cobaltstrike | a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a

Analysis

max time kernel
60s
max time network
20s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-09-2024 19:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
Size

6.0MB
MD5

ab0b4a163eb49e954f80bc8ccaece36d
SHA1

3f60d606e4f1f28677b12bd20f79816837e8da85
SHA256

a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a
SHA512

c6d065b69b0f3ef27c3707d940cb641484bd7fb25ad530a5ded9d423ca6ee20b879867c6c03f92430f95a945ce7e61e932b2aba688741770e53e982c518a1bf6
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUv:T+q56utgpPF8u/7v

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000e0000000162b2-3.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cc8-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cec-16.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d06-23.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000171a8-52.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017079-50.dat	cobalt_reflective_dll
behavioral1/files/0x000c000000016c3a-71.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017488-83.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001873d-147.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b4-197.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019350-192.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019334-187.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019282-182.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-177.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925e-172.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a5-162.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019023-167.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878f-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018784-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018728-142.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186fd-137.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ee-132.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ea-127.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e4-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018683-117.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018676-112.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174cc-103.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017492-94.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173a9-79.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173a7-64.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000016d18-39.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d0e-34.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/3024-0-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/files/0x000e0000000162b2-3.dat	xmrig
behavioral1/files/0x0007000000016cc8-12.dat	xmrig
behavioral1/memory/2672-13-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/3060-11-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016cec-16.dat	xmrig
behavioral1/files/0x0007000000016d06-23.dat	xmrig
behavioral1/memory/2892-22-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/2880-28-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/3024-37-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/3060-41-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/memory/2668-35-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/files/0x00060000000171a8-52.dat	xmrig
behavioral1/memory/292-51-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2572-57-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/files/0x0008000000017079-50.dat	xmrig
behavioral1/files/0x000c000000016c3a-71.dat	xmrig
behavioral1/files/0x0006000000017488-83.dat	xmrig
behavioral1/memory/484-88-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/572-96-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/780-105-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/files/0x000500000001873d-147.dat	xmrig
behavioral1/memory/780-1018-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/572-846-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/484-609-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/1856-420-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2952-226-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193b4-197.dat	xmrig
behavioral1/files/0x0005000000019350-192.dat	xmrig
behavioral1/files/0x0005000000019334-187.dat	xmrig
behavioral1/files/0x0005000000019282-182.dat	xmrig
behavioral1/files/0x0005000000019261-177.dat	xmrig
behavioral1/files/0x000500000001925e-172.dat	xmrig
behavioral1/files/0x00050000000187a5-162.dat	xmrig
behavioral1/files/0x0006000000019023-167.dat	xmrig
behavioral1/files/0x000500000001878f-157.dat	xmrig
behavioral1/files/0x0005000000018784-152.dat	xmrig
behavioral1/files/0x0005000000018728-142.dat	xmrig
behavioral1/files/0x00050000000186fd-137.dat	xmrig
behavioral1/files/0x00050000000186ee-132.dat	xmrig
behavioral1/files/0x00050000000186ea-127.dat	xmrig
behavioral1/files/0x00050000000186e4-122.dat	xmrig
behavioral1/files/0x0005000000018683-117.dat	xmrig
behavioral1/files/0x000d000000018676-112.dat	xmrig
behavioral1/memory/1592-104-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/files/0x00060000000174cc-103.dat	xmrig
behavioral1/memory/2572-95-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/files/0x0006000000017492-94.dat	xmrig
behavioral1/memory/292-87-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/3024-84-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/1856-80-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/files/0x00060000000173a9-79.dat	xmrig
behavioral1/memory/3012-77-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2952-73-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/2668-72-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/memory/1592-66-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2880-65-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/files/0x00060000000173a7-64.dat	xmrig
behavioral1/memory/2672-49-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/3012-45-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/files/0x000a000000016d18-39.dat	xmrig
behavioral1/files/0x0009000000016d0e-34.dat	xmrig
behavioral1/memory/2672-3592-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/3060-3595-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3060	AEZPTKV.exe
2672	OpAtGZo.exe
2892	ygawiOe.exe
2880	UKBwhHu.exe
2668	AXtVvsN.exe
3012	kxAUenZ.exe
292	YyXVvGy.exe
2572	SQDkmQd.exe
1592	hAmMxQG.exe
2952	ByfPxjd.exe
1856	iAcXDsF.exe
484	bAYsMCF.exe
572	dulhlwf.exe
780	gQXujmU.exe
2056	wEOlVXX.exe
1044	GArAKCb.exe
2528	jjNWsgl.exe
1344	iuXTDHr.exe
1716	NYiKmoM.exe
1952	aaiEIRd.exe
2404	zwSYBZL.exe
1368	VDgKmkx.exe
2104	cEUQJEA.exe
2380	GqGccJQ.exe
1728	boPwUYK.exe
884	pETKVqM.exe
2124	mkgbSKw.exe
1088	BkOjbBh.exe
632	hmXsSPv.exe
1608	aQfrGNR.exe
784	ACqUjnY.exe
760	zPLdAGY.exe
956	ILaKTys.exe
568	lSeREGK.exe
1680	NFJWQPX.exe
1676	ojmPQcY.exe
2148	NBWGjGH.exe
1784	buoFeQF.exe
816	OtjHJRT.exe
1960	CizVgss.exe
1756	jEUMNME.exe
2308	dfwkPxf.exe
2348	iehHSod.exe
1636	ulgQrqV.exe
1292	UiTcQxj.exe
1736	pbLFdtz.exe
3052	SytbWXh.exe
1984	cVDLKJy.exe
2452	HMiZwUo.exe
1436	SmqHkZY.exe
1556	FJTeJQI.exe
1928	PSgMELp.exe
2652	YOszZiL.exe
2700	ByMvRlX.exe
2332	kvFNoAv.exe
2728	CrAMlTm.exe
2544	pmfUjwY.exe
2784	yNMoMqz.exe
2232	tjBcrkU.exe
1944	POOUNVR.exe
2076	JKSIRWR.exe
2280	kLrVVmS.exe
1844	AlFirfg.exe
1148	kNshONR.exe

Loads dropped DLL 64 IoCs

pid	Process
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3024-0-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/files/0x000e0000000162b2-3.dat	upx
behavioral1/files/0x0007000000016cc8-12.dat	upx
behavioral1/memory/2672-13-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/3060-11-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/files/0x0007000000016cec-16.dat	upx
behavioral1/files/0x0007000000016d06-23.dat	upx
behavioral1/memory/2892-22-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/2880-28-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/3024-37-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/3024-40-0x0000000002250000-0x00000000025A4000-memory.dmp	upx
behavioral1/memory/3060-41-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/memory/2668-35-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/files/0x00060000000171a8-52.dat	upx
behavioral1/memory/292-51-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2572-57-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/files/0x0008000000017079-50.dat	upx
behavioral1/files/0x000c000000016c3a-71.dat	upx
behavioral1/files/0x0006000000017488-83.dat	upx
behavioral1/memory/484-88-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/572-96-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/780-105-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/files/0x000500000001873d-147.dat	upx
behavioral1/memory/780-1018-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/572-846-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/484-609-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/1856-420-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2952-226-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/files/0x00050000000193b4-197.dat	upx
behavioral1/files/0x0005000000019350-192.dat	upx
behavioral1/files/0x0005000000019334-187.dat	upx
behavioral1/files/0x0005000000019282-182.dat	upx
behavioral1/files/0x0005000000019261-177.dat	upx
behavioral1/files/0x000500000001925e-172.dat	upx
behavioral1/files/0x00050000000187a5-162.dat	upx
behavioral1/files/0x0006000000019023-167.dat	upx
behavioral1/files/0x000500000001878f-157.dat	upx
behavioral1/files/0x0005000000018784-152.dat	upx
behavioral1/files/0x0005000000018728-142.dat	upx
behavioral1/files/0x00050000000186fd-137.dat	upx
behavioral1/files/0x00050000000186ee-132.dat	upx
behavioral1/files/0x00050000000186ea-127.dat	upx
behavioral1/files/0x00050000000186e4-122.dat	upx
behavioral1/files/0x0005000000018683-117.dat	upx
behavioral1/files/0x000d000000018676-112.dat	upx
behavioral1/memory/1592-104-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/files/0x00060000000174cc-103.dat	upx
behavioral1/memory/2572-95-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/files/0x0006000000017492-94.dat	upx
behavioral1/memory/292-87-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/1856-80-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/files/0x00060000000173a9-79.dat	upx
behavioral1/memory/3012-77-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2952-73-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2668-72-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/memory/1592-66-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2880-65-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/files/0x00060000000173a7-64.dat	upx
behavioral1/memory/2672-49-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/3012-45-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/files/0x000a000000016d18-39.dat	upx
behavioral1/files/0x0009000000016d0e-34.dat	upx
behavioral1/memory/2672-3592-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/3060-3595-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ccIEUvx.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\wGLoYnL.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\IQlQnSg.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\josCFqx.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\nLELUUv.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\JkbvTxI.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\rAWeALi.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\JYOFfJE.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\iyPHWDS.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\QyuFkCO.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\sIDeNZA.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\dnuYeYH.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\TbJOVQE.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\JtKcgkW.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\jSbFILI.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\TuGoEGj.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\gQXujmU.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\NBWGjGH.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\OVLiaEP.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\EwIEkYe.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\cTgHhkZ.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\IIMPhyH.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\GtsfFsR.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\wbUuYyx.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\RVVhdtX.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\qdPOhCw.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\JkAxdud.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\lxdZkOP.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\Qsgxzvz.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\AHgiGjK.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\JWUKVyW.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\GHgDpCY.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\aefKlzP.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\oYdLBke.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\yxQPqLy.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\AEqzHOn.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\nHfpOBz.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\dcqqzma.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\ILaKTys.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\JKSIRWR.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\WXkInlA.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\XuFkjAR.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\nbAVdDB.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\CcUJwWC.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\vmJuENu.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\dgCOakb.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\yyVvEPG.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\wVVhrgu.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\cYpeFBF.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\gAJEnNb.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\hHkfqnd.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\sszXKNv.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\qSnIpMT.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\REZldOp.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\RUfXlVj.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\dmKbANJ.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\JFlMasI.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\KooHzvP.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\PFsWlyl.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\QdJEmCb.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\bulZpms.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\nxILPEm.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\vvSuHHm.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
File created	C:\Windows\System\RVvhdwT.exe	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 3060	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	32
PID 3024 wrote to memory of 3060	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	32
PID 3024 wrote to memory of 3060	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	32
PID 3024 wrote to memory of 2672	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	33
PID 3024 wrote to memory of 2672	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	33
PID 3024 wrote to memory of 2672	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	33
PID 3024 wrote to memory of 2892	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	34
PID 3024 wrote to memory of 2892	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	34
PID 3024 wrote to memory of 2892	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	34
PID 3024 wrote to memory of 2880	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	35
PID 3024 wrote to memory of 2880	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	35
PID 3024 wrote to memory of 2880	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	35
PID 3024 wrote to memory of 2668	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	36
PID 3024 wrote to memory of 2668	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	36
PID 3024 wrote to memory of 2668	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	36
PID 3024 wrote to memory of 3012	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	37
PID 3024 wrote to memory of 3012	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	37
PID 3024 wrote to memory of 3012	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	37
PID 3024 wrote to memory of 292	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	38
PID 3024 wrote to memory of 292	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	38
PID 3024 wrote to memory of 292	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	38
PID 3024 wrote to memory of 2572	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	39
PID 3024 wrote to memory of 2572	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	39
PID 3024 wrote to memory of 2572	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	39
PID 3024 wrote to memory of 1592	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	40
PID 3024 wrote to memory of 1592	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	40
PID 3024 wrote to memory of 1592	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	40
PID 3024 wrote to memory of 2952	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	41
PID 3024 wrote to memory of 2952	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	41
PID 3024 wrote to memory of 2952	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	41
PID 3024 wrote to memory of 1856	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	42
PID 3024 wrote to memory of 1856	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	42
PID 3024 wrote to memory of 1856	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	42
PID 3024 wrote to memory of 484	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	43
PID 3024 wrote to memory of 484	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	43
PID 3024 wrote to memory of 484	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	43
PID 3024 wrote to memory of 572	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	44
PID 3024 wrote to memory of 572	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	44
PID 3024 wrote to memory of 572	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	44
PID 3024 wrote to memory of 780	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	45
PID 3024 wrote to memory of 780	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	45
PID 3024 wrote to memory of 780	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	45
PID 3024 wrote to memory of 2056	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	46
PID 3024 wrote to memory of 2056	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	46
PID 3024 wrote to memory of 2056	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	46
PID 3024 wrote to memory of 1044	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	47
PID 3024 wrote to memory of 1044	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	47
PID 3024 wrote to memory of 1044	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	47
PID 3024 wrote to memory of 2528	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	48
PID 3024 wrote to memory of 2528	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	48
PID 3024 wrote to memory of 2528	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	48
PID 3024 wrote to memory of 1344	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	49
PID 3024 wrote to memory of 1344	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	49
PID 3024 wrote to memory of 1344	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	49
PID 3024 wrote to memory of 1716	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	50
PID 3024 wrote to memory of 1716	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	50
PID 3024 wrote to memory of 1716	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	50
PID 3024 wrote to memory of 1952	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	51
PID 3024 wrote to memory of 1952	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	51
PID 3024 wrote to memory of 1952	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	51
PID 3024 wrote to memory of 2404	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	52
PID 3024 wrote to memory of 2404	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	52
PID 3024 wrote to memory of 2404	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	52
PID 3024 wrote to memory of 1368	3024	a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe	53

C:\Users\Admin\AppData\Local\Temp\a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe
"C:\Users\Admin\AppData\Local\Temp\a3d6a97e60c783e49f73061b4737b71e55a7d64eb49cedf2c8fa8a8b8f27445a.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Windows\System\AEZPTKV.exe
  C:\Windows\System\AEZPTKV.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\OpAtGZo.exe
  C:\Windows\System\OpAtGZo.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\ygawiOe.exe
  C:\Windows\System\ygawiOe.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\UKBwhHu.exe
  C:\Windows\System\UKBwhHu.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\AXtVvsN.exe
  C:\Windows\System\AXtVvsN.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\kxAUenZ.exe
  C:\Windows\System\kxAUenZ.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\YyXVvGy.exe
  C:\Windows\System\YyXVvGy.exe
  2⤵
  - Executes dropped EXE
  PID:292
- C:\Windows\System\SQDkmQd.exe
  C:\Windows\System\SQDkmQd.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\hAmMxQG.exe
  C:\Windows\System\hAmMxQG.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\ByfPxjd.exe
  C:\Windows\System\ByfPxjd.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\iAcXDsF.exe
  C:\Windows\System\iAcXDsF.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\bAYsMCF.exe
  C:\Windows\System\bAYsMCF.exe
  2⤵
  - Executes dropped EXE
  PID:484
- C:\Windows\System\dulhlwf.exe
  C:\Windows\System\dulhlwf.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\gQXujmU.exe
  C:\Windows\System\gQXujmU.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\wEOlVXX.exe
  C:\Windows\System\wEOlVXX.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\GArAKCb.exe
  C:\Windows\System\GArAKCb.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\jjNWsgl.exe
  C:\Windows\System\jjNWsgl.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\iuXTDHr.exe
  C:\Windows\System\iuXTDHr.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\NYiKmoM.exe
  C:\Windows\System\NYiKmoM.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\aaiEIRd.exe
  C:\Windows\System\aaiEIRd.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\zwSYBZL.exe
  C:\Windows\System\zwSYBZL.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\VDgKmkx.exe
  C:\Windows\System\VDgKmkx.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\cEUQJEA.exe
  C:\Windows\System\cEUQJEA.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\GqGccJQ.exe
  C:\Windows\System\GqGccJQ.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\boPwUYK.exe
  C:\Windows\System\boPwUYK.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\pETKVqM.exe
  C:\Windows\System\pETKVqM.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\mkgbSKw.exe
  C:\Windows\System\mkgbSKw.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\BkOjbBh.exe
  C:\Windows\System\BkOjbBh.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\hmXsSPv.exe
  C:\Windows\System\hmXsSPv.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\aQfrGNR.exe
  C:\Windows\System\aQfrGNR.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\ACqUjnY.exe
  C:\Windows\System\ACqUjnY.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\zPLdAGY.exe
  C:\Windows\System\zPLdAGY.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\ILaKTys.exe
  C:\Windows\System\ILaKTys.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\lSeREGK.exe
  C:\Windows\System\lSeREGK.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\NFJWQPX.exe
  C:\Windows\System\NFJWQPX.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\ojmPQcY.exe
  C:\Windows\System\ojmPQcY.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\NBWGjGH.exe
  C:\Windows\System\NBWGjGH.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\buoFeQF.exe
  C:\Windows\System\buoFeQF.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\OtjHJRT.exe
  C:\Windows\System\OtjHJRT.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\CizVgss.exe
  C:\Windows\System\CizVgss.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\jEUMNME.exe
  C:\Windows\System\jEUMNME.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\dfwkPxf.exe
  C:\Windows\System\dfwkPxf.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\iehHSod.exe
  C:\Windows\System\iehHSod.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\ulgQrqV.exe
  C:\Windows\System\ulgQrqV.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\UiTcQxj.exe
  C:\Windows\System\UiTcQxj.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\pbLFdtz.exe
  C:\Windows\System\pbLFdtz.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\SytbWXh.exe
  C:\Windows\System\SytbWXh.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\cVDLKJy.exe
  C:\Windows\System\cVDLKJy.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\HMiZwUo.exe
  C:\Windows\System\HMiZwUo.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\SmqHkZY.exe
  C:\Windows\System\SmqHkZY.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\FJTeJQI.exe
  C:\Windows\System\FJTeJQI.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\PSgMELp.exe
  C:\Windows\System\PSgMELp.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\YOszZiL.exe
  C:\Windows\System\YOszZiL.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\ByMvRlX.exe
  C:\Windows\System\ByMvRlX.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\kvFNoAv.exe
  C:\Windows\System\kvFNoAv.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\CrAMlTm.exe
  C:\Windows\System\CrAMlTm.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\pmfUjwY.exe
  C:\Windows\System\pmfUjwY.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\yNMoMqz.exe
  C:\Windows\System\yNMoMqz.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\tjBcrkU.exe
  C:\Windows\System\tjBcrkU.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\POOUNVR.exe
  C:\Windows\System\POOUNVR.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\JKSIRWR.exe
  C:\Windows\System\JKSIRWR.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\kLrVVmS.exe
  C:\Windows\System\kLrVVmS.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\AlFirfg.exe
  C:\Windows\System\AlFirfg.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\kNshONR.exe
  C:\Windows\System\kNshONR.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\uizeomi.exe
  C:\Windows\System\uizeomi.exe
  2⤵
  PID:1076
- C:\Windows\System\aOzGWPq.exe
  C:\Windows\System\aOzGWPq.exe
  2⤵
  PID:1104
- C:\Windows\System\tBUyLpS.exe
  C:\Windows\System\tBUyLpS.exe
  2⤵
  PID:2440
- C:\Windows\System\fEonQSl.exe
  C:\Windows\System\fEonQSl.exe
  2⤵
  PID:2776
- C:\Windows\System\CaiUTHu.exe
  C:\Windows\System\CaiUTHu.exe
  2⤵
  PID:448
- C:\Windows\System\RnlGGJF.exe
  C:\Windows\System\RnlGGJF.exe
  2⤵
  PID:1640
- C:\Windows\System\mGAqYOH.exe
  C:\Windows\System\mGAqYOH.exe
  2⤵
  PID:1336
- C:\Windows\System\JChRrCD.exe
  C:\Windows\System\JChRrCD.exe
  2⤵
  PID:1032
- C:\Windows\System\ZJEmDFb.exe
  C:\Windows\System\ZJEmDFb.exe
  2⤵
  PID:872
- C:\Windows\System\iRWUtoc.exe
  C:\Windows\System\iRWUtoc.exe
  2⤵
  PID:1520
- C:\Windows\System\CUwDQse.exe
  C:\Windows\System\CUwDQse.exe
  2⤵
  PID:1764
- C:\Windows\System\bbBAmgT.exe
  C:\Windows\System\bbBAmgT.exe
  2⤵
  PID:1492
- C:\Windows\System\RGQMXDc.exe
  C:\Windows\System\RGQMXDc.exe
  2⤵
  PID:2160
- C:\Windows\System\mgebmJj.exe
  C:\Windows\System\mgebmJj.exe
  2⤵
  PID:1536
- C:\Windows\System\eNfXNCp.exe
  C:\Windows\System\eNfXNCp.exe
  2⤵
  PID:1356
- C:\Windows\System\rSogFqh.exe
  C:\Windows\System\rSogFqh.exe
  2⤵
  PID:2300
- C:\Windows\System\liqrfRC.exe
  C:\Windows\System\liqrfRC.exe
  2⤵
  PID:1968
- C:\Windows\System\dlOPcuI.exe
  C:\Windows\System\dlOPcuI.exe
  2⤵
  PID:868
- C:\Windows\System\oQuFGPF.exe
  C:\Windows\System\oQuFGPF.exe
  2⤵
  PID:2472
- C:\Windows\System\uAtPjLT.exe
  C:\Windows\System\uAtPjLT.exe
  2⤵
  PID:3036
- C:\Windows\System\mSzBVwe.exe
  C:\Windows\System\mSzBVwe.exe
  2⤵
  PID:2576
- C:\Windows\System\eqHzUAq.exe
  C:\Windows\System\eqHzUAq.exe
  2⤵
  PID:2664
- C:\Windows\System\DSQwuSK.exe
  C:\Windows\System\DSQwuSK.exe
  2⤵
  PID:2568
- C:\Windows\System\fBhXKJe.exe
  C:\Windows\System\fBhXKJe.exe
  2⤵
  PID:612
- C:\Windows\System\MDbBJPl.exe
  C:\Windows\System\MDbBJPl.exe
  2⤵
  PID:1400
- C:\Windows\System\pJTbyCD.exe
  C:\Windows\System\pJTbyCD.exe
  2⤵
  PID:2460
- C:\Windows\System\RafPhkk.exe
  C:\Windows\System\RafPhkk.exe
  2⤵
  PID:1508
- C:\Windows\System\VFLCNZF.exe
  C:\Windows\System\VFLCNZF.exe
  2⤵
  PID:1600
- C:\Windows\System\YkHeBXX.exe
  C:\Windows\System\YkHeBXX.exe
  2⤵
  PID:2412
- C:\Windows\System\YqcHseR.exe
  C:\Windows\System\YqcHseR.exe
  2⤵
  PID:656
- C:\Windows\System\ajZNNjT.exe
  C:\Windows\System\ajZNNjT.exe
  2⤵
  PID:2372
- C:\Windows\System\OVLiaEP.exe
  C:\Windows\System\OVLiaEP.exe
  2⤵
  PID:844
- C:\Windows\System\wxWbues.exe
  C:\Windows\System\wxWbues.exe
  2⤵
  PID:692
- C:\Windows\System\DvQtjVY.exe
  C:\Windows\System\DvQtjVY.exe
  2⤵
  PID:2928
- C:\Windows\System\SCOThHb.exe
  C:\Windows\System\SCOThHb.exe
  2⤵
  PID:2060
- C:\Windows\System\sFPktvS.exe
  C:\Windows\System\sFPktvS.exe
  2⤵
  PID:2096
- C:\Windows\System\jhRmZLC.exe
  C:\Windows\System\jhRmZLC.exe
  2⤵
  PID:1056
- C:\Windows\System\mUfFkbA.exe
  C:\Windows\System\mUfFkbA.exe
  2⤵
  PID:2724
- C:\Windows\System\MuAkbXB.exe
  C:\Windows\System\MuAkbXB.exe
  2⤵
  PID:2392
- C:\Windows\System\bclNsDP.exe
  C:\Windows\System\bclNsDP.exe
  2⤵
  PID:2772
- C:\Windows\System\DOWKfoe.exe
  C:\Windows\System\DOWKfoe.exe
  2⤵
  PID:2676
- C:\Windows\System\mwYWgRM.exe
  C:\Windows\System\mwYWgRM.exe
  2⤵
  PID:2424
- C:\Windows\System\OQzAcvk.exe
  C:\Windows\System\OQzAcvk.exe
  2⤵
  PID:1976
- C:\Windows\System\BduMixV.exe
  C:\Windows\System\BduMixV.exe
  2⤵
  PID:2088
- C:\Windows\System\UfViGxL.exe
  C:\Windows\System\UfViGxL.exe
  2⤵
  PID:1964
- C:\Windows\System\eteHGar.exe
  C:\Windows\System\eteHGar.exe
  2⤵
  PID:1568
- C:\Windows\System\uewTcPr.exe
  C:\Windows\System\uewTcPr.exe
  2⤵
  PID:1504
- C:\Windows\System\FxdwiFG.exe
  C:\Windows\System\FxdwiFG.exe
  2⤵
  PID:772
- C:\Windows\System\YOBMGdd.exe
  C:\Windows\System\YOBMGdd.exe
  2⤵
  PID:1940
- C:\Windows\System\PFsWlyl.exe
  C:\Windows\System\PFsWlyl.exe
  2⤵
  PID:988
- C:\Windows\System\Ttunskx.exe
  C:\Windows\System\Ttunskx.exe
  2⤵
  PID:2184
- C:\Windows\System\lXudRNi.exe
  C:\Windows\System\lXudRNi.exe
  2⤵
  PID:3076
- C:\Windows\System\nTagucg.exe
  C:\Windows\System\nTagucg.exe
  2⤵
  PID:3096
- C:\Windows\System\UMVpFdK.exe
  C:\Windows\System\UMVpFdK.exe
  2⤵
  PID:3112
- C:\Windows\System\CWVZNVK.exe
  C:\Windows\System\CWVZNVK.exe
  2⤵
  PID:3136
- C:\Windows\System\WaiWPTk.exe
  C:\Windows\System\WaiWPTk.exe
  2⤵
  PID:3156
- C:\Windows\System\CqPxcSk.exe
  C:\Windows\System\CqPxcSk.exe
  2⤵
  PID:3176
- C:\Windows\System\XAldEVg.exe
  C:\Windows\System\XAldEVg.exe
  2⤵
  PID:3192
- C:\Windows\System\sDBAzWD.exe
  C:\Windows\System\sDBAzWD.exe
  2⤵
  PID:3212
- C:\Windows\System\TduXEfS.exe
  C:\Windows\System\TduXEfS.exe
  2⤵
  PID:3232
- C:\Windows\System\zcKMkXx.exe
  C:\Windows\System\zcKMkXx.exe
  2⤵
  PID:3256
- C:\Windows\System\SHZNQev.exe
  C:\Windows\System\SHZNQev.exe
  2⤵
  PID:3276
- C:\Windows\System\fWmNMAC.exe
  C:\Windows\System\fWmNMAC.exe
  2⤵
  PID:3296
- C:\Windows\System\HFZoaeG.exe
  C:\Windows\System\HFZoaeG.exe
  2⤵
  PID:3316
- C:\Windows\System\ULyQSCx.exe
  C:\Windows\System\ULyQSCx.exe
  2⤵
  PID:3336
- C:\Windows\System\vRIVNkE.exe
  C:\Windows\System\vRIVNkE.exe
  2⤵
  PID:3356
- C:\Windows\System\ljbWniW.exe
  C:\Windows\System\ljbWniW.exe
  2⤵
  PID:3376
- C:\Windows\System\AGcSTpv.exe
  C:\Windows\System\AGcSTpv.exe
  2⤵
  PID:3396
- C:\Windows\System\sNmoewD.exe
  C:\Windows\System\sNmoewD.exe
  2⤵
  PID:3416
- C:\Windows\System\SYCxDkT.exe
  C:\Windows\System\SYCxDkT.exe
  2⤵
  PID:3432
- C:\Windows\System\bdQnSjy.exe
  C:\Windows\System\bdQnSjy.exe
  2⤵
  PID:3452
- C:\Windows\System\EYaYgCe.exe
  C:\Windows\System\EYaYgCe.exe
  2⤵
  PID:3476
- C:\Windows\System\tkxgBPC.exe
  C:\Windows\System\tkxgBPC.exe
  2⤵
  PID:3500
- C:\Windows\System\EUvvIMj.exe
  C:\Windows\System\EUvvIMj.exe
  2⤵
  PID:3520
- C:\Windows\System\DMrNIiz.exe
  C:\Windows\System\DMrNIiz.exe
  2⤵
  PID:3540
- C:\Windows\System\hNPUiCR.exe
  C:\Windows\System\hNPUiCR.exe
  2⤵
  PID:3556
- C:\Windows\System\nfyJZst.exe
  C:\Windows\System\nfyJZst.exe
  2⤵
  PID:3580
- C:\Windows\System\WXkInlA.exe
  C:\Windows\System\WXkInlA.exe
  2⤵
  PID:3600
- C:\Windows\System\nRJSaSW.exe
  C:\Windows\System\nRJSaSW.exe
  2⤵
  PID:3620
- C:\Windows\System\BVOCDGi.exe
  C:\Windows\System\BVOCDGi.exe
  2⤵
  PID:3636
- C:\Windows\System\LLjjobJ.exe
  C:\Windows\System\LLjjobJ.exe
  2⤵
  PID:3660
- C:\Windows\System\EwIEkYe.exe
  C:\Windows\System\EwIEkYe.exe
  2⤵
  PID:3680
- C:\Windows\System\JpwRtMu.exe
  C:\Windows\System\JpwRtMu.exe
  2⤵
  PID:3700
- C:\Windows\System\xAllilP.exe
  C:\Windows\System\xAllilP.exe
  2⤵
  PID:3716
- C:\Windows\System\WeGbwyZ.exe
  C:\Windows\System\WeGbwyZ.exe
  2⤵
  PID:3740
- C:\Windows\System\OkHXHEN.exe
  C:\Windows\System\OkHXHEN.exe
  2⤵
  PID:3756
- C:\Windows\System\RCTkjBu.exe
  C:\Windows\System\RCTkjBu.exe
  2⤵
  PID:3776
- C:\Windows\System\NALgPfj.exe
  C:\Windows\System\NALgPfj.exe
  2⤵
  PID:3796
- C:\Windows\System\lcQmHnJ.exe
  C:\Windows\System\lcQmHnJ.exe
  2⤵
  PID:3820
- C:\Windows\System\yXCtDUb.exe
  C:\Windows\System\yXCtDUb.exe
  2⤵
  PID:3836
- C:\Windows\System\ptnIKud.exe
  C:\Windows\System\ptnIKud.exe
  2⤵
  PID:3856
- C:\Windows\System\cxoJgVA.exe
  C:\Windows\System\cxoJgVA.exe
  2⤵
  PID:3876
- C:\Windows\System\QyuFkCO.exe
  C:\Windows\System\QyuFkCO.exe
  2⤵
  PID:3896
- C:\Windows\System\meuDYow.exe
  C:\Windows\System\meuDYow.exe
  2⤵
  PID:3920
- C:\Windows\System\PsBygRR.exe
  C:\Windows\System\PsBygRR.exe
  2⤵
  PID:3940
- C:\Windows\System\hViiAgy.exe
  C:\Windows\System\hViiAgy.exe
  2⤵
  PID:3956
- C:\Windows\System\wljbzDK.exe
  C:\Windows\System\wljbzDK.exe
  2⤵
  PID:3976
- C:\Windows\System\TGUamDy.exe
  C:\Windows\System\TGUamDy.exe
  2⤵
  PID:3996
- C:\Windows\System\REAalCr.exe
  C:\Windows\System\REAalCr.exe
  2⤵
  PID:4016
- C:\Windows\System\netRTPb.exe
  C:\Windows\System\netRTPb.exe
  2⤵
  PID:4036
- C:\Windows\System\CXdHOwR.exe
  C:\Windows\System\CXdHOwR.exe
  2⤵
  PID:4056
- C:\Windows\System\sMClPCh.exe
  C:\Windows\System\sMClPCh.exe
  2⤵
  PID:4076
- C:\Windows\System\ZCYZBat.exe
  C:\Windows\System\ZCYZBat.exe
  2⤵
  PID:2988
- C:\Windows\System\VGhKgYB.exe
  C:\Windows\System\VGhKgYB.exe
  2⤵
  PID:288
- C:\Windows\System\GzjgKoC.exe
  C:\Windows\System\GzjgKoC.exe
  2⤵
  PID:2408
- C:\Windows\System\NGqClly.exe
  C:\Windows\System\NGqClly.exe
  2⤵
  PID:860
- C:\Windows\System\PHTSiRf.exe
  C:\Windows\System\PHTSiRf.exe
  2⤵
  PID:1772
- C:\Windows\System\voMQOOf.exe
  C:\Windows\System\voMQOOf.exe
  2⤵
  PID:2312
- C:\Windows\System\MkiiLbM.exe
  C:\Windows\System\MkiiLbM.exe
  2⤵
  PID:3088
- C:\Windows\System\DxRLHEt.exe
  C:\Windows\System\DxRLHEt.exe
  2⤵
  PID:3104
- C:\Windows\System\sFAIbDL.exe
  C:\Windows\System\sFAIbDL.exe
  2⤵
  PID:3108
- C:\Windows\System\UXQOiwd.exe
  C:\Windows\System\UXQOiwd.exe
  2⤵
  PID:3208
- C:\Windows\System\LKEhlTv.exe
  C:\Windows\System\LKEhlTv.exe
  2⤵
  PID:3252
- C:\Windows\System\xdFyQle.exe
  C:\Windows\System\xdFyQle.exe
  2⤵
  PID:3188
- C:\Windows\System\iWvXzem.exe
  C:\Windows\System\iWvXzem.exe
  2⤵
  PID:3284
- C:\Windows\System\SujxPgV.exe
  C:\Windows\System\SujxPgV.exe
  2⤵
  PID:3324
- C:\Windows\System\vduTSZt.exe
  C:\Windows\System\vduTSZt.exe
  2⤵
  PID:3372
- C:\Windows\System\pxDTDCY.exe
  C:\Windows\System\pxDTDCY.exe
  2⤵
  PID:3344
- C:\Windows\System\YcoZfyv.exe
  C:\Windows\System\YcoZfyv.exe
  2⤵
  PID:3388
- C:\Windows\System\yKfaojt.exe
  C:\Windows\System\yKfaojt.exe
  2⤵
  PID:3424
- C:\Windows\System\SpkCnUh.exe
  C:\Windows\System\SpkCnUh.exe
  2⤵
  PID:3492
- C:\Windows\System\hAFwSnm.exe
  C:\Windows\System\hAFwSnm.exe
  2⤵
  PID:3528
- C:\Windows\System\BUaeqHO.exe
  C:\Windows\System\BUaeqHO.exe
  2⤵
  PID:3564
- C:\Windows\System\iRjKPhO.exe
  C:\Windows\System\iRjKPhO.exe
  2⤵
  PID:3548
- C:\Windows\System\dKHeKEY.exe
  C:\Windows\System\dKHeKEY.exe
  2⤵
  PID:3596
- C:\Windows\System\nkftBuf.exe
  C:\Windows\System\nkftBuf.exe
  2⤵
  PID:3656
- C:\Windows\System\VhgvtxX.exe
  C:\Windows\System\VhgvtxX.exe
  2⤵
  PID:3728
- C:\Windows\System\jPwUtVo.exe
  C:\Windows\System\jPwUtVo.exe
  2⤵
  PID:3668
- C:\Windows\System\aKdSBPu.exe
  C:\Windows\System\aKdSBPu.exe
  2⤵
  PID:3708
- C:\Windows\System\FvrFDLG.exe
  C:\Windows\System\FvrFDLG.exe
  2⤵
  PID:3816
- C:\Windows\System\nFlkPSS.exe
  C:\Windows\System\nFlkPSS.exe
  2⤵
  PID:3848
- C:\Windows\System\ZuXAoRy.exe
  C:\Windows\System\ZuXAoRy.exe
  2⤵
  PID:3752
- C:\Windows\System\AwXXwMw.exe
  C:\Windows\System\AwXXwMw.exe
  2⤵
  PID:3936
- C:\Windows\System\drLWtYL.exe
  C:\Windows\System\drLWtYL.exe
  2⤵
  PID:3972
- C:\Windows\System\cyhPhEb.exe
  C:\Windows\System\cyhPhEb.exe
  2⤵
  PID:3872
- C:\Windows\System\lbukPRh.exe
  C:\Windows\System\lbukPRh.exe
  2⤵
  PID:4012
- C:\Windows\System\ELnORen.exe
  C:\Windows\System\ELnORen.exe
  2⤵
  PID:4052
- C:\Windows\System\vwqfHHj.exe
  C:\Windows\System\vwqfHHj.exe
  2⤵
  PID:4028
- C:\Windows\System\AJlEjsc.exe
  C:\Windows\System\AJlEjsc.exe
  2⤵
  PID:2012
- C:\Windows\System\vOZIbts.exe
  C:\Windows\System\vOZIbts.exe
  2⤵
  PID:4072
- C:\Windows\System\CtuYysK.exe
  C:\Windows\System\CtuYysK.exe
  2⤵
  PID:1664
- C:\Windows\System\eQPNdtL.exe
  C:\Windows\System\eQPNdtL.exe
  2⤵
  PID:2304
- C:\Windows\System\zjisAeJ.exe
  C:\Windows\System\zjisAeJ.exe
  2⤵
  PID:1936
- C:\Windows\System\RVvhdwT.exe
  C:\Windows\System\RVvhdwT.exe
  2⤵
  PID:3244
- C:\Windows\System\kzknxdP.exe
  C:\Windows\System\kzknxdP.exe
  2⤵
  PID:3200
- C:\Windows\System\sszXKNv.exe
  C:\Windows\System\sszXKNv.exe
  2⤵
  PID:3148
- C:\Windows\System\eOcjHTb.exe
  C:\Windows\System\eOcjHTb.exe
  2⤵
  PID:3292
- C:\Windows\System\XuFkjAR.exe
  C:\Windows\System\XuFkjAR.exe
  2⤵
  PID:3408
- C:\Windows\System\DNnGOPw.exe
  C:\Windows\System\DNnGOPw.exe
  2⤵
  PID:3440
- C:\Windows\System\FcSbTFN.exe
  C:\Windows\System\FcSbTFN.exe
  2⤵
  PID:3448
- C:\Windows\System\CVzglgJ.exe
  C:\Windows\System\CVzglgJ.exe
  2⤵
  PID:3472
- C:\Windows\System\AMnaobV.exe
  C:\Windows\System\AMnaobV.exe
  2⤵
  PID:3576
- C:\Windows\System\oMcebgY.exe
  C:\Windows\System\oMcebgY.exe
  2⤵
  PID:3692
- C:\Windows\System\slKlrmC.exe
  C:\Windows\System\slKlrmC.exe
  2⤵
  PID:3644
- C:\Windows\System\mIaGTRu.exe
  C:\Windows\System\mIaGTRu.exe
  2⤵
  PID:3628
- C:\Windows\System\jrVsFOQ.exe
  C:\Windows\System\jrVsFOQ.exe
  2⤵
  PID:3928
- C:\Windows\System\mQKeCkm.exe
  C:\Windows\System\mQKeCkm.exe
  2⤵
  PID:3908
- C:\Windows\System\bFkPtyh.exe
  C:\Windows\System\bFkPtyh.exe
  2⤵
  PID:3964
- C:\Windows\System\yTcOUKM.exe
  C:\Windows\System\yTcOUKM.exe
  2⤵
  PID:3912
- C:\Windows\System\iYaadPO.exe
  C:\Windows\System\iYaadPO.exe
  2⤵
  PID:3988
- C:\Windows\System\CLAadES.exe
  C:\Windows\System\CLAadES.exe
  2⤵
  PID:3992
- C:\Windows\System\shGewzJ.exe
  C:\Windows\System\shGewzJ.exe
  2⤵
  PID:2836
- C:\Windows\System\ZnRfwvQ.exe
  C:\Windows\System\ZnRfwvQ.exe
  2⤵
  PID:3124
- C:\Windows\System\dxTNebB.exe
  C:\Windows\System\dxTNebB.exe
  2⤵
  PID:3172
- C:\Windows\System\SlsCxDo.exe
  C:\Windows\System\SlsCxDo.exe
  2⤵
  PID:3304
- C:\Windows\System\hjpFImZ.exe
  C:\Windows\System\hjpFImZ.exe
  2⤵
  PID:3468
- C:\Windows\System\RVVhdtX.exe
  C:\Windows\System\RVVhdtX.exe
  2⤵
  PID:3412
- C:\Windows\System\ltEZvtg.exe
  C:\Windows\System\ltEZvtg.exe
  2⤵
  PID:3512
- C:\Windows\System\RPVtPJI.exe
  C:\Windows\System\RPVtPJI.exe
  2⤵
  PID:3632
- C:\Windows\System\UQqvZWg.exe
  C:\Windows\System\UQqvZWg.exe
  2⤵
  PID:3616
- C:\Windows\System\uXBmDei.exe
  C:\Windows\System\uXBmDei.exe
  2⤵
  PID:3804
- C:\Windows\System\FGGrQjb.exe
  C:\Windows\System\FGGrQjb.exe
  2⤵
  PID:3952
- C:\Windows\System\uCdnEhp.exe
  C:\Windows\System\uCdnEhp.exe
  2⤵
  PID:3788
- C:\Windows\System\ScYoRHm.exe
  C:\Windows\System\ScYoRHm.exe
  2⤵
  PID:3748
- C:\Windows\System\CbbQckJ.exe
  C:\Windows\System\CbbQckJ.exe
  2⤵
  PID:3128
- C:\Windows\System\QcCTsFJ.exe
  C:\Windows\System\QcCTsFJ.exe
  2⤵
  PID:2656
- C:\Windows\System\BRHzlKE.exe
  C:\Windows\System\BRHzlKE.exe
  2⤵
  PID:3220
- C:\Windows\System\cNPsfLs.exe
  C:\Windows\System\cNPsfLs.exe
  2⤵
  PID:4104
- C:\Windows\System\eoaXlrk.exe
  C:\Windows\System\eoaXlrk.exe
  2⤵
  PID:4124
- C:\Windows\System\KYdZLHP.exe
  C:\Windows\System\KYdZLHP.exe
  2⤵
  PID:4140
- C:\Windows\System\lbkLyVn.exe
  C:\Windows\System\lbkLyVn.exe
  2⤵
  PID:4160
- C:\Windows\System\OMIVWzM.exe
  C:\Windows\System\OMIVWzM.exe
  2⤵
  PID:4180
- C:\Windows\System\gcIQKTn.exe
  C:\Windows\System\gcIQKTn.exe
  2⤵
  PID:4200
- C:\Windows\System\kCyXUxD.exe
  C:\Windows\System\kCyXUxD.exe
  2⤵
  PID:4220
- C:\Windows\System\lqxuXDZ.exe
  C:\Windows\System\lqxuXDZ.exe
  2⤵
  PID:4244
- C:\Windows\System\QReZkco.exe
  C:\Windows\System\QReZkco.exe
  2⤵
  PID:4260
- C:\Windows\System\yOGNlGt.exe
  C:\Windows\System\yOGNlGt.exe
  2⤵
  PID:4292
- C:\Windows\System\UdQwAUT.exe
  C:\Windows\System\UdQwAUT.exe
  2⤵
  PID:4308
- C:\Windows\System\RpTOPaw.exe
  C:\Windows\System\RpTOPaw.exe
  2⤵
  PID:4328
- C:\Windows\System\Yppsiqt.exe
  C:\Windows\System\Yppsiqt.exe
  2⤵
  PID:4352
- C:\Windows\System\PkJtcbl.exe
  C:\Windows\System\PkJtcbl.exe
  2⤵
  PID:4372
- C:\Windows\System\YpaRcHp.exe
  C:\Windows\System\YpaRcHp.exe
  2⤵
  PID:4388
- C:\Windows\System\eskfNBJ.exe
  C:\Windows\System\eskfNBJ.exe
  2⤵
  PID:4408
- C:\Windows\System\MXoTEMp.exe
  C:\Windows\System\MXoTEMp.exe
  2⤵
  PID:4428
- C:\Windows\System\tIQnJlX.exe
  C:\Windows\System\tIQnJlX.exe
  2⤵
  PID:4448
- C:\Windows\System\sIDeNZA.exe
  C:\Windows\System\sIDeNZA.exe
  2⤵
  PID:4468
- C:\Windows\System\phLueWJ.exe
  C:\Windows\System\phLueWJ.exe
  2⤵
  PID:4488
- C:\Windows\System\jBcEIAi.exe
  C:\Windows\System\jBcEIAi.exe
  2⤵
  PID:4512
- C:\Windows\System\biOLdSO.exe
  C:\Windows\System\biOLdSO.exe
  2⤵
  PID:4532
- C:\Windows\System\HSrRKXg.exe
  C:\Windows\System\HSrRKXg.exe
  2⤵
  PID:4552
- C:\Windows\System\dwxXjxa.exe
  C:\Windows\System\dwxXjxa.exe
  2⤵
  PID:4572
- C:\Windows\System\wJTxIAr.exe
  C:\Windows\System\wJTxIAr.exe
  2⤵
  PID:4592
- C:\Windows\System\nbAVdDB.exe
  C:\Windows\System\nbAVdDB.exe
  2⤵
  PID:4612
- C:\Windows\System\kpvrdwd.exe
  C:\Windows\System\kpvrdwd.exe
  2⤵
  PID:4628
- C:\Windows\System\qrIEqWH.exe
  C:\Windows\System\qrIEqWH.exe
  2⤵
  PID:4652
- C:\Windows\System\uwLVEpN.exe
  C:\Windows\System\uwLVEpN.exe
  2⤵
  PID:4668
- C:\Windows\System\GYQWbMy.exe
  C:\Windows\System\GYQWbMy.exe
  2⤵
  PID:4692
- C:\Windows\System\VVSyFcp.exe
  C:\Windows\System\VVSyFcp.exe
  2⤵
  PID:4708
- C:\Windows\System\sBZuzsy.exe
  C:\Windows\System\sBZuzsy.exe
  2⤵
  PID:4728
- C:\Windows\System\mpJctol.exe
  C:\Windows\System\mpJctol.exe
  2⤵
  PID:4748
- C:\Windows\System\tkaToiE.exe
  C:\Windows\System\tkaToiE.exe
  2⤵
  PID:4768
- C:\Windows\System\JrRlhMd.exe
  C:\Windows\System\JrRlhMd.exe
  2⤵
  PID:4788
- C:\Windows\System\tuuPvKw.exe
  C:\Windows\System\tuuPvKw.exe
  2⤵
  PID:4808
- C:\Windows\System\XiVGQDU.exe
  C:\Windows\System\XiVGQDU.exe
  2⤵
  PID:4828
- C:\Windows\System\LzDTRgZ.exe
  C:\Windows\System\LzDTRgZ.exe
  2⤵
  PID:4852
- C:\Windows\System\xNgeXPb.exe
  C:\Windows\System\xNgeXPb.exe
  2⤵
  PID:4872
- C:\Windows\System\HKpqvxA.exe
  C:\Windows\System\HKpqvxA.exe
  2⤵
  PID:4892
- C:\Windows\System\MAhajue.exe
  C:\Windows\System\MAhajue.exe
  2⤵
  PID:4912
- C:\Windows\System\QobqXEb.exe
  C:\Windows\System\QobqXEb.exe
  2⤵
  PID:4932
- C:\Windows\System\ccauGIr.exe
  C:\Windows\System\ccauGIr.exe
  2⤵
  PID:4952
- C:\Windows\System\YUJhiUq.exe
  C:\Windows\System\YUJhiUq.exe
  2⤵
  PID:4976
- C:\Windows\System\TfySMxb.exe
  C:\Windows\System\TfySMxb.exe
  2⤵
  PID:4996
- C:\Windows\System\RYsNypm.exe
  C:\Windows\System\RYsNypm.exe
  2⤵
  PID:5016
- C:\Windows\System\fVwVdgK.exe
  C:\Windows\System\fVwVdgK.exe
  2⤵
  PID:5032
- C:\Windows\System\ogpZDGM.exe
  C:\Windows\System\ogpZDGM.exe
  2⤵
  PID:5052
- C:\Windows\System\GBeDYKX.exe
  C:\Windows\System\GBeDYKX.exe
  2⤵
  PID:5072
- C:\Windows\System\CeoJSbI.exe
  C:\Windows\System\CeoJSbI.exe
  2⤵
  PID:5092
- C:\Windows\System\eLhEOQS.exe
  C:\Windows\System\eLhEOQS.exe
  2⤵
  PID:5112
- C:\Windows\System\LjMfEVg.exe
  C:\Windows\System\LjMfEVg.exe
  2⤵
  PID:3736
- C:\Windows\System\ZsNcJTK.exe
  C:\Windows\System\ZsNcJTK.exe
  2⤵
  PID:3484
- C:\Windows\System\UGOlCtH.exe
  C:\Windows\System\UGOlCtH.exe
  2⤵
  PID:1192
- C:\Windows\System\BxkxKUr.exe
  C:\Windows\System\BxkxKUr.exe
  2⤵
  PID:3612
- C:\Windows\System\qdPOhCw.exe
  C:\Windows\System\qdPOhCw.exe
  2⤵
  PID:4116
- C:\Windows\System\hDEiUXh.exe
  C:\Windows\System\hDEiUXh.exe
  2⤵
  PID:4044
- C:\Windows\System\dnFgqBx.exe
  C:\Windows\System\dnFgqBx.exe
  2⤵
  PID:3984
- C:\Windows\System\FPUeuNp.exe
  C:\Windows\System\FPUeuNp.exe
  2⤵
  PID:2276
- C:\Windows\System\IcPiDgu.exe
  C:\Windows\System\IcPiDgu.exe
  2⤵
  PID:4228
- C:\Windows\System\ZRjQNWE.exe
  C:\Windows\System\ZRjQNWE.exe
  2⤵
  PID:4172
- C:\Windows\System\TPLHitp.exe
  C:\Windows\System\TPLHitp.exe
  2⤵
  PID:4276
- C:\Windows\System\ZHOBSJA.exe
  C:\Windows\System\ZHOBSJA.exe
  2⤵
  PID:4212
- C:\Windows\System\jbyAyti.exe
  C:\Windows\System\jbyAyti.exe
  2⤵
  PID:4324
- C:\Windows\System\kiAnYod.exe
  C:\Windows\System\kiAnYod.exe
  2⤵
  PID:2648
- C:\Windows\System\gHYmOfp.exe
  C:\Windows\System\gHYmOfp.exe
  2⤵
  PID:4340
- C:\Windows\System\hcHZPXC.exe
  C:\Windows\System\hcHZPXC.exe
  2⤵
  PID:4400
- C:\Windows\System\TGoxdoQ.exe
  C:\Windows\System\TGoxdoQ.exe
  2⤵
  PID:2588
- C:\Windows\System\yupqKhe.exe
  C:\Windows\System\yupqKhe.exe
  2⤵
  PID:4476
- C:\Windows\System\AzAnWCo.exe
  C:\Windows\System\AzAnWCo.exe
  2⤵
  PID:4520
- C:\Windows\System\jPnqfVt.exe
  C:\Windows\System\jPnqfVt.exe
  2⤵
  PID:4508
- C:\Windows\System\jOGOYje.exe
  C:\Windows\System\jOGOYje.exe
  2⤵
  PID:4540
- C:\Windows\System\wmmPUPp.exe
  C:\Windows\System\wmmPUPp.exe
  2⤵
  PID:4604
- C:\Windows\System\VkwWOMt.exe
  C:\Windows\System\VkwWOMt.exe
  2⤵
  PID:4584
- C:\Windows\System\hPmSmAD.exe
  C:\Windows\System\hPmSmAD.exe
  2⤵
  PID:4680
- C:\Windows\System\GRAznUh.exe
  C:\Windows\System\GRAznUh.exe
  2⤵
  PID:4724
- C:\Windows\System\HAvbJDV.exe
  C:\Windows\System\HAvbJDV.exe
  2⤵
  PID:4756
- C:\Windows\System\Lxzvgmu.exe
  C:\Windows\System\Lxzvgmu.exe
  2⤵
  PID:4796
- C:\Windows\System\PAlxdsX.exe
  C:\Windows\System\PAlxdsX.exe
  2⤵
  PID:4744
- C:\Windows\System\RcLsrHW.exe
  C:\Windows\System\RcLsrHW.exe
  2⤵
  PID:4844
- C:\Windows\System\dvgPcBM.exe
  C:\Windows\System\dvgPcBM.exe
  2⤵
  PID:4816
- C:\Windows\System\VwmsDmr.exe
  C:\Windows\System\VwmsDmr.exe
  2⤵
  PID:3064
- C:\Windows\System\bBrIQPM.exe
  C:\Windows\System\bBrIQPM.exe
  2⤵
  PID:4868
- C:\Windows\System\eZUoeXr.exe
  C:\Windows\System\eZUoeXr.exe
  2⤵
  PID:4908
- C:\Windows\System\RaStgZK.exe
  C:\Windows\System\RaStgZK.exe
  2⤵
  PID:4940
- C:\Windows\System\WRuPzML.exe
  C:\Windows\System\WRuPzML.exe
  2⤵
  PID:5012
- C:\Windows\System\TqWYvfX.exe
  C:\Windows\System\TqWYvfX.exe
  2⤵
  PID:4988
- C:\Windows\System\KTDABBD.exe
  C:\Windows\System\KTDABBD.exe
  2⤵
  PID:5088
- C:\Windows\System\ZvWtRwn.exe
  C:\Windows\System\ZvWtRwn.exe
  2⤵
  PID:5068
- C:\Windows\System\jlFHruW.exe
  C:\Windows\System\jlFHruW.exe
  2⤵
  PID:5104
- C:\Windows\System\cTaKAcM.exe
  C:\Windows\System\cTaKAcM.exe
  2⤵
  PID:2844
- C:\Windows\System\AqBGtDA.exe
  C:\Windows\System\AqBGtDA.exe
  2⤵
  PID:4068
- C:\Windows\System\obapMns.exe
  C:\Windows\System\obapMns.exe
  2⤵
  PID:4112
- C:\Windows\System\YElbzZV.exe
  C:\Windows\System\YElbzZV.exe
  2⤵
  PID:4156
- C:\Windows\System\DWrlkEb.exe
  C:\Windows\System\DWrlkEb.exe
  2⤵
  PID:4192
- C:\Windows\System\LumZvsU.exe
  C:\Windows\System\LumZvsU.exe
  2⤵
  PID:1672
- C:\Windows\System\xmFmyGe.exe
  C:\Windows\System\xmFmyGe.exe
  2⤵
  PID:4176
- C:\Windows\System\xzDslzq.exe
  C:\Windows\System\xzDslzq.exe
  2⤵
  PID:4240
- C:\Windows\System\dzZnoIk.exe
  C:\Windows\System\dzZnoIk.exe
  2⤵
  PID:4396
- C:\Windows\System\snDqvHH.exe
  C:\Windows\System\snDqvHH.exe
  2⤵
  PID:4360
- C:\Windows\System\VgttzxN.exe
  C:\Windows\System\VgttzxN.exe
  2⤵
  PID:4440
- C:\Windows\System\GTPpddk.exe
  C:\Windows\System\GTPpddk.exe
  2⤵
  PID:4480
- C:\Windows\System\aGgEGkZ.exe
  C:\Windows\System\aGgEGkZ.exe
  2⤵
  PID:4560
- C:\Windows\System\RcamNPj.exe
  C:\Windows\System\RcamNPj.exe
  2⤵
  PID:4640
- C:\Windows\System\wziFRcK.exe
  C:\Windows\System\wziFRcK.exe
  2⤵
  PID:4464
- C:\Windows\System\MFxoaph.exe
  C:\Windows\System\MFxoaph.exe
  2⤵
  PID:4600
- C:\Windows\System\VPTbseU.exe
  C:\Windows\System\VPTbseU.exe
  2⤵
  PID:4700
- C:\Windows\System\wUulWTL.exe
  C:\Windows\System\wUulWTL.exe
  2⤵
  PID:4660
- C:\Windows\System\GTVZLlE.exe
  C:\Windows\System\GTVZLlE.exe
  2⤵
  PID:4888
- C:\Windows\System\wBLtkfR.exe
  C:\Windows\System\wBLtkfR.exe
  2⤵
  PID:4900
- C:\Windows\System\CSZpQwJ.exe
  C:\Windows\System\CSZpQwJ.exe
  2⤵
  PID:4784
- C:\Windows\System\lcCczpA.exe
  C:\Windows\System\lcCczpA.exe
  2⤵
  PID:4948
- C:\Windows\System\ZNlFAAC.exe
  C:\Windows\System\ZNlFAAC.exe
  2⤵
  PID:1692
- C:\Windows\System\EyBBXyF.exe
  C:\Windows\System\EyBBXyF.exe
  2⤵
  PID:2736
- C:\Windows\System\fbPUnFV.exe
  C:\Windows\System\fbPUnFV.exe
  2⤵
  PID:2268
- C:\Windows\System\ifzNOdP.exe
  C:\Windows\System\ifzNOdP.exe
  2⤵
  PID:5100
- C:\Windows\System\wIsTEYC.exe
  C:\Windows\System\wIsTEYC.exe
  2⤵
  PID:2848
- C:\Windows\System\uqPlMmV.exe
  C:\Windows\System\uqPlMmV.exe
  2⤵
  PID:3892
- C:\Windows\System\neqvzlK.exe
  C:\Windows\System\neqvzlK.exe
  2⤵
  PID:3168
- C:\Windows\System\XSNTHwv.exe
  C:\Windows\System\XSNTHwv.exe
  2⤵
  PID:4280
- C:\Windows\System\LTdyqGz.exe
  C:\Windows\System\LTdyqGz.exe
  2⤵
  PID:4152
- C:\Windows\System\GHgDpCY.exe
  C:\Windows\System\GHgDpCY.exe
  2⤵
  PID:4288
- C:\Windows\System\QGbZSbG.exe
  C:\Windows\System\QGbZSbG.exe
  2⤵
  PID:4348
- C:\Windows\System\knqvaDQ.exe
  C:\Windows\System\knqvaDQ.exe
  2⤵
  PID:4420
- C:\Windows\System\DRmDthJ.exe
  C:\Windows\System\DRmDthJ.exe
  2⤵
  PID:4380
- C:\Windows\System\jOfGgMv.exe
  C:\Windows\System\jOfGgMv.exe
  2⤵
  PID:2584
- C:\Windows\System\jyEMjwQ.exe
  C:\Windows\System\jyEMjwQ.exe
  2⤵
  PID:4676
- C:\Windows\System\YjBlotn.exe
  C:\Windows\System\YjBlotn.exe
  2⤵
  PID:4800
- C:\Windows\System\VgvYZTX.exe
  C:\Windows\System\VgvYZTX.exe
  2⤵
  PID:4736
- C:\Windows\System\eOHyedz.exe
  C:\Windows\System\eOHyedz.exe
  2⤵
  PID:4960
- C:\Windows\System\TUxYZgf.exe
  C:\Windows\System\TUxYZgf.exe
  2⤵
  PID:4924
- C:\Windows\System\bprpuNR.exe
  C:\Windows\System\bprpuNR.exe
  2⤵
  PID:2752
- C:\Windows\System\hvHLLby.exe
  C:\Windows\System\hvHLLby.exe
  2⤵
  PID:5008
- C:\Windows\System\LcAVfhY.exe
  C:\Windows\System\LcAVfhY.exe
  2⤵
  PID:4964
- C:\Windows\System\XdyvZUv.exe
  C:\Windows\System\XdyvZUv.exe
  2⤵
  PID:4196
- C:\Windows\System\wEDSiza.exe
  C:\Windows\System\wEDSiza.exe
  2⤵
  PID:2804
- C:\Windows\System\RAUjklL.exe
  C:\Windows\System\RAUjklL.exe
  2⤵
  PID:3536
- C:\Windows\System\tPIFrQU.exe
  C:\Windows\System\tPIFrQU.exe
  2⤵
  PID:3852
- C:\Windows\System\BofDNVZ.exe
  C:\Windows\System\BofDNVZ.exe
  2⤵
  PID:4580
- C:\Windows\System\ABMevsF.exe
  C:\Windows\System\ABMevsF.exe
  2⤵
  PID:4384
- C:\Windows\System\yKCKxpP.exe
  C:\Windows\System\yKCKxpP.exe
  2⤵
  PID:4608
- C:\Windows\System\zANwpRZ.exe
  C:\Windows\System\zANwpRZ.exe
  2⤵
  PID:4824
- C:\Windows\System\yjnyyjF.exe
  C:\Windows\System\yjnyyjF.exe
  2⤵
  PID:4840
- C:\Windows\System\IrvptXC.exe
  C:\Windows\System\IrvptXC.exe
  2⤵
  PID:5060
- C:\Windows\System\GsJkgfC.exe
  C:\Windows\System\GsJkgfC.exe
  2⤵
  PID:2344
- C:\Windows\System\mEOzEyY.exe
  C:\Windows\System\mEOzEyY.exe
  2⤵
  PID:5064
- C:\Windows\System\JZjRcYG.exe
  C:\Windows\System\JZjRcYG.exe
  2⤵
  PID:1796
- C:\Windows\System\VTojGHc.exe
  C:\Windows\System\VTojGHc.exe
  2⤵
  PID:3844
- C:\Windows\System\Wxjyhjp.exe
  C:\Windows\System\Wxjyhjp.exe
  2⤵
  PID:1324
- C:\Windows\System\IyoGtHe.exe
  C:\Windows\System\IyoGtHe.exe
  2⤵
  PID:5028
- C:\Windows\System\fjoZoqK.exe
  C:\Windows\System\fjoZoqK.exe
  2⤵
  PID:4760
- C:\Windows\System\HdFgENH.exe
  C:\Windows\System\HdFgENH.exe
  2⤵
  PID:1300
- C:\Windows\System\zVkSEij.exe
  C:\Windows\System\zVkSEij.exe
  2⤵
  PID:4780
- C:\Windows\System\MoFzvbX.exe
  C:\Windows\System\MoFzvbX.exe
  2⤵
  PID:5140
- C:\Windows\System\bzEsEhu.exe
  C:\Windows\System\bzEsEhu.exe
  2⤵
  PID:5156
- C:\Windows\System\CZbhnfN.exe
  C:\Windows\System\CZbhnfN.exe
  2⤵
  PID:5180
- C:\Windows\System\BhxsFdC.exe
  C:\Windows\System\BhxsFdC.exe
  2⤵
  PID:5196
- C:\Windows\System\qSnIpMT.exe
  C:\Windows\System\qSnIpMT.exe
  2⤵
  PID:5216
- C:\Windows\System\hPeZfyd.exe
  C:\Windows\System\hPeZfyd.exe
  2⤵
  PID:5236
- C:\Windows\System\JWvIcsA.exe
  C:\Windows\System\JWvIcsA.exe
  2⤵
  PID:5256
- C:\Windows\System\NAvBKTA.exe
  C:\Windows\System\NAvBKTA.exe
  2⤵
  PID:5276
- C:\Windows\System\OulLdOA.exe
  C:\Windows\System\OulLdOA.exe
  2⤵
  PID:5304
- C:\Windows\System\FONEABY.exe
  C:\Windows\System\FONEABY.exe
  2⤵
  PID:5320
- C:\Windows\System\oFzCnMH.exe
  C:\Windows\System\oFzCnMH.exe
  2⤵
  PID:5340
- C:\Windows\System\NcwUqQQ.exe
  C:\Windows\System\NcwUqQQ.exe
  2⤵
  PID:5360
- C:\Windows\System\BGbXjed.exe
  C:\Windows\System\BGbXjed.exe
  2⤵
  PID:5384
- C:\Windows\System\xIjTXBv.exe
  C:\Windows\System\xIjTXBv.exe
  2⤵
  PID:5400
- C:\Windows\System\CfLBPig.exe
  C:\Windows\System\CfLBPig.exe
  2⤵
  PID:5420
- C:\Windows\System\aMhOyxe.exe
  C:\Windows\System\aMhOyxe.exe
  2⤵
  PID:5440
- C:\Windows\System\UKePRZi.exe
  C:\Windows\System\UKePRZi.exe
  2⤵
  PID:5460
- C:\Windows\System\tpFNQNn.exe
  C:\Windows\System\tpFNQNn.exe
  2⤵
  PID:5476
- C:\Windows\System\UkUTRUv.exe
  C:\Windows\System\UkUTRUv.exe
  2⤵
  PID:5496
- C:\Windows\System\MLnvXtI.exe
  C:\Windows\System\MLnvXtI.exe
  2⤵
  PID:5512
- C:\Windows\System\VgjcgrP.exe
  C:\Windows\System\VgjcgrP.exe
  2⤵
  PID:5532
- C:\Windows\System\GbrXbSN.exe
  C:\Windows\System\GbrXbSN.exe
  2⤵
  PID:5560
- C:\Windows\System\BCQXYIX.exe
  C:\Windows\System\BCQXYIX.exe
  2⤵
  PID:5580
- C:\Windows\System\ZWJNjUh.exe
  C:\Windows\System\ZWJNjUh.exe
  2⤵
  PID:5596
- C:\Windows\System\gOcaEjx.exe
  C:\Windows\System\gOcaEjx.exe
  2⤵
  PID:5620
- C:\Windows\System\mHJbaku.exe
  C:\Windows\System\mHJbaku.exe
  2⤵
  PID:5640
- C:\Windows\System\xnQxEUn.exe
  C:\Windows\System\xnQxEUn.exe
  2⤵
  PID:5664
- C:\Windows\System\Gfomcif.exe
  C:\Windows\System\Gfomcif.exe
  2⤵
  PID:5680
- C:\Windows\System\LYUATQW.exe
  C:\Windows\System\LYUATQW.exe
  2⤵
  PID:5700
- C:\Windows\System\iiHjPFZ.exe
  C:\Windows\System\iiHjPFZ.exe
  2⤵
  PID:5720
- C:\Windows\System\aFrLXHv.exe
  C:\Windows\System\aFrLXHv.exe
  2⤵
  PID:5740
- C:\Windows\System\CfPArEt.exe
  C:\Windows\System\CfPArEt.exe
  2⤵
  PID:5756
- C:\Windows\System\rlQMrLU.exe
  C:\Windows\System\rlQMrLU.exe
  2⤵
  PID:5780
- C:\Windows\System\zfdbjKg.exe
  C:\Windows\System\zfdbjKg.exe
  2⤵
  PID:5796
- C:\Windows\System\BbHFgMJ.exe
  C:\Windows\System\BbHFgMJ.exe
  2⤵
  PID:5812
- C:\Windows\System\AEqzHOn.exe
  C:\Windows\System\AEqzHOn.exe
  2⤵
  PID:5828
- C:\Windows\System\awrNIWE.exe
  C:\Windows\System\awrNIWE.exe
  2⤵
  PID:5856
- C:\Windows\System\uKkpXpI.exe
  C:\Windows\System\uKkpXpI.exe
  2⤵
  PID:5872
- C:\Windows\System\kvpRbpS.exe
  C:\Windows\System\kvpRbpS.exe
  2⤵
  PID:5892
- C:\Windows\System\wOISJRJ.exe
  C:\Windows\System\wOISJRJ.exe
  2⤵
  PID:5928
- C:\Windows\System\WpdoZWQ.exe
  C:\Windows\System\WpdoZWQ.exe
  2⤵
  PID:5948
- C:\Windows\System\YFPTrtH.exe
  C:\Windows\System\YFPTrtH.exe
  2⤵
  PID:5964
- C:\Windows\System\UlDObEH.exe
  C:\Windows\System\UlDObEH.exe
  2⤵
  PID:5980
- C:\Windows\System\buJLFXU.exe
  C:\Windows\System\buJLFXU.exe
  2⤵
  PID:5996
- C:\Windows\System\JYUnJoa.exe
  C:\Windows\System\JYUnJoa.exe
  2⤵
  PID:6012
- C:\Windows\System\oHPZCCh.exe
  C:\Windows\System\oHPZCCh.exe
  2⤵
  PID:6028
- C:\Windows\System\lNsZdEY.exe
  C:\Windows\System\lNsZdEY.exe
  2⤵
  PID:6044
- C:\Windows\System\YfsljRm.exe
  C:\Windows\System\YfsljRm.exe
  2⤵
  PID:6060
- C:\Windows\System\iCatXLT.exe
  C:\Windows\System\iCatXLT.exe
  2⤵
  PID:6084
- C:\Windows\System\YzckxCt.exe
  C:\Windows\System\YzckxCt.exe
  2⤵
  PID:6128
- C:\Windows\System\jiurSPJ.exe
  C:\Windows\System\jiurSPJ.exe
  2⤵
  PID:4624
- C:\Windows\System\LawsaMz.exe
  C:\Windows\System\LawsaMz.exe
  2⤵
  PID:3696
- C:\Windows\System\aqPVEJW.exe
  C:\Windows\System\aqPVEJW.exe
  2⤵
  PID:5136
- C:\Windows\System\PryYKJb.exe
  C:\Windows\System\PryYKJb.exe
  2⤵
  PID:5176
- C:\Windows\System\NBOhlyX.exe
  C:\Windows\System\NBOhlyX.exe
  2⤵
  PID:5212
- C:\Windows\System\xhsTrFJ.exe
  C:\Windows\System\xhsTrFJ.exe
  2⤵
  PID:4944
- C:\Windows\System\ndMDoFd.exe
  C:\Windows\System\ndMDoFd.exe
  2⤵
  PID:5244
- C:\Windows\System\uMwyVzK.exe
  C:\Windows\System\uMwyVzK.exe
  2⤵
  PID:2720
- C:\Windows\System\StmjoBC.exe
  C:\Windows\System\StmjoBC.exe
  2⤵
  PID:5288
- C:\Windows\System\ujRaMtd.exe
  C:\Windows\System\ujRaMtd.exe
  2⤵
  PID:5152
- C:\Windows\System\dyRRJrI.exe
  C:\Windows\System\dyRRJrI.exe
  2⤵
  PID:5264
- C:\Windows\System\ccIEUvx.exe
  C:\Windows\System\ccIEUvx.exe
  2⤵
  PID:5368
- C:\Windows\System\SiHwduI.exe
  C:\Windows\System\SiHwduI.exe
  2⤵
  PID:5448
- C:\Windows\System\nfvtrXj.exe
  C:\Windows\System\nfvtrXj.exe
  2⤵
  PID:5492
- C:\Windows\System\XsqlPKd.exe
  C:\Windows\System\XsqlPKd.exe
  2⤵
  PID:2716
- C:\Windows\System\JWeSmyO.exe
  C:\Windows\System\JWeSmyO.exe
  2⤵
  PID:5396
- C:\Windows\System\eFHuRNv.exe
  C:\Windows\System\eFHuRNv.exe
  2⤵
  PID:5468
- C:\Windows\System\mJdXTXt.exe
  C:\Windows\System\mJdXTXt.exe
  2⤵
  PID:5508
- C:\Windows\System\CLhhPbu.exe
  C:\Windows\System\CLhhPbu.exe
  2⤵
  PID:5552
- C:\Windows\System\Zqjfoan.exe
  C:\Windows\System\Zqjfoan.exe
  2⤵
  PID:2696
- C:\Windows\System\zxFKmhK.exe
  C:\Windows\System\zxFKmhK.exe
  2⤵
  PID:2580
- C:\Windows\System\iGfbRmK.exe
  C:\Windows\System\iGfbRmK.exe
  2⤵
  PID:2800
- C:\Windows\System\cCagzlh.exe
  C:\Windows\System\cCagzlh.exe
  2⤵
  PID:5544
- C:\Windows\System\EnddOLP.exe
  C:\Windows\System\EnddOLP.exe
  2⤵
  PID:5576
- C:\Windows\System\RrAkJbm.exe
  C:\Windows\System\RrAkJbm.exe
  2⤵
  PID:1956
- C:\Windows\System\RqEGzHN.exe
  C:\Windows\System\RqEGzHN.exe
  2⤵
  PID:5632
- C:\Windows\System\irblCEA.exe
  C:\Windows\System\irblCEA.exe
  2⤵
  PID:5672
- C:\Windows\System\MKbQosN.exe
  C:\Windows\System\MKbQosN.exe
  2⤵
  PID:5676
- C:\Windows\System\aeMwrBD.exe
  C:\Windows\System\aeMwrBD.exe
  2⤵
  PID:5712
- C:\Windows\System\lUGUHhm.exe
  C:\Windows\System\lUGUHhm.exe
  2⤵
  PID:5736
- C:\Windows\System\GICwKjc.exe
  C:\Windows\System\GICwKjc.exe
  2⤵
  PID:5768
- C:\Windows\System\kCiahQQ.exe
  C:\Windows\System\kCiahQQ.exe
  2⤵
  PID:5848
- C:\Windows\System\GhJywgY.exe
  C:\Windows\System\GhJywgY.exe
  2⤵
  PID:5884
- C:\Windows\System\REZldOp.exe
  C:\Windows\System\REZldOp.exe
  2⤵
  PID:5752
- C:\Windows\System\xxHKtbT.exe
  C:\Windows\System\xxHKtbT.exe
  2⤵
  PID:5864
- C:\Windows\System\fuAmIHd.exe
  C:\Windows\System\fuAmIHd.exe
  2⤵
  PID:5908
- C:\Windows\System\ATNlyYL.exe
  C:\Windows\System\ATNlyYL.exe
  2⤵
  PID:5940
- C:\Windows\System\mMsjebU.exe
  C:\Windows\System\mMsjebU.exe
  2⤵
  PID:5976
- C:\Windows\System\YXphHPK.exe
  C:\Windows\System\YXphHPK.exe
  2⤵
  PID:6036
- C:\Windows\System\hwfFFyt.exe
  C:\Windows\System\hwfFFyt.exe
  2⤵
  PID:6072
- C:\Windows\System\ijrmYqO.exe
  C:\Windows\System\ijrmYqO.exe
  2⤵
  PID:5992
- C:\Windows\System\MoMQlJn.exe
  C:\Windows\System\MoMQlJn.exe
  2⤵
  PID:6092
- C:\Windows\System\wddrXiM.exe
  C:\Windows\System\wddrXiM.exe
  2⤵
  PID:6112
- C:\Windows\System\iEKYrcg.exe
  C:\Windows\System\iEKYrcg.exe
  2⤵
  PID:2356
- C:\Windows\System\dHhfIiK.exe
  C:\Windows\System\dHhfIiK.exe
  2⤵
  PID:6140
- C:\Windows\System\GYsswUk.exe
  C:\Windows\System\GYsswUk.exe
  2⤵
  PID:4252
- C:\Windows\System\ejHStez.exe
  C:\Windows\System\ejHStez.exe
  2⤵
  PID:4620
- C:\Windows\System\JkAxdud.exe
  C:\Windows\System\JkAxdud.exe
  2⤵
  PID:2400
- C:\Windows\System\fPrtVPa.exe
  C:\Windows\System\fPrtVPa.exe
  2⤵
  PID:5232
- C:\Windows\System\cetWaas.exe
  C:\Windows\System\cetWaas.exe
  2⤵
  PID:5224
- C:\Windows\System\IQTkFaS.exe
  C:\Windows\System\IQTkFaS.exe
  2⤵
  PID:5300
- C:\Windows\System\viSICZg.exe
  C:\Windows\System\viSICZg.exe
  2⤵
  PID:5380
- C:\Windows\System\acEpMXb.exe
  C:\Windows\System\acEpMXb.exe
  2⤵
  PID:5528
- C:\Windows\System\HJTLQSv.exe
  C:\Windows\System\HJTLQSv.exe
  2⤵
  PID:5416
- C:\Windows\System\ehkrrWK.exe
  C:\Windows\System\ehkrrWK.exe
  2⤵
  PID:5432
- C:\Windows\System\YmOxznl.exe
  C:\Windows\System\YmOxznl.exe
  2⤵
  PID:1660
- C:\Windows\System\OeSxMeZ.exe
  C:\Windows\System\OeSxMeZ.exe
  2⤵
  PID:5504
- C:\Windows\System\scGAQCE.exe
  C:\Windows\System\scGAQCE.exe
  2⤵
  PID:5608
- C:\Windows\System\PPoFpQO.exe
  C:\Windows\System\PPoFpQO.exe
  2⤵
  PID:2020
- C:\Windows\System\KOegKOU.exe
  C:\Windows\System\KOegKOU.exe
  2⤵
  PID:5652
- C:\Windows\System\UpJXtJk.exe
  C:\Windows\System\UpJXtJk.exe
  2⤵
  PID:5572
- C:\Windows\System\LquMhEo.exe
  C:\Windows\System\LquMhEo.exe
  2⤵
  PID:5648
- C:\Windows\System\wiGfCZv.exe
  C:\Windows\System\wiGfCZv.exe
  2⤵
  PID:5776
- C:\Windows\System\XFqxWoE.exe
  C:\Windows\System\XFqxWoE.exe
  2⤵
  PID:5844
- C:\Windows\System\oTaBvgW.exe
  C:\Windows\System\oTaBvgW.exe
  2⤵
  PID:2644
- C:\Windows\System\IZfisbR.exe
  C:\Windows\System\IZfisbR.exe
  2⤵
  PID:6008
- C:\Windows\System\zbFpLdl.exe
  C:\Windows\System\zbFpLdl.exe
  2⤵
  PID:5988
- C:\Windows\System\YzwsNmp.exe
  C:\Windows\System\YzwsNmp.exe
  2⤵
  PID:4216
- C:\Windows\System\udqJhXf.exe
  C:\Windows\System\udqJhXf.exe
  2⤵
  PID:5820
- C:\Windows\System\dTqAUVA.exe
  C:\Windows\System\dTqAUVA.exe
  2⤵
  PID:2136
- C:\Windows\System\yeNYnaS.exe
  C:\Windows\System\yeNYnaS.exe
  2⤵
  PID:4444
- C:\Windows\System\ulIGvmg.exe
  C:\Windows\System\ulIGvmg.exe
  2⤵
  PID:5204
- C:\Windows\System\LouBWuc.exe
  C:\Windows\System\LouBWuc.exe
  2⤵
  PID:5124
- C:\Windows\System\dEHSzcM.exe
  C:\Windows\System\dEHSzcM.exe
  2⤵
  PID:840
- C:\Windows\System\hQWERTv.exe
  C:\Windows\System\hQWERTv.exe
  2⤵
  PID:5484
- C:\Windows\System\zGZcYzQ.exe
  C:\Windows\System\zGZcYzQ.exe
  2⤵
  PID:4268
- C:\Windows\System\cdJEqgk.exe
  C:\Windows\System\cdJEqgk.exe
  2⤵
  PID:5284
- C:\Windows\System\ojtWxnf.exe
  C:\Windows\System\ojtWxnf.exe
  2⤵
  PID:5332
- C:\Windows\System\iEmUhJT.exe
  C:\Windows\System\iEmUhJT.exe
  2⤵
  PID:2788
- C:\Windows\System\WAVgsML.exe
  C:\Windows\System\WAVgsML.exe
  2⤵
  PID:5604
- C:\Windows\System\mqGBlqE.exe
  C:\Windows\System\mqGBlqE.exe
  2⤵
  PID:5656
- C:\Windows\System\NjcmbrP.exe
  C:\Windows\System\NjcmbrP.exe
  2⤵
  PID:5692
- C:\Windows\System\ebPpzCg.exe
  C:\Windows\System\ebPpzCg.exe
  2⤵
  PID:5772
- C:\Windows\System\qMKXJpN.exe
  C:\Windows\System\qMKXJpN.exe
  2⤵
  PID:6080
- C:\Windows\System\juWABWe.exe
  C:\Windows\System\juWABWe.exe
  2⤵
  PID:6024
- C:\Windows\System\UFNKIkc.exe
  C:\Windows\System\UFNKIkc.exe
  2⤵
  PID:5924
- C:\Windows\System\sLtyFCT.exe
  C:\Windows\System\sLtyFCT.exe
  2⤵
  PID:1432
- C:\Windows\System\iiFNQlo.exe
  C:\Windows\System\iiFNQlo.exe
  2⤵
  PID:6124
- C:\Windows\System\QOUobAC.exe
  C:\Windows\System\QOUobAC.exe
  2⤵
  PID:5172
- C:\Windows\System\wQIMBTl.exe
  C:\Windows\System\wQIMBTl.exe
  2⤵
  PID:5192
- C:\Windows\System\DXYHqud.exe
  C:\Windows\System\DXYHqud.exe
  2⤵
  PID:5348
- C:\Windows\System\hRpKguk.exe
  C:\Windows\System\hRpKguk.exe
  2⤵
  PID:2924
- C:\Windows\System\FfivABI.exe
  C:\Windows\System\FfivABI.exe
  2⤵
  PID:5588
- C:\Windows\System\Bupgvjy.exe
  C:\Windows\System\Bupgvjy.exe
  2⤵
  PID:5696
- C:\Windows\System\MujjbMp.exe
  C:\Windows\System\MujjbMp.exe
  2⤵
  PID:5764
- C:\Windows\System\SRAKSMk.exe
  C:\Windows\System\SRAKSMk.exe
  2⤵
  PID:5788
- C:\Windows\System\NnRcRnc.exe
  C:\Windows\System\NnRcRnc.exe
  2⤵
  PID:1028
- C:\Windows\System\hwIioTY.exe
  C:\Windows\System\hwIioTY.exe
  2⤵
  PID:2556
- C:\Windows\System\BZLtCsF.exe
  C:\Windows\System\BZLtCsF.exe
  2⤵
  PID:1768
- C:\Windows\System\qcvTZDp.exe
  C:\Windows\System\qcvTZDp.exe
  2⤵
  PID:6076
- C:\Windows\System\qLzDalG.exe
  C:\Windows\System\qLzDalG.exe
  2⤵
  PID:2028
- C:\Windows\System\tmAWfwv.exe
  C:\Windows\System\tmAWfwv.exe
  2⤵
  PID:6056
- C:\Windows\System\mlkxWOX.exe
  C:\Windows\System\mlkxWOX.exe
  2⤵
  PID:6152
- C:\Windows\System\yZqsWan.exe
  C:\Windows\System\yZqsWan.exe
  2⤵
  PID:6180
- C:\Windows\System\EYYRjeS.exe
  C:\Windows\System\EYYRjeS.exe
  2⤵
  PID:6200
- C:\Windows\System\AkHyTIB.exe
  C:\Windows\System\AkHyTIB.exe
  2⤵
  PID:6216
- C:\Windows\System\fhjtQQx.exe
  C:\Windows\System\fhjtQQx.exe
  2⤵
  PID:6232
- C:\Windows\System\LajTOJE.exe
  C:\Windows\System\LajTOJE.exe
  2⤵
  PID:6248
- C:\Windows\System\fUvKnOW.exe
  C:\Windows\System\fUvKnOW.exe
  2⤵
  PID:6268
- C:\Windows\System\AKbpvke.exe
  C:\Windows\System\AKbpvke.exe
  2⤵
  PID:6292
- C:\Windows\System\OhYGBDb.exe
  C:\Windows\System\OhYGBDb.exe
  2⤵
  PID:6308
- C:\Windows\System\qzuaIuM.exe
  C:\Windows\System\qzuaIuM.exe
  2⤵
  PID:6324
- C:\Windows\System\qElyZaQ.exe
  C:\Windows\System\qElyZaQ.exe
  2⤵
  PID:6364
- C:\Windows\System\TtlQacr.exe
  C:\Windows\System\TtlQacr.exe
  2⤵
  PID:6380
- C:\Windows\System\NvPWnxn.exe
  C:\Windows\System\NvPWnxn.exe
  2⤵
  PID:6396
- C:\Windows\System\UPrsxvQ.exe
  C:\Windows\System\UPrsxvQ.exe
  2⤵
  PID:6412
- C:\Windows\System\FRkNNYG.exe
  C:\Windows\System\FRkNNYG.exe
  2⤵
  PID:6440
- C:\Windows\System\EQYEmVV.exe
  C:\Windows\System\EQYEmVV.exe
  2⤵
  PID:6460
- C:\Windows\System\EyKQNUY.exe
  C:\Windows\System\EyKQNUY.exe
  2⤵
  PID:6480
- C:\Windows\System\YJIgcVB.exe
  C:\Windows\System\YJIgcVB.exe
  2⤵
  PID:6496
- C:\Windows\System\xPWFDnb.exe
  C:\Windows\System\xPWFDnb.exe
  2⤵
  PID:6512
- C:\Windows\System\oRgzVjr.exe
  C:\Windows\System\oRgzVjr.exe
  2⤵
  PID:6532
- C:\Windows\System\bwtCZdU.exe
  C:\Windows\System\bwtCZdU.exe
  2⤵
  PID:6548
- C:\Windows\System\ClEmylO.exe
  C:\Windows\System\ClEmylO.exe
  2⤵
  PID:6564
- C:\Windows\System\TzaerPG.exe
  C:\Windows\System\TzaerPG.exe
  2⤵
  PID:6596
- C:\Windows\System\INmBzSi.exe
  C:\Windows\System\INmBzSi.exe
  2⤵
  PID:6612
- C:\Windows\System\DPYmopT.exe
  C:\Windows\System\DPYmopT.exe
  2⤵
  PID:6632
- C:\Windows\System\dmslZyA.exe
  C:\Windows\System\dmslZyA.exe
  2⤵
  PID:6648
- C:\Windows\System\hdodMsK.exe
  C:\Windows\System\hdodMsK.exe
  2⤵
  PID:6688
- C:\Windows\System\sPVPQOe.exe
  C:\Windows\System\sPVPQOe.exe
  2⤵
  PID:6704
- C:\Windows\System\IvnljTK.exe
  C:\Windows\System\IvnljTK.exe
  2⤵
  PID:6724
- C:\Windows\System\HNAqXRj.exe
  C:\Windows\System\HNAqXRj.exe
  2⤵
  PID:6740
- C:\Windows\System\GctNTro.exe
  C:\Windows\System\GctNTro.exe
  2⤵
  PID:6760
- C:\Windows\System\KeiChQL.exe
  C:\Windows\System\KeiChQL.exe
  2⤵
  PID:6780
- C:\Windows\System\vEbQZmH.exe
  C:\Windows\System\vEbQZmH.exe
  2⤵
  PID:6800
- C:\Windows\System\dcUeSmR.exe
  C:\Windows\System\dcUeSmR.exe
  2⤵
  PID:6816
- C:\Windows\System\hXBlbJW.exe
  C:\Windows\System\hXBlbJW.exe
  2⤵
  PID:6844
- C:\Windows\System\HPhCcUB.exe
  C:\Windows\System\HPhCcUB.exe
  2⤵
  PID:6860
- C:\Windows\System\cxPqnEF.exe
  C:\Windows\System\cxPqnEF.exe
  2⤵
  PID:6880
- C:\Windows\System\epVKWiw.exe
  C:\Windows\System\epVKWiw.exe
  2⤵
  PID:6896
- C:\Windows\System\WDAfVOB.exe
  C:\Windows\System\WDAfVOB.exe
  2⤵
  PID:6920
- C:\Windows\System\OvRQmKg.exe
  C:\Windows\System\OvRQmKg.exe
  2⤵
  PID:6940
- C:\Windows\System\jtIhvKw.exe
  C:\Windows\System\jtIhvKw.exe
  2⤵
  PID:6968
- C:\Windows\System\LMYNwzD.exe
  C:\Windows\System\LMYNwzD.exe
  2⤵
  PID:6984
- C:\Windows\System\IffBRGq.exe
  C:\Windows\System\IffBRGq.exe
  2⤵
  PID:7008
- C:\Windows\System\gQcUbeH.exe
  C:\Windows\System\gQcUbeH.exe
  2⤵
  PID:7024
- C:\Windows\System\NtVhAnc.exe
  C:\Windows\System\NtVhAnc.exe
  2⤵
  PID:7040
- C:\Windows\System\oYEMZnn.exe
  C:\Windows\System\oYEMZnn.exe
  2⤵
  PID:7056
- C:\Windows\System\bRQJppM.exe
  C:\Windows\System\bRQJppM.exe
  2⤵
  PID:7084
- C:\Windows\System\bhhaCQu.exe
  C:\Windows\System\bhhaCQu.exe
  2⤵
  PID:7100
- C:\Windows\System\wkWGiVV.exe
  C:\Windows\System\wkWGiVV.exe
  2⤵
  PID:7116
- C:\Windows\System\rtKhYcz.exe
  C:\Windows\System\rtKhYcz.exe
  2⤵
  PID:7132
- C:\Windows\System\ExZdLcm.exe
  C:\Windows\System\ExZdLcm.exe
  2⤵
  PID:7148
- C:\Windows\System\OvkRsAW.exe
  C:\Windows\System\OvkRsAW.exe
  2⤵
  PID:2964
- C:\Windows\System\nOsoPFo.exe
  C:\Windows\System\nOsoPFo.exe
  2⤵
  PID:5336
- C:\Windows\System\bBpaziS.exe
  C:\Windows\System\bBpaziS.exe
  2⤵
  PID:2552
- C:\Windows\System\nHfpOBz.exe
  C:\Windows\System\nHfpOBz.exe
  2⤵
  PID:5688
- C:\Windows\System\qgGaWIv.exe
  C:\Windows\System\qgGaWIv.exe
  2⤵
  PID:5520
- C:\Windows\System\cJCfuTr.exe
  C:\Windows\System\cJCfuTr.exe
  2⤵
  PID:6168
- C:\Windows\System\HfqORxp.exe
  C:\Windows\System\HfqORxp.exe
  2⤵
  PID:6228
- C:\Windows\System\dWGKhMN.exe
  C:\Windows\System\dWGKhMN.exe
  2⤵
  PID:6264
- C:\Windows\System\VPzsoNK.exe
  C:\Windows\System\VPzsoNK.exe
  2⤵
  PID:6336
- C:\Windows\System\bgwOdlK.exe
  C:\Windows\System\bgwOdlK.exe
  2⤵
  PID:6344
- C:\Windows\System\ZwMKQGq.exe
  C:\Windows\System\ZwMKQGq.exe
  2⤵
  PID:6340
- C:\Windows\System\QdJEmCb.exe
  C:\Windows\System\QdJEmCb.exe
  2⤵
  PID:6408
- C:\Windows\System\MtXbngG.exe
  C:\Windows\System\MtXbngG.exe
  2⤵
  PID:6424
- C:\Windows\System\VrZIgnw.exe
  C:\Windows\System\VrZIgnw.exe
  2⤵
  PID:6452
- C:\Windows\System\LoUWoGy.exe
  C:\Windows\System\LoUWoGy.exe
  2⤵
  PID:6476
- C:\Windows\System\PmzuudG.exe
  C:\Windows\System\PmzuudG.exe
  2⤵
  PID:6576
- C:\Windows\System\kqTTWsB.exe
  C:\Windows\System\kqTTWsB.exe
  2⤵
  PID:6520
- C:\Windows\System\WzQDfvM.exe
  C:\Windows\System\WzQDfvM.exe
  2⤵
  PID:6560
- C:\Windows\System\NdGMkpn.exe
  C:\Windows\System\NdGMkpn.exe
  2⤵
  PID:6624
- C:\Windows\System\svGNKLN.exe
  C:\Windows\System\svGNKLN.exe
  2⤵
  PID:6668
- C:\Windows\System\usPouVk.exe
  C:\Windows\System\usPouVk.exe
  2⤵
  PID:6608
- C:\Windows\System\TczQIgv.exe
  C:\Windows\System\TczQIgv.exe
  2⤵
  PID:6720
- C:\Windows\System\FIFTsXd.exe
  C:\Windows\System\FIFTsXd.exe
  2⤵
  PID:6736
- C:\Windows\System\bmINAfe.exe
  C:\Windows\System\bmINAfe.exe
  2⤵
  PID:6796
- C:\Windows\System\hkpGjeI.exe
  C:\Windows\System\hkpGjeI.exe
  2⤵
  PID:6768
- C:\Windows\System\lgTAfyO.exe
  C:\Windows\System\lgTAfyO.exe
  2⤵
  PID:6808
- C:\Windows\System\rltWCcJ.exe
  C:\Windows\System\rltWCcJ.exe
  2⤵
  PID:536
- C:\Windows\System\WbzEAXw.exe
  C:\Windows\System\WbzEAXw.exe
  2⤵
  PID:6852
- C:\Windows\System\OMcIHvn.exe
  C:\Windows\System\OMcIHvn.exe
  2⤵
  PID:2220
- C:\Windows\System\zUyXBFO.exe
  C:\Windows\System\zUyXBFO.exe
  2⤵
  PID:6892
- C:\Windows\System\KKflOZr.exe
  C:\Windows\System\KKflOZr.exe
  2⤵
  PID:6872
- C:\Windows\System\VBtbRzl.exe
  C:\Windows\System\VBtbRzl.exe
  2⤵
  PID:6916
- C:\Windows\System\QgaLmsf.exe
  C:\Windows\System\QgaLmsf.exe
  2⤵
  PID:6956
- C:\Windows\System\nwBXHmd.exe
  C:\Windows\System\nwBXHmd.exe
  2⤵
  PID:6976
- C:\Windows\System\ixXRobZ.exe
  C:\Windows\System\ixXRobZ.exe
  2⤵
  PID:7000
- C:\Windows\System\VEUUhWH.exe
  C:\Windows\System\VEUUhWH.exe
  2⤵
  PID:7036
- C:\Windows\System\pGZnnKR.exe
  C:\Windows\System\pGZnnKR.exe
  2⤵
  PID:7080
- C:\Windows\System\AgRHRUv.exe
  C:\Windows\System\AgRHRUv.exe
  2⤵
  PID:7052
- C:\Windows\System\FhuZAxL.exe
  C:\Windows\System\FhuZAxL.exe
  2⤵
  PID:7128
- C:\Windows\System\wIVzkbD.exe
  C:\Windows\System\wIVzkbD.exe
  2⤵
  PID:7140
- C:\Windows\System\zzIoYjQ.exe
  C:\Windows\System\zzIoYjQ.exe
  2⤵
  PID:7160
- C:\Windows\System\JFtRBcp.exe
  C:\Windows\System\JFtRBcp.exe
  2⤵
  PID:6148
- C:\Windows\System\TeeqQyp.exe
  C:\Windows\System\TeeqQyp.exe
  2⤵
  PID:6176
- C:\Windows\System\luhUuZo.exe
  C:\Windows\System\luhUuZo.exe
  2⤵
  PID:6316
- C:\Windows\System\sBICVVr.exe
  C:\Windows\System\sBICVVr.exe
  2⤵
  PID:6288
- C:\Windows\System\grfhSAw.exe
  C:\Windows\System\grfhSAw.exe
  2⤵
  PID:6224
- C:\Windows\System\czFanqP.exe
  C:\Windows\System\czFanqP.exe
  2⤵
  PID:6832
- C:\Windows\System\ZXlnnQE.exe
  C:\Windows\System\ZXlnnQE.exe
  2⤵
  PID:6680
- C:\Windows\System\EdnVGIw.exe
  C:\Windows\System\EdnVGIw.exe
  2⤵
  PID:6492
- C:\Windows\System\KddcOup.exe
  C:\Windows\System\KddcOup.exe
  2⤵
  PID:6656
- C:\Windows\System\rkvpbPb.exe
  C:\Windows\System\rkvpbPb.exe
  2⤵
  PID:6716
- C:\Windows\System\asWeNBN.exe
  C:\Windows\System\asWeNBN.exe
  2⤵
  PID:6756
- C:\Windows\System\lfPvKbQ.exe
  C:\Windows\System\lfPvKbQ.exe
  2⤵
  PID:6776
- C:\Windows\System\YLAbUJy.exe
  C:\Windows\System\YLAbUJy.exe
  2⤵
  PID:7076
- C:\Windows\System\WTrqtiZ.exe
  C:\Windows\System\WTrqtiZ.exe
  2⤵
  PID:7016
- C:\Windows\System\TVKbXsw.exe
  C:\Windows\System\TVKbXsw.exe
  2⤵
  PID:7112
- C:\Windows\System\yosOhHx.exe
  C:\Windows\System\yosOhHx.exe
  2⤵
  PID:6260
- C:\Windows\System\LpstNsB.exe
  C:\Windows\System\LpstNsB.exe
  2⤵
  PID:6332
- C:\Windows\System\PcnjYTx.exe
  C:\Windows\System\PcnjYTx.exe
  2⤵
  PID:7124
- C:\Windows\System\FjWKejh.exe
  C:\Windows\System\FjWKejh.exe
  2⤵
  PID:1972
- C:\Windows\System\LxYRKDN.exe
  C:\Windows\System\LxYRKDN.exe
  2⤵
  PID:1644
- C:\Windows\System\aqVjaPr.exe
  C:\Windows\System\aqVjaPr.exe
  2⤵
  PID:6948
- C:\Windows\System\fqTVYfE.exe
  C:\Windows\System\fqTVYfE.exe
  2⤵
  PID:6448
- C:\Windows\System\oyNAHne.exe
  C:\Windows\System\oyNAHne.exe
  2⤵
  PID:6644
- C:\Windows\System\naAHYpq.exe
  C:\Windows\System\naAHYpq.exe
  2⤵
  PID:2196
- C:\Windows\System\SLhlNNx.exe
  C:\Windows\System\SLhlNNx.exe
  2⤵
  PID:6700
- C:\Windows\System\yVAQNhN.exe
  C:\Windows\System\yVAQNhN.exe
  2⤵
  PID:6660
- C:\Windows\System\ddtzpyV.exe
  C:\Windows\System\ddtzpyV.exe
  2⤵
  PID:6792
- C:\Windows\System\BHmBUIv.exe
  C:\Windows\System\BHmBUIv.exe
  2⤵
  PID:6992
- C:\Windows\System\hZYlxSx.exe
  C:\Windows\System\hZYlxSx.exe
  2⤵
  PID:6912
- C:\Windows\System\josCFqx.exe
  C:\Windows\System\josCFqx.exe
  2⤵
  PID:2792
- C:\Windows\System\uFBDlkO.exe
  C:\Windows\System\uFBDlkO.exe
  2⤵
  PID:5840
- C:\Windows\System\ghOkVcJ.exe
  C:\Windows\System\ghOkVcJ.exe
  2⤵
  PID:6952
- C:\Windows\System\lZQQarM.exe
  C:\Windows\System\lZQQarM.exe
  2⤵
  PID:6588
- C:\Windows\System\BMDiXzy.exe
  C:\Windows\System\BMDiXzy.exe
  2⤵
  PID:6404
- C:\Windows\System\YKWhsEm.exe
  C:\Windows\System\YKWhsEm.exe
  2⤵
  PID:1152
- C:\Windows\System\pBMmfzF.exe
  C:\Windows\System\pBMmfzF.exe
  2⤵
  PID:6828
- C:\Windows\System\gmBYNLB.exe
  C:\Windows\System\gmBYNLB.exe
  2⤵
  PID:6888
- C:\Windows\System\DFHHrGM.exe
  C:\Windows\System\DFHHrGM.exe
  2⤵
  PID:6356
- C:\Windows\System\fQlcsqC.exe
  C:\Windows\System\fQlcsqC.exe
  2⤵
  PID:6352
- C:\Windows\System\rrYMHMf.exe
  C:\Windows\System\rrYMHMf.exe
  2⤵
  PID:5164
- C:\Windows\System\YsGhCHw.exe
  C:\Windows\System\YsGhCHw.exe
  2⤵
  PID:6556
- C:\Windows\System\plfuFIH.exe
  C:\Windows\System\plfuFIH.exe
  2⤵
  PID:2128
- C:\Windows\System\IdAUGka.exe
  C:\Windows\System\IdAUGka.exe
  2⤵
  PID:5428
- C:\Windows\System\qjyZHBr.exe
  C:\Windows\System\qjyZHBr.exe
  2⤵
  PID:6840
- C:\Windows\System\eAsnTGH.exe
  C:\Windows\System\eAsnTGH.exe
  2⤵
  PID:6996
- C:\Windows\System\dgUwSgU.exe
  C:\Windows\System\dgUwSgU.exe
  2⤵
  PID:7176
- C:\Windows\System\MsmGPmA.exe
  C:\Windows\System\MsmGPmA.exe
  2⤵
  PID:7196
- C:\Windows\System\jppoJZX.exe
  C:\Windows\System\jppoJZX.exe
  2⤵
  PID:7216
- C:\Windows\System\xgvVrHb.exe
  C:\Windows\System\xgvVrHb.exe
  2⤵
  PID:7240
- C:\Windows\System\ePGmrUp.exe
  C:\Windows\System\ePGmrUp.exe
  2⤵
  PID:7264
- C:\Windows\System\KhPbkiP.exe
  C:\Windows\System\KhPbkiP.exe
  2⤵
  PID:7288
- C:\Windows\System\ZJNZIjC.exe
  C:\Windows\System\ZJNZIjC.exe
  2⤵
  PID:7312
- C:\Windows\System\nCEbtEN.exe
  C:\Windows\System\nCEbtEN.exe
  2⤵
  PID:7328
- C:\Windows\System\oTlvSUr.exe
  C:\Windows\System\oTlvSUr.exe
  2⤵
  PID:7348
- C:\Windows\System\WYezPlv.exe
  C:\Windows\System\WYezPlv.exe
  2⤵
  PID:7368
- C:\Windows\System\CWJyRVi.exe
  C:\Windows\System\CWJyRVi.exe
  2⤵
  PID:7388
- C:\Windows\System\dnuYeYH.exe
  C:\Windows\System\dnuYeYH.exe
  2⤵
  PID:7404
- C:\Windows\System\ESptKvr.exe
  C:\Windows\System\ESptKvr.exe
  2⤵
  PID:7420
- C:\Windows\System\WsGplZB.exe
  C:\Windows\System\WsGplZB.exe
  2⤵
  PID:7436
- C:\Windows\System\YDNvXNH.exe
  C:\Windows\System\YDNvXNH.exe
  2⤵
  PID:7452
- C:\Windows\System\dCvyRZT.exe
  C:\Windows\System\dCvyRZT.exe
  2⤵
  PID:7468
- C:\Windows\System\NLoNJBX.exe
  C:\Windows\System\NLoNJBX.exe
  2⤵
  PID:7520
- C:\Windows\System\sHfGnkM.exe
  C:\Windows\System\sHfGnkM.exe
  2⤵
  PID:7540
- C:\Windows\System\eerhlQV.exe
  C:\Windows\System\eerhlQV.exe
  2⤵
  PID:7556
- C:\Windows\System\QWYgobr.exe
  C:\Windows\System\QWYgobr.exe
  2⤵
  PID:7572
- C:\Windows\System\QlmPJvo.exe
  C:\Windows\System\QlmPJvo.exe
  2⤵
  PID:7588
- C:\Windows\System\fWJDKHW.exe
  C:\Windows\System\fWJDKHW.exe
  2⤵
  PID:7612
- C:\Windows\System\ThkPpJW.exe
  C:\Windows\System\ThkPpJW.exe
  2⤵
  PID:7636
- C:\Windows\System\eeSwXVZ.exe
  C:\Windows\System\eeSwXVZ.exe
  2⤵
  PID:7652
- C:\Windows\System\tcGxoXY.exe
  C:\Windows\System\tcGxoXY.exe
  2⤵
  PID:7668
- C:\Windows\System\BwXuPQO.exe
  C:\Windows\System\BwXuPQO.exe
  2⤵
  PID:7684
- C:\Windows\System\AlZkNFx.exe
  C:\Windows\System\AlZkNFx.exe
  2⤵
  PID:7708
- C:\Windows\System\rnTNewr.exe
  C:\Windows\System\rnTNewr.exe
  2⤵
  PID:7724
- C:\Windows\System\xIYuUXP.exe
  C:\Windows\System\xIYuUXP.exe
  2⤵
  PID:7744
- C:\Windows\System\CfpImgT.exe
  C:\Windows\System\CfpImgT.exe
  2⤵
  PID:7780
- C:\Windows\System\NoXlOuZ.exe
  C:\Windows\System\NoXlOuZ.exe
  2⤵
  PID:7796
- C:\Windows\System\nhqLEDA.exe
  C:\Windows\System\nhqLEDA.exe
  2⤵
  PID:7812
- C:\Windows\System\dcqqzma.exe
  C:\Windows\System\dcqqzma.exe
  2⤵
  PID:7832
- C:\Windows\System\zHTeBZy.exe
  C:\Windows\System\zHTeBZy.exe
  2⤵
  PID:7848
- C:\Windows\System\DvsEowZ.exe
  C:\Windows\System\DvsEowZ.exe
  2⤵
  PID:7872
- C:\Windows\System\wpCssFd.exe
  C:\Windows\System\wpCssFd.exe
  2⤵
  PID:7888
- C:\Windows\System\MoJLSKE.exe
  C:\Windows\System\MoJLSKE.exe
  2⤵
  PID:7904
- C:\Windows\System\LYcnZfT.exe
  C:\Windows\System\LYcnZfT.exe
  2⤵
  PID:7920
- C:\Windows\System\lmcEOVL.exe
  C:\Windows\System\lmcEOVL.exe
  2⤵
  PID:7940
- C:\Windows\System\wkKKuUq.exe
  C:\Windows\System\wkKKuUq.exe
  2⤵
  PID:7964
- C:\Windows\System\qxnwacP.exe
  C:\Windows\System\qxnwacP.exe
  2⤵
  PID:7988
- C:\Windows\System\qXfAuNy.exe
  C:\Windows\System\qXfAuNy.exe
  2⤵
  PID:8012
- C:\Windows\System\LrUntPM.exe
  C:\Windows\System\LrUntPM.exe
  2⤵
  PID:8028
- C:\Windows\System\YPVBxNV.exe
  C:\Windows\System\YPVBxNV.exe
  2⤵
  PID:8052
- C:\Windows\System\SWdsPrM.exe
  C:\Windows\System\SWdsPrM.exe
  2⤵
  PID:8068
- C:\Windows\System\VGGElsI.exe
  C:\Windows\System\VGGElsI.exe
  2⤵
  PID:8084
- C:\Windows\System\ECTFtWM.exe
  C:\Windows\System\ECTFtWM.exe
  2⤵
  PID:8100
- C:\Windows\System\LlDpviX.exe
  C:\Windows\System\LlDpviX.exe
  2⤵
  PID:8144
- C:\Windows\System\rbKuDcS.exe
  C:\Windows\System\rbKuDcS.exe
  2⤵
  PID:8164
- C:\Windows\System\AgbkXab.exe
  C:\Windows\System\AgbkXab.exe
  2⤵
  PID:8180
- C:\Windows\System\VRBBrzD.exe
  C:\Windows\System\VRBBrzD.exe
  2⤵
  PID:6788
- C:\Windows\System\OZINjqx.exe
  C:\Windows\System\OZINjqx.exe
  2⤵
  PID:7224
- C:\Windows\System\TpYctOH.exe
  C:\Windows\System\TpYctOH.exe
  2⤵
  PID:6540
- C:\Windows\System\AeYWSXH.exe
  C:\Windows\System\AeYWSXH.exe
  2⤵
  PID:7212
- C:\Windows\System\PpfuCcl.exe
  C:\Windows\System\PpfuCcl.exe
  2⤵
  PID:7280
- C:\Windows\System\JuPVhZn.exe
  C:\Windows\System\JuPVhZn.exe
  2⤵
  PID:7284
- C:\Windows\System\SxCIfsU.exe
  C:\Windows\System\SxCIfsU.exe
  2⤵
  PID:7320
- C:\Windows\System\gHMEUWj.exe
  C:\Windows\System\gHMEUWj.exe
  2⤵
  PID:7304
- C:\Windows\System\FDYpQxf.exe
  C:\Windows\System\FDYpQxf.exe
  2⤵
  PID:7428
- C:\Windows\System\FMYSnYj.exe
  C:\Windows\System\FMYSnYj.exe
  2⤵
  PID:7376
- C:\Windows\System\VZiypFT.exe
  C:\Windows\System\VZiypFT.exe
  2⤵
  PID:1476
- C:\Windows\System\gSDeMuZ.exe
  C:\Windows\System\gSDeMuZ.exe
  2⤵
  PID:7500
- C:\Windows\System\WnwjAAC.exe
  C:\Windows\System\WnwjAAC.exe
  2⤵
  PID:7512
- C:\Windows\System\FZboxMv.exe
  C:\Windows\System\FZboxMv.exe
  2⤵
  PID:7532
- C:\Windows\System\vrnFsWR.exe
  C:\Windows\System\vrnFsWR.exe
  2⤵
  PID:7568
- C:\Windows\System\TniAAQO.exe
  C:\Windows\System\TniAAQO.exe
  2⤵
  PID:7608
- C:\Windows\System\LtFlBIo.exe
  C:\Windows\System\LtFlBIo.exe
  2⤵
  PID:7648
- C:\Windows\System\nbIudpG.exe
  C:\Windows\System\nbIudpG.exe
  2⤵
  PID:7680
- C:\Windows\System\HeRLvSS.exe
  C:\Windows\System\HeRLvSS.exe
  2⤵
  PID:7752
- C:\Windows\System\NdrWldl.exe
  C:\Windows\System\NdrWldl.exe
  2⤵
  PID:7696
- C:\Windows\System\tipLvGM.exe
  C:\Windows\System\tipLvGM.exe
  2⤵
  PID:7736
- C:\Windows\System\lxdZkOP.exe
  C:\Windows\System\lxdZkOP.exe
  2⤵
  PID:7692
- C:\Windows\System\pSAkKdZ.exe
  C:\Windows\System\pSAkKdZ.exe
  2⤵
  PID:7756
- C:\Windows\System\trRsnyV.exe
  C:\Windows\System\trRsnyV.exe
  2⤵
  PID:7792
- C:\Windows\System\wGLoYnL.exe
  C:\Windows\System\wGLoYnL.exe
  2⤵
  PID:7880
- C:\Windows\System\vYnEyTv.exe
  C:\Windows\System\vYnEyTv.exe
  2⤵
  PID:7952
- C:\Windows\System\SzQjriC.exe
  C:\Windows\System\SzQjriC.exe
  2⤵
  PID:8000
- C:\Windows\System\SODGqxu.exe
  C:\Windows\System\SODGqxu.exe
  2⤵
  PID:8036
- C:\Windows\System\gcwJlfi.exe
  C:\Windows\System\gcwJlfi.exe
  2⤵
  PID:7936
- C:\Windows\System\YNwOVRr.exe
  C:\Windows\System\YNwOVRr.exe
  2⤵
  PID:8116
- C:\Windows\System\IHeEfxG.exe
  C:\Windows\System\IHeEfxG.exe
  2⤵
  PID:7856
- C:\Windows\System\cTgHhkZ.exe
  C:\Windows\System\cTgHhkZ.exe
  2⤵
  PID:8092
- C:\Windows\System\vjyNQdU.exe
  C:\Windows\System\vjyNQdU.exe
  2⤵
  PID:8024
- C:\Windows\System\SlunnOG.exe
  C:\Windows\System\SlunnOG.exe
  2⤵
  PID:8124
- C:\Windows\System\CcUJwWC.exe
  C:\Windows\System\CcUJwWC.exe
  2⤵
  PID:7208
- C:\Windows\System\UJZlcuS.exe
  C:\Windows\System\UJZlcuS.exe
  2⤵
  PID:7256
- C:\Windows\System\rRimTEq.exe
  C:\Windows\System\rRimTEq.exe
  2⤵
  PID:7464
- C:\Windows\System\qyvUClu.exe
  C:\Windows\System\qyvUClu.exe
  2⤵
  PID:7324
- C:\Windows\System\KDfkPVT.exe
  C:\Windows\System\KDfkPVT.exe
  2⤵
  PID:7476
- C:\Windows\System\rBcCRcM.exe
  C:\Windows\System\rBcCRcM.exe
  2⤵
  PID:7300
- C:\Windows\System\AUUehaR.exe
  C:\Windows\System\AUUehaR.exe
  2⤵
  PID:7508
- C:\Windows\System\cUEzQrD.exe
  C:\Windows\System\cUEzQrD.exe
  2⤵
  PID:7628
- C:\Windows\System\UMSBvmj.exe
  C:\Windows\System\UMSBvmj.exe
  2⤵
  PID:7600
- C:\Windows\System\VhoCwJP.exe
  C:\Windows\System\VhoCwJP.exe
  2⤵
  PID:7664
- C:\Windows\System\GGFYsgS.exe
  C:\Windows\System\GGFYsgS.exe
  2⤵
  PID:7788
- C:\Windows\System\zcGhwIS.exe
  C:\Windows\System\zcGhwIS.exe
  2⤵
  PID:8004
- C:\Windows\System\TFpfmOg.exe
  C:\Windows\System\TFpfmOg.exe
  2⤵
  PID:7928
- C:\Windows\System\USGgKQY.exe
  C:\Windows\System\USGgKQY.exe
  2⤵
  PID:7496
- C:\Windows\System\joQBYKE.exe
  C:\Windows\System\joQBYKE.exe
  2⤵
  PID:7828
- C:\Windows\System\QvJXgXX.exe
  C:\Windows\System\QvJXgXX.exe
  2⤵
  PID:6964
- C:\Windows\System\JJhBoIy.exe
  C:\Windows\System\JJhBoIy.exe
  2⤵
  PID:7932
- C:\Windows\System\gASXczg.exe
  C:\Windows\System\gASXczg.exe
  2⤵
  PID:6488
- C:\Windows\System\MwvKxpt.exe
  C:\Windows\System\MwvKxpt.exe
  2⤵
  PID:8152
- C:\Windows\System\sTZPUzA.exe
  C:\Windows\System\sTZPUzA.exe
  2⤵
  PID:7824
- C:\Windows\System\JDgrtAY.exe
  C:\Windows\System\JDgrtAY.exe
  2⤵
  PID:7360
- C:\Windows\System\RUfXlVj.exe
  C:\Windows\System\RUfXlVj.exe
  2⤵
  PID:7380
- C:\Windows\System\qHxEbGz.exe
  C:\Windows\System\qHxEbGz.exe
  2⤵
  PID:7720
- C:\Windows\System\KGmZdiL.exe
  C:\Windows\System\KGmZdiL.exe
  2⤵
  PID:7764
- C:\Windows\System\Qsgxzvz.exe
  C:\Windows\System\Qsgxzvz.exe
  2⤵
  PID:7504
- C:\Windows\System\xZYxDiq.exe
  C:\Windows\System\xZYxDiq.exe
  2⤵
  PID:7536
- C:\Windows\System\lWfoRnl.exe
  C:\Windows\System\lWfoRnl.exe
  2⤵
  PID:7840
- C:\Windows\System\quhSIyF.exe
  C:\Windows\System\quhSIyF.exe
  2⤵
  PID:8108
- C:\Windows\System\lcgldzm.exe
  C:\Windows\System\lcgldzm.exe
  2⤵
  PID:8172
- C:\Windows\System\gVmANnw.exe
  C:\Windows\System\gVmANnw.exe
  2⤵
  PID:8160
- C:\Windows\System\OkIFyvz.exe
  C:\Windows\System\OkIFyvz.exe
  2⤵
  PID:8176
- C:\Windows\System\CQRqNRH.exe
  C:\Windows\System\CQRqNRH.exe
  2⤵
  PID:7364
- C:\Windows\System\mybDCJT.exe
  C:\Windows\System\mybDCJT.exe
  2⤵
  PID:8120
- C:\Windows\System\XwWCqqm.exe
  C:\Windows\System\XwWCqqm.exe
  2⤵
  PID:7444
- C:\Windows\System\GxcYEcw.exe
  C:\Windows\System\GxcYEcw.exe
  2⤵
  PID:7844
- C:\Windows\System\rumoEWE.exe
  C:\Windows\System\rumoEWE.exe
  2⤵
  PID:7188
- C:\Windows\System\hkJJgax.exe
  C:\Windows\System\hkJJgax.exe
  2⤵
  PID:8132
- C:\Windows\System\SrulQxP.exe
  C:\Windows\System\SrulQxP.exe
  2⤵
  PID:8112
- C:\Windows\System\ydUVzzi.exe
  C:\Windows\System\ydUVzzi.exe
  2⤵
  PID:7184
- C:\Windows\System\lSlzVpp.exe
  C:\Windows\System\lSlzVpp.exe
  2⤵
  PID:7400
- C:\Windows\System\zpvLolf.exe
  C:\Windows\System\zpvLolf.exe
  2⤵
  PID:7896
- C:\Windows\System\WVmMjoe.exe
  C:\Windows\System\WVmMjoe.exe
  2⤵
  PID:6528
- C:\Windows\System\AjLvUSt.exe
  C:\Windows\System\AjLvUSt.exe
  2⤵
  PID:7776
- C:\Windows\System\dWEntMr.exe
  C:\Windows\System\dWEntMr.exe
  2⤵
  PID:7460
- C:\Windows\System\gxaIwBN.exe
  C:\Windows\System\gxaIwBN.exe
  2⤵
  PID:7236
- C:\Windows\System\GyJMhFo.exe
  C:\Windows\System\GyJMhFo.exe
  2⤵
  PID:8200
- C:\Windows\System\TbJOVQE.exe
  C:\Windows\System\TbJOVQE.exe
  2⤵
  PID:8216
- C:\Windows\System\BIBzvUv.exe
  C:\Windows\System\BIBzvUv.exe
  2⤵
  PID:8232
- C:\Windows\System\VmpaGDW.exe
  C:\Windows\System\VmpaGDW.exe
  2⤵
  PID:8272
- C:\Windows\System\Acvozyk.exe
  C:\Windows\System\Acvozyk.exe
  2⤵
  PID:8288
- C:\Windows\System\GwXAOQT.exe
  C:\Windows\System\GwXAOQT.exe
  2⤵
  PID:8312
- C:\Windows\System\vELJyXh.exe
  C:\Windows\System\vELJyXh.exe
  2⤵
  PID:8328
- C:\Windows\System\BXHprSJ.exe
  C:\Windows\System\BXHprSJ.exe
  2⤵
  PID:8348
- C:\Windows\System\AOurrNn.exe
  C:\Windows\System\AOurrNn.exe
  2⤵
  PID:8368
- C:\Windows\System\Zlpixey.exe
  C:\Windows\System\Zlpixey.exe
  2⤵
  PID:8388
- C:\Windows\System\IkcsDuu.exe
  C:\Windows\System\IkcsDuu.exe
  2⤵
  PID:8404
- C:\Windows\System\SBGjnwF.exe
  C:\Windows\System\SBGjnwF.exe
  2⤵
  PID:8420
- C:\Windows\System\xDNLAal.exe
  C:\Windows\System\xDNLAal.exe
  2⤵
  PID:8440
- C:\Windows\System\RzVcjrB.exe
  C:\Windows\System\RzVcjrB.exe
  2⤵
  PID:8460
- C:\Windows\System\XYLcEkv.exe
  C:\Windows\System\XYLcEkv.exe
  2⤵
  PID:8480
- C:\Windows\System\qeInVOb.exe
  C:\Windows\System\qeInVOb.exe
  2⤵
  PID:8496
- C:\Windows\System\qYjhTCK.exe
  C:\Windows\System\qYjhTCK.exe
  2⤵
  PID:8512
- C:\Windows\System\vPaJUvl.exe
  C:\Windows\System\vPaJUvl.exe
  2⤵
  PID:8552
- C:\Windows\System\sPhdQlg.exe
  C:\Windows\System\sPhdQlg.exe
  2⤵
  PID:8576
- C:\Windows\System\Nkhuvbp.exe
  C:\Windows\System\Nkhuvbp.exe
  2⤵
  PID:8592
- C:\Windows\System\keRfmNN.exe
  C:\Windows\System\keRfmNN.exe
  2⤵
  PID:8608
- C:\Windows\System\dmKbANJ.exe
  C:\Windows\System\dmKbANJ.exe
  2⤵
  PID:8624
- C:\Windows\System\CXKKtIc.exe
  C:\Windows\System\CXKKtIc.exe
  2⤵
  PID:8644
- C:\Windows\System\GdwLzfo.exe
  C:\Windows\System\GdwLzfo.exe
  2⤵
  PID:8668
- C:\Windows\System\CrXRCqf.exe
  C:\Windows\System\CrXRCqf.exe
  2⤵
  PID:8684
- C:\Windows\System\WeaIuYK.exe
  C:\Windows\System\WeaIuYK.exe
  2⤵
  PID:8700
- C:\Windows\System\gfKLKWN.exe
  C:\Windows\System\gfKLKWN.exe
  2⤵
  PID:8716
- C:\Windows\System\ElOBGrr.exe
  C:\Windows\System\ElOBGrr.exe
  2⤵
  PID:8736
- C:\Windows\System\jObQPtu.exe
  C:\Windows\System\jObQPtu.exe
  2⤵
  PID:8760
- C:\Windows\System\MYthhtf.exe
  C:\Windows\System\MYthhtf.exe
  2⤵
  PID:8792
- C:\Windows\System\oPpgSEp.exe
  C:\Windows\System\oPpgSEp.exe
  2⤵
  PID:8808
- C:\Windows\System\QPYyGLk.exe
  C:\Windows\System\QPYyGLk.exe
  2⤵
  PID:8824
- C:\Windows\System\emnGmvy.exe
  C:\Windows\System\emnGmvy.exe
  2⤵
  PID:8844
- C:\Windows\System\KccitEE.exe
  C:\Windows\System\KccitEE.exe
  2⤵
  PID:8860
- C:\Windows\System\nXDlGaE.exe
  C:\Windows\System\nXDlGaE.exe
  2⤵
  PID:8880
- C:\Windows\System\AzXZocd.exe
  C:\Windows\System\AzXZocd.exe
  2⤵
  PID:8912
- C:\Windows\System\omgvtvH.exe
  C:\Windows\System\omgvtvH.exe
  2⤵
  PID:8928
- C:\Windows\System\nCQpoUQ.exe
  C:\Windows\System\nCQpoUQ.exe
  2⤵
  PID:8956
- C:\Windows\System\NruBRhT.exe
  C:\Windows\System\NruBRhT.exe
  2⤵
  PID:8976
- C:\Windows\System\KsxxdeU.exe
  C:\Windows\System\KsxxdeU.exe
  2⤵
  PID:8996
- C:\Windows\System\NemqCfX.exe
  C:\Windows\System\NemqCfX.exe
  2⤵
  PID:9020
- C:\Windows\System\sJlobZx.exe
  C:\Windows\System\sJlobZx.exe
  2⤵
  PID:9036
- C:\Windows\System\CbjlHgW.exe
  C:\Windows\System\CbjlHgW.exe
  2⤵
  PID:9052
- C:\Windows\System\uiJfDSS.exe
  C:\Windows\System\uiJfDSS.exe
  2⤵
  PID:9068
- C:\Windows\System\wAyGhtG.exe
  C:\Windows\System\wAyGhtG.exe
  2⤵
  PID:9088
- C:\Windows\System\yCNYgnq.exe
  C:\Windows\System\yCNYgnq.exe
  2⤵
  PID:9112
- C:\Windows\System\fgdJkgQ.exe
  C:\Windows\System\fgdJkgQ.exe
  2⤵
  PID:9128
- C:\Windows\System\LJSjAms.exe
  C:\Windows\System\LJSjAms.exe
  2⤵
  PID:9144
- C:\Windows\System\ABcRunl.exe
  C:\Windows\System\ABcRunl.exe
  2⤵
  PID:9160
- C:\Windows\System\OxPNevJ.exe
  C:\Windows\System\OxPNevJ.exe
  2⤵
  PID:9176
- C:\Windows\System\hBaGtlY.exe
  C:\Windows\System\hBaGtlY.exe
  2⤵
  PID:9208
- C:\Windows\System\VAtgKaE.exe
  C:\Windows\System\VAtgKaE.exe
  2⤵
  PID:8224
- C:\Windows\System\RFtqndf.exe
  C:\Windows\System\RFtqndf.exe
  2⤵
  PID:8208
- C:\Windows\System\azEAVTE.exe
  C:\Windows\System\azEAVTE.exe
  2⤵
  PID:8212
- C:\Windows\System\PDIxqCi.exe
  C:\Windows\System\PDIxqCi.exe
  2⤵
  PID:8284
- C:\Windows\System\WeEheIp.exe
  C:\Windows\System\WeEheIp.exe
  2⤵
  PID:8324
- C:\Windows\System\ebqtrKX.exe
  C:\Windows\System\ebqtrKX.exe
  2⤵
  PID:8344
- C:\Windows\System\uqxRexu.exe
  C:\Windows\System\uqxRexu.exe
  2⤵
  PID:8400
- C:\Windows\System\onLYzfo.exe
  C:\Windows\System\onLYzfo.exe
  2⤵
  PID:8384
- C:\Windows\System\xHnuSvP.exe
  C:\Windows\System\xHnuSvP.exe
  2⤵
  PID:8412
- C:\Windows\System\kjByGHF.exe
  C:\Windows\System\kjByGHF.exe
  2⤵
  PID:8532
- C:\Windows\System\zTApLKs.exe
  C:\Windows\System\zTApLKs.exe
  2⤵
  PID:8520
- C:\Windows\System\rrgHFnj.exe
  C:\Windows\System\rrgHFnj.exe
  2⤵
  PID:8584
- C:\Windows\System\JtKcgkW.exe
  C:\Windows\System\JtKcgkW.exe
  2⤵
  PID:8616
- C:\Windows\System\vmJuENu.exe
  C:\Windows\System\vmJuENu.exe
  2⤵
  PID:8676
- C:\Windows\System\ytlvPdp.exe
  C:\Windows\System\ytlvPdp.exe
  2⤵
  PID:8744
- C:\Windows\System\SIpvfny.exe
  C:\Windows\System\SIpvfny.exe
  2⤵
  PID:8652
- C:\Windows\System\cuszLbD.exe
  C:\Windows\System\cuszLbD.exe
  2⤵
  PID:8732
- C:\Windows\System\qVQZOLW.exe
  C:\Windows\System\qVQZOLW.exe
  2⤵
  PID:8788
- C:\Windows\System\QnyarYu.exe
  C:\Windows\System\QnyarYu.exe
  2⤵
  PID:8768
- C:\Windows\System\HgbSLSI.exe
  C:\Windows\System\HgbSLSI.exe
  2⤵
  PID:8572
- C:\Windows\System\wrehOwE.exe
  C:\Windows\System\wrehOwE.exe
  2⤵
  PID:8856
- C:\Windows\System\NjuEKDq.exe
  C:\Windows\System\NjuEKDq.exe
  2⤵
  PID:8892
- C:\Windows\System\FjYIbqn.exe
  C:\Windows\System\FjYIbqn.exe
  2⤵
  PID:8924
- C:\Windows\System\kLZXxif.exe
  C:\Windows\System\kLZXxif.exe
  2⤵
  PID:8952
- C:\Windows\System\zHGNOEU.exe
  C:\Windows\System\zHGNOEU.exe
  2⤵
  PID:9008
- C:\Windows\System\kjfADbl.exe
  C:\Windows\System\kjfADbl.exe
  2⤵
  PID:9044
- C:\Windows\System\TKYVoWc.exe
  C:\Windows\System\TKYVoWc.exe
  2⤵
  PID:9084
- C:\Windows\System\swMUNqH.exe
  C:\Windows\System\swMUNqH.exe
  2⤵
  PID:9196
- C:\Windows\System\EAGqpTu.exe
  C:\Windows\System\EAGqpTu.exe
  2⤵
  PID:9204
- C:\Windows\System\pJbtHzs.exe
  C:\Windows\System\pJbtHzs.exe
  2⤵
  PID:6732
- C:\Windows\System\bulZpms.exe
  C:\Windows\System\bulZpms.exe
  2⤵
  PID:9168
- C:\Windows\System\sTAvTBw.exe
  C:\Windows\System\sTAvTBw.exe
  2⤵
  PID:9108
- C:\Windows\System\CcDvtXY.exe
  C:\Windows\System\CcDvtXY.exe
  2⤵
  PID:7948
- C:\Windows\System\kGVpCNV.exe
  C:\Windows\System\kGVpCNV.exe
  2⤵
  PID:8468
- C:\Windows\System\cYpeFBF.exe
  C:\Windows\System\cYpeFBF.exe
  2⤵
  PID:8568
- C:\Windows\System\MIrNzIN.exe
  C:\Windows\System\MIrNzIN.exe
  2⤵
  PID:8308
- C:\Windows\System\FyNdTuD.exe
  C:\Windows\System\FyNdTuD.exe
  2⤵
  PID:8564
- C:\Windows\System\uyAdbuF.exe
  C:\Windows\System\uyAdbuF.exe
  2⤵
  PID:8488
- C:\Windows\System\QmBSYPu.exe
  C:\Windows\System\QmBSYPu.exe
  2⤵
  PID:8868
- C:\Windows\System\upAkRSd.exe
  C:\Windows\System\upAkRSd.exe
  2⤵
  PID:8804
- C:\Windows\System\CXNTEHn.exe
  C:\Windows\System\CXNTEHn.exe
  2⤵
  PID:8876
- C:\Windows\System\ElOOEnm.exe
  C:\Windows\System\ElOOEnm.exe
  2⤵
  PID:8940
- C:\Windows\System\gjAjChM.exe
  C:\Windows\System\gjAjChM.exe
  2⤵
  PID:8724
- C:\Windows\System\ardpTGD.exe
  C:\Windows\System\ardpTGD.exe
  2⤵
  PID:8728
- C:\Windows\System\kdDaXdj.exe
  C:\Windows\System\kdDaXdj.exe
  2⤵
  PID:8820
- C:\Windows\System\yfGXKzs.exe
  C:\Windows\System\yfGXKzs.exe
  2⤵
  PID:8780
- C:\Windows\System\ZyECPjn.exe
  C:\Windows\System\ZyECPjn.exe
  2⤵
  PID:9004
- C:\Windows\System\yTavEtS.exe
  C:\Windows\System\yTavEtS.exe
  2⤵
  PID:9192
- C:\Windows\System\zivSknE.exe
  C:\Windows\System\zivSknE.exe
  2⤵
  PID:8260
- C:\Windows\System\IXejKEY.exe
  C:\Windows\System\IXejKEY.exe
  2⤵
  PID:9096
- C:\Windows\System\QtbyBST.exe
  C:\Windows\System\QtbyBST.exe
  2⤵
  PID:9140
- C:\Windows\System\bvetGSR.exe
  C:\Windows\System\bvetGSR.exe
  2⤵
  PID:8600
- C:\Windows\System\PkareUl.exe
  C:\Windows\System\PkareUl.exe
  2⤵
  PID:8492
- C:\Windows\System\PpegGBw.exe
  C:\Windows\System\PpegGBw.exe
  2⤵
  PID:8636
- C:\Windows\System\eCeLDta.exe
  C:\Windows\System\eCeLDta.exe
  2⤵
  PID:8708
- C:\Windows\System\mrsYyiE.exe
  C:\Windows\System\mrsYyiE.exe
  2⤵
  PID:8888
- C:\Windows\System\eNEQFfd.exe
  C:\Windows\System\eNEQFfd.exe
  2⤵
  PID:8696
- C:\Windows\System\hEUStcA.exe
  C:\Windows\System\hEUStcA.exe
  2⤵
  PID:8988
- C:\Windows\System\JcRCrlr.exe
  C:\Windows\System\JcRCrlr.exe
  2⤵
  PID:9076
- C:\Windows\System\suDZTFO.exe
  C:\Windows\System\suDZTFO.exe
  2⤵
  PID:9032
- C:\Windows\System\QIMiJWM.exe
  C:\Windows\System\QIMiJWM.exe
  2⤵
  PID:8300
- C:\Windows\System\WTEQuSS.exe
  C:\Windows\System\WTEQuSS.exe
  2⤵
  PID:8356
- C:\Windows\System\pxfoMsd.exe
  C:\Windows\System\pxfoMsd.exe
  2⤵
  PID:8640
- C:\Windows\System\jRHeNCD.exe
  C:\Windows\System\jRHeNCD.exe
  2⤵
  PID:8920
- C:\Windows\System\qTUDGBJ.exe
  C:\Windows\System\qTUDGBJ.exe
  2⤵
  PID:8776
- C:\Windows\System\ConNVme.exe
  C:\Windows\System\ConNVme.exe
  2⤵
  PID:8772
- C:\Windows\System\Dhphxow.exe
  C:\Windows\System\Dhphxow.exe
  2⤵
  PID:8196
- C:\Windows\System\nlobosj.exe
  C:\Windows\System\nlobosj.exe
  2⤵
  PID:8396
- C:\Windows\System\OWTBujk.exe
  C:\Windows\System\OWTBujk.exe
  2⤵
  PID:8528
- C:\Windows\System\iYsZmqs.exe
  C:\Windows\System\iYsZmqs.exe
  2⤵
  PID:8904
- C:\Windows\System\xeBYLwt.exe
  C:\Windows\System\xeBYLwt.exe
  2⤵
  PID:7916
- C:\Windows\System\XaiEshl.exe
  C:\Windows\System\XaiEshl.exe
  2⤵
  PID:8748
- C:\Windows\System\tBgToVH.exe
  C:\Windows\System\tBgToVH.exe
  2⤵
  PID:8364
- C:\Windows\System\YLcvXnz.exe
  C:\Windows\System\YLcvXnz.exe
  2⤵
  PID:8380
- C:\Windows\System\vJYUKdX.exe
  C:\Windows\System\vJYUKdX.exe
  2⤵
  PID:9064
- C:\Windows\System\GKhtcEc.exe
  C:\Windows\System\GKhtcEc.exe
  2⤵
  PID:9028
- C:\Windows\System\kzNfucW.exe
  C:\Windows\System\kzNfucW.exe
  2⤵
  PID:9232
- C:\Windows\System\ZDfBzfA.exe
  C:\Windows\System\ZDfBzfA.exe
  2⤵
  PID:9260
- C:\Windows\System\kQOnBGZ.exe
  C:\Windows\System\kQOnBGZ.exe
  2⤵
  PID:9280
- C:\Windows\System\avCDcCf.exe
  C:\Windows\System\avCDcCf.exe
  2⤵
  PID:9296
- C:\Windows\System\ZPilxFU.exe
  C:\Windows\System\ZPilxFU.exe
  2⤵
  PID:9316
- C:\Windows\System\TJIDaAq.exe
  C:\Windows\System\TJIDaAq.exe
  2⤵
  PID:9332
- C:\Windows\System\gagJErk.exe
  C:\Windows\System\gagJErk.exe
  2⤵
  PID:9356
- C:\Windows\System\TxWlrwz.exe
  C:\Windows\System\TxWlrwz.exe
  2⤵
  PID:9376
- C:\Windows\System\imdVaWM.exe
  C:\Windows\System\imdVaWM.exe
  2⤵
  PID:9408
- C:\Windows\System\DMDuQsF.exe
  C:\Windows\System\DMDuQsF.exe
  2⤵
  PID:9428
- C:\Windows\System\MHrquOS.exe
  C:\Windows\System\MHrquOS.exe
  2⤵
  PID:9444
- C:\Windows\System\rAWeALi.exe
  C:\Windows\System\rAWeALi.exe
  2⤵
  PID:9468
- C:\Windows\System\heEEYvP.exe
  C:\Windows\System\heEEYvP.exe
  2⤵
  PID:9484
- C:\Windows\System\tlxwXRg.exe
  C:\Windows\System\tlxwXRg.exe
  2⤵
  PID:9500
- C:\Windows\System\DlZfsrH.exe
  C:\Windows\System\DlZfsrH.exe
  2⤵
  PID:9520
- C:\Windows\System\SkXxWGM.exe
  C:\Windows\System\SkXxWGM.exe
  2⤵
  PID:9544
- C:\Windows\System\gAJEnNb.exe
  C:\Windows\System\gAJEnNb.exe
  2⤵
  PID:9564
- C:\Windows\System\GvWDbrR.exe
  C:\Windows\System\GvWDbrR.exe
  2⤵
  PID:9580
- C:\Windows\System\WzAUXKt.exe
  C:\Windows\System\WzAUXKt.exe
  2⤵
  PID:9600
- C:\Windows\System\kPTRyat.exe
  C:\Windows\System\kPTRyat.exe
  2⤵
  PID:9616
- C:\Windows\System\nZYfiqn.exe
  C:\Windows\System\nZYfiqn.exe
  2⤵
  PID:9644
- C:\Windows\System\yRaWamD.exe
  C:\Windows\System\yRaWamD.exe
  2⤵
  PID:9668
- C:\Windows\System\rqtdMUd.exe
  C:\Windows\System\rqtdMUd.exe
  2⤵
  PID:9684
- C:\Windows\System\DeiXAUD.exe
  C:\Windows\System\DeiXAUD.exe
  2⤵
  PID:9708
- C:\Windows\System\XBizdFU.exe
  C:\Windows\System\XBizdFU.exe
  2⤵
  PID:9724
- C:\Windows\System\DdTmPmc.exe
  C:\Windows\System\DdTmPmc.exe
  2⤵
  PID:9744
- C:\Windows\System\hNfcYeX.exe
  C:\Windows\System\hNfcYeX.exe
  2⤵
  PID:9764
- C:\Windows\System\QGLwOrs.exe
  C:\Windows\System\QGLwOrs.exe
  2⤵
  PID:9784
- C:\Windows\System\IFxqRdH.exe
  C:\Windows\System\IFxqRdH.exe
  2⤵
  PID:9808
- C:\Windows\System\MDJvVpc.exe
  C:\Windows\System\MDJvVpc.exe
  2⤵
  PID:9824
- C:\Windows\System\hHkfqnd.exe
  C:\Windows\System\hHkfqnd.exe
  2⤵
  PID:9844
- C:\Windows\System\WkMsUWd.exe
  C:\Windows\System\WkMsUWd.exe
  2⤵
  PID:9860
- C:\Windows\System\jFHpmXT.exe
  C:\Windows\System\jFHpmXT.exe
  2⤵
  PID:9888
- C:\Windows\System\KMEtQvL.exe
  C:\Windows\System\KMEtQvL.exe
  2⤵
  PID:9904
- C:\Windows\System\aXteSrw.exe
  C:\Windows\System\aXteSrw.exe
  2⤵
  PID:9924
- C:\Windows\System\nghVstO.exe
  C:\Windows\System\nghVstO.exe
  2⤵
  PID:9944
- C:\Windows\System\cRRpWtf.exe
  C:\Windows\System\cRRpWtf.exe
  2⤵
  PID:9960
- C:\Windows\System\madGRKL.exe
  C:\Windows\System\madGRKL.exe
  2⤵
  PID:9976
- C:\Windows\System\iREABiC.exe
  C:\Windows\System\iREABiC.exe
  2⤵
  PID:10000
- C:\Windows\System\eIvfSZg.exe
  C:\Windows\System\eIvfSZg.exe
  2⤵
  PID:10020
- C:\Windows\System\jmQxpux.exe
  C:\Windows\System\jmQxpux.exe
  2⤵
  PID:10044
- C:\Windows\System\RcpXygk.exe
  C:\Windows\System\RcpXygk.exe
  2⤵
  PID:10060
- C:\Windows\System\DuKHdJE.exe
  C:\Windows\System\DuKHdJE.exe
  2⤵
  PID:10092
- C:\Windows\System\UdpDaxc.exe
  C:\Windows\System\UdpDaxc.exe
  2⤵
  PID:10112
- C:\Windows\System\OUtpjDQ.exe
  C:\Windows\System\OUtpjDQ.exe
  2⤵
  PID:10128
- C:\Windows\System\mkjimxM.exe
  C:\Windows\System\mkjimxM.exe
  2⤵
  PID:10148
- C:\Windows\System\ZRXxUOs.exe
  C:\Windows\System\ZRXxUOs.exe
  2⤵
  PID:10164
- C:\Windows\System\jkHfOII.exe
  C:\Windows\System\jkHfOII.exe
  2⤵
  PID:10184
- C:\Windows\System\cObcHOq.exe
  C:\Windows\System\cObcHOq.exe
  2⤵
  PID:10216
- C:\Windows\System\RxCVNfg.exe
  C:\Windows\System\RxCVNfg.exe
  2⤵
  PID:10232
- C:\Windows\System\UoGrmSP.exe
  C:\Windows\System\UoGrmSP.exe
  2⤵
  PID:9244
- C:\Windows\System\EskBzvY.exe
  C:\Windows\System\EskBzvY.exe
  2⤵
  PID:9252
- C:\Windows\System\omejkDu.exe
  C:\Windows\System\omejkDu.exe
  2⤵
  PID:9304
- C:\Windows\System\ieBIsDY.exe
  C:\Windows\System\ieBIsDY.exe
  2⤵
  PID:9340
- C:\Windows\System\ZEpwQIk.exe
  C:\Windows\System\ZEpwQIk.exe
  2⤵
  PID:9348
- C:\Windows\System\AHPnwdN.exe
  C:\Windows\System\AHPnwdN.exe
  2⤵
  PID:9384
- C:\Windows\System\WVelmLg.exe
  C:\Windows\System\WVelmLg.exe
  2⤵
  PID:9424
- C:\Windows\System\EVIgvxB.exe
  C:\Windows\System\EVIgvxB.exe
  2⤵
  PID:9464
- C:\Windows\System\UkGwhkq.exe
  C:\Windows\System\UkGwhkq.exe
  2⤵
  PID:9528
- C:\Windows\System\YtMXdwp.exe
  C:\Windows\System\YtMXdwp.exe
  2⤵
  PID:9516
- C:\Windows\System\ujYhQsz.exe
  C:\Windows\System\ujYhQsz.exe
  2⤵
  PID:9572
- C:\Windows\System\cfjgtzS.exe
  C:\Windows\System\cfjgtzS.exe
  2⤵
  PID:9596
- C:\Windows\System\IrBAzyy.exe
  C:\Windows\System\IrBAzyy.exe
  2⤵
  PID:9592
- C:\Windows\System\KRJEuUo.exe
  C:\Windows\System\KRJEuUo.exe
  2⤵
  PID:9664
- C:\Windows\System\LlpSphU.exe
  C:\Windows\System\LlpSphU.exe
  2⤵
  PID:9696
- C:\Windows\System\EEMixvD.exe
  C:\Windows\System\EEMixvD.exe
  2⤵
  PID:9720
- C:\Windows\System\tzOjpgD.exe
  C:\Windows\System\tzOjpgD.exe
  2⤵
  PID:9756
- C:\Windows\System\lkrKKzz.exe
  C:\Windows\System\lkrKKzz.exe
  2⤵
  PID:9792
- C:\Windows\System\ukRtVOd.exe
  C:\Windows\System\ukRtVOd.exe
  2⤵
  PID:9820
- C:\Windows\System\WIoAYKA.exe
  C:\Windows\System\WIoAYKA.exe
  2⤵
  PID:9852
- C:\Windows\System\sipmsIL.exe
  C:\Windows\System\sipmsIL.exe
  2⤵
  PID:9876
- C:\Windows\System\RmrlyRN.exe
  C:\Windows\System\RmrlyRN.exe
  2⤵
  PID:9900
- C:\Windows\System\sTVITZj.exe
  C:\Windows\System\sTVITZj.exe
  2⤵
  PID:9940
- C:\Windows\System\aefKlzP.exe
  C:\Windows\System\aefKlzP.exe
  2⤵
  PID:10012
- C:\Windows\System\KWJHnPL.exe
  C:\Windows\System\KWJHnPL.exe
  2⤵
  PID:9996
- C:\Windows\System\lsLZFgT.exe
  C:\Windows\System\lsLZFgT.exe
  2⤵
  PID:10052
- C:\Windows\System\FqhAKsL.exe
  C:\Windows\System\FqhAKsL.exe
  2⤵
  PID:10076
- C:\Windows\System\yWEspTB.exe
  C:\Windows\System\yWEspTB.exe
  2⤵
  PID:10108
- C:\Windows\System\nxILPEm.exe
  C:\Windows\System\nxILPEm.exe
  2⤵
  PID:10140
- C:\Windows\System\uuMsWUQ.exe
  C:\Windows\System\uuMsWUQ.exe
  2⤵
  PID:10156
- C:\Windows\System\ArXuNMC.exe
  C:\Windows\System\ArXuNMC.exe
  2⤵
  PID:10196
- C:\Windows\System\ftruWNO.exe
  C:\Windows\System\ftruWNO.exe
  2⤵
  PID:10228
- C:\Windows\System\YngGGSs.exe
  C:\Windows\System\YngGGSs.exe
  2⤵
  PID:9240
- C:\Windows\System\jwaTSAt.exe
  C:\Windows\System\jwaTSAt.exe
  2⤵
  PID:9272

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ACqUjnY.exe

Filesize
6.0MB

MD5
c4b84b9d0549836d7895adb7d0d586a5

SHA1
92ff725a22b5e8679dd1382e155398b63664ba9e

SHA256
393cad451ce75d7de3a15efb1a174aa2e96179d2b0d9a3ce793045c8a1f78c6f

SHA512
9ba4d29d4cedea675827cb561773e653b532b2f9452b6f7bc05acbb33674601cd62ddc8f29512f6fd8143f300d0dd9203d254acb1b24e69d78be397df2bda746

Download Submit
C:\Windows\system\AXtVvsN.exe

Filesize
6.0MB

MD5
7998bfb72afd550353bfe82578ef4db7

SHA1
030ade42c35f0b2b03f714e0ce0449db280f181f

SHA256
3dd30b0f59a92f0459585cba6409ba4d0fc2d4e818fc2ee4162d55512062b8a2

SHA512
b6b5b2979d64e925ae5f8ada9618a277ddd4a90873ea8ddb58c80d0cdc804b5aa820844ff671a8a26256358903e8fa43a73993e42d20919321c7e3a92d81ed3a

Download Submit
C:\Windows\system\BkOjbBh.exe

Filesize
6.0MB

MD5
35db9321e1162c5af7ed62b216a42b5a

SHA1
35b260887243e5a2fb966498d2d87e5384974305

SHA256
d2f8d334f77eeefd53c4b16cf0a6a1d8718dda70ee8b30c4c5c378dd6fc48400

SHA512
c983152916a2b5401f6d3fea2bffd8b42459f5643eee856e27a62bfdf383d2235a7054ecd1d321ee27e5db439f5d698e0c9de80977d416115ff967e3ab27ba6d

Download Submit
C:\Windows\system\ByfPxjd.exe

Filesize
6.0MB

MD5
676b169d1102fe926b781415a9ae6b8f

SHA1
ddaada8108395304faff7dcef80cc43d36d7f477

SHA256
0ac9473a87882a0ceaa3287a700d9a1c506c1f604cbfea502037b8a436096805

SHA512
3ca59d285f5c42908f0350cdb55633e4587fcc267112b70842cc9e2b0edde0cfdc58312e901cee50b717e9fd0e23727209a1d139b58840ec53aaae769189996f

Download Submit
C:\Windows\system\GArAKCb.exe

Filesize
6.0MB

MD5
9daca53b6e0c2a1c51a8897b5c7f3a12

SHA1
b2f9e8f2e3df8ab3711a1cdf67b1ff0dd1a35136

SHA256
cb07fe72e1e2cec08e363e38097ea0823686419afaacde6f2671ec7a3ff60695

SHA512
ee4798c02dbd8f30a49f0de2a45615a95a6d3961d166df3511f7984bac8be1c07994b25afbbba2f47e00187ac9e841abcf491f2e45302c5a7001296e17ccd008

Download Submit
C:\Windows\system\GqGccJQ.exe

Filesize
6.0MB

MD5
1d507aec0749cc8e2c78b3b2812d3b69

SHA1
1661524ece9db945cbc54cd1cf6b90db63af5e01

SHA256
9d332304a443ad561fcc1e1dc19ec4694c716187a5b9e42c36e6f7f199a0a3c5

SHA512
22a7ce64c01226d8d62d9c3b2a0294bea342ea6e00df5db80221ba81fa9d850910ecaac4e52ee2b9cedae83a965991bb809fb1df20d51b2eb5773d692df1fa84

Download Submit
C:\Windows\system\NYiKmoM.exe

Filesize
6.0MB

MD5
ed1fd0149bede4358e1d29ea7a178319

SHA1
211328951a411910b99562527bc82a7a333cca42

SHA256
19f15fc55dde11e364e71b0758c3e8a9f79a65a493ece2773592df570e267e60

SHA512
95620a313ec96d59fceaed76757675fb25ce5950a06ef2539c9a58ddc155245bf460ac873e04fd37d02e4522e83f18870e50586739cf35b4b25249ead25d2f79

Download Submit
C:\Windows\system\OpAtGZo.exe

Filesize
6.0MB

MD5
26ccf0594fe14bc61c5bb4c447000d29

SHA1
ceb36596c7d22d5b01bc1a6f72b7664bc6ccd340

SHA256
f28844b7736a794a331d57c10e536705069d35f00b0a1dfbf9f0cd187b8a947a

SHA512
70114614d2b7840578ec9a40b7f3fb98596728fac57a1a8619ada81b8cd723e662e5000fbe7c38eebbdd0d8a2ded495dc58d91c1fc8e7abcaae6a1d90953ab41

Download Submit
C:\Windows\system\VDgKmkx.exe

Filesize
6.0MB

MD5
111ff481311389c64ef6793d7dfe6c64

SHA1
8a7d908ad1edffa10490341e67ff964f50ee6512

SHA256
88f2a2d48afebd2378291a6738b0b685e8dcf6e2590703e0c9be09f8cb6c2e8f

SHA512
bba43aa367b8cf4f2c8f0aa94f9d693e3557c1dd55a9ef5858c6e5ab43ba7b789ba9c866217b275ddb0af9cc043a5e386d40655c5a002d3c4a1823b636cdf2ef

Download Submit
C:\Windows\system\YyXVvGy.exe

Filesize
6.0MB

MD5
6370ded7f4ea526ad28e95f99fa5a69d

SHA1
76574f49906ad33651e8528ecfb30b8a75256c37

SHA256
6d59b298f08acadc7fdafe5319924ce705a6e271ca4ae6d78427eb96c132065d

SHA512
5fd3352b16505515b716dca07d2a48d44e577c13c290492971f27b93b06417bd8ade33c2f8dbc048998eb5b3bfb4d691341016348d3d83abb2bd953603e6a6cc

Download Submit
C:\Windows\system\aQfrGNR.exe

Filesize
6.0MB

MD5
3c6b7cb1db48cc90f444df2787637f28

SHA1
e8380c7d649f8560f2eded6c901e115448b2f12a

SHA256
697ef6dcc09c12d8f10f6d93e885708bdd620cdf485f0b855ec5b02a74930cd1

SHA512
7584d47a535e93d9038f78902884a7a417572cc6d95d61b8998dbe5da2bfcfb67683c4cfbddd5fdddfb2fc615de669cb6924a3a9e94d71673a70ca57da232238

Download Submit
C:\Windows\system\aaiEIRd.exe

Filesize
6.0MB

MD5
22343c8f7599357daded14d0522a86f1

SHA1
d1abcb437fa2bbf5366449684506c42e389d2504

SHA256
92cd0aeb6ed0486f23b16a3b0658c3ecc9575727ed86ee4b3c5dfdd5726aab98

SHA512
3ef6b9558737747c2a82256af97eba4a9fa22dccc7ba386b506ebed2b978f85cba190fb3b7f6ffca1c7baf7846dae407073d4eef891191fdf97a20447c711dcf

Download Submit
C:\Windows\system\boPwUYK.exe

Filesize
6.0MB

MD5
1ce2a600ba8ecb1ffb4918410b55eff7

SHA1
e81e86fb7ca0fd8ef15957491e77e7aaa0864d5b

SHA256
9a5e54b51bb4f5c0188464cc31364d9a42bddc4220a64774e3257519e0bd5eac

SHA512
83e4574b8a0bd51b85bce22b009c29388affa3282a7e0d5729db9124aa99bdc491ff8e1a97e350fde820c228f169435c6f9d2f7ab8a66b82ab5b5fee57a5418f

Download Submit
C:\Windows\system\cEUQJEA.exe

Filesize
6.0MB

MD5
93443b5cfe3ef88a74782e4392514aaf

SHA1
b96acb3d9e03d2488241889264a05a36d8da8503

SHA256
f6079b2b49c52e75b4f52e4b08e93de54a5974257ee497b03a4f70cf222759d6

SHA512
1694cc6d31e59aa5ad200a4e713a81dbce4a2bcbb039b974a28bc5242357bbc284330c0ffc5fb11bf19dde43b3f38f84990634ffcad20b4804d898c1429d8d90

Download Submit
C:\Windows\system\dulhlwf.exe

Filesize
6.0MB

MD5
ee019a7f9fb0db19026f7c426434a7ad

SHA1
1e74c8860b5e08c7d1062d0de32674783e325bdd

SHA256
66cf06ef99e34b786460e752f768106f8aa0e830b724897b179798eedce794d9

SHA512
ce92b4993f580008c0675b4a90c64793734c2f3e719641b8cbcf80d6954439a025e8abfa53a2f2f68573e7385874668ffa27171ab056bf7563908220766dc63a

Download Submit
C:\Windows\system\gQXujmU.exe

Filesize
6.0MB

MD5
121b67991b60133374dec589807d336b

SHA1
7f95151de97f79256aa1971a0c8e6f8cf3b04821

SHA256
8864387c121bda666aea29a6e006ddd3f226a20010b6395a22744c72b15baca9

SHA512
e9755b6af18809fa4d8eb4d7f9ad5e6fd00b3256521c4310bdf2c329d1c73a81cac4f9153a9fd3de78e46b987c28e08c49aa28aa82fc1f90a4cf015fd2d49565

Download Submit
C:\Windows\system\hAmMxQG.exe

Filesize
6.0MB

MD5
0ff18a056c4624443a9f664574fcb396

SHA1
3ed65eb3618d2f4139c0fccdd829b88687f75319

SHA256
e28f70d94d27ec38f8bc44748aa2419c290b9eefceb9b1ba8cbe0a35fc6910be

SHA512
4d35feceb73d483e03715da5420de6b46426798d18c46532b0ba80c693bd291b4e19e0786f9f4ba51214de599e2f9c8075a69150a7769c32b86fc998067ef488

Download Submit
C:\Windows\system\hmXsSPv.exe

Filesize
6.0MB

MD5
4967c85e87aadd9a98a4ac4aef3b9679

SHA1
dd0475a8859133931931d51c75e7398d9b63e5f3

SHA256
e37344f9879188f9d93b59dd6cbff5464546ac57a3fad099ee61157994cdec86

SHA512
73f6a32fac7a6e7c248591a2f900646aba369bf0b0dcdc1f520fdbe53dd492b7660e83b36ee99420040cabb41ff75ade310d2f58ee2a46ba0f0f07ea35796b1a

Download Submit
C:\Windows\system\iAcXDsF.exe

Filesize
6.0MB

MD5
2196ba22ebd9e06a9c2c9e04b0cb7c8a

SHA1
ee9f638b622896fbac5980f790f65767e4291f88

SHA256
fdb0a672289c97e7a840073407b69ce8a37777a268392bb59be8acdb56ca5e19

SHA512
521f9532b8273585ffdffd33622677b8959b48dabd4ed80cbb9a12d470de242d707f4fdee21b9888ac71239dc09e65c312ed1cb25567019c880daf1bc20db40a

Download Submit
C:\Windows\system\iuXTDHr.exe

Filesize
6.0MB

MD5
4b5065e61ca7a7b2587e9c4a5e6dbedf

SHA1
6b4f97dccdebf02435e892e4cd7f0ac6bbe2fcdc

SHA256
ce8cfc9fd2f79060bb7dad38ba2df94379f709e5bb6e9a8527dd4b69f37819e2

SHA512
31b5a0ab64185147eb5c65e2d5d2fb20a36055e4112b02674d6ed210ba8ff6bd3e479db499ed7a3b023af197bd1264d06b2815495a1a339afc498d4126e83f36

Download Submit
C:\Windows\system\jjNWsgl.exe

Filesize
6.0MB

MD5
ef30cd188900e2ab0ec847b6ae4af7cf

SHA1
bb55f09e44243e98d1ddd85105d36b6bd9a0d6dd

SHA256
535ee31f2f023801d5783c3f12b07278a56a8617133e93809502f10ab48cbdb6

SHA512
391ac96a7c518c2f1ffeee87a981033d35e996c286dadccb0c3463b1219c40b7aea5d03558a0d61cbfd30a6c1f59191aa527700740f8e3a4077b10d6d40956cb

Download Submit
C:\Windows\system\kxAUenZ.exe

Filesize
6.0MB

MD5
1b9e0996723ed3a74cea23cfbb8299d1

SHA1
beff8811c43400ebbf6b4a4d267b5bdae14709aa

SHA256
b2cf262df0fdc910e353cad4f8628ccc45f8f3bba8164ddf72956d5fe4258700

SHA512
c9afb0ceeed38d981a875b61a184843a7938b02ddd20737d27d6d4eb530dd9e69f88bda8259818af3096238d3d9ac2f1670a4a08602a23a341c4686c6ee9c6e5

Download Submit
C:\Windows\system\mkgbSKw.exe

Filesize
6.0MB

MD5
e7977293ead8db2bf80ccbf73b790e8d

SHA1
da6b4e9b872407a7c31e4b993c6bb56daff832e0

SHA256
b1d81a8f295f8e3d71b4a9dc6ebc62573c4d45dc9c4fb0e3a431d4794c49bb8f

SHA512
e3a1c3ee2e5bef451a9fe75fdb353e45750cc9d06d86ef4bdf31886657a15e42d7cd2c294df647a6e7d4df42efbec2e522aef4e00a567a1f7a1c425ee6724e07

Download Submit
C:\Windows\system\pETKVqM.exe

Filesize
6.0MB

MD5
aebac22d908c2d54358feea9a2909f08

SHA1
3cac61154a196b7df628c230c8a3807dfaac9ad5

SHA256
f56f86f762f93af1d7563ebb4d35b85b9be2a4c41ca1c4e234232a555107262d

SHA512
365a4446613a2a8bffbc61e9ab1d889afb3494086f5769341cb42365871d2df24afebde2c3e6f7ca250b830b066c527da08120a408a1a804bf0c118204389d23

Download Submit
C:\Windows\system\wEOlVXX.exe

Filesize
6.0MB

MD5
ea643fb2f6de5241d31ce01730840526

SHA1
2d33cc73e36cc91495b9e2af0f3ef5d641cfed20

SHA256
88692554b6f29187854961180a0f7ad944f3551e1d211f2d5d097c176c79a60f

SHA512
a5be9702f8c804b37cc604f3d78d3cd14daa0320183e3eb1cbd17f76d639eab0787a4df731ad521ad57acfeb1492a880afaddf8bb3b8273882e4a7d94d0aa2ad

Download Submit
C:\Windows\system\zPLdAGY.exe

Filesize
6.0MB

MD5
ab46ae240623cd6c3b934a254d91c530

SHA1
01580a49025138d83d5f5943263f23681c1d438d

SHA256
14b67c550e2d476e8a735158c3acc802817b8774af3ce047be5e05d5f84f714f

SHA512
95ff4bd59d0d8cd89e283fb080249d58a17f114c7dbddd1665d9c994a3b85dbf480e800bcf7528622c17e45bc322cb548833ca8f52a250dc7efc62aeb6d447a9

Download Submit
C:\Windows\system\zwSYBZL.exe

Filesize
6.0MB

MD5
ac3be9727bec84d0964d594555b824d3

SHA1
9b7d23ee0721feb0b6bc6de0387d398e18196d55

SHA256
1a18b226eea6dcc39305966103f57c3d0762e2933f28f522909309cd72df589a

SHA512
e18389418e3df03778fa37d27ab9c5c65fe9b3f07a6a56e43fcc9ef401cb884fbf8768c39be371136536a436b48a22db128ed2ecdfe107c1d0fe94b75483de28

Download Submit
\Windows\system\AEZPTKV.exe

Filesize
6.0MB

MD5
0e7fb369ae5170457c69ed31a1898822

SHA1
c3c60881c7c88110fa3c0fe59f9a8a7ccb42691c

SHA256
e382a52b135b292edbef3c0e92394411de045c6a5fdf34547fe3bad29968384f

SHA512
27d880082208e247c1bb939534bf0225228d79b6a1cab4c02a1726b9514bf342aab63408e91f353e9aa2f092c5ac77a700d1e00d0bd5caf85df8c5c42720ef6b

Download Submit
\Windows\system\SQDkmQd.exe

Filesize
6.0MB

MD5
3d5707b270eef1e82a7c96767f6e6a89

SHA1
74cd52a2fcca07acc78da039432f1413f77b0bd5

SHA256
56a2bd9f7ae693b22cee8f894221f993be58d41368074a9ccf1e91945f8955c1

SHA512
5d3e7577c78d9e44d7bb7b707d73e957e37fe73bf4d8eb784d8733e0b06315e05f1325279321297af63329c60fe9d348060e915ac5c68f9bb4b3ee71ef4cf23c

Download Submit
\Windows\system\UKBwhHu.exe

Filesize
6.0MB

MD5
d771e3579d51f68a8655f41a85477c86

SHA1
f4773d97ac4da67be57b9d818f7f11413863c014

SHA256
a40aa639b33fc463e995277fe291981d09ae72c05548ddd8c2d9c5482fdb827c

SHA512
d44bf930562af9dd7cab6477a47a29a1573887bf12662cad3531edd675e38e3348ea08dc96d3e2e6443c592bc537caebb071b2d6df090674454b553c0b26a065

Download Submit
\Windows\system\bAYsMCF.exe

Filesize
6.0MB

MD5
725cdeba61052663aad6c913564d56e4

SHA1
73556e052a3e0b0d57b0c22f609a67495c35de2a

SHA256
8756ffc93ec669de932419467e691d8d941d708605ba022daf056ee4a613d2b7

SHA512
3a24b1ceac07d59f32c443bfe81acc499f155bb57f04a50a02164b53f94b1227be995295ce22985ae7ba5aa76bdccd577e0d781c880182a78fdaba831dc0e5db

Download Submit
\Windows\system\ygawiOe.exe

Filesize
6.0MB

MD5
5d55ebedab0351739ea7d08beec80634

SHA1
7b54a826f99d832682aab3c0c183662e6c66e524

SHA256
996f55bdf5d290f37a5e99b55bd1b54acd28f0b93bfe387e3ebbc5d1823efdf3

SHA512
60930793b9a6d86b2555577284254c5df1e680c9c274c5415ef872a9e1ef00c73f2cb1d33e95cd42104cb32b94c5c14ee284fd86b1a14b18801b994653025cde

Download Submit
memory/292-51-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/292-87-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/292-3623-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/484-88-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/484-609-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/484-3634-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/572-96-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/572-846-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/572-3635-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/780-3639-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/780-1018-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/780-105-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/1592-3632-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/1592-104-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/1592-66-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/1856-420-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/1856-80-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/1856-3633-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-57-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2572-3626-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2572-95-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2668-35-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2668-4670-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2668-72-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2672-13-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-3592-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-49-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-28-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2880-65-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2880-3612-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2892-3618-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2892-22-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2952-3631-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2952-73-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2952-226-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-45-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-77-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-3615-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/3024-40-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/3024-110-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/3024-512-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/3024-61-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/3024-84-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/3024-92-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/3024-53-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/3024-20-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/3024-15-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/3024-30-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/3024-100-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/3024-725-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/3024-101-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/3024-24-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/3024-109-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/3024-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/3024-69-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/3024-37-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/3024-961-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/3024-0-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/3024-1131-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/3060-41-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/3060-3595-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/3060-11-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download