cobaltstrike | 4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
17-11-2024 23:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
Size

6.0MB
MD5

11c61201af05d6eafd7ffff43cc26186
SHA1

8acaaf42ee163f5af19e09060daf2bcdd9745bad
SHA256

4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140
SHA512

67ab5426166384f00dd21d310849867690d8326e7aadca08ea8d6ad4b1b9632e8841c2e35ce9d3bc0753af6cf7e87dcd738310ceb1c39fef9a194f1aa51f92e9
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUf:T+q56utgpPF8u/7f

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
behavioral1/files/0x00080000000120f9-3.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001868b-7.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186f2-16.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018781-26.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018731-29.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001878c-35.dat	cobalt_reflective_dll
behavioral1/files/0x0035000000018669-44.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018bf3-48.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019496-74.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001925e-62.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019467-66.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001945c-73.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d0-90.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ad-86.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194fc-107.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957e-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019627-166.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001967f-187.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001963b-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019629-173.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962b-176.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019622-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-138.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e6-132.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-127.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952f-117.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019506-112.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-102.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/1964-0-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/files/0x00080000000120f9-3.dat	xmrig
behavioral1/files/0x000700000001868b-7.dat	xmrig
behavioral1/memory/2788-14-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2724-12-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/files/0x00070000000186f2-16.dat	xmrig
behavioral1/memory/2648-22-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/files/0x0006000000018781-26.dat	xmrig
behavioral1/files/0x0007000000018731-29.dat	xmrig
behavioral1/memory/2660-34-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/2640-33-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/files/0x000600000001878c-35.dat	xmrig
behavioral1/memory/1964-41-0x00000000022F0000-0x0000000002644000-memory.dmp	xmrig
behavioral1/memory/2524-43-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/2724-39-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/1964-36-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/files/0x0035000000018669-44.dat	xmrig
behavioral1/files/0x0007000000018bf3-48.dat	xmrig
behavioral1/memory/1296-57-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2980-56-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019496-74.dat	xmrig
behavioral1/memory/1964-61-0x00000000022F0000-0x0000000002644000-memory.dmp	xmrig
behavioral1/memory/1964-80-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/files/0x000700000001925e-62.dat	xmrig
behavioral1/memory/2336-68-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/files/0x0005000000019467-66.dat	xmrig
behavioral1/memory/2408-83-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/memory/2380-79-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/3008-76-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/files/0x000600000001945c-73.dat	xmrig
behavioral1/files/0x00050000000194d0-90.dat	xmrig
behavioral1/memory/2212-94-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/2344-87-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194ad-86.dat	xmrig
behavioral1/files/0x00050000000194fc-107.dat	xmrig
behavioral1/files/0x000500000001957e-122.dat	xmrig
behavioral1/files/0x0005000000019621-148.dat	xmrig
behavioral1/files/0x0005000000019623-156.dat	xmrig
behavioral1/files/0x0005000000019627-166.dat	xmrig
behavioral1/files/0x000500000001967f-187.dat	xmrig
behavioral1/memory/3008-310-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/2212-1181-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/2344-628-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/1964-545-0x00000000022F0000-0x0000000002644000-memory.dmp	xmrig
behavioral1/memory/2408-460-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/memory/2380-311-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/2336-218-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/files/0x000500000001963b-183.dat	xmrig
behavioral1/files/0x0005000000019629-173.dat	xmrig
behavioral1/files/0x000500000001962b-176.dat	xmrig
behavioral1/files/0x0005000000019625-163.dat	xmrig
behavioral1/files/0x0005000000019622-153.dat	xmrig
behavioral1/files/0x000500000001961f-143.dat	xmrig
behavioral1/files/0x000500000001961d-138.dat	xmrig
behavioral1/files/0x00050000000195e6-132.dat	xmrig
behavioral1/files/0x00050000000195a7-127.dat	xmrig
behavioral1/files/0x000500000001952f-117.dat	xmrig
behavioral1/files/0x0005000000019506-112.dat	xmrig
behavioral1/files/0x00050000000194ef-102.dat	xmrig
behavioral1/memory/1964-91-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/2724-3326-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/2648-3340-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/2788-3328-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2660-3370-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

YudKEKF.exenHQNlfZ.exeoPHYkNH.exeqkQmZXO.exenVLZdpI.exeSkFFvQi.exeGkCWIYp.exeBxGukJi.exetUWDwQt.exeKKXlRsZ.exefMWojmD.exephrIAga.exeoCymYuR.exeggLjOuA.exeGsXVcdO.exekvbfsGt.exeAafUEtG.exejjohezP.exePAdJLWZ.exeIclmyjc.exeUmiOBAC.exeKUmQhAA.exewnmUkOF.exeBqzBMQe.exeirAthhC.exeQMvjVsB.exeDecVFry.exeWRkfLdj.exebWevJmw.exeELtBQRn.exemeRtyqZ.execLwVarf.exeykZgIrW.exeUYcIwri.exeXJSxSGu.exeAKzKedc.exeKDCqyTI.exeYYTiPzO.exeEMQwVQu.exerwwAEBT.exeTDRBIZG.exegbHpmmF.exenAApAva.exelbqnYhv.exekTfpogi.exeLwCELsJ.exeOyWVjLG.exejsMCjpn.exeLqrxdGO.exeqonLWPp.exeMgUonLq.execoqycya.exeerxvxcl.exeVlsXGHr.exeFoDRNPY.exexmQiZMg.exepRsnrQz.exevQLRsUT.exefHQAmwP.exeRYVvljv.exeIHCuKov.exeztCJBsW.exeTZwLCRz.exeGQdHoqx.exe

pid	Process
2724	YudKEKF.exe
2788	nHQNlfZ.exe
2648	oPHYkNH.exe
2640	qkQmZXO.exe
2660	nVLZdpI.exe
2524	SkFFvQi.exe
1296	GkCWIYp.exe
2980	BxGukJi.exe
2336	tUWDwQt.exe
3008	KKXlRsZ.exe
2380	fMWojmD.exe
2408	phrIAga.exe
2344	oCymYuR.exe
2212	ggLjOuA.exe
2816	GsXVcdO.exe
568	kvbfsGt.exe
2760	AafUEtG.exe
2960	jjohezP.exe
3000	PAdJLWZ.exe
492	Iclmyjc.exe
320	UmiOBAC.exe
1824	KUmQhAA.exe
1108	wnmUkOF.exe
2892	BqzBMQe.exe
2208	irAthhC.exe
2248	QMvjVsB.exe
2504	DecVFry.exe
2916	WRkfLdj.exe
2080	bWevJmw.exe
1868	ELtBQRn.exe
1336	meRtyqZ.exe
1524	cLwVarf.exe
108	ykZgIrW.exe
1532	UYcIwri.exe
2352	XJSxSGu.exe
1376	AKzKedc.exe
856	KDCqyTI.exe
1252	YYTiPzO.exe
1280	EMQwVQu.exe
2416	rwwAEBT.exe
776	TDRBIZG.exe
2440	gbHpmmF.exe
1216	nAApAva.exe
2140	lbqnYhv.exe
2120	kTfpogi.exe
712	LwCELsJ.exe
2392	OyWVjLG.exe
2348	jsMCjpn.exe
1960	LqrxdGO.exe
1852	qonLWPp.exe
1796	MgUonLq.exe
660	coqycya.exe
1780	erxvxcl.exe
1628	VlsXGHr.exe
1444	FoDRNPY.exe
2720	xmQiZMg.exe
2528	pRsnrQz.exe
1724	vQLRsUT.exe
2768	fHQAmwP.exe
2224	RYVvljv.exe
2576	IHCuKov.exe
2584	ztCJBsW.exe
2552	TZwLCRz.exe
2988	GQdHoqx.exe

Loads dropped DLL 64 IoCs

Processes:

4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe

pid	Process
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1964-0-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/files/0x00080000000120f9-3.dat	upx
behavioral1/files/0x000700000001868b-7.dat	upx
behavioral1/memory/2788-14-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2724-12-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/files/0x00070000000186f2-16.dat	upx
behavioral1/memory/2648-22-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/files/0x0006000000018781-26.dat	upx
behavioral1/files/0x0007000000018731-29.dat	upx
behavioral1/memory/2660-34-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/2640-33-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/files/0x000600000001878c-35.dat	upx
behavioral1/memory/1964-41-0x00000000022F0000-0x0000000002644000-memory.dmp	upx
behavioral1/memory/2524-43-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2724-39-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/1964-36-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/files/0x0035000000018669-44.dat	upx
behavioral1/files/0x0007000000018bf3-48.dat	upx
behavioral1/memory/1296-57-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2980-56-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/files/0x0005000000019496-74.dat	upx
behavioral1/files/0x000700000001925e-62.dat	upx
behavioral1/memory/2336-68-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/files/0x0005000000019467-66.dat	upx
behavioral1/memory/2408-83-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/2380-79-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/3008-76-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/files/0x000600000001945c-73.dat	upx
behavioral1/files/0x00050000000194d0-90.dat	upx
behavioral1/memory/2212-94-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/2344-87-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/files/0x00050000000194ad-86.dat	upx
behavioral1/files/0x00050000000194fc-107.dat	upx
behavioral1/files/0x000500000001957e-122.dat	upx
behavioral1/files/0x0005000000019621-148.dat	upx
behavioral1/files/0x0005000000019623-156.dat	upx
behavioral1/files/0x0005000000019627-166.dat	upx
behavioral1/files/0x000500000001967f-187.dat	upx
behavioral1/memory/3008-310-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/2212-1181-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/2344-628-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/2408-460-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/2380-311-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/2336-218-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/files/0x000500000001963b-183.dat	upx
behavioral1/files/0x0005000000019629-173.dat	upx
behavioral1/files/0x000500000001962b-176.dat	upx
behavioral1/files/0x0005000000019625-163.dat	upx
behavioral1/files/0x0005000000019622-153.dat	upx
behavioral1/files/0x000500000001961f-143.dat	upx
behavioral1/files/0x000500000001961d-138.dat	upx
behavioral1/files/0x00050000000195e6-132.dat	upx
behavioral1/files/0x00050000000195a7-127.dat	upx
behavioral1/files/0x000500000001952f-117.dat	upx
behavioral1/files/0x0005000000019506-112.dat	upx
behavioral1/files/0x00050000000194ef-102.dat	upx
behavioral1/memory/2724-3326-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/2648-3340-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2788-3328-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2660-3370-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/2640-3374-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/memory/2524-3492-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/1296-3640-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2980-3601-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe

description	ioc	Process
File created	C:\Windows\System\JcvmTtu.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\ntnnFKk.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\cVFhXER.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\SuxSsNE.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\zKDaGon.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\mLUFqah.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\BZDxIND.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\IcURiqJ.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\BfHakJV.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\BTcrIwe.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\FxuZupk.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\jvFWEuU.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\PTuXHXe.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\PTENUYS.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\mqUtlZX.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\TNhwVKc.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\vEFmfey.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\unswHma.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\eSFinNx.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\FVbgqrI.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\PUjPLYb.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\VwquHzu.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\ooeOXNg.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\GucYKbM.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\mNioLOD.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\LFUDJwt.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\QgaBfUJ.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\WafjGTg.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\IuaKCcB.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\PObmTQh.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\UTZKQJn.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\OYJOuyZ.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\CsNuoFR.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\SYOSJPv.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\UmiOBAC.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\MPTvzSR.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\PUjAyWG.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\ZWmcnlQ.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\KsgDbtv.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\HesmQeP.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\MIVFXvA.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\YzHhnGr.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\drgIakd.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\YCSnXNt.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\wGdFmqU.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\fFInPNw.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\dpMDnZJ.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\eMylqcr.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\SakYdHx.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\ccyFWya.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\ILLVizN.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\ZTowFJn.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\sQGLRaI.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\KFQKZzl.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\xdIqwlr.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\jQQaetF.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\VHmbjfB.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\DsEwgPU.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\zpmSxeI.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\GWjWQVV.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\JegYXdg.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\iHknrVW.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\gcyUWWX.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
File created	C:\Windows\System\UeuIwcK.exe	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe

description	pid	Process	procid_target
PID 1964 wrote to memory of 2724	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	31
PID 1964 wrote to memory of 2724	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	31
PID 1964 wrote to memory of 2724	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	31
PID 1964 wrote to memory of 2788	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	32
PID 1964 wrote to memory of 2788	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	32
PID 1964 wrote to memory of 2788	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	32
PID 1964 wrote to memory of 2648	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	33
PID 1964 wrote to memory of 2648	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	33
PID 1964 wrote to memory of 2648	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	33
PID 1964 wrote to memory of 2640	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	34
PID 1964 wrote to memory of 2640	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	34
PID 1964 wrote to memory of 2640	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	34
PID 1964 wrote to memory of 2660	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	35
PID 1964 wrote to memory of 2660	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	35
PID 1964 wrote to memory of 2660	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	35
PID 1964 wrote to memory of 2524	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	36
PID 1964 wrote to memory of 2524	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	36
PID 1964 wrote to memory of 2524	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	36
PID 1964 wrote to memory of 1296	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	37
PID 1964 wrote to memory of 1296	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	37
PID 1964 wrote to memory of 1296	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	37
PID 1964 wrote to memory of 2980	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	38
PID 1964 wrote to memory of 2980	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	38
PID 1964 wrote to memory of 2980	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	38
PID 1964 wrote to memory of 2336	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	39
PID 1964 wrote to memory of 2336	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	39
PID 1964 wrote to memory of 2336	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	39
PID 1964 wrote to memory of 3008	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	40
PID 1964 wrote to memory of 3008	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	40
PID 1964 wrote to memory of 3008	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	40
PID 1964 wrote to memory of 2408	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	41
PID 1964 wrote to memory of 2408	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	41
PID 1964 wrote to memory of 2408	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	41
PID 1964 wrote to memory of 2380	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	42
PID 1964 wrote to memory of 2380	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	42
PID 1964 wrote to memory of 2380	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	42
PID 1964 wrote to memory of 2344	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	43
PID 1964 wrote to memory of 2344	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	43
PID 1964 wrote to memory of 2344	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	43
PID 1964 wrote to memory of 2212	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	44
PID 1964 wrote to memory of 2212	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	44
PID 1964 wrote to memory of 2212	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	44
PID 1964 wrote to memory of 2816	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	45
PID 1964 wrote to memory of 2816	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	45
PID 1964 wrote to memory of 2816	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	45
PID 1964 wrote to memory of 568	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	46
PID 1964 wrote to memory of 568	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	46
PID 1964 wrote to memory of 568	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	46
PID 1964 wrote to memory of 2760	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	47
PID 1964 wrote to memory of 2760	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	47
PID 1964 wrote to memory of 2760	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	47
PID 1964 wrote to memory of 2960	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	48
PID 1964 wrote to memory of 2960	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	48
PID 1964 wrote to memory of 2960	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	48
PID 1964 wrote to memory of 3000	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	49
PID 1964 wrote to memory of 3000	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	49
PID 1964 wrote to memory of 3000	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	49
PID 1964 wrote to memory of 492	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	50
PID 1964 wrote to memory of 492	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	50
PID 1964 wrote to memory of 492	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	50
PID 1964 wrote to memory of 320	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	51
PID 1964 wrote to memory of 320	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	51
PID 1964 wrote to memory of 320	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	51
PID 1964 wrote to memory of 1824	1964	4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe	52

C:\Users\Admin\AppData\Local\Temp\4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe
"C:\Users\Admin\AppData\Local\Temp\4fafbbb503eae6ad89c545b55f516c4b31876213f321edb76bc65708c3150140.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1964
- C:\Windows\System\YudKEKF.exe
  C:\Windows\System\YudKEKF.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\nHQNlfZ.exe
  C:\Windows\System\nHQNlfZ.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\oPHYkNH.exe
  C:\Windows\System\oPHYkNH.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\qkQmZXO.exe
  C:\Windows\System\qkQmZXO.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\nVLZdpI.exe
  C:\Windows\System\nVLZdpI.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\SkFFvQi.exe
  C:\Windows\System\SkFFvQi.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\GkCWIYp.exe
  C:\Windows\System\GkCWIYp.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\BxGukJi.exe
  C:\Windows\System\BxGukJi.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\tUWDwQt.exe
  C:\Windows\System\tUWDwQt.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\KKXlRsZ.exe
  C:\Windows\System\KKXlRsZ.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\phrIAga.exe
  C:\Windows\System\phrIAga.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\fMWojmD.exe
  C:\Windows\System\fMWojmD.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\oCymYuR.exe
  C:\Windows\System\oCymYuR.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\ggLjOuA.exe
  C:\Windows\System\ggLjOuA.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\GsXVcdO.exe
  C:\Windows\System\GsXVcdO.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\kvbfsGt.exe
  C:\Windows\System\kvbfsGt.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\AafUEtG.exe
  C:\Windows\System\AafUEtG.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\jjohezP.exe
  C:\Windows\System\jjohezP.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\PAdJLWZ.exe
  C:\Windows\System\PAdJLWZ.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\Iclmyjc.exe
  C:\Windows\System\Iclmyjc.exe
  2⤵
  - Executes dropped EXE
  PID:492
- C:\Windows\System\UmiOBAC.exe
  C:\Windows\System\UmiOBAC.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\KUmQhAA.exe
  C:\Windows\System\KUmQhAA.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\wnmUkOF.exe
  C:\Windows\System\wnmUkOF.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\BqzBMQe.exe
  C:\Windows\System\BqzBMQe.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\irAthhC.exe
  C:\Windows\System\irAthhC.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\QMvjVsB.exe
  C:\Windows\System\QMvjVsB.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\DecVFry.exe
  C:\Windows\System\DecVFry.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\WRkfLdj.exe
  C:\Windows\System\WRkfLdj.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\bWevJmw.exe
  C:\Windows\System\bWevJmw.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\ELtBQRn.exe
  C:\Windows\System\ELtBQRn.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\meRtyqZ.exe
  C:\Windows\System\meRtyqZ.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\cLwVarf.exe
  C:\Windows\System\cLwVarf.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\ykZgIrW.exe
  C:\Windows\System\ykZgIrW.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\UYcIwri.exe
  C:\Windows\System\UYcIwri.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\XJSxSGu.exe
  C:\Windows\System\XJSxSGu.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\AKzKedc.exe
  C:\Windows\System\AKzKedc.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\KDCqyTI.exe
  C:\Windows\System\KDCqyTI.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\YYTiPzO.exe
  C:\Windows\System\YYTiPzO.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\EMQwVQu.exe
  C:\Windows\System\EMQwVQu.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\rwwAEBT.exe
  C:\Windows\System\rwwAEBT.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\TDRBIZG.exe
  C:\Windows\System\TDRBIZG.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\gbHpmmF.exe
  C:\Windows\System\gbHpmmF.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\nAApAva.exe
  C:\Windows\System\nAApAva.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\lbqnYhv.exe
  C:\Windows\System\lbqnYhv.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\kTfpogi.exe
  C:\Windows\System\kTfpogi.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\LwCELsJ.exe
  C:\Windows\System\LwCELsJ.exe
  2⤵
  - Executes dropped EXE
  PID:712
- C:\Windows\System\OyWVjLG.exe
  C:\Windows\System\OyWVjLG.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\jsMCjpn.exe
  C:\Windows\System\jsMCjpn.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\LqrxdGO.exe
  C:\Windows\System\LqrxdGO.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\qonLWPp.exe
  C:\Windows\System\qonLWPp.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\MgUonLq.exe
  C:\Windows\System\MgUonLq.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\coqycya.exe
  C:\Windows\System\coqycya.exe
  2⤵
  - Executes dropped EXE
  PID:660
- C:\Windows\System\erxvxcl.exe
  C:\Windows\System\erxvxcl.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\VlsXGHr.exe
  C:\Windows\System\VlsXGHr.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\FoDRNPY.exe
  C:\Windows\System\FoDRNPY.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\xmQiZMg.exe
  C:\Windows\System\xmQiZMg.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\pRsnrQz.exe
  C:\Windows\System\pRsnrQz.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\vQLRsUT.exe
  C:\Windows\System\vQLRsUT.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\fHQAmwP.exe
  C:\Windows\System\fHQAmwP.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\RYVvljv.exe
  C:\Windows\System\RYVvljv.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\IHCuKov.exe
  C:\Windows\System\IHCuKov.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\ztCJBsW.exe
  C:\Windows\System\ztCJBsW.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\TZwLCRz.exe
  C:\Windows\System\TZwLCRz.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\GQdHoqx.exe
  C:\Windows\System\GQdHoqx.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\nGcfAdy.exe
  C:\Windows\System\nGcfAdy.exe
  2⤵
  PID:2052
- C:\Windows\System\pyHHzoH.exe
  C:\Windows\System\pyHHzoH.exe
  2⤵
  PID:2200
- C:\Windows\System\lRQbkrE.exe
  C:\Windows\System\lRQbkrE.exe
  2⤵
  PID:860
- C:\Windows\System\tfMZitl.exe
  C:\Windows\System\tfMZitl.exe
  2⤵
  PID:2856
- C:\Windows\System\YNDnWPm.exe
  C:\Windows\System\YNDnWPm.exe
  2⤵
  PID:924
- C:\Windows\System\lYvJTTZ.exe
  C:\Windows\System\lYvJTTZ.exe
  2⤵
  PID:2708
- C:\Windows\System\AuzHcRV.exe
  C:\Windows\System\AuzHcRV.exe
  2⤵
  PID:332
- C:\Windows\System\DvnZaHl.exe
  C:\Windows\System\DvnZaHl.exe
  2⤵
  PID:1100
- C:\Windows\System\AeTBogj.exe
  C:\Windows\System\AeTBogj.exe
  2⤵
  PID:2092
- C:\Windows\System\SCuuEaV.exe
  C:\Windows\System\SCuuEaV.exe
  2⤵
  PID:2232
- C:\Windows\System\UXnVSxf.exe
  C:\Windows\System\UXnVSxf.exe
  2⤵
  PID:2108
- C:\Windows\System\gAGvSFg.exe
  C:\Windows\System\gAGvSFg.exe
  2⤵
  PID:1836
- C:\Windows\System\bpXJTmi.exe
  C:\Windows\System\bpXJTmi.exe
  2⤵
  PID:2032
- C:\Windows\System\nEjMhRH.exe
  C:\Windows\System\nEjMhRH.exe
  2⤵
  PID:1200
- C:\Windows\System\PFMNXZe.exe
  C:\Windows\System\PFMNXZe.exe
  2⤵
  PID:268
- C:\Windows\System\PMNyfay.exe
  C:\Windows\System\PMNyfay.exe
  2⤵
  PID:944
- C:\Windows\System\GqwITDf.exe
  C:\Windows\System\GqwITDf.exe
  2⤵
  PID:2384
- C:\Windows\System\uNuYtWh.exe
  C:\Windows\System\uNuYtWh.exe
  2⤵
  PID:2912
- C:\Windows\System\GLwMtvU.exe
  C:\Windows\System\GLwMtvU.exe
  2⤵
  PID:2620
- C:\Windows\System\xpnKkOl.exe
  C:\Windows\System\xpnKkOl.exe
  2⤵
  PID:1668
- C:\Windows\System\dTMECiM.exe
  C:\Windows\System\dTMECiM.exe
  2⤵
  PID:1940
- C:\Windows\System\IITLhVv.exe
  C:\Windows\System\IITLhVv.exe
  2⤵
  PID:2188
- C:\Windows\System\HSTMpny.exe
  C:\Windows\System\HSTMpny.exe
  2⤵
  PID:2184
- C:\Windows\System\drgIakd.exe
  C:\Windows\System\drgIakd.exe
  2⤵
  PID:1680
- C:\Windows\System\yatWHZB.exe
  C:\Windows\System\yatWHZB.exe
  2⤵
  PID:2316
- C:\Windows\System\JNEqWoj.exe
  C:\Windows\System\JNEqWoj.exe
  2⤵
  PID:2076
- C:\Windows\System\ogwYdjM.exe
  C:\Windows\System\ogwYdjM.exe
  2⤵
  PID:872
- C:\Windows\System\sDYaXHd.exe
  C:\Windows\System\sDYaXHd.exe
  2⤵
  PID:2328
- C:\Windows\System\KAqXJgm.exe
  C:\Windows\System\KAqXJgm.exe
  2⤵
  PID:2712
- C:\Windows\System\TZUtQwP.exe
  C:\Windows\System\TZUtQwP.exe
  2⤵
  PID:1564
- C:\Windows\System\nAWbChg.exe
  C:\Windows\System\nAWbChg.exe
  2⤵
  PID:2664
- C:\Windows\System\aOcAUvI.exe
  C:\Windows\System\aOcAUvI.exe
  2⤵
  PID:2728
- C:\Windows\System\PDwQiCN.exe
  C:\Windows\System\PDwQiCN.exe
  2⤵
  PID:2596
- C:\Windows\System\uPMiWVW.exe
  C:\Windows\System\uPMiWVW.exe
  2⤵
  PID:3048
- C:\Windows\System\mmhJCMu.exe
  C:\Windows\System\mmhJCMu.exe
  2⤵
  PID:340
- C:\Windows\System\hHDkZLJ.exe
  C:\Windows\System\hHDkZLJ.exe
  2⤵
  PID:2636
- C:\Windows\System\ZYxiNnq.exe
  C:\Windows\System\ZYxiNnq.exe
  2⤵
  PID:2972
- C:\Windows\System\MjVKJgK.exe
  C:\Windows\System\MjVKJgK.exe
  2⤵
  PID:2240
- C:\Windows\System\qivmdWC.exe
  C:\Windows\System\qivmdWC.exe
  2⤵
  PID:2508
- C:\Windows\System\RSvHWXU.exe
  C:\Windows\System\RSvHWXU.exe
  2⤵
  PID:2900
- C:\Windows\System\KxssNDH.exe
  C:\Windows\System\KxssNDH.exe
  2⤵
  PID:772
- C:\Windows\System\cBxITai.exe
  C:\Windows\System\cBxITai.exe
  2⤵
  PID:2356
- C:\Windows\System\LUzhMLD.exe
  C:\Windows\System\LUzhMLD.exe
  2⤵
  PID:1776
- C:\Windows\System\VwgkoZY.exe
  C:\Windows\System\VwgkoZY.exe
  2⤵
  PID:1748
- C:\Windows\System\etpcCFy.exe
  C:\Windows\System\etpcCFy.exe
  2⤵
  PID:1604
- C:\Windows\System\etXSboH.exe
  C:\Windows\System\etXSboH.exe
  2⤵
  PID:2020
- C:\Windows\System\RePwJCW.exe
  C:\Windows\System\RePwJCW.exe
  2⤵
  PID:1984
- C:\Windows\System\bndXXIF.exe
  C:\Windows\System\bndXXIF.exe
  2⤵
  PID:2360
- C:\Windows\System\LMVjzLM.exe
  C:\Windows\System\LMVjzLM.exe
  2⤵
  PID:2820
- C:\Windows\System\byPvtji.exe
  C:\Windows\System\byPvtji.exe
  2⤵
  PID:1792
- C:\Windows\System\ymNWeZf.exe
  C:\Windows\System\ymNWeZf.exe
  2⤵
  PID:2456
- C:\Windows\System\rsApmtk.exe
  C:\Windows\System\rsApmtk.exe
  2⤵
  PID:2696
- C:\Windows\System\ESLjwgv.exe
  C:\Windows\System\ESLjwgv.exe
  2⤵
  PID:1288
- C:\Windows\System\xUSCBTH.exe
  C:\Windows\System\xUSCBTH.exe
  2⤵
  PID:2716
- C:\Windows\System\YUvCnNd.exe
  C:\Windows\System\YUvCnNd.exe
  2⤵
  PID:2532
- C:\Windows\System\wXfaHwi.exe
  C:\Windows\System\wXfaHwi.exe
  2⤵
  PID:1992
- C:\Windows\System\epbWBmA.exe
  C:\Windows\System\epbWBmA.exe
  2⤵
  PID:2692
- C:\Windows\System\heihnGJ.exe
  C:\Windows\System\heihnGJ.exe
  2⤵
  PID:2940
- C:\Windows\System\VvIeEvS.exe
  C:\Windows\System\VvIeEvS.exe
  2⤵
  PID:2164
- C:\Windows\System\mSfjmnY.exe
  C:\Windows\System\mSfjmnY.exe
  2⤵
  PID:1060
- C:\Windows\System\uhTqBar.exe
  C:\Windows\System\uhTqBar.exe
  2⤵
  PID:2452
- C:\Windows\System\GbICaox.exe
  C:\Windows\System\GbICaox.exe
  2⤵
  PID:1876
- C:\Windows\System\WCZhEnM.exe
  C:\Windows\System\WCZhEnM.exe
  2⤵
  PID:1544
- C:\Windows\System\pYZwgta.exe
  C:\Windows\System\pYZwgta.exe
  2⤵
  PID:2432
- C:\Windows\System\SHfqwQS.exe
  C:\Windows\System\SHfqwQS.exe
  2⤵
  PID:1692
- C:\Windows\System\KFQKZzl.exe
  C:\Windows\System\KFQKZzl.exe
  2⤵
  PID:3044
- C:\Windows\System\jRNvPea.exe
  C:\Windows\System\jRNvPea.exe
  2⤵
  PID:2404
- C:\Windows\System\sXBWUas.exe
  C:\Windows\System\sXBWUas.exe
  2⤵
  PID:1756
- C:\Windows\System\AUBNfVl.exe
  C:\Windows\System\AUBNfVl.exe
  2⤵
  PID:2772
- C:\Windows\System\npGMXYC.exe
  C:\Windows\System\npGMXYC.exe
  2⤵
  PID:2904
- C:\Windows\System\ChBChAh.exe
  C:\Windows\System\ChBChAh.exe
  2⤵
  PID:1820
- C:\Windows\System\IhcDLOF.exe
  C:\Windows\System\IhcDLOF.exe
  2⤵
  PID:1096
- C:\Windows\System\gJdlmAf.exe
  C:\Windows\System\gJdlmAf.exe
  2⤵
  PID:1712
- C:\Windows\System\vuEnfwK.exe
  C:\Windows\System\vuEnfwK.exe
  2⤵
  PID:3080
- C:\Windows\System\thBTIQl.exe
  C:\Windows\System\thBTIQl.exe
  2⤵
  PID:3096
- C:\Windows\System\FuzlTrV.exe
  C:\Windows\System\FuzlTrV.exe
  2⤵
  PID:3116
- C:\Windows\System\QAaXCLR.exe
  C:\Windows\System\QAaXCLR.exe
  2⤵
  PID:3136
- C:\Windows\System\seTLuSI.exe
  C:\Windows\System\seTLuSI.exe
  2⤵
  PID:3156
- C:\Windows\System\MsnnMog.exe
  C:\Windows\System\MsnnMog.exe
  2⤵
  PID:3180
- C:\Windows\System\kEhslno.exe
  C:\Windows\System\kEhslno.exe
  2⤵
  PID:3200
- C:\Windows\System\BoDugAy.exe
  C:\Windows\System\BoDugAy.exe
  2⤵
  PID:3220
- C:\Windows\System\HfYEvWT.exe
  C:\Windows\System\HfYEvWT.exe
  2⤵
  PID:3244
- C:\Windows\System\fQizgxk.exe
  C:\Windows\System\fQizgxk.exe
  2⤵
  PID:3264
- C:\Windows\System\lQNvNkl.exe
  C:\Windows\System\lQNvNkl.exe
  2⤵
  PID:3284
- C:\Windows\System\EoVmfIy.exe
  C:\Windows\System\EoVmfIy.exe
  2⤵
  PID:3304
- C:\Windows\System\edtYKJY.exe
  C:\Windows\System\edtYKJY.exe
  2⤵
  PID:3324
- C:\Windows\System\CaVGQqa.exe
  C:\Windows\System\CaVGQqa.exe
  2⤵
  PID:3348
- C:\Windows\System\msoYtUV.exe
  C:\Windows\System\msoYtUV.exe
  2⤵
  PID:3368
- C:\Windows\System\vuzqKMK.exe
  C:\Windows\System\vuzqKMK.exe
  2⤵
  PID:3388
- C:\Windows\System\UQOYGpZ.exe
  C:\Windows\System\UQOYGpZ.exe
  2⤵
  PID:3408
- C:\Windows\System\OdjgxID.exe
  C:\Windows\System\OdjgxID.exe
  2⤵
  PID:3428
- C:\Windows\System\VuBzRxO.exe
  C:\Windows\System\VuBzRxO.exe
  2⤵
  PID:3448
- C:\Windows\System\gZVTsnM.exe
  C:\Windows\System\gZVTsnM.exe
  2⤵
  PID:3468
- C:\Windows\System\WUdMadI.exe
  C:\Windows\System\WUdMadI.exe
  2⤵
  PID:3488
- C:\Windows\System\rXvormC.exe
  C:\Windows\System\rXvormC.exe
  2⤵
  PID:3508
- C:\Windows\System\zovKORd.exe
  C:\Windows\System\zovKORd.exe
  2⤵
  PID:3528
- C:\Windows\System\XDMWyDG.exe
  C:\Windows\System\XDMWyDG.exe
  2⤵
  PID:3548
- C:\Windows\System\tBPNzIf.exe
  C:\Windows\System\tBPNzIf.exe
  2⤵
  PID:3564
- C:\Windows\System\IKHdtHO.exe
  C:\Windows\System\IKHdtHO.exe
  2⤵
  PID:3584
- C:\Windows\System\tGpRGoZ.exe
  C:\Windows\System\tGpRGoZ.exe
  2⤵
  PID:3604
- C:\Windows\System\xwnSYMy.exe
  C:\Windows\System\xwnSYMy.exe
  2⤵
  PID:3632
- C:\Windows\System\wKxkFVd.exe
  C:\Windows\System\wKxkFVd.exe
  2⤵
  PID:3648
- C:\Windows\System\wKQukvh.exe
  C:\Windows\System\wKQukvh.exe
  2⤵
  PID:3668
- C:\Windows\System\ckhCfHe.exe
  C:\Windows\System\ckhCfHe.exe
  2⤵
  PID:3692
- C:\Windows\System\VhwpgHH.exe
  C:\Windows\System\VhwpgHH.exe
  2⤵
  PID:3712
- C:\Windows\System\OGPXwUb.exe
  C:\Windows\System\OGPXwUb.exe
  2⤵
  PID:3732
- C:\Windows\System\RHdQTxa.exe
  C:\Windows\System\RHdQTxa.exe
  2⤵
  PID:3752
- C:\Windows\System\uufKBdT.exe
  C:\Windows\System\uufKBdT.exe
  2⤵
  PID:3772
- C:\Windows\System\tnCzpTL.exe
  C:\Windows\System\tnCzpTL.exe
  2⤵
  PID:3792
- C:\Windows\System\rfmqhPE.exe
  C:\Windows\System\rfmqhPE.exe
  2⤵
  PID:3812
- C:\Windows\System\AbaJcJq.exe
  C:\Windows\System\AbaJcJq.exe
  2⤵
  PID:3832
- C:\Windows\System\JBZvfkQ.exe
  C:\Windows\System\JBZvfkQ.exe
  2⤵
  PID:3852
- C:\Windows\System\fUsUncR.exe
  C:\Windows\System\fUsUncR.exe
  2⤵
  PID:3876
- C:\Windows\System\PXdDorK.exe
  C:\Windows\System\PXdDorK.exe
  2⤵
  PID:3892
- C:\Windows\System\eLkVnIl.exe
  C:\Windows\System\eLkVnIl.exe
  2⤵
  PID:3912
- C:\Windows\System\tVyNJyy.exe
  C:\Windows\System\tVyNJyy.exe
  2⤵
  PID:3932
- C:\Windows\System\IArXuWd.exe
  C:\Windows\System\IArXuWd.exe
  2⤵
  PID:3956
- C:\Windows\System\tLRCZbO.exe
  C:\Windows\System\tLRCZbO.exe
  2⤵
  PID:3976
- C:\Windows\System\fVjyjaw.exe
  C:\Windows\System\fVjyjaw.exe
  2⤵
  PID:3996
- C:\Windows\System\fbAWCJw.exe
  C:\Windows\System\fbAWCJw.exe
  2⤵
  PID:4012
- C:\Windows\System\pSDXVPx.exe
  C:\Windows\System\pSDXVPx.exe
  2⤵
  PID:4036
- C:\Windows\System\xzICFmr.exe
  C:\Windows\System\xzICFmr.exe
  2⤵
  PID:4056
- C:\Windows\System\oueTOSR.exe
  C:\Windows\System\oueTOSR.exe
  2⤵
  PID:4076
- C:\Windows\System\EqmqRiU.exe
  C:\Windows\System\EqmqRiU.exe
  2⤵
  PID:2736
- C:\Windows\System\OJMGYif.exe
  C:\Windows\System\OJMGYif.exe
  2⤵
  PID:2428
- C:\Windows\System\wfjStXS.exe
  C:\Windows\System\wfjStXS.exe
  2⤵
  PID:1588
- C:\Windows\System\EbvoIsL.exe
  C:\Windows\System\EbvoIsL.exe
  2⤵
  PID:1608
- C:\Windows\System\zsLkQhv.exe
  C:\Windows\System\zsLkQhv.exe
  2⤵
  PID:1788
- C:\Windows\System\kxWwblk.exe
  C:\Windows\System\kxWwblk.exe
  2⤵
  PID:2320
- C:\Windows\System\Dbdxqqk.exe
  C:\Windows\System\Dbdxqqk.exe
  2⤵
  PID:3124
- C:\Windows\System\sFMjiKY.exe
  C:\Windows\System\sFMjiKY.exe
  2⤵
  PID:3176
- C:\Windows\System\qESNMHt.exe
  C:\Windows\System\qESNMHt.exe
  2⤵
  PID:3076
- C:\Windows\System\QOijDdg.exe
  C:\Windows\System\QOijDdg.exe
  2⤵
  PID:3208
- C:\Windows\System\FLdtCYO.exe
  C:\Windows\System\FLdtCYO.exe
  2⤵
  PID:3196
- C:\Windows\System\Dtnndrf.exe
  C:\Windows\System\Dtnndrf.exe
  2⤵
  PID:3236
- C:\Windows\System\KiGGgLJ.exe
  C:\Windows\System\KiGGgLJ.exe
  2⤵
  PID:3292
- C:\Windows\System\WhHYdqu.exe
  C:\Windows\System\WhHYdqu.exe
  2⤵
  PID:3280
- C:\Windows\System\GZJMlkA.exe
  C:\Windows\System\GZJMlkA.exe
  2⤵
  PID:3276
- C:\Windows\System\YZedGYQ.exe
  C:\Windows\System\YZedGYQ.exe
  2⤵
  PID:288
- C:\Windows\System\JFwIJHb.exe
  C:\Windows\System\JFwIJHb.exe
  2⤵
  PID:3380
- C:\Windows\System\apQOASI.exe
  C:\Windows\System\apQOASI.exe
  2⤵
  PID:3456
- C:\Windows\System\GFAMIPv.exe
  C:\Windows\System\GFAMIPv.exe
  2⤵
  PID:3436
- C:\Windows\System\EQxnSuI.exe
  C:\Windows\System\EQxnSuI.exe
  2⤵
  PID:3500
- C:\Windows\System\TAgDDtv.exe
  C:\Windows\System\TAgDDtv.exe
  2⤵
  PID:3476
- C:\Windows\System\DCRKXEI.exe
  C:\Windows\System\DCRKXEI.exe
  2⤵
  PID:3580
- C:\Windows\System\BXsHmSi.exe
  C:\Windows\System\BXsHmSi.exe
  2⤵
  PID:3624
- C:\Windows\System\GNbeRhE.exe
  C:\Windows\System\GNbeRhE.exe
  2⤵
  PID:3560
- C:\Windows\System\JwLnbJX.exe
  C:\Windows\System\JwLnbJX.exe
  2⤵
  PID:3664
- C:\Windows\System\kbwEHgU.exe
  C:\Windows\System\kbwEHgU.exe
  2⤵
  PID:3700
- C:\Windows\System\sXcUZII.exe
  C:\Windows\System\sXcUZII.exe
  2⤵
  PID:3720
- C:\Windows\System\UcwDFtR.exe
  C:\Windows\System\UcwDFtR.exe
  2⤵
  PID:3788
- C:\Windows\System\QfDoXey.exe
  C:\Windows\System\QfDoXey.exe
  2⤵
  PID:3800
- C:\Windows\System\yctwfSF.exe
  C:\Windows\System\yctwfSF.exe
  2⤵
  PID:3824
- C:\Windows\System\gDYrrzg.exe
  C:\Windows\System\gDYrrzg.exe
  2⤵
  PID:3864
- C:\Windows\System\WldkMuv.exe
  C:\Windows\System\WldkMuv.exe
  2⤵
  PID:3908
- C:\Windows\System\WqDjBFW.exe
  C:\Windows\System\WqDjBFW.exe
  2⤵
  PID:3888
- C:\Windows\System\OVHnHTf.exe
  C:\Windows\System\OVHnHTf.exe
  2⤵
  PID:3948
- C:\Windows\System\ZAqkalN.exe
  C:\Windows\System\ZAqkalN.exe
  2⤵
  PID:4020
- C:\Windows\System\onVqxfu.exe
  C:\Windows\System\onVqxfu.exe
  2⤵
  PID:3612
- C:\Windows\System\JtZxYHT.exe
  C:\Windows\System\JtZxYHT.exe
  2⤵
  PID:4072
- C:\Windows\System\jzMnbQN.exe
  C:\Windows\System\jzMnbQN.exe
  2⤵
  PID:4048
- C:\Windows\System\KuJANQw.exe
  C:\Windows\System\KuJANQw.exe
  2⤵
  PID:980
- C:\Windows\System\jCvdHQG.exe
  C:\Windows\System\jCvdHQG.exe
  2⤵
  PID:1440
- C:\Windows\System\JSyHJDH.exe
  C:\Windows\System\JSyHJDH.exe
  2⤵
  PID:2152
- C:\Windows\System\nIbqGyd.exe
  C:\Windows\System\nIbqGyd.exe
  2⤵
  PID:2572
- C:\Windows\System\YfIQiVe.exe
  C:\Windows\System\YfIQiVe.exe
  2⤵
  PID:1636
- C:\Windows\System\BWUIkcS.exe
  C:\Windows\System\BWUIkcS.exe
  2⤵
  PID:1516
- C:\Windows\System\iolBEEB.exe
  C:\Windows\System\iolBEEB.exe
  2⤵
  PID:3216
- C:\Windows\System\oiMxoAZ.exe
  C:\Windows\System\oiMxoAZ.exe
  2⤵
  PID:1980
- C:\Windows\System\aTnSweZ.exe
  C:\Windows\System\aTnSweZ.exe
  2⤵
  PID:3020
- C:\Windows\System\xRBcbrZ.exe
  C:\Windows\System\xRBcbrZ.exe
  2⤵
  PID:3396
- C:\Windows\System\yNnfAvR.exe
  C:\Windows\System\yNnfAvR.exe
  2⤵
  PID:1740
- C:\Windows\System\DRxiaio.exe
  C:\Windows\System\DRxiaio.exe
  2⤵
  PID:3504
- C:\Windows\System\hLBsclD.exe
  C:\Windows\System\hLBsclD.exe
  2⤵
  PID:3572
- C:\Windows\System\GadcZGA.exe
  C:\Windows\System\GadcZGA.exe
  2⤵
  PID:2764
- C:\Windows\System\BuvIbsf.exe
  C:\Windows\System\BuvIbsf.exe
  2⤵
  PID:3540
- C:\Windows\System\TFbnZcA.exe
  C:\Windows\System\TFbnZcA.exe
  2⤵
  PID:3616
- C:\Windows\System\ojDmCgA.exe
  C:\Windows\System\ojDmCgA.exe
  2⤵
  PID:3656
- C:\Windows\System\PrmklUk.exe
  C:\Windows\System\PrmklUk.exe
  2⤵
  PID:3780
- C:\Windows\System\ifRoaPN.exe
  C:\Windows\System\ifRoaPN.exe
  2⤵
  PID:3768
- C:\Windows\System\tpOzUoQ.exe
  C:\Windows\System\tpOzUoQ.exe
  2⤵
  PID:3900
- C:\Windows\System\sEfJOiH.exe
  C:\Windows\System\sEfJOiH.exe
  2⤵
  PID:3844
- C:\Windows\System\BTwrUOO.exe
  C:\Windows\System\BTwrUOO.exe
  2⤵
  PID:3944
- C:\Windows\System\RawOHTP.exe
  C:\Windows\System\RawOHTP.exe
  2⤵
  PID:4032
- C:\Windows\System\dgMCTHX.exe
  C:\Windows\System\dgMCTHX.exe
  2⤵
  PID:4008
- C:\Windows\System\GgJTnLe.exe
  C:\Windows\System\GgJTnLe.exe
  2⤵
  PID:4092
- C:\Windows\System\RPHNzfx.exe
  C:\Windows\System\RPHNzfx.exe
  2⤵
  PID:4088
- C:\Windows\System\hWeCNEf.exe
  C:\Windows\System\hWeCNEf.exe
  2⤵
  PID:896
- C:\Windows\System\wpOunGN.exe
  C:\Windows\System\wpOunGN.exe
  2⤵
  PID:3172
- C:\Windows\System\HcSXmpu.exe
  C:\Windows\System\HcSXmpu.exe
  2⤵
  PID:1596
- C:\Windows\System\iyteGgk.exe
  C:\Windows\System\iyteGgk.exe
  2⤵
  PID:3272
- C:\Windows\System\ZbEtLGR.exe
  C:\Windows\System\ZbEtLGR.exe
  2⤵
  PID:3416
- C:\Windows\System\pdvDfWZ.exe
  C:\Windows\System\pdvDfWZ.exe
  2⤵
  PID:3384
- C:\Windows\System\brwrTHL.exe
  C:\Windows\System\brwrTHL.exe
  2⤵
  PID:1660
- C:\Windows\System\lgVjkXv.exe
  C:\Windows\System\lgVjkXv.exe
  2⤵
  PID:3556
- C:\Windows\System\zfEGNyk.exe
  C:\Windows\System\zfEGNyk.exe
  2⤵
  PID:3688
- C:\Windows\System\frdBfSN.exe
  C:\Windows\System\frdBfSN.exe
  2⤵
  PID:3848
- C:\Windows\System\iOmFGUd.exe
  C:\Windows\System\iOmFGUd.exe
  2⤵
  PID:3920
- C:\Windows\System\gWWiZlr.exe
  C:\Windows\System\gWWiZlr.exe
  2⤵
  PID:3928
- C:\Windows\System\eOoxRou.exe
  C:\Windows\System\eOoxRou.exe
  2⤵
  PID:3972
- C:\Windows\System\NPRgeoX.exe
  C:\Windows\System\NPRgeoX.exe
  2⤵
  PID:4004
- C:\Windows\System\ijJJAdi.exe
  C:\Windows\System\ijJJAdi.exe
  2⤵
  PID:3088
- C:\Windows\System\AtCijJb.exe
  C:\Windows\System\AtCijJb.exe
  2⤵
  PID:3152
- C:\Windows\System\tMmKRft.exe
  C:\Windows\System\tMmKRft.exe
  2⤵
  PID:3232
- C:\Windows\System\iqMthuj.exe
  C:\Windows\System\iqMthuj.exe
  2⤵
  PID:3404
- C:\Windows\System\DFJXAWe.exe
  C:\Windows\System\DFJXAWe.exe
  2⤵
  PID:3520
- C:\Windows\System\IBhZWXX.exe
  C:\Windows\System\IBhZWXX.exe
  2⤵
  PID:3704
- C:\Windows\System\jWqCEhS.exe
  C:\Windows\System\jWqCEhS.exe
  2⤵
  PID:3868
- C:\Windows\System\IuRIIrI.exe
  C:\Windows\System\IuRIIrI.exe
  2⤵
  PID:4068
- C:\Windows\System\hPOXbIS.exe
  C:\Windows\System\hPOXbIS.exe
  2⤵
  PID:4052
- C:\Windows\System\OJuFfBF.exe
  C:\Windows\System\OJuFfBF.exe
  2⤵
  PID:1484
- C:\Windows\System\xQORrZQ.exe
  C:\Windows\System\xQORrZQ.exe
  2⤵
  PID:3192
- C:\Windows\System\SmayHRE.exe
  C:\Windows\System\SmayHRE.exe
  2⤵
  PID:2436
- C:\Windows\System\tXHuJbS.exe
  C:\Windows\System\tXHuJbS.exe
  2⤵
  PID:3496
- C:\Windows\System\iuTWbGq.exe
  C:\Windows\System\iuTWbGq.exe
  2⤵
  PID:3828
- C:\Windows\System\tegwcJX.exe
  C:\Windows\System\tegwcJX.exe
  2⤵
  PID:3860
- C:\Windows\System\yikwBkX.exe
  C:\Windows\System\yikwBkX.exe
  2⤵
  PID:636
- C:\Windows\System\iJonDKD.exe
  C:\Windows\System\iJonDKD.exe
  2⤵
  PID:1168
- C:\Windows\System\QgNYDtE.exe
  C:\Windows\System\QgNYDtE.exe
  2⤵
  PID:4120
- C:\Windows\System\DrtwuJo.exe
  C:\Windows\System\DrtwuJo.exe
  2⤵
  PID:4140
- C:\Windows\System\DNXTVob.exe
  C:\Windows\System\DNXTVob.exe
  2⤵
  PID:4164
- C:\Windows\System\PBjzXxA.exe
  C:\Windows\System\PBjzXxA.exe
  2⤵
  PID:4184
- C:\Windows\System\HErHlXd.exe
  C:\Windows\System\HErHlXd.exe
  2⤵
  PID:4204
- C:\Windows\System\xCpkNHK.exe
  C:\Windows\System\xCpkNHK.exe
  2⤵
  PID:4224
- C:\Windows\System\mdEhmJk.exe
  C:\Windows\System\mdEhmJk.exe
  2⤵
  PID:4244
- C:\Windows\System\IbBPRSm.exe
  C:\Windows\System\IbBPRSm.exe
  2⤵
  PID:4260
- C:\Windows\System\DoKxdOj.exe
  C:\Windows\System\DoKxdOj.exe
  2⤵
  PID:4284
- C:\Windows\System\wLZjFGw.exe
  C:\Windows\System\wLZjFGw.exe
  2⤵
  PID:4304
- C:\Windows\System\amtqntK.exe
  C:\Windows\System\amtqntK.exe
  2⤵
  PID:4324
- C:\Windows\System\PsFvxkX.exe
  C:\Windows\System\PsFvxkX.exe
  2⤵
  PID:4344
- C:\Windows\System\WACIZLi.exe
  C:\Windows\System\WACIZLi.exe
  2⤵
  PID:4364
- C:\Windows\System\oMscwiZ.exe
  C:\Windows\System\oMscwiZ.exe
  2⤵
  PID:4384
- C:\Windows\System\mMpqhHe.exe
  C:\Windows\System\mMpqhHe.exe
  2⤵
  PID:4404
- C:\Windows\System\jKCdAGg.exe
  C:\Windows\System\jKCdAGg.exe
  2⤵
  PID:4428
- C:\Windows\System\iWQQaTE.exe
  C:\Windows\System\iWQQaTE.exe
  2⤵
  PID:4448
- C:\Windows\System\CuTOJxG.exe
  C:\Windows\System\CuTOJxG.exe
  2⤵
  PID:4468
- C:\Windows\System\Bxzpwmt.exe
  C:\Windows\System\Bxzpwmt.exe
  2⤵
  PID:4488
- C:\Windows\System\ublxxGZ.exe
  C:\Windows\System\ublxxGZ.exe
  2⤵
  PID:4508
- C:\Windows\System\rSxyEvQ.exe
  C:\Windows\System\rSxyEvQ.exe
  2⤵
  PID:4528
- C:\Windows\System\yCIkmeu.exe
  C:\Windows\System\yCIkmeu.exe
  2⤵
  PID:4548
- C:\Windows\System\CoXcsiC.exe
  C:\Windows\System\CoXcsiC.exe
  2⤵
  PID:4568
- C:\Windows\System\niuSDfB.exe
  C:\Windows\System\niuSDfB.exe
  2⤵
  PID:4588
- C:\Windows\System\GOSrOlv.exe
  C:\Windows\System\GOSrOlv.exe
  2⤵
  PID:4608
- C:\Windows\System\gzURBac.exe
  C:\Windows\System\gzURBac.exe
  2⤵
  PID:4628
- C:\Windows\System\zSLTyQg.exe
  C:\Windows\System\zSLTyQg.exe
  2⤵
  PID:4648
- C:\Windows\System\juTiJHX.exe
  C:\Windows\System\juTiJHX.exe
  2⤵
  PID:4668
- C:\Windows\System\PqeHXWr.exe
  C:\Windows\System\PqeHXWr.exe
  2⤵
  PID:4688
- C:\Windows\System\UkHCNya.exe
  C:\Windows\System\UkHCNya.exe
  2⤵
  PID:4708
- C:\Windows\System\gnFriOV.exe
  C:\Windows\System\gnFriOV.exe
  2⤵
  PID:4728
- C:\Windows\System\NDRVhdK.exe
  C:\Windows\System\NDRVhdK.exe
  2⤵
  PID:4748
- C:\Windows\System\zIvHERG.exe
  C:\Windows\System\zIvHERG.exe
  2⤵
  PID:4768
- C:\Windows\System\FYqkTtB.exe
  C:\Windows\System\FYqkTtB.exe
  2⤵
  PID:4788
- C:\Windows\System\vcguNXr.exe
  C:\Windows\System\vcguNXr.exe
  2⤵
  PID:4808
- C:\Windows\System\tpKzESc.exe
  C:\Windows\System\tpKzESc.exe
  2⤵
  PID:4828
- C:\Windows\System\wiACtwM.exe
  C:\Windows\System\wiACtwM.exe
  2⤵
  PID:4848
- C:\Windows\System\upgyuEY.exe
  C:\Windows\System\upgyuEY.exe
  2⤵
  PID:4868
- C:\Windows\System\DxYJUlh.exe
  C:\Windows\System\DxYJUlh.exe
  2⤵
  PID:4888
- C:\Windows\System\UTZKQJn.exe
  C:\Windows\System\UTZKQJn.exe
  2⤵
  PID:4908
- C:\Windows\System\RGhDOFv.exe
  C:\Windows\System\RGhDOFv.exe
  2⤵
  PID:4928
- C:\Windows\System\dLTOwZS.exe
  C:\Windows\System\dLTOwZS.exe
  2⤵
  PID:4948
- C:\Windows\System\nDvzjAV.exe
  C:\Windows\System\nDvzjAV.exe
  2⤵
  PID:4968
- C:\Windows\System\vWWWjzb.exe
  C:\Windows\System\vWWWjzb.exe
  2⤵
  PID:4988
- C:\Windows\System\pAarMuL.exe
  C:\Windows\System\pAarMuL.exe
  2⤵
  PID:5008
- C:\Windows\System\kdEAVXs.exe
  C:\Windows\System\kdEAVXs.exe
  2⤵
  PID:5028
- C:\Windows\System\vNVTJVA.exe
  C:\Windows\System\vNVTJVA.exe
  2⤵
  PID:5048
- C:\Windows\System\wsLWFMJ.exe
  C:\Windows\System\wsLWFMJ.exe
  2⤵
  PID:5068
- C:\Windows\System\msAALIz.exe
  C:\Windows\System\msAALIz.exe
  2⤵
  PID:5088
- C:\Windows\System\wdxSnHR.exe
  C:\Windows\System\wdxSnHR.exe
  2⤵
  PID:5108
- C:\Windows\System\EuTYGqD.exe
  C:\Windows\System\EuTYGqD.exe
  2⤵
  PID:3360
- C:\Windows\System\cSXVOtb.exe
  C:\Windows\System\cSXVOtb.exe
  2⤵
  PID:2740
- C:\Windows\System\PPxdfrx.exe
  C:\Windows\System\PPxdfrx.exe
  2⤵
  PID:3820
- C:\Windows\System\JoCMlNa.exe
  C:\Windows\System\JoCMlNa.exe
  2⤵
  PID:4112
- C:\Windows\System\SrtwGaA.exe
  C:\Windows\System\SrtwGaA.exe
  2⤵
  PID:3440
- C:\Windows\System\yirPJkq.exe
  C:\Windows\System\yirPJkq.exe
  2⤵
  PID:4160
- C:\Windows\System\YokQIPH.exe
  C:\Windows\System\YokQIPH.exe
  2⤵
  PID:4192
- C:\Windows\System\ASKtAMQ.exe
  C:\Windows\System\ASKtAMQ.exe
  2⤵
  PID:4232
- C:\Windows\System\FkrFqEo.exe
  C:\Windows\System\FkrFqEo.exe
  2⤵
  PID:4236
- C:\Windows\System\CzbBPAD.exe
  C:\Windows\System\CzbBPAD.exe
  2⤵
  PID:4252
- C:\Windows\System\IqjPzve.exe
  C:\Windows\System\IqjPzve.exe
  2⤵
  PID:4296
- C:\Windows\System\DMkoFsp.exe
  C:\Windows\System\DMkoFsp.exe
  2⤵
  PID:4360
- C:\Windows\System\IineJUc.exe
  C:\Windows\System\IineJUc.exe
  2⤵
  PID:4380
- C:\Windows\System\JmzGrjT.exe
  C:\Windows\System\JmzGrjT.exe
  2⤵
  PID:4412
- C:\Windows\System\HLcTyKt.exe
  C:\Windows\System\HLcTyKt.exe
  2⤵
  PID:4440
- C:\Windows\System\spDTdkV.exe
  C:\Windows\System\spDTdkV.exe
  2⤵
  PID:4460
- C:\Windows\System\xjKHTun.exe
  C:\Windows\System\xjKHTun.exe
  2⤵
  PID:4504
- C:\Windows\System\YQKYafy.exe
  C:\Windows\System\YQKYafy.exe
  2⤵
  PID:4536
- C:\Windows\System\HLLeHKC.exe
  C:\Windows\System\HLLeHKC.exe
  2⤵
  PID:4560
- C:\Windows\System\WxUnmUh.exe
  C:\Windows\System\WxUnmUh.exe
  2⤵
  PID:4580
- C:\Windows\System\qxVeSIN.exe
  C:\Windows\System\qxVeSIN.exe
  2⤵
  PID:4624
- C:\Windows\System\AusymEs.exe
  C:\Windows\System\AusymEs.exe
  2⤵
  PID:4656
- C:\Windows\System\CafxXFl.exe
  C:\Windows\System\CafxXFl.exe
  2⤵
  PID:4696
- C:\Windows\System\UpwmDgf.exe
  C:\Windows\System\UpwmDgf.exe
  2⤵
  PID:4724
- C:\Windows\System\zETzdaX.exe
  C:\Windows\System\zETzdaX.exe
  2⤵
  PID:4764
- C:\Windows\System\SPqTtPJ.exe
  C:\Windows\System\SPqTtPJ.exe
  2⤵
  PID:4796
- C:\Windows\System\erIXBid.exe
  C:\Windows\System\erIXBid.exe
  2⤵
  PID:4816
- C:\Windows\System\AudnclF.exe
  C:\Windows\System\AudnclF.exe
  2⤵
  PID:4820
- C:\Windows\System\kXTSVNx.exe
  C:\Windows\System\kXTSVNx.exe
  2⤵
  PID:644
- C:\Windows\System\ChXMcHr.exe
  C:\Windows\System\ChXMcHr.exe
  2⤵
  PID:4924
- C:\Windows\System\lOtEMEc.exe
  C:\Windows\System\lOtEMEc.exe
  2⤵
  PID:4900
- C:\Windows\System\BnwLDVS.exe
  C:\Windows\System\BnwLDVS.exe
  2⤵
  PID:4944
- C:\Windows\System\KobgZTc.exe
  C:\Windows\System\KobgZTc.exe
  2⤵
  PID:4984
- C:\Windows\System\SVZbjHV.exe
  C:\Windows\System\SVZbjHV.exe
  2⤵
  PID:5036
- C:\Windows\System\JSdlcHL.exe
  C:\Windows\System\JSdlcHL.exe
  2⤵
  PID:5024
- C:\Windows\System\IVYxVBv.exe
  C:\Windows\System\IVYxVBv.exe
  2⤵
  PID:5056
- C:\Windows\System\dfXXxEq.exe
  C:\Windows\System\dfXXxEq.exe
  2⤵
  PID:2592
- C:\Windows\System\fhNuQak.exe
  C:\Windows\System\fhNuQak.exe
  2⤵
  PID:5100
- C:\Windows\System\rNlXrDf.exe
  C:\Windows\System\rNlXrDf.exe
  2⤵
  PID:448
- C:\Windows\System\ZTckxRV.exe
  C:\Windows\System\ZTckxRV.exe
  2⤵
  PID:2196
- C:\Windows\System\ERvoDNI.exe
  C:\Windows\System\ERvoDNI.exe
  2⤵
  PID:3112
- C:\Windows\System\eNjpOtp.exe
  C:\Windows\System\eNjpOtp.exe
  2⤵
  PID:892
- C:\Windows\System\pCsNUwG.exe
  C:\Windows\System\pCsNUwG.exe
  2⤵
  PID:1036
- C:\Windows\System\tigOGDD.exe
  C:\Windows\System\tigOGDD.exe
  2⤵
  PID:616
- C:\Windows\System\rDLCzUd.exe
  C:\Windows\System\rDLCzUd.exe
  2⤵
  PID:4272
- C:\Windows\System\ZJveXsf.exe
  C:\Windows\System\ZJveXsf.exe
  2⤵
  PID:4332
- C:\Windows\System\DQhxoID.exe
  C:\Windows\System\DQhxoID.exe
  2⤵
  PID:4436
- C:\Windows\System\WbrVbOB.exe
  C:\Windows\System\WbrVbOB.exe
  2⤵
  PID:2256
- C:\Windows\System\oOcmrGF.exe
  C:\Windows\System\oOcmrGF.exe
  2⤵
  PID:4476
- C:\Windows\System\aoipMiN.exe
  C:\Windows\System\aoipMiN.exe
  2⤵
  PID:4564
- C:\Windows\System\JjbIxaf.exe
  C:\Windows\System\JjbIxaf.exe
  2⤵
  PID:2756
- C:\Windows\System\ommKpTM.exe
  C:\Windows\System\ommKpTM.exe
  2⤵
  PID:2952
- C:\Windows\System\UztxUob.exe
  C:\Windows\System\UztxUob.exe
  2⤵
  PID:4616
- C:\Windows\System\fzZNsUY.exe
  C:\Windows\System\fzZNsUY.exe
  2⤵
  PID:4604
- C:\Windows\System\CUozQdL.exe
  C:\Windows\System\CUozQdL.exe
  2⤵
  PID:4676
- C:\Windows\System\BPysxej.exe
  C:\Windows\System\BPysxej.exe
  2⤵
  PID:4700
- C:\Windows\System\duEOyjb.exe
  C:\Windows\System\duEOyjb.exe
  2⤵
  PID:4716
- C:\Windows\System\YAshOkb.exe
  C:\Windows\System\YAshOkb.exe
  2⤵
  PID:4780
- C:\Windows\System\OoLncLp.exe
  C:\Windows\System\OoLncLp.exe
  2⤵
  PID:2944
- C:\Windows\System\bTDHdme.exe
  C:\Windows\System\bTDHdme.exe
  2⤵
  PID:2984
- C:\Windows\System\gllgNxi.exe
  C:\Windows\System\gllgNxi.exe
  2⤵
  PID:4860
- C:\Windows\System\QozYzTN.exe
  C:\Windows\System\QozYzTN.exe
  2⤵
  PID:4904
- C:\Windows\System\aBFKovk.exe
  C:\Windows\System\aBFKovk.exe
  2⤵
  PID:5076
- C:\Windows\System\zkUFeps.exe
  C:\Windows\System\zkUFeps.exe
  2⤵
  PID:3640
- C:\Windows\System\LYBfDgg.exe
  C:\Windows\System\LYBfDgg.exe
  2⤵
  PID:2204
- C:\Windows\System\MMOcRje.exe
  C:\Windows\System\MMOcRje.exe
  2⤵
  PID:4216
- C:\Windows\System\bWZsCmu.exe
  C:\Windows\System\bWZsCmu.exe
  2⤵
  PID:4312
- C:\Windows\System\kRdrKTH.exe
  C:\Windows\System\kRdrKTH.exe
  2⤵
  PID:2860
- C:\Windows\System\eFOedXp.exe
  C:\Windows\System\eFOedXp.exe
  2⤵
  PID:4996
- C:\Windows\System\WYXoegD.exe
  C:\Windows\System\WYXoegD.exe
  2⤵
  PID:4108
- C:\Windows\System\QOkDUxN.exe
  C:\Windows\System\QOkDUxN.exe
  2⤵
  PID:4396
- C:\Windows\System\vlLjHKO.exe
  C:\Windows\System\vlLjHKO.exe
  2⤵
  PID:2836
- C:\Windows\System\rZirFHw.exe
  C:\Windows\System\rZirFHw.exe
  2⤵
  PID:4756
- C:\Windows\System\HRQrbNj.exe
  C:\Windows\System\HRQrbNj.exe
  2⤵
  PID:4444
- C:\Windows\System\BSsilDV.exe
  C:\Windows\System\BSsilDV.exe
  2⤵
  PID:696
- C:\Windows\System\udKAuNr.exe
  C:\Windows\System\udKAuNr.exe
  2⤵
  PID:2372
- C:\Windows\System\PXrnbAA.exe
  C:\Windows\System\PXrnbAA.exe
  2⤵
  PID:2288
- C:\Windows\System\jSUlSYc.exe
  C:\Windows\System\jSUlSYc.exe
  2⤵
  PID:4776
- C:\Windows\System\sxSAcfO.exe
  C:\Windows\System\sxSAcfO.exe
  2⤵
  PID:4916
- C:\Windows\System\UNXFZKs.exe
  C:\Windows\System\UNXFZKs.exe
  2⤵
  PID:4920
- C:\Windows\System\klPbtlg.exe
  C:\Windows\System\klPbtlg.exe
  2⤵
  PID:4584
- C:\Windows\System\iHknrVW.exe
  C:\Windows\System\iHknrVW.exe
  2⤵
  PID:4880
- C:\Windows\System\aCWbjAP.exe
  C:\Windows\System\aCWbjAP.exe
  2⤵
  PID:4220
- C:\Windows\System\FMlOHKx.exe
  C:\Windows\System\FMlOHKx.exe
  2⤵
  PID:5040
- C:\Windows\System\whzhACc.exe
  C:\Windows\System\whzhACc.exe
  2⤵
  PID:4680
- C:\Windows\System\CFpBGDf.exe
  C:\Windows\System\CFpBGDf.exe
  2⤵
  PID:4516
- C:\Windows\System\KbLOlNk.exe
  C:\Windows\System\KbLOlNk.exe
  2⤵
  PID:4176
- C:\Windows\System\aRLjeGV.exe
  C:\Windows\System\aRLjeGV.exe
  2⤵
  PID:4760
- C:\Windows\System\VRLnynh.exe
  C:\Windows\System\VRLnynh.exe
  2⤵
  PID:4896
- C:\Windows\System\pbARnAT.exe
  C:\Windows\System\pbARnAT.exe
  2⤵
  PID:2568
- C:\Windows\System\jfGLCkC.exe
  C:\Windows\System\jfGLCkC.exe
  2⤵
  PID:4300
- C:\Windows\System\WERqYCF.exe
  C:\Windows\System\WERqYCF.exe
  2⤵
  PID:4964
- C:\Windows\System\lTVgeXL.exe
  C:\Windows\System\lTVgeXL.exe
  2⤵
  PID:1860
- C:\Windows\System\nLTAzUX.exe
  C:\Windows\System\nLTAzUX.exe
  2⤵
  PID:4736
- C:\Windows\System\VyBgOtF.exe
  C:\Windows\System\VyBgOtF.exe
  2⤵
  PID:5044
- C:\Windows\System\oWhanlE.exe
  C:\Windows\System\oWhanlE.exe
  2⤵
  PID:5104
- C:\Windows\System\MvqTiCf.exe
  C:\Windows\System\MvqTiCf.exe
  2⤵
  PID:4596
- C:\Windows\System\aIWrzeU.exe
  C:\Windows\System\aIWrzeU.exe
  2⤵
  PID:3600
- C:\Windows\System\pAubGWV.exe
  C:\Windows\System\pAubGWV.exe
  2⤵
  PID:4876
- C:\Windows\System\RkCqrqY.exe
  C:\Windows\System\RkCqrqY.exe
  2⤵
  PID:4864
- C:\Windows\System\MsIhryl.exe
  C:\Windows\System\MsIhryl.exe
  2⤵
  PID:3724
- C:\Windows\System\FaqbtTr.exe
  C:\Windows\System\FaqbtTr.exe
  2⤵
  PID:5132
- C:\Windows\System\FKTyDmI.exe
  C:\Windows\System\FKTyDmI.exe
  2⤵
  PID:5148
- C:\Windows\System\WJJeLPU.exe
  C:\Windows\System\WJJeLPU.exe
  2⤵
  PID:5164
- C:\Windows\System\yEqEAKd.exe
  C:\Windows\System\yEqEAKd.exe
  2⤵
  PID:5180
- C:\Windows\System\RlsOtpm.exe
  C:\Windows\System\RlsOtpm.exe
  2⤵
  PID:5196
- C:\Windows\System\WbDNyNw.exe
  C:\Windows\System\WbDNyNw.exe
  2⤵
  PID:5232
- C:\Windows\System\zKDaGon.exe
  C:\Windows\System\zKDaGon.exe
  2⤵
  PID:5248
- C:\Windows\System\VVlABhU.exe
  C:\Windows\System\VVlABhU.exe
  2⤵
  PID:5272
- C:\Windows\System\nDTIQUM.exe
  C:\Windows\System\nDTIQUM.exe
  2⤵
  PID:5292
- C:\Windows\System\ZsevhsJ.exe
  C:\Windows\System\ZsevhsJ.exe
  2⤵
  PID:5316
- C:\Windows\System\RLxAQxQ.exe
  C:\Windows\System\RLxAQxQ.exe
  2⤵
  PID:5336
- C:\Windows\System\uoLKhSw.exe
  C:\Windows\System\uoLKhSw.exe
  2⤵
  PID:5356
- C:\Windows\System\ftQVttl.exe
  C:\Windows\System\ftQVttl.exe
  2⤵
  PID:5372
- C:\Windows\System\lFMcHIt.exe
  C:\Windows\System\lFMcHIt.exe
  2⤵
  PID:5388
- C:\Windows\System\oKfsvYo.exe
  C:\Windows\System\oKfsvYo.exe
  2⤵
  PID:5412
- C:\Windows\System\guMHcmk.exe
  C:\Windows\System\guMHcmk.exe
  2⤵
  PID:5452
- C:\Windows\System\bVkVswB.exe
  C:\Windows\System\bVkVswB.exe
  2⤵
  PID:5468
- C:\Windows\System\dchURBY.exe
  C:\Windows\System\dchURBY.exe
  2⤵
  PID:5492
- C:\Windows\System\ahqfTfG.exe
  C:\Windows\System\ahqfTfG.exe
  2⤵
  PID:5508
- C:\Windows\System\kkHwBfh.exe
  C:\Windows\System\kkHwBfh.exe
  2⤵
  PID:5524
- C:\Windows\System\YCSnXNt.exe
  C:\Windows\System\YCSnXNt.exe
  2⤵
  PID:5540
- C:\Windows\System\qgbEKqV.exe
  C:\Windows\System\qgbEKqV.exe
  2⤵
  PID:5560
- C:\Windows\System\jxorZrR.exe
  C:\Windows\System\jxorZrR.exe
  2⤵
  PID:5576
- C:\Windows\System\SplSzoo.exe
  C:\Windows\System\SplSzoo.exe
  2⤵
  PID:5592
- C:\Windows\System\eQTBQnV.exe
  C:\Windows\System\eQTBQnV.exe
  2⤵
  PID:5608
- C:\Windows\System\nHQBkDZ.exe
  C:\Windows\System\nHQBkDZ.exe
  2⤵
  PID:5628
- C:\Windows\System\mLUFqah.exe
  C:\Windows\System\mLUFqah.exe
  2⤵
  PID:5648
- C:\Windows\System\sHeDEzl.exe
  C:\Windows\System\sHeDEzl.exe
  2⤵
  PID:5664
- C:\Windows\System\cAtausB.exe
  C:\Windows\System\cAtausB.exe
  2⤵
  PID:5680
- C:\Windows\System\RLbdfBV.exe
  C:\Windows\System\RLbdfBV.exe
  2⤵
  PID:5696
- C:\Windows\System\eJHGCCc.exe
  C:\Windows\System\eJHGCCc.exe
  2⤵
  PID:5712
- C:\Windows\System\TgPHbYi.exe
  C:\Windows\System\TgPHbYi.exe
  2⤵
  PID:5768
- C:\Windows\System\SBKcPlJ.exe
  C:\Windows\System\SBKcPlJ.exe
  2⤵
  PID:5788
- C:\Windows\System\dHjvgFk.exe
  C:\Windows\System\dHjvgFk.exe
  2⤵
  PID:5804
- C:\Windows\System\dhszsAz.exe
  C:\Windows\System\dhszsAz.exe
  2⤵
  PID:5820
- C:\Windows\System\RxQmIzF.exe
  C:\Windows\System\RxQmIzF.exe
  2⤵
  PID:5852
- C:\Windows\System\DztjUwB.exe
  C:\Windows\System\DztjUwB.exe
  2⤵
  PID:5868
- C:\Windows\System\WURToae.exe
  C:\Windows\System\WURToae.exe
  2⤵
  PID:5888
- C:\Windows\System\rBPAnwG.exe
  C:\Windows\System\rBPAnwG.exe
  2⤵
  PID:5904
- C:\Windows\System\NxABSLm.exe
  C:\Windows\System\NxABSLm.exe
  2⤵
  PID:5924
- C:\Windows\System\ZBIxZfx.exe
  C:\Windows\System\ZBIxZfx.exe
  2⤵
  PID:5956
- C:\Windows\System\raecuyR.exe
  C:\Windows\System\raecuyR.exe
  2⤵
  PID:5984
- C:\Windows\System\rBKVDDO.exe
  C:\Windows\System\rBKVDDO.exe
  2⤵
  PID:6000
- C:\Windows\System\NmTHTlG.exe
  C:\Windows\System\NmTHTlG.exe
  2⤵
  PID:6016
- C:\Windows\System\PIwsNqp.exe
  C:\Windows\System\PIwsNqp.exe
  2⤵
  PID:6040
- C:\Windows\System\EHTmAdx.exe
  C:\Windows\System\EHTmAdx.exe
  2⤵
  PID:6064
- C:\Windows\System\tqpdHJR.exe
  C:\Windows\System\tqpdHJR.exe
  2⤵
  PID:6080
- C:\Windows\System\TCKGwUa.exe
  C:\Windows\System\TCKGwUa.exe
  2⤵
  PID:6096
- C:\Windows\System\RLlEpwz.exe
  C:\Windows\System\RLlEpwz.exe
  2⤵
  PID:6112
- C:\Windows\System\nramqeT.exe
  C:\Windows\System\nramqeT.exe
  2⤵
  PID:6132
- C:\Windows\System\BdPxfGu.exe
  C:\Windows\System\BdPxfGu.exe
  2⤵
  PID:4292
- C:\Windows\System\RtBgmuz.exe
  C:\Windows\System\RtBgmuz.exe
  2⤵
  PID:5156
- C:\Windows\System\vweibQn.exe
  C:\Windows\System\vweibQn.exe
  2⤵
  PID:5244
- C:\Windows\System\iAmqAZi.exe
  C:\Windows\System\iAmqAZi.exe
  2⤵
  PID:4496
- C:\Windows\System\mJIljXW.exe
  C:\Windows\System\mJIljXW.exe
  2⤵
  PID:5144
- C:\Windows\System\OMYMEnc.exe
  C:\Windows\System\OMYMEnc.exe
  2⤵
  PID:5264
- C:\Windows\System\JcqvOjL.exe
  C:\Windows\System\JcqvOjL.exe
  2⤵
  PID:5280
- C:\Windows\System\rEUAUES.exe
  C:\Windows\System\rEUAUES.exe
  2⤵
  PID:5328
- C:\Windows\System\yenAcQA.exe
  C:\Windows\System\yenAcQA.exe
  2⤵
  PID:5396
- C:\Windows\System\HAsziZH.exe
  C:\Windows\System\HAsziZH.exe
  2⤵
  PID:5312
- C:\Windows\System\iswqVJd.exe
  C:\Windows\System\iswqVJd.exe
  2⤵
  PID:5380
- C:\Windows\System\WTkWdAZ.exe
  C:\Windows\System\WTkWdAZ.exe
  2⤵
  PID:5428
- C:\Windows\System\LZDcpvJ.exe
  C:\Windows\System\LZDcpvJ.exe
  2⤵
  PID:5444
- C:\Windows\System\mNioLOD.exe
  C:\Windows\System\mNioLOD.exe
  2⤵
  PID:5476
- C:\Windows\System\JPWzKBj.exe
  C:\Windows\System\JPWzKBj.exe
  2⤵
  PID:5516
- C:\Windows\System\lXAhnHZ.exe
  C:\Windows\System\lXAhnHZ.exe
  2⤵
  PID:5536
- C:\Windows\System\yvrlzEL.exe
  C:\Windows\System\yvrlzEL.exe
  2⤵
  PID:5640
- C:\Windows\System\xNnRsNe.exe
  C:\Windows\System\xNnRsNe.exe
  2⤵
  PID:5624
- C:\Windows\System\rriZVku.exe
  C:\Windows\System\rriZVku.exe
  2⤵
  PID:5692
- C:\Windows\System\ORmHeKg.exe
  C:\Windows\System\ORmHeKg.exe
  2⤵
  PID:5228
- C:\Windows\System\PmyXrLl.exe
  C:\Windows\System\PmyXrLl.exe
  2⤵
  PID:5748
- C:\Windows\System\HfgndNF.exe
  C:\Windows\System\HfgndNF.exe
  2⤵
  PID:5780
- C:\Windows\System\mgnpFBd.exe
  C:\Windows\System\mgnpFBd.exe
  2⤵
  PID:5828
- C:\Windows\System\FCJlsiw.exe
  C:\Windows\System\FCJlsiw.exe
  2⤵
  PID:5844
- C:\Windows\System\dAfFLAB.exe
  C:\Windows\System\dAfFLAB.exe
  2⤵
  PID:5884
- C:\Windows\System\mcUXWXs.exe
  C:\Windows\System\mcUXWXs.exe
  2⤵
  PID:5916
- C:\Windows\System\cudPIXb.exe
  C:\Windows\System\cudPIXb.exe
  2⤵
  PID:4352
- C:\Windows\System\mYsiTFR.exe
  C:\Windows\System\mYsiTFR.exe
  2⤵
  PID:5972
- C:\Windows\System\xyuxZto.exe
  C:\Windows\System\xyuxZto.exe
  2⤵
  PID:6012
- C:\Windows\System\YiCPXfX.exe
  C:\Windows\System\YiCPXfX.exe
  2⤵
  PID:6120
- C:\Windows\System\xWlATRf.exe
  C:\Windows\System\xWlATRf.exe
  2⤵
  PID:6028
- C:\Windows\System\xrxQqzF.exe
  C:\Windows\System\xrxQqzF.exe
  2⤵
  PID:6036
- C:\Windows\System\OQXdzzY.exe
  C:\Windows\System\OQXdzzY.exe
  2⤵
  PID:6140
- C:\Windows\System\lexjjYv.exe
  C:\Windows\System\lexjjYv.exe
  2⤵
  PID:5140
- C:\Windows\System\cqEHutj.exe
  C:\Windows\System\cqEHutj.exe
  2⤵
  PID:2180
- C:\Windows\System\ZaVMZkk.exe
  C:\Windows\System\ZaVMZkk.exe
  2⤵
  PID:5212
- C:\Windows\System\ipQegxd.exe
  C:\Windows\System\ipQegxd.exe
  2⤵
  PID:5160
- C:\Windows\System\vDWbCiw.exe
  C:\Windows\System\vDWbCiw.exe
  2⤵
  PID:5288
- C:\Windows\System\FOBTsdC.exe
  C:\Windows\System\FOBTsdC.exe
  2⤵
  PID:5420
- C:\Windows\System\JbOzzZS.exe
  C:\Windows\System\JbOzzZS.exe
  2⤵
  PID:5504
- C:\Windows\System\MXMbVvV.exe
  C:\Windows\System\MXMbVvV.exe
  2⤵
  PID:5676
- C:\Windows\System\KINmcMz.exe
  C:\Windows\System\KINmcMz.exe
  2⤵
  PID:5300
- C:\Windows\System\AwVZIMi.exe
  C:\Windows\System\AwVZIMi.exe
  2⤵
  PID:5364
- C:\Windows\System\YspnVyP.exe
  C:\Windows\System\YspnVyP.exe
  2⤵
  PID:5440
- C:\Windows\System\UYXqGly.exe
  C:\Windows\System\UYXqGly.exe
  2⤵
  PID:5840
- C:\Windows\System\XgJBpoh.exe
  C:\Windows\System\XgJBpoh.exe
  2⤵
  PID:5488
- C:\Windows\System\BZbILQj.exe
  C:\Windows\System\BZbILQj.exe
  2⤵
  PID:5968
- C:\Windows\System\jvFWEuU.exe
  C:\Windows\System\jvFWEuU.exe
  2⤵
  PID:6060
- C:\Windows\System\HjOyqhL.exe
  C:\Windows\System\HjOyqhL.exe
  2⤵
  PID:5864
- C:\Windows\System\GAJJyZT.exe
  C:\Windows\System\GAJJyZT.exe
  2⤵
  PID:5736
- C:\Windows\System\friiPXC.exe
  C:\Windows\System\friiPXC.exe
  2⤵
  PID:5744
- C:\Windows\System\LvOSNBK.exe
  C:\Windows\System\LvOSNBK.exe
  2⤵
  PID:5996
- C:\Windows\System\qIbJLHe.exe
  C:\Windows\System\qIbJLHe.exe
  2⤵
  PID:5208
- C:\Windows\System\bMhqvtG.exe
  C:\Windows\System\bMhqvtG.exe
  2⤵
  PID:5224
- C:\Windows\System\izXYzXH.exe
  C:\Windows\System\izXYzXH.exe
  2⤵
  PID:5672
- C:\Windows\System\LxAAXqr.exe
  C:\Windows\System\LxAAXqr.exe
  2⤵
  PID:5464
- C:\Windows\System\nTDLLcr.exe
  C:\Windows\System\nTDLLcr.exe
  2⤵
  PID:5776
- C:\Windows\System\kmGgonA.exe
  C:\Windows\System\kmGgonA.exe
  2⤵
  PID:5348
- C:\Windows\System\jWwXZWm.exe
  C:\Windows\System\jWwXZWm.exe
  2⤵
  PID:5484
- C:\Windows\System\CRgDOSz.exe
  C:\Windows\System\CRgDOSz.exe
  2⤵
  PID:5980
- C:\Windows\System\IWAYnhG.exe
  C:\Windows\System\IWAYnhG.exe
  2⤵
  PID:5604
- C:\Windows\System\FAlxZgT.exe
  C:\Windows\System\FAlxZgT.exe
  2⤵
  PID:5896
- C:\Windows\System\uLAEJiT.exe
  C:\Windows\System\uLAEJiT.exe
  2⤵
  PID:4804
- C:\Windows\System\CKLrTAL.exe
  C:\Windows\System\CKLrTAL.exe
  2⤵
  PID:5816
- C:\Windows\System\PXAyGtR.exe
  C:\Windows\System\PXAyGtR.exe
  2⤵
  PID:6108
- C:\Windows\System\vcjlOae.exe
  C:\Windows\System\vcjlOae.exe
  2⤵
  PID:5588
- C:\Windows\System\AeFVIIB.exe
  C:\Windows\System\AeFVIIB.exe
  2⤵
  PID:5552
- C:\Windows\System\eSKDchc.exe
  C:\Windows\System\eSKDchc.exe
  2⤵
  PID:6056
- C:\Windows\System\fJVJGeE.exe
  C:\Windows\System\fJVJGeE.exe
  2⤵
  PID:5688
- C:\Windows\System\vSEWNPz.exe
  C:\Windows\System\vSEWNPz.exe
  2⤵
  PID:5880
- C:\Windows\System\twPLckY.exe
  C:\Windows\System\twPLckY.exe
  2⤵
  PID:5260
- C:\Windows\System\GiipqVc.exe
  C:\Windows\System\GiipqVc.exe
  2⤵
  PID:5124
- C:\Windows\System\VXyXHyA.exe
  C:\Windows\System\VXyXHyA.exe
  2⤵
  PID:5404
- C:\Windows\System\NtYSmmP.exe
  C:\Windows\System\NtYSmmP.exe
  2⤵
  PID:5704
- C:\Windows\System\GVuvALS.exe
  C:\Windows\System\GVuvALS.exe
  2⤵
  PID:5920
- C:\Windows\System\ezygqNs.exe
  C:\Windows\System\ezygqNs.exe
  2⤵
  PID:6148
- C:\Windows\System\eKSBThb.exe
  C:\Windows\System\eKSBThb.exe
  2⤵
  PID:6168
- C:\Windows\System\AMsuZts.exe
  C:\Windows\System\AMsuZts.exe
  2⤵
  PID:6184
- C:\Windows\System\OToDKEP.exe
  C:\Windows\System\OToDKEP.exe
  2⤵
  PID:6212
- C:\Windows\System\LTGtngb.exe
  C:\Windows\System\LTGtngb.exe
  2⤵
  PID:6232
- C:\Windows\System\CjxSohs.exe
  C:\Windows\System\CjxSohs.exe
  2⤵
  PID:6256
- C:\Windows\System\buzytWg.exe
  C:\Windows\System\buzytWg.exe
  2⤵
  PID:6288
- C:\Windows\System\klwuaSQ.exe
  C:\Windows\System\klwuaSQ.exe
  2⤵
  PID:6304
- C:\Windows\System\PleEAGb.exe
  C:\Windows\System\PleEAGb.exe
  2⤵
  PID:6320
- C:\Windows\System\wxvzbDT.exe
  C:\Windows\System\wxvzbDT.exe
  2⤵
  PID:6336
- C:\Windows\System\JjsJnpN.exe
  C:\Windows\System\JjsJnpN.exe
  2⤵
  PID:6356
- C:\Windows\System\MUJLhID.exe
  C:\Windows\System\MUJLhID.exe
  2⤵
  PID:6372
- C:\Windows\System\qgLskwL.exe
  C:\Windows\System\qgLskwL.exe
  2⤵
  PID:6396
- C:\Windows\System\IaewXqp.exe
  C:\Windows\System\IaewXqp.exe
  2⤵
  PID:6416
- C:\Windows\System\gLsLzRp.exe
  C:\Windows\System\gLsLzRp.exe
  2⤵
  PID:6452
- C:\Windows\System\cIAnhJM.exe
  C:\Windows\System\cIAnhJM.exe
  2⤵
  PID:6468
- C:\Windows\System\CxmadtT.exe
  C:\Windows\System\CxmadtT.exe
  2⤵
  PID:6484
- C:\Windows\System\skkOfga.exe
  C:\Windows\System\skkOfga.exe
  2⤵
  PID:6500
- C:\Windows\System\kLCtbLF.exe
  C:\Windows\System\kLCtbLF.exe
  2⤵
  PID:6516
- C:\Windows\System\NXZUyDm.exe
  C:\Windows\System\NXZUyDm.exe
  2⤵
  PID:6536
- C:\Windows\System\vKwZHWX.exe
  C:\Windows\System\vKwZHWX.exe
  2⤵
  PID:6552
- C:\Windows\System\KoURhKF.exe
  C:\Windows\System\KoURhKF.exe
  2⤵
  PID:6568
- C:\Windows\System\EfSeVLn.exe
  C:\Windows\System\EfSeVLn.exe
  2⤵
  PID:6588
- C:\Windows\System\cqHAitn.exe
  C:\Windows\System\cqHAitn.exe
  2⤵
  PID:6608
- C:\Windows\System\MhrSCGa.exe
  C:\Windows\System\MhrSCGa.exe
  2⤵
  PID:6644
- C:\Windows\System\idTWXMx.exe
  C:\Windows\System\idTWXMx.exe
  2⤵
  PID:6668
- C:\Windows\System\jiwbbrS.exe
  C:\Windows\System\jiwbbrS.exe
  2⤵
  PID:6684
- C:\Windows\System\ZIRkBQj.exe
  C:\Windows\System\ZIRkBQj.exe
  2⤵
  PID:6708
- C:\Windows\System\OqrpXsJ.exe
  C:\Windows\System\OqrpXsJ.exe
  2⤵
  PID:6724
- C:\Windows\System\OBJgpmQ.exe
  C:\Windows\System\OBJgpmQ.exe
  2⤵
  PID:6740
- C:\Windows\System\yoSmste.exe
  C:\Windows\System\yoSmste.exe
  2⤵
  PID:6760
- C:\Windows\System\bKqnUQF.exe
  C:\Windows\System\bKqnUQF.exe
  2⤵
  PID:6780
- C:\Windows\System\OvbIBTb.exe
  C:\Windows\System\OvbIBTb.exe
  2⤵
  PID:6796
- C:\Windows\System\NyBJtKh.exe
  C:\Windows\System\NyBJtKh.exe
  2⤵
  PID:6812
- C:\Windows\System\TlIOaGP.exe
  C:\Windows\System\TlIOaGP.exe
  2⤵
  PID:6832
- C:\Windows\System\hgKpXnh.exe
  C:\Windows\System\hgKpXnh.exe
  2⤵
  PID:6848
- C:\Windows\System\QrdGwQM.exe
  C:\Windows\System\QrdGwQM.exe
  2⤵
  PID:6868
- C:\Windows\System\JtwSWkJ.exe
  C:\Windows\System\JtwSWkJ.exe
  2⤵
  PID:6888
- C:\Windows\System\wLQMsEK.exe
  C:\Windows\System\wLQMsEK.exe
  2⤵
  PID:6936
- C:\Windows\System\DIxmXNO.exe
  C:\Windows\System\DIxmXNO.exe
  2⤵
  PID:6952
- C:\Windows\System\TjtDDOo.exe
  C:\Windows\System\TjtDDOo.exe
  2⤵
  PID:6968
- C:\Windows\System\uPxumPS.exe
  C:\Windows\System\uPxumPS.exe
  2⤵
  PID:6984
- C:\Windows\System\wovkNCu.exe
  C:\Windows\System\wovkNCu.exe
  2⤵
  PID:7004
- C:\Windows\System\ctEgmES.exe
  C:\Windows\System\ctEgmES.exe
  2⤵
  PID:7020
- C:\Windows\System\FwGABvb.exe
  C:\Windows\System\FwGABvb.exe
  2⤵
  PID:7036
- C:\Windows\System\tiIbMjG.exe
  C:\Windows\System\tiIbMjG.exe
  2⤵
  PID:7052
- C:\Windows\System\BZDxIND.exe
  C:\Windows\System\BZDxIND.exe
  2⤵
  PID:7068
- C:\Windows\System\rZVsTRj.exe
  C:\Windows\System\rZVsTRj.exe
  2⤵
  PID:7112
- C:\Windows\System\cYmLvVf.exe
  C:\Windows\System\cYmLvVf.exe
  2⤵
  PID:7128
- C:\Windows\System\PnqreCA.exe
  C:\Windows\System\PnqreCA.exe
  2⤵
  PID:7144
- C:\Windows\System\iYdqAki.exe
  C:\Windows\System\iYdqAki.exe
  2⤵
  PID:7164
- C:\Windows\System\gUhLbpw.exe
  C:\Windows\System\gUhLbpw.exe
  2⤵
  PID:5060
- C:\Windows\System\PUjPLYb.exe
  C:\Windows\System\PUjPLYb.exe
  2⤵
  PID:5660
- C:\Windows\System\QdKlqgf.exe
  C:\Windows\System\QdKlqgf.exe
  2⤵
  PID:5352
- C:\Windows\System\POTSqjm.exe
  C:\Windows\System\POTSqjm.exe
  2⤵
  PID:6264
- C:\Windows\System\GisKHfj.exe
  C:\Windows\System\GisKHfj.exe
  2⤵
  PID:5728
- C:\Windows\System\NxqayMZ.exe
  C:\Windows\System\NxqayMZ.exe
  2⤵
  PID:6248
- C:\Windows\System\SYBAFxv.exe
  C:\Windows\System\SYBAFxv.exe
  2⤵
  PID:6276
- C:\Windows\System\rqwKvGF.exe
  C:\Windows\System\rqwKvGF.exe
  2⤵
  PID:6316
- C:\Windows\System\CfLXuha.exe
  C:\Windows\System\CfLXuha.exe
  2⤵
  PID:6380
- C:\Windows\System\EDGxrKH.exe
  C:\Windows\System\EDGxrKH.exe
  2⤵
  PID:6424
- C:\Windows\System\SNVdwXK.exe
  C:\Windows\System\SNVdwXK.exe
  2⤵
  PID:6364
- C:\Windows\System\PRnOdUM.exe
  C:\Windows\System\PRnOdUM.exe
  2⤵
  PID:6412
- C:\Windows\System\JTdaJPI.exe
  C:\Windows\System\JTdaJPI.exe
  2⤵
  PID:6448
- C:\Windows\System\iUZwZRq.exe
  C:\Windows\System\iUZwZRq.exe
  2⤵
  PID:6508
- C:\Windows\System\kGkSElm.exe
  C:\Windows\System\kGkSElm.exe
  2⤵
  PID:6548
- C:\Windows\System\aEnCUoz.exe
  C:\Windows\System\aEnCUoz.exe
  2⤵
  PID:6272
- C:\Windows\System\ZRdQmAF.exe
  C:\Windows\System\ZRdQmAF.exe
  2⤵
  PID:6564
- C:\Windows\System\mmIRSTK.exe
  C:\Windows\System\mmIRSTK.exe
  2⤵
  PID:6640
- C:\Windows\System\FsrGiQn.exe
  C:\Windows\System\FsrGiQn.exe
  2⤵
  PID:6524
- C:\Windows\System\lKNqkvv.exe
  C:\Windows\System\lKNqkvv.exe
  2⤵
  PID:6680
- C:\Windows\System\OteRSIR.exe
  C:\Windows\System\OteRSIR.exe
  2⤵
  PID:6696
- C:\Windows\System\LRzizVJ.exe
  C:\Windows\System\LRzizVJ.exe
  2⤵
  PID:6756
- C:\Windows\System\MfWkSwl.exe
  C:\Windows\System\MfWkSwl.exe
  2⤵
  PID:6768
- C:\Windows\System\uQQAGos.exe
  C:\Windows\System\uQQAGos.exe
  2⤵
  PID:6840
- C:\Windows\System\mLRtZLC.exe
  C:\Windows\System\mLRtZLC.exe
  2⤵
  PID:6732
- C:\Windows\System\AwIWvAz.exe
  C:\Windows\System\AwIWvAz.exe
  2⤵
  PID:6908
- C:\Windows\System\vmFxWPU.exe
  C:\Windows\System\vmFxWPU.exe
  2⤵
  PID:6932
- C:\Windows\System\fufUrIe.exe
  C:\Windows\System\fufUrIe.exe
  2⤵
  PID:7032
- C:\Windows\System\sIXKzOP.exe
  C:\Windows\System\sIXKzOP.exe
  2⤵
  PID:7016
- C:\Windows\System\qqwlQgd.exe
  C:\Windows\System\qqwlQgd.exe
  2⤵
  PID:7096
- C:\Windows\System\BCRnwUM.exe
  C:\Windows\System\BCRnwUM.exe
  2⤵
  PID:6960
- C:\Windows\System\YFaFFOe.exe
  C:\Windows\System\YFaFFOe.exe
  2⤵
  PID:7140
- C:\Windows\System\eyYrVXN.exe
  C:\Windows\System\eyYrVXN.exe
  2⤵
  PID:6176
- C:\Windows\System\vEFmfey.exe
  C:\Windows\System\vEFmfey.exe
  2⤵
  PID:6996
- C:\Windows\System\JxyfcEM.exe
  C:\Windows\System\JxyfcEM.exe
  2⤵
  PID:7120
- C:\Windows\System\EKVlHaL.exe
  C:\Windows\System\EKVlHaL.exe
  2⤵
  PID:6204
- C:\Windows\System\XMTUITR.exe
  C:\Windows\System\XMTUITR.exe
  2⤵
  PID:6328
- C:\Windows\System\rtOmBzG.exe
  C:\Windows\System\rtOmBzG.exe
  2⤵
  PID:7156
- C:\Windows\System\TwgBRZu.exe
  C:\Windows\System\TwgBRZu.exe
  2⤵
  PID:6240
- C:\Windows\System\XyOwuDg.exe
  C:\Windows\System\XyOwuDg.exe
  2⤵
  PID:6160
- C:\Windows\System\zVlKxvV.exe
  C:\Windows\System\zVlKxvV.exe
  2⤵
  PID:6560
- C:\Windows\System\UIygmnY.exe
  C:\Windows\System\UIygmnY.exe
  2⤵
  PID:6200
- C:\Windows\System\kvPSihx.exe
  C:\Windows\System\kvPSihx.exe
  2⤵
  PID:6408
- C:\Windows\System\IznaHnt.exe
  C:\Windows\System\IznaHnt.exe
  2⤵
  PID:6616
- C:\Windows\System\SdDPaqD.exe
  C:\Windows\System\SdDPaqD.exe
  2⤵
  PID:6384
- C:\Windows\System\PTuXHXe.exe
  C:\Windows\System\PTuXHXe.exe
  2⤵
  PID:6600
- C:\Windows\System\jUjgohc.exe
  C:\Windows\System\jUjgohc.exe
  2⤵
  PID:6660
- C:\Windows\System\KsDJwBX.exe
  C:\Windows\System\KsDJwBX.exe
  2⤵
  PID:6332
- C:\Windows\System\zvdJnIJ.exe
  C:\Windows\System\zvdJnIJ.exe
  2⤵
  PID:6820
- C:\Windows\System\WhMuDIB.exe
  C:\Windows\System\WhMuDIB.exe
  2⤵
  PID:6804
- C:\Windows\System\eRHtQDe.exe
  C:\Windows\System\eRHtQDe.exe
  2⤵
  PID:6896
- C:\Windows\System\zQuyCzV.exe
  C:\Windows\System\zQuyCzV.exe
  2⤵
  PID:6864
- C:\Windows\System\KXsgFaY.exe
  C:\Windows\System\KXsgFaY.exe
  2⤵
  PID:6884
- C:\Windows\System\XQgDrrF.exe
  C:\Windows\System\XQgDrrF.exe
  2⤵
  PID:7076
- C:\Windows\System\ooWCylr.exe
  C:\Windows\System\ooWCylr.exe
  2⤵
  PID:7136
- C:\Windows\System\WRqpdOH.exe
  C:\Windows\System\WRqpdOH.exe
  2⤵
  PID:6992
- C:\Windows\System\IpEkPqp.exe
  C:\Windows\System\IpEkPqp.exe
  2⤵
  PID:6576
- C:\Windows\System\wzKttNv.exe
  C:\Windows\System\wzKttNv.exe
  2⤵
  PID:7048
- C:\Windows\System\sGqxrVc.exe
  C:\Windows\System\sGqxrVc.exe
  2⤵
  PID:7060
- C:\Windows\System\DzbNEpq.exe
  C:\Windows\System\DzbNEpq.exe
  2⤵
  PID:7152
- C:\Windows\System\LtycOnF.exe
  C:\Windows\System\LtycOnF.exe
  2⤵
  PID:6196
- C:\Windows\System\GYAolkV.exe
  C:\Windows\System\GYAolkV.exe
  2⤵
  PID:6636
- C:\Windows\System\ZCaTFFK.exe
  C:\Windows\System\ZCaTFFK.exe
  2⤵
  PID:6284
- C:\Windows\System\ApJhJTk.exe
  C:\Windows\System\ApJhJTk.exe
  2⤵
  PID:6628
- C:\Windows\System\EvlLqFu.exe
  C:\Windows\System\EvlLqFu.exe
  2⤵
  PID:6828
- C:\Windows\System\hVKMPgg.exe
  C:\Windows\System\hVKMPgg.exe
  2⤵
  PID:7028
- C:\Windows\System\NVIPodv.exe
  C:\Windows\System\NVIPodv.exe
  2⤵
  PID:6928
- C:\Windows\System\Uvtbidy.exe
  C:\Windows\System\Uvtbidy.exe
  2⤵
  PID:6208
- C:\Windows\System\DOUtoJn.exe
  C:\Windows\System\DOUtoJn.exe
  2⤵
  PID:6720
- C:\Windows\System\EKrPNap.exe
  C:\Windows\System\EKrPNap.exe
  2⤵
  PID:6876
- C:\Windows\System\unswHma.exe
  C:\Windows\System\unswHma.exe
  2⤵
  PID:6584
- C:\Windows\System\TCgYGsO.exe
  C:\Windows\System\TCgYGsO.exe
  2⤵
  PID:6624
- C:\Windows\System\FxivkHY.exe
  C:\Windows\System\FxivkHY.exe
  2⤵
  PID:6224
- C:\Windows\System\jnoijge.exe
  C:\Windows\System\jnoijge.exe
  2⤵
  PID:7088
- C:\Windows\System\UctYLEa.exe
  C:\Windows\System\UctYLEa.exe
  2⤵
  PID:5760
- C:\Windows\System\ksRKQHB.exe
  C:\Windows\System\ksRKQHB.exe
  2⤵
  PID:5620
- C:\Windows\System\seUjrTq.exe
  C:\Windows\System\seUjrTq.exe
  2⤵
  PID:6436
- C:\Windows\System\BngeKUW.exe
  C:\Windows\System\BngeKUW.exe
  2⤵
  PID:7180
- C:\Windows\System\CZtspOC.exe
  C:\Windows\System\CZtspOC.exe
  2⤵
  PID:7196
- C:\Windows\System\DlDTFJk.exe
  C:\Windows\System\DlDTFJk.exe
  2⤵
  PID:7212
- C:\Windows\System\arJVdSG.exe
  C:\Windows\System\arJVdSG.exe
  2⤵
  PID:7228
- C:\Windows\System\rIQZNLx.exe
  C:\Windows\System\rIQZNLx.exe
  2⤵
  PID:7244
- C:\Windows\System\USfwrKt.exe
  C:\Windows\System\USfwrKt.exe
  2⤵
  PID:7264
- C:\Windows\System\qBWMcNv.exe
  C:\Windows\System\qBWMcNv.exe
  2⤵
  PID:7280
- C:\Windows\System\HumDDZs.exe
  C:\Windows\System\HumDDZs.exe
  2⤵
  PID:7296
- C:\Windows\System\iDYjQDd.exe
  C:\Windows\System\iDYjQDd.exe
  2⤵
  PID:7312
- C:\Windows\System\wcRRVaB.exe
  C:\Windows\System\wcRRVaB.exe
  2⤵
  PID:7332
- C:\Windows\System\DdlGfNB.exe
  C:\Windows\System\DdlGfNB.exe
  2⤵
  PID:7348
- C:\Windows\System\ndMLRMa.exe
  C:\Windows\System\ndMLRMa.exe
  2⤵
  PID:7364
- C:\Windows\System\JYPdtsT.exe
  C:\Windows\System\JYPdtsT.exe
  2⤵
  PID:7380
- C:\Windows\System\ZyucNTB.exe
  C:\Windows\System\ZyucNTB.exe
  2⤵
  PID:7396
- C:\Windows\System\oIkNbcw.exe
  C:\Windows\System\oIkNbcw.exe
  2⤵
  PID:7412
- C:\Windows\System\UoGSfNF.exe
  C:\Windows\System\UoGSfNF.exe
  2⤵
  PID:7428
- C:\Windows\System\VtyJNiF.exe
  C:\Windows\System\VtyJNiF.exe
  2⤵
  PID:7448
- C:\Windows\System\vKoJRlq.exe
  C:\Windows\System\vKoJRlq.exe
  2⤵
  PID:7464
- C:\Windows\System\nULHURx.exe
  C:\Windows\System\nULHURx.exe
  2⤵
  PID:7480
- C:\Windows\System\BJpXLzN.exe
  C:\Windows\System\BJpXLzN.exe
  2⤵
  PID:7504
- C:\Windows\System\YldTPvh.exe
  C:\Windows\System\YldTPvh.exe
  2⤵
  PID:7520
- C:\Windows\System\IAocQxC.exe
  C:\Windows\System\IAocQxC.exe
  2⤵
  PID:7536
- C:\Windows\System\qpHAwzf.exe
  C:\Windows\System\qpHAwzf.exe
  2⤵
  PID:7560
- C:\Windows\System\GTcGXQy.exe
  C:\Windows\System\GTcGXQy.exe
  2⤵
  PID:7576
- C:\Windows\System\maWQdqx.exe
  C:\Windows\System\maWQdqx.exe
  2⤵
  PID:7592
- C:\Windows\System\SJshLaz.exe
  C:\Windows\System\SJshLaz.exe
  2⤵
  PID:7608
- C:\Windows\System\jTtPiHb.exe
  C:\Windows\System\jTtPiHb.exe
  2⤵
  PID:7624
- C:\Windows\System\fVaAQkY.exe
  C:\Windows\System\fVaAQkY.exe
  2⤵
  PID:7640
- C:\Windows\System\kikmYUf.exe
  C:\Windows\System\kikmYUf.exe
  2⤵
  PID:7656
- C:\Windows\System\lPNrdnx.exe
  C:\Windows\System\lPNrdnx.exe
  2⤵
  PID:7676
- C:\Windows\System\nmZZWPx.exe
  C:\Windows\System\nmZZWPx.exe
  2⤵
  PID:7692
- C:\Windows\System\VFFxdAA.exe
  C:\Windows\System\VFFxdAA.exe
  2⤵
  PID:7708
- C:\Windows\System\gcyUWWX.exe
  C:\Windows\System\gcyUWWX.exe
  2⤵
  PID:7724
- C:\Windows\System\SQTILgc.exe
  C:\Windows\System\SQTILgc.exe
  2⤵
  PID:7740
- C:\Windows\System\VXLOEKe.exe
  C:\Windows\System\VXLOEKe.exe
  2⤵
  PID:7756
- C:\Windows\System\OYJOuyZ.exe
  C:\Windows\System\OYJOuyZ.exe
  2⤵
  PID:7772
- C:\Windows\System\hLVOSAK.exe
  C:\Windows\System\hLVOSAK.exe
  2⤵
  PID:7788
- C:\Windows\System\zNWWXtV.exe
  C:\Windows\System\zNWWXtV.exe
  2⤵
  PID:7804
- C:\Windows\System\ldvKXsw.exe
  C:\Windows\System\ldvKXsw.exe
  2⤵
  PID:7820
- C:\Windows\System\IuQNRPB.exe
  C:\Windows\System\IuQNRPB.exe
  2⤵
  PID:7836
- C:\Windows\System\OKrlJyt.exe
  C:\Windows\System\OKrlJyt.exe
  2⤵
  PID:7852
- C:\Windows\System\YhGnxzF.exe
  C:\Windows\System\YhGnxzF.exe
  2⤵
  PID:7868
- C:\Windows\System\mMFUThM.exe
  C:\Windows\System\mMFUThM.exe
  2⤵
  PID:7884
- C:\Windows\System\FRGYxJd.exe
  C:\Windows\System\FRGYxJd.exe
  2⤵
  PID:7900
- C:\Windows\System\Jgsiick.exe
  C:\Windows\System\Jgsiick.exe
  2⤵
  PID:7916
- C:\Windows\System\uroREjJ.exe
  C:\Windows\System\uroREjJ.exe
  2⤵
  PID:7932
- C:\Windows\System\XsiucSi.exe
  C:\Windows\System\XsiucSi.exe
  2⤵
  PID:7948
- C:\Windows\System\TCIBmdr.exe
  C:\Windows\System\TCIBmdr.exe
  2⤵
  PID:7964
- C:\Windows\System\fxrwwur.exe
  C:\Windows\System\fxrwwur.exe
  2⤵
  PID:8024
- C:\Windows\System\AwgukUJ.exe
  C:\Windows\System\AwgukUJ.exe
  2⤵
  PID:8044
- C:\Windows\System\VDSzLFh.exe
  C:\Windows\System\VDSzLFh.exe
  2⤵
  PID:8060
- C:\Windows\System\Cpovsmo.exe
  C:\Windows\System\Cpovsmo.exe
  2⤵
  PID:8076
- C:\Windows\System\lSnBruR.exe
  C:\Windows\System\lSnBruR.exe
  2⤵
  PID:8092
- C:\Windows\System\SebSIaC.exe
  C:\Windows\System\SebSIaC.exe
  2⤵
  PID:8116
- C:\Windows\System\OEKwxML.exe
  C:\Windows\System\OEKwxML.exe
  2⤵
  PID:8136
- C:\Windows\System\rwtymCl.exe
  C:\Windows\System\rwtymCl.exe
  2⤵
  PID:8152
- C:\Windows\System\uzxmvQv.exe
  C:\Windows\System\uzxmvQv.exe
  2⤵
  PID:8168
- C:\Windows\System\IwdApQK.exe
  C:\Windows\System\IwdApQK.exe
  2⤵
  PID:8184
- C:\Windows\System\jUyNLxh.exe
  C:\Windows\System\jUyNLxh.exe
  2⤵
  PID:6192
- C:\Windows\System\irPvBTT.exe
  C:\Windows\System\irPvBTT.exe
  2⤵
  PID:7172
- C:\Windows\System\LCKaUki.exe
  C:\Windows\System\LCKaUki.exe
  2⤵
  PID:7188
- C:\Windows\System\VwquHzu.exe
  C:\Windows\System\VwquHzu.exe
  2⤵
  PID:7204
- C:\Windows\System\qiltnXI.exe
  C:\Windows\System\qiltnXI.exe
  2⤵
  PID:7236
- C:\Windows\System\yThunjG.exe
  C:\Windows\System\yThunjG.exe
  2⤵
  PID:7260
- C:\Windows\System\oiICcDl.exe
  C:\Windows\System\oiICcDl.exe
  2⤵
  PID:7324
- C:\Windows\System\rHUNyje.exe
  C:\Windows\System\rHUNyje.exe
  2⤵
  PID:7276
- C:\Windows\System\gnTbIyF.exe
  C:\Windows\System\gnTbIyF.exe
  2⤵
  PID:7360
- C:\Windows\System\MEjRcIB.exe
  C:\Windows\System\MEjRcIB.exe
  2⤵
  PID:7404
- C:\Windows\System\ZtrpYMd.exe
  C:\Windows\System\ZtrpYMd.exe
  2⤵
  PID:7388
- C:\Windows\System\XxWLxMO.exe
  C:\Windows\System\XxWLxMO.exe
  2⤵
  PID:7444
- C:\Windows\System\YYCtjdX.exe
  C:\Windows\System\YYCtjdX.exe
  2⤵
  PID:7472
- C:\Windows\System\fHOzRgv.exe
  C:\Windows\System\fHOzRgv.exe
  2⤵
  PID:7500
- C:\Windows\System\NiyheUg.exe
  C:\Windows\System\NiyheUg.exe
  2⤵
  PID:7548
- C:\Windows\System\PMKGoVk.exe
  C:\Windows\System\PMKGoVk.exe
  2⤵
  PID:7584
- C:\Windows\System\zQWySad.exe
  C:\Windows\System\zQWySad.exe
  2⤵
  PID:7684
- C:\Windows\System\ZeeZEWW.exe
  C:\Windows\System\ZeeZEWW.exe
  2⤵
  PID:7748
- C:\Windows\System\qLFQfWA.exe
  C:\Windows\System\qLFQfWA.exe
  2⤵
  PID:7780
- C:\Windows\System\fEmdjyV.exe
  C:\Windows\System\fEmdjyV.exe
  2⤵
  PID:7736
- C:\Windows\System\jpwiTSe.exe
  C:\Windows\System\jpwiTSe.exe
  2⤵
  PID:7668
- C:\Windows\System\vmDdAAa.exe
  C:\Windows\System\vmDdAAa.exe
  2⤵
  PID:7600
- C:\Windows\System\sByojnj.exe
  C:\Windows\System\sByojnj.exe
  2⤵
  PID:7800
- C:\Windows\System\HayrNzS.exe
  C:\Windows\System\HayrNzS.exe
  2⤵
  PID:7832
- C:\Windows\System\JIwMZCv.exe
  C:\Windows\System\JIwMZCv.exe
  2⤵
  PID:7880
- C:\Windows\System\uTxHlZe.exe
  C:\Windows\System\uTxHlZe.exe
  2⤵
  PID:7940
- C:\Windows\System\vRjAKdh.exe
  C:\Windows\System\vRjAKdh.exe
  2⤵
  PID:7896
- C:\Windows\System\bbXqzZq.exe
  C:\Windows\System\bbXqzZq.exe
  2⤵
  PID:7972
- C:\Windows\System\ZLjTJBg.exe
  C:\Windows\System\ZLjTJBg.exe
  2⤵
  PID:7988
- C:\Windows\System\czRHYpG.exe
  C:\Windows\System\czRHYpG.exe
  2⤵
  PID:8000
- C:\Windows\System\csmArpH.exe
  C:\Windows\System\csmArpH.exe
  2⤵
  PID:8016
- C:\Windows\System\veLxNEF.exe
  C:\Windows\System\veLxNEF.exe
  2⤵
  PID:8084
- C:\Windows\System\eVlpMaO.exe
  C:\Windows\System\eVlpMaO.exe
  2⤵
  PID:8036
- C:\Windows\System\NMrerSf.exe
  C:\Windows\System\NMrerSf.exe
  2⤵
  PID:8108
- C:\Windows\System\NSdxKXI.exe
  C:\Windows\System\NSdxKXI.exe
  2⤵
  PID:8132
- C:\Windows\System\GQMeyck.exe
  C:\Windows\System\GQMeyck.exe
  2⤵
  PID:8148
- C:\Windows\System\AALZhAp.exe
  C:\Windows\System\AALZhAp.exe
  2⤵
  PID:8176
- C:\Windows\System\nCHpSUQ.exe
  C:\Windows\System\nCHpSUQ.exe
  2⤵
  PID:7224
- C:\Windows\System\RKfHzQQ.exe
  C:\Windows\System\RKfHzQQ.exe
  2⤵
  PID:7436
- C:\Windows\System\YYpAWkc.exe
  C:\Windows\System\YYpAWkc.exe
  2⤵
  PID:7476
- C:\Windows\System\sIDlBGQ.exe
  C:\Windows\System\sIDlBGQ.exe
  2⤵
  PID:7376
- C:\Windows\System\jdNHRtB.exe
  C:\Windows\System\jdNHRtB.exe
  2⤵
  PID:7492
- C:\Windows\System\joOyUlU.exe
  C:\Windows\System\joOyUlU.exe
  2⤵
  PID:7620
- C:\Windows\System\wHLNEyz.exe
  C:\Windows\System\wHLNEyz.exe
  2⤵
  PID:7652
- C:\Windows\System\MVyxoed.exe
  C:\Windows\System\MVyxoed.exe
  2⤵
  PID:7812
- C:\Windows\System\PeQELiV.exe
  C:\Windows\System\PeQELiV.exe
  2⤵
  PID:7764
- C:\Windows\System\xugIkBb.exe
  C:\Windows\System\xugIkBb.exe
  2⤵
  PID:7732
- C:\Windows\System\NxownPf.exe
  C:\Windows\System\NxownPf.exe
  2⤵
  PID:7848
- C:\Windows\System\XvtNuMD.exe
  C:\Windows\System\XvtNuMD.exe
  2⤵
  PID:7976
- C:\Windows\System\MEoYGGV.exe
  C:\Windows\System\MEoYGGV.exe
  2⤵
  PID:7992
- C:\Windows\System\AYyDKVF.exe
  C:\Windows\System\AYyDKVF.exe
  2⤵
  PID:7912
- C:\Windows\System\UdXAWMA.exe
  C:\Windows\System\UdXAWMA.exe
  2⤵
  PID:8032
- C:\Windows\System\whrTcQD.exe
  C:\Windows\System\whrTcQD.exe
  2⤵
  PID:8124
- C:\Windows\System\WQHFBlb.exe
  C:\Windows\System\WQHFBlb.exe
  2⤵
  PID:8180
- C:\Windows\System\cPTKNzy.exe
  C:\Windows\System\cPTKNzy.exe
  2⤵
  PID:6856
- C:\Windows\System\pNpiuJo.exe
  C:\Windows\System\pNpiuJo.exe
  2⤵
  PID:6900
- C:\Windows\System\lKIWfSU.exe
  C:\Windows\System\lKIWfSU.exe
  2⤵
  PID:7356
- C:\Windows\System\lmtvmMr.exe
  C:\Windows\System\lmtvmMr.exe
  2⤵
  PID:7460
- C:\Windows\System\bxraeAk.exe
  C:\Windows\System\bxraeAk.exe
  2⤵
  PID:7704
- C:\Windows\System\nUizpSk.exe
  C:\Windows\System\nUizpSk.exe
  2⤵
  PID:7496
- C:\Windows\System\bPmdgUw.exe
  C:\Windows\System\bPmdgUw.exe
  2⤵
  PID:7844
- C:\Windows\System\sibFKKa.exe
  C:\Windows\System\sibFKKa.exe
  2⤵
  PID:7556
- C:\Windows\System\ESTvVgs.exe
  C:\Windows\System\ESTvVgs.exe
  2⤵
  PID:7960
- C:\Windows\System\ktNEvrq.exe
  C:\Windows\System\ktNEvrq.exe
  2⤵
  PID:8208
- C:\Windows\System\qPszCRj.exe
  C:\Windows\System\qPszCRj.exe
  2⤵
  PID:8224
- C:\Windows\System\UvnTObL.exe
  C:\Windows\System\UvnTObL.exe
  2⤵
  PID:8240
- C:\Windows\System\VQJnAgL.exe
  C:\Windows\System\VQJnAgL.exe
  2⤵
  PID:8256
- C:\Windows\System\uinygib.exe
  C:\Windows\System\uinygib.exe
  2⤵
  PID:8272
- C:\Windows\System\aLQZSke.exe
  C:\Windows\System\aLQZSke.exe
  2⤵
  PID:8292
- C:\Windows\System\URFjtJJ.exe
  C:\Windows\System\URFjtJJ.exe
  2⤵
  PID:8308
- C:\Windows\System\HvRIbVn.exe
  C:\Windows\System\HvRIbVn.exe
  2⤵
  PID:8324
- C:\Windows\System\JYiDCyS.exe
  C:\Windows\System\JYiDCyS.exe
  2⤵
  PID:8340
- C:\Windows\System\wSYJQSX.exe
  C:\Windows\System\wSYJQSX.exe
  2⤵
  PID:8360
- C:\Windows\System\bJQmrvj.exe
  C:\Windows\System\bJQmrvj.exe
  2⤵
  PID:8380
- C:\Windows\System\hGhJKKJ.exe
  C:\Windows\System\hGhJKKJ.exe
  2⤵
  PID:8416
- C:\Windows\System\NeLhMBi.exe
  C:\Windows\System\NeLhMBi.exe
  2⤵
  PID:8432
- C:\Windows\System\sJleBBv.exe
  C:\Windows\System\sJleBBv.exe
  2⤵
  PID:8448
- C:\Windows\System\jKOwZvD.exe
  C:\Windows\System\jKOwZvD.exe
  2⤵
  PID:8464
- C:\Windows\System\QmBGGIK.exe
  C:\Windows\System\QmBGGIK.exe
  2⤵
  PID:8480
- C:\Windows\System\rLdjqex.exe
  C:\Windows\System\rLdjqex.exe
  2⤵
  PID:8496
- C:\Windows\System\MpEEKWT.exe
  C:\Windows\System\MpEEKWT.exe
  2⤵
  PID:8516
- C:\Windows\System\xifDndr.exe
  C:\Windows\System\xifDndr.exe
  2⤵
  PID:8532
- C:\Windows\System\GNWbhZC.exe
  C:\Windows\System\GNWbhZC.exe
  2⤵
  PID:8548
- C:\Windows\System\lCAFCUT.exe
  C:\Windows\System\lCAFCUT.exe
  2⤵
  PID:8564
- C:\Windows\System\fxWfiIB.exe
  C:\Windows\System\fxWfiIB.exe
  2⤵
  PID:8804
- C:\Windows\System\aVsSHGl.exe
  C:\Windows\System\aVsSHGl.exe
  2⤵
  PID:8836
- C:\Windows\System\ShGVnAo.exe
  C:\Windows\System\ShGVnAo.exe
  2⤵
  PID:8868
- C:\Windows\System\ZJbQZmV.exe
  C:\Windows\System\ZJbQZmV.exe
  2⤵
  PID:8884
- C:\Windows\System\MCCCUjQ.exe
  C:\Windows\System\MCCCUjQ.exe
  2⤵
  PID:8900
- C:\Windows\System\wYEnzEz.exe
  C:\Windows\System\wYEnzEz.exe
  2⤵
  PID:8916
- C:\Windows\System\XENlNoq.exe
  C:\Windows\System\XENlNoq.exe
  2⤵
  PID:8932
- C:\Windows\System\psbWDdB.exe
  C:\Windows\System\psbWDdB.exe
  2⤵
  PID:8956
- C:\Windows\System\rcqWBwS.exe
  C:\Windows\System\rcqWBwS.exe
  2⤵
  PID:8972
- C:\Windows\System\yZTdzJh.exe
  C:\Windows\System\yZTdzJh.exe
  2⤵
  PID:8988
- C:\Windows\System\ezWravv.exe
  C:\Windows\System\ezWravv.exe
  2⤵
  PID:9004
- C:\Windows\System\qPMJWgo.exe
  C:\Windows\System\qPMJWgo.exe
  2⤵
  PID:8100
- C:\Windows\System\ORFgwfX.exe
  C:\Windows\System\ORFgwfX.exe
  2⤵
  PID:7256
- C:\Windows\System\MKWJeyn.exe
  C:\Windows\System\MKWJeyn.exe
  2⤵
  PID:8504
- C:\Windows\System\wGMgMiQ.exe
  C:\Windows\System\wGMgMiQ.exe
  2⤵
  PID:8460
- C:\Windows\System\vajbdsd.exe
  C:\Windows\System\vajbdsd.exe
  2⤵
  PID:8540
- C:\Windows\System\jMnZrxP.exe
  C:\Windows\System\jMnZrxP.exe
  2⤵
  PID:8556
- C:\Windows\System\tcGIhkO.exe
  C:\Windows\System\tcGIhkO.exe
  2⤵
  PID:8580
- C:\Windows\System\aNcVRNa.exe
  C:\Windows\System\aNcVRNa.exe
  2⤵
  PID:8596
- C:\Windows\System\XzmkUit.exe
  C:\Windows\System\XzmkUit.exe
  2⤵
  PID:8616
- C:\Windows\System\mGkmMFc.exe
  C:\Windows\System\mGkmMFc.exe
  2⤵
  PID:8688
- C:\Windows\System\dgngrpn.exe
  C:\Windows\System\dgngrpn.exe
  2⤵
  PID:8652
- C:\Windows\System\qwYGCcD.exe
  C:\Windows\System\qwYGCcD.exe
  2⤵
  PID:8716
- C:\Windows\System\QuHGODU.exe
  C:\Windows\System\QuHGODU.exe
  2⤵
  PID:8684
- C:\Windows\System\UwzkAKG.exe
  C:\Windows\System\UwzkAKG.exe
  2⤵
  PID:8736
- C:\Windows\System\lchpKQj.exe
  C:\Windows\System\lchpKQj.exe
  2⤵
  PID:8756
- C:\Windows\System\ISNmdDI.exe
  C:\Windows\System\ISNmdDI.exe
  2⤵
  PID:8776
- C:\Windows\System\oUtRVUu.exe
  C:\Windows\System\oUtRVUu.exe
  2⤵
  PID:8796
- C:\Windows\System\KUJUHxt.exe
  C:\Windows\System\KUJUHxt.exe
  2⤵
  PID:8860
- C:\Windows\System\IKTxDLW.exe
  C:\Windows\System\IKTxDLW.exe
  2⤵
  PID:8908
- C:\Windows\System\sMpoqWL.exe
  C:\Windows\System\sMpoqWL.exe
  2⤵
  PID:8864
- C:\Windows\System\RUvYekC.exe
  C:\Windows\System\RUvYekC.exe
  2⤵
  PID:8984
- C:\Windows\System\fgrszbI.exe
  C:\Windows\System\fgrszbI.exe
  2⤵
  PID:8996
- C:\Windows\System\ooWLJBa.exe
  C:\Windows\System\ooWLJBa.exe
  2⤵
  PID:9064
- C:\Windows\System\QLjigHp.exe
  C:\Windows\System\QLjigHp.exe
  2⤵
  PID:9088
- C:\Windows\System\naRKcvN.exe
  C:\Windows\System\naRKcvN.exe
  2⤵
  PID:9116
- C:\Windows\System\tyOMIOu.exe
  C:\Windows\System\tyOMIOu.exe
  2⤵
  PID:9136
- C:\Windows\System\mbFrrrO.exe
  C:\Windows\System\mbFrrrO.exe
  2⤵
  PID:9168
- C:\Windows\System\iExzhsj.exe
  C:\Windows\System\iExzhsj.exe
  2⤵
  PID:9036
- C:\Windows\System\nrifoll.exe
  C:\Windows\System\nrifoll.exe
  2⤵
  PID:9080
- C:\Windows\System\pCUqWyy.exe
  C:\Windows\System\pCUqWyy.exe
  2⤵
  PID:9176
- C:\Windows\System\wuJOjVG.exe
  C:\Windows\System\wuJOjVG.exe
  2⤵
  PID:9188
- C:\Windows\System\BOjvxEo.exe
  C:\Windows\System\BOjvxEo.exe
  2⤵
  PID:9204
- C:\Windows\System\BAnEwTP.exe
  C:\Windows\System\BAnEwTP.exe
  2⤵
  PID:7568
- C:\Windows\System\VnikqIH.exe
  C:\Windows\System\VnikqIH.exe
  2⤵
  PID:8220
- C:\Windows\System\QXFLvVj.exe
  C:\Windows\System\QXFLvVj.exe
  2⤵
  PID:8252
- C:\Windows\System\lRIgDus.exe
  C:\Windows\System\lRIgDus.exe
  2⤵
  PID:8236
- C:\Windows\System\aQNwgDY.exe
  C:\Windows\System\aQNwgDY.exe
  2⤵
  PID:7720
- C:\Windows\System\LXlSoDe.exe
  C:\Windows\System\LXlSoDe.exe
  2⤵
  PID:7516
- C:\Windows\System\hjDXgua.exe
  C:\Windows\System\hjDXgua.exe
  2⤵
  PID:8316
- C:\Windows\System\lsWZgpD.exe
  C:\Windows\System\lsWZgpD.exe
  2⤵
  PID:8400
- C:\Windows\System\tszlyKI.exe
  C:\Windows\System\tszlyKI.exe
  2⤵
  PID:8368
- C:\Windows\System\syNGulp.exe
  C:\Windows\System\syNGulp.exe
  2⤵
  PID:8408
- C:\Windows\System\lUPcFYn.exe
  C:\Windows\System\lUPcFYn.exe
  2⤵
  PID:8440
- C:\Windows\System\PJhBgpW.exe
  C:\Windows\System\PJhBgpW.exe
  2⤵
  PID:8488
- C:\Windows\System\kzgSuYA.exe
  C:\Windows\System\kzgSuYA.exe
  2⤵
  PID:8528
- C:\Windows\System\VqencPg.exe
  C:\Windows\System\VqencPg.exe
  2⤵
  PID:8680
- C:\Windows\System\bvDYvFT.exe
  C:\Windows\System\bvDYvFT.exe
  2⤵
  PID:8676
- C:\Windows\System\PTENUYS.exe
  C:\Windows\System\PTENUYS.exe
  2⤵
  PID:8068
- C:\Windows\System\VibokfO.exe
  C:\Windows\System\VibokfO.exe
  2⤵
  PID:8696
- C:\Windows\System\rmrpLxs.exe
  C:\Windows\System\rmrpLxs.exe
  2⤵
  PID:8772
- C:\Windows\System\aCypppU.exe
  C:\Windows\System\aCypppU.exe
  2⤵
  PID:8852
- C:\Windows\System\PSdujtw.exe
  C:\Windows\System\PSdujtw.exe
  2⤵
  PID:8896
- C:\Windows\System\qmeybec.exe
  C:\Windows\System\qmeybec.exe
  2⤵
  PID:8876
- C:\Windows\System\tUfgRUo.exe
  C:\Windows\System\tUfgRUo.exe
  2⤵
  PID:8952
- C:\Windows\System\ZNJpMEf.exe
  C:\Windows\System\ZNJpMEf.exe
  2⤵
  PID:8964
- C:\Windows\System\hvCsxvE.exe
  C:\Windows\System\hvCsxvE.exe
  2⤵
  PID:9072
- C:\Windows\System\QTOyxmK.exe
  C:\Windows\System\QTOyxmK.exe
  2⤵
  PID:9112
- C:\Windows\System\mFUjwPf.exe
  C:\Windows\System\mFUjwPf.exe
  2⤵
  PID:9148
- C:\Windows\System\AUJHYns.exe
  C:\Windows\System\AUJHYns.exe
  2⤵
  PID:9024
- C:\Windows\System\NqIuIZr.exe
  C:\Windows\System\NqIuIZr.exe
  2⤵
  PID:9096
- C:\Windows\System\fqTRQjv.exe
  C:\Windows\System\fqTRQjv.exe
  2⤵
  PID:6072
- C:\Windows\System\phAiZoN.exe
  C:\Windows\System\phAiZoN.exe
  2⤵
  PID:7924
- C:\Windows\System\MDBdnPq.exe
  C:\Windows\System\MDBdnPq.exe
  2⤵
  PID:8248
- C:\Windows\System\PzsHfFO.exe
  C:\Windows\System\PzsHfFO.exe
  2⤵
  PID:8396
- C:\Windows\System\GSAVLdf.exe
  C:\Windows\System\GSAVLdf.exe
  2⤵
  PID:8336
- C:\Windows\System\AJiylwP.exe
  C:\Windows\System\AJiylwP.exe
  2⤵
  PID:8348
- C:\Windows\System\tHUHcqk.exe
  C:\Windows\System\tHUHcqk.exe
  2⤵
  PID:9104
- C:\Windows\System\ohGPpSC.exe
  C:\Windows\System\ohGPpSC.exe
  2⤵
  PID:8560
- C:\Windows\System\XBbCBzt.exe
  C:\Windows\System\XBbCBzt.exe
  2⤵
  PID:8604
- C:\Windows\System\PQSyVkQ.exe
  C:\Windows\System\PQSyVkQ.exe
  2⤵
  PID:8612
- C:\Windows\System\afOAljy.exe
  C:\Windows\System\afOAljy.exe
  2⤵
  PID:8588
- C:\Windows\System\CFhwVuU.exe
  C:\Windows\System\CFhwVuU.exe
  2⤵
  PID:8720
- C:\Windows\System\TNSYFsb.exe
  C:\Windows\System\TNSYFsb.exe
  2⤵
  PID:8708
- C:\Windows\System\khSJtQr.exe
  C:\Windows\System\khSJtQr.exe
  2⤵
  PID:8924
- C:\Windows\System\qjkdNSF.exe
  C:\Windows\System\qjkdNSF.exe
  2⤵
  PID:9052
- C:\Windows\System\OzKKnwK.exe
  C:\Windows\System\OzKKnwK.exe
  2⤵
  PID:9172
- C:\Windows\System\wGdFmqU.exe
  C:\Windows\System\wGdFmqU.exe
  2⤵
  PID:9124
- C:\Windows\System\OGcwYmr.exe
  C:\Windows\System\OGcwYmr.exe
  2⤵
  PID:6916
- C:\Windows\System\GvqgKyH.exe
  C:\Windows\System\GvqgKyH.exe
  2⤵
  PID:8304
- C:\Windows\System\ywSSTQM.exe
  C:\Windows\System\ywSSTQM.exe
  2⤵
  PID:8376
- C:\Windows\System\NmMevqB.exe
  C:\Windows\System\NmMevqB.exe
  2⤵
  PID:7648
- C:\Windows\System\SyCdGmR.exe
  C:\Windows\System\SyCdGmR.exe
  2⤵
  PID:8424
- C:\Windows\System\WTSBnKE.exe
  C:\Windows\System\WTSBnKE.exe
  2⤵
  PID:8656
- C:\Windows\System\WXUpRtO.exe
  C:\Windows\System\WXUpRtO.exe
  2⤵
  PID:8848
- C:\Windows\System\uwXDgTK.exe
  C:\Windows\System\uwXDgTK.exe
  2⤵
  PID:8692
- C:\Windows\System\ILZmyDC.exe
  C:\Windows\System\ILZmyDC.exe
  2⤵
  PID:8664
- C:\Windows\System\PgunOLH.exe
  C:\Windows\System\PgunOLH.exe
  2⤵
  PID:7192
- C:\Windows\System\YbYYVGO.exe
  C:\Windows\System\YbYYVGO.exe
  2⤵
  PID:9032
- C:\Windows\System\fSwmxaJ.exe
  C:\Windows\System\fSwmxaJ.exe
  2⤵
  PID:7372
- C:\Windows\System\RzdkXJj.exe
  C:\Windows\System\RzdkXJj.exe
  2⤵
  PID:8372
- C:\Windows\System\JnbvwUC.exe
  C:\Windows\System\JnbvwUC.exe
  2⤵
  PID:8744
- C:\Windows\System\jWyFPxy.exe
  C:\Windows\System\jWyFPxy.exe
  2⤵
  PID:8476
- C:\Windows\System\fDjhcTE.exe
  C:\Windows\System\fDjhcTE.exe
  2⤵
  PID:9132
- C:\Windows\System\UUJcwYV.exe
  C:\Windows\System\UUJcwYV.exe
  2⤵
  PID:8200
- C:\Windows\System\PHfCCvQ.exe
  C:\Windows\System\PHfCCvQ.exe
  2⤵
  PID:8624
- C:\Windows\System\jDmULWS.exe
  C:\Windows\System\jDmULWS.exe
  2⤵
  PID:8284
- C:\Windows\System\gnwEgZM.exe
  C:\Windows\System\gnwEgZM.exe
  2⤵
  PID:8232
- C:\Windows\System\PwWbIfO.exe
  C:\Windows\System\PwWbIfO.exe
  2⤵
  PID:8332
- C:\Windows\System\qmGQHAY.exe
  C:\Windows\System\qmGQHAY.exe
  2⤵
  PID:9044
- C:\Windows\System\KWhxahW.exe
  C:\Windows\System\KWhxahW.exe
  2⤵
  PID:8472
- C:\Windows\System\ScHgoMr.exe
  C:\Windows\System\ScHgoMr.exe
  2⤵
  PID:9224
- C:\Windows\System\WbxWNeu.exe
  C:\Windows\System\WbxWNeu.exe
  2⤵
  PID:9244
- C:\Windows\System\PbJYhPm.exe
  C:\Windows\System\PbJYhPm.exe
  2⤵
  PID:9264
- C:\Windows\System\XDcPrFW.exe
  C:\Windows\System\XDcPrFW.exe
  2⤵
  PID:9280
- C:\Windows\System\GMaLVMe.exe
  C:\Windows\System\GMaLVMe.exe
  2⤵
  PID:9296
- C:\Windows\System\goXkdzl.exe
  C:\Windows\System\goXkdzl.exe
  2⤵
  PID:9328
- C:\Windows\System\YXdpjuj.exe
  C:\Windows\System\YXdpjuj.exe
  2⤵
  PID:9344
- C:\Windows\System\CoftZNQ.exe
  C:\Windows\System\CoftZNQ.exe
  2⤵
  PID:9360
- C:\Windows\System\FSWwALY.exe
  C:\Windows\System\FSWwALY.exe
  2⤵
  PID:9376
- C:\Windows\System\wlJFBmm.exe
  C:\Windows\System\wlJFBmm.exe
  2⤵
  PID:9404
- C:\Windows\System\rcdSXOx.exe
  C:\Windows\System\rcdSXOx.exe
  2⤵
  PID:9424
- C:\Windows\System\BNUSTqR.exe
  C:\Windows\System\BNUSTqR.exe
  2⤵
  PID:9440
- C:\Windows\System\QnsBmWI.exe
  C:\Windows\System\QnsBmWI.exe
  2⤵
  PID:9460
- C:\Windows\System\rkDHnsA.exe
  C:\Windows\System\rkDHnsA.exe
  2⤵
  PID:9476
- C:\Windows\System\tcnkfai.exe
  C:\Windows\System\tcnkfai.exe
  2⤵
  PID:9492
- C:\Windows\System\CiDBoGL.exe
  C:\Windows\System\CiDBoGL.exe
  2⤵
  PID:9512
- C:\Windows\System\nbUqFic.exe
  C:\Windows\System\nbUqFic.exe
  2⤵
  PID:9528
- C:\Windows\System\wqDVgIp.exe
  C:\Windows\System\wqDVgIp.exe
  2⤵
  PID:9544
- C:\Windows\System\fWrCbEw.exe
  C:\Windows\System\fWrCbEw.exe
  2⤵
  PID:9568
- C:\Windows\System\ezHNMan.exe
  C:\Windows\System\ezHNMan.exe
  2⤵
  PID:9584
- C:\Windows\System\QlYoRcf.exe
  C:\Windows\System\QlYoRcf.exe
  2⤵
  PID:9604
- C:\Windows\System\noAamGN.exe
  C:\Windows\System\noAamGN.exe
  2⤵
  PID:9624
- C:\Windows\System\dHxfpJH.exe
  C:\Windows\System\dHxfpJH.exe
  2⤵
  PID:9644
- C:\Windows\System\NgLTiaM.exe
  C:\Windows\System\NgLTiaM.exe
  2⤵
  PID:9664
- C:\Windows\System\xdIqwlr.exe
  C:\Windows\System\xdIqwlr.exe
  2⤵
  PID:9684
- C:\Windows\System\CMUpRlA.exe
  C:\Windows\System\CMUpRlA.exe
  2⤵
  PID:9708
- C:\Windows\System\VnYEVhl.exe
  C:\Windows\System\VnYEVhl.exe
  2⤵
  PID:9732
- C:\Windows\System\cdueiNs.exe
  C:\Windows\System\cdueiNs.exe
  2⤵
  PID:9752
- C:\Windows\System\wgimkPf.exe
  C:\Windows\System\wgimkPf.exe
  2⤵
  PID:9768
- C:\Windows\System\SDYWsYt.exe
  C:\Windows\System\SDYWsYt.exe
  2⤵
  PID:9800
- C:\Windows\System\zzYJSvB.exe
  C:\Windows\System\zzYJSvB.exe
  2⤵
  PID:9832
- C:\Windows\System\SrmyKUk.exe
  C:\Windows\System\SrmyKUk.exe
  2⤵
  PID:9852
- C:\Windows\System\jFknrqf.exe
  C:\Windows\System\jFknrqf.exe
  2⤵
  PID:9876
- C:\Windows\System\lbfmKsL.exe
  C:\Windows\System\lbfmKsL.exe
  2⤵
  PID:9900
- C:\Windows\System\zzmXTZN.exe
  C:\Windows\System\zzmXTZN.exe
  2⤵
  PID:9920
- C:\Windows\System\dncKPFs.exe
  C:\Windows\System\dncKPFs.exe
  2⤵
  PID:9940
- C:\Windows\System\ZWRUKYV.exe
  C:\Windows\System\ZWRUKYV.exe
  2⤵
  PID:9960
- C:\Windows\System\lttGzms.exe
  C:\Windows\System\lttGzms.exe
  2⤵
  PID:9976
- C:\Windows\System\HNvmTUb.exe
  C:\Windows\System\HNvmTUb.exe
  2⤵
  PID:9992
- C:\Windows\System\cJyHhBy.exe
  C:\Windows\System\cJyHhBy.exe
  2⤵
  PID:10016
- C:\Windows\System\XPDSQoi.exe
  C:\Windows\System\XPDSQoi.exe
  2⤵
  PID:10040
- C:\Windows\System\aLrLEvZ.exe
  C:\Windows\System\aLrLEvZ.exe
  2⤵
  PID:10056
- C:\Windows\System\cyYltTf.exe
  C:\Windows\System\cyYltTf.exe
  2⤵
  PID:10072
- C:\Windows\System\gTowrQi.exe
  C:\Windows\System\gTowrQi.exe
  2⤵
  PID:10104
- C:\Windows\System\vjyIlJZ.exe
  C:\Windows\System\vjyIlJZ.exe
  2⤵
  PID:10120
- C:\Windows\System\BhYZuCQ.exe
  C:\Windows\System\BhYZuCQ.exe
  2⤵
  PID:10136
- C:\Windows\System\STDBPNG.exe
  C:\Windows\System\STDBPNG.exe
  2⤵
  PID:10152
- C:\Windows\System\CsNuoFR.exe
  C:\Windows\System\CsNuoFR.exe
  2⤵
  PID:10176
- C:\Windows\System\zqMsPtF.exe
  C:\Windows\System\zqMsPtF.exe
  2⤵
  PID:10192
- C:\Windows\System\WdibkYg.exe
  C:\Windows\System\WdibkYg.exe
  2⤵
  PID:10224
- C:\Windows\System\ReexVdn.exe
  C:\Windows\System\ReexVdn.exe
  2⤵
  PID:8768
- C:\Windows\System\wBhQLAK.exe
  C:\Windows\System\wBhQLAK.exe
  2⤵
  PID:9220
- C:\Windows\System\AERKvyf.exe
  C:\Windows\System\AERKvyf.exe
  2⤵
  PID:9272
- C:\Windows\System\oJZuwEu.exe
  C:\Windows\System\oJZuwEu.exe
  2⤵
  PID:9308
- C:\Windows\System\BGwbVBT.exe
  C:\Windows\System\BGwbVBT.exe
  2⤵
  PID:9256
- C:\Windows\System\CXmmhLy.exe
  C:\Windows\System\CXmmhLy.exe
  2⤵
  PID:9336
- C:\Windows\System\CFkoypl.exe
  C:\Windows\System\CFkoypl.exe
  2⤵
  PID:9392
- C:\Windows\System\FphqGUc.exe
  C:\Windows\System\FphqGUc.exe
  2⤵
  PID:9436
- C:\Windows\System\SljHrxp.exe
  C:\Windows\System\SljHrxp.exe
  2⤵
  PID:9500
- C:\Windows\System\LpiEfEn.exe
  C:\Windows\System\LpiEfEn.exe
  2⤵
  PID:9616
- C:\Windows\System\xVsJpDD.exe
  C:\Windows\System\xVsJpDD.exe
  2⤵
  PID:9660
- C:\Windows\System\BqVAwFg.exe
  C:\Windows\System\BqVAwFg.exe
  2⤵
  PID:9740
- C:\Windows\System\BYegHAG.exe
  C:\Windows\System\BYegHAG.exe
  2⤵
  PID:9632
- C:\Windows\System\RxtmtNE.exe
  C:\Windows\System\RxtmtNE.exe
  2⤵
  PID:9720
- C:\Windows\System\BFKrzsF.exe
  C:\Windows\System\BFKrzsF.exe
  2⤵
  PID:9600
- C:\Windows\System\TSECzXb.exe
  C:\Windows\System\TSECzXb.exe
  2⤵
  PID:9640
- C:\Windows\System\AkLgMON.exe
  C:\Windows\System\AkLgMON.exe
  2⤵
  PID:9448
- C:\Windows\System\FTjgAYT.exe
  C:\Windows\System\FTjgAYT.exe
  2⤵
  PID:9792
- C:\Windows\System\RGYdoaY.exe
  C:\Windows\System\RGYdoaY.exe
  2⤵
  PID:9728
- C:\Windows\System\znmMGMQ.exe
  C:\Windows\System\znmMGMQ.exe
  2⤵
  PID:9812
- C:\Windows\System\pUeKhhE.exe
  C:\Windows\System\pUeKhhE.exe
  2⤵
  PID:9860
- C:\Windows\System\fxRuiSq.exe
  C:\Windows\System\fxRuiSq.exe
  2⤵
  PID:9884
- C:\Windows\System\yWUwdVs.exe
  C:\Windows\System\yWUwdVs.exe
  2⤵
  PID:9888
- C:\Windows\System\gcYrLah.exe
  C:\Windows\System\gcYrLah.exe
  2⤵
  PID:9932
- C:\Windows\System\eCoeYHR.exe
  C:\Windows\System\eCoeYHR.exe
  2⤵
  PID:9968
- C:\Windows\System\rVUZMwC.exe
  C:\Windows\System\rVUZMwC.exe
  2⤵
  PID:10032
- C:\Windows\System\JcvmTtu.exe
  C:\Windows\System\JcvmTtu.exe
  2⤵
  PID:10048
- C:\Windows\System\KIjPgdi.exe
  C:\Windows\System\KIjPgdi.exe
  2⤵
  PID:10096
- C:\Windows\System\yCMKxgJ.exe
  C:\Windows\System\yCMKxgJ.exe
  2⤵
  PID:10132
- C:\Windows\System\WVDkhcT.exe
  C:\Windows\System\WVDkhcT.exe
  2⤵
  PID:10172
- C:\Windows\System\rFzQJOe.exe
  C:\Windows\System\rFzQJOe.exe
  2⤵
  PID:10216
- C:\Windows\System\RINbCCh.exe
  C:\Windows\System\RINbCCh.exe
  2⤵
  PID:9056
- C:\Windows\System\AsCxXbT.exe
  C:\Windows\System\AsCxXbT.exe
  2⤵
  PID:10232
- C:\Windows\System\gPdkRoI.exe
  C:\Windows\System\gPdkRoI.exe
  2⤵
  PID:9288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AafUEtG.exe

Filesize
6.0MB

MD5
2543e13682619acd56dcb68591b71563

SHA1
05af8e8e1d3ffc562672e5c99294cda1c595e544

SHA256
d0c96c1f40cdff4da6324f169de1c4f02c7701ee36a2b0daa05f1174b28f39a5

SHA512
29ee9e793d426a085019e6da57a279c05f0308d3e580e8f710b1d142a27079876c79962325eb4b323245c2e50977d838f5f54bddbefa9b94fdacaacf54ffb6dc

Download Submit
C:\Windows\system\BqzBMQe.exe

Filesize
6.0MB

MD5
7faa9b1168c1631b48bfb500b6570a60

SHA1
1b770cde8fe494c8d3f975b1e9187c4b0165f8e3

SHA256
63cec6827737c1eedcf6e15986a1df75333a0877ae48d3e8c9803d8c1906a972

SHA512
6e78d8abf266c751b27f5c08dc6622c82c52bf16acbb5a6aadcdd01d0f1a5c0cb4720bf2c37232b1c59af091f5891cb1276354b41a3b46717365a5c1b4f7e29c

Download Submit
C:\Windows\system\DecVFry.exe

Filesize
6.0MB

MD5
0267dd13afb7bb9e6441566a40c51fcc

SHA1
c3571c77b3d5ab1bdaf8925de8af8b0c893419c9

SHA256
2f279629ea5f2aca6d239516053b7e13d06218287d84d12d45b3c617531e60d6

SHA512
16e60525bdd9fc1b24287ade944db339dc8ed8bcf62528773008b679ff28199aff735cc54c097c1980a7966c641ae3857fccaab2681db3959bb77d608c3f1fca

Download Submit
C:\Windows\system\ELtBQRn.exe

Filesize
6.0MB

MD5
0784e749c60bbff4413e20ba2527135e

SHA1
db0a1f142fe5df3a15c7fab71e6de871f8216c7a

SHA256
3218d256707e8b3d1c598bdc20e6fbaefcba0604dad7ba966c92adf0e589b481

SHA512
31fb6192eb3f2d81aa165278e5ceb8a5134afc86fb30e55decf38edb833a40af15da87e76e20f841aa705dcb63fa1277f30f9416091da079239a79ec85a2fbbe

Download Submit
C:\Windows\system\GsXVcdO.exe

Filesize
6.0MB

MD5
867036bbd42e167be65c410330fa250e

SHA1
d4fc319cf9c022690418597b0b9569ace56a88d3

SHA256
9cfb2e5cd41e0aae48574e8d133fdba4080252b268ac50b9b1e9e5ecb689b814

SHA512
5fb946c449df4a60d9328007aaf914c705dbeffa332c86b33b558d6f095126440c341aacba299ebb345906ad33706ec4426a0e1ddf1891c9c7341ed6c40b7b05

Download Submit
C:\Windows\system\Iclmyjc.exe

Filesize
6.0MB

MD5
02994d5530d51e89a8f86184672a5939

SHA1
1e8c3837b7099393647b731038edca999cdfd4b4

SHA256
7ccf7f587be94f363372059fae17210cbf8e0baa047b905df2d48a8bcf17beb1

SHA512
42d4e88d1e4dcc8ef6b3faf22fd694e8b42ac9bacb2430e5d371ffbbf8aee1c68a599e5d1d20dca0124b1fdcfe20f59a8df1cdaa3047d9bb2cb67999f026f146

Download Submit
C:\Windows\system\KKXlRsZ.exe

Filesize
6.0MB

MD5
e779105b5867b9a61dc65f2ea14b5a8c

SHA1
079897e51a7e4353c94e18e9422dbfef48cd84da

SHA256
faa988e4f660a07a947b65dcdd5b6a1ef07f458a288321659d1ab3a41280c455

SHA512
d3b1145ff74c656e858d6d943b65f4d35386caf2e23d635ca83f471bebb9463d232884afe3c262f9d3668d8842e14daa4532dd75fd612b056512dcfee34ad589

Download Submit
C:\Windows\system\KUmQhAA.exe

Filesize
6.0MB

MD5
51ba82f1313c2bd1b1d5707a82273917

SHA1
19a35dc63ae757dd0e3b697560bea762c148913e

SHA256
879c013174b97e5ed2da1aa8652fe20922a59c191f49880f09fbcc14f21ea544

SHA512
42f9c4c9f366a820bb306bb16a63c7a9b80f1049a098a403872be2ff6d43fcc8905ec352b02e37f6db6937621a25ecbb5d6b8e86a664b13e09dcb37928f8fff4

Download Submit
C:\Windows\system\PAdJLWZ.exe

Filesize
6.0MB

MD5
cfd30085a8fc952543b103012786318c

SHA1
25351a2aaf99a6b014df38451cf903134c6543b3

SHA256
0e1711b1ad8c7e17cfd4dc13ee2a5c4e416647b658b94b72b818c90708d1d8dc

SHA512
ad18bc5c4bf52f97b1a1474cc8e697bd4691317c54395b83210a71e4c4eb3e47904935ba351e01b653d376b253a1d9c497718f2f46ec4ceb7e05380e10fece8b

Download Submit
C:\Windows\system\QMvjVsB.exe

Filesize
6.0MB

MD5
36d76957656946b7171572b8b9534287

SHA1
7ee7958dc951d87e0567431888d1f378ebb384cc

SHA256
94779ef35e48bc6cd2901560126eafe5e63114000d7db92663c2d1b4d40d198d

SHA512
f4da481d790ae4373a3c780ec27e8321d9971a21afe8645619fa82d71ebef748d089fdd3ad472d0f440fd37ae6bcc790cb0f3428a5a93897eb7b149fbed4bbe7

Download Submit
C:\Windows\system\RLpOxQI.exe

Filesize
8B

MD5
338fde68ae7dad6345c4ed67f5eeae08

SHA1
e27075153e543cd3aadd16044aaa8953be280bac

SHA256
eabac93986cc662d95c9ce1e7d66a47d211f822f2107fbf6b0f3254e13aefe02

SHA512
5274b072a8ff1840ef85ea16f6e28edf3b5d70d825dbe9f599c13ba172c7f168366f2095597819fa7d68b30cdecf4e71c6928ae607be7a8a82e62143e0309a4a

Download Submit
C:\Windows\system\UmiOBAC.exe

Filesize
6.0MB

MD5
d6d79435ca83a67c99ad5f1e521a9710

SHA1
9d7597e88260c9bde4fcd4e7f0ac3df036d7fb20

SHA256
ebb9ee7d0d2fe666388fe148741e096f5edc7c09da8063b2b759f5358bc7b478

SHA512
b674e4c9b70fa2896c6cdf2943a8d0a811c474f8601e156cbbf973b62d4d1a6325c75e60202e2d0daa283cfa4dce05d0ec5640c7cc06718377417551dd890e66

Download Submit
C:\Windows\system\WRkfLdj.exe

Filesize
6.0MB

MD5
4cd233c09e87409b146686d4851c5c02

SHA1
17e94266873960e2a6402876f1b55b181da333f2

SHA256
b60411462e268d392144e2313944f191e74acad8c473cc7e114937d926aa7561

SHA512
261e54947012f78177661a6970a507b27358e1ee9d1b702b9cc833824840dbc7fda31421b55e5953153d7fb380833499801e4f77e88945d6037018fd64ff86a1

Download Submit
C:\Windows\system\bWevJmw.exe

Filesize
6.0MB

MD5
79ae6a0521dad54fdd79098c8afcdca8

SHA1
0408b6f75387b05fd3ac51b3d6244b94e2d8871d

SHA256
48e2bbbba64c98586bc55aae5b99a02af03d5e1f1c4d12e6a946e10f21330273

SHA512
25c08d1f9d34c49fc142b8cad6bd9ecc064b997b662a9e74105bd7f14d721f8d0ae5db544153094344bcf08cd15c55baa8cab89870a99320dcb90bd75636f9be

Download Submit
C:\Windows\system\cLwVarf.exe

Filesize
6.0MB

MD5
60346f6df7a8c0aa934b489b114cf043

SHA1
5edd89224768f7ff7f80a888c3453730ee2314ca

SHA256
e387cded06d90162c5558c5f0e20a2be49b912b8f23775b4199613646e2e855e

SHA512
f7d1cc9026661f70fd0bac2d848184c072534c54d74881ecc82246fc9fcdf87c219435d27bebad97a2caa6d409e9700b42fa4904281359f983bc5662a1a6a398

Download Submit
C:\Windows\system\fMWojmD.exe

Filesize
6.0MB

MD5
7af54f16912e802aff6a66d18c94941e

SHA1
061b7ea4d287ab3b98033beb4e7c38783df3ec61

SHA256
8485c5badf8896491489a864041658d03e2d503cc658d0b5e6f6ed2d2a4c5735

SHA512
58f37fe0e633a20707da0cb186d3f8a1343a4db044e474a80dea0bae5087ab8ec5f0d3855fc243474787d009b73ad9087bf75ddb0171900fe6447b4559e56acb

Download Submit
C:\Windows\system\irAthhC.exe

Filesize
6.0MB

MD5
e9fb3c531b44308e2cff5b432661dc45

SHA1
f4661016e9cd776e4b2f1be9d3f0d5d9b390f636

SHA256
33d8a7a6cf328ad9e9837dcc7f19e831440f2b414807e204db29c704220d57dc

SHA512
2e5d48b8b338c6489ead3f5e9a1562bf612e6a9fcd0e1a61bde8420e488abe7c0f5a8d38bee870a795b4af11493a29690dc6a10b9b1dd5c82c59a11fdc5a0990

Download Submit
C:\Windows\system\jjohezP.exe

Filesize
6.0MB

MD5
3d5d90b10ac639d4cce907e842bb0768

SHA1
17a9ca766e6d67798d386752459a951f3cd54b40

SHA256
3718a656275eac610fffffffd98268fd635fd91739d43b57576890ae48f19261

SHA512
e110e03b0eab383d32960b61f0a8f184fbabc546a75387a9d2b6080fdb7cb8a59d94e674510a0b0c015b2ed4763835e7725489b00debd72116c391d7a018e34f

Download Submit
C:\Windows\system\kvbfsGt.exe

Filesize
6.0MB

MD5
bcc17342ec394830e44f42cd061d1206

SHA1
a30d79d1a768ffd36449971ecfd0dca777c8b27b

SHA256
443cbfabb7111e2e0786c035751f5c88ae05bfff59cd13def7ca9996c2938993

SHA512
e671a640e1856871e3a7a136bb44959da60f9eaaaefc2d99abe040cfd8db3ad246a53eda7afaaee001abd381d15ea05a96d8c9c495bc168330fab75ab13a6af8

Download Submit
C:\Windows\system\meRtyqZ.exe

Filesize
6.0MB

MD5
21f802cf69984a484f4625d98dabc8b4

SHA1
e5586fc4b18c107f518e39946949d76a04fd83af

SHA256
4f9e33af81ea6ceb8f8f90b771e55aff0ff6d7ecc6dee969263dcc7c7eded282

SHA512
cce87dee8ecdd90a41c36e9c8a4a3976d03dd2cb507533b8d54e65814f955c8c52488b4f2b11d3c8a2cdbd628754429b777d8e695b0b53c46718874aa126c819

Download Submit
C:\Windows\system\oCymYuR.exe

Filesize
6.0MB

MD5
141164ab19075e62c349d1a978ebfd76

SHA1
6aa429446a4617757949aaed2b921e0badeb11b8

SHA256
0c12476a962593bfc308d1d2d9f79e1a491aaadd0b32e084ef37db522915c04f

SHA512
65d22ed2fe59626e97c868dc11ceb5e3375c85c94faa2b47c89caf87b2333a1f47f5161418bc3c0fe05cbf51e05a95265fef866a23318de835b70e6c8de6ef3a

Download Submit
C:\Windows\system\qkQmZXO.exe

Filesize
6.0MB

MD5
d309acdd9186ff6e2df82c4e429daacc

SHA1
82da1ea82609d599db2df10cfe7ed7caa82ea62c

SHA256
7ab6899a9a814ec5ad533ed543314063e91765792e8b915ea95a0868b7fbcedd

SHA512
3ce2baa3acdf0c4155d10228a95c1fcd991d63bfff6a2f6755eadc683d3454223f3c12076974cf9851a1fe4ae901865e82603feee666fe630369f3639fdd55e8

Download Submit
C:\Windows\system\tUWDwQt.exe

Filesize
6.0MB

MD5
8a5c7b0d0bd0efe015ef86a533c80174

SHA1
10c51b00313a08d4e85782bf395d971be1efebe7

SHA256
2e870d943003c61d37fc9555101c75b3f91161c983bc9c9709a52991e24e3341

SHA512
f35f58db274c80a595ee2b4504e13e219260cb82f0f6cf28c811482fced5bb6a78c6f1e41f2aa7b6c40492cde15dd466358dd239a5e28b25609bf9273e52488b

Download Submit
C:\Windows\system\wnmUkOF.exe

Filesize
6.0MB

MD5
3f1d3a00066762ec630b7dadf4a91ba8

SHA1
b15dc5d38ce5b2260a374a96c0fec5447df0fc35

SHA256
872156d9a9ce74dacf23c7d428321bd19bf592b0d5b3d13d530b58dc60a53c03

SHA512
a9211014458643ed418627f1d83295166a483372ba719d8185be702bc63165af13f5749c9a1c7b5d18b10fc305ee292a82415d7302fe8e240eb120414b5efea2

Download Submit
\Windows\system\BxGukJi.exe

Filesize
6.0MB

MD5
6a0c725d825fb72365e284c36b7281cb

SHA1
095b49c5579d49fb0c6f8853df3a10da60642d19

SHA256
1a5bceb6acd88dae35a774618acf83a474da062020dffdc68712f823de8235dd

SHA512
3a378c358eacbed87376b1e7496add3240eff4f623259b792491a742fe76478d5fa294841c55b3073aab308f6905aeb0df3a2436166caa5bc5e44c0b35e76467

Download Submit
\Windows\system\GkCWIYp.exe

Filesize
6.0MB

MD5
575de01d97e92ca0dfdb52ae867fa0d9

SHA1
8f61863f81e65ee2b86ffb5d2a2aee87baf63196

SHA256
44aea265333bb5604d7352d892fd676d09034dd99bdd08ad5fc44b4fed5fb94c

SHA512
690368eaa9860011f6eafc3ff4d9649e8a915b9ee70c5d8a7dddf83769a2c65ff1902dd659305154d776ac8cf61927350f732b04085f0fa2d981449185afed64

Download Submit
\Windows\system\SkFFvQi.exe

Filesize
6.0MB

MD5
fe7142526bfd76fa2c140e6cde9eb527

SHA1
8d92ff38890db1de8db9cefc08af58fb4e889bef

SHA256
0e146a145291395eddcc11c018ff47e6a3e1b1e87f382131e709f6f5ba2a68ee

SHA512
c475ea8fd72ca6fc571e5c87ebea33577098c28c91277b69fe28d71c313c232da44f86fceb053f40e05da96d912c9a57b7199670891580a0a0042eee77f1f8a1

Download Submit
\Windows\system\YudKEKF.exe

Filesize
6.0MB

MD5
9ecd02b485d6e57007a2470c241b1447

SHA1
582026a59fc53d92845d9768123b52a750cd0996

SHA256
7fca4737fee8d8a8546240c4de7aed956f195a9b28af67347732c6f373739a65

SHA512
46ff08bfa7e6226e7bb85ce7878e448a1b674ea4bacc326e7030317f0c78874168dd1ea8e9e9ff8265af3413938ad12908c7551f25397189b30e14be1b8312fa

Download Submit
\Windows\system\ggLjOuA.exe

Filesize
6.0MB

MD5
0686ecfb3e2a5c5d76a681b240ceb7f0

SHA1
360968276dfc45a0055d6ed743bf8b48fec0d039

SHA256
9af5c232ba1907d139ebf9e53a1a19045a45c72fd1669de2294ad43ab785b4cc

SHA512
dc1a8bbb3bc705a82e47d9f89ce1aa17c8ab26e6d641f32b23c3b5deed7a1eb3bfe7cfad1642896c6792d316be8b123f9cd10b553c1f1bab13b961a9f6da84e1

Download Submit
\Windows\system\nHQNlfZ.exe

Filesize
6.0MB

MD5
29fa70194a5a1e885f657fcd71f01b8f

SHA1
45bc9d34bcaca33e75d07ac3116654e581b8deb7

SHA256
f0e1532c4bee4ddb93505a1cbd7f1180f0a3ebfb09d38e7295f3ceb60801281b

SHA512
ba81f89bcc144a02fb750e942cb92f527121f093ee29731516cff696b11ff5e6b29aad341f962a10535231f6d31737f3de1cf9fcc9e565cf56a1bbc7714d7589

Download Submit
\Windows\system\nVLZdpI.exe

Filesize
6.0MB

MD5
159ffda8d423fbb363a535ea458f0351

SHA1
cfe3a81304584fb30619f0aee24768f4bd6d4655

SHA256
16016819eb74947c1301a6826e3a49cc54db7bcb6b263c75867049b1787808a8

SHA512
817378c18dcf4a3b6ffb70e3f7514322134a15fb96f9be49df3a7fb0fee909d8f4c2b2482b7a79f9fee8dd02d57ca06de3d8b711b5e4f42e619e6dde988b5d49

Download Submit
\Windows\system\oPHYkNH.exe

Filesize
6.0MB

MD5
7665ad91d39f32775e7070e9020d30b3

SHA1
4fbc4e50650f1a5827e092cbd2be3b4f578595ec

SHA256
15de30840fe44e27411e6339f73ab427e8edf7b6efb05260ed826308ca9edb64

SHA512
fb0b68f85078a4a7f693737e87bf071378a3ac1908907b952fad342ce3e43749073a38ba5d3cfb89ca0bcbcd9c64ab919d17fdbac529ea1ff12494af31cb9959

Download Submit
\Windows\system\phrIAga.exe

Filesize
6.0MB

MD5
76aaa1fdf102a55e0142d587729e2edc

SHA1
01d2883a1644192de03e12d393a9efffc6fd11b0

SHA256
548eae2cf6f488e7aad6e24f5f876bf0f7aa0cc9e0e79a093002fd8ccfdc0946

SHA512
883ae642ef9a1297cf66c88d03841c67109af087c3ea4132ff4e7d6075e6d8fb9bde55b297b87b164f49874e8ef8d7d7e1554ac0f387b40a05bd49125c5ba9b6

Download Submit
memory/1296-3640-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/1296-57-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-545-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/1964-36-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/1964-41-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/1964-91-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/1964-98-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/1964-99-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/1964-100-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-15-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-0-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/1964-80-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/1964-55-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/1964-54-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/1964-713-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-20-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/1964-61-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/1964-81-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/1964-1375-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-396-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/1964-217-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2212-1181-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-94-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-3741-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2336-3687-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2336-218-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2336-68-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2344-87-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-628-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-3723-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-3657-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2380-79-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2380-311-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2408-4726-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-460-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-83-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2524-43-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2524-3492-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2640-3374-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2640-33-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2648-22-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2648-3340-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2660-3370-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2660-34-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2724-3326-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2724-39-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2724-12-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2788-3328-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-14-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-3601-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-56-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-3665-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/3008-310-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/3008-76-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download