cobaltstrike | cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b

Analysis

max time kernel
138s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20/11/2024, 04:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
Size

6.0MB
MD5

2f05d83af549a37df00dbc6859827052
SHA1

89f9b9b86f6a2a92b7913bb5926ff76203c3a3ea
SHA256

cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b
SHA512

3205954d668ed215bcae18780b0f7a86604543b465b902a4f14056e8eee00fb80586ac523ec8bb21328adbb34a51b8d32c03c348fa6c44337a1cd7ab694f0ec5
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUz:T+q56utgpPF8u/7z

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-6.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001707f-10.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000174b4-16.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000174f8-27.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018697-47.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193dc-102.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019426-110.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e1-130.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952e-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019535-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952b-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019518-146.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019520-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019510-142.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019508-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019502-134.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d5-126.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c3-122.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ad-118.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019428-114.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f9-106.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d0-99.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001939f-75.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019354-66.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019358-64.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018706-59.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192a1-56.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-83.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-72.dat	cobalt_reflective_dll
behavioral1/files/0x000e000000018683-45.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000175f7-40.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000175f1-33.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2932-0-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-6.dat	xmrig
behavioral1/files/0x000800000001707f-10.dat	xmrig
behavioral1/memory/2984-15-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2648-14-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/files/0x00080000000174b4-16.dat	xmrig
behavioral1/memory/2564-22-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/files/0x00080000000174f8-27.dat	xmrig
behavioral1/memory/2788-41-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/files/0x0007000000018697-47.dat	xmrig
behavioral1/files/0x00050000000193dc-102.dat	xmrig
behavioral1/files/0x0005000000019426-110.dat	xmrig
behavioral1/files/0x00050000000194e1-130.dat	xmrig
behavioral1/files/0x000500000001952e-158.dat	xmrig
behavioral1/memory/2200-860-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/2892-788-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2408-735-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/1620-656-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2484-568-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/1856-481-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/1492-394-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/2636-166-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019535-162.dat	xmrig
behavioral1/files/0x000500000001952b-154.dat	xmrig
behavioral1/files/0x0005000000019518-146.dat	xmrig
behavioral1/files/0x0005000000019520-150.dat	xmrig
behavioral1/files/0x0005000000019510-142.dat	xmrig
behavioral1/files/0x0005000000019508-138.dat	xmrig
behavioral1/files/0x0005000000019502-134.dat	xmrig
behavioral1/files/0x00050000000194d5-126.dat	xmrig
behavioral1/files/0x00050000000194c3-122.dat	xmrig
behavioral1/files/0x00050000000194ad-118.dat	xmrig
behavioral1/files/0x0005000000019428-114.dat	xmrig
behavioral1/files/0x00050000000193f9-106.dat	xmrig
behavioral1/files/0x00050000000193d0-99.dat	xmrig
behavioral1/files/0x000500000001939f-75.dat	xmrig
behavioral1/files/0x0005000000019354-66.dat	xmrig
behavioral1/files/0x0005000000019358-64.dat	xmrig
behavioral1/files/0x0007000000018706-59.dat	xmrig
behavioral1/files/0x00050000000192a1-56.dat	xmrig
behavioral1/memory/2468-51-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/2200-94-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/2820-93-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/2892-91-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2408-89-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/1620-87-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2932-86-0x0000000002340000-0x0000000002694000-memory.dmp	xmrig
behavioral1/files/0x00050000000193cc-83.dat	xmrig
behavioral1/memory/1856-74-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/1492-73-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/files/0x000500000001938e-72.dat	xmrig
behavioral1/memory/2932-63-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/2932-55-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/files/0x000e000000018683-45.dat	xmrig
behavioral1/files/0x00070000000175f7-40.dat	xmrig
behavioral1/memory/2636-36-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/2820-35-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/files/0x00070000000175f1-33.dat	xmrig
behavioral1/memory/2984-3262-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2636-3293-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/2564-3342-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/2468-3353-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/2820-3355-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/2648-3357-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2984	MSDFKcl.exe
2648	LZYxSyh.exe
2564	OuAVcKF.exe
2820	yPvEjES.exe
2636	ZhppVzE.exe
2788	PgjmCFv.exe
2468	WyvkBUf.exe
2484	twQoBZP.exe
1492	YDrJYMx.exe
1856	xfIlwFW.exe
1620	UGbidEV.exe
2408	cBkJFCr.exe
2892	SvHQIWb.exe
2200	xgSpWJs.exe
1808	dVYcKcj.exe
2192	FhAEGIj.exe
1848	dWZDbeT.exe
2720	rOrThJa.exe
1368	ZKJXFvS.exe
1932	JVJesCj.exe
1784	oRilXoY.exe
768	juTPzVn.exe
3024	kqYYvpy.exe
2880	qDNHukJ.exe
1788	KPSewAi.exe
2604	XFTLGes.exe
3032	yNByjJm.exe
1520	cThcTeF.exe
2352	WGXgvKC.exe
2016	SZXKBMT.exe
2472	EIwiGBu.exe
2400	CmFROpd.exe
2288	nuhIFaY.exe
2388	fYUAnmI.exe
3016	gaDBqfa.exe
908	QUAuNBF.exe
2364	aqJzlOR.exe
1696	UPgisCE.exe
1536	cDNLjmH.exe
1532	bdYkcZC.exe
600	LiuuFid.exe
2988	rpVPxtk.exe
2724	PZNSXtY.exe
688	wqbzrwi.exe
616	oIemxGr.exe
288	KxDKaYp.exe
1600	HYIRFAq.exe
1508	DsHNIQN.exe
1980	SStvyBF.exe
2996	LJdvZbA.exe
2112	fPQIJPm.exe
568	dyRicMO.exe
1984	GSFrWva.exe
692	JMGVVrz.exe
1456	GTvpshE.exe
1572	tLMGMsS.exe
900	TTbXHAY.exe
896	YywBtAU.exe
1676	CKZGEDQ.exe
2092	hfUhUAy.exe
1652	hvUjfdp.exe
2272	bleDjJt.exe
1780	dNnfKdt.exe
1580	BohmLiz.exe

Loads dropped DLL 64 IoCs

pid	Process
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2932-0-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/files/0x0007000000012117-6.dat	upx
behavioral1/files/0x000800000001707f-10.dat	upx
behavioral1/memory/2984-15-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2648-14-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/files/0x00080000000174b4-16.dat	upx
behavioral1/memory/2564-22-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/files/0x00080000000174f8-27.dat	upx
behavioral1/memory/2788-41-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/files/0x0007000000018697-47.dat	upx
behavioral1/files/0x00050000000193dc-102.dat	upx
behavioral1/files/0x0005000000019426-110.dat	upx
behavioral1/files/0x00050000000194e1-130.dat	upx
behavioral1/files/0x000500000001952e-158.dat	upx
behavioral1/memory/2200-860-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/2892-788-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2408-735-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/1620-656-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2484-568-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/1856-481-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/1492-394-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/2636-166-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/files/0x0005000000019535-162.dat	upx
behavioral1/files/0x000500000001952b-154.dat	upx
behavioral1/files/0x0005000000019518-146.dat	upx
behavioral1/files/0x0005000000019520-150.dat	upx
behavioral1/files/0x0005000000019510-142.dat	upx
behavioral1/files/0x0005000000019508-138.dat	upx
behavioral1/files/0x0005000000019502-134.dat	upx
behavioral1/files/0x00050000000194d5-126.dat	upx
behavioral1/files/0x00050000000194c3-122.dat	upx
behavioral1/files/0x00050000000194ad-118.dat	upx
behavioral1/files/0x0005000000019428-114.dat	upx
behavioral1/files/0x00050000000193f9-106.dat	upx
behavioral1/files/0x00050000000193d0-99.dat	upx
behavioral1/files/0x000500000001939f-75.dat	upx
behavioral1/files/0x0005000000019354-66.dat	upx
behavioral1/files/0x0005000000019358-64.dat	upx
behavioral1/files/0x0007000000018706-59.dat	upx
behavioral1/files/0x00050000000192a1-56.dat	upx
behavioral1/memory/2468-51-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/2200-94-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/2820-93-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/2892-91-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2408-89-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/1620-87-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/files/0x00050000000193cc-83.dat	upx
behavioral1/memory/1856-74-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/1492-73-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/files/0x000500000001938e-72.dat	upx
behavioral1/memory/2932-55-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/files/0x000e000000018683-45.dat	upx
behavioral1/files/0x00070000000175f7-40.dat	upx
behavioral1/memory/2636-36-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/2820-35-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/files/0x00070000000175f1-33.dat	upx
behavioral1/memory/2984-3262-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2636-3293-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/2564-3342-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/2468-3353-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/2820-3355-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/2648-3357-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/1492-3358-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/1856-3361-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\TcIydSZ.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\cPFwzlH.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\bMQwwKE.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\rlJkltz.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\BYrYkGn.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\KVPxeEC.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\jslDFUX.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\BHVhbHt.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\SqIkWup.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\qFTcvAb.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\kFDswOD.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\rpVPxtk.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\faKrIbq.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\zcduxVd.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\NQIbbRD.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\eZjNMwL.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\mViwmVs.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\MRPJUci.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\IwWxpBC.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\yPvEjES.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\vMkqGov.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\mTCqVDZ.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\TxVAxSO.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\QZBPSIX.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\nCDvrsC.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\OBIFERC.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\IuXAtUo.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\HBOrVpn.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\czcdQbx.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\AoFVLKu.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\wOCHyxa.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\vmlAtFQ.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\cVJLOdl.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\TBriKLe.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\SZXKBMT.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\scpHhbe.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\ISSKmWt.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\mkLCGyZ.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\SvHQIWb.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\wEyrSFT.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\VQiWkth.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\apfyNGG.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\gvrfUYn.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\hCsaLQT.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\EDAcoCa.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\BzUGogt.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\vFbXSiv.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\tTPAKhJ.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\ekAJDTG.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\scmfQhY.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\TypGQDu.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\zYddtgM.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\KxDKaYp.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\GSpFQqV.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\NdYBIuD.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\ARrRkQT.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\qfaaWjw.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\myvZfLI.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\tpMrSHP.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\UWNqvmw.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\NRsAwtr.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\KEGnlSG.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\PAcmOZl.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
File created	C:\Windows\System\ZsuWKXT.exe	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 2984	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	30
PID 2932 wrote to memory of 2984	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	30
PID 2932 wrote to memory of 2984	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	30
PID 2932 wrote to memory of 2648	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	31
PID 2932 wrote to memory of 2648	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	31
PID 2932 wrote to memory of 2648	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	31
PID 2932 wrote to memory of 2564	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	32
PID 2932 wrote to memory of 2564	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	32
PID 2932 wrote to memory of 2564	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	32
PID 2932 wrote to memory of 2820	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	33
PID 2932 wrote to memory of 2820	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	33
PID 2932 wrote to memory of 2820	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	33
PID 2932 wrote to memory of 2636	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	34
PID 2932 wrote to memory of 2636	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	34
PID 2932 wrote to memory of 2636	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	34
PID 2932 wrote to memory of 2788	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	35
PID 2932 wrote to memory of 2788	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	35
PID 2932 wrote to memory of 2788	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	35
PID 2932 wrote to memory of 2468	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	36
PID 2932 wrote to memory of 2468	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	36
PID 2932 wrote to memory of 2468	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	36
PID 2932 wrote to memory of 2408	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	37
PID 2932 wrote to memory of 2408	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	37
PID 2932 wrote to memory of 2408	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	37
PID 2932 wrote to memory of 2484	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	38
PID 2932 wrote to memory of 2484	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	38
PID 2932 wrote to memory of 2484	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	38
PID 2932 wrote to memory of 2892	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	39
PID 2932 wrote to memory of 2892	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	39
PID 2932 wrote to memory of 2892	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	39
PID 2932 wrote to memory of 1492	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	40
PID 2932 wrote to memory of 1492	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	40
PID 2932 wrote to memory of 1492	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	40
PID 2932 wrote to memory of 2200	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	41
PID 2932 wrote to memory of 2200	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	41
PID 2932 wrote to memory of 2200	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	41
PID 2932 wrote to memory of 1856	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	42
PID 2932 wrote to memory of 1856	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	42
PID 2932 wrote to memory of 1856	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	42
PID 2932 wrote to memory of 1808	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	43
PID 2932 wrote to memory of 1808	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	43
PID 2932 wrote to memory of 1808	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	43
PID 2932 wrote to memory of 1620	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	44
PID 2932 wrote to memory of 1620	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	44
PID 2932 wrote to memory of 1620	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	44
PID 2932 wrote to memory of 2192	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	45
PID 2932 wrote to memory of 2192	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	45
PID 2932 wrote to memory of 2192	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	45
PID 2932 wrote to memory of 1848	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	46
PID 2932 wrote to memory of 1848	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	46
PID 2932 wrote to memory of 1848	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	46
PID 2932 wrote to memory of 2720	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	47
PID 2932 wrote to memory of 2720	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	47
PID 2932 wrote to memory of 2720	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	47
PID 2932 wrote to memory of 1368	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	48
PID 2932 wrote to memory of 1368	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	48
PID 2932 wrote to memory of 1368	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	48
PID 2932 wrote to memory of 1932	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	49
PID 2932 wrote to memory of 1932	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	49
PID 2932 wrote to memory of 1932	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	49
PID 2932 wrote to memory of 1784	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	50
PID 2932 wrote to memory of 1784	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	50
PID 2932 wrote to memory of 1784	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	50
PID 2932 wrote to memory of 768	2932	cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe	51

C:\Users\Admin\AppData\Local\Temp\cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe
"C:\Users\Admin\AppData\Local\Temp\cffa3e45cbf9766dfcd524508495bb73e6b4defcc4fe3ddad3da479e74b0865b.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Windows\System\MSDFKcl.exe
  C:\Windows\System\MSDFKcl.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\LZYxSyh.exe
  C:\Windows\System\LZYxSyh.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\OuAVcKF.exe
  C:\Windows\System\OuAVcKF.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\yPvEjES.exe
  C:\Windows\System\yPvEjES.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\ZhppVzE.exe
  C:\Windows\System\ZhppVzE.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\PgjmCFv.exe
  C:\Windows\System\PgjmCFv.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\WyvkBUf.exe
  C:\Windows\System\WyvkBUf.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\cBkJFCr.exe
  C:\Windows\System\cBkJFCr.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\twQoBZP.exe
  C:\Windows\System\twQoBZP.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\SvHQIWb.exe
  C:\Windows\System\SvHQIWb.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\YDrJYMx.exe
  C:\Windows\System\YDrJYMx.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\xgSpWJs.exe
  C:\Windows\System\xgSpWJs.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\xfIlwFW.exe
  C:\Windows\System\xfIlwFW.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\dVYcKcj.exe
  C:\Windows\System\dVYcKcj.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\UGbidEV.exe
  C:\Windows\System\UGbidEV.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\FhAEGIj.exe
  C:\Windows\System\FhAEGIj.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\dWZDbeT.exe
  C:\Windows\System\dWZDbeT.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\rOrThJa.exe
  C:\Windows\System\rOrThJa.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\ZKJXFvS.exe
  C:\Windows\System\ZKJXFvS.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\JVJesCj.exe
  C:\Windows\System\JVJesCj.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\oRilXoY.exe
  C:\Windows\System\oRilXoY.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\juTPzVn.exe
  C:\Windows\System\juTPzVn.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\kqYYvpy.exe
  C:\Windows\System\kqYYvpy.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\qDNHukJ.exe
  C:\Windows\System\qDNHukJ.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\KPSewAi.exe
  C:\Windows\System\KPSewAi.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\XFTLGes.exe
  C:\Windows\System\XFTLGes.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\yNByjJm.exe
  C:\Windows\System\yNByjJm.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\cThcTeF.exe
  C:\Windows\System\cThcTeF.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\WGXgvKC.exe
  C:\Windows\System\WGXgvKC.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\SZXKBMT.exe
  C:\Windows\System\SZXKBMT.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\EIwiGBu.exe
  C:\Windows\System\EIwiGBu.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\CmFROpd.exe
  C:\Windows\System\CmFROpd.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\nuhIFaY.exe
  C:\Windows\System\nuhIFaY.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\fYUAnmI.exe
  C:\Windows\System\fYUAnmI.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\gaDBqfa.exe
  C:\Windows\System\gaDBqfa.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\QUAuNBF.exe
  C:\Windows\System\QUAuNBF.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\aqJzlOR.exe
  C:\Windows\System\aqJzlOR.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\UPgisCE.exe
  C:\Windows\System\UPgisCE.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\cDNLjmH.exe
  C:\Windows\System\cDNLjmH.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\bdYkcZC.exe
  C:\Windows\System\bdYkcZC.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\LiuuFid.exe
  C:\Windows\System\LiuuFid.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\rpVPxtk.exe
  C:\Windows\System\rpVPxtk.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\PZNSXtY.exe
  C:\Windows\System\PZNSXtY.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\wqbzrwi.exe
  C:\Windows\System\wqbzrwi.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\oIemxGr.exe
  C:\Windows\System\oIemxGr.exe
  2⤵
  - Executes dropped EXE
  PID:616
- C:\Windows\System\KxDKaYp.exe
  C:\Windows\System\KxDKaYp.exe
  2⤵
  - Executes dropped EXE
  PID:288
- C:\Windows\System\HYIRFAq.exe
  C:\Windows\System\HYIRFAq.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\DsHNIQN.exe
  C:\Windows\System\DsHNIQN.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\SStvyBF.exe
  C:\Windows\System\SStvyBF.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\LJdvZbA.exe
  C:\Windows\System\LJdvZbA.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\fPQIJPm.exe
  C:\Windows\System\fPQIJPm.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\dyRicMO.exe
  C:\Windows\System\dyRicMO.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\GSFrWva.exe
  C:\Windows\System\GSFrWva.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\JMGVVrz.exe
  C:\Windows\System\JMGVVrz.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\GTvpshE.exe
  C:\Windows\System\GTvpshE.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\tLMGMsS.exe
  C:\Windows\System\tLMGMsS.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\TTbXHAY.exe
  C:\Windows\System\TTbXHAY.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\YywBtAU.exe
  C:\Windows\System\YywBtAU.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\CKZGEDQ.exe
  C:\Windows\System\CKZGEDQ.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\hfUhUAy.exe
  C:\Windows\System\hfUhUAy.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\hvUjfdp.exe
  C:\Windows\System\hvUjfdp.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\bleDjJt.exe
  C:\Windows\System\bleDjJt.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\dNnfKdt.exe
  C:\Windows\System\dNnfKdt.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\BohmLiz.exe
  C:\Windows\System\BohmLiz.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\DNYaNeZ.exe
  C:\Windows\System\DNYaNeZ.exe
  2⤵
  PID:3040
- C:\Windows\System\oBZGhUp.exe
  C:\Windows\System\oBZGhUp.exe
  2⤵
  PID:2660
- C:\Windows\System\msZIogB.exe
  C:\Windows\System\msZIogB.exe
  2⤵
  PID:2536
- C:\Windows\System\GkSrhUL.exe
  C:\Windows\System\GkSrhUL.exe
  2⤵
  PID:2672
- C:\Windows\System\eXFTBgw.exe
  C:\Windows\System\eXFTBgw.exe
  2⤵
  PID:2584
- C:\Windows\System\ktaOHdz.exe
  C:\Windows\System\ktaOHdz.exe
  2⤵
  PID:2208
- C:\Windows\System\VPIwNyp.exe
  C:\Windows\System\VPIwNyp.exe
  2⤵
  PID:2440
- C:\Windows\System\ewYDrqF.exe
  C:\Windows\System\ewYDrqF.exe
  2⤵
  PID:1800
- C:\Windows\System\jJLUFWW.exe
  C:\Windows\System\jJLUFWW.exe
  2⤵
  PID:2444
- C:\Windows\System\FXaSfhx.exe
  C:\Windows\System\FXaSfhx.exe
  2⤵
  PID:1936
- C:\Windows\System\CQwMtyR.exe
  C:\Windows\System\CQwMtyR.exe
  2⤵
  PID:2180
- C:\Windows\System\ZKsXssM.exe
  C:\Windows\System\ZKsXssM.exe
  2⤵
  PID:588
- C:\Windows\System\kfOHURF.exe
  C:\Windows\System\kfOHURF.exe
  2⤵
  PID:1060
- C:\Windows\System\czcdQbx.exe
  C:\Windows\System\czcdQbx.exe
  2⤵
  PID:2596
- C:\Windows\System\UIVBgvv.exe
  C:\Windows\System\UIVBgvv.exe
  2⤵
  PID:1992
- C:\Windows\System\rdapoiW.exe
  C:\Windows\System\rdapoiW.exe
  2⤵
  PID:3036
- C:\Windows\System\BOMVPvv.exe
  C:\Windows\System\BOMVPvv.exe
  2⤵
  PID:1512
- C:\Windows\System\BVfTjEt.exe
  C:\Windows\System\BVfTjEt.exe
  2⤵
  PID:2624
- C:\Windows\System\wpLCgZH.exe
  C:\Windows\System\wpLCgZH.exe
  2⤵
  PID:1380
- C:\Windows\System\Xgcgyvl.exe
  C:\Windows\System\Xgcgyvl.exe
  2⤵
  PID:2688
- C:\Windows\System\ulsFohb.exe
  C:\Windows\System\ulsFohb.exe
  2⤵
  PID:2844
- C:\Windows\System\xgQQeMT.exe
  C:\Windows\System\xgQQeMT.exe
  2⤵
  PID:2956
- C:\Windows\System\pdhKKTM.exe
  C:\Windows\System\pdhKKTM.exe
  2⤵
  PID:1104
- C:\Windows\System\ZJxoXZm.exe
  C:\Windows\System\ZJxoXZm.exe
  2⤵
  PID:1944
- C:\Windows\System\fmQvaJa.exe
  C:\Windows\System\fmQvaJa.exe
  2⤵
  PID:2124
- C:\Windows\System\ZoGpVLW.exe
  C:\Windows\System\ZoGpVLW.exe
  2⤵
  PID:1484
- C:\Windows\System\fWtlzKm.exe
  C:\Windows\System\fWtlzKm.exe
  2⤵
  PID:1496
- C:\Windows\System\LjanPtW.exe
  C:\Windows\System\LjanPtW.exe
  2⤵
  PID:1700
- C:\Windows\System\utkFRvJ.exe
  C:\Windows\System\utkFRvJ.exe
  2⤵
  PID:2580
- C:\Windows\System\PwVmNXs.exe
  C:\Windows\System\PwVmNXs.exe
  2⤵
  PID:3124
- C:\Windows\System\KGgHnjz.exe
  C:\Windows\System\KGgHnjz.exe
  2⤵
  PID:3300
- C:\Windows\System\VMdopLb.exe
  C:\Windows\System\VMdopLb.exe
  2⤵
  PID:3320
- C:\Windows\System\bgJpJgx.exe
  C:\Windows\System\bgJpJgx.exe
  2⤵
  PID:3340
- C:\Windows\System\ZsYZMtQ.exe
  C:\Windows\System\ZsYZMtQ.exe
  2⤵
  PID:3356
- C:\Windows\System\BcQkDWe.exe
  C:\Windows\System\BcQkDWe.exe
  2⤵
  PID:3372
- C:\Windows\System\AAZVply.exe
  C:\Windows\System\AAZVply.exe
  2⤵
  PID:3396
- C:\Windows\System\aWmcVBc.exe
  C:\Windows\System\aWmcVBc.exe
  2⤵
  PID:3412
- C:\Windows\System\RHlKGXh.exe
  C:\Windows\System\RHlKGXh.exe
  2⤵
  PID:3432
- C:\Windows\System\WyQYSur.exe
  C:\Windows\System\WyQYSur.exe
  2⤵
  PID:3456
- C:\Windows\System\WExHtio.exe
  C:\Windows\System\WExHtio.exe
  2⤵
  PID:3476
- C:\Windows\System\kBmHUVi.exe
  C:\Windows\System\kBmHUVi.exe
  2⤵
  PID:3492
- C:\Windows\System\xbmIEqh.exe
  C:\Windows\System\xbmIEqh.exe
  2⤵
  PID:3508
- C:\Windows\System\twDIkCv.exe
  C:\Windows\System\twDIkCv.exe
  2⤵
  PID:3528
- C:\Windows\System\CdKeQNM.exe
  C:\Windows\System\CdKeQNM.exe
  2⤵
  PID:3556
- C:\Windows\System\AoQRgvT.exe
  C:\Windows\System\AoQRgvT.exe
  2⤵
  PID:3576
- C:\Windows\System\wUflHsY.exe
  C:\Windows\System\wUflHsY.exe
  2⤵
  PID:3600
- C:\Windows\System\oxRIFuI.exe
  C:\Windows\System\oxRIFuI.exe
  2⤵
  PID:3616
- C:\Windows\System\RqTRutv.exe
  C:\Windows\System\RqTRutv.exe
  2⤵
  PID:3648
- C:\Windows\System\GMrJnGd.exe
  C:\Windows\System\GMrJnGd.exe
  2⤵
  PID:3664
- C:\Windows\System\nBEAcAP.exe
  C:\Windows\System\nBEAcAP.exe
  2⤵
  PID:3688
- C:\Windows\System\QGtljyY.exe
  C:\Windows\System\QGtljyY.exe
  2⤵
  PID:3704
- C:\Windows\System\okbQfSr.exe
  C:\Windows\System\okbQfSr.exe
  2⤵
  PID:3724
- C:\Windows\System\bsBOgsA.exe
  C:\Windows\System\bsBOgsA.exe
  2⤵
  PID:3748
- C:\Windows\System\cluBReO.exe
  C:\Windows\System\cluBReO.exe
  2⤵
  PID:3764
- C:\Windows\System\OXRkFEs.exe
  C:\Windows\System\OXRkFEs.exe
  2⤵
  PID:3788
- C:\Windows\System\JxbRrDc.exe
  C:\Windows\System\JxbRrDc.exe
  2⤵
  PID:3804
- C:\Windows\System\WPCexvc.exe
  C:\Windows\System\WPCexvc.exe
  2⤵
  PID:3824
- C:\Windows\System\xPtGEAe.exe
  C:\Windows\System\xPtGEAe.exe
  2⤵
  PID:3844
- C:\Windows\System\eRkosrT.exe
  C:\Windows\System\eRkosrT.exe
  2⤵
  PID:3868
- C:\Windows\System\WQfqYJI.exe
  C:\Windows\System\WQfqYJI.exe
  2⤵
  PID:3888
- C:\Windows\System\jjRcrYp.exe
  C:\Windows\System\jjRcrYp.exe
  2⤵
  PID:3904
- C:\Windows\System\bCtPnig.exe
  C:\Windows\System\bCtPnig.exe
  2⤵
  PID:3928
- C:\Windows\System\faKrIbq.exe
  C:\Windows\System\faKrIbq.exe
  2⤵
  PID:3948
- C:\Windows\System\cUzAnQM.exe
  C:\Windows\System\cUzAnQM.exe
  2⤵
  PID:3964
- C:\Windows\System\PnXDlAu.exe
  C:\Windows\System\PnXDlAu.exe
  2⤵
  PID:3984
- C:\Windows\System\oiKXVEy.exe
  C:\Windows\System\oiKXVEy.exe
  2⤵
  PID:4008
- C:\Windows\System\wKFTMsC.exe
  C:\Windows\System\wKFTMsC.exe
  2⤵
  PID:4032
- C:\Windows\System\iTyCGwH.exe
  C:\Windows\System\iTyCGwH.exe
  2⤵
  PID:4048
- C:\Windows\System\JuoedKO.exe
  C:\Windows\System\JuoedKO.exe
  2⤵
  PID:4072
- C:\Windows\System\ewqVWOT.exe
  C:\Windows\System\ewqVWOT.exe
  2⤵
  PID:4088
- C:\Windows\System\OvQvTzC.exe
  C:\Windows\System\OvQvTzC.exe
  2⤵
  PID:2264
- C:\Windows\System\GzgTeYE.exe
  C:\Windows\System\GzgTeYE.exe
  2⤵
  PID:2676
- C:\Windows\System\GdnyEzQ.exe
  C:\Windows\System\GdnyEzQ.exe
  2⤵
  PID:2152
- C:\Windows\System\SOBVLJt.exe
  C:\Windows\System\SOBVLJt.exe
  2⤵
  PID:2976
- C:\Windows\System\QtYNfiq.exe
  C:\Windows\System\QtYNfiq.exe
  2⤵
  PID:2244
- C:\Windows\System\WzgHMHc.exe
  C:\Windows\System\WzgHMHc.exe
  2⤵
  PID:2372
- C:\Windows\System\xfjmNWD.exe
  C:\Windows\System\xfjmNWD.exe
  2⤵
  PID:1088
- C:\Windows\System\AjpiwFG.exe
  C:\Windows\System\AjpiwFG.exe
  2⤵
  PID:2948
- C:\Windows\System\inggqyt.exe
  C:\Windows\System\inggqyt.exe
  2⤵
  PID:304
- C:\Windows\System\ppwHGGo.exe
  C:\Windows\System\ppwHGGo.exe
  2⤵
  PID:3080
- C:\Windows\System\qoRvKwT.exe
  C:\Windows\System\qoRvKwT.exe
  2⤵
  PID:3104
- C:\Windows\System\Dkqpxai.exe
  C:\Windows\System\Dkqpxai.exe
  2⤵
  PID:3120
- C:\Windows\System\icInsFG.exe
  C:\Windows\System\icInsFG.exe
  2⤵
  PID:1040
- C:\Windows\System\LyJqjlK.exe
  C:\Windows\System\LyJqjlK.exe
  2⤵
  PID:2172
- C:\Windows\System\SuJjyMY.exe
  C:\Windows\System\SuJjyMY.exe
  2⤵
  PID:1712
- C:\Windows\System\AULkTIp.exe
  C:\Windows\System\AULkTIp.exe
  2⤵
  PID:2704
- C:\Windows\System\kyYaroy.exe
  C:\Windows\System\kyYaroy.exe
  2⤵
  PID:1132
- C:\Windows\System\LbAzAFt.exe
  C:\Windows\System\LbAzAFt.exe
  2⤵
  PID:3308
- C:\Windows\System\UnwYvic.exe
  C:\Windows\System\UnwYvic.exe
  2⤵
  PID:3380
- C:\Windows\System\AoFVLKu.exe
  C:\Windows\System\AoFVLKu.exe
  2⤵
  PID:3428
- C:\Windows\System\PLdmQVI.exe
  C:\Windows\System\PLdmQVI.exe
  2⤵
  PID:3144
- C:\Windows\System\CpJdmAa.exe
  C:\Windows\System\CpJdmAa.exe
  2⤵
  PID:3168
- C:\Windows\System\tQFgAuZ.exe
  C:\Windows\System\tQFgAuZ.exe
  2⤵
  PID:3188
- C:\Windows\System\Vyuosap.exe
  C:\Windows\System\Vyuosap.exe
  2⤵
  PID:3216
- C:\Windows\System\xySiCdr.exe
  C:\Windows\System\xySiCdr.exe
  2⤵
  PID:3232
- C:\Windows\System\fSVZBga.exe
  C:\Windows\System\fSVZBga.exe
  2⤵
  PID:3256
- C:\Windows\System\HRepTCJ.exe
  C:\Windows\System\HRepTCJ.exe
  2⤵
  PID:3268
- C:\Windows\System\ONNcaHK.exe
  C:\Windows\System\ONNcaHK.exe
  2⤵
  PID:3296
- C:\Windows\System\ArMwyzV.exe
  C:\Windows\System\ArMwyzV.exe
  2⤵
  PID:3336
- C:\Windows\System\ImdXwqq.exe
  C:\Windows\System\ImdXwqq.exe
  2⤵
  PID:3500
- C:\Windows\System\ELPianF.exe
  C:\Windows\System\ELPianF.exe
  2⤵
  PID:3548
- C:\Windows\System\PNUtjXM.exe
  C:\Windows\System\PNUtjXM.exe
  2⤵
  PID:3440
- C:\Windows\System\EDAcoCa.exe
  C:\Windows\System\EDAcoCa.exe
  2⤵
  PID:3588
- C:\Windows\System\AfoPLho.exe
  C:\Windows\System\AfoPLho.exe
  2⤵
  PID:3632
- C:\Windows\System\SZPjVcO.exe
  C:\Windows\System\SZPjVcO.exe
  2⤵
  PID:3628
- C:\Windows\System\qgDGEuI.exe
  C:\Windows\System\qgDGEuI.exe
  2⤵
  PID:3568
- C:\Windows\System\qSRXGun.exe
  C:\Windows\System\qSRXGun.exe
  2⤵
  PID:3712
- C:\Windows\System\WDusbPu.exe
  C:\Windows\System\WDusbPu.exe
  2⤵
  PID:3760
- C:\Windows\System\LMFpnKV.exe
  C:\Windows\System\LMFpnKV.exe
  2⤵
  PID:3876
- C:\Windows\System\mupzHVT.exe
  C:\Windows\System\mupzHVT.exe
  2⤵
  PID:3912
- C:\Windows\System\mMDCFdy.exe
  C:\Windows\System\mMDCFdy.exe
  2⤵
  PID:3956
- C:\Windows\System\SonyJMT.exe
  C:\Windows\System\SonyJMT.exe
  2⤵
  PID:3700
- C:\Windows\System\ERbmXDI.exe
  C:\Windows\System\ERbmXDI.exe
  2⤵
  PID:3732
- C:\Windows\System\NQQKYCt.exe
  C:\Windows\System\NQQKYCt.exe
  2⤵
  PID:4044
- C:\Windows\System\jGXCBHg.exe
  C:\Windows\System\jGXCBHg.exe
  2⤵
  PID:2696
- C:\Windows\System\QxWxprc.exe
  C:\Windows\System\QxWxprc.exe
  2⤵
  PID:3812
- C:\Windows\System\ePXHmmT.exe
  C:\Windows\System\ePXHmmT.exe
  2⤵
  PID:3896
- C:\Windows\System\ikDxEyZ.exe
  C:\Windows\System\ikDxEyZ.exe
  2⤵
  PID:3976
- C:\Windows\System\DSkKVkP.exe
  C:\Windows\System\DSkKVkP.exe
  2⤵
  PID:4028
- C:\Windows\System\IbqYCHj.exe
  C:\Windows\System\IbqYCHj.exe
  2⤵
  PID:3076
- C:\Windows\System\hdbwhWt.exe
  C:\Windows\System\hdbwhWt.exe
  2⤵
  PID:3116
- C:\Windows\System\spekjXh.exe
  C:\Windows\System\spekjXh.exe
  2⤵
  PID:1688
- C:\Windows\System\tkVXxEo.exe
  C:\Windows\System\tkVXxEo.exe
  2⤵
  PID:864
- C:\Windows\System\fzfKWii.exe
  C:\Windows\System\fzfKWii.exe
  2⤵
  PID:4056
- C:\Windows\System\fSpDJUC.exe
  C:\Windows\System\fSpDJUC.exe
  2⤵
  PID:1068
- C:\Windows\System\DErblvf.exe
  C:\Windows\System\DErblvf.exe
  2⤵
  PID:3096
- C:\Windows\System\GSPatdj.exe
  C:\Windows\System\GSPatdj.exe
  2⤵
  PID:1776
- C:\Windows\System\hMkvvIC.exe
  C:\Windows\System\hMkvvIC.exe
  2⤵
  PID:3420
- C:\Windows\System\zevHtCS.exe
  C:\Windows\System\zevHtCS.exe
  2⤵
  PID:3160
- C:\Windows\System\quiCZah.exe
  C:\Windows\System\quiCZah.exe
  2⤵
  PID:564
- C:\Windows\System\xZBkhjS.exe
  C:\Windows\System\xZBkhjS.exe
  2⤵
  PID:3312
- C:\Windows\System\nlIkqFP.exe
  C:\Windows\System\nlIkqFP.exe
  2⤵
  PID:3252
- C:\Windows\System\fJrXCXi.exe
  C:\Windows\System\fJrXCXi.exe
  2⤵
  PID:3364
- C:\Windows\System\sqYghOj.exe
  C:\Windows\System\sqYghOj.exe
  2⤵
  PID:3136
- C:\Windows\System\expcsVj.exe
  C:\Windows\System\expcsVj.exe
  2⤵
  PID:3572
- C:\Windows\System\YjUPKhZ.exe
  C:\Windows\System\YjUPKhZ.exe
  2⤵
  PID:3676
- C:\Windows\System\qOFEtYD.exe
  C:\Windows\System\qOFEtYD.exe
  2⤵
  PID:3608
- C:\Windows\System\uOUlfkG.exe
  C:\Windows\System\uOUlfkG.exe
  2⤵
  PID:3328
- C:\Windows\System\rBvWhBR.exe
  C:\Windows\System\rBvWhBR.exe
  2⤵
  PID:3540
- C:\Windows\System\USNHXvA.exe
  C:\Windows\System\USNHXvA.exe
  2⤵
  PID:3448
- C:\Windows\System\JQNmCCx.exe
  C:\Windows\System\JQNmCCx.exe
  2⤵
  PID:3640
- C:\Windows\System\ZdQRPIL.exe
  C:\Windows\System\ZdQRPIL.exe
  2⤵
  PID:3776
- C:\Windows\System\UdxuiBy.exe
  C:\Windows\System\UdxuiBy.exe
  2⤵
  PID:3800
- C:\Windows\System\MVVTtQK.exe
  C:\Windows\System\MVVTtQK.exe
  2⤵
  PID:3860
- C:\Windows\System\Mosrbxm.exe
  C:\Windows\System\Mosrbxm.exe
  2⤵
  PID:1584
- C:\Windows\System\rcxLbWs.exe
  C:\Windows\System\rcxLbWs.exe
  2⤵
  PID:3936
- C:\Windows\System\LvZJFrn.exe
  C:\Windows\System\LvZJFrn.exe
  2⤵
  PID:2304
- C:\Windows\System\vFbXSiv.exe
  C:\Windows\System\vFbXSiv.exe
  2⤵
  PID:4060
- C:\Windows\System\kLZywqS.exe
  C:\Windows\System\kLZywqS.exe
  2⤵
  PID:3088
- C:\Windows\System\fNnffQE.exe
  C:\Windows\System\fNnffQE.exe
  2⤵
  PID:4064
- C:\Windows\System\vusOWuP.exe
  C:\Windows\System\vusOWuP.exe
  2⤵
  PID:1672
- C:\Windows\System\fiaTeKR.exe
  C:\Windows\System\fiaTeKR.exe
  2⤵
  PID:3092
- C:\Windows\System\eJKbHDO.exe
  C:\Windows\System\eJKbHDO.exe
  2⤵
  PID:1940
- C:\Windows\System\rjzhnHU.exe
  C:\Windows\System\rjzhnHU.exe
  2⤵
  PID:3156
- C:\Windows\System\xctXpiE.exe
  C:\Windows\System\xctXpiE.exe
  2⤵
  PID:3244
- C:\Windows\System\mWWzbTF.exe
  C:\Windows\System\mWWzbTF.exe
  2⤵
  PID:1724
- C:\Windows\System\PsRnwAv.exe
  C:\Windows\System\PsRnwAv.exe
  2⤵
  PID:3180
- C:\Windows\System\sSUZipa.exe
  C:\Windows\System\sSUZipa.exe
  2⤵
  PID:3284
- C:\Windows\System\kltVMTU.exe
  C:\Windows\System\kltVMTU.exe
  2⤵
  PID:3264
- C:\Windows\System\HoErtHD.exe
  C:\Windows\System\HoErtHD.exe
  2⤵
  PID:3516
- C:\Windows\System\rfBIgYx.exe
  C:\Windows\System\rfBIgYx.exe
  2⤵
  PID:3884
- C:\Windows\System\ylFPViO.exe
  C:\Windows\System\ylFPViO.exe
  2⤵
  PID:3996
- C:\Windows\System\WNsFJDZ.exe
  C:\Windows\System\WNsFJDZ.exe
  2⤵
  PID:3820
- C:\Windows\System\NjxVUqO.exe
  C:\Windows\System\NjxVUqO.exe
  2⤵
  PID:3992
- C:\Windows\System\eHLZfjs.exe
  C:\Windows\System\eHLZfjs.exe
  2⤵
  PID:3940
- C:\Windows\System\VZtvzwk.exe
  C:\Windows\System\VZtvzwk.exe
  2⤵
  PID:3856
- C:\Windows\System\QGSjwRV.exe
  C:\Windows\System\QGSjwRV.exe
  2⤵
  PID:2548
- C:\Windows\System\kOsExWi.exe
  C:\Windows\System\kOsExWi.exe
  2⤵
  PID:3408
- C:\Windows\System\IgKumoK.exe
  C:\Windows\System\IgKumoK.exe
  2⤵
  PID:920
- C:\Windows\System\JGXEJYQ.exe
  C:\Windows\System\JGXEJYQ.exe
  2⤵
  PID:3468
- C:\Windows\System\lVfPgzl.exe
  C:\Windows\System\lVfPgzl.exe
  2⤵
  PID:3552
- C:\Windows\System\mzsJRwb.exe
  C:\Windows\System\mzsJRwb.exe
  2⤵
  PID:4100
- C:\Windows\System\QVWKDjU.exe
  C:\Windows\System\QVWKDjU.exe
  2⤵
  PID:4116
- C:\Windows\System\pFUkFie.exe
  C:\Windows\System\pFUkFie.exe
  2⤵
  PID:4144
- C:\Windows\System\ppuMusX.exe
  C:\Windows\System\ppuMusX.exe
  2⤵
  PID:4160
- C:\Windows\System\NCqIIJp.exe
  C:\Windows\System\NCqIIJp.exe
  2⤵
  PID:4184
- C:\Windows\System\qYBatAj.exe
  C:\Windows\System\qYBatAj.exe
  2⤵
  PID:4204
- C:\Windows\System\XHHUZrc.exe
  C:\Windows\System\XHHUZrc.exe
  2⤵
  PID:4224
- C:\Windows\System\pxDUMKC.exe
  C:\Windows\System\pxDUMKC.exe
  2⤵
  PID:4244
- C:\Windows\System\owDiCNF.exe
  C:\Windows\System\owDiCNF.exe
  2⤵
  PID:4264
- C:\Windows\System\kZSUoTA.exe
  C:\Windows\System\kZSUoTA.exe
  2⤵
  PID:4284
- C:\Windows\System\CdeUJVf.exe
  C:\Windows\System\CdeUJVf.exe
  2⤵
  PID:4304
- C:\Windows\System\IiqHgIi.exe
  C:\Windows\System\IiqHgIi.exe
  2⤵
  PID:4324
- C:\Windows\System\SqIkWup.exe
  C:\Windows\System\SqIkWup.exe
  2⤵
  PID:4344
- C:\Windows\System\WhlpMeV.exe
  C:\Windows\System\WhlpMeV.exe
  2⤵
  PID:4364
- C:\Windows\System\GTOwLzB.exe
  C:\Windows\System\GTOwLzB.exe
  2⤵
  PID:4384
- C:\Windows\System\bTTPXhv.exe
  C:\Windows\System\bTTPXhv.exe
  2⤵
  PID:4404
- C:\Windows\System\RpEZecX.exe
  C:\Windows\System\RpEZecX.exe
  2⤵
  PID:4424
- C:\Windows\System\qZZknyd.exe
  C:\Windows\System\qZZknyd.exe
  2⤵
  PID:4440
- C:\Windows\System\ElyCacC.exe
  C:\Windows\System\ElyCacC.exe
  2⤵
  PID:4468
- C:\Windows\System\mzVkAzD.exe
  C:\Windows\System\mzVkAzD.exe
  2⤵
  PID:4488
- C:\Windows\System\dgJHnJe.exe
  C:\Windows\System\dgJHnJe.exe
  2⤵
  PID:4508
- C:\Windows\System\UwJNjsO.exe
  C:\Windows\System\UwJNjsO.exe
  2⤵
  PID:4528
- C:\Windows\System\bDdrWWZ.exe
  C:\Windows\System\bDdrWWZ.exe
  2⤵
  PID:4552
- C:\Windows\System\UbdVqza.exe
  C:\Windows\System\UbdVqza.exe
  2⤵
  PID:4572
- C:\Windows\System\IYkpcCm.exe
  C:\Windows\System\IYkpcCm.exe
  2⤵
  PID:4592
- C:\Windows\System\cblcIeb.exe
  C:\Windows\System\cblcIeb.exe
  2⤵
  PID:4608
- C:\Windows\System\vBXJSDi.exe
  C:\Windows\System\vBXJSDi.exe
  2⤵
  PID:4632
- C:\Windows\System\EhXlDDs.exe
  C:\Windows\System\EhXlDDs.exe
  2⤵
  PID:4652
- C:\Windows\System\myvZfLI.exe
  C:\Windows\System\myvZfLI.exe
  2⤵
  PID:4672
- C:\Windows\System\GSpFQqV.exe
  C:\Windows\System\GSpFQqV.exe
  2⤵
  PID:4692
- C:\Windows\System\BKmnENF.exe
  C:\Windows\System\BKmnENF.exe
  2⤵
  PID:4712
- C:\Windows\System\qvTVzBu.exe
  C:\Windows\System\qvTVzBu.exe
  2⤵
  PID:4732
- C:\Windows\System\qzMyIOL.exe
  C:\Windows\System\qzMyIOL.exe
  2⤵
  PID:4752
- C:\Windows\System\Qkugswq.exe
  C:\Windows\System\Qkugswq.exe
  2⤵
  PID:4772
- C:\Windows\System\eFcYdDj.exe
  C:\Windows\System\eFcYdDj.exe
  2⤵
  PID:4792
- C:\Windows\System\PVrzFcX.exe
  C:\Windows\System\PVrzFcX.exe
  2⤵
  PID:4812
- C:\Windows\System\fhewVsT.exe
  C:\Windows\System\fhewVsT.exe
  2⤵
  PID:4832
- C:\Windows\System\iiMjTeM.exe
  C:\Windows\System\iiMjTeM.exe
  2⤵
  PID:4852
- C:\Windows\System\hTkCrXM.exe
  C:\Windows\System\hTkCrXM.exe
  2⤵
  PID:4872
- C:\Windows\System\erdQLjh.exe
  C:\Windows\System\erdQLjh.exe
  2⤵
  PID:4892
- C:\Windows\System\vzfSYYz.exe
  C:\Windows\System\vzfSYYz.exe
  2⤵
  PID:4912
- C:\Windows\System\mvdlHpK.exe
  C:\Windows\System\mvdlHpK.exe
  2⤵
  PID:4932
- C:\Windows\System\nJgiVnK.exe
  C:\Windows\System\nJgiVnK.exe
  2⤵
  PID:4952
- C:\Windows\System\vLOpkoM.exe
  C:\Windows\System\vLOpkoM.exe
  2⤵
  PID:4968
- C:\Windows\System\yEAYUav.exe
  C:\Windows\System\yEAYUav.exe
  2⤵
  PID:4984
- C:\Windows\System\oHhqZZs.exe
  C:\Windows\System\oHhqZZs.exe
  2⤵
  PID:5000
- C:\Windows\System\AvlbnGc.exe
  C:\Windows\System\AvlbnGc.exe
  2⤵
  PID:5016
- C:\Windows\System\jNAuHxJ.exe
  C:\Windows\System\jNAuHxJ.exe
  2⤵
  PID:5032
- C:\Windows\System\iAxzXvw.exe
  C:\Windows\System\iAxzXvw.exe
  2⤵
  PID:5048
- C:\Windows\System\XzVwgwT.exe
  C:\Windows\System\XzVwgwT.exe
  2⤵
  PID:5064
- C:\Windows\System\PUASygy.exe
  C:\Windows\System\PUASygy.exe
  2⤵
  PID:5080
- C:\Windows\System\gVSzpZc.exe
  C:\Windows\System\gVSzpZc.exe
  2⤵
  PID:5116
- C:\Windows\System\GOLSSoK.exe
  C:\Windows\System\GOLSSoK.exe
  2⤵
  PID:1656
- C:\Windows\System\JsiSHjl.exe
  C:\Windows\System\JsiSHjl.exe
  2⤵
  PID:3864
- C:\Windows\System\oSAAhrX.exe
  C:\Windows\System\oSAAhrX.exe
  2⤵
  PID:2128
- C:\Windows\System\rfTQMky.exe
  C:\Windows\System\rfTQMky.exe
  2⤵
  PID:3184
- C:\Windows\System\nhHBQjR.exe
  C:\Windows\System\nhHBQjR.exe
  2⤵
  PID:3392
- C:\Windows\System\uUvdJBE.exe
  C:\Windows\System\uUvdJBE.exe
  2⤵
  PID:3840
- C:\Windows\System\gwXAhpP.exe
  C:\Windows\System\gwXAhpP.exe
  2⤵
  PID:4124
- C:\Windows\System\TrheXhY.exe
  C:\Windows\System\TrheXhY.exe
  2⤵
  PID:4112
- C:\Windows\System\aqHCrep.exe
  C:\Windows\System\aqHCrep.exe
  2⤵
  PID:4180
- C:\Windows\System\mIfJBjm.exe
  C:\Windows\System\mIfJBjm.exe
  2⤵
  PID:4200
- C:\Windows\System\TovVmAS.exe
  C:\Windows\System\TovVmAS.exe
  2⤵
  PID:4260
- C:\Windows\System\nJYAHnF.exe
  C:\Windows\System\nJYAHnF.exe
  2⤵
  PID:4292
- C:\Windows\System\qRQFeJY.exe
  C:\Windows\System\qRQFeJY.exe
  2⤵
  PID:2220
- C:\Windows\System\IFDEPuB.exe
  C:\Windows\System\IFDEPuB.exe
  2⤵
  PID:2256
- C:\Windows\System\AGKBubY.exe
  C:\Windows\System\AGKBubY.exe
  2⤵
  PID:4336
- C:\Windows\System\QsEdvks.exe
  C:\Windows\System\QsEdvks.exe
  2⤵
  PID:4372
- C:\Windows\System\OoFTABo.exe
  C:\Windows\System\OoFTABo.exe
  2⤵
  PID:4412
- C:\Windows\System\MxgJbZO.exe
  C:\Windows\System\MxgJbZO.exe
  2⤵
  PID:4456
- C:\Windows\System\rvdwjGR.exe
  C:\Windows\System\rvdwjGR.exe
  2⤵
  PID:4476
- C:\Windows\System\xYgUYPt.exe
  C:\Windows\System\xYgUYPt.exe
  2⤵
  PID:4500
- C:\Windows\System\lFOZFvx.exe
  C:\Windows\System\lFOZFvx.exe
  2⤵
  PID:4548
- C:\Windows\System\JwUGsRD.exe
  C:\Windows\System\JwUGsRD.exe
  2⤵
  PID:4564
- C:\Windows\System\mPKCVxZ.exe
  C:\Windows\System\mPKCVxZ.exe
  2⤵
  PID:4600
- C:\Windows\System\SxUrqcB.exe
  C:\Windows\System\SxUrqcB.exe
  2⤵
  PID:4648
- C:\Windows\System\bAWyTvz.exe
  C:\Windows\System\bAWyTvz.exe
  2⤵
  PID:4700
- C:\Windows\System\yvpmKFB.exe
  C:\Windows\System\yvpmKFB.exe
  2⤵
  PID:4748
- C:\Windows\System\qFFQnFr.exe
  C:\Windows\System\qFFQnFr.exe
  2⤵
  PID:4680
- C:\Windows\System\YKYRFjv.exe
  C:\Windows\System\YKYRFjv.exe
  2⤵
  PID:4820
- C:\Windows\System\soTrepU.exe
  C:\Windows\System\soTrepU.exe
  2⤵
  PID:4800
- C:\Windows\System\cJtRhjh.exe
  C:\Windows\System\cJtRhjh.exe
  2⤵
  PID:4868
- C:\Windows\System\VcCgNBQ.exe
  C:\Windows\System\VcCgNBQ.exe
  2⤵
  PID:4904
- C:\Windows\System\WTMeaZn.exe
  C:\Windows\System\WTMeaZn.exe
  2⤵
  PID:4940
- C:\Windows\System\TVWBMNk.exe
  C:\Windows\System\TVWBMNk.exe
  2⤵
  PID:4976
- C:\Windows\System\KboToTl.exe
  C:\Windows\System\KboToTl.exe
  2⤵
  PID:5040
- C:\Windows\System\iXdEwFA.exe
  C:\Windows\System\iXdEwFA.exe
  2⤵
  PID:4924
- C:\Windows\System\uRUoASN.exe
  C:\Windows\System\uRUoASN.exe
  2⤵
  PID:4964
- C:\Windows\System\amNZhqe.exe
  C:\Windows\System\amNZhqe.exe
  2⤵
  PID:3484
- C:\Windows\System\nCDvrsC.exe
  C:\Windows\System\nCDvrsC.exe
  2⤵
  PID:5092
- C:\Windows\System\CKQCxYZ.exe
  C:\Windows\System\CKQCxYZ.exe
  2⤵
  PID:5112
- C:\Windows\System\CffNKJd.exe
  C:\Windows\System\CffNKJd.exe
  2⤵
  PID:5056
- C:\Windows\System\qmSkMjU.exe
  C:\Windows\System\qmSkMjU.exe
  2⤵
  PID:3152
- C:\Windows\System\nzfNPPK.exe
  C:\Windows\System\nzfNPPK.exe
  2⤵
  PID:2516
- C:\Windows\System\KifSqEa.exe
  C:\Windows\System\KifSqEa.exe
  2⤵
  PID:3680
- C:\Windows\System\jsqIbAc.exe
  C:\Windows\System\jsqIbAc.exe
  2⤵
  PID:3352
- C:\Windows\System\piorcqK.exe
  C:\Windows\System\piorcqK.exe
  2⤵
  PID:4108
- C:\Windows\System\dZLWHlD.exe
  C:\Windows\System\dZLWHlD.exe
  2⤵
  PID:4156
- C:\Windows\System\bAOSFOT.exe
  C:\Windows\System\bAOSFOT.exe
  2⤵
  PID:4296
- C:\Windows\System\nUfkLvU.exe
  C:\Windows\System\nUfkLvU.exe
  2⤵
  PID:4320
- C:\Windows\System\EealBDB.exe
  C:\Windows\System\EealBDB.exe
  2⤵
  PID:4436
- C:\Windows\System\AWSdVkr.exe
  C:\Windows\System\AWSdVkr.exe
  2⤵
  PID:4340
- C:\Windows\System\HrSTmTa.exe
  C:\Windows\System\HrSTmTa.exe
  2⤵
  PID:4784
- C:\Windows\System\HamURRx.exe
  C:\Windows\System\HamURRx.exe
  2⤵
  PID:4764
- C:\Windows\System\YrxdBKz.exe
  C:\Windows\System\YrxdBKz.exe
  2⤵
  PID:4416
- C:\Windows\System\BoJKPHj.exe
  C:\Windows\System\BoJKPHj.exe
  2⤵
  PID:4504
- C:\Windows\System\oPsvLfI.exe
  C:\Windows\System\oPsvLfI.exe
  2⤵
  PID:4604
- C:\Windows\System\ffRKxSw.exe
  C:\Windows\System\ffRKxSw.exe
  2⤵
  PID:4948
- C:\Windows\System\kDKmbUG.exe
  C:\Windows\System\kDKmbUG.exe
  2⤵
  PID:5100
- C:\Windows\System\XGmIWLS.exe
  C:\Windows\System\XGmIWLS.exe
  2⤵
  PID:4740
- C:\Windows\System\YbjGwkJ.exe
  C:\Windows\System\YbjGwkJ.exe
  2⤵
  PID:4684
- C:\Windows\System\mCHWZuE.exe
  C:\Windows\System\mCHWZuE.exe
  2⤵
  PID:3524
- C:\Windows\System\PNUPyzT.exe
  C:\Windows\System\PNUPyzT.exe
  2⤵
  PID:5008
- C:\Windows\System\ujFettc.exe
  C:\Windows\System\ujFettc.exe
  2⤵
  PID:4140
- C:\Windows\System\XwpFAXK.exe
  C:\Windows\System\XwpFAXK.exe
  2⤵
  PID:5076
- C:\Windows\System\wcUIoDn.exe
  C:\Windows\System\wcUIoDn.exe
  2⤵
  PID:5088
- C:\Windows\System\kEmObbD.exe
  C:\Windows\System\kEmObbD.exe
  2⤵
  PID:5132
- C:\Windows\System\rSckJts.exe
  C:\Windows\System\rSckJts.exe
  2⤵
  PID:5152
- C:\Windows\System\VzDmlDe.exe
  C:\Windows\System\VzDmlDe.exe
  2⤵
  PID:5172
- C:\Windows\System\mWqblwy.exe
  C:\Windows\System\mWqblwy.exe
  2⤵
  PID:5192
- C:\Windows\System\BWrNCoU.exe
  C:\Windows\System\BWrNCoU.exe
  2⤵
  PID:5212
- C:\Windows\System\wNbCoBW.exe
  C:\Windows\System\wNbCoBW.exe
  2⤵
  PID:5232
- C:\Windows\System\wBKIqih.exe
  C:\Windows\System\wBKIqih.exe
  2⤵
  PID:5252
- C:\Windows\System\wmmcIBC.exe
  C:\Windows\System\wmmcIBC.exe
  2⤵
  PID:5272
- C:\Windows\System\ARGqLfe.exe
  C:\Windows\System\ARGqLfe.exe
  2⤵
  PID:5292
- C:\Windows\System\ljJvmjW.exe
  C:\Windows\System\ljJvmjW.exe
  2⤵
  PID:5308
- C:\Windows\System\riCWAql.exe
  C:\Windows\System\riCWAql.exe
  2⤵
  PID:5332
- C:\Windows\System\DYQWWVG.exe
  C:\Windows\System\DYQWWVG.exe
  2⤵
  PID:5348
- C:\Windows\System\rhNcBrd.exe
  C:\Windows\System\rhNcBrd.exe
  2⤵
  PID:5372
- C:\Windows\System\XCMDYMc.exe
  C:\Windows\System\XCMDYMc.exe
  2⤵
  PID:5396
- C:\Windows\System\MegUpZi.exe
  C:\Windows\System\MegUpZi.exe
  2⤵
  PID:5416
- C:\Windows\System\nhOBiLU.exe
  C:\Windows\System\nhOBiLU.exe
  2⤵
  PID:5432
- C:\Windows\System\DyDXhSx.exe
  C:\Windows\System\DyDXhSx.exe
  2⤵
  PID:5456
- C:\Windows\System\LZcbijQ.exe
  C:\Windows\System\LZcbijQ.exe
  2⤵
  PID:5476
- C:\Windows\System\pPTSxbX.exe
  C:\Windows\System\pPTSxbX.exe
  2⤵
  PID:5496
- C:\Windows\System\wYTBleh.exe
  C:\Windows\System\wYTBleh.exe
  2⤵
  PID:5516
- C:\Windows\System\qEyEzJV.exe
  C:\Windows\System\qEyEzJV.exe
  2⤵
  PID:5536
- C:\Windows\System\YftCMOj.exe
  C:\Windows\System\YftCMOj.exe
  2⤵
  PID:5552
- C:\Windows\System\vNdTPFH.exe
  C:\Windows\System\vNdTPFH.exe
  2⤵
  PID:5572
- C:\Windows\System\RlpDqIP.exe
  C:\Windows\System\RlpDqIP.exe
  2⤵
  PID:5596
- C:\Windows\System\xbYEJSw.exe
  C:\Windows\System\xbYEJSw.exe
  2⤵
  PID:5616
- C:\Windows\System\QjrlOdY.exe
  C:\Windows\System\QjrlOdY.exe
  2⤵
  PID:5632
- C:\Windows\System\ezJxUOL.exe
  C:\Windows\System\ezJxUOL.exe
  2⤵
  PID:5656
- C:\Windows\System\PRMXkvk.exe
  C:\Windows\System\PRMXkvk.exe
  2⤵
  PID:5676
- C:\Windows\System\bGogIjV.exe
  C:\Windows\System\bGogIjV.exe
  2⤵
  PID:5696
- C:\Windows\System\oRkjIGD.exe
  C:\Windows\System\oRkjIGD.exe
  2⤵
  PID:5716
- C:\Windows\System\bJQJfCu.exe
  C:\Windows\System\bJQJfCu.exe
  2⤵
  PID:5736
- C:\Windows\System\jwmqvQS.exe
  C:\Windows\System\jwmqvQS.exe
  2⤵
  PID:5756
- C:\Windows\System\gdeDKLz.exe
  C:\Windows\System\gdeDKLz.exe
  2⤵
  PID:5776
- C:\Windows\System\kxaAflB.exe
  C:\Windows\System\kxaAflB.exe
  2⤵
  PID:5796
- C:\Windows\System\NsACitj.exe
  C:\Windows\System\NsACitj.exe
  2⤵
  PID:5816
- C:\Windows\System\vcjAmfJ.exe
  C:\Windows\System\vcjAmfJ.exe
  2⤵
  PID:5836
- C:\Windows\System\JhbJsfY.exe
  C:\Windows\System\JhbJsfY.exe
  2⤵
  PID:5856
- C:\Windows\System\tpMrSHP.exe
  C:\Windows\System\tpMrSHP.exe
  2⤵
  PID:5876
- C:\Windows\System\qamOXlg.exe
  C:\Windows\System\qamOXlg.exe
  2⤵
  PID:5896
- C:\Windows\System\BrpROTp.exe
  C:\Windows\System\BrpROTp.exe
  2⤵
  PID:5916
- C:\Windows\System\chRMNSp.exe
  C:\Windows\System\chRMNSp.exe
  2⤵
  PID:5936
- C:\Windows\System\lDyFUlA.exe
  C:\Windows\System\lDyFUlA.exe
  2⤵
  PID:5956
- C:\Windows\System\eKQBwBU.exe
  C:\Windows\System\eKQBwBU.exe
  2⤵
  PID:5976
- C:\Windows\System\PdANKdA.exe
  C:\Windows\System\PdANKdA.exe
  2⤵
  PID:5996
- C:\Windows\System\tTPAKhJ.exe
  C:\Windows\System\tTPAKhJ.exe
  2⤵
  PID:6012
- C:\Windows\System\hBnSvbj.exe
  C:\Windows\System\hBnSvbj.exe
  2⤵
  PID:6036
- C:\Windows\System\yhhffGP.exe
  C:\Windows\System\yhhffGP.exe
  2⤵
  PID:6056
- C:\Windows\System\HEdbnLs.exe
  C:\Windows\System\HEdbnLs.exe
  2⤵
  PID:6076
- C:\Windows\System\AGPwmLF.exe
  C:\Windows\System\AGPwmLF.exe
  2⤵
  PID:6096
- C:\Windows\System\IAubKth.exe
  C:\Windows\System\IAubKth.exe
  2⤵
  PID:6120
- C:\Windows\System\mbARbFF.exe
  C:\Windows\System\mbARbFF.exe
  2⤵
  PID:6140
- C:\Windows\System\YiBRQVW.exe
  C:\Windows\System\YiBRQVW.exe
  2⤵
  PID:4216
- C:\Windows\System\mNIgwLr.exe
  C:\Windows\System\mNIgwLr.exe
  2⤵
  PID:4524
- C:\Windows\System\IJVkfHe.exe
  C:\Windows\System\IJVkfHe.exe
  2⤵
  PID:2804
- C:\Windows\System\Rrpgibh.exe
  C:\Windows\System\Rrpgibh.exe
  2⤵
  PID:4256
- C:\Windows\System\IBSolgU.exe
  C:\Windows\System\IBSolgU.exe
  2⤵
  PID:4644
- C:\Windows\System\sFUNHUr.exe
  C:\Windows\System\sFUNHUr.exe
  2⤵
  PID:2792
- C:\Windows\System\rvoNCQj.exe
  C:\Windows\System\rvoNCQj.exe
  2⤵
  PID:4452
- C:\Windows\System\zjYCdbn.exe
  C:\Windows\System\zjYCdbn.exe
  2⤵
  PID:4928
- C:\Windows\System\xTZsUFA.exe
  C:\Windows\System\xTZsUFA.exe
  2⤵
  PID:4016
- C:\Windows\System\FXWOPKS.exe
  C:\Windows\System\FXWOPKS.exe
  2⤵
  PID:3816
- C:\Windows\System\kzIxzVH.exe
  C:\Windows\System\kzIxzVH.exe
  2⤵
  PID:5012
- C:\Windows\System\TucIGKS.exe
  C:\Windows\System\TucIGKS.exe
  2⤵
  PID:4128
- C:\Windows\System\iFAYaGj.exe
  C:\Windows\System\iFAYaGj.exe
  2⤵
  PID:5124
- C:\Windows\System\krQPZEl.exe
  C:\Windows\System\krQPZEl.exe
  2⤵
  PID:5140
- C:\Windows\System\VDgBmbP.exe
  C:\Windows\System\VDgBmbP.exe
  2⤵
  PID:5148
- C:\Windows\System\FQOZBkX.exe
  C:\Windows\System\FQOZBkX.exe
  2⤵
  PID:5208
- C:\Windows\System\kEpYpeX.exe
  C:\Windows\System\kEpYpeX.exe
  2⤵
  PID:5248
- C:\Windows\System\QkFsnVT.exe
  C:\Windows\System\QkFsnVT.exe
  2⤵
  PID:5268
- C:\Windows\System\dOLdPgF.exe
  C:\Windows\System\dOLdPgF.exe
  2⤵
  PID:5288
- C:\Windows\System\wfYrpjw.exe
  C:\Windows\System\wfYrpjw.exe
  2⤵
  PID:5304
- C:\Windows\System\xfYlcag.exe
  C:\Windows\System\xfYlcag.exe
  2⤵
  PID:5344
- C:\Windows\System\odcCPvl.exe
  C:\Windows\System\odcCPvl.exe
  2⤵
  PID:5412
- C:\Windows\System\ZQtHDLh.exe
  C:\Windows\System\ZQtHDLh.exe
  2⤵
  PID:5452
- C:\Windows\System\eQlcmyj.exe
  C:\Windows\System\eQlcmyj.exe
  2⤵
  PID:5492
- C:\Windows\System\izhiXEV.exe
  C:\Windows\System\izhiXEV.exe
  2⤵
  PID:5504
- C:\Windows\System\dvUnHVd.exe
  C:\Windows\System\dvUnHVd.exe
  2⤵
  PID:5508
- C:\Windows\System\ofQrWTw.exe
  C:\Windows\System\ofQrWTw.exe
  2⤵
  PID:5548
- C:\Windows\System\NQBebKT.exe
  C:\Windows\System\NQBebKT.exe
  2⤵
  PID:5612
- C:\Windows\System\MIXvMGk.exe
  C:\Windows\System\MIXvMGk.exe
  2⤵
  PID:5648
- C:\Windows\System\mRtsyKs.exe
  C:\Windows\System\mRtsyKs.exe
  2⤵
  PID:5664
- C:\Windows\System\XKLpVYe.exe
  C:\Windows\System\XKLpVYe.exe
  2⤵
  PID:5668
- C:\Windows\System\mXFkUmn.exe
  C:\Windows\System\mXFkUmn.exe
  2⤵
  PID:5708
- C:\Windows\System\KTLqiTU.exe
  C:\Windows\System\KTLqiTU.exe
  2⤵
  PID:5768
- C:\Windows\System\wBoJcKR.exe
  C:\Windows\System\wBoJcKR.exe
  2⤵
  PID:5784
- C:\Windows\System\aCHKohR.exe
  C:\Windows\System\aCHKohR.exe
  2⤵
  PID:5824
- C:\Windows\System\QIEjIZM.exe
  C:\Windows\System\QIEjIZM.exe
  2⤵
  PID:5828
- C:\Windows\System\UQHBdkd.exe
  C:\Windows\System\UQHBdkd.exe
  2⤵
  PID:5868
- C:\Windows\System\Letsjzi.exe
  C:\Windows\System\Letsjzi.exe
  2⤵
  PID:5912
- C:\Windows\System\umuIdlT.exe
  C:\Windows\System\umuIdlT.exe
  2⤵
  PID:5972
- C:\Windows\System\HlQISdF.exe
  C:\Windows\System\HlQISdF.exe
  2⤵
  PID:6004
- C:\Windows\System\QMJzzRP.exe
  C:\Windows\System\QMJzzRP.exe
  2⤵
  PID:6032
- C:\Windows\System\vVyUAtx.exe
  C:\Windows\System\vVyUAtx.exe
  2⤵
  PID:6084
- C:\Windows\System\TRDTQXn.exe
  C:\Windows\System\TRDTQXn.exe
  2⤵
  PID:6088
- C:\Windows\System\iJcVEjz.exe
  C:\Windows\System\iJcVEjz.exe
  2⤵
  PID:6108
- C:\Windows\System\BEUKiCR.exe
  C:\Windows\System\BEUKiCR.exe
  2⤵
  PID:4316
- C:\Windows\System\AyGXJwM.exe
  C:\Windows\System\AyGXJwM.exe
  2⤵
  PID:5024
- C:\Windows\System\LpwpNUj.exe
  C:\Windows\System\LpwpNUj.exe
  2⤵
  PID:4588
- C:\Windows\System\uhTilod.exe
  C:\Windows\System\uhTilod.exe
  2⤵
  PID:4828
- C:\Windows\System\uLxxOuj.exe
  C:\Windows\System\uLxxOuj.exe
  2⤵
  PID:4888
- C:\Windows\System\sfQrHAz.exe
  C:\Windows\System\sfQrHAz.exe
  2⤵
  PID:4640
- C:\Windows\System\NUakVUZ.exe
  C:\Windows\System\NUakVUZ.exe
  2⤵
  PID:4280
- C:\Windows\System\SYHtMWK.exe
  C:\Windows\System\SYHtMWK.exe
  2⤵
  PID:4196
- C:\Windows\System\suIraxN.exe
  C:\Windows\System\suIraxN.exe
  2⤵
  PID:2652
- C:\Windows\System\idvBfjZ.exe
  C:\Windows\System\idvBfjZ.exe
  2⤵
  PID:5164
- C:\Windows\System\XRXTDnN.exe
  C:\Windows\System\XRXTDnN.exe
  2⤵
  PID:5184
- C:\Windows\System\YKpOWwQ.exe
  C:\Windows\System\YKpOWwQ.exe
  2⤵
  PID:5280
- C:\Windows\System\pKqPXEu.exe
  C:\Windows\System\pKqPXEu.exe
  2⤵
  PID:5388
- C:\Windows\System\lOeMUBD.exe
  C:\Windows\System\lOeMUBD.exe
  2⤵
  PID:5440
- C:\Windows\System\cCLHTrc.exe
  C:\Windows\System\cCLHTrc.exe
  2⤵
  PID:5444
- C:\Windows\System\hXOXJpG.exe
  C:\Windows\System\hXOXJpG.exe
  2⤵
  PID:5488
- C:\Windows\System\baACaug.exe
  C:\Windows\System\baACaug.exe
  2⤵
  PID:5564
- C:\Windows\System\CvfYoiy.exe
  C:\Windows\System\CvfYoiy.exe
  2⤵
  PID:5644
- C:\Windows\System\UFHkCbK.exe
  C:\Windows\System\UFHkCbK.exe
  2⤵
  PID:5628
- C:\Windows\System\hHqvgKm.exe
  C:\Windows\System\hHqvgKm.exe
  2⤵
  PID:5724
- C:\Windows\System\nFJAzkZ.exe
  C:\Windows\System\nFJAzkZ.exe
  2⤵
  PID:5764
- C:\Windows\System\laNJOai.exe
  C:\Windows\System\laNJOai.exe
  2⤵
  PID:2328
- C:\Windows\System\JWEYcFj.exe
  C:\Windows\System\JWEYcFj.exe
  2⤵
  PID:2204
- C:\Windows\System\uurXlMa.exe
  C:\Windows\System\uurXlMa.exe
  2⤵
  PID:5888
- C:\Windows\System\RcZczzQ.exe
  C:\Windows\System\RcZczzQ.exe
  2⤵
  PID:1160
- C:\Windows\System\nIRKovC.exe
  C:\Windows\System\nIRKovC.exe
  2⤵
  PID:6028
- C:\Windows\System\fvJhkys.exe
  C:\Windows\System\fvJhkys.exe
  2⤵
  PID:6024
- C:\Windows\System\AcRfjxs.exe
  C:\Windows\System\AcRfjxs.exe
  2⤵
  PID:6064
- C:\Windows\System\mtnWUHm.exe
  C:\Windows\System\mtnWUHm.exe
  2⤵
  PID:5028
- C:\Windows\System\zAZfHqc.exe
  C:\Windows\System\zAZfHqc.exe
  2⤵
  PID:5104
- C:\Windows\System\IyrJZvg.exe
  C:\Windows\System\IyrJZvg.exe
  2⤵
  PID:4360
- C:\Windows\System\EeAKayp.exe
  C:\Windows\System\EeAKayp.exe
  2⤵
  PID:4804
- C:\Windows\System\sPaYfkd.exe
  C:\Windows\System\sPaYfkd.exe
  2⤵
  PID:3660
- C:\Windows\System\TVatEzx.exe
  C:\Windows\System\TVatEzx.exe
  2⤵
  PID:2700
- C:\Windows\System\UGeQFCp.exe
  C:\Windows\System\UGeQFCp.exe
  2⤵
  PID:5260
- C:\Windows\System\vFdpqMl.exe
  C:\Windows\System\vFdpqMl.exe
  2⤵
  PID:5364
- C:\Windows\System\xDHlnyJ.exe
  C:\Windows\System\xDHlnyJ.exe
  2⤵
  PID:5424
- C:\Windows\System\YxcGPOF.exe
  C:\Windows\System\YxcGPOF.exe
  2⤵
  PID:5512
- C:\Windows\System\RXuMTca.exe
  C:\Windows\System\RXuMTca.exe
  2⤵
  PID:4624
- C:\Windows\System\RwjqXoG.exe
  C:\Windows\System\RwjqXoG.exe
  2⤵
  PID:5684
- C:\Windows\System\nPdQzKO.exe
  C:\Windows\System\nPdQzKO.exe
  2⤵
  PID:5852
- C:\Windows\System\ytqEPlh.exe
  C:\Windows\System\ytqEPlh.exe
  2⤵
  PID:5872
- C:\Windows\System\ePHzJLT.exe
  C:\Windows\System\ePHzJLT.exe
  2⤵
  PID:5904
- C:\Windows\System\ofUoJkZ.exe
  C:\Windows\System\ofUoJkZ.exe
  2⤵
  PID:5968
- C:\Windows\System\kvRyXzd.exe
  C:\Windows\System\kvRyXzd.exe
  2⤵
  PID:5988
- C:\Windows\System\vLpZIjF.exe
  C:\Windows\System\vLpZIjF.exe
  2⤵
  PID:6160
- C:\Windows\System\YAQdoMq.exe
  C:\Windows\System\YAQdoMq.exe
  2⤵
  PID:6180
- C:\Windows\System\WcbAEnE.exe
  C:\Windows\System\WcbAEnE.exe
  2⤵
  PID:6196
- C:\Windows\System\BypCIiA.exe
  C:\Windows\System\BypCIiA.exe
  2⤵
  PID:6220
- C:\Windows\System\jbfrksI.exe
  C:\Windows\System\jbfrksI.exe
  2⤵
  PID:6236
- C:\Windows\System\TZvtFuT.exe
  C:\Windows\System\TZvtFuT.exe
  2⤵
  PID:6260
- C:\Windows\System\uzaXnIR.exe
  C:\Windows\System\uzaXnIR.exe
  2⤵
  PID:6280
- C:\Windows\System\mnWVHDH.exe
  C:\Windows\System\mnWVHDH.exe
  2⤵
  PID:6300
- C:\Windows\System\jUcWvpY.exe
  C:\Windows\System\jUcWvpY.exe
  2⤵
  PID:6320
- C:\Windows\System\SNwstmM.exe
  C:\Windows\System\SNwstmM.exe
  2⤵
  PID:6340
- C:\Windows\System\yhGmcWR.exe
  C:\Windows\System\yhGmcWR.exe
  2⤵
  PID:6364
- C:\Windows\System\ElurWMO.exe
  C:\Windows\System\ElurWMO.exe
  2⤵
  PID:6384
- C:\Windows\System\LFOpWrN.exe
  C:\Windows\System\LFOpWrN.exe
  2⤵
  PID:6404
- C:\Windows\System\QCzdepW.exe
  C:\Windows\System\QCzdepW.exe
  2⤵
  PID:6424
- C:\Windows\System\AvGYUZY.exe
  C:\Windows\System\AvGYUZY.exe
  2⤵
  PID:6444
- C:\Windows\System\JspEXWg.exe
  C:\Windows\System\JspEXWg.exe
  2⤵
  PID:6464
- C:\Windows\System\ITXsjGd.exe
  C:\Windows\System\ITXsjGd.exe
  2⤵
  PID:6484
- C:\Windows\System\UgSMZqN.exe
  C:\Windows\System\UgSMZqN.exe
  2⤵
  PID:6504
- C:\Windows\System\VmRBXNE.exe
  C:\Windows\System\VmRBXNE.exe
  2⤵
  PID:6524
- C:\Windows\System\fuBhQVA.exe
  C:\Windows\System\fuBhQVA.exe
  2⤵
  PID:6544
- C:\Windows\System\GOOEEmz.exe
  C:\Windows\System\GOOEEmz.exe
  2⤵
  PID:6564
- C:\Windows\System\iXpoGLy.exe
  C:\Windows\System\iXpoGLy.exe
  2⤵
  PID:6584
- C:\Windows\System\dKBKRNk.exe
  C:\Windows\System\dKBKRNk.exe
  2⤵
  PID:6604
- C:\Windows\System\AVLghrC.exe
  C:\Windows\System\AVLghrC.exe
  2⤵
  PID:6628
- C:\Windows\System\UPetztJ.exe
  C:\Windows\System\UPetztJ.exe
  2⤵
  PID:6648
- C:\Windows\System\InyGGcJ.exe
  C:\Windows\System\InyGGcJ.exe
  2⤵
  PID:6668
- C:\Windows\System\YssbHfL.exe
  C:\Windows\System\YssbHfL.exe
  2⤵
  PID:6688
- C:\Windows\System\ESNdgIw.exe
  C:\Windows\System\ESNdgIw.exe
  2⤵
  PID:6708
- C:\Windows\System\dtZnCxy.exe
  C:\Windows\System\dtZnCxy.exe
  2⤵
  PID:6724
- C:\Windows\System\mZxIlBV.exe
  C:\Windows\System\mZxIlBV.exe
  2⤵
  PID:6748
- C:\Windows\System\lqKMCdu.exe
  C:\Windows\System\lqKMCdu.exe
  2⤵
  PID:6768
- C:\Windows\System\uEseoxl.exe
  C:\Windows\System\uEseoxl.exe
  2⤵
  PID:6784
- C:\Windows\System\hDsgAhA.exe
  C:\Windows\System\hDsgAhA.exe
  2⤵
  PID:6808
- C:\Windows\System\lfWhHiL.exe
  C:\Windows\System\lfWhHiL.exe
  2⤵
  PID:6824
- C:\Windows\System\sYJyZFl.exe
  C:\Windows\System\sYJyZFl.exe
  2⤵
  PID:6844
- C:\Windows\System\JDpvwao.exe
  C:\Windows\System\JDpvwao.exe
  2⤵
  PID:6864
- C:\Windows\System\XjmJmLp.exe
  C:\Windows\System\XjmJmLp.exe
  2⤵
  PID:6884
- C:\Windows\System\kPOYUFY.exe
  C:\Windows\System\kPOYUFY.exe
  2⤵
  PID:6900
- C:\Windows\System\qDjDyoU.exe
  C:\Windows\System\qDjDyoU.exe
  2⤵
  PID:6920
- C:\Windows\System\UZUvnNu.exe
  C:\Windows\System\UZUvnNu.exe
  2⤵
  PID:6944
- C:\Windows\System\AkvpmMR.exe
  C:\Windows\System\AkvpmMR.exe
  2⤵
  PID:6964
- C:\Windows\System\dgCQNhB.exe
  C:\Windows\System\dgCQNhB.exe
  2⤵
  PID:6980
- C:\Windows\System\dmMeCYz.exe
  C:\Windows\System\dmMeCYz.exe
  2⤵
  PID:7004
- C:\Windows\System\HruLzBL.exe
  C:\Windows\System\HruLzBL.exe
  2⤵
  PID:7024
- C:\Windows\System\wPxnZrS.exe
  C:\Windows\System\wPxnZrS.exe
  2⤵
  PID:7044
- C:\Windows\System\QkisxwM.exe
  C:\Windows\System\QkisxwM.exe
  2⤵
  PID:7064
- C:\Windows\System\zcduxVd.exe
  C:\Windows\System\zcduxVd.exe
  2⤵
  PID:7084
- C:\Windows\System\VeBVILS.exe
  C:\Windows\System\VeBVILS.exe
  2⤵
  PID:7104
- C:\Windows\System\Cvqcayp.exe
  C:\Windows\System\Cvqcayp.exe
  2⤵
  PID:7124
- C:\Windows\System\zHxSIHW.exe
  C:\Windows\System\zHxSIHW.exe
  2⤵
  PID:7144
- C:\Windows\System\SlHLtlU.exe
  C:\Windows\System\SlHLtlU.exe
  2⤵
  PID:7164
- C:\Windows\System\CxtOuXo.exe
  C:\Windows\System\CxtOuXo.exe
  2⤵
  PID:5060
- C:\Windows\System\tYXkroG.exe
  C:\Windows\System\tYXkroG.exe
  2⤵
  PID:4704
- C:\Windows\System\AXFPvFo.exe
  C:\Windows\System\AXFPvFo.exe
  2⤵
  PID:5200
- C:\Windows\System\MqPuYGB.exe
  C:\Windows\System\MqPuYGB.exe
  2⤵
  PID:2160
- C:\Windows\System\kqREhsB.exe
  C:\Windows\System\kqREhsB.exe
  2⤵
  PID:5328
- C:\Windows\System\oUtzdDP.exe
  C:\Windows\System\oUtzdDP.exe
  2⤵
  PID:5532
- C:\Windows\System\sRYtcnR.exe
  C:\Windows\System\sRYtcnR.exe
  2⤵
  PID:5568
- C:\Windows\System\eXAXMBT.exe
  C:\Windows\System\eXAXMBT.exe
  2⤵
  PID:5688
- C:\Windows\System\RQaPouX.exe
  C:\Windows\System\RQaPouX.exe
  2⤵
  PID:5924
- C:\Windows\System\HpXHUFr.exe
  C:\Windows\System\HpXHUFr.exe
  2⤵
  PID:6148
- C:\Windows\System\zwSKTzq.exe
  C:\Windows\System\zwSKTzq.exe
  2⤵
  PID:6168
- C:\Windows\System\UZWEpcy.exe
  C:\Windows\System\UZWEpcy.exe
  2⤵
  PID:6204
- C:\Windows\System\kGkUFzv.exe
  C:\Windows\System\kGkUFzv.exe
  2⤵
  PID:6268
- C:\Windows\System\OWnpflB.exe
  C:\Windows\System\OWnpflB.exe
  2⤵
  PID:6248
- C:\Windows\System\DpTXHwi.exe
  C:\Windows\System\DpTXHwi.exe
  2⤵
  PID:6296
- C:\Windows\System\cmeJzhd.exe
  C:\Windows\System\cmeJzhd.exe
  2⤵
  PID:6328
- C:\Windows\System\DVNfvGv.exe
  C:\Windows\System\DVNfvGv.exe
  2⤵
  PID:6352
- C:\Windows\System\sGYbLIt.exe
  C:\Windows\System\sGYbLIt.exe
  2⤵
  PID:6376
- C:\Windows\System\QTINhkM.exe
  C:\Windows\System\QTINhkM.exe
  2⤵
  PID:6412
- C:\Windows\System\BbjYbDs.exe
  C:\Windows\System\BbjYbDs.exe
  2⤵
  PID:6460
- C:\Windows\System\tzNFWlF.exe
  C:\Windows\System\tzNFWlF.exe
  2⤵
  PID:6512
- C:\Windows\System\iuJGADH.exe
  C:\Windows\System\iuJGADH.exe
  2⤵
  PID:6532
- C:\Windows\System\BhYXHtp.exe
  C:\Windows\System\BhYXHtp.exe
  2⤵
  PID:6540
- C:\Windows\System\ZlFMWOx.exe
  C:\Windows\System\ZlFMWOx.exe
  2⤵
  PID:6600
- C:\Windows\System\cIvgKND.exe
  C:\Windows\System\cIvgKND.exe
  2⤵
  PID:6640
- C:\Windows\System\eQDLlAm.exe
  C:\Windows\System\eQDLlAm.exe
  2⤵
  PID:6616
- C:\Windows\System\klqaTNk.exe
  C:\Windows\System\klqaTNk.exe
  2⤵
  PID:6660
- C:\Windows\System\XSgNHgx.exe
  C:\Windows\System\XSgNHgx.exe
  2⤵
  PID:6700
- C:\Windows\System\sMUacxL.exe
  C:\Windows\System\sMUacxL.exe
  2⤵
  PID:6764
- C:\Windows\System\tngCZIo.exe
  C:\Windows\System\tngCZIo.exe
  2⤵
  PID:6804
- C:\Windows\System\IBcVGbU.exe
  C:\Windows\System\IBcVGbU.exe
  2⤵
  PID:6360
- C:\Windows\System\lKYHxmp.exe
  C:\Windows\System\lKYHxmp.exe
  2⤵
  PID:6820
- C:\Windows\System\iibLtva.exe
  C:\Windows\System\iibLtva.exe
  2⤵
  PID:6860
- C:\Windows\System\HvFyvKf.exe
  C:\Windows\System\HvFyvKf.exe
  2⤵
  PID:6912
- C:\Windows\System\OTzWRhH.exe
  C:\Windows\System\OTzWRhH.exe
  2⤵
  PID:6940
- C:\Windows\System\XjzctoF.exe
  C:\Windows\System\XjzctoF.exe
  2⤵
  PID:6988
- C:\Windows\System\MsVnySL.exe
  C:\Windows\System\MsVnySL.exe
  2⤵
  PID:7032
- C:\Windows\System\MZBhHrn.exe
  C:\Windows\System\MZBhHrn.exe
  2⤵
  PID:7080
- C:\Windows\System\KLrBnKa.exe
  C:\Windows\System\KLrBnKa.exe
  2⤵
  PID:7060
- C:\Windows\System\NOIkNZt.exe
  C:\Windows\System\NOIkNZt.exe
  2⤵
  PID:7116
- C:\Windows\System\NdYBIuD.exe
  C:\Windows\System\NdYBIuD.exe
  2⤵
  PID:1028
- C:\Windows\System\wFmKWCE.exe
  C:\Windows\System\wFmKWCE.exe
  2⤵
  PID:4176
- C:\Windows\System\hzxNeLd.exe
  C:\Windows\System\hzxNeLd.exe
  2⤵
  PID:4400
- C:\Windows\System\RbOPmdh.exe
  C:\Windows\System\RbOPmdh.exe
  2⤵
  PID:4992
- C:\Windows\System\WGZjeAy.exe
  C:\Windows\System\WGZjeAy.exe
  2⤵
  PID:1336
- C:\Windows\System\HDruCdO.exe
  C:\Windows\System\HDruCdO.exe
  2⤵
  PID:5404
- C:\Windows\System\pEBoEPj.exe
  C:\Windows\System\pEBoEPj.exe
  2⤵
  PID:5588
- C:\Windows\System\UnaQzIY.exe
  C:\Windows\System\UnaQzIY.exe
  2⤵
  PID:5792
- C:\Windows\System\rJoooWn.exe
  C:\Windows\System\rJoooWn.exe
  2⤵
  PID:1036
- C:\Windows\System\iwBbpul.exe
  C:\Windows\System\iwBbpul.exe
  2⤵
  PID:6152
- C:\Windows\System\SQqARrc.exe
  C:\Windows\System\SQqARrc.exe
  2⤵
  PID:6232
- C:\Windows\System\WPgUIAY.exe
  C:\Windows\System\WPgUIAY.exe
  2⤵
  PID:6272
- C:\Windows\System\QNKAHfs.exe
  C:\Windows\System\QNKAHfs.exe
  2⤵
  PID:6308
- C:\Windows\System\rxDtBuw.exe
  C:\Windows\System\rxDtBuw.exe
  2⤵
  PID:6332
- C:\Windows\System\HBhRjfZ.exe
  C:\Windows\System\HBhRjfZ.exe
  2⤵
  PID:6492
- C:\Windows\System\ghRQWUf.exe
  C:\Windows\System\ghRQWUf.exe
  2⤵
  PID:6476
- C:\Windows\System\KzkxfMq.exe
  C:\Windows\System\KzkxfMq.exe
  2⤵
  PID:6560
- C:\Windows\System\YWaqOWk.exe
  C:\Windows\System\YWaqOWk.exe
  2⤵
  PID:6644
- C:\Windows\System\OUmHwuo.exe
  C:\Windows\System\OUmHwuo.exe
  2⤵
  PID:6680
- C:\Windows\System\WxFxEzB.exe
  C:\Windows\System\WxFxEzB.exe
  2⤵
  PID:6800
- C:\Windows\System\IwqupYj.exe
  C:\Windows\System\IwqupYj.exe
  2⤵
  PID:6732
- C:\Windows\System\NMZZbmn.exe
  C:\Windows\System\NMZZbmn.exe
  2⤵
  PID:2552
- C:\Windows\System\UTbRfZa.exe
  C:\Windows\System\UTbRfZa.exe
  2⤵
  PID:6916
- C:\Windows\System\cpKTOta.exe
  C:\Windows\System\cpKTOta.exe
  2⤵
  PID:6976
- C:\Windows\System\tIiUQSW.exe
  C:\Windows\System\tIiUQSW.exe
  2⤵
  PID:7112
- C:\Windows\System\JXwFrAV.exe
  C:\Windows\System\JXwFrAV.exe
  2⤵
  PID:2456
- C:\Windows\System\ZfqhDwV.exe
  C:\Windows\System\ZfqhDwV.exe
  2⤵
  PID:7156
- C:\Windows\System\jrNonyf.exe
  C:\Windows\System\jrNonyf.exe
  2⤵
  PID:7016
- C:\Windows\System\uxnoUYf.exe
  C:\Windows\System\uxnoUYf.exe
  2⤵
  PID:1436
- C:\Windows\System\lhXPZIk.exe
  C:\Windows\System\lhXPZIk.exe
  2⤵
  PID:7136
- C:\Windows\System\dOarBkl.exe
  C:\Windows\System\dOarBkl.exe
  2⤵
  PID:6208
- C:\Windows\System\pQeITHU.exe
  C:\Windows\System\pQeITHU.exe
  2⤵
  PID:4900
- C:\Windows\System\coCaITg.exe
  C:\Windows\System\coCaITg.exe
  2⤵
  PID:3424
- C:\Windows\System\DlRDOHa.exe
  C:\Windows\System\DlRDOHa.exe
  2⤵
  PID:6356
- C:\Windows\System\JzvkHPs.exe
  C:\Windows\System\JzvkHPs.exe
  2⤵
  PID:6256
- C:\Windows\System\HoQWZrM.exe
  C:\Windows\System\HoQWZrM.exe
  2⤵
  PID:6456
- C:\Windows\System\TecHjtD.exe
  C:\Windows\System\TecHjtD.exe
  2⤵
  PID:6716
- C:\Windows\System\aGHRZzM.exe
  C:\Windows\System\aGHRZzM.exe
  2⤵
  PID:6440
- C:\Windows\System\guGjvaj.exe
  C:\Windows\System\guGjvaj.exe
  2⤵
  PID:6704
- C:\Windows\System\iKvxxbF.exe
  C:\Windows\System\iKvxxbF.exe
  2⤵
  PID:6956
- C:\Windows\System\JjWHAKu.exe
  C:\Windows\System\JjWHAKu.exe
  2⤵
  PID:6936
- C:\Windows\System\LpJPOyR.exe
  C:\Windows\System\LpJPOyR.exe
  2⤵
  PID:5748
- C:\Windows\System\anUszeN.exe
  C:\Windows\System\anUszeN.exe
  2⤵
  PID:6872
- C:\Windows\System\SfMhQwp.exe
  C:\Windows\System\SfMhQwp.exe
  2⤵
  PID:2524
- C:\Windows\System\WDzXJIA.exe
  C:\Windows\System\WDzXJIA.exe
  2⤵
  PID:6416
- C:\Windows\System\OFYdxZR.exe
  C:\Windows\System\OFYdxZR.exe
  2⤵
  PID:4616
- C:\Windows\System\vsIbOuk.exe
  C:\Windows\System\vsIbOuk.exe
  2⤵
  PID:6172
- C:\Windows\System\cetWvyJ.exe
  C:\Windows\System\cetWvyJ.exe
  2⤵
  PID:6756
- C:\Windows\System\lWKcFdc.exe
  C:\Windows\System\lWKcFdc.exe
  2⤵
  PID:7176
- C:\Windows\System\kjnilUx.exe
  C:\Windows\System\kjnilUx.exe
  2⤵
  PID:7200
- C:\Windows\System\UNGCBBi.exe
  C:\Windows\System\UNGCBBi.exe
  2⤵
  PID:7224
- C:\Windows\System\wEyrSFT.exe
  C:\Windows\System\wEyrSFT.exe
  2⤵
  PID:7244
- C:\Windows\System\pLvJVpb.exe
  C:\Windows\System\pLvJVpb.exe
  2⤵
  PID:7264
- C:\Windows\System\jxDMmXo.exe
  C:\Windows\System\jxDMmXo.exe
  2⤵
  PID:7284
- C:\Windows\System\bVqgcWI.exe
  C:\Windows\System\bVqgcWI.exe
  2⤵
  PID:7304
- C:\Windows\System\mbNduEd.exe
  C:\Windows\System\mbNduEd.exe
  2⤵
  PID:7324
- C:\Windows\System\ZNzgkuA.exe
  C:\Windows\System\ZNzgkuA.exe
  2⤵
  PID:7340
- C:\Windows\System\nUgtUlE.exe
  C:\Windows\System\nUgtUlE.exe
  2⤵
  PID:7364
- C:\Windows\System\nhyknMN.exe
  C:\Windows\System\nhyknMN.exe
  2⤵
  PID:7380
- C:\Windows\System\EVIPGdj.exe
  C:\Windows\System\EVIPGdj.exe
  2⤵
  PID:7404
- C:\Windows\System\wjajPjZ.exe
  C:\Windows\System\wjajPjZ.exe
  2⤵
  PID:7420
- C:\Windows\System\RBXVtMk.exe
  C:\Windows\System\RBXVtMk.exe
  2⤵
  PID:7444
- C:\Windows\System\DajdYpa.exe
  C:\Windows\System\DajdYpa.exe
  2⤵
  PID:7464
- C:\Windows\System\UyxIGyi.exe
  C:\Windows\System\UyxIGyi.exe
  2⤵
  PID:7484
- C:\Windows\System\OBIFERC.exe
  C:\Windows\System\OBIFERC.exe
  2⤵
  PID:7504
- C:\Windows\System\xZHvOyt.exe
  C:\Windows\System\xZHvOyt.exe
  2⤵
  PID:7520
- C:\Windows\System\tUPdiZx.exe
  C:\Windows\System\tUPdiZx.exe
  2⤵
  PID:7540
- C:\Windows\System\rnuUnPm.exe
  C:\Windows\System\rnuUnPm.exe
  2⤵
  PID:7564
- C:\Windows\System\wULYEdl.exe
  C:\Windows\System\wULYEdl.exe
  2⤵
  PID:7584
- C:\Windows\System\NQIbbRD.exe
  C:\Windows\System\NQIbbRD.exe
  2⤵
  PID:7604
- C:\Windows\System\HOwgmNV.exe
  C:\Windows\System\HOwgmNV.exe
  2⤵
  PID:7624
- C:\Windows\System\xMEaVcm.exe
  C:\Windows\System\xMEaVcm.exe
  2⤵
  PID:7644
- C:\Windows\System\VKgMvqS.exe
  C:\Windows\System\VKgMvqS.exe
  2⤵
  PID:7664
- C:\Windows\System\VxULRbM.exe
  C:\Windows\System\VxULRbM.exe
  2⤵
  PID:7680
- C:\Windows\System\UPcawlJ.exe
  C:\Windows\System\UPcawlJ.exe
  2⤵
  PID:7704
- C:\Windows\System\QgMebTy.exe
  C:\Windows\System\QgMebTy.exe
  2⤵
  PID:7724
- C:\Windows\System\XxNOlwk.exe
  C:\Windows\System\XxNOlwk.exe
  2⤵
  PID:7744
- C:\Windows\System\QDtfXce.exe
  C:\Windows\System\QDtfXce.exe
  2⤵
  PID:7760
- C:\Windows\System\AHnUmzm.exe
  C:\Windows\System\AHnUmzm.exe
  2⤵
  PID:7784
- C:\Windows\System\zxFtMln.exe
  C:\Windows\System\zxFtMln.exe
  2⤵
  PID:7804
- C:\Windows\System\CNnvdqQ.exe
  C:\Windows\System\CNnvdqQ.exe
  2⤵
  PID:7824
- C:\Windows\System\rJyxJWI.exe
  C:\Windows\System\rJyxJWI.exe
  2⤵
  PID:7840
- C:\Windows\System\UGncORg.exe
  C:\Windows\System\UGncORg.exe
  2⤵
  PID:7872
- C:\Windows\System\Ppxiova.exe
  C:\Windows\System\Ppxiova.exe
  2⤵
  PID:7892
- C:\Windows\System\xmvzrUG.exe
  C:\Windows\System\xmvzrUG.exe
  2⤵
  PID:7908
- C:\Windows\System\RHpYyGb.exe
  C:\Windows\System\RHpYyGb.exe
  2⤵
  PID:7932
- C:\Windows\System\tztsTeb.exe
  C:\Windows\System\tztsTeb.exe
  2⤵
  PID:7952
- C:\Windows\System\PAcmOZl.exe
  C:\Windows\System\PAcmOZl.exe
  2⤵
  PID:7972
- C:\Windows\System\BBBUNpU.exe
  C:\Windows\System\BBBUNpU.exe
  2⤵
  PID:7988
- C:\Windows\System\cilOMuh.exe
  C:\Windows\System\cilOMuh.exe
  2⤵
  PID:8012
- C:\Windows\System\aIACHTL.exe
  C:\Windows\System\aIACHTL.exe
  2⤵
  PID:8036
- C:\Windows\System\RcyQuIu.exe
  C:\Windows\System\RcyQuIu.exe
  2⤵
  PID:8056
- C:\Windows\System\ekAJDTG.exe
  C:\Windows\System\ekAJDTG.exe
  2⤵
  PID:8076
- C:\Windows\System\SYfjRWh.exe
  C:\Windows\System\SYfjRWh.exe
  2⤵
  PID:8096
- C:\Windows\System\kAktXrX.exe
  C:\Windows\System\kAktXrX.exe
  2⤵
  PID:8112
- C:\Windows\System\bXmwtoB.exe
  C:\Windows\System\bXmwtoB.exe
  2⤵
  PID:8136
- C:\Windows\System\DiLnHYM.exe
  C:\Windows\System\DiLnHYM.exe
  2⤵
  PID:8156
- C:\Windows\System\KBtMtfn.exe
  C:\Windows\System\KBtMtfn.exe
  2⤵
  PID:8176
- C:\Windows\System\fYFyqHN.exe
  C:\Windows\System\fYFyqHN.exe
  2⤵
  PID:5244
- C:\Windows\System\lKyVekn.exe
  C:\Windows\System\lKyVekn.exe
  2⤵
  PID:5804
- C:\Windows\System\NaajSRk.exe
  C:\Windows\System\NaajSRk.exe
  2⤵
  PID:6580
- C:\Windows\System\eBIkxlb.exe
  C:\Windows\System\eBIkxlb.exe
  2⤵
  PID:6612
- C:\Windows\System\PTYHPmW.exe
  C:\Windows\System\PTYHPmW.exe
  2⤵
  PID:7100
- C:\Windows\System\NAawKwJ.exe
  C:\Windows\System\NAawKwJ.exe
  2⤵
  PID:6792
- C:\Windows\System\AfNahOl.exe
  C:\Windows\System\AfNahOl.exe
  2⤵
  PID:7076
- C:\Windows\System\YgetCGO.exe
  C:\Windows\System\YgetCGO.exe
  2⤵
  PID:7188
- C:\Windows\System\QZtGgAd.exe
  C:\Windows\System\QZtGgAd.exe
  2⤵
  PID:6516
- C:\Windows\System\ZYEwdUs.exe
  C:\Windows\System\ZYEwdUs.exe
  2⤵
  PID:7236
- C:\Windows\System\ePVBYWN.exe
  C:\Windows\System\ePVBYWN.exe
  2⤵
  PID:7280
- C:\Windows\System\vHUDwEj.exe
  C:\Windows\System\vHUDwEj.exe
  2⤵
  PID:7252
- C:\Windows\System\LIIMxyM.exe
  C:\Windows\System\LIIMxyM.exe
  2⤵
  PID:7312
- C:\Windows\System\QCgerrd.exe
  C:\Windows\System\QCgerrd.exe
  2⤵
  PID:7360
- C:\Windows\System\vhfDOWs.exe
  C:\Windows\System\vhfDOWs.exe
  2⤵
  PID:7332
- C:\Windows\System\wOCHyxa.exe
  C:\Windows\System\wOCHyxa.exe
  2⤵
  PID:7428
- C:\Windows\System\MIUVTNX.exe
  C:\Windows\System\MIUVTNX.exe
  2⤵
  PID:7472
- C:\Windows\System\hrsuScv.exe
  C:\Windows\System\hrsuScv.exe
  2⤵
  PID:7412
- C:\Windows\System\ljaxTsN.exe
  C:\Windows\System\ljaxTsN.exe
  2⤵
  PID:7548
- C:\Windows\System\xNsRRRa.exe
  C:\Windows\System\xNsRRRa.exe
  2⤵
  PID:7496
- C:\Windows\System\lpfkqEb.exe
  C:\Windows\System\lpfkqEb.exe
  2⤵
  PID:7600
- C:\Windows\System\TzHuRCl.exe
  C:\Windows\System\TzHuRCl.exe
  2⤵
  PID:7572
- C:\Windows\System\tlksaZR.exe
  C:\Windows\System\tlksaZR.exe
  2⤵
  PID:7576
- C:\Windows\System\lFihNaE.exe
  C:\Windows\System\lFihNaE.exe
  2⤵
  PID:7612
- C:\Windows\System\wWolHzK.exe
  C:\Windows\System\wWolHzK.exe
  2⤵
  PID:2640
- C:\Windows\System\fydDzAH.exe
  C:\Windows\System\fydDzAH.exe
  2⤵
  PID:7688
- C:\Windows\System\dLPNFjq.exe
  C:\Windows\System\dLPNFjq.exe
  2⤵
  PID:7732
- C:\Windows\System\fbNchep.exe
  C:\Windows\System\fbNchep.exe
  2⤵
  PID:7740
- C:\Windows\System\GifjKrK.exe
  C:\Windows\System\GifjKrK.exe
  2⤵
  PID:7776
- C:\Windows\System\jIYzZEO.exe
  C:\Windows\System\jIYzZEO.exe
  2⤵
  PID:7856
- C:\Windows\System\Acuwezc.exe
  C:\Windows\System\Acuwezc.exe
  2⤵
  PID:7916
- C:\Windows\System\lFsIDbm.exe
  C:\Windows\System\lFsIDbm.exe
  2⤵
  PID:7864
- C:\Windows\System\GqCTMMc.exe
  C:\Windows\System\GqCTMMc.exe
  2⤵
  PID:7940
- C:\Windows\System\EwRZoOc.exe
  C:\Windows\System\EwRZoOc.exe
  2⤵
  PID:8004
- C:\Windows\System\xmDPbFN.exe
  C:\Windows\System\xmDPbFN.exe
  2⤵
  PID:7980
- C:\Windows\System\LsiIveM.exe
  C:\Windows\System\LsiIveM.exe
  2⤵
  PID:8020
- C:\Windows\System\sbDxlml.exe
  C:\Windows\System\sbDxlml.exe
  2⤵
  PID:8032
- C:\Windows\System\OwvGAIw.exe
  C:\Windows\System\OwvGAIw.exe
  2⤵
  PID:8084
- C:\Windows\System\UZSTxqc.exe
  C:\Windows\System\UZSTxqc.exe
  2⤵
  PID:8128
- C:\Windows\System\BKujxqT.exe
  C:\Windows\System\BKujxqT.exe
  2⤵
  PID:8168
- C:\Windows\System\KoYjCzd.exe
  C:\Windows\System\KoYjCzd.exe
  2⤵
  PID:8144
- C:\Windows\System\JgEuTEq.exe
  C:\Windows\System\JgEuTEq.exe
  2⤵
  PID:6840
- C:\Windows\System\lhCdbLa.exe
  C:\Windows\System\lhCdbLa.exe
  2⤵
  PID:2912
- C:\Windows\System\UAsFnLI.exe
  C:\Windows\System\UAsFnLI.exe
  2⤵
  PID:6852
- C:\Windows\System\wMYwVyO.exe
  C:\Windows\System\wMYwVyO.exe
  2⤵
  PID:7240
- C:\Windows\System\UseBpJS.exe
  C:\Windows\System\UseBpJS.exe
  2⤵
  PID:7316
- C:\Windows\System\yVhrltP.exe
  C:\Windows\System\yVhrltP.exe
  2⤵
  PID:7372
- C:\Windows\System\lRJuEhl.exe
  C:\Windows\System\lRJuEhl.exe
  2⤵
  PID:7208
- C:\Windows\System\PqpJfvP.exe
  C:\Windows\System\PqpJfvP.exe
  2⤵
  PID:7296
- C:\Windows\System\uyAjNtp.exe
  C:\Windows\System\uyAjNtp.exe
  2⤵
  PID:7500
- C:\Windows\System\oQcWBWT.exe
  C:\Windows\System\oQcWBWT.exe
  2⤵
  PID:2680
- C:\Windows\System\uwWOxns.exe
  C:\Windows\System\uwWOxns.exe
  2⤵
  PID:1612
- C:\Windows\System\DfmhkIC.exe
  C:\Windows\System\DfmhkIC.exe
  2⤵
  PID:7752
- C:\Windows\System\zZnUgdK.exe
  C:\Windows\System\zZnUgdK.exe
  2⤵
  PID:7460
- C:\Windows\System\xoJkAUp.exe
  C:\Windows\System\xoJkAUp.exe
  2⤵
  PID:7820
- C:\Windows\System\VNBVdZg.exe
  C:\Windows\System\VNBVdZg.exe
  2⤵
  PID:2664
- C:\Windows\System\jzEnwCI.exe
  C:\Windows\System\jzEnwCI.exe
  2⤵
  PID:1804
- C:\Windows\System\qyXdSUy.exe
  C:\Windows\System\qyXdSUy.exe
  2⤵
  PID:7596
- C:\Windows\System\VvtfHTL.exe
  C:\Windows\System\VvtfHTL.exe
  2⤵
  PID:2144
- C:\Windows\System\EJhpvXi.exe
  C:\Windows\System\EJhpvXi.exe
  2⤵
  PID:7712
- C:\Windows\System\SdaNSfH.exe
  C:\Windows\System\SdaNSfH.exe
  2⤵
  PID:7792
- C:\Windows\System\nFzvGex.exe
  C:\Windows\System\nFzvGex.exe
  2⤵
  PID:7836
- C:\Windows\System\wiWbYUY.exe
  C:\Windows\System\wiWbYUY.exe
  2⤵
  PID:8172
- C:\Windows\System\DamKoVe.exe
  C:\Windows\System\DamKoVe.exe
  2⤵
  PID:4448
- C:\Windows\System\ashmjAm.exe
  C:\Windows\System\ashmjAm.exe
  2⤵
  PID:7904
- C:\Windows\System\hJblkCU.exe
  C:\Windows\System\hJblkCU.exe
  2⤵
  PID:6996
- C:\Windows\System\tudQFEf.exe
  C:\Windows\System\tudQFEf.exe
  2⤵
  PID:2260
- C:\Windows\System\zmIConl.exe
  C:\Windows\System\zmIConl.exe
  2⤵
  PID:6480
- C:\Windows\System\yJHtgUX.exe
  C:\Windows\System\yJHtgUX.exe
  2⤵
  PID:2668
- C:\Windows\System\FELeNKF.exe
  C:\Windows\System\FELeNKF.exe
  2⤵
  PID:1596
- C:\Windows\System\bNSBziT.exe
  C:\Windows\System\bNSBziT.exe
  2⤵
  PID:6928
- C:\Windows\System\UzOIuAE.exe
  C:\Windows\System\UzOIuAE.exe
  2⤵
  PID:2644
- C:\Windows\System\fRfTPiJ.exe
  C:\Windows\System\fRfTPiJ.exe
  2⤵
  PID:6740
- C:\Windows\System\EcUsXqI.exe
  C:\Windows\System\EcUsXqI.exe
  2⤵
  PID:7492
- C:\Windows\System\BYrYkGn.exe
  C:\Windows\System\BYrYkGn.exe
  2⤵
  PID:2052
- C:\Windows\System\cfDhxGF.exe
  C:\Windows\System\cfDhxGF.exe
  2⤵
  PID:7356
- C:\Windows\System\ywgrovm.exe
  C:\Windows\System\ywgrovm.exe
  2⤵
  PID:7660
- C:\Windows\System\ZEICFUA.exe
  C:\Windows\System\ZEICFUA.exe
  2⤵
  PID:7560
- C:\Windows\System\lKhFGXQ.exe
  C:\Windows\System\lKhFGXQ.exe
  2⤵
  PID:7928
- C:\Windows\System\eNeAvVI.exe
  C:\Windows\System\eNeAvVI.exe
  2⤵
  PID:7640
- C:\Windows\System\VxHbPCA.exe
  C:\Windows\System\VxHbPCA.exe
  2⤵
  PID:7696
- C:\Windows\System\UWNqvmw.exe
  C:\Windows\System\UWNqvmw.exe
  2⤵
  PID:7216
- C:\Windows\System\oDELVxU.exe
  C:\Windows\System\oDELVxU.exe
  2⤵
  PID:2412
- C:\Windows\System\UwXVjzV.exe
  C:\Windows\System\UwXVjzV.exe
  2⤵
  PID:7832
- C:\Windows\System\JqJutfC.exe
  C:\Windows\System\JqJutfC.exe
  2⤵
  PID:7888
- C:\Windows\System\ZBXqXgU.exe
  C:\Windows\System\ZBXqXgU.exe
  2⤵
  PID:2384
- C:\Windows\System\qTfUSMb.exe
  C:\Windows\System\qTfUSMb.exe
  2⤵
  PID:8064
- C:\Windows\System\SyseyZB.exe
  C:\Windows\System\SyseyZB.exe
  2⤵
  PID:7416
- C:\Windows\System\OYfEWHn.exe
  C:\Windows\System\OYfEWHn.exe
  2⤵
  PID:2556
- C:\Windows\System\VYqcFpE.exe
  C:\Windows\System\VYqcFpE.exe
  2⤵
  PID:8208
- C:\Windows\System\KSQkPYj.exe
  C:\Windows\System\KSQkPYj.exe
  2⤵
  PID:8228
- C:\Windows\System\mTCqVDZ.exe
  C:\Windows\System\mTCqVDZ.exe
  2⤵
  PID:8248
- C:\Windows\System\rGyJdnl.exe
  C:\Windows\System\rGyJdnl.exe
  2⤵
  PID:8268
- C:\Windows\System\fRQenSX.exe
  C:\Windows\System\fRQenSX.exe
  2⤵
  PID:8284
- C:\Windows\System\mVeGGyS.exe
  C:\Windows\System\mVeGGyS.exe
  2⤵
  PID:8352
- C:\Windows\System\jCwTMWG.exe
  C:\Windows\System\jCwTMWG.exe
  2⤵
  PID:8372
- C:\Windows\System\jajRwWD.exe
  C:\Windows\System\jajRwWD.exe
  2⤵
  PID:8400
- C:\Windows\System\YVYIKcw.exe
  C:\Windows\System\YVYIKcw.exe
  2⤵
  PID:8416
- C:\Windows\System\kATarij.exe
  C:\Windows\System\kATarij.exe
  2⤵
  PID:8436
- C:\Windows\System\mmWMFqY.exe
  C:\Windows\System\mmWMFqY.exe
  2⤵
  PID:8456
- C:\Windows\System\cINAIFy.exe
  C:\Windows\System\cINAIFy.exe
  2⤵
  PID:8472
- C:\Windows\System\wJdGDQF.exe
  C:\Windows\System\wJdGDQF.exe
  2⤵
  PID:8500
- C:\Windows\System\kyBllaG.exe
  C:\Windows\System\kyBllaG.exe
  2⤵
  PID:8524
- C:\Windows\System\JjEBxIV.exe
  C:\Windows\System\JjEBxIV.exe
  2⤵
  PID:8604
- C:\Windows\System\xnVobRl.exe
  C:\Windows\System\xnVobRl.exe
  2⤵
  PID:8620
- C:\Windows\System\VVoCzbq.exe
  C:\Windows\System\VVoCzbq.exe
  2⤵
  PID:8640
- C:\Windows\System\tioppMN.exe
  C:\Windows\System\tioppMN.exe
  2⤵
  PID:8656
- C:\Windows\System\yPNWuGB.exe
  C:\Windows\System\yPNWuGB.exe
  2⤵
  PID:8680
- C:\Windows\System\eaKZFui.exe
  C:\Windows\System\eaKZFui.exe
  2⤵
  PID:8696
- C:\Windows\System\sBVhQOi.exe
  C:\Windows\System\sBVhQOi.exe
  2⤵
  PID:8712
- C:\Windows\System\SoHHUkg.exe
  C:\Windows\System\SoHHUkg.exe
  2⤵
  PID:8728
- C:\Windows\System\RIoMXyE.exe
  C:\Windows\System\RIoMXyE.exe
  2⤵
  PID:8744
- C:\Windows\System\jgSFGqm.exe
  C:\Windows\System\jgSFGqm.exe
  2⤵
  PID:8760
- C:\Windows\System\Efryuud.exe
  C:\Windows\System\Efryuud.exe
  2⤵
  PID:8776
- C:\Windows\System\ayQOgiJ.exe
  C:\Windows\System\ayQOgiJ.exe
  2⤵
  PID:8792
- C:\Windows\System\joSAqfg.exe
  C:\Windows\System\joSAqfg.exe
  2⤵
  PID:8808
- C:\Windows\System\dUTztBL.exe
  C:\Windows\System\dUTztBL.exe
  2⤵
  PID:8824
- C:\Windows\System\vQsmVxE.exe
  C:\Windows\System\vQsmVxE.exe
  2⤵
  PID:8840
- C:\Windows\System\mOrrGHK.exe
  C:\Windows\System\mOrrGHK.exe
  2⤵
  PID:8856
- C:\Windows\System\xcddnvM.exe
  C:\Windows\System\xcddnvM.exe
  2⤵
  PID:8872
- C:\Windows\System\CxyyRZY.exe
  C:\Windows\System\CxyyRZY.exe
  2⤵
  PID:8888
- C:\Windows\System\dMMqCbl.exe
  C:\Windows\System\dMMqCbl.exe
  2⤵
  PID:8904
- C:\Windows\System\PXpuEay.exe
  C:\Windows\System\PXpuEay.exe
  2⤵
  PID:8920
- C:\Windows\System\PVgHTFy.exe
  C:\Windows\System\PVgHTFy.exe
  2⤵
  PID:8936
- C:\Windows\System\rLLPNTY.exe
  C:\Windows\System\rLLPNTY.exe
  2⤵
  PID:8952
- C:\Windows\System\XwSBxkW.exe
  C:\Windows\System\XwSBxkW.exe
  2⤵
  PID:8968
- C:\Windows\System\scmfQhY.exe
  C:\Windows\System\scmfQhY.exe
  2⤵
  PID:8992
- C:\Windows\System\mSyBkCq.exe
  C:\Windows\System\mSyBkCq.exe
  2⤵
  PID:9036
- C:\Windows\System\OGDRjkj.exe
  C:\Windows\System\OGDRjkj.exe
  2⤵
  PID:9052
- C:\Windows\System\YUEuqzf.exe
  C:\Windows\System\YUEuqzf.exe
  2⤵
  PID:9072
- C:\Windows\System\PmLyxMI.exe
  C:\Windows\System\PmLyxMI.exe
  2⤵
  PID:9088
- C:\Windows\System\phEACCL.exe
  C:\Windows\System\phEACCL.exe
  2⤵
  PID:9108
- C:\Windows\System\juYYtER.exe
  C:\Windows\System\juYYtER.exe
  2⤵
  PID:9140
- C:\Windows\System\RfVPDRk.exe
  C:\Windows\System\RfVPDRk.exe
  2⤵
  PID:9156
- C:\Windows\System\vFsXFaZ.exe
  C:\Windows\System\vFsXFaZ.exe
  2⤵
  PID:9176
- C:\Windows\System\fyttfZJ.exe
  C:\Windows\System\fyttfZJ.exe
  2⤵
  PID:9192
- C:\Windows\System\Kzrnecs.exe
  C:\Windows\System\Kzrnecs.exe
  2⤵
  PID:480
- C:\Windows\System\llwpGuO.exe
  C:\Windows\System\llwpGuO.exe
  2⤵
  PID:4000
- C:\Windows\System\PYcJxIn.exe
  C:\Windows\System\PYcJxIn.exe
  2⤵
  PID:7796
- C:\Windows\System\aFSFStO.exe
  C:\Windows\System\aFSFStO.exe
  2⤵
  PID:3000
- C:\Windows\System\kDPyoPG.exe
  C:\Windows\System\kDPyoPG.exe
  2⤵
  PID:7440
- C:\Windows\System\uEJdOlf.exe
  C:\Windows\System\uEJdOlf.exe
  2⤵
  PID:7532
- C:\Windows\System\AuBKgow.exe
  C:\Windows\System\AuBKgow.exe
  2⤵
  PID:5732
- C:\Windows\System\cVpzBPH.exe
  C:\Windows\System\cVpzBPH.exe
  2⤵
  PID:7900
- C:\Windows\System\bFYJJmN.exe
  C:\Windows\System\bFYJJmN.exe
  2⤵
  PID:7212
- C:\Windows\System\JBWLsBw.exe
  C:\Windows\System\JBWLsBw.exe
  2⤵
  PID:8200
- C:\Windows\System\SISVcNR.exe
  C:\Windows\System\SISVcNR.exe
  2⤵
  PID:8276
- C:\Windows\System\kELEPiD.exe
  C:\Windows\System\kELEPiD.exe
  2⤵
  PID:2832
- C:\Windows\System\vmlAtFQ.exe
  C:\Windows\System\vmlAtFQ.exe
  2⤵
  PID:8316
- C:\Windows\System\khJlzuw.exe
  C:\Windows\System\khJlzuw.exe
  2⤵
  PID:2428
- C:\Windows\System\vMkqGov.exe
  C:\Windows\System\vMkqGov.exe
  2⤵
  PID:8340
- C:\Windows\System\RTGVElQ.exe
  C:\Windows\System\RTGVElQ.exe
  2⤵
  PID:8428
- C:\Windows\System\Vhvzsqf.exe
  C:\Windows\System\Vhvzsqf.exe
  2⤵
  PID:1760
- C:\Windows\System\CVnzMFw.exe
  C:\Windows\System\CVnzMFw.exe
  2⤵
  PID:8468
- C:\Windows\System\JJAQCMD.exe
  C:\Windows\System\JJAQCMD.exe
  2⤵
  PID:8368
- C:\Windows\System\dukHTlK.exe
  C:\Windows\System\dukHTlK.exe
  2⤵
  PID:7172
- C:\Windows\System\DthlVVV.exe
  C:\Windows\System\DthlVVV.exe
  2⤵
  PID:8480
- C:\Windows\System\bzOEcca.exe
  C:\Windows\System\bzOEcca.exe
  2⤵
  PID:8496
- C:\Windows\System\SQPXxVr.exe
  C:\Windows\System\SQPXxVr.exe
  2⤵
  PID:8768
- C:\Windows\System\UKgruMn.exe
  C:\Windows\System\UKgruMn.exe
  2⤵
  PID:8832
- C:\Windows\System\RZJmkRW.exe
  C:\Windows\System\RZJmkRW.exe
  2⤵
  PID:8928
- C:\Windows\System\SKXfEUG.exe
  C:\Windows\System\SKXfEUG.exe
  2⤵
  PID:8852
- C:\Windows\System\WSDjvqi.exe
  C:\Windows\System\WSDjvqi.exe
  2⤵
  PID:8692
- C:\Windows\System\qiLvSbA.exe
  C:\Windows\System\qiLvSbA.exe
  2⤵
  PID:8752
- C:\Windows\System\eOKvgvN.exe
  C:\Windows\System\eOKvgvN.exe
  2⤵
  PID:8944
- C:\Windows\System\LxjdkkS.exe
  C:\Windows\System\LxjdkkS.exe
  2⤵
  PID:8984
- C:\Windows\System\JhSybaw.exe
  C:\Windows\System\JhSybaw.exe
  2⤵
  PID:9024
- C:\Windows\System\zdycnLQ.exe
  C:\Windows\System\zdycnLQ.exe
  2⤵
  PID:9096
- C:\Windows\System\xIQszTw.exe
  C:\Windows\System\xIQszTw.exe
  2⤵
  PID:9184
- C:\Windows\System\rZTwcMp.exe
  C:\Windows\System\rZTwcMp.exe
  2⤵
  PID:8048
- C:\Windows\System\TypGQDu.exe
  C:\Windows\System\TypGQDu.exe
  2⤵
  PID:9164
- C:\Windows\System\gcLSMob.exe
  C:\Windows\System\gcLSMob.exe
  2⤵
  PID:9124
- C:\Windows\System\bEmjepJ.exe
  C:\Windows\System\bEmjepJ.exe
  2⤵
  PID:9048
- C:\Windows\System\qkJbzjM.exe
  C:\Windows\System\qkJbzjM.exe
  2⤵
  PID:9208
- C:\Windows\System\UdcKWrW.exe
  C:\Windows\System\UdcKWrW.exe
  2⤵
  PID:8088
- C:\Windows\System\PQjLHdt.exe
  C:\Windows\System\PQjLHdt.exe
  2⤵
  PID:6556
- C:\Windows\System\DAvDkcV.exe
  C:\Windows\System\DAvDkcV.exe
  2⤵
  PID:7676
- C:\Windows\System\tIJivUn.exe
  C:\Windows\System\tIJivUn.exe
  2⤵
  PID:7736
- C:\Windows\System\joAjToF.exe
  C:\Windows\System\joAjToF.exe
  2⤵
  PID:7052
- C:\Windows\System\xhHMWsQ.exe
  C:\Windows\System\xhHMWsQ.exe
  2⤵
  PID:7772
- C:\Windows\System\hZYVnYh.exe
  C:\Windows\System\hZYVnYh.exe
  2⤵
  PID:8240
- C:\Windows\System\ANqeVlN.exe
  C:\Windows\System\ANqeVlN.exe
  2⤵
  PID:8296
- C:\Windows\System\kCThmeX.exe
  C:\Windows\System\kCThmeX.exe
  2⤵
  PID:2148
- C:\Windows\System\UUgWWDl.exe
  C:\Windows\System\UUgWWDl.exe
  2⤵
  PID:8392
- C:\Windows\System\xlxEERp.exe
  C:\Windows\System\xlxEERp.exe
  2⤵
  PID:8412
- C:\Windows\System\LFIFXHR.exe
  C:\Windows\System\LFIFXHR.exe
  2⤵
  PID:8360
- C:\Windows\System\beVHhrS.exe
  C:\Windows\System\beVHhrS.exe
  2⤵
  PID:8408
- C:\Windows\System\WGREDrm.exe
  C:\Windows\System\WGREDrm.exe
  2⤵
  PID:8704
- C:\Windows\System\jlwJpwj.exe
  C:\Windows\System\jlwJpwj.exe
  2⤵
  PID:8740
- C:\Windows\System\TaTKHqF.exe
  C:\Windows\System\TaTKHqF.exe
  2⤵
  PID:8868
- C:\Windows\System\KwwmyST.exe
  C:\Windows\System\KwwmyST.exe
  2⤵
  PID:8880
- C:\Windows\System\VTOxsEM.exe
  C:\Windows\System\VTOxsEM.exe
  2⤵
  PID:8756
- C:\Windows\System\mViwmVs.exe
  C:\Windows\System\mViwmVs.exe
  2⤵
  PID:8964
- C:\Windows\System\ezIMVKw.exe
  C:\Windows\System\ezIMVKw.exe
  2⤵
  PID:9028
- C:\Windows\System\xihlePa.exe
  C:\Windows\System\xihlePa.exe
  2⤵
  PID:9128
- C:\Windows\System\DmTkych.exe
  C:\Windows\System\DmTkych.exe
  2⤵
  PID:7516
- C:\Windows\System\uIyhzOU.exe
  C:\Windows\System\uIyhzOU.exe
  2⤵
  PID:9116
- C:\Windows\System\mvwXzrH.exe
  C:\Windows\System\mvwXzrH.exe
  2⤵
  PID:2500
- C:\Windows\System\kPUclun.exe
  C:\Windows\System\kPUclun.exe
  2⤵
  PID:7556
- C:\Windows\System\YSZeZfa.exe
  C:\Windows\System\YSZeZfa.exe
  2⤵
  PID:7388
- C:\Windows\System\ufBeiDU.exe
  C:\Windows\System\ufBeiDU.exe
  2⤵
  PID:8308
- C:\Windows\System\AKbbdQB.exe
  C:\Windows\System\AKbbdQB.exe
  2⤵
  PID:8324
- C:\Windows\System\vsdTqZl.exe
  C:\Windows\System\vsdTqZl.exe
  2⤵
  PID:268
- C:\Windows\System\UFQQVwP.exe
  C:\Windows\System\UFQQVwP.exe
  2⤵
  PID:8452
- C:\Windows\System\gjNeRhn.exe
  C:\Windows\System\gjNeRhn.exe
  2⤵
  PID:8512
- C:\Windows\System\oqMLqGy.exe
  C:\Windows\System\oqMLqGy.exe
  2⤵
  PID:8600
- C:\Windows\System\UsOvWRr.exe
  C:\Windows\System\UsOvWRr.exe
  2⤵
  PID:1480
- C:\Windows\System\IlvqbzJ.exe
  C:\Windows\System\IlvqbzJ.exe
  2⤵
  PID:8672
- C:\Windows\System\ZarNDXB.exe
  C:\Windows\System\ZarNDXB.exe
  2⤵
  PID:2480
- C:\Windows\System\BUSyarx.exe
  C:\Windows\System\BUSyarx.exe
  2⤵
  PID:8804
- C:\Windows\System\WsEtQSE.exe
  C:\Windows\System\WsEtQSE.exe
  2⤵
  PID:8916
- C:\Windows\System\QbdOKQQ.exe
  C:\Windows\System\QbdOKQQ.exe
  2⤵
  PID:8676
- C:\Windows\System\IXyHJVr.exe
  C:\Windows\System\IXyHJVr.exe
  2⤵
  PID:8980
- C:\Windows\System\bLIvyoq.exe
  C:\Windows\System\bLIvyoq.exe
  2⤵
  PID:9068
- C:\Windows\System\dbeMDLU.exe
  C:\Windows\System\dbeMDLU.exe
  2⤵
  PID:8220
- C:\Windows\System\nxjMrBQ.exe
  C:\Windows\System\nxjMrBQ.exe
  2⤵
  PID:9132
- C:\Windows\System\cclVMqY.exe
  C:\Windows\System\cclVMqY.exe
  2⤵
  PID:7396
- C:\Windows\System\Bjbijiw.exe
  C:\Windows\System\Bjbijiw.exe
  2⤵
  PID:8184
- C:\Windows\System\CFoFFuI.exe
  C:\Windows\System\CFoFFuI.exe
  2⤵
  PID:1812
- C:\Windows\System\MGsYLfF.exe
  C:\Windows\System\MGsYLfF.exe
  2⤵
  PID:8312
- C:\Windows\System\apfyNGG.exe
  C:\Windows\System\apfyNGG.exe
  2⤵
  PID:8652
- C:\Windows\System\gUygnym.exe
  C:\Windows\System\gUygnym.exe
  2⤵
  PID:8708
- C:\Windows\System\hSFHDAg.exe
  C:\Windows\System\hSFHDAg.exe
  2⤵
  PID:8636
- C:\Windows\System\wTfQNPq.exe
  C:\Windows\System\wTfQNPq.exe
  2⤵
  PID:8008
- C:\Windows\System\Iihntgw.exe
  C:\Windows\System\Iihntgw.exe
  2⤵
  PID:8332
- C:\Windows\System\zXhsbeh.exe
  C:\Windows\System\zXhsbeh.exe
  2⤵
  PID:3028
- C:\Windows\System\TsrpUEz.exe
  C:\Windows\System\TsrpUEz.exe
  2⤵
  PID:2268
- C:\Windows\System\vcmRKfz.exe
  C:\Windows\System\vcmRKfz.exe
  2⤵
  PID:324
- C:\Windows\System\bQbosim.exe
  C:\Windows\System\bQbosim.exe
  2⤵
  PID:9152
- C:\Windows\System\aScXsMn.exe
  C:\Windows\System\aScXsMn.exe
  2⤵
  PID:1832
- C:\Windows\System\uKVfpqx.exe
  C:\Windows\System\uKVfpqx.exe
  2⤵
  PID:1684
- C:\Windows\System\cazHVFx.exe
  C:\Windows\System\cazHVFx.exe
  2⤵
  PID:8668
- C:\Windows\System\pHJGJGr.exe
  C:\Windows\System\pHJGJGr.exe
  2⤵
  PID:8784
- C:\Windows\System\kCSmljx.exe
  C:\Windows\System\kCSmljx.exe
  2⤵
  PID:8900
- C:\Windows\System\lLGcIFE.exe
  C:\Windows\System\lLGcIFE.exe
  2⤵
  PID:2392
- C:\Windows\System\PzfhgHf.exe
  C:\Windows\System\PzfhgHf.exe
  2⤵
  PID:8336
- C:\Windows\System\SqfWrCJ.exe
  C:\Windows\System\SqfWrCJ.exe
  2⤵
  PID:8912
- C:\Windows\System\ARrRkQT.exe
  C:\Windows\System\ARrRkQT.exe
  2⤵
  PID:8864
- C:\Windows\System\Frasraf.exe
  C:\Windows\System\Frasraf.exe
  2⤵
  PID:9224
- C:\Windows\System\ZnFQUCr.exe
  C:\Windows\System\ZnFQUCr.exe
  2⤵
  PID:9244
- C:\Windows\System\finlBrr.exe
  C:\Windows\System\finlBrr.exe
  2⤵
  PID:9264
- C:\Windows\System\hVPXWZn.exe
  C:\Windows\System\hVPXWZn.exe
  2⤵
  PID:9280
- C:\Windows\System\GHLhvZe.exe
  C:\Windows\System\GHLhvZe.exe
  2⤵
  PID:9296
- C:\Windows\System\EVZgwIX.exe
  C:\Windows\System\EVZgwIX.exe
  2⤵
  PID:9312
- C:\Windows\System\fBkNewF.exe
  C:\Windows\System\fBkNewF.exe
  2⤵
  PID:9348
- C:\Windows\System\VQiWkth.exe
  C:\Windows\System\VQiWkth.exe
  2⤵
  PID:9364
- C:\Windows\System\mPsWpin.exe
  C:\Windows\System\mPsWpin.exe
  2⤵
  PID:9380
- C:\Windows\System\SnLoFdw.exe
  C:\Windows\System\SnLoFdw.exe
  2⤵
  PID:9396
- C:\Windows\System\YHmCpow.exe
  C:\Windows\System\YHmCpow.exe
  2⤵
  PID:9412
- C:\Windows\System\EbIZBma.exe
  C:\Windows\System\EbIZBma.exe
  2⤵
  PID:9428
- C:\Windows\System\mOlwzFg.exe
  C:\Windows\System\mOlwzFg.exe
  2⤵
  PID:9444
- C:\Windows\System\iqEgAJi.exe
  C:\Windows\System\iqEgAJi.exe
  2⤵
  PID:9460
- C:\Windows\System\xPAgxXL.exe
  C:\Windows\System\xPAgxXL.exe
  2⤵
  PID:9476
- C:\Windows\System\VddyUkw.exe
  C:\Windows\System\VddyUkw.exe
  2⤵
  PID:9492
- C:\Windows\System\UaDvIwm.exe
  C:\Windows\System\UaDvIwm.exe
  2⤵
  PID:9508
- C:\Windows\System\CPJndBY.exe
  C:\Windows\System\CPJndBY.exe
  2⤵
  PID:9524
- C:\Windows\System\TPfijqE.exe
  C:\Windows\System\TPfijqE.exe
  2⤵
  PID:9588
- C:\Windows\System\uOcDQTS.exe
  C:\Windows\System\uOcDQTS.exe
  2⤵
  PID:9608
- C:\Windows\System\dfSWzYK.exe
  C:\Windows\System\dfSWzYK.exe
  2⤵
  PID:9624
- C:\Windows\System\aNPQVfy.exe
  C:\Windows\System\aNPQVfy.exe
  2⤵
  PID:9648
- C:\Windows\System\RevqmOu.exe
  C:\Windows\System\RevqmOu.exe
  2⤵
  PID:9668
- C:\Windows\System\AyunaRO.exe
  C:\Windows\System\AyunaRO.exe
  2⤵
  PID:9692
- C:\Windows\System\uvGAsnY.exe
  C:\Windows\System\uvGAsnY.exe
  2⤵
  PID:9712
- C:\Windows\System\EJgsLoW.exe
  C:\Windows\System\EJgsLoW.exe
  2⤵
  PID:9728
- C:\Windows\System\flQluJO.exe
  C:\Windows\System\flQluJO.exe
  2⤵
  PID:9752
- C:\Windows\System\ynxKpki.exe
  C:\Windows\System\ynxKpki.exe
  2⤵
  PID:9768
- C:\Windows\System\VZSRcvc.exe
  C:\Windows\System\VZSRcvc.exe
  2⤵
  PID:9788
- C:\Windows\System\QDGHKLv.exe
  C:\Windows\System\QDGHKLv.exe
  2⤵
  PID:9808
- C:\Windows\System\DjoUjhK.exe
  C:\Windows\System\DjoUjhK.exe
  2⤵
  PID:9824
- C:\Windows\System\GeBsUXs.exe
  C:\Windows\System\GeBsUXs.exe
  2⤵
  PID:9840
- C:\Windows\System\MgZSZKm.exe
  C:\Windows\System\MgZSZKm.exe
  2⤵
  PID:9860
- C:\Windows\System\uoSbSJE.exe
  C:\Windows\System\uoSbSJE.exe
  2⤵
  PID:9876
- C:\Windows\System\dRDNmcl.exe
  C:\Windows\System\dRDNmcl.exe
  2⤵
  PID:9892
- C:\Windows\System\IXGWlWr.exe
  C:\Windows\System\IXGWlWr.exe
  2⤵
  PID:9912
- C:\Windows\System\MshpcZc.exe
  C:\Windows\System\MshpcZc.exe
  2⤵
  PID:9928
- C:\Windows\System\BTwPjnl.exe
  C:\Windows\System\BTwPjnl.exe
  2⤵
  PID:9944
- C:\Windows\System\kwusCfg.exe
  C:\Windows\System\kwusCfg.exe
  2⤵
  PID:9960
- C:\Windows\System\XTUskHN.exe
  C:\Windows\System\XTUskHN.exe
  2⤵
  PID:9976
- C:\Windows\System\jAGYwHQ.exe
  C:\Windows\System\jAGYwHQ.exe
  2⤵
  PID:9992
- C:\Windows\System\omwZbGC.exe
  C:\Windows\System\omwZbGC.exe
  2⤵
  PID:10008
- C:\Windows\System\EtVTfxf.exe
  C:\Windows\System\EtVTfxf.exe
  2⤵
  PID:10024
- C:\Windows\System\XNqeDWb.exe
  C:\Windows\System\XNqeDWb.exe
  2⤵
  PID:10040
- C:\Windows\System\LVDHiqn.exe
  C:\Windows\System\LVDHiqn.exe
  2⤵
  PID:10056
- C:\Windows\System\cVJLOdl.exe
  C:\Windows\System\cVJLOdl.exe
  2⤵
  PID:10072
- C:\Windows\System\gmaMlkJ.exe
  C:\Windows\System\gmaMlkJ.exe
  2⤵
  PID:10088
- C:\Windows\System\WGrktQR.exe
  C:\Windows\System\WGrktQR.exe
  2⤵
  PID:10104
- C:\Windows\System\SxaKksp.exe
  C:\Windows\System\SxaKksp.exe
  2⤵
  PID:10120
- C:\Windows\System\mQvyQJy.exe
  C:\Windows\System\mQvyQJy.exe
  2⤵
  PID:10136
- C:\Windows\System\TBriKLe.exe
  C:\Windows\System\TBriKLe.exe
  2⤵
  PID:10152
- C:\Windows\System\eovefKW.exe
  C:\Windows\System\eovefKW.exe
  2⤵
  PID:10168
- C:\Windows\System\OPmkKga.exe
  C:\Windows\System\OPmkKga.exe
  2⤵
  PID:10188
- C:\Windows\System\wgbiYUO.exe
  C:\Windows\System\wgbiYUO.exe
  2⤵
  PID:10204
- C:\Windows\System\jecORfM.exe
  C:\Windows\System\jecORfM.exe
  2⤵
  PID:10220
- C:\Windows\System\qqigSVn.exe
  C:\Windows\System\qqigSVn.exe
  2⤵
  PID:10236
- C:\Windows\System\TmWChrS.exe
  C:\Windows\System\TmWChrS.exe
  2⤵
  PID:8432
- C:\Windows\System\fcgsDBn.exe
  C:\Windows\System\fcgsDBn.exe
  2⤵
  PID:9232
- C:\Windows\System\nJzcJlS.exe
  C:\Windows\System\nJzcJlS.exe
  2⤵
  PID:8292
- C:\Windows\System\DTpejQL.exe
  C:\Windows\System\DTpejQL.exe
  2⤵
  PID:9252
- C:\Windows\System\QXyrwIZ.exe
  C:\Windows\System\QXyrwIZ.exe
  2⤵
  PID:9292
- C:\Windows\System\CMZvDec.exe
  C:\Windows\System\CMZvDec.exe
  2⤵
  PID:9336
- C:\Windows\System\FULSltS.exe
  C:\Windows\System\FULSltS.exe
  2⤵
  PID:9376
- C:\Windows\System\bpTRPxJ.exe
  C:\Windows\System\bpTRPxJ.exe
  2⤵
  PID:9272
- C:\Windows\System\Uoydytn.exe
  C:\Windows\System\Uoydytn.exe
  2⤵
  PID:9356
- C:\Windows\System\Ergdqlv.exe
  C:\Windows\System\Ergdqlv.exe
  2⤵
  PID:9468
- C:\Windows\System\xTQakuN.exe
  C:\Windows\System\xTQakuN.exe
  2⤵
  PID:9420
- C:\Windows\System\TehVRws.exe
  C:\Windows\System\TehVRws.exe
  2⤵
  PID:9484
- C:\Windows\System\EdWNADJ.exe
  C:\Windows\System\EdWNADJ.exe
  2⤵
  PID:9520
- C:\Windows\System\vLZfxtG.exe
  C:\Windows\System\vLZfxtG.exe
  2⤵
  PID:9568
- C:\Windows\System\cuTexvr.exe
  C:\Windows\System\cuTexvr.exe
  2⤵
  PID:9540
- C:\Windows\System\DBDlFeJ.exe
  C:\Windows\System\DBDlFeJ.exe
  2⤵
  PID:9560
- C:\Windows\System\lDayPZr.exe
  C:\Windows\System\lDayPZr.exe
  2⤵
  PID:9600
- C:\Windows\System\FTWXBCt.exe
  C:\Windows\System\FTWXBCt.exe
  2⤵
  PID:9660
- C:\Windows\System\IPNnCAQ.exe
  C:\Windows\System\IPNnCAQ.exe
  2⤵
  PID:9704
- C:\Windows\System\HtDevTm.exe
  C:\Windows\System\HtDevTm.exe
  2⤵
  PID:9748
- C:\Windows\System\ENQHVmY.exe
  C:\Windows\System\ENQHVmY.exe
  2⤵
  PID:9816
- C:\Windows\System\DIwHRPF.exe
  C:\Windows\System\DIwHRPF.exe
  2⤵
  PID:9856
- C:\Windows\System\OVIlypN.exe
  C:\Windows\System\OVIlypN.exe
  2⤵
  PID:9956
- C:\Windows\System\zfRCPqP.exe
  C:\Windows\System\zfRCPqP.exe
  2⤵
  PID:10048
- C:\Windows\System\HLpcHxd.exe
  C:\Windows\System\HLpcHxd.exe
  2⤵
  PID:10112
- C:\Windows\System\lYIiGsB.exe
  C:\Windows\System\lYIiGsB.exe
  2⤵
  PID:9640
- C:\Windows\System\YnxjTfE.exe
  C:\Windows\System\YnxjTfE.exe
  2⤵
  PID:9800
- C:\Windows\System\gJoQczF.exe
  C:\Windows\System\gJoQczF.exe
  2⤵
  PID:9900
- C:\Windows\System\UnTnVrv.exe
  C:\Windows\System\UnTnVrv.exe
  2⤵
  PID:9804
- C:\Windows\System\FKQabuf.exe
  C:\Windows\System\FKQabuf.exe
  2⤵
  PID:9872
- C:\Windows\System\RgMUpNt.exe
  C:\Windows\System\RgMUpNt.exe
  2⤵
  PID:9968
- C:\Windows\System\uvhhAsg.exe
  C:\Windows\System\uvhhAsg.exe
  2⤵
  PID:10032
- C:\Windows\System\AeBbxvR.exe
  C:\Windows\System\AeBbxvR.exe
  2⤵
  PID:10096
- C:\Windows\System\DxPAWDT.exe
  C:\Windows\System\DxPAWDT.exe
  2⤵
  PID:10196
- C:\Windows\System\UaFOTsF.exe
  C:\Windows\System\UaFOTsF.exe
  2⤵
  PID:9456
- C:\Windows\System\vwgvZSB.exe
  C:\Windows\System\vwgvZSB.exe
  2⤵
  PID:9548
- C:\Windows\System\uaOxXQl.exe
  C:\Windows\System\uaOxXQl.exe
  2⤵
  PID:9288
- C:\Windows\System\fzDpOmA.exe
  C:\Windows\System\fzDpOmA.exe
  2⤵
  PID:9304
- C:\Windows\System\scpHhbe.exe
  C:\Windows\System\scpHhbe.exe
  2⤵
  PID:9516
- C:\Windows\System\lpoABwC.exe
  C:\Windows\System\lpoABwC.exe
  2⤵
  PID:9576
- C:\Windows\System\tVtBQMQ.exe
  C:\Windows\System\tVtBQMQ.exe
  2⤵
  PID:9784
- C:\Windows\System\vQndyiA.exe
  C:\Windows\System\vQndyiA.exe
  2⤵
  PID:9656
- C:\Windows\System\cjFnBRN.exe
  C:\Windows\System\cjFnBRN.exe
  2⤵
  PID:9852
- C:\Windows\System\VuNKgIT.exe
  C:\Windows\System\VuNKgIT.exe
  2⤵
  PID:9952
- C:\Windows\System\StSPhnW.exe
  C:\Windows\System\StSPhnW.exe
  2⤵
  PID:10080
- C:\Windows\System\vGBfkiC.exe
  C:\Windows\System\vGBfkiC.exe
  2⤵
  PID:9760
- C:\Windows\System\bJNdPvW.exe
  C:\Windows\System\bJNdPvW.exe
  2⤵
  PID:10148
- C:\Windows\System\rWfItZn.exe
  C:\Windows\System\rWfItZn.exe
  2⤵
  PID:9688
- C:\Windows\System\LToEzev.exe
  C:\Windows\System\LToEzev.exe
  2⤵
  PID:10068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CmFROpd.exe

Filesize
6.0MB

MD5
24e1ee319ef422554ff6381be8d7ec42

SHA1
14603585a18b7b39cbe1961b500aec73ee814ad5

SHA256
3974ffe00949dc60c008355c7b93c8a70c736c41e861f70cfb636024c7e68363

SHA512
8202de66ca05687f17dfe1ec787f422dd88cd48d08b2e6af718ed7c2773a41414c6d1615c49cb2cc86902c91d62e61cf69a614cbb0f16b8bbf3ba3090c5eaf5c

Download Submit
C:\Windows\system\EIwiGBu.exe

Filesize
6.0MB

MD5
7ef50c5b13da06e8a5906f40c7a30b84

SHA1
d3bc5f7234e42ea84f4ea6cc2f842178030405aa

SHA256
856533c2faaff8d8bcc65da92b14c8bbf35e4098301944fdb0742c7ab0c7d32e

SHA512
e2f8071dedf3811093119014215b62b31bd052c3039a37ceecba5180f70f740af0fa2249b73cd2ae16c74889e89e9625e1d320755b0c0733548387603e27bffb

Download Submit
C:\Windows\system\FhAEGIj.exe

Filesize
6.0MB

MD5
c3b558f1aee806494810cda3f389f447

SHA1
62b99900ae578a665a2a21905b921308409571bc

SHA256
7b26477f9d4bd9412100a2939089613e6c57f616c995aa26efd04a46f8f19b34

SHA512
49de0a0422c8931d30da6df1f19d1f558e7de8ef8a86dd7ed17d913a8293fbac4b6fd0c09b22dc4be178dd4abb3034f27b75d2adc2183d0f339da48ecaed2b32

Download Submit
C:\Windows\system\JVJesCj.exe

Filesize
6.0MB

MD5
4d6e1f4cd9d859895ca1e56c9de631ce

SHA1
aaccbc3901ce8439338b80533cd529f3a52982f1

SHA256
c8c1bff0f8e02df527335f103bd002235fc4573de6b96fd95a79a980e2b7446d

SHA512
57379bab4cfab68eb29f8d23c911da9bb9c7afd8a656781e387f0269dd435cc4365e2e0ac27a84d0cc86d66eb1a7191e3e3d9d9049258c35fcf3cac4a3afc7ed

Download Submit
C:\Windows\system\KPSewAi.exe

Filesize
6.0MB

MD5
65ee458b4cbde34e8968e269c083ad2d

SHA1
5de6a53428f4b07ca275fa680294e94e9986dfc5

SHA256
09b858b34dae8ee360b31f5bf5bab60e19497458f603fab68ca694634b97d208

SHA512
c7163a6a8202a550b262d2d5992d3665469bf58bf5265f739712db64698b360e57011daa6f8102d065ad37a8975593cb8ecdb2485a063e0adb7abbbdd0cce70b

Download Submit
C:\Windows\system\LZYxSyh.exe

Filesize
6.0MB

MD5
26a75b1f4a4b69e4297439ffcdd76a88

SHA1
68154b73274e963ae8cfa72d34dce6022d93c43e

SHA256
5dbd552c08282e786676956028afc2ed5899459cd2721299149a2bccce6ac454

SHA512
1d7b0fc19c7cef37b1d0e1a4811e073ff9d74cf213e996b5fa697e6fb67132828f207976c6f2be53e9a5d5e01a67f5cc4812d77a230a02e8ba1acb27cfb007a4

Download Submit
C:\Windows\system\MSDFKcl.exe

Filesize
6.0MB

MD5
67c58406742b55017119c43cd0c1ee5b

SHA1
86ed75abe21c48a18b7b7cf7081dfde22ef8f969

SHA256
86c69996877c11135d9bc1eba2734b8e768e3b5a6d60be4833a8b090cd906f79

SHA512
0b49980a557126082311ef98a1174b7527145f931265c5b7731ab92adc690e9ebf8fec9579f32ed2d4ef749361dbd4a25ca3d0d7c62ef0fa9fa433d43e3cbf35

Download Submit
C:\Windows\system\PgjmCFv.exe

Filesize
6.0MB

MD5
d6779b8f6fe091b6df7fc5fc2a3a9692

SHA1
d6b2c6bf6f5a1e4caa74258b71cf2923b0f8eb35

SHA256
c58b02723f49cecc63582ade64189ffcf3c63306018effe9449999b9724d7f9c

SHA512
ed43611fe2640837915257a712b5731668daa9aad8808f66acd27cab124d0d451ffa7d1c390391a59006b212b2a7f1652fccbe3ae93d17dd5758c752a5fee8a0

Download Submit
C:\Windows\system\SZXKBMT.exe

Filesize
6.0MB

MD5
04cd01e1142282f7d244c8210a7d99e9

SHA1
cde0d5418ea0114a6d720778ab73f8e73668ce22

SHA256
d593a54f487fd88e30e97126f7a2dedcefc6afef72f6382ae756d672792a3f08

SHA512
629f4d32b889ef4d6e6c731c66f3c4a55c96411f168da58aaf07a677f62ac43b3f4d028ba106e91fa400973e95263c6c66216f2de388a970312459ef0386dcc6

Download Submit
C:\Windows\system\UGbidEV.exe

Filesize
6.0MB

MD5
5bd2722e3f9211a59519419a9f34bb66

SHA1
07c1b9f83709448a3d9639e63b43b3acfaf172bc

SHA256
e308e257a8c9b98d65bd5697d61e22f7cc888962e2e2d4c3bb9c7e9d57134b18

SHA512
b6c5d49c73dd692ea26c06a98255058a8904b463a510632f2cd2255d30fe557d18170ceb818f7f9ec9cdb3e6adf602ca4d39fea9cfb656b551951ce29240912b

Download Submit
C:\Windows\system\WGXgvKC.exe

Filesize
6.0MB

MD5
288e512387b7d19ae6ab5d0527c58258

SHA1
a7a68d194642e9b33ec2079a14070deebb1e32b2

SHA256
d63bb34353bf85055a69e0976c645999b7c51656fcb351448cd536a61e9cf7ad

SHA512
3bbd1459ce31abbfc5c458f9b48aa2fa223ca9a476b6dec0caeef5bb6cc96a334ef8271fac3d52ea1f8eb0d62bb2e53ab0057381313f1f4af1d6d17e80af419d

Download Submit
C:\Windows\system\WyvkBUf.exe

Filesize
6.0MB

MD5
e3d2a7133577de95b61f0c56ed18f7dd

SHA1
3904e5b5e7a91491f12912dd54af4b1888bd8ef1

SHA256
9bc71568164f587e67b7d667e886a5ffce11d1141b20a68670dfe55b77ab76de

SHA512
63c1914e2321ff0ead9da11ad393ceb5a9c54025c9074077e724ccff29e7e2abe29840f57f77261f12f6f67e3c601f848fe77f3443c64d6b25f2f76bf34d5fa8

Download Submit
C:\Windows\system\XFTLGes.exe

Filesize
6.0MB

MD5
d51cd4935a325b73a2fd68806c87a445

SHA1
8d0cf06efbb471899631a3fb109effba5dc3478e

SHA256
b562ae588088159f46d24a173ed72ed5dceed145b38f114150ee7d5d5e05e888

SHA512
8c3a63632726c78e34760d20dc479e428a684821a65aa0fa841bbeff9cd5dad1b77fdb38942b37ccee7d245cd3db3376a2861207ff6fc5f79d2289a472dcd44a

Download Submit
C:\Windows\system\YDrJYMx.exe

Filesize
6.0MB

MD5
ceba0fde318a295759185c3d9e12c68c

SHA1
a5e5b340a743841970745906e96811bc627e1125

SHA256
d239fc3fc47890a02637f2e9f72d4a7afc158ae7619078c22dcd06aa1df12bda

SHA512
d6a86b37059ca376645b11346760c02d733c1fd320422b2e4b59141b0b49effa14cecc0c8361ea8ba06f18131f20efdf27b3142f3282f3021c42722c8c7ca91c

Download Submit
C:\Windows\system\ZKJXFvS.exe

Filesize
6.0MB

MD5
bc635226526233bc3e4730835f977577

SHA1
faa4179909fde184da53105511f8791e3558d5c4

SHA256
abb392aacec89fe305e266d92a28f1de0297a9ce0c8fe6ce4a90931f6ef031fd

SHA512
db8efc5e1dfc609134b68d15e74d362da2a3954c1dae1287bb11a180c1acb40ba0f4191f60cfff04d59003559c9a7118bbfe0d2057340c7ea242e75b4dd56f15

Download Submit
C:\Windows\system\ZhppVzE.exe

Filesize
6.0MB

MD5
95bf41fe4ed9c2b75e3e670f789e789a

SHA1
6c5d4d655be48e590725a6e28dd401f2d3dc9f5a

SHA256
1ff7ca1c936adbc67eef25968cf98788750e02b0a7779c95e763b592d9107d63

SHA512
5d0df5645c3c13905df58ac984da9039ae1178d6e42abc2e0e590c85f74a75306b79318e0dd8a7bafbe07babcdd756e32c8d1f6ed56872969e4dbff9cf950592

Download Submit
C:\Windows\system\cThcTeF.exe

Filesize
6.0MB

MD5
b4d4ce2ad77ad77de828270fa5b85ae0

SHA1
0cab0062c3816da7c1e1b75b81b444204eb76ee5

SHA256
e643171ec48d4a0a58c5f51e856e2c0ee10b83a07dc5d4b279eea3bea317ed31

SHA512
3fb9ab1c68e104ee4fdf5405ef0ff8b8f78de48866b48c767376f9b24ec12e0aad937a9d218c262f216966b1403f7f5c533bdc3160acff2737355d125c384cdb

Download Submit
C:\Windows\system\dWZDbeT.exe

Filesize
6.0MB

MD5
dc4f67e09671d2f54aef987df296d0c2

SHA1
23c42713069fc67e77a64bb1374dfd274fcf9c86

SHA256
e68a1748e73df084e655f6732370bffc4ce42f48bbbc5e06f2a4b13d0770d3ac

SHA512
1c1145f01e734a43d172686a54ab38d4fe09bda4eedb66efc1f916284b14040398119e87682c9ef32a67865a2592b054648e066ed7f18c444dfc3b0ff8ee3405

Download Submit
C:\Windows\system\juTPzVn.exe

Filesize
6.0MB

MD5
cf216a9141b72064db2d7a1d1b44c78d

SHA1
8b7c0289a41917bd8bcd8a41d02da8c5de8c0581

SHA256
afe8bbb5453e35a0118b5de461073e85b251f3e3e47fd53a0b2a8d87f40f016a

SHA512
12bef1f411cc7f3bdc3289c7933cc51367d649536f44232c9a0827d927b219337a19375175dfa28a7b3629c610e910416fbc01a742d021d2cf26f4dece056164

Download Submit
C:\Windows\system\kqYYvpy.exe

Filesize
6.0MB

MD5
1544f6d9a9d6f24668fdf75e1870a788

SHA1
a9470d13bbfe86b53dd67f8c73c1f7230aa83a67

SHA256
b34143eb7f4f44271a48f43591c0a0fe8d7847522fdcd5ecf7154cf45813cbeb

SHA512
3b26fd0aa8cec335b5f4e00255cd385c642646e3f54a7aee2cf5d4b6fa13850b75ac4892f42bee386dc76f5136194ab97242695e7248ee2c00578ca1267b5124

Download Submit
C:\Windows\system\oRilXoY.exe

Filesize
6.0MB

MD5
f40b97a72937f5a60bdcc807129b7e4a

SHA1
fc5ec3af055c3ee83b1357a42f0313d5fd854eb6

SHA256
3b7f54a351082215d64a8185fc6787210d011649c9beb0b92779346be5b608e6

SHA512
1988e463f11e93a8e95c6cf25e1f9559113a8e609e381ac465d6373196898f2ac71eb22ebfa4a8944df3e60888f4a425e985adbf6eb3a3fb2911d17d83a7f692

Download Submit
C:\Windows\system\qDNHukJ.exe

Filesize
6.0MB

MD5
9609e8a0a0a02ea375cdb8d27251a6a6

SHA1
ede9d869369d03f9770801f6a832c17f93917bdd

SHA256
31a45ac14f26cf7fb699a9bdf6146f5964bfda90b8618b33308cc812a5b5fabc

SHA512
7a50ff4957d62ba4787e0dab6be5b078ad1b5a96f4e3caf2ec662f654a2244138d5156a494f55900574cdc9699668c1aec34d9e974ff793952f22ee8a763f4f5

Download Submit
C:\Windows\system\rOrThJa.exe

Filesize
6.0MB

MD5
5e92dbf49343d1ea8e1d6d68478947e7

SHA1
00348643b22fe45d4977fa82a65e38a4bff86d28

SHA256
3c411cabedadddb397f0d9a8b551e97df6f1603cfd9f233197356d8b5756c924

SHA512
c16526532db4bd2d3de5a55790c7592413f80d2b6fd622b6359955d871dfe40e3b16bbc878f1b3ec11495e777dc8b98b4cb33100e7345ebe17f651c7e3668a26

Download Submit
C:\Windows\system\twQoBZP.exe

Filesize
6.0MB

MD5
910ade7a1e8d95439f22e0834b9b2a82

SHA1
135bc969a4f7f07c8f33f3d86c85456c3bb7bd67

SHA256
f4f4f239282b9b780384a706d20109f1c9717fcda3b3a82c08abeb31780bcb09

SHA512
8548cfd65815d864bdf797a6b9a8ae134d3553b0f42f9d04fbb1bb3a7a576a4766fa020ca9595ebb41afa3c8252f39fae0938a8a111ee985722097a6bf38c8f2

Download Submit
C:\Windows\system\xfIlwFW.exe

Filesize
6.0MB

MD5
91a7b2b932d045d9b068774a42ae3f15

SHA1
8e407b4bbe367e7b782c41f6caac173aa8507dfa

SHA256
79aeeec940130153a24dba32af90daf3c6b5f940df075543016f4447d7b06ef2

SHA512
a121d8241fac70232b0c4502c00da685ba22c428df20def108cb20d512d89508bec2df210aec3d179aa12d2c7ebda3f0458fd962d05c57e8e5a32886ae400458

Download Submit
C:\Windows\system\yNByjJm.exe

Filesize
6.0MB

MD5
191d9074b3ad08afa9c509ee0d4fabcc

SHA1
c840e97fd0bffb8474b670e3f871b781873c4eac

SHA256
88cf6df0f3a371d72b6d6bc4fcaf5fe8699c6f42773f595b40d63732d31de387

SHA512
7a1cdd5c31c84d2311303f844017d36f9ec74e324b7cd8418e9da0fb36e0bab849e6a58d52217db145578f4f1e738ce7ac74e09d5c33a21c0b641347e6f12ffe

Download Submit
C:\Windows\system\yPvEjES.exe

Filesize
6.0MB

MD5
74cd38b874141873e0bcb675fcd5825f

SHA1
da04e3a900caaf24d94647f83f1a1981fcc71302

SHA256
a4f1a43f62b95630b1c2c492cb84f2dda2364ad26f39020ff5792fd78b014e61

SHA512
20d2cc42e5cea6b1aa1743bb61abe8e378cf5e993aa244ea7448e86372cea4a38a52cccb770b49fd9f80d6f2dfba2c02a822dfc437997fa6221bffd8fe33bd01

Download Submit
\Windows\system\OuAVcKF.exe

Filesize
6.0MB

MD5
6a858cfe28dd2c4e95b476faf6212ab3

SHA1
2eab8bddce44b80c24cf1022983762186972167c

SHA256
8549ace594c2ba5303a7f1fec9aa311e5a2240eecbad48a730b81f95fd330f7d

SHA512
86319973c9a1cd6b25da779f8ea952b5d65ef0760ef57c2f62bb043f824c5efa89a34b631ccdb86a46c733a336d7a6e5ea8c0600c49e489af3cf288900c238f4

Download Submit
\Windows\system\SvHQIWb.exe

Filesize
6.0MB

MD5
a9ac2bba1b4ae3c9c767dd8d3ff5c516

SHA1
26d552ab030a3bc358b8d43579ecdb0152cd79bb

SHA256
2bfa951d540bab7f8727344343fe9d9b02add0eb6668d85246837276164b433b

SHA512
27e938ff4068334340a6077bcf2917ca993a8de71f48e9af88399a9c9702bbcc2d50633ede00f0c44fcbfb3c89c02dcf922a73559af4645807fed12bfb156fde

Download Submit
\Windows\system\cBkJFCr.exe

Filesize
6.0MB

MD5
c90e156809fd161d89bf82c219fab93f

SHA1
0cafbbab788195cd3c1e8f9858f108284d2490e9

SHA256
279cf416bb02bb7ec34690b08ff03a2b604a366a084c2ad27f52b88989e8a1be

SHA512
5fca0c3e742dc3c40ab9defae68468cd11346fffff65a21500d5939e736baea13412f7af8cc5f9fe0de2934f70888e169b9dac8201df43efeaf05d41457c6053

Download Submit
\Windows\system\dVYcKcj.exe

Filesize
6.0MB

MD5
f000f125c2ce0a6687ff4b5543b997b6

SHA1
59e3781e2358841d3dd4b43cbbd1f738c31ce045

SHA256
25b7ae35f2b7a49592d2cdb8fb6357abb41bfe46f12e0a498986a18870416f93

SHA512
168538e266c0f84cc7fb5aa96804540a1c61a35ae12f6f08ea0f5f697550df219eec6ad555eae43917003a4c9d947a82bdaaf139f1904e67fd1e6993d7ab7f73

Download Submit
\Windows\system\xgSpWJs.exe

Filesize
6.0MB

MD5
d3d0a0b5a3875b0b4765b22b163d86bf

SHA1
69b682fe4789ae59996d0629b186b0684a325e45

SHA256
c8a6b609a3e9b8f87b8a9c4e60e071e544ac7eb9b0c81fff62ff1993bbeaf22b

SHA512
a4cfd3b1aa417f44b198696fd92e824283312ab432a42708040f619a671042670fa58b56ac0260d7dbc65594eec097ff3ad77bdea35850b5260fe60242875f53

Download Submit
memory/1492-3358-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/1492-394-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/1492-73-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/1620-656-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/1620-87-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/1620-3360-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/1856-74-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/1856-481-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/1856-3361-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2200-860-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2200-94-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2200-3431-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-735-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-89-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2408-3432-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2468-51-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2468-3353-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2484-3359-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2484-568-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2564-3342-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2564-22-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2636-36-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2636-3293-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2636-166-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-3357-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2648-14-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2788-41-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-3377-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-35-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2820-3355-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2820-93-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2892-3433-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2892-788-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2892-91-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2932-63-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-50-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2932-30-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2932-20-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2932-39-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2932-0-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2932-86-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2932-78-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2932-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2932-85-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2932-655-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2932-55-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2932-654-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2932-569-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2932-13-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2932-478-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2932-67-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2932-82-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-482-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2932-84-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2984-15-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2984-3262-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download