cobaltstrike | ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2d

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
26/09/2024, 23:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
Size

6.0MB
MD5

ebe3399d8720f5fb525e4227528bd6c0
SHA1

7fed846d6cf24c2371ad8b6a6dfc37c11bae92db
SHA256

ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2d
SHA512

83a2d38bee49c430e07426226fff41ce5969cb8534e689a1f12344f5dfed97b76486539d27c32bf2a321494905500f3d1d8097fee093442203a5ff01bb24fb73
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU0:T+q56utgpPF8u/70

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00090000000120fb-3.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017447-12.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000018617-19.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf2-56.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cd5-76.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018636-80.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c0b-92.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf0-52.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000196a0-46.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019931-42.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bec-59.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018634-30.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017467-29.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017429-28.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cfc-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f57-127.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a033-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a05a-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3e8-172.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3e6-168.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ed-182.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a445-193.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a423-187.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ea-177.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a2fc-157.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3e4-163.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a2b9-152.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a020-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f71-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d5c-117.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001739f-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d69-121.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2640-0-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/files/0x00090000000120fb-3.dat	xmrig
behavioral1/files/0x0007000000017447-12.dat	xmrig
behavioral1/files/0x000a000000018617-19.dat	xmrig
behavioral1/files/0x0005000000019bf2-56.dat	xmrig
behavioral1/memory/2780-69-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019cd5-76.dat	xmrig
behavioral1/memory/2640-78-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/files/0x0006000000018636-80.dat	xmrig
behavioral1/memory/2824-81-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2684-85-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c0b-92.dat	xmrig
behavioral1/memory/2088-75-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2640-73-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/1336-93-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/memory/2708-53-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/files/0x0005000000019bf0-52.dat	xmrig
behavioral1/memory/2916-90-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/files/0x00060000000196a0-46.dat	xmrig
behavioral1/memory/1704-45-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/files/0x0006000000019931-42.dat	xmrig
behavioral1/memory/2984-82-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2640-79-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2284-77-0x000000013FDD0000-0x0000000140124000-memory.dmp	xmrig
behavioral1/memory/2744-68-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	xmrig
behavioral1/memory/2728-65-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019bec-59.dat	xmrig
behavioral1/memory/1668-39-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/files/0x0006000000018634-30.dat	xmrig
behavioral1/files/0x0008000000017467-29.dat	xmrig
behavioral1/files/0x0008000000017429-28.dat	xmrig
behavioral1/memory/2824-11-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2728-98-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/1668-96-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019cfc-105.dat	xmrig
behavioral1/memory/2820-111-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/files/0x0005000000019f57-127.dat	xmrig
behavioral1/files/0x000500000001a033-142.dat	xmrig
behavioral1/files/0x000500000001a05a-145.dat	xmrig
behavioral1/files/0x000500000001a3e8-172.dat	xmrig
behavioral1/files/0x000500000001a3e6-168.dat	xmrig
behavioral1/files/0x000500000001a3ed-182.dat	xmrig
behavioral1/memory/2684-260-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/1336-480-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/memory/2916-369-0x000000013F660000-0x000000013F9B4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a445-193.dat	xmrig
behavioral1/files/0x000500000001a423-187.dat	xmrig
behavioral1/files/0x000500000001a3ea-177.dat	xmrig
behavioral1/files/0x000500000001a2fc-157.dat	xmrig
behavioral1/files/0x000500000001a3e4-163.dat	xmrig
behavioral1/files/0x000500000001a2b9-152.dat	xmrig
behavioral1/files/0x000500000001a020-137.dat	xmrig
behavioral1/files/0x0005000000019f71-132.dat	xmrig
behavioral1/files/0x0005000000019d5c-117.dat	xmrig
behavioral1/memory/2984-115-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/files/0x000800000001739f-114.dat	xmrig
behavioral1/memory/2640-112-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d69-121.dat	xmrig
behavioral1/memory/2824-3822-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/1668-3823-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/memory/1704-3827-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2708-3829-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2780-3831-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/2088-3833-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2824	dZORMWw.exe
1668	vbVYcXJ.exe
1704	UuzfvqM.exe
2708	DXdRRSZ.exe
2744	CeykLPw.exe
2780	engpbGq.exe
2088	NQgpqlz.exe
2728	ZJjiVdk.exe
2284	hNAKbLI.exe
2984	EFJstNK.exe
2684	LMZOoeB.exe
2916	yvYioOz.exe
1336	qvtDjCl.exe
2820	gmmebNW.exe
1852	NkDfChL.exe
3040	kHLItzk.exe
1856	GbHsOjG.exe
1404	tDjwVCP.exe
1432	kurUotR.exe
1868	GXbgFFW.exe
2368	BgEPQDz.exe
2072	LSEHyBw.exe
716	KvVTyrS.exe
2540	naTPrUZ.exe
580	fyJjqzC.exe
1104	nYxkOGw.exe
1808	PhkvZwq.exe
1232	whVFCOZ.exe
296	hOwQBWb.exe
412	WvOXXTO.exe
1900	DWbUgOs.exe
1044	ppyDijl.exe
2512	odLFOSY.exe
2920	xZGUcUl.exe
1764	yoQIAcd.exe
1708	QeOmAOX.exe
1084	CdBfBqY.exe
856	kHaFMqf.exe
1472	PtNYvqb.exe
2264	jGZyyEv.exe
2180	lJLdmra.exe
2200	wvSmYBu.exe
3016	CCPoqtj.exe
568	nGsiNCJ.exe
2308	MwFjcRL.exe
2080	fZEYPXF.exe
2496	Gjuzeso.exe
1504	rufASjN.exe
2528	YNvzQiU.exe
1728	YgCgHOV.exe
3008	xtQeIOZ.exe
1592	fjjbPao.exe
2468	dpGHTsp.exe
1688	wtYpxAJ.exe
2568	UFPtsmE.exe
2804	YuhYJyq.exe
2908	imNyzcg.exe
2556	RakGElz.exe
2972	aIRzuvv.exe
2696	vukFxff.exe
2248	synFnAT.exe
2796	BTnRsfX.exe
2580	IMSJqSS.exe
2396	XnsqIKw.exe

Loads dropped DLL 64 IoCs

pid	Process
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2640-0-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/files/0x00090000000120fb-3.dat	upx
behavioral1/files/0x0007000000017447-12.dat	upx
behavioral1/files/0x000a000000018617-19.dat	upx
behavioral1/files/0x0005000000019bf2-56.dat	upx
behavioral1/memory/2780-69-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/files/0x0005000000019cd5-76.dat	upx
behavioral1/files/0x0006000000018636-80.dat	upx
behavioral1/memory/2824-81-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2684-85-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/files/0x0005000000019c0b-92.dat	upx
behavioral1/memory/2088-75-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2640-73-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/1336-93-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/2708-53-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/files/0x0005000000019bf0-52.dat	upx
behavioral1/memory/2916-90-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/files/0x00060000000196a0-46.dat	upx
behavioral1/memory/1704-45-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/files/0x0006000000019931-42.dat	upx
behavioral1/memory/2984-82-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2640-79-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2284-77-0x000000013FDD0000-0x0000000140124000-memory.dmp	upx
behavioral1/memory/2744-68-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2728-65-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/files/0x0005000000019bec-59.dat	upx
behavioral1/memory/1668-39-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/files/0x0006000000018634-30.dat	upx
behavioral1/files/0x0008000000017467-29.dat	upx
behavioral1/files/0x0008000000017429-28.dat	upx
behavioral1/memory/2824-11-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2728-98-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/1668-96-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/files/0x0005000000019cfc-105.dat	upx
behavioral1/memory/2820-111-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/files/0x0005000000019f57-127.dat	upx
behavioral1/files/0x000500000001a033-142.dat	upx
behavioral1/files/0x000500000001a05a-145.dat	upx
behavioral1/files/0x000500000001a3e8-172.dat	upx
behavioral1/files/0x000500000001a3e6-168.dat	upx
behavioral1/files/0x000500000001a3ed-182.dat	upx
behavioral1/memory/2684-260-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/1336-480-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/2916-369-0x000000013F660000-0x000000013F9B4000-memory.dmp	upx
behavioral1/files/0x000500000001a445-193.dat	upx
behavioral1/files/0x000500000001a423-187.dat	upx
behavioral1/files/0x000500000001a3ea-177.dat	upx
behavioral1/files/0x000500000001a2fc-157.dat	upx
behavioral1/files/0x000500000001a3e4-163.dat	upx
behavioral1/files/0x000500000001a2b9-152.dat	upx
behavioral1/files/0x000500000001a020-137.dat	upx
behavioral1/files/0x0005000000019f71-132.dat	upx
behavioral1/files/0x0005000000019d5c-117.dat	upx
behavioral1/memory/2984-115-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/files/0x000800000001739f-114.dat	upx
behavioral1/files/0x0005000000019d69-121.dat	upx
behavioral1/memory/2824-3822-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/1668-3823-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/1704-3827-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2708-3829-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2780-3831-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2088-3833-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2744-3834-0x000000013F8A0000-0x000000013FBF4000-memory.dmp	upx
behavioral1/memory/2728-3837-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\AeiFphL.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\jxBjtrm.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\OZdcfLi.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\DxNWsSU.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\cegOxDy.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\IAMmGtL.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\LscMxSn.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\lqTUqJA.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\QtnORqT.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\zLuctyH.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\cKFvUDw.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\serdysE.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\LWCCXah.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\fnPMgrc.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\ZVsBYQG.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\chdMDGR.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\jaeWKRR.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\LmCovbd.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\ttlxQtE.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\KgXqGeP.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\ANEQZmh.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\iphBLic.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\OTawMgY.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\hTMsTPE.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\NtZUYFI.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\qsxJRkk.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\siqmLkn.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\KQhopbl.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\RLxSVbT.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\XUClkZO.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\WoBrtxo.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\ZplWSDS.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\cTSIPgO.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\DXWsWwN.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\JzwDKmZ.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\LFAlTyd.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\tsquKvw.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\yseCsyv.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\PtVFRcm.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\ZdibatA.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\Puapcmf.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\hQaUZNw.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\fjjbPao.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\PnSkuBw.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\wAKLPtg.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\LhltmQa.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\UJmrUDC.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\NuauSiR.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\alfNqnW.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\ZkYjXkX.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\rPICvsO.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\zByXRxl.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\vBDQoFh.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\IOSNNhk.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\NBJBFiX.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\wuxjtzx.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\mYKbSUb.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\HzOyweW.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\xfRcHUJ.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\SgTXQsD.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\cPlnJfK.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\gpZARxJ.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\ztbduaH.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
File created	C:\Windows\System\gdAsVzq.exe	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2640 wrote to memory of 2824	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	31
PID 2640 wrote to memory of 2824	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	31
PID 2640 wrote to memory of 2824	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	31
PID 2640 wrote to memory of 1668	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	32
PID 2640 wrote to memory of 1668	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	32
PID 2640 wrote to memory of 1668	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	32
PID 2640 wrote to memory of 2744	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	33
PID 2640 wrote to memory of 2744	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	33
PID 2640 wrote to memory of 2744	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	33
PID 2640 wrote to memory of 1704	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	34
PID 2640 wrote to memory of 1704	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	34
PID 2640 wrote to memory of 1704	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	34
PID 2640 wrote to memory of 2284	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	35
PID 2640 wrote to memory of 2284	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	35
PID 2640 wrote to memory of 2284	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	35
PID 2640 wrote to memory of 2708	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	36
PID 2640 wrote to memory of 2708	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	36
PID 2640 wrote to memory of 2708	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	36
PID 2640 wrote to memory of 2984	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	37
PID 2640 wrote to memory of 2984	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	37
PID 2640 wrote to memory of 2984	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	37
PID 2640 wrote to memory of 2780	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	38
PID 2640 wrote to memory of 2780	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	38
PID 2640 wrote to memory of 2780	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	38
PID 2640 wrote to memory of 2684	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	39
PID 2640 wrote to memory of 2684	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	39
PID 2640 wrote to memory of 2684	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	39
PID 2640 wrote to memory of 2088	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	40
PID 2640 wrote to memory of 2088	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	40
PID 2640 wrote to memory of 2088	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	40
PID 2640 wrote to memory of 2916	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	41
PID 2640 wrote to memory of 2916	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	41
PID 2640 wrote to memory of 2916	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	41
PID 2640 wrote to memory of 2728	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	42
PID 2640 wrote to memory of 2728	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	42
PID 2640 wrote to memory of 2728	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	42
PID 2640 wrote to memory of 1336	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	43
PID 2640 wrote to memory of 1336	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	43
PID 2640 wrote to memory of 1336	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	43
PID 2640 wrote to memory of 2820	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	44
PID 2640 wrote to memory of 2820	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	44
PID 2640 wrote to memory of 2820	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	44
PID 2640 wrote to memory of 3040	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	45
PID 2640 wrote to memory of 3040	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	45
PID 2640 wrote to memory of 3040	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	45
PID 2640 wrote to memory of 1852	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	46
PID 2640 wrote to memory of 1852	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	46
PID 2640 wrote to memory of 1852	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	46
PID 2640 wrote to memory of 1856	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	47
PID 2640 wrote to memory of 1856	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	47
PID 2640 wrote to memory of 1856	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	47
PID 2640 wrote to memory of 1404	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	48
PID 2640 wrote to memory of 1404	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	48
PID 2640 wrote to memory of 1404	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	48
PID 2640 wrote to memory of 1432	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	49
PID 2640 wrote to memory of 1432	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	49
PID 2640 wrote to memory of 1432	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	49
PID 2640 wrote to memory of 1868	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	50
PID 2640 wrote to memory of 1868	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	50
PID 2640 wrote to memory of 1868	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	50
PID 2640 wrote to memory of 2368	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	51
PID 2640 wrote to memory of 2368	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	51
PID 2640 wrote to memory of 2368	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	51
PID 2640 wrote to memory of 2072	2640	ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe	52

C:\Users\Admin\AppData\Local\Temp\ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe
"C:\Users\Admin\AppData\Local\Temp\ca32bc42f01b71ef41a8cb8faac698c76fb1cd492244a0c5152c5711366b2c2dN.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2640
- C:\Windows\System\dZORMWw.exe
  C:\Windows\System\dZORMWw.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\vbVYcXJ.exe
  C:\Windows\System\vbVYcXJ.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\CeykLPw.exe
  C:\Windows\System\CeykLPw.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\UuzfvqM.exe
  C:\Windows\System\UuzfvqM.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\hNAKbLI.exe
  C:\Windows\System\hNAKbLI.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\DXdRRSZ.exe
  C:\Windows\System\DXdRRSZ.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\EFJstNK.exe
  C:\Windows\System\EFJstNK.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\engpbGq.exe
  C:\Windows\System\engpbGq.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\LMZOoeB.exe
  C:\Windows\System\LMZOoeB.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\NQgpqlz.exe
  C:\Windows\System\NQgpqlz.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\yvYioOz.exe
  C:\Windows\System\yvYioOz.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\ZJjiVdk.exe
  C:\Windows\System\ZJjiVdk.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\qvtDjCl.exe
  C:\Windows\System\qvtDjCl.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\gmmebNW.exe
  C:\Windows\System\gmmebNW.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\kHLItzk.exe
  C:\Windows\System\kHLItzk.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\NkDfChL.exe
  C:\Windows\System\NkDfChL.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\GbHsOjG.exe
  C:\Windows\System\GbHsOjG.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\tDjwVCP.exe
  C:\Windows\System\tDjwVCP.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\kurUotR.exe
  C:\Windows\System\kurUotR.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\GXbgFFW.exe
  C:\Windows\System\GXbgFFW.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\BgEPQDz.exe
  C:\Windows\System\BgEPQDz.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\LSEHyBw.exe
  C:\Windows\System\LSEHyBw.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\KvVTyrS.exe
  C:\Windows\System\KvVTyrS.exe
  2⤵
  - Executes dropped EXE
  PID:716
- C:\Windows\System\naTPrUZ.exe
  C:\Windows\System\naTPrUZ.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\fyJjqzC.exe
  C:\Windows\System\fyJjqzC.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\nYxkOGw.exe
  C:\Windows\System\nYxkOGw.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\PhkvZwq.exe
  C:\Windows\System\PhkvZwq.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\whVFCOZ.exe
  C:\Windows\System\whVFCOZ.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\hOwQBWb.exe
  C:\Windows\System\hOwQBWb.exe
  2⤵
  - Executes dropped EXE
  PID:296
- C:\Windows\System\WvOXXTO.exe
  C:\Windows\System\WvOXXTO.exe
  2⤵
  - Executes dropped EXE
  PID:412
- C:\Windows\System\DWbUgOs.exe
  C:\Windows\System\DWbUgOs.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\ppyDijl.exe
  C:\Windows\System\ppyDijl.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\odLFOSY.exe
  C:\Windows\System\odLFOSY.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\xZGUcUl.exe
  C:\Windows\System\xZGUcUl.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\yoQIAcd.exe
  C:\Windows\System\yoQIAcd.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\QeOmAOX.exe
  C:\Windows\System\QeOmAOX.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\CdBfBqY.exe
  C:\Windows\System\CdBfBqY.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\kHaFMqf.exe
  C:\Windows\System\kHaFMqf.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\PtNYvqb.exe
  C:\Windows\System\PtNYvqb.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\jGZyyEv.exe
  C:\Windows\System\jGZyyEv.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\lJLdmra.exe
  C:\Windows\System\lJLdmra.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\wvSmYBu.exe
  C:\Windows\System\wvSmYBu.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\CCPoqtj.exe
  C:\Windows\System\CCPoqtj.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\nGsiNCJ.exe
  C:\Windows\System\nGsiNCJ.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\MwFjcRL.exe
  C:\Windows\System\MwFjcRL.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\fZEYPXF.exe
  C:\Windows\System\fZEYPXF.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\Gjuzeso.exe
  C:\Windows\System\Gjuzeso.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\rufASjN.exe
  C:\Windows\System\rufASjN.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\YNvzQiU.exe
  C:\Windows\System\YNvzQiU.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\YgCgHOV.exe
  C:\Windows\System\YgCgHOV.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\xtQeIOZ.exe
  C:\Windows\System\xtQeIOZ.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\fjjbPao.exe
  C:\Windows\System\fjjbPao.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\dpGHTsp.exe
  C:\Windows\System\dpGHTsp.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\wtYpxAJ.exe
  C:\Windows\System\wtYpxAJ.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\YuhYJyq.exe
  C:\Windows\System\YuhYJyq.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\UFPtsmE.exe
  C:\Windows\System\UFPtsmE.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\imNyzcg.exe
  C:\Windows\System\imNyzcg.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\RakGElz.exe
  C:\Windows\System\RakGElz.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\aIRzuvv.exe
  C:\Windows\System\aIRzuvv.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\vukFxff.exe
  C:\Windows\System\vukFxff.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\synFnAT.exe
  C:\Windows\System\synFnAT.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\BTnRsfX.exe
  C:\Windows\System\BTnRsfX.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\IMSJqSS.exe
  C:\Windows\System\IMSJqSS.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\XnsqIKw.exe
  C:\Windows\System\XnsqIKw.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\rzbkZya.exe
  C:\Windows\System\rzbkZya.exe
  2⤵
  PID:628
- C:\Windows\System\pqQTwIe.exe
  C:\Windows\System\pqQTwIe.exe
  2⤵
  PID:2604
- C:\Windows\System\AffLtcP.exe
  C:\Windows\System\AffLtcP.exe
  2⤵
  PID:2892
- C:\Windows\System\cRBDGCI.exe
  C:\Windows\System\cRBDGCI.exe
  2⤵
  PID:2608
- C:\Windows\System\HjOvmdg.exe
  C:\Windows\System\HjOvmdg.exe
  2⤵
  PID:2572
- C:\Windows\System\hvCkgdL.exe
  C:\Windows\System\hvCkgdL.exe
  2⤵
  PID:2616
- C:\Windows\System\zsziJjN.exe
  C:\Windows\System\zsziJjN.exe
  2⤵
  PID:2828
- C:\Windows\System\IHmHzAn.exe
  C:\Windows\System\IHmHzAn.exe
  2⤵
  PID:316
- C:\Windows\System\CdeQcZS.exe
  C:\Windows\System\CdeQcZS.exe
  2⤵
  PID:1340
- C:\Windows\System\eKzeySq.exe
  C:\Windows\System\eKzeySq.exe
  2⤵
  PID:2276
- C:\Windows\System\WIMcSXH.exe
  C:\Windows\System\WIMcSXH.exe
  2⤵
  PID:352
- C:\Windows\System\zpYwuNW.exe
  C:\Windows\System\zpYwuNW.exe
  2⤵
  PID:832
- C:\Windows\System\ocEqxwq.exe
  C:\Windows\System\ocEqxwq.exe
  2⤵
  PID:1648
- C:\Windows\System\zLuctyH.exe
  C:\Windows\System\zLuctyH.exe
  2⤵
  PID:2996
- C:\Windows\System\ibnxKeg.exe
  C:\Windows\System\ibnxKeg.exe
  2⤵
  PID:1488
- C:\Windows\System\TLSIQSQ.exe
  C:\Windows\System\TLSIQSQ.exe
  2⤵
  PID:2416
- C:\Windows\System\sVVWCnS.exe
  C:\Windows\System\sVVWCnS.exe
  2⤵
  PID:1620
- C:\Windows\System\SSxqjwZ.exe
  C:\Windows\System\SSxqjwZ.exe
  2⤵
  PID:604
- C:\Windows\System\eyZYxMv.exe
  C:\Windows\System\eyZYxMv.exe
  2⤵
  PID:1284
- C:\Windows\System\VMjFFgW.exe
  C:\Windows\System\VMjFFgW.exe
  2⤵
  PID:1092
- C:\Windows\System\EaUrbaE.exe
  C:\Windows\System\EaUrbaE.exe
  2⤵
  PID:1736
- C:\Windows\System\FlZQwJF.exe
  C:\Windows\System\FlZQwJF.exe
  2⤵
  PID:1372
- C:\Windows\System\VUxmyOR.exe
  C:\Windows\System\VUxmyOR.exe
  2⤵
  PID:1748
- C:\Windows\System\jHMRIPL.exe
  C:\Windows\System\jHMRIPL.exe
  2⤵
  PID:984
- C:\Windows\System\HITGJXq.exe
  C:\Windows\System\HITGJXq.exe
  2⤵
  PID:2476
- C:\Windows\System\YPwmAIx.exe
  C:\Windows\System\YPwmAIx.exe
  2⤵
  PID:1068
- C:\Windows\System\zsUilrJ.exe
  C:\Windows\System\zsUilrJ.exe
  2⤵
  PID:2272
- C:\Windows\System\zijADQz.exe
  C:\Windows\System\zijADQz.exe
  2⤵
  PID:304
- C:\Windows\System\nsqDLZa.exe
  C:\Windows\System\nsqDLZa.exe
  2⤵
  PID:2116
- C:\Windows\System\mxXFEpW.exe
  C:\Windows\System\mxXFEpW.exe
  2⤵
  PID:1500
- C:\Windows\System\BuUMYJC.exe
  C:\Windows\System\BuUMYJC.exe
  2⤵
  PID:2300
- C:\Windows\System\tnOSYwm.exe
  C:\Windows\System\tnOSYwm.exe
  2⤵
  PID:2484
- C:\Windows\System\kdHoiZV.exe
  C:\Windows\System\kdHoiZV.exe
  2⤵
  PID:2136
- C:\Windows\System\zaNooke.exe
  C:\Windows\System\zaNooke.exe
  2⤵
  PID:2692
- C:\Windows\System\HAZgigc.exe
  C:\Windows\System\HAZgigc.exe
  2⤵
  PID:2816
- C:\Windows\System\nbTSKpD.exe
  C:\Windows\System\nbTSKpD.exe
  2⤵
  PID:2128
- C:\Windows\System\oAVHung.exe
  C:\Windows\System\oAVHung.exe
  2⤵
  PID:2592
- C:\Windows\System\kVxEyQN.exe
  C:\Windows\System\kVxEyQN.exe
  2⤵
  PID:1140
- C:\Windows\System\NgsNghL.exe
  C:\Windows\System\NgsNghL.exe
  2⤵
  PID:3056
- C:\Windows\System\MGfOKag.exe
  C:\Windows\System\MGfOKag.exe
  2⤵
  PID:2848
- C:\Windows\System\cKFvUDw.exe
  C:\Windows\System\cKFvUDw.exe
  2⤵
  PID:2812
- C:\Windows\System\TNrSKHL.exe
  C:\Windows\System\TNrSKHL.exe
  2⤵
  PID:2316
- C:\Windows\System\HgBORIa.exe
  C:\Windows\System\HgBORIa.exe
  2⤵
  PID:1880
- C:\Windows\System\tByuwfN.exe
  C:\Windows\System\tByuwfN.exe
  2⤵
  PID:1956
- C:\Windows\System\KQhopbl.exe
  C:\Windows\System\KQhopbl.exe
  2⤵
  PID:1524
- C:\Windows\System\CuYYBtb.exe
  C:\Windows\System\CuYYBtb.exe
  2⤵
  PID:2868
- C:\Windows\System\joRYWuf.exe
  C:\Windows\System\joRYWuf.exe
  2⤵
  PID:2068
- C:\Windows\System\ClHImew.exe
  C:\Windows\System\ClHImew.exe
  2⤵
  PID:2536
- C:\Windows\System\QCblbpQ.exe
  C:\Windows\System\QCblbpQ.exe
  2⤵
  PID:1536
- C:\Windows\System\sioIQAT.exe
  C:\Windows\System\sioIQAT.exe
  2⤵
  PID:2636
- C:\Windows\System\jMOjNxn.exe
  C:\Windows\System\jMOjNxn.exe
  2⤵
  PID:1100
- C:\Windows\System\EWFUCbE.exe
  C:\Windows\System\EWFUCbE.exe
  2⤵
  PID:2228
- C:\Windows\System\FrsGQRp.exe
  C:\Windows\System\FrsGQRp.exe
  2⤵
  PID:1976
- C:\Windows\System\oWQEGrm.exe
  C:\Windows\System\oWQEGrm.exe
  2⤵
  PID:2436
- C:\Windows\System\LGFiery.exe
  C:\Windows\System\LGFiery.exe
  2⤵
  PID:1444
- C:\Windows\System\PIkUdJL.exe
  C:\Windows\System\PIkUdJL.exe
  2⤵
  PID:2104
- C:\Windows\System\akkEghl.exe
  C:\Windows\System\akkEghl.exe
  2⤵
  PID:1568
- C:\Windows\System\XaEjIdX.exe
  C:\Windows\System\XaEjIdX.exe
  2⤵
  PID:2664
- C:\Windows\System\aYOpkgs.exe
  C:\Windows\System\aYOpkgs.exe
  2⤵
  PID:1076
- C:\Windows\System\CKvdMxi.exe
  C:\Windows\System\CKvdMxi.exe
  2⤵
  PID:2624
- C:\Windows\System\RLxSVbT.exe
  C:\Windows\System\RLxSVbT.exe
  2⤵
  PID:2148
- C:\Windows\System\lttiauR.exe
  C:\Windows\System\lttiauR.exe
  2⤵
  PID:2472
- C:\Windows\System\pSBxUAg.exe
  C:\Windows\System\pSBxUAg.exe
  2⤵
  PID:1716
- C:\Windows\System\rOyMjxz.exe
  C:\Windows\System\rOyMjxz.exe
  2⤵
  PID:1904
- C:\Windows\System\UJmrUDC.exe
  C:\Windows\System\UJmrUDC.exe
  2⤵
  PID:1408
- C:\Windows\System\eOTEIZv.exe
  C:\Windows\System\eOTEIZv.exe
  2⤵
  PID:2840
- C:\Windows\System\YxULPEL.exe
  C:\Windows\System\YxULPEL.exe
  2⤵
  PID:548
- C:\Windows\System\FUEcIjj.exe
  C:\Windows\System\FUEcIjj.exe
  2⤵
  PID:664
- C:\Windows\System\mPgGFnu.exe
  C:\Windows\System\mPgGFnu.exe
  2⤵
  PID:860
- C:\Windows\System\vqUfiuF.exe
  C:\Windows\System\vqUfiuF.exe
  2⤵
  PID:1680
- C:\Windows\System\xPnCESO.exe
  C:\Windows\System\xPnCESO.exe
  2⤵
  PID:1968
- C:\Windows\System\LFAlTyd.exe
  C:\Windows\System\LFAlTyd.exe
  2⤵
  PID:1696
- C:\Windows\System\aKcUCtS.exe
  C:\Windows\System\aKcUCtS.exe
  2⤵
  PID:3036
- C:\Windows\System\NxRqTxS.exe
  C:\Windows\System\NxRqTxS.exe
  2⤵
  PID:2680
- C:\Windows\System\RrrBkgh.exe
  C:\Windows\System\RrrBkgh.exe
  2⤵
  PID:1960
- C:\Windows\System\tsquKvw.exe
  C:\Windows\System\tsquKvw.exe
  2⤵
  PID:1944
- C:\Windows\System\iIDZeCF.exe
  C:\Windows\System\iIDZeCF.exe
  2⤵
  PID:696
- C:\Windows\System\SgTXQsD.exe
  C:\Windows\System\SgTXQsD.exe
  2⤵
  PID:2648
- C:\Windows\System\cPlnJfK.exe
  C:\Windows\System\cPlnJfK.exe
  2⤵
  PID:2800
- C:\Windows\System\bgMvdmN.exe
  C:\Windows\System\bgMvdmN.exe
  2⤵
  PID:1864
- C:\Windows\System\JXnsfxZ.exe
  C:\Windows\System\JXnsfxZ.exe
  2⤵
  PID:2732
- C:\Windows\System\RfXvAqQ.exe
  C:\Windows\System\RfXvAqQ.exe
  2⤵
  PID:1784
- C:\Windows\System\DruGWoC.exe
  C:\Windows\System\DruGWoC.exe
  2⤵
  PID:1552
- C:\Windows\System\kUhnLoa.exe
  C:\Windows\System\kUhnLoa.exe
  2⤵
  PID:2768
- C:\Windows\System\FxHUOwL.exe
  C:\Windows\System\FxHUOwL.exe
  2⤵
  PID:532
- C:\Windows\System\zIwnYOW.exe
  C:\Windows\System\zIwnYOW.exe
  2⤵
  PID:904
- C:\Windows\System\FjyZEjG.exe
  C:\Windows\System\FjyZEjG.exe
  2⤵
  PID:3020
- C:\Windows\System\xdtalyf.exe
  C:\Windows\System\xdtalyf.exe
  2⤵
  PID:1964
- C:\Windows\System\zanqPZK.exe
  C:\Windows\System\zanqPZK.exe
  2⤵
  PID:2320
- C:\Windows\System\DEdiXqk.exe
  C:\Windows\System\DEdiXqk.exe
  2⤵
  PID:268
- C:\Windows\System\hwzjEqF.exe
  C:\Windows\System\hwzjEqF.exe
  2⤵
  PID:1600
- C:\Windows\System\eWzWfHg.exe
  C:\Windows\System\eWzWfHg.exe
  2⤵
  PID:1060
- C:\Windows\System\nPENKIy.exe
  C:\Windows\System\nPENKIy.exe
  2⤵
  PID:2688
- C:\Windows\System\KDJsnBZ.exe
  C:\Windows\System\KDJsnBZ.exe
  2⤵
  PID:1152
- C:\Windows\System\zRytGeI.exe
  C:\Windows\System\zRytGeI.exe
  2⤵
  PID:2268
- C:\Windows\System\PnSkuBw.exe
  C:\Windows\System\PnSkuBw.exe
  2⤵
  PID:2600
- C:\Windows\System\XtsAotZ.exe
  C:\Windows\System\XtsAotZ.exe
  2⤵
  PID:828
- C:\Windows\System\aqDycVx.exe
  C:\Windows\System\aqDycVx.exe
  2⤵
  PID:2548
- C:\Windows\System\emJKhgZ.exe
  C:\Windows\System\emJKhgZ.exe
  2⤵
  PID:1752
- C:\Windows\System\CQsvqNt.exe
  C:\Windows\System\CQsvqNt.exe
  2⤵
  PID:1236
- C:\Windows\System\lhTKafM.exe
  C:\Windows\System\lhTKafM.exe
  2⤵
  PID:1692
- C:\Windows\System\EqywPXu.exe
  C:\Windows\System\EqywPXu.exe
  2⤵
  PID:1672
- C:\Windows\System\IXUzzeK.exe
  C:\Windows\System\IXUzzeK.exe
  2⤵
  PID:2448
- C:\Windows\System\jjAMKwP.exe
  C:\Windows\System\jjAMKwP.exe
  2⤵
  PID:524
- C:\Windows\System\resgbEq.exe
  C:\Windows\System\resgbEq.exe
  2⤵
  PID:800
- C:\Windows\System\btCNFde.exe
  C:\Windows\System\btCNFde.exe
  2⤵
  PID:880
- C:\Windows\System\LsOSVvn.exe
  C:\Windows\System\LsOSVvn.exe
  2⤵
  PID:2004
- C:\Windows\System\kspLxmg.exe
  C:\Windows\System\kspLxmg.exe
  2⤵
  PID:1636
- C:\Windows\System\iWjcvtV.exe
  C:\Windows\System\iWjcvtV.exe
  2⤵
  PID:480
- C:\Windows\System\tLqZWgB.exe
  C:\Windows\System\tLqZWgB.exe
  2⤵
  PID:1992
- C:\Windows\System\zqNKABF.exe
  C:\Windows\System\zqNKABF.exe
  2⤵
  PID:2524
- C:\Windows\System\TXTSisI.exe
  C:\Windows\System\TXTSisI.exe
  2⤵
  PID:1168
- C:\Windows\System\fRJUTSz.exe
  C:\Windows\System\fRJUTSz.exe
  2⤵
  PID:1436
- C:\Windows\System\WNxSuhW.exe
  C:\Windows\System\WNxSuhW.exe
  2⤵
  PID:1052
- C:\Windows\System\OsvvOAT.exe
  C:\Windows\System\OsvvOAT.exe
  2⤵
  PID:3088
- C:\Windows\System\tMhKzmX.exe
  C:\Windows\System\tMhKzmX.exe
  2⤵
  PID:3104
- C:\Windows\System\YPIPpUm.exe
  C:\Windows\System\YPIPpUm.exe
  2⤵
  PID:3128
- C:\Windows\System\kXRmpnB.exe
  C:\Windows\System\kXRmpnB.exe
  2⤵
  PID:3144
- C:\Windows\System\vBDQoFh.exe
  C:\Windows\System\vBDQoFh.exe
  2⤵
  PID:3160
- C:\Windows\System\hlTTiHL.exe
  C:\Windows\System\hlTTiHL.exe
  2⤵
  PID:3176
- C:\Windows\System\CaIqunr.exe
  C:\Windows\System\CaIqunr.exe
  2⤵
  PID:3192
- C:\Windows\System\rAUmlpU.exe
  C:\Windows\System\rAUmlpU.exe
  2⤵
  PID:3208
- C:\Windows\System\mlHqGhv.exe
  C:\Windows\System\mlHqGhv.exe
  2⤵
  PID:3228
- C:\Windows\System\ySjiMCt.exe
  C:\Windows\System\ySjiMCt.exe
  2⤵
  PID:3244
- C:\Windows\System\Apahoqj.exe
  C:\Windows\System\Apahoqj.exe
  2⤵
  PID:3268
- C:\Windows\System\JnIPuvy.exe
  C:\Windows\System\JnIPuvy.exe
  2⤵
  PID:3284
- C:\Windows\System\xbWXVYV.exe
  C:\Windows\System\xbWXVYV.exe
  2⤵
  PID:3300
- C:\Windows\System\GijmDvA.exe
  C:\Windows\System\GijmDvA.exe
  2⤵
  PID:3316
- C:\Windows\System\abGHyuW.exe
  C:\Windows\System\abGHyuW.exe
  2⤵
  PID:3332
- C:\Windows\System\Ywlsste.exe
  C:\Windows\System\Ywlsste.exe
  2⤵
  PID:3348
- C:\Windows\System\GGQTqkf.exe
  C:\Windows\System\GGQTqkf.exe
  2⤵
  PID:3364
- C:\Windows\System\WvoBXfF.exe
  C:\Windows\System\WvoBXfF.exe
  2⤵
  PID:3380
- C:\Windows\System\ctssXVh.exe
  C:\Windows\System\ctssXVh.exe
  2⤵
  PID:3396
- C:\Windows\System\htrbtMR.exe
  C:\Windows\System\htrbtMR.exe
  2⤵
  PID:3416
- C:\Windows\System\YBsqsnT.exe
  C:\Windows\System\YBsqsnT.exe
  2⤵
  PID:3432
- C:\Windows\System\VRwtXTA.exe
  C:\Windows\System\VRwtXTA.exe
  2⤵
  PID:3448
- C:\Windows\System\NKwwCbZ.exe
  C:\Windows\System\NKwwCbZ.exe
  2⤵
  PID:3464
- C:\Windows\System\bSmQHlP.exe
  C:\Windows\System\bSmQHlP.exe
  2⤵
  PID:3480
- C:\Windows\System\xIxQehg.exe
  C:\Windows\System\xIxQehg.exe
  2⤵
  PID:3496
- C:\Windows\System\UHCpkzE.exe
  C:\Windows\System\UHCpkzE.exe
  2⤵
  PID:3512
- C:\Windows\System\VtRFsbF.exe
  C:\Windows\System\VtRFsbF.exe
  2⤵
  PID:3528
- C:\Windows\System\hlJmCdt.exe
  C:\Windows\System\hlJmCdt.exe
  2⤵
  PID:3548
- C:\Windows\System\TyPyblU.exe
  C:\Windows\System\TyPyblU.exe
  2⤵
  PID:3564
- C:\Windows\System\mCVJXvU.exe
  C:\Windows\System\mCVJXvU.exe
  2⤵
  PID:3580
- C:\Windows\System\DBrTvkk.exe
  C:\Windows\System\DBrTvkk.exe
  2⤵
  PID:3596
- C:\Windows\System\GhPWZbE.exe
  C:\Windows\System\GhPWZbE.exe
  2⤵
  PID:3612
- C:\Windows\System\pSLwnKa.exe
  C:\Windows\System\pSLwnKa.exe
  2⤵
  PID:3628
- C:\Windows\System\zZfuTpN.exe
  C:\Windows\System\zZfuTpN.exe
  2⤵
  PID:3644
- C:\Windows\System\FaRVxGm.exe
  C:\Windows\System\FaRVxGm.exe
  2⤵
  PID:3660
- C:\Windows\System\ijnSWNd.exe
  C:\Windows\System\ijnSWNd.exe
  2⤵
  PID:3680
- C:\Windows\System\JbEFoqO.exe
  C:\Windows\System\JbEFoqO.exe
  2⤵
  PID:3696
- C:\Windows\System\CpQiign.exe
  C:\Windows\System\CpQiign.exe
  2⤵
  PID:3712
- C:\Windows\System\cDPyGEw.exe
  C:\Windows\System\cDPyGEw.exe
  2⤵
  PID:3728
- C:\Windows\System\kqyhKDT.exe
  C:\Windows\System\kqyhKDT.exe
  2⤵
  PID:3744
- C:\Windows\System\JKlskAO.exe
  C:\Windows\System\JKlskAO.exe
  2⤵
  PID:3760
- C:\Windows\System\JtMWYwh.exe
  C:\Windows\System\JtMWYwh.exe
  2⤵
  PID:3780
- C:\Windows\System\gxNesqb.exe
  C:\Windows\System\gxNesqb.exe
  2⤵
  PID:3804
- C:\Windows\System\axMvhzw.exe
  C:\Windows\System\axMvhzw.exe
  2⤵
  PID:3820
- C:\Windows\System\GxdjOZw.exe
  C:\Windows\System\GxdjOZw.exe
  2⤵
  PID:3836
- C:\Windows\System\TURprJH.exe
  C:\Windows\System\TURprJH.exe
  2⤵
  PID:3852
- C:\Windows\System\fUqIAKB.exe
  C:\Windows\System\fUqIAKB.exe
  2⤵
  PID:3872
- C:\Windows\System\wmdrNpo.exe
  C:\Windows\System\wmdrNpo.exe
  2⤵
  PID:3888
- C:\Windows\System\HVMOPgm.exe
  C:\Windows\System\HVMOPgm.exe
  2⤵
  PID:3908
- C:\Windows\System\JcTddDq.exe
  C:\Windows\System\JcTddDq.exe
  2⤵
  PID:3924
- C:\Windows\System\wLRnjTK.exe
  C:\Windows\System\wLRnjTK.exe
  2⤵
  PID:3940
- C:\Windows\System\VugYKUG.exe
  C:\Windows\System\VugYKUG.exe
  2⤵
  PID:3956
- C:\Windows\System\yZRyFgE.exe
  C:\Windows\System\yZRyFgE.exe
  2⤵
  PID:3972
- C:\Windows\System\ABsluZK.exe
  C:\Windows\System\ABsluZK.exe
  2⤵
  PID:3988
- C:\Windows\System\HygPsyW.exe
  C:\Windows\System\HygPsyW.exe
  2⤵
  PID:4004
- C:\Windows\System\WrJfXap.exe
  C:\Windows\System\WrJfXap.exe
  2⤵
  PID:4020
- C:\Windows\System\IOSNNhk.exe
  C:\Windows\System\IOSNNhk.exe
  2⤵
  PID:4036
- C:\Windows\System\ivNhAbu.exe
  C:\Windows\System\ivNhAbu.exe
  2⤵
  PID:4052
- C:\Windows\System\laMqVyR.exe
  C:\Windows\System\laMqVyR.exe
  2⤵
  PID:4068
- C:\Windows\System\sPImdZd.exe
  C:\Windows\System\sPImdZd.exe
  2⤵
  PID:4084
- C:\Windows\System\zzbFBDX.exe
  C:\Windows\System\zzbFBDX.exe
  2⤵
  PID:1684
- C:\Windows\System\jRiYyGG.exe
  C:\Windows\System\jRiYyGG.exe
  2⤵
  PID:2060
- C:\Windows\System\nRzLigh.exe
  C:\Windows\System\nRzLigh.exe
  2⤵
  PID:3100
- C:\Windows\System\KypLjaT.exe
  C:\Windows\System\KypLjaT.exe
  2⤵
  PID:3124
- C:\Windows\System\INTlrHc.exe
  C:\Windows\System\INTlrHc.exe
  2⤵
  PID:3184
- C:\Windows\System\mGKNWSO.exe
  C:\Windows\System\mGKNWSO.exe
  2⤵
  PID:3224
- C:\Windows\System\YdoDOMP.exe
  C:\Windows\System\YdoDOMP.exe
  2⤵
  PID:3168
- C:\Windows\System\METqbgk.exe
  C:\Windows\System\METqbgk.exe
  2⤵
  PID:3240
- C:\Windows\System\zERSdUT.exe
  C:\Windows\System\zERSdUT.exe
  2⤵
  PID:3340
- C:\Windows\System\wAKLPtg.exe
  C:\Windows\System\wAKLPtg.exe
  2⤵
  PID:3404
- C:\Windows\System\fvdoHrj.exe
  C:\Windows\System\fvdoHrj.exe
  2⤵
  PID:3356
- C:\Windows\System\djehZou.exe
  C:\Windows\System\djehZou.exe
  2⤵
  PID:3256
- C:\Windows\System\XUClkZO.exe
  C:\Windows\System\XUClkZO.exe
  2⤵
  PID:3296
- C:\Windows\System\hphoXnf.exe
  C:\Windows\System\hphoXnf.exe
  2⤵
  PID:3440
- C:\Windows\System\wpfXXcp.exe
  C:\Windows\System\wpfXXcp.exe
  2⤵
  PID:3460
- C:\Windows\System\JIohUtq.exe
  C:\Windows\System\JIohUtq.exe
  2⤵
  PID:3524
- C:\Windows\System\NgHdgRl.exe
  C:\Windows\System\NgHdgRl.exe
  2⤵
  PID:3508
- C:\Windows\System\ndUZzVO.exe
  C:\Windows\System\ndUZzVO.exe
  2⤵
  PID:3544
- C:\Windows\System\HcOPpqV.exe
  C:\Windows\System\HcOPpqV.exe
  2⤵
  PID:308
- C:\Windows\System\JUKmFNC.exe
  C:\Windows\System\JUKmFNC.exe
  2⤵
  PID:3608
- C:\Windows\System\GoOFYIh.exe
  C:\Windows\System\GoOFYIh.exe
  2⤵
  PID:3640
- C:\Windows\System\jxBjtrm.exe
  C:\Windows\System\jxBjtrm.exe
  2⤵
  PID:3668
- C:\Windows\System\gYngaLl.exe
  C:\Windows\System\gYngaLl.exe
  2⤵
  PID:3724
- C:\Windows\System\zXvzHMF.exe
  C:\Windows\System\zXvzHMF.exe
  2⤵
  PID:3736
- C:\Windows\System\Lryuiun.exe
  C:\Windows\System\Lryuiun.exe
  2⤵
  PID:3772
- C:\Windows\System\JmInzVE.exe
  C:\Windows\System\JmInzVE.exe
  2⤵
  PID:3800
- C:\Windows\System\FmYVsyv.exe
  C:\Windows\System\FmYVsyv.exe
  2⤵
  PID:3896
- C:\Windows\System\nMGxgMZ.exe
  C:\Windows\System\nMGxgMZ.exe
  2⤵
  PID:3816
- C:\Windows\System\gejTMVw.exe
  C:\Windows\System\gejTMVw.exe
  2⤵
  PID:3916
- C:\Windows\System\ShWlMYM.exe
  C:\Windows\System\ShWlMYM.exe
  2⤵
  PID:3920
- C:\Windows\System\mziBytm.exe
  C:\Windows\System\mziBytm.exe
  2⤵
  PID:3952
- C:\Windows\System\IxIyKbD.exe
  C:\Windows\System\IxIyKbD.exe
  2⤵
  PID:3984
- C:\Windows\System\pFjlCpF.exe
  C:\Windows\System\pFjlCpF.exe
  2⤵
  PID:4064
- C:\Windows\System\qpxqlqY.exe
  C:\Windows\System\qpxqlqY.exe
  2⤵
  PID:4080
- C:\Windows\System\RWoDxBV.exe
  C:\Windows\System\RWoDxBV.exe
  2⤵
  PID:3084
- C:\Windows\System\ttzIDzJ.exe
  C:\Windows\System\ttzIDzJ.exe
  2⤵
  PID:3324
- C:\Windows\System\KervFlP.exe
  C:\Windows\System\KervFlP.exe
  2⤵
  PID:3388
- C:\Windows\System\SdqVNJi.exe
  C:\Windows\System\SdqVNJi.exe
  2⤵
  PID:3116
- C:\Windows\System\GcCgMXC.exe
  C:\Windows\System\GcCgMXC.exe
  2⤵
  PID:3216
- C:\Windows\System\wFQiulT.exe
  C:\Windows\System\wFQiulT.exe
  2⤵
  PID:3456
- C:\Windows\System\QmDqmOS.exe
  C:\Windows\System\QmDqmOS.exe
  2⤵
  PID:3588
- C:\Windows\System\UXKIHGw.exe
  C:\Windows\System\UXKIHGw.exe
  2⤵
  PID:3576
- C:\Windows\System\IoJfIVy.exe
  C:\Windows\System\IoJfIVy.exe
  2⤵
  PID:3832
- C:\Windows\System\raeGIIw.exe
  C:\Windows\System\raeGIIw.exe
  2⤵
  PID:3768
- C:\Windows\System\fWqaVKo.exe
  C:\Windows\System\fWqaVKo.exe
  2⤵
  PID:3792
- C:\Windows\System\tAyOYbE.exe
  C:\Windows\System\tAyOYbE.exe
  2⤵
  PID:4048
- C:\Windows\System\UMgFbgR.exe
  C:\Windows\System\UMgFbgR.exe
  2⤵
  PID:3996
- C:\Windows\System\GyBXcmq.exe
  C:\Windows\System\GyBXcmq.exe
  2⤵
  PID:3948
- C:\Windows\System\wbpFcFY.exe
  C:\Windows\System\wbpFcFY.exe
  2⤵
  PID:3776
- C:\Windows\System\dnzsxFr.exe
  C:\Windows\System\dnzsxFr.exe
  2⤵
  PID:4076
- C:\Windows\System\nfxNjuz.exe
  C:\Windows\System\nfxNjuz.exe
  2⤵
  PID:3080
- C:\Windows\System\LQVbRtI.exe
  C:\Windows\System\LQVbRtI.exe
  2⤵
  PID:3308
- C:\Windows\System\XyPWpHV.exe
  C:\Windows\System\XyPWpHV.exe
  2⤵
  PID:3756
- C:\Windows\System\gwaXqPH.exe
  C:\Windows\System\gwaXqPH.exe
  2⤵
  PID:3376
- C:\Windows\System\RzevAaE.exe
  C:\Windows\System\RzevAaE.exe
  2⤵
  PID:3220
- C:\Windows\System\dTvxDbK.exe
  C:\Windows\System\dTvxDbK.exe
  2⤵
  PID:3704
- C:\Windows\System\FHgFdLW.exe
  C:\Windows\System\FHgFdLW.exe
  2⤵
  PID:3392
- C:\Windows\System\PJDpeSv.exe
  C:\Windows\System\PJDpeSv.exe
  2⤵
  PID:3556
- C:\Windows\System\GKdmjLy.exe
  C:\Windows\System\GKdmjLy.exe
  2⤵
  PID:3656
- C:\Windows\System\yefvCXG.exe
  C:\Windows\System\yefvCXG.exe
  2⤵
  PID:3412
- C:\Windows\System\IpFupbm.exe
  C:\Windows\System\IpFupbm.exe
  2⤵
  PID:3844
- C:\Windows\System\IlmnldT.exe
  C:\Windows\System\IlmnldT.exe
  2⤵
  PID:3312
- C:\Windows\System\FLNbKzj.exe
  C:\Windows\System\FLNbKzj.exe
  2⤵
  PID:4032
- C:\Windows\System\Pjwxmww.exe
  C:\Windows\System\Pjwxmww.exe
  2⤵
  PID:3636
- C:\Windows\System\scxkTVn.exe
  C:\Windows\System\scxkTVn.exe
  2⤵
  PID:3372
- C:\Windows\System\oCAzRIY.exe
  C:\Windows\System\oCAzRIY.exe
  2⤵
  PID:4108
- C:\Windows\System\DEHfvIa.exe
  C:\Windows\System\DEHfvIa.exe
  2⤵
  PID:4124
- C:\Windows\System\oNxWBjZ.exe
  C:\Windows\System\oNxWBjZ.exe
  2⤵
  PID:4140
- C:\Windows\System\QouORhB.exe
  C:\Windows\System\QouORhB.exe
  2⤵
  PID:4156
- C:\Windows\System\vwAhnUX.exe
  C:\Windows\System\vwAhnUX.exe
  2⤵
  PID:4172
- C:\Windows\System\SQqdbXi.exe
  C:\Windows\System\SQqdbXi.exe
  2⤵
  PID:4188
- C:\Windows\System\tImiKzy.exe
  C:\Windows\System\tImiKzy.exe
  2⤵
  PID:4204
- C:\Windows\System\GLhhlhA.exe
  C:\Windows\System\GLhhlhA.exe
  2⤵
  PID:4220
- C:\Windows\System\WBgPYLK.exe
  C:\Windows\System\WBgPYLK.exe
  2⤵
  PID:4236
- C:\Windows\System\UbQnWRK.exe
  C:\Windows\System\UbQnWRK.exe
  2⤵
  PID:4252
- C:\Windows\System\hfvamPN.exe
  C:\Windows\System\hfvamPN.exe
  2⤵
  PID:4268
- C:\Windows\System\mtVfOZv.exe
  C:\Windows\System\mtVfOZv.exe
  2⤵
  PID:4284
- C:\Windows\System\lUfOvfY.exe
  C:\Windows\System\lUfOvfY.exe
  2⤵
  PID:4300
- C:\Windows\System\fLifKKE.exe
  C:\Windows\System\fLifKKE.exe
  2⤵
  PID:4316
- C:\Windows\System\ZBtXJdG.exe
  C:\Windows\System\ZBtXJdG.exe
  2⤵
  PID:4332
- C:\Windows\System\uhqzhFk.exe
  C:\Windows\System\uhqzhFk.exe
  2⤵
  PID:4348
- C:\Windows\System\DRUYPjl.exe
  C:\Windows\System\DRUYPjl.exe
  2⤵
  PID:4364
- C:\Windows\System\NhsgmFL.exe
  C:\Windows\System\NhsgmFL.exe
  2⤵
  PID:4380
- C:\Windows\System\sRmTygP.exe
  C:\Windows\System\sRmTygP.exe
  2⤵
  PID:4396
- C:\Windows\System\xLMeSDJ.exe
  C:\Windows\System\xLMeSDJ.exe
  2⤵
  PID:4412
- C:\Windows\System\xPHqkSW.exe
  C:\Windows\System\xPHqkSW.exe
  2⤵
  PID:4432
- C:\Windows\System\mYKbSUb.exe
  C:\Windows\System\mYKbSUb.exe
  2⤵
  PID:4448
- C:\Windows\System\iphBLic.exe
  C:\Windows\System\iphBLic.exe
  2⤵
  PID:4464
- C:\Windows\System\OZdcfLi.exe
  C:\Windows\System\OZdcfLi.exe
  2⤵
  PID:4480
- C:\Windows\System\IpvUXZl.exe
  C:\Windows\System\IpvUXZl.exe
  2⤵
  PID:4496
- C:\Windows\System\MaOCVnw.exe
  C:\Windows\System\MaOCVnw.exe
  2⤵
  PID:4512
- C:\Windows\System\ZUaddbU.exe
  C:\Windows\System\ZUaddbU.exe
  2⤵
  PID:4528
- C:\Windows\System\dSXvuRx.exe
  C:\Windows\System\dSXvuRx.exe
  2⤵
  PID:4548
- C:\Windows\System\tXAauPr.exe
  C:\Windows\System\tXAauPr.exe
  2⤵
  PID:4564
- C:\Windows\System\SfOnrxU.exe
  C:\Windows\System\SfOnrxU.exe
  2⤵
  PID:4584
- C:\Windows\System\DxNWsSU.exe
  C:\Windows\System\DxNWsSU.exe
  2⤵
  PID:4600
- C:\Windows\System\onIEULB.exe
  C:\Windows\System\onIEULB.exe
  2⤵
  PID:4616
- C:\Windows\System\hrNlPKS.exe
  C:\Windows\System\hrNlPKS.exe
  2⤵
  PID:4632
- C:\Windows\System\erevhQa.exe
  C:\Windows\System\erevhQa.exe
  2⤵
  PID:4652
- C:\Windows\System\TyWIxob.exe
  C:\Windows\System\TyWIxob.exe
  2⤵
  PID:4668
- C:\Windows\System\dwximDy.exe
  C:\Windows\System\dwximDy.exe
  2⤵
  PID:4684
- C:\Windows\System\hhDNpJn.exe
  C:\Windows\System\hhDNpJn.exe
  2⤵
  PID:4700
- C:\Windows\System\tUOKbwU.exe
  C:\Windows\System\tUOKbwU.exe
  2⤵
  PID:4716
- C:\Windows\System\LXCOZzR.exe
  C:\Windows\System\LXCOZzR.exe
  2⤵
  PID:4732
- C:\Windows\System\UBQECsg.exe
  C:\Windows\System\UBQECsg.exe
  2⤵
  PID:4748
- C:\Windows\System\ZeYgRIH.exe
  C:\Windows\System\ZeYgRIH.exe
  2⤵
  PID:4764
- C:\Windows\System\phclUUv.exe
  C:\Windows\System\phclUUv.exe
  2⤵
  PID:4780
- C:\Windows\System\UrVWnFZ.exe
  C:\Windows\System\UrVWnFZ.exe
  2⤵
  PID:4796
- C:\Windows\System\ggHoJcL.exe
  C:\Windows\System\ggHoJcL.exe
  2⤵
  PID:4812
- C:\Windows\System\orFmVjX.exe
  C:\Windows\System\orFmVjX.exe
  2⤵
  PID:4828
- C:\Windows\System\ewHXGuB.exe
  C:\Windows\System\ewHXGuB.exe
  2⤵
  PID:4844
- C:\Windows\System\jqLUWTK.exe
  C:\Windows\System\jqLUWTK.exe
  2⤵
  PID:4860
- C:\Windows\System\viWbEPX.exe
  C:\Windows\System\viWbEPX.exe
  2⤵
  PID:4876
- C:\Windows\System\tEZKzEl.exe
  C:\Windows\System\tEZKzEl.exe
  2⤵
  PID:4892
- C:\Windows\System\PSmerjl.exe
  C:\Windows\System\PSmerjl.exe
  2⤵
  PID:4908
- C:\Windows\System\lwxlOgu.exe
  C:\Windows\System\lwxlOgu.exe
  2⤵
  PID:4924
- C:\Windows\System\oEgUwih.exe
  C:\Windows\System\oEgUwih.exe
  2⤵
  PID:4940
- C:\Windows\System\MsvSMMv.exe
  C:\Windows\System\MsvSMMv.exe
  2⤵
  PID:4956
- C:\Windows\System\kgKNiFY.exe
  C:\Windows\System\kgKNiFY.exe
  2⤵
  PID:4972
- C:\Windows\System\mWjmybQ.exe
  C:\Windows\System\mWjmybQ.exe
  2⤵
  PID:4988
- C:\Windows\System\YFgkaVm.exe
  C:\Windows\System\YFgkaVm.exe
  2⤵
  PID:5004
- C:\Windows\System\ErSEKHd.exe
  C:\Windows\System\ErSEKHd.exe
  2⤵
  PID:5020
- C:\Windows\System\mybGdxs.exe
  C:\Windows\System\mybGdxs.exe
  2⤵
  PID:5036
- C:\Windows\System\xLvuZPA.exe
  C:\Windows\System\xLvuZPA.exe
  2⤵
  PID:5052
- C:\Windows\System\CGXuuRa.exe
  C:\Windows\System\CGXuuRa.exe
  2⤵
  PID:5068
- C:\Windows\System\rbQSIcT.exe
  C:\Windows\System\rbQSIcT.exe
  2⤵
  PID:5084
- C:\Windows\System\ImtyUYZ.exe
  C:\Windows\System\ImtyUYZ.exe
  2⤵
  PID:5100
- C:\Windows\System\fepbFUf.exe
  C:\Windows\System\fepbFUf.exe
  2⤵
  PID:5116
- C:\Windows\System\NsRgAWj.exe
  C:\Windows\System\NsRgAWj.exe
  2⤵
  PID:4016
- C:\Windows\System\cQhmSZM.exe
  C:\Windows\System\cQhmSZM.exe
  2⤵
  PID:4120
- C:\Windows\System\XKnbWBi.exe
  C:\Windows\System\XKnbWBi.exe
  2⤵
  PID:4184
- C:\Windows\System\EZbISfQ.exe
  C:\Windows\System\EZbISfQ.exe
  2⤵
  PID:3472
- C:\Windows\System\KZoeGfI.exe
  C:\Windows\System\KZoeGfI.exe
  2⤵
  PID:4248
- C:\Windows\System\serdysE.exe
  C:\Windows\System\serdysE.exe
  2⤵
  PID:4136
- C:\Windows\System\LtIqcqC.exe
  C:\Windows\System\LtIqcqC.exe
  2⤵
  PID:4164
- C:\Windows\System\tTKGkMc.exe
  C:\Windows\System\tTKGkMc.exe
  2⤵
  PID:4232
- C:\Windows\System\eeuxeAI.exe
  C:\Windows\System\eeuxeAI.exe
  2⤵
  PID:4324
- C:\Windows\System\SnRZJRZ.exe
  C:\Windows\System\SnRZJRZ.exe
  2⤵
  PID:4372
- C:\Windows\System\cEzPvFB.exe
  C:\Windows\System\cEzPvFB.exe
  2⤵
  PID:4356
- C:\Windows\System\ohsprdZ.exe
  C:\Windows\System\ohsprdZ.exe
  2⤵
  PID:4392
- C:\Windows\System\bnXsAsx.exe
  C:\Windows\System\bnXsAsx.exe
  2⤵
  PID:4388
- C:\Windows\System\cjuRyEc.exe
  C:\Windows\System\cjuRyEc.exe
  2⤵
  PID:4524
- C:\Windows\System\wDUTZMs.exe
  C:\Windows\System\wDUTZMs.exe
  2⤵
  PID:4440
- C:\Windows\System\qRjyDvU.exe
  C:\Windows\System\qRjyDvU.exe
  2⤵
  PID:4544
- C:\Windows\System\LFSiZJX.exe
  C:\Windows\System\LFSiZJX.exe
  2⤵
  PID:4612
- C:\Windows\System\IaKpTwR.exe
  C:\Windows\System\IaKpTwR.exe
  2⤵
  PID:4804
- C:\Windows\System\zGPWWAE.exe
  C:\Windows\System\zGPWWAE.exe
  2⤵
  PID:4836
- C:\Windows\System\xTiqWvl.exe
  C:\Windows\System\xTiqWvl.exe
  2⤵
  PID:4884
- C:\Windows\System\ZItpRCx.exe
  C:\Windows\System\ZItpRCx.exe
  2⤵
  PID:4904
- C:\Windows\System\iYfRKGB.exe
  C:\Windows\System\iYfRKGB.exe
  2⤵
  PID:4920
- C:\Windows\System\ivnVhNl.exe
  C:\Windows\System\ivnVhNl.exe
  2⤵
  PID:4980
- C:\Windows\System\UXzyBpO.exe
  C:\Windows\System\UXzyBpO.exe
  2⤵
  PID:5000
- C:\Windows\System\NPpaeVU.exe
  C:\Windows\System\NPpaeVU.exe
  2⤵
  PID:5064
- C:\Windows\System\QupAPOX.exe
  C:\Windows\System\QupAPOX.exe
  2⤵
  PID:5012
- C:\Windows\System\AdVMTas.exe
  C:\Windows\System\AdVMTas.exe
  2⤵
  PID:3968
- C:\Windows\System\QCMrKtZ.exe
  C:\Windows\System\QCMrKtZ.exe
  2⤵
  PID:4104
- C:\Windows\System\sgrncsH.exe
  C:\Windows\System\sgrncsH.exe
  2⤵
  PID:2864
- C:\Windows\System\fYvzbEJ.exe
  C:\Windows\System\fYvzbEJ.exe
  2⤵
  PID:4228
- C:\Windows\System\vppUlmb.exe
  C:\Windows\System\vppUlmb.exe
  2⤵
  PID:4312
- C:\Windows\System\OsKEgLg.exe
  C:\Windows\System\OsKEgLg.exe
  2⤵
  PID:4404
- C:\Windows\System\fBSEsak.exe
  C:\Windows\System\fBSEsak.exe
  2⤵
  PID:4196
- C:\Windows\System\uKvbZpg.exe
  C:\Windows\System\uKvbZpg.exe
  2⤵
  PID:4540
- C:\Windows\System\UXOorIy.exe
  C:\Windows\System\UXOorIy.exe
  2⤵
  PID:4724
- C:\Windows\System\aesEGoG.exe
  C:\Windows\System\aesEGoG.exe
  2⤵
  PID:4772
- C:\Windows\System\KHfvYEN.exe
  C:\Windows\System\KHfvYEN.exe
  2⤵
  PID:4776
- C:\Windows\System\okVxLwT.exe
  C:\Windows\System\okVxLwT.exe
  2⤵
  PID:5032
- C:\Windows\System\HChqKVG.exe
  C:\Windows\System\HChqKVG.exe
  2⤵
  PID:5044
- C:\Windows\System\VVkXmqK.exe
  C:\Windows\System\VVkXmqK.exe
  2⤵
  PID:5108
- C:\Windows\System\IfJyIAe.exe
  C:\Windows\System\IfJyIAe.exe
  2⤵
  PID:4200
- C:\Windows\System\gPFEmRH.exe
  C:\Windows\System\gPFEmRH.exe
  2⤵
  PID:4132
- C:\Windows\System\ylEnGYT.exe
  C:\Windows\System\ylEnGYT.exe
  2⤵
  PID:4460
- C:\Windows\System\YysVihY.exe
  C:\Windows\System\YysVihY.exe
  2⤵
  PID:4560
- C:\Windows\System\qbaARRY.exe
  C:\Windows\System\qbaARRY.exe
  2⤵
  PID:4592
- C:\Windows\System\AGlLhJp.exe
  C:\Windows\System\AGlLhJp.exe
  2⤵
  PID:4664
- C:\Windows\System\mmFXxbN.exe
  C:\Windows\System\mmFXxbN.exe
  2⤵
  PID:4680
- C:\Windows\System\TfptdRy.exe
  C:\Windows\System\TfptdRy.exe
  2⤵
  PID:4728
- C:\Windows\System\askHfHt.exe
  C:\Windows\System\askHfHt.exe
  2⤵
  PID:4788
- C:\Windows\System\XTViWnD.exe
  C:\Windows\System\XTViWnD.exe
  2⤵
  PID:3932
- C:\Windows\System\TkfoaNB.exe
  C:\Windows\System\TkfoaNB.exe
  2⤵
  PID:4264
- C:\Windows\System\BeYOzfE.exe
  C:\Windows\System\BeYOzfE.exe
  2⤵
  PID:4952
- C:\Windows\System\bsFcGtN.exe
  C:\Windows\System\bsFcGtN.exe
  2⤵
  PID:4216
- C:\Windows\System\PfdKhnm.exe
  C:\Windows\System\PfdKhnm.exe
  2⤵
  PID:4580
- C:\Windows\System\hzRaDDZ.exe
  C:\Windows\System\hzRaDDZ.exe
  2⤵
  PID:3676
- C:\Windows\System\WKkZvha.exe
  C:\Windows\System\WKkZvha.exe
  2⤵
  PID:4492
- C:\Windows\System\LmAcCIa.exe
  C:\Windows\System\LmAcCIa.exe
  2⤵
  PID:4696
- C:\Windows\System\fefVffU.exe
  C:\Windows\System\fefVffU.exe
  2⤵
  PID:4824
- C:\Windows\System\qlLKYMq.exe
  C:\Windows\System\qlLKYMq.exe
  2⤵
  PID:5144
- C:\Windows\System\mVfTQTP.exe
  C:\Windows\System\mVfTQTP.exe
  2⤵
  PID:5164
- C:\Windows\System\ecstaSf.exe
  C:\Windows\System\ecstaSf.exe
  2⤵
  PID:5192
- C:\Windows\System\eYgpiCL.exe
  C:\Windows\System\eYgpiCL.exe
  2⤵
  PID:5208
- C:\Windows\System\oTjknQh.exe
  C:\Windows\System\oTjknQh.exe
  2⤵
  PID:5224
- C:\Windows\System\iWvbuCF.exe
  C:\Windows\System\iWvbuCF.exe
  2⤵
  PID:5240
- C:\Windows\System\GkVFXjV.exe
  C:\Windows\System\GkVFXjV.exe
  2⤵
  PID:5256
- C:\Windows\System\KsdraSh.exe
  C:\Windows\System\KsdraSh.exe
  2⤵
  PID:5272
- C:\Windows\System\LklIPcm.exe
  C:\Windows\System\LklIPcm.exe
  2⤵
  PID:5288
- C:\Windows\System\TrFogLY.exe
  C:\Windows\System\TrFogLY.exe
  2⤵
  PID:5304
- C:\Windows\System\OTawMgY.exe
  C:\Windows\System\OTawMgY.exe
  2⤵
  PID:5320
- C:\Windows\System\ibXtIZv.exe
  C:\Windows\System\ibXtIZv.exe
  2⤵
  PID:5336
- C:\Windows\System\ejhKxsY.exe
  C:\Windows\System\ejhKxsY.exe
  2⤵
  PID:5352
- C:\Windows\System\afssruE.exe
  C:\Windows\System\afssruE.exe
  2⤵
  PID:5368
- C:\Windows\System\rwUplMX.exe
  C:\Windows\System\rwUplMX.exe
  2⤵
  PID:5400
- C:\Windows\System\MrquHqZ.exe
  C:\Windows\System\MrquHqZ.exe
  2⤵
  PID:5420
- C:\Windows\System\BYcoaKW.exe
  C:\Windows\System\BYcoaKW.exe
  2⤵
  PID:5436
- C:\Windows\System\cVcbpvq.exe
  C:\Windows\System\cVcbpvq.exe
  2⤵
  PID:5452
- C:\Windows\System\bHIjbow.exe
  C:\Windows\System\bHIjbow.exe
  2⤵
  PID:5468
- C:\Windows\System\oNLNbfI.exe
  C:\Windows\System\oNLNbfI.exe
  2⤵
  PID:5484
- C:\Windows\System\MwWIgVB.exe
  C:\Windows\System\MwWIgVB.exe
  2⤵
  PID:5500
- C:\Windows\System\SlOhsiJ.exe
  C:\Windows\System\SlOhsiJ.exe
  2⤵
  PID:5516
- C:\Windows\System\AVfGKwk.exe
  C:\Windows\System\AVfGKwk.exe
  2⤵
  PID:5532
- C:\Windows\System\DFsBntC.exe
  C:\Windows\System\DFsBntC.exe
  2⤵
  PID:5548
- C:\Windows\System\hyDgwGY.exe
  C:\Windows\System\hyDgwGY.exe
  2⤵
  PID:5564
- C:\Windows\System\cowdTqM.exe
  C:\Windows\System\cowdTqM.exe
  2⤵
  PID:5580
- C:\Windows\System\AXevcEW.exe
  C:\Windows\System\AXevcEW.exe
  2⤵
  PID:5596
- C:\Windows\System\PBTpiUc.exe
  C:\Windows\System\PBTpiUc.exe
  2⤵
  PID:5612
- C:\Windows\System\AfsFYxM.exe
  C:\Windows\System\AfsFYxM.exe
  2⤵
  PID:5628
- C:\Windows\System\jQvlOGL.exe
  C:\Windows\System\jQvlOGL.exe
  2⤵
  PID:5644
- C:\Windows\System\AsmsPpx.exe
  C:\Windows\System\AsmsPpx.exe
  2⤵
  PID:5660
- C:\Windows\System\yseCsyv.exe
  C:\Windows\System\yseCsyv.exe
  2⤵
  PID:5684
- C:\Windows\System\oMZjUDL.exe
  C:\Windows\System\oMZjUDL.exe
  2⤵
  PID:5700
- C:\Windows\System\PpOAvzy.exe
  C:\Windows\System\PpOAvzy.exe
  2⤵
  PID:5716
- C:\Windows\System\RzCZbbK.exe
  C:\Windows\System\RzCZbbK.exe
  2⤵
  PID:5732
- C:\Windows\System\SerwdGW.exe
  C:\Windows\System\SerwdGW.exe
  2⤵
  PID:5748
- C:\Windows\System\zMHUMub.exe
  C:\Windows\System\zMHUMub.exe
  2⤵
  PID:5776
- C:\Windows\System\eHNJKWQ.exe
  C:\Windows\System\eHNJKWQ.exe
  2⤵
  PID:5804
- C:\Windows\System\qHSRqfW.exe
  C:\Windows\System\qHSRqfW.exe
  2⤵
  PID:5820
- C:\Windows\System\pORDfUj.exe
  C:\Windows\System\pORDfUj.exe
  2⤵
  PID:5840
- C:\Windows\System\TDiFHep.exe
  C:\Windows\System\TDiFHep.exe
  2⤵
  PID:5856
- C:\Windows\System\AaqioEr.exe
  C:\Windows\System\AaqioEr.exe
  2⤵
  PID:5872
- C:\Windows\System\JhouaWa.exe
  C:\Windows\System\JhouaWa.exe
  2⤵
  PID:5904
- C:\Windows\System\IrYaIQL.exe
  C:\Windows\System\IrYaIQL.exe
  2⤵
  PID:5928
- C:\Windows\System\PdIVSRu.exe
  C:\Windows\System\PdIVSRu.exe
  2⤵
  PID:5944
- C:\Windows\System\kSsZIcu.exe
  C:\Windows\System\kSsZIcu.exe
  2⤵
  PID:5960
- C:\Windows\System\ptAoFJH.exe
  C:\Windows\System\ptAoFJH.exe
  2⤵
  PID:5976
- C:\Windows\System\hmtCbGw.exe
  C:\Windows\System\hmtCbGw.exe
  2⤵
  PID:5992
- C:\Windows\System\zMaanai.exe
  C:\Windows\System\zMaanai.exe
  2⤵
  PID:6008
- C:\Windows\System\BzRTuRo.exe
  C:\Windows\System\BzRTuRo.exe
  2⤵
  PID:6024
- C:\Windows\System\zztPiWl.exe
  C:\Windows\System\zztPiWl.exe
  2⤵
  PID:6040
- C:\Windows\System\UQWxbdl.exe
  C:\Windows\System\UQWxbdl.exe
  2⤵
  PID:6056
- C:\Windows\System\UKOSIgj.exe
  C:\Windows\System\UKOSIgj.exe
  2⤵
  PID:6072
- C:\Windows\System\QiFTzmp.exe
  C:\Windows\System\QiFTzmp.exe
  2⤵
  PID:6088
- C:\Windows\System\FpYjzAu.exe
  C:\Windows\System\FpYjzAu.exe
  2⤵
  PID:6104
- C:\Windows\System\QXQZUuH.exe
  C:\Windows\System\QXQZUuH.exe
  2⤵
  PID:6124
- C:\Windows\System\LWCCXah.exe
  C:\Windows\System\LWCCXah.exe
  2⤵
  PID:6140
- C:\Windows\System\LlamcxI.exe
  C:\Windows\System\LlamcxI.exe
  2⤵
  PID:4996
- C:\Windows\System\xpgsxvL.exe
  C:\Windows\System\xpgsxvL.exe
  2⤵
  PID:4852
- C:\Windows\System\TKwiswc.exe
  C:\Windows\System\TKwiswc.exe
  2⤵
  PID:5132
- C:\Windows\System\ocnCUFj.exe
  C:\Windows\System\ocnCUFj.exe
  2⤵
  PID:4572
- C:\Windows\System\ndWrWVu.exe
  C:\Windows\System\ndWrWVu.exe
  2⤵
  PID:5172
- C:\Windows\System\CPGREIs.exe
  C:\Windows\System\CPGREIs.exe
  2⤵
  PID:4760
- C:\Windows\System\hTMsTPE.exe
  C:\Windows\System\hTMsTPE.exe
  2⤵
  PID:5160
- C:\Windows\System\yfPniJz.exe
  C:\Windows\System\yfPniJz.exe
  2⤵
  PID:5188
- C:\Windows\System\JNvXMXL.exe
  C:\Windows\System\JNvXMXL.exe
  2⤵
  PID:5248
- C:\Windows\System\MoIezDV.exe
  C:\Windows\System\MoIezDV.exe
  2⤵
  PID:5344
- C:\Windows\System\lNshdZC.exe
  C:\Windows\System\lNshdZC.exe
  2⤵
  PID:5204
- C:\Windows\System\PtVFRcm.exe
  C:\Windows\System\PtVFRcm.exe
  2⤵
  PID:5388
- C:\Windows\System\qMmDVCp.exe
  C:\Windows\System\qMmDVCp.exe
  2⤵
  PID:5360
- C:\Windows\System\nPXOETL.exe
  C:\Windows\System\nPXOETL.exe
  2⤵
  PID:5268
- C:\Windows\System\WBMrKub.exe
  C:\Windows\System\WBMrKub.exe
  2⤵
  PID:5432
- C:\Windows\System\zOsOjdo.exe
  C:\Windows\System\zOsOjdo.exe
  2⤵
  PID:5524
- C:\Windows\System\ITOzaKd.exe
  C:\Windows\System\ITOzaKd.exe
  2⤵
  PID:5560
- C:\Windows\System\gLytGJm.exe
  C:\Windows\System\gLytGJm.exe
  2⤵
  PID:5624
- C:\Windows\System\XfhPzwe.exe
  C:\Windows\System\XfhPzwe.exe
  2⤵
  PID:5604
- C:\Windows\System\CAZQXzG.exe
  C:\Windows\System\CAZQXzG.exe
  2⤵
  PID:5668
- C:\Windows\System\rKCiVKD.exe
  C:\Windows\System\rKCiVKD.exe
  2⤵
  PID:5416
- C:\Windows\System\rOjqfaq.exe
  C:\Windows\System\rOjqfaq.exe
  2⤵
  PID:5576
- C:\Windows\System\kIFZIem.exe
  C:\Windows\System\kIFZIem.exe
  2⤵
  PID:5508
- C:\Windows\System\iHWZwMv.exe
  C:\Windows\System\iHWZwMv.exe
  2⤵
  PID:5712
- C:\Windows\System\vXTUudd.exe
  C:\Windows\System\vXTUudd.exe
  2⤵
  PID:5692
- C:\Windows\System\tAUtuWo.exe
  C:\Windows\System\tAUtuWo.exe
  2⤵
  PID:5756
- C:\Windows\System\oPNpOXC.exe
  C:\Windows\System\oPNpOXC.exe
  2⤵
  PID:5768
- C:\Windows\System\pezBnVf.exe
  C:\Windows\System\pezBnVf.exe
  2⤵
  PID:5796
- C:\Windows\System\vBSeXXG.exe
  C:\Windows\System\vBSeXXG.exe
  2⤵
  PID:5848
- C:\Windows\System\lxFidYR.exe
  C:\Windows\System\lxFidYR.exe
  2⤵
  PID:5888
- C:\Windows\System\hOVvshM.exe
  C:\Windows\System\hOVvshM.exe
  2⤵
  PID:5896
- C:\Windows\System\wOQXzpX.exe
  C:\Windows\System\wOQXzpX.exe
  2⤵
  PID:5968
- C:\Windows\System\dyiJMNt.exe
  C:\Windows\System\dyiJMNt.exe
  2⤵
  PID:5916
- C:\Windows\System\IXFfHGR.exe
  C:\Windows\System\IXFfHGR.exe
  2⤵
  PID:6100
- C:\Windows\System\tVxVIDZ.exe
  C:\Windows\System\tVxVIDZ.exe
  2⤵
  PID:6020
- C:\Windows\System\UYwcwdp.exe
  C:\Windows\System\UYwcwdp.exe
  2⤵
  PID:6136
- C:\Windows\System\uZQYIgn.exe
  C:\Windows\System\uZQYIgn.exe
  2⤵
  PID:6052
- C:\Windows\System\fIhDWuF.exe
  C:\Windows\System\fIhDWuF.exe
  2⤵
  PID:4968
- C:\Windows\System\HUWbENY.exe
  C:\Windows\System\HUWbENY.exe
  2⤵
  PID:4660
- C:\Windows\System\UayaHpS.exe
  C:\Windows\System\UayaHpS.exe
  2⤵
  PID:5216
- C:\Windows\System\nuufdRF.exe
  C:\Windows\System\nuufdRF.exe
  2⤵
  PID:5156
- C:\Windows\System\AocdGii.exe
  C:\Windows\System\AocdGii.exe
  2⤵
  PID:5184
- C:\Windows\System\RGYruSW.exe
  C:\Windows\System\RGYruSW.exe
  2⤵
  PID:5264
- C:\Windows\System\pxheGWd.exe
  C:\Windows\System\pxheGWd.exe
  2⤵
  PID:5428
- C:\Windows\System\qiUUHyW.exe
  C:\Windows\System\qiUUHyW.exe
  2⤵
  PID:5544
- C:\Windows\System\ZdibatA.exe
  C:\Windows\System\ZdibatA.exe
  2⤵
  PID:5460
- C:\Windows\System\mVieOuQ.exe
  C:\Windows\System\mVieOuQ.exe
  2⤵
  PID:5408
- C:\Windows\System\lrfrGFT.exe
  C:\Windows\System\lrfrGFT.exe
  2⤵
  PID:5864
- C:\Windows\System\bNeCaPV.exe
  C:\Windows\System\bNeCaPV.exe
  2⤵
  PID:5680
- C:\Windows\System\ejMMEPE.exe
  C:\Windows\System\ejMMEPE.exe
  2⤵
  PID:5792
- C:\Windows\System\UZkwqax.exe
  C:\Windows\System\UZkwqax.exe
  2⤵
  PID:5852
- C:\Windows\System\MCNHJxL.exe
  C:\Windows\System\MCNHJxL.exe
  2⤵
  PID:6032
- C:\Windows\System\PztXFyx.exe
  C:\Windows\System\PztXFyx.exe
  2⤵
  PID:6096
- C:\Windows\System\pLvADUT.exe
  C:\Windows\System\pLvADUT.exe
  2⤵
  PID:5924
- C:\Windows\System\cegOxDy.exe
  C:\Windows\System\cegOxDy.exe
  2⤵
  PID:5136
- C:\Windows\System\EwQZdlE.exe
  C:\Windows\System\EwQZdlE.exe
  2⤵
  PID:6112
- C:\Windows\System\htKrJwt.exe
  C:\Windows\System\htKrJwt.exe
  2⤵
  PID:4744
- C:\Windows\System\JZaciPg.exe
  C:\Windows\System\JZaciPg.exe
  2⤵
  PID:5480
- C:\Windows\System\kGAEbCV.exe
  C:\Windows\System\kGAEbCV.exe
  2⤵
  PID:5296
- C:\Windows\System\pIbgwlS.exe
  C:\Windows\System\pIbgwlS.exe
  2⤵
  PID:5316
- C:\Windows\System\oyCenjY.exe
  C:\Windows\System\oyCenjY.exe
  2⤵
  PID:5744
- C:\Windows\System\YfdXWzO.exe
  C:\Windows\System\YfdXWzO.exe
  2⤵
  PID:5620
- C:\Windows\System\PEjPSsE.exe
  C:\Windows\System\PEjPSsE.exe
  2⤵
  PID:5936
- C:\Windows\System\zUCaasM.exe
  C:\Windows\System\zUCaasM.exe
  2⤵
  PID:5640
- C:\Windows\System\sajQpot.exe
  C:\Windows\System\sajQpot.exe
  2⤵
  PID:5892
- C:\Windows\System\BdbuoBG.exe
  C:\Windows\System\BdbuoBG.exe
  2⤵
  PID:6036
- C:\Windows\System\WAtXBCh.exe
  C:\Windows\System\WAtXBCh.exe
  2⤵
  PID:5956
- C:\Windows\System\dCRgaLC.exe
  C:\Windows\System\dCRgaLC.exe
  2⤵
  PID:5364
- C:\Windows\System\IoVzfey.exe
  C:\Windows\System\IoVzfey.exe
  2⤵
  PID:5724
- C:\Windows\System\eAxroXu.exe
  C:\Windows\System\eAxroXu.exe
  2⤵
  PID:6000
- C:\Windows\System\VGsScml.exe
  C:\Windows\System\VGsScml.exe
  2⤵
  PID:6116
- C:\Windows\System\eKhQOYD.exe
  C:\Windows\System\eKhQOYD.exe
  2⤵
  PID:5784
- C:\Windows\System\PPtqDTV.exe
  C:\Windows\System\PPtqDTV.exe
  2⤵
  PID:6068
- C:\Windows\System\kqoSLQA.exe
  C:\Windows\System\kqoSLQA.exe
  2⤵
  PID:5236
- C:\Windows\System\HGSmftb.exe
  C:\Windows\System\HGSmftb.exe
  2⤵
  PID:6156
- C:\Windows\System\AZaZPPg.exe
  C:\Windows\System\AZaZPPg.exe
  2⤵
  PID:6180
- C:\Windows\System\tPTkHTt.exe
  C:\Windows\System\tPTkHTt.exe
  2⤵
  PID:6196
- C:\Windows\System\AHGcjQw.exe
  C:\Windows\System\AHGcjQw.exe
  2⤵
  PID:6212
- C:\Windows\System\YIipTmq.exe
  C:\Windows\System\YIipTmq.exe
  2⤵
  PID:6232
- C:\Windows\System\YUkgYzG.exe
  C:\Windows\System\YUkgYzG.exe
  2⤵
  PID:6260
- C:\Windows\System\eoSBchH.exe
  C:\Windows\System\eoSBchH.exe
  2⤵
  PID:6276
- C:\Windows\System\oBOcMmM.exe
  C:\Windows\System\oBOcMmM.exe
  2⤵
  PID:6296
- C:\Windows\System\RwrlNBc.exe
  C:\Windows\System\RwrlNBc.exe
  2⤵
  PID:6312
- C:\Windows\System\ttsBRQl.exe
  C:\Windows\System\ttsBRQl.exe
  2⤵
  PID:6328
- C:\Windows\System\sciIlMy.exe
  C:\Windows\System\sciIlMy.exe
  2⤵
  PID:6344
- C:\Windows\System\rDIECyn.exe
  C:\Windows\System\rDIECyn.exe
  2⤵
  PID:6360
- C:\Windows\System\qzkjqDN.exe
  C:\Windows\System\qzkjqDN.exe
  2⤵
  PID:6388
- C:\Windows\System\DyVuDEn.exe
  C:\Windows\System\DyVuDEn.exe
  2⤵
  PID:6404
- C:\Windows\System\oCpLnSA.exe
  C:\Windows\System\oCpLnSA.exe
  2⤵
  PID:6420
- C:\Windows\System\dfMaYdF.exe
  C:\Windows\System\dfMaYdF.exe
  2⤵
  PID:6436
- C:\Windows\System\cIsuzZb.exe
  C:\Windows\System\cIsuzZb.exe
  2⤵
  PID:6452
- C:\Windows\System\wWSIuqa.exe
  C:\Windows\System\wWSIuqa.exe
  2⤵
  PID:6468
- C:\Windows\System\YUovMeS.exe
  C:\Windows\System\YUovMeS.exe
  2⤵
  PID:6484
- C:\Windows\System\mEIrPpB.exe
  C:\Windows\System\mEIrPpB.exe
  2⤵
  PID:6504
- C:\Windows\System\lpmoctr.exe
  C:\Windows\System\lpmoctr.exe
  2⤵
  PID:6520
- C:\Windows\System\WpTWdKS.exe
  C:\Windows\System\WpTWdKS.exe
  2⤵
  PID:6536
- C:\Windows\System\sBOBGPG.exe
  C:\Windows\System\sBOBGPG.exe
  2⤵
  PID:6552
- C:\Windows\System\rtfmubk.exe
  C:\Windows\System\rtfmubk.exe
  2⤵
  PID:6568
- C:\Windows\System\HiAikQO.exe
  C:\Windows\System\HiAikQO.exe
  2⤵
  PID:6584
- C:\Windows\System\rHDCvAz.exe
  C:\Windows\System\rHDCvAz.exe
  2⤵
  PID:6600
- C:\Windows\System\VdeoYgv.exe
  C:\Windows\System\VdeoYgv.exe
  2⤵
  PID:6616
- C:\Windows\System\yVAvfNE.exe
  C:\Windows\System\yVAvfNE.exe
  2⤵
  PID:6632
- C:\Windows\System\axNjJkV.exe
  C:\Windows\System\axNjJkV.exe
  2⤵
  PID:6648
- C:\Windows\System\wRYSoof.exe
  C:\Windows\System\wRYSoof.exe
  2⤵
  PID:6664
- C:\Windows\System\pRaBeqB.exe
  C:\Windows\System\pRaBeqB.exe
  2⤵
  PID:6680
- C:\Windows\System\RORRUAI.exe
  C:\Windows\System\RORRUAI.exe
  2⤵
  PID:6696
- C:\Windows\System\QLiCgbJ.exe
  C:\Windows\System\QLiCgbJ.exe
  2⤵
  PID:6712
- C:\Windows\System\VEBmshb.exe
  C:\Windows\System\VEBmshb.exe
  2⤵
  PID:6728
- C:\Windows\System\ZcZbBss.exe
  C:\Windows\System\ZcZbBss.exe
  2⤵
  PID:6744
- C:\Windows\System\MKzVMVI.exe
  C:\Windows\System\MKzVMVI.exe
  2⤵
  PID:6760
- C:\Windows\System\NUGkIQe.exe
  C:\Windows\System\NUGkIQe.exe
  2⤵
  PID:6776
- C:\Windows\System\XGaCCaU.exe
  C:\Windows\System\XGaCCaU.exe
  2⤵
  PID:6796
- C:\Windows\System\NBJBFiX.exe
  C:\Windows\System\NBJBFiX.exe
  2⤵
  PID:6812
- C:\Windows\System\FUXtSPL.exe
  C:\Windows\System\FUXtSPL.exe
  2⤵
  PID:6828
- C:\Windows\System\zTdyTtG.exe
  C:\Windows\System\zTdyTtG.exe
  2⤵
  PID:6844
- C:\Windows\System\oBSzRAF.exe
  C:\Windows\System\oBSzRAF.exe
  2⤵
  PID:6860
- C:\Windows\System\WjoasXL.exe
  C:\Windows\System\WjoasXL.exe
  2⤵
  PID:6876
- C:\Windows\System\NccokwO.exe
  C:\Windows\System\NccokwO.exe
  2⤵
  PID:6892
- C:\Windows\System\RYyyrLp.exe
  C:\Windows\System\RYyyrLp.exe
  2⤵
  PID:6908
- C:\Windows\System\dXMNhmG.exe
  C:\Windows\System\dXMNhmG.exe
  2⤵
  PID:6924
- C:\Windows\System\DVhhIzH.exe
  C:\Windows\System\DVhhIzH.exe
  2⤵
  PID:6940
- C:\Windows\System\yVPcfzQ.exe
  C:\Windows\System\yVPcfzQ.exe
  2⤵
  PID:6956
- C:\Windows\System\YvMnmFg.exe
  C:\Windows\System\YvMnmFg.exe
  2⤵
  PID:6976
- C:\Windows\System\HTWcThu.exe
  C:\Windows\System\HTWcThu.exe
  2⤵
  PID:6992
- C:\Windows\System\ZdkxRzV.exe
  C:\Windows\System\ZdkxRzV.exe
  2⤵
  PID:7008
- C:\Windows\System\DgexmHF.exe
  C:\Windows\System\DgexmHF.exe
  2⤵
  PID:7024
- C:\Windows\System\DDtvZKq.exe
  C:\Windows\System\DDtvZKq.exe
  2⤵
  PID:7040
- C:\Windows\System\QpnNPfS.exe
  C:\Windows\System\QpnNPfS.exe
  2⤵
  PID:7056
- C:\Windows\System\WEXlmBb.exe
  C:\Windows\System\WEXlmBb.exe
  2⤵
  PID:7072
- C:\Windows\System\vRhOfKb.exe
  C:\Windows\System\vRhOfKb.exe
  2⤵
  PID:7088
- C:\Windows\System\mqaslGp.exe
  C:\Windows\System\mqaslGp.exe
  2⤵
  PID:7104
- C:\Windows\System\JWhNUda.exe
  C:\Windows\System\JWhNUda.exe
  2⤵
  PID:7120
- C:\Windows\System\JeKPndp.exe
  C:\Windows\System\JeKPndp.exe
  2⤵
  PID:7136
- C:\Windows\System\VElVSKj.exe
  C:\Windows\System\VElVSKj.exe
  2⤵
  PID:7152
- C:\Windows\System\iSinpFI.exe
  C:\Windows\System\iSinpFI.exe
  2⤵
  PID:4424
- C:\Windows\System\OLQWohe.exe
  C:\Windows\System\OLQWohe.exe
  2⤵
  PID:6152
- C:\Windows\System\SGiLeur.exe
  C:\Windows\System\SGiLeur.exe
  2⤵
  PID:5392
- C:\Windows\System\LBzZIkk.exe
  C:\Windows\System\LBzZIkk.exe
  2⤵
  PID:6228
- C:\Windows\System\fikjjns.exe
  C:\Windows\System\fikjjns.exe
  2⤵
  PID:5376
- C:\Windows\System\vmabeuX.exe
  C:\Windows\System\vmabeuX.exe
  2⤵
  PID:6208
- C:\Windows\System\ZJsdyCY.exe
  C:\Windows\System\ZJsdyCY.exe
  2⤵
  PID:6252
- C:\Windows\System\pxWeEjc.exe
  C:\Windows\System\pxWeEjc.exe
  2⤵
  PID:6308
- C:\Windows\System\NdYuTSK.exe
  C:\Windows\System\NdYuTSK.exe
  2⤵
  PID:6368
- C:\Windows\System\cRxvkfb.exe
  C:\Windows\System\cRxvkfb.exe
  2⤵
  PID:6412
- C:\Windows\System\HPBWnEO.exe
  C:\Windows\System\HPBWnEO.exe
  2⤵
  PID:6448
- C:\Windows\System\OENTymk.exe
  C:\Windows\System\OENTymk.exe
  2⤵
  PID:6292
- C:\Windows\System\rETXhjV.exe
  C:\Windows\System\rETXhjV.exe
  2⤵
  PID:6460
- C:\Windows\System\aBTtOSC.exe
  C:\Windows\System\aBTtOSC.exe
  2⤵
  PID:6432
- C:\Windows\System\NvrnXns.exe
  C:\Windows\System\NvrnXns.exe
  2⤵
  PID:6480
- C:\Windows\System\gAhKYvQ.exe
  C:\Windows\System\gAhKYvQ.exe
  2⤵
  PID:6548
- C:\Windows\System\asZTYnp.exe
  C:\Windows\System\asZTYnp.exe
  2⤵
  PID:6596
- C:\Windows\System\ERhhQGy.exe
  C:\Windows\System\ERhhQGy.exe
  2⤵
  PID:6644
- C:\Windows\System\znOlZLN.exe
  C:\Windows\System\znOlZLN.exe
  2⤵
  PID:6640
- C:\Windows\System\ioyRzvH.exe
  C:\Windows\System\ioyRzvH.exe
  2⤵
  PID:6560
- C:\Windows\System\IhUDTxE.exe
  C:\Windows\System\IhUDTxE.exe
  2⤵
  PID:6708
- C:\Windows\System\yAZSSmH.exe
  C:\Windows\System\yAZSSmH.exe
  2⤵
  PID:6804
- C:\Windows\System\MbrUniF.exe
  C:\Windows\System\MbrUniF.exe
  2⤵
  PID:6840
- C:\Windows\System\zucpDwD.exe
  C:\Windows\System\zucpDwD.exe
  2⤵
  PID:6904
- C:\Windows\System\qtdYFRw.exe
  C:\Windows\System\qtdYFRw.exe
  2⤵
  PID:6724
- C:\Windows\System\VcCfhQo.exe
  C:\Windows\System\VcCfhQo.exe
  2⤵
  PID:6824
- C:\Windows\System\NHqTDcp.exe
  C:\Windows\System\NHqTDcp.exe
  2⤵
  PID:6936
- C:\Windows\System\gpZARxJ.exe
  C:\Windows\System\gpZARxJ.exe
  2⤵
  PID:6972
- C:\Windows\System\ZGkcvje.exe
  C:\Windows\System\ZGkcvje.exe
  2⤵
  PID:6984
- C:\Windows\System\vANWTsC.exe
  C:\Windows\System\vANWTsC.exe
  2⤵
  PID:7080
- C:\Windows\System\chdMDGR.exe
  C:\Windows\System\chdMDGR.exe
  2⤵
  PID:6792
- C:\Windows\System\qdBcGez.exe
  C:\Windows\System\qdBcGez.exe
  2⤵
  PID:7016
- C:\Windows\System\vQwNyvA.exe
  C:\Windows\System\vQwNyvA.exe
  2⤵
  PID:7148
- C:\Windows\System\MWXyrtc.exe
  C:\Windows\System\MWXyrtc.exe
  2⤵
  PID:6172
- C:\Windows\System\GRJKYne.exe
  C:\Windows\System\GRJKYne.exe
  2⤵
  PID:7064
- C:\Windows\System\xThCnmj.exe
  C:\Windows\System\xThCnmj.exe
  2⤵
  PID:7160
- C:\Windows\System\LjhNRyc.exe
  C:\Windows\System\LjhNRyc.exe
  2⤵
  PID:6220
- C:\Windows\System\LcJqvQX.exe
  C:\Windows\System\LcJqvQX.exe
  2⤵
  PID:5920
- C:\Windows\System\FiHauoI.exe
  C:\Windows\System\FiHauoI.exe
  2⤵
  PID:6372
- C:\Windows\System\nqiMUqQ.exe
  C:\Windows\System\nqiMUqQ.exe
  2⤵
  PID:6284
- C:\Windows\System\HSlcnJY.exe
  C:\Windows\System\HSlcnJY.exe
  2⤵
  PID:6428
- C:\Windows\System\qlCVRxV.exe
  C:\Windows\System\qlCVRxV.exe
  2⤵
  PID:6564
- C:\Windows\System\xOkXvIb.exe
  C:\Windows\System\xOkXvIb.exe
  2⤵
  PID:6900
- C:\Windows\System\fCWFYTv.exe
  C:\Windows\System\fCWFYTv.exe
  2⤵
  PID:6772
- C:\Windows\System\ztbduaH.exe
  C:\Windows\System\ztbduaH.exe
  2⤵
  PID:7112
- C:\Windows\System\bRemtcw.exe
  C:\Windows\System\bRemtcw.exe
  2⤵
  PID:6968
- C:\Windows\System\FTzVhps.exe
  C:\Windows\System\FTzVhps.exe
  2⤵
  PID:6148
- C:\Windows\System\apOkrqd.exe
  C:\Windows\System\apOkrqd.exe
  2⤵
  PID:7032
- C:\Windows\System\lHXgNft.exe
  C:\Windows\System\lHXgNft.exe
  2⤵
  PID:6396
- C:\Windows\System\atQaAlW.exe
  C:\Windows\System\atQaAlW.exe
  2⤵
  PID:5300
- C:\Windows\System\vfobMaq.exe
  C:\Windows\System\vfobMaq.exe
  2⤵
  PID:6500
- C:\Windows\System\RLHCYHB.exe
  C:\Windows\System\RLHCYHB.exe
  2⤵
  PID:6376
- C:\Windows\System\IAMmGtL.exe
  C:\Windows\System\IAMmGtL.exe
  2⤵
  PID:7000
- C:\Windows\System\cfkLTtT.exe
  C:\Windows\System\cfkLTtT.exe
  2⤵
  PID:6856
- C:\Windows\System\SMnslgt.exe
  C:\Windows\System\SMnslgt.exe
  2⤵
  PID:7164
- C:\Windows\System\WoBrtxo.exe
  C:\Windows\System\WoBrtxo.exe
  2⤵
  PID:6224
- C:\Windows\System\KgCuYDR.exe
  C:\Windows\System\KgCuYDR.exe
  2⤵
  PID:6720
- C:\Windows\System\IWJKKIT.exe
  C:\Windows\System\IWJKKIT.exe
  2⤵
  PID:7172
- C:\Windows\System\eQTskTa.exe
  C:\Windows\System\eQTskTa.exe
  2⤵
  PID:7188
- C:\Windows\System\DYCxCTo.exe
  C:\Windows\System\DYCxCTo.exe
  2⤵
  PID:7204
- C:\Windows\System\WYUKKLQ.exe
  C:\Windows\System\WYUKKLQ.exe
  2⤵
  PID:7224
- C:\Windows\System\ucVRmKw.exe
  C:\Windows\System\ucVRmKw.exe
  2⤵
  PID:7240
- C:\Windows\System\uYfndGX.exe
  C:\Windows\System\uYfndGX.exe
  2⤵
  PID:7256
- C:\Windows\System\FQbbnID.exe
  C:\Windows\System\FQbbnID.exe
  2⤵
  PID:7272
- C:\Windows\System\uUAPOAj.exe
  C:\Windows\System\uUAPOAj.exe
  2⤵
  PID:7288
- C:\Windows\System\yBkNInN.exe
  C:\Windows\System\yBkNInN.exe
  2⤵
  PID:7304
- C:\Windows\System\YPzDWMv.exe
  C:\Windows\System\YPzDWMv.exe
  2⤵
  PID:7320
- C:\Windows\System\DOoGhXJ.exe
  C:\Windows\System\DOoGhXJ.exe
  2⤵
  PID:7336
- C:\Windows\System\qWUNonU.exe
  C:\Windows\System\qWUNonU.exe
  2⤵
  PID:7352
- C:\Windows\System\AaWnQVo.exe
  C:\Windows\System\AaWnQVo.exe
  2⤵
  PID:7368
- C:\Windows\System\VyufAej.exe
  C:\Windows\System\VyufAej.exe
  2⤵
  PID:7384
- C:\Windows\System\ucjZjPz.exe
  C:\Windows\System\ucjZjPz.exe
  2⤵
  PID:7400
- C:\Windows\System\HPlyIxQ.exe
  C:\Windows\System\HPlyIxQ.exe
  2⤵
  PID:7424
- C:\Windows\System\ZasjpEP.exe
  C:\Windows\System\ZasjpEP.exe
  2⤵
  PID:7460
- C:\Windows\System\WHvNlGP.exe
  C:\Windows\System\WHvNlGP.exe
  2⤵
  PID:7476
- C:\Windows\System\fNfzUuA.exe
  C:\Windows\System\fNfzUuA.exe
  2⤵
  PID:7492
- C:\Windows\System\tvkCXrZ.exe
  C:\Windows\System\tvkCXrZ.exe
  2⤵
  PID:7508
- C:\Windows\System\tmAXIyg.exe
  C:\Windows\System\tmAXIyg.exe
  2⤵
  PID:7524
- C:\Windows\System\yYBnbAN.exe
  C:\Windows\System\yYBnbAN.exe
  2⤵
  PID:7540
- C:\Windows\System\AFgxguQ.exe
  C:\Windows\System\AFgxguQ.exe
  2⤵
  PID:7556
- C:\Windows\System\NuauSiR.exe
  C:\Windows\System\NuauSiR.exe
  2⤵
  PID:7572
- C:\Windows\System\CcewQyc.exe
  C:\Windows\System\CcewQyc.exe
  2⤵
  PID:7588
- C:\Windows\System\UdKWWAL.exe
  C:\Windows\System\UdKWWAL.exe
  2⤵
  PID:7636
- C:\Windows\System\zyPreAX.exe
  C:\Windows\System\zyPreAX.exe
  2⤵
  PID:7656
- C:\Windows\System\YCVJkek.exe
  C:\Windows\System\YCVJkek.exe
  2⤵
  PID:7704
- C:\Windows\System\mQjWipV.exe
  C:\Windows\System\mQjWipV.exe
  2⤵
  PID:7724
- C:\Windows\System\JefCgkX.exe
  C:\Windows\System\JefCgkX.exe
  2⤵
  PID:7740
- C:\Windows\System\xZufZdF.exe
  C:\Windows\System\xZufZdF.exe
  2⤵
  PID:7756
- C:\Windows\System\aenmNEO.exe
  C:\Windows\System\aenmNEO.exe
  2⤵
  PID:7780
- C:\Windows\System\HnLTQUA.exe
  C:\Windows\System\HnLTQUA.exe
  2⤵
  PID:7796
- C:\Windows\System\NtZUYFI.exe
  C:\Windows\System\NtZUYFI.exe
  2⤵
  PID:7812
- C:\Windows\System\Puapcmf.exe
  C:\Windows\System\Puapcmf.exe
  2⤵
  PID:7828
- C:\Windows\System\LddznDZ.exe
  C:\Windows\System\LddznDZ.exe
  2⤵
  PID:7844
- C:\Windows\System\avmhnDW.exe
  C:\Windows\System\avmhnDW.exe
  2⤵
  PID:7864
- C:\Windows\System\zRNdYhz.exe
  C:\Windows\System\zRNdYhz.exe
  2⤵
  PID:7880
- C:\Windows\System\qgHlUUp.exe
  C:\Windows\System\qgHlUUp.exe
  2⤵
  PID:7896
- C:\Windows\System\CdtWXaM.exe
  C:\Windows\System\CdtWXaM.exe
  2⤵
  PID:7916
- C:\Windows\System\xcwnYgs.exe
  C:\Windows\System\xcwnYgs.exe
  2⤵
  PID:7952
- C:\Windows\System\cfLJNDc.exe
  C:\Windows\System\cfLJNDc.exe
  2⤵
  PID:7980
- C:\Windows\System\KIEnCwm.exe
  C:\Windows\System\KIEnCwm.exe
  2⤵
  PID:8004
- C:\Windows\System\aTyBAvt.exe
  C:\Windows\System\aTyBAvt.exe
  2⤵
  PID:8040
- C:\Windows\System\HWsYdKE.exe
  C:\Windows\System\HWsYdKE.exe
  2⤵
  PID:8068
- C:\Windows\System\xbyXNdY.exe
  C:\Windows\System\xbyXNdY.exe
  2⤵
  PID:8096
- C:\Windows\System\HeyXSKP.exe
  C:\Windows\System\HeyXSKP.exe
  2⤵
  PID:8112
- C:\Windows\System\etLLeHU.exe
  C:\Windows\System\etLLeHU.exe
  2⤵
  PID:8128
- C:\Windows\System\gDfxxFo.exe
  C:\Windows\System\gDfxxFo.exe
  2⤵
  PID:8144
- C:\Windows\System\Tyufhek.exe
  C:\Windows\System\Tyufhek.exe
  2⤵
  PID:8164
- C:\Windows\System\bVLbCzQ.exe
  C:\Windows\System\bVLbCzQ.exe
  2⤵
  PID:8180
- C:\Windows\System\fWuMTVD.exe
  C:\Windows\System\fWuMTVD.exe
  2⤵
  PID:7144
- C:\Windows\System\LHZANKc.exe
  C:\Windows\System\LHZANKc.exe
  2⤵
  PID:6872
- C:\Windows\System\IPQBFth.exe
  C:\Windows\System\IPQBFth.exe
  2⤵
  PID:7100
- C:\Windows\System\LBZJImq.exe
  C:\Windows\System\LBZJImq.exe
  2⤵
  PID:6672
- C:\Windows\System\KsTAnaO.exe
  C:\Windows\System\KsTAnaO.exe
  2⤵
  PID:6528
- C:\Windows\System\fEqzdlC.exe
  C:\Windows\System\fEqzdlC.exe
  2⤵
  PID:6256
- C:\Windows\System\NmWjoAL.exe
  C:\Windows\System\NmWjoAL.exe
  2⤵
  PID:6248
- C:\Windows\System\WiiTdTb.exe
  C:\Windows\System\WiiTdTb.exe
  2⤵
  PID:7200
- C:\Windows\System\IVirgfg.exe
  C:\Windows\System\IVirgfg.exe
  2⤵
  PID:7248
- C:\Windows\System\nqiVmAZ.exe
  C:\Windows\System\nqiVmAZ.exe
  2⤵
  PID:7284
- C:\Windows\System\zeEhIud.exe
  C:\Windows\System\zeEhIud.exe
  2⤵
  PID:7376
- C:\Windows\System\aIVlOhF.exe
  C:\Windows\System\aIVlOhF.exe
  2⤵
  PID:7412
- C:\Windows\System\DXWsWwN.exe
  C:\Windows\System\DXWsWwN.exe
  2⤵
  PID:7392
- C:\Windows\System\JOALjfj.exe
  C:\Windows\System\JOALjfj.exe
  2⤵
  PID:7296
- C:\Windows\System\ZaRydgD.exe
  C:\Windows\System\ZaRydgD.exe
  2⤵
  PID:7432
- C:\Windows\System\dQbvdcS.exe
  C:\Windows\System\dQbvdcS.exe
  2⤵
  PID:7416
- C:\Windows\System\yhUtdyL.exe
  C:\Windows\System\yhUtdyL.exe
  2⤵
  PID:7504
- C:\Windows\System\mvofLmS.exe
  C:\Windows\System\mvofLmS.exe
  2⤵
  PID:7568
- C:\Windows\System\ECGZxsw.exe
  C:\Windows\System\ECGZxsw.exe
  2⤵
  PID:7580
- C:\Windows\System\lXlXNjn.exe
  C:\Windows\System\lXlXNjn.exe
  2⤵
  PID:7488
- C:\Windows\System\ADqJjKA.exe
  C:\Windows\System\ADqJjKA.exe
  2⤵
  PID:7552
- C:\Windows\System\HGJNviO.exe
  C:\Windows\System\HGJNviO.exe
  2⤵
  PID:7612
- C:\Windows\System\rGuGiLL.exe
  C:\Windows\System\rGuGiLL.exe
  2⤵
  PID:7628
- C:\Windows\System\WZdGSvb.exe
  C:\Windows\System\WZdGSvb.exe
  2⤵
  PID:7672
- C:\Windows\System\hplTMJr.exe
  C:\Windows\System\hplTMJr.exe
  2⤵
  PID:7688
- C:\Windows\System\XCYbjDt.exe
  C:\Windows\System\XCYbjDt.exe
  2⤵
  PID:7732
- C:\Windows\System\RQipMsM.exe
  C:\Windows\System\RQipMsM.exe
  2⤵
  PID:7752
- C:\Windows\System\AChxVlu.exe
  C:\Windows\System\AChxVlu.exe
  2⤵
  PID:7720
- C:\Windows\System\DXIwRMi.exe
  C:\Windows\System\DXIwRMi.exe
  2⤵
  PID:7840
- C:\Windows\System\dyvLhje.exe
  C:\Windows\System\dyvLhje.exe
  2⤵
  PID:7908
- C:\Windows\System\jNgecsI.exe
  C:\Windows\System\jNgecsI.exe
  2⤵
  PID:7788
- C:\Windows\System\KjMjiiq.exe
  C:\Windows\System\KjMjiiq.exe
  2⤵
  PID:7824
- C:\Windows\System\zjqmTIo.exe
  C:\Windows\System\zjqmTIo.exe
  2⤵
  PID:7944
- C:\Windows\System\PQNwaPu.exe
  C:\Windows\System\PQNwaPu.exe
  2⤵
  PID:7964
- C:\Windows\System\QSQLmft.exe
  C:\Windows\System\QSQLmft.exe
  2⤵
  PID:8020
- C:\Windows\System\lJjZSDj.exe
  C:\Windows\System\lJjZSDj.exe
  2⤵
  PID:8032
- C:\Windows\System\ZeSgsdj.exe
  C:\Windows\System\ZeSgsdj.exe
  2⤵
  PID:7948
- C:\Windows\System\PeUXOnZ.exe
  C:\Windows\System\PeUXOnZ.exe
  2⤵
  PID:8000
- C:\Windows\System\PlKlQQm.exe
  C:\Windows\System\PlKlQQm.exe
  2⤵
  PID:7992
- C:\Windows\System\JKgflqI.exe
  C:\Windows\System\JKgflqI.exe
  2⤵
  PID:8064
- C:\Windows\System\cvrcbNb.exe
  C:\Windows\System\cvrcbNb.exe
  2⤵
  PID:8120
- C:\Windows\System\DhVxhZj.exe
  C:\Windows\System\DhVxhZj.exe
  2⤵
  PID:8160
- C:\Windows\System\HorRbrU.exe
  C:\Windows\System\HorRbrU.exe
  2⤵
  PID:6288
- C:\Windows\System\GfsGdcD.exe
  C:\Windows\System\GfsGdcD.exe
  2⤵
  PID:6612
- C:\Windows\System\QOhDGrg.exe
  C:\Windows\System\QOhDGrg.exe
  2⤵
  PID:6676
- C:\Windows\System\WRsVMtU.exe
  C:\Windows\System\WRsVMtU.exe
  2⤵
  PID:7440
- C:\Windows\System\fODDiOF.exe
  C:\Windows\System\fODDiOF.exe
  2⤵
  PID:7748
- C:\Windows\System\ohxYrKK.exe
  C:\Windows\System\ohxYrKK.exe
  2⤵
  PID:7196
- C:\Windows\System\tQPKdhL.exe
  C:\Windows\System\tQPKdhL.exe
  2⤵
  PID:7408
- C:\Windows\System\njKPzpL.exe
  C:\Windows\System\njKPzpL.exe
  2⤵
  PID:7332
- C:\Windows\System\rpOKXCY.exe
  C:\Windows\System\rpOKXCY.exe
  2⤵
  PID:7536
- C:\Windows\System\dPyGPgp.exe
  C:\Windows\System\dPyGPgp.exe
  2⤵
  PID:7700
- C:\Windows\System\PTqdsMu.exe
  C:\Windows\System\PTqdsMu.exe
  2⤵
  PID:7484
- C:\Windows\System\dJJVgxn.exe
  C:\Windows\System\dJJVgxn.exe
  2⤵
  PID:7680
- C:\Windows\System\tuQnTnc.exe
  C:\Windows\System\tuQnTnc.exe
  2⤵
  PID:7604
- C:\Windows\System\iUjOFxr.exe
  C:\Windows\System\iUjOFxr.exe
  2⤵
  PID:7776
- C:\Windows\System\GCjGtNC.exe
  C:\Windows\System\GCjGtNC.exe
  2⤵
  PID:7624
- C:\Windows\System\pGeEAJG.exe
  C:\Windows\System\pGeEAJG.exe
  2⤵
  PID:7976
- C:\Windows\System\VASDtwz.exe
  C:\Windows\System\VASDtwz.exe
  2⤵
  PID:7792
- C:\Windows\System\yGHHfrF.exe
  C:\Windows\System\yGHHfrF.exe
  2⤵
  PID:7856
- C:\Windows\System\MqYohnB.exe
  C:\Windows\System\MqYohnB.exe
  2⤵
  PID:8024
- C:\Windows\System\jeFqInX.exe
  C:\Windows\System\jeFqInX.exe
  2⤵
  PID:8076
- C:\Windows\System\DCmaQEe.exe
  C:\Windows\System\DCmaQEe.exe
  2⤵
  PID:8092
- C:\Windows\System\gbQfImK.exe
  C:\Windows\System\gbQfImK.exe
  2⤵
  PID:6384
- C:\Windows\System\ALbUONG.exe
  C:\Windows\System\ALbUONG.exe
  2⤵
  PID:6492
- C:\Windows\System\JSnYFhC.exe
  C:\Windows\System\JSnYFhC.exe
  2⤵
  PID:8060
- C:\Windows\System\UahqaKQ.exe
  C:\Windows\System\UahqaKQ.exe
  2⤵
  PID:6324
- C:\Windows\System\flCjHjr.exe
  C:\Windows\System\flCjHjr.exe
  2⤵
  PID:6820
- C:\Windows\System\KPrnNdZ.exe
  C:\Windows\System\KPrnNdZ.exe
  2⤵
  PID:7300
- C:\Windows\System\pKxRIrx.exe
  C:\Windows\System\pKxRIrx.exe
  2⤵
  PID:7472
- C:\Windows\System\hTPhwSI.exe
  C:\Windows\System\hTPhwSI.exe
  2⤵
  PID:7652
- C:\Windows\System\uLdPiyG.exe
  C:\Windows\System\uLdPiyG.exe
  2⤵
  PID:7644
- C:\Windows\System\xJRkxvc.exe
  C:\Windows\System\xJRkxvc.exe
  2⤵
  PID:7456
- C:\Windows\System\spbNCzg.exe
  C:\Windows\System\spbNCzg.exe
  2⤵
  PID:7888
- C:\Windows\System\EMpKMjA.exe
  C:\Windows\System\EMpKMjA.exe
  2⤵
  PID:6580
- C:\Windows\System\tcGspaO.exe
  C:\Windows\System\tcGspaO.exe
  2⤵
  PID:5832
- C:\Windows\System\KbBwxVP.exe
  C:\Windows\System\KbBwxVP.exe
  2⤵
  PID:7876
- C:\Windows\System\muwxyDT.exe
  C:\Windows\System\muwxyDT.exe
  2⤵
  PID:7216
- C:\Windows\System\KdjrPNQ.exe
  C:\Windows\System\KdjrPNQ.exe
  2⤵
  PID:7564
- C:\Windows\System\hmmnNQO.exe
  C:\Windows\System\hmmnNQO.exe
  2⤵
  PID:8200
- C:\Windows\System\aqtozbg.exe
  C:\Windows\System\aqtozbg.exe
  2⤵
  PID:8216
- C:\Windows\System\ksOMODC.exe
  C:\Windows\System\ksOMODC.exe
  2⤵
  PID:8232
- C:\Windows\System\NnSyijx.exe
  C:\Windows\System\NnSyijx.exe
  2⤵
  PID:8248
- C:\Windows\System\kOhPesJ.exe
  C:\Windows\System\kOhPesJ.exe
  2⤵
  PID:8264
- C:\Windows\System\IYCycoW.exe
  C:\Windows\System\IYCycoW.exe
  2⤵
  PID:8280
- C:\Windows\System\jfbJjMD.exe
  C:\Windows\System\jfbJjMD.exe
  2⤵
  PID:8308
- C:\Windows\System\BilPGsx.exe
  C:\Windows\System\BilPGsx.exe
  2⤵
  PID:8332
- C:\Windows\System\LRxgfWT.exe
  C:\Windows\System\LRxgfWT.exe
  2⤵
  PID:8352
- C:\Windows\System\FcrefUe.exe
  C:\Windows\System\FcrefUe.exe
  2⤵
  PID:8376
- C:\Windows\System\xBqoGVj.exe
  C:\Windows\System\xBqoGVj.exe
  2⤵
  PID:8400
- C:\Windows\System\RhPNCEk.exe
  C:\Windows\System\RhPNCEk.exe
  2⤵
  PID:8416
- C:\Windows\System\RodlNZX.exe
  C:\Windows\System\RodlNZX.exe
  2⤵
  PID:8432
- C:\Windows\System\alfNqnW.exe
  C:\Windows\System\alfNqnW.exe
  2⤵
  PID:8452
- C:\Windows\System\SCDsTIk.exe
  C:\Windows\System\SCDsTIk.exe
  2⤵
  PID:8468
- C:\Windows\System\XBlTyCr.exe
  C:\Windows\System\XBlTyCr.exe
  2⤵
  PID:8484
- C:\Windows\System\qgIpplh.exe
  C:\Windows\System\qgIpplh.exe
  2⤵
  PID:8500
- C:\Windows\System\ZxlrNDf.exe
  C:\Windows\System\ZxlrNDf.exe
  2⤵
  PID:8516
- C:\Windows\System\CdgzsjO.exe
  C:\Windows\System\CdgzsjO.exe
  2⤵
  PID:8532
- C:\Windows\System\xPEYWHk.exe
  C:\Windows\System\xPEYWHk.exe
  2⤵
  PID:8548
- C:\Windows\System\KxwdSxJ.exe
  C:\Windows\System\KxwdSxJ.exe
  2⤵
  PID:8568
- C:\Windows\System\AblpuwK.exe
  C:\Windows\System\AblpuwK.exe
  2⤵
  PID:8584
- C:\Windows\System\JzwDKmZ.exe
  C:\Windows\System\JzwDKmZ.exe
  2⤵
  PID:8604
- C:\Windows\System\Yvsreka.exe
  C:\Windows\System\Yvsreka.exe
  2⤵
  PID:8620
- C:\Windows\System\xgMzQLF.exe
  C:\Windows\System\xgMzQLF.exe
  2⤵
  PID:8636
- C:\Windows\System\xHLftRN.exe
  C:\Windows\System\xHLftRN.exe
  2⤵
  PID:8652
- C:\Windows\System\jvpqtQH.exe
  C:\Windows\System\jvpqtQH.exe
  2⤵
  PID:8668
- C:\Windows\System\wqGEBEw.exe
  C:\Windows\System\wqGEBEw.exe
  2⤵
  PID:8684
- C:\Windows\System\wAsVzMP.exe
  C:\Windows\System\wAsVzMP.exe
  2⤵
  PID:8700
- C:\Windows\System\RfdOHmI.exe
  C:\Windows\System\RfdOHmI.exe
  2⤵
  PID:8716
- C:\Windows\System\dXTvCxv.exe
  C:\Windows\System\dXTvCxv.exe
  2⤵
  PID:8736
- C:\Windows\System\LwUNfzT.exe
  C:\Windows\System\LwUNfzT.exe
  2⤵
  PID:8752
- C:\Windows\System\gmUFLOe.exe
  C:\Windows\System\gmUFLOe.exe
  2⤵
  PID:8768
- C:\Windows\System\XXOluMk.exe
  C:\Windows\System\XXOluMk.exe
  2⤵
  PID:8784
- C:\Windows\System\aoWDLrl.exe
  C:\Windows\System\aoWDLrl.exe
  2⤵
  PID:8800
- C:\Windows\System\yglNAAI.exe
  C:\Windows\System\yglNAAI.exe
  2⤵
  PID:8816
- C:\Windows\System\FGeURqR.exe
  C:\Windows\System\FGeURqR.exe
  2⤵
  PID:8832
- C:\Windows\System\KPuXJqE.exe
  C:\Windows\System\KPuXJqE.exe
  2⤵
  PID:8848
- C:\Windows\System\exMnFHZ.exe
  C:\Windows\System\exMnFHZ.exe
  2⤵
  PID:8864
- C:\Windows\System\cDdrRPM.exe
  C:\Windows\System\cDdrRPM.exe
  2⤵
  PID:8880
- C:\Windows\System\IBowUed.exe
  C:\Windows\System\IBowUed.exe
  2⤵
  PID:8896
- C:\Windows\System\lBCsoRG.exe
  C:\Windows\System\lBCsoRG.exe
  2⤵
  PID:8916
- C:\Windows\System\GXzHTeB.exe
  C:\Windows\System\GXzHTeB.exe
  2⤵
  PID:8932
- C:\Windows\System\OZsZwwV.exe
  C:\Windows\System\OZsZwwV.exe
  2⤵
  PID:8948
- C:\Windows\System\OWUYqZK.exe
  C:\Windows\System\OWUYqZK.exe
  2⤵
  PID:8964
- C:\Windows\System\zkxFQII.exe
  C:\Windows\System\zkxFQII.exe
  2⤵
  PID:8980
- C:\Windows\System\qPwnpLZ.exe
  C:\Windows\System\qPwnpLZ.exe
  2⤵
  PID:8996
- C:\Windows\System\eZiATOu.exe
  C:\Windows\System\eZiATOu.exe
  2⤵
  PID:9012
- C:\Windows\System\sisLLpC.exe
  C:\Windows\System\sisLLpC.exe
  2⤵
  PID:9028
- C:\Windows\System\wYcZnHL.exe
  C:\Windows\System\wYcZnHL.exe
  2⤵
  PID:9044
- C:\Windows\System\mvgTtXE.exe
  C:\Windows\System\mvgTtXE.exe
  2⤵
  PID:9060
- C:\Windows\System\ThsXOhP.exe
  C:\Windows\System\ThsXOhP.exe
  2⤵
  PID:9076
- C:\Windows\System\AhDeEKa.exe
  C:\Windows\System\AhDeEKa.exe
  2⤵
  PID:9092
- C:\Windows\System\MPFFrsM.exe
  C:\Windows\System\MPFFrsM.exe
  2⤵
  PID:9108
- C:\Windows\System\njhfFma.exe
  C:\Windows\System\njhfFma.exe
  2⤵
  PID:9124
- C:\Windows\System\wxPasYf.exe
  C:\Windows\System\wxPasYf.exe
  2⤵
  PID:9140
- C:\Windows\System\nhKyrkC.exe
  C:\Windows\System\nhKyrkC.exe
  2⤵
  PID:9156
- C:\Windows\System\VNlJsoA.exe
  C:\Windows\System\VNlJsoA.exe
  2⤵
  PID:9172
- C:\Windows\System\PXfYqSI.exe
  C:\Windows\System\PXfYqSI.exe
  2⤵
  PID:9188
- C:\Windows\System\tqskyFp.exe
  C:\Windows\System\tqskyFp.exe
  2⤵
  PID:9204
- C:\Windows\System\NcBsaBu.exe
  C:\Windows\System\NcBsaBu.exe
  2⤵
  PID:7772
- C:\Windows\System\kRXTktB.exe
  C:\Windows\System\kRXTktB.exe
  2⤵
  PID:8016
- C:\Windows\System\PuhfMNZ.exe
  C:\Windows\System\PuhfMNZ.exe
  2⤵
  PID:6656
- C:\Windows\System\xqMacpr.exe
  C:\Windows\System\xqMacpr.exe
  2⤵
  PID:7380
- C:\Windows\System\AhxSoEv.exe
  C:\Windows\System\AhxSoEv.exe
  2⤵
  PID:8212
- C:\Windows\System\TfbwDFd.exe
  C:\Windows\System\TfbwDFd.exe
  2⤵
  PID:8244
- C:\Windows\System\QHvvcqf.exe
  C:\Windows\System\QHvvcqf.exe
  2⤵
  PID:8276
- C:\Windows\System\zETROxM.exe
  C:\Windows\System\zETROxM.exe
  2⤵
  PID:8320
- C:\Windows\System\wNNzYuO.exe
  C:\Windows\System\wNNzYuO.exe
  2⤵
  PID:8372
- C:\Windows\System\jThhNVI.exe
  C:\Windows\System\jThhNVI.exe
  2⤵
  PID:8300
- C:\Windows\System\YnyVZTq.exe
  C:\Windows\System\YnyVZTq.exe
  2⤵
  PID:8392
- C:\Windows\System\tMPLiao.exe
  C:\Windows\System\tMPLiao.exe
  2⤵
  PID:8396
- C:\Windows\System\SnMRBsT.exe
  C:\Windows\System\SnMRBsT.exe
  2⤵
  PID:8440
- C:\Windows\System\sTvCPRH.exe
  C:\Windows\System\sTvCPRH.exe
  2⤵
  PID:8448
- C:\Windows\System\AYKxJXT.exe
  C:\Windows\System\AYKxJXT.exe
  2⤵
  PID:8512
- C:\Windows\System\uNlYaxE.exe
  C:\Windows\System\uNlYaxE.exe
  2⤵
  PID:8576
- C:\Windows\System\jBpCmOc.exe
  C:\Windows\System\jBpCmOc.exe
  2⤵
  PID:8492
- C:\Windows\System\bwZgDxz.exe
  C:\Windows\System\bwZgDxz.exe
  2⤵
  PID:8528
- C:\Windows\System\jOVibbZ.exe
  C:\Windows\System\jOVibbZ.exe
  2⤵
  PID:8616
- C:\Windows\System\cWUKBXv.exe
  C:\Windows\System\cWUKBXv.exe
  2⤵
  PID:8648
- C:\Windows\System\tJLNTEl.exe
  C:\Windows\System\tJLNTEl.exe
  2⤵
  PID:8628
- C:\Windows\System\wEVQZQg.exe
  C:\Windows\System\wEVQZQg.exe
  2⤵
  PID:8696
- C:\Windows\System\orfOWPv.exe
  C:\Windows\System\orfOWPv.exe
  2⤵
  PID:8732
- C:\Windows\System\zElOBxa.exe
  C:\Windows\System\zElOBxa.exe
  2⤵
  PID:8760
- C:\Windows\System\fpmBUwK.exe
  C:\Windows\System\fpmBUwK.exe
  2⤵
  PID:8812
- C:\Windows\System\hyTcczS.exe
  C:\Windows\System\hyTcczS.exe
  2⤵
  PID:8824
- C:\Windows\System\fNIEYqF.exe
  C:\Windows\System\fNIEYqF.exe
  2⤵
  PID:8956
- C:\Windows\System\sueAUXH.exe
  C:\Windows\System\sueAUXH.exe
  2⤵
  PID:9024
- C:\Windows\System\fnPMgrc.exe
  C:\Windows\System\fnPMgrc.exe
  2⤵
  PID:9116
- C:\Windows\System\OKHfxfC.exe
  C:\Windows\System\OKHfxfC.exe
  2⤵
  PID:9180
- C:\Windows\System\NMAKtqI.exe
  C:\Windows\System\NMAKtqI.exe
  2⤵
  PID:9088
- C:\Windows\System\JDVYlXL.exe
  C:\Windows\System\JDVYlXL.exe
  2⤵
  PID:8840
- C:\Windows\System\RaRtTBi.exe
  C:\Windows\System\RaRtTBi.exe
  2⤵
  PID:9072
- C:\Windows\System\nhJhooF.exe
  C:\Windows\System\nhJhooF.exe
  2⤵
  PID:9132
- C:\Windows\System\QQPFfpd.exe
  C:\Windows\System\QQPFfpd.exe
  2⤵
  PID:9008
- C:\Windows\System\oUBpVLO.exe
  C:\Windows\System\oUBpVLO.exe
  2⤵
  PID:8196
- C:\Windows\System\pIuGWGn.exe
  C:\Windows\System\pIuGWGn.exe
  2⤵
  PID:8348
- C:\Windows\System\JRCNBhs.exe
  C:\Windows\System\JRCNBhs.exe
  2⤵
  PID:8344
- C:\Windows\System\PIwSvFc.exe
  C:\Windows\System\PIwSvFc.exe
  2⤵
  PID:8428
- C:\Windows\System\yGhzjxX.exe
  C:\Windows\System\yGhzjxX.exe
  2⤵
  PID:8524
- C:\Windows\System\FprvtdQ.exe
  C:\Windows\System\FprvtdQ.exe
  2⤵
  PID:8764
- C:\Windows\System\rohMbnP.exe
  C:\Windows\System\rohMbnP.exe
  2⤵
  PID:8564
- C:\Windows\System\TlwWBvG.exe
  C:\Windows\System\TlwWBvG.exe
  2⤵
  PID:8744
- C:\Windows\System\xOUufaB.exe
  C:\Windows\System\xOUufaB.exe
  2⤵
  PID:8796
- C:\Windows\System\IHJwsSA.exe
  C:\Windows\System\IHJwsSA.exe
  2⤵
  PID:8928
- C:\Windows\System\VrqeaaZ.exe
  C:\Windows\System\VrqeaaZ.exe
  2⤵
  PID:9148
- C:\Windows\System\cmHxiER.exe
  C:\Windows\System\cmHxiER.exe
  2⤵
  PID:9164
- C:\Windows\System\qJOrGHe.exe
  C:\Windows\System\qJOrGHe.exe
  2⤵
  PID:9100
- C:\Windows\System\OpYJKRa.exe
  C:\Windows\System\OpYJKRa.exe
  2⤵
  PID:9052
- C:\Windows\System\ZkYjXkX.exe
  C:\Windows\System\ZkYjXkX.exe
  2⤵
  PID:8944
- C:\Windows\System\ZVsBYQG.exe
  C:\Windows\System\ZVsBYQG.exe
  2⤵
  PID:8876
- C:\Windows\System\CFWodjy.exe
  C:\Windows\System\CFWodjy.exe
  2⤵
  PID:1564
- C:\Windows\System\uquptgq.exe
  C:\Windows\System\uquptgq.exe
  2⤵
  PID:8580
- C:\Windows\System\EwjrySZ.exe
  C:\Windows\System\EwjrySZ.exe
  2⤵
  PID:9020
- C:\Windows\System\rgYNHOV.exe
  C:\Windows\System\rgYNHOV.exe
  2⤵
  PID:8296
- C:\Windows\System\VEJtTbd.exe
  C:\Windows\System\VEJtTbd.exe
  2⤵
  PID:7852
- C:\Windows\System\bRHVWWd.exe
  C:\Windows\System\bRHVWWd.exe
  2⤵
  PID:8644
- C:\Windows\System\wYiKMQf.exe
  C:\Windows\System\wYiKMQf.exe
  2⤵
  PID:8692
- C:\Windows\System\UlmagRP.exe
  C:\Windows\System\UlmagRP.exe
  2⤵
  PID:8988
- C:\Windows\System\epLjRHU.exe
  C:\Windows\System\epLjRHU.exe
  2⤵
  PID:9212
- C:\Windows\System\eYSIlnj.exe
  C:\Windows\System\eYSIlnj.exe
  2⤵
  PID:9152
- C:\Windows\System\kKqaeom.exe
  C:\Windows\System\kKqaeom.exe
  2⤵
  PID:8368
- C:\Windows\System\rPICvsO.exe
  C:\Windows\System\rPICvsO.exe
  2⤵
  PID:9612
- C:\Windows\System\lnMYCht.exe
  C:\Windows\System\lnMYCht.exe
  2⤵
  PID:9652
- C:\Windows\System\fYcMLll.exe
  C:\Windows\System\fYcMLll.exe
  2⤵
  PID:9688
- C:\Windows\System\MlcKTNz.exe
  C:\Windows\System\MlcKTNz.exe
  2⤵
  PID:9732
- C:\Windows\System\eRDYKVy.exe
  C:\Windows\System\eRDYKVy.exe
  2⤵
  PID:9824
- C:\Windows\System\ouuIsYk.exe
  C:\Windows\System\ouuIsYk.exe
  2⤵
  PID:9868
- C:\Windows\System\DLeJpZB.exe
  C:\Windows\System\DLeJpZB.exe
  2⤵
  PID:9940
- C:\Windows\System\WjfNGKV.exe
  C:\Windows\System\WjfNGKV.exe
  2⤵
  PID:9956
- C:\Windows\System\cAlEBEf.exe
  C:\Windows\System\cAlEBEf.exe
  2⤵
  PID:9972
- C:\Windows\System\grbdNez.exe
  C:\Windows\System\grbdNez.exe
  2⤵
  PID:9996
- C:\Windows\System\zPQrTzU.exe
  C:\Windows\System\zPQrTzU.exe
  2⤵
  PID:10012
- C:\Windows\System\FPybuLR.exe
  C:\Windows\System\FPybuLR.exe
  2⤵
  PID:10032
- C:\Windows\System\rYkReLQ.exe
  C:\Windows\System\rYkReLQ.exe
  2⤵
  PID:10056
- C:\Windows\System\bybpiPx.exe
  C:\Windows\System\bybpiPx.exe
  2⤵
  PID:10076
- C:\Windows\System\EqfelPX.exe
  C:\Windows\System\EqfelPX.exe
  2⤵
  PID:10100
- C:\Windows\System\KySoIgk.exe
  C:\Windows\System\KySoIgk.exe
  2⤵
  PID:10116
- C:\Windows\System\yhAxocj.exe
  C:\Windows\System\yhAxocj.exe
  2⤵
  PID:10140
- C:\Windows\System\lqTUqJA.exe
  C:\Windows\System\lqTUqJA.exe
  2⤵
  PID:10156
- C:\Windows\System\WlWWcfY.exe
  C:\Windows\System\WlWWcfY.exe
  2⤵
  PID:10172
- C:\Windows\System\gdAsVzq.exe
  C:\Windows\System\gdAsVzq.exe
  2⤵
  PID:10188
- C:\Windows\System\IBrzcMM.exe
  C:\Windows\System\IBrzcMM.exe
  2⤵
  PID:10212
- C:\Windows\System\uhJZSGi.exe
  C:\Windows\System\uhJZSGi.exe
  2⤵
  PID:10232
- C:\Windows\System\OGmpnmt.exe
  C:\Windows\System\OGmpnmt.exe
  2⤵
  PID:8560
- C:\Windows\System\PiNKZWu.exe
  C:\Windows\System\PiNKZWu.exe
  2⤵
  PID:9232
- C:\Windows\System\sYcgFgL.exe
  C:\Windows\System\sYcgFgL.exe
  2⤵
  PID:9252
- C:\Windows\System\oMxTZuX.exe
  C:\Windows\System\oMxTZuX.exe
  2⤵
  PID:9268
- C:\Windows\System\sXclXVk.exe
  C:\Windows\System\sXclXVk.exe
  2⤵
  PID:9284
- C:\Windows\System\caqOwIj.exe
  C:\Windows\System\caqOwIj.exe
  2⤵
  PID:9312
- C:\Windows\System\xbXPqyG.exe
  C:\Windows\System\xbXPqyG.exe
  2⤵
  PID:9328
- C:\Windows\System\goBdHfE.exe
  C:\Windows\System\goBdHfE.exe
  2⤵
  PID:9356
- C:\Windows\System\mitXfLO.exe
  C:\Windows\System\mitXfLO.exe
  2⤵
  PID:9372
- C:\Windows\System\ZGvZtAm.exe
  C:\Windows\System\ZGvZtAm.exe
  2⤵
  PID:9396
- C:\Windows\System\LhltmQa.exe
  C:\Windows\System\LhltmQa.exe
  2⤵
  PID:9416
- C:\Windows\System\jaeWKRR.exe
  C:\Windows\System\jaeWKRR.exe
  2⤵
  PID:9432
- C:\Windows\System\btMViCr.exe
  C:\Windows\System\btMViCr.exe
  2⤵
  PID:9448
- C:\Windows\System\LBIJCMS.exe
  C:\Windows\System\LBIJCMS.exe
  2⤵
  PID:9464
- C:\Windows\System\IxsFrXr.exe
  C:\Windows\System\IxsFrXr.exe
  2⤵
  PID:9484
- C:\Windows\System\ZggNmhy.exe
  C:\Windows\System\ZggNmhy.exe
  2⤵
  PID:9500
- C:\Windows\System\orsGKgg.exe
  C:\Windows\System\orsGKgg.exe
  2⤵
  PID:9536
- C:\Windows\System\ysKnMyl.exe
  C:\Windows\System\ysKnMyl.exe
  2⤵
  PID:9540
- C:\Windows\System\SJlbcKh.exe
  C:\Windows\System\SJlbcKh.exe
  2⤵
  PID:9564
- C:\Windows\System\RTNzHGO.exe
  C:\Windows\System\RTNzHGO.exe
  2⤵
  PID:9580
- C:\Windows\System\XYDnMUE.exe
  C:\Windows\System\XYDnMUE.exe
  2⤵
  PID:9600
- C:\Windows\System\DBxKmIX.exe
  C:\Windows\System\DBxKmIX.exe
  2⤵
  PID:9636
- C:\Windows\System\gSrchlM.exe
  C:\Windows\System\gSrchlM.exe
  2⤵
  PID:9668
- C:\Windows\System\GnBHred.exe
  C:\Windows\System\GnBHred.exe
  2⤵
  PID:9752
- C:\Windows\System\luDcluT.exe
  C:\Windows\System\luDcluT.exe
  2⤵
  PID:9712
- C:\Windows\System\leTeVxT.exe
  C:\Windows\System\leTeVxT.exe
  2⤵
  PID:9764
- C:\Windows\System\mZyKJmG.exe
  C:\Windows\System\mZyKJmG.exe
  2⤵
  PID:9780
- C:\Windows\System\dMIHNzF.exe
  C:\Windows\System\dMIHNzF.exe
  2⤵
  PID:9644
- C:\Windows\System\BWDhOMT.exe
  C:\Windows\System\BWDhOMT.exe
  2⤵
  PID:9816
- C:\Windows\System\wuxjtzx.exe
  C:\Windows\System\wuxjtzx.exe
  2⤵
  PID:9804
- C:\Windows\System\xbATQvQ.exe
  C:\Windows\System\xbATQvQ.exe
  2⤵
  PID:9792
- C:\Windows\System\WIMBQug.exe
  C:\Windows\System\WIMBQug.exe
  2⤵
  PID:9856
- C:\Windows\System\FgnJYnR.exe
  C:\Windows\System\FgnJYnR.exe
  2⤵
  PID:9892
- C:\Windows\System\hmsQGyV.exe
  C:\Windows\System\hmsQGyV.exe
  2⤵
  PID:9904
- C:\Windows\System\rupYXgi.exe
  C:\Windows\System\rupYXgi.exe
  2⤵
  PID:9924
- C:\Windows\System\nbhwxRr.exe
  C:\Windows\System\nbhwxRr.exe
  2⤵
  PID:9984
- C:\Windows\System\tBwIgQL.exe
  C:\Windows\System\tBwIgQL.exe
  2⤵
  PID:10048
- C:\Windows\System\mxoOtGY.exe
  C:\Windows\System\mxoOtGY.exe
  2⤵
  PID:10092
- C:\Windows\System\rjQdAmE.exe
  C:\Windows\System\rjQdAmE.exe
  2⤵
  PID:10072
- C:\Windows\System\wPeOGBW.exe
  C:\Windows\System\wPeOGBW.exe
  2⤵
  PID:10112
- C:\Windows\System\LLUKIgF.exe
  C:\Windows\System\LLUKIgF.exe
  2⤵
  PID:10152
- C:\Windows\System\jTIyWWJ.exe
  C:\Windows\System\jTIyWWJ.exe
  2⤵
  PID:10200
- C:\Windows\System\EIFxqhq.exe
  C:\Windows\System\EIFxqhq.exe
  2⤵
  PID:8408
- C:\Windows\System\tpkBLjX.exe
  C:\Windows\System\tpkBLjX.exe
  2⤵
  PID:9056
- C:\Windows\System\sBxkvxh.exe
  C:\Windows\System\sBxkvxh.exe
  2⤵
  PID:9236
- C:\Windows\System\doAeNSg.exe
  C:\Windows\System\doAeNSg.exe
  2⤵
  PID:9256
- C:\Windows\System\xhaYcYv.exe
  C:\Windows\System\xhaYcYv.exe
  2⤵
  PID:9300
- C:\Windows\System\XFnkorr.exe
  C:\Windows\System\XFnkorr.exe
  2⤵
  PID:9320
- C:\Windows\System\wnGGpac.exe
  C:\Windows\System\wnGGpac.exe
  2⤵
  PID:9344
- C:\Windows\System\mlamxpw.exe
  C:\Windows\System\mlamxpw.exe
  2⤵
  PID:9380
- C:\Windows\System\GcMchUw.exe
  C:\Windows\System\GcMchUw.exe
  2⤵
  PID:9440
- C:\Windows\System\NZamosj.exe
  C:\Windows\System\NZamosj.exe
  2⤵
  PID:9480
- C:\Windows\System\yFZAovK.exe
  C:\Windows\System\yFZAovK.exe
  2⤵
  PID:9508
- C:\Windows\System\WXYRthb.exe
  C:\Windows\System\WXYRthb.exe
  2⤵
  PID:9460
- C:\Windows\System\rZUPakB.exe
  C:\Windows\System\rZUPakB.exe
  2⤵
  PID:9572
- C:\Windows\System\OXsrwVc.exe
  C:\Windows\System\OXsrwVc.exe
  2⤵
  PID:9596
- C:\Windows\System\sgxHmrn.exe
  C:\Windows\System\sgxHmrn.exe
  2⤵
  PID:9624
- C:\Windows\System\CJJOfda.exe
  C:\Windows\System\CJJOfda.exe
  2⤵
  PID:9696
- C:\Windows\System\zxkScFp.exe
  C:\Windows\System\zxkScFp.exe
  2⤵
  PID:9768
- C:\Windows\System\HzOyweW.exe
  C:\Windows\System\HzOyweW.exe
  2⤵
  PID:9844
- C:\Windows\System\bbXHlRj.exe
  C:\Windows\System\bbXHlRj.exe
  2⤵
  PID:9880
- C:\Windows\System\JkYzpQh.exe
  C:\Windows\System\JkYzpQh.exe
  2⤵
  PID:9896
- C:\Windows\System\JqJDzRK.exe
  C:\Windows\System\JqJDzRK.exe
  2⤵
  PID:9728
- C:\Windows\System\KajDFkQ.exe
  C:\Windows\System\KajDFkQ.exe
  2⤵
  PID:9848
- C:\Windows\System\pANkQCt.exe
  C:\Windows\System\pANkQCt.exe
  2⤵
  PID:9936
- C:\Windows\System\hvuSTeR.exe
  C:\Windows\System\hvuSTeR.exe
  2⤵
  PID:10068
- C:\Windows\System\OwzzUJw.exe
  C:\Windows\System\OwzzUJw.exe
  2⤵
  PID:10028
- C:\Windows\System\ZbdNPlC.exe
  C:\Windows\System\ZbdNPlC.exe
  2⤵
  PID:10124
- C:\Windows\System\ZplWSDS.exe
  C:\Windows\System\ZplWSDS.exe
  2⤵
  PID:10136
- C:\Windows\System\GGlUKPx.exe
  C:\Windows\System\GGlUKPx.exe
  2⤵
  PID:9348
- C:\Windows\System\ZWvYNNh.exe
  C:\Windows\System\ZWvYNNh.exe
  2⤵
  PID:9200
- C:\Windows\System\LmCovbd.exe
  C:\Windows\System\LmCovbd.exe
  2⤵
  PID:9276
- C:\Windows\System\rlsRndi.exe
  C:\Windows\System\rlsRndi.exe
  2⤵
  PID:9336
- C:\Windows\System\YVpnGKp.exe
  C:\Windows\System\YVpnGKp.exe
  2⤵
  PID:9408
- C:\Windows\System\ktyWihr.exe
  C:\Windows\System\ktyWihr.exe
  2⤵
  PID:9512
- C:\Windows\System\lLOXyKm.exe
  C:\Windows\System\lLOXyKm.exe
  2⤵
  PID:9520
- C:\Windows\System\mzChDXX.exe
  C:\Windows\System\mzChDXX.exe
  2⤵
  PID:9472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BgEPQDz.exe

Filesize
6.0MB

MD5
dea124fc1a6ea926beffa1ad766a2f07

SHA1
b463ede91cc545b6b0a71ab5c396ad605ea3ae1b

SHA256
39b903eeb10a6ae2b5ba17e7e74268aabc801852c0fb3259819d29eca77b6c08

SHA512
61888f2ec443241f67bb641d1c58eabda61dbf7596abbdd9e078923c4ed6de034595185259c0891ea8e09102739faed4c339e16c5e4d7b5cf5b56e60623d6bc5

Download Submit
C:\Windows\system\DWbUgOs.exe

Filesize
6.0MB

MD5
b8f81f2866ea0d0f49f9fc968a7542ce

SHA1
052ff5d69cb01664d0b7c03201812dcbb0de7df6

SHA256
793c8da9e3b214ab131f47abc1e681ff9ea23d44d1d94435c978d152aa0dc933

SHA512
7eba034a5643c3f641e1c8b4e5e163707d1a6f0348fda7ab9720c5811a2fe89a353a766ac2e11750378b207d7de953f570623fe2b79d5a0f8011dcba8b3c33b0

Download Submit
C:\Windows\system\DXdRRSZ.exe

Filesize
6.0MB

MD5
9926e27298d8cbb43e8760bd40995ce2

SHA1
0029d5005fe7a26f7794620f20c3d4163e0319f6

SHA256
95f5ffc589b5d235dbf078517909149443443442aa8f025a4c7d1c2d265db47e

SHA512
eadcdccf96671112f015c0c93b7a34df875ac46246d3051eac7ccf216bfa0f0ba7cebcf0bfa0670e904cca8f0f2c78be05ee04879cd7d558faef5d669ef372ac

Download Submit
C:\Windows\system\EFJstNK.exe

Filesize
6.0MB

MD5
815466cb6624dfcc376e38d5c3210fb2

SHA1
cf1dc7c84c1c462357f66cf4b6938c77c6b9ec33

SHA256
9c949ee27b700fc06ef8cd5c5635369b13d0f37bab8cae440b2146934d19e455

SHA512
87e519cb2f32f43f03df46d78639c95603039db8f6492536ea4046513d1e5af322760454368d3837a501de0b9742a7c330bd7e5c02d9f9c53ca857d509f798fe

Download Submit
C:\Windows\system\GXbgFFW.exe

Filesize
6.0MB

MD5
4e2283b48a3a2985fe40dcf7020f3d9e

SHA1
365b0f5153f55eda42565b5f3788986153450ea5

SHA256
bab182669a8f05634795239bdaa4907011b1c824b7669a8e0b480b85f9aed1b9

SHA512
1fb057b17e19cc23cb0cdba4c5a5b82125635cb4b126f55c95eb935a6e75e24278a7efe90bfdf8e906d50009c7612950d4f3cc69b6b152eabbcd972bd820f1f3

Download Submit
C:\Windows\system\GbHsOjG.exe

Filesize
6.0MB

MD5
f9f217916df4b677587e1473b89d4d3e

SHA1
d4f522bed9b5abba106c102f0d258932715e1c3e

SHA256
864e95c3b5b21a01fc7da9c5a13391dfbb673d0463feeceb558a8629fae4fbb8

SHA512
d0865c4d2581050acc48667ed3dbc63dd8ad0136eeefd33391bb2653d1e53eadc60c49d9fadc3de0cba5985c5a52ab1370cf1f33ca743eb4ee227dd80ecd1435

Download Submit
C:\Windows\system\LSEHyBw.exe

Filesize
6.0MB

MD5
a54443dec7b7217309108f52ab995030

SHA1
8d59d5f1158968772a46f94d30176cdd9f348335

SHA256
178c7e034ac1e7de9d49e060468f04b98cae3b8f02517d3bef8cf82dba680de4

SHA512
223d68ef530a24849135f17a5565e88ea2e0d05fe2cab74bda38f062d3b6782cfb3136ddef2edacfeacb0c9314083959c0a1c516e474f001a8d4094917de497b

Download Submit
C:\Windows\system\NQgpqlz.exe

Filesize
6.0MB

MD5
c3088895f83b41378dc1276651ddcd92

SHA1
0fcc5864205da620bcbf40239f093b1737625693

SHA256
72c426348f8842efbbd554f36c9267f0c76eecd37ec9fa11f39f5e21575fb728

SHA512
9053b8d6a5a091fb96560e5569fa910aee4c263e489d94920120ec685bdbf21a4b582eab4015f3e00895a6115eba6449b4f9745e668b48fda687f56ac244ce47

Download Submit
C:\Windows\system\PhkvZwq.exe

Filesize
6.0MB

MD5
75fefa6bfdea40893e5c3f06298bdd68

SHA1
74d5f816348f46d997c72f78df6464a8e67bb5d0

SHA256
b4f2aa1861c720bb8406d052613a097b354059742cc684da6bec3727e71df43c

SHA512
45136e98f7d5f53a55f992b318f2b17f61ece3ab2bb8f6f710316613ba226aed784373e872bc5864291cbd63972261d0024c607c07cb52cc45e99b84fbe5f562

Download Submit
C:\Windows\system\UuzfvqM.exe

Filesize
6.0MB

MD5
b388cfd53d6880c5009d31ff8626ce4e

SHA1
178ae7a2b53064dcb6aac61f98b4cfed892c789b

SHA256
30879af1fbec5bed5650e6f8857ca2651936fac7a3628d0af203effc8e2ba938

SHA512
024185eaa6d86fa90579b9dc221b6cf9303ac46d9ad3b95b304998844dce7abe3f86293351210af76c6d53bd46021de58a89a1a6c926b94df4f6dfc55e7fef6f

Download Submit
C:\Windows\system\WvOXXTO.exe

Filesize
6.0MB

MD5
b7dd48ead6a138a45bb0ec211fcfee28

SHA1
922143f3c54bff279e3d4ce79277c5a857cdba23

SHA256
87e84255a5b91adc76102bc23064fdd8265d90fd0ec834924ac7985d83297da4

SHA512
4f3d8b2ce06e4490451970897d39ee571bf7b23905ce6e525c2edaca201025412a01b03b0c512826d81391c69978fa3aa0707c875143f5dee8b770c7399ab58c

Download Submit
C:\Windows\system\engpbGq.exe

Filesize
6.0MB

MD5
3f53e0d8cf9fc0fe757b03d995e32bd1

SHA1
1f62016bec8f6f196f58d9ec0727016bd1efe817

SHA256
63512c42ccdec6ce79b26d6bf2972d91a5c2abc66d79a5970c1d50b4456bf12d

SHA512
c8bfa5545351fe49abd403174c1be73e567ea8b08095861282dca1cb2d1a13099808d9e06b0faff2cd92625d875cd6357fbe90d015163eba2f70bd1649135eba

Download Submit
C:\Windows\system\fyJjqzC.exe

Filesize
6.0MB

MD5
8f71e9daf9d9c1f3556550250d2a2926

SHA1
1fb21ab1631880ec248ed3dd1d9b30e38abcf19e

SHA256
9f6001a5d09443312d65708139d4e234240810ddef8e2caf18898daa2804f84e

SHA512
08fd487b0f968ff909ab3701fd0eaa628f899c071463420273e904ccdeca06dabcde7b07c8ebafa2e4ac94396cfe3a3b0391871e6f69438ce3e0308fc592385f

Download Submit
C:\Windows\system\hOwQBWb.exe

Filesize
6.0MB

MD5
252df8d9e8c6a36ce16b517775eaa5b1

SHA1
515de1e7a9e74001d622b673f0275e2ffe4c0e2f

SHA256
09388d87152c5c97342e225c80ab4db7fb184cf10d3623b579ce921dd13cbaf1

SHA512
9d240e0c01819dc1cbccdf31caf644e375336b4fae5c3e525f41788f4c21de24ab1245c1229962cc22b527fc3c140eab6b9578df1dbed3ef5bcd9b3feda7c360

Download Submit
C:\Windows\system\kHLItzk.exe

Filesize
6.0MB

MD5
7320ffc9788213178ea18173ab84adcf

SHA1
f40e8aebeacac5ceeda710d33b89e8ac70c1e73d

SHA256
1ef05c26829a5c5fb284241df201b84dedcc5f047d179e0a6af0e16cca988cf5

SHA512
bb4b49040376ebf6f010d83e3c71bec3de0cc4277a40d6a6cb7172896f8df732245cf8704484d27cebefa97de1dca6de256da544ee79590f479ede92ce7ef326

Download Submit
C:\Windows\system\kurUotR.exe

Filesize
6.0MB

MD5
0bcc928b7478d58ed62415b3cce79a47

SHA1
dbb9a1c3dc58c90f587b9085ee9f7ada1a9ddebc

SHA256
24e02185d5529a6e39e3b5d61df84a39e2877d75f4bb8b1240c3edf82b33731c

SHA512
16ecc41982158818064c92e8b4c00a2460d1a5084f5c0dd24b8ec3962d8ef5eb9fdc23f1d8461fe0a3311c219c0705c5a0b6502486092a26a1dff1bb7b7a1e3f

Download Submit
C:\Windows\system\nYxkOGw.exe

Filesize
6.0MB

MD5
1edd9aca0b224f96566a8bd85e350642

SHA1
3d5111500395005b9ffc7575fd68363a159699c5

SHA256
4fbba1b9d6a8fc2e80ec938ac13b3e825ea77cf4811dbce298c3c5d9299f62af

SHA512
e27accf4739d3b19ba935f2542e492c8e801a054aa2e59902d5e2f983bae25d0fa9f624c358e180288be3de5012015981fbca72cd6f0b26d00af70fbc07e8762

Download Submit
C:\Windows\system\naTPrUZ.exe

Filesize
6.0MB

MD5
ff13bff5fe5c493a9a5eab57fc8f7eae

SHA1
bd3a3dd3d2e5d2391c04954a348c5f83469f3a01

SHA256
0fbda8fe76c12eae43971648d6ec8c55c622166d205c4ea77ed9ee7cd1048fe1

SHA512
3cdd79f97fe8073e6a36554f9a1a11a595bf4a4b5b3ec2df5010f5d21305b0635a0885f1db0ddb7eaf7139edbcda9897492421e534f445d88c2b61e6381bd21e

Download Submit
C:\Windows\system\ppyDijl.exe

Filesize
6.0MB

MD5
095c6c4c884f3c94bdb481b3414f0e23

SHA1
f680d35a959f3fd485a15600f74b8910af466404

SHA256
3713ae94035e4e997a1627f39474c843958dfaf48449b160e462f95810b5dd06

SHA512
2817c8c467e0468880aa11d768f13a7d3666ae09d1348219c5a9e98f0b29f8c50a8c7d591c2a4037e9f5230ba57b50c8e4383d586d261840121765df78fcadcb

Download Submit
C:\Windows\system\qvtDjCl.exe

Filesize
6.0MB

MD5
b190bd9b295ae82eb4368e047d16fe53

SHA1
de41a09b71d80e5218d5191f7e64e1a6fa1dbb82

SHA256
aa510db83d8b99ab3047f019e2fd41c0a8a3433a80c23dc49121808d7c153f91

SHA512
614ae78e5aed8cde7a0749d3db46c04016b8d0b68bc52277a089387d9c90c1220d37cd3ac21d08124b2336b7855fbfeaf57d2ac4bcb5109a9db9c0ca70a6c6c5

Download Submit
C:\Windows\system\tDjwVCP.exe

Filesize
6.0MB

MD5
d051affb413c0a47fecd3aefa545fdc3

SHA1
011db6a5e57e9c55172e8ebed8c81aeb56f0b889

SHA256
791165e9a2a88905c0eb6b17003a9e0151b461a3a0682a768a9bf512d42d2bf5

SHA512
6160c63f4d54ce72bcc9d2b433ace607a25c7d82df77069735ac1e76aa0a373e25a3a1cdfa51ce8f488b50c0ac26bd4259ee37a299d8c0004619ba276eebd719

Download Submit
C:\Windows\system\vbVYcXJ.exe

Filesize
6.0MB

MD5
98c1abc4a69a8d1835992f363c1f706a

SHA1
86f17b97bc3716e2a92fe0ae8f16a9cf049707d2

SHA256
6468fd04f930faccd344b12064bccbe6d3aeedbce924a43ab9065507a671a910

SHA512
7cb5a5d8adbafb533a6a0ed62c49b17b6066580ff4d79c08f0296e5977575f5e43a60cd8a0bd354b34bfa3de95ede8fa0c2545f83f7639b8577499e0dddd65ae

Download Submit
C:\Windows\system\whVFCOZ.exe

Filesize
6.0MB

MD5
561ed16e6309e0ee38c83bb30c62748a

SHA1
571516e266fcbeb6705a5a39cc36419e6c5e5247

SHA256
d455a7747c77d294c135904f411a7f1ea0377040031599b7accefd4e399e5cab

SHA512
872f416eeb236276c444aa39961bfe3f7bcd5aa70bfc9cdc2ff1838ec1675e7fcfd53476afbc1966075b66f72823e77328f674145777960363846dab0160e701

Download Submit
\Windows\system\CeykLPw.exe

Filesize
6.0MB

MD5
75813ac2235e428048f02075154fbf00

SHA1
4ea6f6ada0b86c5c14022d544e2b4747726ad190

SHA256
e437259f1ae40a5f5d070dd4e009030f3234db971b61d3dd188344b5bda397cf

SHA512
72cb9fdbfb902cc1173a4dd5329cd3cf3ea3431cf1f4590889ff14e6ab9ad2e7f41afc1261abd0622edd52543fe4328f56389da137b4d96ba34f7ca5eb015af2

Download Submit
\Windows\system\KvVTyrS.exe

Filesize
6.0MB

MD5
1cc1e02235a77b0cdb61ad845abbf7e6

SHA1
d6368febce453407fa86a9a3313cb82670340bf0

SHA256
3dc9848a11a58e2c1f768bebb29f6c9037961feaec5cc4af1af0c9c744f3079f

SHA512
fa045496cf4ae23336ab9da170b5d0e3af716274c6ff2be7ced87db22fa424ec2cd0c8c5a4fee33123eab191174bc63ba6a69b5424c7d6e2bb5ccd810bc63c8e

Download Submit
\Windows\system\LMZOoeB.exe

Filesize
6.0MB

MD5
30735a979c3dcb7fdc787ae3bdac373c

SHA1
166768ac4a8c0685981e8a6043c14ced53759656

SHA256
4a6b08ff3a97b13bc097cdcf857efabf944e5f7295c05ac9d1f92f06dad90a7b

SHA512
3b2b0b469d77340f7df438a28bdc05dd383c580299c974d8d567ed6e4a51c6abbfef1f7b1c18a8552d55693e862a5ad5753b6a4f93e43c33f987373e48c5b394

Download Submit
\Windows\system\NkDfChL.exe

Filesize
6.0MB

MD5
f679e8564053f1c808b665be876b5e87

SHA1
62d3d95abab4045eadf345294fffbab6ca8a5a8e

SHA256
d20b6cf01815deac439458377b4e179632ed42cc0b303e11a8dba59f6598522a

SHA512
69e5b57d093d3c206fafa933b022279cbc66e2f0c512429e1558e88cee3f137b581619e0c2516fef62db0ce4f491668c3e3e59cd9f672c99458ee1bfeab29fb5

Download Submit
\Windows\system\ZJjiVdk.exe

Filesize
6.0MB

MD5
eebf480216f9d4fa174239ae12827f64

SHA1
9bf72c0ff04d3985d0aae8448295434bebf14c39

SHA256
e4ce3185b5205f386183bae0f6acd795de904f48a4011e58a9ccd5b3907ef673

SHA512
9087d3214c581a75fcb9d8ff9a15d32faace480a419cf41c08dfdf9c378452faeb62e326e61f607192844b08281337d3cc0940bbcefea01708d043e2eb93c6f8

Download Submit
\Windows\system\dZORMWw.exe

Filesize
6.0MB

MD5
16b8d882f29035c34efa30912fb90666

SHA1
faa9922aefb9bd5b97ad93e027021f85cd4bef6d

SHA256
f54d4a3171112d56be217873480985fb7f4541c1d8ea83b6befa212037a1cb19

SHA512
a579603662cb13463b53c240c6b3fe979724f62e8540e936b72b26768e5776af2d3b3fffa5d803cf664150e1ad2fec70e553f9932ae93d9ae8d0e971f998a751

Download Submit
\Windows\system\gmmebNW.exe

Filesize
6.0MB

MD5
80ce4ab398f3be6d1ee471ceb406d6a4

SHA1
99b15f1097d1af7684a048a5ef8384bc55547d96

SHA256
b12a7b49744c2392321e1f0476a94d8592fb472c3ce8b1252f0cc61c39f35874

SHA512
4d6b59930c63bd2eee65c47def10ecdb29bac4ef308ab9e72eaa0aa817e1a78b5ff014546885eff7907df5a98be88b06c03f7c70c2b7edf13e5c2b525315a769

Download Submit
\Windows\system\hNAKbLI.exe

Filesize
6.0MB

MD5
787c04d139033f279f3d68cdcb465f7e

SHA1
0637dd1a86f593682816d8e2a1b838d17a8bf80a

SHA256
8d1d78f62dd6ecca1b0f964acb865de03f26dc44c265b171e5adcf878dd2bde4

SHA512
df863960fe951db45a240b62dce4a1e9e5c24ff401a774b476e683fcaf98c3be8fba986a2178875472655271e095fe55c5c2266bd89456257c643f7c7026e934

Download Submit
\Windows\system\yvYioOz.exe

Filesize
6.0MB

MD5
c07d0cb0088af181d1d1f3c9263e29a1

SHA1
2aba60dc0a52a9d421adcf2ebd7bde7999decfdb

SHA256
d9aa8962e262d0d3072bbe1b9fbd4b17c4600da318ebf7a77614b04311e0931a

SHA512
6dfa7dda2f328844287291fe0df21a409bb48c818753c7a25b43a3237b11a6282c0d163ad06bd3d1f623379c2f264acabf100ead8d1aa0d3f961e212f50652a2

Download Submit
memory/1336-93-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/1336-480-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/1336-3849-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/1668-3823-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/1668-96-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/1668-39-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-45-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/1704-3827-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2088-3833-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-75-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-77-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2284-3846-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2640-84-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-89-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2640-27-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2640-1-0x0000000000300000-0x0000000000310000-memory.dmp

Filesize
64KB

Download
memory/2640-66-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2640-67-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-2560-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-97-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2640-79-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2640-78-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2640-112-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-14-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-25-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2640-61-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-22-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2640-95-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2640-0-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2640-73-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2684-3850-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-85-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-260-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-53-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2708-3829-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2728-3837-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-98-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-65-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-3834-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-68-0x000000013F8A0000-0x000000013FBF4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-69-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-3831-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-111-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2824-3822-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2824-81-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2824-11-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2916-90-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-369-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-3851-0x000000013F660000-0x000000013F9B4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-115-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2984-82-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2984-3847-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download