xmrig | f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 13:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
Size

1.7MB
MD5

15d3da1d76972bfbcbf5c19e5d475380
SHA1

a666c15e0d73241a00a9c19e085475889cb4deaa
SHA256

f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9
SHA512

3c671ddd281b177ca3095809480e0789403ea62bc7f7507c42f8e4121ac4b758bf48b198a2f7298f3bc322b8f3cae38184b83f4be933e8cf51af956a03b226b7
SSDEEP

24576:BezaTnG99Q8FcNrpyNdfE0bLBgDOp2iSLz9LbEwlKjpv32wT83PzKgAm0PyFLb/B:BezaTF8FcNkNdfE0pZ9ozt4wIXGvAFef

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

UPX dump on OEP (original entry point) 64 IoCs

resource	yara_rule
behavioral1/memory/1268-1-0x000000013FDF0000-0x0000000140144000-memory.dmp	UPX
behavioral1/files/0x000d00000001416a-3.dat	UPX
behavioral1/files/0x0007000000015d0c-26.dat	UPX
behavioral1/files/0x0009000000016c42-45.dat	UPX
behavioral1/files/0x0006000000016cb2-53.dat	UPX
behavioral1/memory/2568-61-0x000000013F470000-0x000000013F7C4000-memory.dmp	UPX
behavioral1/memory/2560-65-0x000000013F920000-0x000000013FC74000-memory.dmp	UPX
behavioral1/memory/2420-69-0x000000013F490000-0x000000013F7E4000-memory.dmp	UPX
behavioral1/memory/2436-68-0x000000013F120000-0x000000013F474000-memory.dmp	UPX
behavioral1/memory/2440-64-0x000000013F770000-0x000000013FAC4000-memory.dmp	UPX
behavioral1/memory/2624-63-0x000000013F7C0000-0x000000013FB14000-memory.dmp	UPX
behavioral1/memory/2576-62-0x000000013FDC0000-0x0000000140114000-memory.dmp	UPX
behavioral1/files/0x0006000000016c8c-58.dat	UPX
behavioral1/files/0x0007000000015d4c-55.dat	UPX
behavioral1/memory/2948-52-0x000000013FFE0000-0x0000000140334000-memory.dmp	UPX
behavioral1/files/0x0006000000016cf5-78.dat	UPX
behavioral1/memory/2836-80-0x000000013FAE0000-0x000000013FE34000-memory.dmp	UPX
behavioral1/files/0x0006000000016ce4-72.dat	UPX
behavioral1/memory/380-89-0x000000013FA90000-0x000000013FDE4000-memory.dmp	UPX
behavioral1/files/0x0006000000016d16-103.dat	UPX
behavioral1/memory/1268-102-0x000000013FDF0000-0x0000000140144000-memory.dmp	UPX
behavioral1/files/0x0006000000016d0e-99.dat	UPX
behavioral1/memory/1636-96-0x000000013F7F0000-0x000000013FB44000-memory.dmp	UPX
behavioral1/files/0x0006000000016cfd-87.dat	UPX
behavioral1/files/0x0006000000016d05-92.dat	UPX
behavioral1/memory/2464-75-0x000000013FAD0000-0x000000013FE24000-memory.dmp	UPX
behavioral1/files/0x0007000000015d24-48.dat	UPX
behavioral1/files/0x0007000000015d44-44.dat	UPX
behavioral1/files/0x0006000000016d1f-112.dat	UPX
behavioral1/files/0x0006000000016d3a-127.dat	UPX
behavioral1/files/0x0006000000016da4-135.dat	UPX
behavioral1/files/0x0006000000016fe8-147.dat	UPX
behavioral1/memory/2724-326-0x000000013F870000-0x000000013FBC4000-memory.dmp	UPX
behavioral1/files/0x00060000000175b8-171.dat	UPX
behavioral1/files/0x00060000000175b2-167.dat	UPX
behavioral1/files/0x00060000000175ac-163.dat	UPX
behavioral1/files/0x000600000001744c-159.dat	UPX
behavioral1/files/0x00060000000173e5-155.dat	UPX
behavioral1/files/0x000600000001739d-151.dat	UPX
behavioral1/files/0x0006000000016e78-143.dat	UPX
behavioral1/files/0x0006000000016db3-139.dat	UPX
behavioral1/files/0x0006000000016d9f-131.dat	UPX
behavioral1/files/0x0006000000016d36-123.dat	UPX
behavioral1/files/0x0006000000016d32-119.dat	UPX
behavioral1/files/0x0033000000015cbd-111.dat	UPX
behavioral1/files/0x0008000000015cf5-29.dat	UPX
behavioral1/memory/2724-25-0x000000013F870000-0x000000013FBC4000-memory.dmp	UPX
behavioral1/files/0x0033000000015cb0-14.dat	UPX
behavioral1/memory/2284-12-0x000000013F550000-0x000000013F8A4000-memory.dmp	UPX
behavioral1/memory/2464-2583-0x000000013FAD0000-0x000000013FE24000-memory.dmp	UPX
behavioral1/memory/2836-2836-0x000000013FAE0000-0x000000013FE34000-memory.dmp	UPX
behavioral1/memory/2284-4045-0x000000013F550000-0x000000013F8A4000-memory.dmp	UPX
behavioral1/memory/2560-4047-0x000000013F920000-0x000000013FC74000-memory.dmp	UPX
behavioral1/memory/2724-4046-0x000000013F870000-0x000000013FBC4000-memory.dmp	UPX
behavioral1/memory/2948-4048-0x000000013FFE0000-0x0000000140334000-memory.dmp	UPX
behavioral1/memory/2576-4050-0x000000013FDC0000-0x0000000140114000-memory.dmp	UPX
behavioral1/memory/2568-4049-0x000000013F470000-0x000000013F7C4000-memory.dmp	UPX
behavioral1/memory/2436-4051-0x000000013F120000-0x000000013F474000-memory.dmp	UPX
behavioral1/memory/2624-4052-0x000000013F7C0000-0x000000013FB14000-memory.dmp	UPX
behavioral1/memory/2420-4053-0x000000013F490000-0x000000013F7E4000-memory.dmp	UPX
behavioral1/memory/2440-4054-0x000000013F770000-0x000000013FAC4000-memory.dmp	UPX
behavioral1/memory/2836-4055-0x000000013FAE0000-0x000000013FE34000-memory.dmp	UPX
behavioral1/memory/380-4056-0x000000013FA90000-0x000000013FDE4000-memory.dmp	UPX
behavioral1/memory/2464-4057-0x000000013FAD0000-0x000000013FE24000-memory.dmp	UPX

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1268-1-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/files/0x000d00000001416a-3.dat	xmrig
behavioral1/files/0x0007000000015d0c-26.dat	xmrig
behavioral1/files/0x0009000000016c42-45.dat	xmrig
behavioral1/files/0x0006000000016cb2-53.dat	xmrig
behavioral1/memory/2568-61-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2560-65-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/2420-69-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2436-68-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/1268-66-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2440-64-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/2624-63-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2576-62-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/files/0x0006000000016c8c-58.dat	xmrig
behavioral1/files/0x0007000000015d4c-55.dat	xmrig
behavioral1/memory/2948-52-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/files/0x0006000000016cf5-78.dat	xmrig
behavioral1/memory/2836-80-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/files/0x0006000000016ce4-72.dat	xmrig
behavioral1/memory/380-89-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d16-103.dat	xmrig
behavioral1/memory/1268-102-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d0e-99.dat	xmrig
behavioral1/memory/1636-96-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/files/0x0006000000016cfd-87.dat	xmrig
behavioral1/files/0x0006000000016d05-92.dat	xmrig
behavioral1/memory/2464-75-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/files/0x0007000000015d24-48.dat	xmrig
behavioral1/files/0x0007000000015d44-44.dat	xmrig
behavioral1/memory/1268-39-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d1f-112.dat	xmrig
behavioral1/files/0x0006000000016d3a-127.dat	xmrig
behavioral1/files/0x0006000000016da4-135.dat	xmrig
behavioral1/files/0x0006000000016fe8-147.dat	xmrig
behavioral1/memory/2724-326-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/files/0x00060000000175b8-171.dat	xmrig
behavioral1/files/0x00060000000175b2-167.dat	xmrig
behavioral1/files/0x00060000000175ac-163.dat	xmrig
behavioral1/files/0x000600000001744c-159.dat	xmrig
behavioral1/files/0x00060000000173e5-155.dat	xmrig
behavioral1/files/0x000600000001739d-151.dat	xmrig
behavioral1/files/0x0006000000016e78-143.dat	xmrig
behavioral1/files/0x0006000000016db3-139.dat	xmrig
behavioral1/files/0x0006000000016d9f-131.dat	xmrig
behavioral1/files/0x0006000000016d36-123.dat	xmrig
behavioral1/files/0x0006000000016d32-119.dat	xmrig
behavioral1/files/0x0033000000015cbd-111.dat	xmrig
behavioral1/files/0x0008000000015cf5-29.dat	xmrig
behavioral1/memory/2724-25-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/files/0x0033000000015cb0-14.dat	xmrig
behavioral1/memory/2284-12-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/2464-2583-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/2836-2836-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/2284-4045-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/2560-4047-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/2724-4046-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2948-4048-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/2576-4050-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/2568-4049-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2436-4051-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/2624-4052-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2420-4053-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2440-4054-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/2836-4055-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2284	djREdEc.exe
2724	KPxpRCF.exe
2560	NHpkbit.exe
2948	WYriohr.exe
2568	XtRZqoY.exe
2576	aZTldEY.exe
2624	tavQWlV.exe
2436	nwCMxJw.exe
2420	IgTqPxh.exe
2440	PRvJvcR.exe
2464	qUkzjEG.exe
2836	dxwBuHk.exe
380	iBdGvwT.exe
1636	MRtyFgx.exe
1436	VygwdEQ.exe
2096	rkYaCeT.exe
896	XXnfqai.exe
1048	ZKRbhIg.exe
1984	ioNNojY.exe
1932	zbFTEHt.exe
2348	MyuuUbt.exe
1452	yrCaQeb.exe
1336	iZgqZTF.exe
2024	FyVyBss.exe
2928	bdgBlPl.exe
2036	nvwTNyq.exe
2708	pDLaYXy.exe
3048	GpFDjWK.exe
1160	uUIBMEB.exe
2908	WvHrIdh.exe
792	fTofaWi.exe
1032	YnLGLcK.exe
1504	veZlXpY.exe
2932	FKZJbVZ.exe
1872	CJqeGhT.exe
2688	dZMNagZ.exe
1080	iPuRyej.exe
1548	heLeWkR.exe
412	GTESRlJ.exe
1140	TlGfyEV.exe
1700	AimVGUR.exe
1796	nFvamVC.exe
2216	MXQJqEa.exe
900	iIWXses.exe
560	VhlUUbq.exe
1672	nUzizNh.exe
2208	cdeZthy.exe
2684	vatfvLG.exe
608	csqDhHI.exe
540	tDETFzT.exe
1944	vpMtGYE.exe
1708	JgUueRR.exe
876	LCzWPko.exe
2248	SGDXxtj.exe
2060	sLGPJPr.exe
2852	qkLHNdw.exe
1716	YiarNkx.exe
2856	Mmlnmoz.exe
2556	MXndqBb.exe
2616	JoegWLC.exe
2676	OXgawTH.exe
2552	hHKfRjW.exe
2432	owIhKFg.exe
3040	KwAKMdK.exe

Loads dropped DLL 64 IoCs

pid	Process
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1268-1-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/files/0x000d00000001416a-3.dat	upx
behavioral1/files/0x0007000000015d0c-26.dat	upx
behavioral1/files/0x0009000000016c42-45.dat	upx
behavioral1/files/0x0006000000016cb2-53.dat	upx
behavioral1/memory/2568-61-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2560-65-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2420-69-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2436-68-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/2440-64-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/2624-63-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2576-62-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/files/0x0006000000016c8c-58.dat	upx
behavioral1/files/0x0007000000015d4c-55.dat	upx
behavioral1/memory/2948-52-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/files/0x0006000000016cf5-78.dat	upx
behavioral1/memory/2836-80-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/files/0x0006000000016ce4-72.dat	upx
behavioral1/memory/380-89-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/files/0x0006000000016d16-103.dat	upx
behavioral1/memory/1268-102-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/files/0x0006000000016d0e-99.dat	upx
behavioral1/memory/1636-96-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/files/0x0006000000016cfd-87.dat	upx
behavioral1/files/0x0006000000016d05-92.dat	upx
behavioral1/memory/2464-75-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/files/0x0007000000015d24-48.dat	upx
behavioral1/files/0x0007000000015d44-44.dat	upx
behavioral1/files/0x0006000000016d1f-112.dat	upx
behavioral1/files/0x0006000000016d3a-127.dat	upx
behavioral1/files/0x0006000000016da4-135.dat	upx
behavioral1/files/0x0006000000016fe8-147.dat	upx
behavioral1/memory/2724-326-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/files/0x00060000000175b8-171.dat	upx
behavioral1/files/0x00060000000175b2-167.dat	upx
behavioral1/files/0x00060000000175ac-163.dat	upx
behavioral1/files/0x000600000001744c-159.dat	upx
behavioral1/files/0x00060000000173e5-155.dat	upx
behavioral1/files/0x000600000001739d-151.dat	upx
behavioral1/files/0x0006000000016e78-143.dat	upx
behavioral1/files/0x0006000000016db3-139.dat	upx
behavioral1/files/0x0006000000016d9f-131.dat	upx
behavioral1/files/0x0006000000016d36-123.dat	upx
behavioral1/files/0x0006000000016d32-119.dat	upx
behavioral1/files/0x0033000000015cbd-111.dat	upx
behavioral1/files/0x0008000000015cf5-29.dat	upx
behavioral1/memory/2724-25-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/files/0x0033000000015cb0-14.dat	upx
behavioral1/memory/2284-12-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2464-2583-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/2836-2836-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/2284-4045-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2560-4047-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2724-4046-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/2948-4048-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/2576-4050-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/2568-4049-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2436-4051-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/2624-4052-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2420-4053-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2440-4054-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/2836-4055-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/380-4056-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/2464-4057-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\soQwxpR.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\uNCvBrE.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\cSLadLj.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\bILowlI.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\hhQFkwX.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\UniLKek.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\RjdMjCp.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\YGazVVx.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\TOvFUNY.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\aEyZeEd.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\oQOgAkr.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\pikyBqE.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\xJdGjBK.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\Uysdfgn.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\hmTAxRO.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\dnRYBDt.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\DrCuKDU.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\FZMfFsM.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\JSLsykG.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\MRIjDtL.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\WcPsmyq.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\bErjgPg.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\vLuxsAi.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\bQKtSUl.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\xUzXFEn.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\yFyCrSw.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\wbptzbd.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\DiadPUv.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\dvZgGiS.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\amSAxFa.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\DUPLclv.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\WvwJJXm.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\kpofwjB.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\FOadRWE.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\iIWXses.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\DUIMSAe.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\BIbrFnw.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\rdEYJrT.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\BoHYJbI.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\TcZHUJu.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\OgQdlFC.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\WrnrNfo.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\MffGhNX.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\tpOoJvs.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\HulnaYS.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\knCSiYr.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\zUwloAs.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\nHHOKaW.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\cPSNyka.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\CwlvNFZ.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\PXkCVQT.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\CtDThOX.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\zbBYiqU.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\eQmolea.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\UZyZLti.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\caDWeRy.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\MoFiQDO.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\wYYaBSP.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\XtnBMnc.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\VdhNQPK.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\caaHWAR.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\iSJIdvL.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\XpjBDbM.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
File created	C:\Windows\System\gdXPzAQ.exe	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1268 wrote to memory of 2284	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	29
PID 1268 wrote to memory of 2284	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	29
PID 1268 wrote to memory of 2284	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	29
PID 1268 wrote to memory of 2724	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	30
PID 1268 wrote to memory of 2724	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	30
PID 1268 wrote to memory of 2724	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	30
PID 1268 wrote to memory of 2948	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	31
PID 1268 wrote to memory of 2948	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	31
PID 1268 wrote to memory of 2948	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	31
PID 1268 wrote to memory of 2560	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	32
PID 1268 wrote to memory of 2560	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	32
PID 1268 wrote to memory of 2560	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	32
PID 1268 wrote to memory of 2624	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	33
PID 1268 wrote to memory of 2624	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	33
PID 1268 wrote to memory of 2624	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	33
PID 1268 wrote to memory of 2568	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	34
PID 1268 wrote to memory of 2568	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	34
PID 1268 wrote to memory of 2568	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	34
PID 1268 wrote to memory of 2420	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	35
PID 1268 wrote to memory of 2420	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	35
PID 1268 wrote to memory of 2420	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	35
PID 1268 wrote to memory of 2576	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	36
PID 1268 wrote to memory of 2576	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	36
PID 1268 wrote to memory of 2576	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	36
PID 1268 wrote to memory of 2440	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	37
PID 1268 wrote to memory of 2440	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	37
PID 1268 wrote to memory of 2440	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	37
PID 1268 wrote to memory of 2436	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	38
PID 1268 wrote to memory of 2436	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	38
PID 1268 wrote to memory of 2436	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	38
PID 1268 wrote to memory of 2464	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	39
PID 1268 wrote to memory of 2464	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	39
PID 1268 wrote to memory of 2464	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	39
PID 1268 wrote to memory of 2836	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	40
PID 1268 wrote to memory of 2836	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	40
PID 1268 wrote to memory of 2836	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	40
PID 1268 wrote to memory of 380	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	41
PID 1268 wrote to memory of 380	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	41
PID 1268 wrote to memory of 380	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	41
PID 1268 wrote to memory of 1636	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	42
PID 1268 wrote to memory of 1636	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	42
PID 1268 wrote to memory of 1636	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	42
PID 1268 wrote to memory of 1436	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	43
PID 1268 wrote to memory of 1436	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	43
PID 1268 wrote to memory of 1436	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	43
PID 1268 wrote to memory of 2096	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	44
PID 1268 wrote to memory of 2096	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	44
PID 1268 wrote to memory of 2096	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	44
PID 1268 wrote to memory of 896	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	45
PID 1268 wrote to memory of 896	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	45
PID 1268 wrote to memory of 896	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	45
PID 1268 wrote to memory of 1048	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	46
PID 1268 wrote to memory of 1048	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	46
PID 1268 wrote to memory of 1048	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	46
PID 1268 wrote to memory of 1984	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	47
PID 1268 wrote to memory of 1984	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	47
PID 1268 wrote to memory of 1984	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	47
PID 1268 wrote to memory of 1932	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	48
PID 1268 wrote to memory of 1932	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	48
PID 1268 wrote to memory of 1932	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	48
PID 1268 wrote to memory of 2348	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	49
PID 1268 wrote to memory of 2348	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	49
PID 1268 wrote to memory of 2348	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	49
PID 1268 wrote to memory of 1452	1268	f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe	50

C:\Users\Admin\AppData\Local\Temp\f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe
"C:\Users\Admin\AppData\Local\Temp\f72a0bff442c87423b98d8874d1fee9e0eb05233260b9ed7e55ee652e5f3aad9.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1268
- C:\Windows\System\djREdEc.exe
  C:\Windows\System\djREdEc.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\KPxpRCF.exe
  C:\Windows\System\KPxpRCF.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\WYriohr.exe
  C:\Windows\System\WYriohr.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\NHpkbit.exe
  C:\Windows\System\NHpkbit.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\tavQWlV.exe
  C:\Windows\System\tavQWlV.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\XtRZqoY.exe
  C:\Windows\System\XtRZqoY.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\IgTqPxh.exe
  C:\Windows\System\IgTqPxh.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\aZTldEY.exe
  C:\Windows\System\aZTldEY.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\PRvJvcR.exe
  C:\Windows\System\PRvJvcR.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\nwCMxJw.exe
  C:\Windows\System\nwCMxJw.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\qUkzjEG.exe
  C:\Windows\System\qUkzjEG.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\dxwBuHk.exe
  C:\Windows\System\dxwBuHk.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\iBdGvwT.exe
  C:\Windows\System\iBdGvwT.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\MRtyFgx.exe
  C:\Windows\System\MRtyFgx.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\VygwdEQ.exe
  C:\Windows\System\VygwdEQ.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\rkYaCeT.exe
  C:\Windows\System\rkYaCeT.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\XXnfqai.exe
  C:\Windows\System\XXnfqai.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\ZKRbhIg.exe
  C:\Windows\System\ZKRbhIg.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\ioNNojY.exe
  C:\Windows\System\ioNNojY.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\zbFTEHt.exe
  C:\Windows\System\zbFTEHt.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\MyuuUbt.exe
  C:\Windows\System\MyuuUbt.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\yrCaQeb.exe
  C:\Windows\System\yrCaQeb.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\iZgqZTF.exe
  C:\Windows\System\iZgqZTF.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\FyVyBss.exe
  C:\Windows\System\FyVyBss.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\bdgBlPl.exe
  C:\Windows\System\bdgBlPl.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\nvwTNyq.exe
  C:\Windows\System\nvwTNyq.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\pDLaYXy.exe
  C:\Windows\System\pDLaYXy.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\GpFDjWK.exe
  C:\Windows\System\GpFDjWK.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\uUIBMEB.exe
  C:\Windows\System\uUIBMEB.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\WvHrIdh.exe
  C:\Windows\System\WvHrIdh.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\fTofaWi.exe
  C:\Windows\System\fTofaWi.exe
  2⤵
  - Executes dropped EXE
  PID:792
- C:\Windows\System\YnLGLcK.exe
  C:\Windows\System\YnLGLcK.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\veZlXpY.exe
  C:\Windows\System\veZlXpY.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\FKZJbVZ.exe
  C:\Windows\System\FKZJbVZ.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\CJqeGhT.exe
  C:\Windows\System\CJqeGhT.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\dZMNagZ.exe
  C:\Windows\System\dZMNagZ.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\iPuRyej.exe
  C:\Windows\System\iPuRyej.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\heLeWkR.exe
  C:\Windows\System\heLeWkR.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\GTESRlJ.exe
  C:\Windows\System\GTESRlJ.exe
  2⤵
  - Executes dropped EXE
  PID:412
- C:\Windows\System\TlGfyEV.exe
  C:\Windows\System\TlGfyEV.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\AimVGUR.exe
  C:\Windows\System\AimVGUR.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\nFvamVC.exe
  C:\Windows\System\nFvamVC.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\MXQJqEa.exe
  C:\Windows\System\MXQJqEa.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\iIWXses.exe
  C:\Windows\System\iIWXses.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\VhlUUbq.exe
  C:\Windows\System\VhlUUbq.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\nUzizNh.exe
  C:\Windows\System\nUzizNh.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\cdeZthy.exe
  C:\Windows\System\cdeZthy.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\vatfvLG.exe
  C:\Windows\System\vatfvLG.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\csqDhHI.exe
  C:\Windows\System\csqDhHI.exe
  2⤵
  - Executes dropped EXE
  PID:608
- C:\Windows\System\tDETFzT.exe
  C:\Windows\System\tDETFzT.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\vpMtGYE.exe
  C:\Windows\System\vpMtGYE.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\JgUueRR.exe
  C:\Windows\System\JgUueRR.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\LCzWPko.exe
  C:\Windows\System\LCzWPko.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\SGDXxtj.exe
  C:\Windows\System\SGDXxtj.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\sLGPJPr.exe
  C:\Windows\System\sLGPJPr.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\qkLHNdw.exe
  C:\Windows\System\qkLHNdw.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\YiarNkx.exe
  C:\Windows\System\YiarNkx.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\Mmlnmoz.exe
  C:\Windows\System\Mmlnmoz.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\MXndqBb.exe
  C:\Windows\System\MXndqBb.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\JoegWLC.exe
  C:\Windows\System\JoegWLC.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\OXgawTH.exe
  C:\Windows\System\OXgawTH.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\hHKfRjW.exe
  C:\Windows\System\hHKfRjW.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\owIhKFg.exe
  C:\Windows\System\owIhKFg.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\KwAKMdK.exe
  C:\Windows\System\KwAKMdK.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\rCPlsWe.exe
  C:\Windows\System\rCPlsWe.exe
  2⤵
  PID:1632
- C:\Windows\System\qQlZnNF.exe
  C:\Windows\System\qQlZnNF.exe
  2⤵
  PID:2300
- C:\Windows\System\bplVxqq.exe
  C:\Windows\System\bplVxqq.exe
  2⤵
  PID:2072
- C:\Windows\System\OwqEsBY.exe
  C:\Windows\System\OwqEsBY.exe
  2⤵
  PID:2664
- C:\Windows\System\HRYtePU.exe
  C:\Windows\System\HRYtePU.exe
  2⤵
  PID:2564
- C:\Windows\System\RgbcUHu.exe
  C:\Windows\System\RgbcUHu.exe
  2⤵
  PID:2580
- C:\Windows\System\jaSavzC.exe
  C:\Windows\System\jaSavzC.exe
  2⤵
  PID:2368
- C:\Windows\System\TuuTwoU.exe
  C:\Windows\System\TuuTwoU.exe
  2⤵
  PID:1540
- C:\Windows\System\sMsikIC.exe
  C:\Windows\System\sMsikIC.exe
  2⤵
  PID:1676
- C:\Windows\System\hmAIPPM.exe
  C:\Windows\System\hmAIPPM.exe
  2⤵
  PID:1404
- C:\Windows\System\unSiSwp.exe
  C:\Windows\System\unSiSwp.exe
  2⤵
  PID:1768
- C:\Windows\System\oSxRXbP.exe
  C:\Windows\System\oSxRXbP.exe
  2⤵
  PID:2760
- C:\Windows\System\iohproV.exe
  C:\Windows\System\iohproV.exe
  2⤵
  PID:2768
- C:\Windows\System\dkYQsjo.exe
  C:\Windows\System\dkYQsjo.exe
  2⤵
  PID:988
- C:\Windows\System\mjHqJOq.exe
  C:\Windows\System\mjHqJOq.exe
  2⤵
  PID:804
- C:\Windows\System\JkhNmPm.exe
  C:\Windows\System\JkhNmPm.exe
  2⤵
  PID:908
- C:\Windows\System\TXdigBY.exe
  C:\Windows\System\TXdigBY.exe
  2⤵
  PID:2592
- C:\Windows\System\IyNTimo.exe
  C:\Windows\System\IyNTimo.exe
  2⤵
  PID:3020
- C:\Windows\System\ocNfXMm.exe
  C:\Windows\System\ocNfXMm.exe
  2⤵
  PID:2992
- C:\Windows\System\nAQvmoq.exe
  C:\Windows\System\nAQvmoq.exe
  2⤵
  PID:3024
- C:\Windows\System\sNiruDL.exe
  C:\Windows\System\sNiruDL.exe
  2⤵
  PID:1604
- C:\Windows\System\pjYuJxA.exe
  C:\Windows\System\pjYuJxA.exe
  2⤵
  PID:952
- C:\Windows\System\kCDBQmg.exe
  C:\Windows\System\kCDBQmg.exe
  2⤵
  PID:652
- C:\Windows\System\kGMcYDo.exe
  C:\Windows\System\kGMcYDo.exe
  2⤵
  PID:312
- C:\Windows\System\knCSiYr.exe
  C:\Windows\System\knCSiYr.exe
  2⤵
  PID:2080
- C:\Windows\System\pWwMTfG.exe
  C:\Windows\System\pWwMTfG.exe
  2⤵
  PID:1088
- C:\Windows\System\NLGpziH.exe
  C:\Windows\System\NLGpziH.exe
  2⤵
  PID:1764
- C:\Windows\System\LpSqkMK.exe
  C:\Windows\System\LpSqkMK.exe
  2⤵
  PID:756
- C:\Windows\System\FXQRTbv.exe
  C:\Windows\System\FXQRTbv.exe
  2⤵
  PID:3036
- C:\Windows\System\pfLIrmk.exe
  C:\Windows\System\pfLIrmk.exe
  2⤵
  PID:1720
- C:\Windows\System\udfvMXI.exe
  C:\Windows\System\udfvMXI.exe
  2⤵
  PID:2160
- C:\Windows\System\gujVNCk.exe
  C:\Windows\System\gujVNCk.exe
  2⤵
  PID:1616
- C:\Windows\System\AKAbiKs.exe
  C:\Windows\System\AKAbiKs.exe
  2⤵
  PID:2892
- C:\Windows\System\skLYFbM.exe
  C:\Windows\System\skLYFbM.exe
  2⤵
  PID:2860
- C:\Windows\System\SgSEbZJ.exe
  C:\Windows\System\SgSEbZJ.exe
  2⤵
  PID:2620
- C:\Windows\System\IEOjLSC.exe
  C:\Windows\System\IEOjLSC.exe
  2⤵
  PID:2532
- C:\Windows\System\ZSXznqO.exe
  C:\Windows\System\ZSXznqO.exe
  2⤵
  PID:2728
- C:\Windows\System\VGJGvBQ.exe
  C:\Windows\System\VGJGvBQ.exe
  2⤵
  PID:1936
- C:\Windows\System\lVetCeG.exe
  C:\Windows\System\lVetCeG.exe
  2⤵
  PID:2520
- C:\Windows\System\DAPUOAw.exe
  C:\Windows\System\DAPUOAw.exe
  2⤵
  PID:1536
- C:\Windows\System\WYuidwG.exe
  C:\Windows\System\WYuidwG.exe
  2⤵
  PID:320
- C:\Windows\System\entGuoi.exe
  C:\Windows\System\entGuoi.exe
  2⤵
  PID:1488
- C:\Windows\System\BaKsHQH.exe
  C:\Windows\System\BaKsHQH.exe
  2⤵
  PID:2516
- C:\Windows\System\xYODKrL.exe
  C:\Windows\System\xYODKrL.exe
  2⤵
  PID:2012
- C:\Windows\System\hizageX.exe
  C:\Windows\System\hizageX.exe
  2⤵
  PID:2796
- C:\Windows\System\sBwAjtn.exe
  C:\Windows\System\sBwAjtn.exe
  2⤵
  PID:2288
- C:\Windows\System\vLuxsAi.exe
  C:\Windows\System\vLuxsAi.exe
  2⤵
  PID:2876
- C:\Windows\System\fmWTABi.exe
  C:\Windows\System\fmWTABi.exe
  2⤵
  PID:1832
- C:\Windows\System\uxMDWfZ.exe
  C:\Windows\System\uxMDWfZ.exe
  2⤵
  PID:1524
- C:\Windows\System\mGeKCcD.exe
  C:\Windows\System\mGeKCcD.exe
  2⤵
  PID:1364
- C:\Windows\System\wLGtgAZ.exe
  C:\Windows\System\wLGtgAZ.exe
  2⤵
  PID:1628
- C:\Windows\System\tGAHLFg.exe
  C:\Windows\System\tGAHLFg.exe
  2⤵
  PID:1092
- C:\Windows\System\zIWzrxS.exe
  C:\Windows\System\zIWzrxS.exe
  2⤵
  PID:704
- C:\Windows\System\oPxZUee.exe
  C:\Windows\System\oPxZUee.exe
  2⤵
  PID:3044
- C:\Windows\System\nrgFyBd.exe
  C:\Windows\System\nrgFyBd.exe
  2⤵
  PID:2068
- C:\Windows\System\EfgIsLo.exe
  C:\Windows\System\EfgIsLo.exe
  2⤵
  PID:972
- C:\Windows\System\hzLnMiv.exe
  C:\Windows\System\hzLnMiv.exe
  2⤵
  PID:1608
- C:\Windows\System\mVcxOLI.exe
  C:\Windows\System\mVcxOLI.exe
  2⤵
  PID:2548
- C:\Windows\System\hHFCAad.exe
  C:\Windows\System\hHFCAad.exe
  2⤵
  PID:2588
- C:\Windows\System\rIqDQoq.exe
  C:\Windows\System\rIqDQoq.exe
  2⤵
  PID:3060
- C:\Windows\System\QMWgXhw.exe
  C:\Windows\System\QMWgXhw.exe
  2⤵
  PID:2460
- C:\Windows\System\dnRYBDt.exe
  C:\Windows\System\dnRYBDt.exe
  2⤵
  PID:628
- C:\Windows\System\ZnsSwlo.exe
  C:\Windows\System\ZnsSwlo.exe
  2⤵
  PID:332
- C:\Windows\System\Pfsewch.exe
  C:\Windows\System\Pfsewch.exe
  2⤵
  PID:2456
- C:\Windows\System\aezeWZl.exe
  C:\Windows\System\aezeWZl.exe
  2⤵
  PID:1988
- C:\Windows\System\wYYaBSP.exe
  C:\Windows\System\wYYaBSP.exe
  2⤵
  PID:1660
- C:\Windows\System\PrqqXZr.exe
  C:\Windows\System\PrqqXZr.exe
  2⤵
  PID:2340
- C:\Windows\System\TcZHUJu.exe
  C:\Windows\System\TcZHUJu.exe
  2⤵
  PID:2648
- C:\Windows\System\rNNXCQM.exe
  C:\Windows\System\rNNXCQM.exe
  2⤵
  PID:1104
- C:\Windows\System\TRGlUGS.exe
  C:\Windows\System\TRGlUGS.exe
  2⤵
  PID:2480
- C:\Windows\System\nzXVdwo.exe
  C:\Windows\System\nzXVdwo.exe
  2⤵
  PID:2484
- C:\Windows\System\HHRedvO.exe
  C:\Windows\System\HHRedvO.exe
  2⤵
  PID:2228
- C:\Windows\System\DpLvABj.exe
  C:\Windows\System\DpLvABj.exe
  2⤵
  PID:2956
- C:\Windows\System\BYTdVsh.exe
  C:\Windows\System\BYTdVsh.exe
  2⤵
  PID:1556
- C:\Windows\System\BavFKhP.exe
  C:\Windows\System\BavFKhP.exe
  2⤵
  PID:2492
- C:\Windows\System\WekZaIW.exe
  C:\Windows\System\WekZaIW.exe
  2⤵
  PID:2020
- C:\Windows\System\lAVisyA.exe
  C:\Windows\System\lAVisyA.exe
  2⤵
  PID:1828
- C:\Windows\System\eEQWlrL.exe
  C:\Windows\System\eEQWlrL.exe
  2⤵
  PID:848
- C:\Windows\System\MatPnfk.exe
  C:\Windows\System\MatPnfk.exe
  2⤵
  PID:2408
- C:\Windows\System\CcSdWSm.exe
  C:\Windows\System\CcSdWSm.exe
  2⤵
  PID:2488
- C:\Windows\System\YWsrMXa.exe
  C:\Windows\System\YWsrMXa.exe
  2⤵
  PID:948
- C:\Windows\System\hbsdnuP.exe
  C:\Windows\System\hbsdnuP.exe
  2⤵
  PID:2476
- C:\Windows\System\wDglKwp.exe
  C:\Windows\System\wDglKwp.exe
  2⤵
  PID:3028
- C:\Windows\System\NLQOjaT.exe
  C:\Windows\System\NLQOjaT.exe
  2⤵
  PID:1776
- C:\Windows\System\mHOIkle.exe
  C:\Windows\System\mHOIkle.exe
  2⤵
  PID:1748
- C:\Windows\System\CtqyIEx.exe
  C:\Windows\System\CtqyIEx.exe
  2⤵
  PID:2744
- C:\Windows\System\LmgSmVy.exe
  C:\Windows\System\LmgSmVy.exe
  2⤵
  PID:1980
- C:\Windows\System\urSLbkG.exe
  C:\Windows\System\urSLbkG.exe
  2⤵
  PID:2132
- C:\Windows\System\eTxxKSN.exe
  C:\Windows\System\eTxxKSN.exe
  2⤵
  PID:2056
- C:\Windows\System\JeLrajh.exe
  C:\Windows\System\JeLrajh.exe
  2⤵
  PID:1108
- C:\Windows\System\UvRKvvC.exe
  C:\Windows\System\UvRKvvC.exe
  2⤵
  PID:2332
- C:\Windows\System\pHBRPZB.exe
  C:\Windows\System\pHBRPZB.exe
  2⤵
  PID:2696
- C:\Windows\System\PnARnXn.exe
  C:\Windows\System\PnARnXn.exe
  2⤵
  PID:2736
- C:\Windows\System\GCQQEXI.exe
  C:\Windows\System\GCQQEXI.exe
  2⤵
  PID:1644
- C:\Windows\System\KWfWtRC.exe
  C:\Windows\System\KWfWtRC.exe
  2⤵
  PID:2972
- C:\Windows\System\XpjBDbM.exe
  C:\Windows\System\XpjBDbM.exe
  2⤵
  PID:2536
- C:\Windows\System\xHdxjTI.exe
  C:\Windows\System\xHdxjTI.exe
  2⤵
  PID:592
- C:\Windows\System\KTALrTh.exe
  C:\Windows\System\KTALrTh.exe
  2⤵
  PID:324
- C:\Windows\System\hoRnlDw.exe
  C:\Windows\System\hoRnlDw.exe
  2⤵
  PID:2824
- C:\Windows\System\HEqouvW.exe
  C:\Windows\System\HEqouvW.exe
  2⤵
  PID:1056
- C:\Windows\System\HNsdJnz.exe
  C:\Windows\System\HNsdJnz.exe
  2⤵
  PID:1444
- C:\Windows\System\yktNjav.exe
  C:\Windows\System\yktNjav.exe
  2⤵
  PID:1780
- C:\Windows\System\yFtUlkr.exe
  C:\Windows\System\yFtUlkr.exe
  2⤵
  PID:2336
- C:\Windows\System\yzIlfRJ.exe
  C:\Windows\System\yzIlfRJ.exe
  2⤵
  PID:1992
- C:\Windows\System\lQbCmFP.exe
  C:\Windows\System\lQbCmFP.exe
  2⤵
  PID:2748
- C:\Windows\System\TuDgzJI.exe
  C:\Windows\System\TuDgzJI.exe
  2⤵
  PID:1652
- C:\Windows\System\qRXAZrV.exe
  C:\Windows\System\qRXAZrV.exe
  2⤵
  PID:2808
- C:\Windows\System\QLoiLwm.exe
  C:\Windows\System\QLoiLwm.exe
  2⤵
  PID:2316
- C:\Windows\System\DQlNJQp.exe
  C:\Windows\System\DQlNJQp.exe
  2⤵
  PID:2668
- C:\Windows\System\OgQdlFC.exe
  C:\Windows\System\OgQdlFC.exe
  2⤵
  PID:2304
- C:\Windows\System\DUIMSAe.exe
  C:\Windows\System\DUIMSAe.exe
  2⤵
  PID:2816
- C:\Windows\System\pDLUnBP.exe
  C:\Windows\System\pDLUnBP.exe
  2⤵
  PID:2996
- C:\Windows\System\hltvCUx.exe
  C:\Windows\System\hltvCUx.exe
  2⤵
  PID:772
- C:\Windows\System\XtnBMnc.exe
  C:\Windows\System\XtnBMnc.exe
  2⤵
  PID:1952
- C:\Windows\System\jZrurHv.exe
  C:\Windows\System\jZrurHv.exe
  2⤵
  PID:1520
- C:\Windows\System\kDBEndq.exe
  C:\Windows\System\kDBEndq.exe
  2⤵
  PID:3068
- C:\Windows\System\DiadPUv.exe
  C:\Windows\System\DiadPUv.exe
  2⤵
  PID:2392
- C:\Windows\System\jWsemzB.exe
  C:\Windows\System\jWsemzB.exe
  2⤵
  PID:2272
- C:\Windows\System\iWAGZAX.exe
  C:\Windows\System\iWAGZAX.exe
  2⤵
  PID:3088
- C:\Windows\System\maEuIzh.exe
  C:\Windows\System\maEuIzh.exe
  2⤵
  PID:3104
- C:\Windows\System\LOsfBvl.exe
  C:\Windows\System\LOsfBvl.exe
  2⤵
  PID:3120
- C:\Windows\System\gdXPzAQ.exe
  C:\Windows\System\gdXPzAQ.exe
  2⤵
  PID:3140
- C:\Windows\System\BLQLeIk.exe
  C:\Windows\System\BLQLeIk.exe
  2⤵
  PID:3168
- C:\Windows\System\ZpgoEqx.exe
  C:\Windows\System\ZpgoEqx.exe
  2⤵
  PID:3188
- C:\Windows\System\NCMAzxb.exe
  C:\Windows\System\NCMAzxb.exe
  2⤵
  PID:3212
- C:\Windows\System\SxBwnsF.exe
  C:\Windows\System\SxBwnsF.exe
  2⤵
  PID:3228
- C:\Windows\System\kJVXIsr.exe
  C:\Windows\System\kJVXIsr.exe
  2⤵
  PID:3244
- C:\Windows\System\UGEigaW.exe
  C:\Windows\System\UGEigaW.exe
  2⤵
  PID:3260
- C:\Windows\System\NNBtasz.exe
  C:\Windows\System\NNBtasz.exe
  2⤵
  PID:3280
- C:\Windows\System\BVTMYZO.exe
  C:\Windows\System\BVTMYZO.exe
  2⤵
  PID:3296
- C:\Windows\System\pRfPSXV.exe
  C:\Windows\System\pRfPSXV.exe
  2⤵
  PID:3312
- C:\Windows\System\FxJZGlF.exe
  C:\Windows\System\FxJZGlF.exe
  2⤵
  PID:3328
- C:\Windows\System\TYBOWfh.exe
  C:\Windows\System\TYBOWfh.exe
  2⤵
  PID:3344
- C:\Windows\System\erDmjtj.exe
  C:\Windows\System\erDmjtj.exe
  2⤵
  PID:3368
- C:\Windows\System\smlCqKg.exe
  C:\Windows\System\smlCqKg.exe
  2⤵
  PID:3384
- C:\Windows\System\hEbCCzJ.exe
  C:\Windows\System\hEbCCzJ.exe
  2⤵
  PID:3420
- C:\Windows\System\OpTjPtL.exe
  C:\Windows\System\OpTjPtL.exe
  2⤵
  PID:3468
- C:\Windows\System\wfkTEqH.exe
  C:\Windows\System\wfkTEqH.exe
  2⤵
  PID:3484
- C:\Windows\System\TdBiOBC.exe
  C:\Windows\System\TdBiOBC.exe
  2⤵
  PID:3500
- C:\Windows\System\RwYjgBY.exe
  C:\Windows\System\RwYjgBY.exe
  2⤵
  PID:3520
- C:\Windows\System\vLgUxfp.exe
  C:\Windows\System\vLgUxfp.exe
  2⤵
  PID:3536
- C:\Windows\System\vqrWxbh.exe
  C:\Windows\System\vqrWxbh.exe
  2⤵
  PID:3556
- C:\Windows\System\yIjMgRV.exe
  C:\Windows\System\yIjMgRV.exe
  2⤵
  PID:3576
- C:\Windows\System\Otvjfzg.exe
  C:\Windows\System\Otvjfzg.exe
  2⤵
  PID:3596
- C:\Windows\System\SWxxDyw.exe
  C:\Windows\System\SWxxDyw.exe
  2⤵
  PID:3628
- C:\Windows\System\YcDntbb.exe
  C:\Windows\System\YcDntbb.exe
  2⤵
  PID:3648
- C:\Windows\System\DbjVJuu.exe
  C:\Windows\System\DbjVJuu.exe
  2⤵
  PID:3672
- C:\Windows\System\jEikiwP.exe
  C:\Windows\System\jEikiwP.exe
  2⤵
  PID:3692
- C:\Windows\System\mxtXOGH.exe
  C:\Windows\System\mxtXOGH.exe
  2⤵
  PID:3716
- C:\Windows\System\LmyJBrW.exe
  C:\Windows\System\LmyJBrW.exe
  2⤵
  PID:3736
- C:\Windows\System\bzfDjUE.exe
  C:\Windows\System\bzfDjUE.exe
  2⤵
  PID:3752
- C:\Windows\System\TUdILPG.exe
  C:\Windows\System\TUdILPG.exe
  2⤵
  PID:3768
- C:\Windows\System\UtFIADW.exe
  C:\Windows\System\UtFIADW.exe
  2⤵
  PID:3784
- C:\Windows\System\XRJyJVx.exe
  C:\Windows\System\XRJyJVx.exe
  2⤵
  PID:3800
- C:\Windows\System\tDbQcrf.exe
  C:\Windows\System\tDbQcrf.exe
  2⤵
  PID:3832
- C:\Windows\System\TASqVgd.exe
  C:\Windows\System\TASqVgd.exe
  2⤵
  PID:3860
- C:\Windows\System\TiojIaw.exe
  C:\Windows\System\TiojIaw.exe
  2⤵
  PID:3876
- C:\Windows\System\yHTrTHX.exe
  C:\Windows\System\yHTrTHX.exe
  2⤵
  PID:3892
- C:\Windows\System\apZwhrL.exe
  C:\Windows\System\apZwhrL.exe
  2⤵
  PID:3912
- C:\Windows\System\hJXpqKZ.exe
  C:\Windows\System\hJXpqKZ.exe
  2⤵
  PID:3928
- C:\Windows\System\OfEybMU.exe
  C:\Windows\System\OfEybMU.exe
  2⤵
  PID:3944
- C:\Windows\System\SKBoClz.exe
  C:\Windows\System\SKBoClz.exe
  2⤵
  PID:3960
- C:\Windows\System\DQkbgQC.exe
  C:\Windows\System\DQkbgQC.exe
  2⤵
  PID:3976
- C:\Windows\System\wfPUgVm.exe
  C:\Windows\System\wfPUgVm.exe
  2⤵
  PID:3992
- C:\Windows\System\jJMpYnq.exe
  C:\Windows\System\jJMpYnq.exe
  2⤵
  PID:4036
- C:\Windows\System\rkHoJXO.exe
  C:\Windows\System\rkHoJXO.exe
  2⤵
  PID:4056
- C:\Windows\System\CCeVPqo.exe
  C:\Windows\System\CCeVPqo.exe
  2⤵
  PID:4072
- C:\Windows\System\kiAsUlX.exe
  C:\Windows\System\kiAsUlX.exe
  2⤵
  PID:4088
- C:\Windows\System\QPyCyCc.exe
  C:\Windows\System\QPyCyCc.exe
  2⤵
  PID:3052
- C:\Windows\System\scZCcBr.exe
  C:\Windows\System\scZCcBr.exe
  2⤵
  PID:2828
- C:\Windows\System\tQwisMx.exe
  C:\Windows\System\tQwisMx.exe
  2⤵
  PID:3084
- C:\Windows\System\LYzoeVo.exe
  C:\Windows\System\LYzoeVo.exe
  2⤵
  PID:2508
- C:\Windows\System\kqrKPjt.exe
  C:\Windows\System\kqrKPjt.exe
  2⤵
  PID:3116
- C:\Windows\System\MGZpvRw.exe
  C:\Windows\System\MGZpvRw.exe
  2⤵
  PID:3160
- C:\Windows\System\QWnWGXB.exe
  C:\Windows\System\QWnWGXB.exe
  2⤵
  PID:3204
- C:\Windows\System\CzfCCrN.exe
  C:\Windows\System\CzfCCrN.exe
  2⤵
  PID:3236
- C:\Windows\System\VmjNoxQ.exe
  C:\Windows\System\VmjNoxQ.exe
  2⤵
  PID:3304
- C:\Windows\System\VUsvWUP.exe
  C:\Windows\System\VUsvWUP.exe
  2⤵
  PID:3128
- C:\Windows\System\KnIwLQj.exe
  C:\Windows\System\KnIwLQj.exe
  2⤵
  PID:3392
- C:\Windows\System\FdTPRMI.exe
  C:\Windows\System\FdTPRMI.exe
  2⤵
  PID:3292
- C:\Windows\System\NpdYgyt.exe
  C:\Windows\System\NpdYgyt.exe
  2⤵
  PID:3396
- C:\Windows\System\aUlGTEv.exe
  C:\Windows\System\aUlGTEv.exe
  2⤵
  PID:3184
- C:\Windows\System\aiVWDvI.exe
  C:\Windows\System\aiVWDvI.exe
  2⤵
  PID:3436
- C:\Windows\System\KBctABb.exe
  C:\Windows\System\KBctABb.exe
  2⤵
  PID:3452
- C:\Windows\System\pfUJotu.exe
  C:\Windows\System\pfUJotu.exe
  2⤵
  PID:3492
- C:\Windows\System\ooSvQPQ.exe
  C:\Windows\System\ooSvQPQ.exe
  2⤵
  PID:3564
- C:\Windows\System\MveOIEh.exe
  C:\Windows\System\MveOIEh.exe
  2⤵
  PID:3604
- C:\Windows\System\YgUtHxs.exe
  C:\Windows\System\YgUtHxs.exe
  2⤵
  PID:3656
- C:\Windows\System\RMlQgHT.exe
  C:\Windows\System\RMlQgHT.exe
  2⤵
  PID:3544
- C:\Windows\System\DVuzMBD.exe
  C:\Windows\System\DVuzMBD.exe
  2⤵
  PID:3776
- C:\Windows\System\CJQDHMf.exe
  C:\Windows\System\CJQDHMf.exe
  2⤵
  PID:3640
- C:\Windows\System\WxzfpGU.exe
  C:\Windows\System\WxzfpGU.exe
  2⤵
  PID:3724
- C:\Windows\System\FmBDqPI.exe
  C:\Windows\System\FmBDqPI.exe
  2⤵
  PID:3816
- C:\Windows\System\VKSTrfE.exe
  C:\Windows\System\VKSTrfE.exe
  2⤵
  PID:3868
- C:\Windows\System\OnoWVma.exe
  C:\Windows\System\OnoWVma.exe
  2⤵
  PID:3852
- C:\Windows\System\QRDvMtv.exe
  C:\Windows\System\QRDvMtv.exe
  2⤵
  PID:3936
- C:\Windows\System\wnRTvQZ.exe
  C:\Windows\System\wnRTvQZ.exe
  2⤵
  PID:4004
- C:\Windows\System\BENGQYP.exe
  C:\Windows\System\BENGQYP.exe
  2⤵
  PID:3924
- C:\Windows\System\hzxHFUZ.exe
  C:\Windows\System\hzxHFUZ.exe
  2⤵
  PID:4024
- C:\Windows\System\WlxbbWq.exe
  C:\Windows\System\WlxbbWq.exe
  2⤵
  PID:4068
- C:\Windows\System\tCBOQyo.exe
  C:\Windows\System\tCBOQyo.exe
  2⤵
  PID:1300
- C:\Windows\System\mKyKoaL.exe
  C:\Windows\System\mKyKoaL.exe
  2⤵
  PID:3112
- C:\Windows\System\wgBILnW.exe
  C:\Windows\System\wgBILnW.exe
  2⤵
  PID:3200
- C:\Windows\System\RMihRCa.exe
  C:\Windows\System\RMihRCa.exe
  2⤵
  PID:3432
- C:\Windows\System\bvMTvNg.exe
  C:\Windows\System\bvMTvNg.exe
  2⤵
  PID:3364
- C:\Windows\System\GfDqrGv.exe
  C:\Windows\System\GfDqrGv.exe
  2⤵
  PID:3464
- C:\Windows\System\JbvDADW.exe
  C:\Windows\System\JbvDADW.exe
  2⤵
  PID:664
- C:\Windows\System\FNfuwGX.exe
  C:\Windows\System\FNfuwGX.exe
  2⤵
  PID:3100
- C:\Windows\System\PpklhJG.exe
  C:\Windows\System\PpklhJG.exe
  2⤵
  PID:3532
- C:\Windows\System\mJenDvQ.exe
  C:\Windows\System\mJenDvQ.exe
  2⤵
  PID:3156
- C:\Windows\System\MHZdJuc.exe
  C:\Windows\System\MHZdJuc.exe
  2⤵
  PID:3444
- C:\Windows\System\GQNBESX.exe
  C:\Windows\System\GQNBESX.exe
  2⤵
  PID:3620
- C:\Windows\System\eMweadi.exe
  C:\Windows\System\eMweadi.exe
  2⤵
  PID:3668
- C:\Windows\System\ZQgzZGK.exe
  C:\Windows\System\ZQgzZGK.exe
  2⤵
  PID:3712
- C:\Windows\System\zyHTqnV.exe
  C:\Windows\System\zyHTqnV.exe
  2⤵
  PID:3512
- C:\Windows\System\TOvFUNY.exe
  C:\Windows\System\TOvFUNY.exe
  2⤵
  PID:3812
- C:\Windows\System\jhkatNv.exe
  C:\Windows\System\jhkatNv.exe
  2⤵
  PID:3760
- C:\Windows\System\dRQHxRO.exe
  C:\Windows\System\dRQHxRO.exe
  2⤵
  PID:4000
- C:\Windows\System\VnZYNkF.exe
  C:\Windows\System\VnZYNkF.exe
  2⤵
  PID:2756
- C:\Windows\System\KmhuVuA.exe
  C:\Windows\System\KmhuVuA.exe
  2⤵
  PID:3180
- C:\Windows\System\aurXJfs.exe
  C:\Windows\System\aurXJfs.exe
  2⤵
  PID:4020
- C:\Windows\System\ISzKFca.exe
  C:\Windows\System\ISzKFca.exe
  2⤵
  PID:3320
- C:\Windows\System\gKpGLlY.exe
  C:\Windows\System\gKpGLlY.exe
  2⤵
  PID:3660
- C:\Windows\System\BMqbKnQ.exe
  C:\Windows\System\BMqbKnQ.exe
  2⤵
  PID:3508
- C:\Windows\System\gGUyeJv.exe
  C:\Windows\System\gGUyeJv.exe
  2⤵
  PID:3908
- C:\Windows\System\lJxGKij.exe
  C:\Windows\System\lJxGKij.exe
  2⤵
  PID:2632
- C:\Windows\System\fUOsPmJ.exe
  C:\Windows\System\fUOsPmJ.exe
  2⤵
  PID:576
- C:\Windows\System\pgKDhTu.exe
  C:\Windows\System\pgKDhTu.exe
  2⤵
  PID:4016
- C:\Windows\System\CwEGMae.exe
  C:\Windows\System\CwEGMae.exe
  2⤵
  PID:4080
- C:\Windows\System\ZmiNisP.exe
  C:\Windows\System\ZmiNisP.exe
  2⤵
  PID:3376
- C:\Windows\System\IqZyokk.exe
  C:\Windows\System\IqZyokk.exe
  2⤵
  PID:3132
- C:\Windows\System\UlYoqXb.exe
  C:\Windows\System\UlYoqXb.exe
  2⤵
  PID:3700
- C:\Windows\System\ATbwhjw.exe
  C:\Windows\System\ATbwhjw.exe
  2⤵
  PID:3792
- C:\Windows\System\jrWWOiE.exe
  C:\Windows\System\jrWWOiE.exe
  2⤵
  PID:3624
- C:\Windows\System\THlQfHW.exe
  C:\Windows\System\THlQfHW.exe
  2⤵
  PID:3956
- C:\Windows\System\zLohtuG.exe
  C:\Windows\System\zLohtuG.exe
  2⤵
  PID:3272
- C:\Windows\System\PvUnlNf.exe
  C:\Windows\System\PvUnlNf.exe
  2⤵
  PID:3612
- C:\Windows\System\WxMYvEJ.exe
  C:\Windows\System\WxMYvEJ.exe
  2⤵
  PID:2740
- C:\Windows\System\dHcntfY.exe
  C:\Windows\System\dHcntfY.exe
  2⤵
  PID:3340
- C:\Windows\System\OnnGaUO.exe
  C:\Windows\System\OnnGaUO.exe
  2⤵
  PID:3984
- C:\Windows\System\pmKreaw.exe
  C:\Windows\System\pmKreaw.exe
  2⤵
  PID:4084
- C:\Windows\System\jDkpVHj.exe
  C:\Windows\System\jDkpVHj.exe
  2⤵
  PID:3968
- C:\Windows\System\XtowEnI.exe
  C:\Windows\System\XtowEnI.exe
  2⤵
  PID:3732
- C:\Windows\System\WtcOXoO.exe
  C:\Windows\System\WtcOXoO.exe
  2⤵
  PID:3220
- C:\Windows\System\ZHAxmiQ.exe
  C:\Windows\System\ZHAxmiQ.exe
  2⤵
  PID:3572
- C:\Windows\System\yLQOHlJ.exe
  C:\Windows\System\yLQOHlJ.exe
  2⤵
  PID:4048
- C:\Windows\System\HsAtXaN.exe
  C:\Windows\System\HsAtXaN.exe
  2⤵
  PID:4100
- C:\Windows\System\JRMVhqj.exe
  C:\Windows\System\JRMVhqj.exe
  2⤵
  PID:4128
- C:\Windows\System\BitaWrH.exe
  C:\Windows\System\BitaWrH.exe
  2⤵
  PID:4144
- C:\Windows\System\WcMUnAv.exe
  C:\Windows\System\WcMUnAv.exe
  2⤵
  PID:4164
- C:\Windows\System\hPvCkXc.exe
  C:\Windows\System\hPvCkXc.exe
  2⤵
  PID:4180
- C:\Windows\System\bBRFtrf.exe
  C:\Windows\System\bBRFtrf.exe
  2⤵
  PID:4196
- C:\Windows\System\faeKKDF.exe
  C:\Windows\System\faeKKDF.exe
  2⤵
  PID:4216
- C:\Windows\System\FDVFbGu.exe
  C:\Windows\System\FDVFbGu.exe
  2⤵
  PID:4236
- C:\Windows\System\ejIqRwh.exe
  C:\Windows\System\ejIqRwh.exe
  2⤵
  PID:4252
- C:\Windows\System\cVqqvgb.exe
  C:\Windows\System\cVqqvgb.exe
  2⤵
  PID:4268
- C:\Windows\System\hxqFXyd.exe
  C:\Windows\System\hxqFXyd.exe
  2⤵
  PID:4284
- C:\Windows\System\TTEEHmP.exe
  C:\Windows\System\TTEEHmP.exe
  2⤵
  PID:4300
- C:\Windows\System\hhQFkwX.exe
  C:\Windows\System\hhQFkwX.exe
  2⤵
  PID:4320
- C:\Windows\System\HTzrXhI.exe
  C:\Windows\System\HTzrXhI.exe
  2⤵
  PID:4336
- C:\Windows\System\kDlQlXR.exe
  C:\Windows\System\kDlQlXR.exe
  2⤵
  PID:4352
- C:\Windows\System\VsKtJLT.exe
  C:\Windows\System\VsKtJLT.exe
  2⤵
  PID:4376
- C:\Windows\System\nuWIkat.exe
  C:\Windows\System\nuWIkat.exe
  2⤵
  PID:4396
- C:\Windows\System\NebOlnl.exe
  C:\Windows\System\NebOlnl.exe
  2⤵
  PID:4412
- C:\Windows\System\mmYsIvD.exe
  C:\Windows\System\mmYsIvD.exe
  2⤵
  PID:4436
- C:\Windows\System\GgPmwtl.exe
  C:\Windows\System\GgPmwtl.exe
  2⤵
  PID:4452
- C:\Windows\System\zcGTErg.exe
  C:\Windows\System\zcGTErg.exe
  2⤵
  PID:4468
- C:\Windows\System\GhSlhUs.exe
  C:\Windows\System\GhSlhUs.exe
  2⤵
  PID:4488
- C:\Windows\System\GXePauQ.exe
  C:\Windows\System\GXePauQ.exe
  2⤵
  PID:4508
- C:\Windows\System\RBwpIOc.exe
  C:\Windows\System\RBwpIOc.exe
  2⤵
  PID:4532
- C:\Windows\System\pVBWmhv.exe
  C:\Windows\System\pVBWmhv.exe
  2⤵
  PID:4600
- C:\Windows\System\qCjyiMM.exe
  C:\Windows\System\qCjyiMM.exe
  2⤵
  PID:4616
- C:\Windows\System\eNBoOoP.exe
  C:\Windows\System\eNBoOoP.exe
  2⤵
  PID:4632
- C:\Windows\System\rCsIzlo.exe
  C:\Windows\System\rCsIzlo.exe
  2⤵
  PID:4648
- C:\Windows\System\MPEvSIl.exe
  C:\Windows\System\MPEvSIl.exe
  2⤵
  PID:4668
- C:\Windows\System\dZOipcK.exe
  C:\Windows\System\dZOipcK.exe
  2⤵
  PID:4688
- C:\Windows\System\kGDzVRu.exe
  C:\Windows\System\kGDzVRu.exe
  2⤵
  PID:4712
- C:\Windows\System\nlQnANR.exe
  C:\Windows\System\nlQnANR.exe
  2⤵
  PID:4732
- C:\Windows\System\wodGQqu.exe
  C:\Windows\System\wodGQqu.exe
  2⤵
  PID:4748
- C:\Windows\System\hPgghoH.exe
  C:\Windows\System\hPgghoH.exe
  2⤵
  PID:4764
- C:\Windows\System\WrnrNfo.exe
  C:\Windows\System\WrnrNfo.exe
  2⤵
  PID:4780
- C:\Windows\System\kZqgJPO.exe
  C:\Windows\System\kZqgJPO.exe
  2⤵
  PID:4800
- C:\Windows\System\UTmAuoI.exe
  C:\Windows\System\UTmAuoI.exe
  2⤵
  PID:4828
- C:\Windows\System\eadisUy.exe
  C:\Windows\System\eadisUy.exe
  2⤵
  PID:4852
- C:\Windows\System\MaKfbTg.exe
  C:\Windows\System\MaKfbTg.exe
  2⤵
  PID:4868
- C:\Windows\System\ybRrWtY.exe
  C:\Windows\System\ybRrWtY.exe
  2⤵
  PID:4888
- C:\Windows\System\JdCScTV.exe
  C:\Windows\System\JdCScTV.exe
  2⤵
  PID:4904
- C:\Windows\System\LchuGGR.exe
  C:\Windows\System\LchuGGR.exe
  2⤵
  PID:4920
- C:\Windows\System\PiCpfai.exe
  C:\Windows\System\PiCpfai.exe
  2⤵
  PID:4936
- C:\Windows\System\aEyZeEd.exe
  C:\Windows\System\aEyZeEd.exe
  2⤵
  PID:4956
- C:\Windows\System\FQtebDd.exe
  C:\Windows\System\FQtebDd.exe
  2⤵
  PID:4976
- C:\Windows\System\CvvJwdJ.exe
  C:\Windows\System\CvvJwdJ.exe
  2⤵
  PID:4992
- C:\Windows\System\MEPggyU.exe
  C:\Windows\System\MEPggyU.exe
  2⤵
  PID:5012
- C:\Windows\System\PGHGlxt.exe
  C:\Windows\System\PGHGlxt.exe
  2⤵
  PID:5032
- C:\Windows\System\ChJhwDE.exe
  C:\Windows\System\ChJhwDE.exe
  2⤵
  PID:5048
- C:\Windows\System\eAfNpzQ.exe
  C:\Windows\System\eAfNpzQ.exe
  2⤵
  PID:5088
- C:\Windows\System\liFCyzf.exe
  C:\Windows\System\liFCyzf.exe
  2⤵
  PID:5104
- C:\Windows\System\UyXXNOn.exe
  C:\Windows\System\UyXXNOn.exe
  2⤵
  PID:3256
- C:\Windows\System\HyRgnop.exe
  C:\Windows\System\HyRgnop.exe
  2⤵
  PID:4172
- C:\Windows\System\AEypZfY.exe
  C:\Windows\System\AEypZfY.exe
  2⤵
  PID:4248
- C:\Windows\System\SdMRYku.exe
  C:\Windows\System\SdMRYku.exe
  2⤵
  PID:4312
- C:\Windows\System\hjgrBdz.exe
  C:\Windows\System\hjgrBdz.exe
  2⤵
  PID:4388
- C:\Windows\System\rpfcmDv.exe
  C:\Windows\System\rpfcmDv.exe
  2⤵
  PID:4432
- C:\Windows\System\YgbyiWI.exe
  C:\Windows\System\YgbyiWI.exe
  2⤵
  PID:4540
- C:\Windows\System\CrLQpEW.exe
  C:\Windows\System\CrLQpEW.exe
  2⤵
  PID:4260
- C:\Windows\System\bWcoEsJ.exe
  C:\Windows\System\bWcoEsJ.exe
  2⤵
  PID:4548
- C:\Windows\System\WfAgtcb.exe
  C:\Windows\System\WfAgtcb.exe
  2⤵
  PID:4564
- C:\Windows\System\rARYqUP.exe
  C:\Windows\System\rARYqUP.exe
  2⤵
  PID:4332
- C:\Windows\System\NayyADJ.exe
  C:\Windows\System\NayyADJ.exe
  2⤵
  PID:4372
- C:\Windows\System\jNwQFGf.exe
  C:\Windows\System\jNwQFGf.exe
  2⤵
  PID:4448
- C:\Windows\System\ARpYrqW.exe
  C:\Windows\System\ARpYrqW.exe
  2⤵
  PID:4108
- C:\Windows\System\Kcrerol.exe
  C:\Windows\System\Kcrerol.exe
  2⤵
  PID:4584
- C:\Windows\System\EwPHftD.exe
  C:\Windows\System\EwPHftD.exe
  2⤵
  PID:3680
- C:\Windows\System\bMmfVDH.exe
  C:\Windows\System\bMmfVDH.exe
  2⤵
  PID:4544
- C:\Windows\System\pENmgUF.exe
  C:\Windows\System\pENmgUF.exe
  2⤵
  PID:4156
- C:\Windows\System\DxoUqFh.exe
  C:\Windows\System\DxoUqFh.exe
  2⤵
  PID:4628
- C:\Windows\System\MnGJUOx.exe
  C:\Windows\System\MnGJUOx.exe
  2⤵
  PID:4700
- C:\Windows\System\DrCuKDU.exe
  C:\Windows\System\DrCuKDU.exe
  2⤵
  PID:4708
- C:\Windows\System\iPXgpcw.exe
  C:\Windows\System\iPXgpcw.exe
  2⤵
  PID:4684
- C:\Windows\System\QohNawh.exe
  C:\Windows\System\QohNawh.exe
  2⤵
  PID:4792
- C:\Windows\System\aXYWgZe.exe
  C:\Windows\System\aXYWgZe.exe
  2⤵
  PID:4728
- C:\Windows\System\wYSikQX.exe
  C:\Windows\System\wYSikQX.exe
  2⤵
  PID:4968
- C:\Windows\System\bbYGkzX.exe
  C:\Windows\System\bbYGkzX.exe
  2⤵
  PID:4876
- C:\Windows\System\LDQfeVh.exe
  C:\Windows\System\LDQfeVh.exe
  2⤵
  PID:4884
- C:\Windows\System\rrQHnVs.exe
  C:\Windows\System\rrQHnVs.exe
  2⤵
  PID:4948
- C:\Windows\System\ihfgzPS.exe
  C:\Windows\System\ihfgzPS.exe
  2⤵
  PID:5024
- C:\Windows\System\dfxTkVR.exe
  C:\Windows\System\dfxTkVR.exe
  2⤵
  PID:4952
- C:\Windows\System\HUQtUKZ.exe
  C:\Windows\System\HUQtUKZ.exe
  2⤵
  PID:5060
- C:\Windows\System\zMdmbEP.exe
  C:\Windows\System\zMdmbEP.exe
  2⤵
  PID:5028
- C:\Windows\System\hXXctGN.exe
  C:\Windows\System\hXXctGN.exe
  2⤵
  PID:4140
- C:\Windows\System\UniLKek.exe
  C:\Windows\System\UniLKek.exe
  2⤵
  PID:4424
- C:\Windows\System\zebtzpB.exe
  C:\Windows\System\zebtzpB.exe
  2⤵
  PID:4228
- C:\Windows\System\nHVwFxu.exe
  C:\Windows\System\nHVwFxu.exe
  2⤵
  PID:4384
- C:\Windows\System\oCUnMXh.exe
  C:\Windows\System\oCUnMXh.exe
  2⤵
  PID:5112
- C:\Windows\System\lghMvXI.exe
  C:\Windows\System\lghMvXI.exe
  2⤵
  PID:4296
- C:\Windows\System\lKjnxDH.exe
  C:\Windows\System\lKjnxDH.exe
  2⤵
  PID:4464
- C:\Windows\System\dkbnVMf.exe
  C:\Windows\System\dkbnVMf.exe
  2⤵
  PID:4344
- C:\Windows\System\jnWiKGV.exe
  C:\Windows\System\jnWiKGV.exe
  2⤵
  PID:4596
- C:\Windows\System\HUZisEm.exe
  C:\Windows\System\HUZisEm.exe
  2⤵
  PID:4124
- C:\Windows\System\RBFhgSZ.exe
  C:\Windows\System\RBFhgSZ.exe
  2⤵
  PID:4696
- C:\Windows\System\MthVywc.exe
  C:\Windows\System\MthVywc.exe
  2⤵
  PID:4796
- C:\Windows\System\CwlvNFZ.exe
  C:\Windows\System\CwlvNFZ.exe
  2⤵
  PID:4612
- C:\Windows\System\WQdoAVq.exe
  C:\Windows\System\WQdoAVq.exe
  2⤵
  PID:4744
- C:\Windows\System\tolgHWX.exe
  C:\Windows\System\tolgHWX.exe
  2⤵
  PID:4444
- C:\Windows\System\qcdrTdZ.exe
  C:\Windows\System\qcdrTdZ.exe
  2⤵
  PID:4896
- C:\Windows\System\jJrHGfy.exe
  C:\Windows\System\jJrHGfy.exe
  2⤵
  PID:4932
- C:\Windows\System\JEXlAWx.exe
  C:\Windows\System\JEXlAWx.exe
  2⤵
  PID:5132
- C:\Windows\System\iFSkmGY.exe
  C:\Windows\System\iFSkmGY.exe
  2⤵
  PID:5152
- C:\Windows\System\YCYMNcP.exe
  C:\Windows\System\YCYMNcP.exe
  2⤵
  PID:5172
- C:\Windows\System\RDBsmeq.exe
  C:\Windows\System\RDBsmeq.exe
  2⤵
  PID:5192
- C:\Windows\System\sKZGzJp.exe
  C:\Windows\System\sKZGzJp.exe
  2⤵
  PID:5208
- C:\Windows\System\szbbvTz.exe
  C:\Windows\System\szbbvTz.exe
  2⤵
  PID:5228
- C:\Windows\System\aYxrOfx.exe
  C:\Windows\System\aYxrOfx.exe
  2⤵
  PID:5244
- C:\Windows\System\ajNhLBk.exe
  C:\Windows\System\ajNhLBk.exe
  2⤵
  PID:5264
- C:\Windows\System\PlGZoGo.exe
  C:\Windows\System\PlGZoGo.exe
  2⤵
  PID:5280
- C:\Windows\System\QIRqabA.exe
  C:\Windows\System\QIRqabA.exe
  2⤵
  PID:5376
- C:\Windows\System\oQOgAkr.exe
  C:\Windows\System\oQOgAkr.exe
  2⤵
  PID:5392
- C:\Windows\System\GUquPLW.exe
  C:\Windows\System\GUquPLW.exe
  2⤵
  PID:5408
- C:\Windows\System\dNzEGxj.exe
  C:\Windows\System\dNzEGxj.exe
  2⤵
  PID:5424
- C:\Windows\System\wwyXwRT.exe
  C:\Windows\System\wwyXwRT.exe
  2⤵
  PID:5440
- C:\Windows\System\qrZTipX.exe
  C:\Windows\System\qrZTipX.exe
  2⤵
  PID:5460
- C:\Windows\System\MNItkID.exe
  C:\Windows\System\MNItkID.exe
  2⤵
  PID:5476
- C:\Windows\System\KOVBjbW.exe
  C:\Windows\System\KOVBjbW.exe
  2⤵
  PID:5500
- C:\Windows\System\inSJxlZ.exe
  C:\Windows\System\inSJxlZ.exe
  2⤵
  PID:5520
- C:\Windows\System\iTxFEmP.exe
  C:\Windows\System\iTxFEmP.exe
  2⤵
  PID:5536
- C:\Windows\System\dTeUiBw.exe
  C:\Windows\System\dTeUiBw.exe
  2⤵
  PID:5556
- C:\Windows\System\CGPfXzZ.exe
  C:\Windows\System\CGPfXzZ.exe
  2⤵
  PID:5596
- C:\Windows\System\ZxinvXT.exe
  C:\Windows\System\ZxinvXT.exe
  2⤵
  PID:5612
- C:\Windows\System\sXCEIlp.exe
  C:\Windows\System\sXCEIlp.exe
  2⤵
  PID:5628
- C:\Windows\System\yZERojl.exe
  C:\Windows\System\yZERojl.exe
  2⤵
  PID:5648
- C:\Windows\System\cdUuPTj.exe
  C:\Windows\System\cdUuPTj.exe
  2⤵
  PID:5668
- C:\Windows\System\itRBBVY.exe
  C:\Windows\System\itRBBVY.exe
  2⤵
  PID:5688
- C:\Windows\System\bRoRPDI.exe
  C:\Windows\System\bRoRPDI.exe
  2⤵
  PID:5704
- C:\Windows\System\AhKCNgw.exe
  C:\Windows\System\AhKCNgw.exe
  2⤵
  PID:5720
- C:\Windows\System\iIfRwRv.exe
  C:\Windows\System\iIfRwRv.exe
  2⤵
  PID:5736
- C:\Windows\System\ucKVFxh.exe
  C:\Windows\System\ucKVFxh.exe
  2⤵
  PID:5756
- C:\Windows\System\NLEfrzc.exe
  C:\Windows\System\NLEfrzc.exe
  2⤵
  PID:5776
- C:\Windows\System\rwLuhAk.exe
  C:\Windows\System\rwLuhAk.exe
  2⤵
  PID:5808
- C:\Windows\System\wUVkcaX.exe
  C:\Windows\System\wUVkcaX.exe
  2⤵
  PID:5832
- C:\Windows\System\PXkCVQT.exe
  C:\Windows\System\PXkCVQT.exe
  2⤵
  PID:5852
- C:\Windows\System\nebdiOW.exe
  C:\Windows\System\nebdiOW.exe
  2⤵
  PID:5868
- C:\Windows\System\SWFeqAS.exe
  C:\Windows\System\SWFeqAS.exe
  2⤵
  PID:5884
- C:\Windows\System\ztGlkwm.exe
  C:\Windows\System\ztGlkwm.exe
  2⤵
  PID:5920
- C:\Windows\System\uMHKZOg.exe
  C:\Windows\System\uMHKZOg.exe
  2⤵
  PID:5936
- C:\Windows\System\EiYSDtG.exe
  C:\Windows\System\EiYSDtG.exe
  2⤵
  PID:5952
- C:\Windows\System\vhkAhYt.exe
  C:\Windows\System\vhkAhYt.exe
  2⤵
  PID:5968
- C:\Windows\System\kNbIBxs.exe
  C:\Windows\System\kNbIBxs.exe
  2⤵
  PID:5984
- C:\Windows\System\XqjSHla.exe
  C:\Windows\System\XqjSHla.exe
  2⤵
  PID:6004
- C:\Windows\System\NjnXCAU.exe
  C:\Windows\System\NjnXCAU.exe
  2⤵
  PID:6024
- C:\Windows\System\PkjpBuN.exe
  C:\Windows\System\PkjpBuN.exe
  2⤵
  PID:6044
- C:\Windows\System\VKqBUjM.exe
  C:\Windows\System\VKqBUjM.exe
  2⤵
  PID:6060
- C:\Windows\System\ghJWsrX.exe
  C:\Windows\System\ghJWsrX.exe
  2⤵
  PID:6080
- C:\Windows\System\EAsuMZq.exe
  C:\Windows\System\EAsuMZq.exe
  2⤵
  PID:6096
- C:\Windows\System\arYDfYu.exe
  C:\Windows\System\arYDfYu.exe
  2⤵
  PID:6120
- C:\Windows\System\lfiEtei.exe
  C:\Windows\System\lfiEtei.exe
  2⤵
  PID:6136
- C:\Windows\System\dACQHjG.exe
  C:\Windows\System\dACQHjG.exe
  2⤵
  PID:4944
- C:\Windows\System\DvriNCG.exe
  C:\Windows\System\DvriNCG.exe
  2⤵
  PID:4308
- C:\Windows\System\gtIMbze.exe
  C:\Windows\System\gtIMbze.exe
  2⤵
  PID:4476
- C:\Windows\System\eWetSxs.exe
  C:\Windows\System\eWetSxs.exe
  2⤵
  PID:4120
- C:\Windows\System\vDyBwFg.exe
  C:\Windows\System\vDyBwFg.exe
  2⤵
  PID:4824
- C:\Windows\System\xtKoiLw.exe
  C:\Windows\System\xtKoiLw.exe
  2⤵
  PID:4864
- C:\Windows\System\RcXRLcr.exe
  C:\Windows\System\RcXRLcr.exe
  2⤵
  PID:5128
- C:\Windows\System\VsffiiG.exe
  C:\Windows\System\VsffiiG.exe
  2⤵
  PID:5204
- C:\Windows\System\mTxcKUI.exe
  C:\Windows\System\mTxcKUI.exe
  2⤵
  PID:4244
- C:\Windows\System\DALwjJA.exe
  C:\Windows\System\DALwjJA.exe
  2⤵
  PID:5216
- C:\Windows\System\FZMfFsM.exe
  C:\Windows\System\FZMfFsM.exe
  2⤵
  PID:4524
- C:\Windows\System\YVyhnxb.exe
  C:\Windows\System\YVyhnxb.exe
  2⤵
  PID:5144
- C:\Windows\System\hmSJuyC.exe
  C:\Windows\System\hmSJuyC.exe
  2⤵
  PID:4900
- C:\Windows\System\fewCojd.exe
  C:\Windows\System\fewCojd.exe
  2⤵
  PID:5220
- C:\Windows\System\UpQXAtd.exe
  C:\Windows\System\UpQXAtd.exe
  2⤵
  PID:5040
- C:\Windows\System\JtAozao.exe
  C:\Windows\System\JtAozao.exe
  2⤵
  PID:5292
- C:\Windows\System\TSRaSBC.exe
  C:\Windows\System\TSRaSBC.exe
  2⤵
  PID:5308
- C:\Windows\System\TWODAYn.exe
  C:\Windows\System\TWODAYn.exe
  2⤵
  PID:5356
- C:\Windows\System\oUSQssk.exe
  C:\Windows\System\oUSQssk.exe
  2⤵
  PID:5332
- C:\Windows\System\HZSlJXx.exe
  C:\Windows\System\HZSlJXx.exe
  2⤵
  PID:5364
- C:\Windows\System\QjVwMmj.exe
  C:\Windows\System\QjVwMmj.exe
  2⤵
  PID:5388
- C:\Windows\System\SNOZhZH.exe
  C:\Windows\System\SNOZhZH.exe
  2⤵
  PID:5452
- C:\Windows\System\pTdXxYx.exe
  C:\Windows\System\pTdXxYx.exe
  2⤵
  PID:5496
- C:\Windows\System\rFUahSb.exe
  C:\Windows\System\rFUahSb.exe
  2⤵
  PID:5568
- C:\Windows\System\zzoSGWX.exe
  C:\Windows\System\zzoSGWX.exe
  2⤵
  PID:5400
- C:\Windows\System\XIVISNY.exe
  C:\Windows\System\XIVISNY.exe
  2⤵
  PID:5472
- C:\Windows\System\SJClMgz.exe
  C:\Windows\System\SJClMgz.exe
  2⤵
  PID:5512
- C:\Windows\System\YLCaqzS.exe
  C:\Windows\System\YLCaqzS.exe
  2⤵
  PID:5588
- C:\Windows\System\kzFiThM.exe
  C:\Windows\System\kzFiThM.exe
  2⤵
  PID:5624
- C:\Windows\System\IaiDkeZ.exe
  C:\Windows\System\IaiDkeZ.exe
  2⤵
  PID:5640
- C:\Windows\System\fkYIAwd.exe
  C:\Windows\System\fkYIAwd.exe
  2⤵
  PID:5700
- C:\Windows\System\MyhmgNg.exe
  C:\Windows\System\MyhmgNg.exe
  2⤵
  PID:5712
- C:\Windows\System\gAcjPOZ.exe
  C:\Windows\System\gAcjPOZ.exe
  2⤵
  PID:5824
- C:\Windows\System\SyEygmR.exe
  C:\Windows\System\SyEygmR.exe
  2⤵
  PID:5864
- C:\Windows\System\qZmBOVs.exe
  C:\Windows\System\qZmBOVs.exe
  2⤵
  PID:5800
- C:\Windows\System\dltexXD.exe
  C:\Windows\System\dltexXD.exe
  2⤵
  PID:5748
- C:\Windows\System\NiFekuc.exe
  C:\Windows\System\NiFekuc.exe
  2⤵
  PID:5684
- C:\Windows\System\CtDThOX.exe
  C:\Windows\System\CtDThOX.exe
  2⤵
  PID:5796
- C:\Windows\System\jtDOFcm.exe
  C:\Windows\System\jtDOFcm.exe
  2⤵
  PID:5916
- C:\Windows\System\pIvFpNS.exe
  C:\Windows\System\pIvFpNS.exe
  2⤵
  PID:5980
- C:\Windows\System\hPqFWdk.exe
  C:\Windows\System\hPqFWdk.exe
  2⤵
  PID:6052
- C:\Windows\System\LEKsnpE.exe
  C:\Windows\System\LEKsnpE.exe
  2⤵
  PID:6132
- C:\Windows\System\GXWSFtY.exe
  C:\Windows\System\GXWSFtY.exe
  2⤵
  PID:5068
- C:\Windows\System\sFPeZRL.exe
  C:\Windows\System\sFPeZRL.exe
  2⤵
  PID:6076
- C:\Windows\System\NXxgIYG.exe
  C:\Windows\System\NXxgIYG.exe
  2⤵
  PID:6116
- C:\Windows\System\qlGVpxL.exe
  C:\Windows\System\qlGVpxL.exe
  2⤵
  PID:4740
- C:\Windows\System\OwYndbw.exe
  C:\Windows\System\OwYndbw.exe
  2⤵
  PID:6000
- C:\Windows\System\NdKDpfi.exe
  C:\Windows\System\NdKDpfi.exe
  2⤵
  PID:4820
- C:\Windows\System\NyCrGeJ.exe
  C:\Windows\System\NyCrGeJ.exe
  2⤵
  PID:4720
- C:\Windows\System\WcGuaZV.exe
  C:\Windows\System\WcGuaZV.exe
  2⤵
  PID:6072
- C:\Windows\System\OKtdqhQ.exe
  C:\Windows\System\OKtdqhQ.exe
  2⤵
  PID:5276
- C:\Windows\System\oyUpxAc.exe
  C:\Windows\System\oyUpxAc.exe
  2⤵
  PID:4528
- C:\Windows\System\ToZIZWk.exe
  C:\Windows\System\ToZIZWk.exe
  2⤵
  PID:4496
- C:\Windows\System\eAqQIcS.exe
  C:\Windows\System\eAqQIcS.exe
  2⤵
  PID:4192
- C:\Windows\System\RjdMjCp.exe
  C:\Windows\System\RjdMjCp.exe
  2⤵
  PID:5008
- C:\Windows\System\nQPHPdi.exe
  C:\Windows\System\nQPHPdi.exe
  2⤵
  PID:5324
- C:\Windows\System\MWwErhW.exe
  C:\Windows\System\MWwErhW.exe
  2⤵
  PID:5348
- C:\Windows\System\dvZgGiS.exe
  C:\Windows\System\dvZgGiS.exe
  2⤵
  PID:5564
- C:\Windows\System\pikyBqE.exe
  C:\Windows\System\pikyBqE.exe
  2⤵
  PID:5580
- C:\Windows\System\IPAbWqr.exe
  C:\Windows\System\IPAbWqr.exe
  2⤵
  PID:5732
- C:\Windows\System\nfyEonj.exe
  C:\Windows\System\nfyEonj.exe
  2⤵
  PID:5880
- C:\Windows\System\WqEKoaN.exe
  C:\Windows\System\WqEKoaN.exe
  2⤵
  PID:6092
- C:\Windows\System\qKwONNE.exe
  C:\Windows\System\qKwONNE.exe
  2⤵
  PID:4116
- C:\Windows\System\wWtjkwN.exe
  C:\Windows\System\wWtjkwN.exe
  2⤵
  PID:4212
- C:\Windows\System\nArGLoX.exe
  C:\Windows\System\nArGLoX.exe
  2⤵
  PID:5820
- C:\Windows\System\uLhNVRv.exe
  C:\Windows\System\uLhNVRv.exe
  2⤵
  PID:4816
- C:\Windows\System\xuvUsHO.exe
  C:\Windows\System\xuvUsHO.exe
  2⤵
  PID:4660
- C:\Windows\System\POJRcXz.exe
  C:\Windows\System\POJRcXz.exe
  2⤵
  PID:5256
- C:\Windows\System\AYAYkhl.exe
  C:\Windows\System\AYAYkhl.exe
  2⤵
  PID:5416
- C:\Windows\System\mQHRfvH.exe
  C:\Windows\System\mQHRfvH.exe
  2⤵
  PID:6108
- C:\Windows\System\VOAxgof.exe
  C:\Windows\System\VOAxgof.exe
  2⤵
  PID:5100
- C:\Windows\System\hskcovL.exe
  C:\Windows\System\hskcovL.exe
  2⤵
  PID:5992
- C:\Windows\System\jnrNOLm.exe
  C:\Windows\System\jnrNOLm.exe
  2⤵
  PID:5484
- C:\Windows\System\hLYBNEt.exe
  C:\Windows\System\hLYBNEt.exe
  2⤵
  PID:5816
- C:\Windows\System\pQwpEsC.exe
  C:\Windows\System\pQwpEsC.exe
  2⤵
  PID:5224
- C:\Windows\System\jhYhxAO.exe
  C:\Windows\System\jhYhxAO.exe
  2⤵
  PID:5140
- C:\Windows\System\jkHvhgG.exe
  C:\Windows\System\jkHvhgG.exe
  2⤵
  PID:5908
- C:\Windows\System\ADVcXGM.exe
  C:\Windows\System\ADVcXGM.exe
  2⤵
  PID:5352
- C:\Windows\System\QhVAfCx.exe
  C:\Windows\System\QhVAfCx.exe
  2⤵
  PID:6016
- C:\Windows\System\YRkrLAZ.exe
  C:\Windows\System\YRkrLAZ.exe
  2⤵
  PID:5636
- C:\Windows\System\ZJabhoY.exe
  C:\Windows\System\ZJabhoY.exe
  2⤵
  PID:5516
- C:\Windows\System\wecygVx.exe
  C:\Windows\System\wecygVx.exe
  2⤵
  PID:4704
- C:\Windows\System\UUJLstF.exe
  C:\Windows\System\UUJLstF.exe
  2⤵
  PID:4580
- C:\Windows\System\LjULaRJ.exe
  C:\Windows\System\LjULaRJ.exe
  2⤵
  PID:5660
- C:\Windows\System\rjbHCjw.exe
  C:\Windows\System\rjbHCjw.exe
  2⤵
  PID:5860
- C:\Windows\System\rDlxySJ.exe
  C:\Windows\System\rDlxySJ.exe
  2⤵
  PID:5020
- C:\Windows\System\HyENvlE.exe
  C:\Windows\System\HyENvlE.exe
  2⤵
  PID:6056
- C:\Windows\System\GtJHftd.exe
  C:\Windows\System\GtJHftd.exe
  2⤵
  PID:5360
- C:\Windows\System\WpqmdYp.exe
  C:\Windows\System\WpqmdYp.exe
  2⤵
  PID:5764
- C:\Windows\System\ckzOgHz.exe
  C:\Windows\System\ckzOgHz.exe
  2⤵
  PID:4656
- C:\Windows\System\iDMvneM.exe
  C:\Windows\System\iDMvneM.exe
  2⤵
  PID:5576
- C:\Windows\System\QDjfeCl.exe
  C:\Windows\System\QDjfeCl.exe
  2⤵
  PID:5000
- C:\Windows\System\OXHfUEa.exe
  C:\Windows\System\OXHfUEa.exe
  2⤵
  PID:4364
- C:\Windows\System\vTBitrM.exe
  C:\Windows\System\vTBitrM.exe
  2⤵
  PID:5696
- C:\Windows\System\UvjtpqA.exe
  C:\Windows\System\UvjtpqA.exe
  2⤵
  PID:4224
- C:\Windows\System\oxItyMo.exe
  C:\Windows\System\oxItyMo.exe
  2⤵
  PID:5948
- C:\Windows\System\LEvVnYy.exe
  C:\Windows\System\LEvVnYy.exe
  2⤵
  PID:5320
- C:\Windows\System\soQwxpR.exe
  C:\Windows\System\soQwxpR.exe
  2⤵
  PID:6148
- C:\Windows\System\ntbJoaE.exe
  C:\Windows\System\ntbJoaE.exe
  2⤵
  PID:6164
- C:\Windows\System\JSFjTcQ.exe
  C:\Windows\System\JSFjTcQ.exe
  2⤵
  PID:6180
- C:\Windows\System\DbEmvvD.exe
  C:\Windows\System\DbEmvvD.exe
  2⤵
  PID:6200
- C:\Windows\System\xuJVcUN.exe
  C:\Windows\System\xuJVcUN.exe
  2⤵
  PID:6216
- C:\Windows\System\bQKtSUl.exe
  C:\Windows\System\bQKtSUl.exe
  2⤵
  PID:6236
- C:\Windows\System\MuqAooe.exe
  C:\Windows\System\MuqAooe.exe
  2⤵
  PID:6256
- C:\Windows\System\swxsKJI.exe
  C:\Windows\System\swxsKJI.exe
  2⤵
  PID:6276
- C:\Windows\System\yDPRrGe.exe
  C:\Windows\System\yDPRrGe.exe
  2⤵
  PID:6296
- C:\Windows\System\MPfqPXl.exe
  C:\Windows\System\MPfqPXl.exe
  2⤵
  PID:6368
- C:\Windows\System\cgNOEgG.exe
  C:\Windows\System\cgNOEgG.exe
  2⤵
  PID:6384
- C:\Windows\System\irbVYJR.exe
  C:\Windows\System\irbVYJR.exe
  2⤵
  PID:6400
- C:\Windows\System\fglraYD.exe
  C:\Windows\System\fglraYD.exe
  2⤵
  PID:6420
- C:\Windows\System\HElItxR.exe
  C:\Windows\System\HElItxR.exe
  2⤵
  PID:6436
- C:\Windows\System\BaOoTSg.exe
  C:\Windows\System\BaOoTSg.exe
  2⤵
  PID:6452
- C:\Windows\System\LgeovJS.exe
  C:\Windows\System\LgeovJS.exe
  2⤵
  PID:6468
- C:\Windows\System\SuuAWxB.exe
  C:\Windows\System\SuuAWxB.exe
  2⤵
  PID:6488
- C:\Windows\System\ehCsovB.exe
  C:\Windows\System\ehCsovB.exe
  2⤵
  PID:6504
- C:\Windows\System\mITBFlh.exe
  C:\Windows\System\mITBFlh.exe
  2⤵
  PID:6524
- C:\Windows\System\bEzLBJm.exe
  C:\Windows\System\bEzLBJm.exe
  2⤵
  PID:6544
- C:\Windows\System\JnmTJoG.exe
  C:\Windows\System\JnmTJoG.exe
  2⤵
  PID:6564
- C:\Windows\System\uISJhyi.exe
  C:\Windows\System\uISJhyi.exe
  2⤵
  PID:6584
- C:\Windows\System\BWVzhvz.exe
  C:\Windows\System\BWVzhvz.exe
  2⤵
  PID:6600
- C:\Windows\System\GsWFhmS.exe
  C:\Windows\System\GsWFhmS.exe
  2⤵
  PID:6640
- C:\Windows\System\grLymll.exe
  C:\Windows\System\grLymll.exe
  2⤵
  PID:6656
- C:\Windows\System\UZyZLti.exe
  C:\Windows\System\UZyZLti.exe
  2⤵
  PID:6680
- C:\Windows\System\BvkTmIB.exe
  C:\Windows\System\BvkTmIB.exe
  2⤵
  PID:6696
- C:\Windows\System\dYqnUkk.exe
  C:\Windows\System\dYqnUkk.exe
  2⤵
  PID:6712
- C:\Windows\System\xyGQesD.exe
  C:\Windows\System\xyGQesD.exe
  2⤵
  PID:6728
- C:\Windows\System\pRTXkYx.exe
  C:\Windows\System\pRTXkYx.exe
  2⤵
  PID:6764
- C:\Windows\System\VaIOkBK.exe
  C:\Windows\System\VaIOkBK.exe
  2⤵
  PID:6780
- C:\Windows\System\GfRnkaH.exe
  C:\Windows\System\GfRnkaH.exe
  2⤵
  PID:6796
- C:\Windows\System\PMOGOOa.exe
  C:\Windows\System\PMOGOOa.exe
  2⤵
  PID:6812
- C:\Windows\System\PlLjrEy.exe
  C:\Windows\System\PlLjrEy.exe
  2⤵
  PID:6828
- C:\Windows\System\ugNhBKO.exe
  C:\Windows\System\ugNhBKO.exe
  2⤵
  PID:6844
- C:\Windows\System\IVHUszd.exe
  C:\Windows\System\IVHUszd.exe
  2⤵
  PID:6860
- C:\Windows\System\jZydmSv.exe
  C:\Windows\System\jZydmSv.exe
  2⤵
  PID:6876
- C:\Windows\System\dvVSdLJ.exe
  C:\Windows\System\dvVSdLJ.exe
  2⤵
  PID:6896
- C:\Windows\System\zJhKEWK.exe
  C:\Windows\System\zJhKEWK.exe
  2⤵
  PID:6912
- C:\Windows\System\lRneFFA.exe
  C:\Windows\System\lRneFFA.exe
  2⤵
  PID:6932
- C:\Windows\System\WOBePhQ.exe
  C:\Windows\System\WOBePhQ.exe
  2⤵
  PID:6952
- C:\Windows\System\etuOBME.exe
  C:\Windows\System\etuOBME.exe
  2⤵
  PID:6968
- C:\Windows\System\CnhRdQG.exe
  C:\Windows\System\CnhRdQG.exe
  2⤵
  PID:6988
- C:\Windows\System\zhjulID.exe
  C:\Windows\System\zhjulID.exe
  2⤵
  PID:7004
- C:\Windows\System\GRDulMP.exe
  C:\Windows\System\GRDulMP.exe
  2⤵
  PID:7024
- C:\Windows\System\CCWiygH.exe
  C:\Windows\System\CCWiygH.exe
  2⤵
  PID:7044
- C:\Windows\System\xmQkfUT.exe
  C:\Windows\System\xmQkfUT.exe
  2⤵
  PID:7064
- C:\Windows\System\ryFvbyd.exe
  C:\Windows\System\ryFvbyd.exe
  2⤵
  PID:7080
- C:\Windows\System\wXxTYlU.exe
  C:\Windows\System\wXxTYlU.exe
  2⤵
  PID:7096
- C:\Windows\System\VdhNQPK.exe
  C:\Windows\System\VdhNQPK.exe
  2⤵
  PID:7124
- C:\Windows\System\PCscOwo.exe
  C:\Windows\System\PCscOwo.exe
  2⤵
  PID:7164
- C:\Windows\System\kfUipHX.exe
  C:\Windows\System\kfUipHX.exe
  2⤵
  PID:4776
- C:\Windows\System\wQBRtES.exe
  C:\Windows\System\wQBRtES.exe
  2⤵
  PID:5792
- C:\Windows\System\yiStikY.exe
  C:\Windows\System\yiStikY.exe
  2⤵
  PID:5236
- C:\Windows\System\jupqpns.exe
  C:\Windows\System\jupqpns.exe
  2⤵
  PID:6188
- C:\Windows\System\iAhtLrn.exe
  C:\Windows\System\iAhtLrn.exe
  2⤵
  PID:6264
- C:\Windows\System\gQRkaYj.exe
  C:\Windows\System\gQRkaYj.exe
  2⤵
  PID:5604
- C:\Windows\System\zYPEVsQ.exe
  C:\Windows\System\zYPEVsQ.exe
  2⤵
  PID:6328
- C:\Windows\System\lWmDkhY.exe
  C:\Windows\System\lWmDkhY.exe
  2⤵
  PID:5572
- C:\Windows\System\wTtstIS.exe
  C:\Windows\System\wTtstIS.exe
  2⤵
  PID:6212
- C:\Windows\System\amSAxFa.exe
  C:\Windows\System\amSAxFa.exe
  2⤵
  PID:6340
- C:\Windows\System\sznKySF.exe
  C:\Windows\System\sznKySF.exe
  2⤵
  PID:6356
- C:\Windows\System\LFLlwOt.exe
  C:\Windows\System\LFLlwOt.exe
  2⤵
  PID:6336
- C:\Windows\System\CNkGKuW.exe
  C:\Windows\System\CNkGKuW.exe
  2⤵
  PID:6412
- C:\Windows\System\BybnCNv.exe
  C:\Windows\System\BybnCNv.exe
  2⤵
  PID:6512
- C:\Windows\System\dnePRWQ.exe
  C:\Windows\System\dnePRWQ.exe
  2⤵
  PID:6560
- C:\Windows\System\NNCArwN.exe
  C:\Windows\System\NNCArwN.exe
  2⤵
  PID:6392
- C:\Windows\System\nYWHlqI.exe
  C:\Windows\System\nYWHlqI.exe
  2⤵
  PID:6460
- C:\Windows\System\QQsPzCO.exe
  C:\Windows\System\QQsPzCO.exe
  2⤵
  PID:6576
- C:\Windows\System\Cohdkey.exe
  C:\Windows\System\Cohdkey.exe
  2⤵
  PID:6612
- C:\Windows\System\WFEpTWv.exe
  C:\Windows\System\WFEpTWv.exe
  2⤵
  PID:6628
- C:\Windows\System\kPxrouM.exe
  C:\Windows\System\kPxrouM.exe
  2⤵
  PID:6668
- C:\Windows\System\oWgHnsG.exe
  C:\Windows\System\oWgHnsG.exe
  2⤵
  PID:6672
- C:\Windows\System\TJCVXhx.exe
  C:\Windows\System\TJCVXhx.exe
  2⤵
  PID:6736
- C:\Windows\System\zpQhFEC.exe
  C:\Windows\System\zpQhFEC.exe
  2⤵
  PID:6748
- C:\Windows\System\uTRvIwJ.exe
  C:\Windows\System\uTRvIwJ.exe
  2⤵
  PID:6776
- C:\Windows\System\VGOEdOu.exe
  C:\Windows\System\VGOEdOu.exe
  2⤵
  PID:6908
- C:\Windows\System\KJxrftL.exe
  C:\Windows\System\KJxrftL.exe
  2⤵
  PID:6868
- C:\Windows\System\sPqleIT.exe
  C:\Windows\System\sPqleIT.exe
  2⤵
  PID:6940
- C:\Windows\System\xUzXFEn.exe
  C:\Windows\System\xUzXFEn.exe
  2⤵
  PID:6980
- C:\Windows\System\ONhzaEE.exe
  C:\Windows\System\ONhzaEE.exe
  2⤵
  PID:7056
- C:\Windows\System\nBqloMd.exe
  C:\Windows\System\nBqloMd.exe
  2⤵
  PID:6964
- C:\Windows\System\ZRfkMlC.exe
  C:\Windows\System\ZRfkMlC.exe
  2⤵
  PID:7000
- C:\Windows\System\iIUvKFe.exe
  C:\Windows\System\iIUvKFe.exe
  2⤵
  PID:6852
- C:\Windows\System\BBrYEHB.exe
  C:\Windows\System\BBrYEHB.exe
  2⤵
  PID:7092
- C:\Windows\System\FaCLUAN.exe
  C:\Windows\System\FaCLUAN.exe
  2⤵
  PID:7120
- C:\Windows\System\qdsUUUZ.exe
  C:\Windows\System\qdsUUUZ.exe
  2⤵
  PID:7140
- C:\Windows\System\UpypKfm.exe
  C:\Windows\System\UpypKfm.exe
  2⤵
  PID:7156
- C:\Windows\System\pfBBbXz.exe
  C:\Windows\System\pfBBbXz.exe
  2⤵
  PID:5340
- C:\Windows\System\bfTUghs.exe
  C:\Windows\System\bfTUghs.exe
  2⤵
  PID:6316
- C:\Windows\System\uNCvBrE.exe
  C:\Windows\System\uNCvBrE.exe
  2⤵
  PID:6292
- C:\Windows\System\uSiXuYC.exe
  C:\Windows\System\uSiXuYC.exe
  2⤵
  PID:6592
- C:\Windows\System\YEaGvNZ.exe
  C:\Windows\System\YEaGvNZ.exe
  2⤵
  PID:6720
- C:\Windows\System\KYOhnmf.exe
  C:\Windows\System\KYOhnmf.exe
  2⤵
  PID:6376
- C:\Windows\System\VaXvBkE.exe
  C:\Windows\System\VaXvBkE.exe
  2⤵
  PID:6196
- C:\Windows\System\SDMQpsH.exe
  C:\Windows\System\SDMQpsH.exe
  2⤵
  PID:6580
- C:\Windows\System\DUPLclv.exe
  C:\Windows\System\DUPLclv.exe
  2⤵
  PID:6608
- C:\Windows\System\dvNJmgW.exe
  C:\Windows\System\dvNJmgW.exe
  2⤵
  PID:6324
- C:\Windows\System\MUbLMEN.exe
  C:\Windows\System\MUbLMEN.exe
  2⤵
  PID:6208
- C:\Windows\System\uOVKWPy.exe
  C:\Windows\System\uOVKWPy.exe
  2⤵
  PID:6740
- C:\Windows\System\cpjQvmC.exe
  C:\Windows\System\cpjQvmC.exe
  2⤵
  PID:6976
- C:\Windows\System\bhNpMMo.exe
  C:\Windows\System\bhNpMMo.exe
  2⤵
  PID:6808
- C:\Windows\System\wSlKEWy.exe
  C:\Windows\System\wSlKEWy.exe
  2⤵
  PID:7020
- C:\Windows\System\LtYWKQV.exe
  C:\Windows\System\LtYWKQV.exe
  2⤵
  PID:6820
- C:\Windows\System\xeSgyNV.exe
  C:\Windows\System\xeSgyNV.exe
  2⤵
  PID:7132
- C:\Windows\System\skSHBDq.exe
  C:\Windows\System\skSHBDq.exe
  2⤵
  PID:6248
- C:\Windows\System\LEzTUcB.exe
  C:\Windows\System\LEzTUcB.exe
  2⤵
  PID:6616
- C:\Windows\System\yzjOFKm.exe
  C:\Windows\System\yzjOFKm.exe
  2⤵
  PID:6476
- C:\Windows\System\FCLzCuO.exe
  C:\Windows\System\FCLzCuO.exe
  2⤵
  PID:7104
- C:\Windows\System\DuaKlJu.exe
  C:\Windows\System\DuaKlJu.exe
  2⤵
  PID:7148
- C:\Windows\System\dPzyUmj.exe
  C:\Windows\System\dPzyUmj.exe
  2⤵
  PID:6448
- C:\Windows\System\xJdGjBK.exe
  C:\Windows\System\xJdGjBK.exe
  2⤵
  PID:6516
- C:\Windows\System\znSlBLF.exe
  C:\Windows\System\znSlBLF.exe
  2⤵
  PID:6156
- C:\Windows\System\WlXSyMa.exe
  C:\Windows\System\WlXSyMa.exe
  2⤵
  PID:6228
- C:\Windows\System\kIJcUyn.exe
  C:\Windows\System\kIJcUyn.exe
  2⤵
  PID:7052
- C:\Windows\System\gLtTQcc.exe
  C:\Windows\System\gLtTQcc.exe
  2⤵
  PID:7016
- C:\Windows\System\ynjkgOb.exe
  C:\Windows\System\ynjkgOb.exe
  2⤵
  PID:6772
- C:\Windows\System\FeBVtZu.exe
  C:\Windows\System\FeBVtZu.exe
  2⤵
  PID:6312
- C:\Windows\System\fXJyUSF.exe
  C:\Windows\System\fXJyUSF.exe
  2⤵
  PID:6408
- C:\Windows\System\rmdaflU.exe
  C:\Windows\System\rmdaflU.exe
  2⤵
  PID:6960
- C:\Windows\System\nEDAFfl.exe
  C:\Windows\System\nEDAFfl.exe
  2⤵
  PID:6480
- C:\Windows\System\tfIZpen.exe
  C:\Windows\System\tfIZpen.exe
  2⤵
  PID:6556
- C:\Windows\System\mPTTwTu.exe
  C:\Windows\System\mPTTwTu.exe
  2⤵
  PID:6432
- C:\Windows\System\vrvTafA.exe
  C:\Windows\System\vrvTafA.exe
  2⤵
  PID:6596
- C:\Windows\System\tspqHak.exe
  C:\Windows\System\tspqHak.exe
  2⤵
  PID:5656
- C:\Windows\System\nOSRXEI.exe
  C:\Windows\System\nOSRXEI.exe
  2⤵
  PID:6308
- C:\Windows\System\wNFrPyJ.exe
  C:\Windows\System\wNFrPyJ.exe
  2⤵
  PID:7072
- C:\Windows\System\uxSWgcR.exe
  C:\Windows\System\uxSWgcR.exe
  2⤵
  PID:5188
- C:\Windows\System\UtWHkvq.exe
  C:\Windows\System\UtWHkvq.exe
  2⤵
  PID:6624
- C:\Windows\System\XXDZdXU.exe
  C:\Windows\System\XXDZdXU.exe
  2⤵
  PID:6428
- C:\Windows\System\HyZcxZG.exe
  C:\Windows\System\HyZcxZG.exe
  2⤵
  PID:5432
- C:\Windows\System\XxAJxni.exe
  C:\Windows\System\XxAJxni.exe
  2⤵
  PID:6496
- C:\Windows\System\MMqDrLz.exe
  C:\Windows\System\MMqDrLz.exe
  2⤵
  PID:6320
- C:\Windows\System\nEDiPhg.exe
  C:\Windows\System\nEDiPhg.exe
  2⤵
  PID:6756
- C:\Windows\System\XobrAei.exe
  C:\Windows\System\XobrAei.exe
  2⤵
  PID:7180
- C:\Windows\System\JkvApTz.exe
  C:\Windows\System\JkvApTz.exe
  2⤵
  PID:7196
- C:\Windows\System\AJAuJcn.exe
  C:\Windows\System\AJAuJcn.exe
  2⤵
  PID:7212
- C:\Windows\System\HaWHqXY.exe
  C:\Windows\System\HaWHqXY.exe
  2⤵
  PID:7228
- C:\Windows\System\QsdzBok.exe
  C:\Windows\System\QsdzBok.exe
  2⤵
  PID:7248
- C:\Windows\System\MffGhNX.exe
  C:\Windows\System\MffGhNX.exe
  2⤵
  PID:7268
- C:\Windows\System\QOBFnpd.exe
  C:\Windows\System\QOBFnpd.exe
  2⤵
  PID:7288
- C:\Windows\System\ZFVLVCj.exe
  C:\Windows\System\ZFVLVCj.exe
  2⤵
  PID:7308
- C:\Windows\System\pgRwVHf.exe
  C:\Windows\System\pgRwVHf.exe
  2⤵
  PID:7324
- C:\Windows\System\ULquPTg.exe
  C:\Windows\System\ULquPTg.exe
  2⤵
  PID:7344
- C:\Windows\System\cTUsvhX.exe
  C:\Windows\System\cTUsvhX.exe
  2⤵
  PID:7368
- C:\Windows\System\NYzqkSe.exe
  C:\Windows\System\NYzqkSe.exe
  2⤵
  PID:7388
- C:\Windows\System\cAGtlWv.exe
  C:\Windows\System\cAGtlWv.exe
  2⤵
  PID:7428
- C:\Windows\System\zUwloAs.exe
  C:\Windows\System\zUwloAs.exe
  2⤵
  PID:7444
- C:\Windows\System\tpOoJvs.exe
  C:\Windows\System\tpOoJvs.exe
  2⤵
  PID:7460
- C:\Windows\System\TcuXIkW.exe
  C:\Windows\System\TcuXIkW.exe
  2⤵
  PID:7476
- C:\Windows\System\VcGnjaE.exe
  C:\Windows\System\VcGnjaE.exe
  2⤵
  PID:7520
- C:\Windows\System\LAbIOXN.exe
  C:\Windows\System\LAbIOXN.exe
  2⤵
  PID:7540
- C:\Windows\System\lTThlDV.exe
  C:\Windows\System\lTThlDV.exe
  2⤵
  PID:7560
- C:\Windows\System\HXsqgBK.exe
  C:\Windows\System\HXsqgBK.exe
  2⤵
  PID:7576
- C:\Windows\System\PElWfWt.exe
  C:\Windows\System\PElWfWt.exe
  2⤵
  PID:7596
- C:\Windows\System\ZQdoEpD.exe
  C:\Windows\System\ZQdoEpD.exe
  2⤵
  PID:7612
- C:\Windows\System\QtHrzfn.exe
  C:\Windows\System\QtHrzfn.exe
  2⤵
  PID:7628
- C:\Windows\System\yIlczVq.exe
  C:\Windows\System\yIlczVq.exe
  2⤵
  PID:7644
- C:\Windows\System\gexFaNY.exe
  C:\Windows\System\gexFaNY.exe
  2⤵
  PID:7668
- C:\Windows\System\eeqDYSC.exe
  C:\Windows\System\eeqDYSC.exe
  2⤵
  PID:7688
- C:\Windows\System\utMqajx.exe
  C:\Windows\System\utMqajx.exe
  2⤵
  PID:7704
- C:\Windows\System\QyYrzlV.exe
  C:\Windows\System\QyYrzlV.exe
  2⤵
  PID:7724
- C:\Windows\System\MizIWHg.exe
  C:\Windows\System\MizIWHg.exe
  2⤵
  PID:7740
- C:\Windows\System\rwvAfVx.exe
  C:\Windows\System\rwvAfVx.exe
  2⤵
  PID:7756
- C:\Windows\System\fapWXyh.exe
  C:\Windows\System\fapWXyh.exe
  2⤵
  PID:7796
- C:\Windows\System\fLVsXzV.exe
  C:\Windows\System\fLVsXzV.exe
  2⤵
  PID:7816
- C:\Windows\System\gfJiYBs.exe
  C:\Windows\System\gfJiYBs.exe
  2⤵
  PID:7832
- C:\Windows\System\aTndfzS.exe
  C:\Windows\System\aTndfzS.exe
  2⤵
  PID:7856
- C:\Windows\System\PBiwieb.exe
  C:\Windows\System\PBiwieb.exe
  2⤵
  PID:7872
- C:\Windows\System\CuvnfzM.exe
  C:\Windows\System\CuvnfzM.exe
  2⤵
  PID:7888
- C:\Windows\System\TGepNIs.exe
  C:\Windows\System\TGepNIs.exe
  2⤵
  PID:7904
- C:\Windows\System\sNiAuaP.exe
  C:\Windows\System\sNiAuaP.exe
  2⤵
  PID:7920
- C:\Windows\System\EtcCZJd.exe
  C:\Windows\System\EtcCZJd.exe
  2⤵
  PID:7944
- C:\Windows\System\jHpKZAf.exe
  C:\Windows\System\jHpKZAf.exe
  2⤵
  PID:7964
- C:\Windows\System\LcLBZWk.exe
  C:\Windows\System\LcLBZWk.exe
  2⤵
  PID:8000
- C:\Windows\System\JSLsykG.exe
  C:\Windows\System\JSLsykG.exe
  2⤵
  PID:8016
- C:\Windows\System\oAmcOvv.exe
  C:\Windows\System\oAmcOvv.exe
  2⤵
  PID:8032
- C:\Windows\System\kjXyKyv.exe
  C:\Windows\System\kjXyKyv.exe
  2⤵
  PID:8052
- C:\Windows\System\JUYLARF.exe
  C:\Windows\System\JUYLARF.exe
  2⤵
  PID:8076
- C:\Windows\System\qIeRAcq.exe
  C:\Windows\System\qIeRAcq.exe
  2⤵
  PID:8096
- C:\Windows\System\JoShcgY.exe
  C:\Windows\System\JoShcgY.exe
  2⤵
  PID:8112
- C:\Windows\System\ihfXxpV.exe
  C:\Windows\System\ihfXxpV.exe
  2⤵
  PID:8128
- C:\Windows\System\FIZvUrP.exe
  C:\Windows\System\FIZvUrP.exe
  2⤵
  PID:8164
- C:\Windows\System\cGXPucB.exe
  C:\Windows\System\cGXPucB.exe
  2⤵
  PID:8180
- C:\Windows\System\MpcxdgI.exe
  C:\Windows\System\MpcxdgI.exe
  2⤵
  PID:5072
- C:\Windows\System\vgvYhQH.exe
  C:\Windows\System\vgvYhQH.exe
  2⤵
  PID:7192
- C:\Windows\System\kCNFXOT.exe
  C:\Windows\System\kCNFXOT.exe
  2⤵
  PID:7224
- C:\Windows\System\inofJEj.exe
  C:\Windows\System\inofJEj.exe
  2⤵
  PID:7236
- C:\Windows\System\WrtOAQN.exe
  C:\Windows\System\WrtOAQN.exe
  2⤵
  PID:7280
- C:\Windows\System\sacMmYd.exe
  C:\Windows\System\sacMmYd.exe
  2⤵
  PID:7352
- C:\Windows\System\QtnVHAR.exe
  C:\Windows\System\QtnVHAR.exe
  2⤵
  PID:7264
- C:\Windows\System\OzfhZeR.exe
  C:\Windows\System\OzfhZeR.exe
  2⤵
  PID:7332
- C:\Windows\System\WYkkTAP.exe
  C:\Windows\System\WYkkTAP.exe
  2⤵
  PID:7408
- C:\Windows\System\WONOPYz.exe
  C:\Windows\System\WONOPYz.exe
  2⤵
  PID:7424
- C:\Windows\System\sZBzfyW.exe
  C:\Windows\System\sZBzfyW.exe
  2⤵
  PID:7436
- C:\Windows\System\dmdwdWt.exe
  C:\Windows\System\dmdwdWt.exe
  2⤵
  PID:7472
- C:\Windows\System\FLxTjhc.exe
  C:\Windows\System\FLxTjhc.exe
  2⤵
  PID:7484
- C:\Windows\System\DEZEyLk.exe
  C:\Windows\System\DEZEyLk.exe
  2⤵
  PID:7512
- C:\Windows\System\azonRwT.exe
  C:\Windows\System\azonRwT.exe
  2⤵
  PID:7548
- C:\Windows\System\ekbxYUe.exe
  C:\Windows\System\ekbxYUe.exe
  2⤵
  PID:7584
- C:\Windows\System\XJoabnK.exe
  C:\Windows\System\XJoabnK.exe
  2⤵
  PID:7624
- C:\Windows\System\jsghkNA.exe
  C:\Windows\System\jsghkNA.exe
  2⤵
  PID:7676
- C:\Windows\System\RpLQoIv.exe
  C:\Windows\System\RpLQoIv.exe
  2⤵
  PID:7684
- C:\Windows\System\OvYCysj.exe
  C:\Windows\System\OvYCysj.exe
  2⤵
  PID:7736
- C:\Windows\System\cENwHYr.exe
  C:\Windows\System\cENwHYr.exe
  2⤵
  PID:7788
- C:\Windows\System\eOEgjuB.exe
  C:\Windows\System\eOEgjuB.exe
  2⤵
  PID:7748
- C:\Windows\System\RRAXkwx.exe
  C:\Windows\System\RRAXkwx.exe
  2⤵
  PID:7808
- C:\Windows\System\wvjwnmU.exe
  C:\Windows\System\wvjwnmU.exe
  2⤵
  PID:7840
- C:\Windows\System\YeWRRkl.exe
  C:\Windows\System\YeWRRkl.exe
  2⤵
  PID:7932
- C:\Windows\System\DBFKlYi.exe
  C:\Windows\System\DBFKlYi.exe
  2⤵
  PID:7880
- C:\Windows\System\MwWSBfv.exe
  C:\Windows\System\MwWSBfv.exe
  2⤵
  PID:7960
- C:\Windows\System\WRJzOBP.exe
  C:\Windows\System\WRJzOBP.exe
  2⤵
  PID:7992
- C:\Windows\System\qrOsNvz.exe
  C:\Windows\System\qrOsNvz.exe
  2⤵
  PID:8044
- C:\Windows\System\DyergnE.exe
  C:\Windows\System\DyergnE.exe
  2⤵
  PID:8072
- C:\Windows\System\rnciLmR.exe
  C:\Windows\System\rnciLmR.exe
  2⤵
  PID:8040
- C:\Windows\System\rAinEoI.exe
  C:\Windows\System\rAinEoI.exe
  2⤵
  PID:8140
- C:\Windows\System\UkEvTRV.exe
  C:\Windows\System\UkEvTRV.exe
  2⤵
  PID:8120
- C:\Windows\System\MRIjDtL.exe
  C:\Windows\System\MRIjDtL.exe
  2⤵
  PID:6928
- C:\Windows\System\JeWsIRv.exe
  C:\Windows\System\JeWsIRv.exe
  2⤵
  PID:6532
- C:\Windows\System\zHwWCBt.exe
  C:\Windows\System\zHwWCBt.exe
  2⤵
  PID:7220
- C:\Windows\System\hLCPxZs.exe
  C:\Windows\System\hLCPxZs.exe
  2⤵
  PID:7204
- C:\Windows\System\tMHBweP.exe
  C:\Windows\System\tMHBweP.exe
  2⤵
  PID:7500
- C:\Windows\System\qaPXIzZ.exe
  C:\Windows\System\qaPXIzZ.exe
  2⤵
  PID:7416
- C:\Windows\System\HPZiasl.exe
  C:\Windows\System\HPZiasl.exe
  2⤵
  PID:7620
- C:\Windows\System\PaEuZGN.exe
  C:\Windows\System\PaEuZGN.exe
  2⤵
  PID:7700
- C:\Windows\System\zbBYiqU.exe
  C:\Windows\System\zbBYiqU.exe
  2⤵
  PID:7784
- C:\Windows\System\IXAlvKe.exe
  C:\Windows\System\IXAlvKe.exe
  2⤵
  PID:7384
- C:\Windows\System\OdQMKSq.exe
  C:\Windows\System\OdQMKSq.exe
  2⤵
  PID:7868
- C:\Windows\System\iWpvWuX.exe
  C:\Windows\System\iWpvWuX.exe
  2⤵
  PID:7660
- C:\Windows\System\GthlSXI.exe
  C:\Windows\System\GthlSXI.exe
  2⤵
  PID:5788
- C:\Windows\System\DEJAhCP.exe
  C:\Windows\System\DEJAhCP.exe
  2⤵
  PID:7640
- C:\Windows\System\mfHYeKn.exe
  C:\Windows\System\mfHYeKn.exe
  2⤵
  PID:8028
- C:\Windows\System\nVKROSu.exe
  C:\Windows\System\nVKROSu.exe
  2⤵
  PID:8084
- C:\Windows\System\MlapdAR.exe
  C:\Windows\System\MlapdAR.exe
  2⤵
  PID:8148
- C:\Windows\System\JiACqQO.exe
  C:\Windows\System\JiACqQO.exe
  2⤵
  PID:7608
- C:\Windows\System\RjhnUUa.exe
  C:\Windows\System\RjhnUUa.exe
  2⤵
  PID:7088
- C:\Windows\System\Uysdfgn.exe
  C:\Windows\System\Uysdfgn.exe
  2⤵
  PID:7972
- C:\Windows\System\tPtcudm.exe
  C:\Windows\System\tPtcudm.exe
  2⤵
  PID:8172
- C:\Windows\System\NypFblb.exe
  C:\Windows\System\NypFblb.exe
  2⤵
  PID:8160
- C:\Windows\System\FZyNToi.exe
  C:\Windows\System\FZyNToi.exe
  2⤵
  PID:7400
- C:\Windows\System\cpDkwhX.exe
  C:\Windows\System\cpDkwhX.exe
  2⤵
  PID:7316
- C:\Windows\System\SzQapcC.exe
  C:\Windows\System\SzQapcC.exe
  2⤵
  PID:7780
- C:\Windows\System\oCBuvcj.exe
  C:\Windows\System\oCBuvcj.exe
  2⤵
  PID:7804
- C:\Windows\System\nkGEBWS.exe
  C:\Windows\System\nkGEBWS.exe
  2⤵
  PID:7300
- C:\Windows\System\YbQGcuw.exe
  C:\Windows\System\YbQGcuw.exe
  2⤵
  PID:7928
- C:\Windows\System\yNcuWWa.exe
  C:\Windows\System\yNcuWWa.exe
  2⤵
  PID:8048
- C:\Windows\System\GNhlobT.exe
  C:\Windows\System\GNhlobT.exe
  2⤵
  PID:7636
- C:\Windows\System\uETrbTa.exe
  C:\Windows\System\uETrbTa.exe
  2⤵
  PID:7652
- C:\Windows\System\gZJnWHN.exe
  C:\Windows\System\gZJnWHN.exe
  2⤵
  PID:7852
- C:\Windows\System\aTzLCiq.exe
  C:\Windows\System\aTzLCiq.exe
  2⤵
  PID:7532
- C:\Windows\System\jXwTJuw.exe
  C:\Windows\System\jXwTJuw.exe
  2⤵
  PID:7680
- C:\Windows\System\bvtfgzw.exe
  C:\Windows\System\bvtfgzw.exe
  2⤵
  PID:7304
- C:\Windows\System\jxSykSK.exe
  C:\Windows\System\jxSykSK.exe
  2⤵
  PID:7588
- C:\Windows\System\oqfJFHf.exe
  C:\Windows\System\oqfJFHf.exe
  2⤵
  PID:7896
- C:\Windows\System\XetgDEQ.exe
  C:\Windows\System\XetgDEQ.exe
  2⤵
  PID:1136
- C:\Windows\System\gOwTkso.exe
  C:\Windows\System\gOwTkso.exe
  2⤵
  PID:6792
- C:\Windows\System\GnajmyS.exe
  C:\Windows\System\GnajmyS.exe
  2⤵
  PID:8152
- C:\Windows\System\OGITIhh.exe
  C:\Windows\System\OGITIhh.exe
  2⤵
  PID:7592
- C:\Windows\System\nHHOKaW.exe
  C:\Windows\System\nHHOKaW.exe
  2⤵
  PID:8188
- C:\Windows\System\yAeoqkP.exe
  C:\Windows\System\yAeoqkP.exe
  2⤵
  PID:2000
- C:\Windows\System\ubtGZYs.exe
  C:\Windows\System\ubtGZYs.exe
  2⤵
  PID:7956
- C:\Windows\System\BEGvmPZ.exe
  C:\Windows\System\BEGvmPZ.exe
  2⤵
  PID:7440
- C:\Windows\System\caaHWAR.exe
  C:\Windows\System\caaHWAR.exe
  2⤵
  PID:7396
- C:\Windows\System\MNgBLBl.exe
  C:\Windows\System\MNgBLBl.exe
  2⤵
  PID:7604
- C:\Windows\System\pUUYJzH.exe
  C:\Windows\System\pUUYJzH.exe
  2⤵
  PID:7188
- C:\Windows\System\YdQFBji.exe
  C:\Windows\System\YdQFBji.exe
  2⤵
  PID:8208
- C:\Windows\System\zRjVioN.exe
  C:\Windows\System\zRjVioN.exe
  2⤵
  PID:8224
- C:\Windows\System\lbxDAyk.exe
  C:\Windows\System\lbxDAyk.exe
  2⤵
  PID:8248
- C:\Windows\System\wAjSfKJ.exe
  C:\Windows\System\wAjSfKJ.exe
  2⤵
  PID:8264
- C:\Windows\System\JTveyEt.exe
  C:\Windows\System\JTveyEt.exe
  2⤵
  PID:8280
- C:\Windows\System\LmvUBIp.exe
  C:\Windows\System\LmvUBIp.exe
  2⤵
  PID:8296
- C:\Windows\System\MFdVqxM.exe
  C:\Windows\System\MFdVqxM.exe
  2⤵
  PID:8324
- C:\Windows\System\vZksAtU.exe
  C:\Windows\System\vZksAtU.exe
  2⤵
  PID:8356
- C:\Windows\System\iklxmuN.exe
  C:\Windows\System\iklxmuN.exe
  2⤵
  PID:8372
- C:\Windows\System\wXDGLUD.exe
  C:\Windows\System\wXDGLUD.exe
  2⤵
  PID:8408
- C:\Windows\System\JRFvNQz.exe
  C:\Windows\System\JRFvNQz.exe
  2⤵
  PID:8428
- C:\Windows\System\DzoawTx.exe
  C:\Windows\System\DzoawTx.exe
  2⤵
  PID:8444
- C:\Windows\System\WMJwBHw.exe
  C:\Windows\System\WMJwBHw.exe
  2⤵
  PID:8460
- C:\Windows\System\wiRPIVc.exe
  C:\Windows\System\wiRPIVc.exe
  2⤵
  PID:8476
- C:\Windows\System\HzHERpu.exe
  C:\Windows\System\HzHERpu.exe
  2⤵
  PID:8508
- C:\Windows\System\JdMhGJL.exe
  C:\Windows\System\JdMhGJL.exe
  2⤵
  PID:8528
- C:\Windows\System\dZxvcCH.exe
  C:\Windows\System\dZxvcCH.exe
  2⤵
  PID:8544
- C:\Windows\System\wOkdjwE.exe
  C:\Windows\System\wOkdjwE.exe
  2⤵
  PID:8572
- C:\Windows\System\Ddfulfl.exe
  C:\Windows\System\Ddfulfl.exe
  2⤵
  PID:8588
- C:\Windows\System\aMuPiPh.exe
  C:\Windows\System\aMuPiPh.exe
  2⤵
  PID:8608
- C:\Windows\System\KISiNOq.exe
  C:\Windows\System\KISiNOq.exe
  2⤵
  PID:8624
- C:\Windows\System\KvkzTBd.exe
  C:\Windows\System\KvkzTBd.exe
  2⤵
  PID:8640
- C:\Windows\System\EeNTyOU.exe
  C:\Windows\System\EeNTyOU.exe
  2⤵
  PID:8660
- C:\Windows\System\vGILloe.exe
  C:\Windows\System\vGILloe.exe
  2⤵
  PID:8680
- C:\Windows\System\rPnvwvq.exe
  C:\Windows\System\rPnvwvq.exe
  2⤵
  PID:8704
- C:\Windows\System\sNzdWsM.exe
  C:\Windows\System\sNzdWsM.exe
  2⤵
  PID:8724
- C:\Windows\System\omhdJoY.exe
  C:\Windows\System\omhdJoY.exe
  2⤵
  PID:8756
- C:\Windows\System\VrGHgGR.exe
  C:\Windows\System\VrGHgGR.exe
  2⤵
  PID:8776
- C:\Windows\System\MzYnanA.exe
  C:\Windows\System\MzYnanA.exe
  2⤵
  PID:8792
- C:\Windows\System\EFoXrhJ.exe
  C:\Windows\System\EFoXrhJ.exe
  2⤵
  PID:8812
- C:\Windows\System\yytVvpM.exe
  C:\Windows\System\yytVvpM.exe
  2⤵
  PID:8828
- C:\Windows\System\SgqPzYA.exe
  C:\Windows\System\SgqPzYA.exe
  2⤵
  PID:8844
- C:\Windows\System\gLfXcop.exe
  C:\Windows\System\gLfXcop.exe
  2⤵
  PID:8864
- C:\Windows\System\jJytccs.exe
  C:\Windows\System\jJytccs.exe
  2⤵
  PID:8880
- C:\Windows\System\caDWeRy.exe
  C:\Windows\System\caDWeRy.exe
  2⤵
  PID:8900
- C:\Windows\System\EVtnDzt.exe
  C:\Windows\System\EVtnDzt.exe
  2⤵
  PID:8932
- C:\Windows\System\qcsWMgy.exe
  C:\Windows\System\qcsWMgy.exe
  2⤵
  PID:8948
- C:\Windows\System\UrMjOBs.exe
  C:\Windows\System\UrMjOBs.exe
  2⤵
  PID:8964
- C:\Windows\System\qjvKrbZ.exe
  C:\Windows\System\qjvKrbZ.exe
  2⤵
  PID:8988
- C:\Windows\System\mOudXFx.exe
  C:\Windows\System\mOudXFx.exe
  2⤵
  PID:9004
- C:\Windows\System\ZdPQbGK.exe
  C:\Windows\System\ZdPQbGK.exe
  2⤵
  PID:9020
- C:\Windows\System\uyHXxTB.exe
  C:\Windows\System\uyHXxTB.exe
  2⤵
  PID:9048
- C:\Windows\System\XRekiKj.exe
  C:\Windows\System\XRekiKj.exe
  2⤵
  PID:9068
- C:\Windows\System\bUifmIg.exe
  C:\Windows\System\bUifmIg.exe
  2⤵
  PID:9084
- C:\Windows\System\RqxmTex.exe
  C:\Windows\System\RqxmTex.exe
  2⤵
  PID:9100
- C:\Windows\System\WGIQNIR.exe
  C:\Windows\System\WGIQNIR.exe
  2⤵
  PID:9124
- C:\Windows\System\NQpWHmC.exe
  C:\Windows\System\NQpWHmC.exe
  2⤵
  PID:9148
- C:\Windows\System\PqpCDMk.exe
  C:\Windows\System\PqpCDMk.exe
  2⤵
  PID:9164
- C:\Windows\System\pEJcPwI.exe
  C:\Windows\System\pEJcPwI.exe
  2⤵
  PID:9192
- C:\Windows\System\aqGbqpx.exe
  C:\Windows\System\aqGbqpx.exe
  2⤵
  PID:7980
- C:\Windows\System\zwSFzcu.exe
  C:\Windows\System\zwSFzcu.exe
  2⤵
  PID:7824
- C:\Windows\System\gtdxScn.exe
  C:\Windows\System\gtdxScn.exe
  2⤵
  PID:8260
- C:\Windows\System\HqMXIzK.exe
  C:\Windows\System\HqMXIzK.exe
  2⤵
  PID:8240
- C:\Windows\System\FWKhsKg.exe
  C:\Windows\System\FWKhsKg.exe
  2⤵
  PID:8204
- C:\Windows\System\Jtcoaju.exe
  C:\Windows\System\Jtcoaju.exe
  2⤵
  PID:8304
- C:\Windows\System\udYauni.exe
  C:\Windows\System\udYauni.exe
  2⤵
  PID:8336
- C:\Windows\System\yFyCrSw.exe
  C:\Windows\System\yFyCrSw.exe
  2⤵
  PID:8316
- C:\Windows\System\eiHrZjS.exe
  C:\Windows\System\eiHrZjS.exe
  2⤵
  PID:8380
- C:\Windows\System\tJfCnTF.exe
  C:\Windows\System\tJfCnTF.exe
  2⤵
  PID:8392
- C:\Windows\System\guHgmms.exe
  C:\Windows\System\guHgmms.exe
  2⤵
  PID:8420
- C:\Windows\System\CkzzGNM.exe
  C:\Windows\System\CkzzGNM.exe
  2⤵
  PID:8472
- C:\Windows\System\IRLMkWh.exe
  C:\Windows\System\IRLMkWh.exe
  2⤵
  PID:8488
- C:\Windows\System\bZzwHCX.exe
  C:\Windows\System\bZzwHCX.exe
  2⤵
  PID:8552
- C:\Windows\System\tcviFKd.exe
  C:\Windows\System\tcviFKd.exe
  2⤵
  PID:8568
- C:\Windows\System\urJYwCJ.exe
  C:\Windows\System\urJYwCJ.exe
  2⤵
  PID:8672
- C:\Windows\System\halIeAL.exe
  C:\Windows\System\halIeAL.exe
  2⤵
  PID:8716
- C:\Windows\System\wbpZfxb.exe
  C:\Windows\System\wbpZfxb.exe
  2⤵
  PID:8688
- C:\Windows\System\hmTAxRO.exe
  C:\Windows\System\hmTAxRO.exe
  2⤵
  PID:8732
- C:\Windows\System\fcOtigK.exe
  C:\Windows\System\fcOtigK.exe
  2⤵
  PID:8768
- C:\Windows\System\oYBmCSf.exe
  C:\Windows\System\oYBmCSf.exe
  2⤵
  PID:8836
- C:\Windows\System\pKlJLVT.exe
  C:\Windows\System\pKlJLVT.exe
  2⤵
  PID:8872
- C:\Windows\System\NUVILpg.exe
  C:\Windows\System\NUVILpg.exe
  2⤵
  PID:8916
- C:\Windows\System\dKLLJgA.exe
  C:\Windows\System\dKLLJgA.exe
  2⤵
  PID:8824
- C:\Windows\System\qFGtxBu.exe
  C:\Windows\System\qFGtxBu.exe
  2⤵
  PID:9028
- C:\Windows\System\uikjARq.exe
  C:\Windows\System\uikjARq.exe
  2⤵
  PID:8896
- C:\Windows\System\puvQusn.exe
  C:\Windows\System\puvQusn.exe
  2⤵
  PID:9044
- C:\Windows\System\UOUrXiV.exe
  C:\Windows\System\UOUrXiV.exe
  2⤵
  PID:9112
- C:\Windows\System\TByItOM.exe
  C:\Windows\System\TByItOM.exe
  2⤵
  PID:8944
- C:\Windows\System\kYNVASR.exe
  C:\Windows\System\kYNVASR.exe
  2⤵
  PID:9012
- C:\Windows\System\BhopZcr.exe
  C:\Windows\System\BhopZcr.exe
  2⤵
  PID:9060
- C:\Windows\System\HzoCDGU.exe
  C:\Windows\System\HzoCDGU.exe
  2⤵
  PID:9180
- C:\Windows\System\AwMxlbl.exe
  C:\Windows\System\AwMxlbl.exe
  2⤵
  PID:9208
- C:\Windows\System\yLtSZrq.exe
  C:\Windows\System\yLtSZrq.exe
  2⤵
  PID:9204
- C:\Windows\System\sboRtJB.exe
  C:\Windows\System\sboRtJB.exe
  2⤵
  PID:8332
- C:\Windows\System\mkXxvYn.exe
  C:\Windows\System\mkXxvYn.exe
  2⤵
  PID:8136
- C:\Windows\System\cPSNyka.exe
  C:\Windows\System\cPSNyka.exe
  2⤵
  PID:7848
- C:\Windows\System\jnMUFRy.exe
  C:\Windows\System\jnMUFRy.exe
  2⤵
  PID:8440
- C:\Windows\System\unTZNIJ.exe
  C:\Windows\System\unTZNIJ.exe
  2⤵
  PID:8400
- C:\Windows\System\PxcalMR.exe
  C:\Windows\System\PxcalMR.exe
  2⤵
  PID:8564
- C:\Windows\System\aCYcInx.exe
  C:\Windows\System\aCYcInx.exe
  2⤵
  PID:8540
- C:\Windows\System\NkRvENz.exe
  C:\Windows\System\NkRvENz.exe
  2⤵
  PID:8584
- C:\Windows\System\aTBrcKj.exe
  C:\Windows\System\aTBrcKj.exe
  2⤵
  PID:8676
- C:\Windows\System\wdLenoW.exe
  C:\Windows\System\wdLenoW.exe
  2⤵
  PID:8692
- C:\Windows\System\UOzzFGD.exe
  C:\Windows\System\UOzzFGD.exe
  2⤵
  PID:8788
- C:\Windows\System\PKdBjcI.exe
  C:\Windows\System\PKdBjcI.exe
  2⤵
  PID:8924
- C:\Windows\System\rIpSRXz.exe
  C:\Windows\System\rIpSRXz.exe
  2⤵
  PID:8860
- C:\Windows\System\EXpYngS.exe
  C:\Windows\System\EXpYngS.exe
  2⤵
  PID:9036
- C:\Windows\System\JRXcqgG.exe
  C:\Windows\System\JRXcqgG.exe
  2⤵
  PID:8980
- C:\Windows\System\xgmftPT.exe
  C:\Windows\System\xgmftPT.exe
  2⤵
  PID:8888
- C:\Windows\System\dTHoKyW.exe
  C:\Windows\System\dTHoKyW.exe
  2⤵
  PID:8232
- C:\Windows\System\RByaqlQ.exe
  C:\Windows\System\RByaqlQ.exe
  2⤵
  PID:8364
- C:\Windows\System\rECVRce.exe
  C:\Windows\System\rECVRce.exe
  2⤵
  PID:9176
- C:\Windows\System\bDCCOCV.exe
  C:\Windows\System\bDCCOCV.exe
  2⤵
  PID:9212
- C:\Windows\System\cnyAOrZ.exe
  C:\Windows\System\cnyAOrZ.exe
  2⤵
  PID:8244
- C:\Windows\System\FlwmAEl.exe
  C:\Windows\System\FlwmAEl.exe
  2⤵
  PID:8520
- C:\Windows\System\WcPsmyq.exe
  C:\Windows\System\WcPsmyq.exe
  2⤵
  PID:8616
- C:\Windows\System\FBZdAIK.exe
  C:\Windows\System\FBZdAIK.exe
  2⤵
  PID:8748
- C:\Windows\System\UUfinug.exe
  C:\Windows\System\UUfinug.exe
  2⤵
  PID:8840
- C:\Windows\System\eWGztIB.exe
  C:\Windows\System\eWGztIB.exe
  2⤵
  PID:8960
- C:\Windows\System\xPrkbcE.exe
  C:\Windows\System\xPrkbcE.exe
  2⤵
  PID:8804
- C:\Windows\System\YesUGGO.exe
  C:\Windows\System\YesUGGO.exe
  2⤵
  PID:9080
- C:\Windows\System\cLtepcI.exe
  C:\Windows\System\cLtepcI.exe
  2⤵
  PID:9136
- C:\Windows\System\RLpdqrW.exe
  C:\Windows\System\RLpdqrW.exe
  2⤵
  PID:8404
- C:\Windows\System\GTAXxYy.exe
  C:\Windows\System\GTAXxYy.exe
  2⤵
  PID:9144
- C:\Windows\System\dUiBzHD.exe
  C:\Windows\System\dUiBzHD.exe
  2⤵
  PID:8740
- C:\Windows\System\mbKXDmz.exe
  C:\Windows\System\mbKXDmz.exe
  2⤵
  PID:8580
- C:\Windows\System\EOmSFWb.exe
  C:\Windows\System\EOmSFWb.exe
  2⤵
  PID:8800
- C:\Windows\System\JrfLxyu.exe
  C:\Windows\System\JrfLxyu.exe
  2⤵
  PID:9188
- C:\Windows\System\YRlAOxk.exe
  C:\Windows\System\YRlAOxk.exe
  2⤵
  PID:9040
- C:\Windows\System\fhZXXqk.exe
  C:\Windows\System\fhZXXqk.exe
  2⤵
  PID:8320
- C:\Windows\System\HuJoRbl.exe
  C:\Windows\System\HuJoRbl.exe
  2⤵
  PID:8712
- C:\Windows\System\JAZLWlN.exe
  C:\Windows\System\JAZLWlN.exe
  2⤵
  PID:8596
- C:\Windows\System\LPrENte.exe
  C:\Windows\System\LPrENte.exe
  2⤵
  PID:9132
- C:\Windows\System\uPHZtYb.exe
  C:\Windows\System\uPHZtYb.exe
  2⤵
  PID:8500
- C:\Windows\System\mAkBkCF.exe
  C:\Windows\System\mAkBkCF.exe
  2⤵
  PID:8808
- C:\Windows\System\PsTPLiH.exe
  C:\Windows\System\PsTPLiH.exe
  2⤵
  PID:9120
- C:\Windows\System\aKvePLN.exe
  C:\Windows\System\aKvePLN.exe
  2⤵
  PID:8416
- C:\Windows\System\QsmGcvV.exe
  C:\Windows\System\QsmGcvV.exe
  2⤵
  PID:8976
- C:\Windows\System\cogvBUD.exe
  C:\Windows\System\cogvBUD.exe
  2⤵
  PID:9248
- C:\Windows\System\MiMzMQU.exe
  C:\Windows\System\MiMzMQU.exe
  2⤵
  PID:9268
- C:\Windows\System\dAxMavf.exe
  C:\Windows\System\dAxMavf.exe
  2⤵
  PID:9284
- C:\Windows\System\yDoZZwM.exe
  C:\Windows\System\yDoZZwM.exe
  2⤵
  PID:9304
- C:\Windows\System\cNwprHY.exe
  C:\Windows\System\cNwprHY.exe
  2⤵
  PID:9320
- C:\Windows\System\YlHBPle.exe
  C:\Windows\System\YlHBPle.exe
  2⤵
  PID:9344
- C:\Windows\System\npSoLke.exe
  C:\Windows\System\npSoLke.exe
  2⤵
  PID:9360
- C:\Windows\System\qPrhyCC.exe
  C:\Windows\System\qPrhyCC.exe
  2⤵
  PID:9376
- C:\Windows\System\NFqsvmv.exe
  C:\Windows\System\NFqsvmv.exe
  2⤵
  PID:9392
- C:\Windows\System\nYHDoWp.exe
  C:\Windows\System\nYHDoWp.exe
  2⤵
  PID:9420
- C:\Windows\System\RbEZswe.exe
  C:\Windows\System\RbEZswe.exe
  2⤵
  PID:9436
- C:\Windows\System\kuFZyMk.exe
  C:\Windows\System\kuFZyMk.exe
  2⤵
  PID:9460
- C:\Windows\System\BIbrFnw.exe
  C:\Windows\System\BIbrFnw.exe
  2⤵
  PID:9484
- C:\Windows\System\IYanLse.exe
  C:\Windows\System\IYanLse.exe
  2⤵
  PID:9508
- C:\Windows\System\hQlpWUi.exe
  C:\Windows\System\hQlpWUi.exe
  2⤵
  PID:9524
- C:\Windows\System\wSMmlkM.exe
  C:\Windows\System\wSMmlkM.exe
  2⤵
  PID:9544
- C:\Windows\System\NAApynA.exe
  C:\Windows\System\NAApynA.exe
  2⤵
  PID:9564
- C:\Windows\System\YdGJFPF.exe
  C:\Windows\System\YdGJFPF.exe
  2⤵
  PID:9580
- C:\Windows\System\sWLQBud.exe
  C:\Windows\System\sWLQBud.exe
  2⤵
  PID:9596
- C:\Windows\System\jIsKbbh.exe
  C:\Windows\System\jIsKbbh.exe
  2⤵
  PID:9632
- C:\Windows\System\ZoMMGnl.exe
  C:\Windows\System\ZoMMGnl.exe
  2⤵
  PID:9648
- C:\Windows\System\qEGHJdc.exe
  C:\Windows\System\qEGHJdc.exe
  2⤵
  PID:9672
- C:\Windows\System\VCzkvnY.exe
  C:\Windows\System\VCzkvnY.exe
  2⤵
  PID:9688
- C:\Windows\System\fhqgyim.exe
  C:\Windows\System\fhqgyim.exe
  2⤵
  PID:9704
- C:\Windows\System\JFRIkNm.exe
  C:\Windows\System\JFRIkNm.exe
  2⤵
  PID:9736
- C:\Windows\System\QxSOcHa.exe
  C:\Windows\System\QxSOcHa.exe
  2⤵
  PID:9752
- C:\Windows\System\ASBytPF.exe
  C:\Windows\System\ASBytPF.exe
  2⤵
  PID:9768
- C:\Windows\System\ateKSfM.exe
  C:\Windows\System\ateKSfM.exe
  2⤵
  PID:9796
- C:\Windows\System\MoFiQDO.exe
  C:\Windows\System\MoFiQDO.exe
  2⤵
  PID:9812
- C:\Windows\System\qjVQteU.exe
  C:\Windows\System\qjVQteU.exe
  2⤵
  PID:9828
- C:\Windows\System\NdKRGHv.exe
  C:\Windows\System\NdKRGHv.exe
  2⤵
  PID:9848
- C:\Windows\System\AYgybNf.exe
  C:\Windows\System\AYgybNf.exe
  2⤵
  PID:9872
- C:\Windows\System\YsVYkBp.exe
  C:\Windows\System\YsVYkBp.exe
  2⤵
  PID:9892
- C:\Windows\System\RMZnqtX.exe
  C:\Windows\System\RMZnqtX.exe
  2⤵
  PID:9912
- C:\Windows\System\SPsdtoX.exe
  C:\Windows\System\SPsdtoX.exe
  2⤵
  PID:9928
- C:\Windows\System\TuvVIlL.exe
  C:\Windows\System\TuvVIlL.exe
  2⤵
  PID:9944
- C:\Windows\System\ISMfgFr.exe
  C:\Windows\System\ISMfgFr.exe
  2⤵
  PID:9980
- C:\Windows\System\AqLltJW.exe
  C:\Windows\System\AqLltJW.exe
  2⤵
  PID:9996
- C:\Windows\System\xUmYDKA.exe
  C:\Windows\System\xUmYDKA.exe
  2⤵
  PID:10012
- C:\Windows\System\rMhnaUu.exe
  C:\Windows\System\rMhnaUu.exe
  2⤵
  PID:10040
- C:\Windows\System\qsOfrbr.exe
  C:\Windows\System\qsOfrbr.exe
  2⤵
  PID:10056
- C:\Windows\System\iMhghlX.exe
  C:\Windows\System\iMhghlX.exe
  2⤵
  PID:10072
- C:\Windows\System\SqcHqIT.exe
  C:\Windows\System\SqcHqIT.exe
  2⤵
  PID:10088
- C:\Windows\System\RVJYaJb.exe
  C:\Windows\System\RVJYaJb.exe
  2⤵
  PID:10112
- C:\Windows\System\lOyWADT.exe
  C:\Windows\System\lOyWADT.exe
  2⤵
  PID:10136
- C:\Windows\System\GMJWFSB.exe
  C:\Windows\System\GMJWFSB.exe
  2⤵
  PID:10160
- C:\Windows\System\behuAlJ.exe
  C:\Windows\System\behuAlJ.exe
  2⤵
  PID:10176
- C:\Windows\System\UQtsXZO.exe
  C:\Windows\System\UQtsXZO.exe
  2⤵
  PID:10196
- C:\Windows\System\qhGtTNU.exe
  C:\Windows\System\qhGtTNU.exe
  2⤵
  PID:10216
- C:\Windows\System\KStOyQK.exe
  C:\Windows\System\KStOyQK.exe
  2⤵
  PID:10236
- C:\Windows\System\ipetckA.exe
  C:\Windows\System\ipetckA.exe
  2⤵
  PID:8600
- C:\Windows\System\pXRMmcf.exe
  C:\Windows\System\pXRMmcf.exe
  2⤵
  PID:9240
- C:\Windows\System\weTrmHC.exe
  C:\Windows\System\weTrmHC.exe
  2⤵
  PID:9276
- C:\Windows\System\fnUFbJR.exe
  C:\Windows\System\fnUFbJR.exe
  2⤵
  PID:9300
- C:\Windows\System\DLjMRAS.exe
  C:\Windows\System\DLjMRAS.exe
  2⤵
  PID:9372
- C:\Windows\System\QQyJMXT.exe
  C:\Windows\System\QQyJMXT.exe
  2⤵
  PID:9316
- C:\Windows\System\IJZSKgf.exe
  C:\Windows\System\IJZSKgf.exe
  2⤵
  PID:9408
- C:\Windows\System\BsIremw.exe
  C:\Windows\System\BsIremw.exe
  2⤵
  PID:9384
- C:\Windows\System\bZfEIdU.exe
  C:\Windows\System\bZfEIdU.exe
  2⤵
  PID:9472
- C:\Windows\System\qGZtrfG.exe
  C:\Windows\System\qGZtrfG.exe
  2⤵
  PID:9504
- C:\Windows\System\RUEgFQP.exe
  C:\Windows\System\RUEgFQP.exe
  2⤵
  PID:9540
- C:\Windows\System\djwfCpu.exe
  C:\Windows\System\djwfCpu.exe
  2⤵
  PID:9588
- C:\Windows\System\CSpDVAq.exe
  C:\Windows\System\CSpDVAq.exe
  2⤵
  PID:9612
- C:\Windows\System\WAdOFue.exe
  C:\Windows\System\WAdOFue.exe
  2⤵
  PID:9628
- C:\Windows\System\bTlFSrB.exe
  C:\Windows\System\bTlFSrB.exe
  2⤵
  PID:9668
- C:\Windows\System\rgBkWlp.exe
  C:\Windows\System\rgBkWlp.exe
  2⤵
  PID:9712
- C:\Windows\System\slhBCvJ.exe
  C:\Windows\System\slhBCvJ.exe
  2⤵
  PID:9732
- C:\Windows\System\ABvEAkY.exe
  C:\Windows\System\ABvEAkY.exe
  2⤵
  PID:9776
- C:\Windows\System\cOODkTU.exe
  C:\Windows\System\cOODkTU.exe
  2⤵
  PID:9792
- C:\Windows\System\WvwJJXm.exe
  C:\Windows\System\WvwJJXm.exe
  2⤵
  PID:9856
- C:\Windows\System\RxRmSEl.exe
  C:\Windows\System\RxRmSEl.exe
  2⤵
  PID:9840
- C:\Windows\System\tSLXbxe.exe
  C:\Windows\System\tSLXbxe.exe
  2⤵
  PID:9904
- C:\Windows\System\quvhLJO.exe
  C:\Windows\System\quvhLJO.exe
  2⤵
  PID:9920
- C:\Windows\System\qJBJDvQ.exe
  C:\Windows\System\qJBJDvQ.exe
  2⤵
  PID:9968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\FyVyBss.exe

Filesize
1.7MB

MD5
c5ab6401a6fe07e9d733ff59181257df

SHA1
6162d3988e779cf823f9a3a017d1fc850162a599

SHA256
2b1aa3da87a0a834a08362763a861040b06a1a2f0825b045eccd7f53077a2cb9

SHA512
8aa8817523fd22fdeafc5207b4cc5375844dac9346dbeba21e89b1f7ed04d47139ac64070dce0592e3851de6966c3201b4eb7f96ef8f60d5d812cff932d91e83

Download Submit
C:\Windows\system\GpFDjWK.exe

Filesize
1.7MB

MD5
f3d953ff2fad2ccb9c53227820ab96b8

SHA1
acf1bdb6afa9a4c5cf798a13e65ff8e0a95371b8

SHA256
a6b71c1789afa13bdf369dcca133ea022bc88c2fc52045cdd3f826983d423211

SHA512
77e962197b42532c960eef16b2f35848b6c9b456f58b28db23397172a2d98383c2a773961f958c776683cfd4c76766e35df41219d6c284bae24554373775cbdd

Download Submit
C:\Windows\system\IgTqPxh.exe

Filesize
1.7MB

MD5
5977483364e8919f885d1967bcee1665

SHA1
89ce410f7bac3353483fb87ff56693b4aea51efc

SHA256
4fc007e99a17c9d58240d252af61b998b2636c05a6af0a1f398154bc1b602f55

SHA512
871cf312e5f7e1c90bb8478a5b9847249c6513804135c3d829e41c3e90e780e780cbaf8a24ba3a0c8b04cdb695d9484eee585abf176c4e9ec3ccf300cb3d2d2f

Download Submit
C:\Windows\system\KPxpRCF.exe

Filesize
1.7MB

MD5
50d22f275a0e1eda19774d81f447612a

SHA1
df5b9faa838c6f9eca292e4b4164f500ce0e6884

SHA256
915400a442d13e1ffbf9851c74cea6533f55c1ecaf3273270784bdb801a3df5e

SHA512
7d22f65e0db7af8eac4b3ca2e2f17e8466b1989dfcfa8f064b6fb32d8f2aae1d57a4312d0f1135982a73238461af6fb5e62113263d95480d17faf0ffa4f5dca2

Download Submit
C:\Windows\system\MRtyFgx.exe

Filesize
1.7MB

MD5
555d8bcd55c344fa403aad8291135623

SHA1
bf45689749862935d9163ea8f586c6913d3aca6d

SHA256
9f610151d447bfadf3916e46644b45ec5050bc8b379288f72dcf51b1011921ba

SHA512
ce8a69b0b09f06d6acb4485943650dd9ca2cededac19b4515f37c2265d7a0d32009cd5576e0f9c7eba03059c8d13c3e3b4283f10d99805d2665af4ceb716c111

Download Submit
C:\Windows\system\MyuuUbt.exe

Filesize
1.7MB

MD5
8262d9b3d84fe888c551c3f6d0218cc0

SHA1
2f9e97c77343117b6099d881ef9039a7b324e8eb

SHA256
e78fc2802998d9a0ebb66a13d58843c4f04a007311d80c55b2ad1adfafc5227a

SHA512
dfbeb80f3ed65a603e8a3d8a561bb7b37543dff1542bb9e4800ad9760b5c8ec9734da4ad8ba0c020c360588a5fd5c8fce63e1e7a4f7474e882ec3e9b593bb6b8

Download Submit
C:\Windows\system\NHpkbit.exe

Filesize
1.7MB

MD5
dde149071ea4642608641801f1108dff

SHA1
3117445993071a0c17a4b883b33af96ecadec5fd

SHA256
42ef5e24104f4ce05ad146040c3bf08e601b4de035eb9f26f2a7ae22319b364f

SHA512
9b01a397b16b383dcd9f9d0233be82e9b4380c0b94134d23e1d1fa5966525e69a0b8c211846d345572eeeb730afa76c422276fc44bcee1aae1310572376bdaca

Download Submit
C:\Windows\system\PRvJvcR.exe

Filesize
1.7MB

MD5
ea405d20b8de752c0b8b9f5ef94c5f99

SHA1
78a7ec33282add78cee501e8d740411841e212e1

SHA256
8559416d3597e800405e6304d2b3d53c1924bbb8f499c32e9290e97bfe3f6615

SHA512
8b037ef69180fa23a5baf96f60f7ba933f5b80c206e4ca6a25c36166c5607174c6e7eef966b0205e6b4bb6d86ef7f5092a88ff79f8a606127b9a2e2b77f1d378

Download Submit
C:\Windows\system\VygwdEQ.exe

Filesize
1.7MB

MD5
246920cc97093d6b23733f9b0fa0d5c2

SHA1
014e21b7c7c63927c221f31eff1f69f0324cf1f8

SHA256
a5f65453945f889afe0f1d4e9833095ede7b31157cbd0904a9bf54cba8565114

SHA512
7323960dff52220dc3f329b99df5d9a63fdfece75acd6396fcbb7ec874bff2bae7c30d974b340bb66e436eb6c118a28553d6f090b973543438e41934099612d4

Download Submit
C:\Windows\system\WYriohr.exe

Filesize
1.7MB

MD5
c96308a7055abcb4dc0a93c843d01601

SHA1
f79660641c13ef061d8e80c30e3775ff1c5bbd3c

SHA256
88b30035ae02b538b31867b5cc0e7c096c2f54ad6bf54400bcc218ab9dc8b9a8

SHA512
22c16d054e9200a3441e32e2e00b5d850e92d7961a81e925b6d4f0adca7ab009a340793f6f8b779e6b42e2f7be84b38d0cf09715d94db369b850bba14a8a0d64

Download Submit
C:\Windows\system\WvHrIdh.exe

Filesize
1.7MB

MD5
2fbeaa0dc70f446ceddc5916b439f0c6

SHA1
58a899cb7e2dbcf4a1c9723107662d94fcec8703

SHA256
d32f4bf4298f000f93ccb59143317383c2a2ceb89d3b4df9e964576b4bf83c6e

SHA512
c6cdcf5aa13b3519c35f8e057c343c12bc50ded83ace302d7034b6d87ffbbb1a88df72c33f5bf2404fa2c76df8757db5a2e43fb6c0ad58ad26bdbef666c27a41

Download Submit
C:\Windows\system\XXnfqai.exe

Filesize
1.7MB

MD5
5389d1be28919385a943ae4e387adac3

SHA1
c8c56be2866e56139046a3449034ffe9153126a6

SHA256
4bc44b20cf2540ef5db4d90f3bb5f17a2ddae9ebac8ba196eafa6f73b86e7a26

SHA512
e013ed7345dccd0f3033834ee8d55cba6f9ebc216519801c58218ccf142db3fb06dae0a6c011659eecfddadc39287e53595f9ec1e152bb573d8d23c5ebb69900

Download Submit
C:\Windows\system\XtRZqoY.exe

Filesize
1.7MB

MD5
c5374054b35c42a6412d4bfbb91ebb6b

SHA1
d8af995147bce44366f0679a2ee77f896a102331

SHA256
7fb66420aff4ea08b0f110fafcad45f59099bf34498960a1b5db6cf4fb1c5330

SHA512
19953b8044b1ccb1ade9f4df8c9a34e3fb85fd852748f250fcfafabedf45c68371fb08fafa624b9354452f750decbc7cbdf7a8d8bbbd7747e2b51ca97e1e2498

Download Submit
C:\Windows\system\YnLGLcK.exe

Filesize
1.7MB

MD5
5c741a942281b945e161aac81ce18573

SHA1
8891784ba349ea7177ba0246c7472da0f7e831c9

SHA256
8b9cb3e3b1bd915560688756eb9361389804e089dac4c10070c867b98961c000

SHA512
f300877ef24680b69a9ba50e212c4e38b4253fd92acff8296158e13f6f60b6e52b701fa52da7a3f114a37e8712587900f7e553918ace2dad8618154ba03d10b3

Download Submit
C:\Windows\system\aZTldEY.exe

Filesize
1.7MB

MD5
86bc2bbd9f16df1d4a47450ab74dccb6

SHA1
9d90aa2dc1cf714f4e35ce94465dcc5e300ba959

SHA256
7f29379d28765ea6b85076436c12288242beff3faf81ec79a395bb83da498bd8

SHA512
d2c712ab71fc8d5182c286a814a7bab1a24790a0ed6156c725162167227900ef8e283aa58a6caa751692fccd49c89a55133bdf18003429158201474bbd348943

Download Submit
C:\Windows\system\bdgBlPl.exe

Filesize
1.7MB

MD5
f32c64c56b08a5c6dca3ccb062a13a0a

SHA1
cf2481fbf2eb7b16b5637bd764baf7f1a2ff8259

SHA256
e3ee07abd2a21241ff7164e6c48f6a1e11c59986a941932cc063c1aa198c1227

SHA512
9a95c565f24c6e7015b9e65ccd5e9d819ba0ae10b3be2689ef84e105b0b1358c229ab2d8fc348abcd5c258122e70ce4e79bf97ccae238e044de843354c964a4c

Download Submit
C:\Windows\system\dxwBuHk.exe

Filesize
1.7MB

MD5
15c6faa2e282dff6f3a5ebb7470bbc7a

SHA1
5c2fcfa2b446595e2505dff0c12e217532cafe3e

SHA256
97f3d69e3466f613c136ce16d6046abea930ec54c2f6ab974c2a202b1964ac0f

SHA512
b85428ce54a32d58ff9b5aeeca53fc6adc6a08e104f2c8b3ccf679854c7aedbfc0e04d91c16d568286e78ee708ec6373a464c7fb48bf720c7d1c95f915ed8474

Download Submit
C:\Windows\system\fTofaWi.exe

Filesize
1.7MB

MD5
b2db1d8dce64e88c1803ee7f5db38882

SHA1
f62cd4d7e3c3e150a98db69cbea8e8b183c4e547

SHA256
5615ccb43a048ff298cc7764c29665e137c7742cfbd3303e70923f266e116dbc

SHA512
066def4722da245937ae125848c2a44373e0215d7d3cb1e6e6a3797ddb389f3b874479f93cc7a76839b8cc33192dc46d58fb14f288349b87a7451350e86afda2

Download Submit
C:\Windows\system\iBdGvwT.exe

Filesize
1.7MB

MD5
1f055b6fe2551eba2e4331d23f6c5309

SHA1
4237a6da42db3ede8d0dcbce4c8127a4539b2730

SHA256
628286216f9f11c40f48b24ad058c5f68b70729a13b24ffd99e0c324a44ce8ca

SHA512
fa906640c5af33e16ff6ba800f5d0d7357a13f3569a8e44687de17757c57c3885564f9e2411b0d56447e7a6adaf12c1a89e319bc47965105c5b2dade953528b2

Download Submit
C:\Windows\system\iZgqZTF.exe

Filesize
1.7MB

MD5
d343eace942bcd9a3bded674cdb67943

SHA1
bb2145d039320f0f3608884096e2e7ae3ad93fd7

SHA256
47fb2add2d2311495827debf14ded4d367b02468de42ce5f296b6e4fc1dcac18

SHA512
231b1e12e60451a0885060f0341ba64069ab2c145be1d8f5a3cfefae2919c1787a63bc80e1767e7bd60a475a3d1207dba0b6f9dfe9da19c9d5cc3d1299482236

Download Submit
C:\Windows\system\ioNNojY.exe

Filesize
1.7MB

MD5
3968bb197196db99115157cbe67cf014

SHA1
09df238ca86c419f87245dfaa70fda42ebdeacfa

SHA256
75e579785229185d7e79e3e81ccdae118a50898de2c8ab9cdfb3f21c8fee7f98

SHA512
5988d451e3c5adb5ed54307e6e88147c0a321b0d53bbc6e3db04335d520f25e63810ab4f056fe8423b936f0b4f8f08d46a4a767a1d91f5aa5837ed66b6f0f37f

Download Submit
C:\Windows\system\nvwTNyq.exe

Filesize
1.7MB

MD5
1f132105ab10b317a6338178d6e601d7

SHA1
060abeeeae3b9a10f616a6c47f1a79a76c4a4d91

SHA256
c7aeea8a930eafcd25806487949e1f6fbe80413bd82b3d72d1335a1ab8951f8c

SHA512
6973d79c394075725aaca7c81ed74e90aa47eaa03274057f8cc9abf3ef3327d286b9e28c3f95731998bfaf5bdc6c9860753b964bdc3bbf49f5cd6b24d8887bf4

Download Submit
C:\Windows\system\nwCMxJw.exe

Filesize
1.7MB

MD5
e69e2aca02b433246092dc988d273df5

SHA1
fc02ea45262052f5b931d0bfaf1cda84e2216230

SHA256
97518d3076cc8e273bc7bbc2118761aa12758a95239f8bedeb7115df5d72500b

SHA512
d0822aa950f5c9de9b205ffac7a3a63a86445af9d3d364fca393ad938500ed64a533d8ffe10c6198dd832b5abccc2c1cc8895316b4ea0905ae5f034f2d25496c

Download Submit
C:\Windows\system\pDLaYXy.exe

Filesize
1.7MB

MD5
457041a58872d95908d884640932ddfb

SHA1
659991df3005faedfc266d8208142fe631ec36b0

SHA256
8f2d449408c1eefa950f84a35cfb1288ee1c75963dbe99060a5162fbf87c676d

SHA512
5938d057dfde8f94f17bd7f99dc1a39a20693b2df122f0968c34e16aa80cffb6f3c09019d79ed4c366547b452c07891ff2614435333fd981d77116ca58ffc2b9

Download Submit
C:\Windows\system\qUkzjEG.exe

Filesize
1.7MB

MD5
a189779d88af15e2f3c51b93e731614c

SHA1
1287addd8036a4b749a25370ed9687e667c10254

SHA256
df6e459ec4ed055bb3692858132beae25c6f3b2357b98fe958926353b1ea9797

SHA512
260eb44d897d45f350c91adb9d6577e63598e0c49f913b3ed93eca3f5acd65f6d63677745ce9e0556b87fa753855c50605d21323710e4bd5a122d81169a401e0

Download Submit
C:\Windows\system\tavQWlV.exe

Filesize
1.7MB

MD5
cf41fdaa0aeeaad698e7d7bb9e6a8d69

SHA1
1996b79a0e1397e5afb5dc07ddcab5f35b46f6cf

SHA256
958d749f8db6648361698e412ed6a3bdc7cb908368b5721bbc7b49cd10f76088

SHA512
bda10e35f383c795f62288e29b169c45e95f4b07099b255d7e17a5bafb4e408cf58dd4fb9fc9c79e027a66f0b80e8f44ca827a4a3b35b604585284dbf83d51f5

Download Submit
C:\Windows\system\uUIBMEB.exe

Filesize
1.7MB

MD5
d4329d1eb5baeff4f1da2aa29a10a256

SHA1
b94621f5a681d8232284b3bf2e10700fb4e9678a

SHA256
6936f4ca7a73f60adf7c2538a166f2f6f55b43471a4c023b8a782902ed482c9d

SHA512
00be963bd2dc90041cb9f3763834fcdf705825d3d447eecc84a7b226911b482df32bc6d589c70aba58244a91c7cf01635c256e1180da1bbd8b0c69ecbeb42693

Download Submit
C:\Windows\system\yrCaQeb.exe

Filesize
1.7MB

MD5
93ba3bab8ff3529d1c3f8aab335391a5

SHA1
daa497fed34690f3c42cfd372a4d0c6ff0082212

SHA256
632cdaf3c57db5868178c1f78ba0b76dc062800e831d1d5cf4202ca68dad629a

SHA512
886532830334a3b52b2020d551b692d7179bd1416e1dcc1e1aa90b5e008fcabbbfa3ed0fc3776935695499aaa9e89aa6d9ebeff29a3230d22859d37a1778daa1

Download Submit
C:\Windows\system\zbFTEHt.exe

Filesize
1.7MB

MD5
9fda1c5399e0184067a3953b7aaf0276

SHA1
3c851e8cdb2db5abf572570e767c6abb3da2a315

SHA256
6423faa856d1afd1a2bc4e38a928b9123fbcaa7c16e18bd3a95c69e4bdf2555d

SHA512
5e5b14080dea8bac97e16d99d2d7f8622b6260c99116b09a14c2d99c6b43cc72877b11f07c46340316aa8efa72718c28f3afa5580a266cd3eeda4f182c93f7ff

Download Submit
\Windows\system\ZKRbhIg.exe

Filesize
1.7MB

MD5
76f59c891ac85d43272cd4e45289198b

SHA1
6e0a4f184e7915a4ecba6f587ba21cb82d72f14a

SHA256
9c8c676907b7a8efc7ceaaa4014d23c784f93665a312282f4502fd6cb0acaf14

SHA512
6b577702fd6c36e0603568b91206f4e51f0d9db9b737f48284a0d77f27690419c89fa725f3cf9864c3cb2eb50b314a691025063d1c54c1562017221a20673554

Download Submit
\Windows\system\djREdEc.exe

Filesize
1.7MB

MD5
e549a0e0c08b5c672539905de5db8b75

SHA1
296725f29c8b14da77c23338dbc07d8a0031c1ec

SHA256
fda3000ada79a1e3f50dcd2b677a442577623a81d651ae319deda33ac1d57953

SHA512
d6cec654eb283944d7f5bfdd6f70b19ddbc97825edd8f97ce86eb90e6d75441e2d1af230ef7c05512ed1115970aeee98900943281fde1ef01775709c8d387b98

Download Submit
\Windows\system\rkYaCeT.exe

Filesize
1.7MB

MD5
47e7240f4f19f8d6c67c6f306f75c538

SHA1
35fa60ae7ab54863bfa5c5a62510b2be371988e6

SHA256
a7a17db6a484f58321d30372bae1b9f87369fce40fa95853b09f804a8ec6a157

SHA512
4dbfe337057bb39857d1be243b31a6812031cb20d1bb2aa47876d79bf5b3c76778b45d511a8100f46ca053bd59ce16a0d6ff9757214a99b1af7770339393b19b

Download Submit
memory/380-89-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/380-4056-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/1268-54-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/1268-7-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/1268-0-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1268-39-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/1268-85-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/1268-95-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/1268-3576-0x0000000001FD0000-0x0000000002324000-memory.dmp

Filesize
3.3MB

Download
memory/1268-102-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/1268-3321-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/1268-2835-0x0000000001FD0000-0x0000000002324000-memory.dmp

Filesize
3.3MB

Download
memory/1268-2581-0x0000000001FD0000-0x0000000002324000-memory.dmp

Filesize
3.3MB

Download
memory/1268-1-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/1268-59-0x0000000001FD0000-0x0000000002324000-memory.dmp

Filesize
3.3MB

Download
memory/1268-19-0x0000000001FD0000-0x0000000002324000-memory.dmp

Filesize
3.3MB

Download
memory/1268-74-0x0000000001FD0000-0x0000000002324000-memory.dmp

Filesize
3.3MB

Download
memory/1268-67-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/1268-66-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/1636-4058-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/1636-96-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2284-12-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-4045-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-69-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-4053-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2436-4051-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2436-68-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2440-4054-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-64-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2464-2583-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2464-4057-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2464-75-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2560-65-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2560-4047-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2568-61-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2568-4049-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-62-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2576-4050-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2624-63-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2624-4052-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2724-4046-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-25-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-326-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-4055-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2836-2836-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2836-80-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2948-4048-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2948-52-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download