cobaltstrike | 1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-09-2024 19:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
Size

6.0MB
MD5

0968976dd42a6ab7a84960d9c431e95d
SHA1

7a3a42bc640b3814f93e62a961e13de3923911f0
SHA256

1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8
SHA512

17f980a1f9ea254153099df52cfb74ec86dacc5938f6192589c24b61a8f96f2bc6d5aa6640ae9b80a58ce8bfacd99fe35d933fa8d60233cd3730b33cbb56c62d
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUe:T+q56utgpPF8u/7e

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 34 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00030000000178b0-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018dea-8.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018e25-12.dat	cobalt_reflective_dll
behavioral1/files/0x001f000000018d1e-31.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018e65-28.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018e96-38.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018fcd-115.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018fc4-111.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018fe2-123.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000191bb-178.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000191ed-194.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000191f7-192.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000191da-186.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000191c8-177.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000191b3-169.dat	cobalt_reflective_dll
behavioral1/files/0x000400000001915a-161.dat	cobalt_reflective_dll
behavioral1/files/0x00040000000191d2-185.dat	cobalt_reflective_dll
behavioral1/files/0x000400000001919b-167.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019074-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001904d-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019044-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001903d-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019028-138.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001901a-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018ffa-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018fca-101.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018eb2-58.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018faa-56.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018ea1-50.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018fba-94.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018fc7-92.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018fc2-84.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018fb0-71.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018e9f-47.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1292-0-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/files/0x00030000000178b0-6.dat	xmrig
behavioral1/files/0x0008000000018dea-8.dat	xmrig
behavioral1/files/0x0007000000018e25-12.dat	xmrig
behavioral1/files/0x001f000000018d1e-31.dat	xmrig
behavioral1/memory/1292-32-0x0000000002480000-0x00000000027D4000-memory.dmp	xmrig
behavioral1/memory/2932-29-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/files/0x0006000000018e65-28.dat	xmrig
behavioral1/memory/2960-23-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/memory/1112-22-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/1292-21-0x0000000002480000-0x00000000027D4000-memory.dmp	xmrig
behavioral1/memory/764-20-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2892-37-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018e96-38.dat	xmrig
behavioral1/files/0x0005000000018fcd-115.dat	xmrig
behavioral1/files/0x0005000000018fc4-111.dat	xmrig
behavioral1/memory/944-110-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/2368-109-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/1292-107-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/files/0x0005000000018fe2-123.dat	xmrig
behavioral1/files/0x00040000000191bb-178.dat	xmrig
behavioral1/files/0x00040000000191ed-194.dat	xmrig
behavioral1/memory/2892-261-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/2688-442-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/2884-416-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/files/0x00040000000191f7-192.dat	xmrig
behavioral1/files/0x00040000000191da-186.dat	xmrig
behavioral1/files/0x00040000000191c8-177.dat	xmrig
behavioral1/files/0x00040000000191b3-169.dat	xmrig
behavioral1/files/0x000400000001915a-161.dat	xmrig
behavioral1/files/0x00040000000191d2-185.dat	xmrig
behavioral1/files/0x000400000001919b-167.dat	xmrig
behavioral1/files/0x0005000000019074-158.dat	xmrig
behavioral1/files/0x000500000001904d-153.dat	xmrig
behavioral1/files/0x0005000000019044-148.dat	xmrig
behavioral1/files/0x000500000001903d-143.dat	xmrig
behavioral1/files/0x0005000000019028-138.dat	xmrig
behavioral1/files/0x000500000001901a-133.dat	xmrig
behavioral1/files/0x0005000000018ffa-128.dat	xmrig
behavioral1/memory/2932-117-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/2664-106-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/1292-105-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2616-104-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/files/0x0005000000018fca-101.dat	xmrig
behavioral1/memory/1292-67-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/1292-65-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/files/0x0007000000018eb2-58.dat	xmrig
behavioral1/memory/1292-100-0x0000000002480000-0x00000000027D4000-memory.dmp	xmrig
behavioral1/memory/2216-99-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/2680-98-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/files/0x0005000000018faa-56.dat	xmrig
behavioral1/files/0x0008000000018ea1-50.dat	xmrig
behavioral1/files/0x0005000000018fba-94.dat	xmrig
behavioral1/files/0x0005000000018fc7-92.dat	xmrig
behavioral1/files/0x0005000000018fc2-84.dat	xmrig
behavioral1/memory/2688-64-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/2652-61-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/files/0x0005000000018fb0-71.dat	xmrig
behavioral1/files/0x0006000000018e9f-47.dat	xmrig
behavioral1/memory/2884-43-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2960-1429-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/memory/1112-1430-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/764-1431-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2932-1438-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2960	ukVERzX.exe
764	fIZWvVc.exe
1112	JvRvWqK.exe
2932	bHPhVuv.exe
2892	KhXrIta.exe
2884	VpQqQnj.exe
2652	pzNvSMb.exe
2688	vUrVyIK.exe
2680	wTjZSSZ.exe
2216	MOKmUtE.exe
2616	WKciWMv.exe
2664	PTnZhkq.exe
2368	lRSbksv.exe
944	mccoDzz.exe
2012	ayjXgbG.exe
2836	dDppJUg.exe
1768	GMzClJz.exe
1840	rnvjWPm.exe
2548	ZVplbMw.exe
1644	FnKCFel.exe
2812	HECMvfw.exe
692	GwOGIDi.exe
1776	lyZSqsn.exe
360	swoEgMZ.exe
3048	PLQgStg.exe
2156	psjhKKc.exe
1924	hdDGXrK.exe
2364	oqENbiZ.exe
2032	QxwzNRW.exe
1072	xrzKSEp.exe
524	OJOMRzD.exe
928	rqXVndh.exe
2204	YuPmgGY.exe
2328	efyNesr.exe
2412	KasaZrD.exe
2140	gYeXTfF.exe
1756	iSvWEHk.exe
2084	yjhxefK.exe
680	myZgAzQ.exe
3060	mIaAjxL.exe
2244	ddCrLTH.exe
2268	tNVjoob.exe
2256	ysCywWq.exe
1336	maRYpeR.exe
1460	qFXciDY.exe
1480	MeQWhPz.exe
364	ePTdVWj.exe
1596	BFxerXX.exe
1928	qmSAHBm.exe
2568	sfmcLyl.exe
2064	SbYGjDO.exe
2192	JLPKNUs.exe
2624	IqiMljs.exe
2580	HIdzQSw.exe
2040	Frjokqs.exe
1628	qDAnbAL.exe
1904	foyPdwa.exe
1276	KTEWMKt.exe
1120	TCatekp.exe
872	VIFOEEF.exe
1656	aSImzSv.exe
1584	dWENQTb.exe
2332	RyMkMea.exe
2776	aGTgOrS.exe

Loads dropped DLL 64 IoCs

pid	Process
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1292-0-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/files/0x00030000000178b0-6.dat	upx
behavioral1/files/0x0008000000018dea-8.dat	upx
behavioral1/files/0x0007000000018e25-12.dat	upx
behavioral1/files/0x001f000000018d1e-31.dat	upx
behavioral1/memory/2932-29-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/files/0x0006000000018e65-28.dat	upx
behavioral1/memory/2960-23-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/memory/1112-22-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/764-20-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2892-37-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/files/0x0006000000018e96-38.dat	upx
behavioral1/files/0x0005000000018fcd-115.dat	upx
behavioral1/files/0x0005000000018fc4-111.dat	upx
behavioral1/memory/944-110-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/2368-109-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/files/0x0005000000018fe2-123.dat	upx
behavioral1/files/0x00040000000191bb-178.dat	upx
behavioral1/files/0x00040000000191ed-194.dat	upx
behavioral1/memory/2892-261-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2688-442-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/2884-416-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/files/0x00040000000191f7-192.dat	upx
behavioral1/files/0x00040000000191da-186.dat	upx
behavioral1/files/0x00040000000191c8-177.dat	upx
behavioral1/files/0x00040000000191b3-169.dat	upx
behavioral1/files/0x000400000001915a-161.dat	upx
behavioral1/files/0x00040000000191d2-185.dat	upx
behavioral1/files/0x000400000001919b-167.dat	upx
behavioral1/files/0x0005000000019074-158.dat	upx
behavioral1/files/0x000500000001904d-153.dat	upx
behavioral1/files/0x0005000000019044-148.dat	upx
behavioral1/files/0x000500000001903d-143.dat	upx
behavioral1/files/0x0005000000019028-138.dat	upx
behavioral1/files/0x000500000001901a-133.dat	upx
behavioral1/files/0x0005000000018ffa-128.dat	upx
behavioral1/memory/2932-117-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2664-106-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2616-104-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/files/0x0005000000018fca-101.dat	upx
behavioral1/memory/1292-65-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/files/0x0007000000018eb2-58.dat	upx
behavioral1/memory/2216-99-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/2680-98-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/files/0x0005000000018faa-56.dat	upx
behavioral1/files/0x0008000000018ea1-50.dat	upx
behavioral1/files/0x0005000000018fba-94.dat	upx
behavioral1/files/0x0005000000018fc7-92.dat	upx
behavioral1/files/0x0005000000018fc2-84.dat	upx
behavioral1/memory/2688-64-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/2652-61-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/files/0x0005000000018fb0-71.dat	upx
behavioral1/files/0x0006000000018e9f-47.dat	upx
behavioral1/memory/2884-43-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2960-1429-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/memory/1112-1430-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/764-1431-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2932-1438-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2892-1497-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2884-1518-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2652-1522-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2216-1546-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/2616-1548-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2688-1544-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ZNauJxP.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\EMvcSEW.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\TDsLRjj.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\bHPhVuv.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\THlMYyG.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\pEbVpkF.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\XMseBaZ.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\gLOPFpe.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\VhnElXA.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\uChHgLI.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\opvsuMr.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\hcRUFjU.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\SABGncr.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\WyGonKi.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\pHgpCzi.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\kZiTiQg.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\trrPYkv.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\nEfADxX.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\RKLOUWd.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\cnduBwx.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\cGXCPrX.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\YCAxHOp.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\YqGFeKg.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\TUSssaN.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\nvevOmq.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\Vxscjhc.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\MAuxmZh.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\AeIhcGi.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\LAQYalD.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\UkpfYMm.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\gtKEiaC.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\YLeJbtG.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\FKUyvAj.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\HtRllxO.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\lVAsDoa.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\fMzYaKc.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\rHTOFgD.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\czpJtMN.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\brqMcxs.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\GvQzUZG.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\hDlHwpa.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\vHUckDi.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\NdneyXV.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\rnEGdGK.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\EuudiXA.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\ZiGQxIu.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\YRbDbWL.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\iuAMSvK.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\OoBrZdD.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\JyVBkng.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\ApoKSxS.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\swoEgMZ.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\TeVTcZP.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\Frzxgqy.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\ZueAEWg.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\ldTHeoD.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\SndrUar.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\HgxRVjX.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\aIKdcCz.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\HJrnfbc.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\wWlepot.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\qfNZmdt.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\yoAidFq.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
File created	C:\Windows\System\FShZjRi.exe	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1292 wrote to memory of 2960	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	31
PID 1292 wrote to memory of 2960	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	31
PID 1292 wrote to memory of 2960	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	31
PID 1292 wrote to memory of 764	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	32
PID 1292 wrote to memory of 764	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	32
PID 1292 wrote to memory of 764	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	32
PID 1292 wrote to memory of 1112	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	33
PID 1292 wrote to memory of 1112	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	33
PID 1292 wrote to memory of 1112	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	33
PID 1292 wrote to memory of 2932	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	34
PID 1292 wrote to memory of 2932	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	34
PID 1292 wrote to memory of 2932	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	34
PID 1292 wrote to memory of 2892	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	35
PID 1292 wrote to memory of 2892	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	35
PID 1292 wrote to memory of 2892	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	35
PID 1292 wrote to memory of 2884	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	36
PID 1292 wrote to memory of 2884	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	36
PID 1292 wrote to memory of 2884	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	36
PID 1292 wrote to memory of 2652	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	37
PID 1292 wrote to memory of 2652	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	37
PID 1292 wrote to memory of 2652	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	37
PID 1292 wrote to memory of 2216	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	38
PID 1292 wrote to memory of 2216	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	38
PID 1292 wrote to memory of 2216	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	38
PID 1292 wrote to memory of 2688	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	39
PID 1292 wrote to memory of 2688	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	39
PID 1292 wrote to memory of 2688	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	39
PID 1292 wrote to memory of 2616	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	40
PID 1292 wrote to memory of 2616	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	40
PID 1292 wrote to memory of 2616	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	40
PID 1292 wrote to memory of 2680	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	41
PID 1292 wrote to memory of 2680	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	41
PID 1292 wrote to memory of 2680	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	41
PID 1292 wrote to memory of 944	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	42
PID 1292 wrote to memory of 944	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	42
PID 1292 wrote to memory of 944	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	42
PID 1292 wrote to memory of 2664	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	43
PID 1292 wrote to memory of 2664	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	43
PID 1292 wrote to memory of 2664	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	43
PID 1292 wrote to memory of 2012	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	44
PID 1292 wrote to memory of 2012	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	44
PID 1292 wrote to memory of 2012	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	44
PID 1292 wrote to memory of 2368	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	45
PID 1292 wrote to memory of 2368	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	45
PID 1292 wrote to memory of 2368	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	45
PID 1292 wrote to memory of 1768	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	46
PID 1292 wrote to memory of 1768	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	46
PID 1292 wrote to memory of 1768	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	46
PID 1292 wrote to memory of 2836	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	47
PID 1292 wrote to memory of 2836	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	47
PID 1292 wrote to memory of 2836	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	47
PID 1292 wrote to memory of 1840	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	48
PID 1292 wrote to memory of 1840	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	48
PID 1292 wrote to memory of 1840	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	48
PID 1292 wrote to memory of 2548	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	49
PID 1292 wrote to memory of 2548	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	49
PID 1292 wrote to memory of 2548	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	49
PID 1292 wrote to memory of 1644	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	50
PID 1292 wrote to memory of 1644	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	50
PID 1292 wrote to memory of 1644	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	50
PID 1292 wrote to memory of 2812	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	51
PID 1292 wrote to memory of 2812	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	51
PID 1292 wrote to memory of 2812	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	51
PID 1292 wrote to memory of 692	1292	1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe	52

C:\Users\Admin\AppData\Local\Temp\1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe
"C:\Users\Admin\AppData\Local\Temp\1deed37d8012dfdbe058fdfb84e914bc235e7ddc235a15a826079fe678afa5d8.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1292
- C:\Windows\System\ukVERzX.exe
  C:\Windows\System\ukVERzX.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\fIZWvVc.exe
  C:\Windows\System\fIZWvVc.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\JvRvWqK.exe
  C:\Windows\System\JvRvWqK.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\bHPhVuv.exe
  C:\Windows\System\bHPhVuv.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\KhXrIta.exe
  C:\Windows\System\KhXrIta.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\VpQqQnj.exe
  C:\Windows\System\VpQqQnj.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\pzNvSMb.exe
  C:\Windows\System\pzNvSMb.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\MOKmUtE.exe
  C:\Windows\System\MOKmUtE.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\vUrVyIK.exe
  C:\Windows\System\vUrVyIK.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\WKciWMv.exe
  C:\Windows\System\WKciWMv.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\wTjZSSZ.exe
  C:\Windows\System\wTjZSSZ.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\mccoDzz.exe
  C:\Windows\System\mccoDzz.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\PTnZhkq.exe
  C:\Windows\System\PTnZhkq.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\ayjXgbG.exe
  C:\Windows\System\ayjXgbG.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\lRSbksv.exe
  C:\Windows\System\lRSbksv.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\GMzClJz.exe
  C:\Windows\System\GMzClJz.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\dDppJUg.exe
  C:\Windows\System\dDppJUg.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\rnvjWPm.exe
  C:\Windows\System\rnvjWPm.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\ZVplbMw.exe
  C:\Windows\System\ZVplbMw.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\FnKCFel.exe
  C:\Windows\System\FnKCFel.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\HECMvfw.exe
  C:\Windows\System\HECMvfw.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\GwOGIDi.exe
  C:\Windows\System\GwOGIDi.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\lyZSqsn.exe
  C:\Windows\System\lyZSqsn.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\swoEgMZ.exe
  C:\Windows\System\swoEgMZ.exe
  2⤵
  - Executes dropped EXE
  PID:360
- C:\Windows\System\PLQgStg.exe
  C:\Windows\System\PLQgStg.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\psjhKKc.exe
  C:\Windows\System\psjhKKc.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\hdDGXrK.exe
  C:\Windows\System\hdDGXrK.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\YuPmgGY.exe
  C:\Windows\System\YuPmgGY.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\oqENbiZ.exe
  C:\Windows\System\oqENbiZ.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\efyNesr.exe
  C:\Windows\System\efyNesr.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\QxwzNRW.exe
  C:\Windows\System\QxwzNRW.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\KasaZrD.exe
  C:\Windows\System\KasaZrD.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\xrzKSEp.exe
  C:\Windows\System\xrzKSEp.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\gYeXTfF.exe
  C:\Windows\System\gYeXTfF.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\OJOMRzD.exe
  C:\Windows\System\OJOMRzD.exe
  2⤵
  - Executes dropped EXE
  PID:524
- C:\Windows\System\yjhxefK.exe
  C:\Windows\System\yjhxefK.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\rqXVndh.exe
  C:\Windows\System\rqXVndh.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\maRYpeR.exe
  C:\Windows\System\maRYpeR.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\iSvWEHk.exe
  C:\Windows\System\iSvWEHk.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\IqiMljs.exe
  C:\Windows\System\IqiMljs.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\myZgAzQ.exe
  C:\Windows\System\myZgAzQ.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\HIdzQSw.exe
  C:\Windows\System\HIdzQSw.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\mIaAjxL.exe
  C:\Windows\System\mIaAjxL.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\Frjokqs.exe
  C:\Windows\System\Frjokqs.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\ddCrLTH.exe
  C:\Windows\System\ddCrLTH.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\qDAnbAL.exe
  C:\Windows\System\qDAnbAL.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\tNVjoob.exe
  C:\Windows\System\tNVjoob.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\foyPdwa.exe
  C:\Windows\System\foyPdwa.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\ysCywWq.exe
  C:\Windows\System\ysCywWq.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\KTEWMKt.exe
  C:\Windows\System\KTEWMKt.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\qFXciDY.exe
  C:\Windows\System\qFXciDY.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\TCatekp.exe
  C:\Windows\System\TCatekp.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\MeQWhPz.exe
  C:\Windows\System\MeQWhPz.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\VIFOEEF.exe
  C:\Windows\System\VIFOEEF.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\ePTdVWj.exe
  C:\Windows\System\ePTdVWj.exe
  2⤵
  - Executes dropped EXE
  PID:364
- C:\Windows\System\aSImzSv.exe
  C:\Windows\System\aSImzSv.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\BFxerXX.exe
  C:\Windows\System\BFxerXX.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\dWENQTb.exe
  C:\Windows\System\dWENQTb.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\qmSAHBm.exe
  C:\Windows\System\qmSAHBm.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\RyMkMea.exe
  C:\Windows\System\RyMkMea.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\sfmcLyl.exe
  C:\Windows\System\sfmcLyl.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\aGTgOrS.exe
  C:\Windows\System\aGTgOrS.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\SbYGjDO.exe
  C:\Windows\System\SbYGjDO.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\jYQnJXF.exe
  C:\Windows\System\jYQnJXF.exe
  2⤵
  PID:1624
- C:\Windows\System\JLPKNUs.exe
  C:\Windows\System\JLPKNUs.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\ejnPQvg.exe
  C:\Windows\System\ejnPQvg.exe
  2⤵
  PID:2360
- C:\Windows\System\SCTgqzJ.exe
  C:\Windows\System\SCTgqzJ.exe
  2⤵
  PID:752
- C:\Windows\System\mgXnVHi.exe
  C:\Windows\System\mgXnVHi.exe
  2⤵
  PID:820
- C:\Windows\System\wSzgfqt.exe
  C:\Windows\System\wSzgfqt.exe
  2⤵
  PID:2668
- C:\Windows\System\IKqcAQN.exe
  C:\Windows\System\IKqcAQN.exe
  2⤵
  PID:1852
- C:\Windows\System\cRoIOyR.exe
  C:\Windows\System\cRoIOyR.exe
  2⤵
  PID:2524
- C:\Windows\System\zktyhtH.exe
  C:\Windows\System\zktyhtH.exe
  2⤵
  PID:1804
- C:\Windows\System\EqxBgDJ.exe
  C:\Windows\System\EqxBgDJ.exe
  2⤵
  PID:2952
- C:\Windows\System\rHQXCjL.exe
  C:\Windows\System\rHQXCjL.exe
  2⤵
  PID:3000
- C:\Windows\System\czpJtMN.exe
  C:\Windows\System\czpJtMN.exe
  2⤵
  PID:800
- C:\Windows\System\gelvWhB.exe
  C:\Windows\System\gelvWhB.exe
  2⤵
  PID:3040
- C:\Windows\System\kYFsCRC.exe
  C:\Windows\System\kYFsCRC.exe
  2⤵
  PID:2016
- C:\Windows\System\vqbiEph.exe
  C:\Windows\System\vqbiEph.exe
  2⤵
  PID:532
- C:\Windows\System\TQCYMem.exe
  C:\Windows\System\TQCYMem.exe
  2⤵
  PID:1664
- C:\Windows\System\qSDrAvK.exe
  C:\Windows\System\qSDrAvK.exe
  2⤵
  PID:1692
- C:\Windows\System\vEVgPGL.exe
  C:\Windows\System\vEVgPGL.exe
  2⤵
  PID:1944
- C:\Windows\System\QeHEyQQ.exe
  C:\Windows\System\QeHEyQQ.exe
  2⤵
  PID:1528
- C:\Windows\System\KLErgrf.exe
  C:\Windows\System\KLErgrf.exe
  2⤵
  PID:2220
- C:\Windows\System\gkReRJs.exe
  C:\Windows\System\gkReRJs.exe
  2⤵
  PID:1032
- C:\Windows\System\HJrnfbc.exe
  C:\Windows\System\HJrnfbc.exe
  2⤵
  PID:2560
- C:\Windows\System\IPpQeNO.exe
  C:\Windows\System\IPpQeNO.exe
  2⤵
  PID:2232
- C:\Windows\System\irmIiRg.exe
  C:\Windows\System\irmIiRg.exe
  2⤵
  PID:1964
- C:\Windows\System\VrEHcLj.exe
  C:\Windows\System\VrEHcLj.exe
  2⤵
  PID:584
- C:\Windows\System\eMgWUlp.exe
  C:\Windows\System\eMgWUlp.exe
  2⤵
  PID:2908
- C:\Windows\System\OildCCz.exe
  C:\Windows\System\OildCCz.exe
  2⤵
  PID:2072
- C:\Windows\System\pHjJSmZ.exe
  C:\Windows\System\pHjJSmZ.exe
  2⤵
  PID:2108
- C:\Windows\System\worLzCh.exe
  C:\Windows\System\worLzCh.exe
  2⤵
  PID:2476
- C:\Windows\System\YRbDbWL.exe
  C:\Windows\System\YRbDbWL.exe
  2⤵
  PID:600
- C:\Windows\System\JpwlqUA.exe
  C:\Windows\System\JpwlqUA.exe
  2⤵
  PID:2864
- C:\Windows\System\AxRRjwi.exe
  C:\Windows\System\AxRRjwi.exe
  2⤵
  PID:2352
- C:\Windows\System\oAMRWvH.exe
  C:\Windows\System\oAMRWvH.exe
  2⤵
  PID:2320
- C:\Windows\System\mEOnxcQ.exe
  C:\Windows\System\mEOnxcQ.exe
  2⤵
  PID:2920
- C:\Windows\System\uiFMwKE.exe
  C:\Windows\System\uiFMwKE.exe
  2⤵
  PID:1492
- C:\Windows\System\GDWBhpk.exe
  C:\Windows\System\GDWBhpk.exe
  2⤵
  PID:3032
- C:\Windows\System\KimGFTj.exe
  C:\Windows\System\KimGFTj.exe
  2⤵
  PID:2308
- C:\Windows\System\yYeoPEc.exe
  C:\Windows\System\yYeoPEc.exe
  2⤵
  PID:3088
- C:\Windows\System\zunZECN.exe
  C:\Windows\System\zunZECN.exe
  2⤵
  PID:3396
- C:\Windows\System\lQgwtUm.exe
  C:\Windows\System\lQgwtUm.exe
  2⤵
  PID:3412
- C:\Windows\System\OcylGbm.exe
  C:\Windows\System\OcylGbm.exe
  2⤵
  PID:3432
- C:\Windows\System\DIxeTTj.exe
  C:\Windows\System\DIxeTTj.exe
  2⤵
  PID:3452
- C:\Windows\System\FKsBCcA.exe
  C:\Windows\System\FKsBCcA.exe
  2⤵
  PID:3476
- C:\Windows\System\amLespD.exe
  C:\Windows\System\amLespD.exe
  2⤵
  PID:3496
- C:\Windows\System\fSfxYmm.exe
  C:\Windows\System\fSfxYmm.exe
  2⤵
  PID:3512
- C:\Windows\System\UztjEJB.exe
  C:\Windows\System\UztjEJB.exe
  2⤵
  PID:3544
- C:\Windows\System\lDHvEfd.exe
  C:\Windows\System\lDHvEfd.exe
  2⤵
  PID:3572
- C:\Windows\System\QeVScKv.exe
  C:\Windows\System\QeVScKv.exe
  2⤵
  PID:3592
- C:\Windows\System\wolCmxl.exe
  C:\Windows\System\wolCmxl.exe
  2⤵
  PID:3612
- C:\Windows\System\pDtMxLq.exe
  C:\Windows\System\pDtMxLq.exe
  2⤵
  PID:3632
- C:\Windows\System\uOBuNji.exe
  C:\Windows\System\uOBuNji.exe
  2⤵
  PID:3648
- C:\Windows\System\WOLWqrN.exe
  C:\Windows\System\WOLWqrN.exe
  2⤵
  PID:3672
- C:\Windows\System\fBaJhDW.exe
  C:\Windows\System\fBaJhDW.exe
  2⤵
  PID:3688
- C:\Windows\System\JEjXUJL.exe
  C:\Windows\System\JEjXUJL.exe
  2⤵
  PID:3712
- C:\Windows\System\dycUMNi.exe
  C:\Windows\System\dycUMNi.exe
  2⤵
  PID:3732
- C:\Windows\System\zVagGEz.exe
  C:\Windows\System\zVagGEz.exe
  2⤵
  PID:3752
- C:\Windows\System\yQxFref.exe
  C:\Windows\System\yQxFref.exe
  2⤵
  PID:3768
- C:\Windows\System\IbLVhdv.exe
  C:\Windows\System\IbLVhdv.exe
  2⤵
  PID:3788
- C:\Windows\System\jySbFNX.exe
  C:\Windows\System\jySbFNX.exe
  2⤵
  PID:3808
- C:\Windows\System\aeSOsmV.exe
  C:\Windows\System\aeSOsmV.exe
  2⤵
  PID:3832
- C:\Windows\System\xQejjQy.exe
  C:\Windows\System\xQejjQy.exe
  2⤵
  PID:3848
- C:\Windows\System\SJLySHQ.exe
  C:\Windows\System\SJLySHQ.exe
  2⤵
  PID:3868
- C:\Windows\System\UdUhuVH.exe
  C:\Windows\System\UdUhuVH.exe
  2⤵
  PID:3900
- C:\Windows\System\UiKfRKr.exe
  C:\Windows\System\UiKfRKr.exe
  2⤵
  PID:3916
- C:\Windows\System\mDcgsii.exe
  C:\Windows\System\mDcgsii.exe
  2⤵
  PID:3932
- C:\Windows\System\UfVbnLg.exe
  C:\Windows\System\UfVbnLg.exe
  2⤵
  PID:3956
- C:\Windows\System\fUMIiKZ.exe
  C:\Windows\System\fUMIiKZ.exe
  2⤵
  PID:3972
- C:\Windows\System\QEUpdGc.exe
  C:\Windows\System\QEUpdGc.exe
  2⤵
  PID:3988
- C:\Windows\System\cdkwWHB.exe
  C:\Windows\System\cdkwWHB.exe
  2⤵
  PID:4008
- C:\Windows\System\MShSJMs.exe
  C:\Windows\System\MShSJMs.exe
  2⤵
  PID:4040
- C:\Windows\System\nwotJwN.exe
  C:\Windows\System\nwotJwN.exe
  2⤵
  PID:4056
- C:\Windows\System\GjbzZIj.exe
  C:\Windows\System\GjbzZIj.exe
  2⤵
  PID:4072
- C:\Windows\System\cNKjOpf.exe
  C:\Windows\System\cNKjOpf.exe
  2⤵
  PID:4092
- C:\Windows\System\shrzckW.exe
  C:\Windows\System\shrzckW.exe
  2⤵
  PID:1444
- C:\Windows\System\FaGnSLY.exe
  C:\Windows\System\FaGnSLY.exe
  2⤵
  PID:1992
- C:\Windows\System\evBYgwl.exe
  C:\Windows\System\evBYgwl.exe
  2⤵
  PID:3112
- C:\Windows\System\xqjlPui.exe
  C:\Windows\System\xqjlPui.exe
  2⤵
  PID:3132
- C:\Windows\System\aNJzjni.exe
  C:\Windows\System\aNJzjni.exe
  2⤵
  PID:2124
- C:\Windows\System\iuAMSvK.exe
  C:\Windows\System\iuAMSvK.exe
  2⤵
  PID:1680
- C:\Windows\System\BPezvEa.exe
  C:\Windows\System\BPezvEa.exe
  2⤵
  PID:1592
- C:\Windows\System\dvtInSu.exe
  C:\Windows\System\dvtInSu.exe
  2⤵
  PID:1608
- C:\Windows\System\HyEhTCo.exe
  C:\Windows\System\HyEhTCo.exe
  2⤵
  PID:2512
- C:\Windows\System\XQJQHfL.exe
  C:\Windows\System\XQJQHfL.exe
  2⤵
  PID:2260
- C:\Windows\System\xbYxoDK.exe
  C:\Windows\System\xbYxoDK.exe
  2⤵
  PID:2924
- C:\Windows\System\dpWxnIW.exe
  C:\Windows\System\dpWxnIW.exe
  2⤵
  PID:2240
- C:\Windows\System\JkaWzbo.exe
  C:\Windows\System\JkaWzbo.exe
  2⤵
  PID:2336
- C:\Windows\System\UwtxuSE.exe
  C:\Windows\System\UwtxuSE.exe
  2⤵
  PID:1240
- C:\Windows\System\bFLloQM.exe
  C:\Windows\System\bFLloQM.exe
  2⤵
  PID:3028
- C:\Windows\System\sNTSELB.exe
  C:\Windows\System\sNTSELB.exe
  2⤵
  PID:3156
- C:\Windows\System\CmkyXpd.exe
  C:\Windows\System\CmkyXpd.exe
  2⤵
  PID:3172
- C:\Windows\System\wUmymuj.exe
  C:\Windows\System\wUmymuj.exe
  2⤵
  PID:3188
- C:\Windows\System\qNuFpik.exe
  C:\Windows\System\qNuFpik.exe
  2⤵
  PID:3208
- C:\Windows\System\czrmfat.exe
  C:\Windows\System\czrmfat.exe
  2⤵
  PID:3224
- C:\Windows\System\tOZdaYV.exe
  C:\Windows\System\tOZdaYV.exe
  2⤵
  PID:3244
- C:\Windows\System\oVPwvQI.exe
  C:\Windows\System\oVPwvQI.exe
  2⤵
  PID:3268
- C:\Windows\System\QfDIADZ.exe
  C:\Windows\System\QfDIADZ.exe
  2⤵
  PID:3288
- C:\Windows\System\cpDUaVw.exe
  C:\Windows\System\cpDUaVw.exe
  2⤵
  PID:3304
- C:\Windows\System\XvFKNbB.exe
  C:\Windows\System\XvFKNbB.exe
  2⤵
  PID:3324
- C:\Windows\System\drfyWFz.exe
  C:\Windows\System\drfyWFz.exe
  2⤵
  PID:3336
- C:\Windows\System\vYEPkwF.exe
  C:\Windows\System\vYEPkwF.exe
  2⤵
  PID:3356
- C:\Windows\System\KazRtyj.exe
  C:\Windows\System\KazRtyj.exe
  2⤵
  PID:3368
- C:\Windows\System\zOEgfBU.exe
  C:\Windows\System\zOEgfBU.exe
  2⤵
  PID:3460
- C:\Windows\System\MXCkEib.exe
  C:\Windows\System\MXCkEib.exe
  2⤵
  PID:3508
- C:\Windows\System\WPJwkHz.exe
  C:\Windows\System\WPJwkHz.exe
  2⤵
  PID:3448
- C:\Windows\System\aloRDgk.exe
  C:\Windows\System\aloRDgk.exe
  2⤵
  PID:3520
- C:\Windows\System\wwmlvqP.exe
  C:\Windows\System\wwmlvqP.exe
  2⤵
  PID:3552
- C:\Windows\System\EPesYuV.exe
  C:\Windows\System\EPesYuV.exe
  2⤵
  PID:2828
- C:\Windows\System\xjvYFPg.exe
  C:\Windows\System\xjvYFPg.exe
  2⤵
  PID:3644
- C:\Windows\System\USzzRJy.exe
  C:\Windows\System\USzzRJy.exe
  2⤵
  PID:3680
- C:\Windows\System\ifvOUPj.exe
  C:\Windows\System\ifvOUPj.exe
  2⤵
  PID:3724
- C:\Windows\System\NjiRvmp.exe
  C:\Windows\System\NjiRvmp.exe
  2⤵
  PID:3800
- C:\Windows\System\gwispEx.exe
  C:\Windows\System\gwispEx.exe
  2⤵
  PID:3844
- C:\Windows\System\nnuZunF.exe
  C:\Windows\System\nnuZunF.exe
  2⤵
  PID:3704
- C:\Windows\System\EsiToTl.exe
  C:\Windows\System\EsiToTl.exe
  2⤵
  PID:3896
- C:\Windows\System\wsFqxyb.exe
  C:\Windows\System\wsFqxyb.exe
  2⤵
  PID:3924
- C:\Windows\System\XKxQODy.exe
  C:\Windows\System\XKxQODy.exe
  2⤵
  PID:4000
- C:\Windows\System\jFPrJiJ.exe
  C:\Windows\System\jFPrJiJ.exe
  2⤵
  PID:3828
- C:\Windows\System\vmGhJcY.exe
  C:\Windows\System\vmGhJcY.exe
  2⤵
  PID:3860
- C:\Windows\System\zdksnyl.exe
  C:\Windows\System\zdksnyl.exe
  2⤵
  PID:3908
- C:\Windows\System\EHdmVNf.exe
  C:\Windows\System\EHdmVNf.exe
  2⤵
  PID:4080
- C:\Windows\System\EWhdXSM.exe
  C:\Windows\System\EWhdXSM.exe
  2⤵
  PID:2784
- C:\Windows\System\Eqttxun.exe
  C:\Windows\System\Eqttxun.exe
  2⤵
  PID:3120
- C:\Windows\System\BxiOXgX.exe
  C:\Windows\System\BxiOXgX.exe
  2⤵
  PID:4016
- C:\Windows\System\MUQAhcJ.exe
  C:\Windows\System\MUQAhcJ.exe
  2⤵
  PID:2620
- C:\Windows\System\xMRjMIB.exe
  C:\Windows\System\xMRjMIB.exe
  2⤵
  PID:1476
- C:\Windows\System\uCmQChV.exe
  C:\Windows\System\uCmQChV.exe
  2⤵
  PID:2844
- C:\Windows\System\HtRllxO.exe
  C:\Windows\System\HtRllxO.exe
  2⤵
  PID:3104
- C:\Windows\System\ZGwFZwD.exe
  C:\Windows\System\ZGwFZwD.exe
  2⤵
  PID:3148
- C:\Windows\System\SSyJiqb.exe
  C:\Windows\System\SSyJiqb.exe
  2⤵
  PID:1564
- C:\Windows\System\eodxeCO.exe
  C:\Windows\System\eodxeCO.exe
  2⤵
  PID:580
- C:\Windows\System\NhzmrSy.exe
  C:\Windows\System\NhzmrSy.exe
  2⤵
  PID:2104
- C:\Windows\System\EkAqkFI.exe
  C:\Windows\System\EkAqkFI.exe
  2⤵
  PID:2340
- C:\Windows\System\RgSaBCh.exe
  C:\Windows\System\RgSaBCh.exe
  2⤵
  PID:2796
- C:\Windows\System\aNebeYg.exe
  C:\Windows\System\aNebeYg.exe
  2⤵
  PID:2408
- C:\Windows\System\qAjncoN.exe
  C:\Windows\System\qAjncoN.exe
  2⤵
  PID:3216
- C:\Windows\System\fvzcMBj.exe
  C:\Windows\System\fvzcMBj.exe
  2⤵
  PID:912
- C:\Windows\System\uySrrvA.exe
  C:\Windows\System\uySrrvA.exe
  2⤵
  PID:1560
- C:\Windows\System\JBVbdhC.exe
  C:\Windows\System\JBVbdhC.exe
  2⤵
  PID:3200
- C:\Windows\System\mpfotxN.exe
  C:\Windows\System\mpfotxN.exe
  2⤵
  PID:2576
- C:\Windows\System\lVAsDoa.exe
  C:\Windows\System\lVAsDoa.exe
  2⤵
  PID:3020
- C:\Windows\System\yPmMdfe.exe
  C:\Windows\System\yPmMdfe.exe
  2⤵
  PID:1972
- C:\Windows\System\DxAvkKa.exe
  C:\Windows\System\DxAvkKa.exe
  2⤵
  PID:1244
- C:\Windows\System\mfxLKTu.exe
  C:\Windows\System\mfxLKTu.exe
  2⤵
  PID:3316
- C:\Windows\System\GTUDfRO.exe
  C:\Windows\System\GTUDfRO.exe
  2⤵
  PID:3232
- C:\Windows\System\creVNfu.exe
  C:\Windows\System\creVNfu.exe
  2⤵
  PID:3428
- C:\Windows\System\AuJIpFw.exe
  C:\Windows\System\AuJIpFw.exe
  2⤵
  PID:916
- C:\Windows\System\AaqUbOy.exe
  C:\Windows\System\AaqUbOy.exe
  2⤵
  PID:1724
- C:\Windows\System\FbArYjC.exe
  C:\Windows\System\FbArYjC.exe
  2⤵
  PID:3532
- C:\Windows\System\nsayqxO.exe
  C:\Windows\System\nsayqxO.exe
  2⤵
  PID:3588
- C:\Windows\System\MfXyLZe.exe
  C:\Windows\System\MfXyLZe.exe
  2⤵
  PID:2980
- C:\Windows\System\NFNkfLR.exe
  C:\Windows\System\NFNkfLR.exe
  2⤵
  PID:2748
- C:\Windows\System\HbRrnjb.exe
  C:\Windows\System\HbRrnjb.exe
  2⤵
  PID:3668
- C:\Windows\System\JDUNHHc.exe
  C:\Windows\System\JDUNHHc.exe
  2⤵
  PID:4036
- C:\Windows\System\lFVEjDg.exe
  C:\Windows\System\lFVEjDg.exe
  2⤵
  PID:2044
- C:\Windows\System\ztiDNkL.exe
  C:\Windows\System\ztiDNkL.exe
  2⤵
  PID:892
- C:\Windows\System\BRgNcad.exe
  C:\Windows\System\BRgNcad.exe
  2⤵
  PID:3296
- C:\Windows\System\UrkswQz.exe
  C:\Windows\System\UrkswQz.exe
  2⤵
  PID:2904
- C:\Windows\System\PnCQaqM.exe
  C:\Windows\System\PnCQaqM.exe
  2⤵
  PID:2168
- C:\Windows\System\uJbxWmr.exe
  C:\Windows\System\uJbxWmr.exe
  2⤵
  PID:3420
- C:\Windows\System\zmRZydW.exe
  C:\Windows\System\zmRZydW.exe
  2⤵
  PID:3140
- C:\Windows\System\JllLvUt.exe
  C:\Windows\System\JllLvUt.exe
  2⤵
  PID:3580
- C:\Windows\System\XClAYRl.exe
  C:\Windows\System\XClAYRl.exe
  2⤵
  PID:3888
- C:\Windows\System\irwbDCz.exe
  C:\Windows\System\irwbDCz.exe
  2⤵
  PID:3560
- C:\Windows\System\CZFYjhH.exe
  C:\Windows\System\CZFYjhH.exe
  2⤵
  PID:1532
- C:\Windows\System\hjtSHhE.exe
  C:\Windows\System\hjtSHhE.exe
  2⤵
  PID:3744
- C:\Windows\System\eTgEnzN.exe
  C:\Windows\System\eTgEnzN.exe
  2⤵
  PID:4052
- C:\Windows\System\dJRpdFX.exe
  C:\Windows\System\dJRpdFX.exe
  2⤵
  PID:3260
- C:\Windows\System\cTkulxW.exe
  C:\Windows\System\cTkulxW.exe
  2⤵
  PID:2816
- C:\Windows\System\vxlpTmX.exe
  C:\Windows\System\vxlpTmX.exe
  2⤵
  PID:3348
- C:\Windows\System\gozmFtn.exe
  C:\Windows\System\gozmFtn.exe
  2⤵
  PID:3404
- C:\Windows\System\tcSfhaz.exe
  C:\Windows\System\tcSfhaz.exe
  2⤵
  PID:3444
- C:\Windows\System\RLJexaN.exe
  C:\Windows\System\RLJexaN.exe
  2⤵
  PID:3628
- C:\Windows\System\wscYJbO.exe
  C:\Windows\System\wscYJbO.exe
  2⤵
  PID:3256
- C:\Windows\System\dGfpJzq.exe
  C:\Windows\System\dGfpJzq.exe
  2⤵
  PID:2028
- C:\Windows\System\MtmlfNU.exe
  C:\Windows\System\MtmlfNU.exe
  2⤵
  PID:1948
- C:\Windows\System\vTnAwgO.exe
  C:\Windows\System\vTnAwgO.exe
  2⤵
  PID:2868
- C:\Windows\System\QYToOCN.exe
  C:\Windows\System\QYToOCN.exe
  2⤵
  PID:2160
- C:\Windows\System\eaqFJWa.exe
  C:\Windows\System\eaqFJWa.exe
  2⤵
  PID:2780
- C:\Windows\System\DhrHdil.exe
  C:\Windows\System\DhrHdil.exe
  2⤵
  PID:3152
- C:\Windows\System\SdOvykF.exe
  C:\Windows\System\SdOvykF.exe
  2⤵
  PID:3100
- C:\Windows\System\yTECbjq.exe
  C:\Windows\System\yTECbjq.exe
  2⤵
  PID:3600
- C:\Windows\System\LiGWHVG.exe
  C:\Windows\System\LiGWHVG.exe
  2⤵
  PID:548
- C:\Windows\System\GlkeTVY.exe
  C:\Windows\System\GlkeTVY.exe
  2⤵
  PID:2280
- C:\Windows\System\ZaGZBZg.exe
  C:\Windows\System\ZaGZBZg.exe
  2⤵
  PID:3472
- C:\Windows\System\DHQgarR.exe
  C:\Windows\System\DHQgarR.exe
  2⤵
  PID:3144
- C:\Windows\System\KFIQKPx.exe
  C:\Windows\System\KFIQKPx.exe
  2⤵
  PID:3804
- C:\Windows\System\KnpdUpE.exe
  C:\Windows\System\KnpdUpE.exe
  2⤵
  PID:4104
- C:\Windows\System\oORmRoy.exe
  C:\Windows\System\oORmRoy.exe
  2⤵
  PID:4120
- C:\Windows\System\FFMJfsj.exe
  C:\Windows\System\FFMJfsj.exe
  2⤵
  PID:4140
- C:\Windows\System\ICkzNoy.exe
  C:\Windows\System\ICkzNoy.exe
  2⤵
  PID:4156
- C:\Windows\System\puHTwZs.exe
  C:\Windows\System\puHTwZs.exe
  2⤵
  PID:4172
- C:\Windows\System\ODmRahx.exe
  C:\Windows\System\ODmRahx.exe
  2⤵
  PID:4188
- C:\Windows\System\MjzekPE.exe
  C:\Windows\System\MjzekPE.exe
  2⤵
  PID:4204
- C:\Windows\System\EiVaDMc.exe
  C:\Windows\System\EiVaDMc.exe
  2⤵
  PID:4220
- C:\Windows\System\pNZzcPY.exe
  C:\Windows\System\pNZzcPY.exe
  2⤵
  PID:4236
- C:\Windows\System\lIHbjyk.exe
  C:\Windows\System\lIHbjyk.exe
  2⤵
  PID:4256
- C:\Windows\System\XTBGhkM.exe
  C:\Windows\System\XTBGhkM.exe
  2⤵
  PID:4272
- C:\Windows\System\JXaNgMl.exe
  C:\Windows\System\JXaNgMl.exe
  2⤵
  PID:4288
- C:\Windows\System\wcTXwWa.exe
  C:\Windows\System\wcTXwWa.exe
  2⤵
  PID:4304
- C:\Windows\System\RzrnmNB.exe
  C:\Windows\System\RzrnmNB.exe
  2⤵
  PID:4332
- C:\Windows\System\amUXHpW.exe
  C:\Windows\System\amUXHpW.exe
  2⤵
  PID:4400
- C:\Windows\System\cWpiMVt.exe
  C:\Windows\System\cWpiMVt.exe
  2⤵
  PID:4416
- C:\Windows\System\vrSFUXv.exe
  C:\Windows\System\vrSFUXv.exe
  2⤵
  PID:4432
- C:\Windows\System\ujJcxeQ.exe
  C:\Windows\System\ujJcxeQ.exe
  2⤵
  PID:4448
- C:\Windows\System\rNhKNrh.exe
  C:\Windows\System\rNhKNrh.exe
  2⤵
  PID:4464
- C:\Windows\System\EkyWsHr.exe
  C:\Windows\System\EkyWsHr.exe
  2⤵
  PID:4480
- C:\Windows\System\lyjwDLR.exe
  C:\Windows\System\lyjwDLR.exe
  2⤵
  PID:4496
- C:\Windows\System\rxNCopY.exe
  C:\Windows\System\rxNCopY.exe
  2⤵
  PID:4512
- C:\Windows\System\uOtqHMO.exe
  C:\Windows\System\uOtqHMO.exe
  2⤵
  PID:4528
- C:\Windows\System\kWuFAIn.exe
  C:\Windows\System\kWuFAIn.exe
  2⤵
  PID:4544
- C:\Windows\System\aSqRbub.exe
  C:\Windows\System\aSqRbub.exe
  2⤵
  PID:4560
- C:\Windows\System\juCyMdG.exe
  C:\Windows\System\juCyMdG.exe
  2⤵
  PID:4576
- C:\Windows\System\oEcFbON.exe
  C:\Windows\System\oEcFbON.exe
  2⤵
  PID:4592
- C:\Windows\System\NdvGesU.exe
  C:\Windows\System\NdvGesU.exe
  2⤵
  PID:4608
- C:\Windows\System\hgyBmeR.exe
  C:\Windows\System\hgyBmeR.exe
  2⤵
  PID:4624
- C:\Windows\System\EjUoMVA.exe
  C:\Windows\System\EjUoMVA.exe
  2⤵
  PID:4640
- C:\Windows\System\rjYVPNo.exe
  C:\Windows\System\rjYVPNo.exe
  2⤵
  PID:4656
- C:\Windows\System\gOTARVV.exe
  C:\Windows\System\gOTARVV.exe
  2⤵
  PID:4672
- C:\Windows\System\pEcgwrY.exe
  C:\Windows\System\pEcgwrY.exe
  2⤵
  PID:4692
- C:\Windows\System\FEoJiQR.exe
  C:\Windows\System\FEoJiQR.exe
  2⤵
  PID:4708
- C:\Windows\System\LJVHIaY.exe
  C:\Windows\System\LJVHIaY.exe
  2⤵
  PID:4724
- C:\Windows\System\TuRaguD.exe
  C:\Windows\System\TuRaguD.exe
  2⤵
  PID:4740
- C:\Windows\System\UvjoXzg.exe
  C:\Windows\System\UvjoXzg.exe
  2⤵
  PID:4756
- C:\Windows\System\yCoduKh.exe
  C:\Windows\System\yCoduKh.exe
  2⤵
  PID:4772
- C:\Windows\System\UENeasP.exe
  C:\Windows\System\UENeasP.exe
  2⤵
  PID:4788
- C:\Windows\System\HPpTrOf.exe
  C:\Windows\System\HPpTrOf.exe
  2⤵
  PID:4804
- C:\Windows\System\xSXRrjX.exe
  C:\Windows\System\xSXRrjX.exe
  2⤵
  PID:4820
- C:\Windows\System\GIJZhiS.exe
  C:\Windows\System\GIJZhiS.exe
  2⤵
  PID:4836
- C:\Windows\System\ppICCet.exe
  C:\Windows\System\ppICCet.exe
  2⤵
  PID:4852
- C:\Windows\System\KbnXWCO.exe
  C:\Windows\System\KbnXWCO.exe
  2⤵
  PID:4868
- C:\Windows\System\FkdlIvq.exe
  C:\Windows\System\FkdlIvq.exe
  2⤵
  PID:4884
- C:\Windows\System\VoOqDLA.exe
  C:\Windows\System\VoOqDLA.exe
  2⤵
  PID:4900
- C:\Windows\System\BYpOvtf.exe
  C:\Windows\System\BYpOvtf.exe
  2⤵
  PID:4916
- C:\Windows\System\rqQWNul.exe
  C:\Windows\System\rqQWNul.exe
  2⤵
  PID:4932
- C:\Windows\System\YTRCWTh.exe
  C:\Windows\System\YTRCWTh.exe
  2⤵
  PID:4948
- C:\Windows\System\nqusJnf.exe
  C:\Windows\System\nqusJnf.exe
  2⤵
  PID:4964
- C:\Windows\System\NHNrlJn.exe
  C:\Windows\System\NHNrlJn.exe
  2⤵
  PID:4980
- C:\Windows\System\xROhggC.exe
  C:\Windows\System\xROhggC.exe
  2⤵
  PID:4996
- C:\Windows\System\LMOIpGS.exe
  C:\Windows\System\LMOIpGS.exe
  2⤵
  PID:5012
- C:\Windows\System\SXGiYcZ.exe
  C:\Windows\System\SXGiYcZ.exe
  2⤵
  PID:5028
- C:\Windows\System\GRZomem.exe
  C:\Windows\System\GRZomem.exe
  2⤵
  PID:5044
- C:\Windows\System\ARgCXYS.exe
  C:\Windows\System\ARgCXYS.exe
  2⤵
  PID:5060
- C:\Windows\System\wVoboTQ.exe
  C:\Windows\System\wVoboTQ.exe
  2⤵
  PID:5076
- C:\Windows\System\HgxRVjX.exe
  C:\Windows\System\HgxRVjX.exe
  2⤵
  PID:5092
- C:\Windows\System\ldyALLe.exe
  C:\Windows\System\ldyALLe.exe
  2⤵
  PID:5108
- C:\Windows\System\ByScwqk.exe
  C:\Windows\System\ByScwqk.exe
  2⤵
  PID:2528
- C:\Windows\System\sLqSIgQ.exe
  C:\Windows\System\sLqSIgQ.exe
  2⤵
  PID:3312
- C:\Windows\System\gzDXOdJ.exe
  C:\Windows\System\gzDXOdJ.exe
  2⤵
  PID:3996
- C:\Windows\System\YTJbVyP.exe
  C:\Windows\System\YTJbVyP.exe
  2⤵
  PID:3384
- C:\Windows\System\dmgGdmx.exe
  C:\Windows\System\dmgGdmx.exe
  2⤵
  PID:4128
- C:\Windows\System\ocjYFOd.exe
  C:\Windows\System\ocjYFOd.exe
  2⤵
  PID:4168
- C:\Windows\System\FrAAlEr.exe
  C:\Windows\System\FrAAlEr.exe
  2⤵
  PID:4232
- C:\Windows\System\sjvGTLj.exe
  C:\Windows\System\sjvGTLj.exe
  2⤵
  PID:1812
- C:\Windows\System\jJtBIYv.exe
  C:\Windows\System\jJtBIYv.exe
  2⤵
  PID:4300
- C:\Windows\System\rwabiws.exe
  C:\Windows\System\rwabiws.exe
  2⤵
  PID:1232
- C:\Windows\System\jJSEEKG.exe
  C:\Windows\System\jJSEEKG.exe
  2⤵
  PID:2296
- C:\Windows\System\MYCzOmq.exe
  C:\Windows\System\MYCzOmq.exe
  2⤵
  PID:3328
- C:\Windows\System\eJREltz.exe
  C:\Windows\System\eJREltz.exe
  2⤵
  PID:3876
- C:\Windows\System\aIKdcCz.exe
  C:\Windows\System\aIKdcCz.exe
  2⤵
  PID:3880
- C:\Windows\System\ooUFtMl.exe
  C:\Windows\System\ooUFtMl.exe
  2⤵
  PID:3240
- C:\Windows\System\rIQBYFW.exe
  C:\Windows\System\rIQBYFW.exe
  2⤵
  PID:4116
- C:\Windows\System\mVQflGL.exe
  C:\Windows\System\mVQflGL.exe
  2⤵
  PID:4180
- C:\Windows\System\muruKkn.exe
  C:\Windows\System\muruKkn.exe
  2⤵
  PID:4244
- C:\Windows\System\BVccxcu.exe
  C:\Windows\System\BVccxcu.exe
  2⤵
  PID:4312
- C:\Windows\System\ANNcbVg.exe
  C:\Windows\System\ANNcbVg.exe
  2⤵
  PID:2684
- C:\Windows\System\UkpfYMm.exe
  C:\Windows\System\UkpfYMm.exe
  2⤵
  PID:4252
- C:\Windows\System\Hkdiznm.exe
  C:\Windows\System\Hkdiznm.exe
  2⤵
  PID:3484
- C:\Windows\System\YoVhXRO.exe
  C:\Windows\System\YoVhXRO.exe
  2⤵
  PID:2856
- C:\Windows\System\LgRaSxq.exe
  C:\Windows\System\LgRaSxq.exe
  2⤵
  PID:2052
- C:\Windows\System\MuqOvgp.exe
  C:\Windows\System\MuqOvgp.exe
  2⤵
  PID:2144
- C:\Windows\System\LFeUuWO.exe
  C:\Windows\System\LFeUuWO.exe
  2⤵
  PID:4348
- C:\Windows\System\QUQsvVZ.exe
  C:\Windows\System\QUQsvVZ.exe
  2⤵
  PID:4364
- C:\Windows\System\NZrQQTc.exe
  C:\Windows\System\NZrQQTc.exe
  2⤵
  PID:4384
- C:\Windows\System\roYgBiY.exe
  C:\Windows\System\roYgBiY.exe
  2⤵
  PID:4392
- C:\Windows\System\eSQmekM.exe
  C:\Windows\System\eSQmekM.exe
  2⤵
  PID:4412
- C:\Windows\System\nEfADxX.exe
  C:\Windows\System\nEfADxX.exe
  2⤵
  PID:4488
- C:\Windows\System\JNCKOOr.exe
  C:\Windows\System\JNCKOOr.exe
  2⤵
  PID:4524
- C:\Windows\System\PDuGJAu.exe
  C:\Windows\System\PDuGJAu.exe
  2⤵
  PID:484
- C:\Windows\System\hkXMyUH.exe
  C:\Windows\System\hkXMyUH.exe
  2⤵
  PID:4444
- C:\Windows\System\rwXqjGA.exe
  C:\Windows\System\rwXqjGA.exe
  2⤵
  PID:4568
- C:\Windows\System\vjrIRBY.exe
  C:\Windows\System\vjrIRBY.exe
  2⤵
  PID:4600
- C:\Windows\System\efJGBiN.exe
  C:\Windows\System\efJGBiN.exe
  2⤵
  PID:4636
- C:\Windows\System\vHBJmzC.exe
  C:\Windows\System\vHBJmzC.exe
  2⤵
  PID:4620
- C:\Windows\System\DfyeYHf.exe
  C:\Windows\System\DfyeYHf.exe
  2⤵
  PID:4680
- C:\Windows\System\CHzRhmU.exe
  C:\Windows\System\CHzRhmU.exe
  2⤵
  PID:4720
- C:\Windows\System\JJvFbrj.exe
  C:\Windows\System\JJvFbrj.exe
  2⤵
  PID:2000
- C:\Windows\System\pywFBIg.exe
  C:\Windows\System\pywFBIg.exe
  2⤵
  PID:4816
- C:\Windows\System\kzYrMuU.exe
  C:\Windows\System\kzYrMuU.exe
  2⤵
  PID:2060
- C:\Windows\System\gqzeOlO.exe
  C:\Windows\System\gqzeOlO.exe
  2⤵
  PID:864
- C:\Windows\System\iNChRjE.exe
  C:\Windows\System\iNChRjE.exe
  2⤵
  PID:4664
- C:\Windows\System\NJlDzqw.exe
  C:\Windows\System\NJlDzqw.exe
  2⤵
  PID:4668
- C:\Windows\System\UTzvfYF.exe
  C:\Windows\System\UTzvfYF.exe
  2⤵
  PID:4736
- C:\Windows\System\DAnPPPk.exe
  C:\Windows\System\DAnPPPk.exe
  2⤵
  PID:4944
- C:\Windows\System\gmFnYbA.exe
  C:\Windows\System\gmFnYbA.exe
  2⤵
  PID:4924
- C:\Windows\System\RZeCpMg.exe
  C:\Windows\System\RZeCpMg.exe
  2⤵
  PID:5008
- C:\Windows\System\eKmEXUE.exe
  C:\Windows\System\eKmEXUE.exe
  2⤵
  PID:5068
- C:\Windows\System\uXbeXSX.exe
  C:\Windows\System\uXbeXSX.exe
  2⤵
  PID:5056
- C:\Windows\System\SFSIuHR.exe
  C:\Windows\System\SFSIuHR.exe
  2⤵
  PID:5084
- C:\Windows\System\YqGFeKg.exe
  C:\Windows\System\YqGFeKg.exe
  2⤵
  PID:3392
- C:\Windows\System\SQhyBke.exe
  C:\Windows\System\SQhyBke.exe
  2⤵
  PID:628
- C:\Windows\System\luIIIRf.exe
  C:\Windows\System\luIIIRf.exe
  2⤵
  PID:5024
- C:\Windows\System\AeIhcGi.exe
  C:\Windows\System\AeIhcGi.exe
  2⤵
  PID:2504
- C:\Windows\System\lYzEpqH.exe
  C:\Windows\System\lYzEpqH.exe
  2⤵
  PID:4228
- C:\Windows\System\wIAWirf.exe
  C:\Windows\System\wIAWirf.exe
  2⤵
  PID:1808
- C:\Windows\System\uxvfGDw.exe
  C:\Windows\System\uxvfGDw.exe
  2⤵
  PID:3984
- C:\Windows\System\mZekHdt.exe
  C:\Windows\System\mZekHdt.exe
  2⤵
  PID:2704
- C:\Windows\System\bRPUbZT.exe
  C:\Windows\System\bRPUbZT.exe
  2⤵
  PID:4212
- C:\Windows\System\xpPEczv.exe
  C:\Windows\System\xpPEczv.exe
  2⤵
  PID:2632
- C:\Windows\System\MhpYYnB.exe
  C:\Windows\System\MhpYYnB.exe
  2⤵
  PID:2696
- C:\Windows\System\koYWshL.exe
  C:\Windows\System\koYWshL.exe
  2⤵
  PID:2076
- C:\Windows\System\FVHkXmk.exe
  C:\Windows\System\FVHkXmk.exe
  2⤵
  PID:2716
- C:\Windows\System\AQwyinM.exe
  C:\Windows\System\AQwyinM.exe
  2⤵
  PID:2676
- C:\Windows\System\fGNjYeO.exe
  C:\Windows\System\fGNjYeO.exe
  2⤵
  PID:2600
- C:\Windows\System\bkMdWEd.exe
  C:\Windows\System\bkMdWEd.exe
  2⤵
  PID:1316
- C:\Windows\System\QBTzhBr.exe
  C:\Windows\System\QBTzhBr.exe
  2⤵
  PID:4388
- C:\Windows\System\snGyZWV.exe
  C:\Windows\System\snGyZWV.exe
  2⤵
  PID:4428
- C:\Windows\System\nCEYdyq.exe
  C:\Windows\System\nCEYdyq.exe
  2⤵
  PID:4456
- C:\Windows\System\vjskqeC.exe
  C:\Windows\System\vjskqeC.exe
  2⤵
  PID:4408
- C:\Windows\System\kIlZxSv.exe
  C:\Windows\System\kIlZxSv.exe
  2⤵
  PID:4472
- C:\Windows\System\HNKhZlO.exe
  C:\Windows\System\HNKhZlO.exe
  2⤵
  PID:4652
- C:\Windows\System\FgIFLJt.exe
  C:\Windows\System\FgIFLJt.exe
  2⤵
  PID:2956
- C:\Windows\System\XijFhBO.exe
  C:\Windows\System\XijFhBO.exe
  2⤵
  PID:4716
- C:\Windows\System\iGdDENm.exe
  C:\Windows\System\iGdDENm.exe
  2⤵
  PID:4784
- C:\Windows\System\RSDyvjW.exe
  C:\Windows\System\RSDyvjW.exe
  2⤵
  PID:4340
- C:\Windows\System\oynRrFb.exe
  C:\Windows\System\oynRrFb.exe
  2⤵
  PID:4704
- C:\Windows\System\NJRZNlN.exe
  C:\Windows\System\NJRZNlN.exe
  2⤵
  PID:4768
- C:\Windows\System\UFgSBpG.exe
  C:\Windows\System\UFgSBpG.exe
  2⤵
  PID:2248
- C:\Windows\System\uESnmKK.exe
  C:\Windows\System\uESnmKK.exe
  2⤵
  PID:4896
- C:\Windows\System\XPppfuO.exe
  C:\Windows\System\XPppfuO.exe
  2⤵
  PID:5036
- C:\Windows\System\XrVCfSG.exe
  C:\Windows\System\XrVCfSG.exe
  2⤵
  PID:5104
- C:\Windows\System\gQhTxMd.exe
  C:\Windows\System\gQhTxMd.exe
  2⤵
  PID:1932
- C:\Windows\System\FYIxYUp.exe
  C:\Windows\System\FYIxYUp.exe
  2⤵
  PID:2988
- C:\Windows\System\KJRsRDt.exe
  C:\Windows\System\KJRsRDt.exe
  2⤵
  PID:2304
- C:\Windows\System\BDlyOjb.exe
  C:\Windows\System\BDlyOjb.exe
  2⤵
  PID:5088
- C:\Windows\System\uaFiqDl.exe
  C:\Windows\System\uaFiqDl.exe
  2⤵
  PID:2020
- C:\Windows\System\UzTDATo.exe
  C:\Windows\System\UzTDATo.exe
  2⤵
  PID:2588
- C:\Windows\System\pHgpCzi.exe
  C:\Windows\System\pHgpCzi.exe
  2⤵
  PID:1288
- C:\Windows\System\fCmhEXM.exe
  C:\Windows\System\fCmhEXM.exe
  2⤵
  PID:2792
- C:\Windows\System\QRFThql.exe
  C:\Windows\System\QRFThql.exe
  2⤵
  PID:3052
- C:\Windows\System\QVmTBlt.exe
  C:\Windows\System\QVmTBlt.exe
  2⤵
  PID:1712
- C:\Windows\System\BItdqRv.exe
  C:\Windows\System\BItdqRv.exe
  2⤵
  PID:4344
- C:\Windows\System\DfUuDNS.exe
  C:\Windows\System\DfUuDNS.exe
  2⤵
  PID:4520
- C:\Windows\System\BmFlkCg.exe
  C:\Windows\System\BmFlkCg.exe
  2⤵
  PID:1268
- C:\Windows\System\jPbHTeu.exe
  C:\Windows\System\jPbHTeu.exe
  2⤵
  PID:2880
- C:\Windows\System\RZkogpx.exe
  C:\Windows\System\RZkogpx.exe
  2⤵
  PID:1320
- C:\Windows\System\UuvKDaM.exe
  C:\Windows\System\UuvKDaM.exe
  2⤵
  PID:4976
- C:\Windows\System\cJImtgo.exe
  C:\Windows\System\cJImtgo.exe
  2⤵
  PID:1648
- C:\Windows\System\PRkCBDR.exe
  C:\Windows\System\PRkCBDR.exe
  2⤵
  PID:2264
- C:\Windows\System\NPukHma.exe
  C:\Windows\System\NPukHma.exe
  2⤵
  PID:4136
- C:\Windows\System\NXsPpJT.exe
  C:\Windows\System\NXsPpJT.exe
  2⤵
  PID:4132
- C:\Windows\System\buRAxQO.exe
  C:\Windows\System\buRAxQO.exe
  2⤵
  PID:1604
- C:\Windows\System\bBMGHBp.exe
  C:\Windows\System\bBMGHBp.exe
  2⤵
  PID:2036
- C:\Windows\System\aMpFVjd.exe
  C:\Windows\System\aMpFVjd.exe
  2⤵
  PID:2592
- C:\Windows\System\BsntsTI.exe
  C:\Windows\System\BsntsTI.exe
  2⤵
  PID:432
- C:\Windows\System\vfGdbeG.exe
  C:\Windows\System\vfGdbeG.exe
  2⤵
  PID:4504
- C:\Windows\System\rxgMRYp.exe
  C:\Windows\System\rxgMRYp.exe
  2⤵
  PID:2640
- C:\Windows\System\aZLjFbO.exe
  C:\Windows\System\aZLjFbO.exe
  2⤵
  PID:4796
- C:\Windows\System\DYZrbQa.exe
  C:\Windows\System\DYZrbQa.exe
  2⤵
  PID:4376
- C:\Windows\System\smzanNZ.exe
  C:\Windows\System\smzanNZ.exe
  2⤵
  PID:2572
- C:\Windows\System\WqmYtfQ.exe
  C:\Windows\System\WqmYtfQ.exe
  2⤵
  PID:4800
- C:\Windows\System\oEcXerU.exe
  C:\Windows\System\oEcXerU.exe
  2⤵
  PID:4424
- C:\Windows\System\hcRUFjU.exe
  C:\Windows\System\hcRUFjU.exe
  2⤵
  PID:4860
- C:\Windows\System\WEmYyBz.exe
  C:\Windows\System\WEmYyBz.exe
  2⤵
  PID:4988
- C:\Windows\System\DOHpxOx.exe
  C:\Windows\System\DOHpxOx.exe
  2⤵
  PID:4604
- C:\Windows\System\EHyvIxm.exe
  C:\Windows\System\EHyvIxm.exe
  2⤵
  PID:2080
- C:\Windows\System\QTQIfuC.exe
  C:\Windows\System\QTQIfuC.exe
  2⤵
  PID:4572
- C:\Windows\System\QGpbSOy.exe
  C:\Windows\System\QGpbSOy.exe
  2⤵
  PID:4024
- C:\Windows\System\qisptxc.exe
  C:\Windows\System\qisptxc.exe
  2⤵
  PID:5172
- C:\Windows\System\DdnGRie.exe
  C:\Windows\System\DdnGRie.exe
  2⤵
  PID:5208
- C:\Windows\System\THlMYyG.exe
  C:\Windows\System\THlMYyG.exe
  2⤵
  PID:5236
- C:\Windows\System\vvyBaMq.exe
  C:\Windows\System\vvyBaMq.exe
  2⤵
  PID:5264
- C:\Windows\System\JynmnzX.exe
  C:\Windows\System\JynmnzX.exe
  2⤵
  PID:5288
- C:\Windows\System\aCUffKH.exe
  C:\Windows\System\aCUffKH.exe
  2⤵
  PID:5308
- C:\Windows\System\puJgFYy.exe
  C:\Windows\System\puJgFYy.exe
  2⤵
  PID:5324
- C:\Windows\System\jBiksDS.exe
  C:\Windows\System\jBiksDS.exe
  2⤵
  PID:5344
- C:\Windows\System\nfTcfZO.exe
  C:\Windows\System\nfTcfZO.exe
  2⤵
  PID:5416
- C:\Windows\System\YAMXyON.exe
  C:\Windows\System\YAMXyON.exe
  2⤵
  PID:5432
- C:\Windows\System\lsSekez.exe
  C:\Windows\System\lsSekez.exe
  2⤵
  PID:5448
- C:\Windows\System\FUKqBQN.exe
  C:\Windows\System\FUKqBQN.exe
  2⤵
  PID:5464
- C:\Windows\System\sHzNEcX.exe
  C:\Windows\System\sHzNEcX.exe
  2⤵
  PID:5480
- C:\Windows\System\JyVBkng.exe
  C:\Windows\System\JyVBkng.exe
  2⤵
  PID:5496
- C:\Windows\System\iBCDAcA.exe
  C:\Windows\System\iBCDAcA.exe
  2⤵
  PID:5512
- C:\Windows\System\tgZNWIl.exe
  C:\Windows\System\tgZNWIl.exe
  2⤵
  PID:5528
- C:\Windows\System\ruqUeck.exe
  C:\Windows\System\ruqUeck.exe
  2⤵
  PID:5544
- C:\Windows\System\QTtCYGp.exe
  C:\Windows\System\QTtCYGp.exe
  2⤵
  PID:5560
- C:\Windows\System\szsQzwX.exe
  C:\Windows\System\szsQzwX.exe
  2⤵
  PID:5576
- C:\Windows\System\KzvtwtO.exe
  C:\Windows\System\KzvtwtO.exe
  2⤵
  PID:5596
- C:\Windows\System\vPqMBnN.exe
  C:\Windows\System\vPqMBnN.exe
  2⤵
  PID:5612
- C:\Windows\System\sNvIVNm.exe
  C:\Windows\System\sNvIVNm.exe
  2⤵
  PID:5628
- C:\Windows\System\hxMrZVj.exe
  C:\Windows\System\hxMrZVj.exe
  2⤵
  PID:5644
- C:\Windows\System\ZVuxjVc.exe
  C:\Windows\System\ZVuxjVc.exe
  2⤵
  PID:5664
- C:\Windows\System\KUdwEHF.exe
  C:\Windows\System\KUdwEHF.exe
  2⤵
  PID:5680
- C:\Windows\System\cUjtOIZ.exe
  C:\Windows\System\cUjtOIZ.exe
  2⤵
  PID:5696
- C:\Windows\System\uAGuOsp.exe
  C:\Windows\System\uAGuOsp.exe
  2⤵
  PID:5712
- C:\Windows\System\DMhUTSc.exe
  C:\Windows\System\DMhUTSc.exe
  2⤵
  PID:5728
- C:\Windows\System\qfNZmdt.exe
  C:\Windows\System\qfNZmdt.exe
  2⤵
  PID:5744
- C:\Windows\System\OialyNf.exe
  C:\Windows\System\OialyNf.exe
  2⤵
  PID:5764
- C:\Windows\System\QXLBpTG.exe
  C:\Windows\System\QXLBpTG.exe
  2⤵
  PID:5780
- C:\Windows\System\zMRRIxw.exe
  C:\Windows\System\zMRRIxw.exe
  2⤵
  PID:5796
- C:\Windows\System\EMvcSEW.exe
  C:\Windows\System\EMvcSEW.exe
  2⤵
  PID:5812
- C:\Windows\System\AzDDHAs.exe
  C:\Windows\System\AzDDHAs.exe
  2⤵
  PID:5828
- C:\Windows\System\BOdtwiv.exe
  C:\Windows\System\BOdtwiv.exe
  2⤵
  PID:5304
- C:\Windows\System\PbBoHyD.exe
  C:\Windows\System\PbBoHyD.exe
  2⤵
  PID:5380
- C:\Windows\System\PVsCQmM.exe
  C:\Windows\System\PVsCQmM.exe
  2⤵
  PID:5376
- C:\Windows\System\xLIOQYW.exe
  C:\Windows\System\xLIOQYW.exe
  2⤵
  PID:5444
- C:\Windows\System\VaIKFrR.exe
  C:\Windows\System\VaIKFrR.exe
  2⤵
  PID:5508
- C:\Windows\System\kkcMYLr.exe
  C:\Windows\System\kkcMYLr.exe
  2⤵
  PID:5460
- C:\Windows\System\qKrqpJr.exe
  C:\Windows\System\qKrqpJr.exe
  2⤵
  PID:5640
- C:\Windows\System\oTMYeem.exe
  C:\Windows\System\oTMYeem.exe
  2⤵
  PID:5592
- C:\Windows\System\qCHpqZl.exe
  C:\Windows\System\qCHpqZl.exe
  2⤵
  PID:5736
- C:\Windows\System\WSPPiuj.exe
  C:\Windows\System\WSPPiuj.exe
  2⤵
  PID:5620
- C:\Windows\System\wGkCSxv.exe
  C:\Windows\System\wGkCSxv.exe
  2⤵
  PID:5688
- C:\Windows\System\XoJiAlj.exe
  C:\Windows\System\XoJiAlj.exe
  2⤵
  PID:5788
- C:\Windows\System\WIXKzEl.exe
  C:\Windows\System\WIXKzEl.exe
  2⤵
  PID:5820
- C:\Windows\System\vzfxzPj.exe
  C:\Windows\System\vzfxzPj.exe
  2⤵
  PID:5848
- C:\Windows\System\sUBsgHg.exe
  C:\Windows\System\sUBsgHg.exe
  2⤵
  PID:5884
- C:\Windows\System\qUVxwSZ.exe
  C:\Windows\System\qUVxwSZ.exe
  2⤵
  PID:5900
- C:\Windows\System\QEuLMJy.exe
  C:\Windows\System\QEuLMJy.exe
  2⤵
  PID:5916
- C:\Windows\System\nzlPDjE.exe
  C:\Windows\System\nzlPDjE.exe
  2⤵
  PID:5932
- C:\Windows\System\lagqach.exe
  C:\Windows\System\lagqach.exe
  2⤵
  PID:5960
- C:\Windows\System\QTUppKn.exe
  C:\Windows\System\QTUppKn.exe
  2⤵
  PID:5976
- C:\Windows\System\wNYUtON.exe
  C:\Windows\System\wNYUtON.exe
  2⤵
  PID:6000
- C:\Windows\System\btZYjAw.exe
  C:\Windows\System\btZYjAw.exe
  2⤵
  PID:5996
- C:\Windows\System\KuvzIyJ.exe
  C:\Windows\System\KuvzIyJ.exe
  2⤵
  PID:6032
- C:\Windows\System\PNIclaa.exe
  C:\Windows\System\PNIclaa.exe
  2⤵
  PID:6048
- C:\Windows\System\cxFKKei.exe
  C:\Windows\System\cxFKKei.exe
  2⤵
  PID:6076
- C:\Windows\System\yxRjuBk.exe
  C:\Windows\System\yxRjuBk.exe
  2⤵
  PID:6092
- C:\Windows\System\WOUXsOR.exe
  C:\Windows\System\WOUXsOR.exe
  2⤵
  PID:6116
- C:\Windows\System\TVqkpDU.exe
  C:\Windows\System\TVqkpDU.exe
  2⤵
  PID:6136
- C:\Windows\System\pvngaCQ.exe
  C:\Windows\System\pvngaCQ.exe
  2⤵
  PID:4864
- C:\Windows\System\JYLkZkX.exe
  C:\Windows\System\JYLkZkX.exe
  2⤵
  PID:5152
- C:\Windows\System\ceoNKij.exe
  C:\Windows\System\ceoNKij.exe
  2⤵
  PID:5160
- C:\Windows\System\GPVCzJV.exe
  C:\Windows\System\GPVCzJV.exe
  2⤵
  PID:4632
- C:\Windows\System\DxIDfNK.exe
  C:\Windows\System\DxIDfNK.exe
  2⤵
  PID:5228
- C:\Windows\System\ZNauJxP.exe
  C:\Windows\System\ZNauJxP.exe
  2⤵
  PID:5276
- C:\Windows\System\XSjtZRn.exe
  C:\Windows\System\XSjtZRn.exe
  2⤵
  PID:5244
- C:\Windows\System\QcTrYzL.exe
  C:\Windows\System\QcTrYzL.exe
  2⤵
  PID:5260
- C:\Windows\System\XzwqVJn.exe
  C:\Windows\System\XzwqVJn.exe
  2⤵
  PID:6064
- C:\Windows\System\IKJGjkT.exe
  C:\Windows\System\IKJGjkT.exe
  2⤵
  PID:5392
- C:\Windows\System\SbdIFGG.exe
  C:\Windows\System\SbdIFGG.exe
  2⤵
  PID:5340
- C:\Windows\System\OCBfcgo.exe
  C:\Windows\System\OCBfcgo.exe
  2⤵
  PID:5492
- C:\Windows\System\OATCcCn.exe
  C:\Windows\System\OATCcCn.exe
  2⤵
  PID:5540
- C:\Windows\System\EHvdltR.exe
  C:\Windows\System\EHvdltR.exe
  2⤵
  PID:5524
- C:\Windows\System\OdKXDAO.exe
  C:\Windows\System\OdKXDAO.exe
  2⤵
  PID:5704
- C:\Windows\System\PvmYljw.exe
  C:\Windows\System\PvmYljw.exe
  2⤵
  PID:5636
- C:\Windows\System\aqimOMM.exe
  C:\Windows\System\aqimOMM.exe
  2⤵
  PID:5724
- C:\Windows\System\aexoAAt.exe
  C:\Windows\System\aexoAAt.exe
  2⤵
  PID:5896
- C:\Windows\System\DXbdqmF.exe
  C:\Windows\System\DXbdqmF.exe
  2⤵
  PID:5940
- C:\Windows\System\UZwEhQR.exe
  C:\Windows\System\UZwEhQR.exe
  2⤵
  PID:5584
- C:\Windows\System\xKrNXKu.exe
  C:\Windows\System\xKrNXKu.exe
  2⤵
  PID:6008
- C:\Windows\System\FHUbrvj.exe
  C:\Windows\System\FHUbrvj.exe
  2⤵
  PID:6124
- C:\Windows\System\rEeyKkL.exe
  C:\Windows\System\rEeyKkL.exe
  2⤵
  PID:6020
- C:\Windows\System\wBwZYDg.exe
  C:\Windows\System\wBwZYDg.exe
  2⤵
  PID:6128
- C:\Windows\System\DgPNlaX.exe
  C:\Windows\System\DgPNlaX.exe
  2⤵
  PID:5168
- C:\Windows\System\makuZUQ.exe
  C:\Windows\System\makuZUQ.exe
  2⤵
  PID:5156
- C:\Windows\System\GtEsUIS.exe
  C:\Windows\System\GtEsUIS.exe
  2⤵
  PID:5132
- C:\Windows\System\GkcSNDJ.exe
  C:\Windows\System\GkcSNDJ.exe
  2⤵
  PID:5224
- C:\Windows\System\olctQgq.exe
  C:\Windows\System\olctQgq.exe
  2⤵
  PID:5200
- C:\Windows\System\bGbNUFV.exe
  C:\Windows\System\bGbNUFV.exe
  2⤵
  PID:5256
- C:\Windows\System\OlVuiIl.exe
  C:\Windows\System\OlVuiIl.exe
  2⤵
  PID:5948
- C:\Windows\System\FlsfhNk.exe
  C:\Windows\System\FlsfhNk.exe
  2⤵
  PID:6100
- C:\Windows\System\wXTdIMS.exe
  C:\Windows\System\wXTdIMS.exe
  2⤵
  PID:2788
- C:\Windows\System\djGPUdF.exe
  C:\Windows\System\djGPUdF.exe
  2⤵
  PID:5128
- C:\Windows\System\DuXAqlf.exe
  C:\Windows\System\DuXAqlf.exe
  2⤵
  PID:5360
- C:\Windows\System\PnVkXGn.exe
  C:\Windows\System\PnVkXGn.exe
  2⤵
  PID:5520
- C:\Windows\System\EHVCWKE.exe
  C:\Windows\System\EHVCWKE.exe
  2⤵
  PID:5140
- C:\Windows\System\fsThCLm.exe
  C:\Windows\System\fsThCLm.exe
  2⤵
  PID:5300
- C:\Windows\System\LAQYalD.exe
  C:\Windows\System\LAQYalD.exe
  2⤵
  PID:6068
- C:\Windows\System\pvkpHtv.exe
  C:\Windows\System\pvkpHtv.exe
  2⤵
  PID:5808
- C:\Windows\System\Ytrizme.exe
  C:\Windows\System\Ytrizme.exe
  2⤵
  PID:5988
- C:\Windows\System\qfsOhuR.exe
  C:\Windows\System\qfsOhuR.exe
  2⤵
  PID:5756
- C:\Windows\System\ZOpXoXD.exe
  C:\Windows\System\ZOpXoXD.exe
  2⤵
  PID:5868
- C:\Windows\System\NIHIXZo.exe
  C:\Windows\System\NIHIXZo.exe
  2⤵
  PID:5844
- C:\Windows\System\LqjRLzV.exe
  C:\Windows\System\LqjRLzV.exe
  2⤵
  PID:5908
- C:\Windows\System\qXrgYBf.exe
  C:\Windows\System\qXrgYBf.exe
  2⤵
  PID:5760
- C:\Windows\System\XRqjLfD.exe
  C:\Windows\System\XRqjLfD.exe
  2⤵
  PID:5280
- C:\Windows\System\FhxKdTu.exe
  C:\Windows\System\FhxKdTu.exe
  2⤵
  PID:5284
- C:\Windows\System\ttVFgQe.exe
  C:\Windows\System\ttVFgQe.exe
  2⤵
  PID:5252
- C:\Windows\System\EVipCEj.exe
  C:\Windows\System\EVipCEj.exe
  2⤵
  PID:5404
- C:\Windows\System\CQioqVn.exe
  C:\Windows\System\CQioqVn.exe
  2⤵
  PID:4752
- C:\Windows\System\LAfcyOV.exe
  C:\Windows\System\LAfcyOV.exe
  2⤵
  PID:5204
- C:\Windows\System\HdIXCPP.exe
  C:\Windows\System\HdIXCPP.exe
  2⤵
  PID:5776
- C:\Windows\System\wfnBOtv.exe
  C:\Windows\System\wfnBOtv.exe
  2⤵
  PID:5952
- C:\Windows\System\riCwfKm.exe
  C:\Windows\System\riCwfKm.exe
  2⤵
  PID:5232
- C:\Windows\System\VZVsTQC.exe
  C:\Windows\System\VZVsTQC.exe
  2⤵
  PID:5956
- C:\Windows\System\DdxECKx.exe
  C:\Windows\System\DdxECKx.exe
  2⤵
  PID:5972
- C:\Windows\System\ikjMdnW.exe
  C:\Windows\System\ikjMdnW.exe
  2⤵
  PID:5400
- C:\Windows\System\icEHlsC.exe
  C:\Windows\System\icEHlsC.exe
  2⤵
  PID:5180
- C:\Windows\System\dteFMtw.exe
  C:\Windows\System\dteFMtw.exe
  2⤵
  PID:5320
- C:\Windows\System\yEJekoT.exe
  C:\Windows\System\yEJekoT.exe
  2⤵
  PID:6028
- C:\Windows\System\HNmDtLg.exe
  C:\Windows\System\HNmDtLg.exe
  2⤵
  PID:5984
- C:\Windows\System\KSLuCat.exe
  C:\Windows\System\KSLuCat.exe
  2⤵
  PID:5676
- C:\Windows\System\ONmcdZw.exe
  C:\Windows\System\ONmcdZw.exe
  2⤵
  PID:5248
- C:\Windows\System\cSIMsIm.exe
  C:\Windows\System\cSIMsIm.exe
  2⤵
  PID:5872
- C:\Windows\System\XAeDaic.exe
  C:\Windows\System\XAeDaic.exe
  2⤵
  PID:6152
- C:\Windows\System\xqcwVCx.exe
  C:\Windows\System\xqcwVCx.exe
  2⤵
  PID:6172
- C:\Windows\System\zUruSao.exe
  C:\Windows\System\zUruSao.exe
  2⤵
  PID:6188
- C:\Windows\System\EwcHMcF.exe
  C:\Windows\System\EwcHMcF.exe
  2⤵
  PID:6204
- C:\Windows\System\BhSvnOk.exe
  C:\Windows\System\BhSvnOk.exe
  2⤵
  PID:6220
- C:\Windows\System\acJkzQF.exe
  C:\Windows\System\acJkzQF.exe
  2⤵
  PID:6240
- C:\Windows\System\dXcBOgu.exe
  C:\Windows\System\dXcBOgu.exe
  2⤵
  PID:6256
- C:\Windows\System\QsKtInf.exe
  C:\Windows\System\QsKtInf.exe
  2⤵
  PID:6272
- C:\Windows\System\IEIrLru.exe
  C:\Windows\System\IEIrLru.exe
  2⤵
  PID:6288
- C:\Windows\System\ZwlCSZV.exe
  C:\Windows\System\ZwlCSZV.exe
  2⤵
  PID:6304
- C:\Windows\System\pSxLlLB.exe
  C:\Windows\System\pSxLlLB.exe
  2⤵
  PID:6320
- C:\Windows\System\fllHSue.exe
  C:\Windows\System\fllHSue.exe
  2⤵
  PID:6336
- C:\Windows\System\UFrBcDF.exe
  C:\Windows\System\UFrBcDF.exe
  2⤵
  PID:6352
- C:\Windows\System\qvoOWJi.exe
  C:\Windows\System\qvoOWJi.exe
  2⤵
  PID:6368
- C:\Windows\System\xakdwPn.exe
  C:\Windows\System\xakdwPn.exe
  2⤵
  PID:6384
- C:\Windows\System\PJKZfxI.exe
  C:\Windows\System\PJKZfxI.exe
  2⤵
  PID:6400
- C:\Windows\System\udKQQUg.exe
  C:\Windows\System\udKQQUg.exe
  2⤵
  PID:6416
- C:\Windows\System\OalYvTR.exe
  C:\Windows\System\OalYvTR.exe
  2⤵
  PID:6432
- C:\Windows\System\mCaKVnZ.exe
  C:\Windows\System\mCaKVnZ.exe
  2⤵
  PID:6452
- C:\Windows\System\pmawUgg.exe
  C:\Windows\System\pmawUgg.exe
  2⤵
  PID:6468
- C:\Windows\System\BDrBWCI.exe
  C:\Windows\System\BDrBWCI.exe
  2⤵
  PID:6484
- C:\Windows\System\hcmAavX.exe
  C:\Windows\System\hcmAavX.exe
  2⤵
  PID:6504
- C:\Windows\System\brqMcxs.exe
  C:\Windows\System\brqMcxs.exe
  2⤵
  PID:6520
- C:\Windows\System\LCvUpUH.exe
  C:\Windows\System\LCvUpUH.exe
  2⤵
  PID:6536
- C:\Windows\System\OUnRmSD.exe
  C:\Windows\System\OUnRmSD.exe
  2⤵
  PID:6552
- C:\Windows\System\hjvhSoh.exe
  C:\Windows\System\hjvhSoh.exe
  2⤵
  PID:6572
- C:\Windows\System\SnbnDEC.exe
  C:\Windows\System\SnbnDEC.exe
  2⤵
  PID:6588
- C:\Windows\System\KcvXXod.exe
  C:\Windows\System\KcvXXod.exe
  2⤵
  PID:6604
- C:\Windows\System\tYIfhJG.exe
  C:\Windows\System\tYIfhJG.exe
  2⤵
  PID:6620
- C:\Windows\System\DWgvzTu.exe
  C:\Windows\System\DWgvzTu.exe
  2⤵
  PID:6636
- C:\Windows\System\nxOzdAc.exe
  C:\Windows\System\nxOzdAc.exe
  2⤵
  PID:6652
- C:\Windows\System\ipCxGKC.exe
  C:\Windows\System\ipCxGKC.exe
  2⤵
  PID:6668
- C:\Windows\System\CLjvSoQ.exe
  C:\Windows\System\CLjvSoQ.exe
  2⤵
  PID:6684
- C:\Windows\System\uColklS.exe
  C:\Windows\System\uColklS.exe
  2⤵
  PID:6700
- C:\Windows\System\NuyKfFb.exe
  C:\Windows\System\NuyKfFb.exe
  2⤵
  PID:6716
- C:\Windows\System\eZJeNcs.exe
  C:\Windows\System\eZJeNcs.exe
  2⤵
  PID:6732
- C:\Windows\System\ysIqrRZ.exe
  C:\Windows\System\ysIqrRZ.exe
  2⤵
  PID:6760
- C:\Windows\System\ljEXfUm.exe
  C:\Windows\System\ljEXfUm.exe
  2⤵
  PID:6776
- C:\Windows\System\glVvMFT.exe
  C:\Windows\System\glVvMFT.exe
  2⤵
  PID:6792
- C:\Windows\System\trMuIvX.exe
  C:\Windows\System\trMuIvX.exe
  2⤵
  PID:6808
- C:\Windows\System\RUQJYlu.exe
  C:\Windows\System\RUQJYlu.exe
  2⤵
  PID:6824
- C:\Windows\System\XoOCZcN.exe
  C:\Windows\System\XoOCZcN.exe
  2⤵
  PID:6840
- C:\Windows\System\DMQoZQL.exe
  C:\Windows\System\DMQoZQL.exe
  2⤵
  PID:6856
- C:\Windows\System\skrwVcP.exe
  C:\Windows\System\skrwVcP.exe
  2⤵
  PID:6876
- C:\Windows\System\fSXiRqD.exe
  C:\Windows\System\fSXiRqD.exe
  2⤵
  PID:6896
- C:\Windows\System\HhkgPjz.exe
  C:\Windows\System\HhkgPjz.exe
  2⤵
  PID:6912
- C:\Windows\System\XoBUxgR.exe
  C:\Windows\System\XoBUxgR.exe
  2⤵
  PID:6928
- C:\Windows\System\BkxFtCZ.exe
  C:\Windows\System\BkxFtCZ.exe
  2⤵
  PID:6944
- C:\Windows\System\MFBWXCB.exe
  C:\Windows\System\MFBWXCB.exe
  2⤵
  PID:6960
- C:\Windows\System\viwneFo.exe
  C:\Windows\System\viwneFo.exe
  2⤵
  PID:6976
- C:\Windows\System\OjNcIwG.exe
  C:\Windows\System\OjNcIwG.exe
  2⤵
  PID:6996
- C:\Windows\System\ZXINuEC.exe
  C:\Windows\System\ZXINuEC.exe
  2⤵
  PID:7020
- C:\Windows\System\bezzxZq.exe
  C:\Windows\System\bezzxZq.exe
  2⤵
  PID:7036
- C:\Windows\System\AhHaQpA.exe
  C:\Windows\System\AhHaQpA.exe
  2⤵
  PID:7052
- C:\Windows\System\ilvSDZv.exe
  C:\Windows\System\ilvSDZv.exe
  2⤵
  PID:7068
- C:\Windows\System\fhxYInh.exe
  C:\Windows\System\fhxYInh.exe
  2⤵
  PID:7108
- C:\Windows\System\wdjycsK.exe
  C:\Windows\System\wdjycsK.exe
  2⤵
  PID:7124
- C:\Windows\System\tjOmLax.exe
  C:\Windows\System\tjOmLax.exe
  2⤵
  PID:7140
- C:\Windows\System\DgDiGqT.exe
  C:\Windows\System\DgDiGqT.exe
  2⤵
  PID:7164
- C:\Windows\System\cTSoAJa.exe
  C:\Windows\System\cTSoAJa.exe
  2⤵
  PID:2008
- C:\Windows\System\WUyKMiG.exe
  C:\Windows\System\WUyKMiG.exe
  2⤵
  PID:5388
- C:\Windows\System\wBRBQwC.exe
  C:\Windows\System\wBRBQwC.exe
  2⤵
  PID:6180
- C:\Windows\System\UBuRFyT.exe
  C:\Windows\System\UBuRFyT.exe
  2⤵
  PID:6160
- C:\Windows\System\VgYNyCs.exe
  C:\Windows\System\VgYNyCs.exe
  2⤵
  PID:6264
- C:\Windows\System\PYVwEPT.exe
  C:\Windows\System\PYVwEPT.exe
  2⤵
  PID:6296
- C:\Windows\System\WwSNOpW.exe
  C:\Windows\System\WwSNOpW.exe
  2⤵
  PID:6284
- C:\Windows\System\JlqCMkY.exe
  C:\Windows\System\JlqCMkY.exe
  2⤵
  PID:6328
- C:\Windows\System\QppeeGq.exe
  C:\Windows\System\QppeeGq.exe
  2⤵
  PID:6364
- C:\Windows\System\uhMJshK.exe
  C:\Windows\System\uhMJshK.exe
  2⤵
  PID:6344
- C:\Windows\System\TeVTcZP.exe
  C:\Windows\System\TeVTcZP.exe
  2⤵
  PID:6376
- C:\Windows\System\yDpaaUT.exe
  C:\Windows\System\yDpaaUT.exe
  2⤵
  PID:6444
- C:\Windows\System\xrLHvCF.exe
  C:\Windows\System\xrLHvCF.exe
  2⤵
  PID:6496
- C:\Windows\System\sfZBgKA.exe
  C:\Windows\System\sfZBgKA.exe
  2⤵
  PID:6560
- C:\Windows\System\PGBHPgL.exe
  C:\Windows\System\PGBHPgL.exe
  2⤵
  PID:6628
- C:\Windows\System\visLmXW.exe
  C:\Windows\System\visLmXW.exe
  2⤵
  PID:6692
- C:\Windows\System\gcgHBBE.exe
  C:\Windows\System\gcgHBBE.exe
  2⤵
  PID:6580
- C:\Windows\System\GiOMHuB.exe
  C:\Windows\System\GiOMHuB.exe
  2⤵
  PID:6644
- C:\Windows\System\XjBxcbe.exe
  C:\Windows\System\XjBxcbe.exe
  2⤵
  PID:6708
- C:\Windows\System\aJLckik.exe
  C:\Windows\System\aJLckik.exe
  2⤵
  PID:6748
- C:\Windows\System\WgHEAvF.exe
  C:\Windows\System\WgHEAvF.exe
  2⤵
  PID:6804
- C:\Windows\System\mdcvqmW.exe
  C:\Windows\System\mdcvqmW.exe
  2⤵
  PID:6820
- C:\Windows\System\BCEhaHv.exe
  C:\Windows\System\BCEhaHv.exe
  2⤵
  PID:6872
- C:\Windows\System\SKHYRbH.exe
  C:\Windows\System\SKHYRbH.exe
  2⤵
  PID:6892
- C:\Windows\System\BfumGoh.exe
  C:\Windows\System\BfumGoh.exe
  2⤵
  PID:6936
- C:\Windows\System\euUbRSa.exe
  C:\Windows\System\euUbRSa.exe
  2⤵
  PID:6972
- C:\Windows\System\QKEKrij.exe
  C:\Windows\System\QKEKrij.exe
  2⤵
  PID:6988
- C:\Windows\System\ehoxeOf.exe
  C:\Windows\System\ehoxeOf.exe
  2⤵
  PID:7048
- C:\Windows\System\kHrigvP.exe
  C:\Windows\System\kHrigvP.exe
  2⤵
  PID:7084
- C:\Windows\System\GbGyYnp.exe
  C:\Windows\System\GbGyYnp.exe
  2⤵
  PID:7064
- C:\Windows\System\gzztRqo.exe
  C:\Windows\System\gzztRqo.exe
  2⤵
  PID:7080
- C:\Windows\System\kWZIBBf.exe
  C:\Windows\System\kWZIBBf.exe
  2⤵
  PID:7116
- C:\Windows\System\HAmyDeE.exe
  C:\Windows\System\HAmyDeE.exe
  2⤵
  PID:6184
- C:\Windows\System\dVbAGKw.exe
  C:\Windows\System\dVbAGKw.exe
  2⤵
  PID:6196
- C:\Windows\System\avNfzXX.exe
  C:\Windows\System\avNfzXX.exe
  2⤵
  PID:6428
- C:\Windows\System\BZVqKzW.exe
  C:\Windows\System\BZVqKzW.exe
  2⤵
  PID:7156
- C:\Windows\System\yvLGQpn.exe
  C:\Windows\System\yvLGQpn.exe
  2⤵
  PID:6200
- C:\Windows\System\HQdxter.exe
  C:\Windows\System\HQdxter.exe
  2⤵
  PID:6332
- C:\Windows\System\NSxBLcU.exe
  C:\Windows\System\NSxBLcU.exe
  2⤵
  PID:6408
- C:\Windows\System\MglITSc.exe
  C:\Windows\System\MglITSc.exe
  2⤵
  PID:6480
- C:\Windows\System\MsOwKVX.exe
  C:\Windows\System\MsOwKVX.exe
  2⤵
  PID:6600
- C:\Windows\System\eUDnhsp.exe
  C:\Windows\System\eUDnhsp.exe
  2⤵
  PID:6500
- C:\Windows\System\JwJKFxi.exe
  C:\Windows\System\JwJKFxi.exe
  2⤵
  PID:6680
- C:\Windows\System\DoanvNy.exe
  C:\Windows\System\DoanvNy.exe
  2⤵
  PID:6568
- C:\Windows\System\sIYLdAl.exe
  C:\Windows\System\sIYLdAl.exe
  2⤵
  PID:6728
- C:\Windows\System\LxsLkPt.exe
  C:\Windows\System\LxsLkPt.exe
  2⤵
  PID:6924
- C:\Windows\System\hDlHwpa.exe
  C:\Windows\System\hDlHwpa.exe
  2⤵
  PID:6984
- C:\Windows\System\zIUwaBC.exe
  C:\Windows\System\zIUwaBC.exe
  2⤵
  PID:7100
- C:\Windows\System\YHNtFxA.exe
  C:\Windows\System\YHNtFxA.exe
  2⤵
  PID:6848
- C:\Windows\System\CpxoFbo.exe
  C:\Windows\System\CpxoFbo.exe
  2⤵
  PID:6968
- C:\Windows\System\ZjINLfn.exe
  C:\Windows\System\ZjINLfn.exe
  2⤵
  PID:6784
- C:\Windows\System\cNWEGkd.exe
  C:\Windows\System\cNWEGkd.exe
  2⤵
  PID:6424
- C:\Windows\System\zucgCsw.exe
  C:\Windows\System\zucgCsw.exe
  2⤵
  PID:6888
- C:\Windows\System\PFRihme.exe
  C:\Windows\System\PFRihme.exe
  2⤵
  PID:7132
- C:\Windows\System\XkLXgRb.exe
  C:\Windows\System\XkLXgRb.exe
  2⤵
  PID:6168
- C:\Windows\System\HMMUGTv.exe
  C:\Windows\System\HMMUGTv.exe
  2⤵
  PID:6232
- C:\Windows\System\enkNEEh.exe
  C:\Windows\System\enkNEEh.exe
  2⤵
  PID:6268
- C:\Windows\System\rpSdPZm.exe
  C:\Windows\System\rpSdPZm.exe
  2⤵
  PID:6612
- C:\Windows\System\urawolT.exe
  C:\Windows\System\urawolT.exe
  2⤵
  PID:6816
- C:\Windows\System\XmhLQCw.exe
  C:\Windows\System\XmhLQCw.exe
  2⤵
  PID:6660
- C:\Windows\System\ZgAxJNy.exe
  C:\Windows\System\ZgAxJNy.exe
  2⤵
  PID:6788
- C:\Windows\System\SnuCxJd.exe
  C:\Windows\System\SnuCxJd.exe
  2⤵
  PID:7016
- C:\Windows\System\oHsDnKm.exe
  C:\Windows\System\oHsDnKm.exe
  2⤵
  PID:6228
- C:\Windows\System\cyWXscu.exe
  C:\Windows\System\cyWXscu.exe
  2⤵
  PID:7012
- C:\Windows\System\FPDgFFo.exe
  C:\Windows\System\FPDgFFo.exe
  2⤵
  PID:6664
- C:\Windows\System\mOVCDiw.exe
  C:\Windows\System\mOVCDiw.exe
  2⤵
  PID:6528
- C:\Windows\System\EvFDiXI.exe
  C:\Windows\System\EvFDiXI.exe
  2⤵
  PID:6476
- C:\Windows\System\CGIZcyA.exe
  C:\Windows\System\CGIZcyA.exe
  2⤵
  PID:7088
- C:\Windows\System\Utzlwyv.exe
  C:\Windows\System\Utzlwyv.exe
  2⤵
  PID:6396
- C:\Windows\System\UOlTcns.exe
  C:\Windows\System\UOlTcns.exe
  2⤵
  PID:6868
- C:\Windows\System\bfgnkoV.exe
  C:\Windows\System\bfgnkoV.exe
  2⤵
  PID:6548
- C:\Windows\System\FsNCZvZ.exe
  C:\Windows\System\FsNCZvZ.exe
  2⤵
  PID:6864
- C:\Windows\System\nvevOmq.exe
  C:\Windows\System\nvevOmq.exe
  2⤵
  PID:7180
- C:\Windows\System\NYxSVYc.exe
  C:\Windows\System\NYxSVYc.exe
  2⤵
  PID:7196
- C:\Windows\System\OAwKxeN.exe
  C:\Windows\System\OAwKxeN.exe
  2⤵
  PID:7212
- C:\Windows\System\nUGhPXD.exe
  C:\Windows\System\nUGhPXD.exe
  2⤵
  PID:7228
- C:\Windows\System\pVCCSun.exe
  C:\Windows\System\pVCCSun.exe
  2⤵
  PID:7244
- C:\Windows\System\sHWaond.exe
  C:\Windows\System\sHWaond.exe
  2⤵
  PID:7260
- C:\Windows\System\RlaFjOz.exe
  C:\Windows\System\RlaFjOz.exe
  2⤵
  PID:7276
- C:\Windows\System\FFpDvJL.exe
  C:\Windows\System\FFpDvJL.exe
  2⤵
  PID:7292
- C:\Windows\System\YzEpCrc.exe
  C:\Windows\System\YzEpCrc.exe
  2⤵
  PID:7308
- C:\Windows\System\yGTodae.exe
  C:\Windows\System\yGTodae.exe
  2⤵
  PID:7324
- C:\Windows\System\eLwYWDT.exe
  C:\Windows\System\eLwYWDT.exe
  2⤵
  PID:7340
- C:\Windows\System\XyTBOzU.exe
  C:\Windows\System\XyTBOzU.exe
  2⤵
  PID:7356
- C:\Windows\System\LqEkUeG.exe
  C:\Windows\System\LqEkUeG.exe
  2⤵
  PID:7372
- C:\Windows\System\RumwhIK.exe
  C:\Windows\System\RumwhIK.exe
  2⤵
  PID:7388
- C:\Windows\System\fMzYaKc.exe
  C:\Windows\System\fMzYaKc.exe
  2⤵
  PID:7404
- C:\Windows\System\cueWcAB.exe
  C:\Windows\System\cueWcAB.exe
  2⤵
  PID:7420
- C:\Windows\System\pFqhSId.exe
  C:\Windows\System\pFqhSId.exe
  2⤵
  PID:7436
- C:\Windows\System\izhybPw.exe
  C:\Windows\System\izhybPw.exe
  2⤵
  PID:7452
- C:\Windows\System\FchIvbs.exe
  C:\Windows\System\FchIvbs.exe
  2⤵
  PID:7468
- C:\Windows\System\pBnMuGR.exe
  C:\Windows\System\pBnMuGR.exe
  2⤵
  PID:7484
- C:\Windows\System\PHVNGIY.exe
  C:\Windows\System\PHVNGIY.exe
  2⤵
  PID:7500
- C:\Windows\System\qcKmgzx.exe
  C:\Windows\System\qcKmgzx.exe
  2⤵
  PID:7516
- C:\Windows\System\vjAXeQw.exe
  C:\Windows\System\vjAXeQw.exe
  2⤵
  PID:7532
- C:\Windows\System\bDKqfEZ.exe
  C:\Windows\System\bDKqfEZ.exe
  2⤵
  PID:7548
- C:\Windows\System\JhuvdAh.exe
  C:\Windows\System\JhuvdAh.exe
  2⤵
  PID:7564
- C:\Windows\System\GYtuPYa.exe
  C:\Windows\System\GYtuPYa.exe
  2⤵
  PID:7580
- C:\Windows\System\Sitsvlp.exe
  C:\Windows\System\Sitsvlp.exe
  2⤵
  PID:7596
- C:\Windows\System\vjhDOwj.exe
  C:\Windows\System\vjhDOwj.exe
  2⤵
  PID:7612
- C:\Windows\System\bErGFJx.exe
  C:\Windows\System\bErGFJx.exe
  2⤵
  PID:7628
- C:\Windows\System\rHTOFgD.exe
  C:\Windows\System\rHTOFgD.exe
  2⤵
  PID:7644
- C:\Windows\System\MjIXUWY.exe
  C:\Windows\System\MjIXUWY.exe
  2⤵
  PID:7664
- C:\Windows\System\NdneyXV.exe
  C:\Windows\System\NdneyXV.exe
  2⤵
  PID:7680
- C:\Windows\System\ppwQNCU.exe
  C:\Windows\System\ppwQNCU.exe
  2⤵
  PID:7696
- C:\Windows\System\suFdiJq.exe
  C:\Windows\System\suFdiJq.exe
  2⤵
  PID:7712
- C:\Windows\System\ulWyKDT.exe
  C:\Windows\System\ulWyKDT.exe
  2⤵
  PID:7728
- C:\Windows\System\OMAEjUX.exe
  C:\Windows\System\OMAEjUX.exe
  2⤵
  PID:7744
- C:\Windows\System\gAHEGjT.exe
  C:\Windows\System\gAHEGjT.exe
  2⤵
  PID:7760
- C:\Windows\System\wcJTWJf.exe
  C:\Windows\System\wcJTWJf.exe
  2⤵
  PID:7776
- C:\Windows\System\iGkLYxS.exe
  C:\Windows\System\iGkLYxS.exe
  2⤵
  PID:7792
- C:\Windows\System\xqKUSHK.exe
  C:\Windows\System\xqKUSHK.exe
  2⤵
  PID:7808
- C:\Windows\System\gYywLcQ.exe
  C:\Windows\System\gYywLcQ.exe
  2⤵
  PID:7824
- C:\Windows\System\HGphmeF.exe
  C:\Windows\System\HGphmeF.exe
  2⤵
  PID:7840
- C:\Windows\System\tAKKTpg.exe
  C:\Windows\System\tAKKTpg.exe
  2⤵
  PID:7856
- C:\Windows\System\kOgKNct.exe
  C:\Windows\System\kOgKNct.exe
  2⤵
  PID:7872
- C:\Windows\System\zYCruYI.exe
  C:\Windows\System\zYCruYI.exe
  2⤵
  PID:7888
- C:\Windows\System\vHiIxdy.exe
  C:\Windows\System\vHiIxdy.exe
  2⤵
  PID:7904
- C:\Windows\System\coqRXAB.exe
  C:\Windows\System\coqRXAB.exe
  2⤵
  PID:7920
- C:\Windows\System\VBTwbui.exe
  C:\Windows\System\VBTwbui.exe
  2⤵
  PID:7936
- C:\Windows\System\EYpAHkt.exe
  C:\Windows\System\EYpAHkt.exe
  2⤵
  PID:7952
- C:\Windows\System\pOgopbX.exe
  C:\Windows\System\pOgopbX.exe
  2⤵
  PID:7968
- C:\Windows\System\qVMWDGO.exe
  C:\Windows\System\qVMWDGO.exe
  2⤵
  PID:7984
- C:\Windows\System\sEQdGhX.exe
  C:\Windows\System\sEQdGhX.exe
  2⤵
  PID:8000
- C:\Windows\System\RdBlNMn.exe
  C:\Windows\System\RdBlNMn.exe
  2⤵
  PID:8016
- C:\Windows\System\fiXwYRf.exe
  C:\Windows\System\fiXwYRf.exe
  2⤵
  PID:8032
- C:\Windows\System\yoAidFq.exe
  C:\Windows\System\yoAidFq.exe
  2⤵
  PID:8060
- C:\Windows\System\GXkcJfq.exe
  C:\Windows\System\GXkcJfq.exe
  2⤵
  PID:8076
- C:\Windows\System\mBdfQQw.exe
  C:\Windows\System\mBdfQQw.exe
  2⤵
  PID:8092
- C:\Windows\System\wwuyZLS.exe
  C:\Windows\System\wwuyZLS.exe
  2⤵
  PID:8108
- C:\Windows\System\lgFCUvC.exe
  C:\Windows\System\lgFCUvC.exe
  2⤵
  PID:8124
- C:\Windows\System\wpyXQFY.exe
  C:\Windows\System\wpyXQFY.exe
  2⤵
  PID:8140
- C:\Windows\System\wecNFfL.exe
  C:\Windows\System\wecNFfL.exe
  2⤵
  PID:8156
- C:\Windows\System\oFmJNqs.exe
  C:\Windows\System\oFmJNqs.exe
  2⤵
  PID:8172
- C:\Windows\System\XzKkPNH.exe
  C:\Windows\System\XzKkPNH.exe
  2⤵
  PID:8188
- C:\Windows\System\TrCqeDb.exe
  C:\Windows\System\TrCqeDb.exe
  2⤵
  PID:7204
- C:\Windows\System\GiYKzeA.exe
  C:\Windows\System\GiYKzeA.exe
  2⤵
  PID:7060
- C:\Windows\System\aWMYWhn.exe
  C:\Windows\System\aWMYWhn.exe
  2⤵
  PID:7300
- C:\Windows\System\eMmpSEU.exe
  C:\Windows\System\eMmpSEU.exe
  2⤵
  PID:7332
- C:\Windows\System\sfxlmqq.exe
  C:\Windows\System\sfxlmqq.exe
  2⤵
  PID:7368
- C:\Windows\System\KrAgFbR.exe
  C:\Windows\System\KrAgFbR.exe
  2⤵
  PID:7256
- C:\Windows\System\zELNYAY.exe
  C:\Windows\System\zELNYAY.exe
  2⤵
  PID:7284
- C:\Windows\System\WyDhQcq.exe
  C:\Windows\System\WyDhQcq.exe
  2⤵
  PID:7416
- C:\Windows\System\CDMcDvC.exe
  C:\Windows\System\CDMcDvC.exe
  2⤵
  PID:7384
- C:\Windows\System\cIEhwEL.exe
  C:\Windows\System\cIEhwEL.exe
  2⤵
  PID:7496
- C:\Windows\System\cpHgXzU.exe
  C:\Windows\System\cpHgXzU.exe
  2⤵
  PID:7508
- C:\Windows\System\uqKXjHA.exe
  C:\Windows\System\uqKXjHA.exe
  2⤵
  PID:7560
- C:\Windows\System\oQrwqwT.exe
  C:\Windows\System\oQrwqwT.exe
  2⤵
  PID:7652
- C:\Windows\System\GUPvUCQ.exe
  C:\Windows\System\GUPvUCQ.exe
  2⤵
  PID:7720
- C:\Windows\System\EQhbGdF.exe
  C:\Windows\System\EQhbGdF.exe
  2⤵
  PID:7608
- C:\Windows\System\VGGWUlP.exe
  C:\Windows\System\VGGWUlP.exe
  2⤵
  PID:7572
- C:\Windows\System\vUIIbyP.exe
  C:\Windows\System\vUIIbyP.exe
  2⤵
  PID:7676
- C:\Windows\System\YgfWgLP.exe
  C:\Windows\System\YgfWgLP.exe
  2⤵
  PID:7752
- C:\Windows\System\LIMMpdn.exe
  C:\Windows\System\LIMMpdn.exe
  2⤵
  PID:7788
- C:\Windows\System\ABwiWkd.exe
  C:\Windows\System\ABwiWkd.exe
  2⤵
  PID:7852
- C:\Windows\System\zZGhsVF.exe
  C:\Windows\System\zZGhsVF.exe
  2⤵
  PID:7772
- C:\Windows\System\LqNnlpy.exe
  C:\Windows\System\LqNnlpy.exe
  2⤵
  PID:7832
- C:\Windows\System\BpnDFXE.exe
  C:\Windows\System\BpnDFXE.exe
  2⤵
  PID:7944
- C:\Windows\System\ttWbIBo.exe
  C:\Windows\System\ttWbIBo.exe
  2⤵
  PID:7980
- C:\Windows\System\oMxncnr.exe
  C:\Windows\System\oMxncnr.exe
  2⤵
  PID:7932
- C:\Windows\System\RbqLVRl.exe
  C:\Windows\System\RbqLVRl.exe
  2⤵
  PID:7960
- C:\Windows\System\JXtYaUN.exe
  C:\Windows\System\JXtYaUN.exe
  2⤵
  PID:8028
- C:\Windows\System\IpsRubk.exe
  C:\Windows\System\IpsRubk.exe
  2⤵
  PID:8056
- C:\Windows\System\RihyHBS.exe
  C:\Windows\System\RihyHBS.exe
  2⤵
  PID:8120
- C:\Windows\System\eUSfCvD.exe
  C:\Windows\System\eUSfCvD.exe
  2⤵
  PID:8184
- C:\Windows\System\jeqUgpH.exe
  C:\Windows\System\jeqUgpH.exe
  2⤵
  PID:8132
- C:\Windows\System\BSXXenH.exe
  C:\Windows\System\BSXXenH.exe
  2⤵
  PID:7188
- C:\Windows\System\XazoFiX.exe
  C:\Windows\System\XazoFiX.exe
  2⤵
  PID:8100
- C:\Windows\System\WaGCNxr.exe
  C:\Windows\System\WaGCNxr.exe
  2⤵
  PID:7460
- C:\Windows\System\rcayrmz.exe
  C:\Windows\System\rcayrmz.exe
  2⤵
  PID:7396
- C:\Windows\System\NpdtiaZ.exe
  C:\Windows\System\NpdtiaZ.exe
  2⤵
  PID:8052
- C:\Windows\System\YxnYpmn.exe
  C:\Windows\System\YxnYpmn.exe
  2⤵
  PID:7688
- C:\Windows\System\CjMgSfi.exe
  C:\Windows\System\CjMgSfi.exe
  2⤵
  PID:7544
- C:\Windows\System\RAThWlQ.exe
  C:\Windows\System\RAThWlQ.exe
  2⤵
  PID:7476
- C:\Windows\System\YzPkGDc.exe
  C:\Windows\System\YzPkGDc.exe
  2⤵
  PID:7740
- C:\Windows\System\ggbpyGy.exe
  C:\Windows\System\ggbpyGy.exe
  2⤵
  PID:7148
- C:\Windows\System\sFFNCHW.exe
  C:\Windows\System\sFFNCHW.exe
  2⤵
  PID:1184
- C:\Windows\System\NHkPmuX.exe
  C:\Windows\System\NHkPmuX.exe
  2⤵
  PID:7900
- C:\Windows\System\CVbfKYi.exe
  C:\Windows\System\CVbfKYi.exe
  2⤵
  PID:7996
- C:\Windows\System\RELPxCf.exe
  C:\Windows\System\RELPxCf.exe
  2⤵
  PID:7884
- C:\Windows\System\kZiTiQg.exe
  C:\Windows\System\kZiTiQg.exe
  2⤵
  PID:8068
- C:\Windows\System\GCfQbEc.exe
  C:\Windows\System\GCfQbEc.exe
  2⤵
  PID:7992
- C:\Windows\System\spOugpy.exe
  C:\Windows\System\spOugpy.exe
  2⤵
  PID:544
- C:\Windows\System\BegogPx.exe
  C:\Windows\System\BegogPx.exe
  2⤵
  PID:1796
- C:\Windows\System\FNCprWx.exe
  C:\Windows\System\FNCprWx.exe
  2⤵
  PID:8024
- C:\Windows\System\FaMviRc.exe
  C:\Windows\System\FaMviRc.exe
  2⤵
  PID:8084
- C:\Windows\System\fJxRbth.exe
  C:\Windows\System\fJxRbth.exe
  2⤵
  PID:8104
- C:\Windows\System\sQYJvow.exe
  C:\Windows\System\sQYJvow.exe
  2⤵
  PID:7624
- C:\Windows\System\qaRuBAN.exe
  C:\Windows\System\qaRuBAN.exe
  2⤵
  PID:7316
- C:\Windows\System\wSIpwoP.exe
  C:\Windows\System\wSIpwoP.exe
  2⤵
  PID:1792
- C:\Windows\System\wmnXAAd.exe
  C:\Windows\System\wmnXAAd.exe
  2⤵
  PID:8088
- C:\Windows\System\WTpuCEH.exe
  C:\Windows\System\WTpuCEH.exe
  2⤵
  PID:7708
- C:\Windows\System\TzMbdHf.exe
  C:\Windows\System\TzMbdHf.exe
  2⤵
  PID:7848
- C:\Windows\System\EAiZXdt.exe
  C:\Windows\System\EAiZXdt.exe
  2⤵
  PID:1896
- C:\Windows\System\HUayZkt.exe
  C:\Windows\System\HUayZkt.exe
  2⤵
  PID:7272
- C:\Windows\System\xoUnebr.exe
  C:\Windows\System\xoUnebr.exe
  2⤵
  PID:7528
- C:\Windows\System\pVEiSlY.exe
  C:\Windows\System\pVEiSlY.exe
  2⤵
  PID:7864
- C:\Windows\System\wxPgEkz.exe
  C:\Windows\System\wxPgEkz.exe
  2⤵
  PID:7252
- C:\Windows\System\XcdrMmf.exe
  C:\Windows\System\XcdrMmf.exe
  2⤵
  PID:8208
- C:\Windows\System\yFSmPcJ.exe
  C:\Windows\System\yFSmPcJ.exe
  2⤵
  PID:8228
- C:\Windows\System\RWejGGh.exe
  C:\Windows\System\RWejGGh.exe
  2⤵
  PID:8244
- C:\Windows\System\gTmxzTy.exe
  C:\Windows\System\gTmxzTy.exe
  2⤵
  PID:8260
- C:\Windows\System\DfaNSco.exe
  C:\Windows\System\DfaNSco.exe
  2⤵
  PID:8276
- C:\Windows\System\Dazkffn.exe
  C:\Windows\System\Dazkffn.exe
  2⤵
  PID:8292
- C:\Windows\System\QDRPfyB.exe
  C:\Windows\System\QDRPfyB.exe
  2⤵
  PID:8308
- C:\Windows\System\WPRincO.exe
  C:\Windows\System\WPRincO.exe
  2⤵
  PID:8324
- C:\Windows\System\zDFcfYr.exe
  C:\Windows\System\zDFcfYr.exe
  2⤵
  PID:8348
- C:\Windows\System\IUDwPTJ.exe
  C:\Windows\System\IUDwPTJ.exe
  2⤵
  PID:8364
- C:\Windows\System\EONrwBR.exe
  C:\Windows\System\EONrwBR.exe
  2⤵
  PID:8384
- C:\Windows\System\TnVElyO.exe
  C:\Windows\System\TnVElyO.exe
  2⤵
  PID:8400
- C:\Windows\System\RkqaYMS.exe
  C:\Windows\System\RkqaYMS.exe
  2⤵
  PID:8420
- C:\Windows\System\sDfezUI.exe
  C:\Windows\System\sDfezUI.exe
  2⤵
  PID:8436
- C:\Windows\System\Ccovczj.exe
  C:\Windows\System\Ccovczj.exe
  2⤵
  PID:8460
- C:\Windows\System\rvAIcFC.exe
  C:\Windows\System\rvAIcFC.exe
  2⤵
  PID:8476
- C:\Windows\System\XZHJYel.exe
  C:\Windows\System\XZHJYel.exe
  2⤵
  PID:8680
- C:\Windows\System\jCkmKqy.exe
  C:\Windows\System\jCkmKqy.exe
  2⤵
  PID:8700
- C:\Windows\System\aYBOEFT.exe
  C:\Windows\System\aYBOEFT.exe
  2⤵
  PID:8820
- C:\Windows\System\pklDqMv.exe
  C:\Windows\System\pklDqMv.exe
  2⤵
  PID:8836
- C:\Windows\System\otqpljP.exe
  C:\Windows\System\otqpljP.exe
  2⤵
  PID:8852
- C:\Windows\System\xXCRrLI.exe
  C:\Windows\System\xXCRrLI.exe
  2⤵
  PID:8868
- C:\Windows\System\tVMmLYp.exe
  C:\Windows\System\tVMmLYp.exe
  2⤵
  PID:8888
- C:\Windows\System\QkBqkyi.exe
  C:\Windows\System\QkBqkyi.exe
  2⤵
  PID:8904
- C:\Windows\System\LMgxJtS.exe
  C:\Windows\System\LMgxJtS.exe
  2⤵
  PID:8920
- C:\Windows\System\fAfxVEC.exe
  C:\Windows\System\fAfxVEC.exe
  2⤵
  PID:8936
- C:\Windows\System\yuzBXBb.exe
  C:\Windows\System\yuzBXBb.exe
  2⤵
  PID:8960
- C:\Windows\System\haFmOBM.exe
  C:\Windows\System\haFmOBM.exe
  2⤵
  PID:8980
- C:\Windows\System\jHNblHD.exe
  C:\Windows\System\jHNblHD.exe
  2⤵
  PID:8996
- C:\Windows\System\KPeDNdU.exe
  C:\Windows\System\KPeDNdU.exe
  2⤵
  PID:9012
- C:\Windows\System\GHPXrxK.exe
  C:\Windows\System\GHPXrxK.exe
  2⤵
  PID:9028
- C:\Windows\System\bDKNwYR.exe
  C:\Windows\System\bDKNwYR.exe
  2⤵
  PID:9044
- C:\Windows\System\DOqhKbt.exe
  C:\Windows\System\DOqhKbt.exe
  2⤵
  PID:9060
- C:\Windows\System\XdGnYFB.exe
  C:\Windows\System\XdGnYFB.exe
  2⤵
  PID:9076
- C:\Windows\System\rVYuzMO.exe
  C:\Windows\System\rVYuzMO.exe
  2⤵
  PID:9092
- C:\Windows\System\gtFsDlJ.exe
  C:\Windows\System\gtFsDlJ.exe
  2⤵
  PID:9108
- C:\Windows\System\FkCEeuT.exe
  C:\Windows\System\FkCEeuT.exe
  2⤵
  PID:9124
- C:\Windows\System\OnaaUDO.exe
  C:\Windows\System\OnaaUDO.exe
  2⤵
  PID:9140
- C:\Windows\System\NBIlGEi.exe
  C:\Windows\System\NBIlGEi.exe
  2⤵
  PID:9156
- C:\Windows\System\eRqFXwH.exe
  C:\Windows\System\eRqFXwH.exe
  2⤵
  PID:9176
- C:\Windows\System\AdssGtJ.exe
  C:\Windows\System\AdssGtJ.exe
  2⤵
  PID:9192
- C:\Windows\System\lQPFqSc.exe
  C:\Windows\System\lQPFqSc.exe
  2⤵
  PID:9208
- C:\Windows\System\XnoYPhv.exe
  C:\Windows\System\XnoYPhv.exe
  2⤵
  PID:8196
- C:\Windows\System\NjiRtvu.exe
  C:\Windows\System\NjiRtvu.exe
  2⤵
  PID:8204
- C:\Windows\System\Fszkpwh.exe
  C:\Windows\System\Fszkpwh.exe
  2⤵
  PID:1940
- C:\Windows\System\hYWprAf.exe
  C:\Windows\System\hYWprAf.exe
  2⤵
  PID:7784
- C:\Windows\System\PhBCCqB.exe
  C:\Windows\System\PhBCCqB.exe
  2⤵
  PID:1780
- C:\Windows\System\EFxmaxg.exe
  C:\Windows\System\EFxmaxg.exe
  2⤵
  PID:8256
- C:\Windows\System\DPfYamS.exe
  C:\Windows\System\DPfYamS.exe
  2⤵
  PID:8340
- C:\Windows\System\ClUZslU.exe
  C:\Windows\System\ClUZslU.exe
  2⤵
  PID:8360
- C:\Windows\System\BAcraLH.exe
  C:\Windows\System\BAcraLH.exe
  2⤵
  PID:8416
- C:\Windows\System\iSjVgpa.exe
  C:\Windows\System\iSjVgpa.exe
  2⤵
  PID:8392
- C:\Windows\System\GVEnuQh.exe
  C:\Windows\System\GVEnuQh.exe
  2⤵
  PID:8432
- C:\Windows\System\HYwwVqt.exe
  C:\Windows\System\HYwwVqt.exe
  2⤵
  PID:8376
- C:\Windows\System\ZCfjdZE.exe
  C:\Windows\System\ZCfjdZE.exe
  2⤵
  PID:8508
- C:\Windows\System\JjpPCnO.exe
  C:\Windows\System\JjpPCnO.exe
  2⤵
  PID:8528
- C:\Windows\System\OGsulFn.exe
  C:\Windows\System\OGsulFn.exe
  2⤵
  PID:8540
- C:\Windows\System\TysUrRw.exe
  C:\Windows\System\TysUrRw.exe
  2⤵
  PID:8556
- C:\Windows\System\bLvmPsB.exe
  C:\Windows\System\bLvmPsB.exe
  2⤵
  PID:8580
- C:\Windows\System\tQFqgQR.exe
  C:\Windows\System\tQFqgQR.exe
  2⤵
  PID:8592
- C:\Windows\System\QIfVyXR.exe
  C:\Windows\System\QIfVyXR.exe
  2⤵
  PID:8604
- C:\Windows\System\eJjlVVQ.exe
  C:\Windows\System\eJjlVVQ.exe
  2⤵
  PID:8632
- C:\Windows\System\FADjisJ.exe
  C:\Windows\System\FADjisJ.exe
  2⤵
  PID:8492
- C:\Windows\System\YGZGVpp.exe
  C:\Windows\System\YGZGVpp.exe
  2⤵
  PID:8652
- C:\Windows\System\WKxlzWm.exe
  C:\Windows\System\WKxlzWm.exe
  2⤵
  PID:8732
- C:\Windows\System\zCAWjOn.exe
  C:\Windows\System\zCAWjOn.exe
  2⤵
  PID:8708
- C:\Windows\System\UXVGHQN.exe
  C:\Windows\System\UXVGHQN.exe
  2⤵
  PID:8736
- C:\Windows\System\bkeXnWS.exe
  C:\Windows\System\bkeXnWS.exe
  2⤵
  PID:8776
- C:\Windows\System\PihEqtJ.exe
  C:\Windows\System\PihEqtJ.exe
  2⤵
  PID:8792
- C:\Windows\System\jzntBUb.exe
  C:\Windows\System\jzntBUb.exe
  2⤵
  PID:8808
- C:\Windows\System\YTcqwFB.exe
  C:\Windows\System\YTcqwFB.exe
  2⤵
  PID:8688
- C:\Windows\System\BKcZzne.exe
  C:\Windows\System\BKcZzne.exe
  2⤵
  PID:1440
- C:\Windows\System\cucxvnk.exe
  C:\Windows\System\cucxvnk.exe
  2⤵
  PID:2120
- C:\Windows\System\cAYlbPA.exe
  C:\Windows\System\cAYlbPA.exe
  2⤵
  PID:940
- C:\Windows\System\TVafKwt.exe
  C:\Windows\System\TVafKwt.exe
  2⤵
  PID:2116
- C:\Windows\System\vxDoSVl.exe
  C:\Windows\System\vxDoSVl.exe
  2⤵
  PID:8932
- C:\Windows\System\kpRlNjF.exe
  C:\Windows\System\kpRlNjF.exe
  2⤵
  PID:8988
- C:\Windows\System\IDtlJIo.exe
  C:\Windows\System\IDtlJIo.exe
  2⤵
  PID:9036
- C:\Windows\System\DXpikSm.exe
  C:\Windows\System\DXpikSm.exe
  2⤵
  PID:1148
- C:\Windows\System\xUMnpou.exe
  C:\Windows\System\xUMnpou.exe
  2⤵
  PID:9100
- C:\Windows\System\wCjzJve.exe
  C:\Windows\System\wCjzJve.exe
  2⤵
  PID:9104
- C:\Windows\System\Frzxgqy.exe
  C:\Windows\System\Frzxgqy.exe
  2⤵
  PID:9116
- C:\Windows\System\VmHYJqT.exe
  C:\Windows\System\VmHYJqT.exe
  2⤵
  PID:9136
- C:\Windows\System\VrSyvpj.exe
  C:\Windows\System\VrSyvpj.exe
  2⤵
  PID:9172
- C:\Windows\System\FtbDQXZ.exe
  C:\Windows\System\FtbDQXZ.exe
  2⤵
  PID:7692
- C:\Windows\System\zGjaIQK.exe
  C:\Windows\System\zGjaIQK.exe
  2⤵
  PID:7672
- C:\Windows\System\NCmhoAY.exe
  C:\Windows\System\NCmhoAY.exe
  2⤵
  PID:7492
- C:\Windows\System\vEWwtrm.exe
  C:\Windows\System\vEWwtrm.exe
  2⤵
  PID:8252
- C:\Windows\System\RYDhaxr.exe
  C:\Windows\System\RYDhaxr.exe
  2⤵
  PID:8336
- C:\Windows\System\rnEGdGK.exe
  C:\Windows\System\rnEGdGK.exe
  2⤵
  PID:8316
- C:\Windows\System\eaYMuEI.exe
  C:\Windows\System\eaYMuEI.exe
  2⤵
  PID:8412
- C:\Windows\System\zPWApic.exe
  C:\Windows\System\zPWApic.exe
  2⤵
  PID:8544
- C:\Windows\System\JkQIbsr.exe
  C:\Windows\System\JkQIbsr.exe
  2⤵
  PID:8612
- C:\Windows\System\jcoOhkh.exe
  C:\Windows\System\jcoOhkh.exe
  2⤵
  PID:8636
- C:\Windows\System\oNDADdd.exe
  C:\Windows\System\oNDADdd.exe
  2⤵
  PID:7636
- C:\Windows\System\mwmrVLe.exe
  C:\Windows\System\mwmrVLe.exe
  2⤵
  PID:8512
- C:\Windows\System\EKCVYmC.exe
  C:\Windows\System\EKCVYmC.exe
  2⤵
  PID:8596
- C:\Windows\System\ZkkZamM.exe
  C:\Windows\System\ZkkZamM.exe
  2⤵
  PID:8752
- C:\Windows\System\nUYseGX.exe
  C:\Windows\System\nUYseGX.exe
  2⤵
  PID:8800
- C:\Windows\System\qpHujIT.exe
  C:\Windows\System\qpHujIT.exe
  2⤵
  PID:8832
- C:\Windows\System\TiTMqfp.exe
  C:\Windows\System\TiTMqfp.exe
  2⤵
  PID:8864
- C:\Windows\System\rauWJHr.exe
  C:\Windows\System\rauWJHr.exe
  2⤵
  PID:8884
- C:\Windows\System\mSSalSS.exe
  C:\Windows\System\mSSalSS.exe
  2⤵
  PID:8880
- C:\Windows\System\TPNLGHB.exe
  C:\Windows\System\TPNLGHB.exe
  2⤵
  PID:9040
- C:\Windows\System\xZNmzKA.exe
  C:\Windows\System\xZNmzKA.exe
  2⤵
  PID:9024
- C:\Windows\System\cIJyOHh.exe
  C:\Windows\System\cIJyOHh.exe
  2⤵
  PID:9204
- C:\Windows\System\unsFRan.exe
  C:\Windows\System\unsFRan.exe
  2⤵
  PID:8288
- C:\Windows\System\COLjctZ.exe
  C:\Windows\System\COLjctZ.exe
  2⤵
  PID:8216
- C:\Windows\System\KvFlPtA.exe
  C:\Windows\System\KvFlPtA.exe
  2⤵
  PID:8452
- C:\Windows\System\oQpWmsD.exe
  C:\Windows\System\oQpWmsD.exe
  2⤵
  PID:7592
- C:\Windows\System\LcHKdNe.exe
  C:\Windows\System\LcHKdNe.exe
  2⤵
  PID:8768
- C:\Windows\System\WzrefaY.exe
  C:\Windows\System\WzrefaY.exe
  2⤵
  PID:8784
- C:\Windows\System\WakBSzM.exe
  C:\Windows\System\WakBSzM.exe
  2⤵
  PID:8568
- C:\Windows\System\JzGJNok.exe
  C:\Windows\System\JzGJNok.exe
  2⤵
  PID:8712
- C:\Windows\System\pESYyIb.exe
  C:\Windows\System\pESYyIb.exe
  2⤵
  PID:1448
- C:\Windows\System\BANcBqx.exe
  C:\Windows\System\BANcBqx.exe
  2⤵
  PID:8300
- C:\Windows\System\mcGiJxm.exe
  C:\Windows\System\mcGiJxm.exe
  2⤵
  PID:8356
- C:\Windows\System\bGhcgnr.exe
  C:\Windows\System\bGhcgnr.exe
  2⤵
  PID:2096
- C:\Windows\System\ZtpkwrT.exe
  C:\Windows\System\ZtpkwrT.exe
  2⤵
  PID:8584
- C:\Windows\System\VaUwBYT.exe
  C:\Windows\System\VaUwBYT.exe
  2⤵
  PID:8484
- C:\Windows\System\HaRjgqv.exe
  C:\Windows\System\HaRjgqv.exe
  2⤵
  PID:8696
- C:\Windows\System\SVChjsi.exe
  C:\Windows\System\SVChjsi.exe
  2⤵
  PID:9008
- C:\Windows\System\vUvnrZd.exe
  C:\Windows\System\vUvnrZd.exe
  2⤵
  PID:9188
- C:\Windows\System\gHeapYC.exe
  C:\Windows\System\gHeapYC.exe
  2⤵
  PID:2752
- C:\Windows\System\CaOQSWN.exe
  C:\Windows\System\CaOQSWN.exe
  2⤵
  PID:8472
- C:\Windows\System\TvTNWBw.exe
  C:\Windows\System\TvTNWBw.exe
  2⤵
  PID:9148
- C:\Windows\System\RmYviga.exe
  C:\Windows\System\RmYviga.exe
  2⤵
  PID:8236
- C:\Windows\System\rVkdfyl.exe
  C:\Windows\System\rVkdfyl.exe
  2⤵
  PID:9168
- C:\Windows\System\RChkslM.exe
  C:\Windows\System\RChkslM.exe
  2⤵
  PID:9224
- C:\Windows\System\hyxHPir.exe
  C:\Windows\System\hyxHPir.exe
  2⤵
  PID:9240
- C:\Windows\System\OhBgJJr.exe
  C:\Windows\System\OhBgJJr.exe
  2⤵
  PID:9260
- C:\Windows\System\FjOBTzf.exe
  C:\Windows\System\FjOBTzf.exe
  2⤵
  PID:9276
- C:\Windows\System\czbACia.exe
  C:\Windows\System\czbACia.exe
  2⤵
  PID:9424
- C:\Windows\System\udPlVHJ.exe
  C:\Windows\System\udPlVHJ.exe
  2⤵
  PID:9448
- C:\Windows\System\OWixiaV.exe
  C:\Windows\System\OWixiaV.exe
  2⤵
  PID:9844
- C:\Windows\System\ffACltq.exe
  C:\Windows\System\ffACltq.exe
  2⤵
  PID:9864
- C:\Windows\System\ImnbhmK.exe
  C:\Windows\System\ImnbhmK.exe
  2⤵
  PID:9880
- C:\Windows\System\dvDtydY.exe
  C:\Windows\System\dvDtydY.exe
  2⤵
  PID:9948
- C:\Windows\System\yREGlnA.exe
  C:\Windows\System\yREGlnA.exe
  2⤵
  PID:10068
- C:\Windows\System\eZmgPmd.exe
  C:\Windows\System\eZmgPmd.exe
  2⤵
  PID:10160
- C:\Windows\System\aVHgdrM.exe
  C:\Windows\System\aVHgdrM.exe
  2⤵
  PID:10180
- C:\Windows\System\zIbTuiT.exe
  C:\Windows\System\zIbTuiT.exe
  2⤵
  PID:10196
- C:\Windows\System\LSESjxW.exe
  C:\Windows\System\LSESjxW.exe
  2⤵
  PID:10216
- C:\Windows\System\zNpUamx.exe
  C:\Windows\System\zNpUamx.exe
  2⤵
  PID:10232
- C:\Windows\System\NXFncCO.exe
  C:\Windows\System\NXFncCO.exe
  2⤵
  PID:1736
- C:\Windows\System\RLZjiEf.exe
  C:\Windows\System\RLZjiEf.exe
  2⤵
  PID:9236
- C:\Windows\System\TUSssaN.exe
  C:\Windows\System\TUSssaN.exe
  2⤵
  PID:8952
- C:\Windows\System\PpoVgKk.exe
  C:\Windows\System\PpoVgKk.exe
  2⤵
  PID:9312
- C:\Windows\System\pPmSbER.exe
  C:\Windows\System\pPmSbER.exe
  2⤵
  PID:9324
- C:\Windows\System\gWoSaRK.exe
  C:\Windows\System\gWoSaRK.exe
  2⤵
  PID:9344
- C:\Windows\System\qrbAldP.exe
  C:\Windows\System\qrbAldP.exe
  2⤵
  PID:9360
- C:\Windows\System\JVFADkh.exe
  C:\Windows\System\JVFADkh.exe
  2⤵
  PID:9388
- C:\Windows\System\OtywGDO.exe
  C:\Windows\System\OtywGDO.exe
  2⤵
  PID:9380
- C:\Windows\System\FNroJtO.exe
  C:\Windows\System\FNroJtO.exe
  2⤵
  PID:9404
- C:\Windows\System\GYjmTjf.exe
  C:\Windows\System\GYjmTjf.exe
  2⤵
  PID:9436
- C:\Windows\System\rnPuMtN.exe
  C:\Windows\System\rnPuMtN.exe
  2⤵
  PID:9460
- C:\Windows\System\LUzRpiP.exe
  C:\Windows\System\LUzRpiP.exe
  2⤵
  PID:9496
- C:\Windows\System\zzOrjWw.exe
  C:\Windows\System\zzOrjWw.exe
  2⤵
  PID:9512
- C:\Windows\System\AWGBTeR.exe
  C:\Windows\System\AWGBTeR.exe
  2⤵
  PID:9464
- C:\Windows\System\dDfsYJt.exe
  C:\Windows\System\dDfsYJt.exe
  2⤵
  PID:9764
- C:\Windows\System\BkrcfRx.exe
  C:\Windows\System\BkrcfRx.exe
  2⤵
  PID:9820
- C:\Windows\System\weYUscD.exe
  C:\Windows\System\weYUscD.exe
  2⤵
  PID:9528
- C:\Windows\System\rlItETW.exe
  C:\Windows\System\rlItETW.exe
  2⤵
  PID:9548
- C:\Windows\System\bgrkuJW.exe
  C:\Windows\System\bgrkuJW.exe
  2⤵
  PID:9568
- C:\Windows\System\DPyUdCV.exe
  C:\Windows\System\DPyUdCV.exe
  2⤵
  PID:9596
- C:\Windows\System\keGscef.exe
  C:\Windows\System\keGscef.exe
  2⤵
  PID:9612
- C:\Windows\System\NDzjhlH.exe
  C:\Windows\System\NDzjhlH.exe
  2⤵
  PID:9628
- C:\Windows\System\baprfFx.exe
  C:\Windows\System\baprfFx.exe
  2⤵
  PID:9644
- C:\Windows\System\VVaSqKq.exe
  C:\Windows\System\VVaSqKq.exe
  2⤵
  PID:9660
- C:\Windows\System\cXmLJmM.exe
  C:\Windows\System\cXmLJmM.exe
  2⤵
  PID:9676
- C:\Windows\System\NooxSaV.exe
  C:\Windows\System\NooxSaV.exe
  2⤵
  PID:9696
- C:\Windows\System\SsKNDIR.exe
  C:\Windows\System\SsKNDIR.exe
  2⤵
  PID:9712
- C:\Windows\System\UZOThbr.exe
  C:\Windows\System\UZOThbr.exe
  2⤵
  PID:9728
- C:\Windows\System\wWJJoMd.exe
  C:\Windows\System\wWJJoMd.exe
  2⤵
  PID:9744
- C:\Windows\System\GmTSslF.exe
  C:\Windows\System\GmTSslF.exe
  2⤵
  PID:9760
- C:\Windows\System\gtKEiaC.exe
  C:\Windows\System\gtKEiaC.exe
  2⤵
  PID:9784
- C:\Windows\System\ZueAEWg.exe
  C:\Windows\System\ZueAEWg.exe
  2⤵
  PID:9836
- C:\Windows\System\exHeAJx.exe
  C:\Windows\System\exHeAJx.exe
  2⤵
  PID:9832
- C:\Windows\System\dJSXzIT.exe
  C:\Windows\System\dJSXzIT.exe
  2⤵
  PID:9872
- C:\Windows\System\aGNjVII.exe
  C:\Windows\System\aGNjVII.exe
  2⤵
  PID:9796
- C:\Windows\System\ZeTwjeM.exe
  C:\Windows\System\ZeTwjeM.exe
  2⤵
  PID:9956
- C:\Windows\System\OsvHFHN.exe
  C:\Windows\System\OsvHFHN.exe
  2⤵
  PID:9992
- C:\Windows\System\PXYtzrL.exe
  C:\Windows\System\PXYtzrL.exe
  2⤵
  PID:10008
- C:\Windows\System\ldTHeoD.exe
  C:\Windows\System\ldTHeoD.exe
  2⤵
  PID:10032
- C:\Windows\System\koXngGi.exe
  C:\Windows\System\koXngGi.exe
  2⤵
  PID:9924
- C:\Windows\System\vXHPXHR.exe
  C:\Windows\System\vXHPXHR.exe
  2⤵
  PID:9980
- C:\Windows\System\OajmNRc.exe
  C:\Windows\System\OajmNRc.exe
  2⤵
  PID:9920
- C:\Windows\System\AAuCaOr.exe
  C:\Windows\System\AAuCaOr.exe
  2⤵
  PID:9900
- C:\Windows\System\NsXoqvu.exe
  C:\Windows\System\NsXoqvu.exe
  2⤵
  PID:9968
- C:\Windows\System\jWXTpFr.exe
  C:\Windows\System\jWXTpFr.exe
  2⤵
  PID:9932
- C:\Windows\System\cvUUGOh.exe
  C:\Windows\System\cvUUGOh.exe
  2⤵
  PID:10080
- C:\Windows\System\JsjHDaz.exe
  C:\Windows\System\JsjHDaz.exe
  2⤵
  PID:10088
- C:\Windows\System\EuudiXA.exe
  C:\Windows\System\EuudiXA.exe
  2⤵
  PID:10176
- C:\Windows\System\ZOpHzqP.exe
  C:\Windows\System\ZOpHzqP.exe
  2⤵
  PID:10212
- C:\Windows\System\npZfhms.exe
  C:\Windows\System\npZfhms.exe
  2⤵
  PID:10128
- C:\Windows\System\wSvTSMl.exe
  C:\Windows\System\wSvTSMl.exe
  2⤵
  PID:10144
- C:\Windows\System\CMbQdZT.exe
  C:\Windows\System\CMbQdZT.exe
  2⤵
  PID:10156
- C:\Windows\System\dvAKbGq.exe
  C:\Windows\System\dvAKbGq.exe
  2⤵
  PID:9084
- C:\Windows\System\qsapWoS.exe
  C:\Windows\System\qsapWoS.exe
  2⤵
  PID:8928
- C:\Windows\System\tVYmQKL.exe
  C:\Windows\System\tVYmQKL.exe
  2⤵
  PID:8744
- C:\Windows\System\MvDEJkQ.exe
  C:\Windows\System\MvDEJkQ.exe
  2⤵
  PID:9248
- C:\Windows\System\wWlepot.exe
  C:\Windows\System\wWlepot.exe
  2⤵
  PID:9252
- C:\Windows\System\wzzOeoC.exe
  C:\Windows\System\wzzOeoC.exe
  2⤵
  PID:8588
- C:\Windows\System\SpBIMTp.exe
  C:\Windows\System\SpBIMTp.exe
  2⤵
  PID:8220
- C:\Windows\System\VhnElXA.exe
  C:\Windows\System\VhnElXA.exe
  2⤵
  PID:9072
- C:\Windows\System\uChHgLI.exe
  C:\Windows\System\uChHgLI.exe
  2⤵
  PID:9300
- C:\Windows\System\IThaFGu.exe
  C:\Windows\System\IThaFGu.exe
  2⤵
  PID:9316
- C:\Windows\System\BACneEC.exe
  C:\Windows\System\BACneEC.exe
  2⤵
  PID:9356
- C:\Windows\System\yCvBlBL.exe
  C:\Windows\System\yCvBlBL.exe
  2⤵
  PID:9292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\FnKCFel.exe

Filesize
6.0MB

MD5
6f83edaf49974518e13b60a54dc90e32

SHA1
6541887e6bfab27380f640a64f5baf390c1b78e0

SHA256
12e44e1d6f81abdc221cbb73675fce8abf039d942ebd43e78ad93831257bcf11

SHA512
83e33eec6bed2748ff8e34dd04dde67b191a29ff96088e0ca6c19a1a4f945a85117a833cceb6e37d6dcb95b2241a3ea3317b0c7a960e8acc80725f4957829bee

Download Submit
C:\Windows\system\GwOGIDi.exe

Filesize
6.0MB

MD5
2c8cbe0017b96716c8da740528c0570b

SHA1
809e5b46be4a42db36fe0af10e549613c6878653

SHA256
550f366caa8b4be46fcdec6347ceb9373093869276f02e8b6b931e84a98d89fe

SHA512
9eb8c9f87e0559c55345b14239aa3f2f1615b810f182a0988f27a7fb6940d7d90cfc2434d319306a6c46ec2f585ba3c35776525b9e6d4f3509be088fdb453fe2

Download Submit
C:\Windows\system\HECMvfw.exe

Filesize
6.0MB

MD5
559ff4ac70c82d3d41b35165ecfd4ccf

SHA1
9b00b07c2a57dd54208710d8be1fd14db86eba7b

SHA256
bf4ddc348545992b695792b44a7e89167dbb4475d7f27b71d133043eef1e4061

SHA512
508aca39b6d4228bfaf7cfd35034f77f0ae204250a94459025acb2e9c0d18e64fbd12face9f6ef5bec32b91287442f0f563344b74d9ed1eddec35eda8a01faa0

Download Submit
C:\Windows\system\PLQgStg.exe

Filesize
6.0MB

MD5
cd569113c6049eb26f5fae1dce43bc04

SHA1
4de53596839488bb5fa9a9dc2a66320cfa828004

SHA256
06adf3ede6d3f947ade1b9e512234a4246273c20b19f9a410ad5a1d843fd2e68

SHA512
b8e645c9cb2a00a60606cde58fe30d4cefd14b56e0ae300f77118a919ebee3170382f207bd743c675807713a730ede503a220d2f2930bbfd1b982db2b4d9aad3

Download Submit
C:\Windows\system\PTnZhkq.exe

Filesize
6.0MB

MD5
8c6696bfa5967d30ba86f476bedcad49

SHA1
b3ed089b1b20f00edcf0b85b91aa262ff4f4dd0f

SHA256
0ae2e9987cd9681e871c4928c3a1effa54d2d8728eaf37d3847b9915d6267db3

SHA512
4368abdfcc4e30b305ab4a723c671908208d3ba6954dbb5ba6daa48823779a02bb83a93ea7d9f50fa7e041fec5bc07919b56c47c974f1dc22cfbae52f80e2e17

Download Submit
C:\Windows\system\QxwzNRW.exe

Filesize
6.0MB

MD5
cc3d5b8808e52fb301cfee2ecd964e2b

SHA1
45bdf0ea185ab4971d7546a1e4cea90dd58a3d2c

SHA256
e6526bb4a7a2517a3f590162ebf6bfa1243eb600b1fc105819e221f01f39c346

SHA512
e55860a88b450cfc7f5a259f14a3cd786c9e24c1414c4498e66503303875074d3295998cac46cbbba73b78440512ff3aab7a946b11b84490fcc0c4cdc673b3bd

Download Submit
C:\Windows\system\ZVplbMw.exe

Filesize
6.0MB

MD5
586e444e51155f9aed762627968e9e98

SHA1
b7338bc3906242c3e95dff74dc8e7a6dcfff441e

SHA256
1413fd7ee5eea3ec5eeeca6012685cfd995178a8567be0769de729e62e3478b4

SHA512
342da1285df575eb9255231e4f33ea8d8141a4daec27ef42472e9f552e5eb0141a1b3392459d1d13862e2b4d9ddce7bb7b445dca50b44de53a2b86ae63d1ae52

Download Submit
C:\Windows\system\ayjXgbG.exe

Filesize
6.0MB

MD5
dfcc0684c89befc7469cfff391809830

SHA1
712c3bda30252de50d97769aab266eb1fbae06db

SHA256
4baf15ced7974d973593e7d54d7663961969a06738b46504fcf5bb206b46ce55

SHA512
51451d01bfda2dead2b93c764dbd2aa3c189006f73a10a36db37ea41ce555af16c3efa4f425e26edd7b4e2e5f3f071f2479135ecb823cf1ec3b24a49342e9dff

Download Submit
C:\Windows\system\bHPhVuv.exe

Filesize
6.0MB

MD5
f235411bc6c1f0cc67a7f806b9c22b6e

SHA1
31f27265cd7db6c7775c680902f04d9a866bc990

SHA256
7eb9814f166c0a82f9eb8c8b12e592746cb9560a3c30055231a2f87b456aef96

SHA512
84bb939577b13caae4da7d7baf8fbfe346c2f7c1a2d92eac6a0286fa69072c8ad9e8ee3e253bf763736371d290aaa77874065aee5923f5b9928445bd8ac6ede7

Download Submit
C:\Windows\system\dDppJUg.exe

Filesize
6.0MB

MD5
af9b74ffb7ae29275b9567dee13a9dba

SHA1
6a2c7066022179553cead1b7305bb35b94f0a596

SHA256
79dd106637aa8544b3b47446e232a6cbd7669ac810f9e182d89b9da2457375ef

SHA512
1fd37a84df345278745aa06f334fec528f5d288190b4a56eedd900f7c0b68e57b511210ae3007a0ae1ee91aa0e59ae4b24e55fc9fd3c7bc2cee6b054499bf267

Download Submit
C:\Windows\system\hdDGXrK.exe

Filesize
6.0MB

MD5
754489741338927260ef385b055d5608

SHA1
a23b090473cbd5896212143d3ff34efe582c523c

SHA256
da3b97e10be9112be581ec584c12f0c054f01205b180d5f656ddc3c8c044d320

SHA512
f07f88e2b4f4844dfca28c2be585f83f5e883bd13f6a1d851ee0527ed03418b25a3f0c4330de66fb92611496417d0525187ec82b29b8a4585437869aa04bde6b

Download Submit
C:\Windows\system\lRSbksv.exe

Filesize
6.0MB

MD5
641b40324f9b1bc9241920b5859c392c

SHA1
54d8fa707b36416ce04325b04b19b4711f85dca4

SHA256
982d9d78fe3fdaa3092d6516a5662eb0f9c4b9aa4beba4ab4726fa42eeb21153

SHA512
6c65faebe2eac84f2818051b8aab036ec56e6d2a105105598dc6b75181323b6074be301d9449b8536bb46b2b782fb7ad77887890a37be778d175869c1a0d4dfe

Download Submit
C:\Windows\system\lyZSqsn.exe

Filesize
6.0MB

MD5
76b694d6a2addbd9e88d2b8a0bcaa1c0

SHA1
e09692b37d390f847355be9ac31155e9f0009a57

SHA256
1dab80762063068bb750a343ab3936c9e7c4153094b01225664d4d62f6e63df5

SHA512
db7b1377d8423c9b163db728637f02fcf0df6bf79da7ef2fd6c53ee9519e74f692806f0ca25cde16202284ffc363f0eb8836934e7c88665828b6a9250a884851

Download Submit
C:\Windows\system\mccoDzz.exe

Filesize
6.0MB

MD5
93408b78435c3d7b12adf000f52f3f4c

SHA1
134a9af73791e01ba8038971a354b075618e1846

SHA256
b0ffae389fb6d9b53a0a5868532894c6825ad31074f50ab2239f630a0813ec4a

SHA512
a80fcccea43de0f4ab1499d50e68656b1aedf8ab185fb47693e11d23125ea434a4b3ceba673b27a294649a070affe5e7347e499f654dca20a54858f32e419269

Download Submit
C:\Windows\system\oqENbiZ.exe

Filesize
6.0MB

MD5
2fac31776e329c09fbb7cb05e57a0410

SHA1
69d8519e23e7ce521fba2edf61e21d837dbc1b26

SHA256
ae33afc960c1e5571a5a2a4720a3c4f584f0508d7113a7d8398963d61e2a697c

SHA512
15dd528975bc4fca9ef32a343ce3944972c098ca9e79c04b359e388b3689d077e0b9d918a08848f20b3882d252bc0c43666b4a6d080b46d471912566d6fe7c10

Download Submit
C:\Windows\system\pzNvSMb.exe

Filesize
6.0MB

MD5
7993f935b2d677d970c389102618b0dd

SHA1
257388bebc45ded64aa0b51f2d2d507c54ac32aa

SHA256
43cb0a01022fc7e931e6400d2091e83a4cecf6ff6f0a049536e697e695c02a18

SHA512
6ec0c9d317c0bb0bba34862572d08d438b94ac0462c9e0211ceabd53ef4c804c39a900f7efaf26239d4ed65c6ed04fbe902bee41881b88f372179d3ec56cb49a

Download Submit
C:\Windows\system\rnvjWPm.exe

Filesize
6.0MB

MD5
369e6d44af6da93597fe06fd9a265ea8

SHA1
22c6d4743a07c5df3b743756e7730311653a422e

SHA256
6f5d7229480dddbfe0b7c9291c970f390e32f71d9b1515db2fc86e92928594d8

SHA512
6ff4453a9f8650b71fa0803a92b603ff5e92b4519348d72813b64f7cb0b77eb7f57c43f3cc715032a65011e5f20dce80034f2374a54566d47dc57bfb2a8d8e0a

Download Submit
C:\Windows\system\swoEgMZ.exe

Filesize
6.0MB

MD5
daaee6f4d4552db1f6c91ad2374ef94d

SHA1
947d28e1035b5e49e6d33de69bc3369c4e03a155

SHA256
3fe0f1578d7ac930b151e78755958843cdf873081b674b3a4e0bba7c50babb29

SHA512
6951f1f733e87c0e8a9786dbb55cffb943889e711c85717c90ea27dd53d8c577977a131f641114a4bad61a3f75ce298b9c1681bae5c29546d9e206ffb7f5eb9d

Download Submit
C:\Windows\system\ukVERzX.exe

Filesize
6.0MB

MD5
1677268d58cfaf10ddfee0b351def0b8

SHA1
5237c8a25d2d5d1721252afa0304f7b4d61165c7

SHA256
b5b164f221d8c2ac813f3f078019b8f55d4fd8e762f4d4374fe1618ab7bc4ab4

SHA512
78476a66c1fb13f2dc0798b9314e8935526761f8752015e2e7b64cc2b9dd113aa08e3bbfb134adebd0078a420b65af50ffeffa87c3ed4fc0d0d06bd45c9d6503

Download Submit
C:\Windows\system\vUrVyIK.exe

Filesize
6.0MB

MD5
614a320a1cebfe29d0b00aebd32c6761

SHA1
e1e9fa68030525cc812855c4111a486f0926ba88

SHA256
f9d55b41788b108d106e2dd9fc52b3b37d7499246aa1fb9a7f597042cf8e75e0

SHA512
a0acf2c64aa8bc4e8c0ae04b4ae7ae1275190d11cfb6614f256f5a42f2dc60fa2fbccdb7ebfeb72d0fe026e0823c77ba0553ade4f8d748c2b8bf676ce430c58c

Download Submit
C:\Windows\system\wTjZSSZ.exe

Filesize
6.0MB

MD5
ebde37dd8074f1703989a28655d4c92c

SHA1
95eab3160dc84b9e942a22db8aa582acee34c0b9

SHA256
490aea994b62a78466f4316a49901d47216b997498e72bcc1bce94f8e8ab668d

SHA512
1110a6aa3d32992269fa3f6cf865211b580982953e83f53dbae7539292d14bc0e551ad010aa44d98f72f907274a95ff78f665592cdc085cadda111b12f97a7ae

Download Submit
C:\Windows\system\xrzKSEp.exe

Filesize
6.0MB

MD5
6221c209232f64f6c70197f71a19a993

SHA1
ec613204c5ec4b9c2cde09072af46a30ec9e60a5

SHA256
0c7b80ca90867a674d51ca77f0558384242261c20d064735b698dc525893aed9

SHA512
a8d07fdb1d64d4d496e111ac653d377b6ca179b96362f9cdc84dfbac5d78d6c70f61c4c8565902731ddd99c16a1fce64b559964c3966fb63401b2528eadb5d50

Download Submit
\Windows\system\GMzClJz.exe

Filesize
6.0MB

MD5
d7baae4e34f356633625eacfc0ae0a0b

SHA1
a6ed5631795231bbe60a4103a37ae1bd3d2e9da2

SHA256
c75271ea7f13372241a7a08970bbf08dfa94c64ae006b22e236eea5399ece706

SHA512
89a676820d647bb2b1903327185f1c9ebac307eede1454988c48caa1437a816f2eaf6dc35045966f9639b771e70cc783b484c1c29d957cce279e14783602ae53

Download Submit
\Windows\system\JvRvWqK.exe

Filesize
6.0MB

MD5
671980153c5cbb8d0b3c1f863b25becb

SHA1
6b294405d6519140aa23c8179c49b3e2f41ff64b

SHA256
d2708a32b712545113ca00d590527ee8deeff650be462ee4141ca3d84eea5563

SHA512
d0060028567fca6214fc20a5cc3664a063b5d7974c8529486dda8bb6da343704b373ef0473445f177340754db3da864ce0bc639110c91aca326aa2ffeb85ed64

Download Submit
\Windows\system\KasaZrD.exe

Filesize
6.0MB

MD5
faf958bed76168b7189be4a7bcfb06b4

SHA1
71729afb4b0be820912a28f7572161df15968f1a

SHA256
f524004b9f3fa199687883f5703f2e11878e03ec94eb398bb261a49b9778b877

SHA512
e171a44aa12f8d75dbea8a2db8ede7a06c9b149a4542be93a4f798061f468654ab22c5357018b113c74ab0bc3366011f9a0c8709dda2d0d9278080e5dc161324

Download Submit
\Windows\system\KhXrIta.exe

Filesize
6.0MB

MD5
e72c58e16157317bee80aeb3a17496de

SHA1
cc666fd9eea6fba6ce1592361d915c0bbf52966c

SHA256
ca50779e026016949cfc7909718da7fbaf45a60d3c23da88c6cfb393ff70ea7c

SHA512
76b2a607c6fbbdb729d4785e6f10e5412e1c3e76d827a36a3845770a8bad4340bdf1f5abe94b6605951193f6bdb1ec7ec87042956172a11cf6009029c6bb5c75

Download Submit
\Windows\system\MOKmUtE.exe

Filesize
6.0MB

MD5
08c1e25b59ce98040c90a6f5fe0b632a

SHA1
643a02a1ca414c99478e4c166c1950881aeba487

SHA256
c7615cef5bf488dcc7a79381ba52f453227a4eeba68d7b25bcdeba0919da82d1

SHA512
d434f2c6ad24036a5d2499dc1c990983ff522ebec56ec95d19d2759603b20c8adabbfd3bb999083743464507da464cfe58a50b5996eac317fde332dba9c1530b

Download Submit
\Windows\system\VpQqQnj.exe

Filesize
6.0MB

MD5
ba7918d26d204d2b7512059e61144c1f

SHA1
a506645c0a175fd7efe5551fec65ab3f2e285cab

SHA256
88a8883820666e67c8f60886f251705d34c9528ba6980b2d8cfcfeb44e88f144

SHA512
1a3933a34ffe80ab3b8770ad0e3733ce678d28095757120832cd7f4a75526473b4a9932ef78863f79f87d0c41b557458c5f7ad45def4dd286bd24c771d763675

Download Submit
\Windows\system\WKciWMv.exe

Filesize
6.0MB

MD5
7e3c0cf00172a1d86eb6c5ff4bed334c

SHA1
a66cb03122e53f323ff198a1599339a75590a5d3

SHA256
7fb45188ccd8a1566eac8eb1e7d66895a33504668673aeaa870a090f52dc92a0

SHA512
c956f7b21b752c564939c866c1f275c5025fd60f3a35cc960a62f3dc277151fd9d753af899ee2f3c90a9854e95e36690e54a70a205cc7856cb0bb62e5b764668

Download Submit
\Windows\system\YuPmgGY.exe

Filesize
6.0MB

MD5
1b1690cfcdceaaf91b4720fbc96a14f4

SHA1
189b00f24a53038a634330f24def7dfe644054a7

SHA256
42f020583ac6d7d05cf11b7d2bd46b3e28ccb02ce88ea8986aea9b175ba8cbc9

SHA512
422bde09e27e75b78c627f637198bf49847376f8b29eb25414a4a927b4dc89c7f806e60bcd2f2c36049c3f4bc70b4e448f2341ec4cf49aac1490836d1e0f5cf6

Download Submit
\Windows\system\efyNesr.exe

Filesize
6.0MB

MD5
675dc79dbaf5d7e541f077680934e7da

SHA1
d99f168533a0686177bbefdf352c03f04e88691c

SHA256
c612fb333c0d25a4ffced8f32e0d53be8866a4a1f293415dfd315ce038259fee

SHA512
a91b8dcb907ffd7af4953f85fccf2845d80c96089765241654353513d048ff127c6f0de7c61092afa1e43a84038e82b2c217984df33ba2a0fec33c09e13fda08

Download Submit
\Windows\system\fIZWvVc.exe

Filesize
6.0MB

MD5
ecdfd45b04fc7b6dba2adbb95714a3bf

SHA1
0263f9ef01fd1b552eb318bec96a89b5ccf7c966

SHA256
b4e8259e98919796ee01665db7d5e665fab994355b6bf0b0ae4ead75f6b16fea

SHA512
cabf79f766863cbc193db3c1880615062ab2fb271432ed9d96f5e72af6a1774878d1cc44875737154922d1a8a879de7bcd6f2ccd145eeae3317dc0d713db4eef

Download Submit
\Windows\system\gYeXTfF.exe

Filesize
6.0MB

MD5
7cd7461f1b8298d766619248276d2d0b

SHA1
399d2c24bfcebe14b3620aa32e29a1c6f8c740b7

SHA256
fa7cdc2e1cf63f2099f369a5dd602a38b5177cb01f11d92a4c0473924a27d102

SHA512
4f8f2fcf6fd871d188c4eee1020b0a90b185a0fc4634d9597ff1866c77bc9cd526a1258edb1b02096436e96f69f4643701a52a2499c399aca0d73455a32fd004

Download Submit
\Windows\system\psjhKKc.exe

Filesize
6.0MB

MD5
161d8fb92aea2a4bc4987cfe23791066

SHA1
88f9b39e872d961712312b77428e0570773490b6

SHA256
1c098faae2c8a9d15886b88d0de0ea3245b2af12faf2072c78bc69b0a388b0cf

SHA512
8ea5684e9c2bd293d6b7fdc9d8d857219b48510b4971937a1fddfacee3201683fdf541ad493adad1e545c7412232ee76a23211023f081bdd3157449cba0707d0

Download Submit
memory/764-1431-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/764-20-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/944-1563-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/944-110-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/1112-22-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/1112-1430-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/1292-62-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/1292-93-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/1292-17-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/1292-27-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/1292-495-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/1292-41-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/1292-32-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/1292-541-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/1292-540-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/1292-68-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/1292-21-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/1292-19-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/1292-105-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/1292-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1292-402-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/1292-67-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/1292-66-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/1292-65-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/1292-60-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/1292-0-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/1292-100-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/1292-97-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/1292-108-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/1292-107-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2216-99-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2216-1546-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-1557-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2368-109-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2616-104-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-1548-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-1522-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2652-61-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2664-106-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-1559-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-98-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-1558-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-1544-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-442-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-64-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-416-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2884-1518-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2884-43-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2892-1497-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-37-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-261-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-117-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2932-1438-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2932-29-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2960-1429-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2960-23-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download