cobaltstrike | 61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
18-11-2024 00:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
Size

6.0MB
MD5

8beaced2197f6bdb104dcfe39c651f41
SHA1

c63bf192721005c1c1fc894b498cc2552da0b445
SHA256

61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571
SHA512

c542ce4daf787da805cbae597adcfe7365fafbe9d8c18d418036cc88e4807da0da8001850b9a73dec43ed5da2f444d89367c3ef92f277af723d5eda58107d9e6
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUD:T+q56utgpPF8u/7D

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
behavioral1/files/0x0007000000012116-6.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173a9-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017492-12.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000174cc-23.dat	cobalt_reflective_dll
behavioral1/files/0x000e000000018676-31.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018683-42.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000186ee-51.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186e4-52.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016fdf-37.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193c2-66.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941e-73.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019427-81.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019431-89.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-99.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019461-111.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019582-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-123.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960d-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019619-171.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-192.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-186.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-177.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-182.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019617-167.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019613-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019615-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960f-146.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019611-152.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960b-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019609-132.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950c-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001944f-106.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2596-0-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012116-6.dat	xmrig
behavioral1/memory/1548-9-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/files/0x00080000000173a9-10.dat	xmrig
behavioral1/memory/1000-15-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/files/0x0008000000017492-12.dat	xmrig
behavioral1/files/0x00070000000174cc-23.dat	xmrig
behavioral1/memory/1912-28-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/1372-22-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/files/0x000e000000018676-31.dat	xmrig
behavioral1/files/0x0006000000018683-42.dat	xmrig
behavioral1/files/0x00080000000186ee-51.dat	xmrig
behavioral1/files/0x00060000000186e4-52.dat	xmrig
behavioral1/memory/2772-46-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/1000-65-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2936-64-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/1948-63-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/2804-59-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2712-45-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2596-40-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016fdf-37.dat	xmrig
behavioral1/files/0x00070000000193c2-66.dat	xmrig
behavioral1/memory/2560-72-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/1372-70-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/files/0x000500000001941e-73.dat	xmrig
behavioral1/memory/2532-80-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/files/0x0005000000019427-81.dat	xmrig
behavioral1/memory/1912-82-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/3028-88-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/2596-86-0x00000000022D0000-0x0000000002624000-memory.dmp	xmrig
behavioral1/files/0x0005000000019431-89.dat	xmrig
behavioral1/files/0x0005000000019441-99.dat	xmrig
behavioral1/memory/2516-92-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019461-111.dat	xmrig
behavioral1/files/0x0005000000019582-120.dat	xmrig
behavioral1/files/0x00050000000195c5-123.dat	xmrig
behavioral1/files/0x000500000001960d-140.dat	xmrig
behavioral1/files/0x0005000000019619-171.dat	xmrig
behavioral1/memory/2736-848-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2516-660-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/2532-380-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/files/0x0005000000019621-192.dat	xmrig
behavioral1/files/0x000500000001961f-186.dat	xmrig
behavioral1/files/0x000500000001961b-177.dat	xmrig
behavioral1/files/0x000500000001961d-182.dat	xmrig
behavioral1/files/0x0005000000019617-167.dat	xmrig
behavioral1/files/0x0005000000019613-156.dat	xmrig
behavioral1/files/0x0005000000019615-162.dat	xmrig
behavioral1/files/0x000500000001960f-146.dat	xmrig
behavioral1/files/0x0005000000019611-152.dat	xmrig
behavioral1/files/0x000500000001960b-136.dat	xmrig
behavioral1/files/0x0005000000019609-132.dat	xmrig
behavioral1/files/0x000500000001950c-116.dat	xmrig
behavioral1/files/0x000500000001944f-106.dat	xmrig
behavioral1/memory/2736-100-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/1548-3055-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/1000-3058-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/1912-3091-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/2804-3104-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/1372-3103-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/memory/2712-3097-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2772-3102-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/1948-3107-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/memory/2936-3110-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

ainMbJI.exeYFhacTq.exePcffnDJ.exeaicZgNZ.exeiKkJdfq.exeRHRibTo.exeUUBZQPB.exeiLjfDTM.exeibjWEgI.exelwaRPVA.exeIINYmNc.exepveIVAg.exelQJwKpb.exeZTLeBos.exeBOtqVuz.exeklJsRQj.exeHeJvXYu.exerLirCrt.exerhJolWT.exeYRpILuu.execzYWVyw.exerCWFVgQ.exeunDQXQP.exeuJzTTbP.exeCSfCTXE.exeUniOSdu.exeKeLefeq.exeyMifuGS.exeNYfZoIt.exeLpNEofB.exeBjPlVif.exeEjHqGhE.exeSTULTKu.exemElVmIU.exeiIWZRuA.exeJJxvehf.exenkkIwRl.exehgGmOAo.exeEJiTzQF.exeuALFJoL.exevwZUvgO.exeKYPrrcI.exeqejdTrz.exeeoudaml.exeHYDPSXo.exeSWlKqeg.exeaWYQOde.exehvyPjgB.exeBPkFoIf.exenqqSVWo.exekuvcJvv.exeOaDaEmz.exeVtzfNAb.exeSkUEKpH.exekEJLhzn.exeNQfSxhN.exeIUdIWbP.exehzYYxZc.exeksigDCT.exesXLHLng.exexXYHiwW.exevkdurHg.exexMoKEAw.exeHaafUJD.exe

pid	Process
1548	ainMbJI.exe
1000	YFhacTq.exe
1372	PcffnDJ.exe
1912	aicZgNZ.exe
2712	iKkJdfq.exe
2772	RHRibTo.exe
2804	UUBZQPB.exe
1948	iLjfDTM.exe
2936	ibjWEgI.exe
2560	lwaRPVA.exe
2532	IINYmNc.exe
3028	pveIVAg.exe
2516	lQJwKpb.exe
2736	ZTLeBos.exe
1848	BOtqVuz.exe
1884	klJsRQj.exe
2336	HeJvXYu.exe
1268	rLirCrt.exe
584	rhJolWT.exe
2820	YRpILuu.exe
2828	czYWVyw.exe
1988	rCWFVgQ.exe
2908	unDQXQP.exe
2836	uJzTTbP.exe
2996	CSfCTXE.exe
2612	UniOSdu.exe
2920	KeLefeq.exe
2200	yMifuGS.exe
2892	NYfZoIt.exe
2960	LpNEofB.exe
616	BjPlVif.exe
864	EjHqGhE.exe
2108	STULTKu.exe
808	mElVmIU.exe
1308	iIWZRuA.exe
1800	JJxvehf.exe
3052	nkkIwRl.exe
1752	hgGmOAo.exe
1976	EJiTzQF.exe
1644	uALFJoL.exe
908	vwZUvgO.exe
968	KYPrrcI.exe
660	qejdTrz.exe
2204	eoudaml.exe
2364	HYDPSXo.exe
1924	SWlKqeg.exe
1640	aWYQOde.exe
2340	hvyPjgB.exe
2052	BPkFoIf.exe
2388	nqqSVWo.exe
1688	kuvcJvv.exe
2984	OaDaEmz.exe
2980	VtzfNAb.exe
1536	SkUEKpH.exe
1532	kEJLhzn.exe
2432	NQfSxhN.exe
2488	IUdIWbP.exe
348	hzYYxZc.exe
2800	ksigDCT.exe
2756	sXLHLng.exe
2428	xXYHiwW.exe
2512	vkdurHg.exe
2328	xMoKEAw.exe
2196	HaafUJD.exe

Loads dropped DLL 64 IoCs

Processes:

61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe

pid	Process
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2596-0-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/files/0x0007000000012116-6.dat	upx
behavioral1/memory/1548-9-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/files/0x00080000000173a9-10.dat	upx
behavioral1/memory/1000-15-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/files/0x0008000000017492-12.dat	upx
behavioral1/files/0x00070000000174cc-23.dat	upx
behavioral1/memory/1912-28-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/1372-22-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/files/0x000e000000018676-31.dat	upx
behavioral1/files/0x0006000000018683-42.dat	upx
behavioral1/files/0x00080000000186ee-51.dat	upx
behavioral1/files/0x00060000000186e4-52.dat	upx
behavioral1/memory/2772-46-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/1000-65-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2936-64-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/1948-63-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2804-59-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2712-45-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2596-40-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/files/0x0008000000016fdf-37.dat	upx
behavioral1/files/0x00070000000193c2-66.dat	upx
behavioral1/memory/2560-72-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/1372-70-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/files/0x000500000001941e-73.dat	upx
behavioral1/memory/2532-80-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/files/0x0005000000019427-81.dat	upx
behavioral1/memory/1912-82-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/3028-88-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/files/0x0005000000019431-89.dat	upx
behavioral1/files/0x0005000000019441-99.dat	upx
behavioral1/memory/2516-92-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/files/0x0005000000019461-111.dat	upx
behavioral1/files/0x0005000000019582-120.dat	upx
behavioral1/files/0x00050000000195c5-123.dat	upx
behavioral1/files/0x000500000001960d-140.dat	upx
behavioral1/files/0x0005000000019619-171.dat	upx
behavioral1/memory/2736-848-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2516-660-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/2532-380-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/files/0x0005000000019621-192.dat	upx
behavioral1/files/0x000500000001961f-186.dat	upx
behavioral1/files/0x000500000001961b-177.dat	upx
behavioral1/files/0x000500000001961d-182.dat	upx
behavioral1/files/0x0005000000019617-167.dat	upx
behavioral1/files/0x0005000000019613-156.dat	upx
behavioral1/files/0x0005000000019615-162.dat	upx
behavioral1/files/0x000500000001960f-146.dat	upx
behavioral1/files/0x0005000000019611-152.dat	upx
behavioral1/files/0x000500000001960b-136.dat	upx
behavioral1/files/0x0005000000019609-132.dat	upx
behavioral1/files/0x000500000001950c-116.dat	upx
behavioral1/files/0x000500000001944f-106.dat	upx
behavioral1/memory/2736-100-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/1548-3055-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/1000-3058-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/1912-3091-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/2804-3104-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/1372-3103-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/memory/2712-3097-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2772-3102-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/1948-3107-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/memory/2936-3110-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2560-3134-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe

description	ioc	Process
File created	C:\Windows\System\YDFkKdx.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\WkldeQg.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\DqidvEw.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\ToHwDrQ.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\xltUlGZ.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\mxTaOyN.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\cOGbWuK.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\HQEepFL.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\tDzLxLd.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\HFpJFHn.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\ZbMaqyC.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\sbXYYLT.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\ZLREGtl.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\tpAUBfD.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\IKtrLix.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\vlIPbwy.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\WAlqVvO.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\pkHRMvq.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\EScMUKK.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\kanhIpE.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\Jhyrpfg.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\TxtccQp.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\zHJVIwb.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\rlvsJsL.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\fqkambq.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\TybpqOk.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\jycPmph.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\ygovugz.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\zSkRYte.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\YKCwKJZ.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\htReOCr.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\UbMiekl.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\kWsHGvk.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\cGXUwqh.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\XfHrveG.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\JBcUfda.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\cJhWFhj.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\CFRZTtW.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\owclDIn.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\wGKSPuF.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\xhkSRZd.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\uMaUhlY.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\tBQqFgu.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\PwlCBGc.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\PJsEzLK.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\SEBLfwN.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\wEMFAdG.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\BEUxkmG.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\iYAoGxF.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\fYgEhnf.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\eYtMZVh.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\mqscauz.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\IZmyOiE.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\qamRwEN.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\HwiDxiE.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\oayuqgr.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\IqGBprd.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\jpBvVIl.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\wXyuRPE.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\zFxqvGw.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\bpjPoyp.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\BFfXZEN.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\onOFDWD.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
File created	C:\Windows\System\rCNPdpI.exe	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe

description	pid	Process	procid_target
PID 2596 wrote to memory of 1548	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	31
PID 2596 wrote to memory of 1548	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	31
PID 2596 wrote to memory of 1548	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	31
PID 2596 wrote to memory of 1000	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	32
PID 2596 wrote to memory of 1000	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	32
PID 2596 wrote to memory of 1000	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	32
PID 2596 wrote to memory of 1372	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	33
PID 2596 wrote to memory of 1372	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	33
PID 2596 wrote to memory of 1372	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	33
PID 2596 wrote to memory of 1912	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	34
PID 2596 wrote to memory of 1912	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	34
PID 2596 wrote to memory of 1912	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	34
PID 2596 wrote to memory of 2712	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	35
PID 2596 wrote to memory of 2712	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	35
PID 2596 wrote to memory of 2712	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	35
PID 2596 wrote to memory of 2772	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	36
PID 2596 wrote to memory of 2772	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	36
PID 2596 wrote to memory of 2772	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	36
PID 2596 wrote to memory of 1948	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	37
PID 2596 wrote to memory of 1948	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	37
PID 2596 wrote to memory of 1948	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	37
PID 2596 wrote to memory of 2804	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	38
PID 2596 wrote to memory of 2804	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	38
PID 2596 wrote to memory of 2804	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	38
PID 2596 wrote to memory of 2936	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	39
PID 2596 wrote to memory of 2936	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	39
PID 2596 wrote to memory of 2936	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	39
PID 2596 wrote to memory of 2560	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	40
PID 2596 wrote to memory of 2560	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	40
PID 2596 wrote to memory of 2560	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	40
PID 2596 wrote to memory of 2532	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	41
PID 2596 wrote to memory of 2532	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	41
PID 2596 wrote to memory of 2532	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	41
PID 2596 wrote to memory of 3028	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	42
PID 2596 wrote to memory of 3028	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	42
PID 2596 wrote to memory of 3028	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	42
PID 2596 wrote to memory of 2516	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	43
PID 2596 wrote to memory of 2516	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	43
PID 2596 wrote to memory of 2516	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	43
PID 2596 wrote to memory of 2736	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	44
PID 2596 wrote to memory of 2736	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	44
PID 2596 wrote to memory of 2736	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	44
PID 2596 wrote to memory of 1848	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	45
PID 2596 wrote to memory of 1848	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	45
PID 2596 wrote to memory of 1848	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	45
PID 2596 wrote to memory of 1884	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	46
PID 2596 wrote to memory of 1884	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	46
PID 2596 wrote to memory of 1884	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	46
PID 2596 wrote to memory of 2336	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	47
PID 2596 wrote to memory of 2336	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	47
PID 2596 wrote to memory of 2336	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	47
PID 2596 wrote to memory of 1268	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	48
PID 2596 wrote to memory of 1268	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	48
PID 2596 wrote to memory of 1268	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	48
PID 2596 wrote to memory of 584	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	49
PID 2596 wrote to memory of 584	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	49
PID 2596 wrote to memory of 584	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	49
PID 2596 wrote to memory of 2820	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	50
PID 2596 wrote to memory of 2820	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	50
PID 2596 wrote to memory of 2820	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	50
PID 2596 wrote to memory of 2828	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	51
PID 2596 wrote to memory of 2828	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	51
PID 2596 wrote to memory of 2828	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	51
PID 2596 wrote to memory of 1988	2596	61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe	52

C:\Users\Admin\AppData\Local\Temp\61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe
"C:\Users\Admin\AppData\Local\Temp\61fdaea84c9d28194ceb5eb6fc220dbb992e0d643b8f95e16d11304669fc1571.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2596
- C:\Windows\System\ainMbJI.exe
  C:\Windows\System\ainMbJI.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\YFhacTq.exe
  C:\Windows\System\YFhacTq.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\PcffnDJ.exe
  C:\Windows\System\PcffnDJ.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\aicZgNZ.exe
  C:\Windows\System\aicZgNZ.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\iKkJdfq.exe
  C:\Windows\System\iKkJdfq.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\RHRibTo.exe
  C:\Windows\System\RHRibTo.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\iLjfDTM.exe
  C:\Windows\System\iLjfDTM.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\UUBZQPB.exe
  C:\Windows\System\UUBZQPB.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\ibjWEgI.exe
  C:\Windows\System\ibjWEgI.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\lwaRPVA.exe
  C:\Windows\System\lwaRPVA.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\IINYmNc.exe
  C:\Windows\System\IINYmNc.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\pveIVAg.exe
  C:\Windows\System\pveIVAg.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\lQJwKpb.exe
  C:\Windows\System\lQJwKpb.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\ZTLeBos.exe
  C:\Windows\System\ZTLeBos.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\BOtqVuz.exe
  C:\Windows\System\BOtqVuz.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\klJsRQj.exe
  C:\Windows\System\klJsRQj.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\HeJvXYu.exe
  C:\Windows\System\HeJvXYu.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\rLirCrt.exe
  C:\Windows\System\rLirCrt.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\rhJolWT.exe
  C:\Windows\System\rhJolWT.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\YRpILuu.exe
  C:\Windows\System\YRpILuu.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\czYWVyw.exe
  C:\Windows\System\czYWVyw.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\rCWFVgQ.exe
  C:\Windows\System\rCWFVgQ.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\unDQXQP.exe
  C:\Windows\System\unDQXQP.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\uJzTTbP.exe
  C:\Windows\System\uJzTTbP.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\CSfCTXE.exe
  C:\Windows\System\CSfCTXE.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\UniOSdu.exe
  C:\Windows\System\UniOSdu.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\KeLefeq.exe
  C:\Windows\System\KeLefeq.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\yMifuGS.exe
  C:\Windows\System\yMifuGS.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\NYfZoIt.exe
  C:\Windows\System\NYfZoIt.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\LpNEofB.exe
  C:\Windows\System\LpNEofB.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\BjPlVif.exe
  C:\Windows\System\BjPlVif.exe
  2⤵
  - Executes dropped EXE
  PID:616
- C:\Windows\System\EjHqGhE.exe
  C:\Windows\System\EjHqGhE.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\STULTKu.exe
  C:\Windows\System\STULTKu.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\mElVmIU.exe
  C:\Windows\System\mElVmIU.exe
  2⤵
  - Executes dropped EXE
  PID:808
- C:\Windows\System\iIWZRuA.exe
  C:\Windows\System\iIWZRuA.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\JJxvehf.exe
  C:\Windows\System\JJxvehf.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\nkkIwRl.exe
  C:\Windows\System\nkkIwRl.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\hgGmOAo.exe
  C:\Windows\System\hgGmOAo.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\EJiTzQF.exe
  C:\Windows\System\EJiTzQF.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\uALFJoL.exe
  C:\Windows\System\uALFJoL.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\vwZUvgO.exe
  C:\Windows\System\vwZUvgO.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\KYPrrcI.exe
  C:\Windows\System\KYPrrcI.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\qejdTrz.exe
  C:\Windows\System\qejdTrz.exe
  2⤵
  - Executes dropped EXE
  PID:660
- C:\Windows\System\eoudaml.exe
  C:\Windows\System\eoudaml.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\HYDPSXo.exe
  C:\Windows\System\HYDPSXo.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\SWlKqeg.exe
  C:\Windows\System\SWlKqeg.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\aWYQOde.exe
  C:\Windows\System\aWYQOde.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\hvyPjgB.exe
  C:\Windows\System\hvyPjgB.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\BPkFoIf.exe
  C:\Windows\System\BPkFoIf.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\nqqSVWo.exe
  C:\Windows\System\nqqSVWo.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\kuvcJvv.exe
  C:\Windows\System\kuvcJvv.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\OaDaEmz.exe
  C:\Windows\System\OaDaEmz.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\VtzfNAb.exe
  C:\Windows\System\VtzfNAb.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\SkUEKpH.exe
  C:\Windows\System\SkUEKpH.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\kEJLhzn.exe
  C:\Windows\System\kEJLhzn.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\NQfSxhN.exe
  C:\Windows\System\NQfSxhN.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\IUdIWbP.exe
  C:\Windows\System\IUdIWbP.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\hzYYxZc.exe
  C:\Windows\System\hzYYxZc.exe
  2⤵
  - Executes dropped EXE
  PID:348
- C:\Windows\System\ksigDCT.exe
  C:\Windows\System\ksigDCT.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\sXLHLng.exe
  C:\Windows\System\sXLHLng.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\xXYHiwW.exe
  C:\Windows\System\xXYHiwW.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\vkdurHg.exe
  C:\Windows\System\vkdurHg.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\xMoKEAw.exe
  C:\Windows\System\xMoKEAw.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\HaafUJD.exe
  C:\Windows\System\HaafUJD.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\HaRCTVK.exe
  C:\Windows\System\HaRCTVK.exe
  2⤵
  PID:1888
- C:\Windows\System\tHxwKto.exe
  C:\Windows\System\tHxwKto.exe
  2⤵
  PID:1648
- C:\Windows\System\lYHgGwI.exe
  C:\Windows\System\lYHgGwI.exe
  2⤵
  PID:1508
- C:\Windows\System\iLVhEwH.exe
  C:\Windows\System\iLVhEwH.exe
  2⤵
  PID:1152
- C:\Windows\System\OsfXJeg.exe
  C:\Windows\System\OsfXJeg.exe
  2⤵
  PID:1748
- C:\Windows\System\MMyFmcH.exe
  C:\Windows\System\MMyFmcH.exe
  2⤵
  PID:1984
- C:\Windows\System\boZryQL.exe
  C:\Windows\System\boZryQL.exe
  2⤵
  PID:3064
- C:\Windows\System\KVIjPvM.exe
  C:\Windows\System\KVIjPvM.exe
  2⤵
  PID:2824
- C:\Windows\System\aFYHuMA.exe
  C:\Windows\System\aFYHuMA.exe
  2⤵
  PID:1060
- C:\Windows\System\YDsuiDO.exe
  C:\Windows\System\YDsuiDO.exe
  2⤵
  PID:2384
- C:\Windows\System\UCezmMq.exe
  C:\Windows\System\UCezmMq.exe
  2⤵
  PID:2460
- C:\Windows\System\cYWJGZX.exe
  C:\Windows\System\cYWJGZX.exe
  2⤵
  PID:448
- C:\Windows\System\qrQSpoW.exe
  C:\Windows\System\qrQSpoW.exe
  2⤵
  PID:2016
- C:\Windows\System\OdLjNFA.exe
  C:\Windows\System\OdLjNFA.exe
  2⤵
  PID:336
- C:\Windows\System\UDCvZdi.exe
  C:\Windows\System\UDCvZdi.exe
  2⤵
  PID:1160
- C:\Windows\System\xyWocua.exe
  C:\Windows\System\xyWocua.exe
  2⤵
  PID:1700
- C:\Windows\System\XdUpkYU.exe
  C:\Windows\System\XdUpkYU.exe
  2⤵
  PID:1472
- C:\Windows\System\ViGeMKa.exe
  C:\Windows\System\ViGeMKa.exe
  2⤵
  PID:1480
- C:\Windows\System\UMWdyqf.exe
  C:\Windows\System\UMWdyqf.exe
  2⤵
  PID:644
- C:\Windows\System\hMEfyMB.exe
  C:\Windows\System\hMEfyMB.exe
  2⤵
  PID:1016
- C:\Windows\System\ooGEsqb.exe
  C:\Windows\System\ooGEsqb.exe
  2⤵
  PID:376
- C:\Windows\System\ROoRZGL.exe
  C:\Windows\System\ROoRZGL.exe
  2⤵
  PID:2360
- C:\Windows\System\MkfrsmC.exe
  C:\Windows\System\MkfrsmC.exe
  2⤵
  PID:2976
- C:\Windows\System\hPNmmPZ.exe
  C:\Windows\System\hPNmmPZ.exe
  2⤵
  PID:1932
- C:\Windows\System\ClbsIBo.exe
  C:\Windows\System\ClbsIBo.exe
  2⤵
  PID:2156
- C:\Windows\System\dgMRSYq.exe
  C:\Windows\System\dgMRSYq.exe
  2⤵
  PID:2100
- C:\Windows\System\MCtDUqD.exe
  C:\Windows\System\MCtDUqD.exe
  2⤵
  PID:1940
- C:\Windows\System\VZQZCRR.exe
  C:\Windows\System\VZQZCRR.exe
  2⤵
  PID:2704
- C:\Windows\System\UTqMQMu.exe
  C:\Windows\System\UTqMQMu.exe
  2⤵
  PID:2708
- C:\Windows\System\kMPLqtt.exe
  C:\Windows\System\kMPLqtt.exe
  2⤵
  PID:2636
- C:\Windows\System\XwMHeBh.exe
  C:\Windows\System\XwMHeBh.exe
  2⤵
  PID:2524
- C:\Windows\System\dIHXDDJ.exe
  C:\Windows\System\dIHXDDJ.exe
  2⤵
  PID:2320
- C:\Windows\System\KsGJzLh.exe
  C:\Windows\System\KsGJzLh.exe
  2⤵
  PID:1424
- C:\Windows\System\kRSzSeh.exe
  C:\Windows\System\kRSzSeh.exe
  2⤵
  PID:1452
- C:\Windows\System\MzfUxPi.exe
  C:\Windows\System\MzfUxPi.exe
  2⤵
  PID:3044
- C:\Windows\System\RHdXSHy.exe
  C:\Windows\System\RHdXSHy.exe
  2⤵
  PID:2856
- C:\Windows\System\aiiYomi.exe
  C:\Windows\System\aiiYomi.exe
  2⤵
  PID:2376
- C:\Windows\System\cvPgSfw.exe
  C:\Windows\System\cvPgSfw.exe
  2⤵
  PID:1112
- C:\Windows\System\YpyKxZT.exe
  C:\Windows\System\YpyKxZT.exe
  2⤵
  PID:836
- C:\Windows\System\MYGPebs.exe
  C:\Windows\System\MYGPebs.exe
  2⤵
  PID:1660
- C:\Windows\System\IyBzDsZ.exe
  C:\Windows\System\IyBzDsZ.exe
  2⤵
  PID:268
- C:\Windows\System\sHwfOfx.exe
  C:\Windows\System\sHwfOfx.exe
  2⤵
  PID:1844
- C:\Windows\System\lNHfTnx.exe
  C:\Windows\System\lNHfTnx.exe
  2⤵
  PID:2256
- C:\Windows\System\WZhvCDv.exe
  C:\Windows\System\WZhvCDv.exe
  2⤵
  PID:2224
- C:\Windows\System\JdXRLxx.exe
  C:\Windows\System\JdXRLxx.exe
  2⤵
  PID:1964
- C:\Windows\System\IMzRFQz.exe
  C:\Windows\System\IMzRFQz.exe
  2⤵
  PID:1524
- C:\Windows\System\FdRhyTa.exe
  C:\Windows\System\FdRhyTa.exe
  2⤵
  PID:2940
- C:\Windows\System\RuKuQoh.exe
  C:\Windows\System\RuKuQoh.exe
  2⤵
  PID:2644
- C:\Windows\System\tIerpNa.exe
  C:\Windows\System\tIerpNa.exe
  2⤵
  PID:2368
- C:\Windows\System\abuqEBn.exe
  C:\Windows\System\abuqEBn.exe
  2⤵
  PID:2784
- C:\Windows\System\COKmcbJ.exe
  C:\Windows\System\COKmcbJ.exe
  2⤵
  PID:2584
- C:\Windows\System\vGbFrGY.exe
  C:\Windows\System\vGbFrGY.exe
  2⤵
  PID:1952
- C:\Windows\System\FmIHrIl.exe
  C:\Windows\System\FmIHrIl.exe
  2⤵
  PID:2116
- C:\Windows\System\rWGEOln.exe
  C:\Windows\System\rWGEOln.exe
  2⤵
  PID:1696
- C:\Windows\System\bNrDpJB.exe
  C:\Windows\System\bNrDpJB.exe
  2⤵
  PID:1636
- C:\Windows\System\EIauhVl.exe
  C:\Windows\System\EIauhVl.exe
  2⤵
  PID:772
- C:\Windows\System\xjLwRRT.exe
  C:\Windows\System\xjLwRRT.exe
  2⤵
  PID:2972
- C:\Windows\System\FHJGBuk.exe
  C:\Windows\System\FHJGBuk.exe
  2⤵
  PID:3088
- C:\Windows\System\BIbokDE.exe
  C:\Windows\System\BIbokDE.exe
  2⤵
  PID:3108
- C:\Windows\System\IonYGzK.exe
  C:\Windows\System\IonYGzK.exe
  2⤵
  PID:3128
- C:\Windows\System\clkLzzR.exe
  C:\Windows\System\clkLzzR.exe
  2⤵
  PID:3148
- C:\Windows\System\qWNHIyz.exe
  C:\Windows\System\qWNHIyz.exe
  2⤵
  PID:3168
- C:\Windows\System\buVoRWE.exe
  C:\Windows\System\buVoRWE.exe
  2⤵
  PID:3184
- C:\Windows\System\HgOKpRU.exe
  C:\Windows\System\HgOKpRU.exe
  2⤵
  PID:3204
- C:\Windows\System\DQvXgpb.exe
  C:\Windows\System\DQvXgpb.exe
  2⤵
  PID:3220
- C:\Windows\System\ruTjoLL.exe
  C:\Windows\System\ruTjoLL.exe
  2⤵
  PID:3240
- C:\Windows\System\QNSYUBY.exe
  C:\Windows\System\QNSYUBY.exe
  2⤵
  PID:3260
- C:\Windows\System\OSFFssP.exe
  C:\Windows\System\OSFFssP.exe
  2⤵
  PID:3280
- C:\Windows\System\MuQGUlh.exe
  C:\Windows\System\MuQGUlh.exe
  2⤵
  PID:3300
- C:\Windows\System\CgznuCU.exe
  C:\Windows\System\CgznuCU.exe
  2⤵
  PID:3328
- C:\Windows\System\IPbPCpk.exe
  C:\Windows\System\IPbPCpk.exe
  2⤵
  PID:3348
- C:\Windows\System\osdyNlY.exe
  C:\Windows\System\osdyNlY.exe
  2⤵
  PID:3368
- C:\Windows\System\FSqThpK.exe
  C:\Windows\System\FSqThpK.exe
  2⤵
  PID:3384
- C:\Windows\System\ZvnNlAH.exe
  C:\Windows\System\ZvnNlAH.exe
  2⤵
  PID:3408
- C:\Windows\System\JhRPtkc.exe
  C:\Windows\System\JhRPtkc.exe
  2⤵
  PID:3424
- C:\Windows\System\ycqlxwY.exe
  C:\Windows\System\ycqlxwY.exe
  2⤵
  PID:3444
- C:\Windows\System\gaZpsGt.exe
  C:\Windows\System\gaZpsGt.exe
  2⤵
  PID:3464
- C:\Windows\System\SyIXevF.exe
  C:\Windows\System\SyIXevF.exe
  2⤵
  PID:3484
- C:\Windows\System\CLWlNtL.exe
  C:\Windows\System\CLWlNtL.exe
  2⤵
  PID:3504
- C:\Windows\System\HdKSdza.exe
  C:\Windows\System\HdKSdza.exe
  2⤵
  PID:3528
- C:\Windows\System\ybrLKsA.exe
  C:\Windows\System\ybrLKsA.exe
  2⤵
  PID:3544
- C:\Windows\System\kNTjNli.exe
  C:\Windows\System\kNTjNli.exe
  2⤵
  PID:3568
- C:\Windows\System\biiAmRG.exe
  C:\Windows\System\biiAmRG.exe
  2⤵
  PID:3588
- C:\Windows\System\dlctmav.exe
  C:\Windows\System\dlctmav.exe
  2⤵
  PID:3608
- C:\Windows\System\CdxoNYp.exe
  C:\Windows\System\CdxoNYp.exe
  2⤵
  PID:3628
- C:\Windows\System\ZReUOIH.exe
  C:\Windows\System\ZReUOIH.exe
  2⤵
  PID:3648
- C:\Windows\System\ldotnUQ.exe
  C:\Windows\System\ldotnUQ.exe
  2⤵
  PID:3668
- C:\Windows\System\gBFeobm.exe
  C:\Windows\System\gBFeobm.exe
  2⤵
  PID:3688
- C:\Windows\System\BGTndfH.exe
  C:\Windows\System\BGTndfH.exe
  2⤵
  PID:3708
- C:\Windows\System\gJUPizK.exe
  C:\Windows\System\gJUPizK.exe
  2⤵
  PID:3728
- C:\Windows\System\gaFaAhA.exe
  C:\Windows\System\gaFaAhA.exe
  2⤵
  PID:3748
- C:\Windows\System\OmbEnkX.exe
  C:\Windows\System\OmbEnkX.exe
  2⤵
  PID:3768
- C:\Windows\System\jzOBSzf.exe
  C:\Windows\System\jzOBSzf.exe
  2⤵
  PID:3788
- C:\Windows\System\oayuqgr.exe
  C:\Windows\System\oayuqgr.exe
  2⤵
  PID:3808
- C:\Windows\System\YQuxcxx.exe
  C:\Windows\System\YQuxcxx.exe
  2⤵
  PID:3828
- C:\Windows\System\cZhljwS.exe
  C:\Windows\System\cZhljwS.exe
  2⤵
  PID:3848
- C:\Windows\System\GHQGsJL.exe
  C:\Windows\System\GHQGsJL.exe
  2⤵
  PID:3868
- C:\Windows\System\jzFcpzy.exe
  C:\Windows\System\jzFcpzy.exe
  2⤵
  PID:3888
- C:\Windows\System\IqDElyQ.exe
  C:\Windows\System\IqDElyQ.exe
  2⤵
  PID:3908
- C:\Windows\System\QYqLPtm.exe
  C:\Windows\System\QYqLPtm.exe
  2⤵
  PID:3928
- C:\Windows\System\JdSTSeA.exe
  C:\Windows\System\JdSTSeA.exe
  2⤵
  PID:3948
- C:\Windows\System\VfYreMH.exe
  C:\Windows\System\VfYreMH.exe
  2⤵
  PID:3968
- C:\Windows\System\SsDTIvb.exe
  C:\Windows\System\SsDTIvb.exe
  2⤵
  PID:3988
- C:\Windows\System\bocDidq.exe
  C:\Windows\System\bocDidq.exe
  2⤵
  PID:4008
- C:\Windows\System\tKxFdxC.exe
  C:\Windows\System\tKxFdxC.exe
  2⤵
  PID:4028
- C:\Windows\System\XsOtUtn.exe
  C:\Windows\System\XsOtUtn.exe
  2⤵
  PID:4048
- C:\Windows\System\Rwximtz.exe
  C:\Windows\System\Rwximtz.exe
  2⤵
  PID:4068
- C:\Windows\System\OAzpnSL.exe
  C:\Windows\System\OAzpnSL.exe
  2⤵
  PID:4088
- C:\Windows\System\szOKkOW.exe
  C:\Windows\System\szOKkOW.exe
  2⤵
  PID:2292
- C:\Windows\System\KUJPZez.exe
  C:\Windows\System\KUJPZez.exe
  2⤵
  PID:2120
- C:\Windows\System\DmNybFU.exe
  C:\Windows\System\DmNybFU.exe
  2⤵
  PID:2312
- C:\Windows\System\GtprdXR.exe
  C:\Windows\System\GtprdXR.exe
  2⤵
  PID:1564
- C:\Windows\System\zHJVIwb.exe
  C:\Windows\System\zHJVIwb.exe
  2⤵
  PID:872
- C:\Windows\System\KRNPHmt.exe
  C:\Windows\System\KRNPHmt.exe
  2⤵
  PID:1728
- C:\Windows\System\pUrFlxf.exe
  C:\Windows\System\pUrFlxf.exe
  2⤵
  PID:3084
- C:\Windows\System\DhXnHju.exe
  C:\Windows\System\DhXnHju.exe
  2⤵
  PID:2956
- C:\Windows\System\hAmOkAc.exe
  C:\Windows\System\hAmOkAc.exe
  2⤵
  PID:3124
- C:\Windows\System\MWkTYpY.exe
  C:\Windows\System\MWkTYpY.exe
  2⤵
  PID:3156
- C:\Windows\System\GcpbCUS.exe
  C:\Windows\System\GcpbCUS.exe
  2⤵
  PID:3200
- C:\Windows\System\BFfXZEN.exe
  C:\Windows\System\BFfXZEN.exe
  2⤵
  PID:3136
- C:\Windows\System\SjFghXo.exe
  C:\Windows\System\SjFghXo.exe
  2⤵
  PID:3268
- C:\Windows\System\OdQmxeN.exe
  C:\Windows\System\OdQmxeN.exe
  2⤵
  PID:3180
- C:\Windows\System\zJOZLrR.exe
  C:\Windows\System\zJOZLrR.exe
  2⤵
  PID:3256
- C:\Windows\System\zfjoJKL.exe
  C:\Windows\System\zfjoJKL.exe
  2⤵
  PID:2272
- C:\Windows\System\dLZRvBU.exe
  C:\Windows\System\dLZRvBU.exe
  2⤵
  PID:3288
- C:\Windows\System\DvBoylt.exe
  C:\Windows\System\DvBoylt.exe
  2⤵
  PID:3340
- C:\Windows\System\brCGsEZ.exe
  C:\Windows\System\brCGsEZ.exe
  2⤵
  PID:3380
- C:\Windows\System\IOTjwnh.exe
  C:\Windows\System\IOTjwnh.exe
  2⤵
  PID:2808
- C:\Windows\System\SxhsZRy.exe
  C:\Windows\System\SxhsZRy.exe
  2⤵
  PID:3476
- C:\Windows\System\WiHgYXq.exe
  C:\Windows\System\WiHgYXq.exe
  2⤵
  PID:3524
- C:\Windows\System\tGKltMo.exe
  C:\Windows\System\tGKltMo.exe
  2⤵
  PID:3492
- C:\Windows\System\oJWQGxd.exe
  C:\Windows\System\oJWQGxd.exe
  2⤵
  PID:3536
- C:\Windows\System\mZbjiKf.exe
  C:\Windows\System\mZbjiKf.exe
  2⤵
  PID:3596
- C:\Windows\System\PyEuLts.exe
  C:\Windows\System\PyEuLts.exe
  2⤵
  PID:3640
- C:\Windows\System\ZZlfMjH.exe
  C:\Windows\System\ZZlfMjH.exe
  2⤵
  PID:3656
- C:\Windows\System\MWgmPzA.exe
  C:\Windows\System\MWgmPzA.exe
  2⤵
  PID:3696
- C:\Windows\System\wltreeK.exe
  C:\Windows\System\wltreeK.exe
  2⤵
  PID:3720
- C:\Windows\System\vYVuvHF.exe
  C:\Windows\System\vYVuvHF.exe
  2⤵
  PID:3764
- C:\Windows\System\ztTRsoG.exe
  C:\Windows\System\ztTRsoG.exe
  2⤵
  PID:3784
- C:\Windows\System\beftUGX.exe
  C:\Windows\System\beftUGX.exe
  2⤵
  PID:3816
- C:\Windows\System\kPAiubQ.exe
  C:\Windows\System\kPAiubQ.exe
  2⤵
  PID:3840
- C:\Windows\System\dmMoVut.exe
  C:\Windows\System\dmMoVut.exe
  2⤵
  PID:3864
- C:\Windows\System\XOrpDeB.exe
  C:\Windows\System\XOrpDeB.exe
  2⤵
  PID:3900
- C:\Windows\System\yYoaCHq.exe
  C:\Windows\System\yYoaCHq.exe
  2⤵
  PID:3956
- C:\Windows\System\ATmtxVn.exe
  C:\Windows\System\ATmtxVn.exe
  2⤵
  PID:3940
- C:\Windows\System\BtLaxJz.exe
  C:\Windows\System\BtLaxJz.exe
  2⤵
  PID:3980
- C:\Windows\System\qiQJdva.exe
  C:\Windows\System\qiQJdva.exe
  2⤵
  PID:4024
- C:\Windows\System\cBgbDRa.exe
  C:\Windows\System\cBgbDRa.exe
  2⤵
  PID:4056
- C:\Windows\System\FYThCoU.exe
  C:\Windows\System\FYThCoU.exe
  2⤵
  PID:1868
- C:\Windows\System\lfATsjm.exe
  C:\Windows\System\lfATsjm.exe
  2⤵
  PID:1936
- C:\Windows\System\dzAeLjQ.exe
  C:\Windows\System\dzAeLjQ.exe
  2⤵
  PID:2660
- C:\Windows\System\BwskZNA.exe
  C:\Windows\System\BwskZNA.exe
  2⤵
  PID:1708
- C:\Windows\System\LiXRcZX.exe
  C:\Windows\System\LiXRcZX.exe
  2⤵
  PID:1628
- C:\Windows\System\wzmVBAL.exe
  C:\Windows\System\wzmVBAL.exe
  2⤵
  PID:3116
- C:\Windows\System\sfnaDqd.exe
  C:\Windows\System\sfnaDqd.exe
  2⤵
  PID:3192
- C:\Windows\System\bVdhUEy.exe
  C:\Windows\System\bVdhUEy.exe
  2⤵
  PID:3176
- C:\Windows\System\UUFfwww.exe
  C:\Windows\System\UUFfwww.exe
  2⤵
  PID:3324
- C:\Windows\System\DmAEOwU.exe
  C:\Windows\System\DmAEOwU.exe
  2⤵
  PID:3308
- C:\Windows\System\ACXHYOb.exe
  C:\Windows\System\ACXHYOb.exe
  2⤵
  PID:3344
- C:\Windows\System\jgiVrkr.exe
  C:\Windows\System\jgiVrkr.exe
  2⤵
  PID:3436
- C:\Windows\System\NpWabwz.exe
  C:\Windows\System\NpWabwz.exe
  2⤵
  PID:3480
- C:\Windows\System\StTdHLz.exe
  C:\Windows\System\StTdHLz.exe
  2⤵
  PID:3460
- C:\Windows\System\FlgWoEd.exe
  C:\Windows\System\FlgWoEd.exe
  2⤵
  PID:3600
- C:\Windows\System\aQnmNwN.exe
  C:\Windows\System\aQnmNwN.exe
  2⤵
  PID:3584
- C:\Windows\System\SIRebEC.exe
  C:\Windows\System\SIRebEC.exe
  2⤵
  PID:3676
- C:\Windows\System\mnpBLNL.exe
  C:\Windows\System\mnpBLNL.exe
  2⤵
  PID:3756
- C:\Windows\System\ANrJgJx.exe
  C:\Windows\System\ANrJgJx.exe
  2⤵
  PID:3804
- C:\Windows\System\LeMQReU.exe
  C:\Windows\System\LeMQReU.exe
  2⤵
  PID:3860
- C:\Windows\System\hlZzUXB.exe
  C:\Windows\System\hlZzUXB.exe
  2⤵
  PID:3920
- C:\Windows\System\rQLkOeg.exe
  C:\Windows\System\rQLkOeg.exe
  2⤵
  PID:2080
- C:\Windows\System\pImHwyh.exe
  C:\Windows\System\pImHwyh.exe
  2⤵
  PID:1852
- C:\Windows\System\UaCzxpd.exe
  C:\Windows\System\UaCzxpd.exe
  2⤵
  PID:3944
- C:\Windows\System\UmenXKj.exe
  C:\Windows\System\UmenXKj.exe
  2⤵
  PID:4016
- C:\Windows\System\XocRedq.exe
  C:\Windows\System\XocRedq.exe
  2⤵
  PID:4060
- C:\Windows\System\DOSXWUQ.exe
  C:\Windows\System\DOSXWUQ.exe
  2⤵
  PID:1796
- C:\Windows\System\goeiuAB.exe
  C:\Windows\System\goeiuAB.exe
  2⤵
  PID:1836
- C:\Windows\System\ZVsjcTb.exe
  C:\Windows\System\ZVsjcTb.exe
  2⤵
  PID:3228
- C:\Windows\System\DnqmNas.exe
  C:\Windows\System\DnqmNas.exe
  2⤵
  PID:3160
- C:\Windows\System\JJyzOuN.exe
  C:\Windows\System\JJyzOuN.exe
  2⤵
  PID:3232
- C:\Windows\System\xaHRBQb.exe
  C:\Windows\System\xaHRBQb.exe
  2⤵
  PID:3404
- C:\Windows\System\eTzWoKi.exe
  C:\Windows\System\eTzWoKi.exe
  2⤵
  PID:3420
- C:\Windows\System\flCCriI.exe
  C:\Windows\System\flCCriI.exe
  2⤵
  PID:3496
- C:\Windows\System\zucOdDV.exe
  C:\Windows\System\zucOdDV.exe
  2⤵
  PID:3576
- C:\Windows\System\KmzKQJh.exe
  C:\Windows\System\KmzKQJh.exe
  2⤵
  PID:3680
- C:\Windows\System\ObwIKeI.exe
  C:\Windows\System\ObwIKeI.exe
  2⤵
  PID:2308
- C:\Windows\System\NzlorkR.exe
  C:\Windows\System\NzlorkR.exe
  2⤵
  PID:4116
- C:\Windows\System\GWrlCJC.exe
  C:\Windows\System\GWrlCJC.exe
  2⤵
  PID:4136
- C:\Windows\System\OCMoVLF.exe
  C:\Windows\System\OCMoVLF.exe
  2⤵
  PID:4156
- C:\Windows\System\WmlQuJb.exe
  C:\Windows\System\WmlQuJb.exe
  2⤵
  PID:4176
- C:\Windows\System\IjCkBpg.exe
  C:\Windows\System\IjCkBpg.exe
  2⤵
  PID:4196
- C:\Windows\System\jnsUoTk.exe
  C:\Windows\System\jnsUoTk.exe
  2⤵
  PID:4216
- C:\Windows\System\qsqGvXq.exe
  C:\Windows\System\qsqGvXq.exe
  2⤵
  PID:4236
- C:\Windows\System\NkXZxjW.exe
  C:\Windows\System\NkXZxjW.exe
  2⤵
  PID:4256
- C:\Windows\System\XOpzsCM.exe
  C:\Windows\System\XOpzsCM.exe
  2⤵
  PID:4276
- C:\Windows\System\aQloVJw.exe
  C:\Windows\System\aQloVJw.exe
  2⤵
  PID:4296
- C:\Windows\System\KKfPJmp.exe
  C:\Windows\System\KKfPJmp.exe
  2⤵
  PID:4316
- C:\Windows\System\yJwBfVd.exe
  C:\Windows\System\yJwBfVd.exe
  2⤵
  PID:4336
- C:\Windows\System\rXuzVwl.exe
  C:\Windows\System\rXuzVwl.exe
  2⤵
  PID:4356
- C:\Windows\System\casCPlN.exe
  C:\Windows\System\casCPlN.exe
  2⤵
  PID:4376
- C:\Windows\System\MilRDOX.exe
  C:\Windows\System\MilRDOX.exe
  2⤵
  PID:4396
- C:\Windows\System\VPTXncU.exe
  C:\Windows\System\VPTXncU.exe
  2⤵
  PID:4416
- C:\Windows\System\FNtYptu.exe
  C:\Windows\System\FNtYptu.exe
  2⤵
  PID:4436
- C:\Windows\System\LRyZlSE.exe
  C:\Windows\System\LRyZlSE.exe
  2⤵
  PID:4456
- C:\Windows\System\rvMwdOw.exe
  C:\Windows\System\rvMwdOw.exe
  2⤵
  PID:4476
- C:\Windows\System\wsmxDKL.exe
  C:\Windows\System\wsmxDKL.exe
  2⤵
  PID:4496
- C:\Windows\System\MxEwsRD.exe
  C:\Windows\System\MxEwsRD.exe
  2⤵
  PID:4516
- C:\Windows\System\sHvSjTe.exe
  C:\Windows\System\sHvSjTe.exe
  2⤵
  PID:4536
- C:\Windows\System\jwIfZCW.exe
  C:\Windows\System\jwIfZCW.exe
  2⤵
  PID:4556
- C:\Windows\System\tjZaZCj.exe
  C:\Windows\System\tjZaZCj.exe
  2⤵
  PID:4576
- C:\Windows\System\XuBKBBU.exe
  C:\Windows\System\XuBKBBU.exe
  2⤵
  PID:4596
- C:\Windows\System\fKIXjzu.exe
  C:\Windows\System\fKIXjzu.exe
  2⤵
  PID:4616
- C:\Windows\System\WsMJhog.exe
  C:\Windows\System\WsMJhog.exe
  2⤵
  PID:4636
- C:\Windows\System\xnXYSrX.exe
  C:\Windows\System\xnXYSrX.exe
  2⤵
  PID:4656
- C:\Windows\System\IMeSQzb.exe
  C:\Windows\System\IMeSQzb.exe
  2⤵
  PID:4676
- C:\Windows\System\gFQPIDi.exe
  C:\Windows\System\gFQPIDi.exe
  2⤵
  PID:4696
- C:\Windows\System\nQwQJhC.exe
  C:\Windows\System\nQwQJhC.exe
  2⤵
  PID:4716
- C:\Windows\System\VBzKIhy.exe
  C:\Windows\System\VBzKIhy.exe
  2⤵
  PID:4736
- C:\Windows\System\VtCqLrs.exe
  C:\Windows\System\VtCqLrs.exe
  2⤵
  PID:4756
- C:\Windows\System\SEHQdZi.exe
  C:\Windows\System\SEHQdZi.exe
  2⤵
  PID:4776
- C:\Windows\System\TmEnDpg.exe
  C:\Windows\System\TmEnDpg.exe
  2⤵
  PID:4796
- C:\Windows\System\ClKvNYp.exe
  C:\Windows\System\ClKvNYp.exe
  2⤵
  PID:4816
- C:\Windows\System\JhWiUwS.exe
  C:\Windows\System\JhWiUwS.exe
  2⤵
  PID:4836
- C:\Windows\System\PndcYTY.exe
  C:\Windows\System\PndcYTY.exe
  2⤵
  PID:4856
- C:\Windows\System\gTdfFmc.exe
  C:\Windows\System\gTdfFmc.exe
  2⤵
  PID:4876
- C:\Windows\System\DKADDMF.exe
  C:\Windows\System\DKADDMF.exe
  2⤵
  PID:4900
- C:\Windows\System\PXOVIFn.exe
  C:\Windows\System\PXOVIFn.exe
  2⤵
  PID:4924
- C:\Windows\System\rOoaStj.exe
  C:\Windows\System\rOoaStj.exe
  2⤵
  PID:4944
- C:\Windows\System\rmwQlHX.exe
  C:\Windows\System\rmwQlHX.exe
  2⤵
  PID:4964
- C:\Windows\System\hQNUglw.exe
  C:\Windows\System\hQNUglw.exe
  2⤵
  PID:4984
- C:\Windows\System\mNqOWrO.exe
  C:\Windows\System\mNqOWrO.exe
  2⤵
  PID:5004
- C:\Windows\System\hBXqZLq.exe
  C:\Windows\System\hBXqZLq.exe
  2⤵
  PID:5024
- C:\Windows\System\krSzDpC.exe
  C:\Windows\System\krSzDpC.exe
  2⤵
  PID:5044
- C:\Windows\System\YeWMsRX.exe
  C:\Windows\System\YeWMsRX.exe
  2⤵
  PID:5064
- C:\Windows\System\xCmhLZS.exe
  C:\Windows\System\xCmhLZS.exe
  2⤵
  PID:5084
- C:\Windows\System\bpluZpf.exe
  C:\Windows\System\bpluZpf.exe
  2⤵
  PID:5104
- C:\Windows\System\eewZgZN.exe
  C:\Windows\System\eewZgZN.exe
  2⤵
  PID:2064
- C:\Windows\System\phYGeds.exe
  C:\Windows\System\phYGeds.exe
  2⤵
  PID:3904
- C:\Windows\System\bpKTYtP.exe
  C:\Windows\System\bpKTYtP.exe
  2⤵
  PID:3960
- C:\Windows\System\XNDrlHu.exe
  C:\Windows\System\XNDrlHu.exe
  2⤵
  PID:484
- C:\Windows\System\LQButcp.exe
  C:\Windows\System\LQButcp.exe
  2⤵
  PID:1376
- C:\Windows\System\VlfQRTg.exe
  C:\Windows\System\VlfQRTg.exe
  2⤵
  PID:2068
- C:\Windows\System\paFjhpz.exe
  C:\Windows\System\paFjhpz.exe
  2⤵
  PID:3320
- C:\Windows\System\zEzepCL.exe
  C:\Windows\System\zEzepCL.exe
  2⤵
  PID:3440
- C:\Windows\System\jaXTzNp.exe
  C:\Windows\System\jaXTzNp.exe
  2⤵
  PID:3248
- C:\Windows\System\weyMXit.exe
  C:\Windows\System\weyMXit.exe
  2⤵
  PID:3620
- C:\Windows\System\CXgADkS.exe
  C:\Windows\System\CXgADkS.exe
  2⤵
  PID:2948
- C:\Windows\System\AfWVYre.exe
  C:\Windows\System\AfWVYre.exe
  2⤵
  PID:272
- C:\Windows\System\xcAORpp.exe
  C:\Windows\System\xcAORpp.exe
  2⤵
  PID:4144
- C:\Windows\System\QBWDRBC.exe
  C:\Windows\System\QBWDRBC.exe
  2⤵
  PID:4172
- C:\Windows\System\YudLhBe.exe
  C:\Windows\System\YudLhBe.exe
  2⤵
  PID:4212
- C:\Windows\System\Tfeeomw.exe
  C:\Windows\System\Tfeeomw.exe
  2⤵
  PID:4264
- C:\Windows\System\DPtzHbC.exe
  C:\Windows\System\DPtzHbC.exe
  2⤵
  PID:4268
- C:\Windows\System\cNjYRYa.exe
  C:\Windows\System\cNjYRYa.exe
  2⤵
  PID:4312
- C:\Windows\System\XpWzWym.exe
  C:\Windows\System\XpWzWym.exe
  2⤵
  PID:4328
- C:\Windows\System\mtSNlna.exe
  C:\Windows\System\mtSNlna.exe
  2⤵
  PID:4368
- C:\Windows\System\uQsnJbv.exe
  C:\Windows\System\uQsnJbv.exe
  2⤵
  PID:4404
- C:\Windows\System\ySJZZcJ.exe
  C:\Windows\System\ySJZZcJ.exe
  2⤵
  PID:4428
- C:\Windows\System\knZXCgA.exe
  C:\Windows\System\knZXCgA.exe
  2⤵
  PID:4468
- C:\Windows\System\FCqoNRc.exe
  C:\Windows\System\FCqoNRc.exe
  2⤵
  PID:4504
- C:\Windows\System\aNoWBwP.exe
  C:\Windows\System\aNoWBwP.exe
  2⤵
  PID:4552
- C:\Windows\System\zdElbLf.exe
  C:\Windows\System\zdElbLf.exe
  2⤵
  PID:4532
- C:\Windows\System\yWjRogp.exe
  C:\Windows\System\yWjRogp.exe
  2⤵
  PID:4604
- C:\Windows\System\utmhvgE.exe
  C:\Windows\System\utmhvgE.exe
  2⤵
  PID:4608
- C:\Windows\System\uuEtTRH.exe
  C:\Windows\System\uuEtTRH.exe
  2⤵
  PID:4672
- C:\Windows\System\eghiGnV.exe
  C:\Windows\System\eghiGnV.exe
  2⤵
  PID:4688
- C:\Windows\System\tzLAVqg.exe
  C:\Windows\System\tzLAVqg.exe
  2⤵
  PID:4748
- C:\Windows\System\biQSyvX.exe
  C:\Windows\System\biQSyvX.exe
  2⤵
  PID:4728
- C:\Windows\System\KWMQjij.exe
  C:\Windows\System\KWMQjij.exe
  2⤵
  PID:4792
- C:\Windows\System\eeZxgne.exe
  C:\Windows\System\eeZxgne.exe
  2⤵
  PID:4812
- C:\Windows\System\FltnpRH.exe
  C:\Windows\System\FltnpRH.exe
  2⤵
  PID:4864
- C:\Windows\System\nTEiHBR.exe
  C:\Windows\System\nTEiHBR.exe
  2⤵
  PID:4896
- C:\Windows\System\xcqaUHL.exe
  C:\Windows\System\xcqaUHL.exe
  2⤵
  PID:4952
- C:\Windows\System\dwsHTIZ.exe
  C:\Windows\System\dwsHTIZ.exe
  2⤵
  PID:4936
- C:\Windows\System\RrZrLDV.exe
  C:\Windows\System\RrZrLDV.exe
  2⤵
  PID:4996
- C:\Windows\System\NrXXcSm.exe
  C:\Windows\System\NrXXcSm.exe
  2⤵
  PID:5040
- C:\Windows\System\UJUzAUD.exe
  C:\Windows\System\UJUzAUD.exe
  2⤵
  PID:5052
- C:\Windows\System\SyVBVVy.exe
  C:\Windows\System\SyVBVVy.exe
  2⤵
  PID:5092
- C:\Windows\System\HzkoQrC.exe
  C:\Windows\System\HzkoQrC.exe
  2⤵
  PID:5096
- C:\Windows\System\uFpQGvK.exe
  C:\Windows\System\uFpQGvK.exe
  2⤵
  PID:4080
- C:\Windows\System\GITpNko.exe
  C:\Windows\System\GITpNko.exe
  2⤵
  PID:4044
- C:\Windows\System\tCADRcj.exe
  C:\Windows\System\tCADRcj.exe
  2⤵
  PID:2480
- C:\Windows\System\DMlYEyJ.exe
  C:\Windows\System\DMlYEyJ.exe
  2⤵
  PID:3556
- C:\Windows\System\dXtUmcP.exe
  C:\Windows\System\dXtUmcP.exe
  2⤵
  PID:3744
- C:\Windows\System\WzvQHWL.exe
  C:\Windows\System\WzvQHWL.exe
  2⤵
  PID:3716
- C:\Windows\System\trZYJuq.exe
  C:\Windows\System\trZYJuq.exe
  2⤵
  PID:4128
- C:\Windows\System\aDhwXNr.exe
  C:\Windows\System\aDhwXNr.exe
  2⤵
  PID:4164
- C:\Windows\System\uijJRpC.exe
  C:\Windows\System\uijJRpC.exe
  2⤵
  PID:4244
- C:\Windows\System\COBqTPW.exe
  C:\Windows\System\COBqTPW.exe
  2⤵
  PID:4324
- C:\Windows\System\MKSjTIZ.exe
  C:\Windows\System\MKSjTIZ.exe
  2⤵
  PID:4332
- C:\Windows\System\FPjWQut.exe
  C:\Windows\System\FPjWQut.exe
  2⤵
  PID:4388
- C:\Windows\System\rKGjjBK.exe
  C:\Windows\System\rKGjjBK.exe
  2⤵
  PID:4408
- C:\Windows\System\bbNPRTW.exe
  C:\Windows\System\bbNPRTW.exe
  2⤵
  PID:4508
- C:\Windows\System\ktcOHYq.exe
  C:\Windows\System\ktcOHYq.exe
  2⤵
  PID:4584
- C:\Windows\System\piYsSRu.exe
  C:\Windows\System\piYsSRu.exe
  2⤵
  PID:4568
- C:\Windows\System\FwgjbTw.exe
  C:\Windows\System\FwgjbTw.exe
  2⤵
  PID:4664
- C:\Windows\System\yavwErE.exe
  C:\Windows\System\yavwErE.exe
  2⤵
  PID:4692
- C:\Windows\System\iSqBZMC.exe
  C:\Windows\System\iSqBZMC.exe
  2⤵
  PID:4784
- C:\Windows\System\ToHwDrQ.exe
  C:\Windows\System\ToHwDrQ.exe
  2⤵
  PID:4804
- C:\Windows\System\WCtGhzK.exe
  C:\Windows\System\WCtGhzK.exe
  2⤵
  PID:4852
- C:\Windows\System\zZXSMFD.exe
  C:\Windows\System\zZXSMFD.exe
  2⤵
  PID:4888
- C:\Windows\System\HpdbQmV.exe
  C:\Windows\System\HpdbQmV.exe
  2⤵
  PID:4932
- C:\Windows\System\KltRjJL.exe
  C:\Windows\System\KltRjJL.exe
  2⤵
  PID:5032
- C:\Windows\System\ziUHajy.exe
  C:\Windows\System\ziUHajy.exe
  2⤵
  PID:2548
- C:\Windows\System\DtzTraW.exe
  C:\Windows\System\DtzTraW.exe
  2⤵
  PID:5116
- C:\Windows\System\BAjxTnE.exe
  C:\Windows\System\BAjxTnE.exe
  2⤵
  PID:3836
- C:\Windows\System\UxqexLe.exe
  C:\Windows\System\UxqexLe.exe
  2⤵
  PID:3276
- C:\Windows\System\RnymgwR.exe
  C:\Windows\System\RnymgwR.exe
  2⤵
  PID:3564
- C:\Windows\System\IAbgfDq.exe
  C:\Windows\System\IAbgfDq.exe
  2⤵
  PID:4100
- C:\Windows\System\EOfDilU.exe
  C:\Windows\System\EOfDilU.exe
  2⤵
  PID:3780
- C:\Windows\System\vPHDkbz.exe
  C:\Windows\System\vPHDkbz.exe
  2⤵
  PID:4228
- C:\Windows\System\XmdIlbZ.exe
  C:\Windows\System\XmdIlbZ.exe
  2⤵
  PID:4372
- C:\Windows\System\oDoZWLZ.exe
  C:\Windows\System\oDoZWLZ.exe
  2⤵
  PID:2716
- C:\Windows\System\OaJKcyK.exe
  C:\Windows\System\OaJKcyK.exe
  2⤵
  PID:4452
- C:\Windows\System\hBOMxtD.exe
  C:\Windows\System\hBOMxtD.exe
  2⤵
  PID:4592
- C:\Windows\System\kyMUVKZ.exe
  C:\Windows\System\kyMUVKZ.exe
  2⤵
  PID:4632
- C:\Windows\System\suimZtZ.exe
  C:\Windows\System\suimZtZ.exe
  2⤵
  PID:4684
- C:\Windows\System\DBnXaix.exe
  C:\Windows\System\DBnXaix.exe
  2⤵
  PID:2764
- C:\Windows\System\CqrPzXB.exe
  C:\Windows\System\CqrPzXB.exe
  2⤵
  PID:4824
- C:\Windows\System\HeAeffJ.exe
  C:\Windows\System\HeAeffJ.exe
  2⤵
  PID:4976
- C:\Windows\System\SnQFitw.exe
  C:\Windows\System\SnQFitw.exe
  2⤵
  PID:3776
- C:\Windows\System\XzfUevy.exe
  C:\Windows\System\XzfUevy.exe
  2⤵
  PID:3976
- C:\Windows\System\nNkpEob.exe
  C:\Windows\System\nNkpEob.exe
  2⤵
  PID:2236
- C:\Windows\System\dOEGjYM.exe
  C:\Windows\System\dOEGjYM.exe
  2⤵
  PID:2684
- C:\Windows\System\uzJIqyX.exe
  C:\Windows\System\uzJIqyX.exe
  2⤵
  PID:4192
- C:\Windows\System\oGRXugx.exe
  C:\Windows\System\oGRXugx.exe
  2⤵
  PID:4224
- C:\Windows\System\JMAOgBa.exe
  C:\Windows\System\JMAOgBa.exe
  2⤵
  PID:4288
- C:\Windows\System\kvhbwsG.exe
  C:\Windows\System\kvhbwsG.exe
  2⤵
  PID:5136
- C:\Windows\System\dDhWmaU.exe
  C:\Windows\System\dDhWmaU.exe
  2⤵
  PID:5156
- C:\Windows\System\eLAJWCP.exe
  C:\Windows\System\eLAJWCP.exe
  2⤵
  PID:5176
- C:\Windows\System\aBHtUty.exe
  C:\Windows\System\aBHtUty.exe
  2⤵
  PID:5196
- C:\Windows\System\xIYZWCh.exe
  C:\Windows\System\xIYZWCh.exe
  2⤵
  PID:5216
- C:\Windows\System\xNFLqTo.exe
  C:\Windows\System\xNFLqTo.exe
  2⤵
  PID:5236
- C:\Windows\System\VUXGbMt.exe
  C:\Windows\System\VUXGbMt.exe
  2⤵
  PID:5256
- C:\Windows\System\GtiHOty.exe
  C:\Windows\System\GtiHOty.exe
  2⤵
  PID:5276
- C:\Windows\System\uWpKAvr.exe
  C:\Windows\System\uWpKAvr.exe
  2⤵
  PID:5296
- C:\Windows\System\UZPiGeP.exe
  C:\Windows\System\UZPiGeP.exe
  2⤵
  PID:5316
- C:\Windows\System\FhLQxXG.exe
  C:\Windows\System\FhLQxXG.exe
  2⤵
  PID:5336
- C:\Windows\System\VFXPlkm.exe
  C:\Windows\System\VFXPlkm.exe
  2⤵
  PID:5356
- C:\Windows\System\UoTcBHr.exe
  C:\Windows\System\UoTcBHr.exe
  2⤵
  PID:5376
- C:\Windows\System\MZsgkkZ.exe
  C:\Windows\System\MZsgkkZ.exe
  2⤵
  PID:5396
- C:\Windows\System\IKtrLix.exe
  C:\Windows\System\IKtrLix.exe
  2⤵
  PID:5416
- C:\Windows\System\MkjeCEg.exe
  C:\Windows\System\MkjeCEg.exe
  2⤵
  PID:5436
- C:\Windows\System\zfShFcQ.exe
  C:\Windows\System\zfShFcQ.exe
  2⤵
  PID:5456
- C:\Windows\System\mtQIHSy.exe
  C:\Windows\System\mtQIHSy.exe
  2⤵
  PID:5476
- C:\Windows\System\dKksrpi.exe
  C:\Windows\System\dKksrpi.exe
  2⤵
  PID:5500
- C:\Windows\System\WodYkqW.exe
  C:\Windows\System\WodYkqW.exe
  2⤵
  PID:5520
- C:\Windows\System\JxmhTNR.exe
  C:\Windows\System\JxmhTNR.exe
  2⤵
  PID:5540
- C:\Windows\System\ZFSpdoB.exe
  C:\Windows\System\ZFSpdoB.exe
  2⤵
  PID:5560
- C:\Windows\System\FxmjIDg.exe
  C:\Windows\System\FxmjIDg.exe
  2⤵
  PID:5580
- C:\Windows\System\nTMNDDe.exe
  C:\Windows\System\nTMNDDe.exe
  2⤵
  PID:5600
- C:\Windows\System\nFtOIIP.exe
  C:\Windows\System\nFtOIIP.exe
  2⤵
  PID:5620
- C:\Windows\System\FPQfwiT.exe
  C:\Windows\System\FPQfwiT.exe
  2⤵
  PID:5640
- C:\Windows\System\wwkiVpP.exe
  C:\Windows\System\wwkiVpP.exe
  2⤵
  PID:5660
- C:\Windows\System\wbbprFy.exe
  C:\Windows\System\wbbprFy.exe
  2⤵
  PID:5680
- C:\Windows\System\foCmfnE.exe
  C:\Windows\System\foCmfnE.exe
  2⤵
  PID:5700
- C:\Windows\System\LSylPEr.exe
  C:\Windows\System\LSylPEr.exe
  2⤵
  PID:5720
- C:\Windows\System\kWsHGvk.exe
  C:\Windows\System\kWsHGvk.exe
  2⤵
  PID:5740
- C:\Windows\System\nlBEfgp.exe
  C:\Windows\System\nlBEfgp.exe
  2⤵
  PID:5760
- C:\Windows\System\UZNbjTd.exe
  C:\Windows\System\UZNbjTd.exe
  2⤵
  PID:5780
- C:\Windows\System\WhBGMji.exe
  C:\Windows\System\WhBGMji.exe
  2⤵
  PID:5800
- C:\Windows\System\MBrmPgU.exe
  C:\Windows\System\MBrmPgU.exe
  2⤵
  PID:5820
- C:\Windows\System\rrKoeMS.exe
  C:\Windows\System\rrKoeMS.exe
  2⤵
  PID:5840
- C:\Windows\System\rYMTAAA.exe
  C:\Windows\System\rYMTAAA.exe
  2⤵
  PID:5860
- C:\Windows\System\nWeaaqr.exe
  C:\Windows\System\nWeaaqr.exe
  2⤵
  PID:5880
- C:\Windows\System\WanGVCC.exe
  C:\Windows\System\WanGVCC.exe
  2⤵
  PID:5900
- C:\Windows\System\kIwinFQ.exe
  C:\Windows\System\kIwinFQ.exe
  2⤵
  PID:5920
- C:\Windows\System\dWlagog.exe
  C:\Windows\System\dWlagog.exe
  2⤵
  PID:5940
- C:\Windows\System\FKOvFfq.exe
  C:\Windows\System\FKOvFfq.exe
  2⤵
  PID:5960
- C:\Windows\System\EauJmUR.exe
  C:\Windows\System\EauJmUR.exe
  2⤵
  PID:5980
- C:\Windows\System\RJVylvt.exe
  C:\Windows\System\RJVylvt.exe
  2⤵
  PID:6000
- C:\Windows\System\pnoEOYP.exe
  C:\Windows\System\pnoEOYP.exe
  2⤵
  PID:6020
- C:\Windows\System\IVfdwml.exe
  C:\Windows\System\IVfdwml.exe
  2⤵
  PID:6040
- C:\Windows\System\RyqYXDH.exe
  C:\Windows\System\RyqYXDH.exe
  2⤵
  PID:6060
- C:\Windows\System\MWhYSSJ.exe
  C:\Windows\System\MWhYSSJ.exe
  2⤵
  PID:6080
- C:\Windows\System\GIEOTwG.exe
  C:\Windows\System\GIEOTwG.exe
  2⤵
  PID:6100
- C:\Windows\System\BSKsLRZ.exe
  C:\Windows\System\BSKsLRZ.exe
  2⤵
  PID:6120
- C:\Windows\System\fNXBlek.exe
  C:\Windows\System\fNXBlek.exe
  2⤵
  PID:6140
- C:\Windows\System\HVqLpTA.exe
  C:\Windows\System\HVqLpTA.exe
  2⤵
  PID:4492
- C:\Windows\System\rlvsJsL.exe
  C:\Windows\System\rlvsJsL.exe
  2⤵
  PID:4564
- C:\Windows\System\csXRRTy.exe
  C:\Windows\System\csXRRTy.exe
  2⤵
  PID:4772
- C:\Windows\System\wyFybiZ.exe
  C:\Windows\System\wyFybiZ.exe
  2⤵
  PID:4940
- C:\Windows\System\MKsSWVv.exe
  C:\Windows\System\MKsSWVv.exe
  2⤵
  PID:5020
- C:\Windows\System\IiOmawH.exe
  C:\Windows\System\IiOmawH.exe
  2⤵
  PID:3024
- C:\Windows\System\IoGJbae.exe
  C:\Windows\System\IoGJbae.exe
  2⤵
  PID:4232
- C:\Windows\System\WrVgZeK.exe
  C:\Windows\System\WrVgZeK.exe
  2⤵
  PID:2816
- C:\Windows\System\SPJdJjC.exe
  C:\Windows\System\SPJdJjC.exe
  2⤵
  PID:5128
- C:\Windows\System\JCFildF.exe
  C:\Windows\System\JCFildF.exe
  2⤵
  PID:5184
- C:\Windows\System\tkqqwRm.exe
  C:\Windows\System\tkqqwRm.exe
  2⤵
  PID:5212
- C:\Windows\System\PExSUcb.exe
  C:\Windows\System\PExSUcb.exe
  2⤵
  PID:5252
- C:\Windows\System\aZynuKO.exe
  C:\Windows\System\aZynuKO.exe
  2⤵
  PID:5284
- C:\Windows\System\wcQlSoK.exe
  C:\Windows\System\wcQlSoK.exe
  2⤵
  PID:5308
- C:\Windows\System\toRFoWI.exe
  C:\Windows\System\toRFoWI.exe
  2⤵
  PID:5328
- C:\Windows\System\UNOwPGE.exe
  C:\Windows\System\UNOwPGE.exe
  2⤵
  PID:5392
- C:\Windows\System\cpZMHrw.exe
  C:\Windows\System\cpZMHrw.exe
  2⤵
  PID:5424
- C:\Windows\System\wqitQMY.exe
  C:\Windows\System\wqitQMY.exe
  2⤵
  PID:5452
- C:\Windows\System\CBmpuYk.exe
  C:\Windows\System\CBmpuYk.exe
  2⤵
  PID:5508
- C:\Windows\System\YPrmlrp.exe
  C:\Windows\System\YPrmlrp.exe
  2⤵
  PID:5512
- C:\Windows\System\pDbeFCe.exe
  C:\Windows\System\pDbeFCe.exe
  2⤵
  PID:5556
- C:\Windows\System\cjChHai.exe
  C:\Windows\System\cjChHai.exe
  2⤵
  PID:5572
- C:\Windows\System\THdUrpD.exe
  C:\Windows\System\THdUrpD.exe
  2⤵
  PID:5612
- C:\Windows\System\HMDwhKx.exe
  C:\Windows\System\HMDwhKx.exe
  2⤵
  PID:5656
- C:\Windows\System\ivbYBzU.exe
  C:\Windows\System\ivbYBzU.exe
  2⤵
  PID:5688
- C:\Windows\System\gmNDQjL.exe
  C:\Windows\System\gmNDQjL.exe
  2⤵
  PID:5712
- C:\Windows\System\sTYAyCF.exe
  C:\Windows\System\sTYAyCF.exe
  2⤵
  PID:5756
- C:\Windows\System\jvfPchU.exe
  C:\Windows\System\jvfPchU.exe
  2⤵
  PID:5772
- C:\Windows\System\kRSMwZL.exe
  C:\Windows\System\kRSMwZL.exe
  2⤵
  PID:5816
- C:\Windows\System\ssqFWtY.exe
  C:\Windows\System\ssqFWtY.exe
  2⤵
  PID:5856
- C:\Windows\System\gCflxDE.exe
  C:\Windows\System\gCflxDE.exe
  2⤵
  PID:5888
- C:\Windows\System\vNpBOSo.exe
  C:\Windows\System\vNpBOSo.exe
  2⤵
  PID:5912
- C:\Windows\System\XcYZAOr.exe
  C:\Windows\System\XcYZAOr.exe
  2⤵
  PID:5956
- C:\Windows\System\mpMMOQv.exe
  C:\Windows\System\mpMMOQv.exe
  2⤵
  PID:5996
- C:\Windows\System\GPFlLTB.exe
  C:\Windows\System\GPFlLTB.exe
  2⤵
  PID:6028
- C:\Windows\System\SEdADvh.exe
  C:\Windows\System\SEdADvh.exe
  2⤵
  PID:6068
- C:\Windows\System\uWTSYpW.exe
  C:\Windows\System\uWTSYpW.exe
  2⤵
  PID:6088
- C:\Windows\System\ExLiYXW.exe
  C:\Windows\System\ExLiYXW.exe
  2⤵
  PID:6112
- C:\Windows\System\KjxOXkt.exe
  C:\Windows\System\KjxOXkt.exe
  2⤵
  PID:6132
- C:\Windows\System\jQDlwGH.exe
  C:\Windows\System\jQDlwGH.exe
  2⤵
  PID:4768
- C:\Windows\System\BbdVqzT.exe
  C:\Windows\System\BbdVqzT.exe
  2⤵
  PID:4884
- C:\Windows\System\MeoKqYa.exe
  C:\Windows\System\MeoKqYa.exe
  2⤵
  PID:1148
- C:\Windows\System\hwraxJT.exe
  C:\Windows\System\hwraxJT.exe
  2⤵
  PID:4304
- C:\Windows\System\KYzNoXG.exe
  C:\Windows\System\KYzNoXG.exe
  2⤵
  PID:5124
- C:\Windows\System\gjLpNfS.exe
  C:\Windows\System\gjLpNfS.exe
  2⤵
  PID:5224
- C:\Windows\System\GZqHQDI.exe
  C:\Windows\System\GZqHQDI.exe
  2⤵
  PID:5248
- C:\Windows\System\vEVDYWw.exe
  C:\Windows\System\vEVDYWw.exe
  2⤵
  PID:5288
- C:\Windows\System\IuryjkE.exe
  C:\Windows\System\IuryjkE.exe
  2⤵
  PID:5388
- C:\Windows\System\raPxkHY.exe
  C:\Windows\System\raPxkHY.exe
  2⤵
  PID:5408
- C:\Windows\System\MyxfOzr.exe
  C:\Windows\System\MyxfOzr.exe
  2⤵
  PID:5448
- C:\Windows\System\COhrNEK.exe
  C:\Windows\System\COhrNEK.exe
  2⤵
  PID:2300
- C:\Windows\System\HnkupoE.exe
  C:\Windows\System\HnkupoE.exe
  2⤵
  PID:5592
- C:\Windows\System\dKTOQvP.exe
  C:\Windows\System\dKTOQvP.exe
  2⤵
  PID:5632
- C:\Windows\System\eUiqLWY.exe
  C:\Windows\System\eUiqLWY.exe
  2⤵
  PID:5676
- C:\Windows\System\fYgEhnf.exe
  C:\Windows\System\fYgEhnf.exe
  2⤵
  PID:5732
- C:\Windows\System\SCBFidJ.exe
  C:\Windows\System\SCBFidJ.exe
  2⤵
  PID:5792
- C:\Windows\System\KWSAfRx.exe
  C:\Windows\System\KWSAfRx.exe
  2⤵
  PID:5848
- C:\Windows\System\OPbgrUu.exe
  C:\Windows\System\OPbgrUu.exe
  2⤵
  PID:5916
- C:\Windows\System\YlzdSmO.exe
  C:\Windows\System\YlzdSmO.exe
  2⤵
  PID:5968
- C:\Windows\System\PoLzYnn.exe
  C:\Windows\System\PoLzYnn.exe
  2⤵
  PID:6016
- C:\Windows\System\QMwCZJh.exe
  C:\Windows\System\QMwCZJh.exe
  2⤵
  PID:6036
- C:\Windows\System\Ehykqeu.exe
  C:\Windows\System\Ehykqeu.exe
  2⤵
  PID:6096
- C:\Windows\System\vuCySYF.exe
  C:\Windows\System\vuCySYF.exe
  2⤵
  PID:4708
- C:\Windows\System\gTijSAB.exe
  C:\Windows\System\gTijSAB.exe
  2⤵
  PID:2508
- C:\Windows\System\eicfckN.exe
  C:\Windows\System\eicfckN.exe
  2⤵
  PID:2136
- C:\Windows\System\aVNOANU.exe
  C:\Windows\System\aVNOANU.exe
  2⤵
  PID:5132
- C:\Windows\System\fhQHiix.exe
  C:\Windows\System\fhQHiix.exe
  2⤵
  PID:5232
- C:\Windows\System\OMqYjBU.exe
  C:\Windows\System\OMqYjBU.exe
  2⤵
  PID:5344
- C:\Windows\System\lQRotDr.exe
  C:\Windows\System\lQRotDr.exe
  2⤵
  PID:5352
- C:\Windows\System\RgUOWpP.exe
  C:\Windows\System\RgUOWpP.exe
  2⤵
  PID:5468
- C:\Windows\System\rNqWaxT.exe
  C:\Windows\System\rNqWaxT.exe
  2⤵
  PID:5568
- C:\Windows\System\tBMPgWz.exe
  C:\Windows\System\tBMPgWz.exe
  2⤵
  PID:5672
- C:\Windows\System\bWzSxgp.exe
  C:\Windows\System\bWzSxgp.exe
  2⤵
  PID:5768
- C:\Windows\System\jycPmph.exe
  C:\Windows\System\jycPmph.exe
  2⤵
  PID:5836
- C:\Windows\System\PfYfbxC.exe
  C:\Windows\System\PfYfbxC.exe
  2⤵
  PID:5932
- C:\Windows\System\wiPvqOp.exe
  C:\Windows\System\wiPvqOp.exe
  2⤵
  PID:6048
- C:\Windows\System\bYAjooA.exe
  C:\Windows\System\bYAjooA.exe
  2⤵
  PID:6092
- C:\Windows\System\cnvvplc.exe
  C:\Windows\System\cnvvplc.exe
  2⤵
  PID:4872
- C:\Windows\System\aeKWdMY.exe
  C:\Windows\System\aeKWdMY.exe
  2⤵
  PID:5100
- C:\Windows\System\uKFiRXr.exe
  C:\Windows\System\uKFiRXr.exe
  2⤵
  PID:5172
- C:\Windows\System\wgtsBHi.exe
  C:\Windows\System\wgtsBHi.exe
  2⤵
  PID:5404
- C:\Windows\System\UNewGZy.exe
  C:\Windows\System\UNewGZy.exe
  2⤵
  PID:1560
- C:\Windows\System\rhXvjqR.exe
  C:\Windows\System\rhXvjqR.exe
  2⤵
  PID:5616
- C:\Windows\System\xqYPnRY.exe
  C:\Windows\System\xqYPnRY.exe
  2⤵
  PID:6152
- C:\Windows\System\kEYghsQ.exe
  C:\Windows\System\kEYghsQ.exe
  2⤵
  PID:6172
- C:\Windows\System\IPTIquH.exe
  C:\Windows\System\IPTIquH.exe
  2⤵
  PID:6196
- C:\Windows\System\lFKwXaM.exe
  C:\Windows\System\lFKwXaM.exe
  2⤵
  PID:6240
- C:\Windows\System\dimQiuW.exe
  C:\Windows\System\dimQiuW.exe
  2⤵
  PID:6256
- C:\Windows\System\sKRuFRx.exe
  C:\Windows\System\sKRuFRx.exe
  2⤵
  PID:6276
- C:\Windows\System\JpGwLOo.exe
  C:\Windows\System\JpGwLOo.exe
  2⤵
  PID:6292
- C:\Windows\System\nEkJkzj.exe
  C:\Windows\System\nEkJkzj.exe
  2⤵
  PID:6316
- C:\Windows\System\PobsMXr.exe
  C:\Windows\System\PobsMXr.exe
  2⤵
  PID:6336
- C:\Windows\System\oMotonE.exe
  C:\Windows\System\oMotonE.exe
  2⤵
  PID:6352
- C:\Windows\System\bAfUrDH.exe
  C:\Windows\System\bAfUrDH.exe
  2⤵
  PID:6368
- C:\Windows\System\StEDqqf.exe
  C:\Windows\System\StEDqqf.exe
  2⤵
  PID:6384
- C:\Windows\System\xGuVGkX.exe
  C:\Windows\System\xGuVGkX.exe
  2⤵
  PID:6408
- C:\Windows\System\UxBIaYc.exe
  C:\Windows\System\UxBIaYc.exe
  2⤵
  PID:6428
- C:\Windows\System\cFFpBnE.exe
  C:\Windows\System\cFFpBnE.exe
  2⤵
  PID:6444
- C:\Windows\System\yHQJmmH.exe
  C:\Windows\System\yHQJmmH.exe
  2⤵
  PID:6464
- C:\Windows\System\IcXuQRL.exe
  C:\Windows\System\IcXuQRL.exe
  2⤵
  PID:6492
- C:\Windows\System\VHeuKIh.exe
  C:\Windows\System\VHeuKIh.exe
  2⤵
  PID:6508
- C:\Windows\System\nVlexjD.exe
  C:\Windows\System\nVlexjD.exe
  2⤵
  PID:6532
- C:\Windows\System\XBkeyZi.exe
  C:\Windows\System\XBkeyZi.exe
  2⤵
  PID:6548
- C:\Windows\System\ZIZMcIt.exe
  C:\Windows\System\ZIZMcIt.exe
  2⤵
  PID:6564
- C:\Windows\System\OsRHbol.exe
  C:\Windows\System\OsRHbol.exe
  2⤵
  PID:6584
- C:\Windows\System\LVYUVLN.exe
  C:\Windows\System\LVYUVLN.exe
  2⤵
  PID:6620
- C:\Windows\System\XlwsRXo.exe
  C:\Windows\System\XlwsRXo.exe
  2⤵
  PID:6636
- C:\Windows\System\sSYdxfM.exe
  C:\Windows\System\sSYdxfM.exe
  2⤵
  PID:6652
- C:\Windows\System\QrFtsPJ.exe
  C:\Windows\System\QrFtsPJ.exe
  2⤵
  PID:6672
- C:\Windows\System\DHHeNEl.exe
  C:\Windows\System\DHHeNEl.exe
  2⤵
  PID:6692
- C:\Windows\System\QVwImIf.exe
  C:\Windows\System\QVwImIf.exe
  2⤵
  PID:6712
- C:\Windows\System\sWUKPJi.exe
  C:\Windows\System\sWUKPJi.exe
  2⤵
  PID:6728
- C:\Windows\System\lqrlpJO.exe
  C:\Windows\System\lqrlpJO.exe
  2⤵
  PID:6744
- C:\Windows\System\mpEIsdK.exe
  C:\Windows\System\mpEIsdK.exe
  2⤵
  PID:6760
- C:\Windows\System\sBYrYiq.exe
  C:\Windows\System\sBYrYiq.exe
  2⤵
  PID:6776
- C:\Windows\System\wZbgERC.exe
  C:\Windows\System\wZbgERC.exe
  2⤵
  PID:6796
- C:\Windows\System\yiabjtN.exe
  C:\Windows\System\yiabjtN.exe
  2⤵
  PID:6820
- C:\Windows\System\DKLIXEb.exe
  C:\Windows\System\DKLIXEb.exe
  2⤵
  PID:6860
- C:\Windows\System\DvjyplT.exe
  C:\Windows\System\DvjyplT.exe
  2⤵
  PID:6876
- C:\Windows\System\XppFcEX.exe
  C:\Windows\System\XppFcEX.exe
  2⤵
  PID:6896
- C:\Windows\System\dolnwbY.exe
  C:\Windows\System\dolnwbY.exe
  2⤵
  PID:6912
- C:\Windows\System\vYdiPOc.exe
  C:\Windows\System\vYdiPOc.exe
  2⤵
  PID:6928
- C:\Windows\System\aUgmFiJ.exe
  C:\Windows\System\aUgmFiJ.exe
  2⤵
  PID:6948
- C:\Windows\System\xNXLoPG.exe
  C:\Windows\System\xNXLoPG.exe
  2⤵
  PID:6964
- C:\Windows\System\nUjvByQ.exe
  C:\Windows\System\nUjvByQ.exe
  2⤵
  PID:6984
- C:\Windows\System\tcRBCoT.exe
  C:\Windows\System\tcRBCoT.exe
  2⤵
  PID:7004
- C:\Windows\System\eKEhQzq.exe
  C:\Windows\System\eKEhQzq.exe
  2⤵
  PID:7020
- C:\Windows\System\XLpttuT.exe
  C:\Windows\System\XLpttuT.exe
  2⤵
  PID:7056
- C:\Windows\System\insRijq.exe
  C:\Windows\System\insRijq.exe
  2⤵
  PID:7076
- C:\Windows\System\ThQJmFy.exe
  C:\Windows\System\ThQJmFy.exe
  2⤵
  PID:7096
- C:\Windows\System\ZBxpsai.exe
  C:\Windows\System\ZBxpsai.exe
  2⤵
  PID:7112
- C:\Windows\System\tSkfmzA.exe
  C:\Windows\System\tSkfmzA.exe
  2⤵
  PID:7128
- C:\Windows\System\WhSvWXx.exe
  C:\Windows\System\WhSvWXx.exe
  2⤵
  PID:7152
- C:\Windows\System\YoWeEEF.exe
  C:\Windows\System\YoWeEEF.exe
  2⤵
  PID:5868
- C:\Windows\System\yTQhRzB.exe
  C:\Windows\System\yTQhRzB.exe
  2⤵
  PID:5936
- C:\Windows\System\DdXVZeW.exe
  C:\Windows\System\DdXVZeW.exe
  2⤵
  PID:6072
- C:\Windows\System\pKsNMgh.exe
  C:\Windows\System\pKsNMgh.exe
  2⤵
  PID:4464
- C:\Windows\System\XjOCSYe.exe
  C:\Windows\System\XjOCSYe.exe
  2⤵
  PID:5228
- C:\Windows\System\UFpYsJd.exe
  C:\Windows\System\UFpYsJd.exe
  2⤵
  PID:5332
- C:\Windows\System\NJPuSib.exe
  C:\Windows\System\NJPuSib.exe
  2⤵
  PID:5472
- C:\Windows\System\niazkqI.exe
  C:\Windows\System\niazkqI.exe
  2⤵
  PID:5692
- C:\Windows\System\PhqpZmw.exe
  C:\Windows\System\PhqpZmw.exe
  2⤵
  PID:6180
- C:\Windows\System\ZleVVBJ.exe
  C:\Windows\System\ZleVVBJ.exe
  2⤵
  PID:6208
- C:\Windows\System\gFcwAoU.exe
  C:\Windows\System\gFcwAoU.exe
  2⤵
  PID:4892
- C:\Windows\System\oRofZWF.exe
  C:\Windows\System\oRofZWF.exe
  2⤵
  PID:2268
- C:\Windows\System\xAwfrUt.exe
  C:\Windows\System\xAwfrUt.exe
  2⤵
  PID:2128
- C:\Windows\System\rjRhxFt.exe
  C:\Windows\System\rjRhxFt.exe
  2⤵
  PID:3020
- C:\Windows\System\DngJctY.exe
  C:\Windows\System\DngJctY.exe
  2⤵
  PID:1264
- C:\Windows\System\OIJqmmR.exe
  C:\Windows\System\OIJqmmR.exe
  2⤵
  PID:6324
- C:\Windows\System\ARNXjSH.exe
  C:\Windows\System\ARNXjSH.exe
  2⤵
  PID:1756
- C:\Windows\System\PksaPBR.exe
  C:\Windows\System\PksaPBR.exe
  2⤵
  PID:6376
- C:\Windows\System\myGQoOx.exe
  C:\Windows\System\myGQoOx.exe
  2⤵
  PID:6416
- C:\Windows\System\QCGKUiT.exe
  C:\Windows\System\QCGKUiT.exe
  2⤵
  PID:6460
- C:\Windows\System\QAtOcnI.exe
  C:\Windows\System\QAtOcnI.exe
  2⤵
  PID:1968
- C:\Windows\System\RAxFQaz.exe
  C:\Windows\System\RAxFQaz.exe
  2⤵
  PID:2864
- C:\Windows\System\ZCqjvvz.exe
  C:\Windows\System\ZCqjvvz.exe
  2⤵
  PID:6516
- C:\Windows\System\eJnGpCs.exe
  C:\Windows\System\eJnGpCs.exe
  2⤵
  PID:6476
- C:\Windows\System\CPgMGub.exe
  C:\Windows\System\CPgMGub.exe
  2⤵
  PID:6576
- C:\Windows\System\SrPParp.exe
  C:\Windows\System\SrPParp.exe
  2⤵
  PID:6556
- C:\Windows\System\ySjNzmV.exe
  C:\Windows\System\ySjNzmV.exe
  2⤵
  PID:6600
- C:\Windows\System\rvAJwVt.exe
  C:\Windows\System\rvAJwVt.exe
  2⤵
  PID:6608
- C:\Windows\System\vlIPbwy.exe
  C:\Windows\System\vlIPbwy.exe
  2⤵
  PID:3056
- C:\Windows\System\KWLhnJo.exe
  C:\Windows\System\KWLhnJo.exe
  2⤵
  PID:6628
- C:\Windows\System\jMqGRCg.exe
  C:\Windows\System\jMqGRCg.exe
  2⤵
  PID:6680
- C:\Windows\System\vDpGxXP.exe
  C:\Windows\System\vDpGxXP.exe
  2⤵
  PID:6700
- C:\Windows\System\evDWDbC.exe
  C:\Windows\System\evDWDbC.exe
  2⤵
  PID:6740
- C:\Windows\System\hTxQsgw.exe
  C:\Windows\System\hTxQsgw.exe
  2⤵
  PID:6788
- C:\Windows\System\fqkambq.exe
  C:\Windows\System\fqkambq.exe
  2⤵
  PID:6840
- C:\Windows\System\BKbDcLu.exe
  C:\Windows\System\BKbDcLu.exe
  2⤵
  PID:6804
- C:\Windows\System\TsOUipU.exe
  C:\Windows\System\TsOUipU.exe
  2⤵
  PID:6872
- C:\Windows\System\EIeEimY.exe
  C:\Windows\System\EIeEimY.exe
  2⤵
  PID:6944
- C:\Windows\System\EaDrdVH.exe
  C:\Windows\System\EaDrdVH.exe
  2⤵
  PID:6888
- C:\Windows\System\YfHNwIO.exe
  C:\Windows\System\YfHNwIO.exe
  2⤵
  PID:6924
- C:\Windows\System\YoAKcOY.exe
  C:\Windows\System\YoAKcOY.exe
  2⤵
  PID:7048
- C:\Windows\System\TKNjUch.exe
  C:\Windows\System\TKNjUch.exe
  2⤵
  PID:7016
- C:\Windows\System\WAlqVvO.exe
  C:\Windows\System\WAlqVvO.exe
  2⤵
  PID:7084
- C:\Windows\System\oDgaNpl.exe
  C:\Windows\System\oDgaNpl.exe
  2⤵
  PID:7144
- C:\Windows\System\atmqRVp.exe
  C:\Windows\System\atmqRVp.exe
  2⤵
  PID:7160
- C:\Windows\System\ufUGdhJ.exe
  C:\Windows\System\ufUGdhJ.exe
  2⤵
  PID:6008
- C:\Windows\System\XXALCQn.exe
  C:\Windows\System\XXALCQn.exe
  2⤵
  PID:2672
- C:\Windows\System\KpNjnTx.exe
  C:\Windows\System\KpNjnTx.exe
  2⤵
  PID:2472
- C:\Windows\System\qJozdOA.exe
  C:\Windows\System\qJozdOA.exe
  2⤵
  PID:5608
- C:\Windows\System\gmBWwSQ.exe
  C:\Windows\System\gmBWwSQ.exe
  2⤵
  PID:6168
- C:\Windows\System\ADpQyyD.exe
  C:\Windows\System\ADpQyyD.exe
  2⤵
  PID:2904
- C:\Windows\System\ZyfUlfg.exe
  C:\Windows\System\ZyfUlfg.exe
  2⤵
  PID:924
- C:\Windows\System\eRplaab.exe
  C:\Windows\System\eRplaab.exe
  2⤵
  PID:1328
- C:\Windows\System\oBYRxfS.exe
  C:\Windows\System\oBYRxfS.exe
  2⤵
  PID:6284
- C:\Windows\System\GQopTQm.exe
  C:\Windows\System\GQopTQm.exe
  2⤵
  PID:1420
- C:\Windows\System\hzGLbrZ.exe
  C:\Windows\System\hzGLbrZ.exe
  2⤵
  PID:888
- C:\Windows\System\KpRDLvv.exe
  C:\Windows\System\KpRDLvv.exe
  2⤵
  PID:2700
- C:\Windows\System\qbFtSku.exe
  C:\Windows\System\qbFtSku.exe
  2⤵
  PID:6452
- C:\Windows\System\dCMTpEY.exe
  C:\Windows\System\dCMTpEY.exe
  2⤵
  PID:1476
- C:\Windows\System\DduUPJI.exe
  C:\Windows\System\DduUPJI.exe
  2⤵
  PID:6472
- C:\Windows\System\paCeEDY.exe
  C:\Windows\System\paCeEDY.exe
  2⤵
  PID:6544
- C:\Windows\System\SDqWnWN.exe
  C:\Windows\System\SDqWnWN.exe
  2⤵
  PID:6596
- C:\Windows\System\VEtUUXY.exe
  C:\Windows\System\VEtUUXY.exe
  2⤵
  PID:956
- C:\Windows\System\NEbJkOp.exe
  C:\Windows\System\NEbJkOp.exe
  2⤵
  PID:2404
- C:\Windows\System\mcdtuiF.exe
  C:\Windows\System\mcdtuiF.exe
  2⤵
  PID:6648
- C:\Windows\System\HFkuWvX.exe
  C:\Windows\System\HFkuWvX.exe
  2⤵
  PID:6192
- C:\Windows\System\oMJErrc.exe
  C:\Windows\System\oMJErrc.exe
  2⤵
  PID:6908
- C:\Windows\System\Eyfdfjl.exe
  C:\Windows\System\Eyfdfjl.exe
  2⤵
  PID:6708
- C:\Windows\System\fhBKVNS.exe
  C:\Windows\System\fhBKVNS.exe
  2⤵
  PID:6884
- C:\Windows\System\tCflNmK.exe
  C:\Windows\System\tCflNmK.exe
  2⤵
  PID:7044
- C:\Windows\System\zItaSya.exe
  C:\Windows\System\zItaSya.exe
  2⤵
  PID:7012
- C:\Windows\System\SmAHphW.exe
  C:\Windows\System\SmAHphW.exe
  2⤵
  PID:7088
- C:\Windows\System\tlpCbsC.exe
  C:\Windows\System\tlpCbsC.exe
  2⤵
  PID:5532
- C:\Windows\System\AYUJclF.exe
  C:\Windows\System\AYUJclF.exe
  2⤵
  PID:1500
- C:\Windows\System\UvLNgKb.exe
  C:\Windows\System\UvLNgKb.exe
  2⤵
  PID:5748
- C:\Windows\System\pGUTVkz.exe
  C:\Windows\System\pGUTVkz.exe
  2⤵
  PID:1224
- C:\Windows\System\DMZlsis.exe
  C:\Windows\System\DMZlsis.exe
  2⤵
  PID:1928
- C:\Windows\System\CgueBED.exe
  C:\Windows\System\CgueBED.exe
  2⤵
  PID:6288
- C:\Windows\System\bTbBYkY.exe
  C:\Windows\System\bTbBYkY.exe
  2⤵
  PID:2408
- C:\Windows\System\zuWMcVs.exe
  C:\Windows\System\zuWMcVs.exe
  2⤵
  PID:6504
- C:\Windows\System\IqGBprd.exe
  C:\Windows\System\IqGBprd.exe
  2⤵
  PID:6524
- C:\Windows\System\WQpphnW.exe
  C:\Windows\System\WQpphnW.exe
  2⤵
  PID:6688
- C:\Windows\System\RJObDoq.exe
  C:\Windows\System\RJObDoq.exe
  2⤵
  PID:6520
- C:\Windows\System\ACUweBk.exe
  C:\Windows\System\ACUweBk.exe
  2⤵
  PID:6668
- C:\Windows\System\HgOulzt.exe
  C:\Windows\System\HgOulzt.exe
  2⤵
  PID:6868
- C:\Windows\System\GOicNha.exe
  C:\Windows\System\GOicNha.exe
  2⤵
  PID:6996
- C:\Windows\System\PJDsymS.exe
  C:\Windows\System\PJDsymS.exe
  2⤵
  PID:6772
- C:\Windows\System\IFGzTti.exe
  C:\Windows\System\IFGzTti.exe
  2⤵
  PID:6992
- C:\Windows\System\EcCOxJO.exe
  C:\Windows\System\EcCOxJO.exe
  2⤵
  PID:7148
- C:\Windows\System\DfwgtYs.exe
  C:\Windows\System\DfwgtYs.exe
  2⤵
  PID:6252
- C:\Windows\System\GpoIudE.exe
  C:\Windows\System\GpoIudE.exe
  2⤵
  PID:5788
- C:\Windows\System\zZZrAoX.exe
  C:\Windows\System\zZZrAoX.exe
  2⤵
  PID:6148
- C:\Windows\System\EiJDgTo.exe
  C:\Windows\System\EiJDgTo.exe
  2⤵
  PID:1164
- C:\Windows\System\FjqEBCq.exe
  C:\Windows\System\FjqEBCq.exe
  2⤵
  PID:6424
- C:\Windows\System\IpswMOu.exe
  C:\Windows\System\IpswMOu.exe
  2⤵
  PID:2872
- C:\Windows\System\YqIWCDK.exe
  C:\Windows\System\YqIWCDK.exe
  2⤵
  PID:6528
- C:\Windows\System\MXKFOAD.exe
  C:\Windows\System\MXKFOAD.exe
  2⤵
  PID:7028
- C:\Windows\System\xuRjGyO.exe
  C:\Windows\System\xuRjGyO.exe
  2⤵
  PID:6816
- C:\Windows\System\cGXUwqh.exe
  C:\Windows\System\cGXUwqh.exe
  2⤵
  PID:6344
- C:\Windows\System\oZHcEdI.exe
  C:\Windows\System\oZHcEdI.exe
  2⤵
  PID:6488
- C:\Windows\System\nUqZPVG.exe
  C:\Windows\System\nUqZPVG.exe
  2⤵
  PID:2424
- C:\Windows\System\zSkRYte.exe
  C:\Windows\System\zSkRYte.exe
  2⤵
  PID:6440
- C:\Windows\System\dtceRxh.exe
  C:\Windows\System\dtceRxh.exe
  2⤵
  PID:6752
- C:\Windows\System\WwtMpmJ.exe
  C:\Windows\System\WwtMpmJ.exe
  2⤵
  PID:6856
- C:\Windows\System\rgRdwoB.exe
  C:\Windows\System\rgRdwoB.exe
  2⤵
  PID:7072
- C:\Windows\System\jfoIFPY.exe
  C:\Windows\System\jfoIFPY.exe
  2⤵
  PID:7204
- C:\Windows\System\ABKtMBA.exe
  C:\Windows\System\ABKtMBA.exe
  2⤵
  PID:7224
- C:\Windows\System\EoINtIr.exe
  C:\Windows\System\EoINtIr.exe
  2⤵
  PID:7248
- C:\Windows\System\LxVbklg.exe
  C:\Windows\System\LxVbklg.exe
  2⤵
  PID:7264
- C:\Windows\System\yffJDta.exe
  C:\Windows\System\yffJDta.exe
  2⤵
  PID:7280
- C:\Windows\System\vbHEsDh.exe
  C:\Windows\System\vbHEsDh.exe
  2⤵
  PID:7300
- C:\Windows\System\sOMCDHC.exe
  C:\Windows\System\sOMCDHC.exe
  2⤵
  PID:7316
- C:\Windows\System\ZAOFPhi.exe
  C:\Windows\System\ZAOFPhi.exe
  2⤵
  PID:7336
- C:\Windows\System\WqtAamt.exe
  C:\Windows\System\WqtAamt.exe
  2⤵
  PID:7356
- C:\Windows\System\HvVfCql.exe
  C:\Windows\System\HvVfCql.exe
  2⤵
  PID:7376
- C:\Windows\System\OwrjgFk.exe
  C:\Windows\System\OwrjgFk.exe
  2⤵
  PID:7392
- C:\Windows\System\LsfNdeS.exe
  C:\Windows\System\LsfNdeS.exe
  2⤵
  PID:7412
- C:\Windows\System\ckBFjMK.exe
  C:\Windows\System\ckBFjMK.exe
  2⤵
  PID:7428
- C:\Windows\System\PykYRMB.exe
  C:\Windows\System\PykYRMB.exe
  2⤵
  PID:7444
- C:\Windows\System\TkBQaUI.exe
  C:\Windows\System\TkBQaUI.exe
  2⤵
  PID:7460
- C:\Windows\System\RaEDxHB.exe
  C:\Windows\System\RaEDxHB.exe
  2⤵
  PID:7476
- C:\Windows\System\XZTgCHT.exe
  C:\Windows\System\XZTgCHT.exe
  2⤵
  PID:7492
- C:\Windows\System\bQbYCMS.exe
  C:\Windows\System\bQbYCMS.exe
  2⤵
  PID:7508
- C:\Windows\System\OLylzCR.exe
  C:\Windows\System\OLylzCR.exe
  2⤵
  PID:7524
- C:\Windows\System\InGlgkW.exe
  C:\Windows\System\InGlgkW.exe
  2⤵
  PID:7588
- C:\Windows\System\aHgffqq.exe
  C:\Windows\System\aHgffqq.exe
  2⤵
  PID:7604
- C:\Windows\System\aobWVGo.exe
  C:\Windows\System\aobWVGo.exe
  2⤵
  PID:7620
- C:\Windows\System\PqsubXs.exe
  C:\Windows\System\PqsubXs.exe
  2⤵
  PID:7640
- C:\Windows\System\wmfEqGU.exe
  C:\Windows\System\wmfEqGU.exe
  2⤵
  PID:7660
- C:\Windows\System\aMfsjPR.exe
  C:\Windows\System\aMfsjPR.exe
  2⤵
  PID:7676
- C:\Windows\System\JiklqNM.exe
  C:\Windows\System\JiklqNM.exe
  2⤵
  PID:7692
- C:\Windows\System\lzdjYYY.exe
  C:\Windows\System\lzdjYYY.exe
  2⤵
  PID:7708
- C:\Windows\System\IXOgXtP.exe
  C:\Windows\System\IXOgXtP.exe
  2⤵
  PID:7724
- C:\Windows\System\odNlYfZ.exe
  C:\Windows\System\odNlYfZ.exe
  2⤵
  PID:7744
- C:\Windows\System\Plpgtgl.exe
  C:\Windows\System\Plpgtgl.exe
  2⤵
  PID:7788
- C:\Windows\System\wJiuStn.exe
  C:\Windows\System\wJiuStn.exe
  2⤵
  PID:7808
- C:\Windows\System\yZACdzO.exe
  C:\Windows\System\yZACdzO.exe
  2⤵
  PID:7824
- C:\Windows\System\Nsoirfi.exe
  C:\Windows\System\Nsoirfi.exe
  2⤵
  PID:7852
- C:\Windows\System\ffuORwo.exe
  C:\Windows\System\ffuORwo.exe
  2⤵
  PID:7868
- C:\Windows\System\MnHcQUB.exe
  C:\Windows\System\MnHcQUB.exe
  2⤵
  PID:7884
- C:\Windows\System\ihjwnOT.exe
  C:\Windows\System\ihjwnOT.exe
  2⤵
  PID:7900
- C:\Windows\System\AjvPZEf.exe
  C:\Windows\System\AjvPZEf.exe
  2⤵
  PID:7916
- C:\Windows\System\LVbzztA.exe
  C:\Windows\System\LVbzztA.exe
  2⤵
  PID:7932
- C:\Windows\System\gabNcIR.exe
  C:\Windows\System\gabNcIR.exe
  2⤵
  PID:7968
- C:\Windows\System\WaEnUJs.exe
  C:\Windows\System\WaEnUJs.exe
  2⤵
  PID:7988
- C:\Windows\System\KAcFjoD.exe
  C:\Windows\System\KAcFjoD.exe
  2⤵
  PID:8008
- C:\Windows\System\YGKmPBF.exe
  C:\Windows\System\YGKmPBF.exe
  2⤵
  PID:8028
- C:\Windows\System\mPtUXvi.exe
  C:\Windows\System\mPtUXvi.exe
  2⤵
  PID:8044
- C:\Windows\System\UEBnZya.exe
  C:\Windows\System\UEBnZya.exe
  2⤵
  PID:8060
- C:\Windows\System\KDCHnUG.exe
  C:\Windows\System\KDCHnUG.exe
  2⤵
  PID:8080
- C:\Windows\System\nQdWAkK.exe
  C:\Windows\System\nQdWAkK.exe
  2⤵
  PID:8096
- C:\Windows\System\FgNXiNC.exe
  C:\Windows\System\FgNXiNC.exe
  2⤵
  PID:8112
- C:\Windows\System\FcLpCVz.exe
  C:\Windows\System\FcLpCVz.exe
  2⤵
  PID:8132
- C:\Windows\System\sPMEjyD.exe
  C:\Windows\System\sPMEjyD.exe
  2⤵
  PID:8168
- C:\Windows\System\NmNHOsu.exe
  C:\Windows\System\NmNHOsu.exe
  2⤵
  PID:8184
- C:\Windows\System\AQITgOA.exe
  C:\Windows\System\AQITgOA.exe
  2⤵
  PID:2420
- C:\Windows\System\xowxIZi.exe
  C:\Windows\System\xowxIZi.exe
  2⤵
  PID:2696
- C:\Windows\System\qXCfsTi.exe
  C:\Windows\System\qXCfsTi.exe
  2⤵
  PID:7188
- C:\Windows\System\WTkHzwI.exe
  C:\Windows\System\WTkHzwI.exe
  2⤵
  PID:6836
- C:\Windows\System\owclDIn.exe
  C:\Windows\System\owclDIn.exe
  2⤵
  PID:7172
- C:\Windows\System\dbckaSX.exe
  C:\Windows\System\dbckaSX.exe
  2⤵
  PID:7232
- C:\Windows\System\ydmkamk.exe
  C:\Windows\System\ydmkamk.exe
  2⤵
  PID:7256
- C:\Windows\System\jVWOYOZ.exe
  C:\Windows\System\jVWOYOZ.exe
  2⤵
  PID:7348
- C:\Windows\System\RMpLPOS.exe
  C:\Windows\System\RMpLPOS.exe
  2⤵
  PID:7420
- C:\Windows\System\BRBgLdR.exe
  C:\Windows\System\BRBgLdR.exe
  2⤵
  PID:7408
- C:\Windows\System\CbGdAta.exe
  C:\Windows\System\CbGdAta.exe
  2⤵
  PID:7436
- C:\Windows\System\LSrizVA.exe
  C:\Windows\System\LSrizVA.exe
  2⤵
  PID:7468
- C:\Windows\System\wpjXEYT.exe
  C:\Windows\System\wpjXEYT.exe
  2⤵
  PID:7484
- C:\Windows\System\SjiHBId.exe
  C:\Windows\System\SjiHBId.exe
  2⤵
  PID:7520
- C:\Windows\System\oRBXRJv.exe
  C:\Windows\System\oRBXRJv.exe
  2⤵
  PID:7540
- C:\Windows\System\NBXUAPA.exe
  C:\Windows\System\NBXUAPA.exe
  2⤵
  PID:7564
- C:\Windows\System\VGuFQWa.exe
  C:\Windows\System\VGuFQWa.exe
  2⤵
  PID:7584
- C:\Windows\System\NiHlTWP.exe
  C:\Windows\System\NiHlTWP.exe
  2⤵
  PID:7612
- C:\Windows\System\aNPUSBx.exe
  C:\Windows\System\aNPUSBx.exe
  2⤵
  PID:7704
- C:\Windows\System\guxnEDT.exe
  C:\Windows\System\guxnEDT.exe
  2⤵
  PID:7616
- C:\Windows\System\KmgiJCy.exe
  C:\Windows\System\KmgiJCy.exe
  2⤵
  PID:7752
- C:\Windows\System\HtruTVj.exe
  C:\Windows\System\HtruTVj.exe
  2⤵
  PID:7768
- C:\Windows\System\RqXIPgC.exe
  C:\Windows\System\RqXIPgC.exe
  2⤵
  PID:7800
- C:\Windows\System\SWxuTOl.exe
  C:\Windows\System\SWxuTOl.exe
  2⤵
  PID:7820
- C:\Windows\System\oHcPHDo.exe
  C:\Windows\System\oHcPHDo.exe
  2⤵
  PID:7860
- C:\Windows\System\MuTMubB.exe
  C:\Windows\System\MuTMubB.exe
  2⤵
  PID:7928
- C:\Windows\System\AyOEJOH.exe
  C:\Windows\System\AyOEJOH.exe
  2⤵
  PID:7940
- C:\Windows\System\xuaxSbJ.exe
  C:\Windows\System\xuaxSbJ.exe
  2⤵
  PID:7952
- C:\Windows\System\fYMsNKE.exe
  C:\Windows\System\fYMsNKE.exe
  2⤵
  PID:8020
- C:\Windows\System\nFrcJbR.exe
  C:\Windows\System\nFrcJbR.exe
  2⤵
  PID:8068
- C:\Windows\System\WnLYCpU.exe
  C:\Windows\System\WnLYCpU.exe
  2⤵
  PID:8056
- C:\Windows\System\YRelAnn.exe
  C:\Windows\System\YRelAnn.exe
  2⤵
  PID:8176
- C:\Windows\System\VOAATpP.exe
  C:\Windows\System\VOAATpP.exe
  2⤵
  PID:8104
- C:\Windows\System\oJsFADB.exe
  C:\Windows\System\oJsFADB.exe
  2⤵
  PID:8152
- C:\Windows\System\yPhUxsK.exe
  C:\Windows\System\yPhUxsK.exe
  2⤵
  PID:7176
- C:\Windows\System\cLobRcw.exe
  C:\Windows\System\cLobRcw.exe
  2⤵
  PID:6312
- C:\Windows\System\dfWvPUc.exe
  C:\Windows\System\dfWvPUc.exe
  2⤵
  PID:7196
- C:\Windows\System\weSHDCM.exe
  C:\Windows\System\weSHDCM.exe
  2⤵
  PID:7244
- C:\Windows\System\NUvEDAf.exe
  C:\Windows\System\NUvEDAf.exe
  2⤵
  PID:7272
- C:\Windows\System\cbrbeLK.exe
  C:\Windows\System\cbrbeLK.exe
  2⤵
  PID:7292
- C:\Windows\System\CYYHJAs.exe
  C:\Windows\System\CYYHJAs.exe
  2⤵
  PID:7332
- C:\Windows\System\TWegNQg.exe
  C:\Windows\System\TWegNQg.exe
  2⤵
  PID:7456
- C:\Windows\System\SHuVMWK.exe
  C:\Windows\System\SHuVMWK.exe
  2⤵
  PID:7372
- C:\Windows\System\LNjEvYf.exe
  C:\Windows\System\LNjEvYf.exe
  2⤵
  PID:7556
- C:\Windows\System\NbgVChl.exe
  C:\Windows\System\NbgVChl.exe
  2⤵
  PID:7632
- C:\Windows\System\mmHvpqV.exe
  C:\Windows\System\mmHvpqV.exe
  2⤵
  PID:7580
- C:\Windows\System\ywSisoT.exe
  C:\Windows\System\ywSisoT.exe
  2⤵
  PID:7700
- C:\Windows\System\avujIHg.exe
  C:\Windows\System\avujIHg.exe
  2⤵
  PID:7688
- C:\Windows\System\cuAXTTw.exe
  C:\Windows\System\cuAXTTw.exe
  2⤵
  PID:7720
- C:\Windows\System\ymoJdxD.exe
  C:\Windows\System\ymoJdxD.exe
  2⤵
  PID:7796
- C:\Windows\System\NNFQbgV.exe
  C:\Windows\System\NNFQbgV.exe
  2⤵
  PID:7880
- C:\Windows\System\tndPRdY.exe
  C:\Windows\System\tndPRdY.exe
  2⤵
  PID:7944
- C:\Windows\System\jCJzgdo.exe
  C:\Windows\System\jCJzgdo.exe
  2⤵
  PID:7892
- C:\Windows\System\zMRsQHm.exe
  C:\Windows\System\zMRsQHm.exe
  2⤵
  PID:7984
- C:\Windows\System\YpJgjMI.exe
  C:\Windows\System\YpJgjMI.exe
  2⤵
  PID:8000
- C:\Windows\System\TWSYFwa.exe
  C:\Windows\System\TWSYFwa.exe
  2⤵
  PID:8076
- C:\Windows\System\ExIhoUE.exe
  C:\Windows\System\ExIhoUE.exe
  2⤵
  PID:8128
- C:\Windows\System\OaiKADP.exe
  C:\Windows\System\OaiKADP.exe
  2⤵
  PID:6360
- C:\Windows\System\xyzWOZd.exe
  C:\Windows\System\xyzWOZd.exe
  2⤵
  PID:8164
- C:\Windows\System\gUSywEu.exe
  C:\Windows\System\gUSywEu.exe
  2⤵
  PID:7068
- C:\Windows\System\ZhxSrVg.exe
  C:\Windows\System\ZhxSrVg.exe
  2⤵
  PID:7220
- C:\Windows\System\BGMzcxu.exe
  C:\Windows\System\BGMzcxu.exe
  2⤵
  PID:7552
- C:\Windows\System\fnWgQgy.exe
  C:\Windows\System\fnWgQgy.exe
  2⤵
  PID:7628
- C:\Windows\System\LZeNqRy.exe
  C:\Windows\System\LZeNqRy.exe
  2⤵
  PID:5896
- C:\Windows\System\uHtNXXW.exe
  C:\Windows\System\uHtNXXW.exe
  2⤵
  PID:6264
- C:\Windows\System\UPREvih.exe
  C:\Windows\System\UPREvih.exe
  2⤵
  PID:7344
- C:\Windows\System\LumqLFZ.exe
  C:\Windows\System\LumqLFZ.exe
  2⤵
  PID:7600
- C:\Windows\System\cBKgBBy.exe
  C:\Windows\System\cBKgBBy.exe
  2⤵
  PID:7716
- C:\Windows\System\jkbEypD.exe
  C:\Windows\System\jkbEypD.exe
  2⤵
  PID:7832
- C:\Windows\System\VRjOIVg.exe
  C:\Windows\System\VRjOIVg.exe
  2⤵
  PID:7764
- C:\Windows\System\TZqLtlS.exe
  C:\Windows\System\TZqLtlS.exe
  2⤵
  PID:8160
- C:\Windows\System\GrpfQnY.exe
  C:\Windows\System\GrpfQnY.exe
  2⤵
  PID:7964
- C:\Windows\System\HUVXJFY.exe
  C:\Windows\System\HUVXJFY.exe
  2⤵
  PID:8140
- C:\Windows\System\IqWYJqQ.exe
  C:\Windows\System\IqWYJqQ.exe
  2⤵
  PID:7672
- C:\Windows\System\kanhIpE.exe
  C:\Windows\System\kanhIpE.exe
  2⤵
  PID:7596
- C:\Windows\System\WPVNhXP.exe
  C:\Windows\System\WPVNhXP.exe
  2⤵
  PID:8156
- C:\Windows\System\FABKTeO.exe
  C:\Windows\System\FABKTeO.exe
  2⤵
  PID:7388
- C:\Windows\System\QscFUbO.exe
  C:\Windows\System\QscFUbO.exe
  2⤵
  PID:8208
- C:\Windows\System\yQErIZC.exe
  C:\Windows\System\yQErIZC.exe
  2⤵
  PID:8224
- C:\Windows\System\VYBLhjL.exe
  C:\Windows\System\VYBLhjL.exe
  2⤵
  PID:8240
- C:\Windows\System\EZBrxWd.exe
  C:\Windows\System\EZBrxWd.exe
  2⤵
  PID:8256
- C:\Windows\System\woKYFzW.exe
  C:\Windows\System\woKYFzW.exe
  2⤵
  PID:8272
- C:\Windows\System\BWSibWe.exe
  C:\Windows\System\BWSibWe.exe
  2⤵
  PID:8288
- C:\Windows\System\iTcbgHB.exe
  C:\Windows\System\iTcbgHB.exe
  2⤵
  PID:8304
- C:\Windows\System\flXgMHg.exe
  C:\Windows\System\flXgMHg.exe
  2⤵
  PID:8320
- C:\Windows\System\AoBwvmO.exe
  C:\Windows\System\AoBwvmO.exe
  2⤵
  PID:8336
- C:\Windows\System\ZkzhfAz.exe
  C:\Windows\System\ZkzhfAz.exe
  2⤵
  PID:8352
- C:\Windows\System\fPZgdbg.exe
  C:\Windows\System\fPZgdbg.exe
  2⤵
  PID:8404
- C:\Windows\System\TLEtVqg.exe
  C:\Windows\System\TLEtVqg.exe
  2⤵
  PID:8420
- C:\Windows\System\SyNoLcc.exe
  C:\Windows\System\SyNoLcc.exe
  2⤵
  PID:8440
- C:\Windows\System\Pbbuxtf.exe
  C:\Windows\System\Pbbuxtf.exe
  2⤵
  PID:8456
- C:\Windows\System\YKCwKJZ.exe
  C:\Windows\System\YKCwKJZ.exe
  2⤵
  PID:8472
- C:\Windows\System\bbXrOBw.exe
  C:\Windows\System\bbXrOBw.exe
  2⤵
  PID:8488
- C:\Windows\System\dbvgVoP.exe
  C:\Windows\System\dbvgVoP.exe
  2⤵
  PID:8504
- C:\Windows\System\NmyFhqh.exe
  C:\Windows\System\NmyFhqh.exe
  2⤵
  PID:8520
- C:\Windows\System\EcFRYEO.exe
  C:\Windows\System\EcFRYEO.exe
  2⤵
  PID:8536
- C:\Windows\System\uOosdrl.exe
  C:\Windows\System\uOosdrl.exe
  2⤵
  PID:8552
- C:\Windows\System\REVzXVb.exe
  C:\Windows\System\REVzXVb.exe
  2⤵
  PID:8568
- C:\Windows\System\khHoryI.exe
  C:\Windows\System\khHoryI.exe
  2⤵
  PID:8584
- C:\Windows\System\rMTkhIg.exe
  C:\Windows\System\rMTkhIg.exe
  2⤵
  PID:8600
- C:\Windows\System\CWPEYpH.exe
  C:\Windows\System\CWPEYpH.exe
  2⤵
  PID:8616
- C:\Windows\System\QyVFBqr.exe
  C:\Windows\System\QyVFBqr.exe
  2⤵
  PID:8640
- C:\Windows\System\dUGBqVR.exe
  C:\Windows\System\dUGBqVR.exe
  2⤵
  PID:8656
- C:\Windows\System\uKqkHWK.exe
  C:\Windows\System\uKqkHWK.exe
  2⤵
  PID:8672
- C:\Windows\System\ZCNAMaE.exe
  C:\Windows\System\ZCNAMaE.exe
  2⤵
  PID:8688
- C:\Windows\System\yWQNxxl.exe
  C:\Windows\System\yWQNxxl.exe
  2⤵
  PID:8972
- C:\Windows\System\kkMMpot.exe
  C:\Windows\System\kkMMpot.exe
  2⤵
  PID:9004
- C:\Windows\System\FjQBkDS.exe
  C:\Windows\System\FjQBkDS.exe
  2⤵
  PID:9024
- C:\Windows\System\evqPKeC.exe
  C:\Windows\System\evqPKeC.exe
  2⤵
  PID:9040
- C:\Windows\System\qjzGiyl.exe
  C:\Windows\System\qjzGiyl.exe
  2⤵
  PID:9060
- C:\Windows\System\Jhyrpfg.exe
  C:\Windows\System\Jhyrpfg.exe
  2⤵
  PID:9076
- C:\Windows\System\PUpzDzV.exe
  C:\Windows\System\PUpzDzV.exe
  2⤵
  PID:9092
- C:\Windows\System\NEzoApz.exe
  C:\Windows\System\NEzoApz.exe
  2⤵
  PID:9108
- C:\Windows\System\kMHjzbq.exe
  C:\Windows\System\kMHjzbq.exe
  2⤵
  PID:9132
- C:\Windows\System\BSDMWxd.exe
  C:\Windows\System\BSDMWxd.exe
  2⤵
  PID:9148
- C:\Windows\System\DmWAaQw.exe
  C:\Windows\System\DmWAaQw.exe
  2⤵
  PID:9164
- C:\Windows\System\mUPzuld.exe
  C:\Windows\System\mUPzuld.exe
  2⤵
  PID:9180
- C:\Windows\System\QZvdlOO.exe
  C:\Windows\System\QZvdlOO.exe
  2⤵
  PID:9196
- C:\Windows\System\zigTDyh.exe
  C:\Windows\System\zigTDyh.exe
  2⤵
  PID:9212
- C:\Windows\System\MdmyDvG.exe
  C:\Windows\System\MdmyDvG.exe
  2⤵
  PID:8220
- C:\Windows\System\EndjLne.exe
  C:\Windows\System\EndjLne.exe
  2⤵
  PID:8280
- C:\Windows\System\FPZvjHY.exe
  C:\Windows\System\FPZvjHY.exe
  2⤵
  PID:7572
- C:\Windows\System\AxcpGil.exe
  C:\Windows\System\AxcpGil.exe
  2⤵
  PID:7288
- C:\Windows\System\CRVYEXa.exe
  C:\Windows\System\CRVYEXa.exe
  2⤵
  PID:7980
- C:\Windows\System\cJAegSc.exe
  C:\Windows\System\cJAegSc.exe
  2⤵
  PID:8200
- C:\Windows\System\onOFDWD.exe
  C:\Windows\System\onOFDWD.exe
  2⤵
  PID:8400
- C:\Windows\System\jpBvVIl.exe
  C:\Windows\System\jpBvVIl.exe
  2⤵
  PID:8480
- C:\Windows\System\dYsYceM.exe
  C:\Windows\System\dYsYceM.exe
  2⤵
  PID:8544
- C:\Windows\System\dfFMViM.exe
  C:\Windows\System\dfFMViM.exe
  2⤵
  PID:8432
- C:\Windows\System\MCUkCpf.exe
  C:\Windows\System\MCUkCpf.exe
  2⤵
  PID:8576
- C:\Windows\System\QPhkhvi.exe
  C:\Windows\System\QPhkhvi.exe
  2⤵
  PID:8560
- C:\Windows\System\EkajioI.exe
  C:\Windows\System\EkajioI.exe
  2⤵
  PID:8648
- C:\Windows\System\ZSnXGrE.exe
  C:\Windows\System\ZSnXGrE.exe
  2⤵
  PID:8684
- C:\Windows\System\lZiYCEA.exe
  C:\Windows\System\lZiYCEA.exe
  2⤵
  PID:8664
- C:\Windows\System\iyAbAvw.exe
  C:\Windows\System\iyAbAvw.exe
  2⤵
  PID:8720
- C:\Windows\System\ofUcaMt.exe
  C:\Windows\System\ofUcaMt.exe
  2⤵
  PID:8752
- C:\Windows\System\ukElibG.exe
  C:\Windows\System\ukElibG.exe
  2⤵
  PID:8772
- C:\Windows\System\VAkrnzb.exe
  C:\Windows\System\VAkrnzb.exe
  2⤵
  PID:8804
- C:\Windows\System\iYSQJOc.exe
  C:\Windows\System\iYSQJOc.exe
  2⤵
  PID:8820
- C:\Windows\System\jtkpBrm.exe
  C:\Windows\System\jtkpBrm.exe
  2⤵
  PID:8840
- C:\Windows\System\VKDwMWI.exe
  C:\Windows\System\VKDwMWI.exe
  2⤵
  PID:8860
- C:\Windows\System\RzNXTry.exe
  C:\Windows\System\RzNXTry.exe
  2⤵
  PID:8876
- C:\Windows\System\asJxmYV.exe
  C:\Windows\System\asJxmYV.exe
  2⤵
  PID:8908
- C:\Windows\System\UpCVvrX.exe
  C:\Windows\System\UpCVvrX.exe
  2⤵
  PID:8924
- C:\Windows\System\XczWeRX.exe
  C:\Windows\System\XczWeRX.exe
  2⤵
  PID:8936
- C:\Windows\System\EmMpvKO.exe
  C:\Windows\System\EmMpvKO.exe
  2⤵
  PID:8952
- C:\Windows\System\vGyRwzN.exe
  C:\Windows\System\vGyRwzN.exe
  2⤵
  PID:8984
- C:\Windows\System\tEitDVz.exe
  C:\Windows\System\tEitDVz.exe
  2⤵
  PID:9012
- C:\Windows\System\vqjjkAl.exe
  C:\Windows\System\vqjjkAl.exe
  2⤵
  PID:9032
- C:\Windows\System\gyfFxbb.exe
  C:\Windows\System\gyfFxbb.exe
  2⤵
  PID:9068
- C:\Windows\System\GBVUDId.exe
  C:\Windows\System\GBVUDId.exe
  2⤵
  PID:9204
- C:\Windows\System\wURqMIk.exe
  C:\Windows\System\wURqMIk.exe
  2⤵
  PID:7504
- C:\Windows\System\LgawyFE.exe
  C:\Windows\System\LgawyFE.exe
  2⤵
  PID:9160
- C:\Windows\System\qqVxnbj.exe
  C:\Windows\System\qqVxnbj.exe
  2⤵
  PID:7780
- C:\Windows\System\NbINWwd.exe
  C:\Windows\System\NbINWwd.exe
  2⤵
  PID:8268
- C:\Windows\System\tzYUOVp.exe
  C:\Windows\System\tzYUOVp.exe
  2⤵
  PID:8300
- C:\Windows\System\uYHyYxh.exe
  C:\Windows\System\uYHyYxh.exe
  2⤵
  PID:7656
- C:\Windows\System\yDeXLxf.exe
  C:\Windows\System\yDeXLxf.exe
  2⤵
  PID:8448
- C:\Windows\System\GKnwney.exe
  C:\Windows\System\GKnwney.exe
  2⤵
  PID:8428
- C:\Windows\System\uZlZQdf.exe
  C:\Windows\System\uZlZQdf.exe
  2⤵
  PID:8236
- C:\Windows\System\nCPiXkn.exe
  C:\Windows\System\nCPiXkn.exe
  2⤵
  PID:8360
- C:\Windows\System\MDjnJql.exe
  C:\Windows\System\MDjnJql.exe
  2⤵
  PID:8652
- C:\Windows\System\OxFYboT.exe
  C:\Windows\System\OxFYboT.exe
  2⤵
  PID:8716
- C:\Windows\System\gNcjkXk.exe
  C:\Windows\System\gNcjkXk.exe
  2⤵
  PID:8668
- C:\Windows\System\CgJcTAs.exe
  C:\Windows\System\CgJcTAs.exe
  2⤵
  PID:8732
- C:\Windows\System\fQPXcYv.exe
  C:\Windows\System\fQPXcYv.exe
  2⤵
  PID:8792
- C:\Windows\System\TJjYUQI.exe
  C:\Windows\System\TJjYUQI.exe
  2⤵
  PID:8828
- C:\Windows\System\UACBhJY.exe
  C:\Windows\System\UACBhJY.exe
  2⤵
  PID:8888
- C:\Windows\System\IxZzPrs.exe
  C:\Windows\System\IxZzPrs.exe
  2⤵
  PID:8832
- C:\Windows\System\reQAFRH.exe
  C:\Windows\System\reQAFRH.exe
  2⤵
  PID:8916
- C:\Windows\System\lnzoLEq.exe
  C:\Windows\System\lnzoLEq.exe
  2⤵
  PID:8968
- C:\Windows\System\cJqkglp.exe
  C:\Windows\System\cJqkglp.exe
  2⤵
  PID:9100
- C:\Windows\System\detdvMF.exe
  C:\Windows\System\detdvMF.exe
  2⤵
  PID:8992
- C:\Windows\System\wRzaEHQ.exe
  C:\Windows\System\wRzaEHQ.exe
  2⤵
  PID:9208
- C:\Windows\System\Rbwlpyp.exe
  C:\Windows\System\Rbwlpyp.exe
  2⤵
  PID:9188
- C:\Windows\System\MdhrovZ.exe
  C:\Windows\System\MdhrovZ.exe
  2⤵
  PID:9088
- C:\Windows\System\fAsaYJi.exe
  C:\Windows\System\fAsaYJi.exe
  2⤵
  PID:8312
- C:\Windows\System\rLnDgbB.exe
  C:\Windows\System\rLnDgbB.exe
  2⤵
  PID:8452
- C:\Windows\System\txloJLr.exe
  C:\Windows\System\txloJLr.exe
  2⤵
  PID:8332
- C:\Windows\System\vBArmCo.exe
  C:\Windows\System\vBArmCo.exe
  2⤵
  PID:8608
- C:\Windows\System\ncQLQng.exe
  C:\Windows\System\ncQLQng.exe
  2⤵
  PID:8344
- C:\Windows\System\AoRGvJx.exe
  C:\Windows\System\AoRGvJx.exe
  2⤵
  PID:8736
- C:\Windows\System\fcyhWvX.exe
  C:\Windows\System\fcyhWvX.exe
  2⤵
  PID:8768
- C:\Windows\System\sDasbmf.exe
  C:\Windows\System\sDasbmf.exe
  2⤵
  PID:8816
- C:\Windows\System\hCQoCZo.exe
  C:\Windows\System\hCQoCZo.exe
  2⤵
  PID:8900
- C:\Windows\System\tyyKcNB.exe
  C:\Windows\System\tyyKcNB.exe
  2⤵
  PID:9016
- C:\Windows\System\eZdjDbA.exe
  C:\Windows\System\eZdjDbA.exe
  2⤵
  PID:9172
- C:\Windows\System\JGmLbAy.exe
  C:\Windows\System\JGmLbAy.exe
  2⤵
  PID:2576
- C:\Windows\System\zIApHkS.exe
  C:\Windows\System\zIApHkS.exe
  2⤵
  PID:8252
- C:\Windows\System\CzAKcwq.exe
  C:\Windows\System\CzAKcwq.exe
  2⤵
  PID:8788
- C:\Windows\System\hqjjAfs.exe
  C:\Windows\System\hqjjAfs.exe
  2⤵
  PID:8748
- C:\Windows\System\FdttPDs.exe
  C:\Windows\System\FdttPDs.exe
  2⤵
  PID:7816
- C:\Windows\System\hAOQbIm.exe
  C:\Windows\System\hAOQbIm.exe
  2⤵
  PID:8852
- C:\Windows\System\FFxHbzK.exe
  C:\Windows\System\FFxHbzK.exe
  2⤵
  PID:8920
- C:\Windows\System\nXRRvqR.exe
  C:\Windows\System\nXRRvqR.exe
  2⤵
  PID:9140
- C:\Windows\System\xTQLCGf.exe
  C:\Windows\System\xTQLCGf.exe
  2⤵
  PID:8708
- C:\Windows\System\jvDdTKk.exe
  C:\Windows\System\jvDdTKk.exe
  2⤵
  PID:7364
- C:\Windows\System\LwxuKDJ.exe
  C:\Windows\System\LwxuKDJ.exe
  2⤵
  PID:8744
- C:\Windows\System\DzvtObX.exe
  C:\Windows\System\DzvtObX.exe
  2⤵
  PID:8904
- C:\Windows\System\lrvRBmY.exe
  C:\Windows\System\lrvRBmY.exe
  2⤵
  PID:8216
- C:\Windows\System\iFYpjzw.exe
  C:\Windows\System\iFYpjzw.exe
  2⤵
  PID:8856
- C:\Windows\System\avtSZCv.exe
  C:\Windows\System\avtSZCv.exe
  2⤵
  PID:8596
- C:\Windows\System\CkQLkAe.exe
  C:\Windows\System\CkQLkAe.exe
  2⤵
  PID:8052
- C:\Windows\System\gLSSFKF.exe
  C:\Windows\System\gLSSFKF.exe
  2⤵
  PID:9116
- C:\Windows\System\YumaKtE.exe
  C:\Windows\System\YumaKtE.exe
  2⤵
  PID:8956
- C:\Windows\System\hdHYAED.exe
  C:\Windows\System\hdHYAED.exe
  2⤵
  PID:8712
- C:\Windows\System\aQMcQZM.exe
  C:\Windows\System\aQMcQZM.exe
  2⤵
  PID:9220
- C:\Windows\System\eEEWmHS.exe
  C:\Windows\System\eEEWmHS.exe
  2⤵
  PID:9240
- C:\Windows\System\QkQMSiq.exe
  C:\Windows\System\QkQMSiq.exe
  2⤵
  PID:9260
- C:\Windows\System\FdQQfXh.exe
  C:\Windows\System\FdQQfXh.exe
  2⤵
  PID:9280
- C:\Windows\System\MhmuKZv.exe
  C:\Windows\System\MhmuKZv.exe
  2⤵
  PID:9296
- C:\Windows\System\RNxdpuK.exe
  C:\Windows\System\RNxdpuK.exe
  2⤵
  PID:9316
- C:\Windows\System\WGXhKCv.exe
  C:\Windows\System\WGXhKCv.exe
  2⤵
  PID:9332
- C:\Windows\System\HHBhUFf.exe
  C:\Windows\System\HHBhUFf.exe
  2⤵
  PID:9356
- C:\Windows\System\UMiohqW.exe
  C:\Windows\System\UMiohqW.exe
  2⤵
  PID:9376
- C:\Windows\System\QOFbcOD.exe
  C:\Windows\System\QOFbcOD.exe
  2⤵
  PID:9392
- C:\Windows\System\ZRmFuGA.exe
  C:\Windows\System\ZRmFuGA.exe
  2⤵
  PID:9412
- C:\Windows\System\CnoYyRS.exe
  C:\Windows\System\CnoYyRS.exe
  2⤵
  PID:9428
- C:\Windows\System\utZSEME.exe
  C:\Windows\System\utZSEME.exe
  2⤵
  PID:9456
- C:\Windows\System\jQQyIAN.exe
  C:\Windows\System\jQQyIAN.exe
  2⤵
  PID:9472
- C:\Windows\System\PcWpvVI.exe
  C:\Windows\System\PcWpvVI.exe
  2⤵
  PID:9492
- C:\Windows\System\qSyuufB.exe
  C:\Windows\System\qSyuufB.exe
  2⤵
  PID:9528
- C:\Windows\System\kqWNwsD.exe
  C:\Windows\System\kqWNwsD.exe
  2⤵
  PID:9548
- C:\Windows\System\ZmhBKDu.exe
  C:\Windows\System\ZmhBKDu.exe
  2⤵
  PID:9564
- C:\Windows\System\ubwCgXV.exe
  C:\Windows\System\ubwCgXV.exe
  2⤵
  PID:9580
- C:\Windows\System\vPnASRA.exe
  C:\Windows\System\vPnASRA.exe
  2⤵
  PID:9600
- C:\Windows\System\jQfkgjR.exe
  C:\Windows\System\jQfkgjR.exe
  2⤵
  PID:9628
- C:\Windows\System\BzfQRoU.exe
  C:\Windows\System\BzfQRoU.exe
  2⤵
  PID:9644
- C:\Windows\System\ZBnsCLi.exe
  C:\Windows\System\ZBnsCLi.exe
  2⤵
  PID:9664
- C:\Windows\System\xgOowaO.exe
  C:\Windows\System\xgOowaO.exe
  2⤵
  PID:9688
- C:\Windows\System\abCJNiy.exe
  C:\Windows\System\abCJNiy.exe
  2⤵
  PID:9708
- C:\Windows\System\lMVRpFg.exe
  C:\Windows\System\lMVRpFg.exe
  2⤵
  PID:9732
- C:\Windows\System\poqbpvR.exe
  C:\Windows\System\poqbpvR.exe
  2⤵
  PID:9748
- C:\Windows\System\RnKpfbA.exe
  C:\Windows\System\RnKpfbA.exe
  2⤵
  PID:9764
- C:\Windows\System\BkJCysV.exe
  C:\Windows\System\BkJCysV.exe
  2⤵
  PID:9784
- C:\Windows\System\kTjkguE.exe
  C:\Windows\System\kTjkguE.exe
  2⤵
  PID:9808
- C:\Windows\System\MUDTRKJ.exe
  C:\Windows\System\MUDTRKJ.exe
  2⤵
  PID:9824
- C:\Windows\System\iDqNzgV.exe
  C:\Windows\System\iDqNzgV.exe
  2⤵
  PID:9844
- C:\Windows\System\GNNpbii.exe
  C:\Windows\System\GNNpbii.exe
  2⤵
  PID:9872
- C:\Windows\System\wosbyAm.exe
  C:\Windows\System\wosbyAm.exe
  2⤵
  PID:9892
- C:\Windows\System\Swbecct.exe
  C:\Windows\System\Swbecct.exe
  2⤵
  PID:9916
- C:\Windows\System\yKyUgKd.exe
  C:\Windows\System\yKyUgKd.exe
  2⤵
  PID:9932
- C:\Windows\System\rrjfjNI.exe
  C:\Windows\System\rrjfjNI.exe
  2⤵
  PID:9948
- C:\Windows\System\IBpnuCp.exe
  C:\Windows\System\IBpnuCp.exe
  2⤵
  PID:9972
- C:\Windows\System\MPGXghx.exe
  C:\Windows\System\MPGXghx.exe
  2⤵
  PID:9988
- C:\Windows\System\ePzmzNt.exe
  C:\Windows\System\ePzmzNt.exe
  2⤵
  PID:10012
- C:\Windows\System\XfxwciI.exe
  C:\Windows\System\XfxwciI.exe
  2⤵
  PID:10036
- C:\Windows\System\IHDxwjf.exe
  C:\Windows\System\IHDxwjf.exe
  2⤵
  PID:10052
- C:\Windows\System\bppWrtn.exe
  C:\Windows\System\bppWrtn.exe
  2⤵
  PID:10072
- C:\Windows\System\qxKWgiH.exe
  C:\Windows\System\qxKWgiH.exe
  2⤵
  PID:10096
- C:\Windows\System\ORjEGJB.exe
  C:\Windows\System\ORjEGJB.exe
  2⤵
  PID:10116
- C:\Windows\System\BHBHxwC.exe
  C:\Windows\System\BHBHxwC.exe
  2⤵
  PID:10132
- C:\Windows\System\wFrbmOG.exe
  C:\Windows\System\wFrbmOG.exe
  2⤵
  PID:10152
- C:\Windows\System\kxaLJfs.exe
  C:\Windows\System\kxaLJfs.exe
  2⤵
  PID:10176
- C:\Windows\System\bNXQfYD.exe
  C:\Windows\System\bNXQfYD.exe
  2⤵
  PID:10192
- C:\Windows\System\xoffntW.exe
  C:\Windows\System\xoffntW.exe
  2⤵
  PID:10224
- C:\Windows\System\HpqPfAM.exe
  C:\Windows\System\HpqPfAM.exe
  2⤵
  PID:8776
- C:\Windows\System\PmJzIQE.exe
  C:\Windows\System\PmJzIQE.exe
  2⤵
  PID:9256
- C:\Windows\System\FtFruNO.exe
  C:\Windows\System\FtFruNO.exe
  2⤵
  PID:9364
- C:\Windows\System\TXIRhTR.exe
  C:\Windows\System\TXIRhTR.exe
  2⤵
  PID:9228
- C:\Windows\System\XPTDlVa.exe
  C:\Windows\System\XPTDlVa.exe
  2⤵
  PID:9352
- C:\Windows\System\Ryczurp.exe
  C:\Windows\System\Ryczurp.exe
  2⤵
  PID:9372
- C:\Windows\System\IpVJHad.exe
  C:\Windows\System\IpVJHad.exe
  2⤵
  PID:9440
- C:\Windows\System\eIntdQG.exe
  C:\Windows\System\eIntdQG.exe
  2⤵
  PID:9420
- C:\Windows\System\oLfGmqG.exe
  C:\Windows\System\oLfGmqG.exe
  2⤵
  PID:9468
- C:\Windows\System\QKkcZYi.exe
  C:\Windows\System\QKkcZYi.exe
  2⤵
  PID:9512
- C:\Windows\System\NHCuoaz.exe
  C:\Windows\System\NHCuoaz.exe
  2⤵
  PID:9536
- C:\Windows\System\PWSBAEQ.exe
  C:\Windows\System\PWSBAEQ.exe
  2⤵
  PID:9592
- C:\Windows\System\alpDVqK.exe
  C:\Windows\System\alpDVqK.exe
  2⤵
  PID:9616
- C:\Windows\System\oWVlBKr.exe
  C:\Windows\System\oWVlBKr.exe
  2⤵
  PID:9640
- C:\Windows\System\wEKRkVH.exe
  C:\Windows\System\wEKRkVH.exe
  2⤵
  PID:9716
- C:\Windows\System\gWqsfFP.exe
  C:\Windows\System\gWqsfFP.exe
  2⤵
  PID:9772
- C:\Windows\System\FIWCZGB.exe
  C:\Windows\System\FIWCZGB.exe
  2⤵
  PID:9800
- C:\Windows\System\PlqsqAV.exe
  C:\Windows\System\PlqsqAV.exe
  2⤵
  PID:9840
- C:\Windows\System\EuSoegK.exe
  C:\Windows\System\EuSoegK.exe
  2⤵
  PID:9860
- C:\Windows\System\njPiGRc.exe
  C:\Windows\System\njPiGRc.exe
  2⤵
  PID:9900
- C:\Windows\System\xxzDMcz.exe
  C:\Windows\System\xxzDMcz.exe
  2⤵
  PID:9924
- C:\Windows\System\tLzZIvA.exe
  C:\Windows\System\tLzZIvA.exe
  2⤵
  PID:9956
- C:\Windows\System\ETQirHQ.exe
  C:\Windows\System\ETQirHQ.exe
  2⤵
  PID:9996
- C:\Windows\System\XYychwk.exe
  C:\Windows\System\XYychwk.exe
  2⤵
  PID:10028
- C:\Windows\System\LrhIJGk.exe
  C:\Windows\System\LrhIJGk.exe
  2⤵
  PID:10064
- C:\Windows\System\wEMFAdG.exe
  C:\Windows\System\wEMFAdG.exe
  2⤵
  PID:10112
- C:\Windows\System\WBesDAC.exe
  C:\Windows\System\WBesDAC.exe
  2⤵
  PID:10124
- C:\Windows\System\WDeeGxd.exe
  C:\Windows\System\WDeeGxd.exe
  2⤵
  PID:10164
- C:\Windows\System\IvCrQZV.exe
  C:\Windows\System\IvCrQZV.exe
  2⤵
  PID:10188
- C:\Windows\System\FDypmKB.exe
  C:\Windows\System\FDypmKB.exe
  2⤵
  PID:10216
- C:\Windows\System\zPrUoxQ.exe
  C:\Windows\System\zPrUoxQ.exe
  2⤵
  PID:9176
- C:\Windows\System\KpQAstc.exe
  C:\Windows\System\KpQAstc.exe
  2⤵
  PID:9252
- C:\Windows\System\GVOvcAn.exe
  C:\Windows\System\GVOvcAn.exe
  2⤵
  PID:9348
- C:\Windows\System\MECPqnn.exe
  C:\Windows\System\MECPqnn.exe
  2⤵
  PID:9464
- C:\Windows\System\GqhfKvV.exe
  C:\Windows\System\GqhfKvV.exe
  2⤵
  PID:9608
- C:\Windows\System\spJvywN.exe
  C:\Windows\System\spJvywN.exe
  2⤵
  PID:9508
- C:\Windows\System\fohcvWX.exe
  C:\Windows\System\fohcvWX.exe
  2⤵
  PID:9576
- C:\Windows\System\yTydFon.exe
  C:\Windows\System\yTydFon.exe
  2⤵
  PID:9676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BOtqVuz.exe

Filesize
6.0MB

MD5
9420270554e0ce60e4cc7254bbb117fa

SHA1
94be4bda9f1297d34c0fc82ae3240c2938fc3e0b

SHA256
79cc3f63c5cc4d8e6bf94001ef8225846b43ccfaee19904e8a0b9b6dd36b1ab7

SHA512
e5746173278a7d6122875f017c22a5a86017d9ad85f39fdf67d95ac437d287d850f51c45fbcb434132fc4b32f7695895fa8b882021e97a6394156d10213f522d

Download Submit
C:\Windows\system\BjPlVif.exe

Filesize
6.0MB

MD5
29101433b04d1ef45ec74eeb8303705e

SHA1
ef5aae9f7838982d8f6a751e2b6195d40c8173e5

SHA256
209eca983821f68bf0d43378eb0f82817239ab0450d5d800cfbc59b236668098

SHA512
cbc15bac261eab164d91c29d5521c4e4ac312137c0da93c7cb67d0ef13c13f1dc487b32514c4f919cd1f849167d8658440db2f58cff8a8281138f5d5c79a4000

Download Submit
C:\Windows\system\CSfCTXE.exe

Filesize
6.0MB

MD5
5e48ff554e9a35b74e8e9890436984f3

SHA1
06356be61ac4893d7fd3323fbab519b1a9acddf1

SHA256
1506805af551a453ac47e1f9fae612d3eae295a3b783c6365fd6e194675efd4f

SHA512
e2d8bf78a0036d8fd1ba762a17293c0aac7eb14010383d6fe5edc79c3d682ea924fddf1bfa0ef71a49d305d36f26b16ba68e61f044941d48627ffd2b8c5b4f20

Download Submit
C:\Windows\system\EjHqGhE.exe

Filesize
6.0MB

MD5
18b6f56606237a8296a7bbe11f719908

SHA1
e018eddd809e72a47aba9b77267a7e2cafb1ee46

SHA256
b811c16b647476269fee5da74b330b52e90c7a7f8cdb6399f1dbf020630706e1

SHA512
171c68753b1c780e4de454df572e28a261328201745c27ee75117ceea2a630b0416fc196fafc705ea94f53e1483e065c40cf676e3e613cb0baa7e1eb58ac0b89

Download Submit
C:\Windows\system\HeJvXYu.exe

Filesize
6.0MB

MD5
d691dea8493f88ff057edc65e4bc91b4

SHA1
656cabdb1246da4f40343ef83395eb804b166226

SHA256
b4a995f74adb8645663b945f14444b9e692dfd50d1451266296e62cb66c04188

SHA512
ef1ff60c1895f738a3f3ac99fac351ab4dce15938493fac8daa5415d9b9146cb1886ae265b034acef017b703404b13528bd1ed950eba92fb5cccdbed0acd8825

Download Submit
C:\Windows\system\KeLefeq.exe

Filesize
6.0MB

MD5
4a23741e9ac90a27538bd148b30340da

SHA1
fb45b08f5efe5a8a1ac0cd9b754ecfb6f2216004

SHA256
886010ccfe045154660528eb4606f62998e1f9137e5db08b8476ac58fdee4257

SHA512
39f229f7ace5528f9e60cdf63e0ac88e47d44a550ab078d8ad2f2d4860550ab2679445ea83d1d6f8156969b357f7c80f4ba5d7a61d0301f2841cf8ceb1248750

Download Submit
C:\Windows\system\LpNEofB.exe

Filesize
6.0MB

MD5
83d57a91fb6326b5fb57930d8f5ea04f

SHA1
4c3ac02e3e0870285706d5d0145c220b617b9001

SHA256
439bf4d502dc32eb3a03b15dcd6d048b082d7cb030e6299d996409d841ce27ee

SHA512
38fb8fd9642ac994a0beaf47d333bce8ba5ed259d9ba7a00eb37524c1e09cd3f9bd7f53ec025767f560c6d88ea11af3ef973d9054be00be7123843ebcbbc7349

Download Submit
C:\Windows\system\NYfZoIt.exe

Filesize
6.0MB

MD5
156a8ef5def134b6c6b80edac1ee90de

SHA1
7deb43515128eef1b77535e0f973d4f4cfa17bbc

SHA256
99b7301ca08788d4fb82327d803f5174c8dc6d19e34b9a7d5d93c04f8b11745b

SHA512
b24953749b4529f8253668bf8f556bafc33d2f2a51e69adfcbe62017ce602e4220c401e10c4b3bd120db17cd4a49ca9ab6f8316b5ab0e965c19537f76699112d

Download Submit
C:\Windows\system\PcffnDJ.exe

Filesize
6.0MB

MD5
dcb4001b8ef7a77fbe04252c6187cf36

SHA1
3d458dd65ac979602d2f87857094e8d707a53893

SHA256
3b900959545093a9f44603af08c3361447c205ee00b7d03f8f0be7869035ea28

SHA512
bbc8973f28074b68ab42b53e370c3ae704f114ac33c9a385089bc1281c22b2d1aa87ba69d9f89263d812491f43f38a2d1126fed894f9860020bcab5f623a23f4

Download Submit
C:\Windows\system\RHRibTo.exe

Filesize
6.0MB

MD5
eb3bf7bde2163a2ca4620a2199b402eb

SHA1
d6ab90c25557d9e2924bc463683d8d64b798cd93

SHA256
f68318f5488258080ce3dd29b6212fe5cd9f3072b3cd1ac59241c16ac4277252

SHA512
95289d5b5f6a4bcb4e6eeaf791e3b23d9162696428d1c999f3cf1e7c9289518db28c5fa3564a8a476e3097b506812d0c30234fae5d5ecd7976a194ca1d8c358d

Download Submit
C:\Windows\system\UUBZQPB.exe

Filesize
6.0MB

MD5
3f1b366220494b6b855d2df5a39d7ac3

SHA1
90ea542ea33ace1859aebd284b515292b562a18d

SHA256
2c4c768fe9665e58374ebd7e22423a770c6c5af4b77518bd14bf57ec16ce7e93

SHA512
d8e55c82062ad700c1d30dc7eb77635a2c72b3e01722c828f8d2566fb6b6e053c5fae5317836a9d2cf57d503ccf9c02b23a7754e4137a92d42dfb3766f427f79

Download Submit
C:\Windows\system\UniOSdu.exe

Filesize
6.0MB

MD5
41349f7703d375a08c8c6b2254e3b5f0

SHA1
07b6276cfd9da910d3016f5c94d93365b468b93b

SHA256
aa559a5b926a6368ec36cc3a680483478dc56205af44159e3df1447b33765d7d

SHA512
7c00ced2ef6f672844f61e76ddc9ccae19f7ad8bcd2a6f1e0e2ca1bc49d2ad9c291dd84b28a5602e3103fce161031b55240ffe159eb9494ee00798f549275f1e

Download Submit
C:\Windows\system\YRpILuu.exe

Filesize
6.0MB

MD5
14505777da91bd9525b6326a79b66ff9

SHA1
02874523ac6d950de2ef2936ac29aed2c579e4e0

SHA256
3b8007ccf57594241d10e2376ae059a9d785d3d43acaa3c04e2f0c436f843fcf

SHA512
7a5a5c82d9f27776881192b9e1e91ded44ca15c8170d806c854e0c7dda986ff8e6e97ed4e53bcdf17047519f5603aa1d73562863373431112a68ff865ab2ad9b

Download Submit
C:\Windows\system\ZTLeBos.exe

Filesize
6.0MB

MD5
9395054cc2fa63de5d4675110fb3f74b

SHA1
8d56f96d50c7091e7e3a127f986cd49be7551c90

SHA256
3106aea57b1ebbb00bb2f267bcaa4021fbfe16218906c915446e8a7fa5cab1c1

SHA512
77aa5d21b92aed2346ef14e374a44ce476177b32b941ebabdcfcce0eb7203523a60e8d15bd19770b60f46895227795bad9aea40dc61a1094b7cd2f8bcdf6684a

Download Submit
C:\Windows\system\ainMbJI.exe

Filesize
6.0MB

MD5
3482e71f9438705fc9934bf04563ebda

SHA1
5079907e2ef82c77f15a85f1c42f3e0c636ca8ef

SHA256
0d5eddb9824b6ffbea3d9500f27732fc4128fff83840574de48e70483bfca3b4

SHA512
70ef3d9d9bab350622e3797bb31fb762a48621021699e458db00fd1c1077cf85891e2bde1da6c19ceb3aa3d10f58b33010d5d5cacf62dc246d3bdb2974a0ca6d

Download Submit
C:\Windows\system\czYWVyw.exe

Filesize
6.0MB

MD5
33700e0a505979be5d0fe66ccd8558ac

SHA1
fc3befb6dd175a1f8f5b31dc6d067a0cd78b2e77

SHA256
0e367d955a09cedd5db10fa37d969da82bbab57540d7638c7c5e5daaa0947476

SHA512
0b3c2ae8540210e26d8ef76cd801c3c425541fd87314977113257a83dcff7021d057c9eddd96d199f5c22b5bc6789d77c5b06a4de6c03e833488ab036cd344c9

Download Submit
C:\Windows\system\gadFDiR.exe

Filesize
8B

MD5
338fde68ae7dad6345c4ed67f5eeae08

SHA1
e27075153e543cd3aadd16044aaa8953be280bac

SHA256
eabac93986cc662d95c9ce1e7d66a47d211f822f2107fbf6b0f3254e13aefe02

SHA512
5274b072a8ff1840ef85ea16f6e28edf3b5d70d825dbe9f599c13ba172c7f168366f2095597819fa7d68b30cdecf4e71c6928ae607be7a8a82e62143e0309a4a

Download Submit
C:\Windows\system\klJsRQj.exe

Filesize
6.0MB

MD5
a1c505c7349fdb87b322f069a33327dd

SHA1
e3c749cf205741d49ba422720565e14d92fe704e

SHA256
9c4329a65590fda49afab2e1053971c159ab079f25cda8e0ccc9ad1a1707278b

SHA512
959cde394bab155172585e1bdaba62a2a36635f26fef0fcde71a49e1d9a7727d5f1056d5067b2baa8a0ef8f4df2cd45b4e63683dcc8d2a56a0c120cc752460ea

Download Submit
C:\Windows\system\rCWFVgQ.exe

Filesize
6.0MB

MD5
cc94c3e9e54ca193b5114f5b8f3e091a

SHA1
222c5a1e4d9978228934a35485d8738275784cf5

SHA256
9f2813ba1949cb7e11beaf65990de8f224598b366f01aa6c8719324716d0a681

SHA512
7e8868cf79c5e8b95afcba8120049fdb412b6fc8f00ee1478b9703203fb714bcd21025ae2eb75aaddf59f928efe0534f2db175524b60b7294c038c556c5bce4f

Download Submit
C:\Windows\system\rLirCrt.exe

Filesize
6.0MB

MD5
4e2e5a843391b9e955d748a0c6396d58

SHA1
775086d585810809be5c1b198d8edede969567dc

SHA256
7c3e43da73f21ca3d208108310c2a93e4535793745289e3e1d7c923ba220caba

SHA512
5482de7440ec7fbac9a083ca6e70bdc60efbac70abf8d37e8de08bc2c18a98ab9f38bca9942ba048e2622b309af1c5fc0cdb0d80a5e6a6670be43ccb27315096

Download Submit
C:\Windows\system\uJzTTbP.exe

Filesize
6.0MB

MD5
1348f67570131af422dd657545409fb4

SHA1
7388a3cc0b04628a4c0c28a5641fbfdfb669e3f1

SHA256
386fce690b8882e2b95de52cb118d31ebc384c244a778a6c6c1ac7d4e7782883

SHA512
d5f8d78234ddc981034f91b45fe731ad756a402f00c6e09e76e2f7663e315593fd827f61d99a7e3175c39f0602df92ebf7d70f44023c31769ea575d7056df1d0

Download Submit
C:\Windows\system\unDQXQP.exe

Filesize
6.0MB

MD5
b2da4bc87d908931ee4d3da24272312d

SHA1
b2663c3d3c206a6d58f247df759319bfdca283f4

SHA256
f658df3ae66d15f62053299967310799b9fece4a878f99acf33057eafb7115a2

SHA512
86565b7f5c0e2d86fa3a19cb47a8300b13c1a3a917e76a89dd45d1ce2590166d79dabbe3cd3d2ca351d3fc42788b757fe8ad8638b2ea401eeffcbf8dcf22229f

Download Submit
C:\Windows\system\yMifuGS.exe

Filesize
6.0MB

MD5
779496587a4e3dc1063427eb81fbe1a1

SHA1
1290a8bdbd2d4bb3f3a9b8c2cd17e55b16bd41a3

SHA256
354133451cad9bc213eb88df316d24bbdc7469c31e0cf880e626aed62cde8844

SHA512
0c5a03e6c07bfc9bbd123dde8b4b0f1b13a85522e3f9b1dc0c9adf340ffa279b8aa45ca0c1adc64637ce29fb6ab569b9b5cf6eefc30802df015290a0c1125d79

Download Submit
\Windows\system\IINYmNc.exe

Filesize
6.0MB

MD5
9c500594c77009d2223b95ff577b0b65

SHA1
965215c1310c6229c3eda908b61ddf7f5d8f1560

SHA256
e7018dfe4708c639446d5fdd7aa3fa032072fc7669478caaf0dcccbb4c1deef7

SHA512
913727159610e4c3426df3c2047f8b11c5891702d9330d77c8c8330580447a0df08954f1fdb57df56e2c152b2c48a76e795437a5d6d7b6c594769f9c0bb10151

Download Submit
\Windows\system\YFhacTq.exe

Filesize
6.0MB

MD5
16ecaa1b489b8b1c34a5673472fea9e1

SHA1
5378e2ae30714f9bad2655acdc0b02e986bc5e2d

SHA256
eee4be6d2cc70265b0737d0018b61b94d546cc082f8d58efd4d7acf8ec943c1a

SHA512
c94d4abdedf34d88ecb155eadd884cc0d4f3ded4a1257be694f832c6bf3043a18c1396ed3ca6dc0c99986bf8ecb7b1069fa27ac5476635cc2e10e573f2402525

Download Submit
\Windows\system\aicZgNZ.exe

Filesize
6.0MB

MD5
bfb1c8f45e7a6b3052858f1662456a53

SHA1
e999b5456d1e720891043e8ab8e96c360714de8c

SHA256
ebd825a07e4b05f8ca4a9a394a4346bdb71569a2f48418a3ae49296b325477c3

SHA512
0bdd6247b4619ad815abd55f5cd6f7477b2118c65d1d621955397904c3ebd87a28309fcf16cdc4c85c7e02d6195322f710b95543088dd33d3a5420f87d6c2154

Download Submit
\Windows\system\iKkJdfq.exe

Filesize
6.0MB

MD5
9ce0cf1784535a0933620e6e84eec71c

SHA1
e3df968a18dfe571ee0882cc131799b78c368bc2

SHA256
1b6be9431f61450ad57c34ff4a4dbd3bad7ccb1fec1633b95938b166f268b965

SHA512
a54c4b78f7b55d4bdbdbb01d7935c89c13ca7591161355886050ba95d9ed4b813ca20bcc0e056ba4d8cde77b33c4e3fa26c4d2b9601a3b938436e2ee44c29e8b

Download Submit
\Windows\system\iLjfDTM.exe

Filesize
6.0MB

MD5
2b39653ec893f83aac977249bc07faa3

SHA1
bf3deef86b78470d72d87c4afd9eb6d5cfa4a052

SHA256
a482a97affda69754bf48ee83614b2240973da4a6cf7e0410c8c8eceb1837529

SHA512
c8fc24e1831098efbe1160e6346c9a25477506c287192a13167fec8f1045d2d8be9d2f021f3c90f46d8e9ff7f8c8b1c107c4aa4937aecd18fcfcb31ceae3c20e

Download Submit
\Windows\system\ibjWEgI.exe

Filesize
6.0MB

MD5
d9dd9caf7e6c2d4834ba8caf10072ea8

SHA1
9fae8badb46172f82a7ab63b95b1f8733e81372c

SHA256
69c23c49e06a3671ed09400ba259fbcbe404511c14e1ca62d4d4d00521fb2424

SHA512
65f999b6c50de6068b9858f62378efa22e525ec231bf73c4dd77299c4c417136e869aef9334d6f672d404c53a998ae24459b9dbba2796da42237c04c31c086e4

Download Submit
\Windows\system\lQJwKpb.exe

Filesize
6.0MB

MD5
f55099b4b8c574571bc6d94c0d2fbcf7

SHA1
4922f217c1a6e62130e5d15a7553701de3803880

SHA256
6a307911621e2e4880760530533a5b2cdd27d47ae52227e4051675ef2cf27cac

SHA512
43cd0c1409334f47cf3e82139926025b4a88a9bfdd32f5cd07bb7eb6efe436f3787e864e3db26c752cea42fbc0a172d605b51da8bcb865a194fdb31ddbd7b899

Download Submit
\Windows\system\lwaRPVA.exe

Filesize
6.0MB

MD5
97442cf72c3b7f551ede3b1ca7ed4e7c

SHA1
5770d8a25bee82596fd98b62819d0c954c26a22b

SHA256
d5257b011de68c731eba1f61e47de5a7ace2b7582b32d7dc51cd18d84769c90c

SHA512
c50a0e399938f0f5db9b5f787cce0ae2dbfea98220be09c999cd5da763af958299ec815bd136afe12687a26984099a1d2ee5cfc9b7bc02835d9a8c96195001b4

Download Submit
\Windows\system\pveIVAg.exe

Filesize
6.0MB

MD5
f8f1fff585b975964b4a86d85792f9bc

SHA1
0667f06c7a361356b507ae159385abbc14b3e80b

SHA256
43d79e9433d1fdcebcc9357a9377ee6dd882227ed53ce6b568df843e1ec922b6

SHA512
8beb89684c08bdc94e1b6081f4d219a18fa70a5b4a0780862308c1b4894c20751f634ad5e75e7778d37aa9122c505cc4bc66b978c7798dab425d23d36bd16b5f

Download Submit
\Windows\system\rhJolWT.exe

Filesize
6.0MB

MD5
848cee2cc2e82cf12fbb75af32492be8

SHA1
2feaa46632353753322c44126911fce0ef9fcbf3

SHA256
2c96864b3e1adb4df89346d32c14d899696a732d9f0a18965252e36f048d183c

SHA512
67048d1f5801ebfc6c461aef86b9a8c5cb78ea9ed70a6e7079a51bbcb676867ea3d0bea86df7aa9a861dc222ad1296e85c9d7c8467805e5c3bafbea8923a9058

Download Submit
memory/1000-3058-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/1000-15-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/1000-65-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/1372-22-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/1372-70-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/1372-3103-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/1548-9-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/1548-3055-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/1912-82-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/1912-3091-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/1912-28-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/1948-63-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/1948-3107-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2516-92-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-660-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-3264-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2532-380-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2532-3178-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2532-80-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2560-3134-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2560-72-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-20-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-40-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-86-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2596-965-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2596-26-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2596-1-0x0000000000090000-0x00000000000A0000-memory.dmp

Filesize
64KB

Download
memory/2596-13-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-78-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2596-58-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2596-75-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2596-381-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2596-0-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-8-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2596-104-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-743-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2596-97-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2596-96-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2596-50-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-62-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2712-45-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3097-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2736-3275-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2736-848-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2736-100-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2772-3102-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-46-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-3104-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2804-59-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2936-3110-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2936-64-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/3028-3185-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/3028-88-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download