cobaltstrike | 641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
28/09/2024, 22:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
Size

6.0MB
MD5

4035a8fde5c23a6d109b3f359986edbf
SHA1

c20207d8b219da9ae72aec7e5cac790340a0669c
SHA256

641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba
SHA512

ddc0111428d6bc443f40f082f1c0aa8caf528822cded2d9c263c44e1e5ed9aeb1209cfc891482c5a50ab54d0d45fb920b10d5fac35593137f5b21b830f197120
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUB:T+q56utgpPF8u/7B

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000700000001211a-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ddf-12.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926b-63.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001934d-84.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961c-168.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e5-166.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a6-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019524-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001951c-154.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ba-150.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a4-146.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019468-142.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019462-138.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001944e-134.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019444-131.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001942e-122.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193ee-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019439-126.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941f-118.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d65-110.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d5-107.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001936c-102.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019361-96.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019315-83.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019266-81.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019259-78.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173de-30.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000174a8-29.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016e9f-28.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016fb3-19.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925d-62.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000174f5-61.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016dcf-27.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2416-0-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/files/0x000700000001211a-6.dat	xmrig
behavioral1/files/0x0008000000016ddf-12.dat	xmrig
behavioral1/files/0x000500000001926b-63.dat	xmrig
behavioral1/memory/1720-64-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2808-71-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/1800-73-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/2820-74-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/files/0x000500000001934d-84.dat	xmrig
behavioral1/memory/2416-566-0x00000000022F0000-0x0000000002644000-memory.dmp	xmrig
behavioral1/files/0x000500000001961c-168.dat	xmrig
behavioral1/files/0x00050000000195e5-166.dat	xmrig
behavioral1/files/0x00050000000195a6-162.dat	xmrig
behavioral1/files/0x0005000000019524-158.dat	xmrig
behavioral1/files/0x000500000001951c-154.dat	xmrig
behavioral1/files/0x00050000000194ba-150.dat	xmrig
behavioral1/files/0x00050000000194a4-146.dat	xmrig
behavioral1/files/0x0005000000019468-142.dat	xmrig
behavioral1/files/0x0005000000019462-138.dat	xmrig
behavioral1/files/0x000500000001944e-134.dat	xmrig
behavioral1/files/0x0005000000019444-131.dat	xmrig
behavioral1/files/0x000500000001942e-122.dat	xmrig
behavioral1/files/0x00050000000193ee-114.dat	xmrig
behavioral1/files/0x0005000000019439-126.dat	xmrig
behavioral1/files/0x000500000001941f-118.dat	xmrig
behavioral1/files/0x0008000000016d65-110.dat	xmrig
behavioral1/files/0x00050000000193d5-107.dat	xmrig
behavioral1/files/0x000500000001936c-102.dat	xmrig
behavioral1/memory/592-98-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/2712-97-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019361-96.dat	xmrig
behavioral1/files/0x0005000000019315-83.dat	xmrig
behavioral1/memory/2888-82-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/files/0x0005000000019266-81.dat	xmrig
behavioral1/memory/2464-79-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019259-78.dat	xmrig
behavioral1/memory/1680-91-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2416-88-0x00000000022F0000-0x0000000002644000-memory.dmp	xmrig
behavioral1/memory/2292-87-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2436-86-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/2412-85-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/2436-39-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/2412-33-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/files/0x00070000000173de-30.dat	xmrig
behavioral1/files/0x00070000000174a8-29.dat	xmrig
behavioral1/files/0x0008000000016e9f-28.dat	xmrig
behavioral1/files/0x0008000000016fb3-19.dat	xmrig
behavioral1/memory/2644-70-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2712-68-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/2416-65-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/files/0x000500000001925d-62.dat	xmrig
behavioral1/files/0x00090000000174f5-61.dat	xmrig
behavioral1/memory/2292-48-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/files/0x0009000000016dcf-27.dat	xmrig
behavioral1/memory/1800-11-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/1800-3258-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/2292-3259-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2436-3264-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/2412-3272-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/2712-3270-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/2808-3274-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/1720-3269-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2644-3278-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2628-4044-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1800	lLnfxPx.exe
2412	BithpgZ.exe
2436	UfnLfDQ.exe
2292	TYhbTSt.exe
1720	FynobkY.exe
2808	shlgWAo.exe
2712	AxSzZpl.exe
2644	ndgAGZY.exe
2820	iMNrsws.exe
2464	WTfzVJv.exe
2888	ccfrXaZ.exe
2628	CtrLXyZ.exe
1680	zHEJLGF.exe
592	GIynVOZ.exe
1148	IAIKtOI.exe
2784	yQlgKba.exe
2980	hPGpxNh.exe
1820	iNmNvyf.exe
2912	uuXJcDq.exe
2936	qIJwkvo.exe
992	zPOZEPo.exe
1312	GxjOTdV.exe
1744	BnHbpIC.exe
2320	PBSvnZs.exe
2244	aeOgEyB.exe
2572	azPEWGa.exe
2368	AKRyMQc.exe
1780	JsVgdEc.exe
2100	zpMbCGX.exe
2072	zdGNHiu.exe
2364	euOlHtw.exe
948	CXCnuWd.exe
3048	VCntHjA.exe
2592	ZavsKrT.exe
1776	uJGUyXO.exe
952	qLiDOWn.exe
2944	lClAEBA.exe
1504	sDLOeTL.exe
2160	MGiKTPt.exe
652	YldkHBO.exe
1388	tGITweq.exe
2060	qQaPmyl.exe
2504	ZgrNcxO.exe
1752	Qavojca.exe
1344	sTkRHCa.exe
1100	LgiYxcy.exe
2084	oOVJvfo.exe
2192	yXJNMfX.exe
2276	GINxCum.exe
1316	sXhgbXN.exe
2212	lAkehpD.exe
2448	nSslpbJ.exe
2476	gAWpnjJ.exe
2468	NoJOQtE.exe
2568	iJVgVWQ.exe
1264	lRzWGZm.exe
1040	wuaNDkB.exe
880	yidRMiJ.exe
1280	ubaNMAA.exe
3012	YtDohYT.exe
3064	aNdbxTI.exe
2304	rJbyoJR.exe
1676	Qkbjxvf.exe
1816	BKgRCkR.exe

Loads dropped DLL 64 IoCs

pid	Process
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2416-0-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/files/0x000700000001211a-6.dat	upx
behavioral1/files/0x0008000000016ddf-12.dat	upx
behavioral1/files/0x000500000001926b-63.dat	upx
behavioral1/memory/1720-64-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2808-71-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/1800-73-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2820-74-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/files/0x000500000001934d-84.dat	upx
behavioral1/files/0x000500000001961c-168.dat	upx
behavioral1/files/0x00050000000195e5-166.dat	upx
behavioral1/files/0x00050000000195a6-162.dat	upx
behavioral1/files/0x0005000000019524-158.dat	upx
behavioral1/files/0x000500000001951c-154.dat	upx
behavioral1/files/0x00050000000194ba-150.dat	upx
behavioral1/files/0x00050000000194a4-146.dat	upx
behavioral1/files/0x0005000000019468-142.dat	upx
behavioral1/files/0x0005000000019462-138.dat	upx
behavioral1/files/0x000500000001944e-134.dat	upx
behavioral1/files/0x0005000000019444-131.dat	upx
behavioral1/files/0x000500000001942e-122.dat	upx
behavioral1/files/0x00050000000193ee-114.dat	upx
behavioral1/files/0x0005000000019439-126.dat	upx
behavioral1/files/0x000500000001941f-118.dat	upx
behavioral1/files/0x0008000000016d65-110.dat	upx
behavioral1/files/0x00050000000193d5-107.dat	upx
behavioral1/files/0x000500000001936c-102.dat	upx
behavioral1/memory/592-98-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/2712-97-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/files/0x0005000000019361-96.dat	upx
behavioral1/files/0x0005000000019315-83.dat	upx
behavioral1/memory/2888-82-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/files/0x0005000000019266-81.dat	upx
behavioral1/memory/2464-79-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/files/0x0006000000019259-78.dat	upx
behavioral1/memory/1680-91-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2292-87-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2436-86-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2412-85-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/2436-39-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2412-33-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/files/0x00070000000173de-30.dat	upx
behavioral1/files/0x00070000000174a8-29.dat	upx
behavioral1/files/0x0008000000016e9f-28.dat	upx
behavioral1/files/0x0008000000016fb3-19.dat	upx
behavioral1/memory/2644-70-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2712-68-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/2416-65-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/files/0x000500000001925d-62.dat	upx
behavioral1/files/0x00090000000174f5-61.dat	upx
behavioral1/memory/2292-48-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/files/0x0009000000016dcf-27.dat	upx
behavioral1/memory/1800-11-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/1800-3258-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2292-3259-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2436-3264-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2412-3272-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/2712-3270-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/2808-3274-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/1720-3269-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2644-3278-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2628-4044-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2888-4045-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/memory/2820-4047-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\hHaHBqR.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\TzftNbH.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\alRIfAV.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\sWxeFEi.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\YldkHBO.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\apBDQnF.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\jyJGlpk.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\WXihKCK.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\fksmlkL.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\nPWoXwE.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\ymvBOzh.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\zfnueXM.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\jNyjVTv.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\RtFRRie.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\hgVWdJq.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\JsVgdEc.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\ViChztK.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\sZfoHrV.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\zKGeKqV.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\aeOgEyB.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\rJbyoJR.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\okgCMQj.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\aIHatiU.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\sSPaYit.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\GHKBBju.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\MKIHXho.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\xoTrvJt.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\ghuTbTl.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\HUXRKKG.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\lkaXNYw.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\rkEozNh.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\cRLovJB.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\sDLOeTL.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\dAofPBq.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\xcgSgga.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\DidWlwW.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\zUqVjqs.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\ojrsbSq.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\bBROLLS.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\btSwQto.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\lRzWGZm.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\ZYOpecj.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\gueJhIw.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\YEtXGcV.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\nryJqlY.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\GotVdqm.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\cDBECfA.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\uczGUFR.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\MCWahfX.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\hyGHSSe.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\QKpbQZO.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\vYYfwZL.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\JzoTgut.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\phiNQzW.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\MmRzsfy.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\sXhgbXN.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\HNIkaHx.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\qTeHVfN.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\xywSXsK.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\zzUHsLa.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\dnkvkqd.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\YjqGOWA.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\imfTTCX.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
File created	C:\Windows\System\UaFyRFl.exe	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 1800	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	31
PID 2416 wrote to memory of 1800	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	31
PID 2416 wrote to memory of 1800	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	31
PID 2416 wrote to memory of 2412	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	32
PID 2416 wrote to memory of 2412	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	32
PID 2416 wrote to memory of 2412	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	32
PID 2416 wrote to memory of 1720	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	33
PID 2416 wrote to memory of 1720	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	33
PID 2416 wrote to memory of 1720	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	33
PID 2416 wrote to memory of 2436	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	34
PID 2416 wrote to memory of 2436	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	34
PID 2416 wrote to memory of 2436	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	34
PID 2416 wrote to memory of 2540	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	35
PID 2416 wrote to memory of 2540	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	35
PID 2416 wrote to memory of 2540	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	35
PID 2416 wrote to memory of 2292	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	36
PID 2416 wrote to memory of 2292	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	36
PID 2416 wrote to memory of 2292	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	36
PID 2416 wrote to memory of 2820	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	37
PID 2416 wrote to memory of 2820	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	37
PID 2416 wrote to memory of 2820	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	37
PID 2416 wrote to memory of 2808	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	38
PID 2416 wrote to memory of 2808	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	38
PID 2416 wrote to memory of 2808	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	38
PID 2416 wrote to memory of 2464	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	39
PID 2416 wrote to memory of 2464	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	39
PID 2416 wrote to memory of 2464	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	39
PID 2416 wrote to memory of 2712	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	40
PID 2416 wrote to memory of 2712	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	40
PID 2416 wrote to memory of 2712	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	40
PID 2416 wrote to memory of 2888	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	41
PID 2416 wrote to memory of 2888	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	41
PID 2416 wrote to memory of 2888	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	41
PID 2416 wrote to memory of 2644	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	42
PID 2416 wrote to memory of 2644	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	42
PID 2416 wrote to memory of 2644	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	42
PID 2416 wrote to memory of 2628	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	43
PID 2416 wrote to memory of 2628	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	43
PID 2416 wrote to memory of 2628	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	43
PID 2416 wrote to memory of 1680	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	44
PID 2416 wrote to memory of 1680	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	44
PID 2416 wrote to memory of 1680	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	44
PID 2416 wrote to memory of 592	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	45
PID 2416 wrote to memory of 592	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	45
PID 2416 wrote to memory of 592	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	45
PID 2416 wrote to memory of 1148	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	46
PID 2416 wrote to memory of 1148	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	46
PID 2416 wrote to memory of 1148	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	46
PID 2416 wrote to memory of 2784	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	47
PID 2416 wrote to memory of 2784	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	47
PID 2416 wrote to memory of 2784	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	47
PID 2416 wrote to memory of 2980	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	48
PID 2416 wrote to memory of 2980	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	48
PID 2416 wrote to memory of 2980	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	48
PID 2416 wrote to memory of 1820	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	49
PID 2416 wrote to memory of 1820	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	49
PID 2416 wrote to memory of 1820	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	49
PID 2416 wrote to memory of 2912	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	50
PID 2416 wrote to memory of 2912	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	50
PID 2416 wrote to memory of 2912	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	50
PID 2416 wrote to memory of 2936	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	51
PID 2416 wrote to memory of 2936	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	51
PID 2416 wrote to memory of 2936	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	51
PID 2416 wrote to memory of 992	2416	641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe	52

C:\Users\Admin\AppData\Local\Temp\641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe
"C:\Users\Admin\AppData\Local\Temp\641cd07d05f8e1cd0c230f86ac3213363146bf706e9e3c985f7430c216f9d2ba.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Windows\System\lLnfxPx.exe
  C:\Windows\System\lLnfxPx.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\BithpgZ.exe
  C:\Windows\System\BithpgZ.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\FynobkY.exe
  C:\Windows\System\FynobkY.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\UfnLfDQ.exe
  C:\Windows\System\UfnLfDQ.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\bBrVbrt.exe
  C:\Windows\System\bBrVbrt.exe
  2⤵
  PID:2540
- C:\Windows\System\TYhbTSt.exe
  C:\Windows\System\TYhbTSt.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\iMNrsws.exe
  C:\Windows\System\iMNrsws.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\shlgWAo.exe
  C:\Windows\System\shlgWAo.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\WTfzVJv.exe
  C:\Windows\System\WTfzVJv.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\AxSzZpl.exe
  C:\Windows\System\AxSzZpl.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\ccfrXaZ.exe
  C:\Windows\System\ccfrXaZ.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\ndgAGZY.exe
  C:\Windows\System\ndgAGZY.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\CtrLXyZ.exe
  C:\Windows\System\CtrLXyZ.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\zHEJLGF.exe
  C:\Windows\System\zHEJLGF.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\GIynVOZ.exe
  C:\Windows\System\GIynVOZ.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\IAIKtOI.exe
  C:\Windows\System\IAIKtOI.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\yQlgKba.exe
  C:\Windows\System\yQlgKba.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\hPGpxNh.exe
  C:\Windows\System\hPGpxNh.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\iNmNvyf.exe
  C:\Windows\System\iNmNvyf.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\uuXJcDq.exe
  C:\Windows\System\uuXJcDq.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\qIJwkvo.exe
  C:\Windows\System\qIJwkvo.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\zPOZEPo.exe
  C:\Windows\System\zPOZEPo.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\GxjOTdV.exe
  C:\Windows\System\GxjOTdV.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\BnHbpIC.exe
  C:\Windows\System\BnHbpIC.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\PBSvnZs.exe
  C:\Windows\System\PBSvnZs.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\aeOgEyB.exe
  C:\Windows\System\aeOgEyB.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\azPEWGa.exe
  C:\Windows\System\azPEWGa.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\AKRyMQc.exe
  C:\Windows\System\AKRyMQc.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\JsVgdEc.exe
  C:\Windows\System\JsVgdEc.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\zpMbCGX.exe
  C:\Windows\System\zpMbCGX.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\zdGNHiu.exe
  C:\Windows\System\zdGNHiu.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\euOlHtw.exe
  C:\Windows\System\euOlHtw.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\CXCnuWd.exe
  C:\Windows\System\CXCnuWd.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\VCntHjA.exe
  C:\Windows\System\VCntHjA.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\ZavsKrT.exe
  C:\Windows\System\ZavsKrT.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\uJGUyXO.exe
  C:\Windows\System\uJGUyXO.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\qLiDOWn.exe
  C:\Windows\System\qLiDOWn.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\lClAEBA.exe
  C:\Windows\System\lClAEBA.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\sDLOeTL.exe
  C:\Windows\System\sDLOeTL.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\MGiKTPt.exe
  C:\Windows\System\MGiKTPt.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\YldkHBO.exe
  C:\Windows\System\YldkHBO.exe
  2⤵
  - Executes dropped EXE
  PID:652
- C:\Windows\System\tGITweq.exe
  C:\Windows\System\tGITweq.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\qQaPmyl.exe
  C:\Windows\System\qQaPmyl.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\ZgrNcxO.exe
  C:\Windows\System\ZgrNcxO.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\Qavojca.exe
  C:\Windows\System\Qavojca.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\sTkRHCa.exe
  C:\Windows\System\sTkRHCa.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\LgiYxcy.exe
  C:\Windows\System\LgiYxcy.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\oOVJvfo.exe
  C:\Windows\System\oOVJvfo.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\yXJNMfX.exe
  C:\Windows\System\yXJNMfX.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\GINxCum.exe
  C:\Windows\System\GINxCum.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\sXhgbXN.exe
  C:\Windows\System\sXhgbXN.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\lAkehpD.exe
  C:\Windows\System\lAkehpD.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\nSslpbJ.exe
  C:\Windows\System\nSslpbJ.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\gAWpnjJ.exe
  C:\Windows\System\gAWpnjJ.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\NoJOQtE.exe
  C:\Windows\System\NoJOQtE.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\iJVgVWQ.exe
  C:\Windows\System\iJVgVWQ.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\lRzWGZm.exe
  C:\Windows\System\lRzWGZm.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\wuaNDkB.exe
  C:\Windows\System\wuaNDkB.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\yidRMiJ.exe
  C:\Windows\System\yidRMiJ.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\ubaNMAA.exe
  C:\Windows\System\ubaNMAA.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\YtDohYT.exe
  C:\Windows\System\YtDohYT.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\aNdbxTI.exe
  C:\Windows\System\aNdbxTI.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\rJbyoJR.exe
  C:\Windows\System\rJbyoJR.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\Qkbjxvf.exe
  C:\Windows\System\Qkbjxvf.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\BKgRCkR.exe
  C:\Windows\System\BKgRCkR.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\sotYQno.exe
  C:\Windows\System\sotYQno.exe
  2⤵
  PID:3008
- C:\Windows\System\QkzuBPz.exe
  C:\Windows\System\QkzuBPz.exe
  2⤵
  PID:2148
- C:\Windows\System\AiUdtCA.exe
  C:\Windows\System\AiUdtCA.exe
  2⤵
  PID:804
- C:\Windows\System\qzoYNEZ.exe
  C:\Windows\System\qzoYNEZ.exe
  2⤵
  PID:2940
- C:\Windows\System\msoIVDL.exe
  C:\Windows\System\msoIVDL.exe
  2⤵
  PID:2616
- C:\Windows\System\khwteHd.exe
  C:\Windows\System\khwteHd.exe
  2⤵
  PID:2780
- C:\Windows\System\ynMGZyA.exe
  C:\Windows\System\ynMGZyA.exe
  2⤵
  PID:2840
- C:\Windows\System\HZJZRtk.exe
  C:\Windows\System\HZJZRtk.exe
  2⤵
  PID:2552
- C:\Windows\System\GqLekxi.exe
  C:\Windows\System\GqLekxi.exe
  2⤵
  PID:2576
- C:\Windows\System\vBZUXlS.exe
  C:\Windows\System\vBZUXlS.exe
  2⤵
  PID:1472
- C:\Windows\System\xKQNsrT.exe
  C:\Windows\System\xKQNsrT.exe
  2⤵
  PID:764
- C:\Windows\System\ttHoLrX.exe
  C:\Windows\System\ttHoLrX.exe
  2⤵
  PID:2856
- C:\Windows\System\dguGPxM.exe
  C:\Windows\System\dguGPxM.exe
  2⤵
  PID:2908
- C:\Windows\System\KRcEjbO.exe
  C:\Windows\System\KRcEjbO.exe
  2⤵
  PID:580
- C:\Windows\System\sTkpliR.exe
  C:\Windows\System\sTkpliR.exe
  2⤵
  PID:2236
- C:\Windows\System\GQvrTcz.exe
  C:\Windows\System\GQvrTcz.exe
  2⤵
  PID:2032
- C:\Windows\System\VVzZEjC.exe
  C:\Windows\System\VVzZEjC.exe
  2⤵
  PID:2152
- C:\Windows\System\fhxsogK.exe
  C:\Windows\System\fhxsogK.exe
  2⤵
  PID:1496
- C:\Windows\System\cofmrzy.exe
  C:\Windows\System\cofmrzy.exe
  2⤵
  PID:2800
- C:\Windows\System\gYwqzFs.exe
  C:\Windows\System\gYwqzFs.exe
  2⤵
  PID:2004
- C:\Windows\System\qkFUrTg.exe
  C:\Windows\System\qkFUrTg.exe
  2⤵
  PID:1384
- C:\Windows\System\kxozyxV.exe
  C:\Windows\System\kxozyxV.exe
  2⤵
  PID:2112
- C:\Windows\System\nBTwVQE.exe
  C:\Windows\System\nBTwVQE.exe
  2⤵
  PID:832
- C:\Windows\System\kcqIQvX.exe
  C:\Windows\System\kcqIQvX.exe
  2⤵
  PID:1952
- C:\Windows\System\NsuEtaw.exe
  C:\Windows\System\NsuEtaw.exe
  2⤵
  PID:1540
- C:\Windows\System\HxlyQUO.exe
  C:\Windows\System\HxlyQUO.exe
  2⤵
  PID:2088
- C:\Windows\System\HJbOvnx.exe
  C:\Windows\System\HJbOvnx.exe
  2⤵
  PID:1160
- C:\Windows\System\oLzEqDw.exe
  C:\Windows\System\oLzEqDw.exe
  2⤵
  PID:864
- C:\Windows\System\uMUyruw.exe
  C:\Windows\System\uMUyruw.exe
  2⤵
  PID:1484
- C:\Windows\System\CsNgdaM.exe
  C:\Windows\System\CsNgdaM.exe
  2⤵
  PID:1372
- C:\Windows\System\VoDvGuq.exe
  C:\Windows\System\VoDvGuq.exe
  2⤵
  PID:2396
- C:\Windows\System\YWnOJcB.exe
  C:\Windows\System\YWnOJcB.exe
  2⤵
  PID:1420
- C:\Windows\System\upcaldx.exe
  C:\Windows\System\upcaldx.exe
  2⤵
  PID:2068
- C:\Windows\System\PJbzHQn.exe
  C:\Windows\System\PJbzHQn.exe
  2⤵
  PID:1572
- C:\Windows\System\Aoiiikb.exe
  C:\Windows\System\Aoiiikb.exe
  2⤵
  PID:1672
- C:\Windows\System\GYLaCbv.exe
  C:\Windows\System\GYLaCbv.exe
  2⤵
  PID:2716
- C:\Windows\System\xebtpTH.exe
  C:\Windows\System\xebtpTH.exe
  2⤵
  PID:2316
- C:\Windows\System\BqYYkxj.exe
  C:\Windows\System\BqYYkxj.exe
  2⤵
  PID:2248
- C:\Windows\System\dFaCxLy.exe
  C:\Windows\System\dFaCxLy.exe
  2⤵
  PID:2388
- C:\Windows\System\JhhEXlG.exe
  C:\Windows\System\JhhEXlG.exe
  2⤵
  PID:916
- C:\Windows\System\DaoGdKz.exe
  C:\Windows\System\DaoGdKz.exe
  2⤵
  PID:2968
- C:\Windows\System\vYYfwZL.exe
  C:\Windows\System\vYYfwZL.exe
  2⤵
  PID:1928
- C:\Windows\System\PfAESiQ.exe
  C:\Windows\System\PfAESiQ.exe
  2⤵
  PID:1240
- C:\Windows\System\OaDHOaZ.exe
  C:\Windows\System\OaDHOaZ.exe
  2⤵
  PID:444
- C:\Windows\System\xWcMvUM.exe
  C:\Windows\System\xWcMvUM.exe
  2⤵
  PID:1624
- C:\Windows\System\kFEGSyT.exe
  C:\Windows\System\kFEGSyT.exe
  2⤵
  PID:1056
- C:\Windows\System\wkUksLV.exe
  C:\Windows\System\wkUksLV.exe
  2⤵
  PID:840
- C:\Windows\System\XYacrBt.exe
  C:\Windows\System\XYacrBt.exe
  2⤵
  PID:3080
- C:\Windows\System\sSPaYit.exe
  C:\Windows\System\sSPaYit.exe
  2⤵
  PID:3096
- C:\Windows\System\kgNtDIZ.exe
  C:\Windows\System\kgNtDIZ.exe
  2⤵
  PID:3112
- C:\Windows\System\oyjgjKP.exe
  C:\Windows\System\oyjgjKP.exe
  2⤵
  PID:3128
- C:\Windows\System\OtNyZlB.exe
  C:\Windows\System\OtNyZlB.exe
  2⤵
  PID:3144
- C:\Windows\System\klRIwQu.exe
  C:\Windows\System\klRIwQu.exe
  2⤵
  PID:3160
- C:\Windows\System\WeoCAYn.exe
  C:\Windows\System\WeoCAYn.exe
  2⤵
  PID:3176
- C:\Windows\System\HMaQwgA.exe
  C:\Windows\System\HMaQwgA.exe
  2⤵
  PID:3192
- C:\Windows\System\OnQNgxM.exe
  C:\Windows\System\OnQNgxM.exe
  2⤵
  PID:3208
- C:\Windows\System\cDBECfA.exe
  C:\Windows\System\cDBECfA.exe
  2⤵
  PID:3224
- C:\Windows\System\EbVWYYa.exe
  C:\Windows\System\EbVWYYa.exe
  2⤵
  PID:3240
- C:\Windows\System\knxQLNU.exe
  C:\Windows\System\knxQLNU.exe
  2⤵
  PID:3256
- C:\Windows\System\CxpeFgM.exe
  C:\Windows\System\CxpeFgM.exe
  2⤵
  PID:3272
- C:\Windows\System\wrrErac.exe
  C:\Windows\System\wrrErac.exe
  2⤵
  PID:3288
- C:\Windows\System\IzSJiKA.exe
  C:\Windows\System\IzSJiKA.exe
  2⤵
  PID:3304
- C:\Windows\System\IpGlmol.exe
  C:\Windows\System\IpGlmol.exe
  2⤵
  PID:3320
- C:\Windows\System\YKNfovW.exe
  C:\Windows\System\YKNfovW.exe
  2⤵
  PID:3336
- C:\Windows\System\YAHbZfL.exe
  C:\Windows\System\YAHbZfL.exe
  2⤵
  PID:3352
- C:\Windows\System\gtUbZtd.exe
  C:\Windows\System\gtUbZtd.exe
  2⤵
  PID:3368
- C:\Windows\System\zZwzHbS.exe
  C:\Windows\System\zZwzHbS.exe
  2⤵
  PID:3384
- C:\Windows\System\XSwNOJc.exe
  C:\Windows\System\XSwNOJc.exe
  2⤵
  PID:3400
- C:\Windows\System\fIxDAeD.exe
  C:\Windows\System\fIxDAeD.exe
  2⤵
  PID:3416
- C:\Windows\System\bKHGoYw.exe
  C:\Windows\System\bKHGoYw.exe
  2⤵
  PID:3432
- C:\Windows\System\kjRrHIk.exe
  C:\Windows\System\kjRrHIk.exe
  2⤵
  PID:3448
- C:\Windows\System\SyqVVUm.exe
  C:\Windows\System\SyqVVUm.exe
  2⤵
  PID:3464
- C:\Windows\System\ViChztK.exe
  C:\Windows\System\ViChztK.exe
  2⤵
  PID:3480
- C:\Windows\System\wlGEXcg.exe
  C:\Windows\System\wlGEXcg.exe
  2⤵
  PID:3496
- C:\Windows\System\uLvbTDo.exe
  C:\Windows\System\uLvbTDo.exe
  2⤵
  PID:3516
- C:\Windows\System\RGsMtTR.exe
  C:\Windows\System\RGsMtTR.exe
  2⤵
  PID:3532
- C:\Windows\System\eZYMLHZ.exe
  C:\Windows\System\eZYMLHZ.exe
  2⤵
  PID:3548
- C:\Windows\System\kXmnvRI.exe
  C:\Windows\System\kXmnvRI.exe
  2⤵
  PID:3564
- C:\Windows\System\osFbHHy.exe
  C:\Windows\System\osFbHHy.exe
  2⤵
  PID:3580
- C:\Windows\System\JlEAFGV.exe
  C:\Windows\System\JlEAFGV.exe
  2⤵
  PID:3596
- C:\Windows\System\FUKfqsL.exe
  C:\Windows\System\FUKfqsL.exe
  2⤵
  PID:3612
- C:\Windows\System\SnKTbLs.exe
  C:\Windows\System\SnKTbLs.exe
  2⤵
  PID:3628
- C:\Windows\System\ByGYTiT.exe
  C:\Windows\System\ByGYTiT.exe
  2⤵
  PID:3644
- C:\Windows\System\oWkCbDU.exe
  C:\Windows\System\oWkCbDU.exe
  2⤵
  PID:3660
- C:\Windows\System\DhzjyKl.exe
  C:\Windows\System\DhzjyKl.exe
  2⤵
  PID:3680
- C:\Windows\System\MMNdNPO.exe
  C:\Windows\System\MMNdNPO.exe
  2⤵
  PID:3696
- C:\Windows\System\VJWikgV.exe
  C:\Windows\System\VJWikgV.exe
  2⤵
  PID:3712
- C:\Windows\System\tMOVSCU.exe
  C:\Windows\System\tMOVSCU.exe
  2⤵
  PID:3728
- C:\Windows\System\NkHPRJA.exe
  C:\Windows\System\NkHPRJA.exe
  2⤵
  PID:3744
- C:\Windows\System\YpTyNGb.exe
  C:\Windows\System\YpTyNGb.exe
  2⤵
  PID:3760
- C:\Windows\System\sfEXbcV.exe
  C:\Windows\System\sfEXbcV.exe
  2⤵
  PID:3776
- C:\Windows\System\gIWQVBj.exe
  C:\Windows\System\gIWQVBj.exe
  2⤵
  PID:3792
- C:\Windows\System\DQgKBIz.exe
  C:\Windows\System\DQgKBIz.exe
  2⤵
  PID:3808
- C:\Windows\System\oigXVtM.exe
  C:\Windows\System\oigXVtM.exe
  2⤵
  PID:3824
- C:\Windows\System\REFsYPj.exe
  C:\Windows\System\REFsYPj.exe
  2⤵
  PID:3840
- C:\Windows\System\YpPJBwD.exe
  C:\Windows\System\YpPJBwD.exe
  2⤵
  PID:3856
- C:\Windows\System\BWezlSF.exe
  C:\Windows\System\BWezlSF.exe
  2⤵
  PID:3872
- C:\Windows\System\JbxJjMX.exe
  C:\Windows\System\JbxJjMX.exe
  2⤵
  PID:3888
- C:\Windows\System\grydDmJ.exe
  C:\Windows\System\grydDmJ.exe
  2⤵
  PID:3904
- C:\Windows\System\iTJTNgS.exe
  C:\Windows\System\iTJTNgS.exe
  2⤵
  PID:3920
- C:\Windows\System\bGkoeHY.exe
  C:\Windows\System\bGkoeHY.exe
  2⤵
  PID:3936
- C:\Windows\System\stdeLpc.exe
  C:\Windows\System\stdeLpc.exe
  2⤵
  PID:3952
- C:\Windows\System\JmbBOXc.exe
  C:\Windows\System\JmbBOXc.exe
  2⤵
  PID:3968
- C:\Windows\System\PRNKcbH.exe
  C:\Windows\System\PRNKcbH.exe
  2⤵
  PID:3984
- C:\Windows\System\yJSLlHD.exe
  C:\Windows\System\yJSLlHD.exe
  2⤵
  PID:4000
- C:\Windows\System\LfDiEUk.exe
  C:\Windows\System\LfDiEUk.exe
  2⤵
  PID:4016
- C:\Windows\System\XKpFdCP.exe
  C:\Windows\System\XKpFdCP.exe
  2⤵
  PID:4032
- C:\Windows\System\ndeAYRB.exe
  C:\Windows\System\ndeAYRB.exe
  2⤵
  PID:4048
- C:\Windows\System\lVYwcJv.exe
  C:\Windows\System\lVYwcJv.exe
  2⤵
  PID:4064
- C:\Windows\System\YXKJYeL.exe
  C:\Windows\System\YXKJYeL.exe
  2⤵
  PID:4080
- C:\Windows\System\RYYCkcJ.exe
  C:\Windows\System\RYYCkcJ.exe
  2⤵
  PID:564
- C:\Windows\System\QMUlnFM.exe
  C:\Windows\System\QMUlnFM.exe
  2⤵
  PID:2460
- C:\Windows\System\mbDCyWk.exe
  C:\Windows\System\mbDCyWk.exe
  2⤵
  PID:376
- C:\Windows\System\kbuhBlJ.exe
  C:\Windows\System\kbuhBlJ.exe
  2⤵
  PID:2268
- C:\Windows\System\SAnqtqx.exe
  C:\Windows\System\SAnqtqx.exe
  2⤵
  PID:1600
- C:\Windows\System\SeAWfDd.exe
  C:\Windows\System\SeAWfDd.exe
  2⤵
  PID:2648
- C:\Windows\System\iykcxwc.exe
  C:\Windows\System\iykcxwc.exe
  2⤵
  PID:2752
- C:\Windows\System\eHWqrBL.exe
  C:\Windows\System\eHWqrBL.exe
  2⤵
  PID:1828
- C:\Windows\System\nFxGimD.exe
  C:\Windows\System\nFxGimD.exe
  2⤵
  PID:2156
- C:\Windows\System\ZYOpecj.exe
  C:\Windows\System\ZYOpecj.exe
  2⤵
  PID:2924
- C:\Windows\System\Qqdfffn.exe
  C:\Windows\System\Qqdfffn.exe
  2⤵
  PID:1320
- C:\Windows\System\JejyuuC.exe
  C:\Windows\System\JejyuuC.exe
  2⤵
  PID:3088
- C:\Windows\System\dAofPBq.exe
  C:\Windows\System\dAofPBq.exe
  2⤵
  PID:3120
- C:\Windows\System\QYdbzht.exe
  C:\Windows\System\QYdbzht.exe
  2⤵
  PID:3152
- C:\Windows\System\AkkWpMh.exe
  C:\Windows\System\AkkWpMh.exe
  2⤵
  PID:3188
- C:\Windows\System\XStqnOg.exe
  C:\Windows\System\XStqnOg.exe
  2⤵
  PID:3220
- C:\Windows\System\MsXSlee.exe
  C:\Windows\System\MsXSlee.exe
  2⤵
  PID:3252
- C:\Windows\System\qRFLKYg.exe
  C:\Windows\System\qRFLKYg.exe
  2⤵
  PID:3284
- C:\Windows\System\gOOtRLF.exe
  C:\Windows\System\gOOtRLF.exe
  2⤵
  PID:3316
- C:\Windows\System\xXregIj.exe
  C:\Windows\System\xXregIj.exe
  2⤵
  PID:3348
- C:\Windows\System\gkUzBXd.exe
  C:\Windows\System\gkUzBXd.exe
  2⤵
  PID:3380
- C:\Windows\System\EodCqyX.exe
  C:\Windows\System\EodCqyX.exe
  2⤵
  PID:3412
- C:\Windows\System\LsnizzN.exe
  C:\Windows\System\LsnizzN.exe
  2⤵
  PID:3456
- C:\Windows\System\SDpjPoI.exe
  C:\Windows\System\SDpjPoI.exe
  2⤵
  PID:3488
- C:\Windows\System\zukDneP.exe
  C:\Windows\System\zukDneP.exe
  2⤵
  PID:3512
- C:\Windows\System\IcspLJO.exe
  C:\Windows\System\IcspLJO.exe
  2⤵
  PID:3544
- C:\Windows\System\gnDGImm.exe
  C:\Windows\System\gnDGImm.exe
  2⤵
  PID:3576
- C:\Windows\System\lmYScjR.exe
  C:\Windows\System\lmYScjR.exe
  2⤵
  PID:3604
- C:\Windows\System\qvereOC.exe
  C:\Windows\System\qvereOC.exe
  2⤵
  PID:3636
- C:\Windows\System\JWLvzrW.exe
  C:\Windows\System\JWLvzrW.exe
  2⤵
  PID:3668
- C:\Windows\System\RmhyNrf.exe
  C:\Windows\System\RmhyNrf.exe
  2⤵
  PID:3704
- C:\Windows\System\pJseGSY.exe
  C:\Windows\System\pJseGSY.exe
  2⤵
  PID:3736
- C:\Windows\System\GsplgDm.exe
  C:\Windows\System\GsplgDm.exe
  2⤵
  PID:3768
- C:\Windows\System\rVlpnHV.exe
  C:\Windows\System\rVlpnHV.exe
  2⤵
  PID:3800
- C:\Windows\System\JuuRvqL.exe
  C:\Windows\System\JuuRvqL.exe
  2⤵
  PID:3832
- C:\Windows\System\oDYYZed.exe
  C:\Windows\System\oDYYZed.exe
  2⤵
  PID:3864
- C:\Windows\System\ggxSATO.exe
  C:\Windows\System\ggxSATO.exe
  2⤵
  PID:3896
- C:\Windows\System\sKJqLtQ.exe
  C:\Windows\System\sKJqLtQ.exe
  2⤵
  PID:3928
- C:\Windows\System\iKeENzt.exe
  C:\Windows\System\iKeENzt.exe
  2⤵
  PID:3960
- C:\Windows\System\vjdRWLZ.exe
  C:\Windows\System\vjdRWLZ.exe
  2⤵
  PID:3992
- C:\Windows\System\lnBmBVO.exe
  C:\Windows\System\lnBmBVO.exe
  2⤵
  PID:4024
- C:\Windows\System\EMlQEDK.exe
  C:\Windows\System\EMlQEDK.exe
  2⤵
  PID:4056
- C:\Windows\System\xWGJIdH.exe
  C:\Windows\System\xWGJIdH.exe
  2⤵
  PID:4088
- C:\Windows\System\LbHKYMq.exe
  C:\Windows\System\LbHKYMq.exe
  2⤵
  PID:1544
- C:\Windows\System\JKcsrOV.exe
  C:\Windows\System\JKcsrOV.exe
  2⤵
  PID:2492
- C:\Windows\System\gjSvnrm.exe
  C:\Windows\System\gjSvnrm.exe
  2⤵
  PID:2864
- C:\Windows\System\TDorjYD.exe
  C:\Windows\System\TDorjYD.exe
  2⤵
  PID:2996
- C:\Windows\System\BRKIFhN.exe
  C:\Windows\System\BRKIFhN.exe
  2⤵
  PID:1652
- C:\Windows\System\duRxpdY.exe
  C:\Windows\System\duRxpdY.exe
  2⤵
  PID:3104
- C:\Windows\System\vBfeSjG.exe
  C:\Windows\System\vBfeSjG.exe
  2⤵
  PID:3168
- C:\Windows\System\jRCSpcN.exe
  C:\Windows\System\jRCSpcN.exe
  2⤵
  PID:3236
- C:\Windows\System\gGNultL.exe
  C:\Windows\System\gGNultL.exe
  2⤵
  PID:3300
- C:\Windows\System\featoum.exe
  C:\Windows\System\featoum.exe
  2⤵
  PID:3364
- C:\Windows\System\TbBHGxI.exe
  C:\Windows\System\TbBHGxI.exe
  2⤵
  PID:3428
- C:\Windows\System\ZeZskpX.exe
  C:\Windows\System\ZeZskpX.exe
  2⤵
  PID:3472
- C:\Windows\System\VMBuWcg.exe
  C:\Windows\System\VMBuWcg.exe
  2⤵
  PID:4100
- C:\Windows\System\fCqDCkg.exe
  C:\Windows\System\fCqDCkg.exe
  2⤵
  PID:4116
- C:\Windows\System\VQEtdvu.exe
  C:\Windows\System\VQEtdvu.exe
  2⤵
  PID:4132
- C:\Windows\System\OidRTrr.exe
  C:\Windows\System\OidRTrr.exe
  2⤵
  PID:4148
- C:\Windows\System\AnoxTTF.exe
  C:\Windows\System\AnoxTTF.exe
  2⤵
  PID:4164
- C:\Windows\System\apBDQnF.exe
  C:\Windows\System\apBDQnF.exe
  2⤵
  PID:4184
- C:\Windows\System\GSmBVDT.exe
  C:\Windows\System\GSmBVDT.exe
  2⤵
  PID:4200
- C:\Windows\System\sAUqdIY.exe
  C:\Windows\System\sAUqdIY.exe
  2⤵
  PID:4216
- C:\Windows\System\GUwJmAj.exe
  C:\Windows\System\GUwJmAj.exe
  2⤵
  PID:4232
- C:\Windows\System\frDnGst.exe
  C:\Windows\System\frDnGst.exe
  2⤵
  PID:4248
- C:\Windows\System\WtlzcCd.exe
  C:\Windows\System\WtlzcCd.exe
  2⤵
  PID:4268
- C:\Windows\System\NdoNRlW.exe
  C:\Windows\System\NdoNRlW.exe
  2⤵
  PID:4284
- C:\Windows\System\GENYDiF.exe
  C:\Windows\System\GENYDiF.exe
  2⤵
  PID:4300
- C:\Windows\System\WSVBVQx.exe
  C:\Windows\System\WSVBVQx.exe
  2⤵
  PID:4316
- C:\Windows\System\SaMZTVZ.exe
  C:\Windows\System\SaMZTVZ.exe
  2⤵
  PID:4332
- C:\Windows\System\nPGNHOc.exe
  C:\Windows\System\nPGNHOc.exe
  2⤵
  PID:4348
- C:\Windows\System\ksVIIoo.exe
  C:\Windows\System\ksVIIoo.exe
  2⤵
  PID:4364
- C:\Windows\System\xkugPEu.exe
  C:\Windows\System\xkugPEu.exe
  2⤵
  PID:4380
- C:\Windows\System\rCDmRsd.exe
  C:\Windows\System\rCDmRsd.exe
  2⤵
  PID:4396
- C:\Windows\System\pbjJHKW.exe
  C:\Windows\System\pbjJHKW.exe
  2⤵
  PID:4412
- C:\Windows\System\wvqaLIN.exe
  C:\Windows\System\wvqaLIN.exe
  2⤵
  PID:4428
- C:\Windows\System\opmnfbK.exe
  C:\Windows\System\opmnfbK.exe
  2⤵
  PID:4444
- C:\Windows\System\eAmjJJa.exe
  C:\Windows\System\eAmjJJa.exe
  2⤵
  PID:4460
- C:\Windows\System\gxOGwTp.exe
  C:\Windows\System\gxOGwTp.exe
  2⤵
  PID:4476
- C:\Windows\System\JgcbGHK.exe
  C:\Windows\System\JgcbGHK.exe
  2⤵
  PID:4492
- C:\Windows\System\xpeJDbv.exe
  C:\Windows\System\xpeJDbv.exe
  2⤵
  PID:4508
- C:\Windows\System\yNtNFAN.exe
  C:\Windows\System\yNtNFAN.exe
  2⤵
  PID:4524
- C:\Windows\System\NzzewWT.exe
  C:\Windows\System\NzzewWT.exe
  2⤵
  PID:4540
- C:\Windows\System\eoDFens.exe
  C:\Windows\System\eoDFens.exe
  2⤵
  PID:4556
- C:\Windows\System\kIkrBoq.exe
  C:\Windows\System\kIkrBoq.exe
  2⤵
  PID:4572
- C:\Windows\System\xcgSgga.exe
  C:\Windows\System\xcgSgga.exe
  2⤵
  PID:4588
- C:\Windows\System\tYEGzGs.exe
  C:\Windows\System\tYEGzGs.exe
  2⤵
  PID:4604
- C:\Windows\System\fFLtTxK.exe
  C:\Windows\System\fFLtTxK.exe
  2⤵
  PID:4620
- C:\Windows\System\fOEvqwd.exe
  C:\Windows\System\fOEvqwd.exe
  2⤵
  PID:4636
- C:\Windows\System\NOFXwYQ.exe
  C:\Windows\System\NOFXwYQ.exe
  2⤵
  PID:4652
- C:\Windows\System\EnVfTPe.exe
  C:\Windows\System\EnVfTPe.exe
  2⤵
  PID:4668
- C:\Windows\System\yWXIpzF.exe
  C:\Windows\System\yWXIpzF.exe
  2⤵
  PID:4684
- C:\Windows\System\kpsTtOK.exe
  C:\Windows\System\kpsTtOK.exe
  2⤵
  PID:4700
- C:\Windows\System\GsMlXgK.exe
  C:\Windows\System\GsMlXgK.exe
  2⤵
  PID:4716
- C:\Windows\System\fwXGKAS.exe
  C:\Windows\System\fwXGKAS.exe
  2⤵
  PID:4732
- C:\Windows\System\MepfbVt.exe
  C:\Windows\System\MepfbVt.exe
  2⤵
  PID:4748
- C:\Windows\System\MtepUsq.exe
  C:\Windows\System\MtepUsq.exe
  2⤵
  PID:4764
- C:\Windows\System\KiCPTKj.exe
  C:\Windows\System\KiCPTKj.exe
  2⤵
  PID:4780
- C:\Windows\System\qhBWign.exe
  C:\Windows\System\qhBWign.exe
  2⤵
  PID:4796
- C:\Windows\System\AhktKBf.exe
  C:\Windows\System\AhktKBf.exe
  2⤵
  PID:4812
- C:\Windows\System\OGnOKKP.exe
  C:\Windows\System\OGnOKKP.exe
  2⤵
  PID:4828
- C:\Windows\System\BZBBxfb.exe
  C:\Windows\System\BZBBxfb.exe
  2⤵
  PID:4844
- C:\Windows\System\gzoldKR.exe
  C:\Windows\System\gzoldKR.exe
  2⤵
  PID:4860
- C:\Windows\System\hLRVCVx.exe
  C:\Windows\System\hLRVCVx.exe
  2⤵
  PID:4880
- C:\Windows\System\MXnBkxC.exe
  C:\Windows\System\MXnBkxC.exe
  2⤵
  PID:4896
- C:\Windows\System\RYwwLmX.exe
  C:\Windows\System\RYwwLmX.exe
  2⤵
  PID:4912
- C:\Windows\System\yqjuVwl.exe
  C:\Windows\System\yqjuVwl.exe
  2⤵
  PID:4928
- C:\Windows\System\ZnZZqeu.exe
  C:\Windows\System\ZnZZqeu.exe
  2⤵
  PID:4944
- C:\Windows\System\bZcDcjc.exe
  C:\Windows\System\bZcDcjc.exe
  2⤵
  PID:4960
- C:\Windows\System\ZJcBYCR.exe
  C:\Windows\System\ZJcBYCR.exe
  2⤵
  PID:4976
- C:\Windows\System\KWjRaHB.exe
  C:\Windows\System\KWjRaHB.exe
  2⤵
  PID:4992
- C:\Windows\System\csZGtIw.exe
  C:\Windows\System\csZGtIw.exe
  2⤵
  PID:5008
- C:\Windows\System\PqyIwyN.exe
  C:\Windows\System\PqyIwyN.exe
  2⤵
  PID:5024
- C:\Windows\System\VRGUjfr.exe
  C:\Windows\System\VRGUjfr.exe
  2⤵
  PID:5040
- C:\Windows\System\jKIFKCh.exe
  C:\Windows\System\jKIFKCh.exe
  2⤵
  PID:5056
- C:\Windows\System\MQmjKeu.exe
  C:\Windows\System\MQmjKeu.exe
  2⤵
  PID:5072
- C:\Windows\System\wBNmdVP.exe
  C:\Windows\System\wBNmdVP.exe
  2⤵
  PID:5088
- C:\Windows\System\xOrDpHH.exe
  C:\Windows\System\xOrDpHH.exe
  2⤵
  PID:5104
- C:\Windows\System\EOGlOKL.exe
  C:\Windows\System\EOGlOKL.exe
  2⤵
  PID:3560
- C:\Windows\System\CgVvuUM.exe
  C:\Windows\System\CgVvuUM.exe
  2⤵
  PID:3624
- C:\Windows\System\VLvcoot.exe
  C:\Windows\System\VLvcoot.exe
  2⤵
  PID:3724
- C:\Windows\System\ZojpQtX.exe
  C:\Windows\System\ZojpQtX.exe
  2⤵
  PID:3788
- C:\Windows\System\KgDdMwH.exe
  C:\Windows\System\KgDdMwH.exe
  2⤵
  PID:3852
- C:\Windows\System\uiqmhmF.exe
  C:\Windows\System\uiqmhmF.exe
  2⤵
  PID:3916
- C:\Windows\System\YsxWUzX.exe
  C:\Windows\System\YsxWUzX.exe
  2⤵
  PID:3980
- C:\Windows\System\ddXUoGi.exe
  C:\Windows\System\ddXUoGi.exe
  2⤵
  PID:4044
- C:\Windows\System\RgnUYFa.exe
  C:\Windows\System\RgnUYFa.exe
  2⤵
  PID:1944
- C:\Windows\System\DidWlwW.exe
  C:\Windows\System\DidWlwW.exe
  2⤵
  PID:2756
- C:\Windows\System\JXOHjRk.exe
  C:\Windows\System\JXOHjRk.exe
  2⤵
  PID:912
- C:\Windows\System\bJpuCuU.exe
  C:\Windows\System\bJpuCuU.exe
  2⤵
  PID:3204
- C:\Windows\System\VmDnsVc.exe
  C:\Windows\System\VmDnsVc.exe
  2⤵
  PID:872
- C:\Windows\System\bjaOKDY.exe
  C:\Windows\System\bjaOKDY.exe
  2⤵
  PID:3408
- C:\Windows\System\lcIOcsu.exe
  C:\Windows\System\lcIOcsu.exe
  2⤵
  PID:3504
- C:\Windows\System\nPWoXwE.exe
  C:\Windows\System\nPWoXwE.exe
  2⤵
  PID:4140
- C:\Windows\System\eFLItiF.exe
  C:\Windows\System\eFLItiF.exe
  2⤵
  PID:4180
- C:\Windows\System\hiKgJRM.exe
  C:\Windows\System\hiKgJRM.exe
  2⤵
  PID:4212
- C:\Windows\System\HJEFSjA.exe
  C:\Windows\System\HJEFSjA.exe
  2⤵
  PID:4244
- C:\Windows\System\gEYwwPs.exe
  C:\Windows\System\gEYwwPs.exe
  2⤵
  PID:4308
- C:\Windows\System\aLamuKg.exe
  C:\Windows\System\aLamuKg.exe
  2⤵
  PID:4340
- C:\Windows\System\Taeoiix.exe
  C:\Windows\System\Taeoiix.exe
  2⤵
  PID:4372
- C:\Windows\System\ifgFwnD.exe
  C:\Windows\System\ifgFwnD.exe
  2⤵
  PID:4408
- C:\Windows\System\uSRbJyK.exe
  C:\Windows\System\uSRbJyK.exe
  2⤵
  PID:4440
- C:\Windows\System\SvPHbQG.exe
  C:\Windows\System\SvPHbQG.exe
  2⤵
  PID:4468
- C:\Windows\System\GHKBBju.exe
  C:\Windows\System\GHKBBju.exe
  2⤵
  PID:4500
- C:\Windows\System\aUCoYBH.exe
  C:\Windows\System\aUCoYBH.exe
  2⤵
  PID:4548
- C:\Windows\System\ZgYnRlH.exe
  C:\Windows\System\ZgYnRlH.exe
  2⤵
  PID:4568
- C:\Windows\System\HFJqxGJ.exe
  C:\Windows\System\HFJqxGJ.exe
  2⤵
  PID:4600
- C:\Windows\System\snRPDrx.exe
  C:\Windows\System\snRPDrx.exe
  2⤵
  PID:4644
- C:\Windows\System\XPnBRIx.exe
  C:\Windows\System\XPnBRIx.exe
  2⤵
  PID:4664
- C:\Windows\System\jyJGlpk.exe
  C:\Windows\System\jyJGlpk.exe
  2⤵
  PID:4708
- C:\Windows\System\KxIccsF.exe
  C:\Windows\System\KxIccsF.exe
  2⤵
  PID:4740
- C:\Windows\System\yiBQjJO.exe
  C:\Windows\System\yiBQjJO.exe
  2⤵
  PID:4772
- C:\Windows\System\DthRovv.exe
  C:\Windows\System\DthRovv.exe
  2⤵
  PID:4804
- C:\Windows\System\FUhxnNj.exe
  C:\Windows\System\FUhxnNj.exe
  2⤵
  PID:4836
- C:\Windows\System\EdJqCHp.exe
  C:\Windows\System\EdJqCHp.exe
  2⤵
  PID:4868
- C:\Windows\System\VUwWIml.exe
  C:\Windows\System\VUwWIml.exe
  2⤵
  PID:4892
- C:\Windows\System\dqqtGtM.exe
  C:\Windows\System\dqqtGtM.exe
  2⤵
  PID:4924
- C:\Windows\System\EkXilRn.exe
  C:\Windows\System\EkXilRn.exe
  2⤵
  PID:4956
- C:\Windows\System\EhTPJpc.exe
  C:\Windows\System\EhTPJpc.exe
  2⤵
  PID:4988
- C:\Windows\System\vACNACU.exe
  C:\Windows\System\vACNACU.exe
  2⤵
  PID:5020
- C:\Windows\System\KJYpSsZ.exe
  C:\Windows\System\KJYpSsZ.exe
  2⤵
  PID:5064
- C:\Windows\System\xvODmzf.exe
  C:\Windows\System\xvODmzf.exe
  2⤵
  PID:5096
- C:\Windows\System\QLdqUKP.exe
  C:\Windows\System\QLdqUKP.exe
  2⤵
  PID:5116
- C:\Windows\System\gueJhIw.exe
  C:\Windows\System\gueJhIw.exe
  2⤵
  PID:3756
- C:\Windows\System\KxGwUPl.exe
  C:\Windows\System\KxGwUPl.exe
  2⤵
  PID:3900
- C:\Windows\System\aFhrJue.exe
  C:\Windows\System\aFhrJue.exe
  2⤵
  PID:4040
- C:\Windows\System\lktwarQ.exe
  C:\Windows\System\lktwarQ.exe
  2⤵
  PID:468
- C:\Windows\System\FetnkFr.exe
  C:\Windows\System\FetnkFr.exe
  2⤵
  PID:3076
- C:\Windows\System\JhWzvNe.exe
  C:\Windows\System\JhWzvNe.exe
  2⤵
  PID:3268
- C:\Windows\System\doalDEM.exe
  C:\Windows\System\doalDEM.exe
  2⤵
  PID:3528
- C:\Windows\System\QwdHZow.exe
  C:\Windows\System\QwdHZow.exe
  2⤵
  PID:4160
- C:\Windows\System\tNxjTtB.exe
  C:\Windows\System\tNxjTtB.exe
  2⤵
  PID:4260
- C:\Windows\System\VJUPZTU.exe
  C:\Windows\System\VJUPZTU.exe
  2⤵
  PID:4344
- C:\Windows\System\DhEyrtz.exe
  C:\Windows\System\DhEyrtz.exe
  2⤵
  PID:4424
- C:\Windows\System\TeBEOHR.exe
  C:\Windows\System\TeBEOHR.exe
  2⤵
  PID:4484
- C:\Windows\System\unWRnUA.exe
  C:\Windows\System\unWRnUA.exe
  2⤵
  PID:4552
- C:\Windows\System\YEtXGcV.exe
  C:\Windows\System\YEtXGcV.exe
  2⤵
  PID:5128
- C:\Windows\System\NkeKdam.exe
  C:\Windows\System\NkeKdam.exe
  2⤵
  PID:5144
- C:\Windows\System\nmnaPwl.exe
  C:\Windows\System\nmnaPwl.exe
  2⤵
  PID:5160
- C:\Windows\System\IIJmuMF.exe
  C:\Windows\System\IIJmuMF.exe
  2⤵
  PID:5176
- C:\Windows\System\oNRZzVP.exe
  C:\Windows\System\oNRZzVP.exe
  2⤵
  PID:5192
- C:\Windows\System\gfiGAEx.exe
  C:\Windows\System\gfiGAEx.exe
  2⤵
  PID:5208
- C:\Windows\System\DvLfFdM.exe
  C:\Windows\System\DvLfFdM.exe
  2⤵
  PID:5224
- C:\Windows\System\ZowZvnL.exe
  C:\Windows\System\ZowZvnL.exe
  2⤵
  PID:5240
- C:\Windows\System\jjqwVMx.exe
  C:\Windows\System\jjqwVMx.exe
  2⤵
  PID:5256
- C:\Windows\System\sgxjydN.exe
  C:\Windows\System\sgxjydN.exe
  2⤵
  PID:5272
- C:\Windows\System\HNRYAhe.exe
  C:\Windows\System\HNRYAhe.exe
  2⤵
  PID:5288
- C:\Windows\System\hHaHBqR.exe
  C:\Windows\System\hHaHBqR.exe
  2⤵
  PID:5304
- C:\Windows\System\YHBbdEI.exe
  C:\Windows\System\YHBbdEI.exe
  2⤵
  PID:5320
- C:\Windows\System\tCGnaFo.exe
  C:\Windows\System\tCGnaFo.exe
  2⤵
  PID:5340
- C:\Windows\System\dURQucb.exe
  C:\Windows\System\dURQucb.exe
  2⤵
  PID:5356
- C:\Windows\System\fImlkOJ.exe
  C:\Windows\System\fImlkOJ.exe
  2⤵
  PID:5372
- C:\Windows\System\YWIHiOE.exe
  C:\Windows\System\YWIHiOE.exe
  2⤵
  PID:5388
- C:\Windows\System\zytisBw.exe
  C:\Windows\System\zytisBw.exe
  2⤵
  PID:5404
- C:\Windows\System\hdABlxp.exe
  C:\Windows\System\hdABlxp.exe
  2⤵
  PID:5420
- C:\Windows\System\utkkxEv.exe
  C:\Windows\System\utkkxEv.exe
  2⤵
  PID:5436
- C:\Windows\System\rLFENOR.exe
  C:\Windows\System\rLFENOR.exe
  2⤵
  PID:5452
- C:\Windows\System\traZxGz.exe
  C:\Windows\System\traZxGz.exe
  2⤵
  PID:5468
- C:\Windows\System\EqhHIgg.exe
  C:\Windows\System\EqhHIgg.exe
  2⤵
  PID:5484
- C:\Windows\System\FkUsvcs.exe
  C:\Windows\System\FkUsvcs.exe
  2⤵
  PID:5500
- C:\Windows\System\KAQRXZO.exe
  C:\Windows\System\KAQRXZO.exe
  2⤵
  PID:5516
- C:\Windows\System\oiwoQzY.exe
  C:\Windows\System\oiwoQzY.exe
  2⤵
  PID:5532
- C:\Windows\System\UsgenCj.exe
  C:\Windows\System\UsgenCj.exe
  2⤵
  PID:5548
- C:\Windows\System\rEBFgtw.exe
  C:\Windows\System\rEBFgtw.exe
  2⤵
  PID:5564
- C:\Windows\System\HwGDKiq.exe
  C:\Windows\System\HwGDKiq.exe
  2⤵
  PID:5580
- C:\Windows\System\GzqqDLy.exe
  C:\Windows\System\GzqqDLy.exe
  2⤵
  PID:5596
- C:\Windows\System\WUDhjkg.exe
  C:\Windows\System\WUDhjkg.exe
  2⤵
  PID:5612
- C:\Windows\System\dKzZIcD.exe
  C:\Windows\System\dKzZIcD.exe
  2⤵
  PID:5628
- C:\Windows\System\VVkPrHv.exe
  C:\Windows\System\VVkPrHv.exe
  2⤵
  PID:5644
- C:\Windows\System\LETClFq.exe
  C:\Windows\System\LETClFq.exe
  2⤵
  PID:5660
- C:\Windows\System\lhyNRvG.exe
  C:\Windows\System\lhyNRvG.exe
  2⤵
  PID:5676
- C:\Windows\System\LnNEmeS.exe
  C:\Windows\System\LnNEmeS.exe
  2⤵
  PID:5692
- C:\Windows\System\ULOkRWt.exe
  C:\Windows\System\ULOkRWt.exe
  2⤵
  PID:5708
- C:\Windows\System\GKXchjx.exe
  C:\Windows\System\GKXchjx.exe
  2⤵
  PID:5724
- C:\Windows\System\adxzxwc.exe
  C:\Windows\System\adxzxwc.exe
  2⤵
  PID:5740
- C:\Windows\System\xMSNIWH.exe
  C:\Windows\System\xMSNIWH.exe
  2⤵
  PID:5756
- C:\Windows\System\oNwHstt.exe
  C:\Windows\System\oNwHstt.exe
  2⤵
  PID:5772
- C:\Windows\System\zqyxygg.exe
  C:\Windows\System\zqyxygg.exe
  2⤵
  PID:5788
- C:\Windows\System\ydbxrkc.exe
  C:\Windows\System\ydbxrkc.exe
  2⤵
  PID:5804
- C:\Windows\System\rkbyJWh.exe
  C:\Windows\System\rkbyJWh.exe
  2⤵
  PID:5820
- C:\Windows\System\kXPUPeT.exe
  C:\Windows\System\kXPUPeT.exe
  2⤵
  PID:5836
- C:\Windows\System\imfTTCX.exe
  C:\Windows\System\imfTTCX.exe
  2⤵
  PID:5852
- C:\Windows\System\LTAJIfX.exe
  C:\Windows\System\LTAJIfX.exe
  2⤵
  PID:5868
- C:\Windows\System\keDzyCd.exe
  C:\Windows\System\keDzyCd.exe
  2⤵
  PID:5884
- C:\Windows\System\SzxIHBU.exe
  C:\Windows\System\SzxIHBU.exe
  2⤵
  PID:5900
- C:\Windows\System\GbWQjyw.exe
  C:\Windows\System\GbWQjyw.exe
  2⤵
  PID:5916
- C:\Windows\System\rXqJMEi.exe
  C:\Windows\System\rXqJMEi.exe
  2⤵
  PID:5936
- C:\Windows\System\lYlcSUA.exe
  C:\Windows\System\lYlcSUA.exe
  2⤵
  PID:5952
- C:\Windows\System\FjvGjWo.exe
  C:\Windows\System\FjvGjWo.exe
  2⤵
  PID:5968
- C:\Windows\System\UgQkhpB.exe
  C:\Windows\System\UgQkhpB.exe
  2⤵
  PID:5984
- C:\Windows\System\QeKggGv.exe
  C:\Windows\System\QeKggGv.exe
  2⤵
  PID:6000
- C:\Windows\System\MigWynX.exe
  C:\Windows\System\MigWynX.exe
  2⤵
  PID:6016
- C:\Windows\System\SVvRASC.exe
  C:\Windows\System\SVvRASC.exe
  2⤵
  PID:6032
- C:\Windows\System\koIXnkg.exe
  C:\Windows\System\koIXnkg.exe
  2⤵
  PID:6048
- C:\Windows\System\WJZrIIV.exe
  C:\Windows\System\WJZrIIV.exe
  2⤵
  PID:6068
- C:\Windows\System\BOyUiLQ.exe
  C:\Windows\System\BOyUiLQ.exe
  2⤵
  PID:6084
- C:\Windows\System\BAoMrUh.exe
  C:\Windows\System\BAoMrUh.exe
  2⤵
  PID:6100
- C:\Windows\System\xOSOVIt.exe
  C:\Windows\System\xOSOVIt.exe
  2⤵
  PID:6116
- C:\Windows\System\jCMYiCr.exe
  C:\Windows\System\jCMYiCr.exe
  2⤵
  PID:6132
- C:\Windows\System\SagNhPW.exe
  C:\Windows\System\SagNhPW.exe
  2⤵
  PID:4616
- C:\Windows\System\LsCYzex.exe
  C:\Windows\System\LsCYzex.exe
  2⤵
  PID:4692
- C:\Windows\System\kMJyIKf.exe
  C:\Windows\System\kMJyIKf.exe
  2⤵
  PID:4756
- C:\Windows\System\TjEbCuk.exe
  C:\Windows\System\TjEbCuk.exe
  2⤵
  PID:4820
- C:\Windows\System\tSedNpL.exe
  C:\Windows\System\tSedNpL.exe
  2⤵
  PID:4920
- C:\Windows\System\DoPEWIg.exe
  C:\Windows\System\DoPEWIg.exe
  2⤵
  PID:4952
- C:\Windows\System\zzTUpme.exe
  C:\Windows\System\zzTUpme.exe
  2⤵
  PID:5016
- C:\Windows\System\cTznAhU.exe
  C:\Windows\System\cTznAhU.exe
  2⤵
  PID:5080
- C:\Windows\System\CzzosoP.exe
  C:\Windows\System\CzzosoP.exe
  2⤵
  PID:3656
- C:\Windows\System\ipaPFRU.exe
  C:\Windows\System\ipaPFRU.exe
  2⤵
  PID:3948
- C:\Windows\System\OADJGjB.exe
  C:\Windows\System\OADJGjB.exe
  2⤵
  PID:1640
- C:\Windows\System\IQCquad.exe
  C:\Windows\System\IQCquad.exe
  2⤵
  PID:3344
- C:\Windows\System\sivDERJ.exe
  C:\Windows\System\sivDERJ.exe
  2⤵
  PID:4228
- C:\Windows\System\OGMYKwu.exe
  C:\Windows\System\OGMYKwu.exe
  2⤵
  PID:4388
- C:\Windows\System\RBPBLEO.exe
  C:\Windows\System\RBPBLEO.exe
  2⤵
  PID:4516
- C:\Windows\System\cXfsutM.exe
  C:\Windows\System\cXfsutM.exe
  2⤵
  PID:5136
- C:\Windows\System\pqugoiv.exe
  C:\Windows\System\pqugoiv.exe
  2⤵
  PID:5168
- C:\Windows\System\TzftNbH.exe
  C:\Windows\System\TzftNbH.exe
  2⤵
  PID:5200
- C:\Windows\System\GDRLPxC.exe
  C:\Windows\System\GDRLPxC.exe
  2⤵
  PID:4208
- C:\Windows\System\iuudBqa.exe
  C:\Windows\System\iuudBqa.exe
  2⤵
  PID:5252
- C:\Windows\System\xYQcKCR.exe
  C:\Windows\System\xYQcKCR.exe
  2⤵
  PID:5284
- C:\Windows\System\jCrGunS.exe
  C:\Windows\System\jCrGunS.exe
  2⤵
  PID:5316
- C:\Windows\System\LhriNtN.exe
  C:\Windows\System\LhriNtN.exe
  2⤵
  PID:5352
- C:\Windows\System\NQSAEEJ.exe
  C:\Windows\System\NQSAEEJ.exe
  2⤵
  PID:5384
- C:\Windows\System\DpBhNZz.exe
  C:\Windows\System\DpBhNZz.exe
  2⤵
  PID:5416
- C:\Windows\System\JZFgYcH.exe
  C:\Windows\System\JZFgYcH.exe
  2⤵
  PID:5448
- C:\Windows\System\iwcxRCT.exe
  C:\Windows\System\iwcxRCT.exe
  2⤵
  PID:5480
- C:\Windows\System\zUqVjqs.exe
  C:\Windows\System\zUqVjqs.exe
  2⤵
  PID:5512
- C:\Windows\System\LDBKJwy.exe
  C:\Windows\System\LDBKJwy.exe
  2⤵
  PID:5544
- C:\Windows\System\WxnrxCK.exe
  C:\Windows\System\WxnrxCK.exe
  2⤵
  PID:5576
- C:\Windows\System\CSgbsQy.exe
  C:\Windows\System\CSgbsQy.exe
  2⤵
  PID:5608
- C:\Windows\System\KiLUUaQ.exe
  C:\Windows\System\KiLUUaQ.exe
  2⤵
  PID:5640
- C:\Windows\System\HBYSAMe.exe
  C:\Windows\System\HBYSAMe.exe
  2⤵
  PID:5672
- C:\Windows\System\PZjMZxX.exe
  C:\Windows\System\PZjMZxX.exe
  2⤵
  PID:5704
- C:\Windows\System\PsWvWCn.exe
  C:\Windows\System\PsWvWCn.exe
  2⤵
  PID:5736
- C:\Windows\System\gMvsHTD.exe
  C:\Windows\System\gMvsHTD.exe
  2⤵
  PID:5768
- C:\Windows\System\qDvhHVm.exe
  C:\Windows\System\qDvhHVm.exe
  2⤵
  PID:5800
- C:\Windows\System\cSgkvtL.exe
  C:\Windows\System\cSgkvtL.exe
  2⤵
  PID:5832
- C:\Windows\System\qUmNzZL.exe
  C:\Windows\System\qUmNzZL.exe
  2⤵
  PID:5876
- C:\Windows\System\MKIHXho.exe
  C:\Windows\System\MKIHXho.exe
  2⤵
  PID:5908
- C:\Windows\System\tibvKaW.exe
  C:\Windows\System\tibvKaW.exe
  2⤵
  PID:5948
- C:\Windows\System\SgBAHEP.exe
  C:\Windows\System\SgBAHEP.exe
  2⤵
  PID:5980
- C:\Windows\System\sgtmSNP.exe
  C:\Windows\System\sgtmSNP.exe
  2⤵
  PID:6012
- C:\Windows\System\rXCTGpn.exe
  C:\Windows\System\rXCTGpn.exe
  2⤵
  PID:6044
- C:\Windows\System\jKfZmNZ.exe
  C:\Windows\System\jKfZmNZ.exe
  2⤵
  PID:6080
- C:\Windows\System\KFIIAAo.exe
  C:\Windows\System\KFIIAAo.exe
  2⤵
  PID:6112
- C:\Windows\System\kXYaWbG.exe
  C:\Windows\System\kXYaWbG.exe
  2⤵
  PID:6140
- C:\Windows\System\tJkZoXb.exe
  C:\Windows\System\tJkZoXb.exe
  2⤵
  PID:4724
- C:\Windows\System\HUHLYbD.exe
  C:\Windows\System\HUHLYbD.exe
  2⤵
  PID:4852
- C:\Windows\System\BLmOHOn.exe
  C:\Windows\System\BLmOHOn.exe
  2⤵
  PID:4968
- C:\Windows\System\icSpoUS.exe
  C:\Windows\System\icSpoUS.exe
  2⤵
  PID:5112
- C:\Windows\System\KZhvTyB.exe
  C:\Windows\System\KZhvTyB.exe
  2⤵
  PID:4012
- C:\Windows\System\mtaSvvk.exe
  C:\Windows\System\mtaSvvk.exe
  2⤵
  PID:4156
- C:\Windows\System\ziJNeIO.exe
  C:\Windows\System\ziJNeIO.exe
  2⤵
  PID:4392
- C:\Windows\System\blUQTfP.exe
  C:\Windows\System\blUQTfP.exe
  2⤵
  PID:5152
- C:\Windows\System\KLLuarJ.exe
  C:\Windows\System\KLLuarJ.exe
  2⤵
  PID:5216
- C:\Windows\System\VafGFTM.exe
  C:\Windows\System\VafGFTM.exe
  2⤵
  PID:5268
- C:\Windows\System\UIFZnDu.exe
  C:\Windows\System\UIFZnDu.exe
  2⤵
  PID:5348
- C:\Windows\System\VQOGUGF.exe
  C:\Windows\System\VQOGUGF.exe
  2⤵
  PID:5400
- C:\Windows\System\JUDVZID.exe
  C:\Windows\System\JUDVZID.exe
  2⤵
  PID:5476
- C:\Windows\System\RQhEoOK.exe
  C:\Windows\System\RQhEoOK.exe
  2⤵
  PID:5528
- C:\Windows\System\nkXjKDB.exe
  C:\Windows\System\nkXjKDB.exe
  2⤵
  PID:5592
- C:\Windows\System\YiRVNjy.exe
  C:\Windows\System\YiRVNjy.exe
  2⤵
  PID:5656
- C:\Windows\System\yeiKrXS.exe
  C:\Windows\System\yeiKrXS.exe
  2⤵
  PID:5732
- C:\Windows\System\SVJjbQi.exe
  C:\Windows\System\SVJjbQi.exe
  2⤵
  PID:5784
- C:\Windows\System\qDwBiwt.exe
  C:\Windows\System\qDwBiwt.exe
  2⤵
  PID:5860
- C:\Windows\System\xoTrvJt.exe
  C:\Windows\System\xoTrvJt.exe
  2⤵
  PID:6152
- C:\Windows\System\BbjvYou.exe
  C:\Windows\System\BbjvYou.exe
  2⤵
  PID:6168
- C:\Windows\System\CGczuvu.exe
  C:\Windows\System\CGczuvu.exe
  2⤵
  PID:6184
- C:\Windows\System\sURtuZH.exe
  C:\Windows\System\sURtuZH.exe
  2⤵
  PID:6200
- C:\Windows\System\LMpdwTL.exe
  C:\Windows\System\LMpdwTL.exe
  2⤵
  PID:6216
- C:\Windows\System\nICzpYp.exe
  C:\Windows\System\nICzpYp.exe
  2⤵
  PID:6232
- C:\Windows\System\KracmWF.exe
  C:\Windows\System\KracmWF.exe
  2⤵
  PID:6248
- C:\Windows\System\ihnGTOc.exe
  C:\Windows\System\ihnGTOc.exe
  2⤵
  PID:6264
- C:\Windows\System\idVUmTz.exe
  C:\Windows\System\idVUmTz.exe
  2⤵
  PID:6280
- C:\Windows\System\bWEofLj.exe
  C:\Windows\System\bWEofLj.exe
  2⤵
  PID:6296
- C:\Windows\System\AjDiSdM.exe
  C:\Windows\System\AjDiSdM.exe
  2⤵
  PID:6312
- C:\Windows\System\AWrfAWu.exe
  C:\Windows\System\AWrfAWu.exe
  2⤵
  PID:6328
- C:\Windows\System\aDqSObP.exe
  C:\Windows\System\aDqSObP.exe
  2⤵
  PID:6344
- C:\Windows\System\JntGack.exe
  C:\Windows\System\JntGack.exe
  2⤵
  PID:6360
- C:\Windows\System\qQKlFxu.exe
  C:\Windows\System\qQKlFxu.exe
  2⤵
  PID:6380
- C:\Windows\System\cCbHhMB.exe
  C:\Windows\System\cCbHhMB.exe
  2⤵
  PID:6396
- C:\Windows\System\TwQimft.exe
  C:\Windows\System\TwQimft.exe
  2⤵
  PID:6412
- C:\Windows\System\fRiZjKG.exe
  C:\Windows\System\fRiZjKG.exe
  2⤵
  PID:6428
- C:\Windows\System\QyywFLD.exe
  C:\Windows\System\QyywFLD.exe
  2⤵
  PID:6444
- C:\Windows\System\aIMysRk.exe
  C:\Windows\System\aIMysRk.exe
  2⤵
  PID:6460
- C:\Windows\System\WEyaRkP.exe
  C:\Windows\System\WEyaRkP.exe
  2⤵
  PID:6476
- C:\Windows\System\IpyOYjT.exe
  C:\Windows\System\IpyOYjT.exe
  2⤵
  PID:6492
- C:\Windows\System\QfBgwxf.exe
  C:\Windows\System\QfBgwxf.exe
  2⤵
  PID:6508
- C:\Windows\System\JZBmDbV.exe
  C:\Windows\System\JZBmDbV.exe
  2⤵
  PID:6524
- C:\Windows\System\rzTiqfL.exe
  C:\Windows\System\rzTiqfL.exe
  2⤵
  PID:6540
- C:\Windows\System\udTQuKt.exe
  C:\Windows\System\udTQuKt.exe
  2⤵
  PID:6556
- C:\Windows\System\cVGqkmg.exe
  C:\Windows\System\cVGqkmg.exe
  2⤵
  PID:6576
- C:\Windows\System\UvsUscU.exe
  C:\Windows\System\UvsUscU.exe
  2⤵
  PID:6592
- C:\Windows\System\LnAgURp.exe
  C:\Windows\System\LnAgURp.exe
  2⤵
  PID:6608
- C:\Windows\System\sIDYdGu.exe
  C:\Windows\System\sIDYdGu.exe
  2⤵
  PID:6624
- C:\Windows\System\rchcpKj.exe
  C:\Windows\System\rchcpKj.exe
  2⤵
  PID:6640
- C:\Windows\System\XCwYNDr.exe
  C:\Windows\System\XCwYNDr.exe
  2⤵
  PID:6656
- C:\Windows\System\aUsoTey.exe
  C:\Windows\System\aUsoTey.exe
  2⤵
  PID:6672
- C:\Windows\System\QpHtYfX.exe
  C:\Windows\System\QpHtYfX.exe
  2⤵
  PID:6688
- C:\Windows\System\aomYstC.exe
  C:\Windows\System\aomYstC.exe
  2⤵
  PID:6704
- C:\Windows\System\DiWJQDj.exe
  C:\Windows\System\DiWJQDj.exe
  2⤵
  PID:6720
- C:\Windows\System\KNwawuA.exe
  C:\Windows\System\KNwawuA.exe
  2⤵
  PID:6736
- C:\Windows\System\FuYsCBC.exe
  C:\Windows\System\FuYsCBC.exe
  2⤵
  PID:6752
- C:\Windows\System\xYcVkQf.exe
  C:\Windows\System\xYcVkQf.exe
  2⤵
  PID:6768
- C:\Windows\System\oFwcxvg.exe
  C:\Windows\System\oFwcxvg.exe
  2⤵
  PID:6784
- C:\Windows\System\nGhwqFj.exe
  C:\Windows\System\nGhwqFj.exe
  2⤵
  PID:6800
- C:\Windows\System\WTXAQeF.exe
  C:\Windows\System\WTXAQeF.exe
  2⤵
  PID:6816
- C:\Windows\System\POhoRhE.exe
  C:\Windows\System\POhoRhE.exe
  2⤵
  PID:6832
- C:\Windows\System\zKRFKVn.exe
  C:\Windows\System\zKRFKVn.exe
  2⤵
  PID:6848
- C:\Windows\System\YpAdlUp.exe
  C:\Windows\System\YpAdlUp.exe
  2⤵
  PID:6864
- C:\Windows\System\JXsJUNO.exe
  C:\Windows\System\JXsJUNO.exe
  2⤵
  PID:6880
- C:\Windows\System\dKXRfDX.exe
  C:\Windows\System\dKXRfDX.exe
  2⤵
  PID:6896
- C:\Windows\System\axWXVTN.exe
  C:\Windows\System\axWXVTN.exe
  2⤵
  PID:6912
- C:\Windows\System\duFgebW.exe
  C:\Windows\System\duFgebW.exe
  2⤵
  PID:6928
- C:\Windows\System\WiaohZn.exe
  C:\Windows\System\WiaohZn.exe
  2⤵
  PID:6944
- C:\Windows\System\IbcbiXY.exe
  C:\Windows\System\IbcbiXY.exe
  2⤵
  PID:6960
- C:\Windows\System\HZWmqTZ.exe
  C:\Windows\System\HZWmqTZ.exe
  2⤵
  PID:6976
- C:\Windows\System\momHzyl.exe
  C:\Windows\System\momHzyl.exe
  2⤵
  PID:6992
- C:\Windows\System\XZEMUzw.exe
  C:\Windows\System\XZEMUzw.exe
  2⤵
  PID:7008
- C:\Windows\System\GCprMav.exe
  C:\Windows\System\GCprMav.exe
  2⤵
  PID:7024
- C:\Windows\System\mwhlKwJ.exe
  C:\Windows\System\mwhlKwJ.exe
  2⤵
  PID:7040
- C:\Windows\System\VkQSmpI.exe
  C:\Windows\System\VkQSmpI.exe
  2⤵
  PID:7060
- C:\Windows\System\lkaXNYw.exe
  C:\Windows\System\lkaXNYw.exe
  2⤵
  PID:7076
- C:\Windows\System\DVFXhNY.exe
  C:\Windows\System\DVFXhNY.exe
  2⤵
  PID:7092
- C:\Windows\System\ZruiZZy.exe
  C:\Windows\System\ZruiZZy.exe
  2⤵
  PID:7108
- C:\Windows\System\IsRYViL.exe
  C:\Windows\System\IsRYViL.exe
  2⤵
  PID:7124
- C:\Windows\System\jSjdJSe.exe
  C:\Windows\System\jSjdJSe.exe
  2⤵
  PID:7140
- C:\Windows\System\zkaRuPs.exe
  C:\Windows\System\zkaRuPs.exe
  2⤵
  PID:7156
- C:\Windows\System\VjQhcOw.exe
  C:\Windows\System\VjQhcOw.exe
  2⤵
  PID:5924
- C:\Windows\System\toBWvqM.exe
  C:\Windows\System\toBWvqM.exe
  2⤵
  PID:5996
- C:\Windows\System\zRPikDF.exe
  C:\Windows\System\zRPikDF.exe
  2⤵
  PID:6060
- C:\Windows\System\AEoENgz.exe
  C:\Windows\System\AEoENgz.exe
  2⤵
  PID:5932
- C:\Windows\System\corTyQj.exe
  C:\Windows\System\corTyQj.exe
  2⤵
  PID:4728
- C:\Windows\System\bDldzhY.exe
  C:\Windows\System\bDldzhY.exe
  2⤵
  PID:5032
- C:\Windows\System\mFChiNH.exe
  C:\Windows\System\mFChiNH.exe
  2⤵
  PID:3124
- C:\Windows\System\pTluQrM.exe
  C:\Windows\System\pTluQrM.exe
  2⤵
  PID:4328
- C:\Windows\System\DPbzIfz.exe
  C:\Windows\System\DPbzIfz.exe
  2⤵
  PID:5188
- C:\Windows\System\UFCdrmW.exe
  C:\Windows\System\UFCdrmW.exe
  2⤵
  PID:5312
- C:\Windows\System\pxnBKMl.exe
  C:\Windows\System\pxnBKMl.exe
  2⤵
  PID:5496
- C:\Windows\System\MWjYSJf.exe
  C:\Windows\System\MWjYSJf.exe
  2⤵
  PID:5624
- C:\Windows\System\ktWezWn.exe
  C:\Windows\System\ktWezWn.exe
  2⤵
  PID:5720
- C:\Windows\System\QKGrMCA.exe
  C:\Windows\System\QKGrMCA.exe
  2⤵
  PID:5880
- C:\Windows\System\JDXRDeJ.exe
  C:\Windows\System\JDXRDeJ.exe
  2⤵
  PID:6180
- C:\Windows\System\NvhbWBf.exe
  C:\Windows\System\NvhbWBf.exe
  2⤵
  PID:6212
- C:\Windows\System\QTanppb.exe
  C:\Windows\System\QTanppb.exe
  2⤵
  PID:6244
- C:\Windows\System\jxbtWkK.exe
  C:\Windows\System\jxbtWkK.exe
  2⤵
  PID:6276
- C:\Windows\System\BTAEgar.exe
  C:\Windows\System\BTAEgar.exe
  2⤵
  PID:6308
- C:\Windows\System\JxZPQBA.exe
  C:\Windows\System\JxZPQBA.exe
  2⤵
  PID:6340
- C:\Windows\System\krZrGKE.exe
  C:\Windows\System\krZrGKE.exe
  2⤵
  PID:6372
- C:\Windows\System\ymvBOzh.exe
  C:\Windows\System\ymvBOzh.exe
  2⤵
  PID:1748
- C:\Windows\System\avTgFvP.exe
  C:\Windows\System\avTgFvP.exe
  2⤵
  PID:6436
- C:\Windows\System\Hdijkul.exe
  C:\Windows\System\Hdijkul.exe
  2⤵
  PID:6468
- C:\Windows\System\mORTsxN.exe
  C:\Windows\System\mORTsxN.exe
  2⤵
  PID:6500
- C:\Windows\System\WpnJUek.exe
  C:\Windows\System\WpnJUek.exe
  2⤵
  PID:6532
- C:\Windows\System\KxpljuK.exe
  C:\Windows\System\KxpljuK.exe
  2⤵
  PID:6564
- C:\Windows\System\WJxVqVS.exe
  C:\Windows\System\WJxVqVS.exe
  2⤵
  PID:6600
- C:\Windows\System\lYkmLlY.exe
  C:\Windows\System\lYkmLlY.exe
  2⤵
  PID:6632
- C:\Windows\System\RSZYXSE.exe
  C:\Windows\System\RSZYXSE.exe
  2⤵
  PID:6664
- C:\Windows\System\MunNvYu.exe
  C:\Windows\System\MunNvYu.exe
  2⤵
  PID:6696
- C:\Windows\System\youXjyt.exe
  C:\Windows\System\youXjyt.exe
  2⤵
  PID:6728
- C:\Windows\System\PODEEVC.exe
  C:\Windows\System\PODEEVC.exe
  2⤵
  PID:6760
- C:\Windows\System\XgOrSgz.exe
  C:\Windows\System\XgOrSgz.exe
  2⤵
  PID:6780
- C:\Windows\System\okgCMQj.exe
  C:\Windows\System\okgCMQj.exe
  2⤵
  PID:6824
- C:\Windows\System\OTiLDMx.exe
  C:\Windows\System\OTiLDMx.exe
  2⤵
  PID:6856
- C:\Windows\System\kOAsvIg.exe
  C:\Windows\System\kOAsvIg.exe
  2⤵
  PID:6876
- C:\Windows\System\WvvNAQI.exe
  C:\Windows\System\WvvNAQI.exe
  2⤵
  PID:6908
- C:\Windows\System\lHfehrp.exe
  C:\Windows\System\lHfehrp.exe
  2⤵
  PID:6936
- C:\Windows\System\TGUhfMV.exe
  C:\Windows\System\TGUhfMV.exe
  2⤵
  PID:6956
- C:\Windows\System\PMgPheY.exe
  C:\Windows\System\PMgPheY.exe
  2⤵
  PID:6988
- C:\Windows\System\ddsLvaB.exe
  C:\Windows\System\ddsLvaB.exe
  2⤵
  PID:7032
- C:\Windows\System\tiRJZLL.exe
  C:\Windows\System\tiRJZLL.exe
  2⤵
  PID:7068
- C:\Windows\System\wktySVS.exe
  C:\Windows\System\wktySVS.exe
  2⤵
  PID:7100
- C:\Windows\System\CAOXxFT.exe
  C:\Windows\System\CAOXxFT.exe
  2⤵
  PID:7132
- C:\Windows\System\UGADexE.exe
  C:\Windows\System\UGADexE.exe
  2⤵
  PID:7152
- C:\Windows\System\UBjDhyZ.exe
  C:\Windows\System\UBjDhyZ.exe
  2⤵
  PID:6008
- C:\Windows\System\SlqHzUp.exe
  C:\Windows\System\SlqHzUp.exe
  2⤵
  PID:4660
- C:\Windows\System\LpLveMX.exe
  C:\Windows\System\LpLveMX.exe
  2⤵
  PID:4936
- C:\Windows\System\iTskYZw.exe
  C:\Windows\System\iTskYZw.exe
  2⤵
  PID:5944
- C:\Windows\System\uAYotvB.exe
  C:\Windows\System\uAYotvB.exe
  2⤵
  PID:5432
- C:\Windows\System\OEFTrWs.exe
  C:\Windows\System\OEFTrWs.exe
  2⤵
  PID:5668
- C:\Windows\System\aAmvjJF.exe
  C:\Windows\System\aAmvjJF.exe
  2⤵
  PID:5816
- C:\Windows\System\ithmKRT.exe
  C:\Windows\System\ithmKRT.exe
  2⤵
  PID:6228
- C:\Windows\System\SnorYot.exe
  C:\Windows\System\SnorYot.exe
  2⤵
  PID:6272
- C:\Windows\System\sOLdoXg.exe
  C:\Windows\System\sOLdoXg.exe
  2⤵
  PID:6356
- C:\Windows\System\NTuIiYH.exe
  C:\Windows\System\NTuIiYH.exe
  2⤵
  PID:6420
- C:\Windows\System\sRFIoIo.exe
  C:\Windows\System\sRFIoIo.exe
  2⤵
  PID:6484
- C:\Windows\System\lnXQvMt.exe
  C:\Windows\System\lnXQvMt.exe
  2⤵
  PID:6520
- C:\Windows\System\lsXeAUO.exe
  C:\Windows\System\lsXeAUO.exe
  2⤵
  PID:6588
- C:\Windows\System\RzgHFho.exe
  C:\Windows\System\RzgHFho.exe
  2⤵
  PID:6652
- C:\Windows\System\wMsliBk.exe
  C:\Windows\System\wMsliBk.exe
  2⤵
  PID:6716
- C:\Windows\System\TKNQzPN.exe
  C:\Windows\System\TKNQzPN.exe
  2⤵
  PID:6796
- C:\Windows\System\UXOFegf.exe
  C:\Windows\System\UXOFegf.exe
  2⤵
  PID:6844
- C:\Windows\System\ySVYMYD.exe
  C:\Windows\System\ySVYMYD.exe
  2⤵
  PID:2724
- C:\Windows\System\YFLtDdp.exe
  C:\Windows\System\YFLtDdp.exe
  2⤵
  PID:7180
- C:\Windows\System\NxRQPZP.exe
  C:\Windows\System\NxRQPZP.exe
  2⤵
  PID:7196
- C:\Windows\System\PcdYMCB.exe
  C:\Windows\System\PcdYMCB.exe
  2⤵
  PID:7212
- C:\Windows\System\yMVVHJB.exe
  C:\Windows\System\yMVVHJB.exe
  2⤵
  PID:7228
- C:\Windows\System\sZfoHrV.exe
  C:\Windows\System\sZfoHrV.exe
  2⤵
  PID:7244
- C:\Windows\System\SVVrTwP.exe
  C:\Windows\System\SVVrTwP.exe
  2⤵
  PID:7260
- C:\Windows\System\PwTIXXB.exe
  C:\Windows\System\PwTIXXB.exe
  2⤵
  PID:7276
- C:\Windows\System\ETIMwwR.exe
  C:\Windows\System\ETIMwwR.exe
  2⤵
  PID:7292
- C:\Windows\System\aOHvICS.exe
  C:\Windows\System\aOHvICS.exe
  2⤵
  PID:7308
- C:\Windows\System\FeIZwBP.exe
  C:\Windows\System\FeIZwBP.exe
  2⤵
  PID:7328
- C:\Windows\System\lHaFZJO.exe
  C:\Windows\System\lHaFZJO.exe
  2⤵
  PID:7344
- C:\Windows\System\aNIXesa.exe
  C:\Windows\System\aNIXesa.exe
  2⤵
  PID:7360
- C:\Windows\System\uczGUFR.exe
  C:\Windows\System\uczGUFR.exe
  2⤵
  PID:7376
- C:\Windows\System\PLQRQKr.exe
  C:\Windows\System\PLQRQKr.exe
  2⤵
  PID:7392
- C:\Windows\System\HZVSwsJ.exe
  C:\Windows\System\HZVSwsJ.exe
  2⤵
  PID:7408
- C:\Windows\System\ymCLjKt.exe
  C:\Windows\System\ymCLjKt.exe
  2⤵
  PID:7424
- C:\Windows\System\xWCiTih.exe
  C:\Windows\System\xWCiTih.exe
  2⤵
  PID:7440
- C:\Windows\System\oKzKofm.exe
  C:\Windows\System\oKzKofm.exe
  2⤵
  PID:7456
- C:\Windows\System\xriphjC.exe
  C:\Windows\System\xriphjC.exe
  2⤵
  PID:7472
- C:\Windows\System\UaFyRFl.exe
  C:\Windows\System\UaFyRFl.exe
  2⤵
  PID:7488
- C:\Windows\System\KbFzbGe.exe
  C:\Windows\System\KbFzbGe.exe
  2⤵
  PID:7504
- C:\Windows\System\DpSMjCd.exe
  C:\Windows\System\DpSMjCd.exe
  2⤵
  PID:7520
- C:\Windows\System\BcicEmI.exe
  C:\Windows\System\BcicEmI.exe
  2⤵
  PID:7536
- C:\Windows\System\beMIIUy.exe
  C:\Windows\System\beMIIUy.exe
  2⤵
  PID:7552
- C:\Windows\System\gARVibH.exe
  C:\Windows\System\gARVibH.exe
  2⤵
  PID:7568
- C:\Windows\System\aLASiKT.exe
  C:\Windows\System\aLASiKT.exe
  2⤵
  PID:7584
- C:\Windows\System\svCrWgc.exe
  C:\Windows\System\svCrWgc.exe
  2⤵
  PID:7600
- C:\Windows\System\suctUsa.exe
  C:\Windows\System\suctUsa.exe
  2⤵
  PID:7616
- C:\Windows\System\kPgzYPT.exe
  C:\Windows\System\kPgzYPT.exe
  2⤵
  PID:7632
- C:\Windows\System\XUWXJUH.exe
  C:\Windows\System\XUWXJUH.exe
  2⤵
  PID:7648
- C:\Windows\System\MLefdJV.exe
  C:\Windows\System\MLefdJV.exe
  2⤵
  PID:7664
- C:\Windows\System\zfnueXM.exe
  C:\Windows\System\zfnueXM.exe
  2⤵
  PID:7680
- C:\Windows\System\jlUbsAd.exe
  C:\Windows\System\jlUbsAd.exe
  2⤵
  PID:7696
- C:\Windows\System\RZeeuQL.exe
  C:\Windows\System\RZeeuQL.exe
  2⤵
  PID:7712
- C:\Windows\System\zIdgsAF.exe
  C:\Windows\System\zIdgsAF.exe
  2⤵
  PID:7728
- C:\Windows\System\UGWbuSj.exe
  C:\Windows\System\UGWbuSj.exe
  2⤵
  PID:7744
- C:\Windows\System\EgXoOyt.exe
  C:\Windows\System\EgXoOyt.exe
  2⤵
  PID:7760
- C:\Windows\System\PoexUjq.exe
  C:\Windows\System\PoexUjq.exe
  2⤵
  PID:7776
- C:\Windows\System\AooSarJ.exe
  C:\Windows\System\AooSarJ.exe
  2⤵
  PID:7792
- C:\Windows\System\qSuVYlx.exe
  C:\Windows\System\qSuVYlx.exe
  2⤵
  PID:7808
- C:\Windows\System\OvbMhGp.exe
  C:\Windows\System\OvbMhGp.exe
  2⤵
  PID:7824
- C:\Windows\System\tSVkkhw.exe
  C:\Windows\System\tSVkkhw.exe
  2⤵
  PID:7840
- C:\Windows\System\pgeeCVd.exe
  C:\Windows\System\pgeeCVd.exe
  2⤵
  PID:7856
- C:\Windows\System\waajwGF.exe
  C:\Windows\System\waajwGF.exe
  2⤵
  PID:7872
- C:\Windows\System\oULImqn.exe
  C:\Windows\System\oULImqn.exe
  2⤵
  PID:7888
- C:\Windows\System\inytDVL.exe
  C:\Windows\System\inytDVL.exe
  2⤵
  PID:7904
- C:\Windows\System\pfdGrsQ.exe
  C:\Windows\System\pfdGrsQ.exe
  2⤵
  PID:7920
- C:\Windows\System\tjWjZSx.exe
  C:\Windows\System\tjWjZSx.exe
  2⤵
  PID:7936
- C:\Windows\System\VweSnEs.exe
  C:\Windows\System\VweSnEs.exe
  2⤵
  PID:7956
- C:\Windows\System\XpsYgSv.exe
  C:\Windows\System\XpsYgSv.exe
  2⤵
  PID:7976
- C:\Windows\System\WLGfkSz.exe
  C:\Windows\System\WLGfkSz.exe
  2⤵
  PID:7992
- C:\Windows\System\PrHCYRn.exe
  C:\Windows\System\PrHCYRn.exe
  2⤵
  PID:8008
- C:\Windows\System\mUeDckY.exe
  C:\Windows\System\mUeDckY.exe
  2⤵
  PID:8024
- C:\Windows\System\ApzsoQr.exe
  C:\Windows\System\ApzsoQr.exe
  2⤵
  PID:8040
- C:\Windows\System\aWlMVZK.exe
  C:\Windows\System\aWlMVZK.exe
  2⤵
  PID:8056
- C:\Windows\System\kcduOWZ.exe
  C:\Windows\System\kcduOWZ.exe
  2⤵
  PID:8072
- C:\Windows\System\ZSRaTIa.exe
  C:\Windows\System\ZSRaTIa.exe
  2⤵
  PID:8088
- C:\Windows\System\uYpRUxp.exe
  C:\Windows\System\uYpRUxp.exe
  2⤵
  PID:8104
- C:\Windows\System\LdTnqTD.exe
  C:\Windows\System\LdTnqTD.exe
  2⤵
  PID:8120
- C:\Windows\System\nPCAmOs.exe
  C:\Windows\System\nPCAmOs.exe
  2⤵
  PID:8136
- C:\Windows\System\NewyHtw.exe
  C:\Windows\System\NewyHtw.exe
  2⤵
  PID:8152
- C:\Windows\System\RCeVJCk.exe
  C:\Windows\System\RCeVJCk.exe
  2⤵
  PID:8168
- C:\Windows\System\TjmZDnD.exe
  C:\Windows\System\TjmZDnD.exe
  2⤵
  PID:8184
- C:\Windows\System\LDwCLuh.exe
  C:\Windows\System\LDwCLuh.exe
  2⤵
  PID:2848
- C:\Windows\System\ZBsaNSI.exe
  C:\Windows\System\ZBsaNSI.exe
  2⤵
  PID:2916
- C:\Windows\System\InUixsE.exe
  C:\Windows\System\InUixsE.exe
  2⤵
  PID:7020
- C:\Windows\System\uPYPUsl.exe
  C:\Windows\System\uPYPUsl.exe
  2⤵
  PID:7116
- C:\Windows\System\gAKlwtR.exe
  C:\Windows\System\gAKlwtR.exe
  2⤵
  PID:7164
- C:\Windows\System\JtrqLGN.exe
  C:\Windows\System\JtrqLGN.exe
  2⤵
  PID:4904
- C:\Windows\System\qWfrBhh.exe
  C:\Windows\System\qWfrBhh.exe
  2⤵
  PID:5124
- C:\Windows\System\DIMwDUw.exe
  C:\Windows\System\DIMwDUw.exe
  2⤵
  PID:5560
- C:\Windows\System\KxaQKRH.exe
  C:\Windows\System\KxaQKRH.exe
  2⤵
  PID:6260
- C:\Windows\System\yOTayFJ.exe
  C:\Windows\System\yOTayFJ.exe
  2⤵
  PID:6324
- C:\Windows\System\lSzXliA.exe
  C:\Windows\System\lSzXliA.exe
  2⤵
  PID:6452
- C:\Windows\System\nryJqlY.exe
  C:\Windows\System\nryJqlY.exe
  2⤵
  PID:6552
- C:\Windows\System\fpeBlxL.exe
  C:\Windows\System\fpeBlxL.exe
  2⤵
  PID:6684
- C:\Windows\System\FzTJfAB.exe
  C:\Windows\System\FzTJfAB.exe
  2⤵
  PID:6812
- C:\Windows\System\NghyyHc.exe
  C:\Windows\System\NghyyHc.exe
  2⤵
  PID:320
- C:\Windows\System\MwHRvNq.exe
  C:\Windows\System\MwHRvNq.exe
  2⤵
  PID:2612
- C:\Windows\System\EnXSArO.exe
  C:\Windows\System\EnXSArO.exe
  2⤵
  PID:7204
- C:\Windows\System\KgYQkDl.exe
  C:\Windows\System\KgYQkDl.exe
  2⤵
  PID:7236
- C:\Windows\System\LMAvWgm.exe
  C:\Windows\System\LMAvWgm.exe
  2⤵
  PID:7268
- C:\Windows\System\jjBictv.exe
  C:\Windows\System\jjBictv.exe
  2⤵
  PID:7300
- C:\Windows\System\nxCVwtM.exe
  C:\Windows\System\nxCVwtM.exe
  2⤵
  PID:7336
- C:\Windows\System\ShRwOBf.exe
  C:\Windows\System\ShRwOBf.exe
  2⤵
  PID:7356
- C:\Windows\System\KrGdhLg.exe
  C:\Windows\System\KrGdhLg.exe
  2⤵
  PID:2804
- C:\Windows\System\iWhudMx.exe
  C:\Windows\System\iWhudMx.exe
  2⤵
  PID:7416
- C:\Windows\System\JwoXTMi.exe
  C:\Windows\System\JwoXTMi.exe
  2⤵
  PID:7436
- C:\Windows\System\hWwelKI.exe
  C:\Windows\System\hWwelKI.exe
  2⤵
  PID:7480
- C:\Windows\System\fbmVhfL.exe
  C:\Windows\System\fbmVhfL.exe
  2⤵
  PID:7500
- C:\Windows\System\rXVASLR.exe
  C:\Windows\System\rXVASLR.exe
  2⤵
  PID:7532
- C:\Windows\System\mcIJMQh.exe
  C:\Windows\System\mcIJMQh.exe
  2⤵
  PID:7564
- C:\Windows\System\fWtOPpR.exe
  C:\Windows\System\fWtOPpR.exe
  2⤵
  PID:7608
- C:\Windows\System\JzoTgut.exe
  C:\Windows\System\JzoTgut.exe
  2⤵
  PID:7628
- C:\Windows\System\ErOIfVS.exe
  C:\Windows\System\ErOIfVS.exe
  2⤵
  PID:7672
- C:\Windows\System\gDlkXqv.exe
  C:\Windows\System\gDlkXqv.exe
  2⤵
  PID:7692
- C:\Windows\System\udlkwDs.exe
  C:\Windows\System\udlkwDs.exe
  2⤵
  PID:7736
- C:\Windows\System\jQmwLxG.exe
  C:\Windows\System\jQmwLxG.exe
  2⤵
  PID:7772
- C:\Windows\System\BcRxQoj.exe
  C:\Windows\System\BcRxQoj.exe
  2⤵
  PID:7804
- C:\Windows\System\qemgSab.exe
  C:\Windows\System\qemgSab.exe
  2⤵
  PID:7836
- C:\Windows\System\lTxuvFs.exe
  C:\Windows\System\lTxuvFs.exe
  2⤵
  PID:7880
- C:\Windows\System\IJIBpOl.exe
  C:\Windows\System\IJIBpOl.exe
  2⤵
  PID:7912
- C:\Windows\System\nqTgaTu.exe
  C:\Windows\System\nqTgaTu.exe
  2⤵
  PID:7944
- C:\Windows\System\KpZHlUd.exe
  C:\Windows\System\KpZHlUd.exe
  2⤵
  PID:2264
- C:\Windows\System\ByBRzQy.exe
  C:\Windows\System\ByBRzQy.exe
  2⤵
  PID:8000
- C:\Windows\System\pljTCCV.exe
  C:\Windows\System\pljTCCV.exe
  2⤵
  PID:8032
- C:\Windows\System\jPdmhVP.exe
  C:\Windows\System\jPdmhVP.exe
  2⤵
  PID:8064
- C:\Windows\System\NgVbJhM.exe
  C:\Windows\System\NgVbJhM.exe
  2⤵
  PID:8096
- C:\Windows\System\uhvEQIJ.exe
  C:\Windows\System\uhvEQIJ.exe
  2⤵
  PID:8128
- C:\Windows\System\vtptZxe.exe
  C:\Windows\System\vtptZxe.exe
  2⤵
  PID:2556
- C:\Windows\System\zSEnIGV.exe
  C:\Windows\System\zSEnIGV.exe
  2⤵
  PID:8148
- C:\Windows\System\bvCpDHC.exe
  C:\Windows\System\bvCpDHC.exe
  2⤵
  PID:8164
- C:\Windows\System\gGMYWWl.exe
  C:\Windows\System\gGMYWWl.exe
  2⤵
  PID:6952
- C:\Windows\System\ZjuXeIM.exe
  C:\Windows\System\ZjuXeIM.exe
  2⤵
  PID:1796
- C:\Windows\System\lQexGGF.exe
  C:\Windows\System\lQexGGF.exe
  2⤵
  PID:7084
- C:\Windows\System\nKeuWvD.exe
  C:\Windows\System\nKeuWvD.exe
  2⤵
  PID:5976
- C:\Windows\System\jFZcZMl.exe
  C:\Windows\System\jFZcZMl.exe
  2⤵
  PID:5300
- C:\Windows\System\UfntQmD.exe
  C:\Windows\System\UfntQmD.exe
  2⤵
  PID:6196
- C:\Windows\System\WXihKCK.exe
  C:\Windows\System\WXihKCK.exe
  2⤵
  PID:6404
- C:\Windows\System\tDanIrL.exe
  C:\Windows\System\tDanIrL.exe
  2⤵
  PID:6648
- C:\Windows\System\NySWaKN.exe
  C:\Windows\System\NySWaKN.exe
  2⤵
  PID:2664
- C:\Windows\System\nLdQkBN.exe
  C:\Windows\System\nLdQkBN.exe
  2⤵
  PID:7192
- C:\Windows\System\aQokiak.exe
  C:\Windows\System\aQokiak.exe
  2⤵
  PID:7256
- C:\Windows\System\AzPfbOy.exe
  C:\Windows\System\AzPfbOy.exe
  2⤵
  PID:7324
- C:\Windows\System\irFKOgo.exe
  C:\Windows\System\irFKOgo.exe
  2⤵
  PID:7384
- C:\Windows\System\qKWDpwS.exe
  C:\Windows\System\qKWDpwS.exe
  2⤵
  PID:7448
- C:\Windows\System\AvFzcly.exe
  C:\Windows\System\AvFzcly.exe
  2⤵
  PID:7496
- C:\Windows\System\IxlbdFU.exe
  C:\Windows\System\IxlbdFU.exe
  2⤵
  PID:7548
- C:\Windows\System\lxpzOSt.exe
  C:\Windows\System\lxpzOSt.exe
  2⤵
  PID:7624
- C:\Windows\System\UTdiJzR.exe
  C:\Windows\System\UTdiJzR.exe
  2⤵
  PID:7660
- C:\Windows\System\KrhqQKG.exe
  C:\Windows\System\KrhqQKG.exe
  2⤵
  PID:7752
- C:\Windows\System\vMvjWme.exe
  C:\Windows\System\vMvjWme.exe
  2⤵
  PID:7832
- C:\Windows\System\EuwwJYI.exe
  C:\Windows\System\EuwwJYI.exe
  2⤵
  PID:7868
- C:\Windows\System\MYpkopt.exe
  C:\Windows\System\MYpkopt.exe
  2⤵
  PID:7964
- C:\Windows\System\dYqYbfo.exe
  C:\Windows\System\dYqYbfo.exe
  2⤵
  PID:8016
- C:\Windows\System\MaeCCex.exe
  C:\Windows\System\MaeCCex.exe
  2⤵
  PID:8068
- C:\Windows\System\cfAGYmR.exe
  C:\Windows\System\cfAGYmR.exe
  2⤵
  PID:8112
- C:\Windows\System\drQiYct.exe
  C:\Windows\System\drQiYct.exe
  2⤵
  PID:8144
- C:\Windows\System\JhoFmlm.exe
  C:\Windows\System\JhoFmlm.exe
  2⤵
  PID:6924
- C:\Windows\System\HNIkaHx.exe
  C:\Windows\System\HNIkaHx.exe
  2⤵
  PID:7052
- C:\Windows\System\BhoKVEh.exe
  C:\Windows\System\BhoKVEh.exe
  2⤵
  PID:3216
- C:\Windows\System\IIxBoXG.exe
  C:\Windows\System\IIxBoXG.exe
  2⤵
  PID:7852
- C:\Windows\System\numXKYf.exe
  C:\Windows\System\numXKYf.exe
  2⤵
  PID:6764
- C:\Windows\System\LDSILFn.exe
  C:\Windows\System\LDSILFn.exe
  2⤵
  PID:7252
- C:\Windows\System\Ghaeuuz.exe
  C:\Windows\System\Ghaeuuz.exe
  2⤵
  PID:2620
- C:\Windows\System\vHabLAp.exe
  C:\Windows\System\vHabLAp.exe
  2⤵
  PID:632
- C:\Windows\System\pptSmnH.exe
  C:\Windows\System\pptSmnH.exe
  2⤵
  PID:7592
- C:\Windows\System\cBlFJQp.exe
  C:\Windows\System\cBlFJQp.exe
  2⤵
  PID:8200
- C:\Windows\System\YBigcEg.exe
  C:\Windows\System\YBigcEg.exe
  2⤵
  PID:8216
- C:\Windows\System\UhJUMlF.exe
  C:\Windows\System\UhJUMlF.exe
  2⤵
  PID:8232
- C:\Windows\System\ZsUJLMQ.exe
  C:\Windows\System\ZsUJLMQ.exe
  2⤵
  PID:8248
- C:\Windows\System\zQJuUrS.exe
  C:\Windows\System\zQJuUrS.exe
  2⤵
  PID:8264
- C:\Windows\System\MdGZFIq.exe
  C:\Windows\System\MdGZFIq.exe
  2⤵
  PID:8280
- C:\Windows\System\xRNcmHz.exe
  C:\Windows\System\xRNcmHz.exe
  2⤵
  PID:8296
- C:\Windows\System\SFVUzbh.exe
  C:\Windows\System\SFVUzbh.exe
  2⤵
  PID:8312
- C:\Windows\System\PasaSPN.exe
  C:\Windows\System\PasaSPN.exe
  2⤵
  PID:8328
- C:\Windows\System\Hncnumr.exe
  C:\Windows\System\Hncnumr.exe
  2⤵
  PID:8344
- C:\Windows\System\JpzXkXa.exe
  C:\Windows\System\JpzXkXa.exe
  2⤵
  PID:8360
- C:\Windows\System\fnBXPLh.exe
  C:\Windows\System\fnBXPLh.exe
  2⤵
  PID:8376
- C:\Windows\System\GRFtCow.exe
  C:\Windows\System\GRFtCow.exe
  2⤵
  PID:8428
- C:\Windows\System\DCtSUfO.exe
  C:\Windows\System\DCtSUfO.exe
  2⤵
  PID:8448
- C:\Windows\System\xZsqbiV.exe
  C:\Windows\System\xZsqbiV.exe
  2⤵
  PID:8472
- C:\Windows\System\LuSVbwK.exe
  C:\Windows\System\LuSVbwK.exe
  2⤵
  PID:8488
- C:\Windows\System\bnHiOlt.exe
  C:\Windows\System\bnHiOlt.exe
  2⤵
  PID:8504
- C:\Windows\System\kMNTeXo.exe
  C:\Windows\System\kMNTeXo.exe
  2⤵
  PID:9584
- C:\Windows\System\biSTaqp.exe
  C:\Windows\System\biSTaqp.exe
  2⤵
  PID:9636
- C:\Windows\System\ZJvcXJl.exe
  C:\Windows\System\ZJvcXJl.exe
  2⤵
  PID:9652
- C:\Windows\System\HPyfNLQ.exe
  C:\Windows\System\HPyfNLQ.exe
  2⤵
  PID:9668
- C:\Windows\System\ndzkmEp.exe
  C:\Windows\System\ndzkmEp.exe
  2⤵
  PID:9684
- C:\Windows\System\KGSYHIC.exe
  C:\Windows\System\KGSYHIC.exe
  2⤵
  PID:9916
- C:\Windows\System\qwxVKSo.exe
  C:\Windows\System\qwxVKSo.exe
  2⤵
  PID:9932
- C:\Windows\System\oSJpFPJ.exe
  C:\Windows\System\oSJpFPJ.exe
  2⤵
  PID:9952
- C:\Windows\System\PctjZFu.exe
  C:\Windows\System\PctjZFu.exe
  2⤵
  PID:9968
- C:\Windows\System\OUvmIcH.exe
  C:\Windows\System\OUvmIcH.exe
  2⤵
  PID:9984
- C:\Windows\System\oFSxJGk.exe
  C:\Windows\System\oFSxJGk.exe
  2⤵
  PID:10000
- C:\Windows\System\qyIzwpz.exe
  C:\Windows\System\qyIzwpz.exe
  2⤵
  PID:10016
- C:\Windows\System\hLeLnug.exe
  C:\Windows\System\hLeLnug.exe
  2⤵
  PID:10032
- C:\Windows\System\LkNIGDp.exe
  C:\Windows\System\LkNIGDp.exe
  2⤵
  PID:10048
- C:\Windows\System\KTevMGM.exe
  C:\Windows\System\KTevMGM.exe
  2⤵
  PID:10072
- C:\Windows\System\uduTgvV.exe
  C:\Windows\System\uduTgvV.exe
  2⤵
  PID:10088
- C:\Windows\System\VFtAADN.exe
  C:\Windows\System\VFtAADN.exe
  2⤵
  PID:10104
- C:\Windows\System\XllItOx.exe
  C:\Windows\System\XllItOx.exe
  2⤵
  PID:10120
- C:\Windows\System\ZXvektH.exe
  C:\Windows\System\ZXvektH.exe
  2⤵
  PID:10136
- C:\Windows\System\NMRrtEp.exe
  C:\Windows\System\NMRrtEp.exe
  2⤵
  PID:816
- C:\Windows\System\ULNfOzv.exe
  C:\Windows\System\ULNfOzv.exe
  2⤵
  PID:9232
- C:\Windows\System\tdziOCd.exe
  C:\Windows\System\tdziOCd.exe
  2⤵
  PID:9308
- C:\Windows\System\apLoBxg.exe
  C:\Windows\System\apLoBxg.exe
  2⤵
  PID:9384
- C:\Windows\System\IDVbxMm.exe
  C:\Windows\System\IDVbxMm.exe
  2⤵
  PID:9480
- C:\Windows\System\UlwBnwU.exe
  C:\Windows\System\UlwBnwU.exe
  2⤵
  PID:8624
- C:\Windows\System\qTeHVfN.exe
  C:\Windows\System\qTeHVfN.exe
  2⤵
  PID:8640
- C:\Windows\System\kShCJse.exe
  C:\Windows\System\kShCJse.exe
  2⤵
  PID:8660
- C:\Windows\System\SewshQV.exe
  C:\Windows\System\SewshQV.exe
  2⤵
  PID:8688
- C:\Windows\System\MCWahfX.exe
  C:\Windows\System\MCWahfX.exe
  2⤵
  PID:8744
- C:\Windows\System\wNICUWS.exe
  C:\Windows\System\wNICUWS.exe
  2⤵
  PID:9128
- C:\Windows\System\nezfGUy.exe
  C:\Windows\System\nezfGUy.exe
  2⤵
  PID:9144
- C:\Windows\System\qJHpxyV.exe
  C:\Windows\System\qJHpxyV.exe
  2⤵
  PID:9160
- C:\Windows\System\OimUGCs.exe
  C:\Windows\System\OimUGCs.exe
  2⤵
  PID:9176
- C:\Windows\System\hVHOrOC.exe
  C:\Windows\System\hVHOrOC.exe
  2⤵
  PID:9192
- C:\Windows\System\nJqWYtu.exe
  C:\Windows\System\nJqWYtu.exe
  2⤵
  PID:9208
- C:\Windows\System\zYspGXn.exe
  C:\Windows\System\zYspGXn.exe
  2⤵
  PID:7720
- C:\Windows\System\tQHTUVy.exe
  C:\Windows\System\tQHTUVy.exe
  2⤵
  PID:7900
- C:\Windows\System\ibSHqSZ.exe
  C:\Windows\System\ibSHqSZ.exe
  2⤵
  PID:8036
- C:\Windows\System\kALvtGH.exe
  C:\Windows\System\kALvtGH.exe
  2⤵
  PID:2044
- C:\Windows\System\alRIfAV.exe
  C:\Windows\System\alRIfAV.exe
  2⤵
  PID:7148
- C:\Windows\System\pxKrFIJ.exe
  C:\Windows\System\pxKrFIJ.exe
  2⤵
  PID:6392
- C:\Windows\System\fcNwHZN.exe
  C:\Windows\System\fcNwHZN.exe
  2⤵
  PID:7656
- C:\Windows\System\JtktyFP.exe
  C:\Windows\System\JtktyFP.exe
  2⤵
  PID:8228
- C:\Windows\System\uwjJxKQ.exe
  C:\Windows\System\uwjJxKQ.exe
  2⤵
  PID:8256
- C:\Windows\System\IHUiATm.exe
  C:\Windows\System\IHUiATm.exe
  2⤵
  PID:8240
- C:\Windows\System\wdCKXlY.exe
  C:\Windows\System\wdCKXlY.exe
  2⤵
  PID:8320
- C:\Windows\System\sCnRDxD.exe
  C:\Windows\System\sCnRDxD.exe
  2⤵
  PID:8276
- C:\Windows\System\sgBzVxn.exe
  C:\Windows\System\sgBzVxn.exe
  2⤵
  PID:8368
- C:\Windows\System\iYhPQwc.exe
  C:\Windows\System\iYhPQwc.exe
  2⤵
  PID:1596
- C:\Windows\System\sTEDwaA.exe
  C:\Windows\System\sTEDwaA.exe
  2⤵
  PID:4404
- C:\Windows\System\DbDtZmw.exe
  C:\Windows\System\DbDtZmw.exe
  2⤵
  PID:1568
- C:\Windows\System\LqsklGp.exe
  C:\Windows\System\LqsklGp.exe
  2⤵
  PID:2764
- C:\Windows\System\yogkhjC.exe
  C:\Windows\System\yogkhjC.exe
  2⤵
  PID:2772
- C:\Windows\System\sWxeFEi.exe
  C:\Windows\System\sWxeFEi.exe
  2⤵
  PID:1808
- C:\Windows\System\OZLzsOq.exe
  C:\Windows\System\OZLzsOq.exe
  2⤵
  PID:2184
- C:\Windows\System\KsrFElf.exe
  C:\Windows\System\KsrFElf.exe
  2⤵
  PID:2932
- C:\Windows\System\TjrcrYY.exe
  C:\Windows\System\TjrcrYY.exe
  2⤵
  PID:1368
- C:\Windows\System\kbVpoZE.exe
  C:\Windows\System\kbVpoZE.exe
  2⤵
  PID:1636
- C:\Windows\System\xywSXsK.exe
  C:\Windows\System\xywSXsK.exe
  2⤵
  PID:8456
- C:\Windows\System\RlSBjjm.exe
  C:\Windows\System\RlSBjjm.exe
  2⤵
  PID:8444
- C:\Windows\System\jWuStqt.exe
  C:\Windows\System\jWuStqt.exe
  2⤵
  PID:9236
- C:\Windows\System\rEYgFjI.exe
  C:\Windows\System\rEYgFjI.exe
  2⤵
  PID:9256
- C:\Windows\System\itVQFIs.exe
  C:\Windows\System\itVQFIs.exe
  2⤵
  PID:9276
- C:\Windows\System\rbHsbhR.exe
  C:\Windows\System\rbHsbhR.exe
  2⤵
  PID:9296
- C:\Windows\System\jfbvUNP.exe
  C:\Windows\System\jfbvUNP.exe
  2⤵
  PID:9316
- C:\Windows\System\VbApAxL.exe
  C:\Windows\System\VbApAxL.exe
  2⤵
  PID:9336
- C:\Windows\System\aslwMSi.exe
  C:\Windows\System\aslwMSi.exe
  2⤵
  PID:9356
- C:\Windows\System\UKlnArE.exe
  C:\Windows\System\UKlnArE.exe
  2⤵
  PID:9380
- C:\Windows\System\bQlzpqJ.exe
  C:\Windows\System\bQlzpqJ.exe
  2⤵
  PID:9404
- C:\Windows\System\XknJmiG.exe
  C:\Windows\System\XknJmiG.exe
  2⤵
  PID:9428
- C:\Windows\System\haUnaWK.exe
  C:\Windows\System\haUnaWK.exe
  2⤵
  PID:9456
- C:\Windows\System\VQwXaCc.exe
  C:\Windows\System\VQwXaCc.exe
  2⤵
  PID:9476
- C:\Windows\System\SpABhjw.exe
  C:\Windows\System\SpABhjw.exe
  2⤵
  PID:9496
- C:\Windows\System\DWxYDJV.exe
  C:\Windows\System\DWxYDJV.exe
  2⤵
  PID:9516
- C:\Windows\System\DcgLYYw.exe
  C:\Windows\System\DcgLYYw.exe
  2⤵
  PID:9536
- C:\Windows\System\ePjzDuz.exe
  C:\Windows\System\ePjzDuz.exe
  2⤵
  PID:9556
- C:\Windows\System\kxXwXMc.exe
  C:\Windows\System\kxXwXMc.exe
  2⤵
  PID:9592
- C:\Windows\System\uHmtZKF.exe
  C:\Windows\System\uHmtZKF.exe
  2⤵
  PID:9604
- C:\Windows\System\bJhQgCG.exe
  C:\Windows\System\bJhQgCG.exe
  2⤵
  PID:9620
- C:\Windows\System\zBZdnVI.exe
  C:\Windows\System\zBZdnVI.exe
  2⤵
  PID:9632
- C:\Windows\System\TyPTZCd.exe
  C:\Windows\System\TyPTZCd.exe
  2⤵
  PID:9644
- C:\Windows\System\tnIwPIk.exe
  C:\Windows\System\tnIwPIk.exe
  2⤵
  PID:9700
- C:\Windows\System\WAcZiOe.exe
  C:\Windows\System\WAcZiOe.exe
  2⤵
  PID:9708
- C:\Windows\System\PjpbQyG.exe
  C:\Windows\System\PjpbQyG.exe
  2⤵
  PID:9728
- C:\Windows\System\dkplXNF.exe
  C:\Windows\System\dkplXNF.exe
  2⤵
  PID:9744
- C:\Windows\System\YgWAPTc.exe
  C:\Windows\System\YgWAPTc.exe
  2⤵
  PID:9760
- C:\Windows\System\qkHXLxN.exe
  C:\Windows\System\qkHXLxN.exe
  2⤵
  PID:9776
- C:\Windows\System\vXVUvUT.exe
  C:\Windows\System\vXVUvUT.exe
  2⤵
  PID:9792
- C:\Windows\System\nulHsTT.exe
  C:\Windows\System\nulHsTT.exe
  2⤵
  PID:9812
- C:\Windows\System\MvafCtq.exe
  C:\Windows\System\MvafCtq.exe
  2⤵
  PID:9824
- C:\Windows\System\DCTeMGf.exe
  C:\Windows\System\DCTeMGf.exe
  2⤵
  PID:9844
- C:\Windows\System\NGgzQeL.exe
  C:\Windows\System\NGgzQeL.exe
  2⤵
  PID:9860
- C:\Windows\System\BbamwrT.exe
  C:\Windows\System\BbamwrT.exe
  2⤵
  PID:9876
- C:\Windows\System\RSEcpZb.exe
  C:\Windows\System\RSEcpZb.exe
  2⤵
  PID:9892
- C:\Windows\System\ojrsbSq.exe
  C:\Windows\System\ojrsbSq.exe
  2⤵
  PID:9912
- C:\Windows\System\rZLIYvd.exe
  C:\Windows\System\rZLIYvd.exe
  2⤵
  PID:9976
- C:\Windows\System\OlmQxdL.exe
  C:\Windows\System\OlmQxdL.exe
  2⤵
  PID:10040
- C:\Windows\System\QCZVvOl.exe
  C:\Windows\System\QCZVvOl.exe
  2⤵
  PID:10084
- C:\Windows\System\vFXdyZx.exe
  C:\Windows\System\vFXdyZx.exe
  2⤵
  PID:10148
- C:\Windows\System\bRMCENA.exe
  C:\Windows\System\bRMCENA.exe
  2⤵
  PID:9928
- C:\Windows\System\hlrJzqR.exe
  C:\Windows\System\hlrJzqR.exe
  2⤵
  PID:10172
- C:\Windows\System\ghuTbTl.exe
  C:\Windows\System\ghuTbTl.exe
  2⤵
  PID:10188
- C:\Windows\System\IuMFOWM.exe
  C:\Windows\System\IuMFOWM.exe
  2⤵
  PID:10204
- C:\Windows\System\fJhikaO.exe
  C:\Windows\System\fJhikaO.exe
  2⤵
  PID:10220
- C:\Windows\System\ejjXALg.exe
  C:\Windows\System\ejjXALg.exe
  2⤵
  PID:10236
- C:\Windows\System\chFNbJa.exe
  C:\Windows\System\chFNbJa.exe
  2⤵
  PID:2852
- C:\Windows\System\tIWQmgr.exe
  C:\Windows\System\tIWQmgr.exe
  2⤵
  PID:8288
- C:\Windows\System\WcZOmUc.exe
  C:\Windows\System\WcZOmUc.exe
  2⤵
  PID:2428
- C:\Windows\System\FNlsYiA.exe
  C:\Windows\System\FNlsYiA.exe
  2⤵
  PID:8464
- C:\Windows\System\RhoJVGe.exe
  C:\Windows\System\RhoJVGe.exe
  2⤵
  PID:10132
- C:\Windows\System\jIqjLLT.exe
  C:\Windows\System\jIqjLLT.exe
  2⤵
  PID:9440
- C:\Windows\System\LQjirFf.exe
  C:\Windows\System\LQjirFf.exe
  2⤵
  PID:10100
- C:\Windows\System\csOWbXU.exe
  C:\Windows\System\csOWbXU.exe
  2⤵
  PID:10028
- C:\Windows\System\DeKPoSo.exe
  C:\Windows\System\DeKPoSo.exe
  2⤵
  PID:9964
- C:\Windows\System\cyOuIKS.exe
  C:\Windows\System\cyOuIKS.exe
  2⤵
  PID:8516
- C:\Windows\System\uyxlrSw.exe
  C:\Windows\System\uyxlrSw.exe
  2⤵
  PID:8536
- C:\Windows\System\yLZliJQ.exe
  C:\Windows\System\yLZliJQ.exe
  2⤵
  PID:8552
- C:\Windows\System\fQPnEVB.exe
  C:\Windows\System\fQPnEVB.exe
  2⤵
  PID:8568
- C:\Windows\System\zjWuTWN.exe
  C:\Windows\System\zjWuTWN.exe
  2⤵
  PID:8588
- C:\Windows\System\HDRYfUb.exe
  C:\Windows\System\HDRYfUb.exe
  2⤵
  PID:8604
- C:\Windows\System\IBtvqWt.exe
  C:\Windows\System\IBtvqWt.exe
  2⤵
  PID:2064
- C:\Windows\System\SiuYlmb.exe
  C:\Windows\System\SiuYlmb.exe
  2⤵
  PID:9520
- C:\Windows\System\BGvrbXo.exe
  C:\Windows\System\BGvrbXo.exe
  2⤵
  PID:8636
- C:\Windows\System\gYNcjiz.exe
  C:\Windows\System\gYNcjiz.exe
  2⤵
  PID:8676
- C:\Windows\System\ifOSWup.exe
  C:\Windows\System\ifOSWup.exe
  2⤵
  PID:8656
- C:\Windows\System\vuBoWUK.exe
  C:\Windows\System\vuBoWUK.exe
  2⤵
  PID:8712
- C:\Windows\System\urmapRp.exe
  C:\Windows\System\urmapRp.exe
  2⤵
  PID:8728
- C:\Windows\System\JsbYlwu.exe
  C:\Windows\System\JsbYlwu.exe
  2⤵
  PID:8752
- C:\Windows\System\PkCzhIq.exe
  C:\Windows\System\PkCzhIq.exe
  2⤵
  PID:8768
- C:\Windows\System\WtNhipX.exe
  C:\Windows\System\WtNhipX.exe
  2⤵
  PID:8788
- C:\Windows\System\hiEqmpk.exe
  C:\Windows\System\hiEqmpk.exe
  2⤵
  PID:8804
- C:\Windows\System\GotVdqm.exe
  C:\Windows\System\GotVdqm.exe
  2⤵
  PID:8820
- C:\Windows\System\vnWYWSH.exe
  C:\Windows\System\vnWYWSH.exe
  2⤵
  PID:8836
- C:\Windows\System\phiNQzW.exe
  C:\Windows\System\phiNQzW.exe
  2⤵
  PID:8864
- C:\Windows\System\pvbdZLm.exe
  C:\Windows\System\pvbdZLm.exe
  2⤵
  PID:8884
- C:\Windows\System\eCeHQUY.exe
  C:\Windows\System\eCeHQUY.exe
  2⤵
  PID:8900
- C:\Windows\System\VwlrTdl.exe
  C:\Windows\System\VwlrTdl.exe
  2⤵
  PID:8920
- C:\Windows\System\IxiTHNN.exe
  C:\Windows\System\IxiTHNN.exe
  2⤵
  PID:8936
- C:\Windows\System\dXdPukK.exe
  C:\Windows\System\dXdPukK.exe
  2⤵
  PID:8952
- C:\Windows\System\KBBLtID.exe
  C:\Windows\System\KBBLtID.exe
  2⤵
  PID:8960
- C:\Windows\System\zPEuFAK.exe
  C:\Windows\System\zPEuFAK.exe
  2⤵
  PID:8976
- C:\Windows\System\lwJxuJy.exe
  C:\Windows\System\lwJxuJy.exe
  2⤵
  PID:8992
- C:\Windows\System\dIdEvnv.exe
  C:\Windows\System\dIdEvnv.exe
  2⤵
  PID:9008
- C:\Windows\System\rkEozNh.exe
  C:\Windows\System\rkEozNh.exe
  2⤵
  PID:9024
- C:\Windows\System\OauRmeF.exe
  C:\Windows\System\OauRmeF.exe
  2⤵
  PID:9040
- C:\Windows\System\GKmJukl.exe
  C:\Windows\System\GKmJukl.exe
  2⤵
  PID:9056
- C:\Windows\System\yBEpRin.exe
  C:\Windows\System\yBEpRin.exe
  2⤵
  PID:9072
- C:\Windows\System\dcqVyrP.exe
  C:\Windows\System\dcqVyrP.exe
  2⤵
  PID:9088
- C:\Windows\System\FVcIkCy.exe
  C:\Windows\System\FVcIkCy.exe
  2⤵
  PID:9104
- C:\Windows\System\fCrInrD.exe
  C:\Windows\System\fCrInrD.exe
  2⤵
  PID:1536
- C:\Windows\System\LKydjcs.exe
  C:\Windows\System\LKydjcs.exe
  2⤵
  PID:1988
- C:\Windows\System\UHyKSLx.exe
  C:\Windows\System\UHyKSLx.exe
  2⤵
  PID:9120
- C:\Windows\System\mwoAyPi.exe
  C:\Windows\System\mwoAyPi.exe
  2⤵
  PID:9156
- C:\Windows\System\FIxEzAw.exe
  C:\Windows\System\FIxEzAw.exe
  2⤵
  PID:7704
- C:\Windows\System\hyGHSSe.exe
  C:\Windows\System\hyGHSSe.exe
  2⤵
  PID:2472
- C:\Windows\System\AvVmdRc.exe
  C:\Windows\System\AvVmdRc.exe
  2⤵
  PID:996
- C:\Windows\System\pMCLTgY.exe
  C:\Windows\System\pMCLTgY.exe
  2⤵
  PID:9200
- C:\Windows\System\HISiiwH.exe
  C:\Windows\System\HISiiwH.exe
  2⤵
  PID:7188
- C:\Windows\System\iWhvuIG.exe
  C:\Windows\System\iWhvuIG.exe
  2⤵
  PID:7288
- C:\Windows\System\aGzBgfn.exe
  C:\Windows\System\aGzBgfn.exe
  2⤵
  PID:8336
- C:\Windows\System\exMjrbt.exe
  C:\Windows\System\exMjrbt.exe
  2⤵
  PID:7576
- C:\Windows\System\icymwnh.exe
  C:\Windows\System\icymwnh.exe
  2⤵
  PID:8352
- C:\Windows\System\hizFQaq.exe
  C:\Windows\System\hizFQaq.exe
  2⤵
  PID:8224
- C:\Windows\System\TUFGBeQ.exe
  C:\Windows\System\TUFGBeQ.exe
  2⤵
  PID:2656
- C:\Windows\System\UWGkoVS.exe
  C:\Windows\System\UWGkoVS.exe
  2⤵
  PID:2868
- C:\Windows\System\XtPKCxt.exe
  C:\Windows\System\XtPKCxt.exe
  2⤵
  PID:2548
- C:\Windows\System\EiOSebR.exe
  C:\Windows\System\EiOSebR.exe
  2⤵
  PID:9224
- C:\Windows\System\PCuUPnZ.exe
  C:\Windows\System\PCuUPnZ.exe
  2⤵
  PID:9248
- C:\Windows\System\XPwKRPe.exe
  C:\Windows\System\XPwKRPe.exe
  2⤵
  PID:9328
- C:\Windows\System\LusKQjV.exe
  C:\Windows\System\LusKQjV.exe
  2⤵
  PID:9304
- C:\Windows\System\BPfRbFi.exe
  C:\Windows\System\BPfRbFi.exe
  2⤵
  PID:9368
- C:\Windows\System\qCphZec.exe
  C:\Windows\System\qCphZec.exe
  2⤵
  PID:9416
- C:\Windows\System\BXZOnjG.exe
  C:\Windows\System\BXZOnjG.exe
  2⤵
  PID:9468
- C:\Windows\System\bXvCOvM.exe
  C:\Windows\System\bXvCOvM.exe
  2⤵
  PID:9548
- C:\Windows\System\HFzRBxu.exe
  C:\Windows\System\HFzRBxu.exe
  2⤵
  PID:9436
- C:\Windows\System\QjStNyo.exe
  C:\Windows\System\QjStNyo.exe
  2⤵
  PID:9600
- C:\Windows\System\ETkEhXr.exe
  C:\Windows\System\ETkEhXr.exe
  2⤵
  PID:10144
- C:\Windows\System\hQMppDV.exe
  C:\Windows\System\hQMppDV.exe
  2⤵
  PID:2652
- C:\Windows\System\HRIpTxa.exe
  C:\Windows\System\HRIpTxa.exe
  2⤵
  PID:8308
- C:\Windows\System\TAgBsFO.exe
  C:\Windows\System\TAgBsFO.exe
  2⤵
  PID:7404
- C:\Windows\System\VWSOgYz.exe
  C:\Windows\System\VWSOgYz.exe
  2⤵
  PID:9420
- C:\Windows\System\KdDzQyo.exe
  C:\Windows\System\KdDzQyo.exe
  2⤵
  PID:10128
- C:\Windows\System\QEDsUZB.exe
  C:\Windows\System\QEDsUZB.exe
  2⤵
  PID:8564
- C:\Windows\System\gZTdSVJ.exe
  C:\Windows\System\gZTdSVJ.exe
  2⤵
  PID:8600
- C:\Windows\System\RAYaUwG.exe
  C:\Windows\System\RAYaUwG.exe
  2⤵
  PID:2948
- C:\Windows\System\ShjInEF.exe
  C:\Windows\System\ShjInEF.exe
  2⤵
  PID:8684
- C:\Windows\System\sitcxss.exe
  C:\Windows\System\sitcxss.exe
  2⤵
  PID:8704
- C:\Windows\System\DcJeGVc.exe
  C:\Windows\System\DcJeGVc.exe
  2⤵
  PID:8784
- C:\Windows\System\LsiwQBn.exe
  C:\Windows\System\LsiwQBn.exe
  2⤵
  PID:8612
- C:\Windows\System\blwXJRA.exe
  C:\Windows\System\blwXJRA.exe
  2⤵
  PID:8632
- C:\Windows\System\qToDLtj.exe
  C:\Windows\System\qToDLtj.exe
  2⤵
  PID:8828
- C:\Windows\System\aYvefxF.exe
  C:\Windows\System\aYvefxF.exe
  2⤵
  PID:8720
- C:\Windows\System\HfmxQfo.exe
  C:\Windows\System\HfmxQfo.exe
  2⤵
  PID:8652
- C:\Windows\System\leyKhQI.exe
  C:\Windows\System\leyKhQI.exe
  2⤵
  PID:8856
- C:\Windows\System\vVJodSM.exe
  C:\Windows\System\vVJodSM.exe
  2⤵
  PID:1488
- C:\Windows\System\JUvTxSx.exe
  C:\Windows\System\JUvTxSx.exe
  2⤵
  PID:8928
- C:\Windows\System\cKDyOgD.exe
  C:\Windows\System\cKDyOgD.exe
  2⤵
  PID:2680
- C:\Windows\System\QtuYhpy.exe
  C:\Windows\System\QtuYhpy.exe
  2⤵
  PID:9016
- C:\Windows\System\ButNejH.exe
  C:\Windows\System\ButNejH.exe
  2⤵
  PID:8912
- C:\Windows\System\VBMALka.exe
  C:\Windows\System\VBMALka.exe
  2⤵
  PID:9052
- C:\Windows\System\VJAbsnt.exe
  C:\Windows\System\VJAbsnt.exe
  2⤵
  PID:9124
- C:\Windows\System\ycDLoin.exe
  C:\Windows\System\ycDLoin.exe
  2⤵
  PID:9108
- C:\Windows\System\lqPQKDp.exe
  C:\Windows\System\lqPQKDp.exe
  2⤵
  PID:9004
- C:\Windows\System\HCQWxmD.exe
  C:\Windows\System\HCQWxmD.exe
  2⤵
  PID:9188
- C:\Windows\System\nZFwrTh.exe
  C:\Windows\System\nZFwrTh.exe
  2⤵
  PID:1992
- C:\Windows\System\ZHJMOhl.exe
  C:\Windows\System\ZHJMOhl.exe
  2⤵
  PID:7968
- C:\Windows\System\zmrzkzw.exe
  C:\Windows\System\zmrzkzw.exe
  2⤵
  PID:8292
- C:\Windows\System\KkCpoDb.exe
  C:\Windows\System\KkCpoDb.exe
  2⤵
  PID:8412
- C:\Windows\System\aIHatiU.exe
  C:\Windows\System\aIHatiU.exe
  2⤵
  PID:7432
- C:\Windows\System\sVcDJOg.exe
  C:\Windows\System\sVcDJOg.exe
  2⤵
  PID:6504
- C:\Windows\System\khgyRDC.exe
  C:\Windows\System\khgyRDC.exe
  2⤵
  PID:2200
- C:\Windows\System\oHGvjBj.exe
  C:\Windows\System\oHGvjBj.exe
  2⤵
  PID:8436
- C:\Windows\System\PijgehY.exe
  C:\Windows\System\PijgehY.exe
  2⤵
  PID:9228
- C:\Windows\System\bNmcZoZ.exe
  C:\Windows\System\bNmcZoZ.exe
  2⤵
  PID:9508
- C:\Windows\System\BJxaOQc.exe
  C:\Windows\System\BJxaOQc.exe
  2⤵
  PID:9448
- C:\Windows\System\DgKNGvy.exe
  C:\Windows\System\DgKNGvy.exe
  2⤵
  PID:9596
- C:\Windows\System\WBIBQjp.exe
  C:\Windows\System\WBIBQjp.exe
  2⤵
  PID:9944
- C:\Windows\System\JxMTpCM.exe
  C:\Windows\System\JxMTpCM.exe
  2⤵
  PID:9908
- C:\Windows\System\lCgWqED.exe
  C:\Windows\System\lCgWqED.exe
  2⤵
  PID:8760
- C:\Windows\System\RiIgKAo.exe
  C:\Windows\System\RiIgKAo.exe
  2⤵
  PID:8816
- C:\Windows\System\AFlZLcP.exe
  C:\Windows\System\AFlZLcP.exe
  2⤵
  PID:8948
- C:\Windows\System\lNlvsTO.exe
  C:\Windows\System\lNlvsTO.exe
  2⤵
  PID:9064
- C:\Windows\System\RnUuETV.exe
  C:\Windows\System\RnUuETV.exe
  2⤵
  PID:2688
- C:\Windows\System\JfKOhxv.exe
  C:\Windows\System\JfKOhxv.exe
  2⤵
  PID:9804
- C:\Windows\System\HXoFHyL.exe
  C:\Windows\System\HXoFHyL.exe
  2⤵
  PID:9948
- C:\Windows\System\jNyjVTv.exe
  C:\Windows\System\jNyjVTv.exe
  2⤵
  PID:10116
- C:\Windows\System\GXfunuR.exe
  C:\Windows\System\GXfunuR.exe
  2⤵
  PID:10180
- C:\Windows\System\wZrFsoE.exe
  C:\Windows\System\wZrFsoE.exe
  2⤵
  PID:9096
- C:\Windows\System\xfhdhWB.exe
  C:\Windows\System\xfhdhWB.exe
  2⤵
  PID:9904
- C:\Windows\System\GDmBsHY.exe
  C:\Windows\System\GDmBsHY.exe
  2⤵
  PID:8700
- C:\Windows\System\tAyuVcx.exe
  C:\Windows\System\tAyuVcx.exe
  2⤵
  PID:9084
- C:\Windows\System\VyaYFmC.exe
  C:\Windows\System\VyaYFmC.exe
  2⤵
  PID:8212
- C:\Windows\System\lywQCnB.exe
  C:\Windows\System\lywQCnB.exe
  2⤵
  PID:9092
- C:\Windows\System\RvvFRUK.exe
  C:\Windows\System\RvvFRUK.exe
  2⤵
  PID:9412
- C:\Windows\System\iKAidhO.exe
  C:\Windows\System\iKAidhO.exe
  2⤵
  PID:9720
- C:\Windows\System\gOPIbsb.exe
  C:\Windows\System\gOPIbsb.exe
  2⤵
  PID:9756
- C:\Windows\System\XNGpEzf.exe
  C:\Windows\System\XNGpEzf.exe
  2⤵
  PID:9816
- C:\Windows\System\xbQjtFO.exe
  C:\Windows\System\xbQjtFO.exe
  2⤵
  PID:9732
- C:\Windows\System\gLOddkB.exe
  C:\Windows\System\gLOddkB.exe
  2⤵
  PID:9532
- C:\Windows\System\YzAyfBk.exe
  C:\Windows\System\YzAyfBk.exe
  2⤵
  PID:9616
- C:\Windows\System\wwkUZLa.exe
  C:\Windows\System\wwkUZLa.exe
  2⤵
  PID:2836
- C:\Windows\System\lfyQuKp.exe
  C:\Windows\System\lfyQuKp.exe
  2⤵
  PID:10068
- C:\Windows\System\lvlMnpn.exe
  C:\Windows\System\lvlMnpn.exe
  2⤵
  PID:7000
- C:\Windows\System\AtogERN.exe
  C:\Windows\System\AtogERN.exe
  2⤵
  PID:10200
- C:\Windows\System\nGDdmyI.exe
  C:\Windows\System\nGDdmyI.exe
  2⤵
  PID:9996
- C:\Windows\System\zzUHsLa.exe
  C:\Windows\System\zzUHsLa.exe
  2⤵
  PID:8572
- C:\Windows\System\aStkVRU.exe
  C:\Windows\System\aStkVRU.exe
  2⤵
  PID:8620
- C:\Windows\System\vIhfyBI.exe
  C:\Windows\System\vIhfyBI.exe
  2⤵
  PID:8984
- C:\Windows\System\cChIBGC.exe
  C:\Windows\System\cChIBGC.exe
  2⤵
  PID:9392
- C:\Windows\System\BsIBlJL.exe
  C:\Windows\System\BsIBlJL.exe
  2⤵
  PID:1736
- C:\Windows\System\JfPTyXC.exe
  C:\Windows\System\JfPTyXC.exe
  2⤵
  PID:10008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AKRyMQc.exe

Filesize
6.0MB

MD5
c140c5e161be2b06ab1487cb7101cf8c

SHA1
cd3549e9f9e701876e1246dcf550d64040f4ad20

SHA256
cea450acd84523d57b153f800769589eba1f664673a9573fbea1ac50d3ec02f4

SHA512
5c9fce2b0c46a82bfa6120e725a3ec57073c607805323819db8e4f1fb6dec49985baf5b8b75964882ebb3d415b6847fed06332538545a740664eb18f4ec35c35

Download Submit
C:\Windows\system\AxSzZpl.exe

Filesize
6.0MB

MD5
4194d070fa118c6189b62d23e56a4891

SHA1
33546d6d89be7817b6293beb2d9ce4fbd11fc613

SHA256
e8463d369a083a17e6fdac0dbb126cbf3721cf72cfa0e378110d7fbd9efdbca2

SHA512
5565f6b9f09ae254da7d2e241408059e058abee7f659ba5d98445d8f5363c0efa974a0b377e0b43a248e45d6e5e32a4199016c220c017eaa6ecbef817a286d5f

Download Submit
C:\Windows\system\BithpgZ.exe

Filesize
6.0MB

MD5
e02833f08829eb479828b6ad468506fe

SHA1
731d85a5f1426f54eb94b4c4e0d86764b578755b

SHA256
c62200b7cd51943320a7568605321a83a88812de97d9e229182cc74b1eacc142

SHA512
34e17d0f5311078f9f0d07bd983e075d0e6f0262825777162223fc68d708a515176dff20bf5e48da8e58547a6c65532dbc2a46dd566ceaf8ffb6cd72e2272bf5

Download Submit
C:\Windows\system\BnHbpIC.exe

Filesize
6.0MB

MD5
2ef5075456b061c5c8d9fdaa543644ca

SHA1
2d86fd3e662e1bcc997f10fc722c67037a9bb69a

SHA256
da230f2c0447c0010f328742bba1cff70f0967538bbaff10551f7f9d0654353b

SHA512
451b840ff0adf59945adc39869f7fb4dd8759373d44ce3e721adcc765e1533053933d98be72be46420d427705158d4bfccc87d66f4f478eb36ddc77274fa27f0

Download Submit
C:\Windows\system\CtrLXyZ.exe

Filesize
6.0MB

MD5
21adeaa18cc6aa7b73fe3a84296434f2

SHA1
c5203d51a50c5698eafd8b3160f93235d48b6921

SHA256
11f71b1eddf4e8a61e62076074a8f95bec0bb23b8a0fa90bc4ad5f324e02b57f

SHA512
ad82b4a8ed21c3a19fa0caefd8cd4355533008601e3f8dc5369043a95737a2cfd6f24808fd8c1053952e6c12286ca45adc145a0900b323fe07975b9338565dae

Download Submit
C:\Windows\system\GIynVOZ.exe

Filesize
6.0MB

MD5
32c96cee5572ca08586b2d907d41a1ab

SHA1
7a69f3fb4365ac4cb2553846b7a51a6c6121604d

SHA256
d6230e125fc5ce94cd9d81c834711115100e19488097fd17c778931eb49a980c

SHA512
a03e446d494ee92479242b73e7d8fa70ea9ae01d6adce661c2124f84d2eb0f410744346135e829bb9163b732beeb1f0c6f264bf2b2a8525802b3ab7afeb033a8

Download Submit
C:\Windows\system\GxjOTdV.exe

Filesize
6.0MB

MD5
998355b41d2ecbd9826515cbf89a142b

SHA1
aed4f5c5cfb5bd74a32c4c05db01f6c719e54744

SHA256
684b4cbfef5cb41f8c1cd27aa12f685b57366bae935027c9f707e0129951d544

SHA512
bd9ecdc498cfe9a789be1ace27cbbb08b65e4de07d87567c00a54d5ce8c3cb3808607c738848717b0a4adc05f0010ace8f26c2feca7b514145cca47f6506e918

Download Submit
C:\Windows\system\IAIKtOI.exe

Filesize
6.0MB

MD5
abfea65b8db41b66b8f4abd23a52df8f

SHA1
a49f539e026b1b9d8a93abfffff2e4face2d4048

SHA256
d339338a80858b7ebd1320bfd41a609111789a68876b5a358f0ac1d833be8351

SHA512
56cd596fbb7a99592a45be6b5d9002869e72cde380fb35e0b11cdc35b439f19a22e8f794e8d9aecb3460e78b8e401a17cc7ce56ca68ff048e27418d945ea0967

Download Submit
C:\Windows\system\JsVgdEc.exe

Filesize
6.0MB

MD5
79dc2c1ef8543b853b1fe9d1ee2965ed

SHA1
dd0b7218a44850ae25477996043a6eafa8a233cf

SHA256
1acc89f29bd072a53f23c7dff0ccc9a4ba9bffa67cf37511233b909ff40f8469

SHA512
7db89d2098817cba65f741a35f8886c16876291fb0cf975a2031ac54008a9b85b28b96b929aa49aa3ddd882d014becbc957a80b590fd9a816382ab24fbe754dd

Download Submit
C:\Windows\system\PBSvnZs.exe

Filesize
6.0MB

MD5
e337b6d01d60121c29ea06bfb4271956

SHA1
8d51ba136e963b0c836752d6fe0d4b633cebe6bd

SHA256
e8a4c0671b3b49954c597681edc7593ed4af9cd56e679afe0572f20c4e855d64

SHA512
7449fb8ed99a3130cbe218376586e8477158a527b9e067ab91e6790d8fa0fc79d6eb13a8ee030e4204a1792288a5dc3a7f1cd31a0c6c281f3a9db497af74b004

Download Submit
C:\Windows\system\TYhbTSt.exe

Filesize
6.0MB

MD5
69f9e9d8f783cc6c87fa94708316f85e

SHA1
05f7b937ba6e6e2f06c65bdd815bd183a8a95539

SHA256
f2e965b89c77a5dec31452e473f74d57a85227c38140d940768e272a135f4381

SHA512
bddb6bc2f15c1fa8403b9c94e6672b571fc726f6a534a1b828aeccc627a393249345be331fc1b98bcd92b21e7b81cc6a5d6a1bf026a450361f66fda7ba9a0e3f

Download Submit
C:\Windows\system\UfnLfDQ.exe

Filesize
6.0MB

MD5
f85b0d64b6846d6a8550a86457f19fcf

SHA1
4c3cdc74d9b3fc9174a4e5de3a2a8f9b3f51bb20

SHA256
e51f8925ef804dfd8682e591a1dae9f64193bf20484c3301ac7c21f3a2c6bed0

SHA512
ecca2a2dab5c3a1e702ec2ee4c1dc0efe22b46437dc5f1562c8beece1361d656a8b4fb23236fdf069e38a01de1515c5c03b7b513572d976a31e4884049179562

Download Submit
C:\Windows\system\WTfzVJv.exe

Filesize
6.0MB

MD5
debe1ca04f097685fd6d67a6108c2a99

SHA1
6ec54753eaf2ac30ff130940cff1663608696eab

SHA256
8e1e2d6cd9a05da2d1ee29c18f9b1d5c5da1a0e2bbf774ba880b9475033afeae

SHA512
55fb6578e4045808ad679e473f8f21544e34faf2808293e73f7734bdcf5d8062e77d521a3b0335e4f0d9067fb095e076043d92f2f6702fd62ff333a2180f24de

Download Submit
C:\Windows\system\aeOgEyB.exe

Filesize
6.0MB

MD5
927005b58c5da01e248d2258d544d2e8

SHA1
57428b1d1bc54b87a0928754ae292a20d289cb0f

SHA256
9f948edc62fa8792d27d8c3abb589c444474a7a5f2f05af3122cd7b69f4bb3da

SHA512
18621dbb04b56cb3d65e71f30bbe2424b1904832c0f665ebd7634a7ca3387d10cc0324c0d8c3543df73785c815f6699ec49314ea8a6a71876ef6522420bfa223

Download Submit
C:\Windows\system\azPEWGa.exe

Filesize
6.0MB

MD5
d11953385bee73a2a744fc1f3d991cf2

SHA1
d12ae1183e7589c19249a578dc5cd67944779109

SHA256
98266339d2e2a4164f06cdc9584e311b1a4348375202bc97ffe303748b8b1f79

SHA512
b3d394b5df479673cf8994b90761e0e8e1987a9c9ce34bcac898683563bfc86c8c512cb9ae4c103c5f8c3782cb6db760784353e211db76e8ff6d194c78add837

Download Submit
C:\Windows\system\ccfrXaZ.exe

Filesize
6.0MB

MD5
e8b6250e70fbb475463a825608e64798

SHA1
a0c5ba86e1faf3aad26dbd7b47637a98d16eaacd

SHA256
1361f7ff34b8ad1bbf423f60df6076f1817944c8c6818fc431265b6ce840c14a

SHA512
3fb8039625f2392d1b303ad6bce2e3dd4cd98738efbb83c9f2dac38951a66a822d9bf1ee7678c2a9142656dd8e782acf828d9681777693c9f6fe29224d481347

Download Submit
C:\Windows\system\euOlHtw.exe

Filesize
6.0MB

MD5
7f15b44bedf94d864987d70edc65d22a

SHA1
cb93c4d4c5b37827988989336830fcdf76d18cc2

SHA256
8fa1ef09fd1348e5c5e83f0c8dd1abc4b1b8b46e42da4ff8d1002b898b670f7b

SHA512
23529a76de13e1323985f7e16413410062f3cbb63ff6217e9b25a6be9e15d8096bc413a500eab399eecb644d4a942cee8d457ca9acef25a7168b58682597e5f6

Download Submit
C:\Windows\system\hPGpxNh.exe

Filesize
6.0MB

MD5
529f5616979d2f10d59dff77a03e41dd

SHA1
60c0d75e80ba254309ea76210340f752af9ae2d8

SHA256
24dfb4052dca274c2745bb30f137b62631c88fbf78b5de8504a54823053a4b28

SHA512
984c76234864540ec92dffc0e9299bff352277e398e306fc39e0b444ee08f09e52512871942dc7a6a0fb4bcdf3e3fe1dce2897a9953ca24172bf1c4c7a5b024b

Download Submit
C:\Windows\system\iNmNvyf.exe

Filesize
6.0MB

MD5
44490057ac4ed1120206b8e903fd63fa

SHA1
3810074206dd6b65e30389f6020815103d0c9f52

SHA256
a24e6412b1baa0ec948768d87be8de98d2d2a7e3a87774e1ea16a5d595c93bdb

SHA512
d7cfdfe9bceb09f2369426b6ad3530fa50c64dd3a1d38928b3ecc64b0cb25e139f007a2858dedb2bb8ef0537246df7d0c938713f06adff057e21ca83a41b8168

Download Submit
C:\Windows\system\lLnfxPx.exe

Filesize
6.0MB

MD5
6f27320f8b12832823e0974d388c0b2f

SHA1
9396513b1e81c509840518b17f947445808d1b87

SHA256
e5c3c22db4c4d2f3e6cf4eb9326e8cff8875f2366c82125e2d548838ed92140f

SHA512
112531b521043c9effc205d10484de2c71bfd693104e3e83d4e4b07cc4a1d46f555ba13fb4bde102002ebafc98f4ca3dd5dd0e1aede92a09f162e7820efd386e

Download Submit
C:\Windows\system\ndgAGZY.exe

Filesize
6.0MB

MD5
16e873e2aa56906c0d96683f0c147919

SHA1
9d2e8696205e0a506ba3054dbff34afd4db2005c

SHA256
20d647df051148f72140aa53b3e031fbe7f2ca2b581971af32ff2db2388f3792

SHA512
a31e98eb5dd0ab47d67c22ab65670aeeb8c132a00fe840d090b042967730f827d7dada6c4b848a9edf24465f519e2a3a90b33455949ea53de775edc358e788ba

Download Submit
C:\Windows\system\qIJwkvo.exe

Filesize
6.0MB

MD5
d27686b2ff50d7d295c8cbe7cc849dec

SHA1
e0cdea283df7aa1ec55a56df65fc549c7a730f62

SHA256
c6f7deb246157fefd9cd9f0bacaa5b648029cbeee197ac0afdb6ef4670d91431

SHA512
d9fa1b2225afe5775564cedd34e074451b751fec96cb4fcf05ef3365a25fe278057368dd840bd49181cd7612ee638250d2737ffde59df6a887a850b239fb18aa

Download Submit
C:\Windows\system\shlgWAo.exe

Filesize
6.0MB

MD5
af64724a32451f46157cc0bb4b7e4f3b

SHA1
2d27a9bdf81ec7f6b01e9c19016731f6c2e1b94c

SHA256
3bf7f4841cfa8a0f91792315f76f901c6f4580e4002c8f7d94915821ff7072f2

SHA512
0a490915c62e0b89f90a4d770787cd1e138e3ebf49bb9ca6752c321a9388ed9919c3fc083daa8d72806209995e38bbe922e7ef9128666248204381e7380da139

Download Submit
C:\Windows\system\uuXJcDq.exe

Filesize
6.0MB

MD5
bf276597920e5fccfbff454040f725ff

SHA1
69dc767f969b7543b8b0110793aff394b0ffd1bd

SHA256
b494a02a9541f793ce3d6ecd99588045f6544fb5bfa80ee248726701e7e8a2c1

SHA512
0f9391876c1d8655a4ee1e9a3ab2390fea0224bf32f40db40afd47920a606db84b9e0ad95cd6106d713473043ae5b8270ad8cd6e47f8e25724b1145ba3fed3d6

Download Submit
C:\Windows\system\yQlgKba.exe

Filesize
6.0MB

MD5
a8b46c643a0dcc62f5f9b1296ded27a2

SHA1
e3419c956bb8d2849b02411787afcd327667882b

SHA256
aec1d56b4036f4ca680de509abdf1305d89b4d88ce5f3d567b29394e5fcbb70b

SHA512
9325628ceb4d85ec8da577b984bc7fe944c7e039eb7efcbddc04b4e29da9b3e41cb97f41f61d08c3372818ecc10317f57e09705b6c2d62eb98db80308ed45273

Download Submit
C:\Windows\system\zPOZEPo.exe

Filesize
6.0MB

MD5
3b4467aa95b8a03ddb8245a5371f46d3

SHA1
6bca045d7e72b0836d53f9ae4b822a126715c211

SHA256
49daacdf70f2bdd831bcf9e4c4c2ea9c1a1008a21b68953a10a6665af2bd9860

SHA512
da426c0064e1a0bda6e2bb21a8503d3361e6b5c3e42ecdb681b568054b7ad5d35dc3eebfb9102099239722c09128f2e99bedf6b41bdb6c880da4efc04befc352

Download Submit
C:\Windows\system\zdGNHiu.exe

Filesize
6.0MB

MD5
46b4883021fa3a6b2381be3c00ecfef2

SHA1
dec0632be25091f82b2d6876ca4441481f911137

SHA256
55d69ba12d16d38600e6ba51bd85761a027aa973edc67001b2c276c3195b2484

SHA512
49ebe6969e2e234b2de4022814adcc4a5fa8e74e544cde89a87acc5efa2337cf8cf92e8e6fe5a0aa749e6c8e06ac58401305f38c90c5055c20dda13b5302caef

Download Submit
C:\Windows\system\zpMbCGX.exe

Filesize
6.0MB

MD5
b0fe7c1fb80b0792d2768a6a3b8a4503

SHA1
c5651ec7265d49470c3cd6d23a8b8d127b20baeb

SHA256
21b89284d46ce871857d2d2b4071ca553ca9878567af86f35fda774cc010d7cc

SHA512
411de2195f429d3da73d834e9beda8d5e6eb547c255231c3e8e0bd2ea6923b8ae69f98b8763d291fe2dd06ea539decea2b2ae421068b9001369c99bf92e34186

Download Submit
\Windows\system\CXCnuWd.exe

Filesize
6.0MB

MD5
6f02401ed39bc1be1964dcfe3b9ea3d0

SHA1
30e19c3ae709237da4aecc335f5208343b4f2339

SHA256
20ecf940dc6c92aa0bd1f516eba78ce128371b7d312a89cc00db559592f21844

SHA512
98434af68f48e8cd9b2d53888856dc16d7556403f8df8ef943d5d2e29dfcdeebd5624feeb49623c296ec98254fedd4e150cc0a5c959e6452b3daf81863e4799e

Download Submit
\Windows\system\FynobkY.exe

Filesize
6.0MB

MD5
f2f9836f3bf341b342c72e064bf3acb4

SHA1
73abb6ec3daf62424ca1828021fa7ea1cf80827e

SHA256
f99049f562a541431b7e7c57d8df4723d69d79a0f41a0d40addf2854199a7eb6

SHA512
915fcb7d1f8cdcdbc97c0d53a2b64ee5833a8745b6ee6f96f235dfa5df96206b9ba107aae4dc271263d49817925579199a4faf56272408a339e7d77365112df2

Download Submit
\Windows\system\bBrVbrt.exe

Filesize
6.0MB

MD5
0d72264686efd4dd627c95c0e9e29730

SHA1
787dca355dc5201bef18974d8294b3ac0680e83e

SHA256
f17fb9a51dea6a142cd5457bc34d7a84aa3fa5ab697847051e02b3d2a041585b

SHA512
96d5a51ed1a10d2e290b686236c2e212eeca590027ca8252220f6f01d29e007f7e0cf7ae55c85bce0e565d7d073ef5764c5a19838b8ab249df877b7bc0df9f19

Download Submit
\Windows\system\iMNrsws.exe

Filesize
6.0MB

MD5
4dab2e77b7de8d0fdf1ce712add6968f

SHA1
77b97ee708cfc6db831d2590dd511cafd17babcc

SHA256
18631ca7875ea45ec972a8843508f9a9dd61245156526f47626d4593076b9ac3

SHA512
17d5f47eab88a30fc7cc7a27df1c6f559754f87aa3ff8a27bc7b4f0c1587a04e4f35203d9de0cf7a64100cb9e02f6afe52140c70fb2d688d2b1f2fa34b8367a3

Download Submit
\Windows\system\zHEJLGF.exe

Filesize
6.0MB

MD5
f7958a02e648754fb9d5d543da0c94fb

SHA1
3a5286c0f4b7aba06d45d4410416881b5244a554

SHA256
b0517167c29115b47467688c0c21031bd84ab8d4413f8aceecd3827d286567f1

SHA512
8f1dfa20d5a5ff6ef49c1630b01803e4548ea923864859171ce7ca35d92abc252b65c4ca2a1e7a7102a04f73bd7c276e5f3ffc3f8de5afb758d14b86fd0a1019

Download Submit
memory/592-98-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/592-4046-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/1680-91-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/1680-4048-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/1720-3269-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/1720-64-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/1800-11-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/1800-3258-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/1800-73-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2292-48-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2292-87-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2292-3259-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2412-3272-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2412-33-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2412-85-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2416-76-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2416-15-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2416-41-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2416-1-0x0000000001B20000-0x0000000001B30000-memory.dmp

Filesize
64KB

Download
memory/2416-88-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2416-22-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2416-0-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-26-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2416-737-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2416-65-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-566-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2416-301-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2416-60-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2416-59-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2416-57-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-55-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2416-94-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2436-3264-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2436-86-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2436-39-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2464-4049-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2464-79-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2628-4044-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2644-70-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2644-3278-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2712-97-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-68-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3270-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-3274-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2808-71-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2820-4047-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2820-74-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2888-4045-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2888-82-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download