤵
  PID:8428
- C:\Windows\System\pcARzni.exe
  C:\Windows\System\pcARzni.exe
  2⤵
  PID:8496
- C:\Windows\System\FiQFMtY.exe
  C:\Windows\System\FiQFMtY.exe
  2⤵
  PID:8532
- C:\Windows\System\XZYkbxm.exe
  C:\Windows\System\XZYkbxm.exe
  2⤵
  PID:8580
- C:\Windows\System\OAbOYOW.exe
  C:\Windows\System\OAbOYOW.exe
  2⤵
  PID:8596
- C:\Windows\System\zvEPXzD.exe
  C:\Windows\System\zvEPXzD.exe
  2⤵
  PID:8616
- C:\Windows\System\glNYBOI.exe
  C:\Windows\System\glNYBOI.exe
  2⤵
  PID:8648
- C:\Windows\System\UqJryIU.exe
  C:\Windows\System\UqJryIU.exe
  2⤵
  PID:8664
- C:\Windows\System\TXVTgtv.exe
  C:\Windows\System\TXVTgtv.exe
  2⤵
  PID:8684
- C:\Windows\System\xxWHUpQ.exe
  C:\Windows\System\xxWHUpQ.exe
  2⤵
  PID:8816
- C:\Windows\System\roSIzjB.exe
  C:\Windows\System\roSIzjB.exe
  2⤵
  PID:7416
- C:\Windows\System\tNaKrJG.exe
  C:\Windows\System\tNaKrJG.exe
  2⤵
  PID:8268
- C:\Windows\System\aeKjfQG.exe
  C:\Windows\System\aeKjfQG.exe
  2⤵
  PID:9040
- C:\Windows\System\RBfdYQW.exe
  C:\Windows\System\RBfdYQW.exe
  2⤵
  PID:9136
- C:\Windows\System\nJaYzDR.exe
  C:\Windows\System\nJaYzDR.exe
  2⤵
  PID:8332
- C:\Windows\System\uxhomCt.exe
  C:\Windows\System\uxhomCt.exe
  2⤵
  PID:8220
- C:\Windows\System\XKoFIkd.exe
  C:\Windows\System\XKoFIkd.exe
  2⤵
  PID:8656
- C:\Windows\System\XlczRzN.exe
  C:\Windows\System\XlczRzN.exe
  2⤵
  PID:8464
- C:\Windows\System\JhnzTPH.exe
  C:\Windows\System\JhnzTPH.exe
  2⤵
  PID:8300
- C:\Windows\System\BjvuqBl.exe
  C:\Windows\System\BjvuqBl.exe
  2⤵
  PID:8348
- C:\Windows\System\sCiXMFg.exe
  C:\Windows\System\sCiXMFg.exe
  2⤵
  PID:8516
- C:\Windows\System\gGcgTFu.exe
  C:\Windows\System\gGcgTFu.exe
  2⤵
  PID:8564
- C:\Windows\System\UNAvxjl.exe
  C:\Windows\System\UNAvxjl.exe
  2⤵
  PID:8608
- C:\Windows\System\bSwlByX.exe
  C:\Windows\System\bSwlByX.exe
  2⤵
  PID:8636
- C:\Windows\System\yKRbrbS.exe
  C:\Windows\System\yKRbrbS.exe
  2⤵
  PID:2284
- C:\Windows\System\GazIAdS.exe
  C:\Windows\System\GazIAdS.exe
  2⤵
  PID:8732
- C:\Windows\System\ZgBNZOp.exe
  C:\Windows\System\ZgBNZOp.exe
  2⤵
  PID:8796
- C:\Windows\System\OZzHYuk.exe
  C:\Windows\System\OZzHYuk.exe
  2⤵
  PID:8832
- C:\Windows\System\vGGHPPS.exe
  C:\Windows\System\vGGHPPS.exe
  2⤵
  PID:8892
- C:\Windows\System\EoATvrs.exe
  C:\Windows\System\EoATvrs.exe
  2⤵
  PID:8784
- C:\Windows\System\SOFDfnj.exe
  C:\Windows\System\SOFDfnj.exe
  2⤵
  PID:8848
- C:\Windows\System\LJIRaIP.exe
  C:\Windows\System\LJIRaIP.exe
  2⤵
  PID:8944
- C:\Windows\System\UeDwcWY.exe
  C:\Windows\System\UeDwcWY.exe
  2⤵
  PID:8992
- C:\Windows\System\RpxDdyd.exe
  C:\Windows\System\RpxDdyd.exe
  2⤵
  PID:9084
- C:\Windows\System\NJBXBLi.exe
  C:\Windows\System\NJBXBLi.exe
  2⤵
  PID:9148
- C:\Windows\System\PubeCjG.exe
  C:\Windows\System\PubeCjG.exe
  2⤵
  PID:7488
- C:\Windows\System\pNVOlsm.exe
  C:\Windows\System\pNVOlsm.exe
  2⤵
  PID:9004
- C:\Windows\System\CpLqagY.exe
  C:\Windows\System\CpLqagY.exe
  2⤵
  PID:9100
- C:\Windows\System\HaOFzAq.exe
  C:\Windows\System\HaOFzAq.exe
  2⤵
  PID:8460
- C:\Windows\System\hDTydUY.exe
  C:\Windows\System\hDTydUY.exe
  2⤵
  PID:8860
- C:\Windows\System\dOoQRON.exe
  C:\Windows\System\dOoQRON.exe
  2⤵
  PID:8956
- C:\Windows\System\qpCTklL.exe
  C:\Windows\System\qpCTklL.exe
  2⤵
  PID:8880
- C:\Windows\System\oBSpNHL.exe
  C:\Windows\System\oBSpNHL.exe
  2⤵
  PID:9212
- C:\Windows\System\iYIkQcP.exe
  C:\Windows\System\iYIkQcP.exe
  2⤵
  PID:8976
- C:\Windows\System\cifBliC.exe
  C:\Windows\System\cifBliC.exe
  2⤵
  PID:8812
- C:\Windows\System\CZxgcWY.exe
  C:\Windows\System\CZxgcWY.exe
  2⤵
  PID:7296
- C:\Windows\System\ezZGQft.exe
  C:\Windows\System\ezZGQft.exe
  2⤵
  PID:8256
- C:\Windows\System\ZascGHA.exe
  C:\Windows\System\ZascGHA.exe
  2⤵
  PID:7712
- C:\Windows\System\oqWaPpQ.exe
  C:\Windows\System\oqWaPpQ.exe
  2⤵
  PID:9200
- C:\Windows\System\VGhSSxR.exe
  C:\Windows\System\VGhSSxR.exe
  2⤵
  PID:8688
- C:\Windows\System\xEvEbcE.exe
  C:\Windows\System\xEvEbcE.exe
  2⤵
  PID:9036
- C:\Windows\System\YdxFcSp.exe
  C:\Windows\System\YdxFcSp.exe
  2⤵
  PID:9168
- C:\Windows\System\KRzBrOs.exe
  C:\Windows\System\KRzBrOs.exe
  2⤵
  PID:8500
- C:\Windows\System\ETfUier.exe
  C:\Windows\System\ETfUier.exe
  2⤵
  PID:8876
- C:\Windows\System\nnOauAC.exe
  C:\Windows\System\nnOauAC.exe
  2⤵
  PID:8764
- C:\Windows\System\vHtkOIw.exe
  C:\Windows\System\vHtkOIw.exe
  2⤵
  PID:8352
- C:\Windows\System\PwOMTcr.exe
  C:\Windows\System\PwOMTcr.exe
  2⤵
  PID:9184
- C:\Windows\System\aesbGli.exe
  C:\Windows\System\aesbGli.exe
  2⤵
  PID:8752
- C:\Windows\System\eUVUzDp.exe
  C:\Windows\System\eUVUzDp.exe
  2⤵
  PID:9008
- C:\Windows\System\SnLzvjx.exe
  C:\Windows\System\SnLzvjx.exe
  2⤵
  PID:8700
- C:\Windows\System\Wlzpare.exe
  C:\Windows\System\Wlzpare.exe
  2⤵
  PID:8924
- C:\Windows\System\MfcUEqm.exe
  C:\Windows\System\MfcUEqm.exe
  2⤵
  PID:8224
- C:\Windows\System\HdLHlDf.exe
  C:\Windows\System\HdLHlDf.exe
  2⤵
  PID:9232
- C:\Windows\System\SBUlJPX.exe
  C:\Windows\System\SBUlJPX.exe
  2⤵
  PID:9252
- C:\Windows\System\fXUuPCg.exe
  C:\Windows\System\fXUuPCg.exe
  2⤵
  PID:9276
- C:\Windows\System\acPnREX.exe
  C:\Windows\System\acPnREX.exe
  2⤵
  PID:9292
- C:\Windows\System\WwJgAXI.exe
  C:\Windows\System\WwJgAXI.exe
  2⤵
  PID:9332
- C:\Windows\System\xJqdpfI.exe
  C:\Windows\System\xJqdpfI.exe
  2⤵
  PID:9348
- C:\Windows\System\VVNNMcO.exe
  C:\Windows\System\VVNNMcO.exe
  2⤵
  PID:9368
- C:\Windows\System\TinNyXQ.exe
  C:\Windows\System\TinNyXQ.exe
  2⤵
  PID:9384
- C:\Windows\System\bSqbrpN.exe
  C:\Windows\System\bSqbrpN.exe
  2⤵
  PID:9400
- C:\Windows\System\fvXVTvG.exe
  C:\Windows\System\fvXVTvG.exe
  2⤵
  PID:9420
- C:\Windows\System\dUzRXnZ.exe
  C:\Windows\System\dUzRXnZ.exe
  2⤵
  PID:9440
- C:\Windows\System\mkMmtjK.exe
  C:\Windows\System\mkMmtjK.exe
  2⤵
  PID:9460
- C:\Windows\System\uBFmbSx.exe
  C:\Windows\System\uBFmbSx.exe
  2⤵
  PID:9480
- C:\Windows\System\XJNYEyq.exe
  C:\Windows\System\XJNYEyq.exe
  2⤵
  PID:9496
- C:\Windows\System\cLGFYBl.exe
  C:\Windows\System\cLGFYBl.exe
  2⤵
  PID:9512
- C:\Windows\System\eZADwjO.exe
  C:\Windows\System\eZADwjO.exe
  2⤵
  PID:9556
- C:\Windows\System\XpLVBDv.exe
  C:\Windows\System\XpLVBDv.exe
  2⤵
  PID:9572
- C:\Windows\System\YcULUWC.exe
  C:\Windows\System\YcULUWC.exe
  2⤵
  PID:9588
- C:\Windows\System\bziLVkE.exe
  C:\Windows\System\bziLVkE.exe
  2⤵
  PID:9604
- C:\Windows\System\vvpBBzW.exe
  C:\Windows\System\vvpBBzW.exe
  2⤵
  PID:9636
- C:\Windows\System\YKsdLBt.exe
  C:\Windows\System\YKsdLBt.exe
  2⤵
  PID:9652
- C:\Windows\System\ccUaTZl.exe
  C:\Windows\System\ccUaTZl.exe
  2⤵
  PID:9668
- C:\Windows\System\GUNUVZH.exe
  C:\Windows\System\GUNUVZH.exe
  2⤵
  PID:9684
- C:\Windows\System\rBkWcda.exe
  C:\Windows\System\rBkWcda.exe
  2⤵
  PID:9700
- C:\Windows\System\IWUXrDx.exe
  C:\Windows\System\IWUXrDx.exe
  2⤵
  PID:9720
- C:\Windows\System\VhPZgQZ.exe
  C:\Windows\System\VhPZgQZ.exe
  2⤵
  PID:9740
- C:\Windows\System\kmywJDN.exe
  C:\Windows\System\kmywJDN.exe
  2⤵
  PID:9760
- C:\Windows\System\sREIoLh.exe
  C:\Windows\System\sREIoLh.exe
  2⤵
  PID:9784
- C:\Windows\System\ntmpvOB.exe
  C:\Windows\System\ntmpvOB.exe
  2⤵
  PID:9820
- C:\Windows\System\Mqgcfpl.exe
  C:\Windows\System\Mqgcfpl.exe
  2⤵
  PID:9836
- C:\Windows\System\WrKDgez.exe
  C:\Windows\System\WrKDgez.exe
  2⤵
  PID:9856
- C:\Windows\System\ZAnQpDB.exe
  C:\Windows\System\ZAnQpDB.exe
  2⤵
  PID:9872
- C:\Windows\System\XfGmyNs.exe
  C:\Windows\System\XfGmyNs.exe
  2⤵
  PID:9888
- C:\Windows\System\mpTChqi.exe
  C:\Windows\System\mpTChqi.exe
  2⤵
  PID:9908
- C:\Windows\System\sovwffz.exe
  C:\Windows\System\sovwffz.exe
  2⤵
  PID:9924
- C:\Windows\System\uoFyFnQ.exe
  C:\Windows\System\uoFyFnQ.exe
  2⤵
  PID:9944
- C:\Windows\System\XSUkjqJ.exe
  C:\Windows\System\XSUkjqJ.exe
  2⤵
  PID:9960
- C:\Windows\System\NPdvgHh.exe
  C:\Windows\System\NPdvgHh.exe
  2⤵
  PID:9976
- C:\Windows\System\fOvLwsG.exe
  C:\Windows\System\fOvLwsG.exe
  2⤵
  PID:9996
- C:\Windows\System\dWSzGGG.exe
  C:\Windows\System\dWSzGGG.exe
  2⤵
  PID:10016
- C:\Windows\System\LFIZeDZ.exe
  C:\Windows\System\LFIZeDZ.exe
  2⤵
  PID:10032
- C:\Windows\System\tSJkoLd.exe
  C:\Windows\System\tSJkoLd.exe
  2⤵
  PID:10060
- C:\Windows\System\udTGgGc.exe
  C:\Windows\System\udTGgGc.exe
  2⤵
  PID:10080
- C:\Windows\System\CFvxtsV.exe
  C:\Windows\System\CFvxtsV.exe
  2⤵
  PID:10096
- C:\Windows\System\uYBTmVQ.exe
  C:\Windows\System\uYBTmVQ.exe
  2⤵
  PID:10144
- C:\Windows\System\FUBojyD.exe
  C:\Windows\System\FUBojyD.exe
  2⤵
  PID:10160
- C:\Windows\System\GxkwsLL.exe
  C:\Windows\System\GxkwsLL.exe
  2⤵
  PID:10176
- C:\Windows\System\tUccKRk.exe
  C:\Windows\System\tUccKRk.exe
  2⤵
  PID:10192
- C:\Windows\System\UDQJNYf.exe
  C:\Windows\System\UDQJNYf.exe
  2⤵
  PID:10216
- C:\Windows\System\lVyxUUk.exe
  C:\Windows\System\lVyxUUk.exe
  2⤵
  PID:10232
- C:\Windows\System\CTSumZS.exe
  C:\Windows\System\CTSumZS.exe
  2⤵
  PID:9240
- C:\Windows\System\JkbcTgU.exe
  C:\Windows\System\JkbcTgU.exe
  2⤵
  PID:8240
- C:\Windows\System\akGMJCq.exe
  C:\Windows\System\akGMJCq.exe
  2⤵
  PID:888
- C:\Windows\System\nMGRRla.exe
  C:\Windows\System\nMGRRla.exe
  2⤵
  PID:9284
- C:\Windows\System\GfRpPgv.exe
  C:\Windows\System\GfRpPgv.exe
  2⤵
  PID:8484
- C:\Windows\System\CjPWLFN.exe
  C:\Windows\System\CjPWLFN.exe
  2⤵
  PID:9324
- C:\Windows\System\PSzjhnf.exe
  C:\Windows\System\PSzjhnf.exe
  2⤵
  PID:9356
- C:\Windows\System\qseVjxZ.exe
  C:\Windows\System\qseVjxZ.exe
  2⤵
  PID:9416
- C:\Windows\System\lAkBJfQ.exe
  C:\Windows\System\lAkBJfQ.exe
  2⤵
  PID:9432
- C:\Windows\System\elYGihd.exe
  C:\Windows\System\elYGihd.exe
  2⤵
  PID:9364
- C:\Windows\System\XSKzmRu.exe
  C:\Windows\System\XSKzmRu.exe
  2⤵
  PID:9524
- C:\Windows\System\NIilMWF.exe
  C:\Windows\System\NIilMWF.exe
  2⤵
  PID:9520
- C:\Windows\System\ahjVxkd.exe
  C:\Windows\System\ahjVxkd.exe
  2⤵
  PID:9548
- C:\Windows\System\ynhvViO.exe
  C:\Windows\System\ynhvViO.exe
  2⤵
  PID:9568
- C:\Windows\System\nHLBICd.exe
  C:\Windows\System\nHLBICd.exe
  2⤵
  PID:9600
- C:\Windows\System\wuiIEGv.exe
  C:\Windows\System\wuiIEGv.exe
  2⤵
  PID:9436
- C:\Windows\System\IhLsEIO.exe
  C:\Windows\System\IhLsEIO.exe
  2⤵
  PID:9660
- C:\Windows\System\MSYLaYM.exe
  C:\Windows\System\MSYLaYM.exe
  2⤵
  PID:9696
- C:\Windows\System\atqalSy.exe
  C:\Windows\System\atqalSy.exe
  2⤵
  PID:9716
- C:\Windows\System\DDUVviF.exe
  C:\Windows\System\DDUVviF.exe
  2⤵
  PID:9796
- C:\Windows\System\hKyVSRm.exe
  C:\Windows\System\hKyVSRm.exe
  2⤵
  PID:9772
- C:\Windows\System\ikimnYv.exe
  C:\Windows\System\ikimnYv.exe
  2⤵
  PID:9812
- C:\Windows\System\DMpwkrH.exe
  C:\Windows\System\DMpwkrH.exe
  2⤵
  PID:9852
- C:\Windows\System\LQzHjtw.exe
  C:\Windows\System\LQzHjtw.exe
  2⤵
  PID:9920
- C:\Windows\System\ZsqCKVh.exe
  C:\Windows\System\ZsqCKVh.exe
  2⤵
  PID:10008
- C:\Windows\System\YkUIecI.exe
  C:\Windows\System\YkUIecI.exe
  2⤵
  PID:9956
- C:\Windows\System\oNdIhPb.exe
  C:\Windows\System\oNdIhPb.exe
  2⤵
  PID:10040
- C:\Windows\System\YBInRgN.exe
  C:\Windows\System\YBInRgN.exe
  2⤵
  PID:10088
- C:\Windows\System\eFgVdWv.exe
  C:\Windows\System\eFgVdWv.exe
  2⤵
  PID:10104
- C:\Windows\System\WzCqtXJ.exe
  C:\Windows\System\WzCqtXJ.exe
  2⤵
  PID:10128
- C:\Windows\System\btxjtip.exe
  C:\Windows\System\btxjtip.exe
  2⤵
  PID:10152
- C:\Windows\System\CQpuFIu.exe
  C:\Windows\System\CQpuFIu.exe
  2⤵
  PID:10224
- C:\Windows\System\ikNNqVp.exe
  C:\Windows\System\ikNNqVp.exe
  2⤵
  PID:10204
- C:\Windows\System\EnLAYZg.exe
  C:\Windows\System\EnLAYZg.exe
  2⤵
  PID:9248
- C:\Windows\System\ialvUPe.exe
  C:\Windows\System\ialvUPe.exe
  2⤵
  PID:9056
- C:\Windows\System\GQxJRuM.exe
  C:\Windows\System\GQxJRuM.exe
  2⤵
  PID:9228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CeTLRlj.exe

Filesize
2.1MB

MD5
2d3171785e9e97f1beeab694d58b395a

SHA1
8af38772c69d8b9ed3aaa0b95ecc897376b8f016

SHA256
205899b138c63341ff61c3dd0b289fb7cc8131d9954fc384d837ed42e0d5d684

SHA512
a572e2ba939f7e9c09c182391ca8b4bd8327430d91611b98fc18569064f3369bf13bb7382b71de34f037ef7b286a3e9badb4e28f8614b0c92bbd415291892c18

Download Submit
C:\Windows\system\IVReGpk.exe

Filesize
2.1MB

MD5
90d6b8444b509be72fddb158d8ea29cf

SHA1
f4910b00af61a211e476d030d05eb660efd999e3

SHA256
9bf8a555b628d93217fc9a8f1d80755dd4c9d3e0170037eef5b1035bbac5484c

SHA512
3ff25b04d677c0f8ea173614517a793b5ef59b39e538d4e34aa102f62772924e50b834f05b5ed86ce206b9dd87e61c7f3609995b8a34ba7bfa330c42123375c0

Download Submit
C:\Windows\system\LAHRMba.exe

Filesize
2.1MB

MD5
0cd5c95945615691ce0ab5071c204e0f

SHA1
c7499eeb91b1f9fb20f8ce815e2085c7ee2478cd

SHA256
0df6989a97de99e749a005d1b67d04e14c477f78c91ba794699dc016c2204ae9

SHA512
0db4431933ec617409458d7789f0fbed2e9b883b479f40dad96d830636cea88b6fd9e331ba57177d126affcddcec9a72e93c515e7370f0fe277039b8e8c3ea09

Download Submit
C:\Windows\system\PcFFniX.exe

Filesize
2.1MB

MD5
9adf509b269ed5263330988991f9ef26

SHA1
d381fde31de01b9c786f1ee78b16886f9c0ba026

SHA256
eaf9e38fe380960bce2419d32563a8494eeae9e0a83fd5ce868d899848959cbc

SHA512
547143436052e218e1c78cadcd2a857a803d08b194c240651749dc377094dad0c02ff39642c986ff1e1e5272f5c3928390117d43457224c622c4301cdfe2febe

Download Submit
C:\Windows\system\QXUZePA.exe

Filesize
2.1MB

MD5
5a5586691f8078decb48b78f0dd4e8a6

SHA1
3224c0f6e759adad3dff8d2c4e658f736d4ffafe

SHA256
ec48c7d96816d10d4f3fb5400d518c310b24b2a6fd521ea31102171f037a8ce5

SHA512
e34f0a0a818234a4ca38649e93278f14df9644b4632dea9bd09aad65c3e38968e9d369d4d7656a16c9a9420f21a13503427dd26cff3746f22a0697f2a8b31fd2

Download Submit
C:\Windows\system\RNMEkpM.exe

Filesize
2.1MB

MD5
c0dec1282598e15b6ae0f3b288c0cf66

SHA1
cd25dea21f2645a9cc7af947391976b3dea2b064

SHA256
8944bb5693763500c1d0474fa4d0fc2562eb760f4bd01d0991accf6f7c09eb75

SHA512
5bd18bd975103e6a26810218bd7e57fa748bd03c9b83066eb1164c4eafa410214d986ddd7186ffa2183fe2ea29a391b0be622573566106276d6cdd533b4b3c32

Download Submit
C:\Windows\system\SyGDRMh.exe

Filesize
2.1MB

MD5
654b40dfe0231c5a3d0107e7f89056fd

SHA1
86e75bc2c33eb92acd2ec5f4954eaedc6068be8d

SHA256
142fe88c45f7647bea6be3c9f834dfff803e6e8a5db3599253fb1ee72a8c79d3

SHA512
f3a5c59dd24c017827d417df4486a5bdb628d5dffcfc923df96c329807a0b310e881051bb4c5ecef85a576fe0bd093f38cbe223b63d513accda187546538b211

Download Submit
C:\Windows\system\YnoyERe.exe

Filesize
2.1MB

MD5
2ee8cbeaf49291957ed7b4c94be5877c

SHA1
ba66e2da4bdb82be706e7a7a5b9ff428e54a4d9d

SHA256
a57d1a6fd5e388645396495f6744c96c532013a27361dae75fd5ee8c92093fce

SHA512
9333c96f8412fd31cb31c0cd3e26ddc8d060c04529cd22f985b24832c56df9074508238a60907b2927c7ad80b4e865ab42e19f6b38ebb05a48a3531ad87211b5

Download Submit
C:\Windows\system\YrtZPzB.exe

Filesize
2.1MB

MD5
7c1e205e5fbe1fdaa719c98b31f09726

SHA1
b0b93963b069948db59203caab2459efc2fb2080

SHA256
748442241e16c844bdcfbf0fa8bc6b270374ca647d318fc1ad8381339301021a

SHA512
9f9fa105c90610c3edee910bcc8284b2cd180afb5742fbf38ae1d5a5119ba72f19218c6acb3bd7629d743cf47244eb140c4161727447db54ee96f581246b878a

Download Submit
C:\Windows\system\bBBxXKQ.exe

Filesize
2.1MB

MD5
b855ac8ba15a4659f79f94aa07a7283f

SHA1
633f510c8958aa9e1cea7744dc800628880abe28

SHA256
878aadc4f4e448ad357482d33c79c69ed468f80146396daf160ca8cb6d506f54

SHA512
b0a802bb64091052ebf5a4c8e4e703d337cdcb4c8424ce7f4050039ea7630392d9df3394881de1211d1a6d6fd703ee851d065b1dabb3719c79d098e5b0a56c1e

Download Submit
C:\Windows\system\bqZkyKx.exe

Filesize
2.1MB

MD5
a272c8119471aee4e3359809782b8112

SHA1
164073631a99f1e0c54c0e869d571fda978f60ce

SHA256
c31051672f26f98caf0c51fef603ec646b39f67a0814b8e5f8dcd61d80ae54f2

SHA512
cd92cd849a585be15e0f04234284192e55b51ce3e47cc1bcf4e6af6318fa22aaaac7b198c828d072f97f6ecf153e0185338dbba1522d141737de3cfb597d1f6c

Download Submit
C:\Windows\system\bzOxpFq.exe

Filesize
2.1MB

MD5
8a7c57e0a97448e6d67b1891ce36e8d1

SHA1
a102b39cd0fdc4b0c747b3b52e3a42ff8e7e2863

SHA256
5dc6a1923f4c52cec4a16478be82087d4bc424e473bbde644f67761095cb0acb

SHA512
f3d993933b57f2dbedc20ee64205d9da152a0758147130c7ce5148d26ef65ded6bd4aad7e035188373c861e68e15dae44cafcc35993216d749328e33d7ade938

Download Submit
C:\Windows\system\cugHfxx.exe

Filesize
2.1MB

MD5
89a7a01ca12459675be7d5fce6869de5

SHA1
4795421cbbf1193c3a08e013f5431ae4fc3d313b

SHA256
65d843f05d05249b8c0c726a3118960fd563405f1cc2a016370b4347ad0516d5

SHA512
ba6ce73725c583efd985f9e36026ddc36705afcf8934ddb3e6b2f192125caa3e0964b0b3dad704acd82f033f2aed28b62e0919e22ab5204526852b0e97df910b

Download Submit
C:\Windows\system\ezIsVmf.exe

Filesize
2.1MB

MD5
83df9548feaaaf3b6a9895d4e5ac7051

SHA1
78bf2203aa9d0e46928c24c8c1157fe9d81cb655

SHA256
f77d31ec17a850590e23a6435dfe9772a6589e9a2e090bcff0cef51fb84697fe

SHA512
a010d3a1742c00a0e1ab6ba0e82196aef7d9d7c60dd3a72bae45184cf4e67c89495248b48e32195ee718d5ac5764214b8b988614d9d3286c5c5bd3a5c2bcdd07

Download Submit
C:\Windows\system\hpohsPb.exe

Filesize
2.1MB

MD5
ad1e228d42dfbe5672342d12e30a4020

SHA1
37f2cb87df5e90af598c9f3bd3942039d8495dd9

SHA256
3c037cc015d351dbffda7cf1a4d404baf010ca61f0b3a32b0e15ee3b41720107

SHA512
37d3c8c9f742ea2f944bb38faeafc4d13c0cd39fd2d722281d067860a706032c7e792471051a786fefcbc1c831d7d2e4bc32e4b58920689755054635317f7df9

Download Submit
C:\Windows\system\oUuhRYo.exe

Filesize
2.1MB

MD5
88245b8c3f6c33df901724a558e45e54

SHA1
5e32d80a36e431e877fecb290bfb0453e458b12f

SHA256
5561c214f34442849554504937b890bda5d8402b5127c2dcd4157f4310b7c1a8

SHA512
d457e762bb345fb5acb86da14b3465dfa6295e1c0e4eba37c8b152c0c07aecd1ee059b2b0d9146ece89e72598cdf715e197c15b791d6fbbad9b90ae19586e25c

Download Submit
C:\Windows\system\owzhYGX.exe

Filesize
2.1MB

MD5
af772b5d9e6fb524624f57733b0ca0cf

SHA1
3bd00c01780560413a40c0a5a6b5153aec4aa962

SHA256
de5012391c39a0203554c2989ed957c3cff683d31dfa1d069a5189f16aaa87e9

SHA512
70ddb85684f1fea5ba8bdf8b715f2b4f24bae0bb7f990d3ce9be906d703c0c167f52679cc48e59e57107e2af1e7199a2f0cbeea1d556af4aea68751f550f610e

Download Submit
C:\Windows\system\pQDscUu.exe

Filesize
2.1MB

MD5
ef65637acc539aa46f54436c5d4af88c

SHA1
c17a61b10914b6760c271b1a585f0879c6f8eae2

SHA256
749b0e8adc9234be62975c2da1799f4ac29d39ced9acdb8d85c9997e32e1beee

SHA512
827dd255100fe8403f80a46a113992584c4b6f9c3b8deabae5fd0020c7d1ac99c1ed30ad94f07491c5c74da3bc0bda9fd98adba94c04de6d4d30abc5b6980381

Download Submit
C:\Windows\system\qXTSOKz.exe

Filesize
2.1MB

MD5
c13d008d7d06fb6af679432f3ee43308

SHA1
82ea013b30919e43b0274296b2c3518f9d5392bc

SHA256
0cd9a70081919fadf3d6b3d484347dc67443cad750725b54093445d6ecd21648

SHA512
0bc0d02dd379ecca35d452a29dffec66f0d9b54f6b54d8cb3c982bd0358f788451f892adbbafa946df2866fd4639fa2427ce1943b6ae7ea52c165c46aaecd7b4

Download Submit
C:\Windows\system\rqPVSGQ.exe

Filesize
2.1MB

MD5
3231b3d4967f158c52146d05dcb655e7

SHA1
ee6598b62d60eecbf8993fc9127acef2ada19b29

SHA256
bb10db1df76d51cc3afa676a9e96d0f64103b7848d802e244faa055673d555d0

SHA512
cf094bcecb69a3ee274c773594fee52cacaf107b24acaee76ea6f66bdcb91f3ad3a4203c16365714f04958d09922afd89bb402b9ffc6c471077500dfbe14552c

Download Submit
C:\Windows\system\sSlpGzu.exe

Filesize
2.1MB

MD5
5322828b895d062bd8f9341941019b75

SHA1
fa7a02d4c2127f6f29b09a3c93715c807b3a5627

SHA256
a7da06e5838f768729b5d0723268bc89dd783d5ff3c63a9d2cf7c193d6fad465

SHA512
d9d893784eb82d5a37a7c100e1e652ae2b4fa45b6e8aa258d51d34cedd6ef2e7bc81d9d67ebecef7a740370e610ab3374dabd11137c829e817e5c65f935a381f

Download Submit
C:\Windows\system\uJRNBcL.exe

Filesize
2.1MB

MD5
ba92cb2df32211393a6bb46c5482fd1a

SHA1
9772b7a6c1f27a452909c013c3dc1b87dc6f4d1b

SHA256
5b31014a0fb440498c19d22a5df2c44b312ce5f996dd989db9a8a3308a6095be

SHA512
d52f96e7e0233ee394034a09a2d40548d065ad4e1118d479414fffb443a2e9b47c6632e8a8f3e1cc4708caa775037c616a094d46bc02ed9bcddd017b25292b95

Download Submit
C:\Windows\system\ujnTDPg.exe

Filesize
2.1MB

MD5
781f3e7a94131f5b442d5e972f7b411c

SHA1
8e94175cadc3919b32f72952e6bb81016a919781

SHA256
0c930345e9ee97f6e71b7249f970578a37f1a5ac39c76e75fbbf904f7cb97aa1

SHA512
f5ad2afa5180974a5d0b07642937930c0d7d6a5bb92345e151cce8e19a791930882583e12acbb87b5ccd56575c434203493af2434a584a67ce62a95e7faa5e09

Download Submit
C:\Windows\system\vGiKDam.exe

Filesize
2.1MB

MD5
9894e2bf939d77a68cf3228606622aa5

SHA1
825a91945f0e04b27419a0834af549cb315cdc21

SHA256
9a8797e6a1d3e61e07ab158b098025208a672cad33ab4854cba7e387e65a5327

SHA512
867ebc7aef92f1de2570113a1606dcde0aea261005c2cf6892fc9d9c5de4fb7cef42b76be0bcc306709017b88928d53f46545805c2df2738e13691f3a71fb5fd

Download Submit
C:\Windows\system\xBSUsFY.exe

Filesize
2.1MB

MD5
31cc984e7864902b67d589b11fd593a6

SHA1
51189c41a79aea6848aa6f66018b3ede97a5744d

SHA256
932ead1a7cb23f097185dfe94b8b89a4d58129094202eb3d88d58a86ec128ef6

SHA512
32194999bc8e357208e9a770cd1988665b2fc919a352a3c652f3de2dae55a59e53ef8e106b5528f83cb93259ee91c0c1c02c47c789cac1d0ac33cc8879f1ceda

Download Submit
C:\Windows\system\xNaILVK.exe

Filesize
2.1MB

MD5
efcba61ab6f442bafc2f0b56f6d8c0ff

SHA1
dcc7bfb0f5d5b5af03a650069de58cb48598e4db

SHA256
c2d26dda51f8418088c0b470e960499b1fe163cbed6a6d7a9f030e13b629fb1d

SHA512
42baeac7dce9cf0f827f8c889f7182ca8dfe62b920b35bdeb20d90dcacd7718137bda8e26a714d2296bae43a4aadee24b4d56394f22eef329df7a83e390eb537

Download Submit
C:\Windows\system\ykrFdFx.exe

Filesize
2.1MB

MD5
a34c7f7fe5c73afdda77efc06705895f

SHA1
dcb9ec30ea47a917c5c7162de6cb0e4cdef982bb

SHA256
549ee2f4d4a27903a1dbae7404af13fec4f4c18ed8f9e327b4297ee42ceb01e8

SHA512
89ddd15412709cfca3d9623a9560a7c84f460c4d3d03b52ef77d6a641cd64ac543a1214e925073eaf6251e48c30fd2c6dc197901920b37f5331918641d89e54c

Download Submit
\Windows\system\CdsaTFM.exe

Filesize
2.1MB

MD5
750427d210495b7b714bb1d9780e5c9e

SHA1
dc15d277f55155d3720e95d615218ca5614cce32

SHA256
0a293f523bc3a29e05a2ac6306fecd46653d2275cd9490dcf6d5b0ad095ef0d6

SHA512
ad48ff10ea1a191f9f02e9e8b162187f370a9352679d43a500ef9d5cbfb1f651f2dab7038984aa7a21ead1abcf18fe2683a7a8f4cf23946d6a3307de046620e7

Download Submit
\Windows\system\FjkYYGP.exe

Filesize
2.1MB

MD5
204ba7f80efeab06f1a6cc0430698d7f

SHA1
3c06a00717d40c2ee1332b622404686fb258f50c

SHA256
c1ca4e7d66baf56ceadca9b1e20fec6388d0ce4547214dc004d6fd59e7065975

SHA512
0c36325a34dc254eeff53747b696b3dec1e67665609a4fe6dc7649b35c1a608448c3709185568cb9a575fc655b5e8e94361097e6bbb911cab702d0950e427fe3

Download Submit
\Windows\system\IdiEfCo.exe

Filesize
2.1MB

MD5
52ee7752e78cf48ae379f1e953e15eee

SHA1
2caab2df66111d624eae9c553d97994a75aea383

SHA256
4922fad297dcd23c6a3bc14b1ddb96f3680290586015dd9cd4719f6692f013a9

SHA512
af2646a35853f712c86b24f6dd398aa1ad904b0db3bd85a763abb35dd26ad9a11498c0ecd10ac902c8721cbe316eaf24935ddcf6cf1e278f5b00532a850db004

Download Submit
\Windows\system\RCJlyFA.exe

Filesize
2.1MB

MD5
f0f34272b23237cf97fc13f8bd168651

SHA1
0020cc0ef58d3d5cef58495c8fbecc233b1199e0

SHA256
bd1202e2170edca9dd73e6d791a2d7d2457d14732f289b8dc26aa2e0d962413a

SHA512
67e258ecd06a09eff73f249e38237a7ff6efaeef9de89910780a50f776d6568339433019990098a9a280efc605b7b529bd4a99ac4e1ab172934c0de537d2a669

Download Submit
\Windows\system\ydpvOod.exe

Filesize
2.1MB

MD5
2ff0d046cf4b258c12d013a63fb79401

SHA1
3592b1763efc9b82a98dd2d540a4826fc0e6deba

SHA256
61d94254cf39ed03980848bbdf7c3f8d2dc45361ea85928798098e8c3e1cec68

SHA512
eaa25bb28400ea2c815acb9a81dbd73735962da658babb4a52833df8dd19343cf72b7def33122ec32bf467966ca866149eecf3e53cfede3442731916c7d0da1a

Download Submit
memory/2016-4079-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2016-88-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2064-90-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2064-3822-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2064-101-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2064-2-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2064-123-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2064-3277-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2064-15-0x0000000002020000-0x0000000002374000-memory.dmp

Filesize
3.3MB

Download
memory/2064-1456-0x0000000002020000-0x0000000002374000-memory.dmp

Filesize
3.3MB

Download
memory/2064-0-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2064-9-0x0000000002020000-0x0000000002374000-memory.dmp

Filesize
3.3MB

Download
memory/2064-81-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2064-36-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2064-46-0x0000000002020000-0x0000000002374000-memory.dmp

Filesize
3.3MB

Download
memory/2064-69-0x0000000002020000-0x0000000002374000-memory.dmp

Filesize
3.3MB

Download
memory/2064-47-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2064-67-0x0000000002020000-0x0000000002374000-memory.dmp

Filesize
3.3MB

Download
memory/2064-48-0x0000000002020000-0x0000000002374000-memory.dmp

Filesize
3.3MB

Download
memory/2064-78-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2064-49-0x0000000002020000-0x0000000002374000-memory.dmp

Filesize
3.3MB

Download
memory/2064-29-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2064-86-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2196-105-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2196-4081-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2272-100-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2272-4080-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2432-4078-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2432-1457-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2432-71-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-4072-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-45-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-61-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2576-4075-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2600-4074-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2600-68-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2640-104-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2640-4071-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2640-44-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2656-4077-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2656-66-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2704-65-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2704-4073-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2856-4076-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-80-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-4068-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2888-89-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2888-8-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2920-24-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-4069-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2920-98-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-4070-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-99-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-40-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download