cobaltstrike | bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5caba

Analysis

max time kernel
120s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27-09-2024 12:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
Size

6.0MB
MD5

435275f94753713858f76f2973ba44a0
SHA1

0ae3928158b45d2db5ca33241132f3587a4805a8
SHA256

bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5caba
SHA512

e1e05900769e0ef06a9198fde91beb890164fff7dee40904da9721fa9b49e49074defa2bf6e70a61cc9e739425d3210cec2a6964de6f635752ed0a6d5d8fdcc6
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU7:T+q56utgpPF8u/77

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a000000015685-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d0a-9.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d31-36.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016689-60.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cab-117.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d73-148.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de9-164.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174b4-195.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174f8-198.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016f02-184.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001707f-188.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df8-174.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016edc-178.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df5-169.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd5-154.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd9-159.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6f-144.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d68-139.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4c-134.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015ccf-109.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cf0-130.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d22-126.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016c89-97.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001660e-76.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016890-71.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ca0-105.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d60-54.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016399-39.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016b86-84.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000164de-47.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015d88-32.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d48-31.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2072-0-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/files/0x000a000000015685-3.dat	xmrig
behavioral1/memory/2072-6-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/files/0x0008000000015d0a-9.dat	xmrig
behavioral1/files/0x0007000000015d31-36.dat	xmrig
behavioral1/memory/2652-38-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/2072-48-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/memory/2848-50-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/files/0x0006000000016689-60.dat	xmrig
behavioral1/memory/2704-70-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2072-25-0x00000000023D0000-0x0000000002724000-memory.dmp	xmrig
behavioral1/memory/2588-91-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/2072-101-0x00000000023D0000-0x0000000002724000-memory.dmp	xmrig
behavioral1/memory/2552-106-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/files/0x0006000000016cab-117.dat	xmrig
behavioral1/files/0x0006000000016d73-148.dat	xmrig
behavioral1/files/0x0006000000016de9-164.dat	xmrig
behavioral1/memory/1396-1030-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/2072-1074-0x00000000023D0000-0x0000000002724000-memory.dmp	xmrig
behavioral1/memory/2072-931-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/1940-825-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2588-614-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/1768-525-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/2716-347-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/files/0x00060000000174b4-195.dat	xmrig
behavioral1/files/0x00060000000174f8-198.dat	xmrig
behavioral1/files/0x0006000000016f02-184.dat	xmrig
behavioral1/files/0x000600000001707f-188.dat	xmrig
behavioral1/files/0x0006000000016df8-174.dat	xmrig
behavioral1/files/0x0006000000016edc-178.dat	xmrig
behavioral1/files/0x0006000000016df5-169.dat	xmrig
behavioral1/files/0x0006000000016dd5-154.dat	xmrig
behavioral1/files/0x0006000000016dd9-159.dat	xmrig
behavioral1/files/0x0006000000016d6f-144.dat	xmrig
behavioral1/files/0x0006000000016d68-139.dat	xmrig
behavioral1/files/0x0006000000016d4c-134.dat	xmrig
behavioral1/memory/2704-110-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/files/0x0009000000015ccf-109.dat	xmrig
behavioral1/files/0x0006000000016cf0-130.dat	xmrig
behavioral1/memory/1940-99-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d22-126.dat	xmrig
behavioral1/memory/2764-98-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016c89-97.dat	xmrig
behavioral1/memory/2072-93-0x00000000023D0000-0x0000000002724000-memory.dmp	xmrig
behavioral1/memory/2716-79-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2652-78-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/2748-77-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/files/0x000600000001660e-76.dat	xmrig
behavioral1/files/0x0006000000016890-71.dat	xmrig
behavioral1/memory/1396-107-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016ca0-105.dat	xmrig
behavioral1/memory/2072-102-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/2764-57-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2456-55-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015d60-54.dat	xmrig
behavioral1/files/0x0007000000016399-39.dat	xmrig
behavioral1/memory/2848-90-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/1768-85-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016b86-84.dat	xmrig
behavioral1/memory/2088-81-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/2552-65-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2796-61-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/files/0x00060000000164de-47.dat	xmrig
behavioral1/memory/2088-45-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2456	ecOrcCg.exe
2796	dmfuCOe.exe
2652	ZfKXkYo.exe
2748	KXQmWlr.exe
2088	xKLIqnq.exe
2848	COjeKcd.exe
2764	QloHlow.exe
2552	aQTjUaN.exe
2704	PWJoFBm.exe
2716	XYFJJgs.exe
1768	VFPEuLq.exe
2588	vDCmipI.exe
1940	SmigHts.exe
1396	IhfjcdY.exe
1268	DHEDcbO.exe
2348	XrZSWeL.exe
1232	ObZxsdW.exe
1144	ulDfhQf.exe
2988	AaihRdd.exe
2844	eWMULHJ.exe
2128	qFVjNtz.exe
1156	evqqwQV.exe
2052	rKsmROL.exe
1624	aJkTnYV.exe
1132	EdjHgkH.exe
2876	pndJawt.exe
1092	TsgouJt.exe
328	naTSxHP.exe
1956	LLPAYjq.exe
1716	ihYLFVd.exe
900	RNYmNba.exe
2968	YEsViII.exe
2032	zNmTvqw.exe
1852	MkkouWe.exe
2932	XUSHmwg.exe
1808	jWnQuQo.exe
2092	wbLISrP.exe
2068	WrTduRj.exe
1972	MdXGGkv.exe
2208	pfzxFBI.exe
1340	WCkJcNp.exe
1488	pkqRXID.exe
1160	SAoZvOy.exe
1756	qwxUMiR.exe
1864	GkLuuBq.exe
2944	ZNEUarp.exe
2296	kmQyRsM.exe
2444	EMlKxci.exe
2448	DBDNYKn.exe
1472	MDPQbog.exe
2760	nCCzZih.exe
2560	ZIdbJor.exe
2672	uyIrxmo.exe
1644	pWknfNi.exe
2212	MrWgFWK.exe
2548	cicfSwq.exe
1908	xmgNBvM.exe
692	WcCGnyc.exe
1812	YSyeotH.exe
1760	zMXwavp.exe
2392	ZZtfPaP.exe
2640	QqikgHQ.exe
2396	OTqbLeI.exe
2148	jnBIhbC.exe

Loads dropped DLL 64 IoCs

pid	Process
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2072-0-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/files/0x000a000000015685-3.dat	upx
behavioral1/memory/2072-6-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/files/0x0008000000015d0a-9.dat	upx
behavioral1/files/0x0007000000015d31-36.dat	upx
behavioral1/memory/2652-38-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/2072-48-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/memory/2848-50-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/files/0x0006000000016689-60.dat	upx
behavioral1/memory/2704-70-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2588-91-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/2552-106-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/files/0x0006000000016cab-117.dat	upx
behavioral1/files/0x0006000000016d73-148.dat	upx
behavioral1/files/0x0006000000016de9-164.dat	upx
behavioral1/memory/1396-1030-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/1940-825-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2588-614-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/1768-525-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/2716-347-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/files/0x00060000000174b4-195.dat	upx
behavioral1/files/0x00060000000174f8-198.dat	upx
behavioral1/files/0x0006000000016f02-184.dat	upx
behavioral1/files/0x000600000001707f-188.dat	upx
behavioral1/files/0x0006000000016df8-174.dat	upx
behavioral1/files/0x0006000000016edc-178.dat	upx
behavioral1/files/0x0006000000016df5-169.dat	upx
behavioral1/files/0x0006000000016dd5-154.dat	upx
behavioral1/files/0x0006000000016dd9-159.dat	upx
behavioral1/files/0x0006000000016d6f-144.dat	upx
behavioral1/files/0x0006000000016d68-139.dat	upx
behavioral1/files/0x0006000000016d4c-134.dat	upx
behavioral1/memory/2704-110-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/files/0x0009000000015ccf-109.dat	upx
behavioral1/files/0x0006000000016cf0-130.dat	upx
behavioral1/memory/1940-99-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/files/0x0006000000016d22-126.dat	upx
behavioral1/memory/2764-98-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/files/0x0006000000016c89-97.dat	upx
behavioral1/memory/2716-79-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2652-78-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/2748-77-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/files/0x000600000001660e-76.dat	upx
behavioral1/files/0x0006000000016890-71.dat	upx
behavioral1/memory/1396-107-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/files/0x0006000000016ca0-105.dat	upx
behavioral1/memory/2764-57-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2456-55-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/files/0x0007000000015d60-54.dat	upx
behavioral1/files/0x0007000000016399-39.dat	upx
behavioral1/memory/2848-90-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/1768-85-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/files/0x0006000000016b86-84.dat	upx
behavioral1/memory/2088-81-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/2552-65-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2796-61-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/files/0x00060000000164de-47.dat	upx
behavioral1/memory/2088-45-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/2748-33-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/files/0x0009000000015d88-32.dat	upx
behavioral1/files/0x0007000000015d48-31.dat	upx
behavioral1/memory/2796-21-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2796-3945-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2748-3956-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\PsLcTHo.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\DZXxBwe.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\jGbzVXj.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\sJFJSUc.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\xiXfYpz.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\jiBEjXn.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\OMWnEte.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\juiFrMo.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\eEitVUK.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\LUsXHHZ.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\svmshIg.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\xzEIsIC.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\cMJAxUt.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\GnYCozT.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\IPbaXiU.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\umQUAIF.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\arPaApj.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\JXlKyHq.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\TzRwECc.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\XZtcMcT.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\fhoOizS.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\QlPguYi.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\KVwuMOz.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\XpYleMw.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\RiyRYqN.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\uSWsvpW.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\edaFegZ.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\wOTIchX.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\LBiQXBL.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\qNdEZbv.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\vAsIeNR.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\upFFzuV.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\VnLfMOH.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\BBYqVrf.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\BYUpUsJ.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\DREICwq.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\AUXOrgj.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\LbNOhhB.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\yCEyGWK.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\qwxUMiR.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\IKduOxc.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\JuBLBFi.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\PWJoFBm.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\Vgkajod.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\jVUMLNX.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\jthWgUE.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\DTJjwcy.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\kZeIHAa.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\VwixViJ.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\XXEjSuK.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\UHbllBa.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\mvzLffY.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\JWTfYSR.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\REcalMb.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\ydMEUkR.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\kbZtqtJ.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\sZdGFGY.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\ePkBukr.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\MwSDyac.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\yGISlxF.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\QvjitXf.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\gRIlkwR.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\UmZxPyr.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
File created	C:\Windows\System\GwcIMql.exe	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 2456	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	32
PID 2072 wrote to memory of 2456	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	32
PID 2072 wrote to memory of 2456	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	32
PID 2072 wrote to memory of 2796	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	33
PID 2072 wrote to memory of 2796	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	33
PID 2072 wrote to memory of 2796	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	33
PID 2072 wrote to memory of 2088	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	34
PID 2072 wrote to memory of 2088	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	34
PID 2072 wrote to memory of 2088	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	34
PID 2072 wrote to memory of 2652	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	35
PID 2072 wrote to memory of 2652	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	35
PID 2072 wrote to memory of 2652	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	35
PID 2072 wrote to memory of 2764	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	36
PID 2072 wrote to memory of 2764	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	36
PID 2072 wrote to memory of 2764	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	36
PID 2072 wrote to memory of 2748	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	37
PID 2072 wrote to memory of 2748	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	37
PID 2072 wrote to memory of 2748	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	37
PID 2072 wrote to memory of 2704	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	38
PID 2072 wrote to memory of 2704	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	38
PID 2072 wrote to memory of 2704	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	38
PID 2072 wrote to memory of 2848	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	39
PID 2072 wrote to memory of 2848	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	39
PID 2072 wrote to memory of 2848	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	39
PID 2072 wrote to memory of 2716	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	40
PID 2072 wrote to memory of 2716	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	40
PID 2072 wrote to memory of 2716	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	40
PID 2072 wrote to memory of 2552	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	41
PID 2072 wrote to memory of 2552	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	41
PID 2072 wrote to memory of 2552	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	41
PID 2072 wrote to memory of 2588	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	42
PID 2072 wrote to memory of 2588	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	42
PID 2072 wrote to memory of 2588	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	42
PID 2072 wrote to memory of 1768	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	43
PID 2072 wrote to memory of 1768	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	43
PID 2072 wrote to memory of 1768	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	43
PID 2072 wrote to memory of 1940	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	44
PID 2072 wrote to memory of 1940	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	44
PID 2072 wrote to memory of 1940	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	44
PID 2072 wrote to memory of 1396	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	45
PID 2072 wrote to memory of 1396	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	45
PID 2072 wrote to memory of 1396	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	45
PID 2072 wrote to memory of 2348	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	46
PID 2072 wrote to memory of 2348	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	46
PID 2072 wrote to memory of 2348	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	46
PID 2072 wrote to memory of 1268	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	47
PID 2072 wrote to memory of 1268	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	47
PID 2072 wrote to memory of 1268	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	47
PID 2072 wrote to memory of 1144	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	48
PID 2072 wrote to memory of 1144	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	48
PID 2072 wrote to memory of 1144	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	48
PID 2072 wrote to memory of 1232	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	49
PID 2072 wrote to memory of 1232	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	49
PID 2072 wrote to memory of 1232	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	49
PID 2072 wrote to memory of 2988	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	50
PID 2072 wrote to memory of 2988	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	50
PID 2072 wrote to memory of 2988	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	50
PID 2072 wrote to memory of 2844	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	51
PID 2072 wrote to memory of 2844	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	51
PID 2072 wrote to memory of 2844	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	51
PID 2072 wrote to memory of 2128	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	52
PID 2072 wrote to memory of 2128	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	52
PID 2072 wrote to memory of 2128	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	52
PID 2072 wrote to memory of 1156	2072	bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe	53

C:\Users\Admin\AppData\Local\Temp\bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe
"C:\Users\Admin\AppData\Local\Temp\bf0ba46398ab8690a6ba06d719e6bb8c660b2db4fac777269f1d0af0d9c5cabaN.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Windows\System\ecOrcCg.exe
  C:\Windows\System\ecOrcCg.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\dmfuCOe.exe
  C:\Windows\System\dmfuCOe.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\xKLIqnq.exe
  C:\Windows\System\xKLIqnq.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\ZfKXkYo.exe
  C:\Windows\System\ZfKXkYo.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\QloHlow.exe
  C:\Windows\System\QloHlow.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\KXQmWlr.exe
  C:\Windows\System\KXQmWlr.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\PWJoFBm.exe
  C:\Windows\System\PWJoFBm.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\COjeKcd.exe
  C:\Windows\System\COjeKcd.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\XYFJJgs.exe
  C:\Windows\System\XYFJJgs.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\aQTjUaN.exe
  C:\Windows\System\aQTjUaN.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\vDCmipI.exe
  C:\Windows\System\vDCmipI.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\VFPEuLq.exe
  C:\Windows\System\VFPEuLq.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\SmigHts.exe
  C:\Windows\System\SmigHts.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\IhfjcdY.exe
  C:\Windows\System\IhfjcdY.exe
  2⤵
  - Executes dropped EXE
  PID:1396
- C:\Windows\System\XrZSWeL.exe
  C:\Windows\System\XrZSWeL.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\DHEDcbO.exe
  C:\Windows\System\DHEDcbO.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\ulDfhQf.exe
  C:\Windows\System\ulDfhQf.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\ObZxsdW.exe
  C:\Windows\System\ObZxsdW.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\AaihRdd.exe
  C:\Windows\System\AaihRdd.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\eWMULHJ.exe
  C:\Windows\System\eWMULHJ.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\qFVjNtz.exe
  C:\Windows\System\qFVjNtz.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\evqqwQV.exe
  C:\Windows\System\evqqwQV.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\rKsmROL.exe
  C:\Windows\System\rKsmROL.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\aJkTnYV.exe
  C:\Windows\System\aJkTnYV.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\EdjHgkH.exe
  C:\Windows\System\EdjHgkH.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\pndJawt.exe
  C:\Windows\System\pndJawt.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\TsgouJt.exe
  C:\Windows\System\TsgouJt.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\naTSxHP.exe
  C:\Windows\System\naTSxHP.exe
  2⤵
  - Executes dropped EXE
  PID:328
- C:\Windows\System\LLPAYjq.exe
  C:\Windows\System\LLPAYjq.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\ihYLFVd.exe
  C:\Windows\System\ihYLFVd.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\RNYmNba.exe
  C:\Windows\System\RNYmNba.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\YEsViII.exe
  C:\Windows\System\YEsViII.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\zNmTvqw.exe
  C:\Windows\System\zNmTvqw.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\MkkouWe.exe
  C:\Windows\System\MkkouWe.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\XUSHmwg.exe
  C:\Windows\System\XUSHmwg.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\jWnQuQo.exe
  C:\Windows\System\jWnQuQo.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\wbLISrP.exe
  C:\Windows\System\wbLISrP.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\WrTduRj.exe
  C:\Windows\System\WrTduRj.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\MdXGGkv.exe
  C:\Windows\System\MdXGGkv.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\pfzxFBI.exe
  C:\Windows\System\pfzxFBI.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\WCkJcNp.exe
  C:\Windows\System\WCkJcNp.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\pkqRXID.exe
  C:\Windows\System\pkqRXID.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\SAoZvOy.exe
  C:\Windows\System\SAoZvOy.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\qwxUMiR.exe
  C:\Windows\System\qwxUMiR.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\GkLuuBq.exe
  C:\Windows\System\GkLuuBq.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\ZNEUarp.exe
  C:\Windows\System\ZNEUarp.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\kmQyRsM.exe
  C:\Windows\System\kmQyRsM.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\EMlKxci.exe
  C:\Windows\System\EMlKxci.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\DBDNYKn.exe
  C:\Windows\System\DBDNYKn.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\MDPQbog.exe
  C:\Windows\System\MDPQbog.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\nCCzZih.exe
  C:\Windows\System\nCCzZih.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\ZIdbJor.exe
  C:\Windows\System\ZIdbJor.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\uyIrxmo.exe
  C:\Windows\System\uyIrxmo.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\pWknfNi.exe
  C:\Windows\System\pWknfNi.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\MrWgFWK.exe
  C:\Windows\System\MrWgFWK.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\cicfSwq.exe
  C:\Windows\System\cicfSwq.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\xmgNBvM.exe
  C:\Windows\System\xmgNBvM.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\WcCGnyc.exe
  C:\Windows\System\WcCGnyc.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\YSyeotH.exe
  C:\Windows\System\YSyeotH.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\zMXwavp.exe
  C:\Windows\System\zMXwavp.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\ZZtfPaP.exe
  C:\Windows\System\ZZtfPaP.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\QqikgHQ.exe
  C:\Windows\System\QqikgHQ.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\OTqbLeI.exe
  C:\Windows\System\OTqbLeI.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\jnBIhbC.exe
  C:\Windows\System\jnBIhbC.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\OIrbXuq.exe
  C:\Windows\System\OIrbXuq.exe
  2⤵
  PID:764
- C:\Windows\System\XmMDQtc.exe
  C:\Windows\System\XmMDQtc.exe
  2⤵
  PID:1924
- C:\Windows\System\GtfvNNm.exe
  C:\Windows\System\GtfvNNm.exe
  2⤵
  PID:2000
- C:\Windows\System\XvbEkey.exe
  C:\Windows\System\XvbEkey.exe
  2⤵
  PID:616
- C:\Windows\System\rQDkpmK.exe
  C:\Windows\System\rQDkpmK.exe
  2⤵
  PID:2172
- C:\Windows\System\XmzIKEO.exe
  C:\Windows\System\XmzIKEO.exe
  2⤵
  PID:1772
- C:\Windows\System\xeYnZae.exe
  C:\Windows\System\xeYnZae.exe
  2⤵
  PID:2768
- C:\Windows\System\aMEeWkF.exe
  C:\Windows\System\aMEeWkF.exe
  2⤵
  PID:560
- C:\Windows\System\zQwqNDG.exe
  C:\Windows\System\zQwqNDG.exe
  2⤵
  PID:1932
- C:\Windows\System\FrzNCeY.exe
  C:\Windows\System\FrzNCeY.exe
  2⤵
  PID:1996
- C:\Windows\System\wSkYVJo.exe
  C:\Windows\System\wSkYVJo.exe
  2⤵
  PID:2144
- C:\Windows\System\rYuYqma.exe
  C:\Windows\System\rYuYqma.exe
  2⤵
  PID:1748
- C:\Windows\System\dBXEJsq.exe
  C:\Windows\System\dBXEJsq.exe
  2⤵
  PID:2076
- C:\Windows\System\pQLKTdm.exe
  C:\Windows\System\pQLKTdm.exe
  2⤵
  PID:1556
- C:\Windows\System\MKQARkp.exe
  C:\Windows\System\MKQARkp.exe
  2⤵
  PID:2816
- C:\Windows\System\ZYKvezN.exe
  C:\Windows\System\ZYKvezN.exe
  2⤵
  PID:1484
- C:\Windows\System\wxhhJZd.exe
  C:\Windows\System\wxhhJZd.exe
  2⤵
  PID:1652
- C:\Windows\System\dnRmaQS.exe
  C:\Windows\System\dnRmaQS.exe
  2⤵
  PID:1288
- C:\Windows\System\YnfglRN.exe
  C:\Windows\System\YnfglRN.exe
  2⤵
  PID:2532
- C:\Windows\System\kwVAiDI.exe
  C:\Windows\System\kwVAiDI.exe
  2⤵
  PID:1916
- C:\Windows\System\XsewAHf.exe
  C:\Windows\System\XsewAHf.exe
  2⤵
  PID:2576
- C:\Windows\System\FlxWlbk.exe
  C:\Windows\System\FlxWlbk.exe
  2⤵
  PID:1708
- C:\Windows\System\BbRenhw.exe
  C:\Windows\System\BbRenhw.exe
  2⤵
  PID:2520
- C:\Windows\System\frAwIIc.exe
  C:\Windows\System\frAwIIc.exe
  2⤵
  PID:2928
- C:\Windows\System\QWUqqoq.exe
  C:\Windows\System\QWUqqoq.exe
  2⤵
  PID:1584
- C:\Windows\System\GDFdpmj.exe
  C:\Windows\System\GDFdpmj.exe
  2⤵
  PID:1536
- C:\Windows\System\mpXZByw.exe
  C:\Windows\System\mpXZByw.exe
  2⤵
  PID:2136
- C:\Windows\System\KSUwXHo.exe
  C:\Windows\System\KSUwXHo.exe
  2⤵
  PID:1740
- C:\Windows\System\nJAFWHm.exe
  C:\Windows\System\nJAFWHm.exe
  2⤵
  PID:2220
- C:\Windows\System\nwOEeqE.exe
  C:\Windows\System\nwOEeqE.exe
  2⤵
  PID:2152
- C:\Windows\System\xzEcRpc.exe
  C:\Windows\System\xzEcRpc.exe
  2⤵
  PID:1964
- C:\Windows\System\yYUeTsU.exe
  C:\Windows\System\yYUeTsU.exe
  2⤵
  PID:2452
- C:\Windows\System\ySHrbhj.exe
  C:\Windows\System\ySHrbhj.exe
  2⤵
  PID:2780
- C:\Windows\System\CGiahYC.exe
  C:\Windows\System\CGiahYC.exe
  2⤵
  PID:1780
- C:\Windows\System\ptibadi.exe
  C:\Windows\System\ptibadi.exe
  2⤵
  PID:2824
- C:\Windows\System\dEgdSEi.exe
  C:\Windows\System\dEgdSEi.exe
  2⤵
  PID:2664
- C:\Windows\System\SHRkWHJ.exe
  C:\Windows\System\SHRkWHJ.exe
  2⤵
  PID:2044
- C:\Windows\System\moWQaiA.exe
  C:\Windows\System\moWQaiA.exe
  2⤵
  PID:768
- C:\Windows\System\cNwiNKP.exe
  C:\Windows\System\cNwiNKP.exe
  2⤵
  PID:1312
- C:\Windows\System\VTltAQS.exe
  C:\Windows\System\VTltAQS.exe
  2⤵
  PID:2432
- C:\Windows\System\UutwihC.exe
  C:\Windows\System\UutwihC.exe
  2⤵
  PID:3084
- C:\Windows\System\ejoqARi.exe
  C:\Windows\System\ejoqARi.exe
  2⤵
  PID:3100
- C:\Windows\System\ebKCcbD.exe
  C:\Windows\System\ebKCcbD.exe
  2⤵
  PID:3124
- C:\Windows\System\GCyKGoZ.exe
  C:\Windows\System\GCyKGoZ.exe
  2⤵
  PID:3144
- C:\Windows\System\tRJeucy.exe
  C:\Windows\System\tRJeucy.exe
  2⤵
  PID:3164
- C:\Windows\System\kfykowP.exe
  C:\Windows\System\kfykowP.exe
  2⤵
  PID:3184
- C:\Windows\System\tjrAYhL.exe
  C:\Windows\System\tjrAYhL.exe
  2⤵
  PID:3204
- C:\Windows\System\Ydmqiqx.exe
  C:\Windows\System\Ydmqiqx.exe
  2⤵
  PID:3220
- C:\Windows\System\tylidtC.exe
  C:\Windows\System\tylidtC.exe
  2⤵
  PID:3244
- C:\Windows\System\YRzTqLu.exe
  C:\Windows\System\YRzTqLu.exe
  2⤵
  PID:3260
- C:\Windows\System\MFkXfaM.exe
  C:\Windows\System\MFkXfaM.exe
  2⤵
  PID:3280
- C:\Windows\System\PgeLNTb.exe
  C:\Windows\System\PgeLNTb.exe
  2⤵
  PID:3300
- C:\Windows\System\dxUDrVI.exe
  C:\Windows\System\dxUDrVI.exe
  2⤵
  PID:3324
- C:\Windows\System\xacOhGC.exe
  C:\Windows\System\xacOhGC.exe
  2⤵
  PID:3344
- C:\Windows\System\kgVenUy.exe
  C:\Windows\System\kgVenUy.exe
  2⤵
  PID:3368
- C:\Windows\System\ePyFIES.exe
  C:\Windows\System\ePyFIES.exe
  2⤵
  PID:3384
- C:\Windows\System\nDPnKoB.exe
  C:\Windows\System\nDPnKoB.exe
  2⤵
  PID:3404
- C:\Windows\System\dUmBVFu.exe
  C:\Windows\System\dUmBVFu.exe
  2⤵
  PID:3424
- C:\Windows\System\ePkBukr.exe
  C:\Windows\System\ePkBukr.exe
  2⤵
  PID:3444
- C:\Windows\System\XvWUuXy.exe
  C:\Windows\System\XvWUuXy.exe
  2⤵
  PID:3464
- C:\Windows\System\CmvZDyE.exe
  C:\Windows\System\CmvZDyE.exe
  2⤵
  PID:3488
- C:\Windows\System\uslbjdR.exe
  C:\Windows\System\uslbjdR.exe
  2⤵
  PID:3504
- C:\Windows\System\RPKagnf.exe
  C:\Windows\System\RPKagnf.exe
  2⤵
  PID:3528
- C:\Windows\System\cXZTiQu.exe
  C:\Windows\System\cXZTiQu.exe
  2⤵
  PID:3544
- C:\Windows\System\wPbXTcr.exe
  C:\Windows\System\wPbXTcr.exe
  2⤵
  PID:3564
- C:\Windows\System\GayZZDK.exe
  C:\Windows\System\GayZZDK.exe
  2⤵
  PID:3584
- C:\Windows\System\IgVATJq.exe
  C:\Windows\System\IgVATJq.exe
  2⤵
  PID:3604
- C:\Windows\System\IzZNVlh.exe
  C:\Windows\System\IzZNVlh.exe
  2⤵
  PID:3624
- C:\Windows\System\IsYTYKJ.exe
  C:\Windows\System\IsYTYKJ.exe
  2⤵
  PID:3644
- C:\Windows\System\rkZLDLg.exe
  C:\Windows\System\rkZLDLg.exe
  2⤵
  PID:3660
- C:\Windows\System\GuOhjEV.exe
  C:\Windows\System\GuOhjEV.exe
  2⤵
  PID:3680
- C:\Windows\System\OPnvSSi.exe
  C:\Windows\System\OPnvSSi.exe
  2⤵
  PID:3704
- C:\Windows\System\LzzThDa.exe
  C:\Windows\System\LzzThDa.exe
  2⤵
  PID:3720
- C:\Windows\System\UutsPdn.exe
  C:\Windows\System\UutsPdn.exe
  2⤵
  PID:3748
- C:\Windows\System\qKVsOoB.exe
  C:\Windows\System\qKVsOoB.exe
  2⤵
  PID:3768
- C:\Windows\System\hdlHKxp.exe
  C:\Windows\System\hdlHKxp.exe
  2⤵
  PID:3788
- C:\Windows\System\hAWRuPT.exe
  C:\Windows\System\hAWRuPT.exe
  2⤵
  PID:3812
- C:\Windows\System\VJSQXia.exe
  C:\Windows\System\VJSQXia.exe
  2⤵
  PID:3832
- C:\Windows\System\JsTCxTN.exe
  C:\Windows\System\JsTCxTN.exe
  2⤵
  PID:3852
- C:\Windows\System\wRiyyyj.exe
  C:\Windows\System\wRiyyyj.exe
  2⤵
  PID:3872
- C:\Windows\System\ynLevrV.exe
  C:\Windows\System\ynLevrV.exe
  2⤵
  PID:3892
- C:\Windows\System\xcTavva.exe
  C:\Windows\System\xcTavva.exe
  2⤵
  PID:3912
- C:\Windows\System\WJiIVAN.exe
  C:\Windows\System\WJiIVAN.exe
  2⤵
  PID:3932
- C:\Windows\System\uBFAGge.exe
  C:\Windows\System\uBFAGge.exe
  2⤵
  PID:3948
- C:\Windows\System\IPuYOrG.exe
  C:\Windows\System\IPuYOrG.exe
  2⤵
  PID:3972
- C:\Windows\System\snAFDSV.exe
  C:\Windows\System\snAFDSV.exe
  2⤵
  PID:3988
- C:\Windows\System\qTCPDIr.exe
  C:\Windows\System\qTCPDIr.exe
  2⤵
  PID:4012
- C:\Windows\System\RWKGrHy.exe
  C:\Windows\System\RWKGrHy.exe
  2⤵
  PID:4032
- C:\Windows\System\wNByNKq.exe
  C:\Windows\System\wNByNKq.exe
  2⤵
  PID:4052
- C:\Windows\System\IXAPOrN.exe
  C:\Windows\System\IXAPOrN.exe
  2⤵
  PID:4068
- C:\Windows\System\TednTXs.exe
  C:\Windows\System\TednTXs.exe
  2⤵
  PID:4092
- C:\Windows\System\PYiZiLr.exe
  C:\Windows\System\PYiZiLr.exe
  2⤵
  PID:468
- C:\Windows\System\EpqnUGa.exe
  C:\Windows\System\EpqnUGa.exe
  2⤵
  PID:2916
- C:\Windows\System\XeQJUZs.exe
  C:\Windows\System\XeQJUZs.exe
  2⤵
  PID:2132
- C:\Windows\System\cpEvigw.exe
  C:\Windows\System\cpEvigw.exe
  2⤵
  PID:2860
- C:\Windows\System\dwHkWTo.exe
  C:\Windows\System\dwHkWTo.exe
  2⤵
  PID:1604
- C:\Windows\System\gakjUxh.exe
  C:\Windows\System\gakjUxh.exe
  2⤵
  PID:2168
- C:\Windows\System\CFdVsZa.exe
  C:\Windows\System\CFdVsZa.exe
  2⤵
  PID:3076
- C:\Windows\System\kbtxGIc.exe
  C:\Windows\System\kbtxGIc.exe
  2⤵
  PID:3108
- C:\Windows\System\hkCxQhH.exe
  C:\Windows\System\hkCxQhH.exe
  2⤵
  PID:3152
- C:\Windows\System\SrtScZs.exe
  C:\Windows\System\SrtScZs.exe
  2⤵
  PID:3196
- C:\Windows\System\WfQuoLn.exe
  C:\Windows\System\WfQuoLn.exe
  2⤵
  PID:3232
- C:\Windows\System\CkYLlgl.exe
  C:\Windows\System\CkYLlgl.exe
  2⤵
  PID:3172
- C:\Windows\System\OkpbdSV.exe
  C:\Windows\System\OkpbdSV.exe
  2⤵
  PID:3216
- C:\Windows\System\lkKraqS.exe
  C:\Windows\System\lkKraqS.exe
  2⤵
  PID:3352
- C:\Windows\System\giNkJxx.exe
  C:\Windows\System\giNkJxx.exe
  2⤵
  PID:3288
- C:\Windows\System\GHSxdTX.exe
  C:\Windows\System\GHSxdTX.exe
  2⤵
  PID:3396
- C:\Windows\System\UnLvmPD.exe
  C:\Windows\System\UnLvmPD.exe
  2⤵
  PID:3440
- C:\Windows\System\NiKgNFG.exe
  C:\Windows\System\NiKgNFG.exe
  2⤵
  PID:3380
- C:\Windows\System\JPAdbBW.exe
  C:\Windows\System\JPAdbBW.exe
  2⤵
  PID:3524
- C:\Windows\System\oqetJiM.exe
  C:\Windows\System\oqetJiM.exe
  2⤵
  PID:3416
- C:\Windows\System\BSFvaqE.exe
  C:\Windows\System\BSFvaqE.exe
  2⤵
  PID:3452
- C:\Windows\System\SRbfjVU.exe
  C:\Windows\System\SRbfjVU.exe
  2⤵
  PID:3632
- C:\Windows\System\FQLjhtc.exe
  C:\Windows\System\FQLjhtc.exe
  2⤵
  PID:3536
- C:\Windows\System\GpdcUkW.exe
  C:\Windows\System\GpdcUkW.exe
  2⤵
  PID:3672
- C:\Windows\System\IeGveml.exe
  C:\Windows\System\IeGveml.exe
  2⤵
  PID:3656
- C:\Windows\System\YoLGBHv.exe
  C:\Windows\System\YoLGBHv.exe
  2⤵
  PID:3696
- C:\Windows\System\PYTBvXs.exe
  C:\Windows\System\PYTBvXs.exe
  2⤵
  PID:3744
- C:\Windows\System\yPIAZoA.exe
  C:\Windows\System\yPIAZoA.exe
  2⤵
  PID:3796
- C:\Windows\System\IJNIBGv.exe
  C:\Windows\System\IJNIBGv.exe
  2⤵
  PID:3776
- C:\Windows\System\NKyEcmh.exe
  C:\Windows\System\NKyEcmh.exe
  2⤵
  PID:3848
- C:\Windows\System\FJjlOLs.exe
  C:\Windows\System\FJjlOLs.exe
  2⤵
  PID:3884
- C:\Windows\System\dRpWYeX.exe
  C:\Windows\System\dRpWYeX.exe
  2⤵
  PID:3928
- C:\Windows\System\xMWnYXw.exe
  C:\Windows\System\xMWnYXw.exe
  2⤵
  PID:3964
- C:\Windows\System\AQjsFwS.exe
  C:\Windows\System\AQjsFwS.exe
  2⤵
  PID:4008
- C:\Windows\System\wtpRAjh.exe
  C:\Windows\System\wtpRAjh.exe
  2⤵
  PID:3984
- C:\Windows\System\oiCkNEA.exe
  C:\Windows\System\oiCkNEA.exe
  2⤵
  PID:4044
- C:\Windows\System\tHWxxsS.exe
  C:\Windows\System\tHWxxsS.exe
  2⤵
  PID:4088
- C:\Windows\System\akELdeK.exe
  C:\Windows\System\akELdeK.exe
  2⤵
  PID:3060
- C:\Windows\System\izfxqTw.exe
  C:\Windows\System\izfxqTw.exe
  2⤵
  PID:2352
- C:\Windows\System\QVRGYjv.exe
  C:\Windows\System\QVRGYjv.exe
  2⤵
  PID:1476
- C:\Windows\System\MFrpPYn.exe
  C:\Windows\System\MFrpPYn.exe
  2⤵
  PID:1380
- C:\Windows\System\OQXYSub.exe
  C:\Windows\System\OQXYSub.exe
  2⤵
  PID:672
- C:\Windows\System\asIMBjg.exe
  C:\Windows\System\asIMBjg.exe
  2⤵
  PID:3192
- C:\Windows\System\PANDauu.exe
  C:\Windows\System\PANDauu.exe
  2⤵
  PID:3116
- C:\Windows\System\sbIGxvv.exe
  C:\Windows\System\sbIGxvv.exe
  2⤵
  PID:3240
- C:\Windows\System\WBesXkR.exe
  C:\Windows\System\WBesXkR.exe
  2⤵
  PID:3312
- C:\Windows\System\VGJCHWO.exe
  C:\Windows\System\VGJCHWO.exe
  2⤵
  PID:3400
- C:\Windows\System\aPstqBN.exe
  C:\Windows\System\aPstqBN.exe
  2⤵
  PID:3484
- C:\Windows\System\lyhywYm.exe
  C:\Windows\System\lyhywYm.exe
  2⤵
  PID:3432
- C:\Windows\System\SXcHfrF.exe
  C:\Windows\System\SXcHfrF.exe
  2⤵
  PID:3500
- C:\Windows\System\YVCmEwF.exe
  C:\Windows\System\YVCmEwF.exe
  2⤵
  PID:3592
- C:\Windows\System\MwSDyac.exe
  C:\Windows\System\MwSDyac.exe
  2⤵
  PID:3580
- C:\Windows\System\ovsmmfy.exe
  C:\Windows\System\ovsmmfy.exe
  2⤵
  PID:3688
- C:\Windows\System\yINuSlP.exe
  C:\Windows\System\yINuSlP.exe
  2⤵
  PID:3612
- C:\Windows\System\HBLTvEC.exe
  C:\Windows\System\HBLTvEC.exe
  2⤵
  PID:2740
- C:\Windows\System\pjYWEBe.exe
  C:\Windows\System\pjYWEBe.exe
  2⤵
  PID:3820
- C:\Windows\System\eBiHExV.exe
  C:\Windows\System\eBiHExV.exe
  2⤵
  PID:3920
- C:\Windows\System\qCAFvSy.exe
  C:\Windows\System\qCAFvSy.exe
  2⤵
  PID:3960
- C:\Windows\System\WDMYiuQ.exe
  C:\Windows\System\WDMYiuQ.exe
  2⤵
  PID:4040
- C:\Windows\System\FuHnMkd.exe
  C:\Windows\System\FuHnMkd.exe
  2⤵
  PID:1988
- C:\Windows\System\MiyDWpB.exe
  C:\Windows\System\MiyDWpB.exe
  2⤵
  PID:1600
- C:\Windows\System\qEXEtIR.exe
  C:\Windows\System\qEXEtIR.exe
  2⤵
  PID:1928
- C:\Windows\System\GMcfvef.exe
  C:\Windows\System\GMcfvef.exe
  2⤵
  PID:1752
- C:\Windows\System\ULoXkOj.exe
  C:\Windows\System\ULoXkOj.exe
  2⤵
  PID:1588
- C:\Windows\System\nAXezQM.exe
  C:\Windows\System\nAXezQM.exe
  2⤵
  PID:3316
- C:\Windows\System\KFXXMsa.exe
  C:\Windows\System\KFXXMsa.exe
  2⤵
  PID:3140
- C:\Windows\System\ifphsYP.exe
  C:\Windows\System\ifphsYP.exe
  2⤵
  PID:3256
- C:\Windows\System\OZoNRPm.exe
  C:\Windows\System\OZoNRPm.exe
  2⤵
  PID:3296
- C:\Windows\System\JVztFIw.exe
  C:\Windows\System\JVztFIw.exe
  2⤵
  PID:3552
- C:\Windows\System\GkBrOpt.exe
  C:\Windows\System\GkBrOpt.exe
  2⤵
  PID:3520
- C:\Windows\System\vkjxmFf.exe
  C:\Windows\System\vkjxmFf.exe
  2⤵
  PID:3712
- C:\Windows\System\cpOIBGD.exe
  C:\Windows\System\cpOIBGD.exe
  2⤵
  PID:3728
- C:\Windows\System\gIwxDei.exe
  C:\Windows\System\gIwxDei.exe
  2⤵
  PID:2784
- C:\Windows\System\abXtCpT.exe
  C:\Windows\System\abXtCpT.exe
  2⤵
  PID:3780
- C:\Windows\System\AsrTyGU.exe
  C:\Windows\System\AsrTyGU.exe
  2⤵
  PID:4048
- C:\Windows\System\MFxOmnh.exe
  C:\Windows\System\MFxOmnh.exe
  2⤵
  PID:4076
- C:\Windows\System\NifHNGH.exe
  C:\Windows\System\NifHNGH.exe
  2⤵
  PID:1632
- C:\Windows\System\WJoumLn.exe
  C:\Windows\System\WJoumLn.exe
  2⤵
  PID:2912
- C:\Windows\System\XKpUUsM.exe
  C:\Windows\System\XKpUUsM.exe
  2⤵
  PID:3228
- C:\Windows\System\YEIpdiA.exe
  C:\Windows\System\YEIpdiA.exe
  2⤵
  PID:3472
- C:\Windows\System\WeFMiDf.exe
  C:\Windows\System\WeFMiDf.exe
  2⤵
  PID:3576
- C:\Windows\System\zkwfXJa.exe
  C:\Windows\System\zkwfXJa.exe
  2⤵
  PID:3616
- C:\Windows\System\eutJWrP.exe
  C:\Windows\System\eutJWrP.exe
  2⤵
  PID:3736
- C:\Windows\System\joRCGTY.exe
  C:\Windows\System\joRCGTY.exe
  2⤵
  PID:3760
- C:\Windows\System\PMiCeVj.exe
  C:\Windows\System\PMiCeVj.exe
  2⤵
  PID:3004
- C:\Windows\System\mDVrDKH.exe
  C:\Windows\System\mDVrDKH.exe
  2⤵
  PID:3012
- C:\Windows\System\fPshCdX.exe
  C:\Windows\System\fPshCdX.exe
  2⤵
  PID:3460
- C:\Windows\System\pKkidIZ.exe
  C:\Windows\System\pKkidIZ.exe
  2⤵
  PID:3096
- C:\Windows\System\YnPGQlO.exe
  C:\Windows\System\YnPGQlO.exe
  2⤵
  PID:3560
- C:\Windows\System\FcYquXL.exe
  C:\Windows\System\FcYquXL.exe
  2⤵
  PID:4112
- C:\Windows\System\cenwfWB.exe
  C:\Windows\System\cenwfWB.exe
  2⤵
  PID:4132
- C:\Windows\System\QNTecsV.exe
  C:\Windows\System\QNTecsV.exe
  2⤵
  PID:4152
- C:\Windows\System\MbuhJno.exe
  C:\Windows\System\MbuhJno.exe
  2⤵
  PID:4172
- C:\Windows\System\JgCYeUj.exe
  C:\Windows\System\JgCYeUj.exe
  2⤵
  PID:4192
- C:\Windows\System\rWPomcm.exe
  C:\Windows\System\rWPomcm.exe
  2⤵
  PID:4212
- C:\Windows\System\FSXpACK.exe
  C:\Windows\System\FSXpACK.exe
  2⤵
  PID:4232
- C:\Windows\System\vcxGjww.exe
  C:\Windows\System\vcxGjww.exe
  2⤵
  PID:4252
- C:\Windows\System\eSwVrVo.exe
  C:\Windows\System\eSwVrVo.exe
  2⤵
  PID:4272
- C:\Windows\System\EVhvymD.exe
  C:\Windows\System\EVhvymD.exe
  2⤵
  PID:4292
- C:\Windows\System\inWOceH.exe
  C:\Windows\System\inWOceH.exe
  2⤵
  PID:4312
- C:\Windows\System\ENFMrGq.exe
  C:\Windows\System\ENFMrGq.exe
  2⤵
  PID:4332
- C:\Windows\System\DYNCwUa.exe
  C:\Windows\System\DYNCwUa.exe
  2⤵
  PID:4352
- C:\Windows\System\LoyGRKG.exe
  C:\Windows\System\LoyGRKG.exe
  2⤵
  PID:4372
- C:\Windows\System\AZPusZH.exe
  C:\Windows\System\AZPusZH.exe
  2⤵
  PID:4392
- C:\Windows\System\HBEhqYP.exe
  C:\Windows\System\HBEhqYP.exe
  2⤵
  PID:4408
- C:\Windows\System\FphmgEm.exe
  C:\Windows\System\FphmgEm.exe
  2⤵
  PID:4432
- C:\Windows\System\ETaSkLW.exe
  C:\Windows\System\ETaSkLW.exe
  2⤵
  PID:4448
- C:\Windows\System\mswZVux.exe
  C:\Windows\System\mswZVux.exe
  2⤵
  PID:4472
- C:\Windows\System\YTLiXPr.exe
  C:\Windows\System\YTLiXPr.exe
  2⤵
  PID:4488
- C:\Windows\System\YNCVWpp.exe
  C:\Windows\System\YNCVWpp.exe
  2⤵
  PID:4512
- C:\Windows\System\CicwyLp.exe
  C:\Windows\System\CicwyLp.exe
  2⤵
  PID:4528
- C:\Windows\System\ioqQmhi.exe
  C:\Windows\System\ioqQmhi.exe
  2⤵
  PID:4552
- C:\Windows\System\BYUpUsJ.exe
  C:\Windows\System\BYUpUsJ.exe
  2⤵
  PID:4572
- C:\Windows\System\EobcSXE.exe
  C:\Windows\System\EobcSXE.exe
  2⤵
  PID:4592
- C:\Windows\System\LgiQuiR.exe
  C:\Windows\System\LgiQuiR.exe
  2⤵
  PID:4612
- C:\Windows\System\eTSrEWQ.exe
  C:\Windows\System\eTSrEWQ.exe
  2⤵
  PID:4632
- C:\Windows\System\BeInafh.exe
  C:\Windows\System\BeInafh.exe
  2⤵
  PID:4652
- C:\Windows\System\GPPymrs.exe
  C:\Windows\System\GPPymrs.exe
  2⤵
  PID:4672
- C:\Windows\System\ZrFOvsC.exe
  C:\Windows\System\ZrFOvsC.exe
  2⤵
  PID:4688
- C:\Windows\System\BawBGxq.exe
  C:\Windows\System\BawBGxq.exe
  2⤵
  PID:4716
- C:\Windows\System\GzXOKDv.exe
  C:\Windows\System\GzXOKDv.exe
  2⤵
  PID:4732
- C:\Windows\System\tywQQwu.exe
  C:\Windows\System\tywQQwu.exe
  2⤵
  PID:4756
- C:\Windows\System\fhoOizS.exe
  C:\Windows\System\fhoOizS.exe
  2⤵
  PID:4772
- C:\Windows\System\tHUGuso.exe
  C:\Windows\System\tHUGuso.exe
  2⤵
  PID:4796
- C:\Windows\System\gGdNDdA.exe
  C:\Windows\System\gGdNDdA.exe
  2⤵
  PID:4812
- C:\Windows\System\QRkPfSW.exe
  C:\Windows\System\QRkPfSW.exe
  2⤵
  PID:4836
- C:\Windows\System\aCbQHEl.exe
  C:\Windows\System\aCbQHEl.exe
  2⤵
  PID:4852
- C:\Windows\System\DeeAZHr.exe
  C:\Windows\System\DeeAZHr.exe
  2⤵
  PID:4876
- C:\Windows\System\aAtzExc.exe
  C:\Windows\System\aAtzExc.exe
  2⤵
  PID:4892
- C:\Windows\System\dpmxjEe.exe
  C:\Windows\System\dpmxjEe.exe
  2⤵
  PID:4912
- C:\Windows\System\EKbskXA.exe
  C:\Windows\System\EKbskXA.exe
  2⤵
  PID:4932
- C:\Windows\System\XsQXAvW.exe
  C:\Windows\System\XsQXAvW.exe
  2⤵
  PID:4952
- C:\Windows\System\qLtWTEA.exe
  C:\Windows\System\qLtWTEA.exe
  2⤵
  PID:4972
- C:\Windows\System\GxSeVeT.exe
  C:\Windows\System\GxSeVeT.exe
  2⤵
  PID:4992
- C:\Windows\System\dkjLDnv.exe
  C:\Windows\System\dkjLDnv.exe
  2⤵
  PID:5008
- C:\Windows\System\lAKpvDt.exe
  C:\Windows\System\lAKpvDt.exe
  2⤵
  PID:5032
- C:\Windows\System\nGVdCcf.exe
  C:\Windows\System\nGVdCcf.exe
  2⤵
  PID:5052
- C:\Windows\System\EpEuPMq.exe
  C:\Windows\System\EpEuPMq.exe
  2⤵
  PID:5072
- C:\Windows\System\KZeJeQf.exe
  C:\Windows\System\KZeJeQf.exe
  2⤵
  PID:5088
- C:\Windows\System\NhuWsqf.exe
  C:\Windows\System\NhuWsqf.exe
  2⤵
  PID:5116
- C:\Windows\System\oNzEpBO.exe
  C:\Windows\System\oNzEpBO.exe
  2⤵
  PID:3880
- C:\Windows\System\hJBQMoi.exe
  C:\Windows\System\hJBQMoi.exe
  2⤵
  PID:2596
- C:\Windows\System\rrCyjuP.exe
  C:\Windows\System\rrCyjuP.exe
  2⤵
  PID:3276
- C:\Windows\System\HqgzMTV.exe
  C:\Windows\System\HqgzMTV.exe
  2⤵
  PID:3320
- C:\Windows\System\AUCVUsV.exe
  C:\Windows\System\AUCVUsV.exe
  2⤵
  PID:4104
- C:\Windows\System\xzEIsIC.exe
  C:\Windows\System\xzEIsIC.exe
  2⤵
  PID:1724
- C:\Windows\System\OcjADyD.exe
  C:\Windows\System\OcjADyD.exe
  2⤵
  PID:2064
- C:\Windows\System\FoYPZKd.exe
  C:\Windows\System\FoYPZKd.exe
  2⤵
  PID:4168
- C:\Windows\System\LjZuRim.exe
  C:\Windows\System\LjZuRim.exe
  2⤵
  PID:4220
- C:\Windows\System\hUbjDTZ.exe
  C:\Windows\System\hUbjDTZ.exe
  2⤵
  PID:4248
- C:\Windows\System\qXzlPcV.exe
  C:\Windows\System\qXzlPcV.exe
  2⤵
  PID:4264
- C:\Windows\System\iTIXBkn.exe
  C:\Windows\System\iTIXBkn.exe
  2⤵
  PID:4340
- C:\Windows\System\gHgRzyg.exe
  C:\Windows\System\gHgRzyg.exe
  2⤵
  PID:4284
- C:\Windows\System\TJrvuGv.exe
  C:\Windows\System\TJrvuGv.exe
  2⤵
  PID:4328
- C:\Windows\System\dGnWsVb.exe
  C:\Windows\System\dGnWsVb.exe
  2⤵
  PID:4360
- C:\Windows\System\gFirhsv.exe
  C:\Windows\System\gFirhsv.exe
  2⤵
  PID:4464
- C:\Windows\System\hpigESF.exe
  C:\Windows\System\hpigESF.exe
  2⤵
  PID:4496
- C:\Windows\System\IYFkSTb.exe
  C:\Windows\System\IYFkSTb.exe
  2⤵
  PID:4500
- C:\Windows\System\JcdgeXc.exe
  C:\Windows\System\JcdgeXc.exe
  2⤵
  PID:4548
- C:\Windows\System\OJcJYhi.exe
  C:\Windows\System\OJcJYhi.exe
  2⤵
  PID:4588
- C:\Windows\System\MPxxHir.exe
  C:\Windows\System\MPxxHir.exe
  2⤵
  PID:4584
- C:\Windows\System\qBYrUwv.exe
  C:\Windows\System\qBYrUwv.exe
  2⤵
  PID:4668
- C:\Windows\System\oMtAmuz.exe
  C:\Windows\System\oMtAmuz.exe
  2⤵
  PID:4700
- C:\Windows\System\abHTQkA.exe
  C:\Windows\System\abHTQkA.exe
  2⤵
  PID:4704
- C:\Windows\System\gzPhBrq.exe
  C:\Windows\System\gzPhBrq.exe
  2⤵
  PID:4684
- C:\Windows\System\TqnRDTB.exe
  C:\Windows\System\TqnRDTB.exe
  2⤵
  PID:4780
- C:\Windows\System\yrWhMwF.exe
  C:\Windows\System\yrWhMwF.exe
  2⤵
  PID:4828
- C:\Windows\System\GLnIodI.exe
  C:\Windows\System\GLnIodI.exe
  2⤵
  PID:4768
- C:\Windows\System\JAmdPgt.exe
  C:\Windows\System\JAmdPgt.exe
  2⤵
  PID:4900
- C:\Windows\System\avQOdwZ.exe
  C:\Windows\System\avQOdwZ.exe
  2⤵
  PID:4948
- C:\Windows\System\iJhnANm.exe
  C:\Windows\System\iJhnANm.exe
  2⤵
  PID:4844
- C:\Windows\System\EzjauBm.exe
  C:\Windows\System\EzjauBm.exe
  2⤵
  PID:4884
- C:\Windows\System\EsEQshs.exe
  C:\Windows\System\EsEQshs.exe
  2⤵
  PID:5028
- C:\Windows\System\RcRpLLD.exe
  C:\Windows\System\RcRpLLD.exe
  2⤵
  PID:4928
- C:\Windows\System\xPAZcNE.exe
  C:\Windows\System\xPAZcNE.exe
  2⤵
  PID:2380
- C:\Windows\System\AKttYnL.exe
  C:\Windows\System\AKttYnL.exe
  2⤵
  PID:5000
- C:\Windows\System\HpsLExC.exe
  C:\Windows\System\HpsLExC.exe
  2⤵
  PID:5104
- C:\Windows\System\zJIatVK.exe
  C:\Windows\System\zJIatVK.exe
  2⤵
  PID:2600
- C:\Windows\System\ApylqhQ.exe
  C:\Windows\System\ApylqhQ.exe
  2⤵
  PID:5080
- C:\Windows\System\ItxsEfP.exe
  C:\Windows\System\ItxsEfP.exe
  2⤵
  PID:2980
- C:\Windows\System\vNGSMmh.exe
  C:\Windows\System\vNGSMmh.exe
  2⤵
  PID:1744
- C:\Windows\System\xapmfTW.exe
  C:\Windows\System\xapmfTW.exe
  2⤵
  PID:1704
- C:\Windows\System\hpFuRyP.exe
  C:\Windows\System\hpFuRyP.exe
  2⤵
  PID:4108
- C:\Windows\System\iVeyYoP.exe
  C:\Windows\System\iVeyYoP.exe
  2⤵
  PID:4144
- C:\Windows\System\xIoxSuC.exe
  C:\Windows\System\xIoxSuC.exe
  2⤵
  PID:2832
- C:\Windows\System\Cfakzky.exe
  C:\Windows\System\Cfakzky.exe
  2⤵
  PID:2736
- C:\Windows\System\HGnscMJ.exe
  C:\Windows\System\HGnscMJ.exe
  2⤵
  PID:1448
- C:\Windows\System\XrVJZZm.exe
  C:\Windows\System\XrVJZZm.exe
  2⤵
  PID:4384
- C:\Windows\System\uzqMMYn.exe
  C:\Windows\System\uzqMMYn.exe
  2⤵
  PID:4348
- C:\Windows\System\BZZtBpx.exe
  C:\Windows\System\BZZtBpx.exe
  2⤵
  PID:2744
- C:\Windows\System\PAsDKsD.exe
  C:\Windows\System\PAsDKsD.exe
  2⤵
  PID:2544
- C:\Windows\System\HRCHwHX.exe
  C:\Windows\System\HRCHwHX.exe
  2⤵
  PID:4540
- C:\Windows\System\xKmzLHK.exe
  C:\Windows\System\xKmzLHK.exe
  2⤵
  PID:4400
- C:\Windows\System\mmTQSPy.exe
  C:\Windows\System\mmTQSPy.exe
  2⤵
  PID:4660
- C:\Windows\System\BLhjKDj.exe
  C:\Windows\System\BLhjKDj.exe
  2⤵
  PID:4564
- C:\Windows\System\zVxodoc.exe
  C:\Windows\System\zVxodoc.exe
  2⤵
  PID:4644
- C:\Windows\System\FBmyQaQ.exe
  C:\Windows\System\FBmyQaQ.exe
  2⤵
  PID:4748
- C:\Windows\System\iJbpGAv.exe
  C:\Windows\System\iJbpGAv.exe
  2⤵
  PID:2568
- C:\Windows\System\gsVLbgs.exe
  C:\Windows\System\gsVLbgs.exe
  2⤵
  PID:1244
- C:\Windows\System\rorPsmc.exe
  C:\Windows\System\rorPsmc.exe
  2⤵
  PID:3868
- C:\Windows\System\MKXJfDy.exe
  C:\Windows\System\MKXJfDy.exe
  2⤵
  PID:4824
- C:\Windows\System\jrSxQix.exe
  C:\Windows\System\jrSxQix.exe
  2⤵
  PID:4940
- C:\Windows\System\HjwCyww.exe
  C:\Windows\System\HjwCyww.exe
  2⤵
  PID:2924
- C:\Windows\System\hLTBwXj.exe
  C:\Windows\System\hLTBwXj.exe
  2⤵
  PID:2536
- C:\Windows\System\VARTYqR.exe
  C:\Windows\System\VARTYqR.exe
  2⤵
  PID:1788
- C:\Windows\System\EHnCjPk.exe
  C:\Windows\System\EHnCjPk.exe
  2⤵
  PID:4960
- C:\Windows\System\FgJZleT.exe
  C:\Windows\System\FgJZleT.exe
  2⤵
  PID:1308
- C:\Windows\System\bEPaObe.exe
  C:\Windows\System\bEPaObe.exe
  2⤵
  PID:4988
- C:\Windows\System\cRAtDdl.exe
  C:\Windows\System\cRAtDdl.exe
  2⤵
  PID:3908
- C:\Windows\System\BGbjxOq.exe
  C:\Windows\System\BGbjxOq.exe
  2⤵
  PID:4160
- C:\Windows\System\pZurthk.exe
  C:\Windows\System\pZurthk.exe
  2⤵
  PID:4224
- C:\Windows\System\uPcvtdh.exe
  C:\Windows\System\uPcvtdh.exe
  2⤵
  PID:4260
- C:\Windows\System\sDywrbd.exe
  C:\Windows\System\sDywrbd.exe
  2⤵
  PID:4204
- C:\Windows\System\IIRjNMQ.exe
  C:\Windows\System\IIRjNMQ.exe
  2⤵
  PID:4148
- C:\Windows\System\yMQybuo.exe
  C:\Windows\System\yMQybuo.exe
  2⤵
  PID:2436
- C:\Windows\System\jxjocSG.exe
  C:\Windows\System\jxjocSG.exe
  2⤵
  PID:4364
- C:\Windows\System\iRlrfTB.exe
  C:\Windows\System\iRlrfTB.exe
  2⤵
  PID:1508
- C:\Windows\System\GqIKNzr.exe
  C:\Windows\System\GqIKNzr.exe
  2⤵
  PID:4568
- C:\Windows\System\YIGIOcM.exe
  C:\Windows\System\YIGIOcM.exe
  2⤵
  PID:4300
- C:\Windows\System\YoRAfqE.exe
  C:\Windows\System\YoRAfqE.exe
  2⤵
  PID:4536
- C:\Windows\System\HBsdrde.exe
  C:\Windows\System\HBsdrde.exe
  2⤵
  PID:4544
- C:\Windows\System\TzVELKR.exe
  C:\Windows\System\TzVELKR.exe
  2⤵
  PID:2804
- C:\Windows\System\VmhJUsC.exe
  C:\Windows\System\VmhJUsC.exe
  2⤵
  PID:2900
- C:\Windows\System\dUvnzmy.exe
  C:\Windows\System\dUvnzmy.exe
  2⤵
  PID:3036
- C:\Windows\System\IERLIck.exe
  C:\Windows\System\IERLIck.exe
  2⤵
  PID:4904
- C:\Windows\System\nFnnsON.exe
  C:\Windows\System\nFnnsON.exe
  2⤵
  PID:2356
- C:\Windows\System\XdRNWbJ.exe
  C:\Windows\System\XdRNWbJ.exe
  2⤵
  PID:4924
- C:\Windows\System\iyHAlHH.exe
  C:\Windows\System\iyHAlHH.exe
  2⤵
  PID:4980
- C:\Windows\System\dhfHpvG.exe
  C:\Windows\System\dhfHpvG.exe
  2⤵
  PID:2084
- C:\Windows\System\KnIcwbL.exe
  C:\Windows\System\KnIcwbL.exe
  2⤵
  PID:664
- C:\Windows\System\ZlRutoH.exe
  C:\Windows\System\ZlRutoH.exe
  2⤵
  PID:2656
- C:\Windows\System\BJOvzPt.exe
  C:\Windows\System\BJOvzPt.exe
  2⤵
  PID:5016
- C:\Windows\System\KWQdsZK.exe
  C:\Windows\System\KWQdsZK.exe
  2⤵
  PID:4460
- C:\Windows\System\DZaYArY.exe
  C:\Windows\System\DZaYArY.exe
  2⤵
  PID:2684
- C:\Windows\System\eFsEtCY.exe
  C:\Windows\System\eFsEtCY.exe
  2⤵
  PID:2424
- C:\Windows\System\mtzHQyV.exe
  C:\Windows\System\mtzHQyV.exe
  2⤵
  PID:4164
- C:\Windows\System\htLsoSZ.exe
  C:\Windows\System\htLsoSZ.exe
  2⤵
  PID:4420
- C:\Windows\System\CaphUOE.exe
  C:\Windows\System\CaphUOE.exe
  2⤵
  PID:3000
- C:\Windows\System\FtqzBPb.exe
  C:\Windows\System\FtqzBPb.exe
  2⤵
  PID:4344
- C:\Windows\System\GUyXSEk.exe
  C:\Windows\System\GUyXSEk.exe
  2⤵
  PID:1792
- C:\Windows\System\dlgeNvd.exe
  C:\Windows\System\dlgeNvd.exe
  2⤵
  PID:4520
- C:\Windows\System\fOoRDWc.exe
  C:\Windows\System\fOoRDWc.exe
  2⤵
  PID:3980
- C:\Windows\System\dMGiKlg.exe
  C:\Windows\System\dMGiKlg.exe
  2⤵
  PID:5112
- C:\Windows\System\BRscUIv.exe
  C:\Windows\System\BRscUIv.exe
  2⤵
  PID:2096
- C:\Windows\System\WNijNYA.exe
  C:\Windows\System\WNijNYA.exe
  2⤵
  PID:4084
- C:\Windows\System\OysaBnj.exe
  C:\Windows\System\OysaBnj.exe
  2⤵
  PID:5040
- C:\Windows\System\WUUICPf.exe
  C:\Windows\System\WUUICPf.exe
  2⤵
  PID:3480
- C:\Windows\System\oCNdMBU.exe
  C:\Windows\System\oCNdMBU.exe
  2⤵
  PID:4648
- C:\Windows\System\vLdnCRg.exe
  C:\Windows\System\vLdnCRg.exe
  2⤵
  PID:4624
- C:\Windows\System\YlOaujq.exe
  C:\Windows\System\YlOaujq.exe
  2⤵
  PID:3784
- C:\Windows\System\uKHquKL.exe
  C:\Windows\System\uKHquKL.exe
  2⤵
  PID:1216
- C:\Windows\System\ctSEent.exe
  C:\Windows\System\ctSEent.exe
  2⤵
  PID:2772
- C:\Windows\System\JFgRgtW.exe
  C:\Windows\System\JFgRgtW.exe
  2⤵
  PID:3024
- C:\Windows\System\xvvyhxK.exe
  C:\Windows\System\xvvyhxK.exe
  2⤵
  PID:2896
- C:\Windows\System\mXDrQbu.exe
  C:\Windows\System\mXDrQbu.exe
  2⤵
  PID:848
- C:\Windows\System\oAEAHib.exe
  C:\Windows\System\oAEAHib.exe
  2⤵
  PID:3340
- C:\Windows\System\rqAHuCd.exe
  C:\Windows\System\rqAHuCd.exe
  2⤵
  PID:3828
- C:\Windows\System\HUmFgkL.exe
  C:\Windows\System\HUmFgkL.exe
  2⤵
  PID:1372
- C:\Windows\System\Zgcidss.exe
  C:\Windows\System\Zgcidss.exe
  2⤵
  PID:5084
- C:\Windows\System\zRVxeiY.exe
  C:\Windows\System\zRVxeiY.exe
  2⤵
  PID:5136
- C:\Windows\System\sMtfgDk.exe
  C:\Windows\System\sMtfgDk.exe
  2⤵
  PID:5160
- C:\Windows\System\VIhTXKB.exe
  C:\Windows\System\VIhTXKB.exe
  2⤵
  PID:5176
- C:\Windows\System\oSZkjsw.exe
  C:\Windows\System\oSZkjsw.exe
  2⤵
  PID:5192
- C:\Windows\System\nFfrIwT.exe
  C:\Windows\System\nFfrIwT.exe
  2⤵
  PID:5208
- C:\Windows\System\RBlEtbI.exe
  C:\Windows\System\RBlEtbI.exe
  2⤵
  PID:5232
- C:\Windows\System\DdHerHc.exe
  C:\Windows\System\DdHerHc.exe
  2⤵
  PID:5248
- C:\Windows\System\fhHuMgr.exe
  C:\Windows\System\fhHuMgr.exe
  2⤵
  PID:5264
- C:\Windows\System\QsVPMTJ.exe
  C:\Windows\System\QsVPMTJ.exe
  2⤵
  PID:5280
- C:\Windows\System\XsdAZrk.exe
  C:\Windows\System\XsdAZrk.exe
  2⤵
  PID:5296
- C:\Windows\System\mkEMWmU.exe
  C:\Windows\System\mkEMWmU.exe
  2⤵
  PID:5316
- C:\Windows\System\nqrmOgq.exe
  C:\Windows\System\nqrmOgq.exe
  2⤵
  PID:5336
- C:\Windows\System\xiXfYpz.exe
  C:\Windows\System\xiXfYpz.exe
  2⤵
  PID:5392
- C:\Windows\System\jIyhPXj.exe
  C:\Windows\System\jIyhPXj.exe
  2⤵
  PID:5408
- C:\Windows\System\iOQswqX.exe
  C:\Windows\System\iOQswqX.exe
  2⤵
  PID:5424
- C:\Windows\System\HsQyJBY.exe
  C:\Windows\System\HsQyJBY.exe
  2⤵
  PID:5440
- C:\Windows\System\TVzbKcH.exe
  C:\Windows\System\TVzbKcH.exe
  2⤵
  PID:5456
- C:\Windows\System\yXJfDpR.exe
  C:\Windows\System\yXJfDpR.exe
  2⤵
  PID:5472
- C:\Windows\System\dSsuTOa.exe
  C:\Windows\System\dSsuTOa.exe
  2⤵
  PID:5488
- C:\Windows\System\sRklWyG.exe
  C:\Windows\System\sRklWyG.exe
  2⤵
  PID:5504
- C:\Windows\System\ujMAaOt.exe
  C:\Windows\System\ujMAaOt.exe
  2⤵
  PID:5520
- C:\Windows\System\syOBcAw.exe
  C:\Windows\System\syOBcAw.exe
  2⤵
  PID:5536
- C:\Windows\System\XszDXXb.exe
  C:\Windows\System\XszDXXb.exe
  2⤵
  PID:5552
- C:\Windows\System\DteFhpu.exe
  C:\Windows\System\DteFhpu.exe
  2⤵
  PID:5572
- C:\Windows\System\zWwRmgX.exe
  C:\Windows\System\zWwRmgX.exe
  2⤵
  PID:5628
- C:\Windows\System\OUXHMZb.exe
  C:\Windows\System\OUXHMZb.exe
  2⤵
  PID:5648
- C:\Windows\System\EVwslOZ.exe
  C:\Windows\System\EVwslOZ.exe
  2⤵
  PID:5668
- C:\Windows\System\mGHxmBZ.exe
  C:\Windows\System\mGHxmBZ.exe
  2⤵
  PID:5684
- C:\Windows\System\wgsyNPe.exe
  C:\Windows\System\wgsyNPe.exe
  2⤵
  PID:5704
- C:\Windows\System\YgdAuHT.exe
  C:\Windows\System\YgdAuHT.exe
  2⤵
  PID:5724
- C:\Windows\System\NRLhwnv.exe
  C:\Windows\System\NRLhwnv.exe
  2⤵
  PID:5744
- C:\Windows\System\llFysYZ.exe
  C:\Windows\System\llFysYZ.exe
  2⤵
  PID:5764
- C:\Windows\System\NHsBMLI.exe
  C:\Windows\System\NHsBMLI.exe
  2⤵
  PID:5780
- C:\Windows\System\vFZnViz.exe
  C:\Windows\System\vFZnViz.exe
  2⤵
  PID:5796
- C:\Windows\System\JXlKyHq.exe
  C:\Windows\System\JXlKyHq.exe
  2⤵
  PID:5812
- C:\Windows\System\mxWYijC.exe
  C:\Windows\System\mxWYijC.exe
  2⤵
  PID:5828
- C:\Windows\System\BLCkoci.exe
  C:\Windows\System\BLCkoci.exe
  2⤵
  PID:5852
- C:\Windows\System\ifrkbDs.exe
  C:\Windows\System\ifrkbDs.exe
  2⤵
  PID:5868
- C:\Windows\System\awKPHlT.exe
  C:\Windows\System\awKPHlT.exe
  2⤵
  PID:5884
- C:\Windows\System\eorUHBw.exe
  C:\Windows\System\eorUHBw.exe
  2⤵
  PID:5900
- C:\Windows\System\LlyzvTf.exe
  C:\Windows\System\LlyzvTf.exe
  2⤵
  PID:5916
- C:\Windows\System\sTgGLRG.exe
  C:\Windows\System\sTgGLRG.exe
  2⤵
  PID:5932
- C:\Windows\System\NKxwOdj.exe
  C:\Windows\System\NKxwOdj.exe
  2⤵
  PID:5952
- C:\Windows\System\ujruqrj.exe
  C:\Windows\System\ujruqrj.exe
  2⤵
  PID:5972
- C:\Windows\System\SnqPXQJ.exe
  C:\Windows\System\SnqPXQJ.exe
  2⤵
  PID:5988
- C:\Windows\System\mIwTIBj.exe
  C:\Windows\System\mIwTIBj.exe
  2⤵
  PID:6004
- C:\Windows\System\ZpyqYlf.exe
  C:\Windows\System\ZpyqYlf.exe
  2⤵
  PID:6024
- C:\Windows\System\IrqTEpH.exe
  C:\Windows\System\IrqTEpH.exe
  2⤵
  PID:6048
- C:\Windows\System\dQQUOWa.exe
  C:\Windows\System\dQQUOWa.exe
  2⤵
  PID:6068
- C:\Windows\System\CVAxGQz.exe
  C:\Windows\System\CVAxGQz.exe
  2⤵
  PID:6084
- C:\Windows\System\kqmxwDq.exe
  C:\Windows\System\kqmxwDq.exe
  2⤵
  PID:6100
- C:\Windows\System\MQpQXzc.exe
  C:\Windows\System\MQpQXzc.exe
  2⤵
  PID:6116
- C:\Windows\System\zOzhkFR.exe
  C:\Windows\System\zOzhkFR.exe
  2⤵
  PID:6136
- C:\Windows\System\IJiJspY.exe
  C:\Windows\System\IJiJspY.exe
  2⤵
  PID:5132
- C:\Windows\System\rfoGjwC.exe
  C:\Windows\System\rfoGjwC.exe
  2⤵
  PID:5168
- C:\Windows\System\UJjXGRD.exe
  C:\Windows\System\UJjXGRD.exe
  2⤵
  PID:2996
- C:\Windows\System\RaPqbRL.exe
  C:\Windows\System\RaPqbRL.exe
  2⤵
  PID:5100
- C:\Windows\System\cDVIbVl.exe
  C:\Windows\System\cDVIbVl.exe
  2⤵
  PID:2196
- C:\Windows\System\ksJcllK.exe
  C:\Windows\System\ksJcllK.exe
  2⤵
  PID:5372
- C:\Windows\System\NSAxyRE.exe
  C:\Windows\System\NSAxyRE.exe
  2⤵
  PID:5388
- C:\Windows\System\iIcqUwk.exe
  C:\Windows\System\iIcqUwk.exe
  2⤵
  PID:5228
- C:\Windows\System\DNKLvFj.exe
  C:\Windows\System\DNKLvFj.exe
  2⤵
  PID:5416
- C:\Windows\System\CKMIxUT.exe
  C:\Windows\System\CKMIxUT.exe
  2⤵
  PID:5480
- C:\Windows\System\VDGBxVQ.exe
  C:\Windows\System\VDGBxVQ.exe
  2⤵
  PID:5464
- C:\Windows\System\GQmpdcT.exe
  C:\Windows\System\GQmpdcT.exe
  2⤵
  PID:5528
- C:\Windows\System\VHCqvvR.exe
  C:\Windows\System\VHCqvvR.exe
  2⤵
  PID:5544
- C:\Windows\System\edaFegZ.exe
  C:\Windows\System\edaFegZ.exe
  2⤵
  PID:5588
- C:\Windows\System\NDTjpeB.exe
  C:\Windows\System\NDTjpeB.exe
  2⤵
  PID:5608
- C:\Windows\System\ryIJzxy.exe
  C:\Windows\System\ryIJzxy.exe
  2⤵
  PID:5560
- C:\Windows\System\pjsXkLr.exe
  C:\Windows\System\pjsXkLr.exe
  2⤵
  PID:5584
- C:\Windows\System\UlewBGv.exe
  C:\Windows\System\UlewBGv.exe
  2⤵
  PID:5660
- C:\Windows\System\atbaLBY.exe
  C:\Windows\System\atbaLBY.exe
  2⤵
  PID:5776
- C:\Windows\System\GQiSWFG.exe
  C:\Windows\System\GQiSWFG.exe
  2⤵
  PID:5844
- C:\Windows\System\OEEuKdg.exe
  C:\Windows\System\OEEuKdg.exe
  2⤵
  PID:5912
- C:\Windows\System\zwidvhu.exe
  C:\Windows\System\zwidvhu.exe
  2⤵
  PID:5980
- C:\Windows\System\vZvgaGi.exe
  C:\Windows\System\vZvgaGi.exe
  2⤵
  PID:5712
- C:\Windows\System\DuKOgeI.exe
  C:\Windows\System\DuKOgeI.exe
  2⤵
  PID:6060
- C:\Windows\System\eyAEwRw.exe
  C:\Windows\System\eyAEwRw.exe
  2⤵
  PID:5752
- C:\Windows\System\cOHRjYr.exe
  C:\Windows\System\cOHRjYr.exe
  2⤵
  PID:2616
- C:\Windows\System\gWKkJhi.exe
  C:\Windows\System\gWKkJhi.exe
  2⤵
  PID:5820
- C:\Windows\System\OFbGsQv.exe
  C:\Windows\System\OFbGsQv.exe
  2⤵
  PID:5312
- C:\Windows\System\YHDQsnc.exe
  C:\Windows\System\YHDQsnc.exe
  2⤵
  PID:5352
- C:\Windows\System\ieahbty.exe
  C:\Windows\System\ieahbty.exe
  2⤵
  PID:5892
- C:\Windows\System\WnWlpdd.exe
  C:\Windows\System\WnWlpdd.exe
  2⤵
  PID:5220
- C:\Windows\System\SCztXNo.exe
  C:\Windows\System\SCztXNo.exe
  2⤵
  PID:5292
- C:\Windows\System\wVgjTWd.exe
  C:\Windows\System\wVgjTWd.exe
  2⤵
  PID:5360
- C:\Windows\System\AClCEec.exe
  C:\Windows\System\AClCEec.exe
  2⤵
  PID:5368
- C:\Windows\System\VRTvhyH.exe
  C:\Windows\System\VRTvhyH.exe
  2⤵
  PID:6080
- C:\Windows\System\ZWctGGY.exe
  C:\Windows\System\ZWctGGY.exe
  2⤵
  PID:5256
- C:\Windows\System\TVpCNdQ.exe
  C:\Windows\System\TVpCNdQ.exe
  2⤵
  PID:5452
- C:\Windows\System\ZFwLNfk.exe
  C:\Windows\System\ZFwLNfk.exe
  2⤵
  PID:5384
- C:\Windows\System\YtHijUM.exe
  C:\Windows\System\YtHijUM.exe
  2⤵
  PID:5404
- C:\Windows\System\JRXrDZP.exe
  C:\Windows\System\JRXrDZP.exe
  2⤵
  PID:5500
- C:\Windows\System\KGlORPH.exe
  C:\Windows\System\KGlORPH.exe
  2⤵
  PID:964
- C:\Windows\System\pVRkiCO.exe
  C:\Windows\System\pVRkiCO.exe
  2⤵
  PID:5644
- C:\Windows\System\anyeuhQ.exe
  C:\Windows\System\anyeuhQ.exe
  2⤵
  PID:5732
- C:\Windows\System\MnsqfHM.exe
  C:\Windows\System\MnsqfHM.exe
  2⤵
  PID:5836
- C:\Windows\System\mklUAvz.exe
  C:\Windows\System\mklUAvz.exe
  2⤵
  PID:5692
- C:\Windows\System\uhvchsH.exe
  C:\Windows\System\uhvchsH.exe
  2⤵
  PID:5948
- C:\Windows\System\cpSQetl.exe
  C:\Windows\System\cpSQetl.exe
  2⤵
  PID:6016
- C:\Windows\System\WTFbdkT.exe
  C:\Windows\System\WTFbdkT.exe
  2⤵
  PID:6020
- C:\Windows\System\GaRuOJE.exe
  C:\Windows\System\GaRuOJE.exe
  2⤵
  PID:6132
- C:\Windows\System\FzbEJdn.exe
  C:\Windows\System\FzbEJdn.exe
  2⤵
  PID:6128
- C:\Windows\System\oJqIjAr.exe
  C:\Windows\System\oJqIjAr.exe
  2⤵
  PID:5156
- C:\Windows\System\TAdnktC.exe
  C:\Windows\System\TAdnktC.exe
  2⤵
  PID:6112
- C:\Windows\System\XKgZavA.exe
  C:\Windows\System\XKgZavA.exe
  2⤵
  PID:5260
- C:\Windows\System\UdofSZg.exe
  C:\Windows\System\UdofSZg.exe
  2⤵
  PID:6036
- C:\Windows\System\oeCMxxq.exe
  C:\Windows\System\oeCMxxq.exe
  2⤵
  PID:5964
- C:\Windows\System\LaLArrD.exe
  C:\Windows\System\LaLArrD.exe
  2⤵
  PID:5188
- C:\Windows\System\iBMtjLW.exe
  C:\Windows\System\iBMtjLW.exe
  2⤵
  PID:6044
- C:\Windows\System\zDuJkXF.exe
  C:\Windows\System\zDuJkXF.exe
  2⤵
  PID:5624
- C:\Windows\System\HkrLPGw.exe
  C:\Windows\System\HkrLPGw.exe
  2⤵
  PID:5700
- C:\Windows\System\oGELUEf.exe
  C:\Windows\System\oGELUEf.exe
  2⤵
  PID:5944
- C:\Windows\System\gSxFFST.exe
  C:\Windows\System\gSxFFST.exe
  2⤵
  PID:5720
- C:\Windows\System\ksNHVUO.exe
  C:\Windows\System\ksNHVUO.exe
  2⤵
  PID:1968
- C:\Windows\System\jcvFPtd.exe
  C:\Windows\System\jcvFPtd.exe
  2⤵
  PID:5908
- C:\Windows\System\HQUbmjG.exe
  C:\Windows\System\HQUbmjG.exe
  2⤵
  PID:6000
- C:\Windows\System\cSPePNK.exe
  C:\Windows\System\cSPePNK.exe
  2⤵
  PID:4792
- C:\Windows\System\qZNLkoH.exe
  C:\Windows\System\qZNLkoH.exe
  2⤵
  PID:5276
- C:\Windows\System\GeMgfAl.exe
  C:\Windows\System\GeMgfAl.exe
  2⤵
  PID:1344
- C:\Windows\System\UStcKMH.exe
  C:\Windows\System\UStcKMH.exe
  2⤵
  PID:5960
- C:\Windows\System\lawRSUQ.exe
  C:\Windows\System\lawRSUQ.exe
  2⤵
  PID:5400
- C:\Windows\System\zHDRfKL.exe
  C:\Windows\System\zHDRfKL.exe
  2⤵
  PID:5600
- C:\Windows\System\Jmjxitj.exe
  C:\Windows\System\Jmjxitj.exe
  2⤵
  PID:5496
- C:\Windows\System\VBOuNkA.exe
  C:\Windows\System\VBOuNkA.exe
  2⤵
  PID:4728
- C:\Windows\System\fLEqZdv.exe
  C:\Windows\System\fLEqZdv.exe
  2⤵
  PID:1696
- C:\Windows\System\elLokrk.exe
  C:\Windows\System\elLokrk.exe
  2⤵
  PID:1564
- C:\Windows\System\zBkHSrJ.exe
  C:\Windows\System\zBkHSrJ.exe
  2⤵
  PID:5184
- C:\Windows\System\LRXuduT.exe
  C:\Windows\System\LRXuduT.exe
  2⤵
  PID:2228
- C:\Windows\System\HodKeFt.exe
  C:\Windows\System\HodKeFt.exe
  2⤵
  PID:1240
- C:\Windows\System\vwwjFMc.exe
  C:\Windows\System\vwwjFMc.exe
  2⤵
  PID:1700
- C:\Windows\System\juXgKbe.exe
  C:\Windows\System\juXgKbe.exe
  2⤵
  PID:6152
- C:\Windows\System\djkdOEx.exe
  C:\Windows\System\djkdOEx.exe
  2⤵
  PID:6188
- C:\Windows\System\UjihFXw.exe
  C:\Windows\System\UjihFXw.exe
  2⤵
  PID:6204
- C:\Windows\System\WobXbYq.exe
  C:\Windows\System\WobXbYq.exe
  2⤵
  PID:6220
- C:\Windows\System\wMuSDqE.exe
  C:\Windows\System\wMuSDqE.exe
  2⤵
  PID:6236
- C:\Windows\System\UWMEVTU.exe
  C:\Windows\System\UWMEVTU.exe
  2⤵
  PID:6252
- C:\Windows\System\udoqSHP.exe
  C:\Windows\System\udoqSHP.exe
  2⤵
  PID:6268
- C:\Windows\System\jSYiSZW.exe
  C:\Windows\System\jSYiSZW.exe
  2⤵
  PID:6296
- C:\Windows\System\zcggxeB.exe
  C:\Windows\System\zcggxeB.exe
  2⤵
  PID:6316
- C:\Windows\System\XuHGgWR.exe
  C:\Windows\System\XuHGgWR.exe
  2⤵
  PID:6348
- C:\Windows\System\cGqsqEW.exe
  C:\Windows\System\cGqsqEW.exe
  2⤵
  PID:6368
- C:\Windows\System\roEhViQ.exe
  C:\Windows\System\roEhViQ.exe
  2⤵
  PID:6384
- C:\Windows\System\JKJaGLe.exe
  C:\Windows\System\JKJaGLe.exe
  2⤵
  PID:6412
- C:\Windows\System\VIjBThR.exe
  C:\Windows\System\VIjBThR.exe
  2⤵
  PID:6428
- C:\Windows\System\dtiHHXM.exe
  C:\Windows\System\dtiHHXM.exe
  2⤵
  PID:6448
- C:\Windows\System\dilYgNU.exe
  C:\Windows\System\dilYgNU.exe
  2⤵
  PID:6464
- C:\Windows\System\OSWPSWg.exe
  C:\Windows\System\OSWPSWg.exe
  2⤵
  PID:6480
- C:\Windows\System\jiBEjXn.exe
  C:\Windows\System\jiBEjXn.exe
  2⤵
  PID:6500
- C:\Windows\System\sLFMWxw.exe
  C:\Windows\System\sLFMWxw.exe
  2⤵
  PID:6516
- C:\Windows\System\OlsGgbc.exe
  C:\Windows\System\OlsGgbc.exe
  2⤵
  PID:6532
- C:\Windows\System\uvLTrza.exe
  C:\Windows\System\uvLTrza.exe
  2⤵
  PID:6548
- C:\Windows\System\eRXdbxP.exe
  C:\Windows\System\eRXdbxP.exe
  2⤵
  PID:6564
- C:\Windows\System\ESmPdTp.exe
  C:\Windows\System\ESmPdTp.exe
  2⤵
  PID:6580
- C:\Windows\System\VUEBBoA.exe
  C:\Windows\System\VUEBBoA.exe
  2⤵
  PID:6596
- C:\Windows\System\PiJQjBO.exe
  C:\Windows\System\PiJQjBO.exe
  2⤵
  PID:6624
- C:\Windows\System\TigizXP.exe
  C:\Windows\System\TigizXP.exe
  2⤵
  PID:6668
- C:\Windows\System\jnpzazv.exe
  C:\Windows\System\jnpzazv.exe
  2⤵
  PID:6688
- C:\Windows\System\JnGJYEF.exe
  C:\Windows\System\JnGJYEF.exe
  2⤵
  PID:6704
- C:\Windows\System\CsWOGoc.exe
  C:\Windows\System\CsWOGoc.exe
  2⤵
  PID:6720
- C:\Windows\System\ZOhScMB.exe
  C:\Windows\System\ZOhScMB.exe
  2⤵
  PID:6736
- C:\Windows\System\npXrSeE.exe
  C:\Windows\System\npXrSeE.exe
  2⤵
  PID:6756
- C:\Windows\System\TypROer.exe
  C:\Windows\System\TypROer.exe
  2⤵
  PID:6788
- C:\Windows\System\rWXdZpI.exe
  C:\Windows\System\rWXdZpI.exe
  2⤵
  PID:6804
- C:\Windows\System\YnBXNzA.exe
  C:\Windows\System\YnBXNzA.exe
  2⤵
  PID:6836
- C:\Windows\System\UvHAroL.exe
  C:\Windows\System\UvHAroL.exe
  2⤵
  PID:6852
- C:\Windows\System\WcEOfEy.exe
  C:\Windows\System\WcEOfEy.exe
  2⤵
  PID:6876
- C:\Windows\System\ihFIwTL.exe
  C:\Windows\System\ihFIwTL.exe
  2⤵
  PID:6892
- C:\Windows\System\aitfpjg.exe
  C:\Windows\System\aitfpjg.exe
  2⤵
  PID:6908
- C:\Windows\System\IlBVPgB.exe
  C:\Windows\System\IlBVPgB.exe
  2⤵
  PID:6924
- C:\Windows\System\FXkenOX.exe
  C:\Windows\System\FXkenOX.exe
  2⤵
  PID:6944
- C:\Windows\System\wevPoDO.exe
  C:\Windows\System\wevPoDO.exe
  2⤵
  PID:6960
- C:\Windows\System\ZLbrqQA.exe
  C:\Windows\System\ZLbrqQA.exe
  2⤵
  PID:6976
- C:\Windows\System\qJwBovI.exe
  C:\Windows\System\qJwBovI.exe
  2⤵
  PID:6992
- C:\Windows\System\jfsxAoc.exe
  C:\Windows\System\jfsxAoc.exe
  2⤵
  PID:7008
- C:\Windows\System\lMXPXXv.exe
  C:\Windows\System\lMXPXXv.exe
  2⤵
  PID:7024
- C:\Windows\System\iOIKQXy.exe
  C:\Windows\System\iOIKQXy.exe
  2⤵
  PID:7040
- C:\Windows\System\fsTrYLf.exe
  C:\Windows\System\fsTrYLf.exe
  2⤵
  PID:7056
- C:\Windows\System\TwTOCeu.exe
  C:\Windows\System\TwTOCeu.exe
  2⤵
  PID:7072
- C:\Windows\System\LhkgWqG.exe
  C:\Windows\System\LhkgWqG.exe
  2⤵
  PID:7088
- C:\Windows\System\RmSPssn.exe
  C:\Windows\System\RmSPssn.exe
  2⤵
  PID:7156
- C:\Windows\System\oZlwXeC.exe
  C:\Windows\System\oZlwXeC.exe
  2⤵
  PID:6096
- C:\Windows\System\shTGYLb.exe
  C:\Windows\System\shTGYLb.exe
  2⤵
  PID:6164
- C:\Windows\System\aWIgRcl.exe
  C:\Windows\System\aWIgRcl.exe
  2⤵
  PID:5996
- C:\Windows\System\boLOBbN.exe
  C:\Windows\System\boLOBbN.exe
  2⤵
  PID:6180
- C:\Windows\System\XxVTDBo.exe
  C:\Windows\System\XxVTDBo.exe
  2⤵
  PID:5736
- C:\Windows\System\wOhBewb.exe
  C:\Windows\System\wOhBewb.exe
  2⤵
  PID:6244
- C:\Windows\System\nXBHZwS.exe
  C:\Windows\System\nXBHZwS.exe
  2⤵
  PID:6148
- C:\Windows\System\ayeHxCs.exe
  C:\Windows\System\ayeHxCs.exe
  2⤵
  PID:6276
- C:\Windows\System\ervhcRF.exe
  C:\Windows\System\ervhcRF.exe
  2⤵
  PID:6228
- C:\Windows\System\jthWgUE.exe
  C:\Windows\System\jthWgUE.exe
  2⤵
  PID:6196
- C:\Windows\System\hJrFVed.exe
  C:\Windows\System\hJrFVed.exe
  2⤵
  PID:6328
- C:\Windows\System\oZQlOme.exe
  C:\Windows\System\oZQlOme.exe
  2⤵
  PID:6360
- C:\Windows\System\SAmQTeC.exe
  C:\Windows\System\SAmQTeC.exe
  2⤵
  PID:6408
- C:\Windows\System\XWWYKwg.exe
  C:\Windows\System\XWWYKwg.exe
  2⤵
  PID:6460
- C:\Windows\System\DNySHbT.exe
  C:\Windows\System\DNySHbT.exe
  2⤵
  PID:6496
- C:\Windows\System\MpqunpA.exe
  C:\Windows\System\MpqunpA.exe
  2⤵
  PID:6588
- C:\Windows\System\CCRPmtI.exe
  C:\Windows\System\CCRPmtI.exe
  2⤵
  PID:6440
- C:\Windows\System\JdaxkUW.exe
  C:\Windows\System\JdaxkUW.exe
  2⤵
  PID:6608
- C:\Windows\System\mpRKUQd.exe
  C:\Windows\System\mpRKUQd.exe
  2⤵
  PID:6640
- C:\Windows\System\MbVdtBh.exe
  C:\Windows\System\MbVdtBh.exe
  2⤵
  PID:6648
- C:\Windows\System\UCXHxbi.exe
  C:\Windows\System\UCXHxbi.exe
  2⤵
  PID:6728
- C:\Windows\System\ubiypus.exe
  C:\Windows\System\ubiypus.exe
  2⤵
  PID:6732
- C:\Windows\System\Vgkajod.exe
  C:\Windows\System\Vgkajod.exe
  2⤵
  PID:6772
- C:\Windows\System\bGxADsr.exe
  C:\Windows\System\bGxADsr.exe
  2⤵
  PID:6748
- C:\Windows\System\cZBuNPz.exe
  C:\Windows\System\cZBuNPz.exe
  2⤵
  PID:6832
- C:\Windows\System\nJLiihZ.exe
  C:\Windows\System\nJLiihZ.exe
  2⤵
  PID:6868
- C:\Windows\System\shDUdoI.exe
  C:\Windows\System\shDUdoI.exe
  2⤵
  PID:6884
- C:\Windows\System\WlDwvbl.exe
  C:\Windows\System\WlDwvbl.exe
  2⤵
  PID:7064
- C:\Windows\System\GjQENdE.exe
  C:\Windows\System\GjQENdE.exe
  2⤵
  PID:6988
- C:\Windows\System\gngmWNE.exe
  C:\Windows\System\gngmWNE.exe
  2⤵
  PID:7052
- C:\Windows\System\zhfnajr.exe
  C:\Windows\System\zhfnajr.exe
  2⤵
  PID:6936
- C:\Windows\System\djEkKzC.exe
  C:\Windows\System\djEkKzC.exe
  2⤵
  PID:7000
- C:\Windows\System\LUeFrlp.exe
  C:\Windows\System\LUeFrlp.exe
  2⤵
  PID:7120
- C:\Windows\System\idKnUjh.exe
  C:\Windows\System\idKnUjh.exe
  2⤵
  PID:7136
- C:\Windows\System\KcHkZND.exe
  C:\Windows\System\KcHkZND.exe
  2⤵
  PID:7152
- C:\Windows\System\TDTQhhA.exe
  C:\Windows\System\TDTQhhA.exe
  2⤵
  PID:5740
- C:\Windows\System\PQEKoTb.exe
  C:\Windows\System\PQEKoTb.exe
  2⤵
  PID:6308
- C:\Windows\System\AdYQzOz.exe
  C:\Windows\System\AdYQzOz.exe
  2⤵
  PID:6356
- C:\Windows\System\HTiUWOh.exe
  C:\Windows\System\HTiUWOh.exe
  2⤵
  PID:5364
- C:\Windows\System\CnwqffI.exe
  C:\Windows\System\CnwqffI.exe
  2⤵
  PID:6200
- C:\Windows\System\krdLLrw.exe
  C:\Windows\System\krdLLrw.exe
  2⤵
  PID:6444
- C:\Windows\System\nFkEEJP.exe
  C:\Windows\System\nFkEEJP.exe
  2⤵
  PID:6396
- C:\Windows\System\BoLCLXL.exe
  C:\Windows\System\BoLCLXL.exe
  2⤵
  PID:6604
- C:\Windows\System\dLWlNeZ.exe
  C:\Windows\System\dLWlNeZ.exe
  2⤵
  PID:6392
- C:\Windows\System\kSrgfQt.exe
  C:\Windows\System\kSrgfQt.exe
  2⤵
  PID:1028
- C:\Windows\System\CyLWzAk.exe
  C:\Windows\System\CyLWzAk.exe
  2⤵
  PID:6620
- C:\Windows\System\jPfQYcn.exe
  C:\Windows\System\jPfQYcn.exe
  2⤵
  PID:6656
- C:\Windows\System\onQhIYB.exe
  C:\Windows\System\onQhIYB.exe
  2⤵
  PID:6680
- C:\Windows\System\SomeJoY.exe
  C:\Windows\System\SomeJoY.exe
  2⤵
  PID:6716
- C:\Windows\System\QMqyHCO.exe
  C:\Windows\System\QMqyHCO.exe
  2⤵
  PID:6860
- C:\Windows\System\HUljRcW.exe
  C:\Windows\System\HUljRcW.exe
  2⤵
  PID:5840
- C:\Windows\System\MqlCkGU.exe
  C:\Windows\System\MqlCkGU.exe
  2⤵
  PID:7020
- C:\Windows\System\GddTobP.exe
  C:\Windows\System\GddTobP.exe
  2⤵
  PID:6984
- C:\Windows\System\arccQng.exe
  C:\Windows\System\arccQng.exe
  2⤵
  PID:7032
- C:\Windows\System\sKSfiDy.exe
  C:\Windows\System\sKSfiDy.exe
  2⤵
  PID:7036
- C:\Windows\System\hoJohjK.exe
  C:\Windows\System\hoJohjK.exe
  2⤵
  PID:7116
- C:\Windows\System\AXsuafE.exe
  C:\Windows\System\AXsuafE.exe
  2⤵
  PID:5860
- C:\Windows\System\IbkHinL.exe
  C:\Windows\System\IbkHinL.exe
  2⤵
  PID:6344
- C:\Windows\System\yOUaYuo.exe
  C:\Windows\System\yOUaYuo.exe
  2⤵
  PID:6340
- C:\Windows\System\zxoQRfE.exe
  C:\Windows\System\zxoQRfE.exe
  2⤵
  PID:6436
- C:\Windows\System\aWwGKXf.exe
  C:\Windows\System\aWwGKXf.exe
  2⤵
  PID:6404
- C:\Windows\System\NjmQhRn.exe
  C:\Windows\System\NjmQhRn.exe
  2⤵
  PID:6664
- C:\Windows\System\wOTIchX.exe
  C:\Windows\System\wOTIchX.exe
  2⤵
  PID:6764
- C:\Windows\System\HdGEdkA.exe
  C:\Windows\System\HdGEdkA.exe
  2⤵
  PID:6820
- C:\Windows\System\irqQlcg.exe
  C:\Windows\System\irqQlcg.exe
  2⤵
  PID:6576
- C:\Windows\System\mJoWHgU.exe
  C:\Windows\System\mJoWHgU.exe
  2⤵
  PID:7108
- C:\Windows\System\awERgkr.exe
  C:\Windows\System\awERgkr.exe
  2⤵
  PID:6864
- C:\Windows\System\FpkbiTm.exe
  C:\Windows\System\FpkbiTm.exe
  2⤵
  PID:7132
- C:\Windows\System\mRZqEVf.exe
  C:\Windows\System\mRZqEVf.exe
  2⤵
  PID:6292
- C:\Windows\System\NaTRiuM.exe
  C:\Windows\System\NaTRiuM.exe
  2⤵
  PID:6176
- C:\Windows\System\mAgdEqs.exe
  C:\Windows\System\mAgdEqs.exe
  2⤵
  PID:6456
- C:\Windows\System\XENPggp.exe
  C:\Windows\System\XENPggp.exe
  2⤵
  PID:6816
- C:\Windows\System\wvxXkeC.exe
  C:\Windows\System\wvxXkeC.exe
  2⤵
  PID:6700
- C:\Windows\System\RxcRCIR.exe
  C:\Windows\System\RxcRCIR.exe
  2⤵
  PID:6420
- C:\Windows\System\SkWyINj.exe
  C:\Windows\System\SkWyINj.exe
  2⤵
  PID:6920
- C:\Windows\System\MnZtUCf.exe
  C:\Windows\System\MnZtUCf.exe
  2⤵
  PID:6848
- C:\Windows\System\OylcUhL.exe
  C:\Windows\System\OylcUhL.exe
  2⤵
  PID:6304
- C:\Windows\System\fbXxskr.exe
  C:\Windows\System\fbXxskr.exe
  2⤵
  PID:2728
- C:\Windows\System\XJuubFQ.exe
  C:\Windows\System\XJuubFQ.exe
  2⤵
  PID:6636
- C:\Windows\System\MIOMQGb.exe
  C:\Windows\System\MIOMQGb.exe
  2⤵
  PID:6616
- C:\Windows\System\MgLtJrG.exe
  C:\Windows\System\MgLtJrG.exe
  2⤵
  PID:7100
- C:\Windows\System\yKTXQjC.exe
  C:\Windows\System\yKTXQjC.exe
  2⤵
  PID:6768
- C:\Windows\System\uNhRHnx.exe
  C:\Windows\System\uNhRHnx.exe
  2⤵
  PID:7180
- C:\Windows\System\wzDWSss.exe
  C:\Windows\System\wzDWSss.exe
  2⤵
  PID:7232
- C:\Windows\System\WBImwlq.exe
  C:\Windows\System\WBImwlq.exe
  2⤵
  PID:7248
- C:\Windows\System\JmESRwU.exe
  C:\Windows\System\JmESRwU.exe
  2⤵
  PID:7268
- C:\Windows\System\cYGGtFR.exe
  C:\Windows\System\cYGGtFR.exe
  2⤵
  PID:7288
- C:\Windows\System\RfacUxp.exe
  C:\Windows\System\RfacUxp.exe
  2⤵
  PID:7304
- C:\Windows\System\YDHhagG.exe
  C:\Windows\System\YDHhagG.exe
  2⤵
  PID:7320
- C:\Windows\System\YMgJSYi.exe
  C:\Windows\System\YMgJSYi.exe
  2⤵
  PID:7336
- C:\Windows\System\vWWJpDQ.exe
  C:\Windows\System\vWWJpDQ.exe
  2⤵
  PID:7352
- C:\Windows\System\DxrqxdD.exe
  C:\Windows\System\DxrqxdD.exe
  2⤵
  PID:7368
- C:\Windows\System\IJEGCyX.exe
  C:\Windows\System\IJEGCyX.exe
  2⤵
  PID:7388
- C:\Windows\System\GYnfOSe.exe
  C:\Windows\System\GYnfOSe.exe
  2⤵
  PID:7408
- C:\Windows\System\kJUoadi.exe
  C:\Windows\System\kJUoadi.exe
  2⤵
  PID:7452
- C:\Windows\System\cMtyVKi.exe
  C:\Windows\System\cMtyVKi.exe
  2⤵
  PID:7468
- C:\Windows\System\ZDQKxZI.exe
  C:\Windows\System\ZDQKxZI.exe
  2⤵
  PID:7488
- C:\Windows\System\nROmSGt.exe
  C:\Windows\System\nROmSGt.exe
  2⤵
  PID:7504
- C:\Windows\System\aocUxcX.exe
  C:\Windows\System\aocUxcX.exe
  2⤵
  PID:7520
- C:\Windows\System\SzTvIhj.exe
  C:\Windows\System\SzTvIhj.exe
  2⤵
  PID:7536
- C:\Windows\System\KKkrezl.exe
  C:\Windows\System\KKkrezl.exe
  2⤵
  PID:7556
- C:\Windows\System\iVgyJZb.exe
  C:\Windows\System\iVgyJZb.exe
  2⤵
  PID:7572
- C:\Windows\System\gYsuIkE.exe
  C:\Windows\System\gYsuIkE.exe
  2⤵
  PID:7592
- C:\Windows\System\mqRwFBs.exe
  C:\Windows\System\mqRwFBs.exe
  2⤵
  PID:7636
- C:\Windows\System\cOuEKhX.exe
  C:\Windows\System\cOuEKhX.exe
  2⤵
  PID:7652
- C:\Windows\System\tHxcwIy.exe
  C:\Windows\System\tHxcwIy.exe
  2⤵
  PID:7668
- C:\Windows\System\gSotRCA.exe
  C:\Windows\System\gSotRCA.exe
  2⤵
  PID:7688
- C:\Windows\System\ZDPgEkv.exe
  C:\Windows\System\ZDPgEkv.exe
  2⤵
  PID:7704
- C:\Windows\System\HgJfDpp.exe
  C:\Windows\System\HgJfDpp.exe
  2⤵
  PID:7724
- C:\Windows\System\FQMLGrc.exe
  C:\Windows\System\FQMLGrc.exe
  2⤵
  PID:7740
- C:\Windows\System\oxoVFVG.exe
  C:\Windows\System\oxoVFVG.exe
  2⤵
  PID:7756
- C:\Windows\System\octczML.exe
  C:\Windows\System\octczML.exe
  2⤵
  PID:7772
- C:\Windows\System\LfFccMj.exe
  C:\Windows\System\LfFccMj.exe
  2⤵
  PID:7788
- C:\Windows\System\HuyUqmt.exe
  C:\Windows\System\HuyUqmt.exe
  2⤵
  PID:7808
- C:\Windows\System\XBsCQVf.exe
  C:\Windows\System\XBsCQVf.exe
  2⤵
  PID:7856
- C:\Windows\System\hFhFXNx.exe
  C:\Windows\System\hFhFXNx.exe
  2⤵
  PID:7872
- C:\Windows\System\luLPIxk.exe
  C:\Windows\System\luLPIxk.exe
  2⤵
  PID:7888
- C:\Windows\System\yuNCTMb.exe
  C:\Windows\System\yuNCTMb.exe
  2⤵
  PID:7904
- C:\Windows\System\KPfhzBy.exe
  C:\Windows\System\KPfhzBy.exe
  2⤵
  PID:7920
- C:\Windows\System\JNFCaaL.exe
  C:\Windows\System\JNFCaaL.exe
  2⤵
  PID:7940
- C:\Windows\System\GIFaJPJ.exe
  C:\Windows\System\GIFaJPJ.exe
  2⤵
  PID:7960
- C:\Windows\System\OMWnEte.exe
  C:\Windows\System\OMWnEte.exe
  2⤵
  PID:7988
- C:\Windows\System\eDdFesE.exe
  C:\Windows\System\eDdFesE.exe
  2⤵
  PID:8004
- C:\Windows\System\jKcOTzX.exe
  C:\Windows\System\jKcOTzX.exe
  2⤵
  PID:8020
- C:\Windows\System\jZLXLWa.exe
  C:\Windows\System\jZLXLWa.exe
  2⤵
  PID:8036
- C:\Windows\System\HlJRpUi.exe
  C:\Windows\System\HlJRpUi.exe
  2⤵
  PID:8052
- C:\Windows\System\vsgrVfg.exe
  C:\Windows\System\vsgrVfg.exe
  2⤵
  PID:8100
- C:\Windows\System\fEdHhWi.exe
  C:\Windows\System\fEdHhWi.exe
  2⤵
  PID:8116
- C:\Windows\System\QwsZrKJ.exe
  C:\Windows\System\QwsZrKJ.exe
  2⤵
  PID:8132
- C:\Windows\System\FhrEpYl.exe
  C:\Windows\System\FhrEpYl.exe
  2⤵
  PID:8148
- C:\Windows\System\hNRUMZL.exe
  C:\Windows\System\hNRUMZL.exe
  2⤵
  PID:8164
- C:\Windows\System\ipGIAcw.exe
  C:\Windows\System\ipGIAcw.exe
  2⤵
  PID:8184
- C:\Windows\System\fWmkvkL.exe
  C:\Windows\System\fWmkvkL.exe
  2⤵
  PID:6424
- C:\Windows\System\YyRdcNg.exe
  C:\Windows\System\YyRdcNg.exe
  2⤵
  PID:6952
- C:\Windows\System\WGuOWGk.exe
  C:\Windows\System\WGuOWGk.exe
  2⤵
  PID:7104
- C:\Windows\System\SPJLOIO.exe
  C:\Windows\System\SPJLOIO.exe
  2⤵
  PID:7200
- C:\Windows\System\qQXBdQU.exe
  C:\Windows\System\qQXBdQU.exe
  2⤵
  PID:7224
- C:\Windows\System\IquujmC.exe
  C:\Windows\System\IquujmC.exe
  2⤵
  PID:7280
- C:\Windows\System\OpFbJJi.exe
  C:\Windows\System\OpFbJJi.exe
  2⤵
  PID:7360
- C:\Windows\System\zpiUMaW.exe
  C:\Windows\System\zpiUMaW.exe
  2⤵
  PID:7396
- C:\Windows\System\nIbtgkE.exe
  C:\Windows\System\nIbtgkE.exe
  2⤵
  PID:7316
- C:\Windows\System\FPONTWI.exe
  C:\Windows\System\FPONTWI.exe
  2⤵
  PID:7348
- C:\Windows\System\pZdoaFx.exe
  C:\Windows\System\pZdoaFx.exe
  2⤵
  PID:7416
- C:\Windows\System\JQQoQBb.exe
  C:\Windows\System\JQQoQBb.exe
  2⤵
  PID:7440
- C:\Windows\System\cYaeEdK.exe
  C:\Windows\System\cYaeEdK.exe
  2⤵
  PID:7464
- C:\Windows\System\XEacfAh.exe
  C:\Windows\System\XEacfAh.exe
  2⤵
  PID:7512
- C:\Windows\System\uUYnaOv.exe
  C:\Windows\System\uUYnaOv.exe
  2⤵
  PID:7580
- C:\Windows\System\TNFPAMN.exe
  C:\Windows\System\TNFPAMN.exe
  2⤵
  PID:7532
- C:\Windows\System\yYLfhjS.exe
  C:\Windows\System\yYLfhjS.exe
  2⤵
  PID:7612
- C:\Windows\System\Wguevqe.exe
  C:\Windows\System\Wguevqe.exe
  2⤵
  PID:7664
- C:\Windows\System\AeTbZJd.exe
  C:\Windows\System\AeTbZJd.exe
  2⤵
  PID:7732
- C:\Windows\System\EBiFBxq.exe
  C:\Windows\System\EBiFBxq.exe
  2⤵
  PID:7796
- C:\Windows\System\XXhrbdz.exe
  C:\Windows\System\XXhrbdz.exe
  2⤵
  PID:7752
- C:\Windows\System\DrvCBJz.exe
  C:\Windows\System\DrvCBJz.exe
  2⤵
  PID:7832
- C:\Windows\System\RvluyiL.exe
  C:\Windows\System\RvluyiL.exe
  2⤵
  PID:7720
- C:\Windows\System\PsLcTHo.exe
  C:\Windows\System\PsLcTHo.exe
  2⤵
  PID:7852
- C:\Windows\System\QEOBbWn.exe
  C:\Windows\System\QEOBbWn.exe
  2⤵
  PID:7896
- C:\Windows\System\vvqFujC.exe
  C:\Windows\System\vvqFujC.exe
  2⤵
  PID:7936
- C:\Windows\System\HRmHxnW.exe
  C:\Windows\System\HRmHxnW.exe
  2⤵
  PID:7880
- C:\Windows\System\ERFSuwd.exe
  C:\Windows\System\ERFSuwd.exe
  2⤵
  PID:7996
- C:\Windows\System\PJyGMRa.exe
  C:\Windows\System\PJyGMRa.exe
  2⤵
  PID:8028
- C:\Windows\System\hirPIHi.exe
  C:\Windows\System\hirPIHi.exe
  2⤵
  PID:8080
- C:\Windows\System\UuAXNDY.exe
  C:\Windows\System\UuAXNDY.exe
  2⤵
  PID:8084
- C:\Windows\System\VCDidKR.exe
  C:\Windows\System\VCDidKR.exe
  2⤵
  PID:8140
- C:\Windows\System\rJzVzFe.exe
  C:\Windows\System\rJzVzFe.exe
  2⤵
  PID:7172
- C:\Windows\System\LIBPdoC.exe
  C:\Windows\System\LIBPdoC.exe
  2⤵
  PID:7204
- C:\Windows\System\WfVxZiT.exe
  C:\Windows\System\WfVxZiT.exe
  2⤵
  PID:6796
- C:\Windows\System\DhJwzDV.exe
  C:\Windows\System\DhJwzDV.exe
  2⤵
  PID:7276
- C:\Windows\System\iHacyvh.exe
  C:\Windows\System\iHacyvh.exe
  2⤵
  PID:8156
- C:\Windows\System\tekKPGV.exe
  C:\Windows\System\tekKPGV.exe
  2⤵
  PID:5924
- C:\Windows\System\NTNYEKj.exe
  C:\Windows\System\NTNYEKj.exe
  2⤵
  PID:7332
- C:\Windows\System\cBUrQjr.exe
  C:\Windows\System\cBUrQjr.exe
  2⤵
  PID:7428
- C:\Windows\System\aaCfmVL.exe
  C:\Windows\System\aaCfmVL.exe
  2⤵
  PID:2572
- C:\Windows\System\TBnHJLe.exe
  C:\Windows\System\TBnHJLe.exe
  2⤵
  PID:7496
- C:\Windows\System\acQPGtu.exe
  C:\Windows\System\acQPGtu.exe
  2⤵
  PID:7628
- C:\Windows\System\mKdtgSw.exe
  C:\Windows\System\mKdtgSw.exe
  2⤵
  PID:7544
- C:\Windows\System\jMrBZBo.exe
  C:\Windows\System\jMrBZBo.exe
  2⤵
  PID:7624
- C:\Windows\System\fYEbVll.exe
  C:\Windows\System\fYEbVll.exe
  2⤵
  PID:7696
- C:\Windows\System\GRAUMii.exe
  C:\Windows\System\GRAUMii.exe
  2⤵
  PID:7700
- C:\Windows\System\NTVIQOZ.exe
  C:\Windows\System\NTVIQOZ.exe
  2⤵
  PID:7748
- C:\Windows\System\NLDdfmu.exe
  C:\Windows\System\NLDdfmu.exe
  2⤵
  PID:7868
- C:\Windows\System\djhrPTZ.exe
  C:\Windows\System\djhrPTZ.exe
  2⤵
  PID:7972
- C:\Windows\System\MwKZnmq.exe
  C:\Windows\System\MwKZnmq.exe
  2⤵
  PID:7956
- C:\Windows\System\KXzKnbB.exe
  C:\Windows\System\KXzKnbB.exe
  2⤵
  PID:8064
- C:\Windows\System\yEZSVYF.exe
  C:\Windows\System\yEZSVYF.exe
  2⤵
  PID:8072
- C:\Windows\System\BJvsoNh.exe
  C:\Windows\System\BJvsoNh.exe
  2⤵
  PID:7208
- C:\Windows\System\mWWkaQV.exe
  C:\Windows\System\mWWkaQV.exe
  2⤵
  PID:7240
- C:\Windows\System\zvwwCMB.exe
  C:\Windows\System\zvwwCMB.exe
  2⤵
  PID:6612
- C:\Windows\System\BQcVTnr.exe
  C:\Windows\System\BQcVTnr.exe
  2⤵
  PID:6472
- C:\Windows\System\EWsyiLP.exe
  C:\Windows\System\EWsyiLP.exe
  2⤵
  PID:7404
- C:\Windows\System\OfYWJMi.exe
  C:\Windows\System\OfYWJMi.exe
  2⤵
  PID:7296
- C:\Windows\System\EIaHkjL.exe
  C:\Windows\System\EIaHkjL.exe
  2⤵
  PID:7460
- C:\Windows\System\VXOhDZb.exe
  C:\Windows\System\VXOhDZb.exe
  2⤵
  PID:7900
- C:\Windows\System\hOQYfvi.exe
  C:\Windows\System\hOQYfvi.exe
  2⤵
  PID:8048
- C:\Windows\System\XtyUNzW.exe
  C:\Windows\System\XtyUNzW.exe
  2⤵
  PID:7712
- C:\Windows\System\SXgcftZ.exe
  C:\Windows\System\SXgcftZ.exe
  2⤵
  PID:7912
- C:\Windows\System\svqWiVb.exe
  C:\Windows\System\svqWiVb.exe
  2⤵
  PID:8172
- C:\Windows\System\XILIKxi.exe
  C:\Windows\System\XILIKxi.exe
  2⤵
  PID:8176
- C:\Windows\System\LBiQXBL.exe
  C:\Windows\System\LBiQXBL.exe
  2⤵
  PID:7424
- C:\Windows\System\RaEaAye.exe
  C:\Windows\System\RaEaAye.exe
  2⤵
  PID:1552
- C:\Windows\System\SIeDoix.exe
  C:\Windows\System\SIeDoix.exe
  2⤵
  PID:7260
- C:\Windows\System\AUOhIzI.exe
  C:\Windows\System\AUOhIzI.exe
  2⤵
  PID:7216
- C:\Windows\System\JiccqGw.exe
  C:\Windows\System\JiccqGw.exe
  2⤵
  PID:7660
- C:\Windows\System\GUvbMHX.exe
  C:\Windows\System\GUvbMHX.exe
  2⤵
  PID:8180
- C:\Windows\System\dOqYXgt.exe
  C:\Windows\System\dOqYXgt.exe
  2⤵
  PID:7620
- C:\Windows\System\KxIhYLr.exe
  C:\Windows\System\KxIhYLr.exe
  2⤵
  PID:7820
- C:\Windows\System\EuVzgZH.exe
  C:\Windows\System\EuVzgZH.exe
  2⤵
  PID:7608
- C:\Windows\System\bgguTSm.exe
  C:\Windows\System\bgguTSm.exe
  2⤵
  PID:7948
- C:\Windows\System\ILFTlMk.exe
  C:\Windows\System\ILFTlMk.exe
  2⤵
  PID:7828
- C:\Windows\System\yGISlxF.exe
  C:\Windows\System\yGISlxF.exe
  2⤵
  PID:8012
- C:\Windows\System\hlMqDGD.exe
  C:\Windows\System\hlMqDGD.exe
  2⤵
  PID:7768
- C:\Windows\System\NePfPpY.exe
  C:\Windows\System\NePfPpY.exe
  2⤵
  PID:8196
- C:\Windows\System\SPMRmqC.exe
  C:\Windows\System\SPMRmqC.exe
  2⤵
  PID:8212
- C:\Windows\System\nFJFFcL.exe
  C:\Windows\System\nFJFFcL.exe
  2⤵
  PID:8256
- C:\Windows\System\SbJFRwN.exe
  C:\Windows\System\SbJFRwN.exe
  2⤵
  PID:8272
- C:\Windows\System\kbPHRXQ.exe
  C:\Windows\System\kbPHRXQ.exe
  2⤵
  PID:8288
- C:\Windows\System\ueoweSO.exe
  C:\Windows\System\ueoweSO.exe
  2⤵
  PID:8304
- C:\Windows\System\TXBozlY.exe
  C:\Windows\System\TXBozlY.exe
  2⤵
  PID:8320
- C:\Windows\System\WVULPOv.exe
  C:\Windows\System\WVULPOv.exe
  2⤵
  PID:8336
- C:\Windows\System\ueziHve.exe
  C:\Windows\System\ueziHve.exe
  2⤵
  PID:8352
- C:\Windows\System\EgCfLFM.exe
  C:\Windows\System\EgCfLFM.exe
  2⤵
  PID:8380
- C:\Windows\System\AVtWgZl.exe
  C:\Windows\System\AVtWgZl.exe
  2⤵
  PID:8400
- C:\Windows\System\MaqwibR.exe
  C:\Windows\System\MaqwibR.exe
  2⤵
  PID:8420
- C:\Windows\System\SHDTjsN.exe
  C:\Windows\System\SHDTjsN.exe
  2⤵
  PID:8440
- C:\Windows\System\nigWErZ.exe
  C:\Windows\System\nigWErZ.exe
  2⤵
  PID:8468
- C:\Windows\System\QvjitXf.exe
  C:\Windows\System\QvjitXf.exe
  2⤵
  PID:8484
- C:\Windows\System\qPtObHU.exe
  C:\Windows\System\qPtObHU.exe
  2⤵
  PID:8504
- C:\Windows\System\aPHQHYQ.exe
  C:\Windows\System\aPHQHYQ.exe
  2⤵
  PID:8536
- C:\Windows\System\ppfRcBU.exe
  C:\Windows\System\ppfRcBU.exe
  2⤵
  PID:8560
- C:\Windows\System\MRBAesz.exe
  C:\Windows\System\MRBAesz.exe
  2⤵
  PID:8576
- C:\Windows\System\yCEyGWK.exe
  C:\Windows\System\yCEyGWK.exe
  2⤵
  PID:8592
- C:\Windows\System\JwvpwGu.exe
  C:\Windows\System\JwvpwGu.exe
  2⤵
  PID:8612
- C:\Windows\System\EqjHDCc.exe
  C:\Windows\System\EqjHDCc.exe
  2⤵
  PID:8628
- C:\Windows\System\aKpyNaV.exe
  C:\Windows\System\aKpyNaV.exe
  2⤵
  PID:8660
- C:\Windows\System\uCCqUzk.exe
  C:\Windows\System\uCCqUzk.exe
  2⤵
  PID:8676
- C:\Windows\System\BGWulDZ.exe
  C:\Windows\System\BGWulDZ.exe
  2⤵
  PID:8692
- C:\Windows\System\LtkUpXM.exe
  C:\Windows\System\LtkUpXM.exe
  2⤵
  PID:8712
- C:\Windows\System\kcJTSfO.exe
  C:\Windows\System\kcJTSfO.exe
  2⤵
  PID:8728
- C:\Windows\System\qfyrlUp.exe
  C:\Windows\System\qfyrlUp.exe
  2⤵
  PID:8752
- C:\Windows\System\UNuUdfu.exe
  C:\Windows\System\UNuUdfu.exe
  2⤵
  PID:8772
- C:\Windows\System\qsKVKOn.exe
  C:\Windows\System\qsKVKOn.exe
  2⤵
  PID:8792
- C:\Windows\System\gqVMeTd.exe
  C:\Windows\System\gqVMeTd.exe
  2⤵
  PID:8812
- C:\Windows\System\RYQvpoT.exe
  C:\Windows\System\RYQvpoT.exe
  2⤵
  PID:8836
- C:\Windows\System\pTJmGCM.exe
  C:\Windows\System\pTJmGCM.exe
  2⤵
  PID:8852
- C:\Windows\System\aYFsBxY.exe
  C:\Windows\System\aYFsBxY.exe
  2⤵
  PID:8884
- C:\Windows\System\TzRwECc.exe
  C:\Windows\System\TzRwECc.exe
  2⤵
  PID:8904
- C:\Windows\System\cqPPGqa.exe
  C:\Windows\System\cqPPGqa.exe
  2⤵
  PID:8920
- C:\Windows\System\BWUYuir.exe
  C:\Windows\System\BWUYuir.exe
  2⤵
  PID:8940
- C:\Windows\System\GWiNqms.exe
  C:\Windows\System\GWiNqms.exe
  2⤵
  PID:8960
- C:\Windows\System\FrZDIIU.exe
  C:\Windows\System\FrZDIIU.exe
  2⤵
  PID:8976
- C:\Windows\System\kAjuKMF.exe
  C:\Windows\System\kAjuKMF.exe
  2⤵
  PID:9004
- C:\Windows\System\lFIaCiM.exe
  C:\Windows\System\lFIaCiM.exe
  2⤵
  PID:9028
- C:\Windows\System\kwLFWzj.exe
  C:\Windows\System\kwLFWzj.exe
  2⤵
  PID:9044
- C:\Windows\System\rJYvsEP.exe
  C:\Windows\System\rJYvsEP.exe
  2⤵
  PID:9060
- C:\Windows\System\fCJoVvT.exe
  C:\Windows\System\fCJoVvT.exe
  2⤵
  PID:9088
- C:\Windows\System\KoUtXbF.exe
  C:\Windows\System\KoUtXbF.exe
  2⤵
  PID:9112
- C:\Windows\System\JtIErVw.exe
  C:\Windows\System\JtIErVw.exe
  2⤵
  PID:9132
- C:\Windows\System\zUzNPID.exe
  C:\Windows\System\zUzNPID.exe
  2⤵
  PID:9152
- C:\Windows\System\wnLHvlS.exe
  C:\Windows\System\wnLHvlS.exe
  2⤵
  PID:9168
- C:\Windows\System\ZcuNPjz.exe
  C:\Windows\System\ZcuNPjz.exe
  2⤵
  PID:9188
- C:\Windows\System\bBzrkhn.exe
  C:\Windows\System\bBzrkhn.exe
  2⤵
  PID:9208
- C:\Windows\System\VYOLBBy.exe
  C:\Windows\System\VYOLBBy.exe
  2⤵
  PID:7528
- C:\Windows\System\tMoUvqq.exe
  C:\Windows\System\tMoUvqq.exe
  2⤵
  PID:8232
- C:\Windows\System\eKpeUjj.exe
  C:\Windows\System\eKpeUjj.exe
  2⤵
  PID:8316
- C:\Windows\System\uXFontv.exe
  C:\Windows\System\uXFontv.exe
  2⤵
  PID:8392
- C:\Windows\System\SGYlPrx.exe
  C:\Windows\System\SGYlPrx.exe
  2⤵
  PID:8364
- C:\Windows\System\rIjgNfk.exe
  C:\Windows\System\rIjgNfk.exe
  2⤵
  PID:8332
- C:\Windows\System\fDMJiJW.exe
  C:\Windows\System\fDMJiJW.exe
  2⤵
  PID:8452
- C:\Windows\System\lyoUdga.exe
  C:\Windows\System\lyoUdga.exe
  2⤵
  PID:8412
- C:\Windows\System\buSBpKM.exe
  C:\Windows\System\buSBpKM.exe
  2⤵
  PID:8368
- C:\Windows\System\kTcopvI.exe
  C:\Windows\System\kTcopvI.exe
  2⤵
  PID:8544
- C:\Windows\System\aYKOpra.exe
  C:\Windows\System\aYKOpra.exe
  2⤵
  PID:8556
- C:\Windows\System\SVIUHAk.exe
  C:\Windows\System\SVIUHAk.exe
  2⤵
  PID:8588
- C:\Windows\System\mZrumDd.exe
  C:\Windows\System\mZrumDd.exe
  2⤵
  PID:8624
- C:\Windows\System\ClkYwyt.exe
  C:\Windows\System\ClkYwyt.exe
  2⤵
  PID:8652
- C:\Windows\System\mpRzQmZ.exe
  C:\Windows\System\mpRzQmZ.exe
  2⤵
  PID:8672
- C:\Windows\System\UHbllBa.exe
  C:\Windows\System\UHbllBa.exe
  2⤵
  PID:8760
- C:\Windows\System\KcLodIp.exe
  C:\Windows\System\KcLodIp.exe
  2⤵
  PID:8848
- C:\Windows\System\wShZApV.exe
  C:\Windows\System\wShZApV.exe
  2⤵
  PID:8828
- C:\Windows\System\JjKgRka.exe
  C:\Windows\System\JjKgRka.exe
  2⤵
  PID:8788
- C:\Windows\System\XkjJCAr.exe
  C:\Windows\System\XkjJCAr.exe
  2⤵
  PID:8784
- C:\Windows\System\zDUjoDF.exe
  C:\Windows\System\zDUjoDF.exe
  2⤵
  PID:8860
- C:\Windows\System\qPbrnCi.exe
  C:\Windows\System\qPbrnCi.exe
  2⤵
  PID:8900
- C:\Windows\System\oSgbwLb.exe
  C:\Windows\System\oSgbwLb.exe
  2⤵
  PID:8916
- C:\Windows\System\GNABNiM.exe
  C:\Windows\System\GNABNiM.exe
  2⤵
  PID:8972
- C:\Windows\System\vdoLWIe.exe
  C:\Windows\System\vdoLWIe.exe
  2⤵
  PID:8996
- C:\Windows\System\xgMenJR.exe
  C:\Windows\System\xgMenJR.exe
  2⤵
  PID:9016
- C:\Windows\System\kSTuXrp.exe
  C:\Windows\System\kSTuXrp.exe
  2⤵
  PID:9068
- C:\Windows\System\KBaBppX.exe
  C:\Windows\System\KBaBppX.exe
  2⤵
  PID:9084
- C:\Windows\System\sZdGFGY.exe
  C:\Windows\System\sZdGFGY.exe
  2⤵
  PID:9120
- C:\Windows\System\yHiVOsh.exe
  C:\Windows\System\yHiVOsh.exe
  2⤵
  PID:9164
- C:\Windows\System\XErKNam.exe
  C:\Windows\System\XErKNam.exe
  2⤵
  PID:9196
- C:\Windows\System\EhqmLQC.exe
  C:\Windows\System\EhqmLQC.exe
  2⤵
  PID:8264
- C:\Windows\System\vhGZAQO.exe
  C:\Windows\System\vhGZAQO.exe
  2⤵
  PID:8388
- C:\Windows\System\rFFVlBy.exe
  C:\Windows\System\rFFVlBy.exe
  2⤵
  PID:8480
- C:\Windows\System\RcngYlD.exe
  C:\Windows\System\RcngYlD.exe
  2⤵
  PID:8500
- C:\Windows\System\pQsqlRC.exe
  C:\Windows\System\pQsqlRC.exe
  2⤵
  PID:8372
- C:\Windows\System\wzYDyJM.exe
  C:\Windows\System\wzYDyJM.exe
  2⤵
  PID:8524
- C:\Windows\System\WAvIZdX.exe
  C:\Windows\System\WAvIZdX.exe
  2⤵
  PID:8548
- C:\Windows\System\SePMTXB.exe
  C:\Windows\System\SePMTXB.exe
  2⤵
  PID:8636
- C:\Windows\System\NFdouMJ.exe
  C:\Windows\System\NFdouMJ.exe
  2⤵
  PID:8688
- C:\Windows\System\oqDXIEA.exe
  C:\Windows\System\oqDXIEA.exe
  2⤵
  PID:8648
- C:\Windows\System\qzGZcFd.exe
  C:\Windows\System\qzGZcFd.exe
  2⤵
  PID:8864
- C:\Windows\System\UwJIYWo.exe
  C:\Windows\System\UwJIYWo.exe
  2⤵
  PID:8956
- C:\Windows\System\snpyEZw.exe
  C:\Windows\System\snpyEZw.exe
  2⤵
  PID:9052
- C:\Windows\System\vePHrrZ.exe
  C:\Windows\System\vePHrrZ.exe
  2⤵
  PID:8280
- C:\Windows\System\SRIUPzW.exe
  C:\Windows\System\SRIUPzW.exe
  2⤵
  PID:8880
- C:\Windows\System\bSZEtAo.exe
  C:\Windows\System\bSZEtAo.exe
  2⤵
  PID:9024
- C:\Windows\System\ojFBOLu.exe
  C:\Windows\System\ojFBOLu.exe
  2⤵
  PID:9012
- C:\Windows\System\saetHZe.exe
  C:\Windows\System\saetHZe.exe
  2⤵
  PID:8224
- C:\Windows\System\tBvqBsb.exe
  C:\Windows\System\tBvqBsb.exe
  2⤵
  PID:8228
- C:\Windows\System\pRWLBsJ.exe
  C:\Windows\System\pRWLBsJ.exe
  2⤵
  PID:8432
- C:\Windows\System\NfPQdQs.exe
  C:\Windows\System\NfPQdQs.exe
  2⤵
  PID:8512
- C:\Windows\System\aWCEfSb.exe
  C:\Windows\System\aWCEfSb.exe
  2⤵
  PID:8460
- C:\Windows\System\OZkQAca.exe
  C:\Windows\System\OZkQAca.exe
  2⤵
  PID:8516
- C:\Windows\System\DTJjwcy.exe
  C:\Windows\System\DTJjwcy.exe
  2⤵
  PID:8608
- C:\Windows\System\hddDppL.exe
  C:\Windows\System\hddDppL.exe
  2⤵
  PID:8844
- C:\Windows\System\KqHkTZJ.exe
  C:\Windows\System\KqHkTZJ.exe
  2⤵
  PID:8928
- C:\Windows\System\FqkjztV.exe
  C:\Windows\System\FqkjztV.exe
  2⤵
  PID:9100
- C:\Windows\System\FiJtwVn.exe
  C:\Windows\System\FiJtwVn.exe
  2⤵
  PID:9140
- C:\Windows\System\cpicxhD.exe
  C:\Windows\System\cpicxhD.exe
  2⤵
  PID:9160
- C:\Windows\System\ajYgfAY.exe
  C:\Windows\System\ajYgfAY.exe
  2⤵
  PID:8348
- C:\Windows\System\scvmLIR.exe
  C:\Windows\System\scvmLIR.exe
  2⤵
  PID:8656
- C:\Windows\System\kDdYNik.exe
  C:\Windows\System\kDdYNik.exe
  2⤵
  PID:8416
- C:\Windows\System\qMnxxjr.exe
  C:\Windows\System\qMnxxjr.exe
  2⤵
  PID:8876
- C:\Windows\System\uEBqumM.exe
  C:\Windows\System\uEBqumM.exe
  2⤵
  PID:8736
- C:\Windows\System\AssFqSZ.exe
  C:\Windows\System\AssFqSZ.exe
  2⤵
  PID:8584
- C:\Windows\System\sPQrIXg.exe
  C:\Windows\System\sPQrIXg.exe
  2⤵
  PID:8952
- C:\Windows\System\EtAhkBw.exe
  C:\Windows\System\EtAhkBw.exe
  2⤵
  PID:8300
- C:\Windows\System\UBwvete.exe
  C:\Windows\System\UBwvete.exe
  2⤵
  PID:9076
- C:\Windows\System\xCOUNFH.exe
  C:\Windows\System\xCOUNFH.exe
  2⤵
  PID:8492
- C:\Windows\System\gQiXUfb.exe
  C:\Windows\System\gQiXUfb.exe
  2⤵
  PID:8376
- C:\Windows\System\pSoPmaU.exe
  C:\Windows\System\pSoPmaU.exe
  2⤵
  PID:9056
- C:\Windows\System\jVUMLNX.exe
  C:\Windows\System\jVUMLNX.exe
  2⤵
  PID:8240
- C:\Windows\System\dJRqBPS.exe
  C:\Windows\System\dJRqBPS.exe
  2⤵
  PID:8748
- C:\Windows\System\SybzqGS.exe
  C:\Windows\System\SybzqGS.exe
  2⤵
  PID:8644
- C:\Windows\System\QlPguYi.exe
  C:\Windows\System\QlPguYi.exe
  2⤵
  PID:9144
- C:\Windows\System\vJRLqdV.exe
  C:\Windows\System\vJRLqdV.exe
  2⤵
  PID:9232
- C:\Windows\System\zgkVfnt.exe
  C:\Windows\System\zgkVfnt.exe
  2⤵
  PID:9256
- C:\Windows\System\yrgPFUk.exe
  C:\Windows\System\yrgPFUk.exe
  2⤵
  PID:9280
- C:\Windows\System\PscHgau.exe
  C:\Windows\System\PscHgau.exe
  2⤵
  PID:9296
- C:\Windows\System\VaqrmLq.exe
  C:\Windows\System\VaqrmLq.exe
  2⤵
  PID:9320
- C:\Windows\System\URYvSMi.exe
  C:\Windows\System\URYvSMi.exe
  2⤵
  PID:9344
- C:\Windows\System\vyoqHPM.exe
  C:\Windows\System\vyoqHPM.exe
  2⤵
  PID:9364
- C:\Windows\System\jYWiHzu.exe
  C:\Windows\System\jYWiHzu.exe
  2⤵
  PID:9384
- C:\Windows\System\hgiVVQn.exe
  C:\Windows\System\hgiVVQn.exe
  2⤵
  PID:9400
- C:\Windows\System\NPKzrTO.exe
  C:\Windows\System\NPKzrTO.exe
  2⤵
  PID:9424
- C:\Windows\System\uYQcmDG.exe
  C:\Windows\System\uYQcmDG.exe
  2⤵
  PID:9444
- C:\Windows\System\hOAKXJc.exe
  C:\Windows\System\hOAKXJc.exe
  2⤵
  PID:9460
- C:\Windows\System\agIXiDk.exe
  C:\Windows\System\agIXiDk.exe
  2⤵
  PID:9484
- C:\Windows\System\PmxCHnU.exe
  C:\Windows\System\PmxCHnU.exe
  2⤵
  PID:9500
- C:\Windows\System\oaFPiVM.exe
  C:\Windows\System\oaFPiVM.exe
  2⤵
  PID:9524
- C:\Windows\System\hzcsHbn.exe
  C:\Windows\System\hzcsHbn.exe
  2⤵
  PID:9540
- C:\Windows\System\FkycEfJ.exe
  C:\Windows\System\FkycEfJ.exe
  2⤵
  PID:9564
- C:\Windows\System\eRzEqJV.exe
  C:\Windows\System\eRzEqJV.exe
  2⤵
  PID:9584
- C:\Windows\System\HenPtJm.exe
  C:\Windows\System\HenPtJm.exe
  2⤵
  PID:9604
- C:\Windows\System\JSrpGKY.exe
  C:\Windows\System\JSrpGKY.exe
  2⤵
  PID:9624
- C:\Windows\System\acSCHZc.exe
  C:\Windows\System\acSCHZc.exe
  2⤵
  PID:9640
- C:\Windows\System\kpQJgOx.exe
  C:\Windows\System\kpQJgOx.exe
  2⤵
  PID:9656
- C:\Windows\System\ltxMvqg.exe
  C:\Windows\System\ltxMvqg.exe
  2⤵
  PID:9676
- C:\Windows\System\ypNtIxu.exe
  C:\Windows\System\ypNtIxu.exe
  2⤵
  PID:9696
- C:\Windows\System\DYdKKbL.exe
  C:\Windows\System\DYdKKbL.exe
  2⤵
  PID:9716
- C:\Windows\System\dZIKMrI.exe
  C:\Windows\System\dZIKMrI.exe
  2⤵
  PID:9744
- C:\Windows\System\ewhGGLf.exe
  C:\Windows\System\ewhGGLf.exe
  2⤵
  PID:9760
- C:\Windows\System\sNQxvrC.exe
  C:\Windows\System\sNQxvrC.exe
  2⤵
  PID:9776
- C:\Windows\System\XDCGHlh.exe
  C:\Windows\System\XDCGHlh.exe
  2⤵
  PID:9800
- C:\Windows\System\ovIYeBs.exe
  C:\Windows\System\ovIYeBs.exe
  2⤵
  PID:9816
- C:\Windows\System\xXvqfpK.exe
  C:\Windows\System\xXvqfpK.exe
  2⤵
  PID:9832
- C:\Windows\System\mRdiELr.exe
  C:\Windows\System\mRdiELr.exe
  2⤵
  PID:9848
- C:\Windows\System\CScHbyy.exe
  C:\Windows\System\CScHbyy.exe
  2⤵
  PID:9864
- C:\Windows\System\rhAmTeb.exe
  C:\Windows\System\rhAmTeb.exe
  2⤵
  PID:9880
- C:\Windows\System\pnVNBKO.exe
  C:\Windows\System\pnVNBKO.exe
  2⤵
  PID:9924
- C:\Windows\System\ciojHTg.exe
  C:\Windows\System\ciojHTg.exe
  2⤵
  PID:9944
- C:\Windows\System\FLHVqea.exe
  C:\Windows\System\FLHVqea.exe
  2⤵
  PID:9964
- C:\Windows\System\rYECuJP.exe
  C:\Windows\System\rYECuJP.exe
  2⤵
  PID:9980
- C:\Windows\System\NFfwnlL.exe
  C:\Windows\System\NFfwnlL.exe
  2⤵
  PID:10000
- C:\Windows\System\fOkXofq.exe
  C:\Windows\System\fOkXofq.exe
  2⤵
  PID:10020
- C:\Windows\System\ItpeByL.exe
  C:\Windows\System\ItpeByL.exe
  2⤵
  PID:10036
- C:\Windows\System\rRpOrpe.exe
  C:\Windows\System\rRpOrpe.exe
  2⤵
  PID:10052
- C:\Windows\System\YPFjynW.exe
  C:\Windows\System\YPFjynW.exe
  2⤵
  PID:10076
- C:\Windows\System\iqcyCqP.exe
  C:\Windows\System\iqcyCqP.exe
  2⤵
  PID:10092
- C:\Windows\System\gryoDWE.exe
  C:\Windows\System\gryoDWE.exe
  2⤵
  PID:10112
- C:\Windows\System\oPGfVuj.exe
  C:\Windows\System\oPGfVuj.exe
  2⤵
  PID:10132
- C:\Windows\System\JPoupqR.exe
  C:\Windows\System\JPoupqR.exe
  2⤵
  PID:10156
- C:\Windows\System\mQkKsGr.exe
  C:\Windows\System\mQkKsGr.exe
  2⤵
  PID:10172
- C:\Windows\System\aaLlNel.exe
  C:\Windows\System\aaLlNel.exe
  2⤵
  PID:10188
- C:\Windows\System\sXxkIsu.exe
  C:\Windows\System\sXxkIsu.exe
  2⤵
  PID:10212
- C:\Windows\System\RRvQvFj.exe
  C:\Windows\System\RRvQvFj.exe
  2⤵
  PID:10228
- C:\Windows\System\nbFZhMj.exe
  C:\Windows\System\nbFZhMj.exe
  2⤵
  PID:8208
- C:\Windows\System\ievEsvN.exe
  C:\Windows\System\ievEsvN.exe
  2⤵
  PID:9264
- C:\Windows\System\sEiJkpd.exe
  C:\Windows\System\sEiJkpd.exe
  2⤵
  PID:9308
- C:\Windows\System\vEVfyOO.exe
  C:\Windows\System\vEVfyOO.exe
  2⤵
  PID:9336
- C:\Windows\System\GJnyehv.exe
  C:\Windows\System\GJnyehv.exe
  2⤵
  PID:9372
- C:\Windows\System\gIHrEOc.exe
  C:\Windows\System\gIHrEOc.exe
  2⤵
  PID:9408
- C:\Windows\System\BStHOPv.exe
  C:\Windows\System\BStHOPv.exe
  2⤵
  PID:9432
- C:\Windows\System\nPwogCy.exe
  C:\Windows\System\nPwogCy.exe
  2⤵
  PID:9468
- C:\Windows\System\LySqiTN.exe
  C:\Windows\System\LySqiTN.exe
  2⤵
  PID:9492
- C:\Windows\System\Orbzzpk.exe
  C:\Windows\System\Orbzzpk.exe
  2⤵
  PID:9532
- C:\Windows\System\jsRCZfw.exe
  C:\Windows\System\jsRCZfw.exe
  2⤵
  PID:9560
- C:\Windows\System\UYJdafi.exe
  C:\Windows\System\UYJdafi.exe
  2⤵
  PID:9576
- C:\Windows\System\lPKcelL.exe
  C:\Windows\System\lPKcelL.exe
  2⤵
  PID:9672
- C:\Windows\System\VptyexK.exe
  C:\Windows\System\VptyexK.exe
  2⤵
  PID:9708
- C:\Windows\System\PloijJP.exe
  C:\Windows\System\PloijJP.exe
  2⤵
  PID:9728
- C:\Windows\System\tceyciK.exe
  C:\Windows\System\tceyciK.exe
  2⤵
  PID:9756
- C:\Windows\System\LxIGqui.exe
  C:\Windows\System\LxIGqui.exe
  2⤵
  PID:9792
- C:\Windows\System\zHplEkR.exe
  C:\Windows\System\zHplEkR.exe
  2⤵
  PID:9860
- C:\Windows\System\sYYzfve.exe
  C:\Windows\System\sYYzfve.exe
  2⤵
  PID:9900
- C:\Windows\System\zqbidlr.exe
  C:\Windows\System\zqbidlr.exe
  2⤵
  PID:9876
- C:\Windows\System\jDtbFuY.exe
  C:\Windows\System\jDtbFuY.exe
  2⤵
  PID:9932
- C:\Windows\System\gtyAEkw.exe
  C:\Windows\System\gtyAEkw.exe
  2⤵
  PID:9940
- C:\Windows\System\XeWKkUZ.exe
  C:\Windows\System\XeWKkUZ.exe
  2⤵
  PID:9992
- C:\Windows\System\SmJEtcH.exe
  C:\Windows\System\SmJEtcH.exe
  2⤵
  PID:10060
- C:\Windows\System\xfDwosN.exe
  C:\Windows\System\xfDwosN.exe
  2⤵
  PID:9972
- C:\Windows\System\PyjLPjh.exe
  C:\Windows\System\PyjLPjh.exe
  2⤵
  PID:10140
- C:\Windows\System\DpQXjLc.exe
  C:\Windows\System\DpQXjLc.exe
  2⤵
  PID:10184
- C:\Windows\System\tORVgFQ.exe
  C:\Windows\System\tORVgFQ.exe
  2⤵
  PID:10200
- C:\Windows\System\vzqPfad.exe
  C:\Windows\System\vzqPfad.exe
  2⤵
  PID:9248
- C:\Windows\System\rbYzbeD.exe
  C:\Windows\System\rbYzbeD.exe
  2⤵
  PID:10016
- C:\Windows\System\ZCYiPDv.exe
  C:\Windows\System\ZCYiPDv.exe
  2⤵
  PID:10044
- C:\Windows\System\yswpydA.exe
  C:\Windows\System\yswpydA.exe
  2⤵
  PID:8808
- C:\Windows\System\WYuVvzX.exe
  C:\Windows\System\WYuVvzX.exe
  2⤵
  PID:9332
- C:\Windows\System\EhnifXT.exe
  C:\Windows\System\EhnifXT.exe
  2⤵
  PID:9396
- C:\Windows\System\HOVXGSZ.exe
  C:\Windows\System\HOVXGSZ.exe
  2⤵
  PID:9508
- C:\Windows\System\DXRGNeF.exe
  C:\Windows\System\DXRGNeF.exe
  2⤵
  PID:9548
- C:\Windows\System\FtCrQpw.exe
  C:\Windows\System\FtCrQpw.exe
  2⤵
  PID:9612
- C:\Windows\System\XdBayrT.exe
  C:\Windows\System\XdBayrT.exe
  2⤵
  PID:9620
- C:\Windows\System\XYRzPiP.exe
  C:\Windows\System\XYRzPiP.exe
  2⤵
  PID:9668
- C:\Windows\System\eNzzbdI.exe
  C:\Windows\System\eNzzbdI.exe
  2⤵
  PID:9692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AaihRdd.exe

Filesize
6.0MB

MD5
860a8b1d264fb305a8337e5fa7becf50

SHA1
5394bd5ab229f6570d48bda242e542191ce6377f

SHA256
a96ef57c054624bcefdff5aa8c1e90b261d6946c129062e0a4ba02054497c7f7

SHA512
514312e652efc574d0983318a28f3f44cbf371aad2875a62a37ab17e5eb5465e6c1c730cb46fcc64391cf8622684a538e29b6989bf331579e570c026aae3eb7c

Download Submit
C:\Windows\system\COjeKcd.exe

Filesize
6.0MB

MD5
b99fc433c8ce4ef901449e36085426b9

SHA1
94885ff44f416a012a10eff62a7d9b9ade089abc

SHA256
eefd6c4427b1ce039054b903096f441f0f00218944356ecb62648b5f9f7eeeb8

SHA512
29e205882ff99094aa42bf389f9199963c19c6a405ed29dd2562b88adda5b448ae1431853f33e0077f6a2282e1c3905426f504839c598b3b046826864728f69f

Download Submit
C:\Windows\system\DHEDcbO.exe

Filesize
6.0MB

MD5
389082ef66ff141dc9d79d99d9c92354

SHA1
2c7b6f2c3ee62ac9dd5b206bec282a1fe4afdd29

SHA256
4f73db5845f3d86233ff119bb57d868efc398204ebd9939b35765bbf3fbd460b

SHA512
579ef8f9e083cdf1b1d54c68e621a8797fc39f5f7133f21f2dde7d550493a5c59cccdb3ff3bda118a380799cda6e2b4de7ea4763cca7ebf125077c7c1a3c188e

Download Submit
C:\Windows\system\EdjHgkH.exe

Filesize
6.0MB

MD5
84921270f139c7be364fe70bcc456819

SHA1
2b3e7681d7005908512b6d586644f47507541314

SHA256
15a1455eed540b466e156402af72766d19d04924e844540e6db963702efe6982

SHA512
be457b1cd22045ea477e2db2a3b9744eca49261395decd53a3bc6bfeaf2eb25defb1584e12e456a1b7e964a551f879fd61f0cc15bf4beaed716ab3ff7ff2eaca

Download Submit
C:\Windows\system\IhfjcdY.exe

Filesize
6.0MB

MD5
038a0177323397d8afa8a17e1a5ed304

SHA1
78646be7f95d773583fed3bd8cabae5bfe9624bb

SHA256
6953d5480e308f2a42a85d807b9fe69deaceb21dc333d06a6019e64c506824e1

SHA512
de994ff0f8225ec7b8b858849aa7aae7204eea3d67246c37352281068d076bf6a4046474f3be5350bd7a1c6458066ec76f0cdf58904aca707520257f12720db8

Download Submit
C:\Windows\system\KXQmWlr.exe

Filesize
6.0MB

MD5
2d96b21d619aec37475210e222297563

SHA1
e64356f984c7b9ff38dbd3f1114d8d538ce2dadc

SHA256
662685359c68d4acb63bd37f8a15b4af884c750f46c5fc7dd5773855fb231c23

SHA512
8fde50f2434125cb76bbd686629284b4e1ca2c4e2ff7906b424d339234a51cfa659493bdce02051aa36b3c281900509cc7971641cf6b3bb22b10912573c4a0e9

Download Submit
C:\Windows\system\LLPAYjq.exe

Filesize
6.0MB

MD5
03b3624d9ab76582c1c4b76c9e5c55a7

SHA1
43c1de5da478ceb9ddd23af0ab2d27094d90bc83

SHA256
50c7d6597a1267f4a489e3c4cadcb207e940d9db73a4c06701b70deacbac633b

SHA512
2f339e6dcca75f3dddea64e0cf2d5709dcf48b5874be82208fb54d0b3c27146580a4a6b8610f60bae6b07e45392fc1d12f8d352109e3fa4169ee203b39fc0c9e

Download Submit
C:\Windows\system\MlSqYrY.exe

Filesize
8B

MD5
14772372203a5d018d2ffac193d18992

SHA1
06cebd2e70580489c6439203171851ca8047c074

SHA256
21c57bb1a82455329f12d89f5975108045f6b3f9a77fd23c506e383c90c7abf6

SHA512
57fd7b91832596687494a007e09b192c79a1de53a10aff12106ba7bbf24cc04056764f9348dd40e7fa6afafe0ad520f0dfc814ee24f4c53b6b2d4bdf8ab57b71

Download Submit
C:\Windows\system\ObZxsdW.exe

Filesize
6.0MB

MD5
c60e1f949b7438342286c2d40a611083

SHA1
f83485645054137debefebd6880ec286c978df85

SHA256
58ff76599f4bb31c0942a2f080f42d3fd1850661e46152b18ac6fdea3266d3b6

SHA512
c7d76ddafd6147e7c9de79c8ab28aeb118dfa5c9d82e751e257cc5df89a41d7cf48ce3736a1de3b0badae8c2a3898957c7073012e6ad9218fdcec595511f800b

Download Submit
C:\Windows\system\QloHlow.exe

Filesize
6.0MB

MD5
997855248d21cc127737984cd519cfbc

SHA1
4ba2c6341ca035e84ef2d8d0e601c769dedea828

SHA256
d167823119f6a2a3b6befbe0ff555ed4a814a5efece4daa3c8ceb6488758753c

SHA512
a36b805ec1293de6c0184b7ca03e5117def3b04ae1fb0d34ac9e2f4230c209795f9f59fd0d48b07566ba4086b28be32bc91287e18c6fbaedc7363ea7dd2fbbd4

Download Submit
C:\Windows\system\RNYmNba.exe

Filesize
6.0MB

MD5
cf46e1311b60a6eca2377bc6a755f83b

SHA1
c76ec92cd29583ff9514728b0382501822598fb3

SHA256
089d1987db122ebf0dd04b53c67e70b02bb42f410d784b6dcc3e4c57e455e370

SHA512
ee56bdf69ff99ea75780e500f5a0593f495e921575414c79f7e7536cc6c6c48c798411e69088c2c0064004d10b01811ae3ab559546c3d0a15203791e8f589de4

Download Submit
C:\Windows\system\SmigHts.exe

Filesize
6.0MB

MD5
24cd3c92c8db51be5c8421935dea3883

SHA1
2463259c9db3bd9a518b48e93816563f761ffb27

SHA256
9ae4a5331ff1d3702f7570418fd1742d863865ee5b0b48976f535ac58af5f98b

SHA512
60c2aa22df5dd8877344fbbb47d23486801a7335c25fe2625a10b5cf716cda54db7d95aa50426774c22b3176cb05632c283ee7e2bcd40e5426ca7062a1fc4238

Download Submit
C:\Windows\system\TsgouJt.exe

Filesize
6.0MB

MD5
0e0368dc211e12b086187209371e53bd

SHA1
e19b37bd984fb4119ab9d917249efe2dd7a1cfe5

SHA256
f76017348f9da8b0f3d118f5a284f85d71c4a6f921885256701337ebecc3b226

SHA512
bc83112caf23436bd4e543ddfd6029d1090d7d6abbc1d108637c41f09c8f3e0bf0b23def23b1e7406baba656680558dbaf635e7205622023cc78695d8f9fbff5

Download Submit
C:\Windows\system\VFPEuLq.exe

Filesize
6.0MB

MD5
2202e8b741cd205d4b86d78e69e7bd70

SHA1
04d8da00b75321bdcc981190cefa9b99604f08d1

SHA256
188d3ed8661f961ffcd502194d41ce68d5a7ee7bd47e25f6dbf82083f52cbe19

SHA512
af9eb1a35f8f53e8a6cb47b3339756190f15fea28a417a43faa0556e508e1f212a6e96e5012fe7a886b2fc8d4c4dfbd3c89b6e1ee38bb3c466c535cfee2d6a89

Download Submit
C:\Windows\system\XYFJJgs.exe

Filesize
6.0MB

MD5
9db1d2e1ad68d758b7d0f8a58b4e0781

SHA1
a3780870c299e43a16d17e9d22ec5a200020b6cf

SHA256
3bc7db6cad747f10b0f3639d01908c186be541f1a23a230f125c90e64a29b1e7

SHA512
33f666eb7bb5c487816acd13fd84508ba96bad9df2ab3788548ac3fde7dc3e5c239cb52b1d4985a10a323cea0a2e9d86adc092bc32f42f410a423f69cae86351

Download Submit
C:\Windows\system\YEsViII.exe

Filesize
6.0MB

MD5
159a78a109ba4e13d94cb18b6dbdf28d

SHA1
92294ffb6f345df391eb703c752a722bafc02c50

SHA256
1bc612952119a2c4cb175c46c3fb55209a49a087d0761035f909c8f3caa04136

SHA512
cf49701baffec522702708970e222ed109c64ef2df6fddfd95429ef3134633fda349d420fb8548977785c1269c0bf28d06a3ad33bcb35f5137c79843adb4cba9

Download Submit
C:\Windows\system\ZfKXkYo.exe

Filesize
6.0MB

MD5
cd93e9f40f1ddb45b2daccc39c8032a5

SHA1
691f5874540c848c14272167c89c30f249427241

SHA256
03eea55419f4aec49ec608fe32c52b5bc4b1df035d366673893a0a97265703d8

SHA512
357f8c56fa8da2db965db3158dd7962659432413ee58753df933223f7038f714c7f4216e18b1acc85c35627507030c248a0a88935cebc30ff9aedf8582acd411

Download Submit
C:\Windows\system\aJkTnYV.exe

Filesize
6.0MB

MD5
aaf21c2ba5bfe8fbdb87d569574ff5a2

SHA1
e37ac4286216c6bd36c802ee468c0a80a79f7279

SHA256
6b908225d430b9ca6347b96e350d33327dd97d25dc55006f67602618e43f6ee7

SHA512
bfa8f672988d0b8c89360e720aad420cff12c10529d99a587e103a96271ae5dea77d8e3153d82ae66a52783d58271fe4df59d6392cb4ecc0d276451c7ef13336

Download Submit
C:\Windows\system\eWMULHJ.exe

Filesize
6.0MB

MD5
7e39c1b32cad704c06f24195324e1b3a

SHA1
34e78eb77ac2767b67ca9d9f153b7d15b35d6415

SHA256
f2f352d39db6c973493be6d60b802f1c44722972b8ad5ed0ca5549158cc156d3

SHA512
c644364dcf4f30dbd68cdc9778eb03e50477c2846a1f30ea0d85e0223558ec0d30fd3f1cbadb74e338083d650f49101514458a07faf0749d09cd65cb0709facf

Download Submit
C:\Windows\system\evqqwQV.exe

Filesize
6.0MB

MD5
ef135f54a3b562ba2aa3c6629795a20d

SHA1
441bc20ba08dd5155b07303d425827817db174ea

SHA256
2364a27d5fb46602ac5bec9593e31858ca50887d74477066677d98d85ef8e2c6

SHA512
4720b763884cc623dadd33ed52e519220fbc31c935fbafdb376619014da7c3af582a6a42d6c490f69f6072058ea00421c26034c94208be943b947a54e1a81400

Download Submit
C:\Windows\system\ihYLFVd.exe

Filesize
6.0MB

MD5
7f170caccbd2b4feeacf0d9c87397d45

SHA1
4198c2320f38d04058019b9528d6d51e6599c469

SHA256
cb24130a8dfe9dda64f24f93072eb9dc48b8bca298f3699cdd0cfbcf715424ad

SHA512
549638ad3fbefa3f2917990a115792b09ea0eb6708d7f44e388b5a9f17922f0de23d7a24a6893a956be7f26303ecf7efb9528749110069564ff4d7c02e1263db

Download Submit
C:\Windows\system\naTSxHP.exe

Filesize
6.0MB

MD5
bcf660f1a16480a67d6e5ec805359a88

SHA1
805f0ae16347d8a2d1ab839a11f7fafbeb5cf50b

SHA256
d1894f1ce0cd42d78f6800f0cd1d936eea3310a703ba31e632e441a5cf366a64

SHA512
69a5e28f31765946bc20837294e58ff8f8e7ddc12ab40df42f2eb52707c69dff03536dea893c6510d0e137da0ce8b9f707eb72dc3773bc7e7884178fdbd0343b

Download Submit
C:\Windows\system\pndJawt.exe

Filesize
6.0MB

MD5
6a7acdfd88dde2e240bcc21d673d5fbd

SHA1
b361b8df0e9ae7848eb57513cda0df6b4320e3e4

SHA256
9b0e3d20ceeddce7eb0a0b48851451e4073335071f5571374f172dce91f3f10c

SHA512
a8e1230b7f19b882e7f7c7cef940f4de1991864d5ab54954d564a7cbab50bc7ec523030d229df41ea87393f5d37a4999655b35c4858054bea35e18137e202365

Download Submit
C:\Windows\system\qFVjNtz.exe

Filesize
6.0MB

MD5
0cfb519633a6fd8a7ff2f0d3d678a64a

SHA1
b7dd369e650e8685a26b586bd6124fbd8764b991

SHA256
10992f487f73be0926c47e96349fa08ea468c3145b71ea17731590c340a6f31f

SHA512
f0318520a515b71955246a7c4be423947d1c67142a2082b52333faf58b059a090d565048b4f7eeafa91ce80ec035d896aefdcb5e027791ffa8d420b5cc7439a5

Download Submit
C:\Windows\system\rKsmROL.exe

Filesize
6.0MB

MD5
5e2e76d4f86a880e5c40a9bc707437b9

SHA1
3fda7ae4e5221b0e0f879f51db23a85024bb182b

SHA256
fe55eb2adb0c388fdd1be99056c8de6683c305f1080e606e5beaca833baa6d41

SHA512
520ab712d36cced001299d5f72bd7db45253a42c0c8724c54a75a50ceff4c685e6f0d535dee229d1af166ed84291d6b119271244f185afa26170a3e624b86542

Download Submit
C:\Windows\system\ulDfhQf.exe

Filesize
6.0MB

MD5
9f965f84ff894f5da35691d8899a0d6f

SHA1
165098ac2952e1d06a6c7530ed53df4491af7f06

SHA256
524bd4811721237f8df7abda4716a69913ff0992c1e35632f03d7519a7a4d87e

SHA512
6b81da7ecdfa6038686d450b5e6a3edcb9b0f61a2f2de378fa2f6aaccddb02ea62fb1b6095b39e6bd6d08c134e3e9ea1d323b94e3e178f2ba9af2ce62e085c90

Download Submit
C:\Windows\system\xKLIqnq.exe

Filesize
6.0MB

MD5
6d9164029d23cd1ff1111695061b2d4d

SHA1
a0fe2d12dc21386375e8918ea676c11277652566

SHA256
8ea6d17eee10022401c8b546b6a6ac438551df12fadcba26453a30e7ef112bb3

SHA512
ec2c09c5230ace2250934cb7cfca2557c41a2499c62e65d94f75badf8a0ba5018c1ff88c48b946f9107c0009409cca24abfced8472d5c79315b9d64bd8bcd3ab

Download Submit
\Windows\system\PWJoFBm.exe

Filesize
6.0MB

MD5
6bb55d950e65c728cff50d952a0e5ed6

SHA1
2f56b7879503a1b8111b8cd34786d069ae50aa3a

SHA256
7215c46a79938d432ca2baca8ac9a012cbe36d2666a993845ebfe33f028dcecc

SHA512
814b18a004cff241501d733facc601f469eb6525d8dd1b403ccadb1bece5d94139cfac1d05f683af68d5111f0f30927923f0d2e048d93eff94fcca3e06a56e25

Download Submit
\Windows\system\XrZSWeL.exe

Filesize
6.0MB

MD5
098607c046a157e8342298709f070232

SHA1
afb339bd94374022fdfb0bcdf12c69681f9eefec

SHA256
6a49d1da4ead79d80e67a906fb390c643043c95e7eff9221e20444ae2938a287

SHA512
8fb2f6596994a76ce48bffeb216946891039bb290eb4499a39daeff38187384acaf898478df7d65a74d212bd331b8a16e54dfc9b4ba028c7e91c5089fe4e865c

Download Submit
\Windows\system\aQTjUaN.exe

Filesize
6.0MB

MD5
962b923008c4ca55fb903dbebaa9efe1

SHA1
be0e65a20cc46c0e06dafe910eebe072a69091bc

SHA256
9be43127fb6cf901348d32de3527ef270b934ab23c79edc8d6552febe354bbbe

SHA512
312105961f699fea33316f016c3e995eeaa24bca0e08e05f8df1bafe0cf8b25cab44d99f36ed22603849b86a099b542cbf9ad7359634de1f36fcb1eef429a913

Download Submit
\Windows\system\dmfuCOe.exe

Filesize
6.0MB

MD5
8d7b00932b5844da2c4b5d74bfa243da

SHA1
a464ed1742a6d3db45223071d1563d484468f409

SHA256
230017e9957ed90d09f211e25fefc11533673f7b25e7d2a40e72b0c695188d7c

SHA512
1152fb350583eca85c87a374a456f30fa0ae6b1ee8b80fb3f14846d870b5de27dd324ce4f36c0ba4529d7d67581372e407d156e4030cc56dc2c3d7c6160ce39a

Download Submit
\Windows\system\ecOrcCg.exe

Filesize
6.0MB

MD5
e6417596952779a38baa482c22676ac3

SHA1
47d12700330cd36f3eb92648952b9dbc82d74803

SHA256
24863125399077d75afc5eb29249ffff2e4db257b98fb24cb1548735959b317d

SHA512
593c83d0886cc9be9eb89cc7b21001d781236367c3e41a69136579a5ec9f656f9e82789fcaada38f01221a44cd71667e7c556a16be1779e41ec4a39f37add197

Download Submit
\Windows\system\vDCmipI.exe

Filesize
6.0MB

MD5
be3b17bdac04564d8a90624c15e8a553

SHA1
6dd25f7770cfc3049298120350fd1668b6acbba1

SHA256
6fbbd0e4dd01cdf7409e2fa98e5bc5e455c87e3ff2af1c9c4857f62439d9bf7e

SHA512
4a9b8e63789d978999203acc8b3cb29f3849d5bd51e0a6c5d282fc6530f5c488c59ed33fb25f0647d0dc2cc625d8c9db5f9daebb00203ac442564ea53cac6b5d

Download Submit
memory/1396-3977-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/1396-107-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/1396-1030-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/1768-85-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/1768-3975-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/1768-525-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/1940-99-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/1940-825-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/1940-4033-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2072-931-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2072-16-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2072-250-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2072-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2072-458-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2072-6-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2072-48-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2072-717-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2072-93-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2072-12-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2072-30-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2072-49-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2072-0-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/2072-72-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2072-1074-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2072-111-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2072-34-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2072-102-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2072-69-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2072-56-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2072-62-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2072-101-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2072-82-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2072-25-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2088-81-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2088-3974-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2088-45-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2456-4027-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2456-55-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2552-3962-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2552-65-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2552-106-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2588-614-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-91-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-4000-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-38-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2652-78-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2652-3949-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2704-110-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-4008-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-70-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-79-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2716-347-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2716-4002-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3956-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-77-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-33-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-57-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-98-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-3995-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-3945-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-21-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-61-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-90-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2848-50-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2848-3959-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download