cobaltstrike | daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71

Analysis

max time kernel
120s
max time network
119s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
20-11-2024 04:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
Size

6.0MB
MD5

534782b32f86096b598deca5c84e3be9
SHA1

2894b90d1a10eb4ea9bd15d0b69b3b478a28df4a
SHA256

daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71
SHA512

954d81376ee6f6eab6a9ccea19ccce5c59e8a59663a61374e6a99e9168dcee0140d21294e7210af51b76188d6c2cf9fbc804322807bfd08280350276eef81219
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUC:T+q56utgpPF8u/7C

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120fd-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015f10-10.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000160a5-15.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000160ab-20.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001629c-25.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000162f6-29.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001648f-35.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000165b9-39.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018bf3-44.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019223-49.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001930d-103.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001939b-119.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e3-176.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e9-187.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e7-180.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d2-175.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c4-166.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194db-170.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f7-137.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194cd-158.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b5-127.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001949e-144.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e8-131.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b3-123.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019374-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933b-111.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001932d-107.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926b-99.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019246-92.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019230-91.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019240-73.dat	cobalt_reflective_dll
behavioral1/files/0x000c000000015d51-55.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2632-0-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/files/0x00080000000120fd-3.dat	xmrig
behavioral1/files/0x0008000000015f10-10.dat	xmrig
behavioral1/files/0x00070000000160a5-15.dat	xmrig
behavioral1/files/0x00070000000160ab-20.dat	xmrig
behavioral1/files/0x000700000001629c-25.dat	xmrig
behavioral1/files/0x00070000000162f6-29.dat	xmrig
behavioral1/files/0x000900000001648f-35.dat	xmrig
behavioral1/files/0x00090000000165b9-39.dat	xmrig
behavioral1/files/0x0006000000018bf3-44.dat	xmrig
behavioral1/files/0x0005000000019223-49.dat	xmrig
behavioral1/memory/2288-85-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/1868-88-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2376-94-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/files/0x000500000001930d-103.dat	xmrig
behavioral1/files/0x000500000001939b-119.dat	xmrig
behavioral1/files/0x00050000000194e3-176.dat	xmrig
behavioral1/memory/852-698-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2376-697-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/1868-621-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2632-454-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194e9-187.dat	xmrig
behavioral1/files/0x00050000000194e7-180.dat	xmrig
behavioral1/files/0x00050000000194d2-175.dat	xmrig
behavioral1/files/0x00050000000194c4-166.dat	xmrig
behavioral1/files/0x00050000000194db-170.dat	xmrig
behavioral1/files/0x00050000000193f7-137.dat	xmrig
behavioral1/files/0x00050000000194cd-158.dat	xmrig
behavioral1/files/0x00050000000193b5-127.dat	xmrig
behavioral1/files/0x000500000001949e-144.dat	xmrig
behavioral1/files/0x00050000000193e8-131.dat	xmrig
behavioral1/files/0x00050000000193b3-123.dat	xmrig
behavioral1/files/0x0005000000019374-115.dat	xmrig
behavioral1/files/0x000500000001933b-111.dat	xmrig
behavioral1/files/0x000500000001932d-107.dat	xmrig
behavioral1/files/0x000500000001926b-99.dat	xmrig
behavioral1/memory/852-96-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/files/0x0005000000019246-92.dat	xmrig
behavioral1/files/0x0005000000019230-91.dat	xmrig
behavioral1/memory/2656-68-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2632-86-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/2632-82-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/2688-81-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/1380-80-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/2604-79-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/2596-78-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/2276-76-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2632-75-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2564-74-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/files/0x0005000000019240-73.dat	xmrig
behavioral1/memory/2632-63-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2788-61-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/memory/2760-52-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2696-58-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2632-56-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/files/0x000c000000015d51-55.dat	xmrig
behavioral1/memory/2276-2977-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2696-2986-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2656-2984-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2688-2983-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/2564-3006-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/memory/2788-3019-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/memory/2760-3029-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2596-3028-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2688	JdxjxCx.exe
2760	ucxodIL.exe
2696	gGrjxcw.exe
2788	ZLfprrR.exe
2656	SQmlXEy.exe
2564	mIPLShs.exe
2276	uMnDvFR.exe
2596	QRuirgp.exe
2604	oCwKlFX.exe
1380	XcOdDVT.exe
2288	IieTZWj.exe
1868	vRSOvtc.exe
2376	UkfBRoW.exe
852	raHStTa.exe
864	obmndRF.exe
572	SggNMEG.exe
2012	dBWbbkV.exe
1752	dhSNkqY.exe
944	aMuYaJI.exe
444	PxYwdoC.exe
2576	uJAUHan.exe
1328	ybIRCEY.exe
1612	NPBjDaQ.exe
2228	SwYnzrZ.exe
1860	qiOtLrR.exe
1864	qNQcklA.exe
2044	bfqdcGq.exe
2344	HavUgDx.exe
3012	EeQwtxT.exe
2176	LEUEYDw.exe
1924	JdZUWPc.exe
952	RTHtGNH.exe
2068	INTQLBg.exe
820	xweBhCO.exe
1552	JTszpHw.exe
1216	NOMWtaV.exe
1916	cMzBdVq.exe
2268	tScCwAi.exe
1308	LCQatJK.exe
1056	JzhhSBD.exe
1064	cNvfHxJ.exe
1784	chWLMHL.exe
2264	sLkgGAD.exe
2416	VGbUPyF.exe
2144	xWjPwUc.exe
2492	IuvFlks.exe
2916	smeYCNf.exe
1764	iWierPB.exe
1812	opUkedp.exe
1932	WejcHzq.exe
1484	audAGhc.exe
868	fpUzmwj.exe
3004	wMLyeVn.exe
1604	nfKtKGs.exe
3064	HuoyTvn.exe
2740	cmSZBOU.exe
1608	dLvNlpp.exe
2668	OwezyAy.exe
2360	aEMJZkQ.exe
2752	EzCjGpD.exe
2532	IXJkUCc.exe
2744	FFlVZUF.exe
2884	cJXmhSC.exe
2944	bgUmhCe.exe

Loads dropped DLL 64 IoCs

pid	Process
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2632-0-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/files/0x00080000000120fd-3.dat	upx
behavioral1/files/0x0008000000015f10-10.dat	upx
behavioral1/files/0x00070000000160a5-15.dat	upx
behavioral1/files/0x00070000000160ab-20.dat	upx
behavioral1/files/0x000700000001629c-25.dat	upx
behavioral1/files/0x00070000000162f6-29.dat	upx
behavioral1/files/0x000900000001648f-35.dat	upx
behavioral1/files/0x00090000000165b9-39.dat	upx
behavioral1/files/0x0006000000018bf3-44.dat	upx
behavioral1/files/0x0005000000019223-49.dat	upx
behavioral1/memory/2288-85-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/1868-88-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2376-94-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/files/0x000500000001930d-103.dat	upx
behavioral1/files/0x000500000001939b-119.dat	upx
behavioral1/files/0x00050000000194e3-176.dat	upx
behavioral1/memory/852-698-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2376-697-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/1868-621-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2632-454-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/files/0x00050000000194e9-187.dat	upx
behavioral1/files/0x00050000000194e7-180.dat	upx
behavioral1/files/0x00050000000194d2-175.dat	upx
behavioral1/files/0x00050000000194c4-166.dat	upx
behavioral1/files/0x00050000000194db-170.dat	upx
behavioral1/files/0x00050000000193f7-137.dat	upx
behavioral1/files/0x00050000000194cd-158.dat	upx
behavioral1/files/0x00050000000193b5-127.dat	upx
behavioral1/files/0x000500000001949e-144.dat	upx
behavioral1/files/0x00050000000193e8-131.dat	upx
behavioral1/files/0x00050000000193b3-123.dat	upx
behavioral1/files/0x0005000000019374-115.dat	upx
behavioral1/files/0x000500000001933b-111.dat	upx
behavioral1/files/0x000500000001932d-107.dat	upx
behavioral1/files/0x000500000001926b-99.dat	upx
behavioral1/memory/852-96-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/files/0x0005000000019246-92.dat	upx
behavioral1/files/0x0005000000019230-91.dat	upx
behavioral1/memory/2656-68-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2688-81-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/1380-80-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/2604-79-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/2596-78-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/2276-76-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2564-74-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/files/0x0005000000019240-73.dat	upx
behavioral1/memory/2788-61-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/memory/2760-52-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2696-58-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/files/0x000c000000015d51-55.dat	upx
behavioral1/memory/2276-2977-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2696-2986-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2656-2984-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2688-2983-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/2564-3006-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/memory/2788-3019-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/memory/2760-3029-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2596-3028-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/1380-3080-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/2288-3092-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/1868-3105-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2376-3143-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2604-3071-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\VdvyAjC.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\bqBjGoz.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\qEhmXEv.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\wwSbMlf.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\ydYtPGl.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\hxrfmhi.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\FkEEUzW.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\xOQzvyH.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\CLWedPR.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\pUxfyZm.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\hPBHSRw.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\kBRCrrc.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\sZOWfzn.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\NDLkbyw.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\YlbOwbu.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\RLYnhEX.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\jiupmAw.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\STFhCke.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\tWhmXIB.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\CvZWExH.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\hHmtqyu.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\AoNWIVY.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\KsxwlPT.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\MCNOwOj.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\CuhwAIU.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\wGZZkXd.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\xdsmTVO.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\jjWdwzK.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\FUaqdUj.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\rmRkCTd.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\WejcHzq.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\NEfHLou.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\HgSZYzk.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\cJUUPYN.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\IwKKnle.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\vhQlJyO.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\yrOMefX.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\AurPOBD.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\sicPzUn.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\ZqTZefr.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\FiwLsnA.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\vSTIvpz.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\ybvZPZK.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\sIDVZJH.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\EnGHzxA.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\xhfmvyy.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\myYPavt.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\uVOzuzP.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\VegzswU.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\MNUgDHU.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\kSvPhgW.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\JmkBeZp.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\vbctLxF.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\OkCcbLK.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\NTBoDSu.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\FrUqDWo.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\VwtSihE.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\KlVNxAt.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\AYivHVH.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\FQsKDen.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\xBMdgNZ.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\zntpFhC.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\obmndRF.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
File created	C:\Windows\System\ukuyTpG.exe	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2632 wrote to memory of 2688	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	31
PID 2632 wrote to memory of 2688	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	31
PID 2632 wrote to memory of 2688	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	31
PID 2632 wrote to memory of 2760	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	32
PID 2632 wrote to memory of 2760	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	32
PID 2632 wrote to memory of 2760	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	32
PID 2632 wrote to memory of 2696	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	33
PID 2632 wrote to memory of 2696	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	33
PID 2632 wrote to memory of 2696	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	33
PID 2632 wrote to memory of 2788	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	34
PID 2632 wrote to memory of 2788	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	34
PID 2632 wrote to memory of 2788	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	34
PID 2632 wrote to memory of 2656	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	35
PID 2632 wrote to memory of 2656	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	35
PID 2632 wrote to memory of 2656	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	35
PID 2632 wrote to memory of 2564	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	36
PID 2632 wrote to memory of 2564	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	36
PID 2632 wrote to memory of 2564	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	36
PID 2632 wrote to memory of 2276	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	37
PID 2632 wrote to memory of 2276	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	37
PID 2632 wrote to memory of 2276	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	37
PID 2632 wrote to memory of 2596	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	38
PID 2632 wrote to memory of 2596	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	38
PID 2632 wrote to memory of 2596	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	38
PID 2632 wrote to memory of 2604	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	39
PID 2632 wrote to memory of 2604	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	39
PID 2632 wrote to memory of 2604	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	39
PID 2632 wrote to memory of 2288	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	40
PID 2632 wrote to memory of 2288	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	40
PID 2632 wrote to memory of 2288	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	40
PID 2632 wrote to memory of 1380	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	41
PID 2632 wrote to memory of 1380	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	41
PID 2632 wrote to memory of 1380	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	41
PID 2632 wrote to memory of 2376	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	42
PID 2632 wrote to memory of 2376	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	42
PID 2632 wrote to memory of 2376	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	42
PID 2632 wrote to memory of 1868	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	43
PID 2632 wrote to memory of 1868	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	43
PID 2632 wrote to memory of 1868	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	43
PID 2632 wrote to memory of 852	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	44
PID 2632 wrote to memory of 852	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	44
PID 2632 wrote to memory of 852	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	44
PID 2632 wrote to memory of 864	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	45
PID 2632 wrote to memory of 864	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	45
PID 2632 wrote to memory of 864	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	45
PID 2632 wrote to memory of 572	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	46
PID 2632 wrote to memory of 572	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	46
PID 2632 wrote to memory of 572	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	46
PID 2632 wrote to memory of 2012	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	47
PID 2632 wrote to memory of 2012	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	47
PID 2632 wrote to memory of 2012	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	47
PID 2632 wrote to memory of 1752	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	48
PID 2632 wrote to memory of 1752	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	48
PID 2632 wrote to memory of 1752	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	48
PID 2632 wrote to memory of 944	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	49
PID 2632 wrote to memory of 944	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	49
PID 2632 wrote to memory of 944	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	49
PID 2632 wrote to memory of 444	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	50
PID 2632 wrote to memory of 444	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	50
PID 2632 wrote to memory of 444	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	50
PID 2632 wrote to memory of 2576	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	51
PID 2632 wrote to memory of 2576	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	51
PID 2632 wrote to memory of 2576	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	51
PID 2632 wrote to memory of 1328	2632	daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe	52

C:\Users\Admin\AppData\Local\Temp\daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe
"C:\Users\Admin\AppData\Local\Temp\daca6ae8533281cb89ba285b313e609d72bdac91f82b97d197a7f352dbdb7d71.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2632
- C:\Windows\System\JdxjxCx.exe
  C:\Windows\System\JdxjxCx.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\ucxodIL.exe
  C:\Windows\System\ucxodIL.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\gGrjxcw.exe
  C:\Windows\System\gGrjxcw.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\ZLfprrR.exe
  C:\Windows\System\ZLfprrR.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\SQmlXEy.exe
  C:\Windows\System\SQmlXEy.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\mIPLShs.exe
  C:\Windows\System\mIPLShs.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\uMnDvFR.exe
  C:\Windows\System\uMnDvFR.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\QRuirgp.exe
  C:\Windows\System\QRuirgp.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\oCwKlFX.exe
  C:\Windows\System\oCwKlFX.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\IieTZWj.exe
  C:\Windows\System\IieTZWj.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\XcOdDVT.exe
  C:\Windows\System\XcOdDVT.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\UkfBRoW.exe
  C:\Windows\System\UkfBRoW.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\vRSOvtc.exe
  C:\Windows\System\vRSOvtc.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\raHStTa.exe
  C:\Windows\System\raHStTa.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\obmndRF.exe
  C:\Windows\System\obmndRF.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\SggNMEG.exe
  C:\Windows\System\SggNMEG.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\dBWbbkV.exe
  C:\Windows\System\dBWbbkV.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\dhSNkqY.exe
  C:\Windows\System\dhSNkqY.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\aMuYaJI.exe
  C:\Windows\System\aMuYaJI.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\PxYwdoC.exe
  C:\Windows\System\PxYwdoC.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\uJAUHan.exe
  C:\Windows\System\uJAUHan.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\ybIRCEY.exe
  C:\Windows\System\ybIRCEY.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\NPBjDaQ.exe
  C:\Windows\System\NPBjDaQ.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\qNQcklA.exe
  C:\Windows\System\qNQcklA.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\SwYnzrZ.exe
  C:\Windows\System\SwYnzrZ.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\bfqdcGq.exe
  C:\Windows\System\bfqdcGq.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\qiOtLrR.exe
  C:\Windows\System\qiOtLrR.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\EeQwtxT.exe
  C:\Windows\System\EeQwtxT.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\HavUgDx.exe
  C:\Windows\System\HavUgDx.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\LEUEYDw.exe
  C:\Windows\System\LEUEYDw.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\JdZUWPc.exe
  C:\Windows\System\JdZUWPc.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\RTHtGNH.exe
  C:\Windows\System\RTHtGNH.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\INTQLBg.exe
  C:\Windows\System\INTQLBg.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\xweBhCO.exe
  C:\Windows\System\xweBhCO.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\JTszpHw.exe
  C:\Windows\System\JTszpHw.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\NOMWtaV.exe
  C:\Windows\System\NOMWtaV.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\cMzBdVq.exe
  C:\Windows\System\cMzBdVq.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\tScCwAi.exe
  C:\Windows\System\tScCwAi.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\LCQatJK.exe
  C:\Windows\System\LCQatJK.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\JzhhSBD.exe
  C:\Windows\System\JzhhSBD.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\cNvfHxJ.exe
  C:\Windows\System\cNvfHxJ.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\chWLMHL.exe
  C:\Windows\System\chWLMHL.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\sLkgGAD.exe
  C:\Windows\System\sLkgGAD.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\VGbUPyF.exe
  C:\Windows\System\VGbUPyF.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\xWjPwUc.exe
  C:\Windows\System\xWjPwUc.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\IuvFlks.exe
  C:\Windows\System\IuvFlks.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\smeYCNf.exe
  C:\Windows\System\smeYCNf.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\opUkedp.exe
  C:\Windows\System\opUkedp.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\iWierPB.exe
  C:\Windows\System\iWierPB.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\WejcHzq.exe
  C:\Windows\System\WejcHzq.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\audAGhc.exe
  C:\Windows\System\audAGhc.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\fpUzmwj.exe
  C:\Windows\System\fpUzmwj.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\wMLyeVn.exe
  C:\Windows\System\wMLyeVn.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\HuoyTvn.exe
  C:\Windows\System\HuoyTvn.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\nfKtKGs.exe
  C:\Windows\System\nfKtKGs.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\dLvNlpp.exe
  C:\Windows\System\dLvNlpp.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\cmSZBOU.exe
  C:\Windows\System\cmSZBOU.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\OwezyAy.exe
  C:\Windows\System\OwezyAy.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\aEMJZkQ.exe
  C:\Windows\System\aEMJZkQ.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\EzCjGpD.exe
  C:\Windows\System\EzCjGpD.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\IXJkUCc.exe
  C:\Windows\System\IXJkUCc.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\FFlVZUF.exe
  C:\Windows\System\FFlVZUF.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\cJXmhSC.exe
  C:\Windows\System\cJXmhSC.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\bgUmhCe.exe
  C:\Windows\System\bgUmhCe.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\YYKuTkB.exe
  C:\Windows\System\YYKuTkB.exe
  2⤵
  PID:3052
- C:\Windows\System\nWVsAeH.exe
  C:\Windows\System\nWVsAeH.exe
  2⤵
  PID:2332
- C:\Windows\System\fJfushj.exe
  C:\Windows\System\fJfushj.exe
  2⤵
  PID:2980
- C:\Windows\System\vnligaa.exe
  C:\Windows\System\vnligaa.exe
  2⤵
  PID:1276
- C:\Windows\System\LrcGWAH.exe
  C:\Windows\System\LrcGWAH.exe
  2⤵
  PID:1740
- C:\Windows\System\WanOdPq.exe
  C:\Windows\System\WanOdPq.exe
  2⤵
  PID:1736
- C:\Windows\System\JvAhUko.exe
  C:\Windows\System\JvAhUko.exe
  2⤵
  PID:2296
- C:\Windows\System\uYfptbW.exe
  C:\Windows\System\uYfptbW.exe
  2⤵
  PID:1144
- C:\Windows\System\iLEVpsR.exe
  C:\Windows\System\iLEVpsR.exe
  2⤵
  PID:2204
- C:\Windows\System\vhUoDEL.exe
  C:\Windows\System\vhUoDEL.exe
  2⤵
  PID:540
- C:\Windows\System\CfOpOez.exe
  C:\Windows\System\CfOpOez.exe
  2⤵
  PID:1756
- C:\Windows\System\adbOqLG.exe
  C:\Windows\System\adbOqLG.exe
  2⤵
  PID:2316
- C:\Windows\System\ajzPJLW.exe
  C:\Windows\System\ajzPJLW.exe
  2⤵
  PID:2444
- C:\Windows\System\nwGlBGZ.exe
  C:\Windows\System\nwGlBGZ.exe
  2⤵
  PID:632
- C:\Windows\System\MOtMLoo.exe
  C:\Windows\System\MOtMLoo.exe
  2⤵
  PID:2856
- C:\Windows\System\CxurnAL.exe
  C:\Windows\System\CxurnAL.exe
  2⤵
  PID:1888
- C:\Windows\System\bglYggQ.exe
  C:\Windows\System\bglYggQ.exe
  2⤵
  PID:2092
- C:\Windows\System\BFxcHFP.exe
  C:\Windows\System\BFxcHFP.exe
  2⤵
  PID:1464
- C:\Windows\System\qzgJTlk.exe
  C:\Windows\System\qzgJTlk.exe
  2⤵
  PID:2212
- C:\Windows\System\TmuwAvf.exe
  C:\Windows\System\TmuwAvf.exe
  2⤵
  PID:1816
- C:\Windows\System\JcMEBFv.exe
  C:\Windows\System\JcMEBFv.exe
  2⤵
  PID:2468
- C:\Windows\System\MAyKVQt.exe
  C:\Windows\System\MAyKVQt.exe
  2⤵
  PID:1960
- C:\Windows\System\IDRAlgC.exe
  C:\Windows\System\IDRAlgC.exe
  2⤵
  PID:3000
- C:\Windows\System\XqXSpAU.exe
  C:\Windows\System\XqXSpAU.exe
  2⤵
  PID:1052
- C:\Windows\System\TVkdQgT.exe
  C:\Windows\System\TVkdQgT.exe
  2⤵
  PID:1636
- C:\Windows\System\GELjaVm.exe
  C:\Windows\System\GELjaVm.exe
  2⤵
  PID:288
- C:\Windows\System\ukuyTpG.exe
  C:\Windows\System\ukuyTpG.exe
  2⤵
  PID:2388
- C:\Windows\System\yrOMefX.exe
  C:\Windows\System\yrOMefX.exe
  2⤵
  PID:1644
- C:\Windows\System\yGWmqCP.exe
  C:\Windows\System\yGWmqCP.exe
  2⤵
  PID:2260
- C:\Windows\System\oPGGkYH.exe
  C:\Windows\System\oPGGkYH.exe
  2⤵
  PID:1976
- C:\Windows\System\YHOFrPm.exe
  C:\Windows\System\YHOFrPm.exe
  2⤵
  PID:2816
- C:\Windows\System\fpmyRFO.exe
  C:\Windows\System\fpmyRFO.exe
  2⤵
  PID:2960
- C:\Windows\System\nhOYVoc.exe
  C:\Windows\System\nhOYVoc.exe
  2⤵
  PID:2544
- C:\Windows\System\zwdauGe.exe
  C:\Windows\System\zwdauGe.exe
  2⤵
  PID:2732
- C:\Windows\System\wMEkFfj.exe
  C:\Windows\System\wMEkFfj.exe
  2⤵
  PID:2460
- C:\Windows\System\fyYUzLt.exe
  C:\Windows\System\fyYUzLt.exe
  2⤵
  PID:1104
- C:\Windows\System\nCDqAGq.exe
  C:\Windows\System\nCDqAGq.exe
  2⤵
  PID:2292
- C:\Windows\System\worjgYU.exe
  C:\Windows\System\worjgYU.exe
  2⤵
  PID:1652
- C:\Windows\System\osxvNcv.exe
  C:\Windows\System\osxvNcv.exe
  2⤵
  PID:1624
- C:\Windows\System\fgwedmA.exe
  C:\Windows\System\fgwedmA.exe
  2⤵
  PID:1952
- C:\Windows\System\HkQZLok.exe
  C:\Windows\System\HkQZLok.exe
  2⤵
  PID:2912
- C:\Windows\System\NrNRKFC.exe
  C:\Windows\System\NrNRKFC.exe
  2⤵
  PID:2304
- C:\Windows\System\emRoglB.exe
  C:\Windows\System\emRoglB.exe
  2⤵
  PID:564
- C:\Windows\System\tNyoHsv.exe
  C:\Windows\System\tNyoHsv.exe
  2⤵
  PID:2064
- C:\Windows\System\mlIakKj.exe
  C:\Windows\System\mlIakKj.exe
  2⤵
  PID:1980
- C:\Windows\System\CeHPEhs.exe
  C:\Windows\System\CeHPEhs.exe
  2⤵
  PID:1996
- C:\Windows\System\npHxJBB.exe
  C:\Windows\System\npHxJBB.exe
  2⤵
  PID:2028
- C:\Windows\System\DqzWhak.exe
  C:\Windows\System\DqzWhak.exe
  2⤵
  PID:1340
- C:\Windows\System\TpXEdxz.exe
  C:\Windows\System\TpXEdxz.exe
  2⤵
  PID:2464
- C:\Windows\System\XzBeAUB.exe
  C:\Windows\System\XzBeAUB.exe
  2⤵
  PID:2448
- C:\Windows\System\znKPAXl.exe
  C:\Windows\System\znKPAXl.exe
  2⤵
  PID:2540
- C:\Windows\System\ajMxSlv.exe
  C:\Windows\System\ajMxSlv.exe
  2⤵
  PID:2560
- C:\Windows\System\eTQyztu.exe
  C:\Windows\System\eTQyztu.exe
  2⤵
  PID:2772
- C:\Windows\System\NzwoOgb.exe
  C:\Windows\System\NzwoOgb.exe
  2⤵
  PID:2684
- C:\Windows\System\IBHMbkE.exe
  C:\Windows\System\IBHMbkE.exe
  2⤵
  PID:2832
- C:\Windows\System\PpFuAyW.exe
  C:\Windows\System\PpFuAyW.exe
  2⤵
  PID:316
- C:\Windows\System\bZmCsbr.exe
  C:\Windows\System\bZmCsbr.exe
  2⤵
  PID:1068
- C:\Windows\System\ERVJFsU.exe
  C:\Windows\System\ERVJFsU.exe
  2⤵
  PID:264
- C:\Windows\System\seSWwSr.exe
  C:\Windows\System\seSWwSr.exe
  2⤵
  PID:1076
- C:\Windows\System\ETleSDY.exe
  C:\Windows\System\ETleSDY.exe
  2⤵
  PID:2496
- C:\Windows\System\gEjUYUC.exe
  C:\Windows\System\gEjUYUC.exe
  2⤵
  PID:1580
- C:\Windows\System\Tqrmdwl.exe
  C:\Windows\System\Tqrmdwl.exe
  2⤵
  PID:2472
- C:\Windows\System\SzuJEkr.exe
  C:\Windows\System\SzuJEkr.exe
  2⤵
  PID:1540
- C:\Windows\System\USpzzGH.exe
  C:\Windows\System\USpzzGH.exe
  2⤵
  PID:2456
- C:\Windows\System\PpnrXJY.exe
  C:\Windows\System\PpnrXJY.exe
  2⤵
  PID:3056
- C:\Windows\System\xLbvndn.exe
  C:\Windows\System\xLbvndn.exe
  2⤵
  PID:2156
- C:\Windows\System\MMOlKsK.exe
  C:\Windows\System\MMOlKsK.exe
  2⤵
  PID:2104
- C:\Windows\System\FUgGcEJ.exe
  C:\Windows\System\FUgGcEJ.exe
  2⤵
  PID:3088
- C:\Windows\System\pZpgUiW.exe
  C:\Windows\System\pZpgUiW.exe
  2⤵
  PID:3108
- C:\Windows\System\gVrwNRz.exe
  C:\Windows\System\gVrwNRz.exe
  2⤵
  PID:3128
- C:\Windows\System\nHeArHW.exe
  C:\Windows\System\nHeArHW.exe
  2⤵
  PID:3148
- C:\Windows\System\ZimYGHT.exe
  C:\Windows\System\ZimYGHT.exe
  2⤵
  PID:3168
- C:\Windows\System\PxVfbyC.exe
  C:\Windows\System\PxVfbyC.exe
  2⤵
  PID:3192
- C:\Windows\System\HrRlRfw.exe
  C:\Windows\System\HrRlRfw.exe
  2⤵
  PID:3208
- C:\Windows\System\zGJxIDl.exe
  C:\Windows\System\zGJxIDl.exe
  2⤵
  PID:3228
- C:\Windows\System\wHjmuxh.exe
  C:\Windows\System\wHjmuxh.exe
  2⤵
  PID:3248
- C:\Windows\System\IMuFiHq.exe
  C:\Windows\System\IMuFiHq.exe
  2⤵
  PID:3264
- C:\Windows\System\QAdqLXW.exe
  C:\Windows\System\QAdqLXW.exe
  2⤵
  PID:3292
- C:\Windows\System\HVIeXdW.exe
  C:\Windows\System\HVIeXdW.exe
  2⤵
  PID:3312
- C:\Windows\System\zNvlXBQ.exe
  C:\Windows\System\zNvlXBQ.exe
  2⤵
  PID:3332
- C:\Windows\System\oTcqrzV.exe
  C:\Windows\System\oTcqrzV.exe
  2⤵
  PID:3352
- C:\Windows\System\GoqcGEL.exe
  C:\Windows\System\GoqcGEL.exe
  2⤵
  PID:3372
- C:\Windows\System\EdAhXSZ.exe
  C:\Windows\System\EdAhXSZ.exe
  2⤵
  PID:3392
- C:\Windows\System\iIdTJxH.exe
  C:\Windows\System\iIdTJxH.exe
  2⤵
  PID:3412
- C:\Windows\System\ebnlWKI.exe
  C:\Windows\System\ebnlWKI.exe
  2⤵
  PID:3432
- C:\Windows\System\CDZRdjA.exe
  C:\Windows\System\CDZRdjA.exe
  2⤵
  PID:3452
- C:\Windows\System\SzqWhSg.exe
  C:\Windows\System\SzqWhSg.exe
  2⤵
  PID:3468
- C:\Windows\System\VypByMl.exe
  C:\Windows\System\VypByMl.exe
  2⤵
  PID:3488
- C:\Windows\System\ofUFqNb.exe
  C:\Windows\System\ofUFqNb.exe
  2⤵
  PID:3508
- C:\Windows\System\XlABNBH.exe
  C:\Windows\System\XlABNBH.exe
  2⤵
  PID:3524
- C:\Windows\System\vhofGwz.exe
  C:\Windows\System\vhofGwz.exe
  2⤵
  PID:3548
- C:\Windows\System\IVdWWsB.exe
  C:\Windows\System\IVdWWsB.exe
  2⤵
  PID:3568
- C:\Windows\System\GNMjvum.exe
  C:\Windows\System\GNMjvum.exe
  2⤵
  PID:3592
- C:\Windows\System\AehpfAk.exe
  C:\Windows\System\AehpfAk.exe
  2⤵
  PID:3608
- C:\Windows\System\RmwFmmy.exe
  C:\Windows\System\RmwFmmy.exe
  2⤵
  PID:3628
- C:\Windows\System\XmwzvFa.exe
  C:\Windows\System\XmwzvFa.exe
  2⤵
  PID:3652
- C:\Windows\System\NOVSqPp.exe
  C:\Windows\System\NOVSqPp.exe
  2⤵
  PID:3668
- C:\Windows\System\CivsPwj.exe
  C:\Windows\System\CivsPwj.exe
  2⤵
  PID:3688
- C:\Windows\System\OUnJJAT.exe
  C:\Windows\System\OUnJJAT.exe
  2⤵
  PID:3708
- C:\Windows\System\hgtkHOT.exe
  C:\Windows\System\hgtkHOT.exe
  2⤵
  PID:3728
- C:\Windows\System\ILZMmMn.exe
  C:\Windows\System\ILZMmMn.exe
  2⤵
  PID:3748
- C:\Windows\System\LMBNpjA.exe
  C:\Windows\System\LMBNpjA.exe
  2⤵
  PID:3768
- C:\Windows\System\wjPmXmm.exe
  C:\Windows\System\wjPmXmm.exe
  2⤵
  PID:3788
- C:\Windows\System\jUGXMda.exe
  C:\Windows\System\jUGXMda.exe
  2⤵
  PID:3812
- C:\Windows\System\xMtWwBC.exe
  C:\Windows\System\xMtWwBC.exe
  2⤵
  PID:3832
- C:\Windows\System\dgISPhp.exe
  C:\Windows\System\dgISPhp.exe
  2⤵
  PID:3852
- C:\Windows\System\NpRkSEB.exe
  C:\Windows\System\NpRkSEB.exe
  2⤵
  PID:3876
- C:\Windows\System\FqrPtqn.exe
  C:\Windows\System\FqrPtqn.exe
  2⤵
  PID:3896
- C:\Windows\System\MovWHEf.exe
  C:\Windows\System\MovWHEf.exe
  2⤵
  PID:3916
- C:\Windows\System\oYGDRmv.exe
  C:\Windows\System\oYGDRmv.exe
  2⤵
  PID:3936
- C:\Windows\System\SOZxRQP.exe
  C:\Windows\System\SOZxRQP.exe
  2⤵
  PID:3956
- C:\Windows\System\CuhwAIU.exe
  C:\Windows\System\CuhwAIU.exe
  2⤵
  PID:3976
- C:\Windows\System\RCZLtNf.exe
  C:\Windows\System\RCZLtNf.exe
  2⤵
  PID:4004
- C:\Windows\System\yzWvltN.exe
  C:\Windows\System\yzWvltN.exe
  2⤵
  PID:4024
- C:\Windows\System\qvVtqCN.exe
  C:\Windows\System\qvVtqCN.exe
  2⤵
  PID:4044
- C:\Windows\System\ZWtJUAr.exe
  C:\Windows\System\ZWtJUAr.exe
  2⤵
  PID:4064
- C:\Windows\System\VVUXcSV.exe
  C:\Windows\System\VVUXcSV.exe
  2⤵
  PID:4084
- C:\Windows\System\nKVEnpp.exe
  C:\Windows\System\nKVEnpp.exe
  2⤵
  PID:1460
- C:\Windows\System\gkUNmCf.exe
  C:\Windows\System\gkUNmCf.exe
  2⤵
  PID:892
- C:\Windows\System\OXGbfNL.exe
  C:\Windows\System\OXGbfNL.exe
  2⤵
  PID:2124
- C:\Windows\System\WyCdqns.exe
  C:\Windows\System\WyCdqns.exe
  2⤵
  PID:2100
- C:\Windows\System\QJvIrBM.exe
  C:\Windows\System\QJvIrBM.exe
  2⤵
  PID:2396
- C:\Windows\System\EjVDviL.exe
  C:\Windows\System\EjVDviL.exe
  2⤵
  PID:328
- C:\Windows\System\vDAXpfE.exe
  C:\Windows\System\vDAXpfE.exe
  2⤵
  PID:2112
- C:\Windows\System\NoxMfed.exe
  C:\Windows\System\NoxMfed.exe
  2⤵
  PID:3124
- C:\Windows\System\tgKRaAA.exe
  C:\Windows\System\tgKRaAA.exe
  2⤵
  PID:3100
- C:\Windows\System\jTGCrtH.exe
  C:\Windows\System\jTGCrtH.exe
  2⤵
  PID:3144
- C:\Windows\System\uusZBzt.exe
  C:\Windows\System\uusZBzt.exe
  2⤵
  PID:3244
- C:\Windows\System\BWdqwit.exe
  C:\Windows\System\BWdqwit.exe
  2⤵
  PID:3184
- C:\Windows\System\hPBHSRw.exe
  C:\Windows\System\hPBHSRw.exe
  2⤵
  PID:3284
- C:\Windows\System\qtMMnDS.exe
  C:\Windows\System\qtMMnDS.exe
  2⤵
  PID:3328
- C:\Windows\System\buXPwxT.exe
  C:\Windows\System\buXPwxT.exe
  2⤵
  PID:3368
- C:\Windows\System\JWdZiwF.exe
  C:\Windows\System\JWdZiwF.exe
  2⤵
  PID:3400
- C:\Windows\System\jVNEwim.exe
  C:\Windows\System\jVNEwim.exe
  2⤵
  PID:3380
- C:\Windows\System\mYcioNO.exe
  C:\Windows\System\mYcioNO.exe
  2⤵
  PID:3164
- C:\Windows\System\NEfHLou.exe
  C:\Windows\System\NEfHLou.exe
  2⤵
  PID:3476
- C:\Windows\System\noLKrfl.exe
  C:\Windows\System\noLKrfl.exe
  2⤵
  PID:3520
- C:\Windows\System\WXZLynp.exe
  C:\Windows\System\WXZLynp.exe
  2⤵
  PID:3464
- C:\Windows\System\hHmtqyu.exe
  C:\Windows\System\hHmtqyu.exe
  2⤵
  PID:3536
- C:\Windows\System\aSfPGHi.exe
  C:\Windows\System\aSfPGHi.exe
  2⤵
  PID:3584
- C:\Windows\System\uQcXbYW.exe
  C:\Windows\System\uQcXbYW.exe
  2⤵
  PID:3644
- C:\Windows\System\zQhZDLP.exe
  C:\Windows\System\zQhZDLP.exe
  2⤵
  PID:3616
- C:\Windows\System\ZGcGAKj.exe
  C:\Windows\System\ZGcGAKj.exe
  2⤵
  PID:3664
- C:\Windows\System\iRyrSkK.exe
  C:\Windows\System\iRyrSkK.exe
  2⤵
  PID:3764
- C:\Windows\System\lkoLsqZ.exe
  C:\Windows\System\lkoLsqZ.exe
  2⤵
  PID:3808
- C:\Windows\System\dRmIgkr.exe
  C:\Windows\System\dRmIgkr.exe
  2⤵
  PID:3784
- C:\Windows\System\oHWqane.exe
  C:\Windows\System\oHWqane.exe
  2⤵
  PID:3848
- C:\Windows\System\NTBoDSu.exe
  C:\Windows\System\NTBoDSu.exe
  2⤵
  PID:3860
- C:\Windows\System\QhEpvrJ.exe
  C:\Windows\System\QhEpvrJ.exe
  2⤵
  PID:3932
- C:\Windows\System\nCwymCK.exe
  C:\Windows\System\nCwymCK.exe
  2⤵
  PID:3904
- C:\Windows\System\hxsKOvU.exe
  C:\Windows\System\hxsKOvU.exe
  2⤵
  PID:3972
- C:\Windows\System\FJRQXJX.exe
  C:\Windows\System\FJRQXJX.exe
  2⤵
  PID:3996
- C:\Windows\System\UaBDbNa.exe
  C:\Windows\System\UaBDbNa.exe
  2⤵
  PID:4060
- C:\Windows\System\SInAjvF.exe
  C:\Windows\System\SInAjvF.exe
  2⤵
  PID:4092
- C:\Windows\System\FaNIxAF.exe
  C:\Windows\System\FaNIxAF.exe
  2⤵
  PID:2032
- C:\Windows\System\eFdGvMK.exe
  C:\Windows\System\eFdGvMK.exe
  2⤵
  PID:3828
- C:\Windows\System\wGZZkXd.exe
  C:\Windows\System\wGZZkXd.exe
  2⤵
  PID:1572
- C:\Windows\System\ffYvPvg.exe
  C:\Windows\System\ffYvPvg.exe
  2⤵
  PID:2808
- C:\Windows\System\vamjXJh.exe
  C:\Windows\System\vamjXJh.exe
  2⤵
  PID:3096
- C:\Windows\System\sKhotvG.exe
  C:\Windows\System\sKhotvG.exe
  2⤵
  PID:3084
- C:\Windows\System\PUJiche.exe
  C:\Windows\System\PUJiche.exe
  2⤵
  PID:3156
- C:\Windows\System\qEUeTOE.exe
  C:\Windows\System\qEUeTOE.exe
  2⤵
  PID:3300
- C:\Windows\System\tPImleL.exe
  C:\Windows\System\tPImleL.exe
  2⤵
  PID:3260
- C:\Windows\System\fyDnMtp.exe
  C:\Windows\System\fyDnMtp.exe
  2⤵
  PID:3216
- C:\Windows\System\HgSZYzk.exe
  C:\Windows\System\HgSZYzk.exe
  2⤵
  PID:3340
- C:\Windows\System\lwVukJS.exe
  C:\Windows\System\lwVukJS.exe
  2⤵
  PID:3460
- C:\Windows\System\cPJnroc.exe
  C:\Windows\System\cPJnroc.exe
  2⤵
  PID:3484
- C:\Windows\System\wPPcPIR.exe
  C:\Windows\System\wPPcPIR.exe
  2⤵
  PID:3532
- C:\Windows\System\oiHAqmS.exe
  C:\Windows\System\oiHAqmS.exe
  2⤵
  PID:3648
- C:\Windows\System\mkgowld.exe
  C:\Windows\System\mkgowld.exe
  2⤵
  PID:3704
- C:\Windows\System\uugUwTZ.exe
  C:\Windows\System\uugUwTZ.exe
  2⤵
  PID:3804
- C:\Windows\System\YncQdbi.exe
  C:\Windows\System\YncQdbi.exe
  2⤵
  PID:3884
- C:\Windows\System\nRQamHT.exe
  C:\Windows\System\nRQamHT.exe
  2⤵
  PID:3888
- C:\Windows\System\pLblMiJ.exe
  C:\Windows\System\pLblMiJ.exe
  2⤵
  PID:3912
- C:\Windows\System\IfTmzGO.exe
  C:\Windows\System\IfTmzGO.exe
  2⤵
  PID:4020
- C:\Windows\System\kBRCrrc.exe
  C:\Windows\System\kBRCrrc.exe
  2⤵
  PID:4072
- C:\Windows\System\ybvZPZK.exe
  C:\Windows\System\ybvZPZK.exe
  2⤵
  PID:4040
- C:\Windows\System\uGdJBAi.exe
  C:\Windows\System\uGdJBAi.exe
  2⤵
  PID:4036
- C:\Windows\System\zKrEnmz.exe
  C:\Windows\System\zKrEnmz.exe
  2⤵
  PID:2520
- C:\Windows\System\cuHXLfJ.exe
  C:\Windows\System\cuHXLfJ.exe
  2⤵
  PID:2736
- C:\Windows\System\aejrtdo.exe
  C:\Windows\System\aejrtdo.exe
  2⤵
  PID:3160
- C:\Windows\System\AurPOBD.exe
  C:\Windows\System\AurPOBD.exe
  2⤵
  PID:3348
- C:\Windows\System\klJZmis.exe
  C:\Windows\System\klJZmis.exe
  2⤵
  PID:3384
- C:\Windows\System\rLSoeZh.exe
  C:\Windows\System\rLSoeZh.exe
  2⤵
  PID:3176
- C:\Windows\System\wMISZTI.exe
  C:\Windows\System\wMISZTI.exe
  2⤵
  PID:3424
- C:\Windows\System\FozuJPY.exe
  C:\Windows\System\FozuJPY.exe
  2⤵
  PID:2516
- C:\Windows\System\CPgxyjz.exe
  C:\Windows\System\CPgxyjz.exe
  2⤵
  PID:3840
- C:\Windows\System\bFArdzH.exe
  C:\Windows\System\bFArdzH.exe
  2⤵
  PID:3500
- C:\Windows\System\YMtYCCF.exe
  C:\Windows\System\YMtYCCF.exe
  2⤵
  PID:3824
- C:\Windows\System\KTWlRXJ.exe
  C:\Windows\System\KTWlRXJ.exe
  2⤵
  PID:3952
- C:\Windows\System\FPjhBpx.exe
  C:\Windows\System\FPjhBpx.exe
  2⤵
  PID:4112
- C:\Windows\System\CKCyjls.exe
  C:\Windows\System\CKCyjls.exe
  2⤵
  PID:4132
- C:\Windows\System\vRXTbdh.exe
  C:\Windows\System\vRXTbdh.exe
  2⤵
  PID:4148
- C:\Windows\System\uWBPEra.exe
  C:\Windows\System\uWBPEra.exe
  2⤵
  PID:4172
- C:\Windows\System\mWBrtQj.exe
  C:\Windows\System\mWBrtQj.exe
  2⤵
  PID:4196
- C:\Windows\System\BtjPnCA.exe
  C:\Windows\System\BtjPnCA.exe
  2⤵
  PID:4212
- C:\Windows\System\CuPLIwd.exe
  C:\Windows\System\CuPLIwd.exe
  2⤵
  PID:4236
- C:\Windows\System\dKPRjZk.exe
  C:\Windows\System\dKPRjZk.exe
  2⤵
  PID:4256
- C:\Windows\System\cvLyXiN.exe
  C:\Windows\System\cvLyXiN.exe
  2⤵
  PID:4276
- C:\Windows\System\cQvWLqd.exe
  C:\Windows\System\cQvWLqd.exe
  2⤵
  PID:4296
- C:\Windows\System\DUlAZfb.exe
  C:\Windows\System\DUlAZfb.exe
  2⤵
  PID:4312
- C:\Windows\System\abLsncr.exe
  C:\Windows\System\abLsncr.exe
  2⤵
  PID:4336
- C:\Windows\System\hYudEep.exe
  C:\Windows\System\hYudEep.exe
  2⤵
  PID:4352
- C:\Windows\System\HyQHlfK.exe
  C:\Windows\System\HyQHlfK.exe
  2⤵
  PID:4376
- C:\Windows\System\HPxgMaC.exe
  C:\Windows\System\HPxgMaC.exe
  2⤵
  PID:4392
- C:\Windows\System\rqGzQfl.exe
  C:\Windows\System\rqGzQfl.exe
  2⤵
  PID:4408
- C:\Windows\System\zIRdPOS.exe
  C:\Windows\System\zIRdPOS.exe
  2⤵
  PID:4432
- C:\Windows\System\ibodcnR.exe
  C:\Windows\System\ibodcnR.exe
  2⤵
  PID:4456
- C:\Windows\System\eyNSKjv.exe
  C:\Windows\System\eyNSKjv.exe
  2⤵
  PID:4476
- C:\Windows\System\SugUuWg.exe
  C:\Windows\System\SugUuWg.exe
  2⤵
  PID:4496
- C:\Windows\System\dvfEGCE.exe
  C:\Windows\System\dvfEGCE.exe
  2⤵
  PID:4512
- C:\Windows\System\vUxIDqr.exe
  C:\Windows\System\vUxIDqr.exe
  2⤵
  PID:4536
- C:\Windows\System\QRsmXSj.exe
  C:\Windows\System\QRsmXSj.exe
  2⤵
  PID:4556
- C:\Windows\System\ELkSacb.exe
  C:\Windows\System\ELkSacb.exe
  2⤵
  PID:4576
- C:\Windows\System\fwyZdXb.exe
  C:\Windows\System\fwyZdXb.exe
  2⤵
  PID:4596
- C:\Windows\System\DjwXfEl.exe
  C:\Windows\System\DjwXfEl.exe
  2⤵
  PID:4620
- C:\Windows\System\waqUMsQ.exe
  C:\Windows\System\waqUMsQ.exe
  2⤵
  PID:4636
- C:\Windows\System\ybUehRr.exe
  C:\Windows\System\ybUehRr.exe
  2⤵
  PID:4660
- C:\Windows\System\qZZBnFE.exe
  C:\Windows\System\qZZBnFE.exe
  2⤵
  PID:4676
- C:\Windows\System\zhWRaPy.exe
  C:\Windows\System\zhWRaPy.exe
  2⤵
  PID:4700
- C:\Windows\System\kvtLVap.exe
  C:\Windows\System\kvtLVap.exe
  2⤵
  PID:4720
- C:\Windows\System\GVUXFCr.exe
  C:\Windows\System\GVUXFCr.exe
  2⤵
  PID:4740
- C:\Windows\System\kfFzheL.exe
  C:\Windows\System\kfFzheL.exe
  2⤵
  PID:4760
- C:\Windows\System\GqsRLef.exe
  C:\Windows\System\GqsRLef.exe
  2⤵
  PID:4780
- C:\Windows\System\VYORASt.exe
  C:\Windows\System\VYORASt.exe
  2⤵
  PID:4800
- C:\Windows\System\xhvDLeG.exe
  C:\Windows\System\xhvDLeG.exe
  2⤵
  PID:4820
- C:\Windows\System\axDzsdo.exe
  C:\Windows\System\axDzsdo.exe
  2⤵
  PID:4836
- C:\Windows\System\EaBQMHo.exe
  C:\Windows\System\EaBQMHo.exe
  2⤵
  PID:4860
- C:\Windows\System\rcpHJLj.exe
  C:\Windows\System\rcpHJLj.exe
  2⤵
  PID:4880
- C:\Windows\System\nSxldnT.exe
  C:\Windows\System\nSxldnT.exe
  2⤵
  PID:4900
- C:\Windows\System\AoNWIVY.exe
  C:\Windows\System\AoNWIVY.exe
  2⤵
  PID:4920
- C:\Windows\System\olDBxJE.exe
  C:\Windows\System\olDBxJE.exe
  2⤵
  PID:4940
- C:\Windows\System\GVWpfeG.exe
  C:\Windows\System\GVWpfeG.exe
  2⤵
  PID:4960
- C:\Windows\System\lAfBFTF.exe
  C:\Windows\System\lAfBFTF.exe
  2⤵
  PID:4980
- C:\Windows\System\VOZstge.exe
  C:\Windows\System\VOZstge.exe
  2⤵
  PID:5000
- C:\Windows\System\nShWGzv.exe
  C:\Windows\System\nShWGzv.exe
  2⤵
  PID:5020
- C:\Windows\System\FWkKxMI.exe
  C:\Windows\System\FWkKxMI.exe
  2⤵
  PID:5040
- C:\Windows\System\DHsOMlB.exe
  C:\Windows\System\DHsOMlB.exe
  2⤵
  PID:5060
- C:\Windows\System\KmCOrAZ.exe
  C:\Windows\System\KmCOrAZ.exe
  2⤵
  PID:5076
- C:\Windows\System\nHQgWPp.exe
  C:\Windows\System\nHQgWPp.exe
  2⤵
  PID:5100
- C:\Windows\System\jiupmAw.exe
  C:\Windows\System\jiupmAw.exe
  2⤵
  PID:872
- C:\Windows\System\DBHzhIz.exe
  C:\Windows\System\DBHzhIz.exe
  2⤵
  PID:1660
- C:\Windows\System\dAvkAUx.exe
  C:\Windows\System\dAvkAUx.exe
  2⤵
  PID:4076
- C:\Windows\System\KLJXDst.exe
  C:\Windows\System\KLJXDst.exe
  2⤵
  PID:3344
- C:\Windows\System\FXoQCEJ.exe
  C:\Windows\System\FXoQCEJ.exe
  2⤵
  PID:3236
- C:\Windows\System\dfxjGJq.exe
  C:\Windows\System\dfxjGJq.exe
  2⤵
  PID:3440
- C:\Windows\System\EyAyHBk.exe
  C:\Windows\System\EyAyHBk.exe
  2⤵
  PID:3428
- C:\Windows\System\lrwVgWT.exe
  C:\Windows\System\lrwVgWT.exe
  2⤵
  PID:3280
- C:\Windows\System\WnJxRtf.exe
  C:\Windows\System\WnJxRtf.exe
  2⤵
  PID:3796
- C:\Windows\System\EqyVqiE.exe
  C:\Windows\System\EqyVqiE.exe
  2⤵
  PID:3948
- C:\Windows\System\ZGFmsUU.exe
  C:\Windows\System\ZGFmsUU.exe
  2⤵
  PID:1544
- C:\Windows\System\tApkCWw.exe
  C:\Windows\System\tApkCWw.exe
  2⤵
  PID:4164
- C:\Windows\System\FCwAtvJ.exe
  C:\Windows\System\FCwAtvJ.exe
  2⤵
  PID:4208
- C:\Windows\System\zUOUSwd.exe
  C:\Windows\System\zUOUSwd.exe
  2⤵
  PID:4192
- C:\Windows\System\hVoicMT.exe
  C:\Windows\System\hVoicMT.exe
  2⤵
  PID:4220
- C:\Windows\System\gdnLIlH.exe
  C:\Windows\System\gdnLIlH.exe
  2⤵
  PID:4284
- C:\Windows\System\NFGiXEz.exe
  C:\Windows\System\NFGiXEz.exe
  2⤵
  PID:4272
- C:\Windows\System\lovHRBY.exe
  C:\Windows\System\lovHRBY.exe
  2⤵
  PID:4324
- C:\Windows\System\QOQKGGE.exe
  C:\Windows\System\QOQKGGE.exe
  2⤵
  PID:4372
- C:\Windows\System\ipgpXdP.exe
  C:\Windows\System\ipgpXdP.exe
  2⤵
  PID:4348
- C:\Windows\System\dBAFxMl.exe
  C:\Windows\System\dBAFxMl.exe
  2⤵
  PID:4388
- C:\Windows\System\PMhttMw.exe
  C:\Windows\System\PMhttMw.exe
  2⤵
  PID:4448
- C:\Windows\System\pfaInzD.exe
  C:\Windows\System\pfaInzD.exe
  2⤵
  PID:4492
- C:\Windows\System\EoSJcpU.exe
  C:\Windows\System\EoSJcpU.exe
  2⤵
  PID:1424
- C:\Windows\System\XhQIoiL.exe
  C:\Windows\System\XhQIoiL.exe
  2⤵
  PID:3544
- C:\Windows\System\fuXOLSu.exe
  C:\Windows\System\fuXOLSu.exe
  2⤵
  PID:4548
- C:\Windows\System\SYxSlHw.exe
  C:\Windows\System\SYxSlHw.exe
  2⤵
  PID:4584
- C:\Windows\System\YXOJBLJ.exe
  C:\Windows\System\YXOJBLJ.exe
  2⤵
  PID:4644
- C:\Windows\System\JSJydhk.exe
  C:\Windows\System\JSJydhk.exe
  2⤵
  PID:4648
- C:\Windows\System\JArePBL.exe
  C:\Windows\System\JArePBL.exe
  2⤵
  PID:3020
- C:\Windows\System\hPWpEBw.exe
  C:\Windows\System\hPWpEBw.exe
  2⤵
  PID:4672
- C:\Windows\System\cJUUPYN.exe
  C:\Windows\System\cJUUPYN.exe
  2⤵
  PID:4748
- C:\Windows\System\TNmaKYE.exe
  C:\Windows\System\TNmaKYE.exe
  2⤵
  PID:4776
- C:\Windows\System\luOwEUm.exe
  C:\Windows\System\luOwEUm.exe
  2⤵
  PID:4808
- C:\Windows\System\gzDVAaW.exe
  C:\Windows\System\gzDVAaW.exe
  2⤵
  PID:4844
- C:\Windows\System\hKxlghz.exe
  C:\Windows\System\hKxlghz.exe
  2⤵
  PID:4828
- C:\Windows\System\VtbfUyx.exe
  C:\Windows\System\VtbfUyx.exe
  2⤵
  PID:4868
- C:\Windows\System\dMdffwO.exe
  C:\Windows\System\dMdffwO.exe
  2⤵
  PID:4916
- C:\Windows\System\sUwFpWo.exe
  C:\Windows\System\sUwFpWo.exe
  2⤵
  PID:4976
- C:\Windows\System\qEhmXEv.exe
  C:\Windows\System\qEhmXEv.exe
  2⤵
  PID:5008
- C:\Windows\System\IQAmYOw.exe
  C:\Windows\System\IQAmYOw.exe
  2⤵
  PID:5028
- C:\Windows\System\cVNdCJy.exe
  C:\Windows\System\cVNdCJy.exe
  2⤵
  PID:5052
- C:\Windows\System\DMXTdon.exe
  C:\Windows\System\DMXTdon.exe
  2⤵
  PID:5068
- C:\Windows\System\vbvZqyR.exe
  C:\Windows\System\vbvZqyR.exe
  2⤵
  PID:5112
- C:\Windows\System\qkfRFlp.exe
  C:\Windows\System\qkfRFlp.exe
  2⤵
  PID:2368
- C:\Windows\System\FkEZkLI.exe
  C:\Windows\System\FkEZkLI.exe
  2⤵
  PID:2108
- C:\Windows\System\ZhQNZrw.exe
  C:\Windows\System\ZhQNZrw.exe
  2⤵
  PID:3420
- C:\Windows\System\TwibsWB.exe
  C:\Windows\System\TwibsWB.exe
  2⤵
  PID:3740
- C:\Windows\System\rMAtVTf.exe
  C:\Windows\System\rMAtVTf.exe
  2⤵
  PID:3576
- C:\Windows\System\gIxpjfJ.exe
  C:\Windows\System\gIxpjfJ.exe
  2⤵
  PID:3908
- C:\Windows\System\kfisypO.exe
  C:\Windows\System\kfisypO.exe
  2⤵
  PID:4180
- C:\Windows\System\pbIPwor.exe
  C:\Windows\System\pbIPwor.exe
  2⤵
  PID:4228
- C:\Windows\System\xiUFSkR.exe
  C:\Windows\System\xiUFSkR.exe
  2⤵
  PID:4320
- C:\Windows\System\sZOWfzn.exe
  C:\Windows\System\sZOWfzn.exe
  2⤵
  PID:4304
- C:\Windows\System\sicPzUn.exe
  C:\Windows\System\sicPzUn.exe
  2⤵
  PID:4368
- C:\Windows\System\IiVSXrI.exe
  C:\Windows\System\IiVSXrI.exe
  2⤵
  PID:4428
- C:\Windows\System\LERUAVL.exe
  C:\Windows\System\LERUAVL.exe
  2⤵
  PID:4520
- C:\Windows\System\RqBTlKa.exe
  C:\Windows\System\RqBTlKa.exe
  2⤵
  PID:4472
- C:\Windows\System\pedtCJf.exe
  C:\Windows\System\pedtCJf.exe
  2⤵
  PID:4504
- C:\Windows\System\OWTvVuQ.exe
  C:\Windows\System\OWTvVuQ.exe
  2⤵
  PID:760
- C:\Windows\System\YiDqzFh.exe
  C:\Windows\System\YiDqzFh.exe
  2⤵
  PID:4656
- C:\Windows\System\jlFoirI.exe
  C:\Windows\System\jlFoirI.exe
  2⤵
  PID:1684
- C:\Windows\System\AdNgAka.exe
  C:\Windows\System\AdNgAka.exe
  2⤵
  PID:4772
- C:\Windows\System\wwSbMlf.exe
  C:\Windows\System\wwSbMlf.exe
  2⤵
  PID:4812
- C:\Windows\System\bJRHjus.exe
  C:\Windows\System\bJRHjus.exe
  2⤵
  PID:4796
- C:\Windows\System\HjAdAyN.exe
  C:\Windows\System\HjAdAyN.exe
  2⤵
  PID:1344
- C:\Windows\System\NpyXZCo.exe
  C:\Windows\System\NpyXZCo.exe
  2⤵
  PID:4932
- C:\Windows\System\oxZqNVQ.exe
  C:\Windows\System\oxZqNVQ.exe
  2⤵
  PID:4952
- C:\Windows\System\JmkBeZp.exe
  C:\Windows\System\JmkBeZp.exe
  2⤵
  PID:4992
- C:\Windows\System\pZEWIvt.exe
  C:\Windows\System\pZEWIvt.exe
  2⤵
  PID:2900
- C:\Windows\System\HZvaPQP.exe
  C:\Windows\System\HZvaPQP.exe
  2⤵
  PID:3116
- C:\Windows\System\uSkSKYa.exe
  C:\Windows\System\uSkSKYa.exe
  2⤵
  PID:2384
- C:\Windows\System\DzwKwTp.exe
  C:\Windows\System\DzwKwTp.exe
  2⤵
  PID:1096
- C:\Windows\System\xjgYnap.exe
  C:\Windows\System\xjgYnap.exe
  2⤵
  PID:3776
- C:\Windows\System\ykkYqjS.exe
  C:\Windows\System\ykkYqjS.exe
  2⤵
  PID:4232
- C:\Windows\System\cIKPSYQ.exe
  C:\Windows\System\cIKPSYQ.exe
  2⤵
  PID:4328
- C:\Windows\System\HYiQvFt.exe
  C:\Windows\System\HYiQvFt.exe
  2⤵
  PID:4360
- C:\Windows\System\kdDSEpb.exe
  C:\Windows\System\kdDSEpb.exe
  2⤵
  PID:4524
- C:\Windows\System\WQiRRum.exe
  C:\Windows\System\WQiRRum.exe
  2⤵
  PID:4452
- C:\Windows\System\bnSRhtn.exe
  C:\Windows\System\bnSRhtn.exe
  2⤵
  PID:4608
- C:\Windows\System\CKKoiKE.exe
  C:\Windows\System\CKKoiKE.exe
  2⤵
  PID:4692
- C:\Windows\System\CeUvPJT.exe
  C:\Windows\System\CeUvPJT.exe
  2⤵
  PID:4668
- C:\Windows\System\PRCZScG.exe
  C:\Windows\System\PRCZScG.exe
  2⤵
  PID:4792
- C:\Windows\System\CrplsIZ.exe
  C:\Windows\System\CrplsIZ.exe
  2⤵
  PID:4936
- C:\Windows\System\uXEPuGm.exe
  C:\Windows\System\uXEPuGm.exe
  2⤵
  PID:4956
- C:\Windows\System\kAIoIvv.exe
  C:\Windows\System\kAIoIvv.exe
  2⤵
  PID:5056
- C:\Windows\System\rYOVoOg.exe
  C:\Windows\System\rYOVoOg.exe
  2⤵
  PID:2196
- C:\Windows\System\NDLkbyw.exe
  C:\Windows\System\NDLkbyw.exe
  2⤵
  PID:4156
- C:\Windows\System\GfUeEZm.exe
  C:\Windows\System\GfUeEZm.exe
  2⤵
  PID:4948
- C:\Windows\System\KYGsjpx.exe
  C:\Windows\System\KYGsjpx.exe
  2⤵
  PID:5136
- C:\Windows\System\GjaGeuw.exe
  C:\Windows\System\GjaGeuw.exe
  2⤵
  PID:5156
- C:\Windows\System\QFFxiqD.exe
  C:\Windows\System\QFFxiqD.exe
  2⤵
  PID:5176
- C:\Windows\System\trrFtJV.exe
  C:\Windows\System\trrFtJV.exe
  2⤵
  PID:5196
- C:\Windows\System\YglQgHH.exe
  C:\Windows\System\YglQgHH.exe
  2⤵
  PID:5216
- C:\Windows\System\jDsQWzo.exe
  C:\Windows\System\jDsQWzo.exe
  2⤵
  PID:5232
- C:\Windows\System\jSHCtWl.exe
  C:\Windows\System\jSHCtWl.exe
  2⤵
  PID:5256
- C:\Windows\System\niANAPI.exe
  C:\Windows\System\niANAPI.exe
  2⤵
  PID:5276
- C:\Windows\System\xCFMFsQ.exe
  C:\Windows\System\xCFMFsQ.exe
  2⤵
  PID:5300
- C:\Windows\System\RhlqXzd.exe
  C:\Windows\System\RhlqXzd.exe
  2⤵
  PID:5316
- C:\Windows\System\zQTZDUF.exe
  C:\Windows\System\zQTZDUF.exe
  2⤵
  PID:5340
- C:\Windows\System\QNggPbZ.exe
  C:\Windows\System\QNggPbZ.exe
  2⤵
  PID:5360
- C:\Windows\System\NfuXNID.exe
  C:\Windows\System\NfuXNID.exe
  2⤵
  PID:5380
- C:\Windows\System\txXYnQQ.exe
  C:\Windows\System\txXYnQQ.exe
  2⤵
  PID:5400
- C:\Windows\System\zRFxXUr.exe
  C:\Windows\System\zRFxXUr.exe
  2⤵
  PID:5420
- C:\Windows\System\LOnupnG.exe
  C:\Windows\System\LOnupnG.exe
  2⤵
  PID:5440
- C:\Windows\System\vawMXRW.exe
  C:\Windows\System\vawMXRW.exe
  2⤵
  PID:5460
- C:\Windows\System\DuAYXbX.exe
  C:\Windows\System\DuAYXbX.exe
  2⤵
  PID:5476
- C:\Windows\System\otYHUnu.exe
  C:\Windows\System\otYHUnu.exe
  2⤵
  PID:5500
- C:\Windows\System\RPAvxOC.exe
  C:\Windows\System\RPAvxOC.exe
  2⤵
  PID:5520
- C:\Windows\System\wIuxNME.exe
  C:\Windows\System\wIuxNME.exe
  2⤵
  PID:5540
- C:\Windows\System\hdYWjzD.exe
  C:\Windows\System\hdYWjzD.exe
  2⤵
  PID:5560
- C:\Windows\System\hCPsVbP.exe
  C:\Windows\System\hCPsVbP.exe
  2⤵
  PID:5580
- C:\Windows\System\AKivEmr.exe
  C:\Windows\System\AKivEmr.exe
  2⤵
  PID:5600
- C:\Windows\System\KnFwKZw.exe
  C:\Windows\System\KnFwKZw.exe
  2⤵
  PID:5620
- C:\Windows\System\MbLVFPw.exe
  C:\Windows\System\MbLVFPw.exe
  2⤵
  PID:5640
- C:\Windows\System\ORTQvoU.exe
  C:\Windows\System\ORTQvoU.exe
  2⤵
  PID:5660
- C:\Windows\System\VQJnfHZ.exe
  C:\Windows\System\VQJnfHZ.exe
  2⤵
  PID:5680
- C:\Windows\System\CVDxfzN.exe
  C:\Windows\System\CVDxfzN.exe
  2⤵
  PID:5704
- C:\Windows\System\fylenHV.exe
  C:\Windows\System\fylenHV.exe
  2⤵
  PID:5724
- C:\Windows\System\fueToeF.exe
  C:\Windows\System\fueToeF.exe
  2⤵
  PID:5744
- C:\Windows\System\cBZlEvw.exe
  C:\Windows\System\cBZlEvw.exe
  2⤵
  PID:5764
- C:\Windows\System\bAytpyU.exe
  C:\Windows\System\bAytpyU.exe
  2⤵
  PID:5784
- C:\Windows\System\bgQSrcN.exe
  C:\Windows\System\bgQSrcN.exe
  2⤵
  PID:5804
- C:\Windows\System\ULuCFxu.exe
  C:\Windows\System\ULuCFxu.exe
  2⤵
  PID:5824
- C:\Windows\System\EdpaNoo.exe
  C:\Windows\System\EdpaNoo.exe
  2⤵
  PID:5844
- C:\Windows\System\IHklFpp.exe
  C:\Windows\System\IHklFpp.exe
  2⤵
  PID:5864
- C:\Windows\System\pyOnLkS.exe
  C:\Windows\System\pyOnLkS.exe
  2⤵
  PID:5884
- C:\Windows\System\mBeVhjh.exe
  C:\Windows\System\mBeVhjh.exe
  2⤵
  PID:5904
- C:\Windows\System\zKCzZvv.exe
  C:\Windows\System\zKCzZvv.exe
  2⤵
  PID:5924
- C:\Windows\System\YvbXTUX.exe
  C:\Windows\System\YvbXTUX.exe
  2⤵
  PID:5944
- C:\Windows\System\iVQuBCD.exe
  C:\Windows\System\iVQuBCD.exe
  2⤵
  PID:5964
- C:\Windows\System\dMouhBa.exe
  C:\Windows\System\dMouhBa.exe
  2⤵
  PID:5984
- C:\Windows\System\nBiORKn.exe
  C:\Windows\System\nBiORKn.exe
  2⤵
  PID:6004
- C:\Windows\System\xdsmTVO.exe
  C:\Windows\System\xdsmTVO.exe
  2⤵
  PID:6024
- C:\Windows\System\GwuggmI.exe
  C:\Windows\System\GwuggmI.exe
  2⤵
  PID:6044
- C:\Windows\System\zIEoXcS.exe
  C:\Windows\System\zIEoXcS.exe
  2⤵
  PID:6064
- C:\Windows\System\IMPKQoh.exe
  C:\Windows\System\IMPKQoh.exe
  2⤵
  PID:6084
- C:\Windows\System\zkEzEfP.exe
  C:\Windows\System\zkEzEfP.exe
  2⤵
  PID:6104
- C:\Windows\System\oaXtPQo.exe
  C:\Windows\System\oaXtPQo.exe
  2⤵
  PID:6124
- C:\Windows\System\WpEJeBS.exe
  C:\Windows\System\WpEJeBS.exe
  2⤵
  PID:4160
- C:\Windows\System\TxOYBgb.exe
  C:\Windows\System\TxOYBgb.exe
  2⤵
  PID:4444
- C:\Windows\System\gkUFcqE.exe
  C:\Windows\System\gkUFcqE.exe
  2⤵
  PID:4468
- C:\Windows\System\KMMjHYt.exe
  C:\Windows\System\KMMjHYt.exe
  2⤵
  PID:4696
- C:\Windows\System\IwImyfE.exe
  C:\Windows\System\IwImyfE.exe
  2⤵
  PID:4712
- C:\Windows\System\TMyrqnw.exe
  C:\Windows\System\TMyrqnw.exe
  2⤵
  PID:4892
- C:\Windows\System\cuAPARn.exe
  C:\Windows\System\cuAPARn.exe
  2⤵
  PID:4928
- C:\Windows\System\kvmJuws.exe
  C:\Windows\System\kvmJuws.exe
  2⤵
  PID:1872
- C:\Windows\System\LNPnodd.exe
  C:\Windows\System\LNPnodd.exe
  2⤵
  PID:5124
- C:\Windows\System\xJypidY.exe
  C:\Windows\System\xJypidY.exe
  2⤵
  PID:5164
- C:\Windows\System\JcEwlod.exe
  C:\Windows\System\JcEwlod.exe
  2⤵
  PID:5144
- C:\Windows\System\LVXTQFH.exe
  C:\Windows\System\LVXTQFH.exe
  2⤵
  PID:5208
- C:\Windows\System\ZUbsjrx.exe
  C:\Windows\System\ZUbsjrx.exe
  2⤵
  PID:5228
- C:\Windows\System\FrUqDWo.exe
  C:\Windows\System\FrUqDWo.exe
  2⤵
  PID:5272
- C:\Windows\System\bdIGjCd.exe
  C:\Windows\System\bdIGjCd.exe
  2⤵
  PID:5336
- C:\Windows\System\GderGNI.exe
  C:\Windows\System\GderGNI.exe
  2⤵
  PID:5348
- C:\Windows\System\oVALpfb.exe
  C:\Windows\System\oVALpfb.exe
  2⤵
  PID:5408
- C:\Windows\System\GgorsCI.exe
  C:\Windows\System\GgorsCI.exe
  2⤵
  PID:5412
- C:\Windows\System\upIUWgy.exe
  C:\Windows\System\upIUWgy.exe
  2⤵
  PID:5432
- C:\Windows\System\YJLxiID.exe
  C:\Windows\System\YJLxiID.exe
  2⤵
  PID:5492
- C:\Windows\System\FSBRGlR.exe
  C:\Windows\System\FSBRGlR.exe
  2⤵
  PID:5516
- C:\Windows\System\jvOmzCW.exe
  C:\Windows\System\jvOmzCW.exe
  2⤵
  PID:5568
- C:\Windows\System\jkYwiNT.exe
  C:\Windows\System\jkYwiNT.exe
  2⤵
  PID:5608
- C:\Windows\System\jXywlmp.exe
  C:\Windows\System\jXywlmp.exe
  2⤵
  PID:5616
- C:\Windows\System\cgdKotz.exe
  C:\Windows\System\cgdKotz.exe
  2⤵
  PID:5636
- C:\Windows\System\RTMlHyg.exe
  C:\Windows\System\RTMlHyg.exe
  2⤵
  PID:5700
- C:\Windows\System\NfAxNnw.exe
  C:\Windows\System\NfAxNnw.exe
  2⤵
  PID:5732
- C:\Windows\System\iHzBXJn.exe
  C:\Windows\System\iHzBXJn.exe
  2⤵
  PID:5752
- C:\Windows\System\KcAVCmX.exe
  C:\Windows\System\KcAVCmX.exe
  2⤵
  PID:5756
- C:\Windows\System\iiuxwMA.exe
  C:\Windows\System\iiuxwMA.exe
  2⤵
  PID:5796
- C:\Windows\System\JKVHXXi.exe
  C:\Windows\System\JKVHXXi.exe
  2⤵
  PID:5840
- C:\Windows\System\UrsGEAs.exe
  C:\Windows\System\UrsGEAs.exe
  2⤵
  PID:5880
- C:\Windows\System\IRbYAgV.exe
  C:\Windows\System\IRbYAgV.exe
  2⤵
  PID:5912
- C:\Windows\System\NJnONjk.exe
  C:\Windows\System\NJnONjk.exe
  2⤵
  PID:5952
- C:\Windows\System\qFzAYbG.exe
  C:\Windows\System\qFzAYbG.exe
  2⤵
  PID:5992
- C:\Windows\System\pmVYCqN.exe
  C:\Windows\System\pmVYCqN.exe
  2⤵
  PID:6016
- C:\Windows\System\YbeCVle.exe
  C:\Windows\System\YbeCVle.exe
  2⤵
  PID:6036
- C:\Windows\System\ooAsdNq.exe
  C:\Windows\System\ooAsdNq.exe
  2⤵
  PID:6080
- C:\Windows\System\tCsSZgE.exe
  C:\Windows\System\tCsSZgE.exe
  2⤵
  PID:6132
- C:\Windows\System\KvvjPhj.exe
  C:\Windows\System\KvvjPhj.exe
  2⤵
  PID:1748
- C:\Windows\System\qETHnbs.exe
  C:\Windows\System\qETHnbs.exe
  2⤵
  PID:4252
- C:\Windows\System\ydYtPGl.exe
  C:\Windows\System\ydYtPGl.exe
  2⤵
  PID:4708
- C:\Windows\System\iCyvZOO.exe
  C:\Windows\System\iCyvZOO.exe
  2⤵
  PID:5092
- C:\Windows\System\RqyYWRh.exe
  C:\Windows\System\RqyYWRh.exe
  2⤵
  PID:3684
- C:\Windows\System\rNRxWiu.exe
  C:\Windows\System\rNRxWiu.exe
  2⤵
  PID:5132
- C:\Windows\System\NbVMRIn.exe
  C:\Windows\System\NbVMRIn.exe
  2⤵
  PID:5204
- C:\Windows\System\iRBbxTS.exe
  C:\Windows\System\iRBbxTS.exe
  2⤵
  PID:5252
- C:\Windows\System\PalaDAk.exe
  C:\Windows\System\PalaDAk.exe
  2⤵
  PID:5264
- C:\Windows\System\KpSfzqM.exe
  C:\Windows\System\KpSfzqM.exe
  2⤵
  PID:5372
- C:\Windows\System\ynJXfUq.exe
  C:\Windows\System\ynJXfUq.exe
  2⤵
  PID:5392
- C:\Windows\System\gbXMeNR.exe
  C:\Windows\System\gbXMeNR.exe
  2⤵
  PID:5484
- C:\Windows\System\OgDxAKo.exe
  C:\Windows\System\OgDxAKo.exe
  2⤵
  PID:5508
- C:\Windows\System\awVsvus.exe
  C:\Windows\System\awVsvus.exe
  2⤵
  PID:5532
- C:\Windows\System\eoiRezp.exe
  C:\Windows\System\eoiRezp.exe
  2⤵
  PID:5612
- C:\Windows\System\STFhCke.exe
  C:\Windows\System\STFhCke.exe
  2⤵
  PID:5712
- C:\Windows\System\ZMwudTP.exe
  C:\Windows\System\ZMwudTP.exe
  2⤵
  PID:2088
- C:\Windows\System\GQYtHYP.exe
  C:\Windows\System\GQYtHYP.exe
  2⤵
  PID:5740
- C:\Windows\System\XvQnYZB.exe
  C:\Windows\System\XvQnYZB.exe
  2⤵
  PID:5832
- C:\Windows\System\xBMdgNZ.exe
  C:\Windows\System\xBMdgNZ.exe
  2⤵
  PID:5892
- C:\Windows\System\dpCseTY.exe
  C:\Windows\System\dpCseTY.exe
  2⤵
  PID:5916
- C:\Windows\System\nlKFQkm.exe
  C:\Windows\System\nlKFQkm.exe
  2⤵
  PID:604
- C:\Windows\System\hiiohQM.exe
  C:\Windows\System\hiiohQM.exe
  2⤵
  PID:6040
- C:\Windows\System\fzbSpxN.exe
  C:\Windows\System\fzbSpxN.exe
  2⤵
  PID:6112
- C:\Windows\System\QyknUBv.exe
  C:\Windows\System\QyknUBv.exe
  2⤵
  PID:2892
- C:\Windows\System\sIDVZJH.exe
  C:\Windows\System\sIDVZJH.exe
  2⤵
  PID:4508
- C:\Windows\System\cdMgiMp.exe
  C:\Windows\System\cdMgiMp.exe
  2⤵
  PID:4572
- C:\Windows\System\EQGOVlI.exe
  C:\Windows\System\EQGOVlI.exe
  2⤵
  PID:5168
- C:\Windows\System\KlfqfEG.exe
  C:\Windows\System\KlfqfEG.exe
  2⤵
  PID:5224
- C:\Windows\System\SdBwuSB.exe
  C:\Windows\System\SdBwuSB.exe
  2⤵
  PID:5324
- C:\Windows\System\jbjhffW.exe
  C:\Windows\System\jbjhffW.exe
  2⤵
  PID:5356
- C:\Windows\System\kuGPYbz.exe
  C:\Windows\System\kuGPYbz.exe
  2⤵
  PID:5472
- C:\Windows\System\WsJAWqD.exe
  C:\Windows\System\WsJAWqD.exe
  2⤵
  PID:5528
- C:\Windows\System\TxFDxWk.exe
  C:\Windows\System\TxFDxWk.exe
  2⤵
  PID:5656
- C:\Windows\System\hxrfmhi.exe
  C:\Windows\System\hxrfmhi.exe
  2⤵
  PID:5296
- C:\Windows\System\eycSTgl.exe
  C:\Windows\System\eycSTgl.exe
  2⤵
  PID:5856
- C:\Windows\System\AJdQFOM.exe
  C:\Windows\System\AJdQFOM.exe
  2⤵
  PID:5956
- C:\Windows\System\lFqfFKX.exe
  C:\Windows\System\lFqfFKX.exe
  2⤵
  PID:3060
- C:\Windows\System\ETZYzLs.exe
  C:\Windows\System\ETZYzLs.exe
  2⤵
  PID:5996
- C:\Windows\System\dCJwKoO.exe
  C:\Windows\System\dCJwKoO.exe
  2⤵
  PID:6116
- C:\Windows\System\NzhIepF.exe
  C:\Windows\System\NzhIepF.exe
  2⤵
  PID:4908
- C:\Windows\System\gacbGYp.exe
  C:\Windows\System\gacbGYp.exe
  2⤵
  PID:4604
- C:\Windows\System\BfbBUdn.exe
  C:\Windows\System\BfbBUdn.exe
  2⤵
  PID:5452
- C:\Windows\System\sznNukn.exe
  C:\Windows\System\sznNukn.exe
  2⤵
  PID:6156
- C:\Windows\System\cnCojcJ.exe
  C:\Windows\System\cnCojcJ.exe
  2⤵
  PID:6172
- C:\Windows\System\LFxTzRa.exe
  C:\Windows\System\LFxTzRa.exe
  2⤵
  PID:6200
- C:\Windows\System\uFVuwUj.exe
  C:\Windows\System\uFVuwUj.exe
  2⤵
  PID:6224
- C:\Windows\System\uShUavu.exe
  C:\Windows\System\uShUavu.exe
  2⤵
  PID:6244
- C:\Windows\System\vQmpvJt.exe
  C:\Windows\System\vQmpvJt.exe
  2⤵
  PID:6264
- C:\Windows\System\ZhneSiG.exe
  C:\Windows\System\ZhneSiG.exe
  2⤵
  PID:6284
- C:\Windows\System\cUqiepJ.exe
  C:\Windows\System\cUqiepJ.exe
  2⤵
  PID:6304
- C:\Windows\System\pQzUTWX.exe
  C:\Windows\System\pQzUTWX.exe
  2⤵
  PID:6324
- C:\Windows\System\iKooJew.exe
  C:\Windows\System\iKooJew.exe
  2⤵
  PID:6340
- C:\Windows\System\SjlcRBP.exe
  C:\Windows\System\SjlcRBP.exe
  2⤵
  PID:6356
- C:\Windows\System\dbKaofE.exe
  C:\Windows\System\dbKaofE.exe
  2⤵
  PID:6380
- C:\Windows\System\HFJiYSW.exe
  C:\Windows\System\HFJiYSW.exe
  2⤵
  PID:6396
- C:\Windows\System\vriUFSx.exe
  C:\Windows\System\vriUFSx.exe
  2⤵
  PID:6412
- C:\Windows\System\nmljNQQ.exe
  C:\Windows\System\nmljNQQ.exe
  2⤵
  PID:6436
- C:\Windows\System\YLFIQGG.exe
  C:\Windows\System\YLFIQGG.exe
  2⤵
  PID:6456
- C:\Windows\System\zImskiv.exe
  C:\Windows\System\zImskiv.exe
  2⤵
  PID:6472
- C:\Windows\System\ljCprkh.exe
  C:\Windows\System\ljCprkh.exe
  2⤵
  PID:6496
- C:\Windows\System\tSEYlxd.exe
  C:\Windows\System\tSEYlxd.exe
  2⤵
  PID:6516
- C:\Windows\System\UIfzvik.exe
  C:\Windows\System\UIfzvik.exe
  2⤵
  PID:6532
- C:\Windows\System\irKIjFl.exe
  C:\Windows\System\irKIjFl.exe
  2⤵
  PID:6556
- C:\Windows\System\lFlQUZW.exe
  C:\Windows\System\lFlQUZW.exe
  2⤵
  PID:6572
- C:\Windows\System\WgQopuO.exe
  C:\Windows\System\WgQopuO.exe
  2⤵
  PID:6592
- C:\Windows\System\BlGLjLV.exe
  C:\Windows\System\BlGLjLV.exe
  2⤵
  PID:6620
- C:\Windows\System\XEQqskG.exe
  C:\Windows\System\XEQqskG.exe
  2⤵
  PID:6640
- C:\Windows\System\QsPnlrI.exe
  C:\Windows\System\QsPnlrI.exe
  2⤵
  PID:6660
- C:\Windows\System\xMjCqvs.exe
  C:\Windows\System\xMjCqvs.exe
  2⤵
  PID:6680
- C:\Windows\System\Weqtkst.exe
  C:\Windows\System\Weqtkst.exe
  2⤵
  PID:6696
- C:\Windows\System\cdzRsht.exe
  C:\Windows\System\cdzRsht.exe
  2⤵
  PID:6716
- C:\Windows\System\kHxLjhf.exe
  C:\Windows\System\kHxLjhf.exe
  2⤵
  PID:6736
- C:\Windows\System\rcivLeA.exe
  C:\Windows\System\rcivLeA.exe
  2⤵
  PID:6760
- C:\Windows\System\WRbXIZi.exe
  C:\Windows\System\WRbXIZi.exe
  2⤵
  PID:6776
- C:\Windows\System\TbOVNpc.exe
  C:\Windows\System\TbOVNpc.exe
  2⤵
  PID:6800
- C:\Windows\System\aHsGCgR.exe
  C:\Windows\System\aHsGCgR.exe
  2⤵
  PID:6824
- C:\Windows\System\szvDszk.exe
  C:\Windows\System\szvDszk.exe
  2⤵
  PID:6840
- C:\Windows\System\VTwhDvR.exe
  C:\Windows\System\VTwhDvR.exe
  2⤵
  PID:6864
- C:\Windows\System\SaxYwoa.exe
  C:\Windows\System\SaxYwoa.exe
  2⤵
  PID:6880
- C:\Windows\System\KvrOZFw.exe
  C:\Windows\System\KvrOZFw.exe
  2⤵
  PID:6924
- C:\Windows\System\TmxGKCO.exe
  C:\Windows\System\TmxGKCO.exe
  2⤵
  PID:6944
- C:\Windows\System\AXnInRI.exe
  C:\Windows\System\AXnInRI.exe
  2⤵
  PID:6960
- C:\Windows\System\sjlCWdQ.exe
  C:\Windows\System\sjlCWdQ.exe
  2⤵
  PID:6976
- C:\Windows\System\TrviunH.exe
  C:\Windows\System\TrviunH.exe
  2⤵
  PID:6992
- C:\Windows\System\QeKjJWD.exe
  C:\Windows\System\QeKjJWD.exe
  2⤵
  PID:7008
- C:\Windows\System\NduroXN.exe
  C:\Windows\System\NduroXN.exe
  2⤵
  PID:7028
- C:\Windows\System\NiMNpNw.exe
  C:\Windows\System\NiMNpNw.exe
  2⤵
  PID:7048
- C:\Windows\System\mSHZVDC.exe
  C:\Windows\System\mSHZVDC.exe
  2⤵
  PID:7064
- C:\Windows\System\RXmaNcn.exe
  C:\Windows\System\RXmaNcn.exe
  2⤵
  PID:7084
- C:\Windows\System\MYeVnZn.exe
  C:\Windows\System\MYeVnZn.exe
  2⤵
  PID:7100
- C:\Windows\System\wNtSEDf.exe
  C:\Windows\System\wNtSEDf.exe
  2⤵
  PID:7116
- C:\Windows\System\lgDsBUi.exe
  C:\Windows\System\lgDsBUi.exe
  2⤵
  PID:7132
- C:\Windows\System\OQQKKKu.exe
  C:\Windows\System\OQQKKKu.exe
  2⤵
  PID:7152
- C:\Windows\System\HLltiWT.exe
  C:\Windows\System\HLltiWT.exe
  2⤵
  PID:5368
- C:\Windows\System\CFkUYWg.exe
  C:\Windows\System\CFkUYWg.exe
  2⤵
  PID:5792
- C:\Windows\System\CoXUFMr.exe
  C:\Windows\System\CoXUFMr.exe
  2⤵
  PID:5552
- C:\Windows\System\OCUaDKi.exe
  C:\Windows\System\OCUaDKi.exe
  2⤵
  PID:6092
- C:\Windows\System\aBCFmSx.exe
  C:\Windows\System\aBCFmSx.exe
  2⤵
  PID:5860
- C:\Windows\System\ONJPbUY.exe
  C:\Windows\System\ONJPbUY.exe
  2⤵
  PID:2424
- C:\Windows\System\AFCinzA.exe
  C:\Windows\System\AFCinzA.exe
  2⤵
  PID:5596
- C:\Windows\System\INrjwWF.exe
  C:\Windows\System\INrjwWF.exe
  2⤵
  PID:6192
- C:\Windows\System\yRmMcvP.exe
  C:\Windows\System\yRmMcvP.exe
  2⤵
  PID:6240
- C:\Windows\System\NFomReX.exe
  C:\Windows\System\NFomReX.exe
  2⤵
  PID:6280
- C:\Windows\System\VPSFefb.exe
  C:\Windows\System\VPSFefb.exe
  2⤵
  PID:6320
- C:\Windows\System\jLcCVQT.exe
  C:\Windows\System\jLcCVQT.exe
  2⤵
  PID:4308
- C:\Windows\System\pilAvJv.exe
  C:\Windows\System\pilAvJv.exe
  2⤵
  PID:6352
- C:\Windows\System\FPnNzbb.exe
  C:\Windows\System\FPnNzbb.exe
  2⤵
  PID:6464
- C:\Windows\System\tXxNiDx.exe
  C:\Windows\System\tXxNiDx.exe
  2⤵
  PID:6504
- C:\Windows\System\kHkqcSY.exe
  C:\Windows\System\kHkqcSY.exe
  2⤵
  PID:3984
- C:\Windows\System\pdNrrBr.exe
  C:\Windows\System\pdNrrBr.exe
  2⤵
  PID:6404
- C:\Windows\System\TyxBvCW.exe
  C:\Windows\System\TyxBvCW.exe
  2⤵
  PID:6552
- C:\Windows\System\lcojQKq.exe
  C:\Windows\System\lcojQKq.exe
  2⤵
  PID:6580
- C:\Windows\System\ZfzUOxF.exe
  C:\Windows\System\ZfzUOxF.exe
  2⤵
  PID:1628
- C:\Windows\System\kxvTRpO.exe
  C:\Windows\System\kxvTRpO.exe
  2⤵
  PID:6564
- C:\Windows\System\gGyiKXA.exe
  C:\Windows\System\gGyiKXA.exe
  2⤵
  PID:6480
- C:\Windows\System\mHNxERA.exe
  C:\Windows\System\mHNxERA.exe
  2⤵
  PID:6672
- C:\Windows\System\sVlUsFR.exe
  C:\Windows\System\sVlUsFR.exe
  2⤵
  PID:6712
- C:\Windows\System\LFXhian.exe
  C:\Windows\System\LFXhian.exe
  2⤵
  PID:6616
- C:\Windows\System\YDEpXGo.exe
  C:\Windows\System\YDEpXGo.exe
  2⤵
  PID:6752
- C:\Windows\System\LCzqBxH.exe
  C:\Windows\System\LCzqBxH.exe
  2⤵
  PID:6796
- C:\Windows\System\OUxEsuF.exe
  C:\Windows\System\OUxEsuF.exe
  2⤵
  PID:1880
- C:\Windows\System\krqnTix.exe
  C:\Windows\System\krqnTix.exe
  2⤵
  PID:6836
- C:\Windows\System\NLBXaAb.exe
  C:\Windows\System\NLBXaAb.exe
  2⤵
  PID:6656
- C:\Windows\System\QmEXlRA.exe
  C:\Windows\System\QmEXlRA.exe
  2⤵
  PID:6688
- C:\Windows\System\IptSJtB.exe
  C:\Windows\System\IptSJtB.exe
  2⤵
  PID:6772
- C:\Windows\System\gRrkvXY.exe
  C:\Windows\System\gRrkvXY.exe
  2⤵
  PID:6812
- C:\Windows\System\YbfLBCK.exe
  C:\Windows\System\YbfLBCK.exe
  2⤵
  PID:6860
- C:\Windows\System\KvSyKaq.exe
  C:\Windows\System\KvSyKaq.exe
  2⤵
  PID:1084
- C:\Windows\System\pyaIcvj.exe
  C:\Windows\System\pyaIcvj.exe
  2⤵
  PID:6920
- C:\Windows\System\FdvlvUq.exe
  C:\Windows\System\FdvlvUq.exe
  2⤵
  PID:2244
- C:\Windows\System\XUQwZVQ.exe
  C:\Windows\System\XUQwZVQ.exe
  2⤵
  PID:3068
- C:\Windows\System\NPalHLm.exe
  C:\Windows\System\NPalHLm.exe
  2⤵
  PID:700
- C:\Windows\System\QiIEDWu.exe
  C:\Windows\System\QiIEDWu.exe
  2⤵
  PID:948
- C:\Windows\System\yTUZYEd.exe
  C:\Windows\System\yTUZYEd.exe
  2⤵
  PID:6936
- C:\Windows\System\SUHvqUM.exe
  C:\Windows\System\SUHvqUM.exe
  2⤵
  PID:6988
- C:\Windows\System\rLzYabj.exe
  C:\Windows\System\rLzYabj.exe
  2⤵
  PID:7092
- C:\Windows\System\AEfUQqa.exe
  C:\Windows\System\AEfUQqa.exe
  2⤵
  PID:7016
- C:\Windows\System\nlNUdTS.exe
  C:\Windows\System\nlNUdTS.exe
  2⤵
  PID:5308
- C:\Windows\System\ORCIFkx.exe
  C:\Windows\System\ORCIFkx.exe
  2⤵
  PID:7128
- C:\Windows\System\frikWpR.exe
  C:\Windows\System\frikWpR.exe
  2⤵
  PID:5244
- C:\Windows\System\bdLWoRs.exe
  C:\Windows\System\bdLWoRs.exe
  2⤵
  PID:7108
- C:\Windows\System\EnGHzxA.exe
  C:\Windows\System\EnGHzxA.exe
  2⤵
  PID:3756
- C:\Windows\System\QlAaSau.exe
  C:\Windows\System\QlAaSau.exe
  2⤵
  PID:6168
- C:\Windows\System\IllpMAF.exe
  C:\Windows\System\IllpMAF.exe
  2⤵
  PID:6972
- C:\Windows\System\HtTgHTb.exe
  C:\Windows\System\HtTgHTb.exe
  2⤵
  PID:7036
- C:\Windows\System\rHeaOGD.exe
  C:\Windows\System\rHeaOGD.exe
  2⤵
  PID:7076
- C:\Windows\System\fJqNbcB.exe
  C:\Windows\System\fJqNbcB.exe
  2⤵
  PID:7148
- C:\Windows\System\ZGVCAKQ.exe
  C:\Windows\System\ZGVCAKQ.exe
  2⤵
  PID:5900
- C:\Windows\System\Xlahdoo.exe
  C:\Windows\System\Xlahdoo.exe
  2⤵
  PID:2312
- C:\Windows\System\BirppFd.exe
  C:\Windows\System\BirppFd.exe
  2⤵
  PID:6272
- C:\Windows\System\sgEsYVs.exe
  C:\Windows\System\sgEsYVs.exe
  2⤵
  PID:6212
- C:\Windows\System\FdRvGHy.exe
  C:\Windows\System\FdRvGHy.exe
  2⤵
  PID:6252
- C:\Windows\System\GgKGDDR.exe
  C:\Windows\System\GgKGDDR.exe
  2⤵
  PID:6208
- C:\Windows\System\EWKFMAm.exe
  C:\Windows\System\EWKFMAm.exe
  2⤵
  PID:2008
- C:\Windows\System\PbIbNlI.exe
  C:\Windows\System\PbIbNlI.exe
  2⤵
  PID:6632
- C:\Windows\System\cLzUsOs.exe
  C:\Windows\System\cLzUsOs.exe
  2⤵
  PID:6908
- C:\Windows\System\UbSkOXV.exe
  C:\Windows\System\UbSkOXV.exe
  2⤵
  PID:6508
- C:\Windows\System\rZnHHgW.exe
  C:\Windows\System\rZnHHgW.exe
  2⤵
  PID:1036
- C:\Windows\System\BXvIcyW.exe
  C:\Windows\System\BXvIcyW.exe
  2⤵
  PID:6604
- C:\Windows\System\AXPsJrg.exe
  C:\Windows\System\AXPsJrg.exe
  2⤵
  PID:1596
- C:\Windows\System\xUwCTJS.exe
  C:\Windows\System\xUwCTJS.exe
  2⤵
  PID:6748
- C:\Windows\System\dscPuRt.exe
  C:\Windows\System\dscPuRt.exe
  2⤵
  PID:2216
- C:\Windows\System\SVjxteS.exe
  C:\Windows\System\SVjxteS.exe
  2⤵
  PID:6820
- C:\Windows\System\cqRHnHv.exe
  C:\Windows\System\cqRHnHv.exe
  2⤵
  PID:6744
- C:\Windows\System\slnfSrr.exe
  C:\Windows\System\slnfSrr.exe
  2⤵
  PID:6816
- C:\Windows\System\EgEPjel.exe
  C:\Windows\System\EgEPjel.exe
  2⤵
  PID:6728
- C:\Windows\System\XMVAwiR.exe
  C:\Windows\System\XMVAwiR.exe
  2⤵
  PID:6916
- C:\Windows\System\WXCiBOB.exe
  C:\Windows\System\WXCiBOB.exe
  2⤵
  PID:1072
- C:\Windows\System\amJOxkS.exe
  C:\Windows\System\amJOxkS.exe
  2⤵
  PID:6956
- C:\Windows\System\QUSGJBD.exe
  C:\Windows\System\QUSGJBD.exe
  2⤵
  PID:2628
- C:\Windows\System\mfPYeOK.exe
  C:\Windows\System\mfPYeOK.exe
  2⤵
  PID:6940
- C:\Windows\System\grSVLqQ.exe
  C:\Windows\System\grSVLqQ.exe
  2⤵
  PID:5852
- C:\Windows\System\eUNpsor.exe
  C:\Windows\System\eUNpsor.exe
  2⤵
  PID:6312
- C:\Windows\System\vCGKLZl.exe
  C:\Windows\System\vCGKLZl.exe
  2⤵
  PID:5572
- C:\Windows\System\ZqTZefr.exe
  C:\Windows\System\ZqTZefr.exe
  2⤵
  PID:5388
- C:\Windows\System\sIJVdHE.exe
  C:\Windows\System\sIJVdHE.exe
  2⤵
  PID:7112
- C:\Windows\System\ZuCAEQC.exe
  C:\Windows\System\ZuCAEQC.exe
  2⤵
  PID:5672
- C:\Windows\System\RcnYbbo.exe
  C:\Windows\System\RcnYbbo.exe
  2⤵
  PID:6428
- C:\Windows\System\bdCzDHN.exe
  C:\Windows\System\bdCzDHN.exe
  2⤵
  PID:5288
- C:\Windows\System\uUTRAoj.exe
  C:\Windows\System\uUTRAoj.exe
  2⤵
  PID:6216
- C:\Windows\System\kaAMWWy.exe
  C:\Windows\System\kaAMWWy.exe
  2⤵
  PID:6452
- C:\Windows\System\JAIamkg.exe
  C:\Windows\System\JAIamkg.exe
  2⤵
  PID:6608
- C:\Windows\System\agFlzTO.exe
  C:\Windows\System\agFlzTO.exe
  2⤵
  PID:6548
- C:\Windows\System\tBKMSdN.exe
  C:\Windows\System\tBKMSdN.exe
  2⤵
  PID:2724
- C:\Windows\System\BrZXksg.exe
  C:\Windows\System\BrZXksg.exe
  2⤵
  PID:6652
- C:\Windows\System\lXdRaHY.exe
  C:\Windows\System\lXdRaHY.exe
  2⤵
  PID:808
- C:\Windows\System\qcALNdF.exe
  C:\Windows\System\qcALNdF.exe
  2⤵
  PID:3040
- C:\Windows\System\nSHYxBl.exe
  C:\Windows\System\nSHYxBl.exe
  2⤵
  PID:1524
- C:\Windows\System\FkEEUzW.exe
  C:\Windows\System\FkEEUzW.exe
  2⤵
  PID:5692
- C:\Windows\System\QfkrFTn.exe
  C:\Windows\System\QfkrFTn.exe
  2⤵
  PID:6968
- C:\Windows\System\AflRrBg.exe
  C:\Windows\System\AflRrBg.exe
  2⤵
  PID:7044
- C:\Windows\System\QIpUSwn.exe
  C:\Windows\System\QIpUSwn.exe
  2⤵
  PID:5488
- C:\Windows\System\UokpxIL.exe
  C:\Windows\System\UokpxIL.exe
  2⤵
  PID:1956
- C:\Windows\System\TLmrGLU.exe
  C:\Windows\System\TLmrGLU.exe
  2⤵
  PID:6524
- C:\Windows\System\KEPrjRt.exe
  C:\Windows\System\KEPrjRt.exe
  2⤵
  PID:296
- C:\Windows\System\XLlxyWu.exe
  C:\Windows\System\XLlxyWu.exe
  2⤵
  PID:6788
- C:\Windows\System\FiTujth.exe
  C:\Windows\System\FiTujth.exe
  2⤵
  PID:6724
- C:\Windows\System\dcuqKmg.exe
  C:\Windows\System\dcuqKmg.exe
  2⤵
  PID:6000
- C:\Windows\System\XCyCdRp.exe
  C:\Windows\System\XCyCdRp.exe
  2⤵
  PID:2508
- C:\Windows\System\HWttBjI.exe
  C:\Windows\System\HWttBjI.exe
  2⤵
  PID:7004
- C:\Windows\System\xhswTNT.exe
  C:\Windows\System\xhswTNT.exe
  2⤵
  PID:6732
- C:\Windows\System\KsxwlPT.exe
  C:\Windows\System\KsxwlPT.exe
  2⤵
  PID:5776
- C:\Windows\System\JcbRjVl.exe
  C:\Windows\System\JcbRjVl.exe
  2⤵
  PID:7176
- C:\Windows\System\eEFwsBP.exe
  C:\Windows\System\eEFwsBP.exe
  2⤵
  PID:7196
- C:\Windows\System\wiuJQEV.exe
  C:\Windows\System\wiuJQEV.exe
  2⤵
  PID:7212
- C:\Windows\System\PNkQTvG.exe
  C:\Windows\System\PNkQTvG.exe
  2⤵
  PID:7228
- C:\Windows\System\PCatoVX.exe
  C:\Windows\System\PCatoVX.exe
  2⤵
  PID:7244
- C:\Windows\System\MlVNLoz.exe
  C:\Windows\System\MlVNLoz.exe
  2⤵
  PID:7260
- C:\Windows\System\XwJKlYA.exe
  C:\Windows\System\XwJKlYA.exe
  2⤵
  PID:7276
- C:\Windows\System\XfbHEcv.exe
  C:\Windows\System\XfbHEcv.exe
  2⤵
  PID:7292
- C:\Windows\System\iNAWNuU.exe
  C:\Windows\System\iNAWNuU.exe
  2⤵
  PID:7308
- C:\Windows\System\qKvdYso.exe
  C:\Windows\System\qKvdYso.exe
  2⤵
  PID:7324
- C:\Windows\System\DccyZon.exe
  C:\Windows\System\DccyZon.exe
  2⤵
  PID:7340
- C:\Windows\System\RwNVIef.exe
  C:\Windows\System\RwNVIef.exe
  2⤵
  PID:7356
- C:\Windows\System\VlvfofE.exe
  C:\Windows\System\VlvfofE.exe
  2⤵
  PID:7372
- C:\Windows\System\WmilZLH.exe
  C:\Windows\System\WmilZLH.exe
  2⤵
  PID:7392
- C:\Windows\System\TNPYuQu.exe
  C:\Windows\System\TNPYuQu.exe
  2⤵
  PID:7408
- C:\Windows\System\zPImozu.exe
  C:\Windows\System\zPImozu.exe
  2⤵
  PID:7424
- C:\Windows\System\mmInrZT.exe
  C:\Windows\System\mmInrZT.exe
  2⤵
  PID:7440
- C:\Windows\System\zPMNVId.exe
  C:\Windows\System\zPMNVId.exe
  2⤵
  PID:7456
- C:\Windows\System\fkOupBQ.exe
  C:\Windows\System\fkOupBQ.exe
  2⤵
  PID:7472
- C:\Windows\System\izOzduB.exe
  C:\Windows\System\izOzduB.exe
  2⤵
  PID:7488
- C:\Windows\System\mcttgfw.exe
  C:\Windows\System\mcttgfw.exe
  2⤵
  PID:7508
- C:\Windows\System\rWaMnQB.exe
  C:\Windows\System\rWaMnQB.exe
  2⤵
  PID:7524
- C:\Windows\System\wbQpZjJ.exe
  C:\Windows\System\wbQpZjJ.exe
  2⤵
  PID:7540
- C:\Windows\System\yyJmdEp.exe
  C:\Windows\System\yyJmdEp.exe
  2⤵
  PID:7556
- C:\Windows\System\RuxKoEy.exe
  C:\Windows\System\RuxKoEy.exe
  2⤵
  PID:7572
- C:\Windows\System\PokGVSt.exe
  C:\Windows\System\PokGVSt.exe
  2⤵
  PID:7588
- C:\Windows\System\WTqmgpz.exe
  C:\Windows\System\WTqmgpz.exe
  2⤵
  PID:7604
- C:\Windows\System\OAbrcYt.exe
  C:\Windows\System\OAbrcYt.exe
  2⤵
  PID:7620
- C:\Windows\System\uVOzuzP.exe
  C:\Windows\System\uVOzuzP.exe
  2⤵
  PID:7636
- C:\Windows\System\qFEfEiM.exe
  C:\Windows\System\qFEfEiM.exe
  2⤵
  PID:7652
- C:\Windows\System\smLFPad.exe
  C:\Windows\System\smLFPad.exe
  2⤵
  PID:7668
- C:\Windows\System\jJxNIPk.exe
  C:\Windows\System\jJxNIPk.exe
  2⤵
  PID:7684
- C:\Windows\System\bwhobzn.exe
  C:\Windows\System\bwhobzn.exe
  2⤵
  PID:7700
- C:\Windows\System\oZbWRsO.exe
  C:\Windows\System\oZbWRsO.exe
  2⤵
  PID:7716
- C:\Windows\System\dVlJoEO.exe
  C:\Windows\System\dVlJoEO.exe
  2⤵
  PID:7732
- C:\Windows\System\WAvABIu.exe
  C:\Windows\System\WAvABIu.exe
  2⤵
  PID:7748
- C:\Windows\System\mhwOicg.exe
  C:\Windows\System\mhwOicg.exe
  2⤵
  PID:7764
- C:\Windows\System\AKVjhiS.exe
  C:\Windows\System\AKVjhiS.exe
  2⤵
  PID:7784
- C:\Windows\System\ZnnmbyN.exe
  C:\Windows\System\ZnnmbyN.exe
  2⤵
  PID:7800
- C:\Windows\System\JrxGpGW.exe
  C:\Windows\System\JrxGpGW.exe
  2⤵
  PID:7816
- C:\Windows\System\FhupmXU.exe
  C:\Windows\System\FhupmXU.exe
  2⤵
  PID:7832
- C:\Windows\System\hXFuiKw.exe
  C:\Windows\System\hXFuiKw.exe
  2⤵
  PID:7848
- C:\Windows\System\lixoDdZ.exe
  C:\Windows\System\lixoDdZ.exe
  2⤵
  PID:7868
- C:\Windows\System\qImtnYs.exe
  C:\Windows\System\qImtnYs.exe
  2⤵
  PID:7888
- C:\Windows\System\tVxImGo.exe
  C:\Windows\System\tVxImGo.exe
  2⤵
  PID:7904
- C:\Windows\System\JiUyFiU.exe
  C:\Windows\System\JiUyFiU.exe
  2⤵
  PID:7928
- C:\Windows\System\XDOgfqi.exe
  C:\Windows\System\XDOgfqi.exe
  2⤵
  PID:7944
- C:\Windows\System\pKnwkZM.exe
  C:\Windows\System\pKnwkZM.exe
  2⤵
  PID:7960
- C:\Windows\System\GOQWShu.exe
  C:\Windows\System\GOQWShu.exe
  2⤵
  PID:7976
- C:\Windows\System\hXejfMW.exe
  C:\Windows\System\hXejfMW.exe
  2⤵
  PID:7992
- C:\Windows\System\fhWWPhP.exe
  C:\Windows\System\fhWWPhP.exe
  2⤵
  PID:8008
- C:\Windows\System\ziZQsWg.exe
  C:\Windows\System\ziZQsWg.exe
  2⤵
  PID:8028
- C:\Windows\System\KRnsAMu.exe
  C:\Windows\System\KRnsAMu.exe
  2⤵
  PID:8044
- C:\Windows\System\JUYqTvk.exe
  C:\Windows\System\JUYqTvk.exe
  2⤵
  PID:8060
- C:\Windows\System\boyZIcR.exe
  C:\Windows\System\boyZIcR.exe
  2⤵
  PID:8076
- C:\Windows\System\PAAuFTr.exe
  C:\Windows\System\PAAuFTr.exe
  2⤵
  PID:8092
- C:\Windows\System\qGQNnEd.exe
  C:\Windows\System\qGQNnEd.exe
  2⤵
  PID:8108
- C:\Windows\System\QgUHiVM.exe
  C:\Windows\System\QgUHiVM.exe
  2⤵
  PID:8124
- C:\Windows\System\HipkKuN.exe
  C:\Windows\System\HipkKuN.exe
  2⤵
  PID:8140
- C:\Windows\System\xHxmyEF.exe
  C:\Windows\System\xHxmyEF.exe
  2⤵
  PID:8160
- C:\Windows\System\tHgwvqZ.exe
  C:\Windows\System\tHgwvqZ.exe
  2⤵
  PID:8176
- C:\Windows\System\VMwDgnd.exe
  C:\Windows\System\VMwDgnd.exe
  2⤵
  PID:6332
- C:\Windows\System\pkGFkPj.exe
  C:\Windows\System\pkGFkPj.exe
  2⤵
  PID:6600
- C:\Windows\System\zfvhBLc.exe
  C:\Windows\System\zfvhBLc.exe
  2⤵
  PID:1708
- C:\Windows\System\ogwYyuU.exe
  C:\Windows\System\ogwYyuU.exe
  2⤵
  PID:6668
- C:\Windows\System\GHsDDpU.exe
  C:\Windows\System\GHsDDpU.exe
  2⤵
  PID:6296
- C:\Windows\System\eSHEEgG.exe
  C:\Windows\System\eSHEEgG.exe
  2⤵
  PID:7256
- C:\Windows\System\VPoDuoC.exe
  C:\Windows\System\VPoDuoC.exe
  2⤵
  PID:7236
- C:\Windows\System\QGKwJdd.exe
  C:\Windows\System\QGKwJdd.exe
  2⤵
  PID:7300
- C:\Windows\System\ptgtdFV.exe
  C:\Windows\System\ptgtdFV.exe
  2⤵
  PID:7316
- C:\Windows\System\vBshtXj.exe
  C:\Windows\System\vBshtXj.exe
  2⤵
  PID:7352
- C:\Windows\System\BNeRKMk.exe
  C:\Windows\System\BNeRKMk.exe
  2⤵
  PID:7364
- C:\Windows\System\oSTmAvG.exe
  C:\Windows\System\oSTmAvG.exe
  2⤵
  PID:7516
- C:\Windows\System\zntpFhC.exe
  C:\Windows\System\zntpFhC.exe
  2⤵
  PID:7404
- C:\Windows\System\VlQcNJZ.exe
  C:\Windows\System\VlQcNJZ.exe
  2⤵
  PID:7468
- C:\Windows\System\wCvwsiJ.exe
  C:\Windows\System\wCvwsiJ.exe
  2⤵
  PID:7532
- C:\Windows\System\jhUHCal.exe
  C:\Windows\System\jhUHCal.exe
  2⤵
  PID:7548
- C:\Windows\System\IfBkBhA.exe
  C:\Windows\System\IfBkBhA.exe
  2⤵
  PID:7596
- C:\Windows\System\vIkBzpB.exe
  C:\Windows\System\vIkBzpB.exe
  2⤵
  PID:7660
- C:\Windows\System\TrBXUwP.exe
  C:\Windows\System\TrBXUwP.exe
  2⤵
  PID:7692
- C:\Windows\System\UyVZLJm.exe
  C:\Windows\System\UyVZLJm.exe
  2⤵
  PID:7728
- C:\Windows\System\Zptljds.exe
  C:\Windows\System\Zptljds.exe
  2⤵
  PID:7740
- C:\Windows\System\AJaYfoD.exe
  C:\Windows\System\AJaYfoD.exe
  2⤵
  PID:8072
- C:\Windows\System\ZnVtBOV.exe
  C:\Windows\System\ZnVtBOV.exe
  2⤵
  PID:8188
- C:\Windows\System\IwKKnle.exe
  C:\Windows\System\IwKKnle.exe
  2⤵
  PID:6676
- C:\Windows\System\kwTIpli.exe
  C:\Windows\System\kwTIpli.exe
  2⤵
  PID:7192
- C:\Windows\System\rzNBcdj.exe
  C:\Windows\System\rzNBcdj.exe
  2⤵
  PID:7368
- C:\Windows\System\RLoYfNu.exe
  C:\Windows\System\RLoYfNu.exe
  2⤵
  PID:7336
- C:\Windows\System\AYEtZBl.exe
  C:\Windows\System\AYEtZBl.exe
  2⤵
  PID:7644
- C:\Windows\System\qwMLlIl.exe
  C:\Windows\System\qwMLlIl.exe
  2⤵
  PID:7388
- C:\Windows\System\dwLiJIL.exe
  C:\Windows\System\dwLiJIL.exe
  2⤵
  PID:7436
- C:\Windows\System\nNmuzJQ.exe
  C:\Windows\System\nNmuzJQ.exe
  2⤵
  PID:7808
- C:\Windows\System\HeZJoJy.exe
  C:\Windows\System\HeZJoJy.exe
  2⤵
  PID:7880
- C:\Windows\System\TzZAqrH.exe
  C:\Windows\System\TzZAqrH.exe
  2⤵
  PID:7896
- C:\Windows\System\fvddijK.exe
  C:\Windows\System\fvddijK.exe
  2⤵
  PID:7952
- C:\Windows\System\daPohqK.exe
  C:\Windows\System\daPohqK.exe
  2⤵
  PID:8020
- C:\Windows\System\LzeKRgr.exe
  C:\Windows\System\LzeKRgr.exe
  2⤵
  PID:8056
- C:\Windows\System\voVqBQG.exe
  C:\Windows\System\voVqBQG.exe
  2⤵
  PID:8088
- C:\Windows\System\LYsEgwC.exe
  C:\Windows\System\LYsEgwC.exe
  2⤵
  PID:8040
- C:\Windows\System\QXsccGh.exe
  C:\Windows\System\QXsccGh.exe
  2⤵
  PID:8036
- C:\Windows\System\QXHrNfC.exe
  C:\Windows\System\QXHrNfC.exe
  2⤵
  PID:8104
- C:\Windows\System\rzDVCep.exe
  C:\Windows\System\rzDVCep.exe
  2⤵
  PID:8068
- C:\Windows\System\QEAqEjr.exe
  C:\Windows\System\QEAqEjr.exe
  2⤵
  PID:3600
- C:\Windows\System\hBKEuqd.exe
  C:\Windows\System\hBKEuqd.exe
  2⤵
  PID:7184
- C:\Windows\System\HzHNCud.exe
  C:\Windows\System\HzHNCud.exe
  2⤵
  PID:7304
- C:\Windows\System\ATUCurI.exe
  C:\Windows\System\ATUCurI.exe
  2⤵
  PID:7400
- C:\Windows\System\bBRAVgM.exe
  C:\Windows\System\bBRAVgM.exe
  2⤵
  PID:7580
- C:\Windows\System\PSYmaYi.exe
  C:\Windows\System\PSYmaYi.exe
  2⤵
  PID:7452
- C:\Windows\System\zkIEhlX.exe
  C:\Windows\System\zkIEhlX.exe
  2⤵
  PID:7616
- C:\Windows\System\KPxZhQE.exe
  C:\Windows\System\KPxZhQE.exe
  2⤵
  PID:7756
- C:\Windows\System\hgDTCCb.exe
  C:\Windows\System\hgDTCCb.exe
  2⤵
  PID:7796
- C:\Windows\System\dIAbxcB.exe
  C:\Windows\System\dIAbxcB.exe
  2⤵
  PID:7712
- C:\Windows\System\zEhPlBW.exe
  C:\Windows\System\zEhPlBW.exe
  2⤵
  PID:7916
- C:\Windows\System\Hxusmnh.exe
  C:\Windows\System\Hxusmnh.exe
  2⤵
  PID:7876
- C:\Windows\System\CZqYyRl.exe
  C:\Windows\System\CZqYyRl.exe
  2⤵
  PID:8016
- C:\Windows\System\OSHzpEI.exe
  C:\Windows\System\OSHzpEI.exe
  2⤵
  PID:7972
- C:\Windows\System\FzTbVtx.exe
  C:\Windows\System\FzTbVtx.exe
  2⤵
  PID:7776
- C:\Windows\System\OcAgXfy.exe
  C:\Windows\System\OcAgXfy.exe
  2⤵
  PID:7484
- C:\Windows\System\dQBesPG.exe
  C:\Windows\System\dQBesPG.exe
  2⤵
  PID:8116
- C:\Windows\System\YpVZfFS.exe
  C:\Windows\System\YpVZfFS.exe
  2⤵
  PID:7224
- C:\Windows\System\JVFdJTb.exe
  C:\Windows\System\JVFdJTb.exe
  2⤵
  PID:7780
- C:\Windows\System\haEjFjC.exe
  C:\Windows\System\haEjFjC.exe
  2⤵
  PID:7380
- C:\Windows\System\TpxmqPx.exe
  C:\Windows\System\TpxmqPx.exe
  2⤵
  PID:7056
- C:\Windows\System\kShkDse.exe
  C:\Windows\System\kShkDse.exe
  2⤵
  PID:7988
- C:\Windows\System\pbUXMhT.exe
  C:\Windows\System\pbUXMhT.exe
  2⤵
  PID:8152
- C:\Windows\System\pyLMudP.exe
  C:\Windows\System\pyLMudP.exe
  2⤵
  PID:7920
- C:\Windows\System\dAcJqka.exe
  C:\Windows\System\dAcJqka.exe
  2⤵
  PID:7220
- C:\Windows\System\xBcuBEO.exe
  C:\Windows\System\xBcuBEO.exe
  2⤵
  PID:7612
- C:\Windows\System\mFuSTjp.exe
  C:\Windows\System\mFuSTjp.exe
  2⤵
  PID:7924
- C:\Windows\System\NycDHHk.exe
  C:\Windows\System\NycDHHk.exe
  2⤵
  PID:7828
- C:\Windows\System\jZzMohs.exe
  C:\Windows\System\jZzMohs.exe
  2⤵
  PID:8208
- C:\Windows\System\uCcbaAB.exe
  C:\Windows\System\uCcbaAB.exe
  2⤵
  PID:8224
- C:\Windows\System\zSlbCyP.exe
  C:\Windows\System\zSlbCyP.exe
  2⤵
  PID:8240
- C:\Windows\System\lYdRjYc.exe
  C:\Windows\System\lYdRjYc.exe
  2⤵
  PID:8256
- C:\Windows\System\GDneXSM.exe
  C:\Windows\System\GDneXSM.exe
  2⤵
  PID:8272
- C:\Windows\System\tWhmXIB.exe
  C:\Windows\System\tWhmXIB.exe
  2⤵
  PID:8288
- C:\Windows\System\WwKjlnj.exe
  C:\Windows\System\WwKjlnj.exe
  2⤵
  PID:8304
- C:\Windows\System\gOlwXiv.exe
  C:\Windows\System\gOlwXiv.exe
  2⤵
  PID:8320
- C:\Windows\System\QSbCozZ.exe
  C:\Windows\System\QSbCozZ.exe
  2⤵
  PID:8336
- C:\Windows\System\zeKYxSJ.exe
  C:\Windows\System\zeKYxSJ.exe
  2⤵
  PID:8352
- C:\Windows\System\csMzZCr.exe
  C:\Windows\System\csMzZCr.exe
  2⤵
  PID:8368
- C:\Windows\System\YMbWUQe.exe
  C:\Windows\System\YMbWUQe.exe
  2⤵
  PID:8384
- C:\Windows\System\rEljhhs.exe
  C:\Windows\System\rEljhhs.exe
  2⤵
  PID:8400
- C:\Windows\System\QfREMuU.exe
  C:\Windows\System\QfREMuU.exe
  2⤵
  PID:8420
- C:\Windows\System\SQmNZke.exe
  C:\Windows\System\SQmNZke.exe
  2⤵
  PID:8436
- C:\Windows\System\TEPckhe.exe
  C:\Windows\System\TEPckhe.exe
  2⤵
  PID:8452
- C:\Windows\System\WlfXSZc.exe
  C:\Windows\System\WlfXSZc.exe
  2⤵
  PID:8468
- C:\Windows\System\AYVtbCN.exe
  C:\Windows\System\AYVtbCN.exe
  2⤵
  PID:8484
- C:\Windows\System\crqjWda.exe
  C:\Windows\System\crqjWda.exe
  2⤵
  PID:8500
- C:\Windows\System\zcbEzkt.exe
  C:\Windows\System\zcbEzkt.exe
  2⤵
  PID:8516
- C:\Windows\System\xIHUZxH.exe
  C:\Windows\System\xIHUZxH.exe
  2⤵
  PID:8532
- C:\Windows\System\drGDRLP.exe
  C:\Windows\System\drGDRLP.exe
  2⤵
  PID:8548
- C:\Windows\System\PckmLtu.exe
  C:\Windows\System\PckmLtu.exe
  2⤵
  PID:8564
- C:\Windows\System\phFGGNM.exe
  C:\Windows\System\phFGGNM.exe
  2⤵
  PID:8580
- C:\Windows\System\ytzXDQP.exe
  C:\Windows\System\ytzXDQP.exe
  2⤵
  PID:8596
- C:\Windows\System\krKrDqe.exe
  C:\Windows\System\krKrDqe.exe
  2⤵
  PID:8612
- C:\Windows\System\iqSIRtm.exe
  C:\Windows\System\iqSIRtm.exe
  2⤵
  PID:8628
- C:\Windows\System\FkhOodD.exe
  C:\Windows\System\FkhOodD.exe
  2⤵
  PID:8644
- C:\Windows\System\UhgkLIy.exe
  C:\Windows\System\UhgkLIy.exe
  2⤵
  PID:8660
- C:\Windows\System\sdrvbmY.exe
  C:\Windows\System\sdrvbmY.exe
  2⤵
  PID:8676
- C:\Windows\System\HTxPdbq.exe
  C:\Windows\System\HTxPdbq.exe
  2⤵
  PID:8692
- C:\Windows\System\qsHreEd.exe
  C:\Windows\System\qsHreEd.exe
  2⤵
  PID:8708
- C:\Windows\System\GHpTjqe.exe
  C:\Windows\System\GHpTjqe.exe
  2⤵
  PID:8724
- C:\Windows\System\FrKaRof.exe
  C:\Windows\System\FrKaRof.exe
  2⤵
  PID:8740
- C:\Windows\System\jouMXaQ.exe
  C:\Windows\System\jouMXaQ.exe
  2⤵
  PID:8756
- C:\Windows\System\TUXDVXE.exe
  C:\Windows\System\TUXDVXE.exe
  2⤵
  PID:8772
- C:\Windows\System\DrKUObA.exe
  C:\Windows\System\DrKUObA.exe
  2⤵
  PID:8788
- C:\Windows\System\UeuRTnI.exe
  C:\Windows\System\UeuRTnI.exe
  2⤵
  PID:8804
- C:\Windows\System\pSZQQrl.exe
  C:\Windows\System\pSZQQrl.exe
  2⤵
  PID:8820
- C:\Windows\System\TkvjEvS.exe
  C:\Windows\System\TkvjEvS.exe
  2⤵
  PID:8836
- C:\Windows\System\EIPYaJU.exe
  C:\Windows\System\EIPYaJU.exe
  2⤵
  PID:8852
- C:\Windows\System\Ysrlyrz.exe
  C:\Windows\System\Ysrlyrz.exe
  2⤵
  PID:8868
- C:\Windows\System\indAjhH.exe
  C:\Windows\System\indAjhH.exe
  2⤵
  PID:8884
- C:\Windows\System\VegzswU.exe
  C:\Windows\System\VegzswU.exe
  2⤵
  PID:8900
- C:\Windows\System\rLlUgtf.exe
  C:\Windows\System\rLlUgtf.exe
  2⤵
  PID:8916
- C:\Windows\System\ERXyngH.exe
  C:\Windows\System\ERXyngH.exe
  2⤵
  PID:8932
- C:\Windows\System\qhfyNfo.exe
  C:\Windows\System\qhfyNfo.exe
  2⤵
  PID:8948
- C:\Windows\System\VlGXPpS.exe
  C:\Windows\System\VlGXPpS.exe
  2⤵
  PID:8964
- C:\Windows\System\gdtzEOP.exe
  C:\Windows\System\gdtzEOP.exe
  2⤵
  PID:8980
- C:\Windows\System\IMdgfZL.exe
  C:\Windows\System\IMdgfZL.exe
  2⤵
  PID:8996
- C:\Windows\System\aQOWxnd.exe
  C:\Windows\System\aQOWxnd.exe
  2⤵
  PID:9012
- C:\Windows\System\OukjDMl.exe
  C:\Windows\System\OukjDMl.exe
  2⤵
  PID:9028
- C:\Windows\System\fydWGJi.exe
  C:\Windows\System\fydWGJi.exe
  2⤵
  PID:9044
- C:\Windows\System\XtEgJLl.exe
  C:\Windows\System\XtEgJLl.exe
  2⤵
  PID:9060
- C:\Windows\System\DRbLgsc.exe
  C:\Windows\System\DRbLgsc.exe
  2⤵
  PID:9080
- C:\Windows\System\thVJdTe.exe
  C:\Windows\System\thVJdTe.exe
  2⤵
  PID:9100
- C:\Windows\System\lrgMMOa.exe
  C:\Windows\System\lrgMMOa.exe
  2⤵
  PID:9116
- C:\Windows\System\GDhESks.exe
  C:\Windows\System\GDhESks.exe
  2⤵
  PID:9132
- C:\Windows\System\ynHVepN.exe
  C:\Windows\System\ynHVepN.exe
  2⤵
  PID:9148
- C:\Windows\System\LGoOEbN.exe
  C:\Windows\System\LGoOEbN.exe
  2⤵
  PID:9164
- C:\Windows\System\ZAwfFEj.exe
  C:\Windows\System\ZAwfFEj.exe
  2⤵
  PID:9180
- C:\Windows\System\FiwLsnA.exe
  C:\Windows\System\FiwLsnA.exe
  2⤵
  PID:9196
- C:\Windows\System\YUZNWGJ.exe
  C:\Windows\System\YUZNWGJ.exe
  2⤵
  PID:9212
- C:\Windows\System\PflGCQK.exe
  C:\Windows\System\PflGCQK.exe
  2⤵
  PID:8216
- C:\Windows\System\grWTnTj.exe
  C:\Windows\System\grWTnTj.exe
  2⤵
  PID:8284
- C:\Windows\System\gjkiYXC.exe
  C:\Windows\System\gjkiYXC.exe
  2⤵
  PID:8348
- C:\Windows\System\zFqquQK.exe
  C:\Windows\System\zFqquQK.exe
  2⤵
  PID:8232
- C:\Windows\System\tCZqNrw.exe
  C:\Windows\System\tCZqNrw.exe
  2⤵
  PID:8004
- C:\Windows\System\pyHlqIQ.exe
  C:\Windows\System\pyHlqIQ.exe
  2⤵
  PID:8300
- C:\Windows\System\mPWIgij.exe
  C:\Windows\System\mPWIgij.exe
  2⤵
  PID:8444
- C:\Windows\System\nDWToaf.exe
  C:\Windows\System\nDWToaf.exe
  2⤵
  PID:8512
- C:\Windows\System\IJVQMVn.exe
  C:\Windows\System\IJVQMVn.exe
  2⤵
  PID:8264
- C:\Windows\System\qGhJyqB.exe
  C:\Windows\System\qGhJyqB.exe
  2⤵
  PID:8360
- C:\Windows\System\CvZWExH.exe
  C:\Windows\System\CvZWExH.exe
  2⤵
  PID:8428
- C:\Windows\System\lijiXrt.exe
  C:\Windows\System\lijiXrt.exe
  2⤵
  PID:8432
- C:\Windows\System\anUBLIB.exe
  C:\Windows\System\anUBLIB.exe
  2⤵
  PID:8496
- C:\Windows\System\uJAnuXU.exe
  C:\Windows\System\uJAnuXU.exe
  2⤵
  PID:8560
- C:\Windows\System\ouAZvlJ.exe
  C:\Windows\System\ouAZvlJ.exe
  2⤵
  PID:8624
- C:\Windows\System\QeMHUGy.exe
  C:\Windows\System\QeMHUGy.exe
  2⤵
  PID:8656
- C:\Windows\System\RAekNBT.exe
  C:\Windows\System\RAekNBT.exe
  2⤵
  PID:8688
- C:\Windows\System\vggZgqo.exe
  C:\Windows\System\vggZgqo.exe
  2⤵
  PID:8672
- C:\Windows\System\iiaICFP.exe
  C:\Windows\System\iiaICFP.exe
  2⤵
  PID:8768
- C:\Windows\System\eWAwkdG.exe
  C:\Windows\System\eWAwkdG.exe
  2⤵
  PID:8752
- C:\Windows\System\bIGMxUf.exe
  C:\Windows\System\bIGMxUf.exe
  2⤵
  PID:8784
- C:\Windows\System\yfNdUlC.exe
  C:\Windows\System\yfNdUlC.exe
  2⤵
  PID:8848
- C:\Windows\System\KibWDNN.exe
  C:\Windows\System\KibWDNN.exe
  2⤵
  PID:8896
- C:\Windows\System\NYAFvcn.exe
  C:\Windows\System\NYAFvcn.exe
  2⤵
  PID:8928
- C:\Windows\System\XWCbZqN.exe
  C:\Windows\System\XWCbZqN.exe
  2⤵
  PID:8956
- C:\Windows\System\ptxPzqA.exe
  C:\Windows\System\ptxPzqA.exe
  2⤵
  PID:8992
- C:\Windows\System\EKaCMpi.exe
  C:\Windows\System\EKaCMpi.exe
  2⤵
  PID:8976
- C:\Windows\System\qpnTqlu.exe
  C:\Windows\System\qpnTqlu.exe
  2⤵
  PID:9024
- C:\Windows\System\dknLmsA.exe
  C:\Windows\System\dknLmsA.exe
  2⤵
  PID:9108
- C:\Windows\System\KZDFxcU.exe
  C:\Windows\System\KZDFxcU.exe
  2⤵
  PID:9096
- C:\Windows\System\pjqKoXz.exe
  C:\Windows\System\pjqKoXz.exe
  2⤵
  PID:7568
- C:\Windows\System\nskFXeH.exe
  C:\Windows\System\nskFXeH.exe
  2⤵
  PID:9140
- C:\Windows\System\wCanWvC.exe
  C:\Windows\System\wCanWvC.exe
  2⤵
  PID:9192
- C:\Windows\System\WVpnCFL.exe
  C:\Windows\System\WVpnCFL.exe
  2⤵
  PID:7696
- C:\Windows\System\GIxBQAs.exe
  C:\Windows\System\GIxBQAs.exe
  2⤵
  PID:8412
- C:\Windows\System\gUitGfr.exe
  C:\Windows\System\gUitGfr.exe
  2⤵
  PID:8544
- C:\Windows\System\EwntFJE.exe
  C:\Windows\System\EwntFJE.exe
  2⤵
  PID:8200
- C:\Windows\System\CnkVSXA.exe
  C:\Windows\System\CnkVSXA.exe
  2⤵
  PID:8476
- C:\Windows\System\AWgDgtI.exe
  C:\Windows\System\AWgDgtI.exe
  2⤵
  PID:8396
- C:\Windows\System\SpTscQs.exe
  C:\Windows\System\SpTscQs.exe
  2⤵
  PID:8592
- C:\Windows\System\xOQzvyH.exe
  C:\Windows\System\xOQzvyH.exe
  2⤵
  PID:8700
- C:\Windows\System\mtEsevo.exe
  C:\Windows\System\mtEsevo.exe
  2⤵
  PID:8876
- C:\Windows\System\kQXTEWr.exe
  C:\Windows\System\kQXTEWr.exe
  2⤵
  PID:8528
- C:\Windows\System\GZVfRTk.exe
  C:\Windows\System\GZVfRTk.exe
  2⤵
  PID:8828
- C:\Windows\System\WZaemoN.exe
  C:\Windows\System\WZaemoN.exe
  2⤵
  PID:8912
- C:\Windows\System\svosnoV.exe
  C:\Windows\System\svosnoV.exe
  2⤵
  PID:8892
- C:\Windows\System\ohRxAON.exe
  C:\Windows\System\ohRxAON.exe
  2⤵
  PID:8924
- C:\Windows\System\GiVPvFZ.exe
  C:\Windows\System\GiVPvFZ.exe
  2⤵
  PID:9020
- C:\Windows\System\WdXRKJi.exe
  C:\Windows\System\WdXRKJi.exe
  2⤵
  PID:9172
- C:\Windows\System\PbHdiYf.exe
  C:\Windows\System\PbHdiYf.exe
  2⤵
  PID:8540
- C:\Windows\System\ayQgzSo.exe
  C:\Windows\System\ayQgzSo.exe
  2⤵
  PID:8736
- C:\Windows\System\ggkxBGJ.exe
  C:\Windows\System\ggkxBGJ.exe
  2⤵
  PID:9160
- C:\Windows\System\jkedOXM.exe
  C:\Windows\System\jkedOXM.exe
  2⤵
  PID:8204
- C:\Windows\System\YpCEVyw.exe
  C:\Windows\System\YpCEVyw.exe
  2⤵
  PID:8416
- C:\Windows\System\PoSOjKi.exe
  C:\Windows\System\PoSOjKi.exe
  2⤵
  PID:8604
- C:\Windows\System\NeRbVdH.exe
  C:\Windows\System\NeRbVdH.exe
  2⤵
  PID:8716
- C:\Windows\System\RZmpujx.exe
  C:\Windows\System\RZmpujx.exe
  2⤵
  PID:9068
- C:\Windows\System\dxOPPKv.exe
  C:\Windows\System\dxOPPKv.exe
  2⤵
  PID:8572
- C:\Windows\System\hZqKCLO.exe
  C:\Windows\System\hZqKCLO.exe
  2⤵
  PID:8156
- C:\Windows\System\NOlIaqr.exe
  C:\Windows\System\NOlIaqr.exe
  2⤵
  PID:8408
- C:\Windows\System\JiHrCDc.exe
  C:\Windows\System\JiHrCDc.exe
  2⤵
  PID:8636
- C:\Windows\System\surfnLT.exe
  C:\Windows\System\surfnLT.exe
  2⤵
  PID:9008
- C:\Windows\System\uGLcrrv.exe
  C:\Windows\System\uGLcrrv.exe
  2⤵
  PID:9092
- C:\Windows\System\RXAfbMM.exe
  C:\Windows\System\RXAfbMM.exe
  2⤵
  PID:8780
- C:\Windows\System\ChiriJi.exe
  C:\Windows\System\ChiriJi.exe
  2⤵
  PID:9220
- C:\Windows\System\ExbHZba.exe
  C:\Windows\System\ExbHZba.exe
  2⤵
  PID:9236
- C:\Windows\System\NJVHUNG.exe
  C:\Windows\System\NJVHUNG.exe
  2⤵
  PID:9252
- C:\Windows\System\pqyVuTJ.exe
  C:\Windows\System\pqyVuTJ.exe
  2⤵
  PID:9268
- C:\Windows\System\kUwWCEF.exe
  C:\Windows\System\kUwWCEF.exe
  2⤵
  PID:9284
- C:\Windows\System\rLAbvVj.exe
  C:\Windows\System\rLAbvVj.exe
  2⤵
  PID:9300
- C:\Windows\System\tzNyRMR.exe
  C:\Windows\System\tzNyRMR.exe
  2⤵
  PID:9316
- C:\Windows\System\MIDFwNZ.exe
  C:\Windows\System\MIDFwNZ.exe
  2⤵
  PID:9332
- C:\Windows\System\wWBDiot.exe
  C:\Windows\System\wWBDiot.exe
  2⤵
  PID:9348
- C:\Windows\System\QhFXdCR.exe
  C:\Windows\System\QhFXdCR.exe
  2⤵
  PID:9364
- C:\Windows\System\sepjVfw.exe
  C:\Windows\System\sepjVfw.exe
  2⤵
  PID:9380
- C:\Windows\System\RoUCxVo.exe
  C:\Windows\System\RoUCxVo.exe
  2⤵
  PID:9396
- C:\Windows\System\xtLXeBQ.exe
  C:\Windows\System\xtLXeBQ.exe
  2⤵
  PID:9412
- C:\Windows\System\hDnuLyc.exe
  C:\Windows\System\hDnuLyc.exe
  2⤵
  PID:9428
- C:\Windows\System\VwtSihE.exe
  C:\Windows\System\VwtSihE.exe
  2⤵
  PID:9444
- C:\Windows\System\hiuXtPM.exe
  C:\Windows\System\hiuXtPM.exe
  2⤵
  PID:9460
- C:\Windows\System\idFmNHf.exe
  C:\Windows\System\idFmNHf.exe
  2⤵
  PID:9476
- C:\Windows\System\caLIpNO.exe
  C:\Windows\System\caLIpNO.exe
  2⤵
  PID:9492
- C:\Windows\System\wtLoLbw.exe
  C:\Windows\System\wtLoLbw.exe
  2⤵
  PID:9508
- C:\Windows\System\BrVVuXK.exe
  C:\Windows\System\BrVVuXK.exe
  2⤵
  PID:9524
- C:\Windows\System\NzfJalL.exe
  C:\Windows\System\NzfJalL.exe
  2⤵
  PID:9572
- C:\Windows\System\kSwYMbP.exe
  C:\Windows\System\kSwYMbP.exe
  2⤵
  PID:9588
- C:\Windows\System\qRipBRM.exe
  C:\Windows\System\qRipBRM.exe
  2⤵
  PID:9604
- C:\Windows\System\TOsqReV.exe
  C:\Windows\System\TOsqReV.exe
  2⤵
  PID:9628
- C:\Windows\System\ZhnvZFF.exe
  C:\Windows\System\ZhnvZFF.exe
  2⤵
  PID:9648
- C:\Windows\System\hDuzEUu.exe
  C:\Windows\System\hDuzEUu.exe
  2⤵
  PID:9684
- C:\Windows\System\QjnXMoJ.exe
  C:\Windows\System\QjnXMoJ.exe
  2⤵
  PID:9700
- C:\Windows\System\gMSOTjb.exe
  C:\Windows\System\gMSOTjb.exe
  2⤵
  PID:9716
- C:\Windows\System\vbctLxF.exe
  C:\Windows\System\vbctLxF.exe
  2⤵
  PID:9732
- C:\Windows\System\zpEQqOF.exe
  C:\Windows\System\zpEQqOF.exe
  2⤵
  PID:9752
- C:\Windows\System\vhQlJyO.exe
  C:\Windows\System\vhQlJyO.exe
  2⤵
  PID:9864
- C:\Windows\System\SSHaaMT.exe
  C:\Windows\System\SSHaaMT.exe
  2⤵
  PID:9892
- C:\Windows\System\vwRRali.exe
  C:\Windows\System\vwRRali.exe
  2⤵
  PID:9980
- C:\Windows\System\cSompxt.exe
  C:\Windows\System\cSompxt.exe
  2⤵
  PID:10000
- C:\Windows\System\jGVUwgg.exe
  C:\Windows\System\jGVUwgg.exe
  2⤵
  PID:10032
- C:\Windows\System\PXCWHlT.exe
  C:\Windows\System\PXCWHlT.exe
  2⤵
  PID:10048
- C:\Windows\System\EuNkQoJ.exe
  C:\Windows\System\EuNkQoJ.exe
  2⤵
  PID:10064
- C:\Windows\System\MXrsgtG.exe
  C:\Windows\System\MXrsgtG.exe
  2⤵
  PID:10080
- C:\Windows\System\KlVNxAt.exe
  C:\Windows\System\KlVNxAt.exe
  2⤵
  PID:10096
- C:\Windows\System\zCCndwt.exe
  C:\Windows\System\zCCndwt.exe
  2⤵
  PID:10112
- C:\Windows\System\PxxZYQb.exe
  C:\Windows\System\PxxZYQb.exe
  2⤵
  PID:10128
- C:\Windows\System\CeodKtZ.exe
  C:\Windows\System\CeodKtZ.exe
  2⤵
  PID:10144
- C:\Windows\System\YlbOwbu.exe
  C:\Windows\System\YlbOwbu.exe
  2⤵
  PID:10168
- C:\Windows\System\USwDHyZ.exe
  C:\Windows\System\USwDHyZ.exe
  2⤵
  PID:10232
- C:\Windows\System\UfLNxOm.exe
  C:\Windows\System\UfLNxOm.exe
  2⤵
  PID:9244
- C:\Windows\System\dDjWXNp.exe
  C:\Windows\System\dDjWXNp.exe
  2⤵
  PID:9312
- C:\Windows\System\GxlAoxX.exe
  C:\Windows\System\GxlAoxX.exe
  2⤵
  PID:9376
- C:\Windows\System\tkkTXBA.exe
  C:\Windows\System\tkkTXBA.exe
  2⤵
  PID:9420
- C:\Windows\System\LrpUmpt.exe
  C:\Windows\System\LrpUmpt.exe
  2⤵
  PID:9520
- C:\Windows\System\bdrszky.exe
  C:\Windows\System\bdrszky.exe
  2⤵
  PID:9580
- C:\Windows\System\wiUddpY.exe
  C:\Windows\System\wiUddpY.exe
  2⤵
  PID:9740
- C:\Windows\System\YPQwFOW.exe
  C:\Windows\System\YPQwFOW.exe
  2⤵
  PID:9760
- C:\Windows\System\xQCnFCc.exe
  C:\Windows\System\xQCnFCc.exe
  2⤵
  PID:9816
- C:\Windows\System\JtDkWWg.exe
  C:\Windows\System\JtDkWWg.exe
  2⤵
  PID:9844
- C:\Windows\System\SiOqEfb.exe
  C:\Windows\System\SiOqEfb.exe
  2⤵
  PID:9832
- C:\Windows\System\bYxmMxp.exe
  C:\Windows\System\bYxmMxp.exe
  2⤵
  PID:9872
- C:\Windows\System\JnwwpKy.exe
  C:\Windows\System\JnwwpKy.exe
  2⤵
  PID:9900
- C:\Windows\System\etepJLt.exe
  C:\Windows\System\etepJLt.exe
  2⤵
  PID:9904
- C:\Windows\System\WsXOYuO.exe
  C:\Windows\System\WsXOYuO.exe
  2⤵
  PID:9940
- C:\Windows\System\OTxfvQr.exe
  C:\Windows\System\OTxfvQr.exe
  2⤵
  PID:9948
- C:\Windows\System\KleVzcE.exe
  C:\Windows\System\KleVzcE.exe
  2⤵
  PID:9988
- C:\Windows\System\jFsJmlB.exe
  C:\Windows\System\jFsJmlB.exe
  2⤵
  PID:10028
- C:\Windows\System\OxwyBkL.exe
  C:\Windows\System\OxwyBkL.exe
  2⤵
  PID:10044
- C:\Windows\System\egcXdql.exe
  C:\Windows\System\egcXdql.exe
  2⤵
  PID:10108
- C:\Windows\System\XHQGXtq.exe
  C:\Windows\System\XHQGXtq.exe
  2⤵
  PID:10124
- C:\Windows\System\VdvyAjC.exe
  C:\Windows\System\VdvyAjC.exe
  2⤵
  PID:10176
- C:\Windows\System\NUHmVGl.exe
  C:\Windows\System\NUHmVGl.exe
  2⤵
  PID:10188
- C:\Windows\System\hTRMWwR.exe
  C:\Windows\System\hTRMWwR.exe
  2⤵
  PID:10208
- C:\Windows\System\EopzDil.exe
  C:\Windows\System\EopzDil.exe
  2⤵
  PID:10228
- C:\Windows\System\BkhvdxU.exe
  C:\Windows\System\BkhvdxU.exe
  2⤵
  PID:9260
- C:\Windows\System\iJzoFwE.exe
  C:\Windows\System\iJzoFwE.exe
  2⤵
  PID:9328
- C:\Windows\System\tlkcyiN.exe
  C:\Windows\System\tlkcyiN.exe
  2⤵
  PID:7812
- C:\Windows\System\MceQxuS.exe
  C:\Windows\System\MceQxuS.exe
  2⤵
  PID:9392
- C:\Windows\System\hPQGDIT.exe
  C:\Windows\System\hPQGDIT.exe
  2⤵
  PID:9616
- C:\Windows\System\thmFAzs.exe
  C:\Windows\System\thmFAzs.exe
  2⤵
  PID:9656
- C:\Windows\System\GwQeuJz.exe
  C:\Windows\System\GwQeuJz.exe
  2⤵
  PID:9680
- C:\Windows\System\qzhGwPY.exe
  C:\Windows\System\qzhGwPY.exe
  2⤵
  PID:9812
- C:\Windows\System\gnCDzXW.exe
  C:\Windows\System\gnCDzXW.exe
  2⤵
  PID:9804
- C:\Windows\System\LAZwkCr.exe
  C:\Windows\System\LAZwkCr.exe
  2⤵
  PID:9824
- C:\Windows\System\WHRCTvN.exe
  C:\Windows\System\WHRCTvN.exe
  2⤵
  PID:9856
- C:\Windows\System\DjBPCVB.exe
  C:\Windows\System\DjBPCVB.exe
  2⤵
  PID:9916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\EeQwtxT.exe

Filesize
6.0MB

MD5
818ff7c009968591439cb9d147ecd923

SHA1
0248e628dbafcd2b587e9aa9a7f384af76475807

SHA256
edd2f27eec1ad52398445052079c07f255af2431203735f64783bc437b74e233

SHA512
d0ec945827b8104368aeced27ba3e704eabe3f815609b760395d1e0a908e753d3930d8f08cb25f62bdcbe022233ab68bb22586b8f47e849738b81c2527b0103e

Download Submit
C:\Windows\system\HavUgDx.exe

Filesize
6.0MB

MD5
2b5c4634309ffa3b5ffb5dc6069bdb6f

SHA1
93a62cf2dfcb1a13a626d1add5eed8cd32f7930c

SHA256
5126586162a98ea7b9e2b5dd128245bfe01a2f16d348e21fb15b6f4caf1a7ac6

SHA512
861b805a6c7f527095bd6e58d7d225f244dabfe377c2c3590b3939bf19bb56bd7dc0cc335913f50dc11f355fbc7b15fe4d281f963e935e89d26df26c6b985f1f

Download Submit
C:\Windows\system\JdZUWPc.exe

Filesize
6.0MB

MD5
71715211c9e0f337c0a37347ca4aa53d

SHA1
b8068799252a119f32c9259bf1d2c4f2a4dd856f

SHA256
9183a29c67e4242a67e08acc2399267be0e34c7ce04555246e9c3cc1139ed0a7

SHA512
2345acce1006aef4ca06e144cd4e55b26494e1b62c6ad1c4733fed1fc675ea0f40076212f046c9ca37b4378aa6e4483b2e1ffd75454c6e07d0afb57479ad1c4b

Download Submit
C:\Windows\system\LEUEYDw.exe

Filesize
6.0MB

MD5
d81eb7f2c68333a8011d28ba0b7ef605

SHA1
c931088fa2865e10a19dcb1a846e42366a70149d

SHA256
b2d4eafa1bd240a809fbf3d223c1a0c6a4fc2efe14783b3ca2399e7988be9a58

SHA512
e2da1f42aae13917bee44965d28512821fa88ad09e9124fa89f291e2dfd5561ffcd967d03cca283369f98d43fe0c545c4ba950660aa483604373ab33e83eb780

Download Submit
C:\Windows\system\NPBjDaQ.exe

Filesize
6.0MB

MD5
cfbaf87c5dfb635939bf1d8dc2ad2d97

SHA1
27054ff248caa356a38906f0b6f5963e88277870

SHA256
6fa894f166c0dbb28593bcf43a6f046b73fa62797fa5caad2362978a8b6924b1

SHA512
f91c873d048fd5d483e6bdddee0353a0e007d8e99315987996b345bf25848293262da7ddc34bfb13ec29b50db3be887d63d691068cd786603317a9181c17ecb9

Download Submit
C:\Windows\system\PxYwdoC.exe

Filesize
6.0MB

MD5
5e02aeec1fe4502ab0a5549008f6cc22

SHA1
f49dd5051e8c92f7dafe3cc2f9e241c4d8655add

SHA256
8e75ad20d5fd1bbdf8223d410f6f4c3c8701e4443be069179f2b1ad177bbfb97

SHA512
cb722febea6e9ffed387dc4e230b3b64de885de2f7c8ccfa9e8491f295560200ff98104e678c33e5964d6adae86be020e54e3844075fa2d61e63b410c624b0a4

Download Submit
C:\Windows\system\QRuirgp.exe

Filesize
6.0MB

MD5
354bab0581cbb4611240c0329e2901f4

SHA1
0df273f0b5f38f879ab2b04cc83db06ec2a57bea

SHA256
85cb039ae5226efcf13757f2b673f66a1c052c20bbef244ebd625061b0980c5e

SHA512
997dfc3a43acaa2b98afbbeaeb0ae995612c9ba835322bae97ee14196b6bf079928520b0fbdaaede1cc58a10fc62cfe218b214e80f40ec06fc5c3030e4c09034

Download Submit
C:\Windows\system\RTHtGNH.exe

Filesize
6.0MB

MD5
1ff59263ea8ce238bda58e9ce23a00e0

SHA1
9921648961d818d476106a6955229bb305a4ab2b

SHA256
73163bcf26b3038a37873e7fc8854ced09b8e1777b9660daa762c0f7668fff2e

SHA512
225e234ad52fe249c59e33281044156aa916602e5148866f93bc19ceaade62e7171c6fa2ffe3d4b12dc24c53beeeef9fef70ef1890126532233988b3a3728fcd

Download Submit
C:\Windows\system\SQmlXEy.exe

Filesize
6.0MB

MD5
8e62311e1a9d2ef3dd8a61bf9ddeba93

SHA1
cf943c5abeb5c6f5b5085a5a7398fcd38ffec534

SHA256
61fc816238e986d51616c0a508149774e1979c0348f5466fdb0a6e39a0c30ecc

SHA512
b00cba4246765da75b1ad81cfef72147158ebfcf6a8ab4af68f71e86e58f872e62f0262e5ad073866bcddaa27aa1cb043dcfabd4973cd691dc79817b5759bc44

Download Submit
C:\Windows\system\SggNMEG.exe

Filesize
6.0MB

MD5
de068ff33c02ad485cfe3d318854b3ef

SHA1
9f424bd243df0cdb3a9ed95930a17782d61979ad

SHA256
61374a826fa7a8cfd6088c206fe87a24fbe3fedd27ff07b25a453247f4e4334a

SHA512
03a8e2d5cb023952356cffd0492d2bb93330a437a6840d0f40957435e2c9b09360321ad4290b47fa8218e57e804ec1343c58021e0c85b1089a80bba233a54c85

Download Submit
C:\Windows\system\SwYnzrZ.exe

Filesize
6.0MB

MD5
8193424d522723bef0f76ee0d4fad88d

SHA1
1accf3e926c4b9c4ffedb91c72b26a369aec1f12

SHA256
b8f31a85393e065fe991c07ba310d3d0a2ce8de4283674b9f7536841c3124bc1

SHA512
4972e011a2a61f3f0235ef8069034ed94b1a9d200eddcbd17dec94e38186bc7957f8857262c15682d59e56c450a363c3570177c84e9b1ecab3b0bb03878bce1b

Download Submit
C:\Windows\system\UkfBRoW.exe

Filesize
6.0MB

MD5
03e04489e60ffc2a86314895c5a2ccca

SHA1
19e6ae1f98fb2aa300178f55dbdc9557b85e1d9d

SHA256
cae873be0d7562b251c53ed398dfeac173979097119502f36fec01fe40ad6a55

SHA512
dd3ea7497d2cece4118df2e4220d83aa4529ed19566eac7eb4c258b234ceb034c0aac5fbcf7d090ee4e1f2c5a24e5f979661a4c6d0864799f960b89a1341a845

Download Submit
C:\Windows\system\XcOdDVT.exe

Filesize
6.0MB

MD5
57b3a85d49814db467e1cf428bcefc90

SHA1
ee596f981fca90dc16d8ee082c8b6ac20fc8905a

SHA256
7cb6bfe44009b2fbd331ff6b6b0c5a14bdb2b64fde3bf218f35c20a78c4a52f3

SHA512
94b290d60da47364502461004ad701f4eec5204e277efc615491c4acdc78dd62eaa32485c53ccaf369d55a9a1e39a8f3659608f744ac3707e5f0bf13028d3f90

Download Submit
C:\Windows\system\ZLfprrR.exe

Filesize
6.0MB

MD5
e78a1e9c0b35e6d9eeadeb5696c2c714

SHA1
96302be2875dcc1ef3ab72c3f70e27fe2369d03f

SHA256
fae634f998aa964aba616bae0c90a53730755b919cc37ad5ab93eb24246d96d0

SHA512
0df30e3f213ce6a78e816399bdd9651b6e50e681b128be586812cf0bdac6da28c2437c891691c6cd6b142f1bbbd7ac647e35d855b7ef79d0c120e9253e740f5d

Download Submit
C:\Windows\system\aMuYaJI.exe

Filesize
6.0MB

MD5
e9da5d62c63604fe372a6e7216fe386b

SHA1
9b6967f524544c6e607342203a5dce7aeb03f295

SHA256
36b42b7abd784a70668141d3e1de9cf49003bccfc0c08f9b8ca88cdcdeaeb1a2

SHA512
e40bfa3632640df12b43b6ab7baa7bf5650c56bb36a987f1395fc8ab6aff60337b228bf32ef33c4de123bca0c9b8289ef20933187566d13e968096abf0ceaa6e

Download Submit
C:\Windows\system\bfqdcGq.exe

Filesize
6.0MB

MD5
2b5b0cf4389da0df283194cf604c40e6

SHA1
4c7841910326bf00cfe4e2a2c68e51ab57b54a31

SHA256
e515dffd2e4fbdd92ccbe1d03e7df80122f29e972725c51ed3a2e7017f9ff80c

SHA512
6c7a28ac53ea675b5f36a72a02070a8b20a531be06a5c981f9bf6a1f3cf168596d28751a079d302090c77eeff715f2f7c4efc6bbbd94fd5e1ab9888b30441e50

Download Submit
C:\Windows\system\dBWbbkV.exe

Filesize
6.0MB

MD5
51a2cc3fa4adf84237e185fd90121fb7

SHA1
6c2c43441b17d72dcc1eb28ddad56013a4df3d87

SHA256
067966a3d7e6abe9fadd38f0325839e4ad3a982450668b660ca688318148d839

SHA512
46d2de811859e68e9b86dd98c21549587d49ddca8d02ce6cd2caf04d237bb070db94cc4c3dd287737f0ddf24107d91c3586d5f286c9e1b9434709d8943dd1fa6

Download Submit
C:\Windows\system\dhSNkqY.exe

Filesize
6.0MB

MD5
d5f1485f785748ef4a2c7c1d7908ac59

SHA1
8ebbd260b312a284d3c5465d2d0722ef55e88dc3

SHA256
450476ea4fa6bd356d073c473f9c7466272a31b7fc5e7a439f33705f29cd088d

SHA512
69336f8213b4618577855d9283c5e694480b0eb82b50f8d8d56c33e151c8007b2fb77a58f0061dd6beaa27b62c02655af62f6146733ad12eb6bb7eac0e7b68c3

Download Submit
C:\Windows\system\gGrjxcw.exe

Filesize
6.0MB

MD5
08f9cfe6b577ddddfa1e3223c69711f5

SHA1
a3765048ab94fb4ab476d2f9ff68a881de31deac

SHA256
31c1615d4639b91d7bd96aadfb4f557116b2fe1025f3c041a0f033855e4fe61d

SHA512
33efe3e236ce7b0ba03ed1ef0900c3e395ccaeed628e483da8bd94626cfd6afbc2bfb73273a2e8b5d5b1416a687ce6379c373c5ed4b3e63720036e6e15181ddb

Download Submit
C:\Windows\system\mIPLShs.exe

Filesize
6.0MB

MD5
768d707b2645563570e7c56f589ddb0f

SHA1
1e3c7a61c1acd8d214ac3db212f8d511ca7f8347

SHA256
1c8c7c604151fe7782ca54fa73976d248f5352bf5d78400aa059bd0f1093d950

SHA512
34adea9eeb6b449983c31372d68ceb9a51e5897f71b4e24be718c37b65af1838ea08b7c585fbf747f659305c17c6b4cd548900a5386531844efaecfc6a990b79

Download Submit
C:\Windows\system\obmndRF.exe

Filesize
6.0MB

MD5
ab195d650a3266d9dffca6bb67474d72

SHA1
7171b290222276684726926cec5ef8e9f37fc9c5

SHA256
6d9bbdb975838d53d0786049f840e4ad98fe16c26922eb14b401df617c432230

SHA512
313035747c111d85104a6bb0488f259a2e21c3b729c8f1a94cb3fec4d9d48f8f5426603e753d9f2465abae1808db8a9f16fb957ae167e2102605e2fc1d2e952d

Download Submit
C:\Windows\system\qiOtLrR.exe

Filesize
6.0MB

MD5
11269f76538eb7c543a3665a6d12b1a7

SHA1
f443c31b4600b3bd620de63414961f5c92a9b343

SHA256
2b2500fe1a480572256bdac321935e0a9150a19bf757b2eac2040050c69203b4

SHA512
f26721d85bbf3009afefd9e7d03addba2d1b825fa996d8ec71473eae0a05a52b52d7259e75ec014c66f6d297532703a3f7884ce8975cc16a4ac942f2434798c7

Download Submit
C:\Windows\system\raHStTa.exe

Filesize
6.0MB

MD5
90e24c939783b80aa11be0c0840848ba

SHA1
5dca35c6e0f1799b30910d690f887dfdafc26667

SHA256
803acbe7022c05715765152614ee1bb96b2bcf9e3a3f4ca883616d1252e3b976

SHA512
a4b8a2ce78b0c65b1fd0617a0736c5c3901c6ef546c49dc1a66452d77e667af41ef531f4fa99cc1f80eff297b3859c98fe3663917ebd2f4f6d16b1f60657a454

Download Submit
C:\Windows\system\uJAUHan.exe

Filesize
6.0MB

MD5
7d1329118841a813bbbbe2188751890b

SHA1
2c1d97005eea49a82f027b776fcb91ddf6cec352

SHA256
c808566d67bf73c206a38681ecbce98afe91c8dd11399a0b7284241a96304af3

SHA512
91be3ec9ddfbfdc2d903d0f91680b43e79490297538c49dbd70406c7ba7840f4b8bb004905c2b17ef8944df45cd641923549e7fc23f5bd94466868201c9a711f

Download Submit
C:\Windows\system\uMnDvFR.exe

Filesize
6.0MB

MD5
0ffc22b727145306039a5f2a30d2e94a

SHA1
bc4d7e6774aca93d20184ce61c8e3d89cec9129e

SHA256
860b1f3e02f20c2bb71adc7847060ee53670638158d499b928fb796a9a6124b5

SHA512
8e8c55b8f640e92343721e38cec43cea1b1532ca28a34d2016dc96a5e9a8f88350c5e664995cb2a49e090c3b1dab8af6a0b6d5fabe8b2f17d648e5c08ba60d68

Download Submit
C:\Windows\system\ucxodIL.exe

Filesize
6.0MB

MD5
f6b00790ac65792ae870244fca9f18db

SHA1
f93203a3b5d3b8959c771c1192655d004d1af011

SHA256
49adf4bb04f1818df0d202c90ee0a9b3f29cc29338d911d84a2a5e0cf6dedacc

SHA512
7e38b5daffe7d2340ba1e616e2be842f6619e6469ffbc2b3e8668dc0fb3db788e03f20501e316f54c5100a7086218e39fb559525c57cabe902518131f2e858e5

Download Submit
C:\Windows\system\vRSOvtc.exe

Filesize
6.0MB

MD5
3f933362cd469974628140c214354082

SHA1
aca11db31c14569012b7933a394f42598a85989c

SHA256
a2f7783ec6054966732c3ac0a0d7c9ee73662b3300286a91a594f996b6aa6441

SHA512
6bb262b76715580560d92216c196881daf8b637d194a6265fdcf10165460f2c7a8c866500d81706ff3ae93e535bf9175b3103994a2c699bcef550ac8f67e7697

Download Submit
C:\Windows\system\ybIRCEY.exe

Filesize
6.0MB

MD5
c45fb4cfa3d04c0a2a5aaf826cfd36a1

SHA1
50d59beabb3429a3983dcf50803e923d50612d97

SHA256
13372ce4aa48665caebade2bf10d98975f23f558e44056b22b917f11ebdb90cf

SHA512
4c4c53c1866c7096c390bd25f136d1921c6b4782e70d668f8cb88338dd56d3e568379cf3c83fac714354d1ec1df14d7e2ca9f1d10dd0deaa912af0fe3424690b

Download Submit
\Windows\system\IieTZWj.exe

Filesize
6.0MB

MD5
5384db64dfc3a9e1c04023be8e461909

SHA1
30b51186385daa126141efcc21e626769b222f4b

SHA256
c4077859962ddc67086a1ef52f990a90fd6132314e3410f4c3d32a769388b905

SHA512
ff283ae201027820553811cadd9881b9f574dfd13fb33a3c3b8fbc1274e0c4b7521e2bac26b80283d655d7437d81017efc4d0d8863d05a27c6fa818b10915fb3

Download Submit
\Windows\system\JdxjxCx.exe

Filesize
6.0MB

MD5
4da539de6ab7d75986b9e49fd18083c2

SHA1
8e3d6a2c0add3ebcf5d11ff88198d985f458e5cc

SHA256
e30546fd6f24d3ad4c9ade5a0504df35d332ffbc312d466da7d80b399ec412d0

SHA512
f90072f705102b9b50e6f5c874e32be402928180d8336e3794c521f621fed13cfb34fe1551dc9904c978c2871a42310c66a86d802707f74e4081318c55ae04c3

Download Submit
\Windows\system\oCwKlFX.exe

Filesize
6.0MB

MD5
961440448109f433f2b53fadac94ba1b

SHA1
8dbeb33a680f78f46790b7e0c66280d6cae0384c

SHA256
08860180f5aa70c172c7638887093b3cb3e01defa4501cf6d4f343143039006d

SHA512
124d94cf8bff9bcf7d86afdfd8a47f4a9c9255d277a1b6d500369ffbcafd0a1ea01e3168cfcec83b383a57a88f08a86e66a961c2ff219e1f7c8472f79d2577db

Download Submit
\Windows\system\qNQcklA.exe

Filesize
6.0MB

MD5
049441b029f5dbeadd258fc6fcc3c8d3

SHA1
db446e20b5889b0a14421f34eed981be9ba229d9

SHA256
d877aa38423a5c3209bb8e479ae24d09c73a315adcc88224f3c5cd76af301359

SHA512
b022d0903cda36beee4b080d2df818d63066327319aa043201f598c1e02cf30154554946195c795c539fd58da60924d9f5a5f21007b984dbfcfddcadac5def20

Download Submit
memory/852-3145-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/852-96-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/852-698-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/1380-80-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/1380-3080-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/1868-3105-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1868-621-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1868-88-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2276-76-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2276-2977-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2288-3092-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2288-85-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2376-697-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2376-3143-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2376-94-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2564-74-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2564-3006-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2596-78-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2596-3028-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2604-79-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-3071-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-56-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2632-75-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2632-620-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2632-454-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-0-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-83-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2632-456-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2632-72-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2632-63-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-1-0x00000000003F0000-0x0000000000400000-memory.dmp

Filesize
64KB

Download
memory/2632-87-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2632-43-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2632-86-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2632-82-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-77-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2632-838-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2632-60-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2632-93-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2632-84-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2656-2984-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-68-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-2983-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-81-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-58-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2696-2986-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2760-3029-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2760-52-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2788-3019-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2788-61-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download