xmrig | 0763dcab9cc2c8a2dc5dc2d4fd525113a51f1c9dd7ae33fd8743802e997eab25

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25-08-2024 23:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1c308c49dc873dcfce1b53605fab8c90N.exe
Size

1.9MB
MD5

1c308c49dc873dcfce1b53605fab8c90
SHA1

f649f3bf0790088b77e08a18912a2108c2c30228
SHA256

0763dcab9cc2c8a2dc5dc2d4fd525113a51f1c9dd7ae33fd8743802e997eab25
SHA512

6ddf07d6672c248b7f5f71120f775af2598e6b61777b322a89693cdfe9bcaac771bcf95e0c3a7bf219ff848f603d413913a898a6db0207ab14a913488870f0dd
SSDEEP

24576:RVIl/WDGCi7/qkatXBF6727XL1+KvSjsvxP09W4fuiN/NH7UkvMlGAdL6fENd7JB:ROdWCCi7/rahHxxZeLckoVJ1f8IX5

Score

10^/10

xmrig miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 57 IoCs

miner

resource	yara_rule
behavioral2/memory/4560-502-0x00007FF672700000-0x00007FF672A51000-memory.dmp	xmrig
behavioral2/memory/312-501-0x00007FF6B6830000-0x00007FF6B6B81000-memory.dmp	xmrig
behavioral2/memory/3464-560-0x00007FF73D730000-0x00007FF73DA81000-memory.dmp	xmrig
behavioral2/memory/212-631-0x00007FF69C5A0000-0x00007FF69C8F1000-memory.dmp	xmrig
behavioral2/memory/1192-635-0x00007FF6F3340000-0x00007FF6F3691000-memory.dmp	xmrig
behavioral2/memory/736-634-0x00007FF78CD80000-0x00007FF78D0D1000-memory.dmp	xmrig
behavioral2/memory/1424-633-0x00007FF745920000-0x00007FF745C71000-memory.dmp	xmrig
behavioral2/memory/1712-632-0x00007FF6F5180000-0x00007FF6F54D1000-memory.dmp	xmrig
behavioral2/memory/904-445-0x00007FF61A490000-0x00007FF61A7E1000-memory.dmp	xmrig
behavioral2/memory/392-444-0x00007FF78A5E0000-0x00007FF78A931000-memory.dmp	xmrig
behavioral2/memory/4020-2471-0x00007FF73E020000-0x00007FF73E371000-memory.dmp	xmrig
behavioral2/memory/952-2470-0x00007FF7BABB0000-0x00007FF7BAF01000-memory.dmp	xmrig
behavioral2/memory/1500-384-0x00007FF64D4C0000-0x00007FF64D811000-memory.dmp	xmrig
behavioral2/memory/5060-381-0x00007FF7267A0000-0x00007FF726AF1000-memory.dmp	xmrig
behavioral2/memory/2004-356-0x00007FF6B3A90000-0x00007FF6B3DE1000-memory.dmp	xmrig
behavioral2/memory/1888-313-0x00007FF77E970000-0x00007FF77ECC1000-memory.dmp	xmrig
behavioral2/memory/388-312-0x00007FF6BDF70000-0x00007FF6BE2C1000-memory.dmp	xmrig
behavioral2/memory/740-252-0x00007FF76C9C0000-0x00007FF76CD11000-memory.dmp	xmrig
behavioral2/memory/3404-234-0x00007FF729610000-0x00007FF729961000-memory.dmp	xmrig
behavioral2/memory/1680-231-0x00007FF608CD0000-0x00007FF609021000-memory.dmp	xmrig
behavioral2/memory/5052-208-0x00007FF6B25A0000-0x00007FF6B28F1000-memory.dmp	xmrig
behavioral2/memory/3376-205-0x00007FF774780000-0x00007FF774AD1000-memory.dmp	xmrig
behavioral2/memory/3332-150-0x00007FF7CE900000-0x00007FF7CEC51000-memory.dmp	xmrig
behavioral2/memory/4988-37-0x00007FF7D5DE0000-0x00007FF7D6131000-memory.dmp	xmrig
behavioral2/memory/2008-2686-0x00007FF683900000-0x00007FF683C51000-memory.dmp	xmrig
behavioral2/memory/1188-2682-0x00007FF68BAB0000-0x00007FF68BE01000-memory.dmp	xmrig
behavioral2/memory/4140-2717-0x00007FF66DEE0000-0x00007FF66E231000-memory.dmp	xmrig
behavioral2/memory/2972-2718-0x00007FF77AC50000-0x00007FF77AFA1000-memory.dmp	xmrig
behavioral2/memory/4020-2764-0x00007FF73E020000-0x00007FF73E371000-memory.dmp	xmrig
behavioral2/memory/4988-2766-0x00007FF7D5DE0000-0x00007FF7D6131000-memory.dmp	xmrig
behavioral2/memory/212-2795-0x00007FF69C5A0000-0x00007FF69C8F1000-memory.dmp	xmrig
behavioral2/memory/1292-2796-0x00007FF7BC080000-0x00007FF7BC3D1000-memory.dmp	xmrig
behavioral2/memory/1712-2798-0x00007FF6F5180000-0x00007FF6F54D1000-memory.dmp	xmrig
behavioral2/memory/2008-2800-0x00007FF683900000-0x00007FF683C51000-memory.dmp	xmrig
behavioral2/memory/3332-2802-0x00007FF7CE900000-0x00007FF7CEC51000-memory.dmp	xmrig
behavioral2/memory/1412-2806-0x00007FF60E790000-0x00007FF60EAE1000-memory.dmp	xmrig
behavioral2/memory/4140-2808-0x00007FF66DEE0000-0x00007FF66E231000-memory.dmp	xmrig
behavioral2/memory/1188-2810-0x00007FF68BAB0000-0x00007FF68BE01000-memory.dmp	xmrig
behavioral2/memory/3376-2805-0x00007FF774780000-0x00007FF774AD1000-memory.dmp	xmrig
behavioral2/memory/4560-2831-0x00007FF672700000-0x00007FF672A51000-memory.dmp	xmrig
behavioral2/memory/736-2817-0x00007FF78CD80000-0x00007FF78D0D1000-memory.dmp	xmrig
behavioral2/memory/392-2834-0x00007FF78A5E0000-0x00007FF78A931000-memory.dmp	xmrig
behavioral2/memory/1500-2857-0x00007FF64D4C0000-0x00007FF64D811000-memory.dmp	xmrig
behavioral2/memory/3464-2855-0x00007FF73D730000-0x00007FF73DA81000-memory.dmp	xmrig
behavioral2/memory/5060-2852-0x00007FF7267A0000-0x00007FF726AF1000-memory.dmp	xmrig
behavioral2/memory/1680-2845-0x00007FF608CD0000-0x00007FF609021000-memory.dmp	xmrig
behavioral2/memory/5052-2844-0x00007FF6B25A0000-0x00007FF6B28F1000-memory.dmp	xmrig
behavioral2/memory/388-2840-0x00007FF6BDF70000-0x00007FF6BE2C1000-memory.dmp	xmrig
behavioral2/memory/740-2836-0x00007FF76C9C0000-0x00007FF76CD11000-memory.dmp	xmrig
behavioral2/memory/2004-2829-0x00007FF6B3A90000-0x00007FF6B3DE1000-memory.dmp	xmrig
behavioral2/memory/904-2854-0x00007FF61A490000-0x00007FF61A7E1000-memory.dmp	xmrig
behavioral2/memory/312-2849-0x00007FF6B6830000-0x00007FF6B6B81000-memory.dmp	xmrig
behavioral2/memory/1192-2847-0x00007FF6F3340000-0x00007FF6F3691000-memory.dmp	xmrig
behavioral2/memory/1888-2822-0x00007FF77E970000-0x00007FF77ECC1000-memory.dmp	xmrig
behavioral2/memory/1424-2815-0x00007FF745920000-0x00007FF745C71000-memory.dmp	xmrig
behavioral2/memory/3404-2842-0x00007FF729610000-0x00007FF729961000-memory.dmp	xmrig
behavioral2/memory/2972-2838-0x00007FF77AC50000-0x00007FF77AFA1000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
4020	wcsrPjO.exe
1292	KuQTxtj.exe
212	vVWNggD.exe
4988	XEHPIxP.exe
1412	SOfSbPv.exe
4140	gfEGzpo.exe
1712	ebpEvSL.exe
1188	zkcChwq.exe
2008	dJWpSOQ.exe
2972	PGrSXeM.exe
3332	cdsOTze.exe
3376	jOqOOra.exe
1424	SGQWqOh.exe
5052	rGQgoFy.exe
1680	xVlimYC.exe
3404	mHLYuok.exe
740	VTmRdda.exe
388	vznoRgV.exe
736	ZHAVGFu.exe
1888	PQfjySs.exe
2004	tFrpIdT.exe
5060	wPsvafh.exe
1192	GLTINij.exe
1500	bFTeHTP.exe
392	MGdYOCL.exe
904	OCRdlfF.exe
312	xEbwWnN.exe
4560	IaiuTkg.exe
3464	uFIxkQU.exe
4504	SomcZFz.exe
1172	RWrEBJW.exe
3720	dnLcieF.exe
1544	JzcGkjt.exe
2464	GoAUaEQ.exe
2180	SFolJrH.exe
2480	TtrZDSO.exe
668	IsAzoze.exe
1808	grKGoJH.exe
4112	kJTxbmx.exe
3148	YQNDtau.exe
4900	ZUjbArz.exe
744	halrIrr.exe
2360	qjBKzBA.exe
816	kqvQVQY.exe
1388	AySoCPh.exe
400	EWwuJFd.exe
1128	yrRVhVA.exe
3160	SMqalkb.exe
3416	zvgjBXK.exe
3608	cjulCKG.exe
3800	lACcDlP.exe
4880	IDmDwzq.exe
4480	ShoZHWX.exe
1244	UHHzblM.exe
4688	GvoVJed.exe
1560	xNxKfrm.exe
4084	bTtNTuo.exe
3636	QolfPYM.exe
1760	VlnURPa.exe
3588	bscpqXW.exe
4380	nExNWwY.exe
4904	jByhPpP.exe
1568	vvPntfY.exe
3088	zONHQSh.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/952-0-0x00007FF7BABB0000-0x00007FF7BAF01000-memory.dmp	upx
behavioral2/files/0x0008000000023455-5.dat	upx
behavioral2/files/0x000700000002345a-7.dat	upx
behavioral2/files/0x0007000000023459-9.dat	upx
behavioral2/memory/1292-22-0x00007FF7BC080000-0x00007FF7BC3D1000-memory.dmp	upx
behavioral2/files/0x0007000000023460-44.dat	upx
behavioral2/files/0x0007000000023464-66.dat	upx
behavioral2/files/0x0007000000023462-89.dat	upx
behavioral2/memory/4560-502-0x00007FF672700000-0x00007FF672A51000-memory.dmp	upx
behavioral2/memory/312-501-0x00007FF6B6830000-0x00007FF6B6B81000-memory.dmp	upx
behavioral2/memory/3464-560-0x00007FF73D730000-0x00007FF73DA81000-memory.dmp	upx
behavioral2/memory/212-631-0x00007FF69C5A0000-0x00007FF69C8F1000-memory.dmp	upx
behavioral2/memory/1192-635-0x00007FF6F3340000-0x00007FF6F3691000-memory.dmp	upx
behavioral2/memory/736-634-0x00007FF78CD80000-0x00007FF78D0D1000-memory.dmp	upx
behavioral2/memory/1424-633-0x00007FF745920000-0x00007FF745C71000-memory.dmp	upx
behavioral2/memory/1712-632-0x00007FF6F5180000-0x00007FF6F54D1000-memory.dmp	upx
behavioral2/memory/904-445-0x00007FF61A490000-0x00007FF61A7E1000-memory.dmp	upx
behavioral2/memory/392-444-0x00007FF78A5E0000-0x00007FF78A931000-memory.dmp	upx
behavioral2/memory/4020-2471-0x00007FF73E020000-0x00007FF73E371000-memory.dmp	upx
behavioral2/memory/952-2470-0x00007FF7BABB0000-0x00007FF7BAF01000-memory.dmp	upx
behavioral2/memory/1500-384-0x00007FF64D4C0000-0x00007FF64D811000-memory.dmp	upx
behavioral2/memory/5060-381-0x00007FF7267A0000-0x00007FF726AF1000-memory.dmp	upx
behavioral2/memory/2004-356-0x00007FF6B3A90000-0x00007FF6B3DE1000-memory.dmp	upx
behavioral2/memory/1888-313-0x00007FF77E970000-0x00007FF77ECC1000-memory.dmp	upx
behavioral2/memory/388-312-0x00007FF6BDF70000-0x00007FF6BE2C1000-memory.dmp	upx
behavioral2/memory/740-252-0x00007FF76C9C0000-0x00007FF76CD11000-memory.dmp	upx
behavioral2/memory/3404-234-0x00007FF729610000-0x00007FF729961000-memory.dmp	upx
behavioral2/memory/1680-231-0x00007FF608CD0000-0x00007FF609021000-memory.dmp	upx
behavioral2/memory/5052-208-0x00007FF6B25A0000-0x00007FF6B28F1000-memory.dmp	upx
behavioral2/memory/3376-205-0x00007FF774780000-0x00007FF774AD1000-memory.dmp	upx
behavioral2/files/0x000700000002346f-199.dat	upx
behavioral2/files/0x000700000002347d-195.dat	upx
behavioral2/files/0x000700000002346d-190.dat	upx
behavioral2/files/0x000700000002347c-188.dat	upx
behavioral2/files/0x000700000002347b-185.dat	upx
behavioral2/files/0x000700000002346c-182.dat	upx
behavioral2/files/0x0007000000023472-178.dat	upx
behavioral2/files/0x000700000002346b-177.dat	upx
behavioral2/files/0x0007000000023468-174.dat	upx
behavioral2/files/0x0007000000023471-172.dat	upx
behavioral2/files/0x000700000002347a-170.dat	upx
behavioral2/files/0x000700000002346a-168.dat	upx
behavioral2/files/0x0007000000023479-167.dat	upx
behavioral2/files/0x0007000000023478-166.dat	upx
behavioral2/files/0x0007000000023477-165.dat	upx
behavioral2/files/0x0007000000023461-158.dat	upx
behavioral2/files/0x0007000000023475-145.dat	upx
behavioral2/files/0x0007000000023474-144.dat	upx
behavioral2/files/0x0007000000023473-143.dat	upx
behavioral2/files/0x000700000002346e-192.dat	upx
behavioral2/files/0x0007000000023469-138.dat	upx
behavioral2/files/0x0007000000023467-131.dat	upx
behavioral2/files/0x0007000000023466-126.dat	upx
behavioral2/files/0x0007000000023465-120.dat	upx
behavioral2/files/0x0007000000023476-155.dat	upx
behavioral2/memory/3332-150-0x00007FF7CE900000-0x00007FF7CEC51000-memory.dmp	upx
behavioral2/memory/2972-113-0x00007FF77AC50000-0x00007FF77AFA1000-memory.dmp	upx
behavioral2/memory/2008-109-0x00007FF683900000-0x00007FF683C51000-memory.dmp	upx
behavioral2/files/0x0007000000023463-93.dat	upx
behavioral2/files/0x0007000000023470-119.dat	upx
behavioral2/memory/1188-83-0x00007FF68BAB0000-0x00007FF68BE01000-memory.dmp	upx
behavioral2/files/0x000700000002345f-82.dat	upx
behavioral2/files/0x000700000002345e-73.dat	upx
behavioral2/memory/4140-65-0x00007FF66DEE0000-0x00007FF66E231000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\xUWKGxN.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\ZukXkba.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\dEvXFFk.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\dKKxRCs.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\uxZpHov.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\cVcgzvY.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\hXwDTLs.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\KeHFctd.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\SomcZFz.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\RpUeZpO.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\JKESqVj.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\EOpeKvj.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\cVgWOEg.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\EIaWNiN.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\IiGSzry.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\cSRzYZZ.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\auzPamd.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\EldkzkF.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\GTQVQME.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\GlfkEdI.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\QqtISsl.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\MXoPHRl.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\lKHOPvb.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\YSpEcFo.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\rLMsPBg.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\QBQCUAv.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\SbQObMB.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\zgjgwgF.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\AfUybAa.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\GfRLYia.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\ygucNpA.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\PPQDTfv.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\fYaEHVa.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\sPPzQSN.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\GcyhYXS.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\CywMTHD.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\FXhyHPn.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\KVUZyIS.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\tFwcqBb.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\IBHAniO.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\JjScCmY.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\iPPAUYf.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\VyXaGOf.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\YRyuCza.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\xbRUOxx.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\nGASFVo.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\VljQVTo.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\yqqBpLp.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\XRijgql.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\TMBPzBp.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\gheCKAe.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\OPxFLEC.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\OuSUQhd.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\zZAojJS.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\sXTUJNT.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\FLQzCMP.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\NiwIBia.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\zNNQobY.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\aDrKVoP.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\PcDqHqu.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\KLspHJW.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\mnfIxMt.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\irggnAw.exe	1c308c49dc873dcfce1b53605fab8c90N.exe
File created	C:\Windows\System\AMZwcIY.exe	1c308c49dc873dcfce1b53605fab8c90N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 952 wrote to memory of 4020	952	1c308c49dc873dcfce1b53605fab8c90N.exe	84
PID 952 wrote to memory of 4020	952	1c308c49dc873dcfce1b53605fab8c90N.exe	84
PID 952 wrote to memory of 1292	952	1c308c49dc873dcfce1b53605fab8c90N.exe	85
PID 952 wrote to memory of 1292	952	1c308c49dc873dcfce1b53605fab8c90N.exe	85
PID 952 wrote to memory of 212	952	1c308c49dc873dcfce1b53605fab8c90N.exe	86
PID 952 wrote to memory of 212	952	1c308c49dc873dcfce1b53605fab8c90N.exe	86
PID 952 wrote to memory of 4988	952	1c308c49dc873dcfce1b53605fab8c90N.exe	87
PID 952 wrote to memory of 4988	952	1c308c49dc873dcfce1b53605fab8c90N.exe	87
PID 952 wrote to memory of 1412	952	1c308c49dc873dcfce1b53605fab8c90N.exe	88
PID 952 wrote to memory of 1412	952	1c308c49dc873dcfce1b53605fab8c90N.exe	88
PID 952 wrote to memory of 4140	952	1c308c49dc873dcfce1b53605fab8c90N.exe	89
PID 952 wrote to memory of 4140	952	1c308c49dc873dcfce1b53605fab8c90N.exe	89
PID 952 wrote to memory of 1712	952	1c308c49dc873dcfce1b53605fab8c90N.exe	90
PID 952 wrote to memory of 1712	952	1c308c49dc873dcfce1b53605fab8c90N.exe	90
PID 952 wrote to memory of 1188	952	1c308c49dc873dcfce1b53605fab8c90N.exe	91
PID 952 wrote to memory of 1188	952	1c308c49dc873dcfce1b53605fab8c90N.exe	91
PID 952 wrote to memory of 2008	952	1c308c49dc873dcfce1b53605fab8c90N.exe	92
PID 952 wrote to memory of 2008	952	1c308c49dc873dcfce1b53605fab8c90N.exe	92
PID 952 wrote to memory of 2972	952	1c308c49dc873dcfce1b53605fab8c90N.exe	93
PID 952 wrote to memory of 2972	952	1c308c49dc873dcfce1b53605fab8c90N.exe	93
PID 952 wrote to memory of 3332	952	1c308c49dc873dcfce1b53605fab8c90N.exe	94
PID 952 wrote to memory of 3332	952	1c308c49dc873dcfce1b53605fab8c90N.exe	94
PID 952 wrote to memory of 3376	952	1c308c49dc873dcfce1b53605fab8c90N.exe	95
PID 952 wrote to memory of 3376	952	1c308c49dc873dcfce1b53605fab8c90N.exe	95
PID 952 wrote to memory of 1424	952	1c308c49dc873dcfce1b53605fab8c90N.exe	96
PID 952 wrote to memory of 1424	952	1c308c49dc873dcfce1b53605fab8c90N.exe	96
PID 952 wrote to memory of 5052	952	1c308c49dc873dcfce1b53605fab8c90N.exe	97
PID 952 wrote to memory of 5052	952	1c308c49dc873dcfce1b53605fab8c90N.exe	97
PID 952 wrote to memory of 1680	952	1c308c49dc873dcfce1b53605fab8c90N.exe	98
PID 952 wrote to memory of 1680	952	1c308c49dc873dcfce1b53605fab8c90N.exe	98
PID 952 wrote to memory of 3404	952	1c308c49dc873dcfce1b53605fab8c90N.exe	99
PID 952 wrote to memory of 3404	952	1c308c49dc873dcfce1b53605fab8c90N.exe	99
PID 952 wrote to memory of 740	952	1c308c49dc873dcfce1b53605fab8c90N.exe	100
PID 952 wrote to memory of 740	952	1c308c49dc873dcfce1b53605fab8c90N.exe	100
PID 952 wrote to memory of 388	952	1c308c49dc873dcfce1b53605fab8c90N.exe	101
PID 952 wrote to memory of 388	952	1c308c49dc873dcfce1b53605fab8c90N.exe	101
PID 952 wrote to memory of 736	952	1c308c49dc873dcfce1b53605fab8c90N.exe	102
PID 952 wrote to memory of 736	952	1c308c49dc873dcfce1b53605fab8c90N.exe	102
PID 952 wrote to memory of 1888	952	1c308c49dc873dcfce1b53605fab8c90N.exe	103
PID 952 wrote to memory of 1888	952	1c308c49dc873dcfce1b53605fab8c90N.exe	103
PID 952 wrote to memory of 904	952	1c308c49dc873dcfce1b53605fab8c90N.exe	104
PID 952 wrote to memory of 904	952	1c308c49dc873dcfce1b53605fab8c90N.exe	104
PID 952 wrote to memory of 2004	952	1c308c49dc873dcfce1b53605fab8c90N.exe	105
PID 952 wrote to memory of 2004	952	1c308c49dc873dcfce1b53605fab8c90N.exe	105
PID 952 wrote to memory of 5060	952	1c308c49dc873dcfce1b53605fab8c90N.exe	106
PID 952 wrote to memory of 5060	952	1c308c49dc873dcfce1b53605fab8c90N.exe	106
PID 952 wrote to memory of 1192	952	1c308c49dc873dcfce1b53605fab8c90N.exe	107
PID 952 wrote to memory of 1192	952	1c308c49dc873dcfce1b53605fab8c90N.exe	107
PID 952 wrote to memory of 1500	952	1c308c49dc873dcfce1b53605fab8c90N.exe	108
PID 952 wrote to memory of 1500	952	1c308c49dc873dcfce1b53605fab8c90N.exe	108
PID 952 wrote to memory of 392	952	1c308c49dc873dcfce1b53605fab8c90N.exe	109
PID 952 wrote to memory of 392	952	1c308c49dc873dcfce1b53605fab8c90N.exe	109
PID 952 wrote to memory of 312	952	1c308c49dc873dcfce1b53605fab8c90N.exe	110
PID 952 wrote to memory of 312	952	1c308c49dc873dcfce1b53605fab8c90N.exe	110
PID 952 wrote to memory of 4560	952	1c308c49dc873dcfce1b53605fab8c90N.exe	111
PID 952 wrote to memory of 4560	952	1c308c49dc873dcfce1b53605fab8c90N.exe	111
PID 952 wrote to memory of 3464	952	1c308c49dc873dcfce1b53605fab8c90N.exe	112
PID 952 wrote to memory of 3464	952	1c308c49dc873dcfce1b53605fab8c90N.exe	112
PID 952 wrote to memory of 4504	952	1c308c49dc873dcfce1b53605fab8c90N.exe	113
PID 952 wrote to memory of 4504	952	1c308c49dc873dcfce1b53605fab8c90N.exe	113
PID 952 wrote to memory of 1172	952	1c308c49dc873dcfce1b53605fab8c90N.exe	114
PID 952 wrote to memory of 1172	952	1c308c49dc873dcfce1b53605fab8c90N.exe	114
PID 952 wrote to memory of 3720	952	1c308c49dc873dcfce1b53605fab8c90N.exe	115
PID 952 wrote to memory of 3720	952	1c308c49dc873dcfce1b53605fab8c90N.exe	115

C:\Users\Admin\AppData\Local\Temp\1c308c49dc873dcfce1b53605fab8c90N.exe
"C:\Users\Admin\AppData\Local\Temp\1c308c49dc873dcfce1b53605fab8c90N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:952
- C:\Windows\System\wcsrPjO.exe
  C:\Windows\System\wcsrPjO.exe
  2⤵
  - Executes dropped EXE
  PID:4020
- C:\Windows\System\KuQTxtj.exe
  C:\Windows\System\KuQTxtj.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\vVWNggD.exe
  C:\Windows\System\vVWNggD.exe
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Windows\System\XEHPIxP.exe
  C:\Windows\System\XEHPIxP.exe
  2⤵
  - Executes dropped EXE
  PID:4988
- C:\Windows\System\SOfSbPv.exe
  C:\Windows\System\SOfSbPv.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\gfEGzpo.exe
  C:\Windows\System\gfEGzpo.exe
  2⤵
  - Executes dropped EXE
  PID:4140
- C:\Windows\System\ebpEvSL.exe
  C:\Windows\System\ebpEvSL.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\zkcChwq.exe
  C:\Windows\System\zkcChwq.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\dJWpSOQ.exe
  C:\Windows\System\dJWpSOQ.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\PGrSXeM.exe
  C:\Windows\System\PGrSXeM.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\cdsOTze.exe
  C:\Windows\System\cdsOTze.exe
  2⤵
  - Executes dropped EXE
  PID:3332
- C:\Windows\System\jOqOOra.exe
  C:\Windows\System\jOqOOra.exe
  2⤵
  - Executes dropped EXE
  PID:3376
- C:\Windows\System\SGQWqOh.exe
  C:\Windows\System\SGQWqOh.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\rGQgoFy.exe
  C:\Windows\System\rGQgoFy.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\xVlimYC.exe
  C:\Windows\System\xVlimYC.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\mHLYuok.exe
  C:\Windows\System\mHLYuok.exe
  2⤵
  - Executes dropped EXE
  PID:3404
- C:\Windows\System\VTmRdda.exe
  C:\Windows\System\VTmRdda.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\vznoRgV.exe
  C:\Windows\System\vznoRgV.exe
  2⤵
  - Executes dropped EXE
  PID:388
- C:\Windows\System\ZHAVGFu.exe
  C:\Windows\System\ZHAVGFu.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\PQfjySs.exe
  C:\Windows\System\PQfjySs.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\OCRdlfF.exe
  C:\Windows\System\OCRdlfF.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\tFrpIdT.exe
  C:\Windows\System\tFrpIdT.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\wPsvafh.exe
  C:\Windows\System\wPsvafh.exe
  2⤵
  - Executes dropped EXE
  PID:5060
- C:\Windows\System\GLTINij.exe
  C:\Windows\System\GLTINij.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\bFTeHTP.exe
  C:\Windows\System\bFTeHTP.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\MGdYOCL.exe
  C:\Windows\System\MGdYOCL.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\xEbwWnN.exe
  C:\Windows\System\xEbwWnN.exe
  2⤵
  - Executes dropped EXE
  PID:312
- C:\Windows\System\IaiuTkg.exe
  C:\Windows\System\IaiuTkg.exe
  2⤵
  - Executes dropped EXE
  PID:4560
- C:\Windows\System\uFIxkQU.exe
  C:\Windows\System\uFIxkQU.exe
  2⤵
  - Executes dropped EXE
  PID:3464
- C:\Windows\System\SomcZFz.exe
  C:\Windows\System\SomcZFz.exe
  2⤵
  - Executes dropped EXE
  PID:4504
- C:\Windows\System\RWrEBJW.exe
  C:\Windows\System\RWrEBJW.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\dnLcieF.exe
  C:\Windows\System\dnLcieF.exe
  2⤵
  - Executes dropped EXE
  PID:3720
- C:\Windows\System\JzcGkjt.exe
  C:\Windows\System\JzcGkjt.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\GoAUaEQ.exe
  C:\Windows\System\GoAUaEQ.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\SFolJrH.exe
  C:\Windows\System\SFolJrH.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\TtrZDSO.exe
  C:\Windows\System\TtrZDSO.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\IsAzoze.exe
  C:\Windows\System\IsAzoze.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\grKGoJH.exe
  C:\Windows\System\grKGoJH.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\lACcDlP.exe
  C:\Windows\System\lACcDlP.exe
  2⤵
  - Executes dropped EXE
  PID:3800
- C:\Windows\System\kJTxbmx.exe
  C:\Windows\System\kJTxbmx.exe
  2⤵
  - Executes dropped EXE
  PID:4112
- C:\Windows\System\YQNDtau.exe
  C:\Windows\System\YQNDtau.exe
  2⤵
  - Executes dropped EXE
  PID:3148
- C:\Windows\System\ZUjbArz.exe
  C:\Windows\System\ZUjbArz.exe
  2⤵
  - Executes dropped EXE
  PID:4900
- C:\Windows\System\halrIrr.exe
  C:\Windows\System\halrIrr.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\qjBKzBA.exe
  C:\Windows\System\qjBKzBA.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\kqvQVQY.exe
  C:\Windows\System\kqvQVQY.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\AySoCPh.exe
  C:\Windows\System\AySoCPh.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\EWwuJFd.exe
  C:\Windows\System\EWwuJFd.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\yrRVhVA.exe
  C:\Windows\System\yrRVhVA.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\SMqalkb.exe
  C:\Windows\System\SMqalkb.exe
  2⤵
  - Executes dropped EXE
  PID:3160
- C:\Windows\System\zvgjBXK.exe
  C:\Windows\System\zvgjBXK.exe
  2⤵
  - Executes dropped EXE
  PID:3416
- C:\Windows\System\cjulCKG.exe
  C:\Windows\System\cjulCKG.exe
  2⤵
  - Executes dropped EXE
  PID:3608
- C:\Windows\System\IDmDwzq.exe
  C:\Windows\System\IDmDwzq.exe
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Windows\System\ShoZHWX.exe
  C:\Windows\System\ShoZHWX.exe
  2⤵
  - Executes dropped EXE
  PID:4480
- C:\Windows\System\UHHzblM.exe
  C:\Windows\System\UHHzblM.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\vvPntfY.exe
  C:\Windows\System\vvPntfY.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\GvoVJed.exe
  C:\Windows\System\GvoVJed.exe
  2⤵
  - Executes dropped EXE
  PID:4688
- C:\Windows\System\xNxKfrm.exe
  C:\Windows\System\xNxKfrm.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\bTtNTuo.exe
  C:\Windows\System\bTtNTuo.exe
  2⤵
  - Executes dropped EXE
  PID:4084
- C:\Windows\System\QolfPYM.exe
  C:\Windows\System\QolfPYM.exe
  2⤵
  - Executes dropped EXE
  PID:3636
- C:\Windows\System\VlnURPa.exe
  C:\Windows\System\VlnURPa.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\bscpqXW.exe
  C:\Windows\System\bscpqXW.exe
  2⤵
  - Executes dropped EXE
  PID:3588
- C:\Windows\System\nExNWwY.exe
  C:\Windows\System\nExNWwY.exe
  2⤵
  - Executes dropped EXE
  PID:4380
- C:\Windows\System\jByhPpP.exe
  C:\Windows\System\jByhPpP.exe
  2⤵
  - Executes dropped EXE
  PID:4904
- C:\Windows\System\ozHnzhk.exe
  C:\Windows\System\ozHnzhk.exe
  2⤵
  PID:3628
- C:\Windows\System\zONHQSh.exe
  C:\Windows\System\zONHQSh.exe
  2⤵
  - Executes dropped EXE
  PID:3088
- C:\Windows\System\FcVTVKg.exe
  C:\Windows\System\FcVTVKg.exe
  2⤵
  PID:4284
- C:\Windows\System\dMkCDOe.exe
  C:\Windows\System\dMkCDOe.exe
  2⤵
  PID:2820
- C:\Windows\System\LsifErD.exe
  C:\Windows\System\LsifErD.exe
  2⤵
  PID:3408
- C:\Windows\System\QoRUFWT.exe
  C:\Windows\System\QoRUFWT.exe
  2⤵
  PID:4884
- C:\Windows\System\PHELAVn.exe
  C:\Windows\System\PHELAVn.exe
  2⤵
  PID:3440
- C:\Windows\System\nIpbkWI.exe
  C:\Windows\System\nIpbkWI.exe
  2⤵
  PID:1588
- C:\Windows\System\WYgXQnZ.exe
  C:\Windows\System\WYgXQnZ.exe
  2⤵
  PID:5044
- C:\Windows\System\ljnePzn.exe
  C:\Windows\System\ljnePzn.exe
  2⤵
  PID:2888
- C:\Windows\System\jyonPeL.exe
  C:\Windows\System\jyonPeL.exe
  2⤵
  PID:4640
- C:\Windows\System\UlWzcSS.exe
  C:\Windows\System\UlWzcSS.exe
  2⤵
  PID:2572
- C:\Windows\System\siJFmGm.exe
  C:\Windows\System\siJFmGm.exe
  2⤵
  PID:3968
- C:\Windows\System\KpyXWpd.exe
  C:\Windows\System\KpyXWpd.exe
  2⤵
  PID:4448
- C:\Windows\System\ZvXSnVR.exe
  C:\Windows\System\ZvXSnVR.exe
  2⤵
  PID:1880
- C:\Windows\System\kqrUMDi.exe
  C:\Windows\System\kqrUMDi.exe
  2⤵
  PID:1416
- C:\Windows\System\SYZrmOK.exe
  C:\Windows\System\SYZrmOK.exe
  2⤵
  PID:4544
- C:\Windows\System\diaKdxe.exe
  C:\Windows\System\diaKdxe.exe
  2⤵
  PID:1892
- C:\Windows\System\nCNJPZE.exe
  C:\Windows\System\nCNJPZE.exe
  2⤵
  PID:1352
- C:\Windows\System\cQqbBeX.exe
  C:\Windows\System\cQqbBeX.exe
  2⤵
  PID:3228
- C:\Windows\System\HbUagmI.exe
  C:\Windows\System\HbUagmI.exe
  2⤵
  PID:3920
- C:\Windows\System\aIEAduV.exe
  C:\Windows\System\aIEAduV.exe
  2⤵
  PID:2296
- C:\Windows\System\JVbvAmD.exe
  C:\Windows\System\JVbvAmD.exe
  2⤵
  PID:4548
- C:\Windows\System\PgJokEt.exe
  C:\Windows\System\PgJokEt.exe
  2⤵
  PID:5140
- C:\Windows\System\BbRfGni.exe
  C:\Windows\System\BbRfGni.exe
  2⤵
  PID:5164
- C:\Windows\System\tPQWhJp.exe
  C:\Windows\System\tPQWhJp.exe
  2⤵
  PID:5184
- C:\Windows\System\EPtJAxc.exe
  C:\Windows\System\EPtJAxc.exe
  2⤵
  PID:5208
- C:\Windows\System\CywMTHD.exe
  C:\Windows\System\CywMTHD.exe
  2⤵
  PID:5228
- C:\Windows\System\TMsDLyH.exe
  C:\Windows\System\TMsDLyH.exe
  2⤵
  PID:5268
- C:\Windows\System\VVkrPsp.exe
  C:\Windows\System\VVkrPsp.exe
  2⤵
  PID:5288
- C:\Windows\System\XzBIETJ.exe
  C:\Windows\System\XzBIETJ.exe
  2⤵
  PID:5312
- C:\Windows\System\ZXYTnRQ.exe
  C:\Windows\System\ZXYTnRQ.exe
  2⤵
  PID:5340
- C:\Windows\System\UzqHjEW.exe
  C:\Windows\System\UzqHjEW.exe
  2⤵
  PID:5376
- C:\Windows\System\YQezGSl.exe
  C:\Windows\System\YQezGSl.exe
  2⤵
  PID:5404
- C:\Windows\System\ntDWxUU.exe
  C:\Windows\System\ntDWxUU.exe
  2⤵
  PID:5428
- C:\Windows\System\tmkBCJV.exe
  C:\Windows\System\tmkBCJV.exe
  2⤵
  PID:5456
- C:\Windows\System\IXEmBvs.exe
  C:\Windows\System\IXEmBvs.exe
  2⤵
  PID:5480
- C:\Windows\System\pTbVLgH.exe
  C:\Windows\System\pTbVLgH.exe
  2⤵
  PID:5504
- C:\Windows\System\XSIImZs.exe
  C:\Windows\System\XSIImZs.exe
  2⤵
  PID:5540
- C:\Windows\System\tdNVDKk.exe
  C:\Windows\System\tdNVDKk.exe
  2⤵
  PID:5560
- C:\Windows\System\JQhwpNG.exe
  C:\Windows\System\JQhwpNG.exe
  2⤵
  PID:5576
- C:\Windows\System\CyYvFER.exe
  C:\Windows\System\CyYvFER.exe
  2⤵
  PID:5608
- C:\Windows\System\QEYFYJY.exe
  C:\Windows\System\QEYFYJY.exe
  2⤵
  PID:5628
- C:\Windows\System\lIXLtUw.exe
  C:\Windows\System\lIXLtUw.exe
  2⤵
  PID:5652
- C:\Windows\System\JjScCmY.exe
  C:\Windows\System\JjScCmY.exe
  2⤵
  PID:5676
- C:\Windows\System\qQDWoLT.exe
  C:\Windows\System\qQDWoLT.exe
  2⤵
  PID:5740
- C:\Windows\System\NAHBowP.exe
  C:\Windows\System\NAHBowP.exe
  2⤵
  PID:5768
- C:\Windows\System\rqmlBvm.exe
  C:\Windows\System\rqmlBvm.exe
  2⤵
  PID:5804
- C:\Windows\System\upQbtxP.exe
  C:\Windows\System\upQbtxP.exe
  2⤵
  PID:5824
- C:\Windows\System\ONPIHrZ.exe
  C:\Windows\System\ONPIHrZ.exe
  2⤵
  PID:5844
- C:\Windows\System\wKJbyWD.exe
  C:\Windows\System\wKJbyWD.exe
  2⤵
  PID:5860
- C:\Windows\System\JHxkcoe.exe
  C:\Windows\System\JHxkcoe.exe
  2⤵
  PID:5900
- C:\Windows\System\UrHvcaA.exe
  C:\Windows\System\UrHvcaA.exe
  2⤵
  PID:5936
- C:\Windows\System\iPPAUYf.exe
  C:\Windows\System\iPPAUYf.exe
  2⤵
  PID:5952
- C:\Windows\System\JBcmJdW.exe
  C:\Windows\System\JBcmJdW.exe
  2⤵
  PID:5976
- C:\Windows\System\JdSuyer.exe
  C:\Windows\System\JdSuyer.exe
  2⤵
  PID:6004
- C:\Windows\System\PbsGRXv.exe
  C:\Windows\System\PbsGRXv.exe
  2⤵
  PID:6020
- C:\Windows\System\oUJhQiY.exe
  C:\Windows\System\oUJhQiY.exe
  2⤵
  PID:6044
- C:\Windows\System\bhJBOOL.exe
  C:\Windows\System\bhJBOOL.exe
  2⤵
  PID:6068
- C:\Windows\System\QImvgce.exe
  C:\Windows\System\QImvgce.exe
  2⤵
  PID:6092
- C:\Windows\System\GvVwVGF.exe
  C:\Windows\System\GvVwVGF.exe
  2⤵
  PID:6116
- C:\Windows\System\kkqIPXa.exe
  C:\Windows\System\kkqIPXa.exe
  2⤵
  PID:6132
- C:\Windows\System\OsvfdTK.exe
  C:\Windows\System\OsvfdTK.exe
  2⤵
  PID:2876
- C:\Windows\System\ARgxToW.exe
  C:\Windows\System\ARgxToW.exe
  2⤵
  PID:3904
- C:\Windows\System\OVKzQVL.exe
  C:\Windows\System\OVKzQVL.exe
  2⤵
  PID:4388
- C:\Windows\System\WBQoAIv.exe
  C:\Windows\System\WBQoAIv.exe
  2⤵
  PID:4240
- C:\Windows\System\YFhGaXw.exe
  C:\Windows\System\YFhGaXw.exe
  2⤵
  PID:4400
- C:\Windows\System\ZBZYPED.exe
  C:\Windows\System\ZBZYPED.exe
  2⤵
  PID:3728
- C:\Windows\System\RFPxsbj.exe
  C:\Windows\System\RFPxsbj.exe
  2⤵
  PID:5108
- C:\Windows\System\QhUmplh.exe
  C:\Windows\System\QhUmplh.exe
  2⤵
  PID:5524
- C:\Windows\System\wvGWTkG.exe
  C:\Windows\System\wvGWTkG.exe
  2⤵
  PID:2184
- C:\Windows\System\JQLnQlI.exe
  C:\Windows\System\JQLnQlI.exe
  2⤵
  PID:4004
- C:\Windows\System\ISkYZKx.exe
  C:\Windows\System\ISkYZKx.exe
  2⤵
  PID:3268
- C:\Windows\System\RVxFfqO.exe
  C:\Windows\System\RVxFfqO.exe
  2⤵
  PID:2000
- C:\Windows\System\xgKUHuF.exe
  C:\Windows\System\xgKUHuF.exe
  2⤵
  PID:3996
- C:\Windows\System\sxUoThR.exe
  C:\Windows\System\sxUoThR.exe
  2⤵
  PID:1540
- C:\Windows\System\NLdeAhm.exe
  C:\Windows\System\NLdeAhm.exe
  2⤵
  PID:5148
- C:\Windows\System\QThePAE.exe
  C:\Windows\System\QThePAE.exe
  2⤵
  PID:5248
- C:\Windows\System\BxoFZcr.exe
  C:\Windows\System\BxoFZcr.exe
  2⤵
  PID:5308
- C:\Windows\System\hnGICVV.exe
  C:\Windows\System\hnGICVV.exe
  2⤵
  PID:6172
- C:\Windows\System\KLspHJW.exe
  C:\Windows\System\KLspHJW.exe
  2⤵
  PID:6192
- C:\Windows\System\qlpNFzT.exe
  C:\Windows\System\qlpNFzT.exe
  2⤵
  PID:6212
- C:\Windows\System\tXwfvgw.exe
  C:\Windows\System\tXwfvgw.exe
  2⤵
  PID:6228
- C:\Windows\System\qAsZasm.exe
  C:\Windows\System\qAsZasm.exe
  2⤵
  PID:6252
- C:\Windows\System\wlnLBRM.exe
  C:\Windows\System\wlnLBRM.exe
  2⤵
  PID:6276
- C:\Windows\System\CowyCqK.exe
  C:\Windows\System\CowyCqK.exe
  2⤵
  PID:6300
- C:\Windows\System\valPnKk.exe
  C:\Windows\System\valPnKk.exe
  2⤵
  PID:6320
- C:\Windows\System\nGASFVo.exe
  C:\Windows\System\nGASFVo.exe
  2⤵
  PID:6344
- C:\Windows\System\XOgaVHP.exe
  C:\Windows\System\XOgaVHP.exe
  2⤵
  PID:6364
- C:\Windows\System\TaTfZaD.exe
  C:\Windows\System\TaTfZaD.exe
  2⤵
  PID:6388
- C:\Windows\System\MiKZYvL.exe
  C:\Windows\System\MiKZYvL.exe
  2⤵
  PID:6420
- C:\Windows\System\bLVYYxO.exe
  C:\Windows\System\bLVYYxO.exe
  2⤵
  PID:6436
- C:\Windows\System\zSdOmGq.exe
  C:\Windows\System\zSdOmGq.exe
  2⤵
  PID:6476
- C:\Windows\System\osARiAc.exe
  C:\Windows\System\osARiAc.exe
  2⤵
  PID:6516
- C:\Windows\System\lKHOPvb.exe
  C:\Windows\System\lKHOPvb.exe
  2⤵
  PID:6536
- C:\Windows\System\TZbAJPV.exe
  C:\Windows\System\TZbAJPV.exe
  2⤵
  PID:6552
- C:\Windows\System\OWWSSmK.exe
  C:\Windows\System\OWWSSmK.exe
  2⤵
  PID:6580
- C:\Windows\System\hqCxcHG.exe
  C:\Windows\System\hqCxcHG.exe
  2⤵
  PID:6604
- C:\Windows\System\MlhbRyf.exe
  C:\Windows\System\MlhbRyf.exe
  2⤵
  PID:6620
- C:\Windows\System\DnYoUgM.exe
  C:\Windows\System\DnYoUgM.exe
  2⤵
  PID:6636
- C:\Windows\System\iGmklGy.exe
  C:\Windows\System\iGmklGy.exe
  2⤵
  PID:6684
- C:\Windows\System\VluWDWy.exe
  C:\Windows\System\VluWDWy.exe
  2⤵
  PID:6700
- C:\Windows\System\EwrYnfB.exe
  C:\Windows\System\EwrYnfB.exe
  2⤵
  PID:6724
- C:\Windows\System\ZeiMnGF.exe
  C:\Windows\System\ZeiMnGF.exe
  2⤵
  PID:6752
- C:\Windows\System\YefToGt.exe
  C:\Windows\System\YefToGt.exe
  2⤵
  PID:6776
- C:\Windows\System\VUKZgVl.exe
  C:\Windows\System\VUKZgVl.exe
  2⤵
  PID:6800
- C:\Windows\System\yYeVEsj.exe
  C:\Windows\System\yYeVEsj.exe
  2⤵
  PID:6820
- C:\Windows\System\UhBUcJv.exe
  C:\Windows\System\UhBUcJv.exe
  2⤵
  PID:6848
- C:\Windows\System\ZFKXwaM.exe
  C:\Windows\System\ZFKXwaM.exe
  2⤵
  PID:6864
- C:\Windows\System\ueXYzSZ.exe
  C:\Windows\System\ueXYzSZ.exe
  2⤵
  PID:6892
- C:\Windows\System\DfHXmdS.exe
  C:\Windows\System\DfHXmdS.exe
  2⤵
  PID:6908
- C:\Windows\System\gKHNMEw.exe
  C:\Windows\System\gKHNMEw.exe
  2⤵
  PID:6940
- C:\Windows\System\BJeJfOE.exe
  C:\Windows\System\BJeJfOE.exe
  2⤵
  PID:6956
- C:\Windows\System\UujEoRA.exe
  C:\Windows\System\UujEoRA.exe
  2⤵
  PID:6976
- C:\Windows\System\AyeSIMe.exe
  C:\Windows\System\AyeSIMe.exe
  2⤵
  PID:6996
- C:\Windows\System\YGJsvGA.exe
  C:\Windows\System\YGJsvGA.exe
  2⤵
  PID:7036
- C:\Windows\System\eBztCAO.exe
  C:\Windows\System\eBztCAO.exe
  2⤵
  PID:7052
- C:\Windows\System\RpUeZpO.exe
  C:\Windows\System\RpUeZpO.exe
  2⤵
  PID:7076
- C:\Windows\System\jgnfmcN.exe
  C:\Windows\System\jgnfmcN.exe
  2⤵
  PID:7096
- C:\Windows\System\nTkMbwj.exe
  C:\Windows\System\nTkMbwj.exe
  2⤵
  PID:7116
- C:\Windows\System\OhgDjMW.exe
  C:\Windows\System\OhgDjMW.exe
  2⤵
  PID:7144
- C:\Windows\System\pvvVYAa.exe
  C:\Windows\System\pvvVYAa.exe
  2⤵
  PID:5712
- C:\Windows\System\uOWxeHn.exe
  C:\Windows\System\uOWxeHn.exe
  2⤵
  PID:5412
- C:\Windows\System\szbqjEH.exe
  C:\Windows\System\szbqjEH.exe
  2⤵
  PID:5472
- C:\Windows\System\oVNeAvd.exe
  C:\Windows\System\oVNeAvd.exe
  2⤵
  PID:5512
- C:\Windows\System\JKNAtcs.exe
  C:\Windows\System\JKNAtcs.exe
  2⤵
  PID:1088
- C:\Windows\System\DHAEzNI.exe
  C:\Windows\System\DHAEzNI.exe
  2⤵
  PID:5836
- C:\Windows\System\uJsfuCy.exe
  C:\Windows\System\uJsfuCy.exe
  2⤵
  PID:3776
- C:\Windows\System\QlWNPOn.exe
  C:\Windows\System\QlWNPOn.exe
  2⤵
  PID:5568
- C:\Windows\System\PJKPPti.exe
  C:\Windows\System\PJKPPti.exe
  2⤵
  PID:5596
- C:\Windows\System\WtmFFFO.exe
  C:\Windows\System\WtmFFFO.exe
  2⤵
  PID:5644
- C:\Windows\System\tQDZYgB.exe
  C:\Windows\System\tQDZYgB.exe
  2⤵
  PID:4484
- C:\Windows\System\XqrEmRL.exe
  C:\Windows\System\XqrEmRL.exe
  2⤵
  PID:5728
- C:\Windows\System\EkUbGpd.exe
  C:\Windows\System\EkUbGpd.exe
  2⤵
  PID:5764
- C:\Windows\System\xUWKGxN.exe
  C:\Windows\System\xUWKGxN.exe
  2⤵
  PID:5812
- C:\Windows\System\MmrFvit.exe
  C:\Windows\System\MmrFvit.exe
  2⤵
  PID:6352
- C:\Windows\System\WXJFPPP.exe
  C:\Windows\System\WXJFPPP.exe
  2⤵
  PID:6488
- C:\Windows\System\qDGKyIF.exe
  C:\Windows\System\qDGKyIF.exe
  2⤵
  PID:6532
- C:\Windows\System\fczxQXJ.exe
  C:\Windows\System\fczxQXJ.exe
  2⤵
  PID:6028
- C:\Windows\System\fvicSBl.exe
  C:\Windows\System\fvicSBl.exe
  2⤵
  PID:6060
- C:\Windows\System\sVQAlGa.exe
  C:\Windows\System\sVQAlGa.exe
  2⤵
  PID:6112
- C:\Windows\System\SsHaVsd.exe
  C:\Windows\System\SsHaVsd.exe
  2⤵
  PID:7024
- C:\Windows\System\KwnWGGy.exe
  C:\Windows\System\KwnWGGy.exe
  2⤵
  PID:7112
- C:\Windows\System\GlQBrhJ.exe
  C:\Windows\System\GlQBrhJ.exe
  2⤵
  PID:5516
- C:\Windows\System\QUSHVQo.exe
  C:\Windows\System\QUSHVQo.exe
  2⤵
  PID:5572
- C:\Windows\System\gFCVMpw.exe
  C:\Windows\System\gFCVMpw.exe
  2⤵
  PID:5868
- C:\Windows\System\XfrMcHy.exe
  C:\Windows\System\XfrMcHy.exe
  2⤵
  PID:5348
- C:\Windows\System\AmaGXiQ.exe
  C:\Windows\System\AmaGXiQ.exe
  2⤵
  PID:6340
- C:\Windows\System\iRUmtKE.exe
  C:\Windows\System\iRUmtKE.exe
  2⤵
  PID:6012
- C:\Windows\System\gLVsgGa.exe
  C:\Windows\System\gLVsgGa.exe
  2⤵
  PID:2924
- C:\Windows\System\SLFtikp.exe
  C:\Windows\System\SLFtikp.exe
  2⤵
  PID:2472
- C:\Windows\System\JBQrVEY.exe
  C:\Windows\System\JBQrVEY.exe
  2⤵
  PID:6988
- C:\Windows\System\kECRdpq.exe
  C:\Windows\System\kECRdpq.exe
  2⤵
  PID:6432
- C:\Windows\System\PeAWFNG.exe
  C:\Windows\System\PeAWFNG.exe
  2⤵
  PID:5624
- C:\Windows\System\CNqQEPh.exe
  C:\Windows\System\CNqQEPh.exe
  2⤵
  PID:4908
- C:\Windows\System\qDWfPLM.exe
  C:\Windows\System\qDWfPLM.exe
  2⤵
  PID:7104
- C:\Windows\System\LhgKhZJ.exe
  C:\Windows\System\LhgKhZJ.exe
  2⤵
  PID:4756
- C:\Windows\System\ClkyzxB.exe
  C:\Windows\System\ClkyzxB.exe
  2⤵
  PID:4624
- C:\Windows\System\oyuxZeM.exe
  C:\Windows\System\oyuxZeM.exe
  2⤵
  PID:4492
- C:\Windows\System\mDQPdQz.exe
  C:\Windows\System\mDQPdQz.exe
  2⤵
  PID:3744
- C:\Windows\System\kLmhteD.exe
  C:\Windows\System\kLmhteD.exe
  2⤵
  PID:7180
- C:\Windows\System\KsQVpLC.exe
  C:\Windows\System\KsQVpLC.exe
  2⤵
  PID:7196
- C:\Windows\System\vkAoOwo.exe
  C:\Windows\System\vkAoOwo.exe
  2⤵
  PID:7216
- C:\Windows\System\ZukXkba.exe
  C:\Windows\System\ZukXkba.exe
  2⤵
  PID:7240
- C:\Windows\System\teSMtUA.exe
  C:\Windows\System\teSMtUA.exe
  2⤵
  PID:7264
- C:\Windows\System\FVpPRwn.exe
  C:\Windows\System\FVpPRwn.exe
  2⤵
  PID:7284
- C:\Windows\System\GIIpwsa.exe
  C:\Windows\System\GIIpwsa.exe
  2⤵
  PID:7304
- C:\Windows\System\bwFZVgq.exe
  C:\Windows\System\bwFZVgq.exe
  2⤵
  PID:7328
- C:\Windows\System\oSZWsSD.exe
  C:\Windows\System\oSZWsSD.exe
  2⤵
  PID:7360
- C:\Windows\System\RbaMzsA.exe
  C:\Windows\System\RbaMzsA.exe
  2⤵
  PID:7380
- C:\Windows\System\rqDuCYz.exe
  C:\Windows\System\rqDuCYz.exe
  2⤵
  PID:7400
- C:\Windows\System\zgjgwgF.exe
  C:\Windows\System\zgjgwgF.exe
  2⤵
  PID:7424
- C:\Windows\System\mnfIxMt.exe
  C:\Windows\System\mnfIxMt.exe
  2⤵
  PID:7456
- C:\Windows\System\JSEZIDE.exe
  C:\Windows\System\JSEZIDE.exe
  2⤵
  PID:7480
- C:\Windows\System\GuBeDsV.exe
  C:\Windows\System\GuBeDsV.exe
  2⤵
  PID:7504
- C:\Windows\System\aWyPGEF.exe
  C:\Windows\System\aWyPGEF.exe
  2⤵
  PID:7528
- C:\Windows\System\XcRjJzf.exe
  C:\Windows\System\XcRjJzf.exe
  2⤵
  PID:7548
- C:\Windows\System\rJhlpSm.exe
  C:\Windows\System\rJhlpSm.exe
  2⤵
  PID:7572
- C:\Windows\System\DyzIvcE.exe
  C:\Windows\System\DyzIvcE.exe
  2⤵
  PID:7596
- C:\Windows\System\TMBPzBp.exe
  C:\Windows\System\TMBPzBp.exe
  2⤵
  PID:7620
- C:\Windows\System\MepUoxw.exe
  C:\Windows\System\MepUoxw.exe
  2⤵
  PID:7644
- C:\Windows\System\TxoMEkW.exe
  C:\Windows\System\TxoMEkW.exe
  2⤵
  PID:7660
- C:\Windows\System\CzIVKBV.exe
  C:\Windows\System\CzIVKBV.exe
  2⤵
  PID:7680
- C:\Windows\System\HKwvKUf.exe
  C:\Windows\System\HKwvKUf.exe
  2⤵
  PID:7696
- C:\Windows\System\ZqprBeB.exe
  C:\Windows\System\ZqprBeB.exe
  2⤵
  PID:7712
- C:\Windows\System\IXbXYZV.exe
  C:\Windows\System\IXbXYZV.exe
  2⤵
  PID:7732
- C:\Windows\System\gqLYntJ.exe
  C:\Windows\System\gqLYntJ.exe
  2⤵
  PID:7760
- C:\Windows\System\cIslGkO.exe
  C:\Windows\System\cIslGkO.exe
  2⤵
  PID:7784
- C:\Windows\System\EMDZyHE.exe
  C:\Windows\System\EMDZyHE.exe
  2⤵
  PID:7808
- C:\Windows\System\gqrrwtE.exe
  C:\Windows\System\gqrrwtE.exe
  2⤵
  PID:7824
- C:\Windows\System\EIaWNiN.exe
  C:\Windows\System\EIaWNiN.exe
  2⤵
  PID:7848
- C:\Windows\System\NZrzcyl.exe
  C:\Windows\System\NZrzcyl.exe
  2⤵
  PID:7868
- C:\Windows\System\tXdAnsu.exe
  C:\Windows\System\tXdAnsu.exe
  2⤵
  PID:7888
- C:\Windows\System\pepoNkI.exe
  C:\Windows\System\pepoNkI.exe
  2⤵
  PID:7908
- C:\Windows\System\TrrIcAa.exe
  C:\Windows\System\TrrIcAa.exe
  2⤵
  PID:7932
- C:\Windows\System\TbVuWLa.exe
  C:\Windows\System\TbVuWLa.exe
  2⤵
  PID:7960
- C:\Windows\System\vAhkcmP.exe
  C:\Windows\System\vAhkcmP.exe
  2⤵
  PID:8012
- C:\Windows\System\nCnEsqr.exe
  C:\Windows\System\nCnEsqr.exe
  2⤵
  PID:8036
- C:\Windows\System\YSpEcFo.exe
  C:\Windows\System\YSpEcFo.exe
  2⤵
  PID:8060
- C:\Windows\System\oAdQhaO.exe
  C:\Windows\System\oAdQhaO.exe
  2⤵
  PID:8084
- C:\Windows\System\GvFhhoI.exe
  C:\Windows\System\GvFhhoI.exe
  2⤵
  PID:8100
- C:\Windows\System\kqpQwMh.exe
  C:\Windows\System\kqpQwMh.exe
  2⤵
  PID:8124
- C:\Windows\System\oDFZjpv.exe
  C:\Windows\System\oDFZjpv.exe
  2⤵
  PID:8148
- C:\Windows\System\MAwQjyn.exe
  C:\Windows\System\MAwQjyn.exe
  2⤵
  PID:8172
- C:\Windows\System\krETKiz.exe
  C:\Windows\System\krETKiz.exe
  2⤵
  PID:1828
- C:\Windows\System\zXtdERk.exe
  C:\Windows\System\zXtdERk.exe
  2⤵
  PID:4784
- C:\Windows\System\EQsUbaJ.exe
  C:\Windows\System\EQsUbaJ.exe
  2⤵
  PID:2072
- C:\Windows\System\lUUszAl.exe
  C:\Windows\System\lUUszAl.exe
  2⤵
  PID:5532
- C:\Windows\System\KxxUMcY.exe
  C:\Windows\System\KxxUMcY.exe
  2⤵
  PID:3896
- C:\Windows\System\bVQzvVE.exe
  C:\Windows\System\bVQzvVE.exe
  2⤵
  PID:4896
- C:\Windows\System\YOucmzr.exe
  C:\Windows\System\YOucmzr.exe
  2⤵
  PID:7192
- C:\Windows\System\svomRFb.exe
  C:\Windows\System\svomRFb.exe
  2⤵
  PID:220
- C:\Windows\System\NBvSUJQ.exe
  C:\Windows\System\NBvSUJQ.exe
  2⤵
  PID:7408
- C:\Windows\System\aABCbbY.exe
  C:\Windows\System\aABCbbY.exe
  2⤵
  PID:7520
- C:\Windows\System\FdfcDMr.exe
  C:\Windows\System\FdfcDMr.exe
  2⤵
  PID:7616
- C:\Windows\System\LgLAIlU.exe
  C:\Windows\System\LgLAIlU.exe
  2⤵
  PID:4080
- C:\Windows\System\REAHiHz.exe
  C:\Windows\System\REAHiHz.exe
  2⤵
  PID:8212
- C:\Windows\System\srnfMLs.exe
  C:\Windows\System\srnfMLs.exe
  2⤵
  PID:8236
- C:\Windows\System\HdTsuLQ.exe
  C:\Windows\System\HdTsuLQ.exe
  2⤵
  PID:8256
- C:\Windows\System\ZODmfSU.exe
  C:\Windows\System\ZODmfSU.exe
  2⤵
  PID:8280
- C:\Windows\System\BsORuiN.exe
  C:\Windows\System\BsORuiN.exe
  2⤵
  PID:8300
- C:\Windows\System\jxZfsDx.exe
  C:\Windows\System\jxZfsDx.exe
  2⤵
  PID:8316
- C:\Windows\System\AfUybAa.exe
  C:\Windows\System\AfUybAa.exe
  2⤵
  PID:8344
- C:\Windows\System\hGkrlEx.exe
  C:\Windows\System\hGkrlEx.exe
  2⤵
  PID:8360
- C:\Windows\System\QfdfeGD.exe
  C:\Windows\System\QfdfeGD.exe
  2⤵
  PID:8380
- C:\Windows\System\dfAPlJz.exe
  C:\Windows\System\dfAPlJz.exe
  2⤵
  PID:8400
- C:\Windows\System\COTAgzn.exe
  C:\Windows\System\COTAgzn.exe
  2⤵
  PID:8428
- C:\Windows\System\RPIOdAi.exe
  C:\Windows\System\RPIOdAi.exe
  2⤵
  PID:8452
- C:\Windows\System\iWBBccu.exe
  C:\Windows\System\iWBBccu.exe
  2⤵
  PID:8468
- C:\Windows\System\TVgcLvu.exe
  C:\Windows\System\TVgcLvu.exe
  2⤵
  PID:8488
- C:\Windows\System\qoovvDz.exe
  C:\Windows\System\qoovvDz.exe
  2⤵
  PID:8512
- C:\Windows\System\tajvbCj.exe
  C:\Windows\System\tajvbCj.exe
  2⤵
  PID:8556
- C:\Windows\System\ylkkivj.exe
  C:\Windows\System\ylkkivj.exe
  2⤵
  PID:8580
- C:\Windows\System\iebdlhf.exe
  C:\Windows\System\iebdlhf.exe
  2⤵
  PID:8604
- C:\Windows\System\kOtadsH.exe
  C:\Windows\System\kOtadsH.exe
  2⤵
  PID:8628
- C:\Windows\System\AiFIafE.exe
  C:\Windows\System\AiFIafE.exe
  2⤵
  PID:8656
- C:\Windows\System\EpPOFBp.exe
  C:\Windows\System\EpPOFBp.exe
  2⤵
  PID:8676
- C:\Windows\System\cYIeeXi.exe
  C:\Windows\System\cYIeeXi.exe
  2⤵
  PID:8704
- C:\Windows\System\vqdbLdI.exe
  C:\Windows\System\vqdbLdI.exe
  2⤵
  PID:8728
- C:\Windows\System\JnXzoWH.exe
  C:\Windows\System\JnXzoWH.exe
  2⤵
  PID:8752
- C:\Windows\System\BaDEJlo.exe
  C:\Windows\System\BaDEJlo.exe
  2⤵
  PID:8772
- C:\Windows\System\WTxUtZt.exe
  C:\Windows\System\WTxUtZt.exe
  2⤵
  PID:8796
- C:\Windows\System\aIcXMgH.exe
  C:\Windows\System\aIcXMgH.exe
  2⤵
  PID:8812
- C:\Windows\System\qgtpcMn.exe
  C:\Windows\System\qgtpcMn.exe
  2⤵
  PID:8836
- C:\Windows\System\gVOJJMa.exe
  C:\Windows\System\gVOJJMa.exe
  2⤵
  PID:8860
- C:\Windows\System\dsoKIvN.exe
  C:\Windows\System\dsoKIvN.exe
  2⤵
  PID:8880
- C:\Windows\System\DrbCJBU.exe
  C:\Windows\System\DrbCJBU.exe
  2⤵
  PID:8904
- C:\Windows\System\kauwtPn.exe
  C:\Windows\System\kauwtPn.exe
  2⤵
  PID:8920
- C:\Windows\System\PqtjJgJ.exe
  C:\Windows\System\PqtjJgJ.exe
  2⤵
  PID:8940
- C:\Windows\System\HclKuYf.exe
  C:\Windows\System\HclKuYf.exe
  2⤵
  PID:8956
- C:\Windows\System\FMQPRLy.exe
  C:\Windows\System\FMQPRLy.exe
  2⤵
  PID:8980
- C:\Windows\System\GwpMONr.exe
  C:\Windows\System\GwpMONr.exe
  2⤵
  PID:9012
- C:\Windows\System\QcTKGmn.exe
  C:\Windows\System\QcTKGmn.exe
  2⤵
  PID:9032
- C:\Windows\System\ymeaYTj.exe
  C:\Windows\System\ymeaYTj.exe
  2⤵
  PID:9056
- C:\Windows\System\jRPVSdb.exe
  C:\Windows\System\jRPVSdb.exe
  2⤵
  PID:9076
- C:\Windows\System\SvLgJlN.exe
  C:\Windows\System\SvLgJlN.exe
  2⤵
  PID:9096
- C:\Windows\System\ttVCQOO.exe
  C:\Windows\System\ttVCQOO.exe
  2⤵
  PID:9120
- C:\Windows\System\JvGaTaL.exe
  C:\Windows\System\JvGaTaL.exe
  2⤵
  PID:9144
- C:\Windows\System\DcceZzg.exe
  C:\Windows\System\DcceZzg.exe
  2⤵
  PID:9168
- C:\Windows\System\hrLShIx.exe
  C:\Windows\System\hrLShIx.exe
  2⤵
  PID:9196
- C:\Windows\System\MXALMqb.exe
  C:\Windows\System\MXALMqb.exe
  2⤵
  PID:7656
- C:\Windows\System\dWGYTIk.exe
  C:\Windows\System\dWGYTIk.exe
  2⤵
  PID:7008
- C:\Windows\System\sEKvNAH.exe
  C:\Windows\System\sEKvNAH.exe
  2⤵
  PID:7692
- C:\Windows\System\yTqlzUL.exe
  C:\Windows\System\yTqlzUL.exe
  2⤵
  PID:7748
- C:\Windows\System\aVmlVNX.exe
  C:\Windows\System\aVmlVNX.exe
  2⤵
  PID:7820
- C:\Windows\System\EymoBnY.exe
  C:\Windows\System\EymoBnY.exe
  2⤵
  PID:7312
- C:\Windows\System\URvVqcL.exe
  C:\Windows\System\URvVqcL.exe
  2⤵
  PID:7948
- C:\Windows\System\FveUhPQ.exe
  C:\Windows\System\FveUhPQ.exe
  2⤵
  PID:6972
- C:\Windows\System\lKnxeQr.exe
  C:\Windows\System\lKnxeQr.exe
  2⤵
  PID:7448
- C:\Windows\System\cVcItGc.exe
  C:\Windows\System\cVcItGc.exe
  2⤵
  PID:7540
- C:\Windows\System\LwfMelc.exe
  C:\Windows\System\LwfMelc.exe
  2⤵
  PID:4980
- C:\Windows\System\wwqkqJJ.exe
  C:\Windows\System\wwqkqJJ.exe
  2⤵
  PID:7280
- C:\Windows\System\LHEdxoW.exe
  C:\Windows\System\LHEdxoW.exe
  2⤵
  PID:7060
- C:\Windows\System\cHhjkzp.exe
  C:\Windows\System\cHhjkzp.exe
  2⤵
  PID:5400
- C:\Windows\System\sMxYhPF.exe
  C:\Windows\System\sMxYhPF.exe
  2⤵
  PID:3356
- C:\Windows\System\cnivBhd.exe
  C:\Windows\System\cnivBhd.exe
  2⤵
  PID:5240
- C:\Windows\System\VGlXGIE.exe
  C:\Windows\System\VGlXGIE.exe
  2⤵
  PID:1528
- C:\Windows\System\PEJcDlw.exe
  C:\Windows\System\PEJcDlw.exe
  2⤵
  PID:8204
- C:\Windows\System\ynrNkYo.exe
  C:\Windows\System\ynrNkYo.exe
  2⤵
  PID:7728
- C:\Windows\System\LAYEqlU.exe
  C:\Windows\System\LAYEqlU.exe
  2⤵
  PID:7224
- C:\Windows\System\QjTBBue.exe
  C:\Windows\System\QjTBBue.exe
  2⤵
  PID:7260
- C:\Windows\System\VcpByoz.exe
  C:\Windows\System\VcpByoz.exe
  2⤵
  PID:7900
- C:\Windows\System\AZoqFjW.exe
  C:\Windows\System\AZoqFjW.exe
  2⤵
  PID:7376
- C:\Windows\System\fvlksOa.exe
  C:\Windows\System\fvlksOa.exe
  2⤵
  PID:7432
- C:\Windows\System\RcZoDew.exe
  C:\Windows\System\RcZoDew.exe
  2⤵
  PID:8540
- C:\Windows\System\fYaEHVa.exe
  C:\Windows\System\fYaEHVa.exe
  2⤵
  PID:8076
- C:\Windows\System\GIEobVQ.exe
  C:\Windows\System\GIEobVQ.exe
  2⤵
  PID:8092
- C:\Windows\System\aKBxkCX.exe
  C:\Windows\System\aKBxkCX.exe
  2⤵
  PID:9232
- C:\Windows\System\gZpJbGV.exe
  C:\Windows\System\gZpJbGV.exe
  2⤵
  PID:9256
- C:\Windows\System\FCLOIjY.exe
  C:\Windows\System\FCLOIjY.exe
  2⤵
  PID:9280
- C:\Windows\System\wSWQwPA.exe
  C:\Windows\System\wSWQwPA.exe
  2⤵
  PID:9300
- C:\Windows\System\UPMMLMs.exe
  C:\Windows\System\UPMMLMs.exe
  2⤵
  PID:9324
- C:\Windows\System\jPWBPnt.exe
  C:\Windows\System\jPWBPnt.exe
  2⤵
  PID:9348
- C:\Windows\System\tqoYXjE.exe
  C:\Windows\System\tqoYXjE.exe
  2⤵
  PID:9368
- C:\Windows\System\aACgVNM.exe
  C:\Windows\System\aACgVNM.exe
  2⤵
  PID:9388
- C:\Windows\System\xRqzkRw.exe
  C:\Windows\System\xRqzkRw.exe
  2⤵
  PID:9412
- C:\Windows\System\DzrFcxE.exe
  C:\Windows\System\DzrFcxE.exe
  2⤵
  PID:9432
- C:\Windows\System\sXTUJNT.exe
  C:\Windows\System\sXTUJNT.exe
  2⤵
  PID:9452
- C:\Windows\System\LJziWJM.exe
  C:\Windows\System\LJziWJM.exe
  2⤵
  PID:9484
- C:\Windows\System\NzAzway.exe
  C:\Windows\System\NzAzway.exe
  2⤵
  PID:9508
- C:\Windows\System\MdBqsdG.exe
  C:\Windows\System\MdBqsdG.exe
  2⤵
  PID:9532
- C:\Windows\System\uqVmtha.exe
  C:\Windows\System\uqVmtha.exe
  2⤵
  PID:9552
- C:\Windows\System\JKESqVj.exe
  C:\Windows\System\JKESqVj.exe
  2⤵
  PID:9580
- C:\Windows\System\ylSgUfx.exe
  C:\Windows\System\ylSgUfx.exe
  2⤵
  PID:9600
- C:\Windows\System\BSaBasA.exe
  C:\Windows\System\BSaBasA.exe
  2⤵
  PID:9620
- C:\Windows\System\vfzRsjo.exe
  C:\Windows\System\vfzRsjo.exe
  2⤵
  PID:9644
- C:\Windows\System\DNRBJwt.exe
  C:\Windows\System\DNRBJwt.exe
  2⤵
  PID:9668
- C:\Windows\System\XXpbKUE.exe
  C:\Windows\System\XXpbKUE.exe
  2⤵
  PID:9696
- C:\Windows\System\xoQodGJ.exe
  C:\Windows\System\xoQodGJ.exe
  2⤵
  PID:9720
- C:\Windows\System\tFkDJXe.exe
  C:\Windows\System\tFkDJXe.exe
  2⤵
  PID:9744
- C:\Windows\System\wwIzowz.exe
  C:\Windows\System\wwIzowz.exe
  2⤵
  PID:9768
- C:\Windows\System\iGOGPMk.exe
  C:\Windows\System\iGOGPMk.exe
  2⤵
  PID:9796
- C:\Windows\System\YgezifD.exe
  C:\Windows\System\YgezifD.exe
  2⤵
  PID:9816
- C:\Windows\System\nBGTkaK.exe
  C:\Windows\System\nBGTkaK.exe
  2⤵
  PID:9848
- C:\Windows\System\NpEmNWh.exe
  C:\Windows\System\NpEmNWh.exe
  2⤵
  PID:9884
- C:\Windows\System\HuKeIvi.exe
  C:\Windows\System\HuKeIvi.exe
  2⤵
  PID:9900
- C:\Windows\System\CpSIDfL.exe
  C:\Windows\System\CpSIDfL.exe
  2⤵
  PID:9928
- C:\Windows\System\YAgItyn.exe
  C:\Windows\System\YAgItyn.exe
  2⤵
  PID:9956
- C:\Windows\System\naeamnS.exe
  C:\Windows\System\naeamnS.exe
  2⤵
  PID:9972
- C:\Windows\System\jJyWNTR.exe
  C:\Windows\System\jJyWNTR.exe
  2⤵
  PID:9992
- C:\Windows\System\QVVkTFR.exe
  C:\Windows\System\QVVkTFR.exe
  2⤵
  PID:10016
- C:\Windows\System\poiakPy.exe
  C:\Windows\System\poiakPy.exe
  2⤵
  PID:10032
- C:\Windows\System\TzioDCc.exe
  C:\Windows\System\TzioDCc.exe
  2⤵
  PID:10056
- C:\Windows\System\GjNauRz.exe
  C:\Windows\System\GjNauRz.exe
  2⤵
  PID:10076
- C:\Windows\System\GuuvQwE.exe
  C:\Windows\System\GuuvQwE.exe
  2⤵
  PID:10116
- C:\Windows\System\SVigPmi.exe
  C:\Windows\System\SVigPmi.exe
  2⤵
  PID:10136
- C:\Windows\System\gLAVZmn.exe
  C:\Windows\System\gLAVZmn.exe
  2⤵
  PID:10160
- C:\Windows\System\cGEwzVJ.exe
  C:\Windows\System\cGEwzVJ.exe
  2⤵
  PID:10180
- C:\Windows\System\JCGVaYo.exe
  C:\Windows\System\JCGVaYo.exe
  2⤵
  PID:10204
- C:\Windows\System\lXRFRJI.exe
  C:\Windows\System\lXRFRJI.exe
  2⤵
  PID:10224
- C:\Windows\System\TaVZTvZ.exe
  C:\Windows\System\TaVZTvZ.exe
  2⤵
  PID:8180
- C:\Windows\System\edNfPBb.exe
  C:\Windows\System\edNfPBb.exe
  2⤵
  PID:8716
- C:\Windows\System\jlkXtVk.exe
  C:\Windows\System\jlkXtVk.exe
  2⤵
  PID:8768
- C:\Windows\System\TeTySIb.exe
  C:\Windows\System\TeTySIb.exe
  2⤵
  PID:7300
- C:\Windows\System\ghMCNyH.exe
  C:\Windows\System\ghMCNyH.exe
  2⤵
  PID:8876
- C:\Windows\System\VkCzQGd.exe
  C:\Windows\System\VkCzQGd.exe
  2⤵
  PID:9052
- C:\Windows\System\DJbyeZm.exe
  C:\Windows\System\DJbyeZm.exe
  2⤵
  PID:9140
- C:\Windows\System\JQMtMUe.exe
  C:\Windows\System\JQMtMUe.exe
  2⤵
  PID:9188
- C:\Windows\System\DEAYdUK.exe
  C:\Windows\System\DEAYdUK.exe
  2⤵
  PID:8264
- C:\Windows\System\nZovWtc.exe
  C:\Windows\System\nZovWtc.exe
  2⤵
  PID:7776
- C:\Windows\System\DDUPAtl.exe
  C:\Windows\System\DDUPAtl.exe
  2⤵
  PID:7940
- C:\Windows\System\LXGhRPm.exe
  C:\Windows\System\LXGhRPm.exe
  2⤵
  PID:8328
- C:\Windows\System\ZGRQkuB.exe
  C:\Windows\System\ZGRQkuB.exe
  2⤵
  PID:7556
- C:\Windows\System\vALdrMl.exe
  C:\Windows\System\vALdrMl.exe
  2⤵
  PID:8392
- C:\Windows\System\nxayMFE.exe
  C:\Windows\System\nxayMFE.exe
  2⤵
  PID:5788
- C:\Windows\System\wpQRnvF.exe
  C:\Windows\System\wpQRnvF.exe
  2⤵
  PID:6568
- C:\Windows\System\sTdFhdG.exe
  C:\Windows\System\sTdFhdG.exe
  2⤵
  PID:8484
- C:\Windows\System\geKOmuH.exe
  C:\Windows\System\geKOmuH.exe
  2⤵
  PID:1580
- C:\Windows\System\tNCFqhM.exe
  C:\Windows\System\tNCFqhM.exe
  2⤵
  PID:2996
- C:\Windows\System\yFeAXQq.exe
  C:\Windows\System\yFeAXQq.exe
  2⤵
  PID:8548
- C:\Windows\System\oixAOEn.exe
  C:\Windows\System\oixAOEn.exe
  2⤵
  PID:8028
- C:\Windows\System\QuxgJfB.exe
  C:\Windows\System\QuxgJfB.exe
  2⤵
  PID:9228
- C:\Windows\System\juhfenw.exe
  C:\Windows\System\juhfenw.exe
  2⤵
  PID:8164
- C:\Windows\System\tqTDiux.exe
  C:\Windows\System\tqTDiux.exe
  2⤵
  PID:8684
- C:\Windows\System\VlKMwTX.exe
  C:\Windows\System\VlKMwTX.exe
  2⤵
  PID:9592
- C:\Windows\System\bugeCSQ.exe
  C:\Windows\System\bugeCSQ.exe
  2⤵
  PID:9984
- C:\Windows\System\iVJRAZT.exe
  C:\Windows\System\iVJRAZT.exe
  2⤵
  PID:9688
- C:\Windows\System\FLXMwfT.exe
  C:\Windows\System\FLXMwfT.exe
  2⤵
  PID:9940
- C:\Windows\System\LJainye.exe
  C:\Windows\System\LJainye.exe
  2⤵
  PID:5000
- C:\Windows\System\WJccIsB.exe
  C:\Windows\System\WJccIsB.exe
  2⤵
  PID:8368
- C:\Windows\System\jjNvUsI.exe
  C:\Windows\System\jjNvUsI.exe
  2⤵
  PID:10260
- C:\Windows\System\fnCsZkT.exe
  C:\Windows\System\fnCsZkT.exe
  2⤵
  PID:10280
- C:\Windows\System\qLNJXyn.exe
  C:\Windows\System\qLNJXyn.exe
  2⤵
  PID:10300
- C:\Windows\System\IiGSzry.exe
  C:\Windows\System\IiGSzry.exe
  2⤵
  PID:10320
- C:\Windows\System\AoZADjq.exe
  C:\Windows\System\AoZADjq.exe
  2⤵
  PID:10352
- C:\Windows\System\vGurtLg.exe
  C:\Windows\System\vGurtLg.exe
  2⤵
  PID:10368
- C:\Windows\System\szUqEkm.exe
  C:\Windows\System\szUqEkm.exe
  2⤵
  PID:10388
- C:\Windows\System\zELTUar.exe
  C:\Windows\System\zELTUar.exe
  2⤵
  PID:10408
- C:\Windows\System\RZJJsfB.exe
  C:\Windows\System\RZJJsfB.exe
  2⤵
  PID:10428
- C:\Windows\System\ynLXyHX.exe
  C:\Windows\System\ynLXyHX.exe
  2⤵
  PID:10452
- C:\Windows\System\EoWKchZ.exe
  C:\Windows\System\EoWKchZ.exe
  2⤵
  PID:10484
- C:\Windows\System\jAhxpEK.exe
  C:\Windows\System\jAhxpEK.exe
  2⤵
  PID:10508
- C:\Windows\System\XQwYwGz.exe
  C:\Windows\System\XQwYwGz.exe
  2⤵
  PID:10528
- C:\Windows\System\EldkzkF.exe
  C:\Windows\System\EldkzkF.exe
  2⤵
  PID:10552
- C:\Windows\System\LZPzJdD.exe
  C:\Windows\System\LZPzJdD.exe
  2⤵
  PID:10572
- C:\Windows\System\CLcSnwY.exe
  C:\Windows\System\CLcSnwY.exe
  2⤵
  PID:10596
- C:\Windows\System\UxHegfo.exe
  C:\Windows\System\UxHegfo.exe
  2⤵
  PID:10624
- C:\Windows\System\BndCYfJ.exe
  C:\Windows\System\BndCYfJ.exe
  2⤵
  PID:10644
- C:\Windows\System\MIGkyOV.exe
  C:\Windows\System\MIGkyOV.exe
  2⤵
  PID:10664
- C:\Windows\System\kjwEXZb.exe
  C:\Windows\System\kjwEXZb.exe
  2⤵
  PID:10684
- C:\Windows\System\NuasGXr.exe
  C:\Windows\System\NuasGXr.exe
  2⤵
  PID:10708
- C:\Windows\System\kkTmARS.exe
  C:\Windows\System\kkTmARS.exe
  2⤵
  PID:10732
- C:\Windows\System\cAzJJvo.exe
  C:\Windows\System\cAzJJvo.exe
  2⤵
  PID:10756
- C:\Windows\System\eHKrNvF.exe
  C:\Windows\System\eHKrNvF.exe
  2⤵
  PID:10776
- C:\Windows\System\rvRNKNm.exe
  C:\Windows\System\rvRNKNm.exe
  2⤵
  PID:10796
- C:\Windows\System\mzLkTKR.exe
  C:\Windows\System\mzLkTKR.exe
  2⤵
  PID:10820
- C:\Windows\System\xdjtinC.exe
  C:\Windows\System\xdjtinC.exe
  2⤵
  PID:10852
- C:\Windows\System\bxQebry.exe
  C:\Windows\System\bxQebry.exe
  2⤵
  PID:10876
- C:\Windows\System\VmWEvxc.exe
  C:\Windows\System\VmWEvxc.exe
  2⤵
  PID:10900
- C:\Windows\System\SjZUcAz.exe
  C:\Windows\System\SjZUcAz.exe
  2⤵
  PID:10920
- C:\Windows\System\GfRLYia.exe
  C:\Windows\System\GfRLYia.exe
  2⤵
  PID:10940
- C:\Windows\System\QStwvVe.exe
  C:\Windows\System\QStwvVe.exe
  2⤵
  PID:10964
- C:\Windows\System\DGvURef.exe
  C:\Windows\System\DGvURef.exe
  2⤵
  PID:10988
- C:\Windows\System\ygucNpA.exe
  C:\Windows\System\ygucNpA.exe
  2⤵
  PID:11016
- C:\Windows\System\lNnwBbN.exe
  C:\Windows\System\lNnwBbN.exe
  2⤵
  PID:11040
- C:\Windows\System\taDOnAz.exe
  C:\Windows\System\taDOnAz.exe
  2⤵
  PID:11056
- C:\Windows\System\SmnoLgN.exe
  C:\Windows\System\SmnoLgN.exe
  2⤵
  PID:11080
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 11080 -s 248
    3⤵
    PID:6856
- C:\Windows\System\ZpegZel.exe
  C:\Windows\System\ZpegZel.exe
  2⤵
  PID:11108
- C:\Windows\System\VyoVvGH.exe
  C:\Windows\System\VyoVvGH.exe
  2⤵
  PID:11124
- C:\Windows\System\floedYh.exe
  C:\Windows\System\floedYh.exe
  2⤵
  PID:11144
- C:\Windows\System\ypeCZDZ.exe
  C:\Windows\System\ypeCZDZ.exe
  2⤵
  PID:11160
- C:\Windows\System\ILisQML.exe
  C:\Windows\System\ILisQML.exe
  2⤵
  PID:11176
- C:\Windows\System\pWMzWVp.exe
  C:\Windows\System\pWMzWVp.exe
  2⤵
  PID:11196
- C:\Windows\System\VBKyQGO.exe
  C:\Windows\System\VBKyQGO.exe
  2⤵
  PID:11212
- C:\Windows\System\NxtsMFt.exe
  C:\Windows\System\NxtsMFt.exe
  2⤵
  PID:11236
- C:\Windows\System\OwmxPGe.exe
  C:\Windows\System\OwmxPGe.exe
  2⤵
  PID:11252
- C:\Windows\System\IWaQjjb.exe
  C:\Windows\System\IWaQjjb.exe
  2⤵
  PID:10152
- C:\Windows\System\VlBYzZF.exe
  C:\Windows\System\VlBYzZF.exe
  2⤵
  PID:2516
- C:\Windows\System\ZthrZdD.exe
  C:\Windows\System\ZthrZdD.exe
  2⤵
  PID:3508
- C:\Windows\System\IAaSbpE.exe
  C:\Windows\System\IAaSbpE.exe
  2⤵
  PID:9424
- C:\Windows\System\XwWHSaY.exe
  C:\Windows\System\XwWHSaY.exe
  2⤵
  PID:8612
- C:\Windows\System\MFUIJqh.exe
  C:\Windows\System\MFUIJqh.exe
  2⤵
  PID:9492
- C:\Windows\System\GOiMViw.exe
  C:\Windows\System\GOiMViw.exe
  2⤵
  PID:9524
- C:\Windows\System\kdXQIIv.exe
  C:\Windows\System\kdXQIIv.exe
  2⤵
  PID:8976
- C:\Windows\System\oRxqdFV.exe
  C:\Windows\System\oRxqdFV.exe
  2⤵
  PID:9000
- C:\Windows\System\EHPKmaP.exe
  C:\Windows\System\EHPKmaP.exe
  2⤵
  PID:9068
- C:\Windows\System\oSpsale.exe
  C:\Windows\System\oSpsale.exe
  2⤵
  PID:9112
- C:\Windows\System\rzOdfVi.exe
  C:\Windows\System\rzOdfVi.exe
  2⤵
  PID:9812
- C:\Windows\System\diNTavJ.exe
  C:\Windows\System\diNTavJ.exe
  2⤵
  PID:7416
- C:\Windows\System\FLQzCMP.exe
  C:\Windows\System\FLQzCMP.exe
  2⤵
  PID:11276
- C:\Windows\System\FPaswpi.exe
  C:\Windows\System\FPaswpi.exe
  2⤵
  PID:11296
- C:\Windows\System\NafgRgJ.exe
  C:\Windows\System\NafgRgJ.exe
  2⤵
  PID:11316
- C:\Windows\System\ObQJkRb.exe
  C:\Windows\System\ObQJkRb.exe
  2⤵
  PID:11340
- C:\Windows\System\gNMMXxz.exe
  C:\Windows\System\gNMMXxz.exe
  2⤵
  PID:11364
- C:\Windows\System\bKQgVbG.exe
  C:\Windows\System\bKQgVbG.exe
  2⤵
  PID:11396
- C:\Windows\System\DJGqsCH.exe
  C:\Windows\System\DJGqsCH.exe
  2⤵
  PID:11416
- C:\Windows\System\TcrAKUg.exe
  C:\Windows\System\TcrAKUg.exe
  2⤵
  PID:11436
- C:\Windows\System\HEpxYgw.exe
  C:\Windows\System\HEpxYgw.exe
  2⤵
  PID:11452
- C:\Windows\System\ylrfkAz.exe
  C:\Windows\System\ylrfkAz.exe
  2⤵
  PID:11492
- C:\Windows\System\DkHOSSR.exe
  C:\Windows\System\DkHOSSR.exe
  2⤵
  PID:11516
- C:\Windows\System\glfJext.exe
  C:\Windows\System\glfJext.exe
  2⤵
  PID:11532
- C:\Windows\System\JTmUDYZ.exe
  C:\Windows\System\JTmUDYZ.exe
  2⤵
  PID:11548
- C:\Windows\System\viYNjPp.exe
  C:\Windows\System\viYNjPp.exe
  2⤵
  PID:11564
- C:\Windows\System\xktDDnG.exe
  C:\Windows\System\xktDDnG.exe
  2⤵
  PID:11584
- C:\Windows\System\oOUTAvz.exe
  C:\Windows\System\oOUTAvz.exe
  2⤵
  PID:11600
- C:\Windows\System\PAeeeaL.exe
  C:\Windows\System\PAeeeaL.exe
  2⤵
  PID:11632
- C:\Windows\System\uUneWVq.exe
  C:\Windows\System\uUneWVq.exe
  2⤵
  PID:11656
- C:\Windows\System\XEioeVj.exe
  C:\Windows\System\XEioeVj.exe
  2⤵
  PID:11680
- C:\Windows\System\XHlcFtG.exe
  C:\Windows\System\XHlcFtG.exe
  2⤵
  PID:11704
- C:\Windows\System\GIBzrzE.exe
  C:\Windows\System\GIBzrzE.exe
  2⤵
  PID:11724
- C:\Windows\System\cdwxffq.exe
  C:\Windows\System\cdwxffq.exe
  2⤵
  PID:11744
- C:\Windows\System\nahqACo.exe
  C:\Windows\System\nahqACo.exe
  2⤵
  PID:11768
- C:\Windows\System\XmTaXKY.exe
  C:\Windows\System\XmTaXKY.exe
  2⤵
  PID:11800
- C:\Windows\System\TDGqmVD.exe
  C:\Windows\System\TDGqmVD.exe
  2⤵
  PID:11816
- C:\Windows\System\JDBisNn.exe
  C:\Windows\System\JDBisNn.exe
  2⤵
  PID:11840
- C:\Windows\System\wryQvtf.exe
  C:\Windows\System\wryQvtf.exe
  2⤵
  PID:11864
- C:\Windows\System\XTCeviy.exe
  C:\Windows\System\XTCeviy.exe
  2⤵
  PID:11888
- C:\Windows\System\KfpdTGW.exe
  C:\Windows\System\KfpdTGW.exe
  2⤵
  PID:11904
- C:\Windows\System\wYRqStV.exe
  C:\Windows\System\wYRqStV.exe
  2⤵
  PID:11928
- C:\Windows\System\pmPjKIk.exe
  C:\Windows\System\pmPjKIk.exe
  2⤵
  PID:11952
- C:\Windows\System\fisyCoj.exe
  C:\Windows\System\fisyCoj.exe
  2⤵
  PID:11980
- C:\Windows\System\eeWJidH.exe
  C:\Windows\System\eeWJidH.exe
  2⤵
  PID:12012
- C:\Windows\System\KqUrllp.exe
  C:\Windows\System\KqUrllp.exe
  2⤵
  PID:12032
- C:\Windows\System\yjZffTe.exe
  C:\Windows\System\yjZffTe.exe
  2⤵
  PID:12072
- C:\Windows\System\ijAYCke.exe
  C:\Windows\System\ijAYCke.exe
  2⤵
  PID:12112
- C:\Windows\System\gSIutPH.exe
  C:\Windows\System\gSIutPH.exe
  2⤵
  PID:12128
- C:\Windows\System\QQsKQyU.exe
  C:\Windows\System\QQsKQyU.exe
  2⤵
  PID:12144
- C:\Windows\System\RmpFbkM.exe
  C:\Windows\System\RmpFbkM.exe
  2⤵
  PID:12168
- C:\Windows\System\inVLsHk.exe
  C:\Windows\System\inVLsHk.exe
  2⤵
  PID:12184
- C:\Windows\System\HRGgsva.exe
  C:\Windows\System\HRGgsva.exe
  2⤵
  PID:12204
- C:\Windows\System\KKAeQnq.exe
  C:\Windows\System\KKAeQnq.exe
  2⤵
  PID:12228
- C:\Windows\System\rrdddNA.exe
  C:\Windows\System\rrdddNA.exe
  2⤵
  PID:12248
- C:\Windows\System\DwJOExC.exe
  C:\Windows\System\DwJOExC.exe
  2⤵
  PID:12268
- C:\Windows\System\WKxgpeB.exe
  C:\Windows\System\WKxgpeB.exe
  2⤵
  PID:5396
- C:\Windows\System\YwdCcBF.exe
  C:\Windows\System\YwdCcBF.exe
  2⤵
  PID:7084
- C:\Windows\System\kqxYvHx.exe
  C:\Windows\System\kqxYvHx.exe
  2⤵
  PID:5660
- C:\Windows\System\XojCJTW.exe
  C:\Windows\System\XojCJTW.exe
  2⤵
  PID:7320
- C:\Windows\System\yRBpbAy.exe
  C:\Windows\System\yRBpbAy.exe
  2⤵
  PID:8636
- C:\Windows\System\xsZygvu.exe
  C:\Windows\System\xsZygvu.exe
  2⤵
  PID:7856
- C:\Windows\System\UYXdvBI.exe
  C:\Windows\System\UYXdvBI.exe
  2⤵
  PID:9208
- C:\Windows\System\ASomdaF.exe
  C:\Windows\System\ASomdaF.exe
  2⤵
  PID:9660
- C:\Windows\System\EjQIzZO.exe
  C:\Windows\System\EjQIzZO.exe
  2⤵
  PID:10024
- C:\Windows\System\dAAwSqt.exe
  C:\Windows\System\dAAwSqt.exe
  2⤵
  PID:10308
- C:\Windows\System\CiOBfmD.exe
  C:\Windows\System\CiOBfmD.exe
  2⤵
  PID:10348
- C:\Windows\System\NDjpxNM.exe
  C:\Windows\System\NDjpxNM.exe
  2⤵
  PID:10008
- C:\Windows\System\blBpyAR.exe
  C:\Windows\System\blBpyAR.exe
  2⤵
  PID:10492
- C:\Windows\System\tovRLic.exe
  C:\Windows\System\tovRLic.exe
  2⤵
  PID:1800
- C:\Windows\System\JXgDWQv.exe
  C:\Windows\System\JXgDWQv.exe
  2⤵
  PID:10640
- C:\Windows\System\VkrhniH.exe
  C:\Windows\System\VkrhniH.exe
  2⤵
  PID:10696
- C:\Windows\System\cdXIzkt.exe
  C:\Windows\System\cdXIzkt.exe
  2⤵
  PID:10792
- C:\Windows\System\uxZpHov.exe
  C:\Windows\System\uxZpHov.exe
  2⤵
  PID:10768
- C:\Windows\System\uoDpUSw.exe
  C:\Windows\System\uoDpUSw.exe
  2⤵
  PID:9616
- C:\Windows\System\AidWYRs.exe
  C:\Windows\System\AidWYRs.exe
  2⤵
  PID:9716
- C:\Windows\System\mzpMLaX.exe
  C:\Windows\System\mzpMLaX.exe
  2⤵
  PID:12292
- C:\Windows\System\WptQswl.exe
  C:\Windows\System\WptQswl.exe
  2⤵
  PID:12316
- C:\Windows\System\sPPzQSN.exe
  C:\Windows\System\sPPzQSN.exe
  2⤵
  PID:12344
- C:\Windows\System\OCorsHJ.exe
  C:\Windows\System\OCorsHJ.exe
  2⤵
  PID:12360
- C:\Windows\System\rSSsdoI.exe
  C:\Windows\System\rSSsdoI.exe
  2⤵
  PID:12380
- C:\Windows\System\KkDUfHb.exe
  C:\Windows\System\KkDUfHb.exe
  2⤵
  PID:12404
- C:\Windows\System\pXYJCKX.exe
  C:\Windows\System\pXYJCKX.exe
  2⤵
  PID:12424
- C:\Windows\System\ojxrVbw.exe
  C:\Windows\System\ojxrVbw.exe
  2⤵
  PID:12444
- C:\Windows\System\VJLbtRs.exe
  C:\Windows\System\VJLbtRs.exe
  2⤵
  PID:12464
- C:\Windows\System\huXoZAY.exe
  C:\Windows\System\huXoZAY.exe
  2⤵
  PID:12492
- C:\Windows\System\uFoCtFP.exe
  C:\Windows\System\uFoCtFP.exe
  2⤵
  PID:12512
- C:\Windows\System\BrrkOZh.exe
  C:\Windows\System\BrrkOZh.exe
  2⤵
  PID:12528
- C:\Windows\System\pCUSVVI.exe
  C:\Windows\System\pCUSVVI.exe
  2⤵
  PID:12544
- C:\Windows\System\ZSgdcgm.exe
  C:\Windows\System\ZSgdcgm.exe
  2⤵
  PID:12560
- C:\Windows\System\FFFULQS.exe
  C:\Windows\System\FFFULQS.exe
  2⤵
  PID:12576
- C:\Windows\System\LHBsFWT.exe
  C:\Windows\System\LHBsFWT.exe
  2⤵
  PID:12592
- C:\Windows\System\FfKLHvK.exe
  C:\Windows\System\FfKLHvK.exe
  2⤵
  PID:12608
- C:\Windows\System\KVIRvOd.exe
  C:\Windows\System\KVIRvOd.exe
  2⤵
  PID:12632
- C:\Windows\System\lpigiua.exe
  C:\Windows\System\lpigiua.exe
  2⤵
  PID:12648
- C:\Windows\System\MyAetUy.exe
  C:\Windows\System\MyAetUy.exe
  2⤵
  PID:12664
- C:\Windows\System\cyLmmoN.exe
  C:\Windows\System\cyLmmoN.exe
  2⤵
  PID:12680
- C:\Windows\System\yvtbXQf.exe
  C:\Windows\System\yvtbXQf.exe
  2⤵
  PID:12696
- C:\Windows\System\jtYMXYj.exe
  C:\Windows\System\jtYMXYj.exe
  2⤵
  PID:12712
- C:\Windows\System\xfALazN.exe
  C:\Windows\System\xfALazN.exe
  2⤵
  PID:12728
- C:\Windows\System\uZbXDgg.exe
  C:\Windows\System\uZbXDgg.exe
  2⤵
  PID:12748
- C:\Windows\System\aBqhRTv.exe
  C:\Windows\System\aBqhRTv.exe
  2⤵
  PID:12780
- C:\Windows\System\PpZxQJJ.exe
  C:\Windows\System\PpZxQJJ.exe
  2⤵
  PID:12796
- C:\Windows\System\WfXsIcZ.exe
  C:\Windows\System\WfXsIcZ.exe
  2⤵
  PID:12828
- C:\Windows\System\XSicBju.exe
  C:\Windows\System\XSicBju.exe
  2⤵
  PID:12852
- C:\Windows\System\NsmXsam.exe
  C:\Windows\System\NsmXsam.exe
  2⤵
  PID:12872
- C:\Windows\System\kVNQIUA.exe
  C:\Windows\System\kVNQIUA.exe
  2⤵
  PID:12892
- C:\Windows\System\gxavcSx.exe
  C:\Windows\System\gxavcSx.exe
  2⤵
  PID:12912
- C:\Windows\System\ERhUuAb.exe
  C:\Windows\System\ERhUuAb.exe
  2⤵
  PID:12932
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 12932 -s 252
    3⤵
    PID:15112
- C:\Windows\System\rIgEerO.exe
  C:\Windows\System\rIgEerO.exe
  2⤵
  PID:12952
- C:\Windows\System\EOpeKvj.exe
  C:\Windows\System\EOpeKvj.exe
  2⤵
  PID:12980
- C:\Windows\System\GABicFy.exe
  C:\Windows\System\GABicFy.exe
  2⤵
  PID:13004
- C:\Windows\System\KfRqXgp.exe
  C:\Windows\System\KfRqXgp.exe
  2⤵
  PID:13024
- C:\Windows\System\AtdRBuP.exe
  C:\Windows\System\AtdRBuP.exe
  2⤵
  PID:13040
- C:\Windows\System\dEvXFFk.exe
  C:\Windows\System\dEvXFFk.exe
  2⤵
  PID:13056
- C:\Windows\System\GTQVQME.exe
  C:\Windows\System\GTQVQME.exe
  2⤵
  PID:13076
- C:\Windows\System\FXhyHPn.exe
  C:\Windows\System\FXhyHPn.exe
  2⤵
  PID:13092
- C:\Windows\System\jUzKsjn.exe
  C:\Windows\System\jUzKsjn.exe
  2⤵
  PID:13120
- C:\Windows\System\THEnSNR.exe
  C:\Windows\System\THEnSNR.exe
  2⤵
  PID:13148
- C:\Windows\System\zfdUEGG.exe
  C:\Windows\System\zfdUEGG.exe
  2⤵
  PID:13172
- C:\Windows\System\WszjNyN.exe
  C:\Windows\System\WszjNyN.exe
  2⤵
  PID:13196
- C:\Windows\System\iNwKZUM.exe
  C:\Windows\System\iNwKZUM.exe
  2⤵
  PID:13220
- C:\Windows\System\JGKGggC.exe
  C:\Windows\System\JGKGggC.exe
  2⤵
  PID:13248
- C:\Windows\System\XMHNhOt.exe
  C:\Windows\System\XMHNhOt.exe
  2⤵
  PID:13276
- C:\Windows\System\OHLgHSA.exe
  C:\Windows\System\OHLgHSA.exe
  2⤵
  PID:13292
- C:\Windows\System\ufHeLsz.exe
  C:\Windows\System\ufHeLsz.exe
  2⤵
  PID:11076
- C:\Windows\System\laktkhB.exe
  C:\Windows\System\laktkhB.exe
  2⤵
  PID:11140
- C:\Windows\System\arBleMe.exe
  C:\Windows\System\arBleMe.exe
  2⤵
  PID:11224
- C:\Windows\System\gheCKAe.exe
  C:\Windows\System\gheCKAe.exe
  2⤵
  PID:3556
- C:\Windows\System\VljQVTo.exe
  C:\Windows\System\VljQVTo.exe
  2⤵
  PID:8056
- C:\Windows\System\AyYyNhW.exe
  C:\Windows\System\AyYyNhW.exe
  2⤵
  PID:9948
- C:\Windows\System\yJpCAYG.exe
  C:\Windows\System\yJpCAYG.exe
  2⤵
  PID:9980
- C:\Windows\System\NxnefuM.exe
  C:\Windows\System\NxnefuM.exe
  2⤵
  PID:9028
- C:\Windows\System\UzLDYMc.exe
  C:\Windows\System\UzLDYMc.exe
  2⤵
  PID:10064
- C:\Windows\System\SFhqhxd.exe
  C:\Windows\System\SFhqhxd.exe
  2⤵
  PID:11360
- C:\Windows\System\CUYScha.exe
  C:\Windows\System\CUYScha.exe
  2⤵
  PID:11428
- C:\Windows\System\hDRdKZQ.exe
  C:\Windows\System\hDRdKZQ.exe
  2⤵
  PID:10196
- C:\Windows\System\yqqBpLp.exe
  C:\Windows\System\yqqBpLp.exe
  2⤵
  PID:11560
- C:\Windows\System\rKSXUuZ.exe
  C:\Windows\System\rKSXUuZ.exe
  2⤵
  PID:11648
- C:\Windows\System\mBAlgHK.exe
  C:\Windows\System\mBAlgHK.exe
  2⤵
  PID:2452
- C:\Windows\System\eCpBiyy.exe
  C:\Windows\System\eCpBiyy.exe
  2⤵
  PID:11732
- C:\Windows\System\kNaZaWf.exe
  C:\Windows\System\kNaZaWf.exe
  2⤵
  PID:11760
- C:\Windows\System\mHPeNIj.exe
  C:\Windows\System\mHPeNIj.exe
  2⤵
  PID:7652
- C:\Windows\System\GhidvTj.exe
  C:\Windows\System\GhidvTj.exe
  2⤵
  PID:11836
- C:\Windows\System\IjuPjXK.exe
  C:\Windows\System\IjuPjXK.exe
  2⤵
  PID:11944
- C:\Windows\System\DIqkmLV.exe
  C:\Windows\System\DIqkmLV.exe
  2⤵
  PID:12052
- C:\Windows\System\XhdOzdj.exe
  C:\Windows\System\XhdOzdj.exe
  2⤵
  PID:12088
- C:\Windows\System\cYUNOSS.exe
  C:\Windows\System\cYUNOSS.exe
  2⤵
  PID:840
- C:\Windows\System\GcyhYXS.exe
  C:\Windows\System\GcyhYXS.exe
  2⤵
  PID:7880
- C:\Windows\System\NQhvxmB.exe
  C:\Windows\System\NQhvxmB.exe
  2⤵
  PID:3808
- C:\Windows\System\kVBRsVT.exe
  C:\Windows\System\kVBRsVT.exe
  2⤵
  PID:10236
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 10236 -s 220
    3⤵
    PID:15296
- C:\Windows\System\TuGBaMg.exe
  C:\Windows\System\TuGBaMg.exe
  2⤵
  PID:8412
- C:\Windows\System\SbXyKAO.exe
  C:\Windows\System\SbXyKAO.exe
  2⤵
  PID:12236
- C:\Windows\System\mxrkdxa.exe
  C:\Windows\System\mxrkdxa.exe
  2⤵
  PID:10448
- C:\Windows\System\zfAjiJB.exe
  C:\Windows\System\zfAjiJB.exe
  2⤵
  PID:7980
- C:\Windows\System\derVfRN.exe
  C:\Windows\System\derVfRN.exe
  2⤵
  PID:10548
- C:\Windows\System\jIHEaaz.exe
  C:\Windows\System\jIHEaaz.exe
  2⤵
  PID:9088
- C:\Windows\System\HKnSwjw.exe
  C:\Windows\System\HKnSwjw.exe
  2⤵
  PID:7796
- C:\Windows\System\GlfkEdI.exe
  C:\Windows\System\GlfkEdI.exe
  2⤵
  PID:10656
- C:\Windows\System\CNWjotu.exe
  C:\Windows\System\CNWjotu.exe
  2⤵
  PID:10472
- C:\Windows\System\CBozhoK.exe
  C:\Windows\System\CBozhoK.exe
  2⤵
  PID:13324
- C:\Windows\System\IkKNUiK.exe
  C:\Windows\System\IkKNUiK.exe
  2⤵
  PID:13348
- C:\Windows\System\QVRzNEi.exe
  C:\Windows\System\QVRzNEi.exe
  2⤵
  PID:13372
- C:\Windows\System\JyyVuwF.exe
  C:\Windows\System\JyyVuwF.exe
  2⤵
  PID:13396
- C:\Windows\System\gyNMxcg.exe
  C:\Windows\System\gyNMxcg.exe
  2⤵
  PID:13420
- C:\Windows\System\YwkyiSP.exe
  C:\Windows\System\YwkyiSP.exe
  2⤵
  PID:13444
- C:\Windows\System\tihipfG.exe
  C:\Windows\System\tihipfG.exe
  2⤵
  PID:13464
- C:\Windows\System\qDaPNsb.exe
  C:\Windows\System\qDaPNsb.exe
  2⤵
  PID:13484
- C:\Windows\System\dvFeuDG.exe
  C:\Windows\System\dvFeuDG.exe
  2⤵
  PID:13508
- C:\Windows\System\AuaHfTi.exe
  C:\Windows\System\AuaHfTi.exe
  2⤵
  PID:13536
- C:\Windows\System\VBNyeHf.exe
  C:\Windows\System\VBNyeHf.exe
  2⤵
  PID:13560
- C:\Windows\System\cLwXiAK.exe
  C:\Windows\System\cLwXiAK.exe
  2⤵
  PID:13580
- C:\Windows\System\WrXLnoc.exe
  C:\Windows\System\WrXLnoc.exe
  2⤵
  PID:13600
- C:\Windows\System\mBvjaES.exe
  C:\Windows\System\mBvjaES.exe
  2⤵
  PID:13624
- C:\Windows\System\OPxFLEC.exe
  C:\Windows\System\OPxFLEC.exe
  2⤵
  PID:13640
- C:\Windows\System\fBBlUJV.exe
  C:\Windows\System\fBBlUJV.exe
  2⤵
  PID:13660
- C:\Windows\System\JFIbcAz.exe
  C:\Windows\System\JFIbcAz.exe
  2⤵
  PID:13680
- C:\Windows\System\rUiLmPg.exe
  C:\Windows\System\rUiLmPg.exe
  2⤵
  PID:13700
- C:\Windows\System\PrWzulg.exe
  C:\Windows\System\PrWzulg.exe
  2⤵
  PID:13724
- C:\Windows\System\GqqjOFL.exe
  C:\Windows\System\GqqjOFL.exe
  2⤵
  PID:13748
- C:\Windows\System\qIQUSbz.exe
  C:\Windows\System\qIQUSbz.exe
  2⤵
  PID:13772
- C:\Windows\System\yCZLTbw.exe
  C:\Windows\System\yCZLTbw.exe
  2⤵
  PID:13788
- C:\Windows\System\DWDbAlR.exe
  C:\Windows\System\DWDbAlR.exe
  2⤵
  PID:13804
- C:\Windows\System\MaTETGR.exe
  C:\Windows\System\MaTETGR.exe
  2⤵
  PID:13824
- C:\Windows\System\PXgjDou.exe
  C:\Windows\System\PXgjDou.exe
  2⤵
  PID:13840
- C:\Windows\System\mJcJDQZ.exe
  C:\Windows\System\mJcJDQZ.exe
  2⤵
  PID:13856
- C:\Windows\System\jeSWZDv.exe
  C:\Windows\System\jeSWZDv.exe
  2⤵
  PID:13888
- C:\Windows\System\rGGHZqe.exe
  C:\Windows\System\rGGHZqe.exe
  2⤵
  PID:13908
- C:\Windows\System\FLiPEYM.exe
  C:\Windows\System\FLiPEYM.exe
  2⤵
  PID:13928
- C:\Windows\System\jLrYZDY.exe
  C:\Windows\System\jLrYZDY.exe
  2⤵
  PID:13948
- C:\Windows\System\ugVtOOD.exe
  C:\Windows\System\ugVtOOD.exe
  2⤵
  PID:13968
- C:\Windows\System\cVgWOEg.exe
  C:\Windows\System\cVgWOEg.exe
  2⤵
  PID:13988
- C:\Windows\System\JsRivBz.exe
  C:\Windows\System\JsRivBz.exe
  2⤵
  PID:14008
- C:\Windows\System\hBeEFti.exe
  C:\Windows\System\hBeEFti.exe
  2⤵
  PID:14032
- C:\Windows\System\rSkIzCK.exe
  C:\Windows\System\rSkIzCK.exe
  2⤵
  PID:14064
- C:\Windows\System\KKiftEy.exe
  C:\Windows\System\KKiftEy.exe
  2⤵
  PID:14084
- C:\Windows\System\PLFrSod.exe
  C:\Windows\System\PLFrSod.exe
  2⤵
  PID:14104
- C:\Windows\System\tqJLEJQ.exe
  C:\Windows\System\tqJLEJQ.exe
  2⤵
  PID:14128
- C:\Windows\System\lsvtxmZ.exe
  C:\Windows\System\lsvtxmZ.exe
  2⤵
  PID:14148
- C:\Windows\System\GMSEwmx.exe
  C:\Windows\System\GMSEwmx.exe
  2⤵
  PID:14164
- C:\Windows\System\oipLgga.exe
  C:\Windows\System\oipLgga.exe
  2⤵
  PID:14184
- C:\Windows\System\hhyRQmJ.exe
  C:\Windows\System\hhyRQmJ.exe
  2⤵
  PID:14212
- C:\Windows\System\MEzeaoS.exe
  C:\Windows\System\MEzeaoS.exe
  2⤵
  PID:14228
- C:\Windows\System\suQXNVi.exe
  C:\Windows\System\suQXNVi.exe
  2⤵
  PID:14256
- C:\Windows\System\BDWxhCP.exe
  C:\Windows\System\BDWxhCP.exe
  2⤵
  PID:14280
- C:\Windows\System\INWokeS.exe
  C:\Windows\System\INWokeS.exe
  2⤵
  PID:14300
- C:\Windows\System\AGTUWHT.exe
  C:\Windows\System\AGTUWHT.exe
  2⤵
  PID:14320
- C:\Windows\System\cICedrB.exe
  C:\Windows\System\cICedrB.exe
  2⤵
  PID:5260
- C:\Windows\System\hVcLjEE.exe
  C:\Windows\System\hVcLjEE.exe
  2⤵
  PID:10740
- C:\Windows\System\QqtISsl.exe
  C:\Windows\System\QqtISsl.exe
  2⤵
  PID:10960
- C:\Windows\System\fRnxYOP.exe
  C:\Windows\System\fRnxYOP.exe
  2⤵
  PID:10840
- C:\Windows\System\WPxNLvZ.exe
  C:\Windows\System\WPxNLvZ.exe
  2⤵
  PID:12772
- C:\Windows\System\TlADNEk.exe
  C:\Windows\System\TlADNEk.exe
  2⤵
  PID:12824
- C:\Windows\System\qbhhUiH.exe
  C:\Windows\System\qbhhUiH.exe
  2⤵
  PID:11576
- C:\Windows\System\PPQDTfv.exe
  C:\Windows\System\PPQDTfv.exe
  2⤵
  PID:13692
- C:\Windows\System\nFNvvSl.exe
  C:\Windows\System\nFNvvSl.exe
  2⤵
  PID:14120
- C:\Windows\System\rLMsPBg.exe
  C:\Windows\System\rLMsPBg.exe
  2⤵
  PID:14196
- C:\Windows\System\EhszDLa.exe
  C:\Windows\System\EhszDLa.exe
  2⤵
  PID:14264
- C:\Windows\System\EkMyccC.exe
  C:\Windows\System\EkMyccC.exe
  2⤵
  PID:10884
- C:\Windows\System\sIIDKCc.exe
  C:\Windows\System\sIIDKCc.exe
  2⤵
  PID:12304
- C:\Windows\System\VYiYiDi.exe
  C:\Windows\System\VYiYiDi.exe
  2⤵
  PID:11324
- C:\Windows\System\XkHSTfD.exe
  C:\Windows\System\XkHSTfD.exe
  2⤵
  PID:10444
- C:\Windows\System\CITYGOV.exe
  C:\Windows\System\CITYGOV.exe
  2⤵
  PID:11784
- C:\Windows\System\HFRxNAJ.exe
  C:\Windows\System\HFRxNAJ.exe
  2⤵
  PID:11472
- C:\Windows\System\vwWdNbc.exe
  C:\Windows\System\vwWdNbc.exe
  2⤵
  PID:8140
- C:\Windows\System\RZzpRSN.exe
  C:\Windows\System\RZzpRSN.exe
  2⤵
  PID:11900
- C:\Windows\System\KVUZyIS.exe
  C:\Windows\System\KVUZyIS.exe
  2⤵
  PID:13160
- C:\Windows\System\NLbEklx.exe
  C:\Windows\System\NLbEklx.exe
  2⤵
  PID:13020
- C:\Windows\System\uhIUQbc.exe
  C:\Windows\System\uhIUQbc.exe
  2⤵
  PID:12744
- C:\Windows\System\GWNxVhG.exe
  C:\Windows\System\GWNxVhG.exe
  2⤵
  PID:9764
- C:\Windows\System\grjuVBW.exe
  C:\Windows\System\grjuVBW.exe
  2⤵
  PID:12476
- C:\Windows\System\lPIjhRS.exe
  C:\Windows\System\lPIjhRS.exe
  2⤵
  PID:12372
- C:\Windows\System\JFtZrJi.exe
  C:\Windows\System\JFtZrJi.exe
  2⤵
  PID:11012
- C:\Windows\System\YRyuCza.exe
  C:\Windows\System\YRyuCza.exe
  2⤵
  PID:11024
- C:\Windows\System\ajhfMbj.exe
  C:\Windows\System\ajhfMbj.exe
  2⤵
  PID:13612
- C:\Windows\System\dxGUsLm.exe
  C:\Windows\System\dxGUsLm.exe
  2⤵
  PID:5748
- C:\Windows\System\yWxDlrV.exe
  C:\Windows\System\yWxDlrV.exe
  2⤵
  PID:10612
- C:\Windows\System\UTAdZQh.exe
  C:\Windows\System\UTAdZQh.exe
  2⤵
  PID:14312
- C:\Windows\System\ZcLbBmW.exe
  C:\Windows\System\ZcLbBmW.exe
  2⤵
  PID:10220
- C:\Windows\System\nnQJbIu.exe
  C:\Windows\System\nnQJbIu.exe
  2⤵
  PID:14344
- C:\Windows\System\buFjFKp.exe
  C:\Windows\System\buFjFKp.exe
  2⤵
  PID:14420
- C:\Windows\System\HBCnzeV.exe
  C:\Windows\System\HBCnzeV.exe
  2⤵
  PID:14460
- C:\Windows\System\KovHWpG.exe
  C:\Windows\System\KovHWpG.exe
  2⤵
  PID:14484
- C:\Windows\System\whdunle.exe
  C:\Windows\System\whdunle.exe
  2⤵
  PID:14568
- C:\Windows\System\NiwIBia.exe
  C:\Windows\System\NiwIBia.exe
  2⤵
  PID:14584
- C:\Windows\System\xcBXmSD.exe
  C:\Windows\System\xcBXmSD.exe
  2⤵
  PID:14616
- C:\Windows\System\CNNeARs.exe
  C:\Windows\System\CNNeARs.exe
  2⤵
  PID:15008
- C:\Windows\System\xYtAeIw.exe
  C:\Windows\System\xYtAeIw.exe
  2⤵
  PID:15128
- C:\Windows\System\AvsvRoH.exe
  C:\Windows\System\AvsvRoH.exe
  2⤵
  PID:15220
- C:\Windows\System\kaPjEWO.exe
  C:\Windows\System\kaPjEWO.exe
  2⤵
  PID:15244
- C:\Windows\System\ekVUxVw.exe
  C:\Windows\System\ekVUxVw.exe
  2⤵
  PID:15268
- C:\Windows\System\QlHtXMO.exe
  C:\Windows\System\QlHtXMO.exe
  2⤵
  PID:15320
- C:\Windows\System\nOtSrkm.exe
  C:\Windows\System\nOtSrkm.exe
  2⤵
  PID:12412
- C:\Windows\System\HsnWosx.exe
  C:\Windows\System\HsnWosx.exe
  2⤵
  PID:6128
- C:\Windows\System\DQUVkmu.exe
  C:\Windows\System\DQUVkmu.exe
  2⤵
  PID:14740
- C:\Windows\System\lCeiuzH.exe
  C:\Windows\System\lCeiuzH.exe
  2⤵
  PID:14888
- C:\Windows\System\WEDcAmO.exe
  C:\Windows\System\WEDcAmO.exe
  2⤵
  PID:9072
- C:\Windows\System\dHDjrbB.exe
  C:\Windows\System\dHDjrbB.exe
  2⤵
  PID:14532
- C:\Windows\System\lMCETXD.exe
  C:\Windows\System\lMCETXD.exe
  2⤵
  PID:14308
- C:\Windows\System\zNNQobY.exe
  C:\Windows\System\zNNQobY.exe
  2⤵
  PID:14676
- C:\Windows\System\JFIvhdX.exe
  C:\Windows\System\JFIvhdX.exe
  2⤵
  PID:12864
- C:\Windows\System\FHGyKJd.exe
  C:\Windows\System\FHGyKJd.exe
  2⤵
  PID:14768
- C:\Windows\System\UxtGEUt.exe
  C:\Windows\System\UxtGEUt.exe
  2⤵
  PID:14776
- C:\Windows\System\yEIfWGj.exe
  C:\Windows\System\yEIfWGj.exe
  2⤵
  PID:9500
- C:\Windows\System\ULkBSJw.exe
  C:\Windows\System\ULkBSJw.exe
  2⤵
  PID:15152
- C:\Windows\System\QhUPNSj.exe
  C:\Windows\System\QhUPNSj.exe
  2⤵
  PID:15184
- C:\Windows\System\auzPamd.exe
  C:\Windows\System\auzPamd.exe
  2⤵
  PID:14912
- C:\Windows\System\NgePvbi.exe
  C:\Windows\System\NgePvbi.exe
  2⤵
  PID:14564
- C:\Windows\System\ANXNmVw.exe
  C:\Windows\System\ANXNmVw.exe
  2⤵
  PID:14632
- C:\Windows\System\IsvHnAN.exe
  C:\Windows\System\IsvHnAN.exe
  2⤵
  PID:14792
- C:\Windows\System\fiGMHsx.exe
  C:\Windows\System\fiGMHsx.exe
  2⤵
  PID:15124
- C:\Windows\System\piTHdbB.exe
  C:\Windows\System\piTHdbB.exe
  2⤵
  PID:3032
- C:\Windows\System\VhPumvY.exe
  C:\Windows\System\VhPumvY.exe
  2⤵
  PID:11028
- C:\Windows\System\YyUHVba.exe
  C:\Windows\System\YyUHVba.exe
  2⤵
  PID:15240
- C:\Windows\System\tYErUrT.exe
  C:\Windows\System\tYErUrT.exe
  2⤵
  PID:11512
- C:\Windows\System\CdHCHjG.exe
  C:\Windows\System\CdHCHjG.exe
  2⤵
  PID:12836
- C:\Windows\System\CjBbPbX.exe
  C:\Windows\System\CjBbPbX.exe
  2⤵
  PID:15336
- C:\Windows\System\VsgOIfA.exe
  C:\Windows\System\VsgOIfA.exe
  2⤵
  PID:15004
- C:\Windows\System\sqJclEF.exe
  C:\Windows\System\sqJclEF.exe
  2⤵
  PID:15048
- C:\Windows\System\KeHFctd.exe
  C:\Windows\System\KeHFctd.exe
  2⤵
  PID:712
- C:\Windows\System\ZUkhFMl.exe
  C:\Windows\System\ZUkhFMl.exe
  2⤵
  PID:5304
- C:\Windows\System\hbZPyLZ.exe
  C:\Windows\System\hbZPyLZ.exe
  2⤵
  PID:10192
- C:\Windows\System\SLWxPuO.exe
  C:\Windows\System\SLWxPuO.exe
  2⤵
  PID:8464
- C:\Windows\System\NNCBwet.exe
  C:\Windows\System\NNCBwet.exe
  2⤵
  PID:11268
- C:\Windows\System\RSUdPTz.exe
  C:\Windows\System\RSUdPTz.exe
  2⤵
  PID:14756
- C:\Windows\System\BDlnzdL.exe
  C:\Windows\System\BDlnzdL.exe
  2⤵
  PID:12604
- C:\Windows\System\NeNiyLo.exe
  C:\Windows\System\NeNiyLo.exe
  2⤵
  PID:12888
- C:\Windows\System\tXDxvLC.exe
  C:\Windows\System\tXDxvLC.exe
  2⤵
  PID:5928
- C:\Windows\System\Brrjnmj.exe
  C:\Windows\System\Brrjnmj.exe
  2⤵
  PID:14528
- C:\Windows\System\dxLDozM.exe
  C:\Windows\System\dxLDozM.exe
  2⤵
  PID:14852
- C:\Windows\System\lceupcy.exe
  C:\Windows\System\lceupcy.exe
  2⤵
  PID:10040
- C:\Windows\System\joBJUoW.exe
  C:\Windows\System\joBJUoW.exe
  2⤵
  PID:11192
- C:\Windows\System\NQRFSvD.exe
  C:\Windows\System\NQRFSvD.exe
  2⤵
  PID:15096

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\GLTINij.exe

Filesize
1.9MB

MD5
7f756974d32fee3ee318d2089dbf7019

SHA1
92f158f2ee98f27e2992a1d0540225137ca8ffaf

SHA256
80f7e4440d678b3668b816c185f073bdad4b0fd7dab196c765e659ff44dff1a3

SHA512
7ffbc99a45df7e0ac696a793839b981dfbc7b435f84a4ae9db04105e83ecdba9db4528e84517578032cd64a98af7bc6b8b7f542b85fe78ba0c8975bade3ddfca

Download Submit
C:\Windows\System\GoAUaEQ.exe

Filesize
1.9MB

MD5
da7002c845eadcbc223e52518c3acdf3

SHA1
bcfa10a599ce41a186acfe5cac1e4abc1f22e32a

SHA256
b38f02546fc1662d3a239ac77eee8adb030be740bfa89e313d298467092703dc

SHA512
a1f93eb194c19768f24da1fd501701f5ef4e15e502cf84d78b2995c54851a7ebf7597bf4586c5b6f3fa44779461ace8f8da6d1906d3c7a12e109bcc340b37444

Download Submit
C:\Windows\System\IaiuTkg.exe

Filesize
1.9MB

MD5
e4cca160ad9902c9b547ded588980d4c

SHA1
587f741e7310792a16f0e72a52d6a929620ddae9

SHA256
b198bfd505a7bf55d3aa6be6a6aad3a9375a06dfacbe7cc05d7b415a71ca402b

SHA512
0708d197b57c9d513cad41e305a6adb4c2d266d53c31f746d34003d274513ebb80f3af5b6377a7cfb1a9f7a884d0386d64b7291f399d3e5eee7168b6c861e6cd

Download Submit
C:\Windows\System\IsAzoze.exe

Filesize
1.9MB

MD5
1d1bf40127545f6f0ba4c1b533a411dd

SHA1
e1b8fcad85ef6932b414f1755d8d19418fc76091

SHA256
c9e214493abc7ce0e99d589fcbe897a6d2740ac43bd37519040b50deed978d9d

SHA512
22cd19946eeaede519925e6d406d88e1824e9034363b5f3fc54e698a11e4773b464231b33b912f00a8827fe00227843349fffefabe987ab1aad60067ff442951

Download Submit
C:\Windows\System\JzcGkjt.exe

Filesize
1.9MB

MD5
ab62cc0e02f2c235b6bf6d503b9669c4

SHA1
81cbe07ba7ff3e560c3e02901904d601612fa1be

SHA256
3ba14594f92f935e11bdc92edcaaab5272720638897e0c15a598691bde0db0de

SHA512
a423305a0f67e5ffadad4cd226457e279eb5ff6d8d3a831f0a263e0a3402bdb9027849d0ed58902e9a16a85c77d11369398f003d068da5c25e33083c10ccb532

Download Submit
C:\Windows\System\KuQTxtj.exe

Filesize
1.9MB

MD5
bda04afb19c762743321fbcfb54088b2

SHA1
10e3a73230dc871d8ba9d68c2d1fcbb4ee2b6a44

SHA256
cbe9d4104ea173e08d196cdbf0feef45aea05d6cef30af9dd7e6a3f6124b660e

SHA512
c58eff9305529e40123087a6cfbf43440b16f2c6b340e68d48944003dd09c25fdbe30da9b48abc32a0d861be5119aa51c9753120cb792769bb3a658b3e6a7278

Download Submit
C:\Windows\System\MGdYOCL.exe

Filesize
1.9MB

MD5
e80de687af87e53ff1205e86141a453f

SHA1
713b69cf47e4407c984db8af4232e4f8bd4cc151

SHA256
f9fc6644d110f12980df8a2cc7b038816544f3972780c12d35a90c1355086b89

SHA512
acfd43aae2731efd736046f26acd4c5b847a4ada563d594ef95fdce88bff7cc2a4f0b1a0dd4befa6e0a0a32540623a25bec2932154b9295a18ef53485d868045

Download Submit
C:\Windows\System\OCRdlfF.exe

Filesize
1.9MB

MD5
83af198385d493109a3d4ec705abf9ca

SHA1
56bba3cf23269bca143ab3c1f43a4615f7bf5c7a

SHA256
312c26443eb830e561d28f33d290d0c454244da30c873ce8f8c37c3fce118ef0

SHA512
fdde5cb64d91335069fbeb2f4980893982ec004f191e6c6a7799ecb206fcd65d5f1d7392120d29e07597c4a472f74a1a2239ddb9857fe089305863cf5e7c9fac

Download Submit
C:\Windows\System\PGrSXeM.exe

Filesize
1.9MB

MD5
b48b33018243fef522c27354b00dab84

SHA1
69c4d1a99824f8ca1b2cbff337488fb3d2eb4100

SHA256
d38a3e37e7a06a7d6e38758116b9af563761332824840a0e92519efd94614db6

SHA512
03fb4e782bc803969a8f726fbad5ff559a859f3a24032af223930bc5644c3e961ef324bc858285b430a33b7952f695b27eced2ffecd8323b87731945c6a10093

Download Submit
C:\Windows\System\PQfjySs.exe

Filesize
1.9MB

MD5
fa06bf36389000489624dd4013f50e1e

SHA1
7127e7db534c9487e78f9acf13e0713c8fc6b251

SHA256
bc80cac163fc128a018f7df808ecfca62dba15a83dbf242d732cb4c52406f11b

SHA512
c9e3f9dd8e480580ce16e437b2c0d37aecdfcb252bb81fae4bf072dcd18fcd80e9a5852535ff217e7d537f3dd4cdef8dab12b49fe7ad516e0946ec31af8245c5

Download Submit
C:\Windows\System\RWrEBJW.exe

Filesize
1.9MB

MD5
ae035a9129c793c097652be78a338a7f

SHA1
0ad76c24e7007d0548d724ee3fdf9cf20431d492

SHA256
0102dd6e81bd7bf24ca4b8ad844806d5836c8f9705aaad087b0de9c0d8433f07

SHA512
55a33bf88c746b9746ef08ce43a9e3a847ee11bb366049f078f0d361f56e41c8e5452ab9c1ca70d4ce03a8e160e994d3204b27501cf7f29a80909cc7ba8260e2

Download Submit
C:\Windows\System\SFolJrH.exe

Filesize
1.9MB

MD5
623f49b571b2601ae6777ce05b5f4fd7

SHA1
fb9a61cf04baa865c10559bff93726c391acf88d

SHA256
49e0c5386f0253b8ab093d62eaf07c4e7280651efb0d5066f603180a8ca73958

SHA512
9a35bdb3a430f0470c4b21f7f6ecfbd259c8b23346a9c7d4a64e7445599bf9a14c2df5db4782b23db62e497b9c3bf4260462c57b8f877ff65bcb216c809c8b64

Download Submit
C:\Windows\System\SGQWqOh.exe

Filesize
1.9MB

MD5
9f39a7e0e884c8c924d2caf32762aadb

SHA1
27ea3abc521c9e9fc777870875e7e9ae1ad85f04

SHA256
d0311c3586adc914d49cac0cffbb7205e5b939dc95d2de434b5854a122cb628d

SHA512
8bdc334b33fde0dcca7e83fdfc1f710534fb366c8bdf10327fdf3237034ba465212f9168a4bdf4416d5b74f8d61bcbcbf55ac252036d6ec08c7373ff3cc6010d

Download Submit
C:\Windows\System\SOfSbPv.exe

Filesize
1.9MB

MD5
7041db643e8f765304804b9c4770445e

SHA1
1db6087ee037c9602865739e54e87e2ada6c6b32

SHA256
501a630731aba838113b151702298648ed505754931c9af69b77704050fac7a4

SHA512
12294f77f57cb316efc39033bfe040b54855c519319103f3433502aaa58e44a5951b521a3b651780cad980813446e06a8ac204cf978cfc58f4b5f9ed335527ea

Download Submit
C:\Windows\System\SomcZFz.exe

Filesize
1.9MB

MD5
fad917ac7253b289e89e49c973fc5cc2

SHA1
2b92c0ea991f3ef86c2258c9df1a720fe5de05db

SHA256
5b031eb750bb40a09abd0d7e792a45e7461ad6570ae15e69ba1d31da8483af0d

SHA512
840faf8060b24919c48f87cc93ad8cad8b640915d11f8e3f576167c77072b2671542ebf19be78796921c619340220e3b92f75e1e3a7e58e4401fed4e7d6f9778

Download Submit
C:\Windows\System\TtrZDSO.exe

Filesize
1.9MB

MD5
400a0e041ffb791f6d157c86d74bc618

SHA1
550d452c3bf6f964295d3c714dc69c555dee42cd

SHA256
f30fe3a30b22675bc84693d7f75da4c80d0d784640735fabbf34eff34d9fc3ee

SHA512
62c2374fb6ceedf55ed2c22f5372b97d6add176a1b202bb9d12a1d9c258a9b59e26af7779053ed45f0c9f778c4a284305a8fa3bc54b59990282faad9b5894089

Download Submit
C:\Windows\System\VTmRdda.exe

Filesize
1.9MB

MD5
536e4224e51c9aa634117cb4a11ebbf9

SHA1
dc62f6db23cc84f76b6512d1f1a056d686abb769

SHA256
76748a5f07297981286907936f6af623e1a43471392a4a478810560c80c26d5c

SHA512
229aca68460b0e6cbfa9217c0be98f569709b21808b6943b4afa69612d5fdf3f03c215aacadc67af4dfe88b4fe4193139c22693bb4523fcd72b3d75f416ef034

Download Submit
C:\Windows\System\XEHPIxP.exe

Filesize
1.9MB

MD5
f6636f85170878a9323f052979de1f5e

SHA1
e2de704bedb91454fd076ea69918b53bcecf34fa

SHA256
1e6984b76de2464ee5f43202667fd768448a8cad3a5415141833a9bd72f50ff0

SHA512
6c867a0024ed4d7276355db37190ad4fa0aeebd151bc47bae3e6ec90e71d3863533125556e584cffc4b7217ed6d894854c08c61c39d6e37f4aa86aa455f37924

Download Submit
C:\Windows\System\ZHAVGFu.exe

Filesize
1.9MB

MD5
0f77d23bbd4cd02f427a4f9694abc1c7

SHA1
de5f70037d1429ccad35deb0cb3fd3a003bafb7d

SHA256
474bd9e6f9b1ab76608e9dbb3e465554d7b975b9645cc5476ff3ad8b96e5f31d

SHA512
2439b601406860ee9999df619466b4522387c49aab3133f68951b968ca54d300f248fdea3b728f3396820d9d95d70f28f14de757e26ca46fad898de6ea9b6787

Download Submit
C:\Windows\System\bFTeHTP.exe

Filesize
1.9MB

MD5
84e0d51d1a6f4b2e5e087a9abcf591f2

SHA1
f7b1bccc879b77433bff67a29dba61d6e17c2477

SHA256
fb9da1e09878ceb9cb301576a6649ac28a95cf38294891780159d839f0d3db6d

SHA512
8b4076aca2135065ff092292415d1f809bbfff032e70f07bbf1421c999cc7454027675106b880f2b9a2b02a2e065fe42439eabc6b0ad68fd604767d8b0ceec99

Download Submit
C:\Windows\System\cdsOTze.exe

Filesize
1.9MB

MD5
665d9030b865fdc4419501652a341100

SHA1
1d78f408b3c8da0cdfff23d24a11b8297359037f

SHA256
44a93edae0ca12a0d1ca74ae62bd45f5901bde232901327b34710cd3bfb90e4b

SHA512
9510702998075641259be0d0bf27b8fe419813773cb08c576b3af99b66dc74c1c71d860269ef5bf2a0a8bd7af11bc342371d4926987c4240a61b2f4fa70897eb

Download Submit
C:\Windows\System\dJWpSOQ.exe

Filesize
1.9MB

MD5
85bb4b85167b46a8ee4147eaf15a4da5

SHA1
bcef451a62be4929cdb609f978c27760cfaca835

SHA256
383f93cef98e0606db1302ff0c4077e56b1b682a5f7786659368dce5d41727a3

SHA512
d294617afa9fb9d71f88d80270a2d1620c9c80402e170b19e929a1d05651652ed762bda7134b07e3099d5dfbff7d89cb511dadb76a9974814477b9124290d0d4

Download Submit
C:\Windows\System\dnLcieF.exe

Filesize
1.9MB

MD5
4acd41308ba9bf05634623f22e0caf9d

SHA1
aa5eeed3dd07d5b9a186d2b7ce954be573e848d5

SHA256
2ab2e301fecd39ef8dee9d3945c67412f69b79a2df58c26dd787d24fdc184847

SHA512
0b96071fb14f64cff7fe3a1d58835404c769bff69ff23a106d851caa5b667de47a8be04fe56315403e39cd880033322c64a13a911a3132abfd8d625c5169d21d

Download Submit
C:\Windows\System\ebpEvSL.exe

Filesize
1.9MB

MD5
bf2ca9582d81373209c531b19c201742

SHA1
ac64a82234ca039f31db4b37bb9f47375337f594

SHA256
8531b9b67e29d5dec92d05d06ebe18dec2a28237c0050483af5c39e6f4fcc973

SHA512
26bb48341b2c504c73da60f0709b8cac1760d5d9633bc22afb2588a77f7936c4b1c470948c9c3d6d15a3bae55904e47dfc4acc806b2b75ed08328c6d097839bc

Download Submit
C:\Windows\System\gfEGzpo.exe

Filesize
1.9MB

MD5
79aab1e1004a98fb49b45229e2679c78

SHA1
66c2212b7352e8b918a93ddf3acfec9048411991

SHA256
b4f4412dbc23ac9b5776b65b0f94cadf0783425c3688a5469641bded01ee4f97

SHA512
43cbb59f88fe23cb0f4de2f7479f1973dc1b0e5a884fe6d6597c4ccdfb45b3106de24304c570d9122a78bd415ebdd4f62a56213f5573c4f39a1249e6e44d6bad

Download Submit
C:\Windows\System\grKGoJH.exe

Filesize
1.9MB

MD5
18321321acb3486034ec1f5e470aa7d2

SHA1
a15f84da2be98258c216a8850cd2d5b4cf9e7b2f

SHA256
7dfa152cb4297bef6c475e0d563f48433031cb141ebf74faa9e8f5bc38fcfeeb

SHA512
0d69427052e50ba9b4f3afbbc20c44ab053154d743ca4392fdb80ea465165490d0aa356b2e88fa260aa915f29b1e4dcf1dcb82e99957cd0cee431c1ae352057d

Download Submit
C:\Windows\System\jOqOOra.exe

Filesize
1.9MB

MD5
0d25655cf5236628ad4cd12b44d596da

SHA1
a7014488ae585757b4a111c04173ddad65c6e344

SHA256
eeaa25cc513483a954a9ba43fda58a6deda6710c328b0458af2593b9bf5ec134

SHA512
6e06f74b951a9d7901e50dd6a9426448509e733da80fc96be8aa8378bbd69924815d797ad57d53ab41df7d23b4da4465661c8d471ba7e2ec44f879106f30dd4d

Download Submit
C:\Windows\System\mHLYuok.exe

Filesize
1.9MB

MD5
ad641f741a8b288e377d5f08107e55f6

SHA1
9c59a49915440fe6f8d309ed4217f322149eab43

SHA256
90bdd748f036cfea4c0d4ad1f3da9715bd3aa80b265f066a448418d0cb8d5e73

SHA512
29617428a5f84c96d8a78bf59d0a3859b7176cfce3394e006273051a31fbfa206549e04ea8530593497228e013cee5ebecbc08982c3dec06143d13cf002ee9d1

Download Submit
C:\Windows\System\rGQgoFy.exe

Filesize
1.9MB

MD5
45317be3ce9ef8c5bf1bec8fcb548dd6

SHA1
b5a4e3d3c08fdc54a5080aeafc6716f69568b96d

SHA256
9839bb95bd0407e1ac25bb9bd732e55353fcec53f89276a635b1bab20e8eb1bf

SHA512
c0b8a4006b8325c6928376269d5e753ec402965d957b523e8d03e6821a0351eabba9927eed155a63bb2fa70bf211916c29b5024fa4eb402f60fee1ed83356a15

Download Submit
C:\Windows\System\tFrpIdT.exe

Filesize
1.9MB

MD5
1b0cb6eaf3844be039c4bdb01d03be34

SHA1
8c82e94203d2011e95b8fb41eab86e0392b379a5

SHA256
173a537daa7d0f79d9c09b45b622e04a6a239a3861c64438beb593448259063d

SHA512
b64f5eb5addbc5706985c2d16296c6396213826289c8903b065b52ad9b22adb98739b80dc306f86144bf10884c83e8822e568f2594fa8c9a328f3a6f403924ce

Download Submit
C:\Windows\System\uFIxkQU.exe

Filesize
1.9MB

MD5
8d70b1d6ca242a89ee9f799f2172c401

SHA1
d1f6e1d4a8037d5a9492d3d606d728223ba66bb3

SHA256
a76d66826918683be55b785dc9ced5c07bf7b3d816b3f98a26540f7fac93032e

SHA512
a12d21b56c3149703d3b88848b0d4197cbcb2a50162cb75ec7176b70a04586238a257c0c03da53a7d224243c31aa5359b50a51d438958066e44116d50e574aaa

Download Submit
C:\Windows\System\vVWNggD.exe

Filesize
1.9MB

MD5
d276b1811c5eba3fbd44a7bd5fade6f9

SHA1
4f890613e7be042ce47dbda09d6c64f34dc2a583

SHA256
b74b6e4355a2d2b5c209baf77e060b0008bf1d0380708145183177c1598ee967

SHA512
260818964540b3092c7720278ff574f50b75ce9bb0f229d6685f51fe678debd9de37a4c2dd702dc18d71555ea995011d1b556e658f0d1ee769f3d5342a1d7235

Download Submit
C:\Windows\System\vznoRgV.exe

Filesize
1.9MB

MD5
a0ad75bac8cd8f95d671e20d5b4eefa8

SHA1
4970803cb114836fb662b380dd6fd947ef0f8568

SHA256
1e18d0be1223de100823dc840893242b501e0d767f553ca629eac1b15e9b7115

SHA512
f8145fe791e5ffc849affc21b0fd114500aeb29f5e14fd3e4b707a8637ed26af7315e1f194716515888b0109e1124dc4bef58df2cc64948d63012892957a52bb

Download Submit
C:\Windows\System\wPsvafh.exe

Filesize
1.9MB

MD5
e392b77f9417fa92246906d97555b1c1

SHA1
bd3616e6f570508663abf33096fa14eb36c1921d

SHA256
b049bfb6ed0f9613b81b24ad81c004016386a8f5133f27ad80c3ec6163a6fe6f

SHA512
b85ae31e0c6c22896f393b64b7689339bba2959b65a15b4dfcdc185d5af482ca372d1cf1cc6de9a89c29efbe9057f172398e7d89b035021f1f6b42c2db94f834

Download Submit
C:\Windows\System\wcsrPjO.exe

Filesize
1.9MB

MD5
eace7f7281426bc386bb77b5671aa586

SHA1
8d0df5a02f71359723154da1bf78207309f82fdf

SHA256
61a6d511021b34ebafac2d47ca0cbd8d6920f0683346dcb99533b90d7a68dd8a

SHA512
504de3089554da91f08ba8970545a3ec31a2018415aab642e7629934b8926ad7265ad59b50118f266ca0b6eea1e8747d3b1d15aa67b76d8a612490db13c3ea54

Download Submit
C:\Windows\System\xEbwWnN.exe

Filesize
1.9MB

MD5
968935f016f14b77a3f978d430c162f4

SHA1
1d5d39d810750e8e55aa5ff24b93f8c81aa09306

SHA256
6097243b9798a07511d546880c4349af205ea8d39ae5ec96eeaca3438373645f

SHA512
f0081de4d5c634145da4fabd63c642f1341d48678dff70b5a8d9b01d1aad28638ba4ea55550888ab8e64c3a98c3d48ff996d0fff2a39bdc6ef3c790c47a9e47a

Download Submit
C:\Windows\System\xVlimYC.exe

Filesize
1.9MB

MD5
63683383ced8bb21f37c78c460cfe77a

SHA1
ff8ed7b8ae5d2e1fca8b1835c70a2e4b2043f6c6

SHA256
29fea4e2317661f830b73502da8c4dc9717bfc5946edcdb82bd0904fafd2ef39

SHA512
d560b603d2db95f081eb35418b45094a7d9b359649c21d546b12d285fe938d86a84fa08905edc27d369d96a735868c73567f01007b8dda4c77158407ef688bed

Download Submit
C:\Windows\System\zkcChwq.exe

Filesize
1.9MB

MD5
6b3bf4eb9c922e3e88413fa467a1190a

SHA1
9b8cd0e3296f397972693da442491286fced2d6f

SHA256
d88533136011af572fd36e78680377d85af93a15cdb83c26ce2662f81ac2b842

SHA512
087b532d5e0bdbbfd2420a1ba53f334368282e560b210800e82ca65ef583728e0ced55424d0e9b50a05d5f89d3e32864209dae03b44cd776c9fc68d81772417d

Download Submit
memory/212-2795-0x00007FF69C5A0000-0x00007FF69C8F1000-memory.dmp

Filesize
3.3MB

Download
memory/212-631-0x00007FF69C5A0000-0x00007FF69C8F1000-memory.dmp

Filesize
3.3MB

Download
memory/312-501-0x00007FF6B6830000-0x00007FF6B6B81000-memory.dmp

Filesize
3.3MB

Download
memory/312-2849-0x00007FF6B6830000-0x00007FF6B6B81000-memory.dmp

Filesize
3.3MB

Download
memory/388-2840-0x00007FF6BDF70000-0x00007FF6BE2C1000-memory.dmp

Filesize
3.3MB

Download
memory/388-312-0x00007FF6BDF70000-0x00007FF6BE2C1000-memory.dmp

Filesize
3.3MB

Download
memory/392-444-0x00007FF78A5E0000-0x00007FF78A931000-memory.dmp

Filesize
3.3MB

Download
memory/392-2834-0x00007FF78A5E0000-0x00007FF78A931000-memory.dmp

Filesize
3.3MB

Download
memory/736-634-0x00007FF78CD80000-0x00007FF78D0D1000-memory.dmp

Filesize
3.3MB

Download
memory/736-2817-0x00007FF78CD80000-0x00007FF78D0D1000-memory.dmp

Filesize
3.3MB

Download
memory/740-252-0x00007FF76C9C0000-0x00007FF76CD11000-memory.dmp

Filesize
3.3MB

Download
memory/740-2836-0x00007FF76C9C0000-0x00007FF76CD11000-memory.dmp

Filesize
3.3MB

Download
memory/904-445-0x00007FF61A490000-0x00007FF61A7E1000-memory.dmp

Filesize
3.3MB

Download
memory/904-2854-0x00007FF61A490000-0x00007FF61A7E1000-memory.dmp

Filesize
3.3MB

Download
memory/952-1-0x000002894CF50000-0x000002894CF60000-memory.dmp

Filesize
64KB

Download
memory/952-2470-0x00007FF7BABB0000-0x00007FF7BAF01000-memory.dmp

Filesize
3.3MB

Download
memory/952-0-0x00007FF7BABB0000-0x00007FF7BAF01000-memory.dmp

Filesize
3.3MB

Download
memory/1188-2682-0x00007FF68BAB0000-0x00007FF68BE01000-memory.dmp

Filesize
3.3MB

Download
memory/1188-83-0x00007FF68BAB0000-0x00007FF68BE01000-memory.dmp

Filesize
3.3MB

Download
memory/1188-2810-0x00007FF68BAB0000-0x00007FF68BE01000-memory.dmp

Filesize
3.3MB

Download
memory/1192-635-0x00007FF6F3340000-0x00007FF6F3691000-memory.dmp

Filesize
3.3MB

Download
memory/1192-2847-0x00007FF6F3340000-0x00007FF6F3691000-memory.dmp

Filesize
3.3MB

Download
memory/1292-22-0x00007FF7BC080000-0x00007FF7BC3D1000-memory.dmp

Filesize
3.3MB

Download
memory/1292-2796-0x00007FF7BC080000-0x00007FF7BC3D1000-memory.dmp

Filesize
3.3MB

Download
memory/1412-58-0x00007FF60E790000-0x00007FF60EAE1000-memory.dmp

Filesize
3.3MB

Download
memory/1412-2806-0x00007FF60E790000-0x00007FF60EAE1000-memory.dmp

Filesize
3.3MB

Download
memory/1424-2815-0x00007FF745920000-0x00007FF745C71000-memory.dmp

Filesize
3.3MB

Download
memory/1424-633-0x00007FF745920000-0x00007FF745C71000-memory.dmp

Filesize
3.3MB

Download
memory/1500-384-0x00007FF64D4C0000-0x00007FF64D811000-memory.dmp

Filesize
3.3MB

Download
memory/1500-2857-0x00007FF64D4C0000-0x00007FF64D811000-memory.dmp

Filesize
3.3MB

Download
memory/1680-231-0x00007FF608CD0000-0x00007FF609021000-memory.dmp

Filesize
3.3MB

Download
memory/1680-2845-0x00007FF608CD0000-0x00007FF609021000-memory.dmp

Filesize
3.3MB

Download
memory/1712-632-0x00007FF6F5180000-0x00007FF6F54D1000-memory.dmp

Filesize
3.3MB

Download
memory/1712-2798-0x00007FF6F5180000-0x00007FF6F54D1000-memory.dmp

Filesize
3.3MB

Download
memory/1888-313-0x00007FF77E970000-0x00007FF77ECC1000-memory.dmp

Filesize
3.3MB

Download
memory/1888-2822-0x00007FF77E970000-0x00007FF77ECC1000-memory.dmp

Filesize
3.3MB

Download
memory/2004-356-0x00007FF6B3A90000-0x00007FF6B3DE1000-memory.dmp

Filesize
3.3MB

Download
memory/2004-2829-0x00007FF6B3A90000-0x00007FF6B3DE1000-memory.dmp

Filesize
3.3MB

Download
memory/2008-2800-0x00007FF683900000-0x00007FF683C51000-memory.dmp

Filesize
3.3MB

Download
memory/2008-109-0x00007FF683900000-0x00007FF683C51000-memory.dmp

Filesize
3.3MB

Download
memory/2008-2686-0x00007FF683900000-0x00007FF683C51000-memory.dmp

Filesize
3.3MB

Download
memory/2972-113-0x00007FF77AC50000-0x00007FF77AFA1000-memory.dmp

Filesize
3.3MB

Download
memory/2972-2718-0x00007FF77AC50000-0x00007FF77AFA1000-memory.dmp

Filesize
3.3MB

Download
memory/2972-2838-0x00007FF77AC50000-0x00007FF77AFA1000-memory.dmp

Filesize
3.3MB

Download
memory/3332-150-0x00007FF7CE900000-0x00007FF7CEC51000-memory.dmp

Filesize
3.3MB

Download
memory/3332-2802-0x00007FF7CE900000-0x00007FF7CEC51000-memory.dmp

Filesize
3.3MB

Download
memory/3376-2805-0x00007FF774780000-0x00007FF774AD1000-memory.dmp

Filesize
3.3MB

Download
memory/3376-205-0x00007FF774780000-0x00007FF774AD1000-memory.dmp

Filesize
3.3MB

Download
memory/3404-2842-0x00007FF729610000-0x00007FF729961000-memory.dmp

Filesize
3.3MB

Download
memory/3404-234-0x00007FF729610000-0x00007FF729961000-memory.dmp

Filesize
3.3MB

Download
memory/3464-560-0x00007FF73D730000-0x00007FF73DA81000-memory.dmp

Filesize
3.3MB

Download
memory/3464-2855-0x00007FF73D730000-0x00007FF73DA81000-memory.dmp

Filesize
3.3MB

Download
memory/4020-2764-0x00007FF73E020000-0x00007FF73E371000-memory.dmp

Filesize
3.3MB

Download
memory/4020-2471-0x00007FF73E020000-0x00007FF73E371000-memory.dmp

Filesize
3.3MB

Download
memory/4020-13-0x00007FF73E020000-0x00007FF73E371000-memory.dmp

Filesize
3.3MB

Download
memory/4140-65-0x00007FF66DEE0000-0x00007FF66E231000-memory.dmp

Filesize
3.3MB

Download
memory/4140-2808-0x00007FF66DEE0000-0x00007FF66E231000-memory.dmp

Filesize
3.3MB

Download
memory/4140-2717-0x00007FF66DEE0000-0x00007FF66E231000-memory.dmp

Filesize
3.3MB

Download
memory/4560-2831-0x00007FF672700000-0x00007FF672A51000-memory.dmp

Filesize
3.3MB

Download
memory/4560-502-0x00007FF672700000-0x00007FF672A51000-memory.dmp

Filesize
3.3MB

Download
memory/4988-2766-0x00007FF7D5DE0000-0x00007FF7D6131000-memory.dmp

Filesize
3.3MB

Download
memory/4988-37-0x00007FF7D5DE0000-0x00007FF7D6131000-memory.dmp

Filesize
3.3MB

Download
memory/5052-2844-0x00007FF6B25A0000-0x00007FF6B28F1000-memory.dmp

Filesize
3.3MB

Download
memory/5052-208-0x00007FF6B25A0000-0x00007FF6B28F1000-memory.dmp

Filesize
3.3MB

Download
memory/5060-2852-0x00007FF7267A0000-0x00007FF726AF1000-memory.dmp

Filesize
3.3MB

Download
memory/5060-381-0x00007FF7267A0000-0x00007FF726AF1000-memory.dmp

Filesize
3.3MB

Download